Bug 88812 - dbus 1.8.14 made KDE Plasma Workspace 5 regress
Summary: dbus 1.8.14 made KDE Plasma Workspace 5 regress
Status: RESOLVED NOTOURBUG
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: 1.8
Hardware: Other All
: medium normal
Assignee: Simon McVittie
QA Contact: D-Bus Maintainers
URL:
Whiteboard: review?
Keywords: patch
Depends on:
Blocks:
 
Reported: 2015-01-26 21:12 UTC by Simon McVittie
Modified: 2015-03-04 19:06 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
[PATCH 1/2] Fix regression in 1.8.14 with KDE Plasma Workspace 5 (6.69 KB, patch)
2015-01-26 21:14 UTC, Simon McVittie
Details | Splinter Review
[PATCH 2/2] Improve diagnostics when UpdateActivationEnvironment calls are rejected (1.80 KB, patch)
2015-01-26 21:14 UTC, Simon McVittie
Details | Splinter Review

Note You need to log in before you can comment on or make changes to this bug.
Description Simon McVittie 2015-01-26 21:12:44 UTC
Security hardening in dbus 1.8.14 forced all UpdateActivationEnvironment calls to be on the canonical object path /org/freedesktop/DBus, which I thought was true in practice based on a search on codesearch.debian.net. Unfortunately, that is not true for some versions of KDE newer than those in Debian.

See <https://bugs.mageia.org/show_bug.cgi?id=14963>.
Comment 1 Simon McVittie 2015-01-26 21:14:04 UTC
Created attachment 112853 [details] [review]
[PATCH 1/2] Fix regression in 1.8.14 with KDE Plasma Workspace 5

codesearch.debian.net said everything in Debian that called
UpdateActivationEnvironment (e.g. gnome-shell) used the canonical
object path to do so. Unfortunately, the heuristic "all open source
that matters is in Debian" is not completely true, and in particular,
newer versions of KDE Plasma Workspace call this method on "/".

Partially revert the change, logging a warning but not rejecting
the method call if the bus has <type>session</type>.

---

For dbus 1.8.

For master, I intend to add the nonnull() helper function (which is also used by my next patch) but revert the rest.
Comment 2 Simon McVittie 2015-01-26 21:14:41 UTC
Created attachment 112854 [details] [review]
[PATCH 2/2] Improve diagnostics when UpdateActivationEnvironment  calls are rejected

---

Requires the nonnull() pseudo-macro from the previous.
Comment 3 Simon McVittie 2015-02-03 16:12:26 UTC
We're coming up on a month since the original regression. Do people think the extra code is worth it, or do we just say Plasma was wrong and has been fixed so there is no problem?

(I'd still like to get the clearer logging, at least in master.)
Comment 4 Colin Walters 2015-02-12 22:24:37 UTC
Comment on attachment 112853 [details] [review]
[PATCH 1/2] Fix regression in 1.8.14 with KDE Plasma Workspace 5

Review of attachment 112853 [details] [review]:
-----------------------------------------------------------------

This looks fine to me.  I'm not really sure about the "remove in 1.10" aspect, but we can decide that later.
Comment 5 Colin Walters 2015-02-12 22:25:25 UTC
Comment on attachment 112854 [details] [review]
[PATCH 2/2] Improve diagnostics when UpdateActivationEnvironment  calls are rejected

Review of attachment 112854 [details] [review]:
-----------------------------------------------------------------

Also looks fine.
Comment 6 Thiago Macieira 2015-02-13 04:45:15 UTC
I think we should close this as NOTOURBUG.
Comment 7 Simon McVittie 2015-03-04 19:06:47 UTC
(In reply to Simon McVittie from comment #3)
> We're coming up on a month since the original regression.

Now 2.

(In reply to Thiago Macieira from comment #6)
> I think we should close this as NOTOURBUG.

If there isn't consensus that the extra complexity of these patches is desired - and it seems there isn't - then I'm inclined to say the ABI of our last two stable releases is what we (now) intend to provide; so, yes, NOTOURBUG.

(Since he's a KDE developer saying we should consider this to be an already-fixed KDE bug, I think Thiago's opinion counts for a lot here :-)


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.