diff options
Diffstat (limited to 'indra/newview')
| -rw-r--r-- | indra/newview/CMakeLists.txt | 72 | ||||
| -rwxr-xr-x | indra/newview/generate_breakpad_symbols.py | 166 | ||||
| -rwxr-xr-x | indra/newview/installers/darwin/apple-notarize.sh | 44 | ||||
| -rw-r--r-- | indra/newview/llappviewer.cpp | 2 | ||||
| -rw-r--r-- | indra/newview/llappviewer.h | 1 | ||||
| -rw-r--r-- | indra/newview/llappviewermacosx.cpp | 27 | ||||
| -rw-r--r-- | indra/newview/llappviewermacosx.h | 1 | ||||
| -rw-r--r-- | indra/newview/llappviewerwin32.cpp | 54 | ||||
| -rw-r--r-- | indra/newview/llappviewerwin32.h | 1 | ||||
| -rw-r--r-- | indra/newview/llsecapi.h | 2 | ||||
| -rw-r--r-- | indra/newview/llsechandler_basic.cpp | 48 | ||||
| -rw-r--r-- | indra/newview/llsechandler_basic.h | 4 | ||||
| -rw-r--r-- | indra/newview/tests/llsecapi_test.cpp | 2 | ||||
| -rw-r--r-- | indra/newview/tests/llsechandler_basic_test.cpp | 32 | ||||
| -rwxr-xr-x | indra/newview/viewer_manifest.py | 60 |
15 files changed, 386 insertions, 130 deletions
diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt index b6fb2dccba..fc8d8b805b 100644 --- a/indra/newview/CMakeLists.txt +++ b/indra/newview/CMakeLists.txt @@ -1829,27 +1829,28 @@ if (WINDOWS) ${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt ${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt ${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt + ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll + ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll + ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll ${viewer_APPSETTINGS_FILES} SLPlugin media_plugin_cef media_plugin_libvlc media_plugin_example winmm_shim + windows-crash-logger ) if (ADDRESS_SIZE EQUAL 64) list(APPEND COPY_INPUT_DEPENDENCIES ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll - ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll - ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll ) else (ADDRESS_SIZE EQUAL 64) list(APPEND COPY_INPUT_DEPENDENCIES ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll - ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll - ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll ) endif (ADDRESS_SIZE EQUAL 64) @@ -1905,6 +1906,7 @@ if (WINDOWS) add_dependencies(${VIEWER_BINARY_NAME} SLPlugin + windows-crash-logger ) # sets the 'working directory' for debugging from visual studio. @@ -2209,7 +2211,8 @@ if (DARWIN) ${CMAKE_CURRENT_SOURCE_DIR}/viewer_manifest.py ) - add_dependencies(${VIEWER_BINARY_NAME} SLPlugin media_plugin_libvlc media_plugin_cef) + add_dependencies(${VIEWER_BINARY_NAME} SLPlugin media_plugin_libvlc media_plugin_cef mac-crash-logger) + add_dependencies(${VIEWER_BINARY_NAME} mac-crash-logger) if (ENABLE_SIGNING) set(SIGNING_SETTING "--signature=${SIGNING_IDENTITY}") @@ -2252,7 +2255,62 @@ endif (INSTALL) # Note that the conventional VIEWER_SYMBOL_FILE is set by ../../build.sh if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIEWER_SYMBOL_FILE) - if (BUGSPLAT_DB) + if (NOT BUGSPLAT_DB) + # Breakpad symbol-file generation + set(SYMBOL_SEARCH_DIRS "") + if (WINDOWS) + list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}") + # slplugin.exe failing symbols dump - need to debug, might have to do with updated version of google breakpad + # set(VIEWER_EXE_GLOBS "${VIEWER_BINARY_NAME}${CMAKE_EXECUTABLE_SUFFIX} slplugin.exe") + set(VIEWER_EXE_GLOBS "${VIEWER_BINARY_NAME}${CMAKE_EXECUTABLE_SUFFIX}") + set(VIEWER_LIB_GLOB "*${CMAKE_SHARED_MODULE_SUFFIX}") + set(VIEWER_COPY_MANIFEST copy_w_viewer_manifest) + endif (WINDOWS) + if (DARWIN) + list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}") + # *TODO: Generate these search dirs in the cmake files related to each binary. + list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/llplugin/slplugin/${CMAKE_CFG_INTDIR}") + list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/mac_crash_logger/${CMAKE_CFG_INTDIR}") + list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/media_plugins/gstreamer010/${CMAKE_CFG_INTDIR}") + set(VIEWER_EXE_GLOBS "'${product}' SLPlugin mac-crash-logger") + set(VIEWER_EXE_GLOBS "'${product}' mac-crash-logger") + set(VIEWER_LIB_GLOB "*.dylib") + endif (DARWIN) + if (LINUX) + list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/packaged") + set(VIEWER_EXE_GLOBS "do-not-directly-run-secondlife-bin SLPlugin") + set(VIEWER_EXE_GLOBS "do-not-directly-run-secondlife-bin") + set(VIEWER_LIB_GLOB "*${CMAKE_SHARED_MODULE_SUFFIX}*") + set(VIEWER_COPY_MANIFEST copy_l_viewer_manifest) + endif (LINUX) + + if(CMAKE_CFG_INTDIR STREQUAL ".") + set(LLBUILD_CONFIG ${CMAKE_BUILD_TYPE}) + else(CMAKE_CFG_INTDIR STREQUAL ".") + # set LLBUILD_CONFIG to be a shell variable evaluated at build time + # reflecting the configuration we are currently building. + set(LLBUILD_CONFIG ${CMAKE_CFG_INTDIR}) + endif(CMAKE_CFG_INTDIR STREQUAL ".") + add_custom_command(OUTPUT "${VIEWER_SYMBOL_FILE}" + COMMAND "${PYTHON_EXECUTABLE}" + ARGS + "${CMAKE_CURRENT_SOURCE_DIR}/generate_breakpad_symbols.py" + "${LLBUILD_CONFIG}" + "${SYMBOL_SEARCH_DIRS}" + "${VIEWER_EXE_GLOBS}" + "${VIEWER_LIB_GLOB}" + "${AUTOBUILD_INSTALL_DIR}/bin/dump_syms" + "${VIEWER_SYMBOL_FILE}" + DEPENDS generate_breakpad_symbols.py + VERBATIM) + + add_custom_target(generate_symbols DEPENDS "${VIEWER_SYMBOL_FILE}" ${VIEWER_BINARY_NAME} "${VIEWER_COPY_MANIFEST}") + add_dependencies(generate_symbols ${VIEWER_BINARY_NAME}) + if (WINDOWS OR LINUX) + add_dependencies(generate_symbols "${VIEWER_COPY_MANIFEST}") + endif (WINDOWS OR LINUX) + + else (NOT BUGSPLAT_DB) # BugSplat symbol-file generation if (WINDOWS) # Just pack up a tarball containing only the .pdb file for the @@ -2336,7 +2394,7 @@ if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIE if (LINUX) # TBD endif (LINUX) - endif (BUGSPLAT_DB) + endif (NOT BUGSPLAT_DB) # for both BUGSPLAT_DB and Breakpad add_dependencies(llpackage generate_symbols) diff --git a/indra/newview/generate_breakpad_symbols.py b/indra/newview/generate_breakpad_symbols.py new file mode 100755 index 0000000000..d351c406bc --- /dev/null +++ b/indra/newview/generate_breakpad_symbols.py @@ -0,0 +1,166 @@ +#!/usr/bin/env python +"""\ +@file generate_breakpad_symbols.py +@author Brad Kittenbrink <brad@lindenlab.com> +@brief Simple tool for generating google_breakpad symbol information + for the crash reporter. + +$LicenseInfo:firstyear=2010&license=viewerlgpl$ +Second Life Viewer Source Code +Copyright (C) 2010-2011, Linden Research, Inc. + +This library is free software; you can redistribute it and/or +modify it under the terms of the GNU Lesser General Public +License as published by the Free Software Foundation; +version 2.1 of the License only. + +This library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Lesser General Public License for more details. + +You should have received a copy of the GNU Lesser General Public +License along with this library; if not, write to the Free Software +Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA +$/LicenseInfo$ +""" + + +import collections +import fnmatch +import itertools +import os +import re +import sys +import shlex +import subprocess +import tarfile +import StringIO +import pprint + +DEBUG=False + +def usage(): + print >>sys.stderr, "usage: %s search_dirs viewer_exes libs_suffix dump_syms_tool viewer_symbol_file" % sys.argv[0] + +class MissingModuleError(Exception): + def __init__(self, modules): + Exception.__init__(self, "Failed to find required modules: %r" % modules) + self.modules = modules + +def main(configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file): + print "generate_breakpad_symbols run with args: %s" % str((configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file)) + + if not re.match("release", configuration, re.IGNORECASE): + print "skipping breakpad symbol generation for non-release build." + return 0 + + # split up list of viewer_exes + # "'Second Life' SLPlugin" becomes ['Second Life', 'SLPlugin'] + viewer_exes = shlex.split(viewer_exes) + + found_required = dict([(module, False) for module in viewer_exes]) + + def matches(f): + if f in viewer_exes: + found_required[f] = True + return True + return fnmatch.fnmatch(f, libs_suffix) + + search_dirs = search_dirs.split(";") + + def list_files(): + for search_dir in search_dirs: + for (dirname, subdirs, filenames) in os.walk(search_dir): + if DEBUG: + print "scanning '%s' for modules..." % dirname + for f in itertools.ifilter(matches, filenames): + yield os.path.join(dirname, f) + + def dump_module(m): + print "dumping module '%s' with '%s'..." % (m, dump_syms_tool) + dsym_full_path = m + child = subprocess.Popen([dump_syms_tool, dsym_full_path] , stdout=subprocess.PIPE) + out, err = child.communicate() + return (m,child.returncode, out, err) + + + modules = {} + + for m in list_files(): + if DEBUG: + print "examining module '%s' ... " % m, + filename=os.path.basename(m) + if -1 != m.find("DWARF"): + # Just use this module; it has the symbols we want. + modules[filename] = m + if DEBUG: + print "found dSYM entry" + elif filename not in modules: + # Only use this if we don't already have a (possibly better) entry. + modules[filename] = m + if DEBUG: + print "found new entry" + elif DEBUG: + print "ignoring entry" + + + print "Found these following modules:" + pprint.pprint( modules ) + + out = tarfile.open(viewer_symbol_file, 'w:bz2') + for (filename,status,symbols,err) in itertools.imap(dump_module, modules.values()): + if status == 0: + module_line = symbols[:symbols.index('\n')] + module_line = module_line.split() + hash_id = module_line[3] + module = ' '.join(module_line[4:]) + if sys.platform in ['win32', 'cygwin']: + mod_name = module[:module.rindex('.pdb')] + else: + mod_name = module + symbolfile = StringIO.StringIO(symbols) + info = tarfile.TarInfo("%(module)s/%(hash_id)s/%(mod_name)s.sym" % dict(module=module, hash_id=hash_id, mod_name=mod_name)) + info.size = symbolfile.len + out.addfile(info, symbolfile) + else: + print >>sys.stderr, "warning: failed to dump symbols for '%s': %s" % (filename, err) + + out.close() + + missing_modules = [m for (m,_) in + itertools.ifilter(lambda (k,v): not v, found_required.iteritems()) + ] + if missing_modules: + print >> sys.stderr, "failed to generate %s" % viewer_symbol_file + os.remove(viewer_symbol_file) + raise MissingModuleError(missing_modules) + + symbols = tarfile.open(viewer_symbol_file, 'r:bz2') + tarfile_members = symbols.getnames() + symbols.close() + + for required_module in viewer_exes: + def match_module_basename(m): + return os.path.splitext(required_module)[0].lower() \ + == os.path.splitext(os.path.basename(m))[0].lower() + # there must be at least one .sym file in tarfile_members that matches + # each required module (ignoring file extensions) + if not any(itertools.imap(match_module_basename, tarfile_members)): + print >> sys.stderr, "failed to find required %s in generated %s" \ + % (required_module, viewer_symbol_file) + os.remove(viewer_symbol_file) + raise MissingModuleError([required_module]) + + print "successfully generated %s including required modules '%s'" % (viewer_symbol_file, viewer_exes) + + return 0 + +if __name__ == "__main__": + if len(sys.argv) != 7: + usage() + sys.exit(1) + sys.exit(main(*sys.argv[1:])) + diff --git a/indra/newview/installers/darwin/apple-notarize.sh b/indra/newview/installers/darwin/apple-notarize.sh deleted file mode 100755 index b953af81af..0000000000 --- a/indra/newview/installers/darwin/apple-notarize.sh +++ /dev/null @@ -1,44 +0,0 @@ -#!/bin/sh -CONFIG_FILE="$build_secrets_checkout/code-signing-osx/notarize_creds.sh" -if [ -f "$CONFIG_FILE" ]; then - source $CONFIG_FILE - app_file="$1" - zip_file=${app_file/app/zip} - ditto -c -k --keepParent "$app_file" "$zip_file" - if [ -f "$zip_file" ]; then - requestUUID=$(xcrun altool --notarize-app --primary-bundle-id "com.secondlife.viewer" \ - --username $USERNAME \ - --password $PASSWORD \ - --asc-provider $ASC_PROVIDER \ - --file "$zip_file" 2>&1 \ - | awk '/RequestUUID/ { print $NF; }') - - echo "Apple Notarization RequestUUID: $requestUUID" - - if [[ -n $requestUUID ]]; then - status="in progress" - while [[ "$status" == "in progress" ]]; do - sleep 30 - status=$(xcrun altool --notarization-info "$requestUUID" \ - --username $USERNAME \ - --password $PASSWORD 2>&1 \ - | awk -F ': ' '/Status:/ { print $2; }' ) - echo "$status" - done - # log results - xcrun altool --notarization-info "$requestUUID" \ - --username $USERNAME \ - --password $PASSWORD - - #remove temporary file - rm "$zip_file" - - if [["$status" == "success"]]; then - xcrun stapler staple "$app_file" - elif [["$status" == "invalid"]]; then - exit 1 - fi - fi - fi -fi - diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp index 66a33ed6ae..053c0a5ab7 100644 --- a/indra/newview/llappviewer.cpp +++ b/indra/newview/llappviewer.cpp @@ -738,7 +738,7 @@ LLAppViewer::LLAppViewer() std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, ""); #endif // ! LL_BUGSPLAT mDumpPath = logdir; - + setMiniDumpDir(logdir); setDebugFileNames(logdir); } diff --git a/indra/newview/llappviewer.h b/indra/newview/llappviewer.h index e9c467bd01..5ceb540784 100644 --- a/indra/newview/llappviewer.h +++ b/indra/newview/llappviewer.h @@ -108,6 +108,7 @@ public: virtual bool restoreErrorTrap() = 0; // Require platform specific override to reset error handling mechanism. // return false if the error trap needed restoration. + virtual void initCrashReporting(bool reportFreeze = false) = 0; // What to do with crash report? static void handleViewerCrash(); // Hey! The viewer crashed. Do this, soon. void checkForCrash(); diff --git a/indra/newview/llappviewermacosx.cpp b/indra/newview/llappviewermacosx.cpp index 862e2b45df..662164af2d 100644 --- a/indra/newview/llappviewermacosx.cpp +++ b/indra/newview/llappviewermacosx.cpp @@ -240,7 +240,17 @@ LLAppViewerMacOSX::~LLAppViewerMacOSX() bool LLAppViewerMacOSX::init() { - return LLAppViewer::init(); + bool success = LLAppViewer::init(); + +#if LL_SEND_CRASH_REPORTS + if (success) + { + LLAppViewer* pApp = LLAppViewer::instance(); + pApp->initCrashReporting(); + } +#endif + + return success; } // MacOSX may add and addition command line arguement for the process serial number. @@ -357,6 +367,21 @@ bool LLAppViewerMacOSX::restoreErrorTrap() return reset_count == 0; } +void LLAppViewerMacOSX::initCrashReporting(bool reportFreeze) +{ + std::string command_str = "mac-crash-logger.app"; + + std::stringstream pid_str; + pid_str << LLApp::getPid(); + std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, ""); + std::string appname = gDirUtilp->getExecutableFilename(); + std::string str[] = { "-pid", pid_str.str(), "-dumpdir", logdir, "-procname", appname.c_str() }; + std::vector< std::string > args( str, str + ( sizeof ( str ) / sizeof ( std::string ) ) ); + LL_WARNS() << "about to launch mac-crash-logger" << pid_str.str() + << " " << logdir << " " << appname << LL_ENDL; + launchApplication(&command_str, &args); +} + std::string LLAppViewerMacOSX::generateSerialNumber() { char serial_md5[MD5HEX_STR_SIZE]; // Flawfinder: ignore diff --git a/indra/newview/llappviewermacosx.h b/indra/newview/llappviewermacosx.h index b0e325a955..d5a80864be 100644 --- a/indra/newview/llappviewermacosx.h +++ b/indra/newview/llappviewermacosx.h @@ -44,6 +44,7 @@ public: protected: virtual bool restoreErrorTrap(); + virtual void initCrashReporting(bool reportFreeze); std::string generateSerialNumber(); virtual bool initParseCommandLine(LLCommandLineParser& clp); diff --git a/indra/newview/llappviewerwin32.cpp b/indra/newview/llappviewerwin32.cpp index f0bede5321..9b1c0d1f8b 100644 --- a/indra/newview/llappviewerwin32.cpp +++ b/indra/newview/llappviewerwin32.cpp @@ -603,6 +603,9 @@ bool LLAppViewerWin32::init() #if ! defined(LL_BUGSPLAT) #pragma message("Building without BugSplat") + LLAppViewer* pApp = LLAppViewer::instance(); + pApp->initCrashReporting(); + #else // LL_BUGSPLAT #pragma message("Building with BugSplat") @@ -814,6 +817,57 @@ bool LLAppViewerWin32::restoreErrorTrap() //return LLWinDebug::checkExceptionHandler(); } +void LLAppViewerWin32::initCrashReporting(bool reportFreeze) +{ + if (isSecondInstance()) return; //BUG-5707 do not start another crash reporter for second instance. + + const char* logger_name = "win_crash_logger.exe"; + std::string exe_path = gDirUtilp->getExecutableDir(); + exe_path += gDirUtilp->getDirDelimiter(); + exe_path += logger_name; + + std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, ""); + std::string appname = gDirUtilp->getExecutableFilename(); + + S32 slen = logdir.length() -1; + S32 end = slen; + while (logdir.at(end) == '/' || logdir.at(end) == '\\') end--; + + if (slen !=end) + { + logdir = logdir.substr(0,end+1); + } + //std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid()); + //_spawnl(_P_NOWAIT, exe_path.c_str(), arg_str.c_str(), NULL); + std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid()); + + STARTUPINFO startInfo={sizeof(startInfo)}; + PROCESS_INFORMATION processInfo; + + std::wstring exe_wstr; + exe_wstr = utf8str_to_utf16str(exe_path); + + std::wstring arg_wstr; + arg_wstr = utf8str_to_utf16str(arg_str); + + LL_INFOS("CrashReport") << "Creating crash reporter process " << exe_path << " with params: " << arg_str << LL_ENDL; + if(CreateProcess(exe_wstr.c_str(), + &arg_wstr[0], // Application arguments + 0, + 0, + FALSE, + CREATE_DEFAULT_ERROR_MODE, + 0, + 0, // Working directory + &startInfo, + &processInfo) == FALSE) + // Could not start application -> call 'GetLastError()' + { + LL_WARNS("CrashReport") << "CreateProcess failed " << GetLastError() << LL_ENDL; + return; + } +} + //virtual bool LLAppViewerWin32::sendURLToOtherInstance(const std::string& url) { diff --git a/indra/newview/llappviewerwin32.h b/indra/newview/llappviewerwin32.h index 2699224e58..c5fae6a3a3 100644 --- a/indra/newview/llappviewerwin32.h +++ b/indra/newview/llappviewerwin32.h @@ -51,6 +51,7 @@ protected: virtual bool beingDebugged(); virtual bool restoreErrorTrap(); + virtual void initCrashReporting(bool reportFreeze); virtual bool sendURLToOtherInstance(const std::string& url); diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 1e6f2154bc..14059f828a 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -452,7 +452,7 @@ public: virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0; // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0; + virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0; // instantiate a cert store given it's id. if a persisted version // exists, it'll be loaded. If not, one will be created (but not diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 94331fddfa..737ef30ada 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert, LLBasicCertificate::LLBasicCertificate(X509* pCert, const LLSD* validation_params) { - if (!pCert) + if (!pCert || !pCert->cert_info) { LLTHROW(LLInvalidCertificate(LLSD::emptyMap())); } @@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name) char buffer[32]; X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index); - std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), - ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); + std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), + M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry); OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0); @@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const // LLBasicCertificateChain // This class represents a chain of certs, each cert being signed by the next cert // in the chain. Certs must be properly signed by the parent -LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store) +LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store) { // we're passed in a context, which contains a cert, and a blob of untrusted // certificates which compose the chain. - if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL) + if((store == NULL) || (store->cert == NULL)) { LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL; return; } // grab the child cert - LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store)); + LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert); add(current); - if(X509_STORE_CTX_get0_untrusted(store) != NULL) + if(store->untrusted != NULL) { // if there are other certs in the chain, we build up a vector // of untrusted certs so we can search for the parents of each // consecutive cert. LLBasicCertificateVector untrusted_certs; - for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) + for(int i = 0; i < sk_X509_num(store->untrusted); i++) { - LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i)); + LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i)); untrusted_certs.add(cert); } @@ -1340,10 +1340,9 @@ void LLSecAPIBasicHandler::_readProtectedData() // read in the rest of the file. - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - // todo: ctx error handling - - EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL); + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL); // allocate memory: std::string decrypted_data; @@ -1351,14 +1350,14 @@ void LLSecAPIBasicHandler::_readProtectedData() // read data as a block: protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE); - EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, + EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, buffer, protected_data_stream.gcount()); decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount()); } // RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is // no block padding. - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_cleanup(&ctx); std::istringstream parse_stream(decrypted_data); if (parser->parse(parse_stream, mProtectedDataMap, LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE) @@ -1394,14 +1393,12 @@ void LLSecAPIBasicHandler::_writeProtectedData() llofstream protected_data_stream(tmp_filename.c_str(), std::ios_base::binary); - EVP_CIPHER_CTX *ctx = NULL; try { - ctx = EVP_CIPHER_CTX_new(); - // todo: ctx error handling - - EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL); + EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX_init(&ctx); + EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL); unsigned char unique_id[MAC_ADDRESS_BYTES]; LLMachineID::getUniqueID(unique_id, sizeof(unique_id)); LLXORCipher cipher(unique_id, sizeof(unique_id)); @@ -1416,13 +1413,13 @@ void LLSecAPIBasicHandler::_writeProtectedData() break; } int encrypted_length; - EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, + EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, buffer, formatted_data_istream.gcount()); protected_data_stream.write((const char *)encrypted_buffer, encrypted_length); } // no EVP_EncrypteFinal, as this is a stream cipher - EVP_CIPHER_CTX_free(ctx); + EVP_CIPHER_CTX_cleanup(&ctx); protected_data_stream.close(); } @@ -1434,11 +1431,6 @@ void LLSecAPIBasicHandler::_writeProtectedData() // it may be, however. LLFile::remove(tmp_filename); - if (ctx) - { - EVP_CIPHER_CTX_free(ctx); - } - // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() // Decided throwing an exception here was overkill until we figure out why this happens //LLTHROW(LLProtectedDataException("Error writing Protected Data Store")); @@ -1491,7 +1483,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert } // instantiate a chain from an X509_STORE_CTX -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain); return result; diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 82670f9083..0bc7f5230f 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public { public: - LLBasicCertificateChain(X509_STORE_CTX * store); + LLBasicCertificateChain(const X509_STORE_CTX * store); virtual ~LLBasicCertificateChain() {} @@ -241,7 +241,7 @@ public: virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert); // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain); + virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain); // instantiate a cert store given it's id. if a persisted version // exists, it'll be loaded. If not, one will be created (but not diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp index 37fbbb449b..caa3016d2e 100644 --- a/indra/newview/tests/llsecapi_test.cpp +++ b/indra/newview/tests/llsecapi_test.cpp @@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {} LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {} LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; } LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; } -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; } +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; } LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; } void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {} void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {} diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp index 4c8d6c51b0..e5d226a2a4 100644 --- a/indra/newview/tests/llsechandler_basic_test.cpp +++ b/indra/newview/tests/llsechandler_basic_test.cpp @@ -1217,8 +1217,8 @@ namespace tut // Single cert in the chain. X509_STORE_CTX *test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, NULL); + test_store->cert = mX509ChildCert; + test_store->untrusted = NULL; test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 1); @@ -1229,9 +1229,9 @@ namespace tut // cert + CA test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); + test_store->cert = mX509ChildCert; + test_store->untrusted = sk_X509_new_null(); + sk_X509_push(test_store->untrusted, mX509IntermediateCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 2); @@ -1245,9 +1245,9 @@ namespace tut // cert + nonrelated test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); + test_store->cert = mX509ChildCert; + test_store->untrusted = sk_X509_new_null(); + sk_X509_push(test_store->untrusted, mX509TestCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 1); @@ -1257,10 +1257,10 @@ namespace tut // cert + CA + nonrelated test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); + test_store->cert = mX509ChildCert; + test_store->untrusted = sk_X509_new_null(); + sk_X509_push(test_store->untrusted, mX509IntermediateCert); + sk_X509_push(test_store->untrusted, mX509TestCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 2); @@ -1273,10 +1273,10 @@ namespace tut // cert + intermediate + CA test_store = X509_STORE_CTX_new(); - X509_STORE_CTX_set_cert(test_store, mX509ChildCert); - X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); - sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert); + test_store->cert = mX509ChildCert; + test_store->untrusted = sk_X509_new_null(); + sk_X509_push(test_store->untrusted, mX509IntermediateCert); + sk_X509_push(test_store->untrusted, mX509RootCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("three elements in store", test_chain->size(), 3); diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py index c0a0a7ec46..adac7af712 100755 --- a/indra/newview/viewer_manifest.py +++ b/indra/newview/viewer_manifest.py @@ -553,13 +553,9 @@ class WindowsManifest(ViewerManifest): self.path("vivoxsdk.dll") self.path("ortp.dll") - # OpenSSL - if (self.address_size == 64): - self.path("libcrypto-1_1-x64.dll") - self.path("libssl-1_1-x64.dll") - else: - self.path("libcrypto-1_1.dll") - self.path("libssl-1_1.dll") + # Security + self.path("ssleay32.dll") + self.path("libeay32.dll") # HTTP/2 self.path("nghttp2.dll") @@ -687,6 +683,11 @@ class WindowsManifest(ViewerManifest): self.path("libvlccore.dll") self.path("plugins/") + # pull in the crash logger from other projects + # tag:"crash-logger" here as a cue to the exporter + self.path(src='../win_crash_logger/%s/windows-crash-logger.exe' % self.args['configuration'], + dst="win_crash_logger.exe") + if not self.is_packaging_viewer(): self.package_file = "copied_deps" @@ -1031,6 +1032,7 @@ class DarwinManifest(ViewerManifest): "libapr-1.0.dylib", "libaprutil-1.0.dylib", "libexpat.1.dylib", + "libexception_handler.dylib", "libGLOD.dylib", # libnghttp2.dylib is a symlink to # libnghttp2.major.dylib, which is a symlink to @@ -1066,15 +1068,21 @@ class DarwinManifest(ViewerManifest): # our apps executable_path = {} - self.path2basename(os.path.join(os.pardir, os.path.join("llplugin", "slplugin"), self.args['configuration']), "SLPlugin.app") - executable_path["SLPlugin.app"] = \ - self.dst_path_of(os.path.join("SLPlugin.app", "Contents", "MacOS")) - - # our apps dependencies on shared libs - # for each app, for each dylib we collected in dylibs, - # create a symlink to the real copy of the dylib. - with self.prefix(dst=os.path.join("SLPlugin.app", "Contents", "Resources")): - for libfile in dylibs: + for app_bld_dir, app in (("mac_crash_logger", "mac-crash-logger.app"), + # plugin launcher + (os.path.join("llplugin", "slplugin"), "SLPlugin.app"), + ): + self.path2basename(os.path.join(os.pardir, + app_bld_dir, self.args['configuration']), + app) + executable_path[app] = \ + self.dst_path_of(os.path.join(app, "Contents", "MacOS")) + + # our apps dependencies on shared libs + # for each app, for each dylib we collected in dylibs, + # create a symlink to the real copy of the dylib. + with self.prefix(dst=os.path.join(app, "Contents", "Resources")): + for libfile in dylibs: self.relsymlinkf(os.path.join(libfile_parent, libfile)) # Dullahan helper apps go inside SLPlugin.app @@ -1295,19 +1303,14 @@ class DarwinManifest(ViewerManifest): signed=False sign_attempts=3 sign_retry_wait=15 - libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib" - cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib" - slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin" - greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so" while (not signed) and (sign_attempts > 0): try: - sign_attempts-=1 - # Note: See blurb above about names of keychains - self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path]) - self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path]) - self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, greenlet_path]) - self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path]) - self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg]) + sign_attempts-=1; + self.run_command( + # Note: See blurb above about names of keychains + ['codesign', '--verbose', '--deep', '--force', + '--keychain', viewer_keychain, '--sign', identity, + app_in_dmg]) signed=True # if no exception was raised, the codesign worked except ManifestError as err: if sign_attempts: @@ -1318,7 +1321,6 @@ class DarwinManifest(ViewerManifest): print >> sys.stderr, "Maximum codesign attempts exceeded; giving up" raise self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg]) - self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg]) finally: # Unmount the image even if exceptions from any of the above @@ -1371,7 +1373,7 @@ class LinuxManifest(ViewerManifest): with self.prefix(dst="bin"): self.path("secondlife-bin","do-not-directly-run-secondlife-bin") self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin") - self.path2basename("../llplugin/slplugin", "SLPlugin") + self.path2basename("../llplugin/slplugin", "SLPlugin") #this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323 with self.prefix(src="../viewer_components/manager", dst=""): self.path("*.py") |