From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1224017-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 93D30138359
	for <garchives@archives.gentoo.org>; Fri, 20 Nov 2020 20:28:53 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7C053E077F;
	Fri, 20 Nov 2020 20:28:52 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 51E61E077F
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Nov 2020 20:28:52 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BF4F2340FDF
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Nov 2020 20:28:50 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 0B01B445
	for <gentoo-commits@lists.gentoo.org>; Fri, 20 Nov 2020 20:28:49 +0000 (UTC)
From: "William Hubbs" <williamh@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "William Hubbs" <williamh@gentoo.org>
Message-ID: <1605903812.3e4294ea80a70435fa09c3579da81c428fa15efc.williamh@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: net-libs/nodejs/, net-libs/nodejs/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch net-libs/nodejs/metadata.xml net-libs/nodejs/nodejs-12.18.4-r1.ebuild net-libs/nodejs/nodejs-12.19.1.ebuild net-libs/nodejs/nodejs-14.2.0.ebuild net-libs/nodejs/nodejs-99999999.ebuild
X-VCS-Directories: net-libs/nodejs/ net-libs/nodejs/files/
X-VCS-Committer: williamh
X-VCS-Committer-Name: William Hubbs
X-VCS-Revision: 3e4294ea80a70435fa09c3579da81c428fa15efc
X-VCS-Branch: master
Date: Fri, 20 Nov 2020 20:28:49 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: 0e254b61-3049-46e4-ae32-984b3f1c6408
X-Archives-Hash: 200bdee121cd1c5625a214cd415f3442

commit:     3e4294ea80a70435fa09c3579da81c428fa15efc
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Fri Nov 20 19:16:17 2020 +0000
Commit:     William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Fri Nov 20 20:23:32 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3e4294ea

net-libs/nodejs: restore PaX support

Reverts: 19add7ba6500e6c60c8699b6bdda397744dfa73b
Bug: https://bugs.gentoo.org/735832
Package-Manager: Portage-3.0.9, Repoman-3.0.2
Signed-off-by: Sam James <sam <AT> gentoo.org>
Signed-off-by: William Hubbs <williamh <AT> gentoo.org>

 .../nodejs/files/nodejs-13.2.0-paxmarking.patch    |  71 +++++++++++++
 .../nodejs/files/nodejs-13.8.0-paxmarking.patch    | 111 +++++++++++++++++++++
 net-libs/nodejs/metadata.xml                       |   3 +-
 net-libs/nodejs/nodejs-12.18.4-r1.ebuild           |   5 +-
 net-libs/nodejs/nodejs-12.19.1.ebuild              |   5 +-
 net-libs/nodejs/nodejs-14.2.0.ebuild               |  10 +-
 net-libs/nodejs/nodejs-99999999.ebuild             |  10 +-
 7 files changed, 208 insertions(+), 7 deletions(-)

diff --git a/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch
new file mode 100644
index 00000000000..1061255e163
--- /dev/null
+++ b/net-libs/nodejs/files/nodejs-13.2.0-paxmarking.patch
@@ -0,0 +1,71 @@
+    Bug: 694100
+    Add actions for pax marking mkcodecache and node_mksnapshot
+    to disable mprotect for pax enable kernel.
+    Reported-by: Attila Tóth <atoth@atoth.sote.hu>
+    Co-developed-by: Attila Tóth <atoth@atoth.sote.hu>
+    Signed-off-by: Magnus Granberg <zorry@gentoo.org>
+
+--- a/node.gyp	2019-10-23 11:52:41.000000000 +0200
++++ a/node.gyp	2019-11-12 20:58:43.957881862 +0100
+@@ -233,7 +233,9 @@
+       'deps/acorn-plugins/acorn-static-class-features/index.js',
+     ],
+     'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)',
++    'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)',
+     'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)',
++    'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)',
+     'conditions': [
+       [ 'node_shared=="true"', {
+         'node_target_type%': 'shared_library',
+@@ -436,10 +438,24 @@
+           ],
+           'actions': [
+             {
++              'action_name': 'run_pax_mkcodecache',
++              'inputs': [
++                '<(mkcodecache_exec)',
++              ],
++              'outputs': [
++                '<(mkcodecache_u_exec)',
++              ],
++              'action': [
++                'bash',
++                '-c',
++                'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)',
++              ],
++            },
++            {
+               'action_name': 'run_mkcodecache',
+               'process_outputs_as_sources': 1,
+               'inputs': [
+-                '<(mkcodecache_exec)',
++                '<(mkcodecache_u_exec)',
+               ],
+               'outputs': [
+                 '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc',
+@@ -461,10 +477,24 @@
+           ],
+           'actions': [
+             {
++              'action_name': 'run_pax_mksnapshot',
++              'inputs': [
++                '<(node_mksnapshot_exec)',
++              ],
++              'outputs': [
++                '<(node_mksnapshot_u_exec)',
++              ],
++              'action': [
++                'bash',
++                '-c',
++                'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)',
++              ],
++            },
++            {
+               'action_name': 'node_mksnapshot',
+               'process_outputs_as_sources': 1,
+               'inputs': [
+-                '<(node_mksnapshot_exec)',
++                '<(node_mksnapshot_u_exec)',
+               ],
+               'outputs': [
+                 '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc',

diff --git a/net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch
new file mode 100644
index 00000000000..8dbf5f43d48
--- /dev/null
+++ b/net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch
@@ -0,0 +1,111 @@
+    Bug: 694100
+    Add actions for pax marking mkcodecache, node_mksnapshot and mksnapshot
+    to disable mprotect for pax enable kernel.
+    Reported-by: Attila Tóth <atoth@atoth.sote.hu>
+    Co-developed-by: Attila Tóth <atoth@atoth.sote.hu>
+    Signed-off-by: Magnus Granberg <zorry@gentoo.org>
+
+--- a/node.gyp	2019-10-23 11:52:41.000000000 +0200
++++ b/node.gyp	2019-11-12 20:58:43.957881862 +0100
+@@ -233,7 +233,9 @@
+       'deps/acorn-plugins/acorn-static-class-features/index.js',
+     ],
+     'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)',
++    'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)',
+     'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)',
++    'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)',
+     'conditions': [
+       [ 'node_shared=="true"', {
+         'node_target_type%': 'shared_library',
+@@ -436,10 +438,24 @@
+           ],
+           'actions': [
+             {
++              'action_name': 'run_pax_mkcodecache',
++              'inputs': [
++                '<(mkcodecache_exec)',
++              ],
++              'outputs': [
++                '<(mkcodecache_u_exec)',
++              ],
++              'action': [
++                'bash',
++                '-c',
++                'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)',
++              ],
++            },
++            {
+               'action_name': 'run_mkcodecache',
+               'process_outputs_as_sources': 1,
+               'inputs': [
+-                '<(mkcodecache_exec)',
++                '<(mkcodecache_u_exec)',
+               ],
+               'outputs': [
+                 '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc',
+@@ -461,10 +477,24 @@
+           ],
+           'actions': [
+             {
++              'action_name': 'run_pax_mksnapshot',
++              'inputs': [
++                '<(node_mksnapshot_exec)',
++              ],
++              'outputs': [
++                '<(node_mksnapshot_u_exec)',
++              ],
++              'action': [
++                'bash',
++                '-c',
++                'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)',
++              ],
++            },
++            {
+               'action_name': 'node_mksnapshot',
+               'process_outputs_as_sources': 1,
+               'inputs': [
+-                '<(node_mksnapshot_exec)',
++                '<(node_mksnapshot_u_exec)',
+               ],
+               'outputs': [
+                 '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc',
+--- a/tools/v8_gypfiles/v8.gyp	2019-12-03 16:10:36.000000000 +0100
++++ b/tools/v8_gypfiles/v8.gyp	2019-12-17 18:37:33.695839254 +0100
+@@ -9,6 +9,7 @@
+     'v8_vector_stores%': 0,
+     'v8_embed_script%': "",
+     'mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot<(EXECUTABLE_SUFFIX)',
++    'mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot_u<(EXECUTABLE_SUFFIX)',
+     'v8_os_page_size%': 0,
+     'generate_bytecode_output_root': '<(SHARED_INTERMEDIATE_DIR)/generate-bytecode-output-root',
+     'generate_bytecode_builtins_list_output': '<(generate_bytecode_output_root)/builtins-generated/bytecodes-builtins-list.h',
+@@ -427,6 +425,20 @@
+       },
+       'actions': [
+         {
++          'action_name': 'run_pax_mksnapshot',
++          'inputs': [
++            '<(mksnapshot_exec)',
++          ],
++          'outputs': [
++            '<(mksnapshot_u_exec)',
++          ],
++          'action': [
++            'bash',
++            '-c',
++            'mv <(mksnapshot_exec) <(mksnapshot_u_exec) && paxmark.sh m <(mksnapshot_u_exec)',
++          ],
++        },
++        {
+           'action_name': 'run_mksnapshot',
+           'message': 'generating: >@(_outputs)',
+           'variables': {
+@@ -442,7 +454,7 @@
+             ],
+           },
+           'inputs': [
+-            '<(mksnapshot_exec)',
++            '<(mksnapshot_u_exec)',
+           ],
+           'outputs': ["<(INTERMEDIATE_DIR)/snapshot.cc"],
+           'process_outputs_as_sources': 1,

diff --git a/net-libs/nodejs/metadata.xml b/net-libs/nodejs/metadata.xml
index 1f2cfaf97be..f7299ab330d 100644
--- a/net-libs/nodejs/metadata.xml
+++ b/net-libs/nodejs/metadata.xml
@@ -3,7 +3,7 @@
 <pkgmetadata>
 	<maintainer type="person">
 		<email>williamh@gentoo.org</email>
-			<name>William Hubbs</name>
+		<name>William Hubbs</name>
 	</maintainer>
 	<maintainer type="person">
 		<email>marecki@gentoo.org</email>
@@ -13,6 +13,7 @@
 	<use>
 		<flag name="inspector">Enable V8 inspector</flag>
 		<flag name="npm">Enable NPM package manager</flag>
+		<flag name="pax_kernel">Enable building under a PaX enabled kernel</flag>
 		<flag name="snapshot">Enable snapshot creation for faster startup</flag>
 		<flag name="system-icu">Use system <pkg>dev-libs/icu</pkg> instead of the bundled version</flag>
 		<flag name="system-ssl">Use system OpenSSL instead of the bundled one</flag>

diff --git a/net-libs/nodejs/nodejs-12.18.4-r1.ebuild b/net-libs/nodejs/nodejs-12.18.4-r1.ebuild
index bbdc7bd8dd9..c606807087a 100644
--- a/net-libs/nodejs/nodejs-12.18.4-r1.ebuild
+++ b/net-libs/nodejs/nodejs-12.18.4-r1.ebuild
@@ -4,7 +4,7 @@
 EAPI=7
 PYTHON_COMPAT=( python3_{6,7} )
 PYTHON_REQ_USE="threads(+)"
-inherit bash-completion-r1 flag-o-matic python-any-r1 toolchain-funcs xdg-utils
+inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils
 
 DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
 HOMEPAGE="https://nodejs.org/"
@@ -139,6 +139,7 @@ src_configure() {
 
 src_compile() {
 	emake -C out mksnapshot
+	pax-mark m "out/${BUILDTYPE}/mksnapshot"
 	emake -C out
 }
 
@@ -146,6 +147,8 @@ src_install() {
 	local LIBDIR="${ED}/usr/$(get_libdir)"
 	default
 
+	pax-mark -m "${ED}"/usr/bin/node
+
 	# set up a symlink structure that node-gyp expects..
 	dodir /usr/include/node/deps/{v8,uv}
 	dosym . /usr/include/node/src

diff --git a/net-libs/nodejs/nodejs-12.19.1.ebuild b/net-libs/nodejs/nodejs-12.19.1.ebuild
index 613432efea3..bb763d423aa 100644
--- a/net-libs/nodejs/nodejs-12.19.1.ebuild
+++ b/net-libs/nodejs/nodejs-12.19.1.ebuild
@@ -6,7 +6,7 @@ EAPI=7
 PYTHON_COMPAT=( python3_{6..8} )
 PYTHON_REQ_USE="threads(+)"
 
-inherit bash-completion-r1 flag-o-matic python-any-r1 toolchain-funcs xdg-utils
+inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils
 
 DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
 HOMEPAGE="https://nodejs.org/"
@@ -141,6 +141,7 @@ src_configure() {
 
 src_compile() {
 	emake -C out mksnapshot
+	pax-mark m "out/${BUILDTYPE}/mksnapshot"
 	emake -C out
 }
 
@@ -148,6 +149,8 @@ src_install() {
 	local LIBDIR="${ED}/usr/$(get_libdir)"
 	default
 
+	pax-mark -m "${ED}"/usr/bin/node
+
 	# set up a symlink structure that node-gyp expects..
 	dodir /usr/include/node/deps/{v8,uv}
 	dosym . /usr/include/node/src

diff --git a/net-libs/nodejs/nodejs-14.2.0.ebuild b/net-libs/nodejs/nodejs-14.2.0.ebuild
index 4b3509f8db3..47e27f90889 100644
--- a/net-libs/nodejs/nodejs-14.2.0.ebuild
+++ b/net-libs/nodejs/nodejs-14.2.0.ebuild
@@ -4,7 +4,7 @@
 EAPI=7
 PYTHON_COMPAT=( python3_{6,7,8} )
 PYTHON_REQ_USE="threads(+)"
-inherit bash-completion-r1 flag-o-matic python-any-r1 toolchain-funcs xdg-utils
+inherit bash-completion-r1 flag-o-matic pax-utils python-any-r1 toolchain-funcs xdg-utils
 
 DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
 HOMEPAGE="https://nodejs.org/"
@@ -15,7 +15,7 @@ SRC_URI="
 LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
 SLOT="0"
 KEYWORDS="ppc"
-IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm +snapshot +ssl +system-ssl systemtap test"
+IUSE="cpu_flags_x86_sse2 debug doc icu inspector +npm pax_kernel +snapshot +ssl +system-ssl systemtap test"
 REQUIRED_USE="
 	inspector? ( icu ssl )
 	npm? ( ssl )
@@ -35,6 +35,7 @@ BDEPEND="
 	sys-apps/coreutils
 	systemtap? ( dev-util/systemtap )
 	test? ( net-misc/curl )
+	pax_kernel? ( sys-apps/elfix )
 "
 DEPEND="
 	${RDEPEND}
@@ -88,6 +89,9 @@ src_prepare() {
 		BUILDTYPE=Debug
 	fi
 
+	# We need to disable mprotect on two files when it builds Bug 694100.
+	use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.8.0-paxmarking.patch )
+
 	default
 }
 
@@ -137,6 +141,8 @@ src_install() {
 	local LIBDIR="${ED}/usr/$(get_libdir)"
 	default
 
+	pax-mark -m "${ED}"/usr/bin/node
+
 	# set up a symlink structure that node-gyp expects..
 	dodir /usr/include/node/deps/{v8,uv}
 	dosym . /usr/include/node/src

diff --git a/net-libs/nodejs/nodejs-99999999.ebuild b/net-libs/nodejs/nodejs-99999999.ebuild
index 65d30862d4c..e7a2c7c7eb9 100644
--- a/net-libs/nodejs/nodejs-99999999.ebuild
+++ b/net-libs/nodejs/nodejs-99999999.ebuild
@@ -4,7 +4,7 @@
 EAPI=7
 PYTHON_COMPAT=( python3_{6,7,8} )
 PYTHON_REQ_USE="threads(+)"
-inherit bash-completion-r1 flag-o-matic git-r3 python-any-r1 toolchain-funcs xdg-utils
+inherit bash-completion-r1 flag-o-matic git-r3 pax-utils python-any-r1 toolchain-funcs xdg-utils
 
 DESCRIPTION="A JavaScript runtime built on Chrome's V8 JavaScript engine"
 HOMEPAGE="https://nodejs.org/"
@@ -13,7 +13,7 @@ EGIT_REPO_URI="https://github.com/nodejs/node"
 LICENSE="Apache-1.1 Apache-2.0 BSD BSD-2 MIT"
 SLOT="0"
 KEYWORDS=""
-IUSE="cpu_flags_x86_sse2 debug doc +icu inspector +npm +snapshot +ssl +system-ssl systemtap test"
+IUSE="cpu_flags_x86_sse2 debug doc +icu inspector +npm pax_kernel +snapshot +ssl +system-ssl systemtap test"
 RESTRICT="!test? ( test )"
 REQUIRED_USE="
 	inspector? ( icu ssl )
@@ -35,6 +35,7 @@ BDEPEND="
 	sys-apps/coreutils
 	systemtap? ( dev-util/systemtap )
 	test? ( net-misc/curl )
+	pax_kernel? ( sys-apps/elfix )
 "
 DEPEND="
 	${RDEPEND}
@@ -83,6 +84,9 @@ src_prepare() {
 		BUILDTYPE=Debug
 	fi
 
+	# We need to disable mprotect on two files when it builds Bug 694100.
+	use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch )
+
 	default
 }
 
@@ -136,6 +140,8 @@ src_install() {
 	local LIBDIR="${ED}/usr/$(get_libdir)"
 	default
 
+	pax-mark -m "${ED}"/usr/bin/node
+
 	# set up a symlink structure that node-gyp expects..
 	dodir /usr/include/node/deps/{v8,uv}
 	dosym . /usr/include/node/src