From 2062c034e8fe472549a9ea434d87bab2bef78bcf1a3b5d36ddc90ba894902878 Mon Sep 17 00:00:00 2001 From: Christophe Giboudeaux Date: Tue, 19 Apr 2022 12:13:12 +0000 Subject: [PATCH] Qt 6.3.0 OBS-URL: https://build.opensuse.org/package/show/KDE:Qt6/qt6-webengine?expand=0&rev=12 --- 0001-Find-GIO-with-QtBase-6.2.patch | 41 +++++++ 0001-Fix-build-with-glibc-2.34.patch | 22 ---- CVE-2022-0971-qtwebengine-5.15.patch | 157 ------------------------ CVE-2022-1096-qtwebengine-6.2.patch | 33 ----- _constraints | 15 +-- qt6-webengine.changes | 23 ++++ qt6-webengine.spec | 26 ++-- qtwebengine-everywhere-src-6.2.4.tar.xz | 3 - qtwebengine-everywhere-src-6.3.0.tar.xz | 3 + qtwebengine-icu70.patch | 33 +++++ sandbox-statx-futex_time64.patch | 39 ------ 11 files changed, 112 insertions(+), 283 deletions(-) create mode 100644 0001-Find-GIO-with-QtBase-6.2.patch delete mode 100644 0001-Fix-build-with-glibc-2.34.patch delete mode 100644 CVE-2022-0971-qtwebengine-5.15.patch delete mode 100644 CVE-2022-1096-qtwebengine-6.2.patch delete mode 100644 qtwebengine-everywhere-src-6.2.4.tar.xz create mode 100644 qtwebengine-everywhere-src-6.3.0.tar.xz create mode 100644 qtwebengine-icu70.patch delete mode 100644 sandbox-statx-futex_time64.patch diff --git a/0001-Find-GIO-with-QtBase-6.2.patch b/0001-Find-GIO-with-QtBase-6.2.patch new file mode 100644 index 0000000..55d3f42 --- /dev/null +++ b/0001-Find-GIO-with-QtBase-6.2.patch @@ -0,0 +1,41 @@ +From 7c112f5c613cfc8a93ca3d85ccdab7a38b82a3c3 Mon Sep 17 00:00:00 2001 +From: Allan Sandfeld Jensen +Date: Thu, 3 Feb 2022 15:03:22 +0100 +Subject: [PATCH] Find GIO with QtBase 6.2 + +GLIB2 doesn't find GIO with Qt 6.2, so try adding a fallback. + +Pick-to: 6.3 +Task-number: QTBUG-100435 +Change-Id: Ic98a7aea07b726dc4f6e76a65669ca92b1916b5c +Reviewed-by: Kirill Burtsev +--- + src/core/api/configure.cmake | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/core/api/configure.cmake b/src/core/api/configure.cmake +index 231eaa8d2..a9dd9eb09 100644 +--- a/src/core/api/configure.cmake ++++ b/src/core/api/configure.cmake +@@ -8,6 +8,9 @@ if(NOT QT_CONFIGURE_RUNNING) + pkg_check_modules(ALSA alsa IMPORTED_TARGET) + pkg_check_modules(PULSEAUDIO libpulse>=0.9.10 libpulse-mainloop-glib) + pkg_check_modules(XDAMAGE xdamage) ++ if(NOT GIO_FOUND) ++ pkg_check_modules(GIO gio-2.0) ++ endif() + endif() + + find_package(Qt6 ${PROJECT_VERSION} CONFIG QUIET +@@ -111,7 +114,7 @@ qt_feature("webengine-webrtc-pipewire" PRIVATE + LABEL "PipeWire over GIO" + PURPOSE "Provides PipeWire support in WebRTC using GIO." + AUTODETECT false +- CONDITION QT_FEATURE_webengine_webrtc AND TARGET GLIB2::GIO ++ CONDITION QT_FEATURE_webengine_webrtc AND GIO_FOUND + ) + qt_feature("webengine-full-debug-info" PRIVATE + SECTION "WebEngine" +-- +2.35.1 + diff --git a/0001-Fix-build-with-glibc-2.34.patch b/0001-Fix-build-with-glibc-2.34.patch deleted file mode 100644 index 8f90f4e..0000000 --- a/0001-Fix-build-with-glibc-2.34.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 6dc7ed884091eb373f72d53f2b87371cd899378e Mon Sep 17 00:00:00 2001 -From: Christophe Giboudeaux -Date: Wed, 11 Aug 2021 11:39:59 +0200 -Subject: [PATCH] Fix build with glibc 2.34 - -diff --git a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc -index d7b5d8c4413..a62cb21bd7a 100644 ---- a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc -+++ b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc -@@ -98,7 +98,9 @@ bool ChrootToSafeEmptyDir() { - // attempt this optimization. - clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS; - -- char tls_buf[PTHREAD_STACK_MIN] = {0}; -+ const std::size_t pthread_stack_min = PTHREAD_STACK_MIN; -+ char tls_buf[pthread_stack_min]; -+ memset(tls_buf, 0, pthread_stack_min); - tls = tls_buf; - #endif - --- -2.32.0 diff --git