* [PR PATCH] chromium: update to 93.0.4577.63.
@ 2021-09-04 12:39 Duncaen
2021-09-04 12:44 ` [PR PATCH] [Updated] " Duncaen
` (10 more replies)
0 siblings, 11 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 12:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 384 bytes --]
There is a new pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 103472 bytes --]
From 4a43a0119a154307ea05b140595a08fc66f0698b Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
.../musl-patches/xxx-ppc64le-support.patch | 12 -
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-narrowing-cast.patch | 42 +
.../patches/remove-strip_binary.patch | 19 +
srcpkgs/chromium/template | 112 +-
20 files changed, 1936 insertions(+), 371 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
index bfa99d88a9b3..9001a2a854d0 100644
--- a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
+++ b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
@@ -1,15 +1,3 @@
---- base/allocator/partition_allocator/partition_alloc_config.h 2021-05-25 00:05:31.000000000 +0200
-+++ - 2021-05-26 22:23:47.172940826 +0200
-@@ -71,7 +71,8 @@
- // REF_COUNT_AT_END_OF_ALLOCATION does. In this case the refcount overlaps with
- // the next pointer shadow for the smallest bucket.
- #if !(defined(OS_MAC) && defined(ARCH_CPU_ARM64)) && \
-- !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION)
-+ !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION) && \
-+ !defined(__powerpc64__)
- #define PA_HAS_FREELIST_HARDENING
- #endif
-
diff --git sandbox/linux/bpf_dsl/seccomp_macros.h sandbox/linux/bpf_dsl/seccomp_macros.h
index a6aec544e..2a4a7f1bc 100644
--- sandbox/linux/bpf_dsl/seccomp_macros.h
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-narrowing-cast.patch b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
new file mode 100644
index 000000000000..8ec448ae38a1
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
@@ -0,0 +1,42 @@
+--- a/base/system/sys_info_posix.cc.orig
++++ b/base/system/sys_info_posix.cc
+@@ -102,8 +102,8 @@
+
+ switch (stats.f_type) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ return true;
+ }
+ return false;
+--- a/base/files/file_util_linux.cc.orig
++++ b/base/files/file_util_linux.cc
+@@ -30,7 +30,7 @@
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case BTRFS_SUPER_MAGIC:
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case 0xFF534D42: // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..fc5d0a8b0ddf
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,19 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -336,16 +336,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..454a04d8c773 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,23 +9,23 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
- libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
+ libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk) elfutils"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
libXcomposite-devel speech-dispatcher-devel libXrandr-devel mit-krb5-devel
@@ -156,71 +156,64 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ "is_debug=$(vopt_if debug true false)"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +221,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +237,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +272,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
@ 2021-09-04 12:44 ` Duncaen
2021-09-04 12:47 ` Duncaen
` (9 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 12:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 103734 bytes --]
From 2ba85f99771ad0adfa9ca29a299ecd087b0efa8d Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
.../musl-patches/xxx-ppc64le-support.patch | 12 -
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-narrowing-cast.patch | 42 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 112 +-
20 files changed, 1949 insertions(+), 371 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
index bfa99d88a9b3..9001a2a854d0 100644
--- a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
+++ b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
@@ -1,15 +1,3 @@
---- base/allocator/partition_allocator/partition_alloc_config.h 2021-05-25 00:05:31.000000000 +0200
-+++ - 2021-05-26 22:23:47.172940826 +0200
-@@ -71,7 +71,8 @@
- // REF_COUNT_AT_END_OF_ALLOCATION does. In this case the refcount overlaps with
- // the next pointer shadow for the smallest bucket.
- #if !(defined(OS_MAC) && defined(ARCH_CPU_ARM64)) && \
-- !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION)
-+ !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION) && \
-+ !defined(__powerpc64__)
- #define PA_HAS_FREELIST_HARDENING
- #endif
-
diff --git sandbox/linux/bpf_dsl/seccomp_macros.h sandbox/linux/bpf_dsl/seccomp_macros.h
index a6aec544e..2a4a7f1bc 100644
--- sandbox/linux/bpf_dsl/seccomp_macros.h
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-narrowing-cast.patch b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
new file mode 100644
index 000000000000..8ec448ae38a1
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
@@ -0,0 +1,42 @@
+--- a/base/system/sys_info_posix.cc.orig
++++ b/base/system/sys_info_posix.cc
+@@ -102,8 +102,8 @@
+
+ switch (stats.f_type) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ return true;
+ }
+ return false;
+--- a/base/files/file_util_linux.cc.orig
++++ b/base/files/file_util_linux.cc
+@@ -30,7 +30,7 @@
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case BTRFS_SUPER_MAGIC:
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case 0xFF534D42: // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..454a04d8c773 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,23 +9,23 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
- libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
+ libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk) elfutils"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
libXcomposite-devel speech-dispatcher-devel libXrandr-devel mit-krb5-devel
@@ -156,71 +156,64 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ "is_debug=$(vopt_if debug true false)"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +221,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +237,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +272,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
2021-09-04 12:44 ` [PR PATCH] [Updated] " Duncaen
@ 2021-09-04 12:47 ` Duncaen
2021-09-04 13:06 ` Duncaen
` (8 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 12:47 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 103569 bytes --]
From 2f404e8eb74671e3467ed82a652e5a192e650210 Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
.../musl-patches/xxx-ppc64le-support.patch | 12 -
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-narrowing-cast.patch | 42 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 110 +-
20 files changed, 1948 insertions(+), 370 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
index bfa99d88a9b3..9001a2a854d0 100644
--- a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
+++ b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
@@ -1,15 +1,3 @@
---- base/allocator/partition_allocator/partition_alloc_config.h 2021-05-25 00:05:31.000000000 +0200
-+++ - 2021-05-26 22:23:47.172940826 +0200
-@@ -71,7 +71,8 @@
- // REF_COUNT_AT_END_OF_ALLOCATION does. In this case the refcount overlaps with
- // the next pointer shadow for the smallest bucket.
- #if !(defined(OS_MAC) && defined(ARCH_CPU_ARM64)) && \
-- !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION)
-+ !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION) && \
-+ !defined(__powerpc64__)
- #define PA_HAS_FREELIST_HARDENING
- #endif
-
diff --git sandbox/linux/bpf_dsl/seccomp_macros.h sandbox/linux/bpf_dsl/seccomp_macros.h
index a6aec544e..2a4a7f1bc 100644
--- sandbox/linux/bpf_dsl/seccomp_macros.h
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-narrowing-cast.patch b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
new file mode 100644
index 000000000000..8ec448ae38a1
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
@@ -0,0 +1,42 @@
+--- a/base/system/sys_info_posix.cc.orig
++++ b/base/system/sys_info_posix.cc
+@@ -102,8 +102,8 @@
+
+ switch (stats.f_type) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ return true;
+ }
+ return false;
+--- a/base/files/file_util_linux.cc.orig
++++ b/base/files/file_util_linux.cc
+@@ -30,7 +30,7 @@
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case BTRFS_SUPER_MAGIC:
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case 0xFF534D42: // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..7dadb9f5ae49 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,22 +9,22 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
@@ -156,71 +156,64 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ "is_debug=$(vopt_if debug true false)"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +221,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +237,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +272,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
2021-09-04 12:44 ` [PR PATCH] [Updated] " Duncaen
2021-09-04 12:47 ` Duncaen
@ 2021-09-04 13:06 ` Duncaen
2021-09-04 13:35 ` Duncaen
` (7 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 13:06 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 102476 bytes --]
From d573198eee5622f97754a9ca90a5591c7ade32ec Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-narrowing-cast.patch | 42 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 110 +-
19 files changed, 1948 insertions(+), 358 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-narrowing-cast.patch b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
new file mode 100644
index 000000000000..8ec448ae38a1
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-narrowing-cast.patch
@@ -0,0 +1,42 @@
+--- a/base/system/sys_info_posix.cc.orig
++++ b/base/system/sys_info_posix.cc
+@@ -102,8 +102,8 @@
+
+ switch (stats.f_type) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ return true;
+ }
+ return false;
+--- a/base/files/file_util_linux.cc.orig
++++ b/base/files/file_util_linux.cc
+@@ -30,7 +30,7 @@
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case BTRFS_SUPER_MAGIC:
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case 0xFF534D42: // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..7dadb9f5ae49 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,22 +9,22 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
@@ -156,71 +156,64 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ "is_debug=$(vopt_if debug true false)"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +221,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +237,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +272,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (2 preceding siblings ...)
