[arch-commits] Commit in chromium/repos/extra-x86_64 (16 files)
Evangelos Foutras
foutrelis at archlinux.org
Wed May 22 00:25:06 UTC 2019
Date: Wednesday, May 22, 2019 @ 00:25:05
Author: foutrelis
Revision: 353781
archrelease: copy trunk to extra-x86_64
Added:
chromium/repos/extra-x86_64/PKGBUILD
(from rev 353780, chromium/trunk/PKGBUILD)
chromium/repos/extra-x86_64/chromium-fix-the-flash-for-new-windows.patch
(from rev 353780, chromium/trunk/chromium-fix-the-flash-for-new-windows.patch)
chromium/repos/extra-x86_64/chromium-fix-window-flash-for-some-WMs.patch
(from rev 353780, chromium/trunk/chromium-fix-window-flash-for-some-WMs.patch)
chromium/repos/extra-x86_64/chromium-glibc-2.29.patch
(from rev 353780, chromium/trunk/chromium-glibc-2.29.patch)
chromium/repos/extra-x86_64/chromium-skia-harmony.patch
(from rev 353780, chromium/trunk/chromium-skia-harmony.patch)
chromium/repos/extra-x86_64/chromium-system-icu.patch
(from rev 353780, chromium/trunk/chromium-system-icu.patch)
chromium/repos/extra-x86_64/chromium-widevine.patch
(from rev 353780, chromium/trunk/chromium-widevine.patch)
chromium/repos/extra-x86_64/chromium.install
(from rev 353780, chromium/trunk/chromium.install)
Deleted:
chromium/repos/extra-x86_64/PKGBUILD
chromium/repos/extra-x86_64/chromium-fix-the-flash-for-new-windows.patch
chromium/repos/extra-x86_64/chromium-fix-window-flash-for-some-WMs.patch
chromium/repos/extra-x86_64/chromium-glibc-2.29.patch
chromium/repos/extra-x86_64/chromium-skia-harmony.patch
chromium/repos/extra-x86_64/chromium-system-icu.patch
chromium/repos/extra-x86_64/chromium-widevine.patch
chromium/repos/extra-x86_64/chromium.install
----------------------------------------------+
PKGBUILD | 460 ++++++++++++-------------
chromium-fix-the-flash-for-new-windows.patch | 108 ++---
chromium-fix-window-flash-for-some-WMs.patch | 196 +++++-----
chromium-glibc-2.29.patch | 210 +++++------
chromium-skia-harmony.patch | 26 -
chromium-system-icu.patch | 38 +-
chromium-widevine.patch | 44 +-
chromium.install | 32 -
8 files changed, 557 insertions(+), 557 deletions(-)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2019-05-22 00:24:55 UTC (rev 353780)
+++ PKGBUILD 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,230 +0,0 @@
-# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
-# Contributor: Pierre Schmitz <pierre at archlinux.de>
-# Contributor: Jan "heftig" Steffens <jan.steffens at gmail.com>
-# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
-
-pkgname=chromium
-pkgver=74.0.3729.157
-pkgrel=1
-_launcher_ver=6
-pkgdesc="A web browser built for speed, simplicity, and security"
-arch=('x86_64')
-url="https://www.chromium.org/Home"
-license=('BSD')
-depends=('gtk3' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
- 'ttf-font' 'systemd' 'dbus' 'libpulse' 'pciutils' 'json-glib'
- 'desktop-file-utils' 'hicolor-icon-theme')
-makedepends=('python' 'python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git'
- 'clang' 'lld' 'gn' 'java-runtime-headless')
-optdepends=('pepper-flash: support for Flash content'
- 'kdialog: needed for file dialogs in KDE'
- 'gnome-keyring: for storing passwords in GNOME keyring'
- 'kwallet: for storing passwords in KWallet')
-install=chromium.install
-source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
- chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
- chromium-system-icu.patch
- chromium-glibc-2.29.patch
- chromium-fix-the-flash-for-new-windows.patch
- chromium-fix-window-flash-for-some-WMs.patch
- chromium-widevine.patch
- chromium-skia-harmony.patch)
-sha256sums=('dcbe311d6ba7124496beca4a7ae401ac072c1f8e1a47d17b0919dba1b5962e06'
- '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
- 'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89'
- 'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c'
- '6d82c052eb1f1ae5644a09f7ad7a88d9e2966d1836124445ca4df93b7657c10a'
- '183d8cc712f0bcf1afcb01ce90c4c104a4c8d8070a06f94974a28b007d9e2ce4'
- 'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b'
- '5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3')
-
-# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
-# Keys are the names in the above script; values are the dependencies in Arch
-declare -gA _system_libs=(
- [ffmpeg]=ffmpeg
- [flac]=flac
- [fontconfig]=fontconfig
- [freetype]=freetype2
- [harfbuzz-ng]=harfbuzz
- [icu]=icu
- [libdrm]=
- [libjpeg]=libjpeg
- #[libpng]=libpng # https://crbug.com/752403#c10
- [libvpx]=libvpx
- [libwebp]=libwebp
- [libxml]=libxml2
- [libxslt]=libxslt
- [opus]=opus
- [re2]=re2
- [snappy]=snappy
- [yasm]=
- [zlib]=minizip
-)
-_unwanted_bundled_libs=(
- ${!_system_libs[@]}
- ${_system_libs[libjpeg]+libjpeg_turbo}
-)
-depends+=(${_system_libs[@]})
-
-# Google API keys (see https://www.chromium.org/developers/how-tos/api-keys)
-# Note: These are for Arch Linux use ONLY. For your own distribution, please
-# get your own set of keys.
