pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/tor-browser
Module Name: pkgsrc
Committed By: wiz
Date: Thu Nov 12 21:07:46 UTC 2020
Modified Files:
pkgsrc/security/tor-browser: Makefile distinfo options.mk
Added Files:
pkgsrc/security/tor-browser/patches:
patch-js_src_jit_ProcessExecutableMemory.cpp
patch-js_src_vm_ArrayBufferObject.cpp
Removed Files:
pkgsrc/security/tor-browser/files: cubeb_sun.c
pkgsrc/security/tor-browser/patches:
patch-media_libcubeb_src_cubeb__sun.c
Log Message:
tor-browser: merge recent changes from firefox
This includes nia's mprotect patch.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.78 -r1.79 pkgsrc/security/tor-browser/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/security/tor-browser/distinfo
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/tor-browser/options.mk
cvs rdiff -u -r1.1 -r0 pkgsrc/security/tor-browser/files/cubeb_sun.c
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/tor-browser/patches/patch-js_src_jit_ProcessExecutableMemory.cpp \
pkgsrc/security/tor-browser/patches/patch-js_src_vm_ArrayBufferObject.cpp
cvs rdiff -u -r1.1 -r0 \
pkgsrc/security/tor-browser/patches/patch-media_libcubeb_src_cubeb__sun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/tor-browser/Makefile
diff -u pkgsrc/security/tor-browser/Makefile:1.78 pkgsrc/security/tor-browser/Makefile:1.79
--- pkgsrc/security/tor-browser/Makefile:1.78 Thu Nov 5 09:09:05 2020
+++ pkgsrc/security/tor-browser/Makefile Thu Nov 12 21:07:45 2020
@@ -1,8 +1,23 @@
-# $NetBSD: Makefile,v 1.78 2020/11/05 09:09:05 ryoon Exp $
+# $NetBSD: Makefile,v 1.79 2020/11/12 21:07:45 wiz Exp $
+#
+# How to update this package:
+#
+# replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
+# compare e.g. the output of
+# diff -r -I NetBSD . ../../www/firefox78
+# BUT keep:
+# patch-.mozconfig (if still necessary)
+# patch-browser_app_profile_000-tor-browser.js
+# patch-toolkit_moz.configure (second chunk)
+# patch-xpcom_io_TorFileUtils.cpp
+# make the patches apply
+#
+# when packaged up, read MESSAGE and test by visiting https://check.torproject.org
+# and https://panopticlick.eff.org
DISTNAME= src-firefox-tor-browser-78.4.0esr-10.0-2-build2
PKGNAME= tor-browser-10.0.2
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= security www
MASTER_SITES= https://dist.torproject.org/torbrowser/${PKGVERSION_NOREV}/
EXTRACT_SUFX= .tar.xz
@@ -15,26 +30,41 @@ HOMEPAGE= https://www.torproject.org/pro
COMMENT= Tor Browser based on Firefox
LICENSE= mpl-1.1
+UNLIMIT_RESOURCES+= datasize virtualsize
+
WRKSRC= ${WRKDIR}/${DISTNAME:S/src-//}
+MOZILLA_DIR= # empty
+
DEPENDS+= tor-[0-9]*:../../net/tor
DEPENDS+= tor-browser-https-everywhere>=2020.5.20:../../security/tor-browser-https-everywhere
DEPENDS+= tor-browser-noscript>=11.0.32:../../security/tor-browser-noscript
-# How to update this package:
-#
-# replace all patches with the one from the correspoding www/firefox${ESR_RELEASE}
-# compare e.g. the output of
-# diff -r -I NetBSD . ../../www/firefox78
-# BUT keep:
-# patch-.mozconfig (if still necessary)
-# patch-browser_app_profile_000-tor-browser.js
-# patch-toolkit_moz.configure (second chunk)
-# patch-xpcom_io_TorFileUtils.cpp
-# make the patches apply
-#
-# when packaged up, read MESSAGE and test by visiting https://check.torproject.org
-# and https://panopticlick.eff.org
+.include "../../mk/bsd.prefs.mk"
+
+CONFIGURE_ARGS+= --enable-tor-browser-data-outside-app-dir
+CONFIGURE_ARGS+= --with-tor-browser-version=${PKGVERSION_NOREV}
+CFLAGS+= -DTOR_BROWSER_DATA_IN_HOME_DIR=1
+CFLAGS+= -DTOR_BROWSER_DATA_OUTSIDE_APP_DIR=1
+CFLAGS+= -fPIC
+
+# workaround for link of libxul.so etc.
+LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib/${PKGBASE}
+LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib
+LDFLAGS.DragonFly+= -lplc4 -lnspr4
+LDFLAGS.FreeBSD+= -lplc4 -lnspr4
+LDFLAGS.Linux+= -lnspr4
+LDFLAGS.SunOS+= -lm
+
+ALL_ENV+= MOZ_APP_NAME=${PKGBASE}
+
+# Avoid ld "invalid section index" errors.
+BUILDLINK_TRANSFORM.SunOS+= rm:-fdata-sections
+BUILDLINK_TRANSFORM.SunOS+= rm:-ffunction-sections
+BUILDLINK_TRANSFORM.SunOS+= rm:-pie
+
+# Workaround for https://bugs.llvm.org/show_bug.cgi?id=46366
+BUILDLINK_TRANSFORM.NetBSD+= rm:-fexperimental-new-pass-manager
# Remove hardcoded build directory.
SUBST_CLASSES+= fix-build-dir
@@ -48,10 +78,15 @@ SUBST_FILES.fonts+= tor-browser_en-US/Br
SUBST_SED.fonts+= -e 's,<dir>fonts</dir>,<dir>${PREFIX}/lib/tor-browser/browser/fonts</dir>,'
SUBST_MESSAGE.fonts= Fixing path to bundled fonts directory.
-MOZILLA_DIR= # empty
+.include "../../www/firefox78/mozilla-common.mk"
+.include "options.mk"
-# Workaround for https://bugs.llvm.org/show_bug.cgi?id=46366
-BUILDLINK_TRANSFORM.NetBSD+= rm:-fexperimental-new-pass-manager
+CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/header.py
+CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/typelib.py
+CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/xpidl.py
+CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/xpt.py
+
+CHECK_WRKREF_SKIP+= lib/${PKGBASE}/chrome/toolkit/content/global/buildconfig.html
#
# Generate list of subst entries for various .cargo-checksum.json files. These
@@ -81,56 +116,21 @@ SUBST_FILES.cksum+= ${crate}/.cargo-chec
SUBST_SED.cksum+= -e 's,${from},${to},g'
.endfor
-.include "../../mk/bsd.prefs.mk"
-
-CONFIGURE_ARGS+= --enable-tor-browser-data-outside-app-dir
-CONFIGURE_ARGS+= --with-tor-browser-version=${PKGVERSION_NOREV}
-CFLAGS+= -DTOR_BROWSER_DATA_IN_HOME_DIR=1
-CFLAGS+= -DTOR_BROWSER_DATA_OUTSIDE_APP_DIR=1
-CFLAGS+= -fPIC
-
-# workaround for link of libxul.so etc.
-LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib/${PKGBASE}
-LDFLAGS+= ${COMPILER_RPATH_FLAG}${PREFIX}/lib
-LDFLAGS.DragonFly+= -lplc4 -lnspr4
-LDFLAGS.FreeBSD+= -lplc4 -lnspr4
-LDFLAGS.Linux+= -lnspr4
-LDFLAGS.SunOS+= -lm
-
-ALL_ENV+= MOZ_APP_NAME=${PKGBASE}
-
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/tor-browser
-NOT_PAX_MPROTECT_SAFE+= lib/${PKGBASE}/tor-browser-bin
-
-# Avoid ld "invalid section index" errors.
-BUILDLINK_TRANSFORM.SunOS+= rm:-fdata-sections
-BUILDLINK_TRANSFORM.SunOS+= rm:-ffunction-sections
-
-.include "../../www/firefox78/mozilla-common.mk"
-.include "options.mk"
-
-CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/header.py
-CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/typelib.py
-CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/xpidl.py
-CHECK_INTERPRETER_SKIP+= lib/firefox-sdk/sdk/bin/xpt.py
-
-CHECK_WRKREF_SKIP+= lib/${PKGBASE}/chrome/toolkit/content/global/buildconfig.html
-
MOZILLA= ${PKGBASE}
MOZILLA_ICON= ${WRKSRC}/browser/branding/official/default48.png
MOZILLA_NAME= TorBrowser
post-extract:
mv ${WRKSRC}/gfx/ycbcr/yuv_row_arm.s ${WRKSRC}/gfx/ycbcr/yuv_row_arm.S
- ${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src/cubeb_sun.c
mv ${WRKDIR}/tor-browser_en-US ${WRKSRC}
# mv ${WRKDIR}/tor-launcher* ${WRKSRC}/browser/extensions/tor-launcher
pre-configure:
- cd ${WRKSRC} && mkdir ${OBJDIR}
cd ${WRKSRC} && autoconf
- cd ${WRKSRC}/${OBJDIR} && touch old-configure.vars
cd ${WRKSRC}/js/src && autoconf
+ cd ${WRKSRC} && mkdir ${OBJDIR}
+ cd ${WRKSRC}/${OBJDIR} && touch old-configure.vars
+ # Do not fetch Rust Cargo file via network during build
post-build:
${SED} -e 's|@MOZILLA@|${MOZILLA}|g' \
Index: pkgsrc/security/tor-browser/distinfo
diff -u pkgsrc/security/tor-browser/distinfo:1.30 pkgsrc/security/tor-browser/distinfo:1.31
--- pkgsrc/security/tor-browser/distinfo:1.30 Sat Oct 31 00:55:27 2020
+++ pkgsrc/security/tor-browser/distinfo Thu Nov 12 21:07:45 2020
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.30 2020/10/31 00:55:27 wiz Exp $
+$NetBSD: distinfo,v 1.31 2020/11/12 21:07:45 wiz Exp $
SHA1 (src-firefox-tor-browser-78.4.0esr-10.0-2-build2.tar.xz) = 58c2c7954b7b751c71f6cbd7944c4be3281d2105
RMD160 (src-firefox-tor-browser-78.4.0esr-10.0-2-build2.tar.xz) = e773a61f364bd2a1c01fcd06fa714cb8ae7b7e56
@@ -26,11 +26,12 @@ SHA1 (patch-gfx_thebes_gfxPlatform.cpp)
SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 4a6606da590cfb8d855bde58b9c6f90e98d0870c
SHA1 (patch-ipc_chromium_src_base_platform__thread__posix.cc) = 35d20981d33ccdb1d8ffb8039e48798777f11658
SHA1 (patch-ipc_glue_GeckoChildProcessHost.cpp) = 260c29bacd8bf265951b7a412f850bf2b292c836
+SHA1 (patch-js_src_jit_ProcessExecutableMemory.cpp) = c75e9ea7124c18be1a051106fcc407ddd1e82e46
SHA1 (patch-js_src_jsfriendapi.h) = 6bbb895b882ee24929f011751c42732215e153a2
SHA1 (patch-js_src_util_NativeStack.cpp) = a0a16d8d8d78d3cc3f4d2a508586f1a7821f7dba
+SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = ca117633d2aae52d82ec349a0bfb0c03b87898b4
SHA1 (patch-media_ffvpx_libavutil_arm_bswap.h) = de58daa0fd23d4fec50426602b65c9ea5862558a
SHA1 (patch-media_libcubeb_src_cubeb__alsa.c) = 31536f36cb33f16da309527b50eda9b721608115
-SHA1 (patch-media_libcubeb_src_cubeb__sun.c) = a8e03bc95850f83fd7ee3985c7cdb700981aa019
SHA1 (patch-media_libcubeb_src_moz.build) = e4e64a1135cf4157ae5b6f7c1710ebd076953479
SHA1 (patch-media_libpng_pngpriv.h) = c8084332560017cd7c9b519b61d125fa28af0dbc
SHA1 (patch-media_libtheora_lib_info.c) = f6dbf536d73859a1ff78304c2e9f6a6f74dac01f
Index: pkgsrc/security/tor-browser/options.mk
diff -u pkgsrc/security/tor-browser/options.mk:1.7 pkgsrc/security/tor-browser/options.mk:1.8
--- pkgsrc/security/tor-browser/options.mk:1.7 Mon Aug 17 06:58:02 2020
+++ pkgsrc/security/tor-browser/options.mk Thu Nov 12 21:07:45 2020
@@ -1,14 +1,19 @@
-# $NetBSD: options.mk,v 1.7 2020/08/17 06:58:02 riastradh Exp $
+# $NetBSD: options.mk,v 1.8 2020/11/12 21:07:45 wiz Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.tor-browser
-PKG_SUPPORTED_OPTIONS+= alsa dbus debug debug-info mozilla-jemalloc pulseaudio
-PKG_SUGGESTED_OPTIONS.Linux+= alsa dbus mozilla-jemalloc
+PKG_SUPPORTED_OPTIONS+= debug debug-info mozilla-jemalloc webrtc
+PKG_SUPPORTED_OPTIONS+= alsa pulseaudio dbus
+PLIST_VARS+= debug
-.include "../../mk/bsd.fast.prefs.mk"
+.if ${OPSYS} == "Linux"
+PKG_SUGGESTED_OPTIONS+= pulseaudio mozilla-jemalloc dbus webrtc
+.else
+PKG_SUGGESTED_OPTIONS+= dbus
+.endif
-.if ${OPSYS} != "NetBSD"
-PKG_SUGGESTED_OPTIONS+= pulseaudio
+.if ${OPSYS} == "NetBSD" && empty(OS_VERSION:M[0-8].*)
+PKG_SUGGESTED_OPTIONS+= webrtc
.endif
.include "../../mk/bsd.options.mk"
@@ -20,41 +25,30 @@ CONFIGURE_ARGS+= --enable-alsa
CONFIGURE_ARGS+= --disable-alsa
.endif
-.if !empty(PKG_OPTIONS:Mdbus)
-CONFIGURE_ARGS+= --enable-dbus
-.include "../../sysutils/dbus-glib/buildlink3.mk"
-.else
-CONFIGURE_ARGS+= --disable-dbus
-.endif
-
.if !empty(PKG_OPTIONS:Mmozilla-jemalloc)
CONFIGURE_ARGS+= --enable-jemalloc
+CONFIGURE_ARGS+= --enable-replace-malloc
.else
CONFIGURE_ARGS+= --disable-jemalloc
.endif
-.include "../../mk/compiler.mk"
-.if !empty(PKGSRC_COMPILER:Mgcc)
-. if ${CC_VERSION:S/gcc-//:S/.//g} >= 480
-# Modern gcc does not run any "tracking" passes when compiling with -O0,
-# which makes the generated debug info mostly useless. So explicitly
-# request them.
-O0TRACKING=-fvar-tracking-assignments -fvar-tracking
-. endif
-.endif
-
.if !empty(PKG_OPTIONS:Mdebug)
-CONFIGURE_ARGS+= --enable-debug="-g -O0 ${O0TRACKING}" --enable-debug-symbols --disable-optimize
+CONFIGURE_ARGS+= --enable-debug="-g -O0"
+CONFIGURE_ARGS+= --disable-optimize
+CONFIGURE_ARGS+= --enable-debug-js-modules
CONFIGURE_ARGS+= --disable-install-strip
+PLIST.debug= yes
.else
. if !empty(PKG_OPTIONS:Mdebug-info)
CONFIGURE_ARGS+= --enable-debug-symbols
+CONFIGURE_ARGS+= --enable-optimize=-Og
+CONFIGURE_ARGS+= --disable-install-strip
. else
CONFIGURE_ARGS+= --disable-debug-symbols
-. endif
-CONFIGURE_ARGS+= --disable-debug
CONFIGURE_ARGS+= --enable-optimize=-O2
CONFIGURE_ARGS+= --enable-install-strip
+. endif
+CONFIGURE_ARGS+= --disable-debug
.endif
.if !empty(PKG_OPTIONS:Mpulseaudio)
@@ -63,3 +57,19 @@ CONFIGURE_ARGS+= --enable-pulseaudio
.else
CONFIGURE_ARGS+= --disable-pulseaudio
.endif
+
+.if !empty(PKG_OPTIONS:Mdbus)
+.include "../../sysutils/dbus-glib/buildlink3.mk"
+CONFIGURE_ARGS+= --enable-dbus
+.else
+CONFIGURE_ARGS+= --disable-dbus
+.endif
+
+PLIST_VARS+= webrtc
+.if !empty(PKG_OPTIONS:Mwebrtc)
+.include "../../graphics/libv4l/buildlink3.mk"