2021-09-04 13:06 ` Duncaen
@ 2021-09-04 13:35 ` Duncaen
2021-09-04 13:41 ` Duncaen
` (6 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 13:35 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 102706 bytes --]
From 08c0aedc2985e7c14a5ae9056e753c310d08e301 Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../chromium/patches/fix-narrowing-cast.patch | 42 +
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 110 +-
19 files changed, 1948 insertions(+), 358 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/fix-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/fix-narrowing-cast.patch b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
new file mode 100644
index 000000000000..a4cea314cccc
--- /dev/null
+++ b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
@@ -0,0 +1,42 @@
+--- a/base/system/sys_info_posix.cc.orig
++++ b/base/system/sys_info_posix.cc
+@@ -102,8 +102,8 @@
+
+ switch (stats.f_type) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case static_cast<decltype(stats.f_type)>(HUGETLBFS_MAGIC):
++ case static_cast<decltype(stats.f_type)>(RAMFS_MAGIC):
+ return true;
+ }
+ return false;
+--- a/base/files/file_util_linux.cc.orig
++++ b/base/files/file_util_linux.cc
+@@ -30,7 +30,7 @@
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case static_cast<decltype(statfs_buf.f_type)>(BTRFS_SUPER_MAGIC):
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case static_cast<decltype(statfs_buf.f_type)>(0xFF534D42): // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case static_cast<decltype(statfs_buf.f_type)>(HUGETLBFS_MAGIC):
++ case static_cast<decltype(statfs_buf.f_type)>(RAMFS_MAGIC):
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..7dadb9f5ae49 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,22 +9,22 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
@@ -156,71 +156,64 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ "is_debug=$(vopt_if debug true false)"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +221,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +237,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +272,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (3 preceding siblings ...)
2021-09-04 13:35 ` Duncaen
@ 2021-09-04 13:41 ` Duncaen
2021-09-04 17:01 ` Duncaen
` (5 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 13:41 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 102813 bytes --]
From 73b20b8d6318a8393b15f0b058cc40ba827bda89 Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../chromium/patches/fix-narrowing-cast.patch | 42 +
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 112 +-
19 files changed, 1950 insertions(+), 358 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/fix-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/fix-narrowing-cast.patch b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
new file mode 100644
index 000000000000..a4cea314cccc
--- /dev/null
+++ b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
@@ -0,0 +1,42 @@
+--- a/base/system/sys_info_posix.cc.orig
++++ b/base/system/sys_info_posix.cc
+@@ -102,8 +102,8 @@
+
+ switch (stats.f_type) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case static_cast<decltype(stats.f_type)>(HUGETLBFS_MAGIC):
++ case static_cast<decltype(stats.f_type)>(RAMFS_MAGIC):
+ return true;
+ }
+ return false;
+--- a/base/files/file_util_linux.cc.orig
++++ b/base/files/file_util_linux.cc
+@@ -30,7 +30,7 @@
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case static_cast<decltype(statfs_buf.f_type)>(BTRFS_SUPER_MAGIC):
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case static_cast<decltype(statfs_buf.f_type)>(0xFF534D42): // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case static_cast<decltype(statfs_buf.f_type)>(HUGETLBFS_MAGIC):
++ case static_cast<decltype(statfs_buf.f_type)>(RAMFS_MAGIC):
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..3a585943cc0a 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,22 +9,22 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
@@ -156,71 +156,66 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ # is_debug makes the build a debug build, changes some things.
+ # might be useful for real debugging vs just debug symbols.
+ "is_debug=false"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +223,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +239,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +274,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (4 preceding siblings ...)
2021-09-04 13:41 ` Duncaen
@ 2021-09-04 17:01 ` Duncaen
2021-09-04 20:16 ` Duncaen
` (4 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 17:01 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 102987 bytes --]
From 6752913956d3335eaea4e2ce2b20d69819fe73c8 Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../chromium/patches/fix-narrowing-cast.patch | 53 +
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 112 +-
19 files changed, 1961 insertions(+), 358 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/fix-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/fix-narrowing-cast.patch b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
new file mode 100644
index 000000000000..afd42a1489ae
--- /dev/null
+++ b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
@@ -0,0 +1,53 @@
+--- a/base/files/file_util_linux.cc
++++ b/base/files/file_util_linux.cc
+@@ -23,14 +23,14 @@
+
+ // Not all possible |statfs_buf.f_type| values are in linux/magic.h.
+ // Missing values are copied from the statfs man page.
+- switch (statfs_buf.f_type) {
++ switch (static_cast<uintmax_t>(statfs_buf.f_type)) {
+ case 0:
+ *type = FILE_SYSTEM_0;
+ break;
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case BTRFS_SUPER_MAGIC:
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case 0xFF534D42: // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
+--- a/base/system/sys_info_posix.cc
++++ b/base/system/sys_info_posix.cc
+@@ -100,10 +100,10 @@
+ if (HANDLE_EINTR(statfs(path.value().c_str(), &stats)) != 0)
+ return false;
+
+- switch (stats.f_type) {
++ switch (static_cast<uintmax_t>(stats.f_type)) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ return true;
+ }
+ return false;
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..3a585943cc0a 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,22 +9,22 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
@@ -156,71 +156,66 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ # is_debug makes the build a debug build, changes some things.
+ # might be useful for real debugging vs just debug symbols.
+ "is_debug=false"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +223,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +239,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +274,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Updated] chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (5 preceding siblings ...)
2021-09-04 17:01 ` Duncaen
@ 2021-09-04 20:16 ` Duncaen
2021-09-06 4:28 ` h4xor666
` (3 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-04 20:16 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 389 bytes --]
There is an updated pull request by Duncaen against master on the void-packages repository
https://github.com/Duncaen/void-packages chromium-93
https://github.com/void-linux/void-packages/pull/32831
chromium: update to 93.0.4577.63.
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
A patch file from https://github.com/void-linux/void-packages/pull/32831.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-chromium-93-32831.patch --]
[-- Type: text/x-diff, Size: 104115 bytes --]
From 6612ee5d55d2a764ba5d48dc44dac02b476dd0e8 Mon Sep 17 00:00:00 2001
From: Duncaen <duncaen@voidlinux.org>
Date: Sat, 4 Sep 2021 14:31:16 +0200
Subject: [PATCH] chromium: update to 93.0.4577.63.
---
.../default-pthread-stacksize.patch | 6 +-
.../files/musl-patches/no-mallinfo.patch | 75 +-
.../musl-patches/xxx-ppc64le-support.patch | 8 +-
...e3dfcd0690df0e7b212fedcb95402f16935d.patch | 36 +
...14051210388bfcff605570d33f08cfa7bcaa.patch | 36 +
...c8b484c18c621d4b194635e41f171543f1df.patch | 42 +
...9ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch | 36 +
...5a1051551af26aaefc6fcd33502a51725396.patch | 36 +
.../patches/chromium-88-glibc-2.33.patch | 144 --
.../patches/chromium-93-ffmpeg-4.4.patch | 36 +
.../patches/chromium-93-pdfium-include.patch | 117 ++
.../patches/cursed^Uscoped_file.patch | 18 +
.../patches/fix-crash-in-ThemeService.patch | 45 -
.../chromium/patches/fix-narrowing-cast.patch | 53 +
.../linux-sandbox-fix-fstatat-crash.patch | 1384 +++++++++++++++++
...m-distiller-protoc-plugin-call-py2.7.patch | 37 -
srcpkgs/chromium/patches/no-execinfo.patch | 61 +-
.../patches/remove-llvm13-warning-flags.patch | 13 +
.../patches/remove-strip_binary.patch | 32 +
srcpkgs/chromium/template | 112 +-
20 files changed, 1965 insertions(+), 362 deletions(-)
create mode 100644 srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
create mode 100644 srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
create mode 100644 srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
create mode 100644 srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
create mode 100644 srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
delete mode 100644 srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
create mode 100644 srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
create mode 100644 srcpkgs/chromium/patches/cursed^Uscoped_file.patch
delete mode 100644 srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
create mode 100644 srcpkgs/chromium/patches/fix-narrowing-cast.patch
create mode 100644 srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
delete mode 100644 srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
create mode 100644 srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
create mode 100644 srcpkgs/chromium/patches/remove-strip_binary.patch
diff --git a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
index 16e4d21e6ed8..26884f6cc937 100644
--- a/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
+++ b/srcpkgs/chromium/files/musl-patches/default-pthread-stacksize.patch
@@ -4,9 +4,9 @@
- return 0;
+ // use 8mb like glibc to avoid running out of space
+ return (1 << 23);
---- chrome/app/shutdown_signal_handlers_posix.cc.orig
-+++ chrome/app/shutdown_signal_handlers_posix.cc
-@@ -184,11 +184,19 @@
+--- chrome/browser/shutdown_signal_handlers_posix.cc.orig
++++ chrome/browser/shutdown_signal_handlers_posix.cc
+@@ -187,11 +187,19 @@
g_shutdown_pipe_read_fd = pipefd[0];
g_shutdown_pipe_write_fd = pipefd[1];
#if !defined(ADDRESS_SANITIZER)
diff --git a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
index b0c9832515d0..5fd3dc2b379c 100644
--- a/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
+++ b/srcpkgs/chromium/files/musl-patches/no-mallinfo.patch
@@ -1,33 +1,56 @@
---- base/trace_event/malloc_dump_provider.cc.orig
-+++ base/trace_event/malloc_dump_provider.cc
-@@ -243,7 +243,7 @@
- allocated_objects_count = main_heap_info.block_count;
+--- ./base/trace_event/malloc_dump_provider.cc.orig
++++ ./base/trace_event/malloc_dump_provider.cc
+@@ -212,7 +212,7 @@
+ &allocated_objects_count);
#elif defined(OS_FUCHSIA)
// TODO(fuchsia): Port, see https://crbug.com/706592.
-#else
+#elif defined(__GLIBC__)
- struct mallinfo info = mallinfo();
- DCHECK_GE(info.arena + info.hblkhd, info.uordblks);
+ #if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
+ #if __GLIBC_PREREQ(2, 33)
+ #define MALLINFO2_FOUND_IN_LIBC
+--- ./base/process/process_metrics_posix.cc
++++ ./base/process/process_metrics_posix.cc
+@@ -105,7 +105,7 @@
---- base/process/process_metrics_posix.cc.orig 2020-11-18 23:50:33.958223497 -0500
-+++ base/process/process_metrics_posix.cc 2020-11-18 23:53:52.024589316 -0500
-@@ -119,14 +119,14 @@
+ #endif // !defined(OS_FUCHSIA)
+
+-#if defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#if (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ namespace {
+
+ size_t GetMallocUsageMallinfo() {
+@@ -127,16 +127,16 @@
+ }
+
+ } // namespace
+-#endif // defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
++#endif // (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+
+ size_t ProcessMetrics::GetMallocUsage() {
+ #if defined(OS_APPLE)
malloc_statistics_t stats = {0};
malloc_zone_statistics(nullptr, &stats);
return stats.size_in_use;
-#elif defined(OS_LINUX) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
-+#elif defined(__GLIBC__) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
- struct mallinfo minfo = mallinfo();
- #if BUILDFLAG(USE_TCMALLOC)
- return minfo.uordblks;
- #else
- return minfo.hblkhd + minfo.arena;
- #endif
++#elif (defined(OS_LINUX) && defined(__GLIBC__)) || defined(OS_CHROMEOS) || defined(OS_ANDROID)
+ return GetMallocUsageMallinfo();
-#elif defined(OS_FUCHSIA)
+#else
// TODO(fuchsia): Not currently exposed. https://crbug.com/735087.
return 0;
#endif
+--- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig
++++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc
+@@ -35,7 +35,7 @@
+
+ MemoryUsage GetMemoryUsage() {
+ MemoryUsage result;
+-#ifdef __linux__
++#if defined(__linux__) && defined(__GLIBC__)
+ rusage res;
+ if (getrusage(RUSAGE_SELF, &res) == 0) {
+ result.max_rss_kb = res.ru_maxrss;
--- third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc
+++ third_party/swiftshader/third_party/llvm-subzero/lib/Support/Unix/Process.inc.orig
@@ -84,7 +84,7 @@
@@ -52,23 +75,3 @@
/* Define to 1 if you have the <malloc.h> header file. */
#define HAVE_MALLOC_H 1
---- third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc.orig 2021-04-16 17:34:36.666385207 -0400
-+++ third_party/tflite/src/tensorflow/lite/profiling/memory_info.cc 2021-04-16 17:36:01.197602953 -0400
-@@ -27,7 +27,7 @@
- const int MemoryUsage::kValueNotSet = 0;
-
- bool MemoryUsage::IsSupported() {
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- return true;
- #endif
- return false;
-@@ -35,7 +35,7 @@
-
- MemoryUsage GetMemoryUsage() {
- MemoryUsage result;
--#ifdef __linux__
-+#ifdef defined(__GLIBC__)
- rusage res;
- if (getrusage(RUSAGE_SELF, &res) == 0) {
- result.max_rss_kb = res.ru_maxrss;
diff --git a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
index bfa99d88a9b3..9ea233ba6256 100644
--- a/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
+++ b/srcpkgs/chromium/files/musl-patches/xxx-ppc64le-support.patch
@@ -1,11 +1,11 @@
--- base/allocator/partition_allocator/partition_alloc_config.h 2021-05-25 00:05:31.000000000 +0200
+++ - 2021-05-26 22:23:47.172940826 +0200
-@@ -71,7 +71,8 @@
- // REF_COUNT_AT_END_OF_ALLOCATION does. In this case the refcount overlaps with
+@@ -88,7 +88,8 @@
+ // PUT_REF_COUNT_IN_PREVIOUS_SLOT does. In this case the refcount overlaps with
// the next pointer shadow for the smallest bucket.
#if !(defined(OS_MAC) && defined(ARCH_CPU_ARM64)) && \
-- !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION)
-+ !BUILDFLAG(REF_COUNT_AT_END_OF_ALLOCATION) && \
+- !BUILDFLAG(PUT_REF_COUNT_IN_PREVIOUS_SLOT)
++ !BUILDFLAG(PUT_REF_COUNT_IN_PREVIOUS_SLOT) && \
+ !defined(__powerpc64__)
#define PA_HAS_FREELIST_HARDENING
#endif
diff --git a/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
new file mode 100644
index 000000000000..c43da8dfd8ab
--- /dev/null
+++ b/srcpkgs/chromium/patches/17d0e3dfcd0690df0e7b212fedcb95402f16935d.patch
@@ -0,0 +1,36 @@
+From 17d0e3dfcd0690df0e7b212fedcb95402f16935d Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Fri, 23 Jul 2021 10:17:49 +0000
+Subject: [PATCH] IWYU: missing include for using std::vector in hash password
+ manager.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage:
+../../components/password_manager/core/browser/hash_password_manager.h:44:8: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 44 | std::vector<PasswordHashData> RetrieveAllPasswordHashes();
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I8c8a4ec3972eedb87a312c5ec56adf4a21b1b2a2
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041046
+Commit-Queue: Vasilii Sukhanov <vasilii@chromium.org>
+Reviewed-by: Vasilii Sukhanov <vasilii@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#904696}
+---
+ components/password_manager/core/browser/hash_password_manager.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/components/password_manager/core/browser/hash_password_manager.h b/components/password_manager/core/browser/hash_password_manager.h
+index c762c5a8c7713..85e656edcba11 100644
+--- a/components/password_manager/core/browser/hash_password_manager.h
++++ b/components/password_manager/core/browser/hash_password_manager.h
+@@ -6,6 +6,7 @@
+ #define COMPONENTS_PASSWORD_MANAGER_CORE_BROWSER_HASH_PASSWORD_MANAGER_H_
+
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "base/callback_list.h"
diff --git a/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
new file mode 100644
index 000000000000..8757eb5c36a9
--- /dev/null
+++ b/srcpkgs/chromium/patches/2f5514051210388bfcff605570d33f08cfa7bcaa.patch
@@ -0,0 +1,36 @@
+From 2f5514051210388bfcff605570d33f08cfa7bcaa Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:34:58 +0000
+Subject: [PATCH] IWYU: usage of unique_ptr requires including <memory> in
+ bluetooth low energy scan filter.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build because of missing include:
+../../device/bluetooth/bluetooth_low_energy_scan_filter.h:57:15: error: ‘unique_ptr’ in namespace ‘std’ does not name a template type
+ 57 | static std::unique_ptr<BluetoothLowEnergyScanFilter> Create(
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I347953a083f1bcdf744fd86e1a73954c6f86b32e
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041155
+Reviewed-by: Reilly Grant <reillyg@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903819}
+---
+ device/bluetooth/bluetooth_low_energy_scan_filter.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/device/bluetooth/bluetooth_low_energy_scan_filter.h b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+index a0436c184a967..7ae606cca014e 100644
+--- a/device/bluetooth/bluetooth_low_energy_scan_filter.h
++++ b/device/bluetooth/bluetooth_low_energy_scan_filter.h
+@@ -7,6 +7,7 @@
+
+ #include <stddef.h>
+ #include <stdint.h>
++#include <memory>
+ #include <vector>
+
+ #include "base/time/time.h"
diff --git a/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
new file mode 100644
index 000000000000..babfdb367660
--- /dev/null
+++ b/srcpkgs/chromium/patches/82e2c8b484c18c621d4b194635e41f171543f1df.patch
@@ -0,0 +1,42 @@
+From 82e2c8b484c18c621d4b194635e41f171543f1df Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Tue, 27 Jul 2021 08:09:39 +0000
+Subject: [PATCH] IWYU: usage of std::strcpy requires including cstring, in
+ extension dialog auto confirm.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix build breakage with libstdc++:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In destructor ‘extensions::ScopedTestDialogAutoConfirm::~ScopedTestDialogAutoConfirm()’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:43:8: error: ‘strcpy’ is not a member of ‘std’
+ 43 | std::strcpy(g_extension_dialog_justification, old_justification_.c_str());
+ | ^~~~~~
+ ../../extensions/browser/extension_dialog_auto_confirm.cc: In member function ‘void extensions::ScopedTestDialogAutoConfirm::set_justification(const string&)’:
+ ../../extensions/browser/extension_dialog_auto_confirm.cc:66:8: error: ‘strcpy’ is not a member of ‘std’
+ 66 | std::strcpy(g_extension_dialog_justification, justification.c_str());
+ | ^~~~~~
+
+Bug: 957519
+Change-Id: I313c38f22cab599fb8f0e4a339e8143af5bda3ee
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041001
+Reviewed-by: David Bertoni <dbertoni@chromium.org>
+Reviewed-by: Ben Wells <benwells@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905634}
+---
+ extensions/browser/extension_dialog_auto_confirm.cc | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/browser/extension_dialog_auto_confirm.cc b/extensions/browser/extension_dialog_auto_confirm.cc
+index adb4ac3f92ec8..be8b161bc1658 100644
+--- a/extensions/browser/extension_dialog_auto_confirm.cc
++++ b/extensions/browser/extension_dialog_auto_confirm.cc
+@@ -4,6 +4,7 @@
+
+ #include "extensions/browser/extension_dialog_auto_confirm.h"
+
++#include <cstring>
+ #include <utility>
+
+ #include "base/check.h"
diff --git a/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
new file mode 100644
index 000000000000..e51f76a4b3c0
--- /dev/null
+++ b/srcpkgs/chromium/patches/8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e.patch
@@ -0,0 +1,36 @@
+From 8ae99ee447cf5f0160ea4ae978cdf37f5dcecd1e Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Wed, 21 Jul 2021 08:36:20 +0000
+Subject: [PATCH] IWYU: missing memory include for unique_ptr usage in
+ class_property.h
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage because of missing inclide:
+./../ui/base/class_property.h:120:58: error: ‘std::unique_ptr’ has not been declared
+ 120 | T* SetProperty(const ClassProperty<T*>* property, std::unique_ptr<T> value);
+ | ^~~~~~~~~~
+
+Bug: 819294
+Change-Id: I46b921876702b8d44674689bbb5acdc107db21e5
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041030
+Reviewed-by: Peter Boström <pbos@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#903820}
+---
+ ui/base/class_property.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/ui/base/class_property.h b/ui/base/class_property.h
+index f7b2f559858b7..88b49386ae0ad 100644
+--- a/ui/base/class_property.h
++++ b/ui/base/class_property.h
+@@ -8,6 +8,7 @@
+ #include <stdint.h>
+
+ #include <map>
++#include <memory>
+ #include <set>
+ #include <type_traits>
+
diff --git a/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
new file mode 100644
index 000000000000..bab64a814b2f
--- /dev/null
+++ b/srcpkgs/chromium/patches/9c675a1051551af26aaefc6fcd33502a51725396.patch
@@ -0,0 +1,36 @@
+From 9c675a1051551af26aaefc6fcd33502a51725396 Mon Sep 17 00:00:00 2001
+From: Jose Dapena Paz <jdapena@igalia.com>
+Date: Mon, 26 Jul 2021 17:14:51 +0000
+Subject: [PATCH] IWYU: missing include for std::vector usage in devtools
+ embedded message dispatcher.
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix GCC build breakage:
+ ../../chrome/browser/devtools/devtools_embedder_message_dispatcher.h:116:36: error: ‘vector’ in namespace ‘std’ does not name a template type
+ 116 | const std::vector<base::Value>& params) = 0;
+ | ^~~~~~
+
+Bug: 819294
+Change-Id: I379bf14416c3bfd3c0cdac7bb2542b79781261ec
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3041156
+Reviewed-by: Joe Mason <joenotcharles@chromium.org>
+Commit-Queue: José Dapena Paz <jdapena@igalia.com>
+Cr-Commit-Position: refs/heads/master@{#905300}
+---
+ chrome/browser/devtools/devtools_embedder_message_dispatcher.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+index 12f8500b7811d..4007112f39410 100644
+--- a/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
++++ b/chrome/browser/devtools/devtools_embedder_message_dispatcher.h
+@@ -8,6 +8,7 @@
+ #include <map>
+ #include <memory>
+ #include <string>
++#include <vector>
+
+ #include "base/callback.h"
+ #include "ui/gfx/geometry/insets.h"
diff --git a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch b/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
deleted file mode 100644
index d5228ce7b76a..000000000000
--- a/srcpkgs/chromium/patches/chromium-88-glibc-2.33.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-# Patch made by Kevin Kofler <Kevin@tigcc.ticalc.org>
-# https://bugzilla.redhat.com/show_bug.cgi?id=1904652
-
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
---- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc.fstatfix 2021-01-25 10:11:45.427436398 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 2021-01-25 10:12:51.337699003 -0500
-@@ -257,6 +257,18 @@ ResultExpr EvaluateSyscallImpl(int fs_de
- return RestrictKillTarget(current_pid, sysno);
- }
-
-+#if defined(__NR_newfstatat)
-+ if (sysno == __NR_newfstatat) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
-+#if defined(__NR_fstatat64)
-+ if (sysno == __NR_fstatat64) {
-+ return RewriteFstatatSIGSYS();
-+ }
-+#endif
-+
- if (SyscallSets::IsFileSystem(sysno) ||
- SyscallSets::IsCurrentDirectory(sysno)) {
- return Error(fs_denied_errno);
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc.fstatfix 2021-01-25 10:13:10.179774081 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc 2021-01-25 10:16:18.790525746 -0500
-@@ -6,6 +6,8 @@
-
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
-
-+#include <errno.h>
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -355,6 +357,35 @@ intptr_t SIGSYSSchedHandler(const struct
- return -ENOSYS;
- }
-
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux) {
-+ switch (args.nr) {
-+#if defined(__NR_newfstatat)
-+ case __NR_newfstatat:
-+#endif
-+#if defined(__NR_fstatat64)
-+ case __NR_fstatat64:
-+#endif
-+#if defined(__NR_newfstatat) || defined(__NR_fstatat64)
-+ if (*reinterpret_cast<const char *>(args.args[1]) == '\0'
-+ && args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+ return sandbox::sys_fstat64(static_cast<int>(args.args[0]),
-+ reinterpret_cast<struct stat64 *>(args.args[2]));
-+ } else {
-+ errno = EACCES;
-+ return -1;
-+ }
-+ break;
-+#endif
-+ }
-+
-+ CrashSIGSYS_Handler(args, aux);
-+
-+ // Should never be reached.
-+ RAW_CHECK(false);
-+ return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
- return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +418,10 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS()
- return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
-
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS() {
-+ return bpf_dsl::Trap(SIGSYSFstatatHandler, NULL);
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
- if (seccomp_crash_key)
-diff -up chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
---- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h.fstatfix 2021-01-25 10:16:36.982598236 -0500
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h 2021-01-25 10:18:45.705111027 -0500
-@@ -62,6 +62,10 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFail
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
- void* aux);
-+// If the fstatat syscall is actually a disguised fstat, calls the regular fstat
-+// syscall, otherwise, crashes in the same way as CrashSIGSYS_Handler.
-+SANDBOX_EXPORT intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+ void* aux);
-
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +76,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr Crash
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS();
-
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.cc
---- a/sandbox/linux/services/syscall_wrappers.cc.fstatfix 2021-01-25 10:18:53.307141311 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.cc 2021-01-25 10:19:46.982355293 -0500
-@@ -261,4 +261,13 @@ int sys_sigaction(int signum,
-
- #endif // defined(MEMORY_SANITIZER)
-
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf)
-+{
-+#if defined(__NR_fstat64)
-+ return syscall(__NR_fstat64, fd, buf);
-+#else
-+ return syscall(__NR_fstat, fd, buf);
-+#endif
-+}
-+
- } // namespace sandbox
-diff -up chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h.fstatfix chromium-88.0.4324.96/sandbox/linux/services/syscall_wrappers.h
---- a/sandbox/linux/services/syscall_wrappers.h.fstatfix 2021-01-25 10:19:53.115379741 -0500
-+++ b/sandbox/linux/services/syscall_wrappers.h 2021-01-25 10:20:45.485588421 -0500
-@@ -17,6 +17,7 @@ struct sock_fprog;
- struct rlimit64;
- struct cap_hdr;
- struct cap_data;
-+struct stat64;
-
- namespace sandbox {
-
-@@ -84,6 +85,9 @@ SANDBOX_EXPORT int sys_sigaction(int sig
- const struct sigaction* act,
- struct sigaction* oldact);
-
-+// Recent glibc rewrites fstat to fstatat.
-+SANDBOX_EXPORT int sys_fstat64(int fd, struct stat64 *buf);
-+
- } // namespace sandbox
-
- #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
diff --git a/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
new file mode 100644
index 000000000000..f0ec736f98bc
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-ffmpeg-4.4.patch
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
diff --git a/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
new file mode 100644
index 000000000000..72f2abd3e7a6
--- /dev/null
+++ b/srcpkgs/chromium/patches/chromium-93-pdfium-include.patch
@@ -0,0 +1,117 @@
+From 7a6289c5ace52cf88f0e19caa5f78b7c15d0e7a6 Mon Sep 17 00:00:00 2001
+From: Miklos Vajna <vmiklos@collabora.co.uk>
+Date: Wed, 21 Jul 2021 17:42:30 +0000
+Subject: [PATCH] fxcodec, fxge: fix missing includes with libstdc++
+
+These missing includes break the build with gcc/libstdc++, they were not
+a problem in practice with clang/libc++.
+
+Change-Id: I40013f97ba7ab06f32aa59f87b04aec06a19478c
+Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/83210
+Commit-Queue: Lei Zhang <thestig@chromium.org>
+Reviewed-by: Lei Zhang <thestig@chromium.org>
+---
+
+diff --git a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+index cea0679..036f250 100644
+--- a/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
++++ b/third_party/pdfium/core/fxcodec/jpeg/jpegmodule.cpp
+@@ -7,6 +7,7 @@
+ #include "core/fxcodec/jpeg/jpegmodule.h"
+
+ #include <setjmp.h>
++#include <string.h>
+
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+index c66985a..9c1122b 100644
+--- a/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
++++ b/third_party/pdfium/core/fxcodec/jpx/cjpx_decoder.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxcodec/jpx/cjpx_decoder.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <limits>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+index 5369d52..d198852 100644
+--- a/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
++++ b/third_party/pdfium/core/fxge/cfx_cliprgn.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/cfx_cliprgn.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+index 6f9b420..0f1ffae 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapcomposer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapcomposer.h"
+
++#include <string.h>
++
+ #include "core/fxge/cfx_cliprgn.h"
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+index f57c00e..45a0a18 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_bitmapstorer.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_bitmapstorer.h"
+
++#include <string.h>
++
+ #include <utility>
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+index 4ec0ddb..a1de2fb 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibbase.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibbase.h"
+
++#include <string.h>
++
+ #include <algorithm>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+index d7ccf6c..94e8acc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_dibitmap.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_dibitmap.h"
+
++#include <string.h>
++
+ #include <limits>
+ #include <memory>
+ #include <utility>
+diff --git a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+index e8362d7..c04c6dc 100644
+--- a/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
++++ b/third_party/pdfium/core/fxge/dib/cfx_scanlinecompositor.cpp
+@@ -6,6 +6,8 @@
+
+ #include "core/fxge/dib/cfx_scanlinecompositor.h"
+
++#include <string.h>
++
+ #include <algorithm>
+
+ #include "core/fxge/dib/fx_dib.h"
diff --git a/srcpkgs/chromium/patches/cursed^Uscoped_file.patch b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
new file mode 100644
index 000000000000..2e5433f7abce
--- /dev/null
+++ b/srcpkgs/chromium/patches/cursed^Uscoped_file.patch
@@ -0,0 +1,18 @@
+--- a/base/files/scoped_file_linux.cc.orig
++++ b/base/files/scoped_file_linux.cc
+@@ -77,15 +77,3 @@
+ }
+
+ } // namespace base
+-
+-extern "C" {
+-
+-int __close(int);
+-
+-__attribute__((visibility("default"), noinline)) int close(int fd) {
+- if (base::IsFDOwned(fd) && g_is_ownership_enforced)
+- CrashOnFdOwnershipViolation();
+- return __close(fd);
+-}
+-
+-} // extern "C"
diff --git a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch b/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
deleted file mode 100644
index f2a696a3a735..000000000000
--- a/srcpkgs/chromium/patches/fix-crash-in-ThemeService.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From c2d0133f47afb59b4ce64e42215d1d053f15250a Mon Sep 17 00:00:00 2001
-From: Stephan Hartmann <stha09@googlemail.com>
-Date: Tue, 13 Apr 2021 23:21:42 +0000
-Subject: [PATCH] fix crash in ThemeService
-
-ThemeSyncableService and ThemeService are owned by each other. On
-destruction of ThemeService, ThemeSyncableService gets destructed as
-well, but calls RemoveObserver of partly destructed ThemeService object.
-To avoid already destructed |observers_| list, move it before
-|theme_syncable_service_| definition.
-
-Bug: 1190561
-Change-Id: I4dc2c990d589071d97b7fa737afef54463c84751
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821311
-Commit-Queue: Peter Kasting <pkasting@chromium.org>
-Reviewed-by: Peter Kasting <pkasting@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#872164}
----
- chrome/browser/themes/theme_service.h | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git chrome/browser/themes/theme_service.h chrome/browser/themes/theme_service.h
-index 592d40ae9de0f..337dfac9a040f 100644
---- a/chrome/browser/themes/theme_service.h
-+++ b/chrome/browser/themes/theme_service.h
-@@ -299,6 +299,10 @@ class ThemeService : public KeyedService,
- // The number of infobars currently displayed.
- int number_of_reinstallers_ = 0;
-
-+ // Declared before |theme_syncable_service_|, because ThemeSyncableService
-+ // removes itself from the |observers_| list on destruction.
-+ base::ObserverList<ThemeServiceObserver> observers_;
-+
- std::unique_ptr<ThemeSyncableService> theme_syncable_service_;
-
- #if BUILDFLAG(ENABLE_EXTENSIONS)
-@@ -320,8 +324,6 @@ class ThemeService : public KeyedService,
- ScopedObserver<ui::NativeTheme, ui::NativeThemeObserver>
- native_theme_observer_{this};
-
-- base::ObserverList<ThemeServiceObserver> observers_;
--
- base::WeakPtrFactory<ThemeService> weak_ptr_factory_{this};
-
- DISALLOW_COPY_AND_ASSIGN(ThemeService);
diff --git a/srcpkgs/chromium/patches/fix-narrowing-cast.patch b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
new file mode 100644
index 000000000000..afd42a1489ae
--- /dev/null
+++ b/srcpkgs/chromium/patches/fix-narrowing-cast.patch
@@ -0,0 +1,53 @@
+--- a/base/files/file_util_linux.cc
++++ b/base/files/file_util_linux.cc
+@@ -23,14 +23,14 @@
+
+ // Not all possible |statfs_buf.f_type| values are in linux/magic.h.
+ // Missing values are copied from the statfs man page.
+- switch (statfs_buf.f_type) {
++ switch (static_cast<uintmax_t>(statfs_buf.f_type)) {
+ case 0:
+ *type = FILE_SYSTEM_0;
+ break;
+ case EXT2_SUPER_MAGIC: // Also ext3 and ext4
+ case MSDOS_SUPER_MAGIC:
+ case REISERFS_SUPER_MAGIC:
+- case static_cast<int>(BTRFS_SUPER_MAGIC):
++ case BTRFS_SUPER_MAGIC:
+ case 0x5346544E: // NTFS
+ case 0x58465342: // XFS
+ case 0x3153464A: // JFS
+@@ -40,14 +40,14 @@
+ *type = FILE_SYSTEM_NFS;
+ break;
+ case SMB_SUPER_MAGIC:
+- case static_cast<int>(0xFF534D42): // CIFS
++ case 0xFF534D42: // CIFS
+ *type = FILE_SYSTEM_SMB;
+ break;
+ case CODA_SUPER_MAGIC:
+ *type = FILE_SYSTEM_CODA;
+ break;
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ case TMPFS_MAGIC:
+ *type = FILE_SYSTEM_MEMORY;
+ break;
+--- a/base/system/sys_info_posix.cc
++++ b/base/system/sys_info_posix.cc
+@@ -100,10 +100,10 @@
+ if (HANDLE_EINTR(statfs(path.value().c_str(), &stats)) != 0)
+ return false;
+
+- switch (stats.f_type) {
++ switch (static_cast<uintmax_t>(stats.f_type)) {
+ case TMPFS_MAGIC:
+- case static_cast<int>(HUGETLBFS_MAGIC):
+- case static_cast<int>(RAMFS_MAGIC):
++ case HUGETLBFS_MAGIC:
++ case RAMFS_MAGIC:
+ return true;
+ }
+ return false;
diff --git a/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
new file mode 100644
index 000000000000..4a99f1de2874
--- /dev/null
+++ b/srcpkgs/chromium/patches/linux-sandbox-fix-fstatat-crash.patch
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpdenton@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert: https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvianna@google.com>
+> > > Owners-Override: Victor Vianna <victorvianna@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpdenton@chromium.org>
+> > Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> > Reviewed-by: Robert Sesek <rsesek@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorimoto@chromium.org>
+> Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kinuko@chromium.org>
+> Reviewed-by: Matthew Denton <mpdenton@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
+> Owners-Override: Kinuko Yasuda <kinuko@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rsesek@chromium.org>
+Commit-Queue: Matthew Denton <mpdenton@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bcab2..ccbbc91716e71 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911428..8a941983b198d 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255, glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da34e8..95d1bb6cbbabf 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab14b..76c393032c1fe 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129d4b..3bec18a14e91e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88a6d..b55340e4a26b7 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64() is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8cee..64b9cea80f319 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS b/sandbox/linux/syscall_broker/DEPS
+index c477f7d36394b..149c463b06839 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433899..e24f659fcf872 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2010..26ca78101c71c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df809..1cdc01a888f41 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet& allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb29ec..c65f25a78a999 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb7082ce..f517a9867c5de 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14ac59..8a42397ef872e 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9ce4..1d6653caf3bd2 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the *at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000000..35788eb22a4e5
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd9fa..f18c806611f83 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c5d2..cf6041a4b476a 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4f1f..43b028b1e34ef 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8612..6dc8c0581b43c 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno) const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
diff --git a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch b/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
deleted file mode 100644
index 2a6100f92087..000000000000
--- a/srcpkgs/chromium/patches/make-dom-distiller-protoc-plugin-call-py2.7.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 359b22d3f775afa33cca9e4f8fb57eadd0ec4118 Mon Sep 17 00:00:00 2001
-From: Nico Weber <thakis@chromium.org>
-Date: Fri, 23 Apr 2021 16:22:19 +0000
-Subject: [PATCH] Make dom distiller protoc plugin explicitly call py2.7
-
-With this, chrome builds with when `/usr/bin/env python` is py3.
-
-Bug: 1202134
-Change-Id: Ibbd97a1311ccb34d46f266912c871fd0522f9535
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848445
-Commit-Queue: Nico Weber <thakis@chromium.org>
-Commit-Queue: Yaron Friedman <yfriedman@chromium.org>
-Commit-Queue: Dirk Pranke <dpranke@google.com>
-Auto-Submit: Nico Weber <thakis@chromium.org>
-Reviewed-by: Yaron Friedman <yfriedman@chromium.org>
-Reviewed-by: Dirk Pranke <dpranke@google.com>
-Cr-Commit-Position: refs/heads/master@{#875702}
----
- .../dom_distiller_js/protoc_plugins/json_values_converter.py | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-index e86a88c759fcb..cae1a998c4650 100755
---- a/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-+++ b/third_party/dom_distiller_js/protoc_plugins/json_values_converter.py
-@@ -1,7 +1,10 @@
--#!/usr/bin/env python
-+#!/usr/bin/env python2.7
- # Copyright 2016 The Chromium Authors. All rights reserved.
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
-+#
-+# TODO(crbug.com/1202134): Switch run line back to just "python"
-+# once things are py3-compatible.
-
- """protoc plugin to create C++ reader/writer for JSON-encoded protobufs
-
diff --git a/srcpkgs/chromium/patches/no-execinfo.patch b/srcpkgs/chromium/patches/no-execinfo.patch
index b4241d005562..6e67182b21b6 100644
--- a/srcpkgs/chromium/patches/no-execinfo.patch
+++ b/srcpkgs/chromium/patches/no-execinfo.patch
@@ -1,5 +1,5 @@
---- a/base/debug/stack_trace_posix.cc 2019-05-14 14:49:44.000000000 -0400
-+++ b/base/debug/stack_trace_posix.cc 2019-07-02 10:43:43.490045013 -0400
+--- a/base/debug/stack_trace_posix.cc
++++ b/base/debug/stack_trace_posix.cc
@@ -27,7 +27,7 @@
#if !defined(USE_SYMBOLIZE)
#include <cxxabi.h>
@@ -9,7 +9,7 @@
#include <execinfo.h>
#endif
-@@ -86,7 +86,7 @@
+@@ -89,7 +89,7 @@
// Note: code in this function is NOT async-signal safe (std::string uses
// malloc internally).
@@ -18,16 +18,7 @@
std::string::size_type search_from = 0;
while (search_from < text->size()) {
// Look for the start of a mangled symbol, from search_from.
