summaryrefslogtreecommitdiff
path: root/indra/newview
diff options
context:
space:
mode:
Diffstat (limited to 'indra/newview')
-rw-r--r--indra/newview/CMakeLists.txt79
-rwxr-xr-xindra/newview/generate_breakpad_symbols.py166
-rwxr-xr-xindra/newview/installers/darwin/apple-notarize.sh54
-rw-r--r--indra/newview/llappviewer.cpp6
-rw-r--r--indra/newview/llappviewer.h1
-rw-r--r--indra/newview/llappviewermacosx.cpp31
-rw-r--r--indra/newview/llappviewermacosx.h1
-rw-r--r--indra/newview/llappviewerwin32.cpp54
-rw-r--r--indra/newview/llappviewerwin32.h5
-rw-r--r--indra/newview/llsecapi.cpp6
-rw-r--r--indra/newview/llsecapi.h4
-rw-r--r--indra/newview/llsechandler_basic.cpp48
-rw-r--r--indra/newview/llsechandler_basic.h4
-rw-r--r--indra/newview/slplugin.entitlements8
-rw-r--r--indra/newview/tests/llsecapi_test.cpp2
-rw-r--r--indra/newview/tests/llsechandler_basic_test.cpp32
-rwxr-xr-xindra/newview/viewer_manifest.py31
17 files changed, 154 insertions, 378 deletions
diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt
index 08462d044b..e6291bdcdb 100644
--- a/indra/newview/CMakeLists.txt
+++ b/indra/newview/CMakeLists.txt
@@ -1840,10 +1840,6 @@ if (WINDOWS)
${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt
${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt
${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt
- ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll
- ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll
- ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll
- ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll
${viewer_APPSETTINGS_FILES}
SLPlugin
media_plugin_cef
@@ -1860,11 +1856,15 @@ if (WINDOWS)
list(APPEND COPY_INPUT_DEPENDENCIES
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll
)
else (ADDRESS_SIZE EQUAL 64)
list(APPEND COPY_INPUT_DEPENDENCIES
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll
${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll
+ ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll
)
endif (ADDRESS_SIZE EQUAL 64)
@@ -1918,11 +1918,9 @@ if (WINDOWS)
add_dependencies(${VIEWER_BINARY_NAME} copy_win_scripts)
endif (EXISTS ${CMAKE_SOURCE_DIR}/copy_win_scripts)
- add_dependencies(${VIEWER_BINARY_NAME} SLPlugin)
-
- if (NOT USE_BUGSPLAT)
- add_dependencies(${VIEWER_BINARY_NAME} windows-crash-logger)
- endif (NOT USE_BUGSPLAT)
+ add_dependencies(${VIEWER_BINARY_NAME}
+ SLPlugin
+ )
# sets the 'working directory' for debugging from visual studio.
# Condition for version can be moved to requirements once build agents will be updated (see TOOL-3865)
@@ -2231,10 +2229,6 @@ if (DARWIN)
add_dependencies(${VIEWER_BINARY_NAME} SLPlugin media_plugin_libvlc media_plugin_cef)
- if (NOT USE_BUGSPLAT)
- add_dependencies(${VIEWER_BINARY_NAME} mac-crash-logger)
- endif (NOT USE_BUGSPLAT)
-
if (ENABLE_SIGNING)
set(SIGNING_SETTING "--signature=${SIGNING_IDENTITY}")
else (ENABLE_SIGNING)
@@ -2276,62 +2270,7 @@ endif (INSTALL)
# Note that the conventional VIEWER_SYMBOL_FILE is set by ../../build.sh
if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIEWER_SYMBOL_FILE)
- if (NOT USE_BUGSPLAT)
- # Breakpad symbol-file generation
- set(SYMBOL_SEARCH_DIRS "")
- if (WINDOWS)
- list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}")
- # slplugin.exe failing symbols dump - need to debug, might have to do with updated version of google breakpad
- # set(VIEWER_EXE_GLOBS "${VIEWER_BINARY_NAME}${CMAKE_EXECUTABLE_SUFFIX} slplugin.exe")
- set(VIEWER_EXE_GLOBS "${VIEWER_BINARY_NAME}${CMAKE_EXECUTABLE_SUFFIX}")
- set(VIEWER_LIB_GLOB "*${CMAKE_SHARED_MODULE_SUFFIX}")
- set(VIEWER_COPY_MANIFEST copy_w_viewer_manifest)
- endif (WINDOWS)
- if (DARWIN)
- list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}")
- # *TODO: Generate these search dirs in the cmake files related to each binary.
