[arch-commits] Commit in electron14/repos (17 files)

Felix Yan felixonmars at gemini.archlinux.org
Mon Nov 22 02:55:26 UTC 2021


    Date: Monday, November 22, 2021 @ 02:55:25
  Author: felixonmars
Revision: 1054202

archrelease: copy trunk to community-staging-x86_64

Added:
  electron14/repos/community-staging-x86_64/
  electron14/repos/community-staging-x86_64/PKGBUILD
    (from rev 1054201, electron14/trunk/PKGBUILD)
  electron14/repos/community-staging-x86_64/chromium-93-ffmpeg-4.4.patch
    (from rev 1054201, electron14/trunk/chromium-93-ffmpeg-4.4.patch)
  electron14/repos/community-staging-x86_64/chromium-harfbuzz-3.0.0.patch
    (from rev 1054201, electron14/trunk/chromium-harfbuzz-3.0.0.patch)
  electron14/repos/community-staging-x86_64/default_app-icon.patch
    (from rev 1054201, electron14/trunk/default_app-icon.patch)
  electron14/repos/community-staging-x86_64/electron-launcher.sh
    (from rev 1054201, electron14/trunk/electron-launcher.sh)
  electron14/repos/community-staging-x86_64/electron.desktop
    (from rev 1054201, electron14/trunk/electron.desktop)
  electron14/repos/community-staging-x86_64/gn-visibility-gmock.patch
    (from rev 1054201, electron14/trunk/gn-visibility-gmock.patch)
  electron14/repos/community-staging-x86_64/gn-visibility-mojo.patch
    (from rev 1054201, electron14/trunk/gn-visibility-mojo.patch)
  electron14/repos/community-staging-x86_64/gn-visibility-webrtc.patch
    (from rev 1054201, electron14/trunk/gn-visibility-webrtc.patch)
  electron14/repos/community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch
    (from rev 1054201, electron14/trunk/linux-sandbox-fix-fstatat-crash.patch)
  electron14/repos/community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
    (from rev 1054201, electron14/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch)
  electron14/repos/community-staging-x86_64/replace-blacklist-with-ignorelist.patch
    (from rev 1054201, electron14/trunk/replace-blacklist-with-ignorelist.patch)
  electron14/repos/community-staging-x86_64/skia-harfbuzz-3.0.0.patch
    (from rev 1054201, electron14/trunk/skia-harfbuzz-3.0.0.patch)
  electron14/repos/community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
    (from rev 1054201, electron14/trunk/sql-make-VirtualCursor-standard-layout-type.patch)
  electron14/repos/community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch
    (from rev 1054201, electron14/trunk/unbundle-fix-visibility-of-build-config-freetype.patch)
  electron14/repos/community-staging-x86_64/use-system-libraries-in-node.patch
    (from rev 1054201, electron14/trunk/use-system-libraries-in-node.patch)

-----------------------------------------------------------+
 PKGBUILD                                                  |  276 ++
 chromium-93-ffmpeg-4.4.patch                              |   36 
 chromium-harfbuzz-3.0.0.patch                             |   20 
 default_app-icon.patch                                    |   21 
 electron-launcher.sh                                      |   20 
 electron.desktop                                          |    7 
 gn-visibility-gmock.patch                                 |   43 
 gn-visibility-mojo.patch                                  |   36 
 gn-visibility-webrtc.patch                                |   45 
 linux-sandbox-fix-fstatat-crash.patch                     |  348 +++
 linux-sandbox-syscall-broker-use-struct-kernel_stat.patch | 1384 ++++++++++++
 replace-blacklist-with-ignorelist.patch                   |  196 +
 skia-harfbuzz-3.0.0.patch                                 |  100 
 sql-make-VirtualCursor-standard-layout-type.patch         |  238 ++
 unbundle-fix-visibility-of-build-config-freetype.patch    |   31 
 use-system-libraries-in-node.patch                        |   52 
 16 files changed, 2853 insertions(+)

Copied: electron14/repos/community-staging-x86_64/PKGBUILD (from rev 1054201, electron14/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD	                        (rev 0)
+++ community-staging-x86_64/PKGBUILD	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,276 @@
+# Maintainer: Nicola Squartini <tensor5 at gmail.com>
+
+_use_suffix=1
+pkgver=14.2.0
+_commit=c2b3c974e07a9743ab758cb98db323dceddd6903
+_chromiumver=93.0.4577.82
+_gcc_patchset=6
+# shellcheck disable=SC2034
+pkgrel=2
+
+_major_ver=${pkgver%%.*}
+if [[ ${_use_suffix} != 0 ]]; then
+  pkgname="electron${_major_ver}"
+else
+  pkgname=electron
+fi
+# shellcheck disable=SC2034
+pkgdesc='Build cross platform desktop apps with web technologies'
+# shellcheck disable=SC2034
+arch=('x86_64')
+# shellcheck disable=SC2034
+url='https://electronjs.org/'
+# shellcheck disable=SC2034
+license=('MIT' 'custom')
+# shellcheck disable=SC2034
+depends=('c-ares' 'ffmpeg' 'gtk3' 'libevent' 'libxslt' 'minizip' 'nss' 're2'
+         'snappy')
+# shellcheck disable=SC2034
+makedepends=('clang' 'git' 'gn' 'gperf' 'harfbuzz-icu' 'http-parser'
+             'java-runtime-headless' 'jsoncpp' 'libnotify' 'lld' 'llvm' 'ninja'
+             'npm' 'pciutils' 'pipewire' 'python' 'wget' 'yarn')
+# shellcheck disable=SC2034
+optdepends=('kde-cli-tools: file deletion support (kioclient5)'
+            'libappindicator-gtk3: StatusNotifierItem support'
+            'pipewire: WebRTC desktop sharing under Wayland'
+            'trash-cli: file deletion support (trash-put)'
+            "xdg-utils: open URLs with desktop's default (xdg-email, xdg-open)")
+if [[ ${_use_suffix} == 0 ]]; then
+  # shellcheck disable=SC2034
+  conflicts=("electron${_major_ver}")
+  # shellcheck disable=SC2034
+  provides=("electron${_major_ver}")
+fi
+# shellcheck disable=SC2034
+source=('git+https://github.com/electron/electron.git'
+        'git+https://chromium.googlesource.com/chromium/tools/depot_tools.git#branch=main'
+        "https://github.com/stha09/chromium-patches/releases/download/chromium-${_chromiumver%%.*}-patchset-${_gcc_patchset}/chromium-${_chromiumver%%.*}-patchset-${_gcc_patchset}.tar.xz"
+        "electron-launcher.sh"
+        "electron.desktop"
+        'default_app-icon.patch'
+        'use-system-libraries-in-node.patch'
+        'linux-sandbox-syscall-broker-use-struct-kernel_stat.patch'
+        'linux-sandbox-fix-fstatat-crash.patch'
+        'unbundle-fix-visibility-of-build-config-freetype.patch'
+        'gn-visibility-gmock.patch'
+        'gn-visibility-mojo.patch'
+        'gn-visibility-webrtc.patch'
+        'replace-blacklist-with-ignorelist.patch'
+        'sql-make-VirtualCursor-standard-layout-type.patch'
+        'chromium-93-ffmpeg-4.4.patch'
+        'chromium-harfbuzz-3.0.0.patch'
+        'skia-harfbuzz-3.0.0.patch'
+       )
+# shellcheck disable=SC2034
+sha256sums=('SKIP'
+            'SKIP'
+            'a44ffd9e25fcbd8b3cc778871890e4da6fe12600ad549c807e1d03f61f0cdf73'
+            '3953f532a3ea5fce19ee33600c6ead89dcd066df6a01d3c3ab4c24f96e46fca2'
+            '4484200d90b76830b69eea3a471c103999a3ce86bb2c29e6c14c945bf4102bae'
+            '75bac9c4ad32ff9329399b8587f9772e208c009fd822cdfce61b2bd1ee9ac828'
+            '7cb11fb44aaf4d15f36caca3c0d1b082a723c30d43cd44db147248db5683a2a9'
+            '268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3'
+            '253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5'
+            'd0b17162211dd49e3a58c16d1697e7d8c322dcfd3b7890f0c2f920b711f52293'
+            'b9934e01d8f39beafc8b63784fb86e6befe25ca83e9c43224c8374e5a025d8ef'
+            'cca2d224cf2e9d7cfb4f5729ca76b5b8a7100b1ca39892b41fb296adaced1bf7'
+            '574785a21168c3e9b7aa82630713ceb6ced12f699133db66b10fc84b7bb2c631'
+            'd3344ba39b8c6ed202334ba7f441c70d81ddf8cdb15af1aa8c16e9a3a75fbb35'
+            'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150'
+            '1a9e074f417f8ffd78bcd6874d8e2e74a239905bf662f76a7755fa40dc476b57'
+            '7ce947944a139e66774dfc7249bf7c3069f07f83a0f1b2c1a1b14287a7e15928'
+            'dae11dec5088eb1b14045d8c9862801a342609c15701d7c371e1caccf46e1ffd'
+           )
+
+_system_libs=('ffmpeg'
+              'flac'
+              'fontconfig'
+              'freetype'
+              'harfbuzz-ng'
+              'icu'
+              'libdrm'
+              'libevent'
+              'libjpeg'
+              'libpng'
+#              'libvpx'
+              'libwebp'
+              'libxml'
+              'libxslt'
+#              'openh264'
+              'opus'
+              're2'
+              'snappy'
+              'zlib'
+             )
+
+prepare() {
+  sed -i "s|@ELECTRON@|${pkgname}|" electron-launcher.sh
+  sed -i "s|@ELECTRON@|${pkgname}|" electron.desktop
+  if [[ ${_use_suffix} != 0 ]]; then
+    sed -i "s|@ELECTRON_NAME@|Electron ${_major_ver}|" electron.desktop
+  else
+    sed -i "s|@ELECTRON_NAME@|Electron|" electron.desktop
+  fi
+
+  export PATH="${PATH}:${srcdir:?}/depot_tools"
+
+  echo "Fetching chromium..."
+  git clone --branch=${_chromiumver} --depth=1 \
+      https://chromium.googlesource.com/chromium/src.git
+
+  echo "solutions = [
+  {
+    \"name\": \"src/electron\",
+    \"url\": \"file://${srcdir}/electron@${_commit}\",
+    \"deps_file\": \"DEPS\",
+    \"managed\": False,
+    \"custom_deps\": {
+      \"src\": None,
+    },
+    \"custom_vars\": {},
+  },
+]" > .gclient
+
+  python "${srcdir}/depot_tools/gclient.py" sync \
+      --with_branch_heads \
+      --with_tags \
+      --nohooks
+
+  echo "Running hooks..."
+  # python "${srcdir}/depot_tools/gclient.py" runhooks
+  src/build/landmines.py
+  src/build/util/lastchange.py -o src/build/util/LASTCHANGE
+  src/build/util/lastchange.py -m GPU_LISTS_VERSION \
+    --revision-id-only --header src/gpu/config/gpu_lists_version.h
+  src/build/util/lastchange.py -m SKIA_COMMIT_HASH \
+    -s src/third_party/skia --header src/skia/ext/skia_commit_hash.h
+  # Create sysmlink to system clang-format
+  ln -s /usr/bin/clang-format src/buildtools/linux64
+  # Create sysmlink to system Node.js
+  mkdir -p src/third_party/node/linux/node-linux-x64/bin
+  ln -sf /usr/bin/node src/third_party/node/linux/node-linux-x64/bin
+  src/third_party/depot_tools/download_from_google_storage.py \
+    --no_resume --extract --no_auth --bucket chromium-nodejs \
+    -s src/third_party/node/node_modules.tar.gz.sha1
+  vpython src/tools/download_optimization_profile.py \
+    --newest_state=src/chrome/android/profiles/newest.txt \
+    --local_state=src/chrome/android/profiles/local.txt \
+    --output_name=src/chrome/android/profiles/afdo.prof \
+    --gs_url_base=chromeos-prebuilt/afdo-job/llvm
+  #vpython src/tools/update_pgo_profiles.py \
+  #  --target=linux \
+  #  update \
+  #  --gs-url-base=chromium-optimization-profiles/pgo_profiles
+  src/electron/script/apply_all_patches.py \
+      src/electron/patches/config.json
+  cd src/electron || exit
+  yarn install --frozen-lockfile
+  cd ..
+
+  echo "Applying local patches..."
+  # Fixes for building with libstdc++ instead of libc++
+  patch -Np1 -i ../patches/chromium-93-pdfium-include.patch
+  patch -Np1 -i ../patches/chromium-90-ruy-include.patch
+  patch -Np1 -i ../patches/chromium-93-HashPasswordManager-include.patch
+  patch -Np1 -i ../patches/chromium-93-BluetoothLowEnergyScanFilter-include.patch
+  patch -Np1 -i ../patches/chromium-93-ClassProperty-include.patch
+  patch -Np1 -i ../patches/chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
+  patch -Np1 -i ../patches/chromium-93-ScopedTestDialogAutoConfirm-include.patch
+
+  patch -Np1 -i ../chromium-93-ffmpeg-4.4.patch
+  patch -Np1 -i ../chromium-harfbuzz-3.0.0.patch
+  patch -Np1 -d third_party/skia <../skia-harfbuzz-3.0.0.patch
+  patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
+  patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch
+  patch -Np1 -i ../unbundle-fix-visibility-of-build-config-freetype.patch
+  patch -Np1 -i ../gn-visibility-gmock.patch
+  patch -Np1 -i ../gn-visibility-mojo.patch
+  patch -Np1 -i ../gn-visibility-webrtc.patch
+  patch -Rp1 -i ../replace-blacklist-with-ignorelist.patch
+  patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch
+  patch -Np1 -i ../use-system-libraries-in-node.patch
+  patch -Np1 -i ../default_app-icon.patch  # Icon from .desktop file
+
+  echo "Patching Chromium for using system libraries..."
+  sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
+      tools/generate_shim_headers/generate_shim_headers.py
+  for lib in $(printf "%s\n" "${_system_libs[@]}" | sed 's/^libjpeg$/&_turbo/'); do
+      third_party_dir="third_party/${lib}"
+      if [ ! -d "${third_party_dir}" ]; then
+        third_party_dir="base/${third_party_dir}"
+      fi
+      find "${third_party_dir}" -type f \
+          \! -path "${third_party_dir}/chromium/*" \
+          \! -path "${third_party_dir}/google/*" \
+          \! -path 'third_party/harfbuzz-ng/utils/hb_scoped.h' \
+          \! -regex '.*\.\(gn\|gni\|isolate\)' \
+          -delete
+  done
+  build/linux/unbundle/replace_gn_files.py \
+      --system-libraries \
+      "${_system_libs[@]}"
+}
+
+build() {
+  export CC=clang
+  export CXX=clang++
+  export AR=ar
+  export NM=nm
+
+  # Do not warn about unknown warning options
+  CFLAGS+='   -Wno-unknown-warning-option'
+  CXXFLAGS+=' -Wno-unknown-warning-option'
+
+  cd src || exit
+  export CHROMIUM_BUILDTOOLS_PATH="${PWD}/buildtools"
+  GN_EXTRA_ARGS='
+    blink_symbol_level = 0
+    chrome_pgo_phase = 0
+    clang_use_chrome_plugins = false
+    custom_toolchain = "//build/toolchain/linux/unbundle:default"
+    host_toolchain = "//build/toolchain/linux/unbundle:default"
+    icu_use_data_file = false
+    is_component_ffmpeg = false
+    link_pulseaudio = true
+    rtc_use_pipewire = true
+    treat_warnings_as_errors = false
+    use_custom_libcxx = false
+    use_gnome_keyring = false
+    use_sysroot = false
+  '
+  gn gen out/Release \
+      --args="import(\"//electron/build/args/release.gn\") ${GN_EXTRA_ARGS}"
+  ninja -C out/Release electron
+  # Strip before zip to avoid
+  # zipfile.LargeZipFile: Filesize would require ZIP64 extensions
+  strip -s out/Release/electron
+  ninja -C out/Release electron_dist_zip
+  # ninja -C out/Release third_party/electron_node:headers
+}
+
+package() {
+  install -dm755 "${pkgdir:?}/usr/lib/${pkgname}"
+  bsdtar -xf src/out/Release/dist.zip -C "${pkgdir}/usr/lib/${pkgname}"
+
+  chmod u+s "${pkgdir}/usr/lib/${pkgname}/chrome-sandbox"
+
+  install -dm755 "${pkgdir}/usr/share/licenses/${pkgname}"
+  for l in "${pkgdir}/usr/lib/${pkgname}"/{LICENSE,LICENSES.chromium.html}; do
+    ln -s  \
+      "$(realpath --relative-to="${pkgdir}/usr/share/licenses/${pkgname}" "${l}")" \
+      "${pkgdir}/usr/share/licenses/${pkgname}"
+  done
+
+  install -Dm755 "${srcdir}/electron-launcher.sh" \
+    "${pkgdir}/usr/bin/${pkgname}"
+  if [[ "${_use_suffix}" == 0 ]]; then
+    ln "${pkgdir}/usr/bin/${pkgname}" \
+      "${pkgdir}/usr/bin/${pkgname}${_major_ver}"
+  fi
+
+  # Install .desktop and icon file (see default_app-icon.patch)
+  install -Dm644 electron.desktop \
+    "${pkgdir}/usr/share/applications/${pkgname}.desktop"
+  install -Dm644 src/electron/default_app/icon.png \
+          "${pkgdir}/usr/share/pixmaps/${pkgname}.png"  # hicolor has no 1024x1024
+}

