commit b53c752f54437825dbde39ee663645914840c10c Author: qvint <dotqvint(a)gmail.com&gt; Date: Tue Oct 27 08:19:33 2020 +0300 Backport some fixes from the upstream - Fix invalid "end" iterator usage in CookieMonster - Only fall back to the i965 driver if we're on iHD - Check for enable-accelerated-video-decode - Fix mouse movements near window edges - Fix crash in UserInputMonitorLinuxCore[1] [1] See https://bugzilla.rpmfusion.org/show_bug.cgi?id=5807 chromium-86-cookiemonster-r803260.patch | 72 +++++++++++++++++ chromium-86-vaapi-r807550.patch | 133 ++++++++++++++++++++++++++++++++ chromium-86-vaapi-r811480.patch | 37 +++++++++ chromium-86-xproto-r819538.patch | 31 ++++++++ chromium-86-xproto-r819650.patch | 35 +++++++++ chromium-freeworld.spec | 19 ++++- sources | 2 +- 7 files changed, 325 insertions(+), 4 deletions(-) --- diff --git a/chromium-86-cookiemonster-r803260.patch b/chromium-86-cookiemonster-r803260.patch new file mode 100644 index 0000000..fd97e29 --- /dev/null +++ b/chromium-86-cookiemonster-r803260.patch @@ -0,0 +1,72 @@ +From 53478caee862624fc6d73516f8d64253854b146f Mon Sep 17 00:00:00 2001 +From: Piotr Tworek <ptworek(a)vewd.com&gt; +Date: Mon, 31 Aug 2020 21:03:58 +0000 +Subject: [PATCH] Fix invalid "end" iterator usage in CookieMonster. + +Commit 229623d76e8baf714c8569c9f4efc5de266cef8b has introduced the following +code in cookie_monster.cc. + +// If this is the first cookie in |cookies_| with this key, increment the +// |num_keys_| counter. +bool different_prev = + inserted == cookies_.begin() || std::prev(inserted)->first != key; +bool different_next = + inserted == cookies_.end() || std::next(inserted)->first != key; +if (different_prev && different_next) + ++num_keys_; + +The "inserted" iterator is something that has been returned from +std::multimap::insert. At first glance it looks reasonable. The code +tries to determine if there are already similar elements with the same +key in the map. Unfortunately the expression calculating the value of +different_next can potentially use the end iterator to the map. The +"inserted == cookies_.end()" part of the expression will always evaluate +to false since the newly inserted element has to be in the map and +cookies_.end() points to the first element outside the map. If the +inserted happens to be the last element in the map the second part of +the expression will grab the end iterator by calling std::next(inserted) +and then will try to use it leading to invalid memory access. + +Given the fact that cookies_ is a std::multimap we should not even need +to calculate the value of different_next. It should always be true. + + "If the container has elements with equivalent key, inserts at the + upper bound of that range.(since C++11)" + +See: https://en.cppreference.com/w/cpp/container/multimap/insert + +Bug: 1120240 +Change-Id: I8928c294ac4daf72349a2331b31b017c1d015da0 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2368872 +Reviewed-by: Maksim Orlovich <morlovich(a)chromium.org&gt; +Commit-Queue: Piotr Tworek <ptworek(a)vewd.com&gt; +Cr-Commit-Position: refs/heads/master@{#803260} +--- a/net/cookies/cookie_monster.cc ++++ b/net/cookies/cookie_monster.cc +@@ -1151,9 +1151,14 @@ CookieMonster::CookieMap::iterator Cooki + // |num_keys_| counter. + bool different_prev = + inserted == cookies_.begin() || std::prev(inserted)->first != key; +- bool different_next = +- inserted == cookies_.end() || std::next(inserted)->first != key; +- if (different_prev && different_next) ++ // According to std::multiqueue documentation: ++ // "If the container has elements with equivalent key, inserts at the upper ++ // bound of that range. (since C++11)" ++ // This means that "inserted" iterator either points to the last element in ++ // the map, or the element succeeding it has to have different key. ++ DCHECK(std::next(inserted) == cookies_.end() || ++ std::next(inserted)->first != key); ++ if (different_prev) + ++num_keys_; + + return inserted; +@@ -1381,7 +1386,7 @@ void CookieMonster::InternalDeleteCookie + bool different_prev = + it == cookies_.begin() || std::prev(it)->first != it->first; + bool different_next = +- it == cookies_.end() || std::next(it)->first != it->first; ++ std::next(it) == cookies_.end() || std::next(it)->first != it->first; + if (different_prev && different_next) + --num_keys_; + diff --git a/chromium-86-vaapi-r807550.patch b/chromium-86-vaapi-r807550.patch new file mode 100644 index 0000000..de8cd69 --- /dev/null +++ b/chromium-86-vaapi-r807550.patch @@ -0,0 +1,133 @@ +From fbd756ab55f9351165f923b0411c31dd71319c78 Mon Sep 17 00:00:00 2001 +From: Ted Meyer <tmathmeyer(a)chromium.org&gt; +Date: Wed, 16 Sep 2020 17:42:03 +0000 +Subject: [PATCH] Only fall back to the i965 driver if we're on iHD + +I got my hands on an old AMD laptop, and the gallium driver worked very +well and was saving power even at 720p, so there's no reason to block +that for now. + +Bug: 1116703 +Change-Id: Ib15bc2b93f33e99adad7569dd825e167b503a0ea +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2409967 +Commit-Queue: Ted Meyer <tmathmeyer(a)chromium.org&gt; +Reviewed-by: Andres Calderon Jaramillo <andrescj(a)chromium.org&gt; +Cr-Commit-Position: refs/heads/master@{#807550} +--- a/media/gpu/vaapi/vaapi_wrapper.cc ++++ b/media/gpu/vaapi/vaapi_wrapper.cc +@@ -410,6 +410,8 @@ class VADisplayState { + + // Implementation of Initialize() called only once. + bool InitializeOnce() EXCLUSIVE_LOCKS_REQUIRED(va_lock_); ++ bool InitializeVaDisplay_Locked() EXCLUSIVE_LOCKS_REQUIRED(va_lock_); ++ bool InitializeVaDriver_Locked() EXCLUSIVE_LOCKS_REQUIRED(va_lock_); + + int refcount_ GUARDED_BY(va_lock_); + +@@ -473,11 +475,7 @@ bool VADisplayState::Initialize() { + return success; + } + +-bool VADisplayState::InitializeOnce() { +- static_assert( +- VA_MAJOR_VERSION >= 2 || (VA_MAJOR_VERSION == 1 && VA_MINOR_VERSION >= 1), +- "Requires VA-API >= 1.1.0"); +- ++bool VADisplayState::InitializeVaDisplay_Locked() { + switch (gl::GetGLImplementation()) { + case gl::kGLImplementationEGLGLES2: + va_display_ = vaGetDisplayDRM(drm_fd_.get()); +@@ -520,25 +518,10 @@ bool VADisplayState::InitializeOnce() { + return false; + } + +- // Set VA logging level and driver name, unless already set. +- constexpr char libva_log_level_env[] = "LIBVA_MESSAGING_LEVEL"; +- std::unique_ptr<base::Environment> env(base::Environment::Create()); +- if (!env->HasVar(libva_log_level_env)) +- env->SetVar(libva_log_level_env, "1"); +- +-#if defined(USE_X11) +- if (gl::GetGLImplementation() == gl::kGLImplementationEGLANGLE) { +- DCHECK(!features::IsUsingOzonePlatform()); +- constexpr char libva_driver_impl_env[] = "LIBVA_DRIVER_NAME"; +- // TODO(crbug/1116703) The libva intel-media driver has a known segfault in +- // vaPutSurface, so until this is fixed, fall back to the i965 driver. There +- // is discussion of the issue here: +- // https://github.com/intel/media-driver/issues/818 +- if (!env->HasVar(libva_driver_impl_env)) +- env->SetVar(libva_driver_impl_env, "i965"); +- } +-#endif // USE_X11 ++ return true; ++} + ++bool VADisplayState::InitializeVaDriver_Locked() { + // The VAAPI version. + int major_version, minor_version; + VAStatus va_res = vaInitialize(va_display_, &major_version, &minor_version); +@@ -546,9 +529,6 @@ bool VADisplayState::InitializeOnce() { + LOG(ERROR) << "vaInitialize failed: " << vaErrorStr(va_res); + return false; + } +- +- va_initialized_ = true; +- + const std::string va_vendor_string = vaQueryVendorString(va_display_); + DLOG_IF(WARNING, va_vendor_string.empty()) + << "Vendor string empty or error reading."; +@@ -556,6 +536,8 @@ bool VADisplayState::InitializeOnce() { + << va_vendor_string; + implementation_type_ = VendorStringToImplementationType(va_vendor_string); + ++ va_initialized_ = true; ++ + // The VAAPI version is determined from what is loaded on the system by + // calling vaInitialize(). Since the libva is now ABI-compatible, relax the + // version check which helps in upgrading the libva, without breaking any +@@ -572,6 +554,45 @@ bool VADisplayState::InitializeOnce() { + return true; + } + ++bool VADisplayState::InitializeOnce() { ++ static_assert( ++ VA_MAJOR_VERSION >= 2 || (VA_MAJOR_VERSION == 1 && VA_MINOR_VERSION >= 1), ++ "Requires VA-API >= 1.1.0"); ++ ++ // Set VA logging level, unless already set. ++ constexpr char libva_log_level_env[] = "LIBVA_MESSAGING_LEVEL"; ++ std::unique_ptr<base::Environment> env(base::Environment::Create()); ++ if (!env->HasVar(libva_log_level_env)) ++ env->SetVar(libva_log_level_env, "1"); ++ ++ if (!InitializeVaDisplay_Locked() || !InitializeVaDriver_Locked()) ++ return false; ++ ++#if defined(USE_X11) ++ if (gl::GetGLImplementation() == gl::kGLImplementationEGLANGLE && ++ implementation_type_ == VAImplementation::kIntelIHD) { ++ DCHECK(!features::IsUsingOzonePlatform()); ++ constexpr char libva_driver_impl_env[] = "LIBVA_DRIVER_NAME"; ++ // TODO(crbug/1116703) The libva intel-media driver has a known segfault in ++ // vaPutSurface, so until this is fixed, fall back to the i965 driver. There ++ // is discussion of the issue here: ++ // https://github.com/intel/media-driver/issues/818 ++ if (!env->HasVar(libva_driver_impl_env)) ++ env->SetVar(libva_driver_impl_env, "i965"); ++ ++ // Re-initialize with the new driver. ++ va_display_ = nullptr; ++ va_initialized_ = false; ++ implementation_type_ = VAImplementation::kInvalid; ++ ++ if (!InitializeVaDisplay_Locked() || !InitializeVaDriver_Locked()) ++ return false; ++ } ++#endif // USE_X11 ++ ++ return true; ++} ++ + VAStatus VADisplayState::Deinitialize() { + base::AutoLock auto_lock(va_lock_); + VAStatus va_res = VA_STATUS_SUCCESS; diff --git a/chromium-86-vaapi-r811480.patch b/chromium-86-vaapi-r811480.patch new file mode 100644 index 0000000..61f305a --- /dev/null +++ b/chromium-86-vaapi-r811480.patch @@ -0,0 +1,37 @@ +From 54deb9811ca9bd2327def5c05ba6987b8c7a0897 Mon Sep 17 00:00:00 2001 +From: Evangelos Foutras <evangelos(a)foutrelis.com&gt; +Date: Tue, 29 Sep 2020 01:02:22 +0000 +Subject: [PATCH] Check for enable-accelerated-video-decode on Linux + +Video decoding was being accelerated on Linux even though the newly +added "enable-accelerated-video-decode" flag was not specified. The +chrome://gpu page was misleadingly showing this feature as disabled: + + > Video Decode: Software only. Hardware acceleration disabled + +This change adds a check for --enable-accelerated-video-decode when +considering if video decoding should be activated. (Only on Linux.) + +Extra context: https://crbug.com/1097029#c18 (and also comment 20). + +Bug: 1066176, 1097029 +Change-Id: I534115f5f6ceed0ee3511fcf5c2d0f1dd04b9b7e +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2431434 +Reviewed-by: John Abd-El-Malek <jam(a)chromium.org&gt; +Reviewed-by: Dale Curtis <dalecurtis(a)chromium.org&gt; +Commit-Queue: Ted Meyer <tmathmeyer(a)chromium.org&gt; +Cr-Commit-Position: refs/heads/master@{#811480} +--- a/content/renderer/render_thread_impl.cc ++++ b/content/renderer/render_thread_impl.cc +@@ -1111,7 +1111,11 @@ media::GpuVideoAcceleratorFactories* Ren + kGpuStreamPriorityMedia); + + const bool enable_video_accelerator = ++#if defined(OS_LINUX) && !defined(OS_CHROMEOS) ++ cmd_line->HasSwitch(switches::kEnableAcceleratedVideoDecode) && ++#else + !cmd_line->HasSwitch(switches::kDisableAcceleratedVideoDecode) && ++#endif // defined(OS_LINUX) && !defined(OS_CHROMEOS) + (gpu_channel_host->gpu_feature_info() + .status_values[gpu::GPU_FEATURE_TYPE_ACCELERATED_VIDEO_DECODE] == + gpu::kGpuFeatureStatusEnabled); diff --git a/chromium-86-xproto-r819538.patch b/chromium-86-xproto-r819538.patch new file mode 100644 index 0000000..2cd2a4c --- /dev/null +++ b/chromium-86-xproto-r819538.patch @@ -0,0 +1,31 @@ +From 5ade494a9966c7a9675af86dc42aca62fb4d806d Mon Sep 17 00:00:00 2001 +From: Tom Anderson <thomasanderson(a)chromium.org&gt; +Date: Wed, 21 Oct 2020 22:02:35 +0000 +Subject: [PATCH] [XProto] Fix underflow in Fp1616ToDouble + +x11::Input::Fp1616 should be treated as a signed integer, otherwise +-1 will underflow to 65535. When dragging a scrollbar, this would +cause the scrollbar to snap to the bottom when the cursor is dragged +above the window's y=0 coordinate. Verified that the issue is fixed +after this CL. + +BUG=1139623,1136352 +R=sky + +Change-Id: Ie318006ceadde9b9ce3e267fb453ddeba0e81da0 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2485620 +Auto-Submit: Thomas Anderson <thomasanderson(a)chromium.org&gt; +Commit-Queue: Scott Violet <sky(a)chromium.org&gt; +Reviewed-by: Scott Violet <sky(a)chromium.org&gt; +Cr-Commit-Position: refs/heads/master@{#819538} +--- a/ui/events/x/events_x_utils.cc ++++ b/ui/events/x/events_x_utils.cc +@@ -376,7 +376,7 @@ base::TimeTicks TimeTicksFromXEvent(cons + + // This is ported from libxi's FP1616toDBL in XExtInt.c + double Fp1616ToDouble(x11::Input::Fp1616 x) { +- auto x32 = static_cast<uint32_t>(x); ++ auto x32 = static_cast<int32_t>(x); + return x32 * 1.0 / (1 << 16); + } + diff --git a/chromium-86-xproto-r819650.patch b/chromium-86-xproto-r819650.patch new file mode 100644 index 0000000..bbf5298 --- /dev/null +++ b/chromium-86-xproto-r819650.patch @@ -0,0 +1,35 @@ +From 6e50c5a3abfa22eb17e26086bffbee288d07483e Mon Sep 17 00:00:00 2001 +From: Tom Anderson <thomasanderson(a)chromium.org&gt; +Date: Thu, 22 Oct 2020 01:05:44 +0000 +Subject: [PATCH] [XProto] Fix crash in + media::UserInputMonitorLinuxCore::DispatchXEvent + +The X server may send unsolicited events (from clients calling +XSendEvent() or from new keyboard mappings). So we must check that +the event is the correct type before dispatching it. + +R=dalecurtis + +Change-Id: Ic3e19f7da1415c358991609c9b016bd60ead2038 +Bug: 1140927 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2490674 +Commit-Queue: Thomas Anderson <thomasanderson(a)chromium.org&gt; +Auto-Submit: Thomas Anderson <thomasanderson(a)chromium.org&gt; +Reviewed-by: Dale Curtis <dalecurtis(a)chromium.org&gt; +Cr-Commit-Position: refs/heads/master@{#819650} +--- a/media/base/user_input_monitor_linux.cc ++++ b/media/base/user_input_monitor_linux.cc +@@ -115,9 +115,10 @@ void UserInputMonitorLinuxCore::Dispatch + DCHECK(io_task_runner_->BelongsToCurrentThread()); + + auto* raw = event->As<x11::Input::RawDeviceEvent>(); +- DCHECK(raw); +- DCHECK(raw->opcode == x11::Input::RawDeviceEvent::RawKeyPress || +- raw->opcode == x11::Input::RawDeviceEvent::RawKeyRelease); ++ if (!raw || (raw->opcode != x11::Input::RawDeviceEvent::RawKeyPress && ++ raw->opcode != x11::Input::RawDeviceEvent::RawKeyRelease)) { ++ return; ++ } + + ui::EventType type = raw->opcode == x11::Input::RawDeviceEvent::RawKeyPress + ? ui::ET_KEY_PRESSED diff --git a/chromium-freeworld.spec b/chromium-freeworld.spec index a3830ac..1bd9580 100644 --- a/chromium-freeworld.spec +++ b/chromium-freeworld.spec @@ -33,7 +33,7 @@ ##############################Package Definitions###################################### Name: chromium-freeworld Version: 86.0.4240.111 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Chromium built with all freeworld codecs and VA-API support License: BSD and LGPLv2+ and ASL 2.0 and IJG and MIT and GPLv2+ and ISC and OpenSSL and (MPLv1.1 or GPLv2 or LGPLv2) URL: https://www.chromium.org/Home @@ -57,7 +57,7 @@ Source0: chromium-%{version}-clean.tar.xz %endif # Patchset composed by Stephan Hartmann. -%global patchset_revision chromium-86-patchset-6 +%global patchset_revision chromium-86-patchset-7 Source1: https://github.com/stha09/chromium-patches/archive/%{patchset_revision}/c... # The following two source files are copied and modified from the chromium source @@ -153,6 +153,13 @@ Recommends: libva-utils # This build should be only available to amd64 ExclusiveArch: x86_64 +# Google patches (short-term fixes and backports): +Patch150: chromium-86-cookiemonster-r803260.patch +Patch151: chromium-86-vaapi-r807550.patch +Patch152: chromium-86-vaapi-r811480.patch +Patch153: chromium-86-xproto-r819538.patch +Patch154: chromium-86-xproto-r819650.patch + # Fedora patches: Patch300: chromium-py2-bootstrap.patch @@ -180,7 +187,6 @@ Patch420: chromium-rpm-fusion-brand.patch %patchset_apply chromium-fix-char_traits.patch %patchset_apply chromium-78-protobuf-RepeatedPtrField-export.patch %patchset_apply chromium-79-gcc-protobuf-alignas.patch -%patchset_apply chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch %patchset_apply chromium-84-blink-disable-clang-format.patch %patchset_apply chromium-86-ConsumeDurationNumber-constexpr.patch %patchset_apply chromium-86-ImageMemoryBarrierData-init.patch @@ -669,6 +675,13 @@ appstream-util validate-relax --nonet "%{buildroot}%{_metainfodir}/%{name}.appda %{chromiumdir}/swiftshader/libGLESv2.so #########################################changelogs################################################# %changelog +* Tue Oct 27 2020 qvint <dotqvint(a)gmail.com&gt; - 86.0.4240.111-2 +- Fix invalid "end" iterator usage in CookieMonster +- Only fall back to the i965 driver if we're on iHD +- Check for enable-accelerated-video-decode +- Fix mouse movements near window edges +- Fix crash in UserInputMonitorLinuxCore (rfbz#5807) + * Wed Oct 21 2020 qvint <dotqvint(a)gmail.com&gt; - 86.0.4240.111-1 - Update to 86.0.4240.111 diff --git a/sources b/sources index 59b84b8..26553c5 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ SHA512 (chromium-86.0.4240.111.tar.xz) = 809bcab82c44976f109f0db0ce0470f88893a0999596b057e82675093f8fa0fc0badae4431a9160b4e94ae09219fa01914cad4b3143cebc530c71d420e7add54 -SHA512 (chromium-patches-chromium-86-patchset-6.tar.gz) = a2b6ada235dd39c23629c613ec0f98d7df6d4b0e95396415ab68396f730efa1dd13f0118e71992b9c279fbe1b4c39a225416915cd6af058d650252bd16e8641d +SHA512 (chromium-patches-chromium-86-patchset-7.tar.gz) = 4b569655409b2ba1564a7de8f3f97ffadea65f5d982024d665b873117688a9874f869114e753fb77492b7a2c38e66f0f9a7294785077776230ee057d4e70bf7d