diff options
-rw-r--r-- | .SRCINFO | 7 | ||||
-rw-r--r-- | PKGBUILD | 11 | ||||
-rw-r--r-- | unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch | 38 |
3 files changed, 51 insertions, 5 deletions
@@ -45,6 +45,7 @@ pkgbase = chromium-no-extras depends = opus depends = harfbuzz depends = re2 + depends = jsoncpp depends = libxslt depends = libpng depends = freetype2 @@ -57,7 +58,8 @@ pkgbase = chromium-no-extras options = !lto source = https://commondatastorage.googleapis.com/chromium-browser-official/chromium-106.0.5249.61.tar.xz source = https://github.com/foutrelis/chromium-launcher/archive/v8/chromium-launcher-8.tar.gz - source = https://github.com/stha09/chromium-patches/releases/download/chromium-106-patchset-1/chromium-106-patchset-1.tar.xz + source = https://github.com/stha09/chromium-patches/releases/download/chromium-106-patchset-2/chromium-106-patchset-2.tar.xz + source = unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch source = REVERT-enable-GlobalMediaControlsCastStartStop.patch source = REVERT-roll-src-third_party-ffmpeg-m102.patch source = REVERT-roll-src-third_party-ffmpeg-m106.patch @@ -65,7 +67,8 @@ pkgbase = chromium-no-extras source = use-oauth2-client-switches-as-default.patch sha256sums = f27acb929b12fc9e60b035c2f9f1879866eec7cfe1665dccf544048e9e931497 sha256sums = 213e50f48b67feb4441078d50b0fd431df34323be15be97c55302d3fdac4483a - sha256sums = ea7db6b14b276cbf04e434d31d8bbdfbc23d108dcc1c2cbc278eb8f22c0b3086 + sha256sums = 2ad419439379d17385b7fd99039aca875ba36ca31b591b9cd4ccef84273be121 + sha256sums = b908f37c5a886e855953f69e4dd6b90baa35e79f5c74673f7425f2cdb642eb00 sha256sums = 779fb13f2494209d3a7f1f23a823e59b9dded601866d3ab095937a1a04e19ac6 sha256sums = 30df59a9e2d95dcb720357ec4a83d9be51e59cc5551365da4c0073e68ccdec44 sha256sums = 4c12d31d020799d31355faa7d1fe2a5a807f7458e7f0c374adf55edb37032152 @@ -14,7 +14,7 @@ _pkgname=chromium pkgver=106.0.5249.61 pkgrel=1 _launcher_ver=8 -_gcc_patchset=1 +_gcc_patchset=2 pkgdesc="Chromium without hangout services, widevine, pipewire, or chromedriver" arch=('x86_64') url="https://www.chromium.org/Home" @@ -34,6 +34,7 @@ options=('debug' '!lto') # Chromium adds its own flags for ThinLTO source=(https://commondatastorage.googleapis.com/chromium-browser-official/chromium-$pkgver.tar.xz https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver/chromium-launcher-$_launcher_ver.tar.gz https://github.com/stha09/chromium-patches/releases/download/chromium-${pkgver%%.*}-patchset-$_gcc_patchset/chromium-${pkgver%%.*}-patchset-$_gcc_patchset.tar.xz + unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch REVERT-enable-GlobalMediaControlsCastStartStop.patch REVERT-roll-src-third_party-ffmpeg-m102.patch REVERT-roll-src-third_party-ffmpeg-m106.patch @@ -41,7 +42,8 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/chrom use-oauth2-client-switches-as-default.patch) sha256sums=('f27acb929b12fc9e60b035c2f9f1879866eec7cfe1665dccf544048e9e931497' '213e50f48b67feb4441078d50b0fd431df34323be15be97c55302d3fdac4483a' - 'ea7db6b14b276cbf04e434d31d8bbdfbc23d108dcc1c2cbc278eb8f22c0b3086' + '2ad419439379d17385b7fd99039aca875ba36ca31b591b9cd4ccef84273be121' + 'b908f37c5a886e855953f69e4dd6b90baa35e79f5c74673f7425f2cdb642eb00' '779fb13f2494209d3a7f1f23a823e59b9dded601866d3ab095937a1a04e19ac6' '30df59a9e2d95dcb720357ec4a83d9be51e59cc5551365da4c0073e68ccdec44' '4c12d31d020799d31355faa7d1fe2a5a807f7458e7f0c374adf55edb37032152' @@ -59,7 +61,7 @@ declare -gA _system_libs=( [freetype]=freetype2 [harfbuzz-ng]=harfbuzz [icu]=icu - #[jsoncpp]=jsoncpp # triggers a CFI violation (https://crbug.com/1365218) + [jsoncpp]=jsoncpp [libaom]=aom #[libavif]=libavif # needs https://github.com/AOMediaCodec/libavif/commit/d22d4de94120 [libdrm]= @@ -107,6 +109,9 @@ prepare() { # runtime -- this allows signing into Chromium without baked-in values patch -Np1 -i ../use-oauth2-client-switches-as-default.patch + # Upstream fixes + patch -Np1 -i ../unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch + # Revert kGlobalMediaControlsCastStartStop enabled by default # https://crbug.com/1314342 patch -Rp1 -F3 -i ../REVERT-enable-GlobalMediaControlsCastStartStop.patch diff --git a/unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch b/unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch new file mode 100644 index 000000000000..7bf1b5c701d8 --- /dev/null +++ b/unbundle-jsoncpp-avoid-CFI-faults-with-is_cfi-true.patch @@ -0,0 +1,38 @@ +From ed8d931e35f81d8566835a579caf7d61368f85b7 Mon Sep 17 00:00:00 2001 +From: Evangelos Foutras <evangelos@foutrelis.com> +Date: Tue, 27 Sep 2022 22:20:41 +0000 +Subject: [PATCH] unbundle/jsoncpp: avoid CFI faults with is_cfi=true + +Ensure jsoncpp symbols have public visibility and are thus excluded from +CFI checks and whole-program optimization. This is achieved by defining +JSON_DLL_BUILD which in turn causes json/config.h to define JSON_API as +__attribute__((visibility("default"))). The latter macro is used to tag +jsoncpp classes and namespace functions throughout jsoncpp's headers. + +BUG=1365218 + +Change-Id: I56277737b7d9ecaeb5e17c8d21a2e55f3d5d5bc9 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3919652 +Reviewed-by: Thomas Anderson <thomasanderson@chromium.org> +Commit-Queue: Thomas Anderson <thomasanderson@chromium.org> +Cr-Commit-Position: refs/heads/main@{#1052077} +--- + build/linux/unbundle/jsoncpp.gn | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/build/linux/unbundle/jsoncpp.gn b/build/linux/unbundle/jsoncpp.gn +index 544f9d13c9..e84a0ef27a 100644 +--- a/build/linux/unbundle/jsoncpp.gn ++++ b/build/linux/unbundle/jsoncpp.gn +@@ -3,6 +3,11 @@ import("//build/shim_headers.gni") + + pkg_config("jsoncpp_config") { + packages = [ "jsoncpp" ] ++ ++ # Defining JSON_DLL_BUILD applies public visibility to jsoncpp classes ++ # thus deactivating CFI checks for them. This avoids CFI violations in ++ # virtual calls to system jsoncpp library (https://crbug.com/1365218). ++ defines = [ "JSON_DLL_BUILD" ] + } + + shim_headers("jsoncpp_shim") { |