testing/thunderbird/fix-seccomp-bpf.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

diff -ru firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc
--- firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc	2018-12-14 08:53:46.083976137 +0000
+++ firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc	2018-12-14 08:51:22.084596411 +0000
@@ -25,6 +25,11 @@
 #include "sandbox/linux/system_headers/linux_seccomp.h"
 #include "sandbox/linux/system_headers/linux_signal.h"
 
+// musl libc defines siginfo_t __si_fields instead of _sifields
+#if defined(OS_LINUX) && !defined(__GLIBC__)
+#define _sifields __si_fields
+#endif
+
 namespace {
 
 struct arch_sigsys {
diff -ru firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp
--- firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp	2018-10-01 18:35:28.000000000 +0000
+++ firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp	2018-12-14 08:57:50.645264590 +0000
@@ -997,6 +997,7 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
             // ffmpeg, and anything else that calls isatty(), will be told
             // that nothing is a typewriter:
             .ElseIf(request == TCGETS, Error(ENOTTY))
+            .ElseIf(request == TIOCGWINSZ, Error(ENOTTY))
             // Allow anything that isn't a tty ioctl, for now; bug 1302711
             // will cover changing this to a default-deny policy.
             .ElseIf(shifted_type != kTtyIoctls, Allow())