From d3d45871c3216c946f33694789cd32ffb17ae71d Mon Sep 17 00:00:00 2001 From: Jan Kratochvil Date: Tue, 24 Apr 2012 22:24:08 +0200 Subject: [PATCH] Update "set auto-load" patchset and the --with-auto-load-safe-path setting. --- ...-01of16.patch => gdb-autoload-01of22.patch | 0 ...-02of16.patch => gdb-autoload-02of22.patch | 0 ...-03of16.patch => gdb-autoload-03of22.patch | 0 ...-04of16.patch => gdb-autoload-04of22.patch | 0 ...-05of16.patch => gdb-autoload-05of22.patch | 0 ...-06of16.patch => gdb-autoload-06of22.patch | 0 ...-07of16.patch => gdb-autoload-07of22.patch | 0 ...-08of16.patch => gdb-autoload-08of22.patch | 0 ...-09of16.patch => gdb-autoload-09of22.patch | 0 ...-10of16.patch => gdb-autoload-10of22.patch | 0 ...-11of16.patch => gdb-autoload-11of22.patch | 0 ...-12of16.patch => gdb-autoload-12of22.patch | 0 ...-13of16.patch => gdb-autoload-13of22.patch | 0 ...-14of16.patch => gdb-autoload-14of22.patch | 0 ...-15of16.patch => gdb-autoload-15of22.patch | 0 ...-16of16.patch => gdb-autoload-16of22.patch | 0 gdb-autoload-17of22.patch | 23 ++ gdb-autoload-18of22.patch | 51 ++++ gdb-autoload-19of22.patch | 38 +++ gdb-autoload-20of22.patch | 39 +++ gdb-autoload-21of22.patch | 158 ++++++++++++ gdb-autoload-22of22.patch | 231 ++++++++++++++++++ gdb.spec | 54 ++-- 23 files changed, 575 insertions(+), 19 deletions(-) rename gdb-autoload-01of16.patch => gdb-autoload-01of22.patch (100%) rename gdb-autoload-02of16.patch => gdb-autoload-02of22.patch (100%) rename gdb-autoload-03of16.patch => gdb-autoload-03of22.patch (100%) rename gdb-autoload-04of16.patch => gdb-autoload-04of22.patch (100%) rename gdb-autoload-05of16.patch => gdb-autoload-05of22.patch (100%) rename gdb-autoload-06of16.patch => gdb-autoload-06of22.patch (100%) rename gdb-autoload-07of16.patch => gdb-autoload-07of22.patch (100%) rename gdb-autoload-08of16.patch => gdb-autoload-08of22.patch (100%) rename gdb-autoload-09of16.patch => gdb-autoload-09of22.patch (100%) rename gdb-autoload-10of16.patch => gdb-autoload-10of22.patch (100%) rename gdb-autoload-11of16.patch => gdb-autoload-11of22.patch (100%) rename gdb-autoload-12of16.patch => gdb-autoload-12of22.patch (100%) rename gdb-autoload-13of16.patch => gdb-autoload-13of22.patch (100%) rename gdb-autoload-14of16.patch => gdb-autoload-14of22.patch (100%) rename gdb-autoload-15of16.patch => gdb-autoload-15of22.patch (100%) rename gdb-autoload-16of16.patch => gdb-autoload-16of22.patch (100%) create mode 100644 gdb-autoload-17of22.patch create mode 100644 gdb-autoload-18of22.patch create mode 100644 gdb-autoload-19of22.patch create mode 100644 gdb-autoload-20of22.patch create mode 100644 gdb-autoload-21of22.patch create mode 100644 gdb-autoload-22of22.patch diff --git a/gdb-autoload-01of16.patch b/gdb-autoload-01of22.patch similarity index 100% rename from gdb-autoload-01of16.patch rename to gdb-autoload-01of22.patch diff --git a/gdb-autoload-02of16.patch b/gdb-autoload-02of22.patch similarity index 100% rename from gdb-autoload-02of16.patch rename to gdb-autoload-02of22.patch diff --git a/gdb-autoload-03of16.patch b/gdb-autoload-03of22.patch similarity index 100% rename from gdb-autoload-03of16.patch rename to gdb-autoload-03of22.patch diff --git a/gdb-autoload-04of16.patch b/gdb-autoload-04of22.patch similarity index 100% rename from gdb-autoload-04of16.patch rename to gdb-autoload-04of22.patch diff --git a/gdb-autoload-05of16.patch b/gdb-autoload-05of22.patch similarity index 100% rename from gdb-autoload-05of16.patch rename to gdb-autoload-05of22.patch diff --git a/gdb-autoload-06of16.patch b/gdb-autoload-06of22.patch similarity index 100% rename from gdb-autoload-06of16.patch rename to gdb-autoload-06of22.patch diff --git a/gdb-autoload-07of16.patch b/gdb-autoload-07of22.patch similarity index 100% rename from gdb-autoload-07of16.patch rename to gdb-autoload-07of22.patch diff --git a/gdb-autoload-08of16.patch b/gdb-autoload-08of22.patch similarity index 100% rename from gdb-autoload-08of16.patch rename to gdb-autoload-08of22.patch diff --git a/gdb-autoload-09of16.patch b/gdb-autoload-09of22.patch similarity index 100% rename from gdb-autoload-09of16.patch rename to gdb-autoload-09of22.patch diff --git a/gdb-autoload-10of16.patch b/gdb-autoload-10of22.patch similarity index 100% rename from gdb-autoload-10of16.patch rename to gdb-autoload-10of22.patch diff --git a/gdb-autoload-11of16.patch b/gdb-autoload-11of22.patch similarity index 100% rename from gdb-autoload-11of16.patch rename to gdb-autoload-11of22.patch diff --git a/gdb-autoload-12of16.patch b/gdb-autoload-12of22.patch similarity index 100% rename from gdb-autoload-12of16.patch rename to gdb-autoload-12of22.patch diff --git a/gdb-autoload-13of16.patch b/gdb-autoload-13of22.patch similarity index 100% rename from gdb-autoload-13of16.patch rename to gdb-autoload-13of22.patch diff --git a/gdb-autoload-14of16.patch b/gdb-autoload-14of22.patch similarity index 100% rename from gdb-autoload-14of16.patch rename to gdb-autoload-14of22.patch diff --git a/gdb-autoload-15of16.patch b/gdb-autoload-15of22.patch similarity index 100% rename from gdb-autoload-15of16.patch rename to gdb-autoload-15of22.patch diff --git a/gdb-autoload-16of16.patch b/gdb-autoload-16of22.patch similarity index 100% rename from gdb-autoload-16of16.patch rename to gdb-autoload-16of22.patch diff --git a/gdb-autoload-17of22.patch b/gdb-autoload-17of22.patch new file mode 100644 index 0000000..26ea153 --- /dev/null +++ b/gdb-autoload-17of22.patch @@ -0,0 +1,23 @@ +http://sourceware.org/ml/gdb-cvs/2012-04/msg00130.html + +### src/gdb/doc/ChangeLog 2012/04/17 15:56:21 1.1297 +### src/gdb/doc/ChangeLog 2012/04/18 07:03:57 1.1298 +## -1,3 +1,7 @@ ++2012-04-18 Jan Kratochvil ++ ++ * gdb.texinfo (Auto-loading verbose mode): Fix smallexample typo. ++ + 2012-04-17 Jan Kratochvil + + New option "set debug auto-load". +--- src/gdb/doc/gdb.texinfo 2012/04/17 15:56:21 1.944 ++++ src/gdb/doc/gdb.texinfo 2012/04/18 07:03:58 1.945 +@@ -21192,7 +21192,7 @@ + may not be too obvious while setting it up. + + @smallexample +-(gdb) set debug auto-load ues ++(gdb) set debug auto-load on + (gdb) file ~/src/t/true + auto-load: Loading canned sequences of commands script "/tmp/true-gdb.gdb" + for objfile "/tmp/true". diff --git a/gdb-autoload-18of22.patch b/gdb-autoload-18of22.patch new file mode 100644 index 0000000..2acfd0e --- /dev/null +++ b/gdb-autoload-18of22.patch @@ -0,0 +1,51 @@ +http://sourceware.org/ml/gdb-cvs/2012-04/msg00178.html + +### src/gdb/doc/ChangeLog 2012/04/18 07:03:57 1.1298 +### src/gdb/doc/ChangeLog 2012/04/22 15:49:21 1.1299 +## -1,3 +1,8 @@ ++2012-04-22 Jan Kratochvil ++ ++ * gdb.texinfo (Auto-loading safe path): Replace @itemize @bullet ++ by @table @asis. Fix formatting of one item. ++ + 2012-04-18 Jan Kratochvil + + * gdb.texinfo (Auto-loading verbose mode): Fix smallexample typo. +--- src/gdb/doc/gdb.texinfo 2012/04/18 07:03:58 1.945 ++++ src/gdb/doc/gdb.texinfo 2012/04/22 15:49:21 1.946 +@@ -21136,8 +21136,8 @@ + To force @value{GDBN} to load the files it declined to load in the previous + example, you could use one of the following ways: + +-@itemize @bullet +-@item ~/.gdbinit: add-auto-load-safe-path ~/src/gdb ++@table @asis ++@item @file{~/.gdbinit}: @samp{add-auto-load-safe-path ~/src/gdb} + Specify this trusted directory (or a file) as additional component of the list. + You have to specify also any existing directories displayed by + by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example). +@@ -21155,20 +21155,20 @@ + During compilation of @value{GDBN} you may disable any auto-loading safety. + This assumes all the files you will ever debug with this @value{GDBN} come from + trusted sources. +-@end itemize ++@end table + + On the other hand you can also explicitly forbid automatic files loading which + also suppresses any such warning messages: + +-@itemize @bullet ++@table @asis + @item @kbd{gdb -iex "set auto-load no" [@dots{}]} + You can use @value{GDBN} command-line option for a single @value{GDBN} session. + +-@item @samp{~/.gdbinit}: @samp{set auto-load no} ++@item @file{~/.gdbinit}: @samp{set auto-load no} + Disable auto-loading globally for the user + (@pxref{Home Directory Init File}). While it is improbable, you could also + use system init file instead (@pxref{System-wide configuration}). +-@end itemize ++@end table + + This setting applies to the file names as entered by user. If no entry matches + @value{GDBN} tries as a last resort to also resolve all the file names into diff --git a/gdb-autoload-19of22.patch b/gdb-autoload-19of22.patch new file mode 100644 index 0000000..de56846 --- /dev/null +++ b/gdb-autoload-19of22.patch @@ -0,0 +1,38 @@ +http://sourceware.org/ml/gdb-cvs/2012-04/msg00183.html + +### src/gdb/doc/ChangeLog 2012/04/22 15:49:21 1.1299 +### src/gdb/doc/ChangeLog 2012/04/23 17:20:56 1.1300 +## -1,3 +1,8 @@ ++2012-04-23 Jan Kratochvil ++ ++ * gdb.texinfo (Auto-loading safe path): Remove trailing [@dots{}]. ++ Three times. ++ + 2012-04-22 Jan Kratochvil + + * gdb.texinfo (Auto-loading safe path): Replace @itemize @bullet +--- src/gdb/doc/gdb.texinfo 2012/04/22 15:49:21 1.946 ++++ src/gdb/doc/gdb.texinfo 2012/04/23 17:20:56 1.947 +@@ -21142,11 +21142,11 @@ + You have to specify also any existing directories displayed by + by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example). + +-@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" [@dots{}]} ++@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb"} + Specify this directory as in the previous case but just for a single + @value{GDBN} session. + +-@item @kbd{gdb -iex "set auto-load safe-path" [@dots{}]} ++@item @kbd{gdb -iex "set auto-load safe-path"} + Disable auto-loading safety for a single @value{GDBN} session. + This assumes all the files you debug during this @value{GDBN} session will come + from trusted sources. +@@ -21161,7 +21161,7 @@ + also suppresses any such warning messages: + + @table @asis +-@item @kbd{gdb -iex "set auto-load no" [@dots{}]} ++@item @kbd{gdb -iex "set auto-load no"} + You can use @value{GDBN} command-line option for a single @value{GDBN} session. + + @item @file{~/.gdbinit}: @samp{set auto-load no} diff --git a/gdb-autoload-20of22.patch b/gdb-autoload-20of22.patch new file mode 100644 index 0000000..afa88e6 --- /dev/null +++ b/gdb-autoload-20of22.patch @@ -0,0 +1,39 @@ +http://sourceware.org/ml/gdb-cvs/2012-04/msg00184.html + +### src/gdb/doc/ChangeLog 2012/04/23 17:20:56 1.1300 +### src/gdb/doc/ChangeLog 2012/04/23 17:26:00 1.1301 +## -3,6 +3,9 @@ + * gdb.texinfo (Auto-loading safe path): Remove trailing [@dots{}]. + Three times. + ++ * gdb.texinfo (Auto-loading safe path): Add trailing @dots{}. ++ Three times. ++ + 2012-04-22 Jan Kratochvil + + * gdb.texinfo (Auto-loading safe path): Replace @itemize @bullet +--- src/gdb/doc/gdb.texinfo 2012/04/23 17:20:56 1.947 ++++ src/gdb/doc/gdb.texinfo 2012/04/23 17:26:01 1.948 +@@ -21142,11 +21142,11 @@ + You have to specify also any existing directories displayed by + by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example). + +-@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb"} ++@item @kbd{gdb -iex "set auto-load safe-path /usr:/bin:~/src/gdb" @dots{}} + Specify this directory as in the previous case but just for a single + @value{GDBN} session. + +-@item @kbd{gdb -iex "set auto-load safe-path"} ++@item @kbd{gdb -iex "set auto-load safe-path" @dots{}} + Disable auto-loading safety for a single @value{GDBN} session. + This assumes all the files you debug during this @value{GDBN} session will come + from trusted sources. +@@ -21161,7 +21161,7 @@ + also suppresses any such warning messages: + + @table @asis +-@item @kbd{gdb -iex "set auto-load no"} ++@item @kbd{gdb -iex "set auto-load no" @dots{}} + You can use @value{GDBN} command-line option for a single @value{GDBN} session. + + @item @file{~/.gdbinit}: @samp{set auto-load no} diff --git a/gdb-autoload-21of22.patch b/gdb-autoload-21of22.patch new file mode 100644 index 0000000..654aaf9 --- /dev/null +++ b/gdb-autoload-21of22.patch @@ -0,0 +1,158 @@ +http://sourceware.org/ml/gdb-patches/2012-04/msg00756.html +Subject: Re: [patch] auto-load safe-path reset back by set "" + - Patched out "(without the quotes)". + +On Sun, 22 Apr 2012 22:16:32 +0200, Eli Zaretskii wrote: +> > +@item set auto-load safe-path [@var{directories}] +> +> You need @r{} around [ and ]. +> +> > +Setting this variable to @code{"/"} (without the quotes) disables this security +> ^^^^^^^^^^ +> Why not @file{/}? The quotes are not needed in any case. + +done. + + +In fact this patch is unrelated to the Doug's suggestion, reposting it only +with the doc update. + + +Thanks, +Jan + + +gdb/ +2012-04-23 Jan Kratochvil + + * auto-load.c (set_auto_load_safe_path): Reset AUTO_LOAD_SAFE_PATH + back to DEFAULT_AUTO_LOAD_SAFE_PATH if it is being set to "". + (show_auto_load_safe_path): Check any-directory by comparison with "/". + (add_auto_load_safe_path): Change the error message. + (_initialize_auto_load): Change the "safe-path" help text. + * configure: Regenerate + * configure.ac (--without-auto-load-safe-path): Set + WITH_AUTO_LOAD_SAFE_PATH to /. + +gdb/doc/ +2012-04-23 Jan Kratochvil + + * gdb.texinfo (Auto-loading safe path): Make 'directories' + for 'set auto-load safe-path' optional. Mention if it is omitted. + Change disabling security protection condition to "/", twice. + +diff --git a/gdb/auto-load.c b/gdb/auto-load.c +index 9d19179..6c1309f 100644 +--- a/gdb/auto-load.c ++++ b/gdb/auto-load.c +@@ -181,6 +181,12 @@ auto_load_safe_path_vec_update (void) + static void + set_auto_load_safe_path (char *args, int from_tty, struct cmd_list_element *c) + { ++ if (auto_load_safe_path[0] == '\0') ++ { ++ xfree (auto_load_safe_path); ++ auto_load_safe_path = xstrdup (DEFAULT_AUTO_LOAD_SAFE_PATH); ++ } ++ + auto_load_safe_path_vec_update (); + } + +@@ -190,7 +196,7 @@ static void + show_auto_load_safe_path (struct ui_file *file, int from_tty, + struct cmd_list_element *c, const char *value) + { +- if (*value == 0) ++ if (strcmp (value, "/") == 0) + fprintf_filtered (file, _("Auto-load files are safe to load from any " + "directory.\n")); + else +@@ -209,8 +215,9 @@ add_auto_load_safe_path (char *args, int from_tty) + + if (args == NULL || *args == 0) + error (_("\ +-Adding empty directory element disables the auto-load safe-path security. \ +-Use 'set auto-load safe-path' instead if you mean that.")); ++Directory argument required.\n\ ++Use 'set auto-load safe-path /' for disabling the auto-load safe-path security.\ ++")); + + s = xstrprintf ("%s%c%s", auto_load_safe_path, DIRNAME_SEPARATOR, args); + xfree (auto_load_safe_path); +@@ -1023,8 +1030,10 @@ Set the list of directories from which it is safe to auto-load files."), _("\ + Show the list of directories from which it is safe to auto-load files."), _("\ + Various files loaded automatically for the 'set auto-load ...' options must\n\ + be located in one of the directories listed by this option. Warning will be\n\ +-printed and file will not be used otherwise. Use empty string (or even\n\ +-empty directory entry) to allow any file for the 'set auto-load ...' options.\n\ ++printed and file will not be used otherwise.\n\ ++Setting this parameter to an empty list resets it to its default value.\n\ ++Setting this parameter to '/' (without the quotes) allows any file\n\ ++for the 'set auto-load ...' options.\n\ + This option is ignored for the kinds of files having 'set auto-load ... off'.\n\ + This options has security implications for untrusted inferiors."), + set_auto_load_safe_path, +diff --git a/gdb/configure b/gdb/configure +index 54c2399..42d2fbd 100755 +--- a/gdb/configure ++++ b/gdb/configure +@@ -4949,7 +4949,7 @@ $as_echo_n "checking for default auto-load safe-path... " >&6; } + # Check whether --with-auto-load-safe-path was given. + if test "${with_auto_load_safe_path+set}" = set; then : + withval=$with_auto_load_safe_path; if test "$with_auto_load_safe_path" = "no"; then +- with_auto_load_safe_path="" ++ with_auto_load_safe_path="/" + fi + else + with_auto_load_safe_path="$prefix" +diff --git a/gdb/configure.ac b/gdb/configure.ac +index a40c2e5..9bde18f 100644 +--- a/gdb/configure.ac ++++ b/gdb/configure.ac +@@ -140,7 +140,7 @@ AC_ARG_WITH(auto-load-safe-path, + AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files]) + AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]), + [if test "$with_auto_load_safe_path" = "no"; then +- with_auto_load_safe_path="" ++ with_auto_load_safe_path="/" + fi], + [with_auto_load_safe_path="$prefix"]) + AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path, +diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo +index a2a4eb3..46dde27 100644 +--- a/gdb/doc/gdb.texinfo ++++ b/gdb/doc/gdb.texinfo +@@ -21105,9 +21105,12 @@ The list of trusted directories is controlled by the following commands: + @table @code + @anchor{set auto-load safe-path} + @kindex set auto-load safe-path +-@item set auto-load safe-path @var{directories} ++@item set auto-load safe-path @r{[}@var{directories}@r{]} + Set the list of directories (and their subdirectories) trusted for automatic + loading and execution of scripts. You can also enter a specific trusted file. ++If you omit @var{directories}, @samp{auto-load safe-path} will be reset to ++its default value as specified during @value{GDBN} compilation. ++ + The list of directories uses directory separator (@samp{:} on GNU and Unix + systems, @samp{;} on MS-Windows and MS-DOS) to separate directories, similarly + to the @env{PATH} environment variable. +@@ -21126,7 +21129,8 @@ loading and execution of scripts. Multiple entries may be delimited by the + host platform directory separator in use. + @end table + +-Setting this variable to an empty string disables this security protection. ++Setting this variable to @file{/} disables this security ++protection. + This variable is supposed to be set to the system directories writable by the + system superuser only. Users can add their source directories in init files in + their home directories (@pxref{Home Directory Init File}). See also deprecated +@@ -21146,7 +21150,7 @@ by @samp{show auto-load safe-path} (such as @samp{/usr:/bin} in this example). + Specify this directory as in the previous case but just for a single + @value{GDBN} session. + +-@item @kbd{gdb -iex "set auto-load safe-path" @dots{}} ++@item @kbd{gdb -iex "set auto-load safe-path /" @dots{}} + Disable auto-loading safety for a single @value{GDBN} session. + This assumes all the files you debug during this @value{GDBN} session will come + from trusted sources. + diff --git a/gdb-autoload-22of22.patch b/gdb-autoload-22of22.patch new file mode 100644 index 0000000..bc09fb8 --- /dev/null +++ b/gdb-autoload-22of22.patch @@ -0,0 +1,231 @@ +http://sourceware.org/ml/gdb-patches/2012-04/msg00758.html +Subject: [patch] auto-load safe-path default=$ddir/auto-load [Re: [patch] auto-load safe-path reset back by set ""] + +On Sun, 22 Apr 2012 23:26:16 +0200, Doug Evans wrote: +> A thought occurred to me regarding the default value of auto-load-path +> = ${prefix}. + +This is unrelated to this patch but thanks for the suggestion. + + +> So I was wondering if we really want security to be on by default, +> should the default value be gdb's data-directory (e.g., +> $prefix/share/gdb) + $exec_prefix/lib{,32,64} + ??? + +Made it therefore $ddir/auto-load, on an ideal system/distro we can change all +the auto-loaded GDB files to be located under $ddir/auto-load. I have filed +for the only remaining violation (/usr/bin/mono-gdb.py) known to me: + https://bugzilla.redhat.com/show_bug.cgi?id=815501 + (Sure I will ask about upstreaming of the change.) + + +> Plus, it seems like at least data-directory should be relocatable. +> Implementing this might be cumbersome unless data-directory was +> represented as something like "$ddir". + +Done. Unfortunately this still does not fix the "./gdb" run for a newly built +GDB. Newly built GDB probably could use "-data-directory $PWD/data-directory" +(if GDB's program dir contains "data-directory" sort of relocation). +We could then change current + gdb-gdb.gdb.in -> gdb-gdb.gdb +to + gdb-gdb.gdb.in -> data-directory/auto-load/$PWD/gdb-gdb.gdb +and even install the file (with proper installation directories) as: + /usr/share/gdb/usr/bin/gdb-gdb.gdb + (additionally ensuring for example in Fedora - in its .spec file + @srcdir@ gets substituted right for Fedora *-debuginfo.rpm) + +Would it make everyone happy? + + +Thanks, +Jan + + +gdb/ +2012-04-23 Jan Kratochvil + + Change auto-load safe-path default to $ddir/auto-load. + * auto-load.c (auto_load_safe_path_vec_update): Call + substitute_path_component for $ddir. + * configure: Regenerate. + * configure.ac (--with-auto-load-safe-path): Suggest $ddir syntax. + Change the default to \\\$ddir/auto-load. + * defs.h (substitute_path_component): New declaration. + * utils.c (substitute_path_component): New function. + +gdb/doc/ +2012-04-23 Jan Kratochvil + + Change auto-load safe-path default to $ddir/auto-load. + * gdb.texinfo (Auto-loading): Change shown safe-path default to + $ddir/auto-load. + (Auto-loading safe path): Change the sample warning to $ddir/auto-load. + Twice. Mention the $ddir substitution. + +Index: gdb-7.3.50.20110722/gdb/auto-load.c +=================================================================== +--- gdb-7.3.50.20110722.orig/gdb/auto-load.c 2012-04-24 20:37:48.000000000 +0200 ++++ gdb-7.3.50.20110722/gdb/auto-load.c 2012-04-24 20:37:53.902703805 +0200 +@@ -141,8 +141,12 @@ auto_load_safe_path_vec_update (void) + for (ix = 0; ix < len; ix++) + { + char *dir = VEC_index (char_ptr, auto_load_safe_path_vec, ix); +- char *expanded = tilde_expand (dir); +- char *real_path = gdb_realpath (expanded); ++ char *expanded, *real_path; ++ ++ expanded = tilde_expand (dir); ++ substitute_path_component (&expanded, "$ddir", gdb_datadir); ++ ++ real_path = gdb_realpath (expanded); + + /* Ensure the current entry is at least tilde_expand-ed. */ + VEC_replace (char_ptr, auto_load_safe_path_vec, ix, expanded); +Index: gdb-7.3.50.20110722/gdb/configure +=================================================================== +--- gdb-7.3.50.20110722.orig/gdb/configure 2012-04-24 20:37:48.000000000 +0200 ++++ gdb-7.3.50.20110722/gdb/configure 2012-04-24 20:37:53.904703800 +0200 +@@ -1664,7 +1664,8 @@ Optional Packages: + --with-rpm query rpm database for missing debuginfos (yes/no, + def. auto=librpm.so) + --with-auto-load-safe-path=PATH +- directories safe to hold auto-loaded files ++ directories safe to hold auto-loaded files, use ++ '\\\$ddir' for -data-directory + --without-auto-load-safe-path + do not restrict auto-loaded files locations + --with-libunwind use libunwind frame unwinding support +@@ -8392,7 +8393,7 @@ if test "${with_auto_load_safe_path+set} + with_auto_load_safe_path="/" + fi + else +- with_auto_load_safe_path="$prefix" ++ with_auto_load_safe_path='\\\$ddir/auto-load' + fi + + +Index: gdb-7.3.50.20110722/gdb/configure.ac +=================================================================== +--- gdb-7.3.50.20110722.orig/gdb/configure.ac 2012-04-24 20:37:48.000000000 +0200 ++++ gdb-7.3.50.20110722/gdb/configure.ac 2012-04-24 20:37:53.904703800 +0200 +@@ -303,12 +303,13 @@ fi + + AC_MSG_CHECKING([for default auto-load safe-path]) + AC_ARG_WITH(auto-load-safe-path, +-AS_HELP_STRING([--with-auto-load-safe-path=PATH], [directories safe to hold auto-loaded files]) ++AS_HELP_STRING([--with-auto-load-safe-path=PATH], ++ [directories safe to hold auto-loaded files, use '\\\$ddir' for -data-directory]) + AS_HELP_STRING([--without-auto-load-safe-path], [do not restrict auto-loaded files locations]), + [if test "$with_auto_load_safe_path" = "no"; then + with_auto_load_safe_path="/" + fi], +-[with_auto_load_safe_path="$prefix"]) ++[with_auto_load_safe_path='\\\$ddir/auto-load']) + AC_DEFINE_DIR(DEFAULT_AUTO_LOAD_SAFE_PATH, with_auto_load_safe_path, + [Directories safe to hold auto-loaded files.]) + AC_MSG_RESULT([$with_auto_load_safe_path]) +Index: gdb-7.3.50.20110722/gdb/defs.h +=================================================================== +--- gdb-7.3.50.20110722.orig/gdb/defs.h 2012-04-24 20:37:47.000000000 +0200 ++++ gdb-7.3.50.20110722/gdb/defs.h 2012-04-24 20:38:42.944581730 +0200 +@@ -432,6 +432,9 @@ extern const char *gdb_bfd_errmsg (bfd_e + + extern int parse_pid_to_attach (char *args); + ++extern void substitute_path_component (char **stringp, const char *from, ++ const char *to); ++ + /* From demangle.c */ + + extern void set_demangling_style (char *); +Index: gdb-7.3.50.20110722/gdb/doc/gdb.texinfo +=================================================================== +--- gdb-7.3.50.20110722.orig/gdb/doc/gdb.texinfo 2012-04-24 20:37:48.000000000 +0200 ++++ gdb-7.3.50.20110722/gdb/doc/gdb.texinfo 2012-04-24 20:37:53.909703788 +0200 +@@ -20113,7 +20113,7 @@ libthread-db: Auto-loading of inferior + local-gdbinit: Auto-loading of .gdbinit script from current directory is on. + python-scripts: Auto-loading of Python scripts is on. + safe-path: List of directories from which it is safe to auto-load files +- is /usr/local. ++ is $ddir/auto-load. + @end smallexample + + @anchor{info auto-load} +@@ -20315,9 +20315,9 @@ get loaded: + $ ./gdb -q ./gdb + Reading symbols from /home/user/gdb/gdb...done. + warning: File "/home/user/gdb/gdb-gdb.gdb" auto-loading has been +- declined by your `auto-load safe-path' set to "/usr/local". ++ declined by your `auto-load safe-path' set to "$ddir/auto-load". + warning: File "/home/user/gdb/gdb-gdb.py" auto-loading has been +- declined by your `auto-load safe-path' set to "/usr/local". ++ declined by your `auto-load safe-path' set to "$ddir/auto-load". + @end smallexample + + The list of trusted directories is controlled by the following commands: +@@ -20349,6 +20349,11 @@ loading and execution of scripts. Multi + host platform directory separator in use. + @end table + ++Any used string @file{$ddir} will get replaced by @var{data-directory} which is ++determined at @value{GDBN} startup (@pxref{Data Files}). @file{$ddir} must be ++be placed as a directory component - either alone or delimited by @file{/} or ++@file{\} directory separators, depending on the host platform. ++ + Setting this variable to @file{/} disables this security + protection. + This variable is supposed to be set to the system directories writable by the +Index: gdb-7.3.50.20110722/gdb/utils.c +=================================================================== +--- gdb-7.3.50.20110722.orig/gdb/utils.c 2012-04-24 20:37:48.000000000 +0200 ++++ gdb-7.3.50.20110722/gdb/utils.c 2012-04-24 20:39:12.745507543 +0200 +@@ -3797,6 +3797,48 @@ dirnames_to_char_ptr_vec (const char *di + return retval; + } + ++/* Substitute all occurences of string FROM by string TO in *STRINGP. *STRINGP ++ must come from xrealloc-compatible allocator and it may be updated. FROM ++ needs to be delimited by IS_DIR_SEPARATOR (or be located at the start or ++ end of *STRINGP. */ ++ ++void ++substitute_path_component (char **stringp, const char *from, const char *to) ++{ ++ char *string = *stringp, *s; ++ const size_t from_len = strlen (from); ++ const size_t to_len = strlen (to); ++ ++ for (s = string;;) ++ { ++ s = strstr (s, from); ++ if (s == NULL) ++ break; ++ ++ if ((s == string || IS_DIR_SEPARATOR (s[-1])) ++ && (s[from_len] == '\0' || IS_DIR_SEPARATOR (s[from_len]))) ++ { ++ char *string_new; ++ ++ string_new = xrealloc (string, (strlen (string) + to_len + 1)); ++ ++ /* Relocate the current S pointer. */ ++ s = s - string + string_new; ++ string = string_new; ++ ++ /* Replace from by to. */ ++ memmove (&s[to_len], &s[from_len], strlen (&s[from_len]) + 1); ++ memcpy (s, to, to_len); ++ ++ s += to_len; ++ } ++ else ++ s++; ++ } ++ ++ *stringp = string; ++} ++ + /* Provide a prototype to silence -Wmissing-prototypes. */ + extern initialize_file_ftype _initialize_utils; + diff --git a/gdb.spec b/gdb.spec index fe4c0d9..3ee7223 100644 --- a/gdb.spec +++ b/gdb.spec @@ -27,7 +27,7 @@ Version: 7.3.50.20110722 # The release always contains a leading reserved number, start it at 1. # `upstream' is not a part of `name' to stay fully rpm dependencies compatible for the testing. -Release: 15%{?_with_upstream:.upstream}%{?dist} +Release: 16%{?_with_upstream:.upstream}%{?dist} License: GPLv3+ and GPLv3+ with exceptions and GPLv2+ and GPLv2+ with exceptions and GPL+ and LGPLv2+ and BSD and Public Domain Group: Development/Debuggers @@ -563,22 +563,28 @@ Patch661: gdb-stale-frame_info.patch # Security fix for loading untrusted inferiors, see "set auto-load" (BZ 756117). #=push -Patch662: gdb-autoload-01of16.patch -Patch663: gdb-autoload-02of16.patch -Patch664: gdb-autoload-03of16.patch -Patch665: gdb-autoload-04of16.patch -Patch666: gdb-autoload-05of16.patch -Patch667: gdb-autoload-06of16.patch -Patch668: gdb-autoload-07of16.patch -Patch669: gdb-autoload-08of16.patch -Patch670: gdb-autoload-09of16.patch -Patch671: gdb-autoload-10of16.patch -Patch672: gdb-autoload-11of16.patch -Patch673: gdb-autoload-12of16.patch -Patch674: gdb-autoload-13of16.patch -Patch675: gdb-autoload-14of16.patch -Patch676: gdb-autoload-15of16.patch -Patch677: gdb-autoload-16of16.patch +Patch662: gdb-autoload-01of22.patch +Patch663: gdb-autoload-02of22.patch +Patch664: gdb-autoload-03of22.patch +Patch665: gdb-autoload-04of22.patch +Patch666: gdb-autoload-05of22.patch +Patch667: gdb-autoload-06of22.patch +Patch668: gdb-autoload-07of22.patch +Patch669: gdb-autoload-08of22.patch +Patch670: gdb-autoload-09of22.patch +Patch671: gdb-autoload-10of22.patch +Patch672: gdb-autoload-11of22.patch +Patch673: gdb-autoload-12of22.patch +Patch674: gdb-autoload-13of22.patch +Patch675: gdb-autoload-14of22.patch +Patch676: gdb-autoload-15of22.patch +Patch677: gdb-autoload-16of22.patch +Patch678: gdb-autoload-17of22.patch +Patch679: gdb-autoload-18of22.patch +Patch680: gdb-autoload-19of22.patch +Patch681: gdb-autoload-20of22.patch +Patch682: gdb-autoload-21of22.patch +Patch683: gdb-autoload-22of22.patch BuildRequires: ncurses-devel%{?_isa} texinfo gettext flex bison expat-devel%{?_isa} # --without-system-readline @@ -853,6 +859,7 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc-exp.c gdb/p-exp.c %patch631 -p1 %patch632 -p1 %patch634 -p1 +%patch647 -p1 %patch661 -p1 %patch662 -p1 %patch663 -p1 @@ -870,6 +877,12 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc-exp.c gdb/p-exp.c %patch675 -p1 %patch676 -p1 %patch677 -p1 +%patch678 -p1 +%patch679 -p1 +%patch680 -p1 +%patch681 -p1 +%patch682 -p1 +%patch683 -p1 %patch393 -p1 %patch335 -p1 @@ -880,7 +893,6 @@ rm -f gdb/jv-exp.c gdb/m2-exp.c gdb/objc-exp.c gdb/p-exp.c %if 0%{?rhel:1} && 0%{?rhel} <= 6 %patch487 -p1 %endif # 0%{?rhel:1} && 0%{?rhel} <= 6 -%patch647 -p1 find -name "*.orig" | xargs rm -f ! find -name "*.rej" # Should not happen. @@ -984,7 +996,8 @@ $(: RHEL-5 librpm has incompatible API. ) \ %if 0%{?_with_debug:1} --enable-static --disable-shared --enable-debug \ %endif - --with-auto-load-safe-path=%{_root_prefix}:/bin:/sbin:/lib:/lib64 \ +$(: %{_bindir}/mono-gdb.py is workaround for mono BZ 815501. ) \ + --with-auto-load-safe-path=%{_datadir}/gdb/auto-load:/usr/lib/debug:%{_bindir}/mono-gdb.py \ %ifarch sparc sparcv9 sparc-%{_vendor}-%{_target_os}%{?_gnu} %else @@ -1295,6 +1308,9 @@ fi %{_infodir}/gdb.info* %changelog +* Tue Apr 24 2012 Jan Kratochvil - 7.3.50.20110722-16.fc16 +- Update "set auto-load" patchset and the --with-auto-load-safe-path setting. + * Thu Apr 19 2012 Jan Kratochvil - 7.3.50.20110722-15.fc16 - Security fix for loading untrusted inferiors, see "set auto-load" (BZ 756117).