Tom Callaway
5 years ago
parent
5cbc3dd135
commit
6944f231ef
@ -1,12 +0,0 @@
|
||||
diff -up chromium-71.0.3578.98/third_party/tcmalloc/gperftools-2.0/chromium/src/base/linux_syscall_support.h.gcc9 chromium-71.0.3578.98/third_party/tcmalloc/gperftools-2.0/chromium/src/base/linux_syscall_support.h
|
||||
--- chromium-71.0.3578.98/third_party/tcmalloc/gperftools-2.0/chromium/src/base/linux_syscall_support.h.gcc9 2019-01-08 13:27:25.193614727 -0500
|
||||
+++ chromium-71.0.3578.98/third_party/tcmalloc/gperftools-2.0/chromium/src/base/linux_syscall_support.h 2019-01-08 13:27:35.161392234 -0500
|
||||
@@ -1231,7 +1231,7 @@ typedef unsigned long int ulong;
|
||||
"d"(LSS_SYSCALL_ARG(parent_tidptr)),
|
||||
"r"(LSS_SYSCALL_ARG(newtls)),
|
||||
"r"(LSS_SYSCALL_ARG(child_tidptr))
|
||||
- : "rsp", "memory", "r8", "r10", "r11", "rcx");
|
||||
+ : "memory", "r8", "r10", "r11", "rcx");
|
||||
}
|
||||
LSS_RETURN(int, __res);
|
||||
}
|
||||
@ -1,14 +0,0 @@
|
||||
diff -up chromium-76.0.3809.100/third_party/blink/renderer/core/css/css_property_value_set.h.gcc-no-alignas chromium-76.0.3809.100/third_party/blink/renderer/core/css/css_property_value_set.h
|
||||
--- chromium-76.0.3809.100/third_party/blink/renderer/core/css/css_property_value_set.h.gcc-no-alignas 2019-08-09 16:48:13.000000000 +0200
|
||||
+++ chromium-76.0.3809.100/third_party/blink/renderer/core/css/css_property_value_set.h 2019-08-15 21:04:30.231532746 +0200
|
||||
@@ -176,8 +176,8 @@ class CSSLazyPropertyParser
|
||||
DISALLOW_COPY_AND_ASSIGN(CSSLazyPropertyParser);
|
||||
};
|
||||
|
||||
-class CORE_EXPORT alignas(Member<const CSSValue>) alignas(
|
||||
- CSSPropertyValueMetadata) ImmutableCSSPropertyValueSet
|
||||
+class CORE_EXPORT ALIGNAS(alignof(Member<const CSSValue>))
|
||||
+ ALIGNAS(alignof(CSSPropertyValueMetadata)) ImmutableCSSPropertyValueSet
|
||||
: public CSSPropertyValueSet {
|
||||
public:
|
||||
ImmutableCSSPropertyValueSet(const CSSPropertyValue*,
|
||||
@ -1,11 +0,0 @@
|
||||
diff -up chromium-76.0.3809.100/net/quic/platform/impl/quic_default_proof_providers_impl.cc.vtable-symbol-undefined chromium-76.0.3809.100/net/quic/platform/impl/quic_default_proof_providers_impl.cc
|
||||
--- chromium-76.0.3809.100/net/quic/platform/impl/quic_default_proof_providers_impl.cc.vtable-symbol-undefined 2019-08-20 21:21:24.901899270 +0200
|
||||
+++ chromium-76.0.3809.100/net/quic/platform/impl/quic_default_proof_providers_impl.cc 2019-08-20 21:19:30.361746211 +0200
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "net/quic/crypto/proof_verifier_chromium.h"
|
||||
#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
|
||||
#include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h"
|
||||
+#include "net/quic/platform/impl/quic_flags_impl.cc"
|
||||
|
||||
DEFINE_QUIC_COMMAND_LINE_FLAG(std::string,
|
||||
certificate_file,
|
||||
@ -1,539 +0,0 @@
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager_browsertest.cc.certificate-transparency chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager_browsertest.cc
|
||||
--- chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager_browsertest.cc.certificate-transparency 2019-09-12 16:09:52.818635106 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager_browsertest.cc 2019-09-12 16:11:07.662562005 +0200
|
||||
@@ -21,6 +21,7 @@
|
||||
#include "components/version_info/version_info.h"
|
||||
#include "content/public/common/content_switches.h"
|
||||
#include "content/public/common/user_agent.h"
|
||||
+#include "services/network/public/cpp/network_service_buildflags.h"
|
||||
#include "services/network/public/mojom/network_context.mojom.h"
|
||||
#include "services/network/public/mojom/network_service.mojom.h"
|
||||
#include "testing/gmock/include/gmock/gmock.h"
|
||||
@@ -356,3 +357,55 @@ IN_PROC_BROWSER_TEST_P(SystemNetworkCont
|
||||
INSTANTIATE_TEST_SUITE_P(,
|
||||
SystemNetworkContextManagerFreezeQUICUaBrowsertest,
|
||||
::testing::Values(true, false));
|
||||
+
|
||||
+class SystemNetworkContextManagerCertificateTransparencyBrowsertest
|
||||
+ : public SystemNetworkContextManagerBrowsertest,
|
||||
+ public testing::WithParamInterface<base::Optional<bool>> {
|
||||
+ public:
|
||||
+ SystemNetworkContextManagerCertificateTransparencyBrowsertest() {
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ GetParam());
|
||||
+ }
|
||||
+ ~SystemNetworkContextManagerCertificateTransparencyBrowsertest() override {
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ base::nullopt);
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
+#if BUILDFLAG(IS_CT_SUPPORTED)
|
||||
+IN_PROC_BROWSER_TEST_P(
|
||||
+ SystemNetworkContextManagerCertificateTransparencyBrowsertest,
|
||||
+ CertificateTransparencyConfig) {
|
||||
+ network::mojom::NetworkContextParamsPtr context_params =
|
||||
+ g_browser_process->system_network_context_manager()
|
||||
+ ->CreateDefaultNetworkContextParams();
|
||||
+
|
||||
+ const bool kDefault =
|
||||
+#if defined(GOOGLE_CHROME_BUILD) && defined(OFFICIAL_BUILD) && \
|
||||
+ !defined(OS_ANDROID)
|
||||
+ true;
|
||||
+#else
|
||||
+ false;
|
||||
+#endif
|
||||
+
|
||||
+ EXPECT_EQ(GetParam().value_or(kDefault),
|
||||
+ context_params->enforce_chrome_ct_policy);
|
||||
+ EXPECT_NE(GetParam().value_or(kDefault), context_params->ct_logs.empty());
|
||||
+
|
||||
+ if (GetParam().value_or(kDefault)) {
|
||||
+ bool has_google_log = false;
|
||||
+ bool has_disqualified_log = false;
|
||||
+ for (const auto& ct_log : context_params->ct_logs) {
|
||||
+ has_google_log |= ct_log->operated_by_google;
|
||||
+ has_disqualified_log |= ct_log->disqualified_at.has_value();
|
||||
+ }
|
||||
+ EXPECT_TRUE(has_google_log);
|
||||
+ EXPECT_TRUE(has_disqualified_log);
|
||||
+ }
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
+INSTANTIATE_TEST_SUITE_P(
|
||||
+ ,
|
||||
+ SystemNetworkContextManagerCertificateTransparencyBrowsertest,
|
||||
+ ::testing::Values(base::nullopt, true, false));
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.cc.certificate-transparency chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.cc
|
||||
--- chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.cc.certificate-transparency 2019-09-09 23:55:09.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.cc 2019-09-12 16:09:52.819635118 +0200
|
||||
@@ -4,11 +4,13 @@
|
||||
|
||||
#include "chrome/browser/net/system_network_context_manager.h"
|
||||
|
||||
+#include <algorithm>
|
||||
#include <set>
|
||||
#include <unordered_map>
|
||||
#include <utility>
|
||||
|
||||
#include "base/bind.h"
|
||||
+#include "base/build_time.h"
|
||||
#include "base/command_line.h"
|
||||
#include "base/feature_list.h"
|
||||
#include "base/logging.h"
|
||||
@@ -50,6 +52,7 @@
|
||||
#include "content/public/common/mime_handler_view_mode.h"
|
||||
#include "content/public/common/service_names.mojom.h"
|
||||
#include "content/public/common/user_agent.h"
|
||||
+#include "crypto/sha2.h"
|
||||
#include "mojo/public/cpp/bindings/associated_interface_ptr.h"
|
||||
#include "net/dns/public/util.h"
|
||||
#include "net/net_buildflags.h"
|
||||
@@ -79,6 +82,20 @@
|
||||
|
||||
namespace {
|
||||
|
||||
+constexpr bool kCertificateTransparencyEnabled =
|
||||
+#if defined(GOOGLE_CHROME_BUILD) && defined(OFFICIAL_BUILD) && \
|
||||
+ !defined(OS_ANDROID)
|
||||
+ // Certificate Transparency is only enabled if:
|
||||
+ // - Desktop (!OS_ANDROID); OS_IOS does not use this file
|
||||
+ // - base::GetBuildTime() is deterministic to the source (OFFICIAL_BUILD)
|
||||
+ // - The build in reliably updatable (GOOGLE_CHROME_BUILD)
|
||||
+ true;
|
||||
+#else
|
||||
+ false;
|
||||
+#endif
|
||||
+
|
||||
+bool g_enable_certificate_transparency = kCertificateTransparencyEnabled;
|
||||
+
|
||||
// The global instance of the SystemNetworkContextmanager.
