[gentoo-commits] repo/gentoo:master commit in: profiles/features/hardened/, profiles/features/hardened/amd64/

public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed

* [gentoo-commits] repo/gentoo:master commit in: profiles/features/hardened/, profiles/features/hardened/amd64/
@ 2017-12-01  0:44 Magnus Granberg
  0 siblings, 0 replies; only message in thread
From: Magnus Granberg @ 2017-12-01  0:44 UTC (permalink / raw
  To: gentoo-commits

commit:     3fc26bb5c292f97aa03e9649b785e46d90a3b5a4
Author:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
AuthorDate: Fri Dec  1 00:41:50 2017 +0000
Commit:     Magnus Granberg <zorry <AT> gentoo <DOT> org>
CommitDate: Fri Dec  1 00:43:07 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3fc26bb5

profiles: update hardened on the new 17.0 profile

 profiles/features/hardened/amd64/package.use       |  7 ++++---
 profiles/features/hardened/amd64/package.use.force |  7 -------
 profiles/features/hardened/make.defaults           | 13 ++++++++++++-
 profiles/features/hardened/package.use.mask        |  9 ++++++++-
 profiles/features/hardened/packages                |  2 +-
 profiles/features/hardened/use.force               |  2 +-
 6 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/profiles/features/hardened/amd64/package.use b/profiles/features/hardened/amd64/package.use
index 0cef7f8d1d9..dff56ad8871 100644
--- a/profiles/features/hardened/amd64/package.use
+++ b/profiles/features/hardened/amd64/package.use
@@ -3,10 +3,11 @@
 
 # Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015)
 # We need to have the pic flag on.
-# Bugs 490276, 513464, 523736 and 512208.
+# Bugs 358929, 490276, 513464, 523736 and 512208.
 media-libs/x264 pic
 media-video/ffmpeg pic
 media-video/libav pic
->=media-libs/mesa-10.1.6 pic
+media-libs/mesa pic
 media-libs/libpostproc pic
->=media-libs/xvid-1.3.3 pic
+media-libs/xvid pic
+app-emulation/open-vm-tools pic

diff --git a/profiles/features/hardened/amd64/package.use.force b/profiles/features/hardened/amd64/package.use.force
deleted file mode 100644
index ef833f2d1b5..00000000000
--- a/profiles/features/hardened/amd64/package.use.force
+++ /dev/null
@@ -1,7 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015)
-# We need to have the pic flag on.
-# Bugs 358929
-app-emulation/open-vm-tools pic

diff --git a/profiles/features/hardened/make.defaults b/profiles/features/hardened/make.defaults
index d83d7eab885..1f5030f9a41 100644
--- a/profiles/features/hardened/make.defaults
+++ b/profiles/features/hardened/make.defaults
@@ -5,7 +5,7 @@
 # Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value
 BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pic xtpax -jit -orc"
 
-USE="hardened pic urandom xtpax -fortran -jit -orc"
+USE="hardened pic xtpax -jit -orc"
 
 # Ian Stakenvicius, 2014-09-03
 # Set a variable just to indicate that the current profile is a hardened one
@@ -13,3 +13,14 @@ USE="hardened pic urandom xtpax -fortran -jit -orc"
 # indicate said package is, say, configured in a way that defeats the purpose
 # of running hardened.
 PROFILE_IS_HARDENED=1
+
+# We set the default markings to XATTR_PAX
+PAX_MARKINGS="XT"
+
+# Default starting set of USE flags for all default/linux profiles.
+# We unset them so we get a clean use flag profile.
+USE="${USE} -berkdb -gdbm -tcpd"
+USE="${USE} -fortran"
+USE="${USE} -cli -session"
+USE="${USE} -dri"
+USE="${USE} -modules"

diff --git a/profiles/features/hardened/package.use.mask b/profiles/features/hardened/package.use.mask
index e3320e1e4d9..cdab4d608d0 100644
--- a/profiles/features/hardened/package.use.mask
+++ b/profiles/features/hardened/package.use.mask
@@ -3,9 +3,16 @@
 
 sys-apps/hwloc gl
 
-sys-devel/gcc -hardened
+sys-devel/gcc -hardened sanitize
 sys-libs/glibc -hardened
 
+# Ian Stakenvicius <axs@gentoo.org> (03 Dec 2014)
+# Have no way of knowing what Gecko Media Plugins will install in profiles
+www-client/firefox gmp-autoupdate
+
 # net-fs/openafs-kernel module can't be used on hardened,
 # see bug 540196.
 net-fs/openafs modules
+
+# jit don't work on hardened.
+dev-vcs/git pcre-jit

diff --git a/profiles/features/hardened/packages b/profiles/features/hardened/packages
index 2524abdd0c4..3790c915840 100644
--- a/profiles/features/hardened/packages
+++ b/profiles/features/hardened/packages
@@ -1,4 +1,4 @@
-# Copyright 1999-2013 Gentoo Foundation.
+# Copyright 1999-2017 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
 
 # This file extends the base packages file for all hardened profiles

diff --git a/profiles/features/hardened/use.force b/profiles/features/hardened/use.force
index 35e56536ec6..2f57880682b 100644
--- a/profiles/features/hardened/use.force
+++ b/profiles/features/hardened/use.force
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 # Make sure people don't accidentally turn of ssp/pie in important packages.


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2017-12-01  0:44 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-01  0:44 [gentoo-commits] repo/gentoo:master commit in: profiles/features/hardened/, profiles/features/hardened/amd64/ Magnus Granberg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox