The original code refused to create anything not in $WMAKER_USER_ROOT, now
we go one step further and limit creation inside its 'Library' or
'Defaults' sub-directories.
As reported by Coverity (CID #50129), in case of error during the write
operation, the failure path does include close of the file handle. In
addition to the resource leak, this may be a problem if the application
were to make a second try on the same file.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As reported in Debian bug #922284 [1]:
As evident from the prefix, GNUSTEP_USER_ROOT is a GNUstep variable and
Window Maker should not set it. Furthemore, it has been deprecated for
12 years already. As of gnustep-make/2.7.0-4 the GNUstep build system
is configured in strict v2 mode which makes it impossible to compile
GNUstep software. In a terminal started from a Window Maker session:
yavor@aneto:/tmp/gorm.app-1.2.24$ make
This is gnustep-make 2.7.0. Type 'make print-gnustep-make-help' for help.
Running in gnustep-make version 2 strict mode.
rm -f InterfaceBuilder; \
ln -s GormLib InterfaceBuilder
/usr/share/GNUstep/Makefiles/config-noarch.make:121: *** GNUSTEP_USER_ROOT
is obsolete. Stop.
It is also impossible to build gnustep-make from pristine upstream
source:
yavor@aneto:/tmp$ wget -q
ftp://ftp.gnustep.org/pub/gnustep/core/gnustep-make-2.7.0.tar.gz
yavor@aneto:/tmp$ tar xzf gnustep-make-2.7.0.tar.gz
yavor@aneto:/tmp$ cd gnustep-make-2.7.0/
yavor@aneto:/tmp/gnustep-make-2.7.0$ ./configure
...
yavor@aneto:/tmp/gnustep-make-2.7.0$ make
config-noarch.make:121: *** GNUSTEP_USER_ROOT is obsolete. Stop.
Note that the majority of GNUstep users use Window Maker as their window
manager and many of them build GNUstep software from source, mostly
because of the GNUstep Objective-C runtime which depends on Clang
(Debian packages use GCC and the GCC/GNU runtime).
Our solution is to replace the GNUSTEP_USER_ROOT environment variable with our
own environment variable, WMAKER_USER_ROOT. This is documented in NEWS.
[1] https://bugs.debian.org/922284
Previously, calls to WMIsPLString, WMIsPLData, WMIsPLArray, and
WMIsPLDictionary would result in a segfault if the argument was null.
This could happen, e.g., if we are checking which type of proplist
was just parsed from a file, but the parsing failed.
These functions now return False in this case.
As pointed by Coverity, a temporary proplist is created with the list of
keys to be removed from the source proplist, but this temporary proplist
was not released at the end, leaking memory.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
When creating the temporary file that will become the final file if no
problem occurs, there is a chmod done which does not give write access to
the group and to the others, but this is the task of the user-set umask.
This patch makes the rights to everything (except execution, of course) and
still applies the umask, so in the end the file will have the rights that
user wants.
Took the opportunity to make a little change related to the umask: it seems
that some version of mkstemp have a security issue, which is in not a
problem in our use case, but Coverity reports it (#50201) so as it does not
cost anything, the patch also fixes it with an appropriate comment to
explain the situation.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
Signed-off-by: Carlos R. Mafra <crmafra@gmail.com>
The function did spend its time re-copying data and searching the
end of the read buffer, which is not really efficient.
The new code reads directly from file to the end of previous data,
avoiding unneccesary duplication, and keeps track of the end of
data to avoid searching it for next read.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
As callback have a fixed prototype, it can be correct to not use all the
arguments, so this patch adds the appropriate stuff to avoid a false
report from compiler.
Signed-off-by: Christophe CURIS <christophe.curis@free.fr>
When a function is used as a call-back, it is dangerous to have
arguments with a type different than what is expected by the
call-back definition.
This patch sets the argument list to match what is expected by
the call-back prototype and inserts an explicit type conversion
at the beginning of the function.
Autoconf provides the necessary stuff to detect if inline keyword
is supported, and to detect special syntaxes, so let's use this
and remove the multiple local definitions, this makes code simpler.
To be able to do this in a clean way, it was necessary to add the
attribute also in PLData's ptr field, which is actually right
because none of the function changes its content.
The function that fills it from a file/pipe however needed small
changes to respect the const-ness of the field.
The internal function 'unescapestr' is used to transform strings which
may contain escape sequences (\x) into their plain representation.
There are a few cases where the function can misbehave (typically parse
after the end of string, thus writing past the end of the reserved
result area) which can be a source of problem later. The new code
should be safer.
This makes the WUtil API as much const-correct as possible for
the arguments being given to its functions.
This does not make it totally correct as it does not changes the
const-ness on returned values because the goal of this patch is
to make no visible change to existing program that would use this
library.
Note that the argument is also stored as-is in the PLData structure
but only for debugging purpose (warning display to user), hence the
choice to not duplicate it. As a side effect, it was 'const'-ified
too to reflect that.
A number of functions do not actually modify the strings given as
parameter, but only read or duplicate it. In this case it is a good
practice to mark that parameter as pointer-to-const to let the
compiler known about it, to be able to perform appropriate
optimisations.
WMMergePLDictionaries() and WMSubtractPLDictionaries() are declared to
return WMPropList * but are set to call the wassertr macro when their
arguments do not pass a sanity check. The wassertr macro eventually
calls return with no return value, triggering a compiler warning if
-Wreturn-type is used.
Change wassertr to wassertrv and force a return of NULL in the error
case.
This functions reads a proplist from a pipe instead of a file (like
WMReadPropListFromFile does). It uses a call to popen to open the desired
command, reads data into a buffer till EOF and passes the data to getPropList
for parsing.
v2: code cleanup
memset is the last function call in wmalloc, just before it returns the
newly allocated memory. Therefore it is not needed to call it again
after wmalloc call. Although I would prefer to switch wmalloc to a
calloc-based wcalloc function, the compatibility of WINGs for old apps
should be kept.
* Remove assigned but not used variables (GCC 4.6)
* Bump _XOPEN_SOURCE to 600, ridding of FreeBSD warnings (this probably need
to be tweaked on a per-implementation basis as problems arise)
wsyserrorwithcode - Not used, no point either.
wsyserror->werror - qualifying "error" with a "type" hardly makes
sense if there are not at least two "type"s. There are not. Safe trip.
Signed-off-by: Tamas TEVESZ <ice@extreme.hu>
- Does away with the O_BINARY abomination
- as a byproduct, plugs an fd leak in wcolorpanel.c:fetchFile()
- sprinkle some fsync()s to files that have been written to (this
needs to be done everywhere)
+ fix brown paper bag thinko in configure.ac
- make it use wings functions, remove duplicated code from getstyle
- de-static necessary functions in wings
- add new wrmdirhier to wings
- rename WMMkDirHier to wmkdirhier (fits better)
- remove calling shell from getstyle (what were they thinking?)
i couldn't quite test getstyle (no idea about themes), but it still
basically works.
do back your ~/G dir up... wrmdirhier might eat it!
definitely needs testing, especially by people who have any idea
how themes work.
Some more getstyle
- missed a shell invocation
- maybe copyFile should be in wutils too...?
[crmafra: Folded second patch into the first]
remove the choice of atomic/non-atomic writes. firstly, the only users
of non-atomic writes were getstyle and geticonset; secondly, who in their
right minds would ever want non-atomic writes; thirdly, the file system
will screw you anyway *G*.
...which creates directory hierarchies under $GNUSTEP_USER_ROOT
- make WMWritePropListToFile() use this
readily solves the "run dialog history vs nonexistent state dir" case.
if other consumers are found for this, just de-static and move the
prototype to WUtil.h or some other appropriate place.
for arq in `git ls-files *.c`; do
echo $arq;
indent -linux -l115 $arq;
done
The different line break at 115 columns is because
I use a widescreen monitor :-)
the global domain as well and are exactly the same. This fixes a bug where
settings from the global domain file were merged in the user domain file
and further changes in the global domain file for those merged values was
ignored making a system admin unable to set global defaults for all users
using the global domains.
- Fixed bug with not extracting the icon from the client when using
shared appicons.
- Added WMSubtractPLDictionaries() to WINGs (opposite for merging, it will
remove all entries from dest if they are present in source and are exactly
the same. Unique entries in dest and entries with different values from
those present in source will be preserved).
will unhide the application.
- removed a wsyserror() message when reading a property list from file
(the programmer should decide if to give that message or just ignore).
- Also tested the backward compatibility ability of the WINGs proplist code
which seems to work quite well.
Starting with this moment, Window Maker no longer needs libPropList and is
now using the better and much more robust proplist code from WINGs. Also the
WINGs based proplist code is actively maintained while the old libPropList
code is practically dead and flawed by the fact that it borrowed concepts
from the UserDefaults which conflicted with the retain/release mechanism,
making some problems that libPropList had, practically unsolvable without a
complete redesign (which can be found in the more robust WINGs code).
