hardened fixes by Zorry from bug 495146 with trivial backport and extensive testing done by myself

Package-Manager: portage-2.2.7/cvs/Linux x86_64
Manifest-Sign-Key: 0xDD11F94A

6 files changed, 76 insertions, 21 deletions

diff --git a/sys-boot/syslinux/ChangeLog b/sys-boot/syslinux/ChangeLog
index 800db202453e..28217e4825af 100644
--- a/sys-boot/syslinux/ChangeLog
+++ b/sys-boot/syslinux/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-boot/syslinux
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/ChangeLog,v 1.107 2014/02/09 03:59:19 zerochaos Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/ChangeLog,v 1.108 2014/02/09 18:04:43 zerochaos Exp $
+
+  09 Feb 2014; Rick Farina <zerochaos@gentoo.org>
+  +files/syslinux-6.02-add-fno-stack-protector.patch,
+  +files/syslinux-6.03_pre1-add-fno-stack-protector.patch, syslinux-6.02.ebuild,
+  syslinux-6.03_pre1.ebuild:
+  hardened fixes by Zorry from bug 495146 with trivial backport and extensive
+  testing done by myself
 
 *syslinux-6.02 (09 Feb 2014)
 
diff --git a/sys-boot/syslinux/Manifest b/sys-boot/syslinux/Manifest
index 5611ec8ee9ff..ef8886a98a19 100644
--- a/sys-boot/syslinux/Manifest
+++ b/sys-boot/syslinux/Manifest
@@ -3,6 +3,8 @@ Hash: SHA512
 
