[arch-commits] Commit in chromium/repos/extra-x86_64 (16 files)

Evangelos Foutras foutrelis at archlinux.org
Wed May 15 04:18:40 UTC 2019


    Date: Wednesday, May 15, 2019 @ 04:18:39
  Author: foutrelis
Revision: 353274

archrelease: copy trunk to extra-x86_64

Added:
  chromium/repos/extra-x86_64/PKGBUILD
    (from rev 353273, chromium/trunk/PKGBUILD)
  chromium/repos/extra-x86_64/chromium-fix-the-flash-for-new-windows.patch
    (from rev 353273, chromium/trunk/chromium-fix-the-flash-for-new-windows.patch)
  chromium/repos/extra-x86_64/chromium-fix-window-flash-for-some-WMs.patch
    (from rev 353273, chromium/trunk/chromium-fix-window-flash-for-some-WMs.patch)
  chromium/repos/extra-x86_64/chromium-glibc-2.29.patch
    (from rev 353273, chromium/trunk/chromium-glibc-2.29.patch)
  chromium/repos/extra-x86_64/chromium-skia-harmony.patch
    (from rev 353273, chromium/trunk/chromium-skia-harmony.patch)
  chromium/repos/extra-x86_64/chromium-system-icu.patch
    (from rev 353273, chromium/trunk/chromium-system-icu.patch)
  chromium/repos/extra-x86_64/chromium-widevine.patch
    (from rev 353273, chromium/trunk/chromium-widevine.patch)
  chromium/repos/extra-x86_64/chromium.install
    (from rev 353273, chromium/trunk/chromium.install)
Deleted:
  chromium/repos/extra-x86_64/PKGBUILD
  chromium/repos/extra-x86_64/chromium-fix-the-flash-for-new-windows.patch
  chromium/repos/extra-x86_64/chromium-fix-window-flash-for-some-WMs.patch
  chromium/repos/extra-x86_64/chromium-glibc-2.29.patch
  chromium/repos/extra-x86_64/chromium-skia-harmony.patch
  chromium/repos/extra-x86_64/chromium-system-icu.patch
  chromium/repos/extra-x86_64/chromium-widevine.patch
  chromium/repos/extra-x86_64/chromium.install

