www-client/chromium: beta channel bump to 90.0.4430.70

Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Stephan Hartmann <sultan@gentoo.org>

3 files changed, 155 insertions, 4 deletions

diff --git a/www-client/chromium/Manifest b/www-client/chromium/Manifest
index 72334096ea26..dd4f2d01e1ef 100644
--- a/www-client/chromium/Manifest
+++ b/www-client/chromium/Manifest
@@ -1,7 +1,7 @@
 DIST chromium-89-patchset-7.tar.xz 4640 BLAKE2B 6150f92a4cb83025b7521c573e9a14bfcb26f7a5ff4ebe79cfc819b214ae05d0e986b9db561a99b4f9c7b4a8e4adf1c8ee966011bb0791ef11fc2be89b03b216 SHA512 6ef5be9e56b82c70d3d1a0596e74af3bab97ea82a8247b6d0ba736411779be10b17c7cd9ccd9eae5fac27af3907fd3b56e301e73011f58b2c4052bbc03390b1c
 DIST chromium-89.0.4389.114.tar.xz 890898912 BLAKE2B b9590f83eb54fc1b524a7893f8ce0317cb5648aae84853b8958f2a0f65ae2f8331e65732322f4956fb5bc58ef3691755ae66ed901567e2b5a9749a99fc6096c4 SHA512 5b8d92ecde3ab35847dc4981caa12434334f81fc576e8809c5832a18989b6d1465ae8c43f0ad0ea8a3da7a5876c52679c57ec8323109de2b81ac467419fa1a4c
-DIST chromium-90-patchset-6.tar.xz 3828 BLAKE2B bbd1378868cf4d699ff097ea41226ff694d58468f8f93860f2d6cc60924f35fb1f0b17fcf5a916f04545171d1219b699072222f138240fd483c704874cfce178 SHA512 70321eb4e9fe27818d5e6ae3109d3871a870a7fb6886328dcc9fc8291ac72fc003d678aec7f9925afe0c5667c70ce9bca8f61434b11a331fc1a29d61ad7b59e3
-DIST chromium-90.0.4430.61.tar.xz 917389704 BLAKE2B 58f79e1b7365d22d9f8fa0deb52dab3f5e027f18f5bda926e733035b5f2e5c7af07265806f5a88f5d5fb556164dd7221a6546f3b6c8dd013048e17f4202dd18a SHA512 9e029d08e396b85b9a3cbc67910ba47b67ecb8acaf607844cbeddb18907b3b8f15444034487c6258f253eb84835d21fccee4d654fbc5b815cc03b8be032eccac
+DIST chromium-90-patchset-7.tar.xz 3892 BLAKE2B 3ba169baaaf74b548749be3f845f505256cc9573f798e10929b5d1f0f534d739e657e3fa134c78ec3f7987a3b89adfc4bee0d1a6585ad8fe4bdc3ffd1181042c SHA512 5e1aa834ee5668ee40fc3af5cda7325da710dd1a0dea7ce535e89e36fd7d321db63d520a9b6ce6372ed941473dff18d1276316567af810c18e1478a04d3f23f8
+DIST chromium-90.0.4430.70.tar.xz 917490588 BLAKE2B 335bd7cca22b691dce110ca838c71abc8971423be1f74709f2f95dbd6c5c9cfb79dca9391ceb11e2571ef0ce66e727bcaadef044923d2df7720873db71e48e72 SHA512 c75bd3b0078d90aa28d0542c845fbae1ac7a478ca70386ad74f98f4541186e3d5f5ceafd4f447ee541dfff2cc4cb5bec9be5d8d510cb52fcf2d188c3fc666311
 DIST chromium-91-patchset-4.tar.xz 3188 BLAKE2B 34d64f4124cb5c020d7d20c883c3409f710b96d5412f8881936e86d78ed034c1d70bd16f9324c5af21f735c3c5f98b4b4cd28cbd7f86f9513df2a5f1ff404772 SHA512 79c1640a7248d628c31fdbf3df296aa888e80f3c90cc6a74be56ac1389d9748b7cce88641e626cd4a5ae298e82fb325a8604fda68378706f0f26a2570e8983a2
 DIST chromium-91.0.4469.4.tar.xz 949712784 BLAKE2B 99453196fb9f2336afffb03affcf7441a1ee5f8c9ce50c76888783b8520f2490299e5fc3448c7f61c270c175e48e55a1f947f8cfdf0053a02513676d9ed8daeb SHA512 413452da449198713e6d10f05b937f95a6c0ffb11b2408dc9ced1048af6f7a406af07f8112fe39f73482723802ff25e51ce0085c598d03dba207a5658385871d
 DIST setuptools-44.1.0.zip 858569 BLAKE2B f59f154e121502a731e51294ccd293d60ffccadacf51e23b53bf7ceba38858948b86783238061136c827ac3373ea7ea8e6253d4bb53f3f1dd69284568ec65a68 SHA512 4dfb0f42d334b835758e865a26ecd1e725711fa2b9c38ddc273b8b3849fba04527bc97436d11ba1e98f1a42922aa0f0b9032e32998273c705fac6e10735eacbf
diff --git a/www-client/chromium/chromium-90.0.4430.61.ebuild b/www-client/chromium/chromium-90.0.4430.70.ebuild
index 10be8d7a2e61..341730c15b55 100644
--- a/www-client/chromium/chromium-90.0.4430.61.ebuild
+++ b/www-client/chromium/chromium-90.0.4430.70.ebuild
@@ -13,7 +13,7 @@ inherit check-reqs chromium-2 desktop flag-o-matic multilib ninja-utils pax-util
 
 DESCRIPTION="Open-source version of Google Chrome web browser"
 HOMEPAGE="https://chromium.org/"
-PATCHSET="6"
+PATCHSET="7"
 PATCHSET_NAME="chromium-$(ver_cut 1)-patchset-${PATCHSET}"
 SRC_URI="https://commondatastorage.googleapis.com/chromium-browser-official/${P}.tar.xz
 	https://files.pythonhosted.org/packages/ed/7b/bbf89ca71e722b7f9464ebffe4b5ee20a9e5c9a555a56e2d3914bb9119a6/setuptools-44.1.0.zip
@@ -70,7 +70,6 @@ COMMON_DEPEND="
 	)
 	sys-apps/dbus:=
 	sys-apps/pciutils:=
-	<sys-libs/glibc-2.33
 	virtual/udev
 	x11-libs/cairo:=
 	x11-libs/gdk-pixbuf:2
@@ -237,6 +236,17 @@ src_prepare() {
 		"${FILESDIR}/chromium-shim_headers.patch"
 	)
 
+	# seccomp sandbox is broken if compiled against >=sys-libs/glibc-2.33, bug #769989
+	if has_version -d ">=sys-libs/glibc-2.33"; then
+		ewarn "Adding experimental glibc-2.33 sandbox patch. Seccomp sandbox might"
+		ewarn "still not work correctly. In case of issues, try to disable seccomp"
+		ewarn "sandbox by adding --disable-seccomp-filter-sandbox to CHROMIUM_FLAGS"
+		ewarn "in /etc/chromium/default."
+		PATCHES+=(
+			"${FILESDIR}/chromium-glibc-2.33.patch"
+		)
+	fi
+
 	default
 
 	mkdir -p third_party/node/linux/node-linux-x64/bin || die
diff --git a/www-client/chromium/files/chromium-glibc-2.33.patch b/www-client/chromium/files/chromium-glibc-2.33.patch
new file mode 100644
index 000000000000..26e8003968d1
--- /dev/null
+++ b/www-client/chromium/files/chromium-glibc-2.33.patch
@@ -0,0 +1,141 @@
+diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+--- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix	2021-01-25 10:11:45.427436398 -0500
++++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc	2021-01-25 10:12:51.337699003 -0500
+@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
+     return RestrictKillTarget(current_pid, sysno);
+   }
+ 
++#if defined(__NR_newfstatat)
++  if (sysno == __NR_newfstatat) {
++    return RewriteFstatatSIGSYS();
++  }
++#endif
++
++#if defined(__NR_fstatat64)
++  if (sysno == __NR_fstatat64) {
++    return RewriteFstatatSIGSYS();
++  }
++#endif
++
+   if (SyscallSets::IsFileSystem(sysno) ||
+       SyscallSets::IsCurrentDirectory(sysno)) {
+     return Error(fs_denied_errno);
+diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+--- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix	2021-01-25 10:13:10.179774081 -0500
++++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc	2021-01-25 10:16:18.790525746 -0500
+@@ -6,6 +6,8 @@
+ 
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+ 
++#include <errno.h>
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
+   return -ENOSYS;
+ }
+ 
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++                              void* aux) {
++  switch (args.nr) {
++#if defined(__NR_newfstatat)
++    case __NR_newfstatat:
++#endif
++#if defined(__NR_fstatat64)
++    case __NR_fstatat64:
++#endif
++#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
++      if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
++          && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
++        return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
++                                    reinterpret_cast<struct stat64 *>(args.args[2]));
++      } else {
++        errno = EACCES;
++        return -1;
++      }
++      break;
++#endif
++  }
++
++  CrashSIGSYS_Handler(args, aux);
++
++  // Should never be reached.
++  RAW_CHECK(false);
++  return -ENOSYS;
++}
++
+ bpf_dsl::ResultExpr CrashSIGSYS() {
+   return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
+ }
+@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
+   return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+ }
+ 
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
++  return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
++}
++
+ void AllocateCrashKeys() {
+ #if !defined(OS_NACL_NONSFI)
+   if (seccomp_crash_key)
+diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+--- chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix	2021-01-25 10:16:36.982598236 -0500
++++ chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h	2021-01-25 10:18:45.705111027 -0500
+@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
+ // sched_setparam(), sched_setscheduler()
+ SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
+                                            void* aux);
++// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
++// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
++SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args, 
++                                             void* aux);
+ 
+ // Variants of the above functions for use with bpf_dsl.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
+@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
+ 
+ // Allocates a crash key so that Seccomp information can be recorded.
+ void AllocateCrashKeys();
+diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
+--- chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix	2021-01-25 10:18:53.307141311 -0500
++++ chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc	2021-01-25 10:19:46.982355293 -0500
+@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
+ 
+ #endif  // defined(MEMORY_SANITIZER)
+ 
++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
++{
++#if defined(__NR_fstat64)
++    return syscall(__NR_fstat64, fd, buf);
++#else
++    return syscall(__NR_fstat, fd, buf);
++#endif
++}
++
+ }  // namespace sandbox
+diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
+--- chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix	2021-01-25 10:19:53.115379741 -0500
++++ chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h	2021-01-25 10:20:45.485588421 -0500
+@@ -17,6 +17,7 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct stat64;
+ 
+ namespace sandbox {
+ 
+@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
+                                  const struct sigaction* act,
+                                  struct sigaction* oldact);
+ 
++// Recent glibc rewrites fstat to fstatat.
++SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
++
+ }  // namespace sandbox
+ 
+ #endif  // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_