| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
dbus-1.12.20
Change-Id: I8b3a9e851dca1d42a5785fa94c97f5e9074cac35
|
|
Change-Id: Ie3e28ff56652ee454ad1f7362a93fec0973af0f6
Signed-off-by: Hyotaek Shim <hyotaek.shim@samsung.com>
|
|
See merge request dbus/dbus!115
(cherry picked from commit fd41caa3664d480605628f08c217581bc42fa3e7)
|
|
dbus 1.12.16
|
|
Spotted by Mubin. This documentation relates to the code in
add_bus_environment() in bus/activation.c.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Fixes: #275
(cherry picked from commit bf71a58e4ab496c1726209aaad94a1abe670a01f)
|
|
We no longer run man2html.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit f134e2d2c7ae53965dfba0c85bf76ad38fb7fa4c)
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Otherwise, distcheck fails when mallard-ducktype is available.
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 9391d769ae335872e5b770f6741855fde45b8186)
|
|
This might (?) have made sense behind a firewall in 2003; but now it's
2018, the typical threat model that we are defending against has
changed from "vandals want to feel proud of their l33t skills"
to "organised crime wants your money", and a "trusted" local LAN
probably contains an obsolete phone, tablet, games console or
Internet-of-Things-enabled toaster with remote root exploits.
This make network topologies that used to be acceptable look
increasingly irresponsible.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit d0a16b59a8572fbd1934e941e2e3004840306222)
|
|
This is the default, and blocks TCP-based attacks by making the
attacker fail to authenticate (while also preventing inadvisable
TCP-based configurations from working).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit aef4475939a773e1a205a71d641ea2bb6793ab92)
|
|
I'm far from convinced that this option should even *exist*, but it
should definitely be documented as a very bad thing.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 5d3680486712891c13b85c07fab629bb70f623cc)
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add a TODO comment as suggested]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit cf47380641aac0e5b40694b0ae09ffb85ec4b5fc)
|
|
With some fairly reasonable threat models (active or passive local
attacker able to eavesdrop on the network link, confidential
information being transferred via D-Bus), secure authentication is
insufficient to make this transport secure: it does not protect
confidentiality or integrity either.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106004
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Ralf Habacker <ralf.habacker@freenet.de>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit 2513f84db68a9edad8558806b777ed6c284016b9)
|
|
The old version-1 format is deprecated and now produces warnings.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106186
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add the .devhelp2 file to .gitignore as suggested]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit fa922639207de16d459983144ddad28b7abe60c2)
|
|
The tutorial is not necessarily a great entry point for the libdbus
documentation: it's infrequently updated, and we should probably have
the "If you use this low-level API directly, you're signing up for some
pain" message from the API reference show up in devhelp more immediately.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106186
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Add longer commit message with rationale]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit c84ac8b1ef3a9fa18127b2462ead369c4e8846bd)
|
|
Newer versions of yelp-build use this instead of a jQuery syntax
highlighter.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106171
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Also add it to .gitignore as suggested]
Signed-off-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit 49ad5b110fd5f5f4e41405d98007a11d8eb741f7)
|
|
Newer versions of yelp-build don't install jquery.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=106171
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
(cherry picked from commit bab857fb6f75ffe0ac3771de4b8272ad97623a2c)
|
|
There’s no need to escape closing brackets if the paired opening bracket
is escaped (or doesn’t need escaping).
See
https://github.com/projectmallard/mallard-ducktype/issues/16#issuecomment-362590519.
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=104925
Reviewed-by: Simon McVittie <smcv@collabora.com>
(cherry picked from commit ad72d6bc5f45e78d21f64099f670a89dcf32507d)
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=103075
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1467415
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Reviewed-by: Simon McVittie <smcv@collabora.com>
|
|
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101848
Reviewed-by: Thiago Macieira <thiago@kde.org>
[smcv: Revert an incorrect comment change]
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
<allow send_broadcast="true" ...> only matches broadcasts,
which are signals with a NULL destination. There was previously
no way for the policy language to express "NULL destination",
only "any destination".
<allow send_broadcast="false" ...> only matches non-broadcasts,
which are non-signals or signals with a non-NULL destination.
There was previously no way for the policy language to express
"any non-NULL destination", only "any destination".
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: improved documentation as per Philip's review]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
|
|
We don't allow sending unrequested replies, but the documentation
implied that we did.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Thiago Macieira <thiago@kde.org>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=92853
|
|
This commit reverts four commits.
There was a need for additional minor changes to make it work.
Revert "GetConnectionCredentials - add smack support"
This reverts commit 13d888ca95c75c14a4919b36cc0a15979fb1d42b.
Revert "packaging: enable Smack support"
This reverts commit 54f95c99cf4d53f5566511fc0cdc21b230909b29.
