[CVE] user/firefox-esr: bump to 68.9.0 and fix seccomp for time64 (#284)

Also "fix" statx support by pulling upstream patch to replace our
membarrier patch

Dropped rust-config.patch in the hopes it is no longer needed...

5 files changed, 172 insertions, 38 deletions

diff --git a/user/firefox-esr/APKBUILD b/user/firefox-esr/APKBUILD
index 82a4e5276..f780d8765 100644
--- a/user/firefox-esr/APKBUILD
+++ b/user/firefox-esr/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Molly Miller <adelie@m-squa.red>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=firefox-esr
-pkgver=68.8.0
+pkgver=68.9.0
 pkgrel=0
 pkgdesc="Firefox web browser (extended support release)"
 url="https://www.mozilla.org/firefox/"
@@ -41,8 +41,8 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$_ffxver/source/firefox-$_f
 	mozilla-build-arm.patch
 	ppc32-fix.patch
 	rust-32bit.patch
-	rust-config.patch
-	seccomp-membarrier.patch
+	seccomp-musl.patch
+	seccomp-time64.patch
 	shut-up-warning.patch
 	skia-sucks1.patch
 	skia-sucks2.patch
@@ -126,6 +126,11 @@ ldpath="$_mozappdir"
 #     - CVE-2020-12387
 #     - CVE-2020-12392
 #     - CVE-2020-12395
+#   68.9.0-r0:
+#     - CVE-2020-12399
+#     - CVE-2020-12405
+#     - CVE-2020-12406
+#     - CVE-2020-12410
 
