[arch-commits] Commit in chromium/trunk (2 files)

Evangelos Foutras foutrelis at archlinux.org
Sat Mar 24 04:10:39 UTC 2018


    Date: Saturday, March 24, 2018 @ 04:10:38
  Author: foutrelis
Revision: 320124

upgpkg: chromium 65.0.3325.181-2

Compile with CFI to protect virtual calls (FS#57831).

Added:
  chromium/trunk/fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch
Modified:
  chromium/trunk/PKGBUILD

----------------------------------------------------------+
 PKGBUILD                                                 |    8 +
 fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch |   53 +++++++++++++
 2 files changed, 60 insertions(+), 1 deletion(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-03-24 02:21:31 UTC (rev 320123)
+++ PKGBUILD	2018-03-24 04:10:38 UTC (rev 320124)
@@ -6,7 +6,7 @@
 
 pkgname=chromium
 pkgver=65.0.3325.181
-pkgrel=1
+pkgrel=2
 _launcher_ver=5
 pkgdesc="A web browser built for speed, simplicity, and security"
 arch=('x86_64')
@@ -25,6 +25,7 @@
 source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
         chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
         chromium-$pkgver.txt::https://chromium.googlesource.com/chromium/src.git/+/$pkgver?format=TEXT
+        fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch
         chromium-skia-harmony.patch
         chromium-clang-r2.patch
         chromium-math.h-r0.patch
@@ -33,6 +34,7 @@
 sha256sums=('93666448c6b96ec83e6a35a64cff40db4eb92a154fe1db4e7dab4761d0e38687'
             '4dc3428f2c927955d9ae117f2fb24d098cc6dd67adb760ac9c82b522ec8b0587'
             '2771c049b66c9aba3b945fe065f2610f164d55506eb5d71751a26aaf8b40d4ee'
+            'e3fb73b43bb8c69ff517e66b2cac73d6e759fd240003eb35598df9af442422fe'
             'feca54ab09ac0fc9d0626770a6b899a6ac5a12173c7d0c1005bc3964ec83e7b3'
             '4495e8b29dae242c79ffe4beefc5171eb3c7aacb7e9aebfd2d4d69b9d8c958d3'
             'fe0ab86aa5b0072db730eccda3e1582ebed4af25815bfd49fe0da24cf63ca902'
@@ -92,6 +94,9 @@
   sed "s/@WIDEVINE_VERSION@/Pinkie Pie/" ../chromium-widevine.patch |
     patch -Np1
 
+  # https://crbug.com/822820
+  patch -Np1 -i ../fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch
+
   # https://crbug.com/skia/6663#c10
   patch -Np4 -i ../chromium-skia-harmony.patch
 
@@ -153,6 +158,7 @@
     'host_toolchain="//build/toolchain/linux/unbundle:default"'
     'is_clang=true'
     'clang_use_chrome_plugins=false'
+    'is_cfi=true'
     'is_debug=false'
     'fatal_linker_warnings=false'
     'treat_warnings_as_errors=false'

Added: fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch
===================================================================
--- fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch	                        (rev 0)
+++ fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch	2018-03-24 04:10:38 UTC (rev 320124)
@@ -0,0 +1,53 @@
+From f15e8b573ada0fcd643ae393484214b1c7c940f8 Mon Sep 17 00:00:00 2001
+From: Evangelos Foutras <evangelos at foutrelis.com>
+Date: Sat, 24 Mar 2018 00:04:33 +0000
+Subject: [PATCH] Fix crash in is_cfi=true builds with unbundled ICU
+
+Ensure ICU symbols have public visibility and are thus excluded from CFI
+checks and whole-program optimization. The former caused a startup crash
+and the latter has the potential to break virtual calls in weird ways.
+
+BUG=822820
+
+Change-Id: Ia809eefcb9e93b3c612f2381d394db83bbc67120
+Reviewed-on: https://chromium-review.googlesource.com/978008
+Reviewed-by: Peter Collingbourne <pcc at chromium.org>
+Reviewed-by: Thomas Anderson <thomasanderson at chromium.org>
+Commit-Queue: Thomas Anderson <thomasanderson at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#545638}
+---
+ build/linux/unbundle/icu.gn | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/build/linux/unbundle/icu.gn b/build/linux/unbundle/icu.gn
+index 5bdd91555df7..4450e409dba5 100644
+--- a/build/linux/unbundle/icu.gn
++++ b/build/linux/unbundle/icu.gn
+@@ -17,6 +17,24 @@ config("icu_config") {
+     "USING_SYSTEM_ICU=1",
+     "ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC",
+     "UCHAR_TYPE=uint16_t",
++
++    # U_EXPORT (defined in unicode/platform.h) is used to set public visibility
++    # on classes through the U_COMMON_API and U_I18N_API macros (among others).
++    # When linking against the system ICU library, we want its symbols to have
++    # public LTO visibility. This disables CFI checks for the ICU classes and
++    # allows whole-program optimization to be applied to the rest of Chromium.
++    #
++    # Both U_COMMON_API and U_I18N_API macros would be defined to U_EXPORT only
++    # when U_COMBINED_IMPLEMENTATION is defined (see unicode/utypes.h). Because
++    # we override the default system UCHAR_TYPE (char16_t), it is not possible
++    # to use U_COMBINED_IMPLEMENTATION at this moment, meaning the U_COMMON_API
++    # and U_I18N_API macros are set to U_IMPORT which is an empty definition.
++    #
++    # Until building with UCHAR_TYPE=char16_t is supported, one way to apply
++    # public visibility (and thus public LTO visibility) to all ICU classes is
++    # to define U_IMPORT to have the same value as U_EXPORT. For more details,
++    # please see: https://crbug.com/822820
++    "U_IMPORT=U_EXPORT",
+   ]
+ }
+ 
+-- 
+2.16.3
+



More information about the arch-commits mailing list