aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--community/firefox-esr/APKBUILD20
-rw-r--r--community/firefox-esr/disable-moz-stackwalk.patch6
-rw-r--r--community/firefox-esr/fix-arm-atomics-grsec.patch306
-rw-r--r--community/firefox-esr/fix-seccomp-bpf.patch30
-rw-r--r--community/firefox-esr/fix-toolkit.patch64
-rw-r--r--community/firefox-esr/fix-tools.patch46
6 files changed, 83 insertions, 389 deletions
diff --git a/community/firefox-esr/APKBUILD b/community/firefox-esr/APKBUILD
index b4407048cd8..62bbb2ad2e8 100644
--- a/community/firefox-esr/APKBUILD
+++ b/community/firefox-esr/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: William Pitcock <nenolod@dereferenced.org>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=firefox-esr
-pkgver=60.4.0
-pkgrel=1
+pkgver=60.5.0
+pkgrel=0
pkgdesc="Firefox web browser - Extended Support Release"
url="https://www.mozilla.org/en-US/firefox/organizations/"
# limited by rust and cargo
@@ -60,7 +60,6 @@ source="https://ftp.mozilla.org/pub/firefox/releases/${pkgver}esr/source/firefox
fix-tools.patch
mallinfo.patch
- fix-arm-atomics-grsec.patch
fix-arm-version-detect.patch
mozilla-build-arm.patch
disable-moz-stackwalk.patch
@@ -79,6 +78,10 @@ _mozappdir=/usr/lib/firefox
ldpath="$_mozappdir"
# secfixes:
+# 60.5.0-r0:
+# - CVE-2018-18500
+# - CVE-2018-18505
+# - CVE-2018-18501
# 52.6.0-r0:
# - CVE-2018-5089
# - CVE-2018-5091
@@ -223,19 +226,18 @@ __EOF__
rm -f "$pkgdir"/${_mozappdirdev}/sdk/lib/libxul.so
}
-sha512sums="8119f52b2fc06f76868bf0781fec9d46c8551f0a3ca832ac9bdef6aa6d77c1d785e50d35059f0df5e3586f3396b912af06e448d65e7f5d1f468338eebe8b2cd4 firefox-60.4.0esr.source.tar.xz
+sha512sums="dd47e38a87a1339b733c06ea3f235576bf8dce414194ab308d0dda07bf15290afbbad92b8484732daa53cf6a48b57412f7f41e30ae0ac21144c8657b86047aec firefox-60.5.0esr.source.tar.xz
0b3f1e4b9fdc868e4738b5c81fd6c6128ce8885b260affcb9a65ff9d164d7232626ce1291aaea70132b3e3124f5e13fef4d39326b8e7173e362a823722a85127 stab.h
2f4f15974d52de4bb273b62a332d13620945d284bbc6fe6bd0a1f58ff7388443bc1d3bf9c82cc31a8527aad92b0cd3a1bc41d0af5e1800e0dcbd7033e58ffd71 fix-fortify-system-wrappers.patch
09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5 fix-fortify-inline.patch
0fcc647af53a3ce21c2bc36e5631eb0935e7243ebb3ab59b5719542cc54a6ac023a4a857b43b75756efb9ed80c0aecaa94dc5679a3b3792f82e87bf2c1af82e1 disable-hunspell_hooks.patch
-2f713a270f7d1588ec4a0b9c21e5a0d20823954e6a64293ee1a391f80d38af6c0a80b3d35c3ada59b605f6032fb2af3040cd8ca7f424b0e620cc53fd12674fd9 fix-seccomp-bpf.patch
-a2925045154f4fd34e5fc056656f4f9da100341529e5d4104d249154db0c7863384083f421ce6e47e0f20566a8b20787fa35444c7933c03cd03f96f06dcd4532 fix-toolkit.patch
-b46cb90d4fdd1a925a61e2c6c545489cd542f5d82980c529361c02042eed31d5c26972b5e237c1a020f87ffcfd12736d1f4f6e33eaa83ae156d523c808c718cb fix-tools.patch
+3414fd06110e853b01043d5d1090cfe1e6c13e8aa3c9f97a91ba390b37d6e909d3e836dbc9b2c261e636056ac10ca78de07adbd27f68102b979fc533b2f9c560 fix-seccomp-bpf.patch
+892d6a5544c23983a2d62eab954a9b68883e3c0b66e3bdc47255f21ef700bda6fce90657249cbc59f88b1372f4fb83e2f0a7cfd62201d58a5cd6089358223cf3 fix-toolkit.patch
