diff options
author | WorMzy Tykashi | 2018-03-31 23:36:31 +0100 |
---|---|---|
committer | WorMzy Tykashi | 2018-03-31 23:36:31 +0100 |
commit | 1c7efc7ec5befd18d5b7e568ffb660c0d9d00192 (patch) | |
tree | cfce5176d34cebfd951e973a90b781814d009f34 | |
parent | 15fb71c5143af77df12582d6ba5f09009a3c5d60 (diff) | |
download | aur-1c7efc7ec5befd18d5b7e568ffb660c0d9d00192.tar.gz |
Updated to 65.0.3325.181
-rw-r--r-- | .SRCINFO | 20 | ||||
-rw-r--r-- | PKGBUILD | 62 | ||||
-rw-r--r-- | allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch | 88 | ||||
-rw-r--r-- | fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch | 53 |
4 files changed, 187 insertions, 36 deletions
@@ -1,12 +1,13 @@ pkgbase = chromium-gtk2 pkgdesc = A web browser built for speed, simplicity, and security (GTK2 version) - pkgver = 65.0.3325.162 + pkgver = 65.0.3325.181 pkgrel = 1 url = https://www.chromium.org/Home install = chromium.install arch = i686 arch = x86_64 license = BSD + makedepends = python makedepends = python2 makedepends = gperf makedepends = yasm @@ -15,6 +16,7 @@ pkgbase = chromium-gtk2 makedepends = nodejs makedepends = git makedepends = clang + makedepends = lld depends = gtk2 depends = nss depends = alsa-lib @@ -49,18 +51,22 @@ pkgbase = chromium-gtk2 optdepends = kwallet: for storing passwords in KWallet provides = chromium conflicts = chromium - source = https://commondatastorage.googleapis.com/chromium-browser-official/chromium-65.0.3325.162.tar.xz - source = chromium-launcher-5.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v5.tar.gz - source = chromium-65.0.3325.162.txt::https://chromium.googlesource.com/chromium/src.git/+/65.0.3325.162?format=TEXT + source = https://commondatastorage.googleapis.com/chromium-browser-official/chromium-65.0.3325.181.tar.xz + source = chromium-launcher-6.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v6.tar.gz + source = chromium-65.0.3325.181.txt::https://chromium.googlesource.com/chromium/src.git/+/65.0.3325.181?format=TEXT + source = fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch + source = allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch source = chromium-skia-harmony.patch source = chromium-clang-r2.patch source = chromium-math.h-r0.patch source = chromium-stdint.patch source = chromium-widevine.patch source = chromium-gtk2-fix-build.patch - sha256sums = 627e7bfd84795de1553fac305239130d25186acf2d3c77d39d824327cd116cce - sha256sums = 4dc3428f2c927955d9ae117f2fb24d098cc6dd67adb760ac9c82b522ec8b0587 - sha256sums = bed2a7ef4b1ebd53b28e2f38963a2dd761267ccc8818693c34ce8596db53dd4c + sha256sums = 93666448c6b96ec83e6a35a64cff40db4eb92a154fe1db4e7dab4761d0e38687 + sha256sums = 04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1 + sha256sums = 2771c049b66c9aba3b945fe065f2610f164d55506eb5d71751a26aaf8b40d4ee + sha256sums = e3fb73b43bb8c69ff517e66b2cac73d6e759fd240003eb35598df9af442422fe + sha256sums = 4327289866d0b3006de62799ec06b07198a738e50e0a5c2e41ff62dbe00b4a2c sha256sums = feca54ab09ac0fc9d0626770a6b899a6ac5a12173c7d0c1005bc3964ec83e7b3 sha256sums = 4495e8b29dae242c79ffe4beefc5171eb3c7aacb7e9aebfd2d4d69b9d8c958d3 sha256sums = fe0ab86aa5b0072db730eccda3e1582ebed4af25815bfd49fe0da24cf63ca902 @@ -7,9 +7,9 @@ pkgname=chromium-gtk2 _pkgname=chromium -pkgver=65.0.3325.162 +pkgver=65.0.3325.181 pkgrel=1 -_launcher_ver=5 +_launcher_ver=6 pkgdesc="A web browser built for speed, simplicity, and security (GTK2 version)" arch=('i686' 'x86_64') url="https://www.chromium.org/Home" @@ -17,7 +17,8 @@ license=('BSD') depends=('gtk2' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt' 'ttf-font' 'systemd' 'dbus' 'libpulse' 'pciutils' 'json-glib' 'desktop-file-utils' 'hicolor-icon-theme') -makedepends=('python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git' 'clang') +makedepends=('python' 