extra/chromium to 50.0.2661.75-1

extra/chromium/0001-system-ffmpeg-fixes.patch

@@ -1,7 +1,7 @@
-From 8790632dee783eb26997715df33c600128cf217b Mon Sep 17 00:00:00 2001
+From a8e03faa56efeacd50fe8b64bda65ac17c83ea8e Mon Sep 17 00:00:00 2001
 From: Kevin Mihelich <kevin@archlinuxarm.org>
 Date: Sun, 6 Mar 2016 20:26:53 -0700
-Subject: [PATCH 1/3] system ffmpeg fixes
+Subject: [PATCH 1/2] system ffmpeg fixes
 
 ---
  media/ffmpeg/ffmpeg_common.h    |  5 -----
@@ -32,10 +32,10 @@ index 55e3ab7..0ec595c 100644
  #include <libavutil/avutil.h>
  #include <libavutil/imgutils.h>
 diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
-index 18863e6..a7cd444 100644
+index 20adebe..166cea6 100644
 --- a/media/filters/ffmpeg_demuxer.cc
 +++ b/media/filters/ffmpeg_demuxer.cc
-@@ -1035,24 +1035,6 @@ void FFmpegDemuxer::OnFindStreamInfoDone(const PipelineStatusCB& status_cb,
+@@ -1034,24 +1034,6 @@ void FFmpegDemuxer::OnFindStreamInfoDone(const PipelineStatusCB& status_cb,
    // If no estimate is found, the stream entry will be kInfiniteDuration().
    std::vector<base::TimeDelta> start_time_estimates(format_context->nb_streams,
                                                      kInfiniteDuration());
@@ -61,5 +61,5 @@ index 18863e6..a7cd444 100644
    AVStream* audio_stream = NULL;
    AudioDecoderConfig audio_config;
 -- 
-2.7.2
+2.8.0
 

extra/chromium/0002-Linux-Sandbox-whitelist-arm64-syscalls.patch

@@ -1,7 +1,7 @@
-From 76610303d10f886c382fe6ba54f0d89ed652497f Mon Sep 17 00:00:00 2001
+From 3dafa17489a30f5e2a9d274f842a8caa9f881698 Mon Sep 17 00:00:00 2001
 From: "riku.voipio" <riku.voipio@linaro.org>
 Date: Tue, 1 Mar 2016 08:02:43 -0800
-Subject: [PATCH 3/3] Linux Sandbox: whitelist arm64 syscalls
+Subject: [PATCH 2/2] Linux Sandbox: whitelist arm64 syscalls
 
 On debian/arm64, two syscalls needed whitelisting for chromium to work with seccomp:
 
@@ -20,8 +20,9 @@ Cr-Commit-Position: refs/heads/master@{#378440}
  components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc | 3 ++-
  content/common/sandbox_linux/bpf_renderer_policy_linux.cc      | 3 ++-
  content/common/sandbox_linux/bpf_utility_policy_linux.cc       | 3 ++-
+ mojo/shell/runner/host/linux_sandbox.cc                        | 7 ++++++-
  sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc              | 2 +-
- 4 files changed, 7 insertions(+), 4 deletions(-)
+ 5 files changed, 13 insertions(+), 5 deletions(-)
 
 diff --git a/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc b/components/nacl/loader/sandbox_linux/nacl_bpf_sandbox_linux.cc
 index 66a606a..3e88304 100644
@@ -65,8 +66,47 @@ index 3ead1c8..1336796 100644
      case __NR_getrlimit:
  #endif
  #if defined(__i386__) || defined(__arm__)
+diff --git a/mojo/shell/runner/host/linux_sandbox.cc b/mojo/shell/runner/host/linux_sandbox.cc
+index 6cd3750..0d9082c 100644
+--- a/mojo/shell/runner/host/linux_sandbox.cc
++++ b/mojo/shell/runner/host/linux_sandbox.cc
+@@ -39,12 +39,14 @@ intptr_t SandboxSIGSYSHandler(const struct sandbox::arch_seccomp_data& args,
+   const sandbox::syscall_broker::BrokerProcess* broker_process =
+       static_cast<const sandbox::syscall_broker::BrokerProcess*>(aux);
+   switch (args.nr) {
++#if !defined(__aarch64__)
+     case __NR_access:
+       return broker_process->Access(reinterpret_cast<const char*>(args.args[0]),
+                                     static_cast<int>(args.args[1]));
+     case __NR_open:
+       return broker_process->Open(reinterpret_cast<const char*>(args.args[0]),
+                                   static_cast<int>(args.args[1]));
++#endif
+     case __NR_faccessat:
+       if (static_cast<int>(args.args[0]) == AT_FDCWD) {
+         return broker_process->Access(
+@@ -77,15 +79,18 @@ class SandboxPolicy : public sandbox::BaselinePolicy {
+   sandbox::bpf_dsl::ResultExpr EvaluateSyscall(int sysno) const override {
+     // This policy is only advisory/for noticing FS access for the moment.
+     switch (sysno) {
++#if !defined(__aarch64__)
+       case __NR_access:
+       case __NR_open:
++#endif
+       case __NR_faccessat:
+       case __NR_openat:
+         return sandbox::bpf_dsl::Trap(SandboxSIGSYSHandler, broker_process_);
+       case __NR_sched_getaffinity:
+         return sandbox::RestrictSchedTarget(policy_pid(), sysno);
+       case __NR_ftruncate:
+-#if defined(__i386__) || defined(__x86_64__) || defined(__mips__)
++#if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \
++    defined(__aarch64__)
+       // Per #ifdefs in
+       // content/common/sandbox_linux/bpf_renderer_policy_linux.cc
+       case __NR_getrlimit:
 diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-index c217d47..21147b4 100644
+index 10278dc..b30b3e6 100644
 --- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
 +++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
 @@ -414,6 +414,7 @@ bool SyscallSets::IsAllowedEpoll(int sysno) {
@@ -86,5 +126,5 @@ index c217d47..21147b4 100644
      case __NR_epoll_wait_old:
  #endif
 -- 
-2.7.2
+2.8.0
 

extra/chromium/0002-sandbox-arm64-align-stack-16-bytes.patch

@@ -1,69 +0,0 @@
-From a6a7d9a4ad84da293071fbbbc7eedd2ce51abdf4 Mon Sep 17 00:00:00 2001
-From: "riku.voipio" <riku.voipio@linaro.org>
-Date: Wed, 27 Jan 2016 09:13:57 -0800
-Subject: [PATCH 2/3] sandbox arm64: align stack 16 bytes
-
-chrome fails to start with user namespace sandboxing:
-
-[866:866:0120/134742:FATAL:zygote_host_impl_linux.cc(182)] Check failed: process.IsValid().
-Failed to launch zygote process
-
-With strace..
-
-clone(child_stack=0x7ffd28fd98, flags=CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
-
-Which compared to kernel sources[1], shows that stack needs to be 16
-bytes aligned. because stack grows downward, this patch assumes
-PTHREAD_STACK_MIN is dividable by 16 too.
-
-[1] http://lxr.free-electrons.com/source/arch/arm64/kernel/process.c#L267
-
-BUG=581018
-R=keescook@chromium.org,jln@chromium.org,rsesek@chromium.org,thakis@chromium.org
-TEST=base_unittests ProcessUtilTest.* and sandbox_linux_unittests NamespaceSandboxTest.*
-
-Review URL: https://codereview.chromium.org/1617763002
-
-Cr-Commit-Position: refs/heads/master@{#371809}
----
- base/process/launch_posix.cc          | 2 +-
- sandbox/linux/services/credentials.cc | 3 ++-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc
-index 4bd3da3..4019de5 100644
---- a/base/process/launch_posix.cc
-+++ b/base/process/launch_posix.cc
-@@ -736,7 +736,7 @@ NOINLINE pid_t CloneAndLongjmpInChild(unsigned long flags,
-   // internal pid cache. The libc interface unfortunately requires
-   // specifying a new stack, so we use setjmp/longjmp to emulate
-   // fork-like behavior.
--  char stack_buf[PTHREAD_STACK_MIN];
-+  char stack_buf[PTHREAD_STACK_MIN] ALIGNAS(16);
- #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
-     defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY)
-   // The stack grows downward.
-diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc
-index fb6b6b4..76038af 100644
---- a/sandbox/linux/services/credentials.cc
-+++ b/sandbox/linux/services/credentials.cc
-@@ -16,6 +16,7 @@
- #include <unistd.h>
- 
- #include "base/bind.h"
-+#include "base/compiler_specific.h"
- #include "base/files/file_path.h"
- #include "base/files/file_util.h"
- #include "base/logging.h"
-@@ -94,7 +95,7 @@ bool ChrootToSafeEmptyDir() {
-   // /proc/tid directory for the thread (since /proc may not be aware of the
-   // PID namespace). With a process, we can just use /proc/self.
-   pid_t pid = -1;
--  char stack_buf[PTHREAD_STACK_MIN];
-+  char stack_buf[PTHREAD_STACK_MIN] ALIGNAS(16);
- #if defined(ARCH_CPU_X86_FAMILY) || defined(ARCH_CPU_ARM_FAMILY) || \
-     defined(ARCH_CPU_MIPS64_FAMILY) || defined(ARCH_CPU_MIPS_FAMILY)
-   // The stack grows downward.
--- 
-2.7.2
-

extra/chromium/PKGBUILD

@@ -19,14 +19,14 @@ buildarch=12
 highmem=1
 
 pkgname=chromium
-pkgver=49.0.2623.112
+pkgver=50.0.2661.75
 pkgrel=1
 _launcher_ver=3
 pkgdesc="The open-source project behind Google Chrome, an attempt at creating a safer, faster, and more stable browser"
 arch=('armv6h' 'armv7h')
 url="http://www.chromium.org/"
 license=('BSD')
-depends=('gtk2' 'nss' 'alsa-lib' 'xdg-utils' 'bzip2' 'libevent' 'libxss' 'icu'
+depends=('gtk2' 'nss' 'alsa-lib' 'xdg-utils' 'bzip2' 'libevent' 'libxss'
          'libexif' 'libgcrypt' 'ttf-font' 'systemd' 'dbus' 'flac' 'snappy'
          'speech-dispatcher' 'pciutils' 'libpulse' 'harfbuzz' 'libsecret'
          'libvpx' 'perl' 'perl-file-basedir' 'desktop-file-utils'
@@ -43,15 +43,13 @@ source=(https://commondatastorage.googleapis.com/chromium-browser-official/$pkgn
         chromium.desktop
         chromium-widevine.patch
         0001-system-ffmpeg-fixes.patch
-        0002-sandbox-arm64-align-stack-16-bytes.patch
+        0002-Linux-Sandbox-whitelist-arm64-syscalls.patch)
-        0003-Linux-Sandbox-whitelist-arm64-syscalls.patch)
+sha256sums=('c12d644e711ec85c800ab61a749d1f03ba7999e0c3cd20f8495a674d39a643da'
-sha256sums=('443b6d5f0d07f336783e700edc4ecae96769e105d0f8553e98fefae747302cf0'
             '8b01fb4efe58146279858a754d90b49e5a38c9a0b36a1f84cbb7d12f92b84c28'
             '028a748a5c275de9b8f776f97909f999a8583a4b77fd1cd600b4fc5c0c3e91e9'
             '4660344789c45c9b9e52cb6d86f7cb6edb297b39320d04f6947e5216d6e5f64c'
-            '9f0d843fcda221b97386f8686a00918a5e165e65e9eb34df19ba6bc11ec91eee'
+            '3f6ba01852ec1b936a2e1139158880d1042515d5ec03253fcae72409dd73fa3a'
-            '48e83c69c33d5b0882982e71c1a3c55a093d2c0416374db6159a87fd4b836ece'
+            'd56afe7ce997e0536b6a3a0dc8417595d6b96fb7d92b9d742876308728e43cad')
-            'c5b6a12756eb50ecf9bf0763b9ab3e6822fe6365083b73595ca8c593c963145b')
 
 # Google API keys (see http://www.chromium.org/developers/how-tos/api-keys)
 # Note: These are for Arch Linux use ONLY. For your own distribution, please
@@ -81,13 +79,15 @@ prepare() {
   patch -Np1 -i ../0001-system-ffmpeg-fixes.patch
 
   # Upstream AArch64 fixes
-  patch -Np1 -i ../0002-sandbox-arm64-align-stack-16-bytes.patch
+  patch -Np1 -i ../0002-Linux-Sandbox-whitelist-arm64-syscalls.patch
-  patch -Np1 -i ../0003-Linux-Sandbox-whitelist-arm64-syscalls.patch
 
-  # Remove bundled ICU; its header files appear to get picked up instead of
+  # Commentception – use bundled ICU due to build failures (50.0.2661.75)
-  # the system ones, leading to errors during the final link stage.
+  # See https://crbug.com/584920 and https://crbug.com/592268
-  # https://groups.google.com/a/chromium.org/d/topic/chromium-packagers/BNGvJc08B6Q
+  # ---
-  find third_party/icu -type f \! -regex '.*\.\(gyp\|gypi\|isolate\)' -delete
+  ## Remove bundled ICU; its header files appear to get picked up instead of
+  ## the system ones, leading to errors during the final link stage.
+  ## https://groups.google.com/a/chromium.org/d/topic/chromium-packagers/BNGvJc08B6Q
+  #find third_party/icu -type f \! -regex '.*\.\(gyp\|gypi\|isolate\)' -delete
 
   [[ $CARCH == "armv7h" ]] && MAKEFLAGS=-j4
 
@@ -128,7 +128,7 @@ build() {
     -Dlinux_use_bundled_binutils=0
     -Dlinux_use_bundled_gold=0
     -Dlinux_use_gold_flags=0
-    -Dicu_use_data_file_flag=0
+    -Dicu_use_data_file_flag=1
     -Dlogging_like_official_build=1
     -Dtracing_like_official_build=1
     -Dfieldtrial_testing_like_official_build=1
@@ -141,7 +141,7 @@ build() {
     -Duse_system_flac=1
     -Duse_system_ffmpeg=1
     -Duse_system_harfbuzz=1
-    -Duse_system_icu=1
+    -Duse_system_icu=0
     -Duse_system_libevent=1
     -Duse_system_libjpeg=1
     -Duse_system_libpng=1
@@ -226,4 +226,6 @@ package() {
   done
 
   install -Dm644 LICENSE "$pkgdir/usr/share/licenses/chromium/LICENSE"
+
+  install -Dm644 out/Release/icudtl.dat "${pkgdir}/usr/lib/chromium/icudtl.dat"
 }