+2024a81e867fba6dbd31971ae7a8a984a4db5d4b5fc6dafba92521ac8e0b3e99cc80f1e0bd079faef0d1bb5cb5ea1040ecb4da085fe2bf2a640f3cc4da3ec5c5 fix-tools.patch
bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29 mallinfo.patch
-ed0d344c66fc8e1cc83a11e9858b32c42e841cbeedd9eb9438811e9fcc3593dc824a8336d00058d55836cedc970aeadd6a82c6dcd7bc0fb746e564d8b478cc6c fix-arm-atomics-grsec.patch
015e1ff6dbf920033982b5df95d869a0b7bf56c6964e45e50649ddf46d1ce09563458e45240c3ecb92808662b1300b67507f7af272ba184835d91068a9e7d5b0 fix-arm-version-detect.patch
e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18 mozilla-build-arm.patch
-4797d2d89ac63a57abb826b8ea9f751314ce66946194033deb9d78c2ff377b88106fd2c7bc5034dc13ad03dd5085b1893c3ccae1a9e63fde35655bb0921f7188 disable-moz-stackwalk.patch
+251c170504f3418e47feeaee5cc5a7cf7fdf4a5ee0283b1497933fdce1857a3fe299da1178a044d5d39f84ddbca761fb542345f8f183bf62c3557cba4a47a874 disable-moz-stackwalk.patch
42cc44fda4b05259b38f055d6f51461746aa89a474cedc5e92fb9d20879da0d12b1b515b273a549e7302cda9c7eddde20d5fdba09853e5c658784ad6d0b20078 fix-rust-target.patch
a50b412edf9573a0bd04a43578b1c927967a616b73a5995eefb15bfa78fd2bd14e36ec05315a0703f6370ecd524e6bcb012e7285beb1245e9add9b8553acb79e fix-bug-1261392.patch
01b48a708cc6bc6e3cd7cc7b16f5137ec344566ac891d699b65e322bc992726072fa14a54cef1a7775799fcbbcf90a6c170107c8524caba3bc311b42d93b7581 rust-unitialized-field.patch
diff --git a/community/firefox-esr/disable-moz-stackwalk.patch b/community/firefox-esr/disable-moz-stackwalk.patch
index c83ae7eae96..99ac8dee2cb 100644
--- a/community/firefox-esr/disable-moz-stackwalk.patch
+++ b/community/firefox-esr/disable-moz-stackwalk.patch
@@ -1,12 +1,12 @@
diff --git a/mozglue/misc/StackWalk.cpp b/mozglue/misc/StackWalk.cpp
-index a208bad..14e1f0d 100644
+index e39e38b4c..a8b7251c5 100644
--- a/mozglue/misc/StackWalk.cpp
+++ b/mozglue/misc/StackWalk.cpp
-@@ -41,13 +41,7 @@ static CriticalAddress gCriticalAddress;
+@@ -32,13 +32,7 @@ using namespace mozilla;
#define MOZ_STACKWALK_SUPPORTS_MACOSX 0
#endif
--#if (defined(linux) && \
+-#if (defined(linux) && \
- ((defined(__GNUC__) && (defined(__i386) || defined(PPC))) || \
- defined(HAVE__UNWIND_BACKTRACE)))
-#define MOZ_STACKWALK_SUPPORTS_LINUX 1
diff --git a/community/firefox-esr/fix-arm-atomics-grsec.patch b/community/firefox-esr/fix-arm-atomics-grsec.patch
deleted file mode 100644
index 0eb58f093f3..00000000000
--- a/community/firefox-esr/fix-arm-atomics-grsec.patch
+++ /dev/null
@@ -1,306 +0,0 @@
---- mozilla-release/ipc/chromium/src/base/atomicops_internals_arm_gcc.h.orig
-+++ mozilla-release/ipc/chromium/src/base/atomicops_internals_arm_gcc.h
-@@ -12,43 +35,194 @@
- namespace base {
- namespace subtle {
-
--// 0xffff0fc0 is the hard coded address of a function provided by
--// the kernel which implements an atomic compare-exchange. On older
--// ARM architecture revisions (pre-v6) this may be implemented using
--// a syscall. This address is stable, and in active use (hard coded)
--// by at least glibc-2.7 and the Android C library.
