From: jnbr <jnbr@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: [PR PATCH] firefox: fix sandbox for fcntl
Date: Mon, 23 Nov 2020 23:34:52 +0100 [thread overview]
Message-ID: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-26663@inbox.vuxu.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 338 bytes --]
There is a new pull request by jnbr against master on the void-packages repository
https://github.com/jnbr/void-packages fiefox-dbg
https://github.com/void-linux/void-packages/pull/26663
firefox: fix sandbox for fcntl
fixes #26639
[ci skip]
A patch file from https://github.com/void-linux/void-packages/pull/26663.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-fiefox-dbg-26663.patch --]
[-- Type: text/x-diff, Size: 1818 bytes --]
From b62dfffaf18a177d6d9c51a8ae1aac1ad0d30f7d Mon Sep 17 00:00:00 2001
From: Johannes <johannes.brechtmann@gmail.com>
Date: Mon, 23 Nov 2020 22:45:51 +0100
Subject: [PATCH] firefox: fix sandbox for fcntl
The assumption that O_LARGEFILE is 0 is only true on glibc,
setting it to 00100000 is wrong for many architectures.
---
.../firefox/patches/sandbox-largefile.patch | 18 ++++++++++++++++++
srcpkgs/firefox/template | 2 +-
2 files changed, 19 insertions(+), 1 deletion(-)
create mode 100644 srcpkgs/firefox/patches/sandbox-largefile.patch
diff --git a/srcpkgs/firefox/patches/sandbox-largefile.patch b/srcpkgs/firefox/patches/sandbox-largefile.patch
new file mode 100644
index 00000000000..eb10510a90c
--- /dev/null
+++ b/srcpkgs/firefox/patches/sandbox-largefile.patch
@@ -0,0 +1,18 @@
+in case O_LARGEFILE is not set to 0, use the real value
+
+--- security/sandbox/linux/SandboxFilter.cpp 2020-11-23 22:41:14.556378950 +0100
++++ security/sandbox/linux/SandboxFilter.cpp 2020-11-23 22:40:23.595806444 +0100
+@@ -66,9 +66,13 @@
+ # define PR_SET_PTRACER 0x59616d61
+ #endif
+
++#if O_LARGEFILE == 0
+ // The headers define O_LARGEFILE as 0 on x86_64, but we need the
+ // actual value because it shows up in file flags.
+ #define O_LARGEFILE_REAL 00100000
++#else
++#define O_LARGEFILE_REAL O_LARGEFILE
++#endif
+
+ // Not part of UAPI, but userspace sees it in F_GETFL; see bug 1650751.
+ #define FMODE_NONOTIFY 0x4000000
diff --git a/srcpkgs/firefox/template b/srcpkgs/firefox/template
index 8383fcc952f..7d792ca84e7 100644
--- a/srcpkgs/firefox/template
+++ b/srcpkgs/firefox/template
@@ -4,7 +4,7 @@
#
pkgname=firefox
version=83.0
-revision=1
+revision=2
build_helper="rust"
short_desc="Mozilla Firefox web browser"
maintainer="Johannes <johannes.brechtmann@gmail.com>"
next reply other threads:[~2020-11-23 22:34 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-23 22:34 jnbr [this message]
2020-11-24 3:41 ` q66
2020-11-24 3:42 ` q66
2020-11-24 17:09 ` [PR PATCH] [Updated] " jnbr
2020-11-24 18:36 ` jnbr
2020-11-24 18:37 ` [PR PATCH] [Merged]: " jnbr
2020-11-24 19:49 ` pullmoll
2020-11-24 20:39 ` jnbr
2020-11-24 22:47 ` q66
2020-11-24 23:09 ` jnbr
2020-11-25 0:06 ` q66
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-26663@inbox.vuxu.org \
--to=jnbr@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).