diff options
5 files changed, 108 insertions, 24 deletions
diff --git a/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch b/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch index 73ae042cc..b1dcee50f 100644 --- a/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch +++ b/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch @@ -1,4 +1,4 @@ -From 5025aab61517c8608b555ba929c61eb0706bd6bd Mon Sep 17 00:00:00 2001 +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com> Date: Mon, 25 Mar 2019 20:30:11 +0100 Subject: [PATCH] Use remoting name for GDK application names @@ -9,10 +9,10 @@ Subject: [PATCH] Use remoting name for GDK application names 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp -index da8289200e72..452195b146f3 100644 +index 49e2c73986ab..43ebcac381c7 100644 --- a/toolkit/xre/nsAppRunner.cpp +++ b/toolkit/xre/nsAppRunner.cpp -@@ -3785,11 +3785,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { +@@ -3822,11 +3822,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { // consistently. // Set program name to the one defined in application.ini. @@ -26,7 +26,7 @@ index da8289200e72..452195b146f3 100644 // Initialize GTK here for splash. diff --git a/widget/gtk/nsAppShell.cpp b/widget/gtk/nsAppShell.cpp -index 163a93e2d1a4..4b6d45217671 100644 +index cfe022e65d82..06325264dbb1 100644 --- a/widget/gtk/nsAppShell.cpp +++ b/widget/gtk/nsAppShell.cpp @@ -24,6 +24,7 @@ @@ -37,7 +37,7 @@ index 163a93e2d1a4..4b6d45217671 100644 #include "ScreenHelperGTK.h" #include "HeadlessScreenHelper.h" #include "mozilla/widget/ScreenManager.h" -@@ -175,13 +176,9 @@ nsresult nsAppShell::Init() { +@@ -159,13 +160,9 @@ nsresult nsAppShell::Init() { // See https://bugzilla.gnome.org/show_bug.cgi?id=747634 // // Only bother doing this for the parent process, since it's the one @@ -54,6 +54,3 @@ index 163a93e2d1a4..4b6d45217671 100644 } } } --- -2.26.1 - diff --git a/libre/iceweasel/0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch b/libre/iceweasel/0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch new file mode 100644 index 000000000..427dfcdc1 --- /dev/null +++ b/libre/iceweasel/0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch @@ -0,0 +1,46 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Jed Davis <jld@mozilla.com> +Date: Fri, 28 Aug 2020 09:23:58 +0000 +Subject: [PATCH] Bug 1660901 - Support the fstat-like subset of fstatat in the + Linux sandbox policies. r=gcp + +Differential Revision: https://phabricator.services.mozilla.com/D88499 +--- + security/sandbox/linux/SandboxFilter.cpp | 6 ++++++ + security/sandbox/linux/broker/SandboxBrokerUtils.h | 2 ++ + 2 files changed, 8 insertions(+) + +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +index e522d61e065c..4087bdc07e01 100644 +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -243,6 +243,12 @@ class SandboxPolicyCommon : public SandboxPolicyBase { + auto path = reinterpret_cast<const char*>(aArgs.args[1]); + auto buf = reinterpret_cast<statstruct*>(aArgs.args[2]); + auto flags = static_cast<int>(aArgs.args[3]); ++ ++ if (fd != AT_FDCWD && (flags & AT_EMPTY_PATH) != 0 && ++ strcmp(path, "") == 0) { ++ return ConvertError(fstatsyscall(fd, buf)); ++ } ++ + if (fd != AT_FDCWD && path[0] != '/') { + SANDBOX_LOG_ERROR("unsupported fd-relative fstatat(%d, \"%s\", %p, %d)", + fd, path, buf, flags); +diff --git a/security/sandbox/linux/broker/SandboxBrokerUtils.h b/security/sandbox/linux/broker/SandboxBrokerUtils.h +index 85a006740c2c..db33b5028e77 100644 +--- a/security/sandbox/linux/broker/SandboxBrokerUtils.h ++++ b/security/sandbox/linux/broker/SandboxBrokerUtils.h +@@ -19,10 +19,12 @@ + typedef struct stat64 statstruct; + # define statsyscall stat64 + # define lstatsyscall lstat64 ++# define fstatsyscall fstat64 + #elif defined(__NR_stat) + typedef struct stat statstruct; + # define statsyscall stat + # define lstatsyscall lstat ++# define fstatsyscall fstat + #else + # error Missing stat syscall include. + #endif diff --git a/libre/iceweasel/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch b/libre/iceweasel/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch new file mode 100644 index 000000000..dd5a53535 --- /dev/null +++ b/libre/iceweasel/0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch @@ -0,0 +1,31 @@ +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 +From: Julien Cristau <jcristau@mozilla.com> +Date: Sun, 6 Sep 2020 20:20:39 +0000 +Subject: [PATCH] Bug 1660901 - ignore AT_NO_AUTOMOUNT in fstatat system call. + r=jld + +Per the manpage "Both stat() and lstat() act as though AT_NO_AUTOMOUNT +was set.", so don't bail if it's set in a call to fstatat. + +Differential Revision: https://phabricator.services.mozilla.com/D89121 +--- + security/sandbox/linux/SandboxFilter.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +index 4087bdc07e01..c4f6c318ad1c 100644 +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -254,9 +254,10 @@ class SandboxPolicyCommon : public SandboxPolicyBase { + fd, path, buf, flags); + return BlockedSyscallTrap(aArgs, nullptr); + } +- if ((flags & ~AT_SYMLINK_NOFOLLOW) != 0) { ++ if ((flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)) != 0) { + SANDBOX_LOG_ERROR("unsupported flags %d in fstatat(%d, \"%s\", %p, %d)", +- (flags & ~AT_SYMLINK_NOFOLLOW), fd, path, buf, flags); ++ (flags & ~(AT_SYMLINK_NOFOLLOW | AT_NO_AUTOMOUNT)), fd, ++ path, buf, flags); + return BlockedSyscallTrap(aArgs, nullptr); + } + return (flags & AT_SYMLINK_NOFOLLOW) == 0 ? broker->Stat(path, buf) diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD index 9a253d858..c11a28efc 100644 --- a/libre/iceweasel/PKGBUILD +++ b/libre/iceweasel/PKGBUILD @@ -44,8 +44,8 @@ pkgname=iceweasel epoch=1 -pkgver=80.0.1 -pkgrel=1 +pkgver=81.0 +pkgrel=2 pkgrel+=.parabola1 _brandingver=80.0 _brandingrel=1 @@ -57,7 +57,7 @@ url="https://wiki.parabola.nu/Iceweasel" depends=(gtk3 libxt mime-types dbus-glib ffmpeg nss ttf-font libpulse) makedepends=(unzip zip diffutils yasm mesa imake inetutils xorg-server-xvfb autoconf2.13 rust clang llvm jack gtk2 nodejs cbindgen nasm - python-setuptools python-psutil lld) + python-setuptools python-psutil python-zstandard lld) # FIXME: 'mozilla-serarchplugins' package needs re-working (see note in prepare()) makedepends+=(quilt libxslt imagemagick git jq) optdepends=('networkmanager: Location detection via available WiFi networks' @@ -69,6 +69,8 @@ replaces=('firefox') options=(!emptydirs !makeflags !strip) source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz{,.asc} 0001-Use-remoting-name-for-GDK-application-names.patch + 0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch + 0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch $pkgname.desktop) source+=(https://repo.parabola.nu/other/iceweasel/${pkgname}_${_brandingver}-${_brandingrel}.branding.tar.xz{,.sig} libre.patch @@ -78,16 +80,18 @@ source_armv7h=(arm.patch build-arm-libopus.patch) source_i686=('avoid-libxul-OOM-python-check.patch' 'rust-static-disable-network-test-on-static-libraries.patch') -sha256sums=('596b085e32a2d683ba960e161ea65c6271f90f576d4bf956e0d48e83af992c21' +sha256sums=('9328745012178aee5a4f47c833539f7872cc6e0f20a853568a313e60cabd1ec8' 'SKIP' - '3bb7463471fb43b2163a705a79a13a3003d70fff4bbe44f467807ca056de9a75' + 'e0eaec8ddd24bbebf4956563ebc6d7a56f8dada5835975ee4d320dd3d0c9c442' + 'c2489a4ad3bfb65c064e07180a1de9a2fbc3b1b72d6bc4cd3985484d1b6b7b29' + '52cc26cda4117f79fae1a0ad59e1404b299191a1c53d38027ceb178dab91f3dc' '44be8e819b8334ed36e9410d62dbc6c16dd8f8329a191403bfdce3cf2e9181fc' '228b7d316ab6836a6e69aa7070033b1ae073f3579474a49d8c306702b1c1413e' 'SKIP' '5cfcadbd168c52b1b1e3f2f2c45911a4ae1a9d8a05918be68475a31985607bd8' '0ed6b8efa00f73a96bceaba2d6a31fb11d416106729ab9b8289b191eb9acccfa' '0ace0929a7487bd3d464a432e9be643a8f62d135cdfc1b4b2c55846aee8c04dc') -sha256sums_i686=('bf2829f280ef05a608584ce7ec95875e147f315bac9609f5e18052bc03e3c4f9' +sha256sums_i686=('80b6461579398398c28f9b72b0c55220f261d9bf6c5a253e3bc66dc8a65131f6' 'e661665ee00ecec66c33e115b0af3474452022f0d8ceda634a6315dc8cb99014') sha256sums_armv7h=('bc00516032330760444939c516a60c78f868631e1b37f075f0fe71a53737b966' '2d4d91f7e35d0860225084e37ec320ca6cae669f6c9c8fe7735cdbd542e3a7c9') @@ -107,9 +111,13 @@ prepare() { cd firefox-$pkgver # https://bugzilla.mozilla.org/show_bug.cgi?id=1530052 - echo "applying 0001-Use-remoting-name-for-GDK-application-names.patch" patch -Np1 -i ../0001-Use-remoting-name-for-GDK-application-names.patch + # https://bugs.archlinux.org/task/67978 + # https://bugzilla.mozilla.org/show_bug.cgi?id=1660901 + patch -Np1 -i ../0002-Bug-1660901-Support-the-fstat-like-subset-of-fstatat.patch + patch -Np1 -i ../0003-Bug-1660901-ignore-AT_NO_AUTOMOUNT-in-fstatat-system.patch + cat >../mozconfig <<END ac_add_options --enable-application=browser mk_add_options MOZ_OBJDIR=${PWD@Q}/obj @@ -134,6 +142,7 @@ ac_add_options --enable-update-channel=release ac_add_options --with-distribution-id=nu.parabola ac_add_options --with-unsigned-addon-scopes=app,system ac_add_options --allow-addon-sideload +export MOZ_APP_NAME=$pkgname export MOZ_APP_REMOTINGNAME=${pkgname//-/} export MOZ_TELEMETRY_REPORTING= export MOZ_REQUIRE_SIGNING= @@ -343,6 +352,7 @@ build() { export MOZ_NOSPAM=1 export MOZBUILD_STATE_PATH="$srcdir/mozbuild" + export MACH_USE_SYSTEM_PYTHON=1 # LTO needs more open files ulimit -n 4096 diff --git a/libre/iceweasel/avoid-libxul-OOM-python-check.patch b/libre/iceweasel/avoid-libxul-OOM-python-check.patch index 04ce4958e..caefbe08f 100644 --- a/libre/iceweasel/avoid-libxul-OOM-python-check.patch +++ b/libre/iceweasel/avoid-libxul-OOM-python-check.patch @@ -1,30 +1,30 @@ diff -rauN firefox-79.0/config/rules.mk firefox-79.0-avoid-libxul-OOM-python-check-patch/config/rules.mk --- firefox-79.0/config/rules.mk 2020-07-21 00:49:36.000000000 +0200 +++ firefox-79.0-avoid-libxul-OOM-python-check-patch/config/rules.mk 2020-08-02 14:04:30.846204786 +0200 -@@ -470,7 +470,7 @@ - endif # MSVC with manifest tool +@@ -470,7 +470,7 @@ ifeq (_WINNT,$(GNU_CC)_$(OS_ARCH)) + $(LINKER) -OUT:$@ -PDB:$(LINK_PDBFILE) -IMPLIB:$(basename $(@F)).lib $(WIN32_EXE_LDFLAGS) $(LDFLAGS) $(MOZ_PROGRAM_LDFLAGS) $($(notdir $@)_OBJS) $(filter %.res,$^) $(STATIC_LIBS) $(SHARED_LIBS) $(OS_LIBS) else # !WINNT || GNU_CC - $(call EXPAND_CC_OR_CXX,$@) -o $@ $(COMPUTED_CXX_LDFLAGS) $(PGO_CFLAGS) $($(notdir $@)_OBJS) $(RESFILE) $(WIN32_EXE_LDFLAGS) $(LDFLAGS) $(STATIC_LIBS) $(MOZ_PROGRAM_LDFLAGS) $(SHARED_LIBS) $(OS_LIBS) + $(call EXPAND_CC_OR_CXX,$@) -o $@ $(COMPUTED_CXX_LDFLAGS) $(PGO_CFLAGS) $($(notdir $@)_OBJS) $(filter %.res,$^) $(WIN32_EXE_LDFLAGS) $(LDFLAGS) $(STATIC_LIBS) $(MOZ_PROGRAM_LDFLAGS) $(SHARED_LIBS) $(OS_LIBS) - $(call py_action,check_binary,--target $@) +# $(call py_action,check_binary,--target $@) endif # WINNT && !GNU_CC ifdef ENABLE_STRIP -@@ -526,7 +526,7 @@ - endif # MSVC with manifest tool +@@ -514,7 +514,7 @@ ifeq (_WINNT,$(GNU_CC)_$(OS_ARCH)) + $(LINKER) -out:$@ -pdb:$(LINK_PDBFILE) $($@_OBJS) $(filter %.res,$^) $(WIN32_EXE_LDFLAGS) $(LDFLAGS) $(MOZ_PROGRAM_LDFLAGS) $(STATIC_LIBS) $(SHARED_LIBS) $(OS_LIBS) else - $(call EXPAND_CC_OR_CXX,$@) $(COMPUTED_CXX_LDFLAGS) $(PGO_CFLAGS) -o $@ $($@_OBJS) $(WIN32_EXE_LDFLAGS) $(LDFLAGS) $(STATIC_LIBS) $(MOZ_PROGRAM_LDFLAGS) $(SHARED_LIBS) $(OS_LIBS) + $(call EXPAND_CC_OR_CXX,$@) $(COMPUTED_CXX_LDFLAGS) $(PGO_CFLAGS) -o $@ $($@_OBJS) $(filter %.res,$^) $(WIN32_EXE_LDFLAGS) $(LDFLAGS) $(STATIC_LIBS) $(MOZ_PROGRAM_LDFLAGS) $(SHARED_LIBS) $(OS_LIBS) - $(call py_action,check_binary,--target $@) +# $(call py_action,check_binary,--target $@) endif # WINNT && !GNU_CC ifdef ENABLE_STRIP -@@ -606,7 +606,7 @@ +@@ -594,7 +594,7 @@ ifndef INCREMENTAL_LINKER $(RM) $@ endif - $(MKSHLIB) $($@_OBJS) $(RESFILE) $(LDFLAGS) $(STATIC_LIBS) $(SHARED_LIBS) $(EXTRA_DSO_LDOPTS) $(MOZ_GLUE_LDFLAGS) $(OS_LIBS) + $(MKSHLIB) $($@_OBJS) $(filter %.res,$^) $(LDFLAGS) $(STATIC_LIBS) $(SHARED_LIBS) $(EXTRA_DSO_LDOPTS) $(MOZ_GLUE_LDFLAGS) $(OS_LIBS) - $(call py_action,check_binary,--target $@) +# $(call py_action,check_binary,--target $@) ifeq (_WINNT,$(GNU_CC)_$(OS_ARCH)) - ifdef MSMANIFEST_TOOL + endif # WINNT && !GCC |