Bug#1052068: bookworm-pu: package dbus/1.14.10-1~deb12u1
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: dbus@packages.debian.org
Control: affects -1 + src:dbus
[ Reason ]
New upstream bugfix release
[ Impact ]
If not accepted:
1. On kernels not supporting SO_PEERGROUPS (pre-buster or custom kernels),
the system bus can crash if its configuration/policy is reloaded
(ReloadConfig() or SIGHUP) while there is a connection whose associated
groups can't be found via getgrouplist() (dbus#343 upstream). I
would rate this as Severity: important, because it'll rarely happen
(particularly on bookworm), but its effect is to make the system
unusable for many workloads, notably desktop systems.
2. Relatedly, in similar situations, error reporting was wrong and the error
message was reported as "(null)" (dbus#343 upstream).
I would rate this as Severity: normal.
3. D-Bus clients could not retrieve the group IDs of a peer that has a
primary group ID but no supplementary groups. (dbus!422 upstream)
I would rate this as Severity: normal.
4. On systems with dbus-user-session but not dbus-x11, $XDG_CURRENT_DESKTOP
was not always propagated to systemd and D-Bus user/session services,
which will cause problems for backports of xdg-desktop-portal 1.17+
and possibly other freedesktop-ish services, which want to use
$XDG_CURRENT_DESKTOP to implement desktop-environment-dependent
behaviours like having different default programs. (Debian-specific)
I would rate this as Severity: wishlist right now, but it becomes
Severity: important if we backport a newer version of xdg-desktop-portal.
Also, if I need to do a security update for dbus 1.14.x during bookworm's
remaining lifetime (relatively likely), it will have a smaller diffstat if
these changes are already in.
[ Tests ]
This is a straightforward backport of a version that has been in unstable
for 2 weeks and in testing for 10 days. A test-build that differs only in
the changelog and version numbering is available from:
https://people.debian.org/~smcv/12.2/pool/main/d/dbus/
and seems to work fine on my household's bookworm laptop/desktop systems.
Automated build-time tests and as-installed tests (autopkgtest) pass.
References to (1.), etc. below refer to the Impact section above:
I did some manual testing on the error handling changes (1. and 2.) during
their upstream development, by modifying the function that uses
SO_PEERGROUPS to make it always fail so that we'd fall back to the
old-kernel code path, and it behaved correctly. There is also a new
automated test which covers (2.), although it isn't sufficiently full-stack
to cover (1.).
Manual test for (3.):
With current bookworm packages, and NetworkManager installed and running
as root as it normally does,
dbus-send --print-reply --system --dest=org.freedesktop.DBus \
/org/freedesktop/DBus org.freedesktop.DBus.GetConnectionCredentials \
string:org.freedesktop.NetworkManager
prints credentials that include ProcessID = (pid) and UnixUserID = 0.
With the proposed version, it additionally reports UnixGroupIDs = [0]
as expected.
Manual test for (4.):
In a VM with current bookworm packages, after
`apt install --no-install-recommends gdm3 xfce4 xorg; apt purge dbus-x11; reboot`
and logging into an XFCE session, `systemctl --user show-environment`
does not include XDG_CURRENT_DESKTOP. After rebooting into the proposed
version, the same command's output has XDG_CURRENT_DESKTOP=XFCE as
expected.
(For this test it needs to be a desktop environment that has DesktopNames
in its xsessions file, but doesn't upload XDG_CURRENT_DESKTOP
to dbus-daemon/systemd itself, like GNOME and KDE Plasma do. XFCE and
Enlightenment make good examples)
[ Risks ]
All changes are targeted and reasonably obvious, and all except (4.) have
been through upstream review, so I think the regression risk is small.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
References to (1.), etc. refer to the Impact section above.
