Big update to selinux profiles, hardened has stable =sys-devel/gcc-4.3.4

10 files changed, 47 insertions, 103 deletions

diff --git a/profiles/selinux/2007.0/amd64/hardened/package.mask b/profiles/selinux/2007.0/amd64/hardened/package.mask
index 5a2607f8865d..7b3b2b532bd7 100644
--- a/profiles/selinux/2007.0/amd64/hardened/package.mask
+++ b/profiles/selinux/2007.0/amd64/hardened/package.mask
@@ -1,15 +1,17 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/amd64/hardened/package.mask,v 1.3 2009/07/31 11:06:50 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/amd64/hardened/package.mask,v 1.4 2009/11/14 21:18:17 gengor Exp $
 
-# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
-# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
-# library).  After that, may still need to be masked on x86 as some
-# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
-# If you want to play with it, unmask in /etc/portage/package.unmask
-# but be prepared to rebuild anything you build with gcc-4, later.
-# 2006-01-11 kevquinn
-=sys-devel/gcc-4*
+# Hardened versions of gcc-4.0* through gcc-4.2* are not available.
+=sys-devel/gcc-4.0*
+=sys-devel/gcc-4.1*
+=sys-devel/gcc-4.2*
+
+# Mask non-hardened+non-testing gcc-4.3.x releases.
+=sys-devel/gcc-4.3.2*
+
+# No hardened >=sys-devel/gcc-4.4 available.
+>=sys-devel/gcc-4.4
 
 # Mask off glibc-2.4 until the approach for SSP compatibilty is
 # resolved in a way that doesn't break running systems, and we
@@ -17,6 +19,3 @@
 # around if you try it in a live system.
 # 2006-03-13 kevquinn
 =sys-libs/glibc-2.4*
-
-# Patch fails, mask for now. Bug #270274.
->=sys-libs/glibc-2.10
diff --git a/profiles/selinux/2007.0/amd64/hardened/package.use.mask b/profiles/selinux/2007.0/amd64/hardened/package.use.mask
deleted file mode 100644
index 4f65743ef216..000000000000
--- a/profiles/selinux/2007.0/amd64/hardened/package.use.mask
+++ /dev/null
@@ -1,11 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/amd64/hardened/package.use.mask,v 1.3 2009/09/13 13:56:28 maekke Exp $
-
-# Markus Meier <maekke@gentoo.org> (13 Sep 2009)
-# mask openmp USE-flag as it depends on sys-devel/gcc[openmp]
-media-gfx/blender openmp
-
-# 2008/08/01 Jean-Noël Rivasseau <elvanor@gentoo.org>
-# Disabling gcj flag, no gcc-4.3.1 yet
-dev-java/eclipse-ecj gcj
diff --git a/profiles/selinux/2007.0/x86/hardened/package.mask b/profiles/selinux/2007.0/x86/hardened/package.mask
index 3b063ae58bea..b2e54464ea81 100644
--- a/profiles/selinux/2007.0/x86/hardened/package.mask
+++ b/profiles/selinux/2007.0/x86/hardened/package.mask
@@ -1,15 +1,17 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/x86/hardened/package.mask,v 1.3 2009/07/31 11:05:52 ssuominen Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/x86/hardened/package.mask,v 1.4 2009/11/14 21:18:17 gengor Exp $
 
-# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
-# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
-# library).  After that, may still need to be masked on x86 as some
-# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
-# If you want to play with it, unmask in /etc/portage/package.unmask
-# but be prepared to rebuild anything you build with gcc-4, later.
-# 2006-01-11 kevquinn
-=sys-devel/gcc-4*
+# Hardened versions of gcc-4.0* through gcc-4.2* are not available.
+=sys-devel/gcc-4.0*
+=sys-devel/gcc-4.1*
+=sys-devel/gcc-4.2*
+
+# Mask non-hardened+non-testing gcc-4.3.x releases.
+=sys-devel/gcc-4.3.2*
+
+# No hardened >=sys-devel/gcc-4.4 available.
+>=sys-devel/gcc-4.4
 
 # Mask off glibc-2.4 until the approach for SSP compatibilty is
 # resolved in a way that doesn't break running systems, and we
@@ -17,6 +19,3 @@
 # around if you try it in a live system.
 # 2006-03-13 kevquinn
 =sys-libs/glibc-2.4*
-
-# Patch fails, mask for now. Bug #270274.
->=sys-libs/glibc-2.10
diff --git a/profiles/selinux/2007.0/x86/hardened/package.use.mask b/profiles/selinux/2007.0/x86/hardened/package.use.mask
deleted file mode 100644
index d01aa1e424ef..000000000000
--- a/profiles/selinux/2007.0/x86/hardened/package.use.mask
+++ /dev/null
@@ -1,7 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/2007.0/x86/hardened/package.use.mask,v 1.1 2009/09/13 13:56:28 maekke Exp $
-
-# Markus Meier <maekke@gentoo.org> (13 Sep 2009)
-# mask openmp USE-flag as it depends on sys-devel/gcc[openmp]
-media-gfx/blender openmp
diff --git a/profiles/selinux/package.mask b/profiles/selinux/package.mask
index 50fe4c218bc4..814f4eec5e0c 100644
--- a/profiles/selinux/package.mask
+++ b/profiles/selinux/package.mask
@@ -1,31 +1,13 @@
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/package.mask,v 1.46 2009/10/28 02:12:08 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/package.mask,v 1.47 2009/11/14 21:18:16 gengor Exp $
 
 # Chris PeBenito <pebenito@gentoo.org> (27 Oct 2009)
 # Needs updated selinux patch   
 =sys-apps/sysvinit-2.87
 
-# Vlastimil Babka <caster@gentoo.org> (12 Oct 2009)
-# Requires libstdc++ from >=gcc-4.3
->=dev-java/icedtea6-bin-1.6.1
-
-# Vlastimil Babka <caster@gentoo.org> (07 Oct 2009)
-# Requires libstdc++ from >=gcc-4.2
->=x11-misc/googleearth-5
-
-# Ryan Hill <dirtyepic@gentoo.org> (26 Sep 2009)
-# requires gcc-4
->=dev-libs/elfutils-0.140
->=dev-util/systemtap-1
-
-# Bernard Cafarelli <voyageur@gentoo.org> (25 Aug 2009)
-# Requires libstdc++ from >=gcc-4.2
-www-client/chromium-bin
-
 # Chris PeBenito <pebenito@gentoo.org> (10 Aug 2009)
 # SELinux code problems
 =sys-apps/portage-2.2_rc37
 =sys-apps/portage-2.2_rc38
 
-# Sebastien Fabbro <bicatali@gentoo.org> (08 Oct 2007)
-# acml -3.6 and over needs gcc-4.1*
+# >=sci-libs/acml-3.6 requires gcc-4.2.
 >=sci-libs/acml-3.6
diff --git a/profiles/selinux/package.use.mask b/profiles/selinux/package.use.mask
index 0ae9713c3b44..52b8facad54c 100644
--- a/profiles/selinux/package.use.mask
+++ b/profiles/selinux/package.use.mask
@@ -1,7 +1,3 @@
-# Jean-Noël Rivasseau <elvanor@gentoo.org> (01 Aug 2008)
-# Disabling gcj flag, no gcc-4.3.1 yet
-dev-java/eclipse-ecj gcj
-
 # Saleem Abdulrasool <compnerd@gentoo.org> (23 Nov 2007)
 # Unmask when we get HAL 0.5.10 straightened out
 media-sound/pulseaudio policykit
diff --git a/profiles/selinux/use.mask b/profiles/selinux/use.mask
index ba7214814f29..5d333cbc469c 100644
--- a/profiles/selinux/use.mask
+++ b/profiles/selinux/use.mask
@@ -1,6 +1,6 @@
 # Copyright 2004-2006 Gentoo Foundation.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/use.mask,v 1.9 2008/01/13 21:26:20 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/use.mask,v 1.10 2009/11/14 21:18:16 gengor Exp $
 
 # This file masks out USE flags that are simply NOT allowed in the default
 # profile for any architecture.  This works, for example, if a non-default
@@ -19,10 +19,5 @@ multilib
 # ppc and x86/amd64
 x264
 
-# lvm2 clustered use flags
-clvm
-gulm
-cman
-
 # tcc is x86-only
 tcc
diff --git a/profiles/selinux/v2refpolicy/amd64/hardened/package.mask b/profiles/selinux/v2refpolicy/amd64/hardened/package.mask
index 36678695110e..12dff133d816 100644
--- a/profiles/selinux/v2refpolicy/amd64/hardened/package.mask
+++ b/profiles/selinux/v2refpolicy/amd64/hardened/package.mask
@@ -1,15 +1,17 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/v2refpolicy/amd64/hardened/package.mask,v 1.1 2009/08/09 18:21:17 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/v2refpolicy/amd64/hardened/package.mask,v 1.2 2009/11/14 21:18:17 gengor Exp $
 
-# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
-# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
-# library).  After that, may still need to be masked on x86 as some
-# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
-# If you want to play with it, unmask in /etc/portage/package.unmask
-# but be prepared to rebuild anything you build with gcc-4, later.
-# 2006-01-11 kevquinn
-=sys-devel/gcc-4*
+# Hardened versions of gcc-4.0* through gcc-4.2* are not available.
+=sys-devel/gcc-4.0*
+=sys-devel/gcc-4.1*
+=sys-devel/gcc-4.2*
+
+# Mask non-hardened+non-testing gcc-4.3.x releases.
+=sys-devel/gcc-4.3.2*
+
+# No hardened >=sys-devel/gcc-4.4 available.
+>=sys-devel/gcc-4.4
 
 # Mask off glibc-2.4 until the approach for SSP compatibilty is
 # resolved in a way that doesn't break running systems, and we
@@ -17,6 +19,3 @@
 # around if you try it in a live system.
 # 2006-03-13 kevquinn
 =sys-libs/glibc-2.4*
-
-# Patch fails, mask for now. Bug #270274.
->=sys-libs/glibc-2.10
diff --git a/profiles/selinux/v2refpolicy/amd64/hardened/package.use.mask b/profiles/selinux/v2refpolicy/amd64/hardened/package.use.mask
deleted file mode 100644
index f6b4ebac3651..000000000000
--- a/profiles/selinux/v2refpolicy/amd64/hardened/package.use.mask
+++ /dev/null
@@ -1,7 +0,0 @@
-# Copyright 1999-2009 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/v2refpolicy/amd64/hardened/package.use.mask,v 1.1 2009/08/09 18:21:17 pebenito Exp $
-
-# 2008/08/01 Jean-Noël Rivasseau <elvanor@gentoo.org>
-# Disabling gcj flag, no gcc-4.3.1 yet
-dev-java/eclipse-ecj gcj
diff --git a/profiles/selinux/v2refpolicy/x86/hardened/package.mask b/profiles/selinux/v2refpolicy/x86/hardened/package.mask
index 3b67e05603e1..05906e924e8e 100644
--- a/profiles/selinux/v2refpolicy/x86/hardened/package.mask
+++ b/profiles/selinux/v2refpolicy/x86/hardened/package.mask
@@ -1,15 +1,17 @@
 # Copyright 1999-2009 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/v2refpolicy/x86/hardened/package.mask,v 1.1 2009/08/09 18:21:18 pebenito Exp $
+# $Header: /var/cvsroot/gentoo-x86/profiles/selinux/v2refpolicy/x86/hardened/package.mask,v 1.2 2009/11/14 21:18:17 gengor Exp $
 
-# Mask off gcc-4 for all hardened arches until SSP is sorted out (i.e.
-# backport for gcc-4.0 and 4.0/4.1 rigged for SSP support in the C
-# library).  After that, may still need to be masked on x86 as some
-# PIC assembler that worked pre-4 fails post-4, e.g. bug #104966).
-# If you want to play with it, unmask in /etc/portage/package.unmask
-# but be prepared to rebuild anything you build with gcc-4, later.
-# 2006-01-11 kevquinn
-=sys-devel/gcc-4*
+# Hardened versions of gcc-4.0* through gcc-4.2* are not available.
+=sys-devel/gcc-4.0*
+=sys-devel/gcc-4.1*
+=sys-devel/gcc-4.2*
+
+# Mask non-hardened+non-testing gcc-4.3.x releases.
+=sys-devel/gcc-4.3.2*
+
+# No hardened >=sys-devel/gcc-4.4 available.
+>=sys-devel/gcc-4.4
 
 # Mask off glibc-2.4 until the approach for SSP compatibilty is
 # resolved in a way that doesn't break running systems, and we
@@ -17,6 +19,3 @@
 # around if you try it in a live system.
 # 2006-03-13 kevquinn
 =sys-libs/glibc-2.4*
-
-# Patch fails, mask for now. Bug #270274.
->=sys-libs/glibc-2.10