6 files changed, 26 insertions, 14 deletions

diff --git a/profiles/features/hardened/amd64/package.use b/profiles/features/hardened/amd64/package.use
index 0cef7f8d1d92..dff56ad8871d 100644
--- a/profiles/features/hardened/amd64/package.use
+++ b/profiles/features/hardened/amd64/package.use
@@ -3,10 +3,11 @@
 
 # Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015)
 # We need to have the pic flag on.
-# Bugs 490276, 513464, 523736 and 512208.
+# Bugs 358929, 490276, 513464, 523736 and 512208.
 media-libs/x264 pic
 media-video/ffmpeg pic
 media-video/libav pic
->=media-libs/mesa-10.1.6 pic
+media-libs/mesa pic
 media-libs/libpostproc pic
->=media-libs/xvid-1.3.3 pic
+media-libs/xvid pic
+app-emulation/open-vm-tools pic
diff --git a/profiles/features/hardened/amd64/package.use.force b/profiles/features/hardened/amd64/package.use.force
deleted file mode 100644
index ef833f2d1b51..000000000000
--- a/profiles/features/hardened/amd64/package.use.force
+++ /dev/null
@@ -1,7 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-# Magnus Granberg <zorry@gentoo.org> (14 Jan, 2015)
-# We need to have the pic flag on.
-# Bugs 358929
-app-emulation/open-vm-tools pic
diff --git a/profiles/features/hardened/make.defaults b/profiles/features/hardened/make.defaults
index d83d7eab8856..1f5030f9a41b 100644
--- a/profiles/features/hardened/make.defaults
+++ b/profiles/features/hardened/make.defaults
@@ -5,7 +5,7 @@
 # Rename STAGE1_USE to BOOTSTRAP_USE and stack it to the parent value
 BOOTSTRAP_USE="${BOOTSTRAP_USE} hardened pic xtpax -jit -orc"
 
-USE="hardened pic urandom xtpax -fortran -jit -orc"
+USE="hardened pic xtpax -jit -orc"
 
 # Ian Stakenvicius, 2014-09-03
 # Set a variable just to indicate that the current profile is a hardened one
@@ -13,3 +13,14 @@ USE="hardened pic urandom xtpax -fortran -jit -orc"
 # indicate said package is, say, configured in a way that defeats the purpose
 # of running hardened.
 PROFILE_IS_HARDENED=1
+
+# We set the default markings to XATTR_PAX
+PAX_MARKINGS="XT"
+
+# Default starting set of USE flags for all default/linux profiles.
+# We unset them so we get a clean use flag profile.
+USE="${USE} -berkdb -gdbm -tcpd"
+USE="${USE} -fortran"
+USE="${USE} -cli -session"
+USE="${USE} -dri"
+USE="${USE} -modules"
diff --git a/profiles/features/hardened/package.use.mask b/profiles/features/hardened/package.use.mask
index e3320e1e4d9d..cdab4d608d05 100644
--- a/profiles/features/hardened/package.use.mask
+++ b/profiles/features/hardened/package.use.mask
@@ -3,9 +3,16 @@
 
 sys-apps/hwloc gl
 
-sys-devel/gcc -hardened
+sys-devel/gcc -hardened sanitize
 sys-libs/glibc -hardened
 
+# Ian Stakenvicius <axs@gentoo.org> (03 Dec 2014)
+# Have no way of knowing what Gecko Media Plugins will install in profiles
+www-client/firefox gmp-autoupdate
+
 # net-fs/openafs-kernel module can't be used on hardened,
 # see bug 540196.
 net-fs/openafs modules
+
+# jit don't work on hardened.
+dev-vcs/git pcre-jit
diff --git a/profiles/features/hardened/packages b/profiles/features/hardened/packages
index 2524abdd0c4f..3790c915840d 100644
--- a/profiles/features/hardened/packages
+++ b/profiles/features/hardened/packages
@@ -1,4 +1,4 @@
-# Copyright 1999-2013 Gentoo Foundation.
+# Copyright 1999-2017 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
 
 # This file extends the base packages file for all hardened profiles
diff --git a/profiles/features/hardened/use.force b/profiles/features/hardened/use.force
index 35e56536ec64..2f57880682b1 100644
--- a/profiles/features/hardened/use.force
+++ b/profiles/features/hardened/use.force
@@ -1,4 +1,4 @@
-# Copyright 1999-2015 Gentoo Foundation
+# Copyright 1999-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 # Make sure people don't accidentally turn of ssp/pie in important packages.