| author | Antonio Rojas
<arojas@archlinux.org> 2019-09-05 08:51:27 UTC |
| committer | Antonio Rojas
<arojas@archlinux.org> 2019-09-05 08:51:27 UTC |
| parent | f91d12877a3d28614ecf28dc8dab4458544b0492 |
| PKGBUILD | +6 | -17 |
| qtbug-76958.patch | +0 | -31 |
| qtwebengine-glibc-2.29.patch | +0 | -105 |
diff --git a/PKGBUILD b/PKGBUILD index a02eb94..c54458b 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -2,9 +2,9 @@ # Contributor: Andrea Scarpino <andrea@archlinux.org> pkgname=qt5-webengine -_qtver=5.13.0 +_qtver=5.13.1 pkgver=${_qtver/-/} -pkgrel=4 +pkgrel=1 arch=('x86_64') url='https://www.qt.io' license=('LGPL3' 'LGPL2.1' 'BSD') @@ -15,26 +15,15 @@ makedepends=('python2' 'gperf' 'jsoncpp' 'ninja' 'qt5-tools' 'poppler') groups=('qt' 'qt5') _pkgfqn="${pkgname/5-/}-everywhere-src-${_qtver}" source=("https://download.qt.io/official_releases/qt/${pkgver%.*}/${_qtver}/submodules/${_pkgfqn}.tar.xz" - qtwebengine-glibc-2.29.patch - qtbug-77037-workaround.patch - qtbug-76913.patch::"https://code.qt.io/cgit/qt/qtwebengine.git/patch/?id=4746bb90" - qtbug-76958.patch) # "https://code.qt.io/cgit/qt/qtwebengine.git/patch/?id=662de14c" -sha256sums=('e0af82ecee1ab41b6732697f667b98b7b0c53164bebcfaad8070e88b2e064efe' - 'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c' - '3e3bb8ecf292e7f249d001db4a4a072ca4ba38f713f496122bd7c73d93d5def9' - '5771af2442d7743ef7c59f0d3716a23985383e2b69ecb4fa9d4ea8e8f7c551fa' - 'eef55340b3ec5f8d1020b7327eda67f86729aaf70107c688deb15083f5ca8fbc') + qtbug-77037-workaround.patch) +sha256sums=('7f12e710b76ff2be4497bf368fc01ecd2419e2e962fb90599b0ece00ae2eb7d0' + '3e3bb8ecf292e7f249d001db4a4a072ca4ba38f713f496122bd7c73d93d5def9') prepare() { mkdir -p build cd ${_pkgfqn} - patch -p1 -i ../qtbug-76913.patch # Fix crashes on media-heavy sites - patch -p1 -i ../qtbug-76958.patch # Fix crash when loading tabs on the background - patch -p1 -i ../qtbug-77037-workaround.patch # Link to pulseaudio to avoid header mismatch - - cd src/3rdparty/chromium - patch -p1 -i "$srcdir"/qtwebengine-glibc-2.29.patch # Fix PPAPI plugins with glibc 2.29 + patch -p1 -i "$srcdir"/qtbug-77037-workaround.patch # Fix build with pulseaudio 13 } build() { diff --git a/qtbug-76958.patch b/qtbug-76958.patch deleted file mode 100644 index b57003b..0000000 --- a/qtbug-76958.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff --git a/src/core/web_contents_adapter.cpp b/src/core/web_contents_adapter.cpp -index c4f4591e..dc005b62 100644 ---- a/src/core/web_contents_adapter.cpp -+++ b/src/core/web_contents_adapter.cpp -@@ -671,19 +671,23 @@ void WebContentsAdapter::load(const QWebEngineHttpRequest &request) - } - } - -- auto navigate = [](WebContentsAdapter *adapter, const content::NavigationController::LoadURLParams ¶ms) { -+ auto navigate = [](QWeakPointer<WebContentsAdapter> weakAdapter, const content::NavigationController::LoadURLParams ¶ms) { -+ WebContentsAdapter *adapter = weakAdapter.data(); -+ if (!adapter) -+ return; - adapter->webContents()->GetController().LoadURLWithParams(params); - // Follow chrome::Navigate and invalidate the URL immediately. - adapter->m_webContentsDelegate->NavigationStateChanged(adapter->webContents(), content::INVALIDATE_TYPE_URL); - adapter->focusIfNecessary(); - }; - -+ QWeakPointer<WebContentsAdapter> weakThis(sharedFromThis()); - if (resizeNeeded) { - // Schedule navigation on the event loop. - base::PostTaskWithTraits(FROM_HERE, {content::BrowserThread::UI}, -- base::BindOnce(navigate, this, std::move(params))); -+ base::BindOnce(navigate, std::move(weakThis), std::move(params))); - } else { -- navigate(this, params); -+ navigate(std::move(weakThis), params); - } - } - diff --git a/qtwebengine-glibc-2.29.patch b/qtwebengine-glibc-2.29.patch deleted file mode 100644 index 11d9cb9..0000000 --- a/qtwebengine-glibc-2.29.patch +++ /dev/null @@ -1,105 +0,0 @@ -From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001 -From: Matthew Denton <mpdenton@chromium.org> -Date: Wed, 24 Apr 2019 15:44:40 +0000 -Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM - posix_spawn/vfork - -Glibc's system() function switched to using posix_spawn, which uses -CLONE_VFORK. Pepperflash includes a sandbox debugging check which -relies on us EPERM-ing process creation like this, rather than crashing -the process with SIGSYS. - -So whitelist clone() calls, like posix_spawn, that include the flags -CLONE_VFORK and CLONE_VM. - -Bug: 949312 -Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20 -Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086 -Commit-Queue: Robert Sesek <rsesek@chromium.org> -Reviewed-by: Robert Sesek <rsesek@chromium.org> -Cr-Commit-Position: refs/heads/master@{#653590} ---- - .../baseline_policy_unittest.cc | 29 +++++++++++++++++++ - .../syscall_parameters_restrictions.cc | 13 +++++++-- - 2 files changed, 40 insertions(+), 2 deletions(-) - -diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -index cdeb210ccb..40fcebf933 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -@@ -10,7 +10,9 @@ - #include <sched.h> - #include <signal.h> - #include <stddef.h> -+#include <stdlib.h> - #include <string.h> -+#include <sys/mman.h> - #include <sys/prctl.h> - #include <sys/resource.h> - #include <sys/socket.h> -@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) { - BPF_ASSERT_EQ(EPERM, fork_errno); - } - -+BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) { -+ errno = 0; -+ int ret_val = system("echo SHOULD NEVER RUN"); -+ BPF_ASSERT_EQ(-1, ret_val); -+ BPF_ASSERT_EQ(EPERM, errno); -+} -+ -+BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) { -+ errno = 0; -+ // Allocate a couple pages for the child's stack even though the child should -+ // never start. -+ constexpr size_t kStackSize = 4096 * 4; -+ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE, -+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); -+ BPF_ASSERT_NE(child_stack, nullptr); -+ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD, -+ static_cast<char*>(child_stack) + kStackSize, nullptr, -+ nullptr, nullptr); -+ const int clone_errno = errno; -+ TestUtils::HandlePostForkReturn(pid); -+ -+ munmap(child_stack, kStackSize); -+ -+ BPF_ASSERT_EQ(-1, pid); -+ BPF_ASSERT_EQ(EPERM, clone_errno); -+} -+ - BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) { - base::Thread thread("sandbox_tests"); - BPF_ASSERT(thread.Start()); -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -index 100afe50e3..348ab6e8c5 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -@@ -135,7 +135,8 @@ namespace sandbox { - #if !defined(OS_NACL_NONSFI) - // Allow Glibc's and Android pthread creation flags, crash on any other - // thread creation attempts and EPERM attempts to use neither --// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. -+// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is -+// present (as in newer versions of posix_spawn). - ResultExpr RestrictCloneToThreadsAndEPERMFork() { - const Arg<unsigned long> flags(0); - -@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() { - AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask, - flags == kGlibcPthreadFlags); - -+ // The following two flags are the two important flags in any vfork-emulating -+ // clone call. EPERM any clone call that contains both of them. -+ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM; -+ -+ const BoolExpr is_fork_or_clone_vfork = -+ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0, -+ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags); -+ - return If(IsAndroid() ? android_test : glibc_test, Allow()) -- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM)) -+ .ElseIf(is_fork_or_clone_vfork, Error(EPERM)) - .Else(CrashSIGSYSClone()); - } -