[arch-commits] Commit in chromium/trunk (5 files)
Evangelos Foutras
foutrelis at archlinux.org
Tue Apr 23 21:07:15 UTC 2019
Date: Tuesday, April 23, 2019 @ 21:07:13
Author: foutrelis
Revision: 352024
upgpkg: chromium 74.0.3729.108-1
New upstream release.
Added:
chromium/trunk/chromium-glibc-2.29.patch
Modified:
chromium/trunk/PKGBUILD
Deleted:
chromium/trunk/chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch
chromium/trunk/chromium-color_utils-use-std-sqrt.patch
chromium/trunk/chromium-media-fix-build-with-libstdc++.patch
------------------------------------------------------------------+
PKGBUILD | 24 --
chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch | 34 ---
chromium-color_utils-use-std-sqrt.patch | 48 ----
chromium-glibc-2.29.patch | 98 ++++++++++
chromium-media-fix-build-with-libstdc++.patch | 48 ----
5 files changed, 105 insertions(+), 147 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2019-04-23 21:02:42 UTC (rev 352023)
+++ PKGBUILD 2019-04-23 21:07:13 UTC (rev 352024)
@@ -4,8 +4,8 @@
# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
pkgname=chromium
-pkgver=73.0.3683.103
-pkgrel=2
+pkgver=74.0.3729.108
+pkgrel=1
_launcher_ver=6
pkgdesc="A web browser built for speed, simplicity, and security"
arch=('x86_64')
@@ -24,17 +24,13 @@
source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
chromium-system-icu.patch
- chromium-color_utils-use-std-sqrt.patch
- chromium-media-fix-build-with-libstdc++.patch
- chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch
+ chromium-glibc-2.29.patch
chromium-widevine.patch
chromium-skia-harmony.patch)
-sha256sums=('eb02c419de98bb8849fd0a37a3e7bbb813938c37e3d6b2c2526df3e84f9653af'
+sha256sums=('1e1e5e06fe24309377630800b44b5c6b624b7c722b5d9789abe80a962b945b6f'
'04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89'
- 'b3b6f5147d519c586cbdaf3b227dd1719676fa3a65edd6f08989087afd287afa'
- 'f51fe91427d8638c5551746d2ec7de99e8059dd76889cfeaee8ca3d8fed62265'
- 'f2b12ccf83a8e0adda4a87ae5c983df5e092ccf1f9a6f2e05799ce4d451dbda1'
+ '89ca1ac8394ec0920357ff64ba46573e978e9be64f82aa0fc225b36e30d5842c'
'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b'
'5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3')
@@ -86,15 +82,9 @@
third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
third_party/libxml/chromium/libxml_utils.cc
- # https://crbug.com/819294#c88
- patch -Np1 -i ../chromium-color_utils-use-std-sqrt.patch
+ # https://crbug.com/949312
+ patch -Np1 -i ../chromium-glibc-2.29.patch
- # https://crbug.com/931373
- patch -d media -Np1 -i ../../chromium-media-fix-build-with-libstdc++.patch
-
- # https://crbug.com/879929
- patch -Np1 -i ../chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch
-
# Load Widevine CDM if available
patch -Np1 -i ../chromium-widevine.patch
Deleted: chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch
===================================================================
--- chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch 2019-04-23 21:02:42 UTC (rev 352023)
+++ chromium-avoid-log-flooding-in-GLSurfacePresentationHelper.patch 2019-04-23 21:07:13 UTC (rev 352024)
@@ -1,34 +0,0 @@
-From 1fb4edaf534c278a0b7a3150efff8e712c1efe91 Mon Sep 17 00:00:00 2001
-From: Peng Huang <penghuang at chromium.org>
-Date: Tue, 19 Feb 2019 22:01:52 +0000
-Subject: [PATCH] Avoid log flooding in GLSurfacePresentationHelper
-
-Bug: 879929
-Change-Id: Ifb452736573e65791ed5e3f143778f576854a167
-Reviewed-on: https://chromium-review.googlesource.com/c/1477918
-Commit-Queue: Peng Huang <penghuang at chromium.org>
-Reviewed-by: Antoine Labour <piman at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#633415}
----
- ui/gl/gl_surface_presentation_helper.cc | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/ui/gl/gl_surface_presentation_helper.cc b/ui/gl/gl_surface_presentation_helper.cc
-index 987725ca1c931..e7bcd1a5b79ff 100644
---- a/ui/gl/gl_surface_presentation_helper.cc
-+++ b/ui/gl/gl_surface_presentation_helper.cc
-@@ -237,7 +237,13 @@ void GLSurfacePresentationHelper::CheckPendingFrames() {
- &vsync_interval_)) {
- vsync_timebase_ = base::TimeTicks();
- vsync_interval_ = base::TimeDelta();
-- LOG(ERROR) << "GetVSyncParametersIfAvailable() failed!";
-+ static unsigned int count = 0;
-+ ++count;
-+ // GetVSyncParametersIfAvailable() could be called and failed frequently,
-+ // so we have to limit the LOG to avoid flooding the log.
-+ LOG_IF(ERROR, count < 20 || !(count & 0xff))
-+ << "GetVSyncParametersIfAvailable() failed for " << count
-+ << " times!";
- }
- }
-
Deleted: chromium-color_utils-use-std-sqrt.patch
===================================================================
--- chromium-color_utils-use-std-sqrt.patch 2019-04-23 21:02:42 UTC (rev 352023)
+++ chromium-color_utils-use-std-sqrt.patch 2019-04-23 21:07:13 UTC (rev 352024)
@@ -1,48 +0,0 @@
-From a5ba6f9bb7665040045dc0f8087407096630ad7b Mon Sep 17 00:00:00 2001
-From: Raphael Kubo da Costa <raphael.kubo.da.costa at intel.com>
-Date: Fri, 8 Feb 2019 02:57:28 +0000
-Subject: [PATCH] color_utils: Use std::sqrt() instead of std::sqrtf()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This fixes the build with libstdc++:
-
- ../../ui/gfx/color_utils.cc: In function ‘SkColor color_utils::SetDarkestColorForTesting(SkColor)’:
- ../../ui/gfx/color_utils.cc:434:12: error: ‘sqrtf’ is not a member of ‘std’
- std::sqrtf((dark_luminance + 0.05f) * (kWhiteLuminance + 0.05f)) - 0.05f;
- ^~~~~
- ../../ui/gfx/color_utils.cc:434:12: note: suggested alternative: ‘sqrt’
- std::sqrtf((dark_luminance + 0.05f) * (kWhiteLuminance + 0.05f)) - 0.05f;
- ^~~~~
- sqrt
-
-sqrtf() is not formally part of C++14 as far as I can see even though libc++
-has it in <cmath>. Additionally, we're only dealing with floats in all parts
-of the expression above, so using the float sqrt() overload should be
-harmless anyway.
-
-Bug: 819294
-Change-Id: If6c7bf31819df97a761e6963def6d6506154c34d
-Reviewed-on: https://chromium-review.googlesource.com/c/1458193
-Auto-Submit: Raphael Kubo da Costa <raphael.kubo.da.costa at intel.com>
-Reviewed-by: Peter Kasting <pkasting at chromium.org>
-Commit-Queue: Raphael Kubo da Costa <raphael.kubo.da.costa at intel.com>
-Cr-Commit-Position: refs/heads/master@{#630140}
----
- ui/gfx/color_utils.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/ui/gfx/color_utils.cc b/ui/gfx/color_utils.cc
-index c868cd54bac3f..92ba1407d594f 100644
---- a/ui/gfx/color_utils.cc
-+++ b/ui/gfx/color_utils.cc
-@@ -431,7 +431,7 @@ SkColor SetDarkestColorForTesting(SkColor color) {
- // GetContrastRatio(kWhiteLuminance, g_luminance_midpoint). The formula below
- // can be verified by plugging it into how GetContrastRatio() operates.
- g_luminance_midpoint =
-- std::sqrtf((dark_luminance + 0.05f) * (kWhiteLuminance + 0.05f)) - 0.05f;
-+ std::sqrt((dark_luminance + 0.05f) * (kWhiteLuminance + 0.05f)) - 0.05f;
-
- return previous_darkest_color;
- }
Added: chromium-glibc-2.29.patch
===================================================================
--- chromium-glibc-2.29.patch (rev 0)
+++ chromium-glibc-2.29.patch 2019-04-23 21:07:13 UTC (rev 352024)
@@ -0,0 +1,98 @@
+tree 0f4b37852646eae176de06a5d92cd2f68ffaf318
+parent a38dc4152f043e81310b0deff46f9a770b9f5fcb
+author Matthew Denton <mpdenton at chromium.org> 1555962368 -0700
+committer Matthew Denton <mpdenton at chromium.org> 1555962368 -0700
+
+Update Linux Seccomp syscall restrictions to EPERM posix_spawn/vfork
+
+Glibc's system() function switched to using posix_spawn, which uses
+CLONE_VFORK. Pepperflash includes a sandbox debugging check which
+relies on us EPERM-ing process creation like this, rather than crashing
+the process with SIGSYS.
+
+So whitelist clone() calls, like posix_spawn, that include the flags
+CLONE_VFORK and CLONE_VM.
