rabbitmq-server: security bump to version 3.6.6
[buildroot-gz.git] / package / binutils / 2.27 / 0600-poison-system-directories.patch
blobd16994ec0c5cf0c785e2f77cab079a8939dba070
1 From be366461dd49e760440fb28eaee5164eb281adcc Mon Sep 17 00:00:00 2001
2 From: Romain Naour <romain.naour@gmail.com>
3 Date: Fri, 25 Dec 2015 11:45:38 +0100
4 Subject: [PATCH] poison-system-directories
6 Patch adapted to binutils 2.23.2 and extended to use
7 BR_COMPILER_PARANOID_UNSAFE_PATH by Thomas Petazzoni.
9 [Romain: rebase on top of 2.26]
10 Signed-off-by: Romain Naour <romain.naour@gmail.com>
11 [Gustavo: adapt to binutils 2.25]
12 Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
13 Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
15 Upstream-Status: Inappropriate [distribution: codesourcery]
17 Patch originally created by Mark Hatle, forward-ported to
18 binutils 2.21 by Scott Garman.
20 purpose: warn for uses of system directories when cross linking
22 Code Merged from Sourcery G++ binutils 2.19 - 4.4-277
24 2008-07-02 Joseph Myers <joseph@codesourcery.com>
26 ld/
27 * ld.h (args_type): Add error_poison_system_directories.
28 * ld.texinfo (--error-poison-system-directories): Document.
29 * ldfile.c (ldfile_add_library_path): Check
30 command_line.error_poison_system_directories.
31 * ldmain.c (main): Initialize
32 command_line.error_poison_system_directories.
33 * lexsup.c (enum option_values): Add
34 OPTION_ERROR_POISON_SYSTEM_DIRECTORIES.
35 (ld_options): Add --error-poison-system-directories.
36 (parse_args): Handle new option.
38 2007-06-13 Joseph Myers <joseph@codesourcery.com>
40 ld/
41 * config.in: Regenerate.
42 * ld.h (args_type): Add poison_system_directories.
43 * ld.texinfo (--no-poison-system-directories): Document.
44 * ldfile.c (ldfile_add_library_path): Check
45 command_line.poison_system_directories.
46 * ldmain.c (main): Initialize
47 command_line.poison_system_directories.
48 * lexsup.c (enum option_values): Add
49 OPTION_NO_POISON_SYSTEM_DIRECTORIES.
50 (ld_options): Add --no-poison-system-directories.
51 (parse_args): Handle new option.
53 2007-04-20 Joseph Myers <joseph@codesourcery.com>
55 Merge from Sourcery G++ binutils 2.17:
57 2007-03-20 Joseph Myers <joseph@codesourcery.com>
58 Based on patch by Mark Hatle <mark.hatle@windriver.com>.
59 ld/
60 * configure.ac (--enable-poison-system-directories): New option.
61 * configure, config.in: Regenerate.
62 * ldfile.c (ldfile_add_library_path): If
63 ENABLE_POISON_SYSTEM_DIRECTORIES defined, warn for use of /lib,
64 /usr/lib, /usr/local/lib or /usr/X11R6/lib.
66 Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
67 Signed-off-by: Scott Garman <scott.a.garman@intel.com>
68 ---
69 ld/config.in | 3 +++
70 ld/configure | 14 ++++++++++++++
71 ld/configure.ac | 10 ++++++++++
72 ld/ld.h | 8 ++++++++
73 ld/ld.texinfo | 12 ++++++++++++
74 ld/ldfile.c | 17 +++++++++++++++++
75 ld/ldlex.h | 2 ++
76 ld/ldmain.c | 2 ++
77 ld/lexsup.c | 21 +++++++++++++++++++++
78 9 files changed, 89 insertions(+)
80 diff --git a/ld/config.in b/ld/config.in
81 index 276fb77..35c58eb 100644
82 --- a/ld/config.in
83 +++ b/ld/config.in
84 @@ -14,6 +14,9 @@
85 language is requested. */
86 #undef ENABLE_NLS
88 +/* Define to warn for use of native system library directories */
89 +#undef ENABLE_POISON_SYSTEM_DIRECTORIES
91 /* Additional extension a shared object might have. */
92 #undef EXTRA_SHLIB_EXTENSION
94 diff --git a/ld/configure b/ld/configure
95 index a446283..d1f9504 100755
96 --- a/ld/configure
97 +++ b/ld/configure
98 @@ -786,6 +786,7 @@ with_lib_path
99 enable_targets
100 enable_64_bit_bfd
101 with_sysroot
102 +enable_poison_system_directories
103 enable_gold
104 enable_got
105 enable_compressed_debug_sections
106 @@ -1442,6 +1443,8 @@ Optional Features:
107 --disable-largefile omit support for large files
108 --enable-targets alternative target configurations
109 --enable-64-bit-bfd 64-bit support (on hosts with narrower word sizes)
110 + --enable-poison-system-directories
111 + warn for use of native system library directories
112 --enable-gold[=ARG] build gold [ARG={default,yes,no}]
113 --enable-got=<type> GOT handling scheme (target, single, negative,
114 multigot)
115 @@ -15491,7 +15494,18 @@ else
119 +# Check whether --enable-poison-system-directories was given.
120 +if test "${enable_poison_system_directories+set}" = set; then :
121 + enableval=$enable_poison_system_directories;
122 +else
123 + enable_poison_system_directories=no
126 +if test "x${enable_poison_system_directories}" = "xyes"; then
128 +$as_echo "#define ENABLE_POISON_SYSTEM_DIRECTORIES 1" >>confdefs.h
132 # Check whether --enable-got was given.
133 if test "${enable_got+set}" = set; then :
134 diff --git a/ld/configure.ac b/ld/configure.ac
135 index 188172d..2cd8443 100644
136 --- a/ld/configure.ac
137 +++ b/ld/configure.ac
138 @@ -95,6 +95,16 @@ AC_SUBST(use_sysroot)
139 AC_SUBST(TARGET_SYSTEM_ROOT)
140 AC_SUBST(TARGET_SYSTEM_ROOT_DEFINE)
142 +AC_ARG_ENABLE([poison-system-directories],
143 + AS_HELP_STRING([--enable-poison-system-directories],
144 + [warn for use of native system library directories]),,
145 + [enable_poison_system_directories=no])
146 +if test "x${enable_poison_system_directories}" = "xyes"; then
147 + AC_DEFINE([ENABLE_POISON_SYSTEM_DIRECTORIES],
148 + [1],
149 + [Define to warn for use of native system library directories])
152 dnl Use --enable-gold to decide if this linker should be the default.
153 dnl "install_as_default" is set to false if gold is the default linker.
154 dnl "installed_linker" is the installed BFD linker name.
155 diff --git a/ld/ld.h b/ld/ld.h
156 index d84ec4e..3476b26 100644
157 --- a/ld/ld.h
158 +++ b/ld/ld.h
159 @@ -164,6 +164,14 @@ typedef struct {
160 /* If set, display the target memory usage (per memory region). */
161 bfd_boolean print_memory_usage;
163 + /* If TRUE (the default) warn for uses of system directories when
164 + cross linking. */
165 + bfd_boolean poison_system_directories;
167 + /* If TRUE (default FALSE) give an error for uses of system
168 + directories when cross linking instead of a warning. */
169 + bfd_boolean error_poison_system_directories;
171 /* Big or little endian as set on command line. */
172 enum endian_enum endian;
174 diff --git a/ld/ld.texinfo b/ld/ld.texinfo
175 index 1dd7492..fb1438e 100644
176 --- a/ld/ld.texinfo
177 +++ b/ld/ld.texinfo
178 @@ -2332,6 +2332,18 @@ string identifying the original linked file does not change.
180 Passing @code{none} for @var{style} disables the setting from any
181 @code{--build-id} options earlier on the command line.
183 +@kindex --no-poison-system-directories
184 +@item --no-poison-system-directories
185 +Do not warn for @option{-L} options using system directories such as
186 +@file{/usr/lib} when cross linking. This option is intended for use
187 +in chroot environments when such directories contain the correct
188 +libraries for the target system rather than the host.
190 +@kindex --error-poison-system-directories
191 +@item --error-poison-system-directories
192 +Give an error instead of a warning for @option{-L} options using
193 +system directories when cross linking.