|
||||
SystemNetworkContextManager* g_system_network_context_manager = nullptr;
|
||||
|
||||
@@ -658,14 +675,35 @@ SystemNetworkContextManager::CreateDefau
|
||||
|
||||
bool http_09_on_non_default_ports_enabled = false;
|
||||
#if !defined(OS_ANDROID)
|
||||
- // CT is only enabled on Desktop platforms for now.
|
||||
- network_context_params->enforce_chrome_ct_policy = true;
|
||||
- for (const auto& ct_log : certificate_transparency::GetKnownLogs()) {
|
||||
- // TODO(rsleevi): https://crbug.com/702062 - Remove this duplication.
|
||||
- network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New();
|
||||
- log_info->public_key = std::string(ct_log.log_key, ct_log.log_key_length);
|
||||
- log_info->name = ct_log.log_name;
|
||||
- network_context_params->ct_logs.push_back(std::move(log_info));
|
||||
+
|
||||
+ if (g_enable_certificate_transparency) {
|
||||
+ network_context_params->enforce_chrome_ct_policy = true;
|
||||
+ network_context_params->ct_log_update_time = base::GetBuildTime();
|
||||
+
|
||||
+ std::vector<std::string> operated_by_google_logs =
|
||||
+ certificate_transparency::GetLogsOperatedByGoogle();
|
||||
+ std::vector<std::pair<std::string, base::TimeDelta>> disqualified_logs =
|
||||
+ certificate_transparency::GetDisqualifiedLogs();
|
||||
+ for (const auto& ct_log : certificate_transparency::GetKnownLogs()) {
|
||||
+ // TODO(rsleevi): https://crbug.com/702062 - Remove this duplication.
|
||||
+ network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New();
|
||||
+ log_info->public_key = std::string(ct_log.log_key, ct_log.log_key_length);
|
||||
+ log_info->name = ct_log.log_name;
|
||||
+
|
||||
+ std::string log_id = crypto::SHA256HashString(log_info->public_key);
|
||||
+ log_info->operated_by_google =
|
||||
+ std::binary_search(std::begin(operated_by_google_logs),
|
||||
+ std::end(operated_by_google_logs), log_id);
|
||||
+ auto it = std::lower_bound(
|
||||
+ std::begin(disqualified_logs), std::end(disqualified_logs), log_id,
|
||||
+ [](const auto& disqualified_log, const std::string& log_id) {
|
||||
+ return disqualified_log.first < log_id;
|
||||
+ });
|
||||
+ if (it != std::end(disqualified_logs) && it->first == log_id) {
|
||||
+ log_info->disqualified_at = it->second;
|
||||
+ }
|
||||
+ network_context_params->ct_logs.push_back(std::move(log_info));
|
||||
+ }
|
||||
}
|
||||
|
||||
const base::Value* value =
|
||||
@@ -723,6 +761,12 @@ SystemNetworkContextManager::GetHttpAuth
|
||||
return CreateHttpAuthDynamicParams(g_browser_process->local_state());
|
||||
}
|
||||
|
||||
+void SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ base::Optional<bool> enabled) {
|
||||
+ g_enable_certificate_transparency =
|
||||
+ enabled.value_or(kCertificateTransparencyEnabled);
|
||||
+}
|
||||
+
|
||||
network::mojom::NetworkContextParamsPtr
|
||||
SystemNetworkContextManager::CreateNetworkContextParams() {
|
||||
// TODO(mmenke): Set up parameters here (in memory cookie store, etc).
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.h.certificate-transparency chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.h
|
||||
--- chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.h.certificate-transparency 2019-09-09 23:55:09.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/net/system_network_context_manager.h 2019-09-12 16:09:52.819635118 +0200
|
||||
@@ -139,6 +139,12 @@ class SystemNetworkContextManager {
|
||||
static network::mojom::HttpAuthDynamicParamsPtr
|
||||
GetHttpAuthDynamicParamsForTesting();
|
||||
|
||||
+ // Enables Certificate Transparency and enforcing the Chrome Certificate
|
||||
+ // Transparency Policy. For test use only. Use base::nullopt_t to reset to
|
||||
+ // the default state.
|
||||
+ static void SetEnableCertificateTransparencyForTesting(
|
||||
+ base::Optional<bool> enabled);
|
||||
+
|
||||
private:
|
||||
class URLLoaderFactoryForSystem;
|
||||
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/policy/policy_browsertest.cc.certificate-transparency chromium-77.0.3865.75/chrome/browser/policy/policy_browsertest.cc
|
||||
--- chromium-77.0.3865.75/chrome/browser/policy/policy_browsertest.cc.certificate-transparency 2019-09-09 23:55:10.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/policy/policy_browsertest.cc 2019-09-12 16:09:52.820635131 +0200
|
||||
@@ -4836,7 +4836,7 @@ IN_PROC_BROWSER_TEST_F(PolicyTest,
|
||||
browser()->tab_strip_model()->GetActiveWebContents()->GetTitle());
|
||||
}
|
||||
|
||||
-IN_PROC_BROWSER_TEST_F(PolicyTest,
|
||||
+IN_PROC_BROWSER_TEST_F(CertificateTransparencyPolicyTest,
|
||||
CertificateTransparencyEnforcementDisabledForCas) {
|
||||
net::EmbeddedTestServer https_server_ok(net::EmbeddedTestServer::TYPE_HTTPS);
|
||||
https_server_ok.SetSSLConfig(net::EmbeddedTestServer::CERT_OK);
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc.certificate-transparency chromium-77.0.3865.75/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc
|
||||
--- chromium-77.0.3865.75/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc.certificate-transparency 2019-09-09 23:55:10.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/ssl/chrome_expect_ct_reporter_browsertest.cc 2019-09-12 16:09:52.821635143 +0200
|
||||
@@ -8,6 +8,7 @@
|
||||
#include "base/callback.h"
|
||||
#include "base/run_loop.h"
|
||||
#include "base/test/scoped_feature_list.h"
|
||||
+#include "chrome/browser/net/system_network_context_manager.h"
|
||||
#include "chrome/browser/profiles/profile.h"
|
||||
#include "chrome/browser/ssl/cert_verifier_browser_test.h"
|
||||
#include "chrome/browser/ui/browser.h"
|
||||
@@ -27,7 +28,17 @@ namespace {
|
||||
// received by a server.
|
||||
class ExpectCTBrowserTest : public CertVerifierBrowserTest {
|
||||
public:
|
||||
- ExpectCTBrowserTest() : CertVerifierBrowserTest() {}
|
||||
+ ExpectCTBrowserTest() : CertVerifierBrowserTest() {
|
||||
+ // Expect-CT reporting depends on actually enforcing Certificate
|
||||
+ // Transparency.
