- 27 Jun, 2017 3 commits
-
-
Simon McVittie authoredIf we somehow get an autolaunch address with multiple semicolon-separated components, and one of them fails, then we will hit an assertion failure when we try the next one. Signed-off-by:
Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com> Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101257 (cherry picked from commit ecdcb86b)
-
Simon McVittie authored
The build timestamp is not particularly useful (the version number of the package is already present in the HTML), and it prevents the build from being reproducible. See <https://reproducible-builds.org/> for more information. Signed-off-by:
Simon McVittie <smcv@debian.org> Reviewed-by:
-
Shin-ichi MORITA authored
The error message was leaked when blocking on a pending call after the connection was disconnected. Reviewed-by:
Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101481
-
- 19 Apr, 2017 1 commit
-
-
Simon McVittie authored
git.freedesktop.org no longer offers anonymous checkouts; that facility moved to anongit.freedesktop.org. Signed-off-by:
Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100715
-
- 07 Apr, 2017 1 commit
-
-
Simon McVittie authored
-
- 05 Apr, 2017 3 commits
-
-
Simon McVittie authored
Signed-off-by: -
Philip Withnall authored
Spotted while testing bug #100568. Signed-off-by:
Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100568 -
Philip Withnall authored
One level of pointer indirection too many when passing the arguments to dbus_message_append_args(). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100568Signed-off-by:
Simon McVittie <smcv@collabora.com>
-
- 22 Mar, 2017 3 commits
-
-
Simon McVittie authored
-
Simon McVittie authored
-
Laurent Bigonville authored
avc_init() in the SELinux code path is creating a new thread, we need to set to capabilities before it gets created so it has the permission to send audit messages. It also make more sense to open the audit netlink before the different logging callbacks are set. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92832 [smcv: add comments explaining why initialization must happen in this specific order] Reviewed-by:
Simon McVittie <simon.mcvittie@collabora.co.uk> Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857660Reviewed-by:
Stephen Smalley <sds@tycho.nsa.gov> (cherry picked from commit a3a5935a)
-
- 16 Feb, 2017 6 commits
-
-
Simon McVittie authored
Signed-off-by: -
Simon McVittie authored
Signed-off-by: -
Simon McVittie authored
-
Simon McVittie authored
Creating a directory is atomic, stat'ing it to see whether to remove it is very much not. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99828Signed-off-by:
-
Simon McVittie authored
If we don't trap EEXIST and its Windows equivalent, we are unable to detect the situation where we create an ostensibly unique subdirectory in a shared /tmp, but an attacker has already created it. This affects dbus-nonce (the nonce-tcp transport) and the activation reload test. Add a new _dbus_ensure_directory() for the one case where we want it to succeed even on EEXIST: the DBUS_COOKIE_SHA1 keyring, which we know we are creating in our own trusted "official" $HOME. In the new transient service support on Bug #99825, ensure_owned_directory() would need the same treatment. We are not treating this as a serious security problem, because the nonce-tcp transport is rarely enabled on Unix and there are multiple mitigations. The nonce-tcp transport creates a new unique file with O_EXCL and 0600 (private to user) permissions, then overwrites the requested filename via atomic-overwrite, so the worst that could happen there is that an attacker could place a symbolic link matching the name of a directory we are going to create, causing a dbus-daemon configured for nonce-tcp to traverse the symlink and atomically overwrite a file named "nonce" in a directory of the attacker's choice, with new random contents that are not known to the attacker. This seems unlikely to be exploitable for anything worse than denial of service in practice. In mainline Linux since 3.6, this attack is also defeated by the fs.protected_symlinks sysctl, which many distributions enable by default. The activation reload test suffers from a classic symlink attack due to time-of-check/time-of-use errors in its implementation, but as part of the developer-only "embedded tests" that are only intended to be run on a trusted machine, it is not treated as security-sensitive. That code path will be fixed in a subsequent commit. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99828Signed-off-by:
