Summary: | sys-auth/polkit-0.107-r1 ebuild applies unnecessary PaX markings if spidermonkey[-jit] | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Maxim Kammerer <mk> |
Component: | Hardened | Assignee: | The Gentoo Linux Hardened Team <hardened> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | nikoli, ssuominen |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=423927 https://bugs.gentoo.org/show_bug.cgi?id=485910 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Maxim Kammerer
2012-11-23 15:01:55 UTC
(In reply to comment #0) > The following commit from bug #423927: > > > http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/polkit/ > polkit-0.107-r1.ebuild?r1=1.2&r2=1.3 > > incorrectly simplifies > > if has_version '<dev-lang/spidermonkey-1.8.7'; then > pax-mark mr "${ED}"/usr/lib/polkit-1/polkitd > elif has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then > pax-mark m "${ED}"/usr/lib/polkit-1/polkitd > fi > > to > > if has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then > pax-mark m ${f} > else > pax-mark mr ${f} > fi > > It misses the case >=dev-lang/spidermonkey-1.8.7[-jit], where no PaX marks > should be applied. Where do you see PaX markings getting applied if >=dev-lang/spidermonkey-1.8.7[-jit] in the new code? For 187 it only adds 'm' if USE=jit is enabled. Read the code again and notice the <>= signs too correctly ah sorry, fixed now in 0.109 |