Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Andreas Sturmlechner <asturm@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/qt:master commit in: dev-qt/qtwebengine/, dev-qt/qtwebengine/files/
Date: Thu, 30 Sep 2021 11:35:32
Message-Id: 1632998424.58b8abb62752a4d0b7ebb920afc25ce383bbfa45.asturm@gentoo
1 commit: 58b8abb62752a4d0b7ebb920afc25ce383bbfa45
2 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3 AuthorDate: Tue Apr 6 17:59:33 2021 +0000
4 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5 CommitDate: Thu Sep 30 10:40:24 2021 +0000
6 URL: https://gitweb.gentoo.org/proj/qt.git/commit/?id=58b8abb6
7
8 dev-qt/qtwebengine: Add Fedora patch for GLIBC-2.33
9
10 (sync with Gentoo ebuild repository)
11
12 Package-Manager: Portage-3.0.18, Repoman-3.0.3
13 Signed-off-by: Andreas Sturmlechner <asturm <AT> gentoo.org>
14
15 .../qtwebengine-5.15.2_p20210406-glibc-2.33.patch | 141 +++++++++++++++++++++
16 dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild | 1 +
17 2 files changed, 142 insertions(+)
18
19 diff --git a/dev-qt/qtwebengine/files/qtwebengine-5.15.2_p20210406-glibc-2.33.patch b/dev-qt/qtwebengine/files/qtwebengine-5.15.2_p20210406-glibc-2.33.patch
20 new file mode 100644
21 index 00000000..cb90428e
22 --- /dev/null
23 +++ b/dev-qt/qtwebengine/files/qtwebengine-5.15.2_p20210406-glibc-2.33.patch
24 @@ -0,0 +1,141 @@
25 +diff -up b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
26 +--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
27 ++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
28 +@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
29 + return RestrictKillTarget(current_pid, sysno);
30 + }
31 +
32 ++#if defined(__NR_newfstatat)
33 ++ if (sysno == __NR_newfstatat) {
34 ++ return RewriteFstatatSIGSYS();
35 ++ }
36 ++#endif
37 ++
38 ++#if defined(__NR_fstatat64)
39 ++ if (sysno == __NR_fstatat64) {
40 ++ return RewriteFstatatSIGSYS();
41 ++ }
42 ++#endif
43 ++
44 + if (SyscallSets::IsFileSystem(sysno) ||
45 + SyscallSets::IsCurrentDirectory(sysno)) {
46 + return Error(fs_denied_errno);
47 +diff -up b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
48 +--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
49 ++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
50 +@@ -6,6 +6,8 @@
51 +
52 + #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
53 +
54 ++#include <errno.h>
55 ++#include <fcntl.h>
56 + #include <stddef.h>
57 + #include <stdint.h>
58 + #include <string.h>
59 +@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
60 + return -ENOSYS;
61 + }
62 +
63 ++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
64 ++ void* aux) {
65 ++ switch (args.nr) {
66 ++#if defined(__NR_newfstatat)
67 ++ case __NR_newfstatat:
68 ++#endif
69 ++#if defined(__NR_fstatat64)
70 ++ case __NR_fstatat64:
71 ++#endif
72 ++#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
73 ++ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
74 ++ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
75 ++ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
76 ++ reinterpret_cast<struct stat64 *>(args.args[2]));
77 ++ } else {
78 ++ errno = EACCES;
79 ++ return -1;
80 ++ }
81 ++ break;
82 ++#endif
83 ++ }
84 ++
85 ++ CrashSIGSYS_Handler(args, aux);
86 ++
87 ++ // Should never be reached.
88 ++ RAW_CHECK(false);
89 ++ return -ENOSYS;
90 ++}
91 ++
92 + bpf_dsl::ResultExpr CrashSIGSYS() {
93 + return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
94 + }
95 +@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
96 + return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
97 + }
98 +
99 ++bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
100 ++ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
101 ++}
102 ++
103 + void AllocateCrashKeys() {
104 + #if !defined(OS_NACL_NONSFI)
105 + if (seccomp_crash_key)
106 +diff -up b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
107 +--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
108 ++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
109 +@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
110 + // sched_setparam(), sched_setscheduler()
111 + SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
112 + void* aux);
113 ++// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
114 ++// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
115 ++SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
116 ++ void* aux);
117 +
118 + // Variants of the above functions for use with bpf_dsl.
119 + SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
120 +@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
121 + SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
122 + SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
123 + SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
124 ++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
125 +
126 + // Allocates a crash key so that Seccomp information can be recorded.
127 + void AllocateCrashKeys();
128 +diff -up b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
129 +--- a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
130 ++++ b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
131 +@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
132 +
133 + #endif // defined(MEMORY_SANITIZER)
134 +
135 ++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
136 ++{
137 ++#if defined(__NR_fstat64)
138 ++ return syscall(__NR_fstat64, fd, buf);
139 ++#else
140 ++ return syscall(__NR_fstat, fd, buf);
141 ++#endif
142 ++}
143 ++
144 + } // namespace sandbox
145 +diff -up b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
146 +--- a/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
147 ++++ b/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
148 +@@ -17,6 +17,7 @@ struct sock_fprog;
149 + struct rlimit64;
150 + struct cap_hdr;
151 + struct cap_data;
152 ++struct stat64;
153 +
154 + namespace sandbox {
155 +
156 +@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
157 + const struct sigaction* act,
158 + struct sigaction* oldact);
159 +
160 ++// Recent glibc rewrites fstat to fstatat.
161 ++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
162 ++
163 + } // namespace sandbox
164 +
165 + #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
166
167 diff --git a/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild b/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild
168 index 57d3478d..3a092b0f 100644
169 --- a/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild
170 +++ b/dev-qt/qtwebengine/qtwebengine-5.15.2.9999.ebuild
171 @@ -102,6 +102,7 @@ PATCHES=(
172 "${FILESDIR}/${PN}-5.15.0-disable-fatal-warnings.patch" # downstream, bug 695446
173 "${FILESDIR}/${PN}-5.15.2_p20210224-chromium-87-v8-icu68.patch" # downstream, bug 757606
174 "${FILESDIR}/${PN}-5.15.2_p20210224-disable-git.patch" # downstream snapshot fix
175 + "${FILESDIR}/${PN}-5.15.2_p20210406-glibc-2.33.patch" # by Fedora, bug 769989
176 )
177
178 pkg_preinst() {
Report Message
Find on MARC Find on Google Groups