Update to 68.0.3440.106

4 files changed, 106 insertions, 11 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 42ae5dd472cd..5a4cae96f8d1 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,6 +1,6 @@
 pkgbase = chromium-gtk2
 	pkgdesc = A web browser built for speed, simplicity, and security (GTK2 version)
-	pkgver = 68.0.3440.75
+	pkgver = 68.0.3440.106
 	pkgrel = 1
 	url = https://www.chromium.org/Home
 	install = chromium.install
@@ -17,6 +17,7 @@ pkgbase = chromium-gtk2
 	makedepends = git
 	makedepends = clang
 	makedepends = lld
+	makedepends = gn
 	depends = gtk2
 	depends = nss
 	depends = alsa-lib
@@ -52,20 +53,24 @@ pkgbase = chromium-gtk2
 	optdepends = kwallet: for storing passwords in KWallet
 	provides = chromium
 	conflicts = chromium
-	source = https://commondatastorage.googleapis.com/chromium-browser-official/chromium-68.0.3440.75.tar.xz
+	source = https://commondatastorage.googleapis.com/chromium-browser-official/chromium-68.0.3440.106.tar.xz
 	source = chromium-launcher-6.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v6.tar.gz
 	source = x11-fix-mixup-between-DIP-pixel-coordinates.patch
 	source = blink-disable-XML-catalogs-at-runtime.patch
+	source = fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
+	source = only-disable-cfi-icall-when-use_system_libjpeg-true.patch
 	source = chromium-cors-string-r0.patch
 	source = chromium-ffmpeg-r1.patch
 	source = chromium-libjpeg-r0.patch
 	source = chromium-libwebp-shim-r0.patch
 	source = chromium-widevine-r2.patch
 	source = chromium-skia-harmony.patch
-	sha256sums = dc17783267853bdc0fb726363d2b8e30a0bf43b6cc2c768e1f37c92e8eb59541
+	sha256sums = 7021040635a0a0d47f699bdb22e3ef5c91482e4f51b428d1de3016da95f0e698
 	sha256sums = 04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1
 	sha256sums = e2c2754536243a60fa70541bbd4121715eccd83caa8f1fb1873bd994cd81f871
 	sha256sums = 98a5c41cf9687c52ee380d2b683c95387334c76254479c347bdb733646dab815
+	sha256sums = 97b421bc60a4abdf37de2d88a51b973e9f68fb44d1eccd464adfb3d9f5d71478
+	sha256sums = 9cae9ded6497afd15ad72d963897425ab6c7f28941bb3c3948e7996610a0d180
 	sha256sums = f4141e48a25a1403250e9040c18936a16250ab707064dd54103066f40c7db41c
 	sha256sums = aa885330bc4180b78d915f9dfdfc3210038a0acab7b16735ea9828ab6a633bde
 	sha256sums = 6b8fc570607631d3558e99a82e92c11eeae9c960ebb0a83c13d46344d4b6adca
diff --git a/PKGBUILD b/PKGBUILD
index d54b7ee115fa..1da6fb25575d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -7,7 +7,7 @@
 
 pkgname=chromium-gtk2
 _pkgname=chromium
-pkgver=68.0.3440.75
+pkgver=68.0.3440.106
 pkgrel=1
 _launcher_ver=6
 pkgdesc="A web browser built for speed, simplicity, and security (GTK2 version)"
@@ -18,7 +18,7 @@ depends=('gtk2' 'nss' 'alsa-lib' 'xdg-utils' 'libxss' 'libcups' 'libgcrypt'
          'ttf-font' 'systemd' 'dbus' 'libpulse' 'pciutils' 'json-glib'
          'desktop-file-utils' 'hicolor-icon-theme')
 makedepends=('python' 'python2' 'gperf' 'yasm' 'mesa' 'ninja' 'nodejs' 'git'
-             'clang' 'lld')
+             'clang' 'lld' 'gn')
 optdepends=('pepper-flash: support for Flash content'
             'kdialog: needed for file dialogs in KDE'
             'gnome-keyring: for storing passwords in GNOME keyring'
@@ -30,16 +30,20 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/$_pkg
         chromium-launcher-$_launcher_ver.tar.gz::https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver.tar.gz
         x11-fix-mixup-between-DIP-pixel-coordinates.patch
         blink-disable-XML-catalogs-at-runtime.patch
+        fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
+        only-disable-cfi-icall-when-use_system_libjpeg-true.patch
         chromium-cors-string-r0.patch
         chromium-ffmpeg-r1.patch
         chromium-libjpeg-r0.patch
         chromium-libwebp-shim-r0.patch
         chromium-widevine-r2.patch
         chromium-skia-harmony.patch)
-sha256sums=('dc17783267853bdc0fb726363d2b8e30a0bf43b6cc2c768e1f37c92e8eb59541'
+sha256sums=('7021040635a0a0d47f699bdb22e3ef5c91482e4f51b428d1de3016da95f0e698'
             '04917e3cd4307d8e31bfb0027a5dce6d086edb10ff8a716024fbb8bb0c7dccf1'
             'e2c2754536243a60fa70541bbd4121715eccd83caa8f1fb1873bd994cd81f871'
             '98a5c41cf9687c52ee380d2b683c95387334c76254479c347bdb733646dab815'
+            '97b421bc60a4abdf37de2d88a51b973e9f68fb44d1eccd464adfb3d9f5d71478'
+            '9cae9ded6497afd15ad72d963897425ab6c7f28941bb3c3948e7996610a0d180'
             'f4141e48a25a1403250e9040c18936a16250ab707064dd54103066f40c7db41c'
             'aa885330bc4180b78d915f9dfdfc3210038a0acab7b16735ea9828ab6a633bde'
             '6b8fc570607631d3558e99a82e92c11eeae9c960ebb0a83c13d46344d4b6adca'
@@ -95,6 +99,10 @@ prepare() {
   # https://crbug.com/736026
   patch -Np1 -i ../blink-disable-XML-catalogs-at-runtime.patch
 
+  # https://crbug.com/866290
+  patch -Np1 -i ../fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
+  patch -Np1 -i ../only-disable-cfi-icall-when-use_system_libjpeg-true.patch
+
   # https://crbug.com/skia/6663#c10
   patch -Np4 -i ../chromium-skia-harmony.patch
 
@@ -153,7 +161,6 @@ build() {
     'host_toolchain="//build/toolchain/linux/unbundle:default"'
     'clang_use_chrome_plugins=false'
     'is_official_build=true' # implies is_cfi=true on x86_64
-    'use_cfi_icall=false' # https://crbug.com/866290
     'is_debug=false'
     'treat_warnings_as_errors=false'
     'fieldtrial_testing_like_official_build=true'
@@ -189,10 +196,7 @@ build() {
     CPPFLAGS+=' -DNO_UNWIND_TABLES'
   fi
 
-  python2 tools/gn/bootstrap/bootstrap.py -s --no-clean
-  out/Release/gn gen out/Release --args="${_flags[*]}" \
-    --script-executable=/usr/bin/python2
-
+  gn gen out/Release --args="${_flags[*]}" --script-executable=/usr/bin/python2
   ninja -C out/Release chrome chrome_sandbox chromedriver
 }
 
diff --git a/fix-cfi-icall-failure-with-use_system_libjpeg-true.patch b/fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
new file mode 100644
index 000000000000..3c27898ed2e1
--- /dev/null
+++ b/fix-cfi-icall-failure-with-use_system_libjpeg-true.patch
@@ -0,0 +1,52 @@
+From db82db1b609f30d144d45477f55697818bcd363c Mon Sep 17 00:00:00 2001
+From: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Date: Tue, 31 Jul 2018 01:03:22 +0000
+Subject: [PATCH] Fix cfi-icall failure with use_system_libjpeg=true
+
+JPEGImageReader::AllocateSampleArray() can call the function pointer
+(*info_.mem->alloc_sarray) which can be set by the systems non-CFI
+enabled libjpeg DSO when chromium is built with use_system_libjpeg=true.
+Disable cfi-icall for that method.
+
+Bug: 866290
+Change-Id: I6d9bbf08c514d6d5f48ad34c3802c63419ed1223
+Reviewed-on: https://chromium-review.googlesource.com/1155927
+Reviewed-by: Kentaro Hara <haraken@chromium.org>
+Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#579270}
+---
+ .../renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc | 2 +-
+ third_party/blink/renderer/platform/wtf/compiler.h              | 2 ++
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+index a1e440f6eed5..fd4e72ba053c 100644
+--- a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
++++ b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+@@ -643,7 +643,7 @@ class JPEGImageReader final {
+   IntSize UvSize() const { return uv_size_; }
+ 
+  private:
+-  JSAMPARRAY AllocateSampleArray() {
++  NO_SANITIZE_CFI_ICALL JSAMPARRAY AllocateSampleArray() {
+ // Some output color spaces don't need the sample array: don't allocate in that
+ // case.
+ #if defined(TURBO_JPEG_RGB_SWIZZLE)
+diff --git a/third_party/blink/renderer/platform/wtf/compiler.h b/third_party/blink/renderer/platform/wtf/compiler.h
+index 51595afdc955..5225a70309d6 100644
+--- a/third_party/blink/renderer/platform/wtf/compiler.h
++++ b/third_party/blink/renderer/platform/wtf/compiler.h
+@@ -57,8 +57,10 @@
+ #if defined(__clang__)
+ #define NO_SANITIZE_UNRELATED_CAST \
+   __attribute__((no_sanitize("cfi-unrelated-cast", "vptr")))
++#define NO_SANITIZE_CFI_ICALL __attribute__((no_sanitize("cfi-icall")))
+ #else
+ #define NO_SANITIZE_UNRELATED_CAST
++#define NO_SANITIZE_CFI_ICALL
+ #endif
+ 
+ #endif /* WTF_Compiler_h */
+-- 
+2.18.0
+
diff --git a/only-disable-cfi-icall-when-use_system_libjpeg-true.patch b/only-disable-cfi-icall-when-use_system_libjpeg-true.patch
new file mode 100644
index 000000000000..3a71f8c05719
--- /dev/null
+++ b/only-disable-cfi-icall-when-use_system_libjpeg-true.patch
@@ -0,0 +1,34 @@
+From 20f81a066ffdf6bd30fb4b696b8b3e101368e2f6 Mon Sep 17 00:00:00 2001
+From: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Date: Tue, 31 Jul 2018 23:21:09 +0000
+Subject: [PATCH] Only disable cfi-icall when use_system_libjpeg=true
+
+Bug: 866290
+Change-Id: Ic5d175b3b854665f50781650406d599d09ee9849
+Reviewed-on: https://chromium-review.googlesource.com/1157136
+Reviewed-by: Kentaro Hara <haraken@chromium.org>
+Commit-Queue: Vlad Tsyrklevich <vtsyrklevich@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#579614}
+---
+ .../platform/image-decoders/jpeg/jpeg_image_decoder.cc       | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+index fd4e72ba053c..afa90d83efee 100644
+--- a/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
++++ b/third_party/blink/renderer/platform/image-decoders/jpeg/jpeg_image_decoder.cc
+@@ -643,7 +643,10 @@ class JPEGImageReader final {
+   IntSize UvSize() const { return uv_size_; }
+ 
+  private:
+-  NO_SANITIZE_CFI_ICALL JSAMPARRAY AllocateSampleArray() {
++#if defined(USE_SYSTEM_LIBJPEG)
++  NO_SANITIZE_CFI_ICALL
++#endif
++  JSAMPARRAY AllocateSampleArray() {
+ // Some output color spaces don't need the sample array: don't allocate in that
+ // case.
+ #if defined(TURBO_JPEG_RGB_SWIZZLE)
+-- 
+2.18.0
+