From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 250F713835B for ; Sat, 23 Jan 2021 00:25:56 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 73771E0BE8; Sat, 23 Jan 2021 00:25:55 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4E57AE0BE8 for ; Sat, 23 Jan 2021 00:25:55 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 460C5340955 for ; Sat, 23 Jan 2021 00:25:54 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 8AA3D4AB for ; Sat, 23 Jan 2021 00:25:51 +0000 (UTC) From: "Andreas Sturmlechner" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andreas Sturmlechner" Message-ID: <1611361537.0b58bf6bd3490c8f8daa62e3d8c1f8c5792bbf36.asturm@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/xdg-desktop-portal/, sys-apps/xdg-desktop-portal/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild X-VCS-Directories: sys-apps/xdg-desktop-portal/files/ sys-apps/xdg-desktop-portal/ X-VCS-Committer: asturm X-VCS-Committer-Name: Andreas Sturmlechner X-VCS-Revision: 0b58bf6bd3490c8f8daa62e3d8c1f8c5792bbf36 X-VCS-Branch: master Date: Sat, 23 Jan 2021 00:25:51 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 240c754e-7d7e-49f8-b667-890b9583d650 X-Archives-Hash: f4107f02c2c003562f9dbb30802c0b48 commit: 0b58bf6bd3490c8f8daa62e3d8c1f8c5792bbf36 Author: Andreas Sturmlechner gentoo org> AuthorDate: Fri Jan 22 21:37:10 2021 +0000 Commit: Andreas Sturmlechner gentoo org> CommitDate: Sat Jan 23 00:25:37 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0b58bf6b sys-apps/xdg-desktop-portal: xdp-utils: check if alternate doc portal ...path matches in path_for_fd() See also: https://github.com/flatpak/xdg-desktop-portal/issues/545 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Andreas Sturmlechner gentoo.org> .../xdg-desktop-portal-1.8.0-fix-doc-portal.patch | 135 +++++++++++++++++++++ .../xdg-desktop-portal-1.8.0-r1.ebuild | 45 +++++++ 2 files changed, 180 insertions(+) diff --git a/sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch b/sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch new file mode 100644 index 00000000000..46b3aaf0fb4 --- /dev/null +++ b/sys-apps/xdg-desktop-portal/files/xdg-desktop-portal-1.8.0-fix-doc-portal.patch @@ -0,0 +1,135 @@ +From 57096483afb069e69b9addcc39fe92b72051f1d2 Mon Sep 17 00:00:00 2001 +From: James Henstridge +Date: Tue, 24 Nov 2020 15:48:19 +0800 +Subject: [PATCH] xdp-utils: check if alternate doc portal path matches in + path_for_fd() + +The document portal uses different inode number when exposing a +particular document in different parts of the file system. As sandboxed +apps only have a subtree of the document portal file system mounted, the +"same file" checks in xdp_app_info_get_path_for_fd() would fail for +document portal paths. + +To fix this, we check to see whether the corresponding "by-app/$app_id" +path matches the stat information of the file descriptor. + +Fixes #545 +--- + document-portal/document-portal.c | 2 ++ + src/documents.c | 2 ++ + src/xdp-utils.c | 47 +++++++++++++++++++++++++++++-- + src/xdp-utils.h | 3 ++ + 5 files changed, 85 insertions(+), 2 deletions(-) + +diff --git a/document-portal/document-portal.c b/document-portal/document-portal.c +index a4c044a..a4aacc4 100644 +--- a/document-portal/document-portal.c ++++ b/document-portal/document-portal.c +@@ -1448,6 +1448,8 @@ on_name_acquired (GDBusConnection *connection, + + fuse_dev = stbuf.st_dev; + ++ xdp_set_documents_mountpoint (xdp_fuse_get_mountpoint ()); ++ + while ((invocation = g_queue_pop_head (&get_mount_point_invocations)) != NULL) + { + xdp_dbus_documents_complete_get_mount_point (dbus_api, invocation, xdp_fuse_get_mountpoint ()); +diff --git a/src/documents.c b/src/documents.c +index 99de9e4..9ddc4ac 100644 +--- a/src/documents.c ++++ b/src/documents.c +@@ -31,6 +31,7 @@ + #include + + #include "xdp-dbus.h" ++#include "xdp-utils.h" + #include "document-enums.h" + + static XdpDocuments *documents = NULL; +@@ -46,6 +47,7 @@ init_document_proxy (GDBusConnection *connection) + xdp_documents_call_get_mount_point_sync (documents, + &documents_mountpoint, + NULL, NULL); ++ xdp_set_documents_mountpoint (documents_mountpoint); + } + + char * +diff --git a/src/xdp-utils.c b/src/xdp-utils.c +index fa6ca6f..ef68f0f 100644 +--- a/src/xdp-utils.c ++++ b/src/xdp-utils.c +@@ -884,6 +884,35 @@ verify_proc_self_fd (XdpAppInfo *app_info, + return xdp_app_info_remap_path (app_info, path_buffer); + } + ++static char *documents_mountpoint = NULL; ++ ++void ++xdp_set_documents_mountpoint (const char *path) ++{ ++ g_clear_pointer (&documents_mountpoint, g_free); ++ documents_mountpoint = g_strdup (path); ++} ++ ++/* alternate_document_path converts a file path */ ++char * ++xdp_get_alternate_document_path (const char *path, const char *app_id) ++{ ++ int len; ++ ++ /* If we don't know where the document portal is mounted, then there ++ * is no alternate path */ ++ if (documents_mountpoint == NULL) ++ return NULL; ++ ++ /* If the path is not within the document portal, then there is no ++ * alternative path */ ++ len = strlen (documents_mountpoint); ++ if (!g_str_has_prefix (path, documents_mountpoint) || path[len] != '/') ++ return NULL; ++ ++ return g_strconcat (documents_mountpoint, "/by-app/", app_id, &path[len], NULL); ++} ++ + char * + xdp_app_info_get_path_for_fd (XdpAppInfo *app_info, + int fd, +@@ -981,8 +1010,22 @@ xdp_app_info_get_path_for_fd (XdpAppInfo *app_info, + st_buf->st_dev != real_st_buf.st_dev || + st_buf->st_ino != real_st_buf.st_ino) + { +- /* Different files on the inside and the outside, reject the request */ +- return NULL; ++ /* If the path is provided by the document portal, the inode ++ number will not match, due to only a subtree being mounted in ++ the sandbox. So we check to see if the equivalent path ++ within that subtree matches our file descriptor. ++ ++ If the alternate path doesn't match either, then we treat it ++ as a failure. ++ */ ++ g_autofree char *alt_path = NULL; ++ alt_path = xdp_get_alternate_document_path (path, xdp_app_info_get_id (app_info)); ++ ++ if (alt_path == NULL || ++ stat (alt_path, &real_st_buf) < 0 || ++ st_buf->st_dev != real_st_buf.st_dev || ++ st_buf->st_ino != real_st_buf.st_ino) ++ return NULL; + } + + if (writable_out) +diff --git a/src/xdp-utils.h b/src/xdp-utils.h +index 7105bce..fea28b8 100644 +--- a/src/xdp-utils.h ++++ b/src/xdp-utils.h +@@ -88,6 +88,9 @@ char ** xdp_app_info_rewrite_commandline (XdpAppInfo *app_info, + + G_DEFINE_AUTOPTR_CLEANUP_FUNC(XdpAppInfo, xdp_app_info_unref) + ++void xdp_set_documents_mountpoint (const char *path); ++char *xdp_get_alternate_document_path (const char *path, const char *app_id); ++ + XdpAppInfo *xdp_invocation_lookup_app_info_sync (GDBusMethodInvocation *invocation, + GCancellable *cancellable, + GError **error); diff --git a/sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild b/sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild new file mode 100644 index 00000000000..bb8cc5472f0 --- /dev/null +++ b/sys-apps/xdg-desktop-portal/xdg-desktop-portal-1.8.0-r1.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools systemd + +DESCRIPTION="Desktop integration portal" +HOMEPAGE="https://flatpak.org/ https://github.com/flatpak/xdg-desktop-portal" +SRC_URI="https://github.com/flatpak/${PN}/releases/download/${PV}/${P}.tar.xz" + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" +IUSE="geolocation screencast" + +BDEPEND=" + dev-util/gdbus-codegen + sys-devel/gettext + virtual/pkgconfig +" +DEPEND=" + dev-libs/glib:2 + dev-libs/json-glib + media-libs/fontconfig + sys-fs/fuse:0 + geolocation? ( >=app-misc/geoclue-2.5.3:2.0 ) + screencast? ( >=media-video/pipewire-0.3:= ) +" +RDEPEND="${DEPEND} + sys-apps/dbus +" + +PATCHES=( "${FILESDIR}/${P}-fix-doc-portal.patch" ) + +src_configure() { + local myeconfargs=( + --with-systemduserunitdir="$(systemd_get_userunitdir)" + $(use_enable geolocation geoclue) + $(use_enable screencast pipewire) + --disable-docbook-docs # flatpak not packaged + --disable-libportal # not packaged + ) + econf "${myeconfargs[@]}" +}