Merge branch 'dbus-1.14' into 'dbus-1.14'

[1.14.x] Backport more fixes from 1.15.x

See merge request dbus/dbus!393

11 files changed, 63 insertions, 219 deletions

diff --git a/.gitignore b/.gitignore
index 7de60e0b..8be73724 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,6 +21,7 @@
 /libtool
 /m4/libtool.m4
 /m4/lt*.m4
+/m4/pkg.m4
 /stamp-h
 /stamp-h.in
 /stamp-h1
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index a21b3f0f..0142f2c8 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -33,6 +33,9 @@ variables:
   ci_sudo: "yes"
   ci_distro: "debian"
   ci_suite: "bullseye"
+  # Temporarily needed to clean up after dbus/dbus#447
+  GIT_STRATEGY: clone
+
   ###
   # IMPORTANT
   # These are the version tags for the docker images the CI runs against.
@@ -86,8 +89,7 @@ windows amd64 docker:
     # compilers
     - export PATH="/usr/lib/ccache:$PATH"
   script:
-    - chown -R user .
-    - runuser -u user ./tools/ci-build.sh
+    - ./tools/ci-build.sh
 
 production:
   extends: .debian-build
diff --git a/NEWS b/NEWS
index f028116f..15d64778 100644
--- a/NEWS
+++ b/NEWS
@@ -15,9 +15,29 @@ Fixes:
 • Avoid a data race in multi-threaded use of DBusCounter
   (dbus#426, Ralf Habacker)
 
+• Fix a crash with some glibc versions when non-auditable SELinux events
+  are logged (dbus!386, Jeremi Piotrowski)
+
 • If dbus_message_demarshal() runs out of memory while validating a message,
   report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie)
 
+• Use C11 _Alignof if available, for better standards-compliance
+  (dbus!389, Khem Raj)
+
+• Stop including an outdated copy of pkg.m4 in the git tree
+  (dbus!365, Simon McVittie)
+
+• Documentation:
+  · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
+
+• Tests fixes:
+  · Fix the test-apparmor-activation test after dbus#416
+    (dbus!380, Dave Jones)
+
+Internal changes:
+
+• Fix CI builds with recent git versions (dbus#447, Simon McVittie)
+
 dbus 1.14.4 (2022-10-05)
 ========================
 
diff --git a/bus/selinux.c b/bus/selinux.c
index 42017e7a..c3cca7f8 100644
--- a/bus/selinux.c
+++ b/bus/selinux.c
@@ -112,9 +112,6 @@ log_callback (int type, const char *fmt, ...)
      * syslog if OOM, like the equivalent AppArmor code does. */
     char buf[PATH_MAX*2];
 
-    /* FIXME: need to change this to show real user */
-    vsnprintf(buf, sizeof(buf), fmt, ap);
-
     switch (type)
       {
       case SELINUX_AVC:
@@ -137,6 +134,8 @@ log_callback (int type, const char *fmt, ...)
       }
 
     if (audit_type > 0) {
+      /* FIXME: need to change this to show real user */
+      vsnprintf(buf, sizeof(buf), fmt, ap);
       audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL,
                              NULL, getuid());
       goto out;
diff --git a/configure.ac b/configure.ac
index bab83cb5..73c680f6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -750,7 +750,7 @@ AC_ARG_VAR([THREAD_LIBS])
 save_libs="$LIBS"
 LIBS="$LIBS $THREAD_LIBS"
 
-is_missing_pthread_function="is required when compiling D-Bus on Unix platforms, but is not in your libc or libpthread. Please open a bug on https://bugs.freedesktop.org/enter_bug.cgi?product=dbus with details of your platform."
+is_missing_pthread_function="is required when compiling D-Bus on Unix platforms, but is not in your libc or libpthread. Please open a bug on https://gitlab.freedesktop.org/dbus/dbus/-/issues/new with details of your platform."
 
 # Don't do these automatic checks if the user set THREAD_LIBS on the
 # configure command-line. If they did, we assume they're right.
diff --git a/dbus/dbus-internals.h b/dbus/dbus-internals.h
index 3b293b05..739b1b26 100644
--- a/dbus/dbus-internals.h
+++ b/dbus/dbus-internals.h
@@ -201,8 +201,12 @@ void _dbus_real_assert_not_reached (const char *explanation,
     ((intptr_t) ((unsigned char*) &((struct_type*) 0)->member))
 #endif
 
+#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && !defined(__cplusplus)
+#define _DBUS_ALIGNOF(type) _Alignof(type)
+#else
 #define _DBUS_ALIGNOF(type) \
     (_DBUS_STRUCT_OFFSET (struct { char _1; type _2; }, _2))
+#endif
 
 #if defined(DBUS_DISABLE_CHECKS) || defined(DBUS_DISABLE_ASSERT)
 /* this is an assert and not an error, but in the typical --disable-checks case (you're trying
diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c
index 8743589f..6b32df66 100644
--- a/dbus/dbus-sysdeps-unix.c
+++ b/dbus/dbus-sysdeps-unix.c
@@ -2440,7 +2440,7 @@ _dbus_read_credentials_socket  (DBusSocket       client_fd,
 #else /* no supported mechanism */
 
 #warning Socket credentials not supported on this Unix OS
-#warning Please tell https://bugs.freedesktop.org/enter_bug.cgi?product=DBus
+#warning Please tell https://gitlab.freedesktop.org/dbus/dbus/-/issues/new
 
     /* Please add other operating systems known to support at least one of
      * the mechanisms above to this list, keeping alphabetical order.
diff --git a/m4/pkg.m4 b/m4/pkg.m4
deleted file mode 100644
index 64be7479..00000000
--- a/m4/pkg.m4
+++ /dev/null
@@ -1,155 +0,0 @@
-# pkg.m4 - Macros to locate and utilise pkg-config.            -*- Autoconf -*-
-#
-# Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful, but
-# WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-#
-# As a special exception to the GNU General Public License, if you
-# distribute this file as part of a program that contains a
-# configuration script generated by Autoconf, you may include it under
-# the same distribution terms that you use for the rest of that program.
-
-# PKG_PROG_PKG_CONFIG([MIN-VERSION])
-# ----------------------------------
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
-	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
-fi
-if test -n "$PKG_CONFIG"; then
-	_pkg_min_version=m4_default([$1], [0.9.0])
-	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
-	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
-		AC_MSG_RESULT([yes])
-	else
-		AC_MSG_RESULT([no])
-		PKG_CONFIG=""
-	fi
-
-fi[]dnl
-])# PKG_PROG_PKG_CONFIG
-
-# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-#
-# Check to see whether a particular set of modules exists.  Similar
-# to PKG_CHECK_MODULES(), but does not set variables or print errors.
-#
-#
-# Similar to PKG_CHECK_MODULES, make sure that the first instance of
-# this or PKG_CHECK_MODULES is called, or make sure to call
-# PKG_CHECK_EXISTS manually
-# --------------------------------------------------------------
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
-    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
-  m4_ifval([$2], [$2], [:])
-m4_ifvaln([$3], [else
-  $3])dnl
-fi])
-
-
-# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-# ---------------------------------------------
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
-    pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
-    PKG_CHECK_EXISTS([$3],
-                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
-		     [pkg_failed=yes])
- else
-    pkg_failed=untried
-fi[]dnl
-])# _PKG_CONFIG
-
-# _PKG_SHORT_ERRORS_SUPPORTED
-# -----------------------------
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
-else
-        _pkg_short_errors_supported=no
-fi[]dnl
-])# _PKG_SHORT_ERRORS_SUPPORTED
-
-
-# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-# [ACTION-IF-NOT-FOUND])
-#
-#
-# Note that if there is a possibility the first call to
-# PKG_CHECK_MODULES might not happen, you should be sure to include an
-# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-#
-#
-# --------------------------------------------------------------
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $1])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
-        _PKG_SHORT_ERRORS_SUPPORTED
-        if test $_pkg_short_errors_supported = yes; then
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1`
-        else
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
-	ifelse([$4], , [AC_MSG_ERROR(dnl
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT
-])],
-		[AC_MSG_RESULT([no])
-                $4])
-elif test $pkg_failed = untried; then
-	ifelse([$4], , [AC_MSG_FAILURE(dnl
-[The pkg-config script could not be found or is too old.  Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])],
-		[$4])
-else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
-        AC_MSG_RESULT([yes])
-	ifelse([$3], , :, [$3])
-fi[]dnl
-])# PKG_CHECK_MODULES
diff --git a/test/data/dbus-installed-tests.aaprofile.in b/test/data/dbus-installed-tests.aaprofile.in
index 7a65282a..edb793c1 100644
--- a/test/data/dbus-installed-tests.aaprofile.in
+++ b/test/data/dbus-installed-tests.aaprofile.in
@@ -32,6 +32,7 @@
   # We aren't really confining this process seriously; allow most things.
   /** mrix,
   /tmp/dbus-daemon-test.*/{,**} w,
+  /tmp/dbus-* w,
   @{sys}/kernel/security/apparmor/** w,
   dbus (send, receive, bind),
   network,
@@ -44,6 +45,7 @@
     #include <abstractions/base>
 
