[vlc-commits] contrib: bluray: Add an explicit path to find shared libraries
David Fuhrmann
git at videolan.org
Mon Jan 7 19:48:40 CET 2019
vlc | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Mon Jan 7 19:43:17 2019 +0100| [2ed07256dbbf21bf33cd5f9a58478178a4f0987d] | committer: David Fuhrmann
contrib: bluray: Add an explicit path to find shared libraries
This is needed because runtime hardening does not automatically look
for libraries outside of the own application bundle anymore.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=2ed07256dbbf21bf33cd5f9a58478178a4f0987d
---
...ibrary-paths-Explicitly-add-usr-local-lib.patch | 34 ++++++++++++++++++++++
contrib/src/bluray/rules.mak | 1 +
2 files changed, 35 insertions(+)
diff --git a/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch b/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch
new file mode 100644
index 0000000000..a3323d4ed6
--- /dev/null
+++ b/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch
@@ -0,0 +1,34 @@
+From bbf867237c7fa326b5467afaad08f18a56a79935 Mon Sep 17 00:00:00 2001
+From: David Fuhrmann <dfuhrmann at videolan.org>
+Date: Mon, 7 Jan 2019 19:30:56 +0100
+Subject: [PATCH] library paths: Explicitly add /usr/local/lib
+
+Hardened runtime prevents the program to load any libraries outside
+of the application bundle by default. Specifically, it also ignores
+DYLD_FALLBACK_PATH which would contain /usr/local/lib.
+To allow usage of a library outside of the application bundle, add
+/usr/local/lib explicitly.
+---
+ src/file/dl_posix.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/file/dl_posix.c b/src/file/dl_posix.c
+index b97f12fe..49813856 100644
+--- a/src/file/dl_posix.c
++++ b/src/file/dl_posix.c
+@@ -69,10 +69,11 @@ void *dl_dlopen(const char *path, const char *version)
+ @loader_path - location of current library/binary (ex. libbluray.dylib)
+ @executable_path - location of running binary (ex. /Applications/Some.app/Contents/MacOS)
+ @rpath - search rpaths of running binary (man install_name_path)
++ /usr/local/lib/ - explicitly added path, as runtime hardened programs ignore DYLD_FALLBACK_PATH now
+ */
+ static const char *search_paths[] = {"", "@loader_path/lib/", "@loader_path/", "@executable_path/",
+ "@executable_path/lib/", "@executable_path/../lib/",
+- "@executable_path/../Resources/", "@rpath/", NULL};
++ "@executable_path/../Resources/", "@rpath/", "/usr/local/lib/", NULL};
+ version = NULL;
+ #else
+ static const char ext[] = ".so";
+--
+2.17.2 (Apple Git-113)
+
diff --git a/contrib/src/bluray/rules.mak b/contrib/src/bluray/rules.mak
index 67937b2038..4211c38b70 100644
--- a/contrib/src/bluray/rules.mak
+++ b/contrib/src/bluray/rules.mak
@@ -51,6 +51,7 @@ bluray: libbluray-$(BLURAY_VERSION).tar.bz2 .sum-bluray
$(APPLY) $(SRC)/bluray/0001-Implement-dl_get_path-for-darwin-macOS.patch
$(APPLY) $(SRC)/bluray/0001-keep-on-with-menuless-user-selected-streams-between-.patch
$(APPLY) $(SRC)/bluray/0001-install-bdjo_data-header.patch
+ $(APPLY) $(SRC)/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch
$(call pkg_static,"src/libbluray.pc.in")
$(MOVE)
More information about the vlc-commits
mailing list