On Sun, Jan 12, 2020 at 08:43:40PM +0100, Solene Rapenne wrote: > this patch allows building firefox 72.0.1 on 6.6-stable without > touching anything else. > > It's mostly a copy/paste of the -current ports but it uses nss, > nspr and sqlite bundled with firefox. I disabled pledge and > updated README according to this (saying it's off by default). > > built fine (after 482 minutes of building :P) and tested on amd64 >
this new diff import 1 patch from devel/nspr for bundled nspr and 1 patch from security/nss to bundled nss (suggested by landry@!). Those patches are bugfixes (I kept the comments), the others patches didn't seem uesful in the context of a bundled library. tested on amd64 Index: Makefile =================================================================== RCS file: /cvs/ports/www/mozilla-firefox/Makefile,v retrieving revision 1.398 diff -u -p -r1.398 Makefile --- Makefile 8 Oct 2019 20:16:08 -0000 1.398 +++ Makefile 13 Jan 2020 14:33:35 -0000 @@ -1,23 +1,25 @@ -# $OpenBSD: Makefile,v 1.398 2019/10/08 20:16:08 sthen Exp $ +# $OpenBSD: Makefile,v 1.408 2020/01/09 07:25:36 landry Exp $ COMMENT = Mozilla web browser ONLY_FOR_ARCHS = amd64 i386 aarch64 # Don't forget to bump www/firefox-i18n after updates. -MOZILLA_VERSION = 69.0.2 +MOZILLA_VERSION = 72.0.1 MOZILLA_BRANCH = release MOZILLA_PROJECT = firefox MOZILLA_CODENAME = browser -REVISION = 0 WRKDIST = ${WRKDIR}/${MOZILLA_DIST}-${MOZILLA_DIST_VERSION:C/b[0-9]*//} HOMEPAGE = https://www.mozilla.org/firefox/ -SO_VERSION = 84.0 +SO_VERSION = 87.0 # NOTE: Must bump minor version if any shlib's are removed from the # components dir to avoid pkg_add -r issues. MOZILLA_LIBS = mozavcodec mozavutil mozgtk xul clearkey lgpllibs +# use bundled libs for the backport +MOZILLA_LIBS+= freebl3 mozsqlite3 nspr4 nss3 nssckbi nssdbm3 nssutil3 plc4 plds4 smime3 softokn3 ssl3 + CATEGORIES = www # mozilla public license @@ -40,6 +42,11 @@ MOZILLA_USE_BUNDLED_CAIRO = Yes # #1460600 MOZILLA_USE_BUNDLED_HUNSPELL = Yes +# use bundled libs for the backport +MOZILLA_USE_BUNDLED_SQLITE = Yes +MOZILLA_USE_BUNDLED_NSS = Yes +MOZILLA_USE_BUNDLED_NSPR = Yes + # firefox >= 53 needs rust BUILD_DEPENDS += lang/rust>=1.34 # stylo build needs LLVM @@ -49,14 +56,18 @@ BUILD_DEPENDS += lang/python/${MODPY_DEF # 63 requires node because why not #1483595 BUILD_DEPENDS += lang/node # 63 requires cbindgen #1478813 -BUILD_DEPENDS += devel/cbindgen>=0.9.0 +BUILD_DEPENDS += devel/cbindgen>=0.9.1 .if (${MACHINE_ARCH}==amd64) || (${MACHINE_ARCH}==i386) # 67 requires nasm for bundled libdav1d BUILD_DEPENDS += devel/nasm .endif +# unveil support relies on xdg-open +RUN_DEPENDS += devel/xdg-utils +# uses pledge() WANTLIB += X11-xcb Xcursor Xi intl xcb xcb-shm ${COMPILER_LIBCXX} + # Regression tests are too hard to adapt to run here NO_TEST = Yes @@ -67,7 +78,15 @@ MAKE_ENV += BUILD_VERBOSE_LOG="1" CARGO CONFIGURE_ARGS += --enable-release #1386371 CONFIGURE_ARGS += --enable-sandbox CONFIGURE_ARGS += --with-libclang-path=${LOCALBASE}/lib -SUBST_VARS += LOCALBASE X11BASE +SUBST_VARS += LOCALBASE X11BASE MOZILLA_PROJECT + +DEBUG_PACKAGES = ${BUILD_PACKAGES} +DEBUG_CONFIGURE_ARGS += --enable-debug-symbols \ + --disable-install-strip + +post-patch: + sed -i 's/"files":{[^}]*}/"files":{}/' \ + ${WRKSRC}/third_party/rust/slice-deque/.cargo-checksum.json show-commit: @curl -s https://releases.mozilla.org/pub/mozilla.org/firefox/releases/${MOZILLA_VERSION}/SOURCE| awk -F / '/^https:\/\/hg/ {print $$7 }' @@ -87,14 +106,14 @@ post-install: ${PREFIX}/lib/${MOZILLA_PROJECT}/distribution/distribution.ini # install desktop file ${INSTALL_DATA_DIR} ${PREFIX}/share/applications/ - ${SUBST_DATA} ${FILESDIR}/${MOZILLA_PROJECT}.desktop \ + ${SUBST_DATA} ${WRKSRC}/taskcluster/docker/firefox-snap/${MOZILLA_PROJECT}.desktop \ ${PREFIX}/share/applications/${MOZILLA_PROJECT}.desktop - # install icon for desktop file - ${INSTALL_DATA_DIR} ${PREFIX}/share/pixmaps/ - ${INSTALL_DATA} ${PREFIX}/lib/${MOZILLA_PROJECT}/browser/chrome/icons/default/default128.png \ - ${PREFIX}/share/pixmaps/firefox.png # link default48.png to default.png to be used by default by non-icccm compliant wm ln ${PREFIX}/lib/${MOZILLA_PROJECT}/browser/chrome/icons/default/default{48,}.png + +.for f in unveil.content unveil.gpu unveil.main pledge.content pledge.gpu pledge.main + ${INSTALL_DATA} ${FILESDIR}/${f} ${PREFIX}/lib/${MOZILLA_PROJECT}/browser/defaults/preferences/ +.endfor .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /cvs/ports/www/mozilla-firefox/distinfo,v retrieving revision 1.199 diff -u -p -r1.199 distinfo --- distinfo 3 Oct 2019 17:57:49 -0000 1.199 +++ distinfo 13 Jan 2020 14:33:35 -0000 @@ -1,2 +1,2 @@ -SHA256 (mozilla/firefox-69.0.2.source.tar.xz) = KQTvlUYm0qfzIGcMy3y12QYGEPCRyUGQpsvuFKos2C4= -SIZE (mozilla/firefox-69.0.2.source.tar.xz) = 315308244 +SHA256 (mozilla/firefox-72.0.1.source.tar.xz) = H6Wa7chGnD5v+xJEmrfeL5N3b3Z57t6/t0qjCbaUlW8= +SIZE (mozilla/firefox-72.0.1.source.tar.xz) = 314963588 Index: files/all-openbsd.js =================================================================== RCS file: /cvs/ports/www/mozilla-firefox/files/all-openbsd.js,v retrieving revision 1.10 diff -u -p -r1.10 all-openbsd.js --- files/all-openbsd.js 9 Sep 2019 18:50:35 -0000 1.10 +++ files/all-openbsd.js 13 Jan 2020 14:33:35 -0000 @@ -5,10 +5,6 @@ pref("app.normandy.enabled",false); pref("browser.safebrowsing.enabled", false); pref("browser.safebrowsing.malware.enabled", false); pref("spellchecker.dictionary_path", "${LOCALBASE}/share/mozilla-dicts/"); -// enable pledging the content process -pref("security.sandbox.content.level", 1); -pref("security.sandbox.pledge.main","stdio rpath wpath cpath inet proc exec prot_exec flock ps sendfd recvfd dns vminfo tty drm unix fattr getpw mcast video"); -pref("security.sandbox.pledge.content","stdio rpath wpath cpath inet recvfd sendfd prot_exec unix drm ps"); pref("extensions.pocket.enabled", false); pref("browser.newtabpage.enabled", false); pref("browser.startup.homepage", "about:blank"); Index: files/firefox.desktop =================================================================== RCS file: files/firefox.desktop diff -N files/firefox.desktop --- files/firefox.desktop 26 Dec 2013 20:00:34 -0000 1.7 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,192 +0,0 @@ -[Desktop Entry] -Version=1.0 -Encoding=UTF-8 -Name=Firefox Web Browser -Name[am]= -Name[ar]= -Name[az]=Firefox Veb Səyyahı -Name[be]= -Name[bg]=Интернет браузър Firefox -Name[bn]= -Name[bs]=Firefox web preglednik -Name[ca]=Navegador web Firefox -Name[cs]=Prohlížeč WWW Firefox -Name[cy]=Y Porwr Gwe Firefox -Name[da]=Firefox - internetsurfning -Name[de]=Firefox Webbrowser -Name[el]=Περιηγητής Διαδικτύου Firefox -Name[en_CA]=Firefox Web Browser -Name[en_GB]=Firefox Web Browser -Name[es]=Navegador Web Firefox -Name[et]=Firefox veebibrauser -Name[eu]=Firefox web arakatzailea -Name[fi]=Firefox, WWW-selain -Name[fr]=Navigateur Web Firefox -Name[ga]=Brabhsálaí Lín Firefox -Name[gu]=એપીફની વૅબ બ્રાઉઝર -Name[he]=דפדפן Firefox -Name[hi]= -Name[hr]=Firefox Web preglednik -Name[hu]=Firefox webböngésző -Name[id]=Web Browser Firefox -Name[it]=Browser web Firefox -Name[ja]=Firefox ウェブ・ブラウザ -Name[ko]=Firefox 웹 브라우저 -Name[li]=Firefox Web Browser -Name[lt]=Firefox web naršyklė -Name[mk]=Firefox веб прелистувач -Name[ml]=എപ്പിഫാനി വെബ്ബ് ബ്രൌസര് -Name[mn]=Firefox веб хөтөч -Name[ms]=Pelungsur Web Firefox -Name[nb]=Firefox nettleser -Name[nl]=Firefox Webbrowser -Name[nn]=Firefox nettlesar -Name[no]=Firefox nettleser -Name[pa]=ਏਪੀਫਾਨੀ ਵੈੱਬ ਬਰਾਊਜ਼ਰ -Name[pl]=Przeglądarka WWW Firefox -Name[pt]=Navegador Web Firefox -Name[pt_BR]=Navegador Web Firefox -Name[ro]=Navigatorul Firefox -Name[ru]=Веб-браузер Firefox -Name[sk]= -Name[sl]=Spletni brskalnik Firefox -Name[sq]=Firefox - Shfletuesi Web -Name[sr]= -Name[sr@Latn]=Veb čitač Spoznaja -Name[sv]=Webbläsaren Firefox -Name[ta]=எபிபனி வலை உலாவி -Name[tk]=Firefox Web Ahtarçisi -Name[tr]=Firefox Web Tarayıcı -Name[uk]=Переглядач web Firefox -Name[vi]=Trình Duyệt Web Firefox -Name[wa]=Betchteu waibe epiphany -Name[zh_CN]=Firefox Web 浏览器 -Name[zh_TW]=Firefox 網頁瀏覽器 -GenericName=Web Browser -GenericName[ar]=متصفّح الانترنت -GenericName[az]=Veb Səyyahı -GenericName[be]=Вандроўнік па павуціньню -GenericName[bg]=Браузър -GenericName[bn]=ওয়েব ব্রাউজার -GenericName[bs]=Web preglednik -GenericName[ca]=Navegador web -GenericName[cs]=Prohlížeč WWW -GenericName[cy]=Porwr Gwe -GenericName[da]=Internetsurfning -GenericName[de]=Webbrowser -GenericName[el]=Περιηγητής Ιστοσελίδων -GenericName[en_CA]=Web Browser -GenericName[en_GB]=Web Browser -GenericName[es]=Navegador web -GenericName[et]=Veebilehitseja -GenericName[eu]=Web arakatzailea -GenericName[fi]=WWW-selain -GenericName[fr]=Navigateur Web Firefox -GenericName[ga]=Brabhsálaí Lín -GenericName[gu]=વેબ બ્રાઉઝર -GenericName[he]=דפדפן אינטרנט -GenericName[hi]=वेब ब्राउज़र -GenericName[hr]=Web preglednik -GenericName[hu]=Webböngésző -GenericName[id]=Browser Web -GenericName[it]=Browser web -GenericName[ja]=GNOME ウェブ・ブラウザ -GenericName[ko]=웹 브라우저 -GenericName[li]=Wèb Browser -GenericName[lt]=Web naršyklė -GenericName[mk]=Веб прелистувач -GenericName[mn]=Веб хөтөч -GenericName[ms]=Pelungsur Web -GenericName[nb]=Nettleser -GenericName[nl]=Web-browser -GenericName[nn]=Nettlesar -GenericName[no]=Nettleser -GenericName[pa]=ਵੈਬ ਬਰਾਊਜ਼ -GenericName[pl]=Przeglądarka WWW -GenericName[pt]=Navegador Web -GenericName[pt_BR]=Navegador Web -GenericName[ro]=Navigator Internet -GenericName[ru]=Веб-браузер -GenericName[sk]=WWW prehliadač -GenericName[sl]=Spletni brskalnik -GenericName[sq]=Shfletuesi Web -GenericName[sr]=Веб читач -GenericName[sr@Latn]=Veb čitač -GenericName[sv]=Webbläsare -GenericName[ta]=வலை உலாவி -GenericName[th]=เว็บบราวเซอร์ -GenericName[tk]=Web Ahtarçysy -GenericName[tr]=Web Tarayıcı -GenericName[uk]=Переглядач web-сторінок -GenericName[vi]=Trình duyệt Web -GenericName[wa]=Betchteu waibe -GenericName[zh_CN]=Web 浏览器 -GenericName[zh_TW]=網頁瀏覽器 -Comment=Browse the web -Comment[ar]=تصفح الانترنت -Comment[az]=Vebi gəzin -Comment[be]=Вандраваць па павуціньню -Comment[bg]=Сърфиране в интернет -Comment[bn]=ওয়েব ব্রাউজ করুন -Comment[bs]=Pregledaj na internetu -Comment[ca]=Navegueu per la web -Comment[cs]=Prohlížet WWW -Comment[cy]=Pori'r we -Comment[da]=Surf på internettet -Comment[de]=Im Web surfen -Comment[el]=Περιήγηση στον παγκόσμιο ιστό -Comment[en_CA]=Browse the web -Comment[en_GB]=Browse the web -Comment[es]=Navegar por la web -Comment[et]=Sirvi veebi -Comment[eu]=Arakatu web-a -Comment[fi]=Selaa WWW:tä -Comment[fr]=Naviguer sur Internet -Comment[ga]=Brabhsáil an Líon -Comment[gu]=વેબમાં શોધો -Comment[he]=גלוש ברשת -Comment[hi]=वेब ब्राउज़ करें -Comment[hr]=Pregledaj Web -Comment[hu]=A világháló böngészése -Comment[id]=Jelajah web -Comment[it]=Esplora il web -Comment[ja]=ウェブを閲覧します -Comment[ko]=웹을 돌아 다닙니다 -Comment[li]=Blajere op internet -Comment[lt]=Naršyti internete -Comment[mk]=Прелистувајте на веб -Comment[ml]=വലക്കെട്ട് തിരയുക -Comment[mn]=Веб броузе хийх -Comment[ms]=Layari web -Comment[nb]=Surf på nettet -Comment[nl]=Websurfen -Comment[nn]=Surf på nettet -Comment[no]=Surf på nettet -Comment[pa]=ਵੈਬ ਬਰਾਊਜ਼ -Comment[pl]=Przeglądanie stron WWW -Comment[pt]=Navegar na web -Comment[pt_BR]=Navegar na web -Comment[ro]=Navigare Internet -Comment[ru]=Веб-браузер -Comment[sk]=Prehliadať internet -Comment[sl]=Brskaj po spletu -Comment[sq]=Eksploro web-in -Comment[sr]=Прегледај веб -Comment[sr@Latn]=Pregledaj veb -Comment[sv]=Surfa på nätet -Comment[ta]=வலையில் உலாவு -Comment[th]=ใช้งานเว็บบราวเซอร์ Firefox -Comment[tk]=Webi Ahtar -Comment[tr]=Web'e Gözat -Comment[uk]=Програма перегляду web-сторінок -Comment[vi]=Duyệt web -Comment[wa]=Naivyî avå les waibes -Comment[zh_CN]=浏览 Web -Comment[zh_TW]=瀏覽網頁 -Exec=firefox %u -Icon=${TRUEPREFIX}/share/pixmaps/firefox.png -StartupNotify=true -Terminal=false -Type=Application -Categories=Application;Network; -MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https; Index: files/pledge.content =================================================================== RCS file: files/pledge.content diff -N files/pledge.content --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/pledge.content 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,13 @@ +stdio +rpath +wpath +cpath +recvfd +sendfd +prot_exec +unix +drm +ps +inet #dns.google does socket() +# only needed if using NIS of the profile is located on a NFS share +getpw Index: files/pledge.gpu =================================================================== RCS file: files/pledge.gpu diff -N files/pledge.gpu --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/pledge.gpu 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,11 @@ +stdio +rpath +wpath +cpath +ps +sendfd +recvfd +drm +dns +unix +prot_exec Index: files/pledge.main =================================================================== RCS file: files/pledge.main diff -N files/pledge.main --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/pledge.main 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,24 @@ +stdio +rpath +wpath +cpath +inet +proc +exec +prot_exec +flock +ps +sendfd +recvfd +dns +vminfo +tty +drm +unix +fattr +getpw +mcast +# only needed for WebRTC +video +# only needed if not running sndiod(8) +audio Index: files/unveil.content =================================================================== RCS file: files/unveil.content diff -N files/unveil.content --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/unveil.content 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1 @@ +disable Index: files/unveil.gpu =================================================================== RCS file: files/unveil.gpu diff -N files/unveil.gpu --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/unveil.gpu 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1 @@ +disable Index: files/unveil.main =================================================================== RCS file: files/unveil.main diff -N files/unveil.main --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ files/unveil.main 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1 @@ +disable Index: patches/patch-gfx_skia_skia_src_core_SkCpu_cpp =================================================================== RCS file: patches/patch-gfx_skia_skia_src_core_SkCpu_cpp diff -N patches/patch-gfx_skia_skia_src_core_SkCpu_cpp --- patches/patch-gfx_skia_skia_src_core_SkCpu_cpp 8 Oct 2019 20:16:08 -0000 1.1 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,21 +0,0 @@ -$OpenBSD: patch-gfx_skia_skia_src_core_SkCpu_cpp,v 1.1 2019/10/08 20:16:08 sthen Exp $ - -Firefox generates its own sys/auxv.h header in build-aarch64/dist/system_wrappers -which conflicts with skia's method of detecting whether the OS has sys/auxv.h -itself. This is used only to detect cpu features on arm64 (falling back to not -using those features) so seems safe to ignore. - -https://bugzilla.mozilla.org/show_bug.cgi?id=1587116 - -Index: gfx/skia/skia/src/core/SkCpu.cpp ---- gfx/skia/skia/src/core/SkCpu.cpp.orig -+++ gfx/skia/skia/src/core/SkCpu.cpp -@@ -70,7 +70,7 @@ - return features; - } - --#elif defined(SK_CPU_ARM64) && __has_include(<sys/auxv.h>) -+#elif !defined(__OpenBSD__) && defined(SK_CPU_ARM64) && __has_include(<sys/auxv.h>) - #include <sys/auxv.h> - - static uint32_t read_cpu_features() { Index: patches/patch-js_src_jit_ProcessExecutableMemory_cpp =================================================================== RCS file: patches/patch-js_src_jit_ProcessExecutableMemory_cpp diff -N patches/patch-js_src_jit_ProcessExecutableMemory_cpp --- patches/patch-js_src_jit_ProcessExecutableMemory_cpp 7 Oct 2019 13:40:43 -0000 1.4 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,26 +0,0 @@ -$OpenBSD: patch-js_src_jit_ProcessExecutableMemory_cpp,v 1.4 2019/10/07 13:40:43 kurt Exp $ - -Index: js/src/jit/ProcessExecutableMemory.cpp ---- js/src/jit/ProcessExecutableMemory.cpp.orig -+++ js/src/jit/ProcessExecutableMemory.cpp -@@ -318,6 +318,12 @@ static void DecommitPages(void* addr, size_t bytes) { - } - #else // !XP_WIN - static void* ComputeRandomAllocationAddress() { -+#ifdef __OpenBSD__ -+ // OpenBSD already has random mmap and the idea that all x64 cpus -+ // have 48-bit address space is not correct. Returning nullptr -+ // allows OpenBSD do to the right thing. -+ return nullptr; -+#else - uint64_t rand = js::GenerateRandomSeed(); - - # ifdef HAVE_64BIT_BUILD -@@ -337,6 +343,7 @@ static void* ComputeRandomAllocationAddress() { - // Ensure page alignment. - uintptr_t mask = ~uintptr_t(gc::SystemPageSize() - 1); - return (void*)uintptr_t(rand & mask); -+#endif - } - - static void* ReserveProcessExecutableMemory(size_t bytes) { Index: patches/patch-nsprpub_pr_src_linking_prlink_c =================================================================== RCS file: patches/patch-nsprpub_pr_src_linking_prlink_c diff -N patches/patch-nsprpub_pr_src_linking_prlink_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-nsprpub_pr_src_linking_prlink_c 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,62 @@ +$OpenBSD$ + +If dlopen() fails, retry with everything stripped after .so +https://bugzilla.mozilla.org/show_bug.cgi?id=650772 + + +Index: nsprpub/pr/src/linking/prlink.c +--- nsprpub/pr/src/linking/prlink.c.orig ++++ nsprpub/pr/src/linking/prlink.c +@@ -7,6 +7,10 @@ + + #include <string.h> + ++#if defined(OPENBSD) ++#include <limits.h> /* for PATH_MAX */ ++#endif ++ + #if defined(XP_MACOSX) && defined(USE_MACH_DYLD) + #include <Carbon/Carbon.h> + #include <CoreFoundation/CoreFoundation.h> +@@ -775,6 +779,10 @@ pr_LoadLibraryByPathname(const char *name, PRIntn flag + #else + int dl_flags = 0; + #endif ++#if defined(OPENBSD) ++ char sname[PATH_MAX]; ++ char *c; ++#endif + void *h = NULL; + + if (flags & PR_LD_LAZY) { +@@ -799,7 +807,18 @@ pr_LoadLibraryByPathname(const char *name, PRIntn flag + } + #else + h = dlopen(name, dl_flags); ++#if defined(OPENBSD) ++ /* On OpenBSD, we don't know what can be major.minor in libfoo.so.major.minor */ ++ /* but ld.so is smart enough to open the correct lib when asked for libfoo.so */ ++ /* so if the previous dlopen() failed, let's strip what's after .so and retry */ ++ strncpy(sname, name, PATH_MAX); ++ if (!h) { ++ if ((c = strstr(sname,".so")) != NULL) ++ c[3] = '\0'; ++ h = dlopen(sname, dl_flags); ++ } + #endif ++#endif + #elif defined(USE_HPSHL) + int shl_flags = 0; + shl_t h; +@@ -830,7 +849,11 @@ pr_LoadLibraryByPathname(const char *name, PRIntn flag + PR_DELETE(lm); + goto unlock; + } ++#if defined(OPENBSD) ++ lm->name = strdup(sname); ++#else + lm->name = strdup(name); ++#endif + lm->dlh = h; + lm->next = pr_loadmap; + pr_loadmap = lm; Index: patches/patch-old-configure =================================================================== RCS file: patches/patch-old-configure diff -N patches/patch-old-configure --- patches/patch-old-configure 19 Sep 2019 05:29:26 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,17 +0,0 @@ -$OpenBSD: patch-old-configure,v 1.3 2019/09/19 05:29:26 landry Exp $ - -https://bugzilla.mozilla.org/show_bug.cgi?id=1579323 -https://hg.mozilla.org/mozilla-central/rev/f5846b25585f - -Index: old-configure ---- old-configure.orig -+++ old-configure -@@ -10113,7 +10113,7 @@ fi - - - case "$OS_TARGET" in --WINNT|Darwin) -+WINNT|Darwin|OpenBSD) - ;; - Linux) - case $CPU_ARCH in Index: patches/patch-security_nss_lib_freebl_pqg_c =================================================================== RCS file: patches/patch-security_nss_lib_freebl_pqg_c diff -N patches/patch-security_nss_lib_freebl_pqg_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-security_nss_lib_freebl_pqg_c 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,16 @@ +$OpenBSD$ + +https://bugzilla.mozilla.org/show_bug.cgi?id=1384827 + +Index: security/nss/lib/freebl/pqg.c +--- security/nss/lib/freebl/pqg.c.orig ++++ security/nss/lib/freebl/pqg.c +@@ -342,7 +342,7 @@ addToSeed(const SECItem *seed, + CHECK_MPI_OK(mp_init(&modulus)); + SECITEM_TO_MPINT(*seed, &s); /* s = seed */ + /* seed += addend */ +- if (addend < MP_DIGIT_MAX) { ++ if (addend < ULONG_MAX) { + CHECK_MPI_OK(mp_add_d(&s, (mp_digit)addend, &s)); + } else { + CHECK_MPI_OK(mp_init(&tmp)); Index: patches/patch-storage_mozStorageConnection_cpp =================================================================== RCS file: /cvs/ports/www/mozilla-firefox/patches/patch-storage_mozStorageConnection_cpp,v retrieving revision 1.18 diff -u -p -r1.18 patch-storage_mozStorageConnection_cpp --- patches/patch-storage_mozStorageConnection_cpp 9 Jul 2019 18:04:16 -0000 1.18 +++ patches/patch-storage_mozStorageConnection_cpp 13 Jan 2020 14:33:35 -0000 @@ -1,4 +1,4 @@ -$OpenBSD: patch-storage_mozStorageConnection_cpp,v 1.18 2019/07/09 18:04:16 landry Exp $ +$OpenBSD: patch-storage_mozStorageConnection_cpp,v 1.19 2019/10/23 19:38:08 landry Exp $ set secure_delete PRAGMA on by default, instead of using internal sqlite copy https://bugzilla.mozilla.org/show_bug.cgi?id=546162 @@ -6,7 +6,7 @@ https://bugzilla.mozilla.org/show_bug.cg Index: storage/mozStorageConnection.cpp --- storage/mozStorageConnection.cpp.orig +++ storage/mozStorageConnection.cpp -@@ -782,6 +782,13 @@ nsresult Connection::initializeInternal() { +@@ -784,6 +784,13 @@ nsresult Connection::initializeInternal() { return convertResultCode(srv); } Index: patches/patch-taskcluster_docker_firefox-snap_firefox_desktop =================================================================== RCS file: patches/patch-taskcluster_docker_firefox-snap_firefox_desktop diff -N patches/patch-taskcluster_docker_firefox-snap_firefox_desktop --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-taskcluster_docker_firefox-snap_firefox_desktop 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,16 @@ +$OpenBSD: patch-taskcluster_docker_firefox-snap_firefox_desktop,v 1.1 2019/10/31 22:52:20 landry Exp $ + +set full path to icon + +Index: taskcluster/docker/firefox-snap/firefox.desktop +--- taskcluster/docker/firefox-snap/firefox.desktop.orig ++++ taskcluster/docker/firefox-snap/firefox.desktop +@@ -154,7 +154,7 @@ Exec=firefox %u + Terminal=false + X-MultipleArgs=false + Type=Application +-Icon=/browser/chrome/icons/default/default128.png ++Icon=${TRUEPREFIX}/lib/${MOZILLA_PROJECT}/browser/chrome/icons/default/default128.png + Categories=GNOME;GTK;Network;WebBrowser; + MimeType=text/html;text/xml;application/xhtml+xml;application/xml;application/rss+xml;application/rdf+xml;image/gif;image/jpeg;image/png;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/chrome;video/webm;application/x-xpinstall; + StartupNotify=true Index: patches/patch-third_party_rust_slice-deque_src_mirrored_linux_rs =================================================================== RCS file: patches/patch-third_party_rust_slice-deque_src_mirrored_linux_rs diff -N patches/patch-third_party_rust_slice-deque_src_mirrored_linux_rs --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-third_party_rust_slice-deque_src_mirrored_linux_rs 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,70 @@ +$OpenBSD: patch-third_party_rust_slice-deque_src_mirrored_linux_rs,v 1.1 2020/01/07 17:44:45 landry Exp $ + +https://github.com/gnzlbg/slice_deque/pull/78/commits/cbcc92c8172d2840c01098d16d364cbb58ab4466 +https://bugzilla.mozilla.org/show_bug.cgi?id=1594342 + +Index: third_party/rust/slice-deque/src/mirrored/linux.rs +--- third_party/rust/slice-deque/src/mirrored/linux.rs.orig ++++ third_party/rust/slice-deque/src/mirrored/linux.rs +@@ -1,13 +1,13 @@ + //! Non-racy linux-specific mirrored memory allocation. + use libc::{ + c_char, c_int, c_long, c_uint, c_void, close, ftruncate, mkstemp, mmap, +- munmap, off_t, size_t, syscall, sysconf, SYS_memfd_create, ENOSYS, ++ munmap, off_t, size_t, sysconf, ENOSYS, unlink, + MAP_FAILED, MAP_FIXED, MAP_SHARED, PROT_READ, PROT_WRITE, _SC_PAGESIZE, + }; + +-#[cfg(target_os = "android")] ++#[cfg(any(target_os = "android", target_os = "openbsd"))] + use libc::__errno; +-#[cfg(not(target_os = "android"))] ++#[cfg(not(any(target_os = "android", target_os = "openbsd")))] + use libc::__errno_location; + + use super::{ptr, AllocError}; +@@ -15,10 +15,19 @@ use super::{ptr, AllocError}; + /// [`memfd_create`] - create an anonymous file + /// + /// [`memfd_create`]: http://man7.org/linux/man-pages/man2/memfd_create.2.html ++#[cfg(not(target_os = "openbsd"))] + fn memfd_create(name: *const c_char, flags: c_uint) -> c_long { ++ use libc::{syscall, SYS_memfd_create}; ++ + unsafe { syscall(SYS_memfd_create, name, flags) } + } + ++#[cfg(target_os = "openbsd")] ++fn memfd_create(_name: *mut c_char, _flags: c_uint) -> c_long { ++ unsafe { *__errno() = ENOSYS }; ++ return -1; ++} ++ + /// Returns the size of a memory allocation unit. + /// + /// In Linux-like systems this equals the page-size. +@@ -28,11 +37,11 @@ pub fn allocation_granularity() -> usize { + + /// Reads `errno`. + fn errno() -> c_int { +- #[cfg(not(target_os = "android"))] ++ #[cfg(not(any(target_os = "android", target_os = "openbsd")))] + unsafe { + *__errno_location() + } +- #[cfg(target_os = "android")] ++ #[cfg(any(target_os = "android", target_os = "openbsd"))] + unsafe { + *__errno() + } +@@ -68,6 +77,10 @@ pub fn allocate_mirrored(size: usize) -> Result<*mut u + if fd == -1 && errno() == ENOSYS { + // memfd_create is not implemented, use mkstemp instead: + fd = c_long::from(mkstemp(fname.as_mut_ptr() as *mut c_char)); ++ // and unlink the file ++ if fd != -1 { ++ unlink(fname.as_mut_ptr() as *mut c_char); ++ } + } + if fd == -1 { + print_error("memfd_create failed"); Index: patches/patch-third_party_rust_slice-deque_src_mirrored_mod_rs =================================================================== RCS file: patches/patch-third_party_rust_slice-deque_src_mirrored_mod_rs diff -N patches/patch-third_party_rust_slice-deque_src_mirrored_mod_rs --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-third_party_rust_slice-deque_src_mirrored_mod_rs 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,50 @@ +$OpenBSD: patch-third_party_rust_slice-deque_src_mirrored_mod_rs,v 1.1 2020/01/07 17:44:45 landry Exp $ + +https://github.com/gnzlbg/slice_deque/pull/78/commits/cbcc92c8172d2840c01098d16d364cbb58ab4466 +https://bugzilla.mozilla.org/show_bug.cgi?id=1594342 + +Index: third_party/rust/slice-deque/src/mirrored/mod.rs +--- third_party/rust/slice-deque/src/mirrored/mod.rs.orig ++++ third_party/rust/slice-deque/src/mirrored/mod.rs +@@ -8,7 +8,8 @@ mod buffer; + target_os = "linux", + target_os = "android", + target_os = "macos", +- target_os = "ios" ++ target_os = "ios", ++ target_os = "openbsd" + ), + not(feature = "unix_sysv") + )) +@@ -21,7 +22,8 @@ mod sysv; + target_os = "linux", + target_os = "android", + target_os = "macos", +- target_os = "ios" ++ target_os = "ios", ++ target_os = "openbsd" + ), + not(feature = "unix_sysv") + )) +@@ -31,12 +33,19 @@ pub(crate) use self::sysv::{ + }; + + #[cfg(all( +- any(target_os = "linux", target_os = "android"), ++ any(target_os = "linux", ++ target_os = "android", ++ target_os = "openbsd" ++ ), + not(feature = "unix_sysv") + ))] + mod linux; + #[cfg(all( +- any(target_os = "linux", target_os = "android"), ++ any( ++ target_os = "linux", ++ target_os = "android", ++ target_os = "openbsd" ++ ), + not(feature = "unix_sysv") + ))] + pub(crate) use self::linux::{ Index: patches/patch-toolkit_modules_subprocess_subprocess_worker_unix_js =================================================================== RCS file: patches/patch-toolkit_modules_subprocess_subprocess_worker_unix_js diff -N patches/patch-toolkit_modules_subprocess_subprocess_worker_unix_js --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-toolkit_modules_subprocess_subprocess_worker_unix_js 13 Jan 2020 14:33:35 -0000 @@ -0,0 +1,23 @@ +$OpenBSD: patch-toolkit_modules_subprocess_subprocess_worker_unix_js,v 1.2 2020/01/07 17:44:45 landry Exp $ + +https://bugzilla.mozilla.org/show_bug.cgi?id=1598511 +https://hg.mozilla.org/integration/autoland/rev/6b1e007558d2 remove in 73 + +Index: toolkit/modules/subprocess/subprocess_worker_unix.js +--- toolkit/modules/subprocess/subprocess_worker_unix.js.orig ++++ toolkit/modules/subprocess/subprocess_worker_unix.js +@@ -398,9 +398,11 @@ class Process extends BaseProcess { + libc.getcwd(cwd, cwd.length); + + if (libc.chdir(options.workdir) < 0) { +- throw new Error( +- `Unable to change working directory to ${options.workdir}` +- ); ++ if (OS.Constants.Sys.Name != "OpenBSD") { ++ throw new Error( ++ `Unable to change working directory to ${options.workdir}` ++ ); ++ } + } + } + Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/www/mozilla-firefox/pkg/PLIST,v retrieving revision 1.80 diff -u -p -r1.80 PLIST --- pkg/PLIST 21 May 2019 16:51:12 -0000 1.80 +++ pkg/PLIST 13 Jan 2020 14:33:35 -0000 @@ -1,4 +1,4 @@ -@comment $OpenBSD: PLIST,v 1.80 2019/05/21 16:51:12 landry Exp $ +@comment $OpenBSD: PLIST,v 1.84 2020/01/07 17:44:45 landry Exp $ @conflict firefox3-* @conflict firefox35-* @conflict firefox36-* @@ -28,9 +28,15 @@ lib/${MOZILLA_PROJECT}/browser/chrome/ic lib/${MOZILLA_PROJECT}/browser/defaults/ lib/${MOZILLA_PROJECT}/browser/defaults/preferences/ lib/${MOZILLA_PROJECT}/browser/defaults/preferences/all-openbsd.js +lib/${MOZILLA_PROJECT}/browser/defaults/preferences/pledge.content +lib/${MOZILLA_PROJECT}/browser/defaults/preferences/pledge.gpu +lib/${MOZILLA_PROJECT}/browser/defaults/preferences/pledge.main +lib/${MOZILLA_PROJECT}/browser/defaults/preferences/unveil.content +lib/${MOZILLA_PROJECT}/browser/defaults/preferences/unveil.gpu +lib/${MOZILLA_PROJECT}/browser/defaults/preferences/unveil.main lib/${MOZILLA_PROJECT}/browser/features/ +lib/${MOZILLA_PROJECT}/browser/features/doh-roll...@mozilla.org.xpi lib/${MOZILLA_PROJECT}/browser/features/formautof...@mozilla.org.xpi -lib/${MOZILLA_PROJECT}/browser/features/fxmoni...@mozilla.org.xpi lib/${MOZILLA_PROJECT}/browser/features/screensh...@mozilla.org.xpi lib/${MOZILLA_PROJECT}/browser/features/webcompat-repor...@mozilla.org.xpi lib/${MOZILLA_PROJECT}/browser/features/webcom...@mozilla.org.xpi @@ -50,10 +56,25 @@ lib/${MOZILLA_PROJECT}/gmp-clearkey/0.1/ lib/${MOZILLA_PROJECT}/gmp-clearkey/0.1/manifest.json lib/${MOZILLA_PROJECT}/gtk2/ @lib lib/${MOZILLA_PROJECT}/gtk2/libmozgtk.so.${LIBmozgtk_VERSION} +lib/${MOZILLA_PROJECT}/libfreebl3.chk +@lib lib/${MOZILLA_PROJECT}/libfreebl3.so.${LIBfreebl3_VERSION} @lib lib/${MOZILLA_PROJECT}/liblgpllibs.so.${LIBlgpllibs_VERSION} @lib lib/${MOZILLA_PROJECT}/libmozavcodec.so.${LIBmozavcodec_VERSION} @lib lib/${MOZILLA_PROJECT}/libmozavutil.so.${LIBmozavutil_VERSION} @lib lib/${MOZILLA_PROJECT}/libmozgtk.so.${LIBmozgtk_VERSION} +@lib lib/${MOZILLA_PROJECT}/libmozsqlite3.so.${LIBmozsqlite3_VERSION} +@lib lib/${MOZILLA_PROJECT}/libnspr4.so.${LIBnspr4_VERSION} +@lib lib/${MOZILLA_PROJECT}/libnss3.so.${LIBnss3_VERSION} +@lib lib/${MOZILLA_PROJECT}/libnssckbi.so.${LIBnssckbi_VERSION} +lib/${MOZILLA_PROJECT}/libnssdbm3.chk +@lib lib/${MOZILLA_PROJECT}/libnssdbm3.so.${LIBnssdbm3_VERSION} +@lib lib/${MOZILLA_PROJECT}/libnssutil3.so.${LIBnssutil3_VERSION} +@lib lib/${MOZILLA_PROJECT}/libplc4.so.${LIBplc4_VERSION} +@lib lib/${MOZILLA_PROJECT}/libplds4.so.${LIBplds4_VERSION} +@lib lib/${MOZILLA_PROJECT}/libsmime3.so.${LIBsmime3_VERSION} +lib/${MOZILLA_PROJECT}/libsoftokn3.chk +@lib lib/${MOZILLA_PROJECT}/libsoftokn3.so.${LIBsoftokn3_VERSION} +@lib lib/${MOZILLA_PROJECT}/libssl3.so.${LIBssl3_VERSION} @lib lib/${MOZILLA_PROJECT}/libxul.so.${LIBxul_VERSION} lib/${MOZILLA_PROJECT}/omni.ja @bin lib/${MOZILLA_PROJECT}/pingsender @@ -64,6 +85,4 @@ lib/${MOZILLA_PROJECT}/removed-files @man man/man1/mozilla-${MOZILLA_PROJECT}.1 share/applications/${MOZILLA_PROJECT}.desktop share/doc/pkg-readmes/${PKGSTEM} -share/pixmaps/ -share/pixmaps/${MOZILLA_PROJECT}.png @tag update-desktop-database Index: pkg/README =================================================================== RCS file: /cvs/ports/www/mozilla-firefox/pkg/README,v retrieving revision 1.24 diff -u -p -r1.24 README --- pkg/README 11 Jun 2019 06:01:20 -0000 1.24 +++ pkg/README 13 Jan 2020 14:33:35 -0000 @@ -1,4 +1,4 @@ -$OpenBSD: README,v 1.24 2019/06/11 06:01:20 landry Exp $ +$OpenBSD: README,v 1.25 2019/12/03 17:00:46 landry Exp $ +----------------------------------------------------------------------- | Running ${PKGSTEM} on OpenBSD @@ -14,6 +14,42 @@ firefox -ProfileManager, and click "Crea If Firefox doesn't start at all, try starting it with -safe-mode switch, which disables extensions and themes for your session. +pledge(2) and unveil(2) Support +=============================== +Firefox on OpenBSD is secured with pledge(2) and unveil(2) to limit +the system calls and filesystem access that each of Firefox's three +process types (main, content, and GPU) is permitted. By default, +unveil(2) is disabled. + +Files containing pledge promises and unveil paths and permissions +for each type of process are located in +${LOCALBASE}/lib/${MOZILLA_PROJECT}/browser/defaults/preferences/. +Each file can be overridden by copying it to ${SYSCONFDIR}/firefox/ +and modifying it. + +3rd-Party MIME Handlers +======================= +Due to unveil(2) limiting filesystem access, only the default MIME +handler registered for a given type can be chosen when opening a +downloaded file. For example, to use the mupdf package to read +PDFs, it must be registered as the default with XDG: + + $ xdg-mime default mupdf.desktop application/pdf + +The current default for a given type can be viewed with xdg-mime's +query command: + + $ xdg-mime query default application/pdf + +The older mailcap-format handlers are also supported, but the path +being executed must be explicitly added to the unveil.main file +with "rx" permissions. For example, a ~/.mailcap file specifying: + + application/pdf; ${LOCALBASE}/bin/xpdf %s + +must have "${LOCALBASE}/bin/xpdf rx" added to unveil.main for it to +appear as an option in the "Open With" drop-down. + Using mailto: links =================== To enable mailto: links in Firefox to open in your mail program, @@ -33,22 +69,17 @@ Debugging If you encounter crashes, you might want to build the debug FLAVOR of this package, and run firefox inside egdb, so that you can gather debugging logs and traces (for all threads!). + If this is a pledge violation, you should figure out which codepath in which process leads to calling a forbidden syscall, and which pledge -is missing from the two default sets configured in -security.sandbox.pledge.main and security.sandbox.pledge.content -about:config keys. MOZ_LOG=SandboxPledge:5 should help. -Bug reports without enough information will be ignored. - -Note that if you're using NIS or your profile is located on a NFS share, -you might need to add 'getpw' to security.sandbox.pledge.content in -about:config. - -If using the amdgpu driver, you might need to add 'ioctl' to -security.sandbox.pledge.content in about:config. - -If you're not running sndiod(8) you will need to add 'audio' to -security.sandbox.pledge.main in about:config. +is missing from the sets configured according to the section above. +Setting MOZ_LOG=OpenBSDSandbox:5 should help. Bug reports without +enough information will be ignored. + +To disable pledge and/or unveil support when troubleshooting, set the +corresponding pledge or unveil file in +/etc/${MOZILLA_PROJECT}/{unveil,pledge}.{main,content,gpu} to contain +just "disable". D-BUS =====