[arch-commits] Commit in chromium/trunk (PKGBUILD chromium-glibc-2.29.patch)

Wed Apr 24 17:03:36 UTC 2019

Date: Wednesday, April 24, 2019 @ 17:03:34
  Author: foutrelis
Revision: 352073

Update chromium-glibc-2.29.patch from upstream git

Modified:
  chromium/trunk/PKGBUILD
  chromium/trunk/chromium-glibc-2.29.patch

---------------------------+
 PKGBUILD                  |    2 +-
 chromium-glibc-2.29.patch |   29 ++++++++++++++++++-----------
 2 files changed, 19 insertions(+), 12 deletions(-)

Modified: PKGBUILD
===================================================================

--- PKGBUILD	2019-04-24 16:48:07 UTC (rev 352072)
+++ PKGBUILD	2019-04-24 17:03:34 UTC (rev 352073)
@@ -30,7 +30,7 @@
 sha256sums=('1e1e5e06fe24309377630800b44b5c6b624b7c722b5d9789abe80a962b945b6f'
             '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
             'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89'
-            '89ca1ac8394ec0920357ff64ba46573e978e9be64f82aa0fc225b36e30d5842c'
+            'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c'
             'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b'
             '5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3')
 

Modified: chromium-glibc-2.29.patch
===================================================================
--- chromium-glibc-2.29.patch	2019-04-24 16:48:07 UTC (rev 352072)
+++ chromium-glibc-2.29.patch	2019-04-24 17:03:34 UTC (rev 352073)
@@ -1,10 +1,9 @@
-tree 0f4b37852646eae176de06a5d92cd2f68ffaf318
-parent a38dc4152f043e81310b0deff46f9a770b9f5fcb
-author Matthew Denton <mpdenton at chromium.org> 1555962368 -0700
-committer Matthew Denton <mpdenton at chromium.org> 1555962368 -0700
+From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Wed, 24 Apr 2019 15:44:40 +0000
+Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM
+ posix_spawn/vfork
 
-Update Linux Seccomp syscall restrictions to EPERM posix_spawn/vfork
-
 Glibc's system() function switched to using posix_spawn, which uses
 CLONE_VFORK. Pepperflash includes a sandbox debugging check which
 relies on us EPERM-ing process creation like this, rather than crashing
@@ -15,9 +14,17 @@
 
 Bug: 949312
 Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086
+Commit-Queue: Robert Sesek <rsesek at chromium.org>
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#653590}
+---
+ .../baseline_policy_unittest.cc               | 29 +++++++++++++++++++
+ .../syscall_parameters_restrictions.cc        | 13 +++++++--
+ 2 files changed, 40 insertions(+), 2 deletions(-)
 
 diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-index cdeb210..40fcebf 100644
+index cdeb210ccb..40fcebf933 100644
 --- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
 +++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
 @@ -10,7 +10,9 @@
@@ -30,7 +37,7 @@
  #include <sys/prctl.h>
  #include <sys/resource.h>
  #include <sys/socket.h>
-@@ -130,6 +132,33 @@
+@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) {
    BPF_ASSERT_EQ(EPERM, fork_errno);
  }
  
@@ -65,10 +72,10 @@
    base::Thread thread("sandbox_tests");
    BPF_ASSERT(thread.Start());
 diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-index 100afe5..348ab6e 100644
+index 100afe50e3..348ab6e8c5 100644
 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
 +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-@@ -135,7 +135,8 @@
+@@ -135,7 +135,8 @@ namespace sandbox {
  #if !defined(OS_NACL_NONSFI)
  // Allow Glibc's and Android pthread creation flags, crash on any other
  // thread creation attempts and EPERM attempts to use neither
@@ -78,7 +85,7 @@
  ResultExpr RestrictCloneToThreadsAndEPERMFork() {
    const Arg<unsigned long> flags(0);
  
-@@ -154,8 +155,16 @@
+@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
        AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
              flags == kGlibcPthreadFlags);
  

