The branch, master has been updated via 4366c3bb71f gitlab-ci: run samba-fuzz autobuild target on Ubuntu 20.04-based image via 4f300d672a8 fuzzing/oss-fuzz: strip RUNPATH from dependencies via f94b1d3b31f fuzzing/oss-fuzz: fix samba build script for Ubuntu 20.04 via 541f9ee5ab6 fuzzing/oss-fuzz: fix RPATH comments for post-Ubuntu-16.04 era via e608dcd2d67 configure: allow configure script to accept parameters with spaces via 2fe8d3eeac4 fuzzing/oss-fuzz: fix image build recipe for Ubuntu 20.04 from 18e08c70900 docs: Avoid duplicate information on USER and PASSWD, reference the common section
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 4366c3bb71fe9c083dedeae8798547b64a64d2b4 Author: Uri Simchoni <u...@samba.org> Date: Tue Sep 7 18:39:12 2021 +0300 gitlab-ci: run samba-fuzz autobuild target on Ubuntu 20.04-based image REF: https://github.com/google/oss-fuzz/issues/6301#issuecomment-911705365 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Thu Sep 9 01:45:09 UTC 2021 on sn-devel-184 commit 4f300d672a8ef1820e68bc82833de4f5d4c0996e Author: Uri Simchoni <u...@samba.org> Date: Mon Sep 6 22:55:55 2021 +0300 fuzzing/oss-fuzz: strip RUNPATH from dependencies Strip all RUNPATH headers from all dependency shared objects that we copy to the fuzzing target, as those libraries aren't placed in their original place. Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f94b1d3b31f2fb5bdbfce7b5f79d80f098b91975 Author: Uri Simchoni <u...@samba.org> Date: Sat Sep 4 10:30:56 2021 +0300 fuzzing/oss-fuzz: fix samba build script for Ubuntu 20.04 Add a linker flag to generate fuzzer binaries with an RPATH header instead of RUNPATH. Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 541f9ee5ab66b41a2a8d9c54183b095ad99f3769 Author: Uri Simchoni <u...@samba.org> Date: Sat Sep 4 10:11:58 2021 +0300 fuzzing/oss-fuzz: fix RPATH comments for post-Ubuntu-16.04 era Remove what appears to be a copy+paste error in one place, and explain that RPATH/RUNPATH is set by the linker, not by chrpath utility. Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e608dcd2d6736505022d0f9d1e008333bb70f1af Author: Uri Simchoni <u...@samba.org> Date: Sat Sep 4 11:01:56 2021 +0300 configure: allow configure script to accept parameters with spaces Specifically this enables passing two linker flags to the --fuzz-target-ldflags configure argument. Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2fe8d3eeac4cddedfeac936ce785c2c6f12d86ef Author: Uri Simchoni <u...@samba.org> Date: Fri Sep 3 18:46:17 2021 +0000 fuzzing/oss-fuzz: fix image build recipe for Ubuntu 20.04 Update the build_image.sh script to install Ubuntu 20.04 packages instead of Ubuntu 16.04 on the oss-fuzz container - this will allow the oss-fuzz container to be based on Ubuntu 20.04. REF: https://github.com/google/oss-fuzz/issues/6301#issuecomment-911705365 Signed-off-by: Uri Simchoni <u...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: .gitlab-ci-main.yml | 2 +- configure | 2 +- lib/fuzzing/oss-fuzz/build_image.sh | 2 +- lib/fuzzing/oss-fuzz/check_build.sh | 3 +-- lib/fuzzing/oss-fuzz/do_build.sh | 33 +++++++++++++++++++++++---------- 5 files changed, 27 insertions(+), 15 deletions(-) Changeset truncated at 500 lines: diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml index 4b2f17938c8..a6c362931da 100644 --- a/.gitlab-ci-main.yml +++ b/.gitlab-ci-main.yml @@ -323,7 +323,7 @@ samba-libs: samba-fuzz: extends: .shared_template variables: - SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu1604} + SAMBA_CI_JOB_IMAGE: ${SAMBA_CI_CONTAINER_IMAGE_ubuntu2004} ctdb: extends: .shared_template diff --git a/configure b/configure index 2b0ffb0dae1..a6ca50feb47 100755 --- a/configure +++ b/configure @@ -13,5 +13,5 @@ export JOBS unset LD_PRELOAD cd . || exit 1 -$PYTHON $WAF configure $@ || exit 1 +$PYTHON $WAF configure "$@" || exit 1 cd $PREVPATH diff --git a/lib/fuzzing/oss-fuzz/build_image.sh b/lib/fuzzing/oss-fuzz/build_image.sh index 5df07dc43be..5d5e27e716d 100755 --- a/lib/fuzzing/oss-fuzz/build_image.sh +++ b/lib/fuzzing/oss-fuzz/build_image.sh @@ -1,6 +1,6 @@ #!/bin/sh -e -DIST=ubuntu1604 +DIST=ubuntu2004 SCRIPT_DIR=`dirname $0` $SCRIPT_DIR/../../../bootstrap/generated-dists/$DIST/bootstrap.sh diff --git a/lib/fuzzing/oss-fuzz/check_build.sh b/lib/fuzzing/oss-fuzz/check_build.sh index 501c2c813fc..98b83a81bbf 100755 --- a/lib/fuzzing/oss-fuzz/check_build.sh +++ b/lib/fuzzing/oss-fuzz/check_build.sh @@ -25,8 +25,7 @@ do # Confirm that the chrpath was reset to lib/ in the same directory # as the binary. RPATH (not RUNPATH) is critical, otherwise # libraries used by libraries won't be found on the oss-fuzz - # target host, but is only possible with clang or ld.bfd on Ubuntu - # 16.04 (this script is only run on that). + # target host. chrpath -l $bin | grep 'RPATH=$ORIGIN/lib' # Confirm that we link to at least some libraries in this diff --git a/lib/fuzzing/oss-fuzz/do_build.sh b/lib/fuzzing/oss-fuzz/do_build.sh index 4c6796d2350..e00e2251589 100755 --- a/lib/fuzzing/oss-fuzz/do_build.sh +++ b/lib/fuzzing/oss-fuzz/do_build.sh @@ -77,12 +77,15 @@ esac # $LIB_FUZZING_ENGINE is provided by the oss-fuzz "compile" command # +# --disable-new-dtags linker flag creates fuzzer binaries with RPATH +# header instead of RUNPATH header. Modern linkers use RUNPATH by +# default. ./configure -C --without-gettext --enable-debug --enable-developer \ --enable-libfuzzer \ $SANITIZER_ARG \ --disable-warnings-as-errors \ --abi-check-disable \ - --fuzz-target-ldflags="$LIB_FUZZING_ENGINE" \ + --fuzz-target-ldflags="-Wl,--disable-new-dtags $LIB_FUZZING_ENGINE" \ --nonshared-binary=ALL \ "$@" \ LINK_CC="$CXX" @@ -254,16 +257,12 @@ do cp $x $OUT/ bin=`basename $x` - # Changing RPATH (not RUNPATH, but we can't tell here which was - # set) is critical, otherwise libraries used by libraries won't be - # found on the oss-fuzz target host. Sadly this is only possible - # with clang or ld.bfd on Ubuntu 16.04 (this script is only run on - # that). + # This means the copied libraries are found on the runner. # - # chrpath --convert only allows RPATH to be changed to RUNPATH, - # not the other way around, and we really don't want RUNPATH. - # - # This means the copied libraries are found on the runner + # The binaries should we built with RPATH, not RUNPATH, to allow + # libraries used by libraries to be found. This command retains the + # RPATH/RUNPATH header and only changes the path. We later verify this + # in the check_build.sh script. chrpath -r '$ORIGIN/lib' $OUT/$bin # Truncate the original binary to save space @@ -271,6 +270,20 @@ do done +# Strip RUNPATH: or RPATH: entries from shared libraries copied over to $OUT/lib. +# When those libraries get loaded and have further dependencies, a RUNPATH: header +# will cause the dynamic linker to search in the runpath, and not in $OUT/lib, +# and there's no way it will be found in the fuzzing env. +# +# So how is the indirect depedency found in $OUT/lib? Well, suppose the fuzzer binary +# links library A which links library B. During linking, both A and B as listed in the +# executable file's runtime dependencies (This was pioneered in Fedora 13 in 2010, but +# is common behavior now). So we have the fuzzer binary with RPATH set to $OUT/lib, and +# a dependency on library B, and it will therefor find library B in $OUT/lib. On the +# hand, if we keep the RUNPATH in library A, and load A first, it will try loading +# library B as a dependency of A from the wrong place. +chrpath -d $OUT/lib/* + # Grap the seeds dictionary from github and put the seed zips in place # beside their executables. -- Samba Shared Repository