pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/firefox52 firefox52: Make PaX MPROTECT safe on Net...
details: https://anonhg.NetBSD.org/pkgsrc/rev/54f3c72787d7
branches: trunk
changeset: 441810:54f3c72787d7
user: nia <nia%pkgsrc.org@localhost>
date: Wed Nov 11 11:15:38 2020 +0000
description:
firefox52: Make PaX MPROTECT safe on NetBSD. Bump PKGREVISION.
This little bit of extra security is pretty critical when using this
older Firefox release.
diffstat:
www/firefox52/Makefile | 6 +-
www/firefox52/distinfo | 4 +-
www/firefox52/patches/patch-js_src_jit_ProcessExecutableMemory.cpp | 40 ++++++++++
www/firefox52/patches/patch-js_src_vm_ArrayBufferObject.cpp | 21 +++++
4 files changed, 66 insertions(+), 5 deletions(-)
diffs (117 lines):
diff -r 3b3f16b64ce1 -r 54f3c72787d7 www/firefox52/Makefile
--- a/www/firefox52/Makefile Wed Nov 11 11:11:30 2020 +0000
+++ b/www/firefox52/Makefile Wed Nov 11 11:15:38 2020 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.60 2020/11/05 09:09:20 ryoon Exp $
+# $NetBSD: Makefile,v 1.61 2020/11/11 11:15:38 nia Exp $
FIREFOX_VER= ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
MOZ_BRANCH= 52.9
@@ -6,7 +6,7 @@
DISTNAME= firefox-${FIREFOX_VER}.source
PKGNAME= firefox${MOZ_BRANCH:C/\..*$//}-${MOZ_BRANCH}${MOZ_BRANCH_MINOR:S/b/beta/:S/esr//}
-PKGREVISION= 31
+PKGREVISION= 32
CATEGORIES= www
MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
MASTER_SITES+= ${MASTER_SITE_MOZILLA_ALL:=firefox/releases/${FIREFOX_VER}/source/}
@@ -31,8 +31,6 @@
LDFLAGS.Linux+= -lnspr4
LDFLAGS.SunOS+= -lm
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/firefox
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/firefox-bin
NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/plugin-container
ALL_ENV+= MOZILLA_PKG_NAME=${PKGBASE}
diff -r 3b3f16b64ce1 -r 54f3c72787d7 www/firefox52/distinfo
--- a/www/firefox52/distinfo Wed Nov 11 11:11:30 2020 +0000
+++ b/www/firefox52/distinfo Wed Nov 11 11:15:38 2020 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.24 2020/09/30 07:26:49 martin Exp $
+$NetBSD: distinfo,v 1.25 2020/11/11 11:15:38 nia Exp $
SHA1 (firefox-52.9.0esr.source.tar.xz) = df3d47518b380fe934e32a288515c25435fd82a7
RMD160 (firefox-52.9.0esr.source.tar.xz) = 8940269f0a515c0066b6ab2eea1da8963d27617b
@@ -57,9 +57,11 @@
SHA1 (patch-ipc_chromium_src_build_build__config.h) = 9e4f15226c494f5015dbea3a0df6af851449ae15
SHA1 (patch-ipc_chromium_src_chrome_common_transport__dib.h) = 33ea11a8c23f2fefcb318342ac9e94d3885cb3b1
SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = b9c202645a4b6f691a6eb81ef0daf4278d10dcc4
+SHA1 (patch-js_src_jit_ProcessExecutableMemory.cpp) = b2a34e470e4fc789f777aa101a5911e19d56dc26
SHA1 (patch-js_src_jit_arm_Architecture-arm.cpp) = f0b554c169643b8447b4f29168d61ea257b18782
SHA1 (patch-js_src_jit_none_AtomicOperations-sparc.h) = b44992a869d6d08809a9edc28f1ad6f40632d392
SHA1 (patch-js_src_moz.build) = ce9110506086d15a011d0985b58dd4e7d1b6ec5f
+SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = 6196d576b98126bbbab2014c373c7a442ee6dc12
SHA1 (patch-js_src_vm_StructuredClone.cpp) = 7e992825e996c43419318893b704a2aa380b0d2a
SHA1 (patch-js_xpconnect_src_XPCConvert.cpp) = 915777e9bb5366be41866cdb6ea0ad2b1c006dde
SHA1 (patch-js_xpconnect_src_XPCWrappedNative.cpp) = 6630b8cb20a2a2b8337e8c1250e741fd65be1e54
diff -r 3b3f16b64ce1 -r 54f3c72787d7 www/firefox52/patches/patch-js_src_jit_ProcessExecutableMemory.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox52/patches/patch-js_src_jit_ProcessExecutableMemory.cpp Wed Nov 11 11:15:38 2020 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-js_src_jit_ProcessExecutableMemory.cpp,v 1.1 2020/11/11 11:15:38 nia Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/jit/ProcessExecutableMemory.cpp.orig 2018-06-21 18:53:54.000000000 +0000
++++ js/src/jit/ProcessExecutableMemory.cpp
+@@ -288,8 +288,15 @@ ReserveProcessExecutableMemory(size_t by
+ // Note that randomAddr is just a hint: if the address is not available
+ // mmap will pick a different address.
+ void* randomAddr = ComputeRandomAllocationAddress();
++#ifdef PROT_MPROTECT
++ void* p = MozTaggedAnonymousMmap(randomAddr, bytes,
++ PROT_NONE | PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_PRIVATE | MAP_ANON,
++ -1, 0, "js-executable-memory");
++#else
+ void* p = MozTaggedAnonymousMmap(randomAddr, bytes, PROT_NONE, MAP_PRIVATE | MAP_ANON,
+ -1, 0, "js-executable-memory");
++#endif
+ if (p == MAP_FAILED)
+ return nullptr;
+ return p;
+@@ -316,9 +323,17 @@ ProtectionSettingToFlags(ProtectionSetti
+ static void
+ CommitPages(void* addr, size_t bytes, ProtectionSetting protection)
+ {
++#ifdef PROT_MPROTECT
++ void* p = MozTaggedAnonymousMmap(addr, bytes,
++ ProtectionSettingToFlags(protection) |
++ PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_FIXED | MAP_PRIVATE | MAP_ANON,
++ -1, 0, "js-executable-memory");
++#else
+ void* p = MozTaggedAnonymousMmap(addr, bytes, ProtectionSettingToFlags(protection),
+ MAP_FIXED | MAP_PRIVATE | MAP_ANON,
+ -1, 0, "js-executable-memory");
++#endif
+ MOZ_RELEASE_ASSERT(addr == p);
+ }
+
diff -r 3b3f16b64ce1 -r 54f3c72787d7 www/firefox52/patches/patch-js_src_vm_ArrayBufferObject.cpp
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/www/firefox52/patches/patch-js_src_vm_ArrayBufferObject.cpp Wed Nov 11 11:15:38 2020 +0000
@@ -0,0 +1,21 @@
+$NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.1 2020/11/11 11:15:38 nia Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/vm/ArrayBufferObject.cpp.orig 2017-04-11 02:13:21.000000000 +0000
++++ js/src/vm/ArrayBufferObject.cpp
+@@ -648,8 +648,14 @@ WasmArrayRawBuffer::Allocate(uint32_t nu
+ return nullptr;
+ }
+ # else // XP_WIN
++#ifdef PROT_MPROTECT
++ void* data = MozTaggedAnonymousMmap(nullptr, (size_t) mappedSizeWithHeader,
++ PROT_NONE | PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#else
+ void* data = MozTaggedAnonymousMmap(nullptr, (size_t) mappedSizeWithHeader, PROT_NONE,
+ MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#endif
+ if (data == MAP_FAILED)
+ return nullptr;
+
Home |
Main Index |
Thread Index |
Old Index