 AUX syslinux-3.86-nopie.patch 551 SHA256 90c3173728f6b3efef6fe9865d64bd571a7638537f51fae0cda14df5c7d9a39b SHA512 340a458817f45ac6a81721745e470c30e2ac02aa10ed174e77ea224fba4f1919cb9faf9c5fac2233d5b081a43339bb3dc0c35420afb3a9c134c754835ff89582 WHIRLPOOL 519fa43a58777eeeff47b29f600f8e5a7e0c9bf5c2eb7096bde61b04fa988a107ba4b76804f7473049f7a6ee0775206db3557adfee83f4a12d1916e65cc732ca
 AUX syslinux-4.05-nopie.patch 519 SHA256 2780aa55dec67a2375e28579392ed9658c4d47d0c47e4c43c22371dc926c47fc SHA512 75160574c024bd841cd5e098d81f89c8532153cfd98beb17ca1549e0bdd7106d6494e8436e56560d3e501318fd8109b5f5765d244dcdfcbfc5306d35f9cbb4a8 WHIRLPOOL 9f696e2836cf8cff2dca2c879db4262b52701cb410117ab28fa53c0fbc56fcca67d9cb3f64fafecc446dcb131179cdc12d53910dab2e528bcab74e05f6232747
+AUX syslinux-6.02-add-fno-stack-protector.patch 837 SHA256 a98edce40c6d068177ae442362dc8a0ff718876be782f6167d0445a00c994ace SHA512 94d288eed1a6f3ad713fb1c990f5dccbf2f481bc114779ec4a7197698d684b4d6f034ff19bda2930e31c342e64b7ed6cddaaa31fb00587b0bfdd16af6d0b7651 WHIRLPOOL afdeb07651dba6a61e0eba382535ec420e8dc7e212598ca5f09958cafb4a6dcd2fc65b8190fe6e6120495e355aef4dfc648bfc74fd5674ac86608695198d91f7
+AUX syslinux-6.03_pre1-add-fno-stack-protector.patch 923 SHA256 c5d2b153d372e93b1526e51f7683b86c90fd8fe21a8f70aa36f585354d2debba SHA512 184de1162c04f1af8a5b0c083c7ac011f426754109beb539ea29a7e866b358852bd0660edb77c967fe54c3d66fbee556b4171871013d614b5179c3ccb1818801 WHIRLPOOL d860ecc7cd2800403afe0c5fc06fddec24992021d877a9f20739d7df95fa3540f79ba30c2fc6e8a42cc220bb403a87561e5d5db469a9e96675931067ea46d6df
 DIST syslinux-3.86.tar.bz2 3735823 SHA256 82a8d2a242f869cb4c34b3a074871f472762343e1879a4dca23d7ce5c4dcd06d SHA512 6231f233e5f5ac26aa7e4bfd2704e2a4081350a3f3f21b5ec88a13cf992528c2796dbdfdf6cc2cc7a9543828650ae46de3685e5e55fac3a6ad520430220d1073 WHIRLPOOL 985efd16587ac3f00dc1b75563dc12e5abfeb14b42b64accdadda087f6c9a61c8f5cc149a2b9ce8dd1368d1083720340c20240a4b7d7ea3bf51ff65512d1bd3e
 DIST syslinux-4.07.tar.bz2 5761877 SHA256 1240a4e4219b518bdaef78931b6e901befeff35e6894ac6db785115848a7a05a SHA512 8efbd14803ec74c5ee699a754b4727e4b975c08afd4dbb39f4b7ccdb90743e4459cd4609c6f1065c7b7efaa26c9d465806254891795d363758f35a2fe5704ae5 WHIRLPOOL b68966ed87055a157812f36f2881b4a86797eacef1894b70c1a063327547264daa4b4ca1ea52ccb286ab86332c2163e57004d3503215497278e073b48583a9dc
 DIST syslinux-5.10.tar.xz 5315660 SHA256 4b52d7647d5584c69764c06a836e0d524e5246bf2e94f68cf86342c415508422 SHA512 56422e14b4aa53ca1a5811da0582dbbb349aa52b9e78868bbedc24c67ef2420c4d0ac63fd68c7f0adc2c22606196276265d503b5b6f9d3d796d9ce42845bbdb5 WHIRLPOOL 77d73bdc1cd75a3ad9f58de8a9fa31a1c4247d579ac8c849e8d0dacc7cd1b9e02b2cf0737f1be1c2bc2e974f4ded3955857588a8a07d6cf35997c57f47d9b583
@@ -11,24 +13,24 @@ DIST syslinux-6.03-pre1.tar.xz 6539088 SHA256 e98a700b5765eaed71f5ffb739446e20e1
 EBUILD syslinux-3.86.ebuild 1574 SHA256 53d6aeb61564fb9c8418dd247459bcfc88ae392874d9d19d1eff01ced5ff61eb SHA512 dad2940f6e24cba99eb8a096185599c1d2d8eee5f141af5a8c8f02a43312fe1e76348f028806914714132affb0a94c9280dbdc4eef23fcbf0c8902457e7954d6 WHIRLPOOL ccf67c626a11b7b6b2e63c9c860d4f0a195f119391e089bb4aec5f57df080ce20d26e65d5ecae32992744c3620e8bb7ae8c707d93dcbde9afdba122d3081ddde
 EBUILD syslinux-4.07.ebuild 1866 SHA256 7cde0832664d54e18c83dabf59ee7053da9393233d4ae3d15d73da52ca5a16f9 SHA512 173de77b4946686a1b4dec04137a792b3cd6ee58e758323e3ed0dbd56fa9bbd98fed28bce7f88b595f68198e435908cdc0a8d63705c152c3571c9c490b09ace7 WHIRLPOOL 2308256f7f8d3b60415451593b9135fbc67f7f26758ff4e01dda6774d42d512b4908adc9b8c982a1bfd28185c173840fdc143fe0c32b7dc56069879f62402aa3
 EBUILD syslinux-5.10.ebuild 2329 SHA256 81344e6252aea87447aeb83c61eb2c65538fe4adcf6c1c7b9a957d169cfb4c68 SHA512 7673d4bb367851e1a382b7331b78d4086f74b69e652487c8028b11c85bf1c0ebad0161b1b69a7ce001c85c7f9a57583b113e661766b29561accf1d6789a91411 WHIRLPOOL c9a93880c91f026622c4d5acf0741dad9302a59bf9a7e6609854692117ff5e9d0bc7ff4a8ffabb95b1760f3f6bb4668590656caeff2230b6eab3d36a30a28201
-EBUILD syslinux-6.02.ebuild 2712 SHA256 3d51d31a250b5684dc07d46bfdd70943191a12d92688990052bdb51afb8566a8 SHA512 d2e1f45291b51fedabe8adaf4c08ecfcbeaffaf7f22c293da06efc4b5658e03f3a9135cdbf633b6e8820f448a80d4fd281278d104583ba752079e62e03c81900 WHIRLPOOL 7d343c9c0bed9cd65ed099482a0115b5d1d300531bc1d6cc48510a0bf805a21739a1b8467a746dc8193b08478231217fcde7ba99834e08b7cfc4472f150f2730
-EBUILD syslinux-6.03_pre1.ebuild 2734 SHA256 631d6fcbbc6a856b39839e56f5b6be2d0be275ea799dc6b9bb43dda0f8ce9ccf SHA512 668fa9454f9c8c568f1cd1718bef1fb1d90ad0e7a4540d4a2c59021c6e5b2bb95371fe2bd57222489a902f15781c56430c990ccc8228498bfe78abe6abcf096d WHIRLPOOL c21e21c0873c2b68e733e530c9c33afeca44aec9e117fc260862ae29f5516c1129e3f2668f2a9564f8287b06b3813c06b2d36726e9d9a5a8ad6018afdc805af1
-MISC ChangeLog 19046 SHA256 f16f8c4a8c86f6eaea50f0e39e1f5c2598af63f18ddd964fc3ea345cb754cb3a SHA512 482143de4506861e905595fb571503ff6c88a74a967a53fcad8109db9243c26493265dc69e341cb956bc5423ea2395024134aeb14b6a0b598208eb5c6e7dd7ef WHIRLPOOL b3c380ef289cb77752cc5abaf808a59bf83afa5f792e3af12cbe2f9872688ec1c328cc0d9224eb80dcdae481c641a880e8c7bb37c3af2a667270d7d477c756a9
+EBUILD syslinux-6.02.ebuild 2769 SHA256 70255e933d564cc0832284c38a3e0b6111c7a7b29fa5ca3416b27a7aefad2bf4 SHA512 bdd65339e5260d781e0a12f634b182c0fa8a86d387f7582ffd527e3d55924cd4a3d81d7357477887f6a0fc4c1c3687881b93de747dbcbae6f30f10062237e91e WHIRLPOOL b377269508844fdb1559acd7befe3f6112e73d65a9b3e9128f95b9fe402cb5fe1a75e7df77390c99a57e2ef65049cfea4cfb1f53ffec29d95a16143c7ac23953
+EBUILD syslinux-6.03_pre1.ebuild 2792 SHA256 cdb1bde2a0d0e38ebf9eb760df62afde0065ddd558a6e331991b34f2b0ff6355 SHA512 d8f6eb60cd905aa538668414c39c27273c9dbb1a46c5f8f42ab3221d07dae156b7f86f0541f834a3675733ac837e290730a011d4f7bfbb4496b985b306ab353d WHIRLPOOL 144a2760f693a96b1ee895e2d9ae09c752a431a05330bc71b843fff084bcb0815751046be0faa10ae1e8d67b2b8d83cafb84cffa70becf6c4b1e320656e99d30
+MISC ChangeLog 19364 SHA256 0807fcf03f1f0ede80b1e318fc1589ba86671aa81e1eb9f5c7473c0a21251753 SHA512 e7da812cd1aca6a16e2284f3eb95958e2994ed5c7d05956bc2e423dd3b6a4cc0c783040001df72287d7f29b04450dbfbb3b4c234d65ee554cc634aad816812a1 WHIRLPOOL 4a0cea42222a12efe712aeca7a1d4b4df1c058a4aaed5fef18b8cea3608d027d41a3d60f5662f31021ed1abbdecdee39891c377bec4788abe21826a79a6fa8a7
 MISC metadata.xml 273 SHA256 ea16e9afcad5ef9e9b29e6959a4632309279e4e0de69c29b40279226c3917b80 SHA512 2176e73df20869d44d0d5dc739d9af2c123ec5e78485f88e6a750a0381885f1b030f41f19e24a9aa6d451a35835fb7beb9b8a862d9be12a3de0a40d7bfcfd370 WHIRLPOOL ff94d5d03cfd6e0e7cc2c6a05e623d4f9c34701a439ab6b056602e4f57d8196d799c62dfac6812de9f59bd485dceed3e65ec1b0a7bcf73350e065bd8fb34e618
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCgAGBQJS9v1xAAoJEKXdFCfdEflKBpUP/1YUiTWzesCl2xp2aJxCUA50
-3bHEfnQuxCNaFuJWIcnB6a8PJR/mg5eKHZvuDmvgAAraW42uNG13RCAO6w2ASY8J
-49wMtKY0TOHdaKxVacxmxx9ZdMmiF5COjN6G6/CUVx1wAxpSntZOY26wy6HYTTBh
-q8CDbBL/3x2hIm+qn+8ndctsEWVlThR4IGERQm0jhuCXkLBv7yYCAL2oPKPZc3sS
-U5fdt4WObF1UczSKiT3CHx0EFOhpG7BIx+OYp/4XA+WSqUDVBEp7LJQHB61ViWnN
-/f9UimrWqsvBMsIf4hMmi0X8XXLvkU1iCvJoi9ET5Yrof+oEn4/0ph09lgZTGILG
-fTdCrgw8VyJzK2f1ETyw1axspJHqADh9U78uRjv8xR5QJXhm7kmTtLFV+XKkzMKZ
-luQeBXWD41H5Cwi8AnGte/hnJeK5bdAF8dzU9FiRvuFzb7EMY0BHfIq0i7CjqfEr
-VMHbfd9eCGi+fd+tir8xD0stXplzITmOV38ebYUl3OLkyFQJb+H+vYv0j6Go6qjb
-C3m2wWan0i6/PskwpnPQPow7UpLdRvIqBnB84TG+QVi4Dh5Zn8fWdXKyiTyAUXO/
