1 |
commit: 58b8abb62752a4d0b7ebb920afc25ce383bbfa45 |
2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Apr 6 17:59:33 2021 +0000 |
4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 30 10:40:24 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/qt.git/commit/?id=58b8abb6 |
7 |
|
8 |
dev-qt/qtwebengine: Add Fedora patch for GLIBC-2.33 |
9 |
|
10 |
(sync with Gentoo ebuild repository) |
11 |
|
12 |
Package-Manager: Portage-3.0.18, Repoman-3.0.3 |
13 |
Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org> |
14 |
|
15 |
.../qtwebengine-5.15.2_p20210406-glibc-2.33.patch | 141 +++++++++++++++++++++ |
16 |
dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild | 1 + |
17 |
2 files changed, 142 insertions(+) |
18 |
|
19 |
diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.15.2_p20210406-glibc-2.33.patch b/dev-qt/qtwebengine/files/qtwebengine-5.15.2_p20210406-glibc-2.33.patch |
20 |
new file mode 100644 |
21 |
index 00000000..cb90428e |
22 |
--- /dev/null |
23 |
+++ b/dev-qt/qtwebengine/files/qtwebengine-5.15.2_p20210406-glibc-2.33.patch |
24 |
@@ -0,0 +1,141 @@ |
25 |
+diff -up b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
26 |
+--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
27 |
++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc |
28 |
+@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de |
29 |
+ return RestrictKillTarget(current_pid, sysno); |
30 |
+ } |
31 |
+ |
32 |
++#if defined(__NR_newfstatat) |
33 |
++ if (sysno == __NR_newfstatat) { |
34 |
++ return RewriteFstatatSIGSYS(); |
35 |
++ } |
36 |
++#endif |
37 |
++ |
38 |
++#if defined(__NR_fstatat64) |
39 |
++ if (sysno == __NR_fstatat64) { |
40 |
++ return RewriteFstatatSIGSYS(); |
41 |
++ } |
42 |
++#endif |
43 |
++ |
44 |
+ if (SyscallSets::IsFileSystem(sysno) || |
45 |
+ SyscallSets::IsCurrentDirectory(sysno)) { |
46 |
+ return Error(fs_denied_errno); |
47 |
+diff -up b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
48 |
+--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
49 |
++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc |
50 |
+@@ -6,6 +6,8 @@ |
51 |
+ |
52 |
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h" |
53 |
+ |
54 |
++#include <errno.h> |
55 |
++#include <fcntl.h> |
56 |
+ #include <stddef.h> |
57 |
+ #include <stdint.h> |
58 |
+ #include <string.h> |
59 |
+@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct |
60 |
+ return -ENOSYS; |
61 |
+ } |
62 |
+ |
63 |
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, |
64 |
++ void* aux) { |
65 |
++ switch (args.nr) { |
66 |
++#if defined(__NR_newfstatat) |
67 |
++ case __NR_newfstatat: |
68 |
++#endif |
69 |
++#if defined(__NR_fstatat64) |
70 |
++ case __NR_fstatat64: |
71 |
++#endif |
72 |
++#if defined(__NR_newfstatat) || defined(__NR_fstatat64) |
73 |
++ if (*reinterpret_cast<const char *>(args.args[1]) == '\0' |
74 |
++ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) { |
75 |
++ return sandbox::sys_fstat64(static_cast<int>(args.args[0]), |
76 |
++ reinterpret_cast<struct stat64 *>(args.args[2])); |
77 |
++ } else { |
78 |
++ errno = EACCES; |
79 |
++ return -1; |
80 |
++ } |
81 |
++ break; |
82 |
++#endif |
83 |
++ } |
84 |
++ |
85 |
++ CrashSIGSYS_Handler(args, aux); |
86 |
++ |
87 |
++ // Should never be reached. |
88 |
++ RAW_CHECK(false); |
89 |
++ return -ENOSYS; |
90 |
++} |
91 |
++ |
92 |
+ bpf_dsl::ResultExpr CrashSIGSYS() { |
93 |
+ return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL); |
94 |
+ } |
95 |
+@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() |
96 |
+ return bpf_dsl::Trap(SIGSYSSchedHandler, NULL); |
97 |
+ } |
98 |
+ |
99 |
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS() { |
100 |
++ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL); |
101 |
++} |
102 |
++ |
103 |
+ void AllocateCrashKeys() { |
104 |
+ #if !defined(OS_NACL_NONSFI) |
105 |
+ if (seccomp_crash_key) |
106 |
+diff -up b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h |
107 |
+--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h |
108 |
++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h |
109 |
+@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail |
110 |
+ // sched_setparam(), sched_setscheduler() |
111 |
+ SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args, |
112 |
+ void* aux); |
113 |
++// If the fstatat syscall is actually a disguised fstat, calls the regular fstat |
114 |
++// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler. |
115 |
++SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, |
116 |
++ void* aux); |
117 |
+ |
118 |
+ // Variants of the above functions for use with bpf_dsl. |
119 |
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS(); |
120 |
+@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash |
121 |
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex(); |
122 |
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace(); |
123 |
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS(); |
124 |
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(); |
125 |
+ |
126 |
+ // Allocates a crash key so that Seccomp information can be recorded. |
127 |
+ void AllocateCrashKeys(); |
128 |
+diff -up b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc |
129 |
+--- a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc |
130 |
++++ b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc |
131 |
+@@ -261,4 +261,13 @@ int sys_sigaction(int signum, |
132 |
+ |
133 |
+ #endif // defined(MEMORY_SANITIZER) |
134 |
+ |
135 |
++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf) |
136 |
++{ |
137 |
++#if defined(__NR_fstat64) |
138 |
++ return syscall(__NR_fstat64, fd, buf); |
139 |
++#else |
140 |
++ return syscall(__NR_fstat, fd, buf); |
141 |
++#endif |
142 |
++} |
143 |
++ |
144 |
+ } // namespace sandbox |
145 |
+diff -up b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h |
146 |
+--- a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h |
147 |
++++ b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h |
148 |
+@@ -17,6 +17,7 @@ struct sock_fprog; |
149 |
+ struct rlimit64; |
150 |
+ struct cap_hdr; |
151 |
+ struct cap_data; |
152 |
++struct stat64; |
153 |
+ |
154 |
+ namespace sandbox { |
155 |
+ |
156 |
+@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig |
157 |
+ const struct sigaction* act, |
158 |
+ struct sigaction* oldact); |
159 |
+ |
160 |
++// Recent glibc rewrites fstat to fstatat. |
161 |
++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf); |
162 |
++ |
163 |
+ } // namespace sandbox |
164 |
+ |
165 |
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_ |
166 |
|
167 |
diff --git a/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild b/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild |
168 |
index 57d3478d..3a092b0f 100644 |
169 |
--- a/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild |
170 |
+++ b/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild |
171 |
@@ -102,6 +102,7 @@ PATCHES=( |
172 |
"${FILESDIR}/${PN}-5.15.0-disable-fatal-warnings.patch" # downstream, bug 695446 |
173 |
"${FILESDIR}/${PN}-5.15.2_p20210224-chromium-87-v8-icu68.patch" # downstream, bug 757606 |
174 |
"${FILESDIR}/${PN}-5.15.2_p20210224-disable-git.patch" # downstream snapshot fix |
175 |
+ "${FILESDIR}/${PN}-5.15.2_p20210406-glibc-2.33.patch" # by Fedora, bug 769989 |
176 |
) |
177 |
|
178 |
pkg_preinst() { |