Security hardening in dbus 1.8.14 forced all UpdateActivationEnvironment calls to be on the canonical object path /org/freedesktop/DBus, which I thought was true in practice based on a search on codesearch.debian.net. Unfortunately, that is not true for some versions of KDE newer than those in Debian. See <https://bugs.mageia.org/show_bug.cgi?id=14963>.
Created attachment 112853 [details] [review] [PATCH 1/2] Fix regression in 1.8.14 with KDE Plasma Workspace 5 codesearch.debian.net said everything in Debian that called UpdateActivationEnvironment (e.g. gnome-shell) used the canonical object path to do so. Unfortunately, the heuristic "all open source that matters is in Debian" is not completely true, and in particular, newer versions of KDE Plasma Workspace call this method on "/". Partially revert the change, logging a warning but not rejecting the method call if the bus has <type>session</type>. --- For dbus 1.8. For master, I intend to add the nonnull() helper function (which is also used by my next patch) but revert the rest.
Created attachment 112854 [details] [review] [PATCH 2/2] Improve diagnostics when UpdateActivationEnvironment calls are rejected --- Requires the nonnull() pseudo-macro from the previous.
We're coming up on a month since the original regression. Do people think the extra code is worth it, or do we just say Plasma was wrong and has been fixed so there is no problem? (I'd still like to get the clearer logging, at least in master.)
Comment on attachment 112853 [details] [review] [PATCH 1/2] Fix regression in 1.8.14 with KDE Plasma Workspace 5 Review of attachment 112853 [details] [review]: ----------------------------------------------------------------- This looks fine to me. I'm not really sure about the "remove in 1.10" aspect, but we can decide that later.
Comment on attachment 112854 [details] [review] [PATCH 2/2] Improve diagnostics when UpdateActivationEnvironment calls are rejected Review of attachment 112854 [details] [review]: ----------------------------------------------------------------- Also looks fine.
I think we should close this as NOTOURBUG.
(In reply to Simon McVittie from comment #3) > We're coming up on a month since the original regression. Now 2. (In reply to Thiago Macieira from comment #6) > I think we should close this as NOTOURBUG. If there isn't consensus that the extra complexity of these patches is desired - and it seems there isn't - then I'm inclined to say the ABI of our last two stable releases is what we (now) intend to provide; so, yes, NOTOURBUG. (Since he's a KDE developer saying we should consider this to be an already-fixed KDE bug, I think Thiago's opinion counts for a lot here :-)
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.