-cZP0zdA+gwzJVzCiV4PFI3/tdOD6yS0l16M8p4NTctgK4xNiMXra6RyuVTmeGfBk
-5X8S0MHfMMZsSYkWPpBB
-=DJ+s
+iQIcBAEBCgAGBQJS98OWAAoJEKXdFCfdEflK/MkQAJQ8T2Ipn06FwGcrx3WVFum9
+b0gaWLeYw9qTVcNwrNptlYUj60d2mgkkfpILDpO44vv7Ix7Ml5fvcxglIUeYog4T
++iNc2b9X/9/OgyOjANw7rGSRqfDD3Noepo7qxY0CKzK4QqyBgnXj+uWphyfSKSNA
+s5dQeGtgLEmkAwf+r9OXjjnyZt7lRQsVAfh/k/QgtR3aYyV9ZXiWObXQPfXzoyGh
+F6o4bU1+vQU7nz19Ma+DI3LCr38GbV5N4j0vPbOvQ4t19bWQghk/7yjB7Pk9ykLj
+na7Rf4uCSRRWe7T2G8tUsmA4Q1APlfZAjt/Z5brivjosBWVwi7uzylbsmWRCYjfa
+aRe0+rd/rZSU01F5Jl+sAMu/o6csq92TBOB1i3rtjCCkn6i9A6Ap25P6DduHluWu
+1Kf6NRUDy15ZFXxJ2cyJ78fEkZnjwzdzQivAFQzATS1Kmz7NwljBrKbAG0rTgmHB
+W9dOsqwBydoj1FDrfA3puAim4m/4QifM4mkV0UFc+oDynLTMjliaHwoWk8bIM5Ev
+1nzKFj/BiKK8l2AqP75r/cj5Lb84l0a3MOXw8+uRLws0sS1Y6TKxmj2hruzI4aRs
+UzA0RGiTgZWHK4Acd/G9jgj3CAQC//sH76WBJDRX6BIWHpZK+sw6q7ZR7Q+h/O62
+iYvEgB+nDkaeEh6yz4wf
+=TNtM
 -----END PGP SIGNATURE-----
diff --git a/sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch b/sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch
new file mode 100644
index 000000000000..b3537678c5d7
--- /dev/null
+++ b/sys-boot/syslinux/files/syslinux-6.02-add-fno-stack-protector.patch
@@ -0,0 +1,20 @@
+diff -Naur syslinux-6.02/mk/efi.mk syslinux-6.02-hardened/mk/efi.mk
+--- syslinux-6.02/mk/efi.mk	2013-10-13 13:59:03.000000000 -0400
++++ syslinux-6.02-hardened/mk/efi.mk	2014-02-09 12:56:47.036409135 -0500
+@@ -23,6 +23,7 @@
+ 	EFI_SUBARCH = $(ARCH)
+ endif
+ 
++GCCOPT := $(call gcc_ok,-fno-stack-protector,)
+ EFIINC = $(shell $(topdir)/efi//find-gnu-efi.sh include $(EFI_SUBARCH))
+ $(if $(EFIINC),, \
+ 	$(error Missing $(EFI_SUBARCH) gnu-efi header files))
+@@ -42,7 +43,7 @@
+ 		-DELF_DEBUG -DSYSLINUX_EFI -I$(objdir) \
+ 		$(GCCWARN) -D__COM32__ -mno-red-zone \
+ 		-DLDLINUX=\"$(LDLINUX)\" -fvisibility=hidden \
+-		-Wno-unused-parameter
++		-Wno-unused-parameter $(GCCOPT)
+ 
+ # gnuefi sometimes installs these under a gnuefi/ directory, and sometimes not
+ CRT0 := $(shell find $(LIBDIR) -name crt0-efi-$(EFI_SUBARCH).o 2>/dev/null | tail -n1)
diff --git a/sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch b/sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch
new file mode 100644
index 000000000000..a44acac80aa5
--- /dev/null
+++ b/sys-boot/syslinux/files/syslinux-6.03_pre1-add-fno-stack-protector.patch
@@ -0,0 +1,24 @@
+2014-01-04  Magnus Granberg  <zorry@gentoo.org>
+
+	# 495146
+	* mk/efi.mk: Add -fno-stack-protector
+
+--- a/mk/efi.mk	2013-12-11 11:03:38.000000000 +0100
++++ b/efi.mk	2014-01-04 13:50:11.474255644 +0100
+@@ -7,6 +7,7 @@ core = $(topdir)/core
+ # Set up architecture specifics; for cross compilation, set ARCH as apt
+ # gnuefi sets up architecture specifics in ia32 or x86_64 sub directories
+ # set up the LIBDIR and EFIINC for building for the appropriate architecture
++GCCOPT := $(call gcc_ok,-fno-stack-protector,)
+ EFIINC = $(objdir)/include/efi
+ LIBDIR  = $(objdir)/lib
+ 
+@@ -38,7 +39,7 @@ CFLAGS = -I$(EFIINC) -I$(EFIINC)/$(EFI_S
+ 		-DELF_DEBUG -DSYSLINUX_EFI -I$(objdir) \
+ 		$(GCCWARN) -D__COM32__ -mno-red-zone \
+ 		-DLDLINUX=\"$(LDLINUX)\" -fvisibility=hidden \
+-		-Wno-unused-parameter
++		-Wno-unused-parameter $(GCCOPT)
+ 
+ CRT0 := $(LIBDIR)/crt0-efi-$(EFI_SUBARCH).o
+ LDSCRIPT := $(LIBDIR)/elf_$(EFI_SUBARCH)_efi.lds
diff --git a/sys-boot/syslinux/syslinux-6.02.ebuild b/sys-boot/syslinux/syslinux-6.02.ebuild
index 547352170c3c..d60b8a08cc92 100644
--- a/sys-boot/syslinux/syslinux-6.02.ebuild
+++ b/sys-boot/syslinux/syslinux-6.02.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.02.ebuild,v 1.1 2014/02/09 03:59:19 zerochaos Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.02.ebuild,v 1.2 2014/02/09 18:04:43 zerochaos Exp $
 
 EAPI=5
 
@@ -35,6 +35,7 @@ QA_PREBUILT="usr/share/${PN}/*.c32"
 # removed all the unpack/patching stuff since we aren't rebuilding the core stuff anymore
 
 src_prepare() {
+	epatch "${FILESDIR}"/${P}-add-fno-stack-protector.patch
 	rm -f gethostip #bug 137081
 
 	# Don't prestrip or override user LDFLAGS, bug #305783
diff --git a/sys-boot/syslinux/syslinux-6.03_pre1.ebuild b/sys-boot/syslinux/syslinux-6.03_pre1.ebuild
index 19ee0f8d7e76..b628fd9c1f22 100644
--- a/sys-boot/syslinux/syslinux-6.03_pre1.ebuild
+++ b/sys-boot/syslinux/syslinux-6.03_pre1.ebuild
@@ -1,8 +1,8 @@
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.03_pre1.ebuild,v 1.1 2013/12/11 13:17:57 chithanh Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-boot/syslinux/syslinux-6.03_pre1.ebuild,v 1.2 2014/02/09 18:04:43 zerochaos Exp $
 
-EAPI=4
+EAPI=5
 
 inherit eutils toolchain-funcs
 
@@ -35,6 +35,7 @@ QA_PREBUILT="usr/share/${PN}/*.c32"
 # removed all the unpack/patching stuff since we aren't rebuilding the core stuff anymore
 
 src_prepare() {
+	epatch "${FILESDIR}"/${P}-add-fno-stack-protector.patch
 	rm -f gethostip #bug 137081
 
 	# Don't prestrip or override user LDFLAGS, bug #305783