Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-emulation
diff options
context:
space:
mode:
authorSergey Alirzaev <zl29ah@gmail.com>2018-04-10 16:36:22 +0300
committerLars Wendler <polynomial-c@gentoo.org>2018-04-11 09:54:01 +0200
commitb3da431a04f89ae090d13b3952f9a67d19912647 (patch)
tree4172262e2c19437e7ee07a899b051529c205ed6c /app-emulation
parentsys-apps/util-linux: Synchronize live ebuild. (diff)
downloadgentoo-b3da431a04f89ae090d13b3952f9a67d19912647.tar.gz
gentoo-b3da431a04f89ae090d13b3952f9a67d19912647.tar.bz2
gentoo-b3da431a04f89ae090d13b3952f9a67d19912647.zip
app-emulation/virtualbox: fix patching for hardened
Bug: https://bugs.gentoo.org/643466 Closes: https://github.com/gentoo/gentoo/pull/7928
Diffstat (limited to 'app-emulation')
-rw-r--r--app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch147
-rw-r--r--app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch59
-rw-r--r--app-emulation/virtualbox/virtualbox-5.2.8.ebuild4
3 files changed, 208 insertions, 2 deletions
diff --git a/app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch b/app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch
new file mode 100644
index 000000000000..35bd8e0a705e
--- /dev/null
+++ b/app-emulation/virtualbox/files/050_virtualbox-5.2.8-nopie.patch
@@ -0,0 +1,147 @@
+diff -Naur VirtualBox-5.1.24/Config.kmk VirtualBox-5.1.24/Config.kmk
+--- VirtualBox-5.1.24/Config.kmk 2017-07-26 13:55:27.803972185 -0400
++++ VirtualBox-5.1.24/Config.kmk 2017-07-26 13:53:10.700974328 -0400
+@@ -2601,6 +2601,7 @@
+ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_Wno-overlength-strings?= $(call VBOX_GCC_CHECK_CC,-Wno-overlength-strings,)'
+ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_Wno-overloaded-virtual?= $(call VBOX_GCC_CHECK_CXX,-Wno-overloaded-virtual,)'
+ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_fno-stack-protector ?= $(call VBOX_GCC_CHECK_CC,-fno-stack-protector,)'
++ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_nopie ?= $(call VBOX_GCC_CHECK_CC,-nopie,)'
+ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_fno-dwarf2-cfi-asm ?= $(call VBOX_GCC_CHECK_CC,-fno-dwarf2-cfi-asm,)'
+ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_m64 ?= $(call VBOX_GCC_CHECK_CC,-m64,)'
+ $(QUIET)$(APPEND) '$@' 'VBOX_GCC_no-pie ?= $(call VBOX_GCC_CHECK_CC,-no-pie,)'
+@@ -3843,8 +3844,8 @@
+
+ ifeq ($(VBOX_LDR_FMT32),elf)
+ TEMPLATE_VBoxRc_TOOL = $(VBOX_GCC32_TOOL)
+- TEMPLATE_VBoxRc_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_fvisibility-inlines-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
+- TEMPLATE_VBoxRc_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_IPRT_FMT_CHECK)
++ TEMPLATE_VBoxRc_CXXFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_fvisibility-inlines-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
++ TEMPLATE_VBoxRc_CFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-strict-aliasing $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_fvisibility-hidden) $(VBOX_GCC_IPRT_FMT_CHECK)
+ ifeq ($(KBUILD_TARGET),solaris)
+ TEMPLATE_VBoxRc_LDFLAGS = -r
+ else
+@@ -3864,8 +3865,8 @@
+ ifeq ($(VBOX_LDR_FMT32),macho)
+ TEMPLATE_VBoxRc_TOOL = $(VBOX_GCC_TOOL)
+ TEMPLATE_VBoxRc_DEFS += $(VBOX_DARWIN_DEF_SDK_DEFS)
+- TEMPLATE_VBoxRc_CXXFLAGS = $(VBOX_DARWIN_DEF_SDK_CXXFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing -fno-rtti
+- TEMPLATE_VBoxRc_CFLAGS = $(VBOX_DARWIN_DEF_SDK_CFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing
++ TEMPLATE_VBoxRc_CXXFLAGS = $(VBOX_DARWIN_DEF_SDK_CXXFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing -fno-rtti
++ TEMPLATE_VBoxRc_CFLAGS = $(VBOX_DARWIN_DEF_SDK_CFLAGS) -m32 -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC32_Wno-variadic-macros) -fno-common -msoft-float -static $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-exceptions $(VBOX_GCC_GC_OPT) $(VBOX_GCC_GC_FP) -fno-strict-aliasing
+ TEMPLATE_VBoxRc_LDFLAGS = $(VBOX_DARWIN_DEF_SDK_LDFLAGS) -m32 -nostdlib
+ #TEMPLATE_VBoxRc_LDFLAGS.release = -Wl,-S ???
