summaryrefslogtreecommitdiff
path: root/user/firefox-esr
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2020-06-02 15:42:44 -0500
committerMax Rees <maxcrees@me.com>2020-06-03 19:39:48 -0500
commit98a725069b0538ef835c6aed5895425b52db7e0e (patch)
tree3e58543d7cd9fb610e500cc419d7249b4f192828 /user/firefox-esr
parentbc1df8faf643506b42ca8545312ab8c566adb68b (diff)
downloadpackages-98a725069b0538ef835c6aed5895425b52db7e0e.tar.gz
packages-98a725069b0538ef835c6aed5895425b52db7e0e.tar.bz2
packages-98a725069b0538ef835c6aed5895425b52db7e0e.tar.xz
packages-98a725069b0538ef835c6aed5895425b52db7e0e.zip
[CVE] user/firefox-esr: bump to 68.9.0 and fix seccomp for time64 (#284)
Also "fix" statx support by pulling upstream patch to replace our membarrier patch Dropped rust-config.patch in the hopes it is no longer needed...
Diffstat (limited to 'user/firefox-esr')
-rw-r--r--user/firefox-esr/APKBUILD17
-rw-r--r--user/firefox-esr/rust-config.patch20
-rw-r--r--user/firefox-esr/seccomp-membarrier.patch12
-rw-r--r--user/firefox-esr/seccomp-musl.patch49
-rw-r--r--user/firefox-esr/seccomp-time64.patch112
5 files changed, 172 insertions, 38 deletions
diff --git a/user/firefox-esr/APKBUILD b/user/firefox-esr/APKBUILD
index 82a4e5276..f780d8765 100644
--- a/user/firefox-esr/APKBUILD
+++ b/user/firefox-esr/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Molly Miller <adelie@m-squa.red>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=firefox-esr
-pkgver=68.8.0
+pkgver=68.9.0
pkgrel=0
pkgdesc="Firefox web browser (extended support release)"
url="https://www.mozilla.org/firefox/"
@@ -41,8 +41,8 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$_ffxver/source/firefox-$_f
mozilla-build-arm.patch
ppc32-fix.patch
rust-32bit.patch
- rust-config.patch
- seccomp-membarrier.patch
+ seccomp-musl.patch
+ seccomp-time64.patch
shut-up-warning.patch
skia-sucks1.patch
skia-sucks2.patch
@@ -126,6 +126,11 @@ ldpath="$_mozappdir"
# - CVE-2020-12387
# - CVE-2020-12392
# - CVE-2020-12395
+# 68.9.0-r0:
+# - CVE-2020-12399
+# - CVE-2020-12405
+# - CVE-2020-12406
+# - CVE-2020-12410
unpack() {
default_unpack
@@ -241,7 +246,7 @@ package() {
EOF
}
-sha512sums="139a63dc85ae76a50da6be9a31425f97144e6c7e4a65b0f3009a84eb5c8c9566f6bb331e26590f8aecd5045c4d730ab4e848cf7220f3444a31147b5533c742b3 firefox-68.8.0esr.source.tar.xz
+sha512sums="98431800d80f7c680aef9eede29df8217810912a319a7f7f8c2e637c43ecd4f4e29223a417afb2a6315e825f979453ff6e6b5a575649aba5cc63ce5956375bb8 firefox-68.9.0esr.source.tar.xz
16e814e8dcffc707b595ca2919bd2fa3db0d15794c63d977364652c4a5b92e90e72b8c9e1cc83b5020398bd90a1b397dbdd7cb931c49f1aa4af6ef95414b43e0 Python-2.7.16.tar.xz
f82758d279cd12a1b30a9b36ac3c265cfb137df3db7ae185f2c538504e46fa70ace1b051fce847356851062b5cc9cd741a6d33d54f8cd103aa0c8272cb19ccc4 mozconfig
ace7492f4fb0523c7340fdc09c831906f74fddad93822aff367135538dacd3f56288b907f5a04f53f94c76e722ba0bab73e28d83ec12d3e672554712e6b08613 bad-google-code.patch
@@ -252,8 +257,8 @@ de8e3b15cd7dffb0eca5a729434986e5916234914cdc5fdcdbbc67d8bb439a535ed932293518dd74
