Backport fixes for paxmark.sh and revdep-pax.

(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0xF52D4BBA)

4 files changed, 135 insertions, 1 deletions

diff --git a/sys-apps/elfix/ChangeLog b/sys-apps/elfix/ChangeLog
index 828f5137fb58..d0b4fedde6c3 100644
--- a/sys-apps/elfix/ChangeLog
+++ b/sys-apps/elfix/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-apps/elfix
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/elfix/ChangeLog,v 1.91 2014/12/27 19:25:38 ago Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/elfix/ChangeLog,v 1.92 2014/12/28 18:26:51 blueness Exp $
+
+*elfix-0.9.0-r1 (28 Dec 2014)
+
+  28 Dec 2014; Anthony G. Basile <blueness@gentoo.org> +elfix-0.9.0-r1.ebuild,
+  +files/elfix-0.9.0-backport-fix-paxmark_sh.patch,
+  +files/elfix-0.9.0-backport-fix-revdep-pax.patch:
+  Backport fixes for paxmark.sh and revdep-pax.
 
   27 Dec 2014; Agostino Sarubbo <ago@gentoo.org> elfix-0.9.0.ebuild:
   Stable for amd64, wrt bug #530570
diff --git a/sys-apps/elfix/elfix-0.9.0-r1.ebuild b/sys-apps/elfix/elfix-0.9.0-r1.ebuild
new file mode 100644
index 000000000000..bedb4bd91c52
--- /dev/null
+++ b/sys-apps/elfix/elfix-0.9.0-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/elfix/elfix-0.9.0-r1.ebuild,v 1.1 2014/12/28 18:26:51 blueness Exp $
+
+EAPI="5"
+
+inherit eutils
+
+DESCRIPTION="A suite of tools to work with ELF objects on Hardened Gentoo"
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
+	http://dev.gentoo.org/~blueness/elfix/"
+SRC_URI="http://dev.gentoo.org/~blueness/elfix/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86"
+IUSE="+ptpax +xtpax"
+
+REQUIRED_USE="|| ( ptpax xtpax )"
+
+# These only work with a properly configured PaX kernel
+RESTRICT="test"
+
+DEPEND="~dev-python/pypax-${PV}[ptpax=,xtpax=]
+	ptpax? ( dev-libs/elfutils )
+	xtpax? ( sys-apps/attr )"
+
+RDEPEND="${DEPEND}"
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-backport-fix-paxmark_sh.patch
+	epatch "${FILESDIR}"/${P}-backport-fix-revdep-pax.patch
+}
+
+src_configure() {
+	rm -f "${S}/scripts/setup.py"
+	econf --disable-tests \
+		$(use_enable ptpax) \
+		$(use_enable xtpax)
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	dodoc AUTHORS ChangeLog INSTALL README THANKS TODO
+}
diff --git a/sys-apps/elfix/files/elfix-0.9.0-backport-fix-paxmark_sh.patch b/sys-apps/elfix/files/elfix-0.9.0-backport-fix-paxmark_sh.patch
new file mode 100644
index 000000000000..86be00ee46c2
--- /dev/null
+++ b/sys-apps/elfix/files/elfix-0.9.0-backport-fix-paxmark_sh.patch
@@ -0,0 +1,57 @@
+From 84ca11706f804d6c808d932700a90cc8eaab2f15 Mon Sep 17 00:00:00 2001
+From: "Anthony G. Basile" <blueness@gentoo.org>
+Date: Sun, 21 Dec 2014 10:37:00 -0500
+Subject: [PATCH 1/2] scripts/paxmark.sh: source make.conf and properly set
+ PAX_MARKINGS
+
+---
+ ChangeLog          | 6 ++++++
+ scripts/paxmark.sh | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index f64e57a..d9993b1 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,9 @@
++2014-12-22
++
++	* scripts/paxmark.sh: remove erroneous elog functions
++	* scripts/paxmark.sh: source /etc/portage/make.conf for PAX_MARKINGS
++	and correct logic to default to PT only if no PAX_MARKINGS are set.
++	Reported by Karl-Johan Karlsson <creideiki+gentoo-hardened@ferretporn.se>
+ 
+ 2014-10-03
+ 
+diff --git a/scripts/paxmark.sh b/scripts/paxmark.sh
+index 9ec077a..408e6aa 100755
+--- a/scripts/paxmark.sh
++++ b/scripts/paxmark.sh
+@@ -53,7 +53,6 @@ paxmarksh() {
+ 				scanelf -Xxz ${flags} "$f" >/dev/null 2>&1
+ 			#We failed to set PT_PAX flags
+ 			elif [[ ${PAX_MARKINGS} != "none" ]]; then
+-				elog "Failed to set PT_PAX markings -${flags} ${f}."
+ 				ret=1
+ 			fi
+ 		done
+@@ -79,7 +78,6 @@ paxmarksh() {
+ 
+ 			#We failed to set XATTR_PAX flags
+ 			if [[ ${PAX_MARKINGS} != "none" ]]; then
+-				elog "Failed to set XATTR_PAX markings -${flags} ${f}."
+ 				ret=1
+ 			fi
+ 		done
+@@ -88,5 +86,7 @@ paxmarksh() {
+ 	return ${ret}
+ }
+ 
+-PAX_MARKINGS=${PAX_MARKINGS:="PT XT"}
++MAKE_CONF="/etc/portage/make.conf"
++[[ -e $MAKE_CONF ]] && source $MAKE_CONF
++PAX_MARKINGS=${PAX_MARKINGS:="PT"}
+ paxmarksh "$@"
+-- 
+2.0.5
+
diff --git a/sys-apps/elfix/files/elfix-0.9.0-backport-fix-revdep-pax.patch b/sys-apps/elfix/files/elfix-0.9.0-backport-fix-revdep-pax.patch
new file mode 100644
index 000000000000..e92769eece76
--- /dev/null
+++ b/sys-apps/elfix/files/elfix-0.9.0-backport-fix-revdep-pax.patch
@@ -0,0 +1,25 @@
+From 581b53b3c1ca3166dc394d1f4b08260bd088c346 Mon Sep 17 00:00:00 2001
+From: "Anthony G. Basile" <blueness@gentoo.org>
+Date: Mon, 22 Dec 2014 12:30:12 -0500
+Subject: [PATCH 2/2] scripts/revdep-pax: change .get_maps() to .get_graph()
+
+---
+ scripts/revdep-pax | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/scripts/revdep-pax b/scripts/revdep-pax
+index a718fd6..7c1cf85 100755
+--- a/scripts/revdep-pax
++++ b/scripts/revdep-pax
+@@ -465,7 +465,7 @@ def run_soname(name, verbose, use_soname, mark, allyes, executable_only):
+     shell_path = os.getenv('PATH').split(':')
+ 
+     (object_linkings, object_reverse_linkings,
+-     library2soname, soname2library) = LinkGraph().get_maps()
++     library2soname, soname2library) = LinkGraph().get_graph()
+ 
+     if use_soname:
+         soname = name
+-- 
+2.0.5
+