Enable web process sandbox

Resolves: #2070670
This commit is contained in:
Michael Catanzaro 2022-05-23 16:13:27 -05:00
parent 54786003b8
commit 701bc1d8ab
2 changed files with 44 additions and 3 deletions

35
enable-sandbox.patch Normal file
View File

@ -0,0 +1,35 @@
From 87e5db488d509fb3f88fdd5aed3d58afcc930814 Mon Sep 17 00:00:00 2001
From: Felipe Borges <felipeborges@gnome.org>
Date: Mon, 4 Apr 2022 10:06:07 +0200
Subject: [PATCH] Enable webkit sandbox on GApplication.startup
This needs to be done only once, so this is a good place for it.
In commit 3fcb670f7385 we enabled it using Gjs "static" syntax, which
is not available in Gjs versions older than 1.71.1.
https://gitlab.gnome.org/GNOME/gjs/-/blob/70552bee79f644836a5e9f9a54845791b1ef7a94/NEWS#L67
Let's enable it on GApplication.startup for GNOME 41.
Fixes #81
---
src/ui/application.js | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/ui/application.js b/src/ui/application.js
index 53fe2b4..f84a9bc 100644
--- a/src/ui/application.js
+++ b/src/ui/application.js
@@ -85,6 +85,9 @@ var Application = GObject.registerClass(class Application extends Gtk.Applicatio
vfunc_startup() {
super.vfunc_startup();
+ // Enable web process sandbox
+ WebKit2.WebContext.get_default().set_sandbox_enabled(true);
+
this._defineStyleAndThemes();
}
--
GitLab

View File

@ -2,7 +2,7 @@
Name: sushi
Version: 3.38.1
Release: 1%{?dist}
Release: 2%{?dist}
Summary: A quick previewer for Nautilus
License: GPLv2+ with exceptions
@ -11,6 +11,9 @@ Source0: https://download.gnome.org/sources/%{name}/%{url_ver}/%{name}-%{
Patch0: drop-libmusicbrainz-dep.patch
# https://gitlab.gnome.org/GNOME/sushi/-/merge_requests/30
Patch1: enable-sandbox.patch
BuildRequires: gettext
BuildRequires: gjs-devel
BuildRequires: meson
@ -30,8 +33,7 @@ file manager.
%prep
%setup -q
%patch0 -p1
%autosetup -p1
%build
%meson
@ -55,6 +57,10 @@ file manager.
%changelog
* Mon May 23 2022 Michael Catanzaro <mcatanzaro@redhat.com> - 3.38.1-2
- Enable web process sandbox
Resolves: #2070670
* Tue Aug 24 2021 Kalev Lember <klember@redhat.com> - 3.38.1-1
- Update to 3.38.1