[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1037196: marked as done (bullseye-pu: package dbus/1.12.28-0+deb11u1)



Your message dated Sat, 07 Oct 2023 12:41:28 +0100
with message-id <84bb5ff8312f749ebe536897993782bf35aa1977.camel@adam-barratt.org.uk>
and subject line Closing opu requests for updates included in 11.8
has caused the Debian Bug report #1037196,
regarding bullseye-pu: package dbus/1.12.28-0+deb11u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1037196: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037196
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: dbus@packages.debian.org, debian-boot@lists.debian.org
Control: affects -1 + src:dbus

[ Reason ]
Fix a local denial of service for which the security team does not intend
to do a DSA (dbus#457, #1037151; CVE assignment pending).

[ Impact ]
While a sysadmin is using `dbus-monitor --system` or similar tools,
an unprivileged local user can cause denial of service by crashing the
`dbus-daemon --system`.

The new upstream release also fixes some smaller bugs:
- fix a denial of service that wasn't relevant for the way Debian compiles
  dbus (it was only a problem when assertions are enabled)
- an autopkgtest regression on Ubuntu kernels
- wrong upstream bug reporting URLs
- a documentation typo

[ Tests ]
Build-time tests and autopkgtests pass. There is new test coverage for the
denial of service, which was able to reproduce the bug. I also smoke-tested
this on a GNOME virtual machine; I already upgraded my real-hardware
systems to bookworm, so I can't directly test this on hardware.

[ Risks ]
It's a key package, so any regressions would be highly visible.

Technically dbus has udebs, although as noted in the similar bookworm
update request, they aren't directly useful for anything.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [ ] the issue is verified as fixed in unstable
      - intentionally not done yet due to the full freeze, because dbus
        has udebs

[ Changes ]
bus/connection.c: fix the denial of service, #1037151
dbus/dbus-connection{.c,-internal.h}: enablers for #1037151
dbus/dbus-string.c: fix a local denial of service if assertions are
    enabled in the dbus-daemon, which in Debian they are not
doc/dbus-api-design.duck: fix a typo in some sample code, not functionally
    significant
configure.ac, dbus/dbus-sysdeps-unix.c: update bug reporting URLs
AUTHORS, NEWS, configure.ac: release administrivia
test/data/dbus-installed-tests.aaprofile.in: make a test profile a little
    more permissive to fix an autopkgtest regression on Ubuntu kernels
test/data/valid-config-files, test/monitor.c: reproducer for the denial
    of service bug

    smcv
debdiff *.dsc | filterdiff -p1 -xaminclude_static.am -xMakefile.in -x'*/Makefile.in' -xconfigure

diffstat for dbus-1.12.24 dbus-1.12.28

 AUTHORS                                         |    4 +
 Makefile.in                                     |    2 
 NEWS                                            |   54 +++++++++++++++
 aminclude_static.am                             |    2 
 build-aux/ltmain.sh                             |    4 -
 bus/Makefile.in                                 |    2 
 bus/connection.c                                |   15 ++++
 configure                                       |   36 +++++-----
 configure.ac                                    |    6 -
 dbus/Makefile.in                                |    2 
 dbus/dbus-connection-internal.h                 |    2 
 dbus/dbus-connection.c                          |   11 ++-
 dbus/dbus-string.c                              |    2 
 dbus/dbus-sysdeps-unix.c                        |    2 
 debian/changelog                                |   13 +++
 doc/dbus-api-design.duck                        |    4 -
 test/Makefile.in                                |    2 
 test/data/dbus-installed-tests.aaprofile.in     |    4 +
 test/data/valid-config-files/forbidding.conf.in |    3 
 test/monitor.c                                  |   84 +++++++++++++++++++++---
 20 files changed, 212 insertions(+), 42 deletions(-)

