vlc/vlc-3.0 | branch: master | David Fuhrmann <[email protected]> | Mon Jan 7 19:43:17 2019 +0100| [85a99a15c3f8672616aa9304ac2a16b86ca0d69d] | committer: David Fuhrmann
contrib: bluray: Add an explicit path to find shared libraries This is needed because runtime hardening does not automatically look for libraries outside of the own application bundle anymore. (cherry picked from commit 2ed07256dbbf21bf33cd5f9a58478178a4f0987d) Signed-off-by: David Fuhrmann <[email protected]> > http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=85a99a15c3f8672616aa9304ac2a16b86ca0d69d --- ...ibrary-paths-Explicitly-add-usr-local-lib.patch | 34 ++++++++++++++++++++++ contrib/src/bluray/rules.mak | 1 + 2 files changed, 35 insertions(+) diff --git a/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch b/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch new file mode 100644 index 0000000000..a3323d4ed6 --- /dev/null +++ b/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch @@ -0,0 +1,34 @@ +From bbf867237c7fa326b5467afaad08f18a56a79935 Mon Sep 17 00:00:00 2001 +From: David Fuhrmann <[email protected]> +Date: Mon, 7 Jan 2019 19:30:56 +0100 +Subject: [PATCH] library paths: Explicitly add /usr/local/lib + +Hardened runtime prevents the program to load any libraries outside +of the application bundle by default. Specifically, it also ignores +DYLD_FALLBACK_PATH which would contain /usr/local/lib. +To allow usage of a library outside of the application bundle, add +/usr/local/lib explicitly. +--- + src/file/dl_posix.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/file/dl_posix.c b/src/file/dl_posix.c +index b97f12fe..49813856 100644 +--- a/src/file/dl_posix.c ++++ b/src/file/dl_posix.c +@@ -69,10 +69,11 @@ void *dl_dlopen(const char *path, const char *version) + @loader_path - location of current library/binary (ex. libbluray.dylib) + @executable_path - location of running binary (ex. /Applications/Some.app/Contents/MacOS) + @rpath - search rpaths of running binary (man install_name_path) ++ /usr/local/lib/ - explicitly added path, as runtime hardened programs ignore DYLD_FALLBACK_PATH now + */ + static const char *search_paths[] = {"", "@loader_path/lib/", "@loader_path/", "@executable_path/", + "@executable_path/lib/", "@executable_path/../lib/", +- "@executable_path/../Resources/", "@rpath/", NULL}; ++ "@executable_path/../Resources/", "@rpath/", "/usr/local/lib/", NULL}; + version = NULL; + #else + static const char ext[] = ".so"; +-- +2.17.2 (Apple Git-113) + diff --git a/contrib/src/bluray/rules.mak b/contrib/src/bluray/rules.mak index 67937b2038..4211c38b70 100644 --- a/contrib/src/bluray/rules.mak +++ b/contrib/src/bluray/rules.mak @@ -51,6 +51,7 @@ bluray: libbluray-$(BLURAY_VERSION).tar.bz2 .sum-bluray $(APPLY) $(SRC)/bluray/0001-Implement-dl_get_path-for-darwin-macOS.patch $(APPLY) $(SRC)/bluray/0001-keep-on-with-menuless-user-selected-streams-between-.patch $(APPLY) $(SRC)/bluray/0001-install-bdjo_data-header.patch + $(APPLY) $(SRC)/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch $(call pkg_static,"src/libbluray.pc.in") $(MOVE) _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