194 @end table
196 @c man end
197 diff --git a/ld/ldfile.c b/ld/ldfile.c
198 index 1439309..086b354 100644
199 --- a/ld/ldfile.c
200 +++ b/ld/ldfile.c
201 @@ -114,6 +114,23 @@ ldfile_add_library_path (const char *name, bfd_boolean cmdline)
202 new_dirs->name = concat (ld_sysroot, name + 1, (const char *) NULL);
203 else
204 new_dirs->name = xstrdup (name);
206 +#ifdef ENABLE_POISON_SYSTEM_DIRECTORIES
207 + if (command_line.poison_system_directories
208 + && ((!strncmp (name, "/lib", 4))
209 + || (!strncmp (name, "/usr/lib", 8))
210 + || (!strncmp (name, "/usr/local/lib", 14))
211 + || (!strncmp (name, "/usr/X11R6/lib", 14))))
213 + if (command_line.error_poison_system_directories)
214 + einfo (_("%X%P: error: library search path \"%s\" is unsafe for "
215 + "cross-compilation\n"), name);
216 + else
217 + einfo (_("%P: warning: library search path \"%s\" is unsafe for "
218 + "cross-compilation\n"), name);
220 +#endif
224 /* Try to open a BFD for a lang_input_statement. */
225 diff --git a/ld/ldlex.h b/ld/ldlex.h
226 index 6f11e7b..0ca3110 100644
227 --- a/ld/ldlex.h
228 +++ b/ld/ldlex.h
229 @@ -144,6 +144,8 @@ enum option_values
230 OPTION_PRINT_MEMORY_USAGE,
231 OPTION_REQUIRE_DEFINED_SYMBOL,
232 OPTION_ORPHAN_HANDLING,
233 + OPTION_NO_POISON_SYSTEM_DIRECTORIES,
234 + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES,
237 /* The initial parser states. */
238 diff --git a/ld/ldmain.c b/ld/ldmain.c
239 index bb0b9cc..a23c56c 100644
240 --- a/ld/ldmain.c
241 +++ b/ld/ldmain.c
242 @@ -257,6 +257,8 @@ main (int argc, char **argv)
243 command_line.warn_mismatch = TRUE;
244 command_line.warn_search_mismatch = TRUE;
245 command_line.check_section_addresses = -1;
246 + command_line.poison_system_directories = TRUE;
247 + command_line.error_poison_system_directories = FALSE;
249 /* We initialize DEMANGLING based on the environment variable
250 COLLECT_NO_DEMANGLE. The gcc collect2 program will demangle the
251 diff --git a/ld/lexsup.c b/ld/lexsup.c
252 index 4cad209..be7d584 100644
253 --- a/ld/lexsup.c
254 +++ b/ld/lexsup.c
255 @@ -530,6 +530,14 @@ static const struct ld_option ld_options[] =
256 { {"orphan-handling", required_argument, NULL, OPTION_ORPHAN_HANDLING},
257 '\0', N_("=MODE"), N_("Control how orphan sections are handled."),
258 TWO_DASHES },
259 + { {"no-poison-system-directories", no_argument, NULL,
260 + OPTION_NO_POISON_SYSTEM_DIRECTORIES},
261 + '\0', NULL, N_("Do not warn for -L options using system directories"),
262 + TWO_DASHES },
263 + { {"error-poison-system-directories", no_argument, NULL,
264 + OPTION_ERROR_POISON_SYSTEM_DIRECTORIES},
265 + '\0', NULL, N_("Give an error for -L options using system directories"),
266 + TWO_DASHES },
269 #define OPTION_COUNT ARRAY_SIZE (ld_options)
270 @@ -542,6 +550,7 @@ parse_args (unsigned argc, char **argv)
271 int ingroup = 0;
272 char *default_dirlist = NULL;
273 char *shortopts;
274 + char *BR_paranoid_env;
275 struct option *longopts;
276 struct option *really_longopts;
277 int last_optind;
278 @@ -1516,6 +1525,14 @@ parse_args (unsigned argc, char **argv)
280 break;
282 + case OPTION_NO_POISON_SYSTEM_DIRECTORIES:
283 + command_line.poison_system_directories = FALSE;
284 + break;
286 + case OPTION_ERROR_POISON_SYSTEM_DIRECTORIES:
287 + command_line.error_poison_system_directories = TRUE;
288 + break;
290 case OPTION_PUSH_STATE:
291 input_flags.pushed = xmemdup (&input_flags,
292 sizeof (input_flags),
293 @@ -1559,6 +1576,10 @@ parse_args (unsigned argc, char **argv)
294 command_line.soname = NULL;
297 + BR_paranoid_env = getenv("BR_COMPILER_PARANOID_UNSAFE_PATH");
298 + if (BR_paranoid_env && strlen(BR_paranoid_env) > 0)
299 + command_line.error_poison_system_directories = TRUE;
301 while (ingroup)
303 lang_leave_group ();
305 2.4.3