From efe80ec472989740dda49e0ff4c861fdeb535cb9 Mon Sep 17 00:00:00 2001
From: lingsheng <lingsheng@huawei.com>
Date: Mon, 23 Aug 2021 16:49:28 +0800
Subject: [PATCH] Fix firefox tab crash with clone3 in glibc 2.34

---
 Deny-clone3-to-force-glibc-fallback.patch | 54 +++++++++++++++++++++++
 firefox.spec                              |  7 ++-
 2 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 Deny-clone3-to-force-glibc-fallback.patch

diff --git a/Deny-clone3-to-force-glibc-fallback.patch b/Deny-clone3-to-force-glibc-fallback.patch
new file mode 100644
index 0000000..1626b10
--- /dev/null
+++ b/Deny-clone3-to-force-glibc-fallback.patch
@@ -0,0 +1,54 @@
+
+# HG changeset patch
+# User Alexandre Lissy <lissyx+mozillians@lissyx.dyndns.org>
+# Date 1623246328 0
+# Node ID ecb4011a0c76a1c7040054a44712e277f3dc24a1
+# Parent  9ec189804055442e5cc98d69dd01b71e90ed0cb5
+Bug 1715254 - Deny clone3 to force glibc fallback r=gcp
+
+Differential Revision: https://phabricator.services.mozilla.com/D117297
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -853,16 +853,19 @@ class SandboxPolicyCommon : public Sandb
+         // Yield
+       case __NR_sched_yield:
+         return Allow();
+ 
+         // Thread creation.
+       case __NR_clone:
+         return ClonePolicy(InvalidSyscall());
+ 
++      case __NR_clone3:
++        return Error(ENOSYS);
++
+         // More thread creation.
+ #ifdef __NR_set_robust_list
+       case __NR_set_robust_list:
+         return Allow();
+ #endif
+ #ifdef ANDROID
+       case __NR_set_tid_address:
+         return Allow();
+@@ -1499,16 +1502,19 @@ class ContentSandboxPolicy : public Sand
+         // the child would inherit the seccomp-bpf policy and almost
+         // certainly die from an unexpected SIGSYS.  We also can't have
+         // fork() crash, currently, because there are too many system
+         // libraries/plugins that try to run commands.  But they can
+         // usually do something reasonable on error.
+       case __NR_clone:
+         return ClonePolicy(Error(EPERM));
+ 
++      case __NR_clone3:
++        return Error(ENOSYS);
++
+ #  ifdef __NR_fadvise64
+       case __NR_fadvise64:
+         return Allow();
+ #  endif
+ 
+ #  ifdef __NR_fadvise64_64
+       case __NR_fadvise64_64:
+         return Allow();
+
diff --git a/firefox.spec b/firefox.spec
index 9531aef..04f02ed 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -88,7 +88,7 @@
 Summary:             Mozilla Firefox Web browser
 Name:                firefox
 Version:             79.0
-Release:             9
+Release:             10
 URL:                 https://www.mozilla.org/firefox/
 License:             MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:             https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz
@@ -185,6 +185,7 @@ Patch640:            Bug-1680166-Return-EFAULT-when-given-a-null-path-to-stat-ca
 Patch641:            Bug-1680166-GCC-is-smarter-than-clang-so-ignore-the-warning-properly.patch
 Patch642:            firefox-glibc-dynstack.patch
 Patch643:            firefox-crashreporter-build.patch
+Patch644:            Deny-clone3-to-force-glibc-fallback.patch
 
 %if %{?system_nss}
 BuildRequires:       pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version}
@@ -363,6 +364,7 @@ tar -xf %{SOURCE3}
 %patch641 -p1
 %patch642 -p1
 %patch643 -p1
+%patch644 -p1
 
 %{__rm} -f .mozconfig
 %{__cp} %{SOURCE10} .mozconfig
@@ -805,6 +807,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %endif
 
 %changelog
+* Mon Aug 23 2021 lingsheng <lingsheng@huawei.com> - 79.0-10
+- Fix firefox tab crash with clone3 in glibc 2.34
+
 * Wed Aug 11 2021 caodongxia <caodongxia@huawei.com> - 79.0-9
 - Fix glibc dynstack 
 
-- 
Gitee