extra/chromium to 94.0.4606.54-1

This commit is contained in:
Kevin Mihelich 2021-09-22 13:03:41 +00:00
parent 8f788e5bfd
commit 55d109d889
12 changed files with 192 additions and 1890 deletions

View file

@ -1,4 +1,4 @@
From 0ef073143173be99aba48602e78dcb8a602a665f Mon Sep 17 00:00:00 2001
From bf98ba5c122134948dd5da3bb18cdc7e7761023d Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Thu, 18 Feb 2021 19:35:58 -0700
Subject: [PATCH 1/3] widevine support for arm
@ -8,10 +8,10 @@ Subject: [PATCH 1/3] widevine support for arm
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/third_party/widevine/cdm/widevine.gni b/third_party/widevine/cdm/widevine.gni
index 21fdc870cecf..67aa6c2d2754 100644
index 1a833ae57589c..42164ca5416eb 100644
--- a/third_party/widevine/cdm/widevine.gni
+++ b/third_party/widevine/cdm/widevine.gni
@@ -26,7 +26,7 @@ if (is_chromeos_ash && !is_chromeos_device) {
@@ -26,7 +26,7 @@ if (is_chromeos && !is_chromeos_device) {
library_widevine_cdm_available =
(is_chromeos_ash && (target_cpu == "x64" || target_cpu == "arm")) ||
((target_os == "linux" || is_chromeos_lacros) &&

View file

@ -1,4 +1,4 @@
From bc1c3e2b3b429d09bc3170b7ee06c599373d6270 Mon Sep 17 00:00:00 2001
From 4165b45646bca0977b80e0aa7b7645fbb70e654f Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Tue, 2 Feb 2021 13:58:59 -0700
Subject: [PATCH 2/3] Run blink bindings generation single threaded
@ -9,7 +9,7 @@ When not single threaded this process will eat all the RAM.
1 file changed, 1 insertion(+)
diff --git a/third_party/blink/renderer/bindings/BUILD.gn b/third_party/blink/renderer/bindings/BUILD.gn
index 30017570a139..f88e5906f23f 100644
index 30017570a1391..f88e5906f23f4 100644
--- a/third_party/blink/renderer/bindings/BUILD.gn
+++ b/third_party/blink/renderer/bindings/BUILD.gn
@@ -148,6 +148,7 @@ template("generate_bindings") {

View file

@ -1,4 +1,4 @@
From 662671bbc3173ff64baf8d9e84b2c28f3978ad78 Mon Sep 17 00:00:00 2001
From 7e18463de3934080ab42a764b453cca010fb929f Mon Sep 17 00:00:00 2001
From: Kevin Mihelich <kevin@archlinuxarm.org>
Date: Wed, 21 Jul 2021 21:37:31 -0600
Subject: [PATCH 3/3] Fix eu-strip build for newer GCC
@ -10,7 +10,7 @@ Subject: [PATCH 3/3] Fix eu-strip build for newer GCC
create mode 100644 buildtools/third_party/eu-strip/gcc-fixes.patch
diff --git a/buildtools/third_party/eu-strip/build.sh b/buildtools/third_party/eu-strip/build.sh
index 86f2b67f6bbd..722ebcf46f06 100755
index 86f2b67f6bbd1..722ebcf46f061 100755
--- a/buildtools/third_party/eu-strip/build.sh
+++ b/buildtools/third_party/eu-strip/build.sh
@@ -1,7 +1,7 @@
@ -32,7 +32,7 @@ index 86f2b67f6bbd..722ebcf46f06 100755
../configure --enable-maintainer-mode
diff --git a/buildtools/third_party/eu-strip/gcc-fixes.patch b/buildtools/third_party/eu-strip/gcc-fixes.patch
new file mode 100644
index 000000000000..fdb84dffd936
index 0000000000000..fdb84dffd9364
--- /dev/null
+++ b/buildtools/third_party/eu-strip/gcc-fixes.patch
@@ -0,0 +1,171 @@

