Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libqt5-qtwebengine for openSUSE:Factory checked in at 2025-03-15 16:15:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtwebengine" Sat Mar 15 16:15:14 2025 rev:105 rq:1252804 version:5.15.18 Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes 2025-02-16 22:36:57.459135618 +0100 +++ /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.19136/libqt5-qtwebengine.changes 2025-03-15 16:15:38.526960237 +0100 @@ -1,0 +2,6 @@ +Wed Mar 12 08:39:57 UTC 2025 - Fabian Vogt <fv...@suse.com> + +- Add patch to fix the sandbox on 32-bit x86: + * sandbox_recvmsg.patch + +------------------------------------------------------------------- New: ---- sandbox_recvmsg.patch BETA DEBUG BEGIN: New:- Add patch to fix the sandbox on 32-bit x86: * sandbox_recvmsg.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtwebengine.spec ++++++ --- /var/tmp/diff_new_pack.rzDK7q/_old 2025-03-15 16:15:41.239073434 +0100 +++ /var/tmp/diff_new_pack.rzDK7q/_new 2025-03-15 16:15:41.239073434 +0100 @@ -68,6 +68,8 @@ Patch9: python3.12-imp.patch Patch10: python3.12-six.patch Patch11: python3.13-pipes.patch +# PATCH-FIX-UPSTREAM https://bugreports.qt.io/browse/QTBUG-57709?focusedId=427082#comment-427082 +Patch12: sandbox_recvmsg.patch ### Patch 50-99 are applied conditionally # PATCH-FIX-OPENSUSE -- allow building qtwebengine with ffmpeg5 Patch50: qtwebengine-ffmpeg5.patch @@ -311,6 +313,7 @@ %patch -P9 -p1 %patch -P10 -p1 %patch -P11 -p1 +%patch -P12 -p1 # FFmpeg 5 %if %{with system_ffmpeg} ++++++ sandbox_recvmsg.patch ++++++ From: Allan Sandfeld Jensen Subject: Allow recvfrom and recvmsg on 32-bit x86 >From https://bugreports.qt.io/browse/QTBUG-57709 Edited by fv...@suse.com to include even more stuff. Index: qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc =================================================================== --- qtwebengine-everywhere-src-5.15.18.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +++ qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc @@ -363,7 +363,7 @@ bool SyscallSets::IsAllowedOperationOnFd #endif case __NR_dup3: #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__i386__) case __NR_shutdown: #endif return true; @@ -465,7 +465,7 @@ bool SyscallSets::IsAllowedGetOrModifySo return true; default: #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__i386__) case __NR_socketpair: // We will want to inspect its argument. #endif return false; @@ -483,6 +483,13 @@ bool SyscallSets::IsDeniedGetOrModifySoc case __NR_socket: case __NR_listen: return true; +#elif defined(__i386__) + case __NR_accept4: + case __NR_bind: + case __NR_connect: + case __NR_socket: + case __NR_listen: + return true; #endif default: return false; @@ -575,7 +582,7 @@ bool SyscallSets::IsAllowedGeneralIo(int case __NR_recv: #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__i386__) case __NR_recvfrom: // Could specify source. case __NR_recvmsg: // Could specify source. #endif @@ -590,7 +597,7 @@ bool SyscallSets::IsAllowedGeneralIo(int case __NR_send: #endif #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__i386__) case __NR_sendmsg: // Could specify destination. case __NR_sendto: // Could specify destination. #endif Index: qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc =================================================================== --- qtwebengine-everywhere-src-5.15.18.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -249,7 +249,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de return RestrictPrctl(); #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__i386__) if (sysno == __NR_socketpair) { // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. static_assert(AF_UNIX == PF_UNIX,
