diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD index ddc815e..c7f9d46 100644 --- a/trunk/PKGBUILD +++ b/trunk/PKGBUILD @@ -9,11 +9,12 @@ pkgdesc='Build cross platform desktop apps with web technologies' arch=('x86_64') url='https://electronjs.org/' license=('MIT' 'custom') -depends=('c-ares' 'ffmpeg' 'gtk3' 'http-parser' 'libevent' 'libnghttp2' - 'libxslt' 'minizip' 'nss' 're2' 'snappy') -makedepends=('clang' 'git' 'gn-m87' 'gperf' 'harfbuzz-icu' 'java-runtime-headless' - 'jsoncpp' 'libnotify' 'lld' 'llvm' 'ninja' 'npm' 'pciutils' 'yarn' - 'python2' 'wget') +depends=('c-ares' 'ffmpeg' 'gtk3' 'libevent' 'libxslt' 'minizip' 'nss' 're2' + 'snappy') +makedepends=('clang' 'git' 'gn-m87' 'gperf' 'harfbuzz-icu' 'http-parser' + 'java-runtime-headless' 'jsoncpp' 'libnotify' 'lld' 'llvm' 'ninja' + 'npm' 'pciutils' 'python2' 'python-httplib2' 'python-pyparsing' + 'python-six' 'wget' 'yarn') optdepends=('kde-cli-tools: file deletion support (kioclient5)' 'libappindicator-gtk3: StatusNotifierItem support' 'trash-cli: file deletion support (trash-put)' @@ -24,6 +25,10 @@ source=('git+https://github.com/electron/electron.git' "${pkgname}.desktop" 'default_app-icon.patch' 'use-system-libraries-in-node.patch' + 'electron-glibc-clone3-support.patch' + 'sandbox-build-if-glibc-2.34-dynamic-stack-size-is-en.patch' + 'breakpad-fix-for-non-constant-SIGSTKSZ.patch' + 'electron-abseil-glibc-2.34-build-fix.patch' 'icu68.patch' 'v8-icu68.patch' 'v8-call-new-ListFormatter-createInstance.patch' @@ -43,6 +48,10 @@ sha256sums=('SKIP' '9e3a2329e7226ff25541f80f541e7a06548193f1c9650a64ccf98dcc75fda7b3' 'dd2d248831dd4944d385ebf008426e66efe61d6fdf66f8932c963a12167947b4' '0c54e488780e984c4be5879fa43d0e6fd23edc2207a7ec607c7886fca5115a12' + 'c89934a5e7c394e3c7cb3a05bb24088f17db2c47ec4b4f065384562b411efa7b' + 'f910be9370c880de6e1d61cc30383c069e421d7acf406166e4fbfad324fc7d61' + 'b4d28867c1fabde6c50a2cfa3f784730446c4d86e5191e0f0000fbf7b0f91ecf' + 'ed22fb98b3cedc697303462cf22bf45564379426dfe436e81151e3c6d55e5d8c' '38fb5218331d6e03915490dab64f7b8bf26833a581d1aaa02090437c67e9439c' '6e919c9712d8fe6c2918778df1f8c2ee0675a87a48be5d2aaa54e320703ced4b' '44ebcff050a1c849819d66399c14bd711801d0eb64f518d292d3d6efedce3b3a' @@ -55,8 +64,7 @@ sha256sums=('SKIP' '771292942c0901092a402cc60ee883877a99fb804cb54d568c8c6c94565a48e1' 'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150' '4f32b815349357ef1f17b36059cee588c994472b9754a194fff41ec21a93826b' - '6aa5b18ae8fcc9c5bacf28dc5cb8bd06f04574087c951ec3bc3ae795a2cd696c' - ) + '6aa5b18ae8fcc9c5bacf28dc5cb8bd06f04574087c951ec3bc3ae795a2cd696c') _system_libs=('ffmpeg' 'flac' @@ -101,7 +109,7 @@ prepare() { }, ]" > .gclient - python2 "${srcdir}/depot_tools/gclient.py" sync \ + python3 "${srcdir}/depot_tools/gclient.py" sync \ --with_branch_heads \ --with_tags \ --nohooks @@ -109,7 +117,7 @@ prepare() { sed -e "s/'am'/'apply'/" -i src/electron/script/lib/git.py echo "Running hooks..." - # python2 "${srcdir}/depot_tools/gclient.py" runhooks + # python3 "${srcdir}/depot_tools/gclient.py" runhooks python2 src/build/landmines.py python2 src/build/util/lastchange.py -o src/build/util/LASTCHANGE python2 src/build/util/lastchange.py -m GPU_LISTS_VERSION \ @@ -143,6 +151,10 @@ prepare() { cd .. echo "Applying local patches..." + patch -Np1 -i ../electron-glibc-clone3-support.patch + patch -Np1 -i ../sandbox-build-if-glibc-2.34-dynamic-stack-size-is-en.patch + patch -Np1 -d third_party/breakpad/breakpad <../breakpad-fix-for-non-constant-SIGSTKSZ.patch + patch -Np1 -d third_party/abseil-cpp <../electron-abseil-glibc-2.34-build-fix.patch patch -Np1 -i ../ffmpeg5.patch # Patches to build with ffmpeg 4.4; remove when ffmpeg 5.0 moves to stable @@ -224,7 +236,7 @@ build() { ninja -C out/Release electron # Strip before zip to avoid # zipfile.LargeZipFile: Filesize would require ZIP64 extensions - strip -s out/Release/electron +# strip -s out/Release/electron ninja -C out/Release electron_dist_zip # ninja -C out/Release third_party/electron_node:headers } diff --git a/trunk/breakpad-fix-for-non-constant-SIGSTKSZ.patch b/trunk/breakpad-fix-for-non-constant-SIGSTKSZ.patch new file mode 100644 index 0000000..1bb1216 --- /dev/null +++ b/trunk/breakpad-fix-for-non-constant-SIGSTKSZ.patch @@ -0,0 +1,35 @@ +From 605c51ed96ad44b34c457bbca320e74e194c317e Mon Sep 17 00:00:00 2001 +From: David Faure +Date: Wed, 15 Dec 2021 22:26:40 +0100 +Subject: [PATCH] Fix for non-constant SIGSTKSZ + +On glibc > 2.33, `SIGSTKSZ` might not be constant (in which case +it expands to a call to `sysconf` which returns a `long int`); see +https://sourceware.org/pipermail/libc-alpha/2020-October/118513.html + +Pass unsigned explicitly to std::max, to avoid relying on template +argument deduction. This works both with the old-style constant +`SIGSTKSZ` and the new configurable one. + +Initially based on https://chromium-review.googlesource.com/c/2776379 + +Change-Id: I9fc95337f973e871b84735ce822b5e11ba73ea8c +Reviewed-on: https://chromium-review.googlesource.com/c/breakpad/breakpad/+/3340721 +Reviewed-by: Mark Mentovai +--- + src/client/linux/handler/exception_handler.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/client/linux/handler/exception_handler.cc b/src/client/linux/handler/exception_handler.cc +index ca353c40..499be0a9 100644 +--- a/src/client/linux/handler/exception_handler.cc ++++ b/src/client/linux/handler/exception_handler.cc +@@ -138,7 +138,7 @@ void InstallAlternateStackLocked() { + // SIGSTKSZ may be too small to prevent the signal handlers from overrunning + // the alternative stack. Ensure that the size of the alternative stack is + // large enough. +- static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ); ++ const unsigned kSigStackSize = std::max(16384, SIGSTKSZ); + + // Only set an alternative stack if there isn't already one, or if the current + // one is too small. diff --git a/trunk/electron-abseil-glibc-2.34-build-fix.patch b/trunk/electron-abseil-glibc-2.34-build-fix.patch new file mode 100644 index 0000000..7f697a8 --- /dev/null +++ b/trunk/electron-abseil-glibc-2.34-build-fix.patch @@ -0,0 +1,31 @@ +From a9831f1cbf93fb18dd951453635f488037454ce9 Mon Sep 17 00:00:00 2001 +From: Abseil Team +Date: Mon, 3 May 2021 07:37:39 -0700 +Subject: [PATCH] Export of internal Abseil changes + +-- +cf88f9cf40eab54c06bca7f20795352ec23bb583 by Derek Mauro : + +Fixes build with latest glibc +Fixes #952 + +PiperOrigin-RevId: 371693908 + +--- + absl/debugging/failure_signal_handler.cc | 3 ++- + 1 file changed, 2 insertions(+), 1 deletions(-) + +diff --git a/absl/debugging/failure_signal_handler.cc b/absl/debugging/failure_signal_handler.cc +index e458a795e..689e5979e 100644 +--- a/absl/debugging/failure_signal_handler.cc ++++ b/absl/debugging/failure_signal_handler.cc +@@ -136,7 +136,8 @@ static bool SetupAlternateStackOnce() { + #else + const size_t page_mask = sysconf(_SC_PAGESIZE) - 1; + #endif +- size_t stack_size = (std::max(SIGSTKSZ, 65536) + page_mask) & ~page_mask; ++ size_t stack_size = ++ (std::max(SIGSTKSZ, 65536) + page_mask) & ~page_mask; + #if defined(ABSL_HAVE_ADDRESS_SANITIZER) || \ + defined(ABSL_HAVE_MEMORY_SANITIZER) || defined(ABSL_HAVE_THREAD_SANITIZER) + // Account for sanitizer instrumentation requiring additional stack space. diff --git a/trunk/electron-glibc-clone3-support.patch b/trunk/electron-glibc-clone3-support.patch new file mode 100644 index 0000000..69728e6 --- /dev/null +++ b/trunk/electron-glibc-clone3-support.patch @@ -0,0 +1,439 @@ +diff --git a/sandbox/linux/system_headers/arm64_linux_syscalls.h b/sandbox/linux/system_headers/arm64_linux_syscalls.h +index a242c18c84..ab86b36353 100644 +--- a/sandbox/linux/system_headers/arm64_linux_syscalls.h ++++ b/sandbox/linux/system_headers/arm64_linux_syscalls.h +@@ -1119,4 +1119,100 @@ + #define __NR_rseq 293 + #endif + ++#if !defined(__NR_kexec_file_load) ++#define __NR_kexec_file_load 294 ++#endif ++ ++#if !defined(__NR_pidfd_send_signal) ++#define __NR_pidfd_send_signal 424 ++#endif ++ ++#if !defined(__NR_io_uring_setup) ++#define __NR_io_uring_setup 425 ++#endif ++ ++#if !defined(__NR_io_uring_enter) ++#define __NR_io_uring_enter 426 ++#endif ++ ++#if !defined(__NR_io_uring_register) ++#define __NR_io_uring_register 427 ++#endif ++ ++#if !defined(__NR_open_tree) ++#define __NR_open_tree 428 ++#endif ++ ++#if !defined(__NR_move_mount) ++#define __NR_move_mount 429 ++#endif ++ ++#if !defined(__NR_fsopen) ++#define __NR_fsopen 430 ++#endif ++ ++#if !defined(__NR_fsconfig) ++#define __NR_fsconfig 431 ++#endif ++ ++#if !defined(__NR_fsmount) ++#define __NR_fsmount 432 ++#endif ++ ++#if !defined(__NR_fspick) ++#define __NR_fspick 433 ++#endif ++ ++#if !defined(__NR_pidfd_open) ++#define __NR_pidfd_open 434 ++#endif ++ ++#if !defined(__NR_clone3) ++#define __NR_clone3 435 ++#endif ++ ++#if !defined(__NR_close_range) ++#define __NR_close_range 436 ++#endif ++ ++#if !defined(__NR_openat2) ++#define __NR_openat2 437 ++#endif ++ ++#if !defined(__NR_pidfd_getfd) ++#define __NR_pidfd_getfd 438 ++#endif ++ ++#if !defined(__NR_faccessat2) ++#define __NR_faccessat2 439 ++#endif ++ ++#if !defined(__NR_process_madvise) ++#define __NR_process_madvise 440 ++#endif ++ ++#if !defined(__NR_epoll_pwait2) ++#define __NR_epoll_pwait2 441 ++#endif ++ ++#if !defined(__NR_mount_setattr) ++#define __NR_mount_setattr 442 ++#endif ++ ++#if !defined(__NR_quotactl_path) ++#define __NR_quotactl_path 443 ++#endif ++ ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset 444 ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule 445 ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self 446 ++#endif ++ + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_ARM64_LINUX_SYSCALLS_H_ +diff --git a/sandbox/linux/system_headers/arm_linux_syscalls.h b/sandbox/linux/system_headers/arm_linux_syscalls.h +index 85e2110b4c..26f6af05c7 100644 +--- a/sandbox/linux/system_headers/arm_linux_syscalls.h ++++ b/sandbox/linux/system_headers/arm_linux_syscalls.h +@@ -1441,6 +1441,18 @@ + #define __NR_io_pgetevents (__NR_SYSCALL_BASE+399) + #endif + ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset (__NR_SYSCALL_BASE + 444) ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule (__NR_SYSCALL_BASE + 445) ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self (__NR_SYSCALL_BASE + 446) ++#endif ++ + // ARM private syscalls. + #if !defined(__ARM_NR_BASE) + #define __ARM_NR_BASE (__NR_SYSCALL_BASE + 0xF0000) +diff --git a/sandbox/linux/system_headers/mips64_linux_syscalls.h b/sandbox/linux/system_headers/mips64_linux_syscalls.h +index ec75815a84..ae7cb48f57 100644 +--- a/sandbox/linux/system_headers/mips64_linux_syscalls.h ++++ b/sandbox/linux/system_headers/mips64_linux_syscalls.h +@@ -1271,4 +1271,148 @@ + #define __NR_memfd_create (__NR_Linux + 314) + #endif + ++#if !defined(__NR_bpf) ++#define __NR_bpf (__NR_Linux + 315) ++#endif ++ ++#if !defined(__NR_execveat) ++#define __NR_execveat (__NR_Linux + 316) ++#endif ++ ++#if !defined(__NR_userfaultfd) ++#define __NR_userfaultfd (__NR_Linux + 317) ++#endif ++ ++#if !defined(__NR_membarrier) ++#define __NR_membarrier (__NR_Linux + 318) ++#endif ++ ++#if !defined(__NR_mlock2) ++#define __NR_mlock2 (__NR_Linux + 319) ++#endif ++ ++#if !defined(__NR_copy_file_range) ++#define __NR_copy_file_range (__NR_Linux + 320) ++#endif ++ ++#if !defined(__NR_preadv2) ++#define __NR_preadv2 (__NR_Linux + 321) ++#endif ++ ++#if !defined(__NR_pwritev2) ++#define __NR_pwritev2 (__NR_Linux + 322) ++#endif ++ ++#if !defined(__NR_pkey_mprotect) ++#define __NR_pkey_mprotect (__NR_Linux + 323) ++#endif ++ ++#if !defined(__NR_pkey_alloc) ++#define __NR_pkey_alloc (__NR_Linux + 324) ++#endif ++ ++#if !defined(__NR_pkey_free) ++#define __NR_pkey_free (__NR_Linux + 325) ++#endif ++ ++#if !defined(__NR_statx) ++#define __NR_statx (__NR_Linux + 326) ++#endif ++ ++#if !defined(__NR_rseq) ++#define __NR_rseq (__NR_Linux + 327) ++#endif ++ ++#if !defined(__NR_io_pgetevents) ++#define __NR_io_pgetevents (__NR_Linux + 328) ++#endif ++ ++#if !defined(__NR_pidfd_send_signal) ++#define __NR_pidfd_send_signal (__NR_Linux + 424) ++#endif ++ ++#if !defined(__NR_io_uring_setup) ++#define __NR_io_uring_setup (__NR_Linux + 425) ++#endif ++ ++#if !defined(__NR_io_uring_enter) ++#define __NR_io_uring_enter (__NR_Linux + 426) ++#endif ++ ++#if !defined(__NR_io_uring_register) ++#define __NR_io_uring_register (__NR_Linux + 427) ++#endif ++ ++#if !defined(__NR_open_tree) ++#define __NR_open_tree (__NR_Linux + 428) ++#endif ++ ++#if !defined(__NR_move_mount) ++#define __NR_move_mount (__NR_Linux + 429) ++#endif ++ ++#if !defined(__NR_fsopen) ++#define __NR_fsopen (__NR_Linux + 430) ++#endif ++ ++#if !defined(__NR_fsconfig) ++#define __NR_fsconfig (__NR_Linux + 431) ++#endif ++ ++#if !defined(__NR_fsmount) ++#define __NR_fsmount (__NR_Linux + 432) ++#endif ++ ++#if !defined(__NR_fspick) ++#define __NR_fspick (__NR_Linux + 433) ++#endif ++ ++#if !defined(__NR_pidfd_open) ++#define __NR_pidfd_open (__NR_Linux + 434) ++#endif ++ ++#if !defined(__NR_clone3) ++#define __NR_clone3 (__NR_Linux + 435) ++#endif ++ ++#if !defined(__NR_close_range) ++#define __NR_close_range (__NR_Linux + 436) ++#endif ++ ++#if !defined(__NR_openat2) ++#define __NR_openat2 (__NR_Linux + 437) ++#endif ++ ++#if !defined(__NR_pidfd_getfd) ++#define __NR_pidfd_getfd (__NR_Linux + 438) ++#endif ++ ++#if !defined(__NR_faccessat2) ++#define __NR_faccessat2 (__NR_Linux + 439) ++#endif ++ ++#if !defined(__NR_process_madvise) ++#define __NR_process_madvise (__NR_Linux + 440) ++#endif ++ ++#if !defined(__NR_epoll_pwait2) ++#define __NR_epoll_pwait2 (__NR_Linux + 441) ++#endif ++ ++#if !defined(__NR_mount_setattr) ++#define __NR_mount_setattr (__NR_Linux + 442) ++#endif ++ ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset (__NR_Linux + 444) ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule (__NR_Linux + 445) ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self (__NR_Linux + 446) ++#endif ++ + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS64_LINUX_SYSCALLS_H_ +diff --git a/sandbox/linux/system_headers/mips_linux_syscalls.h b/sandbox/linux/system_headers/mips_linux_syscalls.h +index ddbf97f3d8..3cb2a19c85 100644 +--- a/sandbox/linux/system_headers/mips_linux_syscalls.h ++++ b/sandbox/linux/system_headers/mips_linux_syscalls.h +@@ -1433,4 +1433,16 @@ + #define __NR_memfd_create (__NR_Linux + 354) + #endif + ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset (__NR_Linux + 444) ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule (__NR_Linux + 445) ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self (__NR_Linux + 446) ++#endif ++ + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_MIPS_LINUX_SYSCALLS_H_ +diff --git a/sandbox/linux/system_headers/x86_32_linux_syscalls.h b/sandbox/linux/system_headers/x86_32_linux_syscalls.h +index 7613c9bbcd..ad931156ed 100644 +--- a/sandbox/linux/system_headers/x86_32_linux_syscalls.h ++++ b/sandbox/linux/system_headers/x86_32_linux_syscalls.h +@@ -1710,5 +1710,17 @@ + #define __NR_clone3 435 + #endif + ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset 444 ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule 445 ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self 446 ++#endif ++ + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_32_LINUX_SYSCALLS_H_ + +diff --git a/sandbox/linux/system_headers/x86_64_linux_syscalls.h b/sandbox/linux/system_headers/x86_64_linux_syscalls.h +index b0ae0a2edf..e618c6237b 100644 +--- a/sandbox/linux/system_headers/x86_64_linux_syscalls.h ++++ b/sandbox/linux/system_headers/x86_64_linux_syscalls.h +@@ -1350,5 +1350,93 @@ + #define __NR_rseq 334 + #endif + ++#if !defined(__NR_pidfd_send_signal) ++#define __NR_pidfd_send_signal 424 ++#endif ++ ++#if !defined(__NR_io_uring_setup) ++#define __NR_io_uring_setup 425 ++#endif ++ ++#if !defined(__NR_io_uring_enter) ++#define __NR_io_uring_enter 426 ++#endif ++ ++#if !defined(__NR_io_uring_register) ++#define __NR_io_uring_register 427 ++#endif ++ ++#if !defined(__NR_open_tree) ++#define __NR_open_tree 428 ++#endif ++ ++#if !defined(__NR_move_mount) ++#define __NR_move_mount 429 ++#endif ++ ++#if !defined(__NR_fsopen) ++#define __NR_fsopen 430 ++#endif ++ ++#if !defined(__NR_fsconfig) ++#define __NR_fsconfig 431 ++#endif ++ ++#if !defined(__NR_fsmount) ++#define __NR_fsmount 432 ++#endif ++ ++#if !defined(__NR_fspick) ++#define __NR_fspick 433 ++#endif ++ ++#if !defined(__NR_pidfd_open) ++#define __NR_pidfd_open 434 ++#endif ++ ++#if !defined(__NR_clone3) ++#define __NR_clone3 435 ++#endif ++ ++#if !defined(__NR_close_range) ++#define __NR_close_range 436 ++#endif ++ ++#if !defined(__NR_openat2) ++#define __NR_openat2 437 ++#endif ++ ++#if !defined(__NR_pidfd_getfd) ++#define __NR_pidfd_getfd 438 ++#endif ++ ++#if !defined(__NR_faccessat2) ++#define __NR_faccessat2 439 ++#endif ++ ++#if !defined(__NR_process_madvise) ++#define __NR_process_madvise 440 ++#endif ++ ++#if !defined(__NR_epoll_pwait2) ++#define __NR_epoll_pwait2 441 ++#endif ++ ++#if !defined(__NR_mount_setattr) ++#define __NR_mount_setattr 442 ++#endif ++ ++#if !defined(__NR_landlock_create_ruleset) ++#define __NR_landlock_create_ruleset 444 ++#endif ++ ++#if !defined(__NR_landlock_add_rule) ++#define __NR_landlock_add_rule 445 ++#endif ++ ++#if !defined(__NR_landlock_restrict_self) ++#define __NR_landlock_restrict_self 446 ++#endif ++ + #endif // SANDBOX_LINUX_SYSTEM_HEADERS_X86_64_LINUX_SYSCALLS_H_ + +diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +index 215516b0da..6f49241faa 100644 +--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc ++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +@@ -165,6 +165,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, + return RestrictCloneToThreadsAndEPERMFork(); + } + ++ // clone3 takes a pointer argument which we cannot examine, so return ENOSYS ++ // to force the libc to use clone. See https://crbug.com/1213452. ++ if (sysno == __NR_clone3) { ++ return Error(ENOSYS); ++ } ++ + if (sysno == __NR_fcntl) + return RestrictFcntlCommands(); + diff --git a/trunk/sandbox-build-if-glibc-2.34-dynamic-stack-size-is-en.patch b/trunk/sandbox-build-if-glibc-2.34-dynamic-stack-size-is-en.patch new file mode 100644 index 0000000..2b4391f --- /dev/null +++ b/trunk/sandbox-build-if-glibc-2.34-dynamic-stack-size-is-en.patch @@ -0,0 +1,39 @@ +From 28ac6a15411d01301e171b8a8b0019abd57589b9 Mon Sep 17 00:00:00 2001 +From: Stephan Hartmann +Date: Mon, 7 Feb 2022 20:09:57 +0000 +Subject: [PATCH] sandbox: build if glibc 2.34+ dynamic stack size is enabled +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Compilation of sandbox fails when using dynamic stack size in glibc +2.34 or newer. This is because the value is not a literal anymore but +obtained through sysconf. + +To avoid this, use memset to put zeros in the buffer. + +Change-Id: Ia479e0f799b77a10a00197aaaa0500e62546f458 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3436947 +Reviewed-by: Jorge Lucangeli Obes +Commit-Queue: José Dapena Paz +Cr-Commit-Position: refs/heads/main@{#967943} +--- + sandbox/linux/services/credentials.cc | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/sandbox/linux/services/credentials.cc b/sandbox/linux/services/credentials.cc +index ca6b5954798..c933eafd163 100644 +--- a/sandbox/linux/services/credentials.cc ++++ b/sandbox/linux/services/credentials.cc +@@ -100,7 +100,10 @@ bool ChrootToSafeEmptyDir() { + // TODO(crbug.com/1247458) Broken in MSan builds after LLVM f1bb30a4956f. + clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS; + +- char tls_buf[PTHREAD_STACK_MIN] = {0}; ++ // PTHREAD_STACK_MIN can be dynamic in glibc2.34+, so it is not possible to ++ // zeroify tls_buf assigning { 0 } ++ char tls_buf[PTHREAD_STACK_MIN]; ++ memset(tls_buf, 0, PTHREAD_STACK_MIN); + tls = tls_buf; + #endif +