Mercurial > hg > release > icedtea6-1.13

--- a/ChangeLog	Wed Jul 22 16:24:14 2015 +0100
+++ b/ChangeLog	Wed Jul 22 16:27:58 2015 +0100
@@ -1,3 +1,16 @@
+2015-07-13  Andrew John Hughes  <gnu_andrew@member.fsf.org>
+
+	PR2507, G541462: Only apply PaX markings by default
+	on running PaX kernels
+	* NEWS: Updated.
+	* acinclude.m4:
+	(IT_HAS_PAX): Use grep directly rather
+	than piping from cat.
+	(IT_WITH_PAX): Use ${pax_active} as the
+	default value. Handle --with-pax and
+	--without-pax options (i.e. without arguments)
+	better.
+
 2015-07-15  Andrew John Hughes  <gnu_andrew@member.fsf.org>

 	PR2391: Make elliptic curve removal
--- a/NEWS	Wed Jul 22 16:24:14 2015 +0100
+++ b/NEWS	Wed Jul 22 16:27:58 2015 +0100
@@ -54,6 +54,7 @@
   - PR2460: Policy JAR files should be timestamped with the date of the policy file they hold
   - PR2481, RH489586, RH1236619: OpenJDK can't handle spaces in zone names in /etc/sysconfig/clock
   - PR2486: JSSE server is still limited to 768-bit DHE
+  - PR2508, G541462: Only apply PaX markings by default on running PaX kernels

 New in release 1.13.7 (2015-04-14):
--- a/acinclude.m4	Wed Jul 22 16:24:14 2015 +0100
+++ b/acinclude.m4	Wed Jul 22 16:27:58 2015 +0100
@@ -2163,7 +2163,7 @@
 AC_DEFUN_ONCE([IT_HAS_PAX],
 [
   AC_MSG_CHECKING([if a PaX kernel is in use])
-  if cat /proc/self/status | grep '^PaX' >&AS_MESSAGE_LOG_FD 2>&1; then
+  if grep '^PaX' /proc/self/status >&AS_MESSAGE_LOG_FD 2>&1; then
     pax_active=yes;
   else
     pax_active=no;
@@ -2180,41 +2180,44 @@
   AC_ARG_WITH([pax],
               [AS_HELP_STRING(--with-pax=COMMAND,the command used for pax marking)],
   [
-    if test "x${withval}" = "xyes"; then
-      PAX_COMMAND=no
-    else
-      PAX_COMMAND="${withval}"
-    fi
+    PAX_COMMAND="${withval}"
   ],
   [
-    PAX_COMMAND=no
+    PAX_COMMAND=${pax_active}
   ])
-  AC_MSG_RESULT(${PAX_COMMAND})
-  if test "x${PAX_COMMAND}" == "xno"; then
+  if test "x${PAX_COMMAND}" == "xyes"; then
+    AC_MSG_RESULT([no])
     PAX_COMMAND=${PAX_DEFAULT}
+    AC_MSG_NOTICE([PaX enabled but no tool specified; using ${PAX_DEFAULT}])
+  else
+    AC_MSG_RESULT(${PAX_COMMAND})
   fi
-  AC_MSG_CHECKING([if $PAX_COMMAND is a valid executable file])
-  if test -x "${PAX_COMMAND}" && test -f "${PAX_COMMAND}"; then
-    AC_MSG_RESULT([yes])
+  if test "x${PAX_COMMAND}" != "xno"; then
+    AC_MSG_CHECKING([if $PAX_COMMAND is a valid executable file])
+    if test -x "${PAX_COMMAND}" && test -f "${PAX_COMMAND}"; then
+      AC_MSG_RESULT([yes])
+    else
+      AC_MSG_RESULT([no])
+      PAX_COMMAND=""
+      AC_PATH_PROG(PAX_COMMAND, "paxmark.sh")
+      if test -z "${PAX_COMMAND}"; then
+        AC_PATH_PROG(PAX_COMMAND, "paxctl-ng")
+      fi
+      if test -z "${PAX_COMMAND}"; then
+        AC_PATH_PROG(PAX_COMMAND, "chpax")
+      fi
+      if test -z "${PAX_COMMAND}"; then
+        AC_PATH_PROG(PAX_COMMAND, "paxctl")
+      fi
+    fi
   else
-    AC_MSG_RESULT([no])
     PAX_COMMAND=""
-    AC_PATH_PROG(PAX_COMMAND, "paxmark.sh")
-    if test -z "${PAX_COMMAND}"; then
-      AC_PATH_PROG(PAX_COMMAND, "paxctl-ng")
-    fi
-    if test -z "${PAX_COMMAND}"; then
-      AC_PATH_PROG(PAX_COMMAND, "chpax")
-    fi
-    if test -z "${PAX_COMMAND}"; then
-      AC_PATH_PROG(PAX_COMMAND, "paxctl")
-    fi
-    if test -z "${PAX_COMMAND}"; then
-      if test "x${pax_active}" = "xyes"; then
-        AC_MSG_ERROR("No PaX utility found and running on a PaX kernel.")
-      else
-        AC_MSG_WARN("No PaX utility found.")
-      fi
+  fi
+  if test -z "${PAX_COMMAND}"; then
+    if test "x${pax_active}" = "xyes"; then
+      AC_MSG_ERROR("No PaX utility found and running on a PaX kernel.")
+    else
+      AC_MSG_WARN("No PaX utility found.")
     fi
   fi
   if test -z "${PAX_COMMAND}"; then