View file

@ -16,10 +16,10 @@ buildarch=12
highmem=1
pkgname=chromium
pkgver=93.0.4577.82
pkgrel=2
pkgver=94.0.4606.54
pkgrel=1
_launcher_ver=8
_gcc_patchset=6
_gcc_patchset=3
pkgdesc="A web browser built for speed, simplicity, and security"
arch=('x86_64')
url="https://www.chromium.org/Home"
@ -36,31 +36,31 @@ optdepends=('pipewire: WebRTC desktop sharing under Wayland'
source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgname-$pkgver.tar.xz
https://github.com/foutrelis/chromium-launcher/archive/v$_launcher_ver/chromium-launcher-$_launcher_ver.tar.gz
https://github.com/stha09/chromium-patches/releases/download/chromium-${pkgver%%.*}-patchset-$_gcc_patchset/chromium-${pkgver%%.*}-patchset-$_gcc_patchset.tar.xz
linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
linux-sandbox-fix-fstatat-crash.patch
replace-blacklist-with-ignorelist.patch
add-a-TODO-about-a-missing-pnacl-flag.patch
use-ffile-compilation-dir.patch
sql-make-VirtualCursor-standard-layout-type.patch
chromium-93-ffmpeg-4.4.patch
chromium-harfbuzz-3.0.0.patch
skia-harfbuzz-3.0.0.patch
chromium-94-ffmpeg-roll.patch
unexpire-accelerated-video-decode-flag.patch
use-oauth2-client-switches-as-default.patch
0001-widevine-support-for-arm.patch
0002-Run-blink-bindings-generation-single-threaded.patch
0003-Fix-eu-strip-build-for-newer-GCC.patch)
sha256sums=('5d66214858fcba11a8f733d7a6fab61ed10e13e7df4ed37e63b66a0370fb2853'
sha256sums=('033d9461e24251b790da17e64471eb22e3dfb09090744d3d0b7b4d0fbd75135d'
'213e50f48b67feb4441078d50b0fd431df34323be15be97c55302d3fdac4483a'
'a44ffd9e25fcbd8b3cc778871890e4da6fe12600ad549c807e1d03f61f0cdf73'
'268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3'
'253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5'
'22692bddaf2761c6ddf9ff0bc4722972bca4d4c5b2fd3e5dbdac7eb60d914320'
'd3344ba39b8c6ed202334ba7f441c70d81ddf8cdb15af1aa8c16e9a3a75fbb35'
'd53da216538f2e741a6e048ed103964a91a98e9a3c10c27fdfa34d4692fdc455'
'921010cd8fab5f30be76c68b68c9b39fac9e21f4c4133bb709879592bbdf606e'
'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150'
'1a9e074f417f8ffd78bcd6874d8e2e74a239905bf662f76a7755fa40dc476b57'
'7ce947944a139e66774dfc7249bf7c3069f07f83a0f1b2c1a1b14287a7e15928'
'dae11dec5088eb1b14045d8c9862801a342609c15701d7c371e1caccf46e1ffd'
'56acb6e743d2ab1ed9f3eb01700ade02521769978d03ac43226dec94659b3ace'
'2a97b26c3d6821b15ef4ef1369905c6fa3e9c8da4877eb9af4361452a425290b'
'e393174d7695d0bafed69e868c5fbfecf07aa6969f3b64596d0bae8b067e1711'
'88bece386073d5a2e970eefcd910010bdc5be2107bdad57bbfc005a4091112f6'
'9b385876b5da4e639a1a016213858a514c016cea657a24825223563683dba27f'
'f574f1d703baf4e39a70bed96aec0e9ebe04a304a3ba355ecaa8a93639c104e9')
'fa20edc66efbb4d172a028a1851bcbb635372ce56c81c0b434bf4e211a6ca728'
'85c7fd0fc70d3bce1a6949fd1062c6d5bc62507636e50200432cfb7b22cbef47'
'30f670b9ca3e5783aa5029f4d0407cec5f6d5bef7c41303b50b6fb312559bc65')
# Possible replacements are listed in build/linux/unbundle/replace_gn_files.py
# Keys are the names in the above script; values are the dependencies in Arch
@ -129,28 +129,29 @@ prepare() {
# Fix build with older ffmpeg
patch -Np1 -i ../chromium-93-ffmpeg-4.4.patch
# Fix build with harfbuzz 3.0.0
patch -Np1 -i ../chromium-harfbuzz-3.0.0.patch
patch -Np1 -d third_party/skia <../skia-harfbuzz-3.0.0.patch
# Revert change to custom function av_stream_get_first_dts; will need to
# switch to bundled ffmpeg when we're no longer using ffmpeg 4.4 in Arch
# Upstream commit that made first_dts internal causing Chromium to add a
# custom function: https://github.com/FFmpeg/FFmpeg/commit/591b88e6787c4
# https://crbug.com/1251779
patch -Rp1 -i ../chromium-94-ffmpeg-roll.patch
# https://crbug.com/1207478
patch -Np0 -i ../unexpire-accelerated-video-decode-flag.patch
# Revert transition to -fsanitize-ignorelist (needs newer clang)
patch -Rp1 -i ../replace-blacklist-with-ignorelist.patch
# Upstream fixes
patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch
# Revert addition of -ffile-compilation-dir= (needs newer clang)
patch -Rp1 -i ../add-a-TODO-about-a-missing-pnacl-flag.patch
patch -Rp1 -i ../use-ffile-compilation-dir.patch
# https://chromium-review.googlesource.com/c/chromium/src/+/2862724
patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch
# Fixes for building with libstdc++ instead of libc++
patch -Np1 -i ../patches/chromium-93-pdfium-include.patch
patch -Np1 -i ../patches/chromium-90-ruy-include.patch
patch -Np1 -i ../patches/chromium-93-HashPasswordManager-include.patch
patch -Np1 -i ../patches/chromium-93-BluetoothLowEnergyScanFilter-include.patch
patch -Np1 -i ../patches/chromium-93-ClassProperty-include.patch
patch -Np1 -i ../patches/chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
patch -Np1 -i ../patches/chromium-93-ScopedTestDialogAutoConfirm-include.patch
patch -Np1 -i ../patches/chromium-94-CustomSpaces-include.patch
# Link to system tools required by the build
mkdir -p third_party/node/linux/node-linux-x64/bin
@ -199,7 +200,7 @@ build() {
'is_cfi=false'
'chrome_pgo_phase=0'
'treat_warnings_as_errors=false'
'fieldtrial_testing_like_official_build=true'
'disable_fieldtrial_testing_config=true'
'blink_enable_generated_code_formatting=false'
'ffmpeg_branding="Chrome"'
'proprietary_codecs=true'
@ -279,7 +280,7 @@ package() {
libGLESv2.so
chromedriver
crashpad_handler
chrome_crashpad_handler
)
if [[ -z ${_system_libs[icu]+set} ]]; then

View file

@ -0,0 +1,28 @@
From 7a23987acb698c2934958cb42a5e7b1cd73fe142 Mon Sep 17 00:00:00 2001
From: Nico Weber <thakis@chromium.org>
Date: Tue, 20 Jul 2021 21:54:09 +0000
Subject: [PATCH] build: Add a TODO about a missing pnacl flag
Change-Id: I1700d185a23afe4120e14c755782450b1bf89289
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041785
Commit-Queue: Nico Weber <thakis@chromium.org>
Commit-Queue: Hans Wennborg <hans@chromium.org>
Auto-Submit: Nico Weber <thakis@chromium.org>
Reviewed-by: Hans Wennborg <hans@chromium.org>
Cr-Commit-Position: refs/heads/master@{#903659}
---
build/config/compiler/BUILD.gn | 1 +
1 file changed, 1 insertion(+)
diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn
index b6e095b705..ef6d1dfc12 100644
--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
@@ -1217,6 +1217,7 @@ config("compiler_deterministic") {
# we build same files with same compile flag.
# Other paths are already given in relative, no need to normalize them.
if (is_nacl) {
+ # TODO(https://crbug.com/1231236): Use -ffile-compilation-dir= here.
cflags += [
"-Xclang",
"-fdebug-compilation-dir",