Copied: electron14/repos/community-staging-x86_64/chromium-93-ffmpeg-4.4.patch (from rev 1054201, electron14/trunk/chromium-93-ffmpeg-4.4.patch)
===================================================================
--- community-staging-x86_64/chromium-93-ffmpeg-4.4.patch	                        (rev 0)
+++ community-staging-x86_64/chromium-93-ffmpeg-4.4.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+   scoped_refptr<DecoderBuffer> buffer;
+ 
+   if (type() == DemuxerStream::TEXT) {
+-    size_t id_size = 0;
++    int id_size = 0;
+     uint8_t* id_data = av_packet_get_side_data(
+         packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+ 
+-    size_t settings_size = 0;
++    int settings_size = 0;
+     uint8_t* settings_data = av_packet_get_side_data(
+         packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+ 
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+     buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+                                      side_data.data(), side_data.size());
+   } else {
+-    size_t side_data_size = 0;
++    int side_data_size = 0;
+     uint8_t* side_data = av_packet_get_side_data(
+         packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+ 
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+                                        packet->size - data_offset);
+     }
+ 
+-    size_t skip_samples_size = 0;
++    int skip_samples_size = 0;
+     const uint32_t* skip_samples_ptr =
+         reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+             packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));

Copied: electron14/repos/community-staging-x86_64/chromium-harfbuzz-3.0.0.patch (from rev 1054201, electron14/trunk/chromium-harfbuzz-3.0.0.patch)
===================================================================
--- community-staging-x86_64/chromium-harfbuzz-3.0.0.patch	                        (rev 0)
+++ community-staging-x86_64/chromium-harfbuzz-3.0.0.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,20 @@
+# https://github.com/chromium/chromium/commit/b289f6f3fcbc
+
+diff --git a/components/paint_preview/common/subset_font.cc b/components/paint_preview/common/subset_font.cc
+index 8ff0540d9a..20a7d37474 100644
+--- a/components/paint_preview/common/subset_font.cc
++++ b/components/paint_preview/common/subset_font.cc
+@@ -72,9 +72,11 @@ sk_sp<SkData> SubsetFont(SkTypeface* typeface, const GlyphUsage& usage) {
+   hb_set_t* glyphs =
+       hb_subset_input_glyph_set(input.get());  // Owned by |input|.
+   usage.ForEach(base::BindRepeating(&AddGlyphs, base::Unretained(glyphs)));
+-  hb_subset_input_set_retain_gids(input.get(), true);
++  hb_subset_input_set_flags(input.get(), HB_SUBSET_FLAGS_RETAIN_GIDS);
+ 
+-  HbScoped<hb_face_t> subset_face(hb_subset(face.get(), input.get()));
++  HbScoped<hb_face_t> subset_face(hb_subset_or_fail(face.get(), input.get()));
++  if (!subset_face)
++    return nullptr;
+   HbScoped<hb_blob_t> subset_blob(hb_face_reference_blob(subset_face.get()));
+   if (!subset_blob)
+     return nullptr;

Copied: electron14/repos/community-staging-x86_64/default_app-icon.patch (from rev 1054201, electron14/trunk/default_app-icon.patch)
===================================================================
--- community-staging-x86_64/default_app-icon.patch	                        (rev 0)
+++ community-staging-x86_64/default_app-icon.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,21 @@
+--- a/electron/default_app/default_app.ts
++++ b/electron/default_app/default_app.ts
+@@ -59,7 +59,7 @@
+   };
+ 
+   if (process.platform === 'linux') {
+-    options.icon = path.join(__dirname, 'icon.png');
++    options.icon = '/usr/share/pixmaps/electron.png';
+   }
+ 
+   mainWindow = new BrowserWindow(options);
+--- a/electron/filenames.gni
++++ b/electron/filenames.gni
+@@ -6,7 +6,6 @@
+   ]
+ 
+   default_app_static_sources = [
+-    "default_app/icon.png",
+     "default_app/index.html",
+     "default_app/package.json",
+     "default_app/styles.css",

Copied: electron14/repos/community-staging-x86_64/electron-launcher.sh (from rev 1054201, electron14/trunk/electron-launcher.sh)
===================================================================
--- community-staging-x86_64/electron-launcher.sh	                        (rev 0)
+++ community-staging-x86_64/electron-launcher.sh	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,20 @@
+#!/usr/bin/bash
+
+set -euo pipefail
+
+name=@ELECTRON@
+flags_file="${XDG_CONFIG_HOME:-$HOME/.config}/${name}-flags.conf"
+
+declare -a flags
+
+if [[ -f "${flags_file}" ]]; then
+    mapfile -t < "${flags_file}"
+fi
+
+for line in "${MAPFILE[@]}"; do
+    if [[ ! "${line}" =~ ^[[:space:]]*#.* ]]; then
+        flags+=("${line}")
+    fi
+done
+
+exec /usr/lib/${name}/electron "$@" "${flags[@]}"

Copied: electron14/repos/community-staging-x86_64/electron.desktop (from rev 1054201, electron14/trunk/electron.desktop)
===================================================================
--- community-staging-x86_64/electron.desktop	                        (rev 0)
+++ community-staging-x86_64/electron.desktop	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Type=Application
+Name=@ELECTRON_NAME@
+Icon=@ELECTRON@
+Exec=@ELECTRON@ %u
+Categories=Development;GTK;
+StartupNotify=true

