pool/polkit
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 106806 from Base:System

Browse Source 
Rework -fpie/-pie fix to an upstreamable version (forwarded request 106799 from vuntz)

OBS-URL: https://build.opensuse.org/request/show/106806
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/polkit?expand=0&rev=31
This commit is contained in:
Stephan Kulow 2012-02-25 06:31:13 +00:00 committed by Git OBS Bridge
commit 1ecfc0d334
4 changed files with 100 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
polkit-pie.patch
View File

@ -1,90 +0,0 @@
Index: polkit-0.104/src/programs/Makefile.am
===================================================================
--- polkit-0.104.orig/src/programs/Makefile.am
+++ polkit-0.104/src/programs/Makefile.am
@@ -26,12 +26,14 @@ pkexec_SOURCES = pkexec.c
pkexec_CFLAGS = \
$(GLIB_CFLAGS) \
$(AUTH_LIBS) \
+ -fPIE \
$(NULL)
pkexec_LDADD = \
$(GLIB_LIBS) \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(top_builddir)/src/polkitagent/libpolkit-agent-1.la \
+ -pie \
$(NULL)
# ----------------------------------------------------------------------------------------------------
Index: polkit-0.104/src/polkitagent/Makefile.am
===================================================================
--- polkit-0.104.orig/src/polkitagent/Makefile.am
+++ polkit-0.104/src/polkitagent/Makefile.am
@@ -64,6 +64,7 @@ libpolkit_agent_1_la_SOURCES =
$(NULL)
libpolkit_agent_1_la_CFLAGS = \
+ -fpie \
-D_POLKIT_COMPILATION \
-D_POLKIT_AGENT_COMPILATION \
$(GLIB_CFLAGS) \
@@ -75,7 +76,7 @@ libpolkit_agent_1_la_LIBADD =
$(EXPAT_LIBS) \
$(NULL)
-libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
+libpolkit_agent_1_la_LDFLAGS = -pie -export-symbols-regex '(^polkit_.*)'
libexec_PROGRAMS = polkit-agent-helper-1
@@ -93,7 +94,10 @@ endif
polkit_agent_helper_1_CFLAGS = \
-D_POLKIT_COMPILATION \
$(GLIB_CFLAGS) \
+ -fpie \
$(NULL)
+
+polkit_agent_helper_1_LDFLAGS = -pie
polkit_agent_helper_1_LDADD = \
$(AUTH_LIBS) \
Index: polkit-0.104/src/programs/Makefile.in
===================================================================
--- polkit-0.104.orig/src/programs/Makefile.in
+++ polkit-0.104/src/programs/Makefile.in
@@ -76,7 +76,7 @@ pkexec_DEPENDENCIES = $(am__DEPENDENCIES
$(am__DEPENDENCIES_1)
pkexec_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \
$(LIBTOOLFLAGS) --mode=link $(CCLD) $(pkexec_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
+ $(AM_LDFLAGS) $(pkexec_LDFLAGS) $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
@@ -304,7 +304,10 @@ pkexec_SOURCES = pkexec.c
pkexec_CFLAGS = \
$(GLIB_CFLAGS) \
$(AUTH_LIBS) \
+ -fpie \
$(NULL)
+
+pkexec_LDFLAGS = -pie
pkexec_LDADD = \
$(GLIB_LIBS) \
Index: polkit-0.104/src/polkitagent/Makefile.in
===================================================================
--- polkit-0.104.orig/src/polkitagent/Makefile.in
+++ polkit-0.104/src/polkitagent/Makefile.in
@@ -113,8 +113,8 @@ polkit_agent_helper_1_DEPENDENCIES = $(a
$(am__DEPENDENCIES_1)
polkit_agent_helper_1_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \
$(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \
- $(polkit_agent_helper_1_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
- $(LDFLAGS) -o $@
+ $(polkit_agent_helper_1_CFLAGS) -fpie $(CFLAGS) $(AM_LDFLAGS) \
+ $(polkit_agent_helper_1_LDFLAGS) -pie $(LDFLAGS) -o $@
DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles

72
polkit-suid_flags.patch Normal file
View File

@ -0,0 +1,72 @@
commit 1d2f40178c8b3ba39c25de25530c998c3591fab8
Author: Vincent Untz <vuntz@gnome.org>
Date: Fri Feb 24 13:13:17 2012 +0100
polkitagent, pkexec: Respect SUID_CFLAGS and SUID_LDFLAGS
This is a good way for distributors to use -fPIE/-pie.
diff --git a/configure.ac b/configure.ac
index f4a0c41..42da974 100644
--- a/configure.ac
+++ b/configure.ac
@@ -429,6 +429,11 @@ AC_SUBST([GETTEXT_PACKAGE])
AM_GLIB_GNU_GETTEXT
AC_DEFINE_UNQUOTED([GETTEXT_PACKAGE],["$GETTEXT_PACKAGE"],[gettext domain])
+AC_ARG_VAR([SUID_CFLAGS],
+ [CFLAGS used for binaries which are usually with the suid bit])
+AC_ARG_VAR([SUID_LDFLAGS],
+ [LDFLAGS used for binaries which are usually with the suid bit])
+
AC_OUTPUT([
Makefile
actions/Makefile
diff --git a/src/polkitagent/Makefile.am b/src/polkitagent/Makefile.am
index e8c9fb1..f0f8419 100644
--- a/src/polkitagent/Makefile.am
+++ b/src/polkitagent/Makefile.am
@@ -92,6 +92,7 @@ endif
polkit_agent_helper_1_CFLAGS = \
-D_POLKIT_COMPILATION \
+ $(SUID_CFLAGS) \
$(GLIB_CFLAGS) \
$(NULL)
@@ -101,6 +102,11 @@ polkit_agent_helper_1_LDADD = \
$(top_builddir)/src/polkit/libpolkit-gobject-1.la \
$(NULL)
+polkit_agent_helper_1_LDFLAGS = \
+ $(SUID_LDFLAGS) \
+ $(AM_LDFLAGS) \
+ $(NULL)
+
if HAVE_INTROSPECTION
girdir = $(INTROSPECTION_GIRDIR)
gir_DATA = PolkitAgent-1.0.gir
diff --git a/src/programs/Makefile.am b/src/programs/Makefile.am
index c260dee..6aac06b 100644
--- a/src/programs/Makefile.am
+++ b/src/programs/Makefile.am
@@ -24,6 +24,7 @@ bin_PROGRAMS = pkexec pkcheck pkaction
pkexec_SOURCES = pkexec.c
pkexec_CFLAGS = \
+ $(SUID_CFLAGS) \
$(GLIB_CFLAGS) \
$(AUTH_LIBS) \
$(NULL)
@@ -34,6 +35,11 @@ pkexec_LDADD = \
$(top_builddir)/src/polkitagent/libpolkit-agent-1.la \
$(NULL)
+pkexec_LDFLAGS = \
+ $(SUID_LDFLAGS) \
+ $(AM_LDFLAGS) \
+ $(NULL)
+
# ----------------------------------------------------------------------------------------------------
pkcheck_SOURCES = pkcheck.c

14
polkit.changes
View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Fri Feb 24 12:11:04 UTC 2012 - vuntz@opensuse.org
- Change the way we pass -fpie/-pie:
+ Drop polkit-pie.patch: this was not upstreamable.
+ Add polkit-suid_flags.patch: respect SUID_CFLAGS/SUID_LDFLAGS
when building the suid binaries (pkexec and
polkit-agent-helper-1).
+ Add autoconf, automake and libtool BuildRequires, and call
autoreconf, for the new patch.
+ Set SUID_CFLAGS to -fPIE and SUID_LDFLAGS to -pie in %build.
+ Pass --with-pic to configure instead of changing CFLAGS to
contain -fPIC.
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Feb 7 14:39:43 UTC 2012 - dlovasko@suse.com Tue Feb 7 14:39:43 UTC 2012 - dlovasko@suse.com

16
polkit.spec
View File

@ -30,7 +30,12 @@ Source0: http://hal.freedesktop.org/releases/%{name}-%{version}.tar.gz
Source99: baselibs.conf Source99: baselibs.conf
# PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vuntz@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin # PATCH-FIX-OPENSUSE polkit-no-wheel-group.patch vuntz@opensuse.org -- In openSUSE, there's no special meaning for the wheel group, so we shouldn't allow it to be admin
Patch0: polkit-no-wheel-group.patch Patch0: polkit-no-wheel-group.patch
Patch1: polkit-pie.patch # PATCH-FIX-UPSTREAM polkit-suid_flags.patch bnc#743145 fdo#46569 vuntz@opensuse.org -- Respect SUID_CFLAGS/SUID_LDFLAGS
Patch1: polkit-suid_flags.patch
# needed for patch1
BuildRequires: autoconf
# needed for patch1
BuildRequires: automake
BuildRequires: glib2-devel >= 2.25.12 BuildRequires: glib2-devel >= 2.25.12
BuildRequires: gobject-introspection-devel >= 0.6.2 BuildRequires: gobject-introspection-devel >= 0.6.2
BuildRequires: gtk-doc BuildRequires: gtk-doc
@ -38,6 +43,8 @@ BuildRequires: gtk-doc
#!BuildIgnore: ruby #!BuildIgnore: ruby
BuildRequires: intltool BuildRequires: intltool
BuildRequires: libexpat-devel BuildRequires: libexpat-devel
# needed for patch1
BuildRequires: libtool
BuildRequires: pam-devel BuildRequires: pam-devel
%if 0%{?with_systemd} %if 0%{?with_systemd}
BuildRequires: systemd-devel BuildRequires: systemd-devel
@ -108,14 +115,19 @@ This package provides the GObject Introspection bindings for PolicyKit.
%build %build
export V=1 export V=1
# needed for patch1
autoreconf -fi
export SUID_CFLAGS="-fPIE"
export SUID_LDFLAGS="-pie"
%configure \ %configure \
--with-os-type=suse \ --with-os-type=suse \
--enable-gtk-doc \ --enable-gtk-doc \
--with-pic \
--disable-static \ --disable-static \
--enable-introspection \ --enable-introspection \
--enable-examples \ --enable-examples \
--libexecdir=%{_prefix}/lib/polkit-1 --libexecdir=%{_prefix}/lib/polkit-1
make CFLAGS="-fPIC" %{?_smp_mflags} make %{?_smp_mflags}
%install %install
make install DESTDIR=$RPM_BUILD_ROOT make install DESTDIR=$RPM_BUILD_ROOT