From 7fa96c67355da58514e62fc34e34c8af69dc3c9e Mon Sep 17 00:00:00 2001 From: Kevin Mihelich <kevin@archlinuxarm.org> Date: Sun, 25 Jan 2015 10:43:08 +0000 Subject: [PATCH] extra/chromium to 40.0.2214.91-1 --- extra/chromium/PKGBUILD | 14 +++++++---- .../chromium-webkit-buffer-overflow.patch | 23 +++++++++++++++++++ 2 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 extra/chromium/chromium-webkit-buffer-overflow.patch diff --git a/extra/chromium/PKGBUILD b/extra/chromium/PKGBUILD index 79812977d..ec9bce7a3 100644 --- a/extra/chromium/PKGBUILD +++ b/extra/chromium/PKGBUILD @@ -21,7 +21,7 @@ buildarch=4 pkgname=chromium -pkgver=39.0.2171.99 +pkgver=40.0.2214.91 pkgrel=1 pkgdesc="The open-source project behind Google Chrome, an attempt at creating a safer, faster, and more stable browser" arch=('armv6h' 'armv7h') @@ -48,15 +48,17 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgn arm-webrtc-fix.patch chromium-arm-r0.patch skia.patch - v6-ffmpeg.patch) -sha256sums=('6d527003a7dc3256a266d33fa42185c75934efd6de14f51cde345701ba2ae449' + v6-ffmpeg.patch + chromium-webkit-buffer-overflow.patch) +sha256sums=('f72fda9ff1ea256ab911610ee532eadf8303137d431f2481d01d3d60e5e64149' '09bfac44104f4ccda4c228053f689c947b3e97da9a4ab6fa34ce061ee83d0322' '478340d5760a9bd6c549e19b1b5d1c5b4933ebf5f8cfb2b3e2d70d07443fe232' '4999fded897af692f4974f0a3e3bbb215193519918a1fa9b31ed51e74a2dccb9' '9db0f01517c52e3236ff52e8a664840542a19144a54923ae6aabea3dcfa92c52' 'df4be49770d508b772f98eda9fc5f37fa71d4c0459437e12f7f3db5892aa1611' 'd53c0af6636611ee190083361d100cbbdc18515d94f59c2750da121022554226' - '3fbabcbd512494b529e0a0e17560735887acf2291a74653750f9b29f5d45774d') + '3fbabcbd512494b529e0a0e17560735887acf2291a74653750f9b29f5d45774d' + '870ca4516a0a5407b1e2da822a1ca4f201349c8699877f6bd248cd8e08e7f2f1') # Google API keys (see http://www.chromium.org/developers/how-tos/api-keys) # Note: These are for Arch Linux use ONLY. For your own distribution, please @@ -84,6 +86,10 @@ prepare() { # https://groups.google.com/a/chromium.org/d/topic/chromium-packagers/BNGvJc08B6Q find third_party/icu -type f \! -regex '.*\.\(gyp\|gypi\|isolate\)' -delete + # Fix a buffer overflow in blink::HarfBuzzShaper::resolveCandidateRuns() + # https://code.google.com/p/chromium/issues/detail?id=445075#c10 + patch -d third_party/WebKit -Np1 <../chromium-webkit-buffer-overflow.patch + MAKEFLAGS=-j4 # Use Python 2 diff --git a/extra/chromium/chromium-webkit-buffer-overflow.patch b/extra/chromium/chromium-webkit-buffer-overflow.patch new file mode 100644 index 000000000..c20bd7825 --- /dev/null +++ b/extra/chromium/chromium-webkit-buffer-overflow.patch @@ -0,0 +1,23 @@ +diff --git a/Source/platform/fonts/shaping/HarfBuzzShaper.cpp b/Source/platform/fonts/shaping/HarfBuzzShaper.cpp +index 87441d9..a90b925 100644 +--- a/Source/platform/fonts/shaping/HarfBuzzShaper.cpp ++++ b/Source/platform/fonts/shaping/HarfBuzzShaper.cpp +@@ -702,7 +702,7 @@ static inline void resolveRunBasedOnScriptValue(Vector<CandidateRun>& runs, + + static inline bool resolveCandidateRuns(Vector<CandidateRun>& runs) + { +- UScriptCode scriptExtensions[8]; ++ UScriptCode scriptExtensions[USCRIPT_CODE_LIMIT]; + UErrorCode errorCode = U_ZERO_ERROR; + size_t length = runs.size(); + size_t nextResolvedRun = 0; +@@ -714,7 +714,8 @@ static inline bool resolveCandidateRuns(Vector<CandidateRun>& runs) + run.script = i > 0 ? runs[i - 1].script : USCRIPT_COMMON; + + int extensionsLength = uscript_getScriptExtensions(run.character, +- scriptExtensions, sizeof(scriptExtensions), &errorCode); ++ scriptExtensions, sizeof(scriptExtensions) / sizeof(scriptExtensions[0]), ++ &errorCode); + if (U_FAILURE(errorCode)) + return false; +