Copied: electron14/repos/community-staging-x86_64/gn-visibility-gmock.patch (from rev 1054201, electron14/trunk/gn-visibility-gmock.patch)
===================================================================
--- community-staging-x86_64/gn-visibility-gmock.patch	                        (rev 0)
+++ community-staging-x86_64/gn-visibility-gmock.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,43 @@
+From fc3c737210873e9bee311391e9f6b48130e84983 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <tsniatowski at vewd.com>
+Date: Sat, 4 Sep 2021 07:13:49 +0000
+Subject: [PATCH] Fix config visibility violation in //testing/gmock
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+//third_party/googletest:gtest_config has restricted visibility, current
+code works by accident because gn only enforces visibility on 'configs'.
+Fix by not referencing the configs at all as it should be unnecessary:
+//testing/gmock gets them via a public dependency chain anyway.
+
+This is one of a few fixes needed to roll gn past the upcoming
+enforcement change, landing in small parts because removing config
+usages feels a bit subtle.
+
+Bug: gn:252
+Change-Id: Ie1438862831ecee49162d9f8f7872a568d69c2fb
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3139927
+Reviewed-by: Dirk Pranke <dpranke at google.com>
+Commit-Queue: Tomasz Śniatowski <tsniatowski at vewd.com>
+Cr-Commit-Position: refs/heads/main@{#918357}
+---
+ testing/gmock/BUILD.gn | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/testing/gmock/BUILD.gn b/testing/gmock/BUILD.gn
+index 0248d146d7397..e285fb84e471a 100644
+--- a/testing/gmock/BUILD.gn
++++ b/testing/gmock/BUILD.gn
+@@ -14,11 +14,6 @@ source_set("gmock") {
+     "include/gmock/gmock.h",
+   ]
+   public_deps = [ "//third_party/googletest:gmock" ]
+-
+-  public_configs = [
+-    "//third_party/googletest:gmock_config",
+-    "//third_party/googletest:gtest_config",
+-  ]
+ }
+ 
+ # The file/directory layout of Google Test is not yet considered stable. Until

Copied: electron14/repos/community-staging-x86_64/gn-visibility-mojo.patch (from rev 1054201, electron14/trunk/gn-visibility-mojo.patch)
===================================================================
--- community-staging-x86_64/gn-visibility-mojo.patch	                        (rev 0)
+++ community-staging-x86_64/gn-visibility-mojo.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,36 @@
+From 40f10bf0e683f6b499b5c3c7555111193db03abf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <tsniatowski at vewd.com>
+Date: Tue, 7 Sep 2021 20:13:53 +0000
+Subject: [PATCH] Fix config visibility violation in //mojo/public/cpp/bindings
+
+//third_party/blink/renderer:config has restricted visibility, current
+code works by accident because gn only enforces visibility on 'configs'.
+Fix by removing the direct config usage as it looks historical and not
+actually needed.
+
+This is one of a few fixes needed to roll gn past the upcoming
+enforcement change, landing in small parts because removing config
+usages feels a bit subtle.
+
+Bug: gn:252
+Change-Id: I2e0d2e314ef3714dd19b11b7ae29bdcf5074cfda
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3140593
+Commit-Queue: Ken Rockot <rockot at google.com>
+Reviewed-by: Ken Rockot <rockot at google.com>
+Cr-Commit-Position: refs/heads/main@{#918914}
+---
+ mojo/public/cpp/bindings/BUILD.gn | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/mojo/public/cpp/bindings/BUILD.gn b/mojo/public/cpp/bindings/BUILD.gn
+index 13ad53b3ed305..d90318de106e4 100644
+--- a/mojo/public/cpp/bindings/BUILD.gn
++++ b/mojo/public/cpp/bindings/BUILD.gn
+@@ -281,7 +281,5 @@ if (!is_ios) {
+       "//third_party/blink/renderer/platform:platform_export",
+       "//third_party/blink/renderer/platform/wtf",
+     ]
+-
+-    public_configs = [ "//third_party/blink/renderer:config" ]
+   }
+ }

Copied: electron14/repos/community-staging-x86_64/gn-visibility-webrtc.patch (from rev 1054201, electron14/trunk/gn-visibility-webrtc.patch)
===================================================================
--- community-staging-x86_64/gn-visibility-webrtc.patch	                        (rev 0)
+++ community-staging-x86_64/gn-visibility-webrtc.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,45 @@
+From 72c4d9fc95c336f61d7a8417b78f947a400ce792 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <tsniatowski at vewd.com>
+Date: Tue, 14 Sep 2021 10:33:37 +0000
+Subject: [PATCH] Relax googletest gn config visibility for webrtc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+An upcoming gn roll will start enforcing config visibility on
+public_configs and all_dependent_configs. Normally, configs with
+limited visibility have corresponding helper targets that push the
+configs using public_configs and are propagated with public_deps.
+However, webrtc prefers to avoid public_deps, and pushes the gtest
+config using all_dependent_configs. This requires direct visibility,
+so tweak gtest BUILD.gn to make things work.
+
+Bug: gn:252, 1249254
+Change-Id: Ic7be22f7bf129255fb0ac51f437cd6dd3989e3a3
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3158065
+Commit-Queue: Tomasz Śniatowski <tsniatowski at vewd.com>
+Reviewed-by: Victor Costan <pwnall at chromium.org>
+Cr-Commit-Position: refs/heads/main@{#921126}
+---
+ third_party/googletest/BUILD.gn | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/googletest/BUILD.gn b/third_party/googletest/BUILD.gn
+index fe240ebe954b6..d2bde47d75eab 100644
+--- a/third_party/googletest/BUILD.gn
++++ b/third_party/googletest/BUILD.gn
+@@ -5,7 +5,13 @@
+ import("//build_overrides/build.gni")
+ 
+ config("gtest_config") {
+-  visibility = [ ":*" ]  # gmock also shares this config.
++  # webrtc wants to push this config without a public_dep chain
++  # TODO(crbug.com/1249254): figure out what to do with this
++  visibility = [
++    ":*",  # gmock also shares this config.
++    "//test:*",  # webrts standalone setup
++    "//third_party/webrtc/test:*",
++  ]
+ 
+   defines = [
+     # Chromium always links googletest statically, so no API qualifier is

Copied: electron14/repos/community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch (from rev 1054201, electron14/trunk/linux-sandbox-fix-fstatat-crash.patch)
===================================================================
--- community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch	                        (rev 0)
+++ community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,348 @@
+From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Wed, 21 Jul 2021 12:55:11 +0000
+Subject: [PATCH] Linux sandbox: fix fstatat() crash
+
+This is a reland of https://crrev.com/c/2801873.
+
+Glibc has started rewriting fstat(fd, stat_buf) to
+fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
+AT_EMPTY_PATH is specified, and the second argument is an empty string,
+then fstatat just performs an fstat on fd like normal.
+
+Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
+with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
+The baseline policy needs to prevent this usage of fstatat() since it
+doesn't allow access to arbitrary pathnames.
+
+Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
+simply ignored by current kernels.
+
+This means fstatat() is completely unsandboxable with seccomp, since
+we *need* to verify that the second argument is the empty string, but
+we can't dereference pointers in seccomp (due to limitations of BPF,
+and the difficulty of addressing these limitations due to TOCTOU
+issues).
+
+So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
+The signal handler, which runs in the sandboxed process, checks for
+AT_EMPTY_PATH and the empty string, and then rewrites any applicable
+fstatat() back into the old-style fstat().
+
+Bug: 1164975
+Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#903873}
+---
+ .../seccomp-bpf-helpers/baseline_policy.cc    |  8 ++++++
+ .../baseline_policy_unittest.cc               | 17 ++++++++++++-
+ .../seccomp-bpf-helpers/sigsys_handlers.cc    | 25 +++++++++++++++++++
+ .../seccomp-bpf-helpers/sigsys_handlers.h     | 14 +++++++++++
+ .../linux/syscall_broker/broker_process.cc    | 21 ++++++++++------
+ .../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
+ sandbox/linux/system_headers/linux_stat.h     |  4 +++
+ 7 files changed, 89 insertions(+), 18 deletions(-)
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+index f2a60bb4d7..9df0d2dbd3 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -20,6 +20,7 @@
+ #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
+ #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ 
+ #if !defined(SO_PEEK_OFF)
+@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+     return Allow();
+   }
+ 
++  // The fstatat syscalls are file system syscalls, which will be denied below
++  // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
++  // libc implementations to fstatat syscalls, and we need to rewrite them back.
++  if (sysno == __NR_fstatat_default) {
++    return RewriteFstatatSIGSYS(fs_denied_errno);
++  }
++
+   if (SyscallSets::IsFileSystem(sysno) ||
+       SyscallSets::IsCurrentDirectory(sysno)) {
+     return Error(fs_denied_errno);
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index 68c29b564b..57d307e09d 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -51,7 +51,8 @@ namespace sandbox {
+ 
+ namespace {
+ 
+-// This also tests that read(), write() and fstat() are allowed.
++// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
++// AT_EMPTY_PATH) are allowed.
+ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+   BPF_ASSERT_LE(0, read_end.get());
+   BPF_ASSERT_LE(0, write_end.get());
+@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+   BPF_ASSERT_EQ(0, sys_ret);
+   BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
+ 
++  sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
++  BPF_ASSERT_EQ(0, sys_ret);
++  BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
++
++  // Make sure fstatat with anything other than an empty string is denied.
++  sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
++  BPF_ASSERT_EQ(sys_ret, -1);
++  BPF_ASSERT_EQ(EPERM, errno);
++
++  // Make sure fstatat without AT_EMPTY_PATH is denied.
++  sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
++  BPF_ASSERT_EQ(sys_ret, -1);
++  BPF_ASSERT_EQ(EPERM, errno);
++
+   const ssize_t kTestTransferSize = 4;
+   static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
+   ssize_t transfered = 0;
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+index 64edbd68bd..71068a0452 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+@@ -6,6 +6,7 @@
+ 
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+ 
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -22,6 +23,7 @@
+ #include "sandbox/linux/seccomp-bpf/syscall.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ 
+ #if defined(__mips__)
+@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
+   return -ENOSYS;
+ }
+ 
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++                              void* fs_denied_errno) {
++  if (args.nr == __NR_fstatat_default) {
++    if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
++        args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
++      return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
++                     reinterpret_cast<default_stat_struct*>(args.args[2]));
++    }
++    return -reinterpret_cast<intptr_t>(fs_denied_errno);
++  }
++
++  CrashSIGSYS_Handler(args, fs_denied_errno);
++
++  // Should never be reached.
++  RAW_CHECK(false);
++  return -ENOSYS;
++}
++
+ bpf_dsl::ResultExpr CrashSIGSYS() {
+   return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
+ }
+@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
+   return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+ }
+ 
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
++  return bpf_dsl::Trap(SIGSYSFstatatHandler,
++                       reinterpret_cast<void*>(fs_denied_errno));
++}
++
+ void AllocateCrashKeys() {
+ #if !defined(OS_NACL_NONSFI)
+   if (seccomp_crash_key)
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+index 7a958b93b2..8cd735ce15 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
+ // sched_setparam(), sched_setscheduler()
+ SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
+                                            void* aux);
++// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
++// then rewrite the syscall to the equivalent fstat() syscall which can be
++// adequately sandboxed.
++// If the fstatat() is not functionally equivalent to an fstat() syscall, we
++// fail with -fs_denied_errno.
++// If the syscall is not an fstatat() at all, crash in the same way as
++// CrashSIGSYS_Handler.
++// This is necessary because glibc and musl have started rewriting fstat(fd,
++// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter
++// back to the former, which is actually sandboxable.
++SANDBOX_EXPORT intptr_t
++SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++                     void* fs_denied_errno);
+ 
+ // Variants of the above functions for use with bpf_dsl.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
+@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
+ 
+ // Allocates a crash key so that Seccomp information can be recorded.
+ void AllocateCrashKeys();
+diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc
+index c2176eb785..e9dad37485 100644
+--- a/sandbox/linux/syscall_broker/broker_process.cc
++++ b/sandbox/linux/syscall_broker/broker_process.cc
+@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
+ }
+ 
+ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
++  // The syscalls unavailable on aarch64 are all blocked by Android's default
++  // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX()
++  // with a corresponding XXat() versions are typically unavailable in aarch64
++  // and are default disabled in Android. So, we should refuse to broker them
++  // to be consistent with the platform's restrictions.
+   switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_access:
+ #endif
+     case __NR_faccessat:
+       return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_mkdir:
+ #endif
+     case __NR_mkdirat:
+       return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_open:
+ #endif
+     case __NR_openat:
+       return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_readlink:
+ #endif
+     case __NR_readlinkat:
+       return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_rename:
+ #endif
+     case __NR_renameat:
+     case __NR_renameat2:
+       return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_rmdir:
+       return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
+ #endif
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_stat:
+     case __NR_lstat:
+ #endif
+@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
+       return !fast_check || allowed_command_set_.test(COMMAND_STAT);
+ #endif
+ 
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+     case __NR_unlink:
+       return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
+ #endif
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index c65f25a78a..f0db08d84e 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
+   const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand = {
+       {COMMAND_ACCESS,
+        {__NR_faccessat,
+-#if defined(__NR_access)
++#if defined(__NR_access) && !defined(OS_ANDROID)
+         __NR_access
+ #endif
+        }},
+       {COMMAND_MKDIR,
+        {__NR_mkdirat,
+-#if defined(__NR_mkdir)
++#if defined(__NR_mkdir) && !defined(OS_ANDROID)
+         __NR_mkdir
+ #endif
+        }},
+       {COMMAND_OPEN,
+        {__NR_openat,
+-#if defined(__NR_open)
++#if defined(__NR_open) && !defined(OS_ANDROID)
+         __NR_open
+ #endif
+        }},
+       {COMMAND_READLINK,
+        {__NR_readlinkat,
+-#if defined(__NR_readlink)
++#if defined(__NR_readlink) && !defined(OS_ANDROID)
+         __NR_readlink
+ #endif
+        }},
+       {COMMAND_RENAME,
+        {__NR_renameat,
+-#if defined(__NR_rename)
++#if defined(__NR_rename) && !defined(OS_ANDROID)
+         __NR_rename
+ #endif
+        }},
+       {COMMAND_UNLINK,
+        {__NR_unlinkat,
+-#if defined(__NR_unlink)
++#if defined(__NR_unlink) && !defined(OS_ANDROID)
+         __NR_unlink
+ #endif
+        }},
+       {COMMAND_RMDIR,
+        {__NR_unlinkat,
+-#if defined(__NR_rmdir)
++#if defined(__NR_rmdir) && !defined(OS_ANDROID)
+         __NR_rmdir
+ #endif
+        }},
+       {COMMAND_STAT,
+        {
+-#if defined(__NR_stat)
++#if defined(__NR_stat) && !defined(OS_ANDROID)
+            __NR_stat,
+ #endif
+-#if defined(__NR_lstat)
++#if defined(__NR_lstat) && !defined(OS_ANDROID)
+            __NR_lstat,
+ #endif
+ #if defined(__NR_fstatat)
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+index 35788eb22a..83b89efc75 100644
+--- a/sandbox/linux/system_headers/linux_stat.h
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -157,6 +157,10 @@ struct kernel_stat {
+ };
+ #endif
+ 
++#if !defined(AT_EMPTY_PATH)
++#define AT_EMPTY_PATH 0x1000
++#endif
++
+ // On 32-bit systems, we default to the 64-bit stat struct like libc
+ // implementations do. Otherwise we default to the normal stat struct which is
+ // already 64-bit.

