| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
remove fix_configure_mac.patch
Fixed upstream: https://bugreports.qt.io/browse/QTBUG-67286
remove fix_riscv64_arch.patch
Was fixed upstream in 6a39e49a6cdeb28a04a3657bb6a22f848d5dfa9d
remove fix_rcc_determinism.patch
Fixed upstream in https://bugreports.qt.io/browse/QTBUG-62511
remove freetype_back_compat.patch
By the time we ship a release with Qt 5.12, we'll certainly no-longer be
supporting Ubuntu 14.04 and Ubuntu 16.04 ships with FreeType 2.6.1,
which is new enough that using the symbol is no-longer an issue.
The renaming of FT_Get_X11_Font_Format() happened in FreeType 2.6
remove xkb-default.patch
This was removed upstream in d5abf545971da717014d316127045fc19edbcd65
Co-authored-by: Hennadii Stepanov <32963518+hebasto@users.noreply.github.com>
|
|
Co-authored-by: fanquake <fanquake@gmail.com>
|
|
|
|
Changes from #14066.
|
|
Instead of the ever-messier text parsing of the output of the readelf
tool (which is clearly meant for human consumption not to be machine
parseable), parse the ELF binaries directly.
Add a small dependency-less ELF parser specific to the checks.
This is slightly more secure, too, because it removes potential
ambiguity due to misparsing and changes in the output format of `elfread`. It
also allows for stricter and more specific ELF format checks in the future.
This removes the build-time dependency for `readelf`.
It passes the test-security-check for me locally, though I haven't
checked on all platforms.
|
|
|
|
|
|
This export was introduced in #17270 which added
```
//! Necessary on some platforms
extern char** environ;
```
|
|
Debian 8 (Jessie) has:
- g++ version 4.9.2
- libc version 2.19
Ubuntu 16.04.4 (Xenial) has:
- g++ version 5.3.1
- libc version 2.23.0
CentOS 7 has:
- g++ version 4.8.5
- libc version 2.17
Taking the minimum of these as our target.
According to the GNU ABI document this corresponds to:
- GCC 4.8.5: GCC_4.8.0
- (glibc) GLIBC_2_17
Co-Authored-By: fanquake <fanquake@gmail.com>
|
|
Ever since statically linking Qt, we've been linking the C++ library
statically too (-static-libstdc++). Take this into
account in the symbol checker.
|
|
|
|
Flagged by flake8 v3.6.0, as W605, plus a few others identified
incidentally, e.g. 59ffecf66cf4d08c4b431e457b083878d66a3fd6.
Note that r"\n" matches to "\n" under re.match/search.
|
|
They should no longer be needed as we build QT without libX11/XLib
libraries now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ubuntu 16.04 "xenial xerus" does not come with Python 2.x by default.
It is possible to install a python-2.7 package, but this has its own
problem: no `python` or `python2` symlink (see #7717).
This fixes the following scripts to work with python 3:
- `make check` (bctest,py, bitcoin-util-test.py)
- `make translate` (extract_strings_qt.py)
- `make symbols-check` (symbol-check.py)
- `make security-check` (security-check.py)
Explicitly call the python commands using $(PYTHON) instead
of relying on the interpreter line at the top of the scripts.
|
|
For details see: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=634261#109
|
|
Forgot to add these.
Also add a short description for each required library.
|
|
Perform the following ELF security checks:
- PIE: Check for position independent executable (PIE), allowing for address space randomization
- NX: Check that no sections are writable and executable (including the stack)
- RELRO: Check for read-only relocations, binding at startup
- Canary: Check for use of stack canary
Also add a check to symbol-check.py that checks that only the subset of
allowed libraries is imported (to avoid incompatibilities).
|
|
|
|
See discussion in #4663.
|
|
After last commit, our executables should export no symbols anymore. To
make sure that this stays the case, verify this in the symbol checker
script.
|
|
Add a script to check that the (Linux) executables produced by gitian
only contain allowed gcc, glibc and libstdc++ version symbols. This
makes sure they are still compatible with the minimum supported Linux
distribution versions.
|
