diff options
Diffstat (limited to 'community/firefox-esr/fix-seccomp-bpf.patch')
| -rw-r--r-- | community/firefox-esr/fix-seccomp-bpf.patch | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/community/firefox-esr/fix-seccomp-bpf.patch b/community/firefox-esr/fix-seccomp-bpf.patch index 47cde56c74..ee6d666400 100644 --- a/community/firefox-esr/fix-seccomp-bpf.patch +++ b/community/firefox-esr/fix-seccomp-bpf.patch @@ -1,8 +1,9 @@ ---- a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc.orig 2015-09-23 09:10:08.812740571 +0200 -+++ b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2015-09-23 09:11:38.404746155 +0200 -@@ -23,6 +23,11 @@ - #include "sandbox/linux/services/android_ucontext.h" - #endif +diff -ru firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc +--- firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2018-12-14 08:53:46.083976137 +0000 ++++ firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2018-12-14 08:51:22.084596411 +0000 +@@ -25,6 +25,11 @@ + #include "sandbox/linux/system_headers/linux_seccomp.h" + #include "sandbox/linux/system_headers/linux_signal.h" +// musl libc defines siginfo_t __si_fields instead of _sifields +#if defined(OS_LINUX) && !defined(__GLIBC__) @@ -12,3 +13,14 @@ namespace { struct arch_sigsys { +diff -ru firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp +--- firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp 2018-10-01 18:35:28.000000000 +0000 ++++ firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp 2018-12-14 08:57:50.645264590 +0000 +@@ -1005,6 +1005,7 @@ + // ffmpeg, and anything else that calls isatty(), will be told + // that nothing is a typewriter: + .ElseIf(request == TCGETS, Error(ENOTTY)) ++ .ElseIf(request == TIOCGWINSZ, Error(ENOTTY)) + // Allow anything that isn't a tty ioctl, for now; bug 1302711 + // will cover changing this to a default-deny policy. + .ElseIf(shifted_type != kTtyIoctls, Allow()) |