On Tue, Mar 15, 2022 at 09:23:51PM +0000, Klemens Nanni wrote:
> On Tue, Mar 15, 2022 at 08:20:35PM +0000, Stuart Henderson wrote:
> > On 2022/03/15 21:03, Theo Buehler wrote:
> > > On Tue, Mar 15, 2022 at 07:47:03PM +0000, Klemens Nanni wrote:
> > > > On Tue, Mar 15, 2022 at 06:27:13PM +0000, Klemens Nanni wrote:
> > > > > Just tried it on a kern.wxabort=1 machine which causes
> > > > >
> > > > > At least two programs in this port need W^X:
> > > > > kdeconnect-app(83050): mmap W^X violation
> > > > > kdeconnect-sms(27246): mmap W^X violation
> > > > >
> > > > > OK?
> > > >
> > > > > RCS file: /cvs/ports/net/neochat/Makefile,v
> > > >
> > > > Used an old mail as template and forgot to send the right patch...
> > >
> > > Before USE_WXNEEDED is sprinkled all over kde/Qt ports, what is the root
> > > cause of this? Can it perhaps be neutered?
> >
> > By sprinkling USE_WXNEEDED you allow software to carry out these
> > mappings _even if they don't need them_.
> >
> > The default kern.wxabort=0 setting returns a failure to the software
> > rather than killing it. This is like what PaX does. It's not uncommon
> > for software to handle this case correctly: try a mapping, if it fails
> > then use a non-W+X fallback.
>
> Thanks for the feedback (both on- and off-list).
>
> Turns out both neochat and kdeconnect-kde abort in the same Qt5Qml lib
> which in fact has fallback code for W^X mappings, i.e. it'll gracefully
> try non-W^X mappings.
>
> That W^X check is what's triggering wxabort=1 in the first place, so
> by neutering the check on OpenBSD we can avoid triggering it and thus
> USE_WXNEEDED=Yes.
>
> Feedback? Obejctions? OK?
Anyone?
Index: net/neochat/Makefile
===================================================================
RCS file: /cvs/ports/net/neochat/Makefile,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile
--- net/neochat/Makefile 11 Mar 2022 19:46:28 -0000 1.7
+++ net/neochat/Makefile 15 Mar 2022 20:58:07 -0000
@@ -1,9 +1,7 @@
-USE_WXNEEDED = Yes
-
COMMENT = client for Matrix chat
VERSION = 1.2.0
DISTNAME = neochat-${VERSION}
-REVISION = 0
+REVISION = 1
CATEGORIES= net
Index: x11/qt5/qtdeclarative/Makefile
===================================================================
RCS file: /cvs/ports/x11/qt5/qtdeclarative/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- x11/qt5/qtdeclarative/Makefile 11 Mar 2022 20:16:59 -0000 1.18
+++ x11/qt5/qtdeclarative/Makefile 15 Mar 2022 20:38:50 -0000
@@ -4,6 +4,8 @@ USE_WXNEEDED = Yes
QT5NAME = QtDeclarative
COMMENT-main = Qt5 Quick and QML components
+REVISION-main = 0
+
MULTI_PACKAGES = -main -examples
DPB_PROPERTIES = parallel
Index:
x11/qt5/qtdeclarative/patches/patch-src_3rdparty_masm_wtf_OSAllocatorPosix_cpp
===================================================================
RCS file:
x11/qt5/qtdeclarative/patches/patch-src_3rdparty_masm_wtf_OSAllocatorPosix_cpp
diff -N
x11/qt5/qtdeclarative/patches/patch-src_3rdparty_masm_wtf_OSAllocatorPosix_cpp
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++
x11/qt5/qtdeclarative/patches/patch-src_3rdparty_masm_wtf_OSAllocatorPosix_cpp
15 Mar 2022 21:20:10 -0000
@@ -0,0 +1,16 @@
+canAllocateExecutableMemory() maps memory W^X to see if that is allowed,
+which triggers our kern.wxabort sysctl(2); always return false to neuter
+that mmap(2) test call and have (at least libQt5Qml) always fall back to
+non-W^X mappings.
+
+Index: src/3rdparty/masm/wtf/OSAllocatorPosix.cpp
+--- src/3rdparty/masm/wtf/OSAllocatorPosix.cpp.orig
++++ src/3rdparty/masm/wtf/OSAllocatorPosix.cpp
+@@ -262,6 +262,7 @@ void OSAllocator::releaseDecommitted(void* address, si
+
+ bool OSAllocator::canAllocateExecutableMemory()
+ {
++ return false;
+ int flags = MAP_PRIVATE | MAP_ANON;
+ #if PLATFORM(IOS)
+ if (executable)
Index: net/kdeconnect-kde/Makefile
===================================================================
RCS file: /cvs/ports/net/kdeconnect-kde/Makefile,v
retrieving revision 1.9
diff -u -p -r1.9 Makefile
--- net/kdeconnect-kde/Makefile 15 Mar 2022 20:01:46 -0000 1.9
+++ net/kdeconnect-kde/Makefile 15 Mar 2022 21:21:41 -0000
@@ -1,9 +1,7 @@
-USE_WXNEEDED = Yes
-
COMMENT = KDE app that allows your devices to communicate
DISTNAME = kdeconnect-kde-${MODKDE_VERSION}
-REVISION = 0
+REVISION = 1
SHARED_LIBS += kdeconnectcore 2.0 # 1.4
SHARED_LIBS += kdeconnectinterfaces 2.0 # 1.4
