From 12232c95aa083ff2f7b4d8eb85f8e921775b6402 Mon Sep 17 00:00:00 2001
From: Max Rees <maxcrees@me.com>
Date: Sun, 19 Apr 2020 00:42:37 -0500
Subject: user/firefox-esr: allow membarrier(2) in content process sandbox
 (#261)

---
 user/firefox-esr/APKBUILD                 |  4 +++-
 user/firefox-esr/seccomp-membarrier.patch | 12 ++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 user/firefox-esr/seccomp-membarrier.patch

(limited to 'user/firefox-esr')

diff --git a/user/firefox-esr/APKBUILD b/user/firefox-esr/APKBUILD
index a04dacd5f..8dfad228a 100644
--- a/user/firefox-esr/APKBUILD
+++ b/user/firefox-esr/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=firefox-esr
 pkgver=68.7.0
-pkgrel=0
+pkgrel=1
 pkgdesc="Firefox web browser (extended support release)"
 url="https://www.mozilla.org/firefox/"
 arch="all"
@@ -42,6 +42,7 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$_ffxver/source/firefox-$_f
 	ppc32-fix.patch
 	rust-32bit.patch
 	rust-config.patch
+	seccomp-membarrier.patch
 	shut-up-warning.patch
 	skia-sucks1.patch
 	skia-sucks2.patch
@@ -247,6 +248,7 @@ e61664bc93eadce5016a06a4d0684b34a05074f1815e88ef2613380d7b369c6fd305fb34f83b5eb1
 06a3f4ee6d3726adf3460952fcbaaf24bb15ef8d15b3357fdd1766c7a62b00bd53a1e943b5df7f4e1a69f4fae0d44b64fae1e027d7812499c77894975969ea10  ppc32-fix.patch
 7c615703dc9b8427eeadd13bc9beda02e1c3d986cac1167feaf48fdfdcc15b7456460d4d58f301054cf459242ee75bbcd76bf67e26c2a443bc5655975d24ca1b  rust-32bit.patch
 45613d476e85fe333ef8091acce4806803953c1a99de4f03ff577cf20c5a1a3d635d0589e1490da104ef80721f4f1b1d35045af3c6892c1a468fa84095f27ad8  rust-config.patch
+36369f2e237e894b2f9e70ffa0579bb3cddf1efa638a36b3469e9f529c28d7b72611fa426c5534d93094a8deb1376f43f6661447072dc6dfc6191ca5eebd4604  seccomp-membarrier.patch
 39ddb15d1453a8412275c36fc8db3befc69dffd4a362e932d280fb7fd1190db595a2af9b468ee49e0714f5e9df6e48eb5794122a64fa9f30d689de8693acbb15  shut-up-warning.patch
 e751ffab263f03d4c74feebc617e3af115b1b53cf54fe16c3acc585eec67773f37aa8de4c19599fa6478179b01439025112ef2b759aa9923c9900e7081cb65a9  skia-sucks1.patch
 9152bd3e6dc446337e6a2ed602279c620aedecc796ba28e777854c4f41fcf3067f9ebd086a4b63a6b76c2e69ec599ac6435b8eeda4f7488b1c45f69113facba4  skia-sucks2.patch
diff --git a/user/firefox-esr/seccomp-membarrier.patch b/user/firefox-esr/seccomp-membarrier.patch
new file mode 100644
index 000000000..be1744113
--- /dev/null
+++ b/user/firefox-esr/seccomp-membarrier.patch
@@ -0,0 +1,12 @@
+musl ldso issues a membarrier when setting up TLS
+
+--- firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-03 19:30:03.000000000 +0000
++++ firefox-68.7.0/security/sandbox/linux/SandboxFilter.cpp	2020-04-19 04:59:30.280000000 +0000
+@@ -529,6 +529,7 @@ class SandboxPolicyCommon : public Sandb
+ 
+         // ipc::Shmem; also, glibc when creating threads:
+       case __NR_mprotect:
++      case __NR_membarrier:
+         return Allow();
+ 
+         // madvise hints used by malloc; see bug 1303813 and bug 1364533
-- 
cgit v1.2.3-60-g2f50