a/CVE-2022-0971-qtwebengine-5.15.patch b/CVE-2022-0971-qtwebengine-5.15.patch deleted file mode 100644 index 55d527c..0000000 --- a/CVE-2022-0971-qtwebengine-5.15.patch +++ /dev/null @@ -1,157 +0,0 @@ -From d13d0924c4e18ecc4b79adf0fec142ee9a9eaa14 Mon Sep 17 00:00:00 2001 -From: "liberato@chromium.org" -Date: Mon, 7 Mar 2022 20:17:13 +0000 -Subject: [Backport] CVE-2022-0971 - -Don't use a deleted RenderFrameHost. - -Since we do not check for frame liveness, a RenderFrameHost might be -deleted (in the use-after-free sense) without another call to -RenderFrameDeleted. So, WeakPtr it to avoid these cases. - -Bug: 1299422 - -Task-number: QTBUG-101946 -Change-Id: Ie4fe85f88ef80f4e4c3d0452397c0e5050ed881c -Reviewed-by: Allan Sandfeld Jensen ---- - .../display_cutout/display_cutout_host_impl.cc | 29 +++++++++++++--------- - .../display_cutout/display_cutout_host_impl.h | 10 ++++++-- - 2 files changed, 25 insertions(+), 14 deletions(-) - -diff --git a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc -index 1640ec83489..8f89cc24b5f 100644 ---- a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc -+++ b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc -@@ -5,6 +5,7 @@ - #include "content/browser/display_cutout/display_cutout_host_impl.h" - - #include "content/browser/display_cutout/display_cutout_constants.h" -+#include "content/browser/renderer_host/render_frame_host_impl.h" - #include "content/browser/web_contents/web_contents_impl.h" - #include "content/public/browser/navigation_handle.h" - #include "mojo/public/cpp/bindings/associated_remote.h" -@@ -33,7 +34,7 @@ void DisplayCutoutHostImpl::ViewportFitChangedForFrame( - - // If we are the current |RenderFrameHost| frame then notify - // WebContentsObservers about the new value. -- if (current_rfh_ == rfh) -+ if (current_rfh_.get() == rfh) - web_contents_impl_->NotifyViewportFitChanged(value); - - MaybeQueueUKMEvent(rfh); -@@ -60,7 +61,9 @@ void DisplayCutoutHostImpl::DidFinishNavigation( - - // If we finish a main frame navigation and the |WebDisplayMode| is - // fullscreen then we should make the main frame the current -- // |RenderFrameHost|. -+ // |RenderFrameHost|. Note that this is probably not correct; we do not check -+ // that the navigation completed successfully, nor do we check if the main -+ // frame is still IsRenderFrameLive(). - blink::mojom::DisplayMode mode = web_contents_impl_->GetDisplayMode(); - if (mode == blink::mojom::DisplayMode::kFullscreen) - SetCurrentRenderFrameHost(web_contents_impl_->GetMainFrame()); -@@ -70,7 +73,7 @@ void DisplayCutoutHostImpl::RenderFrameDeleted(RenderFrameHost* rfh) { - values_.erase(rfh); - - // If we were the current |RenderFrameHost| then we should clear that. -- if (current_rfh_ == rfh) -+ if (current_rfh_.get() == rfh) - SetCurrentRenderFrameHost(nullptr); - } - -@@ -87,7 +90,7 @@ void DisplayCutoutHostImpl::SetDisplayCutoutSafeArea(gfx::Insets insets) { - insets_ = insets; - - if (current_rfh_) -- SendSafeAreaToFrame(current_rfh_, insets); -+ SendSafeAreaToFrame(current_rfh_.get(), insets); - - // If we have a pending UKM event on the top of the stack that is |kAllowed| - // and we have a |current_rfh_| then we should update that UKM event as it -@@ -100,26 +103,28 @@ void DisplayCutoutHostImpl::SetDisplayCutoutSafeArea(gfx::Insets insets) { - } - - void DisplayCutoutHostImpl::SetCurrentRenderFrameHost(RenderFrameHost* rfh) { -- if (current_rfh_ == rfh) -+ if (current_rfh_.get() == rfh) - return; - - // If we had a previous frame then we should clear the insets on that frame. - if (current_rfh_) -- SendSafeAreaToFrame(current_rfh_, gfx::Insets()); -- -- // Update the |current_rfh_| with the new frame. -- current_rfh_ = rfh; -+ SendSafeAreaToFrame(current_rfh_.get(), gfx::Insets()); - - // If the new RenderFrameHost is nullptr we should stop here and notify - // observers that the new viewport fit is kAuto (the default). - if (!rfh) { -+ current_rfh_ = nullptr; - web_contents_impl_->NotifyViewportFitChanged( - blink::mojom::ViewportFit::kAuto); - return; - } - -+ -+ // Update the |current_rfh_| with the new frame. -+ current_rfh_ = static_cast(rfh)->GetWeakPtr(); -+ - // Record a UKM event for the new frame. -- MaybeQueueUKMEvent(current_rfh_); -+ MaybeQueueUKMEvent(current_rfh_.get()); - - // Send the current safe area to the new frame. - SendSafeAreaToFrame(rfh, insets_); -@@ -159,11 +164,11 @@ void DisplayCutoutHostImpl::MaybeQueueUKMEvent(RenderFrameHost* frame) { - blink::mojom::ViewportFit supplied_value = GetValueOrDefault(frame); - if (supplied_value == blink::mojom::ViewportFit::kAuto) - return; -- blink::mojom::ViewportFit applied_value = GetValueOrDefault(current_rfh_); -+ blink::mojom::ViewportFit applied_value = GetValueOrDefault(current_rfh_.get()); - - // Set the reason why this frame is not the current frame. - int ignored_reason = DisplayCutoutIgnoredReason::kAllowed; -- if (current_rfh_ != frame) { -+ if (current_rfh_.get() != frame) { - ignored_reason = - current_rfh_ == nullptr - ? DisplayCutoutIgnoredReason::kWebContentsNotFullscreen -diff --git a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h -index 56081029df0..2477a4bcd7d 100644 ---- a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h -+++ b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h -@@ -5,12 +5,15 @@ - #ifndef CONTENT_BROWSER_DISPLAY_CUTOUT_DISPLAY_CUTOUT_HOST_IMPL_H_ - #define CONTENT_BROWSER_DISPLAY_CUTOUT_DISPLAY_CUTOUT_HOST_IMPL_H_ - -+#include "base/memory/weak_ptr.h" - #include "content/public/browser/web_contents_observer.h" - #include "content/public/browser/web_contents_receiver_set.h" - #include "third_party/blink/public/mojom/page/display_cutout.mojom.h" - - namespace content { - -+class RenderFrameHostImpl; -+ - class DisplayCutoutHostImpl : public blink::mojom::DisplayCutoutHost { - public: - explicit DisplayCutoutHostImpl(WebContentsImpl*); -@@ -74,8 +77,11 @@ class DisplayCutoutHostImpl : public blink::mojom::DisplayCutoutHost { - gfx::Insets insets_; - - // Stores the current |RenderFrameHost| that has the applied safe area insets -- // and is controlling the viewport fit value. -- RenderFrameHost* current_rfh_ = nullptr; -+ // and is controlling the viewport fit value. This value is different than -+ // `WebContentsImpl::current_fullscreen_frame_` because it also considers -+ // browser side driven fullscreen mode, not just renderer side requested -+ // frames. -+ base::WeakPtr current_rfh_; - - // Stores a map of RenderFrameHosts and their current viewport fit values. - std::map values_; --- -cgit v1.2.1 - diff --git a/CVE-2022-1096-qtwebengine-6.2.patch b/CVE-2022-1096-qtwebengine-6.2.patch deleted file mode 100644 index 760b85d..0000000 --- a/CVE-2022-1096-qtwebengine-6.2.patch +++ /dev/null @@ -1,33 +0,0 @@ -From: Allan Sandfeld Jensen -Date: Tue, 29 Mar 2022 17:31:58 +0200 -Subject: [Backport] CVE-2022-1096 - -[runtime] Fix handling of interceptors - ---- a/src/3rdparty/chromium/v8/src/objects/objects.cc -+++ b/src/3rdparty/chromium/v8/src/objects/objects.cc -@@ -2513,6 +2513,12 @@ Maybe Object::SetPropertyInternal(LookupIterator* it, - Maybe result = - JSObject::SetPropertyWithInterceptor(it, should_throw, value); - if (result.IsNothing() || result.FromJust()) return result; -+ // Assuming that the callback have side effects, we use -+ // Object::SetSuperProperty() which works properly regardless on -+ // whether the property was present on the receiver or not when -+ // storing to the receiver. -+ // Proceed lookup from the next state. -+ it->Next(); - } else { - Maybe maybe_attributes = - JSObject::GetPropertyAttributesWithInterceptor(it); -@@ -2533,10 +2539,8 @@ Maybe Object::SetPropertyInternal(LookupIterator* it, - // property to the receiver. - it->NotFound(); - } -- return Object::SetSuperProperty(it, value, store_origin, -- should_throw); - } -- break; -+ return Object::SetSuperProperty(it, value, store_origin, should_throw); - } - - case LookupIterator::ACCESSOR: { diff --git a/_constraints b/_constraints index 1acd936..6e99c86 100644 --- a/_constraints +++ b/_constraints @@ -26,28 +26,17 @@ - - - armv6l - armv7l - - - - 10 - - - qt6-webengine:docs - 7 + 2 2 - \ No newline at end of file + diff --git a/qt6-webengine.changes b/qt6-webengine.changes index 494d281..cda8ea9 100644 --- a/qt6-webengine.changes +++ b/qt6-webengine.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Apr 8 11:57:03 UTC 2022 - Christophe Giboudeaux + +- Update to 6.3.0: + * https://www.qt.io/blog/qt-6.3-released +- Drop patches, now upstream: + * CVE-2022-0971-qtwebengine-5.15.patch + * CVE-2022-1096-qtwebengine-6.2.patch + ------------------------------------------------------------------- Mon Apr 4 20:41:16 UTC 2022 - Christophe Giboudeaux @@ -5,6 +14,20 @@ Mon Apr 4 20:41:16 UTC 2022 - Christophe Giboudeaux * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-6.2.patch (CVE-2022-1096, boo#1197552) +------------------------------------------------------------------- +Tue Mar 29 12:28:44 UTC 2022 - Christophe Giboudeaux + +- Update to 6.3.0-rc +- Drop patches, fixed upstream: + * Drop sandbox-statx-futex_time64.patch + * 0001-Fix-build-with-glibc-2.34.patch +- Add upstream changes: + * qtwebengine-icu70.patch + * 0001-Find-GIO-with-QtBase-6.2.patch +- Disable build on 32 bits archs (i586, armv7l) + Build fails (QTBUG-102143) and upstream doesn't support 32 bits + archs. + ------------------------------------------------------------------- Mon Mar 21 08:46:39 UTC 2022 - Christophe Giboudeaux diff --git a/qt6-webengine.spec b/qt6-webengine.spec index 800a064..4525bfb 100644 --- a/qt6-webengine.spec +++ b/qt6-webengine.spec @@ -16,8 +16,8 @@ # -%define real_version 6.2.4 -%define short_version 6.2 +%define real_version 6.3.0 +%define short_version 6.3 %define tar_name qtwebengine-everywhere-src %define tar_suffix %{nil} # @@ -42,7 +42,7 @@ %bcond_without system_minizip # Name: qt6-webengine%{?pkg_suffix} -Version: 6.2.4 +Version: 6.3.0 Release: 0 Summary: Web browser engine for Qt applications License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only @@ -50,21 +50,19 @@ URL: https://www.qt.io Source: https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz Source99: qt6-webengine-rpmlintrc # Patches 0-100 are upstream patches # -Patch0: CVE-2022-0971-qtwebengine-5.15.patch -Patch1: CVE-2022-1096-qtwebengine-6.2.patch +Patch0: qtwebengine-icu70.patch +Patch1: 0001-Find-GIO-with-QtBase-6.2.patch # Patches 100-200 are openSUSE and/or non-upstream(able) patches # Patch100: rtc-dont-use-h264.patch -Patch101: sandbox-statx-futex_time64.patch -# PATCH-FIX-UPSTREAM -Patch102: 0001-Fix-build-with-glibc-2.34.patch # PATCH-FIX-OPENSUSE -- disable-gpu-when-using-nouveau-boo-1005323.diff # PATCH-NEEDS-REBASE %if 0 -Patch103: disable-gpu-when-using-nouveau-boo-1005323.diff +Patch101: disable-gpu-when-using-nouveau-boo-1005323.diff %endif # -# Chromium/blink don't support all archs -ExclusiveArch: %{arm} aarch64 %{ix86} x86_64 %{mips} %{riscv} +# Chromium/blink don't support PowerPC and zSystems and build fails on +# 32 bits archs (https://bugreports.qt.io/browse/QTBUG-102143) +ExclusiveArch: aarch64 x86_64 riscv64 BuildRequires: Mesa-KHR-devel BuildRequires: bison # Not pulled automatically on Leap @@ -75,17 +73,13 @@ BuildRequires: krb5-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel >= 1.6.0 BuildRequires: memory-constraints -# nodejs-default doesn't exist on Leap 15.2 -%if 0%{?suse_version} == 1500 && 0%{?sle_version} == 150200 -BuildRequires: nodejs-common -%else BuildRequires: nodejs-default -%endif BuildRequires: pipewire-devel BuildRequires: pkgconfig BuildRequires: python BuildRequires: python-devel BuildRequires: python-xml +BuildRequires: python3-html5lib BuildRequires: qt6-core-private-devel BuildRequires: qt6-gui-private-devel BuildRequires: qt6-qml-private-devel diff --git a/qtwebengine-everywhere-src-6.2.4.tar.xz b/qtwebengine-everywhere-src-6.2.4.tar.xz deleted file mode 100644 index 29f5cd1..0000000 --- a/qtwebengine-everywhere-src-6.2.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2e3e96b7a0335b1f683fecf8863ff2930b1bed4df00ce2ff064fa26d0a49e2b1 -size 369689936 diff --git a/qtwebengine-everywhere-src-6.3.0.tar.xz b/qtwebengine-everywhere-src-6.3.0.tar.xz new file mode 100644 index 0000000..e976f9b --- /dev/null +++ b/qtwebengine-everywhere-src-6.3.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2001b45dd81dcb7ad1bc6cf1aa32f2eca5367a11fed49656053c75676c4d093d +size 398524616 diff --git a/qtwebengine-icu70.patch b/qtwebengine-icu70.patch new file mode 100644 index 0000000..6bf310e --- /dev/null +++ b/qtwebengine-icu70.patch @@ -0,0 +1,33 @@ +From 75f0f4eb1e4f2823c39fe27137f78ac2c10bc293 Mon Sep 17 00:00:00 2001 +From: Kirill Burtsev +Date: Thu, 31 Mar 2022 19:45:39 +0200 +Subject: [PATCH] [FIXUP] Fix compilation with system ICU + +As of chromium 92.0.4480.0 after a set of fixes ending with a +https://chromium-review.googlesource.com/c/chromium/src/+/2830820 +the need to override UCHAR_TYPE was dropped with the result that +codebase is ready for default 'char16_t'. Override was already dropped +for 98-based, which already builds fine for system ICU 70.1 + +Task-number: QTBUG-100495 +Change-Id: I0e6d422f77b77015840647b52247f51736dd8a41 +Reviewed-by: Allan Sandfeld Jensen +--- + +diff --git a/src/3rdparty/chromium/third_party/icu/BUILD.gn b/src/3rdparty/chromium/third_party/icu/BUILD.gn +index d5b1361..269de02 100644 +--- a/src/3rdparty/chromium/third_party/icu/BUILD.gn ++++ b/src/3rdparty/chromium/third_party/icu/BUILD.gn +@@ -410,12 +410,6 @@ + "USING_SYSTEM_ICU=1", + "ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC", + ] +- +- if (is_win) { +- defines += [ "UCHAR_TYPE=wchar_t" ] +- } else { +- defines += [ "UCHAR_TYPE=uint16_t" ] +- } + } + + if (use_system_icu) { diff --git a/sandbox-statx-futex_time64.patch b/sandbox-statx-futex_time64.patch deleted file mode 100644 index 006c684..0000000 --- a/sandbox-statx-futex_time64.patch +++ /dev/null @@ -1,39 +0,0 @@ -From: Fabian Vogt -Subject: Sandbox: Handle statx and futex_time64 - -glibc uses statx in some more places now (e.g stat64 -> __fstatat64_time64), -but it's caught by the sandbox, which doesn't handle it and breaks. -Return -ENOSYS instead to trigger the fallback in glibc. - -futex_time64 is also used internally in glibc, so handle that as well. -The signature is identical where it matters. - -diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -index 6f7768f7d..b3335e2bf 100644 ---- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc -@@ -203,6 +203,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, - if (sysno == __NR_futex) - return RestrictFutex(); - -+#if defined(__NR_futex_time64) -+ if (sysno == __NR_futex_time64) -+ return RestrictFutex(); -+#endif -+ - if (sysno == __NR_set_robust_list) - return Error(EPERM); - -@@ -283,6 +288,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, - return RewriteFstatatSIGSYS(fs_denied_errno); - } - -+#if defined(__NR_statx) -+ if (sysno == __NR_statx) { -+ return Error(ENOSYS); -+ } -+#endif -+ - if (SyscallSets::IsFileSystem(sysno) || - SyscallSets::IsCurrentDirectory(sysno)) { - return Error(fs_denied_errno);