diff options
author | Sören Tempel <soeren+git@soeren-tempel.net> | 2019-02-11 18:54:09 +0100 |
---|---|---|
committer | Sören Tempel <soeren+git@soeren-tempel.net> | 2019-02-13 20:55:44 +0100 |
commit | 50d6c8f738e21e88d0ebbdf4007cde60d258d012 (patch) | |
tree | 4737514748e9472796eae38fac218d5098c953b4 | |
parent | f6e0f94b430e8a85e14e8d64438dac12c0b455c8 (diff) | |
download | aports-50d6c8f738e21e88d0ebbdf4007cde60d258d012.tar.bz2 aports-50d6c8f738e21e88d0ebbdf4007cde60d258d012.tar.xz |
community/firefox-esr: upgrade to 60.5.0
OK ncopa@
-rw-r--r-- | community/firefox-esr/APKBUILD | 20 | ||||
-rw-r--r-- | community/firefox-esr/disable-moz-stackwalk.patch | 6 | ||||
-rw-r--r-- | community/firefox-esr/fix-arm-atomics-grsec.patch | 306 | ||||
-rw-r--r-- | community/firefox-esr/fix-seccomp-bpf.patch | 30 | ||||
-rw-r--r-- | community/firefox-esr/fix-toolkit.patch | 64 | ||||
-rw-r--r-- | community/firefox-esr/fix-tools.patch | 46 |
6 files changed, 83 insertions, 389 deletions
diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD index fa9d658c5d..62bbb2ad2e 100644 --- a/community/firefox-esr/APKBUILD +++ b/community/firefox-esr/APKBUILD @@ -1,8 +1,8 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=firefox-esr -pkgver=60.4.0 -pkgrel=2 +pkgver=60.5.0 +pkgrel=0 pkgdesc="Firefox web browser - Extended Support Release" url="https://www.mozilla.org/en-US/firefox/organizations/" # limited by rust and cargo @@ -60,7 +60,6 @@ source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox fix-tools.patch mallinfo.patch - fix-arm-atomics-grsec.patch fix-arm-version-detect.patch mozilla-build-arm.patch disable-moz-stackwalk.patch @@ -79,6 +78,10 @@ _mozappdir=/usr/lib/firefox ldpath="$_mozappdir" # secfixes: +# 60.5.0-r0: +# - CVE-2018-18500 +# - CVE-2018-18505 +# - CVE-2018-18501 # 52.6.0-r0: # - CVE-2018-5089 # - CVE-2018-5091 @@ -223,19 +226,18 @@ __EOF__ rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so } -sha512sums="8119f52b2fc06f76868bf0781fec9d46c8551f0a3ca832ac9bdef6aa6d77c1d785e50d35059f0df5e3586f3396b912af06e448d65e7f5d1f468338eebe8b2cd4 firefox-60.4.0esr.source.tar.xz +sha512sums="dd47e38a87a1339b733c06ea3f235576bf8dce414194ab308d0dda07bf15290afbbad92b8484732daa53cf6a48b57412f7f41e30ae0ac21144c8657b86047aec firefox-60.5.0esr.source.tar.xz 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch 09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5 fix-fortify-inline.patch 0fcc647af53a3ce21c2bc36e5631eb0935e7243ebb3ab59b5719542cc54a6ac023a4a857b43b75756efb9ed80c0aecaa94dc5679a3b3792f82e87bf2c1af82e1 disable-hunspell_hooks.patch -2f713a270f7d1588ec4a0b9c21e5a0d20823954e6a64293ee1a391f80d38af6c0a80b3d35c3ada59b605f6032fb2af3040cd8ca7f424b0e620cc53fd12674fd9 fix-seccomp-bpf.patch -a2925045154f4fd34e5fc056656f4f9da100341529e5d4104d249154db0c7863384083f421ce6e47e0f20566a8b20787fa35444c7933c03cd03f96f06dcd4532 fix-toolkit.patch -b46cb90d4fdd1a925a61e2c6c545489cd542f5d82980c529361c02042eed31d5c26972b5e237c1a020f87ffcfd12736d1f4f6e33eaa83ae156d523c808c718cb fix-tools.patch +3414fd06110e853b01043d5d1090cfe1e6c13e8aa3c9f97a91ba390b37d6e909d3e836dbc9b2c261e636056ac10ca78de07adbd27f68102b979fc533b2f9c560 fix-seccomp-bpf.patch +892d6a5544c23983a2d62eab954a9b68883e3c0b66e3bdc47255f21ef700bda6fce90657249cbc59f88b1372f4fb83e2f0a7cfd62201d58a5cd6089358223cf3 fix-toolkit.patch +2024a81e867fba6dbd31971ae7a8a984a4db5d4b5fc6dafba92521ac8e0b3e99cc80f1e0bd079faef0d1bb5cb5ea1040ecb4da085fe2bf2a640f3cc4da3ec5c5 fix-tools.patch bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29 mallinfo.patch -ed0d344c66fc8e1cc83a11e9858b32c42e841cbeedd9eb9438811e9fcc3593dc824a8336d00058d55836cedc970aeadd6a82c6dcd7bc0fb746e564d8b478cc6c fix-arm-atomics-grsec.patch 015e1ff6dbf920033982b5df95d869a0b7bf56c6964e45e50649ddf46d1ce09563458e45240c3ecb92808662b1300b67507f7af272ba184835d91068a9e7d5b0 fix-arm-version-detect.patch e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18 mozilla-build-arm.patch -4797d2d89ac63a57abb826b8ea9f751314ce66946194033deb9d78c2ff377b88106fd2c7bc5034dc13ad03dd5085b1893c3ccae1a9e63fde35655bb0921f7188 disable-moz-stackwalk.patch +251c170504f3418e47feeaee5cc5a7cf7fdf4a5ee0283b1497933fdce1857a3fe299da1178a044d5d39f84ddbca761fb542345f8f183bf62c3557cba4a47a874 disable-moz-stackwalk.patch 42cc44fda4b05259b38f055d6f51461746aa89a474cedc5e92fb9d20879da0d12b1b515b273a549e7302cda9c7eddde20d5fdba09853e5c658784ad6d0b20078 fix-rust-target.patch a50b412edf9573a0bd04a43578b1c927967a616b73a5995eefb15bfa78fd2bd14e36ec05315a0703f6370ecd524e6bcb012e7285beb1245e9add9b8553acb79e fix-bug-1261392.patch 01b48a708cc6bc6e3cd7cc7b16f5137ec344566ac891d699b65e322bc992726072fa14a54cef1a7775799fcbbcf90a6c170107c8524caba3bc311b42d93b7581 rust-unitialized-field.patch diff --git a/community/firefox-esr/disable-moz-stackwalk.patch b/community/firefox-esr/disable-moz-stackwalk.patch index c83ae7eae9..99ac8dee2c 100644 --- a/community/firefox-esr/disable-moz-stackwalk.patch +++ b/community/firefox-esr/disable-moz-stackwalk.patch @@ -1,12 +1,12 @@ diff --git a/mozglue/misc/StackWalk.cpp b/mozglue/misc/StackWalk.cpp -index a208bad..14e1f0d 100644 +index e39e38b4c..a8b7251c5 100644 --- a/mozglue/misc/StackWalk.cpp +++ b/mozglue/misc/StackWalk.cpp -@@ -41,13 +41,7 @@ static CriticalAddress gCriticalAddress; +@@ -32,13 +32,7 @@ using namespace mozilla; #define MOZ_STACKWALK_SUPPORTS_MACOSX 0 #endif --#if (defined(linux) && \ +-#if (defined(linux) && \ - ((defined(__GNUC__) && (defined(__i386) || defined(PPC))) || \ - defined(HAVE__UNWIND_BACKTRACE))) -#define MOZ_STACKWALK_SUPPORTS_LINUX 1 diff --git a/community/firefox-esr/fix-arm-atomics-grsec.patch b/community/firefox-esr/fix-arm-atomics-grsec.patch deleted file mode 100644 index 0eb58f093f..0000000000 --- a/community/firefox-esr/fix-arm-atomics-grsec.patch +++ /dev/null @@ -1,306 +0,0 @@ ---- mozilla-release/ipc/chromium/src/base/atomicops_internals_arm_gcc.h.orig -+++ mozilla-release/ipc/chromium/src/base/atomicops_internals_arm_gcc.h -@@ -12,43 +35,194 @@ - namespace base { - namespace subtle { - --// 0xffff0fc0 is the hard coded address of a function provided by --// the kernel which implements an atomic compare-exchange. On older --// ARM architecture revisions (pre-v6) this may be implemented using --// a syscall. This address is stable, and in active use (hard coded) --// by at least glibc-2.7 and the Android C library. --typedef Atomic32 (*LinuxKernelCmpxchgFunc)(Atomic32 old_value, -- Atomic32 new_value, -- volatile Atomic32* ptr); --LinuxKernelCmpxchgFunc pLinuxKernelCmpxchg __attribute__((weak)) = -- (LinuxKernelCmpxchgFunc) 0xffff0fc0; -+// Memory barriers on ARM are funky, but the kernel is here to help: -+// -+// * ARMv5 didn't support SMP, there is no memory barrier instruction at -+// all on this architecture, or when targeting its machine code. -+// -+// * Some ARMv6 CPUs support SMP. A full memory barrier can be produced by -+// writing a random value to a very specific coprocessor register. -+// -+// * On ARMv7, the "dmb" instruction is used to perform a full memory -+// barrier (though writing to the co-processor will still work). -+// However, on single core devices (e.g. Nexus One, or Nexus S), -+// this instruction will take up to 200 ns, which is huge, even though -+// it's completely un-needed on these devices. -+// -+// * There is no easy way to determine at runtime if the device is -+// single or multi-core. However, the kernel provides a useful helper -+// function at a fixed memory address (0xffff0fa0), which will always -+// perform a memory barrier in the most efficient way. I.e. on