diff -Nru dbus-1.12.24/AUTHORS dbus-1.12.28/AUTHORS
--- dbus-1.12.24/AUTHORS	2022-10-05 11:04:10.000000000 +0100
+++ dbus-1.12.28/AUTHORS	2023-06-06 14:00:50.000000000 +0100
@@ -40,6 +40,7 @@
 Daniel P. Berrange <dan@berrange.com>
 Daniel Reed <djr@redhat.com>
 Dan Williams <dcbw@redhat.com>
+Dave Jones <dave.jones@canonical.com>
 Dave Reisner <dreisner@archlinux.org>
 David King <dking@redhat.com>
 David Zeuthen <davidz@redhat.com>
@@ -65,6 +66,7 @@
 Havoc Pennington <hp@pobox.com>
 Havoc Pennington <hp@redhat.com>
 Hendrik Buschmeier <hbuschme@TechFak.Uni-Bielefeld.DE>
+hongjinghao <q1204531485@163.com>
 hyeric <eric.hyer@diehl.com>
 ilovezfs <ilovezfs@icloud.com>
 Ioan-Adrian Ratiu <adrian.ratiu@ni.com>
@@ -113,6 +115,7 @@
 Marc Brockschmidt <he@debian.org>
 Marc Mutz <marc@kdab.net>
 Marc Mutz <marc.mutz@kdab.com>
+Marco Trevisan (Treviño) <mail@3v1n0.net>
 Marcus Brinkmann <marcus.brinkmann@ruhr-uni-bochum.de>
 Mark Brand <mabrand@mabrand.nl>
 Mark McLoughlin <mark@skynet.ie>
@@ -215,6 +218,7 @@
 Wulf C. Krueger <philantrop@exherbo.org>
 Xan Lopez <xan@gnome.org>
 Yaakov Selkowitz <yselkowitz@users.sourceforge.net>
+Yen-Chin, Lee <coldnew.tw@gmail.com>
 Yiyang Fei <YiYang.Fei@barco.com>
 Zack Rusin <zack@kde.org>
 Илья А. Ткаченко <ilya.tkachenko@syncopate.ru>
diff -Nru dbus-1.12.24/build-aux/ltmain.sh dbus-1.12.28/build-aux/ltmain.sh
--- dbus-1.12.24/build-aux/ltmain.sh	2022-10-05 11:04:51.000000000 +0100
+++ dbus-1.12.28/build-aux/ltmain.sh	2023-06-06 12:05:06.000000000 +0100
@@ -31,7 +31,7 @@
 
 PROGRAM=libtool
 PACKAGE=libtool
-VERSION="2.4.7 Debian-2.4.7-4"
+VERSION="2.4.7 Debian-2.4.7-5"
 package_revision=2.4.7
 
 
@@ -2308,7 +2308,7 @@
        compiler:       $LTCC
        compiler flags: $LTCFLAGS
        linker:         $LD (gnu? $with_gnu_ld)
-       version:        $progname $scriptversion Debian-2.4.7-4
+       version:        $progname $scriptversion Debian-2.4.7-5
        automake:       `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
        autoconf:       `($AUTOCONF --version) 2>/dev/null |$SED 1q`
 
diff -Nru dbus-1.12.24/bus/connection.c dbus-1.12.28/bus/connection.c
--- dbus-1.12.24/bus/connection.c	2020-02-20 12:24:25.000000000 +0000
+++ dbus-1.12.28/bus/connection.c	2023-06-06 14:00:50.000000000 +0100
@@ -2350,6 +2350,21 @@
   if (!dbus_message_set_sender (message, DBUS_SERVICE_DBUS))
     return FALSE;
 