----------------------------------------------+
 PKGBUILD                                     |  460 ++++++++++++-------------
 chromium-fix-the-flash-for-new-windows.patch |  108 ++---
 chromium-fix-window-flash-for-some-WMs.patch |  196 +++++-----
 chromium-glibc-2.29.patch                    |  210 +++++------
 chromium-skia-harmony.patch                  |   26 -
 chromium-system-icu.patch                    |   38 +-
 chromium-widevine.patch                      |   44 +-
 chromium.install                             |   32 -
 8 files changed, 557 insertions(+), 557 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2019-05-15 04:18:27 UTC (rev 353273)
+++ PKGBUILD	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,230 +0,0 @@
-# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
-# Contributor: Pierre Schmitz <pierre at archlinux.de>
-# Contributor: Jan "heftig" Steffens <jan.steffens at gmail.com>
-# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
-
-pkgname=chromium
-pkgver=74.0.3729.131
-pkgrel=3
-_launcher_ver=6
-pkgdesc="A web browser built for speed, simplicity, and security"
-arch=('x86_64')
-url="https://www.chromium.org/Home"
-license=('BSD')
-depends=('gtk3' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
-         'ttf-font' 'systemd' 'dbus' 'libpulse' 'pciutils' 'json-glib'
-         'desktop-file-utils' 'hicolor-icon-theme')
-makedepends=('python' 'python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git'
-             'clang' 'lld' 'gn' 'java-runtime-headless')
-optdepends=('pepper-flash: support for Flash content'
-            'kdialog: needed for file dialogs in KDE'
-            'gnome-keyring: for storing passwords in GNOME keyring'
-            'kwallet: for storing passwords in KWallet')
-install=chromium.install
-source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
-        chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
-        chromium-system-icu.patch
-        chromium-glibc-2.29.patch
-        chromium-fix-the-flash-for-new-windows.patch
-        chromium-fix-window-flash-for-some-WMs.patch
-        chromium-widevine.patch
-        chromium-skia-harmony.patch)
-sha256sums=('d178c7842f8f858ac876d88ce866cbd2132d7ca6c73940613ebf7e9c3fada986'
-            '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
-            'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89'
-            'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c'
-            '6d82c052eb1f1ae5644a09f7ad7a88d9e2966d1836124445ca4df93b7657c10a'
-            '183d8cc712f0bcf1afcb01ce90c4c104a4c8d8070a06f94974a28b007d9e2ce4'
-            'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b'
-            '5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3')
-
-# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
-# Keys are the names in the above script; values are the dependencies in Arch
-declare -gA _system_libs=(
-  [ffmpeg]=ffmpeg
-  [flac]=flac
-  [fontconfig]=fontconfig
-  [freetype]=freetype2
-  [harfbuzz-ng]=harfbuzz
-  [icu]=icu
-  [libdrm]=
-  [libjpeg]=libjpeg
-  #[libpng]=libpng            # https://crbug.com/752403#c10
-  [libvpx]=libvpx
-  [libwebp]=libwebp
-  [libxml]=libxml2
-  [libxslt]=libxslt
-  [opus]=opus
-  [re2]=re2
-  [snappy]=snappy
-  [yasm]=
-  [zlib]=minizip
-)
-_unwanted_bundled_libs=(
-  ${!_system_libs[@]}
-  ${_system_libs[libjpeg]+libjpeg_turbo}
-)
-depends+=(${_system_libs[@]})
-
-# Google API keys (see https://www.chromium.org/developers/how-tos/api-keys)
-# Note: These are for Arch Linux use ONLY. For your own distribution, please
-# get your own set of keys.
-_google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM
-_google_default_client_id=413772536636.apps.googleusercontent.com
-_google_default_client_secret=0ZChLK6AxeA3Isu96MkwqDR4
-
-prepare() {
-  cd "$srcdir/$pkgname-$pkgver"
-
-  # Allow building against system libraries in official builds
-  sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
-    tools/generate_shim_headers/generate_shim_headers.py
-
-  # https://crbug.com/893950
-  sed -i -e 's/\<xmlMalloc\>/malloc/' -e 's/\<xmlFree\>/free/' \
-    third_party/blink/renderer/core/xml/*.cc \
-    third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
-    third_party/libxml/chromium/libxml_utils.cc
-
-  # https://crbug.com/949312
-  patch -Np1 -i ../chromium-glibc-2.29.patch
-
-  # https://crbug.com/956061
-  patch -Np1 -i ../chromium-fix-the-flash-for-new-windows.patch
-  patch -Np1 -i ../chromium-fix-window-flash-for-some-WMs.patch
-
-  # Load Widevine CDM if available
-  patch -Np1 -i ../chromium-widevine.patch
-
-  # https://crbug.com/skia/6663#c10
-  patch -Np0 -i ../chromium-skia-harmony.patch
-
-  # https://bugs.gentoo.org/661880#c21
-  patch -Np1 -i ../chromium-system-icu.patch
-
-  # Force script incompatible with Python 3 to use /usr/bin/python2
-  sed -i '1s|python$|&2|' third_party/dom_distiller_js/protoc_plugins/*.py
-
-  mkdir -p third_party/node/linux/node-linux-x64/bin
-  ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/
-
-  # Remove bundled libraries for which we will use the system copies; this
-  # *should* do what the remove_bundled_libraries.py script does, with the
-  # added benefit of not having to list all the remaining libraries
-  local _lib
-  for _lib in ${_unwanted_bundled_libs[@]}; do
-    find "third_party/$_lib" -type f \
-      \! -path "third_party/$_lib/chromium/*" \
-      \! -path "third_party/$_lib/google/*" \
-      \! -path 'third_party/yasm/run_yasm.py' \
-      \! -regex '.*\.\(gn\|gni\|isolate\)' \
-      -delete
-  done
-
-  python2 build/linux/unbundle/replace_gn_files.py \
-    --system-libraries "${!_system_libs[@]}"
-}
-
-build() {
-  make -C chromium-launcher-$_launcher_ver
-
-  cd "$srcdir/$pkgname-$pkgver"
-
-  if check_buildoption ccache y; then
-    # Avoid falling back to preprocessor mode when sources contain time macros
-    export CCACHE_SLOPPINESS=time_macros
-  fi
-
-  export CC=clang
-  export CXX=clang++
-  export AR=ar
-  export NM=nm
-
-  local _flags=(
-    'custom_toolchain="//build/toolchain/linux/unbundle:default"'
-    'host_toolchain="//build/toolchain/linux/unbundle:default"'
-    'clang_use_chrome_plugins=false'
-    'is_official_build=true' # implies is_cfi=true on x86_64
-    'treat_warnings_as_errors=false'
-    'fieldtrial_testing_like_official_build=true'
-    'ffmpeg_branding="Chrome"'
-    'proprietary_codecs=true'
-    'link_pulseaudio=true'
-    'use_gnome_keyring=false'
-    'use_sysroot=false'
-    'linux_use_bundled_binutils=false'
-    'use_custom_libcxx=false'
-    'enable_hangout_services_extension=true'
-    'enable_widevine=true'
-    'enable_nacl=false'
-    'enable_swiftshader=false'
-    "google_api_key=\"${_google_api_key}\""
-    "google_default_client_id=\"${_google_default_client_id}\""
-    "google_default_client_secret=\"${_google_default_client_secret}\""
-  )
-
-  # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn)
-  CFLAGS+='   -Wno-builtin-macro-redefined'
-  CXXFLAGS+=' -Wno-builtin-macro-redefined'
-  CPPFLAGS+=' -D__DATE__=  -D__TIME__=  -D__TIMESTAMP__='
-
-  if check_option strip y; then
-    _flags+=('symbol_level=0')
-
-    # Mimic exclude_unwind_tables=true
-    CFLAGS+='   -fno-unwind-tables -fno-asynchronous-unwind-tables'
-    CXXFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables'
-    CPPFLAGS+=' -DNO_UNWIND_TABLES'
-  fi
-
-  gn gen out/Release --args="${_flags[*]}" --script-executable=/usr/bin/python2
-  ninja -C out/Release chrome chrome_sandbox chromedriver
-}
-
-package() {
-  cd chromium-launcher-$_launcher_ver
-  make PREFIX=/usr DESTDIR="$pkgdir" install
-  install -Dm644 LICENSE \
-    "$pkgdir/usr/share/licenses/chromium/LICENSE.launcher"
-
-  cd "$srcdir/$pkgname-$pkgver"
-
-  install -D out/Release/chrome "$pkgdir/usr/lib/chromium/chromium"
-  install -Dm4755 out/Release/chrome_sandbox "$pkgdir/usr/lib/chromium/chrome-sandbox"
-  ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
-
-  install -Dm644 chrome/installer/linux/common/desktop.template \
-    "$pkgdir/usr/share/applications/chromium.desktop"
-  install -Dm644 chrome/app/resources/manpage.1.in \
-    "$pkgdir/usr/share/man/man1/chromium.1"
-  sed -i \
-    -e "s/@@MENUNAME@@/Chromium/g" \
-    -e "s/@@PACKAGE@@/chromium/g" \
-    -e "s/@@USR_BIN_SYMLINK_NAME@@/chromium/g" \
-    "$pkgdir/usr/share/applications/chromium.desktop" \
-    "$pkgdir/usr/share/man/man1/chromium.1"
-
-  cp \
-    out/Release/{chrome_{100,200}_percent,resources}.pak \
-    out/Release/{*.bin,chromedriver} \
-    "$pkgdir/usr/lib/chromium/"
-  install -Dm644 -t "$pkgdir/usr/lib/chromium/locales" out/Release/locales/*.pak
-
-  if [[ -z ${_system_libs[icu]+set} ]]; then
-    cp out/Release/icudtl.dat "$pkgdir/usr/lib/chromium/"
-  fi
-
-  for size in 22 24 48 64 128 256; do
-    install -Dm644 "chrome/app/theme/chromium/product_logo_$size.png" \
-      "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
-  done
-
-  for size in 16 32; do
-    install -Dm644 "chrome/app/theme/default_100_percent/chromium/product_logo_$size.png" \
-      "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
-  done
-
-  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
-}
-
-# vim:set ts=2 sw=2 et:

