summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* DBusMessage: add support for custom marshalingbaserock/genivi/dbus-1.9.4Aleksandar Kanchev2014-12-024-44/+132
| | | | | | | Add functions to support querying and manipulating the message body and signature. This is useful for code generators, which can generate custom marshaling functions based on a given IDL. Those functions tend to be optimized and faster than the generic iterator based marshaling.
* 1.9.4dbus-1.9.4Simon McVittie2014-11-242-3/+5
|
* Revert "Start spec 0.26"Simon McVittie2014-11-241-9/+1
| | | | This reverts commit cdd9e9a65c40ac4c21dcd36e9bd0fd6c746ad753.
* Upgrade auth_timeout violation to a warning, since this branch has thoseSimon McVittie2014-11-241-1/+1
|
* Merge branch 'dbus-1.8'Simon McVittie2014-11-243-1/+27
|\ | | | | | | | | | | Conflicts: NEWS configure.ac
| * 1.8.12dbus-1.8.12Simon McVittie2014-11-242-3/+23
| |
| * Revert "config: change default auth_timeout to 5 seconds"Simon McVittie2014-11-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 54d26df52b6a394bea175651d1d7ad2ab3f87dea. It appears this change may cause intermittent slow or failed boot, more commonly on slower/older machines, in at least Mageia and possibly also Debian. This would indicate that while the system is under load, system services are not completing authentication within 5 seconds. This change was not the main part of fixing CVE-2014-3639, but does help to mitigate that attack. As such, increasing this timeout makes the denial of service attack described by CVE-2014-3639 somewhat more effective: a local user connecting to the system bus repeatedly from many parallel processes can cause other users' attempts to connect to take longer. If your machine boots reliably with the shorter timeout, and resilience against local denial of service attacks is important to you, putting this in /etc/dbus-1/system-local.conf or a file matching /etc/dbus-1/system.d/*.conf can restore the lower limit: <busconfig> <limit name="auth_timeout">5000</limit> </busconfig> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
| * Log to syslog when auth_timeout drops an incomplete connectionSimon McVittie2014-11-221-0/+8
| | | | | | | | | | | | | | This is a symptom of either a denial of service attack, or a serious performance problem. Either way, sysadmins should know. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86431
* | Use DBUS_SYSTEM_LOG_WARNING for failure to alter fd-limitsSimon McVittie2014-11-182-3/+3
| | | | | | | | | | Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85105
* | DBusSystemLogSeverity: add DBUS_SYSTEM_LOG_WARNINGAlban Crequy2014-11-184-1/+8
| | | | | | | | | | Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85105
* | Merge branch 'dbus-1.8'Simon McVittie2014-11-142-0/+24
|\ \ | |/
| * README, HACKING: add some brief notes on reporting security vulnerabilitiesSimon McVittie2014-11-142-0/+24
| | | | | | | | We now have a private mailing list that can be the security contact.
* | Merge branch 'dbus-1.8'Simon McVittie2014-11-142-2/+6
|\ \ | |/
| * NEWSSimon McVittie2014-11-141-1/+5
| |
| * Set error when message delivery is denied due to receive ruleJacek Bukarewicz2014-11-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | This makes bus_context_check_security_policy follow convention of setting errors if function indicates failure and has error parameter. Notable implication is that AccessDenied error will be sent if sending message to addressed recipient is denied due to receive rule. Previously, message was silently dropped. This also fixes assertion failure when message is denied at addressed recipient while sending pending auto activation messages. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86194
* | Merge branch 'dbus-1.8'Simon McVittie2014-11-100-0/+0
|\ \ | |/ | | | | | | Conflicts: NEWS
| * next version number will be 1.8.12Simon McVittie2014-11-101-1/+1
| |
* | Start spec 0.26Simon McVittie2014-11-101-1/+9
| |
* | 1.9.3Simon McVittie2014-11-102-1/+6
|\ \ | |/
| * 1.8.11Simon McVittie2014-11-102-1/+6
| |
* | 1.9.2, spec 0.25dbus-1.9.2Simon McVittie2014-11-063-8/+8
| |
* | Merge branch 'dbus-1.8'Simon McVittie2014-11-067-43/+234
|\ \ | |/ | | | | | | | | Conflicts: NEWS configure.ac
| * Embargoed security release for Mondaydbus-1.8.10Simon McVittie2014-11-062-4/+11
| |
| * CVE-2014-7824: set fd rlimit to 64k for the system dbus-daemonSimon McVittie2014-11-066-43/+227
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures that our rlimit is actually high enough to avoid the denial of service described in CVE-2014-3636 part A. CVE-2014-7824 has been allocated for this incomplete fix. Restore the original rlimit for activated services, to avoid them getting undesired higher limits. (Thanks to Alban Crequy for various adjustments which have been included in this commit.) Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85105 Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
* | NEWSSimon McVittie2014-11-061-0/+8
| |
* | Add NetBSD to the list of platforms where credentials-passing a pid should workSimon McVittie2014-11-061-1/+2
| | | | | | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69702 Reviewed-by: Patrick Welche <prlw1@cam.ac.uk> Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk> Tested-by: Patrick Welche <prlw1@cam.ac.uk>
* | test_processid: only assert that it works if we expect it to workSimon McVittie2014-11-061-10/+22
| | | | | | | | | | | | | | | | | | Otherwise, this would fail on, for instance, QNX. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69702 Reviewed-by: Patrick Welche <prlw1@cam.ac.uk> Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk> Tested-by: Patrick Welche <prlw1@cam.ac.uk>
* | whitespace/comment fixesPatrick Welche2014-11-062-2/+2
| | | | | | | | | | | | | | | | [originally part of the previous commit -smcv] Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69702 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
* | Implement NetBSD credentials-passing with LOCAL_PEEREIDPatrick Welche2014-11-064-6/+96
| | | | | | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69702 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk> Tested-by: Patrick Welche <prlw1@cam.ac.uk>
* | dbus-daemon test: don't assert we pass uid/pid on unknown Unix platformsSimon McVittie2014-11-061-1/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We know that Linux, FreeBSD and OpenBSD are "first class citizens" for credentials-passing, with NetBSD not far behind: people have turned up on the bug tracking system and told us that tests passed. On other Unixes, we can't really assert that it works, until someone who runs them tells us that it worked for them. Additions to these lists are welcome. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=69702 Reviewed-by: Patrick Welche <prlw1@cam.ac.uk> Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk> Tested-by: Patrick Welche <prlw1@cam.ac.uk>
* | NEWSSimon McVittie2014-10-291-0/+15
| |
* | dbus-spawn: do not forget the exec() errno when the grandchild exitsSimon McVittie2014-10-291-1/+17
| | | | | | | | | | | | | | | | | | | | | | | | As is already noted in a comment in _dbus_babysitter_set_child_exit_error(), if the grandchild fails to exec() the desired process, we get both CHILD_EXEC_FAILED (with an errno) and CHILD_EXITED (with a status), and we want to report the former, since it is more informative. However, clearing sitter->errnum meant we lose the errno value. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=24821 Reviewed-by: Ross Lagerwall
* | dbus-tutorial: replace the entire GLib section with "use GDBus"Simon McVittie2014-10-291-939/+13
| | | | | | | | | | | | Also provide links to relevant GLib and Qt documentation. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=25140
* | Stop asserting that we're not using the dummy lock implementationSimon McVittie2014-10-291-10/+0
| | | | | | | | | | | | | | | | | | That implementation no longer exists, so neither 0xABCDEF nor 0xABCDEF2 has any special meaning any more. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=54972 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
* | Use a better NoReply message for disconnection with reply pendingSimon McVittie2014-10-295-3/+120
| | | | | | | | | | | | | | | | | | | | As an implementation detail, dbus-daemon handles this situation by artificially triggering a timeout (even if its configured timeout for method calls is in fact infinite). However, using the same debug message for both is misleading, and can lead people who are debugging a service crash to blame dbus-daemon instead, wasting their time. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=76112
* | dbus-sysdeps-unix: document the assumption that makes our use of credentials ↵Simon McVittie2014-10-291-0/+19
| | | | | | | | | | | | | | secure Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83499 Reviewed-by: Alban Crequy <alban.crequy@collabora.co.uk>
