We're not going to depend on gnome-common (I assume) so this patch
nicks the systemd macro to test for compiler flags, and uses it to set
a similar set of -Werror=foo as the gnome-common one does.
See https://bugzilla.gnome.org/show_bug.cgi?id=608953
See https://mail.gnome.org/archives/desktop-devel-list/2012-July/msg00100.html
If we're going to be setting more strict compiler flags for GNOME, we
should really ensure GLib builds with them first, as it's kind of the
model citizen.
In particular, you can see several times that downstreams such as
Debian have come in and fixed -Wformat-security bugs. We should never
let those get into tarballs, or even commits.
https://bugzilla.gnome.org/show_bug.cgi?id=687385
Some programs attempt to use libglib (or even libgio) when setuid.
For a long time, GTK+ simply aborted if launched in this
configuration, but we never had a real policy for GLib.
I'm not sure whether we should advertise such support. However, given
that there are real-world programs that do this currently, we can make
them safer with not too much effort.
Better to fix a problem caused by an interaction between two
components in *both* places if possible.
This patch adds a private function g_check_setuid() which is used to
first ensure we don't run an external dbus-launch binary if
DBUS_SESSION_BUS_ADDRESS isn't set.
Second, we also ensure the local VFS is used in this case. The
gdaemonvfs extension point will end up talking to the session bus
which is typically undesirable in a setuid context.
Implementing g_check_setuid() is interesting - whether or not we're
running in a privilege-escalated path is operating system specific.
Note that GTK+'s code to check euid versus uid worked historically on
Unix, more modern systems have filesystem capabilities and SELinux
domain transitions, neither of which are captured by the uid
comparison.
On Linux/glibc, the way this works is that the kernel sets an
AT_SECURE flag in the ELF auxiliary vector, and glibc looks for it on
startup. If found, then glibc sets a public-but-undocumented
__libc_enable_secure variable which we can use. Unfortunately, while
it *previously* worked to check this variable, a combination of newer
binutils and RPM break it:
http://www.openwall.com/lists/owl-dev/2012/08/14/1
So for now on Linux/glibc, we fall back to the historical Unix version
until we get glibc fixed.
On some BSD variants, there is a issetugid() function. On other Unix
variants, we fall back to what GTK+ has been doing.
Reported-By: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: Colin Walters <walters@verbum.org>
Solaris/OpenSolaris/OpenIndiana define FIONREAD in sys/filio.h.
This commit adds a configure check for this header, and includes
it conditionally in gio/gsocket.c.
Patch by Fabian Groffen, bug 675524.
Default to generate man pages if the required tools and
stylesheets are found. Error out if --enable-man is given
but tools or stylesheets are missing.
The "-framework" linker flag takes a second word as a parameter. If
they are passed separated with whitespace, some flag-handling routines
may not know to keep the two words together as a single unit. Use
-Wl,, to pass multiple words without embedded whitespace.
https://bugzilla.gnome.org/show_bug.cgi?id=566994
Not doing so is an evil trap, sadly. This patch has been
compile-checked on Fedora 16, and I've verified that the generated
config.status and config.h is exactly the same.
https://bugzilla.gnome.org/show_bug.cgi?id=674483
This way any prerequisites for e.g. AC_CHECK_HEADER are always executed
before the 'if'.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
https://bugzilla.gnome.org/show_bug.cgi?id=674483
If action-if-found is not specified, AC_CHECK_LIB will append the library
to LIBS. As we don't want to link everything against libelf, reset LIBS
after doing the checks.
When cross-compiling with gcc >= 4.5 AC_CHECK_ALIGNOF fails to detect the
correct alignment. Without a previous AC_CHECK_TYPE for the same type, the
alignment is silently set to '0'.
This makes sure that configure fails and reports the problem.
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
https://bugzilla.gnome.org/show_bug.cgi?id=674483
These binaries are now only used by the test suite. glib-genmarshal
*used* to be required to generate marshallers, but isn't anymore now
that we use libffi (via g_cclosure_marshal_generic).
https://bugzilla.gnome.org/show_bug.cgi?id=667806
This patch solves two problems:
First, it allows builders to optionally cut the circular dependency
between dbus and glib by disabling the modular tests (just like how
the tests can be disabled in dbus).
Second, the tests are entirely pointless to build if cross-compiling.
It also moves us slightly closer to the long term future we want where
the tests are a separate ./configure invocation and run against the
INSTALLED glib, not the one in the source tree. This would allow us to
run the tests constantly, not just when glib is built.
https://bugzilla.gnome.org/show_bug.cgi?id=667806
This is needed because glib-mkenums doesn't handle #ifdef values in
enums, and so it needs to have all values always defined in the enum.
When not available, define the missing values to a negative value.
It seems that there is quite a bit of variation out there, in
terms of libelf versions and API. Make the checks more thorough,
by not only checking for elf_begin, but also some of the shdr function
that we need. Also, explicitly check for libelf.h.
This should address bug 673132 and 673253.