/hg/release/icedtea7-2.3: PR1677: Update PaX support to detect r...

andrew at icedtea.classpath.org andrew at icedtea.classpath.org
Mon Feb 24 10:59:51 PST 2014 

changeset 541d09b19300 in /hg/release/icedtea7-2.3
details: http://icedtea.classpath.org/hg/release/icedtea7-2.3?cmd=changeset;node=541d09b19300
author: Andrew John Hughes <gnu_andrew at member.fsf.org>
date: Mon Feb 24 18:59:38 2014 +0000

	PR1677: Update PaX support to detect running PaX kernel and use newer tools

	2014-02-19  Andrew John Hughes  <gnu.andrew at member.fsf.org>

		PR1677: Update PaX support to detect running PaX
		kernel and use newer tools
		* NEWS: Updated.
		* acinclude.m4:
		(IT_HAS_PAX): New macro to detect whether the running
		kernel uses PaX.
		(IT_WITH_PAX): Rewritten to search for PaX tools -
		currently paxmark.sh, paxctl-ng, chpax and paxctl -
		and fail if a tool isn't found and a PaX kernel is
		being used.


diffstat:

 ChangeLog    |  13 ++++++++
 NEWS         |   3 +
 acinclude.m4 |  94 ++++++++++++++++++++++++++++++++++++++++-------------------
 3 files changed, 80 insertions(+), 30 deletions(-)

diffs (146 lines):

diff -r 0d9606a3f667 -r 541d09b19300 ChangeLog
--- a/ChangeLog	Wed Jan 22 12:32:34 2014 +0000
+++ b/ChangeLog	Mon Feb 24 18:59:38 2014 +0000
@@ -1,3 +1,16 @@
+2014-02-19  Andrew John Hughes  <gnu.andrew at member.fsf.org>
+
+	PR1677: Update PaX support to detect running PaX
+	kernel and use newer tools
+	* NEWS: Updated.
+	* acinclude.m4:
+	(IT_HAS_PAX): New macro to detect whether the running
+	kernel uses PaX.
+	(IT_WITH_PAX): Rewritten to search for PaX tools -
+	currently paxmark.sh, paxctl-ng, chpax and paxctl -
+	and fail if a tool isn't found and a PaX kernel is
+	being used.
+
 2014-01-22  Andrew John Hughes  <gnu.andrew at member.fsf.org>
 
 	* configure.ac: Bump to 2.3.14pre.
diff -r 0d9606a3f667 -r 541d09b19300 NEWS
--- a/NEWS	Wed Jan 22 12:32:34 2014 +0000
+++ b/NEWS	Mon Feb 24 18:59:38 2014 +0000
@@ -12,6 +12,9 @@
 
 New in release 2.3.14 (2014-01-XX):
 
+* Bug fixes
+  - PR1677: Update PaX support to detect running PaX kernel and use newer tools
+
 New in release 2.3.13 (2014-01-14):
 
 * Security fixes
diff -r 0d9606a3f667 -r 541d09b19300 acinclude.m4
--- a/acinclude.m4	Wed Jan 22 12:32:34 2014 +0000
+++ b/acinclude.m4	Mon Feb 24 18:59:38 2014 +0000
@@ -2239,45 +2239,79 @@
   AC_SUBST([enable_downloading])
 ])
 
+AC_DEFUN_ONCE([IT_HAS_PAX],
+[
+  AC_MSG_CHECKING([if a PaX kernel is in use])
+  if cat /proc/self/status | grep '^PaX' >&AS_MESSAGE_LOG_FD 2>&1; then
+    pax_active=yes;
+  else
+    pax_active=no;
+  fi
+  AC_MSG_RESULT([${pax_active}])
+  AM_CONDITIONAL([USING_PAX], test x"${pax_active}" = "xyes")
+])
+
 AC_DEFUN_ONCE([IT_WITH_PAX],
 [
-  AC_MSG_CHECKING([for pax utility to use])
+  AC_REQUIRE([IT_HAS_PAX])
+  PAX_DEFAULT=/usr/sbin/paxmark.sh
+  AC_MSG_CHECKING([if a PaX utility was specified])
   AC_ARG_WITH([pax],
               [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)],
   [
-    PAX_COMMAND=${withval}
+    if test "x${withval}" = "xyes"; then
+      PAX_COMMAND=no
+    else
+      PAX_COMMAND="${withval}"
+    fi
   ],
   [ 
+    PAX_COMMAND=no
+  ])
+  AC_MSG_RESULT(${PAX_COMMAND})
+  if test "x${PAX_COMMAND}" == "xno"; then
+    PAX_COMMAND=${PAX_DEFAULT}
+  fi
+  AC_MSG_CHECKING([if $PAX_COMMAND is a valid executable file])
+  if test -x "${PAX_COMMAND}" && test -f "${PAX_COMMAND}"; then
+    AC_MSG_RESULT([yes])
+  else
+    AC_MSG_RESULT([no])
+    PAX_COMMAND=""
+    AC_PATH_PROG(PAX_COMMAND, "paxmark.sh")
+    if test -z "${PAX_COMMAND}"; then
+      AC_PATH_PROG(PAX_COMMAND, "paxctl-ng")
+    fi
+    if test -z "${PAX_COMMAND}"; then
+      AC_PATH_PROG(PAX_COMMAND, "chpax")
+    fi
+    if test -z "${PAX_COMMAND}"; then
+      AC_PATH_PROG(PAX_COMMAND, "paxctl")
+    fi
+    if test -z "${PAX_COMMAND}"; then
+      if test "x${pax_active}" = "xyes"; then
+        AC_MSG_ERROR("No PaX utility found and running on a PaX kernel.")
+      else
+        AC_MSG_WARN("No PaX utility found.")
+      fi
+    fi
+  fi
+  if test -z "${PAX_COMMAND}"; then
     PAX_COMMAND="not specified"
-  ])
-  case "x${PAX_COMMAND}" in
-    xchpax)
-      case "${host_cpu}" in
-        i?86)
-          PAX_COMMAND_ARGS="-msp"
-          ;;
-        *)
-          PAX_COMMAND_ARGS="-m"
-          ;;
-      esac
-      ;;
-    xpaxctl)
-      case "${host_cpu}" in
-        i?86)
-          PAX_COMMAND_ARGS="-msp"
-          ;;
-        *)
-          PAX_COMMAND_ARGS="-m"
-          ;;
-      esac
-      ;;
-    *)
-      PAX_COMMAND="not specified"
-      PAX_COMMAND_ARGS="not specified"
-      ;;
-  esac
+    PAX_COMMAND_ARGS="not specified"
+  else
+    AC_MSG_CHECKING([which options to pass to ${PAX_COMMAND}])
+    case "${host_cpu}" in
+      i?86)
+        PAX_COMMAND_ARGS="-msp"
+        ;;
+      *)
+        PAX_COMMAND_ARGS="-m"
+        ;;
+    esac
+    AC_MSG_RESULT(${PAX_COMMAND_ARGS})
+  fi
   AM_CONDITIONAL(WITH_PAX, test "x${PAX_COMMAND}" != "xnot specified")
-  AC_MSG_RESULT(${PAX_COMMAND})
   AC_SUBST(PAX_COMMAND)
   AC_SUBST(PAX_COMMAND_ARGS)
 ])

More information about the distro-pkg-dev mailing list