Copied: electron14/repos/community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch (from rev 1054201, electron14/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch)
===================================================================
--- community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch	                        (rev 0)
+++ community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton at chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek at chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna at google.com>
+> > > Owners-Override: Victor Vianna <victorvianna at google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper at appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton at chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek at chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto at chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko at chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton at chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko at chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko at chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek at chromium.org>
+Commit-Queue: Matthew Denton <mpdenton at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn                        |   1 +
+ .../seccomp_broker_process_unittest.cc        |  40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS        |   1 -
+ ...scall_parameters_restrictions_unittests.cc |   4 -
+ sandbox/linux/services/syscall_wrappers.cc    |  50 ++++-
+ sandbox/linux/services/syscall_wrappers.h     |  15 ++
+ .../services/syscall_wrappers_unittest.cc     | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS             |   3 +-
+ sandbox/linux/syscall_broker/broker_client.cc |   4 +-
+ sandbox/linux/syscall_broker/broker_client.h  |   4 +-
+ sandbox/linux/syscall_broker/broker_host.cc   |  23 ++-
+ .../syscall_broker/broker_process_unittest.cc |  74 +++----
+ .../remote_syscall_arg_handler_unittest.cc    |  36 ++--
+ .../syscall_broker/syscall_dispatcher.cc      |  67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h |  27 ++-
+ sandbox/linux/system_headers/linux_stat.h     | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h     |  26 +++
+ sandbox/linux/tests/test_utils.cc             |  15 ++
+ sandbox/linux/tests/test_utils.h              |   2 +
+ .../policy/linux/bpf_broker_policy_linux.cc   |   4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bc..ccbbc91716 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+     "system_headers/linux_ptrace.h",
+     "system_headers/linux_seccomp.h",
+     "system_headers/linux_signal.h",
++    "system_headers/linux_stat.h",
+     "system_headers/linux_syscalls.h",
+     "system_headers/linux_time.h",
+     "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911..8a941983b1 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++                                 struct stat& out_stat) {
++  out_stat.st_dev = in_stat.st_dev;
++  out_stat.st_ino = in_stat.st_ino;
++  out_stat.st_mode = in_stat.st_mode;
++  out_stat.st_nlink = in_stat.st_nlink;
++  out_stat.st_uid = in_stat.st_uid;
++  out_stat.st_gid = in_stat.st_gid;
++  out_stat.st_rdev = in_stat.st_rdev;
++  out_stat.st_size = in_stat.st_size;
++  out_stat.st_blksize = in_stat.st_blksize;
++  out_stat.st_blocks = in_stat.st_blocks;
++  out_stat.st_atim.tv_sec = in_stat.st_atime_;
++  out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++  out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++  out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++  out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++  out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ }  // namespace
+ 
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+ 
+   virtual int Open(const char* filepath, int flags) = 0;
+   virtual int Access(const char* filepath, int mode) = 0;
++  // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++  // syscaller simpler. Copying from default_stat_struct (the structure returned
++  // from a stat sycall) to struct stat (the structure exposed by a libc to its
++  // users) is simpler than going in the opposite direction.
+   virtual int Stat(const char* filepath,
+                    bool follow_links,
+                    struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+   int Stat(const char* filepath,
+            bool follow_links,
+            struct stat* statbuf) override {
+-    return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+-                                                       statbuf);
++    default_stat_struct buf;
++    int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++        filepath, follow_links, &buf);
++    if (ret >= 0)
++      ConvertKernelStatToLibcStat(buf, *statbuf);
++    return ret;
+   }
+ 
+   int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+   int Stat(const char* filepath,
+            bool follow_links,
+            struct stat* statbuf) override {
+-    int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+-                           : syscall(__NR_lstat, filepath, statbuf);
++    struct kernel_stat buf;
++    int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++                      follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+     if (ret < 0)
+       return -errno;
++
++    ConvertKernelStatToLibcStat(buf, *statbuf);
+     return ret;
+   }
+ 
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da3..95d1bb6cbb 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+   "+sandbox/linux/seccomp-bpf",
+   "+sandbox/linux/services",
+   "+sandbox/linux/system_headers",
+-  "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab..76c393032c 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ 
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h"  // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+ 
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129..3bec18a14e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+ 
+ #include "sandbox/linux/services/syscall_wrappers.h"
+ 
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+ 
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ 
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+ 
+-#endif
++#endif  // defined(ARCH_CPU_X86_FAMILY)
+ 
+ int sys_sigaction(int signum,
+                   const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+     }
+-#endif
++#endif  // defined(ARCH_CPU_X86_FAMILY)
+   }
+ 
+   LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+   return result;
+ }
+ 
+-#endif  // defined(MEMORY_SANITIZER)
++#endif  // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++  int res;
++#if !defined(__NR_stat)
++  res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++  res = syscall(__NR_stat, path, stat_buf);
++#endif
++  if (res == 0)
++    MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++  return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++  int res;
++#if !defined(__NR_lstat)
++  res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++  res = syscall(__NR_lstat, path, stat_buf);
++#endif
++  if (res == 0)
++    MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++  return res;
++}
++
++int sys_fstatat64(int dirfd,
++                  const char* pathname,
++                  struct kernel_stat64* stat_buf,
++                  int flags) {
++#if defined(__NR_fstatat64)
++  int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++  if (res == 0)
++    MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++  return res;
++#else  // defined(__NR_fstatat64)
++  // We should not reach here on 64-bit systems, as the *stat*64() are only
++  // necessary on 32-bit.
++  RAW_CHECK(false);
++  return -ENOSYS;
++#endif
++}
+ 
+ }  // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88..b55340e4a2 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+ 
+ namespace sandbox {
+ 
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+                                  const struct sigaction* act,
+                                  struct sigaction* oldact);
+ 
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++                                 const char* pathname,
++                                 struct kernel_stat64* stat_buf,
++                                 int flags);
++
+ }  // namespace sandbox
+ 
+ #endif  // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8..64b9cea80f 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+ 
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+ 
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+             linux_sigset);
+ }
+ 
++TEST(SyscallWrappers, Stat) {
++  // Create a file to stat, with 12 bytes of data.
++  ScopedTemporaryFile tmp_file;
++  EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++  // To test we have the correct stat structures for each kernel/platform, we
++  // will right-align them on a page, with a guard page after.
++  char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++  TestUtils::MprotectLastPageOrDie(two_pages, 2);
++  char* page1_end = two_pages + base::GetPageSize();
++
++  // First, check that calling stat with |stat_buf| pointing to the last byte on
++  // a page causes EFAULT.
++  int res = sys_stat(tmp_file.full_file_name(),
++                     reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++  ASSERT_EQ(res, -1);
++  ASSERT_EQ(errno, EFAULT);
++
++  // Now, check that we have the correctly sized stat structure.
++  struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++      page1_end - sizeof(struct kernel_stat));
++  // Memset to c's so we can check the kernel zero'd the padding...
++  memset(sb, 'c', sizeof(struct kernel_stat));
++  res = sys_stat(tmp_file.full_file_name(), sb);
++  ASSERT_EQ(res, 0);
++
++  // Following fields may never be consistent but should be non-zero.
++  // Don't trust the platform to define fields with any particular sign.
++  EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++  EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++  EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++  EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++  EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++  EXPECT_EQ(geteuid(), sb->st_uid);
++  EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++  // Wrote 12 bytes above which should fit in one block.
++  EXPECT_EQ(12u, sb->st_size);
++
++  // Can't go backwards in time, 1500000000 was some time ago.
++  EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++  EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++  EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++  // Checking the padding for good measure.
++#if defined(__x86_64__)
++  EXPECT_EQ(0u, sb->__pad0);
++  EXPECT_EQ(0u, sb->__unused4[0]);
++  EXPECT_EQ(0u, sb->__unused4[1]);
++  EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++  EXPECT_EQ(0u, sb->__pad1);
++  EXPECT_EQ(0, sb->__pad2);
++  EXPECT_EQ(0u, sb->__unused4);
++  EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++  // Create a file to stat, with 12 bytes of data.
++  ScopedTemporaryFile tmp_file;
++  EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++  // Also create a symlink.
++  std::string symlink_name;
++  {
++    ScopedTemporaryFile tmp_file2;
++    symlink_name = tmp_file2.full_file_name();
++  }
++  int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++  if (rc != 0) {
++    PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++                << tmp_file.full_file_name();
++    GTEST_FAIL();
++  }
++
++  struct kernel_stat lstat_info;
++  rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++  if (rc < 0 && errno == EOVERFLOW) {
++    GTEST_SKIP();
++  }
++  if (rc != 0) {
++    PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++    GTEST_FAIL();
++  }
++
++  struct kernel_stat stat_info;
++  rc = sys_stat(symlink_name.c_str(), &stat_info);
++  if (rc < 0 && errno == EOVERFLOW) {
++    GTEST_SKIP();
++  }
++  if (rc != 0) {
++    PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++    GTEST_FAIL();
++  }
++
++  struct kernel_stat tmp_file_stat_info;
++  rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++  if (rc < 0 && errno == EOVERFLOW) {
++    GTEST_SKIP();
++  }
++  if (rc != 0) {
++    PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++    GTEST_FAIL();
++  }
++
++  // lstat should produce information about a symlink.
++  ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++  // stat-ing symlink_name and tmp_file should produce the same inode.
++  ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++  // lstat-ing symlink_name should give a different inode than stat-ing
++  // symlink_name.
++  ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ }  // namespace
+ 
+ }  // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d363..149c463b06 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+-  "+sandbox/linux/system_headers",
+   "+sandbox/linux/bpf_dsl",
++  "+sandbox/linux/services",
++  "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433..e24f659fcf 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+ 
+ int BrokerClient::Stat(const char* pathname,
+                        bool follow_links,
+-                       struct stat* sb) const {
++                       struct kernel_stat* sb) const {
+   if (!pathname || !sb)
+     return -EFAULT;
+ 
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+ 
+ int BrokerClient::Stat64(const char* pathname,
+                          bool follow_links,
+-                         struct stat64* sb) const {
++                         struct kernel_stat64* sb) const {
+   if (!pathname || !sb)
+     return -EFAULT;
+ 
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2..26ca78101c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+   int Rmdir(const char* path) const override;
+   int Stat(const char* pathname,
+            bool follow_links,
+-           struct stat* sb) const override;
++           struct kernel_stat* sb) const override;
+   int Stat64(const char* pathname,
+              bool follow_links,
+-             struct stat64* sb) const override;
++             struct kernel_stat64* sb) const override;
+   int Unlink(const char* unlink) const override;
+ 
+  private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df..1cdc01a888 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ 
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+     RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+     return;
+   }
++
+   if (command_type == COMMAND_STAT) {
+-    struct stat sb;
+-    int sts =
+-        follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++    struct kernel_stat sb;
++
++    int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++                           : sandbox::sys_lstat(file_to_access, &sb);
+     if (sts < 0) {
+       RAW_CHECK(reply->AddIntToMessage(-errno));
+       return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+     RAW_CHECK(
+         reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+   } else {
++#if defined(__NR_fstatat64)
+     DCHECK(command_type == COMMAND_STAT64);
+-    struct stat64 sb;
+-    int sts = follow_links ? stat64(file_to_access, &sb)
+-                           : lstat64(file_to_access, &sb);
++    struct kernel_stat64 sb;
++
++    int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++                                     follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+     if (sts < 0) {
+       RAW_CHECK(reply->AddIntToMessage(-errno));
+       return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+     RAW_CHECK(reply->AddIntToMessage(0));
+     RAW_CHECK(
+         reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else  // defined(__NR_fstatat64)
++    // We should not reach here on 64-bit systems, as the *stat*64() are only
++    // necessary on 32-bit.
++    RAW_CHECK(false);
++#endif
+   }
+ }
+ 
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb2..c65f25a78a 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+   const char* bad_leading_path5 = "/mbogo/fictitioux";
+   const char* bad_leading_path6 = "/mbogo/fictitiousa";
+ 
+-  struct stat sb;
++  default_stat_struct sb;
+ 
+   {
+     // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ 
+     memset(&sb, 0, sizeof(sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   tempfile_name, follow_links, &sb));
+   }
+ 
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ 
+     memset(&sb, 0, sizeof(sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   nonesuch_name, follow_links, &sb));
+   }
+   {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ 
+     memset(&sb, 0, sizeof(sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   tempfile_name, follow_links, &sb));
+   }
+   {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+     ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+ 
+     memset(&sb, 0, sizeof(sb));
+-    EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+-                           nonesuch_name, follow_links, &sb));
++    EXPECT_EQ(-ENOENT,
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++                  nonesuch_name, follow_links, &sb));
+ 
+     // Gets denied all the way back to root since no create permission.
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   leading_path1, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   leading_path2, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   leading_path3, follow_links, &sb));
+ 
+     // Not fooled by substrings.
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path1, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path2, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path3, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path4, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path5, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path6, follow_links, &sb));
+   }
+   {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+     ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+ 
+     memset(&sb, 0, sizeof(sb));
+-    EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+-                           nonesuch_name, follow_links, &sb));
++    EXPECT_EQ(-ENOENT,
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++                  nonesuch_name, follow_links, &sb));
+ 
+     // Gets ENOENT all the way back to root since it has create permission.
+-    EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+-                           leading_path1, follow_links, &sb));
+-    EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+-                           leading_path2, follow_links, &sb));
++    EXPECT_EQ(-ENOENT,
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++                  leading_path1, follow_links, &sb));
++    EXPECT_EQ(-ENOENT,
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++                  leading_path2, follow_links, &sb));
+ 
+     // But can always get the root.
+-    EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+-                     leading_path3, follow_links, &sb));
++    EXPECT_EQ(0,
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++                  leading_path3, follow_links, &sb));
+ 
+     // Not fooled by substrings.
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path1, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path2, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path3, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path4, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path5, follow_links, &sb));
+     EXPECT_EQ(-kFakeErrnoSentinel,
+-              open_broker.GetBrokerClientSignalBased()->Stat(
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+                   bad_leading_path6, follow_links, &sb));
+   }
+   {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+     ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+ 
+     memset(&sb, 0, sizeof(sb));
+-    EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+-                     tempfile_name, follow_links, &sb));
++    EXPECT_EQ(0,
++              open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++                  tempfile_name, follow_links, &sb));
+ 
+     // Following fields may never be consistent but should be non-zero.
+     // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+     EXPECT_EQ(12, sb.st_size);
+ 
+     // Can't go backwards in time, 1500000000 was some time ago.
+-    EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+-    EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+-    EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++    EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++    EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++    EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+   }
+ }
+ 
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb708..f517a9867c 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+ 
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+   }
+ }
+ 
+-void* MapPagesOrDie(size_t num_pages) {
+-  void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+-                    PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+-  PCHECK(addr);
+-  return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+-  size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+-  PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+-         0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+                            after_parent_signals_callback = base::DoNothing(),
+                        base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+   size_t total_pages = (test_config.start_at + test_config.total_size +
+                         base::GetPageSize() - 1) /
+                        base::GetPageSize();
+-  char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++  char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+   char* addr = mmap_addr + test_config.start_at;
+   FillBufferWithPath(addr, test_config.total_size,
+                      test_config.include_null_byte);
+ 
+   if (test_config.last_page_inaccessible)
+-    MprotectLastPageOrDie(mmap_addr, total_pages);
++    TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+ 
+   pid_t pid = ForkWaitingChild();
+   munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+ 
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+-  void* addr = MapPagesOrDie(1);
++  void* addr = TestUtils::MapPagesOrDie(1);
+   FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+ 
+   base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+ 
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+-  void* read_from = MapPagesOrDie(1);
++  void* read_from = TestUtils::MapPagesOrDie(1);
+   const size_t write_size = base::GetPageSize();
+   FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+-  char* write_to = static_cast<char*>(MapPagesOrDie(1));
++  char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+   base::ScopedFD parent_signal_fd;
+   const std::vector<int> empty_fd_vec;
+ 
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+ 
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+-  char* write_to = static_cast<char*>(MapPagesOrDie(1));
+-  MprotectLastPageOrDie(write_to, 1);
++  char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++  TestUtils::MprotectLastPageOrDie(write_to, 1);
+   base::ScopedFD parent_signal_fd;
+   const std::vector<int> empty_fd_vec;
+ 
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+ 
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+-  char* read_from = static_cast<char*>(MapPagesOrDie(2));
++  char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+   const size_t write_size = base::GetPageSize();
+   FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+-  char* write_to = static_cast<char*>(MapPagesOrDie(2));
+-  MprotectLastPageOrDie(write_to, 2);
++  char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++  TestUtils::MprotectLastPageOrDie(write_to, 2);
+   write_to += base::GetPageSize() / 2;
+   base::ScopedFD parent_signal_fd;
+   const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+ 
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+-  char* addr = static_cast<char*>(MapPagesOrDie(1));
++  char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+   FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+ 
+   base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14a..8a42397ef8 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+ 
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++                                             bool follow_links,
++                                             default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++  return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++  return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+-                                     bool arch64) {
++                                     bool stat64) {
+   if (static_cast<int>(args.args[0]) != AT_FDCWD)
+     return -EPERM;
+   // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+ 
+   const bool follow_links =
+       !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+-  if (arch64) {
++  if (stat64) {
+     return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+-                  reinterpret_cast<struct stat64*>(args.args[2]));
++                  reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+   }
+ 
+   return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+-              reinterpret_cast<struct stat*>(args.args[2]));
++              reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++  if (static_cast<int>(args.args[0]) != AT_FDCWD)
++    return -EPERM;
++
++  int flags = static_cast<int>(args.args[2]);
++
++  if (flags == AT_REMOVEDIR) {
++    return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++  }
++
++  if (flags != 0)
++    return -EPERM;
++
++  return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+ 
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+     case __NR_stat:
+       return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+-                  reinterpret_cast<struct stat*>(args.args[1]));
++                  reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+     case __NR_stat64:
+       return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+-                    reinterpret_cast<struct stat64*>(args.args[1]));
++                    reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+     case __NR_lstat:
+       // See https://crbug.com/847096
+       BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+       return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+-                  reinterpret_cast<struct stat*>(args.args[1]));
++                  reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+     case __NR_lstat64:
+       // See https://crbug.com/847096
+       BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+       return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+-                    reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+-    case __NR_fstatat:
+-      return PerformStatat(args, /*arch64=*/false);
++                    reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+     case __NR_fstatat64:
+-      return PerformStatat(args, /*arch64=*/true);
++      return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+     case __NR_newfstatat:
+-      return PerformStatat(args, /*arch64=*/false);
++      return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+     case __NR_unlink:
+       return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+-    case __NR_unlinkat: {
+-      if (static_cast<int>(args.args[0]) != AT_FDCWD)
+-        return -EPERM;
+-
+-      int flags = static_cast<int>(args.args[2]);
+-
+-      if (flags == AT_REMOVEDIR) {
+-        return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+-      }
+-
+-      if (flags != 0)
+-        return -EPERM;
+-
+-      return Unlink(reinterpret_cast<const char*>(args.args[1]));
+-    }
++    case __NR_unlinkat:
++      return PerformUnlinkat(args);
+ #endif  // defined(__NR_unlinkat)
+     default:
+       RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9..1d6653caf3 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+ 
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+ 
+ namespace sandbox {
+ namespace syscall_broker {
+ 
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+  public:
+   // Emulates access()/faccessat().
+   // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+   virtual int Rmdir(const char* path) const = 0;
+ 
+   // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++  // Stat64 is only available on 32-bit systems.
+   virtual int Stat(const char* pathname,
+                    bool follow_links,
+-                   struct stat* sb) const = 0;
++                   struct kernel_stat* sb) const = 0;
+   virtual int Stat64(const char* pathname,
+                      bool follow_links,
+-                     struct stat64* sb) const = 0;
++                     struct kernel_stat64* sb) const = 0;
+ 
+   // Emulates unlink()/unlinkat().
+   virtual int Unlink(const char* unlink) const = 0;
+ 
++  // Different architectures use a different syscall from the stat family by
++  // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++  // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++  // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++  // should be using the default stat in order to test against glibc.
++  int DefaultStatForTesting(const char* pathname,
++                            bool follow_links,
++                            default_stat_struct* sb);
++
+   // Validates the args passed to a *statat*() syscall and performs the syscall
+-  // using Stat() or Stat64().
+-  int PerformStatat(const arch_seccomp_data& args, bool arch64);
++  // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++  // syscalls.
++  int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++  // Validates the args passed to an unlinkat() syscall and performs the syscall
++  // using either Unlink() or Rmdir().
++  int PerformUnlinkat(const arch_seccomp_data& args);
+ 
+   // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+   // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000..35788eb22a
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++  unsigned st_dev;
++  unsigned __pad0[3];
++  unsigned long long st_ino;
++  unsigned st_mode;
++  unsigned st_nlink;
++  unsigned st_uid;
++  unsigned st_gid;
++  unsigned st_rdev;
++  unsigned __pad1[3];
++  long long st_size;
++  unsigned st_atime_;
++  unsigned st_atime_nsec_;
++  unsigned st_mtime_;
++  unsigned st_mtime_nsec_;
++  unsigned st_ctime_;
++  unsigned st_ctime_nsec_;
++  unsigned st_blksize;
++  unsigned __pad2;
++  unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++  unsigned long long st_dev;
++  unsigned char __pad0[4];
++  unsigned __st_ino;
++  unsigned st_mode;
++  unsigned st_nlink;
++  unsigned st_uid;
++  unsigned st_gid;
++  unsigned long long st_rdev;
++  unsigned char __pad3[4];
++  long long st_size;
++  unsigned st_blksize;
++  unsigned long long st_blocks;
++  unsigned st_atime_;
++  unsigned st_atime_nsec_;
++  unsigned st_mtime_;
++  unsigned st_mtime_nsec_;
++  unsigned st_ctime_;
++  unsigned st_ctime_nsec_;
++  unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++  /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++   * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++   * format. In reality, we do not see useful data in the top bits. So,
++   * we'll leave the padding in here, until we find a better solution.
++   */
++  unsigned short st_dev;
++  short pad1;
++  unsigned st_ino;
++  unsigned short st_mode;
++  unsigned short st_nlink;
++  unsigned short st_uid;
++  unsigned short st_gid;
++  unsigned short st_rdev;
++  short pad2;
++  unsigned st_size;
++  unsigned st_blksize;
++  unsigned st_blocks;
++  unsigned st_atime_;
++  unsigned st_atime_nsec_;
++  unsigned st_mtime_;
++  unsigned st_mtime_nsec_;
++  unsigned st_ctime_;
++  unsigned st_ctime_nsec_;
++  unsigned __unused4;
++  unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++  uint64_t st_dev;
++  uint64_t st_ino;
++  uint64_t st_nlink;
++  unsigned st_mode;
++  unsigned st_uid;
++  unsigned st_gid;
++  unsigned __pad0;
++  uint64_t st_rdev;
++  int64_t st_size;
++  int64_t st_blksize;
++  int64_t st_blocks;
++  uint64_t st_atime_;
++  uint64_t st_atime_nsec_;
++  uint64_t st_mtime_;
++  uint64_t st_mtime_nsec_;
++  uint64_t st_ctime_;
++  uint64_t st_ctime_nsec_;
++  int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++  unsigned st_dev;
++  int st_pad1[3];
++  unsigned st_ino;
++  unsigned st_mode;
++  unsigned st_nlink;
++  unsigned st_uid;
++  unsigned st_gid;
++  unsigned st_rdev;
++  int st_pad2[2];
++  long st_size;
++  int st_pad3;
++  long st_atime_;
++  long st_atime_nsec_;
++  long st_mtime_;
++  long st_mtime_nsec_;
++  long st_ctime_;
++  long st_ctime_nsec_;
++  int st_blksize;
++  int st_blocks;
++  int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++  unsigned long st_dev;
++  unsigned long st_ino;
++  unsigned int st_mode;
++  unsigned int st_nlink;
++  unsigned int st_uid;
++  unsigned int st_gid;
++  unsigned long st_rdev;
++  unsigned long __pad1;
++  long st_size;
++  int st_blksize;
++  int __pad2;
++  long st_blocks;
++  long st_atime_;
++  unsigned long st_atime_nsec_;
++  long st_mtime_;
++  unsigned long st_mtime_nsec_;
++  long st_ctime_;
++  unsigned long st_ctime_nsec_;
++  unsigned int __unused4;
++  unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++}  // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++}  // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif  // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd..f18c806611 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+ 
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++  ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++  ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c..cf6041a4b4 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+ 
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+ 
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ 
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+   }
+ }
+ 
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++  void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++                    PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++  PCHECK(addr);
++  return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++  size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++  PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++         0);
++}
++
+ }  // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4..43b028b1e3 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+   // makes sure that if fork() succeeded the child exits
+   // and the parent waits for it.
+   static void HandlePostForkReturn(pid_t pid);
++  static void* MapPagesOrDie(size_t num_pages);
++  static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+ 
+  private:
+   DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8..6dc8c0581b 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+         return Allow();
+       break;
+ #endif
+-#if defined(__NR_fstatat)
+-    case __NR_fstatat:
++#if defined(__NR_fstatat64)
++    case __NR_fstatat64:
+       if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+         return Allow();
+       break;

Copied: electron14/repos/community-staging-x86_64/replace-blacklist-with-ignorelist.patch (from rev 1054201, electron14/trunk/replace-blacklist-with-ignorelist.patch)
===================================================================
--- community-staging-x86_64/replace-blacklist-with-ignorelist.patch	                        (rev 0)
+++ community-staging-x86_64/replace-blacklist-with-ignorelist.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,196 @@
+From 9d080c0934b848ee4a05013c78641e612fcc1e03 Mon Sep 17 00:00:00 2001
+From: Dylan Cutler <dylancutler at google.com>
+Date: Wed, 26 May 2021 16:39:52 +0000
+Subject: [PATCH] Reland "Replace 'blacklist' with 'ignorelist' in
+ ./tools/msan/."
+
+This is a reland of 3b6263f2eece1264b052dfdcbc03b851d5abfb48
+
+Relanding now that https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/2897974 is merged
+
+Original change's description:
+> Replace 'blacklist' with 'ignorelist' in ./tools/msan/.
+>
+> Bug: 1097272, 1097268
+> Change-Id: Id5c8227a5bfb1ffaec82d3168b609085b10c8297
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2867730
+> Commit-Queue: Dylan Cutler <dylancutler at google.com>
+> Reviewed-by: Nico Weber <thakis at chromium.org>
+> Reviewed-by: Jonathan Metzman <metzman at chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#883035}
+
+Bug: 1097272
+Bug: 1097268
+Change-Id: I11a5bc8972680c95fb1dab95ed3b707ed76f4667
+Cq-Include-Trybots: luci.chromium.try:chromeos-amd64-generic-cfi-thin-lto-rel
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2911096
+Commit-Queue: Dylan Cutler <dylancutler at google.com>
+Reviewed-by: Nico Weber <thakis at chromium.org>
+Cr-Commit-Position: refs/heads/master@{#886773}
+---
+ build/config/sanitizers/BUILD.gn             | 44 ++++++++++----------
+ build_overrides/build.gni                    | 14 +++----
+ tools/msan/{blacklist.txt => ignorelist.txt} |  0
+ 3 files changed, 29 insertions(+), 29 deletions(-)
+ rename tools/msan/{blacklist.txt => ignorelist.txt} (100%)
+
+diff --git a/build/config/sanitizers/BUILD.gn b/build/config/sanitizers/BUILD.gn
+index aaaad023474d..55b388a43743 100644
+--- a/build/config/sanitizers/BUILD.gn
++++ b/build/config/sanitizers/BUILD.gn
+@@ -272,11 +272,11 @@ config("asan_flags") {
+   if (is_asan) {
+     cflags += [ "-fsanitize=address" ]
+     if (is_win) {
+-      if (!defined(asan_win_blacklist_path)) {
+-        asan_win_blacklist_path =
++      if (!defined(asan_win_blocklist_path)) {
++        asan_win_blocklist_path =
+             rebase_path("//tools/memory/asan/blocklist_win.txt", root_build_dir)
+       }
+-      cflags += [ "-fsanitize-blacklist=$asan_win_blacklist_path" ]
++      cflags += [ "-fsanitize-ignorelist=$asan_win_blocklist_path" ]
+     }
+   }
+ }
+@@ -306,13 +306,13 @@ config("link_shared_library") {
+ config("cfi_flags") {
+   cflags = []
+   if (is_cfi && current_toolchain == default_toolchain) {
+-    if (!defined(cfi_blacklist_path)) {
+-      cfi_blacklist_path =
++    if (!defined(cfi_ignorelist_path)) {
++      cfi_ignorelist_path =
+           rebase_path("//tools/cfi/ignores.txt", root_build_dir)
+     }
+     cflags += [
+       "-fsanitize=cfi-vcall",
+-      "-fsanitize-blacklist=$cfi_blacklist_path",
++      "-fsanitize-ignorelist=$cfi_ignorelist_path",
+     ]
+ 
+     if (use_cfi_cast) {
+@@ -409,14 +409,14 @@ config("msan_flags") {
+   if (is_msan) {
+     assert(is_linux || is_chromeos,
+            "msan only supported on linux x86_64/ChromeOS")
+-    if (!defined(msan_blacklist_path)) {
+-      msan_blacklist_path =
+-          rebase_path("//tools/msan/blacklist.txt", root_build_dir)
++    if (!defined(msan_ignorelist_path)) {
++      msan_ignorelist_path =
++          rebase_path("//tools/msan/ignorelist.txt", root_build_dir)
+     }
+     cflags = [
+       "-fsanitize=memory",
+       "-fsanitize-memory-track-origins=$msan_track_origins",
+-      "-fsanitize-blacklist=$msan_blacklist_path",
++      "-fsanitize-ignorelist=$msan_ignorelist_path",
+     ]
+   }
+ }
+@@ -424,13 +424,13 @@ config("msan_flags") {
+ config("tsan_flags") {
+   if (is_tsan) {
+     assert(is_linux || is_chromeos, "tsan only supported on linux x86_64")
+-    if (!defined(tsan_blacklist_path)) {
+-      tsan_blacklist_path =
++    if (!defined(tsan_ignorelist_path)) {
++      tsan_ignorelist_path =
+           rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
+     }
+     cflags = [
+       "-fsanitize=thread",
+-      "-fsanitize-blacklist=$tsan_blacklist_path",
++      "-fsanitize-ignorelist=$tsan_ignorelist_path",
+     ]
+   }
+ }
+@@ -438,8 +438,8 @@ config("tsan_flags") {
+ config("ubsan_flags") {
+   cflags = []
+   if (is_ubsan) {
+-    if (!defined(ubsan_blacklist_path)) {
+-      ubsan_blacklist_path =
++    if (!defined(ubsan_ignorelist_path)) {
++      ubsan_ignorelist_path =
+           rebase_path("//tools/ubsan/ignorelist.txt", root_build_dir)
+     }
+     cflags += [
+@@ -456,7 +456,7 @@ config("ubsan_flags") {
+       "-fsanitize=signed-integer-overflow",
+       "-fsanitize=unreachable",
+       "-fsanitize=vla-bound",
+-      "-fsanitize-blacklist=$ubsan_blacklist_path",
++      "-fsanitize-ignorelist=$ubsan_ignorelist_path",
+     ]
+ 
+     # Chromecast ubsan builds fail to compile with these
+@@ -486,8 +486,8 @@ config("ubsan_no_recover") {
+ 
+ config("ubsan_security_flags") {
+   if (is_ubsan_security) {
+-    if (!defined(ubsan_security_blacklist_path)) {
+-      ubsan_security_blacklist_path =
++    if (!defined(ubsan_security_ignorelist_path)) {
++      ubsan_security_ignorelist_path =
+           rebase_path("//tools/ubsan/security_ignorelist.txt", root_build_dir)
+     }
+     cflags = [
+@@ -495,7 +495,7 @@ config("ubsan_security_flags") {
+       "-fsanitize=shift",
+       "-fsanitize=signed-integer-overflow",
+       "-fsanitize=vla-bound",
+-      "-fsanitize-blacklist=$ubsan_security_blacklist_path",
++      "-fsanitize-ignorelist=$ubsan_security_ignorelist_path",
+     ]
+   }
+ }
+@@ -508,13 +508,13 @@ config("ubsan_null_flags") {
+ 
+ config("ubsan_vptr_flags") {
+   if (is_ubsan_vptr) {
+-    if (!defined(ubsan_vptr_blacklist_path)) {
+-      ubsan_vptr_blacklist_path =
++    if (!defined(ubsan_vptr_ignorelist_path)) {
++      ubsan_vptr_ignorelist_path =
+           rebase_path("//tools/ubsan/vptr_ignorelist.txt", root_build_dir)
+     }
+     cflags = [
+       "-fsanitize=vptr",
+-      "-fsanitize-blacklist=$ubsan_vptr_blacklist_path",
++      "-fsanitize-ignorelist=$ubsan_vptr_ignorelist_path",
+     ]
+   }
+ }
+diff --git a/build_overrides/build.gni b/build_overrides/build.gni
+index 82627b03653f..f3e563ab701b 100644
+--- a/build_overrides/build.gni
++++ b/build_overrides/build.gni
+@@ -42,15 +42,15 @@ declare_args() {
+ # Allows different projects to specify their own suppression/ignore lists for
+ # sanitizer tools.
+ # asan_suppressions_file = "path/to/asan_suppressions.cc"
+-# asan_win_blacklist_path = "path/to/asan/blocklist_win.txt"
++# asan_win_ignorelist_path = "path/to/asan/blocklist_win.txt"
+ # lsan_suppressions_file = "path/to/lsan_suppressions.cc"
+ # tsan_suppressions_file = "path/to/tsan_suppressions.cc"
+-# tsan_blacklist_path = "path/to/tsan/ignores.txt"
+-# msan_blacklist_path = "path/to/msan/blacklist.txt"
+-# ubsan_blacklist_path = "path/to/ubsan/blacklist.txt"
+-# ubsan_vptr_blacklist_path = "path/to/ubsan/vptr_blacklist.txt"
+-# ubsan_security_blacklist_path = "path/to/ubsan/security_blacklist.txt"
+-# cfi_blacklist_path = "path/to/cfi/ignores.txt"
++# tsan_ignorelist_path = "path/to/tsan/ignores.txt"
++# msan_ignorelist_path = "path/to/msan/ignorelist.txt"
++# ubsan_ignorelist_path = "path/to/ubsan/ignorelist.txt"
++# ubsan_vptr_ignorelist_path = "path/to/ubsan/vptr_ignorelist.txt"
++# ubsan_security_ignorelist_path = "path/to/ubsan/security_ignorelist.txt"
++# cfi_ignorelist_path = "path/to/cfi/ignores.txt"
+ 
+ declare_args() {
+   # Android 32-bit non-component, non-clang builds cannot have symbol_level=2
+diff --git a/tools/msan/blacklist.txt b/tools/msan/ignorelist.txt
+similarity index 100%
+rename from tools/msan/blacklist.txt
+rename to tools/msan/ignorelist.txt

Copied: electron14/repos/community-staging-x86_64/skia-harfbuzz-3.0.0.patch (from rev 1054201, electron14/trunk/skia-harfbuzz-3.0.0.patch)
===================================================================
--- community-staging-x86_64/skia-harfbuzz-3.0.0.patch	                        (rev 0)
+++ community-staging-x86_64/skia-harfbuzz-3.0.0.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,100 @@
+# Minimal diff for harfbuzz 3.0.0 support; based on:
+# https://github.com/google/skia/commit/66684b17b382
+# https://github.com/google/skia/commit/51d83abcd24a
+
+diff --git a/gn/skia.gni b/gn/skia.gni
+index d98fdc19ee..199335d5c4 100644
+--- a/gn/skia.gni
++++ b/gn/skia.gni
+@@ -34,8 +34,6 @@ declare_args() {
+   skia_include_multiframe_procs = false
+   skia_lex = false
+   skia_libgifcodec_path = "third_party/externals/libgifcodec"
+-  skia_pdf_subset_harfbuzz =
+-      false  # TODO: set skia_pdf_subset_harfbuzz to skia_use_harfbuzz.
+   skia_qt_path = getenv("QT_PATH")
+   skia_skqp_global_error_tolerance = 0
+   skia_tools_require_resources = false
+@@ -99,6 +97,10 @@ declare_args() {
+   skia_use_libfuzzer_defaults = true
+ }
+ 
++declare_args() {
++  skia_pdf_subset_harfbuzz = skia_use_harfbuzz
++}
++
+ declare_args() {
+   skia_compile_sksl_tests = skia_compile_processors
+   skia_enable_fontmgr_android = skia_use_expat && skia_use_freetype
+diff --git a/src/pdf/SkPDFSubsetFont.cpp b/src/pdf/SkPDFSubsetFont.cpp
+index 81c37eef3a..2340a7937b 100644
+--- a/src/pdf/SkPDFSubsetFont.cpp
++++ b/src/pdf/SkPDFSubsetFont.cpp
+@@ -49,6 +49,37 @@ static sk_sp<SkData> to_data(HBBlob blob) {
+                                 blob.release());
+ }
+ 
++template<typename...> using void_t = void;
++template<typename T, typename = void>
++struct SkPDFHarfBuzzSubset {
++    // This is the HarfBuzz 3.0 interface.
++    // hb_subset_flags_t does not exist in 2.0. It isn't dependent on T, so inline the value of
++    // HB_SUBSET_FLAGS_RETAIN_GIDS until 2.0 is no longer supported.
++    static HBFace Make(T input, hb_face_t* face) {
++        // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
++        // If it isn't known if a font is 'tricky', retain the hints.
++        hb_subset_input_set_flags(input, 2/*HB_SUBSET_FLAGS_RETAIN_GIDS*/);
++        return HBFace(hb_subset_or_fail(face, input));
++    }
++};
++template<typename T>
++struct SkPDFHarfBuzzSubset<T, void_t<
++    decltype(hb_subset_input_set_retain_gids(std::declval<T>(), std::declval<bool>())),
++    decltype(hb_subset_input_set_drop_hints(std::declval<T>(), std::declval<bool>())),
++    decltype(hb_subset(std::declval<hb_face_t*>(), std::declval<T>()))
++    >>
++{
++    // This is the HarfBuzz 2.0 (non-public) interface, used if it exists.
++    // This code should be removed as soon as all users are migrated to the newer API.
++    static HBFace Make(T input, hb_face_t* face) {
++        hb_subset_input_set_retain_gids(input, true);
++        // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
++        // If it isn't known if a font is 'tricky', retain the hints.
++        hb_subset_input_set_drop_hints(input, false);
++        return HBFace(hb_subset(face, input));
++    }
++};
++
+ static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
+                                      const SkPDFGlyphUse& glyphUsage,
+                                      int ttcIndex) {
+@@ -71,11 +102,10 @@ static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
+     hb_set_t* glyphs = hb_subset_input_glyph_set(input.get());
+     glyphUsage.getSetValues([&glyphs](unsigned gid) { hb_set_add(glyphs, gid);});
+ 
+-    hb_subset_input_set_retain_gids(input.get(), true);
+-    // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
+-    // If it isn't known if a font is 'tricky', retain the hints.
+-    hb_subset_input_set_drop_hints(input.get(), false);
+-    HBFace subset(hb_subset(face.get(), input.get()));
++    HBFace subset = SkPDFHarfBuzzSubset<hb_subset_input_t*>::Make(input.get(), face.get());
++    if (!subset) {
++        return nullptr;
++    }
+     HBBlob result(hb_face_reference_blob(subset.get()));
+     return to_data(std::move(result));
+ }
+diff --git a/third_party/harfbuzz/BUILD.gn b/third_party/harfbuzz/BUILD.gn
+index 173830de62..4156607ef9 100644
+--- a/third_party/harfbuzz/BUILD.gn
++++ b/third_party/harfbuzz/BUILD.gn
+@@ -14,6 +14,9 @@ if (skia_use_system_harfbuzz) {
+   system("harfbuzz") {
+     include_dirs = [ "/usr/include/harfbuzz" ]
+     libs = [ "harfbuzz" ]
++    if (skia_pdf_subset_harfbuzz) {
++      libs += [ "harfbuzz-subset" ]
++    }
+   }
+ } else {
+   third_party("harfbuzz") {