e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18 mozilla-build-arm.patch
06a3f4ee6d3726adf3460952fcbaaf24bb15ef8d15b3357fdd1766c7a62b00bd53a1e943b5df7f4e1a69f4fae0d44b64fae1e027d7812499c77894975969ea10 ppc32-fix.patch
7c615703dc9b8427eeadd13bc9beda02e1c3d986cac1167feaf48fdfdcc15b7456460d4d58f301054cf459242ee75bbcd76bf67e26c2a443bc5655975d24ca1b rust-32bit.patch
-45613d476e85fe333ef8091acce4806803953c1a99de4f03ff577cf20c5a1a3d635d0589e1490da104ef80721f4f1b1d35045af3c6892c1a468fa84095f27ad8 rust-config.patch
-36369f2e237e894b2f9e70ffa0579bb3cddf1efa638a36b3469e9f529c28d7b72611fa426c5534d93094a8deb1376f43f6661447072dc6dfc6191ca5eebd4604 seccomp-membarrier.patch
+efc77a320850e10e8b99e6fb5d3dd28a3044e287fd87efbdf95807de26a6885235b2d994743cb374345d91a0353abd70a5790b829e37b717b77605e24d4f7f98 seccomp-musl.patch
+4b20dfa3ef3d470af069a274c53ea35c67d2d123f1b543ee243e7038ed94f5a1a6121f1f67713a9442e246b979c042f11efc7a6c32d0b8d3fd2c448dd1258733 seccomp-time64.patch
39ddb15d1453a8412275c36fc8db3befc69dffd4a362e932d280fb7fd1190db595a2af9b468ee49e0714f5e9df6e48eb5794122a64fa9f30d689de8693acbb15 shut-up-warning.patch
e751ffab263f03d4c74feebc617e3af115b1b53cf54fe16c3acc585eec67773f37aa8de4c19599fa6478179b01439025112ef2b759aa9923c9900e7081cb65a9 skia-sucks1.patch
9152bd3e6dc446337e6a2ed602279c620aedecc796ba28e777854c4f41fcf3067f9ebd086a4b63a6b76c2e69ec599ac6435b8eeda4f7488b1c45f69113facba4 skia-sucks2.patch
diff --git a/user/firefox-esr/rust-config.patch b/user/firefox-esr/rust-config.patch
deleted file mode 100644
index eab72a0e4..000000000
--- a/user/firefox-esr/rust-config.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -urw firefox-68.0-old/build/moz.configure/rust.configure firefox-68.0/build/moz.configure/rust.configure
---- firefox-68.0-old/build/moz.configure/rust.configure 2019-07-07 15:56:29.345963800 +0000
-+++ firefox-68.0/build/moz.configure/rust.configure 2019-07-07 16:19:25.990645334 +0000
-@@ -193,12 +193,16 @@
- ambiguous = set()
- per_raw_os = {}
- for t in out:
-+ if 'fuchsia' in t: continue
- t = split_triplet(t, allow_unknown=True)
- endianness = t.endianness
- if t.cpu.startswith('thumb') and endianness not in ('big', 'little'):
- endianness = 'little'
- key = (t.cpu, endianness, t.os)
- if key in per_os:
-+ # hax to allow Adélie toolchains to work
-+ if 'foxkit' in per_os[key].alias:
-+ continue
- previous = per_os[key]
- per_raw_os[(previous.cpu, previous.endianness,
- previous.raw_os)] = previous
diff --git a/user/firefox-esr/seccomp-membarrier.patch b/user/firefox-esr/seccomp-membarrier.patch
deleted file mode 100644
index be1744113..000000000
--- a/user/firefox-esr/seccomp-membarrier.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-musl ldso issues a membarrier when setting up TLS
-
---- firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp 2020-04-03 19:30:03.000000000 +0000
-+++ firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp 2020-04-19 04:59:30.280000000 +0000
-@@ -529,6 +529,7 @@ class SandboxPolicyCommon : public Sandb
-
- // ipc::Shmem; also, glibc when creating threads:
- case __NR_mprotect:
-+ case __NR_membarrier:
- return Allow();
-
- // madvise hints used by malloc; see bug 1303813 and bug 1364533
diff --git a/user/firefox-esr/seccomp-musl.patch b/user/firefox-esr/seccomp-musl.patch
new file mode 100644
index 000000000..edd4a3024
--- /dev/null
+++ b/user/firefox-esr/seccomp-musl.patch
@@ -0,0 +1,49 @@
+Backport of https://hg.mozilla.org/mozilla-central/rev/a0be746532f437055e4190cc8db802ad1239405e
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -419,16 +419,20 @@ class SandboxPolicyCommon : public Sandb
+ case __NR_faccessat:
+ return Trap(AccessAtTrap, mBroker);
+ CASES_FOR_stat:
+ return Trap(StatTrap, mBroker);
+ CASES_FOR_lstat:
+ return Trap(LStatTrap, mBroker);
+ CASES_FOR_fstatat:
+ return Trap(StatAtTrap, mBroker);
++ // Used by new libc and Rust's stdlib, if available.
++ // We don't have broker support yet so claim it does not exist.
++ case __NR_statx:
++ return Error(ENOSYS);
+ case __NR_chmod:
+ return Trap(ChmodTrap, mBroker);
+ case __NR_link:
+ return Trap(LinkTrap, mBroker);
+ case __NR_mkdir:
+ return Trap(MkdirTrap, mBroker);
+ case __NR_symlink:
+ return Trap(SymlinkTrap, mBroker);
+@@ -538,16 +542,20 @@ class SandboxPolicyCommon : public Sandb
+ .ElseIf(advice == MADV_HUGEPAGE, Allow())
+ .ElseIf(advice == MADV_NOHUGEPAGE, Allow())
+ #ifdef MOZ_ASAN
+ .ElseIf(advice == MADV_DONTDUMP, Allow())
+ #endif
+ .Else(InvalidSyscall());
+ }
+
++ // musl libc will set this up in pthreads support.
++ case __NR_membarrier:
++ return Allow();
++
+ // Signal handling
+ #if defined(ANDROID) || defined(MOZ_ASAN)
+ case __NR_sigaltstack:
+ #endif
+ CASES_FOR_sigreturn:
+ CASES_FOR_sigprocmask:
+ CASES_FOR_sigaction:
+ return Allow();
+
+
diff --git a/user/firefox-esr/seccomp-time64.patch b/user/firefox-esr/seccomp-time64.patch
new file mode 100644
index 000000000..72cc28b5d
--- /dev/null
+++ b/user/firefox-esr/seccomp-time64.patch
@@ -0,0 +1,112 @@
+This drops the use of the chromium sandbox syscall headers which were
+defining syscall numbers if they were undefined. This masked the time64
+issue initially since while musl renamed several of the time32 syscall
+numbers to catch breakage like this, these headers were silently
+bringing them back. I did this by comparing the syscall numbers provided
+by the chromium and musl headers and redefining the generic names to
+their time64 counterparts.
+
+For gettimeofday and settimeofday there does not appear to be a time64
+counterpart so I have defined them as the time32 versions. For
+settimeofday this should not matter (the seccomp filter will block this
+by virture of not being on the whitelist - no content process needs to
+set the time anyway).
+
+It is not possible to entirely block the usage of time32 syscalls
+because musl uses them internally when it can or in fallback paths.
+
+I did not check the MIPS headers since we don't currently ship a MIPS
+port, so in the future those includes should be examined and dropped
+too...
+
+--- firefox-68.8.0/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h 2020-04-29 16:49:45.000000000 -0500
++++ firefox-68.8.0/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h 2020-05-20 03:09:47.369457646 -0500
+@@ -8,18 +8,7 @@
+
+ #ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+ #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+-
+-#if defined(__x86_64__)
+-#include "sandbox/linux/system_headers/x86_64_linux_syscalls.h"
+-#endif
+-
+-#if defined(__i386__)
+-#include "sandbox/linux/system_headers/x86_32_linux_syscalls.h"
+-#endif
+-
+-#if defined(__arm__) && defined(__ARM_EABI__)
+-#include "sandbox/linux/system_headers/arm_linux_syscalls.h"
+-#endif
++#include <sys/syscall.h>
+
+ #if defined(__mips__) && (_MIPS_SIM == _ABIO32)
+ #include "sandbox/linux/system_headers/mips_linux_syscalls.h"
+@@ -33,5 +22,36 @@
+ #include "sandbox/linux/system_headers/arm64_linux_syscalls.h"
+ #endif
+
++#if !defined(__NR_clock_getres) && defined(__NR_clock_getres_time64)
++#define __NR_clock_getres __NR_clock_getres_time64
++#endif
++#if !defined(__NR_clock_gettime) && defined(__NR_clock_gettime64)
++#define __NR_clock_gettime __NR_clock_gettime64
++#endif
++#if !defined(__NR_clock_nanosleep) && defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep __NR_clock_nanosleep_time64
++#endif
++#if !defined(__NR_clock_settime) && defined(__NR_clock_settime64)
++#define __NR_clock_settime __NR_clock_settime64
++#endif
++#if !defined(__NR_gettimeofday) && defined(__NR_gettimeofday_time32)
++#define __NR_gettimeofday __NR_gettimeofday_time32
++#endif
++#if !defined(__NR_settimeofday) && defined(__NR_settimeofday_time32)
++#define __NR_settimeofday __NR_settimeofday_time32
++#endif
++#if !defined(__NR_timer_gettime) && defined(__NR_timer_gettime64)
++#define __NR_timer_gettime __NR_timer_gettime64
++#endif
++#if !defined(__NR_timer_settime) && defined(__NR_timer_settime64)
++#define __NR_timer_settime __NR_timer_settime64
++#endif
++#if !defined(__NR_timerfd_gettime) && defined(__NR_timerfd_gettime64)
++#define __NR_timerfd_gettime __NR_timerfd_gettime64
++#endif
++#if !defined(__NR_timerfd_settime) && defined(__NR_timerfd_settime64)
++#define __NR_timerfd_settime __NR_timerfd_settime64
++#endif
++
+ #endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+
+--- firefox-68.8.0/security/sandbox/linux/SandboxFilter.cpp 2020-04-29 16:49:45.000000000 -0500
++++ firefox-68.8.0/security/sandbox/linux/SandboxFilter.cpp 2020-05-19 23:33:27.829642593 -0500
+@@ -478,6 +478,9 @@ class SandboxPolicyCommon : public Sandb
+
+ // Thread synchronization
+ case __NR_futex:
++#ifdef __NR_futex_time64
++ case __NR_futex_time64:
++#endif
+ // FIXME: This could be more restrictive....
+ return Allow();
+
+@@ -488,6 +491,9 @@ class SandboxPolicyCommon : public Sandb
+ case __NR_epoll_pwait:
+ case __NR_epoll_ctl:
+ case __NR_ppoll:
++#ifdef __NR_ppoll_time64
++ case __NR_ppoll_time64:
++#endif
+ case __NR_poll:
+ return Allow();
+
+@@ -1017,6 +1023,9 @@ class ContentSandboxPolicy : public Sand
+
+ CASES_FOR_select:
+ case __NR_pselect6:
++#ifdef __NR_pselect6_time64
++ case __NR_pselect6_time64:
++#endif
+ return Allow();
+
+ CASES_FOR_getdents: