diff options
author | Simon McVittie <smcv@collabora.com> | 2023-02-08 10:47:08 +0000 |
---|---|---|
committer | Simon McVittie <smcv@collabora.com> | 2023-02-08 10:47:08 +0000 |
commit | 2e42fd18af1982d5a2ac089da06388b83b74f661 (patch) | |
tree | b5eb6bd825229671ec12986f9992b15ce590b2cd | |
parent | c422950a31e2089fddb6924da2d41e22a382347a (diff) | |
parent | e8d25bdcdf76eeabcfe42ad03c75434ad53309f1 (diff) | |
download | dbus-2e42fd18af1982d5a2ac089da06388b83b74f661.tar.gz |
Merge branch 'dbus-1.14' into 'dbus-1.14'
[1.14.x] Backport more fixes from 1.15.x
See merge request dbus/dbus!393
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | .gitlab-ci.yml | 6 | ||||
-rw-r--r-- | NEWS | 20 | ||||
-rw-r--r-- | bus/selinux.c | 5 | ||||
-rw-r--r-- | configure.ac | 2 | ||||
-rw-r--r-- | dbus/dbus-internals.h | 4 | ||||
-rw-r--r-- | dbus/dbus-sysdeps-unix.c | 2 | ||||
-rw-r--r-- | m4/pkg.m4 | 155 | ||||
-rw-r--r-- | test/data/dbus-installed-tests.aaprofile.in | 4 | ||||
-rwxr-xr-x | tools/ci-build.sh | 58 | ||||
-rwxr-xr-x | tools/ci-install.sh | 25 |
11 files changed, 63 insertions, 219 deletions
@@ -21,6 +21,7 @@ /libtool /m4/libtool.m4 /m4/lt*.m4 +/m4/pkg.m4 /stamp-h /stamp-h.in /stamp-h1 diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index a21b3f0f..0142f2c8 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,6 +33,9 @@ variables: ci_sudo: "yes" ci_distro: "debian" ci_suite: "bullseye" + # Temporarily needed to clean up after dbus/dbus#447 + GIT_STRATEGY: clone + ### # IMPORTANT # These are the version tags for the docker images the CI runs against. @@ -86,8 +89,7 @@ windows amd64 docker: # compilers - export PATH="/usr/lib/ccache:$PATH" script: - - chown -R user . - - runuser -u user ./tools/ci-build.sh + - ./tools/ci-build.sh production: extends: .debian-build @@ -15,9 +15,29 @@ Fixes: • Avoid a data race in multi-threaded use of DBusCounter (dbus#426, Ralf Habacker) +• Fix a crash with some glibc versions when non-auditable SELinux events + are logged (dbus!386, Jeremi Piotrowski) + • If dbus_message_demarshal() runs out of memory while validating a message, report it as NoMemory rather than InvalidArgs (dbus#420, Simon McVittie) +• Use C11 _Alignof if available, for better standards-compliance + (dbus!389, Khem Raj) + +• Stop including an outdated copy of pkg.m4 in the git tree + (dbus!365, Simon McVittie) + +• Documentation: + · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan) + +• Tests fixes: + · Fix the test-apparmor-activation test after dbus#416 + (dbus!380, Dave Jones) + +Internal changes: + +• Fix CI builds with recent git versions (dbus#447, Simon McVittie) + dbus 1.14.4 (2022-10-05) ======================== diff --git a/bus/selinux.c b/bus/selinux.c index 42017e7a..c3cca7f8 100644 --- a/bus/selinux.c +++ b/bus/selinux.c @@ -112,9 +112,6 @@ log_callback (int type, const char *fmt, ...) * syslog if OOM, like the equivalent AppArmor code does. */ char buf[PATH_MAX*2]; - /* FIXME: need to change this to show real user */ - vsnprintf(buf, sizeof(buf), fmt, ap); - switch (type) { case SELINUX_AVC: @@ -137,6 +134,8 @@ log_callback (int type, const char *fmt, ...) } if (audit_type > 0) { + /* FIXME: need to change this to show real user */ + vsnprintf(buf, sizeof(buf), fmt, ap); audit_log_user_avc_message(audit_fd, audit_type, buf, NULL, NULL, NULL, getuid()); goto out; diff --git a/configure.ac b/configure.ac index bab83cb5..73c680f6 100644 --- a/configure.ac +++ b/configure.ac @@ -750,7 +750,7 @@ AC_ARG_VAR([THREAD_LIBS]) save_libs="$LIBS" LIBS="$LIBS $THREAD_LIBS" -is_missing_pthread_function="is required when compiling D-Bus on Unix platforms, but is not in your libc or libpthread. Please open a bug on https://bugs.freedesktop.org/enter_bug.cgi?product=dbus with details of your platform." +is_missing_pthread_function="is required when compiling D-Bus on