'python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git' + 'clang' 'lld') optdepends=('pepper-flash: support for Flash content' 'kdialog: needed for file dialogs in KDE' 'gnome-keyring: for storing passwords in GNOME keyring' @@ -28,15 +29,19 @@ install=chromium.install source=(https://commondatastorage.googleapis.com/chromium-browser-official/$_pkgname-$pkgver.tar.xz chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz chromium-$pkgver.txt::https://chromium.googlesource.com/chromium/src.git/+/$pkgver?format=TEXT + fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch + allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch chromium-skia-harmony.patch chromium-clang-r2.patch chromium-math.h-r0.patch chromium-stdint.patch chromium-widevine.patch chromium-gtk2-fix-build.patch) -sha256sums=('627e7bfd84795de1553fac305239130d25186acf2d3c77d39d824327cd116cce' - '4dc3428f2c927955d9ae117f2fb24d098cc6dd67adb760ac9c82b522ec8b0587' - 'bed2a7ef4b1ebd53b28e2f38963a2dd761267ccc8818693c34ce8596db53dd4c' +sha256sums=('93666448c6b96ec83e6a35a64cff40db4eb92a154fe1db4e7dab4761d0e38687' + '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1' + '2771c049b66c9aba3b945fe065f2610f164d55506eb5d71751a26aaf8b40d4ee' + 'e3fb73b43bb8c69ff517e66b2cac73d6e759fd240003eb35598df9af442422fe' + '4327289866d0b3006de62799ec06b07198a738e50e0a5c2e41ff62dbe00b4a2c' 'feca54ab09ac0fc9d0626770a6b899a6ac5a12173c7d0c1005bc3964ec83e7b3' '4495e8b29dae242c79ffe4beefc5171eb3c7aacb7e9aebfd2d4d69b9d8c958d3' 'fe0ab86aa5b0072db730eccda3e1582ebed4af25815bfd49fe0da24cf63ca902' @@ -91,12 +96,22 @@ prepare() { fi echo "LASTCHANGE=$_chrome_build_hash-" >build/util/LASTCHANGE + # Allow building against system libraries in official builds + sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \ + tools/generate_shim_headers/generate_shim_headers.py + # Enable support for the Widevine CDM plugin # libwidevinecdm.so is not included, but can be copied over from Chrome # (Version string doesn't seem to matter so let's go with "Pinkie Pie") sed "s/@WIDEVINE_VERSION@/Pinkie Pie/" ../chromium-widevine.patch | patch -Np1 + # https://crbug.com/822820 + patch -Np1 -i ../fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch + + # https://crbug.com/817400 + patch -Np1 -i ../allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch + # https://crbug.com/skia/6663#c10 patch -Np4 -i ../chromium-skia-harmony.patch @@ -105,25 +120,13 @@ prepare() { patch -Np1 -i ../chromium-math.h-r0.patch patch -Np1 -i ../chromium-stdint.patch - # Remove compiler flags not supported by our system clang - sed -i \ - -e '/"-Wno-enum-compare-switch"/d' \ - -e '/"-Wno-null-pointer-arithmetic"/d' \ - -e '/"-Wno-tautological-unsigned-zero-compare"/d' \ - -e '/"-Wno-tautological-constant-compare"/d' \ - build/config/compiler/BUILD.gn + # Force script incompatible with Python 3 to use /usr/bin/python2 + sed -i '1s|python$|&2|' third_party/dom_distiller_js/protoc_plugins/*.py # Fix GTK2 build # https://chromium-review.googlesource.com/c/chromium/src/+/894993 patch -Np1 -i ../chromium-gtk2-fix-build.patch - # Use Python 2 - find . -name '*.py' -exec sed -i -r 's|/usr/bin/python$|&2|g' {} + - - # There are still a lot of relative calls which need a workaround - mkdir "$srcdir/python2-path" - ln -s /usr/bin/python2 "$srcdir/python2-path/python" - mkdir -p third_party/node/linux/node-linux-x64/bin ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/ @@ -156,10 +159,6 @@ build() { export CCACHE_SLOPPINESS=time_macros fi - export PATH="$srcdir/python2-path:$PATH" - export TMPDIR="$srcdir/temp" - mkdir -p "$TMPDIR" - export CC=clang export CXX=clang++ export AR=ar @@ -168,10 +167,9 @@ build() { local _flags=( 'custom_toolchain="//build/toolchain/linux/unbundle:default"' 'host_toolchain="//build/toolchain/linux/unbundle:default"' - 'is_clang=true' 'clang_use_chrome_plugins=false' + 