diff options
Diffstat (limited to 'indra/newview')
-rw-r--r-- | indra/newview/CMakeLists.txt | 79 | ||||
-rwxr-xr-x | indra/newview/generate_breakpad_symbols.py | 166 | ||||
-rwxr-xr-x | indra/newview/installers/darwin/apple-notarize.sh | 54 | ||||
-rw-r--r-- | indra/newview/llappviewer.cpp | 6 | ||||
-rw-r--r-- | indra/newview/llappviewer.h | 1 | ||||
-rw-r--r-- | indra/newview/llappviewermacosx.cpp | 31 | ||||
-rw-r--r-- | indra/newview/llappviewermacosx.h | 1 | ||||
-rw-r--r-- | indra/newview/llappviewerwin32.cpp | 54 | ||||
-rw-r--r-- | indra/newview/llappviewerwin32.h | 5 | ||||
-rw-r--r-- | indra/newview/llsecapi.cpp | 6 | ||||
-rw-r--r-- | indra/newview/llsecapi.h | 4 | ||||
-rw-r--r-- | indra/newview/llsechandler_basic.cpp | 48 | ||||
-rw-r--r-- | indra/newview/llsechandler_basic.h | 4 | ||||
-rw-r--r-- | indra/newview/slplugin.entitlements | 8 | ||||
-rw-r--r-- | indra/newview/tests/llsecapi_test.cpp | 2 | ||||
-rw-r--r-- | indra/newview/tests/llsechandler_basic_test.cpp | 32 | ||||
-rwxr-xr-x | indra/newview/viewer_manifest.py | 31 |
17 files changed, 154 insertions, 378 deletions
diff --git a/indra/newview/CMakeLists.txt b/indra/newview/CMakeLists.txt index 87caca56af..68b5969ff1 100644 --- a/indra/newview/CMakeLists.txt +++ b/indra/newview/CMakeLists.txt @@ -1835,10 +1835,6 @@ if (WINDOWS) ${CMAKE_CURRENT_SOURCE_DIR}/licenses-win32.txt ${CMAKE_CURRENT_SOURCE_DIR}/featuretable.txt ${CMAKE_CURRENT_SOURCE_DIR}/featuretable_xp.txt - ${ARCH_PREBUILT_DIRS_RELEASE}/libeay32.dll - ${ARCH_PREBUILT_DIRS_RELEASE}/ssleay32.dll - ${ARCH_PREBUILT_DIRS_DEBUG}/libeay32.dll - ${ARCH_PREBUILT_DIRS_DEBUG}/ssleay32.dll ${viewer_APPSETTINGS_FILES} SLPlugin media_plugin_cef @@ -1855,11 +1851,15 @@ if (WINDOWS) list(APPEND COPY_INPUT_DEPENDENCIES ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk_x64.dll ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp_x64.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1-x64.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1-x64.dll ) else (ADDRESS_SIZE EQUAL 64) list(APPEND COPY_INPUT_DEPENDENCIES ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/vivoxsdk.dll ${SHARED_LIB_STAGING_DIR}/${CMAKE_CFG_INTDIR}/ortp.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libcrypto-1_1.dll + ${ARCH_PREBUILT_DIRS_RELEASE}/libssl-1_1.dll ) endif (ADDRESS_SIZE EQUAL 64) @@ -1913,11 +1913,9 @@ if (WINDOWS) add_dependencies(${VIEWER_BINARY_NAME} copy_win_scripts) endif (EXISTS ${CMAKE_SOURCE_DIR}/copy_win_scripts) - add_dependencies(${VIEWER_BINARY_NAME} SLPlugin) - - if (NOT USE_BUGSPLAT) - add_dependencies(${VIEWER_BINARY_NAME} windows-crash-logger) - endif (NOT USE_BUGSPLAT) + add_dependencies(${VIEWER_BINARY_NAME} + SLPlugin + ) # sets the 'working directory' for debugging from visual studio. # Condition for version can be moved to requirements once build agents will be updated (see TOOL-3865) @@ -2226,10 +2224,6 @@ if (DARWIN) add_dependencies(${VIEWER_BINARY_NAME} SLPlugin media_plugin_libvlc media_plugin_cef) - if (NOT USE_BUGSPLAT) - add_dependencies(${VIEWER_BINARY_NAME} mac-crash-logger) - endif (NOT USE_BUGSPLAT) - if (ENABLE_SIGNING) set(SIGNING_SETTING "--signature=${SIGNING_IDENTITY}") else (ENABLE_SIGNING) @@ -2271,62 +2265,7 @@ endif (INSTALL) # Note that the conventional VIEWER_SYMBOL_FILE is set by ../../build.sh if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIEWER_SYMBOL_FILE) - if (NOT USE_BUGSPLAT) - # Breakpad symbol-file generation - set(SYMBOL_SEARCH_DIRS "") - if (WINDOWS) - list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}") - # slplugin.exe failing symbols dump - need to debug, might have to do with updated version of google breakpad - # set(VIEWER_EXE_GLOBS "${VIEWER_BINARY_NAME}${CMAKE_EXECUTABLE_SUFFIX} slplugin.exe") - set(VIEWER_EXE_GLOBS "${VIEWER_BINARY_NAME}${CMAKE_EXECUTABLE_SUFFIX}") - set(VIEWER_LIB_GLOB "*${CMAKE_SHARED_MODULE_SUFFIX}") - set(VIEWER_COPY_MANIFEST copy_w_viewer_manifest) - endif (WINDOWS) - if (DARWIN) - list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/${CMAKE_CFG_INTDIR}") - # *TODO: Generate these search dirs in the cmake files related to each binary. - list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/llplugin/slplugin/${CMAKE_CFG_INTDIR}") - list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/mac_crash_logger/${CMAKE_CFG_INTDIR}") - list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_BINARY_DIR}/media_plugins/gstreamer010/${CMAKE_CFG_INTDIR}") - set(VIEWER_EXE_GLOBS "'${product}' SLPlugin") - set(VIEWER_EXE_GLOBS "'${product}' mac-crash-logger") - set(VIEWER_LIB_GLOB "*.dylib") - endif (DARWIN) - if (LINUX) - list(APPEND SYMBOL_SEARCH_DIRS "${CMAKE_CURRENT_BINARY_DIR}/packaged") - set(VIEWER_EXE_GLOBS "do-not-directly-run-secondlife-bin SLPlugin") - set(VIEWER_EXE_GLOBS "do-not-directly-run-secondlife-bin") - set(VIEWER_LIB_GLOB "*${CMAKE_SHARED_MODULE_SUFFIX}*") - set(VIEWER_COPY_MANIFEST copy_l_viewer_manifest) - endif (LINUX) - - if(CMAKE_CFG_INTDIR STREQUAL ".") - set(LLBUILD_CONFIG ${CMAKE_BUILD_TYPE}) - else(CMAKE_CFG_INTDIR STREQUAL ".") - # set LLBUILD_CONFIG to be a shell variable evaluated at build time - # reflecting the configuration we are currently building. - set(LLBUILD_CONFIG ${CMAKE_CFG_INTDIR}) - endif(CMAKE_CFG_INTDIR STREQUAL ".") - add_custom_command(OUTPUT "${VIEWER_SYMBOL_FILE}" - COMMAND "${PYTHON_EXECUTABLE}" - ARGS - "${CMAKE_CURRENT_SOURCE_DIR}/generate_breakpad_symbols.py" - "${LLBUILD_CONFIG}" - "${SYMBOL_SEARCH_DIRS}" - "${VIEWER_EXE_GLOBS}" - "${VIEWER_LIB_GLOB}" - "${AUTOBUILD_INSTALL_DIR}/bin/dump_syms" - "${VIEWER_SYMBOL_FILE}" - DEPENDS generate_breakpad_symbols.py - VERBATIM) - - add_custom_target(generate_symbols DEPENDS "${VIEWER_SYMBOL_FILE}" ${VIEWER_BINARY_NAME} "${VIEWER_COPY_MANIFEST}") - add_dependencies(generate_symbols ${VIEWER_BINARY_NAME}) - if (WINDOWS OR LINUX) - add_dependencies(generate_symbols "${VIEWER_COPY_MANIFEST}") - endif (WINDOWS OR LINUX) - - else (NOT USE_BUGSPLAT) + if (BUGSPLAT_DB) # BugSplat symbol-file generation if (WINDOWS) # Just pack up a tarball containing only the .pdb file for the @@ -2410,7 +2349,7 @@ if (PACKAGE AND (RELEASE_CRASH_REPORTING OR NON_RELEASE_CRASH_REPORTING) AND VIE if (LINUX) # TBD endif (LINUX) - endif (NOT USE_BUGSPLAT) + endif (BUGSPLAT_DB) # for both Bugsplat and Breakpad add_dependencies(llpackage generate_symbols) diff --git a/indra/newview/generate_breakpad_symbols.py b/indra/newview/generate_breakpad_symbols.py deleted file mode 100755 index d351c406bc..0000000000 --- a/indra/newview/generate_breakpad_symbols.py +++ /dev/null @@ -1,166 +0,0 @@ -#!/usr/bin/env python -"""\ -@file generate_breakpad_symbols.py -@author Brad Kittenbrink <brad@lindenlab.com> -@brief Simple tool for generating google_breakpad symbol information - for the crash reporter. - -$LicenseInfo:firstyear=2010&license=viewerlgpl$ -Second Life Viewer Source Code -Copyright (C) 2010-2011, Linden Research, Inc. - -This library is free software; you can redistribute it and/or -modify it under the terms of the GNU Lesser General Public -License as published by the Free Software Foundation; -version 2.1 of the License only. - -This library is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -Lesser General Public License for more details. - -You should have received a copy of the GNU Lesser General Public -License along with this library; if not, write to the Free Software -Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -Linden Research, Inc., 945 Battery Street, San Francisco, CA 94111 USA -$/LicenseInfo$ -""" - - -import collections -import fnmatch -import itertools -import os -import re -import sys -import shlex -import subprocess -import tarfile -import StringIO -import pprint - -DEBUG=False - -def usage(): - print >>sys.stderr, "usage: %s search_dirs viewer_exes libs_suffix dump_syms_tool viewer_symbol_file" % sys.argv[0] - -class MissingModuleError(Exception): - def __init__(self, modules): - Exception.__init__(self, "Failed to find required modules: %r" % modules) - self.modules = modules - -def main(configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file): - print "generate_breakpad_symbols run with args: %s" % str((configuration, search_dirs, viewer_exes, libs_suffix, dump_syms_tool, viewer_symbol_file)) - - if not re.match("release", configuration, re.IGNORECASE): - print "skipping breakpad symbol generation for non-release build." - return 0 - - # split up list of viewer_exes - # "'Second Life' SLPlugin" becomes ['Second Life', 'SLPlugin'] - viewer_exes = shlex.split(viewer_exes) - - found_required = dict([(module, False) for module in viewer_exes]) - - def matches(f): - if f in viewer_exes: - found_required[f] = True - return True - return fnmatch.fnmatch(f, libs_suffix) - - search_dirs = search_dirs.split(";") - - def list_files(): - for search_dir in search_dirs: - for (dirname, subdirs, filenames) in os.walk(search_dir): - if DEBUG: - print "scanning '%s' for modules..." % dirname - for f in itertools.ifilter(matches, filenames): - yield os.path.join(dirname, f) - - def dump_module(m): - print "dumping module '%s' with '%s'..." % (m, dump_syms_tool) - dsym_full_path = m - child = subprocess.Popen([dump_syms_tool, dsym_full_path] , stdout=subprocess.PIPE) - out, err = child.communicate() - return (m,child.returncode, out, err) - - - modules = {} - - for m in list_files(): - if DEBUG: - print "examining module '%s' ... " % m, - filename=os.path.basename(m) - if -1 != m.find("DWARF"): - # Just use this module; it has the symbols we want. - modules[filename] = m - if DEBUG: - print "found dSYM entry" - elif filename not in modules: - # Only use this if we don't already have a (possibly better) entry. - modules[filename] = m - if DEBUG: - print "found new entry" - elif DEBUG: - print "ignoring entry" - - - print "Found these following modules:" - pprint.pprint( modules ) - - out = tarfile.open(viewer_symbol_file, 'w:bz2') - for (filename,status,symbols,err) in itertools.imap(dump_module, modules.values()): - if status == 0: - module_line = symbols[:symbols.index('\n')] - module_line = module_line.split() - hash_id = module_line[3] - module = ' '.join(module_line[4:]) - if sys.platform in ['win32', 'cygwin']: - mod_name = module[:module.rindex('.pdb')] - else: - mod_name = module - symbolfile = StringIO.StringIO(symbols) - info = tarfile.TarInfo("%(module)s/%(hash_id)s/%(mod_name)s.sym" % dict(module=module, hash_id=hash_id, mod_name=mod_name)) - info.size = symbolfile.len - out.addfile(info, symbolfile) - else: - print >>sys.stderr, "warning: failed to dump symbols for '%s': %s" % (filename, err) - - out.close() - - missing_modules = [m for (m,_) in - itertools.ifilter(lambda (k,v): not v, found_required.iteritems()) - ] - if missing_modules: - print >> sys.stderr, "failed to generate %s" % viewer_symbol_file - os.remove(viewer_symbol_file) - raise MissingModuleError(missing_modules) - - symbols = tarfile.open(viewer_symbol_file, 'r:bz2') - tarfile_members = symbols.getnames() - symbols.close() - - for required_module in viewer_exes: - def match_module_basename(m): - return os.path.splitext(required_module)[0].lower() \ - == os.path.splitext(os.path.basename(m))[0].lower() - # there must be at least one .sym file in tarfile_members that matches - # each required module (ignoring file extensions) - if not any(itertools.imap(match_module_basename, tarfile_members)): - print >> sys.stderr, "failed to find required %s in generated %s" \ - % (required_module, viewer_symbol_file) - os.remove(viewer_symbol_file) - raise MissingModuleError([required_module]) - - print "successfully generated %s including required modules '%s'" % (viewer_symbol_file, viewer_exes) - - return 0 - -if __name__ == "__main__": - if len(sys.argv) != 7: - usage() - sys.exit(1) - sys.exit(main(*sys.argv[1:])) - diff --git a/indra/newview/installers/darwin/apple-notarize.sh b/indra/newview/installers/darwin/apple-notarize.sh new file mode 100755 index 0000000000..466898ecda --- /dev/null +++ b/indra/newview/installers/darwin/apple-notarize.sh @@ -0,0 +1,54 @@ +#!/bin/sh +if [[ $SKIP_NOTARIZATION == "true" ]]; then + echo "Skipping notarization" + exit 0 +fi + +CONFIG_FILE="$build_secrets_checkout/code-signing-osx/notarize_creds.sh" +if [ -f "$CONFIG_FILE" ]; then + source $CONFIG_FILE + app_file="$1" + zip_file=${app_file/app/zip} + ditto -c -k --keepParent "$app_file" "$zip_file" + if [ -f "$zip_file" ]; then + res=$(xcrun altool --notarize-app --primary-bundle-id "com.secondlife.viewer" \ + --username $USERNAME \ + --password $PASSWORD \ + --asc-provider $ASC_PROVIDER \ + --file "$zip_file" 2>&1) + requestUUID=$(echo $res | awk '/RequestUUID/ { print $NF; }') + + echo "Apple Notarization RequestUUID: $requestUUID" + + if [[ -n $requestUUID ]]; then + status="in progress" + while [[ "$status" == "in progress" ]]; do + sleep 30 + status=$(xcrun altool --notarization-info "$requestUUID" \ + --username $USERNAME \ + --password $PASSWORD 2>&1 \ + | awk -F ': ' '/Status:/ { print $2; }' ) + echo "$status" + done + # log results + xcrun altool --notarization-info "$requestUUID" \ + --username $USERNAME \ + --password $PASSWORD + + #remove temporary file + rm "$zip_file" + + if [["$status" == "success"]]; then + xcrun stapler staple "$app_file" + elif [["$status" == "invalid"]]; then + echo "Notarization error: failed to process the app file" + exit 1 + fi + else + echo "Notarization error: couldn't get request UUID" + echo $res + exit 1 + fi + fi +fi + diff --git a/indra/newview/llappviewer.cpp b/indra/newview/llappviewer.cpp index 891722e1bd..69606793db 100644 --- a/indra/newview/llappviewer.cpp +++ b/indra/newview/llappviewer.cpp @@ -739,7 +739,7 @@ LLAppViewer::LLAppViewer() std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, ""); # endif // ! LL_BUGSPLAT mDumpPath = logdir; - setMiniDumpDir(logdir); + setDebugFileNames(logdir); } @@ -2006,7 +2006,9 @@ bool LLAppViewer::cleanup() if (LLConversationLog::instanceExists()) { LLConversationLog::instance().cache(); - } + } + + clearSecHandler(); if (mPurgeCacheOnExit) { diff --git a/indra/newview/llappviewer.h b/indra/newview/llappviewer.h index 0afb70958c..95f6efa29a 100644 --- a/indra/newview/llappviewer.h +++ b/indra/newview/llappviewer.h @@ -109,7 +109,6 @@ public: virtual bool restoreErrorTrap() = 0; // Require platform specific override to reset error handling mechanism. // return false if the error trap needed restoration. - virtual void initCrashReporting(bool reportFreeze = false) = 0; // What to do with crash report? static void handleViewerCrash(); // Hey! The viewer crashed. Do this, soon. void checkForCrash(); diff --git a/indra/newview/llappviewermacosx.cpp b/indra/newview/llappviewermacosx.cpp index 42946e4415..aa932f9c89 100644 --- a/indra/newview/llappviewermacosx.cpp +++ b/indra/newview/llappviewermacosx.cpp @@ -222,14 +222,7 @@ LLAppViewerMacOSX::~LLAppViewerMacOSX() bool LLAppViewerMacOSX::init() { - bool success = LLAppViewer::init(); - - if (success) - { - LLAppViewer* pApp = LLAppViewer::instance(); - pApp->initCrashReporting(); - } - return success; + return LLAppViewer::init(); } // MacOSX may add and addition command line arguement for the process serial number. @@ -347,28 +340,6 @@ bool LLAppViewerMacOSX::restoreErrorTrap() return reset_count == 0; } -void LLAppViewerMacOSX::initCrashReporting(bool reportFreeze) -{ -#if defined LL_BUGSPLAT - LL_DEBUGS("InitOSX", "Bugsplat") << "using BugSplat crash logger" << LL_ENDL; -#elif LL_SEND_CRASH_REPORTS - LL_DEBUGS("InitOSX") << "Initializing legacy crash logger" << LL_ENDL; - std::string command_str = "mac-crash-logger.app"; - - std::stringstream pid_str; - pid_str << LLApp::getPid(); - std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, ""); - std::string appname = gDirUtilp->getExecutableFilename(); - std::string str[] = { "-pid", pid_str.str(), "-dumpdir", logdir, "-procname", appname.c_str() }; - std::vector< std::string > args( str, str + ( sizeof ( str ) / sizeof ( std::string ) ) ); - LL_WARNS() << "about to launch mac-crash-logger" << pid_str.str() - << " " << logdir << " " << appname << LL_ENDL; - launchApplication(&command_str, &args); -#else - LL_DEBUGS("InitOSX") << "No crash logger enabled" << LL_ENDL; -#endif // ! LL_BUGSPLAT -} - std::string LLAppViewerMacOSX::generateSerialNumber() { char serial_md5[MD5HEX_STR_SIZE]; // Flawfinder: ignore diff --git a/indra/newview/llappviewermacosx.h b/indra/newview/llappviewermacosx.h index d5a80864be..b0e325a955 100644 --- a/indra/newview/llappviewermacosx.h +++ b/indra/newview/llappviewermacosx.h @@ -44,7 +44,6 @@ public: protected: virtual bool restoreErrorTrap(); - virtual void initCrashReporting(bool reportFreeze); std::string generateSerialNumber(); virtual bool initParseCommandLine(LLCommandLineParser& clp); diff --git a/indra/newview/llappviewerwin32.cpp b/indra/newview/llappviewerwin32.cpp index 9daea515e5..25d18fa11f 100644 --- a/indra/newview/llappviewerwin32.cpp +++ b/indra/newview/llappviewerwin32.cpp @@ -599,9 +599,6 @@ bool LLAppViewerWin32::init() #if ! defined(LL_BUGSPLAT) #pragma message("Building without BugSplat") - LLAppViewer* pApp = LLAppViewer::instance(); - pApp->initCrashReporting(); - #else // LL_BUGSPLAT #pragma message("Building with BugSplat") @@ -846,57 +843,6 @@ bool LLAppViewerWin32::restoreErrorTrap() return true; // we don't check for handler collisions on windows, so just say they're ok } -void LLAppViewerWin32::initCrashReporting(bool reportFreeze) -{ - if (isSecondInstance()) return; //BUG-5707 do not start another crash reporter for second instance. - - const char* logger_name = "win_crash_logger.exe"; - std::string exe_path = gDirUtilp->getExecutableDir(); - exe_path += gDirUtilp->getDirDelimiter(); - exe_path += logger_name; - - std::string logdir = gDirUtilp->getExpandedFilename(LL_PATH_DUMP, ""); - std::string appname = gDirUtilp->getExecutableFilename(); - - S32 slen = logdir.length() -1; - S32 end = slen; - while (logdir.at(end) == '/' || logdir.at(end) == '\\') end--; - - if (slen !=end) - { - logdir = logdir.substr(0,end+1); - } - //std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid()); - //_spawnl(_P_NOWAIT, exe_path.c_str(), arg_str.c_str(), NULL); - std::string arg_str = "\"" + exe_path + "\" -dumpdir \"" + logdir + "\" -procname \"" + appname + "\" -pid " + stringize(LLApp::getPid()); - - STARTUPINFO startInfo={sizeof(startInfo)}; - PROCESS_INFORMATION processInfo; - - std::wstring exe_wstr; - exe_wstr = utf8str_to_utf16str(exe_path); - - std::wstring arg_wstr; - arg_wstr = utf8str_to_utf16str(arg_str); - - LL_INFOS("CrashReport") << "Creating crash reporter process " << exe_path << " with params: " << arg_str << LL_ENDL; - if(CreateProcess(exe_wstr.c_str(), - &arg_wstr[0], // Application arguments - 0, - 0, - FALSE, - CREATE_DEFAULT_ERROR_MODE, - 0, - 0, // Working directory - &startInfo, - &processInfo) == FALSE) - // Could not start application -> call 'GetLastError()' - { - LL_WARNS("CrashReport") << "CreateProcess failed " << GetLastError() << LL_ENDL; - return; - } -} - //virtual bool LLAppViewerWin32::sendURLToOtherInstance(const std::string& url) { diff --git a/indra/newview/llappviewerwin32.h b/indra/newview/llappviewerwin32.h index 83ae875a15..82b6b0c77c 100644 --- a/indra/newview/llappviewerwin32.h +++ b/indra/newview/llappviewerwin32.h @@ -51,9 +51,8 @@ protected: bool initHardwareTest() override; // Win32 uses DX9 to test hardware. bool initParseCommandLine(LLCommandLineParser& clp) override; - bool beingDebugged() override; - bool restoreErrorTrap() override; - void initCrashReporting(bool reportFreeze) override; + virtual bool beingDebugged(); + virtual bool restoreErrorTrap(); bool sendURLToOtherInstance(const std::string& url) override; diff --git a/indra/newview/llsecapi.cpp b/indra/newview/llsecapi.cpp index b9259cb18d..aba8ca5a4a 100644 --- a/indra/newview/llsecapi.cpp +++ b/indra/newview/llsecapi.cpp @@ -75,6 +75,12 @@ void initializeSecHandler() } } + +void clearSecHandler() +{ + gSecAPIHandler = NULL; + gHandlerMap.clear(); +} // start using a given security api handler. If the string is empty // the default is used LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type) diff --git a/indra/newview/llsecapi.h b/indra/newview/llsecapi.h index 14059f828a..410737b27f 100644 --- a/indra/newview/llsecapi.h +++ b/indra/newview/llsecapi.h @@ -452,7 +452,7 @@ public: virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert)=0; // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain)=0; + virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain)=0; // instantiate a cert store given it's id. if a persisted version // exists, it'll be loaded. If not, one will be created (but not @@ -533,6 +533,8 @@ public: }; void initializeSecHandler(); + +void clearSecHandler(); // retrieve a security api depending on the api type LLPointer<LLSecAPIHandler> getSecHandler(const std::string& handler_type); diff --git a/indra/newview/llsechandler_basic.cpp b/indra/newview/llsechandler_basic.cpp index 19db020a31..b4853d270a 100644 --- a/indra/newview/llsechandler_basic.cpp +++ b/indra/newview/llsechandler_basic.cpp @@ -95,7 +95,7 @@ LLBasicCertificate::LLBasicCertificate(const std::string& pem_cert, LLBasicCertificate::LLBasicCertificate(X509* pCert, const LLSD* validation_params) { - if (!pCert || !pCert->cert_info) + if (!pCert) { LLTHROW(LLInvalidCertificate(LLSD::emptyMap())); } @@ -355,8 +355,8 @@ LLSD cert_name_from_X509_NAME(X509_NAME* name) char buffer[32]; X509_NAME_ENTRY *entry = X509_NAME_get_entry(name, entry_index); - std::string name_value = std::string((const char*)M_ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), - M_ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); + std::string name_value = std::string((const char*)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)), + ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry))); ASN1_OBJECT* name_obj = X509_NAME_ENTRY_get_object(entry); OBJ_obj2txt(buffer, sizeof(buffer), name_obj, 0); @@ -683,29 +683,29 @@ std::string LLBasicCertificateStore::storeId() const // LLBasicCertificateChain // This class represents a chain of certs, each cert being signed by the next cert // in the chain. Certs must be properly signed by the parent -LLBasicCertificateChain::LLBasicCertificateChain(const X509_STORE_CTX* store) +LLBasicCertificateChain::LLBasicCertificateChain(X509_STORE_CTX* store) { // we're passed in a context, which contains a cert, and a blob of untrusted // certificates which compose the chain. - if((store == NULL) || (store->cert == NULL)) + if((store == NULL) || X509_STORE_CTX_get0_cert(store) == NULL) { LL_WARNS("SECAPI") << "An invalid store context was passed in when trying to create a certificate chain" << LL_ENDL; return; } // grab the child cert - LLPointer<LLCertificate> current = new LLBasicCertificate(store->cert); + LLPointer<LLCertificate> current = new LLBasicCertificate(X509_STORE_CTX_get0_cert(store)); add(current); - if(store->untrusted != NULL) + if(X509_STORE_CTX_get0_untrusted(store) != NULL) { // if there are other certs in the chain, we build up a vector // of untrusted certs so we can search for the parents of each // consecutive cert. LLBasicCertificateVector untrusted_certs; - for(int i = 0; i < sk_X509_num(store->untrusted); i++) + for(int i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) { - LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(store->untrusted, i)); + LLPointer<LLCertificate> cert = new LLBasicCertificate(sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i)); untrusted_certs.add(cert); } @@ -1348,9 +1348,10 @@ void LLSecAPIBasicHandler::_readProtectedData() // read in the rest of the file. - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_DecryptInit(&ctx, EVP_rc4(), salt, NULL); + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + // todo: ctx error handling + + EVP_DecryptInit(ctx, EVP_rc4(), salt, NULL); // allocate memory: std::string decrypted_data; @@ -1358,14 +1359,14 @@ void LLSecAPIBasicHandler::_readProtectedData() // read data as a block: protected_data_stream.read((char *)buffer, BUFFER_READ_SIZE); - EVP_DecryptUpdate(&ctx, decrypted_buffer, &decrypted_length, + EVP_DecryptUpdate(ctx, decrypted_buffer, &decrypted_length, buffer, protected_data_stream.gcount()); decrypted_data.append((const char *)decrypted_buffer, protected_data_stream.gcount()); } // RC4 is a stream cipher, so we don't bother to EVP_DecryptFinal, as there is // no block padding. - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); std::istringstream parse_stream(decrypted_data); if (parser->parse(parse_stream, mProtectedDataMap, LLSDSerialize::SIZE_UNLIMITED) == LLSDParser::PARSE_FAILURE) @@ -1401,12 +1402,14 @@ void LLSecAPIBasicHandler::_writeProtectedData() llofstream protected_data_stream(tmp_filename.c_str(), std::ios_base::binary); + EVP_CIPHER_CTX *ctx = NULL; try { - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - EVP_EncryptInit(&ctx, EVP_rc4(), salt, NULL); + ctx = EVP_CIPHER_CTX_new(); + // todo: ctx error handling + + EVP_EncryptInit(ctx, EVP_rc4(), salt, NULL); unsigned char unique_id[MAC_ADDRESS_BYTES]; LLMachineID::getUniqueID(unique_id, sizeof(unique_id)); LLXORCipher cipher(unique_id, sizeof(unique_id)); @@ -1421,13 +1424,13 @@ void LLSecAPIBasicHandler::_writeProtectedData() break; } int encrypted_length; - EVP_EncryptUpdate(&ctx, encrypted_buffer, &encrypted_length, + EVP_EncryptUpdate(ctx, encrypted_buffer, &encrypted_length, buffer, formatted_data_istream.gcount()); protected_data_stream.write((const char *)encrypted_buffer, encrypted_length); } // no EVP_EncrypteFinal, as this is a stream cipher - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); protected_data_stream.close(); } @@ -1439,6 +1442,11 @@ void LLSecAPIBasicHandler::_writeProtectedData() // it may be, however. LLFile::remove(tmp_filename); + if (ctx) + { + EVP_CIPHER_CTX_free(ctx); + } + // EXP-1825 crash in LLSecAPIBasicHandler::_writeProtectedData() // Decided throwing an exception here was overkill until we figure out why this happens //LLTHROW(LLProtectedDataException("Error writing Protected Data Store")); @@ -1491,7 +1499,7 @@ LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert } // instantiate a chain from an X509_STORE_CTX -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { LLPointer<LLCertificateChain> result = new LLBasicCertificateChain(chain); return result; diff --git a/indra/newview/llsechandler_basic.h b/indra/newview/llsechandler_basic.h index 0bc7f5230f..82670f9083 100644 --- a/indra/newview/llsechandler_basic.h +++ b/indra/newview/llsechandler_basic.h @@ -197,7 +197,7 @@ class LLBasicCertificateChain : virtual public LLBasicCertificateVector, public { public: - LLBasicCertificateChain(const X509_STORE_CTX * store); + LLBasicCertificateChain(X509_STORE_CTX * store); virtual ~LLBasicCertificateChain() {} @@ -241,7 +241,7 @@ public: virtual LLPointer<LLCertificate> getCertificate(X509* openssl_cert); // instantiate a chain from an X509_STORE_CTX - virtual LLPointer<LLCertificateChain> getCertificateChain(const X509_STORE_CTX* chain); + virtual LLPointer<LLCertificateChain> getCertificateChain(X509_STORE_CTX* chain); // instantiate a cert store given it's id. if a persisted version // exists, it'll be loaded. If not, one will be created (but not diff --git a/indra/newview/slplugin.entitlements b/indra/newview/slplugin.entitlements new file mode 100644 index 0000000000..a1c430a57a --- /dev/null +++ b/indra/newview/slplugin.entitlements @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> +<plist version="1.0"> +<dict> + <key>com.apple.security.cs.allow-unsigned-executable-memory</key> + <true/> +</dict> +</plist> diff --git a/indra/newview/tests/llsecapi_test.cpp b/indra/newview/tests/llsecapi_test.cpp index caa3016d2e..37fbbb449b 100644 --- a/indra/newview/tests/llsecapi_test.cpp +++ b/indra/newview/tests/llsecapi_test.cpp @@ -57,7 +57,7 @@ void LLSecAPIBasicHandler::init() {} LLSecAPIBasicHandler::~LLSecAPIBasicHandler() {} LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(const std::string& pem_cert) { return NULL; } LLPointer<LLCertificate> LLSecAPIBasicHandler::getCertificate(X509* openssl_cert) { return NULL; } -LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(const X509_STORE_CTX* chain) { return NULL; } +LLPointer<LLCertificateChain> LLSecAPIBasicHandler::getCertificateChain(X509_STORE_CTX* chain) { return NULL; } LLPointer<LLCertificateStore> LLSecAPIBasicHandler::getCertificateStore(const std::string& store_id) { return NULL; } void LLSecAPIBasicHandler::setProtectedData(const std::string& data_type, const std::string& data_id, const LLSD& data) {} void LLSecAPIBasicHandler::addToProtectedMap(const std::string& data_type, const std::string& data_id, const std::string& map_elem, const LLSD& data) {} diff --git a/indra/newview/tests/llsechandler_basic_test.cpp b/indra/newview/tests/llsechandler_basic_test.cpp index e5d226a2a4..4c8d6c51b0 100644 --- a/indra/newview/tests/llsechandler_basic_test.cpp +++ b/indra/newview/tests/llsechandler_basic_test.cpp @@ -1217,8 +1217,8 @@ namespace tut // Single cert in the chain. X509_STORE_CTX *test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = NULL; + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, NULL); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 1); @@ -1229,9 +1229,9 @@ namespace tut // cert + CA test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509IntermediateCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 2); @@ -1245,9 +1245,9 @@ namespace tut // cert + nonrelated test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509TestCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 1); @@ -1257,10 +1257,10 @@ namespace tut // cert + CA + nonrelated test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509IntermediateCert); - sk_X509_push(test_store->untrusted, mX509TestCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509TestCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("two elements in store", test_chain->size(), 2); @@ -1273,10 +1273,10 @@ namespace tut // cert + intermediate + CA test_store = X509_STORE_CTX_new(); - test_store->cert = mX509ChildCert; - test_store->untrusted = sk_X509_new_null(); - sk_X509_push(test_store->untrusted, mX509IntermediateCert); - sk_X509_push(test_store->untrusted, mX509RootCert); + X509_STORE_CTX_set_cert(test_store, mX509ChildCert); + X509_STORE_CTX_set0_untrusted(test_store, sk_X509_new_null()); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509IntermediateCert); + sk_X509_push(X509_STORE_CTX_get0_untrusted(test_store), mX509RootCert); test_chain = new LLBasicCertificateChain(test_store); X509_STORE_CTX_free(test_store); ensure_equals("three elements in store", test_chain->size(), 3); diff --git a/indra/newview/viewer_manifest.py b/indra/newview/viewer_manifest.py index 41da8fa328..b932f43141 100755 --- a/indra/newview/viewer_manifest.py +++ b/indra/newview/viewer_manifest.py @@ -553,9 +553,13 @@ class WindowsManifest(ViewerManifest): self.path("vivoxsdk.dll") self.path("ortp.dll") - # Security - self.path("ssleay32.dll") - self.path("libeay32.dll") + # OpenSSL + if (self.address_size == 64): + self.path("libcrypto-1_1-x64.dll") + self.path("libssl-1_1-x64.dll") + else: + self.path("libcrypto-1_1.dll") + self.path("libssl-1_1.dll") # HTTP/2 self.path("nghttp2.dll") @@ -1025,7 +1029,6 @@ class DarwinManifest(ViewerManifest): "libapr-1.0.dylib", "libaprutil-1.0.dylib", "libexpat.1.dylib", - "libexception_handler.dylib", "libGLOD.dylib", # libnghttp2.dylib is a symlink to # libnghttp2.major.dylib, which is a symlink to @@ -1294,14 +1297,19 @@ class DarwinManifest(ViewerManifest): signed=False sign_attempts=3 sign_retry_wait=15 + libvlc_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_libvlc.dylib" + cef_path = app_in_dmg + "/Contents/Resources/llplugin/media_plugin_cef.dylib" + slplugin_path = app_in_dmg + "/Contents/Resources/SLPlugin.app/Contents/MacOS/SLPlugin" + greenlet_path = app_in_dmg + "/Contents/Resources/updater/greenlet/_greenlet.so" while (not signed) and (sign_attempts > 0): try: - sign_attempts-=1; - self.run_command( - # Note: See blurb above about names of keychains - ['codesign', '--verbose', '--deep', '--force', - '--keychain', viewer_keychain, '--sign', identity, - app_in_dmg]) + sign_attempts-=1 + # Note: See blurb above about names of keychains + self.run_command(['codesign', '--force', '--timestamp','--keychain', viewer_keychain, '--sign', identity, libvlc_path]) + self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, cef_path]) + self.run_command(['codesign', '--force', '--timestamp', '--keychain', viewer_keychain, '--sign', identity, greenlet_path]) + self.run_command(['codesign', '--verbose', '--deep', '--force', '--entitlements', self.src_path_of("slplugin.entitlements"), '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, slplugin_path]) + self.run_command(['codesign', '--verbose', '--deep', '--force', '--options', 'runtime', '--keychain', viewer_keychain, '--sign', identity, app_in_dmg]) signed=True # if no exception was raised, the codesign worked except ManifestError as err: if sign_attempts: @@ -1312,6 +1320,7 @@ class DarwinManifest(ViewerManifest): print >> sys.stderr, "Maximum codesign attempts exceeded; giving up" raise self.run_command(['spctl', '-a', '-texec', '-vvvv', app_in_dmg]) + self.run_command([self.src_path_of("installers/darwin/apple-notarize.sh"), app_in_dmg]) finally: # Unmount the image even if exceptions from any of the above @@ -1364,7 +1373,7 @@ class LinuxManifest(ViewerManifest): with self.prefix(dst="bin"): self.path("secondlife-bin","do-not-directly-run-secondlife-bin") self.path("../linux_crash_logger/linux-crash-logger","linux-crash-logger.bin") - self.path2basename("../llplugin/slplugin", "SLPlugin") + self.path2basename("../llplugin/slplugin", "SLPlugin") #this copies over the python wrapper script, associated utilities and required libraries, see SL-321, SL-322 and SL-323 with self.prefix(src="../viewer_components/manager", dst=""): self.path("*.py") |