[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: a1d0123581ede02b54cf2c071507612dde25236c
Author: Sam James gentoo org>
AuthorDate: Thu Jan 25 12:10:45 2024 +
Commit: Sam James gentoo org>
CommitDate: Thu Jan 25 12:12:46 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a1d01235
ci: make tests verbose
muon doesn't support --print-errorlogs so just use -v which both muon and
meson support.
Signed-off-by: Sam James gentoo.org>
.github/workflows/build-test-ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index 3d170e3..e4e5857 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -53,7 +53,7 @@ jobs:
-Db_sanitize="${SANITIZER}" \
build
ninja -C build
-( cd build && "$BB" test; )
+( cd build && "$BB" test -v ; )
build-macos:
strategy:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 80a83a8f6aebd4c5f0d2a21bfbfe5d7cffd1fc9b Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 06:51:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 06:51:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=80a83a8f sanitizer: fix feature tests under clang While gcc defines __SANITIZE_ADDRESS__, clang requires more verbose tests. Add them to make the cleanup/security logic work correctly. Signed-off-by: Mike Frysinger gentoo.org> porting.h | 7 +++ 1 file changed, 7 insertions(+) diff --git a/porting.h b/porting.h index 103d268..6c0da01 100644 --- a/porting.h +++ b/porting.h @@ -74,6 +74,13 @@ #endif #undef PAX_UTILS_CLEANUP +#ifndef __SANITIZE_ADDRESS__ +# ifdef __has_feature +# if __has_feature (address_sanitizer) +# define __SANITIZE_ADDRESS__ 1 +# endif +# endif +#endif /* LSAN (Leak Sanitizer) will complain about things we leak. */ #ifdef __SANITIZE_ADDRESS__ # define PAX_UTILS_CLEANUP 1
[gentoo-commits] proj/pax-utils:master commit in: /
commit: af9a4e8e1695fcbaaeb379bec14ccc03b00341fa Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:53:39 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:53:39 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=af9a4e8e dumpelf: free elf after fuzzing it to avoid leaking Signed-off-by: Mike Frysinger gentoo.org> dumpelf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/dumpelf.c b/dumpelf.c index 5b18326..0afb6c7 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -587,6 +587,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (elf == NULL) return 0; dumpelf(elf, 0); + unreadelf(elf); return 0; } #else
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0b5d5d35b7b745dfff588579cda1245c5a4d19cb
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 05:50:23 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 05:50:23 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0b5d5d35
paxelf: reject ELFs with incomplete Ehdr structures
There's nothing useful we can parse out of these, so skip them.
Signed-off-by: Mike Frysinger gentoo.org>
paxelf.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/paxelf.c b/paxelf.c
index 9a34ea4..599d54f 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -620,6 +620,11 @@ free_elf_and_return:
char invalid; \
const Elf ## B ## _Ehdr *ehdr = EHDR ## B (elf->ehdr); \
Elf ## B ## _Off size; \
+ /* Need enough bytes for all of ehdr. */ \
+ if (elf->len < (off_t)sizeof(*ehdr)) { \
+ warn("%s: Incomplete ELF header", filename); \
+ goto free_elf_and_return; \
+ } \
/* verify program header */ \
invalid = 0; \
if (EGET(ehdr->e_phnum) <= 0) \
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0c6f0ca36748ae97d413aff232ad4fcc6829a582 Author: Mike Frysinger gentoo org> AuthorDate: Thu Jan 25 05:36:05 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Jan 25 05:36:05 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0c6f0ca3 README: update macOS name Signed-off-by: Mike Frysinger gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ec4bfe6..845c8de 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ pax-utils is a small set of utilities for performing Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF -format, but does include a Mach-O helper too for OS X systems. +format, but does include a Mach-O helper too for macOS systems. While heavily integrated into Gentoo's build system, it can be used on any distro as it is a generic toolset.
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c1759f9bf28edb910208a7c7fbb4b373fe8b1297
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 05:19:50 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 05:19:50 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c1759f9b
scanelf: fix hashtable overflow checks
Make sure we use the right offset, and make sure the numbers to check
don't overflow themselves -- if nbuckets & nchains are 32-bit, and if
we multiply them by 4, we can easily overflow before we get a chance
to see if they will fit within the memory range.
Bug: https://bugs.gentoo.org/890028
Signed-off-by: Mike Frysinger gentoo.org>
scanelf.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scanelf.c b/scanelf.c
index 140208b..0ee1bad 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -315,9 +315,9 @@ static void scanelf_file_get_symtabs(elfobj *elf, const
void **sym, const void *
Elf32_Word sym_idx; \
Elf32_Word chained; \
\
- if (!VALID_RANGE(elf, offset, nbuckets * 4)) \
+ if (!VALID_RANGE(elf, hash_offset, nbuckets *
(uint64_t)4)) \
goto corrupt_hash; \
- if (!VALID_RANGE(elf, offset, nchains * 4)) \
+ if (!VALID_RANGE(elf, hash_offset, nchains *
(uint64_t)4)) \
goto corrupt_hash; \
\
for (b = 0; b < nbuckets; ++b) { \
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 77bf161b55dbf340f4498ad26eef3fd7a0dfbcdc
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 05:02:51 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 05:02:51 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=77bf161b
ar: switch from alloca to malloc
If alloca allocates too much stack space, program behavior is undefined,
and basically we segfault. There is no way to check whether this will
happen ahead of time, so our only choice is to switch to malloc. If we
try to allocate too much memory from the heap, we'll get a NULL pointer,
and we can diagnose & exit ourselves. Kind of sucks as alloca was a
perfect fit here, but since the size is coming directly from user input,
we can't trust it is always "reasonable".
Bug: https://bugs.gentoo.org/890579
Signed-off-by: Mike Frysinger gentoo.org>
meson.build | 1 -
paxinc.c| 5 -
porting.h | 3 ---
3 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/meson.build b/meson.build
index e891d98..319e3de 100644
--- a/meson.build
+++ b/meson.build
@@ -44,7 +44,6 @@ foreach x : [
'linux/seccomp.h',
'linux/securebits.h',
'sys/prctl.h',
- 'alloca.h',
'elf-hints.h',
'glob.h',
]
diff --git a/paxinc.c b/paxinc.c
index 21844d8..644c0d6 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -89,11 +89,13 @@ static uint64_t ar_read_ascii_number(const char *numstr,
size_t ndigits, int bas
archive_member *ar_next(archive_handle *ar)
{
char *s;
+ char *heap_s = NULL;
ssize_t len = 0;
static archive_member ret;
if (ar->skip && lseek(ar->fd, ar->skip, SEEK_CUR) == -1) {
close_and_ret:
+ free(heap_s);
free(ar->extfn);
close(ar->fd);
ar->extfn = NULL;
@@ -146,7 +148,7 @@ close_and_ret:
if (read(ar->fd, ret.buf.formatted.name, len) != len)
goto close_and_ret;
} else {
- s = alloca(sizeof(char) * len + 1);
+ s = heap_s = xmalloc(sizeof(char) * (len + 1));
if (read(ar->fd, s, len) != len)
goto close_and_ret;
s[len] = '\0';
@@ -167,6 +169,7 @@ close_and_ret:
}
snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
+ free(heap_s);
ret.name[sizeof(ret.name) - 1] = '\0';
if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
*s = '\0';
diff --git a/porting.h b/porting.h
index 68e2b6c..103d268 100644
--- a/porting.h
+++ b/porting.h
@@ -40,9 +40,6 @@
#include
#include
#include "elf.h"
-#ifdef HAVE_ALLOCA_H
-# include
-#endif
#ifdef HAVE_SYS_PRCTL_H
# include
# ifdef HAVE_LINUX_SECCOMP_H
[gentoo-commits] proj/pax-utils:master commit in: /
commit: f2af478770a5a4a3f69ab64f1b5e17c8f7a17050
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 04:58:06 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 04:58:06 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f2af4787
ar: handle invalid extended filename offsets
Check the extended filename offset doesn't exceed the size of the
extended filename section.
Bug: https://bugs.gentoo.org/890579
Signed-off-by: Mike Frysinger gentoo.org>
paxinc.c | 10 --
paxinc.h | 1 +
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/paxinc.c b/paxinc.c
index 5369697..21844d8 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -126,7 +126,7 @@ close_and_ret:
warn("%s: Duplicate GNU extended filename section",
ar->filename);
goto close_and_ret;
}
- len = read_decimal_number_fixed(ret.buf.formatted.size);
+ len = ar->extfn_len =
read_decimal_number_fixed(ret.buf.formatted.size);
ar->extfn = xmalloc(sizeof(char) * (len + 1));
if (read(ar->fd, ar->extfn, len) != len)
goto close_and_ret;
@@ -157,7 +157,13 @@ close_and_ret:
warn("%s: GNU extended filename without special data
section", ar->filename);
goto close_and_ret;
}
- s = ar->extfn + read_decimal_number(s + 1,
sizeof(ret.buf.formatted.name) - 1);
+ /* NB: We NUL terminated extfn above when reading it. */
+ int64_t off = read_decimal_number(s + 1,
sizeof(ret.buf.formatted.name) - 1);
+ if (off >= ar->extfn_len) {
+ warn("%s: GNU extended filename has invalid offset",
ar->filename);
+ goto close_and_ret;
+ }
+ s = ar->extfn + off;
}
snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
diff --git a/paxinc.h b/paxinc.h
index c8fcf71..b2d2b50 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -48,6 +48,7 @@ typedef struct {
const char *filename;
size_t skip;
char *extfn;
+ off_t extfn_len;
bool verbose;
} archive_handle;
#else
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 5b5556d12b96dd2d420e0d66456f1935668b3984
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 04:33:40 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 04:33:40 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5b5556d1
ar: handle invalid ascii numbers better
The atoi helper handles signed 32-bit integers, and expects the input
strings to be NUL terminated. Some of the fields are larger than what
signed 32-bit can handle, and none of them are NUL terminated. The
code currently works because it stops processing once it reaches text
that is not numeric, and the content that follows each field is always
non-numeric (e.g. a space).
Add a helper function that leverages strtoll as all of the fields can
fit into a signed 64-bit number. If the number is invalid, flag it as
such, and normalize it to 0 so the rest of the code can continue on.
Bug: https://bugs.gentoo.org/890577
Signed-off-by: Mike Frysinger gentoo.org>
paxinc.c | 53 +
1 file changed, 45 insertions(+), 8 deletions(-)
diff --git a/paxinc.c b/paxinc.c
index ff4ab85..5369697 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -50,6 +50,42 @@ archive_handle *ar_open(const char *filename, bool verbose)
return ret;
}
+static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int
base)
+{
+ /* Largest field ar headers have is 16 bytes. */
+ char buf[17];
+ char *endp;
+ long long ret;
+
+ memcpy(buf, numstr, ndigits);
+ buf[ndigits] = '\0';
+
+ ret = strtoll(buf, , base);
+ /* Numbers are padded with whitespace. */
+ if (*endp != '\0' && *endp != ' ') {
+ warn("ar: invalid number: %s", buf);
+ ret = 0;
+ }
+
+ /*
+* Unsigned 64-bit numbers use up to 20 digits, and signed 64-bit
numbers use
+* up to 19 digits, but ndigits is always less than that. So we'd
never handle
+* a number that requires all 64-bits. If it's negative, it's because
the input
+* was negative e.g. "-1", and none of these fields should ever be
negative.
+*/
+ if (ret < 0) {
+ warn("ar: invalid number: %s", buf);
+ ret = 0;
+ }
+
+ return ret;
+}
+#define read_octal_number(s, n) ar_read_ascii_number(s, n, 8)
+#define read_decimal_number(s, n) ar_read_ascii_number(s, n, 10)
+/* For char[] arrays rather than dynamic pointers. */
+#define read_octal_number_fixed(s) read_octal_number(s, sizeof(s))
+#define read_decimal_number_fixed(s) read_decimal_number(s, sizeof(s))
+
archive_member *ar_next(archive_handle *ar)
{
char *s;
@@ -84,12 +120,13 @@ close_and_ret:
goto close_and_ret;
}
+ /* System V extended filename section. */
if (ret.buf.formatted.name[0] == '/' && ret.buf.formatted.name[1] ==
'/') {
if (ar->extfn != NULL) {
warn("%s: Duplicate GNU extended filename section",
ar->filename);
goto close_and_ret;
}
- len = atoi(ret.buf.formatted.size);
+ len = read_decimal_number_fixed(ret.buf.formatted.size);
ar->extfn = xmalloc(sizeof(char) * (len + 1));
if (read(ar->fd, ar->extfn, len) != len)
goto close_and_ret;
@@ -104,7 +141,7 @@ close_and_ret:
s = ret.buf.formatted.name;
if (s[0] == '#' && s[1] == '1' && s[2] == '/') {
/* BSD extended filename, always in use on Darwin */
- len = atoi(s + 3);
+ len = read_decimal_number(s + 3, sizeof(ret.buf.formatted.name)
- 3);
if (len <= (ssize_t)sizeof(ret.buf.formatted.name)) {
if (read(ar->fd, ret.buf.formatted.name, len) != len)
goto close_and_ret;
@@ -120,18 +157,18 @@ close_and_ret:
warn("%s: GNU extended filename without special data
section", ar->filename);
goto close_and_ret;
}
- s = ar->extfn + atoi(s + 1);
+ s = ar->extfn + read_decimal_number(s + 1,
sizeof(ret.buf.formatted.name) - 1);
}
snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
ret.name[sizeof(ret.name) - 1] = '\0';
if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
*s = '\0';
- ret.date = atoi(ret.buf.formatted.date);
- ret.uid = atoi(ret.buf.formatted.uid);
- ret.gid = atoi(ret.buf.formatted.gid);
- ret.mode = strtol(ret.buf.formatted.mode, NULL, 8);
- ret.size = atoi(ret.buf.formatted.size);
+ ret.date = read_decimal_number_fixed(ret.buf.formatted.date);
+ ret.uid = read_decimal_number_fixed(ret.buf.formatted.uid);
+ ret.gid = read_decimal_number_fixed(ret.buf.formatted.gid);
+ ret.mode
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 5243cb017a7847f53caaa7c89b8e7f3abf1e5e40
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 02:52:41 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 02:52:41 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5243cb01
unify usage() output across all the tools
The scanelf --help output is the best & most flexible, so move that
to common code so the rest of the tools can benefit from it.
Signed-off-by: Mike Frysinger gentoo.org>
dumpelf.c | 20 +++-
paxinc.c| 50 ++
paxinc.h| 11 +++
pspax.c | 21 +++--
scanelf.c | 45 +++--
scanmacho.c | 24
6 files changed, 90 insertions(+), 81 deletions(-)
diff --git a/dumpelf.c b/dumpelf.c
index c8f27e4..5b18326 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -507,7 +507,6 @@ static void dump_dyn(const elfobj *elf, const void
*dyn_void, size_t dyn_cnt)
/* usage / invocation handling functions */
#define PARSE_FLAGS "vhV"
-#define a_argument required_argument
static struct option const long_opts[] = {
{"verbose", no_argument, NULL, 'v'},
{"help", no_argument, NULL, 'h'},
@@ -524,18 +523,13 @@ static const char * const opts_help[] = {
/* display usage and exit */
static void usage(int status)
{
- size_t i;
- printf("* Dump internal ELF structure\n\n"
- "Usage: %s [file2 fileN ...]\n\n", argv0);
- printf("Options:\n");
- for (i = 0; long_opts[i].name; ++i)
- if (long_opts[i].has_arg == no_argument)
- printf(" -%c, --%-13s* %s\n", long_opts[i].val,
- long_opts[i].name, opts_help[i]);
- else
- printf(" -%c, --%-6s * %s\n", long_opts[i].val,
- long_opts[i].name, opts_help[i]);
- exit(status);
+ pax_usage(
+ "Dump internal ELF structure",
+ " [file2 fileN ...]",
+ PARSE_FLAGS,
+ long_opts,
+ opts_help,
+ status);
}
/* parse command line arguments and perform needed actions */
diff --git a/paxinc.c b/paxinc.c
index 589d7ae..ff4ab85 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -198,3 +198,53 @@ const char *root_rel_path(const char *path)
return path;
}
+
+void pax_usage(
+ const char *header,
+ const char *args,
+ const char *parse_flags,
+ const struct option long_opts[],
+ const char * const opts_help[],
+ int status)
+{
+ const char a_arg[] = "";
+ size_t a_arg_len = strlen(a_arg) + 2;
+ size_t i;
+ int optlen;
+
+ printf("* %s\n\n"
+ "Usage: %s [options] %s\n\n", header, argv0, args);
+ printf("Options: -[%s]\n", parse_flags);
+
+ /* Prescan the --long opt length to auto-align. */
+ optlen = 0;
+ for (i = 0; long_opts[i].name; ++i) {
+ int l = strlen(long_opts[i].name);
+ if (long_opts[i].has_arg == a_argument)
+ l += a_arg_len;
+ optlen = max(l, optlen);
+ }
+ /* Use some reasonable min width. */
+ optlen = max(20, optlen);
+
+ for (i = 0; long_opts[i].name; ++i) {
+ /* First output the short flag if it has one. */
+ if (long_opts[i].val > '~')
+ printf(" ");
+ else
+ printf(" -%c, ", long_opts[i].val);
+
+ /* Then the long flag. */
+ if (long_opts[i].has_arg == no_argument)
+ printf("--%-*s", optlen, long_opts[i].name);
+ else
+ printf("--%s %s %*s", long_opts[i].name, a_arg,
+ (int)(optlen - strlen(long_opts[i].name) -
a_arg_len), "");
+
+ /* Finally the help text. */
+ printf("* %s\n", opts_help[i]);
+ }
+
+ printf("\nFor more information, see the %s(1) manpage.\n", argv0);
+ exit(status);
+}
diff --git a/paxinc.h b/paxinc.h
index d25cf57..c8fcf71 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -124,6 +124,17 @@ void color_init(bool disable);
/* constant pointer to a constant buffer ... each program needs to set this */
extern const char argv0[];
+/* Display usage and exit. */
+extern void pax_usage(
+ const char *header,
+ const char *args,
+ const char *parse_flags,
+ const struct option long_opts[],
+ const char * const opts_help[],
+ int status);
+
+#define a_argument required_argument
+
/* we need the space before the last comma or we trigger a bug in gcc-2 :( */
#define warn(fmt, args...) \
fprintf(stderr, "%s%s%s: " fmt "\n", RED, argv0, NORM , ## args)
diff --git a/pspax.c b/pspax.c
index 1cfd72f..4cd09b6 100644
--- a/pspax.c
+++
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 76055a7dd0ab434e00df33b3577542bb69172aa8
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 02:25:39 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 02:25:39 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=76055a7d
pspax: switch from fgets to getline
This avoids limiting buffers to BUFSIZ which is a stdio.h define for
stdio buffers, not for random files, and is not a guaranteed size.
Signed-off-by: Mike Frysinger gentoo.org>
pspax.c | 35 ---
1 file changed, 20 insertions(+), 15 deletions(-)
diff --git a/pspax.c b/pspax.c
index 04cae79..1cfd72f 100644
--- a/pspax.c
+++ b/pspax.c
@@ -119,12 +119,13 @@ static const char *get_proc_name(int pfd)
static int get_proc_maps(int pfd)
{
FILE *fp;
- static char str[BUFSIZ];
+ static char *str = NULL;
+ static size_t len = 0;
if ((fp = fopenat_r(pfd, "maps")) == NULL)
return -1;
- while (fgets(str, sizeof(str), fp)) {
+ while (getline(, , fp) != -1) {
char *p;
if ((p = strchr(str, ' ')) != NULL) {
if (strlen(p) < 6)
@@ -155,12 +156,13 @@ static int get_proc_maps(int pfd)
static int print_executable_mappings(int pfd)
{
FILE *fp;
- static char str[BUFSIZ];
+ static char *str = NULL;
+ static size_t len = 0;
if ((fp = fopenat_r(pfd, "maps")) == NULL)
return -1;
- while (fgets(str, sizeof(str), fp)) {
+ while (getline(, , fp) != -1) {
char *p;
if ((p = strchr(str, ' ')) != NULL) {
if (strlen(p) < 6)
@@ -200,20 +202,21 @@ static const struct passwd *get_proc_passwd(int pfd)
static const char *get_proc_status(int pfd, const char *name)
{
FILE *fp;
- size_t len;
- static char str[BUFSIZ];
+ size_t name_len;
+ static char *str = NULL;
+ static size_t len = 0;
if ((fp = fopenat_r(pfd, "status")) == NULL)
return NULL;
- len = strlen(name);
- while (fgets(str, sizeof(str), fp)) {
- if (strncasecmp(str, name, len) != 0)
+ name_len = strlen(name);
+ while (getline(, , fp) != -1) {
+ if (strncasecmp(str, name, name_len) != 0)
continue;
- if (str[len] == ':') {
+ if (str[name_len] == ':') {
fclose(fp);
str[strlen(str) - 1] = 0;
- return (str + len + 2);
+ return (str + name_len + 2);
}
}
fclose(fp);
@@ -225,12 +228,13 @@ static const char *get_pid_attr(int pfd)
{
FILE *fp;
char *p;
- static char buf[BUFSIZ];
+ static char *buf = NULL;
+ static size_t len = 0;
if ((fp = fopenat_r(pfd, "attr/current")) == NULL)
return NULL;
- if (fgets(buf, sizeof(buf), fp) == NULL) {
+ if (getline(, , fp) == -1) {
fclose(fp);
return NULL;
}
@@ -247,12 +251,13 @@ static const char *get_pid_addr(int pfd)
{
FILE *fp;
char *p;
- static char buf[BUFSIZ];
+ static char *buf = NULL;
+ static size_t len = 0;
if ((fp = fopenat_r(pfd, "ipaddr")) == NULL)
return NULL;
- if (fgets(buf, sizeof(buf), fp) == NULL) {
+ if (getline(, , fp) == -1) {
fclose(fp);
return NULL;
}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 6be48eb30663e52678a26e303a29842ca15dadca
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 02:19:37 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 02:19:37 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6be48eb3
pspax: fix error handling when reading attr or ipaddr fail
If these functions weren't able to read data from the files, they'd
return the previous buffer contents which would be pretty confusing.
Fix it to return NULL instead like other get helpers in here.
Signed-off-by: Mike Frysinger gentoo.org>
pspax.c | 22 --
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/pspax.c b/pspax.c
index f1644a3..04cae79 100644
--- a/pspax.c
+++ b/pspax.c
@@ -230,9 +230,14 @@ static const char *get_pid_attr(int pfd)
if ((fp = fopenat_r(pfd, "attr/current")) == NULL)
return NULL;
- if (fgets(buf, sizeof(buf), fp) != NULL)
- if ((p = strchr(buf, '\n')) != NULL)
- *p = 0;
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
+ fclose(fp);
+ return NULL;
+ }
+
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = 0;
+
fclose(fp);
return buf;
@@ -247,9 +252,14 @@ static const char *get_pid_addr(int pfd)
if ((fp = fopenat_r(pfd, "ipaddr")) == NULL)
return NULL;
- if (fgets(buf, sizeof(buf), fp) != NULL)
- if ((p = strchr(buf, '\n')) != NULL)
- *p = 0;
+ if (fgets(buf, sizeof(buf), fp) == NULL) {
+ fclose(fp);
+ return NULL;
+ }
+
+ if ((p = strchr(buf, '\n')) != NULL)
+ *p = 0;
+
fclose(fp);
return buf;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b5d34e577acb271cdc616b47b77569cb5577b9ef
Author: Mike Frysinger gentoo org>
AuthorDate: Thu Jan 25 01:55:49 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Thu Jan 25 01:55:49 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b5d34e57
pspax: fix buffer limiting in cmdline reading
The current scanf format tries to use "%s.1023" to limit reading to 1023
bytes, but that doesn't actually work -- the maximum field width is between
the "%" and the "s", so it should have been "%1023s". This ends up working
anyways because the %s stops reading when it hits NUL or a space. Normally
cmdline is NUL delimited which means argv[0] would have to be 1024+ bytes
inorder to overflow this. Or the process rewrote its cmdline settings such
that argv[0] was that long. Certainly possible, but extremely unlikely.
Fix the scanf string to properly limit to 1023 bytes (+1 for the NUL).
Signed-off-by: Mike Frysinger gentoo.org>
pspax.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pspax.c b/pspax.c
index 81392b1..f1644a3 100644
--- a/pspax.c
+++ b/pspax.c
@@ -63,7 +63,7 @@ static const char *get_proc_name_cmdline(int pfd)
if (fp == NULL)
return NULL;
- if (fscanf(fp, "%s.1023", str) != 1) {
+ if (fscanf(fp, "%1023s", str) != 1) {
fclose(fp);
return NULL;
}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a8a823e6acf88625fd482e15b2ba69c5f165fe46
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Jan 24 22:51:40 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Jan 24 22:51:40 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a8a823e6
pspax: replace proc_fopen with fopenat_r
Switch to the common helper we have in paxinc already that does
exactly the same thing as this proc_fopen.
Signed-off-by: Mike Frysinger gentoo.org>
pspax.c | 37 -
1 file changed, 8 insertions(+), 29 deletions(-)
diff --git a/pspax.c b/pspax.c
index 97d51c6..81392b1 100644
--- a/pspax.c
+++ b/pspax.c
@@ -40,33 +40,12 @@ static pid_t show_pid = 0;
static uid_t show_uid = (uid_t)-1;
static gid_t show_gid = (gid_t)-1;
-static int proc_open(int pfd, const char *file)
-{
- return openat(pfd, file, O_RDONLY|O_CLOEXEC);
-}
-
-static FILE *proc_fopen(int pfd, const char *file)
-{
- int fd;
- FILE *fp;
-
- fd = proc_open(pfd, file);
- if (fd == -1)
- return NULL;
-
- fp = fdopen(fd, "re");
- if (fp == NULL)
- close(fd);
-
- return fp;
-}
-
static elfobj *proc_readelf(int pfd)
{
int fd;
elfobj *elf;
- fd = proc_open(pfd, "exe");
+ fd = openat(pfd, "exe", O_RDONLY|O_CLOEXEC);
if (fd == -1)
return NULL;
@@ -80,7 +59,7 @@ static const char *get_proc_name_cmdline(int pfd)
FILE *fp;
static char str[1024];
- fp = proc_fopen(pfd, "cmdline");
+ fp = fopenat_r(pfd, "cmdline");
if (fp == NULL)
return NULL;
@@ -107,7 +86,7 @@ static const char *get_proc_name(int pfd)
if (wide_output)
return get_proc_name_cmdline(pfd);
- fp = proc_fopen(pfd, "stat");
+ fp = fopenat_r(pfd, "stat");
if (fp == NULL)
return NULL;
@@ -142,7 +121,7 @@ static int get_proc_maps(int pfd)
FILE *fp;
static char str[BUFSIZ];
- if ((fp = proc_fopen(pfd, "maps")) == NULL)
+ if ((fp = fopenat_r(pfd, "maps")) == NULL)
return -1;
while (fgets(str, sizeof(str), fp)) {
@@ -178,7 +157,7 @@ static int print_executable_mappings(int pfd)
FILE *fp;
static char str[BUFSIZ];
- if ((fp = proc_fopen(pfd, "maps")) == NULL)
+ if ((fp = fopenat_r(pfd, "maps")) == NULL)
return -1;
while (fgets(str, sizeof(str), fp)) {
@@ -224,7 +203,7 @@ static const char *get_proc_status(int pfd, const char
*name)
size_t len;
static char str[BUFSIZ];
- if ((fp = proc_fopen(pfd, "status")) == NULL)
+ if ((fp = fopenat_r(pfd, "status")) == NULL)
return NULL;
len = strlen(name);
@@ -248,7 +227,7 @@ static const char *get_pid_attr(int pfd)
char *p;
static char buf[BUFSIZ];
- if ((fp = proc_fopen(pfd, "attr/current")) == NULL)
+ if ((fp = fopenat_r(pfd, "attr/current")) == NULL)
return NULL;
if (fgets(buf, sizeof(buf), fp) != NULL)
@@ -265,7 +244,7 @@ static const char *get_pid_addr(int pfd)
char *p;
static char buf[BUFSIZ];
- if ((fp = proc_fopen(pfd, "ipaddr")) == NULL)
+ if ((fp = fopenat_r(pfd, "ipaddr")) == NULL)
return NULL;
if (fgets(buf, sizeof(buf), fp) != NULL)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 1cf21243deebbfe3a5655f0ac18cd25e9ba53c48
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Jan 24 22:06:41 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Jan 24 22:06:41 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1cf21243
pspax: rework & document get_proc_name
The current scanf format tries to use "%s.16" to limit reading to 16
bytes, but that doesn't actually work -- the maximum field width is
between the "%" and the "s", so it should have been "%16s". This ends
up working anyways because the %s consumes the entire string before it
stops, and then scanf stops processing after it can't match ".16". If
the size of the field were BUFSIZE or larger, then it'd overflow. In
practice, BUFSIZ tends to be "large" (i.e. O(KiB)), and the kernel will
truncate this field to 16 bytes for userspace programs. Kernel threads
can have longer names, but not that big. At least, on Linux.
Fix the scanf string to properly limit to 15 bytes, and change the local
buffer to be exactly 16 bytes rather than the unrelated BUFSIZ (which is
a stdio.h buffer size, and nothing related to kernel processes). Then
add some more comments to explain what the code is actually doing, and
simplify the final NUL logic to avoid redundant work.
Signed-off-by: Mike Frysinger gentoo.org>
pspax.c | 28 +++-
1 file changed, 23 insertions(+), 5 deletions(-)
diff --git a/pspax.c b/pspax.c
index 1e3562d..97d51c6 100644
--- a/pspax.c
+++ b/pspax.c
@@ -96,7 +96,13 @@ static const char *get_proc_name_cmdline(int pfd)
static const char *get_proc_name(int pfd)
{
FILE *fp;
- static char str[BUFSIZ];
+ /*
+* The stat file says process names are truncated to TASK_COMM_LEN (16)
bytes.
+* That includes the trailing NUL (\0) byte. This is true for
userspace, but
+* kernel processes seem to be unlimited. We don't care about those in
this
+* program though, so truncating them all the time is fine.
+*/
+ static char str[16];
if (wide_output)
return get_proc_name_cmdline(pfd);
@@ -105,18 +111,30 @@ static const char *get_proc_name(int pfd)
if (fp == NULL)
return NULL;
- if (fscanf(fp, "%*d %s.16", str) != 1) {
+ /*
+* The format is:
+*() ...more fields...
+* For example:
+* 1234 (bash) R ...
+*
+* Match the leading (, then read 15 bytes (since scanf writes, but
doesn't count,
+* NUL bytes, so it will write up to 16 bytes to str). Ignore the rest
rather than
+* look for closing ) since kernel processes can be longer.
+*/
+ if (fscanf(fp, "%*d (%15s", str) != 1) {
fclose(fp);
return NULL;
}
if (*str) {
- str[strlen(str) - 1] = '\0';
- str[16] = 0;
+ /* Discard trailing ) if it exists. */
+ size_t len = strlen(str);
+ if (str[len - 1] == ')')
+ str[len - 1] = '\0';
}
fclose(fp);
- return (str+1);
+ return str;
}
static int get_proc_maps(int pfd)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 063a90661c0423172e23405c2548e649a1631796
Author: Mike Frysinger chromium org>
AuthorDate: Wed Jan 24 15:35:52 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Jan 24 15:35:52 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=063a9066
build: use standard HAVE_xxx define style
Use the more standard HAVE_xxx convention, and only define when
available. This avoids further confusion with code that is using
"#ifdef" already.
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
meson.build | 4 +---
porting.h | 20 ++--
2 files changed, 11 insertions(+), 13 deletions(-)
diff --git a/meson.build b/meson.build
index c91bb64..e891d98 100644
--- a/meson.build
+++ b/meson.build
@@ -48,11 +48,9 @@ foreach x : [
'elf-hints.h',
'glob.h',
]
- x_exists = 0
if cc.has_header(x)
-x_exists = 1
+probe_results.set('HAVE_' + x.to_upper().underscorify(), 1)
endif
- probe_results.set('HAS_' + x.to_upper().underscorify(), x_exists)
endforeach
configure_file(
diff --git a/porting.h b/porting.h
index 1ace55e..68e2b6c 100644
--- a/porting.h
+++ b/porting.h
@@ -40,36 +40,36 @@
#include
#include
#include "elf.h"
-#if HAS_ALLOCA_H
+#ifdef HAVE_ALLOCA_H
# include
#endif
-#if HAS_SYS_PRCTL_H
+#ifdef HAVE_SYS_PRCTL_H
# include
-# if HAS_LINUX_SECCOMP_H
+# ifdef HAVE_LINUX_SECCOMP_H
# include
# endif
-# if HAS_LINUX_SECUREBITS_H
+# ifdef HAVE_LINUX_SECUREBITS_H
# include
# endif
#endif
-#if HAS_ENDIAN_H && HAS_BYTESWAP_H
+#if defined(HAVE_ENDIAN_H) && defined(HAVE_BYTESWAP_H)
# include
# include
-#elif HAS_SYS_ENDIAN_H
+#elif defined(HAVE_SYS_ENDIAN_H)
# include
-#elif HAS_ISA_DEFS_H
+#elif defined(HAVE_ISA_DEFS_H)
# include
-#elif HAS_MACHINE_ENDIAN_H
+#elif defined(HAVE_MACHINE_ENDIAN_H)
# include
#endif
-#ifdef HAS_GLOB_H
+#ifdef HAVE_GLOB_H
# include
#endif
#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
# define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG "/etc/ld.so.conf"
-#elif HAS_ELF_HINTS_H
+#elif defined(HAVE_ELF_HINTS_H)
# include
# define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG _PATH_ELF_HINTS
#else
[gentoo-commits] proj/pax-utils:master commit in: tests/source/, /
commit: e679f9bd82197f0f1831a0a4a282851994aa172c
Author: Mike Frysinger chromium org>
AuthorDate: Wed Jan 24 15:32:52 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Jan 24 15:32:52 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e679f9bd
build: use standard config.h naming
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
meson.build | 2 +-
porting.h | 2 +-
tests/source/dotest | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/meson.build b/meson.build
index 255107b..c91bb64 100644
--- a/meson.build
+++ b/meson.build
@@ -56,7 +56,7 @@ foreach x : [
endforeach
configure_file(
- output : 'probes.h',
+ output : 'config.h',
configuration : probe_results,
)
diff --git a/porting.h b/porting.h
index 61018fb..1ace55e 100644
--- a/porting.h
+++ b/porting.h
@@ -11,7 +11,7 @@
#ifndef _PORTING_H
#define _PORTING_H
-#include "probes.h"
+#include "config.h"
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(*arr))
diff --git a/tests/source/dotest b/tests/source/dotest
index cc278a5..c97e8cb 100755
--- a/tests/source/dotest
+++ b/tests/source/dotest
@@ -5,7 +5,7 @@
findfiles() {
find "${top_srcdir}" \
'(' -type d -a '(' -name .git -o -name autotools ')' -prune ')'
\
- -o '(' '(' -name '*.[ch]' -a ! -name 'probes.h' ')' -print0 ')'
+ -o '(' '(' -name '*.[ch]' -a ! -name 'config.h' ')' -print0 ')'
}
#
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 857eaddab407db1577076a09206386bc62bfa4eb
Author: Mike Frysinger gentoo org>
AuthorDate: Tue Jan 16 04:59:57 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Jan 16 04:59:57 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=857eadda
fix various typos found w/codespell
Signed-off-by: Mike Frysinger gentoo.org>
README.md | 2 +-
dumpelf.c | 4 ++--
lddtree.sh | 8
macho.h| 4 ++--
paxelf.c | 2 +-
paxldso.c | 2 +-
porting.h | 2 +-
pspax.c| 2 +-
pyproject.toml | 10 ++
scanelf.c | 6 +++---
scanmacho.c| 2 +-
11 files changed, 27 insertions(+), 17 deletions(-)
diff --git a/README.md b/README.md
index 99bbc3f..ec4bfe6 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ PaX helpers for people interested in that.
pax-utils uses a bog-standard meson-based build system. See `meson_options.txt`
for configuration options.
-You don't need PaX to use the pax-utils. Infact the only thing they
+You don't need PaX to use the pax-utils. In fact the only thing they
really have in common is that pax-utils was initially written to aid in
deploying PaX systems so it includes support for PT_PAX_FLAGS and the
deprecated but still in use EI_PAX flags. For more information about PaX
diff --git a/dumpelf.c b/dumpelf.c
index 1a469ea..c8f27e4 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -114,7 +114,7 @@ static void dumpelf(const elfobj *elf, size_t file_cnt)
break_out_shdr:
printf("},\n");
- /* finish the namespace struct and start the abitrary ones */
+ /* finish the namespace struct and start the arbitrary ones */
printf("\n.dyns = dumpedelf_dyn_%zu,\n", file_cnt);
printf("};\n");
@@ -538,7 +538,7 @@ static void usage(int status)
exit(status);
}
-/* parse command line arguments and preform needed actions */
+/* parse command line arguments and perform needed actions */
static void parseargs(int argc, char *argv[])
{
int flag;
diff --git a/lddtree.sh b/lddtree.sh
index dfa8d06..e0185f4 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -96,8 +96,8 @@ find_elf() {
read_ldso_conf() {
local line p
for p ; do
- # if the glob didnt match
anything #360041,
- # or the files arent readable,
skip it
+ # If the glob didn't match
anything #360041,
+ # or the files aren't readable,
skip it.
[[ -r ${p} ]] || continue
while read line ; do
case ${line} in
@@ -179,12 +179,12 @@ show_elf() {
# No need for leading comma w/my_allhits as we guarantee it
always
# starts with one due to the way we append the value above.
[[ ${my_allhits}, == *,${lib},* ]] && continue
- # If the interp is being linked against directly, re-use the
existing
+ # If the interp is being linked against directly, reuse the
existing
# full path rather than perform a search for it. When systems
symlink
# the interp to a diff location, we might locate a different
path, and
# displaying both doesn't make sense as it doesn't match the
runtime --
# the ldso won't load another copy of ldso into memory from the
search
- # path, it'll re-use the existing copy that was loaded from the
full
+ # path, it'll reuse the existing copy that was loaded from the
full
# hardcoded path.
if [[ ${lib} == "${interp}" ]] ; then
rlib=${full_interp}
diff --git a/macho.h b/macho.h
index 76f3697..4a99e8f 100644
--- a/macho.h
+++ b/macho.h
@@ -73,7 +73,7 @@ struct mach_header
incremental link
against a base file and
cannot be link
edited again */
#define MH_DYLDLINK 0x4 /* the object file is input for the dynamic
- linker and cannot be
staticly link edited
+ linker and cannot be
statically link edited
again */
#define MH_TWOLEVEL 0x80/* the image is using two-level namespace
bindings */
@@ -107,7 +107,7 @@ struct mach_header
they are not used by other
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 16db5db01027f058dcc2315f06f912fa480664f2 Author: Mike Frysinger gentoo org> AuthorDate: Tue Jan 16 05:01:48 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 16 05:01:48 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=16db5db0 github: add codespell checker Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/codespell.yml | 13 + 1 file changed, 13 insertions(+) diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 000..605d2bb --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,13 @@ +# GitHub actions workflow. +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions + +name: Codespell + +on: [push, pull_request] + +jobs: + codespell: +runs-on: ubuntu-latest +steps: +- uses: actions/checkout@v4 +- uses: codespell-project/actions-codespell@v2
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a285f1f17dccd79968a63e5acc35b5230c236389
Author: Mike Frysinger gentoo org>
AuthorDate: Tue Jan 16 04:56:53 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Jan 16 04:56:53 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a285f1f1
drop old __BOUNDS_CHECKING_ON support
The out-of-tree patches for -fbounds-checking in GCC were great, but
they haven't been updated since the gcc-4.0 days, and the sanitizer
options have made it obsolete, so it's unlikely we'll ever use this
code again.
Signed-off-by: Mike Frysinger gentoo.org>
porting.h | 7 ---
pspax.c | 10 --
2 files changed, 17 deletions(-)
diff --git a/porting.h b/porting.h
index 42c9ba3..3a544fa 100644
--- a/porting.h
+++ b/porting.h
@@ -77,13 +77,6 @@
#endif
#undef PAX_UTILS_CLEANUP
-/* bounds checking code will fart on free(NULL) even though that
- * is valid usage. So let's wrap it if need be.
- */
-#ifdef __BOUNDS_CHECKING_ON
-# define free(ptr) do { if (ptr) free(ptr); } while (0)
-# define PAX_UTILS_CLEANUP 1
-#endif
/* LSAN (Leak Sanitizer) will complain about things we leak. */
#ifdef __SANITIZE_ADDRESS__
# define PAX_UTILS_CLEANUP 1
diff --git a/pspax.c b/pspax.c
index 6094882..e79469d 100644
--- a/pspax.c
+++ b/pspax.c
@@ -189,15 +189,6 @@ static int print_executable_mappings(int pfd)
return 0;
}
-#ifdef __BOUNDS_CHECKING_ON
-# define NOTE_TO_SELF warn( \
- "This is bullshit but getpwuid() is leaking memory and I wasted a few
hrs 1 day tracking it down in pspax\n" \
- "Later on I forgot I tracked it down before and saw pspax leaking
memory so I tracked it down all over again (silly me)\n" \
- "Hopefully the getpwuid()/nis/nss/pam or whatever wont suck later on in
the future.")
-#else
-# define NOTE_TO_SELF
-#endif
-
static const struct passwd *get_proc_passwd(int pfd)
{
struct stat st;
@@ -577,6 +568,5 @@ int main(int argc, char *argv[])
pspax(name);
- NOTE_TO_SELF;
return EXIT_SUCCESS;
}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 153e0f60ee6b04492b9b6d3cfc69809b0f29d65c Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 10 08:05:13 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 10 08:05:13 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=153e0f60 requirements: pin(ish) Python deps that we use to check things Signed-off-by: Mike Frysinger gentoo.org> requirements-dev.txt | 12 requirements.txt | 9 + 2 files changed, 21 insertions(+) diff --git a/requirements-dev.txt b/requirements-dev.txt new file mode 100644 index 000..9f4869c --- /dev/null +++ b/requirements-dev.txt @@ -0,0 +1,12 @@ +# Copyright 2024 Gentoo Foundation +# Copyright 2024 Mike Frysinger +# Copyright 2024 The ChromiumOS Authors +# Distributed under the terms of the GNU General Public License v2 + +# Deps needed to run tests/linters/etc... +# https://pip.pypa.io/en/stable/reference/requirements-file-format/ + +black==23.* +isort==5.* +mypy==1.* +pylint==3.0.* diff --git a/requirements.txt b/requirements.txt new file mode 100644 index 000..540976b --- /dev/null +++ b/requirements.txt @@ -0,0 +1,9 @@ +# Copyright 2024 Gentoo Foundation +# Copyright 2024 Mike Frysinger +# Copyright 2024 The ChromiumOS Authors +# Distributed under the terms of the GNU General Public License v2 + +# Deps needed to run Python scripts after installed. +# https://pip.pypa.io/en/stable/reference/requirements-file-format/ + +pyelftools
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 756eda7dbce4261e2d5cd6e38bab49aa457e99c1 Author: Mike Frysinger gentoo org> AuthorDate: Wed Jan 10 07:43:19 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Jan 10 07:43:19 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=756eda7d pylintrc: merge into pyproject.toml The same settings, but we have a single file for all our configs now. Signed-off-by: Mike Frysinger gentoo.org> .pylintrc | 58 pylint | 2 +- pyproject.toml | 69 ++ 3 files changed, 70 insertions(+), 59 deletions(-) diff --git a/.pylintrc b/.pylintrc deleted file mode 100644 index 7bee576..000 --- a/.pylintrc +++ /dev/null @@ -1,58 +0,0 @@ -[MASTER] -# List of plugins (as comma separated values of python modules names) to load, -# usually to register additional checkers. -load-plugins= - pylint.extensions.bad_builtin, - pylint.extensions.check_elif, - pylint.extensions.docstyle, - pylint.extensions.overlapping_exceptions, - pylint.extensions.redefined_variable_type, - -jobs=0 - -[MESSAGES CONTROL] -# Disable the message, report, category or checker with the given id(s). You -# can either give multiple identifier separated by comma (,) or put this option -# multiple times (only on the command line, not in the configuration file where -# it should appear only once). -disable= - too-many-lines, - too-many-branches, - too-many-statements, - too-few-public-methods, - too-many-instance-attributes, - too-many-public-methods, - too-many-locals, - too-many-arguments, - fixme, - invalid-name, - -[REPORTS] -reports=no -score=no - -[FORMAT] -max-line-length = 100 -indent-string = '' - -[BASIC] -bad-functions= - exit, - filter, - input, - map, - quit, - -[SIMILARITIES] -min-similarity-lines=20 - -[VARIABLES] -dummy-variables-rgx=_ - -[DESIGN] -max-parents=10 - -[IMPORTS] -deprecated-modules= - mox, - optparse, diff --git a/pylint b/pylint index 512511e..29e8b5e 100755 --- a/pylint +++ b/pylint @@ -37,7 +37,7 @@ def main(argv): pythonpath = pympath + ":" + pythonpath os.environ["PYTHONPATH"] = pythonpath -pylintrc = os.path.join(source_root, ".pylintrc") +pylintrc = os.path.join(source_root, "pyproject.toml") cmd = ["pylint", "--rcfile", pylintrc] os.execvp(cmd[0], cmd + argv) diff --git a/pyproject.toml b/pyproject.toml index ab0fde0..e633a0a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -40,3 +40,72 @@ single_line_exclusions = [ # https://mypy.readthedocs.io/en/stable/config_file.html [tool.mypy] python_version = "3.8" + + +# https://pylint.pycqa.org/en/latest/user_guide/usage/run.html +[tool.pylint."MASTER"] +py-version = "3.8" + +# List of plugins (as comma separated values of python modules names) to load, +# usually to register additional checkers. +load-plugins = [ + "pylint.extensions.bad_builtin", + "pylint.extensions.check_elif", + "pylint.extensions.docstyle", + "pylint.extensions.overlapping_exceptions", + "pylint.extensions.redefined_variable_type", +] + +# Run everything in parallel. +jobs = 0 + +# https://pylint.pycqa.org/en/latest/user_guide/messages/index.html +[tool.pylint."MESSAGES CONTROL"] +# Disable the message, report, category or checker with the given id(s). You +# can either give multiple identifier separated by comma (,) or put this option +# multiple times (only on the command line, not in the configuration file where +# it should appear only once). +disable = [ + "too-many-lines", + "too-many-branches", + "too-many-statements", + "too-few-public-methods", + "too-many-instance-attributes", + "too-many-public-methods", + "too-many-locals", + "too-many-arguments", + "fixme", + "invalid-name", +] + +[tool.pylint."REPORTS"] +reports = false +score = false + +[tool.pylint."FORMAT"] +max-line-length = 100 +indent-string = "" + +[tool.pylint."BASIC"] +bad-functions = [ + "exit", + "filter", + "input", + "map", + "quit", +] + +[tool.pylint."SIMILARITIES"] +min-similarity-lines = 20 + +[tool.pylint."VARIABLES"] +dummy-variables-rgx = "_" + +[tool.pylint."DESIGN"] +max-parents = 10 + +[tool.pylint."IMPORTS"] +deprecated-modules = [ + "mox", + "optparse", +]
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a172acf0b81a9a1027f1b28cfae5b2ba4f5a32c6
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Jan 10 07:42:23 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Jan 10 07:42:23 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a172acf0
pyproject.toml: add black & isort & mypy settings
This should help stabilize the tool behavior for different developers.
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 4 +++-
pyproject.toml | 42 ++
2 files changed, 45 insertions(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index b1fef16..3a41886 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -49,7 +49,8 @@ import os
import re
import shutil
import sys
-from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
+from typing import Any, cast, Dict, Iterable, List, Optional, Tuple, Union
+
assert sys.version_info >= (3, 8), f"Python 3.8+ required, but found
{sys.version}"
@@ -63,6 +64,7 @@ except ImportError:
from elftools.common import exceptions # type: ignore
from elftools.elf.elffile import ELFFile # type: ignore
+
# pylint: enable=import-error
diff --git a/pyproject.toml b/pyproject.toml
new file mode 100644
index 000..ab0fde0
--- /dev/null
+++ b/pyproject.toml
@@ -0,0 +1,42 @@
+# Copyright 2024 Gentoo Foundation
+# Copyright 2024 Mike Frysinger
+# Copyright 2024 The ChromiumOS Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# https://packaging.python.org/en/latest/guides/writing-pyproject-toml/
+
+
+#
https://black.readthedocs.io/en/stable/usage_and_configuration/the_basics.html
+[tool.black]
+line-length = 88
+target-version = ["py38"]
+
+
+# https://pycqa.github.io/isort/docs/configuration/options
+[tool.isort]
+py_version = "38"
+
+# Be compatible with `black` since it also matches what we want.
+profile = "black"
+
+line_length = 88
+length_sort = false
+force_single_line = true
+lines_after_imports = 2
+from_first = false
+case_sensitive = false
+force_sort_within_sections = true
+order_by_type = false
+
+# Allow importing multiple classes on a single line from these modules.
+# https://google.github.io/styleguide/pyguide#s2.2-imports
+single_line_exclusions = [
+ "abc",
+ "collections.abc",
+ "typing",
+]
+
+
+# https://mypy.readthedocs.io/en/stable/config_file.html
+[tool.mypy]
+python_version = "3.8"
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 81e0200c6068d8c00c2d1f569f8b7b0ea7c1b0d5
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Jan 10 07:38:36 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Jan 10 07:38:36 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81e0200c
lddtree: raise min version to Python 3.8
We aren't using Python 3.6 anywhere anymore that I care about, so
raise the min version to 3.8. Tools are dropping support for it
too which makes it difficult to reasonably support.
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index 8ccd855..b1fef16 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -51,7 +51,7 @@ import shutil
import sys
from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
-assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found
{sys.version}"
+assert sys.version_info >= (3, 8), f"Python 3.8+ required, but found
{sys.version}"
# Disable import errors for all 3rd party modules.
# pylint: disable=import-error
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: b71d01d6054e270ab87e42df2d4d704e41281724 Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 17:39:34 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 18:03:25 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b71d01d6 github: add python checkers Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/python.yml | 28 1 file changed, 28 insertions(+) diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml new file mode 100644 index 000..7b7dcaf --- /dev/null +++ b/.github/workflows/python.yml @@ -0,0 +1,28 @@ +# GitHub actions workflow. +# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions + +name: Python + +on: [push, pull_request] + +jobs: + python: +runs-on: ubuntu-latest +steps: +- uses: actions/checkout@v4 +# NB: v1.4.0 covers Python 3.8. +- uses: ricardochaves/python-lint@v1.4.0 + with: +python-root-list: lddtree.py pylint +use-pylint: true +use-pycodestyle: false +use-flake8: false +use-black: true +use-mypy: true +use-isort: true +extra-pylint-options: "" +extra-pycodestyle-options: "" +extra-flake8-options: "" +extra-black-options: "" +extra-mypy-options: "" +extra-isort-options: ""
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 259a52c16c02d2cbb041ad33ea66a735652c66cf
Author: Mike Frysinger chromium org>
AuthorDate: Tue Jan 2 17:56:56 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Jan 2 17:56:56 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=259a52c1
lddtree: disable mypy import errors
We don't have types for these imports, so ignore errors on them.
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 70d755c..8a42627 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -56,12 +56,12 @@ assert sys.version_info >= (3, 6), f"Python 3.6+ required,
but found {sys.versio
# Disable import errors for all 3rd party modules.
# pylint: disable=import-error
try:
-import argcomplete
+import argcomplete # type: ignore
except ImportError:
argcomplete = cast(Any, None)
-from elftools.common import exceptions
-from elftools.elf.elffile import ELFFile
+from elftools.common import exceptions # type: ignore
+from elftools.elf.elffile import ELFFile # type: ignore
# pylint: enable=import-error
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c899a5a007c28c8b9005d142f8c7b539e097d5b3
Author: Mike Frysinger chromium org>
AuthorDate: Tue Jan 2 17:49:06 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Jan 2 17:49:06 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c899a5a0
lddtree: disable pyelftools pylint import errors
Since pyelftools isn't commonly installed, disable the pylint check
by default.
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 4
1 file changed, 4 insertions(+)
diff --git a/lddtree.py b/lddtree.py
index 247e9db..70d755c 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -53,6 +53,8 @@ from typing import Any, Dict, Iterable, List, Optional,
Tuple, Union, cast
assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found
{sys.version}"
+# Disable import errors for all 3rd party modules.
+# pylint: disable=import-error
try:
import argcomplete
except ImportError:
@@ -61,6 +63,8 @@ except ImportError:
from elftools.common import exceptions
from elftools.elf.elffile import ELFFile
+# pylint: enable=import-error
+
def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
"""Write |msg| to stderr with a |prefix| before it"""
[gentoo-commits] proj/pax-utils:master commit in: /
commit: cf84a6c35151b790ec104892883e85010ca252ac
Author: Mike Frysinger chromium org>
AuthorDate: Tue Jan 2 17:46:55 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Jan 2 17:46:55 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cf84a6c3
lddtree: use older Python typing style
Support for list[...] is new to Python 3.9. We still support Python
3.6 (or at least, 3.8) so we need to use List[...] instead.
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 24
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 89733be..247e9db 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -49,7 +49,7 @@ import os
import re
import shutil
import sys
-from typing import Any, cast, Iterable, Optional, Union
+from typing import Any, Dict, Iterable, List, Optional, Tuple, Union, cast
assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found
{sys.version}"
@@ -126,9 +126,9 @@ def readlink(path: str, root: str, prefixed: Optional[bool]
= False) -> str:
return normpath((root + path) if prefixed else path)
-def dedupe(items: list[str]) -> list[str]:
+def dedupe(items: List[str]) -> List[str]:
"""Remove all duplicates from |items| (keeping order)"""
-seen: dict[str, str] = {}
+seen: Dict[str, str] = {}
return [seen.setdefault(x, x) for x in items if x not in seen]
@@ -229,7 +229,7 @@ def ParseLdPaths(
root: str = "",
cwd: Optional[str] = None,
path: str = "",
-) -> list[str]:
+) -> List[str]:
"""Parse the colon-delimited list of paths and apply ldso rules to each
Note the special handling as dictated by the ldso:
@@ -276,7 +276,7 @@ def ParseLdSoConf(
root: str = "/",
debug: bool = False,
_first: bool = True,
-) -> list[str]:
+) -> List[str]:
"""Load all the paths from a given ldso config file
This should handle comments, whitespace, and "include" statements.
@@ -334,7 +334,7 @@ def LoadLdpaths(
cwd: Optional[str] = None,
prefix: str = "",
debug: bool = False,
-) -> dict[str, list[str]]:
+) -> Dict[str, List[str]]:
"""Load linker paths from common locations
This parses the ld.so.conf and LD_LIBRARY_PATH env var.
@@ -348,7 +348,7 @@ def LoadLdpaths(
Returns:
dict containing library paths to search
"""
-ldpaths: dict[str, list[str]] = {
+ldpaths: Dict[str, List[str]] = {
"conf": [],
"env": [],
"interp": [],
@@ -401,10 +401,10 @@ def CompatibleELFs(elf1: ELFFile, elf2: ELFFile) -> bool:
def FindLib(
elf: ELFFile,
lib: str,
-ldpaths: list[str],
+ldpaths: List[str],
root: str = "/",
debug: bool = False,
-) -> tuple[Optional[str], Optional[str]]:
+) -> Tuple[Optional[str], Optional[str]]:
"""Try to locate a |lib| that is compatible to |elf| in the given |ldpaths|
Args:
@@ -451,7 +451,7 @@ def ParseELF(
debug: bool = False,
_first: bool = True,
_all_libs={},
-) -> dict[str, Any]:
+) -> Dict[str, Any]:
"""Parse the ELF dependency tree of the specified file
Args:
@@ -658,7 +658,7 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
shown_libs = set(elf["needed"])
new_libs = elf["needed"][:]
-chain_libs: list[str] = []
+chain_libs: List[str] = []
interp = elf["interp"]
if interp:
lib = os.path.basename(interp)
@@ -916,7 +916,7 @@ def GetParser() -> argparse.ArgumentParser:
return parser
-def main(argv: list[str]) -> Optional[int]:
+def main(argv: List[str]) -> Optional[int]:
"""The main entry point!"""
parser = GetParser()
options = parser.parse_args(argv)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: cb88e6fce4386ba30d378edfb59964fa2a4cc9c3
Author: Mike Frysinger chromium org>
AuthorDate: Tue Jan 2 18:00:15 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Jan 2 18:00:15 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=cb88e6fc
lddtree: add some more typing info for mypy
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index 8a42627..8ccd855 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -491,7 +491,7 @@ def ParseELF(
if _first:
_all_libs = {}
ldpaths = ldpaths.copy()
-ret = {
+ret: Dict[str, Any] = {
"interp": None,
"path": path if display is None else display,
"realpath": path,
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 26945e75a7802a987ec81d1578aef4629258dc32 Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:35:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:35:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=26945e75 github: disable fuzzing on macOS The builder doesn't work with errors like: ld: file not found: /Applications/Xcode_14.2.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/14.0.0/lib/darwin/libclang_rt.fuzzer_osx.a Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e82f5f9..44aa5c9 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -72,7 +72,7 @@ jobs: -Duse_seccomp=false \ -Dbuild_manpages=disabled \ -Dtests=true \ - -Duse_fuzzing=true \ + -Duse_fuzzing=false \ build ninja -C build # The unittests generally assume a Linux ELF host, so don't bother making
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 81b85a0bf3a6e6988ada582f653449a3217b71be Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:46:23 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:46:23 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=81b85a0b github: update to checkout@v4 Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 4 ++-- .github/workflows/ci-alpine-linux.yml | 2 +- .github/workflows/coverity.yml| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 44aa5c9..3d170e3 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -36,7 +36,7 @@ jobs: sudo install -Dm755 muon /usr/local/bin/muon ;; esac -- uses: actions/checkout@v3 +- uses: actions/checkout@v4 - run: | export PKG_CONFIG_PATH="/usr/lib/$(uname -m)-linux-gnu/pkgconfig/" case "$BB" in @@ -66,7 +66,7 @@ jobs: steps: - name: Install dependencies run: brew install meson ninja -- uses: actions/checkout@v3 +- uses: actions/checkout@v4 - run: | meson -Duse_libcap=disabled \ -Duse_seccomp=false \ diff --git a/.github/workflows/ci-alpine-linux.yml b/.github/workflows/ci-alpine-linux.yml index a87fdfb..575e959 100644 --- a/.github/workflows/ci-alpine-linux.yml +++ b/.github/workflows/ci-alpine-linux.yml @@ -28,7 +28,7 @@ jobs: libcap-dev \ libseccomp \ libseccomp-dev - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - run: meson setup -Dtests=false -Duse_fuzzing=false builddir/ - run: meson compile -C builddir - run: meson test --verbose -C builddir diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 20a47e5..1cd6c55 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -12,7 +12,7 @@ jobs: coverity: runs-on: ubuntu-latest steps: -- uses: actions/checkout@v3 +- uses: actions/checkout@v4 - uses: vapier/coverity-scan-action@v1 with: email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: da4aab84a127ce5e201b53b08cff42b3181315cc Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:35:49 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:35:49 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=da4aab84 github: disable fuzzing on macOS The builder doesn't work with errors like: ld: file not found: /Applications/Xcode_14.2.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/clang/14.0.0/lib/darwin/libclang_rt.fuzzer_osx.a Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e82f5f9..5c43a9c 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -72,7 +72,7 @@ jobs: -Duse_seccomp=false \ -Dbuild_manpages=disabled \ -Dtests=true \ - -Duse_fuzzing=true \ + -Duse_fuzzing=disabled \ build ninja -C build # The unittests generally assume a Linux ELF host, so don't bother making
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b49fe5088ca8f1fa0191a85e933ec213928449bc Author: Mike Frysinger chromium org> AuthorDate: Tue Jan 2 16:27:50 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Tue Jan 2 16:27:50 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b49fe508 dumpelf: use explicit 64-bit to display off_t There's no guarantee that %j (uintmax_t) is large enough to handle off_t. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> dumpelf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index de9a563..1a469ea 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -40,9 +40,9 @@ static void dumpelf(const elfobj *elf, size_t file_cnt) "\n" "/*\n" " * ELF dump of '%s'\n" - " * %ji (0x%jX) bytes\n" + " * %" PRIi64 " (0x%" PRIX64 ") bytes\n" " */\n\n", - elf->filename, elf->len, elf->len); + elf->filename, (int64_t)elf->len, (uint64_t)elf->len); /* setup the struct to namespace this elf */ #define MAKE_STRUCT(B) \
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b3994055a70d2f87e49c8a9053ae0b1745af3f5c
Author: Mike Frysinger gentoo org>
AuthorDate: Mon Jan 1 15:42:35 2024 +
Commit: Mike Frysinger gentoo org>
CommitDate: Mon Jan 1 15:42:35 2024 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b3994055
update copyright headers
Signed-off-by: Mike Frysinger gentoo.org>
dumpelf.c | 4 ++--
lddtree.py| 6 +++---
lddtree.sh| 4 ++--
macho.h | 2 +-
paxelf.c | 4 ++--
paxelf.h | 4 ++--
paxinc.c | 4 ++--
paxinc.h | 4 ++--
paxldso.c | 4 ++--
paxldso.h | 4 ++--
paxmacho.c| 4 ++--
paxmacho.h| 4 ++--
porting.h | 4 ++--
pylint| 2 +-
scanelf.c | 4 ++--
scanmacho.c | 4 ++--
seccomp-bpf.c | 4 ++--
security.c| 4 ++--
security.h| 4 ++--
xfuncs.c | 4 ++--
xfuncs.h | 4 ++--
21 files changed, 41 insertions(+), 41 deletions(-)
diff --git a/dumpelf.c b/dumpelf.c
index 4742a50..de9a563 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -1,9 +1,9 @@
/*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2005-2012 Ned Ludd-
- * Copyright 2005-2012 Mike Frysinger -
+ * Copyright 2005-2024 Mike Frysinger -
*/
const char argv0[] = "dumpelf";
diff --git a/lddtree.py b/lddtree.py
index b26afcf..89733be 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,8 +1,8 @@
#!/usr/bin/env python
# PYTHON_ARGCOMPLETE_OK
-# Copyright 2012-2014 Gentoo Foundation
-# Copyright 2012-2014 Mike Frysinger
-# Copyright 2012-2014 The ChromiumOS Authors
+# Copyright 2012-2024 Gentoo Foundation
+# Copyright 2012-2024 Mike Frysinger
+# Copyright 2012-2024 The ChromiumOS Authors
# Use of this source code is governed by a BSD-style license (BSD-3)
"""Read the ELF dependency tree and show it
diff --git a/lddtree.sh b/lddtree.sh
index c964ed6..dfa8d06 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# Copyright 2007-2013 Gentoo Foundation
-# Copyright 2007-2013 Mike Frysinger
+# Copyright 2007-2024 Gentoo Foundation
+# Copyright 2007-2024 Mike Frysinger
# Distributed under the terms of the GNU General Public License v2
argv0=${0##*/}
diff --git a/macho.h b/macho.h
index c4929c8..76f3697 100644
--- a/macho.h
+++ b/macho.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2008-2021 Gentoo Foundation
+ * Copyright 2008-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*/
diff --git a/paxelf.c b/paxelf.c
index 331f1b4..fb4160c 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -1,9 +1,9 @@
/*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2005-2012 Ned Ludd-
- * Copyright 2005-2012 Mike Frysinger -
+ * Copyright 2005-2024 Mike Frysinger -
*/
#include "paxinc.h"
diff --git a/paxelf.h b/paxelf.h
index f252969..0c163d5 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -1,9 +1,9 @@
/*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2005-2012 Ned Ludd-
- * Copyright 2005-2012 Mike Frysinger -
+ * Copyright 2005-2024 Mike Frysinger -
*
* Make sure all of the common elf stuff is setup as we expect
*/
diff --git a/paxinc.c b/paxinc.c
index 64a3069..589d7ae 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -1,9 +1,9 @@
/*
- * Copyright 2003-2012 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2005-2012 Ned Ludd-
- * Copyright 2005-2012 Mike Frysinger -
+ * Copyright 2005-2024 Mike Frysinger -
*/
/* stick common symbols here that are needed by paxinc.h */
diff --git a/paxinc.h b/paxinc.h
index 3dd163a..d25cf57 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -1,9 +1,9 @@
/*
- * Copyright 2005-2012 Gentoo Foundation
+ * Copyright 2005-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2005-2012 Ned Ludd-
- * Copyright 2005-2012 Mike Frysinger -
+ * Copyright 2005-2024 Mike Frysinger -
*
* Make sure all of the common stuff is setup as we expect
*/
diff --git a/paxldso.c b/paxldso.c
index ce7facd..a9bef1e 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -1,9 +1,9 @@
/*
- * Copyright 2003-2016 Gentoo Foundation
+ * Copyright 2003-2024 Gentoo Foundation
* Distributed under the terms of the GNU General Public License v2
*
* Copyright 2003-2012 Ned Ludd-
- * Copyright 2004-2016 Mike Frysinger -
+ * Copyright 2004-2024 Mike Frysinger -
*/
#include "paxinc.h"
diff --git a/paxldso.h b/paxldso.h
index 91c7eed..aba58fa 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -1,9 +1,9 @@
/*
- * Copyright 2003-2016 Gentoo Foundation
+ * Copyright
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 511617ac43a13e6173f1dcbbd3feaf3be51ada6c Author: Mike Frysinger gentoo org> AuthorDate: Mon Jan 1 15:37:28 2024 + Commit: Mike Frysinger gentoo org> CommitDate: Mon Jan 1 15:37:28 2024 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=511617ac elf.h: pull from latest glibc Signed-off-by: Mike Frysinger gentoo.org> elf.h | 1160 ++--- 1 file changed, 1038 insertions(+), 122 deletions(-) diff --git a/elf.h b/elf.h index e6c8b20..5c1c197 100644 --- a/elf.h +++ b/elf.h @@ -1,5 +1,5 @@ /* This file defines standard ELF types, structures, and macros. - Copyright (C) 1995-2015 Free Software Foundation, Inc. + Copyright (C) 1995-2023 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -168,109 +168,204 @@ typedef struct /* Legal values for e_machine (architecture). */ -#define EM_NONE 0 /* No machine */ -#define EM_M32 1 /* AT WE 32100 */ -#define EM_SPARC2 /* SUN SPARC */ -#define EM_386 3 /* Intel 80386 */ -#define EM_68K 4 /* Motorola m68k family */ -#define EM_88K 5 /* Motorola m88k family */ -#define EM_860 7 /* Intel 80860 */ -#define EM_MIPS 8 /* MIPS R3000 big-endian */ -#define EM_S370 9 /* IBM System/370 */ -#define EM_MIPS_RS3_LE 10 /* MIPS R3000 little-endian */ - -#define EM_PARISC 15 /* HPPA */ -#define EM_VPP500 17 /* Fujitsu VPP500 */ -#define EM_SPARC32PLUS 18 /* Sun's "v8plus" */ -#define EM_960 19 /* Intel 80960 */ -#define EM_PPC 20 /* PowerPC */ -#define EM_PPC64 21 /* PowerPC 64-bit */ -#define EM_S39022 /* IBM S390 */ - -#define EM_V80036 /* NEC V800 series */ -#define EM_FR2037 /* Fujitsu FR20 */ -#define EM_RH3238 /* TRW RH-32 */ -#define EM_RCE 39 /* Motorola RCE */ -#define EM_ARM 40 /* ARM */ -#define EM_FAKE_ALPHA 41 /* Digital Alpha */ -#define EM_SH 42 /* Hitachi SH */ -#define EM_SPARCV9 43 /* SPARC v9 64-bit */ -#define EM_TRICORE 44 /* Siemens Tricore */ -#define EM_ARC 45 /* Argonaut RISC Core */ -#define EM_H8_300 46 /* Hitachi H8/300 */ -#define EM_H8_300H 47 /* Hitachi H8/300H */ -#define EM_H8S 48 /* Hitachi H8S */ -#define EM_H8_500 49 /* Hitachi H8/500 */ -#define EM_IA_64 50 /* Intel Merced */ -#define EM_MIPS_X 51 /* Stanford MIPS-X */ -#define EM_COLDFIRE52 /* Motorola Coldfire */ -#define EM_68HC12 53 /* Motorola M68HC12 */ -#define EM_MMA 54 /* Fujitsu MMA Multimedia Accelerator*/ -#define EM_PCP 55 /* Siemens PCP */ -#define EM_NCPU56 /* Sony nCPU embeeded RISC */ -#define EM_NDR157 /* Denso NDR1 microprocessor */ -#define EM_STARCORE58 /* Motorola Start*Core processor */ -#define EM_ME1659 /* Toyota ME16 processor */ -#define EM_ST100 60 /* STMicroelectronic ST100 processor */ -#define EM_TINYJ 61 /* Advanced Logic Corp. Tinyj emb.fam*/ -#define EM_X86_64 62 /* AMD x86-64 architecture */ -#define EM_PDSP63 /* Sony DSP Processor */ - -#define EM_FX6666 /* Siemens FX66 microcontroller */ -#define EM_ST9PLUS 67 /* STMicroelectronics ST9+ 8/16 mc */ -#define EM_ST7 68 /* STmicroelectronics ST7 8 bit mc */ -#define EM_68HC16 69 /* Motorola MC68HC16 microcontroller */ -#define EM_68HC11 70 /* Motorola MC68HC11 microcontroller */ -#define EM_68HC08 71 /* Motorola MC68HC08 microcontroller */ -#define EM_68HC05 72 /* Motorola MC68HC05 microcontroller */ -#define EM_SVX 73 /* Silicon Graphics SVx */ -#define EM_ST1974 /* STMicroelectronics ST19 8 bit mc */ -#define EM_VAX 75 /* Digital VAX */ -#define EM_CRIS76 /* Axis Communications 32-bit embedded processor */ -#define EM_JAVELIN 77 /* Infineon Technologies 32-bit embedded processor */ -#define EM_FIREPATH78 /* Element 14 64-bit DSP Processor */ -#define EM_ZSP 79
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 00c695d6152bb8f2e7a288a5c019986ed3ee9495
Author: Daniel Verkamp chromium org>
AuthorDate: Fri Sep 7 23:28:32 2018 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 22 05:31:16 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=00c695d6
lddtree: use readlink -f for absolute links
Commit b97eba7fb2c0a3c5ad9e3831c6f87dca1fde59c5 causes problems when
using lddtree with symlinks containing absolute paths, such as the
crosvm guest tools, which install these links:
/usr/bin/sommelier -> /etc/alternatives/sommelier ->
/opt/google/cros-containers/bin/sommelier
(where the final sommelier is the lddtree-generated script).
In this case, $base resolved by the lddtree script would be
'/usr/bin//etc/alternatives/sommelier', which is incorrect.
Replace the dirname/readlink combination with readlink -f when the
symlink is absolute in order to fully resolve the symlink, while keeping
the relative path when the script is invoked through a relative path.
Bug: https://crbug.com/882055
Signed-off-by: Daniel Verkamp chromium.org>
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index bbf9df9..8184e8f 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -187,7 +187,13 @@ def GenerateLdsoWrapper(
# remove absolute paths from build outputs and enables directory
independent
# cache sharing in distributed build systems.
wrapper = """#!/bin/sh
-if ! base=$(dirname "$0")/$(readlink "$0" 2>/dev/null); then
+if base=$(readlink "$0" 2>/dev/null); then
+ # If $0 is an abspath symlink, fully resolve the target.
+ case ${base} in
+ /*) base=$(readlink -f "$0" 2>/dev/null);;
+ *) base=$(dirname "$0")/${base};;
+ esac
+else
case $0 in
/*) base=$0;;
*) base=${PWD:-`pwd`}/$0;;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: aadadb863a89af460726163703278b14750591ae
Author: George Burgess IV google com>
AuthorDate: Tue Sep 22 15:09:47 2020 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 22 05:31:31 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=aadadb86
lddtree: add LD_ARGV0_REL
Some binaries use `/proc/self/exe` to get a link to the
currently-executing binary. Unfortunately, when `ld.so` is invoked
directly, `/proc/self/exe` alawys points to `ld.so`.
`LD_ARGV0` can only be used to determine the current executable in
programs which haven't changed their working directory from their
starting one, so that's difficult to generally use.
To solve this, this embeds the path of the current binary _relative to
ld.so_ in an env var.
Bug: https://crbug.com/1003841
Bug: https://issuetracker.google.com/187793259
Signed-off-by: George Burgess chromium.org>
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 6 ++
1 file changed, 6 insertions(+)
diff --git a/lddtree.py b/lddtree.py
index 8184e8f..b26afcf 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -176,6 +176,7 @@ def GenerateLdsoWrapper(
replacements = {
"interp": os.path.join(os.path.relpath(interp_dir, basedir),
interp_name),
+"interp_rel": os.path.relpath(path, interp_dir),
"libpaths": ":".join(
"${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
),
@@ -186,6 +187,10 @@ def GenerateLdsoWrapper(
# Keep path relativeness of argv0 (in ${base}.elf). This allows tools to
# remove absolute paths from build outputs and enables directory
independent
# cache sharing in distributed build systems.
+#
+# NB: LD_ARGV0_REL below is unrelated & non-standard. It's to let tools
see
+# the original path if they need it and when they know they'll be wrapped
up
+# by this script.
wrapper = """#!/bin/sh
if base=$(readlink "$0" 2>/dev/null); then
# If $0 is an abspath symlink, fully resolve the target.
@@ -200,6 +205,7 @@ else
esac
fi
basedir=${base%%/*}
+LD_ARGV0_REL="%(interp_rel)s" \\
exec \\
"${basedir}/%(interp)s" \\
%(argv0_arg)s \\
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 8f404c038705389cefd86e8a1fba1b50074a01ae
Author: Takuto Ikuta chromium org>
AuthorDate: Wed Aug 29 06:07:30 2018 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 22 05:31:14 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8f404c03
lddtree: keep relativeness of invoked program in elf wrapper
This makes clang's resource dir relative when we pass
-no-canonical-prefixes flag like below.
$
chromium/.cros_cache/chrome-sdk/tarballs/$BOARD+$VERSION+target_toolchain/usr/bin/clang
-no-canonical-prefixes -###
Chromium OS 7.0_pre328903_p20180425-r5 clang version 7.0.0
(/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git
e7408fe366bb18923fa360b069b4e4566203f34f)
(/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git
95561668f063fbcb8195bde05ecede721ece4ba4) (based on LLVM 7.0.0svn)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir:
chromium/.cros_cache/chrome-sdk/tarballs/kevin+10750.0.0+target_toolchain/usr/bin
Without this patch, -no-canonical-prefixes has no meaning.
$
chromium/.cros_cache/chrome-sdk/tarballs/$BOARD+$VERSION+target_toolchain/usr/bin/clang
-no-canonical-prefixes -###
Chromium OS 7.0_pre328903_p20180425-r5 clang version 7.0.0
(/var/cache/chromeos-cache/distfiles/host/egit-src/clang.git
e7408fe366bb18923fa360b069b4e4566203f34f)
(/var/cache/chromeos-cache/distfiles/host/egit-src/llvm.git
95561668f063fbcb8195bde05ecede721ece4ba4) (based on LLVM 7.0.0svn)
Target: x86_64-pc-linux-gnu
Thread model: posix
InstalledDir:
$HOME/chromium/.cros_cache/chrome-sdk/tarballs/kevin+10750.0.0+target_toolchain/usr/bin
This is a part of effort for build cache sharing when using goma by
removing absolute path from compile result.
Instead of enforcing relative path, I keep relativeness of compiler
path.
I confirmed this works as following with a debug line to show ${base}.elf.
(sdk daisy R70-11005.0.0) tikuta tikuta ~/chromium/src $ ln -s
build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7
clang
(sdk daisy R70-11005.0.0) tikuta tikuta ~/chromium/src $ ./clang
${base}.elf:
'./build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7.elf'
clang-7: error: no input files
In previous versions of this change, it ran like below:
(sdk daisy R70-11005.0.0) tikuta tikuta ~/chromium/src $ ./clang
${base}.elf:
'/usr/local/google/home/tikuta/chromium/src/build/cros_cache/chrome-sdk/tarballs/daisy+11005.0.0+target_toolchain/usr/bin/clang-7.elf'
clang-7: error: no input files
I confirmed this can build base_unittests on daisy and amd64-generic
after creating a new CrOS SDK with chromiumos-sdk-tryjob.
Bug: https://crbug.com/846610
Bug: https://crbug.com/876604
Signed-off-by: Takuto Ikuta chromium.org>
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index 80808fc..bbf9df9 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -182,8 +182,12 @@ def GenerateLdsoWrapper(
"argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp)
else "",
"preload_arg": f'--preload "{preload}"' if preload else "",
}
+
+# Keep path relativeness of argv0 (in ${base}.elf). This allows tools to
+# remove absolute paths from build outputs and enables directory
independent
+# cache sharing in distributed build systems.
wrapper = """#!/bin/sh
-if ! base=$(realpath "$0" 2>/dev/null); then
+if ! base=$(dirname "$0")/$(readlink "$0" 2>/dev/null); then
case $0 in
/*) base=$0;;
*) base=${PWD:-`pwd`}/$0;;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 9ca3f108762c27b557825f5392499498e8a00202
Author: Mike Frysinger chromium org>
AuthorDate: Fri Dec 15 20:53:20 2023 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 15 20:53:59 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9ca3f108
lddtree: fix argcomplete typing
mypy wants a cast here to avoid warning:
lddtree.py:59: error: Incompatible types in assignment (expression has type
"None", variable has type Module) [assignment]
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 576d3d3..80808fc 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -49,14 +49,14 @@ import os
import re
import shutil
import sys
-from typing import Any, Iterable, Optional, Union
+from typing import Any, cast, Iterable, Optional, Union
assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found
{sys.version}"
try:
import argcomplete
except ImportError:
-argcomplete = None
+argcomplete = cast(Any, None)
from elftools.common import exceptions
from elftools.elf.elffile import ELFFile
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 5f8628d611c03f77bbcf245c025b85cf60b88431
Author: Mike Frysinger chromium org>
AuthorDate: Fri Dec 15 20:41:31 2023 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 15 20:53:59 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5f8628d6
lddtree: use f-string in warn message
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index 2b8b9c4..576d3d3 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -64,7 +64,7 @@ from elftools.elf.elffile import ELFFile
def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
"""Write |msg| to stderr with a |prefix| before it"""
-print("%s: %s: %s" % (os.path.basename(sys.argv[0]), prefix, msg),
file=sys.stderr)
+print(f"{os.path.basename(sys.argv[0])}: {prefix}: {msg}", file=sys.stderr)
def err(msg: Any, status: Optional[int] = 1) -> None:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c3205676f2bc6cc0ffd01098ce007ba7b5b7d159
Author: David Riley chromium org>
AuthorDate: Wed Sep 28 17:16:42 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 15 20:53:59 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c3205676
lddtree: Add --wrapper-preload
--wrapper-preload allows the wrapper to be generated always specifying
an LD_PRELOAD via the --preload option of the loader.
Signed-off-by: David Riley chromium.org>
Signed-off-by: Mike Frysinger chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 31 +--
1 file changed, 29 insertions(+), 2 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 60f3a7c..2b8b9c4 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -46,6 +46,7 @@ import functools
import glob
import mmap
import os
+import re
import shutil
import sys
from typing import Any, Iterable, Optional, Union
@@ -147,6 +148,7 @@ def GenerateLdsoWrapper(
path: str,
interp: str,
libpaths: Iterable[str] = (),
+preload: Optional[str] = None,
) -> None:
"""Generate a shell script wrapper which uses local ldso to run the ELF
@@ -164,12 +166,21 @@ def GenerateLdsoWrapper(
interp_dir, interp_name = os.path.split(interp)
# Add ldso interpreter dir to end of libpaths as a fallback library path.
libpaths = dedupe(list(libpaths) + [interp_dir])
+if preload:
+# If preload is an absolute path, calculate it from basedir.
+preload_prefix = f'${{basedir}}/{os.path.relpath("/", basedir)}'
+preload = ":".join(
+f"{preload_prefix}{x}" if os.path.isabs(x) else x
+for x in re.split(r"[ :]", preload)
+)
+
replacements = {
"interp": os.path.join(os.path.relpath(interp_dir, basedir),
interp_name),
"libpaths": ":".join(
"${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
),
"argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp)
else "",
+"preload_arg": f'--preload "{preload}"' if preload else "",
}
wrapper = """#!/bin/sh
if ! base=$(realpath "$0" 2>/dev/null); then
@@ -182,6 +193,7 @@ basedir=${base%%/*}
exec \\
"${basedir}/%(interp)s" \\
%(argv0_arg)s \\
+ %(preload_arg)s \\
--library-path "%(libpaths)s" \\
--inhibit-cache \\
--inhibit-rpath '' \\
@@ -658,7 +670,15 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
def _StripRoot(path: str) -> str:
return path[len(options.root) - 1 :]
-def _copy(realsrc, src, striproot=True, wrapit=False, libpaths=(),
outdir=None):
+def _copy(
+realsrc,
+src,
+striproot=True,
+wrapit=False,
+libpaths=(),
+outdir=None,
+preload=None,
+):
if realsrc is None:
return
@@ -712,7 +732,7 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
interp = os.path.join(options.libdir,
os.path.basename(elf["interp"]))
else:
interp = _StripRoot(elf["interp"])
-GenerateLdsoWrapper(options.dest, subdst, interp, libpaths)
+GenerateLdsoWrapper(options.dest, subdst, interp, libpaths,
preload)
# XXX: We should automatically import libgcc_s.so whenever libpthread.so
# is copied over (since we know it can be dlopen-ed by NPTL at runtime).
@@ -750,6 +770,7 @@ def _ActionCopy(options: argparse.Namespace, elf: dict):
wrapit=options.generate_wrappers,
libpaths=libpaths,
outdir=options.bindir,
+preload=options.wrapper_preload,
)
@@ -867,6 +888,12 @@ def GetParser() -> argparse.ArgumentParser:
default=False,
help="Copy over plain (non-ELF) files instead of warn+ignore",
)
+group.add_argument(
+"--wrapper-preload",
+default=None,
+type=str,
+help="Have wrapper add --preload to the ldso invocation",
+)
if argcomplete is not None:
argcomplete.autocomplete(parser)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d51fa4ec5812e38af23ec773b0376d33e2b228ae Author: Mike Frysinger gentoo org> AuthorDate: Thu Mar 26 17:13:07 2020 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 20:20:06 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d51fa4ec lddtree: add docstring for all classes Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lddtree.py b/lddtree.py index e851ac1..60f3a7c 100755 --- a/lddtree.py +++ b/lddtree.py @@ -596,6 +596,8 @@ def ParseELF( class _NormalizePathAction(argparse.Action): +"""Argparse action to normalize paths.""" + def __call__(self, parser, namespace, values, option_string=None): setattr(namespace, self.dest, normpath(values))
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c9f62fd60b3d92726bca1e0c56be7aa1eeef83d8 Author: Mike Frysinger chromium org> AuthorDate: Thu Dec 14 21:25:01 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 21:27:05 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c9f62fd6 pylintrc: remove old entries Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .pylintrc | 3 --- 1 file changed, 3 deletions(-) diff --git a/.pylintrc b/.pylintrc index b86319b..7bee576 100644 --- a/.pylintrc +++ b/.pylintrc @@ -5,7 +5,6 @@ load-plugins= pylint.extensions.bad_builtin, pylint.extensions.check_elif, pylint.extensions.docstyle, - pylint.extensions.emptystring, pylint.extensions.overlapping_exceptions, pylint.extensions.redefined_variable_type, @@ -25,8 +24,6 @@ disable= too-many-public-methods, too-many-locals, too-many-arguments, - locally-enabled, - locally-disabled, fixme, invalid-name,
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 6bf7ac1211f9d15a0a359e605ddc0ac8bdb39fa7 Author: Mike Frysinger gentoo org> AuthorDate: Thu Dec 14 21:27:37 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 21:27:37 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6bf7ac12 github: update to checkout@v3 Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> .github/workflows/build-test-ci.yml | 4 ++-- .github/workflows/ci-alpine-linux.yml | 2 +- .github/workflows/coverity.yml| 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 18c13f0..e82f5f9 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -36,7 +36,7 @@ jobs: sudo install -Dm755 muon /usr/local/bin/muon ;; esac -- uses: actions/checkout@v2 +- uses: actions/checkout@v3 - run: | export PKG_CONFIG_PATH="/usr/lib/$(uname -m)-linux-gnu/pkgconfig/" case "$BB" in @@ -66,7 +66,7 @@ jobs: steps: - name: Install dependencies run: brew install meson ninja -- uses: actions/checkout@v2 +- uses: actions/checkout@v3 - run: | meson -Duse_libcap=disabled \ -Duse_seccomp=false \ diff --git a/.github/workflows/ci-alpine-linux.yml b/.github/workflows/ci-alpine-linux.yml index de7157c..a87fdfb 100644 --- a/.github/workflows/ci-alpine-linux.yml +++ b/.github/workflows/ci-alpine-linux.yml @@ -28,7 +28,7 @@ jobs: libcap-dev \ libseccomp \ libseccomp-dev - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - run: meson setup -Dtests=false -Duse_fuzzing=false builddir/ - run: meson compile -C builddir - run: meson test --verbose -C builddir diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 7e729c4..20a47e5 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -12,7 +12,7 @@ jobs: coverity: runs-on: ubuntu-latest steps: -- uses: actions/checkout@v2 +- uses: actions/checkout@v3 - uses: vapier/coverity-scan-action@v1 with: email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 43dc19d632741e9e80f02842684ca57d1277a070 Author: Mike Frysinger chromium org> AuthorDate: Thu Dec 14 19:52:20 2023 + Commit: Mike Frysinger gentoo org> CommitDate: Thu Dec 14 19:53:27 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=43dc19d6 Revert "paxinc: include for alloca" This reverts commit 781a3856ae53df051563645b45d8ff7033aea113. The header is already included in porting.h. We want to keep all system headers centralized in porting.h and not sprinkle across the other modules. Signed-off-by: Mike Frysinger chromium.org> Signed-off-by: Mike Frysinger gentoo.org> paxinc.c | 1 - 1 file changed, 1 deletion(-) diff --git a/paxinc.c b/paxinc.c index c6eab87..64a3069 100644 --- a/paxinc.c +++ b/paxinc.c @@ -9,7 +9,6 @@ /* stick common symbols here that are needed by paxinc.h */ #define IN_paxinc -#include #include "paxinc.h" char do_reverse_endian;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 124f3e448e7a0c4680fbff2306a3e2c9354bde77
Author: Aliaksei Urbanski gmail com>
AuthorDate: Wed Nov 8 01:58:52 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu Nov 23 13:31:19 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=124f3e44
Fix fuzz-dumpelf test
Not sure why, but the dumpelf.fuzz fuzzer fails when it's calling
prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, ...) at security_init.
So I suggest disabling seccomp for fuzzy testing.
Also, in order to not run indefinitely,
the fuzzer must be executed with some reasonable options.
https://releases.llvm.org/14.0.0/docs/LibFuzzer.html#options
Signed-off-by: Aliaksei Urbanski gmail.com>
Closes: https://github.com/gentoo/pax-utils/pull/13
Signed-off-by: Sam James gentoo.org>
meson.build | 8 +++-
security.c | 4
2 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 0cb9a0e..255107b 100644
--- a/meson.build
+++ b/meson.build
@@ -166,6 +166,12 @@ if do_tests and get_option('use_fuzzing')
link_args : fuzz_flags,
install : false
)
-test('fuzz-dumpelf', dumpelf_fuzzer)
+test('fuzz-dumpelf', dumpelf_fuzzer,
+ args : [
+'-close_fd_mask=3',
+'-max_total_time=10',
+'-print_final_stats',
+ ]
+)
endif
endif
diff --git a/security.c b/security.c
index 19bf78f..7122a7f 100644
--- a/security.c
+++ b/security.c
@@ -46,6 +46,10 @@
# undef WANT_SECCOMP
#endif
+#if PAX_UTILS_LIBFUZZ
+# undef WANT_SECCOMP
+#endif
+
static int ns_unshare(int flags)
{
int flag, ret = 0;
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 8ed70f98b7299a8433bb22ae4144ead2bb3a83a8 Author: Frederic Cambus statdns com> AuthorDate: Sun Feb 12 10:51:01 2023 + Commit: Sam James gentoo org> CommitDate: Mon Feb 13 05:24:21 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8ed70f98 README: fix typo: s/peforming/performing. Signed-off-by: Sam James gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 539f3cc..99bbc3f 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ | VIEWVCS | https://gitweb.gentoo.org/proj/pax-utils.git/ | | STATUS | [](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml) [](https://scan.coverity.com/projects/gentoo-pax-utils) | -pax-utils is a small set of utilities for peforming Q/A (mostly security) +pax-utils is a small set of utilities for performing Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF format, but does include a Mach-O helper too for OS X systems.
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d1a646983084f3c5b82e67ee73e77e17a73dcdd6
Author: Frederic Cambus statdns com>
AuthorDate: Sat Feb 11 09:46:33 2023 +
Commit: Sam James gentoo org>
CommitDate: Mon Feb 13 05:24:05 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d1a64698
lddtree: allow lddtree.sh to find Xenocara libraries on OpenBSD.
Signed-off-by: Sam James gentoo.org>
lddtree.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lddtree.sh b/lddtree.sh
index 5271dae..c964ed6 100755
--- a/lddtree.sh
+++ b/lddtree.sh
@@ -45,7 +45,7 @@ elf_specs() {
sed -E 's: (LINUX|GNU)$: NONE:'
}
-lib_paths_fallback="${ROOT}lib* ${ROOT}usr/lib* ${ROOT}usr/local/lib*"
+lib_paths_fallback="${ROOT}lib* ${ROOT}usr/lib* ${ROOT}usr/local/lib*
${ROOT}usr/X11R6/lib*"
c_ldso_paths_loaded='false'
find_elf() {
_find_elf=''
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 755a512e6a3c2b015b8d54dc98f2f48bb9dd3971
Author: Sam James gentoo org>
AuthorDate: Sun Jan 29 05:40:05 2023 +
Commit: Sam James gentoo org>
CommitDate: Sun Jan 29 05:56:32 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=755a512e
Undo IWYU fixes
I wasn't paying enough attention, it's better to just fold the needed
bits into porting.h.
This reverts commit ffedc60fa41d307bda28fd108e6ff1b8da1fc2ee.
This reverts commit f8287200aec0ca33ef07fafcdd5aef0aa6eb1306.
This reverts commit aa907a42d89ddfd5a7e64d8182a1da35277f2f6e.
