summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephan Hartmann <sultan@gentoo.org>2021-07-27 19:38:58 +0200
committerStephan Hartmann <sultan@gentoo.org>2021-07-27 19:39:17 +0200
commitafa4f06bc7e383b77191f6325ed4efef50ac49f8 (patch)
tree93c4592c82fd50882e56480c65d6da5930ed9e99 /www-client
parentsys-apps/systemd: drop 248.5 (diff)
downloadgentoo-afa4f06bc7e383b77191f6325ed4efef50ac49f8.tar.gz
gentoo-afa4f06bc7e383b77191f6325ed4efef50ac49f8.tar.bz2
gentoo-afa4f06bc7e383b77191f6325ed4efef50ac49f8.zip
www-client/chromium: security cleanup
Bug: https://bugs.gentoo.org/803167 Closes: https://bugs.gentoo.org/803467 Closes: https://bugs.gentoo.org/769989 Closes: https://bugs.gentoo.org/796527 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Stephan Hartmann <sultan@gentoo.org>
Diffstat (limited to 'www-client')
-rw-r--r--www-client/chromium/Manifest3
-rw-r--r--www-client/chromium/chromium-91.0.4472.164.ebuild944
-rw-r--r--www-client/chromium/files/chromium-89-EnumTable-crash.patch71
-rw-r--r--www-client/chromium/files/chromium-91-ThemeService-crash.patch36
-rw-r--r--www-client/chromium/files/chromium-91-system-icu.patch29
-rw-r--r--www-client/chromium/files/chromium-glibc-2.33.patch141
6 files changed, 0 insertions, 1224 deletions
diff --git a/www-client/chromium/Manifest b/www-client/chromium/Manifest
index 17bdadfd4989..70ae8403bf5e 100644
--- a/www-client/chromium/Manifest
+++ b/www-client/chromium/Manifest
@@ -1,6 +1,3 @@
-DIST chromium-91-patchset-6.tar.xz 4280 BLAKE2B 18887953453133589cfc5df58d24725047235fac3652cc7af7bd117fbc94aa9a2e1b1dd3147f772f84d8fa3e7b5b77159abc1e408d7b24b065bb1f12cebbfb2f SHA512 49b4aaedfbb1fa5629dbb453bb74f5735c05b14407ea3d2bb1eaee9686e03661a3c471357d085ab839dff16df92d71dae3a6f17486c017a79a836c1d8780a250
-DIST chromium-91-ppc64le-6.tar.xz 28968 BLAKE2B 5153be672aec91899d9eabe3ddf4c3d0b4b2d307e396afa2a83bf3102bc540fa62d69df365057128227428bd3abfc8cab9203fae41e5150191025d8ecea935ab SHA512 78071d204bf04a13a132a63a3d268a0d6d05a895c1ee55a41176fb5cca975c502e69a83ca0388ecea92c041f24235c452abdfbf0ee557e93db6685589fb9428b
-DIST chromium-91.0.4472.164.tar.xz 950253100 BLAKE2B 4de7222dbf8fb22115518625ebc8eb62eca281bd4a28ee9d4f4450545aa4155a5bf7478f56d9ba482c102deea5c7b3214299549480c19d972b1380931f7ba4df SHA512 3d15b7df6d6627084bc82cfb6f9c52f917cdb03cea73f85199e6d41eb9636db867e56ea60d69a8bbc92dd8cb59f13b4ae6c609d59f32fe04f88c33252225f8a5
DIST chromium-92-glibc-2.33-patch.tar.xz 12636 BLAKE2B 0621d2135c1a0864374010c36959deda7b612d448e28780bfe8968fcd45363c091a84413eb3c6f560e9f805a421b910f33e9cc023055e7bf7801aa374d41dc80 SHA512 6d9e999c0b18186f2db28a804f9f84f6b472cf2fac33d72a0b09ded3106f43378a6eaf52b316e0b07a3876d9074ba299a285bdf06193553ee81bdbea4bc66294
DIST chromium-92-patchset-7.tar.xz 4004 BLAKE2B 8587663a072eb08abacbc2e54924855f29efefdbec46acf5cb8b0cc40b816b96ba7694c4ab1abe997572a6dbecf94ea27f368a7337263adfff44f2b4b042d862 SHA512 65c8267ab0921719c71d4b03a4315bbb1ceec35ce4794de9dcc6099b2c349baf4782b67316ebb8c9db233630b7fc89fa0baf719f9f0f41eb39972cdeb437e612
DIST chromium-92-ppc64le-1.tar.xz 30416 BLAKE2B e953e3ba1ac0ff4bae437328eb1c52fb3863007ff92db91c6858c8c5f7b4c5c39fb8bf6898c3385c7faa82666f1a18aae7fcb5379b9199e58c5c0526fbd9dbee SHA512 b5a20076a34705c53c56d7763189ebfd860a456ca544a7f0c9ce30c877be92270ea724f1bebb9b597b301def27dde0a672b0c30e16e6abbf958cecfd60b07ec5
diff --git a/www-client/chromium/chromium-91.0.4472.164.ebuild b/www-client/chromium/chromium-91.0.4472.164.ebuild
deleted file mode 100644
index ba08b840323b..000000000000
--- a/www-client/chromium/chromium-91.0.4472.164.ebuild
+++ /dev/null
@@ -1,944 +0,0 @@
-# Copyright 2009-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-PYTHON_COMPAT=( python2_7 )
-PYTHON_REQ_USE="xml"
-
-CHROMIUM_LANGS="am ar bg bn ca cs da de el en-GB es es-419 et fa fi fil fr gu he
- hi hr hu id it ja kn ko lt lv ml mr ms nb nl pl pt-BR pt-PT ro ru sk sl sr
- sv sw ta te th tr uk vi zh-CN zh-TW"
-