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ true);
|
||||
+ }
|
||||
+
|
||||
+ ~ExpectCTBrowserTest() override {
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ base::nullopt);
|
||||
+ }
|
||||
|
||||
void SetUpOnMainThread() override {
|
||||
run_loop_ = std::make_unique<base::RunLoop>();
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/ssl/security_state_tab_helper_browsertest.cc.certificate-transparency chromium-77.0.3865.75/chrome/browser/ssl/security_state_tab_helper_browsertest.cc
|
||||
--- chromium-77.0.3865.75/chrome/browser/ssl/security_state_tab_helper_browsertest.cc.certificate-transparency 2019-09-09 23:55:10.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/ssl/security_state_tab_helper_browsertest.cc 2019-09-12 16:09:52.821635143 +0200
|
||||
@@ -433,6 +433,13 @@ class SecurityStateTabHelperTest : publi
|
||||
SecurityStateTabHelperTest()
|
||||
: https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
|
||||
https_server_.ServeFilesFromSourceDirectory(GetChromeTestDataDir());
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ true);
|
||||
+ }
|
||||
+
|
||||
+ ~SecurityStateTabHelperTest() override {
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ base::nullopt);
|
||||
}
|
||||
|
||||
void SetUpOnMainThread() override {
|
||||
diff -up chromium-77.0.3865.75/chrome/browser/ssl/ssl_browsertest.cc.certificate-transparency chromium-77.0.3865.75/chrome/browser/ssl/ssl_browsertest.cc
|
||||
--- chromium-77.0.3865.75/chrome/browser/ssl/ssl_browsertest.cc.certificate-transparency 2019-09-09 23:55:10.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/chrome/browser/ssl/ssl_browsertest.cc 2019-09-12 16:09:52.822635155 +0200
|
||||
@@ -1853,8 +1853,14 @@ class CertificateTransparencySSLUITest :
|
||||
public:
|
||||
CertificateTransparencySSLUITest()
|
||||
: CertVerifierBrowserTest(),
|
||||
- https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {}
|
||||
- ~CertificateTransparencySSLUITest() override {}
|
||||
+ https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ true);
|
||||
+ }
|
||||
+ ~CertificateTransparencySSLUITest() override {
|
||||
+ SystemNetworkContextManager::SetEnableCertificateTransparencyForTesting(
|
||||
+ base::nullopt);
|
||||
+ }
|
||||
|
||||
void SetUpOnMainThread() override {
|
||||
CertVerifierBrowserTest::SetUpOnMainThread();
|
||||
diff -up chromium-77.0.3865.75/components/certificate_transparency/chrome_ct_policy_enforcer.h.certificate-transparency chromium-77.0.3865.75/components/certificate_transparency/chrome_ct_policy_enforcer.h
|
||||
--- chromium-77.0.3865.75/components/certificate_transparency/chrome_ct_policy_enforcer.h.certificate-transparency 2019-09-09 23:55:14.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/components/certificate_transparency/chrome_ct_policy_enforcer.h 2019-09-12 16:09:52.823635168 +0200
|
||||
@@ -45,6 +45,19 @@ class ChromeCTPolicyEnforcer : public ne
|
||||
|
||||
void SetClockForTesting(const base::Clock* clock) { clock_ = clock; }
|
||||
|
||||
+ // TODO(https://crbug.com/999240): These are exposed to allow end-to-end
|
||||
+ // testing by higher layers (i.e. that the ChromeCTPolicyEnforcer is
|
||||
+ // correctly constructed). When either this issue or https://crbug.com/848277
|
||||
+ // are fixed, the configuration can be tested independently, and these can
|
||||
+ // be removed.
|
||||
+ const std::vector<std::string>& operated_by_google_logs_for_testing() {
|
||||
+ return operated_by_google_logs_;
|
||||
+ }
|
||||
+ const std::vector<std::pair<std::string, base::TimeDelta>>&
|
||||
+ disqualified_logs_for_testing() {
|
||||
+ return disqualified_logs_;
|
||||
+ }
|
||||
+
|
||||
private:
|
||||
// Returns true if the log identified by |log_id| (the SHA-256 hash of the
|
||||
// log's DER-encoded SPKI) has been disqualified, and sets
|
||||
diff -up chromium-77.0.3865.75/services/network/network_context.cc.certificate-transparency chromium-77.0.3865.75/services/network/network_context.cc
|
||||
--- chromium-77.0.3865.75/services/network/network_context.cc.certificate-transparency 2019-09-09 23:55:22.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/services/network/network_context.cc 2019-09-12 16:09:52.823635168 +0200
|
||||
@@ -36,6 +36,7 @@
|
||||
#include "components/prefs/pref_registry_simple.h"
|
||||
#include "components/prefs/pref_service.h"
|
||||
#include "components/prefs/pref_service_factory.h"
|
||||
+#include "crypto/sha2.h"
|
||||
#include "mojo/public/cpp/bindings/strong_binding.h"
|
||||
#include "net/base/layered_network_delegate.h"
|
||||
#include "net/base/load_flags.h"
|
||||
@@ -1877,16 +1878,6 @@ URLRequestContextOwner NetworkContext::A
|
||||
base::FeatureList::IsEnabled(features::kNetworkErrorLogging));
|
||||
#endif // BUILDFLAG(ENABLE_REPORTING)
|
||||
|
||||
-#if BUILDFLAG(IS_CT_SUPPORTED)
|
||||
- if (params_->enforce_chrome_ct_policy) {
|
||||
- builder->set_ct_policy_enforcer(
|
||||
- std::make_unique<certificate_transparency::ChromeCTPolicyEnforcer>(
|
||||
- base::GetBuildTime(),
|
||||
- certificate_transparency::GetDisqualifiedLogs(),
|
||||
- certificate_transparency::GetLogsOperatedByGoogle()));
|
||||
- }
|
||||
-#endif // BUILDFLAG(IS_CT_SUPPORTED)
|
||||
-
|
||||
net::HttpNetworkSession::Params session_params;
|
||||
bool is_quic_force_disabled = false;
|
||||
if (network_service_ && network_service_->quic_disabled())
|
||||
@@ -1936,8 +1927,20 @@ URLRequestContextOwner NetworkContext::A
|
||||
|
||||
#if BUILDFLAG(IS_CT_SUPPORTED)
|
||||