     /** mrix,
+    /tmp/dbus-* w,
     @{sys}/kernel/security/apparmor/** w,
     dbus (send, receive, bind),
     network,
@@ -62,6 +64,7 @@
     #include <abstractions/base>
 
     /** mrix,
+    /tmp/dbus-* w,
     @{sys}/kernel/security/apparmor/** w,
     dbus,
     network,
@@ -88,6 +91,7 @@
     #include <abstractions/base>
 
     /** mrix,
+    /tmp/dbus-* w,
     @{sys}/kernel/security/apparmor/** w,
     dbus (send, receive, bind),
     network,
diff --git a/tools/ci-build.sh b/tools/ci-build.sh
index f286baa7..a8c6893f 100755
--- a/tools/ci-build.sh
+++ b/tools/ci-build.sh
@@ -82,15 +82,6 @@ init_wine() {
 # Typical values: ubuntu, debian; maybe fedora in future
 : "${ci_distro:=ubuntu}"
 
-# ci_docker:
-# If non-empty, this is the name of a Docker image. ci-install.sh will
-# fetch it with "docker pull" and use it as a base for a new Docker image
-# named "ci-image" in which we will do our testing.
-#
-# If empty, we test on "bare metal".
-# Typical values: ubuntu:xenial, debian:jessie-slim
-: "${ci_docker:=}"
-
 # ci_host:
 # See ci-install.sh
 : "${ci_host:=native}"
@@ -130,23 +121,7 @@ init_wine() {
 # One of static, shared; used for windows cross builds
 : "${ci_runtime:=static}"
 
-echo "ci_buildsys=$ci_buildsys ci_distro=$ci_distro ci_docker=$ci_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_parallel=$ci_parallel ci_suite=$ci_suite ci_test=$ci_test ci_test_fatal=$ci_test_fatal ci_variant=$ci_variant ci_runtime=$ci_runtime $0"
-
-if [ -n "$ci_docker" ]; then
-    exec docker run \
-        --env=ci_buildsys="${ci_buildsys}" \
-        --env=ci_docker="" \
-        --env=ci_host="${ci_host}" \
-        --env=ci_parallel="${ci_parallel}" \
-        --env=ci_sudo=yes \
-        --env=ci_test="${ci_test}" \
-        --env=ci_test_fatal="${ci_test_fatal}" \
-        --env=ci_variant="${ci_variant}" \
-        --env=ci_runtime="${ci_runtime}" \
-        --privileged \
-        ci-image \
-        tools/ci-build.sh
-fi
+echo "ci_buildsys=$ci_buildsys ci_distro=$ci_distro ci_host=$ci_host ci_local_packages=$ci_local_packages ci_parallel=$ci_parallel ci_suite=$ci_suite ci_test=$ci_test ci_test_fatal=$ci_test_fatal ci_variant=$ci_variant ci_runtime=$ci_runtime $0"
 
 maybe_fail_tests () {
     if [ "$ci_test_fatal" = yes ]; then
@@ -339,19 +314,34 @@ case "$ci_buildsys" in
                 maybe_fail_tests
             cat test/test-suite.log || :
 
-            # re-run them with gnome-desktop-testing
+            # Re-run them with gnome-desktop-testing.
+            # Also, one test needs a finite fd limit to be useful, so we
+            # can set that here.
             env LD_LIBRARY_PATH=/usr/local/lib \
+            bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \
             gnome-desktop-testing-runner -d /usr/local/share dbus/ || \
                 maybe_fail_tests
 
-            # these tests benefit from being re-run as root, and one
-            # test needs a finite fd limit to be useful
-            sudo env LD_LIBRARY_PATH=/usr/local/lib \
-            bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \
+            # Some tests benefit from being re-run as non-root, if we were
+            # not already...
+            if [ "$(id -u)" = 0 ] && [ "$ci_in_docker" = yes ]; then
+                sudo -u user \
+                env LD_LIBRARY_PATH=/usr/local/lib \
                 gnome-desktop-testing-runner -d /usr/local/share \
-                dbus/test-dbus-daemon_with_config.test \
-                dbus/test-uid-permissions_with_config.test || \
-                maybe_fail_tests
+                    dbus/test-dbus-daemon_with_config.test \
+                    || maybe_fail_tests
+            fi
+
+            # ... while other tests benefit from being re-run as root, if
+            # we were not already
+            if [ "$(id -u)" != 0 ]; then
+                sudo env LD_LIBRARY_PATH=/usr/local/lib \
+                bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \
+                    gnome-desktop-testing-runner -d /usr/local/share \
+                    dbus/test-dbus-daemon_with_config.test \
+                    dbus/test-uid-permissions_with_config.test || \
+                    maybe_fail_tests
+            fi
         fi
         ;;
 
diff --git a/tools/ci-install.sh b/tools/ci-install.sh
index 7325e4f2..b32bd823 100755
--- a/tools/ci-install.sh
+++ b/tools/ci-install.sh
@@ -32,20 +32,13 @@ NULL=
 # Typical values: ubuntu, debian; maybe fedora in future
 : "${ci_distro:=ubuntu}"
 
-# ci_docker:
-# If non-empty, this is the name of a Docker image. ci-install.sh will
-# fetch it with "docker pull" and use it as a base for a new Docker image
-# named "ci-image" in which we will do our testing.
-: "${ci_docker:=}"
-
 # ci_host:
 # Either "native", or an Autoconf --host argument to cross-compile
 # the package
 : "${ci_host:=native}"
 
 # ci_in_docker:
-# Used internally by ci-install.sh. If yes, we are inside the Docker image
-# (ci_docker is empty in this case).
+# "yes" if we are running inside a Docker image.
 : "${ci_in_docker:=no}"
 
 # ci_local_packages:
@@ -62,7 +55,7 @@ NULL=
 # One of debug, reduced, legacy, production
 : "${ci_variant:=production}"
 
-echo "ci_distro=$ci_distro ci_docker=$ci_docker ci_in_docker=$ci_in_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_suite=$ci_suite ci_variant=$ci_variant $0"
+echo "ci_distro=$ci_distro ci_in_docker=$ci_in_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_suite=$ci_suite ci_variant=$ci_variant $0"
 
 if [ $(id -u) = 0 ]; then
     sudo=
@@ -70,15 +63,6 @@ else
     sudo=sudo
 fi
 
-if [ -n "$ci_docker" ]; then
-    sed \
-        -e "s/@ci_distro@/${ci_distro}/" \
-        -e "s/@ci_docker@/${ci_docker}/" \
-        -e "s/@ci_suite@/${ci_suite}/" \
-        < tools/ci-Dockerfile.in > Dockerfile
-    exec docker build -t ci-image .
-fi
-
 case "$ci_distro" in
     (debian|ubuntu)
         # Don't ask questions, just do it
@@ -228,11 +212,6 @@ if [ "$ci_local_packages" = yes ]; then
                 wget ${mirror}/${filename}
                 tar -C ${dep_prefix} --strip-components=1 -xvf ${filename}
             done
-
-            # limit access rights
-            if [ "$ci_in_docker" = yes ]; then
-                chown -R user "${dep_prefix}"
-            fi
             ;;
     esac
 fi