From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 0C0441382C5 for ; Wed, 11 Apr 2018 07:54:24 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4F628E0BD9; Wed, 11 Apr 2018 07:54:23 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 1E13AE0BD9 for ; Wed, 11 Apr 2018 07:54:23 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D90F3335C74 for ; Wed, 11 Apr 2018 07:54:21 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 338BE274 for ; Wed, 11 Apr 2018 07:54:20 +0000 (UTC) From: "Lars Wendler" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Lars Wendler" Message-ID: <1523433241.b3da431a04f89ae090d13b3952f9a67d19912647.polynomial-c@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: app-emulation/virtualbox/files/, app-emulation/virtualbox/ X-VCS-Repository: repo/gentoo X-VCS-Files: app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch app-emulation/virtualbox/virtualbox-5.2.8.ebuild X-VCS-Directories: app-emulation/virtualbox/files/ app-emulation/virtualbox/ X-VCS-Committer: polynomial-c X-VCS-Committer-Name: Lars Wendler X-VCS-Revision: b3da431a04f89ae090d13b3952f9a67d19912647 X-VCS-Branch: master Date: Wed, 11 Apr 2018 07:54:20 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 0b583ec3-b8e8-4c79-9a6a-5a2ce8339dfb X-Archives-Hash: fcbc510d91fa408abf7badca76c58766 commit: b3da431a04f89ae090d13b3952f9a67d19912647 Author: Sergey Alirzaev gmail com> AuthorDate: Tue Apr 10 13:36:22 2018 +0000 Commit: Lars Wendler gentoo org> CommitDate: Wed Apr 11 07:54:01 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3da431a app-emulation/virtualbox: fix patching for hardened Bug: https://bugs.gentoo.org/643466 Closes: https://github.com/gentoo/gentoo/pull/7928 .../files/050_virtualbox-5.2.8-nopie.patch | 147 +++++++++++++++++++++ .../files/virtualbox-5.2.8-paxmark-bldprogs.patch | 59 +++++++++ app-emulation/virtualbox/virtualbox-5.2.8.ebuild | 4 +- 3 files changed, 208 insertions(+), 2 deletions(-) diff --git a/app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch b/app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch new file mode 100644 index 00000000000..35bd8e0a705 --- /dev/null +++ b/app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch @@ -0,0 +1,147 @@ +diff -Naur VirtualBox-5.1.24/Config.kmk VirtualBox-5.1.24/Config.kmk +--- VirtualBox-5.1.24/Config.kmk 2017-07-26 13:55:27.803972185 -0400 ++++ VirtualBox-5.1.24/Config.kmk 2017-07-26 13:53:10.700974328 -0400 +@@ -2601,6 +2601,7 @@ + $(QUIET)$(APPEND) '$@' 'VBOX_GCC_Wno-overlength-strings?= $(call VBOX_GCC_CHECK_CC,-Wno-overlength-strings,)' + $(QUIET)$(APPEND) '$@' 'VBOX_GCC_Wno-overloaded-virtual?= $(call VBOX_GCC_CHECK_CXX,-Wno-overloaded-virtual,)' + $(QUIET)$(APPEND) '$@' 'VBOX_GCC_fno-stack-protector ?= $(call VBOX_GCC_CHECK_CC,-fno-stack-protector,)' ++ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_nopie ?= $(call VBOX_GCC_CHECK_CC,-nopie,)' + $(QUIET)$(APPEND) '$@' 'VBOX_GCC_fno-dwarf2-cfi-asm ?= $(call VBOX_GCC_CHECK_CC,-fno-dwarf2-cfi-asm,)' + $(QUIET)$(APPEND) '$@' 'VBOX_GCC_m64 ?= $(call VBOX_GCC_CHECK_CC,-m64,)' + $(QUIET)$(APPEND) '$@' 'VBOX_GCC_no-pie ?= $(call VBOX_GCC_CHECK_CC,-no-pie,)' +@@ -3843,8 +3844,8 @@ + + ifeq ($(VBOX_LDR_FMT32),elf) + TEMPLATE_VBoxRc_TOOL = $(VBOX_GCC32_TOOL) +- TEMPLATE_VBoxRc_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_fvisibility-inlines-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK) +- TEMPLATE_VBoxRc_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_IPRT_FMT_CHECK) ++ TEMPLATE_VBoxRc_CXXFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_fvisibility-inlines-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK) ++ TEMPLATE_VBoxRc_CFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_IPRT_FMT_CHECK) + ifeq ($(KBUILD_TARGET),solaris) + TEMPLATE_VBoxRc_LDFLAGS = -r + else +@@ -3864,8 +3865,8 @@ + ifeq ($(VBOX_LDR_FMT32),macho) + TEMPLATE_VBoxRc_TOOL = $(VBOX_GCC_TOOL) + TEMPLATE_VBoxRc_DEFS += $(VBOX_DARWIN_DEF_SDK_DEFS) +- TEMPLATE_VBoxRc_CXXFLAGS = $(VBOX_DARWIN_DEF_SDK_CXXFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing -fno-rtti +- TEMPLATE_VBoxRc_CFLAGS = $(VBOX_DARWIN_DEF_SDK_CFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing ++ TEMPLATE_VBoxRc_CXXFLAGS = $(VBOX_DARWIN_DEF_SDK_CXXFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing -fno-rtti ++ TEMPLATE_VBoxRc_CFLAGS = $(VBOX_DARWIN_DEF_SDK_CFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing + TEMPLATE_VBoxRc_LDFLAGS = $(VBOX_DARWIN_DEF_SDK_LDFLAGS) -m32 -nostdlib + #TEMPLATE_VBoxRc_LDFLAGS.release = -Wl,-S ??? + endif +@@ -3903,9 +3904,9 @@ + endif + + ifeq ($(VBOX_LDR_FMT32),elf) +- TEMPLATE_VBoxRcExe_CFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CFLAGS)) -O0 +- TEMPLATE_VBoxRcExe_CXXFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CXXFLAGS)) -O0 +- TEMPLATE_VBoxRcExe_LDFLAGS = -g ++ TEMPLATE_VBoxRcExe_CFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CFLAGS)) -O0 $(VBOX_GCC_nopie) ++ TEMPLATE_VBoxRcExe_CXXFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CXXFLAGS)) -O0 $(VBOX_GCC_nopie) ++ TEMPLATE_VBoxRcExe_LDFLAGS = -g $(VBOX_GCC_nopie) + TEMPLATE_VBoxRcExe_LDFLAGS.dbgopt = -g + TEMPLATE_VBoxRcExe_LDFLAGS.strict = -g + TEMPLATE_VBoxRcExe_LDFLAGS.release = -g +@@ -3984,8 +3985,8 @@ + + ifeq ($(VBOX_LDR_FMT),elf) + TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL) +-TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK) +-TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK) ++TEMPLATE_VBoxR0_CFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK) ++TEMPLATE_VBoxR0_CXXFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK) + TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-asynchronous-unwind-tables -ffreestanding + TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-asynchronous-unwind-tables + ifeq ($(KBUILD_TARGET),solaris) +@@ -4018,12 +4019,12 @@ + TEMPLATE_VBoxR0_DEFS += $(VBOX_DARWIN_DEF_SDK_DEFS) + TEMPLATE_VBoxR0_CXXFLAGS = $(VBOX_DARWIN_DEF_SDK_CXXFLAGS) -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) \ + -fno-common -msoft-float -static -fno-rtti -fno-exceptions $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing \ +- -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector) ++ -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) + TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mno-sse3 -mno-sse4 -mno-sse4.1 -mno-sse4.2 -mno-sse4a -fno-unwind-tables + TEMPLATE_VBoxR0_CXXFLAGS.x86 = -m32 + TEMPLATE_VBoxR0_CFLAGS = $(VBOX_DARWIN_DEF_SDK_CFLAGS) -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) \ + -fno-common -msoft-float -static -fno-exceptions $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing \ +- -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector) ++ -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) + TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mno-sse3 -mno-sse4 -mno-sse4.1 -mno-sse4.2 -mno-sse4a -fno-unwind-tables + TEMPLATE_VBoxR0_CFLAGS.x86 = -m32 + TEMPLATE_VBoxR0_LDFLAGS = $(VBOX_DARWIN_DEF_SDK_LDFLAGS) -nostdlib +@@ -4259,7 +4260,7 @@ + -Wstrict-prototypes -Wmissing-prototypes -Wstrict-prototypes \ + -Wimplicit-function-declaration -Werror-implicit-function-declaration \ + -O2 -ffreestanding -fno-strict-aliasing -fno-common -finline-limit=8000 \ +- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ ++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ + -nostdinc -std=c99 + TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -m32 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 + TEMPLATE_VBOXR0DRV_CFLAGS.amd64 = -m64 --param inline-unit-growth=100 --param large-function-growth=1000 \ +@@ -4268,7 +4269,7 @@ + TEMPLATE_VBOXR0DRV_CXXFLAGS = -fno-exceptions -fno-rtti \ + $(VBOX_GCC_WARN) -Wpointer-arith -Winline \ + -O2 -fno-strict-aliasing -fno-common -finline-limit=8000 \ +- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ ++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ + -nostdinc + TEMPLATE_VBOXR0DRV_CXXFLAGS.x86 = $(TEMPLATE_VBOXR0DRV_CFLAGS.x86) + TEMPLATE_VBOXR0DRV_CXXFLAGS.amd64 = $(TEMPLATE_VBOXR0DRV_CFLAGS.amd64) +@@ -4341,7 +4342,7 @@ + -Wstrict-prototypes -Wmissing-prototypes -Wstrict-prototypes \ + -Wimplicit-function-declaration -Werror-implicit-function-declaration \ + -O2 -ffreestanding -fno-strict-aliasing -fno-common -finline-limit=8000 \ +- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ ++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ + -nostdinc -std=c99 -msoft-float + TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -m32 \ + -mpreferred-stack-boundary=2 -mno-mmx -mno-sse -mno-avx \ +@@ -4353,7 +4354,7 @@ + TEMPLATE_VBOXR0DRV_CXXFLAGS = -fno-exceptions -fno-rtti \ + $(VBOX_GCC_WARN) -Wpointer-arith -Winline \ + -O2 -fno-strict-aliasing -fno-common -finline-limit=8000 \ +- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ ++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \ + -nostdinc -msoft-float + TEMPLATE_VBOXR0DRV_CXXFLAGS.x86 = $(TEMPLATE_VBOXR0DRV_CFLAGS.x86) + TEMPLATE_VBOXR0DRV_CXXFLAGS.amd64 = $(TEMPLATE_VBOXR0DRV_CFLAGS.amd64) +@@ -4394,7 +4395,7 @@ + TEMPLATE_VBOXR0DRV_LDFLAGS = -shared -no-undefined -dc -dy -lroot -rpath-link /boot/system/develop/lib/x86 --no-add-needed /boot/system/develop/lib/_KERNEL_ --no-add-needed /boot/system/develop/lib/haiku_version_glue.o + TEMPLATE_VBOXR0DRV_CFLAGS = -fno-PIC \ + $(VBOX_GCC_WARN) -Wstrict-prototypes $(VBOX_GCC_Wno-pointer-sign) -Wno-sign-compare \ +- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration ++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration + TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -mno-sse -mno-mmx -mno-sse2 -mno-3dnow + TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -m32 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow + TEMPLATE_VBOXR0DRV_CFLAGS.amd64 = -m64 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow \ +@@ -5210,8 +5211,8 @@ + TEMPLATE_VBoxNoCrtGccLib_TOOL = $(VBOX_GCC_TOOL) + TEMPLATE_VBoxNoCrtGccLib_ASTOOL = $(VBOX_ASTOOL) + TEMPLATE_VBoxNoCrtGccLib_ASFLAGS = $(VBOX_ASFLAGS) +- TEMPLATE_VBoxNoCrtGccLib_CFLAGS += $(VBOX_GCC_fno-stack-protector) +- TEMPLATE_VBoxNoCrtGccLib_CXXFLAGS += $(VBOX_GCC_fno-stack-protector) ++ TEMPLATE_VBoxNoCrtGccLib_CFLAGS += $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) ++ TEMPLATE_VBoxNoCrtGccLib_CXXFLAGS += $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) + ifeq ($(KBUILD_TARGET_ARCH),amd64) + # in 64-bit mode we'll build a sys-module (VBoxREM2). + if1of ($(KBUILD_TARGET), darwin solaris) +diff -Naur VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk +--- VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk 2017-07-26 13:55:27.746972186 -0400 ++++ VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk 2017-07-26 13:53:10.641974329 -0400 +@@ -132,6 +132,7 @@ + -W \ + -Wformat-nonliteral \ + $(VBOX_GCC_fno-stack-protector) \ ++ $(VBOX_GCC_nopie) \ + $(VBOX_GCC_fno-dwarf2-cfi-asm) \ + $(VBOX_GCC_Wno-address) + TEMPLATE_iPxe_ASFLAGS = \ +@@ -155,6 +156,7 @@ + -W \ + -Wformat-nonliteral \ + $(VBOX_GCC_fno-stack-protector) \ ++ $(VBOX_GCC_nopie) \ + $(VBOX_GCC_fno-dwarf2-cfi-asm) \ + $(VBOX_GCC_Wno-address) \ + -DASSEMBLY diff --git a/app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch b/app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch new file mode 100644 index 00000000000..7eb1e1793a7 --- /dev/null +++ b/app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch @@ -0,0 +1,59 @@ +2017-02-20 Quentin Minster + + #https://bugs.gentoo.org/show_bug.cgi?id=591582 + * Config.kmk: add paxmark befor VBOX_VBOXTPG get run. + * src/VBox/VMM/Makefile.kmk: add paxmark befor VBOX_VBOXCPP get run. + * src/VBox/Main/Makefile.kmk: add paxmark befor USBIdDatabaseGenerator_1_TARGET get run. + +--- a/Config.kmk ++++ b/Config.kmk 2016-09-21 02:22:28 +@@ -3719,11 +3719,13 @@ + $(if-expr $(intersects $(KBUILD_TARGET_ARCH),$(KBUILD_ARCHES_64)),-64,-32) \ + -h --host-$(VBOX_HC_ARCH_BITS)-bit #-vvv + define TOOL_VBoxTpG_DTRACE_HDR_CMDS ++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)" + $(QUIET)$(VBOX_VBOXTPG) $(flags) -o "$(out)" -s "$(source)" + endef + TOOL_VBoxTpG_DTRACE_OBJ_NOT_NEEDED := + TOOL_VBoxTpG_DTRACE_OBJ_FLAGS := -G --host-$(VBOX_HC_ARCH_BITS)-bit #-vvv + define TOOL_VBoxTpG_DTRACE_OBJ_CMDS ++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)" + $(QUIET)$(VBOX_VBOXTPG) \ + $(if-expr $(intersects $(bld_trg_arch),$(KBUILD_ARCHES_64)),-64,-32) \ + $(flags) \ +@@ -3738,6 +3740,7 @@ + TOOL_VBoxTpG-Disabled_DTRACE_DEPORD = $(VBOX_VBOXTPG) + TOOL_VBoxTpG-Disabled_DTRACE_HDR_FLAGS := -h + define TOOL_VBoxTpG-Disabled_DTRACE_HDR_CMDS ++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)" + $(QUIET)$(VBOX_VBOXTPG) $(flags) -o "$(out)" -s "$(source)" + endef + TOOL_VBoxTpG-Disabled_DTRACE_OBJ_NOT_NEEDED := $(KBUILD_OSES) +@@ -3752,6 +3755,7 @@ + TOOL_DTraceAndVBoxTpG_DTRACE_HDR_CMDS = + define TOOL_DTraceAndVBoxTpG_DTRACE_HDR_CMDS + $(TOOL_StandardDTrace_DTRACE_HDR_CMDS) ++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)" + $(QUIET)$(VBOX_VBOXTPG) --generate-wrapper-header --host-$(VBOX_HC_ARCH_BITS)-bit --ring-3-context \ + $(filter-out -C, $(filter-out -h,$(flags))) \ + -o "$(out).tmp" -s "$(source)" +--- a/src/VBox/VMM/Makefile.kmk 2018-04-10 15:26:24.622867735 +0300 ++++ b/src/VBox/VMM/Makefile.kmk 2018-04-10 15:24:35.901998796 +0300 +@@ -896,6 +896,7 @@ + $$(VMMLibDTrace_0_OUTDIR)/$1: $2 $$(VBOX_VBOXCPP) | $$$$(dir $$$$@) + $$(call KB_FN_AUTO_CMD_DEPS_COMMANDS) + $$(QUIET)$$(call MSG_GENERATE,VMMLibDTrace,$$@,$2) ++ $$(QUIET)paxmark.sh -m "$(VBOX_VBOXCPP)" + $$(QUIET)$(VBOX_VBOXCPP) -d \ + -D VBOX_FOR_DTRACE_LIB \ + -D VBOX_FOR_DTRACE_LIB_$(toupper $(KBUILD_TARGET_ARCH)) \ +--- a/src/VBox/Main/Makefile.kmk 2018-04-10 15:26:15.292793067 +0300 ++++ b/src/VBox/Main/Makefile.kmk 2018-04-10 15:25:14.042303341 +0300 +@@ -607,6 +607,7 @@ + $(PATH_SUB_CURRENT)/src-server/usb.ids $(PATH_SUB_CURRENT)/src-server/custom.ids | $$(dir $$@) + $(call KB_FN_AUTO_CMD_DEPS_COMMANDS) + $(call MSG_GENERATE,USBIdDatabase,$@,$(USBIdDatabaseGenerator_1_TARGET)) ++ $(QUIET)paxmark.sh -m "$(USBIdDatabaseGenerator_1_TARGET)" + $(QUIET)$(USBIdDatabaseGenerator_1_TARGET) -o "$@" $(filter %.ids,$^) + + BLDPROGS += USBIdDatabaseGenerator diff --git a/app-emulation/virtualbox/virtualbox-5.2.8.ebuild b/app-emulation/virtualbox/virtualbox-5.2.8.ebuild index 40b4975b1e8..54d2ee97669 100644 --- a/app-emulation/virtualbox/virtualbox-5.2.8.ebuild +++ b/app-emulation/virtualbox/virtualbox-5.2.8.ebuild @@ -185,12 +185,12 @@ src_prepare() { # Only add nopie patch when we're on hardened if gcc-specs-pie ; then - eapply "${FILESDIR}/050_virtualbox-5.1.24-nopie.patch" + eapply "${FILESDIR}/050_virtualbox-5.2.8-nopie.patch" fi # Only add paxmark patch when we're on pax_kernel if use pax_kernel ; then - eapply "${FILESDIR}"/virtualbox-5.1.4-paxmark-bldprogs.patch + eapply "${FILESDIR}"/virtualbox-5.2.8-paxmark-bldprogs.patch fi eapply "${WORKDIR}/patches"