+ endif
+@@ -3903,9 +3904,9 @@
+ endif
+
+ ifeq ($(VBOX_LDR_FMT32),elf)
+- TEMPLATE_VBoxRcExe_CFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CFLAGS)) -O0
+- TEMPLATE_VBoxRcExe_CXXFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CXXFLAGS)) -O0
+- TEMPLATE_VBoxRcExe_LDFLAGS = -g
++ TEMPLATE_VBoxRcExe_CFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CFLAGS)) -O0 $(VBOX_GCC_nopie)
++ TEMPLATE_VBoxRcExe_CXXFLAGS = $(filter-out -nostdinc,$(TEMPLATE_VBoxRc_CXXFLAGS)) -O0 $(VBOX_GCC_nopie)
++ TEMPLATE_VBoxRcExe_LDFLAGS = -g $(VBOX_GCC_nopie)
+ TEMPLATE_VBoxRcExe_LDFLAGS.dbgopt = -g
+ TEMPLATE_VBoxRcExe_LDFLAGS.strict = -g
+ TEMPLATE_VBoxRcExe_LDFLAGS.release = -g
+@@ -3984,8 +3985,8 @@
+
+ ifeq ($(VBOX_LDR_FMT),elf)
+ TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL)
+-TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
+-TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
++TEMPLATE_VBoxR0_CFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
++TEMPLATE_VBoxR0_CXXFLAGS = -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
+ TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-asynchronous-unwind-tables -ffreestanding
+ TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fno-asynchronous-unwind-tables
+ ifeq ($(KBUILD_TARGET),solaris)
+@@ -4018,12 +4019,12 @@
+ TEMPLATE_VBoxR0_DEFS += $(VBOX_DARWIN_DEF_SDK_DEFS)
+ TEMPLATE_VBoxR0_CXXFLAGS = $(VBOX_DARWIN_DEF_SDK_CXXFLAGS) -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) \
+ -fno-common -msoft-float -static -fno-rtti -fno-exceptions $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing \
+- -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector)
++ -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie)
+ TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mno-sse3 -mno-sse4 -mno-sse4.1 -mno-sse4.2 -mno-sse4a -fno-unwind-tables
+ TEMPLATE_VBoxR0_CXXFLAGS.x86 = -m32
+ TEMPLATE_VBoxR0_CFLAGS = $(VBOX_DARWIN_DEF_SDK_CFLAGS) -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) \
+ -fno-common -msoft-float -static -fno-exceptions $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing \
+- -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector)
++ -mno-sse -mno-mmx -mno-sse2 -mno-3dnow $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie)
+ TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mno-sse3 -mno-sse4 -mno-sse4.1 -mno-sse4.2 -mno-sse4a -fno-unwind-tables
+ TEMPLATE_VBoxR0_CFLAGS.x86 = -m32
+ TEMPLATE_VBoxR0_LDFLAGS = $(VBOX_DARWIN_DEF_SDK_LDFLAGS) -nostdlib
+@@ -4259,7 +4260,7 @@
+ -Wstrict-prototypes -Wmissing-prototypes -Wstrict-prototypes \
+ -Wimplicit-function-declaration -Werror-implicit-function-declaration \
+ -O2 -ffreestanding -fno-strict-aliasing -fno-common -finline-limit=8000 \
+- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
+ -nostdinc -std=c99
+ TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -m32 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2
+ TEMPLATE_VBOXR0DRV_CFLAGS.amd64 = -m64 --param inline-unit-growth=100 --param large-function-growth=1000 \
+@@ -4268,7 +4269,7 @@
+ TEMPLATE_VBOXR0DRV_CXXFLAGS = -fno-exceptions -fno-rtti \
+ $(VBOX_GCC_WARN) -Wpointer-arith -Winline \
+ -O2 -fno-strict-aliasing -fno-common -finline-limit=8000 \
+- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
+ -nostdinc
+ TEMPLATE_VBOXR0DRV_CXXFLAGS.x86 = $(TEMPLATE_VBOXR0DRV_CFLAGS.x86)
+ TEMPLATE_VBOXR0DRV_CXXFLAGS.amd64 = $(TEMPLATE_VBOXR0DRV_CFLAGS.amd64)
+@@ -4341,7 +4342,7 @@
+ -Wstrict-prototypes -Wmissing-prototypes -Wstrict-prototypes \
+ -Wimplicit-function-declaration -Werror-implicit-function-declaration \
+ -O2 -ffreestanding -fno-strict-aliasing -fno-common -finline-limit=8000 \
+- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
+ -nostdinc -std=c99 -msoft-float
+ TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -m32 \
+ -mpreferred-stack-boundary=2 -mno-mmx -mno-sse -mno-avx \
+@@ -4353,7 +4354,7 @@
+ TEMPLATE_VBOXR0DRV_CXXFLAGS = -fno-exceptions -fno-rtti \
+ $(VBOX_GCC_WARN) -Wpointer-arith -Winline \
+ -O2 -fno-strict-aliasing -fno-common -finline-limit=8000 \
+- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) \
+ -nostdinc -msoft-float
+ TEMPLATE_VBOXR0DRV_CXXFLAGS.x86 = $(TEMPLATE_VBOXR0DRV_CFLAGS.x86)
+ TEMPLATE_VBOXR0DRV_CXXFLAGS.amd64 = $(TEMPLATE_VBOXR0DRV_CFLAGS.amd64)
+@@ -4394,7 +4395,7 @@
+ TEMPLATE_VBOXR0DRV_LDFLAGS = -shared -no-undefined -dc -dy -lroot -rpath-link /boot/system/develop/lib/x86 --no-add-needed /boot/system/develop/lib/_KERNEL_ --no-add-needed /boot/system/develop/lib/haiku_version_glue.o
+ TEMPLATE_VBOXR0DRV_CFLAGS = -fno-PIC \
+ $(VBOX_GCC_WARN) -Wstrict-prototypes $(VBOX_GCC_Wno-pointer-sign) -Wno-sign-compare \
+- $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
++ $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
+ TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -mno-sse -mno-mmx -mno-sse2 -mno-3dnow
+ TEMPLATE_VBOXR0DRV_CFLAGS.x86 = -m32 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow
+ TEMPLATE_VBOXR0DRV_CFLAGS.amd64 = -m64 -mno-sse -mno-mmx -mno-sse2 -mno-3dnow \
+@@ -5210,8 +5211,8 @@
+ TEMPLATE_VBoxNoCrtGccLib_TOOL = $(VBOX_GCC_TOOL)
+ TEMPLATE_VBoxNoCrtGccLib_ASTOOL = $(VBOX_ASTOOL)
+ TEMPLATE_VBoxNoCrtGccLib_ASFLAGS = $(VBOX_ASFLAGS)
+- TEMPLATE_VBoxNoCrtGccLib_CFLAGS += $(VBOX_GCC_fno-stack-protector)
+- TEMPLATE_VBoxNoCrtGccLib_CXXFLAGS += $(VBOX_GCC_fno-stack-protector)
++ TEMPLATE_VBoxNoCrtGccLib_CFLAGS += $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie)
++ TEMPLATE_VBoxNoCrtGccLib_CXXFLAGS += $(VBOX_GCC_fno-stack-protector) $(VBOX_GCC_nopie)
+ ifeq ($(KBUILD_TARGET_ARCH),amd64)
+ # in 64-bit mode we'll build a sys-module (VBoxREM2).
+ if1of ($(KBUILD_TARGET), darwin solaris)
+diff -Naur VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk
+--- VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk 2017-07-26 13:55:27.746972186 -0400
++++ VirtualBox-5.1.24/src/VBox/Devices/PC/ipxe/Makefile.kmk 2017-07-26 13:53:10.641974329 -0400
+@@ -132,6 +132,7 @@
+ -W \
+ -Wformat-nonliteral \
+ $(VBOX_GCC_fno-stack-protector) \
++ $(VBOX_GCC_nopie) \
+ $(VBOX_GCC_fno-dwarf2-cfi-asm) \
+ $(VBOX_GCC_Wno-address)
+ TEMPLATE_iPxe_ASFLAGS = \
+@@ -155,6 +156,7 @@
+ -W \
+ -Wformat-nonliteral \
+ $(VBOX_GCC_fno-stack-protector) \
++ $(VBOX_GCC_nopie) \
+ $(VBOX_GCC_fno-dwarf2-cfi-asm) \
+ $(VBOX_GCC_Wno-address) \
+ -DASSEMBLY
diff --git a/app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch b/app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch
new file mode 100644
index 000000000000..7eb1e1793a7f
--- /dev/null
+++ b/app-emulation/virtualbox/files/virtualbox-5.2.8-paxmark-bldprogs.patch
@@ -0,0 +1,59 @@
+2017-02-20 Quentin Minster <quentin@minster.io>
+
+ #https://bugs.gentoo.org/show_bug.cgi?id=591582
+ * Config.kmk: add paxmark befor VBOX_VBOXTPG get run.
+ * src/VBox/VMM/Makefile.kmk: add paxmark befor VBOX_VBOXCPP get run.
+ * src/VBox/Main/Makefile.kmk: add paxmark befor USBIdDatabaseGenerator_1_TARGET get run.
+
+--- a/Config.kmk
++++ b/Config.kmk 2016-09-21 02:22:28
+@@ -3719,11 +3719,13 @@
+ $(if-expr $(intersects $(KBUILD_TARGET_ARCH),$(KBUILD_ARCHES_64)),-64,-32) \
+ -h --host-$(VBOX_HC_ARCH_BITS)-bit #-vvv
+ define TOOL_VBoxTpG_DTRACE_HDR_CMDS
++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)"
+ $(QUIET)$(VBOX_VBOXTPG) $(flags) -o "$(out)" -s "$(source)"
+ endef
+ TOOL_VBoxTpG_DTRACE_OBJ_NOT_NEEDED :=
+ TOOL_VBoxTpG_DTRACE_OBJ_FLAGS := -G --host-$(VBOX_HC_ARCH_BITS)-bit #-vvv
+ define TOOL_VBoxTpG_DTRACE_OBJ_CMDS
++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)"
+ $(QUIET)$(VBOX_VBOXTPG) \
+ $(if-expr $(intersects $(bld_trg_arch),$(KBUILD_ARCHES_64)),-64,-32) \
+ $(flags) \
+@@ -3738,6 +3740,7 @@
+ TOOL_VBoxTpG-Disabled_DTRACE_DEPORD = $(VBOX_VBOXTPG)
+ TOOL_VBoxTpG-Disabled_DTRACE_HDR_FLAGS := -h
+ define TOOL_VBoxTpG-Disabled_DTRACE_HDR_CMDS
++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)"
+ $(QUIET)$(VBOX_VBOXTPG) $(flags) -o "$(out)" -s "$(source)"
+ endef
+ TOOL_VBoxTpG-Disabled_DTRACE_OBJ_NOT_NEEDED := $(KBUILD_OSES)
+@@ -3752,6 +3755,7 @@
+ TOOL_DTraceAndVBoxTpG_DTRACE_HDR_CMDS =
+ define TOOL_DTraceAndVBoxTpG_DTRACE_HDR_CMDS
+ $(TOOL_StandardDTrace_DTRACE_HDR_CMDS)
++ $(QUIET)paxmark.sh -m "$(VBOX_VBOXTPG)"
+ $(QUIET)$(VBOX_VBOXTPG) --generate-wrapper-header --host-$(VBOX_HC_ARCH_BITS)-bit --ring-3-context \
+ $(filter-out -C, $(filter-out -h,$(flags))) \
+ -o "$(out).tmp" -s "$(source)"
+--- a/src/VBox/VMM/Makefile.kmk 2018-04-10 15:26:24.622867735 +0300
++++ b/src/VBox/VMM/Makefile.kmk 2018-04-10 15:24:35.901998796 +0300
+@@ -896,6 +896,7 @@
+ $$(VMMLibDTrace_0_OUTDIR)/$1: $2 $$(VBOX_VBOXCPP) | $$$$(dir $$$$@)
+ $$(call KB_FN_AUTO_CMD_DEPS_COMMANDS)
+ $$(QUIET)$$(call MSG_GENERATE,VMMLibDTrace,$$@,$2)
++ $$(QUIET)paxmark.sh -m "$(VBOX_VBOXCPP)"
+ $$(QUIET)$(VBOX_VBOXCPP) -d \
+ -D VBOX_FOR_DTRACE_LIB \
+ -D VBOX_FOR_DTRACE_LIB_$(toupper $(KBUILD_TARGET_ARCH)) \
+--- a/src/VBox/Main/Makefile.kmk 2018-04-10 15:26:15.292793067 +0300
++++ b/src/VBox/Main/Makefile.kmk 2018-04-10 15:25:14.042303341 +0300
+@@ -607,6 +607,7 @@
+ $(PATH_SUB_CURRENT)/src-server/usb.ids $(PATH_SUB_CURRENT)/src-server/custom.ids | $$(dir $$@)
+ $(call KB_FN_AUTO_CMD_DEPS_COMMANDS)
+ $(call MSG_GENERATE,USBIdDatabase,$@,$(USBIdDatabaseGenerator_1_TARGET))
++ $(QUIET)paxmark.sh -m "$(USBIdDatabaseGenerator_1_TARGET)"
+ $(QUIET)$(USBIdDatabaseGenerator_1_TARGET) -o "$@" $(filter %.ids,$^)
+
+ BLDPROGS += USBIdDatabaseGenerator
diff --git a/app-emulation/virtualbox/virtualbox-5.2.8.ebuild b/app-emulation/virtualbox/virtualbox-5.2.8.ebuild
index 40b4975b1e8c..54d2ee976690 100644
--- a/app-emulation/virtualbox/virtualbox-5.2.8.ebuild
+++ b/app-emulation/virtualbox/virtualbox-5.2.8.ebuild
@@ -185,12 +185,12 @@ src_prepare() {
# Only add nopie patch when we're on hardened
if gcc-specs-pie ; then
- eapply "${FILESDIR}/050_virtualbox-5.1.24-nopie.patch"
+ eapply "${FILESDIR}/050_virtualbox-5.2.8-nopie.patch"
fi
# Only add paxmark patch when we're on pax_kernel
if use pax_kernel ; then
- eapply "${FILESDIR}"/virtualbox-5.1.4-paxmark-bldprogs.patch
+ eapply "${FILESDIR}"/virtualbox-5.2.8-paxmark-bldprogs.patch
fi
eapply "${WORKDIR}/patches"