From 30110df460c6141020e5da25a401e1fb683e00a1 Mon Sep 17 00:00:00 2001
From: Martin Stransky <stransky@redhat.com>
Date: Wed, 30 Jun 2021 12:24:15 +0200
Subject: Added fix for mozbz#1715254 (rhbz#1976892)

---
 firefox.spec          |  7 ++++++-
 mozilla-1715254.patch | 24 ++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 mozilla-1715254.patch

diff --git a/firefox.spec b/firefox.spec
index 5186655..0cafb4e 100644
--- a/firefox.spec
+++ b/firefox.spec
@@ -152,7 +152,7 @@ ExcludeArch: armv7hl
 Summary:        Mozilla Firefox Web browser
 Name:           firefox
 Version:        89.0.2
-Release:        1%{?pre_tag}%{?dist}
+Release:        2%{?pre_tag}%{?dist}
 URL:            https://www.mozilla.org/firefox/
 License:        MPLv1.1 or GPLv2+ or LGPLv2+
 Source0:        https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz
@@ -234,6 +234,7 @@ Patch415:        mozilla-1670333.patch
 Patch420:        mochitest-wayland-workaround.patch
 Patch422:        mozilla-1705048.patch
 Patch423:        mozilla-1646135.patch
+Patch424:        mozilla-1715254.patch
 
 # PGO/LTO patches
 Patch600:        pgo.patch
@@ -472,6 +473,7 @@ This package contains results of tests executed during build.
 %patch420 -p1 -b .mochitest-wayland-workaround
 %patch422 -p1 -b .1705048
 %patch423 -p1 -b .1646135
+%patch424 -p1 -b .1715254
 
 # PGO patches
 %if %{build_with_pgo}
@@ -1027,6 +1029,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 #---------------------------------------------------------------------
 
 %changelog
+* Thu Jun 30 2021 Martin Stransky <stransky@redhat.com> - 89.0.2-2
+- Added fix for mozbz#1715254 (rhbz#1976892).
+
 * Thu Jun 24 2021 Martin Stransky <stransky@redhat.com> - 89.0.2-1
 - Updated to latest upstream (89.0.2)
 
diff --git a/mozilla-1715254.patch b/mozilla-1715254.patch
new file mode 100644
index 0000000..662a9d8
--- /dev/null
+++ b/mozilla-1715254.patch
@@ -0,0 +1,24 @@
+diff --git a/security/sandbox/linux/SandboxFilter.cpp b/security/sandbox/linux/SandboxFilter.cpp
+--- a/security/sandbox/linux/SandboxFilter.cpp
++++ b/security/sandbox/linux/SandboxFilter.cpp
+@@ -858,6 +858,9 @@
+       case __NR_clone:
+         return ClonePolicy(InvalidSyscall());
+ 
++      case __NR_clone3:
++        return Error(ENOSYS);
++
+         // More thread creation.
+ #ifdef __NR_set_robust_list
+       case __NR_set_robust_list:
+@@ -1504,6 +1507,9 @@
+       case __NR_clone:
+         return ClonePolicy(Error(EPERM));
+ 
++      case __NR_clone3:
++        return Error(ENOSYS);
++
+ #  ifdef __NR_fadvise64
+       case __NR_fadvise64:
+         return Allow();
+
-- 
cgit