Alan Coopersmith [Sat, 16 Aug 2025 23:01:06 +0000 (16:01 -0700)]
build: default to not trying to build epoll on non-Linux systems
dbus/dbus-pollable-set-epoll.c currently errors out if __linux__ is not
defined. Allows passing -Depoll=enabled to override.
Based on patch by Jonathan Perkin for pkgsrc on illumos:
https://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/sysutils/dbus/patches/patch-meson.build?rev=1.2
but modified to only change default of 'auto' and check for all non-Linux OSes.
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Alan Coopersmith [Sat, 16 Aug 2025 22:37:51 +0000 (15:37 -0700)]
meson: host_os needs to check for 'sunos', not 'solaris'
https://mesonbuild.com/Reference-tables.html#operating-system-names
documents 'sunos' as the return value from .system() on Solaris & illumos
Based on patch from Jonathan Perkins for pkgsrc in:
https://cvsweb.netbsd.org/bsdweb.cgi/pkgsrc/sysutils/dbus/patches/patch-meson.build?rev=1.2
but modified to add a new platform_sunos symbol as suggested by @smcv
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Dudemanguy [Fri, 20 Dec 2024 16:53:28 +0000 (10:53 -0600)]
build: add elogind support
Checking the uid of the user seat also works if elogind is used. Add
this as an option to the build and make it mutually exclusive with
enabling systemd.
Johan Bolmsjö [Fri, 11 Jul 2025 20:08:23 +0000 (22:08 +0200)]
sysdeps-pthread: Fix timeout overflow adjustment
Fix an off by one error which could produce a tv_nsec value of
1'000'000'000. The valid tv_nsec range is [0, 999,999,999], see
https://en.cppreference.com/w/c/chrono/timespec for reference.
Passing a timespec with a tv_nsec value of 1'000'000'000 to
pthread_cond_timedwait has been observed to cause it to return an error
code which in turn makes the DBUS library abort the application when
compiled with asserts enabled (by PTHREAD_CHECK).
Resolves: https://gitlab.freedesktop.org/dbus/dbus/-/issues/556 Reviewed-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 16 May 2025 11:02:52 +0000 (12:02 +0100)]
connection, transport: Assert that timeout >= -1 where it matters
We recommend that assertions are disabled in production builds of dbus,
which means that they are "cheap" to add to development builds as
"executable documentation" for our assumptions.
Lower-level code assumes that timeouts must be either -1 to block
forever, or non-negative to block for a finite time (but possibly 0,
to poll without blocking).
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 16 May 2025 10:33:56 +0000 (11:33 +0100)]
connection: Never call _dbus_condvar_wait_timeout() with negative timeout
Previously we were checking for -1 as the special-cased "block forever"
value, but as noted on dbus!524 it is a programming error to call
_dbus_condvar_wait_timeout() with any negative timeout.
Throughout DBusConnection the timeout is in fact constrained to be >= -1
(non-negative to have a timeout, or exactly -1 to block forever) but
checking for non-negative is presumably no more expensive than checking
for exactly -1, so let's be a little more defensive here, to make it
more obvious that we're doing this correctly.
This is the only caller of _dbus_condvar_wait_timeout() in our codebase.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 16 May 2025 10:32:35 +0000 (11:32 +0100)]
threads: Assert that timeout is non-negative
As noted in dbus!524 by source code inspection, the Unix/pthread
implementation assumes that the timeout is non-negative and does not
support a mode where it blocks forever (which we normally represent as
a negative timeout, like POSIX poll(2)).
This means that it would be a programming error if we ever call
this with a negative timeout, so put an equivalent assertion in the
platform-independent layer. We recommend that assertions are disabled in
production builds, so it's "cheap" to have a redundant assertion here.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 16 May 2025 10:51:36 +0000 (11:51 +0100)]
timeout: Assert that the timeout interval is non-negative
We should never allocate a DBusTimeout with a negative timeout set:
if we want to wait forever for an event to happen, that's represented
by the absence of a DBusTimeout.
This ensures that code in DBusConnection can safely assume that the
timeout retrieved from a DBusTimeout will always be in its allowed range
(-1 to INT_MAX inclusive).
I've checked that all current callers get this right.
Signed-off-by: Simon McVittie <smcv@collabora.com>
cmake: Make DBUS_SESSION_SOCKET_DIR in CMakeCache.txt consistent with config.h
It's unexpected to have DBUS_SESSION_SOCKET_DIR take different values in
CMakeCache.txt, which lists the variables that are available to be set
by the caller, and in config.h, which makes their final values available
to the C code. If DBUS_SESSION_SOCKET_DIR is empty and we are running
on Unix, set it to its dynamically-chosen fallback before storing it in
the cache.
[smcv: Add commit message] Co-authored-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 28 Apr 2025 13:06:39 +0000 (14:06 +0100)]
build: Don't use build-time TMPDIR, TEMP, TMP as socket directory
When the ancestor of this code was introduced in 2003 (commit e45e4382),
it was presumably most common to have these variables either unset, or
set to a value that is system-wide and remains valid in the long term,
such as /tmp or /var/tmp.
However, on modern systems they are sometimes set to a value that is
itself temporary, for example /var/folders/${some_long_path}/T on macOS,
or user-specific, for example /tmp/user/$(id -u) on Linux with
libpam-tmpdir. These values are certainly not useful to hard-code into
libdbus and dbus-daemon during installation: they will not be usable
when running dbus-related programs after a reboot or as a different user.
So, instead of assuming TMPDIR, TEMP and TMP remain valid long-term,
we now hard-code /tmp as our default.
As before, system integrators can override this default with
`-Dsession_socket_dir=...` (Meson) or `-DDBUS_SESSION_SOCKET_DIR=...`
(CMake) if a different directory is more appropriate than /tmp.
However, system integrators should note that because AF_UNIX paths have
a relatively short length limit (typically 108 bytes), a short path is
better than a long path in this context.
Resolves: dbus/dbus#551 Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 28 Apr 2025 12:43:56 +0000 (13:43 +0100)]
meson: Make default directory for test sockets follow session
This makes it a bit easier to override both temporary directories used
for sockets to the same place. If a directory is suitable for production
use for the session bus' temporary sockets, the same directory is very
likely to be suitable for build-time tests as well, and using that
directory for both purposes makes the tests more realistic.
The non-default CMake build system already did the equivalent of this:
it doesn't have an equivalent of test_socket_dir, and setting its
equivalent of session_socket_dir affects both.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 28 Apr 2025 12:35:08 +0000 (13:35 +0100)]
build: Only define DBUS_SESSION_SOCKET_DIR on Unix
This is not used on Windows (in fact it's only used in the
dbus-cleanup-sockets(1) tool) so it's OK for it to have a value like /tmp
that would be inappropriate on Windows. Make that more obvious.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 7 Mar 2025 15:10:00 +0000 (15:10 +0000)]
bus: Correct commented-out default auth_timeout in system.conf
Commit 54d26df5 "config: change default auth_timeout to 5 seconds"
reduced the hard-coded default from 30 to 5 seconds, and the
commented-out informational copy of this information in system.conf
reflected that.
Commit 02e1ddf9 'Revert "config: change default auth_timeout to 5 seconds"'
subsequently increased hard-coded default back to 30 seconds, but did
not update the commented-out version in this file.
See also CVE-2014-3639, fd.o #80919, fd.o #86431.
Fixes: 1a36f983 "Document default limits in system.conf.in" Fixes: 02e1ddf9 'Revert "config: change default auth_timeout to 5 seconds"' Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 28 Feb 2025 14:44:19 +0000 (14:44 +0000)]
CI: Don't build on FreeBSD with CMake by default
We recommend the Meson build system for all target operating systems
other than Windows. We do try to keep CMake builds operational on Linux
to make life easier for developers, but the `opensuse cmake debug` job,
which runs by default, is sufficient for that.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 28 Feb 2025 14:42:50 +0000 (14:42 +0000)]
CI: Enable Windows build with Meson, gcc and UCRT64
This was broken for a while (see dbus#462, dbus!426, dbus!429, dbus!512)
but now it works again. Let's not allow it to regress without someone
noticing.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 28 Feb 2025 12:31:01 +0000 (12:31 +0000)]
build: Link subprojects statically if built as a subproject
If we're building a dependency as a fallback subproject, we don't want
to be responsible for installing it as a shared library. Anyone wanting
shared libraries should install the dependencies separately.
