diff --git a/0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch b/0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch new file mode 100644 index 0000000..3b9172d --- /dev/null +++ b/0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch @@ -0,0 +1,67 @@ +From 13f7ca3a3e3f823690add83dd8bfada52da559d2 Mon Sep 17 00:00:00 2001 +From: Colin Walters +Date: Wed, 9 Dec 2015 16:17:48 -0500 +Subject: [PATCH] Revert "libgirepository: Refuse to run in setuid + applications" + +This reverts commit 98bb6c91b710a95efe4cfeb303daeec3381b9c98. + +It breaks programs simply executed *transitively* from a setuid +binary like the dbus daemon launch helper. + +https://bugzilla.redhat.com/show_bug.cgi?id=1285991 + +Conflicts: + girepository/girepository.c +--- + configure.ac | 2 +- + girepository/girepository.c | 13 ------------- + 2 files changed, 1 insertion(+), 14 deletions(-) + +diff --git a/configure.ac b/configure.ac +index b74d182..a6a272d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -247,7 +247,7 @@ AC_C_CONST + + # Checks for library functions. + AC_FUNC_STRTOD +-AC_CHECK_FUNCS([memchr strchr strspn strstr strtol strtoull getauxval]) ++AC_CHECK_FUNCS([memchr strchr strspn strstr strtol strtoull]) + AC_CHECK_FUNCS([backtrace backtrace_symbols]) + + # Python +diff --git a/girepository/girepository.c b/girepository/girepository.c +index 82ee8a4..4537c03 100644 +--- a/girepository/girepository.c ++++ b/girepository/girepository.c +@@ -27,11 +27,6 @@ + #include + #include + +-#ifdef HAVE_GETAUXVAL +-#include +-#include +-#endif +- + #include + #include + #include +@@ -152,14 +147,6 @@ init_globals (void) + if (!g_once_init_enter (&initialized)) + return; + +-#ifdef HAVE_GETAUXVAL +- if (getauxval (AT_SECURE)) +- { +- g_printerr ("error: libgirepository.so (gobject-introspection) is not audited for use in setuid applications\nSee https://bugzilla.gnome.org/show_bug.cgi?id=755472\n"); +- _exit (1); +- } +-#endif +- + if (default_repository == NULL) + default_repository = g_object_new (G_TYPE_IREPOSITORY, NULL); + +-- +1.8.3.1 + diff --git a/gobject-introspection.spec b/gobject-introspection.spec index 99d63fd..9f07619 100644 --- a/gobject-introspection.spec +++ b/gobject-introspection.spec @@ -2,7 +2,7 @@ Name: gobject-introspection Version: 1.47.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Introspection system for GObject-based libraries Group: Development/Libraries @@ -10,6 +10,8 @@ License: GPLv2+, LGPLv2+, MIT URL: http://live.gnome.org/GObjectIntrospection #VCS: git:git://git.gnome.org/gobject-introspection Source0: http://download.gnome.org/sources/gobject-introspection/1.47/%{name}-%{version}.tar.xz +# Upstream as https://git.gnome.org/browse/gobject-introspection/commit/?id=13f7ca3a3e3f823690add83dd8bfada52da559d2 +Patch0: 0001-Revert-libgirepository-Refuse-to-run-in-setuid-appli.patch Obsoletes: gir-repository @@ -18,6 +20,7 @@ BuildRequires: python-devel >= 2.5 BuildRequires: gettext BuildRequires: flex BuildRequires: bison +BuildRequires: git BuildRequires: libffi-devel BuildRequires: mesa-libGL-devel BuildRequires: cairo-gobject-devel @@ -56,7 +59,7 @@ Obsoletes: gir-repository-devel Libraries and headers for gobject-introspection %prep -%setup -q +%autosetup -Sgit %build (if ! test -x configure; then NOCONFIGURE=1 ./autogen.sh; fi;) @@ -98,6 +101,10 @@ find $RPM_BUILD_ROOT -type f -name "*.a" -exec rm -f {} ';' %{_datadir}/gtk-doc/html/gi/* %changelog +* Wed Dec 09 2015 Colin Walters - 1.47.1-2 +- Backport revert of upstream patch around setuid apps + Resolves: #1285991 + * Mon Nov 02 2015 Kalev Lember - 1.47.1-1 - Update to 1.47.1