CVSROOT: /cvs Module name: ports Changes by: lan...@cvs.openbsd.org 2017/03/20 13:35:15
Modified files: www/mozilla-firefox: Makefile distinfo www/firefox-i18n: Makefile.inc distinfo Added files: www/mozilla-firefox/patches: patch-js_src_jit_ProcessExecutableMemory_cpp Log message: Update to firefox 52.0.1. Fixes MFSA 2017-08/CVE-2017-5428, see https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/ While here, add a patch from semarie@ (tested by and ok danj@) to tweak a last-minute change in the jit engine memory allocator that happened to fix a security issue in 52 branch (bug #1334933/CVE-2017-5400) - see https://hg.mozilla.org/releases/mozilla-esr52/rev/6b35bbf96b67. Sadly, this change resulted in a browser crashing at startup on OpenBSD with the default limits, because the jit engine tried to allocate 1Gb (previously 640Mb in #1334933, then 1Gb because of #1337561, see https://hg.mozilla.org/releases/mozilla-esr52/rev/65bb26d07408) and hit the default datasize ulimit of 768Mb. The patch makes it allocate 128Mb instead (as it's done on 32bit architectures), while a better (?) fix might be devised in bug #1347139. Generally speaking, if you see firefox crashing with ENOMEM errors, raise the datasize limit for your login class, write your own wrapper script to temporarly raise the limit when starting firefox, or stop using the modern web. Websites are ginormous, deal with it.