--typedef Atomic32 (*LinuxKernelCmpxchgFunc)(Atomic32 old_value,
-- Atomic32 new_value,
-- volatile Atomic32* ptr);
--LinuxKernelCmpxchgFunc pLinuxKernelCmpxchg __attribute__((weak)) =
-- (LinuxKernelCmpxchgFunc) 0xffff0fc0;
-+// Memory barriers on ARM are funky, but the kernel is here to help:
-+//
-+// * ARMv5 didn't support SMP, there is no memory barrier instruction at
-+// all on this architecture, or when targeting its machine code.
-+//
-+// * Some ARMv6 CPUs support SMP. A full memory barrier can be produced by
-+// writing a random value to a very specific coprocessor register.
-+//
-+// * On ARMv7, the "dmb" instruction is used to perform a full memory
-+// barrier (though writing to the co-processor will still work).
-+// However, on single core devices (e.g. Nexus One, or Nexus S),
-+// this instruction will take up to 200 ns, which is huge, even though
-+// it's completely un-needed on these devices.
-+//
-+// * There is no easy way to determine at runtime if the device is
-+// single or multi-core. However, the kernel provides a useful helper
-+// function at a fixed memory address (0xffff0fa0), which will always
-+// perform a memory barrier in the most efficient way. I.e. on single
-+// core devices, this is an empty function that exits immediately.
-+// On multi-core devices, it implements a full memory barrier.
-+//
-+// * This source could be compiled to ARMv5 machine code that runs on a
-+// multi-core ARMv6 or ARMv7 device. In this case, memory barriers
-+// are needed for correct execution. Always call the kernel helper, even
-+// when targeting ARMv5TE.
-+//
-
--typedef void (*LinuxKernelMemoryBarrierFunc)(void);
--LinuxKernelMemoryBarrierFunc pLinuxKernelMemoryBarrier __attribute__((weak)) =
-- (LinuxKernelMemoryBarrierFunc) 0xffff0fa0;
-+inline void MemoryBarrier() {
-+#if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
-+ defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__)
-+ __asm__ __volatile__("dmb ish" ::: "memory");
-+#elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \
-+ defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || \
-+ defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__)
-+ __asm__ __volatile__("mcr p15,0,r0,c7,c10,5" ::: "memory");
-+#elif defined(__linux__) || defined(__ANDROID__)
-+ // Note: This is a function call, which is also an implicit compiler barrier.
-+ typedef void (*KernelMemoryBarrierFunc)();
-+ ((KernelMemoryBarrierFunc)0xffff0fa0)();
-+#error MemoryBarrier() is not implemented on this platform.
-+#endif
-+}
-
-+// An ARM toolchain would only define one of these depending on which
-+// variant of the target architecture is being used. This tests against
-+// any known ARMv6 or ARMv7 variant, where it is possible to directly
-+// use ldrex/strex instructions to implement fast atomic operations.
-+#if defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \
-+ defined(__ARM_ARCH_7R__) || defined(__ARM_ARCH_7M__) || \
-+ defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \
-+ defined(__ARM_ARCH_6K__) || defined(__ARM_ARCH_6Z__) || \
-+ defined(__ARM_ARCH_6ZK__) || defined(__ARM_ARCH_6T2__)
-
- inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
- Atomic32 old_value,
- Atomic32 new_value) {
-- Atomic32 prev_value = *ptr;
-+ Atomic32 prev_value;
-+ int reloop;
- do {
-- if (!pLinuxKernelCmpxchg(old_value, new_value,
-- const_cast<Atomic32*>(ptr))) {
-- return old_value;
-- }
-- prev_value = *ptr;
-- } while (prev_value == old_value);
-+ // The following is equivalent to:
-+ //
-+ // prev_value = LDREX(ptr)
-+ // reloop = 0
-+ // if (prev_value != old_value)
-+ // reloop = STREX(ptr, new_value)
-+ __asm__ __volatile__(" ldrex %0, [%3]\n"
-+ " mov %1, #0\n"
-+ " cmp %0, %4\n"
-+#ifdef __thumb2__
-+ " it eq\n"
-+#endif
-+ " strexeq %1, %5, [%3]\n"
-+ : "=&r"(prev_value), "=&r"(reloop), "+m"(*ptr)
-+ : "r"(ptr), "r"(old_value), "r"(new_value)
-+ : "cc", "memory");
-+ } while (reloop != 0);
- return prev_value;
- }
-
-+inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr,
-+ Atomic32 old_value,
-+ Atomic32 new_value) {
-+ Atomic32 result = NoBarrier_CompareAndSwap(ptr, old_value, new_value);
-+ MemoryBarrier();
-+ return result;
-+}
-+
-+inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr,
-+ Atomic32 old_value,
-+ Atomic32 new_value) {
-+ MemoryBarrier();
-+ return NoBarrier_CompareAndSwap(ptr, old_value, new_value);
-+}
-+
-+inline Atomic32 NoBarrier_AtomicIncrement(volatile Atomic32* ptr,
-+ Atomic32 increment) {
-+ Atomic32 value;
-+ int reloop;
-+ do {
-+ // Equivalent to:
-+ //
-+ // value = LDREX(ptr)
-+ // value += increment
-+ // reloop = STREX(ptr, value)
-+ //
-+ __asm__ __volatile__(" ldrex %0, [%3]\n"
-+ " add %0, %0, %4\n"
-+ " strex %1, %0, [%3]\n"
-+ : "=&r"(value), "=&r"(reloop), "+m"(*ptr)
-+ : "r"(ptr), "r"(increment)
-+ : "cc", "memory");
-+ } while (reloop);
-+ return value;
-+}
-+
-+inline Atomic32 Barrier_AtomicIncrement(volatile Atomic32* ptr,
-+ Atomic32 increment) {
-+ // TODO(digit): Investigate if it's possible to implement this with
-+ // a single MemoryBarrier() operation between the LDREX and STREX.
-+ // See http://crbug.com/246514
-+ MemoryBarrier();
-+ Atomic32 result = NoBarrier_AtomicIncrement(ptr, increment);
-+ MemoryBarrier();
-+ return result;
-+}
-+
- inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr,
- Atomic32 new_value) {
- Atomic32 old_value;
-+ int reloop;
- do {
-+ // old_value = LDREX(ptr)
-+ // reloop = STREX(ptr, new_value)
-+ __asm__ __volatile__(" ldrex %0, [%3]\n"
-+ " strex %1, %4, [%3]\n"
-+ : "=&r"(old_value), "=&r"(reloop), "+m"(*ptr)
-+ : "r"(ptr), "r"(new_value)
-+ : "cc", "memory");
-+ } while (reloop != 0);
-+ return old_value;
-+}
-+
-+// This tests against any known ARMv5 variant.
-+#elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \
-+ defined(__ARM_ARCH_5TE__) || defined(__ARM_ARCH_5TEJ__)
-+
-+// The kernel also provides a helper function to perform an atomic
-+// compare-and-swap operation at the hard-wired address 0xffff0fc0.
-+// On ARMv5, this is implemented by a special code path that the kernel
-+// detects and treats specially when thread pre-emption happens.
-+// On ARMv6 and higher, it uses LDREX/STREX instructions instead.
-+//
-+// Note that this always perform a full memory barrier, there is no
-+// need to add calls MemoryBarrier() before or after it. It also
-+// returns 0 on success, and 1 on exit.
-+//
-+// Available and reliable since Linux 2.6.24. Both Android and ChromeOS
-+// use newer kernel revisions, so this should not be a concern.
