From efe80ec472989740dda49e0ff4c861fdeb535cb9 Mon Sep 17 00:00:00 2001 From: lingsheng Date: Mon, 23 Aug 2021 16:49:28 +0800 Subject: [PATCH] Fix firefox tab crash with clone3 in glibc 2.34 --- Deny-clone3-to-force-glibc-fallback.patch | 54 +++++++++++++++++++++++ firefox.spec | 7 ++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 Deny-clone3-to-force-glibc-fallback.patch diff --git a/Deny-clone3-to-force-glibc-fallback.patch b/Deny-clone3-to-force-glibc-fallback.patch new file mode 100644 index 0000000..1626b10 --- /dev/null +++ b/Deny-clone3-to-force-glibc-fallback.patch @@ -0,0 +1,54 @@ + +# HG changeset patch +# User Alexandre Lissy +# Date 1623246328 0 +# Node ID ecb4011a0c76a1c7040054a44712e277f3dc24a1 +# Parent 9ec189804055442e5cc98d69dd01b71e90ed0cb5 +Bug 1715254 - Deny clone3 to force glibc fallback r=gcp + +Differential Revision: https://phabricator.services.mozilla.com/D117297 + +diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp +--- a/security/sandbox/linux/SandboxFilter.cpp ++++ b/security/sandbox/linux/SandboxFilter.cpp +@@ -853,16 +853,19 @@ class SandboxPolicyCommon : public Sandb + // Yield + case __NR_sched_yield: + return Allow(); + + // Thread creation. + case __NR_clone: + return ClonePolicy(InvalidSyscall()); + ++ case __NR_clone3: ++ return Error(ENOSYS); ++ + // More thread creation. + #ifdef __NR_set_robust_list + case __NR_set_robust_list: + return Allow(); + #endif + #ifdef ANDROID + case __NR_set_tid_address: + return Allow(); +@@ -1499,16 +1502,19 @@ class ContentSandboxPolicy : public Sand + // the child would inherit the seccomp-bpf policy and almost + // certainly die from an unexpected SIGSYS. We also can't have + // fork() crash, currently, because there are too many system + // libraries/plugins that try to run commands. But they can + // usually do something reasonable on error. + case __NR_clone: + return ClonePolicy(Error(EPERM)); + ++ case __NR_clone3: ++ return Error(ENOSYS); ++ + # ifdef __NR_fadvise64 + case __NR_fadvise64: + return Allow(); + # endif + + # ifdef __NR_fadvise64_64 + case __NR_fadvise64_64: + return Allow(); + diff --git a/firefox.spec b/firefox.spec index 9531aef..04f02ed 100644 --- a/firefox.spec +++ b/firefox.spec @@ -88,7 +88,7 @@ Summary: Mozilla Firefox Web browser Name: firefox Version: 79.0 -Release: 9 +Release: 10 URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}/source/firefox-%{version}.source.tar.xz @@ -185,6 +185,7 @@ Patch640: Bug-1680166-Return-EFAULT-when-given-a-null-path-to-stat-ca Patch641: Bug-1680166-GCC-is-smarter-than-clang-so-ignore-the-warning-properly.patch Patch642: firefox-glibc-dynstack.patch Patch643: firefox-crashreporter-build.patch +Patch644: Deny-clone3-to-force-glibc-fallback.patch %if %{?system_nss} BuildRequires: pkgconfig(nspr) >= %{nspr_version} pkgconfig(nss) >= %{nss_version} @@ -363,6 +364,7 @@ tar -xf %{SOURCE3} %patch641 -p1 %patch642 -p1 %patch643 -p1 +%patch644 -p1 %{__rm} -f .mozconfig %{__cp} %{SOURCE10} .mozconfig @@ -805,6 +807,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %endif %changelog +* Mon Aug 23 2021 lingsheng - 79.0-10 +- Fix firefox tab crash with clone3 in glibc 2.34 + * Wed Aug 11 2021 caodongxia - 79.0-9 - Fix glibc dynstack -- Gitee