-inherit check-reqs chromium-2 desktop flag-o-matic multilib ninja-utils pax-utils portability python-any-r1 readme.gentoo-r1 toolchain-funcs xdg-utils
-
-DESCRIPTION="Open-source version of Google Chrome web browser"
-HOMEPAGE="https://chromium.org/"
-PATCHSET="6"
-PATCHSET_NAME="chromium-$(ver_cut 1)-patchset-${PATCHSET}"
-PPC64LE_PATCHSET="6"
-SRC_URI="https://commondatastorage.googleapis.com/chromium-browser-official/${P}.tar.xz
- https://files.pythonhosted.org/packages/ed/7b/bbf89ca71e722b7f9464ebffe4b5ee20a9e5c9a555a56e2d3914bb9119a6/setuptools-44.1.0.zip
- https://github.com/stha09/chromium-patches/releases/download/${PATCHSET_NAME}/${PATCHSET_NAME}.tar.xz
- arm64? ( https://github.com/google/highway/archive/refs/tags/0.12.1.tar.gz -> highway-0.12.1.tar.gz )
- ppc64? ( https://dev.gentoo.org/~gyakovlev/distfiles/${PN}-$(ver_cut 1)-ppc64le-${PPC64LE_PATCHSET}.tar.xz )"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="amd64 arm64 ~ppc64 ~x86"
-IUSE="component-build cups cpu_flags_arm_neon +hangouts headless +js-type-check kerberos official pic +proprietary-codecs pulseaudio screencast selinux +suid +system-ffmpeg +system-icu vaapi wayland widevine"
-REQUIRED_USE="
- component-build? ( !suid )
- screencast? ( wayland )
-"
-
-COMMON_X_DEPEND="
- media-libs/mesa:=[gbm]
- x11-libs/libX11:=
- x11-libs/libXcomposite:=
- x11-libs/libXcursor:=
- x11-libs/libXdamage:=
- x11-libs/libXext:=
- x11-libs/libXfixes:=
- >=x11-libs/libXi-1.6.0:=
- x11-libs/libXrandr:=
- x11-libs/libXrender:=
- x11-libs/libXtst:=
- x11-libs/libxcb:=
- x11-libs/libxshmfence:=
- vaapi? ( >=x11-libs/libva-2.7:=[X,drm] )
-"
-
-COMMON_DEPEND="
- app-arch/bzip2:=
- cups? ( >=net-print/cups-1.3.11:= )
- dev-libs/expat:=
- dev-libs/glib:2
- >=dev-libs/libxml2-2.9.4-r3:=[icu]
- dev-libs/nspr:=
- >=dev-libs/nss-3.26:=
- >=media-libs/alsa-lib-1.0.19:=
- media-libs/fontconfig:=
- media-libs/freetype:=
- >=media-libs/harfbuzz-2.4.0:0=[icu(-)]
- media-libs/libjpeg-turbo:=
- media-libs/libpng:=
- pulseaudio? ( media-sound/pulseaudio:= )
- system-ffmpeg? (
- >=media-video/ffmpeg-4.3:=
- || (
- media-video/ffmpeg[-samba]
- >=net-fs/samba-4.5.10-r1[-debug(-)]
- )
- >=media-libs/opus-1.3.1:=
- )
- sys-apps/dbus:=
- sys-apps/pciutils:=
- virtual/udev
- x11-libs/cairo:=
- x11-libs/gdk-pixbuf:2
- x11-libs/libxkbcommon:=
- x11-libs/pango:=
- media-libs/flac:=
- >=media-libs/libwebp-0.4.0:=
- sys-libs/zlib:=[minizip]
- kerberos? ( virtual/krb5 )
- !headless? (
- ${COMMON_X_DEPEND}
- >=app-accessibility/at-spi2-atk-2.26:2
- >=app-accessibility/at-spi2-core-2.26:2
- >=dev-libs/atk-2.26
- x11-libs/gtk+:3[X]
- wayland? (
- dev-libs/wayland:=
- screencast? ( media-video/pipewire:0/0.3 )
- x11-libs/gtk+:3[wayland,X]
- x11-libs/libdrm:=
- )
- )
-"
-RDEPEND="${COMMON_DEPEND}
- x11-misc/xdg-utils
- virtual/opengl
- virtual/ttf-fonts
- selinux? ( sec-policy/selinux-chromium )
-"
-DEPEND="${COMMON_DEPEND}
-"
-# dev-vcs/git - https://bugs.gentoo.org/593476
-BDEPEND="
- ${PYTHON_DEPS}
- >=app-arch/gzip-1.7
- app-arch/unzip
- dev-lang/perl
- >=dev-util/gn-0.1807
- dev-vcs/git
- >=dev-util/gperf-3.0.3
- >=dev-util/ninja-1.7.2
- >=net-libs/nodejs-7.6.0[inspector]
- sys-apps/hwids[usb(+)]
- >=sys-devel/bison-2.4.3
- sys-devel/flex
- virtual/pkgconfig
- js-type-check? ( virtual/jre )
-"
-
-# These are intended for ebuild maintainer use to force clang if GCC is broken.
-: ${CHROMIUM_FORCE_CLANG=no}
-: ${CHROMIUM_FORCE_LIBCXX=no}
-
-if [[ ${CHROMIUM_FORCE_CLANG} == yes ]]; then
- BDEPEND+=" >=sys-devel/clang-12"
-fi
-
-if [[ ${CHROMIUM_FORCE_LIBCXX} == yes ]]; then
- RDEPEND+=" >=sys-libs/libcxx-12"
- DEPEND+=" >=sys-libs/libcxx-12"
-else
- COMMON_DEPEND="
- app-arch/snappy:=
- dev-libs/libxslt:=
- >=dev-libs/re2-0.2019.08.01:=
- >=media-libs/openh264-1.6.0:=
- system-icu? ( >=dev-libs/icu-69.1:= )
- "
- RDEPEND+="${COMMON_DEPEND}"
- DEPEND+="${COMMON_DEPEND}"
-fi
-
-if ! has chromium_pkg_die ${EBUILD_DEATH_HOOKS}; then
- EBUILD_DEATH_HOOKS+=" chromium_pkg_die";
-fi
-
-DISABLE_AUTOFORMATTING="yes"
-DOC_CONTENTS="
-Some web pages may require additional fonts to display properly.
-Try installing some of the following packages if some characters
-are not displayed properly:
-- media-fonts/arphicfonts
-- media-fonts/droid
-- media-fonts/ipamonafont
-- media-fonts/noto
-- media-fonts/ja-ipafonts
-- media-fonts/takao-fonts
-- media-fonts/wqy-microhei
-- media-fonts/wqy-zenhei
-
-To fix broken icons on the Downloads page, you should install an icon
-theme that covers the appropriate MIME types, and configure this as your
-GTK+ icon theme.
-
-For native file dialogs in KDE, install kde-apps/kdialog.
-
-To make password storage work with your desktop environment you may
-have install one of the supported credentials management applications:
-- app-crypt/libsecret (GNOME)
-- kde-frameworks/kwallet (KDE)
-If you have one of above packages installed, but don't want to use
-them in Chromium, then add --password-store=basic to CHROMIUM_FLAGS
-in /etc/chromium/default.
-"
-
-pre_build_checks() {
- if [[ ${MERGE_TYPE} != binary ]]; then
- local -x CPP="$(tc-getCXX) -E"
- if tc-is-gcc && ! ver_test "$(gcc-version)" -ge 9.2; then
- die "At least gcc 9.2 is required"
- fi
- if [[ ${CHROMIUM_FORCE_CLANG} == yes ]] || tc-is-clang; then
- CPP="${CHOST}-clang++ -E"
- if ! ver_test "$(clang-major-version)" -ge 12; then
- die "At least clang 12 is required"
- fi
- fi
- fi
-
- # Check build requirements, bug #541816 and bug #471810 .
- CHECKREQS_MEMORY="3G"
- CHECKREQS_DISK_BUILD="8G"
- if ( shopt -s extglob; is-flagq '-g?(gdb)?([1-9])' ); then
- if use custom-cflags || use component-build; then
- CHECKREQS_DISK_BUILD="25G"
- fi
- if ! use component-build; then
- CHECKREQS_MEMORY="16G"
- fi
- fi
- check-reqs_pkg_setup
-}
-
-pkg_pretend() {
- pre_build_checks
-}
-
-pkg_setup() {
- pre_build_checks
-
- chromium_suid_sandbox_check_kernel_config
-
- # nvidia-drivers does not work correctly with Wayland due to unsupported EGLStreams
- if use wayland && ! use headless && has_version "x11-drivers/nvidia-drivers"; then
- ewarn "Proprietary nVidia driver does not work with Wayland. You can disable"
- ewarn "Wayland by setting DISABLE_OZONE_PLATFORM=true in /etc/chromium/default."
- fi
-}
-
-src_prepare() {
- # Calling this here supports resumption via FEATURES=keepwork
- python_setup
-
- local PATCHES=(
- "${WORKDIR}/patches"
- "${FILESDIR}/chromium-89-EnumTable-crash.patch"
- "${FILESDIR}/chromium-91-ThemeService-crash.patch"
- "${FILESDIR}/chromium-91-system-icu.patch"
- "${FILESDIR}/chromium-shim_headers.patch"
- )
-
- # seccomp sandbox is broken if compiled against >=sys-libs/glibc-2.33, bug #769989
- if has_version -d ">=sys-libs/glibc-2.33"; then
- ewarn "Adding experimental glibc-2.33 sandbox patch. Seccomp sandbox might"
- ewarn "still not work correctly. In case of issues, try to disable seccomp"
- ewarn "sandbox by adding --disable-seccomp-filter-sandbox to CHROMIUM_FLAGS"
- ewarn "in /etc/chromium/default."
- PATCHES+=(
- "${FILESDIR}/chromium-glibc-2.33.patch"
- )
- fi
-
- use ppc64 && eapply -p0 "${WORKDIR}/${PN}"-ppc64le
-
- default
-
- mkdir -p third_party/node/linux/node-linux-x64/bin || die
- ln -s "${EPREFIX}"/usr/bin/node third_party/node/linux/node-linux-x64/bin/node || die
-
- # bundled highway library does not support arm64 with GCC
- if use arm64; then
- rm -r third_party/highway/src || die
- ln -s "${WORKDIR}/highway-0.12.1" third_party/highway/src || die
- fi
-
- local keeplibs=(
- base/third_party/cityhash
- base/third_party/double_conversion
- base/third_party/dynamic_annotations
- base/third_party/icu
- base/third_party/nspr
- base/third_party/superfasthash
- base/third_party/symbolize
- base/third_party/valgrind
- base/third_party/xdg_mime
- base/third_party/xdg_user_dirs
- buildtools/third_party/libc++
- buildtools/third_party/libc++abi
- chrome/third_party/mozilla_security_manager
- courgette/third_party
- net/third_party/mozilla_security_manager
- net/third_party/nss
- net/third_party/quic
- net/third_party/uri_template
- third_party/abseil-cpp
- third_party/angle
- third_party/angle/src/common/third_party/base
- third_party/angle/src/common/third_party/smhasher
- third_party/angle/src/common/third_party/xxhash
- third_party/angle/src/third_party/compiler
- third_party/angle/src/third_party/libXNVCtrl
- third_party/angle/src/third_party/trace_event
- third_party/angle/src/third_party/volk
- third_party/apple_apsl
- third_party/axe-core
- third_party/blink
- third_party/boringssl
- third_party/boringssl/src/third_party/fiat
- third_party/breakpad
- third_party/breakpad/breakpad/src/third_party/curl
- third_party/brotli
- third_party/catapult
- third_party/catapult/common/py_vulcanize/third_party/rcssmin
- third_party/catapult/common/py_vulcanize/third_party/rjsmin
- third_party/catapult/third_party/beautifulsoup4
- third_party/catapult/third_party/html5lib-python
- third_party/catapult/third_party/polymer
- third_party/catapult/third_party/six
- third_party/catapult/tracing/third_party/d3
- third_party/catapult/tracing/third_party/gl-matrix
- third_party/catapult/tracing/third_party/jpeg-js
- third_party/catapult/tracing/third_party/jszip
- third_party/catapult/tracing/third_party/mannwhitneyu
- third_party/catapult/tracing/third_party/oboe
- third_party/catapult/tracing/third_party/pako
- third_party/ced
- third_party/cld_3
- third_party/closure_compiler
- third_party/crashpad
- third_party/crashpad/crashpad/third_party/lss
- third_party/crashpad/crashpad/third_party/zlib
- third_party/crc32c
- third_party/cros_system_api
- third_party/dav1d
- third_party/dawn
- third_party/dawn/third_party/khronos
- third_party/depot_tools
- third_party/devscripts
- third_party/devtools-frontend
- third_party/devtools-frontend/src/front_end/third_party/acorn
- third_party/devtools-frontend/src/front_end/third_party/axe-core
- third_party/devtools-frontend/src/front_end/third_party/chromium
- third_party/devtools-frontend/src/front_end/third_party/codemirror
- third_party/devtools-frontend/src/front_end/third_party/fabricjs
- third_party/devtools-frontend/src/front_end/third_party/i18n
- third_party/devtools-frontend/src/front_end/third_party/intl-messageformat
- third_party/devtools-frontend/src/front_end/third_party/lighthouse
- third_party/devtools-frontend/src/front_end/third_party/lit-html
- third_party/devtools-frontend/src/front_end/third_party/lodash-isequal
- third_party/devtools-frontend/src/front_end/third_party/marked
- third_party/devtools-frontend/src/front_end/third_party/puppeteer
- third_party/devtools-frontend/src/front_end/third_party/wasmparser
- third_party/devtools-frontend/src/third_party
- third_party/dom_distiller_js
- third_party/eigen3
- third_party/emoji-segmenter
- third_party/farmhash
- third_party/fdlibm
- third_party/fft2d
- third_party/flatbuffers
- third_party/freetype
- third_party/fusejs
- third_party/highway
- third_party/libgifcodec
- third_party/liburlpattern
- third_party/libzip
- third_party/gemmlowp
- third_party/google_input_tools
- third_party/google_input_tools/third_party/closure_library
- third_party/google_input_tools/third_party/closure_library/third_party/closure
- third_party/googletest
- third_party/harfbuzz-ng/utils
- third_party/hunspell
- third_party/iccjpeg
- third_party/inspector_protocol
- third_party/jinja2
- third_party/jsoncpp
- third_party/jstemplate
- third_party/khronos
- third_party/leveldatabase
- third_party/libXNVCtrl
- third_party/libaddressinput
- third_party/libaom
- third_party/libaom/source/libaom/third_party/fastfeat
- third_party/libaom/source/libaom/third_party/vector
- third_party/libaom/source/libaom/third_party/x86inc
- third_party/libavif
- third_party/libgav1
- third_party/libjingle
- third_party/libjxl
- third_party/libphonenumber
- third_party/libsecret
- third_party/libsrtp
- third_party/libsync
- third_party/libudev
- third_party/libva_protected_content
- third_party/libvpx
- third_party/libvpx/source/libvpx/third_party/x86inc
- third_party/libwebm
- third_party/libx11
- third_party/libxcb-keysyms
- third_party/libxml/chromium
- third_party/libyuv
- third_party/llvm
- third_party/lottie
- third_party/lss
- third_party/lzma_sdk
- third_party/mako
- third_party/markupsafe
- third_party/mesa
- third_party/metrics_proto
- third_party/minigbm
- third_party/modp_b64
- third_party/nasm
- third_party/nearby
- third_party/neon_2_sse
- third_party/node
- third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2
- third_party/one_euro_filter
- third_party/opencv
- third_party/openscreen
- third_party/openscreen/src/third_party/mozilla
- third_party/openscreen/src/third_party/tinycbor/src/src
- third_party/ots
- third_party/pdfium
- third_party/pdfium/third_party/agg23
- third_party/pdfium/third_party/base
- third_party/pdfium/third_party/bigint
- third_party/pdfium/third_party/freetype
- third_party/pdfium/third_party/lcms
- third_party/pdfium/third_party/libopenjpeg20
- third_party/pdfium/third_party/libpng16
- third_party/pdfium/third_party/libtiff
- third_party/pdfium/third_party/skia_shared
- third_party/perfetto
- third_party/perfetto/protos/third_party/chromium
- third_party/pffft
- third_party/ply
- third_party/polymer
- third_party/private-join-and-compute
- third_party/private_membership
- third_party/protobuf
- third_party/protobuf/third_party/six
- third_party/pyjson5
- third_party/qcms
- third_party/rnnoise
- third_party/s2cellid
- third_party/securemessage
- third_party/shell-encryption
- third_party/simplejson
- third_party/skia
- third_party/skia/include/third_party/skcms
- third_party/skia/include/third_party/vulkan
- third_party/skia/third_party/skcms
- third_party/skia/third_party/vulkan
- third_party/smhasher
- third_party/sqlite
- third_party/swiftshader
- third_party/swiftshader/third_party/astc-encoder
- third_party/swiftshader/third_party/llvm-subzero
- third_party/swiftshader/third_party/marl
- third_party/swiftshader/third_party/subzero
- third_party/swiftshader/third_party/SPIRV-Headers/include/spirv/unified1
- third_party/tcmalloc
- third_party/tensorflow-text
- third_party/tflite
- third_party/tflite/src/third_party/eigen3
- third_party/tflite/src/third_party/fft2d
- third_party/tflite-support
- third_party/tint
- third_party/ruy
- third_party/ukey2
- third_party/unrar
- third_party/usrsctp
- third_party/utf
- third_party/vulkan
- third_party/web-animations-js
- third_party/webdriver
- third_party/webgpu-cts
- third_party/webrtc
- third_party/webrtc/common_audio/third_party/ooura
- third_party/webrtc/common_audio/third_party/spl_sqrt_floor
- third_party/webrtc/modules/third_party/fft
- third_party/webrtc/modules/third_party/g711
- third_party/webrtc/modules/third_party/g722
- third_party/webrtc/rtc_base/third_party/base64
- third_party/webrtc/rtc_base/third_party/sigslot
- third_party/widevine
- third_party/woff2
- third_party/wuffs
- third_party/x11proto
- third_party/xcbproto
- third_party/zxcvbn-cpp
- third_party/zlib/google
- tools/grit/third_party/six
- url/third_party/mozilla
- v8/src/third_party/siphash
- v8/src/third_party/valgrind
- v8/src/third_party/utf8-decoder
- v8/third_party/inspector_protocol
- v8/third_party/v8
-
- # gyp -> gn leftovers
- base/third_party/libevent
- third_party/speech-dispatcher
- third_party/usb_ids
- third_party/xdg-utils
- )
- if ! use system-ffmpeg; then
- keeplibs+=( third_party/ffmpeg third_party/opus )
- fi
- if ! use system-icu; then
- keeplibs+=( third_party/icu )
- fi
- if use wayland && ! use headless ; then
- keeplibs+=( third_party/wayland )
- fi
- if [[ ${CHROMIUM_FORCE_LIBCXX} == yes ]]; then
- keeplibs+=( third_party/libxml )
- keeplibs+=( third_party/libxslt )
- keeplibs+=( third_party/openh264 )
- keeplibs+=( third_party/re2 )
- keeplibs+=( third_party/snappy )
- if use system-icu; then
- keeplibs+=( third_party/icu )
- fi
- fi
- if use arm64 || use ppc64 ; then
- keeplibs+=( third_party/swiftshader/third_party/llvm-10.0 )
- fi
- # we need to generate ppc64 stuff because upstream does not ship it yet
- # it has to be done before unbundling.
- if use ppc64; then
- pushd third_party/libvpx >/dev/null || die
- mkdir -p source/config/linux/ppc64 || die
- ./generate_gni.sh || die
- popd >/dev/null || die
- fi
-
- # Remove most bundled libraries. Some are still needed.
- build/linux/unbundle/remove_bundled_libraries.py "${keeplibs[@]}" --do-remove || die
-
- if use js-type-check; then
- ln -s "${EPREFIX}"/usr/bin/java third_party/jdk/current/bin/java || die
- fi
-}
-
-src_configure() {
- # Calling this here supports resumption via FEATURES=keepwork
- python_setup
-
- local myconf_gn=""
-
- # Make sure the build system will use the right tools, bug #340795.
- tc-export AR CC CXX NM
-
- if [[ ${CHROMIUM_FORCE_CLANG} == yes ]] && ! tc-is-clang; then
- # Force clang since gcc is pretty broken at the moment.
- CC=${CHOST}-clang
- CXX=${CHOST}-clang++
- strip-unsupported-flags
- fi
-
- if tc-is-clang; then
- myconf_gn+=" is_clang=true clang_use_chrome_plugins=false"
- else
- if [[ ${CHROMIUM_FORCE_LIBCXX} == yes ]]; then
- die "Compiling with sys-libs/libcxx requires clang."
- fi
- myconf_gn+=" is_clang=false"
- fi
-
- # Define a custom toolchain for GN
- myconf_gn+=" custom_toolchain=\"//build/toolchain/linux/unbundle:default\""
-
- if tc-is-cross-compiler; then
- tc-export BUILD_{AR,CC,CXX,NM}
- myconf_gn+=" host_toolchain=\"//build/toolchain/linux/unbundle:host\""
- myconf_gn+=" v8_snapshot_toolchain=\"//build/toolchain/linux/unbundle:host\""
- else
- myconf_gn+=" host_toolchain=\"//build/toolchain/linux/unbundle:default\""
- fi
-
- # GN needs explicit config for Debug/Release as opposed to inferring it from build directory.
- myconf_gn+=" is_debug=false"
-
- # Component build isn't generally intended for use by end users. It's mostly useful
- # for development and debugging.
- myconf_gn+=" is_component_build=$(usex component-build true false)"
-
- # Disable nacl, we can't build without pnacl (http://crbug.com/269560).
- myconf_gn+=" enable_nacl=false"
-
- # Use system-provided libraries.
- # TODO: freetype -- remove sources (https://bugs.chromium.org/p/pdfium/issues/detail?id=733).
- # TODO: use_system_hunspell (upstream changes needed).
- # TODO: use_system_libsrtp (bug #459932).
- # TODO: use_system_protobuf (bug #525560).
- # TODO: use_system_ssl (http://crbug.com/58087).
- # TODO: use_system_sqlite (http://crbug.com/22208).
-
- # libevent: https://bugs.gentoo.org/593458
- local gn_system_libraries=(
- flac
- fontconfig
- freetype
- # Need harfbuzz_from_pkgconfig target
- #harfbuzz-ng
- libdrm
- libjpeg
- libpng
- libwebp
- zlib
- )
- if use system-ffmpeg; then
- gn_system_libraries+=( ffmpeg opus )
- fi
- if use system-icu; then
- gn_system_libraries+=( icu )
- fi
- if [[ ${CHROMIUM_FORCE_LIBCXX} != yes ]]; then
- # unbundle only without libc++, because libc++ is not fully ABI compatible with libstdc++
- gn_system_libraries+=( libxml )
- gn_system_libraries+=( libxslt )
- gn_system_libraries+=( openh264 )
- gn_system_libraries+=( re2 )
- gn_system_libraries+=( snappy )
- fi
- build/linux/unbundle/replace_gn_files.py --system-libraries "${gn_system_libraries[@]}" || die
-
- # See dependency logic in third_party/BUILD.gn
- myconf_gn+=" use_system_harfbuzz=true"
-
- # Disable deprecated libgnome-keyring dependency, bug #713012
- myconf_gn+=" use_gnome_keyring=false"
-
- # Optional dependencies.
- myconf_gn+=" enable_js_type_check=$(usex js-type-check true false)"
- myconf_gn+=" enable_hangout_services_extension=$(usex hangouts true false)"
- myconf_gn+=" enable_widevine=$(usex widevine true false)"
- myconf_gn+=" use_cups=$(usex cups true false)"
- myconf_gn+=" use_kerberos=$(usex kerberos true false)"
- myconf_gn+=" use_pulseaudio=$(usex pulseaudio true false)"
- myconf_gn+=" use_vaapi=$(usex vaapi true false)"
- myconf_gn+=" rtc_use_pipewire=$(usex screencast true false) rtc_pipewire_version=\"0.3\""
-
- # TODO: link_pulseaudio=true for GN.
-
- myconf_gn+=" fieldtrial_testing_like_official_build=true"
-
- # Never use bundled gold binary. Disable gold linker flags for now.
- # Do not use bundled clang.
- # Trying to use gold results in linker crash.
- myconf_gn+=" use_gold=false use_sysroot=false use_custom_libcxx=false"
-
- # Disable forced lld, bug 641556
- myconf_gn+=" use_lld=false"
-
- # Disable pseudolocales, only used for testing
- myconf_gn+=" enable_pseudolocales=false"
-
- ffmpeg_branding="$(usex proprietary-codecs Chrome Chromium)"
- myconf_gn+=" proprietary_codecs=$(usex proprietary-codecs true false)"
- myconf_gn+=" ffmpeg_branding=\"${ffmpeg_branding}\""
-
- # Set up Google API keys, see http://www.chromium.org/developers/how-tos/api-keys .
- # Note: these are for Gentoo use ONLY. For your own distribution,
- # please get your own set of keys. Feel free to contact chromium@gentoo.org
- # for more info.
- local google_api_key="AIzaSyDEAOvatFo0eTgsV_ZlEzx0ObmepsMzfAc"
- local google_default_client_id="329227923882.apps.googleusercontent.com"
- local google_default_client_secret="vgKG0NNv7GoDpbtoFNLxCUXu"
- myconf_gn+=" google_api_key=\"${google_api_key}\""
- myconf_gn+=" google_default_client_id=\"${google_default_client_id}\""
- myconf_gn+=" google_default_client_secret=\"${google_default_client_secret}\""
- local myarch="$(tc-arch)"
-
- # Avoid CFLAGS problems, bug #352457, bug #390147.
- if ! use custom-cflags; then
- replace-flags "-Os" "-O2"
- strip-flags
-
- # Debug info section overflows without component build
- # Prevent linker from running out of address space, bug #471810 .
- if ! use component-build || use x86; then
- filter-flags "-g*"
- fi
-
- # Prevent libvpx build failures. Bug 530248, 544702, 546984.
- if [[ ${myarch} == amd64 || ${myarch} == x86 ]]; then
- filter-flags -mno-mmx -mno-sse2 -mno-ssse3 -mno-sse4.1 -mno-avx -mno-avx2 -mno-fma -mno-fma4
- fi
- fi
-
- if [[ ${CHROMIUM_FORCE_LIBCXX} == yes ]]; then
- append-flags -stdlib=libc++
- append-ldflags -stdlib=libc++
- fi
-
- if [[ $myarch = amd64 ]] ; then
- myconf_gn+=" target_cpu=\"x64\""
- ffmpeg_target_arch=x64
- elif [[ $myarch = x86 ]] ; then
- myconf_gn+=" target_cpu=\"x86\""
- ffmpeg_target_arch=ia32
-
- # This is normally defined by compiler_cpu_abi in
- # build/config/compiler/BUILD.gn, but we patch that part out.
- append-flags -msse2 -mfpmath=sse -mmmx
- elif [[ $myarch = arm64 ]] ; then
- myconf_gn+=" target_cpu=\"arm64\""
- ffmpeg_target_arch=arm64
- elif [[ $myarch = arm ]] ; then
- myconf_gn+=" target_cpu=\"arm\""
- ffmpeg_target_arch=$(usex cpu_flags_arm_neon arm-neon arm)
- elif [[ $myarch = ppc64 ]] ; then
- myconf_gn+=" target_cpu=\"ppc64\""
- ffmpeg_target_arch=ppc64
- else
- die "Failed to determine target arch, got '$myarch'."
- fi
-
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- myconf_gn+=" treat_warnings_as_errors=false"
-
- # Disable fatal linker warnings, bug 506268.
- myconf_gn+=" fatal_linker_warnings=false"
-
- # Bug 491582.
- export TMPDIR="${WORKDIR}/temp"
- mkdir -p -m 755 "${TMPDIR}" || die
-
- # https://bugs.gentoo.org/654216
- addpredict /dev/dri/ #nowarn
-
- #if ! use system-ffmpeg; then
- if false; then
- local build_ffmpeg_args=""
- if use pic && [[ "${ffmpeg_target_arch}" == "ia32" ]]; then
- build_ffmpeg_args+=" --disable-asm"
- fi
-
- # Re-configure bundled ffmpeg. See bug #491378 for example reasons.
- einfo "Configuring bundled ffmpeg..."
- pushd third_party/ffmpeg > /dev/null || die
- chromium/scripts/build_ffmpeg.py linux ${ffmpeg_target_arch} \
- --branding ${ffmpeg_branding} -- ${build_ffmpeg_args} || die
- chromium/scripts/copy_config.sh || die
- chromium/scripts/generate_gn.py || die
- popd > /dev/null || die
- fi
-
- # Chromium relies on this, but was disabled in >=clang-10, crbug.com/1042470
- append-cxxflags $(test-flags-CXX -flax-vector-conversions=all)
-
- # highway/libjxl relies on this with arm64
- if use arm64 && tc-is-gcc; then
- append-cxxflags -flax-vector-conversions
- fi
-
- # highway/libjxl fail on ppc64 without extra patches, disable for now.
- use ppc64 && myconf_gn+=" enable_jxl_decoder=false"
-
- # Disable unknown warning message from clang.
- tc-is-clang && append-flags -Wno-unknown-warning-option
-
- # Explicitly disable ICU data file support for system-icu builds.
- if use system-icu; then
- myconf_gn+=" icu_use_data_file=false"
- fi
-
- # Enable ozone wayland and/or headless support
- myconf_gn+=" use_ozone=true ozone_auto_platforms=false"
- myconf_gn+=" ozone_platform_headless=true"
- if use wayland || use headless; then
- if use headless; then
- myconf_gn+=" ozone_platform=\"headless\""
- myconf_gn+=" use_x11=false"
- else
- myconf_gn+=" ozone_platform_wayland=true"
- myconf_gn+=" use_system_libdrm=true"
- myconf_gn+=" use_system_minigbm=true"
- myconf_gn+=" use_xkbcommon=true"
- myconf_gn+=" ozone_platform=\"wayland\""
- fi
- fi
-
- # Enable official builds
- myconf_gn+=" is_official_build=$(usex official true false)"
- myconf_gn+=" use_thin_lto=false"
- if use official; then
- # Allow building against system libraries in official builds
- sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
- tools/generate_shim_headers/generate_shim_headers.py || die
- # Disable CFI: unsupported for GCC, requires clang+lto+lld
- myconf_gn+=" is_cfi=false"
- # Disable PGO, because profile data is only compatible with >=clang-11
- myconf_gn+=" chrome_pgo_phase=0"
- fi
-
- einfo "Configuring Chromium..."
- set -- gn gen --args="${myconf_gn} ${EXTRA_GN}" out/Release
- echo "$@"
- "$@" || die
-}
-
-src_compile() {
- # Final link uses lots of file descriptors.
- ulimit -n 2048
-
- # Calling this here supports resumption via FEATURES=keepwork
- python_setup
-
- # https://bugs.gentoo.org/717456
- # don't inherit PYTHONPATH from environment, bug #789021
- local -x PYTHONPATH="${WORKDIR}/setuptools-44.1.0"
-
- #"${EPYTHON}" tools/clang/scripts/update.py --force-local-build --gcc-toolchain /usr --skip-checkout --use-system-cmake --without-android || die
-
- # Build mksnapshot and pax-mark it.
- local x
- for x in mksnapshot v8_context_snapshot_generator; do
- if tc-is-cross-compiler; then
- eninja -C out/Release "host/${x}"
- pax-mark m "out/Release/host/${x}"
- else
- eninja -C out/Release "${x}"
- pax-mark m "out/Release/${x}"
- fi
- done
-
- # Even though ninja autodetects number of CPUs, we respect
- # user's options, for debugging with -j 1 or any other reason.
- eninja -C out/Release chrome chromedriver
- use suid && eninja -C out/Release chrome_sandbox
-
- pax-mark m out/Release/chrome
-
- # Build manpage; bug #684550
- sed -e 's|@@PACKAGE@@|chromium-browser|g;
- s|@@MENUNAME@@|Chromium|g;' \
- chrome/app/resources/manpage.1.in > \
- out/Release/chromium-browser.1 || die
-
- # Build desktop file; bug #706786
- sed -e 's|@@MENUNAME@@|Chromium|g;
- s|@@USR_BIN_SYMLINK_NAME@@|chromium-browser|g;
- s|@@PACKAGE@@|chromium-browser|g;
- s|\(^Exec=\)/usr/bin/|\1|g;' \
- chrome/installer/linux/common/desktop.template > \
- out/Release/chromium-browser-chromium.desktop || die
-}
-
-src_install() {
- local CHROMIUM_HOME="/usr/$(get_libdir)/chromium-browser"
- exeinto "${CHROMIUM_HOME}"
- doexe out/Release/chrome
-
- if use suid; then
- newexe out/Release/chrome_sandbox chrome-sandbox
- fperms 4755 "${CHROMIUM_HOME}/chrome-sandbox"
- fi
-
- doexe out/Release/chromedriver
-
- local sedargs=( -e
- "s:/usr/lib/:/usr/$(get_libdir)/:g;
- s:@@OZONE_AUTO_SESSION@@:$(usex wayland true false):g;
- s:@@FORCE_OZONE_PLATFORM@@:$(usex headless true false):g"
- )
- sed "${sedargs[@]}" "${FILESDIR}/chromium-launcher-r6.sh" > chromium-launcher.sh || die
- doexe chromium-launcher.sh
-
- # It is important that we name the target "chromium-browser",
- # xdg-utils expect it; bug #355517.
- dosym "${CHROMIUM_HOME}/chromium-launcher.sh" /usr/bin/chromium-browser
- # keep the old symlink around for consistency
- dosym "${CHROMIUM_HOME}/chromium-launcher.sh" /usr/bin/chromium
-
- dosym "${CHROMIUM_HOME}/chromedriver" /usr/bin/chromedriver
-
- # Allow users to override command-line options, bug #357629.
- insinto /etc/chromium
- newins "${FILESDIR}/chromium.default" "default"
-
- pushd out/Release/locales > /dev/null || die
- chromium_remove_language_paks
- popd
-
- insinto "${CHROMIUM_HOME}"
- doins out/Release/*.bin
- doins out/Release/*.pak
- (
- shopt -s nullglob
- local files=(out/Release/*.so out/Release/*.so.[0-9])
- [[ ${#files[@]} -gt 0 ]] && doins "${files[@]}"
- )
-
- if ! use system-icu; then
- doins out/Release/icudtl.dat
- fi
-
- doins -r out/Release/locales
- doins -r out/Release/resources
-
- if [[ -d out/Release/swiftshader ]]; then
- insinto "${CHROMIUM_HOME}/swiftshader"
- doins out/Release/swiftshader/*.so
- fi
-
- # Install icons
- local branding size
- for size in 16 24 32 48 64 128 256 ; do
- case ${size} in
- 16|32) branding="chrome/app/theme/default_100_percent/chromium" ;;
- *) branding="chrome/app/theme/chromium" ;;
- esac
- newicon -s ${size} "${branding}/product_logo_${size}.png" \
- chromium-browser.png
- done
-
- # Install desktop entry
- domenu out/Release/chromium-browser-chromium.desktop
-
- # Install GNOME default application entry (bug #303100).
- insinto /usr/share/gnome-control-center/default-apps
- newins "${FILESDIR}"/chromium-browser.xml chromium-browser.xml
-
- # Install manpage; bug #684550
- doman out/Release/chromium-browser.1
- dosym chromium-browser.1 /usr/share/man/man1/chromium.1
-
- readme.gentoo_create_doc
-}
-
-pkg_postrm() {
- xdg_icon_cache_update
- xdg_desktop_database_update
-}
-
-pkg_postinst() {
- xdg_icon_cache_update
- xdg_desktop_database_update
- readme.gentoo_print_elog
-
- if use vaapi; then
- elog "VA-API is disabled by default at runtime. You have to enable it"
- elog "by adding --enable-features=VaapiVideoDecoder to CHROMIUM_FLAGS"
- elog "in /etc/chromium/default."
- fi
- if use screencast; then
- elog "Screencast is disabled by default at runtime. Either enable it"
- elog "by navigating to chrome://flags/#enable-webrtc-pipewire-capturer"
- elog "inside Chromium or add --enable-webrtc-pipewire-capturer"
- elog "to CHROMIUM_FLAGS in /etc/chromium/default."
- fi
-}
diff --git a/www-client/chromium/files/chromium-89-EnumTable-crash.patch b/www-client/chromium/files/chromium-89-EnumTable-crash.patch
deleted file mode 100644
index 89a50702dfae..000000000000
--- a/www-client/chromium/files/chromium-89-EnumTable-crash.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-diff --git a/components/cast_channel/enum_table.h b/components/cast_channel/enum_table.h
-index e3130c7..2ad16ea 100644
---- a/components/cast_channel/enum_table.h
-+++ b/components/cast_channel/enum_table.h
-@@ -212,7 +212,7 @@ class
-
- template <typename E>
- friend class EnumTable;
-- DISALLOW_COPY_AND_ASSIGN(GenericEnumTableEntry);
-+ DISALLOW_ASSIGN(GenericEnumTableEntry);
- };
-
- // Yes, these constructors really needs to be inlined. Even though they look
-@@ -250,8 +250,7 @@ class EnumTable {
- // Constructor for regular entries.
- constexpr Entry(E value, base::StringPiece str)
- : GenericEnumTableEntry(static_cast<int32_t>(value), str) {}
--
-- DISALLOW_COPY_AND_ASSIGN(Entry);
-+ DISALLOW_ASSIGN(Entry);
- };
-
- static_assert(sizeof(E) <= sizeof(int32_t),
-@@ -306,15 +305,14 @@ class EnumTable {
- if (is_sorted_) {
- const std::size_t index = static_cast<std::size_t>(value);
- if (ANALYZER_ASSUME_TRUE(index < data_.size())) {
-- const auto& entry = data_.begin()[index];
-+ const auto& entry = data_[index];
- if (ANALYZER_ASSUME_TRUE(entry.has_str()))
- return entry.str();
- }
- return base::nullopt;
- }
- return GenericEnumTableEntry::FindByValue(
-- reinterpret_cast<const GenericEnumTableEntry*>(data_.begin()),
-- data_.size(), static_cast<int32_t>(value));
-+ &data_[0], data_.size(), static_cast<int32_t>(value));
- }
-
- // This overload of GetString is designed for cases where the argument is a
-@@ -342,8 +340,7 @@ class EnumTable {
- // enum value directly.
- base::Optional<E> GetEnum(base::StringPiece str) const {
- auto* entry = GenericEnumTableEntry::FindByString(
-- reinterpret_cast<const GenericEnumTableEntry*>(data_.begin()),
-- data_.size(), str);
-+ &data_[0], data_.size(), str);
- return entry ? static_cast<E>(entry->value) : base::Optional<E>();
- }
-
-@@ -358,7 +355,7 @@ class EnumTable {
- // Align the data on a cache line boundary.
- alignas(64)
- #endif
-- std::initializer_list<Entry> data_;
-+ const std::vector<Entry> data_;
- bool is_sorted_;
-
- constexpr EnumTable(std::initializer_list<Entry> data, bool is_sorted)
-@@ -370,8 +367,8 @@ class EnumTable {
-
- for (std::size_t i = 0; i < data.size(); i++) {
- for (std::size_t j = i + 1; j < data.size(); j++) {
-- const Entry& ei = data.begin()[i];
-- const Entry& ej = data.begin()[j];
-+ const Entry& ei = data[i];
-+ const Entry& ej = data[j];
- DCHECK(ei.value != ej.value)
- << "Found duplicate enum values at indices " << i << " and " << j;
- DCHECK(!(ei.has_str() && ej.has_str() && ei.str() == ej.str()))
diff --git a/www-client/chromium/files/chromium-91-ThemeService-crash.patch b/www-client/chromium/files/chromium-91-ThemeService-crash.patch
deleted file mode 100644
index 455aef33e785..000000000000
--- a/www-client/chromium/files/chromium-91-ThemeService-crash.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 265192616d494ed586df9123ceb63389a7c48916 Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 06:20:25 +0000
-Subject: [PATCH] fix crash in theme_service
-
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/chrome/browser/themes/theme_service.h b/chrome/browser/themes/theme_service.h
-index 592d40a..337dfac 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
---
-2.26.3
-
diff --git a/www-client/chromium/files/chromium-91-system-icu.patch b/www-client/chromium/files/chromium-91-system-icu.patch
deleted file mode 100644
index 797ee33b374b..000000000000
--- a/www-client/chromium/files/chromium-91-system-icu.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From a0ddb153bdaf0ef83c8bfec744fedb97bf4ccfd0 Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Fri, 16 Apr 2021 14:09:29 +0000
-Subject: [PATCH] [unbundle] Use char16_t as UCHAR_TYPE
-
-Overriding UCHAR_TYPE was dropped with:
-https://chromium-review.googlesource.com/c/chromium/deps/icu/+/2732628
----
- build/linux/unbundle/icu.gn | 19 +++++++------------
- 1 file changed, 7 insertions(+), 12 deletions(-)
-
-diff --git a/build/linux/unbundle/icu.gn b/build/linux/unbundle/icu.gn
-index 0f52fc1..33a0121 100644
---- a/build/linux/unbundle/icu.gn
-+++ b/build/linux/unbundle/icu.gn
-@@ -16,7 +16,6 @@ config("icu_config") {
- defines = [
- "USING_SYSTEM_ICU=1",
- "ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC",
-- "UCHAR_TYPE=uint16_t",
-
- # U_EXPORT (defined in unicode/platform.h) is used to set public visibility
- # on classes through the U_COMMON_API and U_I18N_API macros (among others).
- ]
- }
-
---
-2.26.3
-
diff --git a/www-client/chromium/files/chromium-glibc-2.33.patch b/www-client/chromium/files/chromium-glibc-2.33.patch
deleted file mode 100644
index 26e8003968d1..000000000000
--- a/www-client/chromium/files/chromium-glibc-2.33.patch
+++ /dev/null
@@ -1,141 +0,0 @@
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_