diff options
author | Adrian Almenar <strider@gentoo.org> | 2003-12-13 17:00:01 +0000 |
---|---|---|
committer | Adrian Almenar <strider@gentoo.org> | 2003-12-13 17:00:01 +0000 |
commit | eba55a043d940b52717bb3f3c69c587beca8ee35 (patch) | |
tree | 6026441b2f8eb6cd71b66a90dcc33132553d6e70 /dev-java | |
parent | clean some old ebuilds, bump to 2.2.1, update postinst \(fixes bug 35678\) (diff) | |
download | gentoo-2-eba55a043d940b52717bb3f3c69c587beca8ee35.tar.gz gentoo-2-eba55a043d940b52717bb3f3c69c587beca8ee35.tar.bz2 gentoo-2-eba55a043d940b52717bb3f3c69c587beca8ee35.zip |
Added PAX Grscurity warning.
Diffstat (limited to 'dev-java')
-rw-r--r-- | dev-java/sun-jdk/ChangeLog | 6 | ||||
-rw-r--r-- | dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild | 27 | ||||
-rw-r--r-- | dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild | 31 | ||||
-rw-r--r-- | dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild | 31 |
4 files changed, 85 insertions, 10 deletions
diff --git a/dev-java/sun-jdk/ChangeLog b/dev-java/sun-jdk/ChangeLog index 5432677dd05e..c16819f8f263 100644 --- a/dev-java/sun-jdk/ChangeLog +++ b/dev-java/sun-jdk/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for dev-java/sun-jdk # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/ChangeLog,v 1.60 2003/12/09 04:22:22 strider Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/ChangeLog,v 1.61 2003/12/13 17:00:01 strider Exp $ + + 13 Dec 2003; Adrian Almenar <strider@gentoo.org> sun-jdk-1.3.1.09.ebuild, + sun-jdk-1.4.2.02.ebuild, sun-jdk-1.4.2.03.ebuild: + Added Grsecurity and PAX warning taken from blackdown-jdk 1.4.1. 09 Dec 2003; Adrian Almenar <strider@gentoo.org> sun-jdk-1.4.1.06.ebuild, sun-jdk-1.4.2.03.ebuild, files/sun-jdk-1.4.2.03, files/sun-jdk-1.4.1.06: diff --git a/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild b/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild index 85db9b82c73a..13d957b86dc4 100644 --- a/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild +++ b/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild,v 1.4 2003/12/09 00:21:30 strider Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.3.1.09.ebuild,v 1.5 2003/12/13 17:00:01 strider Exp $ IUSE="doc" @@ -23,6 +23,9 @@ SLOT="1.3" KEYWORDS="x86 -ppc -sparc -alpha -mips -hppa -arm" RESTRICT="fetch" +# this is needed for proper operating under a PaX kernel without activated grsecurity acl +CHPAX_CONSERVATIVE_FLAGS="pemsv" + pkg_nofetch() { einfo "Please download ${At} from:" einfo ${HOMEPAGE} @@ -93,6 +96,28 @@ pkg_postinst () { java_pkg_postinst inst_plugin /opt/${P}/jre/plugin/i386/mozilla/libjavaplugin_oji.so + # if chpax is on the target system, set the appropriate PaX flags + # this will not hurt the binary, it modifies only unused ELF bits + # but may confuse things like AV scanners and automatic tripwire + if has_version "sys-apps/chpax" + then + einfo "setting up conservative PaX flags for jar, javac and java" + + for paxkills in "jar" "javac" "java" + do + chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills + done + + # /opt/sun-jdk-1.3.1.09/jre/bin/java_vm + chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/jre/bin/java_vm + + einfo "you should have seen lots of chpax output above now" + ewarn "make sure the grsec ACL contains those entries also" + ewarn "because enabling it will override the chpax setting" + ewarn "on the physical files - help for PaX and grsecurity" + ewarn "can be given by #gentoo-hardened + pappy@gentoo.org" + fi + #Thanks to Douglas Pollock <douglas.pollock@magma.ca> for this #comment found on the sun-jdk 1.2.2 ebuild that he sent. einfo "********************************************************" diff --git a/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild b/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild index b0bf5a21eab1..4a4c2621a25d 100644 --- a/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild +++ b/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild,v 1.4 2003/12/09 04:22:22 strider Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.02.ebuild,v 1.5 2003/12/13 17:00:01 strider Exp $ IUSE="doc gnome kde mozilla" @@ -11,10 +11,10 @@ S="${WORKDIR}/j2sdk1.4.2_02" DESCRIPTION="Sun's J2SE Development Kit, version 1.4.2_02" HOMEPAGE="http://java.sun.com/products/archive/index.html" SRC_URI=${At} -RESTRICT="fetch" SLOT="1.4" LICENSE="sun-bcla-java-vm" KEYWORDS="x86 -ppc -sparc -alpha -mips -hppa -arm" +RESTRICT="fetch" DEPEND=">=dev-java/java-config-0.2.7 sys-apps/sed @@ -26,11 +26,12 @@ PROVIDE="virtual/jre-1.4.2 virtual/jdk-1.4.2 virtual/java-scheme-2" -RESTRICT="fetch" - PACKED_JARS="lib/tools.jar jre/lib/rt.jar jre/lib/jsse.jar jre/lib/charsets.jar jre/lib/ext/localedata.jar jre/lib/plugin.jar jre/javaws/javaws.jar" +# this is needed for proper operating under a PaX kernel without activated grsecurity acl +CHPAX_CONSERVATIVE_FLAGS="pemsv" + pkg_nofetch() { einfo "Please download ${At} from:" einfo ${HOMEPAGE} @@ -136,6 +137,28 @@ pkg_postinst () { echo fi + # if chpax is on the target system, set the appropriate PaX flags + # this will not hurt the binary, it modifies only unused ELF bits + # but may confuse things like AV scanners and automatic tripwire + if has_version "sys-apps/chpax" + then + einfo "setting up conservative PaX flags for jar, javac and java" + + for paxkills in "jar" "javac" "java" + do + chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills + done + + # /opt/sun-jdk-1.4.2.02/jre/bin/java_vm + chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/jre/bin/java_vm + + einfo "you should have seen lots of chpax output above now" + ewarn "make sure the grsec ACL contains those entries also" + ewarn "because enabling it will override the chpax setting" + ewarn "on the physical files - help for PaX and grsecurity" + ewarn "can be given by #gentoo-hardened + pappy@gentoo.org" + fi + #Thanks to Douglas Pollock <douglas.pollock@magma.ca> for this #comment found on the sun-jdk 1.2.2 ebuild that he sent. einfo "*********************************************************" diff --git a/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild b/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild index 4f714aa25362..50a2ab3a4c43 100644 --- a/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild +++ b/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild,v 1.1 2003/12/09 04:22:22 strider Exp $ +# $Header: /var/cvsroot/gentoo-x86/dev-java/sun-jdk/sun-jdk-1.4.2.03.ebuild,v 1.2 2003/12/13 17:00:01 strider Exp $ IUSE="doc gnome kde mozilla" @@ -11,10 +11,10 @@ S="${WORKDIR}/j2sdk1.4.2_03" DESCRIPTION="Sun's J2SE Development Kit, version 1.4.2_03" HOMEPAGE="http://java.sun.com/j2se/1.4.2/download.html" SRC_URI=${At} -RESTRICT="fetch" SLOT="1.4" LICENSE="sun-bcla-java-vm" KEYWORDS="~x86 -ppc -sparc -alpha -mips -hppa -arm" +RESTRICT="fetch" DEPEND=">=dev-java/java-config-1.1.5 sys-apps/sed @@ -26,11 +26,12 @@ PROVIDE="virtual/jre-1.4.2 virtual/jdk-1.4.2 virtual/java-scheme-2" -RESTRICT="fetch" - PACKED_JARS="lib/tools.jar jre/lib/rt.jar jre/lib/jsse.jar jre/lib/charsets.jar jre/lib/ext/localedata.jar jre/lib/plugin.jar jre/javaws/javaws.jar" +# this is needed for proper operating under a PaX kernel without activated grsecurity acl +CHPAX_CONSERVATIVE_FLAGS="pemsv" + pkg_nofetch() { einfo "Please download ${At} from:" einfo ${HOMEPAGE} @@ -136,6 +137,28 @@ pkg_postinst () { echo fi + # if chpax is on the target system, set the appropriate PaX flags + # this will not hurt the binary, it modifies only unused ELF bits + # but may confuse things like AV scanners and automatic tripwire + if has_version "sys-apps/chpax" + then + einfo "setting up conservative PaX flags for jar, javac and java" + + for paxkills in "jar" "javac" "java" + do + chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/bin/$paxkills + done + + # /opt/sun-jdk-1.4.2.03/jre/bin/java_vm + chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${PN}-${PV}/jre/bin/java_vm + + einfo "you should have seen lots of chpax output above now" + ewarn "make sure the grsec ACL contains those entries also" + ewarn "because enabling it will override the chpax setting" + ewarn "on the physical files - help for PaX and grsecurity" + ewarn "can be given by #gentoo-hardened + pappy@gentoo.org" + fi + #Thanks to Douglas Pollock <douglas.pollock@magma.ca> for this #comment found on the sun-jdk 1.2.2 ebuild that he sent. einfo "*********************************************************" |