Bug: https://github.com/gentoo/pax-utils/pull/11#issuecomment-1407566344
Signed-off-by: Sam James gentoo.org>
dumpelf.c | 14 --
paxelf.c | 14 --
paxelf.h | 7 ---
paxinc.c | 8
paxinc.h | 11 +--
paxldso.c | 17 -
paxldso.h | 4
paxmacho.c| 13 -
paxmacho.h| 4
pspax.c | 22 +-
scanelf.c | 23 ---
scanmacho.c | 20
seccomp-bpf.c | 1 -
seccomp-bpf.h | 2 --
security.c| 13 -
security.h| 2 --
xfuncs.c | 7 ---
xfuncs.h | 2 --
18 files changed, 2 insertions(+), 182 deletions(-)
diff --git a/dumpelf.c b/dumpelf.c
index 877b0db..4742a50 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -8,21 +8,7 @@
const char argv0[] = "dumpelf";
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
#include "paxinc.h"
-#include "elf.h"
-#include "pax_utils_version.h"
-#include "porting.h"
-#include "security.h"
/* prototypes */
static void dump_ehdr(const elfobj *elf, const void *ehdr);
diff --git a/paxelf.c b/paxelf.c
index b072ba0..331f1b4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -6,21 +6,7 @@
* Copyright 2005-2012 Mike Frysinger -
*/
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
#include "paxinc.h"
-#include "elf.h"
-#include "paxelf.h"
-#include "porting.h"
-#include "xfuncs.h"
/*
* Setup a bunch of helper functions to translate
diff --git a/paxelf.h b/paxelf.h
index 31ef298..f252969 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -11,13 +11,6 @@
#ifndef _PAX_ELF_H
#define _PAX_ELF_H
-#include
-#include
-#include
-#include
-
-#include "elf.h"
-
typedef struct {
const void *phdr;
const void *shdr;
diff --git a/paxinc.c b/paxinc.c
index f87e8a6..64a3069 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -11,14 +11,6 @@
#define IN_paxinc
#include "paxinc.h"
-#include
-#include
-#include
-#include
-#include
-
-#include "xfuncs.h"
-
char do_reverse_endian;
/* some of this ar code was taken from busybox */
diff --git a/paxinc.h b/paxinc.h
index 52bbefd..3dd163a 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -11,16 +11,6 @@
#ifndef _PAX_INC_H
#define _PAX_INC_H
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
#include "porting.h"
#include "xfuncs.h"
#include "security.h"
@@ -45,6 +35,7 @@
#include "elf.h"
#include "paxelf.h"
#include "paxldso.h"
+
/* Mach-O love */
#include "macho.h"
#include "paxmacho.h"
diff --git a/paxldso.c b/paxldso.c
index d40d7ef..ce7facd 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -6,24 +6,7 @@
* Copyright 2004-2016 Mike Frysinger -
*/
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
#include "paxinc.h"
-#include "elf.h"
-#include "paxelf.h"
-#include "paxldso.h"
-#include "xfuncs.h"
/*
* ld.so.cache logic
diff --git a/paxldso.h b/paxldso.h
index fd9f344..91c7eed 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,10 +9,6 @@
#ifndef _PAX_LDSO_H
#define _PAX_LDSO_H
-#include "paxelf.h"
-#include "porting.h"
-#include "xfuncs.h"
-
/*
* ld.so.cache logic
*/
diff --git a/paxmacho.c b/paxmacho.c
index 39db1cb..74f02da 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -7,20 +7,7 @@
* 2008-2021 Fabian Groffen -
*/
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
#include "paxinc.h"
-#include "macho.h"
-#include "paxmacho.h"
-#include "xfuncs.h"
/* lil' static string pool */
static const char STR_BE[] = "BE";
diff --git a/paxmacho.h b/paxmacho.h
index b109af5..48ac854 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -12,10 +12,6 @@
#ifndef _PAX_MACHO_H
#define _PAX_MACHO_H
-#include
-#include
-#include
-
#include "macho.h"
#define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) :
value)
diff --git a/pspax.c b/pspax.c
index 369ed37..6094882 100644
--- a/pspax.c
+++ b/pspax.c
@@ -14,32 +14,12 @@
const char argv0[] = "pspax";
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-#include
-
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 731b5e1798e98694e6afa783065ff996331e8153 Author: Sam James gentoo org> AuthorDate: Sun Jan 29 05:56:03 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 05:56:33 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=731b5e17 porting.h: include for size_t, sort includes Signed-off-by: Sam James gentoo.org> porting.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/porting.h b/porting.h index 0d43a92..4f34302 100644 --- a/porting.h +++ b/porting.h @@ -29,15 +29,16 @@ #include #include #include +#include #include #include #include #include -#include -#include #include #include #include +#include +#include #include "elf.h" #if HAS_ALLOCA_H # include
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 781a3856ae53df051563645b45d8ff7033aea113 Author: Sam James gentoo org> AuthorDate: Sun Jan 29 05:55:51 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 05:56:33 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=781a3856 paxinc: include for alloca Signed-off-by: Sam James gentoo.org> paxinc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/paxinc.c b/paxinc.c index 64a3069..c6eab87 100644 --- a/paxinc.c +++ b/paxinc.c @@ -9,6 +9,7 @@ /* stick common symbols here that are needed by paxinc.h */ #define IN_paxinc +#include #include "paxinc.h" char do_reverse_endian;
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 65f4631bdc891fb2a8cfd13f92acaeeba3d9cf2b
Author: Sam James gentoo org>
AuthorDate: Sun Jan 29 03:44:43 2023 +
Commit: Sam James gentoo org>
CommitDate: Sun Jan 29 03:47:11 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=65f4631b
.github: add Alpine CI
Signed-off-by: Sam James gentoo.org>
.github/workflows/ci-alpine-linux.yml | 34 ++
1 file changed, 34 insertions(+)
diff --git a/.github/workflows/ci-alpine-linux.yml
b/.github/workflows/ci-alpine-linux.yml
new file mode 100644
index 000..de7157c
--- /dev/null
+++ b/.github/workflows/ci-alpine-linux.yml
@@ -0,0 +1,34 @@
+name: ci_alpine_linux
+
+on: [push, pull_request]
+
+jobs:
+
+ alpine:
+name: Alpine Linux
+runs-on: ubuntu-latest
+container: alpine:latest
+strategy:
+ fail-fast: false
+ matrix:
+compiler:
+ - gcc
+ - clang
+env:
+ CC: ${{ matrix.compiler }}
+steps:
+ - run: >-
+ apk --no-cache add \
+build-base \
+clang \
+meson \
+pkgconf \
+py3-elftools \
+libcap \
+libcap-dev \
+libseccomp \
+libseccomp-dev
+ - uses: actions/checkout@v2
+ - run: meson setup -Dtests=false -Duse_fuzzing=false builddir/
+ - run: meson compile -C builddir
+ - run: meson test --verbose -C builddir
[gentoo-commits] proj/pax-utils:master commit in: /
commit: ffedc60fa41d307bda28fd108e6ff1b8da1fc2ee Author: Sam James gentoo org> AuthorDate: Sun Jan 29 03:41:09 2023 + Commit: Sam James gentoo org> CommitDate: Sun Jan 29 03:41:51 2023 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ffedc60f *: IWYU fixes deux Signed-off-by: Sam James gentoo.org> dumpelf.c | 1 + paxelf.c | 1 + paxinc.c | 1 + paxinc.h | 1 + paxldso.c | 2 +- paxldso.h | 2 -- paxmacho.c| 1 + pspax.c | 1 + scanelf.c | 1 + scanmacho.c | 1 + seccomp-bpf.c | 1 + xfuncs.c | 1 + 12 files changed, 11 insertions(+), 3 deletions(-) diff --git a/dumpelf.c b/dumpelf.c index baa6358..877b0db 100644 --- a/dumpelf.c +++ b/dumpelf.c @@ -11,6 +11,7 @@ const char argv0[] = "dumpelf"; #include #include #include +#include #include #include #include diff --git a/paxelf.c b/paxelf.c index 0268fa4..b072ba0 100644 --- a/paxelf.c +++ b/paxelf.c @@ -7,6 +7,7 @@ */ #include +#include #include #include #include diff --git a/paxinc.c b/paxinc.c index 7dfd4ca..f87e8a6 100644 --- a/paxinc.c +++ b/paxinc.c @@ -12,6 +12,7 @@ #include "paxinc.h" #include +#include #include #include #include diff --git a/paxinc.h b/paxinc.h index 7eb6802..52bbefd 100644 --- a/paxinc.h +++ b/paxinc.h @@ -14,6 +14,7 @@ #include #include #include +#include #include #include #include diff --git a/paxldso.c b/paxldso.c index acab364..d40d7ef 100644 --- a/paxldso.c +++ b/paxldso.c @@ -8,9 +8,9 @@ #include #include -#include #include #include +#include #include #include #include diff --git a/paxldso.h b/paxldso.h index 1e95851..fd9f344 100644 --- a/paxldso.h +++ b/paxldso.h @@ -9,8 +9,6 @@ #ifndef _PAX_LDSO_H #define _PAX_LDSO_H -#include - #include "paxelf.h" #include "porting.h" #include "xfuncs.h" diff --git a/paxmacho.c b/paxmacho.c index fcdff4b..39db1cb 100644 --- a/paxmacho.c +++ b/paxmacho.c @@ -9,6 +9,7 @@ #include #include +#include #include #include #include diff --git a/pspax.c b/pspax.c index 1e75494..369ed37 100644 --- a/pspax.c +++ b/pspax.c @@ -21,6 +21,7 @@ const char argv0[] = "pspax"; #include #include #include +#include #include #include #include diff --git a/scanelf.c b/scanelf.c index ee990c9..d6bb14b 100644 --- a/scanelf.c +++ b/scanelf.c @@ -17,6 +17,7 @@ const char argv0[] = "scanelf"; #include #include #include +#include #include #include #include diff --git a/scanmacho.c b/scanmacho.c index fa1eee1..c38c5ed 100644 --- a/scanmacho.c +++ b/scanmacho.c @@ -16,6 +16,7 @@ const char argv0[] = "scanmacho"; #include #include #include +#include #include #include #include diff --git a/seccomp-bpf.c b/seccomp-bpf.c index 1d64172..7c3923f 100644 --- a/seccomp-bpf.c +++ b/seccomp-bpf.c @@ -11,6 +11,7 @@ const char argv0[] = "seccomp-bpf"; #include #include +#include #include #include #include diff --git a/xfuncs.c b/xfuncs.c index e912fb0..a68756b 100644 --- a/xfuncs.c +++ b/xfuncs.c @@ -8,6 +8,7 @@ #include #include +#include #include #include
[gentoo-commits] proj/pax-utils:master commit in: /
commit: aa907a42d89ddfd5a7e64d8182a1da35277f2f6e
Author: Sam James gentoo org>
AuthorDate: Sat Jan 28 10:14:46 2023 +
Commit: Sam James gentoo org>
CommitDate: Sat Jan 28 10:14:46 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=aa907a42
Make headers standalone (missing includes, prep for clang-tidy)
Signed-off-by: Sam James gentoo.org>
paxelf.h | 5 +
paxldso.h | 4
paxmacho.h| 2 ++
seccomp-bpf.h | 2 ++
security.h| 2 ++
xfuncs.h | 2 ++
6 files changed, 17 insertions(+)
diff --git a/paxelf.h b/paxelf.h
index f252969..ac41a64 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -11,6 +11,11 @@
#ifndef _PAX_ELF_H
#define _PAX_ELF_H
+#include
+#include
+#include
+#include
+
typedef struct {
const void *phdr;
const void *shdr;
diff --git a/paxldso.h b/paxldso.h
index 91c7eed..fd9f344 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,6 +9,10 @@
#ifndef _PAX_LDSO_H
#define _PAX_LDSO_H
+#include "paxelf.h"
+#include "porting.h"
+#include "xfuncs.h"
+
/*
* ld.so.cache logic
*/
diff --git a/paxmacho.h b/paxmacho.h
index 48ac854..c32ccbb 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -12,6 +12,8 @@
#ifndef _PAX_MACHO_H
#define _PAX_MACHO_H
+#include
+
#include "macho.h"
#define MGET(swapped, value) (swapped ? (__typeof__(value))bswap_32(value) :
value)
diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 80d6d94..21499f7 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -4,6 +4,8 @@
* See seccomp-bpf.c for details. */
#undef SECCOMP_BPF_AVAILABLE
+#include
+
#if defined(__aarch64__)
/* AARCH64 */
#define SECCOMP_BPF_AVAILABLE
diff --git a/security.h b/security.h
index 65e1ad5..ef2e82a 100644
--- a/security.h
+++ b/security.h
@@ -9,6 +9,8 @@
#ifndef _PAX_SECURITY_H
#define _PAX_SECURITY_H
+#include
+
/* Whether to enable features that significantly impact speed. */
#ifdef SLOW_SECURITY
# define USE_SLOW_SECURITY 1
diff --git a/xfuncs.h b/xfuncs.h
index 61577ec..5781d61 100644
--- a/xfuncs.h
+++ b/xfuncs.h
@@ -9,6 +9,8 @@
#ifndef __XFUNCS_H__
#define __XFUNCS_H__
+#include
+
char *xstrdup(const char *s);
void *xmalloc(size_t size);
void *xzalloc(size_t size);
[gentoo-commits] proj/pax-utils:master commit in: /
commit: f8287200aec0ca33ef07fafcdd5aef0aa6eb1306
Author: Sam James gentoo org>
AuthorDate: Sat Jan 28 10:15:57 2023 +
Commit: Sam James gentoo org>
CommitDate: Sat Jan 28 10:18:34 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=f8287200
*: IWYU fixes
Separate from the first commit as this one was done programmatically with
dev-util/include-what-you-use.
Signed-off-by: Sam James gentoo.org>
dumpelf.c | 13 +
paxelf.c| 13 +
paxelf.h| 2 ++
paxinc.c| 7 +++
paxinc.h| 10 +-
paxldso.c | 17 +
paxldso.h | 2 ++
paxmacho.c | 12
paxmacho.h | 2 ++
pspax.c | 21 -
scanelf.c | 22 ++
scanmacho.c | 19 +++
security.c | 13 +
xfuncs.c| 6 ++
14 files changed, 157 insertions(+), 2 deletions(-)
diff --git a/dumpelf.c b/dumpelf.c
index 4742a50..baa6358 100644
--- a/dumpelf.c
+++ b/dumpelf.c
@@ -8,7 +8,20 @@
const char argv0[] = "dumpelf";
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
#include "paxinc.h"
+#include "elf.h"
+#include "pax_utils_version.h"
+#include "porting.h"
+#include "security.h"
/* prototypes */
static void dump_ehdr(const elfobj *elf, const void *ehdr);
diff --git a/paxelf.c b/paxelf.c
index 331f1b4..0268fa4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -6,7 +6,20 @@
* Copyright 2005-2012 Mike Frysinger -
*/
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
#include "paxinc.h"
+#include "elf.h"
+#include "paxelf.h"
+#include "porting.h"
+#include "xfuncs.h"
/*
* Setup a bunch of helper functions to translate
diff --git a/paxelf.h b/paxelf.h
index ac41a64..31ef298 100644
--- a/paxelf.h
+++ b/paxelf.h
@@ -16,6 +16,8 @@
#include
#include
+#include "elf.h"
+
typedef struct {
const void *phdr;
const void *shdr;
diff --git a/paxinc.c b/paxinc.c
index 64a3069..7dfd4ca 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -11,6 +11,13 @@
#define IN_paxinc
#include "paxinc.h"
+#include
+#include
+#include
+#include
+
+#include "xfuncs.h"
+
char do_reverse_endian;
/* some of this ar code was taken from busybox */
diff --git a/paxinc.h b/paxinc.h
index 3dd163a..7eb6802 100644
--- a/paxinc.h
+++ b/paxinc.h
@@ -11,6 +11,15 @@
#ifndef _PAX_INC_H
#define _PAX_INC_H
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
#include "porting.h"
#include "xfuncs.h"
#include "security.h"
@@ -35,7 +44,6 @@
#include "elf.h"
#include "paxelf.h"
#include "paxldso.h"
-
/* Mach-O love */
#include "macho.h"
#include "paxmacho.h"
diff --git a/paxldso.c b/paxldso.c
index ce7facd..acab364 100644
--- a/paxldso.c
+++ b/paxldso.c
@@ -6,7 +6,24 @@
* Copyright 2004-2016 Mike Frysinger -
*/
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
#include "paxinc.h"
+#include "elf.h"
+#include "paxelf.h"
+#include "paxldso.h"
+#include "xfuncs.h"
/*
* ld.so.cache logic
diff --git a/paxldso.h b/paxldso.h
index fd9f344..1e95851 100644
--- a/paxldso.h
+++ b/paxldso.h
@@ -9,6 +9,8 @@
#ifndef _PAX_LDSO_H
#define _PAX_LDSO_H
+#include
+
#include "paxelf.h"
#include "porting.h"
#include "xfuncs.h"
diff --git a/paxmacho.c b/paxmacho.c
index 74f02da..fcdff4b 100644
--- a/paxmacho.c
+++ b/paxmacho.c
@@ -7,7 +7,19 @@
* 2008-2021 Fabian Groffen -
*/
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
#include "paxinc.h"
+#include "macho.h"
+#include "paxmacho.h"
+#include "xfuncs.h"
/* lil' static string pool */
static const char STR_BE[] = "BE";
diff --git a/paxmacho.h b/paxmacho.h
index c32ccbb..b109af5 100644
--- a/paxmacho.h
+++ b/paxmacho.h
@@ -13,6 +13,8 @@
#define _PAX_MACHO_H
#include
+#include
+#include
#include "macho.h"
diff --git a/pspax.c b/pspax.c
index 6094882..1e75494 100644
--- a/pspax.c
+++ b/pspax.c
@@ -14,12 +14,31 @@
const char argv0[] = "pspax";
-#include "paxinc.h"
#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
+#include "paxinc.h"
+#include "elf.h"
+#include "pax_utils_version.h"
+#include "paxelf.h"
+#include "security.h"
#ifdef WANT_SYSCAP
# undef _POSIX_SOURCE
# include
+
# define WRAP_SYSCAP(x) x
#else
# define WRAP_SYSCAP(x)
diff --git a/scanelf.c b/scanelf.c
index 50497b2..ee990c9 100644
--- a/scanelf.c
+++ b/scanelf.c
@@ -8,7 +8,29 @@
const char argv0[] = "scanelf";
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+#include
+
#include "paxinc.h"
+#include "elf.h"
+#include "pax_utils_version.h"
+#include
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d49fa503588cb9a89eda7eb7141b65507fa126ce
Author: Sam James gentoo org>
AuthorDate: Thu Jan 26 21:45:48 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu Jan 26 21:45:48 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d49fa503
meson.build: release 1.3.7
Signed-off-by: Sam James gentoo.org>
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index f39defc..0cb9a0e 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
project('pax-utils', 'c',
- version : '1.3.6',
+ version : '1.3.7',
license : 'GPL-2.0-only',
default_options : [
'warning_level=2',
[gentoo-commits] proj/pax-utils:master commit in: man/
commit: 9fb7fc342f28f8342d8de6ca2d71b1cf2b765ae3
Author: Sam James gentoo org>
AuthorDate: Sun Jan 22 04:11:18 2023 +
Commit: Sam James gentoo org>
CommitDate: Sun Jan 22 04:38:42 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9fb7fc34
meson: fix installation of (pre-generated) man pages w/o xmlto
Fixes: 502631b86d63c4604b0ed78ad86a054e9726e897
Signed-off-by: Sam James gentoo.org>
man/meson.build | 6 +-
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/man/meson.build b/man/meson.build
index 130c8ec..09ac0d5 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -1,8 +1,4 @@
-xmlto = find_program('xmlto', required : get_option('build_manpages'))
-
-if not xmlto.found()
- subdir_done()
-endif
+xmlto = find_program('xmlto', required : get_option('build_manpages'),
disabler: true)
docbook_conf = configuration_data()
docbook_conf.set('version', meson.project_version())
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0a7d8b69dc1dcb248c5313788e273374acbdfb52
Author: Sam James gentoo org>
AuthorDate: Fri Jan 6 07:09:11 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri Jan 6 07:09:13 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0a7d8b69
meson: release 1.3.6
Signed-off-by: Sam James gentoo.org>
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 0054ba4..f39defc 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
project('pax-utils', 'c',
- version : '1.3.5',
+ version : '1.3.6',
license : 'GPL-2.0-only',
default_options : [
'warning_level=2',
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 654de6dd526dc660faadee393f9de7bfc049c23f
Author: Sam James gentoo org>
AuthorDate: Fri Jan 6 06:43:34 2023 +
Commit: Sam James gentoo org>
CommitDate: Fri Jan 6 06:55:04 2023 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=654de6dd
CI: Add ASAN, UBSAN to CI
Signed-off-by: Sam James gentoo.org>
.github/workflows/build-test-ci.yml | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index 52c0ee1..18c13f0 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -3,12 +3,7 @@
name: Build+Test CI
-on:
- push:
-branches: [master, gh-actions]
-tags: [v*]
- pull_request:
-types: [created, opened, edited]
+on: [pull_request, push]
jobs:
make:
@@ -17,11 +12,13 @@ jobs:
os: [ubuntu-latest]
cc: [gcc, clang]
bb: [meson, muon]
+sanitizer: [none, address, undefined]
fail-fast: false
runs-on: ${{ matrix.os }}
env:
CC: ${{ matrix.cc }}
BB: ${{ matrix.bb }}
+ SANITIZER: ${{ matrix.sanitizer }}
steps:
- name: Install dependencies
run: |
@@ -53,6 +50,7 @@ jobs:
-Dbuild_manpages=disabled \
-Dtests=true \
-Duse_fuzzing=true \
+-Db_sanitize="${SANITIZER}" \
build
ninja -C build
( cd build && "$BB" test; )
[gentoo-commits] proj/pax-utils:master commit in: travis/
commit: 974b9359c2f89d57e69598572aafcd8f920d79e2 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 02:02:59 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 02:02:59 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=974b9359 travis: drop Followup to 22e3de54dee0d4efa6c3d14753f847677f0e8d98. Signed-off-by: Sam James gentoo.org> travis/autotools.tar.xz | Bin 9208 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/travis/autotools.tar.xz b/travis/autotools.tar.xz deleted file mode 100644 index 1c0c854..000 Binary files a/travis/autotools.tar.xz and /dev/null differ
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: fb6a858813afb897d50ecc268eab8f5bf3208490 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 00:40:28 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 00:40:46 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=fb6a8588 .github: update muon URL Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index 98a346d..52c0ee1 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -34,7 +34,7 @@ jobs: sudo pip3 install meson ;; muon) -wget https://muon.build/releases/muon-amd64-linux-static -O muon +wget https://muon.build/releases/edge/muon-edge-amd64-linux-static -O muon chmod +x muon sudo install -Dm755 muon /usr/local/bin/muon ;;
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: b8cea120c83f70d3f9077e41c18b40443cdb8cf0 Author: Sam James gentoo org> AuthorDate: Wed Nov 2 00:37:57 2022 + Commit: Sam James gentoo org> CommitDate: Wed Nov 2 00:38:55 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b8cea120 .github: run build-test-ci for all branches Signed-off-by: Sam James gentoo.org> Closes: https://github.com/gentoo/pax-utils/pull/8 Signed-off-by: Sam James gentoo.org> .github/workflows/build-test-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml index e2b7e0e..98a346d 100644 --- a/.github/workflows/build-test-ci.yml +++ b/.github/workflows/build-test-ci.yml @@ -8,8 +8,7 @@ on: branches: [master, gh-actions] tags: [v*] pull_request: -types: [opened] -branches: [master] +types: [created, opened, edited] jobs: make:
[gentoo-commits] proj/pax-utils:master commit in: /, man/
commit: 502631b86d63c4604b0ed78ad86a054e9726e897
Author: Sam James gentoo org>
AuthorDate: Wed Nov 2 00:37:57 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Nov 2 00:38:55 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=502631b8
meson: include generated man pages in dist tarballs
Meson doesn't have an idiomatic way of doing this (for once!)
so we have to (per Eli Schwartz, thanks!) have:
1. a dist script which duplicates the build rule;
2. some meson.build if/else logic with fs.exists() to prefer the built manpage
when using tarballs
Sadly, still can't easily regenerate man pages if
you apply a patch downstream though.
We use Michael Stapelberg's example from the linked bug as inspiration.
Bug: https://github.com/mesonbuild/meson/issues/2166
Reported-by: psykose ayaya.dev>
Thanks-to: Eli Schwartz archlinux.org>
Signed-off-by: Sam James gentoo.org>
man/meson.build | 37 -
meson-build-dist-man.sh | 12
meson.build | 2 ++
3 files changed, 38 insertions(+), 13 deletions(-)
diff --git a/man/meson.build b/man/meson.build
index 2e346ec..130c8ec 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -18,20 +18,31 @@ pages = [
'dumpelf.docbook', 'pspax.docbook', 'scanelf.docbook', 'scanmacho.docbook'
]
+fs = import('fs')
+
out_pages = []
+generated_man_pages_exist = true
foreach page : pages
- out_pages += page.replace('.docbook', '.1')
+ man_page_name = page.replace('.docbook', '.1')
+ out_pages += man_page_name
+ if not fs.exists(man_page_name)
+ generated_man_pages_exist = false
+ endif
endforeach
-custom_target('docbook_to_man',
- command : [
-xmlto, '-x', files('custom.xsl'), '--skip-validation',
-'-o', meson.current_build_dir(), 'man', book
- ],
- input : [
-'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail',
- ] + pages,
- output : out_pages,
- install : true,
- install_dir : get_option('mandir') / 'man1'
-)
+if generated_man_pages_exist
+ install_man(out_pages)
+else
+ custom_target('docbook_to_man',
+command : [
+ xmlto, '-x', files('custom.xsl'), '--skip-validation',
+ '-o', meson.current_build_dir(), 'man', book
+],
+input : [
+ 'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail',
+] + pages,
+output : out_pages,
+install : true,
+install_dir : get_option('mandir') / 'man1'
+ )
+endif
diff --git a/meson-build-dist-man.sh b/meson-build-dist-man.sh
new file mode 100755
index 000..699a380
--- /dev/null
+++ b/meson-build-dist-man.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# This script should be invoked by meson itself (via 'meson dist')
+# See https://github.com/mesonbuild/meson/issues/2166 and more specifically,
+# https://github.com/mesonbuild/meson/issues/2166#issuecomment-629696911.
+set -eu
+
+cd "${MESON_DIST_ROOT}"
+mkdir build
+meson setup build -Dbuild_manpages=enabled
+meson compile -C build
+cp build/man/* man/
+rm -rf build
diff --git a/meson.build b/meson.build
index 0ee2630..0054ba4 100644
--- a/meson.build
+++ b/meson.build
@@ -138,6 +138,8 @@ install_data('symtree.sh',
subdir('man')
+meson.add_dist_script('meson-build-dist-man.sh')
+
do_tests = get_option('tests')
if do_tests
subdir('tests/lddtree')
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b07b25dcc8ad0e518d801bc23d01fb59cc6de442
Author: Mike Frysinger chromium org>
AuthorDate: Wed Sep 28 06:03:01 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:17 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b07b25dc
lddtree: add typing info to more places
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 87 +++---
1 file changed, 61 insertions(+), 26 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index ecb353d..6939bb6 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -48,6 +48,7 @@ import mmap
import os
import shutil
import sys
+from typing import Any, Iterable, Optional, Union
assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found
{sys.version}'
@@ -60,31 +61,31 @@ from elftools.common import exceptions
from elftools.elf.elffile import ELFFile
-def warn(msg, prefix='warning'):
+def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
"""Write |msg| to stderr with a |prefix| before it"""
print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg),
file=sys.stderr)
-def err(msg, status=1):
+def err(msg: Any, status: Optional[int] = 1) -> None:
"""Write |msg| to stderr and exit with |status|"""
warn(msg, prefix='error')
sys.exit(status)
-def dbg(debug, *args, **kwargs):
+def dbg(debug: bool, *args, **kwargs) -> None:
"""Pass |args| and |kwargs| to print() when |debug| is True"""
if debug:
print(*args, **kwargs)
-def bstr(buf):
+def bstr(buf: Union[bytes, str]) -> str:
"""Decode the byte string into a string"""
if isinstance(buf, str):
return buf
return buf.decode('utf-8')
-def normpath(path):
+def normpath(path: str) -> str:
"""Normalize a path
Python's os.path.normpath() doesn't handle some cases:
@@ -96,7 +97,7 @@ def normpath(path):
@functools.lru_cache(maxsize=None)
-def readlink(path, root, prefixed=False):
+def readlink(path: str, root: str, prefixed: Optional[bool] = False) -> str:
"""Like os.readlink(), but relative to a |root|
This does not currently handle the pathological case:
@@ -124,14 +125,14 @@ def readlink(path, root, prefixed=False):
return normpath((root + path) if prefixed else path)
-def dedupe(items):
+def dedupe(items: list[str]) -> list[str]:
"""Remove all duplicates from |items| (keeping order)"""
-seen = {}
+seen: dict[str, str] = {}
return [seen.setdefault(x, x) for x in items if x not in seen]
@functools.lru_cache(maxsize=None)
-def interp_supports_argv0(interp) -> bool:
+def interp_supports_argv0(interp: str) -> bool:
"""See whether |interp| supports the --argv0 option.
Starting with glibc-2.33, the ldso supports --argv0 to override argv[0].
@@ -141,7 +142,12 @@ def interp_supports_argv0(interp) -> bool:
return mm.find(b'--argv0') >= 0
-def GenerateLdsoWrapper(root, path, interp, libpaths=()):
+def GenerateLdsoWrapper(
+root: str,
+path: str,
+interp: str,
+libpaths: Iterable[str] = (),
+) -> None:
"""Generate a shell script wrapper which uses local ldso to run the ELF
Since we cannot rely on the host glibc (or other libraries), we need to
@@ -190,7 +196,12 @@ exec \\
@functools.lru_cache(maxsize=None)
-def ParseLdPaths(str_ldpaths, root='', cwd=None, path=None):
+def ParseLdPaths(
+str_ldpaths: str,
+root: str = "",
+cwd: Optional[str] = None,
+path: str = "",
+) -> list[str]:
"""Parse the colon-delimited list of paths and apply ldso rules to each
Note the special handling as dictated by the ldso:
@@ -232,7 +243,12 @@ def ParseLdPaths(str_ldpaths, root='', cwd=None,
path=None):
return dedupe(ldpaths)
-def ParseLdSoConf(ldso_conf, root='/', debug=False, _first=True):
+def ParseLdSoConf(
+ldso_conf: str,
+root: str = "/",
+debug: bool = False,
+_first: bool = True,
+) -> list[str]:
"""Load all the paths from a given ldso config file
This should handle comments, whitespace, and "include" statements.
@@ -283,7 +299,12 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False,
_first=True):
return paths
-def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
+def LoadLdpaths(
+root: str = "/",
+cwd: Optional[str] = None,
+prefix: str = "",
+debug: bool = False,
+) -> dict[str, list[str]]:
"""Load linker paths from common locations
This parses the ld.so.conf and LD_LIBRARY_PATH env var.
@@ -297,7 +318,7 @@ def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
Returns:
dict containing library paths to search
"""
-ldpaths = {
+ldpaths: dict[str, list[str]] = {
'conf': [],
'env': [],
'interp': [],
@@ -321,7 +342,7 @@ def LoadLdpaths(root='/', cwd=None, prefix='', debug=False):
return ldpaths
-def CompatibleELFs(elf1, elf2):
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 1ddedd87363c65d6b910fe32da0f1764ba1329a9
Author: Mike Frysinger chromium org>
AuthorDate: Wed Sep 28 07:39:56 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:17 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1ddedd87
lddtree: reformat with black
Largely this is just single quotes -> double quotes.
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 503 -
1 file changed, 294 insertions(+), 209 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index d894505..e851ac1 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -50,7 +50,7 @@ import shutil
import sys
from typing import Any, Iterable, Optional, Union
-assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found
{sys.version}'
+assert sys.version_info >= (3, 6), f"Python 3.6+ required, but found
{sys.version}"
try:
import argcomplete
@@ -63,12 +63,12 @@ from elftools.elf.elffile import ELFFile
def warn(msg: Any, prefix: Optional[str] = "warning") -> None:
"""Write |msg| to stderr with a |prefix| before it"""
-print('%s: %s: %s' % (os.path.basename(sys.argv[0]), prefix, msg),
file=sys.stderr)
+print("%s: %s: %s" % (os.path.basename(sys.argv[0]), prefix, msg),
file=sys.stderr)
def err(msg: Any, status: Optional[int] = 1) -> None:
"""Write |msg| to stderr and exit with |status|"""
-warn(msg, prefix='error')
+warn(msg, prefix="error")
sys.exit(status)
@@ -82,7 +82,7 @@ def bstr(buf: Union[bytes, str]) -> str:
"""Decode the byte string into a string"""
if isinstance(buf, str):
return buf
-return buf.decode('utf-8')
+return buf.decode("utf-8")
def normpath(path: str) -> str:
@@ -93,7 +93,7 @@ def normpath(path: str) -> str:
//..// -> //
//..//..// -> ///
"""
-return os.path.normpath(path).replace('//', '/')
+return os.path.normpath(path).replace("//", "/")
@functools.lru_cache(maxsize=None)
@@ -115,9 +115,9 @@ def readlink(path: str, root: str, prefixed: Optional[bool]
= False) -> str:
Returns:
A fully resolved symlink path
"""
-root = root.rstrip('/')
+root = root.rstrip("/")
if prefixed:
-path = path[len(root):]
+path = path[len(root) :]
while os.path.islink(root + path):
path = os.path.join(os.path.dirname(path), os.readlink(root + path))
@@ -137,9 +137,9 @@ def interp_supports_argv0(interp: str) -> bool:
Starting with glibc-2.33, the ldso supports --argv0 to override argv[0].
"""
-with open(interp, 'rb') as fp:
+with open(interp, "rb") as fp:
with mmap.mmap(fp.fileno(), 0, prot=mmap.PROT_READ) as mm:
-return mm.find(b'--argv0') >= 0
+return mm.find(b"--argv0") >= 0
def GenerateLdsoWrapper(
@@ -165,12 +165,11 @@ def GenerateLdsoWrapper(
# Add ldso interpreter dir to end of libpaths as a fallback library path.
libpaths = dedupe(list(libpaths) + [interp_dir])
replacements = {
-'interp': os.path.join(os.path.relpath(interp_dir, basedir),
- interp_name),
+"interp": os.path.join(os.path.relpath(interp_dir, basedir),
interp_name),
"libpaths": ":".join(
"${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
),
-'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp)
else '',
+"argv0_arg": '--argv0 "$0"' if interp_supports_argv0(root + interp)
else "",
}
wrapper = """#!/bin/sh
if ! base=$(realpath "$0" 2>/dev/null); then
@@ -190,8 +189,8 @@ exec \\
"$@"
"""
wrappath = root + path
-os.rename(wrappath, wrappath + '.elf')
-with open(wrappath, 'w', encoding='utf-8') as f:
+os.rename(wrappath, wrappath + ".elf")
+with open(wrappath, "w", encoding="utf-8") as f:
f.write(wrapper % replacements)
os.chmod(wrappath, 0o0755)
@@ -223,17 +222,17 @@ def ParseLdPaths(
cwd = os.getcwd()
ldpaths = []
-for ldpath in str_ldpaths.split(':'):
+for ldpath in str_ldpaths.split(":"):
# Expand placeholders first.
-if '$ORIGIN' in ldpath:
-ldpath = ldpath.replace('$ORIGIN', os.path.dirname(path))
-elif '${ORIGIN}' in ldpath:
-ldpath = ldpath.replace('${ORIGIN}', os.path.dirname(path))
+if "$ORIGIN" in ldpath:
+ldpath = ldpath.replace("$ORIGIN", os.path.dirname(path))
+elif "${ORIGIN}" in ldpath:
+ldpath = ldpath.replace("${ORIGIN}", os.path.dirname(path))
# Expand relative paths if needed. These don't make sense in general,
# but that doesn't stop people from using them. As such, root prefix
# doesn't make sense with it either.
-if not ldpath.startswith('/'):
+if not ldpath.startswith("/"):
# NB: The ldso treats "" paths as cwd too.
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c8f5de35cfa59ce7620ed646cce9c9715b0ed72e
Author: Mike Frysinger chromium org>
AuthorDate: Wed Sep 28 05:46:01 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:17 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c8f5de35
lddtree: switch to f-strings in most places
These are a bit more readable than % formatting.
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 35 ++-
1 file changed, 18 insertions(+), 17 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 349bace..ecb353d 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -250,7 +250,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False,
_first=True):
dbg_pfx = '' if _first else ' '
try:
-dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf))
+dbg(debug, f"{dbg_pfx}ParseLdSoConf({ldso_conf})")
with open(ldso_conf, encoding='utf-8') as f:
for line in f.readlines():
line = line.split('#', 1)[0].strip()
@@ -262,7 +262,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False,
_first=True):
line = root + line.lstrip('/')
else:
line = os.path.dirname(ldso_conf) + '/' + line
-dbg(debug, '%s glob: %s' % (dbg_pfx, line))
+dbg(debug, dbg_pfx, "glob:", line)
# ldconfig in glibc uses glob() which returns entries
sorted according
# to LC_COLLATE. Further, ldconfig does not reset that
but respects
# the active env settings (which might be a mistake).
Python does not
@@ -336,7 +336,7 @@ def CompatibleELFs(elf1, elf2):
"""
osabis = frozenset([e.header['e_ident']['EI_OSABI'] for e in (elf1, elf2)])
compat_sets = (
-frozenset('ELFOSABI_%s' % x for x in ('NONE', 'SYSV', 'GNU',
'LINUX',)),
+frozenset(f"ELFOSABI_{x}" for x in ("NONE", "SYSV", "GNU", "LINUX")),
)
return ((len(osabis) == 1 or any(osabis.issubset(x) for x in compat_sets))
and
elf1.elfclass == elf2.elfclass and
@@ -357,13 +357,13 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
Returns:
Tuple of the full path to the desired library and the real path to it
"""
-dbg(debug, ' FindLib(%s)' % lib)
+dbg(debug, f" FindLib({lib})")
for ldpath in ldpaths:
path = os.path.join(ldpath, lib)
target = readlink(path, root, prefixed=True)
if path != target:
-dbg(debug, 'checking: %s -> %s' % (path, target))
+dbg(debug, "checking:", path, "->", target)
else:
dbg(debug, 'checking:', path)
@@ -374,7 +374,7 @@ def FindLib(elf, lib, ldpaths, root='/', debug=False):
if CompatibleELFs(elf, libelf):
return (target, path)
except exceptions.ELFError as e:
-warn('%s: %s' % (target, e))
+warn(f"{target}: {e}")
return (None, None)
@@ -429,7 +429,7 @@ def ParseELF(path, root='/', cwd=None, prefix='',
'libs': _all_libs,
}
-dbg(debug, 'ParseELF(%s)' % path)
+dbg(debug, f"ParseELF({path})")
with open(path, 'rb') as f:
try:
@@ -527,7 +527,7 @@ def ParseELF(path, root='/', cwd=None, prefix='',
lret = ParseELF(realpath, root, cwd, prefix, ldpaths,
display=fullpath,
debug=debug, _first=False,
_all_libs=_all_libs)
except exceptions.ELFError as e:
-warn('%s: %s' % (realpath, e))
+warn(f"{realpath}: {e}")
_all_libs[lib]['needed'] = lret['needed']
del elf
@@ -549,13 +549,14 @@ def _ActionShow(options, elf):
if options.list:
print(fullpath or lib)
else:
-print('%s%s => %s' % ('' * depth, lib, fullpath))
+indent = "" * depth
+print(f"{indent}{lib}", "=>", fullpath)
new_libs = []
for lib in elf['libs'][lib]['needed']:
if lib in chain_libs:
if not options.list:
-print('%s%s => !!! circular loop !!!' % ('' * depth,
lib))
+print(f"{indent}{lib} => !!! circular loop !!!")
continue
if options.all or not lib in shown_libs:
shown_libs.add(lib)
@@ -584,7 +585,7 @@ def _ActionShow(options, elf):
if not interp is None:
print(interp)
else:
-print('%s (interpreter => %s)' % (elf['path'], interp))
+print(elf["path"], f"(interpreter => {interp})")
for lib in new_libs:
_show(lib, 1)
@@ -627,7 +628,7 @@ def _ActionCopy(options, elf):
raise
if options.verbose:
-print('%s -> %s' % (src, dst))
+print(src, "->",
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 30d1f02c1482ea5371ee4e0a36276ae03b186208
Author: Mike Frysinger chromium org>
AuthorDate: Wed Sep 28 07:40:48 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:17 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=30d1f02c
pylint: reformat with black
Also drop a few Python 2 specific things.
Signed-off-by: Mike Frysinger gentoo.org>
pylint | 19 ---
1 file changed, 8 insertions(+), 11 deletions(-)
diff --git a/pylint b/pylint
index 38d77a2..463dc03 100755
--- a/pylint
+++ b/pylint
@@ -1,12 +1,9 @@
#!/usr/bin/env python
-# -*- coding: utf-8 -*-
# Copyright 1999-2020 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
"""Run pylint with the right settings."""
-from __future__ import print_function
-
import os
import sys
@@ -17,10 +14,10 @@ def find_all_modules(source_root):
for root, _dirs, files in os.walk(source_root, topdown=False):
# Add all of the .py modules in the tree.
-ret += [os.path.join(root, x) for x in files if x.endswith('.py')]
+ret += [os.path.join(root, x) for x in files if x.endswith(".py")]
# Add the main scripts that don't end in .py.
-ret += [os.path.join(source_root, x) for x in ('pylint',)]
+ret += [os.path.join(source_root, x) for x in ("pylint",)]
return ret
@@ -33,17 +30,17 @@ def main(argv):
argv = find_all_modules(source_root)
pympath = source_root
-pythonpath = os.environ.get('PYTHONPATH')
+pythonpath = os.environ.get("PYTHONPATH")
if pythonpath is None:
pythonpath = pympath
else:
-pythonpath = pympath + ':' + pythonpath
-os.environ['PYTHONPATH'] = pythonpath
+pythonpath = pympath + ":" + pythonpath
+os.environ["PYTHONPATH"] = pythonpath
-pylintrc = os.path.join(source_root, '.pylintrc')
-cmd = ['pylint', '--rcfile', pylintrc]
+pylintrc = os.path.join(source_root, ".pylintrc")
+cmd = ["pylint", "--rcfile", pylintrc]
os.execvp(cmd[0], cmd + argv)
-if __name__ == '__main__':
+if __name__ == "__main__":
sys.exit(main(sys.argv[1:]))
[gentoo-commits] proj/pax-utils:master commit in: /
commit: b74963dd2346fb526382635b7d6317653417256a
Author: Mike Frysinger chromium org>
AuthorDate: Wed Sep 28 06:57:56 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:17 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=b74963dd
lddtree: simplify join logic
No need to create a list to past to join when we can pass a generator.
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 6939bb6..85dd91f 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -167,8 +167,9 @@ def GenerateLdsoWrapper(
replacements = {
'interp': os.path.join(os.path.relpath(interp_dir, basedir),
interp_name),
-'libpaths': ':'.join(['${basedir}/' + os.path.relpath(p, basedir)
- for p in libpaths]),
+"libpaths": ":".join(
+"${basedir}/" + os.path.relpath(p, basedir) for p in libpaths
+),
'argv0_arg': '--argv0 "$0"' if interp_supports_argv0(root + interp)
else '',
}
wrapper = """#!/bin/sh
[gentoo-commits] proj/pax-utils:master commit in: /
commit: bbb4e5d73ee1f3df12a1cd467beca3a476c5f054
Author: Mike Frysinger chromium org>
AuthorDate: Wed Sep 28 07:03:11 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:17 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bbb4e5d7
lddtree: avoid shadowing function args
pylint warns about redefining |lib| here, and it's right -- the code
is a little hard to follow because of it. So give it a diff name.
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 16
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 85dd91f..d894505 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -589,17 +589,17 @@ def _ActionShow(options: argparse.Namespace, elf: dict):
print(f"{indent}{lib}", "=>", fullpath)
new_libs = []
-for lib in elf['libs'][lib]['needed']:
-if lib in chain_libs:
+for nlib in elf["libs"][lib]["needed"]:
+if nlib in chain_libs:
if not options.list:
-print(f"{indent}{lib} => !!! circular loop !!!")
+print(f"{indent}{nlib} => !!! circular loop !!!")
continue
-if options.all or not lib in shown_libs:
-shown_libs.add(lib)
-new_libs.append(lib)
+if options.all or not nlib in shown_libs:
+shown_libs.add(nlib)
+new_libs.append(nlib)
-for lib in new_libs:
-_show(lib, depth + 1)
+for nlib in new_libs:
+_show(nlib, depth + 1)
chain_libs.pop()
shown_libs = set(elf['needed'])
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 413a60a31daafe60a539fc113dafb1760abb1d20
Author: Manoj Gupta chromium org>
AuthorDate: Mon Nov 1 18:23:22 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 28 07:42:14 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=413a60a3
lddtree: Add logging for ELFParseError
Add logging inside parseELF to print the bad file if the parser
fails with ELFParseError.
Bug: https://issuetracker.google.com/issues/203821449
Signed-off-by: Manoj Gupta chromium.org>
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index 3c9d66f..349bace 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -432,7 +432,11 @@ def ParseELF(path, root='/', cwd=None, prefix='',
dbg(debug, 'ParseELF(%s)' % path)
with open(path, 'rb') as f:
-elf = ELFFile(f)
+try:
+elf = ELFFile(f)
+except exceptions.ELFParseError:
+warn("ELFParser failed to parse", path)
+raise
# If this is the first ELF, extract the interpreter.
if _first:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: a94b2f664714a33eeeb492efe87525fa9947a644
Author: Mike Frysinger gentoo org>
AuthorDate: Wed Sep 21 08:28:55 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Sep 21 08:28:55 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=a94b2f66
lddtree: specify utf-8 encoding with text files
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lddtree.py b/lddtree.py
index 1f66b4d..3c9d66f 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -184,7 +184,7 @@ exec \\
"""
wrappath = root + path
os.rename(wrappath, wrappath + '.elf')
-with open(wrappath, 'w') as f:
+with open(wrappath, 'w', encoding='utf-8') as f:
f.write(wrapper % replacements)
os.chmod(wrappath, 0o0755)
@@ -251,7 +251,7 @@ def ParseLdSoConf(ldso_conf, root='/', debug=False,
_first=True):
dbg_pfx = '' if _first else ' '
try:
dbg(debug, '%sParseLdSoConf(%s)' % (dbg_pfx, ldso_conf))
-with open(ldso_conf) as f:
+with open(ldso_conf, encoding='utf-8') as f:
for line in f.readlines():
line = line.split('#', 1)[0].strip()
if not line:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: e165b0bc20911f4727a9a736560ee321fe0c1712 Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 21 08:26:01 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 21 08:26:22 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e165b0bc lddtree: sort imports Should be no functional change. Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lddtree.py b/lddtree.py index 7cb4348..1f66b4d 100755 --- a/lddtree.py +++ b/lddtree.py @@ -41,9 +41,9 @@ they need will be placed into /foo/lib/ only. """ import argparse +import errno import functools import glob -import errno import mmap import os import shutil @@ -56,8 +56,8 @@ try: except ImportError: argcomplete = None -from elftools.elf.elffile import ELFFile from elftools.common import exceptions +from elftools.elf.elffile import ELFFile def warn(msg, prefix='warning'):
[gentoo-commits] proj/pax-utils:master commit in: /
commit: ec9220bb190671152703a837da56148d42f1ff8d Author: Mike Frysinger chromium org> AuthorDate: Wed Sep 21 08:19:18 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Wed Sep 21 08:21:04 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=ec9220bb lddtree: update CrOS copyright line Signed-off-by: Mike Frysinger gentoo.org> lddtree.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lddtree.py b/lddtree.py index 3afcfac..7cb4348 100755 --- a/lddtree.py +++ b/lddtree.py @@ -2,7 +2,7 @@ # PYTHON_ARGCOMPLETE_OK # Copyright 2012-2014 Gentoo Foundation # Copyright 2012-2014 Mike Frysinger -# Copyright 2012-2014 The Chromium OS Authors +# Copyright 2012-2014 The ChromiumOS Authors # Use of this source code is governed by a BSD-style license (BSD-3) """Read the ELF dependency tree and show it
[gentoo-commits] proj/pax-utils:master commit in: man/
commit: 2d981305b117b669c60bede076557c2d765cf198
Author: Mike Gilbert gentoo org>
AuthorDate: Thu Sep 8 00:13:00 2022 +
Commit: Mike Gilbert gentoo org>
CommitDate: Thu Sep 8 00:17:00 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=2d981305
man: reorder xmlto arguments
Bug: https://bugs.gentoo.org/869110
Thanks-to: Fabian Groffen gentoo.org>
Signed-off-by: Mike Gilbert gentoo.org>
man/meson.build | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/meson.build b/man/meson.build
index fc8d183..2e346ec 100644
--- a/man/meson.build
+++ b/man/meson.build
@@ -25,8 +25,8 @@ endforeach
custom_target('docbook_to_man',
command : [
-xmlto, 'man', '-x', files('custom.xsl'), '--skip-validation', book,
-'-o', meson.current_build_dir()
+xmlto, '-x', files('custom.xsl'), '--skip-validation',
+'-o', meson.current_build_dir(), 'man', book
],
input : [
'pax-utils.docbook.in', 'custom.xsl', 'fragment/reftail',
[gentoo-commits] proj/pax-utils:master commit in: /
commit: df2f3b5ba0d52dc4e27a832de4b8f468b029e357
Author: Sam James gentoo org>
AuthorDate: Sun Jul 31 04:52:25 2022 +
Commit: Sam James gentoo org>
CommitDate: Sun Jul 31 04:56:14 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=df2f3b5b
meson.build: prepare for 1.3.5
Signed-off-by: Sam James gentoo.org>
meson.build | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meson.build b/meson.build
index 6a5dd66..0ee2630 100644
--- a/meson.build
+++ b/meson.build
@@ -1,5 +1,5 @@
project('pax-utils', 'c',
- version : '1.3.5-pre',
+ version : '1.3.5',
license : 'GPL-2.0-only',
default_options : [
'warning_level=2',
[gentoo-commits] proj/pax-utils:master commit in: /
commit: bac6818bd82acea720a0a961c62321982ec381e7
Author: Arsen Arsenović aarsen me>
AuthorDate: Sat Jun 25 17:04:50 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Jul 12 06:33:20 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=bac6818b
security.h: suppress unused argument warning on allow_forking
Signed-off-by: Arsen Arsenović aarsen.me>
Signed-off-by: Sam James gentoo.org>
security.c | 1 +
security.h | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/security.c b/security.c
index 4fecfa3..19bf78f 100644
--- a/security.c
+++ b/security.c
@@ -94,6 +94,7 @@ void security_init_pid(void)
void security_init(bool allow_forking)
{
+ (void) allow_forking;
int flags;
if (!ALLOW_PIDNS)
diff --git a/security.h b/security.h
index c93ec3e..65e1ad5 100644
--- a/security.h
+++ b/security.h
@@ -22,7 +22,7 @@ void security_init(bool allow_forking);
/* Disable forking; usable only when allow_forking above was true. */
void security_init_pid(void);
#else
-static inline void security_init(bool allow_forking) {}
+static inline void security_init(bool allow_forking) { (void) allow_forking; }
static inline void security_init_pid(void) {}
#endif
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/, /
commit: e41af8d4c5cc22a5dd824e3ffe84000e9aef3480
Author: Arsen Arsenović aarsen me>
AuthorDate: Tue Jun 28 08:38:45 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Jul 12 06:33:20 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e41af8d4
gha: add muon to Linux test matrix
Signed-off-by: Arsen Arsenović aarsen.me>
Closes: https://github.com/gentoo/pax-utils/pull/7
Signed-off-by: Sam James gentoo.org>
.github/workflows/build-test-ci.yml | 38 -
meson_options.txt | 6 +++---
2 files changed, 32 insertions(+), 12 deletions(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index 04d6fc5..e2b7e0e 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -17,26 +17,46 @@ jobs:
matrix:
os: [ubuntu-latest]
cc: [gcc, clang]
+bb: [meson, muon]
+ fail-fast: false
runs-on: ${{ matrix.os }}
env:
CC: ${{ matrix.cc }}
+ BB: ${{ matrix.bb }}
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-pyelftools python3-pip \
-libcap-dev libseccomp-dev ninja-build
-sudo pip3 install meson
+libcap-dev libseccomp-dev ninja-build \
+pkg-config
+case "$BB" in
+ meson)
+sudo pip3 install meson
+;;
+ muon)
+wget https://muon.build/releases/muon-amd64-linux-static -O muon
+chmod +x muon
+sudo install -Dm755 muon /usr/local/bin/muon
+;;
+esac
- uses: actions/checkout@v2
- run: |
-meson -Duse_libcap=enabled \
- -Duse_seccomp=true \
- -Dbuild_manpages=disabled \
- -Dtests=true \
- -Duse_fuzzing=true \
- build
+export PKG_CONFIG_PATH="/usr/lib/$(uname -m)-linux-gnu/pkgconfig/"
+case "$BB" in
+ muon)
+alias ninja="muon samu"
+;;
+esac
+
+"$BB" setup -Duse_libcap=enabled \
+-Duse_seccomp=true \
+-Dbuild_manpages=disabled \
+-Dtests=true \
+-Duse_fuzzing=true \
+build
ninja -C build
-ninja -C build test
+( cd build && "$BB" test; )
build-macos:
strategy:
diff --git a/meson_options.txt b/meson_options.txt
index c96865d..04b51fe 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -4,14 +4,14 @@ option('lddtree_implementation', type : 'combo',
option('use_libcap', type : 'feature', value : 'auto',
description : 'Enable listing capabilities in pspax output (requires libcap)'
)
-option('use_seccomp', type : 'boolean', value : 'true',
+option('use_seccomp', type : 'boolean', value : true,
description : 'Enable seccomp filters at runtime (does *not* require
libseccomp, but does require kernel support)'
)
option('build_manpages', type : 'feature', value : 'auto',
description : 'Build manuals via DocBook (requires xmlto)')
-option('tests', type : 'boolean', value : 'true'
+option('tests', type : 'boolean', value : true,
description : 'Enable testing (not guaranteed to work)'
)
-option('use_fuzzing', type : 'boolean', value : 'true',
+option('use_fuzzing', type : 'boolean', value : true,
description : 'Also build LibFuzzer fuzzers as tests'
)
[gentoo-commits] proj/pax-utils:master commit in: tests/source/, /
commit: 7b95b1831d71396150c5cb10d4edf899e135d068
Author: Arsen Arsenović aarsen me>
AuthorDate: Fri Jun 24 14:03:46 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Jul 12 06:33:20 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=7b95b183
Probe the target system for needed headers
This prevents new or unconventional systems requiring upstream changes,
though, this is not perfect, as it doesn't address some of the other
defines related to OSes the preprocessor does (namely, wrt the ldso
cache handling). I didn't touch these yet as I took a more conservative
approach of (probably) not changing what happens at runtime.
Signed-off-by: Arsen Arsenović aarsen.me>
Signed-off-by: Sam James gentoo.org>
porting.h | 25 +++--
tests/source/dotest | 2 +-
2 files changed, 12 insertions(+), 15 deletions(-)
diff --git a/porting.h b/porting.h
index 8e5542d..0d43a92 100644
--- a/porting.h
+++ b/porting.h
@@ -11,9 +11,7 @@
#ifndef _PORTING_H
#define _PORTING_H
-#ifdef HAVE_CONFIG_H
-# include "config.h"
-#endif
+#include "probes.h"
#define ARRAY_SIZE(arr) (sizeof(arr) / sizeof(*arr))
@@ -41,36 +39,36 @@
#include
#include
#include "elf.h"
-#if !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__)
+#if HAS_ALLOCA_H
# include
#endif
-#if defined(__linux__)
+#if HAS_SYS_PRCTL_H
# include
-# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECCOMP_H)
+# if HAS_LINUX_SECCOMP_H
# include
# endif
-# if !defined(HAVE_CONFIG_H) || defined(HAVE_LINUX_SECUREBITS_H)
+# if HAS_LINUX_SECUREBITS_H
# include
# endif
#endif
-#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__ANDROID__)
+#if HAS_ENDIAN_H && HAS_BYTESWAP_H
# include
# include
-#elif defined(__FreeBSD__)
+#elif HAS_SYS_ENDIAN_H
# include
-#elif defined(__sun__)
+#elif HAS_ISA_DEFS_H
# include
-#elif defined(__MACH__)
+#elif HAS_MACHINE_ENDIAN_H
# include
#endif
-#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
+#ifdef HAS_GLOB_H
# include
#endif
#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__)
# define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG "/etc/ld.so.conf"
-#elif defined(__FreeBSD__) || defined(__DragonFly__)
+#elif HAS_ELF_HINTS_H
# include
# define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG _PATH_ELF_HINTS
#else
@@ -168,7 +166,6 @@
# define __PAX_UTILS_PATH_MAX PATH_MAX
#endif
-/* fall back case for non-Linux hosts ... so lame */
#if !defined(ELF_DATA)
# if defined(BYTE_ORDER)
# if BYTE_ORDER == LITTLE_ENDIAN
diff --git a/tests/source/dotest b/tests/source/dotest
index c97e8cb..cc278a5 100755
--- a/tests/source/dotest
+++ b/tests/source/dotest
@@ -5,7 +5,7 @@
findfiles() {
find "${top_srcdir}" \
'(' -type d -a '(' -name .git -o -name autotools ')' -prune ')'
\
- -o '(' '(' -name '*.[ch]' -a ! -name 'config.h' ')' -print0 ')'
+ -o '(' '(' -name '*.[ch]' -a ! -name 'probes.h' ')' -print0 ')'
}
#
[gentoo-commits] proj/pax-utils:master commit in: tests/lddtree/, tests/scanelf/, man/, tests/, tests/source/, /, ...
commit: 063fcaeaa05074a9d90acec2f68b25dfb8ecd279
Author: Arsen Arsenović aarsen me>
AuthorDate: Fri Jun 24 08:19:20 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Jul 12 06:33:20 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=063fcaea
Convert build system to meson
Some notes about the new build systems:
- I don't fully understand the testing system, but I think I understood
it well enough to implement an equivalent one.
- use_seccomp could be replaced by detecting seccomp support at runtime
(without support, Linux returns -EINVAL in include/linux/seccomp.h)
- The fuzzing test is broken and seems to have been for a while (see
commit 67f3ba64c91b5e1ac9fbbd0bc039fb8ca653cae1, it fails to fuzz on
my machine)
- make-tarball.sh has been replaced with meson dist - hopefully this
works. meson dist should also call seccomp-bpf.c to update
seccomp-bpf.h
Signed-off-by: Arsen Arsenović aarsen.me>
Signed-off-by: Sam James gentoo.org>
.depend | 18 --
.github/workflows/build-test-ci.yml | 74 +++-
Makefile| 224
Makefile.am | 114
autogen.sh | 94 --
configure.ac| 72
make-seccomp-filters.sh | 13 ++
make-tarball.sh | 91 --
man/Makefile| 13 --
man/custom.xsl | 3 +-
man/fragment/date | 0
man/fragment/version| 1 -
man/meson.build | 37
man/{pax-utils.docbook => pax-utils.docbook.in} | 15 +-
meson.build | 169 ++
meson_options.txt | 9 +
paxinc.h| 3 +
tests/Makefile | 10 --
tests/lddtree/Makefile | 13 --
tests/lddtree/meson.build | 10 ++
tests/lib.sh| 13 +-
tests/scanelf/Makefile | 8 -
tests/scanelf/dotest| 6 +-
tests/scanelf/meson.build | 8 +
tests/source/Makefile | 8 -
tests/source/dotest | 29 ---
tests/source/meson.build| 8 +
version.h.in| 1 +
28 files changed, 295 insertions(+), 769 deletions(-)
diff --git a/.depend b/.depend
deleted file mode 100644
index aab4f89..000
--- a/.depend
+++ /dev/null
@@ -1,18 +0,0 @@
-paxelf.o: paxelf.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-paxmacho.o: paxmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
-paxinc.o: paxinc.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-security.o: security.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h seccomp-bpf.h
-xfuncs.o: xfuncs.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-scanelf.o: scanelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
-dumpelf.o: dumpelf.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
-pspax.o: pspax.c paxinc.h porting.h elf.h xfuncs.h security.h paxelf.h \
- macho.h paxmacho.h
-scanmacho.o: scanmacho.c paxinc.h porting.h elf.h xfuncs.h security.h \
- paxelf.h macho.h paxmacho.h
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index 1b69cc6..04d6fc5 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -22,39 +22,23 @@ jobs:
CC: ${{ matrix.cc }}
steps:
- name: Install dependencies
- run: sudo apt-get update && sudo apt-get install -y python3-pyelftools
+ run: |
+sudo apt-get update
+sudo apt-get install -y python3-pyelftools python3-pip \
+libcap-dev libseccomp-dev ninja-build
+sudo pip3 install meson
- uses: actions/checkout@v2
-# Hack up the man pages as installing xmlto is very expensive.
-# We'll test this in the autotools builder instead.
-- name: Hack man pages
- run: echo man/*.docbook | sed s:docbook:1:g | xargs touch
-- run: make
-- run: make check
-- run: make install DESTDIR="${PWD}/root/"
-- run: make debug
-- run: make check
-
- autotools-distcheck-linux:
-strategy:
- matrix:
-os: [ubuntu-latest]
-cc: [gcc, clang]
-runs-on: ${{ matrix.os }}
-env:
- CC: ${{ matrix.cc }}
-steps:
-- name: Install dependencies
-
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 01b19ca9629c02d46af23f97c4afe4903c8b201a
Author: Arsen Arsenović aarsen me>
AuthorDate: Sat Jun 25 17:15:00 2022 +
Commit: Sam James gentoo org>
CommitDate: Tue Jul 12 06:33:20 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=01b19ca9
Improve build-related documentation
Signed-off-by: Arsen Arsenović aarsen.me>
Signed-off-by: Sam James gentoo.org>
README.md | 13 +++--
meson_options.txt | 18 +-
2 files changed, 16 insertions(+), 15 deletions(-)
diff --git a/README.md b/README.md
index 49277e0..539f3cc 100644
--- a/README.md
+++ b/README.md
@@ -18,16 +18,9 @@ Originally focused only on
[PaX](https://pax.grsecurity.net/), it has been
expanded to be generally security focused. It still has a good number of
PaX helpers for people interested in that.
-## Building
-
-Just run `make`. This should work on any recent POSIX compliant system.
-
-Note: To rebuild the man-pages, you will need xmlto and the docbook-xml-dtd
- packages installed on your system.
-
-## Installation
-
-`make install`
+## Building and installing
+pax-utils uses a bog-standard meson-based build system. See `meson_options.txt`
+for configuration options.
You don't need PaX to use the pax-utils. Infact the only thing they
really have in common is that pax-utils was initially written to aid in
diff --git a/meson_options.txt b/meson_options.txt
index 62adc35..c96865d 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -1,9 +1,17 @@
-option('lddtree_implementation', type : 'combo', choices : ['python', 'sh',
'none'], value : 'python')
-option('use_libcap', type : 'feature', value : 'auto')
+option('lddtree_implementation', type : 'combo',
+ choices : ['python', 'sh', 'none'], value : 'python',
+ description : 'Which lddtree implementation to install?')
+option('use_libcap', type : 'feature', value : 'auto',
+ description : 'Enable listing capabilities in pspax output (requires libcap)'
+)
option('use_seccomp', type : 'boolean', value : 'true',
- description : 'Enable seccomp filters at runtime (does *not* require
libseccomp)'
+ description : 'Enable seccomp filters at runtime (does *not* require
libseccomp, but does require kernel support)'
)
option('build_manpages', type : 'feature', value : 'auto',
description : 'Build manuals via DocBook (requires xmlto)')
-option('tests', type : 'boolean', value : 'true')
-option('use_fuzzing', type : 'boolean', description : 'Also build LibFuzzer
fuzzers', value : 'true')
+option('tests', type : 'boolean', value : 'true'
+ description : 'Enable testing (not guaranteed to work)'
+)
+option('use_fuzzing', type : 'boolean', value : 'true',
+ description : 'Also build LibFuzzer fuzzers as tests'
+)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d9f65269d7182ef1d313e3b87bcea37e45958561
Author: WANG Xuerui gentoo org>
AuthorDate: Sun Apr 24 18:41:55 2022 +
Commit: WANG Xuerui gentoo org>
CommitDate: Mon Apr 25 01:19:39 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d9f65269
seccomp: allow madvise() call (glibc 2.35+)
Closes: https://bugs.gentoo.org/836735
Reviewed-by: Sam James gentoo.org>
Signed-off-by: WANG Xuerui gentoo.org>
seccomp-bpf.c | 3 +++
seccomp-bpf.h | 76 +--
2 files changed, 41 insertions(+), 38 deletions(-)
diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 6a095a4..1d64172 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -193,6 +193,9 @@ int main(void)
/* glibc-2.34+ uses it as part of mem alloc functions. */
SCMP_SYS(getrandom),
+
+ /* glibc-2.35+ uses it when
GLIBC_TUNABLES=glibc.malloc.hugetlb=1. */
+ SCMP_SYS(madvise),
};
static const int fork_syscalls[] = {
SCMP_SYS(clone),
diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index 9c5e2de..80d6d94 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
/* AARCH64 */
#define SECCOMP_BPF_AVAILABLE
static const unsigned char seccomp_bpf_blks_base[] = {
-
32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+
32,0,0,0,4,0,0,0,21,0,0,45,183,0,0,192,32,0,0,0,0,0,0,0,21,0,42,0,233,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
};
static const unsigned char seccomp_bpf_blks_fork[] = {
-
32,0,0,0,4,0,0,0,21,0,0,51,183,0,0,192,32,0,0,0,0,0,0,0,21,0,48,0,95,0,0,0,21,0,47,0,4,1,0,0,21,0,46,0,97,0,0,0,21,0,45,0,135,0,0,0,21,0,44,0,134,0,0,0,21,0,43,0,221,0,0,0,21,0,42,0,220,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0
,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: d669505668a9a5ea550841249582589c787f6d38
Author: WANG Xuerui gentoo org>
AuthorDate: Thu Mar 24 15:33:26 2022 +
Commit: Sam James gentoo org>
CommitDate: Thu Mar 24 15:42:29 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d6695056
GH: apt-get update before installing deps
Signed-off-by: WANG Xuerui gentoo.org>
Closes: https://github.com/gentoo/pax-utils/pull/6
Signed-off-by: Sam James gentoo.org>
.github/workflows/build-test-ci.yml | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
index e23f0a3..1b69cc6 100644
--- a/.github/workflows/build-test-ci.yml
+++ b/.github/workflows/build-test-ci.yml
@@ -22,7 +22,7 @@ jobs:
CC: ${{ matrix.cc }}
steps:
- name: Install dependencies
- run: sudo apt-get install -y python3-pyelftools
+ run: sudo apt-get update && sudo apt-get install -y python3-pyelftools
- uses: actions/checkout@v2
# Hack up the man pages as installing xmlto is very expensive.
# We'll test this in the autotools builder instead.
@@ -44,7 +44,7 @@ jobs:
CC: ${{ matrix.cc }}
steps:
- name: Install dependencies
- run: sudo apt-get install -y python3-pyelftools xmlto
+ run: sudo apt-get update && sudo apt-get install -y python3-pyelftools
xmlto
- name: Checkout gnulib
uses: actions/checkout@v2
with:
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 8ae4575392cef94c1e66197c5c35e7a194f3eb93
Author: WANG Xuerui gentoo org>
AuthorDate: Mon Dec 20 08:14:56 2021 +
Commit: Sam James gentoo org>
CommitDate: Thu Mar 24 15:42:27 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=8ae45753
paxelf: add LoongArch to recognized ELF machine types
Signed-off-by: WANG Xuerui gentoo.org>
Signed-off-by: Sam James gentoo.org>
elf.h| 3 ++-
paxelf.c | 1 +
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/elf.h b/elf.h
index 51962c9..e6c8b20 100644
--- a/elf.h
+++ b/elf.h
@@ -268,7 +268,8 @@ typedef struct
#define EM_MICROBLAZE 189 /* Xilinx MicroBlaze */
#define EM_TILEGX 191 /* Tilera TILE-Gx */
#define EM_RISCV 243 /* RISC-V */
-#define EM_NUM 244
+#define EM_LOONGARCH 258 /* LoongArch */
+#define EM_NUM 259
/* If it is necessary to assign new unofficial EM_* values, please
pick large random numbers (0x8523, 0xa7f2, etc.) to minimize the
diff --git a/paxelf.c b/paxelf.c
index bbd38bf..331f1b4 100644
--- a/paxelf.c
+++ b/paxelf.c
@@ -277,6 +277,7 @@ static pairtype elf_emtypes[] = {
QUERY(EM_TILEGX),
QUERY(EM_ALPHA),
QUERY(EM_RISCV),
+ QUERY(EM_LOONGARCH),
{ 0, 0 }
};
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 6ba123b5046d9310e0e23050d736e696d2c30b98
Author: Jae Hoon Kim chromium org>
AuthorDate: Tue Mar 8 07:20:42 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Wed Mar 9 08:01:25 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6ba123b5
lddtree: add --skip-missing
Allow explicitly ignoring missing files.
$ lddtree --root=/build/$BOARD --copy-to-tree=. --copy-non-elfs /sbin/lvm
/sbin/lvmdump
lddtree: warning: /build/brya/sbin/lvm: did not match any paths
$ echo $?
1
lddtree --root=/build/$BOARD --copy-to-tree=. --copy-non-elfs --skip-missing
/sbin/lvm /sbin/lvmdump
lddtree: warning: /build/brya/sbin/lvm: did not match any paths
$ echo $?
0
Signed-off-by: Jae Hoon Kim chromium.org>
Signed-off-by: Mike Frysinger chromiium.org>
lddtree.py | 6 +-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lddtree.py b/lddtree.py
index ef8a9b2..3afcfac 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -702,6 +702,9 @@ def GetParser():
parser.add_argument('--skip-non-elfs',
action='store_true', default=False,
help='Skip plain (non-ELF) files instead of warning')
+parser.add_argument('--skip-missing',
+action='store_true', default=False,
+help='Skip missing files instead of failing')
parser.add_argument('-V', '--version',
action='version',
version='lddtree by Mike Frysinger
',
@@ -844,7 +847,8 @@ def main(argv):
_ActionCopy(options, elf)
if not matched:
-ret = 1
+if not options.skip_missing:
+ret = 1
warn('%s: did not match any paths' % (path,))
return ret
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 62cae785a39a8625de789928dbc99c851438 Author: Fabian Groffen gentoo org> AuthorDate: Mon Feb 7 07:18:31 2022 + Commit: Fabian Groffen gentoo org> CommitDate: Mon Feb 7 07:18:31 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=62cae785 README: attempt to fix github build status badge Signed-off-by: Fabian Groffen gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 35d25db..49277e0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ | HOMEPAGE | https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities | | GIT | git clone git://anongit.gentoo.org/proj/pax-utils.git | | VIEWVCS | https://gitweb.gentoo.org/proj/pax-utils.git/ | -| STATUS | [ [](https://scan.coverity.com/projects/gentoo-pax-utils) | +| STATUS | [](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci.yml) [](https://scan.coverity.com/projects/gentoo-pax-utils) | pax-utils is a small set of utilities for peforming Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 47f5c9ddd4d2123babeab152a143a0f28e4b7a99
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Feb 6 01:26:30 2022 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Feb 6 01:26:30 2022 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=47f5c9dd
GH: simplify coverity GH action
Newer version has better defaults.
Signed-off-by: Mike Frysinger gentoo.org>
.github/workflows/coverity.yml | 11 ++-
1 file changed, 2 insertions(+), 9 deletions(-)
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index f8ae34b..7e729c4 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -10,17 +10,10 @@ on:
jobs:
coverity:
-strategy:
- matrix:
-os: [ubuntu-latest]
-cc: [gcc]
-runs-on: ${{ matrix.os }}
-env:
- CC: ${{ matrix.cc }}
+runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
-- uses: vapier/coverity-scan-action@v0
+- uses: vapier/coverity-scan-action@v1
with:
-project: gentoo%2Fpax-utils
email: vap...@gentoo.org
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 0ffdf618844966c177825e7d1b523808582b322c Author: Frederic Cambus statdns com> AuthorDate: Sat Jan 22 22:03:30 2022 + Commit: Mike Frysinger gentoo org> CommitDate: Sun Jan 23 02:42:39 2022 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=0ffdf618 porting: don't include alloca.h on NetBSD Signed-off-by: Mike Frysinger gentoo.org> porting.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/porting.h b/porting.h index f1bd74f..8e5542d 100644 --- a/porting.h +++ b/porting.h @@ -41,7 +41,7 @@ #include #include #include "elf.h" -#if !defined(__FreeBSD__) && !defined(__OpenBSD__) +#if !defined(__FreeBSD__) && !defined(__NetBSD__) && !defined(__OpenBSD__) # include #endif #if defined(__linux__)
[gentoo-commits] proj/pax-utils:master commit in: /
commit: d0470cd0513f8b28d496a1d04c28951061c86781 Author: Sam James gentoo org> AuthorDate: Fri Dec 24 01:44:19 2021 + Commit: Sam James gentoo org> CommitDate: Fri Dec 24 01:45:17 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=d0470cd0 README.md: restore original author (solar@) I should've properly listed this before rather than just dropping him rather unceremoniously without thinking. Fixes: c31c7fef7febeb4606d5b0cd22006c4dc7c11b06 Signed-off-by: Sam James gentoo.org> README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7696374..35d25db 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ If you include pax-utils in your distro, feel free to send an update for this. * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities * https://gitweb.gentoo.org/proj/pax-utils.git/ * Maintainer: Mike Frysinger , Toolchain Project + * Original author: Ned Ludd # openSUSE * https://build.opensuse.org/package/show?package=pax-utils=openSUSE%3AFactory
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 1f79c681bbaab91133ee9343690ee563099d0bf0
Author: Mike Frysinger gentoo org>
AuthorDate: Fri Dec 17 05:19:28 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Fri Dec 17 05:19:28 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=1f79c681
lddtree: add argcomplete support if available
Signed-off-by: Mike Frysinger gentoo.org>
lddtree.py | 8
1 file changed, 8 insertions(+)
diff --git a/lddtree.py b/lddtree.py
index dd17387..ef8a9b2 100755
--- a/lddtree.py
+++ b/lddtree.py
@@ -1,4 +1,5 @@
#!/usr/bin/env python
+# PYTHON_ARGCOMPLETE_OK
# Copyright 2012-2014 Gentoo Foundation
# Copyright 2012-2014 Mike Frysinger
# Copyright 2012-2014 The Chromium OS Authors
@@ -50,6 +51,11 @@ import sys
assert sys.version_info >= (3, 6), f'Python 3.6+ required, but found
{sys.version}'
+try:
+import argcomplete
+except ImportError:
+argcomplete = None
+
from elftools.elf.elffile import ELFFile
from elftools.common import exceptions
@@ -739,6 +745,8 @@ def GetParser():
action='store_true', default=False,
help='Copy over plain (non-ELF) files instead of
warn+ignore')
+if argcomplete is not None:
+argcomplete.autocomplete(parser)
return parser
[gentoo-commits] proj/pax-utils:master commit in: /
commit: acc9835d8c96451f88b65822f1f6b5b4f27594e0
Author: Mike Frysinger gentoo org>
AuthorDate: Sun Oct 17 02:45:44 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Sun Oct 17 02:45:44 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=acc9835d
seccomp: mark arrays const+static
This generates better code, although it doesn't super matter since
this is only used at build time.
Signed-off-by: Mike Frysinger gentoo.org>
seccomp-bpf.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index 5279d20..6a095a4 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -49,7 +49,7 @@ static const struct {
};
/* Simple helper to add all of the syscalls in an array. */
-static int gen_seccomp_rules_add(scmp_filter_ctx ctx, int syscalls[], size_t
num)
+static int gen_seccomp_rules_add(scmp_filter_ctx ctx, const int syscalls[],
size_t num)
{
static uint8_t prio;
size_t i;
@@ -102,7 +102,7 @@ static void gen_seccomp_program(const char *name)
int main(void)
{
/* Order determines priority (first == lowest prio). */
- int base_syscalls[] = {
+ static const int base_syscalls[] = {
/* We write the most w/scanelf. */
SCMP_SYS(write),
SCMP_SYS(writev),
@@ -194,7 +194,7 @@ int main(void)
/* glibc-2.34+ uses it as part of mem alloc functions. */
SCMP_SYS(getrandom),
};
- int fork_syscalls[] = {
+ static const int fork_syscalls[] = {
SCMP_SYS(clone),
SCMP_SYS(execve),
SCMP_SYS(fork),
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 5480aa80862539562d282742b6fb759aff973df9
Author: Mike Frysinger gentoo org>
AuthorDate: Tue Oct 5 03:42:24 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Oct 5 03:43:57 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5480aa80
switch back to my action name
Still trying to figure out how custom actions work.
Signed-off-by: Mike Frysinger gentoo.org>
.github/workflows/coverity.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index cc8ff70..f8ae34b 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -19,7 +19,7 @@ jobs:
CC: ${{ matrix.cc }}
steps:
- uses: actions/checkout@v2
-- uses: actions/unofficial-coverity-scan@v0
+- uses: vapier/coverity-scan-action@v0
with:
project: gentoo%2Fpax-utils
email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: e46bcca15af0b41a59dbd4be3506fd3a6c68edfb
Author: Mike Frysinger gentoo org>
AuthorDate: Tue Oct 5 03:33:02 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Oct 5 03:33:02 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e46bcca1
switch to published action name
Signed-off-by: Mike Frysinger gentoo.org>
.github/workflows/coverity.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index f8ae34b..cc8ff70 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -19,7 +19,7 @@ jobs:
CC: ${{ matrix.cc }}
steps:
- uses: actions/checkout@v2
-- uses: vapier/coverity-scan-action@v0
+- uses: actions/unofficial-coverity-scan@v0
with:
project: gentoo%2Fpax-utils
email: vap...@gentoo.org
[gentoo-commits] proj/pax-utils:master commit in: .github/workflows/
commit: 6e4bb601f5b03660a2064b9acb5cbf4965e5189e
Author: Mike Frysinger gentoo org>
AuthorDate: Tue Oct 5 02:27:23 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Oct 5 03:20:21 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=6e4bb601
switch to Coverity Scan GH action
Signed-off-by: Mike Frysinger gentoo.org>
.github/workflows/coverity.yml | 36 +---
1 file changed, 5 insertions(+), 31 deletions(-)
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 0cdfec2..f8ae34b 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -16,37 +16,11 @@ jobs:
cc: [gcc]
runs-on: ${{ matrix.os }}
env:
- COVERITY_EMAIL: vap...@gentoo.org
- COVERITY_PROJECT: gentoo%2Fpax-utils
CC: ${{ matrix.cc }}
steps:
- uses: actions/checkout@v2
-
-- name: Download Coverity Build Tool
- run: |
-wget -nv https://scan.coverity.com/download/cxx/linux64 \
- --post-data "token=${TOKEN}=${COVERITY_PROJECT}" \
- -O cov-analysis-linux64.tar.gz
-mkdir cov-analysis
-tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis
- env:
-TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
-
-- name: Build with cov-build
- run: |
-export PATH="${PWD}/cov-analysis/bin:${PATH}"
-cov-build --dir cov-int make
-
-- name: Submit the result to Coverity Scan
- run: |
-tar -czvf cov-int.tgz cov-int
-curl \
- --form project="${COVERITY_PROJECT}" \
- --form token="${TOKEN}" \
- --form email="${COVERITY_EMAIL}" \
- --form file=@cov-int.tgz \
- --form version="${GITHUB_SHA}" \
- --form description="pax-utils git" \
- "https://scan.coverity.com/builds?project=${COVERITY_PROJECT};
- env:
-TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+- uses: vapier/coverity-scan-action@v0
+ with:
+project: gentoo%2Fpax-utils
+email: vap...@gentoo.org
+token: ${{ secrets.COVERITY_SCAN_TOKEN }}
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 9b9fe5a81bf125690bd4e312b1c6659131b1394a
Author: Mike Frysinger gentoo org>
AuthorDate: Tue Oct 5 01:04:54 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Tue Oct 5 01:04:54 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=9b9fe5a8
build: note that xz -9 is not needed
Signed-off-by: Mike Frysinger gentoo.org>
make-tarball.sh | 1 +
1 file changed, 1 insertion(+)
diff --git a/make-tarball.sh b/make-tarball.sh
index 231cb66..8f357b5 100755
--- a/make-tarball.sh
+++ b/make-tarball.sh
@@ -59,6 +59,7 @@ rm -rf autom4te.cache
popd >/dev/null
einfo "Generating tarball ..."
+# The archive is small enough that -6 & -9 produce the same size.
tar cf - "${p}" | xz > "${p}".tar.xz
rm -r "${p}"
[gentoo-commits] proj/pax-utils:master commit in: travis/, .github/workflows/, /
commit: 22e3de54dee0d4efa6c3d14753f847677f0e8d98
Author: Mike Frysinger chromium org>
AuthorDate: Mon Oct 4 17:31:53 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Mon Oct 4 22:26:21 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=22e3de54
migrate from Travis to GH actions
Signed-off-by: Mike Frysinger gentoo.org>
.github/workflows/build-test-ci.yml | 85 +
.github/workflows/coverity.yml | 52 +++
.travis.yml | 33 --
Makefile| 6 +--
Makefile.am | 1 -
README.md | 2 +-
autogen.sh | 14 +++---
travis/lib.sh | 38 -
travis/main.sh | 75
9 files changed, 147 insertions(+), 159 deletions(-)
diff --git a/.github/workflows/build-test-ci.yml
b/.github/workflows/build-test-ci.yml
new file mode 100644
index 000..e23f0a3
--- /dev/null
+++ b/.github/workflows/build-test-ci.yml
@@ -0,0 +1,85 @@
+# GitHub actions workflow.
+#
https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+
+name: Build+Test CI
+
+on:
+ push:
+branches: [master, gh-actions]
+tags: [v*]
+ pull_request:
+types: [opened]
+branches: [master]
+
+jobs:
+ make:
+strategy:
+ matrix:
+os: [ubuntu-latest]
+cc: [gcc, clang]
+runs-on: ${{ matrix.os }}
+env:
+ CC: ${{ matrix.cc }}
+steps:
+- name: Install dependencies
+ run: sudo apt-get install -y python3-pyelftools
+- uses: actions/checkout@v2
+# Hack up the man pages as installing xmlto is very expensive.
+# We'll test this in the autotools builder instead.
+- name: Hack man pages
+ run: echo man/*.docbook | sed s:docbook:1:g | xargs touch
+- run: make
+- run: make check
+- run: make install DESTDIR="${PWD}/root/"
+- run: make debug
+- run: make check
+
+ autotools-distcheck-linux:
+strategy:
+ matrix:
+os: [ubuntu-latest]
+cc: [gcc, clang]
+runs-on: ${{ matrix.os }}
+env:
+ CC: ${{ matrix.cc }}
+steps:
+- name: Install dependencies
+ run: sudo apt-get install -y python3-pyelftools xmlto
+- name: Checkout gnulib
+ uses: actions/checkout@v2
+ with:
+repository: coreutils/gnulib
+path: gnulib
+- run: mv gnulib ..
+- uses: actions/checkout@v2
+- run: make distcheck SHELL_TRACE=-x PV=git PATH="${PWD}/../gnulib:${PATH}"
+
+ autotools-build-macos:
+strategy:
+ matrix:
+os: [macos-latest]
+cc: [clang]
+runs-on: ${{ matrix.os }}
+env:
+ CC: ${{ matrix.cc }}
+steps:
+- name: Install dependencies
+ run: brew install autoconf automake docbook libtool xmlto xz
+- name: Checkout gnulib
+ uses: actions/checkout@v2
+ with:
+repository: coreutils/gnulib
+path: gnulib
+- run: mv gnulib ..
+- uses: actions/checkout@v2
+# We don't run the whole distcheck flow because we don't want or need to
+# rebuild the tarball, and that flow also runs the basic Linux+make which
+# blows up wonderfully everywhere else.
+- run: make autotools SHELL_TRACE=-x
+- run: ./configure
+- run: make
+# The unittests generally assume a Linux ELF host, so don't bother making
+# sure they pass on macOS. Run them out of morbid curiosity I guess.
+- run: |
+make -k check || :
+- run: make install DESTDIR="${PWD}/root/"
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 000..0cdfec2
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,52 @@
+# GitHub actions workflow.
+#
https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions
+
+# https://scan.coverity.com/projects/gentoo-pax-utils
+name: Coverity Scan
+
+on:
+ push:
+branches: [master]
+
+jobs:
+ coverity:
+strategy:
+ matrix:
+os: [ubuntu-latest]
+cc: [gcc]
+runs-on: ${{ matrix.os }}
+env:
+ COVERITY_EMAIL: vap...@gentoo.org
+ COVERITY_PROJECT: gentoo%2Fpax-utils
+ CC: ${{ matrix.cc }}
+steps:
+- uses: actions/checkout@v2
+
+- name: Download Coverity Build Tool
+ run: |
+wget -nv https://scan.coverity.com/download/cxx/linux64 \
+ --post-data "token=${TOKEN}=${COVERITY_PROJECT}" \
+ -O cov-analysis-linux64.tar.gz
+mkdir cov-analysis
+tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis
+ env:
+TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+- name: Build with cov-build
+ run: |
+export PATH="${PWD}/cov-analysis/bin:${PATH}"
+cov-build --dir cov-int make
+
+- name: Submit the result to Coverity Scan
+
[gentoo-commits] proj/pax-utils:master commit in: /
commit: e296d7ac9b45c75499dbfa89cfd4e2341303d2e2
Author: Mike Frysinger chromium org>
AuthorDate: Mon Oct 4 21:46:02 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Mon Oct 4 21:46:02 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=e296d7ac
build: add --debug for easy shell script tracing
Improve the CLI parser slightly so we can add a --debug option.
This makes it easy to get shell script tracing with a -x option
rather than having to override the shebang/shell interpreter.
Signed-off-by: Mike Frysinger gentoo.org>
autogen.sh | 26 --
make-tarball.sh | 13 ++---
2 files changed, 34 insertions(+), 5 deletions(-)
diff --git a/autogen.sh b/autogen.sh
index 42e8a8c..a21b8e5 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -2,11 +2,33 @@
. "${0%/*}"/travis/lib.sh
+# NB: This script is normally run in a GNU environment (e.g. Linux), but we
also run it on other
+# systems (e.g. macOS) as part of our automated CI. So a little care must be
taken.
+
+cd "${0%/*}" || exit 1
+
m4dir="autotools/m4"
+: ${MAKE:=make}
+
+FROM_TOOL=
+while [[ $# -gt 0 ]] ;do
+ case $1 in
+ --from=*) FROM_TOOL=${1#*=};;
+ -x|--debug) set -x;;
+ *) break;;
+ esac
+ shift
+done
+
+if [[ $# -ne 0 ]] ; then
+ echo "Usage: $0" >&2
+ exit 1
+fi
+
v rm -rf autotools
-if [[ $1 != "--from=make" ]] ; then
- v ${MAKE:-make} autotools-update
+if [[ ${FROM_TOOL} != "make" ]] ; then
+ v ${MAKE} autotools-update
fi
# reload the gnulib code if possible
diff --git a/make-tarball.sh b/make-tarball.sh
index 04f778d..3cd3219 100755
--- a/make-tarball.sh
+++ b/make-tarball.sh
@@ -1,5 +1,8 @@
#!/bin/bash
+# NB: This script is expected to be run in a GNU environment (e.g. Linux).
+# So it is not written to be completely POSIX compliant.
+
set -e
if ! . /etc/init.d/functions.sh 2>/dev/null ; then
@@ -13,10 +16,14 @@ v() { printf '\t%s\n' "$*"; "$@"; }
: ${MAKE:=make}
CHECK=false
-if [[ $1 == "--check" ]] ; then
- CHECK=true
+while [[ $# -gt 0 ]] ;do
+ case $1 in
+ --check) CHECK=true;;
+ -x|--debug) set -x;;
+ *) break;;
+ esac
shift
-fi
+done
if [[ $# -ne 1 ]] ; then
die "Usage: $0 "
[gentoo-commits] proj/pax-utils:master commit in: /, tests/
commit: 75966274a95160cabba4534f47867be90648f066
Author: Mike Frysinger chromium org>
AuthorDate: Mon Oct 4 21:51:13 2021 +
Commit: Mike Frysinger gentoo org>
CommitDate: Mon Oct 4 21:51:13 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=75966274
build: drop external function.sh use
We use very little from it anymore, and can easily inline the few
things we want. This makes code work on non-Gentoo systems.
Signed-off-by: Mike Frysinger gentoo.org>
make-tarball.sh | 7 ++-
tests/lib.sh| 4 +++-
2 files changed, 5 insertions(+), 6 deletions(-)
diff --git a/make-tarball.sh b/make-tarball.sh
index 3cd3219..231cb66 100755
--- a/make-tarball.sh
+++ b/make-tarball.sh
@@ -5,12 +5,9 @@
set -e
-if ! . /etc/init.d/functions.sh 2>/dev/null ; then
- einfo() { printf ' * %b\n' "$*"; }
- eerror() { einfo "$@" 1>&2; }
-fi
+einfo() { printf ' * %b\n' "$*"; }
+eerror() { einfo "$@" 1>&2; }
die() { eerror "$@"; exit 1; }
-
v() { printf '\t%s\n' "$*"; "$@"; }
: ${MAKE:=make}
diff --git a/tests/lib.sh b/tests/lib.sh
index 927e503..03d9f2a 100644
--- a/tests/lib.sh
+++ b/tests/lib.sh
@@ -9,7 +9,9 @@ else
top_builddir=${abs_top_builddir}
fi
-[ -e /etc/init.d/functions.sh ] && source /etc/init.d/functions.sh
+GOOD=$'\e[32;1m'
+BAD=$'\e[31;1m'
+NORMAL=$'\e[m'
PATH="${top_srcdir}:${top_builddir}:${PATH}"
unset ROOT # who knows!
[gentoo-commits] proj/pax-utils:master commit in: /
commit: c31c7fef7febeb4606d5b0cd22006c4dc7c11b06 Author: Sam James gentoo org> AuthorDate: Mon Sep 20 04:51:03 2021 + Commit: Sam James gentoo org> CommitDate: Mon Sep 20 04:51:03 2021 + URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c31c7fef README.md: solar@ is long-retired Signed-off-by: Sam James gentoo.org> README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7e6dc99..6f2a3e7 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ If you include pax-utils in your distro, feel free to send an update for this. # Gentoo * https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities * https://gitweb.gentoo.org/proj/pax-utils.git/ - * Maintainer: Mike Frysinger , Ned Ludd + * Maintainer: Mike Frysinger , Toolchain Project # openSUSE * https://build.opensuse.org/package/show?package=pax-utils=openSUSE%3AFactory
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 25e4d53c70f2b677dcde1c37cb9c67214b38d611
Author: Sergei Trofimovich gentoo org>
AuthorDate: Thu Jul 22 21:15:43 2021 +
Commit: Sergei Trofimovich gentoo org>
CommitDate: Thu Jul 22 21:23:46 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=25e4d53c
seccomp: allow getrandom() call (glibc-2.34+)
Reported-by: Andreas K. Hüttel
Signed-off-by: Sergei Trofimovich gentoo.org>
seccomp-bpf.c | 3 +++
seccomp-bpf.h | 76 +--
2 files changed, 41 insertions(+), 38 deletions(-)
diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index a72f6ef..5279d20 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -190,6 +190,9 @@ int main(void)
* as ipc() subcalls. #675378
*/
SCMP_SYS(ipc),
+
+ /* glibc-2.34+ uses it as part of mem alloc functions. */
+ SCMP_SYS(getrandom),
};
int fork_syscalls[] = {
SCMP_SYS(clone),
diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index bb2e9cd..9c5e2de 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
/* AARCH64 */
#define SECCOMP_BPF_AVAILABLE
static const unsigned char seccomp_bpf_blks_base[] = {
-
32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+
32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
};
static const unsigned char seccomp_bpf_blks_fork[] = {
-
32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
0,0,0,0,0,0,0,
+
[gentoo-commits] proj/pax-utils:master commit in: /
commit: 54aad9134c9c2c3cb01d79d5e81e30623be93d7a
Author: Sergei Trofimovich gentoo org>
AuthorDate: Thu Jul 22 21:15:43 2021 +
Commit: Sergei Trofimovich gentoo org>
CommitDate: Thu Jul 22 21:15:43 2021 +
URL:https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=54aad913
seccomp: allow getrandom() call (glibc-2.34+)
Reported-by: Andreas K. Hüttel
Signed-off-by: Sergei Trofimovich gentoo.org>
seccomp-bpf.c | 3 +++
seccomp-bpf.h | 76 +--
2 files changed, 41 insertions(+), 38 deletions(-)
diff --git a/seccomp-bpf.c b/seccomp-bpf.c
index a72f6ef..4bbded8 100644
--- a/seccomp-bpf.c
+++ b/seccomp-bpf.c
@@ -190,6 +190,9 @@ int main(void)
* as ipc() subcalls. #675378
*/
SCMP_SYS(ipc),
+
+ /* glibc-2.34+ uses it as part of malloc() implementation. */
+ SCMP_SYS(getrandom),
};
int fork_syscalls[] = {
SCMP_SYS(clone),
diff --git a/seccomp-bpf.h b/seccomp-bpf.h
index bb2e9cd..9c5e2de 100644
--- a/seccomp-bpf.h
+++ b/seccomp-bpf.h
@@ -8,10 +8,10 @@
/* AARCH64 */
#define SECCOMP_BPF_AVAILABLE
static const unsigned char seccomp_bpf_blks_base[] = {
-
32,0,0,0,4,0,0,0,21,0,0,43,183,0,0,192,32,0,0,0,0,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
+
32,0,0,0,4,0,0,0,21,0,0,44,183,0,0,192,32,0,0,0,0,0,0,0,21,0,41,0,22,1,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,0,0,0,0,0,0,0,
};
static const unsigned char seccomp_bpf_blks_fork[] = {
-
32,0,0,0,4,0,0,0,21,0,0,50,183,0,0,192,32,0,0,0,0,0,0,0,21,0,47,0,95,0,0,0,21,0,46,0,4,1,0,0,21,0,45,0,97,0,0,0,21,0,44,0,135,0,0,0,21,0,43,0,134,0,0,0,21,0,42,0,221,0,0,0,21,0,41,0,220,0,0,0,21,0,40,0,192,0,0,0,21,0,39,0,193,0,0,0,21,0,38,0,190,0,0,0,21,0,37,0,189,0,0,0,21,0,36,0,188,0,0,0,21,0,35,0,186,0,0,0,21,0,34,0,17,0,0,0,21,0,33,0,78,0,0,0,21,0,32,0,98,0,0,0,21,0,31,0,226,0,0,0,21,0,30,0,62,0,0,0,21,0,29,0,29,0,0,0,21,0,28,0,178,0,0,0,21,0,27,0,172,0,0,0,21,0,26,0,50,0,0,0,21,0,25,0,183,1,0,0,21,0,24,0,48,0,0,0,21,0,23,0,94,0,0,0,21,0,22,0,93,0,0,0,21,0,21,0,24,0,0,0,21,0,20,0,23,0,0,0,21,0,19,0,49,0,0,0,21,0,18,0,90,0,0,0,21,0,17,0,214,0,0,0,21,0,16,0,25,0,0,0,21,0,15,0,69,0,0,0,21,0,14,0,65,0,0,0,21,0,13,0,63,0,0,0,21,0,12,0,67,0,0,0,21,0,11,0,61,0,0,0,21,0,10,0,215,0,0,0,21,0,9,0,222,0,0,0,21,0,8,0,56,0,0,0,21,0,7,0,57,0,0,0,21,0,6,0,35,1,0,0,21,0,5,0,80,0,0,0,21,0,4,0,79,0,0,0,21,0,3,0,70,0,0,0,21,0,2,0,68,0,0,0,21,0,1,0,66,0,0,0,21,0,0,1,64,0,0,0,6,0,0,0,0,0,255,127,6,
0,0,0,0,0,0,0,
+
