[arch-commits] Commit in firefox/trunk (4 files)

Jan Steffens heftig at archlinux.org
Thu Sep 24 18:48:47 UTC 2020


    Date: Thursday, September 24, 2020 @ 18:48:47
  Author: heftig
Revision: 396480

81.0-2: FS#67978

Added:
  firefox/trunk/0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch
  firefox/trunk/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch
Modified:
  firefox/trunk/0001-Use-remoting-name-for-GDK-application-names.patch
  firefox/trunk/PKGBUILD

-----------------------------------------------------------------+
 0001-Use-remoting-name-for-GDK-application-names.patch          |   13 +-
 0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch |   46 ++++++++++
 0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch |   31 ++++++
 PKGBUILD                                                        |   13 ++
 4 files changed, 93 insertions(+), 10 deletions(-)

Modified: 0001-Use-remoting-name-for-GDK-application-names.patch
===================================================================
--- 0001-Use-remoting-name-for-GDK-application-names.patch	2020-09-24 18:46:39 UTC (rev 396479)
+++ 0001-Use-remoting-name-for-GDK-application-names.patch	2020-09-24 18:48:47 UTC (rev 396480)
@@ -1,4 +1,4 @@
-From 5025aab61517c8608b555ba929c61eb0706bd6bd Mon Sep 17 00:00:00 2001
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: "Jan Alexander Steffens (heftig)" <jan.steffens at gmail.com>
 Date: Mon, 25 Mar 2019 20:30:11 +0100
 Subject: [PATCH] Use remoting name for GDK application names
@@ -9,10 +9,10 @@
  2 files changed, 5 insertions(+), 12 deletions(-)
 
 diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp
-index da8289200e72..452195b146f3 100644
+index 49e2c73986ab..43ebcac381c7 100644
 --- a/toolkit/xre/nsAppRunner.cpp
 +++ b/toolkit/xre/nsAppRunner.cpp
-@@ -3785,11 +3785,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
+@@ -3822,11 +3822,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) {
    // consistently.
  
    // Set program name to the one defined in application.ini.
@@ -26,7 +26,7 @@
    // Initialize GTK here for splash.
  
 diff --git a/widget/gtk/nsAppShell.cpp b/widget/gtk/nsAppShell.cpp
-index 163a93e2d1a4..4b6d45217671 100644
+index cfe022e65d82..06325264dbb1 100644
 --- a/widget/gtk/nsAppShell.cpp
 +++ b/widget/gtk/nsAppShell.cpp
 @@ -24,6 +24,7 @@
@@ -37,7 +37,7 @@
  #include "ScreenHelperGTK.h"
  #include "HeadlessScreenHelper.h"
  #include "mozilla/widget/ScreenManager.h"
-@@ -175,13 +176,9 @@ nsresult nsAppShell::Init() {
+@@ -159,13 +160,9 @@ nsresult nsAppShell::Init() {
        // See https://bugzilla.gnome.org/show_bug.cgi?id=747634
        //
        // Only bother doing this for the parent process, since it's the one
@@ -54,6 +54,3 @@
        }
      }
    }
--- 
-2.26.1
-

Added: 0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch
===================================================================
--- 0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch	                        (rev 0)
+++ 0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch	2020-09-24 18:48:47 UTC (rev 396480)
@@ -0,0 +1,46 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jed Davis <jld at mozilla.com>
+Date: Fri, 28 Aug 2020 09:23:58 +0000
+Subject: [PATCH] Bug 1660901 - Support the fstat-like subset of fstatat in the
+ Linux sandbox policies. r=gcp
+
+Differential Revision: https://phabricator.services.mozilla.com/D88499
+---
+ security/sandbox/linux/SandboxFilter.cpp           | 6 ++++++
+ security/sandbox/linux/broker/SandboxBrokerUtils.h | 2 ++
+ 2 files changed, 8 insertions(+)
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index e522d61e065c..4087bdc07e01 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -243,6 +243,12 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
+     auto path = reinterpret_cast<const char*>(aArgs.args[1]);
+     auto buf = reinterpret_cast<statstruct*>(aArgs.args[2]);
+     auto flags = static_cast<int>(aArgs.args[3]);
++
++    if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 &&
++        strcmp(path, "") == 0) {
++      return ConvertError(fstatsyscall(fd, buf));
++    }
++
+     if (fd != AT_FDCWD && path[0] != '/') {
+       SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, %d)",
+                         fd, path, buf, flags);
+diff --git a/security/sandbox/linux/broker/SandboxBrokerUtils.h b/security/sandbox/linux/broker/SandboxBrokerUtils.h
+index 85a006740c2c..db33b5028e77 100644
+--- a/security/sandbox/linux/broker/SandboxBrokerUtils.h
++++ b/security/sandbox/linux/broker/SandboxBrokerUtils.h
+@@ -19,10 +19,12 @@
+ typedef struct stat64 statstruct;
+ #  define statsyscall stat64
+ #  define lstatsyscall lstat64
++#  define fstatsyscall fstat64
+ #elif defined(__NR_stat)
+ typedef struct stat statstruct;
+ #  define statsyscall stat
+ #  define lstatsyscall lstat
++#  define fstatsyscall fstat
+ #else
+ #  error Missing stat syscall include.
+ #endif

