CVS commit: pkgsrc/www/firefox

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/firefox
From: "Maya Rashish" <maya%netbsd.org@localhost>
Date: Fri, 6 Nov 2020 08:56:37 +0000

Module Name:    pkgsrc
Committed By:   maya
Date:           Fri Nov  6 08:56:37 UTC 2020

Modified Files:
        pkgsrc/www/firefox: Makefile distinfo
Added Files:
        pkgsrc/www/firefox/patches:
            patch-js_src_jit_ProcessExecutableMemory.cpp
            patch-js_src_vm_ArrayBufferObject.cpp

Log Message:
firefox: paxctl safety for netbsd.

Tested on amd64. This means that text relocations are now fatal.
Hopefully other architectures don't have additional ways to be not-mprotect-
safe, but there is always the possibility.

No obvious performance difference in an older (non-wasm) javascript benchmark.


To generate a diff of this commit:
cvs rdiff -u -r1.454 -r1.455 pkgsrc/www/firefox/Makefile
cvs rdiff -u -r1.418 -r1.419 pkgsrc/www/firefox/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/www/firefox/patches/patch-js_src_jit_ProcessExecutableMemory.cpp \
    pkgsrc/www/firefox/patches/patch-js_src_vm_ArrayBufferObject.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/firefox/Makefile
diff -u pkgsrc/www/firefox/Makefile:1.454 pkgsrc/www/firefox/Makefile:1.455
--- pkgsrc/www/firefox/Makefile:1.454   Thu Nov  5 09:09:20 2020
+++ pkgsrc/www/firefox/Makefile Fri Nov  6 08:56:37 2020
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.454 2020/11/05 09:09:20 ryoon Exp $
+# $NetBSD: Makefile,v 1.455 2020/11/06 08:56:37 maya Exp $
 
 FIREFOX_VER=           ${MOZ_BRANCH}${MOZ_BRANCH_MINOR}
 MOZ_BRANCH=            82.0
@@ -6,7 +6,7 @@ MOZ_BRANCH_MINOR=       .2
 
 DISTNAME=      firefox-${FIREFOX_VER}.source
 PKGNAME=       ${DISTNAME:S/.source//:S/b/beta/:S/esr//}
-PKGREVISION=   1
+PKGREVISION=   2
 CATEGORIES=    www
 MASTER_SITES+= ${MASTER_SITE_MOZILLA:=firefox/releases/${FIREFOX_VER}/source/}
 EXTRACT_SUFX=  .tar.xz
@@ -37,8 +37,7 @@ LDFLAGS.FreeBSD+=     -lplc4 -lnspr4
 LDFLAGS.Linux+=                -lnspr4
 LDFLAGS.SunOS+=                -lm
 
-NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/${MOZILLA}
-NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/${MOZILLA}-bin
+# XXX not sure how to test this! likely unnecessary
 NOT_PAX_MPROTECT_SAFE+=        lib/${PKGBASE}/plugin-container
 
 # Avoid ld "invalid section index" errors.

Index: pkgsrc/www/firefox/distinfo
diff -u pkgsrc/www/firefox/distinfo:1.418 pkgsrc/www/firefox/distinfo:1.419
--- pkgsrc/www/firefox/distinfo:1.418   Wed Oct 28 15:34:41 2020
+++ pkgsrc/www/firefox/distinfo Fri Nov  6 08:56:37 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.418 2020/10/28 15:34:41 maya Exp $
+$NetBSD: distinfo,v 1.419 2020/11/06 08:56:37 maya Exp $
 
 SHA1 (firefox-82.0.2.source.tar.xz) = 06c09c33d795d0c5c11b1d662c5ea204b53b0a00
 RMD160 (firefox-82.0.2.source.tar.xz) = 7ef23ac4bf0fcbe9861e1bc564dd962c410466dd
@@ -19,9 +19,11 @@ SHA1 (patch-gfx_thebes_gfxPlatform.cpp) 
 SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 4a6606da590cfb8d855bde58b9c6f90e98d0870c
 SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658
 SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 260c29bacd8bf265951b7a412f850bf2b292c836
+SHA1 (patch-js_src_jit_ProcessExecutableMemory.cpp) = c75e9ea7124c18be1a051106fcc407ddd1e82e46
 SHA1 (patch-js_src_jit_arm64_vixl_MozCpu-vixl.cpp) = fbb3271ccc09112b191be1b04ba3023bd38f645f
 SHA1 (patch-js_src_jsfriendapi.h) = b5cb687dbbda314fe0f16521c1c042c105c4bbe4
 SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba
+SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = ca117633d2aae52d82ec349a0bfb0c03b87898b4
 SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a
 SHA1 (patch-media_libcubeb_src_cubeb__alsa.c) = 31536f36cb33f16da309527b50eda9b721608115
 SHA1 (patch-media_libcubeb_src_moz.build) = e4e64a1135cf4157ae5b6f7c1710ebd076953479

Added files:

Index: pkgsrc/www/firefox/patches/patch-js_src_jit_ProcessExecutableMemory.cpp
diff -u /dev/null pkgsrc/www/firefox/patches/patch-js_src_jit_ProcessExecutableMemory.cpp:1.1
--- /dev/null   Fri Nov  6 08:56:37 2020
+++ pkgsrc/www/firefox/patches/patch-js_src_jit_ProcessExecutableMemory.cpp     Fri Nov  6 08:56:37 2020
@@ -0,0 +1,38 @@
+$NetBSD: patch-js_src_jit_ProcessExecutableMemory.cpp,v 1.1 2020/11/06 08:56:37 maya Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/jit/ProcessExecutableMemory.cpp.orig        2020-10-27 23:47:06.000000000 +0000
++++ js/src/jit/ProcessExecutableMemory.cpp
+@@ -362,9 +362,16 @@ static void* ReserveProcessExecutableMem
+   // Note that randomAddr is just a hint: if the address is not available
+   // mmap will pick a different address.
+   void* randomAddr = ComputeRandomAllocationAddress();
++#ifdef PROT_MPROTECT
++  void* p = MozTaggedAnonymousMmap(randomAddr, bytes,
++                                   PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++                                   MAP_PRIVATE | MAP_ANON, -1, 0,
++                                   "js-executable-memory");
++#else
+   void* p = MozTaggedAnonymousMmap(randomAddr, bytes, PROT_NONE,
+                                    MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1,
+                                    0, "js-executable-memory");
++#endif
+   if (p == MAP_FAILED) {
+     return nullptr;
+   }
+@@ -409,8 +416,12 @@ static unsigned ProtectionSettingToFlags
+ 
+ static MOZ_MUST_USE bool CommitPages(void* addr, size_t bytes,
+                                      ProtectionSetting protection) {
+-  void* p = MozTaggedAnonymousMmap(
+-      addr, bytes, ProtectionSettingToFlags(protection),
++  void* p = MozTaggedAnonymousMmap(addr, bytes,
++#ifdef PROT_MPROTECT
++      ProtectionSettingToFlags(protection) | PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++#else
++      ProtectionSettingToFlags(protection),
++#endif
+       MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0, "js-executable-memory");
+   if (p == MAP_FAILED) {
+     return false;
Index: pkgsrc/www/firefox/patches/patch-js_src_vm_ArrayBufferObject.cpp
diff -u /dev/null pkgsrc/www/firefox/patches/patch-js_src_vm_ArrayBufferObject.cpp:1.1
--- /dev/null   Fri Nov  6 08:56:37 2020
+++ pkgsrc/www/firefox/patches/patch-js_src_vm_ArrayBufferObject.cpp    Fri Nov  6 08:56:37 2020
@@ -0,0 +1,24 @@
+$NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.1 2020/11/06 08:56:37 maya Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/vm/ArrayBufferObject.cpp.orig       2020-10-27 23:48:08.000000000 +0000
++++ js/src/vm/ArrayBufferObject.cpp
+@@ -165,9 +165,17 @@ void* js::MapBufferMemory(size_t mappedS
+     return nullptr;
+   }
+ #else   // XP_WIN
++
++#ifdef PROT_MPROTECT
++  void* data =
++      MozTaggedAnonymousMmap(nullptr, mappedSize,
++                             PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++                             MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#else
+   void* data =
+       MozTaggedAnonymousMmap(nullptr, mappedSize, PROT_NONE,
+                              MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#endif
+   if (data == MAP_FAILED) {
+     return nullptr;
+   }

Prev by Date: CVS commit: pkgsrc/net/net-snmp
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/net/net-snmp
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index