libqt5-qtwebengine/fix1163766.patch

Author Bernhard M. Wiedemann <bwiedemann suse de>
Date: 2020-04-07

https://bugzilla.opensuse.org/show_bug.cgi?id=1163766

seccomp filters disallow a new kernel syscall to get time
used on i586

Index: qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
===================================================================
--- qtwebengine-everywhere-src-5.15.0-beta3.orig/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
+++ qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
@@ -1710,5 +1710,13 @@
 #define __NR_clone3 435
 #endif
 
+#if !defined(__NR_clock_gettime64)
+#define __NR_clock_gettime64 403
+#endif
+
+#if !defined(__NR_clock_nanosleep_time64)
+#define __NR_clock_nanosleep_time64 407
+#endif
+
 #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_
 
Index: qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
===================================================================
--- qtwebengine-everywhere-src-5.15.0-beta3.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -151,6 +151,11 @@ ResultExpr EvaluateSyscallImpl(int fs_de
   if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
     return RestrictClockID();
   }
+#if defined(__NR_clock_gettime64)
+  if (sysno == __NR_clock_gettime64 || sysno == __NR_clock_nanosleep_time64) {
+    return RestrictClockID();
+  }
+#endif
 
   if (sysno == __NR_clone) {
     return RestrictCloneToThreadsAndEPERMFork();
Index: qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc
===================================================================
--- qtwebengine-everywhere-src-5.15.0-beta3.orig/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc
+++ qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc
@@ -31,6 +31,9 @@ ResultExpr ImeProcessPolicy::EvaluateSys
 #if defined(__NR_clock_gettime)
     case __NR_clock_gettime:
 #endif
+#if defined(__NR_clock_gettime64)
+    case __NR_clock_gettime64:
+#endif
       return Allow();
 // https://crbug.com/991435
 #if defined(__NR_getrusage)
Accepting request 796191 from home:Vogtinator:qt5.15 - Refresh fix1163766.patch - Add fix1163766.patch to fix opensuse-welcome on i686 (boo#1163766) * QTBUG-81574.patch - Fix a deadlock causing audio/video playback to fail (boo#1163744): * QTBUG-82186.patch - Fix an issue with selections breaking replying in KMail: * QTBUG-81574.patch OBS-URL: https://build.opensuse.org/request/show/796191 OBS-URL: https://build.opensuse.org/package/show/KDE:Qt:5.15/libqt5-qtwebengine?expand=0&rev=7 2020-04-23 13:15:04 +02:00			`Author Bernhard M. Wiedemann <bwiedemann suse de>`
			`Date: 2020-04-07`

			`https://bugzilla.opensuse.org/show_bug.cgi?id=1163766`

			`seccomp filters disallow a new kernel syscall to get time`
			`used on i586`

			`Index: qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h`
			`===================================================================`
			`--- qtwebengine-everywhere-src-5.15.0-beta3.orig/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h`
			`+++ qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h`
			`@@ -1710,5 +1710,13 @@`
			`#define __NR_clone3 435`
			`#endif`

			`+#if !defined(__NR_clock_gettime64)`
			`+#define __NR_clock_gettime64 403`
			`+#endif`
			`+`
			`+#if !defined(__NR_clock_nanosleep_time64)`
			`+#define __NR_clock_nanosleep_time64 407`
			`+#endif`
			`+`
			`#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_`

			`Index: qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc`
			`===================================================================`
			`--- qtwebengine-everywhere-src-5.15.0-beta3.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc`
			`+++ qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc`
			`@@ -151,6 +151,11 @@ ResultExpr EvaluateSyscallImpl(int fs_de`
			`if (sysno == __NR_clock_gettime \|\| sysno == __NR_clock_nanosleep) {`
			`return RestrictClockID();`
			`}`
			`+#if defined(__NR_clock_gettime64)`
			`+ if (sysno == __NR_clock_gettime64 \|\| sysno == __NR_clock_nanosleep_time64) {`
			`+ return RestrictClockID();`
			`+ }`
			`+#endif`

			`if (sysno == __NR_clone) {`
			`return RestrictCloneToThreadsAndEPERMFork();`
			`Index: qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc`
			`===================================================================`
			`--- qtwebengine-everywhere-src-5.15.0-beta3.orig/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc`
			`+++ qtwebengine-everywhere-src-5.15.0-beta3/src/3rdparty/chromium/services/service_manager/sandbox/linux/bpf_ime_policy_linux.cc`
			`@@ -31,6 +31,9 @@ ResultExpr ImeProcessPolicy::EvaluateSys`
			`#if defined(__NR_clock_gettime)`
			`case __NR_clock_gettime:`
			`#endif`
			`+#if defined(__NR_clock_gettime64)`
			`+ case __NR_clock_gettime64:`
			`+#endif`
			`return Allow();`
			`// https://crbug.com/991435`
			`#if defined(__NR_getrusage)`