[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Sep 9 01:46:01 UTC 2021
The branch, master has been updated
via 4366c3bb71f gitlab-ci: run samba-fuzz autobuild target on Ubuntu 20.04-based image
via 4f300d672a8 fuzzing/oss-fuzz: strip RUNPATH from dependencies
via f94b1d3b31f fuzzing/oss-fuzz: fix samba build script for Ubuntu 20.04
via 541f9ee5ab6 fuzzing/oss-fuzz: fix RPATH comments for post-Ubuntu-16.04 era
via e608dcd2d67 configure: allow configure script to accept parameters with spaces
via 2fe8d3eeac4 fuzzing/oss-fuzz: fix image build recipe for Ubuntu 20.04
from 18e08c70900 docs: Avoid duplicate information on USER and PASSWD, reference the common section
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4366c3bb71fe9c083dedeae8798547b64a64d2b4
Author: Uri Simchoni <uri at samba.org>
Date: Tue Sep 7 18:39:12 2021 +0300
gitlab-ci: run samba-fuzz autobuild target on Ubuntu 20.04-based image
REF: https://github.com/google/oss-fuzz/issues/6301#issuecomment-911705365
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 9 01:45:09 UTC 2021 on sn-devel-184
commit 4f300d672a8ef1820e68bc82833de4f5d4c0996e
Author: Uri Simchoni <uri at samba.org>
Date: Mon Sep 6 22:55:55 2021 +0300
fuzzing/oss-fuzz: strip RUNPATH from dependencies
Strip all RUNPATH headers from all dependency shared objects that
we copy to the fuzzing target, as those libraries aren't placed
in their original place.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f94b1d3b31f2fb5bdbfce7b5f79d80f098b91975
Author: Uri Simchoni <uri at samba.org>
Date: Sat Sep 4 10:30:56 2021 +0300
fuzzing/oss-fuzz: fix samba build script for Ubuntu 20.04
Add a linker flag to generate fuzzer binaries with an RPATH
header instead of RUNPATH.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 541f9ee5ab66b41a2a8d9c54183b095ad99f3769
Author: Uri Simchoni <uri at samba.org>
Date: Sat Sep 4 10:11:58 2021 +0300
fuzzing/oss-fuzz: fix RPATH comments for post-Ubuntu-16.04 era
Remove what appears to be a copy+paste error in one place, and
explain that RPATH/RUNPATH is set by the linker, not by chrpath
utility.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e608dcd2d6736505022d0f9d1e008333bb70f1af
Author: Uri Simchoni <uri at samba.org>
Date: Sat Sep 4 11:01:56 2021 +0300
configure: allow configure script to accept parameters with spaces
Specifically this enables passing two linker flags to the --fuzz-target-ldflags
configure argument.
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2fe8d3eeac4cddedfeac936ce785c2c6f12d86ef
Author: Uri Simchoni <uri at samba.org>
Date: Fri Sep 3 18:46:17 2021 +0000
fuzzing/oss-fuzz: fix image build recipe for Ubuntu 20.04
Update the build_image.sh script to install Ubuntu 20.04 packages
instead of Ubuntu 16.04 on the oss-fuzz container - this will
allow the oss-fuzz container to be based on Ubuntu 20.04.
REF: https://github.com/google/oss-fuzz/issues/6301#issuecomment-911705365
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 2 +-
configure | 2 +-
lib/fuzzing/oss-fuzz/build_image.sh | 2 +-
lib/fuzzing/oss-fuzz/check_build.sh | 3 +--
lib/fuzzing/oss-fuzz/do_build.sh | 33 +++++++++++++++++++++++----------
5 files changed, 27 insertions(+), 15 deletions(-)
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 4b2f17938c8..a6c362931da 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -323,7 +323,7 @@ samba-libs:
samba-fuzz:
extends: .shared_template
variables:
- SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu1604}
+ SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2004}
ctdb:
extends: .shared_template
diff --git a/configure b/configure
index 2b0ffb0dae1..a6ca50feb47 100755
--- a/configure
+++ b/configure
@@ -13,5 +13,5 @@ export JOBS
unset LD_PRELOAD
cd . || exit 1
-$PYTHON $WAF configure $@ || exit 1
+$PYTHON $WAF configure "$@" || exit 1
cd $PREVPATH
diff --git a/lib/fuzzing/oss-fuzz/build_image.sh b/lib/fuzzing/oss-fuzz/build_image.sh
index 5df07dc43be..5d5e27e716d 100755
--- a/lib/fuzzing/oss-fuzz/build_image.sh
+++ b/lib/fuzzing/oss-fuzz/build_image.sh
@@ -1,6 +1,6 @@
#!/bin/sh -e
-DIST=ubuntu1604
+DIST=ubuntu2004
SCRIPT_DIR=`dirname $0`
$SCRIPT_DIR/../../../bootstrap/generated-dists/$DIST/bootstrap.sh
diff --git a/lib/fuzzing/oss-fuzz/check_build.sh b/lib/fuzzing/oss-fuzz/check_build.sh
index 501c2c813fc..98b83a81bbf 100755
--- a/lib/fuzzing/oss-fuzz/check_build.sh
+++ b/lib/fuzzing/oss-fuzz/check_build.sh
@@ -25,8 +25,7 @@ do
# Confirm that the chrpath was reset to lib/ in the same directory
# as the binary. RPATH (not RUNPATH) is critical, otherwise
# libraries used by libraries won't be found on the oss-fuzz
- # target host, but is only possible with clang or ld.bfd on Ubuntu
- # 16.04 (this script is only run on that).
+ # target host.
chrpath -l $bin | grep 'RPATH=$ORIGIN/lib'
# Confirm that we link to at least some libraries in this
diff --git a/lib/fuzzing/oss-fuzz/do_build.sh b/lib/fuzzing/oss-fuzz/do_build.sh
index 4c6796d2350..e00e2251589 100755
--- a/lib/fuzzing/oss-fuzz/do_build.sh
+++ b/lib/fuzzing/oss-fuzz/do_build.sh
@@ -77,12 +77,15 @@ esac
# $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command
#
+# --disable-new-dtags linker flag creates fuzzer binaries with RPATH
+# header instead of RUNPATH header. Modern linkers use RUNPATH by
+# default.
./configure -C --without-gettext --enable-debug --enable-developer \
--enable-libfuzzer \
$SANITIZER_ARG \
--disable-warnings-as-errors \
--abi-check-disable \
- --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \
+ --fuzz-target-ldflags="-Wl,--disable-new-dtags $LIB_FUZZING_ENGINE" \
--nonshared-binary=ALL \
"$@" \
LINK_CC="$CXX"
@@ -254,16 +257,12 @@ do
cp $x $OUT/
bin=`basename $x`
- # Changing RPATH (not RUNPATH, but we can't tell here which was
- # set) is critical, otherwise libraries used by libraries won't be
- # found on the oss-fuzz target host. Sadly this is only possible
- # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on
- # that).
+ # This means the copied libraries are found on the runner.
#
- # chrpath --convert only allows RPATH to be changed to RUNPATH,
- # not the other way around, and we really don't want RUNPATH.
- #
- # This means the copied libraries are found on the runner
+ # The binaries should we built with RPATH, not RUNPATH, to allow
+ # libraries used by libraries to be found. This command retains the
+ # RPATH/RUNPATH header and only changes the path. We later verify this
+ # in the check_build.sh script.
chrpath -r '$ORIGIN/lib' $OUT/$bin
# Truncate the original binary to save space
@@ -271,6 +270,20 @@ do
done
+# Strip RUNPATH: or RPATH: entries from shared libraries copied over to $OUT/lib.
+# When those libraries get loaded and have further dependencies, a RUNPATH: header
+# will cause the dynamic linker to search in the runpath, and not in $OUT/lib,
+# and there's no way it will be found in the fuzzing env.
+#
+# So how is the indirect depedency found in $OUT/lib? Well, suppose the fuzzer binary
+# links library A which links library B. During linking, both A and B as listed in the
+# executable file's runtime dependencies (This was pioneered in Fedora 13 in 2010, but
+# is common behavior now). So we have the fuzzer binary with RPATH set to $OUT/lib, and
+# a dependency on library B, and it will therefor find library B in $OUT/lib. On the
+# hand, if we keep the RUNPATH in library A, and load A first, it will try loading
+# library B as a dependency of A from the wrong place.
+chrpath -d $OUT/lib/*
+
# Grap the seeds dictionary from github and put the seed zips in place
# beside their executables.
--
Samba Shared Repository
More information about the samba-cvs
mailing list