* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
@ 2020-11-24 3:41 ` q66
2020-11-24 3:42 ` q66
` (8 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: q66 @ 2020-11-24 3:41 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 477 bytes --]
New comment by q66 on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-732634494
Comment:
this is not entirely correct, as the value is not `0100000` on all platforms
the block should look like this:
```
#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
#define O_LARGEFILE_REAL 0100000
#elif defined(__powerpc__)
#define O_LARGEFILE_REAL 0200000
#else
#define O_LARGEFILE_REAL O_LARGEFILE
#endif
```
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
2020-11-24 3:41 ` q66
@ 2020-11-24 3:42 ` q66
2020-11-24 17:09 ` [PR PATCH] [Updated] " jnbr
` (7 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: q66 @ 2020-11-24 3:42 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 542 bytes --]
New comment by q66 on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-732634494
Comment:
this is not entirely correct, as the value is not `0100000` on all platforms
the block should look like this:
```
#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
#define O_LARGEFILE_REAL 0100000
#elif defined(__powerpc__)
#define O_LARGEFILE_REAL 0200000
#else
#define O_LARGEFILE_REAL O_LARGEFILE
#endif
```
(this is equivalent to how it's done and working in chromium)
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PR PATCH] [Updated] firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
2020-11-24 3:41 ` q66
2020-11-24 3:42 ` q66
@ 2020-11-24 17:09 ` jnbr
2020-11-24 18:36 ` jnbr
` (6 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jnbr @ 2020-11-24 17:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 343 bytes --]
There is an updated pull request by jnbr against master on the void-packages repository
https://github.com/jnbr/void-packages fiefox-dbg
https://github.com/void-linux/void-packages/pull/26663
firefox: fix sandbox for fcntl
fixes #26639
[ci skip]
A patch file from https://github.com/void-linux/void-packages/pull/26663.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-fiefox-dbg-26663.patch --]
[-- Type: text/x-diff, Size: 1857 bytes --]
From b884a5e0f8f2b604aa28de76938618ad9cf9f407 Mon Sep 17 00:00:00 2001
From: Johannes <johannes.brechtmann@gmail.com>
Date: Mon, 23 Nov 2020 22:45:51 +0100
Subject: [PATCH] firefox: fix sandbox for fcntl
The assumption that O_LARGEFILE is 0 is only true on glibc,
setting it to 00100000 is wrong for many architectures.
---
srcpkgs/firefox/patches/sandbox-largefile.patch | 17 +++++++++++++++++
srcpkgs/firefox/template | 2 +-
2 files changed, 18 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/firefox/patches/sandbox-largefile.patch
diff --git a/srcpkgs/firefox/patches/sandbox-largefile.patch b/srcpkgs/firefox/patches/sandbox-largefile.patch
new file mode 100644
index 00000000000..494ca82df5a
--- /dev/null
+++ b/srcpkgs/firefox/patches/sandbox-largefile.patch
@@ -0,0 +1,17 @@
+--- security/sandbox/linux/SandboxFilter.cpp 2020-11-23 22:41:14.556378950 +0100
++++ security/sandbox/linux/SandboxFilter.cpp 2020-11-23 22:40:23.595806444 +0100
+@@ -68,7 +68,13 @@
+
+ // The headers define O_LARGEFILE as 0 on x86_64, but we need the
+ // actual value because it shows up in file flags.
+-#define O_LARGEFILE_REAL 00100000
++#if defined(__x86_64__) || defined(__i386__) || defined(__mips__)
++#define O_LARGEFILE_REAL 0100000
++#elif defined(__powerpc__)
++#define O_LARGEFILE_REAL 0200000
++#else
++#define O_LARGEFILE_REAL O_LARGEFILE
++#endif
+
+ // Not part of UAPI, but userspace sees it in F_GETFL; see bug 1650751.
+ #define FMODE_NONOTIFY 0x4000000
diff --git a/srcpkgs/firefox/template b/srcpkgs/firefox/template
index 8383fcc952f..7d792ca84e7 100644
--- a/srcpkgs/firefox/template
+++ b/srcpkgs/firefox/template
@@ -4,7 +4,7 @@
#
pkgname=firefox
version=83.0
-revision=1
+revision=2
build_helper="rust"
short_desc="Mozilla Firefox web browser"
maintainer="Johannes <johannes.brechtmann@gmail.com>"
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (2 preceding siblings ...)
2020-11-24 17:09 ` [PR PATCH] [Updated] " jnbr
@ 2020-11-24 18:36 ` jnbr
2020-11-24 18:37 ` [PR PATCH] [Merged]: " jnbr
` (5 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jnbr @ 2020-11-24 18:36 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 154 bytes --]
New comment by jnbr on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-733160937
Comment:
Thanks, updated.
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: [PR PATCH] [Merged]: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (3 preceding siblings ...)
2020-11-24 18:36 ` jnbr
@ 2020-11-24 18:37 ` jnbr
2020-11-24 19:49 ` pullmoll
` (4 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jnbr @ 2020-11-24 18:37 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 190 bytes --]
There's a merged pull request on the void-packages repository
firefox: fix sandbox for fcntl
https://github.com/void-linux/void-packages/pull/26663
Description:
fixes #26639
[ci skip]
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (4 preceding siblings ...)
2020-11-24 18:37 ` [PR PATCH] [Merged]: " jnbr
@ 2020-11-24 19:49 ` pullmoll
2020-11-24 20:39 ` jnbr
` (3 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: pullmoll @ 2020-11-24 19:49 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 321 bytes --]
New comment by pullmoll on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-733196394
Comment:
This same patch applies and is certainly required for `firexfox-esr` and thus also `icecat` as well.
I'll add it and push the updates once the builders are done with `firefox`.
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (5 preceding siblings ...)
2020-11-24 19:49 ` pullmoll
@ 2020-11-24 20:39 ` jnbr
2020-11-24 22:47 ` q66
` (2 subsequent siblings)
9 siblings, 0 replies; 11+ messages in thread
From: jnbr @ 2020-11-24 20:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 171 bytes --]
New comment by jnbr on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-733221167
Comment:
Good point. Same for thunderbird.
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (6 preceding siblings ...)
2020-11-24 20:39 ` jnbr
@ 2020-11-24 22:47 ` q66
2020-11-24 23:09 ` jnbr
2020-11-25 0:06 ` q66
9 siblings, 0 replies; 11+ messages in thread
From: q66 @ 2020-11-24 22:47 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 280 bytes --]
New comment by q66 on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-733277343
Comment:
why would it be required? these are all ESR, i.e. 78, and the patch was not needed until 83 (I have 82 still running on aarch64 with no issues)
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (7 preceding siblings ...)
2020-11-24 22:47 ` q66
@ 2020-11-24 23:09 ` jnbr
2020-11-25 0:06 ` q66
9 siblings, 0 replies; 11+ messages in thread
From: jnbr @ 2020-11-24 23:09 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 516 bytes --]
New comment by jnbr on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-733285061
Comment:
In general, it is mostly a problem on musl because musl passes O_NONBLOCK to fcntl().
On glibc, this is (usually?) not the case, so the bug won't be triggered there.
Only because the bug was not triggered as reliable before doesn't mean it's not there.
Patching the esr versions won't hurt, not sure if we need rebuilds, we could also do it with the next round of minor bumps
^ permalink raw reply [flat|nested] 11+ messages in thread* Re: firefox: fix sandbox for fcntl
2020-11-23 22:34 [PR PATCH] firefox: fix sandbox for fcntl jnbr
` (8 preceding siblings ...)
2020-11-24 23:09 ` jnbr
@ 2020-11-25 0:06 ` q66
9 siblings, 0 replies; 11+ messages in thread
From: q66 @ 2020-11-25 0:06 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 317 bytes --]
New comment by q66 on void-packages repository
https://github.com/void-linux/void-packages/pull/26663#issuecomment-733330428
Comment:
let's add the patch (for correctness) in the esr stuff, but i don't think there are issues with 78.x on aarch64 (even musl, iirc i tested it a while back), so we don't need to bump
^ permalink raw reply [flat|nested] 11+ messages in thread