+CONFIGURE_ARGS+= --enable-webrtc
+PLIST.webrtc= yes
+.else
+CONFIGURE_ARGS+= --disable-webrtc
+.endif
Added files:
Index: pkgsrc/security/tor-browser/patches/patch-js_src_jit_ProcessExecutableMemory.cpp
diff -u /dev/null pkgsrc/security/tor-browser/patches/patch-js_src_jit_ProcessExecutableMemory.cpp:1.1
--- /dev/null Thu Nov 12 21:07:46 2020
+++ pkgsrc/security/tor-browser/patches/patch-js_src_jit_ProcessExecutableMemory.cpp Thu Nov 12 21:07:45 2020
@@ -0,0 +1,38 @@
+$NetBSD: patch-js_src_jit_ProcessExecutableMemory.cpp,v 1.1 2020/11/12 21:07:45 wiz Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/jit/ProcessExecutableMemory.cpp.orig 2020-10-27 23:47:06.000000000 +0000
++++ js/src/jit/ProcessExecutableMemory.cpp
+@@ -362,9 +362,16 @@ static void* ReserveProcessExecutableMem
+ // Note that randomAddr is just a hint: if the address is not available
+ // mmap will pick a different address.
+ void* randomAddr = ComputeRandomAllocationAddress();
++#ifdef PROT_MPROTECT
++ void* p = MozTaggedAnonymousMmap(randomAddr, bytes,
++ PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_PRIVATE | MAP_ANON, -1, 0,
++ "js-executable-memory");
++#else
+ void* p = MozTaggedAnonymousMmap(randomAddr, bytes, PROT_NONE,
+ MAP_NORESERVE | MAP_PRIVATE | MAP_ANON, -1,
+ 0, "js-executable-memory");
++#endif
+ if (p == MAP_FAILED) {
+ return nullptr;
+ }
+@@ -409,8 +416,12 @@ static unsigned ProtectionSettingToFlags
+
+ static MOZ_MUST_USE bool CommitPages(void* addr, size_t bytes,
+ ProtectionSetting protection) {
+- void* p = MozTaggedAnonymousMmap(
+- addr, bytes, ProtectionSettingToFlags(protection),
++ void* p = MozTaggedAnonymousMmap(addr, bytes,
++#ifdef PROT_MPROTECT
++ ProtectionSettingToFlags(protection) | PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++#else
++ ProtectionSettingToFlags(protection),
++#endif
+ MAP_FIXED | MAP_PRIVATE | MAP_ANON, -1, 0, "js-executable-memory");
+ if (p == MAP_FAILED) {
+ return false;
Index: pkgsrc/security/tor-browser/patches/patch-js_src_vm_ArrayBufferObject.cpp
diff -u /dev/null pkgsrc/security/tor-browser/patches/patch-js_src_vm_ArrayBufferObject.cpp:1.1
--- /dev/null Thu Nov 12 21:07:46 2020
+++ pkgsrc/security/tor-browser/patches/patch-js_src_vm_ArrayBufferObject.cpp Thu Nov 12 21:07:45 2020
@@ -0,0 +1,24 @@
+$NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.1 2020/11/12 21:07:45 wiz Exp $
+
+PaX MPROTECT safety for NetBSD.
+
+--- js/src/vm/ArrayBufferObject.cpp.orig 2020-10-27 23:48:08.000000000 +0000
++++ js/src/vm/ArrayBufferObject.cpp
+@@ -165,9 +165,17 @@ void* js::MapBufferMemory(size_t mappedS
+ return nullptr;
+ }
+ #else // XP_WIN
++
++#ifdef PROT_MPROTECT
++ void* data =
++ MozTaggedAnonymousMmap(nullptr, mappedSize,
++ PROT_MPROTECT(PROT_EXEC | PROT_WRITE | PROT_READ),
++ MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#else
+ void* data =
+ MozTaggedAnonymousMmap(nullptr, mappedSize, PROT_NONE,
+ MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
++#endif
+ if (data == MAP_FAILED) {
+ return nullptr;
+ }
Home |
Main Index |
Thread Index |
Old Index