Backport revert of upstream patch around setuid apps

Resolves: #1285991
2015-12-09 16:20:55 -05:00 · 2015-12-09 16:20:55 -05:00 · e6c54c60b3
commit e6c54c60b3
parent 20d737c4d3
2 changed files with 76 additions and 2 deletions
--- a/0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch
+++ b/0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch
@ -0,0 +1,67 @@
+From 13f7ca3a3e3f823690add83dd8bfada52da559d2 Mon Sep 17 00:00:00 2001
+From: Colin Walters <walters@verbum.org>
+Date: Wed, 9 Dec 2015 16:17:48 -0500
+Subject: [PATCH] Revert "libgirepository: Refuse to run in setuid
+ applications"
+
+This reverts commit 98bb6c91b710a95efe4cfeb303daeec3381b9c98.
+
+It breaks programs simply executed *transitively* from a setuid
+binary like the dbus daemon launch helper.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1285991
+
+Conflicts:
+	girepository/girepository.c
+---
+ configure.ac                |  2 +-
+ girepository/girepository.c | 13 -------------
+ 2 files changed, 1 insertion(+), 14 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index b74d182..a6a272d 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -247,7 +247,7 @@ AC_C_CONST
+ 
+ # Checks for library functions.
+ AC_FUNC_STRTOD
+-AC_CHECK_FUNCS([memchr strchr strspn strstr strtol strtoull getauxval])
+AC_CHECK_FUNCS([memchr strchr strspn strstr strtol strtoull])
+ AC_CHECK_FUNCS([backtrace backtrace_symbols])
+ 
+ # Python
+diff --git a/girepository/girepository.c b/girepository/girepository.c
+index 82ee8a4..4537c03 100644
+--- a/girepository/girepository.c
+++ b/girepository/girepository.c
+@@ -27,11 +27,6 @@
+ #include <string.h>
+ #include <stdlib.h>
+ 
+-#ifdef HAVE_GETAUXVAL
+-#include <unistd.h>
+-#include <sys/auxv.h>
+-#endif
+-
+ #include <glib.h>
+ #include <glib/gprintf.h>
+ #include <gmodule.h>
+@@ -152,14 +147,6 @@ init_globals (void)
+   if (!g_once_init_enter (&initialized))
+     return;
+ 
+-#ifdef HAVE_GETAUXVAL
+-  if (getauxval (AT_SECURE))
+-    {
+-      g_printerr ("error: libgirepository.so (gobject-introspection) is not audited for use in setuid applications\nSee https://bugzilla.gnome.org/show_bug.cgi?id=755472\n");
+-      _exit (1);
+-    }
+-#endif
+-
+   if (default_repository == NULL)
+     default_repository = g_object_new (G_TYPE_IREPOSITORY, NULL);
+ 
+-- 
+1.8.3.1
+
--- a/gobject-introspection.spec
+++ b/gobject-introspection.spec
@ -2,7 +2,7 @@

 Name:           gobject-introspection
 Version:        1.47.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Introspection system for GObject-based libraries

 Group:          Development/Libraries
@ -10,6 +10,8 @@ License:        GPLv2+, LGPLv2+, MIT
 URL:            http://live.gnome.org/GObjectIntrospection
 #VCS:           git:git://git.gnome.org/gobject-introspection
 Source0:        http://download.gnome.org/sources/gobject-introspection/1.47/%{name}-%{version}.tar.xz
+# Upstream as https://git.gnome.org/browse/gobject-introspection/commit/?id=13f7ca3a3e3f823690add83dd8bfada52da559d2
+Patch0: 0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch

 Obsoletes:      gir-repository

@ -18,6 +20,7 @@ BuildRequires:  python-devel >= 2.5
 BuildRequires:  gettext
 BuildRequires:  flex
 BuildRequires:  bison
+BuildRequires:  git
 BuildRequires:  libffi-devel
 BuildRequires:  mesa-libGL-devel
 BuildRequires:  cairo-gobject-devel
@ -56,7 +59,7 @@ Obsoletes: gir-repository-devel
 Libraries and headers for gobject-introspection

 %prep
-%setup -q
+%autosetup -Sgit

 %build
 (if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi;)
@ -98,6 +101,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';'
 %{_datadir}/gtk-doc/html/gi/*

 %changelog
+* Wed Dec 09 2015 Colin Walters <walters@redhat.com> - 1.47.1-2
+- Backport revert of upstream patch around setuid apps
+  Resolves: #1285991
+
 * Mon Nov 02 2015 Kalev Lember <klember@redhat.com> - 1.47.1-1
 - Update to 1.47.1