From 2a1307f3d574e22f1aaf4ad9b9e271dd575f42d2 Mon Sep 17 00:00:00 2001
From: Martin Stransky <stransky@redhat.com>
Date: Tue, 21 Jul 2020 12:12:38 +0200
Subject: [PATCH] Added fix for mozbz#1651701/rhbz#1855730

---
 firefox.spec          |  7 ++++++-
 mozilla-1651701.patch | 18 ++++++++++++++++++
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100644 mozilla-1651701.patch

diff --git a/firefox.spec b/firefox.spec
index 3200ed7..1183407 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -118,7 +118,7 @@ ExcludeArch: s390x
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        78.0.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:        https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
@@ -179,6 +179,7 @@ Patch412:        mozilla-1337988.patch
 Patch415:        Bug-1238661---fix-mozillaSignalTrampoline-to-work-.patch
 Patch417:        bug1375074-save-restore-x28.patch
 Patch422:        mozilla-1580174-webrtc-popup.patch
+Patch423:        mozilla-1651701.patch
 
 # Wayland specific upstream patches
 Patch574:        firefox-pipewire-0-2.patch
@@ -380,6 +381,7 @@ This package contains results of tests executed during build.
 %ifarch %{arm}
 %patch415 -p1 -b .1238661
 %endif
+%patch423 -p1 -b .mozilla-1651701
 
 
 # Wayland specific upstream patches
@@ -971,6 +973,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Tue Jul 21 2020 Martin Stransky <stransky@redhat.com> - 78.0-3
+- Added fix for mozbz#1651701/rhbz#1855730
+
 * Fri Jul 10 2020 Jan Horak <jhorak@redhat.com> - 78.0.2-2
 - Fixing clang build - linker setup
 
diff --git a/mozilla-1651701.patch b/mozilla-1651701.patch
new file mode 100644
index 0000000..7bcea2e
--- /dev/null
+++ b/mozilla-1651701.patch
@@ -0,0 +1,18 @@
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -711,6 +711,13 @@
+         return Error(EPERM);
+ #endif
+ 
++        // Bug 1651701: an API for restartable atomic sequences and
++        // per-CPU data; exposing information about CPU numbers and
++        // when threads are migrated or preempted isn't great but the
++        // risk should be relatively low.
++      case __NR_rseq:
++        return Allow();
++
+ #ifdef MOZ_ASAN
+         // ASAN's error reporter wants to know if stderr is a tty.
+       case __NR_ioctl: {
+