From patchwork Fri Aug 2 20:37:16 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Burton X-Patchwork-Id: 170459 Delivered-To: patch@linaro.org Received: by 2002:a92:512:0:0:0:0:0 with SMTP id q18csp1272336ile; Fri, 2 Aug 2019 13:51:45 -0700 (PDT) X-Google-Smtp-Source: APXvYqxXP7/BJIfd65x7trNO2specq98PIaebl1fUEBgJf8rtm3X7nI8w2Df263FEePMefcdGMbu X-Received: by 2002:a17:90a:2768:: with SMTP id o95mr6067910pje.37.1564779104971; Fri, 02 Aug 2019 13:51:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564779104; cv=none; d=google.com; s=arc-20160816; b=ncrVmpg2lqKP6HJoHPjfxv7f3t2HVsppVyybE/PeoMCDqmsUPtDqgKdjWGzdZwZ1XI xY1JgBidR/ZODKDJ+1gdv+EamA2VTfAUFmHcjwnTaPBMTic/qRLxMOCVY8Q2GtIYfsto fGGeFRbsv6EnqiQTOAiTvsmrxSrvbPN1DFVxekx1A08GvxdbXXmQXs7WETNj1oakpcZD ZLzfOw8218rA9fS2qHpvdp6OthnRJ22y+10cXw4O4ohtzR1yj+MQgyO1mmD1RQriAYTm RA+0l4HsJi/zjzTz9pbCdNTMfbZFKoNxl3x1avSW0kGshaCNhkm0cUXPc6gy6jAhHJxo npfg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=edykZFykbPvzodZd8ibUWfObkHgTN1DfvoZC0sixo7I=; b=xsd4ZReHWW0705xoUIM3TCtIYypx+uBjJ7ukjt6o8f98VulNw9Pi3Eev5hPlp1AV03 4SdjGgda8We9CMGHRlG/s1lATqS1QN1Y6JVTIg+SkatLrCpNeqObguQM7uqhWk6eTRyX pugVZC9iwV9DFkGZ1RxhevT4LlfxEzmMEhWE5muW3ZeGAJJKNjU2EkwNgVJkOZDF/O0W 2bc26JVuPpO/aMpM9Vhn0HDdQ9QFcOITpvzJQd2Au0fHdhKcEzfkNPsrteW9m9nrjl0A EAy0kCeB0jqHABrc4+crz5fQ+AWcX9jokItU6+M4SQhv1BOpLdyRltRVqHOvT8APTPM9 hYfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=s9GZ0fKb; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id a190si40754911pfb.127.2019.08.02.13.51.44; Fri, 02 Aug 2019 13:51:44 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=s9GZ0fKb; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 3B5B87F3B7; Fri, 2 Aug 2019 20:51:26 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mail.openembedded.org (Postfix) with ESMTP id F240E7F394 for ; Fri, 2 Aug 2019 20:37:27 +0000 (UTC) Received: by mail-wm1-f44.google.com with SMTP id v15so69130804wml.0 for ; Fri, 02 Aug 2019 13:37:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=soS5yJnuADZ4XIV07wkNfzS+WhoZ/W7MVGb6h35ym9U=; b=s9GZ0fKbRHqPb0YMKufJKj8t1rhjbEAIX1b5QjJOfwd/Z/5Lt/BrgVczXwpGPvhhJo I8MrSHQbxJV5+ryovaB4iBuqh7KrtC5SPOqREy5Wv7Ui7t52sPiF99frf35444ARK9qp h+iokCPRb37yGSxKfqs3W/5cfmPXEIOACu1BU8E8r3RzF2D92drxPDchxYu37flOVre6 xiJHMYJPnv3nu7j0A5lIrqlsBdZjLZeQ78d5L1d3EmjL6k1OZcWxzF+7i0aJrH1z89tt 3IHLOHOmA3HUSjdvDbGquJi5jbDKnXPDqx8ajUTjRNeUz+Wy6m+iMsbPsCyNRKK7GkSX gheA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=soS5yJnuADZ4XIV07wkNfzS+WhoZ/W7MVGb6h35ym9U=; b=iiU+7mjJvIVa1DUe9MEbGdoJ0W2lXET8SnGZERiRwN93uwUhj81TsZGg1SYten5YVa 3Zp9RF/P3xU3c3yE/DheJ0NS/+UaXes8x2CyeSX5V7GCYIlxTRsD3bVhXtLMaL6cIecf ZkT6HXL4i7kFgLFFw3FHu2NT40M9qxcSYM3uh5LTZwrdf/ZFfvxHYf3pyIAAyaMP4WCL /cdnXHu8ws7Z39EQ00omZk/n6LqJeVesaXTOF3PBXSmEbFfJTb0th8funz6YfgHOcZav gpjZUyn0/kkNG7yCMoPxzovf8BZV3S9zQfQtHxK0VCzX0WGjH1iUeO/JR2reaq8rTs41 21fg== X-Gm-Message-State: APjAAAWbCfcDnC4mCa3OEouqkI04uOepnmIi+4fHd9nnvgDIWxiVJotR cEEsRw5IL4l3ReKxnESgy4s660Mmy1c= X-Received: by 2002:a1c:f61a:: with SMTP id w26mr6050826wmc.75.1564778248398; Fri, 02 Aug 2019 13:37:28 -0700 (PDT) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id n1sm59083910wrx.39.2019.08.02.13.37.27 for (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Fri, 02 Aug 2019 13:37:27 -0700 (PDT) From: Ross Burton To: openembedded-core@lists.openembedded.org Date: Fri, 2 Aug 2019 21:37:16 +0100 Message-Id: <20190802203719.20437-6-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190802203719.20437-1-ross.burton@intel.com> References: <20190802203719.20437-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 6/9] xserver-xorg: remove embedded build path in the source X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org The generated source file sdksyms.c has a comment with the absolute build path, which means xserver-xorg-src contains this build path. This is both potential build information leakage and a source of unreproducibility, so remove the comment. Signed-off-by: Ross Burton --- .../xserver-xorg/sdksyms-no-build-path.patch | 22 +++++++++++++++++++ .../xorg-xserver/xserver-xorg_1.20.4.bb | 1 + 2 files changed, 23 insertions(+) create mode 100644 meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch b/meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch new file mode 100644 index 00000000000..54d128cb39e --- /dev/null +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg/sdksyms-no-build-path.patch @@ -0,0 +1,22 @@ +sdksyms.sh: don't embed the build path + +This script generates a header that has a comment containing the build path for +no real reason. As this source can end up deployed on targets in debug packages +this means there is both potentially sensitive information leakage about the +build environment, and a source of change for reproducible builds. + +Upstream-Status: Submitted [https://gitlab.freedesktop.org/xorg/xserver/merge_requests/253] +Signed-off-by: Ross Burton + +diff --git a/hw/xfree86/sdksyms.sh b/hw/xfree86/sdksyms.sh +index 39e33711d..cdb3794b9 100755 +--- a/hw/xfree86/sdksyms.sh ++++ b/hw/xfree86/sdksyms.sh +@@ -308,7 +308,6 @@ BEGIN { + print(" * These symbols are referenced to ensure they"); + print(" * will be available in the X Server binary."); + print(" */"); +- printf("/* topdir=%s */\n", topdir); + print("_X_HIDDEN void *xorg_symbols[] = {"); + + printf("sdksyms.c:") > "sdksyms.dep"; diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb index d7c5e6b3550..abc4656b0f8 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg_1.20.4.bb @@ -4,6 +4,7 @@ SRC_URI += "file://0001-xf86pciBus.c-use-Intel-ddx-only-for-pre-gen4-hardwar.pat file://pkgconfig.patch \ file://0001-test-xtest-Initialize-array-with-braces.patch \ file://0001-compiler.h-Do-not-include-sys-io.h-on-ARM-with-glibc.patch \ + file://sdksyms-no-build-path.patch \ " SRC_URI[md5sum] = "c4841cc24b79420205d082fe82e0a650" SRC_URI[sha256sum] = "fe0fd493ebe93bfc56bede382fa204458ff5f636ea54d413a5d1bd58e19166ee"