community/firefox: security upgrade to 76.0

2 files changed, 31 insertions, 4 deletions

diff --git a/community/firefox/APKBUILD b/community/firefox/APKBUILD
index 07414016c2..15c91cf192 100644
--- a/community/firefox/APKBUILD
+++ b/community/firefox/APKBUILD
@@ -2,8 +2,8 @@
 # Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
 # Maintainer: Rasmus Thomsen <oss@cogitri.dev>
 pkgname=firefox
-pkgver=75.0
-pkgrel=2
+pkgver=76.0
+pkgrel=0
 pkgdesc="Firefox web browser"
 url="https://www.firefox.com/"
 # Limited on:
@@ -72,6 +72,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg
 	firefox-safe.desktop
 	remove-faulty-libvpx-check.patch
 	disable-neon-in-aom.patch
+	sandbox-fork.patch
 	"
 
 _mozappdir=/usr/lib/firefox
@@ -80,6 +81,18 @@ _mozappdir=/usr/lib/firefox
 ldpath="$_mozappdir"
 
 # secfixes:
+#   76.0-r0:
+#     - CVE-2020-6831
+#     - CVE-2020-12387
+#     - CVE-2020-12388
+#     - CVE-2020-12389
+#     - CVE-2020-12390
+#     - CVE-2020-12391
+#     - CVE-2020-12392
+#     - CVE-2020-12393
+#     - CVE-2020-12394
+#     - CVE-2020-12395
+#     - CVE-2020-12396
 #   75.0-r0:
 #     - CVE-2020-6821
 #     - CVE-2020-6822
@@ -254,7 +267,7 @@ package() {
 	EOF
 }
 
-sha512sums="29c9e3455251ab5f5a3e8f2d0ad6f8b43f710d15605bf169fd5cd7ade3555da6b2df66ec26af5624c0f4bb46d5e7e3527351f648fee79f5defcb926fa6ae382a  firefox-75.0.source.tar.xz
+sha512sums="1f023861aaed0468f62135d3ef1098f599111df4e8f231e19baaa54e4bad0e3ddf8575895467ffc9f72bd91a2f6ed5b55096fe4932685e4bb58871e004c184db  firefox-76.0.source.tar.xz
 0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127  stab.h
 2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71  fix-fortify-system-wrappers.patch
 4510fb92653d0fdcfbc6d30e18087c0d22d4acd5eb53be7d0a333abe087a9e0bf9e58e56bafe96e1e1b28ebd1fd33b8926dbb70c221007e335b33d1468755c66  fix-tools.patch
@@ -267,4 +280,5 @@ d35cacb9ede80e6bfbef0709823e536dddfb1c02d776275b0b7adb5969e9927d8c6117df96873569
 f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454  firefox.desktop
 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed  firefox-safe.desktop
 bb75b2abda86e455d81571052a2cfec5a9d858ffa91c50a7217b4b6c02cbfc0400e9114a27bd54ce78d7d3a44e9b03927cf0317654d98c0f39d26c63c9670117  remove-faulty-libvpx-check.patch
-f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d  disable-neon-in-aom.patch"
+f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d  disable-neon-in-aom.patch
+4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6  sandbox-fork.patch"
diff --git a/community/firefox/sandbox-fork.patch b/community/firefox/sandbox-fork.patch
new file mode 100644
index 0000000000..328943cb00
--- /dev/null
+++ b/community/firefox/sandbox-fork.patch
@@ -0,0 +1,13 @@
+make SYS_fork non-fatal, musl uses it for fork(2)
+
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -1253,6 +1253,8 @@
+         // usually do something reasonable on error.
+       case __NR_clone:
+         return ClonePolicy(Error(EPERM));
++      case __NR_fork:
++        return Error(ENOSYS);
+ 
+ #  ifdef __NR_fadvise64
+       case __NR_fadvise64: