aboutsummaryrefslogtreecommitdiff
blob: d9993b1375435af47c4db7b3303d681aa83f9c1f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
2014-12-22

	* scripts/paxmark.sh: remove erroneous elog functions
	* scripts/paxmark.sh: source /etc/portage/make.conf for PAX_MARKINGS
	and correct logic to default to PT only if no PAX_MARKINGS are set.
	Reported by Karl-Johan Karlsson <creideiki+gentoo-hardened@ferretporn.se>

2014-10-03

	* scripts/paxmark.sh: backport improvements from pax-utils.eclass
	* configure.ac: remove bash-isms
	See: https://bugs.gentoo.org/525240

2014-07-30

	* Build fix-gnustack conditionally on --enable-ptpax to avoid dependancy
	on elfutils or libelf when it needed for fix-gnustack but not paxctl-ng.
	The future solution will be break out fix-gnustack.
	See: https://bugs.gentoo.org/518524

2014-06-07

	* Switch from error() to errx() in fix-gnustack.c and paxctl-ng.c to
	make the code portable to musl (and BSD).

2014-05-31

	* Remove check from install-xattr which is messing up portage's install
	wrapper.  See https://bugs.gentoo.org/511984

2014-05-27

	* Added ldd.py, a clone of ldd built on top of pyelftools

2014-01-08

	* Added install.wrapper.c for https://bugs.gentoo.org/465000

2013-09-26

	* Return EXIT_SUCCESS if user.pax.flags is done after paxctl-ng -d.  This
	addresses https://bugs.gentoo.org/485908

2013-05-20

	* Bump to automake 1.12
	* Add check if ELF_C_RDWR_MMAP is declared in libelf.h.  This distinguishes
	elfutils from libelf.  The former will not build on uclibc, but the laster
	does not provide ELF_C_RDWR_MMAP.
	* Clean up the tests so they work for all combinations of --{en,dis}able-{pt,xt}pax
	* Add a bash utility, paxmark.sh, which does PaX marking like the eclass.  This is for
	build systems that do PaX marking during the build.

2012-12-28

	* src/paxctl-ng.c: -L/-l alone report if PT_PAX/XATTR_PAX is supported.
	* Use NEEDED.ELF.2 for revdep-pax and migrate-pax

2012-12-26

	* Fix the flag logic on paxctl-ng and clean up documenation
	* Encapsulate all forward/reverse linkings in class LinkMap in link_map.py
	* Use the portage module instead of reading /var/db/pkg for link info
	* Use NEEDED.ELF.2 instead of deprecated NEEDED for link info

2012-12-21

	* Change the name XT_PAX to XATTR_PAX to follow upstream everywhere
	except in this document.

2012-12-16

	* Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them
	As of >=glibc-2.16 gentoo no longer carries PAX_DECLS in elf.h
	* scripts/paxmodule.c: do not use '-' when setting null XATTR PAX flags
	* scripts/paxmodule.c: adopt the update_flags() logic of paxctl-ng.c
	* scripts/paxmodule.c: adopt the parse_cmd_args() logic of paxctl-ng.c
	* scripts/revdep-pax: clean up flag exporter/importer logic
	* added tests/paxmodule: test python pax module
	* added up tests/pxtpax: do marked flags <-> running process testing
	* added tests/revdeppaxtest: test revdep-pax
	* Tests now give proper return values and are not verbose by default

2012-11-10

	* fix a typo in revdep-pax script and documentation
	* make both PT_PAX and xattr PAX optionally enabled/disabled in
	configure.ac and propagated to src/paxctl-ng.c and script/paxmodule.c
	* add -L -l which limits markings to only PT_PAX or XT_PAX when
	both are possible
	* add -d which deletes the XT_PAX xattr field
	* silently ignore non-applicable command line flags so there is
	more flexibility in scripting
	* add proper exit code handling

2012-07-29

	* remove unnecessary check for yasm in configure.ac
	* make tests/gnustack machine independant by generating
	native assembly using gcc

2012-07-27

	* switch from yasm to gcc for assembler for arches other than
	x86 and amd64
	* opening an ELF_C_RDWR does not work for either libelf or
	elfutils, so revert to ELF_C_RDWR_MMAP.  This does, however,
	break linking against libelf

2012-07-24

	* scripts/{revdep-pax,paxmodule.c,pypaxctl}: python2/3 compat
	* src/{fix-gnustack.c,paxctl-ng.c}, scripts/paxmodule.c:
	switch from ELF_C_RDWR_MMAP to ELF_C_RDWR to link again libelf
	for uclibc systems
	* scripts/revdep-pax: remove bare exception handling, catch only
	exceptions which are well understood, eg pax.error
	* scripts/revdep-pax: switch from subprocess.check_output to
	subprocess.Popen for better behavior
	* scripts/revdep-pax: add sanity checks for missing OBJECT, SONAME,
	and LIBRARY passed on the command line
	* scripts/revdep-pax: simplify map reversal using setdefault to
	avoid a double loop

2012-07-21

	* scripts/revdep-pax: add option to only print out executables,
	not libraries
	* scripts/revdep-pax: allow for a more complex logic in migrating
	flags from source to target.  When the source says nothing about a
	flag, the target's options survive
	* misc/test-revdep-pax: add revdep-pax test code
	* src/paxctl-ng.c: remove RANDEXEC completely.  Its completely missing
	from XT_PAX so remove it from PT_APX as well.
	* src/paxctl-ng.c: switch to string implementation of XT_PAX following
	upstreams implementation in the kernel
	* scripts/paxmodule.c: switch to string implementation of XT_PAX
	* scripts/pypaxctl: a (too?) simple front end to test python module
	* src/paxctl-ng.c, scripts/paxmodule.c: create xattr user.pax.flags when
	trying to set XT_PAX flags when the field doesn't already exit

2011-12-28

	* misc/test-revdep-pax: added a test package for revdep-pax
	* scripts/revdep-pax: added an allyes option
	* scripts/revdep-pax: employ a more sophisticated logic for markings
	when binary and library flags conflict
	* scripts/revdep-pax: die elegantly if binary/library is not found

2011-12-04

	* src/paxctl-ng.c: add exception handling when trying to pax.setflags
	* src/paxctl-ng.c: make -e (report/mark only executables) filter output
	from either verbose or non-verbose output

2011-11-26

	* src/paxctl-ng.c: made verbosity more consistant
	* src/paxctl-ng.c: build with/without xattr support
	* scripts/{setup.py,paxmodule.c}: build with/without xattr support
	* configure.ac: added --enable-xattr switch
	* scripts/revdep-pax: add -e switch to only mark (-m) or to
	only report on (-v) binaries that are in the shell's PATH
	* tests/pxtpax: compare pax flags on binary and process
	* fix-gnustack and paxctl-ng: fix exit code on success
	* paxctl-ng: add file globbing
	* paxctl-ng: if a file fails to open O_RDWR then
	don't do PT_PAX markings but continue with XT_PAX

2011-10-23

	* add XT_PAX read/write in paxct-ng.c and paxmodule.c
	* create and/or copy XT_PAX flags to/from PT_PAX in paxctl-ng.c
	* clean up error handling in paxctl-ng.c
	* remove EI_PAX doc and add XT_PAX doc

2011-10-17  Anthony G. Basile <blueness@gentoo.org>

	* add search by full library path in revdep-pax
	* add pax_setflags to paxmodule.c
	* add setflags to mismatched binaries/libraries in revdep-pax
	* removed EI_PAX markings, bug #387459

2011-10-12  Anthony G. Basile <blueness@gentoo.org>

	* Move actions for options to functions
	* Add two levels of verbosity

2011-10-08  Anthony G. Basile <blueness@gentoo.org>

	* Add python pax module and revdep-pax
	* Add poc/paxmark-libs

2011-10-03  Anthony G. Basile <blueness@gentoo.org>

	* Code cleanup and fixed make check
	* Add poc/paxctl-xattr

2011-09-27  Anthony G. Basile <blueness@gentoo.org>

	* Code cleanup and fix PT_PAX flag setting

2011-08-18  Anthony G. Basile <blueness@gentoo.org>

	* Add paxctl-ng

2011-04-14  Anthony G. Basile <blueness@gentoo.org>

	* Initial release
	* Add fix-gnustack
-----

Copyright (C) 2011  Anthony G. Basile

Copying and distribution of this file, with or without modification, are
permitted provided the copyright notice and this notice are preserved.