Added: 0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch
===================================================================
--- 0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch	                        (rev 0)
+++ 0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch	2020-09-24 18:48:47 UTC (rev 396480)
@@ -0,0 +1,31 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Julien Cristau <jcristau at mozilla.com>
+Date: Sun, 6 Sep 2020 20:20:39 +0000
+Subject: [PATCH] Bug 1660901 - ignore AT_NO_AUTOMOUNT in fstatat system call.
+ r=jld
+
+Per the manpage "Both stat() and lstat() act as though AT_NO_AUTOMOUNT
+was set.", so don't bail if it's set in a call to fstatat.
+
+Differential Revision: https://phabricator.services.mozilla.com/D89121
+---
+ security/sandbox/linux/SandboxFilter.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index 4087bdc07e01..c4f6c318ad1c 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -254,9 +254,10 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
+                         fd, path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+-    if ((flags & ~AT_SYMLINK_NOFOLLOW) != 0) {
++    if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)) != 0) {
+       SANDBOX_LOG_ERROR("unsupported flags %d in fstatat(%d, \"%s\", %p, %d)",
+-                        (flags & ~AT_SYMLINK_NOFOLLOW), fd, path, buf, flags);
++                        (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)), fd,
++                        path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+     return (flags & AT_SYMLINK_NOFOLLOW) == 0 ? broker->Stat(path, buf)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2020-09-24 18:46:39 UTC (rev 396479)
+++ PKGBUILD	2020-09-24 18:48:47 UTC (rev 396480)
@@ -4,7 +4,7 @@
 
 pkgname=firefox
 pkgver=81.0
-pkgrel=1
+pkgrel=2
 pkgdesc="Standalone web browser from mozilla.org"
 arch=(x86_64)
 license=(MPL GPL LGPL)
@@ -21,10 +21,14 @@
 options=(!emptydirs !makeflags !strip)
 source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz{,.asc}
         0001-Use-remoting-name-for-GDK-application-names.patch
+        0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch
+        0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch
         $pkgname.desktop)
 sha256sums=('9328745012178aee5a4f47c833539f7872cc6e0f20a853568a313e60cabd1ec8'
             'SKIP'
-            '3bb7463471fb43b2163a705a79a13a3003d70fff4bbe44f467807ca056de9a75'
+            'e0eaec8ddd24bbebf4956563ebc6d7a56f8dada5835975ee4d320dd3d0c9c442'
+            'c2489a4ad3bfb65c064e07180a1de9a2fbc3b1b72d6bc4cd3985484d1b6b7b29'
+            '52cc26cda4117f79fae1a0ad59e1404b299191a1c53d38027ceb178dab91f3dc'
             '298eae9de76ec53182f38d5c549d0379569916eebf62149f9d7f4a7edef36abf')
 validpgpkeys=('14F26682D0916CDD81E37B6D61B7B526D98F0353') # Mozilla Software Releases <release at mozilla.com>
 
@@ -47,6 +51,11 @@
   # https://bugzilla.mozilla.org/show_bug.cgi?id=1530052
   patch -Np1 -i ../0001-Use-remoting-name-for-GDK-application-names.patch
 
+  # https://bugs.archlinux.org/task/67978
+  # https://bugzilla.mozilla.org/show_bug.cgi?id=1660901
+  patch -Np1 -i ../0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch
+  patch -Np1 -i ../0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch
+
   echo -n "$_google_api_key" >google-api-key
   echo -n "$_mozilla_api_key" >mozilla-api-key
 


More information about the arch-commits mailing list