Accepting request 928256 from home:cgiboudeaux:qtwebengine-lts
Update to 5.15.7 OBS-URL: https://build.opensuse.org/request/show/928256 OBS-URL: https://build.opensuse.org/package/show/KDE:Qt:5.15/libqt5-qtwebengine?expand=0&rev=34
This commit is contained in:
parent
5a4dcfd768
commit
878943ad66
@ -1,42 +0,0 @@
|
||||
From 218438259dd795456f0a48f67cbe5b4e520db88b Mon Sep 17 00:00:00 2001
|
||||
From: Matthew Denton <mpdenton@chromium.org>
|
||||
Date: Thu, 3 Jun 2021 20:06:13 +0000
|
||||
Subject: [PATCH] Linux sandbox: return ENOSYS for clone3
|
||||
|
||||
Because clone3 uses a pointer argument rather than a flags argument, we
|
||||
cannot examine the contents with seccomp, which is essential to
|
||||
preventing sandboxed processes from starting other processes. So, we
|
||||
won't be able to support clone3 in Chromium. This CL modifies the
|
||||
BPF policy to return ENOSYS for clone3 so glibc always uses the fallback
|
||||
to clone.
|
||||
|
||||
Bug: 1213452
|
||||
Change-Id: I7c7c585a319e0264eac5b1ebee1a45be2d782303
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2936184
|
||||
Reviewed-by: Robert Sesek <rsesek@chromium.org>
|
||||
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/master@{#888980}
|
||||
---
|
||||
.../sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++++
|
||||
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
index 3c67b124786..81cb25e139e 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
@@ -165,6 +165,14 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
||||
return RestrictCloneToThreadsAndEPERMFork();
|
||||
}
|
||||
|
||||
+ // clone3 takes a pointer argument which we cannot examine, so return ENOSYS
|
||||
+ // to force the libc to use clone. See https://crbug.com/1213452.
|
||||
+ #if defined(__NR_clone3)
|
||||
+ if (sysno == __NR_clone3) {
|
||||
+ return Error(ENOSYS);
|
||||
+ }
|
||||
+ #endif
|
||||
+
|
||||
if (sysno == __NR_fcntl)
|
||||
return RestrictFcntlCommands();
|
||||
|
||||
--
|
||||
2.32.0
|
4
_service
4
_service
@ -1,11 +1,11 @@
|
||||
<services>
|
||||
<service name="tar_scm" mode="disabled">
|
||||
<param name="changesgenerate">enable</param>
|
||||
<param name="version">5.15.6</param>
|
||||
<param name="version">5.15.7</param>
|
||||
<param name="url">git://code.qt.io/qt/qtwebengine.git</param>
|
||||
<param name="scm">git</param>
|
||||
<param name="filename">qtwebengine-everywhere-src</param>
|
||||
<param name="revision">v5.15.6-lts</param>
|
||||
<param name="revision">v5.15.7-lts</param>
|
||||
</service>
|
||||
<service name="recompress" mode="disabled">
|
||||
<param name="file">*.tar</param>
|
||||
|
@ -1,4 +1,4 @@
|
||||
<servicedata>
|
||||
<service name="tar_scm">
|
||||
<param name="url">git://code.qt.io/qt/qtwebengine.git</param>
|
||||
<param name="changesrevision">2acbba86362ac3a1c2d8c20390dc263875f8f09c</param></service></servicedata>
|
||||
<param name="changesrevision">f0a1cb8da24518c03858b85378f9ad82b0603a1a</param></service></servicedata>
|
@ -1,149 +0,0 @@
|
||||
# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
|
||||
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
index 4772dc0..1f31d3a 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
@@ -268,6 +268,18 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
||||
}
|
||||
#endif
|
||||
|
||||
+#if defined(__NR_newfstatat)
|
||||
+ if (sysno == __NR_newfstatat) {
|
||||
+ return RewriteFstatatSIGSYS();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
+#if defined(__NR_fstatat64)
|
||||
+ if (sysno == __NR_fstatat64) {
|
||||
+ return RewriteFstatatSIGSYS();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (SyscallSets::IsFileSystem(sysno) ||
|
||||
SyscallSets::IsCurrentDirectory(sysno)) {
|
||||
return Error(fs_denied_errno);
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
|
||||
index 76eb324..ad95656 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
|
||||
@@ -6,6 +6,8 @@
|
||||
|
||||
#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
|
||||
|
||||
+#include <errno.h>
|
||||
+#include <fcntl.h>
|
||||
#include <stddef.h>
|
||||
#include <stdint.h>
|
||||
#include <string.h>
|
||||
@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
|
||||
return -ENOSYS;
|
||||
}
|
||||
|
||||
+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
|
||||
+ void* aux) {
|
||||
+ switch (args.nr) {
|
||||
+#if defined(__NR_newfstatat)
|
||||
+ case __NR_newfstatat:
|
||||
+#endif
|
||||
+#if defined(__NR_fstatat64)
|
||||
+ case __NR_fstatat64:
|
||||
+#endif
|
||||
+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
|
||||
+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
|
||||
+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
|
||||
+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
|
||||
+ reinterpret_cast<struct stat64 *>(args.args[2]));
|
||||
+ } else {
|
||||
+ errno = EACCES;
|
||||
+ return -1;
|
||||
+ }
|
||||
+ break;
|
||||
+#endif
|
||||
+ }
|
||||
+
|
||||
+ CrashSIGSYS_Handler(args, aux);
|
||||
+
|
||||
+ // Should never be reached.
|
||||
+ RAW_CHECK(false);
|
||||
+ return -ENOSYS;
|
||||
+}
|
||||
+
|
||||
bpf_dsl::ResultExpr CrashSIGSYS() {
|
||||
return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
|
||||
}
|
||||
@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
|
||||
return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
|
||||
}
|
||||
|
||||
+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
|
||||
+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
|
||||
+}
|
||||
+
|
||||
void AllocateCrashKeys() {
|
||||
#if !defined(OS_NACL_NONSFI)
|
||||
if (seccomp_crash_key)
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
|
||||
index 7a958b9..d0bfab7 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
|
||||
@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
|
||||
// sched_setparam(), sched_setscheduler()
|
||||
SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
|
||||
void* aux);
|
||||
+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
|
||||
+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
|
||||
+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
|
||||
+ void* aux);
|
||||
|
||||
// Variants of the above functions for use with bpf_dsl.
|
||||
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
|
||||
@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
|
||||
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
|
||||
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
|
||||
SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
|
||||
+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
|
||||
|
||||
// Allocates a crash key so that Seccomp information can be recorded.
|
||||
void AllocateCrashKeys();
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
|
||||
index fcfd2aa..5396b36 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
|
||||
@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
|
||||
|
||||
#endif // defined(MEMORY_SANITIZER)
|
||||
|
||||
+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
|
||||
+{
|
||||
+#if defined(__NR_fstat64)
|
||||
+ return syscall(__NR_fstat64, fd, buf);
|
||||
+#else
|
||||
+ return syscall(__NR_fstat, fd, buf);
|
||||
+#endif
|
||||
+}
|
||||
+
|
||||
} // namespace sandbox
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
|
||||
index 1975bfb..ed7ee5a 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
|
||||
@@ -17,6 +17,7 @@ struct sock_fprog;
|
||||
struct rlimit64;
|
||||
struct cap_hdr;
|
||||
struct cap_data;
|
||||
+struct stat64;
|
||||
|
||||
namespace sandbox {
|
||||
|
||||
@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
|
||||
const struct sigaction* act,
|
||||
struct sigaction* oldact);
|
||||
|
||||
+// Recent glibc rewrites fstat to fstatat.
|
||||
+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
|
||||
+
|
||||
} // namespace sandbox
|
||||
|
||||
#endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
|
@ -1,24 +0,0 @@
|
||||
Subject: Fix build with harfbuzz 3.0.0
|
||||
|
||||
Upstream backport copied from Arch and rebased.
