diff options
| -rw-r--r-- | app-eselect/eselect-postgresql/eselect-postgresql-2.2.ebuild | 2 | ||||
| -rw-r--r-- | eclass/flag-o-matic.eclass | 20 | ||||
| -rw-r--r-- | eclass/git-r3.eclass | 28 | ||||
| -rwxr-xr-x | eclass/tests/flag-o-matic.sh | 7 | ||||
| -rw-r--r-- | sys-apps/gentoo-functions/gentoo-functions-0.12.ebuild | 2 |
5 files changed, 46 insertions, 13 deletions
diff --git a/app-eselect/eselect-postgresql/eselect-postgresql-2.2.ebuild b/app-eselect/eselect-postgresql/eselect-postgresql-2.2.ebuild index 67ad4cd1b57c..e9a3e590ec72 100644 --- a/app-eselect/eselect-postgresql/eselect-postgresql-2.2.ebuild +++ b/app-eselect/eselect-postgresql/eselect-postgresql-2.2.ebuild @@ -8,7 +8,7 @@ HOMEPAGE="http://www.gentoo.org/" SRC_URI="http://dev.gentoo.org/~titanofold/${P}.tbz2" LICENSE="GPL-2" SLOT="0" -KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~ppc-macos ~x86-solaris" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ppc ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~ppc-macos ~x86-solaris" IUSE="" RDEPEND="app-admin/eselect" diff --git a/eclass/flag-o-matic.eclass b/eclass/flag-o-matic.eclass index b2f3742b3ecf..4e3cfff5afd5 100644 --- a/eclass/flag-o-matic.eclass +++ b/eclass/flag-o-matic.eclass @@ -433,10 +433,21 @@ test-flag-PROG() { # Use -c so we can test the assembler as well. -c -o /dev/null ) - if "${cmdline[@]}" -x${lang} - </dev/null >/dev/null 2>&1 ; then - "${cmdline[@]}" "${flag}" -x${lang} - </dev/null >/dev/null 2>&1 + if "${cmdline[@]}" -x${lang} - </dev/null &>/dev/null ; then + cmdline+=( "${flag}" -x${lang} - ) else - "${cmdline[@]}" "${flag}" -c -o /dev/null /dev/null >/dev/null 2>&1 + # XXX: what's the purpose of this? does it even work with + # any compiler? + cmdline+=( "${flag}" -c -o /dev/null /dev/null ) + fi + + if ! "${cmdline[@]}" </dev/null &>/dev/null; then + # -Werror makes clang bail out on unused arguments as well; + # try to add -Qunused-arguments to work-around that + # other compilers don't support it but then, it's failure like + # any other + cmdline+=( -Qunused-arguments ) + "${cmdline[@]}" </dev/null &>/dev/null fi } @@ -535,6 +546,9 @@ strip-unsupported-flags() { export CXXFLAGS=$(test-flags-CXX ${CXXFLAGS}) export FFLAGS=$(test-flags-F77 ${FFLAGS}) export FCFLAGS=$(test-flags-FC ${FCFLAGS}) + # note: this does not verify the linker flags but it is enough + # to strip invalid C flags which are much more likely, #621274 + export LDFLAGS=$(test-flags-CC ${LDFLAGS}) } # @FUNCTION: get-flag diff --git a/eclass/git-r3.eclass b/eclass/git-r3.eclass index bc7d4d920299..ee6050c3cdd2 100644 --- a/eclass/git-r3.eclass +++ b/eclass/git-r3.eclass @@ -105,18 +105,22 @@ fi # @ECLASS-VARIABLE: EGIT_REPO_URI # @REQUIRED # @DESCRIPTION: -# URIs to the repository, e.g. git://foo, https://foo. If multiple URIs -# are provided, the eclass will consider them as fallback URIs to try -# if the first URI does not work. For supported URI syntaxes, read up -# the manpage for git-clone(1). +# URIs to the repository, e.g. https://foo. If multiple URIs are +# provided, the eclass will consider the remaining URIs as fallbacks +# to try if the first URI does not work. For supported URI syntaxes, +# read the manpage for git-clone(1). # -# It can be overriden via env using ${PN}_LIVE_REPO variable. +# URIs should be using https:// whenever possible. http:// and git:// +# URIs are completely unsecured and their use (even if only as +# a fallback) renders the ebuild completely vulnerable to MITM attacks. +# +# It can be overridden via env using ${PN}_LIVE_REPO variable. # # Can be a whitespace-separated list or an array. # # Example: # @CODE -# EGIT_REPO_URI="git://a/b.git https://c/d.git" +# EGIT_REPO_URI="https://a/b.git https://c/d.git" # @CODE # @ECLASS-VARIABLE: EVCS_OFFLINE @@ -566,6 +570,16 @@ git-r3_fetch() { [[ ${repos[@]} ]] || die "No URI provided and EGIT_REPO_URI unset" + local r + for r in "${repos[@]}"; do + if [[ ${r} == git:* || ${r} == http:* ]]; then + ewarn "git-r3: ${r%%:*} protocol is completely unsecure and may render the ebuild" + ewarn "easily suspectible to MITM attacks (even if used only as fallback). Please" + ewarn "use https instead." + ewarn "[URI: ${r}]" + fi + done + local -x GIT_DIR _git-r3_set_gitdir "${repos[0]}" @@ -578,7 +592,7 @@ git-r3_fetch() { fi # try to fetch from the remote - local r success saved_umask + local success saved_umask if [[ ${EVCS_UMASK} ]]; then saved_umask=$(umask) umask "${EVCS_UMASK}" || die "Bad options to umask: ${EVCS_UMASK}" diff --git a/eclass/tests/flag-o-matic.sh b/eclass/tests/flag-o-matic.sh index 92c68b82c3c9..53af9f862c41 100755 --- a/eclass/tests/flag-o-matic.sh +++ b/eclass/tests/flag-o-matic.sh @@ -55,7 +55,7 @@ done <<<" tbegin "strip-unsupported-flags" strip-unsupported-flags -[[ ${CFLAGS} == "" ]] && [[ ${CXXFLAGS} == "-z=2" ]] +[[ ${CFLAGS} == "" ]] && [[ ${CXXFLAGS} == "-z=2" ]] && [[ ${LDFLAGS} == "" ]] ftend for var in $(all-flag-vars) ; do @@ -143,6 +143,11 @@ tbegin "test-flags-CC (gcc-valid but clang-invalid flags)" out=$(CC=clang test-flags-CC -finline-limit=1200) [[ $? -ne 0 && -z ${out} ]] ftend + +tbegin "test-flags-CC (unused flags w/clang)" +out=$(CC=clang test-flags-CC -Wl,-O1) +[[ $? -eq 0 && ${out} == "-Wl,-O1" ]] +ftend fi texit diff --git a/sys-apps/gentoo-functions/gentoo-functions-0.12.ebuild b/sys-apps/gentoo-functions/gentoo-functions-0.12.ebuild index 448750cda8ea..2c00af292f05 100644 --- a/sys-apps/gentoo-functions/gentoo-functions-0.12.ebuild +++ b/sys-apps/gentoo-functions/gentoo-functions-0.12.ebuild @@ -8,7 +8,7 @@ if [[ ${PV} == 9999* ]]; then EGIT_REPO_URI="https://github.com/gentoo/${PN}.git" else SRC_URI="https://github.com/gentoo/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" - KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" + KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris ~x86-winnt" fi inherit toolchain-funcs flag-o-matic |