View file

@ -0,0 +1,49 @@
From b94755e4633045be96ab5e0bdde0db7e16a804bd Mon Sep 17 00:00:00 2001
From: "liberato@chromium.org" <liberato@chromium.org>
Date: Fri, 6 Aug 2021 04:25:31 +0000
Subject: [PATCH] FFmpeg M94 roll.
Contains DEPS update + chromium-side fixes.
Bug: 1227259
Change-Id: I61c5eaa789ea12c17d0cbcbf837435b9cf32479b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3011889
Reviewed-by: Thomas Guilbert <tguilbert@chromium.org>
Commit-Queue: Frank Liberato <liberato@chromium.org>
Cr-Commit-Position: refs/heads/master@{#909174}
---
media/ffmpeg/ffmpeg_common.h | 1 +
media/filters/ffmpeg_demuxer.cc | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/media/ffmpeg/ffmpeg_common.h b/media/ffmpeg/ffmpeg_common.h
index cede8ac5a7..97d6307e28 100644
--- a/media/ffmpeg/ffmpeg_common.h
+++ b/media/ffmpeg/ffmpeg_common.h
@@ -29,6 +29,7 @@ extern "C" {
#include <libavformat/avformat.h>
#include <libavformat/avio.h>
#include <libavutil/avutil.h>
+#include <libavutil/channel_layout.h>
#include <libavutil/imgutils.h>
#include <libavutil/log.h>
#include <libavutil/mastering_display_metadata.h>
diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
index ac4713b072..605001d935 100644
--- a/media/filters/ffmpeg_demuxer.cc
+++ b/media/filters/ffmpeg_demuxer.cc
@@ -106,12 +106,12 @@ static base::TimeDelta ExtractStartTime(AVStream* stream) {
// Next try to use the first DTS value, for codecs where we know PTS == DTS
// (excludes all H26x codecs). The start time must be returned in PTS.
- if (stream->first_dts != kNoFFmpegTimestamp &&
+ if (av_stream_get_first_dts(stream) != kNoFFmpegTimestamp &&
stream->codecpar->codec_id != AV_CODEC_ID_HEVC &&
stream->codecpar->codec_id != AV_CODEC_ID_H264 &&
stream->codecpar->codec_id != AV_CODEC_ID_MPEG4) {
const base::TimeDelta first_pts =
- ConvertFromTimeBase(stream->time_base, stream->first_dts);
+ ConvertFromTimeBase(stream->time_base, av_stream_get_first_dts(stream));
if (first_pts < start_time)
start_time = first_pts;
}

View file

@ -1,20 +0,0 @@
# https://github.com/chromium/chromium/commit/b289f6f3fcbc
diff --git a/components/paint_preview/common/subset_font.cc b/components/paint_preview/common/subset_font.cc
index 8ff0540d9a..20a7d37474 100644
--- a/components/paint_preview/common/subset_font.cc
+++ b/components/paint_preview/common/subset_font.cc
@@ -72,9 +72,11 @@ sk_sp<SkData> SubsetFont(SkTypeface* typeface, const GlyphUsage& usage) {
hb_set_t* glyphs =
hb_subset_input_glyph_set(input.get()); // Owned by |input|.
usage.ForEach(base::BindRepeating(&AddGlyphs, base::Unretained(glyphs)));
- hb_subset_input_set_retain_gids(input.get(), true);
+ hb_subset_input_set_flags(input.get(), HB_SUBSET_FLAGS_RETAIN_GIDS);
- HbScoped<hb_face_t> subset_face(hb_subset(face.get(), input.get()));
+ HbScoped<hb_face_t> subset_face(hb_subset_or_fail(face.get(), input.get()));
+ if (!subset_face)
+ return nullptr;
HbScoped<hb_blob_t> subset_blob(hb_face_reference_blob(subset_face.get()));
if (!subset_blob)
return nullptr;

