arcticfox: PaX MPROTECT safety for NetBSDdiff -r1.43 -r1.44 pkgsrc/www/arcticfox/Makefile
(nia)
| @@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.43 2024/03/21 12:47:19 nia Exp $ | 1 | # $NetBSD: Makefile,v 1.44 2024/03/21 15:11:51 nia Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= arcticfox-43.1 | 3 | DISTNAME= arcticfox-43.1 | |
| 4 | PKGREVISION= 1 | |||
| 4 | CATEGORIES= www | 5 | CATEGORIES= www | |
| 5 | MASTER_SITES= ${MASTER_SITE_GITHUB:=rmottola/} | 6 | MASTER_SITES= ${MASTER_SITE_GITHUB:=rmottola/} | |
| 6 | GITHUB_PROJECT= Arctic-Fox | 7 | GITHUB_PROJECT= Arctic-Fox | |
| 7 | GITHUB_TAG= v${PKGVERSION_NOREV} | 8 | GITHUB_TAG= v${PKGVERSION_NOREV} | |
| 8 | 9 | |||
| 9 | MAINTAINER= nia@NetBSD.org | 10 | MAINTAINER= nia@NetBSD.org | |
| 10 | HOMEPAGE= https://github.com/rmottola/Arctic-Fox | 11 | HOMEPAGE= https://github.com/rmottola/Arctic-Fox | |
| 11 | COMMENT= Web browser for aging systems, forked from Firefox | 12 | COMMENT= Web browser for aging systems, forked from Firefox | |
| 12 | LICENSE= mpl-1.1 | 13 | LICENSE= mpl-1.1 | |
| 13 | 14 | |||
| 14 | USE_TOOLS+= perl pkg-config autoconf213 | 15 | USE_TOOLS+= perl pkg-config autoconf213 | |
| 15 | USE_TOOLS+= zip unzip gmake | 16 | USE_TOOLS+= zip unzip gmake | |
| 16 | 17 | |||
| @@ -82,29 +83,26 @@ INSTALLATION_DIRS+= share/icons/hicolor/ | @@ -82,29 +83,26 @@ INSTALLATION_DIRS+= share/icons/hicolor/ | |||
| 82 | INSTALLATION_DIRS+= share/icons/hicolor/128x128/apps | 83 | INSTALLATION_DIRS+= share/icons/hicolor/128x128/apps | |
| 83 | 84 | |||
| 84 | CHECK_PORTABILITY_SKIP+= intl/icu/source/configure | 85 | CHECK_PORTABILITY_SKIP+= intl/icu/source/configure | |
| 85 | CHECK_PORTABILITY_SKIP+= js/src/tests/*.sh | 86 | CHECK_PORTABILITY_SKIP+= js/src/tests/*.sh | |
| 86 | CHECK_PORTABILITY_SKIP+= memory/jemalloc/src/configure | 87 | CHECK_PORTABILITY_SKIP+= memory/jemalloc/src/configure | |
| 87 | CHECK_PORTABILITY_SKIP+= security/nss/tests/*/*.sh | 88 | CHECK_PORTABILITY_SKIP+= security/nss/tests/*/*.sh | |
| 88 | 89 | |||
| 89 | REPLACE_PYTHON+= xpcom/idl-parser/xpidl/xpidl.py | 90 | REPLACE_PYTHON+= xpcom/idl-parser/xpidl/xpidl.py | |
| 90 | REPLACE_PYTHON+= xpcom/typelib/xpt/tools/xpt.py | 91 | REPLACE_PYTHON+= xpcom/typelib/xpt/tools/xpt.py | |
| 91 | 92 | |||
| 92 | PYTHON_VERSIONS_ACCEPTED= 27 | 93 | PYTHON_VERSIONS_ACCEPTED= 27 | |
| 93 | PYTHON_FOR_BUILD_ONLY= tool | 94 | PYTHON_FOR_BUILD_ONLY= tool | |
| 94 | 95 | |||
| 95 | NOT_PAX_MPROTECT_SAFE+= lib/${PKGNAME_NOREV}/arcticfox | |||
| 96 | NOT_PAX_MPROTECT_SAFE+= lib/${PKGNAME_NOREV}/arcticfox-bin | |||
| 97 | ||||
| 98 | pre-configure: | 96 | pre-configure: | |
| 99 | ${MKDIR} ${CONFIGURE_DIRS} | 97 | ${MKDIR} ${CONFIGURE_DIRS} | |
| 100 | cd ${WRKSRC} && autoconf-2.13 | 98 | cd ${WRKSRC} && autoconf-2.13 | |
| 101 | cd ${WRKSRC}/js/src && autoconf-2.13 | 99 | cd ${WRKSRC}/js/src && autoconf-2.13 | |
| 102 | ${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src | 100 | ${CP} ${FILESDIR}/cubeb_sun.c ${WRKSRC}/media/libcubeb/src | |
| 103 | 101 | |||
| 104 | post-install: | 102 | post-install: | |
| 105 | ${FIND} ${DESTDIR}${PREFIX} -name '*.a' -exec ${RM} '{}' ';' | 103 | ${FIND} ${DESTDIR}${PREFIX} -name '*.a' -exec ${RM} '{}' ';' | |
| 106 | ${RM} -rf ${DESTDIR}${PREFIX}/include | 104 | ${RM} -rf ${DESTDIR}${PREFIX}/include | |
| 107 | ${RM} -rf ${DESTDIR}${PREFIX}/share/idl | 105 | ${RM} -rf ${DESTDIR}${PREFIX}/share/idl | |
| 108 | ${INSTALL_DATA} ${WRKSRC}/browser/branding/arcticfox/default16.png \ | 106 | ${INSTALL_DATA} ${WRKSRC}/browser/branding/arcticfox/default16.png \ | |
| 109 | ${DESTDIR}${PREFIX}/share/icons/hicolor/16x16/apps/arcticfox.png | 107 | ${DESTDIR}${PREFIX}/share/icons/hicolor/16x16/apps/arcticfox.png | |
| 110 | ${INSTALL_DATA} ${WRKSRC}/browser/branding/arcticfox/default32.png \ | 108 | ${INSTALL_DATA} ${WRKSRC}/browser/branding/arcticfox/default32.png \ |
| @@ -1,20 +1,22 @@ | @@ -1,20 +1,22 @@ | |||
| 1 | $NetBSD: distinfo,v 1.12 2024/03/21 12:47:19 nia Exp $ | 1 | $NetBSD: distinfo,v 1.13 2024/03/21 15:11:51 nia Exp $ | |
| 2 | 2 | |||
| 3 | BLAKE2s (arcticfox-43.1.tar.gz) = 26cdcdf7ff023250df4aed3dcc7119031aa86f7466be2315bff9032f94227230 | 3 | BLAKE2s (arcticfox-43.1.tar.gz) = 26cdcdf7ff023250df4aed3dcc7119031aa86f7466be2315bff9032f94227230 | |
| 4 | SHA512 (arcticfox-43.1.tar.gz) = 19f2934fcf4cb07192176957fb7427d17d8ab4cd5cd10eadbc3630e4deb0a3ad3de5b1656e68b26d6537cff43d3c2997fa3e189fcf05ad70c6e62cb4d943818b | 4 | SHA512 (arcticfox-43.1.tar.gz) = 19f2934fcf4cb07192176957fb7427d17d8ab4cd5cd10eadbc3630e4deb0a3ad3de5b1656e68b26d6537cff43d3c2997fa3e189fcf05ad70c6e62cb4d943818b | |
| 5 | Size (arcticfox-43.1.tar.gz) = 213148775 bytes | 5 | Size (arcticfox-43.1.tar.gz) = 213148775 bytes | |
| 6 | SHA1 (patch-configure.in) = ccea0e59b808d8743b66c58bda07a2719e89e74f | 6 | SHA1 (patch-configure.in) = ccea0e59b808d8743b66c58bda07a2719e89e74f | |
| 7 | SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 98dd10e2eaa3ec2160f517d1a6cee01caa37ffb0 | 7 | SHA1 (patch-ipc_chromium_src_base_message__pump__libevent.cc) = 98dd10e2eaa3ec2160f517d1a6cee01caa37ffb0 | |
| 8 | SHA1 (patch-js_src_jit_ExecutableAllocatorPosix.cpp) = 91e900b6d995edc70b3234468580f7db5aa88446 | |||
| 9 | SHA1 (patch-js_src_vm_ArrayBufferObject.cpp) = 7af433cde0b6391facdf7f785f8f1b660f458a73 | |||
| 8 | SHA1 (patch-media_libcubeb_src_cubeb.c) = b3c4bd8146e2f7146baf1c2050260f7629cdb09a | 10 | SHA1 (patch-media_libcubeb_src_cubeb.c) = b3c4bd8146e2f7146baf1c2050260f7629cdb09a | |
| 9 | SHA1 (patch-media_libcubeb_src_moz.build) = e98b39b6272b58d4183c526f36987ea239fadd5d | 11 | SHA1 (patch-media_libcubeb_src_moz.build) = e98b39b6272b58d4183c526f36987ea239fadd5d | |
| 10 | SHA1 (patch-xpcom_reflect_xptcall_genstubs.pl) = 88a431a961fd910e1e7043877eba77d377185bc3 | 12 | SHA1 (patch-xpcom_reflect_xptcall_genstubs.pl) = 88a431a961fd910e1e7043877eba77d377185bc3 | |
| 11 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_moz.build) = b62af604ca0f409ecfba20c13a3deead54787192 | 13 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_moz.build) = b62af604ca0f409ecfba20c13a3deead54787192 | |
| 12 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcinvoke_arm_netbsd.cpp) = 6e9337c0b8ddacc06d3fa72d5bc9044be9a3d93f | 14 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcinvoke_arm_netbsd.cpp) = 6e9337c0b8ddacc06d3fa72d5bc9044be9a3d93f | |
| 13 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcinvoke_ppc_netbsd.cpp) = 84049cb04067ac3ec630eefd9677c8060d78432e | 15 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcinvoke_ppc_netbsd.cpp) = 84049cb04067ac3ec630eefd9677c8060d78432e | |
| 14 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_arm_netbsd.cpp) = ff53173caecafc3e1d23e63329e1fe71771738a0 | 16 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_arm_netbsd.cpp) = ff53173caecafc3e1d23e63329e1fe71771738a0 | |
| 15 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_netbsd_m68k.cpp) = 63730d3c7006c1508f21b137cbd9bfb473931fd5 | 17 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_netbsd_m68k.cpp) = 63730d3c7006c1508f21b137cbd9bfb473931fd5 | |
| 16 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_ppc_linux.cpp) = cfeeddcec71236f0bf9b3dc34e0f3af4dc7f8970 | 18 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_ppc_linux.cpp) = cfeeddcec71236f0bf9b3dc34e0f3af4dc7f8970 | |
| 17 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_ppc_netbsd.cpp) = 3b1353ae3f696dd81aebd888d076b661015f3e03 | 19 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_ppc_netbsd.cpp) = 3b1353ae3f696dd81aebd888d076b661015f3e03 | |
| 18 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_sparc_netbsd.cpp) = 856cf5a977cbcfe23a03fa6116a9a6332e08df7f | 20 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_sparc_netbsd.cpp) = 856cf5a977cbcfe23a03fa6116a9a6332e08df7f | |
| 19 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_sparc_openbsd.cpp) = 4868a76ac0de585fb7184462aa3904cb9491f24f | 21 | SHA1 (patch-xpcom_reflect_xptcall_md_unix_xptcstubs_sparc_openbsd.cpp) = 4868a76ac0de585fb7184462aa3904cb9491f24f | |
| 20 | SHA1 (patch-xpcom_reflect_xptcall_xptcprivate.h) = 44b48cd47efff5210259d110bc604d96b2642055 | 22 | SHA1 (patch-xpcom_reflect_xptcall_xptcprivate.h) = 44b48cd47efff5210259d110bc604d96b2642055 |
$NetBSD: patch-js_src_jit_ExecutableAllocatorPosix.cpp,v 1.1 2024/03/21 15:11:51 nia Exp $
PaX MPROTECT safety for NetBSD.
--- js/src/jit/ExecutableAllocatorPosix.cpp.orig 2024-03-21 14:18:03.401738129 +0000
+++ js/src/jit/ExecutableAllocatorPosix.cpp
@@ -48,6 +48,9 @@ js::jit::AllocateExecutableMemory(void*
size_t pageSize)
{
MOZ_ASSERT(bytes % pageSize == 0);
+#ifdef PROT_MPROTECT
+ permissions |= PROT_MPROTECT(PROT_READ | PROT_WRITE | PROT_EXEC);
+#endif
void* p = MozTaggedAnonymousMmap(addr, bytes, permissions, MAP_PRIVATE | MAP_ANON, -1, 0, tag);
return p == MAP_FAILED ? nullptr : p;
}
$NetBSD: patch-js_src_vm_ArrayBufferObject.cpp,v 1.1 2024/03/21 15:11:51 nia Exp $
PaX MPROTECT safety for NetBSD.
--- js/src/vm/ArrayBufferObject.cpp.orig 2024-03-21 14:19:53.458599709 +0000
+++ js/src/vm/ArrayBufferObject.cpp
@@ -393,7 +393,11 @@ ReleaseWasmMappedMemory(void* base)
static void*
AllocateWasmMappedMemory(uint32_t numBytes)
{
- void* data = MozTaggedAnonymousMmap(nullptr, wasm::MappedSize, PROT_NONE,
+ int prot = PROT_NONE;
+#ifdef PROT_MPROTECT
+ prot |= PROT_MPROTECT(PROT_READ | PROT_WRITE | PROT_EXEC);
+#endif
+ void* data = MozTaggedAnonymousMmap(nullptr, wasm::MappedSize, prot,
MAP_PRIVATE | MAP_ANON, -1, 0, "wasm-reserved");
if (data == MAP_FAILED)
return nullptr;