92.0.4515.159, clone3 fix, python3 everywhere we can

chromium-92-clang-format.patch

@@ -0,0 +1,25 @@
+--- a/buildtools/linux64/clang-format.orig	2021-08-23 09:18:56.269570955 +0200
++++ b/buildtools/linux64/clang-format	2021-08-23 09:17:55.531190516 +0200
+@@ -10,9 +10,9 @@
+ args = sys.argv[1:]
+ inputfiles = [a for a in args if not a.startswith('-')]
+ 
+-contents = ''
++contents = b''
+ if '-' in args or not inputfiles:
+-    contents = sys.stdin.read()
++    contents = sys.stdin.buffer.read()
+ 
+ # Tarball builds may or may not have depot_tools in $PATH. In the former case,
+ # running 'clang-format' will call back into this script infinitely. Strip off
+@@ -34,8 +34,8 @@
+     stdout, stderr = proc.communicate(input=contents)
+     # Ignore if clang-format fails. Eg: it may be too old to support C++14.
+     if proc.returncode == 0:
+-        sys.stdout.write(stdout)
+-        sys.stderr.write(stderr)
++        sys.stdout.buffer.write(stdout)
++        sys.stderr.buffer.write(stderr)
+         sys.exit(0)
+ except OSError:
+     # Ignore if clang-format is not installed.

chromium-92.0.4515.107-sandbox-clone3.patch

@@ -0,0 +1,16 @@
+diff -up chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.clone3 chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+--- chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.clone3	2021-08-16 09:05:35.836277326 -0400
++++ chromium-92.0.4515.107/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc	2021-08-16 09:06:17.420502628 -0400
+@@ -178,6 +178,12 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+     return RestrictCloneToThreadsAndEPERMFork();
+   }
+ 
++  // clone3 takes a pointer argument which we cannot examine, so return ENOSYS
++  // to force the libc to use clone. See https://crbug.com/1213452.
++  if (sysno == __NR_clone3) {
++    return Error(ENOSYS);
++  }
++
+   if (sysno == __NR_fcntl)
+     return RestrictFcntlCommands();
+ 

chromium.spec

@@ -225,7 +225,7 @@ Name:		chromium%{chromium_channel}%{nsuffix}
 %else
 Name:		chromium%{chromium_channel}
 %endif
-Version:	%{majorversion}.0.4515.107
+Version:	%{majorversion}.0.4515.159
 Release:	1%{?dist}
 %if %{?freeworld}
 %if %{?shared}
@@ -327,6 +327,13 @@ Patch82:	chromium-92-v8-constexpr.patch
 Patch83:	chromium-92.0.4515.107-py3-fixes.patch
 # Fix build with Freetype 2.11
 Patch84:	https://gitweb.gentoo.org/repo/gentoo.git/plain/www-client/chromium/files/chromium-freetype-2.11.patch
+# https://bugs.chromium.org/p/chromium/issues/detail?id=1213452
+# https://chromium.googlesource.com/chromium/src/sandbox/+/482404adee4fc0487452c7ae5ac9c192b0f4fd30%5E%21/#F0
+# Needed for F35+, but safe everywhere
+Patch85:	chromium-92.0.4515.107-sandbox-clone3.patch
+# Clean up clang-format for python3
+# thanks to Jon Nettleton
+Patch86:	chromium-92-clang-format.patch
 
 # Use lstdc++ on EPEL7 only
 Patch101:	chromium-75.0.3770.100-epel7-stdc++.patch
@@ -354,7 +361,6 @@ Patch109:	chromium-90.0.4430.93-epel7-erase-fix.patch
 # AARCH64 neon symbols need to be prefixed too to prevent multiple definition issue at linktime
 Patch110:	chromium-90.0.4430.93-epel8-aarch64-libpng16-symbol-prefixes.patch
 
-
 # VAAPI
 # Upstream turned VAAPI on in Linux in 86
 Patch202:	chromium-89.0.4389.72-enable-hardware-accelerated-mjpeg.patch
@@ -996,6 +1002,8 @@ udev.
 %patch82 -p1 -b .v8-constexpr
 %patch83 -p1 -b .py3fixes
 %patch84 -p1 -b .freetype-2.11
+%patch85 -p1 -b .clone3
+%patch86 -p1 -b .clang-format-py3
 
 # Fedora branded user agent
 %if 0%{?fedora}
@@ -2074,6 +2082,13 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 
 
 %changelog
+* Tue Aug 17 2021 Tom Callaway <spot@fedoraproject.org> - 92.0.4515.159-1
+- update to 92.0.4515.159
+
+* Mon Aug 16 2021 Tom Callaway <spot@fedoraproject.org> - 92.0.4515.131-1
+- update to 92.0.4515.131
+- apply upstream fix for clone3 crash
+
 * Mon Jul 26 2021 Tom Callaway <spot@fedoraproject.org> - 92.0.4515.107-1
 - update to 92.0.4515.107
 - drop python2 deps (finally)

sources

@@ -20,4 +20,4 @@ SHA512 (xcb-proto-1.14.tar.xz) = de66d568163b6da2be9d6c59984f3afa3acd119a7813786
 SHA512 (depot_tools.git-master.tar.gz) = dc323888812b66cc92c53a24a8a58ccf9e2961be67aa21852bd091b8b49569071f06ae9104cb58950e6253ac3a29f0db0663e9f35ef2b1ea28696efb38b42708
 SHA512 (NotoSansSymbols2-Regular.ttf) = 2644b42c3fdccfe12395f9b61553aced169a0f1dc09f5a0fd7898e9d0a372ee4422b6b1cdab3c86ecc91db437e9ae8a951e64e85edc3ac9e9fca428852dbb2ad
 SHA512 (NotoSansTibetan-Regular.ttf) = fb5a48fcaea80eebe7d692f6fcf00d59d47658a358d0ec8e046fc559873f88bd595b2da474d2826abd9e9305f3741c69058d867b1e6048f37fe7d71b5d3af36a
-SHA512 (chromium-92.0.4515.107-clean.tar.xz) = c0da154919e48970f1edde7cabeded907bcd1992c58924fefbfd891ad12aa06e3c643589d89b48d375de507bddf3d01d843a50a0b9376cadbb5a98a651e6d02a
+SHA512 (chromium-92.0.4515.159-clean.tar.xz) = e5062c35c55232f672008d7c4a06daa69a92e0ed4104ea78e60280e2d7d20bcbf1b52c33229fd3b81983b02cbc949d188e5385b6250662248e11660d1fced31d