Added fix for rawhide crashes (rhbz#1891234)

2020-10-27 10:39:44 +01:00 · 2020-10-27 10:39:44 +01:00 · ada5e90424
parent 200975daf4
commit ada5e90424
2 changed files with 54 additions and 1 deletions
--- a/firefox.spec
+++ b/firefox.spec
@ -107,7 +107,7 @@ ExcludeArch: s390x
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        82.0
-Release:        6%{?dist}
+Release:        7%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:        https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
@ -174,6 +174,7 @@ Patch412:        mozilla-1634404.patch
 Patch413:        mozilla-1669495.patch
 Patch414:        mozilla-1656727.patch
 Patch415:        mozilla-1670333.patch
+Patch416:        mozilla-1673202.patch

 # Wayland specific upstream patches
 Patch574:        firefox-pipewire-0-2.patch
@ -383,6 +384,9 @@ This package contains results of tests executed during build.
 %patch413 -p1 -b .1669495
 %patch414 -p1 -b .1656727
 %patch415 -p1 -b .1670333
+%if 0%{?fedora} > 33 || 0%{?eln}
+%patch416 -p1 -b .1673202
+%endif

 # Wayland specific upstream patches
 %if 0%{?fedora} > 31 || 0%{?eln}
@ -981,6 +985,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------

 %changelog
+* Tue Oct 27 2020 Martin Stransky <stransky@redhat.com> - 82.0-7
+- Added fix for rawhide crashes (rhbz#1891234)
+
 * Sat Oct 24 2020 Martin Stransky <stransky@redhat.com> - 82.0-6
 - Enable LTO

--- a/mozilla-1673202.patch
+++ b/mozilla-1673202.patch
@ -0,0 +1,46 @@
+# HG changeset patch
+# User Jed Davis <jld@mozilla.com>
+
+Bug 1673202 - Call fstat directly in Linux sandbox fstatat interception. r?gcp
+
+Sandbox policies handle the case of `fstatat(fd, "", AT_EMPTY_PATH|...)`
+by invoking the SIGSYS handler (because seccomp-bpf can't tell if the
+string will be empty when the syscall would use it), which makes the
+equivalent call to `fstat`.
+
+Unfortunately, recent development versions of glibc implement `fstat` by
+calling `fstatat`, which causes unbounded recursion and stack overflow.
+(This depends on the headers present at build time; see the bug for more
+details.)  This patch switches it to use the `fstat` (or `fstat64` on
+32-bit) syscall directly.
+
+Differential Revision: https://phabricator.services.mozilla.com/D94798
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+index 9bdb10c49e085..a128cce7b266c 100644
+--- a/security/sandbox/linux/SandboxFilter.cpp
+++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -294,17 +294,21 @@ class SandboxPolicyCommon : public SandboxPolicyBase {
+     auto broker = static_cast<SandboxBrokerClient*>(aux);
+     auto fd = static_cast<int>(aArgs.args[0]);
+     auto path = reinterpret_cast<const char*>(aArgs.args[1]);
+     auto buf = reinterpret_cast<statstruct*>(aArgs.args[2]);
+     auto flags = static_cast<int>(aArgs.args[3]);
+ 
+     if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 &&
+         strcmp(path, "") == 0) {
+-      return ConvertError(fstatsyscall(fd, buf));
+#ifdef __NR_fstat64
+      return DoSyscall(__NR_fstat64, fd, buf);
+#else
+      return DoSyscall(__NR_fstat, fd, buf);
+#endif
+     }
+ 
+     if (fd != AT_FDCWD && path[0] != '/') {
+       SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, 0x%x)",
+                         fd, path, buf, flags);
+       return BlockedSyscallTrap(aArgs, nullptr);
+     }
+ 
+