Batch of updates to hardened profiles - FLAGS, package.mask organizing, etc.

9 files changed, 55 insertions, 51 deletions

diff --git a/profiles/hardened/amd64/make.defaults b/profiles/hardened/amd64/make.defaults
index 6bd031d0a657..c5437778d30c 100644
--- a/profiles/hardened/amd64/make.defaults
+++ b/profiles/hardened/amd64/make.defaults
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/amd64/make.defaults,v 1.17 2008/10/22 14:49:32 remi Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/amd64/make.defaults,v 1.18 2009/07/09 00:47:43 gengor Exp $
 
 ARCH="amd64"
 ACCEPT_KEYWORDS="${ARCH}"
@@ -11,7 +11,7 @@ ABI="amd64"
 
 # amd64
 CHOST="x86_64-pc-linux-gnu"
-CFLAGS="-mtune=k8 -O2 -pipe -fforce-addr"
+CFLAGS="-O2 -pipe"
 CXXFLAGS="${CFLAGS}"
 
 CFLAGS_amd64=""
diff --git a/profiles/hardened/ia64/make.defaults b/profiles/hardened/ia64/make.defaults
index 1a05799f00da..4e0a303a6125 100644
--- a/profiles/hardened/ia64/make.defaults
+++ b/profiles/hardened/ia64/make.defaults
@@ -1,12 +1,12 @@
 # Copyright 1999-2007 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/ia64/make.defaults,v 1.4 2009/03/27 22:33:47 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/ia64/make.defaults,v 1.5 2009/07/09 00:47:44 gengor Exp $
 
 ARCH="ia64"
 ACCEPT_KEYWORDS="ia64"
 
 CHOST="ia64-unknown-linux-gnu"
-CFLAGS="-O2 -pipe -fforce-addr"
+CFLAGS="-O2 -pipe"
 CXXFLAGS="${CFLAGS}"
 
 FEATURES="sandbox sfperms"
diff --git a/profiles/hardened/linux/amd64/make.defaults b/profiles/hardened/linux/amd64/make.defaults
index 7ca23249aacf..51e59c6cdc11 100644
--- a/profiles/hardened/linux/amd64/make.defaults
+++ b/profiles/hardened/linux/amd64/make.defaults
@@ -1,8 +1,8 @@
 # Copyright 1999-2008 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/amd64/make.defaults,v 1.1 2008/04/01 17:41:11 wolf31o2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/amd64/make.defaults,v 1.2 2009/07/09 00:47:47 gengor Exp $
 
 USE="justify"
 
-CFLAGS="-mtune=k8 -O2 -pipe -fforce-addr"
+CFLAGS="-O2 -pipe"
 CXXFLAGS="${CFLAGS}"
diff --git a/profiles/hardened/linux/package.mask b/profiles/hardened/linux/package.mask
index 35ac6214ba8e..fbcc08bacb31 100644
--- a/profiles/hardened/linux/package.mask
+++ b/profiles/hardened/linux/package.mask
@@ -1,21 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/package.mask,v 1.18 2009/07/08 11:34:02 yngwin Exp $
-
-# Requires glibc-2.10
-=x11-libs/fltk-1.1.9-r1
-=x11-libs/fltk-2.0_pre6786-r1
-
-# Requires gcc-4*, unmask when stable. Bug #217927.
-media-libs/libopenraw
-media-gfx/raw-thumbnailer
-media-gfx/gnome-raw-thumbnailer
-
-# >=acml-3.6 depends on gcc-4*.
->=sci-libs/acml-3.6
-
-# net-im/skype requires gcc-4* runtime.
-net-im/skype
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/package.mask,v 1.19 2009/07/09 00:47:45 gengor Exp $
 
 # Hardened versions of gcc-4.0* through gcc-4.2* are not available.
 =sys-devel/gcc-4.0*
@@ -29,8 +14,17 @@ net-im/skype
 # No hardened >=sys-devel/gcc-4.4 available.
 >=sys-devel/gcc-4.4
 
-# Patch fails, mask for now. Bug #270274.
->=sys-libs/glibc-2.10
+# Requires gcc-4*, unmask when stable. Bug #217927.
+media-libs/libopenraw
+media-gfx/raw-thumbnailer
+media-gfx/gnome-raw-thumbnailer
+
+# net-im/skype requires gcc-4* runtime.
+net-im/skype
+
+# >=sci-libs/acml-3.6 requires gcc-4*.
+>=sci-libs/acml-3.6
+
 
 # Mask off glibc-2.4 until the approach for SSP compatibilty is
 # resolved in a way that doesn't break running systems, and we
@@ -39,6 +33,14 @@ net-im/skype
 # 2006-03-13 kevquinn
 =sys-libs/glibc-2.4*
 
+# Patch fails, mask for now. Bug #270274.
+>=sys-libs/glibc-2.10
+
+# Requires >=sys-libs/glibc-2.10
+=x11-libs/fltk-1.1.9-r1
+=x11-libs/fltk-2.0_pre6786-r1
+
+
 # These packages do more harm than good w/ hardened.
 # Users must now the opensource xorg nv driver with nvidia cards
 # by placing Driver "nv" in xorg.conf.
diff --git a/profiles/hardened/linux/x86/make.defaults b/profiles/hardened/linux/x86/make.defaults
index c114e55c4ec5..e04b217fb78a 100644
--- a/profiles/hardened/linux/x86/make.defaults
+++ b/profiles/hardened/linux/x86/make.defaults
@@ -1,12 +1,12 @@
 # Copyright 1999-2006 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/make.defaults,v 1.3 2008/10/22 14:49:33 remi Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/make.defaults,v 1.4 2009/07/09 00:47:48 gengor Exp $
 
 ARCH="x86"
 ACCEPT_KEYWORDS="x86"
 
-CHOST="i486-pc-linux-gnu"
-CFLAGS="-O2 -mcpu=i486 -pipe -fforce-addr"
+CHOST="i686-pc-linux-gnu"
+CFLAGS="-march=i686 -O2 -pipe"
 CXXFLAGS="${CFLAGS}"
 
 USE="berkdb crypt hardened nptl nptlonly pam pic readline ssl tcpd zlib"
diff --git a/profiles/hardened/linux/x86/minimal/make.defaults b/profiles/hardened/linux/x86/minimal/make.defaults
index 7231ba0b372c..041631692101 100644
--- a/profiles/hardened/linux/x86/minimal/make.defaults
+++ b/profiles/hardened/linux/x86/minimal/make.defaults
@@ -1,6 +1,6 @@
 # Copyright 2007 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/minimal/make.defaults,v 1.1 2008/04/01 17:41:34 wolf31o2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/linux/x86/minimal/make.defaults,v 1.2 2009/07/09 00:47:49 gengor Exp $
 
 # - TESTING PROFILE - TESTING PROFILE - 
 #  ------ USE AT YOUR OWN RISK ------
@@ -9,7 +9,7 @@ USE="-* crypt hardened minimal multicall ncurses pic readline zlib"
 PORTDIR=/usr/portage
 PKGDIR=${PORTDIR}/packages/${ARCH}/
 
-CFLAGS="-Os -pipe"
+CFLAGS="-march=i686 -Os -pipe"
 CXXFLAGS="${CFLAGS}"
 FEATURES="nodoc noinfo noman"
 
diff --git a/profiles/hardened/package.mask b/profiles/hardened/package.mask
index a824ce09f533..89ce2c3f3e00 100644
--- a/profiles/hardened/package.mask
+++ b/profiles/hardened/package.mask
@@ -1,21 +1,6 @@
 # Copyright 1999-2009 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/package.mask,v 1.59 2009/07/08 11:08:47 yngwin Exp $
-
-# Requires glibc-2.10
-=x11-libs/fltk-1.1.9-r1
-=x11-libs/fltk-2.0_pre6786-r1
-
-# Requires gcc-4*, unmask when stable. Bug #217927.
-media-libs/libopenraw
-media-gfx/raw-thumbnailer
-media-gfx/gnome-raw-thumbnailer
-
-# >=acml-3.6 depends on gcc-4*.
->=sci-libs/acml-3.6
-
-# net-im/skype requires gcc-4* runtime.
-net-im/skype
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/package.mask,v 1.60 2009/07/09 00:47:41 gengor Exp $
 
 # Hardened versions of gcc-4.0* through gcc-4.2* are not available.
 =sys-devel/gcc-4.0*
@@ -29,8 +14,17 @@ net-im/skype
 # No hardened >=sys-devel/gcc-4.4 available.
 >=sys-devel/gcc-4.4
 
-# Patch fails, mask for now. Bug #270274.
->=sys-libs/glibc-2.10
+# Requires gcc-4*, unmask when stable. Bug #217927.
+media-libs/libopenraw
+media-gfx/raw-thumbnailer
+media-gfx/gnome-raw-thumbnailer
+
+# net-im/skype requires gcc-4* runtime.
+net-im/skype
+
+# >=sci-libs/acml-3.6 requires gcc-4*.
+>=sci-libs/acml-3.6
+
 
 # Mask off glibc-2.4 until the approach for SSP compatibilty is
 # resolved in a way that doesn't break running systems, and we
@@ -39,6 +33,14 @@ net-im/skype
 # 2006-03-13 kevquinn
 =sys-libs/glibc-2.4*
 
+# Patch fails, mask for now. Bug #270274.
+>=sys-libs/glibc-2.10
+
+# Requires >=sys-libs/glibc-2.10
+=x11-libs/fltk-1.1.9-r1
+=x11-libs/fltk-2.0_pre6786-r1
+
+
 # These packages do more harm than good w/ hardened.
 # Users must now the opensource xorg nv driver with nvidia cards
 # by placing Driver "nv" in xorg.conf.
diff --git a/profiles/hardened/ppc64/make.defaults b/profiles/hardened/ppc64/make.defaults
index 1e895cbff144..56404a1b9e08 100644
--- a/profiles/hardened/ppc64/make.defaults
+++ b/profiles/hardened/ppc64/make.defaults
@@ -1,6 +1,6 @@
 # Copyright 2005 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/ppc64/make.defaults,v 1.8 2007/02/20 22:43:17 wolf31o2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/ppc64/make.defaults,v 1.9 2009/07/09 00:47:50 gengor Exp $
 
 ARCH="ppc64"
 ACCEPT_KEYWORDS="${ARCH}"
@@ -8,6 +8,6 @@ USE="${ARCH} berkdb crypt hardened pam pic readline ssl zlib"
 
 # ppc64
 CHOST="powerpc64-unknown-linux-gnu"
-CFLAGS="-O2 -pipe -fforce-addr"
+CFLAGS="-O2 -pipe"
 CXXFLAGS="${CFLAGS}"
 FEATURES="-sandbox"
diff --git a/profiles/hardened/x86/make.defaults b/profiles/hardened/x86/make.defaults
index 45d83c1d87de..10d1a6cff374 100644
--- a/profiles/hardened/x86/make.defaults
+++ b/profiles/hardened/x86/make.defaults
@@ -1,12 +1,12 @@
 # Copyright 1999-2006 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/x86/make.defaults,v 1.17 2009/03/27 22:33:48 solar Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/hardened/x86/make.defaults,v 1.18 2009/07/09 00:47:51 gengor Exp $
 
 ARCH="x86"
 ACCEPT_KEYWORDS="x86"
 
 CHOST="i486-pc-linux-gnu"
-CFLAGS="-O2 -mcpu=i486 -pipe -fforce-addr"
+CFLAGS="-mcpu=i486 -O2 -pipe"
 CXXFLAGS="${CFLAGS}"
 
 USE="berkdb crypt hardened nls nptl nptlonly pam pic readline ssl tcpd zlib"