-_google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM
-_google_default_client_id=413772536636.apps.googleusercontent.com
-_google_default_client_secret=0ZChLK6AxeA3Isu96MkwqDR4
-
-prepare() {
- cd "$srcdir/$pkgname-$pkgver"
-
- # Allow building against system libraries in official builds
- sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
- tools/generate_shim_headers/generate_shim_headers.py
-
- # https://crbug.com/893950
- sed -i -e 's/\<xmlMalloc\>/malloc/' -e 's/\<xmlFree\>/free/' \
- third_party/blink/renderer/core/xml/*.cc \
- third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
- third_party/libxml/chromium/libxml_utils.cc
-
- # https://crbug.com/949312
- patch -Np1 -i ../chromium-glibc-2.29.patch
-
- # https://crbug.com/956061
- patch -Np1 -i ../chromium-fix-the-flash-for-new-windows.patch
- patch -Np1 -i ../chromium-fix-window-flash-for-some-WMs.patch
-
- # Load Widevine CDM if available
- patch -Np1 -i ../chromium-widevine.patch
-
- # https://crbug.com/skia/6663#c10
- patch -Np0 -i ../chromium-skia-harmony.patch
-
- # https://bugs.gentoo.org/661880#c21
- patch -Np1 -i ../chromium-system-icu.patch
-
- # Force script incompatible with Python 3 to use /usr/bin/python2
- sed -i '1s|python$|&2|' third_party/dom_distiller_js/protoc_plugins/*.py
-
- mkdir -p third_party/node/linux/node-linux-x64/bin
- ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/
-
- # Remove bundled libraries for which we will use the system copies; this
- # *should* do what the remove_bundled_libraries.py script does, with the
- # added benefit of not having to list all the remaining libraries
- local _lib
- for _lib in ${_unwanted_bundled_libs[@]}; do
- find "third_party/$_lib" -type f \
- \! -path "third_party/$_lib/chromium/*" \
- \! -path "third_party/$_lib/google/*" \
- \! -path 'third_party/yasm/run_yasm.py' \
- \! -regex '.*\.\(gn\|gni\|isolate\)' \
- -delete
- done
-
- python2 build/linux/unbundle/replace_gn_files.py \
- --system-libraries "${!_system_libs[@]}"
-}
-
-build() {
- make -C chromium-launcher-$_launcher_ver
-
- cd "$srcdir/$pkgname-$pkgver"
-
- if check_buildoption ccache y; then
- # Avoid falling back to preprocessor mode when sources contain time macros
- export CCACHE_SLOPPINESS=time_macros
- fi
-
- export CC=clang
- export CXX=clang++
- export AR=ar
- export NM=nm
-
- local _flags=(
- 'custom_toolchain="//build/toolchain/linux/unbundle:default"'
- 'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'clang_use_chrome_plugins=false'
- 'is_official_build=true' # implies is_cfi=true on x86_64
- 'treat_warnings_as_errors=false'
- 'fieldtrial_testing_like_official_build=true'
- 'ffmpeg_branding="Chrome"'
- 'proprietary_codecs=true'
- 'link_pulseaudio=true'
- 'use_gnome_keyring=false'
- 'use_sysroot=false'
- 'linux_use_bundled_binutils=false'
- 'use_custom_libcxx=false'
- 'enable_hangout_services_extension=true'
- 'enable_widevine=true'
- 'enable_nacl=false'
- 'enable_swiftshader=false'
- "google_api_key=\"${_google_api_key}\""
- "google_default_client_id=\"${_google_default_client_id}\""
- "google_default_client_secret=\"${_google_default_client_secret}\""
- )
-
- # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn)
- CFLAGS+=' -Wno-builtin-macro-redefined'
- CXXFLAGS+=' -Wno-builtin-macro-redefined'
- CPPFLAGS+=' -D__DATE__= -D__TIME__= -D__TIMESTAMP__='
-
- if check_option strip y; then
- _flags+=('symbol_level=0')
-
- # Mimic exclude_unwind_tables=true
- CFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables'
- CXXFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables'
- CPPFLAGS+=' -DNO_UNWIND_TABLES'
- fi
-
- gn gen out/Release --args="${_flags[*]}" --script-executable=/usr/bin/python2
- ninja -C out/Release chrome chrome_sandbox chromedriver
-}
-
-package() {
- cd chromium-launcher-$_launcher_ver
- make PREFIX=/usr DESTDIR="$pkgdir" install
- install -Dm644 LICENSE \
- "$pkgdir/usr/share/licenses/chromium/LICENSE.launcher"
-
- cd "$srcdir/$pkgname-$pkgver"
-
- install -D out/Release/chrome "$pkgdir/usr/lib/chromium/chromium"
- install -Dm4755 out/Release/chrome_sandbox "$pkgdir/usr/lib/chromium/chrome-sandbox"
- ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
-
- install -Dm644 chrome/installer/linux/common/desktop.template \
- "$pkgdir/usr/share/applications/chromium.desktop"
- install -Dm644 chrome/app/resources/manpage.1.in \
- "$pkgdir/usr/share/man/man1/chromium.1"
- sed -i \
- -e "s/@@MENUNAME@@/Chromium/g" \
- -e "s/@@PACKAGE@@/chromium/g" \
- -e "s/@@USR_BIN_SYMLINK_NAME@@/chromium/g" \
- "$pkgdir/usr/share/applications/chromium.desktop" \
- "$pkgdir/usr/share/man/man1/chromium.1"
-
- cp \
- out/Release/{chrome_{100,200}_percent,resources}.pak \
- out/Release/{*.bin,chromedriver} \
- "$pkgdir/usr/lib/chromium/"
- install -Dm644 -t "$pkgdir/usr/lib/chromium/locales" out/Release/locales/*.pak
-
- if [[ -z ${_system_libs[icu]+set} ]]; then
- cp out/Release/icudtl.dat "$pkgdir/usr/lib/chromium/"
- fi
-
- for size in 22 24 48 64 128 256; do
- install -Dm644 "chrome/app/theme/chromium/product_logo_$size.png" \
- "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
- done
-
- for size in 16 32; do
- install -Dm644 "chrome/app/theme/default_100_percent/chromium/product_logo_$size.png" \
- "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
- done
-
- install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
-}
-
-# vim:set ts=2 sw=2 et:
Copied: chromium/repos/extra-x86_64/PKGBUILD (from rev 353780, chromium/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,230 @@
+# Maintainer: Evangelos Foutras <evangelos at foutrelis.com>
+# Contributor: Pierre Schmitz <pierre at archlinux.de>
+# Contributor: Jan "heftig" Steffens <jan.steffens at gmail.com>
+# Contributor: Daniel J Griffiths <ghost1227 at archlinux.us>
+
+pkgname=chromium
+pkgver=74.0.3729.169
+pkgrel=1
+_launcher_ver=6
+pkgdesc="A web browser built for speed, simplicity, and security"
+arch=('x86_64')
+url="https://www.chromium.org/Home"
+license=('BSD')
+depends=('gtk3' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
+ 'ttf-font' 'systemd' 'dbus' 'libpulse' 'pciutils' 'json-glib'
+ 'desktop-file-utils' 'hicolor-icon-theme')
+makedepends=('python' 'python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git'
+ 'clang' 'lld' 'gn' 'java-runtime-headless')
+optdepends=('pepper-flash: support for Flash content'
+ 'kdialog: needed for file dialogs in KDE'
+ 'gnome-keyring: for storing passwords in GNOME keyring'
+ 'kwallet: for storing passwords in KWallet')
+install=chromium.install
+source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
+ chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
+ chromium-system-icu.patch
+ chromium-glibc-2.29.patch
+ chromium-fix-the-flash-for-new-windows.patch
+ chromium-fix-window-flash-for-some-WMs.patch
+ chromium-widevine.patch
+ chromium-skia-harmony.patch)
+sha256sums=('070f0210017f54b65264f88726431da7582e36a04caa673fe50662e8b41a0cb4'
+ '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
+ 'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89'
+ 'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c'
+ '6d82c052eb1f1ae5644a09f7ad7a88d9e2966d1836124445ca4df93b7657c10a'
+ '183d8cc712f0bcf1afcb01ce90c4c104a4c8d8070a06f94974a28b007d9e2ce4'
+ 'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b'
+ '5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3')
+
+# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
+# Keys are the names in the above script; values are the dependencies in Arch
+declare -gA _system_libs=(
+ [ffmpeg]=ffmpeg
+ [flac]=flac
+ [fontconfig]=fontconfig
+ [freetype]=freetype2
+ [harfbuzz-ng]=harfbuzz
+ [icu]=icu
+ [libdrm]=
+ [libjpeg]=libjpeg
+ #[libpng]=libpng # https://crbug.com/752403#c10
+ [libvpx]=libvpx
+ [libwebp]=libwebp
+ [libxml]=libxml2
+ [libxslt]=libxslt
+ [opus]=opus
+ [re2]=re2
+ [snappy]=snappy
+ [yasm]=
+ [zlib]=minizip
+)
+_unwanted_bundled_libs=(
+ ${!_system_libs[@]}
+ ${_system_libs[libjpeg]+libjpeg_turbo}
+)
+depends+=(${_system_libs[@]})
+
+# Google API keys (see https://www.chromium.org/developers/how-tos/api-keys)
+# Note: These are for Arch Linux use ONLY. For your own distribution, please
+# get your own set of keys.
