Enable web process sandbox

Resolves: #2070670
2022-05-23 16:13:27 -05:00 · 2022-05-23 16:13:27 -05:00 · 701bc1d8ab
commit 701bc1d8ab
parent 54786003b8
2 changed files with 44 additions and 3 deletions
--- a/enable-sandbox.patch
+++ b/enable-sandbox.patch
@ -0,0 +1,35 @@
+From 87e5db488d509fb3f88fdd5aed3d58afcc930814 Mon Sep 17 00:00:00 2001
+From: Felipe Borges <felipeborges@gnome.org>
+Date: Mon, 4 Apr 2022 10:06:07 +0200
+Subject: [PATCH] Enable webkit sandbox on GApplication.startup
+
+This needs to be done only once, so this is a good place for it.
+
+In commit 3fcb670f7385 we enabled it using Gjs "static" syntax, which
+is not available in Gjs versions older than 1.71.1.
+https://gitlab.gnome.org/GNOME/gjs/-/blob/70552bee79f644836a5e9f9a54845791b1ef7a94/NEWS#L67
+
+Let's enable it on GApplication.startup for GNOME 41.
+
+Fixes #81
+---
+ src/ui/application.js | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/ui/application.js b/src/ui/application.js
+index 53fe2b4..f84a9bc 100644
+--- a/src/ui/application.js
+++ b/src/ui/application.js
+@@ -85,6 +85,9 @@ var Application = GObject.registerClass(class Application extends Gtk.Applicatio
+     vfunc_startup() {
+         super.vfunc_startup();
+ 
+        // Enable web process sandbox
+        WebKit2.WebContext.get_default().set_sandbox_enabled(true);
+
+         this._defineStyleAndThemes();
+     }
+ 
+-- 
+GitLab
+
--- a/sushi.spec
+++ b/sushi.spec
@ -2,7 +2,7 @@

 Name:           sushi
 Version:        3.38.1
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        A quick previewer for Nautilus

 License:        GPLv2+ with exceptions
@ -11,6 +11,9 @@ Source0:        https://download.gnome.org/sources/%{name}/%{url_ver}/%{name}-%{

 Patch0:         drop-libmusicbrainz-dep.patch

+# https://gitlab.gnome.org/GNOME/sushi/-/merge_requests/30
+Patch1:         enable-sandbox.patch
+
 BuildRequires:  gettext
 BuildRequires:  gjs-devel
 BuildRequires:  meson
@ -30,8 +33,7 @@ file manager.


 %prep
-%setup -q
-%patch0 -p1
+%autosetup -p1

 %build
 %meson
@ -55,6 +57,10 @@ file manager.


 %changelog
+* Mon May 23 2022 Michael Catanzaro <mcatanzaro@redhat.com> - 3.38.1-2
+- Enable web process sandbox
+  Resolves: #2070670
+
 * Tue Aug 24 2021 Kalev Lember <klember@redhat.com> - 3.38.1-1
 - Update to 3.38.1