1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
|
2012-12-26
* Fix the flag logic on paxctl-ng and clean up documenation
* Encapsulate all forward/reverse linkings in class LinkMap in link_map.py
* Use the portage module instead of reading /var/db/pkg for link info
* Use NEEDED.ELF.2 instead of deprecated NEEDED for link info
2012-12-21
* Change the name XT_PAX to XATTR_PAX to follow upstream everywhere
except in this document.
2012-12-16
* Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them
As of >=glibc-2.16 gentoo no longer carries PAX_DECLS in elf.h
* scripts/paxmodule.c: do not use '-' when setting null XATTR PAX flags
* scripts/paxmodule.c: adopt the update_flags() logic of paxctl-ng.c
* scripts/paxmodule.c: adopt the parse_cmd_args() logic of paxctl-ng.c
* scripts/revdep-pax: clean up flag exporter/importer logic
* added tests/paxmodule: test python pax module
* added up tests/pxtpax: do marked flags <-> running process testing
* added tests/revdeppaxtest: test revdep-pax
* Tests now give proper return values and are not verbose by default
2012-11-10
* fix a typo in revdep-pax script and documentation
* make both PT_PAX and xattr PAX optionally enabled/disabled in
configure.ac and propagated to src/paxctl-ng.c and script/paxmodule.c
* add -L -l which limits markings to only PT_PAX or XT_PAX when
both are possible
* add -d which deletes the XT_PAX xattr field
* silently ignore non-applicable command line flags so there is
more flexibility in scripting
* add proper exit code handling
2012-07-29
* remove unnecessary check for yasm in configure.ac
* make tests/gnustack machine independant by generating
native assembly using gcc
2012-07-27
* switch from yasm to gcc for assembler for arches other than
x86 and amd64
* opening an ELF_C_RDWR does not work for either libelf or
elfutils, so revert to ELF_C_RDWR_MMAP. This does, however,
break linking against libelf
2012-07-24
* scripts/{revdep-pax,paxmodule.c,pypaxctl}: python2/3 compat
* src/{fix-gnustack.c,paxctl-ng.c}, scripts/paxmodule.c:
switch from ELF_C_RDWR_MMAP to ELF_C_RDWR to link again libelf
for uclibc systems
* scripts/revdep-pax: remove bare exception handling, catch only
exceptions which are well understood, eg pax.error
* scripts/revdep-pax: switch from subprocess.check_output to
subprocess.Popen for better behavior
* scripts/revdep-pax: add sanity checks for missing OBJECT, SONAME,
and LIBRARY passed on the command line
* scripts/revdep-pax: simplify map reversal using setdefault to
avoid a double loop
2012-07-21
* scripts/revdep-pax: add option to only print out executables,
not libraries
* scripts/revdep-pax: allow for a more complex logic in migrating
flags from source to target. When the source says nothing about a
flag, the target's options survive
* misc/test-revdep-pax: add revdep-pax test code
* src/paxctl-ng.c: remove RANDEXEC completely. Its completely missing
from XT_PAX so remove it from PT_APX as well.
* src/paxctl-ng.c: switch to string implementation of XT_PAX following
upstreams implementation in the kernel
* scripts/paxmodule.c: switch to string implementation of XT_PAX
* scripts/pypaxctl: a (too?) simple front end to test python module
* src/paxctl-ng.c, scripts/paxmodule.c: create xattr user.pax.flags when
trying to set XT_PAX flags when the field doesn't already exit
2011-12-28
* misc/test-revdep-pax: added a test package for revdep-pax
* scripts/revdep-pax: added an allyes option
* scripts/revdep-pax: employ a more sophisticated logic for markings
when binary and library flags conflict
* scripts/revdep-pax: die elegantly if binary/library is not found
2011-12-04
* src/paxctl-ng.c: add exception handling when trying to pax.setflags
* src/paxctl-ng.c: make -e (report/mark only executables) filter output
from either verbose or non-verbose output
2011-11-26
* src/paxctl-ng.c: made verbosity more consistant
* src/paxctl-ng.c: build with/without xattr support
* scripts/{setup.py,paxmodule.c}: build with/without xattr support
* configure.ac: added --enable-xattr switch
* scripts/revdep-pax: add -e switch to only mark (-m) or to
only report on (-v) binaries that are in the shell's PATH
* tests/pxtpax: compare pax flags on binary and process
* fix-gnustack and paxctl-ng: fix exit code on success
* paxctl-ng: add file globbing
* paxctl-ng: if a file fails to open O_RDWR then
don't do PT_PAX markings but continue with XT_PAX
2011-10-23
* add XT_PAX read/write in paxct-ng.c and paxmodule.c
* create and/or copy XT_PAX flags to/from PT_PAX in paxctl-ng.c
* clean up error handling in paxctl-ng.c
* remove EI_PAX doc and add XT_PAX doc
2011-10-17 Anthony G. Basile <blueness@gentoo.org>
* add search by full library path in revdep-pax
* add pax_setflags to paxmodule.c
* add setflags to mismatched binaries/libraries in revdep-pax
* removed EI_PAX markings, bug #387459
2011-10-12 Anthony G. Basile <blueness@gentoo.org>
* Move actions for options to functions
* Add two levels of verbosity
2011-10-08 Anthony G. Basile <blueness@gentoo.org>
* Add python pax module and revdep-pax
* Add poc/paxmark-libs
2011-10-03 Anthony G. Basile <blueness@gentoo.org>
* Code cleanup and fixed make check
* Add poc/paxctl-xattr
2011-09-27 Anthony G. Basile <blueness@gentoo.org>
* Code cleanup and fix PT_PAX flag setting
2011-08-18 Anthony G. Basile <blueness@gentoo.org>
* Add paxctl-ng
2011-04-14 Anthony G. Basile <blueness@gentoo.org>
* Initial release
* Add fix-gnustack
-----
Copyright (C) 2011 Anthony G. Basile
Copying and distribution of this file, with or without modification, are
permitted provided the copyright notice and this notice are preserved.
|
GitWeb