408605 – Please add USE-flag jit to www-client/firefox for hardened user

Bug 408605 - Please add USE-flag jit to www-client/firefox for hardened user

Summary: Please add USE-flag jit to www-client/firefox for hardened user

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	Normal enhancement (vote)
Assignee:	Mozilla Gentoo Team

URL:
Whiteboard:
Keywords:	InOverlay, PATCH

Depends on:
Blocks:

Reported:	2012-03-17 17:21 UTC by Christian Apeltauer
Modified:	2012-05-24 01:55 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Patch introducing USE-flag jit (firefox-ebuild-jit.patch,1.86 KB, patch) 2012-03-17 17:23 UTC, Christian Apeltauer	Details \| Diff
Patch introducing USE-flag jit (firefox-ebuild-jit.patch,1.85 KB, patch) 2012-03-17 21:51 UTC, Christian Apeltauer	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Christian Apeltauer 2012-03-17 17:21:54 UTC

My system (hardened amd64) runs firefox without having to pax-mark the binary or any other component of www-client/firefox. Even the gnash plugin works (though I did not try other plugins). I achieved that favourable behaviour by preventing the compilation of both methodjit and tracejit. Therefore I propose a modification to the ebuild which makes that behaviour available to all hardened user. A patch for firefox-11.0.ebuild is included.
 I have tested the same modification successfully for the latest versions of www-client/icecat and www-client/seamonkey.

Reproducible: Always

Comment 1 Christian Apeltauer 2012-03-17 17:23:03 UTC

Created attachment 305723 [details, diff]
Patch introducing USE-flag jit

Comment 2 Christian Apeltauer 2012-03-17 21:51:16 UTC

Created attachment 305753 [details, diff]
Patch introducing USE-flag jit

Sorry, personally used an ebuild with pax lines completely deleted and made an logical error when devising a more general ebuild. What was meant was of course to enable pax-marking only when jit present

Comment 3 Jory A. Pratt gentoo-dev

2012-04-17 18:31:59 UTC

plugin container would need to be pax-marked no matter what, plugins like adobe-flash would fail if it was not pax-marked.

Comment 4 Jory A. Pratt gentoo-dev

2012-05-07 12:21:45 UTC

Is in mozilla overlay for a week of testing, it is enabled by default user will have to disable in order to prevent the paxmark

Comment 5 Jory A. Pratt gentoo-dev

2012-05-24 01:55:21 UTC

-r1 of tb/.fx-12 are in the tree now :)