- list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/llplugin/slplugin/${CMAKE_CFG_INTDIR}")
- list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/mac_crash_logger/${CMAKE_CFG_INTDIR}")
- list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/media_plugins/gstreamer010/${CMAKE_CFG_INTDIR}")
- set(VIEWER_EXE_GLOBS "'${product}' SLPlugin")
- set(VIEWER_EXE_GLOBS "'${product}' mac-crash-logger")
- set(VIEWER_LIB_GLOB "*.dylib")
- endif (DARWIN)
- if (LINUX)
- list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/packaged")
- set(VIEWER_EXE_GLOBS "do-not-directly-run-secondlife-bin SLPlugin")
- set(VIEWER_EXE_GLOBS "do-not-directly-run-secondlife-bin")
- set(VIEWER_LIB_GLOB "*${CMAKE_SHARED_MODULE_SUFFIX}*")
- set(VIEWER_COPY_MANIFEST copy_l_viewer_manifest)
- endif (LINUX)
-
- if(CMAKE_CFG_INTDIR STREQUAL ".")
- set(LLBUILD_CONFIG ${CMAKE_BUILD_TYPE})
- else(CMAKE_CFG_INTDIR STREQUAL ".")
- # set LLBUILD_CONFIG to be a shell variable evaluated at build time
- # reflecting the configuration we are currently building.
- set(LLBUILD_CONFIG ${CMAKE_CFG_INTDIR})
- endif(CMAKE_CFG_INTDIR STREQUAL ".")
- add_custom_command(OUTPUT "${VIEWER_SYMBOL_FILE}"
- COMMAND "${PYTHON_EXECUTABLE}"
- ARGS
- "${CMAKE_CURRENT_SOURCE_DIR}/generate_breakpad_symbols.py"
- "${LLBUILD_CONFIG}"
- "${SYMBOL_SEARCH_DIRS}"
- "${VIEWER_EXE_GLOBS}"
- "${VIEWER_LIB_GLOB}"
- "${AUTOBUILD_INSTALL_DIR}/bin/dump_syms"
- "${VIEWER_SYMBOL_FILE}"
- DEPENDS generate_breakpad_symbols.py
- VERBATIM)
-
- add_custom_target(generate_symbols DEPENDS "${VIEWER_SYMBOL_FILE}" ${VIEWER_BINARY_NAME} "${VIEWER_COPY_MANIFEST}")
- add_dependencies(generate_symbols ${VIEWER_BINARY_NAME})
- if (WINDOWS OR LINUX)
- add_dependencies(generate_symbols "${VIEWER_COPY_MANIFEST}")
- endif (WINDOWS OR LINUX)
-
- else (NOT USE_BUGSPLAT)
+ if (BUGSPLAT_DB)
# BugSplat symbol-file generation
if (WINDOWS)
# Just pack up a tarball containing only the .pdb file for the
@@ -2415,7 +2354,7 @@ if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIE
if (LINUX)
# TBD
endif (LINUX)
- endif (NOT USE_BUGSPLAT)
+ endif (BUGSPLAT_DB)
# for both Bugsplat and Breakpad
add_dependencies(llpackage generate_symbols)
diff --git a/indra/newview/generate_breakpad_symbols.py b/indra/newview/generate_breakpad_symbols.py
deleted file mode 100755
index d351c406bc..0000000000
--- a/indra/newview/generate_breakpad_symbols.py
+++ /dev/null
@@ -1,166 +0,0 @@
-#!/usr/bin/env python
-"""\
-@file generate_breakpad_symbols.py
-@author Brad Kittenbrink <brad@lindenlab.com>
-@brief Simple tool for generating google_breakpad symbol information
- for the crash reporter.
-
-$LicenseInfo:firstyear=2010&license=viewerlgpl$
-Second Life Viewer Source Code
-Copyright (C) 2010-2011, Linden Research, Inc.
-
-This library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Lesser General Public
-License as published by the Free Software Foundation;
-version 2.1 of the License only.
-
-This library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this library; if not, write to the Free Software
-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA
-$/LicenseInfo$
-"""
-
-
-import collections
-import fnmatch
-import itertools
-import os
-import re
-import sys
-import shlex
-import subprocess
-import tarfile
-import StringIO
-import pprint
-
-DEBUG=False
-
-def usage():
- print >>sys.stderr, "usage: %s search_dirs viewer_exes libs_suffix dump_syms_tool viewer_symbol_file" % sys.argv[0]
-
-class MissingModuleError(Exception):
- def __init__(self, modules):
- Exception.__init__(self, "Failed to find required modules: %r" % modules)
- self.modules = modules
-
-def main(configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file):
- print "generate_breakpad_symbols run with args: %s" % str((configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file))
-
- if not re.match("release", configuration, re.IGNORECASE):
- print "skipping breakpad symbol generation for non-release build."
- return 0
-
- # split up list of viewer_exes
- # "'Second Life' SLPlugin" becomes ['Second Life', 'SLPlugin']
- viewer_exes = shlex.split(viewer_exes)
-
- found_required = dict([(module, False) for module in viewer_exes])
-
- def matches(f):
- if f in viewer_exes:
- found_required[f] = True
- return True
- return fnmatch.fnmatch(f, libs_suffix)
-
- search_dirs = search_dirs.split(";")
-
- def list_files():
- for search_dir in search_dirs:
- for (dirname, subdirs, filenames) in os.walk(search_dir):
- if DEBUG:
- print "scanning '%s' for modules..." % dirname
- for f in itertools.ifilter(matches, filenames):
- yield os.path.join(dirname, f)
-
- def dump_module(m):
- print "dumping module '%s' with '%s'..." % (m, dump_syms_tool)
- dsym_full_path = m
- child = subprocess.Popen([dump_syms_tool, dsym_full_path] , stdout=subprocess.PIPE)
- out, err = child.communicate()
- return (m,child.returncode, out, err)
-
-
- modules = {}
-
- for m in list_files():
- if DEBUG:
- print "examining module '%s' ... " % m,
- filename=os.path.basename(m)
- if -1 != m.find("DWARF"):
- # Just use this module; it has the symbols we want.
- modules[filename] = m
- if DEBUG:
- print "found dSYM entry"
- elif filename not in modules:
- # Only use this if we don't already have a (possibly better) entry.
- modules[filename] = m
- if DEBUG:
- print "found new entry"
- elif DEBUG:
- print "ignoring entry"
-
-
- print "Found these following modules:"
- pprint.pprint( modules )
-
- out = tarfile.open(viewer_symbol_file, 'w:bz2')
- for (filename,status,symbols,err) in itertools.imap(dump_module, modules.values()):
- if status == 0:
- module_line = symbols[:symbols.index('\n')]
- module_line = module_line.split()
- hash_id = module_line[3]
- module = ' '.join(module_line[4:])
- if sys.platform in ['win32', 'cygwin']:
- mod_name = module[:module.rindex('.pdb')]
- else:
- mod_name = module
- symbolfile = StringIO.StringIO(symbols)
- info = tarfile.TarInfo("%(module)s/%(hash_id)s/%(mod_name)s.sym" % dict(module=module, hash_id=hash_id, mod_name=mod_name))
- info.size = symbolfile.len
- out.addfile(info, symbolfile)
- else:
- print >>sys.stderr, "warning: failed to dump symbols for '%s': %s" % (filename, err)
-
- out.close()
-
- missing_modules = [m for (m,_) in
- itertools.ifilter(lambda (k,v): not v, found_required.iteritems())
- ]
- if missing_modules:
- print >> sys.stderr, "failed to generate %s" % viewer_symbol_file
- os.remove(viewer_symbol_file)
- raise MissingModuleError(missing_modules)
-
- symbols = tarfile.open(viewer_symbol_file, 'r:bz2')
- tarfile_members = symbols.getnames()
- symbols.close()
-
- for required_module in viewer_exes:
- def match_module_basename(m):
- return os.path.splitext(required_module)[0].lower() \
- == os.path.splitext(os.path.basename(m))[0].lower()
- # there must be at least one .sym file in tarfile_members that matches
- # each required module (ignoring file extensions)
- if not any(itertools.imap(match_module_basename, tarfile_members)):
- print >> sys.stderr, "failed to find required %s in generated %s" \
- % (required_module, viewer_symbol_file)
- os.remove(viewer_symbol_file)
- raise MissingModuleError([required_module])
-
- print "successfully generated %s including required modules '%s'" % (viewer_symbol_file, viewer_exes)
-
- return 0
-
-if __name__ == "__main__":
- if len(sys.argv) != 7:
- usage()
- sys.exit(1)
- sys.exit(main(*sys.argv[1:]))
-
diff --git a/indra/newview/installers/darwin/apple-notarize.sh b/indra/newview/installers/darwin/apple-notarize.sh
new file mode 100755
index 0000000000..466898ecda
--- /dev/null
+++ b/indra/newview/installers/darwin/apple-notarize.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+if [[ $SKIP_NOTARIZATION == "true" ]]; then
+ echo "Skipping notarization"
+ exit 0
+fi
+
+CONFIG_FILE="$build_secrets_checkout/code-signing-osx/notarize_creds.sh"
+if [ -f "$CONFIG_FILE" ]; then
+ source $CONFIG_FILE
+ app_file="$1"
+ zip_file=${app_file/app/zip}
+ ditto -c -k --keepParent "$app_file" "$zip_file"
+ if [ -f "$zip_file" ]; then
+ res=$(xcrun altool --notarize-app --primary-bundle-id "com.secondlife.viewer" \
+ --username $USERNAME \
+ --password $PASSWORD \
+ --asc-provider $ASC_PROVIDER \
+ --file "$zip_file" 2>&1)
+ requestUUID=$(echo $res | awk '/RequestUUID/ { print $NF; }')
+
+ echo "Apple Notarization RequestUUID: $requestUUID"
+
+ if [[ -n $requestUUID ]]; then
+ status="in progress"
+ while [[ "$status" == "in progress" ]]; do
+ sleep 30
+ status=$(xcrun altool --notarization-info "$requestUUID" \
+ --username $USERNAME \
+ --password $PASSWORD 2>&1 \
+ | awk -F ': ' '/Status:/ { print $2; }' )
+ echo "$status"
+ done
+ # log results
+ xcrun altool --notarization-info "$requestUUID" \
+ --username $USERNAME \
+ --password $PASSWORD
+
+ #remove temporary file
+ rm "$zip_file"
+
+ if [["$status" == "success"]]; then
+ xcrun stapler staple "$app_file"
+ elif [["$status" == "invalid"]]; then
+ echo "Notarization error: failed to process the app file"
+ exit 1
+ fi
+ else
+ echo "Notarization error: couldn't get request UUID"
+ echo $res
+ exit 1
+ fi
+ fi
+fi
+
diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp
index 146d2899e7..2f494d306d 100644
--- a/indra/newview/llappviewer.cpp
+++ b/indra/newview/llappviewer.cpp
@@ -739,7 +739,7 @@ LLAppViewer::LLAppViewer()
std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, "");
# endif // ! LL_BUGSPLAT
mDumpPath = logdir;
- setMiniDumpDir(logdir);
+
setDebugFileNames(logdir);
}
@@ -2006,7 +2006,9 @@ bool LLAppViewer::cleanup()
if (LLConversationLog::instanceExists())
{
LLConversationLog::instance().cache();
- }
+ }
+
+ clearSecHandler();
if (mPurgeCacheOnExit)
{
diff --git a/indra/newview/llappviewer.h b/indra/newview/llappviewer.h
index 0afb70958c..95f6efa29a 100644
--- a/indra/newview/llappviewer.h
+++ b/indra/newview/llappviewer.h
@@ -109,7 +109,6 @@ public:
virtual bool restoreErrorTrap() = 0; // Require platform specific override to reset error handling mechanism.
// return false if the error trap needed restoration.
- virtual void initCrashReporting(bool reportFreeze = false) = 0; // What to do with crash report?
static void handleViewerCrash(); // Hey! The viewer crashed. Do this, soon.
void checkForCrash();
diff --git a/indra/newview/llappviewermacosx.cpp b/indra/newview/llappviewermacosx.cpp
index 42946e4415..aa932f9c89 100644
--- a/indra/newview/llappviewermacosx.cpp
+++ b/indra/newview/llappviewermacosx.cpp
@@ -222,14 +222,7 @@ LLAppViewerMacOSX::~LLAppViewerMacOSX()
bool LLAppViewerMacOSX::init()
{
- bool success = LLAppViewer::init();
-
- if (success)
- {
- LLAppViewer* pApp = LLAppViewer::instance();
- pApp->initCrashReporting();
- }
- return success;
+ return LLAppViewer::init();
}
// MacOSX may add and addition command line arguement for the process serial number.
@@ -347,28 +340,6 @@ bool LLAppViewerMacOSX::restoreErrorTrap()
return reset_count == 0;
}
-void LLAppViewerMacOSX::initCrashReporting(bool reportFreeze)
-{
-#if defined LL_BUGSPLAT
- LL_DEBUGS("InitOSX", "Bugsplat") << "using BugSplat crash logger" << LL_ENDL;
-#elif LL_SEND_CRASH_REPORTS
- LL_DEBUGS("InitOSX") << "Initializing legacy crash logger" << LL_ENDL;
- std::string command_str = "mac-crash-logger.app";
-
- std::stringstream pid_str;
- pid_str << LLApp::getPid();
- std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, "");
- std::string appname = gDirUtilp->getExecutableFilename();
- std::string str[] = { "-pid", pid_str.str(), "-dumpdir", logdir, "-procname", appname.c_str() };
- std::vector< std::string > args( str, str + ( sizeof ( str ) / sizeof ( std::string ) ) );
- LL_WARNS() << "about to launch mac-crash-logger" << pid_str.str()
- << " " << logdir << " " << appname << LL_ENDL;
- launchApplication(&command_str, &args);
-#else
- LL_DEBUGS("InitOSX") << "No crash logger enabled" << LL_ENDL;
-#endif // ! LL_BUGSPLAT
-}
-
std::string LLAppViewerMacOSX::generateSerialNumber()
{
char serial_md5[MD5HEX_STR_SIZE]; // Flawfinder: ignore
diff --git a/indra/newview/llappviewermacosx.h b/indra/newview/llappviewermacosx.h
index d5a80864be..b0e325a955 100644
--- a/indra/newview/llappviewermacosx.h
+++ b/indra/newview/llappviewermacosx.h
@@ -44,7 +44,6 @@ public:
protected:
virtual bool restoreErrorTrap();
- virtual void initCrashReporting(bool reportFreeze);
std::string generateSerialNumber();
virtual bool initParseCommandLine(LLCommandLineParser& clp);
diff --git a/indra/newview/llappviewerwin32.cpp b/indra/newview/llappviewerwin32.cpp
index 9daea515e5..25d18fa11f 100644
--- a/indra/newview/llappviewerwin32.cpp
+++ b/indra/newview/llappviewerwin32.cpp
@@ -599,9 +599,6 @@ bool LLAppViewerWin32::init()
#if ! defined(LL_BUGSPLAT)
#pragma message("Building without BugSplat")
- LLAppViewer* pApp = LLAppViewer::instance();
- pApp->initCrashReporting();
-
#else // LL_BUGSPLAT
#pragma message("Building with BugSplat")
@@ -846,57 +843,6 @@ bool LLAppViewerWin32::restoreErrorTrap()
return true; // we don't check for handler collisions on windows, so just say they're ok
}
-void LLAppViewerWin32::initCrashReporting(bool reportFreeze)
-{
- if (isSecondInstance()) return; //BUG-5707 do not start another crash reporter for second instance.
-
- const char* logger_name = "win_crash_logger.exe";
- std::string exe_path = gDirUtilp->getExecutableDir();
- exe_path += gDirUtilp->getDirDelimiter();
- exe_path += logger_name;
-
- std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, "");
- std::string appname = gDirUtilp->getExecutableFilename();
-
- S32 slen = logdir.length() -1;
- S32 end = slen;
- while (logdir.at(end) == '/' || logdir.at(end) == '\\') end--;
-
- if (slen !=end)
- {
- logdir = logdir.substr(0,end+1);
- }
- //std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid());
- //_spawnl(_P_NOWAIT, exe_path.c_str(), arg_str.c_str(), NULL);
- std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid());
-
- STARTUPINFO startInfo={sizeof(startInfo)};
- PROCESS_INFORMATION processInfo;
-
- std::wstring exe_wstr;
- exe_wstr = utf8str_to_utf16str(exe_path);
-
- std::wstring arg_wstr;
- arg_wstr = utf8str_to_utf16str(arg_str);
-
- LL_INFOS("CrashReport") << "Creating crash reporter process " << exe_path << " with params: " << arg_str << LL_ENDL;
- if(CreateProcess(exe_wstr.c_str(),
- &arg_wstr[0], // Application arguments
- 0,
- 0,
- FALSE,
- CREATE_DEFAULT_ERROR_MODE,
- 0,
- 0, // Working directory
- &startInfo,
- &processInfo) == FALSE)
- // Could not start application -> call 'GetLastError()'
- {
- LL_WARNS("CrashReport") << "CreateProcess failed " << GetLastError() << LL_ENDL;
- return;
- }
-}
-
//virtual
bool LLAppViewerWin32::sendURLToOtherInstance(const std::string& url)
{
diff --git a/indra/newview/llappviewerwin32.h b/indra/newview/llappviewerwin32.h
index 83ae875a15..82b6b0c77c 100644
--- a/indra/newview/llappviewerwin32.h
+++ b/indra/newview/llappviewerwin32.h
@@ -51,9 +51,8 @@ protected:
bool initHardwareTest() override; // Win32 uses DX9 to test hardware.
bool initParseCommandLine(LLCommandLineParser& clp) override;
- bool beingDebugged() override;
- bool restoreErrorTrap() override;
- void initCrashReporting(bool reportFreeze) override;
+ virtual bool beingDebugged();
+ virtual bool restoreErrorTrap();
bool sendURLToOtherInstance(const std::string& url) override;
diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp
index b9259cb18d..aba8ca5a4a 100644
--- a/indra/newview/llsecapi.cpp
+++ b/indra/newview/llsecapi.cpp
@@ -75,6 +75,12 @@ void initializeSecHandler()
}
}
+
+void clearSecHandler()
+{
+ gSecAPIHandler = NULL;
+ gHandlerMap.clear();
+}
// start using a given security api handler. If the string is empty
// the default is used
LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type)
diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h
index 14059f828a..410737b27f 100644
--- a/indra/newview/llsecapi.h
+++ b/indra/newview/llsecapi.h
@@ -452,7 +452,7 @@ public:
virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0;
// instantiate a chain from an X509_STORE_CTX
- virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0;
+ virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0;
// instantiate a cert store given it's id. if a persisted version
// exists, it'll be loaded. If not, one will be created (but not
@@ -533,6 +533,8 @@ public:
};
void initializeSecHandler();
+
+void clearSecHandler();
// retrieve a security api depending on the api type
LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type);
diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp
index 19db020a31..b4853d270a 100644
--- a/indra/newview/llsechandler_basic.cpp
+++ b/indra/newview/llsechandler_basic.cpp
@@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert,
LLBasicCertificate::LLBasicCertificate(X509* pCert,
const LLSD* validation_params)
{
- if (!pCert || !pCert->cert_info)
+ if (!pCert)
{
LLTHROW(LLInvalidCertificate(LLSD::emptyMap()));
}
@@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name)
char buffer[32];
X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index);
- std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
- M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
+ std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
+ ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry);
OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0);
@@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const
// LLBasicCertificateChain
// This class represents a chain of certs, each cert being signed by the next cert
// in the chain. Certs must be properly signed by the parent
-LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store)
+LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store)
{
// we're passed in a context, which contains a cert, and a blob of untrusted
// certificates which compose the chain.
- if((store == NULL) || (store->cert == NULL))
+ if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL)
{
LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL;
return;
}
// grab the child cert
- LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert);
+ LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store));
add(current);
- if(store->untrusted != NULL)
+ if(X509_STORE_CTX_get0_untrusted(store) != NULL)
{
// if there are other certs in the chain, we build up a vector
// of untrusted certs so we can search for the parents of each
// consecutive cert.
LLBasicCertificateVector untrusted_certs;
- for(int i = 0; i < sk_X509_num(store->untrusted); i++)
+ for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++)
{
- LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i));
+ LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i));
untrusted_certs.add(cert);
}
@@ -1348,9 +1348,10 @@ void LLSecAPIBasicHandler::_readProtectedData()
// read in the rest of the file.
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL);
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ // todo: ctx error handling
+
+ EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL);
// allocate memory:
std::string decrypted_data;
@@ -1358,14 +1359,14 @@ void LLSecAPIBasicHandler::_readProtectedData()
// read data as a block:
protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE);
- EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length,
+ EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length,
buffer, protected_data_stream.gcount());
decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount());
}
// RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is
// no block padding.
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
std::istringstream parse_stream(decrypted_data);
if (parser->parse(parse_stream, mProtectedDataMap,
LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE)
@@ -1401,12 +1402,14 @@ void LLSecAPIBasicHandler::_writeProtectedData()
llofstream protected_data_stream(tmp_filename.c_str(),
std::ios_base::binary);
+ EVP_CIPHER_CTX *ctx = NULL;
try
{
- EVP_CIPHER_CTX ctx;
- EVP_CIPHER_CTX_init(&ctx);
- EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL);
+ ctx = EVP_CIPHER_CTX_new();
+ // todo: ctx error handling
+
+ EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL);
unsigned char unique_id[MAC_ADDRESS_BYTES];
LLMachineID::getUniqueID(unique_id, sizeof(unique_id));
LLXORCipher cipher(unique_id, sizeof(unique_id));
@@ -1421,13 +1424,13 @@ void LLSecAPIBasicHandler::_writeProtectedData()
break;
}
int encrypted_length;
- EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length,
+ EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length,
buffer, formatted_data_istream.gcount());
protected_data_stream.write((const char *)encrypted_buffer, encrypted_length);
}
// no EVP_EncrypteFinal, as this is a stream cipher
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
protected_data_stream.close();
}
@@ -1439,6 +1442,11 @@ void LLSecAPIBasicHandler::_writeProtectedData()
// it may be, however.
LLFile::remove(tmp_filename);
+ if (ctx)
+ {
+ EVP_CIPHER_CTX_free(ctx);
+ }
+
// EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData()
// Decided throwing an exception here was overkill until we figure out why this happens
//LLTHROW(LLProtectedDataException("Error writing Protected Data Store"));
@@ -1491,7 +1499,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert
}
// instantiate a chain from an X509_STORE_CTX
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain)
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain)
{
LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain);
return result;
diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h
index 0bc7f5230f..82670f9083 100644
--- a/indra/newview/llsechandler_basic.h
+++ b/indra/newview/llsechandler_basic.h
@@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public
{
public:
- LLBasicCertificateChain(const X509_STORE_CTX * store);
+ LLBasicCertificateChain(X509_STORE_CTX * store);
virtual ~LLBasicCertificateChain() {}
@@ -241,7 +241,7 @@ public:
virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert);
// instantiate a chain from an X509_STORE_CTX
- virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain);
+ virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain);
// instantiate a cert store given it's id. if a persisted version
// exists, it'll be loaded. If not, one will be created (but not
diff --git a/indra/newview/slplugin.entitlements b/indra/newview/slplugin.entitlements
new file mode 100644
index 0000000000..a1c430a57a
--- /dev/null
+++ b/indra/newview/slplugin.entitlements
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+ <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+ <true/>
+</dict>
+</plist>
diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp
index caa3016d2e..37fbbb449b 100644
--- a/indra/newview/tests/llsecapi_test.cpp
+++ b/indra/newview/tests/llsecapi_test.cpp
@@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {}
LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {}
LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; }
LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; }
-LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; }
+LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; }
LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; }
void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {}
void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {}
diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp
index e5d226a2a4..4c8d6c51b0 100644
--- a/indra/newview/tests/llsechandler_basic_test.cpp
+++ b/indra/newview/tests/llsechandler_basic_test.cpp
@@ -1217,8 +1217,8 @@ namespace tut
// Single cert in the chain.
X509_STORE_CTX *test_store = X509_STORE_CTX_new();
- test_store->cert = mX509ChildCert;
- test_store->untrusted = NULL;
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, NULL);
test_chain = new LLBasicCertificateChain(test_store);
X509_STORE_CTX_free(test_store);
ensure_equals("two elements in store", test_chain->size(), 1);
@@ -1229,9 +1229,9 @@ namespace tut
// cert + CA
test_store = X509_STORE_CTX_new();
- test_store->cert = mX509ChildCert;
- test_store->untrusted = sk_X509_new_null();
- sk_X509_push(test_store->untrusted, mX509IntermediateCert);
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
test_chain = new LLBasicCertificateChain(test_store);
X509_STORE_CTX_free(test_store);
ensure_equals("two elements in store", test_chain->size(), 2);
@@ -1245,9 +1245,9 @@ namespace tut
// cert + nonrelated
test_store = X509_STORE_CTX_new();
- test_store->cert = mX509ChildCert;
- test_store->untrusted = sk_X509_new_null();
- sk_X509_push(test_store->untrusted, mX509TestCert);
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
test_chain = new LLBasicCertificateChain(test_store);
X509_STORE_CTX_free(test_store);
ensure_equals("two elements in store", test_chain->size(), 1);
@@ -1257,10 +1257,10 @@ namespace tut
// cert + CA + nonrelated
test_store = X509_STORE_CTX_new();
- test_store->cert = mX509ChildCert;
- test_store->untrusted = sk_X509_new_null();
- sk_X509_push(test_store->untrusted, mX509IntermediateCert);
- sk_X509_push(test_store->untrusted, mX509TestCert);
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert);
test_chain = new LLBasicCertificateChain(test_store);
X509_STORE_CTX_free(test_store);
ensure_equals("two elements in store", test_chain->size(), 2);
@@ -1273,10 +1273,10 @@ namespace tut
// cert + intermediate + CA
test_store = X509_STORE_CTX_new();
- test_store->cert = mX509ChildCert;
- test_store->untrusted = sk_X509_new_null();
- sk_X509_push(test_store->untrusted, mX509IntermediateCert);
- sk_X509_push(test_store->untrusted, mX509RootCert);
+ X509_STORE_CTX_set_cert(test_store, mX509ChildCert);
+ X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null());
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert);
+ sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert);
test_chain = new LLBasicCertificateChain(test_store);
X509_STORE_CTX_free(test_store);
ensure_equals("three elements in store", test_chain->size(), 3);
diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py
index 7e24c1f800..07c88b500b 100755
--- a/indra/newview/viewer_manifest.py
+++ b/indra/newview/viewer_manifest.py
@@ -547,9 +547,13 @@ class WindowsManifest(ViewerManifest):
self.path("vivoxsdk.dll")
self.path("ortp.dll")
- # Security
- self.path("ssleay32.dll")
- self.path("libeay32.dll")
+ # OpenSSL
+ if (self.address_size == 64):
+ self.path("libcrypto-1_1-x64.dll")
+ self.path("libssl-1_1-x64.dll")
+ else:
+ self.path("libcrypto-1_1.dll")
+ self.path("libssl-1_1.dll")
# HTTP/2
self.path("nghttp2.dll")
@@ -1019,7 +1023,6 @@ class DarwinManifest(ViewerManifest):
"libapr-1.0.dylib",
"libaprutil-1.0.dylib",
"libexpat.1.dylib",
- "libexception_handler.dylib",
"libGLOD.dylib",
# libnghttp2.dylib is a symlink to
# libnghttp2.major.dylib, which is a symlink to
@@ -1288,14 +1291,19 @@ class DarwinManifest(ViewerManifest):
signed=False
sign_attempts=3
sign_retry_wait=15
+ libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib"
+ cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib"
+ slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin"
+ greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so"
while (not signed) and (sign_attempts > 0):
try:
- sign_attempts-=1;
- self.run_command(
- # Note: See blurb above about names of keychains
- ['codesign', '--verbose', '--deep', '--force',
- '--keychain', viewer_keychain, '--sign', identity,
- app_in_dmg])
+ sign_attempts-=1
+ # Note: See blurb above about names of keychains
+ self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path])
+ self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path])
+ self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, greenlet_path])
+ self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path])
+ self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg])
signed=True # if no exception was raised, the codesign worked
except ManifestError as err:
if sign_attempts:
@@ -1306,6 +1314,7 @@ class DarwinManifest(ViewerManifest):
print >> sys.stderr, "Maximum codesign attempts exceeded; giving up"
raise
self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg])
+ self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg])
finally:
# Unmount the image even if exceptions from any of the above
@@ -1358,7 +1367,7 @@ class LinuxManifest(ViewerManifest):
with self.prefix(dst="bin"):
self.path("secondlife-bin","do-not-directly-run-secondlife-bin")
self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin")
- self.path2basename("../llplugin/slplugin", "SLPlugin")
+ self.path2basename("../llplugin/slplugin", "SLPlugin")
#this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323
with self.prefix(src="../viewer_components/manager", dst=""):
self.path("*.py")