Re: Need help improving the security of Mozilla packages

To: tech-pkg%netbsd.org@localhost
Subject: Re: Need help improving the security of Mozilla packages
From: nia <nia%NetBSD.org@localhost>
Date: Sat, 21 Nov 2020 09:41:04 +0000

On Wed, Nov 11, 2020 at 10:41:36PM +0000, nia wrote:
> On Wed, Nov 11, 2020 at 10:37:45PM +0000, nia wrote:
> > Hi,
> > 
> > There's patches in pkgsrc that make Firefox PaX-MPROTECT safe on NetBSD
> > for three versions now, www/firefox, www/firefox78, and www/firefox52.
> > There is also a patch for lang/mozjs68.
> > 
> > The following packages still need to be fixed. Building and testing all
> > of them will take me a long time alone:
> > 
> > - lang/mozjs60
> > - mail/thunderbird52 (based on www/firefox52)
> > - mail/thunderbird68 (based on www/firefox68)
> > - mail/thunderbird (based on www/firefox78)
> > - www/cliqz
> > - www/seamonkey
> > 
> > If you want to help, it should be easy to copy the patches from
> > the most appropriate Firefox version into these packages. You need
> > the following:
> > 
> > - patch-js_src_vm_ArrayBufferObject.cpp
> > - patch-js_src_jit_ProcessExecutableMemory.cpp
> > 
> > After the patches are applied, you should be able to remove
> > NOT_PAX_MPROTECT_SAFE from the package, and bump the revision.
> > 
> > Thanks! (this message is BCCed to the maintainers of said packages)
> 
> Oh, and www/firefox68 also needs fixing (this version is kept for
> compatibility with NetBSD 8.x).

So, does nobody care about these packages?

References:
- Need help improving the security of Mozilla packages
  - From: nia
- Re: Need help improving the security of Mozilla packages
  - From: nia

Prev by Date: Re: Replace x11/zenity with version 3.x (was Re: wip/zenity: Request for review)
Next by Date: py-Socks versus py-SocksiPy-branch
Previous by Thread: Re: Need help improving the security of Mozilla packages
Next by Thread: Where are we on changing python from 37 to 38?
Indexes:

Home | Main Index | Thread Index | Old Index