v89.0.1-1
parent
de25ab61ed
commit
d47b222401
|
@ -1,144 +0,0 @@
|
|||
From 05971bd227dc6c359657d1501711e6865e9430f9 Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Denton <mpdenton@chromium.org>
|
||||
Date: Tue, 28 Jul 2020 00:29:01 +0000
|
||||
Subject: [PATCH] Linux sandbox: update arm syscall numbers
|
||||
|
||||
Change-Id: Ia2c39a86fb3516040a74de963115e73b7b1a1e0c
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2318316
|
||||
Reviewed-by: Robert Sesek <rsesek@chromium.org>
|
||||
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/master@{#792090}
|
||||
---
|
||||
|
||||
diff --git a/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h b/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
|
||||
index 59d0eab8..a242c18c 100644
|
||||
--- a/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
|
||||
+++ b/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
|
||||
@@ -1063,4 +1063,60 @@
|
||||
#define __NR_memfd_create 279
|
||||
#endif
|
||||
|
||||
+#if !defined(__NR_bpf)
|
||||
+#define __NR_bpf 280
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_execveat)
|
||||
+#define __NR_execveat 281
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_userfaultfd)
|
||||
+#define __NR_userfaultfd 282
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_membarrier)
|
||||
+#define __NR_membarrier 283
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_mlock2)
|
||||
+#define __NR_mlock2 284
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_copy_file_range)
|
||||
+#define __NR_copy_file_range 285
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_preadv2)
|
||||
+#define __NR_preadv2 286
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pwritev2)
|
||||
+#define __NR_pwritev2 287
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pkey_mprotect)
|
||||
+#define __NR_pkey_mprotect 288
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pkey_alloc)
|
||||
+#define __NR_pkey_alloc 289
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pkey_free)
|
||||
+#define __NR_pkey_free 290
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_statx)
|
||||
+#define __NR_statx 291
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_io_pgetevents)
|
||||
+#define __NR_io_pgetevents 292
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_rseq)
|
||||
+#define __NR_rseq 293
|
||||
+#endif
|
||||
+
|
||||
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_
|
||||
diff --git a/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h b/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
|
||||
index 1addd53..85e2110b 100644
|
||||
--- a/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
|
||||
+++ b/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
|
||||
@@ -1385,6 +1385,62 @@
|
||||
#define __NR_memfd_create (__NR_SYSCALL_BASE+385)
|
||||
#endif
|
||||
|
||||
+#if !defined(__NR_bpf)
|
||||
+#define __NR_bpf (__NR_SYSCALL_BASE+386)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_execveat)
|
||||
+#define __NR_execveat (__NR_SYSCALL_BASE+387)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_userfaultfd)
|
||||
+#define __NR_userfaultfd (__NR_SYSCALL_BASE+388)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_membarrier)
|
||||
+#define __NR_membarrier (__NR_SYSCALL_BASE+389)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_mlock2)
|
||||
+#define __NR_mlock2 (__NR_SYSCALL_BASE+390)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_copy_file_range)
|
||||
+#define __NR_copy_file_range (__NR_SYSCALL_BASE+391)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_preadv2)
|
||||
+#define __NR_preadv2 (__NR_SYSCALL_BASE+392)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pwritev2)
|
||||
+#define __NR_pwritev2 (__NR_SYSCALL_BASE+393)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pkey_mprotect)
|
||||
+#define __NR_pkey_mprotect (__NR_SYSCALL_BASE+394)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pkey_alloc)
|
||||
+#define __NR_pkey_alloc (__NR_SYSCALL_BASE+395)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_pkey_free)
|
||||
+#define __NR_pkey_free (__NR_SYSCALL_BASE+396)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_statx)
|
||||
+#define __NR_statx (__NR_SYSCALL_BASE+397)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_rseq)
|
||||
+#define __NR_rseq (__NR_SYSCALL_BASE+398)
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_io_pgetevents)
|
||||
+#define __NR_io_pgetevents (__NR_SYSCALL_BASE+399)
|
||||
+#endif
|
||||
+
|
||||
// ARM private syscalls.
