Accepting request 822876 from KDE:Frameworks5

OBS-URL: https://build.opensuse.org/request/show/822876
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/kscreenlocker?expand=0&rev=87
This commit is contained in:
Dominique Leuenberger 2020-07-28 15:23:00 +00:00 committed by Git OBS Bridge
commit 317a6d4283
3 changed files with 61 additions and 1 deletions

View File

@ -0,0 +1,51 @@
From cd2d031b191c6b4e6a0eb4bd51ed8b2c72c21f76 Mon Sep 17 00:00:00 2001
From: Fabian Vogt <fabian@ritter-vogt.de>
Date: Fri, 24 Jul 2020 13:22:50 +0200
Subject: [PATCH] Disable the seccomp sandbox
References: boo#1174448
In the referenced bug, it somehow fails to make the created context current,
so no GL vendor detection is performed and it is assumed to not be Nvidia
or on Wayland. This breaks rendering.
While it would be enough to only disable the sandbox in this particular case,
it's planned to drop sandboxing anyway
(https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/9) so just do the
same here, just in a simpler way with less side effects.
---
greeter/seccomp_filter.cpp | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/greeter/seccomp_filter.cpp b/greeter/seccomp_filter.cpp
index bca3001..8e2f156 100644
--- a/greeter/seccomp_filter.cpp
+++ b/greeter/seccomp_filter.cpp
@@ -28,6 +28,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
#include <QDBusConnection>
#include <QOpenGLContext>
#include <QOffscreenSurface>
+#include <QDebug>
#include <seccomp.h>
#include <sys/socket.h>
@@ -62,11 +63,18 @@ void init()
else if (gl->isSoftwareEmulation() && KWindowSystem::isPlatformWayland()) {
createSupported = writeSupported = false;
}
+ } else {
+ qWarning() << "Making the context current failed";
+ return;
}
+ } else {
+ qWarning() << "Creating an offscreen context failed";
+ return;
}
// access DBus to have the socket open
QDBusConnection::sessionBus();
+ return;
// default action: allow
// we cannot use a whitelist approach of syscalls
--
2.25.1

View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Jul 24 11:24:06 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to disable the seccomp sandbox (boo#1174448):
* 0001-Disable-the-seccomp-sandbox.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jul 7 12:38:54 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de> Tue Jul 7 12:38:54 UTC 2020 - Fabian Vogt <fabian@ritter-vogt.de>

View File

@ -32,6 +32,8 @@ Source1: https://download.kde.org/stable/plasma/%{version}/kscreenlocker-
Source2: plasma.keyring Source2: plasma.keyring
%endif %endif
Source3: kde Source3: kde
# PATCH-FIX-UPSTREAM (kind of, https://invent.kde.org/plasma/kscreenlocker/-/merge_requests/9)
Patch1: 0001-Disable-the-seccomp-sandbox.patch
BuildRequires: cmake >= 2.8.12 BuildRequires: cmake >= 2.8.12
BuildRequires: extra-cmake-modules >= 1.8.0 BuildRequires: extra-cmake-modules >= 1.8.0
BuildRequires: kf5-filesystem BuildRequires: kf5-filesystem
@ -86,8 +88,9 @@ Requires: cmake(Qt5X11Extras) >= 5.5.0
Development files for Library and components for secure lock screen architecture. Development files for Library and components for secure lock screen architecture.
%lang_package %lang_package
%prep %prep
%setup -q -n %{name}-%{version} %autosetup -p1 -n %{name}-%{version}
%build %build
%cmake_kf5 -d build -- -DKDE4_COMMON_PAM_SERVICE=kde -DCMAKE_INSTALL_LOCALEDIR=%{_kf5_localedir} %cmake_kf5 -d build -- -DKDE4_COMMON_PAM_SERVICE=kde -DCMAKE_INSTALL_LOCALEDIR=%{_kf5_localedir}