net-libs/webkit-gtk and x11-libs/qt-webkit ebuilds should have a USE flag to disable JavaScript JIT. Someone may want to disable JIT, for example, due to security considerations (JIT requires an executable stack to work, so any process that actually uses WebKit's JavaScript engine with JIT on a system with hardened kernel is required to run without PAX_MPROTECT protection). Please, consider the patches: --- x11-libs/qt-webkit/qt-webkit-4.5.1-r1.ebuild 2009-09-12 04:06:48.000000000 +0800 +++ x11-libs/qt-webkit/qt-webkit-4.5.1-r1.ebuild 2009-09-21 07:00:07.000000000 +0800 @@ -8,7 +8,7 @@ DESCRIPTION="The Webkit module for the Qt toolkit" SLOT="4" KEYWORDS="~alpha amd64 ~arm hppa ~ia64 ~mips ppc ~ppc64 -sparc x86 ~x86-fbsd" -IUSE="kde" +IUSE="kde nojit" DEPEND="~x11-libs/qt-core-${PV}[debug=,ssl] ~x11-libs/qt-gui-${PV}[debug=] @@ -29,6 +29,7 @@ qt4-build_src_prepare # Security patch from upstream, bug 281821 epatch "${FILESDIR}"/webkit-CVE-2009-1725.patch + use nojit && epatch "${FILESDIR}"/${PV}-nojit.patch } src_configure() { --- /dev/null 2009-09-21 10:34:35.384240158 +0800 +++ x11-libs/qt-webkit/files/4.5.1-nojit.patch 2009-08-27 20:16:20.000000000 +0800 @@ -0,0 +1,23 @@ +--- qt-x11-opensource-src-4.5.1/src/3rdparty/webkit/JavaScriptCore/JavaScriptCore.pri.orig 2009-08-27 20:12:27.000000000 +0800 ++++ qt-x11-opensource-src-4.5.1/src/3rdparty/webkit/JavaScriptCore/JavaScriptCore.pri 2009-08-27 20:13:42.000000000 +0800 +@@ -13,20 +13,6 @@ + LIBS += -lwinmm + } + +-# Disable the JIT due to numerous observed miscompilations :( +-CONFIG(release):isEqual(QT_ARCH,i386) { +- JIT_DEFINES = ENABLE_JIT ENABLE_WREC ENABLE_JIT_OPTIMIZE_CALL ENABLE_JIT_OPTIMIZE_PROPERTY_ACCESS ENABLE_JIT_OPTIMIZE_ARITHMETIC +- # Require gcc >= 4.1 +- linux-g++*:greaterThan(QT_GCC_MAJOR_VERSION,3):greaterThan(QT_GCC_MINOR_VERSION,0) { +- DEFINES += $$JIT_DEFINES WTF_USE_JIT_STUB_ARGUMENT_VA_LIST +- QMAKE_CXXFLAGS += -fno-stack-protector +- QMAKE_CFLAGS += -fno-stack-protector +- } +- win32-msvc* { +- DEFINES += $$JIT_DEFINES WTF_USE_JIT_STUB_ARGUMENT_REGISTER +- } +-} +- + win32-msvc*: INCLUDEPATH += $$PWD/os-win32 + wince* { + INCLUDEPATH += $$PWD/os-wince --- net-libs/webkit-gtk/webkit-gtk-1.1.10.ebuild 2009-09-13 07:08:54.000000000 +0800 +++ net-libs/webkit-gtk/webkit-gtk-1.1.10.ebuild 2009-09-21 06:45:04.000000000 +0800 @@ -15,7 +15,7 @@ SLOT="0" KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~sparc ~x86 ~x86-fbsd" # geoclue -IUSE="coverage debug doc gnome-keyring +gstreamer pango" +IUSE="coverage debug doc gnome-keyring +gstreamer nojit pango" # use sqlite, svg by default RDEPEND=" @@ -83,6 +83,10 @@ myconf="${myconf} --with-font-backend=freetype" fi + if use nojit; then + myconf="${myconf} --enable-jit=no" + fi + econf ${myconf} } Reproducible: Always Steps to Reproduce:
please open individual bugs with patches attached if any.
IUSE="+jit" would be better IMHO. Btw I don't remember having seen executable stacks in >=qt-webkit-4.5 on amd64.
*** Bug 287045 has been marked as a duplicate of this bug. ***
*** Bug 287046 has been marked as a duplicate of this bug. ***
Please attach the patch separately to prevent whitespace issues: https://bugs.gentoo.org/attachment.cgi?bugid=285792&action=enter We could add it with IUSE="+jit" (no* flags are deprecated).
Apparently there is no longer any interest in this bug. If there is please attach the patch for testing as per my previous comment.
Created attachment 247672 [details, diff] Patch using IUSE+jit and configure option to disable jit This stopped kwrite from being killed by PaX, I'm not sure what other applications are affected, but amarok seems to not be one of them as there is no change.
Created attachment 247674 [details, diff] A similar patch for webkit-gtk I don't know which packages are affected by this so I wasn't able to test anything except the build process, which finished.
(In reply to comment #1) > please open individual bugs with patches attached if any. > Oops, I had this page open for a while and I missed this comment, nevermind
