testing/firefox: add patch for membarrier in sandbox

reset pkgrel due to pkgver bump

2 files changed, 57 insertions, 1 deletions

diff --git a/testing/firefox/APKBUILD b/testing/firefox/APKBUILD
index 00045fefa5..df8f4a0209 100644
--- a/testing/firefox/APKBUILD
+++ b/testing/firefox/APKBUILD
@@ -4,7 +4,7 @@ pkgname=firefox
 pkgver=66.0.4
 _pkgver=$pkgver
 _xulver=$pkgver
-pkgrel=4
+pkgrel=0
 pkgdesc="Firefox web browser"
 url="https://www.firefox.com/"
 # limited by rust and cargo
@@ -70,6 +70,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg
 	fix-rust-target.patch
 	fix-bug-1261392.patch
 	fix-webrtc-glibcisms.patch
+	sandbox-membarrier.patch
 
 	firefox.desktop
 	firefox-safe.desktop"
@@ -228,5 +229,6 @@ ded76edfbc43637cd2e73100ea2244f97d95d452af61b9cd4f2db341cb0dbae8a5e846edeb4eafbe
 42cc44fda4b05259b38f055d6f51461746aa89a474cedc5e92fb9d20879da0d12b1b515b273a549e7302cda9c7eddde20d5fdba09853e5c658784ad6d0b20078  fix-rust-target.patch
 8b776f0da8dfad0ae81670623fa55ddcff91b78a1a569bb5e6b5f5130392249dfbebe84752c846c8aa5b4878643f0369cd7d9bfaf2b9dd0c841af302dcb48896  fix-bug-1261392.patch
 40768d2458adb87fc15ad17b430cf0bebabde583910e55624bf282d4a69b3f9b9165289a7a9c2b50bfb9de1a16e2546f8d0b5ce33c1920000cffb588410b9e9e  fix-webrtc-glibcisms.patch
+e725a6e9b2361cd566ae2f90861dbce9f2231f16721ec02f4b9f9986b7dc82cc006ea6a500ae7f30c095ce746132a5bd1d9532c4cf0d1541dcc672a20aef8807  sandbox-membarrier.patch
 f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f14b7d738fe82a0a4fde3bc3219dff7225d5db0e274987454  firefox.desktop
 5dcb6288d0444a8a471d669bbaf61cdb1433663eff38b72ee5e980843f5fc07d0d60c91627a2c1159215d0ad77ae3f115dcc5fdfe87e64ca704b641aceaa44ed  firefox-safe.desktop"
diff --git a/testing/firefox/sandbox-membarrier.patch b/testing/firefox/sandbox-membarrier.patch
new file mode 100644
index 0000000000..24b70ca401
--- /dev/null
+++ b/testing/firefox/sandbox-membarrier.patch
@@ -0,0 +1,54 @@
+allow usage of SYS_membarrier, needed since musl-1.1.22
+
+Taken from voidlinux: https://github.com/void-linux/void-packages/commit/4198411ac3b9e2620e171c662df82008da0faebb
+
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -283,6 +283,8 @@
+       case __NR_set_tid_address:
+         return Allow();
+ #endif
++      case __NR_membarrier:
++        return Allow();
+ 
+         // prctl
+       case __NR_prctl: {
+
+--- a/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
++++ b/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+@@ -1385,6 +1385,10 @@
+ #define __NR_memfd_create (__NR_SYSCALL_BASE+385)
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier (__NR_SYSCALL_BASE+389)
++#endif
++
+ // ARM private syscalls.
+ #if !defined(__ARM_NR_BASE)
+ #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
+
+--- a/security/sandbox/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
++++ b/security/sandbox/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
+@@ -1290,5 +1290,9 @@
+ #define __NR_memfd_create 319
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier 324
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_
+ 
+--- a/security/sandbox/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
++++ b/security/sandbox/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
+@@ -1490,5 +1490,9 @@
+ #define __NR_shutdown 373
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier 375
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_
+