From 0dd9dad819588b47b3b389fe7ae9b5596a230244 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Sun, 17 Nov 2019 16:56:55 -0500 Subject: [PATCH 1/2] allow clock_nanosleep through seccomp (bz #1773289) --- ...ium-78.0.3904.97-glibc-clock-nanosleep.patch | 17 +++++++++++++++++ chromium.spec | 9 ++++++++- 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 chromium-78.0.3904.97-glibc-clock-nanosleep.patch diff --git a/chromium-78.0.3904.97-glibc-clock-nanosleep.patch b/chromium-78.0.3904.97-glibc-clock-nanosleep.patch new file mode 100644 index 00000000..8aee2aaa --- /dev/null +++ b/chromium-78.0.3904.97-glibc-clock-nanosleep.patch @@ -0,0 +1,17 @@ +diff -up chromium-78.0.3904.97/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.glibc-clock-nanosleep chromium-78.0.3904.97/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +--- chromium-78.0.3904.97/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc.glibc-clock-nanosleep 2019-11-17 16:48:03.463997928 -0500 ++++ chromium-78.0.3904.97/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc 2019-11-17 16:48:37.057222139 -0500 +@@ -32,12 +32,12 @@ bool SyscallSets::IsAllowedGettime(int s + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + case __NR_time: + #endif ++ case __NR_clock_nanosleep: + return true; + case __NR_adjtimex: // Privileged. + case __NR_clock_adjtime: // Privileged. + case __NR_clock_getres: // Could be allowed. + case __NR_clock_gettime: +- case __NR_clock_nanosleep: // Could be allowed. + case __NR_clock_settime: // Privileged. + #if defined(__i386__) || \ + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) diff --git a/chromium.spec b/chromium.spec index b2af49f1..20e58f99 100644 --- a/chromium.spec +++ b/chromium.spec @@ -168,7 +168,7 @@ Name: chromium%{chromium_channel}%{nsuffix} Name: chromium%{chromium_channel} %endif Version: %{majorversion}.0.3904.97 -Release: 1%{?dist} +Release: 2%{?dist} %if %{?freeworld} %if %{?shared} # chromium-libs-media-freeworld @@ -255,6 +255,9 @@ Patch67: chromium-78.0.3904.70-v8-tracedreference-fix.patch Patch68: v8-implement-tracedreference.patch # https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/files/chromium-77-clang.patch Patch69: chromium-77-clang.patch +# Needs upstreaming +Patch70: chromium-78.0.3904.97-glibc-clock-nanosleep.patch + # Use lstdc++ on EPEL7 only Patch101: chromium-75.0.3770.100-epel7-stdc++.patch @@ -806,6 +809,7 @@ udev. %patch67 -p1 -b .implement-TraceWrapperV8Reference-without-destructor %patch68 -p1 -b .v8-implement-tracedreference %patch69 -p1 -b .clang-supports-location-builtins +%patch70 -p1 -b .glibc-clock-nanosleep # Fedora branded user agent %if 0%{?fedora} @@ -1726,6 +1730,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %changelog +* Sun Nov 17 2019 Tom Callaway - 78.0.3904.97-2 +- allow clock_nanosleep through seccomp (bz #1773289) + * Thu Nov 7 2019 Tom Callaway - 78.0.3904.97-1 - update to 78.0.3904.97 From 43425ae37ffeba53e5e13ada3a300dafad288d1c Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Mon, 25 Nov 2019 14:09:36 -0500 Subject: [PATCH 2/2] update to 78.0.3904.108 --- chromium.spec | 7 +++++-- sources | 3 +-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/chromium.spec b/chromium.spec index 20e58f99..e17afa9f 100644 --- a/chromium.spec +++ b/chromium.spec @@ -167,8 +167,8 @@ Name: chromium%{chromium_channel}%{nsuffix} %else Name: chromium%{chromium_channel} %endif -Version: %{majorversion}.0.3904.97 -Release: 2%{?dist} +Version: %{majorversion}.0.3904.108 +Release: 1%{?dist} %if %{?freeworld} %if %{?shared} # chromium-libs-media-freeworld @@ -1730,6 +1730,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %changelog +* Mon Nov 25 2019 Tom Callaway - 78.0.3904.108-1 +- update to 78.0.3904.108 + * Sun Nov 17 2019 Tom Callaway - 78.0.3904.97-2 - allow clock_nanosleep through seccomp (bz #1773289) diff --git a/sources b/sources index 3900065b..53357b4f 100644 --- a/sources +++ b/sources @@ -17,5 +17,4 @@ SHA512 (Tinos-Italic.ttf) = d4f4f096110ef98a781a2a0e0d319317e5f84e650fe6f4d4f6b0 SHA512 (Tinos-Regular.ttf) = 58085c5dac6d067d60ba2ab3220c4a0cc1efcf279cadfcfb8746a5e5fa1a6f6daa62750dc2051b3b2d8a51b4d2e9bb0f66594caf2253c0870ed9c7286fa45e8f SHA512 (Ahem.ttf) = aeb64b10ab9c87860714cb60b4900254b13dc52c51319256a1a3722c882026ab7c616bf628fbc2fe14e38a6003f3a481af60b52a7ed62071d28ddaf428e4e3fd SHA512 (node-v8.9.1-linux-x64.tar.gz) = a707fd4567041c56e7f9d415e505e3fa650627f31def7fefdd7ec50f9e7066bb33332b67f479e1159d85e1105a7e6d034aad7429f4f3d034c9161170d7e0b844 -SHA512 (chromium-78.0.3904.87-clean.tar.xz) = ebd2a1440c36e9272b52b11ddfa596ce3d7b7a3a914970ebd4ce98d5bb862625ab61c392a9ea277ae8f791185d98d84ff5797db77bb80fa305b847e549035893 -SHA512 (chromium-78.0.3904.97-clean.tar.xz) = 5872fec9533726e031d41086b008f616a936818ee341ac6818081450b123874cc4dbd20e29afbd4b45acb79a6fb4d2b240b394804d23539c26eedca76d8d2124 +SHA512 (chromium-78.0.3904.108-clean.tar.xz) = 9bc6309309f745119946788e3efe9291511fef6e476022ac297582648ce7de16cad6a1485e132410059c1266ae6791659b927e18727a9c22f07fc52efcf0c907