Revert "Enforce smack policy from conf file"
This reverts commit 1d028039f5d34de8a1224d2ad0d8bc75b3da3ca4.
Revert "Enable checking of smack context from DBus interface"
This reverts commit 7af23db240c54e9923c76234b7e9c7a243d2d428.
Change-Id: I4bf7ce8d43717e1deb5d980f87be39220922b422
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
The wording and formatting used here is consistent with other
semi-recently-added match keys.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
|
|
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: Wrap BecomeMonitor in <literal> as per Philip's review]
Signed-off-by: Simon McVittie <smcv@collabora.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
|
|
This is no longer true, and it seems less misleading to raise an
error than to obey the letter of the spec by quietly ignoring calls
from an inappropriate caller.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
|
|
These are like unix:tmpdir=/something, except that the resulting
socket is always path-based, never abstract.
This is desirable for two reasons:
* If a Linux container manager wants to expose a path-based socket
into the container, it can do so by bind-mounting it in the
container's filesystem namespace. That cannot work for abstract
sockets because they are not files.
* Conversely, if a Linux container manager does not want to expose
a path-based socket in the container, it can avoid bind-mounting it,
or bind-mount some harmless object like /dev/null over it.
That cannot work for abstract sockets because access to abstract
sockets is part of the network namespace, which is all-or-nothing.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101567
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101257
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101257
|
|
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=101256
|
|
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
|
|
This was previously written in an unusual message-passing-oriented
style, which obscured the meaning. Use a more method-call-oriented
style instead.
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
|
|
This was previously written in an unusual message-passing-oriented
style, which obscured the meaning. Use a more method-call-oriented
style instead.
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
|
|
This was previously written in an unusual message-passing-oriented
style, which obscured the meaning. Use a more method-call-oriented
style instead.
[smcv: separated out from a larger commit, added commit message]
Reviewed-by: Simon McVittie <smcv@collabora.com>
|
|
Tom Gundersen pointed out that RequestName, ReleaseName and
ListQueuedOwners were documented in their own section instead of being
put together with the other method calls, which makes it more difficult
to apply changes consistently across all methods.
I'm moving them one at a time to make the changes reviewable, since
the diff resulting from moving all three as a unit is too large to
review sensibly.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Tom Gundersen pointed out that RequestName, ReleaseName and
ListQueuedOwners were documented in their own section instead of being
put together with the other method calls, which makes it more difficult
to apply changes consistently across all methods.
I'm moving them one at a time to make the changes reviewable, since
the diff resulting from moving all three as a unit is too large to
review sensibly.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Tom Gundersen pointed out that RequestName, ReleaseName and
ListQueuedOwners were documented in their own section instead of being
put together with the other method calls, which makes it more difficult
to apply changes consistently across all methods.
I'm moving them one at a time to make the changes reviewable, since
the diff resulting from moving all three as a unit is too large to
review sensibly.
Signed-off-by: Simon McVittie <smcv@collabora.com>
|
|
Each U+002D HYPHEN-MINUS in [0-9A-Za-z_-/.\] is treated as a member of a
range. The third one, which appears to have been intended to be a
literal, is part of an empty range because the starting point
U+005F LOW LINE is greater than the endpoint U+002F SOLIDUS, resulting
in at least some grep implementations not considering U+002D, U+002F
or U+005F to match the pattern. This resulted in one of the
dbus-launch tests being unintentionally skipped when it used a
regex based on the one in the spec.
regex(7) suggests "To include a literal '-' [in a bracketed character
set], make it the first or last character".
Signed-off-by: Simon McVittie <smcv@collabora.com>
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=100686
|
|
The documentation generally only mentioned the directory in /etc, even
though we actually prefer security policies to be installed in
/usr/share to allow for stateless and volatile systems (i.e. booting up
with an empty /etc).
Signed-off-by: Philip Withnall <withnall@endlessm.com>
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99901
Reviewed-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
For Unix, this partially duplicates the D-Bus Specification, but
provides more detail about the intention of each search path element.
It also documents the non-standardized path elements searched by the
reference implementation.
For Windows, there are no standardized path elements in the D-Bus
Specification (and it isn't clear how useful it would be to standardize
them, since Windows software that uses D-Bus tends to be installed
as an integrated "stack" with a bundled copy of a suitable dbus-daemon),
so we just document what the reference implementation does.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
[smcv: fix formatting nitpicks]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
We're treating transient services as higher-priority than those in
the XDG_DATA_HOME or XDG_DATA_DIRS, which is consistent with systemd.
The specific list used by the standard session dbus-daemon will be
added to dbus-daemon(1) in the next commit.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=99825
Reviewed-by: Philip Withnall <withnall@endlessm.com>
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
|
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
|