|
||||
|
||||
# https://github.com/chromium/chromium/commit/b289f6f3fcbc
|
||||
|
||||
diff --git a/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc b/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc
|
||||
index 8ff0540d9a..20a7d37474 100644
|
||||
--- a/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc
|
||||
+++ b/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc
|
||||
@@ -72,9 +72,11 @@ sk_sp<SkData> SubsetFont(SkTypeface* typeface, const GlyphUsage& usage) {
|
||||
hb_set_t* glyphs =
|
||||
hb_subset_input_glyph_set(input.get()); // Owned by |input|.
|
||||
usage.ForEach(base::BindRepeating(&AddGlyphs, base::Unretained(glyphs)));
|
||||
- hb_subset_input_set_retain_gids(input.get(), true);
|
||||
+ hb_subset_input_set_flags(input.get(), HB_SUBSET_FLAGS_RETAIN_GIDS);
|
||||
|
||||
- HbScoped<hb_face_t> subset_face(hb_subset(face.get(), input.get()));
|
||||
+ HbScoped<hb_face_t> subset_face(hb_subset_or_fail(face.get(), input.get()));
|
||||
+ if (!subset_face)
|
||||
+ return nullptr;
|
||||
HbScoped<hb_blob_t> subset_blob(hb_face_reference_blob(subset_face.get()));
|
||||
if (!subset_blob)
|
||||
return nullptr;
|
@ -1,26 +0,0 @@
|
||||
From: Fabian Vogt <fvogt@suse.com>
|
||||
Subject: Fix build with harfbuzz < 2.9.0
|
||||
|
||||
Index: qtwebengine-everywhere-src-5.15.6/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc
|
||||
===================================================================
|
||||
--- qtwebengine-everywhere-src-5.15.6.orig/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc
|
||||
+++ qtwebengine-everywhere-src-5.15.6/src/3rdparty/chromium/components/paint_preview/common/subset_font.cc
|
||||
@@ -71,11 +71,18 @@ sk_sp<SkData> SubsetFont(SkTypeface* typ
|
||||
hb_set_t* glyphs =
|
||||
hb_subset_input_glyph_set(input.get()); // Owned by |input|.
|
||||
usage.ForEach(base::BindRepeating(&AddGlyphs, base::Unretained(glyphs)));
|
||||
+#if HB_VERSION_ATLEAST(2,9,0)
|
||||
hb_subset_input_set_flags(input.get(), HB_SUBSET_FLAGS_RETAIN_GIDS);
|
||||
|
||||
HbScoped<hb_face_t> subset_face(hb_subset_or_fail(face.get(), input.get()));
|
||||
if (!subset_face)
|
||||
return nullptr;
|
||||
+#else
|
||||
+ hb_subset_input_set_retain_gids(input.get(), true);
|
||||
+
|
||||
+ HbScoped<hb_face_t> subset_face(hb_subset(face.get(), input.get()));
|
||||
+#endif
|
||||
+
|
||||
HbScoped<hb_blob_t> subset_blob(hb_face_reference_blob(subset_face.get()));
|
||||
if (!subset_blob)
|
||||
return nullptr;
|
@ -1,62 +0,0 @@
|
||||
From eaae274cb1975be558d8a535ba2310bc67c073a6 Mon Sep 17 00:00:00 2001
|
||||
From: "Bernhard M. Wiedemann" <bwiedemann suse de>
|
||||
Date: Wed, 24 Mar 2021 16:00:08 +0100
|
||||
Subject: [PATCH] https://bugzilla.opensuse.org/show_bug.cgi?id=1163766
|
||||
|
||||
seccomp filters disallow a new kernel syscall to get time
|
||||
used on i586
|
||||
---
|
||||
src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 6 ++++++
|
||||
src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h | 8 ++++++++
|
||||
src/3rdparty/chromium/sandbox/policy/linux/bpf_ime_policy_linux.cc | 3 +++
|
||||
3 files changed, 17 insertions(+)
|
||||
|
