1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
|
2014-12-22
* scripts/paxmark.sh: remove erroneous elog functions
* scripts/paxmark.sh: source /etc/portage/make.conf for PAX_MARKINGS
and correct logic to default to PT only if no PAX_MARKINGS are set.
Reported by Karl-Johan Karlsson <creideiki+gentoo-hardened@ferretporn.se>
2014-10-03
* scripts/paxmark.sh: backport improvements from pax-utils.eclass
* configure.ac: remove bash-isms
See: https://bugs.gentoo.org/525240
2014-07-30
* Build fix-gnustack conditionally on --enable-ptpax to avoid dependancy
on elfutils or libelf when it needed for fix-gnustack but not paxctl-ng.
The future solution will be break out fix-gnustack.
See: https://bugs.gentoo.org/518524
2014-06-07
* Switch from error() to errx() in fix-gnustack.c and paxctl-ng.c to
make the code portable to musl (and BSD).
2014-05-31
* Remove check from install-xattr which is messing up portage's install
wrapper. See https://bugs.gentoo.org/511984
2014-05-27
* Added ldd.py, a clone of ldd built on top of pyelftools
2014-01-08
* Added install.wrapper.c for https://bugs.gentoo.org/465000
2013-09-26
* Return EXIT_SUCCESS if user.pax.flags is done after paxctl-ng -d. This
addresses https://bugs.gentoo.org/485908
2013-05-20
* Bump to automake 1.12
* Add check if ELF_C_RDWR_MMAP is declared in libelf.h. This distinguishes
elfutils from libelf. The former will not build on uclibc, but the laster
does not provide ELF_C_RDWR_MMAP.
* Clean up the tests so they work for all combinations of --{en,dis}able-{pt,xt}pax
* Add a bash utility, paxmark.sh, which does PaX marking like the eclass. This is for
build systems that do PaX marking during the build.
2012-12-28
* src/paxctl-ng.c: -L/-l alone report if PT_PAX/XATTR_PAX is supported.
* Use NEEDED.ELF.2 for revdep-pax and migrate-pax
2012-12-26
* Fix the flag logic on paxctl-ng and clean up documenation
* Encapsulate all forward/reverse linkings in class LinkMap in link_map.py
* Use the portage module instead of reading /var/db/pkg for link info
* Use NEEDED.ELF.2 instead of deprecated NEEDED for link info
2012-12-21
* Change the name XT_PAX to XATTR_PAX to follow upstream everywhere
except in this document.
2012-12-16
* Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them
As of >=glibc-2.16 gentoo no longer carries PAX_DECLS in elf.h
* scripts/paxmodule.c: do not use '-' when setting null XATTR PAX flags
* scripts/paxmodule.c: adopt the update_flags() logic of paxctl-ng.c
* scripts/paxmodule.c: adopt the parse_cmd_args() logic of paxctl-ng.c
* scripts/revdep-pax: clean up flag exporter/importer logic
* added tests/paxmodule: test python pax module
* added up tests/pxtpax: do marked flags <-> running process testing
* added tests/revdeppaxtest: test revdep-pax
* Tests now give proper return values and are not verbose by default
2012-11-10
* fix a typo in revdep-pax script and documentation
* make both PT_PAX and xattr PAX optionally enabled/disabled in
configure.ac and propagated to src/paxctl-ng.c and script/paxmodule.c
* add -L -l which limits markings to only PT_PAX or XT_PAX when
both are possible
* add -d which deletes the XT_PAX xattr field
* silently ignore non-applicable command line flags so there is
more flexibility in scripting
* add proper exit code handling
2012-07-29
* remove unnecessary check for yasm in configure.ac
* make tests/gnustack machine independant by generating
native assembly using gcc
2012-07-27
* switch from yasm to gcc for assembler for arches other than
x86 and amd64
* opening an ELF_C_RDWR does not work for either libelf or
elfutils, so revert to ELF_C_RDWR_MMAP. This does, however,
break linking against libelf
2012-07-24
* scripts/{revdep-pax,paxmodule.c,pypaxctl}: python2/3 compat
* src/{fix-gnustack.c,paxctl-ng.c}, scripts/paxmodule.c:
switch from ELF_C_RDWR_MMAP to ELF_C_RDWR to link again libelf
for uclibc systems
* scripts/revdep-pax: remove bare exception handling, catch only
exceptions which are well understood, eg pax.error
* scripts/revdep-pax: switch from subprocess.check_output to
subprocess.Popen for better behavior
* scripts/revdep-pax: add sanity checks for missing OBJECT, SONAME,
and LIBRARY passed on the command line
* scripts/revdep-pax: simplify map reversal using setdefault to
avoid a double loop
2012-07-21
* scripts/revdep-pax: add option to only print out executables,
not libraries
* scripts/revdep-pax: allow for a more complex logic in migrating
flags from source to target. When the source says nothing about a
flag, the target's options survive
* misc/test-revdep-pax: add revdep-pax test code
* src/paxctl-ng.c: remove RANDEXEC completely. Its completely missing
from XT_PAX so remove it from PT_APX as well.
* src/paxctl-ng.c: switch to string implementation of XT_PAX following
upstreams implementation in the kernel
* scripts/paxmodule.c: switch to string implementation of XT_PAX
* scripts/pypaxctl: a (too?) simple front end to test python module
* src/paxctl-ng.c, scripts/paxmodule.c: create xattr user.pax.flags when
trying to set XT_PAX flags when the field doesn't already exit
2011-12-28
* misc/test-revdep-pax: added a test package for revdep-pax
* scripts/revdep-pax: added an allyes option
* scripts/revdep-pax: employ a more sophisticated logic for markings
when binary and library flags conflict
* scripts/revdep-pax: die elegantly if binary/library is not found
2011-12-04
* src/paxctl-ng.c: add exception handling when trying to pax.setflags
* src/paxctl-ng.c: make -e (report/mark only executables) filter output
from either verbose or non-verbose output
2011-11-26
* src/paxctl-ng.c: made verbosity more consistant
* src/paxctl-ng.c: build with/without xattr support
* scripts/{setup.py,paxmodule.c}: build with/without xattr support
* configure.ac: added --enable-xattr switch
* scripts/revdep-pax: add -e switch to only mark (-m) or to
only report on (-v) binaries that are in the shell's PATH
* tests/pxtpax: compare pax flags on binary and process
* fix-gnustack and paxctl-ng: fix exit code on success
* paxctl-ng: add file globbing
* paxctl-ng: if a file fails to open O_RDWR then
don't do PT_PAX markings but continue with XT_PAX
2011-10-23
* add XT_PAX read/write in paxct-ng.c and paxmodule.c
* create and/or copy XT_PAX flags to/from PT_PAX in paxctl-ng.c
* clean up error handling in paxctl-ng.c
* remove EI_PAX doc and add XT_PAX doc
2011-10-17 Anthony G. Basile <blueness@gentoo.org>
* add search by full library path in revdep-pax
* add pax_setflags to paxmodule.c
* add setflags to mismatched binaries/libraries in revdep-pax
* removed EI_PAX markings, bug #387459
2011-10-12 Anthony G. Basile <blueness@gentoo.org>
* Move actions for options to functions
* Add two levels of verbosity
2011-10-08 Anthony G. Basile <blueness@gentoo.org>
* Add python pax module and revdep-pax
* Add poc/paxmark-libs
2011-10-03 Anthony G. Basile <blueness@gentoo.org>
* Code cleanup and fixed make check
* Add poc/paxctl-xattr
2011-09-27 Anthony G. Basile <blueness@gentoo.org>
* Code cleanup and fix PT_PAX flag setting
2011-08-18 Anthony G. Basile <blueness@gentoo.org>
* Add paxctl-ng
2011-04-14 Anthony G. Basile <blueness@gentoo.org>
* Initial release
* Add fix-gnustack
-----
Copyright (C) 2011 Anthony G. Basile
Copying and distribution of this file, with or without modification, are
permitted provided the copyright notice and this notice are preserved.
|
GitWeb