-+namespace {
-+
-+inline int LinuxKernelCmpxchg(Atomic32 old_value,
-+ Atomic32 new_value,
-+ volatile Atomic32* ptr) {
-+ typedef int (*KernelCmpxchgFunc)(Atomic32, Atomic32, volatile Atomic32*);
-+ return ((KernelCmpxchgFunc)0xffff0fc0)(old_value, new_value, ptr);
-+}
-+
-+} // namespace
-+
-+inline Atomic32 NoBarrier_CompareAndSwap(volatile Atomic32* ptr,
-+ Atomic32 old_value,
-+ Atomic32 new_value) {
-+ Atomic32 prev_value;
-+ for (;;) {
-+ prev_value = *ptr;
-+ if (prev_value != old_value)
-+ return prev_value;
-+ if (!LinuxKernelCmpxchg(old_value, new_value, ptr))
-+ return old_value;
-+ }
-+}
-+
-+inline Atomic32 NoBarrier_AtomicExchange(volatile Atomic32* ptr,
-+ Atomic32 new_value) {
-+ Atomic32 old_value;
-+ do {
- old_value = *ptr;
-- } while (pLinuxKernelCmpxchg(old_value, new_value,
-- const_cast<Atomic32*>(ptr)));
-+ } while (LinuxKernelCmpxchg(old_value, new_value, ptr));
- return old_value;
- }
-
-@@ -63,36 +237,57 @@
- // Atomic exchange the old value with an incremented one.
- Atomic32 old_value = *ptr;
- Atomic32 new_value = old_value + increment;
-- if (pLinuxKernelCmpxchg(old_value, new_value,
-- const_cast<Atomic32*>(ptr)) == 0) {
-+ if (!LinuxKernelCmpxchg(old_value, new_value, ptr)) {
- // The exchange took place as expected.
- return new_value;
- }
- // Otherwise, *ptr changed mid-loop and we need to retry.
- }
--
- }
-
- inline Atomic32 Acquire_CompareAndSwap(volatile Atomic32* ptr,
- Atomic32 old_value,
- Atomic32 new_value) {
-- return NoBarrier_CompareAndSwap(ptr, old_value, new_value);
-+ Atomic32 prev_value;
-+ for (;;) {
-+ prev_value = *ptr;
-+ if (prev_value != old_value) {
-+ // Always ensure acquire semantics.
-+ MemoryBarrier();
-+ return prev_value;
-+ }
-+ if (!LinuxKernelCmpxchg(old_value, new_value, ptr))
-+ return old_value;
-+ }
- }
-
- inline Atomic32 Release_CompareAndSwap(volatile Atomic32* ptr,
- Atomic32 old_value,
- Atomic32 new_value) {
-- return NoBarrier_CompareAndSwap(ptr, old_value, new_value);
-+ // This could be implemented as:
-+ // MemoryBarrier();
-+ // return NoBarrier_CompareAndSwap();
-+ //
-+ // But would use 3 barriers per succesful CAS. To save performance,
-+ // use Acquire_CompareAndSwap(). Its implementation guarantees that:
-+ // - A succesful swap uses only 2 barriers (in the kernel helper).
-+ // - An early return due to (prev_value != old_value) performs
-+ // a memory barrier with no store, which is equivalent to the
-+ // generic implementation above.
-+ return Acquire_CompareAndSwap(ptr, old_value, new_value);
- }
-
-+#else
-+# error "Your CPU's ARM architecture is not supported yet"
-+#endif
-+
-+// NOTE: Atomicity of the following load and store operations is only
-+// guaranteed in case of 32-bit alignement of |ptr| values.
-+
- inline void NoBarrier_Store(volatile Atomic32* ptr, Atomic32 value) {
- *ptr = value;
- }
-
--inline void MemoryBarrier() {
-- pLinuxKernelMemoryBarrier();
--}
--
- inline void Acquire_Store(volatile Atomic32* ptr, Atomic32 value) {
- *ptr = value;
- MemoryBarrier();
-@@ -103,9 +298,7 @@
- *ptr = value;
- }
-
--inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) {
-- return *ptr;
--}
-+inline Atomic32 NoBarrier_Load(volatile const Atomic32* ptr) { return *ptr; }
-
- inline Atomic32 Acquire_Load(volatile const Atomic32* ptr) {
- Atomic32 value = *ptr;
-@@ -118,7 +311,6 @@
- return *ptr;
- }
-
--} // namespace base::subtle
--} // namespace base
-+} } // namespace base::subtle
-
- #endif // BASE_ATOMICOPS_INTERNALS_ARM_GCC_H_
diff --git a/community/firefox-esr/fix-seccomp-bpf.patch b/community/firefox-esr/fix-seccomp-bpf.patch
index ee6d6664000..c44d9ea48e4 100644
--- a/community/firefox-esr/fix-seccomp-bpf.patch
+++ b/community/firefox-esr/fix-seccomp-bpf.patch
@@ -1,6 +1,7 @@
-diff -ru firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc
---- firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2018-12-14 08:53:46.083976137 +0000
-+++ firefox-62.0.3/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc 2018-12-14 08:51:22.084596411 +0000
+diff --git a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc
+index 003708d2c..79488795d 100644
+--- a/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc
++++ b/security/sandbox/chromium/sandbox/linux/seccomp-bpf/trap.cc
@@ -25,6 +25,11 @@
#include "sandbox/linux/system_headers/linux_seccomp.h"
#include "sandbox/linux/system_headers/linux_signal.h"
@@ -13,14 +14,15 @@ diff -ru firefox-62.0.3.orig/security/sandbox/chromium/sandbox/linux/seccomp-bpf
namespace {
struct arch_sigsys {
-diff -ru firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp
---- firefox-62.0.3.orig/security/sandbox/linux/SandboxFilter.cpp 2018-10-01 18:35:28.000000000 +0000
-+++ firefox-62.0.3/security/sandbox/linux/SandboxFilter.cpp 2018-12-14 08:57:50.645264590 +0000
-@@ -1005,6 +1005,7 @@
- // ffmpeg, and anything else that calls isatty(), will be told
- // that nothing is a typewriter:
- .ElseIf(request == TCGETS, Error(ENOTTY))
-+ .ElseIf(request == TIOCGWINSZ, Error(ENOTTY))
- // Allow anything that isn't a tty ioctl, for now; bug 1302711
- // will cover changing this to a default-deny policy.
- .ElseIf(shifted_type != kTtyIoctls, Allow())
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index 0f59f2a87..5c07dbb31 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -989,6 +989,7 @@ class ContentSandboxPolicy : public SandboxPolicyCommon {
+ // ffmpeg, and anything else that calls isatty(), will be told
+ // that nothing is a typewriter:
+ .ElseIf(request == TCGETS, Error(ENOTTY))
++ .ElseIf(request == TIOCGWINSZ, Error(ENOTTY))
+ // Allow anything that isn't a tty ioctl, for now; bug 1302711
+ // will cover changing this to a default-deny policy.
+ .ElseIf(shifted_type != kTtyIoctls, Allow())
diff --git a/community/firefox-esr/fix-toolkit.patch b/community/firefox-esr/fix-toolkit.patch
index 58fe5a3a9a2..6cd48dde8b9 100644
--- a/community/firefox-esr/fix-toolkit.patch
+++ b/community/firefox-esr/fix-toolkit.patch
@@ -1,8 +1,7 @@
-diff --git a/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc b/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc
-index 4222ce3..4d40c6a 100644
---- a/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc
-+++ b/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc
-@@ -45,6 +45,7 @@
+diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc
+--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc 2019-02-11 18:55:48.607258656 +0100
++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/linux/dump_symbols.cc 2019-02-11 20:57:51.386533134 +0100
+@@ -46,6 +46,7 @@
#include <sys/mman.h>
#include <sys/stat.h>
#include <unistd.h>
@@ -10,10 +9,9 @@ index 4222ce3..4d40c6a 100644
#include <iostream>
#include <set>
-diff --git a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc
-index 6019fc7..5953e32 100644
---- a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc
-+++ b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc
+diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc
+--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc 2019-02-11 18:55:48.610591990 +0100
++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.cc 2019-02-11 20:57:51.386533134 +0100
@@ -41,6 +41,10 @@
#include "common/using_std_string.h"
@@ -25,10 +23,9 @@ index 6019fc7..5953e32 100644
using std::vector;
namespace google_breakpad {
-diff --git a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h
-index 98ee2dd..d57aa68 100644
---- a/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h
-+++ b/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h
+diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h
+--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h 2019-02-11 18:55:48.610591990 +0100
++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/common/stabs_reader.h 2019-02-11 20:57:51.389866466 +0100
@@ -55,7 +55,7 @@
#ifdef HAVE_MACH_O_NLIST_H
@@ -38,11 +35,10 @@ index 98ee2dd..d57aa68 100644
#include <a.out.h>
#endif
-diff --git a/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h b/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h
-index 93fdad7..f34e5e0 100644
---- a/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h
-+++ b/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h
-@@ -1134,6 +1134,12 @@ struct kernel_statfs {
+diff -upr /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h
+--- /tmp/firefox-60.5.0.orig/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h 2019-02-11 18:55:48.647258669 +0100
++++ firefox-60.5.0/toolkit/crashreporter/google-breakpad/src/third_party/lss/linux_syscall_support.h 2019-02-11 19:01:23.614038547 +0100
+@@ -1210,6 +1210,12 @@ struct kernel_statfs {
#ifndef __NR_fallocate
#define __NR_fallocate 285
#endif
@@ -55,32 +51,30 @@ index 93fdad7..f34e5e0 100644
/* End of x86-64 definitions */
#elif defined(__mips__)
#if _MIPS_SIM == _MIPS_SIM_ABI32
-diff --git a/toolkit/mozapps/update/common/updatedefines.h b/toolkit/mozapps/update/common/updatedefines.h
-index 026e7ed..0801f14 100644
---- a/toolkit/mozapps/update/common/updatedefines.h
-+++ b/toolkit/mozapps/update/common/updatedefines.h
-@@ -117,7 +117,7 @@ static inline int mywcsprintf(WCHAR* dest, size_t count, const WCHAR* fmt, ...)
+diff -upr /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/common/updatedefines.h firefox-60.5.0/toolkit/mozapps/update/common/updatedefines.h
+--- /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/common/updatedefines.h 2019-02-11 18:55:49.287258893 +0100
++++ firefox-60.5.0/toolkit/mozapps/update/common/updatedefines.h 2019-02-11 20:58:30.753178073 +0100
+@@ -100,7 +100,7 @@ static inline int mywcsprintf(WCHAR* des
#ifdef SOLARIS
- # include <sys/stat.h>
+ #include <sys/stat.h>
-#else
+#elif !defined(__linux__) || defined(__GLIBC__)
- # include <fts.h>
