The following commit from bug #423927: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/polkit/polkit-0.107-r1.ebuild?r1=1.2&r2=1.3 incorrectly simplifies if has_version '<dev-lang/spidermonkey-1.8.7'; then pax-mark mr "${ED}"/usr/lib/polkit-1/polkitd elif has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then pax-mark m "${ED}"/usr/lib/polkit-1/polkitd fi to if has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then pax-mark m ${f} else pax-mark mr ${f} fi It misses the case >=dev-lang/spidermonkey-1.8.7[-jit], where no PaX marks should be applied. By the way, is disabling RANDMMAP for <dev-lang/spidermonkey-1.8.7 really necessary? spidermonkey only disables MPROTECT for /usr/bin/js (although js doesn't use libmozjs -- see bug #437520).
(In reply to comment #0) > The following commit from bug #423927: > > > http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/sys-auth/polkit/ > polkit-0.107-r1.ebuild?r1=1.2&r2=1.3 > > incorrectly simplifies > > if has_version '<dev-lang/spidermonkey-1.8.7'; then > pax-mark mr "${ED}"/usr/lib/polkit-1/polkitd > elif has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then > pax-mark m "${ED}"/usr/lib/polkit-1/polkitd > fi > > to > > if has_version '>=dev-lang/spidermonkey-1.8.7[jit]'; then > pax-mark m ${f} > else > pax-mark mr ${f} > fi > > It misses the case >=dev-lang/spidermonkey-1.8.7[-jit], where no PaX marks > should be applied. Where do you see PaX markings getting applied if >=dev-lang/spidermonkey-1.8.7[-jit] in the new code? For 187 it only adds 'm' if USE=jit is enabled. Read the code again and notice the <>= signs too correctly
ah sorry, fixed now in 0.109