From 0af445c2f2c60e893f366520c293d393355a7432 Mon Sep 17 00:00:00 2001
From: Martin Stransky <stransky@redhat.com>
Date: Fri, 25 May 2018 15:54:30 +0200
Subject:  Added fix for mozbz#1462640 - Sandbox disables eglGetDisplay() call
 on Wayland/EGL backend.

---
 firefox.spec   |  4 ++++
 rb245262.patch | 29 +++++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 rb245262.patch

diff --git a/firefox.spec b/firefox.spec
index ca3b69c..a34f715 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -178,6 +178,7 @@ Patch459:        mozilla-1463753.patch
 Patch560:        rb244010.patch
 Patch561:        rb244012.patch
 Patch562:        rb246410.patch
+Patch563:        rb245262.patch
 
 # Debian patches
 Patch500:        mozilla-440908.patch
@@ -372,6 +373,7 @@ This package contains results of tests executed during build.
 %patch560 -p1 -b .rb244010
 %patch561 -p1 -b .rb244012
 %patch562 -p1 -b .rb246410
+%patch563 -p1 -b .rb245262
 %endif
 
 %{__rm} -f .mozconfig
@@ -910,6 +912,8 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 %changelog
 * Fri May 25 2018 Martin Stransky <stransky@redhat.com> - 60.0.1-3
 - Added fix for mozbz#1436242 (rhbz#1577277) - Firefox IPC crashes.
+- Added fix for mozbz#1462640 - Sandbox disables eglGetDisplay()
+  call on Wayland/EGL backend.
 
 * Fri May 25 2018 Martin Stransky <stransky@redhat.com> - 60.0.1-2
 - Enable Wayland backend.
diff --git a/rb245262.patch b/rb245262.patch
new file mode 100644
index 0000000..25550b5
--- /dev/null
+++ b/rb245262.patch
@@ -0,0 +1,29 @@
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -1048,16 +1048,24 @@ public:
+ 
+     case __NR_mprotect:
+     case __NR_brk:
+     case __NR_madvise:
+       // libc's realloc uses mremap (Bug 1286119); wasm does too (bug 1342385).
+     case __NR_mremap:
+       return Allow();
+ 
++      // Bug 1462640: Mesa libEGL uses mincore to test whether values
++      // are pointers, for reasons.
++    case __NR_mincore: {
++      Arg<size_t> length(1);
++      return If(length == getpagesize(), Allow())
++             .Else(SandboxPolicyCommon::EvaluateSyscall(sysno));
++    }
++
+     case __NR_sigaltstack:
+       return Allow();
+ 
+ #ifdef __NR_set_thread_area
+     case __NR_set_thread_area:
+       return Allow();
+ #endif
+ 
+
-- 
cgit