* | Consistently save and restore errnoSimon McVittie2014-10-297-51/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some functions in dbus-transport-socket.c make a (wrapped) socket syscall, then call other APIs, then test the result and errno of the socket syscall. This would break horribly if those "other APIs" overwrote errno with their own value (... and this is part of why errno is an awful API). Notably, if running under DBUS_VERBOSE, _dbus_verbose() is basically fprintf(), which sets errno; and our Unix fd-passing support makes calls of the form _dbus_verbose ("Read/wrote %i unix fds\n", n) between the syscall and the result processing. Maybe one day we'll convert all of dbus' syscall wrappers to either raise a DBusError, or use the "negative errno" convention that systemd borrowed from the Linux kernel, and in particular, we would need to do that if we ever ported it to a platform where socket error reporting was not basically errno. However, in practice everyone uses something derived from BSD sockets, so "this sets errno, you know what errno is" is a good enough internal API if we make sure to use it correctly. Nothing calls _dbus_get_is_errno_nonzero(), so I just removed it instead of converting it to the new calling convention. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83625
* | NEWSSimon McVittie2014-10-291-1/+19
| |
* | Implement getter, setter for ALLOW_INTERACTIVE_AUTHORIZATION flagSimon McVittie2014-10-282-0/+56
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83449 Reviewed-by: Lennart Poettering
* | build: include dbus-sysdeps-unix.h for _dbus_fd_set_close_on_execPatrick Welche2014-10-281-0/+1
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=85563 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | dbus-spec, dbus-protocol: add ALLOW_INTERACTIVE_AUTHORIZATION flagSimon McVittie2014-10-282-0/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Heavily based on a patch from Lennart Poettering. This is useful for authentication frameworks such as polkit, but this flag is supposed to be generic, and not be bound to any implementation of such a framework. The dbus specification already clarifies that unknown flags must be ignored, the reference implementation and the other implementations we checked indeed ignore any new flags, hence we should be fine with compatibility here. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83449
* | Include test-dbus and test-bus in cmake 'make check' target.Ralf Habacker2014-10-242-4/+3
| | | | | | | | | | | | | | | | Because test-dbus and test-bus lives in subdirectory dbus/bus, we need to define make 'check' in top level source directory. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73689 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | test-bus, test-dbus: close any inherited fds from callerSimon McVittie2014-10-242-0/+18
| | | | | | | | | | | | | | | | | | | | It is probably a bug for them to pass us any fds without close-on-exec; but apparently CMake has this bug, and so does at least some NetBSD GUI environment. Cope. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73689 Bug: https://bugs.freedesktop.org/show_bug.cgi?id=83899 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* | cmake: only copy session.conf and system.conf into test data dirSimon McVittie2014-10-241-1/+4
| | | | | | | | | | | | | | | | | | | | | | Historically, CMake used the glob *.conf.in whereas Autotools listed the files explicitly. This used to be equivalent, but broke down when we added example-*.conf.in which are just snippets rather than complete configuration files (they're intended to go in session.d or system.d, or otherwise get included by the main config file). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73689 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
* | Add configure checks for accept4, dirfd, inotify_init1 and unix_fd_passing ↵Ralf Habacker2014-10-242-0/+9
| | | | | | | | | | | | | | to cmake build system. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73689 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Add configure check for pipe2 to cmake build system.Ralf Habacker2014-10-172-0/+5
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=73689 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | NEWSSimon McVittie2014-10-141-0/+7
| |
* | dbus-test-tool: add black-hole modeAlban Crequy2014-10-143-32/+123
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34140 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | dbus-test-tool spam: add --messages-per-conn=NAlban Crequy2014-10-141-17/+77
| | | | | | | | | | Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34140 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
* | Add dbus-test-tool, currently with "echo" and "spam" modesAlban Crequy2014-10-148-0/+842
| | | | | | | | | | | | | | | | | | | | This is installed by default, but easy to filter out for embedded systems or whatever. Based on earlier work by Simon McVittie and Will Thompson Bug: https://bugs.freedesktop.org/show_bug.cgi?id=34140 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
View Lorry Controller Status