View file

@ -1,348 +0,0 @@
From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
From: Matthew Denton <mpdenton@chromium.org>
Date: Wed, 21 Jul 2021 12:55:11 +0000
Subject: [PATCH] Linux sandbox: fix fstatat() crash
This is a reland of https://crrev.com/c/2801873.
Glibc has started rewriting fstat(fd, stat_buf) to
fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
AT_EMPTY_PATH is specified, and the second argument is an empty string,
then fstatat just performs an fstat on fd like normal.
Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
The baseline policy needs to prevent this usage of fstatat() since it
doesn't allow access to arbitrary pathnames.
Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
simply ignored by current kernels.
This means fstatat() is completely unsandboxable with seccomp, since
we *need* to verify that the second argument is the empty string, but
we can't dereference pointers in seccomp (due to limitations of BPF,
and the difficulty of addressing these limitations due to TOCTOU
issues).
So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
The signal handler, which runs in the sandboxed process, checks for
AT_EMPTY_PATH and the empty string, and then rewrites any applicable
fstatat() back into the old-style fstat().
Bug: 1164975
Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
Reviewed-by: Robert Sesek <rsesek@chromium.org>
Commit-Queue: Matthew Denton <mpdenton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#903873}
---
.../seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++
.../baseline_policy_unittest.cc | 17 ++++++++++++-
.../seccomp-bpf-helpers/sigsys_handlers.cc | 25 +++++++++++++++++++
.../seccomp-bpf-helpers/sigsys_handlers.h | 14 +++++++++++
.../linux/syscall_broker/broker_process.cc | 21 ++++++++++------
.../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
sandbox/linux/system_headers/linux_stat.h | 4 +++
7 files changed, 89 insertions(+), 18 deletions(-)
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index f2a60bb4d7..9df0d2dbd3 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -20,6 +20,7 @@
#include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
#include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
#include "sandbox/linux/services/syscall_wrappers.h"
+#include "sandbox/linux/system_headers/linux_stat.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
#if !defined(SO_PEEK_OFF)
@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
return Allow();
}
+ // The fstatat syscalls are file system syscalls, which will be denied below
+ // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
+ // libc implementations to fstatat syscalls, and we need to rewrite them back.
+ if (sysno == __NR_fstatat_default) {
+ return RewriteFstatatSIGSYS(fs_denied_errno);
+ }
+
if (SyscallSets::IsFileSystem(sysno) ||
SyscallSets::IsCurrentDirectory(sysno)) {
return Error(fs_denied_errno);
diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
index 68c29b564b..57d307e09d 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
@@ -51,7 +51,8 @@ namespace sandbox {
namespace {
-// This also tests that read(), write() and fstat() are allowed.
+// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
+// AT_EMPTY_PATH) are allowed.
void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
BPF_ASSERT_LE(0, read_end.get());
BPF_ASSERT_LE(0, write_end.get());
@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
BPF_ASSERT_EQ(0, sys_ret);
BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
+ sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
+ BPF_ASSERT_EQ(0, sys_ret);
+ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
+
+ // Make sure fstatat with anything other than an empty string is denied.
+ sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
+ BPF_ASSERT_EQ(sys_ret, -1);
+ BPF_ASSERT_EQ(EPERM, errno);
+
+ // Make sure fstatat without AT_EMPTY_PATH is denied.
+ sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
+ BPF_ASSERT_EQ(sys_ret, -1);
+ BPF_ASSERT_EQ(EPERM, errno);
+
const ssize_t kTestTransferSize = 4;
static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
ssize_t transfered = 0;
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
index 64edbd68bd..71068a0452 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
@@ -6,6 +6,7 @@
#include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+#include <fcntl.h>
#include <stddef.h>
#include <stdint.h>
#include <string.h>
@@ -22,6 +23,7 @@
#include "sandbox/linux/seccomp-bpf/syscall.h"
#include "sandbox/linux/services/syscall_wrappers.h"
#include "sandbox/linux/system_headers/linux_seccomp.h"
+#include "sandbox/linux/system_headers/linux_stat.h"
#include "sandbox/linux/system_headers/linux_syscalls.h"
#if defined(__mips__)
@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
return -ENOSYS;
}
+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
+ void* fs_denied_errno) {
+ if (args.nr == __NR_fstatat_default) {
+ if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
+ args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
+ return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
+ reinterpret_cast<default_stat_struct*>(args.args[2]));
+ }
+ return -reinterpret_cast<intptr_t>(fs_denied_errno);
+ }
+
+ CrashSIGSYS_Handler(args, fs_denied_errno);
+
+ // Should never be reached.
+ RAW_CHECK(false);
+ return -ENOSYS;
+}
+
bpf_dsl::ResultExpr CrashSIGSYS() {
return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
}
@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
}
+bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
+ return bpf_dsl::Trap(SIGSYSFstatatHandler,
+ reinterpret_cast<void*>(fs_denied_errno));
+}
+
void AllocateCrashKeys() {
#if !defined(OS_NACL_NONSFI)
if (seccomp_crash_key)
diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
index 7a958b93b2..8cd735ce15 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
// sched_setparam(), sched_setscheduler()
SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
void* aux);
+// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
+// then rewrite the syscall to the equivalent fstat() syscall which can be
+// adequately sandboxed.
+// If the fstatat() is not functionally equivalent to an fstat() syscall, we
+// fail with -fs_denied_errno.
+// If the syscall is not an fstatat() at all, crash in the same way as
+// CrashSIGSYS_Handler.
+// This is necessary because glibc and musl have started rewriting fstat(fd,
+// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter
+// back to the former, which is actually sandboxable.
+SANDBOX_EXPORT intptr_t
+SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
+ void* fs_denied_errno);
// Variants of the above functions for use with bpf_dsl.
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
// Allocates a crash key so that Seccomp information can be recorded.
void AllocateCrashKeys();
diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc
index c2176eb785..e9dad37485 100644
--- a/sandbox/linux/syscall_broker/broker_process.cc
+++ b/sandbox/linux/syscall_broker/broker_process.cc
@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
}
bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
+ // The syscalls unavailable on aarch64 are all blocked by Android's default
+ // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX()
+ // with a corresponding XXat() versions are typically unavailable in aarch64
+ // and are default disabled in Android. So, we should refuse to broker them
+ // to be consistent with the platform's restrictions.
switch (sysno) {
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_access:
#endif
case __NR_faccessat:
return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_mkdir:
#endif
case __NR_mkdirat:
return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_open:
#endif
case __NR_openat:
return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_readlink:
#endif
case __NR_readlinkat:
return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_rename:
#endif
case __NR_renameat:
case __NR_renameat2:
return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_rmdir:
return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
#endif
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_stat:
case __NR_lstat:
#endif
@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
return !fast_check || allowed_command_set_.test(COMMAND_STAT);
#endif
-#if !defined(__aarch64__)
+#if !defined(__aarch64__) && !defined(OS_ANDROID)
case __NR_unlink:
return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
#endif
diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
index c65f25a78a..f0db08d84e 100644
--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand = {
{COMMAND_ACCESS,
{__NR_faccessat,
-#if defined(__NR_access)
+#if defined(__NR_access) && !defined(OS_ANDROID)
__NR_access
#endif
}},
{COMMAND_MKDIR,
{__NR_mkdirat,
-#if defined(__NR_mkdir)
+#if defined(__NR_mkdir) && !defined(OS_ANDROID)
__NR_mkdir
#endif
}},
{COMMAND_OPEN,
{__NR_openat,
-#if defined(__NR_open)
+#if defined(__NR_open) && !defined(OS_ANDROID)
__NR_open
#endif
}},
{COMMAND_READLINK,
{__NR_readlinkat,
-#if defined(__NR_readlink)
+#if defined(__NR_readlink) && !defined(OS_ANDROID)
__NR_readlink
#endif
}},
{COMMAND_RENAME,
{__NR_renameat,
-#if defined(__NR_rename)
+#if defined(__NR_rename) && !defined(OS_ANDROID)
__NR_rename
#endif
}},
{COMMAND_UNLINK,
{__NR_unlinkat,
-#if defined(__NR_unlink)
+#if defined(__NR_unlink) && !defined(OS_ANDROID)
__NR_unlink
#endif
}},
{COMMAND_RMDIR,
{__NR_unlinkat,
-#if defined(__NR_rmdir)
+#if defined(__NR_rmdir) && !defined(OS_ANDROID)
__NR_rmdir
#endif
}},
{COMMAND_STAT,
{
-#if defined(__NR_stat)
+#if defined(__NR_stat) && !defined(OS_ANDROID)
__NR_stat,
#endif
-#if defined(__NR_lstat)
+#if defined(__NR_lstat) && !defined(OS_ANDROID)
__NR_lstat,
#endif
#if defined(__NR_fstatat)
diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
index 35788eb22a..83b89efc75 100644
--- a/sandbox/linux/system_headers/linux_stat.h
+++ b/sandbox/linux/system_headers/linux_stat.h
@@ -157,6 +157,10 @@ struct kernel_stat {
};
#endif
+#if !defined(AT_EMPTY_PATH)
+#define AT_EMPTY_PATH 0x1000
+#endif
+
// On 32-bit systems, we default to the 64-bit stat struct like libc
// implementations do. Otherwise we default to the normal stat struct which is
// already 64-bit.

View file

@ -1,100 +0,0 @@
# Minimal diff for harfbuzz 3.0.0 support; based on:
# https://github.com/google/skia/commit/66684b17b382
# https://github.com/google/skia/commit/51d83abcd24a
diff --git a/gn/skia.gni b/gn/skia.gni
index d98fdc19ee..199335d5c4 100644
--- a/gn/skia.gni
+++ b/gn/skia.gni
@@ -34,8 +34,6 @@ declare_args() {
skia_include_multiframe_procs = false
skia_lex = false
skia_libgifcodec_path = "third_party/externals/libgifcodec"
- skia_pdf_subset_harfbuzz =
- false # TODO: set skia_pdf_subset_harfbuzz to skia_use_harfbuzz.
skia_qt_path = getenv("QT_PATH")
skia_skqp_global_error_tolerance = 0
skia_tools_require_resources = false
@@ -99,6 +97,10 @@ declare_args() {
skia_use_libfuzzer_defaults = true
}
+declare_args() {
+ skia_pdf_subset_harfbuzz = skia_use_harfbuzz
+}
+
declare_args() {
skia_compile_sksl_tests = skia_compile_processors
skia_enable_fontmgr_android = skia_use_expat && skia_use_freetype
diff --git a/src/pdf/SkPDFSubsetFont.cpp b/src/pdf/SkPDFSubsetFont.cpp
index 81c37eef3a..2340a7937b 100644
--- a/src/pdf/SkPDFSubsetFont.cpp
+++ b/src/pdf/SkPDFSubsetFont.cpp
@@ -49,6 +49,37 @@ static sk_sp<SkData> to_data(HBBlob blob) {
blob.release());
}
+template<typename...> using void_t = void;
+template<typename T, typename = void>
+struct SkPDFHarfBuzzSubset {
+ // This is the HarfBuzz 3.0 interface.
+ // hb_subset_flags_t does not exist in 2.0. It isn't dependent on T, so inline the value of
+ // HB_SUBSET_FLAGS_RETAIN_GIDS until 2.0 is no longer supported.
+ static HBFace Make(T input, hb_face_t* face) {
+ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
+ // If it isn't known if a font is 'tricky', retain the hints.
+ hb_subset_input_set_flags(input, 2/*HB_SUBSET_FLAGS_RETAIN_GIDS*/);
+ return HBFace(hb_subset_or_fail(face, input));
+ }
+};
+template<typename T>
+struct SkPDFHarfBuzzSubset<T, void_t<
+ decltype(hb_subset_input_set_retain_gids(std::declval<T>(), std::declval<bool>())),
+ decltype(hb_subset_input_set_drop_hints(std::declval<T>(), std::declval<bool>())),
+ decltype(hb_subset(std::declval<hb_face_t*>(), std::declval<T>()))
+ >>
+{
+ // This is the HarfBuzz 2.0 (non-public) interface, used if it exists.
+ // This code should be removed as soon as all users are migrated to the newer API.
+ static HBFace Make(T input, hb_face_t* face) {
+ hb_subset_input_set_retain_gids(input, true);
+ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
+ // If it isn't known if a font is 'tricky', retain the hints.
+ hb_subset_input_set_drop_hints(input, false);
+ return HBFace(hb_subset(face, input));
+ }
+};
+
static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
const SkPDFGlyphUse& glyphUsage,
int ttcIndex) {
@@ -71,11 +102,10 @@ static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
hb_set_t* glyphs = hb_subset_input_glyph_set(input.get());
glyphUsage.getSetValues([&glyphs](unsigned gid) { hb_set_add(glyphs, gid);});
- hb_subset_input_set_retain_gids(input.get(), true);
- // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
- // If it isn't known if a font is 'tricky', retain the hints.
- hb_subset_input_set_drop_hints(input.get(), false);
- HBFace subset(hb_subset(face.get(), input.get()));
+ HBFace subset = SkPDFHarfBuzzSubset<hb_subset_input_t*>::Make(input.get(), face.get());
+ if (!subset) {
+ return nullptr;
+ }
HBBlob result(hb_face_reference_blob(subset.get()));
return to_data(std::move(result));
}
diff --git a/third_party/harfbuzz/BUILD.gn b/third_party/harfbuzz/BUILD.gn
index 173830de62..4156607ef9 100644
--- a/third_party/harfbuzz/BUILD.gn
+++ b/third_party/harfbuzz/BUILD.gn
@@ -14,6 +14,9 @@ if (skia_use_system_harfbuzz) {
system("harfbuzz") {
include_dirs = [ "/usr/include/harfbuzz" ]
libs = [ "harfbuzz" ]
+ if (skia_pdf_subset_harfbuzz) {
+ libs += [ "harfbuzz-subset" ]
+ }
}
} else {
third_party("harfbuzz") {

View file

@ -0,0 +1,11 @@
--- chrome/browser/flag-metadata.json.orig 2021-09-21 18:34:38.740426608 +0000
+++ chrome/browser/flag-metadata.json 2021-09-21 18:35:09.392000797 +0000
@@ -1285,7 +1285,7 @@
{
"name": "enable-accelerated-video-decode",
"owners": [ "media-dev@chromium.org" ],
- "expiry_milestone": 93
+ "expiry_milestone": 99
},
{
"name": "enable-accessibility-live-caption",

View file

@ -0,0 +1,65 @@
From 34a955823630096f5b01c2b01d51c1ea59d22763 Mon Sep 17 00:00:00 2001
From: Zequan Wu <zequanwu@google.com>
Date: Tue, 20 Jul 2021 14:13:50 +0000
Subject: [PATCH] Use -ffile-compilation-dir= instead of
-fdebug-compilation-dir=
Bug: 1010267
Change-Id: If2b4ead8535a76490eb466a38e3d8fed6ea91079
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2770738
Auto-Submit: Zequan Wu <zequanwu@google.com>
Commit-Queue: Nico Weber <thakis@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#903456}
---
build/config/compiler/BUILD.gn | 18 ++++++++++++------
build/config/compiler/compiler.gni | 7 ++-----
2 files changed, 14 insertions(+), 11 deletions(-)
diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn
index ede07d111c..6db16c1cdd 100644
--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
@@ -1216,12 +1216,18 @@ config("compiler_deterministic") {
# different build directory like "out/feature_a" and "out/feature_b" if
# we build same files with same compile flag.
# Other paths are already given in relative, no need to normalize them.
- cflags += [
- "-Xclang",
- "-fdebug-compilation-dir",
- "-Xclang",
- ".",
- ]
+ if (is_nacl) {
+ cflags += [
+ "-Xclang",
+ "-fdebug-compilation-dir",
+ "-Xclang",
+ ".",
+ ]
+ } else {
+ # -ffile-compilation-dir is an alias for both -fdebug-compilation-dir=
+ # and -fcoverage-compilation-dir=.
+ cflags += [ "-ffile-compilation-dir=." ]
+ }
if (!is_win) {
# We don't use clang -cc1as on Windows (yet? https://crbug.com/762167)
asmflags = [ "-Wa,-fdebug-compilation-dir,." ]
diff --git a/build/config/compiler/compiler.gni b/build/config/compiler/compiler.gni
index 8c259c360a..642319b4f4 100644
--- a/build/config/compiler/compiler.gni
+++ b/build/config/compiler/compiler.gni
@@ -225,11 +225,8 @@ declare_args() {
# deterministic builds to reduce compile times, so this is less relevant for
# official builders.
strip_absolute_paths_from_debug_symbols_default =
- # TODO(crbug.com/1010267): remove '!use_clang_coverage', coverage build has
- # dependency to absolute path of source files.
- !use_clang_coverage &&
- (is_android || is_fuchsia || is_nacl || (is_win && use_lld) || is_linux ||
- is_chromeos || (is_apple && !enable_dsyms))
+ is_android || is_fuchsia || is_nacl || (is_win && use_lld) || is_linux ||
+ is_chromeos || (is_apple && !enable_dsyms)
# If the platform uses stripped absolute paths by default, then we don't expose
# it as a configuration option. If this is causing problems, please file a bug.