Copied: electron14/repos/community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch (from rev 1054201, electron14/trunk/sql-make-VirtualCursor-standard-layout-type.patch)
===================================================================
--- community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch	                        (rev 0)
+++ community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,238 @@
+From 80368f8ba7a8bab13440463a254888311efe3986 Mon Sep 17 00:00:00 2001
+From: Stephan Hartmann <stha09 at googlemail.com>
+Date: Tue, 4 May 2021 15:00:19 +0000
+Subject: [PATCH] sql: make VirtualCursor standard layout type
+
+sql::recover::VirtualCursor needs to be a standard layout type, but
+has members of type std::unique_ptr. However, std::unique_ptr is not
+guaranteed to be standard layout. Compiling with clang combined with
+gcc-11 libstdc++ fails because of this. Replace std::unique_ptr with
+raw pointers.
+
+Bug: 1189788
+Change-Id: Ia6dc388cc5ef1c0f2afc75f8ca45b9f12687ca9c
+---
+ sql/recover_module/btree.cc  | 21 +++++++++++++++------
+ sql/recover_module/btree.h   | 17 +++++++++++++----
+ sql/recover_module/cursor.cc | 24 ++++++++++++------------
+ sql/recover_module/cursor.h  |  2 +-
+ sql/recover_module/pager.cc  |  7 +++----
+ sql/recover_module/pager.h   |  5 +++--
+ 6 files changed, 47 insertions(+), 29 deletions(-)
+
+diff --git a/sql/recover_module/btree.cc b/sql/recover_module/btree.cc
+index 9ecaafe8a3..839318abf9 100644
+--- a/sql/recover_module/btree.cc
++++ b/sql/recover_module/btree.cc
+@@ -135,16 +135,25 @@ static_assert(std::is_trivially_destructible<LeafPageDecoder>::value,
+               "Move the destructor to the .cc file if it's non-trival");
+ #endif  // !DCHECK_IS_ON()
+ 
+-LeafPageDecoder::LeafPageDecoder(DatabasePageReader* db_reader) noexcept
+-    : page_id_(db_reader->page_id()),
+-      db_reader_(db_reader),
+-      cell_count_(ComputeCellCount(db_reader)),
+-      next_read_index_(0),
+-      last_record_size_(0) {
++void LeafPageDecoder::Initialize(DatabasePageReader* db_reader) {
++  DCHECK(db_reader);
+   DCHECK(IsOnValidPage(db_reader));
++  page_id_ = db_reader->page_id();
++  db_reader_ = db_reader;
++  cell_count_ = ComputeCellCount(db_reader);
++  next_read_index_ = 0;
++  last_record_size_ = 0;
+   DCHECK(DatabasePageReader::IsValidPageId(page_id_));
+ }
+ 
++void LeafPageDecoder::Reset() {
++  db_reader_ = nullptr;
++  page_id_ = 0;
++  cell_count_ = 0;
++  next_read_index_ = 0;
++  last_record_size_ = 0;
++}
++
+ bool LeafPageDecoder::TryAdvance() {
+   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+   DCHECK(CanAdvance());
+diff --git a/sql/recover_module/btree.h b/sql/recover_module/btree.h
+index d76d076bf6..33114b01fa 100644
+--- a/sql/recover_module/btree.h
++++ b/sql/recover_module/btree.h
+@@ -102,7 +102,7 @@ class LeafPageDecoder {
+   //
+   // |db_reader| must have been used to read an inner page of a table B-tree.
+   // |db_reader| must outlive this instance.
+-  explicit LeafPageDecoder(DatabasePageReader* db_reader) noexcept;
++  explicit LeafPageDecoder() noexcept = default;
+   ~LeafPageDecoder() noexcept = default;
+ 
+   LeafPageDecoder(const LeafPageDecoder&) = delete;
+@@ -150,6 +150,15 @@ class LeafPageDecoder {
+   // read as long as CanAdvance() returns true.
+   bool TryAdvance();
+ 
++  // Initialize with DatabasePageReader
++  void Initialize(DatabasePageReader* db_reader);
++
++  // Reset internal DatabasePageReader
++  void Reset();
++
++  // True if DatabasePageReader is valid
++  bool IsValid() { return (db_reader_ != nullptr); }
++
+   // True if the given reader may point to an inner page in a table B-tree.
+   //
+   // The last ReadPage() call on |db_reader| must have succeeded.
+@@ -163,14 +172,14 @@ class LeafPageDecoder {
+   static int ComputeCellCount(DatabasePageReader* db_reader);
+ 
+   // The number of the B-tree page this reader is reading.
+-  const int64_t page_id_;
++  int64_t page_id_;
+   // Used to read the tree page.
+   //
+   // Raw pointer usage is acceptable because this instance's owner is expected
+   // to ensure that the DatabasePageReader outlives this.
+-  DatabasePageReader* const db_reader_;
++  DatabasePageReader* db_reader_;
+   // Caches the ComputeCellCount() value for this reader's page.
+-  const int cell_count_ = ComputeCellCount(db_reader_);
++  int cell_count_;
+ 
+   // The reader's cursor state.
+   //
+diff --git a/sql/recover_module/cursor.cc b/sql/recover_module/cursor.cc
+index 0029ff9295..42548bc4b5 100644
+--- a/sql/recover_module/cursor.cc
++++ b/sql/recover_module/cursor.cc
+@@ -26,7 +26,7 @@ VirtualCursor::~VirtualCursor() {
+ int VirtualCursor::First() {
+   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+   inner_decoders_.clear();
+-  leaf_decoder_ = nullptr;
++  leaf_decoder_.Reset();
+ 
+   AppendPageDecoder(table_->root_page_id());
+   return Next();
+@@ -36,18 +36,18 @@ int VirtualCursor::Next() {
+   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+   record_reader_.Reset();
+ 
+-  while (!inner_decoders_.empty() || leaf_decoder_.get()) {
+-    if (leaf_decoder_.get()) {
+-      if (!leaf_decoder_->CanAdvance()) {
++  while (!inner_decoders_.empty() || leaf_decoder_.IsValid()) {
++    if (leaf_decoder_.IsValid()) {
++      if (!leaf_decoder_.CanAdvance()) {
+         // The leaf has been exhausted. Remove it from the DFS stack.
+-        leaf_decoder_ = nullptr;
++        leaf_decoder_.Reset();
+         continue;
+       }
+-      if (!leaf_decoder_->TryAdvance())
++      if (!leaf_decoder_.TryAdvance())
+         continue;
+ 
+-      if (!payload_reader_.Initialize(leaf_decoder_->last_record_size(),
+-                                      leaf_decoder_->last_record_offset())) {
++      if (!payload_reader_.Initialize(leaf_decoder_.last_record_size(),
++                                      leaf_decoder_.last_record_offset())) {
+         continue;
+       }
+       if (!record_reader_.Initialize())
+@@ -99,13 +99,13 @@ int VirtualCursor::ReadColumn(int column_index,
+ int64_t VirtualCursor::RowId() {
+   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+   DCHECK(record_reader_.IsInitialized());
+-  DCHECK(leaf_decoder_.get());
+-  return leaf_decoder_->last_record_rowid();
++  DCHECK(leaf_decoder_.IsValid());
++  return leaf_decoder_.last_record_rowid();
+ }
+ 
+ void VirtualCursor::AppendPageDecoder(int page_id) {
+   DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+-  DCHECK(leaf_decoder_.get() == nullptr)
++  DCHECK(!leaf_decoder_.IsValid())
+       << __func__
+       << " must only be called when the current path has no leaf decoder";
+ 
+@@ -113,7 +113,7 @@ void VirtualCursor::AppendPageDecoder(int page_id) {
+     return;
+ 
+   if (LeafPageDecoder::IsOnValidPage(&db_reader_)) {
+-    leaf_decoder_ = std::make_unique<LeafPageDecoder>(&db_reader_);
++    leaf_decoder_.Initialize(&db_reader_);
+     return;
+   }
+ 
+diff --git a/sql/recover_module/cursor.h b/sql/recover_module/cursor.h
+index afcd6900e1..b15c31d425 100644
+--- a/sql/recover_module/cursor.h
++++ b/sql/recover_module/cursor.h
+@@ -129,7 +129,7 @@ class VirtualCursor {
+   std::vector<std::unique_ptr<InnerPageDecoder>> inner_decoders_;
+ 
+   // Decodes the leaf page containing records.
+-  std::unique_ptr<LeafPageDecoder> leaf_decoder_;
++  LeafPageDecoder leaf_decoder_;
+ 
+   SEQUENCE_CHECKER(sequence_checker_);
+ };
+diff --git a/sql/recover_module/pager.cc b/sql/recover_module/pager.cc
+index 58e75de270..5fe96204e5 100644
+--- a/sql/recover_module/pager.cc
++++ b/sql/recover_module/pager.cc
+@@ -23,8 +23,7 @@ static_assert(DatabasePageReader::kMaxPageId <= std::numeric_limits<int>::max(),
+               "ints are not appropriate for representing page IDs");
+ 
+ DatabasePageReader::DatabasePageReader(VirtualTable* table)
+-    : page_data_(std::make_unique<uint8_t[]>(table->page_size())),
+-      table_(table) {
++    : page_data_(), table_(table) {
+   DCHECK(table != nullptr);
+   DCHECK(IsValidPageSize(table->page_size()));
+ }
+@@ -57,8 +56,8 @@ int DatabasePageReader::ReadPage(int page_id) {
+                     std::numeric_limits<int64_t>::max(),
+                 "The |read_offset| computation above may overflow");
+ 
+-  int sqlite_status =
+-      RawRead(sqlite_file, read_size, read_offset, page_data_.get());
++  int sqlite_status = RawRead(sqlite_file, read_size, read_offset,
++                              const_cast<uint8_t*>(page_data_.data()));
+ 
+   // |page_id_| needs to be set to kInvalidPageId if the read failed.
+   // Otherwise, future ReadPage() calls with the previous |page_id_| value
+diff --git a/sql/recover_module/pager.h b/sql/recover_module/pager.h
+index 0e388ddc3b..99314e30ff 100644
+--- a/sql/recover_module/pager.h
++++ b/sql/recover_module/pager.h
+@@ -5,6 +5,7 @@
+ #ifndef SQL_RECOVER_MODULE_PAGER_H_
+ #define SQL_RECOVER_MODULE_PAGER_H_
+ 
++#include <array>
+ #include <cstdint>
+ #include <memory>
+ 
+@@ -70,7 +71,7 @@ class DatabasePageReader {
+     DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+     DCHECK_NE(page_id_, kInvalidPageId)
+         << "Successful ReadPage() required before accessing pager state";
+-    return page_data_.get();
++    return page_data_.data();
+   }
+ 
+   // The number of bytes in the page read by the last ReadPage() call.
+@@ -137,7 +138,7 @@ class DatabasePageReader {
+   int page_id_ = kInvalidPageId;
+   // Stores the bytes of the last page successfully read by ReadPage().
+   // The content is undefined if the last call to ReadPage() did not succeed.
+-  const std::unique_ptr<uint8_t[]> page_data_;
++  const std::array<uint8_t, kMaxPageSize> page_data_;
+   // Raw pointer usage is acceptable because this instance's owner is expected
+   // to ensure that the VirtualTable outlives this.
+   VirtualTable* const table_;

