commit: fc0e8a516716dab4430d5fd44d603c61f415e6cb
Author: Ian Stakenvicius <axs <AT> gentoo <DOT> org>
AuthorDate: Thu May 18 14:55:15 2017 +0000
Commit: Ian Stakenvicius <axs <AT> gentoo <DOT> org>
CommitDate: Fri May 19 19:44:28 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fc0e8a51
www-client/firefox: disable seccomp fatality so widevinecdm doesn't crash
This is a backport of a commit introduced to firefox-54.
Package-Manager: Portage-2.3.3, Repoman-2.3.1
...firefox-53-turn_off_crash_on_seccomp_fail.patch | 100 +++++++++++++++++++++
...{firefox-53.0.ebuild => firefox-53.0-r1.ebuild} | 1 +
2 files changed, 101 insertions(+)
diff --git
a/www-client/firefox/files/firefox-53-turn_off_crash_on_seccomp_fail.patch
b/www-client/firefox/files/firefox-53-turn_off_crash_on_seccomp_fail.patch
new file mode 100644
index 00000000000..2d0c06b3e76
--- /dev/null
+++ b/www-client/firefox/files/firefox-53-turn_off_crash_on_seccomp_fail.patch
@@ -0,0 +1,100 @@
+
+# HG changeset patch
+# User Jed Davis <[email protected]>
+# Date 1485552350 25200
+# Node ID 7781de08a1c6d84a92e9d54a78ac9f54f8c4c240
+# Parent 952f0a7824ad897dd0f76318b567341e7d8ad46d
+Bug 1286865 - Step 0: Turn off crash-on-seccomp-fail by default on
non-nightly. r=gcp
+
+MozReview-Commit-ID: 1It6HNizbAc
+
+diff --git a/security/sandbox/linux/Sandbox.cpp
b/security/sandbox/linux/Sandbox.cpp
+--- a/security/sandbox/linux/Sandbox.cpp
++++ b/security/sandbox/linux/Sandbox.cpp
+@@ -68,16 +68,18 @@ MOZ_IMPORT_API void
+ } // extern "C"
+ #endif // MOZ_ASAN
+
+ // Signal number used to enable seccomp on each thread.
+ int gSeccompTsyncBroadcastSignum = 0;
+
+ namespace mozilla {
+
++static bool gSandboxCrashOnError = false;
++
+ // This is initialized by SandboxSetCrashFunc().
+ SandboxCrashFunc gSandboxCrashFunc;
+
+ #ifdef MOZ_GMP_SANDBOX
+ // For media plugins, we can start the sandbox before we dlopen the
+ // module, so we have to pre-open the file and simulate the sandboxed
+ // open().
+ static SandboxOpenedFile gMediaPluginFile;
+@@ -143,25 +145,28 @@ SigSysHandler(int nr, siginfo_t *info, v
+ args[2] = SECCOMP_PARM3(&savedCtx);
+ args[3] = SECCOMP_PARM4(&savedCtx);
+ args[4] = SECCOMP_PARM5(&savedCtx);
+ args[5] = SECCOMP_PARM6(&savedCtx);
+
+ // TODO, someday when this is enabled on MIPS: include the two extra
+ // args in the error message.
+ SANDBOX_LOG_ERROR("seccomp sandbox violation: pid %d, syscall %d,"
+- " args %d %d %d %d %d %d. Killing process.",
++ " args %d %d %d %d %d %d.%s",
+ pid, syscall_nr,
+- args[0], args[1], args[2], args[3], args[4], args[5]);
++ args[0], args[1], args[2], args[3], args[4], args[5],
++ gSandboxCrashOnError ? " Killing process." : "");
+
+- // Bug 1017393: record syscall number somewhere useful.
+- info->si_addr = reinterpret_cast<void*>(syscall_nr);
++ if (gSandboxCrashOnError) {
++ // Bug 1017393: record syscall number somewhere useful.
++ info->si_addr = reinterpret_cast<void*>(syscall_nr);
+
+- gSandboxCrashFunc(nr, info, &savedCtx);
+- _exit(127);
++ gSandboxCrashFunc(nr, info, &savedCtx);
++ _exit(127);
++ }
+ }
+
+ /**
+ * This function installs the SIGSYS handler. This is slightly
+ * complicated because we want to use Chromium's handler to dispatch
+ * to specific trap handlers defined in the policy, but we also need
+ * the full original signal context to give to Breakpad for crash
+ * dumps. So we install Chromium's handler first, then retrieve its
+@@ -510,16 +515,31 @@ void
+ SandboxEarlyInit(GeckoProcessType aType)
+ {
+ const SandboxInfo info = SandboxInfo::Get();
+ if (info.Test(SandboxInfo::kUnexpectedThreads)) {
+ return;
+ }
+ MOZ_RELEASE_ASSERT(IsSingleThreaded());
+
++ // Set gSandboxCrashOnError if appropriate. This doesn't need to
++ // happen this early, but for now it's here so that I don't need to
++ // add NSPR dependencies for PR_GetEnv.
++ //
++ // This also means that users with "unexpected threads" setups won't
++ // crash even on nightly.
++#ifdef NIGHTLY_BUILD
++ gSandboxCrashOnError = true;
++#endif
++ if (const char* envVar = getenv("MOZ_SANDBOX_CRASH_ON_ERROR")) {
++ if (envVar[0]) {
++ gSandboxCrashOnError = envVar[0] != '0';
++ }
++ }
++
+ // Which kinds of resource isolation (of those that need to be set
+ // up at this point) can be used by this process?
+ bool canChroot = false;
+ bool canUnshareNet = false;
+ bool canUnshareIPC = false;
+
+ switch (aType) {
+ case GeckoProcessType_Default:
+
diff --git a/www-client/firefox/firefox-53.0.ebuild
b/www-client/firefox/firefox-53.0-r1.ebuild
similarity index 99%
rename from www-client/firefox/firefox-53.0.ebuild
rename to www-client/firefox/firefox-53.0-r1.ebuild
index a911896f0de..80f3c55995f 100644
--- a/www-client/firefox/firefox-53.0.ebuild
+++ b/www-client/firefox/firefox-53.0-r1.ebuild
@@ -125,6 +125,7 @@ src_prepare() {
# Apply our patches
eapply "${WORKDIR}/firefox"
eapply "${FILESDIR}"/musl_drop_hunspell_alloc_hooks.patch
+ eapply "${FILESDIR}"/${PN}-53-turn_off_crash_on_seccomp_fail.patch
# Enable gnomebreakpad
if use debug ; then