Unix platforms, but is not in your libc or libpthread. Please open a bug on https://gitlab.freedesktop.org/dbus/dbus/-/issues/new with details of your platform." # Don't do these automatic checks if the user set THREAD_LIBS on the # configure command-line. If they did, we assume they're right. diff --git a/dbus/dbus-internals.h b/dbus/dbus-internals.h index 3b293b05..739b1b26 100644 --- a/dbus/dbus-internals.h +++ b/dbus/dbus-internals.h @@ -201,8 +201,12 @@ void _dbus_real_assert_not_reached (const char *explanation, ((intptr_t) ((unsigned char*) &((struct_type*) 0)->member)) #endif +#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L && !defined(__cplusplus) +#define _DBUS_ALIGNOF(type) _Alignof(type) +#else #define _DBUS_ALIGNOF(type) \ (_DBUS_STRUCT_OFFSET (struct { char _1; type _2; }, _2)) +#endif #if defined(DBUS_DISABLE_CHECKS) || defined(DBUS_DISABLE_ASSERT) /* this is an assert and not an error, but in the typical --disable-checks case (you're trying diff --git a/dbus/dbus-sysdeps-unix.c b/dbus/dbus-sysdeps-unix.c index 8743589f..6b32df66 100644 --- a/dbus/dbus-sysdeps-unix.c +++ b/dbus/dbus-sysdeps-unix.c @@ -2440,7 +2440,7 @@ _dbus_read_credentials_socket (DBusSocket client_fd, #else /* no supported mechanism */ #warning Socket credentials not supported on this Unix OS -#warning Please tell https://bugs.freedesktop.org/enter_bug.cgi?product=DBus +#warning Please tell https://gitlab.freedesktop.org/dbus/dbus/-/issues/new /* Please add other operating systems known to support at least one of * the mechanisms above to this list, keeping alphabetical order. diff --git a/m4/pkg.m4 b/m4/pkg.m4 deleted file mode 100644 index 64be7479..00000000 --- a/m4/pkg.m4 +++ /dev/null @@ -1,155 +0,0 @@ -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# -# Copyright © 2004 Scott James Remnant <scott@netsplit.com>. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# PKG_PROG_PKG_CONFIG([MIN-VERSION]) -# ---------------------------------- -AC_DEFUN([PKG_PROG_PKG_CONFIG], -[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) -m4_pattern_allow([^PKG_CONFIG(_PATH)?$]) -AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=m4_default([$1], [0.9.0]) - AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - PKG_CONFIG="" - fi - -fi[]dnl -])# PKG_PROG_PKG_CONFIG - -# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# -# Check to see whether a particular set of modules exists. Similar -# to PKG_CHECK_MODULES(), but does not set variables or print errors. -# -# -# Similar to PKG_CHECK_MODULES, make sure that the first instance of -# this or PKG_CHECK_MODULES is called, or make sure to call -# PKG_CHECK_EXISTS manually -# -------------------------------------------------------------- -AC_DEFUN([PKG_CHECK_EXISTS], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -if test -n "$PKG_CONFIG" && \ - AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then - m4_ifval([$2], [$2], [:]) -m4_ifvaln([$3], [else - $3])dnl -fi]) - - -# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -# --------------------------------------------- -m4_define([_PKG_CONFIG], -[if test -n "$$1"; then - pkg_cv_[]$1="$$1" - elif test -n "$PKG_CONFIG"; then - PKG_CHECK_EXISTS([$3], - [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`], - [pkg_failed=yes]) - else - pkg_failed=untried -fi[]dnl -])# _PKG_CONFIG - -# _PKG_SHORT_ERRORS_SUPPORTED -# ----------------------------- -AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then - _pkg_short_errors_supported=yes -else - _pkg_short_errors_supported=no -fi[]dnl -])# _PKG_SHORT_ERRORS_SUPPORTED - - -# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -# [ACTION-IF-NOT-FOUND]) -# -# -# Note that if there is a possibility the first call to -# PKG_CHECK_MODULES might not happen, you should be sure to include an -# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -# -# -# -------------------------------------------------------------- -AC_DEFUN([PKG_CHECK_MODULES], -[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl -AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl -AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl - -pkg_failed=no -AC_MSG_CHECKING([for $1]) - -_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) -_PKG_CONFIG([$1][_LIBS], [libs], [$2]) - -m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS -and $1[]_LIBS to avoid the need to call pkg-config. -See the pkg-config man page for more details.]) - -if test $pkg_failed = yes; then - _PKG_SHORT_ERRORS_SUPPORTED - if test $_pkg_short_errors_supported = yes; then - $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors "$2" 2>&1` - else - $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors "$2" 2>&1` - fi - # Put the nasty error message in config.log where it belongs - echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD - - ifelse([$4], , [AC_MSG_ERROR(dnl -[Package requirements ($2) were not met: - -$$1_PKG_ERRORS - -Consider adjusting the PKG_CONFIG_PATH environment variable if you -installed software in a non-standard prefix. - -_PKG_TEXT -])], - [AC_MSG_RESULT([no]) - $4]) -elif test $pkg_failed = untried; then - ifelse([$4], , [AC_MSG_FAILURE(dnl -[The pkg-config script could not be found or is too old. Make sure it -is in your PATH or set the PKG_CONFIG environment variable to the full -path to pkg-config. - -_PKG_TEXT - -To get pkg-config, see <http://pkg-config.freedesktop.org/>.])], - [$4]) -else - $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS - $1[]_LIBS=$pkg_cv_[]$1[]_LIBS - AC_MSG_RESULT([yes]) - ifelse([$3], , :, [$3]) -fi[]dnl -])# PKG_CHECK_MODULES diff --git a/test/data/dbus-installed-tests.aaprofile.in b/test/data/dbus-installed-tests.aaprofile.in index 7a65282a..edb793c1 100644 --- a/test/data/dbus-installed-tests.aaprofile.in +++ b/test/data/dbus-installed-tests.aaprofile.in @@ -32,6 +32,7 @@ # We aren't really confining this process seriously; allow most things. /** mrix, /tmp/dbus-daemon-test.*/{,**} w, + /tmp/dbus-* w, @{sys}/kernel/security/apparmor/** w, dbus (send, receive, bind), network, @@ -44,6 +45,7 @@ #include <abstractions/base> /** mrix, + /tmp/dbus-* w, @{sys}/kernel/security/apparmor/** w, dbus (send, receive, bind), network, @@ -62,6 +64,7 @@ #include <abstractions/base> /** mrix, + /tmp/dbus-* w, @{sys}/kernel/security/apparmor/** w, dbus, network, @@ -88,6 +91,7 @@ #include <abstractions/base> /** mrix, + /tmp/dbus-* w, @{sys}/kernel/security/apparmor/** w, dbus (send, receive, bind), network, diff --git a/tools/ci-build.sh b/tools/ci-build.sh index f286baa7..a8c6893f 100755 --- a/tools/ci-build.sh +++ b/tools/ci-build.sh @@ -82,15 +82,6 @@ init_wine() { # Typical values: ubuntu, debian; maybe fedora in future : "${ci_distro:=ubuntu}" -# ci_docker: -# If non-empty, this is the name of a Docker image. ci-install.sh will -# fetch it with "docker pull" and use it as a base for a new Docker image -# named "ci-image" in which we will do our testing. -# -# If empty, we test on "bare metal". -# Typical values: ubuntu:xenial, debian:jessie-slim -: "${ci_docker:=}" - # ci_host: # See ci-install.sh : "${ci_host:=native}" @@ -130,23 +121,7 @@ init_wine() { # One of static, shared; used for windows cross builds : "${ci_runtime:=static}" -echo "ci_buildsys=$ci_buildsys ci_distro=$ci_distro ci_docker=$ci_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_parallel=$ci_parallel ci_suite=$ci_suite ci_test=$ci_test ci_test_fatal=$ci_test_fatal ci_variant=$ci_variant ci_runtime=$ci_runtime $0" - -if [ -n "$ci_docker" ]; then - exec docker run \ - --env=ci_buildsys="${ci_buildsys}" \ - --env=ci_docker="" \ - --env=ci_host="${ci_host}" \ - --env=ci_parallel="${ci_parallel}" \ - --env=ci_sudo=yes \ - --env=ci_test="${ci_test}" \ - --env=ci_test_fatal="${ci_test_fatal}" \ - --env=ci_variant="${ci_variant}" \ - --env=ci_runtime="${ci_runtime}" \ - --privileged \ - ci-image \ - tools/ci-build.sh -fi +echo "ci_buildsys=$ci_buildsys ci_distro=$ci_distro ci_host=$ci_host ci_local_packages=$ci_local_packages ci_parallel=$ci_parallel ci_suite=$ci_suite ci_test=$ci_test ci_test_fatal=$ci_test_fatal ci_variant=$ci_variant ci_runtime=$ci_runtime $0" maybe_fail_tests () { if [ "$ci_test_fatal" = yes ]; then @@ -339,19 +314,34 @@ case "$ci_buildsys" in maybe_fail_tests cat test/test-suite.log || : - # re-run them with gnome-desktop-testing + # Re-run them with gnome-desktop-testing. + # Also, one test needs a finite fd limit to be useful, so we + # can set that here. env LD_LIBRARY_PATH=/usr/local/lib \ + bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \ gnome-desktop-testing-runner -d /usr/local/share dbus/ || \ maybe_fail_tests - # these tests benefit from being re-run as root, and one - # test needs a finite fd limit to be useful - sudo env LD_LIBRARY_PATH=/usr/local/lib \ - bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \ + # Some tests benefit from being re-run as non-root, if we were + # not already... + if [ "$(id -u)" = 0 ] && [ "$ci_in_docker" = yes ]; then + sudo -u user \ + env LD_LIBRARY_PATH=/usr/local/lib \ gnome-desktop-testing-runner -d /usr/local/share \ - dbus/test-dbus-daemon_with_config.test \ - dbus/test-uid-permissions_with_config.test || \ - maybe_fail_tests + dbus/test-dbus-daemon_with_config.test \ + || maybe_fail_tests + fi + + # ... while other tests benefit from being re-run as root, if + # we were not already + if [ "$(id -u)" != 0 ]; then + sudo env LD_LIBRARY_PATH=/usr/local/lib \ + bash -c 'ulimit -S -n 1024; ulimit -H -n 4096; exec "$@"' bash \ + gnome-desktop-testing-runner -d /usr/local/share \ + dbus/test-dbus-daemon_with_config.test \ + dbus/test-uid-permissions_with_config.test || \ + maybe_fail_tests + fi fi ;; diff --git a/tools/ci-install.sh b/tools/ci-install.sh index 7325e4f2..b32bd823 100755 --- a/tools/ci-install.sh +++ b/tools/ci-install.sh @@ -32,20 +32,13 @@ NULL= # Typical values: ubuntu, debian; maybe fedora in future : "${ci_distro:=ubuntu}" -# ci_docker: -# If non-empty, this is the name of a Docker image. ci-install.sh will -# fetch it with "docker pull" and use it as a base for a new Docker image -# named "ci-image" in which we will do our testing. -: "${ci_docker:=}" - # ci_host: # Either "native", or an Autoconf --host argument to cross-compile # the package : "${ci_host:=native}" # ci_in_docker: -# Used internally by ci-install.sh. If yes, we are inside the Docker image -# (ci_docker is empty in this case). +# "yes" if we are running inside a Docker image. : "${ci_in_docker:=no}" # ci_local_packages: @@ -62,7 +55,7 @@ NULL= # One of debug, reduced, legacy, production : "${ci_variant:=production}" -echo "ci_distro=$ci_distro ci_docker=$ci_docker ci_in_docker=$ci_in_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_suite=$ci_suite ci_variant=$ci_variant $0" +echo "ci_distro=$ci_distro ci_in_docker=$ci_in_docker ci_host=$ci_host ci_local_packages=$ci_local_packages ci_suite=$ci_suite ci_variant=$ci_variant $0" if [ $(id -u) = 0 ]; then sudo= @@ -70,15 +63,6 @@ else sudo=sudo fi -if [ -n "$ci_docker" ]; then - sed \ - -e "s/@ci_distro@/${ci_distro}/" \ - -e "s/@ci_docker@/${ci_docker}/" \ - -e "s/@ci_suite@/${ci_suite}/" \ - < tools/ci-Dockerfile.in > Dockerfile - exec docker build -t ci-image . -fi - case "$ci_distro" in (debian|ubuntu) # Don't ask questions, just do it @@ -228,11 +212,6 @@ if [ "$ci_local_packages" = yes ]; then wget ${mirror}/${filename} tar -C ${dep_prefix} --strip-components=1 -xvf ${filename} done - - # limit access rights - if [ "$ci_in_docker" = yes ]; then - chown -R user "${dep_prefix}" - fi ;; esac fi |