+_google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM
+_google_default_client_id=413772536636.apps.googleusercontent.com
+_google_default_client_secret=0ZChLK6AxeA3Isu96MkwqDR4
+
+prepare() {
+ cd "$srcdir/$pkgname-$pkgver"
+
+ # Allow building against system libraries in official builds
+ sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
+ tools/generate_shim_headers/generate_shim_headers.py
+
+ # https://crbug.com/893950
+ sed -i -e 's/\<xmlMalloc\>/malloc/' -e 's/\<xmlFree\>/free/' \
+ third_party/blink/renderer/core/xml/*.cc \
+ third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \
+ third_party/libxml/chromium/libxml_utils.cc
+
+ # https://crbug.com/949312
+ patch -Np1 -i ../chromium-glibc-2.29.patch
+
+ # https://crbug.com/956061
+ patch -Np1 -i ../chromium-fix-the-flash-for-new-windows.patch
+ patch -Np1 -i ../chromium-fix-window-flash-for-some-WMs.patch
+
+ # Load Widevine CDM if available
+ patch -Np1 -i ../chromium-widevine.patch
+
+ # https://crbug.com/skia/6663#c10
+ patch -Np0 -i ../chromium-skia-harmony.patch
+
+ # https://bugs.gentoo.org/661880#c21
+ patch -Np1 -i ../chromium-system-icu.patch
+
+ # Force script incompatible with Python 3 to use /usr/bin/python2
+ sed -i '1s|python$|&2|' third_party/dom_distiller_js/protoc_plugins/*.py
+
+ mkdir -p third_party/node/linux/node-linux-x64/bin
+ ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/
+
+ # Remove bundled libraries for which we will use the system copies; this
+ # *should* do what the remove_bundled_libraries.py script does, with the
+ # added benefit of not having to list all the remaining libraries
+ local _lib
+ for _lib in ${_unwanted_bundled_libs[@]}; do
+ find "third_party/$_lib" -type f \
+ \! -path "third_party/$_lib/chromium/*" \
+ \! -path "third_party/$_lib/google/*" \
+ \! -path 'third_party/yasm/run_yasm.py' \
+ \! -regex '.*\.\(gn\|gni\|isolate\)' \
+ -delete
+ done
+
+ python2 build/linux/unbundle/replace_gn_files.py \
+ --system-libraries "${!_system_libs[@]}"
+}
+
+build() {
+ make -C chromium-launcher-$_launcher_ver
+
+ cd "$srcdir/$pkgname-$pkgver"
+
+ if check_buildoption ccache y; then
+ # Avoid falling back to preprocessor mode when sources contain time macros
+ export CCACHE_SLOPPINESS=time_macros
+ fi
+
+ export CC=clang
+ export CXX=clang++
+ export AR=ar
+ export NM=nm
+
+ local _flags=(
+ 'custom_toolchain="//build/toolchain/linux/unbundle:default"'
+ 'host_toolchain="//build/toolchain/linux/unbundle:default"'
+ 'clang_use_chrome_plugins=false'
+ 'is_official_build=true' # implies is_cfi=true on x86_64
+ 'treat_warnings_as_errors=false'
+ 'fieldtrial_testing_like_official_build=true'
+ 'ffmpeg_branding="Chrome"'
+ 'proprietary_codecs=true'
+ 'link_pulseaudio=true'
+ 'use_gnome_keyring=false'
+ 'use_sysroot=false'
+ 'linux_use_bundled_binutils=false'
+ 'use_custom_libcxx=false'
+ 'enable_hangout_services_extension=true'
+ 'enable_widevine=true'
+ 'enable_nacl=false'
+ 'enable_swiftshader=false'
+ "google_api_key=\"${_google_api_key}\""
+ "google_default_client_id=\"${_google_default_client_id}\""
+ "google_default_client_secret=\"${_google_default_client_secret}\""
+ )
+
+ # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn)
+ CFLAGS+=' -Wno-builtin-macro-redefined'
+ CXXFLAGS+=' -Wno-builtin-macro-redefined'
+ CPPFLAGS+=' -D__DATE__= -D__TIME__= -D__TIMESTAMP__='
+
+ if check_option strip y; then
+ _flags+=('symbol_level=0')
+
+ # Mimic exclude_unwind_tables=true
+ CFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables'
+ CXXFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables'
+ CPPFLAGS+=' -DNO_UNWIND_TABLES'
+ fi
+
+ gn gen out/Release --args="${_flags[*]}" --script-executable=/usr/bin/python2
+ ninja -C out/Release chrome chrome_sandbox chromedriver
+}
+
+package() {
+ cd chromium-launcher-$_launcher_ver
+ make PREFIX=/usr DESTDIR="$pkgdir" install
+ install -Dm644 LICENSE \
+ "$pkgdir/usr/share/licenses/chromium/LICENSE.launcher"
+
+ cd "$srcdir/$pkgname-$pkgver"
+
+ install -D out/Release/chrome "$pkgdir/usr/lib/chromium/chromium"
+ install -Dm4755 out/Release/chrome_sandbox "$pkgdir/usr/lib/chromium/chrome-sandbox"
+ ln -s /usr/lib/chromium/chromedriver "$pkgdir/usr/bin/chromedriver"
+
+ install -Dm644 chrome/installer/linux/common/desktop.template \
+ "$pkgdir/usr/share/applications/chromium.desktop"
+ install -Dm644 chrome/app/resources/manpage.1.in \
+ "$pkgdir/usr/share/man/man1/chromium.1"
+ sed -i \
+ -e "s/@@MENUNAME@@/Chromium/g" \
+ -e "s/@@PACKAGE@@/chromium/g" \
+ -e "s/@@USR_BIN_SYMLINK_NAME@@/chromium/g" \
+ "$pkgdir/usr/share/applications/chromium.desktop" \
+ "$pkgdir/usr/share/man/man1/chromium.1"
+
+ cp \
+ out/Release/{chrome_{100,200}_percent,resources}.pak \
+ out/Release/{*.bin,chromedriver} \
+ "$pkgdir/usr/lib/chromium/"
+ install -Dm644 -t "$pkgdir/usr/lib/chromium/locales" out/Release/locales/*.pak
+
+ if [[ -z ${_system_libs[icu]+set} ]]; then
+ cp out/Release/icudtl.dat "$pkgdir/usr/lib/chromium/"
+ fi
+
+ for size in 22 24 48 64 128 256; do
+ install -Dm644 "chrome/app/theme/chromium/product_logo_$size.png" \
+ "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
+ done
+
+ for size in 16 32; do
+ install -Dm644 "chrome/app/theme/default_100_percent/chromium/product_logo_$size.png" \
+ "$pkgdir/usr/share/icons/hicolor/${size}x${size}/apps/chromium.png"
+ done
+
+ install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
+}
+
+# vim:set ts=2 sw=2 et:
Deleted: chromium-fix-the-flash-for-new-windows.patch
===================================================================
--- chromium-fix-the-flash-for-new-windows.patch 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium-fix-the-flash-for-new-windows.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,54 +0,0 @@
-From adc543fe6a7b3bae9522257e651205140615fecb Mon Sep 17 00:00:00 2001
-From: Peng Huang <penghuang at chromium.org>
-Date: Fri, 3 May 2019 20:40:41 +0000
-Subject: [PATCH] Fix the flash for any new created window.