std::vector<scoped_refptr<const net::CTLogVerifier>> ct_logs;
|
||||
+ std::vector<std::pair<std::string, base::TimeDelta>> disqualified_logs;
|
||||
+ std::vector<std::string> operated_by_google_logs;
|
||||
+
|
||||
if (!params_->ct_logs.empty()) {
|
||||
for (const auto& log : params_->ct_logs) {
|
||||
+ if (log->operated_by_google || log->disqualified_at) {
|
||||
+ std::string log_id = crypto::SHA256HashString(log->public_key);
|
||||
+ if (log->operated_by_google)
|
||||
+ operated_by_google_logs.push_back(log_id);
|
||||
+ if (log->disqualified_at) {
|
||||
+ disqualified_logs.push_back(
|
||||
+ std::make_pair(log_id, log->disqualified_at.value()));
|
||||
+ }
|
||||
+ }
|
||||
scoped_refptr<const net::CTLogVerifier> log_verifier =
|
||||
net::CTLogVerifier::Create(log->public_key, log->name);
|
||||
if (!log_verifier) {
|
||||
@@ -1950,6 +1953,17 @@ URLRequestContextOwner NetworkContext::A
|
||||
ct_verifier->AddLogs(ct_logs);
|
||||
builder->set_ct_verifier(std::move(ct_verifier));
|
||||
}
|
||||
+
|
||||
+ if (params_->enforce_chrome_ct_policy) {
|
||||
+ std::sort(std::begin(operated_by_google_logs),
|
||||
+ std::end(operated_by_google_logs));
|
||||
+ std::sort(std::begin(disqualified_logs), std::end(disqualified_logs));
|
||||
+
|
||||
+ builder->set_ct_policy_enforcer(
|
||||
+ std::make_unique<certificate_transparency::ChromeCTPolicyEnforcer>(
|
||||
+ params_->ct_log_update_time, disqualified_logs,
|
||||
+ operated_by_google_logs));
|
||||
+ }
|
||||
#endif // BUILDFLAG(IS_CT_SUPPORTED)
|
||||
|
||||
const base::CommandLine* command_line =
|
||||
diff -up chromium-77.0.3865.75/services/network/network_context_unittest.cc.certificate-transparency chromium-77.0.3865.75/services/network/network_context_unittest.cc
|
||||
--- chromium-77.0.3865.75/services/network/network_context_unittest.cc.certificate-transparency 2019-09-09 23:55:22.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/services/network/network_context_unittest.cc 2019-09-12 16:13:10.479056669 +0200
|
||||
@@ -2,6 +2,7 @@
|
||||
// Use of this source code is governed by a BSD-style license that can be
|
||||
// found in the LICENSE file.
|
||||
|
||||
+#include <algorithm>
|
||||
#include <map>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
@@ -38,10 +39,12 @@
|
||||
#include "base/threading/thread_task_runner_handle.h"
|
||||
#include "base/time/default_clock.h"
|
||||
#include "base/time/default_tick_clock.h"
|
||||
+#include "base/time/time.h"
|
||||
#include "build/build_config.h"
|
||||
#include "components/network_session_configurator/browser/network_session_configurator.h"
|
||||
#include "components/network_session_configurator/common/network_switches.h"
|
||||
#include "components/prefs/testing_pref_service.h"
|
||||
+#include "crypto/sha2.h"
|
||||
#include "mojo/public/cpp/bindings/remote.h"
|
||||
#include "mojo/public/cpp/bindings/self_owned_receiver.h"
|
||||
#include "mojo/public/cpp/system/data_pipe_utils.h"
|
||||
@@ -115,6 +118,11 @@
|
||||
#include "url/scheme_host_port.h"
|
||||
#include "url/url_constants.h"
|
||||
|
||||
+#if BUILDFLAG(IS_CT_SUPPORTED)
|
||||
+#include "components/certificate_transparency/chrome_ct_policy_enforcer.h"
|
||||
+#include "services/network/public/mojom/ct_log_info.mojom.h"
|
||||
+#endif
|
||||
+
|
||||
#if !BUILDFLAG(DISABLE_FTP_SUPPORT)
|
||||
#include "net/ftp/ftp_auth_cache.h"
|
||||
#endif // !BUILDFLAG(DISABLE_FTP_SUPPORT)
|
||||
@@ -5958,6 +5966,72 @@ TEST_F(NetworkContextSplitCacheTest,
|
||||
true /* was_cached */, true /* is_navigation */);
|
||||
}
|
||||
|
||||
+#if BUILDFLAG(IS_CT_SUPPORTED)
|
||||
+TEST_F(NetworkContextTest, CertificateTransparencyConfig) {
|
||||
+ mojom::NetworkContextParamsPtr params = CreateContextParams();
|
||||
+ params->enforce_chrome_ct_policy = true;
|
||||
+ params->ct_log_update_time = base::Time::Now();
|
||||
+
|
||||
+ // The log public keys do not matter for the test, so invalid keys are used.
|
||||
+ // However, because the log IDs are derived from the SHA-256 hash of the log
|
||||
+ // key, the log keys are generated such that qualified logs are in the form
|
||||
+ // of four digits (e.g. "0000", "1111"), while disqualified logs are in the
|
||||
+ // form of four letters (e.g. "AAAA", "BBBB").
|
||||
+
|
||||
+ for (int i = 0; i < 6; ++i) {
|
||||
+ network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New();
|
||||
+ // Shift to ASCII '0' (0x30)
|
||||
+ log_info->public_key = std::string(4, 0x30 + static_cast<char>(i));
|
||||
+ log_info->name = std::string(4, 0x30 + static_cast<char>(i));
|
||||
+ log_info->operated_by_google = i % 2;
|
||||
+
|
||||
+ params->ct_logs.push_back(std::move(log_info));
|
||||
+ }
|
||||
+ for (int i = 0; i < 3; ++i) {
|
||||
+ network::mojom::CTLogInfoPtr log_info = network::mojom::CTLogInfo::New();
|
||||
+ // Shift to ASCII 'A' (0x41)
|
||||
+ log_info->public_key = std::string(4, 0x41 + static_cast<char>(i));
|
||||
+ log_info->name = std::string(4, 0x41 + static_cast<char>(i));
|
||||
+ log_info->operated_by_google = false;
|
||||
+ log_info->disqualified_at = base::TimeDelta::FromSeconds(i);
|
||||
+
|
||||
+ params->ct_logs.push_back(std::move(log_info));
|
||||
+ }
|
||||
+ std::unique_ptr<NetworkContext> network_context =
|
||||
+ CreateContextWithParams(std::move(params));
|
||||
+
|
||||
+ net::CTPolicyEnforcer* request_enforcer =
|
||||
+ network_context->url_request_context()->ct_policy_enforcer();
|
||||
+ ASSERT_TRUE(request_enforcer);
|
||||
+
|
||||
+ // Completely unsafe if |enforce_chrome_ct_policy| is false.
