12:52 a.m.
commit f4c42624b1c34a558d143e702f0228abb9cb7e54
Author: Kevin Kofler <kevin.kofler(a)chello.at>
Date: Sun Jan 24 01:52:05 2021 +0100
Sync patches and specfile fixes from Fedora
* Sun Jan 24 2021 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 5.15.2-2
- Fix missing #includes for gcc-11 (patch by Jeff Law)
- Add missing BuildRequires: make
- Fix sandbox issue breaking text rendering with glibc 2.33 (rh#1904652)
- Reenable system ICU on F33+, ICU 67 supported since 5.15.1 according to Debian
- Fix sandbox issue on 32-bit architectures with glibc >= 2.31 (from Debian)
qt5-qtwebengine-freeworld.spec | 21 ++-
qtwebengine-everywhere-src-5.15.2-#1904652.patch | 141 +++++++++++++++++++++
...ywhere-src-5.15.2-sandbox-time64-syscalls.patch | 89 +++++++++++++
qtwebengine-gcc11.patch | 52 ++++++++
4 files changed, 301 insertions(+), 2 deletions(-)
---
diff --git a/qt5-qtwebengine-freeworld.spec b/qt5-qtwebengine-freeworld.spec
index 313b789..a4cdcb4 100644
--- a/qt5-qtwebengine-freeworld.spec
+++ b/qt5-qtwebengine-freeworld.spec
@@ -19,7 +19,7 @@
%global use_system_ffmpeg 1
%endif
-%if 0%{?fedora} > 31 && 0%{?fedora} < 33
+%if 0%{?fedora} > 31
# need libicu >= 64, only currently available on f32+
%global use_system_libicu 1
%endif
@@ -47,7 +47,7 @@
Summary: Qt5 - QtWebEngine components (freeworld version)
Name: qt5-qtwebengine-freeworld
Version: 5.15.2
-Release: 1%{?dist}
+Release: 2%{?dist}
%global major_minor %(echo %{version} | cut -d. -f-2)
%global major %(echo %{version} | cut -d. -f1)
@@ -87,6 +87,12 @@ Patch21: qtwebengine-everywhere-src-5.12.0-gn-bootstrap-verbose.patch
Patch24: qtwebengine-everywhere-src-5.11.3-aarch64-new-stat.patch
# Use Python2
Patch26: qtwebengine-everywhere-5.13.2-use-python2.patch
+# Missing #includes for gcc-11
+Patch27: qtwebengine-gcc11.patch
+# Fix sandbox issue breaking text rendering with glibc >= 2.33 (#1904652)
+Patch28: qtwebengine-everywhere-src-5.15.2-#1904652.patch
+# Fix sandbox issue on 32-bit architectures with glibc >= 2.31 (from Debian)
+Patch29: qtwebengine-everywhere-src-5.15.2-sandbox-time64-syscalls.patch
## Upstream patches:
# qtwebengine-chromium
@@ -98,6 +104,7 @@ ExclusiveArch: %{ix86} x86_64
ExclusiveArch: %{qt5_qtwebengine_arches}
%endif
+BuildRequires: make
BuildRequires: qt5-qtbase-devel
BuildRequires: qt5-qtbase-private-devel
# TODO: check of = is really needed or if >= would be good enough -- rex
@@ -353,6 +360,9 @@ popd
#patch21 -p1 -b .gn-bootstrap-verbose
%patch24 -p1 -b .aarch64-new-stat
%patch26 -p1 -b .use-python2
+%patch27 -p1 -b .gcc11
+%patch28 -p1 -b .rh#1904652
+%patch29 -p1 -b .sandbox-time64-syscalls
# the xkbcommon config/feature was renamed in 5.12, so need to adjust QT_CONFIG
references
# when building on older Qt releases
@@ -447,6 +457,13 @@ echo "%{_libdir}/%{name}" \
%changelog
+* Sun Jan 24 2021 Kevin Kofler <Kevin(a)tigcc.ticalc.org> - 5.15.2-2
+- Fix missing #includes for gcc-11 (patch by Jeff Law)
+- Add missing BuildRequires: make
+- Fix sandbox issue breaking text rendering with glibc 2.33 (rh#1904652)
+- Reenable system ICU on F33+, ICU 67 supported since 5.15.1 according to Debian
+- Fix sandbox issue on 32-bit architectures with glibc >= 2.31 (from Debian)
+
* Sat Nov 28 2020 Rex Dieter <rdieter(a)fedoraproject.org> - 5.15.2-1
- 5.15.2
diff --git a/qtwebengine-everywhere-src-5.15.2-#1904652.patch
b/qtwebengine-everywhere-src-5.15.2-#1904652.patch
new file mode 100644
index 0000000..28a60ad
--- /dev/null
+++ b/qtwebengine-everywhere-src-5.15.2-#1904652.patch
@@ -0,0 +1,141 @@
+diff -ur
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+---
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2020-11-07
02:22:36.000000000 +0100
++++
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-20
02:14:53.066223906 +0100
+@@ -248,6 +248,18 @@
+ return RestrictKillTarget(current_pid, sysno);
+ }
+
++#if defined(__NR_newfstatat)
++ if (sysno == __NR_newfstatat) {
++ return RewriteFstatatSIGSYS();
++ }
++#endif
++
++#if defined(__NR_fstatat64)
++ if (sysno == __NR_fstatat64) {
++ return RewriteFstatatSIGSYS();
++ }
++#endif
++
+ if (SyscallSets::IsFileSystem(sysno) ||
+ SyscallSets::IsCurrentDirectory(sysno)) {
+ return Error(fs_denied_errno);
+diff -ur
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+---
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2020-11-07
02:22:36.000000000 +0100
++++
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-22
19:02:55.651668257 +0100
+@@ -6,6 +6,8 @@
+
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+
++#include <errno.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <sys/syscall.h>
+@@ -353,6 +355,35 @@
+ return -ENOSYS;
+ }
+
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* aux) {
++ switch (args.nr) {
++#if defined(__NR_newfstatat)
++ case __NR_newfstatat:
++#endif
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
++#endif
++#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
++ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
++ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
++ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
++ reinterpret_cast<struct stat64
*>(args.args[2]));
++ } else {
++ errno = EACCES;
++ return -1;
++ }
++ break;
++#endif
++ }
++
++ CrashSIGSYS_Handler(args, aux);
++
++ // Should never be reached.
++ RAW_CHECK(false);
++ return -ENOSYS;
++}
++
+ bpf_dsl::ResultExpr CrashSIGSYS() {
+ return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
+ }
+@@ -385,6 +416,10 @@
+ return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+ }
+
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
++ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
++}
++
+ void AllocateCrashKeys() {
+ #if !defined(OS_NACL_NONSFI)
+ if (seccomp_crash_key)
+diff -ur
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+---
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2020-11-07
02:22:36.000000000 +0100
++++
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-20
02:11:04.583714199 +0100
+@@ -62,6 +62,10 @@
+ // sched_setparam(), sched_setscheduler()
+ SANDBOX_EXPORT intptr_t
+ SIGSYSSchedHandler(const struct arch_seccomp_data& args, void* aux);
++// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
++// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
++SANDBOX_EXPORT intptr_t
++ SIGSYSFstatatHandler(const struct arch_seccomp_data& args, void* aux);
+
+ // Variants of the above functions for use with bpf_dsl.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
+@@ -72,6 +76,7 @@
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
+
+ // Allocates a crash key so that Seccomp information can be recorded.
+ void AllocateCrashKeys();
+diff -ur
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc
+---
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc 2020-11-07
02:22:36.000000000 +0100
++++
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.cc 2021-01-20
02:41:12.033133269 +0100
+@@ -261,4 +261,13 @@
+
+ #endif // defined(MEMORY_SANITIZER)
+
++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
++{
++#if defined(__NR_fstat64)
++ return syscall(__NR_fstat64, fd, buf);
++#else
++ return syscall(__NR_fstat, fd, buf);
++#endif
++}
++
+ } // namespace sandbox
+diff -ur
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h
+---
qtwebengine-everywhere-src-5.15.2/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h 2020-11-07
02:22:36.000000000 +0100
++++
qtwebengine-everywhere-src-5.15.2-#1904652/src/3rdparty/chromium/sandbox/linux/services/syscall_wrappers.h 2021-01-20
02:40:26.499827829 +0100
+@@ -17,6 +17,7 @@
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +85,9 @@
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Recent glibc rewrites fstat to fstatat.
++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/qtwebengine-everywhere-src-5.15.2-sandbox-time64-syscalls.patch
b/qtwebengine-everywhere-src-5.15.2-sandbox-time64-syscalls.patch
new file mode 100644
index 0000000..6a98dd4
--- /dev/null
+++ b/qtwebengine-everywhere-src-5.15.2-sandbox-time64-syscalls.patch
@@ -0,0 +1,89 @@
+Description: fix seccomp-bpf failures in syscalls 0403, 0407
+ glibc ≥ 2.31 uses these syscalls on 32-bit platforms:
+ .
+ - https://sourceware.org/git/?p=glibc.git;a=commit;h=2e44b10b42d68d98
+ - https://sourceware.org/git/?p=glibc.git;a=commit;h=ec138c67cbda8b58
+Author: Andreas Müller <schnitzeltony(a)gmail.com>
+Forwarded: no
+Last-Update: 2020-09-02
+
+--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -148,7 +148,14 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+ return Allow();
+ #endif
+
+- if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
++ if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep
++#if defined(__NR_clock_gettime64)
++ || sysno == __NR_clock_gettime64
++#endif
++#if defined(__NR_clock_nanosleep_time64)
++ || sysno == __NR_clock_nanosleep_time64
++#endif
++ ) {
+ return RestrictClockID();
+ }
+
+---
a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++
b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -60,6 +60,12 @@ class RestrictClockIdPolicy : public bpf
+ case __NR_clock_gettime:
+ case __NR_clock_getres:
+ case __NR_clock_nanosleep:
++#if defined(__NR_clock_nanosleep_time64)
++ case __NR_clock_nanosleep_time64:
++#endif
++#if defined(__NR_clock_gettime64)
++ case __NR_clock_gettime64:
++#endif
+ return RestrictClockID();
+ default:
+ return Allow();
+--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
++++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+@@ -39,6 +39,12 @@ bool SyscallSets::IsAllowedGettime(int s
+ // filtered by RestrictClokID().
+ case __NR_clock_gettime: // Parameters filtered by RestrictClockID().
+ case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID().
++#if defined(__NR_clock_gettime64)
++ case __NR_clock_gettime64: // Parameters filtered by RestrictClockID().
++#endif
++#if defined(__NR_clock_nanosleep_time64)
++ case __NR_clock_nanosleep_time64: // Parameters filtered by RestrictClockID().
++#endif
+ case __NR_clock_settime: // Privileged.
+ #if defined(__i386__) || \
+ (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+@@ -1385,6 +1385,14 @@
+ #define __NR_memfd_create (__NR_SYSCALL_BASE+385)
+ #endif
+
++#if !defined(__NR_clock_gettime64)
++#define __NR_clock_gettime64 (__NR_SYSCALL_BASE+403)
++#endif
++
++#if !defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep_time64 (__NR_SYSCALL_BASE+407)
++#endif
++
+ // ARM private syscalls.
+ #if !defined(__ARM_NR_BASE)
+ #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+@@ -1433,4 +1433,12 @@
+ #define __NR_memfd_create (__NR_Linux + 354)
+ #endif
+
++#if !defined(__NR_clock_gettime64)
++#define __NR_clock_gettime64 (__NR_Linux + 403)
++#endif
++
++#if !defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep_time64 (__NR_Linux + 407)
++#endif
++
+ #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
diff --git a/qtwebengine-gcc11.patch b/qtwebengine-gcc11.patch
new file mode 100644
index 0000000..f8b2c16
--- /dev/null
+++ b/qtwebengine-gcc11.patch
@@ -0,0 +1,52 @@
+diff --git
a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/containers/string_pool.cc
b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/containers/string_pool.cc
+index fd651958f..1e8d0606c 100644
+---
a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/containers/string_pool.cc
++++
b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/containers/string_pool.cc
+@@ -14,9 +14,9 @@
+ * limitations under the License.
+ */
+
++#include <limits>
+ #include "src/trace_processor/containers/string_pool.h"
+
+-#include <limits>
+
+ #include "perfetto/base/logging.h"
+ #include "perfetto/ext/base/utils.h"
+diff --git a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/db/column.cc
b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/db/column.cc
+index 80dcf5b24..b0037ec34 100644
+--- a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/db/column.cc
++++ b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/db/column.cc
+@@ -14,6 +14,7 @@
+ * limitations under the License.
+ */
+
++#include <limits>
+ #include "src/trace_processor/db/column.h"
+
+ #include "src/trace_processor/db/compare.h"
+diff --git
a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/importers/proto/heap_graph_walker.cc
b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/importers/proto/heap_graph_walker.cc
+index fc9e41558..0e5bd92f4 100644
+---
a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/importers/proto/heap_graph_walker.cc
++++
b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/importers/proto/heap_graph_walker.cc
+@@ -14,6 +14,8 @@
+ * limitations under the License.
+ */
+
++#include <cstddef>
++
+ #include "src/trace_processor/importers/proto/heap_graph_walker.h"
+ #include "perfetto/base/logging.h"
+
+diff --git
a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/types/variadic.cc
b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/types/variadic.cc
+index 837bfeba9..cdd56817d 100644
+--- a/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/types/variadic.cc
++++ b/src/3rdparty/chromium/third_party/perfetto/src/trace_processor/types/variadic.cc
+@@ -14,6 +14,7 @@
+ * limitations under the License.
+ */
+
++#include <limits>
+ #include "src/trace_processor/types/variadic.h"
+
+ namespace perfetto {