rpm/libqt5-qtwebengine
SHA256
1
0
Fork 0
forked from pool/libqt5-qtwebengine
Code Pull Requests Activity

Accepting request 1252804 from KDE:Qt:5.15

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/1252804
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libqt5-qtwebengine?expand=0&rev=105
This commit is contained in:
Dominique Leuenberger
2025-03-15 15:15:14 +00:00
committed by Git OBS Bridge
parent 00bf3777d7 99b59e0bc9
commit 8b177e5557
3 changed files with 83 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libqt5-qtwebengine.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 12 08:39:57 UTC 2025 - Fabian Vogt <fvogt@suse.com>
- Add patch to fix the sandbox on 32-bit x86:
* sandbox_recvmsg.patch
-------------------------------------------------------------------
Fri Feb 14 16:17:54 UTC 2025 - Christophe Marin <christophe@krop.fr>

3
libqt5-qtwebengine.spec
View File

@@ -68,6 +68,8 @@ Patch8: 0001-Use-default-constructor-in-place-of-self-delegation-.patch
Patch9: python3.12-imp.patch
Patch10: python3.12-six.patch
Patch11: python3.13-pipes.patch
# PATCH-FIX-UPSTREAM https://bugreports.qt.io/browse/QTBUG-57709?focusedId=427082#comment-427082
Patch12: sandbox_recvmsg.patch
### Patch 50-99 are applied conditionally
# PATCH-FIX-OPENSUSE -- allow building qtwebengine with ffmpeg5
Patch50: qtwebengine-ffmpeg5.patch
@@ -311,6 +313,7 @@ Examples for the libqt5-qtpdf module.
%patch -P9 -p1
%patch -P10 -p1
%patch -P11 -p1
%patch -P12 -p1
# FFmpeg 5
%if %{with system_ffmpeg}

74
sandbox_recvmsg.patch Normal file
View File

@@ -0,0 +1,74 @@
From: Allan Sandfeld Jensen
Subject: Allow recvfrom and recvmsg on 32-bit x86
From https://bugreports.qt.io/browse/QTBUG-57709
Edited by fvogt@suse.com to include even more stuff.
Index: qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
===================================================================
--- qtwebengine-everywhere-src-5.15.18.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -363,7 +363,7 @@ bool SyscallSets::IsAllowedOperationOnFd
#endif
case __NR_dup3:
#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__i386__)
case __NR_shutdown:
#endif
return true;
@@ -465,7 +465,7 @@ bool SyscallSets::IsAllowedGetOrModifySo
return true;
default:
#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__i386__)
case __NR_socketpair: // We will want to inspect its argument.
#endif
return false;
@@ -483,6 +483,13 @@ bool SyscallSets::IsDeniedGetOrModifySoc
case __NR_socket:
case __NR_listen:
return true;
+#elif defined(__i386__)
+ case __NR_accept4:
+ case __NR_bind:
+ case __NR_connect:
+ case __NR_socket:
+ case __NR_listen:
+ return true;
#endif
default:
return false;
@@ -575,7 +582,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
case __NR_recv:
#endif
#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__i386__)
case __NR_recvfrom: // Could specify source.
case __NR_recvmsg: // Could specify source.
#endif
@@ -590,7 +597,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
case __NR_send:
#endif
#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__i386__)
case __NR_sendmsg: // Could specify destination.
case __NR_sendto: // Could specify destination.
#endif
Index: qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
===================================================================
--- qtwebengine-everywhere-src-5.15.18.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -249,7 +249,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
return RestrictPrctl();
#if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
- defined(__aarch64__)
+ defined(__aarch64__) || defined(__i386__)
if (sysno == __NR_socketpair) {
// Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
static_assert(AF_UNIX == PF_UNIX,