aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2020-08-07 12:52:06 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2020-08-07 16:03:18 +0000
commit52b080010796c7c54ab8f56fc1c50ad4c88b6d3c (patch)
treedbbc45a6d15ec4d710ba71cc001b37a648273ccf
parent51fe858afa94692757f29e016cbfff133f5849cf (diff)
community/firefox: fix sandbox error
ref #11822
-rw-r--r--community/firefox/APKBUILD4
-rw-r--r--community/firefox/sandbox-sched_setscheduler.patch23
2 files changed, 26 insertions, 1 deletions
diff --git a/community/firefox/APKBUILD b/community/firefox/APKBUILD
index 43d59ef8051..f6980b124f3 100644
--- a/community/firefox/APKBUILD
+++ b/community/firefox/APKBUILD
@@ -5,7 +5,7 @@ pkgname=firefox
pkgver=79.0
# Date of release, YY-MM-DD for metainfo file (see package())
_releasedate=2020-07-27
-pkgrel=0
+pkgrel=1
pkgdesc="Firefox web browser"
url="https://www.firefox.com/"
# Limited on:
@@ -75,6 +75,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg
remove-faulty-libvpx-check.patch
disable-neon-in-aom.patch
sandbox-fork.patch
+ sandbox-sched_setscheduler.patch
firefox-pipewire-0-3.patch
avoid-redefinition.patch
@@ -345,6 +346,7 @@ f3b7c3e804ce04731012a46cb9e9a6b0769e3772aef9c0a4a8c7520b030fdf6cd703d5e9ff49275f
bb75b2abda86e455d81571052a2cfec5a9d858ffa91c50a7217b4b6c02cbfc0400e9114a27bd54ce78d7d3a44e9b03927cf0317654d98c0f39d26c63c9670117 remove-faulty-libvpx-check.patch
f963fcdba7307a0b1712dfb95ceba4ab49f449f60e550bb69d15d50272e6df9add90862251ee561e4ea5fd171a2703552ffa7aade92996f5f0b3e577f1544a6d disable-neon-in-aom.patch
4911ddb41bef8d9f6d6200159cde465627e940fe1c09099be55769d21a5a52a3f737e1bf803daa96126c035b091aea880fbc5d2e6cf5da96ddd17322461a72d6 sandbox-fork.patch
+db26757b2ebf9f567962e32294b4ae48b3a5d0378a7589dfe650fe3a179ff58befbab5082981c68e1c25fb9e56b2db1e4e510d4bca17c3e3aedbf9a2f21806eb sandbox-sched_setscheduler.patch
5927f4f6fa9e6a208bed1f37e2c2f2e9633d280a7cb2baa0c74567107ba30524b7ccbbea5961a34eb7a3c39ec07c5a11ef5e2bb5dd5ca884441f9e868c056503 firefox-pipewire-0-3.patch
360c687f45bfc13812f0dc4e42afafe410c801d8df7a73ec947cb110677ea51087ed123d36b3d1e959eb438f77c44d9a90b503dd611a962453a55d93938f7016 avoid-redefinition.patch
b8437c0d8c48b99f5a528d782340c6bb61509c444da8b3414acc3cb3359e547bf20f1cc3086881fb03c9db5bb3fb604bb900b3f9938bbc9bc3ddde9a679eaae2 fix-rustc-1.45-build.patch"
diff --git a/community/firefox/sandbox-sched_setscheduler.patch b/community/firefox/sandbox-sched_setscheduler.patch
new file mode 100644
index 00000000000..1db645aebbd
--- /dev/null
+++ b/community/firefox/sandbox-sched_setscheduler.patch
@@ -0,0 +1,23 @@
+upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1657849
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index 27da4e7..5a607a4 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -1455,6 +1455,7 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
+ return Trap(OpenTrap, mFiles);
+
+ case __NR_brk:
++ case __NR_sched_setscheduler:
+ // Because Firefox on glibc resorts to the fallback implementation
+ // mentioned in bug 1576006, we must explicitly allow the get*id()
+ // functions in order to use NSS in the clearkey CDM.
+@@ -1467,8 +1468,7 @@ class GMPSandboxPolicy : public SandboxPolicyCommon {
+ case __NR_sched_get_priority_max:
+ return Allow();
+ case __NR_sched_getparam:
+- case __NR_sched_getscheduler:
+- case __NR_sched_setscheduler: {
++ case __NR_sched_getscheduler: {
+ Arg<pid_t> pid(0);
+ return If(pid == 0, Allow()).Else(Trap(SchedTrap, nullptr));
+ }