[openhantek] Update to 2.01.
by Vasiliy Glazov
commit 00c91936133ce67790414c7845bdfd906a709a2b
Author: Vasiliy Glazov <vascom2(a)gmail.com>
Date: Sat Apr 27 07:33:30 2019 +0300
Update to 2.01.
.gitignore | 1 +
openhantek.spec | 24 +++++++++++++++---------
sources | 2 +-
3 files changed, 17 insertions(+), 10 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 926b0ed..24ccf9f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
/57e0bebcc1d4cf99d70071eae48604149332abd3
/78623870f4e18910448b9beed86b32911f1db3a2
/eb33325b9e7168043914c2557d1263cad0a0785e
+/v2.01.tar.gz
diff --git a/openhantek.spec b/openhantek.spec
index 5c6d774..de87b6c 100644
--- a/openhantek.spec
+++ b/openhantek.spec
@@ -1,16 +1,15 @@
-%global gitcommit_full eb33325b9e7168043914c2557d1263cad0a0785e
-%global gitcommit %(c=%{gitcommit_full}; echo ${c:0:7})
-%global date 20190110
+%global optflags %{optflags} -flto
+%global build_ldflags %{build_ldflags} -flto
Name: openhantek
-Version: 0
-Release: 4.%{date}git%{gitcommit}%{?dist}
+Version: 2.01
+Release: 1%{?dist}
Summary: Hantek and compatible USB digital signal oscilloscope
#Contain nonfree firmware
License: GPLv3+ and GPLv2+ and ASL 2.0 and nonfree
-URL: http://openhantek.org
-Source0: https://github.com/OpenHantek/openhantek/tarball/%{gitcommit_full}
+URL: https://github.com/OpenHantek/OpenHantek6022
+Source0: %{url}/archive/v%{version}.tar.gz
Source1: %{name}.desktop
BuildRequires: gcc-c++
@@ -35,13 +34,17 @@ OpenHantek is a free software for Hantek and compatible
Supported devices: DSO2xxx Series, DSO52xx Series, 6022BE/BL.
%prep
-%autosetup -n OpenHantek-%{name}-%{gitcommit}
+%autosetup -n OpenHantek6022-%{version}
%build
mkdir build
pushd build
- %cmake3 ..
+ %cmake3 \
+ -DCMAKE_AR=/usr/bin/gcc-ar \
+ -DCMAKE_RANLIB=/usr/bin/gcc-ranlib \
+ -DCMAKE_NM=/usr/bin/gcc-nm \
+ ..
%make_build
popd
@@ -66,6 +69,9 @@ install -p -D -m 644 %{name}/res/images/%{name}.svg %{buildroot}%{_datadir}/icon
%changelog
+* Sat Apr 27 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 2.01-1
+- Update to 2.01
+
* Tue Mar 05 2019 RPM Fusion Release Engineering <leigh123linux(a)gmail.com> - 0-4.20190110giteb33325
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
diff --git a/sources b/sources
index 5f4e3dd..6eb5b01 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-da6659a113dc2d927ce845c07d68b54e eb33325b9e7168043914c2557d1263cad0a0785e
+3ecd4260e00ac325de5f2b15dccb8097 v2.01.tar.gz
5 years
[caja-dropbox/f30: 3/3] update to 1.22.1
by Wolfgang Ulbrich
commit d5bf8bf87a4c5c7890233b569cf335a96d297a99
Merge: 340ec4b 782a437
Author: raveit65 <mate(a)raveit.de>
Date: Fri Apr 26 17:39:12 2019 +0200
update to 1.22.1
.gitignore | 1 +
caja-dropbox.spec | 12 +++---
...0001-show-full-path-of-caja-extension-dir.patch | 29 --------------
...TENSION_DIR_SYS-to-save-and-show-system-c.patch | 44 ----------------------
sources | 2 +-
5 files changed, 7 insertions(+), 81 deletions(-)
---
5 years
[caja-dropbox/f30] (3 commits) ...update to 1.22.1
by Wolfgang Ulbrich
Summary of changes:
7de1142... exclude archs again (*)
782a437... update to 1.22.1 (*)
d5bf8bf... update to 1.22.1
(*) This commit already existed in another branch; no separate mail sent
5 years
[caja-dropbox] update to 1.22.1
by Wolfgang Ulbrich
commit 782a4377a20d8435d043199f289a11b3c7e718dd
Author: raveit65 <mate(a)raveit.de>
Date: Fri Apr 26 17:36:55 2019 +0200
update to 1.22.1
.gitignore | 1 +
caja-dropbox.spec | 12 +++---
...0001-show-full-path-of-caja-extension-dir.patch | 29 --------------
...TENSION_DIR_SYS-to-save-and-show-system-c.patch | 44 ----------------------
sources | 2 +-
5 files changed, 7 insertions(+), 81 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 42bd42e..bee1fcd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ caja-dropbox-1.10.0.tar.xz
/caja-dropbox-1.18.0.tar.xz
/caja-dropbox-1.20.0.tar.xz
/caja-dropbox-1.22.0.tar.xz
+/caja-dropbox-1.22.1.tar.xz
diff --git a/caja-dropbox.spec b/caja-dropbox.spec
index f8d7402..47a6e7f 100644
--- a/caja-dropbox.spec
+++ b/caja-dropbox.spec
@@ -3,18 +3,13 @@
Summary: Dropbox extension for caja
Name: caja-dropbox
-Version: %{branch}.0
-Release: 2%{?dist}
+Version: %{branch}.1
+Release: 1%{?dist}
License: GPLv2+
Group: User Interface/Desktops
URL: https://mate-desktop.org
Source0: https://pub.mate-desktop.org/releases/%{branch}/%{name}-%{version}.tar.xz
-# https://github.com/mate-desktop/caja-dropbox/commit/fdc25dc
-Patch1: caja-dropbox_0001-show-full-path-of-caja-extension-dir.patch
-# https://github.com/mate-desktop/caja-dropbox/commit/5fdcb17
-Patch2: caja-dropbox_0002-Use-CAJA_EXTENSION_DIR_SYS-to-save-and-show-system-c.patch
-
ExclusiveArch: i686 x86_64
BuildRequires: gcc
@@ -61,6 +56,9 @@ rm -rf %{buildroot}%{_datadir}/applications/*
%changelog
+* Fri Apr 26 2019 Wolfgang Ulbrich <fedora(a)raveit.de> - 1.22.1-1
+- update to 1.22.1
+
* Mon Apr 08 2019 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.22.0-2
- exclude archs again
diff --git a/sources b/sources
index 07fd66d..0fbf466 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-8cd368c473a6586631cfcfae38c1c436 caja-dropbox-1.22.0.tar.xz
+d83e2913454d2b7da026bed377108b50 caja-dropbox-1.22.1.tar.xz
5 years
[chromium-vaapi] Update to 74.0.3729.108 Install missing MEIPreload component
by hellbanger
commit f0dfab73268025786f495e5750116a14b521e3ca
Author: Akarshan Biswas <akarshan.biswas(a)gmail.com>
Date: Fri Apr 26 07:09:43 2019 +0000
Update to 74.0.3729.108
Install missing MEIPreload component
chromium-color_utils-use-std-sqrt.patch | 48 -------------
chromium-glibc-2.29.patch | 98 +++++++++++++++++++++++++++
chromium-media-fix-build-with-libstdc++.patch | 48 -------------
chromium-vaapi.spec | 32 +++++----
nounrar.patch | 13 ++--
stopVsyncspam.patch | 32 ---------
6 files changed, 124 insertions(+), 147 deletions(-)
---
diff --git a/chromium-glibc-2.29.patch b/chromium-glibc-2.29.patch
new file mode 100644
index 0000000..5b00aad
--- /dev/null
+++ b/chromium-glibc-2.29.patch
@@ -0,0 +1,98 @@
+tree 0f4b37852646eae176de06a5d92cd2f68ffaf318
+parent a38dc4152f043e81310b0deff46f9a770b9f5fcb
+author Matthew Denton <mpdenton(a)chromium.org> 1555962368 -0700
+committer Matthew Denton <mpdenton(a)chromium.org> 1555962368 -0700
+
+Update Linux Seccomp syscall restrictions to EPERM posix_spawn/vfork
+
+Glibc's system() function switched to using posix_spawn, which uses
+CLONE_VFORK. Pepperflash includes a sandbox debugging check which
+relies on us EPERM-ing process creation like this, rather than crashing
+the process with SIGSYS.
+
+So whitelist clone() calls, like posix_spawn, that include the flags
+CLONE_VFORK and CLONE_VM.
+
+Bug: 949312
+Change-Id: I3f4b90114b2fc1d9929e3c0a85bbe8f10def3c20
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index cdeb210..40fcebf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -10,7 +10,9 @@
+ #include <sched.h>
+ #include <signal.h>
+ #include <stddef.h>
++#include <stdlib.h>
+ #include <string.h>
++#include <sys/mman.h>
+ #include <sys/prctl.h>
+ #include <sys/resource.h>
+ #include <sys/socket.h>
+@@ -130,6 +132,33 @@
+ BPF_ASSERT_EQ(EPERM, fork_errno);
+ }
+
++BPF_TEST_C(BaselinePolicy, SystemEperm, BaselinePolicy) {
++ errno = 0;
++ int ret_val = system("echo SHOULD NEVER RUN");
++ BPF_ASSERT_EQ(-1, ret_val);
++ BPF_ASSERT_EQ(EPERM, errno);
++}
++
++BPF_TEST_C(BaselinePolicy, CloneVforkEperm, BaselinePolicy) {
++ errno = 0;
++ // Allocate a couple pages for the child's stack even though the child should
++ // never start.
++ constexpr size_t kStackSize = 4096 * 4;
++ void* child_stack = mmap(nullptr, kStackSize, PROT_READ | PROT_WRITE,
++ MAP_PRIVATE | MAP_ANONYMOUS | MAP_STACK, -1, 0);
++ BPF_ASSERT_NE(child_stack, nullptr);
++ pid_t pid = syscall(__NR_clone, CLONE_VM | CLONE_VFORK | SIGCHLD,
++ static_cast<char*>(child_stack) + kStackSize, nullptr,
++ nullptr, nullptr);
++ const int clone_errno = errno;
++ TestUtils::HandlePostForkReturn(pid);
++
++ munmap(child_stack, kStackSize);
++
++ BPF_ASSERT_EQ(-1, pid);
++ BPF_ASSERT_EQ(EPERM, clone_errno);
++}
++
+ BPF_TEST_C(BaselinePolicy, CreateThread, BaselinePolicy) {
+ base::Thread thread("sandbox_tests");
+ BPF_ASSERT(thread.Start());
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+index 100afe5..348ab6e 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+@@ -135,7 +135,8 @@
+ #if !defined(OS_NACL_NONSFI)
+ // Allow Glibc's and Android pthread creation flags, crash on any other
+ // thread creation attempts and EPERM attempts to use neither
+-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
++// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
++// present (as in newer versions of posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+ const Arg<unsigned long> flags(0);
+
+@@ -154,8 +155,16 @@
+ AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+ flags == kGlibcPthreadFlags);
+
++ // The following two flags are the two important flags in any vfork-emulating
++ // clone call. EPERM any clone call that contains both of them.
++ const uint64_t kImportantCloneVforkFlags = CLONE_VFORK | CLONE_VM;
++
++ const BoolExpr is_fork_or_clone_vfork =
++ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
++ (flags & kImportantCloneVforkFlags) == kImportantCloneVforkFlags);
++
+ return If(IsAndroid() ? android_test : glibc_test, Allow())
+- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
++ .ElseIf(is_fork_or_clone_vfork, Error(EPERM))
+ .Else(CrashSIGSYSClone());
+ }
+
diff --git a/chromium-vaapi.spec b/chromium-vaapi.spec
index 484bd08..a3b4435 100644
--- a/chromium-vaapi.spec
+++ b/chromium-vaapi.spec
@@ -67,7 +67,7 @@
%global ozone 0
##############################Package Definitions######################################
Name: chromium-vaapi
-Version: 73.0.3683.103
+Version: 74.0.3729.108
Release: 1%{?dist}
Summary: A Chromium web browser with video decoding acceleration
License: BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2)
@@ -122,7 +122,7 @@ BuildRequires: pkgconfig(dbus-1), pkgconfig(libudev)
BuildRequires: pkgconfig(gnome-keyring-1)
BuildRequires: pkgconfig(libffi)
#for vaapi
-BuildRequires: pkgconfig(libva)
+BuildRequires: pkgconfig(libva)
%if %{ozone}
BuildRequires: pkgconfig(gbm)
BuildRequires: pkgconfig(wayland-client)
@@ -206,11 +206,9 @@ Patch54: brand.patch
#Stolen from Fedora to fix building with pipewire
# https://src.fedoraproject.org/rpms/chromium/blob/master/f/chromium-73.0.3...
Patch65: chromium-73.0.3683.75-pipewire-cstring-fix.patch
-# Stop Vsync error spam when chromium runs on Wayland (Reviewed upstream)
-Patch66: stopVsyncspam.patch
-#Fix chromium color
-Patch67: chromium-color_utils-use-std-sqrt.patch
-Patch68: chromium-media-fix-build-with-libstdc++.patch
+# Update Linux Seccomp syscall restrictions to EPERM posix_spawn/vfork
+Patch66: chromium-glibc-2.29.patch
+
%description
chromium-vaapi is an open-source web browser, powered by WebKit (Blink)
############################################PREP###########################################################
@@ -227,15 +225,15 @@ chromium-vaapi is an open-source web browser, powered by WebKit (Blink)
%if %{freeworld}
%patch54 -p1 -b .brand
%endif
-#%patch64 -p1 -b .gn
%if 0%{?fedora} >= 29
%patch65 -p1 -b .pipewire
%endif
-%patch66 -p1 -b .vsync
-%patch67 -p1 -b .color
-%patch68 -p1 -b .media
+%patch66 -p1 -b .glibc
+%if 0%{?fedora} >= 30
+# Add a workaround for a race condition in clang-llvm8+ compiler
sed -i 's|const std::vector<Delta> deltas_;|std::vector<Delta> deltas_;|' chrome/browser/ui/tabs/tab_strip_model_observer.h
+%endif
#Let's change the default shebang of python files.
find -depth -type f -writable -name "*.py" -exec sed -iE '1s=^#! */usr/bin/\(python\|env python\)[23]\?=#!%{__python2}=' {} +
@@ -269,7 +267,7 @@ find -depth -type f -writable -name "*.py" -exec sed -iE '1s=^#! */usr/bin/\(pyt
third_party/angle/src/third_party/compiler \
third_party/angle/src/third_party/libXNVCtrl \
third_party/angle/src/third_party/trace_event \
- third_party/angle/third_party/glslang \
+ third_party/glslang \
third_party/angle/third_party/spirv-headers \
third_party/angle/third_party/spirv-tools \
third_party/angle/third_party/vulkan-headers \
@@ -302,8 +300,10 @@ find -depth -type f -writable -name "*.py" -exec sed -iE '1s=^#! */usr/bin/\(pyt
third_party/crashpad/crashpad/third_party/zlib \
third_party/crc32c \
third_party/cros_system_api \
+ third_party/dav1d \
third_party/devscripts \
third_party/dom_distiller_js \
+ third_party/emoji-segmenter \
%if !%{with system_ffmpeg}
third_party/ffmpeg \
%endif
@@ -642,7 +642,7 @@ install -m 644 %{target}/v8_context_snapshot.bin %{buildroot}%{chromiumdir}/
install -m 644 %{target}/*.pak %{buildroot}%{chromiumdir}/
install -m 644 %{target}/locales/*.pak %{buildroot}%{chromiumdir}/locales/
install -m 644 %{target}/xdg* %{buildroot}%{chromiumdir}/
-install -m 644 out/Release/MEIPreload/* %{buildroot}%{chromiumdir}/MEIPreload/
+install -m 644 %{target}/MEIPreload/* %{buildroot}%{chromiumdir}/MEIPreload/
for i in 16 32; do
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps
install -m 644 chrome/app/theme/default_100_percent/chromium/product_logo_$i.png \
@@ -695,6 +695,10 @@ appstream-util validate-relax --nonet "%{buildroot}%{_metainfodir}/%{name}.appda
%{chromiumdir}/locales/*.pak
#########################################changelogs#################################################
%changelog
+* Thu Apr 25 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 74.0.3729.108-1
+- Update to 74.0.3729.108
+- Install missing MEIPreload component
+
* Fri Apr 05 2019 Vasiliy N. Glazov <vascom2(a)gmail.com> - 73.0.3683.103-1
- Update to 73.0.3683.103
@@ -823,3 +827,5 @@ appstream-util validate-relax --nonet "%{buildroot}%{_metainfodir}/%{name}.appda
* Wed Aug 29 2018 Akarshan Biswas <akarshan.biswas(a)hotmail.com> 68.0.3440.106-1
- Deleted provides and excludes and added conflict
+
+
diff --git a/nounrar.patch b/nounrar.patch
index 7395711..b3be4fa 100644
--- a/nounrar.patch
+++ b/nounrar.patch
@@ -127,13 +127,13 @@ index 158cbfc6d157..6d8b0df7c59e 100644
"sandboxed_zip_analyzer.cc",
"sandboxed_zip_analyzer.h",
]
-@@ -35,7 +33,6 @@ source_set("unit_tests") {
+@@ -49,7 +47,6 @@ source_set("unit_tests") {
- sources = [
- "sandboxed_dmg_analyzer_mac_unittest.cc",
-- "sandboxed_rar_analyzer_unittest.cc",
- "sandboxed_zip_analyzer_unittest.cc",
- ]
+ sources = [
+ "sandboxed_dmg_analyzer_mac_unittest.cc",
+- "sandboxed_rar_analyzer_unittest.cc",
+ "sandboxed_zip_analyzer_unittest.cc",
+ ]
diff --git a/chrome/services/file_util/public/mojom/safe_archive_analyzer.mojom b/chrome/services/file_util/public/mojom/safe_archive_analyzer.mojom
index 266160351e18..15d5aaba3657 100644
@@ -186,3 +186,4 @@ index 94d6ec0e16f8..2eda4f378bcc 100644
const std::unique_ptr<service_manager::ServiceContextRef> service_ref_;
+
5 years
[chromium-vaapi] Add MEIPreload in install package
by hellbanger
commit 84f0bc7413faf37525d735cff49de350e09f4971
Author: Akarshan Biswas <akarshan.biswas(a)gmail.com>
Date: Fri Apr 26 06:07:32 2019 +0000
Add MEIPreload in install package
chromium-vaapi.spec | 5 +++++
1 file changed, 5 insertions(+)
---
diff --git a/chromium-vaapi.spec b/chromium-vaapi.spec
index d06ff94..484bd08 100644
--- a/chromium-vaapi.spec
+++ b/chromium-vaapi.spec
@@ -613,6 +613,7 @@ ninja %{_smp_mflags} -C %{target} chrome chrome_sandbox chromedriver
%install
mkdir -p %{buildroot}%{_bindir}
mkdir -p %{buildroot}%{chromiumdir}/locales
+mkdir -p %{buildroot}%{chromiumdir}/MEIPreload
mkdir -p %{buildroot}%{_mandir}/man1
mkdir -p %{buildroot}%{_metainfodir}
mkdir -p %{buildroot}%{_datadir}/applications
@@ -641,6 +642,7 @@ install -m 644 %{target}/v8_context_snapshot.bin %{buildroot}%{chromiumdir}/
install -m 644 %{target}/*.pak %{buildroot}%{chromiumdir}/
install -m 644 %{target}/locales/*.pak %{buildroot}%{chromiumdir}/locales/
install -m 644 %{target}/xdg* %{buildroot}%{chromiumdir}/
+install -m 644 out/Release/MEIPreload/* %{buildroot}%{chromiumdir}/MEIPreload/
for i in 16 32; do
mkdir -p %{buildroot}%{_datadir}/icons/hicolor/${i}x${i}/apps
install -m 644 chrome/app/theme/default_100_percent/chromium/product_logo_$i.png \
@@ -686,6 +688,9 @@ appstream-util validate-relax --nonet "%{buildroot}%{_metainfodir}/%{name}.appda
%{chromiumdir}/*.pak
%{chromiumdir}/xdg-mime
%{chromiumdir}/xdg-settings
+%dir %{chromiumdir}/MEIPreload
+%{chromiumdir}/MEIPreload/manifest.json
+%{chromiumdir}/MEIPreload/preloaded_data.pb
%dir %{chromiumdir}/locales
%{chromiumdir}/locales/*.pak
#########################################changelogs#################################################
5 years
[chromium-freeworld] Uploaded sources.
by Vasiliy Glazov
commit 1d33fa799ffd23ae3688eb04367f0c095e47cad0
Author: Vasiliy Glazov <vascom2(a)gmail.com>
Date: Thu Apr 25 15:04:59 2019 +0300
Uploaded sources.
.gitignore | 1 +
1 file changed, 1 insertion(+)
---
diff --git a/.gitignore b/.gitignore
index c305724..c6aef2e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -71,3 +71,4 @@
/chromium-73.0.3683.75.tar.xz
/chromium-73.0.3683.86.tar.xz
/node-v8.9.1-linux-x64.tar.gz
+/chromium-73.0.3683.103.tar.xz
5 years
[chromium-freeworld] Update to 73.0.3683.103.
by Vasiliy Glazov
commit 9d38c919777723af0063c361cd488a33a4a95dfb
Author: Vasiliy Glazov <vascom2(a)gmail.com>
Date: Thu Apr 25 14:06:20 2019 +0300
Update to 73.0.3683.103.
...mium-73.0.3683.103-glibc-2.29-clone-vfork.patch | 29 ++++++++++++++++++++++
chromium-freeworld.spec | 11 ++++++--
sources | 2 +-
3 files changed, 39 insertions(+), 3 deletions(-)
---
diff --git a/chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch b/chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
new file mode 100644
index 0000000..8ff952b
--- /dev/null
+++ b/chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
@@ -0,0 +1,29 @@
+diff -up chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc.glibc229 chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+--- chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc.glibc229 2019-04-16 11:49:35.353081246 -0400
++++ chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2019-04-16 11:51:22.105794620 -0400
+@@ -134,7 +134,8 @@ namespace sandbox {
+ #if !defined(OS_NACL_NONSFI)
+ // Allow Glibc's and Android pthread creation flags, crash on any other
+ // thread creation attempts and EPERM attempts to use neither
+-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
++// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
++// present (as in posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+ const Arg<unsigned long> flags(0);
+
+@@ -153,8 +154,14 @@ ResultExpr RestrictCloneToThreadsAndEPER
+ AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+ flags == kGlibcPthreadFlags);
+
++ const uint64_t kImportantSpawnFlags = CLONE_VFORK | CLONE_VM;
++
++ const BoolExpr isForkOrSpawn =
++ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
++ (flags & kImportantSpawnFlags) == kImportantSpawnFlags);
++
+ return If(IsAndroid() ? android_test : glibc_test, Allow())
+- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
++ .ElseIf(isForkOrSpawn, Error(EPERM))
+ .Else(CrashSIGSYSClone());
+ }
+
diff --git a/chromium-freeworld.spec b/chromium-freeworld.spec
index cb2b88b..f6859c9 100644
--- a/chromium-freeworld.spec
+++ b/chromium-freeworld.spec
@@ -161,8 +161,8 @@ Name: chromium%{chromium_channel}%{?freeworld:-freeworld}
%else
Name: chromium%{chromium_channel}
%endif
-Version: %{majorversion}.0.3683.86
-Release: 2%{?dist}
+Version: %{majorversion}.0.3683.103
+Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser
Url: http://www.chromium.org/Home
License: BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2)
@@ -328,6 +328,8 @@ Patch137: chromium-73.0.3683.75-no-header-hygiene.patch
Patch138: chromium-73.0.3683.75-aarch64-crashpad-limits.patch
# el7 only patch
Patch139: chromium-73.0.3683.75-el7-fix-noexcept.patch
+# https://bugs.chromium.org/p/chromium/issues/detail?id=949312
+Patch140: chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
# Use chromium-latest.py to generate clean tarball from released build tarballs, found here:
# http://build.chromium.org/buildbot/official/
@@ -910,6 +912,7 @@ udev.
%if 0%{?rhel} == 7
%patch139 -p1 -b .el7-noexcept
%endif
+%patch140 -p1 -b .glibc229
# Change shebang in all relevant files in this directory and all subdirectories
# See `man find` for how the `-exec command {} +` syntax works
@@ -1898,6 +1901,10 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%changelog
+* Thu Apr 11 2019 Tom Callaway <spot(a)fedoraproject.org> - 73.0.3683.103-1
+- update to 73.0.3683.103
+- add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
+
* Wed Mar 27 2019 Tom Callaway <spot(a)fedoraproject.org> - 73.0.3683.86-2
- remove lang macro from en-US.pak* because Chromium crashes if it is not present
(bz1692660)
diff --git a/sources b/sources
index a36abb3..a165f65 100644
--- a/sources
+++ b/sources
@@ -16,4 +16,4 @@ fa87472a877e70c5bce22e42be5c25a9 Arimo-Italic.ttf
314394b29c1d15a73c3f00316003810a MuktiNarrow-0.94.tar.bz2
4d610887ff4d445cbc639aae7828d139 gelasio.zip
49a7f897775cce21d2b69968b8af1cea depot_tools.git-master.tar.gz
-eac0227103881604469a52ff76c251a6 chromium-73.0.3683.86.tar.xz
+6614c55c213b9348ce7f4d072fe0a848 chromium-73.0.3683.103.tar.xz
5 years
[snes9x/f29] Updated to 1.60
by Andrea Musuruane
Summary of changes:
07eb7d7... Updated to 1.60 (*)
(*) This commit already existed in another branch; no separate mail sent
5 years
