summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-09-05New upstream stable release 1.6.14debian/1.6.14-1Simon McVittie1-0/+8
- fixes an infinite busy-loop if waitpid() is interrupted by a signal while spawning a subprocess (Closes: #721932)
2013-09-05Merge tag 'upstream/1.6.14'Simon McVittie27-1396/+2472
Upstream version 1.6.14
2013-09-05Imported Upstream version 1.6.14upstream/1.6.14Simon McVittie27-1396/+2472
2013-09-051.6.14Simon McVittie2-2/+7
2013-09-05_dbus_babysitter_unref: avoid infinite loop if waitpid() returns EINTRSimon McVittie1-5/+8
If waitpid() failed with EINTR, we'd go back for another go, but because ret is nonzero, we'd skip the waitpid() and just keep looping. Also avoid an unnecessary "goto" in favour of a proper loop, to make it more clearly correct. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68945 Reviewed-by: Colin Walters <walters@verbum.org>
2013-09-05NEWS for 1.6Simon McVittie1-0/+5
2013-09-05Use iface instead of interface in function parametersIvan Romanov2-37/+37
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66493 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> (cherry picked from commit 0928169cf80bf767f7246ecaa52cc01e198bb15a)
2013-09-05run-with-tmp-session-bus.sh: create a unique temporary file per processSimon McVittie2-4/+7
This makes the regression tests OK to run in parallel. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=68852 Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de> (cherry picked from commit 9d80d46a794e0770494aa517d1b94e7e6ea9e21d)
2013-09-05NEWS for 1.6Simon McVittie1-0/+3
2013-07-25test/marshal: Ensure we use suitably aligned buffersColin Walters1-5/+22
This test was failing on s390; though it could fail on other platforms too. Basically we need to be sure we're passing at least word-aligned buffers to the demarshalling code. malloc() will do that for us. https://bugs.freedesktop.org/show_bug.cgi?id=67279
2013-07-01NEWS for 1.6.xSimon McVittie1-0/+3
2013-07-01Make the test for #53499 more obviously correctSimon McVittie1-1/+1
2013-07-01Test: add a test case for escaping byte > 127Chengwei Yang1-1/+3
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499 Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-07-01Fix: a non ascii byte will trigger BadAddress errorChengwei Yang3-5/+5
If a byte in DBusString *unescaped isn't a ascii byte, which will be cast to char (signed char on most of platform), so that's the issue unsigned char cast to signed char. e.g. "\303\266" is a valid unicode character, if everything goes right, it will be escaped to "%c3%b6". However, in fact, it escaped to "%<garbage-byte>3%<garbage-byte>6". _dbus_string_append_byte_as_hex() take an int parameter, so negative byte is valid, but cause get a negative index in array. So garbage value will get. e.g. '\303' --> hexdigits[((signed byte)(-61)) >> 4] is hexdigits[-4]. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=53499 Sgne-off-by: Chengwei Yang <chengwei.yang@intel.com> [fixed whitespace -smcv] Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-06-28NEWSSimon McVittie1-0/+3
2013-06-28Remove invoke of va_end before va_startChengwei Yang1-2/+1
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=66300
2013-06-20NEWS for #65959Simon McVittie1-1/+4
2013-06-20DBusString: fix may crash if try to free an uninitialized strChengwei Yang1-0/+8
If the str will be freed hasn't been initialized by _dbus_string_init correctly, _dbus_string_free may crash due to trying to free an undefined memory. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=65959 Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-06-13Add release name for 1.6.12Simon McVittie1-0/+2
2013-06-12Start 1.6.13Simon McVittie2-1/+6
2013-06-12New upstream stable release 1.6.12debian/1.6.12-1Simon McVittie1-0/+8
- CVE-2013-2168: avoid a user-triggerable crash (denial of services) in system services that use libdbus
2013-06-12Merge tag 'upstream/1.6.12'Simon McVittie24-776/+1270
Upstream version 1.6.12
2013-06-12Imported Upstream version 1.6.12upstream/1.6.12Simon McVittie24-776/+1270
2013-06-12Prepare embargoed release for tomorrowSimon McVittie2-3/+7
2013-06-12Add a test-case for CVE-2013-2168Simon McVittie2-0/+94
Reviewed-by: Thiago Macieira <thiago@kde.org> [build system adjusted to compile it even if we don't have GLib -smcv]
2013-06-12CVE-2013-2168: _dbus_printf_string_upper_bound: copy the va_list for each useSimon McVittie2-5/+20
Using a va_list more than once is non-portable: it happens to work under the ABI of (for instance) x86 Linux, but not x86-64 Linux. This led to _dbus_printf_string_upper_bound() crashing if it should have returned exactly 1024 bytes. Many system services can be induced to process a caller-controlled string in ways that end up using _dbus_printf_string_upper_bound(), so this is a denial of service. Reviewed-by: Thiago Macieira <thiago@kde.org>
2013-06-12NEWS for 1.6.xSimon McVittie1-1/+10
2013-06-12Fix dbus-daemon crash due to invalid service fileChengwei Yang1-0/+6
dbus-daemon will crash due to invalid service file which key/value starts before section. In that situation, new_line() will try to access invalid address. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=60853 Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-06-05Fix build error: unused-resultChengwei Yang1-2/+8
Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-06-05When "activating" systemd, handle its special case betterChengwei Yang1-5/+14
When dbus-daemon receives a request to activate a systemd service before systemd has connected to it, it enqueues a fake request to "activate" systemd itself (as a way to get a BusPendingActivationEntry to track the process of waiting for systemd). When systemd later joins the bus, dbus-daemon sends the actual activation message; any future activation messages are sent directly to systemd. In the "pending" code path, the activation messages are currently dispatched as though they had been sent by the same process that sent the original activation request, which is wrong: the bus security policy probably doesn't allow that process to talk to systemd directly. They should be dispatched as though they had been sent by the dbus-daemon itself (connection == NULL), the same as in the non-pending code path. In the worst case, if the attempt to activate systemd timed out, the dbus-daemon would crash with a (fatal) warning, because in this special case, activation_message is a signal with no serial number, whereas the code to send an error reply is expecting a method call with a serial number. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=50199 Signed-off-by: Chengwei Yang <chengwei.yang@intel.com> Tested-by: Ma Yu <yu.ma@intel.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-05-08to unstabledebian/1.6.10-1Simon McVittie2-4/+4
2013-04-24development versionSimon McVittie2-1/+6
2013-04-24make branch name consistent with debian-squeeze, etc.Simon McVittie1-1/+1
2013-04-24Drop now-unnecessary patchSimon McVittie3-98/+0
2013-04-24Do the debug build --with-valgrind on mipsel, tooSimon McVittie2-1/+2
2013-04-24New upstream stable release 1.6.10Simon McVittie1-18/+19
2013-04-24Merge tag 'upstream/1.6.10' into jessieSimon McVittie21-329/+426
Upstream version 1.6.10
2013-04-24Imported Upstream version 1.6.10upstream/1.6.10Simon McVittie1-1/+3
2013-04-24Prepare release 1.6.10Simon McVittie2-3/+5
2013-04-23Imported Upstream version 1.6.10Simon McVittie21-329/+424
2013-04-23Branch for jessie-targeted changesSimon McVittie2-4/+4
2013-04-23Don't install man pages if we wouldn't have built themSimon McVittie1-1/+2
2013-04-22NEWS for 1.6Simon McVittie1-0/+4
2013-04-22Accept non-characters when validating UnicodeSimon McVittie2-11/+5
Unicode Corrigendum #9 clarifies that the non-characters U+nFFFE (for n in the range 0 to 0x10), U+nFFFF (for n in the same range), and U+FDD0..U+FDEF are valid for interchange, and their presence does not make a string ill-formed. GLib 2.36 made the corresponding change in its definition of UTF-8 as used by g_utf8_validate() and similar functions. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63072 Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-04-05Allow use of GLib 2.32 functionality, which we do conditionallySimon McVittie1-1/+1
2013-04-05Don't warn for functions deprecated since GLib 2.26Simon McVittie1-0/+3
Also warn if we inadvertently use a function introduced since then. Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=59971 Reviewed-by: Colin Walters <walters@verbum.org>
2013-04-05NEWS for 1.6Simon McVittie1-0/+4
2013-04-05Don't access random memory if data slot isn't allocated yetDan Williams1-1/+2
If DBUS_DISABLE_ASSERTS was turned on, and a buggy program called dbus_connection_get_data() with a slot number less than zero (eg, before even allocating the data slot), random memory would be accessed and a random value returned. Anything less than zero is not a valid slot number and should be rejected by libdbus. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63127 Signed-off-by: Dan Williams <dcbw@redhat.com> Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
2013-04-03NEWS for 1.6Simon McVittie1-0/+4
2013-04-03If alloca.h is available it is required (e.g. on Solaris 10)Dagobert Michelsen2-0/+5
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=63071 Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 05:15:02 +0000