diff options
author | Magnus Granberg <zorry@ume.nu> | 2009-09-05 18:59:19 +0200 |
---|---|---|
committer | Magnus Granberg <zorry@ume.nu> | 2009-09-05 18:59:19 +0200 |
commit | 59048cf4a3c0c5885376f72ae5c6d84c80994cd0 (patch) | |
tree | 422993a2f82c1ffcde6dc99b9fed117b0d159396 | |
parent | Added sys-boot/grub-0.97-r11 for testing the Grub2 -fPIE check (diff) | |
parent | Added myself to README (diff) | |
download | hardened-dev-59048cf4a3c0c5885376f72ae5c6d84c80994cd0.tar.gz hardened-dev-59048cf4a3c0c5885376f72ae5c6d84c80994cd0.tar.bz2 hardened-dev-59048cf4a3c0c5885376f72ae5c6d84c80994cd0.zip |
Merge branch 'master' of git+ssh://git@git.overlays.gentoo.org/proj/hardened-development
-rw-r--r-- | README | 1 | ||||
-rw-r--r-- | dev-lang/spidermonkey/ChangeLog | 17 | ||||
-rw-r--r-- | dev-lang/spidermonkey/Manifest | 6 | ||||
-rw-r--r-- | dev-lang/spidermonkey/files/linker_hardened.patch | 12 | ||||
-rw-r--r-- | dev-lang/spidermonkey/files/spidermonkey-1.5-build.patch | 138 | ||||
-rw-r--r-- | dev-lang/spidermonkey/files/spidermonkey-1.6-header.patch | 13 | ||||
-rw-r--r-- | dev-lang/spidermonkey/files/spidermonkey-1.7.0-threadsafe.diff | 18 | ||||
-rw-r--r-- | dev-lang/spidermonkey/spidermonkey-1.7.0-r1.ebuild | 52 |
8 files changed, 257 insertions, 0 deletions
@@ -15,5 +15,6 @@ Commiters: Magnus Granberg (Zorry) <zorry@ume.nu> Jory A. Pratt (Anarchy) <anarchy@gentoo.org> Peter Hjalmarsson (Xake) <xake@rymdraket.net> +Anthony G. Basile (blueness) <basile@opensource.dyc.edu> 2009-08-30 Peter Hjalmarsson (Xake) <xake@rymdraket.net> diff --git a/dev-lang/spidermonkey/ChangeLog b/dev-lang/spidermonkey/ChangeLog new file mode 100644 index 00000000..caac6234 --- /dev/null +++ b/dev-lang/spidermonkey/ChangeLog @@ -0,0 +1,17 @@ +# ChangeLog for dev-lang/spidermonkey +# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: $ + +*spidermonkey-1.7.0-r1 (05 Sep 2009) + + 05 Sep 2009; Anthony G. Basile <basile@opensource.dyc.edu> + +files/spidermonkey-1.5-build.patch, +files/spidermonkey-1.6-header.patch, + +spidermonkey-1.7.0-r1.ebuild, +files/spidermonkey-1.7.0-threadsafe.diff, + +files/linker_hardened.patch: + 2009-09-05 Dwokfur <atoth@atoth.sote.hu> + + #74 on http://hardened.gentooexperimental.org/trac/secure + + * src/config/Linux_All.mk: resolve linking difficulting with shared + libraries compiled with -fPIC + diff --git a/dev-lang/spidermonkey/Manifest b/dev-lang/spidermonkey/Manifest new file mode 100644 index 00000000..17938d1e --- /dev/null +++ b/dev-lang/spidermonkey/Manifest @@ -0,0 +1,6 @@ +AUX linker_hardened.patch 545 RMD160 548416098573167e19085360cb691fb561761bc3 SHA1 0c8a829301188609cee86de74561b42911f21cc0 SHA256 be83da67855f5d81c85eb634ba7aa6ff407cd3ed4a3ee3d9486a63dc96c29af5 +AUX spidermonkey-1.5-build.patch 3457 RMD160 323b186d6be267bce42f15fe0694b8c17d1e927d SHA1 995708c8cbd03ed690505fab70a54349d4b94d09 SHA256 04a2b3b1b85825f463c6eb703d32e66747e2a8cca81b0026b958862eb1248fdb +AUX spidermonkey-1.6-header.patch 270 RMD160 ff656884925470695542b2b9412a130c72577f3a SHA1 6039b01f565b2bf2c20490a52b99b52796057b61 SHA256 e81acd7ba025214b2ecfa5918a1652e4590eaca39307c4e8d9f5d949d315373e +AUX spidermonkey-1.7.0-threadsafe.diff 513 RMD160 894fd8791cdf3156031e4cb370a0de40ce53cdf2 SHA1 cd4d61468ca2fdd1f90b6bb207ebf46427261166 SHA256 3e41354e093efce3fe897814bc490aa45e17c9d6d0ca6ae7f9f1550b85be89e9 +DIST js-1.7.0.tar.gz 1165607 RMD160 6eadf1ac7c10a13b3db3d499856c9e18ddbcdfdb SHA1 1a99e8e10cb6600a03ea98895583a8ed42136d1f SHA256 44363f0f3895800ee6010763eae90c0d15ed28e07d783bc7b3c607ce98d8668b +EBUILD spidermonkey-1.7.0-r1.ebuild 1480 RMD160 53a278fcc210b7dc9ace47ed700fca8590848cd6 SHA1 b2ce0ebc4f16907970cc1bd2f4403881c76b4813 SHA256 2463e657d2b4fd2569741f4d17cecd08e0692a57241e25923adf9d4063ae8ad2 diff --git a/dev-lang/spidermonkey/files/linker_hardened.patch b/dev-lang/spidermonkey/files/linker_hardened.patch new file mode 100644 index 00000000..c43567b0 --- /dev/null +++ b/dev-lang/spidermonkey/files/linker_hardened.patch @@ -0,0 +1,12 @@ +diff -urN js.dwokfur1/src/config/Linux_All.mk js.dwokfur2/src/config/Linux_All.mk +--- js.dwokfur1/src/config/Linux_All.mk 2009-08-29 12:11:48.000000000 +0200 ++++ js.dwokfur2/src/config/Linux_All.mk 2009-08-29 12:13:13.000000000 +0200 +@@ -45,7 +45,7 @@ + OS_CFLAGS = -DXP_UNIX -DSVR4 -DSYSV -D_BSD_SOURCE -DPOSIX_SOURCE -DHAVE_LOCALTIME_R + + RANLIB = echo +-MKSHLIB = $(LD) -shared $(XMKSHLIBOPTS) -soname $(notdir $@) ++MKSHLIB = $(CC) -shared $(XMKSHLIBOPTS) -Xlinker -soname -Xlinker $(notdir $@) + + #.c.o: + # $(CC) -c -MD $*.d $(CFLAGS) $< diff --git a/dev-lang/spidermonkey/files/spidermonkey-1.5-build.patch b/dev-lang/spidermonkey/files/spidermonkey-1.5-build.patch new file mode 100644 index 00000000..a5c4b47d --- /dev/null +++ b/dev-lang/spidermonkey/files/spidermonkey-1.5-build.patch @@ -0,0 +1,138 @@ +--- js/src/Makefile.ref ++++ js/src/Makefile.ref +@@ -127,7 +127,7 @@ endif + ifdef JS_READLINE + # For those platforms with the readline library installed. + DEFINES += -DEDITLINE +-PROG_LIBS += -lreadline -ltermcap ++PROG_LIBS += -lreadline + else + ifdef JS_EDITLINE + # Use the editline library, built locally. +@@ -370,3 +370,16 @@ TARFILES = files `cat files` + SUFFIXES: .i + %.i: %.c + $(CC) -C -E $(CFLAGS) $< > $*.i ++ ++DESTDIR := ++PREFIX := /usr ++BINDIR := $(PREFIX)/bin ++MY_LIBDIR := $(PREFIX)/$(LIBDIR) ++INCLUDEDIR := $(PREFIX)/include/js ++INSTALL := install -g 0 -o root ++install: ++ $(INSTALL) -m 755 -d $(DESTDIR)$(INCLUDEDIR) $(DESTDIR)$(MY_LIBDIR) $(DESTDIR)$(BINDIR) ++ $(INSTALL) -m 755 $(SHARED_LIBRARY) $(DESTDIR)$(MY_LIBDIR) ++ $(INSTALL) -m 644 $(LIBRARY) $(DESTDIR)$(MY_LIBDIR) ++ $(INSTALL) -m 755 $(OBJDIR)/js $(OBJDIR)/jscpucfg $(DESTDIR)$(BINDIR) ++ $(INSTALL) -m 644 $(HFILES) $(DESTDIR)$(INCLUDEDIR) +--- js/src/config/Linux_All.mk ++++ js/src/config/Linux_All.mk +@@ -41,37 +41,15 @@ + # Config for all versions of Linux + # + +-CC = gcc +-CCC = g++ + CFLAGS += -Wall -Wno-format + OS_CFLAGS = -DXP_UNIX -DSVR4 -DSYSV -D_BSD_SOURCE -DPOSIX_SOURCE -DHAVE_LOCALTIME_R + + RANLIB = echo +-MKSHLIB = $(LD) -shared $(XMKSHLIBOPTS) ++MKSHLIB = $(LD) -shared $(XMKSHLIBOPTS) -soname $(notdir $@) + + #.c.o: + # $(CC) -c -MD $*.d $(CFLAGS) $< + +-CPU_ARCH = $(shell uname -m) +-# don't filter in x86-64 architecture +-ifneq (x86_64,$(CPU_ARCH)) +-ifeq (86,$(findstring 86,$(CPU_ARCH))) +-CPU_ARCH = x86 +-OS_CFLAGS+= -DX86_LINUX +- +-ifeq (gcc, $(CC)) +-# if using gcc on x86, check version for opt bug +-# (http://bugzilla.mozilla.org/show_bug.cgi?id=24892) +-GCC_VERSION := $(shell gcc -v 2>&1 | grep version | awk '{ print $$3 }') +-GCC_LIST:=$(sort 2.91.66 $(GCC_VERSION) ) +- +-ifeq (2.91.66, $(firstword $(GCC_LIST))) +-CFLAGS+= -DGCC_OPT_BUG +-endif +-endif +-endif +-endif +- + GFX_ARCH = x + + OS_LIBS = -lm -lc +@@ -88,16 +66,6 @@ + endif + + # Use the editline library to provide line-editing support. +-JS_EDITLINE = 1 ++JS_READLINE = 1 + +-ifeq ($(CPU_ARCH),x86_64) +-# Use VA_COPY() standard macro on x86-64 +-# FIXME: better use it everywhere + OS_CFLAGS += -DHAVE_VA_COPY -DVA_COPY=va_copy +-endif +- +-ifeq ($(CPU_ARCH),x86_64) +-# We need PIC code for shared libraries +-# FIXME: better patch rules.mk & fdlibm/Makefile* +-OS_CFLAGS += -DPIC -fPIC +-endif +--- js/src/rules.mk ++++ js/src/rules.mk +@@ -82,6 +82,10 @@ $(OBJDIR)/%.o: %.c + @$(MAKE_OBJDIR) + $(CC) -o $@ -c $(CFLAGS) $*.c + ++$(OBJDIR)/%.lo: %.c ++ @$(MAKE_OBJDIR) ++ $(CC) -o $@ -c $(CFLAGS) $*.c -fPIC ++ + $(OBJDIR)/%.o: %.s + @$(MAKE_OBJDIR) + $(AS) -o $@ $(ASFLAGS) $*.s +@@ -111,11 +115,12 @@ $(SHARED_LIBRARY): $(LIB_OBJS) + /implib:"$(OBJDIR)/$(@F:.dll=.lib)" $^ + else + $(LIBRARY): $(LIB_OBJS) +- $(AR) rv $@ $? ++ $(AR) cr $@ $? + $(RANLIB) $@ + +-$(SHARED_LIBRARY): $(LIB_OBJS) +- $(MKSHLIB) -o $@ $(LIB_OBJS) $(LDFLAGS) $(OTHER_LIBS) ++SHARED_LIB_OBJS := $(LIB_OBJS:.o=.lo) ++$(SHARED_LIBRARY): $(SHARED_LIB_OBJS) ++ $(MKSHLIB) -o $@ $(SHARED_LIB_OBJS) $(LDFLAGS) $(OTHER_LIBS) + endif + endif + +--- js/src/fdlibm/Makefile.ref ++++ js/src/fdlibm/Makefile.ref +@@ -151,7 +151,7 @@ + + $(OBJDIR)/%.o: %.c + @$(MAKE_OBJDIR) +- $(CC) -o $@ -c $(CFLAGS) $*.c ++ $(CC) -o $@ -c $(CFLAGS) $*.c -fPIC + + $(OBJDIR)/%.o: %.s + @$(MAKE_OBJDIR) +--- js/src/config.mk ++++ js/src/config.mk +@@ -112,6 +112,8 @@ + CP = cp + endif + ++BUILD_OPT := 1 ++ + ifdef BUILD_OPT + OPTIMIZER = -O + DEFINES += -UDEBUG -DNDEBUG -UDEBUG_$(shell whoami) diff --git a/dev-lang/spidermonkey/files/spidermonkey-1.6-header.patch b/dev-lang/spidermonkey/files/spidermonkey-1.6-header.patch new file mode 100644 index 00000000..df4cf7d5 --- /dev/null +++ b/dev-lang/spidermonkey/files/spidermonkey-1.6-header.patch @@ -0,0 +1,13 @@ +Index: src/Makefile.ref +=================================================================== +--- src.orig/Makefile.ref ++++ src/Makefile.ref +@@ -185,6 +185,8 @@ JS_HFILES = \ + jsstr.h \ + jsxdrapi.h \ + jsxml.h \ ++ jsutil.h \ ++ jsprf.h \ + $(NULL) + + API_HFILES = \ diff --git a/dev-lang/spidermonkey/files/spidermonkey-1.7.0-threadsafe.diff b/dev-lang/spidermonkey/files/spidermonkey-1.7.0-threadsafe.diff new file mode 100644 index 00000000..8728811f --- /dev/null +++ b/dev-lang/spidermonkey/files/spidermonkey-1.7.0-threadsafe.diff @@ -0,0 +1,18 @@ +Index: src/Makefile.ref +=================================================================== +--- src.orig/Makefile.ref ++++ src/Makefile.ref +@@ -63,11 +63,11 @@ INCLUDES += -I$(OBJDIR) + + ifdef JS_THREADSAFE + DEFINES += -DJS_THREADSAFE +-INCLUDES += -I$(DIST)/include/nspr ++INCLUDES += -I/usr/include/nspr + ifdef USE_MSVC + OTHER_LIBS += $(DIST)/lib/libnspr$(NSPR_LIBSUFFIX).lib + else +-OTHER_LIBS += -L$(DIST)/lib -lnspr$(NSPR_LIBSUFFIX) ++OTHER_LIBS += -L/usr/$(LIBDIR)/nspr -lnspr$(NSPR_LIBSUFFIX) + endif + endif + diff --git a/dev-lang/spidermonkey/spidermonkey-1.7.0-r1.ebuild b/dev-lang/spidermonkey/spidermonkey-1.7.0-r1.ebuild new file mode 100644 index 00000000..66179051 --- /dev/null +++ b/dev-lang/spidermonkey/spidermonkey-1.7.0-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/dev-lang/spidermonkey/spidermonkey-1.7.0.ebuild,v 1.7 2007/12/29 16:58:01 ranger Exp $ + +inherit eutils toolchain-funcs multilib + +MY_P="js-${PV}" +DESCRIPTION="Stand-alone JavaScript C library" +HOMEPAGE="http://www.mozilla.org/js/spidermonkey/" +SRC_URI="ftp://ftp.mozilla.org/pub/mozilla.org/js/${MY_P}.tar.gz" + +LICENSE="NPL-1.1" +SLOT="0" +KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86 ~x86-fbsd" +IUSE="threadsafe" + +S="${WORKDIR}/js/src" + +RDEPEND="threadsafe? ( dev-libs/nspr )" + +DEPEND="${RDEPEND}" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}/${PN}-1.5-build.patch" + epatch "${FILESDIR}/${PN}-1.6-header.patch" + epatch "${FILESDIR}/${P}-threadsafe.diff" + epatch "${FILESDIR}/linker_hardened.patch" + if [[ ${CHOST} == *-freebsd* ]]; then + # Don't try to be smart, this does not work in cross-compile anyway + ln -s "${S}/config/Linux_All.mk" "${S}/config/$(uname -s)$(uname -r).mk" + fi +} + +src_compile() { + tc-export CC LD AR + if use threadsafe; then + emake -j1 -f Makefile.ref LIBDIR="$(get_libdir)" JS_THREADSAFE=1 \ + || die "emake with threadsafe enabled failed"; + else + emake -j1 -f Makefile.ref LIBDIR="$(get_libdir)" \ + || die "emake without threadsafe enabled failed"; + fi +} + +src_install() { + emake -f Makefile.ref install DESTDIR="${D}" LIBDIR="$(get_libdir)" || die + dodoc ../jsd/README + dohtml README.html +} + |