1 |
blueness 14/08/30 14:06:04 |
2 |
|
3 |
Modified: ChangeLog pax-utils.eclass |
4 |
Log: |
5 |
Update pax-utils.eclass according to bug #520198 |
6 |
|
7 |
Revision Changes Path |
8 |
1.1361 eclass/ChangeLog |
9 |
|
10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?rev=1.1361&view=markup |
11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?rev=1.1361&content-type=text/plain |
12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/ChangeLog?r1=1.1360&r2=1.1361 |
13 |
|
14 |
Index: ChangeLog |
15 |
=================================================================== |
16 |
RCS file: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v |
17 |
retrieving revision 1.1360 |
18 |
retrieving revision 1.1361 |
19 |
diff -u -r1.1360 -r1.1361 |
20 |
--- ChangeLog 29 Aug 2014 23:38:05 -0000 1.1360 |
21 |
+++ ChangeLog 30 Aug 2014 14:06:04 -0000 1.1361 |
22 |
@@ -1,6 +1,9 @@ |
23 |
# ChangeLog for eclass directory |
24 |
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 |
25 |
-# $Header: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v 1.1360 2014/08/29 23:38:05 pesa Exp $ |
26 |
+# $Header: /var/cvsroot/gentoo-x86/eclass/ChangeLog,v 1.1361 2014/08/30 14:06:04 blueness Exp $ |
27 |
+ |
28 |
+ 30 Aug 2014; Anthony G. Basile <blueness@g.o> pax-utils.eclass: |
29 |
+ Update pax-utils.eclass according to bug #520198 |
30 |
|
31 |
30 Aug 2014; Davide Pesavento <pesa@g.o> +qt5-build.eclass: |
32 |
Initial commit of qt5-build.eclass |
33 |
|
34 |
|
35 |
|
36 |
1.23 eclass/pax-utils.eclass |
37 |
|
38 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.23&view=markup |
39 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.23&content-type=text/plain |
40 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?r1=1.22&r2=1.23 |
41 |
|
42 |
Index: pax-utils.eclass |
43 |
=================================================================== |
44 |
RCS file: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v |
45 |
retrieving revision 1.22 |
46 |
retrieving revision 1.23 |
47 |
diff -u -r1.22 -r1.23 |
48 |
--- pax-utils.eclass 11 Jul 2014 08:21:58 -0000 1.22 |
49 |
+++ pax-utils.eclass 30 Aug 2014 14:06:04 -0000 1.23 |
50 |
@@ -1,14 +1,13 @@ |
51 |
# Copyright 1999-2014 Gentoo Foundation |
52 |
# Distributed under the terms of the GNU General Public License v2 |
53 |
-# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.22 2014/07/11 08:21:58 ulm Exp $ |
54 |
+# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.23 2014/08/30 14:06:04 blueness Exp $ |
55 |
|
56 |
# @ECLASS: pax-utils.eclass |
57 |
# @MAINTAINER: |
58 |
# The Gentoo Linux Hardened Team <hardened@g.o> |
59 |
# @AUTHOR: |
60 |
# Original Author: Kevin F. Quinn <kevquinn@g.o> |
61 |
-# Modifications for bug #365825, @ ECLASS markup: Anthony G. Basile <blueness@g.o> |
62 |
-# Modifications for bug #431092: Anthony G. Basile <blueness@g.o> |
63 |
+# Modifications for bugs #365825, #431092, #520198, @ ECLASS markup: Anthony G. Basile <blueness@g.o> |
64 |
# @BLURB: functions to provide pax markings |
65 |
# @DESCRIPTION: |
66 |
# |
67 |
@@ -56,8 +55,6 @@ |
68 |
|
69 |
local f # loop over paxables |
70 |
local flags # pax flags |
71 |
- local pt_fail=0 pt_failures="" # record PT_PAX failures |
72 |
- local xt_fail=0 xt_failures="" # record xattr PAX marking failures |
73 |
local ret=0 # overal return code of this function |
74 |
|
75 |
# Only the actual PaX flags and z are accepted |
76 |
@@ -75,12 +72,12 @@ |
77 |
[[ "${flags//[!z]}" ]] && dodefault="yes" |
78 |
|
79 |
if has PT ${PAX_MARKINGS}; then |
80 |
+ _pax_list_files einfo "$@" |
81 |
+ for f in "$@"; do |
82 |
|
83 |
- #First try paxctl -> this might try to create/convert program headers |
84 |
- if type -p paxctl > /dev/null; then |
85 |
- einfo "PT PaX marking -${flags} with paxctl" |
86 |
- _pax_list_files einfo "$@" |
87 |
- for f in "$@"; do |
88 |
+ #First try paxctl -> this might try to create/convert program headers |
89 |
+ if type -p paxctl > /dev/null; then |
90 |
+ einfo "PT PaX marking -${flags} ${f} with paxctl" |
91 |
# First, try modifying the existing PAX_FLAGS header |
92 |
paxctl -q${flags} "${f}" && continue |
93 |
# Second, try creating a PT_PAX header (works on ET_EXEC) |
94 |
@@ -88,81 +85,57 @@ |
95 |
paxctl -qC${flags} "${f}" && continue |
96 |
# Third, try stealing the (unused under PaX) PT_GNU_STACK header |
97 |
paxctl -qc${flags} "${f}" && continue |
98 |
- pt_fail=1 |
99 |
- pt_failures="${pt_failures} ${f}" |
100 |
- done |
101 |
- |
102 |
- #Next try paxctl-ng -> this will not create/convert any program headers |
103 |
- elif type -p paxctl-ng > /dev/null && paxctl-ng -L ; then |
104 |
- einfo "PT PaX marking -${flags} with paxctl-ng" |
105 |
- flags="${flags//z}" |
106 |
- _pax_list_files einfo "$@" |
107 |
- for f in "$@"; do |
108 |
+ fi |
109 |
+ |
110 |
+ #Next try paxctl-ng -> this will not create/convert any program headers |
111 |
+ if type -p paxctl-ng > /dev/null && paxctl-ng -L ; then |
112 |
+ einfo "PT PaX marking -${flags} ${f} with paxctl-ng" |
113 |
+ flags="${flags//z}" |
114 |
[[ ${dodefault} == "yes" ]] && paxctl-ng -L -z "${f}" |
115 |
[[ "${flags}" ]] || continue |
116 |
paxctl-ng -L -${flags} "${f}" && continue |
117 |
- pt_fail=1 |
118 |
- pt_failures="${pt_failures} ${f}" |
119 |
- done |
120 |
- |
121 |
- #Finally fall back on scanelf |
122 |
- elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then |
123 |
- einfo "Fallback PaX marking -${flags} with scanelf" |
124 |
- _pax_list_files einfo "$@" |
125 |
- scanelf -Xxz ${flags} "$@" |
126 |
- |
127 |
- #We failed to set PT_PAX flags |
128 |
- elif [[ ${PAX_MARKINGS} != "none" ]]; then |
129 |
- pt_failures="$*" |
130 |
- pt_fail=1 |
131 |
- fi |
132 |
- |
133 |
- if [[ ${pt_fail} == 1 ]]; then |
134 |
- elog "Failed to set PT_PAX markings -${flags} for:" |
135 |
- _pax_list_files elog ${pt_failures} |
136 |
- ret=1 |
137 |
- fi |
138 |
+ fi |
139 |
+ |
140 |
+ #Finally fall back on scanelf |
141 |
+ if type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then |
142 |
+ ewarn "Fallback PaX marking -${flags} with scanelf" |
143 |
+ ewarn "Please check that PaX marking worked" |
144 |
+ scanelf -Xxz ${flags} "$f" |
145 |
+ #We failed to set PT_PAX flags |
146 |
+ elif [[ ${PAX_MARKINGS} != "none" ]]; then |
147 |
+ elog "Failed to set PT_PAX markings -${flags} ${f}." |
148 |
+ ret=1 |
149 |
+ fi |
150 |
+ done |
151 |
fi |
152 |
|
153 |
if has XT ${PAX_MARKINGS}; then |
154 |
- |
155 |
+ _pax_list_files einfo "$@" |
156 |
flags="${flags//z}" |
157 |
+ for f in "$@"; do |
158 |
|
159 |
- #First try paxctl-ng |
160 |
- if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then |
161 |
- einfo "XT PaX marking -${flags} with paxctl-ng" |
162 |
- _pax_list_files einfo "$@" |
163 |
- for f in "$@"; do |
164 |
+ #First try paxctl-ng |
165 |
+ if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then |
166 |
+ einfo "XT PaX marking -${flags} ${f} with paxctl-ng" |
167 |
[[ ${dodefault} == "yes" ]] && paxctl-ng -d "${f}" |
168 |
[[ "${flags}" ]] || continue |
169 |
paxctl-ng -l -${flags} "${f}" && continue |
170 |
- xt_fail=1 |
171 |
- xt_failures="${tx_failures} ${f}" |
172 |
- done |
173 |
- |
174 |
- #Next try setfattr |
175 |
- elif type -p setfattr > /dev/null; then |
176 |
- [[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150 |
177 |
- einfo "XT PaX marking -${flags} with setfattr" |
178 |
- _pax_list_files einfo "$@" |
179 |
- for f in "$@"; do |
180 |
+ fi |
181 |
+ |
182 |
+ #Next try setfattr |
183 |
+ if type -p setfattr > /dev/null; then |
184 |
+ [[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150 |
185 |
+ einfo "XT PaX marking -${flags} ${f} with setfattr" |
186 |
[[ ${dodefault} == "yes" ]] && setfattr -x "user.pax.flags" "${f}" |
187 |
setfattr -n "user.pax.flags" -v "${flags}" "${f}" && continue |
188 |
- xt_fail=1 |
189 |
- xt_failures="${tx_failures} ${f}" |
190 |
- done |
191 |
- |
192 |
- #We failed to set XATTR_PAX flags |
193 |
- elif [[ ${PAX_MARKINGS} != "none" ]]; then |
194 |
- xt_failures="$*" |
195 |
- xt_fail=1 |
196 |
- fi |
197 |
- |
198 |
- if [[ ${xt_fail} == 1 ]]; then |
199 |
- elog "Failed to set XATTR_PAX markings -${flags} for:" |
200 |
- _pax_list_files elog ${xt_failures} |
201 |
- ret=1 |
202 |
- fi |
203 |
+ fi |
204 |
+ |
205 |
+ #We failed to set XATTR_PAX flags |
206 |
+ if [[ ${PAX_MARKINGS} != "none" ]]; then |
207 |
+ elog "Failed to set XATTR_PAX markings -${flags} ${f}." |
208 |
+ ret=1 |
209 |
+ fi |
210 |
+ done |
211 |
fi |
212 |
|
213 |
# [[ ${ret} == 1 ]] && elog "Executables may be killed by PaX kernels." |