Created attachment 291389 [details] www-client/firefox-7.0.1-r1 with jit useflag Firefox now has a javascript JIT, which causes trouble for both PAX users and anyone restricted to using gcc earlier than 4.5 (for example, prefix users stuck on an old glibc like me). I propose adding a the "jit" useflag to firefox, which disables jit, as suggested here http://hardenedgentoo.blogspot.com/2011/06/firefox-5-with-mprotect-onof-course.html Attached is an updated ebuild with the above change, as well as a patch for the current ebuild. The attached ebuild builds on my amd64-linux prefix with 'USE="-jit"'.
Created attachment 291391 [details, diff] patch for www-client/firefox-7.0.1-r1 Added the patch as well, as I created my ebuild from the prefix tree and it may be incompatible with the real gentoo tree.
hardened is not effected we have worked around the issue for them, as far as prefix goes this belongs in their overlay not gonna happen in the main tree.
(In reply to comment #0) > Firefox now has a javascript JIT, which causes trouble for both PAX users and > anyone restricted to using gcc earlier than 4.5 (for example, prefix users > stuck on an old glibc like me). Uhm, why are you "stuck" with an old gcc exactly? The prefix team doesn't want to fork packages, this is directly against our end goal..
(In reply to comment #3) > (In reply to comment #0) > > > Firefox now has a javascript JIT, which causes trouble for both PAX users and > > anyone restricted to using gcc earlier than 4.5 (for example, prefix users > > stuck on an old glibc like me). > > Uhm, why are you "stuck" with an old gcc exactly? The prefix team doesn't want > to fork packages, this is directly against our end goal.. My prefix is hosted on CentOS 5, and I can't get a GCC newer than 4.2 to compile with the provided glibc. As to the package: it's not really a fork (though I suppose it is if gentoo-portage doesn't want the patch), this is just an option to mozilla's configure that wasn't exposed via USE flags but that seems to be used (people in #gentoo-prefix said it was a known problem, so I'm assume there's more than just me who has this in their own overlay). If nobody wants the patch then it's fine by me, I don't mind maintaining it in my personal overlay. I was just trying to reduce the overhead of people having to run to IRC for help. Feel free to close the bug if you don't think it's useful, sorry for the trouble.
(In reply to comment #4) > As to the package: it's not really a fork (though I suppose it is if > gentoo-portage doesn't want the patch), this is just an option to mozilla's All of our firefox comes directly from Gentoo Linux, so it would be a "fork" to maintain it in the prefix overlay. > Feel free to close the bug if you don't think it's useful, sorry for the > trouble. Useful, but we will have to find other alternatives as the prefix team doesn't have resources to accommodate you =/ Sorry.
(In reply to comment #5) > Useful, but we will have to find other alternatives as the prefix team doesn't > have resources to accommodate you =/ Sorry. If it's just a problem of ebuild maintenance, I will maintain the ebuild (as I have to anyway for myself). I already run a ~amd86-linux prefix, so I should be able to stay fairly up-to-date.
Created attachment 292777 [details] www-client/firefox-8.0 with jit useflag The patch is the same
could your gcc compile problem, perhaps be this default fortification patch (can't find bug atm)
(In reply to comment #8) > could your gcc compile problem, perhaps be this default fortification patch > (can't find bug atm) Sorry, I don't understand what that means.
see https://bugs.gentoo.org/show_bug.cgi?id=289757
(In reply to comment #10) > see https://bugs.gentoo.org/show_bug.cgi?id=289757 I still get some errors even with USE="vanilla" for gcc. I opened a bug https://bugs.gentoo.org/show_bug.cgi?id=392655
As of www-client/firefox-12.0-r2 (possibly earlier) in Gentoo the jit use flag has been added. This makes my original request obselete, so I think it should be closed.
great, thx