Copied: chromium/repos/extra-x86_64/PKGBUILD (from rev 353273, chromium/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,230 @@
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Pierre Schmitz <pierre at archlinux.de>
+# Contributor: Jan "heftig" Steffens <jan.steffens at gmail.com>
+# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
+
+pkgname=chromium
+pkgver=74.0.3729.157
+pkgrel=1
+_launcher_ver=6
+pkgdesc="A web browser built for speed, simplicity, and security"
+arch=('x86_64')
+url="https://www.chromium.org/Home"
+license=('BSD')
+depends=('gtk3' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
+         'ttf-font' 'systemd' 'dbus' 'libpulse' 'pciutils' 'json-glib'
+         'desktop-file-utils' 'hicolor-icon-theme')
+makedepends=('python' 'python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git'
+             'clang' 'lld' 'gn' 'java-runtime-headless')
+optdepends=('pepper-flash: support for Flash content'
+            'kdialog: needed for file dialogs in KDE'
+            'gnome-keyring: for storing passwords in GNOME keyring'
+            'kwallet: for storing passwords in KWallet')
+install=chromium.install
+source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
+        chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
+        chromium-system-icu.patch
+        chromium-glibc-2.29.patch
+        chromium-fix-the-flash-for-new-windows.patch
+        chromium-fix-window-flash-for-some-WMs.patch
+        chromium-widevine.patch
+        chromium-skia-harmony.patch)
+sha256sums=('dcbe311d6ba7124496beca4a7ae401ac072c1f8e1a47d17b0919dba1b5962e06'
+            '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
+            'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89'
+            'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c'
+            '6d82c052eb1f1ae5644a09f7ad7a88d9e2966d1836124445ca4df93b7657c10a'
+            '183d8cc712f0bcf1afcb01ce90c4c104a4c8d8070a06f94974a28b007d9e2ce4'
+            'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b'
+            '5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3')
+
+# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
+# Keys are the names in the above script; values are the dependencies in Arch
+declare -gA _system_libs=(
+  [ffmpeg]=ffmpeg
+  [flac]=flac
+  [fontconfig]=fontconfig
+  [freetype]=freetype2
+  [harfbuzz-ng]=harfbuzz
+  [icu]=icu
+  [libdrm]=
+  [libjpeg]=libjpeg
+  #[libpng]=libpng            # https://crbug.com/752403#c10
+  [libvpx]=libvpx
+  [libwebp]=libwebp
+  [libxml]=libxml2
+  [libxslt]=libxslt
+  [opus]=opus
+  [re2]=re2
+  [snappy]=snappy
+  [yasm]=
+  [zlib]=minizip
+)
+_unwanted_bundled_libs=(
+  ${!_system_libs[@]}
+  ${_system_libs[libjpeg]+libjpeg_turbo}
+)
+depends+=(${_system_libs[@]})
+
+# Google API keys (see https://www.chromium.org/developers/how-tos/api-keys)
+# Note: These are for Arch Linux use ONLY. For your own distribution, please
+# get your own set of keys.
+_google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM
+_google_default_client_id=413772536636.apps.googleusercontent.com
+_google_default_client_secret=0ZChLK6AxeA3Isu96MkwqDR4
+
+prepare() {
+  cd "$srcdir/$pkgname-$pkgver"
+
+  # Allow building against system libraries in official builds
+  sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
+    tools/generate_shim_headers/generate_shim_headers.py
+
+  # https://crbug.com/893950
+  sed -i -e 's/\<xmlMalloc\>/malloc/' -e 's/\<xmlFree\>/free/' \
+    third_party/blink/renderer/core/xml/*.cc \
+    third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
+    third_party/libxml/chromium/libxml_utils.cc
+
+  # https://crbug.com/949312
+  patch -Np1 -i ../chromium-glibc-2.29.patch
+
+  # https://crbug.com/956061
+  patch -Np1 -i ../chromium-fix-the-flash-for-new-windows.patch
+  patch -Np1 -i ../chromium-fix-window-flash-for-some-WMs.patch
+
+  # Load Widevine CDM if available
+  patch -Np1 -i ../chromium-widevine.patch
+
+  # https://crbug.com/skia/6663#c10
+  patch -Np0 -i ../chromium-skia-harmony.patch
+
+  # https://bugs.gentoo.org/661880#c21
+  patch -Np1 -i ../chromium-system-icu.patch
+
+  # Force script incompatible with Python 3 to use /usr/bin/python2
+  sed -i '1s|python$|&2|' third_party/dom_distiller_js/protoc_plugins/*.py
+
+  mkdir -p third_party/node/linux/node-linux-x64/bin
+  ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/
+
+  # Remove bundled libraries for which we will use the system copies; this
+  # *should* do what the remove_bundled_libraries.py script does, with the
+  # added benefit of not having to list all the remaining libraries
+  local _lib
+  for _lib in ${_unwanted_bundled_libs[@]}; do
+    find "third_party/$_lib" -type f \
+      \! -path "third_party/$_lib/chromium/*" \
+      \! -path "third_party/$_lib/google/*" \
+      \! -path 'third_party/yasm/run_yasm.py' \
+      \! -regex '.*\.\(gn\|gni\|isolate\)' \
+      -delete
+  done
+
+  python2 build/linux/unbundle/replace_gn_files.py \
+    --system-libraries "${!_system_libs[@]}"
+}
+
+build() {
+  make -C chromium-launcher-$_launcher_ver
+
+  cd "$srcdir/$pkgname-$pkgver"
+
+  if check_buildoption ccache y; then
+    # Avoid falling back to preprocessor mode when sources contain time macros
+    export CCACHE_SLOPPINESS=time_macros
+  fi
+
+  export CC=clang
+  export CXX=clang++
+  export AR=ar
+  export NM=nm
+
+  local _flags=(
+    'custom_toolchain="//build/toolchain/linux/unbundle:default"'
+    'host_toolchain="//build/toolchain/linux/unbundle:default"'
+    'clang_use_chrome_plugins=false'
+    'is_official_build=true' # implies is_cfi=true on x86_64
+    'treat_warnings_as_errors=false'
+    'fieldtrial_testing_like_official_build=true'
+    'ffmpeg_branding="Chrome"'
+    'proprietary_codecs=true'
+    'link_pulseaudio=true'
+    'use_gnome_keyring=false'
+    'use_sysroot=false'
+    'linux_use_bundled_binutils=false'
+    'use_custom_libcxx=false'
+    'enable_hangout_services_extension=true'
+    'enable_widevine=true'
+    'enable_nacl=false'
+    'enable_swiftshader=false'
+    "google_api_key=\"${_google_api_key}\""
+    "google_default_client_id=\"${_google_default_client_id}\""
+    "google_default_client_secret=\"${_google_default_client_secret}\""
+  )
+
+  # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn)
+  CFLAGS+='   -Wno-builtin-macro-redefined'
+  CXXFLAGS+=' -Wno-builtin-macro-redefined'
+  CPPFLAGS+=' -D__DATE__=  -D__TIME__=  -D__TIMESTAMP__='
+
+  if check_option strip y; then
+    _flags+=('symbol_level=0')
+
+    # Mimic exclude_unwind_tables=true
+    CFLAGS+='   -fno-unwind-tables -fno-asynchronous-unwind-tables'
+    CXXFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables'
+    CPPFLAGS+=' -DNO_UNWIND_TABLES'
+  fi
+
+  gn gen out/Release --args="${_flags[*]}" --script-executable=/usr/bin/python2
+  ninja -C out/Release chrome chrome_sandbox chromedriver
+}
+
+package() {
+  cd chromium-launcher-$_launcher_ver
+  make PREFIX=/usr DESTDIR="$pkgdir" install
+  install -Dm644 LICENSE \
+    "$pkgdir/usr/share/licenses/chromium/LICENSE.launcher"
+
+  cd "$srcdir/$pkgname-$pkgver"
+
+  install -D out/Release/chrome "$pkgdir/usr/lib/chromium/chromium"
+  install -Dm4755 out/Release/chrome_sandbox "$pkgdir/usr/lib/chromium/chrome-sandbox"
+  ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
+
+  install -Dm644 chrome/installer/linux/common/desktop.template \
+    "$pkgdir/usr/share/applications/chromium.desktop"
+  install -Dm644 chrome/app/resources/manpage.1.in \
+    "$pkgdir/usr/share/man/man1/chromium.1"
+  sed -i \
+    -e "s/@@MENUNAME@@/Chromium/g" \
+    -e "s/@@PACKAGE@@/chromium/g" \
+    -e "s/@@USR_BIN_SYMLINK_NAME@@/chromium/g" \
+    "$pkgdir/usr/share/applications/chromium.desktop" \
+    "$pkgdir/usr/share/man/man1/chromium.1"
+
+  cp \
+    out/Release/{chrome_{100,200}_percent,resources}.pak \
+    out/Release/{*.bin,chromedriver} \
+    "$pkgdir/usr/lib/chromium/"
+  install -Dm644 -t "$pkgdir/usr/lib/chromium/locales" out/Release/locales/*.pak
+
+  if [[ -z ${_system_libs[icu]+set} ]]; then
+    cp out/Release/icudtl.dat "$pkgdir/usr/lib/chromium/"
+  fi
+
+  for size in 22 24 48 64 128 256; do
+    install -Dm644 "chrome/app/theme/chromium/product_logo_$size.png" \
+      "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
+  done
+
+  for size in 16 32; do
+    install -Dm644 "chrome/app/theme/default_100_percent/chromium/product_logo_$size.png" \
+      "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
+  done
+
+  install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:

