summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdrian Almenar <strider@gentoo.org>2003-12-13 17:00:01 +0000
committerAdrian Almenar <strider@gentoo.org>2003-12-13 17:00:01 +0000
commiteba55a043d940b52717bb3f3c69c587beca8ee35 (patch)
tree6026441b2f8eb6cd71b66a90dcc33132553d6e70 /dev-java
parentclean some old ebuilds, bump to 2.2.1, update postinst \(fixes bug 35678\) (diff)
downloadgentoo-2-eba55a043d940b52717bb3f3c69c587beca8ee35.tar.gz
gentoo-2-eba55a043d940b52717bb3f3c69c587beca8ee35.tar.bz2
gentoo-2-eba55a043d940b52717bb3f3c69c587beca8ee35.zip
Added PAX Grscurity warning.
Diffstat (limited to 'dev-java')
-rw-r--r--dev-java/sun-jdk/ChangeLog6
-rw-r--r--dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild27
-rw-r--r--dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild31
-rw-r--r--dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild31
4 files changed, 85 insertions, 10 deletions
diff --git a/dev-java/sun-jdk/ChangeLog b/dev-java/sun-jdk/ChangeLog
index 5432677dd05e..c16819f8f263 100644
--- a/dev-java/sun-jdk/ChangeLog
+++ b/dev-java/sun-jdk/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for dev-java/sun-jdk
# Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/ChangeLog,v 1.60 2003/12/09 04:22:22 strider Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/ChangeLog,v 1.61 2003/12/13 17:00:01 strider Exp $
+
+ 13 Dec 2003; Adrian Almenar <strider@gentoo.org> sun-jdk-1.3.1.09.ebuild,
+ sun-jdk-1.4.2.02.ebuild, sun-jdk-1.4.2.03.ebuild:
+ Added Grsecurity and PAX warning taken from blackdown-jdk 1.4.1.
09 Dec 2003; Adrian Almenar <strider@gentoo.org> sun-jdk-1.4.1.06.ebuild,
sun-jdk-1.4.2.03.ebuild, files/sun-jdk-1.4.2.03, files/sun-jdk-1.4.1.06:
diff --git a/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild b/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild
index 85db9b82c73a..13d957b86dc4 100644
--- a/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild
+++ b/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild,v 1.4 2003/12/09 00:21:30 strider Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild,v 1.5 2003/12/13 17:00:01 strider Exp $
IUSE="doc"
@@ -23,6 +23,9 @@ SLOT="1.3"
KEYWORDS="x86 -ppc -sparc -alpha -mips -hppa -arm"
RESTRICT="fetch"
+# this is needed for proper operating under a PaX kernel without activated grsecurity acl
+CHPAX_CONSERVATIVE_FLAGS="pemsv"
+
pkg_nofetch() {
einfo "Please download ${At} from:"
einfo ${HOMEPAGE}
@@ -93,6 +96,28 @@ pkg_postinst () {
java_pkg_postinst
inst_plugin /opt/${P}/jre/plugin/i386/mozilla/libjavaplugin_oji.so
+ # if chpax is on the target system, set the appropriate PaX flags
+ # this will not hurt the binary, it modifies only unused ELF bits
+ # but may confuse things like AV scanners and automatic tripwire
+ if has_version "sys-apps/chpax"
+ then
+ einfo "setting up conservative PaX flags for jar, javac and java"
+
+ for paxkills in "jar" "javac" "java"
+ do
+ chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills
+ done
+
+ # /opt/sun-jdk-1.3.1.09/jre/bin/java_vm
+ chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/jre/bin/java_vm
+
+ einfo "you should have seen lots of chpax output above now"
+ ewarn "make sure the grsec ACL contains those entries also"
+ ewarn "because enabling it will override the chpax setting"
+ ewarn "on the physical files - help for PaX and grsecurity"
+ ewarn "can be given by #gentoo-hardened + pappy@gentoo.org"
+ fi
+
#Thanks to Douglas Pollock <douglas.pollock@magma.ca> for this
#comment found on the sun-jdk 1.2.2 ebuild that he sent.
einfo "********************************************************"
diff --git a/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild b/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild
index b0bf5a21eab1..4a4c2621a25d 100644
--- a/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild
+++ b/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild,v 1.4 2003/12/09 04:22:22 strider Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild,v 1.5 2003/12/13 17:00:01 strider Exp $
IUSE="doc gnome kde mozilla"
@@ -11,10 +11,10 @@ S="${WORKDIR}/j2sdk1.4.2_02"
DESCRIPTION="Sun's J2SE Development Kit, version 1.4.2_02"
HOMEPAGE="http://java.sun.com/products/archive/index.html"
SRC_URI=${At}
-RESTRICT="fetch"
SLOT="1.4"
LICENSE="sun-bcla-java-vm"
KEYWORDS="x86 -ppc -sparc -alpha -mips -hppa -arm"
+RESTRICT="fetch"
DEPEND=">=dev-java/java-config-0.2.7
sys-apps/sed
@@ -26,11 +26,12 @@ PROVIDE="virtual/jre-1.4.2
virtual/jdk-1.4.2
virtual/java-scheme-2"
-RESTRICT="fetch"
-
PACKED_JARS="lib/tools.jar jre/lib/rt.jar jre/lib/jsse.jar jre/lib/charsets.jar
jre/lib/ext/localedata.jar jre/lib/plugin.jar jre/javaws/javaws.jar"
+# this is needed for proper operating under a PaX kernel without activated grsecurity acl
+CHPAX_CONSERVATIVE_FLAGS="pemsv"
+
pkg_nofetch() {
einfo "Please download ${At} from:"
einfo ${HOMEPAGE}
@@ -136,6 +137,28 @@ pkg_postinst () {
echo
fi
+ # if chpax is on the target system, set the appropriate PaX flags
+ # this will not hurt the binary, it modifies only unused ELF bits
+ # but may confuse things like AV scanners and automatic tripwire
+ if has_version "sys-apps/chpax"
+ then
+ einfo "setting up conservative PaX flags for jar, javac and java"
+
+ for paxkills in "jar" "javac" "java"
+ do
+ chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills
+ done
+
+ # /opt/sun-jdk-1.4.2.02/jre/bin/java_vm
+ chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/jre/bin/java_vm
+
+ einfo "you should have seen lots of chpax output above now"
+ ewarn "make sure the grsec ACL contains those entries also"
+ ewarn "because enabling it will override the chpax setting"
+ ewarn "on the physical files - help for PaX and grsecurity"
+ ewarn "can be given by #gentoo-hardened + pappy@gentoo.org"
+ fi
+
#Thanks to Douglas Pollock <douglas.pollock@magma.ca> for this
#comment found on the sun-jdk 1.2.2 ebuild that he sent.
einfo "*********************************************************"
diff --git a/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild b/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild
index 4f714aa25362..50a2ab3a4c43 100644
--- a/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild
+++ b/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild
@@ -1,6 +1,6 @@
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild,v 1.1 2003/12/09 04:22:22 strider Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild,v 1.2 2003/12/13 17:00:01 strider Exp $
IUSE="doc gnome kde mozilla"
@@ -11,10 +11,10 @@ S="${WORKDIR}/j2sdk1.4.2_03"
DESCRIPTION="Sun's J2SE Development Kit, version 1.4.2_03"
HOMEPAGE="http://java.sun.com/j2se/1.4.2/download.html"
SRC_URI=${At}
-RESTRICT="fetch"
SLOT="1.4"
LICENSE="sun-bcla-java-vm"
KEYWORDS="~x86 -ppc -sparc -alpha -mips -hppa -arm"
+RESTRICT="fetch"
DEPEND=">=dev-java/java-config-1.1.5
sys-apps/sed
@@ -26,11 +26,12 @@ PROVIDE="virtual/jre-1.4.2
virtual/jdk-1.4.2
virtual/java-scheme-2"
-RESTRICT="fetch"
-
PACKED_JARS="lib/tools.jar jre/lib/rt.jar jre/lib/jsse.jar jre/lib/charsets.jar
jre/lib/ext/localedata.jar jre/lib/plugin.jar jre/javaws/javaws.jar"
+# this is needed for proper operating under a PaX kernel without activated grsecurity acl
+CHPAX_CONSERVATIVE_FLAGS="pemsv"
+
pkg_nofetch() {
einfo "Please download ${At} from:"
einfo ${HOMEPAGE}
@@ -136,6 +137,28 @@ pkg_postinst () {
echo
fi
+ # if chpax is on the target system, set the appropriate PaX flags
+ # this will not hurt the binary, it modifies only unused ELF bits
+ # but may confuse things like AV scanners and automatic tripwire
+ if has_version "sys-apps/chpax"
+ then
+ einfo "setting up conservative PaX flags for jar, javac and java"
+
+ for paxkills in "jar" "javac" "java"
+ do
+ chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills
+ done
+
+ # /opt/sun-jdk-1.4.2.03/jre/bin/java_vm
+ chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/jre/bin/java_vm
+
+ einfo "you should have seen lots of chpax output above now"
+ ewarn "make sure the grsec ACL contains those entries also"
+ ewarn "because enabling it will override the chpax setting"
+ ewarn "on the physical files - help for PaX and grsecurity"
+ ewarn "can be given by #gentoo-hardened + pappy@gentoo.org"
+ fi
+
#Thanks to Douglas Pollock <douglas.pollock@magma.ca> for this
#comment found on the sun-jdk 1.2.2 ebuild that he sent.
einfo "*********************************************************"