From eb742ebdbdd0ee14d0155f998480c3183c539e9f706cc753f08a0d0201bb27eb Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Fri, 24 Feb 2012 12:54:59 +0000
Subject: [PATCH] Accepting request 106799 from home:vuntz:branches:Base:System

Rework -fpie/-pie fix to an upstreamable version

OBS-URL: https://build.opensuse.org/request/show/106799
OBS-URL: https://build.opensuse.org/package/show/Base:System/polkit?expand=0&rev=61
---
 polkit-pie.patch        | 90 -----------------------------------------
 polkit-suid_flags.patch | 72 +++++++++++++++++++++++++++++++++
 polkit.changes          | 14 +++++++
 polkit.spec             | 16 +++++++-
 4 files changed, 100 insertions(+), 92 deletions(-)
 delete mode 100644 polkit-pie.patch
 create mode 100644 polkit-suid_flags.patch

diff --git a/polkit-pie.patch b/polkit-pie.patch
deleted file mode 100644
index fd2e5fd..0000000
--- a/polkit-pie.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-Index: polkit-0.104/src/programs/Makefile.am
-===================================================================
---- polkit-0.104.orig/src/programs/Makefile.am
-+++ polkit-0.104/src/programs/Makefile.am
-@@ -26,12 +26,14 @@ pkexec_SOURCES = pkexec.c
- pkexec_CFLAGS =                             				\
- 	$(GLIB_CFLAGS)							\
- 	$(AUTH_LIBS)							\
-+	-fPIE \
- 	$(NULL)
- 
- pkexec_LDADD =  	                      				\
- 	$(GLIB_LIBS)							\
- 	$(top_builddir)/src/polkit/libpolkit-gobject-1.la		\
- 	$(top_builddir)/src/polkitagent/libpolkit-agent-1.la		\
-+	-pie \
- 	$(NULL)
- 
- # ----------------------------------------------------------------------------------------------------
-Index: polkit-0.104/src/polkitagent/Makefile.am
-===================================================================
---- polkit-0.104.orig/src/polkitagent/Makefile.am
-+++ polkit-0.104/src/polkitagent/Makefile.am
-@@ -64,6 +64,7 @@ libpolkit_agent_1_la_SOURCES =
-         $(NULL)
- 
- libpolkit_agent_1_la_CFLAGS =                                        	\
-+	-fpie \
-         -D_POLKIT_COMPILATION                                  		\
- 	-D_POLKIT_AGENT_COMPILATION					\
-         $(GLIB_CFLAGS)							\
-@@ -75,7 +76,7 @@ libpolkit_agent_1_la_LIBADD =
- 	$(EXPAT_LIBS)							\
-         $(NULL)
- 
--libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
-+libpolkit_agent_1_la_LDFLAGS = -pie -export-symbols-regex '(^polkit_.*)'
- 
- libexec_PROGRAMS = polkit-agent-helper-1
- 
-@@ -93,7 +94,10 @@ endif
- polkit_agent_helper_1_CFLAGS  = 					\
-         -D_POLKIT_COMPILATION                                  		\
- 	$(GLIB_CFLAGS)							\
-+	-fpie \
- 	$(NULL)
-+	
-+polkit_agent_helper_1_LDFLAGS = -pie
- 
- polkit_agent_helper_1_LDADD = 						\
- 	$(AUTH_LIBS)							\
-Index: polkit-0.104/src/programs/Makefile.in
-===================================================================
---- polkit-0.104.orig/src/programs/Makefile.in
-+++ polkit-0.104/src/programs/Makefile.in
-@@ -76,7 +76,7 @@ pkexec_DEPENDENCIES = $(am__DEPENDENCIES
- 	$(am__DEPENDENCIES_1)
- pkexec_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
- 	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(pkexec_CFLAGS) $(CFLAGS) \
--	$(AM_LDFLAGS) $(LDFLAGS) -o $@
-+	$(AM_LDFLAGS) $(pkexec_LDFLAGS) $(LDFLAGS) -o $@
- DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
- depcomp = $(SHELL) $(top_srcdir)/depcomp
- am__depfiles_maybe = depfiles
-@@ -304,7 +304,10 @@ pkexec_SOURCES = pkexec.c
- pkexec_CFLAGS = \
- 	$(GLIB_CFLAGS)							\
- 	$(AUTH_LIBS)							\
-+	-fpie \
- 	$(NULL)
-+	
-+pkexec_LDFLAGS = -pie
- 
- pkexec_LDADD = \
- 	$(GLIB_LIBS)							\
-Index: polkit-0.104/src/polkitagent/Makefile.in
-===================================================================
---- polkit-0.104.orig/src/polkitagent/Makefile.in
-+++ polkit-0.104/src/polkitagent/Makefile.in
-@@ -113,8 +113,8 @@ polkit_agent_helper_1_DEPENDENCIES = $(a
- 	$(am__DEPENDENCIES_1)
- polkit_agent_helper_1_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
- 	$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
--	$(polkit_agent_helper_1_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
--	$(LDFLAGS) -o $@
-+	$(polkit_agent_helper_1_CFLAGS) -fpie $(CFLAGS) $(AM_LDFLAGS) \
-+	$(polkit_agent_helper_1_LDFLAGS) -pie $(LDFLAGS) -o $@
- DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
- depcomp = $(SHELL) $(top_srcdir)/depcomp
- am__depfiles_maybe = depfiles
diff --git a/polkit-suid_flags.patch b/polkit-suid_flags.patch
new file mode 100644
index 0000000..5c7e741
--- /dev/null
+++ b/polkit-suid_flags.patch
@@ -0,0 +1,72 @@
+commit 1d2f40178c8b3ba39c25de25530c998c3591fab8
+Author: Vincent Untz <vuntz@gnome.org>
+Date:   Fri Feb 24 13:13:17 2012 +0100
+
+    polkitagent, pkexec: Respect SUID_CFLAGS and SUID_LDFLAGS
+    
+    This is a good way for distributors to use -fPIE/-pie.
+
+diff --git a/configure.ac b/configure.ac
+index f4a0c41..42da974 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -429,6 +429,11 @@ AC_SUBST([GETTEXT_PACKAGE])
+ AM_GLIB_GNU_GETTEXT
+ AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain])
+ 
++AC_ARG_VAR([SUID_CFLAGS],
++           [CFLAGS used for binaries which are usually with the suid bit])
++AC_ARG_VAR([SUID_LDFLAGS],
++           [LDFLAGS used for binaries which are usually with the suid bit])
++
+ AC_OUTPUT([
+ Makefile
+ actions/Makefile
+diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
+index e8c9fb1..f0f8419 100644
+--- a/src/polkitagent/Makefile.am
++++ b/src/polkitagent/Makefile.am
+@@ -92,6 +92,7 @@ endif
+ 
+ polkit_agent_helper_1_CFLAGS  = 					\
+         -D_POLKIT_COMPILATION                                  		\
++	$(SUID_CFLAGS)							\
+ 	$(GLIB_CFLAGS)							\
+ 	$(NULL)
+ 
+@@ -101,6 +102,11 @@ polkit_agent_helper_1_LDADD = 						\
+ 	$(top_builddir)/src/polkit/libpolkit-gobject-1.la		\
+ 	$(NULL)
+ 
++polkit_agent_helper_1_LDFLAGS = 					\
++	$(SUID_LDFLAGS)							\
++	$(AM_LDFLAGS)							\
++	$(NULL)
++
+ if HAVE_INTROSPECTION
+ girdir = $(INTROSPECTION_GIRDIR)
+ gir_DATA = PolkitAgent-1.0.gir
+diff --git a/src/programs/Makefile.am b/src/programs/Makefile.am
+index c260dee..6aac06b 100644
+--- a/src/programs/Makefile.am
++++ b/src/programs/Makefile.am
+@@ -24,6 +24,7 @@ bin_PROGRAMS = pkexec pkcheck pkaction
+ pkexec_SOURCES = pkexec.c
+ 
+ pkexec_CFLAGS =                             				\
++	$(SUID_CFLAGS)							\
+ 	$(GLIB_CFLAGS)							\
+ 	$(AUTH_LIBS)							\
+ 	$(NULL)
+@@ -34,6 +35,11 @@ pkexec_LDADD =  	                      				\
+ 	$(top_builddir)/src/polkitagent/libpolkit-agent-1.la		\
+ 	$(NULL)
+ 
++pkexec_LDFLAGS =  	                      				\
++	$(SUID_LDFLAGS)							\
++	$(AM_LDFLAGS)							\
++	$(NULL)
++
+ # ----------------------------------------------------------------------------------------------------
+ 
+ pkcheck_SOURCES = pkcheck.c
diff --git a/polkit.changes b/polkit.changes
index 946e3ba..31c2d5a 100644
--- a/polkit.changes
+++ b/polkit.changes
@@ -1,3 +1,17 @@
+-------------------------------------------------------------------
+Fri Feb 24 12:11:04 UTC 2012 - vuntz@opensuse.org
+
+- Change the way we pass -fpie/-pie:
+  + Drop polkit-pie.patch: this was not upstreamable.
+  + Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS
+    when building the suid binaries (pkexec and
+    polkit-agent-helper-1).
+  + Add autoconf, automake and libtool BuildRequires, and call
+    autoreconf, for the new patch.
+  + Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.
+  + Pass --with-pic to configure instead of changing CFLAGS to
+    contain -fPIC.
+
 -------------------------------------------------------------------
 Tue Feb  7 14:39:43 UTC 2012 - dlovasko@suse.com
 
diff --git a/polkit.spec b/polkit.spec
index da70e3b..8519c53 100644
--- a/polkit.spec
+++ b/polkit.spec
@@ -30,7 +30,12 @@ Source0:        http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
 Source99:       baselibs.conf
 # PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vuntz@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin
 Patch0:         polkit-no-wheel-group.patch
-Patch1:         polkit-pie.patch
+# PATCH-FIX-UPSTREAM polkit-suid_flags.patch bnc#743145 fdo#46569 vuntz@opensuse.org -- Respect SUID_CFLAGS/SUID_LDFLAGS
+Patch1:         polkit-suid_flags.patch
+# needed for patch1
+BuildRequires:  autoconf
+# needed for patch1
+BuildRequires:  automake
 BuildRequires:  glib2-devel >= 2.25.12
 BuildRequires:  gobject-introspection-devel >= 0.6.2
 BuildRequires:  gtk-doc
@@ -38,6 +43,8 @@ BuildRequires:  gtk-doc
 #!BuildIgnore:  ruby
 BuildRequires:  intltool
 BuildRequires:  libexpat-devel
+# needed for patch1
+BuildRequires:  libtool
 BuildRequires:  pam-devel
 %if 0%{?with_systemd}
 BuildRequires:  systemd-devel
@@ -108,14 +115,19 @@ This package provides the GObject Introspection bindings for PolicyKit.
 
 %build
 export V=1
+# needed for patch1
+autoreconf -fi
+export SUID_CFLAGS="-fPIE"
+export SUID_LDFLAGS="-pie"
 %configure \
   --with-os-type=suse \
   --enable-gtk-doc \
+  --with-pic \
   --disable-static \
   --enable-introspection \
   --enable-examples \
   --libexecdir=%{_prefix}/lib/polkit-1
-make CFLAGS="-fPIC" %{?_smp_mflags}
+make %{?_smp_mflags}
 
 %install
 make install DESTDIR=$RPM_BUILD_ROOT