From db8825ac9537571f435c9d6d829b9386503efaee Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Tue, 16 Mar 2021 05:49:14 +0000
Subject: [PATCH] extra/qt5-webengine to 5.15.3-3.1

---
 .../0001-ARM-toolchain-fixes.patch            |   4 +-
 .../qt5-webengine/0002-Fix-ARM-skia-ICE.patch |   4 +-
 ...-single_process-flag-in-generate_bin.patch |   4 +-
 ...-bindings-generation-single-threaded.patch |   4 +-
 ...dbox-Aw-snap-for-sycalls-403-and-407.patch | 106 ++++++++++++++++++
 extra/qt5-webengine/PKGBUILD                  |  15 ++-
 6 files changed, 123 insertions(+), 14 deletions(-)
 create mode 100644 extra/qt5-webengine/0005-Fix-sandbox-Aw-snap-for-sycalls-403-and-407.patch

diff --git a/extra/qt5-webengine/0001-ARM-toolchain-fixes.patch b/extra/qt5-webengine/0001-ARM-toolchain-fixes.patch
index 2f6a5f8f6..5cc9035bb 100644
--- a/extra/qt5-webengine/0001-ARM-toolchain-fixes.patch
+++ b/extra/qt5-webengine/0001-ARM-toolchain-fixes.patch
@@ -1,7 +1,7 @@
-From 4883849d717b57e37cc3604ea84b05a7c6da61ee Mon Sep 17 00:00:00 2001
+From 31d769e2673a2bb4cd103bf227b0915db979da6e Mon Sep 17 00:00:00 2001
 From: Kevin Mihelich <kevin@archlinuxarm.org>
 Date: Tue, 4 Jul 2017 11:54:39 -0600
-Subject: [PATCH 1/4] ARM toolchain fixes
+Subject: [PATCH 1/5] ARM toolchain fixes
 
 ---
  chromium/build/toolchain/linux/BUILD.gn | 24 ++++++++++--------------
diff --git a/extra/qt5-webengine/0002-Fix-ARM-skia-ICE.patch b/extra/qt5-webengine/0002-Fix-ARM-skia-ICE.patch
index dbbf82e93..3279b86e1 100644
--- a/extra/qt5-webengine/0002-Fix-ARM-skia-ICE.patch
+++ b/extra/qt5-webengine/0002-Fix-ARM-skia-ICE.patch
@@ -1,7 +1,7 @@
-From 1e418cd6409c847aac319f7fdbeca87d266bf9a8 Mon Sep 17 00:00:00 2001
+From b96db56e06a64d4cd47a8093abf30d156beb57f9 Mon Sep 17 00:00:00 2001
 From: Kevin Mihelich <kevin@archlinuxarm.org>
 Date: Mon, 1 Jul 2019 07:10:36 -0600
-Subject: [PATCH 2/4] Fix ARM skia ICE
+Subject: [PATCH 2/5] Fix ARM skia ICE
 
 ---
  chromium/third_party/skia/third_party/skcms/src/Transform_inl.h | 2 +-
diff --git a/extra/qt5-webengine/0003-bind-gen-Support-single_process-flag-in-generate_bin.patch b/extra/qt5-webengine/0003-bind-gen-Support-single_process-flag-in-generate_bin.patch
index 167434251..96cc678f8 100644
--- a/extra/qt5-webengine/0003-bind-gen-Support-single_process-flag-in-generate_bin.patch
+++ b/extra/qt5-webengine/0003-bind-gen-Support-single_process-flag-in-generate_bin.patch
@@ -1,7 +1,7 @@
-From 5135b1ef537028770aa68d70b93d37829dcf8d99 Mon Sep 17 00:00:00 2001
+From 1d181b50ab2bba4326daecb7721c74912cdbcae5 Mon Sep 17 00:00:00 2001
 From: Yuki Shiino <yukishiino@chromium.org>
 Date: Mon, 5 Oct 2020 11:01:57 +0000
-Subject: [PATCH 3/4] bind-gen: Support --single_process flag in
+Subject: [PATCH 3/5] bind-gen: Support --single_process flag in
  generate_bindings.py
 
 Error messages of generate_bindings.py are often hard to read
diff --git a/extra/qt5-webengine/0004-Run-blink-bindings-generation-single-threaded.patch b/extra/qt5-webengine/0004-Run-blink-bindings-generation-single-threaded.patch
index ccc109e5b..478a1fbb8 100644
--- a/extra/qt5-webengine/0004-Run-blink-bindings-generation-single-threaded.patch
+++ b/extra/qt5-webengine/0004-Run-blink-bindings-generation-single-threaded.patch
@@ -1,7 +1,7 @@
-From 4296fdd6d5d762a4bfcf961522ea64d67cb99eed Mon Sep 17 00:00:00 2001
+From 316bc9db7db2018a51278d5dea52fd26c49e015f Mon Sep 17 00:00:00 2001
 From: Kevin Mihelich <kevin@archlinuxarm.org>
 Date: Tue, 2 Feb 2021 13:58:59 -0700
-Subject: [PATCH 4/4] Run blink bindings generation single threaded
+Subject: [PATCH 4/5] Run blink bindings generation single threaded
 
 When not single threaded this process will eat all the RAM.
 ---
diff --git a/extra/qt5-webengine/0005-Fix-sandbox-Aw-snap-for-sycalls-403-and-407.patch b/extra/qt5-webengine/0005-Fix-sandbox-Aw-snap-for-sycalls-403-and-407.patch
new file mode 100644
index 000000000..a50be9bf3
--- /dev/null
+++ b/extra/qt5-webengine/0005-Fix-sandbox-Aw-snap-for-sycalls-403-and-407.patch
@@ -0,0 +1,106 @@
+From bf3c864c2348b01ba320b7318b9a151ce3326fe7 Mon Sep 17 00:00:00 2001
+From: Kevin Mihelich <kevin@archlinuxarm.org>
+Date: Tue, 2 Feb 2021 13:58:21 -0700
+Subject: [PATCH 5/5] Fix sandbox 'Aw snap' for sycalls 403 and 407
+
+---
+ .../sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 9 ++++++++-
+ .../syscall_parameters_restrictions_unittests.cc         | 6 ++++++
+ .../sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc    | 6 ++++++
+ .../sandbox/linux/system_headers/arm_linux_syscalls.h    | 8 ++++++++
+ .../sandbox/linux/system_headers/mips_linux_syscalls.h   | 8 ++++++++
+ 5 files changed, 36 insertions(+), 1 deletion(-)
+
+diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+index 3c67b124786..e6e989d7b49 100644
+--- a/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -157,7 +157,14 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+     return Allow();
+ #endif
+ 
+-  if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
++  if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep
++#if defined(__NR_clock_gettime64)
++                                  || sysno == __NR_clock_gettime64
++#endif
++#if defined(__NR_clock_nanosleep_time64)
++                                  || sysno == __NR_clock_nanosleep_time64
++#endif
++  ) {
+     return RestrictClockID();
+   }
+ 
+diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index b6c8c637746..81972a9d998 100644
+--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -60,6 +60,12 @@ class RestrictClockIdPolicy : public bpf_dsl::Policy {
+       case __NR_clock_gettime:
+       case __NR_clock_getres:
+       case __NR_clock_nanosleep:
++#if defined(__NR_clock_nanosleep_time64)
++      case __NR_clock_nanosleep_time64:
++#endif
++#if defined(__NR_clock_gettime64)
++      case __NR_clock_gettime64:
++#endif
+         return RestrictClockID();
+       default:
+         return Allow();
+diff --git a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+index d9d18822f67..0db8745cb57 100644
+--- a/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
++++ b/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+@@ -39,6 +39,12 @@ bool SyscallSets::IsAllowedGettime(int sysno) {
+                                 // filtered by RestrictClokID().
+     case __NR_clock_gettime:    // Parameters filtered by RestrictClockID().
+     case __NR_clock_nanosleep:  // Parameters filtered by RestrictClockID().
++#if defined(__NR_clock_gettime64)
++    case __NR_clock_gettime64:  // Parameters filtered by RestrictClockID().
++#endif
++#if defined(__NR_clock_nanosleep_time64)
++    case __NR_clock_nanosleep_time64:  // Parameters filtered by RestrictClockID().
++#endif
+     case __NR_clock_settime:    // Privileged.
+ #if defined(__i386__) || \
+     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
+diff --git a/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h b/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+index 85e2110b4c2..c39c22b5114 100644
+--- a/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
++++ b/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+@@ -1441,6 +1441,14 @@
+ #define __NR_io_pgetevents (__NR_SYSCALL_BASE+399)
+ #endif
+ 
++#if !defined(__NR_clock_gettime64)
++#define __NR_clock_gettime64 (__NR_SYSCALL_BASE+403)
++#endif
++
++#if !defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep_time64 (__NR_SYSCALL_BASE+407)
++#endif
++
+ // ARM private syscalls.
+ #if !defined(__ARM_NR_BASE)
+ #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
+diff --git a/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h b/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+index ddbf97f3d8b..fa01b3bbc66 100644
+--- a/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
++++ b/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+@@ -1433,4 +1433,12 @@
+ #define __NR_memfd_create (__NR_Linux + 354)
+ #endif
+ 
++#if !defined(__NR_clock_gettime64)
++#define __NR_clock_gettime64 (__NR_Linux + 403)
++#endif
++
++#if !defined(__NR_clock_nanosleep_time64)
++#define __NR_clock_nanosleep_time64 (__NR_Linux + 407)
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
+-- 
+2.30.1
+
diff --git a/extra/qt5-webengine/PKGBUILD b/extra/qt5-webengine/PKGBUILD
index 07e4d061e..769300d69 100644
--- a/extra/qt5-webengine/PKGBUILD
+++ b/extra/qt5-webengine/PKGBUILD
@@ -12,7 +12,7 @@ highmem=1
 pkgname=qt5-webengine
 _qtver=5.15.3
 pkgver=${_qtver/-/}
-pkgrel=3
+pkgrel=3.1
 _commit=a059e7404a6db799f4da0ad696e65ae9c854b4b0
 # Upstream won't tag releases, because potatoes https://lists.qt-project.org/pipermail/interest/2021-March/036386.html
 arch=('x86_64')
@@ -31,14 +31,16 @@ source=(git+https://code.qt.io/qt/qtwebengine.git#commit=$_commit
         0001-ARM-toolchain-fixes.patch
         0002-Fix-ARM-skia-ICE.patch
         0003-bind-gen-Support-single_process-flag-in-generate_bin.patch
-        0004-Run-blink-bindings-generation-single-threaded.patch)
+        0004-Run-blink-bindings-generation-single-threaded.patch
+        0005-Fix-sandbox-Aw-snap-for-sycalls-403-and-407.patch)
 sha256sums=('SKIP'
             'SKIP'
             '2294e5390c869963fc58f7bf1ee0a254a3f7fce3ed00c04e34a5f03e2b31b624'
-            '652d14349df7359c49c7006c4ebbe3ba91f4f5265ff177c02cf82f6b79f505c3'
-            '533a582062a87803354c8f80104cd80e530e73b811fea32221c9102930e933d9'
-            '108fbfee92e1dda80af591b79aef789d22ae3b45e066b271ad3bb44670fc4139'
-            'e6d0eefc96496b4ca299c51d86a4f58b5502e6d661c2acbeb1c8903db12c8fb6')
+            '10b3fed2d67b3a1f487d2d95c9a603fcbc23f08d4528d1986a6d0010c9e466bc'
+            '48f37525c7066b0119b10981ae59139189ca3423db6bd14da6e064065d5d3016'
+            'e77263fd4c7d40972ce61ce353438ee1e0a4d0771c9014aeded001c6a2301d17'
+            '77c669db765b15d309eea058dc5984e8f100956fa83479a4edb7d0a06f775ac3'
+            'afaeece4be0a18777e440d11639cb47952772135fa5533b7aef5221bde8db533')
 
 prepare() {
   mkdir -p build
@@ -57,6 +59,7 @@ prepare() {
   patch -p1 -i ${srcdir}/0002-Fix-ARM-skia-ICE.patch
   patch -p1 -i ${srcdir}/0003-bind-gen-Support-single_process-flag-in-generate_bin.patch
   patch -p1 -i ${srcdir}/0004-Run-blink-bindings-generation-single-threaded.patch
+  patch -p1 -i ${srcdir}/0005-Fix-sandbox-Aw-snap-for-sycalls-403-and-407.patch
 }
 
 build() {