CVSROOT: /cvs
Module name: ports
Changes by: t...@cvs.openbsd.org 2023/09/13 00:15:48
Modified files:
www/tor-browser/browser: Makefile
www/tor-browser/browser/files: unveil.content unveil.gpu
unveil.main
Log message:
tor-browser: sync DRM unveil with firefox-esr
Instead of unveiling /dev/dri/card0 only, unveil the entire directory.
It only contains four card* and and four renderD* with tight permissions.
This is also the approach taken by the chromium based browsers.
According to kettenis, acceleration on rare multi-graphics card setups
can require multiple renderD* devices. Starting with firefox 118, if the
directory isn't present, fallback code can exercise ioctls that aren't
permitted by the kernel, leading to crashes.
ok landry
