diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/webkitgtk-bind-all-fonts.patch | 25 | ||||
-rw-r--r-- | gnu/packages/patches/webkitgtk-canonicalize-paths.patch | 66 |
2 files changed, 0 insertions, 91 deletions
diff --git a/gnu/packages/patches/webkitgtk-bind-all-fonts.patch b/gnu/packages/patches/webkitgtk-bind-all-fonts.patch deleted file mode 100644 index 27013180c4..0000000000 --- a/gnu/packages/patches/webkitgtk-bind-all-fonts.patch +++ /dev/null @@ -1,25 +0,0 @@ -Upstream commit: https://github.com/WebKit/WebKit/commit/31ac354cbeecf866f9a38f7b2f8f59f7975d3f6a - -diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index ecc804663784..8de174be3c0e 100644 ---- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -288,6 +288,7 @@ static void bindFonts(Vector<CString>& args) - const char* homeDir = g_get_home_dir(); - const char* dataDir = g_get_user_data_dir(); - const char* cacheDir = g_get_user_cache_dir(); -+ const char* const * dataDirs = g_get_system_data_dirs(); - - // Configs can include custom dirs but then we have to parse them... - GUniquePtr<char> fontConfig(g_build_filename(configDir, "fontconfig", nullptr)); -@@ -304,6 +305,10 @@ static void bindFonts(Vector<CString>& args) - bindIfExists(args, fontHomeConfigDir.get()); - bindIfExists(args, fontData.get()); - bindIfExists(args, fontHomeData.get()); -+ for (auto* dataDir = dataDirs; dataDir && *dataDir; dataDir++) { -+ GUniquePtr<char> fontDataDir(g_build_filename(*dataDir, "fonts", nullptr)); -+ bindIfExists(args, fontDataDir.get()); -+ } - bindIfExists(args, "/var/cache/fontconfig"); // Used by Debian. - } - diff --git a/gnu/packages/patches/webkitgtk-canonicalize-paths.patch b/gnu/packages/patches/webkitgtk-canonicalize-paths.patch deleted file mode 100644 index 741d534831..0000000000 --- a/gnu/packages/patches/webkitgtk-canonicalize-paths.patch +++ /dev/null @@ -1,66 +0,0 @@ -Upstream commit: https://github.com/WebKit/WebKit/commit/6a87eb254ef57a986a1a6ce9a3a4b66928afeb65 - -diff --git a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -index ecc804663784..a2a1c9d7a4dd 100644 ---- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -@@ -27,7 +27,6 @@ - #include <seccomp.h> - #include <sys/ioctl.h> - #include <sys/mman.h> --#include <unistd.h> - #include <wtf/FileSystem.h> - #include <wtf/UniStdExtras.h> - #include <wtf/glib/GRefPtr.h> -@@ -165,6 +164,15 @@ enum class BindFlags { - Device, - }; - -+static void bindSymlinksRealPath(Vector<CString>& args, const char* path, const char* bindOption = "--ro-bind") -+{ -+ WTF::String realPath = FileSystem::realPath(path); -+ if (path != realPath) { -+ CString rpath = realPath.utf8(); -+ args.appendVector(Vector<CString>({ bindOption, rpath.data(), rpath.data() })); -+ } -+} -+ - static void bindIfExists(Vector<CString>& args, const char* path, BindFlags bindFlags = BindFlags::ReadOnly) - { - if (!path || path[0] == '\0') -@@ -177,7 +185,16 @@ static void bindIfExists(Vector<CString>& args, const char* path, BindFlags bind - bindType = "--ro-bind-try"; - else - bindType = "--bind-try"; -- args.appendVector(Vector<CString>({ bindType, path, path })); -+ -+ // Canonicalize the source path, otherwise a symbolic link could -+ // point to a location outside of the namespace. -+ bindSymlinksRealPath(args, path, bindType); -+ -+ // As /etc is exposed wholesale, do not layer extraneous bind -+ // directives on top, which could fail in the presence of symbolic -+ // links. -+ if (!g_str_has_prefix(path, "/etc/")) -+ args.appendVector(Vector<CString>({ bindType, path, path })); - } - - static void bindDBusSession(Vector<CString>& args, bool allowPortals) -@@ -410,17 +427,6 @@ static void bindV4l(Vector<CString>& args) - })); - } - --static void bindSymlinksRealPath(Vector<CString>& args, const char* path) --{ -- char realPath[PATH_MAX]; -- -- if (realpath(path, realPath) && strcmp(path, realPath)) { -- args.appendVector(Vector<CString>({ -- "--ro-bind", realPath, realPath, -- })); -- } --} -- - // Translate a libseccomp error code into an error message. libseccomp - // mostly returns negative errno values such as -ENOMEM, but some - // standard errno values are used for non-standard purposes where their |