Date: Monday, November 22, 2021 @ 02:55:25
Author: felixonmars
Revision: 1054202
archrelease: copy trunk to community-staging-x86_64
Added:
electron14/repos/community-staging-x86_64/
electron14/repos/community-staging-x86_64/PKGBUILD
(from rev 1054201, electron14/trunk/PKGBUILD)
electron14/repos/community-staging-x86_64/chromium-93-ffmpeg-4.4.patch
(from rev 1054201, electron14/trunk/chromium-93-ffmpeg-4.4.patch)
electron14/repos/community-staging-x86_64/chromium-harfbuzz-3.0.0.patch
(from rev 1054201, electron14/trunk/chromium-harfbuzz-3.0.0.patch)
electron14/repos/community-staging-x86_64/default_app-icon.patch
(from rev 1054201, electron14/trunk/default_app-icon.patch)
electron14/repos/community-staging-x86_64/electron-launcher.sh
(from rev 1054201, electron14/trunk/electron-launcher.sh)
electron14/repos/community-staging-x86_64/electron.desktop
(from rev 1054201, electron14/trunk/electron.desktop)
electron14/repos/community-staging-x86_64/gn-visibility-gmock.patch
(from rev 1054201, electron14/trunk/gn-visibility-gmock.patch)
electron14/repos/community-staging-x86_64/gn-visibility-mojo.patch
(from rev 1054201, electron14/trunk/gn-visibility-mojo.patch)
electron14/repos/community-staging-x86_64/gn-visibility-webrtc.patch
(from rev 1054201, electron14/trunk/gn-visibility-webrtc.patch)
electron14/repos/community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch
(from rev 1054201, electron14/trunk/linux-sandbox-fix-fstatat-crash.patch)
electron14/repos/community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
(from rev 1054201,
electron14/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch)
electron14/repos/community-staging-x86_64/replace-blacklist-with-ignorelist.patch
(from rev 1054201, electron14/trunk/replace-blacklist-with-ignorelist.patch)
electron14/repos/community-staging-x86_64/skia-harfbuzz-3.0.0.patch
(from rev 1054201, electron14/trunk/skia-harfbuzz-3.0.0.patch)
electron14/repos/community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
(from rev 1054201,
electron14/trunk/sql-make-VirtualCursor-standard-layout-type.patch)
electron14/repos/community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch
(from rev 1054201,
electron14/trunk/unbundle-fix-visibility-of-build-config-freetype.patch)
electron14/repos/community-staging-x86_64/use-system-libraries-in-node.patch
(from rev 1054201, electron14/trunk/use-system-libraries-in-node.patch)
-----------------------------------------------------------+
PKGBUILD | 276 ++
chromium-93-ffmpeg-4.4.patch | 36
chromium-harfbuzz-3.0.0.patch | 20
default_app-icon.patch | 21
electron-launcher.sh | 20
electron.desktop | 7
gn-visibility-gmock.patch | 43
gn-visibility-mojo.patch | 36
gn-visibility-webrtc.patch | 45
linux-sandbox-fix-fstatat-crash.patch | 348 +++
linux-sandbox-syscall-broker-use-struct-kernel_stat.patch | 1384 ++++++++++++
replace-blacklist-with-ignorelist.patch | 196 +
skia-harfbuzz-3.0.0.patch | 100
sql-make-VirtualCursor-standard-layout-type.patch | 238 ++
unbundle-fix-visibility-of-build-config-freetype.patch | 31
use-system-libraries-in-node.patch | 52
16 files changed, 2853 insertions(+)
Copied: electron14/repos/community-staging-x86_64/PKGBUILD (from rev 1054201,
electron14/trunk/PKGBUILD)
===================================================================
--- community-staging-x86_64/PKGBUILD (rev 0)
+++ community-staging-x86_64/PKGBUILD 2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,276 @@
+# Maintainer: Nicola Squartini <tens...@gmail.com>
+
+_use_suffix=1
+pkgver=14.2.0
+_commit=c2b3c974e07a9743ab758cb98db323dceddd6903
+_chromiumver=93.0.4577.82
+_gcc_patchset=6
+# shellcheck disable=SC2034
+pkgrel=2
+
+_major_ver=${pkgver%%.*}
+if [[ ${_use_suffix} != 0 ]]; then
+ pkgname="electron${_major_ver}"
+else
+ pkgname=electron
+fi
+# shellcheck disable=SC2034
+pkgdesc='Build cross platform desktop apps with web technologies'
+# shellcheck disable=SC2034
+arch=('x86_64')
+# shellcheck disable=SC2034
+url='https://electronjs.org/'
+# shellcheck disable=SC2034
+license=('MIT' 'custom')
+# shellcheck disable=SC2034
+depends=('c-ares' 'ffmpeg' 'gtk3' 'libevent' 'libxslt' 'minizip' 'nss' 're2'
+ 'snappy')
+# shellcheck disable=SC2034
+makedepends=('clang' 'git' 'gn' 'gperf' 'harfbuzz-icu' 'http-parser'
+ 'java-runtime-headless' 'jsoncpp' 'libnotify' 'lld' 'llvm' 'ninja'
+ 'npm' 'pciutils' 'pipewire' 'python' 'wget' 'yarn')
+# shellcheck disable=SC2034
+optdepends=('kde-cli-tools: file deletion support (kioclient5)'
+ 'libappindicator-gtk3: StatusNotifierItem support'
+ 'pipewire: WebRTC desktop sharing under Wayland'
+ 'trash-cli: file deletion support (trash-put)'
+ "xdg-utils: open URLs with desktop's default (xdg-email,
xdg-open)")
+if [[ ${_use_suffix} == 0 ]]; then
+ # shellcheck disable=SC2034
+ conflicts=("electron${_major_ver}")
+ # shellcheck disable=SC2034
+ provides=("electron${_major_ver}")
+fi
+# shellcheck disable=SC2034
+source=('git+https://github.com/electron/electron.git'
+
'git+https://chromium.googlesource.com/chromium/tools/depot_tools.git#branch=main'
+
"https://github.com/stha09/chromium-patches/releases/download/chromium-${_chromiumver%%.*}-patchset-${_gcc_patchset}/chromium-${_chromiumver%%.*}-patchset-${_gcc_patchset}.tar.xz";
+ "electron-launcher.sh"
+ "electron.desktop"
+ 'default_app-icon.patch'
+ 'use-system-libraries-in-node.patch'
+ 'linux-sandbox-syscall-broker-use-struct-kernel_stat.patch'
+ 'linux-sandbox-fix-fstatat-crash.patch'
+ 'unbundle-fix-visibility-of-build-config-freetype.patch'
+ 'gn-visibility-gmock.patch'
+ 'gn-visibility-mojo.patch'
+ 'gn-visibility-webrtc.patch'
+ 'replace-blacklist-with-ignorelist.patch'
+ 'sql-make-VirtualCursor-standard-layout-type.patch'
+ 'chromium-93-ffmpeg-4.4.patch'
+ 'chromium-harfbuzz-3.0.0.patch'
+ 'skia-harfbuzz-3.0.0.patch'
+ )
+# shellcheck disable=SC2034
+sha256sums=('SKIP'
+ 'SKIP'
+ 'a44ffd9e25fcbd8b3cc778871890e4da6fe12600ad549c807e1d03f61f0cdf73'
+ '3953f532a3ea5fce19ee33600c6ead89dcd066df6a01d3c3ab4c24f96e46fca2'
+ '4484200d90b76830b69eea3a471c103999a3ce86bb2c29e6c14c945bf4102bae'
+ '75bac9c4ad32ff9329399b8587f9772e208c009fd822cdfce61b2bd1ee9ac828'
+ '7cb11fb44aaf4d15f36caca3c0d1b082a723c30d43cd44db147248db5683a2a9'
+ '268e18ad56e5970157b51ec9fc8eb58ba93e313ea1e49c842a1ed0820d9c1fa3'
+ '253348550d54b8ae317fd250f772f506d2bae49fb5dc75fe15d872ea3d0e04a5'
+ 'd0b17162211dd49e3a58c16d1697e7d8c322dcfd3b7890f0c2f920b711f52293'
+ 'b9934e01d8f39beafc8b63784fb86e6befe25ca83e9c43224c8374e5a025d8ef'
+ 'cca2d224cf2e9d7cfb4f5729ca76b5b8a7100b1ca39892b41fb296adaced1bf7'
+ '574785a21168c3e9b7aa82630713ceb6ced12f699133db66b10fc84b7bb2c631'
+ 'd3344ba39b8c6ed202334ba7f441c70d81ddf8cdb15af1aa8c16e9a3a75fbb35'
+ 'dd317f85e5abfdcfc89c6f23f4c8edbcdebdd5e083dcec770e5da49ee647d150'
+ '1a9e074f417f8ffd78bcd6874d8e2e74a239905bf662f76a7755fa40dc476b57'
+ '7ce947944a139e66774dfc7249bf7c3069f07f83a0f1b2c1a1b14287a7e15928'
+ 'dae11dec5088eb1b14045d8c9862801a342609c15701d7c371e1caccf46e1ffd'
+ )
+
+_system_libs=('ffmpeg'
+ 'flac'
+ 'fontconfig'
+ 'freetype'
+ 'harfbuzz-ng'
+ 'icu'
+ 'libdrm'
+ 'libevent'
+ 'libjpeg'
+ 'libpng'
+# 'libvpx'
+ 'libwebp'
+ 'libxml'
+ 'libxslt'
+# 'openh264'
+ 'opus'
+ 're2'
+ 'snappy'
+ 'zlib'
+ )
+
+prepare() {
+ sed -i "s|@ELECTRON@|${pkgname}|" electron-launcher.sh
+ sed -i "s|@ELECTRON@|${pkgname}|" electron.desktop
+ if [[ ${_use_suffix} != 0 ]]; then
+ sed -i "s|@ELECTRON_NAME@|Electron ${_major_ver}|" electron.desktop
+ else
+ sed -i "s|@ELECTRON_NAME@|Electron|" electron.desktop
+ fi
+
+ export PATH="${PATH}:${srcdir:?}/depot_tools"
+
+ echo "Fetching chromium..."
+ git clone --branch=${_chromiumver} --depth=1 \
+ https://chromium.googlesource.com/chromium/src.git
+
+ echo "solutions = [
+ {
+ \"name\": \"src/electron\",
+ \"url\": \"file://${srcdir}/electron@${_commit}\",
+ \"deps_file\": \"DEPS\",
+ \"managed\": False,
+ \"custom_deps\": {
+ \"src\": None,
+ },
+ \"custom_vars\": {},
+ },
+]" > .gclient
+
+ python "${srcdir}/depot_tools/gclient.py" sync \
+ --with_branch_heads \
+ --with_tags \
+ --nohooks
+
+ echo "Running hooks..."
+ # python "${srcdir}/depot_tools/gclient.py" runhooks
+ src/build/landmines.py
+ src/build/util/lastchange.py -o src/build/util/LASTCHANGE
+ src/build/util/lastchange.py -m GPU_LISTS_VERSION \
+ --revision-id-only --header src/gpu/config/gpu_lists_version.h
+ src/build/util/lastchange.py -m SKIA_COMMIT_HASH \
+ -s src/third_party/skia --header src/skia/ext/skia_commit_hash.h
+ # Create sysmlink to system clang-format
+ ln -s /usr/bin/clang-format src/buildtools/linux64
+ # Create sysmlink to system Node.js
+ mkdir -p src/third_party/node/linux/node-linux-x64/bin
+ ln -sf /usr/bin/node src/third_party/node/linux/node-linux-x64/bin
+ src/third_party/depot_tools/download_from_google_storage.py \
+ --no_resume --extract --no_auth --bucket chromium-nodejs \
+ -s src/third_party/node/node_modules.tar.gz.sha1
+ vpython src/tools/download_optimization_profile.py \
+ --newest_state=src/chrome/android/profiles/newest.txt \
+ --local_state=src/chrome/android/profiles/local.txt \
+ --output_name=src/chrome/android/profiles/afdo.prof \
+ --gs_url_base=chromeos-prebuilt/afdo-job/llvm
+ #vpython src/tools/update_pgo_profiles.py \
+ # --target=linux \
+ # update \
+ # --gs-url-base=chromium-optimization-profiles/pgo_profiles
+ src/electron/script/apply_all_patches.py \
+ src/electron/patches/config.json
+ cd src/electron || exit
+ yarn install --frozen-lockfile
+ cd ..
+
+ echo "Applying local patches..."
+ # Fixes for building with libstdc++ instead of libc++
+ patch -Np1 -i ../patches/chromium-93-pdfium-include.patch
+ patch -Np1 -i ../patches/chromium-90-ruy-include.patch
+ patch -Np1 -i ../patches/chromium-93-HashPasswordManager-include.patch
+ patch -Np1 -i
../patches/chromium-93-BluetoothLowEnergyScanFilter-include.patch
+ patch -Np1 -i ../patches/chromium-93-ClassProperty-include.patch
+ patch -Np1 -i
../patches/chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
+ patch -Np1 -i
../patches/chromium-93-ScopedTestDialogAutoConfirm-include.patch
+
+ patch -Np1 -i ../chromium-93-ffmpeg-4.4.patch
+ patch -Np1 -i ../chromium-harfbuzz-3.0.0.patch
+ patch -Np1 -d third_party/skia <../skia-harfbuzz-3.0.0.patch
+ patch -Np1 -i ../linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
+ patch -Np1 -i ../linux-sandbox-fix-fstatat-crash.patch
+ patch -Np1 -i ../unbundle-fix-visibility-of-build-config-freetype.patch
+ patch -Np1 -i ../gn-visibility-gmock.patch
+ patch -Np1 -i ../gn-visibility-mojo.patch
+ patch -Np1 -i ../gn-visibility-webrtc.patch
+ patch -Rp1 -i ../replace-blacklist-with-ignorelist.patch
+ patch -Np1 -i ../sql-make-VirtualCursor-standard-layout-type.patch
+ patch -Np1 -i ../use-system-libraries-in-node.patch
+ patch -Np1 -i ../default_app-icon.patch # Icon from .desktop file
+
+ echo "Patching Chromium for using system libraries..."
+ sed -i 's/OFFICIAL_BUILD/GOOGLE_CHROME_BUILD/' \
+ tools/generate_shim_headers/generate_shim_headers.py
+ for lib in $(printf "%s\n" "${_system_libs[@]}" | sed
's/^libjpeg$/&_turbo/'); do
+ third_party_dir="third_party/${lib}"
+ if [ ! -d "${third_party_dir}" ]; then
+ third_party_dir="base/${third_party_dir}"
+ fi
+ find "${third_party_dir}" -type f \
+ \! -path "${third_party_dir}/chromium/*" \
+ \! -path "${third_party_dir}/google/*" \
+ \! -path 'third_party/harfbuzz-ng/utils/hb_scoped.h' \
+ \! -regex '.*\.\(gn\|gni\|isolate\)' \
+ -delete
+ done
+ build/linux/unbundle/replace_gn_files.py \
+ --system-libraries \
+ "${_system_libs[@]}"
+}
+
+build() {
+ export CC=clang
+ export CXX=clang++
+ export AR=ar
+ export NM=nm
+
+ # Do not warn about unknown warning options
+ CFLAGS+=' -Wno-unknown-warning-option'
+ CXXFLAGS+=' -Wno-unknown-warning-option'
+
+ cd src || exit
+ export CHROMIUM_BUILDTOOLS_PATH="${PWD}/buildtools"
+ GN_EXTRA_ARGS='
+ blink_symbol_level = 0
+ chrome_pgo_phase = 0
+ clang_use_chrome_plugins = false
+ custom_toolchain = "//build/toolchain/linux/unbundle:default"
+ host_toolchain = "//build/toolchain/linux/unbundle:default"
+ icu_use_data_file = false
+ is_component_ffmpeg = false
+ link_pulseaudio = true
+ rtc_use_pipewire = true
+ treat_warnings_as_errors = false
+ use_custom_libcxx = false
+ use_gnome_keyring = false
+ use_sysroot = false
+ '
+ gn gen out/Release \
+ --args="import(\"//electron/build/args/release.gn\") ${GN_EXTRA_ARGS}"
+ ninja -C out/Release electron
+ # Strip before zip to avoid
+ # zipfile.LargeZipFile: Filesize would require ZIP64 extensions
+ strip -s out/Release/electron
+ ninja -C out/Release electron_dist_zip
+ # ninja -C out/Release third_party/electron_node:headers
+}
+
+package() {
+ install -dm755 "${pkgdir:?}/usr/lib/${pkgname}"
+ bsdtar -xf src/out/Release/dist.zip -C "${pkgdir}/usr/lib/${pkgname}"
+
+ chmod u+s "${pkgdir}/usr/lib/${pkgname}/chrome-sandbox"
+
+ install -dm755 "${pkgdir}/usr/share/licenses/${pkgname}"
+ for l in "${pkgdir}/usr/lib/${pkgname}"/{LICENSE,LICENSES.chromium.html}; do
+ ln -s \
+ "$(realpath --relative-to="${pkgdir}/usr/share/licenses/${pkgname}"
"${l}")" \
+ "${pkgdir}/usr/share/licenses/${pkgname}"
+ done
+
+ install -Dm755 "${srcdir}/electron-launcher.sh" \
+ "${pkgdir}/usr/bin/${pkgname}"
+ if [[ "${_use_suffix}" == 0 ]]; then
+ ln "${pkgdir}/usr/bin/${pkgname}" \
+ "${pkgdir}/usr/bin/${pkgname}${_major_ver}"
+ fi
+
+ # Install .desktop and icon file (see default_app-icon.patch)
+ install -Dm644 electron.desktop \
+ "${pkgdir}/usr/share/applications/${pkgname}.desktop"
+ install -Dm644 src/electron/default_app/icon.png \
+ "${pkgdir}/usr/share/pixmaps/${pkgname}.png" # hicolor has no
1024x1024
+}
Copied: electron14/repos/community-staging-x86_64/chromium-93-ffmpeg-4.4.patch
(from rev 1054201, electron14/trunk/chromium-93-ffmpeg-4.4.patch)
===================================================================
--- community-staging-x86_64/chromium-93-ffmpeg-4.4.patch
(rev 0)
+++ community-staging-x86_64/chromium-93-ffmpeg-4.4.patch 2021-11-22
02:55:25 UTC (rev 1054202)
@@ -0,0 +1,36 @@
+diff --git a/media/filters/ffmpeg_demuxer.cc b/media/filters/ffmpeg_demuxer.cc
+index ac4713b07268..492a9a37d096 100644
+--- a/media/filters/ffmpeg_demuxer.cc
++++ b/media/filters/ffmpeg_demuxer.cc
+@@ -427,11 +427,11 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket
packet) {
+ scoped_refptr<DecoderBuffer> buffer;
+
+ if (type() == DemuxerStream::TEXT) {
+- size_t id_size = 0;
++ int id_size = 0;
+ uint8_t* id_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_IDENTIFIER, &id_size);
+
+- size_t settings_size = 0;
++ int settings_size = 0;
+ uint8_t* settings_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_WEBVTT_SETTINGS, &settings_size);
+
+@@ -443,7 +443,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket
packet) {
+ buffer = DecoderBuffer::CopyFrom(packet->data, packet->size,
+ side_data.data(), side_data.size());
+ } else {
+- size_t side_data_size = 0;
++ int side_data_size = 0;
+ uint8_t* side_data = av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_MATROSKA_BLOCKADDITIONAL, &side_data_size);
+
+@@ -504,7 +504,7 @@ void FFmpegDemuxerStream::EnqueuePacket(ScopedAVPacket
packet) {
+ packet->size - data_offset);
+ }
+
+- size_t skip_samples_size = 0;
++ int skip_samples_size = 0;
+ const uint32_t* skip_samples_ptr =
+ reinterpret_cast<const uint32_t*>(av_packet_get_side_data(
+ packet.get(), AV_PKT_DATA_SKIP_SAMPLES, &skip_samples_size));
Copied: electron14/repos/community-staging-x86_64/chromium-harfbuzz-3.0.0.patch
(from rev 1054201, electron14/trunk/chromium-harfbuzz-3.0.0.patch)
===================================================================
--- community-staging-x86_64/chromium-harfbuzz-3.0.0.patch
(rev 0)
+++ community-staging-x86_64/chromium-harfbuzz-3.0.0.patch 2021-11-22
02:55:25 UTC (rev 1054202)
@@ -0,0 +1,20 @@
+# https://github.com/chromium/chromium/commit/b289f6f3fcbc
+
+diff --git a/components/paint_preview/common/subset_font.cc
b/components/paint_preview/common/subset_font.cc
+index 8ff0540d9a..20a7d37474 100644
+--- a/components/paint_preview/common/subset_font.cc
++++ b/components/paint_preview/common/subset_font.cc
+@@ -72,9 +72,11 @@ sk_sp<SkData> SubsetFont(SkTypeface* typeface, const
GlyphUsage& usage) {
+ hb_set_t* glyphs =
+ hb_subset_input_glyph_set(input.get()); // Owned by |input|.
+ usage.ForEach(base::BindRepeating(&AddGlyphs, base::Unretained(glyphs)));
+- hb_subset_input_set_retain_gids(input.get(), true);
++ hb_subset_input_set_flags(input.get(), HB_SUBSET_FLAGS_RETAIN_GIDS);
+
+- HbScoped<hb_face_t> subset_face(hb_subset(face.get(), input.get()));
++ HbScoped<hb_face_t> subset_face(hb_subset_or_fail(face.get(), input.get()));
++ if (!subset_face)
++ return nullptr;
+ HbScoped<hb_blob_t> subset_blob(hb_face_reference_blob(subset_face.get()));
+ if (!subset_blob)
+ return nullptr;
Copied: electron14/repos/community-staging-x86_64/default_app-icon.patch (from
rev 1054201, electron14/trunk/default_app-icon.patch)
===================================================================
--- community-staging-x86_64/default_app-icon.patch
(rev 0)
+++ community-staging-x86_64/default_app-icon.patch 2021-11-22 02:55:25 UTC
(rev 1054202)
@@ -0,0 +1,21 @@
+--- a/electron/default_app/default_app.ts
++++ b/electron/default_app/default_app.ts
+@@ -59,7 +59,7 @@
+ };
+
+ if (process.platform === 'linux') {
+- options.icon = path.join(__dirname, 'icon.png');
++ options.icon = '/usr/share/pixmaps/electron.png';
+ }
+
+ mainWindow = new BrowserWindow(options);
+--- a/electron/filenames.gni
++++ b/electron/filenames.gni
+@@ -6,7 +6,6 @@
+ ]
+
+ default_app_static_sources = [
+- "default_app/icon.png",
+ "default_app/index.html",
+ "default_app/package.json",
+ "default_app/styles.css",
Copied: electron14/repos/community-staging-x86_64/electron-launcher.sh (from
rev 1054201, electron14/trunk/electron-launcher.sh)
===================================================================
--- community-staging-x86_64/electron-launcher.sh
(rev 0)
+++ community-staging-x86_64/electron-launcher.sh 2021-11-22 02:55:25 UTC
(rev 1054202)
@@ -0,0 +1,20 @@
+#!/usr/bin/bash
+
+set -euo pipefail
+
+name=@ELECTRON@
+flags_file="${XDG_CONFIG_HOME:-$HOME/.config}/${name}-flags.conf"
+
+declare -a flags
+
+if [[ -f "${flags_file}" ]]; then
+ mapfile -t < "${flags_file}"
+fi
+
+for line in "${MAPFILE[@]}"; do
+ if [[ ! "${line}" =~ ^[[:space:]]*#.* ]]; then
+ flags+=("${line}")
+ fi
+done
+
+exec /usr/lib/${name}/electron "$@" "${flags[@]}"
Copied: electron14/repos/community-staging-x86_64/electron.desktop (from rev
1054201, electron14/trunk/electron.desktop)
===================================================================
--- community-staging-x86_64/electron.desktop (rev 0)
+++ community-staging-x86_64/electron.desktop 2021-11-22 02:55:25 UTC (rev
1054202)
@@ -0,0 +1,7 @@
+[Desktop Entry]
+Type=Application
+Name=@ELECTRON_NAME@
+Icon=@ELECTRON@
+Exec=@ELECTRON@ %u
+Categories=Development;GTK;
+StartupNotify=true
Copied: electron14/repos/community-staging-x86_64/gn-visibility-gmock.patch
(from rev 1054201, electron14/trunk/gn-visibility-gmock.patch)
===================================================================
--- community-staging-x86_64/gn-visibility-gmock.patch
(rev 0)
+++ community-staging-x86_64/gn-visibility-gmock.patch 2021-11-22 02:55:25 UTC
(rev 1054202)
@@ -0,0 +1,43 @@
+From fc3c737210873e9bee311391e9f6b48130e84983 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <tsniatow...@vewd.com>
+Date: Sat, 4 Sep 2021 07:13:49 +0000
+Subject: [PATCH] Fix config visibility violation in //testing/gmock
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+//third_party/googletest:gtest_config has restricted visibility, current
+code works by accident because gn only enforces visibility on 'configs'.
+Fix by not referencing the configs at all as it should be unnecessary:
+//testing/gmock gets them via a public dependency chain anyway.
+
+This is one of a few fixes needed to roll gn past the upcoming
+enforcement change, landing in small parts because removing config
+usages feels a bit subtle.
+
+Bug: gn:252
+Change-Id: Ie1438862831ecee49162d9f8f7872a568d69c2fb
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3139927
+Reviewed-by: Dirk Pranke <dpra...@google.com>
+Commit-Queue: Tomasz Śniatowski <tsniatow...@vewd.com>
+Cr-Commit-Position: refs/heads/main@{#918357}
+---
+ testing/gmock/BUILD.gn | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/testing/gmock/BUILD.gn b/testing/gmock/BUILD.gn
+index 0248d146d7397..e285fb84e471a 100644
+--- a/testing/gmock/BUILD.gn
++++ b/testing/gmock/BUILD.gn
+@@ -14,11 +14,6 @@ source_set("gmock") {
+ "include/gmock/gmock.h",
+ ]
+ public_deps = [ "//third_party/googletest:gmock" ]
+-
+- public_configs = [
+- "//third_party/googletest:gmock_config",
+- "//third_party/googletest:gtest_config",
+- ]
+ }
+
+ # The file/directory layout of Google Test is not yet considered stable. Until
Copied: electron14/repos/community-staging-x86_64/gn-visibility-mojo.patch
(from rev 1054201, electron14/trunk/gn-visibility-mojo.patch)
===================================================================
--- community-staging-x86_64/gn-visibility-mojo.patch
(rev 0)
+++ community-staging-x86_64/gn-visibility-mojo.patch 2021-11-22 02:55:25 UTC
(rev 1054202)
@@ -0,0 +1,36 @@
+From 40f10bf0e683f6b499b5c3c7555111193db03abf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <tsniatow...@vewd.com>
+Date: Tue, 7 Sep 2021 20:13:53 +0000
+Subject: [PATCH] Fix config visibility violation in //mojo/public/cpp/bindings
+
+//third_party/blink/renderer:config has restricted visibility, current
+code works by accident because gn only enforces visibility on 'configs'.
+Fix by removing the direct config usage as it looks historical and not
+actually needed.
+
+This is one of a few fixes needed to roll gn past the upcoming
+enforcement change, landing in small parts because removing config
+usages feels a bit subtle.
+
+Bug: gn:252
+Change-Id: I2e0d2e314ef3714dd19b11b7ae29bdcf5074cfda
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3140593
+Commit-Queue: Ken Rockot <roc...@google.com>
+Reviewed-by: Ken Rockot <roc...@google.com>
+Cr-Commit-Position: refs/heads/main@{#918914}
+---
+ mojo/public/cpp/bindings/BUILD.gn | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/mojo/public/cpp/bindings/BUILD.gn
b/mojo/public/cpp/bindings/BUILD.gn
+index 13ad53b3ed305..d90318de106e4 100644
+--- a/mojo/public/cpp/bindings/BUILD.gn
++++ b/mojo/public/cpp/bindings/BUILD.gn
+@@ -281,7 +281,5 @@ if (!is_ios) {
+ "//third_party/blink/renderer/platform:platform_export",
+ "//third_party/blink/renderer/platform/wtf",
+ ]
+-
+- public_configs = [ "//third_party/blink/renderer:config" ]
+ }
+ }
Copied: electron14/repos/community-staging-x86_64/gn-visibility-webrtc.patch
(from rev 1054201, electron14/trunk/gn-visibility-webrtc.patch)
===================================================================
--- community-staging-x86_64/gn-visibility-webrtc.patch
(rev 0)
+++ community-staging-x86_64/gn-visibility-webrtc.patch 2021-11-22 02:55:25 UTC
(rev 1054202)
@@ -0,0 +1,45 @@
+From 72c4d9fc95c336f61d7a8417b78f947a400ce792 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Tomasz=20=C5=9Aniatowski?= <tsniatow...@vewd.com>
+Date: Tue, 14 Sep 2021 10:33:37 +0000
+Subject: [PATCH] Relax googletest gn config visibility for webrtc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+An upcoming gn roll will start enforcing config visibility on
+public_configs and all_dependent_configs. Normally, configs with
+limited visibility have corresponding helper targets that push the
+configs using public_configs and are propagated with public_deps.
+However, webrtc prefers to avoid public_deps, and pushes the gtest
+config using all_dependent_configs. This requires direct visibility,
+so tweak gtest BUILD.gn to make things work.
