community/qt5-qtwebengine: backport membarrier fix for sandbox

ref #10405

community/qt5-qtwebengine/APKBUILD

 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=qt5-qtwebengine
 pkgver=5.12.4
-pkgrel=0
+pkgrel=1
 pkgdesc="Qt5 - QtWebEngine components"
 url="http://qt-project.org/"
 # ppc64le, s390x: not supported
@@ -111,5 +111,5 @@ b1f7823d0bdd14dbcb4dbd72ab2d16460d343722d2601921a50f8912ce580a632e0d7b01d7fea6f2
 987b9b35d04317e22ae2cce382e776f3309fc7fd4588e408cd6bed846f47620d01e2b9958cb60c84b8f6f496de6544a21ba399ba8b8f107b73df179794740092  qt-musl-sysreg-for__WORDSIZE.patch
 7dc3e9995596adef65cd96f650eb7ee13d52cabfe6353f04eeb5b8a5776e7e0585ffc2a0a31deea6924352ee9a5a8e03ac37432b558c6a46f3dc457b4283392a  qt-musl-stackstart.patch
 b37fbc4df03c82123f94982039defa12d9bb8c885c9dcf8fff556b5f9cc58182fa471f970cc3a5e2d5dbe964855f591b474366b6a8926d94ae6a78e883811c1a  qt-musl-thread-stacksize.patch
-635d77109b5ce9bc9697d621f1bf98193903e2ac69fc4079fb92f175daa80147fed8ae15544d239ef680e120474d8f811002935ef1a078836ba01695f9ddfcb9  musl-sandbox.patch
+76b1966bdd76fd22f0073b23be50f69fb95451e06bdce567a439b0fbb69ff2956264704f5b53c50842e9c4aafaab7d2f330465a04092b66c5965e5d0ae2c7761  musl-sandbox.patch
 f6b1941e40f44b675ab554166e3cd8d3272b23f48571b4949b3af7b8e1c642ee84fe0ee26dd2457fc3bf20e9924cddb411e293b7a8a103029ee196587371a1e2  yasm-nls.patch"

community/qt5-qtwebengine/musl-sandbox.patch

 diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-index 5f81dff..85b7ea0 100644
+index 2577f02..b27300c 100644
 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
 +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
 @@ -129,23 +129,13 @@ namespace sandbox {
@@ -33,10 +33,10 @@ index 5f81dff..85b7ea0 100644
        .Else(CrashSIGSYSClone());
  }
 diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-index 1d9f95c..21fbe21 100644
+index 9f1cdef..a2d703b 100644
 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
 +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-@@ -373,6 +373,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
+@@ -375,6 +375,7 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
  #if defined(__i386__)
      case __NR_waitpid:
  #endif
@@ -44,7 +44,7 @@ index 1d9f95c..21fbe21 100644
        return true;
      case __NR_clone:  // Should be parameter-restricted.
      case __NR_setns:  // Privileged.
-@@ -385,7 +386,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
+@@ -387,7 +388,6 @@ bool SyscallSets::IsAllowedProcessStartOrDeath(int sysno) {
  #if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
      case __NR_set_thread_area:
  #endif
@@ -52,15 +52,16 @@ index 1d9f95c..21fbe21 100644
      case __NR_unshare:
  #if !defined(__mips__) && !defined(__aarch64__)
      case __NR_vfork:
-@@ -492,6 +492,7 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
+@@ -496,6 +496,8 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
      case __NR_mlock:
      case __NR_munlock:
      case __NR_munmap:
 +    case __NR_mremap:
++    case __NR_membarrier:
        return true;
      case __NR_madvise:
      case __NR_mincore:
-@@ -507,7 +508,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
+@@ -511,7 +513,6 @@ bool SyscallSets::IsAllowedAddressSpaceAccess(int sysno) {
      case __NR_modify_ldt:
  #endif
      case __NR_mprotect:
@@ -68,3 +69,85 @@ index 1d9f95c..21fbe21 100644
      case __NR_msync:
      case __NR_munlockall:
      case __NR_readahead:
+diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
+index 59d0eab..7ae7002 100644
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/arm64_linux_syscalls.h
+@@ -1063,4 +1063,8 @@
+ #define __NR_memfd_create 279
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier 283
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_
+diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+index 1addd53..7843b5e 100644
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/arm_linux_syscalls.h
+@@ -1385,6 +1385,10 @@
+ #define __NR_memfd_create (__NR_SYSCALL_BASE+385)
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier (__NR_SYSCALL_BASE+389)
++#endif
++
+ // ARM private syscalls.
+ #if !defined(__ARM_NR_BASE)
+ #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000)
+diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
+index ec75815..612fcfa 100644
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/mips64_linux_syscalls.h
+@@ -1271,4 +1271,8 @@
+ #define __NR_memfd_create (__NR_Linux + 314)
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier (__NR_Linux + 318)
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_
+diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+index ddbf97f..1742acd 100644
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/mips_linux_syscalls.h
+@@ -1433,4 +1433,8 @@
+ #define __NR_memfd_create (__NR_Linux + 354)
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier (__NR_Linux + 358)
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_
+diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
+index a6afc62..7ed0a3b 100644
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_32_linux_syscalls.h
+@@ -1422,5 +1422,9 @@
+ #define __NR_memfd_create 356
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier 375
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_
+ 
+diff --git a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
+index 349504a..ea3c7c9 100644
+--- a/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
++++ b/src/3rdparty/chromium/sandbox/linux/system_headers/x86_64_linux_syscalls.h
+@@ -1290,5 +1290,9 @@
+ #define __NR_memfd_create 319
+ #endif
+ 
++#if !defined(__NR_membarrier)
++#define __NR_membarrier 324
++#endif
++
+ #endif  // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_
+