| 1 |
commit: 3fc26bb5c292f97aa03e9649b785e46d90a3b5a4 |
| 2 |
Author: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Dec 1 00:41:50 2017 +0000 |
| 4 |
Commit: Magnus Granberg <zorry <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Dec 1 00:43:07 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fc26bb5 |
| 7 |
|
| 8 |
profiles: update hardened on the new 17.0 profile |
| 9 |
|
| 10 |
profiles/features/hardened/amd64/package.use | 7 ++++--- |
| 11 |
profiles/features/hardened/amd64/package.use.force | 7 ------- |
| 12 |
profiles/features/hardened/make.defaults | 13 ++++++++++++- |
| 13 |
profiles/features/hardened/package.use.mask | 9 ++++++++- |
| 14 |
profiles/features/hardened/packages | 2 +- |
| 15 |
profiles/features/hardened/use.force | 2 +- |
| 16 |
6 files changed, 26 insertions(+), 14 deletions(-) |
| 17 |
|
| 18 |
diff --git a/profiles/features/hardened/amd64/package.use b/profiles/features/hardened/amd64/package.use |
| 19 |
index 0cef7f8d1d9..dff56ad8871 100644 |
| 20 |
--- a/profiles/features/hardened/amd64/package.use |
| 21 |
+++ b/profiles/features/hardened/amd64/package.use |
| 22 |
@@ -3,10 +3,11 @@ |
| 23 |
|
| 24 |
# Magnus Granberg <zorry@g.o> (14 Jan, 2015) |
| 25 |
# We need to have the pic flag on. |
| 26 |
-# Bugs 490276, 513464, 523736 and 512208. |
| 27 |
+# Bugs 358929, 490276, 513464, 523736 and 512208. |
| 28 |
media-libs/x264 pic |
| 29 |
media-video/ffmpeg pic |
| 30 |
media-video/libav pic |
| 31 |
->=media-libs/mesa-10.1.6 pic |
| 32 |
+media-libs/mesa pic |
| 33 |
media-libs/libpostproc pic |
| 34 |
->=media-libs/xvid-1.3.3 pic |
| 35 |
+media-libs/xvid pic |
| 36 |
+app-emulation/open-vm-tools pic |
| 37 |
|
| 38 |
diff --git a/profiles/features/hardened/amd64/package.use.force b/profiles/features/hardened/amd64/package.use.force |
| 39 |
deleted file mode 100644 |
| 40 |
index ef833f2d1b5..00000000000 |
| 41 |
--- a/profiles/features/hardened/amd64/package.use.force |
| 42 |
+++ /dev/null |
| 43 |
@@ -1,7 +0,0 @@ |
| 44 |
-# Copyright 1999-2015 Gentoo Foundation |
| 45 |
-# Distributed under the terms of the GNU General Public License v2 |
| 46 |
- |
| 47 |
-# Magnus Granberg <zorry@g.o> (14 Jan, 2015) |
| 48 |
-# We need to have the pic flag on. |
| 49 |
-# Bugs 358929 |
| 50 |
-app-emulation/open-vm-tools pic |
| 51 |
|
| 52 |
diff --git a/profiles/features/hardened/make.defaults b/profiles/features/hardened/make.defaults |
| 53 |
index d83d7eab885..1f5030f9a41 100644 |
| 54 |
--- a/profiles/features/hardened/make.defaults |
| 55 |
+++ b/profiles/features/hardened/make.defaults |
| 56 |
@@ -5,7 +5,7 @@ |
| 57 |
# Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value |
| 58 |
BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pic xtpax -jit -orc" |
| 59 |
|
| 60 |
-USE="hardened pic urandom xtpax -fortran -jit -orc" |
| 61 |
+USE="hardened pic xtpax -jit -orc" |
| 62 |
|
| 63 |
# Ian Stakenvicius, 2014-09-03 |
| 64 |
# Set a variable just to indicate that the current profile is a hardened one |
| 65 |
@@ -13,3 +13,14 @@ USE="hardened pic urandom xtpax -fortran -jit -orc" |
| 66 |
# indicate said package is, say, configured in a way that defeats the purpose |
| 67 |
# of running hardened. |
| 68 |
PROFILE_IS_HARDENED=1 |
| 69 |
+ |
| 70 |
+# We set the default markings to XATTR_PAX |
| 71 |
+PAX_MARKINGS="XT" |
| 72 |
+ |
| 73 |
+# Default starting set of USE flags for all default/linux profiles. |
| 74 |
+# We unset them so we get a clean use flag profile. |
| 75 |
+USE="${USE} -berkdb -gdbm -tcpd" |
| 76 |
+USE="${USE} -fortran" |
| 77 |
+USE="${USE} -cli -session" |
| 78 |
+USE="${USE} -dri" |
| 79 |
+USE="${USE} -modules" |
| 80 |
|
| 81 |
diff --git a/profiles/features/hardened/package.use.mask b/profiles/features/hardened/package.use.mask |
| 82 |
index e3320e1e4d9..cdab4d608d0 100644 |
| 83 |
--- a/profiles/features/hardened/package.use.mask |
| 84 |
+++ b/profiles/features/hardened/package.use.mask |
| 85 |
@@ -3,9 +3,16 @@ |
| 86 |
|
| 87 |
sys-apps/hwloc gl |
| 88 |
|
| 89 |
-sys-devel/gcc -hardened |
| 90 |
+sys-devel/gcc -hardened sanitize |
| 91 |
sys-libs/glibc -hardened |
| 92 |
|
| 93 |
+# Ian Stakenvicius <axs@g.o> (03 Dec 2014) |
| 94 |
+# Have no way of knowing what Gecko Media Plugins will install in profiles |
| 95 |
+www-client/firefox gmp-autoupdate |
| 96 |
+ |
| 97 |
# net-fs/openafs-kernel module can't be used on hardened, |
| 98 |
# see bug 540196. |
| 99 |
net-fs/openafs modules |
| 100 |
+ |
| 101 |
+# jit don't work on hardened. |
| 102 |
+dev-vcs/git pcre-jit |
| 103 |
|
| 104 |
diff --git a/profiles/features/hardened/packages b/profiles/features/hardened/packages |
| 105 |
index 2524abdd0c4..3790c915840 100644 |
| 106 |
--- a/profiles/features/hardened/packages |
| 107 |
+++ b/profiles/features/hardened/packages |
| 108 |
@@ -1,4 +1,4 @@ |
| 109 |
-# Copyright 1999-2013 Gentoo Foundation. |
| 110 |
+# Copyright 1999-2017 Gentoo Foundation. |
| 111 |
# Distributed under the terms of the GNU General Public License v2 |
| 112 |
|
| 113 |
# This file extends the base packages file for all hardened profiles |
| 114 |
|
| 115 |
diff --git a/profiles/features/hardened/use.force b/profiles/features/hardened/use.force |
| 116 |
index 35e56536ec6..2f57880682b 100644 |
| 117 |
--- a/profiles/features/hardened/use.force |
| 118 |
+++ b/profiles/features/hardened/use.force |
| 119 |
@@ -1,4 +1,4 @@ |
| 120 |
-# Copyright 1999-2015 Gentoo Foundation |
| 121 |
+# Copyright 1999-2017 Gentoo Foundation |
| 122 |
# Distributed under the terms of the GNU General Public License v2 |
| 123 |
|
| 124 |
# Make sure people don't accidentally turn of ssp/pie in important packages. |
Archives