+
+Bug: gn:252, 1249254
+Change-Id: Ic7be22f7bf129255fb0ac51f437cd6dd3989e3a3
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3158065
+Commit-Queue: Tomasz Śniatowski <tsniatow...@vewd.com>
+Reviewed-by: Victor Costan <pwn...@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#921126}
+---
+ third_party/googletest/BUILD.gn | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/googletest/BUILD.gn b/third_party/googletest/BUILD.gn
+index fe240ebe954b6..d2bde47d75eab 100644
+--- a/third_party/googletest/BUILD.gn
++++ b/third_party/googletest/BUILD.gn
+@@ -5,7 +5,13 @@
+ import("//build_overrides/build.gni")
+
+ config("gtest_config") {
+- visibility = [ ":*" ] # gmock also shares this config.
++ # webrtc wants to push this config without a public_dep chain
++ # TODO(crbug.com/1249254): figure out what to do with this
++ visibility = [
++ ":*", # gmock also shares this config.
++ "//test:*", # webrts standalone setup
++ "//third_party/webrtc/test:*",
++ ]
+
+ defines = [
+ # Chromium always links googletest statically, so no API qualifier is
Copied:
electron14/repos/community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch
(from rev 1054201, electron14/trunk/linux-sandbox-fix-fstatat-crash.patch)
===================================================================
--- community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch
(rev 0)
+++ community-staging-x86_64/linux-sandbox-fix-fstatat-crash.patch
2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,348 @@
+From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpden...@chromium.org>
+Date: Wed, 21 Jul 2021 12:55:11 +0000
+Subject: [PATCH] Linux sandbox: fix fstatat() crash
+
+This is a reland of https://crrev.com/c/2801873.
+
+Glibc has started rewriting fstat(fd, stat_buf) to
+fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
+AT_EMPTY_PATH is specified, and the second argument is an empty string,
+then fstatat just performs an fstat on fd like normal.
+
+Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
+with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
+The baseline policy needs to prevent this usage of fstatat() since it
+doesn't allow access to arbitrary pathnames.
+
+Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
+simply ignored by current kernels.
+
+This means fstatat() is completely unsandboxable with seccomp, since
+we *need* to verify that the second argument is the empty string, but
+we can't dereference pointers in seccomp (due to limitations of BPF,
+and the difficulty of addressing these limitations due to TOCTOU
+issues).
+
+So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
+The signal handler, which runs in the sandboxed process, checks for
+AT_EMPTY_PATH and the empty string, and then rewrites any applicable
+fstatat() back into the old-style fstat().
+
+Bug: 1164975
+Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
+Reviewed-by: Robert Sesek <rse...@chromium.org>
+Commit-Queue: Matthew Denton <mpden...@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#903873}
+---
+ .../seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++
+ .../baseline_policy_unittest.cc | 17 ++++++++++++-
+ .../seccomp-bpf-helpers/sigsys_handlers.cc | 25 +++++++++++++++++++
+ .../seccomp-bpf-helpers/sigsys_handlers.h | 14 +++++++++++
+ .../linux/syscall_broker/broker_process.cc | 21 ++++++++++------
+ .../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
+ sandbox/linux/system_headers/linux_stat.h | 4 +++
+ 7 files changed, 89 insertions(+), 18 deletions(-)
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+index f2a60bb4d7..9df0d2dbd3 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+@@ -20,6 +20,7 @@
+ #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
+ #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ #if !defined(SO_PEEK_OFF)
+@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+ return Allow();
+ }
+
++ // The fstatat syscalls are file system syscalls, which will be denied below
++ // with fs_denied_errno. However some allowed fstat syscalls are rewritten
by
++ // libc implementations to fstatat syscalls, and we need to rewrite them
back.
++ if (sysno == __NR_fstatat_default) {
++ return RewriteFstatatSIGSYS(fs_denied_errno);
++ }
++
+ if (SyscallSets::IsFileSystem(sysno) ||
+ SyscallSets::IsCurrentDirectory(sysno)) {
+ return Error(fs_denied_errno);
+diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+index 68c29b564b..57d307e09d 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
+@@ -51,7 +51,8 @@ namespace sandbox {
+
+ namespace {
+
+-// This also tests that read(), write() and fstat() are allowed.
++// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
++// AT_EMPTY_PATH) are allowed.
+ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
+ BPF_ASSERT_LE(0, read_end.get());
+ BPF_ASSERT_LE(0, write_end.get());
+@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end,
base::ScopedFD write_end) {
+ BPF_ASSERT_EQ(0, sys_ret);
+ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
+
++ sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
++ BPF_ASSERT_EQ(0, sys_ret);
++ BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
++
++ // Make sure fstatat with anything other than an empty string is denied.
++ sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
++ BPF_ASSERT_EQ(sys_ret, -1);
++ BPF_ASSERT_EQ(EPERM, errno);
++
++ // Make sure fstatat without AT_EMPTY_PATH is denied.
++ sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
++ BPF_ASSERT_EQ(sys_ret, -1);
++ BPF_ASSERT_EQ(EPERM, errno);
++
+ const ssize_t kTestTransferSize = 4;
+ static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
+ ssize_t transfered = 0;
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+index 64edbd68bd..71068a0452 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
+@@ -6,6 +6,7 @@
+
+ #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
+
++#include <fcntl.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <string.h>
+@@ -22,6 +23,7 @@
+ #include "sandbox/linux/seccomp-bpf/syscall.h"
+ #include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ #if defined(__mips__)
+@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct
arch_seccomp_data& args,
+ return -ENOSYS;
+ }
+
++intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* fs_denied_errno) {
++ if (args.nr == __NR_fstatat_default) {
++ if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
++ args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
++ return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
++ reinterpret_cast<default_stat_struct*>(args.args[2]));
++ }
++ return -reinterpret_cast<intptr_t>(fs_denied_errno);
++ }
++
++ CrashSIGSYS_Handler(args, fs_denied_errno);
++
++ // Should never be reached.
++ RAW_CHECK(false);
++ return -ENOSYS;
++}
++
+ bpf_dsl::ResultExpr CrashSIGSYS() {
+ return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
+ }
+@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
+ return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
+ }
+
++bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
++ return bpf_dsl::Trap(SIGSYSFstatatHandler,
++ reinterpret_cast<void*>(fs_denied_errno));
++}
++
+ void AllocateCrashKeys() {
+ #if !defined(OS_NACL_NONSFI)
+ if (seccomp_crash_key)
+diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+index 7a958b93b2..8cd735ce15 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
++++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
+@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const
arch_seccomp_data& args,
+ // sched_setparam(), sched_setscheduler()
+ SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
+ void* aux);
++// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
++// then rewrite the syscall to the equivalent fstat() syscall which can be
++// adequately sandboxed.
++// If the fstatat() is not functionally equivalent to an fstat() syscall, we
++// fail with -fs_denied_errno.
++// If the syscall is not an fstatat() at all, crash in the same way as
++// CrashSIGSYS_Handler.
++// This is necessary because glibc and musl have started rewriting fstat(fd,
++// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the
latter
++// back to the former, which is actually sandboxable.
++SANDBOX_EXPORT intptr_t
++SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
++ void* fs_denied_errno);
+
+ // Variants of the above functions for use with bpf_dsl.
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
+@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
+ SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
++SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
+
+ // Allocates a crash key so that Seccomp information can be recorded.
+ void AllocateCrashKeys();
+diff --git a/sandbox/linux/syscall_broker/broker_process.cc
b/sandbox/linux/syscall_broker/broker_process.cc
+index c2176eb785..e9dad37485 100644
+--- a/sandbox/linux/syscall_broker/broker_process.cc
++++ b/sandbox/linux/syscall_broker/broker_process.cc
+@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
+ }
+
+ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
++ // The syscalls unavailable on aarch64 are all blocked by Android's default
++ // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls
XX()
++ // with a corresponding XXat() versions are typically unavailable in aarch64
++ // and are default disabled in Android. So, we should refuse to broker them
++ // to be consistent with the platform's restrictions.
+ switch (sysno) {
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_access:
+ #endif
+ case __NR_faccessat:
+ return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_mkdir:
+ #endif
+ case __NR_mkdirat:
+ return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_open:
+ #endif
+ case __NR_openat:
+ return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_readlink:
+ #endif
+ case __NR_readlinkat:
+ return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_rename:
+ #endif
+ case __NR_renameat:
+ case __NR_renameat2:
+ return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_rmdir:
+ return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_stat:
+ case __NR_lstat:
+ #endif
+@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool
fast_check) const {
+ return !fast_check || allowed_command_set_.test(COMMAND_STAT);
+ #endif
+
+-#if !defined(__aarch64__)
++#if !defined(__aarch64__) && !defined(OS_ANDROID)
+ case __NR_unlink:
+ return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
+ #endif
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc
b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index c65f25a78a..f0db08d84e 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
+ const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand
= {
+ {COMMAND_ACCESS,
+ {__NR_faccessat,
+-#if defined(__NR_access)
++#if defined(__NR_access) && !defined(OS_ANDROID)
+ __NR_access
+ #endif
+ }},
+ {COMMAND_MKDIR,
+ {__NR_mkdirat,
+-#if defined(__NR_mkdir)
++#if defined(__NR_mkdir) && !defined(OS_ANDROID)
+ __NR_mkdir
+ #endif
+ }},
+ {COMMAND_OPEN,
+ {__NR_openat,
+-#if defined(__NR_open)
++#if defined(__NR_open) && !defined(OS_ANDROID)
+ __NR_open
+ #endif
+ }},
+ {COMMAND_READLINK,
+ {__NR_readlinkat,
+-#if defined(__NR_readlink)
++#if defined(__NR_readlink) && !defined(OS_ANDROID)
+ __NR_readlink
+ #endif
+ }},
+ {COMMAND_RENAME,
+ {__NR_renameat,
+-#if defined(__NR_rename)
++#if defined(__NR_rename) && !defined(OS_ANDROID)
+ __NR_rename
+ #endif
+ }},
+ {COMMAND_UNLINK,
+ {__NR_unlinkat,
+-#if defined(__NR_unlink)
++#if defined(__NR_unlink) && !defined(OS_ANDROID)
+ __NR_unlink
+ #endif
+ }},
+ {COMMAND_RMDIR,
+ {__NR_unlinkat,
+-#if defined(__NR_rmdir)
++#if defined(__NR_rmdir) && !defined(OS_ANDROID)
+ __NR_rmdir
+ #endif
+ }},
+ {COMMAND_STAT,
+ {
+-#if defined(__NR_stat)
++#if defined(__NR_stat) && !defined(OS_ANDROID)
+ __NR_stat,
+ #endif
+-#if defined(__NR_lstat)
++#if defined(__NR_lstat) && !defined(OS_ANDROID)
+ __NR_lstat,
+ #endif
+ #if defined(__NR_fstatat)
+diff --git a/sandbox/linux/system_headers/linux_stat.h
b/sandbox/linux/system_headers/linux_stat.h
+index 35788eb22a..83b89efc75 100644
+--- a/sandbox/linux/system_headers/linux_stat.h
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -157,6 +157,10 @@ struct kernel_stat {
+ };
+ #endif
+
++#if !defined(AT_EMPTY_PATH)
++#define AT_EMPTY_PATH 0x1000
++#endif
++
+ // On 32-bit systems, we default to the 64-bit stat struct like libc
+ // implementations do. Otherwise we default to the normal stat struct which is
+ // already 64-bit.
Copied:
electron14/repos/community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
(from rev 1054201,
electron14/trunk/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch)
===================================================================
---
community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
(rev 0)
+++
community-staging-x86_64/linux-sandbox-syscall-broker-use-struct-kernel_stat.patch
2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,1384 @@
+From 4b438323d68840453b5ef826c3997568e2e0e8c7 Mon Sep 17 00:00:00 2001
+From: Matthew Denton <mpden...@chromium.org>
+Date: Mon, 19 Jul 2021 14:03:13 +0000
+Subject: [PATCH] Reland "Reland "Linux sandbox syscall broker: use struct
+ kernel_stat""
+
+This reverts commit ff277a52ece0b216617d770f201ed66955fe70b9.
+
+Reason for revert: reland
+
+The fix included in the reland is that fstatat64() needs to be
+allowed in the broker process's seccomp policy.
+
+This CL also includes some extra tests that the kernel_stat structures
+match the layout the kernel expects.
+
+Bug: 1164975, 1199431
+Test: trogdor Chromebook successfully boots and allows login.
+
+Original change's description:
+> Revert "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+>
+> This reverts commit cffbc4432af79f720ae3c75dff380b853701bd64.
+>
+> Reason for revert:
https://bugs.chromium.org/p/chromium/issues/detail?id=1199431
+>
+> Original change's description:
+> > Reland "Linux sandbox syscall broker: use struct kernel_stat"
+> >
+> > This reverts commit 23030dc650cdfa22631f25bef937905f27f06a2c.
+> >
+> > Original change's description:
+> > > Revert "Linux sandbox syscall broker: use struct kernel_stat"
+> > >
+> > > This reverts commit 784b0fcd8a3ca6bcd3acb9cfd624ec9cbbac2789.
+> > >
+> > > Reason for revert: Causing failure in
+> > > Step "sandbox_linux_unittests" failing on builder "Linux ChromiumOS MSan
Tests"
+> > > See crbug.com/1198480
+> > >
+> > > Original change's description:
+> > > > Linux sandbox syscall broker: use struct kernel_stat
+> > > >
+> > > > The struct stat used in libc is different (in size and field ordering)
+> > > > from the structure assumed by the Linux kernel. So, when emulating
+> > > > system calls, we need to use the struct definition the kernel expects.
+> > > >
+> > > > This CL adds linux_stat.h that includes definitions of the different
+> > > > kernel structs.
+> > > >
+> > > > Change-Id: I53cad35c2251dff0f6b7ea77528cfa58ef3cab4a
+> > > > Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2780876
+> > > > Commit-Queue: Matthew Denton <mpden...@chromium.org>
+> > > > Reviewed-by: Robert Sesek <rse...@chromium.org>
+> > > > Cr-Commit-Position: refs/heads/master@{#871767}
+> > >
+> > > Change-Id: Icbec38f2103c8424dec79ab1870b97c3e83f9361
+> > > No-Presubmit: true
+> > > No-Tree-Checks: true
+> > > No-Try: true
+> > > Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2821812
+> > > Auto-Submit: Victor Vianna <victorvia...@google.com>
+> > > Owners-Override: Victor Vianna <victorvia...@google.com>
+> > > Commit-Queue: Rubber Stamper <rubber-stam...@appspot.gserviceaccount.com>
+> > > Bot-Commit: Rubber Stamper <rubber-stam...@appspot.gserviceaccount.com>
+> > > Cr-Commit-Position: refs/heads/master@{#871882}
+> >
+> > Change-Id: I1f39bb5242961474def594ff7dbea52009f2cee4
+> > Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2824115
+> > Auto-Submit: Matthew Denton <mpden...@chromium.org>
+> > Commit-Queue: Matthew Denton <mpden...@chromium.org>
+> > Reviewed-by: Robert Sesek <rse...@chromium.org>
+> > Cr-Commit-Position: refs/heads/master@{#872812}
+>
+> Fixed: 1199431
+> Change-Id: Iebfc0c48201bf22ff9c54d8d5c8a43d26a880098
+> No-Presubmit: true
+> No-Tree-Checks: true
+> No-Try: true
+> Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2830459
+> Auto-Submit: Kyle Horimoto <khorim...@chromium.org>
+> Commit-Queue: Matthew Denton <mpden...@chromium.org>
+> Commit-Queue: Kinuko Yasuda <kin...@chromium.org>
+> Reviewed-by: Matthew Denton <mpden...@chromium.org>
+> Reviewed-by: Kinuko Yasuda <kin...@chromium.org>
+> Owners-Override: Kinuko Yasuda <kin...@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#873173}
+
+Change-Id: Ibe6a485070f33489aaa157b51b908c2d23d174d7
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2848936
+Reviewed-by: Robert Sesek <rse...@chromium.org>
+Commit-Queue: Matthew Denton <mpden...@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#902981}
+---
+ sandbox/linux/BUILD.gn | 1 +
+ .../seccomp_broker_process_unittest.cc | 40 +++-
+ sandbox/linux/seccomp-bpf-helpers/DEPS | 1 -
+ ...scall_parameters_restrictions_unittests.cc | 4 -
+ sandbox/linux/services/syscall_wrappers.cc | 50 ++++-
+ sandbox/linux/services/syscall_wrappers.h | 15 ++
+ .../services/syscall_wrappers_unittest.cc | 129 +++++++++++-
+ sandbox/linux/syscall_broker/DEPS | 3 +-
+ sandbox/linux/syscall_broker/broker_client.cc | 4 +-
+ sandbox/linux/syscall_broker/broker_client.h | 4 +-
+ sandbox/linux/syscall_broker/broker_host.cc | 23 ++-
+ .../syscall_broker/broker_process_unittest.cc | 74 +++----
+ .../remote_syscall_arg_handler_unittest.cc | 36 ++--
+ .../syscall_broker/syscall_dispatcher.cc | 67 ++++---
+ .../linux/syscall_broker/syscall_dispatcher.h | 27 ++-
+ sandbox/linux/system_headers/linux_stat.h | 188 ++++++++++++++++++
+ sandbox/linux/system_headers/linux_time.h | 26 +++
+ sandbox/linux/tests/test_utils.cc | 15 ++
+ sandbox/linux/tests/test_utils.h | 2 +
+ .../policy/linux/bpf_broker_policy_linux.cc | 4 +-
+ 20 files changed, 595 insertions(+), 118 deletions(-)
+ create mode 100644 sandbox/linux/system_headers/linux_stat.h
+
+diff --git a/sandbox/linux/BUILD.gn b/sandbox/linux/BUILD.gn
+index 2f778dd0bc..ccbbc91716 100644
+--- a/sandbox/linux/BUILD.gn
++++ b/sandbox/linux/BUILD.gn
+@@ -443,6 +443,7 @@ source_set("sandbox_services_headers") {
+ "system_headers/linux_ptrace.h",
+ "system_headers/linux_seccomp.h",
+ "system_headers/linux_signal.h",
++ "system_headers/linux_stat.h",
+ "system_headers/linux_syscalls.h",
+ "system_headers/linux_time.h",
+ "system_headers/linux_ucontext.h",
+diff --git
a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+index 9da9c68911..8a941983b1 100644
+--- a/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
++++ b/sandbox/linux/integration_tests/seccomp_broker_process_unittest.cc
+@@ -34,6 +34,7 @@
+ #include "sandbox/linux/syscall_broker/broker_file_permission.h"
+ #include "sandbox/linux/syscall_broker/broker_process.h"
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+ #include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+@@ -202,6 +203,26 @@ namespace {
+ // not accept this as a valid error number. E.g. bionic accepts up to 255,
glibc
+ // and musl up to 4096.
+ const int kFakeErrnoSentinel = 254;
++
++void ConvertKernelStatToLibcStat(default_stat_struct& in_stat,
++ struct stat& out_stat) {
++ out_stat.st_dev = in_stat.st_dev;
++ out_stat.st_ino = in_stat.st_ino;
++ out_stat.st_mode = in_stat.st_mode;
++ out_stat.st_nlink = in_stat.st_nlink;
++ out_stat.st_uid = in_stat.st_uid;
++ out_stat.st_gid = in_stat.st_gid;
++ out_stat.st_rdev = in_stat.st_rdev;
++ out_stat.st_size = in_stat.st_size;
++ out_stat.st_blksize = in_stat.st_blksize;
++ out_stat.st_blocks = in_stat.st_blocks;
++ out_stat.st_atim.tv_sec = in_stat.st_atime_;
++ out_stat.st_atim.tv_nsec = in_stat.st_atime_nsec_;
++ out_stat.st_mtim.tv_sec = in_stat.st_mtime_;
++ out_stat.st_mtim.tv_nsec = in_stat.st_mtime_nsec_;
++ out_stat.st_ctim.tv_sec = in_stat.st_ctime_;
++ out_stat.st_ctim.tv_nsec = in_stat.st_ctime_nsec_;
++}
+ } // namespace
+
+ // There are a variety of ways to make syscalls in a sandboxed process. One is
+@@ -217,6 +238,10 @@ class Syscaller {
+
+ virtual int Open(const char* filepath, int flags) = 0;
+ virtual int Access(const char* filepath, int mode) = 0;
++ // NOTE: we use struct stat instead of default_stat_struct, to make the libc
++ // syscaller simpler. Copying from default_stat_struct (the structure
returned
++ // from a stat sycall) to struct stat (the structure exposed by a libc to
its
++ // users) is simpler than going in the opposite direction.
+ virtual int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) = 0;
+@@ -243,8 +268,12 @@ class IPCSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- return broker_->GetBrokerClientSignalBased()->Stat(filepath, follow_links,
+- statbuf);
++ default_stat_struct buf;
++ int ret = broker_->GetBrokerClientSignalBased()->DefaultStatForTesting(
++ filepath, follow_links, &buf);
++ if (ret >= 0)
++ ConvertKernelStatToLibcStat(buf, *statbuf);
++ return ret;
+ }
+
+ int Rename(const char* oldpath, const char* newpath) override {
+@@ -300,10 +329,13 @@ class DirectSyscaller : public Syscaller {
+ int Stat(const char* filepath,
+ bool follow_links,
+ struct stat* statbuf) override {
+- int ret = follow_links ? syscall(__NR_stat, filepath, statbuf)
+- : syscall(__NR_lstat, filepath, statbuf);
++ struct kernel_stat buf;
++ int ret = syscall(__NR_newfstatat, AT_FDCWD, filepath, &buf,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return -errno;
++
++ ConvertKernelStatToLibcStat(buf, *statbuf);
+ return ret;
+ }
+
+diff --git a/sandbox/linux/seccomp-bpf-helpers/DEPS
b/sandbox/linux/seccomp-bpf-helpers/DEPS
+index 4419fd1da3..95d1bb6cbb 100644
+--- a/sandbox/linux/seccomp-bpf-helpers/DEPS
++++ b/sandbox/linux/seccomp-bpf-helpers/DEPS
+@@ -3,5 +3,4 @@ include_rules = [
+ "+sandbox/linux/seccomp-bpf",
+ "+sandbox/linux/services",
+ "+sandbox/linux/system_headers",
+- "+third_party/lss/linux_syscall_support.h",
+ ]
+diff --git
a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+index 903e702eab..76c393032c 100644
+---
a/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
++++
b/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions_unittests.cc
+@@ -37,10 +37,6 @@
+ #include "sandbox/linux/system_headers/linux_time.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+
+-#if !defined(OS_ANDROID)
+-#include "third_party/lss/linux_syscall_support.h" // for
MAKE_PROCESS_CPUCLOCK
+-#endif
+-
+ namespace sandbox {
+
+ namespace {
+diff --git a/sandbox/linux/services/syscall_wrappers.cc
b/sandbox/linux/services/syscall_wrappers.cc
+index fcfd2aa129..3bec18a14e 100644
+--- a/sandbox/linux/services/syscall_wrappers.cc
++++ b/sandbox/linux/services/syscall_wrappers.cc
+@@ -4,6 +4,7 @@
+
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
++#include <fcntl.h>
+ #include <pthread.h>
+ #include <sched.h>
+ #include <setjmp.h>
+@@ -14,11 +15,13 @@
+ #include <unistd.h>
+ #include <cstring>
+
++#include "base/check.h"
+ #include "base/compiler_specific.h"
+ #include "base/logging.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/capability.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -217,7 +220,7 @@ asm(
+ #undef STR
+ #undef XSTR
+
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+
+ int sys_sigaction(int signum,
+ const struct sigaction* act,
+@@ -241,7 +244,7 @@ int sys_sigaction(int signum,
+ #error "Unsupported architecture."
+ #endif
+ }
+-#endif
++#endif // defined(ARCH_CPU_X86_FAMILY)
+ }
+
+ LinuxSigAction linux_oldact = {};
+@@ -259,6 +262,47 @@ int sys_sigaction(int signum,
+ return result;
+ }
+
+-#endif // defined(MEMORY_SANITIZER)
++#endif // !defined(OS_NACL_NONSFI)
++
++int sys_stat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_stat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf, 0);
++#else
++ res = syscall(__NR_stat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_lstat(const char* path, struct kernel_stat* stat_buf) {
++ int res;
++#if !defined(__NR_lstat)
++ res = syscall(__NR_newfstatat, AT_FDCWD, path, stat_buf,
AT_SYMLINK_NOFOLLOW);
++#else
++ res = syscall(__NR_lstat, path, stat_buf);
++#endif
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++}
++
++int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags) {
++#if defined(__NR_fstatat64)
++ int res = syscall(__NR_fstatat64, dirfd, pathname, stat_buf, flags);
++ if (res == 0)
++ MSAN_UNPOISON(stat_buf, sizeof(*stat_buf));
++ return res;
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++ return -ENOSYS;
++#endif
++}
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/services/syscall_wrappers.h
b/sandbox/linux/services/syscall_wrappers.h
+index 1975bfbd88..b55340e4a2 100644
+--- a/sandbox/linux/services/syscall_wrappers.h
++++ b/sandbox/linux/services/syscall_wrappers.h
+@@ -17,6 +17,8 @@ struct sock_fprog;
+ struct rlimit64;
+ struct cap_hdr;
+ struct cap_data;
++struct kernel_stat;
++struct kernel_stat64;
+
+ namespace sandbox {
+
+@@ -84,6 +86,19 @@ SANDBOX_EXPORT int sys_sigaction(int signum,
+ const struct sigaction* act,
+ struct sigaction* oldact);
+
++// Some architectures do not have stat() and lstat() syscalls. In that case,
++// these wrappers will use newfstatat(), which is available on all other
++// architectures, with the same capabilities as stat() and lstat().
++SANDBOX_EXPORT int sys_stat(const char* path, struct kernel_stat* stat_buf);
++SANDBOX_EXPORT int sys_lstat(const char* path, struct kernel_stat* stat_buf);
++
++// Takes care of unpoisoning |stat_buf| for MSAN. Check-fails if fstatat64()
is
++// not a supported syscall on the current platform.
++SANDBOX_EXPORT int sys_fstatat64(int dirfd,
++ const char* pathname,
++ struct kernel_stat64* stat_buf,
++ int flags);
++
+ } // namespace sandbox
+
+ #endif // SANDBOX_LINUX_SERVICES_SYSCALL_WRAPPERS_H_
+diff --git a/sandbox/linux/services/syscall_wrappers_unittest.cc
b/sandbox/linux/services/syscall_wrappers_unittest.cc
+index 32820f60a8..64b9cea80f 100644
+--- a/sandbox/linux/services/syscall_wrappers_unittest.cc
++++ b/sandbox/linux/services/syscall_wrappers_unittest.cc
+@@ -5,15 +5,19 @@
+ #include "sandbox/linux/services/syscall_wrappers.h"
+
+ #include <stdint.h>
++#include <string.h>
+ #include <sys/syscall.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+-#include <cstring>
+
++#include "base/logging.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+ #include "build/build_config.h"
+ #include "sandbox/linux/system_headers/linux_signal.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/linux/tests/scoped_temporary_file.h"
+ #include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+@@ -93,6 +97,129 @@ TEST(SyscallWrappers, LinuxSigSet) {
+ linux_sigset);
+ }
+
++TEST(SyscallWrappers, Stat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // To test we have the correct stat structures for each kernel/platform, we
++ // will right-align them on a page, with a guard page after.
++ char* two_pages = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(two_pages, 2);
++ char* page1_end = two_pages + base::GetPageSize();
++
++ // First, check that calling stat with |stat_buf| pointing to the last byte
on
++ // a page causes EFAULT.
++ int res = sys_stat(tmp_file.full_file_name(),
++ reinterpret_cast<struct kernel_stat*>(page1_end - 1));
++ ASSERT_EQ(res, -1);
++ ASSERT_EQ(errno, EFAULT);
++
++ // Now, check that we have the correctly sized stat structure.
++ struct kernel_stat* sb = reinterpret_cast<struct kernel_stat*>(
++ page1_end - sizeof(struct kernel_stat));
++ // Memset to c's so we can check the kernel zero'd the padding...
++ memset(sb, 'c', sizeof(struct kernel_stat));
++ res = sys_stat(tmp_file.full_file_name(), sb);
++ ASSERT_EQ(res, 0);
++
++ // Following fields may never be consistent but should be non-zero.
++ // Don't trust the platform to define fields with any particular sign.
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_dev));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_ino));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_mode));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blksize));
++ EXPECT_NE(0u, static_cast<unsigned int>(sb->st_blocks));
++
++// We are the ones that made the file.
++// Note: normally gid and uid overflow on backwards-compatible 32-bit systems
++// and we end up with dummy uids and gids in place here.
++#if defined(ARCH_CPU_64_BITS)
++ EXPECT_EQ(geteuid(), sb->st_uid);
++ EXPECT_EQ(getegid(), sb->st_gid);
++#endif
++
++ // Wrote 12 bytes above which should fit in one block.
++ EXPECT_EQ(12u, sb->st_size);
++
++ // Can't go backwards in time, 1500000000 was some time ago.
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb->st_ctime_));
++
++ // Checking the padding for good measure.
++#if defined(__x86_64__)
++ EXPECT_EQ(0u, sb->__pad0);
++ EXPECT_EQ(0u, sb->__unused4[0]);
++ EXPECT_EQ(0u, sb->__unused4[1]);
++ EXPECT_EQ(0u, sb->__unused4[2]);
++#elif defined(__aarch64__)
++ EXPECT_EQ(0u, sb->__pad1);
++ EXPECT_EQ(0, sb->__pad2);
++ EXPECT_EQ(0u, sb->__unused4);
++ EXPECT_EQ(0u, sb->__unused5);
++#endif
++}
++
++TEST(SyscallWrappers, LStat) {
++ // Create a file to stat, with 12 bytes of data.
++ ScopedTemporaryFile tmp_file;
++ EXPECT_EQ(12, write(tmp_file.fd(), "blahblahblah", 12));
++
++ // Also create a symlink.
