Hi, mprotect (and ASLR) are security measures that not all pkgsrc packages can survive, so some packages had NOT_PAX_MPROTECT_SAFE set for some binaries, to disable it.
However the condition for using NOT_PAX_MPROTECT_SAFE was incorrectly only done for NetBSD/amd64. The outcome should've been things like (only on -current, stable is unaffected as it doesn't have pax mprotect enabled): - Firefox crashes - Libreoffice segfaults during build etc. You can test if mprotect is disabled e.g. for firefox using file: > file /usr/pkg/lib/firefox/firefox /usr/pkg/lib/firefox/firefox: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /usr/libexec/ld.elf_so, for NetBSD 7.99.65, PaX: -mprotect, BuildID[sha1]=577897fd2966e904de0c47df56c5af86b3d9312b, stripped Noteworthy part: PaX: -mprotect Newly built packages will disable it on a per-file basis (now not only on amd64), but unfortunately there are many files to adjust. If you just want it fixed now, a quick workaround is disabling mprotect globally: # sysctl -w security.pax.mprotect.enabled=0 You can disable it on a per-file basis, which is what all new packages will do now, using: # paxctl +m /path/to/binary