+ #include <fts.h>
#endif
- # include <dirent.h>
-diff --git a/toolkit/mozapps/update/updater/updater.cpp b/toolkit/mozapps/update/updater/updater.cpp
-index 257ccb4..01314e4 100644
---- a/toolkit/mozapps/update/updater/updater.cpp
-+++ b/toolkit/mozapps/update/updater/updater.cpp
-@@ -3737,6 +3737,7 @@ int add_dir_entries(const NS_tchar *dirpath, ActionList *list)
- int add_dir_entries(const NS_tchar *dirpath, ActionList *list)
- {
+ #include <dirent.h>
+diff -upr /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/updater/updater.cpp firefox-60.5.0/toolkit/mozapps/update/updater/updater.cpp
+--- /tmp/firefox-60.5.0.orig/toolkit/mozapps/update/updater/updater.cpp 2019-02-11 18:55:49.283925558 +0100
++++ firefox-60.5.0/toolkit/mozapps/update/updater/updater.cpp 2019-02-11 20:57:57.303196520 +0100
+@@ -3733,6 +3733,7 @@ int add_dir_entries(const NS_tchar *dirp
+
+ int add_dir_entries(const NS_tchar *dirpath, ActionList *list) {
int rv = OK;
+#if !defined(__linux__) || defined(__GLIBC__)
FTS *ftsdir;
FTSENT *ftsdirEntry;
- NS_tchar searchpath[MAXPATHLEN];
-@@ -3840,6 +3841,7 @@ int add_dir_entries(const NS_tchar *dirpath, ActionList *list)
+ mozilla::UniquePtr<NS_tchar[]> searchpath(get_full_path(dirpath));
+@@ -3833,6 +3834,7 @@ int add_dir_entries(const NS_tchar *dirp
}
fts_close(ftsdir);
diff --git a/community/firefox-esr/fix-tools.patch b/community/firefox-esr/fix-tools.patch
index 84f7fa9cb84..fdb08845d95 100644
--- a/community/firefox-esr/fix-tools.patch
+++ b/community/firefox-esr/fix-tools.patch
@@ -1,22 +1,38 @@
---- a/tools/profiler/core/platform.h
-+++ b/tools/profiler/core/platform.h
+diff -upr /tmp/firefox-60.5.0.orig/tools/profiler/core/platform-linux-android.cpp firefox-60.5.0/tools/profiler/core/platform-linux-android.cpp
+--- /tmp/firefox-60.5.0.orig/tools/profiler/core/platform-linux-android.cpp 2019-02-11 18:55:48.543925300 +0100
++++ firefox-60.5.0/tools/profiler/core/platform-linux-android.cpp 2019-02-12 10:00:02.735569929 +0100
+@@ -497,8 +497,10 @@ static void PlatformInit(PSLockRef aLock
+ ucontext_t sSyncUContext;
+
+ void Registers::SyncPopulate() {
++#if defined(__GLIBC__)
+ if (!getcontext(&sSyncUContext)) {
+ PopulateRegsFromContext(*this, &sSyncUContext);
+ }
++#endif
+ }
+ #endif
+diff -upr /tmp/firefox-60.5.0.orig/tools/profiler/core/platform.h firefox-60.5.0/tools/profiler/core/platform.h
+--- /tmp/firefox-60.5.0.orig/tools/profiler/core/platform.h 2019-02-11 18:55:48.540591965 +0100
++++ firefox-60.5.0/tools/profiler/core/platform.h 2019-02-12 10:00:02.735569929 +0100
@@ -29,6 +29,8 @@
#ifndef TOOLS_PLATFORM_H_
#define TOOLS_PLATFORM_H_
-
+
+#include <sys/types.h>
+
#include <stdint.h>
#include <math.h>
#include "MainThreadUtils.h"
---- a/tools/profiler/lul/LulElf.cpp
-+++ b/tools/profiler/lul/LulElf.cpp
-@@ -579,10 +579,10 @@
+diff -upr /tmp/firefox-60.5.0.orig/tools/profiler/lul/LulElf.cpp firefox-60.5.0/tools/profiler/lul/LulElf.cpp
+--- /tmp/firefox-60.5.0.orig/tools/profiler/lul/LulElf.cpp 2019-02-11 18:55:48.547258635 +0100
++++ firefox-60.5.0/tools/profiler/lul/LulElf.cpp 2019-02-12 10:00:59.802296448 +0100
+@@ -459,10 +459,10 @@ string FormatIdentifier(unsigned char id
// Return the non-directory portion of FILENAME: the portion after the
// last slash, or the whole filename if there are no slashes.
- string BaseFileName(const string &filename) {
+ string BaseFileName(const string& filename) {
- // Lots of copies! basename's behavior is less than ideal.
-- char *c_filename = strdup(filename.c_str());
+- char* c_filename = strdup(filename.c_str());
- string base = basename(c_filename);
- free(c_filename);
+ // basename's behavior is less than ideal so avoid it
@@ -25,18 +41,4 @@
+ string base = p ? p+1 : c_filename;
return base;
}
-
---- a/tools/profiler/core/platform-linux-android.cpp.orig
-+++ b/tools/profiler/core/platform-linux-android.cpp
-@@ -534,9 +534,11 @@
- void
- Registers::SyncPopulate()
- {
-+#if defined(__GLIBC__)
- if (!getcontext(&sSyncUContext)) {
- PopulateRegsFromContext(*this, &sSyncUContext);
- }
-+#endif
- }
- #endif