 unpack() {
 	default_unpack
@@ -241,7 +246,7 @@ package() {
 	EOF
 }
 
-sha512sums="139a63dc85ae76a50da6be9a31425f97144e6c7e4a65b0f3009a84eb5c8c9566f6bb331e26590f8aecd5045c4d730ab4e848cf7220f3444a31147b5533c742b3  firefox-68.8.0esr.source.tar.xz
+sha512sums="98431800d80f7c680aef9eede29df8217810912a319a7f7f8c2e637c43ecd4f4e29223a417afb2a6315e825f979453ff6e6b5a575649aba5cc63ce5956375bb8  firefox-68.9.0esr.source.tar.xz
 16e814e8dcffc707b595ca2919bd2fa3db0d15794c63d977364652c4a5b92e90e72b8c9e1cc83b5020398bd90a1b397dbdd7cb931c49f1aa4af6ef95414b43e0  Python-2.7.16.tar.xz
 f82758d279cd12a1b30a9b36ac3c265cfb137df3db7ae185f2c538504e46fa70ace1b051fce847356851062b5cc9cd741a6d33d54f8cd103aa0c8272cb19ccc4  mozconfig
 ace7492f4fb0523c7340fdc09c831906f74fddad93822aff367135538dacd3f56288b907f5a04f53f94c76e722ba0bab73e28d83ec12d3e672554712e6b08613  bad-google-code.patch
@@ -252,8 +257,8 @@ de8e3b15cd7dffb0eca5a729434986e5916234914cdc5fdcdbbc67d8bb439a535ed932293518dd74
 e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb18b9e3138273ea8ddcfdcb1084fdcaa922a1e5b30146a3b18  mozilla-build-arm.patch
 06a3f4ee6d3726adf3460952fcbaaf24bb15ef8d15b3357fdd1766c7a62b00bd53a1e943b5df7f4e1a69f4fae0d44b64fae1e027d7812499c77894975969ea10  ppc32-fix.patch
 7c615703dc9b8427eeadd13bc9beda02e1c3d986cac1167feaf48fdfdcc15b7456460d4d58f301054cf459242ee75bbcd76bf67e26c2a443bc5655975d24ca1b  rust-32bit.patch
-45613d476e85fe333ef8091acce4806803953c1a99de4f03ff577cf20c5a1a3d635d0589e1490da104ef80721f4f1b1d35045af3c6892c1a468fa84095f27ad8  rust-config.patch
-36369f2e237e894b2f9e70ffa0579bb3cddf1efa638a36b3469e9f529c28d7b72611fa426c5534d93094a8deb1376f43f6661447072dc6dfc6191ca5eebd4604  seccomp-membarrier.patch
+efc77a320850e10e8b99e6fb5d3dd28a3044e287fd87efbdf95807de26a6885235b2d994743cb374345d91a0353abd70a5790b829e37b717b77605e24d4f7f98  seccomp-musl.patch
+4b20dfa3ef3d470af069a274c53ea35c67d2d123f1b543ee243e7038ed94f5a1a6121f1f67713a9442e246b979c042f11efc7a6c32d0b8d3fd2c448dd1258733  seccomp-time64.patch
 39ddb15d1453a8412275c36fc8db3befc69dffd4a362e932d280fb7fd1190db595a2af9b468ee49e0714f5e9df6e48eb5794122a64fa9f30d689de8693acbb15  shut-up-warning.patch
 e751ffab263f03d4c74feebc617e3af115b1b53cf54fe16c3acc585eec67773f37aa8de4c19599fa6478179b01439025112ef2b759aa9923c9900e7081cb65a9  skia-sucks1.patch
 9152bd3e6dc446337e6a2ed602279c620aedecc796ba28e777854c4f41fcf3067f9ebd086a4b63a6b76c2e69ec599ac6435b8eeda4f7488b1c45f69113facba4  skia-sucks2.patch
diff --git a/user/firefox-esr/rust-config.patch b/user/firefox-esr/rust-config.patch
deleted file mode 100644
index eab72a0e4..000000000
--- a/user/firefox-esr/rust-config.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-diff -urw firefox-68.0-old/build/moz.configure/rust.configure firefox-68.0/build/moz.configure/rust.configure
---- firefox-68.0-old/build/moz.configure/rust.configure	2019-07-07 15:56:29.345963800 +0000
-+++ firefox-68.0/build/moz.configure/rust.configure	2019-07-07 16:19:25.990645334 +0000
-@@ -193,12 +193,16 @@
-     ambiguous = set()
-     per_raw_os = {}
-     for t in out:
-+        if 'fuchsia' in t: continue
-         t = split_triplet(t, allow_unknown=True)
-         endianness = t.endianness
-         if t.cpu.startswith('thumb') and endianness not in ('big', 'little'):
-             endianness = 'little'
-         key = (t.cpu, endianness, t.os)
-         if key in per_os:
-+            # hax to allow Adélie toolchains to work
-+            if 'foxkit' in per_os[key].alias:
-+                continue
-             previous = per_os[key]
-             per_raw_os[(previous.cpu, previous.endianness,
-                         previous.raw_os)] = previous
diff --git a/user/firefox-esr/seccomp-membarrier.patch b/user/firefox-esr/seccomp-membarrier.patch
deleted file mode 100644
index be1744113..000000000
--- a/user/firefox-esr/seccomp-membarrier.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-musl ldso issues a membarrier when setting up TLS
-
---- firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-03 19:30:03.000000000 +0000
-+++ firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-19 04:59:30.280000000 +0000
-@@ -529,6 +529,7 @@ class SandboxPolicyCommon : public Sandb
- 
-         // ipc::Shmem; also, glibc when creating threads:
-       case __NR_mprotect:
-+      case __NR_membarrier:
-         return Allow();
- 
-         // madvise hints used by malloc; see bug 1303813 and bug 1364533
diff --git a/user/firefox-esr/seccomp-musl.patch b/user/firefox-esr/seccomp-musl.patch
new file mode 100644
index 000000000..edd4a3024
--- /dev/null
+++ b/user/firefox-esr/seccomp-musl.patch
@@ -0,0 +1,49 @@
+Backport of https://hg.mozilla.org/mozilla-central/rev/a0be746532f437055e4190cc8db802ad1239405e
+
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -419,16 +419,20 @@ class SandboxPolicyCommon : public Sandb
+         case __NR_faccessat:
+           return Trap(AccessAtTrap, mBroker);
+         CASES_FOR_stat:
+           return Trap(StatTrap, mBroker);
+         CASES_FOR_lstat:
+           return Trap(LStatTrap, mBroker);
+         CASES_FOR_fstatat:
+           return Trap(StatAtTrap, mBroker);
++        // Used by new libc and Rust's stdlib, if available.
++        // We don't have broker support yet so claim it does not exist.
++        case __NR_statx:
++          return Error(ENOSYS);
+         case __NR_chmod:
+           return Trap(ChmodTrap, mBroker);
+         case __NR_link:
