Date: Tuesday, June 4, 2019 @ 21:49:17 Author: foutrelis Revision: 354859
upgpkg: chromium 75.0.3770.80-1 New upstream release. Added: chromium/trunk/libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch Modified: chromium/trunk/PKGBUILD Deleted: chromium/trunk/chromium-glibc-2.29.patch -------------------------------------------------------------+ PKGBUILD | 14 - chromium-glibc-2.29.patch | 105 ---------- libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch | 36 +++ 3 files changed, 43 insertions(+), 112 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2019-06-04 19:01:15 UTC (rev 354858) +++ PKGBUILD 2019-06-04 21:49:17 UTC (rev 354859) @@ -4,8 +4,8 @@ # Contributor: Daniel J Griffiths <[email protected]> pkgname=chromium -pkgver=74.0.3729.169 -pkgrel=2 +pkgver=75.0.3770.80 +pkgrel=1 _launcher_ver=6 pkgdesc="A web browser built for speed, simplicity, and security" arch=('x86_64') @@ -24,14 +24,14 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz chromium-system-icu.patch - chromium-glibc-2.29.patch + libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch chromium-fix-window-flash-for-some-WMs.patch chromium-widevine.patch chromium-skia-harmony.patch) -sha256sums=('070f0210017f54b65264f88726431da7582e36a04caa673fe50662e8b41a0cb4' +sha256sums=('da828bc8d887821380b461abfbbd0e17538c211d56f240f03711b918c77a66d6' '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1' 'e2d284311f49c529ea45083438a768db390bde52949995534034d2a814beab89' - 'dd791f154b48e69cd47fd94753c45448655b529590995fd71ac1591c53a3d60c' + 'e309dfd9d790f32cb1d23103726ac25e405b6ae6757a1c957a8395667d753908' '183d8cc712f0bcf1afcb01ce90c4c104a4c8d8070a06f94974a28b007d9e2ce4' 'd081f2ef8793544685aad35dea75a7e6264a2cb987ff3541e6377f4a3650a28b' '5887f78b55c4ecbbcba5930f3f0bb7bc0117c2a41c2f761805fcf7f46f1ca2b3') @@ -84,8 +84,8 @@ third_party/blink/renderer/core/xml/parser/xml_document_parser.cc \ third_party/libxml/chromium/libxml_utils.cc - # https://crbug.com/949312 - patch -Np1 -i ../chromium-glibc-2.29.patch + # https://chromium-review.googlesource.com/1584292 + patch -Np1 -i ../libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch # https://crbug.com/956061 patch -Np1 -i ../chromium-fix-window-flash-for-some-WMs.patch Deleted: chromium-glibc-2.29.patch =================================================================== --- chromium-glibc-2.29.patch 2019-06-04 19:01:15 UTC (rev 354858) +++ chromium-glibc-2.29.patch 2019-06-04 21:49:17 UTC (rev 354859) @@ -1,105 +0,0 @@ -From 65046b8f90d0336cbe5f2f15cc7da5cb798360ad Mon Sep 17 00:00:00 2001 -From: Matthew Denton <[email protected]> -Date: Wed, 24 Apr 2019 15:44:40 +0000 -Subject: [PATCH] Update Linux Seccomp syscall restrictions to EPERM - posix_spawn/vfork - -Glibc's system() function switched to using posix_spawn, which uses -CLONE_VFORK. Pepperflash includes a sandbox debugging check which -relies on us EPERM-ing process creation like this, rather than crashing -the process with SIGSYS. - -So whitelist clone() calls, like posix_spawn, that include the flags -CLONE_VFORK and CLONE_VM. - -Bug: 949312 -Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20 -Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1568086 -Commit-Queue: Robert Sesek <[email protected]> -Reviewed-by: Robert Sesek <[email protected]> -Cr-Commit-Position: refs/heads/master@{#653590} ---- - .../baseline_policy_unittest.cc | 29 +++++++++++++++++++ - .../syscall_parameters_restrictions.cc | 13 +++++++-- - 2 files changed, 40 insertions(+), 2 deletions(-) - -diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -index cdeb210ccb..40fcebf933 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc -@@ -10,7 +10,9 @@ - #include <sched.h> - #include <signal.h> - #include <stddef.h> -+#include <stdlib.h> - #include <string.h> -+#include <sys/mman.h> - #include <sys/prctl.h> - #include <sys/resource.h> - #include <sys/socket.h> -@@ -130,6 +132,33 @@ BPF_TEST_C(BaselinePolicy, ForkArmEperm, BaselinePolicy) { - BPF_ASSERT_EQ(EPERM, fork_errno); - } - -+BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) { -+ errno = 0; -+ int ret_val = system("echo SHOULD NEVER RUN"); -+ BPF_ASSERT_EQ(-1, ret_val); -+ BPF_ASSERT_EQ(EPERM, errno); -+} -+ -+BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) { -+ errno = 0; -+ // Allocate a couple pages for the child's stack even though the child should -+ // never start. -+ constexpr size_t kStackSize = 4096 * 4; -+ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE, -+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0); -+ BPF_ASSERT_NE(child_stack, nullptr); -+ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD, -+ static_cast<char*>(child_stack) + kStackSize, nullptr, -+ nullptr, nullptr); -+ const int clone_errno = errno; -+ TestUtils::HandlePostForkReturn(pid); -+ -+ munmap(child_stack, kStackSize); -+ -+ BPF_ASSERT_EQ(-1, pid); -+ BPF_ASSERT_EQ(EPERM, clone_errno); -+} -+ - BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) { - base::Thread thread("sandbox_tests"); - BPF_ASSERT(thread.Start()); -diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -index 100afe50e3..348ab6e8c5 100644 ---- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc -@@ -135,7 +135,8 @@ namespace sandbox { - #if !defined(OS_NACL_NONSFI) - // Allow Glibc's and Android pthread creation flags, crash on any other - // thread creation attempts and EPERM attempts to use neither --// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations. -+// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is -+// present (as in newer versions of posix_spawn). - ResultExpr RestrictCloneToThreadsAndEPERMFork() { - const Arg<unsigned long> flags(0); - -@@ -154,8 +155,16 @@ ResultExpr RestrictCloneToThreadsAndEPERMFork() { - AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask, - flags == kGlibcPthreadFlags); - -+ // The following two flags are the two important flags in any vfork-emulating -+ // clone call. EPERM any clone call that contains both of them. -+ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM; -+ -+ const BoolExpr is_fork_or_clone_vfork = -+ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0, -+ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags); -+ - return If(IsAndroid() ? android_test : glibc_test, Allow()) -- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM)) -+ .ElseIf(is_fork_or_clone_vfork, Error(EPERM)) - .Else(CrashSIGSYSClone()); - } - Added: libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch =================================================================== --- libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch (rev 0) +++ libstdc-do-not-assume-unique_ptr-has-ostream-operator.patch 2019-06-04 21:49:17 UTC (rev 354859) @@ -0,0 +1,36 @@ +From aeed4d1f15ce84a17ea0bc219e258dc4982b2368 Mon Sep 17 00:00:00 2001 +From: Jose Dapena Paz <[email protected]> +Date: Fri, 26 Apr 2019 20:07:05 +0000 +Subject: [PATCH] libstdc++: do not assume unique_ptr has ostream operator +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CompositorFrameReportingController is using DCHECK_NE to compare +several unique_ptr. This is valid in libc++, but on libstdc++ unique_ptr +does not have an ostream operator. + +Change-Id: I9f23ef17f02b9e107694ba493f6f8f3caf5cac4d +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1584292 +Reviewed-by: Sunny Sachanandani <[email protected]> +Commit-Queue: José Dapena Paz <[email protected]> +Cr-Commit-Position: refs/heads/master@{#654570} +--- + cc/scheduler/compositor_frame_reporting_controller.cc | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cc/scheduler/compositor_frame_reporting_controller.cc b/cc/scheduler/compositor_frame_reporting_controller.cc +index f1587ed158..1b17021fd2 100644 +--- a/cc/scheduler/compositor_frame_reporting_controller.cc ++++ b/cc/scheduler/compositor_frame_reporting_controller.cc +@@ -31,8 +31,8 @@ void CompositorFrameReportingController::WillBeginImplFrame() { + + void CompositorFrameReportingController::WillBeginMainFrame() { + DCHECK(reporters_[PipelineStage::kBeginImplFrame]); +- DCHECK_NE(reporters_[PipelineStage::kBeginMainFrame], +- reporters_[PipelineStage::kBeginImplFrame]); ++ DCHECK(reporters_[PipelineStage::kBeginMainFrame] != ++ reporters_[PipelineStage::kBeginImplFrame]); + reporters_[PipelineStage::kBeginImplFrame]->StartStage( + "SendBeginMainFrameToCommit"); + AdvanceReporterStage(PipelineStage::kBeginImplFrame,
