Accepting request 873154 from home:Vogtinator:qt5.15

- Add patch to fix sandbox with glibc 2.33 on 32bit: * sandbox-statx-futex_time64.patch OBS-URL: https://build.opensuse.org/request/show/873154 OBS-URL: https://build.opensuse.org/package/show/KDE:Qt:5.15/libqt5-qtwebengine?expand=0&rev=21
2021-02-17 15:13:18 +00:00 · 2021-02-17 15:13:18 +00:00 · 700a6ee713
commit 700a6ee713
parent 3e2a7c2c60
3 changed files with 48 additions and 2 deletions
--- a/libqt5-qtwebengine.changes
+++ b/libqt5-qtwebengine.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Feb 17 13:19:20 UTC 2021 - Fabian Vogt <fabian@ritter-vogt.de>
+
+- Add patch to fix sandbox with glibc 2.33 on 32bit:
+  * sandbox-statx-futex_time64.patch
+
 -------------------------------------------------------------------
 Tue Feb 16 09:52:13 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>

--- a/libqt5-qtwebengine.spec
+++ b/libqt5-qtwebengine.spec
@ -53,8 +53,9 @@ Source:         https://download.qt.io/official_releases/qt/5.15/%{real_version}
 Patch1:         armv6-ffmpeg-no-thumb.patch
 # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff
 Patch2:         disable-gpu-when-using-nouveau-boo-1005323.diff
-Patch7:         fix1163766.patch
-Patch8:         chromium-glibc-2.33.patch
+Patch3:         fix1163766.patch
+Patch4:         chromium-glibc-2.33.patch
+Patch5:         sandbox-statx-futex_time64.patch
 # PATCH-FIX-OPENSUSE
 Patch9:         rtc-dont-use-h264.patch
 # PATCH-FIX-UPSTREAM
--- a/sandbox-statx-futex_time64.patch
+++ b/sandbox-statx-futex_time64.patch
@ -0,0 +1,39 @@
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Subject: Sandbox: Handle statx and futex_time64
+
+glibc uses statx in some more places now (e.g stat64 -> __fstatat64_time64),
+but it's caught by the sandbox, which doesn't handle it and breaks.
+Return -ENOSYS instead to trigger the fallback in glibc.
+
+futex_time64 is also used internally in glibc, so handle that as well.
+The signature is identical where it matters.
+
+Index: qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+===================================================================
+--- qtwebengine-everywhere-src-5.15.2.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -190,6 +190,11 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+   if (sysno == __NR_futex)
+     return RestrictFutex();
+ 
+#if defined(__NR_futex_time64)
+  if (sysno == __NR_futex_time64)
+    return RestrictFutex();
+#endif
+
+   if (sysno == __NR_set_robust_list)
+     return Error(EPERM);
+ 
+@@ -265,6 +270,12 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+   }
+ #endif
+ 
+#if defined(__NR_statx)
+  if (sysno == __NR_statx) {
+    return Error(ENOSYS);
+  }
+#endif
+
+   if (SyscallSets::IsFileSystem(sysno) ||
+       SyscallSets::IsCurrentDirectory(sysno)) {
+     return Error(fs_denied_errno);