Copied: electron14/repos/community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch (from rev 1054201, electron14/trunk/unbundle-fix-visibility-of-build-config-freetype.patch)
===================================================================
--- community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch	                        (rev 0)
+++ community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,31 @@
+From 271e45339b7b969e98ccef7837cb1b15480b07fc Mon Sep 17 00:00:00 2001
+From: Stephan Hartmann <stha09 at googlemail.com>
+Date: Thu, 4 Nov 2021 18:58:34 +0000
+Subject: [PATCH] unbundle: fix visibility of //build/config/freetype
+
+For system freetype //build/linux:freetype_from_pkgconfig is restricted
+to //third_party:freetype_harfbuzz and //third_party/harfbuzz-ng:harfbuzz_source.
+However //build/config/freetype:freetype is accessing it too.
+
+Bug: None
+Change-Id: Ic4a37b01e4ae221372a9220cbad04c598b844c21
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3259304
+Commit-Queue: Thomas Anderson <thomasanderson at chromium.org>
+Reviewed-by: Thomas Anderson <thomasanderson at chromium.org>
+Cr-Commit-Position: refs/heads/main@{#938388}
+---
+ build/linux/BUILD.gn | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/build/linux/BUILD.gn b/build/linux/BUILD.gn
+index 54314c7687..cd49e3d524 100644
+--- a/build/linux/BUILD.gn
++++ b/build/linux/BUILD.gn
+@@ -23,6 +23,7 @@ if (use_system_freetype) {
+   # the system, use with caution,for details see build/config/freetype/BUILD.gn.
+   pkg_config("freetype_from_pkgconfig") {
+     visibility = [
++      "//build/config/freetype:freetype",
+       "//third_party:freetype_harfbuzz",
+       "//third_party/harfbuzz-ng:harfbuzz_source",
+     ]

Copied: electron14/repos/community-staging-x86_64/use-system-libraries-in-node.patch (from rev 1054201, electron14/trunk/use-system-libraries-in-node.patch)
===================================================================
--- community-staging-x86_64/use-system-libraries-in-node.patch	                        (rev 0)
+++ community-staging-x86_64/use-system-libraries-in-node.patch	2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,52 @@
+--- a/third_party/electron_node/BUILD.gn
++++ b/third_party/electron_node/BUILD.gn
+@@ -42,6 +42,18 @@
+   node_module_version = ""
+ }
+ 
++if (is_linux) {
++  import("//build/config/linux/pkg_config.gni")
++
++  pkg_config("cares") {
++    packages = [ "libcares" ]
++  }
++
++  pkg_config("nghttp2") {
++    packages = [ "libnghttp2" ]
++  }
++}
++
+ assert(!node_use_dtrace, "node_use_dtrace not supported in GN")
+ assert(!node_use_etw, "node_use_etw not supported in GN")
+ 
+@@ -182,10 +194,8 @@
+ component("node_lib") {
+   deps = [
+     ":node_js2c",
+-    "deps/cares",
+     "deps/histogram",
+     "deps/llhttp",
+-    "deps/nghttp2",
+     "deps/uvwasi",
+     "//third_party/zlib",
+     "//third_party/brotli:dec",
+@@ -201,6 +211,19 @@
+   public_configs = [ ":node_lib_config" ]
+   include_dirs = [ "src" ]
+   libs = []
++  if (is_linux) {
++    configs += [
++      ":cares",
++      ":nghttp2",
++    ]
++    libs += [ "http_parser" ]
++  } else {
++    deps += [
++      "deps/cares",
++      "deps/http_parser",
++      "deps/nghttp2",
++    ]
++  }
+   frameworks = []
+   cflags_cc = [
+     "-Wno-deprecated-declarations",



More information about the arch-commits mailing list