single -+// core devices, this is an empty function that exits immediately. -+// On multi-core devices, it implements a full memory barrier. -+// -+// * This source could be compiled to ARMv5 machine code that runs on a -+// multi-core ARMv6 or ARMv7 device. In this case, memory barriers -+// are needed for correct execution. Always call the kernel helper, even -+// when targeting ARMv5TE. -+// - --typedef void (*LinuxKernelMemoryBarrierFunc)(void); --LinuxKernelMemoryBarrierFunc pLinuxKernelMemoryBarrier __attribute__((weak)) = -- (LinuxKernelMemoryBarrierFunc) 0xffff0fa0; -+inline void MemoryBarrier() { -+#if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ -+ defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) -+ __asm__ __volatile__("dmb ish" ::: "memory"); -+#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ -+ defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || \ -+ defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__) -+ __asm__ __volatile__("mcr p15,0,r0,c7,c10,5" ::: "memory"); -+#elif defined(__linux__) || defined(__ANDROID__) -+ // Note: This is a function call, which is also an implicit compiler barrier. -+ typedef void (*KernelMemoryBarrierFunc)(); -+ ((KernelMemoryBarrierFunc)0xffff0fa0)(); -+#error MemoryBarrier() is not implemented on this platform. -+#endif -+} - -+// An ARM toolchain would only define one of these depending on which -+// variant of the target architecture is being used. This tests against -+// any known ARMv6 or ARMv7 variant, where it is possible to directly -+// use ldrex/strex instructions to implement fast atomic operations. -+#if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ -+ defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || \ -+ defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ -+ defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || \ -+ defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__) - - inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr, - Atomic32 old_value, - Atomic32 new_value) { -- Atomic32 prev_value = *ptr; -+ Atomic32 prev_value; -+ int reloop; - do { -- if (!pLinuxKernelCmpxchg(old_value, new_value, -- const_cast<Atomic32*>(ptr))) { -- return old_value; -- } -- prev_value = *ptr; -- } while (prev_value == old_value); -+ // The following is equivalent to: -+ // -+ // prev_value = LDREX(ptr) -+ // reloop = 0 -+ // if (prev_value != old_value) -+ // reloop = STREX(ptr, new_value) -+ __asm__ __volatile__(" ldrex %0, [%3]\n" -+ " mov %1, #0\n" -+ " cmp %0, %4\n" -+#ifdef __thumb2__ -+ " it eq\n" -+#endif -+ " strexeq %1, %5, [%3]\n" -+ : "=&r"(prev_value), "=&r"(reloop), "+m"(*ptr) -+ : "r"(ptr), "r"(old_value), "r"(new_value) -+ : "cc", "memory"); -+ } while (reloop != 0); - return prev_value; - } - -+inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr, -+ Atomic32 old_value, -+ Atomic32 new_value) { -+ Atomic32 result = NoBarrier_CompareAndSwap(ptr, old_value, new_value); -+ MemoryBarrier(); -+ return result; -+} -+ -+inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr, -+ Atomic32 old_value, -+ Atomic32 new_value) { -+ MemoryBarrier(); -+ return NoBarrier_CompareAndSwap(ptr, old_value, new_value); -+} -+ -+inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr, -+ Atomic32 increment) { -+ Atomic32 value; -+ int reloop; -+ do { -+ // Equivalent to: -+ // -+ // value = LDREX(ptr) -+ // value += increment -+ // reloop = STREX(ptr, value) -+ // -+ __asm__ __volatile__(" ldrex %0, [%3]\n" -+ " add %0, %0, %4\n" -+ " strex %1, %0, [%3]\n" -+ : "=&r"(value), "=&r"(reloop), "+m"(*ptr) -+ : "r"(ptr), "r"(increment) -+ : "cc", "memory"); -+ } while (reloop); -+ return value; -+} -+ -+inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr, -+ Atomic32 increment) { -+ // TODO(digit): Investigate