Deleted: chromium-fix-the-flash-for-new-windows.patch
===================================================================
--- chromium-fix-the-flash-for-new-windows.patch	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium-fix-the-flash-for-new-windows.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,54 +0,0 @@
-From adc543fe6a7b3bae9522257e651205140615fecb Mon Sep 17 00:00:00 2001
-From: Peng Huang <penghuang at chromium.org>
-Date: Fri, 3 May 2019 20:40:41 +0000
-Subject: [PATCH] Fix the flash for any new created window.
-
-The flash is because the child window created by GLSurfaceGLX doesn't
-match the visual of parent window. Fix the problem by always creating
-parent window with the same visual.
-
-Bug: 956061
-Change-Id: I88cb65b4a0313be6fdea1bd8d6770d351500ccbb
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1591946
-Reviewed-by: Thomas Anderson <thomasanderson at chromium.org>
-Reviewed-by: Antoine Labour <piman at chromium.org>
-Commit-Queue: Peng Huang <penghuang at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#656497}
----
- .../desktop_window_tree_host_x11.cc           | 19 +++++--------------
- 1 file changed, 5 insertions(+), 14 deletions(-)
-
-diff --git a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
-index 4dda760a4d..8bdb7b026d 100644
---- a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
-+++ b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
-@@ -1426,24 +1426,15 @@ void DesktopWindowTreeHostX11::InitX11Window(
-   if (override_redirect_)
-     attribute_mask |= CWOverrideRedirect;
- 
--  bool enable_transparent_visuals;
--  switch (params.opacity) {
--    case Widget::InitParams::OPAQUE_WINDOW:
--      enable_transparent_visuals = false;
--      break;
--    case Widget::InitParams::TRANSLUCENT_WINDOW:
--      enable_transparent_visuals = true;
--      break;
--    case Widget::InitParams::INFER_OPACITY:
--    default:
--      enable_transparent_visuals = params.type == Widget::InitParams::TYPE_DRAG;
--  }
--
-   Visual* visual = CopyFromParent;
-   int depth = CopyFromParent;
-   Colormap colormap = CopyFromParent;
-+
-+  // GLSurfaceGLX always create child window with alpha channel. If the parent
-+  // window doesn't have alpha channel, it causes flash, so always request argb
-+  // visual.
-   ui::XVisualManager::GetInstance()->ChooseVisualForWindow(
--      enable_transparent_visuals, &visual, &depth, &colormap,
-+      true /* want_argb_visual */, &visual, &depth, &colormap,
-       &use_argb_visual_);
- 
-   if (colormap != CopyFromParent) {

Copied: chromium/repos/extra-x86_64/chromium-fix-the-flash-for-new-windows.patch (from rev 353273, chromium/trunk/chromium-fix-the-flash-for-new-windows.patch)
===================================================================
--- chromium-fix-the-flash-for-new-windows.patch	                        (rev 0)
+++ chromium-fix-the-flash-for-new-windows.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,54 @@
+From adc543fe6a7b3bae9522257e651205140615fecb Mon Sep 17 00:00:00 2001
+From: Peng Huang <penghuang at chromium.org>
+Date: Fri, 3 May 2019 20:40:41 +0000
+Subject: [PATCH] Fix the flash for any new created window.
+
+The flash is because the child window created by GLSurfaceGLX doesn't
+match the visual of parent window. Fix the problem by always creating
+parent window with the same visual.
+
+Bug: 956061
+Change-Id: I88cb65b4a0313be6fdea1bd8d6770d351500ccbb
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1591946
+Reviewed-by: Thomas Anderson <thomasanderson at chromium.org>
+Reviewed-by: Antoine Labour <piman at chromium.org>
+Commit-Queue: Peng Huang <penghuang at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#656497}
+---
+ .../desktop_window_tree_host_x11.cc           | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+diff --git a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
+index 4dda760a4d..8bdb7b026d 100644
+--- a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
++++ b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
+@@ -1426,24 +1426,15 @@ void DesktopWindowTreeHostX11::InitX11Window(
+   if (override_redirect_)
+     attribute_mask |= CWOverrideRedirect;
+ 
+-  bool enable_transparent_visuals;
+-  switch (params.opacity) {
+-    case Widget::InitParams::OPAQUE_WINDOW:
+-      enable_transparent_visuals = false;
+-      break;
+-    case Widget::InitParams::TRANSLUCENT_WINDOW:
+-      enable_transparent_visuals = true;
+-      break;
+-    case Widget::InitParams::INFER_OPACITY:
+-    default:
+-      enable_transparent_visuals = params.type == Widget::InitParams::TYPE_DRAG;
+-  }
+-
+   Visual* visual = CopyFromParent;
+   int depth = CopyFromParent;
+   Colormap colormap = CopyFromParent;
++
++  // GLSurfaceGLX always create child window with alpha channel. If the parent
++  // window doesn't have alpha channel, it causes flash, so always request argb
++  // visual.
+   ui::XVisualManager::GetInstance()->ChooseVisualForWindow(
+-      enable_transparent_visuals, &visual, &depth, &colormap,
++      true /* want_argb_visual */, &visual, &depth, &colormap,
+       &use_argb_visual_);
+ 
+   if (colormap != CopyFromParent) {

