CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2023/09/13 00:22:08
Modified files:
www/tor-browser/browser: Tag: OPENBSD_7_3 Makefile
www/tor-browser/browser/files: Tag: OPENBSD_7_3 unveil.content
unveil.gpu unveil.main
Log message:
MFC: tor-browser: sync DRM unveil with firefox-esr
Instead of unveiling /dev/dri/card0 only, unveil the entire directory.
It only contains four card* and and four renderD* with tight permissions.
This is also the approach taken by the chromium based browsers.
According to kettenis, acceleration on rare multi-graphics card setups
can require multiple renderD* devices. Starting with firefox 118, if the
directory isn't present, fallback code can exercise ioctls that aren't
permitted by the kernel, leading to crashes.
ok landry
