File: ChangeLog

package info (click to toggle)
checksec 2.6.0-2
  • links: PTS, VCS
  • area: main
  • in suites: bookworm, forky, sid, trixie
  • size: 10,936 kB
  • sloc: sh: 1,882; makefile: 2
file content (241 lines) | stat: -rw-r--r-- 10,264 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
 
Rev-2022052701 Brian Davis <slimm609@gmail.com>
  * update to 2.6.0
  * fix missing sysctl on fedora
    Thanks @spdfnet
  * remove extra parenthesis
    Thanks @koobs
  * add missing libc on LoongArch-64
    Thanks @xiaoxiaoafeifei
Rev-2021101001 Brian Davis <slimm609@gmail.com>
  * update to 2.5.0
  * split checksec into multiple files for easier maintenance and debugging
  * remove space between options and only support `=` until refactor can happen
  * Add pre-commit-checks
  * update License.txt to include BSD license
    Thanks @mr-segfault
  * Move to new Arch Linux docker images
    Thanks @Maryse47
  * Add photon support for tests
  * Check journalctl -k for NX protection
    Thanks @Tatsh
  * improve debug formatting
    Thanks @bmwiedemann
  * Fix shellcheck warnings and style issues
    Thanks @a1346054
  * Make --dir option follow symlinks
Rev-2020081501 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to 2.4.0
  * checksec.sh: checksec_automator.sh add check x-pie-executable
      Thanks @ja-pa
  * checksec.sh: Support for list file modifier
      Thanks @dsuarezv
  * checksec.sh: Update license
      Thanks @mr-segfault
Rev-2020052701 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to 2.2.0
  * checksec.sh: fix several small issues
      Thanks @cgzones
  * checksec.sh: add selfrando checks
      Thanks @Estella
  * checksec.sh: fix json validation
  * checksec.sh: added github actions validation tests
  * checksec.sh: fix stack protector functions
      Thanks @cgzones
  * checksec.sh: improve core dump checks
      Thanks @cgzones
  * checksec.sh: Run readelf in wide mode
      Thanks @cgzones
Rev-2019061301 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to 2.0.0 - Breaking changes in options, no longer support short options
  * checksec.sh: Rewrite checksec to use getopts and move to all functions
  * checksec.sh: add MUSL support
      Thanks g3ngr33n
  * checksec.sh: fixed coredumpcheck
Rev-2019061301 Brian Davis <slimm609@gmail.com>
  * checksec.sh: adds Clang CFI and SafeStack checks
      Thanks dobin
  * checksec.sh: Proc-all proccheck() json fix
      Thanks etke
  * checksec.sh: Fix --proc-all json output
      Thanks etke
  * checksec.sh: Switch --proc to use pgrep and fix json output
      Thanks etke
  * checksec.sh: Fix --proc-libs json output
      Thanks etke
  * checksec.sh: Fixed some calls to readelf missing stderr redirection to /dev/null
      Thanks areisbr
  * checksec.sh: fixed several issues around json and xml formatting
  * checksec.sh: fixed fortify source catching false positives
Rev-2019011901 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to 1.11.1
  * checksec.sh: resolved issues with readelf
  * checksec.sh: Added docker images for testing
  * checksec.sh: Added armhf and aarch64 libc locations
      Thanks Avamander
  * checksec.sh: Replace FS_COUNT with fgrep
      Thanks Iraugusto
  * checksec.sh: Fixed symbols count in csv
      Thanks Iraugusto
  * checksec.sh: Fixed RW-RPATH and RW-RUNPATH
      Thanks Iraugusto
  * checksec.sh: Added stack canaries generated by intel compiler
      Thanks Xavier Brouckaert
  * checksec.sh: Mute stat errors for non-existent directories
      Thanks Iraugusto
  * checksec.sh: Removed invalid json structures and duplicate kernel checks
  * checksec.sh: fixed spaces in -d option
  * checksec.sh: Added stack-protector-string check
      Thanks scottellis
  * checksec.sh: Add arm64 specific kernel checks
      Thanks scottellis
  * checksec.sh: Add REFCOUNT_FULL to kernel tests
      Thanks scottellis
  * checksec.sh: Remove OSX support
Rev-2018012401 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to 1.9.0
  * checksec.sh: made all kernel checks dependant on kernel version
  * checksec.sh: moved man page to section 1
  * checksec.sh: fixed debug flag
  * checksec.sh: resolved issue with -d
  * checksec.sh: fixed stack protector on 4.18+ kernels
      Thanks cheese
  * checksec.sh: fixed runpath name in output
      Thanks philipturnbull
  * checksec.sh: updated readme for offline testing
      Thanks matthew-l-weber
Rev-2018012401 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to 1.8.0
  * checksec.sh: resolved issue with eu-readelf debug
  * checksec.sh: shellcheck cleanup
Rev-2017080801 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Cleaned up if statements for proper bash expressions
Rev-2016102701 Brian Davis <slimm609@gmail.com>
  * checksec.sh: updated to 1.7.5
  * checksec.sh: added OSX support
      Thanks Ben Actis
  * checksec.sh: added space and underscore support
      Thanks brianmwaters
  * checksec.sh: cleaned up code formatting
Rev-2016022002 Brian Davis <slimm609@gmail.com>
  * checksec.sh: updated to 1.7.4
  * checksec.sh: fixed man page
  * checksec.sh: added pkg_release option to disable updates for packaged releases
  * checksec.sh: cleanup up proc-libs
Rev-2016021501 Brian Davis <slimm609@gmail.com>
  * checksec.sh: merged in zsh completion
      Thanks Vaeth
  * checksec.sh: added man page for checksec
  * checksec.sh: updated readme to reflect output in place of format option
Rev-2016021501 Brian Davis <slimm609@gmail.com>
  * checksec.sh: updated to 1.7.3
  * checksec.sh: added xml and json validation tests
  * checksec.sh: fixed xml and json errors from validation tests
  * checksec.sh: expanded grsecurity checks and cleaned up formatting
Rev-2016010502 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Added some extra debug output and started cleanup.
Rev-2016010501 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Fixed sysctl path issue #20
      Thanks hartwork
Rev-2015122201 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Merged in json fixes.
      Thanks jpouellet
Rev-2015122101 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Merged in passing in command line kernel config, x86 fix and optional tools.
      Thanks philippedeswert
  * checksec.sh: split off mandatory tool from optional tools.
  * checksec.sh: Updated to 1.7.1
  * checksec.sh: Added Seccomp tests from olivierlemoal.
Rev-2015102001 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Set static LC_ALL to resolve LANG errors. Resolves Ticket #13
  * checksec.sh: Merged in additional kernel options and arch specific options. Ticket #14
      Thanks philippedeswert
  * checksec.sh: Updated to 1.7.0 to support revision releases.
  * checksec.sh: put in checks to not display checks that are for different architectures.
Rev-2015091505 Brian Davis <slimm609@gmail.com>
  * checksec.sh: added additional debug output for troubleshooting purposes
Rev-2015091401 Brian Davis <slimm609@gmail.com>
  * checksec.sh: added debug option for troubleshooting purposes
Rev-2015091301 Brian Davis <slimm609@gmail.com>
  * checksec.sh: merged in changes for fedora/epel compliance
      Thanks Besser82
  * checksec.sh: updated check binaries on run
      Thanks Roberto Martelloni
Rev-2015060201 Brian Davis <slimm609@gmail.com>
  * checksec.sh: merged in fortified/fortify-able stats on --file output changed
      Thanks Roberto Martelloni
Rev-2015011201 Brian Davis <slimm609@gmail.com>
  * checksec.sh: moved checksec.sh to checksec
Rev-2014021802 Brian Davis <slimm609@gmail.com>
  * checksec.sh: merged in RODATA and STRICT_USER_COPY changes
      Thanks N8Fear
Rev-2014021801 Brian Davis <slimm609@gmail.com>
  * checksec.sh: merged in JIT and MODHARDEN changes
      Thanks N8Fear
Rev-2014021605 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Changed --update to verify signature of updates.
  * checksec.sig: file added
Rev-2014021601 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Removed deprecated Kern Heap section
      Thanks Unspawn
2014-02-14 Brian Davis <slimm609@gmail.com>
  * checksec.sh: Updated to version 1.6
  * checksec.sh: Implemented rev numbers and --update option
  * checksec.sh: Added SELinux checks as additional checks for kernel security.
  * checksec.sh: Added update option to pull the latest release
  * checksec.sh: Added fortify_source to proc-all output.
  * checksec.sh: Added Json, strict XML and updated Grsecurity section.
  * checksec.sh: Carried over Robin David's changes with XML and CSV.
2013-10-06 Robin David    <dev.robin.david@gmail.com>
  * add machine-readable outputs like CSV and XML
2011-11-17 Tobias Klein    <tk@trapkit.de>
  * 1.5
  * New checks for rpath and runpath elements in the dynamic sections.
    Thanks to Ollie Whitehouse.
  * Other bugfixes and improvements
    - checksec.sh now takes account of the KBUILD_OUTPUT
      environment variable when checking the Linux kernel
      protection mechanisms (--kernel).
      Thanks to Martin Vaeth for the hint.
    - Some minor changes and clean-ups. Thanks to Brian Davis.
    - Ubuntu 11.10 support for --fortify-file and --fortify-proc.
2011-01-14    Tobias Klein     <tk@trapkit.de>
  * 1.4

  * Support for FORTIFY_SOURCE (--fortify-file, --fortify-proc)

  * Lots of other bugfixes and improvements
    - Check if the readelf command is available
    - readelf support for 64-bit ELF files
    - Check if the requested files and directories do exist
    - '--dir' is now case-sensitive and correctly deals with
      trailing slashes
    - Check user permissions
    - Etc.
2010-06-15    Tobias Klein    <tk@trapkit.de>
  * 1.3.1

  * New BSD License
    (http://www.opensource.org/licenses/bsd-license.php)
2010-05-04    Tobias Klein    <tk@trapkit.de>
  * 1.3
  * Additional checks for a number of Linux kernel
    protection mechanisms.
    Thanks to Jon Oberheide (jon.oberheide.org).
2010-01-02    Tobias Klein    <tk@trapkit.de>
  * 1.2
  * Additional PaX (http://pax.grsecurity.net/) checks.
    Thanks to Brad Spengler (grsecurity.net) for the PaX
    support.
  * Some minor fixes (coloring adjusted, 'pidof' replacement)
2009-12-27    Tobias Klein    <tk@trapkit.de>
  * 1.1
  * New '--proc-libs' option. This option instructs
    checksec.sh to test the loaded libraries of a process.
  * Additional information on ASLR results (--proc,
    -proc-all, --proc-libs)
    Thanks to Anthony G. Basile of the Tin Hat project
    for the hint.
  * Additional CPU NX check (--proc, --proc-all, --proc-libs)
2009-01-28    Tobias Klein    <tk@trapkit.de>
  * 1.0
  * Initial release