domi
/
foxgirl-linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

v89.0.1-1

master
ohfp 2021-06-17 13:35:43 +02:00
parent de25ab61ed
commit d47b222401
No known key found for this signature in database
GPG Key ID: 2954CC8585E27A3F
5 changed files with 17 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
deb_patches/sandbox-update-arm-syscall-numbers.patch
View File

@ -1,144 +0,0 @@
From 05971bd227dc6c359657d1501711e6865e9430f9 Mon Sep 17 00:00:00 2001
From: Matthew Denton <mpdenton@chromium.org>
Date: Tue, 28 Jul 2020 00:29:01 +0000
Subject: [PATCH] Linux sandbox: update arm syscall numbers
Change-Id: Ia2c39a86fb3516040a74de963115e73b7b1a1e0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2318316
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#792090}
---
diff --git a/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h b/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
index 59d0eab8..a242c18c 100644
--- a/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
+++ b/security/sandbox/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
@@ -1063,4 +1063,60 @@
#define __NR_memfd_create 279
#endif
+#if !defined(__NR_bpf)
+#define __NR_bpf 280
+#endif
+
+#if !defined(__NR_execveat)
+#define __NR_execveat 281
+#endif
+
+#if !defined(__NR_userfaultfd)
+#define __NR_userfaultfd 282
+#endif
+
+#if !defined(__NR_membarrier)
+#define __NR_membarrier 283
+#endif
+
+#if !defined(__NR_mlock2)
+#define __NR_mlock2 284
+#endif
+
+#if !defined(__NR_copy_file_range)
+#define __NR_copy_file_range 285
+#endif
+
+#if !defined(__NR_preadv2)
+#define __NR_preadv2 286
+#endif
+
+#if !defined(__NR_pwritev2)
+#define __NR_pwritev2 287
+#endif
+
+#if !defined(__NR_pkey_mprotect)
+#define __NR_pkey_mprotect 288
+#endif
+
+#if !defined(__NR_pkey_alloc)
+#define __NR_pkey_alloc 289
+#endif
+
+#if !defined(__NR_pkey_free)
+#define __NR_pkey_free 290
+#endif
+
+#if !defined(__NR_statx)
+#define __NR_statx 291
+#endif
+
+#if !defined(__NR_io_pgetevents)
+#define __NR_io_pgetevents 292
+#endif
+
+#if !defined(__NR_rseq)
+#define __NR_rseq 293
+#endif
+
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_
diff --git a/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h b/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
index 1addd53..85e2110b 100644
--- a/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+++ b/security/sandbox/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
@@ -1385,6 +1385,62 @@
#define __NR_memfd_create (__NR_SYSCALL_BASE+385)
#endif
+#if !defined(__NR_bpf)
+#define __NR_bpf (__NR_SYSCALL_BASE+386)
+#endif
+
+#if !defined(__NR_execveat)
+#define __NR_execveat (__NR_SYSCALL_BASE+387)
+#endif
+
+#if !defined(__NR_userfaultfd)
+#define __NR_userfaultfd (__NR_SYSCALL_BASE+388)
+#endif
+
+#if !defined(__NR_membarrier)
+#define __NR_membarrier (__NR_SYSCALL_BASE+389)
+#endif
+
+#if !defined(__NR_mlock2)
+#define __NR_mlock2 (__NR_SYSCALL_BASE+390)
+#endif
+
+#if !defined(__NR_copy_file_range)
+#define __NR_copy_file_range (__NR_SYSCALL_BASE+391)
+#endif
+
+#if !defined(__NR_preadv2)
+#define __NR_preadv2 (__NR_SYSCALL_BASE+392)
+#endif
+
+#if !defined(__NR_pwritev2)
+#define __NR_pwritev2 (__NR_SYSCALL_BASE+393)
+#endif
+
+#if !defined(__NR_pkey_mprotect)
+#define __NR_pkey_mprotect (__NR_SYSCALL_BASE+394)
+#endif
+
+#if !defined(__NR_pkey_alloc)
+#define __NR_pkey_alloc (__NR_SYSCALL_BASE+395)
+#endif
+
+#if !defined(__NR_pkey_free)
+#define __NR_pkey_free (__NR_SYSCALL_BASE+396)
+#endif
+
+#if !defined(__NR_statx)
+#define __NR_statx (__NR_SYSCALL_BASE+397)
+#endif
+
+#if !defined(__NR_rseq)
+#define __NR_rseq (__NR_SYSCALL_BASE+398)
+#endif
+
+#if !defined(__NR_io_pgetevents)
+#define __NR_io_pgetevents (__NR_SYSCALL_BASE+399)
+#endif
+
// ARM private syscalls.
#if !defined(__ARM_NR_BASE)
#define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)

14
scripts/1_Install_Dependencies.sh
View File

@ -39,6 +39,8 @@ _DEPENDENCIES="wget git xvfb \
python \
libffi-dev \
nodejs-mozilla \
cargo \
rustc \
nasm-mozilla"
# cargo \
@ -55,18 +57,18 @@ if [[ $CARCH == 'x86_64' ]];then
# Installs (non-ancient) clang
apt install -y software-properties-common apt-transport-https ca-certificates
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-11 main"
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-12 main"
apt-get update
apt-get -y install clang-11 libclang-11-dev
apt-get -y install clang-12 libclang-12-dev
else
apt install -y software-properties-common apt-transport-https ca-certificates
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-11 main"
apt-add-repository "deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main"
apt-get update
apt-get -y install clang-10 libclang-10-dev
fi
# we need a more recent rust
curl https://sh.rustup.rs -o rustup.sh
bash rustup.sh -y
source /root/.cargo/env
# curl https://sh.rustup.rs -o rustup.sh
# bash rustup.sh -y
# source /root/.cargo/env

23
scripts/3_Configure_Source_Code.sh
View File

@ -7,7 +7,7 @@ set -e
srcdir=$1;
CI_PROJECT_DIR=${CI_PROJECT_DIR:-$(realpath $(dirname $0)/../)}
_COMMON_REPO='https://gitlab.com/librewolf-community/browser/common.git';
_COMMON_TAG='v89.0-1'
_COMMON_TAG='v89.0.1-1'
_COMMON_DIR="${CI_PROJECT_DIR}"/common
_PATCHES_DIR="${_COMMON_DIR}"/patches
_MOZBUILD=$srcdir/../mozbuild
@ -127,7 +127,6 @@ patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/webrtc-fix-compiler-flags-for-armhf
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/reduce-rust-debuginfo.patch"
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/relax-cargo-dep.patch"
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/use-system-icupkg.patch"
patch -Np1 -i "${CI_PROJECT_DIR}/deb_patches/sandbox-update-arm-syscall-numbers.patch"
# Remove some pre-installed addons that might be questionable
patch -Np1 -i ${_PATCHES_DIR}/remove_addons.patch
@ -146,9 +145,6 @@ fi
# Disabling Pocket
printf "\nDisabling Pocket\n";
# sed -i 's/"pocket"/# "pocket"/g' browser/components/moz.build
# this one only to remove an annoying error message:
# sed -i 's#SaveToPocket.init();#// SaveToPocket.init();#g' browser/components/BrowserGlue.jsm
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/disable-pocket.patch"
# More patches
@ -158,26 +154,21 @@ patch -Np1 -i "${_PATCHES_DIR}/browser-confvars.patch"
patch -Np1 -i "${_PATCHES_DIR}/urlbarprovider-interventions.patch"
# Remove Internal Plugin Certificates
# _cert_sed='s#if (aCert.organizationalUnit == "Mozilla [[:alpha:]]\+") {\n'
# _cert_sed+='[[:blank:]]\+return AddonManager\.SIGNEDSTATE_[[:upper:]]\+;\n'
# _cert_sed+='[[:blank:]]\+}#'
# _cert_sed+='// NOTE: removed#g'
# sed -z "$_cert_sed" -i toolkit/mozapps/extensions/internal/XPIInstall.jsm
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/remove-internal-plugin-certs.patch"
# allow SearchEngines option in non-ESR builds
# sed -i 's#"enterprise_only": true,#"enterprise_only": false,#g' browser/components/enterprisepolicies/schemas/policies-schema.json
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/allow-searchengines-non-esr.patch"
# remove search extensions (experimental)
patch -Np1 -i "${_PATCHES_DIR}/search-config.patch"
# stop some undesired requests (https://gitlab.com/librewolf-community/browser/common/-/issues/10)
# _settings_services_sed='s#firefox.settings.services.mozilla.com#f.s.s.m.c.qjz9zk#g'
# sed "$_settings_services_sed" -i browser/components/newtab/data/content/activity-stream.bundle.js
# sed "$_settings_services_sed" -i modules/libpref/init/all.js
# sed "$_settings_services_sed" -i services/settings/Utils.jsm
# sed "$_settings_services_sed" -i toolkit/components/search/SearchUtils.jsm
patch -Np1 -i "${_PATCHES_DIR}/sed-patches/stop-undesired-requests.patch"
# allow overriding the color scheme light/dark preference with RFP
patch -Np1 -i ${_PATCHES_DIR}/allow_dark_preference_with_rfp.patch
# fix an URL in 'about' dialog
patch -Np1 -i ${_PATCHES_DIR}/about-dialog.patch
rm -rf common

2
scripts/4_Build_Binary_Tarball.sh
View File

@ -16,7 +16,7 @@ export DEB_BUILD_HARDENING_FORMAT=1
export DEB_BUILD_HARDENING_PIE=1
# export PATH=/usr/lib/nasm-mozilla/bin:$PATH
source /root/.cargo/env
# source /root/.cargo/env
# we do change / unset some of them later, but setting them as set by Arch
# might make it easier to maintain changes in build scripts on both sides

2
scripts/5_Configure_Binary_Tarball.sh
View File

@ -11,7 +11,7 @@ LAUNCHER_SCRIPT=$3;
CI_PROJECT_DIR=${CI_PROJECT_DIR:-$(realpath $(dirname $0)/../)}
_SCRIPT_FOLDER=$(realpath $(dirname $0));
_EXTRACTED_TARBALL_FOLDER=$_SCRIPT_FOLDER/librewolf;
_SETTINGS_TAG='1.0'
_SETTINGS_TAG='1.1'
_SETTINGS_REPO='https://gitlab.com/librewolf-community/settings.git';
# Extracts the binary tarball