testing/firefox: improve seccomp, use pthread_setname_np

ref #7454

testing/firefox/APKBUILD

@@ -4,7 +4,7 @@ pkgname=firefox
 pkgver=54.0.1
 _pkgver=$pkgver
 _xulver=$pkgver
-pkgrel=0
+pkgrel=1
 pkgdesc="Firefox web browser"
 url="http://www.firefox.com"
 # limited by rust and cargo
@@ -60,7 +60,6 @@ source="https://ftp.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkg
 	fix-toolkit.patch
 	fix-tools.patch
 	mallinfo.patch
-	musl-pthread-setname.patch
 
 	fix-fortify-system-wrappers.patch
 	fix-arm-atomics-grsec.patch
@@ -223,11 +222,10 @@ sha512sums="43607c2c0af995a21dc7f0f68b24b7e5bdb3faa5ee06025901c826bfe4d169256ea1
 7e123144bc2b1efed149dfb41b255c447d43ea93a63ebe114d01945e6a6d69edc2f2a3c36980a93279106c1842355851b8b6c1d96679ee6be7b9b30513e0b1a8  0002-Use-C99-math-isfinite.patch
 09bc32cf9ee81b9cc6bb58ddbc66e6cc5c344badff8de3435cde5848e5a451e0172153231db85c2385ff05b5d9c20760cb18e4138dfc99060a9e960de2befbd5  fix-fortify-inline.patch
 0fcc647af53a3ce21c2bc36e5631eb0935e7243ebb3ab59b5719542cc54a6ac023a4a857b43b75756efb9ed80c0aecaa94dc5679a3b3792f82e87bf2c1af82e1  disable-hunspell_hooks.patch
-70863b985427b9653ce5e28d6064f078fb6d4ccf43dd1b68e72f97f44868fc0ce063161c39a4e77a0a1a207b7365d5dc7a7ca5e68c726825eba814f2b93e2f5d  fix-seccomp-bpf.patch
+5e7722b8899bf25f5a941980de9a4e9e9a1efcfa9ce12edb70e525e6022bc0e8ef284804be622e8d17eb3bbc1d99c1554b54cfd4d066ea639de810d30005267f  fix-seccomp-bpf.patch
 a2925045154f4fd34e5fc056656f4f9da100341529e5d4104d249154db0c7863384083f421ce6e47e0f20566a8b20787fa35444c7933c03cd03f96f06dcd4532  fix-toolkit.patch
 94884c11ff4b38ed33cd890c21956f956fadc9b53c78891074501388cb2c95674a143a0109cbd7cc2b7f4035d6514cd800686f56778fc3711603dc0187c1b703  fix-tools.patch
 bdcd1b402d2ec94957ba5d08cbad7b1a7f59c251c311be9095208491a05abb05a956c79f27908e1f26b54a3679387b2f33a51e945b650671ad85c0a2d59a5a29  mallinfo.patch
-3f535b1e4e9a5a0506ef6f6d9427a84fae1efa3c8e8d6b25b21046d2d04c132bde1a7a98e415067e5c542f699d89249b8cc3d925e0be4e96db498037429691ef  musl-pthread-setname.patch
 2a967e4619fd89a046bd40be7fdcef646fcb1eba5e47afc96aa1d59c25bcc8747cb07baee6c11f3b803db0981aced181534b806778e4d21e74958f5f4d74c784  fix-fortify-system-wrappers.patch
 ed0d344c66fc8e1cc83a11e9858b32c42e841cbeedd9eb9438811e9fcc3593dc824a8336d00058d55836cedc970aeadd6a82c6dcd7bc0fb746e564d8b478cc6c  fix-arm-atomics-grsec.patch
 015e1ff6dbf920033982b5df95d869a0b7bf56c6964e45e50649ddf46d1ce09563458e45240c3ecb92808662b1300b67507f7af272ba184835d91068a9e7d5b0  fix-arm-version-detect.patch

testing/firefox/fix-seccomp-bpf.patch

@@ -12,3 +12,34 @@
  namespace {
  
  struct arch_sigsys {
+--- firefox-54.0.1/security/sandbox/linux/SandboxFilter.cpp.orig	2017-07-11 07:51:56.342122784 +0000
++++ firefox-54.0.1/security/sandbox/linux/SandboxFilter.cpp	2017-07-11 08:05:27.553930300 +0000
+@@ -134,6 +134,7 @@
+       .Case(flags_common | CLONE_DETACHED, Allow()) // <= JB 4.2
+       .Case(flags_common, Allow()) // JB 4.3 or KK 4.4
+ #endif
++      .Case(flags_modern | CLONE_DETACHED, Allow()) // musl
+       .Case(flags_modern, Allow()) // Android L or glibc
+       .Default(failPolicy);
+   }
+@@ -241,6 +242,9 @@
+       // Polyfill with tgkill; see above.
+     case __NR_tkill:
+       return Trap(TKillCompatTrap, nullptr);
++#elseif !defined(__GLIBC__)
++    case __NR_tkill:
++      return Allow();
+ #endif
+ 
+       // Yield
+--- firefox-54.0.1/security/sandbox/linux/SandboxFilterUtil.h.orig	2017-07-11 08:05:38.380798447 +0000
++++ firefox-54.0.1/security/sandbox/linux/SandboxFilterUtil.h	2017-07-11 08:06:20.274911403 +0000
+@@ -118,7 +118,7 @@
+ #define CASES_FOR_fstatfs   case __NR_fstatfs
+ #define CASES_FOR_statfs   case __NR_statfs
+ #define CASES_FOR_fcntl   case __NR_fcntl
+-#define CASES_FOR_getdents   case __NR_getdents
++#define CASES_FOR_getdents   case __NR_getdents64: case __NR_getdents
+ #define CASES_FOR_lseek   case __NR_lseek
+ #define CASES_FOR_ftruncate   case __NR_ftruncate
+ #endif

testing/firefox/musl-pthread-setname.patch

@@ -1,14 +0,0 @@
---- a/js/src/threading/posix/Thread.cpp.orig	2016-09-20 22:19:46.368622126 +0200
-+++ b/js/src/threading/posix/Thread.cpp	2016-09-20 22:23:35.495823534 +0200
-@@ -153,8 +153,10 @@
-   rv = 0;
- #elif defined(__NetBSD__)
-   rv = pthread_setname_np(pthread_self(), "%s", (void*)name);
--#else
-+#elif defined(__GLIBC__)
-   rv = pthread_setname_np(pthread_self(), name);
-+#else
-+  rv = 0;
- #endif
-   MOZ_RELEASE_ASSERT(!rv);
- }