+  /* Make sure the message has a non-zero serial number, otherwise
+   * bus_transaction_capture_error_reply() will not be able to mock up
+   * a corresponding reply for it. Normally this would be delayed until
+   * the first time we actually send the message out from a
+   * connection, when the transaction is committed, but that's too late
+   * in this case.
+   */
+  if (dbus_message_get_serial (message) == 0)
+    {
+      dbus_uint32_t next_serial;
+
+      next_serial = _dbus_connection_get_next_client_serial (connection);
+      dbus_message_set_serial (message, next_serial);
+    }
+
   if (bus_connection_is_active (connection))
     {
       if (!dbus_message_set_destination (message,
diff -Nru dbus-1.12.24/configure.ac dbus-1.12.28/configure.ac
--- dbus-1.12.24/configure.ac	2022-10-05 11:01:35.000000000 +0100
+++ dbus-1.12.28/configure.ac	2023-06-06 14:00:50.000000000 +0100
@@ -3,7 +3,7 @@
 
 m4_define([dbus_major_version], [1])
 m4_define([dbus_minor_version], [12])
-m4_define([dbus_micro_version], [24])
+m4_define([dbus_micro_version], [28])
 m4_define([dbus_version],
           [dbus_major_version.dbus_minor_version.dbus_micro_version])
 AC_INIT([dbus],[dbus_version],[https://bugs.freedesktop.org/enter_bug.cgi?product=dbus],[dbus])
@@ -42,7 +42,7 @@
 
 ## increment any time the source changes; set to
 ##  0 if you increment CURRENT
-LT_REVISION=15
+LT_REVISION=17
 
 ## increment if any interfaces have been added; set to 0
 ## if any interfaces have been changed or removed. removal has
@@ -845,7 +845,7 @@
 save_libs="$LIBS"
 LIBS="$LIBS $THREAD_LIBS"
 
-is_missing_pthread_function="is required when compiling D-Bus on Unix platforms, but is not in your libc or libpthread. Please open a bug on https://bugs.freedesktop.org/enter_bug.cgi?product=dbus with details of your platform."
+is_missing_pthread_function="is required when compiling D-Bus on Unix platforms, but is not in your libc or libpthread. Please open a bug on https://gitlab.freedesktop.org/dbus/dbus/-/issues/new with details of your platform."
 
 # Don't do these automatic checks if the user set THREAD_LIBS on the
 # configure command-line. If they did, we assume they're right.
diff -Nru dbus-1.12.24/dbus/dbus-connection.c dbus-1.12.28/dbus/dbus-connection.c
--- dbus-1.12.24/dbus/dbus-connection.c	2018-02-08 14:07:21.000000000 +0000
+++ dbus-1.12.28/dbus/dbus-connection.c	2023-06-06 14:00:50.000000000 +0100
@@ -1456,7 +1456,16 @@
     _dbus_connection_last_unref (connection);
 }
 
-static dbus_uint32_t
+/**
+ * Allocate and return the next non-zero serial number for outgoing messages.
+ *
+ * This method is only valid to call from single-threaded code, such as
+ * the dbus-daemon, or with the connection lock held.
+ *
+ * @param connection the connection
+ * @returns A suitable serial number for the next message to be sent on the connection.
+ */
+dbus_uint32_t
 _dbus_connection_get_next_client_serial (DBusConnection *connection)
 {
   dbus_uint32_t serial;
diff -Nru dbus-1.12.24/dbus/dbus-connection-internal.h dbus-1.12.28/dbus/dbus-connection-internal.h
--- dbus-1.12.24/dbus/dbus-connection-internal.h	2017-10-30 12:26:18.000000000 +0000
+++ dbus-1.12.28/dbus/dbus-connection-internal.h	2023-06-06 14:00:50.000000000 +0100
@@ -54,6 +54,8 @@
 DBusConnection *  _dbus_connection_ref_unlocked                (DBusConnection     *connection);
 DBUS_PRIVATE_EXPORT
 void              _dbus_connection_unref_unlocked              (DBusConnection     *connection);
+DBUS_PRIVATE_EXPORT
+dbus_uint32_t     _dbus_connection_get_next_client_serial      (DBusConnection *connection);
 void              _dbus_connection_queue_received_message_link (DBusConnection     *connection,
                                                                 DBusList           *link);
 dbus_bool_t       _dbus_connection_has_messages_to_send_unlocked (DBusConnection     *connection);
diff -Nru dbus-1.12.24/dbus/dbus-string.c dbus-1.12.28/dbus/dbus-string.c
--- dbus-1.12.24/dbus/dbus-string.c	2017-10-30 12:26:18.000000000 +0000
+++ dbus-1.12.28/dbus/dbus-string.c	2023-02-08 11:40:58.000000000 +0000
@@ -1818,7 +1818,7 @@
       ++i;
     }
 
