packages/firefox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix firefox tab crash with clone3 in glibc 2.34

Browse Source
This commit is contained in:
lingsheng 2021-08-23 16:49:28 +08:00
parent ff38cbae75
commit efe80ec472
2 changed files with 60 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
Deny-clone3-to-force-glibc-fallback.patch Normal file
View File

@ -0,0 +1,54 @@
# HG changeset patch
# User Alexandre Lissy <lissyx+mozillians@lissyx.dyndns.org>
# Date 1623246328 0
# Node ID ecb4011a0c76a1c7040054a44712e277f3dc24a1
# Parent 9ec189804055442e5cc98d69dd01b71e90ed0cb5
Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
Differential Revision: https://phabricator.services.mozilla.com/D117297
diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
@@ -853,16 +853,19 @@ class SandboxPolicyCommon : public Sandb
// Yield
case __NR_sched_yield:
return Allow();
// Thread creation.
case __NR_clone:
return ClonePolicy(InvalidSyscall());
+ case __NR_clone3:
+ return Error(ENOSYS);
+
// More thread creation.
#ifdef __NR_set_robust_list
case __NR_set_robust_list:
return Allow();
#endif
#ifdef ANDROID
case __NR_set_tid_address:
return Allow();
@@ -1499,16 +1502,19 @@ class ContentSandboxPolicy : public Sand
// the child would inherit the seccomp-bpf policy and almost
// certainly die from an unexpected SIGSYS. We also can't have
// fork() crash, currently, because there are too many system
// libraries/plugins that try to run commands. But they can
// usually do something reasonable on error.
case __NR_clone:
return ClonePolicy(Error(EPERM));
+ case __NR_clone3:
+ return Error(ENOSYS);
+
# ifdef __NR_fadvise64
case __NR_fadvise64:
return Allow();
# endif
# ifdef __NR_fadvise64_64
case __NR_fadvise64_64:
return Allow();

7
firefox.spec
View File

@ -88,7 +88,7 @@
Summary: Mozilla Firefox Web browser Summary: Mozilla Firefox Web browser
Name: firefox Name: firefox
Version: 79.0 Version: 79.0
Release: 9 Release: 10
URL: https://www.mozilla.org/firefox/ URL: https://www.mozilla.org/firefox/
License: MPLv1.1 or GPLv2+ or LGPLv2+ License: MPLv1.1 or GPLv2+ or LGPLv2+
Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@ -185,6 +185,7 @@ Patch640: Bug-1680166-Return-EFAULT-when-given-a-null-path-to-stat-ca
Patch641: Bug-1680166-GCC-is-smarter-than-clang-so-ignore-the-warning-properly.patch Patch641: Bug-1680166-GCC-is-smarter-than-clang-so-ignore-the-warning-properly.patch
Patch642: firefox-glibc-dynstack.patch Patch642: firefox-glibc-dynstack.patch
Patch643: firefox-crashreporter-build.patch Patch643: firefox-crashreporter-build.patch
Patch644: Deny-clone3-to-force-glibc-fallback.patch
%if %{?system_nss} %if %{?system_nss}
BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@ -363,6 +364,7 @@ tar -xf %{SOURCE3}
%patch641 -p1 %patch641 -p1
%patch642 -p1 %patch642 -p1
%patch643 -p1 %patch643 -p1
%patch644 -p1
%{__rm} -f .mozconfig %{__rm} -f .mozconfig
%{__cp} %{SOURCE10} .mozconfig %{__cp} %{SOURCE10} .mozconfig
@ -805,6 +807,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
%endif %endif
%changelog %changelog
* Mon Aug 23 2021 lingsheng <lingsheng@huawei.com> - 79.0-10
- Fix firefox tab crash with clone3 in glibc 2.34
* Wed Aug 11 2021 caodongxia <caodongxia@huawei.com> - 79.0-9 * Wed Aug 11 2021 caodongxia <caodongxia@huawei.com> - 79.0-9
- Fix glibc dynstack - Fix glibc dynstack