-
-The flash is because the child window created by GLSurfaceGLX doesn't
-match the visual of parent window. Fix the problem by always creating
-parent window with the same visual.
-
-Bug: 956061
-Change-Id: I88cb65b4a0313be6fdea1bd8d6770d351500ccbb
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1591946
-Reviewed-by: Thomas Anderson <thomasanderson at chromium.org>
-Reviewed-by: Antoine Labour <piman at chromium.org>
-Commit-Queue: Peng Huang <penghuang at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#656497}
----
- .../desktop_window_tree_host_x11.cc | 19 +++++--------------
- 1 file changed, 5 insertions(+), 14 deletions(-)
-
-diff --git a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
-index 4dda760a4d..8bdb7b026d 100644
---- a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
-+++ b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
-@@ -1426,24 +1426,15 @@ void DesktopWindowTreeHostX11::InitX11Window(
- if (override_redirect_)
- attribute_mask |= CWOverrideRedirect;
-
-- bool enable_transparent_visuals;
-- switch (params.opacity) {
-- case Widget::InitParams::OPAQUE_WINDOW:
-- enable_transparent_visuals = false;
-- break;
-- case Widget::InitParams::TRANSLUCENT_WINDOW:
-- enable_transparent_visuals = true;
-- break;
-- case Widget::InitParams::INFER_OPACITY:
-- default:
-- enable_transparent_visuals = params.type == Widget::InitParams::TYPE_DRAG;
-- }
--
- Visual* visual = CopyFromParent;
- int depth = CopyFromParent;
- Colormap colormap = CopyFromParent;
-+
-+ // GLSurfaceGLX always create child window with alpha channel. If the parent
-+ // window doesn't have alpha channel, it causes flash, so always request argb
-+ // visual.
- ui::XVisualManager::GetInstance()->ChooseVisualForWindow(
-- enable_transparent_visuals, &visual, &depth, &colormap,
-+ true /* want_argb_visual */, &visual, &depth, &colormap,
- &use_argb_visual_);
-
- if (colormap != CopyFromParent) {
Copied: chromium/repos/extra-x86_64/chromium-fix-the-flash-for-new-windows.patch (from rev 353780, chromium/trunk/chromium-fix-the-flash-for-new-windows.patch)
===================================================================
--- chromium-fix-the-flash-for-new-windows.patch (rev 0)
+++ chromium-fix-the-flash-for-new-windows.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,54 @@
+From adc543fe6a7b3bae9522257e651205140615fecb Mon Sep 17 00:00:00 2001
+From: Peng Huang <penghuang at chromium.org>
+Date: Fri, 3 May 2019 20:40:41 +0000
+Subject: [PATCH] Fix the flash for any new created window.
+
+The flash is because the child window created by GLSurfaceGLX doesn't
+match the visual of parent window. Fix the problem by always creating
+parent window with the same visual.
+
+Bug: 956061
+Change-Id: I88cb65b4a0313be6fdea1bd8d6770d351500ccbb
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1591946
+Reviewed-by: Thomas Anderson <thomasanderson at chromium.org>
+Reviewed-by: Antoine Labour <piman at chromium.org>
+Commit-Queue: Peng Huang <penghuang at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#656497}
+---
+ .../desktop_window_tree_host_x11.cc | 19 +++++--------------
+ 1 file changed, 5 insertions(+), 14 deletions(-)
+
+diff --git a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
+index 4dda760a4d..8bdb7b026d 100644
+--- a/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
++++ b/ui/views/widget/desktop_aura/desktop_window_tree_host_x11.cc
+@@ -1426,24 +1426,15 @@ void DesktopWindowTreeHostX11::InitX11Window(
+ if (override_redirect_)
+ attribute_mask |= CWOverrideRedirect;
+
+- bool enable_transparent_visuals;
+- switch (params.opacity) {
+- case Widget::InitParams::OPAQUE_WINDOW:
+- enable_transparent_visuals = false;
+- break;
+- case Widget::InitParams::TRANSLUCENT_WINDOW:
+- enable_transparent_visuals = true;
+- break;
+- case Widget::InitParams::INFER_OPACITY:
+- default:
+- enable_transparent_visuals = params.type == Widget::InitParams::TYPE_DRAG;
+- }
+-
+ Visual* visual = CopyFromParent;
+ int depth = CopyFromParent;
+ Colormap colormap = CopyFromParent;
++
++ // GLSurfaceGLX always create child window with alpha channel. If the parent
++ // window doesn't have alpha channel, it causes flash, so always request argb
++ // visual.
