[gentoo-commits] gentoo-x86 commit in eclass: ChangeLog pax-utils.eclass - gentoo-commits

From:	"Anthony G. Basile (blueness)" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in eclass: ChangeLog pax-utils.eclass
Date:	Sat, 30 Aug 2014 14:06:08
Message-Id:	`20140830140604.B12064428@oystercatcher.gentoo.org`

1

blueness    14/08/30 14:06:04

2

3

  Modified:             ChangeLog pax-utils.eclass

4

  Log:

5

  Update pax-utils.eclass according to bug #520198

6

7

Revision  Changes    Path

8

1.1361               eclass/ChangeLog

9

10

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?rev=1.1361&view=markup

11

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?rev=1.1361&content-type=text/plain

12

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?r1=1.1360&r2=1.1361

13

14

Index: ChangeLog

15

===================================================================

16

RCS file: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v

17

retrieving revision 1.1360

18

retrieving revision 1.1361

19

diff -u -r1.1360 -r1.1361

20

--- ChangeLog	29 Aug 2014 23:38:05 -0000	1.1360

21

+++ ChangeLog	30 Aug 2014 14:06:04 -0000	1.1361

22

@@ -1,6 +1,9 @@

23

 # ChangeLog for eclass directory

24

 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2

25

-# $Header: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v 1.1360 2014/08/29 23:38:05 pesa Exp $

26

+# $Header: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v 1.1361 2014/08/30 14:06:04 blueness Exp $

27

+

28

+  30 Aug 2014; Anthony G. Basile <blueness@g.o> pax-utils.eclass:

29

+  Update pax-utils.eclass according to bug #520198

30

31

   30 Aug 2014; Davide Pesavento <pesa@g.o> +qt5-build.eclass:

32

   Initial commit of qt5-build.eclass

1.23                 eclass/pax-utils.eclass

37

38

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.23&view=markup

39

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.23&content-type=text/plain

40

diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?r1=1.22&r2=1.23

41

42

Index: pax-utils.eclass

43

===================================================================

44

RCS file: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v

45

retrieving revision 1.22

46

retrieving revision 1.23

47

diff -u -r1.22 -r1.23

48

--- pax-utils.eclass	11 Jul 2014 08:21:58 -0000	1.22

49

+++ pax-utils.eclass	30 Aug 2014 14:06:04 -0000	1.23

50

@@ -1,14 +1,13 @@

51

 # Copyright 1999-2014 Gentoo Foundation

52

 # Distributed under the terms of the GNU General Public License v2

53

-# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.22 2014/07/11 08:21:58 ulm Exp $

54

+# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.23 2014/08/30 14:06:04 blueness Exp $

55

56

 # @ECLASS: pax-utils.eclass

57

 # @MAINTAINER:

58

 # The Gentoo Linux Hardened Team <hardened@g.o>

59

 # @AUTHOR:

60

 # Original Author: Kevin F. Quinn <kevquinn@g.o>

61

-# Modifications for bug #365825, @ ECLASS markup: Anthony G. Basile <blueness@g.o>

62

-# Modifications for bug #431092: Anthony G. Basile <blueness@g.o>

63

+# Modifications for bugs #365825, #431092, #520198, @ ECLASS markup: Anthony G. Basile <blueness@g.o>

64

 # @BLURB: functions to provide pax markings

65

 # @DESCRIPTION:

66

#

67

@@ -56,8 +55,6 @@

68

69

 	local f								# loop over paxables

70

 	local flags							# pax flags

71

-	local pt_fail=0 pt_failures=""		# record PT_PAX failures

72

-	local xt_fail=0 xt_failures=""		# record xattr PAX marking failures

73

 	local ret=0							# overal return code of this function

74

75

 	# Only the actual PaX flags and z are accepted

76

@@ -75,12 +72,12 @@

77

 	[[ "${flags//[!z]}" ]] && dodefault="yes"

78

79

 	if has PT ${PAX_MARKINGS}; then

80

+		_pax_list_files einfo "$@"

81

+		for f in "$@"; do

82

83

-		#First try paxctl -> this might try to create/convert program headers

84

-		if type -p paxctl > /dev/null; then

85

-			einfo "PT PaX marking -${flags} with paxctl"

86

-			_pax_list_files einfo "$@"

87

-			for f in "$@"; do

88

+			#First try paxctl -> this might try to create/convert program headers

89

+			if type -p paxctl > /dev/null; then

90

+				einfo "PT PaX marking -${flags} ${f} with paxctl"

91

 				# First, try modifying the existing PAX_FLAGS header

92

 				paxctl -q${flags} "${f}" && continue

93

 				# Second, try creating a PT_PAX header (works on ET_EXEC)

94

@@ -88,81 +85,57 @@

95

 				paxctl -qC${flags} "${f}" && continue

96

 				# Third, try stealing the (unused under PaX) PT_GNU_STACK header

97

 				paxctl -qc${flags} "${f}" && continue

98

-				pt_fail=1

99

-				pt_failures="${pt_failures} ${f}"

100

-			done

101

-

102

-		#Next try paxctl-ng -> this will not create/convert any program headers

103

-		elif type -p paxctl-ng > /dev/null && paxctl-ng -L ; then

104

-			einfo "PT PaX marking -${flags} with paxctl-ng"

105

-			flags="${flags//z}"

106

-			_pax_list_files einfo "$@"

107

-			for f in "$@"; do

108

+			fi

109

+

110

+			#Next try paxctl-ng -> this will not create/convert any program headers

111

+			if type -p paxctl-ng > /dev/null && paxctl-ng -L ; then

112

+				einfo "PT PaX marking -${flags} ${f} with paxctl-ng"

113

+				flags="${flags//z}"

114

 				[[ ${dodefault} == "yes" ]] && paxctl-ng -L -z "${f}"

115

 				[[ "${flags}" ]] || continue

116

 				paxctl-ng -L -${flags} "${f}" && continue

117

-				pt_fail=1

118

-				pt_failures="${pt_failures} ${f}"

119

-			done

120

-

121

-		#Finally fall back on scanelf

122

-		elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then

123

-			einfo "Fallback PaX marking -${flags} with scanelf"

124

-			_pax_list_files einfo "$@"

125

-			scanelf -Xxz ${flags} "$@"

126

-

127

-		#We failed to set PT_PAX flags

128

-		elif [[ ${PAX_MARKINGS} != "none" ]]; then

129

-			pt_failures="$*"

130

-			pt_fail=1

131

-		fi

132

-

133

-		if [[ ${pt_fail} == 1 ]]; then

134

-			elog "Failed to set PT_PAX markings -${flags} for:"

135

-			_pax_list_files elog ${pt_failures}

136

-			ret=1

137

-		fi

138

+			fi

139

+

140

+			#Finally fall back on scanelf

141

+			if type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then

142

+				ewarn "Fallback PaX marking -${flags} with scanelf"

143

+				ewarn "Please check that PaX marking worked"

144

+				scanelf -Xxz ${flags} "$f"

145

+			#We failed to set PT_PAX flags

146

+			elif [[ ${PAX_MARKINGS} != "none" ]]; then

147

+				elog "Failed to set PT_PAX markings -${flags} ${f}."

148

+				ret=1

149

+			fi

150

+		done

151

fi

152

153

 	if has XT ${PAX_MARKINGS}; then

154

-

155

+		_pax_list_files einfo "$@"

156

 		flags="${flags//z}"

157

+		for f in "$@"; do

158

159

-		#First try paxctl-ng

160

-		if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then

161

-			einfo "XT PaX marking -${flags} with paxctl-ng"

162

-			_pax_list_files einfo "$@"

163

-			for f in "$@"; do

164

+			#First try paxctl-ng

165

+			if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then

166

+				einfo "XT PaX marking -${flags} ${f} with paxctl-ng"

167

 				[[ ${dodefault} == "yes" ]] && paxctl-ng -d "${f}"

168

 				[[ "${flags}" ]] || continue

169

 				paxctl-ng -l -${flags} "${f}" && continue

170

-				xt_fail=1

171

-				xt_failures="${tx_failures} ${f}"

172

-			done

173

-

174

-		#Next try setfattr

175

-		elif type -p setfattr > /dev/null; then

176

-			[[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150

177

-			einfo "XT PaX marking -${flags} with setfattr"

178

-			_pax_list_files einfo "$@"

179

-			for f in "$@"; do

180

+			fi

181

+

182

+			#Next try setfattr

183

+			if type -p setfattr > /dev/null; then

184

+				[[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150

185

+				einfo "XT PaX marking -${flags} ${f} with setfattr"

186

 				[[ ${dodefault} == "yes" ]] && setfattr -x "user.pax.flags" "${f}"

187

 				setfattr -n "user.pax.flags" -v "${flags}" "${f}" && continue

188

-				xt_fail=1

189

-				xt_failures="${tx_failures} ${f}"

190

-			done

191

-

192

-		#We failed to set XATTR_PAX flags

193

-		elif [[ ${PAX_MARKINGS} != "none" ]]; then

194

-			xt_failures="$*"

195

-			xt_fail=1

196

-		fi

197

-

198

-		if [[ ${xt_fail} == 1 ]]; then

199

-			elog "Failed to set XATTR_PAX markings -${flags} for:"

200

-			_pax_list_files elog ${xt_failures}

201

-			ret=1

202

-		fi

203

+			fi

204

+

205

+			#We failed to set XATTR_PAX flags

206

+			if [[ ${PAX_MARKINGS} != "none" ]]; then

207

+				elog "Failed to set XATTR_PAX markings -${flags} ${f}."