Deleted: chromium-fix-window-flash-for-some-WMs.patch
===================================================================
--- chromium-fix-window-flash-for-some-WMs.patch	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium-fix-window-flash-for-some-WMs.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,98 +0,0 @@
-From 90e226ba50c98b5e60f74f9dce998b17117f9051 Mon Sep 17 00:00:00 2001
-From: Peng Huang <penghuang at chromium.org>
-Date: Tue, 7 May 2019 13:16:21 +0000
-Subject: [PATCH] Fix window flash for some WMs
-
-Bug: 956061
-Change-Id: I0d8d196395e70006a8fdc770f1e4a5ba6f93dd57
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1597388
-Commit-Queue: Peng Huang <penghuang at chromium.org>
-Reviewed-by: Antoine Labour <piman at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#657215}
----
- ui/gl/BUILD.gn          |  5 ++++-
- ui/gl/gl_surface_glx.cc | 41 ++++++++++++++++++++++++++++-------------
- 2 files changed, 32 insertions(+), 14 deletions(-)
-
-diff --git a/ui/gl/BUILD.gn b/ui/gl/BUILD.gn
-index 50df0e4085..1753dd480b 100644
---- a/ui/gl/BUILD.gn
-+++ b/ui/gl/BUILD.gn
-@@ -274,7 +274,10 @@ jumbo_component("gl") {
-       "//build/config/linux:xext",
-     ]
- 
--    deps += [ "//ui/gfx/x" ]
-+    deps += [
-+      "//ui/base/x",
-+      "//ui/gfx/x",
-+    ]
-   }
-   if (is_win) {
-     sources += [
-diff --git a/ui/gl/gl_surface_glx.cc b/ui/gl/gl_surface_glx.cc
-index f4c13bed18..777bf767cb 100644
---- a/ui/gl/gl_surface_glx.cc
-+++ b/ui/gl/gl_surface_glx.cc
-@@ -21,6 +21,7 @@
- #include "base/time/time.h"
- #include "base/trace_event/trace_event.h"
- #include "build/build_config.h"
-+#include "ui/base/x/x11_util.h"
- #include "ui/events/platform/platform_event_source.h"
- #include "ui/gfx/x/x11.h"
- #include "ui/gfx/x/x11_connection.h"
-@@ -431,7 +432,9 @@ bool GLSurfaceGLX::InitializeOneOff() {
-   }
- 
-   const XVisualInfo& visual_info =
--      gl::GLVisualPickerGLX::GetInstance()->rgba_visual();
-+      ui::IsCompositingManagerPresent()
-+          ? gl::GLVisualPickerGLX::GetInstance()->rgba_visual()
-+          : gl::GLVisualPickerGLX::GetInstance()->system_visual();
-   g_visual = visual_info.visual;
-   g_depth = visual_info.depth;
-   g_colormap =
-@@ -581,18 +584,30 @@ bool NativeViewGLSurfaceGLX::Initialize(GLSurfaceFormat format) {
-   }
-   size_ = gfx::Size(attributes.width, attributes.height);
- 
--  XSetWindowAttributes swa;
--  memset(&swa, 0, sizeof(swa));
--  swa.background_pixmap = 0;
--  swa.bit_gravity = NorthWestGravity;
--  swa.colormap = g_colormap;
--  swa.background_pixel = 0;
--  swa.border_pixel = 0;
--  window_ = XCreateWindow(
--      gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */, size_.width(),
--      size_.height(), 0 /* border_width */, g_depth, InputOutput, g_visual,
--      CWBackPixmap | CWBitGravity | CWColormap | CWBackPixel | CWBorderPixel,
--      &swa);
-+  XSetWindowAttributes swa = {
-+      .background_pixmap = 0,
-+      .bit_gravity = NorthWestGravity,
-+      .colormap = g_colormap,
-+      .background_pixel = 0,  // ARGB(0,0,0,0) for compositing WM
-+      .border_pixel = 0,
-+  };
-+  auto value_mask = CWBackPixmap | CWBitGravity | CWColormap | CWBorderPixel;
-+  if (ui::IsCompositingManagerPresent() &&
-+      XVisualIDFromVisual(attributes.visual) == XVisualIDFromVisual(g_visual)) {
-+    // When parent and child are using the same visual, the back buffer will be
-+    // shared between parent and child. If WM compositing is enabled, we set
-+    // child's background pixel to ARGB(0,0,0,0), so ARGB(0,0,0,0) will be
-+    // filled to the shared buffer, when the child window is mapped. It can
-+    // avoid an annoying flash when the child window is mapped below.
-+    // If WM compositing is disabled, we don't set the background pixel, so
-+    // nothing will be draw when the child window is mapped.
-+    value_mask |= CWBackPixel;
-+  }
-+
-+  window_ =
-+      XCreateWindow(gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */,
-+                    size_.width(), size_.height(), 0 /* border_width */,
-+                    g_depth, InputOutput, g_visual, value_mask, &swa);
-   if (!window_) {
-     LOG(ERROR) << "XCreateWindow failed";
-     return false;

Copied: chromium/repos/extra-x86_64/chromium-fix-window-flash-for-some-WMs.patch (from rev 353273, chromium/trunk/chromium-fix-window-flash-for-some-WMs.patch)
===================================================================
--- chromium-fix-window-flash-for-some-WMs.patch	                        (rev 0)
+++ chromium-fix-window-flash-for-some-WMs.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,98 @@
+From 90e226ba50c98b5e60f74f9dce998b17117f9051 Mon Sep 17 00:00:00 2001
+From: Peng Huang <penghuang at chromium.org>
+Date: Tue, 7 May 2019 13:16:21 +0000
+Subject: [PATCH] Fix window flash for some WMs
+
+Bug: 956061
+Change-Id: I0d8d196395e70006a8fdc770f1e4a5ba6f93dd57
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1597388
+Commit-Queue: Peng Huang <penghuang at chromium.org>
+Reviewed-by: Antoine Labour <piman at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#657215}
+---
+ ui/gl/BUILD.gn          |  5 ++++-
+ ui/gl/gl_surface_glx.cc | 41 ++++++++++++++++++++++++++++-------------
+ 2 files changed, 32 insertions(+), 14 deletions(-)
+
+diff --git a/ui/gl/BUILD.gn b/ui/gl/BUILD.gn
+index 50df0e4085..1753dd480b 100644
+--- a/ui/gl/BUILD.gn
++++ b/ui/gl/BUILD.gn
+@@ -274,7 +274,10 @@ jumbo_component("gl") {
+       "//build/config/linux:xext",
+     ]
+ 
+-    deps += [ "//ui/gfx/x" ]
++    deps += [
++      "//ui/base/x",
++      "//ui/gfx/x",
++    ]
+   }
+   if (is_win) {
+     sources += [
+diff --git a/ui/gl/gl_surface_glx.cc b/ui/gl/gl_surface_glx.cc
+index f4c13bed18..777bf767cb 100644
+--- a/ui/gl/gl_surface_glx.cc
++++ b/ui/gl/gl_surface_glx.cc
+@@ -21,6 +21,7 @@
+ #include "base/time/time.h"
+ #include "base/trace_event/trace_event.h"
+ #include "build/build_config.h"
++#include "ui/base/x/x11_util.h"
+ #include "ui/events/platform/platform_event_source.h"
+ #include "ui/gfx/x/x11.h"
+ #include "ui/gfx/x/x11_connection.h"
+@@ -431,7 +432,9 @@ bool GLSurfaceGLX::InitializeOneOff() {
+   }
+ 
+   const XVisualInfo& visual_info =
+-      gl::GLVisualPickerGLX::GetInstance()->rgba_visual();
++      ui::IsCompositingManagerPresent()
++          ? gl::GLVisualPickerGLX::GetInstance()->rgba_visual()
++          : gl::GLVisualPickerGLX::GetInstance()->system_visual();
+   g_visual = visual_info.visual;
+   g_depth = visual_info.depth;
+   g_colormap =
+@@ -581,18 +584,30 @@ bool NativeViewGLSurfaceGLX::Initialize(GLSurfaceFormat format) {
+   }
+   size_ = gfx::Size(attributes.width, attributes.height);
+ 
+-  XSetWindowAttributes swa;
+-  memset(&swa, 0, sizeof(swa));
+-  swa.background_pixmap = 0;
+-  swa.bit_gravity = NorthWestGravity;
+-  swa.colormap = g_colormap;
+-  swa.background_pixel = 0;
+-  swa.border_pixel = 0;
+-  window_ = XCreateWindow(
+-      gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */, size_.width(),
+-      size_.height(), 0 /* border_width */, g_depth, InputOutput, g_visual,
+-      CWBackPixmap | CWBitGravity | CWColormap | CWBackPixel | CWBorderPixel,
+-      &swa);
++  XSetWindowAttributes swa = {
++      .background_pixmap = 0,
++      .bit_gravity = NorthWestGravity,
++      .colormap = g_colormap,
++      .background_pixel = 0,  // ARGB(0,0,0,0) for compositing WM
++      .border_pixel = 0,
++  };
++  auto value_mask = CWBackPixmap | CWBitGravity | CWColormap | CWBorderPixel;
++  if (ui::IsCompositingManagerPresent() &&
++      XVisualIDFromVisual(attributes.visual) == XVisualIDFromVisual(g_visual)) {
++    // When parent and child are using the same visual, the back buffer will be
++    // shared between parent and child. If WM compositing is enabled, we set
++    // child's background pixel to ARGB(0,0,0,0), so ARGB(0,0,0,0) will be
++    // filled to the shared buffer, when the child window is mapped. It can
++    // avoid an annoying flash when the child window is mapped below.
++    // If WM compositing is disabled, we don't set the background pixel, so
++    // nothing will be draw when the child window is mapped.
++    value_mask |= CWBackPixel;
++  }
++
++  window_ =
++      XCreateWindow(gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */,
++                    size_.width(), size_.height(), 0 /* border_width */,
++                    g_depth, InputOutput, g_visual, value_mask, &swa);
+   if (!window_) {
+     LOG(ERROR) << "XCreateWindow failed";
+     return false;

Deleted: chromium-glibc-2.29.patch
===================================================================
--- chromium-glibc-2.29.patch	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium-glibc-2.29.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,105 +0,0 @@
-From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001
-From: Matthew Denton <mpdenton at chromium.org>
-Date: Wed, 24 Apr 2019 15:44:40 +0000
-Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM
- posix_spawn/vfork
-
-Glibc's system() function switched to using posix_spawn, which uses
-CLONE_VFORK. Pepperflash includes a sandbox debugging check which
-relies on us EPERM-ing process creation like this, rather than crashing
-the process with SIGSYS.
-
-So whitelist clone() calls, like posix_spawn, that include the flags
-CLONE_VFORK and CLONE_VM.
-
-Bug: 949312
-Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086
-Commit-Queue: Robert Sesek <rsesek at chromium.org>
-Reviewed-by: Robert Sesek <rsesek at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#653590}
----
- .../baseline_policy_unittest.cc               | 29 +++++++++++++++++++
- .../syscall_parameters_restrictions.cc        | 13 +++++++--
- 2 files changed, 40 insertions(+), 2 deletions(-)
-
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-index cdeb210ccb..40fcebf933 100644
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-@@ -10,7 +10,9 @@
- #include <sched.h>
- #include <signal.h>
- #include <stddef.h>
-+#include <stdlib.h>
- #include <string.h>
-+#include <sys/mman.h>
- #include <sys/prctl.h>
- #include <sys/resource.h>
- #include <sys/socket.h>
-@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) {
-   BPF_ASSERT_EQ(EPERM, fork_errno);
- }
- 
-+BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
-+  errno = 0;
-+  int ret_val = system("echo SHOULD NEVER RUN");
-+  BPF_ASSERT_EQ(-1, ret_val);
-+  BPF_ASSERT_EQ(EPERM, errno);
-+}
-+
-+BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
-+  errno = 0;
-+  // Allocate a couple pages for the child's stack even though the child should
-+  // never start.
-+  constexpr size_t kStackSize = 4096 * 4;
-+  void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
-+                           MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
-+  BPF_ASSERT_NE(child_stack, nullptr);
-+  pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
-+                      static_cast<char*>(child_stack) + kStackSize, nullptr,
-+                      nullptr, nullptr);
-+  const int clone_errno = errno;
-+  TestUtils::HandlePostForkReturn(pid);
-+
-+  munmap(child_stack, kStackSize);
-+
-+  BPF_ASSERT_EQ(-1, pid);
-+  BPF_ASSERT_EQ(EPERM, clone_errno);
-+}
-+
- BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
-   base::Thread thread("sandbox_tests");
-   BPF_ASSERT(thread.Start());
-diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-index 100afe50e3..348ab6e8c5 100644
---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-@@ -135,7 +135,8 @@ namespace sandbox {
- #if !defined(OS_NACL_NONSFI)
- // Allow Glibc's and Android pthread creation flags, crash on any other
- // thread creation attempts and EPERM attempts to use neither
--// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
-+// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
-+// present (as in newer versions of posix_spawn).
- ResultExpr RestrictCloneToThreadsAndEPERMFork() {
-   const Arg<unsigned long> flags(0);
- 
-@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
-       AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
-             flags == kGlibcPthreadFlags);
- 
-+  // The following two flags are the two important flags in any vfork-emulating
-+  // clone call. EPERM any clone call that contains both of them.
-+  const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
-+
-+  const BoolExpr is_fork_or_clone_vfork =
-+      AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
-+            (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
-+
-   return If(IsAndroid() ? android_test : glibc_test, Allow())
--      .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
-+      .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
-       .Else(CrashSIGSYSClone());
- }
- 

Copied: chromium/repos/extra-x86_64/chromium-glibc-2.29.patch (from rev 353273, chromium/trunk/chromium-glibc-2.29.patch)
===================================================================
--- chromium-glibc-2.29.patch	                        (rev 0)
+++ chromium-glibc-2.29.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,105 @@
+From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Wed, 24 Apr 2019 15:44:40 +0000
+Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM
+ posix_spawn/vfork
+
+Glibc's system() function switched to using posix_spawn, which uses
+CLONE_VFORK. Pepperflash includes a sandbox debugging check which
+relies on us EPERM-ing process creation like this, rather than crashing
+the process with SIGSYS.
+
+So whitelist clone() calls, like posix_spawn, that include the flags
+CLONE_VFORK and CLONE_VM.
+
+Bug: 949312
+Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086
+Commit-Queue: Robert Sesek <rsesek at chromium.org>
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#653590}
+---
+ .../baseline_policy_unittest.cc               | 29 +++++++++++++++++++
+ .../syscall_parameters_restrictions.cc        | 13 +++++++--
+ 2 files changed, 40 insertions(+), 2 deletions(-)
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index cdeb210ccb..40fcebf933 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -10,7 +10,9 @@
+ #include <sched.h>
+ #include <signal.h>
+ #include <stddef.h>
++#include <stdlib.h>
+ #include <string.h>
++#include <sys/mman.h>
+ #include <sys/prctl.h>
+ #include <sys/resource.h>
+ #include <sys/socket.h>
+@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) {
+   BPF_ASSERT_EQ(EPERM, fork_errno);
+ }
+ 
++BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
++  errno = 0;
++  int ret_val = system("echo SHOULD NEVER RUN");
++  BPF_ASSERT_EQ(-1, ret_val);
++  BPF_ASSERT_EQ(EPERM, errno);
++}
++
++BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
++  errno = 0;
++  // Allocate a couple pages for the child's stack even though the child should
++  // never start.
++  constexpr size_t kStackSize = 4096 * 4;
++  void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
++                           MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
++  BPF_ASSERT_NE(child_stack, nullptr);
++  pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
++                      static_cast<char*>(child_stack) + kStackSize, nullptr,
++                      nullptr, nullptr);
++  const int clone_errno = errno;
++  TestUtils::HandlePostForkReturn(pid);
++
++  munmap(child_stack, kStackSize);
++
++  BPF_ASSERT_EQ(-1, pid);
++  BPF_ASSERT_EQ(EPERM, clone_errno);
++}
++
+ BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
+   base::Thread thread("sandbox_tests");
+   BPF_ASSERT(thread.Start());
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+index 100afe50e3..348ab6e8c5 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+@@ -135,7 +135,8 @@ namespace sandbox {
+ #if !defined(OS_NACL_NONSFI)
+ // Allow Glibc's and Android pthread creation flags, crash on any other
+ // thread creation attempts and EPERM attempts to use neither
+-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
++// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
++// present (as in newer versions of posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+   const Arg<unsigned long> flags(0);
+ 
+@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+       AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+             flags == kGlibcPthreadFlags);
+ 
++  // The following two flags are the two important flags in any vfork-emulating
++  // clone call. EPERM any clone call that contains both of them.
++  const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
++
++  const BoolExpr is_fork_or_clone_vfork =
++      AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
++            (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
++
+   return If(IsAndroid() ? android_test : glibc_test, Allow())
+-      .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
++      .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
+       .Else(CrashSIGSYSClone());
+ }
+ 

Deleted: chromium-skia-harmony.patch
===================================================================
--- chromium-skia-harmony.patch	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium-skia-harmony.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,13 +0,0 @@
---- third_party/skia/src/ports/SkFontHost_FreeType.cpp.orig	2019-01-20 10:54:56.415239030 +0000
-+++ third_party/skia/src/ports/SkFontHost_FreeType.cpp	2019-01-20 10:55:05.695307733 +0000
-@@ -121,8 +121,8 @@ public:
-         : fGetVarDesignCoordinates(nullptr)
-         , fGetVarAxisFlags(nullptr)
-         , fLibrary(nullptr)
--        , fIsLCDSupported(false)
--        , fLCDExtra(0)
-+        , fIsLCDSupported(true)
-+        , fLCDExtra(2)
-     {
-         if (FT_New_Library(&gFTMemory, &fLibrary)) {
-             return;

Copied: chromium/repos/extra-x86_64/chromium-skia-harmony.patch (from rev 353273, chromium/trunk/chromium-skia-harmony.patch)
===================================================================
--- chromium-skia-harmony.patch	                        (rev 0)
+++ chromium-skia-harmony.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,13 @@
+--- third_party/skia/src/ports/SkFontHost_FreeType.cpp.orig	2019-01-20 10:54:56.415239030 +0000
++++ third_party/skia/src/ports/SkFontHost_FreeType.cpp	2019-01-20 10:55:05.695307733 +0000
+@@ -121,8 +121,8 @@ public:
+         : fGetVarDesignCoordinates(nullptr)
+         , fGetVarAxisFlags(nullptr)
+         , fLibrary(nullptr)
+-        , fIsLCDSupported(false)
+-        , fLCDExtra(0)
++        , fIsLCDSupported(true)
++        , fLCDExtra(2)
+     {
+         if (FT_New_Library(&gFTMemory, &fLibrary)) {
+             return;

Deleted: chromium-system-icu.patch
===================================================================
--- chromium-system-icu.patch	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium-system-icu.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,19 +0,0 @@
-diff --git a/third_party/blink/renderer/platform/text/character_property_data.h b/third_party/blink/renderer/platform/text/character_property_data.h
-index 28fb6a9..bb4dbd7 100644
---- a/third_party/blink/renderer/platform/text/character_property_data.h
-+++ b/third_party/blink/renderer/platform/text/character_property_data.h
-@@ -244,10 +244,12 @@ static const UChar32 kIsHangulRanges[] = {
-     0xD7B0, 0xD7FF,
-     // Halfwidth Hangul Jamo
-     // https://www.unicode.org/charts/nameslist/c_FF00.html
--    0xFFA0, 0xFFDC,
-+    0xFFA0, 0xFFDB,
- };
- 
--static const UChar32 kIsHangulArray[] = {};
-+static const UChar32 kIsHangulArray[] = {
-+  0xFFDC,
-+};
- 
- #if !defined(USING_SYSTEM_ICU)
- // Freezed trie tree, see character_property_data_generator.cc.

Copied: chromium/repos/extra-x86_64/chromium-system-icu.patch (from rev 353273, chromium/trunk/chromium-system-icu.patch)
===================================================================
--- chromium-system-icu.patch	                        (rev 0)
+++ chromium-system-icu.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,19 @@
+diff --git a/third_party/blink/renderer/platform/text/character_property_data.h b/third_party/blink/renderer/platform/text/character_property_data.h
+index 28fb6a9..bb4dbd7 100644
+--- a/third_party/blink/renderer/platform/text/character_property_data.h
++++ b/third_party/blink/renderer/platform/text/character_property_data.h
+@@ -244,10 +244,12 @@ static const UChar32 kIsHangulRanges[] = {
+     0xD7B0, 0xD7FF,
+     // Halfwidth Hangul Jamo
+     // https://www.unicode.org/charts/nameslist/c_FF00.html
+-    0xFFA0, 0xFFDC,
++    0xFFA0, 0xFFDB,
+ };
+ 
+-static const UChar32 kIsHangulArray[] = {};
++static const UChar32 kIsHangulArray[] = {
++  0xFFDC,
++};
+ 
+ #if !defined(USING_SYSTEM_ICU)
+ // Freezed trie tree, see character_property_data_generator.cc.

Deleted: chromium-widevine.patch
===================================================================
--- chromium-widevine.patch	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium-widevine.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,22 +0,0 @@
-diff -upr chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc chromium-71.0.3578.80/chrome/common/chrome_content_client.cc
---- chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc	2018-12-03 20:16:43.000000000 +0000
-+++ chromium-71.0.3578.80/chrome/common/chrome_content_client.cc	2018-12-04 21:34:28.658206942 +0000
-@@ -99,7 +99,7 @@
- // Registers Widevine CDM if Widevine is enabled, the Widevine CDM is
- // bundled and not a component. When the Widevine CDM is a component, it is
- // registered in widevine_cdm_component_installer.cc.
--#if BUILDFLAG(BUNDLE_WIDEVINE_CDM) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
-+#if BUILDFLAG(ENABLE_WIDEVINE) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
- #define REGISTER_BUNDLED_WIDEVINE_CDM
- #include "third_party/widevine/cdm/widevine_cdm_common.h"  // nogncheck
- // TODO(crbug.com/663554): Needed for WIDEVINE_CDM_VERSION_STRING. Support
-diff -upr chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h
---- chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h	2018-12-03 20:18:01.000000000 +0000
-+++ chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h	2018-12-04 21:37:45.635374949 +0000
-@@ -12,4 +12,6 @@
- //  - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
- //    as a string, e.g., "1.0.123.456").
- 
-+#define WIDEVINE_CDM_VERSION_STRING "unknown"
-+
- #endif  // WIDEVINE_CDM_VERSION_H_

Copied: chromium/repos/extra-x86_64/chromium-widevine.patch (from rev 353273, chromium/trunk/chromium-widevine.patch)
===================================================================
--- chromium-widevine.patch	                        (rev 0)
+++ chromium-widevine.patch	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,22 @@
+diff -upr chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc chromium-71.0.3578.80/chrome/common/chrome_content_client.cc
+--- chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc	2018-12-03 20:16:43.000000000 +0000
++++ chromium-71.0.3578.80/chrome/common/chrome_content_client.cc	2018-12-04 21:34:28.658206942 +0000
+@@ -99,7 +99,7 @@
+ // Registers Widevine CDM if Widevine is enabled, the Widevine CDM is
+ // bundled and not a component. When the Widevine CDM is a component, it is
+ // registered in widevine_cdm_component_installer.cc.
+-#if BUILDFLAG(BUNDLE_WIDEVINE_CDM) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
++#if BUILDFLAG(ENABLE_WIDEVINE) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
+ #define REGISTER_BUNDLED_WIDEVINE_CDM
+ #include "third_party/widevine/cdm/widevine_cdm_common.h"  // nogncheck
+ // TODO(crbug.com/663554): Needed for WIDEVINE_CDM_VERSION_STRING. Support
+diff -upr chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h
+--- chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h	2018-12-03 20:18:01.000000000 +0000
++++ chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h	2018-12-04 21:37:45.635374949 +0000
+@@ -12,4 +12,6 @@
+ //  - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
+ //    as a string, e.g., "1.0.123.456").
+ 
++#define WIDEVINE_CDM_VERSION_STRING "unknown"
++
+ #endif  // WIDEVINE_CDM_VERSION_H_

Deleted: chromium.install
===================================================================
--- chromium.install	2019-05-15 04:18:27 UTC (rev 353273)
+++ chromium.install	2019-05-15 04:18:39 UTC (rev 353274)
@@ -1,16 +0,0 @@
-post_upgrade() {
-  if (($(vercmp $2 42.0.2311.90-1) < 0)); then
-    echo ':: This Chromium package no longer supports custom flags passed via the'
-    echo '   /etc/chromium/default file (or any other files under /etc/chromium/).'
-    echo
-    echo '   The new /usr/bin/chromium launcher script will automatically detect'
-    echo '   Pepper Flash (if installed) and pass the correct flags to Chromium.'
-    echo
-    echo '   If you need to pass extra command-line arguments to Chromium, you'
-    echo '   can put them in a "chromium-flags.conf" file under $HOME/.config/'
-    echo '   (or $XDG_CONFIG_HOME). Arguments are split on whitespace and shell'
-    echo '   quoting rules apply but no further parsing is performed.'
-  fi
-}
-
-# vim:set ts=2 sw=2 et:

Copied: chromium/repos/extra-x86_64/chromium.install (from rev 353273, chromium/trunk/chromium.install)
===================================================================
--- chromium.install	                        (rev 0)
+++ chromium.install	2019-05-15 04:18:39 UTC (rev 353274)
@@ -0,0 +1,16 @@
+post_upgrade() {
+  if (($(vercmp $2 42.0.2311.90-1) < 0)); then
+    echo ':: This Chromium package no longer supports custom flags passed via the'
+    echo '   /etc/chromium/default file (or any other files under /etc/chromium/).'
+    echo
+    echo '   The new /usr/bin/chromium launcher script will automatically detect'
+    echo '   Pepper Flash (if installed) and pass the correct flags to Chromium.'
+    echo
+    echo '   If you need to pass extra command-line arguments to Chromium, you'
+    echo '   can put them in a "chromium-flags.conf" file under $HOME/.config/'
+    echo '   (or $XDG_CONFIG_HOME). Arguments are split on whitespace and shell'
+    echo '   quoting rules apply but no further parsing is performed.'
+  fi
+}
+
+# vim:set ts=2 sw=2 et:


More information about the arch-commits mailing list