'is_official_build=true' # implies is_cfi=true on x86_64 'is_debug=false' - 'fatal_linker_warnings=false' 'treat_warnings_as_errors=false' 'fieldtrial_testing_like_official_build=true' 'remove_webcore_debug_symbols=true' @@ -180,8 +178,6 @@ build() { 'link_pulseaudio=true' 'use_gtk3=false' 'use_gnome_keyring=false' - 'use_gold=false' - 'use_lld=false' 'use_sysroot=false' 'linux_use_bundled_binutils=false' 'use_custom_libcxx=false' @@ -194,13 +190,21 @@ build() { "google_default_client_secret=\"${_google_default_client_secret}\"" ) + # Facilitate deterministic builds (taken from build/config/compiler/BUILD.gn) + CFLAGS+=' -Wno-builtin-macro-redefined' + CXXFLAGS+=' -Wno-builtin-macro-redefined' + CPPFLAGS+=' -D__DATE__= -D__TIME__= -D__TIMESTAMP__=' + if check_option strip y; then + _flags+=('symbol_level=0') + + # Mimic exclude_unwind_tables=true CFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables' CXXFLAGS+=' -fno-unwind-tables -fno-asynchronous-unwind-tables' CPPFLAGS+=' -DNO_UNWIND_TABLES' fi - python2 tools/gn/bootstrap/bootstrap.py --gn-gen-args "${_flags[*]}" + python2 tools/gn/bootstrap/bootstrap.py -s --no-clean out/Release/gn gen out/Release --args="${_flags[*]}" \ --script-executable=/usr/bin/python2 diff --git a/allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch b/allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch new file mode 100644 index 000000000000..327d8c3bb569 --- /dev/null +++ b/allow-stat-in-Linux-for-GPU-process-for-a-list-of-files.patch @@ -0,0 +1,88 @@ +From 6b1b6d3a8555075e23cca89335e855d55f35fba9 Mon Sep 17 00:00:00 2001 +From: Zhenyao Mo <zmo@chromium.org> +Date: Thu, 29 Mar 2018 23:48:19 +0000 +Subject: [PATCH] Allow `stat` in Linux for GPU process for a list of files. + +This is to unblock certain NVidia driver's glReadPixels calls in the sandboxed +GPU process. + +Note that the needed file /dev/nvidiactl is already in the list for read/write. + +BUG=817400 +TEST=manual +R=tsepez@chromium.org + +Change-Id: I9074a8335a9c4df1487f5a288d5e284bbedf67c3 +Reviewed-on: https://chromium-review.googlesource.com/965462 +Reviewed-by: Zhenyao Mo <zmo@chromium.org> +Reviewed-by: Tom Sepez <tsepez@chromium.org> +Reviewed-by: Robert Sesek <rsesek@chromium.org> +Reviewed-by: Kenneth Russell <kbr@chromium.org> +Commit-Queue: Zhenyao Mo <zmo@chromium.org> +Cr-Commit-Position: refs/heads/master@{#547027} +--- + content/gpu/gpu_sandbox_hook_linux.cc | 5 ++++- + .../service_manager/sandbox/linux/bpf_gpu_policy_linux.cc | 15 ++++++++++++++- + 2 files changed, 18 insertions(+), 2 deletions(-) + +diff --git a/content/gpu/gpu_sandbox_hook_linux.cc b/content/gpu/gpu_sandbox_hook_linux.cc +index ddd7b99485fe..cd914e2f9926 100644 +--- a/content/gpu/gpu_sandbox_hook_linux.cc ++++ b/content/gpu/gpu_sandbox_hook_linux.cc +@@ -153,6 +153,7 @@ void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) { + static const char kDriCardBasePath[] = "/dev/dri/card"; + static const char kNvidiaCtlPath[] = "/dev/nvidiactl"; + static const char kNvidiaDeviceBasePath[] = "/dev/nvidia"; ++ static const char kNvidiaDeviceModeSetPath[] = "/dev/nvidia-modeset"; + static const char kNvidiaParamsPath[] = "/proc/driver/nvidia/params"; + static const char kDevShm[] = "/dev/shm/"; + +@@ -172,6 +173,8 @@ void AddStandardGpuWhiteList(std::vector<BrokerFilePermission>* permissions) { + permissions->push_back(BrokerFilePermission::ReadWrite( + base::StringPrintf("%s%d", kNvidiaDeviceBasePath, i))); + } ++ permissions->push_back( ++ BrokerFilePermission::ReadWrite(kNvidiaDeviceModeSetPath)); + permissions->push_back(BrokerFilePermission::ReadOnly(kNvidiaParamsPath)); + } + +@@ -262,9 +265,9 @@ sandbox::syscall_broker::BrokerCommandSet CommandSetForGPU( + sandbox::syscall_broker::BrokerCommandSet command_set; + command_set.set(sandbox::syscall_broker::COMMAND_ACCESS); + command_set.set(sandbox::syscall_broker::COMMAND_OPEN); ++ command_set.set(sandbox::syscall_broker::COMMAND_STAT); + if (IsChromeOS() && options.use_amd_specific_policies) { + command_set.set(sandbox::syscall_broker::COMMAND_READLINK); +- command_set.set(sandbox::syscall_broker::COMMAND_STAT); + } + return command_set; + } +diff --git a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc b/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc +index bc16952c0898..d683aacc76f4 100644 +--- a/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc ++++ b/services/service_manager/sandbox/linux/bpf_gpu_policy_linux.cc +@@ -61,7 +61,20 @@ ResultExpr GpuProcessPolicy::EvaluateSyscall(int sysno) const { + case __NR_open: + #endif // !defined(__aarch64__) + case __NR_faccessat: +- case __NR_openat: { ++ case __NR_openat: ++#if defined(__NR_stat) ++ case __NR_stat: ++#endif ++#if defined(__NR_stat64) ++ case __NR_stat64: ++#endif ++#if defined(__NR_fstatat) ++ case __NR_fstatat: ++#endif ++#if defined(__NR_newfstatat) ++ case __NR_newfstatat: ++#endif ++ { + auto* broker_process = SandboxLinux::GetInstance()->broker_process(); + DCHECK(broker_process); + return Trap(BrokerProcess::SIGSYS_Handler, broker_process); +-- +2.16.2 + diff --git a/fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch b/fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch new file mode 100644 index 000000000000..ee7339d39817 --- /dev/null +++ b/fix-crash-in-is_cfi-true-builds-with-unbundled-ICU.patch @@ -0,0 +1,53 @@ +From f15e8b573ada0fcd643ae393484214b1c7c940f8 Mon Sep 17 00:00:00 2001 +From: Evangelos Foutras <evangelos@foutrelis.com> +Date: Sat, 24 Mar 2018 00:04:33 +0000 +Subject: [PATCH] Fix crash in is_cfi=true builds with unbundled ICU + +Ensure ICU symbols have public visibility and are thus excluded from CFI +checks and whole-program optimization. The former caused a startup crash +and the latter has the potential to break virtual calls in weird ways. + +BUG=822820 + +Change-Id: Ia809eefcb9e93b3c612f2381d394db83bbc67120 +Reviewed-on: https://chromium-review.googlesource.com/978008 +Reviewed-by: Peter Collingbourne <pcc@chromium.org> +Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> +Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> +Cr-Commit-Position: refs/heads/master@{#545638} +--- + build/linux/unbundle/icu.gn | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/build/linux/unbundle/icu.gn b/build/linux/unbundle/icu.gn +index 5bdd91555df7..4450e409dba5 100644 +--- a/build/linux/unbundle/icu.gn ++++ b/build/linux/unbundle/icu.gn +@@ -17,6 +17,24 @@ config("icu_config") { + "USING_SYSTEM_ICU=1", + "ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC", + "UCHAR_TYPE=uint16_t", ++ ++ # U_EXPORT (defined in unicode/platform.h) is used to set public visibility ++ # on classes through the U_COMMON_API and U_I18N_API macros (among others). ++ # When linking against the system ICU library, we want its symbols to have ++ # public LTO visibility. This disables CFI checks for the ICU classes and ++ # allows whole-program optimization to be applied to the rest of Chromium. ++ # ++ # Both U_COMMON_API and U_I18N_API macros would be defined to U_EXPORT only ++ # when U_COMBINED_IMPLEMENTATION is defined (see unicode/utypes.h). Because ++ # we override the default system UCHAR_TYPE (char16_t), it is not possible ++ # to use U_COMBINED_IMPLEMENTATION at this moment, meaning the U_COMMON_API ++ # and U_I18N_API macros are set to U_IMPORT which is an empty definition. ++ # ++ # Until building with UCHAR_TYPE=char16_t is supported, one way to apply ++ # public visibility (and thus public LTO visibility) to all ICU classes is ++ # to define U_IMPORT to have the same value as U_EXPORT. For more details, ++ # please see: https://crbug.com/822820 ++ "U_IMPORT=U_EXPORT", + ] + } + +-- +2.16.3 + |