||||
Index: qtwebengine-everywhere-src-5.15.3/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
|
||||
===================================================================
|
||||
--- qtwebengine-everywhere-src-5.15.3.orig/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
|
||||
+++ qtwebengine-everywhere-src-5.15.3/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
|
||||
@@ -1710,5 +1710,13 @@
|
||||
#define __NR_clone3 435
|
||||
#endif
|
||||
|
||||
+#if !defined(__NR_clock_gettime64)
|
||||
+#define __NR_clock_gettime64 403
|
||||
+#endif
|
||||
+
|
||||
+#if !defined(__NR_clock_nanosleep_time64)
|
||||
+#define __NR_clock_nanosleep_time64 407
|
||||
+#endif
|
||||
+
|
||||
#endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_
|
||||
|
||||
Index: qtwebengine-everywhere-src-5.15.3/src/3rdparty/chromium/sandbox/policy/linux/bpf_ime_policy_linux.cc
|
||||
===================================================================
|
||||
--- qtwebengine-everywhere-src-5.15.3.orig/src/3rdparty/chromium/sandbox/policy/linux/bpf_ime_policy_linux.cc
|
||||
+++ qtwebengine-everywhere-src-5.15.3/src/3rdparty/chromium/sandbox/policy/linux/bpf_ime_policy_linux.cc
|
||||
@@ -32,6 +32,9 @@ ResultExpr ImeProcessPolicy::EvaluateSys
|
||||
#if defined(__NR_clock_gettime)
|
||||
case __NR_clock_gettime:
|
||||
#endif
|
||||
+#if defined(__NR_clock_gettime64)
|
||||
+ case __NR_clock_gettime64:
|
||||
+#endif
|
||||
return Allow();
|
||||
// https://crbug.com/991435
|
||||
#if defined(__NR_getrusage)
|
||||
Index: qtwebengine-everywhere-src-5.15.3/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
===================================================================
|
||||
--- qtwebengine-everywhere-src-5.15.3.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
+++ qtwebengine-everywhere-src-5.15.3/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
@@ -161,6 +161,12 @@ ResultExpr EvaluateSyscallImpl(int fs_de
|
||||
return RestrictClockID();
|
||||
}
|
||||
|
||||
+#if defined(__NR_clock_gettime64)
|
||||
+ if (sysno == __NR_clock_gettime64 || sysno == __NR_clock_nanosleep_time64) {
|
||||
+ return RestrictClockID();
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (sysno == __NR_clone) {
|
||||
return RestrictCloneToThreadsAndEPERMFork();
|
||||
}
|
@ -1,3 +1,68 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 29 09:53:05 UTC 2021 - christophe@krop.fr
|
||||
|
||||
- Update to version 5.15.7:
|
||||
* Update Chromium:
|
||||
[Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
|
||||
[Backport] sandbox: linux: allow clock_nanosleep & gettime64
|
||||
[Backport] Linux sandbox: update syscall numbers for all platforms.
|
||||
[Backport] Ease HarfBuzz API change with feature detection
|
||||
[Backport] Security bug 1248665
|
||||
[Backport] CVE-2021-37975 : Use after free in V8
|
||||
[Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
|
||||
[Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
|
||||
[Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
|
||||
[Backport] CVE-2021-37978 : Heap buffer overflow in Blink
|
||||
[Backport] CVE-2021-30616: Use after free in Media.
|
||||
[Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
|
||||
[Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
|
||||
[Backport] CVE-2021-37973 : Use after free in Portals
|
||||
[Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
|
||||
[Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
|
||||
[Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
|
||||
[Backport] Linux sandbox: return ENOSYS for clone3
|
||||
[Backport] Linux sandbox: fix fstatat() crash
|
||||
[Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
|
||||
[Backport] Security bug 1238178 (2/2)
|
||||
[Backport] Security bug 1238178 (1/2)
|
||||
[Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
|
||||
[Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
|
||||
[Backport] CVE-2021-30630: Inappropriate implementation in Blink
|
||||
[Backport] CVE-2021-30629: Use after free in Permissions
|
||||
[Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
|
||||
[Backport] CVE-2021-30627: Type Confusion in Blink layout
|
||||
[Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
|
||||
[Backport] CVE-2021-30625: Use after free in Selection API
|
||||
[Backport] Security bug 1206289
|
||||
[Backport] CVE-2021-30613: Use after free in Base internals
|
||||
[Backport] Security bug 1227228
|
||||
[Backport] CVE-2021-30618: Inappropriate implementation in DevTools
|
||||
* Update patch level
|
||||
* Blacklist certificate test until certicates have been renewed
|
||||
* Block CORS from local URLs when remote access is not enabled
|
||||
* Do not wait on weak_pointer for termination errors
|
||||
* Support MSVC_VER 16.8
|
||||
* Fix wrong save file filter for Markdown Editor example
|
||||
* Add Chromium version source documentation
|
||||
* Bump version from 5.15.6 to 5.15.7
|
||||
* Fix crash when clicking on a link in PDF
|
||||
- Drop openSUSE patches:
|
||||
* fix1163766.patch. Should be addressed with:
|
||||
https://github.com/qt/qtwebengine-chromium/commit/652f834de
|
||||
https://github.com/qt/qtwebengine-chromium/commit/faae106ed
|
||||
https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf
|
||||
* chromium-glibc-2.33.patch. Should be addressed with the
|
||||
[Backport] Linux sandbox: fix fstatat() crash and
|
||||
Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
|
||||
changes.
|
||||
* chromium-older-harfbuzz.patch
|
||||
- Drop upstream changes:
|
||||
* 0001-return-ENOSYS-for-clone3.patch
|
||||
* chromium-harfbuzz-3.0.0.patch
|
||||
* skia-harfbuzz-3.0.0.patch
|
||||
- Rebase patches:
|
||||
* sandbox-statx-futex_time64.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 21 11:34:41 UTC 2021 - Fabian Vogt <fvogt@suse.com>
|
||||
|
||||
|
@ -29,35 +29,26 @@
|
||||
%global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries
|
||||
|
||||
Name: libqt5-qtwebengine
|
||||
Version: 5.15.6
|
||||
Version: 5.15.7
|
||||
Release: 0
|
||||
Summary: Qt 5 WebEngine Library
|
||||
License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
|
||||
Group: Development/Libraries/X11
|
||||
URL: https://www.qt.io
|
||||
%define base_name libqt5
|
||||
%define real_version 5.15.6
|
||||
%define so_version 5.15.6
|
||||
%define real_version 5.15.7
|
||||
%define so_version 5.15.7
|
||||
%define tar_version qtwebengine-everywhere-src-%{version}
|
||||
Source: %{tar_version}.tar.xz
|
||||
# PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration for armv6
|
||||
Patch0: armv6-ffmpeg-no-thumb.patch
|
||||
# PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff
|
||||
Patch1: disable-gpu-when-using-nouveau-boo-1005323.diff
|
||||
Patch2: fix1163766.patch
|
||||
Patch3: sandbox-statx-futex_time64.patch
|
||||
Patch2: sandbox-statx-futex_time64.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch4: rtc-dont-use-h264.patch
|
||||
Patch3: rtc-dont-use-h264.patch
|
||||
# PATCH-FIX-UPSTREAM
|
||||
Patch5: chromium-glibc-2.33.patch
|
||||
# PATCH-FIX-UPSTREAM
|
||||
Patch6: 0001-Fix-build-with-glibc-2.34.patch
|
||||
# PATCH-FIX-UPSTREAM
|
||||
Patch7: 0001-return-ENOSYS-for-clone3.patch
|
||||
Patch8: chromium-harfbuzz-3.0.0.patch
|
||||
Patch9: skia-harfbuzz-3.0.0.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch10: chromium-older-harfbuzz.patch
|
||||
Patch4: 0001-Fix-build-with-glibc-2.34.patch
|
||||
# http://www.chromium.org/blink is not ported to PowerPC & s390
|
||||
ExcludeArch: ppc ppc64 ppc64le s390 s390x
|
||||
# Try to fix i586 MemoryErrors with rpmlint
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:0acc53400520e0c60c32065b914ed53660788051e826b49de45137833002bb75
|
||||
size 319566384
|
3
qtwebengine-everywhere-src-5.15.7.tar.xz
Normal file
3
qtwebengine-everywhere-src-5.15.7.tar.xz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3b7360ee119506bb89016f97ee0e5391fa5b3967b542f10092909feeaef460f7
|
||||
size 319447784
|
@ -8,11 +8,11 @@ Return -ENOSYS instead to trigger the fallback in glibc.
