SHA256
1
0
forked from pool/rpmlint

Accepting request 547583 from home:StefanBruens:branches:devel:openSUSE:Factory:rpmlint_submit

- add 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch

OBS-URL: https://build.opensuse.org/request/show/547583
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=554
This commit is contained in:
Dirk Mueller 2017-12-06 09:41:39 +00:00 committed by Git OBS Bridge
parent a880f9c696
commit a40e314d61
3 changed files with 83 additions and 0 deletions

View File

@ -0,0 +1,77 @@
From 5237c197f56698d55fd1d18f8127f6e947350d80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
Date: Wed, 11 Oct 2017 16:29:21 +0200
Subject: [PATCH] Binariescheck: Check for chroot/chdir on ARM, PPC
The assembly on ARM looks almost the same as the x86 assembly, but
with a branch mnemonic (bl) instead of an explicit call.
On PPC, library function calls use jump tables, so the vicinity check does
not work, but we can at least detect a sole chroot without chdir.
---
BinariesCheck.py | 28 +++++++++++++++++++---------
1 file changed, 19 insertions(+), 9 deletions(-)
diff --git a/BinariesCheck.py b/BinariesCheck.py
index bd75558..8d224a8 100644
--- a/BinariesCheck.py
+++ b/BinariesCheck.py
@@ -54,8 +54,6 @@ class BinaryInfo(object):
setuid_call_regex = create_regexp_call(r'set(?:res|e)?uid')
setgroups_call_regex = create_regexp_call(r'(?:ini|se)tgroups')
chroot_call_regex = create_regexp_call('chroot')
- # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
- objdump_call_regex = re.compile(br'callq?\s(.*)')
debuginfo_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.debug_.*\s+')
symtab_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.symtab\s+')
gethostbyname_call_regex = create_regexp_call(r'(gethostbyname|gethostbyname2|gethostbyaddr|gethostbyname_r|gethostbyname2_r|gethostbyaddr_r)')
@@ -96,6 +94,16 @@ class BinaryInfo(object):
self.mktemp = False
is_debug = path.endswith('.debug')
+ # Currently this implementation works only on specific
+ # architectures due to reliance on arch specific assembly.
+ if pkg.arch in ['armv6hl', 'armv7hl', 'aarch64']:
+ # 10450: ebffffec bl 10408 <chroot@plt>
+ BinaryInfo.objdump_call_regex = re.compile(br'\sbl\s+(.*)')
+ elif (pkg.arch.endswith('86') or pkg.arch == 'x86_64'):
+ # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
+ BinaryInfo.objdump_call_regex = re.compile(br'callq?\s(.*)')
+ else:
+ BinaryInfo.objdump_call_regex = None
res = Pkg.getstatusoutput(
('readelf', '-W', '-S', '-l', '-d', '-s', path))
@@ -204,10 +212,13 @@ class BinaryInfo(object):
# check if chroot is near chdir (since otherwise, chroot is called
# without chdir)
- # Currently this implementation works only on x86_64 due to reliance
- # on x86_64 specific assembly. Skip it on other architectures
- if ((pkg.arch.endswith('86') or pkg.arch == 'x86_64') and
- self.chroot and self.chdir):
+ if not BinaryInfo.objdump_call_regex and self.chroot and self.chdir:
+ # On some architectures, e.g. PPC, it is to difficult to
+ # find the actual invocations of chroot/chdir, if both
+ # exist assume chroot is fine
+ self.chroot_near_chdir = True
+
+ elif self.chroot and self.chdir:
p = subprocess.Popen(('objdump', '-d', path),
stdout=subprocess.PIPE, bufsize=-1,
env=dict(os.environ, LC_ALL="C"))
@@ -537,9 +548,8 @@ class BinariesCheck(AbstractCheck.AbstractCheck):
printError(pkg, 'missing-call-to-setgroups-before-setuid',
fname)
- if ((pkg.arch.endswith('86') or pkg.arch == 'x86_64') and bin_info.chroot):
- if not bin_info.chdir or not bin_info.chroot_near_chdir:
- printError(pkg, 'missing-call-to-chdir-with-chroot', fname)
+ if bin_info.chroot and not bin_info.chroot_near_chdir:
+ printError(pkg, 'missing-call-to-chdir-with-chroot', fname)
if bin_info.mktemp:
printError(pkg, 'call-to-mktemp', fname)
--
2.14.2

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Sat Dec 2 16:48:08 UTC 2017 - stefan.bruens@rwth-aachen.de
- add 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
-------------------------------------------------------------------
Wed Nov 29 09:26:18 UTC 2017 - krahmer@suse.com

View File

@ -89,6 +89,7 @@ Patch69: 0007-Validate-Appdata-also-when-appstream-util-is-unavail.patch
Patch70: rpmlint-all-pie.patch
Patch71: 0001-Avoid-calling-close-on-undefined-fd-variable.patch
Patch72: rpmlint-slpp-NUM-NUM.patch
Patch73: 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
BuildRequires: obs-service-format_spec_file
BuildRequires: python3-flake8
BuildRequires: python3-pytest