-  _dbus_assert (i == real->len || !DBUS_IS_ASCII_WHITE (real->str[i]));
+  _dbus_assert (i == real->len || !DBUS_IS_ASCII_BLANK (real->str[i]));
   
   if (end)
     *end = i;
diff -Nru dbus-1.12.24/dbus/dbus-sysdeps-unix.c dbus-1.12.28/dbus/dbus-sysdeps-unix.c
--- dbus-1.12.24/dbus/dbus-sysdeps-unix.c	2021-12-17 12:55:33.000000000 +0000
+++ dbus-1.12.28/dbus/dbus-sysdeps-unix.c	2023-02-08 11:41:48.000000000 +0000
@@ -2217,7 +2217,7 @@
 #else /* no supported mechanism */
 
 #warning Socket credentials not supported on this Unix OS
-#warning Please tell https://bugs.freedesktop.org/enter_bug.cgi?product=DBus
+#warning Please tell https://gitlab.freedesktop.org/dbus/dbus/-/issues/new
 
     /* Please add other operating systems known to support at least one of
      * the mechanisms above to this list, keeping alphabetical order.
diff -Nru dbus-1.12.24/debian/changelog dbus-1.12.28/debian/changelog
--- dbus-1.12.24/debian/changelog	2022-10-05 12:04:31.000000000 +0100
+++ dbus-1.12.28/debian/changelog	2023-06-06 15:07:35.000000000 +0100
@@ -1,3 +1,16 @@
+dbus (1.12.28-0+deb11u1) bullseye; urgency=medium
+
+  * New upstream stable release 1.12.26
+    - Fixes a denial of service issue that is not relevant for the way
+      we compile dbus in Debian
+  * New upstream stable release 1.12.28
+    - Fixes a denial of service issue if the root or messagebus user is
+      monitoring messages on the system bus with the Monitoring interface
+      (dbus-monitor, busctl monitor, gdbus monitor or similar)
+      (Closes: #1037151)
+
+ -- Simon McVittie <smcv@debian.org>  Tue, 06 Jun 2023 15:07:35 +0100
+
 dbus (1.12.24-0+deb11u1) bullseye-security; urgency=medium
 
   * New upstream stable release 1.12.22
diff -Nru dbus-1.12.24/doc/dbus-api-design.duck dbus-1.12.28/doc/dbus-api-design.duck
--- dbus-1.12.24/doc/dbus-api-design.duck	2018-02-08 14:13:45.000000000 +0000
+++ dbus-1.12.28/doc/dbus-api-design.duck	2023-06-06 10:36:54.000000000 +0100
@@ -320,7 +320,7 @@
     -->
     <signal name="ProgressNotification">
       <arg name="progress_message" type="s" />
-    </method>
+    </signal>
 
   The progress should be reported as an enumerated value:
   [code style="valid" mime="application/xml"]
@@ -335,7 +335,7 @@
     -->
     <signal name="ProgressNotification">
       <arg name="progress_state" type="u" />
-    </method>
+    </signal>
 