Ideally we'd do this with MSVC too, but that doesn't currently link
successfully (dbus#549).
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Fri, 28 Feb 2025 12:03:55 +0000 (12:03 +0000)]
build: If expat is a submodule, explicitly disable its unit tests
If we're falling back to building a local copy of expat, running or
debugging its unit tests is out-of-scope for maintenance of dbus.
In fact this is the default in the meson_options.txt provided by
WrapDB[1], but explicit is better than implicit.
Simon McVittie [Thu, 27 Feb 2025 19:26:50 +0000 (19:26 +0000)]
CI: Install meson from bookworm-backports when using GLib subproject
Debian 12 'bookworm' has Meson 1.0.1, which is too old for the current
stable branch of GLib. Use the version from bookworm-backports when
running on Debian and building with a mingw-w64 compiler.
We can stop doing this and put meson back in the normal list of
packages when we update to the Debian 13 stable release, expected to be
released in mid 2025.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 14 Aug 2023 16:17:27 +0000 (17:17 +0100)]
subprojects: Update fallback expat subproject
Updated with:
meson wrap update
expat 2.6.4 contains security fixes. In practice these don't affect
dbus, because we only use expat to parse trusted message bus
configuration, but we might as well use the newest available version.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Thu, 27 Feb 2025 16:35:16 +0000 (16:35 +0000)]
CI: Use a separate tagged Docker image for each dbus branch
The image contains build-dependencies from tools/ci-install.sh, so it
can be different for 1.16.x vs. main. Include the upstream branch name
in the tag name, like we already did for the Windows image, so that
an image with the same timestamp but different content can be different.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Thu, 27 Feb 2025 15:10:18 +0000 (15:10 +0000)]
CI: Fetch a different URL on sourceforge.net
Commit a56de468 "CI: Avoid using a no-op download location that gives
a 403 error" changed this, but now the direct URL to the file *also*
gives a 403 error. According to the comments in this file, the only
reason we're fetching these URLs is in an effort to pre-seed the
cache of intermediate certificates, so the specific URL that we're
requesting is uninteresting: we just need to fetch *something*.
dbus#546
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 18 Feb 2025 10:37:28 +0000 (10:37 +0000)]
selinux: Don't include unused reference count in verbose logging
libselinux 3.8 includes an API break in which the `refcnt` field of
struct security_id_t (originally intended to be a reference count, but
in practice always initialized to 1 and never modified) was renamed and
repurposed as an `id` field. This caused a build failure if dbus was
compiled with both SELinux support and verbose mode, for example in the
instrumented debug build that Debian includes in the `dbus-tests` package.
This particular piece of debug logging has little value, so just
remove it.
Reference: https://github.com/SELinuxProject/selinux/commit/e5fd7b078fb8eb0b15eb5beaccd0e6a07ec26758
Bug-Debian: https://bugs.debian.org/1096212 Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 17 Dec 2024 12:48:00 +0000 (12:48 +0000)]
README: Stop describing odd/even as Linux kernel versioning
The Linux kernel hasn't used this versioning scheme for years
(the last odd-numbered development branch was 2.5).
We are still using the odd/even versioning scheme, and so are some other
library projects. Cite GLib and SDL as better examples of projects that
still use it.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 17 Dec 2024 12:44:57 +0000 (12:44 +0000)]
README.win, README.cygwin: Describe dbus4win, etc. as historical
The merge of Windows-specific dbus ports into the same git repository
as the original Unix-only implementation was a long time ago now,
and exists on several stable-branches, not just master.
This also avoids explicitly mentioning the name of the master branch,
which is likely to be renamed to main in future.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Tue, 17 Dec 2024 12:42:36 +0000 (12:42 +0000)]
INSTALL, README: Simplify Meson vs. CMake recommendation
Now that 1.16.0 has been released and 1.15.x is EOL, it's misleading
to say that Meson is the recommended build system for Unix only on the
master branch: it's the recommended build system for Unix on the
dbus-1.16 branch, too.
This also avoids explicitly naming the master branch, which is likely
to get renamed to main.
Signed-off-by: Simon McVittie <smcv@collabora.com>
projects / thirdparty / dbus.git / log
