[pkgsrc/trunk]: pkgsrc/www/firefox firefox: Restore PaX MPROTECT support.

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/www/firefox firefox: Restore PaX MPROTECT support.
From: nia <nia%pkgsrc.org@localhost>
Date: Wed, 20 Jul 2022 22:32:54 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/342cf2fda3dd
branches:  trunk
changeset: 382100:342cf2fda3dd
user:      nia <nia%pkgsrc.org@localhost>
date:      Wed Jul 20 21:22:35 2022 +0000

description:
firefox: Restore PaX MPROTECT support.

diffstat:

 www/firefox/Makefile                                                   |   9 +--
 www/firefox/distinfo                                                   |   4 +-
 www/firefox/patches/patch-gfx_skia_skia_src_core_SkVM.cpp              |  19 +++++++
 www/firefox/patches/patch-third__party_wasm2c_wasm2c_wasm-rt-os-unix.c |  27 ++++++++++
 4 files changed, 51 insertions(+), 8 deletions(-)

diffs (109 lines):

diff -r b0c90fd8be6a -r 342cf2fda3dd www/firefox/Makefile
--- a/www/firefox/Makefile      Wed Jul 20 16:29:58 2022 +0000
+++ b/www/firefox/Makefile      Wed Jul 20 21:22:35 2022 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.528 2022/07/17 08:08:56 wiz Exp $
+# $NetBSD: Makefile,v 1.529 2022/07/20 21:22:35 nia Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
 MOZ_BRANCH=            102.0
@@ -6,7 +6,7 @@
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=  .tar.xz
@@ -69,11 +69,6 @@
 
 # XXX not sure how to test this! likely unnecessary
 NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/plugin-container
-# For RLBox WASM sandbox. Sync condition with mozilla-common.mk
-.if ${MACHINE_ARCH} == "x86_64" || ${MACHINE_ARCH} == "i386"
-NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/firefox
-NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/firefox-bin
-.endif
 
 # Avoid ld "invalid section index" errors.
 BUILDLINK_TRANSFORM.SunOS+=    rm:-fdata-sections
diff -r b0c90fd8be6a -r 342cf2fda3dd www/firefox/distinfo
--- a/www/firefox/distinfo      Wed Jul 20 16:29:58 2022 +0000
+++ b/www/firefox/distinfo      Wed Jul 20 21:22:35 2022 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.473 2022/07/17 08:08:56 wiz Exp $
+$NetBSD: distinfo,v 1.474 2022/07/20 21:22:35 nia Exp $
 
 BLAKE2s (firefox-102.0.1.source.tar.xz) = 43e2f34c0e39d1a3d3d341e55d474a9e5551865ace57f9f0fd1d7eb16676ef64
 SHA512 (firefox-102.0.1.source.tar.xz) = a930d359fb81e473b963a93f6db5110871e9fd57f6d0f352513047d363d930dd4811e8dd786c2f6f3541c3871eb1c0169b718652d9ee076fd13a20f52af30417
@@ -14,6 +14,7 @@
 SHA1 (patch-gfx_angle_checkout_src_common_third__party_smhasher_src_PMurHash.cpp) = e458c9c8dc66edc69c1874734af28a77fc5e3993
 SHA1 (patch-gfx_angle_checkout_src_compiler_translator_InfoSink.h) = b2adce9e65662283a11b6dcff40e95523e940045
 SHA1 (patch-gfx_skia_skia_src_core_SkCpu.cpp) = 36218819254f3681b9c717d652ea78c9f20d49ad
+SHA1 (patch-gfx_skia_skia_src_core_SkVM.cpp) = cdb2c2b0d512c0eb8403abba9b74c218d3a306ea
 SHA1 (patch-gfx_wr_swgl_build.rs) = df6ebfaabb4d27994e59a9d0eaf12c7cf08415fb
 SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 298642a3527804115b398fb7904a3596962932e3
 SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658
@@ -36,6 +37,7 @@
 SHA1 (patch-third__party_js_cfworker_build.sh) = 46cdf97b99cf01080f290ae8d9a33b5f869fc3e4
 SHA1 (patch-third__party_libwebrtc_modules_video__capture_linux_device__info__linux.cc) = 2e951d7d91934751608e99628fc144632d8a3b5c
 SHA1 (patch-third__party_libwebrtc_system__wrappers_source_cpu__features__linux.cc) = b90e22b50879f7adcc1da3a993f52c0701b720f8
+SHA1 (patch-third__party_wasm2c_wasm2c_wasm-rt-os-unix.c) = ba423726a4859f19aa627bb127e5597eac323016
 SHA1 (patch-toolkit_components_terminator_nsTerminator.cpp) = bd7b2a0f2407c3ab95515b2f143c41c3ca6fb0c4
 SHA1 (patch-toolkit_modules_subprocess_subprocess__shared__unix.js) = 2303b753066298305ccae80d72765dbc4da5e0dc
 SHA1 (patch-toolkit_moz.configure) = 8de54693dc47b0993f220cc5a04af98925de1fb5
diff -r b0c90fd8be6a -r 342cf2fda3dd www/firefox/patches/patch-gfx_skia_skia_src_core_SkVM.cpp
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox/patches/patch-gfx_skia_skia_src_core_SkVM.cpp Wed Jul 20 21:22:35 2022 +0000
@@ -0,0 +1,19 @@
+$NetBSD: patch-gfx_skia_skia_src_core_SkVM.cpp,v 1.1 2022/07/20 21:22:35 nia Exp $
+
+Work with PaX MPROTECT on NetBSD by stating that we will later make this memory
+block executable.
+
+--- gfx/skia/skia/src/core/SkVM.cpp.orig       2022-07-05 12:21:05.000000000 +0000
++++ gfx/skia/skia/src/core/SkVM.cpp
+@@ -2076,7 +2076,11 @@ namespace skvm {
+         // Allocate space that we can remap as executable.
+         const size_t page = sysconf(_SC_PAGESIZE);
+         fJITSize = ((a.size() + page - 1) / page) * page;  // mprotect works at page granularity.
++#ifdef PROT_MPROTECT
++        fJITBuf = mmap(nullptr,fJITSize, PROT_READ|PROT_WRITE|PROT_MPROTECT(PROT_WRITE), MAP_ANONYMOUS|MAP_PRIVATE, -1,0);
++#else
+         fJITBuf = mmap(nullptr,fJITSize, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE, -1,0);
++#endif
+ 
+         // Assemble the program for real.
+         a = Assembler{fJITBuf};
diff -r b0c90fd8be6a -r 342cf2fda3dd www/firefox/patches/patch-third__party_wasm2c_wasm2c_wasm-rt-os-unix.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox/patches/patch-third__party_wasm2c_wasm2c_wasm-rt-os-unix.c    Wed Jul 20 21:22:35 2022 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-third__party_wasm2c_wasm2c_wasm-rt-os-unix.c,v 1.1 2022/07/20 21:22:35 nia Exp $
+
+Work with PaX MPROTECT on NetBSD by stating that we will later make this memory
+block executable.
+
+--- third_party/wasm2c/wasm2c/wasm-rt-os-unix.c.orig   2022-07-05 12:21:22.000000000 +0000
++++ third_party/wasm2c/wasm2c/wasm-rt-os-unix.c
+@@ -48,6 +48,12 @@ void* os_mmap(void* hint, size_t size, i
+     /* At most 16 G is allowed */
+     return NULL;
+ 
++#ifdef PROT_MPROTECT
++    map_prot |= PROT_MPROTECT(PROT_READ);
++    map_prot |= PROT_MPROTECT(PROT_WRITE);
++    map_prot |= PROT_MPROTECT(PROT_EXEC);
++#endif
++
+   if (prot & MMAP_PROT_READ)
+     map_prot |= PROT_READ;
+ 
+@@ -279,4 +285,4 @@ void os_print_last_error(const char* msg
+ #else
+   // https://stackoverflow.com/questions/26541150/warning-iso-c-forbids-an-empty-translation-unit
+   typedef int make_iso_compilers_happy;
+-#endif
+\ No newline at end of file
++#endif

Prev by Date: [pkgsrc/trunk]: pkgsrc/www/firefox firefox: Fix braino in last commit.
Next by Date: [pkgsrc/trunk]: pkgsrc/devel/py-zanata-python-client py-zanata-python-client:...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/www/firefox firefox: Fix braino in last commit.
Next by Thread: [pkgsrc/trunk]: pkgsrc/devel/py-zanata-python-client py-zanata-python-client:...
Indexes:

Home | Main Index | Thread Index | Old Index