snailed
/
void-packages
2
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

chromium: boop 

rebuild with time64 syscalls allowed in seccomp, so that i686
can work after glibc 2.32 update is done - rebuild ahead of time
so we have less to do later
This commit is contained in:
q66 2021-01-18 23:20:52 +01:00
parent 769fa0b6c8
commit 6dbab21fdb
2 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
srcpkgs/chromium/patches/time64.patch Normal file
View File

@ -0,0 +1,51 @@
Description: allow sandboxed code to call gettime64
Add __NR_clock_gettime64 and __NR_clock_nanosleep_time64 to syscall whitelist
and clock selection parameter filtering code.
Add __NR_utimensat_time64 to syscall whitelist
Conditionalise additions on the new calls existing, because they do not exist
on 64-bit architectures.
Author: Peter Michael Green <plugwash@raspbian.org>
Index: chromium-83.0.4103.116/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
===================================================================
--- sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -148,7 +148,11 @@ ResultExpr EvaluateSyscallImpl(int fs_de
return Allow();
#endif
+#ifdef __NR_clock_gettime64
+ if (sysno == __NR_clock_gettime || sysno == __NR_clock_gettime64 || sysno == __NR_clock_nanosleep || sysno == __NR_clock_nanosleep_time64) {
+#else
if (sysno == __NR_clock_gettime || sysno == __NR_clock_nanosleep) {
+#endif
return RestrictClockID();
}
Index: chromium-83.0.4103.116/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
===================================================================
--- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -38,6 +38,10 @@ bool SyscallSets::IsAllowedGettime(int s
case __NR_clock_getres: // Allowed only on Android with parameters
// filtered by RestrictClokID().
case __NR_clock_gettime: // Parameters filtered by RestrictClockID().
+#ifdef __NR_clock_gettime64
+ case __NR_clock_gettime64: // Parameters filtered by RestrictClockID().
+ case __NR_clock_nanosleep_time64: // Parameters filtered by RestrictClockID().
+#endif
case __NR_clock_nanosleep: // Parameters filtered by RestrictClockID().
case __NR_clock_settime: // Privileged.
#if defined(__i386__) || \
@@ -159,6 +163,9 @@ bool SyscallSets::IsFileSystem(int sysno
case __NR_utime:
#endif
case __NR_utimensat: // New.
+#ifdef __NR_utimensat_time64
+ case __NR_utimensat_time64:
+#endif
return true;
default:
return false;

2
srcpkgs/chromium/template
View File

@ -2,7 +2,7 @@
pkgname=chromium pkgname=chromium
# See http://www.chromium.org/developers/calendar for the latest version # See http://www.chromium.org/developers/calendar for the latest version
version=87.0.4280.141 version=87.0.4280.141
revision=1 revision=2
archs="i686* x86_64* aarch64* armv7l* ppc64le*" archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser" short_desc="Google's attempt at creating a safer, faster, and more stable browser"
maintainer="Enno Boland <gottox@voidlinux.org>" maintainer="Enno Boland <gottox@voidlinux.org>"