2012-12-16 * Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them As of >=glibc-2.16 gentoo no longer carries PAX_DECLS in elf.h * scripts/paxmodule.c: do not use '-' when setting null XATTR PAX flags * scripts/paxmodule.c: adopt the update_flags() logic of paxctl-ng.c * scripts/paxmodule.c: adopt the parse_cmd_args() logic of paxctl-ng.c * scripts/revdep-pax: clean up flag exporter/importer logic * added tests/paxmodule: test python pax module * added up tests/pxtpax: do marked flags <-> running process testing * added tests/revdeppaxtest: test revdep-pax * Tests now give proper return values and are not verbose by default 2012-11-10 * fix a typo in revdep-pax script and documentation * make both PT_PAX and xattr PAX optionally enabled/disabled in configure.ac and propagated to src/paxctl-ng.c and script/paxmodule.c * add -L -l which limits markings to only PT_PAX or XT_PAX when both are possible * add -d which deletes the XT_PAX xattr field * silently ignore non-applicable command line flags so there is more flexibility in scripting * add proper exit code handling 2012-07-29 * remove unnecessary check for yasm in configure.ac * make tests/gnustack machine independant by generating native assembly using gcc 2012-07-27 * switch from yasm to gcc for assembler for arches other than x86 and amd64 * opening an ELF_C_RDWR does not work for either libelf or elfutils, so revert to ELF_C_RDWR_MMAP. This does, however, break linking against libelf 2012-07-24 * scripts/{revdep-pax,paxmodule.c,pypaxctl}: python2/3 compat * src/{fix-gnustack.c,paxctl-ng.c}, scripts/paxmodule.c: switch from ELF_C_RDWR_MMAP to ELF_C_RDWR to link again libelf for uclibc systems * scripts/revdep-pax: remove bare exception handling, catch only exceptions which are well understood, eg pax.error * scripts/revdep-pax: switch from subprocess.check_output to subprocess.Popen for better behavior * scripts/revdep-pax: add sanity checks for missing OBJECT, SONAME, and LIBRARY passed on the command line * scripts/revdep-pax: simplify map reversal using setdefault to avoid a double loop 2012-07-21 * scripts/revdep-pax: add option to only print out executables, not libraries * scripts/revdep-pax: allow for a more complex logic in migrating flags from source to target. When the source says nothing about a flag, the target's options survive * misc/test-revdep-pax: add revdep-pax test code * src/paxctl-ng.c: remove RANDEXEC completely. Its completely missing from XT_PAX so remove it from PT_APX as well. * src/paxctl-ng.c: switch to string implementation of XT_PAX following upstreams implementation in the kernel * scripts/paxmodule.c: switch to string implementation of XT_PAX * scripts/pypaxctl: a (too?) simple front end to test python module * src/paxctl-ng.c, scripts/paxmodule.c: create xattr user.pax.flags when trying to set XT_PAX flags when the field doesn't already exit 2011-12-28 * misc/test-revdep-pax: added a test package for revdep-pax * scripts/revdep-pax: added an allyes option * scripts/revdep-pax: employ a more sophisticated logic for markings when binary and library flags conflict * scripts/revdep-pax: die elegantly if binary/library is not found 2011-12-04 * src/paxctl-ng.c: add exception handling when trying to pax.setflags * src/paxctl-ng.c: make -e (report/mark only executables) filter output from either verbose or non-verbose output 2011-11-26 * src/paxctl-ng.c: made verbosity more consistant * src/paxctl-ng.c: build with/without xattr support * scripts/{setup.py,paxmodule.c}: build with/without xattr support * configure.ac: added --enable-xattr switch * scripts/revdep-pax: add -e switch to only mark (-m) or to only report on (-v) binaries that are in the shell's PATH * tests/pxtpax: compare pax flags on binary and process * fix-gnustack and paxctl-ng: fix exit code on success * paxctl-ng: add file globbing * paxctl-ng: if a file fails to open O_RDWR then don't do PT_PAX markings but continue with XT_PAX 2011-10-23 * add XT_PAX read/write in paxct-ng.c and paxmodule.c * create and/or copy XT_PAX flags to/from PT_PAX in paxctl-ng.c * clean up error handling in paxctl-ng.c * remove EI_PAX doc and add XT_PAX doc 2011-10-17 Anthony G. Basile * add search by full library path in revdep-pax * add pax_setflags to paxmodule.c * add setflags to mismatched binaries/libraries in revdep-pax * removed EI_PAX markings, bug #387459 2011-10-12 Anthony G. Basile * Move actions for options to functions * Add two levels of verbosity 2011-10-08 Anthony G. Basile * Add python pax module and revdep-pax * Add poc/paxmark-libs 2011-10-03 Anthony G. Basile * Code cleanup and fixed make check * Add poc/paxctl-xattr 2011-09-27 Anthony G. Basile * Code cleanup and fix PT_PAX flag setting 2011-08-18 Anthony G. Basile * Add paxctl-ng 2011-04-14 Anthony G. Basile * Initial release * Add fix-gnustack ----- Copyright (C) 2011 Anthony G. Basile Copying and distribution of this file, with or without modification, are permitted provided the copyright notice and this notice are preserved.