+
+Bug: 949312
+Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index cdeb210..40fcebf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -10,7 +10,9 @@
+ #include <sched.h>
+ #include <signal.h>
+ #include <stddef.h>
++#include <stdlib.h>
+ #include <string.h>
++#include <sys/mman.h>
+ #include <sys/prctl.h>
+ #include <sys/resource.h>
+ #include <sys/socket.h>
+@@ -130,6 +132,33 @@
+ BPF_ASSERT_EQ(EPERM, fork_errno);
+ }
+
++BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
++ errno = 0;
++ int ret_val = system("echo SHOULD NEVER RUN");
++ BPF_ASSERT_EQ(-1, ret_val);
++ BPF_ASSERT_EQ(EPERM, errno);
++}
++
++BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
++ errno = 0;
++ // Allocate a couple pages for the child's stack even though the child should
++ // never start.
++ constexpr size_t kStackSize = 4096 * 4;
++ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
++ BPF_ASSERT_NE(child_stack, nullptr);
++ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
++ static_cast<char*>(child_stack) + kStackSize, nullptr,
++ nullptr, nullptr);
++ const int clone_errno = errno;
++ TestUtils::HandlePostForkReturn(pid);
++
++ munmap(child_stack, kStackSize);
++
++ BPF_ASSERT_EQ(-1, pid);
++ BPF_ASSERT_EQ(EPERM, clone_errno);
++}
++
+ BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
+ base::Thread thread("sandbox_tests");
+ BPF_ASSERT(thread.Start());
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+index 100afe5..348ab6e 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+@@ -135,7 +135,8 @@
+ #if !defined(OS_NACL_NONSFI)
+ // Allow Glibc's and Android pthread creation flags, crash on any other
+ // thread creation attempts and EPERM attempts to use neither
+-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
++// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
++// present (as in newer versions of posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+ const Arg<unsigned long> flags(0);
+
+@@ -154,8 +155,16 @@
+ AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+ flags == kGlibcPthreadFlags);
+
++ // The following two flags are the two important flags in any vfork-emulating
++ // clone call. EPERM any clone call that contains both of them.
++ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
++
++ const BoolExpr is_fork_or_clone_vfork =
++ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
++ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
++
+ return If(IsAndroid() ? android_test : glibc_test, Allow())
+- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
++ .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
+ .Else(CrashSIGSYSClone());
+ }
+
Deleted: chromium-media-fix-build-with-libstdc++.patch
===================================================================
--- chromium-media-fix-build-with-libstdc++.patch 2019-04-23 21:02:42 UTC (rev 352023)
+++ chromium-media-fix-build-with-libstdc++.patch 2019-04-23 21:07:13 UTC (rev 352024)
@@ -1,48 +0,0 @@
-From d4824fb46a07f3dbecf6358020f0f0da2c586475 Mon Sep 17 00:00:00 2001
-From: Tom Anderson <thomasanderson at chromium.org>
-Date: Sat, 16 Feb 2019 05:35:55 +0000
-Subject: [PATCH] Fix build with libstdc++
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When building with libstdc++ (use_custom_libcxx=false), we get (different) build
-erros when building with clang and gcc.
-
-clang:
- base/optional.h:348:61: error: no member named 'value' in
- 'std::is_constructible<media::learning::Value, const
- base::Optional<media::learning::Value> &>'
-
-gcc:
- base/optional.h:347:57: error: incomplete type
- ‘std::is_constructible<media::learning::Value,
- base::Optional<media::learning::Value>&>’ used in nested name specifier
-
-BUG=931373
-
-Change-Id: I133ff4f30398202b5726c605fafee8aa916179d3
-Reviewed-on: https://chromium-review.googlesource.com/c/1475936
-Auto-Submit: Thomas Anderson <thomasanderson at chromium.org>
-Commit-Queue: Frank Liberato <liberato at chromium.org>
-Reviewed-by: Frank Liberato <liberato at chromium.org>
-Cr-Original-Commit-Position: refs/heads/master@{#632921}
-Cr-Mirrored-From: https://chromium.googlesource.com/chromium/src
-Cr-Mirrored-Commit: 08b9fbc728043c89f21af46796bacd7324b7ce06
----
- learning/common/value.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/learning/common/value.h b/learning/common/value.h
-index 62f4953f6..ef37eebd4 100644
---- a/learning/common/value.h
-+++ b/learning/common/value.h
-@@ -27,7 +27,7 @@ class COMPONENT_EXPORT(LEARNING_COMMON) Value {
- public:
- Value();
- template <typename T>
-- explicit Value(T x) : value_(x) {
-+ explicit Value(const T& x) : value_(x) {
- // We want to rule out mostly pointers, since they wouldn't make much sense.
- // Note that the implicit cast would likely fail anyway.
- static_assert(std::is_arithmetic<T>::value || std::is_enum<T>::value,
More information about the arch-commits
mailing list