|
||||
#if !defined(__ARM_NR_BASE)
|
||||
#define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
|
|
@ -39,6 +39,8 @@ _DEPENDENCIES="wget git xvfb \
|
|||
python \
|
||||
libffi-dev \
|
||||
nodejs-mozilla \
|
||||
cargo \
|
||||
rustc \
|
||||
nasm-mozilla"
|
||||
|
||||
# cargo \
|
||||
|
@ -55,18 +57,18 @@ if [[ $CARCH == 'x86_64' ]];then
|
|||
# Installs (non-ancient) clang
|
||||
apt install -y software-properties-common apt-transport-https ca-certificates
|
||||
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add
|
||||
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-11 main"
|
||||
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main"
|
||||
apt-get update
|
||||
apt-get -y install clang-11 libclang-11-dev
|
||||
apt-get -y install clang-12 libclang-12-dev
|
||||
else
|
||||
apt install -y software-properties-common apt-transport-https ca-certificates
|
||||
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add
|
||||
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-11 main"
|
||||
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main"
|
||||
apt-get update
|
||||
apt-get -y install clang-10 libclang-10-dev
|
||||
fi
|
||||
|
||||
# we need a more recent rust
|
||||
curl https://sh.rustup.rs -o rustup.sh
|
||||
bash rustup.sh -y
|
||||
source /root/.cargo/env
|
||||
# curl https://sh.rustup.rs -o rustup.sh
|
||||
# bash rustup.sh -y
|
||||
# source /root/.cargo/env
|
||||
|
|
|
@ -7,7 +7,7 @@ set -e
|
|||
srcdir=$1;
|
||||
CI_PROJECT_DIR=${CI_PROJECT_DIR:-$(realpath $(dirname $0)/../)}
|
||||
_COMMON_REPO='https://gitlab.com/librewolf-community/browser/common.git';
|
||||
_COMMON_TAG='v89.0-1'
|
||||
_COMMON_TAG='v89.0.1-1'
|
||||
_COMMON_DIR="${CI_PROJECT_DIR}"/common
|
||||
_PATCHES_DIR="${_COMMON_DIR}"/patches
|
||||
_MOZBUILD=$srcdir/../mozbuild
|
||||
|
@ -127,7 +127,6 @@ patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/webrtc-fix-compiler-flags-for-armhf
|
|||
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/reduce-rust-debuginfo.patch"
|
||||
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/relax-cargo-dep.patch"
|
||||
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/use-system-icupkg.patch"
|
||||
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/sandbox-update-arm-syscall-numbers.patch"
|
||||
|
||||
# Remove some pre-installed addons that might be questionable
|
||||
patch -Np1 -i ${_PATCHES_DIR}/remove_addons.patch
|
||||
|
@ -146,9 +145,6 @@ fi
|
|||
|
||||
# Disabling Pocket
|
||||
printf "\nDisabling Pocket\n";
|
||||
# sed -i 's/"pocket"/# "pocket"/g' browser/components/moz.build
|
||||
# this one only to remove an annoying error message:
|
||||
# sed -i 's#SaveToPocket.init();#// SaveToPocket.init();#g' browser/components/BrowserGlue.jsm
|
||||
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/disable-pocket.patch"
|
||||
|
||||
# More patches
|
||||
|
@ -158,26 +154,21 @@ patch -Np1 -i "${_PATCHES_DIR}/browser-confvars.patch"
|
|||
patch -Np1 -i "${_PATCHES_DIR}/urlbarprovider-interventions.patch"
|
||||
|
||||
# Remove Internal Plugin Certificates
|
||||
# _cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
|
||||
# _cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
|
||||
# _cert_sed+='[[:blank:]]\+}#'
|
||||
# _cert_sed+='// NOTE: removed#g'
|
||||
# sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
|
||||
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/remove-internal-plugin-certs.patch"
|
||||
|
||||
# allow SearchEngines option in non-ESR builds
|
||||
# sed -i 's#"enterprise_only": true,#"enterprise_only": false,#g' browser/components/enterprisepolicies/schemas/policies-schema.json
|
||||
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/allow-searchengines-non-esr.patch"
|
||||
|
||||
# remove search extensions (experimental)
|
||||
patch -Np1 -i "${_PATCHES_DIR}/search-config.patch"
|
||||
|
||||
# stop some undesired requests (https://gitlab.com/librewolf-community/browser/common/-/issues/10)
|
||||
# _settings_services_sed='s#firefox.settings.services.mozilla.com#f.s.s.m.c.qjz9zk#g'
|
||||
# sed "$_settings_services_sed" -i browser/components/newtab/data/content/activity-stream.bundle.js
|
||||
# sed "$_settings_services_sed" -i modules/libpref/init/all.js
|
||||
# sed "$_settings_services_sed" -i services/settings/Utils.jsm
|
||||
# sed "$_settings_services_sed" -i toolkit/components/search/SearchUtils.jsm
|
||||
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/stop-undesired-requests.patch"
|
||||
|
||||
# allow overriding the color scheme light/dark preference with RFP
|
||||
patch -Np1 -i ${_PATCHES_DIR}/allow_dark_preference_with_rfp.patch
|
||||
|
||||
# fix an URL in 'about' dialog
|
||||
patch -Np1 -i ${_PATCHES_DIR}/about-dialog.patch
|
||||
|
||||
rm -rf common
|
||||
|
|
|
@ -16,7 +16,7 @@ export DEB_BUILD_HARDENING_FORMAT=1
|
|||
export DEB_BUILD_HARDENING_PIE=1
|
||||
# export PATH=/usr/lib/nasm-mozilla/bin:$PATH
|
||||
|
||||
source /root/.cargo/env
|
||||
# source /root/.cargo/env
|
||||
|
||||
# we do change / unset some of them later, but setting them as set by Arch
|
||||
# might make it easier to maintain changes in build scripts on both sides
|
||||
|
|
|
@ -11,7 +11,7 @@ LAUNCHER_SCRIPT=$3;
|
|||
CI_PROJECT_DIR=${CI_PROJECT_DIR:-$(realpath $(dirname $0)/../)}
|
||||
_SCRIPT_FOLDER=$(realpath $(dirname $0));
|
||||
_EXTRACTED_TARBALL_FOLDER=$_SCRIPT_FOLDER/librewolf;
|
||||
_SETTINGS_TAG='1.0'
|
||||
_SETTINGS_TAG='1.1'
|
||||
_SETTINGS_REPO='https://gitlab.com/librewolf-community/settings.git';
|
||||
|
||||
# Extracts the binary tarball
|
||||
|
|
Loading…
Reference in New Issue