 D-Bus has none of the problems of signed versus unsigned integers which C has
 (specifically, it does not do implicit sign conversion), so integer types should
diff -Nru dbus-1.12.24/NEWS dbus-1.12.28/NEWS
--- dbus-1.12.24/NEWS	2022-10-05 11:01:46.000000000 +0100
+++ dbus-1.12.28/NEWS	2023-06-06 14:00:50.000000000 +0100
@@ -1,3 +1,57 @@
+dbus 1.12.x branch
+==================
+
+The dbus 1.12.x branch was originally released in 2017, and is maintained
+for the benefit of long-term-support OS distributions such as Debian.
+It is planned to reach end-of-life status at the end of Debian 11
+mainstream security support, in mid 2024. After it reaches end-of-life
+there will be no more 1.12.x releases, even if new security issues
+are discovered.
+
+dbus 1.12.28 (2023-06-06)
+=========================
+
+Denial-of-service fixes:
+
+• Fix an assertion failure in dbus-daemon when a privileged Monitoring
+  connection (dbus-monitor, busctl monitor, gdbus monitor or similar)
+  is active, and a message from the bus driver cannot be delivered to a
+  client connection due to <deny> rules or outgoing message quota. This
+  is a denial of service if triggered maliciously by a local attacker.
+  (dbus#457; hongjinghao, Simon McVittie)
+
+Other fixes:
+
+• Documentation:
+  · Fix syntax of a code sample in dbus-api-design
+    (dbus!396; Yen-Chin, Lee)
+
+Tests and CI enhancements:
+
+• Fix CI pipelines after freedesktop/freedesktop#540
+  (dbus!405, dbus#456; Simon McVittie)
+
+dbus 1.12.26 (2023-02-08)
+=========================
+
+Denial of service fixes:
+
+• Fix an incorrect assertion that could be used to crash dbus-daemon or
+  other users of DBusServer prior to authentication, if libdbus was compiled
+  with assertions enabled.
+  We recommend that production builds of dbus, for example in OS distributions,
+  should be compiled with checks but without assertions.
+  (dbus#421, Ralf Habacker; thanks to Evgeny Vereshchagin)
+
+Other fixes:
+
+• Documentation:
+  · Consistently use Gitlab bug reporting URL (dbus!372, Marco Trevisan)
+
+• Tests fixes:
+  · Fix the test-apparmor-activation test after dbus#416
+    (dbus!380, Dave Jones)
+
 dbus 1.12.24 (2022-10-05)
 =========================
 
diff -Nru dbus-1.12.24/test/data/dbus-installed-tests.aaprofile.in dbus-1.12.28/test/data/dbus-installed-tests.aaprofile.in
--- dbus-1.12.24/test/data/dbus-installed-tests.aaprofile.in	2017-10-30 12:26:18.000000000 +0000
+++ dbus-1.12.28/test/data/dbus-installed-tests.aaprofile.in	2023-02-08 11:41:44.000000000 +0000
@@ -32,6 +32,7 @@
   # We aren't really confining this process seriously; allow most things.
   /** mrix,
   /tmp/dbus-daemon-test.*/{,**} w,
+  /tmp/dbus-* w,
   @{sys}/kernel/security/apparmor/** w,
   dbus (send, receive, bind),
   network,
@@ -44,6 +45,7 @@
     #include <abstractions/base>
 
     /** mrix,
+    /tmp/dbus-* w,
     @{sys}/kernel/security/apparmor/** w,
     dbus (send, receive, bind),
     network,
@@ -62,6 +64,7 @@
     #include <abstractions/base>
 
     /** mrix,
+    /tmp/dbus-* w,
     @{sys}/kernel/security/apparmor/** w,
     dbus,
     network,
@@ -88,6 +91,7 @@
     #include <abstractions/base>
 
     /** mrix,
+    /tmp/dbus-* w,
     @{sys}/kernel/security/apparmor/** w,
     dbus (send, receive, bind),
     network,
diff -Nru dbus-1.12.24/test/data/valid-config-files/forbidding.conf.in dbus-1.12.28/test/data/valid-config-files/forbidding.conf.in
--- dbus-1.12.24/test/data/valid-config-files/forbidding.conf.in	2017-10-30 12:26:18.000000000 +0000
+++ dbus-1.12.28/test/data/valid-config-files/forbidding.conf.in	2023-06-06 14:00:50.000000000 +0100
@@ -24,5 +24,8 @@
     <allow send_interface="com.example.CannotUnicast2" send_broadcast="true"/>
 
     <deny receive_interface="com.example.CannotReceive"/>
+
+    <!-- Used to reproduce dbus#457 -->
+    <deny receive_interface="org.freedesktop.DBus" receive_member="NameAcquired"/>
   </policy>
 </busconfig>
diff -Nru dbus-1.12.24/test/monitor.c dbus-1.12.28/test/monitor.c
--- dbus-1.12.24/test/monitor.c	2018-06-04 17:52:18.000000000 +0100
+++ dbus-1.12.28/test/monitor.c	2023-06-06 14:00:50.000000000 +0100
@@ -155,6 +155,21 @@
     TRUE
 };
 
+static dbus_bool_t
+config_forbids_name_acquired_signal (const Config *config)
+{
+  if (config == NULL)
+    return FALSE;
+
+  if (config->config_file == NULL)
+    return FALSE;
+
+  if (strcmp (config->config_file, forbidding_config.config_file) == 0)
+    return TRUE;
+
+  return FALSE;
+}
+
 static inline const char *
 not_null2 (const char *x,
     const char *fallback)
@@ -196,6 +211,10 @@
       not_null (dbus_message_get_signature (m)));
   g_test_message ("\terror name: %s",
       not_null (dbus_message_get_error_name (m)));
+  g_test_message ("\tserial number: %u",
+      dbus_message_get_serial (m));
+  g_test_message ("\tin reply to: %u",
+      dbus_message_get_reply_serial (m));
 
   if (strcmp ("s", dbus_message_get_signature (m)) == 0)
     {
@@ -249,9 +268,6 @@
 
 #define assert_name_acquired(m) \
 do { \
-  DBusError _e = DBUS_ERROR_INIT; \
-  const char *_s; \
-    \
   g_assert_cmpstr (dbus_message_type_to_string (dbus_message_get_type (m)), \
       ==, dbus_message_type_to_string (DBUS_MESSAGE_TYPE_SIGNAL)); \
   g_assert_cmpstr (dbus_message_get_sender (m), ==, DBUS_SERVICE_DBUS); \
@@ -261,7 +277,14 @@
   g_assert_cmpstr (dbus_message_get_signature (m), ==, "s"); \
   g_assert_cmpint (dbus_message_get_serial (m), !=, 0); \
   g_assert_cmpint (dbus_message_get_reply_serial (m), ==, 0); \
+} while (0)
+
+#define assert_unique_name_acquired(m) \
+do { \
+  DBusError _e = DBUS_ERROR_INIT; \
+  const char *_s; \
     \
+  assert_name_acquired (m); \
   dbus_message_get_args (m, &_e, \
         DBUS_TYPE_STRING, &_s, \
         DBUS_TYPE_INVALID); \
@@ -329,6 +352,21 @@
   g_assert_cmpint (dbus_message_get_reply_serial (m), !=, 0); \
 } while (0)
 
+/* forbidding.conf does not allow receiving NameAcquired, so if we are in
+ * that configuration, then dbus-daemon synthesizes an error reply to itself
+ * and sends that to monitors */
+#define expect_name_acquired_error(queue, in_reply_to) \
+do { \
+  DBusMessage *message; \
+  \
+  message = g_queue_pop_head (queue); \
+  assert_error_reply (message, DBUS_SERVICE_DBUS, DBUS_SERVICE_DBUS, \
+                      DBUS_ERROR_ACCESS_DENIED); \
+  g_assert_cmpint (dbus_message_get_reply_serial (message), ==, \
+                   dbus_message_get_serial (in_reply_to)); \
+  dbus_message_unref (message); \
+} while (0)
+
 /* This is called after processing pending replies to our own method
  * calls, but before anything else.
  */
@@ -339,6 +377,9 @@
 {
   Fixture *f = user_data;
 
+  g_test_message ("Monitor received message:");
+  log_message (message);
+
   g_assert_cmpstr (dbus_message_get_interface (message), !=,
       "com.example.Tedious");
 
@@ -790,6 +831,11 @@
   test_assert_no_error (&f->e);
   g_assert_cmpint (ret, ==, DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER);
 
+  /* If the policy forbids receiving NameAcquired, then we'll never
+   * receive it, so behave as though we had */
+  if (config_forbids_name_acquired_signal (f->config))
+    got_unique = got_a = got_b = got_c = TRUE;
+
   while (!got_unique || !got_a || !got_b || !got_c)
     {
       if (g_queue_is_empty (&f->monitored))
@@ -1441,6 +1487,7 @@
 {
   DBusMessage *m;
   int res;
+  size_t n_expected;
 
   if (f->address == NULL)
     return;
@@ -1456,7 +1503,12 @@
   test_assert_no_error (&f->e);
   g_assert_cmpint (res, ==, DBUS_RELEASE_NAME_REPLY_RELEASED);
 
-  while (g_queue_get_length (&f->monitored) < 8)
+  n_expected = 8;
+
+  if (config_forbids_name_acquired_signal (context))
+    n_expected += 1;
+
+  while (g_queue_get_length (&f->monitored) < n_expected)
     test_main_context_iterate (f->ctx, TRUE);
 
   m = g_queue_pop_head (&f->monitored);
@@ -1469,10 +1521,12 @@
       "NameOwnerChanged", "sss", NULL);
   dbus_message_unref (m);
 
-  /* FIXME: should we get this? */
   m = g_queue_pop_head (&f->monitored);
-  assert_signal (m, DBUS_SERVICE_DBUS, DBUS_PATH_DBUS, DBUS_INTERFACE_DBUS,
-      "NameAcquired", "s", f->sender_name);
+  assert_name_acquired (m);
+
+  if (config_forbids_name_acquired_signal (f->config))
+    expect_name_acquired_error (&f->monitored, m);
+
   dbus_message_unref (m);
 
   m = g_queue_pop_head (&f->monitored);
@@ -1694,8 +1748,14 @@
 expect_new_connection (Fixture *f)
 {
   DBusMessage *m;
+  size_t n_expected;
 
-  while (g_queue_get_length (&f->monitored) < 4)
+  n_expected = 4;
+
+  if (config_forbids_name_acquired_signal (f->config))
+    n_expected += 1;
+
+  while (g_queue_get_length (&f->monitored) < n_expected)
     test_main_context_iterate (f->ctx, TRUE);
 
   m = g_queue_pop_head (&f->monitored);
@@ -1712,7 +1772,11 @@
   dbus_message_unref (m);
 
   m = g_queue_pop_head (&f->monitored);
-  assert_name_acquired (m);
+  assert_unique_name_acquired (m);
+
+  if (config_forbids_name_acquired_signal (f->config))
+    expect_name_acquired_error (&f->monitored, m);
+
   dbus_message_unref (m);
 }
 
@@ -2037,6 +2101,8 @@
       setup, test_method_call, teardown);
   g_test_add ("/monitor/forbidden-method", Fixture, &forbidding_config,
       setup, test_forbidden_method_call, teardown);
+  g_test_add ("/monitor/forbidden-reply", Fixture, &forbidding_config,
+      setup, test_dbus_daemon, teardown);
   g_test_add ("/monitor/dbus-daemon", Fixture, NULL,
       setup, test_dbus_daemon, teardown);
   g_test_add ("/monitor/selective", Fixture, &selective_config,

--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 11.8

Hi,

The updates referred to by each of these requests were included in
today's 11.8 bullseye point release.

Regards,

Adam

--- End Message ---

Reply to: