Commit Graph

27 Commits

Author SHA1 Message Date
Kittywhiskers Van Gogh
62b0213c45
merge bitcoin#27999: add macOS test for fixup_chains usage 2024-11-13 11:07:38 +00:00
Kittywhiskers Van Gogh
be175091e6
merge bitcoin#27676: Bump minimum required runtime version and prepare for building with upstream LLVM 2024-11-13 11:07:38 +00:00
Kittywhiskers Van Gogh
1edd1215ef
merge bitcoin#29987: build with glibc 2.31 2024-11-06 19:22:02 +00:00
fanquake
0dd997c4e5
Merge bitcoin/bitcoin#26835: contrib: add PE Canary check to security-check
6ba17d4955b75b4f4064a817dd55427f25b194bf scripts: add PE Canary check to security-check (fanquake)

Pull request description:

  We should be checking this, same as ELF & MACHO.

  Guix Build:
  ```bash
  6334c001b276ca5f0278092be68bf6d49d9b755bcac893bbd4aa58df57356e40  guix-build-6ba17d4955b7/output/dist-archive/bitcoin-6ba17d4955b7.tar.gz
  e27ad7fffb377bc6264477933859ab47c7283a68fbf86124d3801bc4c8b790dd  guix-build-6ba17d4955b7/output/x86_64-w64-mingw32/SHA256SUMS.part
  ef7b61bd854f0d3c39f356ef85ac18d37c5740874111f5ce46f7ce3381e714ca  guix-build-6ba17d4955b7/output/x86_64-w64-mingw32/bitcoin-6ba17d4955b7-win64-debug.zip
  c419324597487f248143a076d6eb2a56b0dbf5ce690ca89afaaee5c6b352e1a1  guix-build-6ba17d4955b7/output/x86_64-w64-mingw32/bitcoin-6ba17d4955b7-win64-setup-unsigned.exe
  a18ff1e3026cd9fc08dd7b500c06a343462aef4a37538608d940d1845bcdb94a  guix-build-6ba17d4955b7/output/x86_64-w64-mingw32/bitcoin-6ba17d4955b7-win64-unsigned.tar.gz
  7e4ee0669940f4b8c1a12dab836898511a60f06a62057ac03beaca8bb693bfb4  guix-build-6ba17d4955b7/output/x86_64-w64-mingw32/bitcoin-6ba17d4955b7-win64.zip
  ```

ACKs for top commit:
  sipsorcery:
    ACK 6ba17d4955b75b4f4064a817dd55427f25b194bf.

Tree-SHA512: 1acc24c0cb36dbc30311f4eee64e3d4737c828b97039be0f72cfe061bcb8c4d5c830d7792f503e711e219a62d85b7e07cdff3510cbd4f8d46895a7cb66b88219
2024-08-12 11:52:41 +07:00
Konstantin Akimov
4aa197dbdb Merge #18673: scripted-diff: Sort test includes
fa4632c41714dfaa699bacc6a947d72668a4deef test: Move boost/stdlib includes last (MarcoFalke)
fa488f131fd4f5bab0d01376c5a5013306f1abcd scripted-diff: Bump copyright headers (MarcoFalke)
fac5c373006a9e4bcbb56843bb85f1aca4d87599 scripted-diff: Sort test includes (MarcoFalke)

Pull request description:

  When writing tests, often includes need to be added or removed. Currently the list of includes is not sorted, so developers that write tests and have `clang-format` installed will either have an unrelated change (sorting) included in their commit or they will have to manually undo the sort.

  This pull preempts both issues by just sorting all includes in one commit.

  Please be aware that this is **NOT** a change to policy to enforce clang-format or any other developer guideline or process. Developers are free to use whatever tool they want, see also #18651.

  Edit: Also includes a commit to bump the copyright headers, so that the touched files don't need to be touched again for that.

ACKs for top commit:
  practicalswift:
    ACK fa4632c41714dfaa699bacc6a947d72668a4deef
  jonatack:
    ACK fa4632c41714dfaa, light review and sanity checks with gcc build and clang fuzz build

Tree-SHA512: 130a8d073a379ba556b1e64104d37c46b671425c0aef0ed725fd60156a95e8dc83fb6f0b5330b2f8152cf5daaf3983b4aca5e75812598f2626c39fd12b88b180
2023-08-29 22:00:59 -05:00
Kittywhiskers Van Gogh
66e1541808 merge bitcoin#21851: support cross-compiling for arm64-apple-darwin 2023-06-29 12:31:03 -05:00
Kittywhiskers Van Gogh
1158ebb2e6 merge bitcoin#23778: Guix 1.4.0 & GCC 10.3 2023-06-18 11:47:54 -05:00
Kittywhiskers Van Gogh
e39a1de731 merge bitcoin#23839: build with and test for control flow instrumentation on x86_64 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
1e9278ea11 merge bitcoin#23535: check for control flow instrumentation 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
110dbf82e8 merge bitcoin#22392: use LIEF for ELF security & symbol checks 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
cdedbea0b4 merge bitcoin#21889: check for control flow instrumentation 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
24a6642b6f partial bitcoin#22381: Test security-check sanity before performing them (with macOS)
excludes:
- d6ef3543ae16847d5a91fa9271acee9bd2164b32
2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
d4a8d49e56 merge bitcoin#21428: Cleanup in test-{security,symbol}-check.py 2023-06-07 14:42:02 +05:30
Kittywhiskers Van Gogh
994fb5739c merge bitcoin#18434: add a test-security target and run it in CI 2023-06-07 14:40:37 +05:30
Kittywhiskers Van Gogh
ef69317b59 merge bitcoin#19525: add -Wl,-z,separate-code to hardening flags 2023-01-18 19:02:39 -06:00
fanquake
f7a94b58d4
Merge #18629: scripts: add PE .reloc section check to security-check.py
3e38023af724a76972d39cbccfb0bba4c54a0323 scripts: add PE .reloc section check to security-check.py (fanquake)

Pull request description:

  The `ld` in binutils has historically had a few issues with PE binaries, there's a good summary in this [thread](https://sourceware.org/bugzilla/show_bug.cgi?id=19011).

  One issue in particular was `ld` stripping the `.reloc` section out of PE binaries, even though it's required for functioning ASLR. This was [reported by a Tor developer in 2014](https://sourceware.org/bugzilla/show_bug.cgi?id=17321) and they have been patching their [own binutils](https://gitweb.torproject.org/builders/tor-browser-build.git/tree/projects/binutils) ever since. However their patch only made it into binutils at the [start of this year](https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=dc9bd8c92af67947db44b3cb428c050259b15cd0). It adds an `--enable-reloc-section` flag, which is turned on by default if you are using `--dynamic-base`. In the mean time this issue has also been worked around by other projects, such as FFmpeg, see [this commit](91b668acd6).

  I have checked our recent supported Windows release binaries, and they do contain a `.reloc` section. From what I understand, we are using all the right compile/linker flags, including `-pie` & `-fPIE`, and have never run into the crashing/entrypoint issues that other projects might have seen.

  One other thing worth noting here, it how Debian/Ubuntu patch the binutils that they distribute, because that's what we end up using in our gitian builds.

  In the binutils-mingw-w64 in Bionic (18.04), which we currently use in gitian, PE hardening options/security flags are enabled by default. See the [changelog](https://changelogs.ubuntu.com/changelogs/pool/universe/b/binutils-mingw-w64/binutils-mingw-w64_8ubuntu1/changelog) and the [relevant commit](452b3013b8).

  However in Focal (20.04), this has now been reversed. PE hardening options are no-longer the default. See the [changelog](https://changelogs.ubuntu.com/changelogs/pool/universe/b/binutils-mingw-w64/binutils-mingw-w64_8.8/changelog) and [relevant commit](7bd8b2fbc2), which cites same .reloc issue mentioned here.

  Given that we explicitly specify/opt-in to everything that we want to use, the defaults aren't necessarily an issue for us. However I think it highlights the importance of continuing to be explicit about what we want, and not falling-back or relying on upstream.

  This was also prompted by the possibility of us doing link time garbage collection, see #18579 & #18605. It seemed some sanity checks would be worthwhile in-case the linker goes haywire while garbage collecting.

  I think Guix is going to bring great benefits when dealing with these kinds of issues. Carl you might have something to say in that regard.

ACKs for top commit:
  dongcarl:
    ACK 3e38023af724a76972d39cbccfb0bba4c54a0323

Tree-SHA512: af14d63bdb334bde548dd7de3e0946556b7e2598d817b56eb4e75b3f56c705c26aa85dd9783134c4b6a7aeb7cb4de567eed996e94d533d31511f57ed332287da
2022-06-18 22:14:03 -07:00
fanquake
bd7b5a3ad4
Merge #18713: scripts: Add MACHO stack canary check to security-check.py
8334ee31f868f0f9baf0920d14d20174ed889dbe scripts: add MACHO LAZY_BINDINGS test to test-security-check.py (fanquake)
7b99c7454cdb74cd9cd7a5eedc2fb9d0a19df456 scripts: add MACHO Canary check to security-check.py (fanquake)

Pull request description:

  7b99c7454cdb74cd9cd7a5eedc2fb9d0a19df456 uses `otool -Iv` to check for `___stack_chk_fail` in the macOS binaries. Similar to the [ELF check](https://github.com/bitcoin/bitcoin/blob/master/contrib/devtools/security-check.py#L105). Note that looking for a triple underscore prefixed function (as opposed to two for ELF) is correct for the macOS binaries. i.e:
  ```bash
  otool -Iv bitcoind | grep chk
  0x00000001006715b8   509 ___memcpy_chk
  0x00000001006715be   510 ___snprintf_chk
  0x00000001006715c4   511 ___sprintf_chk
  0x00000001006715ca   512 ___stack_chk_fail
  0x00000001006715d6   517 ___vsnprintf_chk
  0x0000000100787898   513 ___stack_chk_guard
  ```

  8334ee31f868f0f9baf0920d14d20174ed889dbe is a follow up to #18295 and adds test cases to `test-security-check.py` that for some reason I didn't add at the time. I'll sort out #18434 so that we can run these tests in the CI.

ACKs for top commit:
  practicalswift:
    ACK 8334ee31f868f0f9baf0920d14d20174ed889dbe: Mitigations are important. Important things are worth asserting :)
  jonasschnelli:
    utACK 8334ee31f868f0f9baf0920d14d20174ed889dbe.

Tree-SHA512: 1aa5ded34bbd187eddb112b27278deb328bfc21ac82316b20fab6ad894f223b239a76b53dab0ac1770d194c1760fcc40d4da91ec09959ba4fc8eadedb173936a
2022-06-18 22:14:03 -07:00
Wladimir J. van der Laan
3c4982205c
Merge #18415: scripts: add MACHO tests to test-security-check.py
7142d50ac33e0ad7d24e49e04c1fc7e3e769ed46 scripts: rename test_64bit_PE to test_PE (fanquake)
edaca2dd123cef958699c07ab248cf0ffc71af07 scripts: add MACHO NX check to security-check.py (fanquake)
1a4e9f32efcc5f6a74290446dc58784fd85c7b31 scripts: add MACHO tests to test-security-check.py (fanquake)

Pull request description:

  Adds tests for the MACHO checks in security-check.py:
  ac579ada7e/contrib/devtools/security-check.py (L212-L214)

  I'm planning on following up with more checks in security-check.py, and corresponding tests in test-security-check.py.

  Note that you'll probably have to be on macOS to run them. You can run just this suite with `python3 test-security-check.py TestSecurityChecks.test_MACHO`.

ACKs for top commit:
  laanwj:
    ACK 7142d50ac33e0ad7d24e49e04c1fc7e3e769ed46

Tree-SHA512: ace3ca9f6df5d4fedd5988938fb7dc7563ec7dc587aa275f780b5f51e9b8d7d6f7768e0a1e05ce438510a07b8640aba92c76847b30c2990f46c66b78a0acf960
2022-06-18 22:14:02 -07:00
Wladimir J. van der Laan
07a7fda225
Merge #15939: gitian: Remove Windows 32 bit build
fa193dc8e6f3b96fa2dba2f1c1668f7720fed320 doc: Remove win32 from the release process (MarcoFalke)
faf666f8148eeb305a9c4f78459aff2c7268016b Remove Windows 32 bit build (MarcoFalke)

Pull request description:

  The Windows 32 bit build has been removed from https://bitcoincore.org/en/download/, so unless there are complaints, we don't need to build it even

ACKs for commit fa193d:
  fanquake:
    utACK fa193dc8e6

Tree-SHA512: d6f2976a2e0c407698f720b00ac23ec4056626de4eff8621f4c5581120af0460afd1bdef72329cc0e7d92afca48d94ae5fce6777cb36bfabb60b8034ff08fd88
2021-09-02 22:27:58 +03:00
Wladimir J. van der Laan
f0b1c562a1 Merge #13764: contrib: Fix test-security-check fail in Ubuntu 18.04
1e60713a68296a0ff221befb48b2958fbf019ebf contrib: Fix test-security-check fail in Ubuntu 18.04 (Chun Kuan Lee)

Pull request description:

  - Fix test-security-check fail in Ubuntu 18.04. Those flags are enabled by default, so we must specify `-no` to make the executable does 'not' have those attributes.
  - Drop HIGH_ENTROPY_VA. After update our gitian system to Bionic, the compiler should support HIGH_ENTROPY_VA

Tree-SHA512: 78c1f2aae1253ddd52faa1af569b7151a503a217c7ccbe21b8004d8910c45d8a27ff04695eacbdadd7192d2c91c0d59941ca20c651dd2d5052b9999163a11ae4
2020-07-28 21:35:31 -05:00
Wladimir J. van der Laan
d1200755f1 Merge #13448: Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python
c8176b3cc7556d7bcec39a55ae4d6ba16453baaa Add linter: Make sure we explicitly open all text files using UTF-8 or ASCII encoding in Python (practicalswift)
634bd970013eca90f4b4c1f9044eec8c97ba62c2 Explicitly specify encoding when opening text files in Python code (practicalswift)

Pull request description:

  Add linter: Make sure we explicitly open all text files using UTF-8 encoding in Python.

  As requested by @laanwj in #13440.

Tree-SHA512: 1651c00fe220ceb273324abd6703aee504029b96c7ef0e3029145901762c733c9b9d24927da281394fd4681a5bff774336c04eed01fafea997bb32192c334c06
Signed-off-by: pasta <pasta@dashboost.org>

# Conflicts:
#	contrib/devtools/circular-dependencies.py
#	contrib/linearize/linearize-data.py
#	contrib/linearize/linearize-hashes.py
#	contrib/seeds/generate-seeds.py
#	contrib/verify-commits/verify-commits.py
#	test/functional/multiwallet.py
#	test/functional/notifications.py
#	test/functional/test_runner.py
#	test/util/rpcauth-test.py
2020-07-07 11:50:56 -05:00
Wladimir J. van der Laan
8a09758298 Merge #13094: tests: Add test for 64-bit Windows PE, modify 32-bit test results
ab3f4dd tests: Add test for 64-bit PE, modify 32-bit test results (Chun Kuan Lee)

Pull request description:

  9a75d29b6f change the error result from `PIE` to `DYNAMIC_BASE`. And there are no test for 64-bit, so I made one

Tree-SHA512: 9d5643dadf4d9fc34ea32d94655bfb98eec2f7bc2820b4b0f525d5acf1cd22f3acf38bf8904dda4f50fd9ca5a5e56d566a392e6f804eea6e50e03cba40048621
2020-06-28 19:28:57 -05:00
MarcoFalke
714beebe07 Merge #12972: Add python3 script shebang lint
2bff472992 [contrib] convert test-security-check to python3 (John Newbery)
958bf40489 add lint tool to check python3 shebang (practicalswift)

Pull request description:

  base58.py can executed by python3

Tree-SHA512: 30511204feefd4ccd5b4bf698fb88e516633e692dc95d31fe957b1c0c4879de25906355b28a5a0522171887315c8464a611e601ff00540db172d5bd463ee13d9
2020-06-27 10:43:32 -05:00
MarcoFalke
be63fb7953 Merge #9508: Remove unused Python imports
95bab82 Remove unused Python imports (practicalswift)
2018-01-21 12:48:33 +01:00
Wladimir J. van der Laan
473ffa0641 Merge #8702: [copyright] add MIT License copyright header to remaining Python files
4677b19 [copyright] add MIT License copyright header to remaining Python files (isle2983)
2018-01-11 13:20:57 +01:00
MarcoFalke
bc659c3e6e Merge #8270: Tests: Use portable #! in python scripts (/usr/bin/env)
7b01ce2 Favour python over python2 as per PR #7723 (Matthew King)
873e81f Use portable #! in python scripts (/usr/bin/env) (Matthew King)
2018-01-08 18:04:55 +01:00
Wladimir J. van der Laan
579b863cd7 devtools: Add security-check.py
Perform the following ELF security checks:

- PIE: Check for position independent executable (PIE), allowing for address space randomization
- NX: Check that no sections are writable and executable (including the stack)
- RELRO: Check for read-only relocations, binding at startup
- Canary: Check for use of stack canary

Also add a check to symbol-check.py that checks that only the subset of
allowed libraries is imported (to avoid incompatibilities).
2015-10-22 03:35:38 +02:00