CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2018/07/25 00:53:36
Modified files:
www/chromium : Makefile
www/chromium/patches: patch-chrome_common_pref_names_cc
patch-chrome_common_pref_names_h
patch-components_autofill_core_browser_autofill_experiments_cc
patch-components_crash_content_app_crashpad_cc
patch-components_crash_core_common_BUILD_gn
patch-content_app_content_main_runner_cc
patch-content_browser_renderer_host_render_widget_host_view_event_handler_cc
patch-content_gpu_gpu_main_cc
patch-content_gpu_gpu_sandbox_hook_linux_cc
patch-content_ppapi_plugin_ppapi_plugin_main_cc
patch-content_public_common_content_switches_cc
patch-content_public_common_content_switches_h
patch-content_renderer_renderer_main_cc
patch-content_renderer_renderer_main_platform_delegate_linux_cc
patch-content_utility_utility_main_cc
patch-services_service_manager_sandbox_BUILD_gn
patch-third_party_fontconfig_include_config_h
patch-third_party_swiftshader_third_party_llvm-subzero_build_Linux_include_llvm_Config_config_h
Added files:
www/chromium/patches: patch-base_rand_util_h
patch-base_rand_util_posix_cc
patch-content_browser_browser_child_process_host_impl_cc
patch-content_browser_gpu_gpu_process_host_cc
patch-content_browser_renderer_host_render_process_host_impl_cc
patch-services_service_manager_embedder_switches_cc
patch-services_service_manager_embedder_switches_h
patch-services_service_manager_sandbox_openbsd_sandbox_openbsd_cc
patch-services_service_manager_sandbox_openbsd_sandbox_openbsd_h
patch-services_service_manager_sandbox_sandbox_cc
patch-services_service_manager_sandbox_sandbox_h
patch-third_party_boringssl_BUILD_generated_gni
patch-third_party_boringssl_src_crypto_fipsmodule_rand_urandom_c
patch-third_party_boringssl_src_crypto_rand_extra_arc4random_c
patch-third_party_boringssl_src_include_openssl_base_h
patch-third_party_crashpad_crashpad_client_BUILD_gn
patch-third_party_crashpad_crashpad_client_crashpad_client_posix_cc
patch-third_party_fontconfig_src_src_fccompat_c
patch-third_party_libxml_linux_config_h
patch-third_party_libxml_src_dict_c
patch-third_party_sqlite_amalgamation_sqlite3_c
patch-third_party_unrar_src_crypt_cpp
patch-v8_src_base_utils_random-number-generator_cc
Removed files:
www/chromium/patches:
patch-content_common_sandbox_init_openbsd_cc
patch-content_common_sandbox_init_openbsd_h
Log message:
Introduce unveil(2) support for chromium;
I am commiting this so that work can continue in tree because the diff
is starting to get really big. This commit includes several changes
required for unveil(2) described below:
- overhaul of the sandboxing code for pledge(2) to match what is being
done on other platforms
- avoid using /dev/urandom and switch to arc4random(3) or arc4random_buf(3)
- start using pledge(2) for the main browser process as well, disabled by
default for now as the list changes rapidly. The list of pledges are read
from the /etc/chromium/pledge.main file if available. When this is complete
the list of pledges will be hardcoded just as it is for the other process
types.
- add the --enable-unveil flag to use unveil(2) in all of the browser processes
by reading the list of unveil'd paths from files located in /etc/chromium,
e.g.: /etc/chromium/unveil.main or /etc/chromium/unveil.gpu.
These files are not included in the package by default as they are work in
progress. If you want to help please visit: https://github.com/rnagy/chromium
- if unveil(2) is used, chromium will not be able to access most of the
filesystem
so for example if you would like to download or upload something, only the
unveil'd
paths are going to be available, which is by default include ~/Downloads.