|
||||
+ certificate_transparency::ChromeCTPolicyEnforcer* policy_enforcer =
|
||||
+ reinterpret_cast<certificate_transparency::ChromeCTPolicyEnforcer*>(
|
||||
+ request_enforcer);
|
||||
+
|
||||
+ EXPECT_TRUE(std::is_sorted(
|
||||
+ policy_enforcer->operated_by_google_logs_for_testing().begin(),
|
||||
+ policy_enforcer->operated_by_google_logs_for_testing().end()));
|
||||
+ EXPECT_TRUE(
|
||||
+ std::is_sorted(policy_enforcer->disqualified_logs_for_testing().begin(),
|
||||
+ policy_enforcer->disqualified_logs_for_testing().end()));
|
||||
+
|
||||
+ EXPECT_THAT(
|
||||
+ policy_enforcer->operated_by_google_logs_for_testing(),
|
||||
+ ::testing::UnorderedElementsAreArray({crypto::SHA256HashString("1111"),
|
||||
+ crypto::SHA256HashString("3333"),
|
||||
+ crypto::SHA256HashString("5555")}));
|
||||
+ EXPECT_THAT(policy_enforcer->disqualified_logs_for_testing(),
|
||||
+ ::testing::UnorderedElementsAre(
|
||||
+ ::testing::Pair(crypto::SHA256HashString("AAAA"),
|
||||
+ base::TimeDelta::FromSeconds(0)),
|
||||
+ ::testing::Pair(crypto::SHA256HashString("BBBB"),
|
||||
+ base::TimeDelta::FromSeconds(1)),
|
||||
+ ::testing::Pair(crypto::SHA256HashString("CCCC"),
|
||||
+ base::TimeDelta::FromSeconds(2))));
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
} // namespace
|
||||
|
||||
} // namespace network
|
||||
diff -up chromium-77.0.3865.75/services/network/public/mojom/ct_log_info.mojom.certificate-transparency chromium-77.0.3865.75/services/network/public/mojom/ct_log_info.mojom
|
||||
--- chromium-77.0.3865.75/services/network/public/mojom/ct_log_info.mojom.certificate-transparency 2019-09-09 23:55:22.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/services/network/public/mojom/ct_log_info.mojom 2019-09-12 16:09:52.824635180 +0200
|
||||
@@ -4,6 +4,8 @@
|
||||
|
||||
module network.mojom;
|
||||
|
||||
+import "mojo/public/mojom/base/time.mojom";
|
||||
+
|
||||
// A single Certificate Transparency Log configuration.
|
||||
struct CTLogInfo {
|
||||
// The DER-encoded SubjectPublicKeyInfo of the log.
|
||||
@@ -14,4 +16,13 @@ struct CTLogInfo {
|
||||
// The human-readable, log-supplied log name. Note that this will not be
|
||||
// translated.
|
||||
string name;
|
||||
+
|
||||
+ // Whether or not the log should should be considered a Google Log for the
|
||||
+ // purposes of enforcing the "Certificate Transparency in Chrome" policy.
|
||||
+ bool operated_by_google = false;
|
||||
+
|
||||
+ // If set, the time since the Unix Epoch when the log was disqualified. This
|
||||
+ // is used to determine the "once or currently qualified" status of the log.
|
||||
+ // If the log is currently qualified, this will not be set.
|
||||
+ mojo_base.mojom.TimeDelta? disqualified_at;
|
||||
};
|
||||
diff -up chromium-77.0.3865.75/services/network/public/mojom/network_context.mojom.certificate-transparency chromium-77.0.3865.75/services/network/public/mojom/network_context.mojom
|
||||
--- chromium-77.0.3865.75/services/network/public/mojom/network_context.mojom.certificate-transparency 2019-09-09 23:55:22.000000000 +0200
|
||||
+++ chromium-77.0.3865.75/services/network/public/mojom/network_context.mojom 2019-09-12 16:09:52.825635192 +0200
|
||||
@@ -239,15 +239,6 @@ struct NetworkContextParams {
|
||||
[EnableIf=is_android]
|
||||
bool check_clear_text_permitted = false;
|
||||
|
||||
- // True if the "Certificate Transparency in Chrome" policy (see
|
||||
- // https://github.com/chromium/ct-policy/blob/master/ct_policy.md) should
|
||||
- // be enforced for certificates and connections.
|
||||
- //
|
||||
- // See //net/docs/certificate-transparency.md before setting this flag to
|
||||
- // true.
|
||||
- [EnableIf=is_ct_supported]
|
||||
- bool enforce_chrome_ct_policy = false;
|
||||
-
|
||||
// Enables HTTP/0.9 on ports other than 80 for HTTP and 443 for HTTPS.
|
||||
bool http_09_on_non_default_ports_enabled = false;
|
||||
|
||||
@@ -300,6 +291,15 @@ struct NetworkContextParams {
|
||||
// servers, so they can discover misconfigurations.
|
||||
bool enable_certificate_reporting = false;
|
||||
|
||||
+ // True if the "Certificate Transparency in Chrome" policy (see
|
||||
+ // https://github.com/chromium/ct-policy/blob/master/ct_policy.md) should
|
||||
+ // be enforced for certificates and connections.
|
||||
+ //
|
||||
+ // See //net/docs/certificate-transparency.md before setting this flag to
|
||||
+ // true.
|
||||
+ [EnableIf=is_ct_supported]
|
||||
+ bool enforce_chrome_ct_policy = false;
|
||||
+
|
||||
// Enables Expect CT reporting, which sends reports for opted-in sites that
|
||||
// don't serve sufficient Certificate Transparency information.
|
||||
[EnableIf=is_ct_supported]
|
||||
@@ -311,6 +311,13 @@ struct NetworkContextParams {
|
||||
[EnableIf=is_ct_supported]
|
||||
array<CTLogInfo> ct_logs;
|
||||
|
||||
+ // When the Certificate Transparency logs in |ct_logs| were last updated. If
|
||||
+ // |enforce_chrome_ct_policy| is set, and |ct_log_update_time| is not
|
||||
+ // sufficiently recent, enforcement of the "Certificate Transparency in
|
||||
+ // Chrome" policy will be disabled.
|
||||
+ [EnableIf=is_ct_supported]
|
||||
+ mojo_base.mojom.Time ct_log_update_time;
|
||||
+
|
||||
// Specifies the path to the directory where NSS will store its database.
|
||||
[EnableIf=is_chromeos]
|
||||
mojo_base.mojom.FilePath? nss_path;
|
||||
@ -1,61 +0,0 @@
|
||||
From f08cb0022527081c078e8b96062e6c9b4fbda151 Mon Sep 17 00:00:00 2001
|
||||
From: Jose Dapena Paz <jose.dapena@lge.com>
|
||||
Date: Fri, 26 Jul 2019 16:48:06 +0000
|
||||
Subject: [PATCH] BinaryUploadService: change parameter passing that cannot afford abstract class
|
||||
|
||||
The method UploadForDeepScanning gets a Request as parameter. But Request is an
|
||||
abstract class, so GCC will not allow that declaration (polimorphycs should be
|
||||
passed by reference). Use std::unique_ptr so BinaryUploadService can assume
|
||||
ownership.
|
||||
|
||||
Bug: 819294
|
||||
Change-Id: I9e8c75cc92b01abd704d9049b0421555377da5ba
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1713550
|
||||
Reviewed-by: Daniel Rubery <drubery@chromium.org>
|
||||
Commit-Queue: José Dapena Paz <jose.dapena@lge.com>
|
||||
Cr-Commit-Position: refs/heads/master@{#681333}
|
||||
---
|
||||
|
||||
diff --git a/chrome/browser/safe_browsing/download_protection/binary_upload_service.cc b/chrome/browser/safe_browsing/download_protection/binary_upload_service.cc
|
||||
index 6430c89..4e90487 100644
|
||||
--- a/chrome/browser/safe_browsing/download_protection/binary_upload_service.cc
|
||||
+++ b/chrome/browser/safe_browsing/download_protection/binary_upload_service.cc
|
||||
@@ -10,7 +10,7 @@
|
||||
namespace safe_browsing {
|
||||
|
||||
void BinaryUploadService::UploadForDeepScanning(
|
||||
- BinaryUploadService::Request request) {
|
||||
+ std::unique_ptr<BinaryUploadService::Request> request) {
|
||||
DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
|
||||
NOTREACHED();
|
||||
}
|
||||
diff --git a/chrome/browser/safe_browsing/download_protection/binary_upload_service.h b/chrome/browser/safe_browsing/download_protection/binary_upload_service.h
|
||||
index d2dfd83..9b6f395 100644
|
||||
--- a/chrome/browser/safe_browsing/download_protection/binary_upload_service.h
|
||||
+++ b/chrome/browser/safe_browsing/download_protection/binary_upload_service.h
|
||||
@@ -5,6 +5,8 @@
|
||||
#ifndef CHROME_BROWSER_SAFE_BROWSING_DOWNLOAD_PROTECTION_BINARY_UPLOAD_SERVICE_H_
|
||||
#define CHROME_BROWSER_SAFE_BROWSING_DOWNLOAD_PROTECTION_BINARY_UPLOAD_SERVICE_H_
|
||||
|
||||
+#include <memory>
|
||||
+
|
||||
#include "base/callback.h"
|
||||
#include "components/safe_browsing/proto/webprotect.pb.h"
|
||||
|
||||
@@ -40,6 +42,7 @@
|
||||
public:
|
||||
// |callback| will run on the UI thread.
|
||||
explicit Request(Callback callback);
|
||||
+ virtual ~Request() = default;
|
||||
Request(const Request&) = delete;
|
||||
Request& operator=(const Request&) = delete;
|
||||
|
||||
@@ -67,7 +70,7 @@
|
||||
// Upload the given file contents for deep scanning. The results will be
|
||||
// returned asynchronously by calling |request|'s |callback|. This must be
|
||||
// called on the UI thread.
|
||||
- void UploadForDeepScanning(Request request);
|
||||
+ void UploadForDeepScanning(std::unique_ptr<Request> request);
|
||||
};
|
||||
|
||||
} // namespace safe_browsing
|
||||
@ -1,49 +0,0 @@
|
||||
From 27e25336b8316ff3ec4e464058682ed85801fd06 Mon Sep 17 00:00:00 2001
|
||||
From: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
|
||||
Date: Mon, 29 Jul 2019 10:54:28 +0000
|
||||
Subject: [PATCH] Also link against libharfbuzz-subset when use_system_harfbuzz is true
|
||||
|
||||
When building HarfBuzz as part of Chromium, there is a single source set
|
||||
with all the files we need in the build.
|
||||
|
||||
Upstream HarfBuzz, on the other hand, produces a few different libraries:
|
||||
harfbuzz, harfbuzz-icu and harfbuzz-subset. When |use_system_harfbuzz| is
|
||||
true, we were only looking for (and using) harfbuzz.pc with pkg-config even
|
||||
though we also use symbols from libharfbuzz-subset.so. This resulted in
|
||||
errors when linking:
|
||||
|
||||
ld: obj/skia/skia/SkPDFSubsetFont.o: in function `SkPDFSubsetFont(sk_sp<SkData>, SkPDFGlyphUse const&, SkPDF::Metadata::Subsetter, char const*, int)':
|
||||
SkPDFSubsetFont.cpp:(.text._Z15SkPDFSubsetFont5sk_spI6SkDataERK13SkPDFGlyphUseN5SkPDF8Metadata9SubsetterEPKci+0x48a): undefined reference to `hb_subset_input_create_or_fail'
|
||||
ld: SkPDFSubsetFont.cpp:(.text._Z15SkPDFSubsetFont5sk_spI6SkDataERK13SkPDFGlyphUseN5SkPDF8Metadata9SubsetterEPKci+0x4af): undefined reference to `hb_subset_input_glyph_set'
|
||||
ld: SkPDFSubsetFont.cpp:(.text._Z15SkPDFSubsetFont5sk_spI6SkDataERK13SkPDFGlyphUseN5SkPDF8Metadata9SubsetterEPKci+0x5d7): undefined reference to `hb_subset_input_set_retain_gids'
|
||||
ld: SkPDFSubsetFont.cpp:(.text._Z15SkPDFSubsetFont5sk_spI6SkDataERK13SkPDFGlyphUseN5SkPDF8Metadata9SubsetterEPKci+0x5e4): undefined reference to `hb_subset_input_set_drop_hints'
|
||||
ld: SkPDFSubsetFont.cpp:(.text._Z15SkPDFSubsetFont5sk_spI6SkDataERK13SkPDFGlyphUseN5SkPDF8Metadata9SubsetterEPKci+0x5f3): undefined reference to `hb_subset'
|
||||
ld: SkPDFSubsetFont.cpp:(.text._Z15SkPDFSubsetFont5sk_spI6SkDataERK13SkPDFGlyphUseN5SkPDF8Metadata9SubsetterEPKci+0x66f): undefined reference to `hb_subset_input_destroy'
|
||||
|
||||
as reported in
|
||||
https://groups.google.com/a/chromium.org/d/msg/chromium-packagers/UyJsVJ5QqWo/jSv5z7-rEQAJ
|
||||
|
||||
Change-Id: I997af075c7b7263cd7cc71a63db5b0f93bd1ab59
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1715288
|
||||
Auto-Submit: Raphael Kubo da Costa <raphael.kubo.da.costa@intel.com>
|
||||
Commit-Queue: Dominik Röttsches <drott@chromium.org>
|
||||
Reviewed-by: Dominik Röttsches <drott@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/master@{#681760}
|
||||
---
|
||||
|
||||
diff --git a/third_party/harfbuzz-ng/BUILD.gn b/third_party/harfbuzz-ng/BUILD.gn
|
||||
index 37d8e33..72013eb1d 100644
|
||||
--- a/third_party/harfbuzz-ng/BUILD.gn
|
||||
+++ b/third_party/harfbuzz-ng/BUILD.gn
|
||||
@@ -16,7 +16,10 @@
|
||||
"//third_party:freetype_harfbuzz",
|
||||
"//third_party/freetype:freetype_source",
|
||||
]
|
||||
- packages = [ "harfbuzz" ]
|
||||
+ packages = [
|
||||
+ "harfbuzz",
|
||||
+ "harfbuzz-subset",
|
||||
+ ]
|
||||
}
|
||||
} else {
|
||||
config("harfbuzz_config") {
|
||||
@ -1,28 +0,0 @@
|
||||
From 5baf7df7f4c5971dab552897eeef94b194650ce5 Mon Sep 17 00:00:00 2001
|
||||
From: Dave Tapuska <dtapuska@chromium.org>
|
||||
Date: Mon, 12 Aug 2019 22:30:13 +0000
|
||||
Subject: [PATCH] Fix build failure due to missing include for std::numeric_limits usage.
|
||||
|
||||
Some configurations fail to build, limits should have been included.
|
||||
|
||||
BUG=992832
|
||||
|
||||
Change-Id: I894ba0543bfcef101c93259e39a31d12ae6d035c
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1747981
|
||||
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
|
||||
Reviewed-by: Mostyn Bramley-Moore <mostynb@vewd.com>
|
||||
Cr-Commit-Position: refs/heads/master@{#686214}
|
||||
---
|
||||
|
||||
diff --git a/third_party/blink/renderer/platform/exported/web_time_range.cc b/third_party/blink/renderer/platform/exported/web_time_range.cc
|
||||
index 384566a..68d83e1 100644
|
||||
--- a/third_party/blink/renderer/platform/exported/web_time_range.cc
|
||||
+++ b/third_party/blink/renderer/platform/exported/web_time_range.cc
|
||||
@@ -31,6 +31,7 @@
|
||||
#include "third_party/blink/public/platform/web_time_range.h"
|
||||
|
||||
#include <cmath>
|
||||
+#include <limits>
|
||||
|
||||
namespace blink {
|
||||
|
||||
@ -1,25 +0,0 @@
|
||||
From e1bbdec720a333937bd1b990ae0f7ee97db0d3b0 Mon Sep 17 00:00:00 2001
|
||||
From: Your Name <you@example.com>
|
||||
Date: Fri, 28 Jun 2019 15:56:23 +0000
|
||||
Subject: [PATCH] update zlib
|
||||
|
||||
---
|
||||
third_party/perfetto/gn/BUILD.gn | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/third_party/perfetto/gn/BUILD.gn b/third_party/perfetto/gn/BUILD.gn
|
||||
index c951f5f..297eee3 100644
|
||||
--- a/third_party/perfetto/gn/BUILD.gn
|
||||
+++ b/third_party/perfetto/gn/BUILD.gn
|
||||
@@ -200,7 +200,7 @@ group("zlib") {
|
||||
"//buildtools:zlib",
|
||||
]
|
||||
} else if (build_with_chromium) {
|
||||
- public_configs = [ "//third_party/zlib:zlib_config" ]
|
||||
+ public_configs = [ "//third_party/zlib:system_zlib" ]
|
||||
public_deps = [
|
||||
"//third_party/zlib",
|
||||
]
|
||||
--
|
||||
2.21.0
|
||||
|
||||
@ -1,130 +0,0 @@
|
||||
From 74138b9febd37eac0fc26b8efb110014a83a52c6 Mon Sep 17 00:00:00 2001
|
||||
From: Jeremy Roman <jbroman@chromium.org>
|
||||
Date: Wed, 07 Aug 2019 13:26:48 +0000
|
||||
Subject: [PATCH] WTF: Make LinkedHashSet understand values for which memset initialization would be bad.
|
||||
|
||||
Includes a unit test which fails before, and uses this to fix FontCacheKeyTraits.
|
||||
|
||||
Bug: 980025
|
||||
Change-Id: If41f97444c7fd37b9b95d6dadaf3da5689079e9e
|
||||
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1739948
|
||||
Reviewed-by: Kentaro Hara <haraken@chromium.org>
|
||||
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
|
||||
Commit-Queue: Jeremy Roman <jbroman@chromium.org>
|
||||
Cr-Commit-Position: refs/heads/master@{#684731}
|
||||
---
|
||||
|
||||
diff --git a/third_party/blink/renderer/platform/fonts/font_cache_key.h b/third_party/blink/renderer/platform/fonts/font_cache_key.h
|
||||
index 0efc8fb..90063cb 100644
|
||||
--- a/third_party/blink/renderer/platform/fonts/font_cache_key.h
|
||||
+++ b/third_party/blink/renderer/platform/fonts/font_cache_key.h
|
||||
@@ -133,6 +133,10 @@
|
||||
|
||||
struct FontCacheKeyTraits : WTF::SimpleClassHashTraits<FontCacheKey> {
|
||||
STATIC_ONLY(FontCacheKeyTraits);
|
||||
+
|
||||
+ // std::string's empty state need not be zero in all implementations,
|
||||
+ // and it is held within FontFaceCreationParams.
|
||||
+ static const bool kEmptyValueIsZero = false;
|
||||
};
|
||||
|
||||
} // namespace blink
|
||||
diff --git a/third_party/blink/renderer/platform/wtf/linked_hash_set.h b/third_party/blink/renderer/platform/wtf/linked_hash_set.h
|
||||
index b35b6e9..77e524c 100644
|
||||
--- a/third_party/blink/renderer/platform/wtf/linked_hash_set.h
|
||||
+++ b/third_party/blink/renderer/platform/wtf/linked_hash_set.h
|
||||
@@ -146,6 +146,11 @@
|
||||
LinkedHashSetNodeBase* next)
|
||||
: LinkedHashSetNodeBase(prev, next), value_(value) {}
|
||||
|
||||
+ LinkedHashSetNode(ValueArg&& value,
|
||||
+ LinkedHashSetNodeBase* prev,
|
||||
+ LinkedHashSetNodeBase* next)
|
||||
+ : LinkedHashSetNodeBase(prev, next), value_(std::move(value)) {}
|
||||
+
|
||||
LinkedHashSetNode(LinkedHashSetNode&& other)
|
||||
: LinkedHashSetNodeBase(std::move(other)),
|
||||
value_(std::move(other.value_)) {}
|
||||
@@ -445,10 +450,13 @@
|
||||
|
||||
// The slot is empty when the next_ field is zero so it's safe to zero
|
||||
// the backing.
|
||||
- static const bool kEmptyValueIsZero = true;
|
||||
+ static const bool kEmptyValueIsZero = ValueTraits::kEmptyValueIsZero;
|
||||
|
||||
static const bool kHasIsEmptyValueFunction = true;
|
||||
static bool IsEmptyValue(const Node& node) { return !node.next_; }
|
||||
+ static Node EmptyValue() {
|
||||
+ return Node(ValueTraits::EmptyValue(), nullptr, nullptr);
|
||||
+ }
|
||||
|
||||
static const int kDeletedValue = -1;
|
||||
|
||||
diff --git a/third_party/blink/renderer/platform/wtf/list_hash_set_test.cc b/third_party/blink/renderer/platform/wtf/list_hash_set_test.cc
|
||||
index 4c3f899..cd1be00 100644
|
||||
--- a/third_party/blink/renderer/platform/wtf/list_hash_set_test.cc
|
||||
+++ b/third_party/blink/renderer/platform/wtf/list_hash_set_test.cc
|
||||
@@ -487,6 +487,7 @@
|
||||
};
|
||||
|
||||
struct Complicated {
|
||||
+ Complicated() : Complicated(0) {}
|
||||
Complicated(int value) : simple_(value) { objects_constructed_++; }
|
||||
|
||||
Complicated(const Complicated& other) : simple_(other.simple_) {
|
||||
@@ -495,9 +496,6 @@
|
||||
|
||||
Simple simple_;
|
||||
static int objects_constructed_;
|
||||
-
|
||||
- private:
|
||||
- Complicated() = delete;
|
||||
};
|
||||
|
||||
int Complicated::objects_constructed_ = 0;
|
||||
@@ -731,4 +729,45 @@
|
||||
|
||||
} // anonymous namespace
|
||||
|
||||
+// A unit type which objects to its state being initialized wrong.
|
||||
+struct InvalidZeroValue {
|
||||
+ InvalidZeroValue() = default;
|
||||
+ InvalidZeroValue(WTF::HashTableDeletedValueType) : deleted_(true) {}
|
||||
+ ~InvalidZeroValue() { CHECK(ok_); }
|
||||
+ bool IsHashTableDeletedValue() const { return deleted_; }
|
||||
+
|
||||
+ bool ok_ = true;
|
||||
+ bool deleted_ = false;
|
||||
+};
|
||||
+
|
||||
+template <>
|
||||
+struct HashTraits<InvalidZeroValue> : SimpleClassHashTraits<InvalidZeroValue> {
|
||||
+ static const bool kEmptyValueIsZero = false;
|
||||
+};
|
||||
+
|
||||
+template <>
|
||||
+struct DefaultHash<InvalidZeroValue> {
|
||||
+ struct Hash {
|
||||
+ static unsigned GetHash(const InvalidZeroValue&) { return 0; }
|
||||
+ static bool Equal(const InvalidZeroValue&, const InvalidZeroValue&) {
|
||||
+ return true;
|
||||
+ }
|
||||
+ };
|
||||
+};
|
||||
+
|
||||
+template <typename Set>
|
||||
+class ListOrLinkedHashSetInvalidZeroTest : public testing::Test {};
|
||||
+
|
||||
+using InvalidZeroValueSetTypes =
|
||||
+ testing::Types<ListHashSet<InvalidZeroValue>,
|
||||
+ ListHashSet<InvalidZeroValue, 1>,
|
||||
+ LinkedHashSet<InvalidZeroValue>>;
|
||||
+TYPED_TEST_SUITE(ListOrLinkedHashSetInvalidZeroTest, InvalidZeroValueSetTypes);
|
||||
+
|
||||
+TYPED_TEST(ListOrLinkedHashSetInvalidZeroTest, InvalidZeroValue) {
|
||||
+ using Set = TypeParam;
|
||||
+ Set set;
|
||||
+ set.insert(InvalidZeroValue());
|
||||
+}
|
||||
+
|
||||
} // namespace WTF
|
||||
@ -0,0 +1,16 @@
|
||||
diff -up chromium-78.0.3904.70/base/allocator/debugallocation_shim.cc.invalid-pragma chromium-78.0.3904.70/base/allocator/debugallocation_shim.cc
|
||||
--- chromium-78.0.3904.70/base/allocator/debugallocation_shim.cc.invalid-pragma 2019-10-23 10:00:41.361932768 -0400
|
||||
+++ chromium-78.0.3904.70/base/allocator/debugallocation_shim.cc 2019-10-23 10:02:09.778100948 -0400
|
||||
@@ -7,9 +7,10 @@
|
||||
// AFDO can mess with them. Better not to use AFDO there. This is a
|
||||
// temporary hack. We will add a mechanism in the build system to
|
||||
// avoid using -fauto-profile for tcmalloc files.
|
||||
-#if !defined(__clang__) && (defined(OS_CHROMEOS) || __GNUC__ > 5)
|
||||
+#if !defined(__clang__) && \
|
||||
+ (defined(OS_CHROMEOS) || (__GNUC__ > 5 && __GNUC__ < 7))
|
||||
// Note that this option only seems to be available in the chromeos GCC 4.9
|
||||
-// toolchain, and stock GCC 5 and up.
|
||||
+// toolchain, and stock GCC 5 upto 7.
|
||||
#pragma GCC optimize ("no-auto-profile")
|
||||
#endif
|
||||
|
||||
@ -0,0 +1,12 @@
|
||||
diff -up chromium-78.0.3904.70/base/logging.h.constexpr chromium-78.0.3904.70/base/logging.h
|
||||
--- chromium-78.0.3904.70/base/logging.h.constexpr 2019-10-23 10:06:53.434313793 -0400
|
||||
+++ chromium-78.0.3904.70/base/logging.h 2019-10-23 10:07:17.490853038 -0400
|
||||
@@ -530,7 +530,7 @@ BASE_EXPORT extern std::ostream* g_swall
|
||||
class CheckOpResult {
|
||||
public:
|
||||
// |message| must be non-null if and only if the check failed.
|
||||
- CheckOpResult(std::string* message) : message_(message) {}
|
||||
+ constexpr CheckOpResult(std::string* message) : message_(message) {}
|
||||
// Returns true if the check succeeded.
|
||||
operator bool() const { return !message_; }
|
||||
// Returns the message.
|
||||
@ -0,0 +1,24 @@
|
||||
diff -up chromium-78.0.3904.70/third_party/tcmalloc/chromium/src/base/linux_syscall_support.h.gcc9 chromium-78.0.3904.70/third_party/tcmalloc/chromium/src/base/linux_syscall_support.h
|
||||
--- chromium-78.0.3904.70/third_party/tcmalloc/chromium/src/base/linux_syscall_support.h.gcc9 2019-10-23 08:58:16.153251961 -0400
|
||||
+++ chromium-78.0.3904.70/third_party/tcmalloc/chromium/src/base/linux_syscall_support.h 2019-10-23 08:58:36.896862347 -0400
|
||||
@@ -1486,7 +1486,7 @@ struct kernel_stat {
|
||||
"d"(LSS_SYSCALL_ARG(parent_tidptr)),
|
||||
"r"(LSS_SYSCALL_ARG(newtls)),
|
||||
"r"(LSS_SYSCALL_ARG(child_tidptr))
|
||||
- : "rsp", "memory", "r8", "r10", "r11", "rcx");
|
||||
+ : "memory", "r8", "r10", "r11", "rcx");
|
||||
}
|
||||
LSS_RETURN(int, __res);
|
||||
}
|
||||
diff -up chromium-78.0.3904.70/third_party/tcmalloc/vendor/src/base/linux_syscall_support.h.gcc9 chromium-78.0.3904.70/third_party/tcmalloc/vendor/src/base/linux_syscall_support.h
|
||||
--- chromium-78.0.3904.70/third_party/tcmalloc/vendor/src/base/linux_syscall_support.h.gcc9 2019-10-23 08:58:59.623435488 -0400
|
||||
+++ chromium-78.0.3904.70/third_party/tcmalloc/vendor/src/base/linux_syscall_support.h 2019-10-23 08:59:16.113125772 -0400
|
||||
@@ -1485,7 +1485,7 @@ struct kernel_stat {
|
||||
"d"(LSS_SYSCALL_ARG(parent_tidptr)),
|
||||
"r"(LSS_SYSCALL_ARG(newtls)),
|
||||
"r"(LSS_SYSCALL_ARG(child_tidptr))
|
||||
- : "rsp", "memory", "r8", "r10", "r11", "rcx");
|
||||
+ : "memory", "r8", "r10", "r11", "rcx");
|
||||
}
|
||||
LSS_RETURN(int, __res);
|
||||
}
|
||||
@ -0,0 +1,12 @@
|
||||
diff -up chromium-78.0.3904.70/third_party/perfetto/gn/BUILD.gn.unbundle-zlib chromium-78.0.3904.70/third_party/perfetto/gn/BUILD.gn
|
||||
--- chromium-78.0.3904.70/third_party/perfetto/gn/BUILD.gn.unbundle-zlib 2019-10-23 09:25:44.419884187 -0400
|
||||
+++ chromium-78.0.3904.70/third_party/perfetto/gn/BUILD.gn 2019-10-23 09:29:53.553442745 -0400
|
||||
@@ -276,7 +276,7 @@ if (enable_perfetto_trace_processor || e
|
||||
"//buildtools:zlib",
|
||||
]
|
||||
} else {
|
||||
- public_configs = [ "//third_party/zlib:zlib_config" ]
|
||||
+ public_configs = [ "//third_party/zlib:system_zlib" ]
|
||||
public_deps = [
|
||||
"//third_party/zlib",
|
||||
]
|
||||
@ -0,0 +1,11 @@
|
||||
diff -up chromium-78.0.3904.70/net/quic/platform/impl/quic_default_proof_providers_impl.cc.vtable-symbol-undefined chromium-78.0.3904.70/net/quic/platform/impl/quic_default_proof_providers_impl.cc
|
||||
--- chromium-78.0.3904.70/net/quic/platform/impl/quic_default_proof_providers_impl.cc.vtable-symbol-undefined 2019-10-23 09:12:08.754351798 -0400
|
||||
+++ chromium-78.0.3904.70/net/quic/platform/impl/quic_default_proof_providers_impl.cc 2019-10-23 09:19:28.278431430 -0400
|
||||
@@ -18,6 +18,7 @@
|
||||
#include "net/quic/crypto/proof_verifier_chromium.h"
|
||||
#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
|
||||
#include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h"
|
||||
+#include "net/quic/platform/impl/quic_flags_impl.cc"
|
||||
|
||||
DEFINE_QUIC_COMMAND_LINE_FLAG(
|
||||
bool,
|
||||
Loading…
Reference in new issue