From 6dbab21fdba29da1f523ba1bfdbbdb75e8eaa98c Mon Sep 17 00:00:00 2001 From: q66 Date: Mon, 18 Jan 2021 23:20:52 +0100 Subject: [PATCH] chromium: boop rebuild with time64 syscalls allowed in seccomp, so that i686 can work after glibc 2.32 update is done - rebuild ahead of time so we have less to do later --- srcpkgs/chromium/patches/time64.patch | 51 +++++++++++++++++++++++++++ srcpkgs/chromium/template | 2 +- 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/chromium/patches/time64.patch diff --git a/srcpkgs/chromium/patches/time64.patch b/srcpkgs/chromium/patches/time64.patch new file mode 100644 index 00000000000..b1ad9359003 --- /dev/null +++ b/srcpkgs/chromium/patches/time64.patch @@ -0,0 +1,51 @@ +Description: allow sandboxed code to call gettime64 + Add __NR_clock_gettime64 and __NR_clock_nanosleep_time64 to syscall whitelist + and clock selection parameter filtering code. + + Add __NR_utimensat_time64 to syscall whitelist + + Conditionalise additions on the new calls existing, because they do not exist + on 64-bit architectures. +Author: Peter Michael Green + +Index: chromium-83.0.4103.116/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +=================================================================== +--- sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ++++ sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +@@ -148,7 +148,11 @@ ResultExpr EvaluateSyscallImpl(int fs_de + return Allow(); + #endif + ++#ifdef __NR_clock_gettime64 ++ if (sysno == __NR_clock_gettime || sysno == __NR_clock_gettime64 || sysno == __NR_clock_nanosleep || sysno == __NR_clock_nanosleep_time64) { ++#else + if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) { ++#endif + return RestrictClockID(); + } + +Index: chromium-83.0.4103.116/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +=================================================================== +--- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc ++++ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +@@ -38,6 +38,10 @@ bool SyscallSets::IsAllowedGettime(int s + case __NR_clock_getres: // Allowed only on Android with parameters + // filtered by RestrictClokID(). + case __NR_clock_gettime: // Parameters filtered by RestrictClockID(). ++#ifdef __NR_clock_gettime64 ++ case __NR_clock_gettime64: // Parameters filtered by RestrictClockID(). ++ case __NR_clock_nanosleep_time64: // Parameters filtered by RestrictClockID(). ++#endif + case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID(). + case __NR_clock_settime: // Privileged. + #if defined(__i386__) || \ +@@ -159,6 +163,9 @@ bool SyscallSets::IsFileSystem(int sysno + case __NR_utime: + #endif + case __NR_utimensat: // New. ++#ifdef __NR_utimensat_time64 ++ case __NR_utimensat_time64: ++#endif + return true; + default: + return false; diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template index 5e4d8129e5d..6a8ec3827dd 100644 --- a/srcpkgs/chromium/template +++ b/srcpkgs/chromium/template @@ -2,7 +2,7 @@ pkgname=chromium # See http://www.chromium.org/developers/calendar for the latest version version=87.0.4280.141 -revision=1 +revision=2 archs="i686* x86_64* aarch64* armv7l* ppc64le*" short_desc="Google's attempt at creating a safer, faster, and more stable browser" maintainer="Enno Boland "