bus/connection.c (first diff section), dbus/dbus-sysdeps-util-unix.c,
dbus/dbus-userdb.h, dbus/dbus-userdb-util.c:
Fix (2.) (dbus#343) by propagating a lower-layer error message through
the system to higher layers instead of leaving the higher-layer
error indicator unset
bus/policy.c, bus/connection.c (second diff section),
dbus/dbus-sysdeps-util-win.c:
Adapt to internal interface changes required by (1.) and (2.) by
adding a placeholder parameter where needed
bus/connection.c (the rest):
Fix the crash (1.) (dbus#343) by not leaving a NULL pointer in an
internal data structure on failure, where it would have caused a NULL
dereference and crash later on
bus/bus.c, bus/bus.h:
While fixing (1.) and (2.) (dbus#343) we realised that when the
problematic situation was reached, if the dbus-daemon didn't crash,
it would stop reloading unrelated connections' policies, which seems
unexpected and could possibly have security implications. Now it
reloads the policies for as many connections as it can, and keeps
the pre-existing policy (with a warning) for any connections where
reloading was unsuccessful.
dbus/dbus-sysdeps-unix.c:
Fix (3.) (dbus!422) by treating a zero-byte return from getsockopt()
as successfully reporting "0 supplementary groups"
test/:
Unit test coverage for (2.), and adapt to related internal interface
changes
AUTHORS, cmake/DBus1ConfigVersion.cmake, configure.ac, NEWS:
Administrative changes for new upstream release
debian/20dbus_xdg-runtime:
Debian-specific, installed as /etc/X11/Xsession.d/20dbus_xdg-runtime
in dbus-user-session. Fix (4.)
Filtered to remove Autotools noise:
filterdiff -p1 \
-xbuild-aux/ltmain.sh \
-x'*/Makefile.in' \
-xMakefile.in \
-xaminclude_static.am \
-xconfigure
diffstat for dbus-1.14.8 dbus-1.14.10
AUTHORS | 2
Makefile.in | 2
NEWS | 19 +++++
aminclude_static.am | 2
build-aux/ltmain.sh | 28 ++-----
bus/Makefile.in | 2
bus/bus.c | 35 +++++++++
bus/bus.h | 1
bus/connection.c | 18 +++--
bus/policy.c | 2
cmake/DBus1ConfigVersion.cmake | 2
configure | 26 +++----
configure.ac | 4 -
dbus/Makefile.in | 2
dbus/dbus-sysdeps-unix.c | 9 --
dbus/dbus-sysdeps-util-unix.c | 6 +
dbus/dbus-sysdeps-util-win.c | 15 +++-
dbus/dbus-sysdeps.h | 3
dbus/dbus-userdb-util.c | 15 ++--
dbus/dbus-userdb.h | 3
debian/20dbus_xdg-runtime | 6 +
debian/changelog | 26 +++++++
test/CMakeLists.txt | 1
test/Makefile.am | 4 +
test/Makefile.in | 32 +++++++-
test/internals/misc-internals.c | 6 -
test/internals/userdb.c | 143 ++++++++++++++++++++++++++++++++++++++++
27 files changed, 338 insertions(+), 76 deletions(-)
diff -Nru dbus-1.14.8/AUTHORS dbus-1.14.10/AUTHORS
--- dbus-1.14.8/AUTHORS 2023-06-06 14:00:36.000000000 +0100
+++ dbus-1.14.10/AUTHORS 2023-09-01 15:28:31.000000000 +0100
@@ -38,6 +38,7 @@
Colin Watson <cjwatson@ubuntu.com>
Cosimo Alfarano <cosimo.alfarano@collabora.com>
Cosimo Alfarano <cosimo.alfarano@collabora.co.uk>
+cptpcrd <cptpcrd.git@gmail.com>
Cristian Onet <onet.cristian@gmail.com>
Cristian Rodríguez <cristian.rodriguez@opensuse.org>
Cristian Rodríguez <crrodriguez@opensuse.org>
@@ -170,6 +171,7 @@
Paul Bolle <pebolle@tiscali.nl>
Pavel Strashkin <pavel.strashkin@gmail.com>
Pavel Strashkin <pavel.strashkin@nexenta.com>
+Peter Benie <pjb1008>
Peter Breitenlohner <peb@mppmu.mpg.de>
Peter Kümmel <syntheticpp@gmx.net>
Peter McCurdy <peter.mccurdy@gmail.com>
diff -Nru dbus-1.14.8/bus/bus.c dbus-1.14.10/bus/bus.c
--- dbus-1.14.8/bus/bus.c 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/bus/bus.c 2023-09-01 15:23:58.000000000 +0100
@@ -1412,11 +1412,42 @@
BusClientPolicy*
bus_context_create_client_policy (BusContext *context,
DBusConnection *connection,
+ BusClientPolicy *previous,
DBusError *error)
{
+ BusClientPolicy *client;
+ DBusError local_error = DBUS_ERROR_INIT;
+ const char *conn;
+ const char *loginfo;
+
_DBUS_ASSERT_ERROR_IS_CLEAR (error);
- return bus_policy_create_client_policy (context->policy, connection,
- error);
+
+ client = bus_policy_create_client_policy (context->policy, connection,
+ &local_error);
+
+ /* On success, use new policy */
+ if (client != NULL)
+ return client;
+
+ /* On failure while setting up a new connection, fail */
+ if (previous == NULL)
+ {
+ dbus_move_error (&local_error, error);
+ return NULL;
+ }
+
+ /* On failure while reloading, keep the previous policy */
+ conn = bus_connection_get_name (connection);
+ loginfo = bus_connection_get_loginfo (connection);
+
+ if (conn == NULL)
+ conn = "(inactive)";
+
+ bus_context_log (context, DBUS_SYSTEM_LOG_WARNING,
+ "Unable to reload policy for connection \"%s\" (%s), "
+ "keeping current policy: %s",
+ conn, loginfo, local_error.message);
+ return bus_client_policy_ref (previous);
}
int
diff -Nru dbus-1.14.8/bus/bus.h dbus-1.14.10/bus/bus.h
--- dbus-1.14.8/bus/bus.h 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/bus/bus.h 2023-09-01 15:23:58.000000000 +0100
@@ -115,6 +115,7 @@
BusClientPolicy* bus_context_create_client_policy (BusContext *context,
DBusConnection *connection,
+ BusClientPolicy *previous,
DBusError *error);
int bus_context_get_activation_timeout (BusContext *context);
int bus_context_get_auth_timeout (BusContext *context);
diff -Nru dbus-1.14.8/bus/connection.c dbus-1.14.10/bus/connection.c
--- dbus-1.14.8/bus/connection.c 2023-06-06 14:00:36.000000000 +0100
+++ dbus-1.14.10/bus/connection.c 2023-09-01 15:23:58.000000000 +0100
@@ -1079,7 +1079,7 @@
if (dbus_connection_get_unix_user (connection, &uid))
{
- if (!_dbus_unix_groups_from_uid (uid, groups, n_groups))
+ if (!_dbus_unix_groups_from_uid (uid, groups, n_groups, error))
{
_dbus_verbose ("Did not get any groups for UID %lu\n",
uid);
@@ -1584,6 +1584,7 @@
d->policy = bus_context_create_client_policy (d->connections->context,
connection,
+ NULL,
error);
/* we may have a NULL policy on OOM or error getting list of
@@ -1660,22 +1661,27 @@
link;
link = _dbus_list_get_next_link (&(connections->completed), link))
{
+ BusClientPolicy *policy;
+
connection = link->data;
d = BUS_CONNECTION_DATA (connection);
_dbus_assert (d != NULL);
_dbus_assert (d->policy != NULL);
- bus_client_policy_unref (d->policy);
- d->policy = bus_context_create_client_policy (connections->context,
- connection,
- error);
- if (d->policy == NULL)
+ policy = bus_context_create_client_policy (connections->context,
+ connection,
+ d->policy,
+ error);
+ if (policy == NULL)
{
_dbus_verbose ("Failed to create security policy for connection %p\n",
connection);
_DBUS_ASSERT_ERROR_IS_SET (error);
return FALSE;
}
+
+ bus_client_policy_unref (d->policy);
+ d->policy = policy;
}
return TRUE;
diff -Nru dbus-1.14.8/bus/policy.c dbus-1.14.10/bus/policy.c
--- dbus-1.14.8/bus/policy.c 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/bus/policy.c 2023-09-01 15:23:58.000000000 +0100
@@ -450,7 +450,7 @@
int n_group_ids;
/* On OOM or error we always reject the user */
- if (!_dbus_unix_groups_from_uid (uid, &group_ids, &n_group_ids))
+ if (!_dbus_unix_groups_from_uid (uid, &group_ids, &n_group_ids, NULL))
{
_dbus_verbose ("Did not get any groups for UID %lu\n",
uid);
diff -Nru dbus-1.14.8/cmake/DBus1ConfigVersion.cmake dbus-1.14.10/cmake/DBus1ConfigVersion.cmake
--- dbus-1.14.8/cmake/DBus1ConfigVersion.cmake 2023-06-06 14:02:14.000000000 +0100
+++ dbus-1.14.10/cmake/DBus1ConfigVersion.cmake 2023-09-01 15:31:38.000000000 +0100
@@ -1,4 +1,4 @@
-set(PACKAGE_VERSION 1.14.8)
+set(PACKAGE_VERSION 1.14.10)
# Check whether the requested PACKAGE_FIND_VERSION is compatible
if("${PACKAGE_VERSION}" VERSION_LESS "${PACKAGE_FIND_VERSION}")
diff -Nru dbus-1.14.8/configure.ac dbus-1.14.10/configure.ac
--- dbus-1.14.8/configure.ac 2023-06-06 14:00:36.000000000 +0100
+++ dbus-1.14.10/configure.ac 2023-09-01 15:30:58.000000000 +0100
@@ -3,7 +3,7 @@
m4_define([dbus_major_version], [1])
m4_define([dbus_minor_version], [14])
-m4_define([dbus_micro_version], [8])
+m4_define([dbus_micro_version], [10])
m4_define([dbus_version],
[dbus_major_version.dbus_minor_version.dbus_micro_version])
AC_INIT([dbus], [dbus_version], [https://gitlab.freedesktop.org/dbus/dbus/issues], [dbus])
@@ -42,7 +42,7 @@
## increment any time the source changes; set to
## 0 if you increment CURRENT
-LT_REVISION=3
+LT_REVISION=4
## increment if any interfaces have been added; set to 0
## if any interfaces have been changed or removed. removal has
diff -Nru dbus-1.14.8/dbus/dbus-sysdeps.h dbus-1.14.10/dbus/dbus-sysdeps.h
--- dbus-1.14.8/dbus/dbus-sysdeps.h 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/dbus/dbus-sysdeps.h 2023-09-01 15:23:58.000000000 +0100
@@ -298,7 +298,8 @@
dbus_gid_t *gid_p);
dbus_bool_t _dbus_unix_groups_from_uid (dbus_uid_t uid,
dbus_gid_t **group_ids,
- int *n_group_ids);
+ int *n_group_ids,
+ DBusError *error);
dbus_bool_t _dbus_unix_user_is_at_console (dbus_uid_t uid,
DBusError *error);
dbus_bool_t _dbus_unix_user_is_process_owner (dbus_uid_t uid);
diff -Nru dbus-1.14.8/dbus/dbus-sysdeps-unix.c dbus-1.14.10/dbus/dbus-sysdeps-unix.c
--- dbus-1.14.8/dbus/dbus-sysdeps-unix.c 2023-02-08 10:30:57.000000000 +0000
+++ dbus-1.14.10/dbus/dbus-sysdeps-unix.c 2023-08-16 11:29:50.000000000 +0100
@@ -1932,6 +1932,8 @@
{
#if defined(__linux__) && defined(SO_PEERGROUPS)
_DBUS_STATIC_ASSERT (sizeof (gid_t) <= sizeof (dbus_gid_t));
+ /* This function assumes socklen_t is unsigned, which is true on Linux */
+ _DBUS_STATIC_ASSERT (((socklen_t) -1) > 0);
gid_t *buf = NULL;
socklen_t len = 1024;
dbus_bool_t oom = FALSE;
@@ -1977,13 +1979,6 @@
_dbus_verbose ("will try again with %lu\n", (unsigned long) len);
}
- if (len <= 0)
- {
- _dbus_verbose ("getsockopt(SO_PEERGROUPS) yielded <= 0 bytes: %ld\n",
- (long) len);
- goto out;
- }
-
if (len > n_gids * sizeof (gid_t))
{
_dbus_verbose ("%lu > %zu", (unsigned long) len, n_gids * sizeof (gid_t));
diff -Nru dbus-1.14.8/dbus/dbus-sysdeps-util-unix.c dbus-1.14.10/dbus/dbus-sysdeps-util-unix.c
--- dbus-1.14.8/dbus/dbus-sysdeps-util-unix.c 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/dbus/dbus-sysdeps-util-unix.c 2023-09-01 15:23:58.000000000 +0100
@@ -992,14 +992,16 @@
* @param uid the UID
* @param group_ids return location for array of group IDs
* @param n_group_ids return location for length of returned array
+ * @param error error location
* @returns #TRUE if the UID existed and we got some credentials
*/
dbus_bool_t
_dbus_unix_groups_from_uid (dbus_uid_t uid,
dbus_gid_t **group_ids,
- int *n_group_ids)
+ int *n_group_ids,
+ DBusError *error)
{
- return _dbus_groups_from_uid (uid, group_ids, n_group_ids);
+ return _dbus_groups_from_uid (uid, group_ids, n_group_ids, error);
}
/**
diff -Nru dbus-1.14.8/dbus/dbus-sysdeps-util-win.c dbus-1.14.10/dbus/dbus-sysdeps-util-win.c
--- dbus-1.14.8/dbus/dbus-sysdeps-util-win.c 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/dbus/dbus-sysdeps-util-win.c 2023-09-01 15:23:58.000000000 +0100
@@ -649,6 +649,13 @@
unix emulation functions - should be removed sometime in the future
=====================================================================*/
+static void
+set_unix_uid_unsupported (DBusError *error)
+{
+ dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
+ "UNIX user IDs not supported on Windows");
+}
+
/**
* Checks to see if the UNIX user ID is at the console.
* Should always fail on Windows (set the error to
@@ -662,8 +669,7 @@
_dbus_unix_user_is_at_console (dbus_uid_t uid,
DBusError *error)
{
- dbus_set_error (error, DBUS_ERROR_NOT_SUPPORTED,
- "UNIX user IDs not supported on Windows\n");
+ set_unix_uid_unsupported (error);
return FALSE;
}
@@ -707,13 +713,16 @@
* @param uid the UID
* @param group_ids return location for array of group IDs
* @param n_group_ids return location for length of returned array
+ * @param error error location
* @returns #TRUE if the UID existed and we got some credentials
*/
dbus_bool_t
_dbus_unix_groups_from_uid (dbus_uid_t uid,
dbus_gid_t **group_ids,
- int *n_group_ids)
+ int *n_group_ids,
+ DBusError *error)
{
+ set_unix_uid_unsupported (error);
return FALSE;
}
diff -Nru dbus-1.14.8/dbus/dbus-userdb.h dbus-1.14.10/dbus/dbus-userdb.h
--- dbus-1.14.8/dbus/dbus-userdb.h 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/dbus/dbus-userdb.h 2023-09-01 15:23:58.000000000 +0100
@@ -100,7 +100,8 @@
dbus_gid_t *gid_p);
dbus_bool_t _dbus_groups_from_uid (dbus_uid_t uid,
dbus_gid_t **group_ids,
- int *n_group_ids);
+ int *n_group_ids,
+ DBusError *error);
DBUS_PRIVATE_EXPORT
dbus_bool_t _dbus_is_console_user (dbus_uid_t uid,
DBusError *error);
diff -Nru dbus-1.14.8/dbus/dbus-userdb-util.c dbus-1.14.10/dbus/dbus-userdb-util.c
--- dbus-1.14.8/dbus/dbus-userdb-util.c 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/dbus/dbus-userdb-util.c 2023-09-01 15:23:58.000000000 +0100
@@ -373,31 +373,35 @@
* @param uid the UID
* @param group_ids return location for array of group IDs
* @param n_group_ids return location for length of returned array
+ * @param error error to fill in on failure
* @returns #TRUE if the UID existed and we got some credentials
*/
dbus_bool_t
_dbus_groups_from_uid (dbus_uid_t uid,
dbus_gid_t **group_ids,
- int *n_group_ids)
+ int *n_group_ids,
+ DBusError *error)
{
DBusUserDatabase *db;
const DBusUserInfo *info;
*group_ids = NULL;
*n_group_ids = 0;
- /* FIXME: this can't distinguish ENOMEM from other errors */
if (!_dbus_user_database_lock_system ())
- return FALSE;
+ {
+ _DBUS_SET_OOM (error);
+ return FALSE;
+ }
db = _dbus_user_database_get_system ();
if (db == NULL)
{
+ _DBUS_SET_OOM (error);
_dbus_user_database_unlock_system ();
return FALSE;
}
- if (!_dbus_user_database_get_uid (db, uid,
- &info, NULL))
+ if (!_dbus_user_database_get_uid (db, uid, &info, error))
{
_dbus_user_database_unlock_system ();
return FALSE;
@@ -410,6 +414,7 @@
*group_ids = dbus_new (dbus_gid_t, info->n_group_ids);
if (*group_ids == NULL)
{
+ _DBUS_SET_OOM (error);
_dbus_user_database_unlock_system ();
return FALSE;
}
diff -Nru dbus-1.14.8/debian/20dbus_xdg-runtime dbus-1.14.10/debian/20dbus_xdg-runtime
--- dbus-1.14.8/debian/20dbus_xdg-runtime 2023-07-11 20:59:33.000000000 +0100
+++ dbus-1.14.10/debian/20dbus_xdg-runtime 2023-09-16 11:03:58.000000000 +0100
@@ -20,5 +20,9 @@
# to put a minimal subset of the Xsession's environment in activated
# services' environments
dbus-update-activation-environment --verbose --systemd \
- DBUS_SESSION_BUS_ADDRESS DISPLAY XAUTHORITY
+ DBUS_SESSION_BUS_ADDRESS \
+ DISPLAY \
+ XAUTHORITY \
+ XDG_CURRENT_DESKTOP \
+ ${NULL+}
fi
diff -Nru dbus-1.14.8/debian/changelog dbus-1.14.10/debian/changelog
--- dbus-1.14.8/debian/changelog 2023-07-11 20:59:33.000000000 +0100
+++ dbus-1.14.10/debian/changelog 2023-09-16 11:03:58.000000000 +0100
@@ -1,3 +1,29 @@
+dbus (1.14.10-1~deb12u1) bookworm; urgency=medium
+
+ * Rebuild for bookworm
+
+ -- Simon McVittie <smcv@debian.org> Sat, 16 Sep 2023 11:03:58 +0100
+
+dbus (1.14.10-1) unstable; urgency=medium
+
+ * New upstream stable release
+ - Fix a dbus-daemon crash during policy reload if a connection belongs
+ to a user account that has been deleted, or if a Name Service Switch
+ plugin is broken, on kernels not supporting SO_PEERGROUPS
+ - Report the error correctly if getting the groups of a uid fails
+ - If a connection has a primary group ID but no supplementary groups,
+ report the primary group ID in GetConnectionCredentials()
+ UnixGroupIDs field
+ * dbus-user-session: Copy XDG_CURRENT_DESKTOP to activation environment.
+ Previously this was only done if dbus-x11 was installed.
+ This is needed by various freedesktop.org specifications, in particular
+ for xdg-desktop-portal (>= 1.17) to choose the correct portal backend
+ for a desktop session. Some session managers like gnome-session and
+ plasma-workspace already upload this into the activation environment,
+ but many older or simpler session managers do not.
+
+ -- Simon McVittie <smcv@debian.org> Fri, 01 Sep 2023 15:41:38 +0100
+
dbus (1.14.8-2~deb12u1) bookworm; urgency=medium
* Rebuild for bookworm
diff -Nru dbus-1.14.8/NEWS dbus-1.14.10/NEWS
--- dbus-1.14.8/NEWS 2023-06-06 14:00:36.000000000 +0100
+++ dbus-1.14.10/NEWS 2023-09-01 15:30:45.000000000 +0100
@@ -1,3 +1,22 @@
+dbus 1.14.10 (2023-09-01)
+=========================
+
+Bug fixes:
+
+• Avoid a dbus-daemon crash if re-creating a connection's policy fails.
+ If it isn't possible to re-create its policy (for example if it belongs
+ to a user account that has been deleted or if the Name Service Switch is
+ broken, on a system not supporting SO_PEERGROUPS), we now log a warning,
+ continue to use its current policy, and continue to reload other
+ connections' policies. (dbus#343; Peter Benie, Simon McVittie)
+
+• If getting the groups from a user ID fails, report the error correctly,
+ instead of logging "(null)" (dbus#343, Simon McVittie)
+
+• Return the primary group ID in GetConnectionCredentials()' UnixGroupIDs
+ field for processes with a valid-but-empty supplementary group list
+ (dbus!422, cptpcrd)
+
dbus 1.14.8 (2023-06-06)
========================
diff -Nru dbus-1.14.8/test/CMakeLists.txt dbus-1.14.10/test/CMakeLists.txt
--- dbus-1.14.8/test/CMakeLists.txt 2023-02-08 12:04:02.000000000 +0000
+++ dbus-1.14.10/test/CMakeLists.txt 2023-09-01 15:23:58.000000000 +0100
@@ -201,6 +201,7 @@
add_test_executable(test-sysdeps internals/sysdeps.c ${TEST_LIBRARIES})
add_test_executable(test-syslog internals/syslog.c ${TEST_LIBRARIES})
add_test_executable(test-uid-permissions uid-permissions.c ${TEST_LIBRARIES})
+ add_test_executable(test-userdb internals/userdb.c ${TEST_LIBRARIES})
add_helper_executable(manual-authz manual-authz.c ${TEST_LIBRARIES})
add_helper_executable(manual-test-thread-blocking thread-blocking.c ${TEST_LIBRARIES})
endif()
diff -Nru dbus-1.14.8/test/internals/misc-internals.c dbus-1.14.10/test/internals/misc-internals.c
--- dbus-1.14.8/test/internals/misc-internals.c 2022-10-02 15:06:53.000000000 +0100
+++ dbus-1.14.10/test/internals/misc-internals.c 2023-09-01 15:23:58.000000000 +0100
@@ -935,7 +935,7 @@
dbus_uid_t uid;
unsigned long *group_ids;
int n_group_ids, i;
- DBusError error;
+ DBusError error = DBUS_ERROR_INIT;
if (!_dbus_username_from_current_process (&username))
_dbus_test_fatal ("didn't get username");
@@ -946,8 +946,8 @@
if (!_dbus_get_user_id (username, &uid))
_dbus_test_fatal ("didn't get uid");
- if (!_dbus_groups_from_uid (uid, &group_ids, &n_group_ids))
- _dbus_test_fatal ("didn't get groups");
+ if (!_dbus_groups_from_uid (uid, &group_ids, &n_group_ids, &error))
+ _dbus_test_fatal ("didn't get groups: %s: %s", error.name, error.message);
_dbus_test_diag (" Current user: %s homedir: %s gids:",
_dbus_string_get_const_data (username),
diff -Nru dbus-1.14.8/test/internals/userdb.c dbus-1.14.10/test/internals/userdb.c
--- dbus-1.14.8/test/internals/userdb.c 1970-01-01 01:00:00.000000000 +0100
+++ dbus-1.14.10/test/internals/userdb.c 2023-09-01 15:23:58.000000000 +0100
@@ -0,0 +1,143 @@
+/*
+ * Copyright © 2023 Collabora Ltd.