+           return Trap(LinkTrap, mBroker);
+         case __NR_mkdir:
+           return Trap(MkdirTrap, mBroker);
+         case __NR_symlink:
+           return Trap(SymlinkTrap, mBroker);
+@@ -538,16 +542,20 @@ class SandboxPolicyCommon : public Sandb
+             .ElseIf(advice == MADV_HUGEPAGE, Allow())
+             .ElseIf(advice == MADV_NOHUGEPAGE, Allow())
+ #ifdef MOZ_ASAN
+             .ElseIf(advice == MADV_DONTDUMP, Allow())
+ #endif
+             .Else(InvalidSyscall());
+       }
+ 
++        // musl libc will set this up in pthreads support.
++      case __NR_membarrier:
++        return Allow();
++
+       // Signal handling
+ #if defined(ANDROID) || defined(MOZ_ASAN)
+       case __NR_sigaltstack:
+ #endif
+       CASES_FOR_sigreturn:
+       CASES_FOR_sigprocmask:
+       CASES_FOR_sigaction:
+         return Allow();
+
+
diff --git a/user/firefox-esr/seccomp-time64.patch b/user/firefox-esr/seccomp-time64.patch
new file mode 100644
index 000000000..72cc28b5d
--- /dev/null
+++ b/user/firefox-esr/seccomp-time64.patch
@@ -0,0 +1,112 @@
+This drops the use of the chromium sandbox syscall headers which were
+defining syscall numbers if they were undefined. This masked the time64
+issue initially since while musl renamed several of the time32 syscall
+numbers to catch breakage like this, these headers were silently
+bringing them back. I did this by comparing the syscall numbers provided
+by the chromium and musl headers and redefining the generic names to
+their time64 counterparts.
+
+For gettimeofday and settimeofday there does not appear to be a time64
+counterpart so I have defined them as the time32 versions. For
+settimeofday this should not matter (the seccomp filter will block this
+by virture of not being on the whitelist - no content process needs to
+set the time anyway).
+
+It is not possible to entirely block the usage of time32 syscalls
+because musl uses them internally when it can or in fallback paths.
+
+I did not check the MIPS headers since we don't currently ship a MIPS
+port, so in the future those includes should be examined and dropped
+too...
+
+--- firefox-68.8.0/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h	2020-04-29 16:49:45.000000000 -0500
++++ firefox-68.8.0/security/sandbox/chromium/sandbox/linux/system_headers/linux_syscalls.h	2020-05-20 03:09:47.369457646 -0500
+@@ -8,18 +8,7 @@
+ 
+ #ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+ #define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+-
+-#if defined(__x86_64__)
+-#include "sandbox/linux/system_headers/x86_64_linux_syscalls.h"
+-#endif
+-
+-#if defined(__i386__)
+-#include "sandbox/linux/system_headers/x86_32_linux_syscalls.h"
+-#endif
+-
+-#if defined(__arm__) && defined(__ARM_EABI__)
+-#include "sandbox/linux/system_headers/arm_linux_syscalls.h"
+-#endif
++#include <sys/syscall.h>
+ 
+ #if defined(__mips__) && (_MIPS_SIM == _ABIO32)
+ #include "sandbox/linux/system_headers/mips_linux_syscalls.h"
+@@ -33,5 +22,36 @@
+ #include "sandbox/linux/system_headers/arm64_linux_syscalls.h"
+ #endif
+ 
++#if !defined(__NR_clock_getres) && defined(__NR_clock_getres_time64)
++#define __NR_clock_getres __NR_clock_getres_time64
++#endif
++#if !defined(__NR_clock_gettime) && defined(__NR_clock_gettime64)
++#define __NR_clock_gettime __NR_clock_gettime64
++#endif
++#if !defined(__NR_clock_nanosleep) && defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep __NR_clock_nanosleep_time64
++#endif
++#if !defined(__NR_clock_settime) && defined(__NR_clock_settime64)
++#define __NR_clock_settime __NR_clock_settime64
++#endif
++#if !defined(__NR_gettimeofday) && defined(__NR_gettimeofday_time32)
++#define __NR_gettimeofday __NR_gettimeofday_time32
++#endif
++#if !defined(__NR_settimeofday) && defined(__NR_settimeofday_time32)
++#define __NR_settimeofday __NR_settimeofday_time32
++#endif
++#if !defined(__NR_timer_gettime) && defined(__NR_timer_gettime64)
++#define __NR_timer_gettime __NR_timer_gettime64
++#endif
++#if !defined(__NR_timer_settime) && defined(__NR_timer_settime64)
++#define __NR_timer_settime __NR_timer_settime64
++#endif
++#if !defined(__NR_timerfd_gettime) && defined(__NR_timerfd_gettime64)
++#define __NR_timerfd_gettime __NR_timerfd_gettime64
++#endif
++#if !defined(__NR_timerfd_settime) && defined(__NR_timerfd_settime64)
++#define __NR_timerfd_settime __NR_timerfd_settime64
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_SYSCALLS_H_
+ 
+--- firefox-68.8.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-29 16:49:45.000000000 -0500
++++ firefox-68.8.0/security/sandbox/linux/SandboxFilter.cpp	2020-05-19 23:33:27.829642593 -0500
+@@ -478,6 +478,9 @@ class SandboxPolicyCommon : public Sandb
+ 
+         // Thread synchronization
+       case __NR_futex:
++#ifdef __NR_futex_time64
++      case __NR_futex_time64:
++#endif
+         // FIXME: This could be more restrictive....
+         return Allow();
+ 
+@@ -488,6 +491,9 @@ class SandboxPolicyCommon : public Sandb
+       case __NR_epoll_pwait:
+       case __NR_epoll_ctl:
+       case __NR_ppoll:
++#ifdef __NR_ppoll_time64
++      case __NR_ppoll_time64:
++#endif
+       case __NR_poll:
+         return Allow();
+ 
+@@ -1017,6 +1023,9 @@ class ContentSandboxPolicy : public Sand
+ 
+       CASES_FOR_select:
+       case __NR_pselect6:
++#ifdef __NR_pselect6_time64
++      case __NR_pselect6_time64:
++#endif
+         return Allow();
+ 
+       CASES_FOR_getdents: