11:49 a.m.
commit 9d38c919777723af0063c361cd488a33a4a95dfb
Author: Vasiliy Glazov <vascom2(a)gmail.com>
Date: Thu Apr 25 14:06:20 2019 +0300
Update to 73.0.3683.103.
...mium-73.0.3683.103-glibc-2.29-clone-vfork.patch | 29 ++++++++++++++++++++++
chromium-freeworld.spec | 11 ++++++--
sources | 2 +-
3 files changed, 39 insertions(+), 3 deletions(-)
---
diff --git a/chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
b/chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
new file mode 100644
index 0000000..8ff952b
--- /dev/null
+++ b/chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
@@ -0,0 +1,29 @@
+diff -up
chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc.glibc229
chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc
+---
chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc.glibc229 2019-04-16
11:49:35.353081246 -0400
++++
chromium-73.0.3683.103/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2019-04-16
11:51:22.105794620 -0400
+@@ -134,7 +134,8 @@ namespace sandbox {
+ #if !defined(OS_NACL_NONSFI)
+ // Allow Glibc's and Android pthread creation flags, crash on any other
+ // thread creation attempts and EPERM attempts to use neither
+-// CLONE_VM, nor CLONE_THREAD, which includes all fork() implementations.
++// CLONE_VM nor CLONE_THREAD (all fork implementations), unless CLONE_VFORK is
++// present (as in posix_spawn).
+ ResultExpr RestrictCloneToThreadsAndEPERMFork() {
+ const Arg<unsigned long> flags(0);
+
+@@ -153,8 +154,14 @@ ResultExpr RestrictCloneToThreadsAndEPER
+ AnyOf(flags == kAndroidCloneMask, flags == kObsoleteAndroidCloneMask,
+ flags == kGlibcPthreadFlags);
+
++ const uint64_t kImportantSpawnFlags = CLONE_VFORK | CLONE_VM;
++
++ const BoolExpr isForkOrSpawn =
++ AnyOf((flags & (CLONE_VM | CLONE_THREAD)) == 0,
++ (flags & kImportantSpawnFlags) == kImportantSpawnFlags);
++
+ return If(IsAndroid() ? android_test : glibc_test, Allow())
+- .ElseIf((flags & (CLONE_VM | CLONE_THREAD)) == 0, Error(EPERM))
++ .ElseIf(isForkOrSpawn, Error(EPERM))
+ .Else(CrashSIGSYSClone());
+ }
+
diff --git a/chromium-freeworld.spec b/chromium-freeworld.spec
index cb2b88b..f6859c9 100644
--- a/chromium-freeworld.spec
+++ b/chromium-freeworld.spec
@@ -161,8 +161,8 @@ Name: chromium%{chromium_channel}%{?freeworld:-freeworld}
%else
Name: chromium%{chromium_channel}
%endif
-Version: %{majorversion}.0.3683.86
-Release: 2%{?dist}
+Version: %{majorversion}.0.3683.103
+Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser
Url: http://www.chromium.org/Home
License: BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC and OpenSSL and
(MPLv1.1 or GPLv2 or LGPLv2)
@@ -328,6 +328,8 @@ Patch137: chromium-73.0.3683.75-no-header-hygiene.patch
Patch138: chromium-73.0.3683.75-aarch64-crashpad-limits.patch
# el7 only patch
Patch139: chromium-73.0.3683.75-el7-fix-noexcept.patch
+# https://bugs.chromium.org/p/chromium/issues/detail?id=949312
+Patch140: chromium-73.0.3683.103-glibc-2.29-clone-vfork.patch
# Use chromium-latest.py to generate clean tarball from released build tarballs, found
here:
# http://build.chromium.org/buildbot/official/
@@ -910,6 +912,7 @@ udev.
%if 0%{?rhel} == 7
%patch139 -p1 -b .el7-noexcept
%endif
+%patch140 -p1 -b .glibc229
# Change shebang in all relevant files in this directory and all subdirectories
# See `man find` for how the `-exec command {} +` syntax works
@@ -1898,6 +1901,10 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r
chrome-remote-deskt
%changelog
+* Thu Apr 11 2019 Tom Callaway <spot(a)fedoraproject.org> - 73.0.3683.103-1
+- update to 73.0.3683.103
+- add CLONE_VFORK logic to seccomp filter for linux to handle glibc 2.29 change
+
* Wed Mar 27 2019 Tom Callaway <spot(a)fedoraproject.org> - 73.0.3683.86-2
- remove lang macro from en-US.pak* because Chromium crashes if it is not present
(bz1692660)
diff --git a/sources b/sources
index a36abb3..a165f65 100644
--- a/sources
+++ b/sources
@@ -16,4 +16,4 @@ fa87472a877e70c5bce22e42be5c25a9 Arimo-Italic.ttf
314394b29c1d15a73c3f00316003810a MuktiNarrow-0.94.tar.bz2
4d610887ff4d445cbc639aae7828d139 gelasio.zip
49a7f897775cce21d2b69968b8af1cea depot_tools.git-master.tar.gz
-eac0227103881604469a52ff76c251a6 chromium-73.0.3683.86.tar.xz
+6614c55c213b9348ce7f4d072fe0a848 chromium-73.0.3683.103.tar.xz