commit 332c5b6c16f1b0915f537a4ad5af48295f80c733 Author: Georg Koppen gk@torproject.org Date: Tue Apr 25 11:20:53 2017 +0000
Bug 20683: Integrate Selfrando into alpha Linux builds
Selfrando is a new defense against code reuse attacks developed by the Redactor and Readactor++ people. We should give it a wider testing audience by including it in the alpha series.
This is currently only available for 64bit Linux builds, though. Supporting other platforms and architectures is work in progress. --- RelativeLink/start-tor-browser | 1 + gitian/descriptors/linux/gitian-firefox.yml | 17 +++++ gitian/descriptors/linux/gitian-utils.yml | 46 +++++++++++++ gitian/fetch-inputs.sh | 4 +- gitian/gpg/ELFUTILS.gpg | Bin 0 -> 10483 bytes gitian/mkbundle-linux.sh | 13 ++-- gitian/patches/binutils-224-gold.patch | 98 ++++++++++++++++++++++++++++ gitian/verify-tags.sh | 3 +- gitian/versions.alpha | 4 ++ gitian/versions.nightly | 4 ++ 10 files changed, 183 insertions(+), 7 deletions(-)
diff --git a/RelativeLink/start-tor-browser b/RelativeLink/start-tor-browser index a78b367..2dd40fc 100755 --- a/RelativeLink/start-tor-browser +++ b/RelativeLink/start-tor-browser @@ -270,6 +270,7 @@ fi
LD_LIBRARY_PATH="${HOME}/TorBrowser/Tor/" export LD_LIBRARY_PATH +export SELFRANDO_write_layout_file=
function setControlPortPasswd() { local ctrlPasswd=$1 diff --git a/gitian/descriptors/linux/gitian-firefox.yml b/gitian/descriptors/linux/gitian-firefox.yml index c9ced44..db4f232 100644 --- a/gitian/descriptors/linux/gitian-firefox.yml +++ b/gitian/descriptors/linux/gitian-firefox.yml @@ -27,6 +27,8 @@ reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://git.torproject.org/tor-browser.git" "dir": "tor-browser" +- "url": "https://github.com/immunant/selfrando.git" + "dir": "selfrando" files: - "binutils-linux32-utils.zip" - "binutils-linux64-utils.zip" @@ -36,6 +38,8 @@ files: - "re-dzip.sh" - "dzip.sh" - "versions" +# XXX: 64bits only for now :(, see #20683. +- "selfrando-linux64-utils.zip" script: | source versions INSTDIR="$HOME/install" @@ -53,6 +57,11 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1 # + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + unzip -d $INSTDIR selfrando-linux64-utils.zip + fi # Preparing Binutils and GCC for Tor Browser unzip -d $INSTDIR binutils-linux$GBUILD_BITS-utils.zip # Make sure gold is used with the hardening wrapper for full RELRO, see @@ -94,6 +103,14 @@ script: | find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" rm -f configure rm -f js/src/configure + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + # Selfrando wrapper + export PATH="$HOME/build/selfrando/Tools/TorBrowser/tc-wrapper/:$PATH" + # We need to avoid the shuffling while building as this breaks compilation + export SELFRANDO_skip_shuffle= + fi make -f client.mk configure CONFIGURE_ARGS="--with-tor-browser-version=${TORBROWSER_VERSION} --with-distribution-id=org.torproject --enable-update-channel=${TORBROWSER_UPDATE_CHANNEL} --enable-bundled-fonts" find -type f -print0 | xargs -0 touch --date="$REFERENCE_DATETIME" make $MAKEOPTS -f client.mk build diff --git a/gitian/descriptors/linux/gitian-utils.yml b/gitian/descriptors/linux/gitian-utils.yml index d10422b..eb340b8 100644 --- a/gitian/descriptors/linux/gitian-utils.yml +++ b/gitian/descriptors/linux/gitian-utils.yml @@ -24,10 +24,14 @@ packages: - "libssl-dev" # Needed for binutils (64bit) as we are building with PIE enabled. - "libstdc++6-4.7-pic" +# Needed for Selfrando +- "scons" reference_datetime: "2000-01-01 00:00:00" remotes: - "url": "https://github.com/libevent/libevent.git" "dir": "libevent" +- "url": "https://github.com/immunant/selfrando.git" + "dir": "selfrando" files: - "binutils.tar.bz2" - "gcc.tar.bz2" @@ -37,6 +41,8 @@ files: - "go.tar.gz" - "versions" - "dzip.sh" +- "elfutils.tar.bz2" +- "binutils-224-gold.patch" script: | INSTDIR="$HOME/install" source versions @@ -52,6 +58,12 @@ script: | export DEB_BUILD_HARDENING_FORMAT=1 export DEB_BUILD_HARDENING_PIE=1
+ ARCH="" + if [ $GBUILD_BITS == "64" ]; + then + ARCH="64" + fi + # Building Binutils tar xjf binutils.tar.bz2 # The libstdc++ shipped by default is non-PIC which breaks the binutils build @@ -63,6 +75,13 @@ script: | export LDFLAGS="-L/home/debian -lstdc++" fi cd binutils* + # We need to work around a gold linker bug in 2.24 to get selfrando working, + # see bug 20683. + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + patch -p1 < ../binutils-224-gold.patch + fi # We want to use gold as the linker in our toolchain mainly as it is way # faster when linking Tor Browser code (especially libxul). But apart from # that it fixes #12103 and issues with ESR 31 and our Gitian setup as well @@ -86,6 +105,28 @@ script: | cd ..
export DEB_BUILD_HARDENING_FORMAT=1 + export PATH="$INSTDIR/binutils/bin:$INSTDIR/gcc/bin:$PATH" + export LD_LIBRARY_PATH="$INSTDIR/gcc/lib$ARCH" + + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + # Building Elfutils + tar xjf elfutils.tar.bz2 + cd elfutils*/ + ./configure --prefix=$INSTDIR/elfutils + make $MAKEOPTS + make install + cd .. + + # Building Selfrando + cd selfrando + scons -Q arch=x86_64 LIBELF_PATH="$INSTDIR/elfutils" FORCE_INPLACE=1 DEBUG_LEVEL=env WRITE_LAYOUTS=env LOG=console + mkdir -p $INSTDIR/selfrando + cp out/x86_64/bin/* $INSTDIR/selfrando/ + cd .. + fi + # Building Libevent cd libevent ./autogen.sh @@ -157,4 +198,9 @@ script: | ~/build/dzip.sh libevent-${LIBEVENT_TAG#release-}-linux$GBUILD_BITS-utils.zip libevent ~/build/dzip.sh gmp-$GMP_VER-linux$GBUILD_BITS-utils.zip gmp ~/build/dzip.sh go-$GO_VER-linux$GBUILD_BITS-utils.zip go + # XXX: 64bits only for now :(, see #20683. + if [ $GBUILD_BITS == "64" ]; + then + ~/build/dzip.sh selfrando-$SELFRANDO_TAG-linux$GBUILD_BITS-utils.zip selfrando + fi cp *utils.zip $OUTDIR/ diff --git a/gitian/fetch-inputs.sh b/gitian/fetch-inputs.sh index b7fcf36..c110eb8 100755 --- a/gitian/fetch-inputs.sh +++ b/gitian/fetch-inputs.sh @@ -113,7 +113,7 @@ update_git() {
############################################################################## # Get+verify sigs that exist -for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI +for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS do PACKAGE="${i}_PACKAGE" URL="${i}_URL" @@ -252,6 +252,7 @@ ln -sf "$GO_PACKAGE" go.tar.gz ln -sf "$NSIS_PACKAGE" nsis.tar.bz2 ln -sf "$NSIS_DEBIAN_PACKAGE" nsis-debian.tar.xz ln -sf "$YASM_PACKAGE" yasm.tar.gz +ln -sf "$ELFUTILS_PACKAGE" elfutils.tar.bz2
# Fetch latest gitian-builder itself # XXX - this is broken if a non-standard inputs dir is selected using the command line flag. @@ -303,6 +304,7 @@ depot_tools https://chromium.googlesource.com/chromium/tools/depot_too go-webrtc https://github.com/keroserene/go-webrtc $GO_WEBRTC_TAG snowflake https://git.torproject.org/pluggable-transports/snowflake.git $SNOWFLAKE_TAG uniuri https://github.com/dchest/uniuri $UNIURI_TAG +selfrando https://github.com/immunant/selfrando.git $SELFRANDO_TAG EOF
# HTTPS-Everywhere is special, too. We need to initialize the git submodules and diff --git a/gitian/gpg/ELFUTILS.gpg b/gitian/gpg/ELFUTILS.gpg new file mode 100644 index 0000000..f1cd4b3 Binary files /dev/null and b/gitian/gpg/ELFUTILS.gpg differ diff --git a/gitian/mkbundle-linux.sh b/gitian/mkbundle-linux.sh index 6dbbe51..0a1613f 100755 --- a/gitian/mkbundle-linux.sh +++ b/gitian/mkbundle-linux.sh @@ -35,7 +35,7 @@ fi
if [ -z "$VM_MEMORY" ]; then - export VM_MEMORY=4000 + export VM_MEMORY=6000 fi
./make-vms.sh @@ -99,7 +99,7 @@ then fi
cd $GITIAN_DIR - +# XXX: 64bits selfrando only for now :(, see #20683. if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/binutils-$BINUTILS_VER-linux64-utils.zip -o \ ! -f inputs/gcc-$GCC_VER-linux32-utils.zip -o \ @@ -111,13 +111,14 @@ if [ ! -f inputs/binutils-$BINUTILS_VER-linux32-utils.zip -o \ ! -f inputs/gmp-$GMP_VER-linux32-utils.zip -o \ ! -f inputs/gmp-$GMP_VER-linux64-utils.zip -o \ ! -f inputs/go-$GO_VER-linux32-utils.zip -o \ - ! -f inputs/go-$GO_VER-linux64-utils.zip ]; + ! -f inputs/go-$GO_VER-linux64-utils.zip -o \ + ! -f inputs/selfrando-$SELFRANDO_TAG-linux64-utils.zip ]; then echo echo "****** Starting Utilities Component of Linux Bundle (1/7 for Linux) ******" echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit libevent=$LIBEVENT_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-utils.yml if [ $? -ne 0 ]; then #mv var/build.log ./utils-fail-linux.log.`date +%Y%m%d%H%M%S` @@ -138,6 +139,7 @@ then ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip + ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip cd .. #cp -a result/utils-linux-res.yml inputs/ else @@ -159,6 +161,7 @@ else ln -sf gmp-$GMP_VER-linux64-utils.zip gmp-linux64-utils.zip ln -sf go-$GO_VER-linux32-utils.zip go-linux32-utils.zip ln -sf go-$GO_VER-linux64-utils.zip go-linux64-utils.zip + ln -sf selfrando-$SELFRANDO_TAG-linux64-utils.zip selfrando-linux64-utils.zip cd .. fi
@@ -193,7 +196,7 @@ then echo "****** Starting TorBrowser Component of Linux Bundle (3/7 for Linux) ******" echo
- ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml + ./bin/gbuild -j $NUM_PROCS -m $VM_MEMORY --commit tor-browser=$TORBROWSER_TAG,faketime=$FAKETIME_TAG,selfrando=$SELFRANDO_TAG $DESCRIPTOR_DIR/linux/gitian-firefox.yml if [ $? -ne 0 ]; then #mv var/build.log ./firefox-fail-linux.log.`date +%Y%m%d%H%M%S` diff --git a/gitian/patches/binutils-224-gold.patch b/gitian/patches/binutils-224-gold.patch new file mode 100644 index 0000000..a45e49c --- /dev/null +++ b/gitian/patches/binutils-224-gold.patch @@ -0,0 +1,98 @@ +From f984741df04cd68bb116073fdfa9405808810ab4 Mon Sep 17 00:00:00 2001 +From: Cary Coutant ccoutant@google.com +Date: Wed, 5 Feb 2014 22:59:02 -0800 +Subject: [PATCH] Fix issues with gold undefined symbol diagnostics. + +PR binutils/15435 complains that gold issues a visibility error for an +weak undefined symbol with hidden visibility. The message should be +suppressed if the symbol is a weak undef. + +An earlier patch to add an extra note about key functions when a class's +vtable symbol is undefined missed a case where the reference to the +vtable came from a shared library. This patch moves the check to a +lower-level routine that catches both cases. + +gold/ + +2014-02-05 Cary Coutant ccoutant@google.com + + * errors.cc (Errors::undefined_symbol): Move undef vtable symbol + check to here. + * target-reloc.h (is_strong_undefined): New function. + (relocate_section): Move undef vtable symbol check from here. + Check for is_strong_undefined. + +diff --git a/gold/ChangeLog b/gold/ChangeLog +index dcf7ed41f8..dd7ef72980 100644 +--- a/gold/ChangeLog ++++ b/gold/ChangeLog +@@ -1,3 +1,14 @@ ++2014-02-05 Cary Coutant ccoutant@google.com ++ ++ Fix issues with gold undefined symbol diagnostics. ++ ++ PR binutils/15435 ++ * errors.cc (Errors::undefined_symbol): Move undef vtable symbol ++ check to here. ++ * target-reloc.h (is_strong_undefined): New function. ++ (relocate_section): Move undef vtable symbol check from here. ++ Check for is_strong_undefined. ++ + 2013-11-22 Cary Coutant ccoutant@google.com + + * testsuite/Makefile.am (exception_x86_64_bnd_test): Use in-tree +diff --git a/gold/errors.cc b/gold/errors.cc +index b79764bd1d..98db0fdd86 100644 +--- a/gold/errors.cc ++++ b/gold/errors.cc +@@ -193,6 +193,11 @@ Errors::undefined_symbol(const Symbol* sym, const std::string& location) + fprintf(stderr, + _("%s: %s: undefined reference to '%s', version '%s'\n"), + location.c_str(), zmsg, sym->demangled_name().c_str(), version); ++ ++ if (sym->is_cxx_vtable()) ++ gold_info(_("%s: the vtable symbol may be undefined because " ++ "the class is missing its key function"), ++ program_name); + } + + // Issue a debugging message. +diff --git a/gold/target-reloc.h b/gold/target-reloc.h +index b544c78f37..d609bcbaa8 100644 +--- a/gold/target-reloc.h ++++ b/gold/target-reloc.h +@@ -144,6 +144,12 @@ class Default_comdat_behavior + } + }; + ++inline bool ++is_strong_undefined(const Symbol* sym) ++{ ++ return sym->is_undefined() && sym->binding() != elfcpp::STB_WEAK; ++} ++ + // Give an error for a symbol with non-default visibility which is not + // defined locally. + +@@ -411,16 +417,10 @@ relocate_section( + } + + if (issue_undefined_symbol_error(sym)) +- { +- gold_undefined_symbol_at_location(sym, relinfo, i, offset); +- if (sym->is_cxx_vtable()) +- gold_info(_("%s: the vtable symbol may be undefined because " +- "the class is missing its key function"), +- program_name); +- } ++ gold_undefined_symbol_at_location(sym, relinfo, i, offset); + else if (sym != NULL + && sym->visibility() != elfcpp::STV_DEFAULT +- && (sym->is_undefined() || sym->is_from_dynobj())) ++ && (is_strong_undefined(sym) || sym->is_from_dynobj())) + visibility_error(sym); + + if (sym != NULL && sym->has_warning()) +-- +2.11.0 + diff --git a/gitian/verify-tags.sh b/gitian/verify-tags.sh index dc207f5..7d551b8 100755 --- a/gitian/verify-tags.sh +++ b/gitian/verify-tags.sh @@ -125,10 +125,11 @@ depot_tools $DEPOT_TOOLS_TAG go-webrtc $GO_WEBRTC_TAG snowflake $SNOWFLAKE_TAG uniuri $UNIURI_TAG +selfrando $SELFRANDO_TAG EOF
# Verify signatures on signed packages -for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI +for i in OPENSSL BINUTILS GCC PYTHON_MSI GMP LLVM CFE LIBCXX LIBCXXABI ELFUTILS do PACKAGE="${i}_PACKAGE" URL="${i}_URL" diff --git a/gitian/versions.alpha b/gitian/versions.alpha index adb9dbf..33be86d 100755 --- a/gitian/versions.alpha +++ b/gitian/versions.alpha @@ -47,6 +47,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=ab1b64862e0c4b4182010699911c2c5818f0a101 SNOWFLAKE_TAG=9f2e9a6ecb696149708716ca06ce842df03cf492 UNIURI_TAG=8902c56451e9b58ff940bbe5fec35d5f9c04584a +SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
GITIAN_TAG=tor-browser-builder-4-4
@@ -71,6 +72,7 @@ GO14_VER=1.4.3 GO_VER=1.8.1 NSIS_VER=2.51 YASM_VER=1.2.0 +ELFUTILS_VER=0.160
## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -105,6 +107,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf YASM_PACKAGE=yasm-${YASM_VER}.tar.gz +ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 @@ -167,3 +170,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE} NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE} NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE} YASM_URL=https://www.tortall.net/projects/yasm/releases/$%7BYASM_PACKAGE%7D +ELFUTILS_URL=https://sourceware.org/elfutils/ftp/$%7BELFUTILS_VER%7D/$%7BELFUTILS_PACKAGE... diff --git a/gitian/versions.nightly b/gitian/versions.nightly index 4e1618c..69ddb47 100755 --- a/gitian/versions.nightly +++ b/gitian/versions.nightly @@ -54,6 +54,7 @@ WEBRTC_TAG=c279861207c5b15fc51069e96595782350e0ac12 # https://chromium.googlesou GO_WEBRTC_TAG=master SNOWFLAKE_TAG=master UNIURI_TAG=master +SELFRANDO_TAG=aa4130fe9d782ff7ef581555ef3470663b110bdb
GITIAN_TAG=tor-browser-builder-4
@@ -78,6 +79,7 @@ GO14_VER=1.4.3 GO_VER=1.8.1 NSIS_VER=2.51 YASM_VER=1.2.0 +ELFUTILS_VER=0.166
## File names for the source packages OPENSSL_PACKAGE=openssl-${OPENSSL_VER}.tar.gz @@ -112,6 +114,7 @@ NOTOKRFONT_PACKAGE=NotoSansKR-Regular.otf NOTOSCFONT_PACKAGE=NotoSansSC-Regular.otf NOTOTCFONT_PACKAGE=NotoSansTC-Regular.otf YASM_PACKAGE=yasm-${YASM_VER}.tar.gz +ELFUTILS_PACKAGE=elfutils-${ELFUTILS_VER}.tar.bz2
# Hashes for packages with weak sigs or no sigs OPENSSL_HASH=6b3977c61f2aedf0f96367dcfb5c6e578cf37e7b8d913b4ecb6643c3cb88d8c0 @@ -174,3 +177,4 @@ NOTOKRFONT_URL=${NOTOCJKBASE_URL}/${NOTOKRFONT_PACKAGE} NOTOSCFONT_URL=${NOTOCJKBASE_URL}/${NOTOSCFONT_PACKAGE} NOTOTCFONT_URL=${NOTOCJKBASE_URL}/${NOTOTCFONT_PACKAGE} YASM_URL=https://www.tortall.net/projects/yasm/releases/$%7BYASM_PACKAGE%7D +ELFUTILS_URL=https://sourceware.org/elfutils/ftp/$%7BELFUTILS_VER%7D/$%7BELFUTILS_PACKAGE...