From 2a1307f3d574e22f1aaf4ad9b9e271dd575f42d2 Mon Sep 17 00:00:00 2001 From: Martin Stransky Date: Tue, 21 Jul 2020 12:12:38 +0200 Subject: [PATCH] Added fix for mozbz#1651701/rhbz#1855730 --- firefox.spec | 7 ++++++- mozilla-1651701.patch | 18 ++++++++++++++++++ 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 mozilla-1651701.patch diff --git a/firefox.spec b/firefox.spec index 3200ed7..1183407 100644 --- a/firefox.spec +++ b/firefox.spec @@ -118,7 +118,7 @@ ExcludeArch: s390x Summary: Mozilla Firefox Web browser Name: firefox Version: 78.0.2 -Release: 2%{?dist} +Release: 3%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz @@ -179,6 +179,7 @@ Patch412: mozilla-1337988.patch Patch415: Bug-1238661---fix-mozillaSignalTrampoline-to-work-.patch Patch417: bug1375074-save-restore-x28.patch Patch422: mozilla-1580174-webrtc-popup.patch +Patch423: mozilla-1651701.patch # Wayland specific upstream patches Patch574: firefox-pipewire-0-2.patch @@ -380,6 +381,7 @@ This package contains results of tests executed during build. %ifarch %{arm} %patch415 -p1 -b .1238661 %endif +%patch423 -p1 -b .mozilla-1651701 # Wayland specific upstream patches @@ -971,6 +973,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog +* Tue Jul 21 2020 Martin Stransky - 78.0-3 +- Added fix for mozbz#1651701/rhbz#1855730 + * Fri Jul 10 2020 Jan Horak - 78.0.2-2 - Fixing clang build - linker setup diff --git a/mozilla-1651701.patch b/mozilla-1651701.patch new file mode 100644 index 0000000..7bcea2e --- /dev/null +++ b/mozilla-1651701.patch @@ -0,0 +1,18 @@ +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -711,6 +711,13 @@ + return Error(EPERM); + #endif + ++ // Bug 1651701: an API for restartable atomic sequences and ++ // per-CPU data; exposing information about CPU numbers and ++ // when threads are migrated or preempted isn't great but the ++ // risk should be relatively low. ++ case __NR_rseq: ++ return Allow(); ++ + #ifdef MOZ_ASAN + // ASAN's error reporter wants to know if stderr is a tty. + case __NR_ioctl: { +