d-two/operating-system
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
64bc2ff1db1771bdb5aa26eebecf8dd59755818a
operating-system/buildroot/package/binutils/2.34/0002-poison-system-directories.patch
Stefan Agner a0871be6c0 Bump buildroot to 2020.11-rc1 (#985) 
* Update buildroot-patches for 2020.11-rc1 buildroot

* Update buildroot to 2020.11-rc1

Signed-off-by: Stefan Agner <stefan@agner.ch>

* Don't rely on sfdisk --list-free output

The --list-free (-F) argument does not allow machine readable mode. And
it seems that the output format changes over time (different spacing,
using size postfixes instead of raw blocks).

Use sfdisk json output and calculate free partition space ourselfs. This
works for 2.35 and 2.36 and is more robust since we rely on output which
is meant for scripts to parse.

* Migrate defconfigs for Buildroot 2020.11-rc1

In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE).

* Rebase/remove systemd patches for systemd 246

* Drop apparmor/libapparmor from buildroot-external

* hassos-persists: use /run as directory for lockfiles

The U-Boot tools use /var/lock by default which is not created any more
by systemd by default (it is under tmpfiles legacy.conf, which we no
longer install).

* Disable systemd-update-done.service

The service is not suited for pure read-only systems. In particular the
service needs to be able to write a file in /etc and /var. Remove the
service. Note: This is a static service and cannot be removed using
systemd-preset.

* Disable apparmor.service for now

The service loads all default profiles. Some might actually cause
problems. E.g. the profile for ping seems not to match our setup for
/etc/resolv.conf:
[85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
2020-11-13 18:25:44 +01:00

307 lines
10 KiB
Diff
Raw Blame History

From 9952aec22006cfd0e1f5dd0106523e2b93ad20a8 Mon Sep 17 00:00:00 2001
From: Romain Naour <romain.naour@gmail.com>
Date: Fri, 25 Dec 2015 11:45:38 +0100
Subject: [PATCH] poison-system-directories
Patch adapted to binutils 2.23.2 and extended to use
BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
[Romain: rebase on top of 2.33.1]
Signed-off-by: Romain Naour <romain.naour@gmail.com>
[Gustavo: adapt to binutils 2.25]
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Upstream-Status: Inappropriate [distribution: codesourcery]
Patch originally created by Mark Hatle, forward-ported to
binutils 2.21 by Scott Garman.
purpose: warn for uses of system directories when cross linking
Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
2008-07-02 Joseph Myers <joseph@codesourcery.com>
ld/
* ld.h (args_type): Add error_poison_system_directories.
* ld.texinfo (--error-poison-system-directories): Document.
* ldfile.c (ldfile_add_library_path): Check
command_line.error_poison_system_directories.
* ldmain.c (main): Initialize
command_line.error_poison_system_directories.
* lexsup.c (enum option_values): Add
OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
(ld_options): Add --error-poison-system-directories.
(parse_args): Handle new option.
2007-06-13 Joseph Myers <joseph@codesourcery.com>
ld/
* config.in: Regenerate.
* ld.h (args_type): Add poison_system_directories.
* ld.texinfo (--no-poison-system-directories): Document.
* ldfile.c (ldfile_add_library_path): Check
command_line.poison_system_directories.
* ldmain.c (main): Initialize
command_line.poison_system_directories.
* lexsup.c (enum option_values): Add
OPTION_NO_POISON_SYSTEM_DIRECTORIES.
(ld_options): Add --no-poison-system-directories.
(parse_args): Handle new option.
2007-04-20 Joseph Myers <joseph@codesourcery.com>
Merge from Sourcery G++ binutils 2.17:
2007-03-20 Joseph Myers <joseph@codesourcery.com>
Based on patch by Mark Hatle <mark.hatle@windriver.com>.
ld/
* configure.ac (--enable-poison-system-directories): New option.
* configure, config.in: Regenerate.
* ldfile.c (ldfile_add_library_path): If
ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
/usr/lib, /usr/local/lib or /usr/X11R6/lib.
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Signed-off-by: Scott Garman <scott.a.garman@intel.com>
---
ld/config.in | 3 +++
ld/configure | 14 ++++++++++++++
ld/configure.ac | 10 ++++++++++
ld/ld.h | 8 ++++++++
ld/ld.texi | 12 ++++++++++++
ld/ldfile.c | 17 +++++++++++++++++
ld/ldlex.h | 2 ++
ld/ldmain.c | 2 ++
ld/lexsup.c | 21 +++++++++++++++++++++
9 files changed, 89 insertions(+)
diff --git a/ld/config.in b/ld/config.in
index d93c9b0830..5da2742bea 100644
--- a/ld/config.in
+++ b/ld/config.in
@@ -31,6 +31,9 @@
language is requested. */
#undef ENABLE_NLS
+/* Define to warn for use of native system library directories */
+#undef ENABLE_POISON_SYSTEM_DIRECTORIES
+
/* Additional extension a shared object might have. */
#undef EXTRA_SHLIB_EXTENSION
diff --git a/ld/configure b/ld/configure
index d55a6a779f..7e5314d24a 100755
--- a/ld/configure
+++ b/ld/configure
@@ -826,6 +826,7 @@ with_lib_path
enable_targets
enable_64_bit_bfd
with_sysroot
+enable_poison_system_directories
enable_gold
enable_got
enable_compressed_debug_sections
@@ -1491,6 +1492,8 @@ Optional Features:
--disable-largefile omit support for large files
--enable-targets alternative target configurations
--enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
+ --enable-poison-system-directories
+ warn for use of native system library directories
--enable-gold[=ARG] build gold [ARG={default,yes,no}]
--enable-got=<type> GOT handling scheme (target, single, negative,
multigot)
@@ -15809,7 +15812,18 @@ else
fi
+# Check whether --enable-poison-system-directories was given.
+if test "${enable_poison_system_directories+set}" = set; then :
+ enableval=$enable_poison_system_directories;
+else
+ enable_poison_system_directories=no
+fi
+
+if test "x${enable_poison_system_directories}" = "xyes"; then
+$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
+
+fi
# Check whether --enable-got was given.
if test "${enable_got+set}" = set; then :
diff --git a/ld/configure.ac b/ld/configure.ac
index b5e849d84a..22e022ec03 100644
--- a/ld/configure.ac
+++ b/ld/configure.ac
@@ -94,6 +94,16 @@ AC_SUBST(use_sysroot)
AC_SUBST(TARGET_SYSTEM_ROOT)
AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
+AC_ARG_ENABLE([poison-system-directories],
+ AS_HELP_STRING([--enable-poison-system-directories],
+ [warn for use of native system library directories]),,
+ [enable_poison_system_directories=no])
+if test "x${enable_poison_system_directories}" = "xyes"; then
+ AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
+ [1],
+ [Define to warn for use of native system library directories])
+fi
+
dnl Use --enable-gold to decide if this linker should be the default.
dnl "install_as_default" is set to false if gold is the default linker.
dnl "installed_linker" is the installed BFD linker name.
diff --git a/ld/ld.h b/ld/ld.h
index 71fd781267..5c7843100b 100644
--- a/ld/ld.h
+++ b/ld/ld.h
@@ -166,6 +166,14 @@ typedef struct
in the linker script. */
bfd_boolean force_group_allocation;
+ /* If TRUE (the default) warn for uses of system directories when
+ cross linking. */
+ bfd_boolean poison_system_directories;
+
+ /* If TRUE (default FALSE) give an error for uses of system
+ directories when cross linking instead of a warning. */
+ bfd_boolean error_poison_system_directories;
+
/* Big or little endian as set on command line. */
enum endian_enum endian;
diff --git a/ld/ld.texi b/ld/ld.texi
index eb7bcb9933..3c73d445a0 100644
--- a/ld/ld.texi
+++ b/ld/ld.texi
@@ -2551,6 +2551,18 @@ string identifying the original linked file does not change.
Passing @code{none} for @var{style} disables the setting from any
@code{--build-id} options earlier on the command line.
+
+@kindex --no-poison-system-directories
+@item --no-poison-system-directories
+Do not warn for @option{-L} options using system directories such as
+@file{/usr/lib} when cross linking. This option is intended for use
+in chroot environments when such directories contain the correct
+libraries for the target system rather than the host.
+
+@kindex --error-poison-system-directories
+@item --error-poison-system-directories
+Give an error instead of a warning for @option{-L} options using
+system directories when cross linking.
@end table
@c man end
diff --git a/ld/ldfile.c b/ld/ldfile.c
index 411f7ddf97..17db16c2cc 100644
--- a/ld/ldfile.c
+++ b/ld/ldfile.c
@@ -117,6 +117,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
new_dirs->name = concat (ld_sysroot, name + strlen ("$SYSROOT"), (const char *) NULL);
else
new_dirs->name = xstrdup (name);
+
+#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
+ if (command_line.poison_system_directories
+ && ((!strncmp (name, "/lib", 4))
+ || (!strncmp (name, "/usr/lib", 8))
+ || (!strncmp (name, "/usr/local/lib", 14))
+ || (!strncmp (name, "/usr/X11R6/lib", 14))))
+ {
+ if (command_line.error_poison_system_directories)
+ einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
+ "cross-compilation\n"), name);
+ else
+ einfo (_("%P: warning: library search path \"%s\" is unsafe for "
+ "cross-compilation\n"), name);
+ }
+#endif
+
}
/* Try to open a BFD for a lang_input_statement. */
diff --git a/ld/ldlex.h b/ld/ldlex.h
index 5287f19a7f..55096e4fc9 100644
--- a/ld/ldlex.h
+++ b/ld/ldlex.h
@@ -150,6 +150,8 @@ enum option_values
OPTION_FORCE_GROUP_ALLOCATION,
OPTION_PRINT_MAP_DISCARDED,
OPTION_NO_PRINT_MAP_DISCARDED,
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES,
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
};
/* The initial parser states. */
diff --git a/ld/ldmain.c b/ld/ldmain.c
index c4af10f4e9..95b56b2d2d 100644
--- a/ld/ldmain.c
+++ b/ld/ldmain.c
@@ -273,6 +273,8 @@ main (int argc, char **argv)
command_line.warn_mismatch = TRUE;
command_line.warn_search_mismatch = TRUE;
command_line.check_section_addresses = -1;
+ command_line.poison_system_directories = TRUE;
+ command_line.error_poison_system_directories = FALSE;
/* We initialize DEMANGLING based on the environment variable
COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
diff --git a/ld/lexsup.c b/ld/lexsup.c
index 3d15cc491d..54f52dc72f 100644
--- a/ld/lexsup.c
+++ b/ld/lexsup.c
@@ -550,6 +550,14 @@ static const struct ld_option ld_options[] =
{ {"no-print-map-discarded", no_argument, NULL, OPTION_NO_PRINT_MAP_DISCARDED},
'\0', NULL, N_("Do not show discarded sections in map file output"),
TWO_DASHES },
+ { {"no-poison-system-directories", no_argument, NULL,
+ OPTION_NO_POISON_SYSTEM_DIRECTORIES},
+ '\0', NULL, N_("Do not warn for -L options using system directories"),
+ TWO_DASHES },
+ { {"error-poison-system-directories", no_argument, NULL,
+ OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
+ '\0', NULL, N_("Give an error for -L options using system directories"),
+ TWO_DASHES },
};
#define OPTION_COUNT ARRAY_SIZE (ld_options)
@@ -562,6 +570,7 @@ parse_args (unsigned argc, char **argv)
int ingroup = 0;
char *default_dirlist = NULL;
char *shortopts;
+ char *BR_paranoid_env;
struct option *longopts;
struct option *really_longopts;
int last_optind;
@@ -1562,6 +1571,14 @@ parse_args (unsigned argc, char **argv)
}
break;
+ case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
+ command_line.poison_system_directories = FALSE;
+ break;
+
+ case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
+ command_line.error_poison_system_directories = TRUE;
+ break;
+
case OPTION_PUSH_STATE:
input_flags.pushed = xmemdup (&input_flags,
sizeof (input_flags),
@@ -1613,6 +1630,10 @@ parse_args (unsigned argc, char **argv)
command_line.soname = NULL;
}
+ BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
+ if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
+ command_line.error_poison_system_directories = TRUE;
+
while (ingroup)
{
einfo (_("%P: missing --end-group; added as last command line option\n"));
--
2.24.1
Reference in New Issue View Git Blame Copy Permalink