+ * SPDX-License-Identifier: MIT
+ */
+
+#include <config.h>
+
+#include <glib.h>
+
+#include <dbus/dbus.h>
+#include "dbus/dbus-sysdeps.h"
+#include "test-utils-glib.h"
+
+#ifdef DBUS_UNIX
+#include <errno.h>
+#include <pwd.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "dbus/dbus-sysdeps-unix.h"
+#include "dbus/dbus-userdb.h"
+#endif
+
+typedef struct
+{
+ int dummy;
+} Fixture;
+
+static void
+setup (Fixture *f G_GNUC_UNUSED,
+ gconstpointer context G_GNUC_UNUSED)
+{
+}
+
+static void
+test_groups_from_uid (Fixture *f,
+ gconstpointer context G_GNUC_UNUSED)
+{
+ DBusError error = DBUS_ERROR_INIT;
+ dbus_gid_t *gids = NULL;
+ int n_gids = -1;
+ dbus_bool_t ret;
+#ifdef DBUS_UNIX
+ int i;
+#endif
+
+ /* We assume that uid 0 (root) is available on all Unix systems,
+ * so this should succeed */
+ ret = _dbus_unix_groups_from_uid (0, &gids, &n_gids, &error);
+
+#ifdef DBUS_UNIX
+ test_assert_no_error (&error);
+ g_assert_true (ret);
+ g_assert_cmpint (n_gids, >=, 0);
+
+ g_test_message ("Groups of uid 0:");
+
+ for (i = 0; i < n_gids; i++)
+ {
+ g_test_message ("[%d]: %ld", i, (long) gids[i]);
+ g_assert_cmpint (gids[i], >=, 0);
+ }
+#else
+ g_assert_cmpstr (error.name, ==, DBUS_ERROR_NOT_SUPPORTED);
+ g_assert_false (ret);
+ g_test_message ("Getting Unix groups on Windows failed as expected: %s: %s",
+ error.name, error.message);
+ g_assert_null (gids);
+ g_assert_cmpint (n_gids, <=, 0);
+#endif
+
+ dbus_free (gids);
+ dbus_error_free (&error);
+
+#ifdef DBUS_UNIX
+ /* Assume that the current uid is something sensible */
+ ret = _dbus_unix_groups_from_uid (geteuid (), &gids, &n_gids, &error);
+ test_assert_no_error (&error);
+ g_assert_true (ret);
+ g_assert_cmpint (n_gids, >=, 0);
+
+ g_test_message ("Groups of uid %ld:", (long) geteuid ());
+
+ for (i = 0; i < n_gids; i++)
+ {
+ g_test_message ("[%d]: %ld", i, (long) gids[i]);
+ g_assert_cmpint (gids[i], >=, 0);
+ }
+
+ g_test_message ("Total: %i groups", n_gids);
+
+ dbus_free (gids);
+ dbus_error_free (&error);
+
+ errno = 0;
+
+ /* arbitrarily chosen, probably isn't a valid uid */
+ if (getpwuid (31337) == NULL)
+ {
+ g_test_message ("uid 31337 doesn't exist: %s",
+ errno == 0 ? "(no errno)" : g_strerror (errno));
+ ret = _dbus_unix_groups_from_uid (31337, &gids, &n_gids, &error);
+ g_assert_nonnull (error.name);
+ g_assert_nonnull (error.message);
+ g_assert_false (ret);
+ g_test_message ("Getting groups from non-uid failed as expected: %s: %s",
+ error.name, error.message);
+ /* The Unix implementation always clears gids/n_gids,
+ * even on failure, and even if they were uninitialized */
+ g_assert_null (gids);
+ g_assert_cmpint (n_gids, ==, 0);
+
+ dbus_free (gids);
+ dbus_error_free (&error);
+ }
+ else
+ {
+ g_test_skip ("against our expectations, uid 31337 exists on this system");
+ }
+#endif
+}
+
+static void
+teardown (Fixture *f G_GNUC_UNUSED,
+ gconstpointer context G_GNUC_UNUSED)
+{
+}
+
+int
+main (int argc,
+ char **argv)
+{
+ int ret;
+
+ test_init (&argc, &argv);
+
+ g_test_add ("/userdb/groups_from_uid",
+ Fixture, NULL, setup, test_groups_from_uid, teardown);
+
+ ret = g_test_run ();
+ dbus_shutdown ();
+ return ret;
+}
diff -Nru dbus-1.14.8/test/Makefile.am dbus-1.14.10/test/Makefile.am
--- dbus-1.14.8/test/Makefile.am 2023-02-08 12:04:02.000000000 +0000
+++ dbus-1.14.10/test/Makefile.am 2023-09-01 15:23:58.000000000 +0100
@@ -171,6 +171,9 @@
test_syslog_SOURCES = internals/syslog.c
test_syslog_LDADD = libdbus-testutils.la $(GLIB_LIBS)
+test_userdb_SOURCES = internals/userdb.c
+test_userdb_LDADD = libdbus-testutils.la $(GLIB_LIBS)
+
test_variant_SOURCES = internals/variant.c
test_variant_LDADD = libdbus-testutils.la $(GLIB_LIBS)
@@ -316,6 +319,7 @@
test-sysdeps \
test-syslog \
test-uid-permissions \
+ test-userdb \
test-variant \
$(NULL)
Reply to: