From be8393c4c87ca609a6cd25bb82b4e08768fe7069 Mon Sep 17 00:00:00 2001 From: Zhang Na Date: Fri, 2 Jun 2023 15:50:00 +0800 Subject: [PATCH 01/39] Update elf.h based on Glibc --- src/elf.h | 79 +++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 71 insertions(+), 8 deletions(-) diff --git a/src/elf.h b/src/elf.h index 920e6891..ac7032b7 100644 --- a/src/elf.h +++ b/src/elf.h @@ -1,5 +1,5 @@ /* This file defines standard ELF types, structures, and macros. - Copyright (C) 1995-2022 Free Software Foundation, Inc. + Copyright (C) 1995-2023 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -210,7 +210,7 @@ typedef struct #define EM_68HC12 53 /* Motorola M68HC12 */ #define EM_MMA 54 /* Fujitsu MMA Multimedia Accelerator */ #define EM_PCP 55 /* Siemens PCP */ -#define EM_NCPU 56 /* Sony nCPU embeeded RISC */ +#define EM_NCPU 56 /* Sony nCPU embedded RISC */ #define EM_NDR1 57 /* Denso NDR1 microprocessor */ #define EM_STARCORE 58 /* Motorola Start*Core processor */ #define EM_ME16 59 /* Toyota ME16 processor */ @@ -559,7 +559,7 @@ typedef struct /* Possible bitmasks for si_flags. */ #define SYMINFO_FLG_DIRECT 0x0001 /* Direct bound symbol */ -#define SYMINFO_FLG_PASSTHRU 0x0002 /* Pass-thru symbol for translator */ +#define SYMINFO_FLG_PASSTHRU 0x0002 /* Pass-through symbol for translator */ #define SYMINFO_FLG_COPY 0x0004 /* Symbol is a copy-reloc */ #define SYMINFO_FLG_LAZYLOAD 0x0008 /* Symbol bound to object to be lazy loaded */ @@ -728,6 +728,7 @@ typedef struct #define PT_GNU_STACK 0x6474e551 /* Indicates stack executability */ #define PT_GNU_RELRO 0x6474e552 /* Read-only after relocation */ #define PT_GNU_PROPERTY 0x6474e553 /* GNU property */ +#define PT_GNU_SFRAME 0x6474e554 /* SFrame segment. */ #define PT_LOSUNW 0x6ffffffa #define PT_SUNWBSS 0x6ffffffa /* Sun Specific segment */ #define PT_SUNWSTACK 0x6ffffffb /* Stack segment */ @@ -1223,6 +1224,9 @@ typedef struct #define AT_HWCAP2 26 /* More machine-dependent hints about processor capabilities. */ +#define AT_RSEQ_FEATURE_SIZE 27 /* rseq supported feature size. */ +#define AT_RSEQ_ALIGN 28 /* rseq allocation alignment. */ + #define AT_EXECFN 31 /* Filename of executable. */ /* Pointer to the global system page used for system calls and other @@ -4159,6 +4163,55 @@ enum #define R_LARCH_GNU_VTINHERIT 57 #define R_LARCH_GNU_VTENTRY 58 +/* reserved 59-63 */ + +#define R_LARCH_B16 64 +#define R_LARCH_B21 65 +#define R_LARCH_B26 66 +#define R_LARCH_ABS_HI20 67 +#define R_LARCH_ABS_LO12 68 +#define R_LARCH_ABS64_LO20 69 +#define R_LARCH_ABS64_HI12 70 +#define R_LARCH_PCALA_HI20 71 +#define R_LARCH_PCALA_LO12 72 +#define R_LARCH_PCALA64_LO20 73 +#define R_LARCH_PCALA64_HI12 74 +#define R_LARCH_GOT_PC_HI20 75 +#define R_LARCH_GOT_PC_LO12 76 +#define R_LARCH_GOT64_PC_LO20 77 +#define R_LARCH_GOT64_PC_HI12 78 +#define R_LARCH_GOT_HI20 79 +#define R_LARCH_GOT_LO12 80 +#define R_LARCH_GOT64_LO20 81 +#define R_LARCH_GOT64_HI12 82 +#define R_LARCH_TLS_LE_HI20 83 +#define R_LARCH_TLS_LE_LO12 84 +#define R_LARCH_TLS_LE64_LO20 85 +#define R_LARCH_TLS_LE64_HI12 86 +#define R_LARCH_TLS_IE_PC_HI20 87 +#define R_LARCH_TLS_IE_PC_LO12 88 +#define R_LARCH_TLS_IE64_PC_LO20 89 +#define R_LARCH_TLS_IE64_PC_HI12 90 +#define R_LARCH_TLS_IE_HI20 91 +#define R_LARCH_TLS_IE_LO12 92 +#define R_LARCH_TLS_IE64_LO20 93 +#define R_LARCH_TLS_IE64_HI12 94 +#define R_LARCH_TLS_LD_PC_HI20 95 +#define R_LARCH_TLS_LD_HI20 96 +#define R_LARCH_TLS_GD_PC_HI20 97 +#define R_LARCH_TLS_GD_HI20 98 +#define R_LARCH_32_PCREL 99 +#define R_LARCH_RELAX 100 + +/* ARC specific declarations. */ + +/* Processor specific flags for the Ehdr e_flags field. */ +#define EF_ARC_MACH_MSK 0x000000ff +#define EF_ARC_OSABI_MSK 0x00000f00 +#define EF_ARC_ALL_MSK (EF_ARC_MACH_MSK | EF_ARC_OSABI_MSK) + +/* Processor specific values for the Shdr sh_type field. */ +#define SHT_ARC_ATTRIBUTES (SHT_LOPROC + 1) /* ARC attributes section. */ /* ARCompact/ARCv2 specific relocs. */ #define R_ARC_NONE 0x0 @@ -4166,7 +4219,7 @@ enum #define R_ARC_16 0x2 #define R_ARC_24 0x3 #define R_ARC_32 0x4 -#define R_ARC_B26 0x5 + #define R_ARC_B22_PCREL 0x6 #define R_ARC_H30 0x7 #define R_ARC_N8 0x8 @@ -4206,16 +4259,23 @@ enum #define R_ARC_SECTOFF_ME_2 0x2A #define R_ARC_SECTOFF_1 0x2B #define R_ARC_SECTOFF_2 0x2C +#define R_ARC_SDA_12 0x2D +#define R_ARC_SDA16_ST2 0x30 +#define R_ARC_32_PCREL 0x31 #define R_ARC_PC32 0x32 #define R_ARC_GOTPC32 0x33 #define R_ARC_PLT32 0x34 #define R_ARC_COPY 0x35 #define R_ARC_GLOB_DAT 0x36 -#define R_ARC_JUMP_SLOT 0x37 +#define R_ARC_JMP_SLOT 0x37 #define R_ARC_RELATIVE 0x38 #define R_ARC_GOTOFF 0x39 #define R_ARC_GOTPC 0x3A #define R_ARC_GOT32 0x3B +#define R_ARC_S21W_PCREL_PLT 0x3C +#define R_ARC_S25H_PCREL_PLT 0x3D + +#define R_ARC_JLI_SECTOFF 0x3F #define R_ARC_TLS_DTPMOD 0x42 #define R_ARC_TLS_DTPOFF 0x43 @@ -4224,9 +4284,12 @@ enum #define R_ARC_TLS_GD_LD 0x46 #define R_ARC_TLS_GD_CALL 0x47 #define R_ARC_TLS_IE_GOT 0x48 -#define R_ARC_TLS_DTPOFF_S9 0x4a -#define R_ARC_TLS_LE_S9 0x4a -#define R_ARC_TLS_LE_32 0x4b +#define R_ARC_TLS_DTPOFF_S9 0x49 +#define R_ARC_TLS_LE_S9 0x4A +#define R_ARC_TLS_LE_32 0x4B +#define R_ARC_S25W_PCREL_PLT 0x4C +#define R_ARC_S21H_PCREL_PLT 0x4D +#define R_ARC_NPS_CMEM16 0x4E /* OpenRISC 1000 specific relocs. */ #define R_OR1K_NONE 0 From 30da44915ec3d22e27dad457dd585e985f576986 Mon Sep 17 00:00:00 2001 From: Marcel Telka Date: Wed, 7 Jun 2023 23:02:42 +0200 Subject: [PATCH 02/39] COPYING: change http to https --- COPYING | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/COPYING b/COPYING index 94a9ed02..e6000869 100644 --- a/COPYING +++ b/COPYING @@ -1,7 +1,7 @@ GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 - Copyright (C) 2007 Free Software Foundation, Inc. + Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. @@ -645,7 +645,7 @@ the "copyright" line and a pointer to where the full notice is found. GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program. If not, see . + along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. @@ -664,11 +664,11 @@ might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see -. +. The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read -. +. From ea30aba6fcf1171b23275924a392dbd6881f2a6b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 19 Jun 2023 01:58:35 +0000 Subject: [PATCH 03/39] Bump cachix/install-nix-action from 20 to 22 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 20 to 22. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v20...v22) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 430cf21b..0a383763 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v22 - run: nix-build -A hydraJobs.release ubuntu: runs-on: ubuntu-latest diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c7ed3372..fb4f36c8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v22 - name: Build tarballs run: | nix build -L .#hydraJobs.tarball @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v22 - name: Build windows executable run: | nix build -L .#patchelf-win32 .#patchelf-win64 From 551a692076d10a544574188a2634f2c134c11337 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Sep 2023 01:44:39 +0000 Subject: [PATCH 04/39] Bump docker/setup-qemu-action from 2 to 3 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index fb4f36c8..8a2d6ce8 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -71,7 +71,7 @@ jobs: steps: - name: Set up QEMU if: matrix.platform != 'amd64' - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - uses: actions/download-artifact@v3 with: From 917ea45b79de04f69059f42a8e2621f7caeae1c9 Mon Sep 17 00:00:00 2001 From: K900 Date: Thu, 21 Sep 2023 18:20:53 +0300 Subject: [PATCH 05/39] feat: add --no-clobber-old-sections switch Works around #520, may be useful for other cursed self-modifying things. --- patchelf.1 | 9 +++++++++ src/patchelf.cc | 23 +++++++++++++++-------- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/patchelf.1 b/patchelf.1 index 6a8a94e1..7bb94f7f 100644 --- a/patchelf.1 +++ b/patchelf.1 @@ -131,6 +131,15 @@ old_name new_name Symbol names do not contain version specifier that are also shown in the output of the nm -D command from binutils. So instead of the name write@GLIBC_2.2.5 it is just write. +.IP "--no-clobber-old-sections" +Do not clobber old section values. + +patchelf defaults to overwriting replaced header sections with garbage to ensure they are not +used accidentally. This option allows to opt out of that behavior, so that binaries that attempt +to read their own headers from a fixed offset (e.g. Firefox) continue working. + +Use sparingly and with caution. + .IP "--output FILE" Set the output file name. If not specified, the input will be modified in place. diff --git a/src/patchelf.cc b/src/patchelf.cc index 82b4b46c..b42111dd 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -58,6 +58,7 @@ static bool debugMode = false; static bool forceRPath = false; +static bool clobberOldSections = true; static std::vector fileNames; static std::string outputFileName; @@ -664,14 +665,16 @@ template void ElfFile::writeReplacedSections(Elf_Off & curOff, Elf_Addr startAddr, Elf_Off startOffset) { - /* Overwrite the old section contents with 'Z's. Do this - *before* writing the new section contents (below) to prevent - clobbering previously written new section contents. */ - for (auto & i : replacedSections) { - const std::string & sectionName = i.first; - const Elf_Shdr & shdr = findSectionHeader(sectionName); - if (rdi(shdr.sh_type) != SHT_NOBITS) - memset(fileContents->data() + rdi(shdr.sh_offset), 'Z', rdi(shdr.sh_size)); + if (clobberOldSections) { + /* Overwrite the old section contents with 'Z's. Do this + *before* writing the new section contents (below) to prevent + clobbering previously written new section contents. */ + for (auto & i : replacedSections) { + const std::string & sectionName = i.first; + const Elf_Shdr & shdr = findSectionHeader(sectionName); + if (rdi(shdr.sh_type) != SHT_NOBITS) + memset(fileContents->data() + rdi(shdr.sh_offset), 'Z', rdi(shdr.sh_size)); + } } std::set noted_phdrs = {}; @@ -2505,6 +2508,7 @@ static void showHelp(const std::string & progName) [--clear-execstack]\n\ [--set-execstack]\n\ [--rename-dynamic-symbols NAME_MAP_FILE]\tRenames dynamic symbols. The map file should contain two symbols (old_name new_name) per line\n\ + [--no-clobber-old-sections]\t\tDo not clobber old section values - only use when the binary expects to find section info at the old location.\n\ [--output FILE]\n\ [--debug]\n\ [--version]\n\ @@ -2661,6 +2665,9 @@ static int mainWrapped(int argc, char * * argv) symbolsToRename[*symbolsToRenameKeys.insert(from).first] = to; } } + else if (arg == "--no-clobber-old-sections") { + clobberOldSections = false; + } else if (arg == "--help" || arg == "-h" ) { showHelp(argv[0]); return 0; From 7c2f768bf9601268a4e71c2ebe91e2011918a70f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 01:58:08 +0000 Subject: [PATCH 06/39] Bump cachix/install-nix-action from 22 to 25 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 22 to 25. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v22...v25) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0a383763..35b2511b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v25 - run: nix-build -A hydraJobs.release ubuntu: runs-on: ubuntu-latest diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8a2d6ce8..69df1784 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v25 - name: Build tarballs run: | nix build -L .#hydraJobs.tarball @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v25 - name: Build windows executable run: | nix build -L .#patchelf-win32 .#patchelf-win64 From a0f54334df36770b335c051e540ba40afcbf8378 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Sat, 12 Aug 2023 11:46:14 -0700 Subject: [PATCH 07/39] fix compilation with GCC7 CTAD is not working here. Signed-off-by: Rosen Penev --- src/patchelf.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/patchelf.cc b/src/patchelf.cc index b42111dd..66d0b99a 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -2072,7 +2072,7 @@ void ElfFile::rebuildGnuHashTable(span strTab, span> tmp(dst.begin(), dst.end()); for (size_t i = 0; i < tmp.size(); ++i) dst[old2new[i]] = tmp[i]; }; From 2745e244f54dbb8aca750b6a736fea5ac7bbd562 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 20 May 2024 01:51:50 +0000 Subject: [PATCH 08/39] Bump cachix/install-nix-action from 25 to 27 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 25 to 27. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v25...V27) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 35b2511b..5c9add4b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@V27 - run: nix-build -A hydraJobs.release ubuntu: runs-on: ubuntu-latest diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 69df1784..43279530 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@V27 - name: Build tarballs run: | nix build -L .#hydraJobs.tarball @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@V27 - name: Build windows executable run: | nix build -L .#patchelf-win32 .#patchelf-win64 From f0a21807d616c1b9498bb5cc0f8077394caa267c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sun, 17 Nov 2024 20:15:47 +0100 Subject: [PATCH 09/39] update flake --- flake.lock | 11 ++++++----- flake.nix | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 1e068201..eda6a5f7 100644 --- a/flake.lock +++ b/flake.lock @@ -2,17 +2,18 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1672057183, - "narHash": "sha256-GN7/10DNNvs1FPj9tlZA2qgNdFuYKKuS3qlHTqAxasQ=", + "lastModified": 1731763621, + "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b139e44d78c36c69bcbb825b20dbfa51e7738347", + "rev": "c69a9bffbecde46b4b939465422ddc59493d3e4d", "type": "github" }, "original": { - "id": "nixpkgs", + "owner": "NixOS", "ref": "nixpkgs-unstable", - "type": "indirect" + "repo": "nixpkgs", + "type": "github" } }, "root": { diff --git a/flake.nix b/flake.nix index 471a31b9..1afa4de2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "A tool for modifying ELF executables and libraries"; - inputs.nixpkgs.url = "nixpkgs/nixpkgs-unstable"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; outputs = { self, nixpkgs }: From cbc46af556d3d7bb2b08e17079636fecf84bd7c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 10:33:30 +0100 Subject: [PATCH 10/39] make shebang in configure portable again --- flake.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/flake.nix b/flake.nix index 1afa4de2..84c6f6db 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,11 @@ versionSuffix = ""; # obsolete src = self; preAutoconf = "echo ${version} > version"; + + # portable configure shouldn't have a shebang pointing to the nix store + postConfigure = '' + sed -i '1s|^.*$|#!/bin/sh|' ./configure + ''; postDist = '' cp README.md $out/ echo "doc readme $out/README.md" >> $out/nix-support/hydra-build-products From 7a471a6fc1867447fd2a6190a22d01877bf98c92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 10:40:40 +0100 Subject: [PATCH 11/39] set docker platform for cross-arch builds --- .github/workflows/publish.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 43279530..a11e02cd 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -73,6 +73,16 @@ jobs: if: matrix.platform != 'amd64' uses: docker/setup-qemu-action@v3 + - name: Set docker arch + run: | + platform=${{ matrix.platform }} + if [[ $platform == arm64v8 ]]; then + platform=arm64 + elif [[ $platform == arm32v7 ]]; then + platform=arm + fi + echo "DOCKER_PLATFORM=$platform" >> $GITHUB_ENV + - uses: actions/download-artifact@v3 with: name: patchelf @@ -100,7 +110,7 @@ jobs: else ENTRYPOINT= fi - docker run -e CXXFLAGS -v $(pwd):/gha ${{ matrix.platform }}/alpine:edge ${ENTRYPOINT} sh -ec "cd /gha && sh ./build.sh" + docker run --platform "$DOCKER_PLATFORM" -e CXXFLAGS -v $(pwd):/gha ${{ matrix.platform }}/alpine:edge ${ENTRYPOINT} sh -ec "cd /gha && sh ./build.sh" - name: Check binaries run: | cat < check.sh @@ -109,7 +119,7 @@ jobs: tar -xf ./dist/patchelf-*-*.tar.gz ./bin/patchelf --version EOF - docker run -v $(pwd):/gha ${{ matrix.platform }}/debian:unstable-slim sh -ec "cd /gha && sh ./check.sh" + docker run --platform "$DOCKER_PLATFORM" -v $(pwd):/gha ${{ matrix.platform }}/debian:unstable-slim sh -ec "cd /gha && sh ./check.sh" - uses: actions/upload-artifact@v3 with: name: patchelf From 835f8207c2be398e3f40ddc10e9b0c5c0ffbae43 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 09:59:58 +0000 Subject: [PATCH 12/39] Bump cachix/install-nix-action from V27 to 30 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from V27 to 30. This release includes the previously tagged commit. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/V27...v30) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- .github/workflows/publish.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5c9add4b..e7e954e0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@V27 + - uses: cachix/install-nix-action@v30 - run: nix-build -A hydraJobs.release ubuntu: runs-on: ubuntu-latest diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a11e02cd..0e76b4b1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@V27 + - uses: cachix/install-nix-action@v30 - name: Build tarballs run: | nix build -L .#hydraJobs.tarball @@ -31,7 +31,7 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - - uses: cachix/install-nix-action@V27 + - uses: cachix/install-nix-action@v30 - name: Build windows executable run: | nix build -L .#patchelf-win32 .#patchelf-win64 From b6cf11a31bc98dd146857b073d065bd751ba29df Mon Sep 17 00:00:00 2001 From: Martin Jambor Date: Fri, 8 Mar 2024 23:25:44 +0100 Subject: [PATCH 13/39] Fix rename-dynamic-symbols.sh test (issue #503) when building and then checking patchelf on openSUSE Leap 15.5, the rename-dynamic-symbols.sh test fails. The test builds a test library and executable called many-syms-main, then runs patchelf to rename symbols and then checks that many-syms-main still runs successfully. On Leap the run fails with many messages like ./many-syms-main: Symbol `f1947' causes overflow in R_X86_64_PC32 relocation and then terminates with a Segmentation fault. The interesting bit is that it however fails so even before patchelf touches it. The binary is built and linked with option -pie which produces an executable which is supposedly position independent but does not actually contain code position independent code which requires compiler option -fPIE (of -fpie or -fPIC or -fpic). As a result the calls in the generated assembly do not go through the PLT. This patch merely adresses that by adding the -fPIE option to the CFLAGS for the test. --- tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 8bbded7a..49454d43 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -164,7 +164,7 @@ many_syms_main_SOURCES = many-syms-main.c many_syms_main_LDFLAGS = $(LDFLAGS_local) many_syms_main_LDADD = -lmany-syms $(AM_LDADD) many_syms_main_DEPENDENCIES = libmany-syms.so -many_syms_main_CFLAGS = -pie +many_syms_main_CFLAGS = -pie -fPIE libmany_syms_so_SOURCES = many-syms.c libmany_syms_so_LDFLAGS = $(LDFLAGS_sharedlib) From 1bd68c54cc33d1b4c11abcac47d144b2154da843 Mon Sep 17 00:00:00 2001 From: RocketDev Date: Sun, 7 Apr 2024 01:23:01 +0800 Subject: [PATCH 14/39] fix zsh completion --- completions/zsh/_patchelf | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/completions/zsh/_patchelf b/completions/zsh/_patchelf index c674549a..81d1a734 100644 --- a/completions/zsh/_patchelf +++ b/completions/zsh/_patchelf @@ -2,21 +2,22 @@ local options=( '--page-size[Uses the given page size]:SIZE' - '--set-interpreter[Change the dynamic loader of executable]:INTERPRETER:dynamic loader:_files' + '--set-interpreter[Change the dynamic loader of executable]:INTERPRETER:_files' '(- : *)--print-interpreter[Prints the ELF interpreter of the executable]' '(- : *)--print-os-abi[Prints the OS ABI of the executable]' '--set-os-abi[Changes the OS ABI of the executable]:ABI:(none sysv hpux netbsd gnu linux solaris aix irix freebsd tru64 modesto openbsd arm_aeabi arm standalone)' '(- : *)--print-soname[Prints DT_SONAME entry of .dynamic section]' - '--set-soname[Sets DT_SONAME entry of a library to SONAME]:SONAME' + '--set-soname[Sets DT_SONAME entry of a library to SONAME]:SONAME:' '--set-rpath[Change the DT_RUNPATH of the executable or library to RUNPATH]:RUNPATH:_dirs' + '--add-rpath[Add RUNPATH to the existing DT_RUNPATH of the executable or library.]:RUNPATH:_dirs' '--remove-rpath[Removes the DT_RPATH or DT_RUNPATH entry of the executable or library]' '--shrink-rpath[Remove from the DT_RUNPATH or DT_RPATH all directories that do not contain a library referenced by DT_NEEDED fields of the executable or library]' - '--allowed-rpath-prefixes[Combined with the "--shrink-rpath" option, this can be used for further rpath tuning]:PREFIXES' + '--allowed-rpath-prefixes[Combined with the "--shrink-rpath" option, this can be used for further rpath tuning]:PREFIXES:' '(- : *)--print-rpath[Prints the DT_RUNPATH or DT_RPATH for an executable or library]' '--force-rpath[Forces the use of the obsolete DT_RPATH in the file instead of DT_RUNPATH]' - '--add-needed[Adds a declared dependency on a dynamic library]:LIBRARY' - '*--replace-needed[Replaces a declared dependency on a dynamic library with another one]:a declared dependency:LIB_ORIG:another declared dependency:LIB_NEW' - '--remove-needed[Removes a declared dependency on LIBRARY]:LIBRARY' + '--add-needed[Adds a declared dependency on a dynamic library]:LIBRARY:_files' + '*--replace-needed[Replaces a declared dependency on a dynamic library with another one]:LIB_ORIG:_files:LIB_NEW:_files' + '--remove-needed[Removes a declared dependency on LIBRARY]:LIBRARY:_files' '(- : *)--print-needed[Prints all DT_NEEDED entries of the executable]' '--no-default-lib[Marks the object so that the search for dependencies of this object will ignore any default library search paths]' '--no-sort[Do not sort program headers or section headers]' @@ -24,7 +25,7 @@ local options=( '(- : *)--print-execstack[Prints the state of the executable flag of the GNU_STACK program header, if present]' '--clear-execstack[Clears the executable flag of the GNU_STACK program header, or adds a new header]' '--set-execstack[Sets the executable flag of the GNU_STACK program header, or adds a new header]' - '--rename-dynamic-symbols[Renames dynamic symbols]:NAME_MAP_FILE' + '--rename-dynamic-symbols[Renames dynamic symbols]:NAME_MAP_FILE:' '--output[Set the output file name]:FILE:_files' '--debug[Prints details of the changes made to the input file]' '--version[Shows the version of patchelf]' From 4a6e1fde2203fd2f1dab3a1955b6af500f66d1fc Mon Sep 17 00:00:00 2001 From: RocketDev Date: Sun, 7 Apr 2024 02:25:12 +0800 Subject: [PATCH 15/39] enhance `--replace-needed` and `--remove-needed` --- completions/zsh/_patchelf | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/completions/zsh/_patchelf b/completions/zsh/_patchelf index 81d1a734..14059ac6 100644 --- a/completions/zsh/_patchelf +++ b/completions/zsh/_patchelf @@ -1,5 +1,25 @@ #compdef patchelf +function _get_dep() { + if [ -f $words[2] ] && [[ $words[2] =~ [^.]+ ]]; then # check if arg #1 is a elf file and not a so + deps=($(patchelf --print-needed $words[2] 2>/dev/null)) # discard error + if [ $? -ne 0 ] || [ ${#deps[*]} -eq 0 ]; then # if no dependency or not a elf + _files # fallback to _files + else + _values "LIBS" ${deps[*]} # else use dependencies of the file as candidates + fi + elif [ -f $words[-1] ] && [[ $words[-1] =~ [^.]+ ]]; then # check arg #-1, as most people do like this + deps=($(patchelf --print-needed $words[-1] 2>/dev/null)) + if [ $? -ne 0 ] || [ ${#deps[*]} -eq 0 ]; then + _files + else + _values "LIBS" ${deps[*]} + fi + else + _files + fi +} + local options=( '--page-size[Uses the given page size]:SIZE' '--set-interpreter[Change the dynamic loader of executable]:INTERPRETER:_files' @@ -16,9 +36,9 @@ local options=( '(- : *)--print-rpath[Prints the DT_RUNPATH or DT_RPATH for an executable or library]' '--force-rpath[Forces the use of the obsolete DT_RPATH in the file instead of DT_RUNPATH]' '--add-needed[Adds a declared dependency on a dynamic library]:LIBRARY:_files' - '*--replace-needed[Replaces a declared dependency on a dynamic library with another one]:LIB_ORIG:_files:LIB_NEW:_files' - '--remove-needed[Removes a declared dependency on LIBRARY]:LIBRARY:_files' - '(- : *)--print-needed[Prints all DT_NEEDED entries of the executable]' + '*--replace-needed[Replaces a declared dependency on a dynamic library with another one]:LIB_ORIG:_get_dep:LIB_NEW:_files' + '--remove-needed[Removes a declared dependency on LIBRARY]:LIBRARY:_get_dep' + '(- : *)--print-needed[Prints all DT_NEEDED entries of the executable]:ELF:_files' '--no-default-lib[Marks the object so that the search for dependencies of this object will ignore any default library search paths]' '--no-sort[Do not sort program headers or section headers]' '--add-debug-tag[Adds DT_DEBUG tag to the .dynamic section if not yet present in an ELF object]' From 513630db29e5cb5343858f8a4363a667782dd656 Mon Sep 17 00:00:00 2001 From: RocketDev Date: Wed, 10 Apr 2024 00:36:12 +0800 Subject: [PATCH 16/39] correct patchelf argument completions --- completions/zsh/_patchelf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/completions/zsh/_patchelf b/completions/zsh/_patchelf index 14059ac6..2c080cb3 100644 --- a/completions/zsh/_patchelf +++ b/completions/zsh/_patchelf @@ -21,7 +21,7 @@ function _get_dep() { } local options=( - '--page-size[Uses the given page size]:SIZE' + '--page-size[Uses the given page size]:SIZE:' '--set-interpreter[Change the dynamic loader of executable]:INTERPRETER:_files' '(- : *)--print-interpreter[Prints the ELF interpreter of the executable]' '(- : *)--print-os-abi[Prints the OS ABI of the executable]' @@ -38,14 +38,14 @@ local options=( '--add-needed[Adds a declared dependency on a dynamic library]:LIBRARY:_files' '*--replace-needed[Replaces a declared dependency on a dynamic library with another one]:LIB_ORIG:_get_dep:LIB_NEW:_files' '--remove-needed[Removes a declared dependency on LIBRARY]:LIBRARY:_get_dep' - '(- : *)--print-needed[Prints all DT_NEEDED entries of the executable]:ELF:_files' + '(- : *)--print-needed[Prints all DT_NEEDED entries of the executable]' '--no-default-lib[Marks the object so that the search for dependencies of this object will ignore any default library search paths]' '--no-sort[Do not sort program headers or section headers]' '--add-debug-tag[Adds DT_DEBUG tag to the .dynamic section if not yet present in an ELF object]' '(- : *)--print-execstack[Prints the state of the executable flag of the GNU_STACK program header, if present]' '--clear-execstack[Clears the executable flag of the GNU_STACK program header, or adds a new header]' '--set-execstack[Sets the executable flag of the GNU_STACK program header, or adds a new header]' - '--rename-dynamic-symbols[Renames dynamic symbols]:NAME_MAP_FILE:' + '--rename-dynamic-symbols[Renames dynamic symbols]:NAME_MAP_FILE:_files' '--output[Set the output file name]:FILE:_files' '--debug[Prints details of the changes made to the input file]' '--version[Shows the version of patchelf]' From b9976d63c2bb860a7616dd5b3093571b0b48d2a4 Mon Sep 17 00:00:00 2001 From: RocketDev Date: Wed, 10 Apr 2024 11:45:50 +0800 Subject: [PATCH 17/39] switch to zsh grammar --- completions/zsh/_patchelf | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/completions/zsh/_patchelf b/completions/zsh/_patchelf index 2c080cb3..a448f14a 100644 --- a/completions/zsh/_patchelf +++ b/completions/zsh/_patchelf @@ -1,23 +1,25 @@ #compdef patchelf -function _get_dep() { - if [ -f $words[2] ] && [[ $words[2] =~ [^.]+ ]]; then # check if arg #1 is a elf file and not a so - deps=($(patchelf --print-needed $words[2] 2>/dev/null)) # discard error - if [ $? -ne 0 ] || [ ${#deps[*]} -eq 0 ]; then # if no dependency or not a elf - _files # fallback to _files - else - _values "LIBS" ${deps[*]} # else use dependencies of the file as candidates - fi - elif [ -f $words[-1] ] && [[ $words[-1] =~ [^.]+ ]]; then # check arg #-1, as most people do like this - deps=($(patchelf --print-needed $words[-1] 2>/dev/null)) - if [ $? -ne 0 ] || [ ${#deps[*]} -eq 0 ]; then +_get_dep() { + # preparm have fewer checks, as they can't be the so to replace + if [[ -f $words[2] ]] { # check if arg #1 is a elf file and not a so + local deps=($(patchelf --print-needed $words[2] 2>/dev/null)) # discard error + if [[ $? -ne 0 ]] || [[ $#deps -eq 0 ]] { # if no dependency or not a elf + _files # fallback to _files + } else { + _values "LIBS" $deps # else use dependencies of the file as candidates + } + # postparm need to check + } elif [[ -f $words[-1] ]] && [[ -z ${words[-1]:e} ]] { # check arg #-1, as most people do like this + local deps=($(patchelf --print-needed $words[-1] 2>/dev/null)) + if [[ $? -ne 0 ]] || [[ $#deps -eq 0 ]] { _files - else - _values "LIBS" ${deps[*]} - fi - else + } else { + _values "LIBS" $deps + } + } else { _files - fi + } } local options=( From ace831cc974c0dddc6ba39cd73ee4aec51e0d3fd Mon Sep 17 00:00:00 2001 From: Michal Biesek Date: Wed, 16 Aug 2023 00:35:05 +0200 Subject: [PATCH 18/39] elf.h: Update `RISC-V` relocations glibc: commit: 6f962278e24bdf5cb5f310c5a17add41da95407c Signed-off-by: Michal Biesek --- src/elf.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/elf.h b/src/elf.h index ac7032b7..89fc8021 100644 --- a/src/elf.h +++ b/src/elf.h @@ -4002,8 +4002,11 @@ enum #define R_RISCV_SET32 56 #define R_RISCV_32_PCREL 57 #define R_RISCV_IRELATIVE 58 +#define R_RISCV_PLT32 59 +#define R_RISCV_SET_ULEB128 60 +#define R_RISCV_SUB_ULEB128 61 -#define R_RISCV_NUM 59 +#define R_RISCV_NUM 62 /* RISC-V specific values for the st_other field. */ #define STO_RISCV_VARIANT_CC 0x80 /* Function uses variant calling From 1c443aa1c7b8c8bcafde796f2e41e4abce3793e1 Mon Sep 17 00:00:00 2001 From: matoro Date: Sat, 4 Nov 2023 20:01:22 -0400 Subject: [PATCH 19/39] Fix page size on Alpha All tests pass. Also explicitly specifies -no-pie for executables which should have it disabled, to be compatible with gccs built with --enable-default-pie. --- src/patchelf.cc | 1 + tests/Makefile.am | 4 +++- tests/no-rpath-prebuild/no-rpath-alpha | Bin 0 -> 70600 bytes 3 files changed, 4 insertions(+), 1 deletion(-) create mode 100755 tests/no-rpath-prebuild/no-rpath-alpha diff --git a/src/patchelf.cc b/src/patchelf.cc index 66d0b99a..2fce7dda 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -367,6 +367,7 @@ unsigned int ElfFile::getPageSize() const noexcept // requirements. There is no authoritative list of these values. The // current list is extracted from GNU gold's source code (abi_pagesize). switch (rdi(hdr()->e_machine)) { + case EM_ALPHA: case EM_IA_64: case EM_MIPS: case EM_PPC: diff --git a/tests/Makefile.am b/tests/Makefile.am index 49454d43..61dc342d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -3,6 +3,7 @@ LIBS = check_PROGRAMS = simple-pie simple simple-execstack main too-many-strtab main-scoped big-dynstr no-rpath contiguous-note-sections no_rpath_arch_TESTS = \ + no-rpath-alpha.sh \ no-rpath-amd64.sh \ no-rpath-armel.sh \ no-rpath-armhf.sh \ @@ -80,7 +81,7 @@ export NIX_LDFLAGS= simple_SOURCES = simple.c # no -fpic for simple.o simple_CFLAGS = -simple_LDFLAGS = -Wl,-z,noexecstack +simple_LDFLAGS = -Wl,-z,noexecstack -no-pie simple_pie_SOURCES = simple.c simple_pie_CFLAGS = -fPIC -pie @@ -171,6 +172,7 @@ libmany_syms_so_LDFLAGS = $(LDFLAGS_sharedlib) no_rpath_SOURCES = no-rpath.c # no -fpic for no-rpath.o no_rpath_CFLAGS = +no_rpath_LDFLAGS = -no-pie contiguous_note_sections_SOURCES = contiguous-note-sections.s contiguous-note-sections.ld contiguous_note_sections_LDFLAGS = -nostdlib -T $(srcdir)/contiguous-note-sections.ld diff --git a/tests/no-rpath-prebuild/no-rpath-alpha b/tests/no-rpath-prebuild/no-rpath-alpha new file mode 100755 index 0000000000000000000000000000000000000000..99c32473a561fd1a2cad02ad30482ba680925d64 GIT binary patch literal 70600 zcmeI0U2Ggz701ua?Aq&W9Is=CI1Op0aa%hg*|nX}I8B;3b{yNO^U;uqR;@Z&dpGtr z>s_^wi!Q_+Plc8u^HjVaov}X$bh)0Bnl$s zDyGD|SVdaCzshbij?G4DoHQlQHF2(qQ+dM-Or_3Gn8Bp)3pz&8JzEU3GI5YJ?@o%mPV?Sp4TaL?3Ge4E4NvV8pB9+f<&F2bp zXOrb(vM-o}WII(zyajTV{7pvX@52#|DSI zzGP3ewrx9Sw|U$a|Jl^VE#;cX<(g$i+l=m&=f1$xwdp=?OG%jV+{SffD*BEZeLc5V zyQZJK(z$2N>qA86JBc2>9HSpzw&~=bR-J$NG}m7snoqI*1*zZO{`!!0;l0y4qfZXm zbg}DPbm!1N-oMCkPrk4&vU4a#7uo;))9);N_3He>!qtEBPx`m%)h^X&xUk{d3EK1Z4tjJ`8^^WtZ%yO|$6voplACi%-x4qVU*OmU?pMaJuyEg;Nwx>;AXo!I?)v*an$72n?wMjKpCN0# zv#W#Y%6i(uH~T@Bd6qpab-h|o9HYqD7HfU;?Y>U@x3kY~mNeYlQtx-0?Dq6vHy8{r6W_Z~1xF zn|92|+l=fm_78^af1h6{ifYyl@<)yRUDIwb?Jt`43ez4nGHzstk!y@p;b?_ye|)xS z_ZZo3WTTO5jXZ1St9qj*otL(oOhx)DWZ7X|Oe4c-{RBW+0wBo}oEGH_e@C2-j ze`Rf4E*(lu9v3TOuXK1atGF)h=6+*cWu0tteq|mUHncp&7yGy+$(>e?NN|M}ZbcN- z+VYj=(QH0nbk7t^`3$do>rRTt_rx8}Y)5IVjlE>fkyh)jRc&!+LABumJL9dKbZ=1dL@*wxwJZe29(;g$c;}bltmfBR(gB#!OCrU&~ zJC*^p-opVrjZ6HC@&nc{Q?ji0S2gn;vpAzXOkCM$%biW}&*pkdge#`(V`&|fOLQeQ z*?ObeqjoA{M=j?X8=UqCTN|7g&-49>u5jKYR}|ddUDLLlmreT`CB?yRa9%oZMXiQ5 z+vY)d-l>@i<%@+Wcdk&*O%<{kR~BJ;x>%|#r4r*zI#-~o`{Z=G6l4(F$l(+2Q16cL z)8lTPamS)qH>EtA(ri(M#)J(ckEEQ9e#X_Z&n@F*3 zaypwom8xXRl`^H~%B57UFqxmrWK$D4)|4xmT(K`XZ7N$c*~vV&WNQ}wQY?z;n%>fI zN!BLOX8x%?s#d-Wkw_xa?nb(|P@|Gx?irUfva~JgH~V>@39b(B7voFno$C2e?;jyO z7wYv<((|KU-#|<4vkoS>yrsN#Yx}6txA0>g?Bi7>R~+6@^jxmjx00U6_4?K1nsd5d&rc}@=V!gXow}FQ zui=MyDgO`DhF9wj>8V>)`4xv`TUcBi(zlL!n?w4x5!UNlNmwsSesOVvqi2!9q1zYf zg6(PXeU~0BTFmoKKf~htxWo5v<2zQ*?GWo%`!V&GbKG=k@qKxW^$BWU#Q$TgU;WJD z^>)VhU!3P@@#kN-e2x{Zc02Wi#(7Ef+^?<&-JM@zeS+4|K*;|mtY3X0PDjnzs5{0h z#y`A%UK9V%+8y`D-|Gtr7 z@A$sK@nMg={SO`9cW7*gH)Gzdz2Q;sz_ERYhP~1K$H*HQKQg#)+&gmMz(SxOd)m27g~;MmqmdWw=$g}LN(x;#zE%((&w2eMKMERSbPRC8II6a5aFdurS!QVLhIardL}o? zeHA%ZIY?6GsZ(;YI5Weqq&&9l#M~4IqzhA7)(6d8;Z#xU>4}L__Hk|HbA_zd8G}|u z%?NL`i<9}BoS`ORsW26^c@h1WCDYoT@lRgIG+xhPmVP-I2!3IZeURTe zOOG8%~LH9Y_O*&^Rk8b4spU6y{){&f86r}9Del5aC@>-o>p zFZz8L9)DmZn&OJ&9yAJlPhja6jTayJX4UcN{AE9uIqCPUzE809OMf7$SB+Oio-4KS zH_ZH5`bECJYK#AAQKOK3zcyaqPgwfpQV4iBUOruFt@1MRGvGhy$WY={NSc$&GmD>2~`;)mLkEo-O;qiZi_40vd za97{667xYo*k9W!qwrae-k9GWq@vm~M3|0Hr_cqtW-!PyIj_Uf;`}iY{6&H{CO#O&tpwrrFWDrz zo?9+{P2+W4safMy{*Db=S09m&8ErUk*!M5X#6NH1J3|4XCcU>z{1yL$m*~0-rly4B zW2^}4#Qn>5p#5e|tW?9k?Iu1v&%I9I`SddJnn(UyBlU3nRTD4!Yi-dul_?Wn>m&8` zk-)pE@XUp5H5|ETmJ8N>)GLkDIHBg YPqMyhOSu15HZB$aj)^}K3J5jnU!YX^ApigX literal 0 HcmV?d00001 From 27e4d7af871d12fb18219129f1e63ccd0dcf55cc Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Thu, 19 Oct 2023 00:41:50 +0300 Subject: [PATCH 20/39] Restrict system operations on OpenBSD Use pledge(2)[0] to limit patchelf(1) to read, write and create files. It never deals with TTY, network, process management or other subsystems. Do so immediately in main() since mainWrapped() itself parses files whilst parsing command line arguments (--rename-dynamic-symbols). This is to reduce patchelf's attack surface and potential damage when dealing with untrusted ELF programs. No behaviour change in tests or real world usage observed on OpenBSD/amd64 7.4 (0.18.0 tests: 56/52/2/2 TOTAL/PASS/FAIL/SKIP). 0: https://man.openbsd.org/pledge.2 --- src/patchelf.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/patchelf.cc b/src/patchelf.cc index 2fce7dda..49e693ad 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -2697,6 +2697,11 @@ static int mainWrapped(int argc, char * * argv) int main(int argc, char * * argv) { +#ifdef __OpenBSD__ + if (pledge("stdio rpath wpath cpath", NULL) == -1) + error("pledge"); +#endif + try { return mainWrapped(argc, argv); } catch (std::exception & e) { From 1ded8392b18aa022df564e37e266ccd7c8a96530 Mon Sep 17 00:00:00 2001 From: Klemens Nanni Date: Wed, 18 Oct 2023 22:40:57 +0300 Subject: [PATCH 21/39] tests/short-first-segment: fix uname(1) usage and skip message Replace non-portable GNU `-i, --hardware-platform` with `-m[, --machine]` to fix "unknown error" usage error on, e.g. OpenBSD. Also fix the check's backwards logic. OpenBSD/spar64 now prints -skipping test: not supported on x86_64 Linux +skipping test: amd64 Linux required --- tests/short-first-segment.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/short-first-segment.sh b/tests/short-first-segment.sh index 07019fc4..7eba9f9d 100755 --- a/tests/short-first-segment.sh +++ b/tests/short-first-segment.sh @@ -11,8 +11,8 @@ if ! gzip --version >/dev/null; then exit 77 fi -if test "$(uname -i)" != x86_64 || test "$(uname)" != Linux; then - echo "skipping test: not supported on x86_64 Linux" +if test "$(uname -m)" != amd64 || test "$(uname)" != Linux; then + echo "skipping test: amd64 Linux required" exit 77 fi From 47ee15f2a4bf55a9b2aa5c66d470e4c712e941e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 09:59:51 +0000 Subject: [PATCH 22/39] Bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0e76b4b1..5742b200 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -20,7 +20,7 @@ jobs: nix build -L .#hydraJobs.tarball install -D ./result/tarballs/*.tar.bz2 ./dist/patchelf-$(cat version).tar.bz2 install -D ./result/tarballs/*.tar.gz ./dist/patchelf-$(cat version).tar.gz - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: patchelf path: dist/* @@ -37,7 +37,7 @@ jobs: nix build -L .#patchelf-win32 .#patchelf-win64 install -D ./result/bin/patchelf.exe ./dist/patchelf-win32-$(cat version).exe install -D ./result-1/bin/patchelf.exe ./dist/patchelf-win64-$(cat version).exe - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: patchelf path: dist/* @@ -120,7 +120,7 @@ jobs: ./bin/patchelf --version EOF docker run --platform "$DOCKER_PLATFORM" -v $(pwd):/gha ${{ matrix.platform }}/debian:unstable-slim sh -ec "cd /gha && sh ./check.sh" - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: patchelf path: dist/* From 38c720faf819a76e205fa9ac2d523e3ecc4489db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 09:59:49 +0000 Subject: [PATCH 23/39] Bump actions/download-artifact from 3 to 4 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) --- .github/workflows/publish.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5742b200..c16fa7b6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -48,7 +48,7 @@ jobs: runs-on: windows-latest steps: - uses: actions/checkout@v3 - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: patchelf path: dist @@ -83,7 +83,7 @@ jobs: fi echo "DOCKER_PLATFORM=$platform" >> $GITHUB_ENV - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: patchelf path: dist @@ -131,7 +131,7 @@ jobs: if: github.event_name == 'push' && github.repository == 'NixOS/patchelf' && startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest steps: - - uses: actions/download-artifact@v3 + - uses: actions/download-artifact@v4 with: name: patchelf path: dist From 8a88cc8684c71e7a0c0cbc6019fdbfeee6aee151 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 11:26:42 +0100 Subject: [PATCH 24/39] fixup ci with new upload-artifact version --- .github/workflows/publish.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index c16fa7b6..aa64dcf4 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -22,7 +22,7 @@ jobs: install -D ./result/tarballs/*.tar.gz ./dist/patchelf-$(cat version).tar.gz - uses: actions/upload-artifact@v4 with: - name: patchelf + name: patchelf-tarball path: dist/* build_windows: @@ -39,7 +39,7 @@ jobs: install -D ./result-1/bin/patchelf.exe ./dist/patchelf-win64-$(cat version).exe - uses: actions/upload-artifact@v4 with: - name: patchelf + name: patchelf-windows path: dist/* test_windows: @@ -50,7 +50,7 @@ jobs: - uses: actions/checkout@v3 - uses: actions/download-artifact@v4 with: - name: patchelf + name: patchelf-windows path: dist - name: Show binaries run: dir .\\dist @@ -85,7 +85,7 @@ jobs: - uses: actions/download-artifact@v4 with: - name: patchelf + name: patchelf-tarball path: dist - name: Build binaries env: @@ -122,7 +122,7 @@ jobs: docker run --platform "$DOCKER_PLATFORM" -v $(pwd):/gha ${{ matrix.platform }}/debian:unstable-slim sh -ec "cd /gha && sh ./check.sh" - uses: actions/upload-artifact@v4 with: - name: patchelf + name: patchelf-${{ matrix.platform }} path: dist/* publish: @@ -133,7 +133,8 @@ jobs: steps: - uses: actions/download-artifact@v4 with: - name: patchelf + pattern: patchelf-* + merge-multiple: true path: dist - name: Upload binaries to release uses: svenstaro/upload-release-action@v2 From 065c8484e35f43c2df82144366a18c9f6f26a0fc Mon Sep 17 00:00:00 2001 From: Patryk Wychowaniec Date: Fri, 7 Jun 2024 11:47:27 +0200 Subject: [PATCH 25/39] tests: Check uname before gzip --- tests/short-first-segment.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/short-first-segment.sh b/tests/short-first-segment.sh index 7eba9f9d..a0b26c3a 100755 --- a/tests/short-first-segment.sh +++ b/tests/short-first-segment.sh @@ -6,13 +6,13 @@ READELF=${READELF:-readelf} EXEC_NAME="short-first-segment" -if ! gzip --version >/dev/null; then - echo "skipping test: gzip not found" +if test "$(uname -m)" != amd64 || test "$(uname)" != Linux; then + echo "skipping test: amd64 Linux required" exit 77 fi -if test "$(uname -m)" != amd64 || test "$(uname)" != Linux; then - echo "skipping test: amd64 Linux required" +if ! gzip --version >/dev/null; then + echo "skipping test: gzip not found" exit 77 fi From 7cd6f031c093a52cdc4cfdcc97b0fb337d2eec14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 11:35:18 +0100 Subject: [PATCH 26/39] use more portable command -v to test if gzip exists This also works with the busybox version. --- tests/short-first-segment.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/short-first-segment.sh b/tests/short-first-segment.sh index a0b26c3a..7a11345f 100755 --- a/tests/short-first-segment.sh +++ b/tests/short-first-segment.sh @@ -11,7 +11,7 @@ if test "$(uname -m)" != amd64 || test "$(uname)" != Linux; then exit 77 fi -if ! gzip --version >/dev/null; then +if ! command -v gzip >/dev/null; then echo "skipping test: gzip not found" exit 77 fi From d985189c251e9ddda5a79837a65dadea6020c9d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 11:41:50 +0100 Subject: [PATCH 27/39] partially revert "Fix page size on Alpha" this broke tests on other architectures --- tests/Makefile.am | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 61dc342d..14c2ff64 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -81,7 +81,7 @@ export NIX_LDFLAGS= simple_SOURCES = simple.c # no -fpic for simple.o simple_CFLAGS = -simple_LDFLAGS = -Wl,-z,noexecstack -no-pie +simple_LDFLAGS = -Wl,-z,noexecstack simple_pie_SOURCES = simple.c simple_pie_CFLAGS = -fPIC -pie @@ -172,7 +172,7 @@ libmany_syms_so_LDFLAGS = $(LDFLAGS_sharedlib) no_rpath_SOURCES = no-rpath.c # no -fpic for no-rpath.o no_rpath_CFLAGS = -no_rpath_LDFLAGS = -no-pie +no_rpath_LDFLAGS = contiguous_note_sections_SOURCES = contiguous-note-sections.s contiguous-note-sections.ld contiguous_note_sections_LDFLAGS = -nostdlib -T $(srcdir)/contiguous-note-sections.ld From 0e338941fc730c1e7080ca04fc1ee18b9ae2854b Mon Sep 17 00:00:00 2001 From: Pablo Galindo Date: Thu, 5 Sep 2024 18:37:30 +0100 Subject: [PATCH 28/39] Fix alignment problem when rewriting sections After commit ac212d0e6fb8b741e5a5e9ea61091149103f401c the code to rewrite alignment section has been changed to use the largest alignment in the list of segments instead of the alignment that it's retrieved using getPageSize(). Unfortunately the code didn't update the offset as well to keep the invariant p_vaddr % alignment == p_offset % alignment. --- src/patchelf.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/patchelf.cc b/src/patchelf.cc index 49e693ad..acc1e0e8 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -847,7 +847,7 @@ void ElfFile::rewriteSectionsLibrary() neededSpace += headerTableSpace; debug("needed space is %d\n", neededSpace); - Elf_Off startOffset = roundUp(fileContents->size(), getPageSize()); + Elf_Off startOffset = roundUp(fileContents->size(), alignStartPage); // In older version of binutils (2.30), readelf would check if the dynamic // section segment is strictly smaller than the file (and not same size). @@ -883,7 +883,7 @@ void ElfFile::rewriteSectionsLibrary() rdi(lastSeg.p_type) == PT_LOAD && rdi(lastSeg.p_flags) == (PF_R | PF_W) && rdi(lastSeg.p_align) == alignStartPage) { - auto segEnd = roundUp(rdi(lastSeg.p_offset) + rdi(lastSeg.p_memsz), getPageSize()); + auto segEnd = roundUp(rdi(lastSeg.p_offset) + rdi(lastSeg.p_memsz), alignStartPage); if (segEnd == startOffset) { auto newSz = startOffset + neededSpace - rdi(lastSeg.p_offset); wri(lastSeg.p_filesz, wri(lastSeg.p_memsz, newSz)); @@ -902,6 +902,7 @@ void ElfFile::rewriteSectionsLibrary() wri(phdr.p_filesz, wri(phdr.p_memsz, neededSpace)); wri(phdr.p_flags, PF_R | PF_W); wri(phdr.p_align, alignStartPage); + assert(startPage % alignStartPage == startOffset % alignStartPage); } normalizeNoteSegments(); From fd9c6ded207cb474d64848c841162cab5377061b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 10:47:47 +0000 Subject: [PATCH 29/39] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 6 +++--- .github/workflows/publish.yml | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e7e954e0..887258ca 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,18 +6,18 @@ jobs: shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - run: shellcheck tests/*.sh nix: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 - run: nix-build -A hydraJobs.release ubuntu: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: get toolchain version run: | c++ --version diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index aa64dcf4..88015d93 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 - name: Build tarballs run: | @@ -30,7 +30,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - uses: cachix/install-nix-action@v30 - name: Build windows executable run: | @@ -47,7 +47,7 @@ jobs: needs: [build_windows] runs-on: windows-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: actions/download-artifact@v4 with: name: patchelf-windows From 0a64a882084de77846b043a8b88756458ff828d7 Mon Sep 17 00:00:00 2001 From: Yuta Hayama Date: Fri, 21 Jul 2023 10:47:02 +0900 Subject: [PATCH 30/39] Set interpreter only when necessary If the given interpreter is already set, nothing needs to be done. As with modifySoname(), it skips unnecessary processing. --- src/patchelf.cc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/patchelf.cc b/src/patchelf.cc index acc1e0e8..35a5dc1c 100644 --- a/src/patchelf.cc +++ b/src/patchelf.cc @@ -1459,6 +1459,11 @@ void ElfFile::modifySoname(sonameMode op, const std::string & template void ElfFile::setInterpreter(const std::string & newInterpreter) { + if (getInterpreter() == newInterpreter) { + debug("given interpreter is already set\n"); + return; + } + std::string & section = replaceSection(".interp", newInterpreter.size() + 1); setSubstr(section, 0, newInterpreter + '\0'); changed = true; From 5017be7ae0798e5c81ec7f1774a004317cbcebd8 Mon Sep 17 00:00:00 2001 From: Yuta Hayama Date: Fri, 21 Jul 2023 10:53:18 +0900 Subject: [PATCH 31/39] Add test to set interpreter of same name --- tests/Makefile.am | 3 +- tests/set-interpreter-same.sh | 56 +++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+), 1 deletion(-) create mode 100755 tests/set-interpreter-same.sh diff --git a/tests/Makefile.am b/tests/Makefile.am index 14c2ff64..b08929f1 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -52,7 +52,8 @@ src_TESTS = \ overlapping-segments-after-rounding.sh \ shared-rpath.sh \ short-first-segment.sh \ - empty-note.sh + empty-note.sh \ + set-interpreter-same.sh build_TESTS = \ $(no_rpath_arch_TESTS) diff --git a/tests/set-interpreter-same.sh b/tests/set-interpreter-same.sh new file mode 100755 index 00000000..88438c43 --- /dev/null +++ b/tests/set-interpreter-same.sh @@ -0,0 +1,56 @@ +#! /bin/sh -e +SCRATCH=scratch/$(basename "$0" .sh) + +./simple + +curInterpreter=$(../src/patchelf --print-interpreter ./simple) +echo "current interpreter is $curInterpreter" + +rm -rf "${SCRATCH}" +mkdir -p "${SCRATCH}" + +cp simple "${SCRATCH}"/ + +echo "set the same interpreter as the current one" +before_checksum=$(sha256sum ${SCRATCH}/simple) +../src/patchelf --set-interpreter "${curInterpreter}" "${SCRATCH}/simple" +after_checksum=$(sha256sum ${SCRATCH}/simple) + +if [ "$before_checksum" != "$after_checksum" ]; then + echo "--set-interpreter should be NOP, but the file has been changed." + exit 1 +fi + +${SCRATCH}/simple + +dummyInterpreter="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + +echo "set the dummy interpreter" +before_checksum=$(sha256sum ${SCRATCH}/simple) +../src/patchelf --set-interpreter "${dummyInterpreter}" "${SCRATCH}/simple" +after_checksum=$(sha256sum ${SCRATCH}/simple) + +if [ "$before_checksum" = "$after_checksum" ]; then + echo "--set-interpreter should be run, but the file has not been changed." + exit 1 +fi + +if "${SCRATCH}/simple"; then + echo "simple works, but it shouldn't" + exit 1 +fi + +echo "set the same interpreter as the current one" +before_checksum=$(sha256sum ${SCRATCH}/simple) +../src/patchelf --set-interpreter "${dummyInterpreter}" "${SCRATCH}/simple" +after_checksum=$(sha256sum ${SCRATCH}/simple) + +if [ "$before_checksum" != "$after_checksum" ]; then + echo "--set-interpreter should be NOP, but the file has been changed." + exit 1 +fi + +if "${SCRATCH}/simple"; then + echo "simple works, but it shouldn't" + exit 1 +fi From f163e8df3d0fda67cd2e897097ed760fafd6b5f2 Mon Sep 17 00:00:00 2001 From: Michal Biesek Date: Sun, 2 Jul 2023 22:03:27 +0200 Subject: [PATCH 32/39] Add `riscv64` support for flake.nix --- flake.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 84c6f6db..9bbe09d9 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,7 @@ outputs = { self, nixpkgs }: let - supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ]; + supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" "riscv64-linux" ]; forAllSystems = nixpkgs.lib.genAttrs supportedSystems; version = nixpkgs.lib.removeSuffix "\n" (builtins.readFile ./version); @@ -81,10 +81,12 @@ [ self.hydraJobs.tarball self.hydraJobs.build.x86_64-linux self.hydraJobs.build.i686-linux - # FIXME: add aarch64 emulation to our github action... + # FIXME: add aarch64/riscv64 emulation to our github action... #self.hydraJobs.build.aarch64-linux + #self.hydraJobs.build.riscv64-linux self.hydraJobs.build-sanitized.x86_64-linux #self.hydraJobs.build-sanitized.aarch64-linux + #self.hydraJobs.build-sanitized.riscv64-linux self.hydraJobs.build-sanitized.i686-linux self.hydraJobs.build-sanitized-clang.x86_64-linux ]; From 769337c227799aa60911562b6940530f4a86eb3c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 12:39:57 +0100 Subject: [PATCH 33/39] fix shellcheck --- tests/set-interpreter-same.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/set-interpreter-same.sh b/tests/set-interpreter-same.sh index 88438c43..b174628e 100755 --- a/tests/set-interpreter-same.sh +++ b/tests/set-interpreter-same.sh @@ -12,23 +12,23 @@ mkdir -p "${SCRATCH}" cp simple "${SCRATCH}"/ echo "set the same interpreter as the current one" -before_checksum=$(sha256sum ${SCRATCH}/simple) +before_checksum=$(sha256sum "${SCRATCH}/simple") ../src/patchelf --set-interpreter "${curInterpreter}" "${SCRATCH}/simple" -after_checksum=$(sha256sum ${SCRATCH}/simple) +after_checksum=$(sha256sum "${SCRATCH}/simple") if [ "$before_checksum" != "$after_checksum" ]; then echo "--set-interpreter should be NOP, but the file has been changed." exit 1 fi -${SCRATCH}/simple +"${SCRATCH}/simple" dummyInterpreter="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" echo "set the dummy interpreter" -before_checksum=$(sha256sum ${SCRATCH}/simple) +before_checksum=$(sha256sum "${SCRATCH}/simple") ../src/patchelf --set-interpreter "${dummyInterpreter}" "${SCRATCH}/simple" -after_checksum=$(sha256sum ${SCRATCH}/simple) +after_checksum=$(sha256sum "${SCRATCH}/simple") if [ "$before_checksum" = "$after_checksum" ]; then echo "--set-interpreter should be run, but the file has not been changed." @@ -41,9 +41,9 @@ if "${SCRATCH}/simple"; then fi echo "set the same interpreter as the current one" -before_checksum=$(sha256sum ${SCRATCH}/simple) +before_checksum=$(sha256sum "${SCRATCH}/simple") ../src/patchelf --set-interpreter "${dummyInterpreter}" "${SCRATCH}/simple" -after_checksum=$(sha256sum ${SCRATCH}/simple) +after_checksum=$(sha256sum "${SCRATCH}/simple") if [ "$before_checksum" != "$after_checksum" ]; then echo "--set-interpreter should be NOP, but the file has been changed." From e2fe8cb8eb501e8852ce3c98373a2cdb97b28ff5 Mon Sep 17 00:00:00 2001 From: mayeut Date: Sat, 29 Apr 2023 13:38:37 +0200 Subject: [PATCH 34/39] chore(CI): run tests on CentOS 7 --- .github/workflows/ci.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 887258ca..495ca02c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,3 +28,28 @@ jobs: mkdir build && cd build ../configure --with-asan --with-ubsan make -j$(nproc) check + centos7: + strategy: + fail-fast: false + matrix: + platform: ["x86_64", "i686", "ppc64le", "aarch64", "s390x"] + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up QEMU + if: matrix.platform != 'x86_64' + uses: docker/setup-qemu-action@v2 + - run: | + cat < build.sh + set -e + set -x + c++ --version + ld --version + autoconf --version + ./bootstrap.sh + mkdir build && cd build + ../configure + make -j$(nproc) check || (cat tests/test-suite.log; exit 1) + EOF + + docker run -v $(pwd):/gha quay.io/pypa/manylinux2014_${{ matrix.platform }}:latest sh -ec "cd /gha && sh ./build.sh" From 146eafea3b72ee22f35e29dca80fd256d5830fce Mon Sep 17 00:00:00 2001 From: mayeut Date: Sat, 29 Apr 2023 18:15:42 +0200 Subject: [PATCH 35/39] chore(CI): run tests on AlmaLinux 8 --- .github/workflows/ci.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 495ca02c..7e00ca53 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,11 +28,16 @@ jobs: mkdir build && cd build ../configure --with-asan --with-ubsan make -j$(nproc) check - centos7: + + glibc: strategy: fail-fast: false matrix: + glibc: ["2_17", "2_28"] platform: ["x86_64", "i686", "ppc64le", "aarch64", "s390x"] + exclude: + - glibc: "2_28" + platform: "i686" runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -52,4 +57,4 @@ jobs: make -j$(nproc) check || (cat tests/test-suite.log; exit 1) EOF - docker run -v $(pwd):/gha quay.io/pypa/manylinux2014_${{ matrix.platform }}:latest sh -ec "cd /gha && sh ./build.sh" + docker run -v $(pwd):/gha quay.io/pypa/manylinux${{ matrix.glibc == '2_17' && '2014' || format('_{0}', matrix.glibc) }}_${{ matrix.platform }}:latest sh -ec "cd /gha && sh ./build.sh" From c18267af586198cc7f7cf597df63b19681ac5387 Mon Sep 17 00:00:00 2001 From: mayeut Date: Sun, 30 Apr 2023 18:23:44 +0200 Subject: [PATCH 36/39] chore(CI): run tests on Ubuntu 18.04 --- .github/workflows/ci.yml | 43 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7e00ca53..774515e7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,11 +33,15 @@ jobs: strategy: fail-fast: false matrix: - glibc: ["2_17", "2_28"] - platform: ["x86_64", "i686", "ppc64le", "aarch64", "s390x"] + glibc: ["2_17", "2_27", "2_28"] + platform: ["x86_64", "i686", "ppc64le", "aarch64", "s390x", "armv7l"] exclude: + - glibc: "2_17" + platform: "armv7l" - glibc: "2_28" platform: "i686" + - glibc: "2_28" + platform: "armv7l" runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -48,6 +52,17 @@ jobs: cat < build.sh set -e set -x + + if [ "${{ matrix.glibc }}" == "2_27" ]; then + apt-get update + apt-get -y install software-properties-common + add-apt-repository -y ppa:ubuntu-toolchain-r/test + apt-get update + apt-get -y install automake g++-11 make + update-alternatives --install /usr/bin/c++ c++ $(which g++-11) 100 + update-alternatives --install /usr/bin/cc cc $(which gcc-11) 100 + fi + c++ --version ld --version autoconf --version @@ -57,4 +72,26 @@ jobs: make -j$(nproc) check || (cat tests/test-suite.log; exit 1) EOF - docker run -v $(pwd):/gha quay.io/pypa/manylinux${{ matrix.glibc == '2_17' && '2014' || format('_{0}', matrix.glibc) }}_${{ matrix.platform }}:latest sh -ec "cd /gha && sh ./build.sh" + if [ "${{ matrix.platform }}" == "x86_64" ]; then + DH_PREFIX=amd64 + elif [ "${{ matrix.platform }}" == "i686" ]; then + DH_PREFIX=i386 + elif [ "${{ matrix.platform }}" == "aarch64" ]; then + DH_PREFIX=arm64v8 + elif [ "${{ matrix.platform }}" == "armv7l" ]; then + DH_PREFIX=arm32v7 + else + DH_PREFIX=${{ matrix.platform }} + fi + + if [ "${{ matrix.glibc }}" == "2_17" ]; then + IMAGE=quay.io/pypa/manylinux2014_${{ matrix.platform }}:latest + elif [ "${{ matrix.glibc }}" == "2_27" ]; then + IMAGE=${DH_PREFIX}/ubuntu:18.04 + elif [ "${{ matrix.glibc }}" == "2_28" ]; then + IMAGE=quay.io/pypa/manylinux_${{ matrix.glibc }}_${{ matrix.platform }}:latest + else + exit 1 + fi + + docker run -v $(pwd):/gha ${IMAGE} sh -ec "cd /gha && bash ./build.sh" From f5010b3e0fd115cdbe11e257c6d9e6104002513d Mon Sep 17 00:00:00 2001 From: mayeut Date: Tue, 3 Dec 2024 20:44:43 +0100 Subject: [PATCH 37/39] chore(CI): run tests on AlmaLinux 9 --- .github/workflows/ci.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 774515e7..7b9f360a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,14 +33,14 @@ jobs: strategy: fail-fast: false matrix: - glibc: ["2_17", "2_27", "2_28"] - platform: ["x86_64", "i686", "ppc64le", "aarch64", "s390x", "armv7l"] - exclude: + glibc: ["2_17", "2_27", "2_28", "2_34"] + platform: ["x86_64", "ppc64le", "aarch64", "s390x"] + include: - glibc: "2_17" - platform: "armv7l" - - glibc: "2_28" platform: "i686" - - glibc: "2_28" + - glibc: "2_27" + platform: "i686" + - glibc: "2_27" platform: "armv7l" runs-on: ubuntu-latest steps: @@ -90,6 +90,8 @@ jobs: IMAGE=${DH_PREFIX}/ubuntu:18.04 elif [ "${{ matrix.glibc }}" == "2_28" ]; then IMAGE=quay.io/pypa/manylinux_${{ matrix.glibc }}_${{ matrix.platform }}:latest + elif [ "${{ matrix.glibc }}" == "2_34" ]; then + IMAGE=quay.io/pypa/manylinux_${{ matrix.glibc }}_${{ matrix.platform }}:latest else exit 1 fi From 7deb203869acf2bfbd7c67d7ef9bf99bf4039d8a Mon Sep 17 00:00:00 2001 From: mayeut Date: Tue, 3 Dec 2024 20:58:36 +0100 Subject: [PATCH 38/39] chore(CI): run tests on Ubuntu 20.04/22.04 & 24.04 --- .github/workflows/ci.yml | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7b9f360a..b42f9679 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,7 @@ jobs: strategy: fail-fast: false matrix: - glibc: ["2_17", "2_27", "2_28", "2_34"] + glibc: ["2_17", "2_27", "2_28", "2_31", "2_34", "2_35", "2_39"] platform: ["x86_64", "ppc64le", "aarch64", "s390x"] include: - glibc: "2_17" @@ -42,12 +42,18 @@ jobs: platform: "i686" - glibc: "2_27" platform: "armv7l" + - glibc: "2_31" + platform: "armv7l" + - glibc: "2_35" + platform: "armv7l" + - glibc: "2_39" + platform: "armv7l" runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - name: Set up QEMU if: matrix.platform != 'x86_64' - uses: docker/setup-qemu-action@v2 + uses: docker/setup-qemu-action@v3 - run: | cat < build.sh set -e @@ -61,6 +67,9 @@ jobs: apt-get -y install automake g++-11 make update-alternatives --install /usr/bin/c++ c++ $(which g++-11) 100 update-alternatives --install /usr/bin/cc cc $(which gcc-11) 100 + elif [ "${{ matrix.glibc }}" == "2_31" ] || [ "${{ matrix.glibc }}" == "2_35" ] || [ "${{ matrix.glibc }}" == "2_39" ]; then + apt-get update + apt-get -y install automake g++ make fi c++ --version @@ -73,27 +82,33 @@ jobs: EOF if [ "${{ matrix.platform }}" == "x86_64" ]; then - DH_PREFIX=amd64 + DOCKER_PLATFORM=amd64 elif [ "${{ matrix.platform }}" == "i686" ]; then - DH_PREFIX=i386 + DOCKER_PLATFORM=386 elif [ "${{ matrix.platform }}" == "aarch64" ]; then - DH_PREFIX=arm64v8 + DOCKER_PLATFORM=arm64/v8 elif [ "${{ matrix.platform }}" == "armv7l" ]; then - DH_PREFIX=arm32v7 + DOCKER_PLATFORM=arm/v7 else - DH_PREFIX=${{ matrix.platform }} + DOCKER_PLATFORM=${{ matrix.platform }} fi if [ "${{ matrix.glibc }}" == "2_17" ]; then IMAGE=quay.io/pypa/manylinux2014_${{ matrix.platform }}:latest elif [ "${{ matrix.glibc }}" == "2_27" ]; then - IMAGE=${DH_PREFIX}/ubuntu:18.04 + IMAGE=ubuntu:18.04 elif [ "${{ matrix.glibc }}" == "2_28" ]; then IMAGE=quay.io/pypa/manylinux_${{ matrix.glibc }}_${{ matrix.platform }}:latest + elif [ "${{ matrix.glibc }}" == "2_31" ]; then + IMAGE=ubuntu:20.04 elif [ "${{ matrix.glibc }}" == "2_34" ]; then IMAGE=quay.io/pypa/manylinux_${{ matrix.glibc }}_${{ matrix.platform }}:latest + elif [ "${{ matrix.glibc }}" == "2_35" ]; then + IMAGE=ubuntu:22.04 + elif [ "${{ matrix.glibc }}" == "2_39" ]; then + IMAGE=ubuntu:24.04 else exit 1 fi - docker run -v $(pwd):/gha ${IMAGE} sh -ec "cd /gha && bash ./build.sh" + docker run --platform linux/${DOCKER_PLATFORM} -v $(pwd):/gha ${IMAGE} sh -ec "cd /gha && bash ./build.sh" From 7a9feaf14ca023d9a2d5f1e6460056e17cda72c5 Mon Sep 17 00:00:00 2001 From: mayeut Date: Tue, 3 Dec 2024 22:58:15 +0100 Subject: [PATCH 39/39] fix some tests when running under QEMU In some cases, ldd can fail on the original binary. In that case it is also observed that running with an explicit interpreter will fail. https://gitlab.com/qemu-project/qemu/-/issues/1763 --- tests/replace-add-needed.sh | 10 +++++++++- tests/set-interpreter-long.sh | 5 +++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/tests/replace-add-needed.sh b/tests/replace-add-needed.sh index 701cb953..1282f4f8 100755 --- a/tests/replace-add-needed.sh +++ b/tests/replace-add-needed.sh @@ -11,7 +11,15 @@ cp libbar.so "${SCRATCH}"/ cd "${SCRATCH}" -libcldd=$(ldd ./simple | awk '/ => / { print $3 }' | grep -E "(libc(-[0-9.]*)*.so|ld-musl)") +# QEMU & ldd are not playing well together in certain cases +if ldd ./simple >/dev/null 2>&1; then + libcldd=$(ldd ./simple | awk '/ => / { print $3 }' | grep -E "(libc(-[0-9.]*)*.so|ld-musl)") +elif [ -f /lib64/libc.so.6 ]; then + libcldd=/lib64/libc.so.6 +else + echo "ldd ./simple failed" + exit 1 +fi # We have to set the soname on these libraries ${PATCHELF} --set-soname libbar.so ./libbar.so diff --git a/tests/set-interpreter-long.sh b/tests/set-interpreter-long.sh index f1e0d2f9..bb692aeb 100755 --- a/tests/set-interpreter-long.sh +++ b/tests/set-interpreter-long.sh @@ -6,7 +6,8 @@ SCRATCH=scratch/$(basename "$0" .sh) oldInterpreter=$(../src/patchelf --print-interpreter ./simple) echo "current interpreter is $oldInterpreter" -if test "$(uname)" = Linux; then +# QEMU & ldd/ld.so are not playing well together in certain cases +if test "$(uname)" = Linux && ldd ./simple >/dev/null 2>&1; then echo "running with explicit interpreter..." "$oldInterpreter" ./simple fi @@ -28,7 +29,7 @@ echo "running with new interpreter..." ln -s "$oldInterpreter" "$newInterpreter" "${SCRATCH}"/simple -if test "$(uname)" = Linux; then +if test "$(uname)" = Linux && ldd ./simple >/dev/null 2>&1; then echo "running with explicit interpreter..." "$oldInterpreter" "${SCRATCH}/simple" fi