The package rpms/chromium.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/chromium.git/commit/?id=49554e50f...
https://src.fedoraproject.org/cgit/rpms/chromium.git/commit/?id=c85b98f7c....
Change:
-%ifarch aarch64
+%ifarch aarch64
Thanks.
Full change:
============
commit 49554e50f0bf8230ffe414f853d7329dceb30e65
Author: Than Ngo <than(a)redhat.com>
Date: Fri Sep 29 18:34:42 2023 +0200
set arm_control_flow_integrity = "pac" for fedora aarch64 build as
workaround for crash on BTI capable system
diff --git a/chromium-117-workaround_for_crash_on_BTI_capable_system.patch
b/chromium-117-workaround_for_crash_on_BTI_capable_system.patch
new file mode 100644
index 0000000..c0ff2ae
--- /dev/null
+++ b/chromium-117-workaround_for_crash_on_BTI_capable_system.patch
@@ -0,0 +1,12 @@
+diff -up chromium-117.0.5938.132/build/config/arm.gni.me
chromium-117.0.5938.132/build/config/arm.gni
+--- chromium-117.0.5938.132/build/config/arm.gni.me 2023-09-29 15:37:18.281122162 +0200
++++ chromium-117.0.5938.132/build/config/arm.gni 2023-09-29 15:38:24.855369796 +0200
+@@ -140,7 +140,7 @@ if (current_cpu == "arm" || v8_current_c
+ # target_cpu == "arm64" filters out some cases (e.g. the ChromeOS x64
+ # MSAN build) where the target platform is x64, but V8 is configured to
+ # use the arm64 simulator.
+- arm_control_flow_integrity = "standard"
++ arm_control_flow_integrity = "pac"
+ }
+ }
+ assert(arm_control_flow_integrity == "none" ||
diff --git a/chromium.spec b/chromium.spec
index c81fdd9..7770ef5 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -82,6 +82,16 @@
%endif
%endif
+# Workaround for
https://bugzilla.redhat.com/show_bug.cgi?id=2239523
+# Disable BTI until this is fixed upstream.
+%global disable_bti 0
+%ifarch aarch64
+%if 0%{?fedora}
+%global optflags %(echo %{optflags} | sed 's/-mbranch-protection=standard
/-mbranch-protection=pac-ret /')
+%global disable_bti 1
+%endif
+%endif
+
# Seems like we might need this sometimes
# Practically, no. But it's here in case we do.
%global use_gold 0
@@ -239,7 +249,7 @@
Name: chromium%{chromium_channel}
Version: 117.0.5938.132
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url:
http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND
GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@@ -377,6 +387,11 @@ Patch350: chromium-116-tweak_about_gpu.patch
# build error
Patch351: chromium-117-mnemonic-error.patch
+# Workaround for
https://bugzilla.redhat.com/show_bug.cgi?id=2239523
+#
https://bugs.chromium.org/p/chromium/issues/detail?id=1145581#c60
+# Disable BTI until this is fixed upstream.
+Patch352: chromium-117-workaround_for_crash_on_BTI_capable_system.patch
+
# upstream patches
Patch400: chromium-117-memory_leak_in_xserver.patch
@@ -992,6 +1007,10 @@ udev.
%patch -P350 -p1 -b .tweak_about_gpu
%patch -P351 -p1 -b .mnemonic-error
+%if %{disable_bti}
+%patch -P352 -p1 -b .workaround_for_crash_on_BTI_capable_system
+%endif
+
%patch -P400 -p1 -b .memory_leak_in_xserver
# Change shebang in all relevant files in this directory and all subdirectories
@@ -1071,14 +1090,6 @@ FLAGS+=' -Wno-unused-but-set-variable -Wno-unused-result
-Wno-unused-function -W
FLAGS+=' -Wno-unused-const-variable -Wno-unneeded-internal-declaration
-Wno-unknown-attributes'
%endif
-# Workaround for
https://bugzilla.redhat.com/show_bug.cgi?id=2239523
-# Disable BTI until this is fixed upstream.
-%ifarch aarch64
-%if 0%{?fedora}
-FLAGS="${FLAGS/-mbranch-protection=standard/-mbranch-protection=none}"
-%endif
-%endif
-
%if %{system_build_flags}
CFLAGS=${CFLAGS/-g }
CFLAGS=${CFLAGS/-fexceptions}
@@ -1695,6 +1706,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r
chrome-remote-deskt
%{chromium_path}/chromedriver
%changelog
+* Fri Sep 29 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.132-2
+- add workaround for the crash on BTI capable system
+
* Thu Sep 28 2023 Than Ngo <than(a)redhat.com> - 117.0.5938.132-1
- update to 117.0.5938.132
- CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx.
commit c85b98f7c682efdee15ea86318e1722bbaa7228c
Author: Than Ngo <than(a)redhat.com>
Date: Thu Sep 28 17:28:13 2023 +0200
add workaround for chromium chrashes with SIGILL on BTI capable systems (Apple M2)
diff --git a/chromium.spec b/chromium.spec
index 973b092..c81fdd9 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -1071,6 +1071,14 @@ FLAGS+=' -Wno-unused-but-set-variable -Wno-unused-result
-Wno-unused-function -W
FLAGS+=' -Wno-unused-const-variable -Wno-unneeded-internal-declaration
-Wno-unknown-attributes'
%endif
+# Workaround for
https://bugzilla.redhat.com/show_bug.cgi?id=2239523
+# Disable BTI until this is fixed upstream.
+%ifarch aarch64
+%if 0%{?fedora}
+FLAGS="${FLAGS/-mbranch-protection=standard/-mbranch-protection=none}"
+%endif
+%endif
+
%if %{system_build_flags}
CFLAGS=${CFLAGS/-g }
CFLAGS=${CFLAGS/-fexceptions}