rpm/libqt5-qtwebengine
SHA256
1
0
Fork 0
forked from pool/libqt5-qtwebengine
Code Pull Requests Activity

Accepting request 873181 from KDE:Qt:5.15

Browse Source 
- Add patch to fix sandbox with glibc 2.33 on 32bit:
  * sandbox-statx-futex_time64.patch

- Relax constraints for armv6 and armv7

OBS-URL: https://build.opensuse.org/request/show/873181
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtwebengine?expand=0&rev=66
This commit is contained in:
Richard Brown 2021-02-22 13:22:40 +00:00 committed by Git OBS Bridge
commit 46f823e5a0
4 changed files with 67 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
_constraints
View File

@ -11,4 +11,18 @@
</physicalmemory> </physicalmemory>
<processors>4</processors> <processors>4</processors>
</hardware> </hardware>
<overwrite>
<conditions>
<arch>armv6l</arch>
<arch>armv7l</arch>
</conditions>
<hardware>
<memory>
<size unit="G">9</size>
</memory>
<physicalmemory>
<size unit="G">8</size>
</physicalmemory>
</hardware>
</overwrite>
</constraints> </constraints>

11
libqt5-qtwebengine.changes
View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Feb 17 13:19:20 UTC 2021 - Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to fix sandbox with glibc 2.33 on 32bit:
* sandbox-statx-futex_time64.patch
-------------------------------------------------------------------
Tue Feb 16 09:52:13 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Relax constraints for armv6 and armv7
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 15 16:28:49 UTC 2021 - Fabian Vogt <fabian@ritter-vogt.de> Mon Feb 15 16:28:49 UTC 2021 - Fabian Vogt <fabian@ritter-vogt.de>

5
libqt5-qtwebengine.spec
View File

@ -53,8 +53,9 @@ Source: https://download.qt.io/official_releases/qt/5.15/%{real_version}
Patch1: armv6-ffmpeg-no-thumb.patch Patch1: armv6-ffmpeg-no-thumb.patch
# PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff
Patch2: disable-gpu-when-using-nouveau-boo-1005323.diff Patch2: disable-gpu-when-using-nouveau-boo-1005323.diff
Patch7: fix1163766.patch Patch3: fix1163766.patch
Patch8: chromium-glibc-2.33.patch Patch4: chromium-glibc-2.33.patch
Patch5: sandbox-statx-futex_time64.patch
# PATCH-FIX-OPENSUSE # PATCH-FIX-OPENSUSE
Patch9: rtc-dont-use-h264.patch Patch9: rtc-dont-use-h264.patch
# PATCH-FIX-UPSTREAM # PATCH-FIX-UPSTREAM

39
sandbox-statx-futex_time64.patch Normal file
View File

@ -0,0 +1,39 @@
From: Fabian Vogt <fabian@ritter-vogt.de>
Subject: Sandbox: Handle statx and futex_time64
glibc uses statx in some more places now (e.g stat64 -> __fstatat64_time64),
but it's caught by the sandbox, which doesn't handle it and breaks.
Return -ENOSYS instead to trigger the fallback in glibc.
futex_time64 is also used internally in glibc, so handle that as well.
The signature is identical where it matters.
Index: qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
===================================================================
--- qtwebengine-everywhere-src-5.15.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -190,6 +190,11 @@ ResultExpr EvaluateSyscallImpl(int fs_de
if (sysno == __NR_futex)
return RestrictFutex();
+#if defined(__NR_futex_time64)
+ if (sysno == __NR_futex_time64)
+ return RestrictFutex();
+#endif
+
if (sysno == __NR_set_robust_list)
return Error(EPERM);
@@ -265,6 +270,12 @@ ResultExpr EvaluateSyscallImpl(int fs_de
}
#endif
+#if defined(__NR_statx)
+ if (sysno == __NR_statx) {
+ return Error(ENOSYS);
+ }
+#endif
+
if (SyscallSets::IsFileSystem(sysno) ||
SyscallSets::IsCurrentDirectory(sysno)) {
return Error(fs_denied_errno);