2015-10-27 * scripts/paxmark.sh: do not do a bash -l so we get /usr/sbin in our path. Fixes bug #564142. Thanks Alexander Tsoy . * configure.ac: check for only if ptpax is enabled. Thanks Jory Pratt . 2015-09-03 * scripts/paxmark.sh: make.conf can be a directory * scripts/paxmark.sh: default to both PT and XT if no PAX_MARKINGS are set in make.conf. Reported by James Le Cuirot 2014-12-22 * scripts/paxmark.sh: remove erroneous elog functions * scripts/paxmark.sh: source /etc/portage/make.conf for PAX_MARKINGS and correct logic to default to PT only if no PAX_MARKINGS are set. Reported by Karl-Johan Karlsson 2014-10-03 * scripts/paxmark.sh: backport improvements from pax-utils.eclass * configure.ac: remove bash-isms See: https://bugs.gentoo.org/525240 2014-07-30 * Build fix-gnustack conditionally on --enable-ptpax to avoid dependancy on elfutils or libelf when it needed for fix-gnustack but not paxctl-ng. The future solution will be break out fix-gnustack. See: https://bugs.gentoo.org/518524 2014-06-07 * Switch from error() to errx() in fix-gnustack.c and paxctl-ng.c to make the code portable to musl (and BSD). 2014-05-31 * Remove check from install-xattr which is messing up portage's install wrapper. See https://bugs.gentoo.org/511984 2014-05-27 * Added ldd.py, a clone of ldd built on top of pyelftools 2014-01-08 * Added install.wrapper.c for https://bugs.gentoo.org/465000 2013-09-26 * Return EXIT_SUCCESS if user.pax.flags is done after paxctl-ng -d. This addresses https://bugs.gentoo.org/485908 2013-05-20 * Bump to automake 1.12 * Add check if ELF_C_RDWR_MMAP is declared in libelf.h. This distinguishes elfutils from libelf. The former will not build on uclibc, but the laster does not provide ELF_C_RDWR_MMAP. * Clean up the tests so they work for all combinations of --{en,dis}able-{pt,xt}pax * Add a bash utility, paxmark.sh, which does PaX marking like the eclass. This is for build systems that do PaX marking during the build. 2012-12-28 * src/paxctl-ng.c: -L/-l alone report if PT_PAX/XATTR_PAX is supported. * Use NEEDED.ELF.2 for revdep-pax and migrate-pax 2012-12-26 * Fix the flag logic on paxctl-ng and clean up documenation * Encapsulate all forward/reverse linkings in class LinkMap in link_map.py * Use the portage module instead of reading /var/db/pkg for link info * Use NEEDED.ELF.2 instead of deprecated NEEDED for link info 2012-12-21 * Change the name XT_PAX to XATTR_PAX to follow upstream everywhere except in this document. 2012-12-16 * Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them As of >=glibc-2.16 gentoo no longer carries PAX_DECLS in elf.h * scripts/paxmodule.c: do not use '-' when setting null XATTR PAX flags * scripts/paxmodule.c: adopt the update_flags() logic of paxctl-ng.c * scripts/paxmodule.c: adopt the parse_cmd_args() logic of paxctl-ng.c * scripts/revdep-pax: clean up flag exporter/importer logic * added tests/paxmodule: test python pax module * added up tests/pxtpax: do marked flags <-> running process testing * added tests/revdeppaxtest: test revdep-pax * Tests now give proper return values and are not verbose by default 2012-11-10 * fix a typo in revdep-pax script and documentation * make both PT_PAX and xattr PAX optionally enabled/disabled in configure.ac and propagated to src/paxctl-ng.c and script/paxmodule.c * add -L -l which limits markings to only PT_PAX or XT_PAX when both are possible * add -d which deletes the XT_PAX xattr field * silently ignore non-applicable command line flags so there is more flexibility in scripting * add proper exit code handling 2012-07-29 * remove unnecessary check for yasm in configure.ac * make tests/gnustack machine independant by generating native assembly using gcc 2012-07-27 * switch from yasm to gcc for assembler for arches other than x86 and amd64 * opening an ELF_C_RDWR does not work for either libelf or elfutils, so revert to ELF_C_RDWR_MMAP. This does, however, break linking against libelf 2012-07-24 * scripts/{revdep-pax,paxmodule.c,pypaxctl}: python2/3 compat * src/{fix-gnustack.c,paxctl-ng.c}, scripts/paxmodule.c: switch from ELF_C_RDWR_MMAP to ELF_C_RDWR to link again libelf for uclibc systems * scripts/revdep-pax: remove bare exception handling, catch only exceptions which are well understood, eg pax.error * scripts/revdep-pax: switch from subprocess.check_output to subprocess.Popen for better behavior * scripts/revdep-pax: add sanity checks for missing OBJECT, SONAME, and LIBRARY passed on the command line * scripts/revdep-pax: simplify map reversal using setdefault to avoid a double loop 2012-07-21 * scripts/revdep-pax: add option to only print out executables, not libraries * scripts/revdep-pax: allow for a more complex logic in migrating flags from source to target. When the source says nothing about a flag, the target's options survive * misc/test-revdep-pax: add revdep-pax test code * src/paxctl-ng.c: remove RANDEXEC completely. Its completely missing from XT_PAX so remove it from PT_APX as well. * src/paxctl-ng.c: switch to string implementation of XT_PAX following upstreams implementation in the kernel * scripts/paxmodule.c: switch to string implementation of XT_PAX * scripts/pypaxctl: a (too?) simple front end to test python module * src/paxctl-ng.c, scripts/paxmodule.c: create xattr user.pax.flags when trying to set XT_PAX flags when the field doesn't already exit 2011-12-28 * misc/test-revdep-pax: added a test package for revdep-pax * scripts/revdep-pax: added an allyes option * scripts/revdep-pax: employ a more sophisticated logic for markings when binary and library flags conflict * scripts/revdep-pax: die elegantly if binary/library is not found 2011-12-04 * src/paxctl-ng.c: add exception handling when trying to pax.setflags * src/paxctl-ng.c: make -e (report/mark only executables) filter output from either verbose or non-verbose output 2011-11-26 * src/paxctl-ng.c: made verbosity more consistant * src/paxctl-ng.c: build with/without xattr support * scripts/{setup.py,paxmodule.c}: build with/without xattr support * configure.ac: added --enable-xattr switch * scripts/revdep-pax: add -e switch to only mark (-m) or to only report on (-v) binaries that are in the shell's PATH * tests/pxtpax: compare pax flags on binary and process * fix-gnustack and paxctl-ng: fix exit code on success * paxctl-ng: add file globbing * paxctl-ng: if a file fails to open O_RDWR then don't do PT_PAX markings but continue with XT_PAX 2011-10-23 * add XT_PAX read/write in paxct-ng.c and paxmodule.c * create and/or copy XT_PAX flags to/from PT_PAX in paxctl-ng.c * clean up error handling in paxctl-ng.c * remove EI_PAX doc and add XT_PAX doc 2011-10-17 Anthony G. Basile * add search by full library path in revdep-pax * add pax_setflags to paxmodule.c * add setflags to mismatched binaries/libraries in revdep-pax * removed EI_PAX markings, bug #387459 2011-10-12 Anthony G. Basile * Move actions for options to functions * Add two levels of verbosity 2011-10-08 Anthony G. Basile * Add python pax module and revdep-pax * Add poc/paxmark-libs 2011-10-03 Anthony G. Basile * Code cleanup and fixed make check * Add poc/paxctl-xattr 2011-09-27 Anthony G. Basile * Code cleanup and fix PT_PAX flag setting 2011-08-18 Anthony G. Basile * Add paxctl-ng 2011-04-14 Anthony G. Basile * Initial release * Add fix-gnustack ----- Copyright (C) 2011 Anthony G. Basile Copying and distribution of this file, with or without modification, are permitted provided the copyright notice and this notice are preserved.