[vlc-commits] contrib: bluray: Add an explicit path to find shared libraries
David Fuhrmann
git at videolan.org
Mon Jan 7 21:09:12 CET 2019
vlc/vlc-3.0 | branch: master | David Fuhrmann <dfuhrmann at videolan.org> | Mon Jan 7 19:43:17 2019 +0100| [85a99a15c3f8672616aa9304ac2a16b86ca0d69d] | committer: David Fuhrmann
contrib: bluray: Add an explicit path to find shared libraries
This is needed because runtime hardening does not automatically look
for libraries outside of the own application bundle anymore.
(cherry picked from commit 2ed07256dbbf21bf33cd5f9a58478178a4f0987d)
Signed-off-by: David Fuhrmann <dfuhrmann at videolan.org>
> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=85a99a15c3f8672616aa9304ac2a16b86ca0d69d
---
...ibrary-paths-Explicitly-add-usr-local-lib.patch | 34 ++++++++++++++++++++++
contrib/src/bluray/rules.mak | 1 +
2 files changed, 35 insertions(+)
diff --git a/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch b/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch
new file mode 100644
index 0000000000..a3323d4ed6
--- /dev/null
+++ b/contrib/src/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch
@@ -0,0 +1,34 @@
+From bbf867237c7fa326b5467afaad08f18a56a79935 Mon Sep 17 00:00:00 2001
+From: David Fuhrmann <dfuhrmann at videolan.org>
+Date: Mon, 7 Jan 2019 19:30:56 +0100
+Subject: [PATCH] library paths: Explicitly add /usr/local/lib
+
+Hardened runtime prevents the program to load any libraries outside
+of the application bundle by default. Specifically, it also ignores
+DYLD_FALLBACK_PATH which would contain /usr/local/lib.
+To allow usage of a library outside of the application bundle, add
+/usr/local/lib explicitly.
+---
+ src/file/dl_posix.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/file/dl_posix.c b/src/file/dl_posix.c
+index b97f12fe..49813856 100644
+--- a/src/file/dl_posix.c
++++ b/src/file/dl_posix.c
+@@ -69,10 +69,11 @@ void *dl_dlopen(const char *path, const char *version)
+ @loader_path - location of current library/binary (ex. libbluray.dylib)
+ @executable_path - location of running binary (ex. /Applications/Some.app/Contents/MacOS)
+ @rpath - search rpaths of running binary (man install_name_path)
++ /usr/local/lib/ - explicitly added path, as runtime hardened programs ignore DYLD_FALLBACK_PATH now
+ */
+ static const char *search_paths[] = {"", "@loader_path/lib/", "@loader_path/", "@executable_path/",
+ "@executable_path/lib/", "@executable_path/../lib/",
+- "@executable_path/../Resources/", "@rpath/", NULL};
++ "@executable_path/../Resources/", "@rpath/", "/usr/local/lib/", NULL};
+ version = NULL;
+ #else
+ static const char ext[] = ".so";
+--
+2.17.2 (Apple Git-113)
+
diff --git a/contrib/src/bluray/rules.mak b/contrib/src/bluray/rules.mak
index 67937b2038..4211c38b70 100644
--- a/contrib/src/bluray/rules.mak
+++ b/contrib/src/bluray/rules.mak
@@ -51,6 +51,7 @@ bluray: libbluray-$(BLURAY_VERSION).tar.bz2 .sum-bluray
$(APPLY) $(SRC)/bluray/0001-Implement-dl_get_path-for-darwin-macOS.patch
$(APPLY) $(SRC)/bluray/0001-keep-on-with-menuless-user-selected-streams-between-.patch
$(APPLY) $(SRC)/bluray/0001-install-bdjo_data-header.patch
+ $(APPLY) $(SRC)/bluray/0001-library-paths-Explicitly-add-usr-local-lib.patch
$(call pkg_static,"src/libbluray.pc.in")
$(MOVE)
More information about the vlc-commits
mailing list