++ std::string symlink_name;
++ {
++ ScopedTemporaryFile tmp_file2;
++ symlink_name = tmp_file2.full_file_name();
++ }
++ int rc = symlink(tmp_file.full_file_name(), symlink_name.c_str());
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't symlink " << symlink_name << " to target "
++ << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat lstat_info;
++ rc = sys_lstat(symlink_name.c_str(), &lstat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_lstat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat stat_info;
++ rc = sys_stat(symlink_name.c_str(), &stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << symlink_name;
++ GTEST_FAIL();
++ }
++
++ struct kernel_stat tmp_file_stat_info;
++ rc = sys_stat(tmp_file.full_file_name(), &tmp_file_stat_info);
++ if (rc < 0 && errno == EOVERFLOW) {
++ GTEST_SKIP();
++ }
++ if (rc != 0) {
++ PLOG(ERROR) << "Couldn't sys_stat " << tmp_file.full_file_name();
++ GTEST_FAIL();
++ }
++
++ // lstat should produce information about a symlink.
++ ASSERT_TRUE(S_ISLNK(lstat_info.st_mode));
++
++ // stat-ing symlink_name and tmp_file should produce the same inode.
++ ASSERT_EQ(stat_info.st_ino, tmp_file_stat_info.st_ino);
++
++ // lstat-ing symlink_name should give a different inode than stat-ing
++ // symlink_name.
++ ASSERT_NE(stat_info.st_ino, lstat_info.st_ino);
++}
++
+ } // namespace
+
+ } // namespace sandbox
+diff --git a/sandbox/linux/syscall_broker/DEPS
b/sandbox/linux/syscall_broker/DEPS
+index c477f7d363..149c463b06 100644
+--- a/sandbox/linux/syscall_broker/DEPS
++++ b/sandbox/linux/syscall_broker/DEPS
+@@ -1,4 +1,5 @@
+ include_rules = [
+- "+sandbox/linux/system_headers",
+ "+sandbox/linux/bpf_dsl",
++ "+sandbox/linux/services",
++ "+sandbox/linux/system_headers",
+ ]
+diff --git a/sandbox/linux/syscall_broker/broker_client.cc
b/sandbox/linux/syscall_broker/broker_client.cc
+index 6b1b5be433..e24f659fcf 100644
+--- a/sandbox/linux/syscall_broker/broker_client.cc
++++ b/sandbox/linux/syscall_broker/broker_client.cc
+@@ -166,7 +166,7 @@ int BrokerClient::Rmdir(const char* path) const {
+
+ int BrokerClient::Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const {
++ struct kernel_stat* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+@@ -181,7 +181,7 @@ int BrokerClient::Stat(const char* pathname,
+
+ int BrokerClient::Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const {
++ struct kernel_stat64* sb) const {
+ if (!pathname || !sb)
+ return -EFAULT;
+
+diff --git a/sandbox/linux/syscall_broker/broker_client.h
b/sandbox/linux/syscall_broker/broker_client.h
+index 05e14c83f2..26ca78101c 100644
+--- a/sandbox/linux/syscall_broker/broker_client.h
++++ b/sandbox/linux/syscall_broker/broker_client.h
+@@ -61,10 +61,10 @@ class SANDBOX_EXPORT BrokerClient : public
SyscallDispatcher {
+ int Rmdir(const char* path) const override;
+ int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const override;
++ struct kernel_stat* sb) const override;
+ int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const override;
++ struct kernel_stat64* sb) const override;
+ int Unlink(const char* unlink) const override;
+
+ private:
+diff --git a/sandbox/linux/syscall_broker/broker_host.cc
b/sandbox/linux/syscall_broker/broker_host.cc
+index 1cd03a18df..1cdc01a888 100644
+--- a/sandbox/linux/syscall_broker/broker_host.cc
++++ b/sandbox/linux/syscall_broker/broker_host.cc
+@@ -20,9 +20,11 @@
+ #include "base/files/scoped_file.h"
+ #include "base/logging.h"
+ #include "base/posix/eintr_wrapper.h"
++#include "sandbox/linux/services/syscall_wrappers.h"
+ #include "sandbox/linux/syscall_broker/broker_command.h"
+ #include "sandbox/linux/syscall_broker/broker_permission_list.h"
+ #include "sandbox/linux/syscall_broker/broker_simple_message.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
+ #include "sandbox/linux/system_headers/linux_syscalls.h"
+
+ namespace sandbox {
+@@ -193,10 +195,12 @@ void StatFileForIPC(const BrokerCommandSet&
allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(-permission_list.denied_errno()));
+ return;
+ }
++
+ if (command_type == COMMAND_STAT) {
+- struct stat sb;
+- int sts =
+- follow_links ? stat(file_to_access, &sb) : lstat(file_to_access, &sb);
++ struct kernel_stat sb;
++
++ int sts = follow_links ? sandbox::sys_stat(file_to_access, &sb)
++ : sandbox::sys_lstat(file_to_access, &sb);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -205,10 +209,12 @@ void StatFileForIPC(const BrokerCommandSet&
allowed_command_set,
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
+ } else {
++#if defined(__NR_fstatat64)
+ DCHECK(command_type == COMMAND_STAT64);
+- struct stat64 sb;
+- int sts = follow_links ? stat64(file_to_access, &sb)
+- : lstat64(file_to_access, &sb);
++ struct kernel_stat64 sb;
++
++ int sts = sandbox::sys_fstatat64(AT_FDCWD, file_to_access, &sb,
++ follow_links ? 0 : AT_SYMLINK_NOFOLLOW);
+ if (sts < 0) {
+ RAW_CHECK(reply->AddIntToMessage(-errno));
+ return;
+@@ -216,6 +222,11 @@ void StatFileForIPC(const BrokerCommandSet&
allowed_command_set,
+ RAW_CHECK(reply->AddIntToMessage(0));
+ RAW_CHECK(
+ reply->AddDataToMessage(reinterpret_cast<char*>(&sb), sizeof(sb)));
++#else // defined(__NR_fstatat64)
++ // We should not reach here on 64-bit systems, as the *stat*64() are only
++ // necessary on 32-bit.
++ RAW_CHECK(false);
++#endif
+ }
+ }
+
+diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc
b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+index 55ba6bccb2..c65f25a78a 100644
+--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
++++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
+@@ -811,7 +811,7 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+ const char* bad_leading_path5 = "/mbogo/fictitioux";
+ const char* bad_leading_path6 = "/mbogo/fictitiousa";
+
+- struct stat sb;
++ default_stat_struct sb;
+
+ {
+ // Actual file with permissions to see file but command not allowed.
+@@ -824,7 +824,7 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+
+@@ -840,7 +840,7 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ nonesuch_name, follow_links, &sb));
+ }
+ {
+@@ -852,7 +852,7 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+
+ memset(&sb, 0, sizeof(sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ tempfile_name, follow_links, &sb));
+ }
+ {
+@@ -864,38 +864,39 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets denied all the way back to root since no create permission.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -907,37 +908,41 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- nonesuch_name, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ nonesuch_name, follow_links, &sb));
+
+ // Gets ENOENT all the way back to root since it has create permission.
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path1, follow_links, &sb));
+- EXPECT_EQ(-ENOENT, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path2, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path1, follow_links, &sb));
++ EXPECT_EQ(-ENOENT,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path2, follow_links, &sb));
+
+ // But can always get the root.
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- leading_path3, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ leading_path3, follow_links, &sb));
+
+ // Not fooled by substrings.
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path1, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path2, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path3, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path4, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path5, follow_links, &sb));
+ EXPECT_EQ(-kFakeErrnoSentinel,
+- open_broker.GetBrokerClientSignalBased()->Stat(
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
+ bad_leading_path6, follow_links, &sb));
+ }
+ {
+@@ -949,8 +954,9 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+ ASSERT_TRUE(open_broker.Init(base::BindOnce(&NoOpCallback)));
+
+ memset(&sb, 0, sizeof(sb));
+- EXPECT_EQ(0, open_broker.GetBrokerClientSignalBased()->Stat(
+- tempfile_name, follow_links, &sb));
++ EXPECT_EQ(0,
++ open_broker.GetBrokerClientSignalBased()->DefaultStatForTesting(
++ tempfile_name, follow_links, &sb));
+
+ // Following fields may never be consistent but should be non-zero.
+ // Don't trust the platform to define fields with any particular sign.
+@@ -968,9 +974,9 @@ void TestStatHelper(bool fast_check_in_client, bool
follow_links) {
+ EXPECT_EQ(12, sb.st_size);
+
+ // Can't go backwards in time, 1500000000 was some time ago.
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime));
+- EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_atime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_mtime_));
++ EXPECT_LT(1500000000u, static_cast<unsigned int>(sb.st_ctime_));
+ }
+ }
+
+diff --git
a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+index fffa9bb708..f517a9867c 100644
+--- a/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
++++ b/sandbox/linux/syscall_broker/remote_syscall_arg_handler_unittest.cc
+@@ -16,6 +16,7 @@
+ #include "base/memory/page_size.h"
+ #include "base/posix/unix_domain_socket.h"
+ #include "base/test/bind.h"
++#include "sandbox/linux/tests/test_utils.h"
+ #include "sandbox/linux/tests/unit_tests.h"
+ #include "testing/gtest/include/gtest/gtest.h"
+
+@@ -52,19 +53,6 @@ void VerifyCorrectString(std::string str, size_t size) {
+ }
+ }
+
+-void* MapPagesOrDie(size_t num_pages) {
+- void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
+- PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1,
0);
+- PCHECK(addr);
+- return addr;
+-}
+-
+-void MprotectLastPageOrDie(char* addr, size_t num_pages) {
+- size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
+- PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
+- 0);
+-}
+-
+ pid_t ForkWaitingChild(base::OnceCallback<void(int)>
+ after_parent_signals_callback = base::DoNothing(),
+ base::ScopedFD* parent_sync_fd = nullptr) {
+@@ -105,13 +93,13 @@ void ReadTest(const ReadTestConfig& test_config) {
+ size_t total_pages = (test_config.start_at + test_config.total_size +
+ base::GetPageSize() - 1) /
+ base::GetPageSize();
+- char* mmap_addr = static_cast<char*>(MapPagesOrDie(total_pages));
++ char* mmap_addr = static_cast<char*>(TestUtils::MapPagesOrDie(total_pages));
+ char* addr = mmap_addr + test_config.start_at;
+ FillBufferWithPath(addr, test_config.total_size,
+ test_config.include_null_byte);
+
+ if (test_config.last_page_inaccessible)
+- MprotectLastPageOrDie(mmap_addr, total_pages);
++ TestUtils::MprotectLastPageOrDie(mmap_addr, total_pages);
+
+ pid_t pid = ForkWaitingChild();
+ munmap(mmap_addr, base::GetPageSize() * total_pages);
+@@ -212,7 +200,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler,
ReadChunkPlus1EndingOnePastPage) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, ReadChildExited) {
+- void* addr = MapPagesOrDie(1);
++ void* addr = TestUtils::MapPagesOrDie(1);
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+@@ -240,10 +228,10 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler,
ReadChildExited) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+- void* read_from = MapPagesOrDie(1);
++ void* read_from = TestUtils::MapPagesOrDie(1);
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -278,8 +266,8 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, BasicWrite) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteToInvalidAddress) {
+- char* write_to = static_cast<char*>(MapPagesOrDie(1));
+- MprotectLastPageOrDie(write_to, 1);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(1));
++ TestUtils::MprotectLastPageOrDie(write_to, 1);
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+
+@@ -295,11 +283,11 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler,
WriteToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WritePartiallyToInvalidAddress) {
+- char* read_from = static_cast<char*>(MapPagesOrDie(2));
++ char* read_from = static_cast<char*>(TestUtils::MapPagesOrDie(2));
+ const size_t write_size = base::GetPageSize();
+ FillBufferWithPath(static_cast<char*>(read_from), write_size, false);
+- char* write_to = static_cast<char*>(MapPagesOrDie(2));
+- MprotectLastPageOrDie(write_to, 2);
++ char* write_to = static_cast<char*>(TestUtils::MapPagesOrDie(2));
++ TestUtils::MprotectLastPageOrDie(write_to, 2);
+ write_to += base::GetPageSize() / 2;
+ base::ScopedFD parent_signal_fd;
+ const std::vector<int> empty_fd_vec;
+@@ -314,7 +302,7 @@ SANDBOX_TEST(BrokerRemoteSyscallArgHandler,
WritePartiallyToInvalidAddress) {
+ }
+
+ SANDBOX_TEST(BrokerRemoteSyscallArgHandler, WriteChildExited) {
+- char* addr = static_cast<char*>(MapPagesOrDie(1));
++ char* addr = static_cast<char*>(TestUtils::MapPagesOrDie(1));
+ FillBufferWithPath(static_cast<char*>(addr), strlen(kPathPart) + 1, true);
+
+ base::ScopedFD parent_sync, child_sync;
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+index b9ee93c14a..8a42397ef8 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.cc
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.cc
+@@ -19,8 +19,18 @@ namespace syscall_broker {
+ #define BROKER_UNPOISON_STRING(x)
+ #endif
+
++int SyscallDispatcher::DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb) {
++#if defined(__NR_fstatat64)
++ return Stat64(pathname, follow_links, sb);
++#elif defined(__NR_newfstatat)
++ return Stat(pathname, follow_links, sb);
++#endif
++}
++
+ int SyscallDispatcher::PerformStatat(const arch_seccomp_data& args,
+- bool arch64) {
++ bool stat64) {
+ if (static_cast<int>(args.args[0]) != AT_FDCWD)
+ return -EPERM;
+ // Only allow the AT_SYMLINK_NOFOLLOW flag which is used by some libc
+@@ -30,13 +40,29 @@ int SyscallDispatcher::PerformStatat(const
arch_seccomp_data& args,
+
+ const bool follow_links =
+ !(static_cast<int>(args.args[3]) & AT_SYMLINK_NOFOLLOW);
+- if (arch64) {
++ if (stat64) {
+ return Stat64(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat64*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[2]));
+ }
+
+ return Stat(reinterpret_cast<const char*>(args.args[1]), follow_links,
+- reinterpret_cast<struct stat*>(args.args[2]));
++ reinterpret_cast<struct kernel_stat*>(args.args[2]));
++}
++
++int SyscallDispatcher::PerformUnlinkat(const arch_seccomp_data& args) {
++ if (static_cast<int>(args.args[0]) != AT_FDCWD)
++ return -EPERM;
++
++ int flags = static_cast<int>(args.args[2]);
++
++ if (flags == AT_REMOVEDIR) {
++ return Rmdir(reinterpret_cast<const char*>(args.args[1]));
++ }
++
++ if (flags != 0)
++ return -EPERM;
++
++ return Unlink(reinterpret_cast<const char*>(args.args[1]));
+ }
+
+ int SyscallDispatcher::DispatchSyscall(const arch_seccomp_data& args) {
+@@ -127,59 +153,42 @@ int SyscallDispatcher::DispatchSyscall(const
arch_seccomp_data& args) {
+ #if defined(__NR_stat)
+ case __NR_stat:
+ return Stat(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_stat64)
+ case __NR_stat64:
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), true,
+- reinterpret_cast<struct stat64*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat)
+ case __NR_lstat:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat*>(args.args[1]));
++ reinterpret_cast<struct kernel_stat*>(args.args[1]));
+ #endif
+ #if defined(__NR_lstat64)
+ case __NR_lstat64:
+ // See https://crbug.com/847096
+ BROKER_UNPOISON_STRING(reinterpret_cast<const char*>(args.args[0]));
+ return Stat64(reinterpret_cast<const char*>(args.args[0]), false,
+- reinterpret_cast<struct stat64*>(args.args[1]));
+-#endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ reinterpret_cast<struct kernel_stat64*>(args.args[1]));
+ #endif
+ #if defined(__NR_fstatat64)
+ case __NR_fstatat64:
+- return PerformStatat(args, /*arch64=*/true);
++ return PerformStatat(args, /*stat64=*/true);
+ #endif
+ #if defined(__NR_newfstatat)
+ case __NR_newfstatat:
+- return PerformStatat(args, /*arch64=*/false);
++ return PerformStatat(args, /*stat64=*/false);
+ #endif
+ #if defined(__NR_unlink)
+ case __NR_unlink:
+ return Unlink(reinterpret_cast<const char*>(args.args[0]));
+ #endif
+ #if defined(__NR_unlinkat)
+- case __NR_unlinkat: {
+- if (static_cast<int>(args.args[0]) != AT_FDCWD)
+- return -EPERM;
+-
+- int flags = static_cast<int>(args.args[2]);
+-
+- if (flags == AT_REMOVEDIR) {
+- return Rmdir(reinterpret_cast<const char*>(args.args[1]));
+- }
+-
+- if (flags != 0)
+- return -EPERM;
+-
+- return Unlink(reinterpret_cast<const char*>(args.args[1]));
+- }
++ case __NR_unlinkat:
++ return PerformUnlinkat(args);
+ #endif // defined(__NR_unlinkat)
+ default:
+ RAW_CHECK(false);
+diff --git a/sandbox/linux/syscall_broker/syscall_dispatcher.h
b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+index d8b8874ad9..1d6653caf3 100644
+--- a/sandbox/linux/syscall_broker/syscall_dispatcher.h
++++ b/sandbox/linux/syscall_broker/syscall_dispatcher.h
+@@ -9,13 +9,15 @@
+ #include <cstddef>
+
+ #include "sandbox/linux/system_headers/linux_seccomp.h"
++#include "sandbox/linux/system_headers/linux_stat.h"
++#include "sandbox/sandbox_export.h"
+
+ namespace sandbox {
+ namespace syscall_broker {
+
+ // An abstract class that defines all the system calls we perform for the
+ // sandboxed process.