+ ui::XVisualManager::GetInstance()->ChooseVisualForWindow(
+- enable_transparent_visuals, &visual, &depth, &colormap,
++ true /* want_argb_visual */, &visual, &depth, &colormap,
+ &use_argb_visual_);
+
+ if (colormap != CopyFromParent) {
Deleted: chromium-fix-window-flash-for-some-WMs.patch
===================================================================
--- chromium-fix-window-flash-for-some-WMs.patch 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium-fix-window-flash-for-some-WMs.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,98 +0,0 @@
-From 90e226ba50c98b5e60f74f9dce998b17117f9051 Mon Sep 17 00:00:00 2001
-From: Peng Huang <penghuang at chromium.org>
-Date: Tue, 7 May 2019 13:16:21 +0000
-Subject: [PATCH] Fix window flash for some WMs
-
-Bug: 956061
-Change-Id: I0d8d196395e70006a8fdc770f1e4a5ba6f93dd57
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1597388
-Commit-Queue: Peng Huang <penghuang at chromium.org>
-Reviewed-by: Antoine Labour <piman at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#657215}
----
- ui/gl/BUILD.gn | 5 ++++-
- ui/gl/gl_surface_glx.cc | 41 ++++++++++++++++++++++++++++-------------
- 2 files changed, 32 insertions(+), 14 deletions(-)
-
-diff --git a/ui/gl/BUILD.gn b/ui/gl/BUILD.gn
-index 50df0e4085..1753dd480b 100644
---- a/ui/gl/BUILD.gn
-+++ b/ui/gl/BUILD.gn
-@@ -274,7 +274,10 @@ jumbo_component("gl") {
- "//build/config/linux:xext",
- ]
-
-- deps += [ "//ui/gfx/x" ]
-+ deps += [
-+ "//ui/base/x",
-+ "//ui/gfx/x",
-+ ]
- }
- if (is_win) {
- sources += [
-diff --git a/ui/gl/gl_surface_glx.cc b/ui/gl/gl_surface_glx.cc
-index f4c13bed18..777bf767cb 100644
---- a/ui/gl/gl_surface_glx.cc
-+++ b/ui/gl/gl_surface_glx.cc
-@@ -21,6 +21,7 @@
- #include "base/time/time.h"
- #include "base/trace_event/trace_event.h"
- #include "build/build_config.h"
-+#include "ui/base/x/x11_util.h"
- #include "ui/events/platform/platform_event_source.h"
- #include "ui/gfx/x/x11.h"
- #include "ui/gfx/x/x11_connection.h"
-@@ -431,7 +432,9 @@ bool GLSurfaceGLX::InitializeOneOff() {
- }
-
- const XVisualInfo& visual_info =
-- gl::GLVisualPickerGLX::GetInstance()->rgba_visual();
-+ ui::IsCompositingManagerPresent()
-+ ? gl::GLVisualPickerGLX::GetInstance()->rgba_visual()
-+ : gl::GLVisualPickerGLX::GetInstance()->system_visual();
- g_visual = visual_info.visual;
- g_depth = visual_info.depth;
- g_colormap =
-@@ -581,18 +584,30 @@ bool NativeViewGLSurfaceGLX::Initialize(GLSurfaceFormat format) {
- }
- size_ = gfx::Size(attributes.width, attributes.height);
-
-- XSetWindowAttributes swa;
-- memset(&swa, 0, sizeof(swa));
-- swa.background_pixmap = 0;
-- swa.bit_gravity = NorthWestGravity;
-- swa.colormap = g_colormap;
-- swa.background_pixel = 0;
-- swa.border_pixel = 0;
-- window_ = XCreateWindow(
-- gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */, size_.width(),
-- size_.height(), 0 /* border_width */, g_depth, InputOutput, g_visual,
-- CWBackPixmap | CWBitGravity | CWColormap | CWBackPixel | CWBorderPixel,
-- &swa);
-+ XSetWindowAttributes swa = {
-+ .background_pixmap = 0,
-+ .bit_gravity = NorthWestGravity,
-+ .colormap = g_colormap,
-+ .background_pixel = 0, // ARGB(0,0,0,0) for compositing WM
-+ .border_pixel = 0,
-+ };
-+ auto value_mask = CWBackPixmap | CWBitGravity | CWColormap | CWBorderPixel;
-+ if (ui::IsCompositingManagerPresent() &&
-+ XVisualIDFromVisual(attributes.visual) == XVisualIDFromVisual(g_visual)) {
-+ // When parent and child are using the same visual, the back buffer will be
-+ // shared between parent and child. If WM compositing is enabled, we set
-+ // child's background pixel to ARGB(0,0,0,0), so ARGB(0,0,0,0) will be
-+ // filled to the shared buffer, when the child window is mapped. It can
-+ // avoid an annoying flash when the child window is mapped below.
-+ // If WM compositing is disabled, we don't set the background pixel, so
-+ // nothing will be draw when the child window is mapped.
-+ value_mask |= CWBackPixel;
-+ }
-+
-+ window_ =
-+ XCreateWindow(gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */,
-+ size_.width(), size_.height(), 0 /* border_width */,
-+ g_depth, InputOutput, g_visual, value_mask, &swa);
- if (!window_) {
- LOG(ERROR) << "XCreateWindow failed";
- return false;
Copied: chromium/repos/extra-x86_64/chromium-fix-window-flash-for-some-WMs.patch (from rev 353780, chromium/trunk/chromium-fix-window-flash-for-some-WMs.patch)
===================================================================
--- chromium-fix-window-flash-for-some-WMs.patch (rev 0)
+++ chromium-fix-window-flash-for-some-WMs.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,98 @@
+From 90e226ba50c98b5e60f74f9dce998b17117f9051 Mon Sep 17 00:00:00 2001
+From: Peng Huang <penghuang at chromium.org>
+Date: Tue, 7 May 2019 13:16:21 +0000
+Subject: [PATCH] Fix window flash for some WMs
+
+Bug: 956061
+Change-Id: I0d8d196395e70006a8fdc770f1e4a5ba6f93dd57
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1597388
+Commit-Queue: Peng Huang <penghuang at chromium.org>
+Reviewed-by: Antoine Labour <piman at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#657215}
+---
+ ui/gl/BUILD.gn | 5 ++++-
+ ui/gl/gl_surface_glx.cc | 41 ++++++++++++++++++++++++++++-------------
+ 2 files changed, 32 insertions(+), 14 deletions(-)
+
+diff --git a/ui/gl/BUILD.gn b/ui/gl/BUILD.gn
+index 50df0e4085..1753dd480b 100644
+--- a/ui/gl/BUILD.gn
++++ b/ui/gl/BUILD.gn
+@@ -274,7 +274,10 @@ jumbo_component("gl") {
+ "//build/config/linux:xext",
+ ]
+
+- deps += [ "//ui/gfx/x" ]
++ deps += [
++ "//ui/base/x",
++ "//ui/gfx/x",
++ ]
+ }
+ if (is_win) {
+ sources += [
+diff --git a/ui/gl/gl_surface_glx.cc b/ui/gl/gl_surface_glx.cc
+index f4c13bed18..777bf767cb 100644
+--- a/ui/gl/gl_surface_glx.cc
++++ b/ui/gl/gl_surface_glx.cc
+@@ -21,6 +21,7 @@
+ #include "base/time/time.h"
+ #include "base/trace_event/trace_event.h"
+ #include "build/build_config.h"
++#include "ui/base/x/x11_util.h"
+ #include "ui/events/platform/platform_event_source.h"