-@@ -121,7 +121,7 @@
- search_from = mangled_start + 2;
- }
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
- }
- #endif // !defined(USE_SYMBOLIZE)
-
-@@ -133,7 +133,7 @@
+@@ -136,7 +136,7 @@
virtual ~BacktraceOutputHandler() = default;
};
@@ -36,25 +27,16 @@
void OutputPointer(void* pointer, BacktraceOutputHandler* handler) {
// This should be more than enough to store a 64-bit number in hex:
// 16 hex digits + 1 for null-terminator.
-@@ -216,7 +216,7 @@
- }
- #endif // defined(USE_SYMBOLIZE)
- }
--#endif // !defined(__UCLIBC__) && !defined(_AIX)
-+#endif // defined(__GLIBC__) && !defined(_AIX)
-
- void PrintToStderr(const char* output) {
- // NOTE: This code MUST be async-signal safe (it's used by in-process
-@@ -812,7 +812,7 @@
- // NOTE: This code MUST be async-signal safe (it's used by in-process
- // stack dumping signal handler). NO malloc or stdio is allowed here.
-
--#if !defined(__UCLIBC__) && !defined(_AIX)
-+#if defined(__GLIBC__) && !defined(_AIX)
+@@ -839,7 +839,7 @@
+ // If we do not have unwind tables, then try tracing using frame pointers.
+ return base::debug::TraceStackFramePointers(const_cast<const void**>(trace),
+ count, 0);
+-#elif !defined(__UCLIBC__) && !defined(_AIX)
++#elif defined(__GLIBC__) && !defined(_AIX)
// Though the backtrace API man page does not list any possible negative
// return values, we take no chance.
return base::saturated_cast<size_t>(backtrace(trace, count));
-@@ -825,13 +825,13 @@
+@@ -852,13 +852,13 @@
// NOTE: This code MUST be async-signal safe (it's used by in-process
// stack dumping signal handler). NO malloc or stdio is allowed here.
@@ -70,3 +52,24 @@
void StackTrace::OutputToStreamWithPrefix(std::ostream* os,
const char* prefix_string) const {
StreamBacktraceOutputHandler handler(os);
+--- a/v8/src/codegen/external-reference-table.cc.orig
++++ b/v8/src/codegen/external-reference-table.cc
+@@ -11,7 +11,9 @@
+
+ #if defined(DEBUG) && defined(V8_OS_LINUX) && !defined(V8_OS_ANDROID)
+ #define SYMBOLIZE_FUNCTION
++#if defined(__GLIBC__)
+ #include <execinfo.h>
++#endif
+
+ #include <vector>
+
+@@ -96,7 +98,7 @@
+ }
+
+ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
+-#ifdef SYMBOLIZE_FUNCTION
++#if defined(SYMBOLIZE_FUNCTION) && defined(__GLIBC__)
+ char** names = backtrace_symbols(&address, 1);
+ const char* name = names[0];
+ // The array of names is malloc'ed. However, each name string is static
diff --git a/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
new file mode 100644
index 000000000000..d1db7e420154
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-llvm13-warning-flags.patch
@@ -0,0 +1,13 @@
+--- a/build/config/compiler/BUILD.gn.orig
++++ b/build/config/compiler/BUILD.gn
+@@ -1620,10 +1620,6 @@
+
+ # TODO(https://crbug.com/1050281): Clean up, enable.
+ "-Wno-non-c-typedef-for-linkage",
+-
+- # TODO(https://crbug.com/1203071): Clean up and enable.
+- "-Wno-unused-but-set-parameter",
+- "-Wno-unused-but-set-variable",
+ ]
+
+ cflags_c += [
diff --git a/srcpkgs/chromium/patches/remove-strip_binary.patch b/srcpkgs/chromium/patches/remove-strip_binary.patch
new file mode 100644
index 000000000000..8b13c6a056a8
--- /dev/null
+++ b/srcpkgs/chromium/patches/remove-strip_binary.patch
@@ -0,0 +1,32 @@
+--- a/chrome/test/chromedriver/BUILD.gn.orig
++++ b/chrome/test/chromedriver/BUILD.gn
+@@ -308,11 +308,7 @@
+ }
+ }
+
+-if (is_linux) {
+- chromedriver_output = "chromedriver.unstripped"
+-} else {
+- chromedriver_output = "chromedriver"
+-}
++chromedriver_output = "chromedriver"
+
+ executable("$chromedriver_output") {
+ testonly = true
+@@ -336,16 +332,6 @@
+ }
+ }
+
+-if (is_linux) {
+- strip_binary("chromedriver") {
+- testonly = true
+- binary_input = "$root_out_dir/$chromedriver_output"
+- symbol_output = "$root_out_dir/chromedriver.debug"
+- stripped_binary_output = "$root_out_dir/chromedriver"
+- deps = [ ":$chromedriver_output" ]
+- }
+-}
+-
+ python_library("chromedriver_py_tests") {
+ testonly = true
+ deps = [
diff --git a/srcpkgs/chromium/template b/srcpkgs/chromium/template
index 1178b2a9fb2d..3a585943cc0a 100644
--- a/srcpkgs/chromium/template
+++ b/srcpkgs/chromium/template
@@ -1,7 +1,7 @@
# Template file for 'chromium'
pkgname=chromium
-# See http://www.chromium.org/developers/calendar for the latest version
-version=91.0.4472.114
+# See https://chromiumdash.appspot.com/releases?platform=Linux for the latest version
+version=93.0.4577.63
revision=1
archs="i686* x86_64* aarch64* armv7l* ppc64le*"
short_desc="Google's attempt at creating a safer, faster, and more stable browser"
@@ -9,22 +9,22 @@ maintainer="Enno Boland <gottox@voidlinux.org>"
license="BSD-3-Clause"
homepage="https://www.chromium.org/"
distfiles="https://commondatastorage.googleapis.com/chromium-browser-official/${pkgname}-${version}.tar.xz"
-checksum=c1c7fe783f3250978503d4bd53144039bd818de8a6e89de493f27dd5168f7e71
+checksum=eaf34fa6c2f24054655fbb2376b6e3ddee4cf4868c1324c921e71a45cfc94853
nocross=yes
lib32disabled=yes
-nodebug=yes
-nopie=yes # contains tools that are not PIE, enables PIE itself
-build_options="clang js_optimize vaapi pulseaudio sndio pipewire"
+build_options="clang debug js_optimize vaapi pulseaudio sndio pipewire"
+build_options_default="clang js_optimize vaapi pulseaudio sndio pipewire"
desc_option_clang="Use clang to build"
+desc_option_debug="Build with debug symbols"
desc_option_js_optimize="Optimize the JS used for Chromium's UI"
desc_option_vaapi="Enable support for VA-API"
desc_option_pulseaudio="Enable support for PulseAudio"
desc_option_sndio="Enable support for sndio"
desc_option_pipewire="Enable support for screen sharing for WebRTC via PipeWire"
-hostmakedepends="$(vopt_if clang clang) python pkgconf perl gperf bison ninja nodejs hwids
+hostmakedepends="$(vopt_if clang "clang lld") python pkgconf perl gperf bison ninja nodejs hwids
libatomic-devel libevent-devel libglib-devel $(vopt_if js_optimize openjdk)"
makedepends="libpng-devel gtk+-devel gtk+3-devel nss-devel pciutils-devel
libXi-devel libgcrypt-devel libgnome-keyring-devel cups-devel elfutils-devel
@@ -156,71 +156,66 @@ do_configure() {
third_party/libaddressinput/chromium/tools/update-strings.py
- conf+=(
+ conf=(
'enable_nacl=false'
'enable_nacl_nonsfi=false'
- "is_clang=$(vopt_if clang true false)"
- 'is_debug=false'
- 'clang_use_chrome_plugins=false'
+
+ 'use_sysroot=false'
'custom_toolchain="//build/toolchain/linux/unbundle:default"'
'host_toolchain="//build/toolchain/linux/unbundle:default"'
- 'blink_symbol_level=0'
- 'symbol_level=0'
+
+ "is_clang=$(vopt_if clang true false)"
+ "use_lld=$(vopt_if clang true false)"
+ 'clang_use_chrome_plugins=false'
+
+ "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
+ 'use_custom_libcxx=false'
+ 'use_gold=false'
+
+ # is_debug makes the build a debug build, changes some things.
+ # might be useful for real debugging vs just debug symbols.
+ "is_debug=false"
+ "blink_symbol_level=$(vopt_if debug 1 0)"
+ "symbol_level=$(vopt_if debug 1 0)"
+
'icu_use_data_file=true'
+
'use_allocator="none"'
'use_allocator_shim=false'
- 'use_cups=true'
- 'use_sysroot=false'
- 'use_system_harfbuzz=true'
+
'enable_widevine=true'
'enable_hangout_services_extension=true'
- )
- conf+=(
+ 'use_system_harfbuzz=true'
+
+ 'use_cups=true'
+
"use_vaapi=$(vopt_if vaapi true false)"
- )
- # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
- conf+=(
+ # https://chromium.googlesource.com/chromium/src/+/master/docs/closure_compilation.md
"enable_js_type_check=$(vopt_if js_optimize true false)"
- )
- conf+=(
"use_pulseaudio=$(vopt_if pulseaudio true false)"
- )
+ "link_pulseaudio=$(vopt_if pulseaudio true false)"
- conf+=(
"rtc_use_pipewire=$(vopt_if pipewire true false)"
- )
-
- # Use explicit library dependencies instead of dlopen.
- # GN only has "link_pulseaudio", the other options used before are not available atm
- # linux_link_cups=true
- # linux_link_gsettings=true
- # linux_link_libpci=true
- # linux_link_libspeechd=true
- # libspeechd_h_prefix=\"speech-dispatcher/\""
- conf+=( "link_pulseaudio=$(vopt_if pulseaudio true false)" )
- conf+=(
"use_sndio=$(vopt_if sndio true false)"
- )
-
- # Never use bundled binutils/gold binary.
- conf+=(
- "gold_path=\"${XBPS_CROSS_BASE}/usr/bin/ld.gold\""
- 'use_custom_libcxx=false'
- 'use_lld=false'
- )
- # XXX: gold broken with musl, i686, and x86_64 so disable globally
- conf+=( 'use_gold=false' )
-
- # Always support proprietary codecs.
- # Enable H.264 support in bundled ffmpeg.
- conf+=(
+ # Always support proprietary codecs.
+ # Enable H.264 support in bundled ffmpeg.
'proprietary_codecs=true'
'ffmpeg_branding="Chrome"'
+
+ # Make sure that -Werror doesn't get added to CFLAGS by the build system.
+ # Depending on GCC version the warnings are different and we don't want
+ # the build to fail because of that.
+ 'treat_warnings_as_errors=false'
+ 'fatal_linker_warnings=false'
+
+ # Save space by removing DLOG and DCHECK messages (about 6% reduction).
+ # 'logging_like_official_build=true'
+ 'fieldtrial_testing_like_official_build=true'
)
# this does not work on ppc64 yet
@@ -228,18 +223,6 @@ do_configure() {
ppc64*) conf+=( "enable_jxl_decoder=false" );;
esac
- # Make sure that -Werror doesn't get added to CFLAGS by the build system.
- # Depending on GCC version the warnings are different and we don't want
- # the build to fail because of that.
- conf+=(
- 'treat_warnings_as_errors=false'
- 'fatal_linker_warnings=false'
- )
-
- # Save space by removing DLOG and DCHECK messages (about 6% reduction).
- # conf+=" logging_like_official_build=true"
- conf+=( fieldtrial_testing_like_official_build=true )
-
case "${XBPS_TARGET_MACHINE}" in
x86_64*) conf+=( 'target_cpu="x64"' ) ;;
i686*) conf+=( 'target_cpu="x86"' ) ;;
@@ -256,10 +239,11 @@ do_build() {
export CXX=clang++
fi
- ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot
+ ninja -C out/Release ${makejobs} chrome chromedriver mksnapshot crashpad_handler
}
do_install() {
vinstall out/Release/chrome 755 usr/lib/${pkgname} ${pkgname}
+ vinstall out/Release/crashpad_handler 755 usr/lib/${pkgname} crashpad_handler
vinstall out/Release/chromedriver 755 usr/lib/${pkgname} chromedriver
vinstall out/Release/libEGL.so 755 usr/lib/${pkgname} libEGL.so
vinstall out/Release/libGLESv2.so 755 usr/lib/${pkgname} libGLESv2.so
@@ -290,5 +274,5 @@ do_install() {
vbin ${FILESDIR}/chromium.sh chromium
vlicense LICENSE
- ln -s /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
+ ln -sf /usr/lib/chromium/chromedriver ${DESTDIR}/usr/bin/chromedriver
}
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (6 preceding siblings ...)
2021-09-04 20:16 ` Duncaen
@ 2021-09-06 4:28 ` h4xor666
2021-09-06 4:28 ` h4xor666
` (2 subsequent siblings)
10 siblings, 0 replies; 12+ messages in thread
From: h4xor666 @ 2021-09-06 4:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 373 bytes --]
New comment by h4xor666 on void-packages repository
https://github.com/void-linux/void-packages/pull/32831#issuecomment-913330097
Comment:
Hello friend. I compiled Chromium on x86_64 musl, and everything works great. Thank you. Do you know how I could compile it and use it with the setuid binary/sandbox instead of namespaces? I can't seem to do so successfully myself.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (7 preceding siblings ...)
2021-09-06 4:28 ` h4xor666
@ 2021-09-06 4:28 ` h4xor666
2021-09-07 15:18 ` Duncaen
2021-09-07 15:18 ` [PR PATCH] [Closed]: " Duncaen
10 siblings, 0 replies; 12+ messages in thread
From: h4xor666 @ 2021-09-06 4:28 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 376 bytes --]
New comment by h4xor666 on void-packages repository
https://github.com/void-linux/void-packages/pull/32831#issuecomment-913330097
Comment:
Hello @Duncaen . I compiled Chromium on x86_64 musl, and everything works great. Thank you. Do you know how I could compile it and use it with the setuid binary/sandbox instead of namespaces? I can't seem to do so successfully myself.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (8 preceding siblings ...)
2021-09-06 4:28 ` h4xor666
@ 2021-09-07 15:18 ` Duncaen
2021-09-07 15:18 ` [PR PATCH] [Closed]: " Duncaen
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-07 15:18 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 456 bytes --]
New comment by Duncaen on void-packages repository
https://github.com/void-linux/void-packages/pull/32831#issuecomment-914399269
Comment:
Merged as fd93f74c3dd0b591450aa6b8cc6063b969db72b4.
> Do you know how I could compile it and use it with the setuid binary/sandbox instead of namespaces? I can't seem to do so successfully myself.
No, I guess the executable needs to be added to the ninja command. But afaik the setuid sandbox is unmaintained.
^ permalink raw reply [flat|nested] 12+ messages in thread
* Re: [PR PATCH] [Closed]: chromium: update to 93.0.4577.63.
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
` (9 preceding siblings ...)
2021-09-07 15:18 ` Duncaen
@ 2021-09-07 15:18 ` Duncaen
10 siblings, 0 replies; 12+ messages in thread
From: Duncaen @ 2021-09-07 15:18 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 229 bytes --]
There's a closed pull request on the void-packages repository
chromium: update to 93.0.4577.63.
https://github.com/void-linux/void-packages/pull/32831
Description:
[ci skip]
- [x] x86_64-glibc
- [x] x86_64-musl
- [ ] i686
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2021-09-07 15:18 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-04 12:39 [PR PATCH] chromium: update to 93.0.4577.63 Duncaen
2021-09-04 12:44 ` [PR PATCH] [Updated] " Duncaen
2021-09-04 12:47 ` Duncaen
2021-09-04 13:06 ` Duncaen
2021-09-04 13:35 ` Duncaen
2021-09-04 13:41 ` Duncaen
2021-09-04 17:01 ` Duncaen
2021-09-04 20:16 ` Duncaen
2021-09-06 4:28 ` h4xor666
2021-09-06 4:28 ` h4xor666
2021-09-07 15:18 ` Duncaen
2021-09-07 15:18 ` [PR PATCH] [Closed]: " Duncaen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).