+-class SyscallDispatcher {
++class SANDBOX_EXPORT SyscallDispatcher {
+ public:
+ // Emulates access()/faccessat().
+ // X_OK will always return an error in practice since the broker process
+@@ -40,19 +42,34 @@ class SyscallDispatcher {
+ virtual int Rmdir(const char* path) const = 0;
+
+ // Emulates stat()/stat64()/lstat()/lstat64()/fstatat()/newfstatat().
++ // Stat64 is only available on 32-bit systems.
+ virtual int Stat(const char* pathname,
+ bool follow_links,
+- struct stat* sb) const = 0;
++ struct kernel_stat* sb) const = 0;
+ virtual int Stat64(const char* pathname,
+ bool follow_links,
+- struct stat64* sb) const = 0;
++ struct kernel_stat64* sb) const = 0;
+
+ // Emulates unlink()/unlinkat().
+ virtual int Unlink(const char* unlink) const = 0;
+
++ // Different architectures use a different syscall from the stat family by
++ // default in glibc. E.g. 32-bit systems use *stat*64() and fill out struct
++ // kernel_stat64, whereas 64-bit systems use *stat*() and fill out struct
++ // kernel_stat. Some tests want to call the SyscallDispatcher directly, and
++ // should be using the default stat in order to test against glibc.
++ int DefaultStatForTesting(const char* pathname,
++ bool follow_links,
++ default_stat_struct* sb);
++
+ // Validates the args passed to a *statat*() syscall and performs the
syscall
+- // using Stat() or Stat64().
+- int PerformStatat(const arch_seccomp_data& args, bool arch64);
++ // using Stat(), or on 32-bit systems it uses Stat64() for the *statat64()
++ // syscalls.
++ int PerformStatat(const arch_seccomp_data& args, bool stat64);
++
++ // Validates the args passed to an unlinkat() syscall and performs the
syscall
++ // using either Unlink() or Rmdir().
++ int PerformUnlinkat(const arch_seccomp_data& args);
+
+ // Reads the syscall number and arguments, imposes some policy (e.g. the
*at()
+ // system calls must only allow AT_FDCWD as the first argument), and
+diff --git a/sandbox/linux/system_headers/linux_stat.h
b/sandbox/linux/system_headers/linux_stat.h
+new file mode 100644
+index 0000000000..35788eb22a
+--- /dev/null
++++ b/sandbox/linux/system_headers/linux_stat.h
+@@ -0,0 +1,188 @@
++// Copyright 2021 The Chromium Authors. All rights reserved.
++// Use of this source code is governed by a BSD-style license that can be
++// found in the LICENSE file.
++
++#ifndef SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++#define SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
++
++#include <stdint.h>
++
++#include "build/build_config.h"
++#include "sandbox/linux/system_headers/linux_syscalls.h"
++
++#if defined(ARCH_CPU_MIPS_FAMILY)
++#if defined(ARCH_CPU_64_BITS)
++struct kernel_stat {
++#else
++struct kernel_stat64 {
++#endif
++ unsigned st_dev;
++ unsigned __pad0[3];
++ unsigned long long st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ unsigned __pad1[3];
++ long long st_size;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned st_blksize;
++ unsigned __pad2;
++ unsigned long long st_blocks;
++};
++#else
++struct kernel_stat64 {
++ unsigned long long st_dev;
++ unsigned char __pad0[4];
++ unsigned __st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned long long st_rdev;
++ unsigned char __pad3[4];
++ long long st_size;
++ unsigned st_blksize;
++ unsigned long long st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned long long st_ino;
++};
++#endif
++
++#if defined(__i386__) || defined(__ARM_ARCH_3__) || defined(__ARM_EABI__)
++struct kernel_stat {
++ /* The kernel headers suggest that st_dev and st_rdev should be 32bit
++ * quantities encoding 12bit major and 20bit minor numbers in an interleaved
++ * format. In reality, we do not see useful data in the top bits. So,
++ * we'll leave the padding in here, until we find a better solution.
++ */
++ unsigned short st_dev;
++ short pad1;
++ unsigned st_ino;
++ unsigned short st_mode;
++ unsigned short st_nlink;
++ unsigned short st_uid;
++ unsigned short st_gid;
++ unsigned short st_rdev;
++ short pad2;
++ unsigned st_size;
++ unsigned st_blksize;
++ unsigned st_blocks;
++ unsigned st_atime_;
++ unsigned st_atime_nsec_;
++ unsigned st_mtime_;
++ unsigned st_mtime_nsec_;
++ unsigned st_ctime_;
++ unsigned st_ctime_nsec_;
++ unsigned __unused4;
++ unsigned __unused5;
++};
++#elif defined(__x86_64__)
++struct kernel_stat {
++ uint64_t st_dev;
++ uint64_t st_ino;
++ uint64_t st_nlink;
++ unsigned st_mode;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned __pad0;
++ uint64_t st_rdev;
++ int64_t st_size;
++ int64_t st_blksize;
++ int64_t st_blocks;
++ uint64_t st_atime_;
++ uint64_t st_atime_nsec_;
++ uint64_t st_mtime_;
++ uint64_t st_mtime_nsec_;
++ uint64_t st_ctime_;
++ uint64_t st_ctime_nsec_;
++ int64_t __unused4[3];
++};
++#elif (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
++struct kernel_stat {
++ unsigned st_dev;
++ int st_pad1[3];
++ unsigned st_ino;
++ unsigned st_mode;
++ unsigned st_nlink;
++ unsigned st_uid;
++ unsigned st_gid;
++ unsigned st_rdev;
++ int st_pad2[2];
++ long st_size;
++ int st_pad3;
++ long st_atime_;
++ long st_atime_nsec_;
++ long st_mtime_;
++ long st_mtime_nsec_;
++ long st_ctime_;
++ long st_ctime_nsec_;
++ int st_blksize;
++ int st_blocks;
++ int st_pad4[14];
++};
++#elif defined(__aarch64__)
++struct kernel_stat {
++ unsigned long st_dev;
++ unsigned long st_ino;
++ unsigned int st_mode;
++ unsigned int st_nlink;
++ unsigned int st_uid;
++ unsigned int st_gid;
++ unsigned long st_rdev;
++ unsigned long __pad1;
++ long st_size;
++ int st_blksize;
++ int __pad2;
++ long st_blocks;
++ long st_atime_;
++ unsigned long st_atime_nsec_;
++ long st_mtime_;
++ unsigned long st_mtime_nsec_;
++ long st_ctime_;
++ unsigned long st_ctime_nsec_;
++ unsigned int __unused4;
++ unsigned int __unused5;
++};
++#endif
++
++// On 32-bit systems, we default to the 64-bit stat struct like libc
++// implementations do. Otherwise we default to the normal stat struct which is
++// already 64-bit.
++// These defines make it easy to call the right syscall to fill out a 64-bit
++// stat struct, which is the default in libc implementations but requires
++// different syscall names on 32 and 64-bit platforms.
++#if defined(__NR_fstatat64)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat64;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_fstatat64
++#define __NR_fstat_default __NR_fstat64
++
++#elif defined(__NR_newfstatat)
++
++namespace sandbox {
++using default_stat_struct = struct kernel_stat;
++} // namespace sandbox
++
++#define __NR_fstatat_default __NR_newfstatat
++#define __NR_fstat_default __NR_fstat
++
++#else
++#error "one of fstatat64 and newfstatat must be defined"
++#endif
++
++#endif // SANDBOX_LINUX_SYSTEM_HEADERS_LINUX_STAT_H_
+diff --git a/sandbox/linux/system_headers/linux_time.h
b/sandbox/linux/system_headers/linux_time.h
+index 780f24dddd..f18c806611 100644
+--- a/sandbox/linux/system_headers/linux_time.h
++++ b/sandbox/linux/system_headers/linux_time.h
+@@ -11,6 +11,32 @@
+ #define CPUCLOCK_CLOCK_MASK 3
+ #endif
+
++#if !defined(CPUCLOCK_PROF)
++#define CPUCLOCK_PROF 0
++#endif
++
++#if !defined(CPUCLOCK_VIRT)
++#define CPUCLOCK_VIRT 1
++#endif
++
++#if !defined(CPUCLOCK_SCHED)
++#define CPUCLOCK_SCHED 2
++#endif
++
++#if !defined(CPUCLOCK_PERTHREAD_MASK)
++#define CPUCLOCK_PERTHREAD_MASK 4
++#endif
++
++#if !defined(MAKE_PROCESS_CPUCLOCK)
++#define MAKE_PROCESS_CPUCLOCK(pid, clock) \
++ ((int)(~(unsigned)(pid) << 3) | (int)(clock))
++#endif
++
++#if !defined(MAKE_THREAD_CPUCLOCK)
++#define MAKE_THREAD_CPUCLOCK(tid, clock) \
++ ((int)(~(unsigned)(tid) << 3) | (int)((clock) | CPUCLOCK_PERTHREAD_MASK))
++#endif
++
+ #if !defined(CLOCKFD)
+ #define CLOCKFD 3
+ #endif
+diff --git a/sandbox/linux/tests/test_utils.cc
b/sandbox/linux/tests/test_utils.cc
+index 847c20b20c..cf6041a4b4 100644
+--- a/sandbox/linux/tests/test_utils.cc
++++ b/sandbox/linux/tests/test_utils.cc
+@@ -5,12 +5,14 @@
+ #include "sandbox/linux/tests/test_utils.h"
+
+ #include <errno.h>
++#include <sys/mman.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+
+ #include "base/check_op.h"
++#include "base/memory/page_size.h"
+ #include "base/posix/eintr_wrapper.h"
+
+ namespace sandbox {
+@@ -39,4 +41,17 @@ void TestUtils::HandlePostForkReturn(pid_t pid) {
+ }
+ }
+
++void* TestUtils::MapPagesOrDie(size_t num_pages) {
++ void* addr = mmap(nullptr, num_pages * base::GetPageSize(),
++ PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1,
0);
++ PCHECK(addr);
++ return addr;
++}
++
++void TestUtils::MprotectLastPageOrDie(char* addr, size_t num_pages) {
++ size_t last_page_offset = (num_pages - 1) * base::GetPageSize();
++ PCHECK(mprotect(addr + last_page_offset, base::GetPageSize(), PROT_NONE) >=
++ 0);
++}
++
+ } // namespace sandbox
+diff --git a/sandbox/linux/tests/test_utils.h
b/sandbox/linux/tests/test_utils.h
+index 7cf9749fe4..43b028b1e3 100644
+--- a/sandbox/linux/tests/test_utils.h
++++ b/sandbox/linux/tests/test_utils.h
+@@ -19,6 +19,8 @@ class TestUtils {
+ // makes sure that if fork() succeeded the child exits
+ // and the parent waits for it.
+ static void HandlePostForkReturn(pid_t pid);
++ static void* MapPagesOrDie(size_t num_pages);
++ static void MprotectLastPageOrDie(char* addr, size_t num_pages);
+
+ private:
+ DISALLOW_IMPLICIT_CONSTRUCTORS(TestUtils);
+diff --git a/sandbox/policy/linux/bpf_broker_policy_linux.cc
b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+index 2963bb9ca8..6dc8c0581b 100644
+--- a/sandbox/policy/linux/bpf_broker_policy_linux.cc
++++ b/sandbox/policy/linux/bpf_broker_policy_linux.cc
+@@ -93,8 +93,8 @@ ResultExpr BrokerProcessPolicy::EvaluateSyscall(int sysno)
const {
+ return Allow();
+ break;
+ #endif
+-#if defined(__NR_fstatat)
+- case __NR_fstatat:
++#if defined(__NR_fstatat64)
++ case __NR_fstatat64:
+ if (allowed_command_set_.test(syscall_broker::COMMAND_STAT))
+ return Allow();
+ break;
Copied:
electron14/repos/community-staging-x86_64/replace-blacklist-with-ignorelist.patch
(from rev 1054201, electron14/trunk/replace-blacklist-with-ignorelist.patch)
===================================================================
--- community-staging-x86_64/replace-blacklist-with-ignorelist.patch
(rev 0)
+++ community-staging-x86_64/replace-blacklist-with-ignorelist.patch
2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,196 @@
+From 9d080c0934b848ee4a05013c78641e612fcc1e03 Mon Sep 17 00:00:00 2001
+From: Dylan Cutler <dylancut...@google.com>
+Date: Wed, 26 May 2021 16:39:52 +0000
+Subject: [PATCH] Reland "Replace 'blacklist' with 'ignorelist' in
+ ./tools/msan/."
+
+This is a reland of 3b6263f2eece1264b052dfdcbc03b851d5abfb48
+
+Relanding now that
https://chromium-review.googlesource.com/c/chromiumos/overlays/chromiumos-overlay/+/2897974
is merged
+
+Original change's description:
+> Replace 'blacklist' with 'ignorelist' in ./tools/msan/.
+>
+> Bug: 1097272, 1097268
+> Change-Id: Id5c8227a5bfb1ffaec82d3168b609085b10c8297
+> Reviewed-on:
https://chromium-review.googlesource.com/c/chromium/src/+/2867730
+> Commit-Queue: Dylan Cutler <dylancut...@google.com>
+> Reviewed-by: Nico Weber <tha...@chromium.org>
+> Reviewed-by: Jonathan Metzman <metz...@chromium.org>
+> Cr-Commit-Position: refs/heads/master@{#883035}
+
+Bug: 1097272
+Bug: 1097268
+Change-Id: I11a5bc8972680c95fb1dab95ed3b707ed76f4667
+Cq-Include-Trybots: luci.chromium.try:chromeos-amd64-generic-cfi-thin-lto-rel
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2911096
+Commit-Queue: Dylan Cutler <dylancut...@google.com>
+Reviewed-by: Nico Weber <tha...@chromium.org>
+Cr-Commit-Position: refs/heads/master@{#886773}
+---
+ build/config/sanitizers/BUILD.gn | 44 ++++++++++----------
+ build_overrides/build.gni | 14 +++----
+ tools/msan/{blacklist.txt => ignorelist.txt} | 0
+ 3 files changed, 29 insertions(+), 29 deletions(-)
+ rename tools/msan/{blacklist.txt => ignorelist.txt} (100%)
+
+diff --git a/build/config/sanitizers/BUILD.gn
b/build/config/sanitizers/BUILD.gn
+index aaaad023474d..55b388a43743 100644
+--- a/build/config/sanitizers/BUILD.gn
++++ b/build/config/sanitizers/BUILD.gn
+@@ -272,11 +272,11 @@ config("asan_flags") {
+ if (is_asan) {
+ cflags += [ "-fsanitize=address" ]
+ if (is_win) {
+- if (!defined(asan_win_blacklist_path)) {
+- asan_win_blacklist_path =
++ if (!defined(asan_win_blocklist_path)) {
++ asan_win_blocklist_path =
+ rebase_path("//tools/memory/asan/blocklist_win.txt",
root_build_dir)
+ }
+- cflags += [ "-fsanitize-blacklist=$asan_win_blacklist_path" ]
++ cflags += [ "-fsanitize-ignorelist=$asan_win_blocklist_path" ]
+ }
+ }
+ }
+@@ -306,13 +306,13 @@ config("link_shared_library") {
+ config("cfi_flags") {
+ cflags = []
+ if (is_cfi && current_toolchain == default_toolchain) {
+- if (!defined(cfi_blacklist_path)) {
+- cfi_blacklist_path =
++ if (!defined(cfi_ignorelist_path)) {
++ cfi_ignorelist_path =
+ rebase_path("//tools/cfi/ignores.txt", root_build_dir)
+ }
+ cflags += [
+ "-fsanitize=cfi-vcall",
+- "-fsanitize-blacklist=$cfi_blacklist_path",
++ "-fsanitize-ignorelist=$cfi_ignorelist_path",
+ ]
+
+ if (use_cfi_cast) {
+@@ -409,14 +409,14 @@ config("msan_flags") {
+ if (is_msan) {
+ assert(is_linux || is_chromeos,
+ "msan only supported on linux x86_64/ChromeOS")
+- if (!defined(msan_blacklist_path)) {
+- msan_blacklist_path =
+- rebase_path("//tools/msan/blacklist.txt", root_build_dir)
++ if (!defined(msan_ignorelist_path)) {
++ msan_ignorelist_path =
++ rebase_path("//tools/msan/ignorelist.txt", root_build_dir)
+ }
+ cflags = [
+ "-fsanitize=memory",
+ "-fsanitize-memory-track-origins=$msan_track_origins",
+- "-fsanitize-blacklist=$msan_blacklist_path",
++ "-fsanitize-ignorelist=$msan_ignorelist_path",
+ ]
+ }
+ }
+@@ -424,13 +424,13 @@ config("msan_flags") {
+ config("tsan_flags") {
+ if (is_tsan) {
+ assert(is_linux || is_chromeos, "tsan only supported on linux x86_64")
+- if (!defined(tsan_blacklist_path)) {
+- tsan_blacklist_path =
++ if (!defined(tsan_ignorelist_path)) {
++ tsan_ignorelist_path =
+ rebase_path("//tools/memory/tsan_v2/ignores.txt", root_build_dir)
+ }
+ cflags = [
+ "-fsanitize=thread",
+- "-fsanitize-blacklist=$tsan_blacklist_path",
++ "-fsanitize-ignorelist=$tsan_ignorelist_path",
+ ]
+ }
+ }
+@@ -438,8 +438,8 @@ config("tsan_flags") {
+ config("ubsan_flags") {
+ cflags = []
+ if (is_ubsan) {
+- if (!defined(ubsan_blacklist_path)) {
+- ubsan_blacklist_path =
++ if (!defined(ubsan_ignorelist_path)) {
++ ubsan_ignorelist_path =
+ rebase_path("//tools/ubsan/ignorelist.txt", root_build_dir)
+ }
+ cflags += [
+@@ -456,7 +456,7 @@ config("ubsan_flags") {
+ "-fsanitize=signed-integer-overflow",
+ "-fsanitize=unreachable",
+ "-fsanitize=vla-bound",
+- "-fsanitize-blacklist=$ubsan_blacklist_path",
++ "-fsanitize-ignorelist=$ubsan_ignorelist_path",
+ ]
+
+ # Chromecast ubsan builds fail to compile with these
+@@ -486,8 +486,8 @@ config("ubsan_no_recover") {
+
+ config("ubsan_security_flags") {
+ if (is_ubsan_security) {
+- if (!defined(ubsan_security_blacklist_path)) {
+- ubsan_security_blacklist_path =
++ if (!defined(ubsan_security_ignorelist_path)) {
++ ubsan_security_ignorelist_path =
+ rebase_path("//tools/ubsan/security_ignorelist.txt", root_build_dir)
+ }
+ cflags = [
+@@ -495,7 +495,7 @@ config("ubsan_security_flags") {
+ "-fsanitize=shift",
+ "-fsanitize=signed-integer-overflow",
+ "-fsanitize=vla-bound",
+- "-fsanitize-blacklist=$ubsan_security_blacklist_path",
++ "-fsanitize-ignorelist=$ubsan_security_ignorelist_path",
+ ]
+ }
+ }
+@@ -508,13 +508,13 @@ config("ubsan_null_flags") {
+
+ config("ubsan_vptr_flags") {
+ if (is_ubsan_vptr) {
+- if (!defined(ubsan_vptr_blacklist_path)) {
+- ubsan_vptr_blacklist_path =
++ if (!defined(ubsan_vptr_ignorelist_path)) {
++ ubsan_vptr_ignorelist_path =
+ rebase_path("//tools/ubsan/vptr_ignorelist.txt", root_build_dir)
+ }
+ cflags = [
+ "-fsanitize=vptr",
+- "-fsanitize-blacklist=$ubsan_vptr_blacklist_path",
++ "-fsanitize-ignorelist=$ubsan_vptr_ignorelist_path",
+ ]
+ }
+ }
+diff --git a/build_overrides/build.gni b/build_overrides/build.gni
+index 82627b03653f..f3e563ab701b 100644
+--- a/build_overrides/build.gni
++++ b/build_overrides/build.gni
+@@ -42,15 +42,15 @@ declare_args() {
+ # Allows different projects to specify their own suppression/ignore lists for
+ # sanitizer tools.
+ # asan_suppressions_file = "path/to/asan_suppressions.cc"
+-# asan_win_blacklist_path = "path/to/asan/blocklist_win.txt"
++# asan_win_ignorelist_path = "path/to/asan/blocklist_win.txt"
+ # lsan_suppressions_file = "path/to/lsan_suppressions.cc"
+ # tsan_suppressions_file = "path/to/tsan_suppressions.cc"
+-# tsan_blacklist_path = "path/to/tsan/ignores.txt"
+-# msan_blacklist_path = "path/to/msan/blacklist.txt"
+-# ubsan_blacklist_path = "path/to/ubsan/blacklist.txt"
+-# ubsan_vptr_blacklist_path = "path/to/ubsan/vptr_blacklist.txt"
+-# ubsan_security_blacklist_path = "path/to/ubsan/security_blacklist.txt"
+-# cfi_blacklist_path = "path/to/cfi/ignores.txt"
++# tsan_ignorelist_path = "path/to/tsan/ignores.txt"
++# msan_ignorelist_path = "path/to/msan/ignorelist.txt"
++# ubsan_ignorelist_path = "path/to/ubsan/ignorelist.txt"
++# ubsan_vptr_ignorelist_path = "path/to/ubsan/vptr_ignorelist.txt"
++# ubsan_security_ignorelist_path = "path/to/ubsan/security_ignorelist.txt"
++# cfi_ignorelist_path = "path/to/cfi/ignores.txt"
+
+ declare_args() {
+ # Android 32-bit non-component, non-clang builds cannot have symbol_level=2
+diff --git a/tools/msan/blacklist.txt b/tools/msan/ignorelist.txt
+similarity index 100%
+rename from tools/msan/blacklist.txt
+rename to tools/msan/ignorelist.txt
Copied: electron14/repos/community-staging-x86_64/skia-harfbuzz-3.0.0.patch
(from rev 1054201, electron14/trunk/skia-harfbuzz-3.0.0.patch)
===================================================================
--- community-staging-x86_64/skia-harfbuzz-3.0.0.patch
(rev 0)
+++ community-staging-x86_64/skia-harfbuzz-3.0.0.patch 2021-11-22 02:55:25 UTC
(rev 1054202)
@@ -0,0 +1,100 @@
+# Minimal diff for harfbuzz 3.0.0 support; based on:
+# https://github.com/google/skia/commit/66684b17b382
+# https://github.com/google/skia/commit/51d83abcd24a
+
+diff --git a/gn/skia.gni b/gn/skia.gni
+index d98fdc19ee..199335d5c4 100644
+--- a/gn/skia.gni
++++ b/gn/skia.gni
+@@ -34,8 +34,6 @@ declare_args() {
+ skia_include_multiframe_procs = false
+ skia_lex = false
+ skia_libgifcodec_path = "third_party/externals/libgifcodec"
+- skia_pdf_subset_harfbuzz =
+- false # TODO: set skia_pdf_subset_harfbuzz to skia_use_harfbuzz.
+ skia_qt_path = getenv("QT_PATH")
+ skia_skqp_global_error_tolerance = 0
+ skia_tools_require_resources = false
+@@ -99,6 +97,10 @@ declare_args() {
+ skia_use_libfuzzer_defaults = true
+ }
+
++declare_args() {
++ skia_pdf_subset_harfbuzz = skia_use_harfbuzz
++}
++
+ declare_args() {
+ skia_compile_sksl_tests = skia_compile_processors
+ skia_enable_fontmgr_android = skia_use_expat && skia_use_freetype
+diff --git a/src/pdf/SkPDFSubsetFont.cpp b/src/pdf/SkPDFSubsetFont.cpp
+index 81c37eef3a..2340a7937b 100644
+--- a/src/pdf/SkPDFSubsetFont.cpp
++++ b/src/pdf/SkPDFSubsetFont.cpp
+@@ -49,6 +49,37 @@ static sk_sp<SkData> to_data(HBBlob blob) {
+ blob.release());
+ }
+
++template<typename...> using void_t = void;
++template<typename T, typename = void>
++struct SkPDFHarfBuzzSubset {
++ // This is the HarfBuzz 3.0 interface.
++ // hb_subset_flags_t does not exist in 2.0. It isn't dependent on T, so
inline the value of
++ // HB_SUBSET_FLAGS_RETAIN_GIDS until 2.0 is no longer supported.
++ static HBFace Make(T input, hb_face_t* face) {
++ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
++ // If it isn't known if a font is 'tricky', retain the hints.
++ hb_subset_input_set_flags(input, 2/*HB_SUBSET_FLAGS_RETAIN_GIDS*/);
++ return HBFace(hb_subset_or_fail(face, input));
++ }
++};
++template<typename T>
++struct SkPDFHarfBuzzSubset<T, void_t<
++ decltype(hb_subset_input_set_retain_gids(std::declval<T>(),
std::declval<bool>())),
++ decltype(hb_subset_input_set_drop_hints(std::declval<T>(),
std::declval<bool>())),
++ decltype(hb_subset(std::declval<hb_face_t*>(), std::declval<T>()))
++ >>
++{
++ // This is the HarfBuzz 2.0 (non-public) interface, used if it exists.
++ // This code should be removed as soon as all users are migrated to the
newer API.
++ static HBFace Make(T input, hb_face_t* face) {
++ hb_subset_input_set_retain_gids(input, true);
++ // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
++ // If it isn't known if a font is 'tricky', retain the hints.
++ hb_subset_input_set_drop_hints(input, false);
++ return HBFace(hb_subset(face, input));
++ }
++};
++
+ static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData> fontData,
+ const SkPDFGlyphUse& glyphUsage,
+ int ttcIndex) {
+@@ -71,11 +102,10 @@ static sk_sp<SkData> subset_harfbuzz(sk_sp<SkData>
fontData,
+ hb_set_t* glyphs = hb_subset_input_glyph_set(input.get());
+ glyphUsage.getSetValues([&glyphs](unsigned gid) { hb_set_add(glyphs,
gid);});
+
+- hb_subset_input_set_retain_gids(input.get(), true);
+- // TODO: When possible, check if a font is 'tricky' with FT_IS_TRICKY.
+- // If it isn't known if a font is 'tricky', retain the hints.
+- hb_subset_input_set_drop_hints(input.get(), false);
+- HBFace subset(hb_subset(face.get(), input.get()));
++ HBFace subset =
SkPDFHarfBuzzSubset<hb_subset_input_t*>::Make(input.get(), face.get());
++ if (!subset) {
++ return nullptr;
++ }
+ HBBlob result(hb_face_reference_blob(subset.get()));
+ return to_data(std::move(result));
+ }
+diff --git a/third_party/harfbuzz/BUILD.gn b/third_party/harfbuzz/BUILD.gn
+index 173830de62..4156607ef9 100644
+--- a/third_party/harfbuzz/BUILD.gn
++++ b/third_party/harfbuzz/BUILD.gn
+@@ -14,6 +14,9 @@ if (skia_use_system_harfbuzz) {
+ system("harfbuzz") {
+ include_dirs = [ "/usr/include/harfbuzz" ]
+ libs = [ "harfbuzz" ]
++ if (skia_pdf_subset_harfbuzz) {
++ libs += [ "harfbuzz-subset" ]
++ }
+ }
+ } else {
+ third_party("harfbuzz") {
Copied:
electron14/repos/community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
(from rev 1054201,
electron14/trunk/sql-make-VirtualCursor-standard-layout-type.patch)
===================================================================
--- community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
(rev 0)
+++ community-staging-x86_64/sql-make-VirtualCursor-standard-layout-type.patch
2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,238 @@
+From 80368f8ba7a8bab13440463a254888311efe3986 Mon Sep 17 00:00:00 2001
+From: Stephan Hartmann <sth...@googlemail.com>
+Date: Tue, 4 May 2021 15:00:19 +0000
+Subject: [PATCH] sql: make VirtualCursor standard layout type
+
+sql::recover::VirtualCursor needs to be a standard layout type, but
+has members of type std::unique_ptr. However, std::unique_ptr is not
+guaranteed to be standard layout. Compiling with clang combined with
+gcc-11 libstdc++ fails because of this. Replace std::unique_ptr with
+raw pointers.
+
+Bug: 1189788
+Change-Id: Ia6dc388cc5ef1c0f2afc75f8ca45b9f12687ca9c
+---
+ sql/recover_module/btree.cc | 21 +++++++++++++++------
+ sql/recover_module/btree.h | 17 +++++++++++++----
+ sql/recover_module/cursor.cc | 24 ++++++++++++------------
+ sql/recover_module/cursor.h | 2 +-
+ sql/recover_module/pager.cc | 7 +++----
+ sql/recover_module/pager.h | 5 +++--
+ 6 files changed, 47 insertions(+), 29 deletions(-)
+
+diff --git a/sql/recover_module/btree.cc b/sql/recover_module/btree.cc
+index 9ecaafe8a3..839318abf9 100644
+--- a/sql/recover_module/btree.cc
++++ b/sql/recover_module/btree.cc
+@@ -135,16 +135,25 @@
static_assert(std::is_trivially_destructible<LeafPageDecoder>::value,
+ "Move the destructor to the .cc file if it's non-trival");
+ #endif // !DCHECK_IS_ON()
+
+-LeafPageDecoder::LeafPageDecoder(DatabasePageReader* db_reader) noexcept
+- : page_id_(db_reader->page_id()),
+- db_reader_(db_reader),
+- cell_count_(ComputeCellCount(db_reader)),
+- next_read_index_(0),
+- last_record_size_(0) {
++void LeafPageDecoder::Initialize(DatabasePageReader* db_reader) {
++ DCHECK(db_reader);
+ DCHECK(IsOnValidPage(db_reader));
++ page_id_ = db_reader->page_id();
++ db_reader_ = db_reader;
++ cell_count_ = ComputeCellCount(db_reader);
++ next_read_index_ = 0;
++ last_record_size_ = 0;
+ DCHECK(DatabasePageReader::IsValidPageId(page_id_));
+ }
+
++void LeafPageDecoder::Reset() {
++ db_reader_ = nullptr;
++ page_id_ = 0;
++ cell_count_ = 0;
++ next_read_index_ = 0;
++ last_record_size_ = 0;
++}
++
+ bool LeafPageDecoder::TryAdvance() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ DCHECK(CanAdvance());
+diff --git a/sql/recover_module/btree.h b/sql/recover_module/btree.h
+index d76d076bf6..33114b01fa 100644
+--- a/sql/recover_module/btree.h
++++ b/sql/recover_module/btree.h
+@@ -102,7 +102,7 @@ class LeafPageDecoder {
+ //
+ // |db_reader| must have been used to read an inner page of a table B-tree.
+ // |db_reader| must outlive this instance.
+- explicit LeafPageDecoder(DatabasePageReader* db_reader) noexcept;
++ explicit LeafPageDecoder() noexcept = default;
+ ~LeafPageDecoder() noexcept = default;
+
+ LeafPageDecoder(const LeafPageDecoder&) = delete;
+@@ -150,6 +150,15 @@ class LeafPageDecoder {
+ // read as long as CanAdvance() returns true.
+ bool TryAdvance();
+
++ // Initialize with DatabasePageReader
++ void Initialize(DatabasePageReader* db_reader);
++
++ // Reset internal DatabasePageReader
++ void Reset();
++
++ // True if DatabasePageReader is valid
++ bool IsValid() { return (db_reader_ != nullptr); }
++
+ // True if the given reader may point to an inner page in a table B-tree.
+ //
+ // The last ReadPage() call on |db_reader| must have succeeded.
+@@ -163,14 +172,14 @@ class LeafPageDecoder {
+ static int ComputeCellCount(DatabasePageReader* db_reader);
+
+ // The number of the B-tree page this reader is reading.
+- const int64_t page_id_;
++ int64_t page_id_;
+ // Used to read the tree page.
+ //
+ // Raw pointer usage is acceptable because this instance's owner is expected
+ // to ensure that the DatabasePageReader outlives this.
+- DatabasePageReader* const db_reader_;
++ DatabasePageReader* db_reader_;
+ // Caches the ComputeCellCount() value for this reader's page.
+- const int cell_count_ = ComputeCellCount(db_reader_);
++ int cell_count_;
+
+ // The reader's cursor state.
+ //
+diff --git a/sql/recover_module/cursor.cc b/sql/recover_module/cursor.cc
+index 0029ff9295..42548bc4b5 100644
+--- a/sql/recover_module/cursor.cc
++++ b/sql/recover_module/cursor.cc
+@@ -26,7 +26,7 @@ VirtualCursor::~VirtualCursor() {
+ int VirtualCursor::First() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ inner_decoders_.clear();
+- leaf_decoder_ = nullptr;
++ leaf_decoder_.Reset();
+
+ AppendPageDecoder(table_->root_page_id());
+ return Next();
+@@ -36,18 +36,18 @@ int VirtualCursor::Next() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ record_reader_.Reset();
+
+- while (!inner_decoders_.empty() || leaf_decoder_.get()) {
+- if (leaf_decoder_.get()) {
+- if (!leaf_decoder_->CanAdvance()) {
++ while (!inner_decoders_.empty() || leaf_decoder_.IsValid()) {
++ if (leaf_decoder_.IsValid()) {
++ if (!leaf_decoder_.CanAdvance()) {
+ // The leaf has been exhausted. Remove it from the DFS stack.
+- leaf_decoder_ = nullptr;
++ leaf_decoder_.Reset();
+ continue;
+ }
+- if (!leaf_decoder_->TryAdvance())
++ if (!leaf_decoder_.TryAdvance())
+ continue;
+
+- if (!payload_reader_.Initialize(leaf_decoder_->last_record_size(),
+- leaf_decoder_->last_record_offset())) {
++ if (!payload_reader_.Initialize(leaf_decoder_.last_record_size(),
++ leaf_decoder_.last_record_offset())) {
+ continue;
+ }
+ if (!record_reader_.Initialize())
+@@ -99,13 +99,13 @@ int VirtualCursor::ReadColumn(int column_index,
+ int64_t VirtualCursor::RowId() {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ DCHECK(record_reader_.IsInitialized());
+- DCHECK(leaf_decoder_.get());
+- return leaf_decoder_->last_record_rowid();
++ DCHECK(leaf_decoder_.IsValid());
++ return leaf_decoder_.last_record_rowid();
+ }
+
+ void VirtualCursor::AppendPageDecoder(int page_id) {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+- DCHECK(leaf_decoder_.get() == nullptr)
++ DCHECK(!leaf_decoder_.IsValid())
+ << __func__
+ << " must only be called when the current path has no leaf decoder";
+
+@@ -113,7 +113,7 @@ void VirtualCursor::AppendPageDecoder(int page_id) {
+ return;
+
+ if (LeafPageDecoder::IsOnValidPage(&db_reader_)) {
+- leaf_decoder_ = std::make_unique<LeafPageDecoder>(&db_reader_);
++ leaf_decoder_.Initialize(&db_reader_);
+ return;
+ }
+
+diff --git a/sql/recover_module/cursor.h b/sql/recover_module/cursor.h
+index afcd6900e1..b15c31d425 100644
+--- a/sql/recover_module/cursor.h
++++ b/sql/recover_module/cursor.h
+@@ -129,7 +129,7 @@ class VirtualCursor {
+ std::vector<std::unique_ptr<InnerPageDecoder>> inner_decoders_;
+
+ // Decodes the leaf page containing records.
+- std::unique_ptr<LeafPageDecoder> leaf_decoder_;
++ LeafPageDecoder leaf_decoder_;
+
+ SEQUENCE_CHECKER(sequence_checker_);
+ };
+diff --git a/sql/recover_module/pager.cc b/sql/recover_module/pager.cc
+index 58e75de270..5fe96204e5 100644
+--- a/sql/recover_module/pager.cc
++++ b/sql/recover_module/pager.cc
+@@ -23,8 +23,7 @@ static_assert(DatabasePageReader::kMaxPageId <=
std::numeric_limits<int>::max(),
+ "ints are not appropriate for representing page IDs");
+
+ DatabasePageReader::DatabasePageReader(VirtualTable* table)
+- : page_data_(std::make_unique<uint8_t[]>(table->page_size())),
+- table_(table) {
++ : page_data_(), table_(table) {
+ DCHECK(table != nullptr);
+ DCHECK(IsValidPageSize(table->page_size()));
+ }
+@@ -57,8 +56,8 @@ int DatabasePageReader::ReadPage(int page_id) {
+ std::numeric_limits<int64_t>::max(),
+ "The |read_offset| computation above may overflow");
+
+- int sqlite_status =
+- RawRead(sqlite_file, read_size, read_offset, page_data_.get());
++ int sqlite_status = RawRead(sqlite_file, read_size, read_offset,
++ const_cast<uint8_t*>(page_data_.data()));
+
+ // |page_id_| needs to be set to kInvalidPageId if the read failed.
+ // Otherwise, future ReadPage() calls with the previous |page_id_| value
+diff --git a/sql/recover_module/pager.h b/sql/recover_module/pager.h
+index 0e388ddc3b..99314e30ff 100644
+--- a/sql/recover_module/pager.h
++++ b/sql/recover_module/pager.h
+@@ -5,6 +5,7 @@
+ #ifndef SQL_RECOVER_MODULE_PAGER_H_
+ #define SQL_RECOVER_MODULE_PAGER_H_
+
++#include <array>
+ #include <cstdint>
+ #include <memory>
+
+@@ -70,7 +71,7 @@ class DatabasePageReader {
+ DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
+ DCHECK_NE(page_id_, kInvalidPageId)
+ << "Successful ReadPage() required before accessing pager state";
+- return page_data_.get();
++ return page_data_.data();
+ }
+
+ // The number of bytes in the page read by the last ReadPage() call.
+@@ -137,7 +138,7 @@ class DatabasePageReader {
+ int page_id_ = kInvalidPageId;
+ // Stores the bytes of the last page successfully read by ReadPage().
+ // The content is undefined if the last call to ReadPage() did not succeed.
+- const std::unique_ptr<uint8_t[]> page_data_;
++ const std::array<uint8_t, kMaxPageSize> page_data_;
+ // Raw pointer usage is acceptable because this instance's owner is expected
+ // to ensure that the VirtualTable outlives this.
+ VirtualTable* const table_;
Copied:
electron14/repos/community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch
(from rev 1054201,
electron14/trunk/unbundle-fix-visibility-of-build-config-freetype.patch)
===================================================================
---
community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch
(rev 0)
+++
community-staging-x86_64/unbundle-fix-visibility-of-build-config-freetype.patch
2021-11-22 02:55:25 UTC (rev 1054202)
@@ -0,0 +1,31 @@
+From 271e45339b7b969e98ccef7837cb1b15480b07fc Mon Sep 17 00:00:00 2001
+From: Stephan Hartmann <sth...@googlemail.com>
+Date: Thu, 4 Nov 2021 18:58:34 +0000
+Subject: [PATCH] unbundle: fix visibility of //build/config/freetype
+
+For system freetype //build/linux:freetype_from_pkgconfig is restricted
+to //third_party:freetype_harfbuzz and
//third_party/harfbuzz-ng:harfbuzz_source.
+However //build/config/freetype:freetype is accessing it too.
+
+Bug: None
+Change-Id: Ic4a37b01e4ae221372a9220cbad04c598b844c21
+Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3259304
+Commit-Queue: Thomas Anderson <thomasander...@chromium.org>
+Reviewed-by: Thomas Anderson <thomasander...@chromium.org>
+Cr-Commit-Position: refs/heads/main@{#938388}
+---
+ build/linux/BUILD.gn | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/build/linux/BUILD.gn b/build/linux/BUILD.gn
+index 54314c7687..cd49e3d524 100644
+--- a/build/linux/BUILD.gn
++++ b/build/linux/BUILD.gn
+@@ -23,6 +23,7 @@ if (use_system_freetype) {
+ # the system, use with caution,for details see
build/config/freetype/BUILD.gn.
+ pkg_config("freetype_from_pkgconfig") {
+ visibility = [
++ "//build/config/freetype:freetype",
+ "//third_party:freetype_harfbuzz",
+ "//third_party/harfbuzz-ng:harfbuzz_source",
+ ]
Copied:
electron14/repos/community-staging-x86_64/use-system-libraries-in-node.patch
(from rev 1054201, electron14/trunk/use-system-libraries-in-node.patch)
===================================================================
--- community-staging-x86_64/use-system-libraries-in-node.patch
(rev 0)
+++ community-staging-x86_64/use-system-libraries-in-node.patch 2021-11-22
02:55:25 UTC (rev 1054202)
@@ -0,0 +1,52 @@
+--- a/third_party/electron_node/BUILD.gn
++++ b/third_party/electron_node/BUILD.gn
+@@ -42,6 +42,18 @@
+ node_module_version = ""
+ }
+
++if (is_linux) {
++ import("//build/config/linux/pkg_config.gni")
++
++ pkg_config("cares") {
++ packages = [ "libcares" ]
++ }
++
++ pkg_config("nghttp2") {
++ packages = [ "libnghttp2" ]
++ }
++}
++
+ assert(!node_use_dtrace, "node_use_dtrace not supported in GN")
+ assert(!node_use_etw, "node_use_etw not supported in GN")
+
+@@ -182,10 +194,8 @@
+ component("node_lib") {
+ deps = [
+ ":node_js2c",
+- "deps/cares",
+ "deps/histogram",
+ "deps/llhttp",
+- "deps/nghttp2",
+ "deps/uvwasi",
+ "//third_party/zlib",
+ "//third_party/brotli:dec",
+@@ -201,6 +211,19 @@
+ public_configs = [ ":node_lib_config" ]
+ include_dirs = [ "src" ]
+ libs = []
++ if (is_linux) {
++ configs += [
++ ":cares",
++ ":nghttp2",
++ ]
++ libs += [ "http_parser" ]
++ } else {
++ deps += [
++ "deps/cares",
++ "deps/http_parser",
++ "deps/nghttp2",
++ ]
++ }
+ frameworks = []
+ cflags_cc = [
+ "-Wno-deprecated-declarations",