+ #include "ui/gfx/x/x11.h"
+ #include "ui/gfx/x/x11_connection.h"
+@@ -431,7 +432,9 @@ bool GLSurfaceGLX::InitializeOneOff() {
+ }
+
+ const XVisualInfo& visual_info =
+- gl::GLVisualPickerGLX::GetInstance()->rgba_visual();
++ ui::IsCompositingManagerPresent()
++ ? gl::GLVisualPickerGLX::GetInstance()->rgba_visual()
++ : gl::GLVisualPickerGLX::GetInstance()->system_visual();
+ g_visual = visual_info.visual;
+ g_depth = visual_info.depth;
+ g_colormap =
+@@ -581,18 +584,30 @@ bool NativeViewGLSurfaceGLX::Initialize(GLSurfaceFormat format) {
+ }
+ size_ = gfx::Size(attributes.width, attributes.height);
+
+- XSetWindowAttributes swa;
+- memset(&swa, 0, sizeof(swa));
+- swa.background_pixmap = 0;
+- swa.bit_gravity = NorthWestGravity;
+- swa.colormap = g_colormap;
+- swa.background_pixel = 0;
+- swa.border_pixel = 0;
+- window_ = XCreateWindow(
+- gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */, size_.width(),
+- size_.height(), 0 /* border_width */, g_depth, InputOutput, g_visual,
+- CWBackPixmap | CWBitGravity | CWColormap | CWBackPixel | CWBorderPixel,
+- &swa);
++ XSetWindowAttributes swa = {
++ .background_pixmap = 0,
++ .bit_gravity = NorthWestGravity,
++ .colormap = g_colormap,
++ .background_pixel = 0, // ARGB(0,0,0,0) for compositing WM
++ .border_pixel = 0,
++ };
++ auto value_mask = CWBackPixmap | CWBitGravity | CWColormap | CWBorderPixel;
++ if (ui::IsCompositingManagerPresent() &&
++ XVisualIDFromVisual(attributes.visual) == XVisualIDFromVisual(g_visual)) {
++ // When parent and child are using the same visual, the back buffer will be
++ // shared between parent and child. If WM compositing is enabled, we set
++ // child's background pixel to ARGB(0,0,0,0), so ARGB(0,0,0,0) will be
++ // filled to the shared buffer, when the child window is mapped. It can
++ // avoid an annoying flash when the child window is mapped below.
++ // If WM compositing is disabled, we don't set the background pixel, so
++ // nothing will be draw when the child window is mapped.
++ value_mask |= CWBackPixel;
++ }
++
++ window_ =
++ XCreateWindow(gfx::GetXDisplay(), parent_window_, 0 /* x */, 0 /* y */,
++ size_.width(), size_.height(), 0 /* border_width */,
++ g_depth, InputOutput, g_visual, value_mask, &swa);
+ if (!window_) {
+ LOG(ERROR) << "XCreateWindow failed";
+ return false;
Deleted: chromium-glibc-2.29.patch
===================================================================
--- chromium-glibc-2.29.patch 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium-glibc-2.29.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,105 +0,0 @@
-From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001
-From: Matthew Denton <mpdenton at chromium.org>
-Date: Wed, 24 Apr 2019 15:44:40 +0000
-Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM
- posix_spawn/vfork
-
-Glibc's system() function switched to using posix_spawn, which uses
-CLONE_VFORK. Pepperflash includes a sandbox debugging check which
-relies on us EPERM-ing process creation like this, rather than crashing
-the process with SIGSYS.
-
-So whitelist clone() calls, like posix_spawn, that include the flags
-CLONE_VFORK and CLONE_VM.
-
-Bug: 949312
-Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086
-Commit-Queue: Robert Sesek <rsesek at chromium.org>
-Reviewed-by: Robert Sesek <rsesek at chromium.org>
-Cr-Commit-Position: refs/heads/master@{#653590}
----
- .../baseline_policy_unittest.cc | 29 +++++++++++++++++++
- .../syscall_parameters_restrictions.cc | 13 +++++++--
- 2 files changed, 40 insertions(+), 2 deletions(-)
-
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-index cdeb210ccb..40fcebf933 100644
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-@@ -10,7 +10,9 @@
- #include <sched.h>
- #include <signal.h>
- #include <stddef.h>
-+#include <stdlib.h>
- #include <string.h>
-+#include <sys/mman.h>
- #include <sys/prctl.h>
- #include <sys/resource.h>
- #include <sys/socket.h>
-@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) {
- BPF_ASSERT_EQ(EPERM, fork_errno);
- }
-
-+BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
-+ errno = 0;
-+ int ret_val = system("echo SHOULD NEVER RUN");
-+ BPF_ASSERT_EQ(-1, ret_val);
-+ BPF_ASSERT_EQ(EPERM, errno);
-+}
-+
-+BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
-+ errno = 0;
-+ // Allocate a couple pages for the child's stack even though the child should
-+ // never start.
-+ constexpr size_t kStackSize = 4096 * 4;
-+ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
-+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
-+ BPF_ASSERT_NE(child_stack, nullptr);
-+ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
-+ static_cast<char*>(child_stack) + kStackSize, nullptr,
-+ nullptr, nullptr);
-+ const int clone_errno = errno;
-+ TestUtils::HandlePostForkReturn(pid);
-+
-+ munmap(child_stack, kStackSize);
-+
-+ BPF_ASSERT_EQ(-1, pid);
-+ BPF_ASSERT_EQ(EPERM, clone_errno);
-+}
-+
- BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
- base::Thread thread("sandbox_tests");
- BPF_ASSERT(thread.Start());
-diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-index 100afe50e3..348ab6e8c5 100644
---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
-@@ -135,7 +135,8 @@ namespace sandbox {
- #if !defined(OS_NACL_NONSFI)
- // Allow Glibc's and Android pthread creation flags, crash on any other
- // thread creation attempts and EPERM attempts to use neither
--// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
-+// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
-+// present (as in newer versions of posix_spawn).
- ResultExpr RestrictCloneToThreadsAndEPERMFork() {
- const Arg<unsigned long> flags(0);
-
-@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
- AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
- flags == kGlibcPthreadFlags);
-
-+ // The following two flags are the two important flags in any vfork-emulating
-+ // clone call. EPERM any clone call that contains both of them.
-+ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
-+
-+ const BoolExpr is_fork_or_clone_vfork =
-+ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
-+ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
-+
- return If(IsAndroid() ? android_test : glibc_test, Allow())
-- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
-+ .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
- .Else(CrashSIGSYSClone());
- }
-
Copied: chromium/repos/extra-x86_64/chromium-glibc-2.29.patch (from rev 353780, chromium/trunk/chromium-glibc-2.29.patch)
===================================================================
--- chromium-glibc-2.29.patch (rev 0)
+++ chromium-glibc-2.29.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,105 @@
+From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Wed, 24 Apr 2019 15:44:40 +0000
+Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM
+ posix_spawn/vfork
+
+Glibc's system() function switched to using posix_spawn, which uses
+CLONE_VFORK. Pepperflash includes a sandbox debugging check which
+relies on us EPERM-ing process creation like this, rather than crashing
+the process with SIGSYS.
+
+So whitelist clone() calls, like posix_spawn, that include the flags
+CLONE_VFORK and CLONE_VM.
+
+Bug: 949312
+Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086
+Commit-Queue: Robert Sesek <rsesek at chromium.org>
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#653590}
+---
+ .../baseline_policy_unittest.cc | 29 +++++++++++++++++++
+ .../syscall_parameters_restrictions.cc | 13 +++++++--
+ 2 files changed, 40 insertions(+), 2 deletions(-)
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index cdeb210ccb..40fcebf933 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -10,7 +10,9 @@
+ #include <sched.h>
+ #include <signal.h>
+ #include <stddef.h>
++#include <stdlib.h>
+ #include <string.h>
++#include <sys/mman.h>
+ #include <sys/prctl.h>
+ #include <sys/resource.h>
+ #include <sys/socket.h>
+@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) {
+ BPF_ASSERT_EQ(EPERM, fork_errno);
+ }
+
++BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
++ errno = 0;
++ int ret_val = system("echo SHOULD NEVER RUN");
++ BPF_ASSERT_EQ(-1, ret_val);
++ BPF_ASSERT_EQ(EPERM, errno);
++}
++
++BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
++ errno = 0;
++ // Allocate a couple pages for the child's stack even though the child should
++ // never start.
++ constexpr size_t kStackSize = 4096 * 4;
++ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
++ BPF_ASSERT_NE(child_stack, nullptr);
++ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
++ static_cast<char*>(child_stack) + kStackSize, nullptr,
++ nullptr, nullptr);
++ const int clone_errno = errno;
++ TestUtils::HandlePostForkReturn(pid);
++
++ munmap(child_stack, kStackSize);
++
++ BPF_ASSERT_EQ(-1, pid);
++ BPF_ASSERT_EQ(EPERM, clone_errno);
++}
++
+ BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
+ base::Thread thread("sandbox_tests");
+ BPF_ASSERT(thread.Start());
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+index 100afe50e3..348ab6e8c5 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+@@ -135,7 +135,8 @@ namespace sandbox {
+ #if !defined(OS_NACL_NONSFI)
+ // Allow Glibc's and Android pthread creation flags, crash on any other
+ // thread creation attempts and EPERM attempts to use neither
+-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
++// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
++// present (as in newer versions of posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+ const Arg<unsigned long> flags(0);
+
+@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+ AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+ flags == kGlibcPthreadFlags);
+
++ // The following two flags are the two important flags in any vfork-emulating
++ // clone call. EPERM any clone call that contains both of them.
++ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
++
++ const BoolExpr is_fork_or_clone_vfork =
++ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
++ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
++
+ return If(IsAndroid() ? android_test : glibc_test, Allow())
+- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
++ .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
+ .Else(CrashSIGSYSClone());
+ }
+
Deleted: chromium-skia-harmony.patch
===================================================================
--- chromium-skia-harmony.patch 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium-skia-harmony.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,13 +0,0 @@
---- third_party/skia/src/ports/SkFontHost_FreeType.cpp.orig 2019-01-20 10:54:56.415239030 +0000
-+++ third_party/skia/src/ports/SkFontHost_FreeType.cpp 2019-01-20 10:55:05.695307733 +0000
-@@ -121,8 +121,8 @@ public:
- : fGetVarDesignCoordinates(nullptr)
- , fGetVarAxisFlags(nullptr)
- , fLibrary(nullptr)
-- , fIsLCDSupported(false)
-- , fLCDExtra(0)
-+ , fIsLCDSupported(true)
-+ , fLCDExtra(2)
- {
- if (FT_New_Library(&gFTMemory, &fLibrary)) {
- return;
Copied: chromium/repos/extra-x86_64/chromium-skia-harmony.patch (from rev 353780, chromium/trunk/chromium-skia-harmony.patch)
===================================================================
--- chromium-skia-harmony.patch (rev 0)
+++ chromium-skia-harmony.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,13 @@
+--- third_party/skia/src/ports/SkFontHost_FreeType.cpp.orig 2019-01-20 10:54:56.415239030 +0000
++++ third_party/skia/src/ports/SkFontHost_FreeType.cpp 2019-01-20 10:55:05.695307733 +0000
+@@ -121,8 +121,8 @@ public:
+ : fGetVarDesignCoordinates(nullptr)
+ , fGetVarAxisFlags(nullptr)
+ , fLibrary(nullptr)
+- , fIsLCDSupported(false)
+- , fLCDExtra(0)
++ , fIsLCDSupported(true)
++ , fLCDExtra(2)
+ {
+ if (FT_New_Library(&gFTMemory, &fLibrary)) {
+ return;
Deleted: chromium-system-icu.patch
===================================================================
--- chromium-system-icu.patch 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium-system-icu.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,19 +0,0 @@
-diff --git a/third_party/blink/renderer/platform/text/character_property_data.h b/third_party/blink/renderer/platform/text/character_property_data.h
-index 28fb6a9..bb4dbd7 100644
---- a/third_party/blink/renderer/platform/text/character_property_data.h
-+++ b/third_party/blink/renderer/platform/text/character_property_data.h
-@@ -244,10 +244,12 @@ static const UChar32 kIsHangulRanges[] = {
- 0xD7B0, 0xD7FF,
- // Halfwidth Hangul Jamo
- // https://www.unicode.org/charts/nameslist/c_FF00.html
-- 0xFFA0, 0xFFDC,
-+ 0xFFA0, 0xFFDB,
- };
-
--static const UChar32 kIsHangulArray[] = {};
-+static const UChar32 kIsHangulArray[] = {
-+ 0xFFDC,
-+};
-
- #if !defined(USING_SYSTEM_ICU)
- // Freezed trie tree, see character_property_data_generator.cc.
Copied: chromium/repos/extra-x86_64/chromium-system-icu.patch (from rev 353780, chromium/trunk/chromium-system-icu.patch)
===================================================================
--- chromium-system-icu.patch (rev 0)
+++ chromium-system-icu.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,19 @@
+diff --git a/third_party/blink/renderer/platform/text/character_property_data.h b/third_party/blink/renderer/platform/text/character_property_data.h
+index 28fb6a9..bb4dbd7 100644
+--- a/third_party/blink/renderer/platform/text/character_property_data.h
++++ b/third_party/blink/renderer/platform/text/character_property_data.h
+@@ -244,10 +244,12 @@ static const UChar32 kIsHangulRanges[] = {
+ 0xD7B0, 0xD7FF,
+ // Halfwidth Hangul Jamo
+ // https://www.unicode.org/charts/nameslist/c_FF00.html
+- 0xFFA0, 0xFFDC,
++ 0xFFA0, 0xFFDB,
+ };
+
+-static const UChar32 kIsHangulArray[] = {};
++static const UChar32 kIsHangulArray[] = {
++ 0xFFDC,
++};
+
+ #if !defined(USING_SYSTEM_ICU)
+ // Freezed trie tree, see character_property_data_generator.cc.
Deleted: chromium-widevine.patch
===================================================================
--- chromium-widevine.patch 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium-widevine.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,22 +0,0 @@
-diff -upr chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc chromium-71.0.3578.80/chrome/common/chrome_content_client.cc
---- chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc 2018-12-03 20:16:43.000000000 +0000
-+++ chromium-71.0.3578.80/chrome/common/chrome_content_client.cc 2018-12-04 21:34:28.658206942 +0000
-@@ -99,7 +99,7 @@
- // Registers Widevine CDM if Widevine is enabled, the Widevine CDM is
- // bundled and not a component. When the Widevine CDM is a component, it is
- // registered in widevine_cdm_component_installer.cc.
--#if BUILDFLAG(BUNDLE_WIDEVINE_CDM) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
-+#if BUILDFLAG(ENABLE_WIDEVINE) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
- #define REGISTER_BUNDLED_WIDEVINE_CDM
- #include "third_party/widevine/cdm/widevine_cdm_common.h" // nogncheck
- // TODO(crbug.com/663554): Needed for WIDEVINE_CDM_VERSION_STRING. Support
-diff -upr chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h
---- chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h 2018-12-03 20:18:01.000000000 +0000
-+++ chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h 2018-12-04 21:37:45.635374949 +0000
-@@ -12,4 +12,6 @@
- // - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
- // as a string, e.g., "1.0.123.456").
-
-+#define WIDEVINE_CDM_VERSION_STRING "unknown"
-+
- #endif // WIDEVINE_CDM_VERSION_H_
Copied: chromium/repos/extra-x86_64/chromium-widevine.patch (from rev 353780, chromium/trunk/chromium-widevine.patch)
===================================================================
--- chromium-widevine.patch (rev 0)
+++ chromium-widevine.patch 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,22 @@
+diff -upr chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc chromium-71.0.3578.80/chrome/common/chrome_content_client.cc
+--- chromium-71.0.3578.80.orig/chrome/common/chrome_content_client.cc 2018-12-03 20:16:43.000000000 +0000
++++ chromium-71.0.3578.80/chrome/common/chrome_content_client.cc 2018-12-04 21:34:28.658206942 +0000
+@@ -99,7 +99,7 @@
+ // Registers Widevine CDM if Widevine is enabled, the Widevine CDM is
+ // bundled and not a component. When the Widevine CDM is a component, it is
+ // registered in widevine_cdm_component_installer.cc.
+-#if BUILDFLAG(BUNDLE_WIDEVINE_CDM) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
++#if BUILDFLAG(ENABLE_WIDEVINE) && !BUILDFLAG(ENABLE_WIDEVINE_CDM_COMPONENT)
+ #define REGISTER_BUNDLED_WIDEVINE_CDM
+ #include "third_party/widevine/cdm/widevine_cdm_common.h" // nogncheck
+ // TODO(crbug.com/663554): Needed for WIDEVINE_CDM_VERSION_STRING. Support
+diff -upr chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h
+--- chromium-71.0.3578.80.orig/third_party/widevine/cdm/widevine_cdm_version.h 2018-12-03 20:18:01.000000000 +0000
++++ chromium-71.0.3578.80/third_party/widevine/cdm/widevine_cdm_version.h 2018-12-04 21:37:45.635374949 +0000
+@@ -12,4 +12,6 @@
+ // - WIDEVINE_CDM_VERSION_STRING (with the version of the CDM that's available
+ // as a string, e.g., "1.0.123.456").
+
++#define WIDEVINE_CDM_VERSION_STRING "unknown"
++
+ #endif // WIDEVINE_CDM_VERSION_H_
Deleted: chromium.install
===================================================================
--- chromium.install 2019-05-22 00:24:55 UTC (rev 353780)
+++ chromium.install 2019-05-22 00:25:05 UTC (rev 353781)
@@ -1,16 +0,0 @@
-post_upgrade() {
- if (($(vercmp $2 42.0.2311.90-1) < 0)); then
- echo ':: This Chromium package no longer supports custom flags passed via the'
- echo ' /etc/chromium/default file (or any other files under /etc/chromium/).'
- echo
- echo ' The new /usr/bin/chromium launcher script will automatically detect'
- echo ' Pepper Flash (if installed) and pass the correct flags to Chromium.'
- echo
- echo ' If you need to pass extra command-line arguments to Chromium, you'
- echo ' can put them in a "chromium-flags.conf" file under $HOME/.config/'
- echo ' (or $XDG_CONFIG_HOME). Arguments are split on whitespace and shell'
- echo ' quoting rules apply but no further parsing is performed.'
- fi
-}
-
-# vim:set ts=2 sw=2 et:
Copied: chromium/repos/extra-x86_64/chromium.install (from rev 353780, chromium/trunk/chromium.install)
===================================================================
--- chromium.install (rev 0)
+++ chromium.install 2019-05-22 00:25:05 UTC (rev 353781)
@@ -0,0 +1,16 @@
+post_upgrade() {
+ if (($(vercmp $2 42.0.2311.90-1) < 0)); then
+ echo ':: This Chromium package no longer supports custom flags passed via the'
+ echo ' /etc/chromium/default file (or any other files under /etc/chromium/).'
+ echo
+ echo ' The new /usr/bin/chromium launcher script will automatically detect'
+ echo ' Pepper Flash (if installed) and pass the correct flags to Chromium.'
+ echo
+ echo ' If you need to pass extra command-line arguments to Chromium, you'
+ echo ' can put them in a "chromium-flags.conf" file under $HOME/.config/'
+ echo ' (or $XDG_CONFIG_HOME). Arguments are split on whitespace and shell'
+ echo ' quoting rules apply but no further parsing is performed.'
+ fi
+}
+
+# vim:set ts=2 sw=2 et:
More information about the arch-commits
mailing list