if it's possible to implement this with -+ // a single MemoryBarrier() operation between the LDREX and STREX. -+ // See http://crbug.com/246514 -+ MemoryBarrier(); -+ Atomic32 result = NoBarrier_AtomicIncrement(ptr, increment); -+ MemoryBarrier(); -+ return result; -+} -+ - inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr, - Atomic32 new_value) { - Atomic32 old_value; -+ int reloop; - do { -+ // old_value = LDREX(ptr) -+ // reloop = STREX(ptr, new_value) -+ __asm__ __volatile__(" ldrex %0, [%3]\n" -+ " strex %1, %4, [%3]\n" -+ : "=&r"(old_value), "=&r"(reloop), "+m"(*ptr) -+ : "r"(ptr), "r"(new_value) -+ : "cc", "memory"); -+ } while (reloop != 0); -+ return old_value; -+} -+ -+// This tests against any known ARMv5 variant. -+#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ -+ defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__) -+ -+// The kernel also provides a helper function to perform an atomic -+// compare-and-swap operation at the hard-wired address 0xffff0fc0. -+// On ARMv5, this is implemented by a special code path that the kernel -+// detects and treats specially when thread pre-emption happens. -+// On ARMv6 and higher, it uses LDREX/STREX instructions instead. -+// -+// Note that this always perform a full memory barrier, there is no -+// need to add calls MemoryBarrier() before or after it. It also -+// returns 0 on success, and 1 on exit. -+// -+// Available and reliable since Linux 2.6.24. Both Android and ChromeOS -+// use newer kernel revisions, so this should not be a concern. -+namespace { -+ -+inline int LinuxKernelCmpxchg(Atomic32 old_value, -+ Atomic32 new_value, -+ volatile Atomic32* ptr) { -+ typedef int (*KernelCmpxchgFunc)(Atomic32, Atomic32, volatile Atomic32*); -+ return ((KernelCmpxchgFunc)0xffff0fc0)(old_value, new_value, ptr); -+} -+ -+} // namespace -+ -+inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr, -+ Atomic32 old_value, -+ Atomic32 new_value) { -+ Atomic32 prev_value; -+ for (;;) { -+ prev_value = *ptr; -+ if (prev_value != old_value) -+ return prev_value; -+ if (!LinuxKernelCmpxchg(old_value, new_value, ptr)) -+ return old_value; -+ } -+} -+ -+inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr, -+ Atomic32 new_value) { -+ Atomic32 old_value; -+ do { - old_value = *ptr; -- } while (pLinuxKernelCmpxchg(old_value, new_value, -- const_cast<Atomic32*>(ptr))); -+ } while (LinuxKernelCmpxchg(old_value, new_value, ptr)); - return old_value; - } - -@@ -63,36 +237,57 @@ - // Atomic exchange the old value with an incremented one. - Atomic32 old_value = *ptr; - Atomic32 new_value = old_value + increment; -- if (pLinuxKernelCmpxchg(old_value, new_value, -- const_cast<Atomic32*>(ptr)) == 0) { -+ if (!LinuxKernelCmpxchg(old_value, new_value, ptr)) { - // The exchange took place as expected. - return new_value; - } - // Otherwise, *ptr changed mid-loop and we need to retry. - } -- - } - - inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr, - Atomic32 old_value, - Atomic32 new_value) { -- return NoBarrier_CompareAndSwap(ptr, old_value, new_value); -+ Atomic32 prev_value; -+ for (;;) { -+ prev_value = *ptr; -+ if (prev_value != old_value) { -+ // Always ensure acquire semantics. -+ MemoryBarrier(); -+ return prev_value; -+ } -+ if (!LinuxKernelCmpxchg(old_value, new_value, ptr)) -+ return old_value; -+ } - } - - inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr, - Atomic32 old_value, - Atomic32 new_value) { -- return NoBarrier_CompareAndSwap(ptr, old_value, new_value); -+ // This could be implemented as: -+ // MemoryBarrier(); -+ // return NoBarrier_CompareAndSwap(); -+ // -+ // But would use 3 barriers per succesful CAS. To save performance, -+ // use Acquire_CompareAndSwap(). Its implementation guarantees that: -+ // - A succesful swap uses only 2 barriers (in the kernel helper). -+ // - An early return due to (prev_value != old_value) performs -+ // a memory barrier with no store, which is equivalent to the -+ // generic implementation above. -+ return Acquire_CompareAndSwap(ptr, old_value, new_value); - } - -+#else -+# error "Your CPU's ARM architecture is not supported yet" -+#endif -+ -+// NOTE: Atomicity of the following load and store operations is only -+// guaranteed in case of 32-bit alignement of |ptr| values. -+ - inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) { - *ptr = value; - } - --inline void MemoryBarrier() { -- pLinuxKernelMemoryBarrier(); --} -- - inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) { - *ptr = value; - MemoryBarrier(); -@@ -103,9 +298,7 @@ - *ptr = value; - } - --inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) { -- return *ptr; --} -+inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) { return *ptr; } - - inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) { - Atomic32 value = *ptr; -@@ -118,7 +311,6 @@ - return *ptr; - } - --} // namespace base::subtle --} // namespace base -+} } // namespace base::subtle - - #endif // BASE_ATOMICOPS_INTERNALS_ARM_GCC_H_ diff --git a/community/firefox-esr/fix-seccomp-bpf.patch b/community/firefox-esr/fix-seccomp-bpf.patch index ee6d666400..c44d9ea48e 100644 --- a/community/firefox-esr/fix-seccomp-bpf.patch +++ b/community/firefox-esr/fix-seccomp-bpf.patch @@ -1,6 +1,7 @@ -diff -ru firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc ---- firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2018-12-14 08:53:46.083976137 +0000 -+++ firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2018-12-14 08:51:22.084596411 +0000 +diff --git a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc +index 003708d2c..79488795d 100644 +--- a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc ++++ b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc @@ -25,6 +25,11 @@ #include "sandbox/linux/system_headers/linux_seccomp.h" #include "sandbox/linux/system_headers/linux_signal.h" @@ -13,14 +14,15 @@ diff -ru firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf namespace { struct arch_sigsys { -diff -ru firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp ---- firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp 2018-10-01 18:35:28.000000000 +0000 -+++ firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp 2018-12-14 08:57:50.645264590 +0000 -@@ -1005,6 +1005,7 @@ - // ffmpeg, and anything else that calls isatty(), will be told - // that nothing is a typewriter: - .ElseIf(request == TCGETS, Error(ENOTTY)) -+ .ElseIf(request == TIOCGWINSZ, Error(ENOTTY)) - // Allow anything that isn't a tty ioctl, for now; bug 1302711 - // will cover changing this to a default-deny policy. - .ElseIf(shifted_type != kTtyIoctls, Allow()) +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +index 0f59f2a87..5c07dbb31 100644 +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -989,6 +989,7 @@ class ContentSandboxPolicy : public SandboxPolicyCommon { + // ffmpeg, and anything else that calls isatty(), will be told + // that nothing is a typewriter: + .ElseIf(request == TCGETS, Error(ENOTTY)) ++ .ElseIf(request == TIOCGWINSZ, Error(ENOTTY)) + // Allow anything that isn't a tty ioctl, for now; bug 1302711 + // will cover changing this to a default-deny policy. + .ElseIf(shifted_type != kTtyIoctls, Allow()) diff --git a/community/firefox-esr/fix-toolkit.patch b/community/firefox-esr/fix-toolkit.patch index 58fe5a3a9a..6cd48dde8b 100644 --- a/community/firefox-esr/fix-toolkit.patch +++ b/community/firefox-esr/fix-toolkit.patch @@ -1,8 +1,7 @@ -diff --git a/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc b/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc -index 4222ce3..4d40c6a 100644 ---- a/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc -+++ b/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc -@@ -45,6 +45,7 @@ +diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc +--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc 2019-02-11 18:55:48.607258656 +0100 ++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc 2019-02-11 20:57:51.386533134 +0100 +@@ -46,6 +46,7 @@ #include <sys/mman.h> #include <sys/stat.h> #include <unistd.h> @@ -10,10 +9,9 @@ index 4222ce3..4d40c6a 100644 #include <iostream> #include <set> -diff --git a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc -index 6019fc7..5953e32 100644 ---- a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc -+++ b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc +diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc +--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc 2019-02-11 18:55:48.610591990 +0100 ++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc 2019-02-11 20:57:51.386533134 +0100 @@ -41,6 +41,10 @@ #include "common/using_std_string.h" @@ -25,10 +23,9 @@ index 6019fc7..5953e32 100644 using std::vector; namespace google_breakpad { -diff --git a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h -index 98ee2dd..d57aa68 100644 ---- a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h -+++ b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h +diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h +--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h 2019-02-11 18:55:48.610591990 +0100 ++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h 2019-02-11 20:57:51.389866466 +0100 @@ -55,7 +55,7 @@ #ifdef HAVE_MACH_O_NLIST_H @@ -38,11 +35,10 @@ index 98ee2dd..d57aa68 100644 #include <a.out.h> #endif -diff --git a/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h b/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h -index 93fdad7..f34e5e0 100644 ---- a/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h -+++ b/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h -@@ -1134,6 +1134,12 @@ struct kernel_statfs { +diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h +--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h 2019-02-11 18:55:48.647258669 +0100 ++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h 2019-02-11 19:01:23.614038547 +0100 +@@ -1210,6 +1210,12 @@ struct kernel_statfs { #ifndef __NR_fallocate #define __NR_fallocate 285 #endif @@ -55,32 +51,30 @@ index 93fdad7..f34e5e0 100644 /* End of x86-64 definitions */ #elif defined(__mips__) #if _MIPS_SIM == _MIPS_SIM_ABI32 -diff --git a/toolkit/mozapps/update/common/updatedefines.h b/toolkit/mozapps/update/common/updatedefines.h -index 026e7ed..0801f14 100644 ---- a/toolkit/mozapps/update/common/updatedefines.h -+++ b/toolkit/mozapps/update/common/updatedefines.h -@@ -117,7 +117,7 @@ static inline int mywcsprintf(WCHAR* dest, size_t count, const WCHAR* fmt, ...) +diff -upr /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/common/updatedefines.h firefox-60.5.0/toolkit/mozapps/update/common/updatedefines.h +--- /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/common/updatedefines.h 2019-02-11 18:55:49.287258893 +0100 ++++ firefox-60.5.0/toolkit/mozapps/update/common/updatedefines.h 2019-02-11 20:58:30.753178073 +0100 +@@ -100,7 +100,7 @@ static inline int mywcsprintf(WCHAR* des #ifdef SOLARIS - # include <sys/stat.h> + #include <sys/stat.h> -#else +#elif !defined(__linux__) || defined(__GLIBC__) - # include <fts.h> + #include <fts.h> #endif - # include <dirent.h> -diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp -index 257ccb4..01314e4 100644 ---- a/toolkit/mozapps/update/updater/updater.cpp -+++ b/toolkit/mozapps/update/updater/updater.cpp -@@ -3737,6 +3737,7 @@ int add_dir_entries(const NS_tchar *dirpath, ActionList *list) - int add_dir_entries(const NS_tchar *dirpath, ActionList *list) - { + #include <dirent.h> +diff -upr /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/updater/updater.cpp firefox-60.5.0/toolkit/mozapps/update/updater/updater.cpp +--- /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/updater/updater.cpp 2019-02-11 18:55:49.283925558 +0100 ++++ firefox-60.5.0/toolkit/mozapps/update/updater/updater.cpp 2019-02-11 20:57:57.303196520 +0100 +@@ -3733,6 +3733,7 @@ int add_dir_entries(const NS_tchar *dirp + + int add_dir_entries(const NS_tchar *dirpath, ActionList *list) { int rv = OK; +#if !defined(__linux__) || defined(__GLIBC__) FTS *ftsdir; FTSENT *ftsdirEntry; - NS_tchar searchpath[MAXPATHLEN]; -@@ -3840,6 +3841,7 @@ int add_dir_entries(const NS_tchar *dirpath, ActionList *list) + mozilla::UniquePtr<NS_tchar[]> searchpath(get_full_path(dirpath)); +@@ -3833,6 +3834,7 @@ int add_dir_entries(const NS_tchar *dirp } fts_close(ftsdir); diff --git a/community/firefox-esr/fix-tools.patch b/community/firefox-esr/fix-tools.patch index 84f7fa9cb8..fdb08845d9 100644 --- a/community/firefox-esr/fix-tools.patch +++ b/community/firefox-esr/fix-tools.patch @@ -1,22 +1,38 @@ ---- a/tools/profiler/core/platform.h -+++ b/tools/profiler/core/platform.h +diff -upr /tmp/firefox-60.5.0.orig/tools/profiler/core/platform-linux-android.cpp firefox-60.5.0/tools/profiler/core/platform-linux-android.cpp +--- /tmp/firefox-60.5.0.orig/tools/profiler/core/platform-linux-android.cpp 2019-02-11 18:55:48.543925300 +0100 ++++ firefox-60.5.0/tools/profiler/core/platform-linux-android.cpp 2019-02-12 10:00:02.735569929 +0100 +@@ -497,8 +497,10 @@ static void PlatformInit(PSLockRef aLock + ucontext_t sSyncUContext; + + void Registers::SyncPopulate() { ++#if defined(__GLIBC__) + if (!getcontext(&sSyncUContext)) { + PopulateRegsFromContext(*this, &sSyncUContext); + } ++#endif + } + #endif +diff -upr /tmp/firefox-60.5.0.orig/tools/profiler/core/platform.h firefox-60.5.0/tools/profiler/core/platform.h +--- /tmp/firefox-60.5.0.orig/tools/profiler/core/platform.h 2019-02-11 18:55:48.540591965 +0100 ++++ firefox-60.5.0/tools/profiler/core/platform.h 2019-02-12 10:00:02.735569929 +0100 @@ -29,6 +29,8 @@ #ifndef TOOLS_PLATFORM_H_ #define TOOLS_PLATFORM_H_ - + +#include <sys/types.h> + #include <stdint.h> #include <math.h> #include "MainThreadUtils.h" ---- a/tools/profiler/lul/LulElf.cpp -+++ b/tools/profiler/lul/LulElf.cpp -@@ -579,10 +579,10 @@ +diff -upr /tmp/firefox-60.5.0.orig/tools/profiler/lul/LulElf.cpp firefox-60.5.0/tools/profiler/lul/LulElf.cpp +--- /tmp/firefox-60.5.0.orig/tools/profiler/lul/LulElf.cpp 2019-02-11 18:55:48.547258635 +0100 ++++ firefox-60.5.0/tools/profiler/lul/LulElf.cpp 2019-02-12 10:00:59.802296448 +0100 +@@ -459,10 +459,10 @@ string FormatIdentifier(unsigned char id // Return the non-directory portion of FILENAME: the portion after the // last slash, or the whole filename if there are no slashes. - string BaseFileName(const string &filename) { + string BaseFileName(const string& filename) { - // Lots of copies! basename's behavior is less than ideal. -- char *c_filename = strdup(filename.c_str()); +- char* c_filename = strdup(filename.c_str()); - string base = basename(c_filename); - free(c_filename); + // basename's behavior is less than ideal so avoid it @@ -25,18 +41,4 @@ + string base = p ? p+1 : c_filename; return base; } - ---- a/tools/profiler/core/platform-linux-android.cpp.orig -+++ b/tools/profiler/core/platform-linux-android.cpp -@@ -534,9 +534,11 @@ - void - Registers::SyncPopulate() - { -+#if defined(__GLIBC__) - if (!getcontext(&sSyncUContext)) { - PopulateRegsFromContext(*this, &sSyncUContext); - } -+#endif - } - #endif |