-
Simon McVittie authored
Hopefully this has better uptime than snapshot.debian.org, which is really an archival service rather than a production component. This particular autoconf-archive version was in Ubuntu 16.10, so it should stay around for a while. Signed-off-by:
-
- 01 Feb, 2017 1 commit
-
-
Simon McVittie authored
-
- 29 Nov, 2016 14 commits
-
-
Simon McVittie authored
Signed-off-by:
-
Simon McVittie authored
Signed-off-by:
-
Simon McVittie authored
Debian stable, Debian testing and Ubuntu LTS provide a reasonable spectrum of old and new distributions. I'm only doing one build on each to avoid a combinatorial explosion of options. The Docker images don't have any deb-src apt sources set up, so don't use `apt-get build-dep`; just include dependencies manually. Signed-off-by:
-
Simon McVittie authored
Reviewed-by:
-
Simon McVittie authored
Taken from the version I added to OSTree. Signed-off-by:
-
Simon McVittie authored
set -u forces us to set all variables that we use (for example with the ${foo:=bar} syntax to take an existing value or set a default), or use the ${foo:-bar} syntax to make it explicit that the variable might be unset. set -o pipefail (which is a bash feature) detects failure in non-last elements of a pipeline. Signed-off-by: -
Simon McVittie authored
Signed-off-by:
-
Simon McVittie authored
This aligns it with the more generic script based on this one that I sent to OSTree. Signed-off-by:
-
Simon McVittie authored
This realigns it with the script loosely based on this one that I sent to OSTree. Signed-off-by:
-
Simon McVittie authored
Signed-off-by:
-
Simon McVittie authored
This avoids confusion with the meaning of "release" used by AX_IS_RELEASE. AX_IS_RELEASE is about facts about the source tree, namely the distinction between releases (tags) and random snapshots. The build variants in .travis.yml are about facts about the build being done, namely the distinction between production and debug/developer builds. Production builds are sometimes referred to as "release builds", for example in typical CMake and MSVC build environments, but a different term seems better here. Signed-off-by:
-
Simon McVittie authored
This way the link won't expire in future. Signed-off-by: -
Simon McVittie authored
Signed-off-by: -
Simon McVittie authored
Signed-off-by:
-
- 28 Nov, 2016 5 commits
-
-
Simon McVittie authored
Signed-off-by: -
Simon McVittie authored
Signed-off-by: -
Simon McVittie authored
We are not going to fix the inconsistent tab/space indentation in a stable branch just to keep gcc happy. Signed-off-by: -
Simon McVittie authored
This is a workaround for <https://bugs.freedesktop.org/show_bug.cgi?id=95263>. If a service sends a file descriptor sufficiently frequently that its queue of messages never goes down to 0 fds pending, then it will eventually be disconnected. logind is one such service. We do not currently have a good solution for this: the proposed patches either don't work, or reintroduce a denial of service security vulnerability (CVE-2014-3637). Neither seems desirable. However, we can avoid the worst symptoms by trusting uid 0 not to be malicious. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=95263 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1591411 Reviewed-by: Łukasz Zemczak Tested-by: Ivan Kozik Tested-by: Finn Herpich Tested-by: autostatic Tested-by: Ben Parafina Signed-off-by:
-
Simon McVittie authored
This is either a denial-of-service attempt, a pathological performance problem or a dbus-daemon bug. Sysadmins should be told about any of these. Bug: https://bugs.freedesktop.org/show_bug.cgi?id=86442 [smcv: add units to timeout: it is in milliseconds] Signed-off-by:
-
- 22 Nov, 2016 3 commits
-
-
Simon McVittie authored
This avoids installing the build-dependencies for dbus and its tests, then uninstalling them all because they rely on libraries whose versions are older than the ones needed by wine:i386 (and apparently apt prefers to remove those libraries rather than upgrade them). Doing it this way round seems to convince apt to do the right thing. Signed-off-by: -
Simon McVittie authored
Signed-off-by: -
Simon McVittie authored
Signed-off-by:
-