|
||||
futex_time64 is also used internally in glibc, so handle that as well.
|
||||
The signature is identical where it matters.
|
||||
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
index 3c67b124786..4772dc096f5 100644
|
||||
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
index 6f7768f7d..b3335e2bf 100644
|
||||
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
|
||||
@@ -194,6 +194,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
||||
@@ -203,6 +203,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
||||
if (sysno == __NR_futex)
|
||||
return RestrictFutex();
|
||||
|
||||
@ -24,8 +24,8 @@ index 3c67b124786..4772dc096f5 100644
|
||||
if (sysno == __NR_set_robust_list)
|
||||
return Error(EPERM);
|
||||
|
||||
@@ -257,6 +262,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
||||
return RestrictKillTarget(current_pid, sysno);
|
||||
@@ -283,6 +288,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
|
||||
return RewriteFstatatSIGSYS(fs_denied_errno);
|
||||
}
|
||||
|
||||
+#if defined(__NR_statx)
|
||||
|
@ -1,104 +0,0 @@
|
||||
Subject: Fix build with harfbuzz 3.0.0
|
||||
|
||||
Upstream backport copied from Arch and rebased.
|
||||
|
||||
# Minimal diff for harfbuzz 3.0.0 support; based on:
|
||||
# https://github.com/google/skia/commit/66684b17b382
|
||||
# https://github.com/google/skia/commit/51d83abcd24a
|
||||
|
||||
diff --git a/src/3rdparty/chromium/third_party/skia/gn/skia.gni b/src/3rdparty/chromium/third_party/skia/gn/skia.gni
|
||||
index d98fdc19ee..199335d5c4 100644
|
||||
--- a/src/3rdparty/chromium/third_party/skia/gn/skia.gni
|
||||
+++ b/src/3rdparty/chromium/third_party/skia/gn/skia.gni
|
||||
@@ -34,8 +34,6 @@ declare_args() {
|
||||
skia_include_multiframe_procs = false
|
||||
skia_lex = false
|
||||
skia_libgifcodec_path = "third_party/externals/libgifcodec"
|
||||
- skia_pdf_subset_harfbuzz =
|
||||
- false # TODO: set skia_pdf_subset_harfbuzz to skia_use_harfbuzz.
|
||||
skia_qt_path = getenv("QT_PATH")
|
||||
skia_skqp_global_error_tolerance = 0
|
||||
skia_tools_require_resources = false
|
||||
@@ -99,6 +97,10 @@ declare_args() {
|
||||
skia_use_libfuzzer_defaults = true
|
||||
}
|
||||
|
||||
+declare_args() {
|
||||
+ skia_pdf_subset_harfbuzz = skia_use_harfbuzz
|
||||
+}
|
||||
+
|
||||
declare_args() {
|
||||
skia_compile_sksl_tests = skia_compile_processors
|
||||
skia_enable_fontmgr_android = skia_use_expat && skia_use_freetype
|
||||
diff --git a/src/3rdparty/chromium/third_party/skia/src/pdf/SkPDFSubsetFont.cpp b/src/3rdparty/chromium/third_party/skia/src/pdf/SkPDFSubsetFont.cpp
|
||||
index 81c37eef3a..2340a7937b 100644
|
||||
--- a/src/3rdparty/chromium/third_party/skia/src/pdf/SkPDFSubsetFont.cpp
|
||||
+++ b/src/3rdparty/chromium/third_party/skia/src/pdf/SkPDFSubsetFont.cpp
|
||||
@@ -49,6 +49,37 @@ static sk_sp<SkData> to_data(HBBlob blob) {
|
||||
blob.release());
|
||||
}
|
||||
|
||||
+template<typename...> using void_t = void;
|
||||
+template<typename T, typename = void>
|
||||
+struct SkPDFHarfBuzzSubset {
|
||||
+ // This is the HarfBuzz 3.0 interface.
|
||||
+ // hb_subset_flags_t does not exist in 2.0. It isn't dependent on T, so inline the value of
|
||||
+ // HB_SUBSET_FLAGS_RETAIN_GIDS until 2.0 is no longer supported.
|
||||
+ static HBFace Make(T input, hb_face_t* face) {
|
||||
+ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
|
||||
+ // If it isn't known if a font is 'tricky', retain the hints.
|
||||
+ hb_subset_input_set_flags(input, 2/*HB_SUBSET_FLAGS_RETAIN_GIDS*/);
|
||||
+ return HBFace(hb_subset_or_fail(face, input));
|
||||
+ }
|
||||
+};
|
||||
+template<typename T>
|
||||
+struct SkPDFHarfBuzzSubset<T, void_t<
|
||||
+ decltype(hb_subset_input_set_retain_gids(std::declval<T>(), std::declval<bool>())),
|
||||
+ decltype(hb_subset_input_set_drop_hints(std::declval<T>(), std::declval<bool>())),
|
||||
+ decltype(hb_subset(std::declval<hb_face_t*>(), std::declval<T>()))
|
||||
+ >>
|
||||
+{
|
||||
+ // This is the HarfBuzz 2.0 (non-public) interface, used if it exists.
|
||||
+ // This code should be removed as soon as all users are migrated to the newer API.
|
||||
+ static HBFace Make(T input, hb_face_t* face) {
|
||||
+ hb_subset_input_set_retain_gids(input, true);
|
||||
+ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
|
||||
+ // If it isn't known if a font is 'tricky', retain the hints.
|
||||
+ hb_subset_input_set_drop_hints(input, false);
|
||||
+ return HBFace(hb_subset(face, input));
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
|
||||
const SkPDFGlyphUse& glyphUsage,
|
||||
int ttcIndex) {
|
||||
@@ -71,11 +102,10 @@ static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
|
||||
hb_set_t* glyphs = hb_subset_input_glyph_set(input.get());
|
||||
glyphUsage.getSetValues([&glyphs](unsigned gid) { hb_set_add(glyphs, gid);});
|
||||
|
||||
- hb_subset_input_set_retain_gids(input.get(), true);
|
||||
- // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
|
||||
- // If it isn't known if a font is 'tricky', retain the hints.
|
||||
- hb_subset_input_set_drop_hints(input.get(), false);
|
||||
- HBFace subset(hb_subset(face.get(), input.get()));
|
||||
+ HBFace subset = SkPDFHarfBuzzSubset<hb_subset_input_t*>::Make(input.get(), face.get());
|
||||
+ if (!subset) {
|
||||
+ return nullptr;
|
||||
+ }
|
||||
HBBlob result(hb_face_reference_blob(subset.get()));
|
||||
return to_data(std::move(result));
|
||||
}
|
||||
diff --git a/src/3rdparty/chromium/third_party/skia/third_party/harfbuzz/BUILD.gn b/src/3rdparty/chromium/third_party/skia/third_party/harfbuzz/BUILD.gn
|
||||
index 173830de62..4156607ef9 100644
|
||||
--- a/src/3rdparty/chromium/third_party/skia/third_party/harfbuzz/BUILD.gn
|
||||
+++ b/src/3rdparty/chromium/third_party/skia/third_party/harfbuzz/BUILD.gn
|
||||
@@ -14,6 +14,9 @@ if (skia_use_system_harfbuzz) {
|
||||
system("harfbuzz") {
|
||||
include_dirs = [ "/usr/include/harfbuzz" ]
|
||||
libs = [ "harfbuzz" ]
|
||||
+ if (skia_pdf_subset_harfbuzz) {
|
||||
+ libs += [ "harfbuzz-subset" ]
|
||||
+ }
|
||||
}
|
||||
} else {
|
||||
third_party("harfbuzz") {
|
Loading…
Reference in New Issue
Block a user