[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#28004] Chromium
|
From: |
ng0 |
|
Subject: |
[bug#28004] Chromium |
|
Date: |
Sat, 13 Jan 2018 19:13:57 +0000 |
ng0 transcribed 5.6K bytes:
> I just got a bug report for the build via:
>
> guix pull --url="https://c.n0.is/git/ng0/guix/guix.git";
> --branch="pretest/chromium"
> guix package --install chromium
>
> Failing with the attached build log excerpt. We are not FreeBSD, but I found
> this in the first 5 minutes:
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=160935
> Maybe it helps to debug this, or maybe you've encountered this before.
>
> I myself have been able to build this without issues on two systems.
>
> All mentioned systems are GuixSD.
>
this time with attached file.
> This should be a blocker, but maybe a head-up in potential build issues.
> Marius Bakke transcribed 4.5K bytes:
> > ng0 <address@hidden> writes:
> >
> > > Many thanks for your ongoing work with this (and the patience :))
> > > As this is 63, you you are keeping track of Debian, right? I tried
> > > to package 64 a couple of days ago because I wanted the workaround
> > > for some of the recent security clusterfucks, but Debian is still
> > > on 63 :/
> > > I hope they'll update their patchset soon.
> >
> > Indeed Google did not add the Spectre mitigation to Chromium 63, even
> > though the latest version was released after the fact.
> >
> > https://xlab.tencent.com/special/spectre/spectre_check.html
> >
> > For reasons that beat me, they only added it to the proprietary Chrome
> > browser, which follows the same version number as Chromium.
> >
> > The attached patch adds Spectre mitigation to the current Chromium
> > release. The patch was pulled from the Chrome 64 branch:
> >
>
> > From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
> > From: Marius Bakke <address@hidden>
> > Date: Thu, 11 Jan 2018 14:36:47 +0100
> > Subject: [PATCH] gnu: chromium: Add spectre mitigation.
> >
> > * gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Register it.
> > * gnu/packages/chromium.scm (chromium)[source]: Use it.
> > ---
> > gnu/local.mk | 1 +
> > gnu/packages/chromium.scm | 3 ++-
> > gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
> > 3 files changed, 16 insertions(+), 1 deletion(-)
> > create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
> >
> > diff --git a/gnu/local.mk b/gnu/local.mk
> > index 513f64043..89dab227c 100644
> > --- a/gnu/local.mk
> > +++ b/gnu/local.mk
> > @@ -575,6 +575,7 @@ dist_patch_DATA =
> > \
> > %D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
> > %D%/packages/patches/ceph-skip-unittest_blockdev.patch \
> > %D%/packages/patches/chmlib-inttypes.patch \
> > + %D%/packages/patches/chromium-spectre-mitigation.patch \
> > %D%/packages/patches/clang-libc-search-path.patch \
> > %D%/packages/patches/clang-3.8-libc-search-path.patch \
> > %D%/packages/patches/clementine-use-openssl.patch \
> > diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
> > index dd040527b..1e9dba42e 100644
> > --- a/gnu/packages/chromium.scm
> > +++ b/gnu/packages/chromium.scm
> > @@ -240,7 +240,8 @@
> > %chromium-system-icu.patch
> > %chromium-system-nspr.patch
> > %chromium-system-libevent.patch
> > - %chromium-disable-api-keys-warning.patch))
> > + %chromium-disable-api-keys-warning.patch
> > + (search-patch
> > "chromium-spectre-mitigation.patch")))
> > (modules '((srfi srfi-1)
> > (guix build utils)))
> > (snippet
> > diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch
> > b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > new file mode 100644
> > index 000000000..a44a3bce4
> > --- /dev/null
> > +++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
> > @@ -0,0 +1,13 @@
> > +diff --git a/content/public/common/content_features.cc
> > b/content/public/common/content_features.cc
> > +index 43feb76..33a49b8 100644
> > +--- a/content/public/common/content_features.cc
> > ++++ b/content/public/common/content_features.cc
> > +@@ -308,7 +308,7 @@
> > +
> > + // http://tc39.github.io/ecmascript_sharedmem/shmem.html
> > + const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
> > +- base::FEATURE_ENABLED_BY_DEFAULT};
> > ++ base::FEATURE_DISABLED_BY_DEFAULT};
> > +
> > + // An experiment to require process isolation for the sign-in origin,
> > + // https://accounts.google.com. Launch bug: https://crbug.com/739418.
> > --
> > 2.15.1
> >
>
>
>
>
> --
> ng0 :: https://ea.n0.is
> A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
--
ng0 :: https://ea.n0.is
A88C8ADD129828D7EAC02E52E22F9BBFEE348588 :: https://ea.n0.is/keys/
chromium.fail
Description: Text document
signature.asc
Description: PGP signature
- [bug#28004] Chromium, ng0, 2018/01/04
- [bug#28004] Chromium, Marius Bakke, 2018/01/08
- [bug#28004] Chromium, Ludovic Courtès, 2018/01/16
- [bug#28004] Chromium, Marius Bakke, 2018/01/16
- [bug#28004] Chromium, Tobias Geerinckx-Rice, 2018/01/16
- [bug#28004] Chromium, Marius Bakke, 2018/01/16
- [bug#28004] Chromium, Leo Famulari, 2018/01/16
- [bug#28004] Chromium, Ludovic Courtès, 2018/01/17
- [bug#28004] Chromium, Mike Gerwitz, 2018/01/17
- [bug#28004] Chromium, ng0, 2018/01/16
[bug#28004] Chromium, ng0, 2018/01/09