208

+				ret=1

209

+			fi

210

+		done

211

fi

212

213

 	# [[ ${ret} == 1 ]] && elog "Executables may be killed by PaX kernels."

1	blueness 14/08/30 14:06:04
2
3	Modified: ChangeLog pax-utils.eclass
4	Log:
5	Update pax-utils.eclass according to bug #520198
6
7	Revision Changes Path
8	1.1361 eclass/ChangeLog
9
10	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?rev=1.1361&view=markup
11	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?rev=1.1361&content-type=text/plain
12	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?r1=1.1360&r2=1.1361
13
14	Index: ChangeLog
15	===================================================================
16	RCS file: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v
17	retrieving revision 1.1360
18	retrieving revision 1.1361
19	diff -u -r1.1360 -r1.1361
20	--- ChangeLog 29 Aug 2014 23:38:05 -0000 1.1360
21	+++ ChangeLog 30 Aug 2014 14:06:04 -0000 1.1361
22	@@ -1,6 +1,9 @@
23	# ChangeLog for eclass directory
24	# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
25	-# $Header: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v 1.1360 2014/08/29 23:38:05 pesa Exp $
26	+# $Header: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v 1.1361 2014/08/30 14:06:04 blueness Exp $
27	+
28	+ 30 Aug 2014; Anthony G. Basile <blueness@g.o> pax-utils.eclass:
29	+ Update pax-utils.eclass according to bug #520198
30
31	30 Aug 2014; Davide Pesavento <pesa@g.o> +qt5-build.eclass:
32	Initial commit of qt5-build.eclass
33
34
35
36	1.23 eclass/pax-utils.eclass
37
38	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.23&view=markup
39	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.23&content-type=text/plain
40	diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?r1=1.22&r2=1.23
41
42	Index: pax-utils.eclass
43	===================================================================
44	RCS file: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v
45	retrieving revision 1.22
46	retrieving revision 1.23
47	diff -u -r1.22 -r1.23
48	--- pax-utils.eclass 11 Jul 2014 08:21:58 -0000 1.22
49	+++ pax-utils.eclass 30 Aug 2014 14:06:04 -0000 1.23
50	@@ -1,14 +1,13 @@
51	# Copyright 1999-2014 Gentoo Foundation
52	# Distributed under the terms of the GNU General Public License v2
53	-# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.22 2014/07/11 08:21:58 ulm Exp $
54	+# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.23 2014/08/30 14:06:04 blueness Exp $
55
56	# @ECLASS: pax-utils.eclass
57	# @MAINTAINER:
58	# The Gentoo Linux Hardened Team <hardened@g.o>
59	# @AUTHOR:
60	# Original Author: Kevin F. Quinn <kevquinn@g.o>
61	-# Modifications for bug #365825, @ ECLASS markup: Anthony G. Basile <blueness@g.o>
62	-# Modifications for bug #431092: Anthony G. Basile <blueness@g.o>
63	+# Modifications for bugs #365825, #431092, #520198, @ ECLASS markup: Anthony G. Basile <blueness@g.o>
64	# @BLURB: functions to provide pax markings
65	# @DESCRIPTION:
66	#
67	@@ -56,8 +55,6 @@
68
69	local f # loop over paxables
70	local flags # pax flags
71	- local pt_fail=0 pt_failures="" # record PT_PAX failures
72	- local xt_fail=0 xt_failures="" # record xattr PAX marking failures
73	local ret=0 # overal return code of this function
74
75	# Only the actual PaX flags and z are accepted
76	@@ -75,12 +72,12 @@
77	[[ "${flags//[!z]}" ]] && dodefault="yes"
78
79	if has PT ${PAX_MARKINGS}; then
80	+ _pax_list_files einfo "$@"
81	+ for f in "$@"; do
82
83	- #First try paxctl -> this might try to create/convert program headers
84	- if type -p paxctl > /dev/null; then
85	- einfo "PT PaX marking -${flags} with paxctl"
86	- _pax_list_files einfo "$@"
87	- for f in "$@"; do
88	+ #First try paxctl -> this might try to create/convert program headers
89	+ if type -p paxctl > /dev/null; then
90	+ einfo "PT PaX marking -${flags} ${f} with paxctl"
91	# First, try modifying the existing PAX_FLAGS header
92	paxctl -q${flags} "${f}" && continue
93	# Second, try creating a PT_PAX header (works on ET_EXEC)
94	@@ -88,81 +85,57 @@
95	paxctl -qC${flags} "${f}" && continue
96	# Third, try stealing the (unused under PaX) PT_GNU_STACK header
97	paxctl -qc${flags} "${f}" && continue
98	- pt_fail=1
99	- pt_failures="${pt_failures} ${f}"
100	- done
101	-
102	- #Next try paxctl-ng -> this will not create/convert any program headers
103	- elif type -p paxctl-ng > /dev/null && paxctl-ng -L ; then
104	- einfo "PT PaX marking -${flags} with paxctl-ng"
105	- flags="${flags//z}"
106	- _pax_list_files einfo "$@"
107	- for f in "$@"; do
108	+ fi
109	+
110	+ #Next try paxctl-ng -> this will not create/convert any program headers
111	+ if type -p paxctl-ng > /dev/null && paxctl-ng -L ; then
112	+ einfo "PT PaX marking -${flags} ${f} with paxctl-ng"
113	+ flags="${flags//z}"
114	[[ ${dodefault} == "yes" ]] && paxctl-ng -L -z "${f}"
115	[[ "${flags}" ]] \|\| continue
116	paxctl-ng -L -${flags} "${f}" && continue
117	- pt_fail=1
118	- pt_failures="${pt_failures} ${f}"
119	- done
120	-
121	- #Finally fall back on scanelf
122	- elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then
123	- einfo "Fallback PaX marking -${flags} with scanelf"
124	- _pax_list_files einfo "$@"
125	- scanelf -Xxz ${flags} "$@"
126	-
127	- #We failed to set PT_PAX flags
128	- elif [[ ${PAX_MARKINGS} != "none" ]]; then
129	- pt_failures="$*"
130	- pt_fail=1
131	- fi
132	-
133	- if [[ ${pt_fail} == 1 ]]; then
134	- elog "Failed to set PT_PAX markings -${flags} for:"
135	- _pax_list_files elog ${pt_failures}
136	- ret=1
137	- fi
138	+ fi
139	+
140	+ #Finally fall back on scanelf
141	+ if type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then
142	+ ewarn "Fallback PaX marking -${flags} with scanelf"
143	+ ewarn "Please check that PaX marking worked"
144	+ scanelf -Xxz ${flags} "$f"
145	+ #We failed to set PT_PAX flags
146	+ elif [[ ${PAX_MARKINGS} != "none" ]]; then
147	+ elog "Failed to set PT_PAX markings -${flags} ${f}."
148	+ ret=1
149	+ fi
150	+ done
151	fi
152
153	if has XT ${PAX_MARKINGS}; then
154	-
155	+ _pax_list_files einfo "$@"
156	flags="${flags//z}"
157	+ for f in "$@"; do
158
159	- #First try paxctl-ng
160	- if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then
161	- einfo "XT PaX marking -${flags} with paxctl-ng"
162	- _pax_list_files einfo "$@"
163	- for f in "$@"; do
164	+ #First try paxctl-ng
165	+ if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then
166	+ einfo "XT PaX marking -${flags} ${f} with paxctl-ng"
167	[[ ${dodefault} == "yes" ]] && paxctl-ng -d "${f}"
168	[[ "${flags}" ]] \|\| continue
169	paxctl-ng -l -${flags} "${f}" && continue
170	- xt_fail=1
171	- xt_failures="${tx_failures} ${f}"
172	- done
173	-
174	- #Next try setfattr
175	- elif type -p setfattr > /dev/null; then
176	- [[ "${flags//[!Ee]}" ]] \|\| flags+="e" # bug 447150
177	- einfo "XT PaX marking -${flags} with setfattr"
178	- _pax_list_files einfo "$@"
179	- for f in "$@"; do
180	+ fi
181	+
182	+ #Next try setfattr
183	+ if type -p setfattr > /dev/null; then
184	+ [[ "${flags//[!Ee]}" ]] \|\| flags+="e" # bug 447150
185	+ einfo "XT PaX marking -${flags} ${f} with setfattr"
186	[[ ${dodefault} == "yes" ]] && setfattr -x "user.pax.flags" "${f}"
187	setfattr -n "user.pax.flags" -v "${flags}" "${f}" && continue
188	- xt_fail=1
189	- xt_failures="${tx_failures} ${f}"
190	- done
191	-
192	- #We failed to set XATTR_PAX flags
193	- elif [[ ${PAX_MARKINGS} != "none" ]]; then
194	- xt_failures="$*"
195	- xt_fail=1
196	- fi
197	-
198	- if [[ ${xt_fail} == 1 ]]; then
199	- elog "Failed to set XATTR_PAX markings -${flags} for:"
200	- _pax_list_files elog ${xt_failures}
201	- ret=1
202	- fi
203	+ fi
204	+
205	+ #We failed to set XATTR_PAX flags
206	+ if [[ ${PAX_MARKINGS} != "none" ]]; then
207	+ elog "Failed to set XATTR_PAX markings -${flags} ${f}."
208	+ ret=1
209	+ fi
210	+ done
211	fi
212
213	# [[ ${ret} == 1 ]] && elog "Executables may be killed by PaX kernels."

Gentoo Archives: gentoo-commits