diff options
Diffstat (limited to 'net-libs')
-rw-r--r-- | net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch | 111 | ||||
-rw-r--r-- | net-libs/nodejs/nodejs-13.8.0.ebuild | 2 |
2 files changed, 112 insertions, 1 deletions
diff --git a/net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch b/net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch new file mode 100644 index 000000000000..0fb33cbee49e --- /dev/null +++ b/net-libs/nodejs/files/nodejs-13.8.0-paxmarking.patch @@ -0,0 +1,111 @@ + Bug: 694100 + Add actions for pax marking mkcodecache, node_mksnapshot and mksnapshot + to disable mprotect for pax enable kernel. + Reported-by: Attila Tóth <atoth@atoth.sote.hu> + Co-developed-by: Attila Tóth <atoth@atoth.sote.hu> + Signed-off-by: Magnus Granberg <zorry@gentoo.org> + +--- a/node.gyp 2019-10-23 11:52:41.000000000 +0200 ++++ b/node.gyp 2019-11-12 20:58:43.957881862 +0100 +@@ -233,7 +233,9 @@ + 'deps/acorn-plugins/acorn-static-class-features/index.js', + ], + 'node_mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot<(EXECUTABLE_SUFFIX)', ++ 'node_mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)node_mksnapshot_u<(EXECUTABLE_SUFFIX)', + 'mkcodecache_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache<(EXECUTABLE_SUFFIX)', ++ 'mkcodecache_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mkcodecache_u<(EXECUTABLE_SUFFIX)', + 'conditions': [ + [ 'node_shared=="true"', { + 'node_target_type%': 'shared_library', +@@ -436,10 +438,24 @@ + ], + 'actions': [ + { ++ 'action_name': 'run_pax_mkcodecache', ++ 'inputs': [ ++ '<(mkcodecache_exec)', ++ ], ++ 'outputs': [ ++ '<(mkcodecache_u_exec)', ++ ], ++ 'action': [ ++ 'bash', ++ '-c', ++ 'mv <(mkcodecache_exec) <(mkcodecache_u_exec) && paxmark.sh m <(mkcodecache_u_exec)', ++ ], ++ }, ++ { + 'action_name': 'run_mkcodecache', + 'process_outputs_as_sources': 1, + 'inputs': [ +- '<(mkcodecache_exec)', ++ '<(mkcodecache_u_exec)', + ], + 'outputs': [ + '<(SHARED_INTERMEDIATE_DIR)/node_code_cache.cc', +@@ -461,10 +477,24 @@ + ], + 'actions': [ + { ++ 'action_name': 'run_pax_mksnapshot', ++ 'inputs': [ ++ '<(node_mksnapshot_exec)', ++ ], ++ 'outputs': [ ++ '<(node_mksnapshot_u_exec)', ++ ], ++ 'action': [ ++ 'bash', ++ '-c', ++ 'mv <(node_mksnapshot_exec) <(node_mksnapshot_u_exec) && paxmark.sh m <(node_mksnapshot_u_exec)', ++ ], ++ }, ++ { + 'action_name': 'node_mksnapshot', + 'process_outputs_as_sources': 1, + 'inputs': [ +- '<(node_mksnapshot_exec)', ++ '<(node_mksnapshot_u_exec)', + ], + 'outputs': [ + '<(SHARED_INTERMEDIATE_DIR)/node_snapshot.cc', +--- a/tools/v8_gypfiles/v8.gyp 2019-12-03 16:10:36.000000000 +0100 ++++ b/tools/v8_gypfiles/v8.gyp 2019-12-17 18:37:33.695839254 +0100 +@@ -9,6 +9,7 @@ + 'v8_vector_stores%': 0, + 'v8_embed_script%': "", + 'mksnapshot_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot<(EXECUTABLE_SUFFIX)', ++ 'mksnapshot_u_exec': '<(PRODUCT_DIR)/<(EXECUTABLE_PREFIX)mksnapshot_u<(EXECUTABLE_SUFFIX)', + 'v8_os_page_size%': 0, + 'generate_bytecode_output_root': '<(SHARED_INTERMEDIATE_DIR)/generate-bytecode-output-root', + 'generate_bytecode_builtins_list_output': '<(generate_bytecode_output_root)/builtins-generated/bytecodes-builtins-list.h', +@@ -427,6 +425,20 @@ + }, + 'actions': [ + { ++ 'action_name': 'run_pax_mksnapshot', ++ 'inputs': [ ++ '<(mksnapshot_exec)', ++ ], ++ 'outputs': [ ++ '<(mksnapshot_u_exec)', ++ ], ++ 'action': [ ++ 'bash', ++ '-c', ++ 'mv <(mksnapshot_exec) <(mksnapshot_u_exec) && paxmark.mksnapshot_u_exec)', ++ ], ++ }, ++ { + 'action_name': 'run_mksnapshot', + 'message': 'generating: >@(_outputs)', + 'variables': { +@@ -442,7 +454,7 @@ + ], + }, + 'inputs': [ +- '<(mksnapshot_exec)', ++ '<(mksnapshot_u_exec)', + ], + 'outputs': ["<(INTERMEDIATE_DIR)/snapshot.cc"], + 'process_outputs_as_sources': 1, diff --git a/net-libs/nodejs/nodejs-13.8.0.ebuild b/net-libs/nodejs/nodejs-13.8.0.ebuild index 4912e94e0c68..157d3993d84d 100644 --- a/net-libs/nodejs/nodejs-13.8.0.ebuild +++ b/net-libs/nodejs/nodejs-13.8.0.ebuild @@ -88,7 +88,7 @@ src_prepare() { fi # We need to disable mprotect on two files when it builds Bug 694100. - use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.2.0-paxmarking.patch ) + use pax_kernel && PATCHES+=( "${FILESDIR}"/${PN}-13.8.0-paxmarking.patch ) default } |