From: Marius Bakke <mbakke@fastmail.com>
To: ng0 <ng0@n0.is>
Cc: 28004@debbugs.gnu.org
Subject: [bug#28004] Chromium
Date: Fri, 12 Jan 2018 01:09:04 +0100 [thread overview]
Message-ID: <87373cey5b.fsf@fastmail.com> (raw)
In-Reply-To: <20180108232042.nqjurjr2bcfl2yyc@abyayala>
[-- Attachment #1.1: Type: text/plain, Size: 801 bytes --]
ng0 <ng0@n0.is> writes:
> Many thanks for your ongoing work with this (and the patience :))
> As this is 63, you you are keeping track of Debian, right? I tried
> to package 64 a couple of days ago because I wanted the workaround
> for some of the recent security clusterfucks, but Debian is still
> on 63 :/
> I hope they'll update their patchset soon.
Indeed Google did not add the Spectre mitigation to Chromium 63, even
though the latest version was released after the fact.
https://xlab.tencent.com/special/spectre/spectre_check.html
For reasons that beat me, they only added it to the proprietary Chrome
browser, which follows the same version number as Chromium.
The attached patch adds Spectre mitigation to the current Chromium
release. The patch was pulled from the Chrome 64 branch:
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: 0001-gnu-chromium-Add-spectre-mitigation.patch --]
[-- Type: text/x-patch, Size: 2990 bytes --]
From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
From: Marius Bakke <mbakke@fastmail.com>
Date: Thu, 11 Jan 2018 14:36:47 +0100
Subject: [PATCH] gnu: chromium: Add spectre mitigation.
* gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chromium.scm (chromium)[source]: Use it.
---
gnu/local.mk | 1 +
gnu/packages/chromium.scm | 3 ++-
gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
3 files changed, 16 insertions(+), 1 deletion(-)
create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 513f64043..89dab227c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -575,6 +575,7 @@ dist_patch_DATA = \
%D%/packages/patches/ceph-skip-collect-sys-info-test.patch \
%D%/packages/patches/ceph-skip-unittest_blockdev.patch \
%D%/packages/patches/chmlib-inttypes.patch \
+ %D%/packages/patches/chromium-spectre-mitigation.patch \
%D%/packages/patches/clang-libc-search-path.patch \
%D%/packages/patches/clang-3.8-libc-search-path.patch \
%D%/packages/patches/clementine-use-openssl.patch \
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index dd040527b..1e9dba42e 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -240,7 +240,8 @@
%chromium-system-icu.patch
%chromium-system-nspr.patch
%chromium-system-libevent.patch
- %chromium-disable-api-keys-warning.patch))
+ %chromium-disable-api-keys-warning.patch
+ (search-patch "chromium-spectre-mitigation.patch")))
(modules '((srfi srfi-1)
(guix build utils)))
(snippet
diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
new file mode 100644
index 000000000..a44a3bce4
--- /dev/null
+++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
@@ -0,0 +1,13 @@
+diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
+index 43feb76..33a49b8 100644
+--- a/content/public/common/content_features.cc
++++ b/content/public/common/content_features.cc
+@@ -308,7 +308,7 @@
+
+ // http://tc39.github.io/ecmascript_sharedmem/shmem.html
+ const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
+- base::FEATURE_ENABLED_BY_DEFAULT};
++ base::FEATURE_DISABLED_BY_DEFAULT};
+
+ // An experiment to require process isolation for the sign-in origin,
+ // https://accounts.google.com. Launch bug: https://crbug.com/739418.
--
2.15.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]
next prev parent reply other threads:[~2018-01-12 0:10 UTC|newest]
Thread overview: 151+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-07 19:58 [bug#28004] Chromium Marius Bakke
2017-08-07 20:23 ` ng0
2017-08-07 21:16 ` Marius Bakke
2017-08-08 5:53 ` ng0
2017-08-08 13:18 ` ng0
2017-08-08 14:22 ` ng0
2017-08-08 15:44 ` ng0
2017-08-08 18:59 ` ng0
2017-08-08 19:51 ` Leo Famulari
2017-08-08 20:46 ` ng0
2017-08-10 5:31 ` Efraim Flashner
2017-08-31 7:36 ` ng0
2017-10-10 13:19 ` ng0
2017-10-11 19:52 ` Ludovic Courtès
2017-10-12 19:56 ` Leo Famulari
2017-10-12 20:28 ` ng0
2017-10-13 6:51 ` Ludovic Courtès
2017-10-18 22:41 ` Marius Bakke
2017-10-19 5:48 ` ng0
2017-10-24 21:11 ` Marius Bakke
2017-11-05 23:52 ` Marius Bakke
2017-11-10 11:33 ` Adonay Felipe Nogueira
2018-01-04 19:16 ` ng0
2018-01-08 21:56 ` Marius Bakke
2018-01-08 23:20 ` ng0
2018-01-08 23:40 ` Marius Bakke
2018-01-12 0:09 ` Marius Bakke [this message]
2018-01-13 19:02 ` ng0
2018-01-13 19:13 ` ng0
2018-01-14 12:10 ` ng0
2018-01-16 14:18 ` Ludovic Courtès
2018-01-16 19:01 ` Marius Bakke
2018-01-16 19:09 ` Tobias Geerinckx-Rice
2018-01-16 19:22 ` Marius Bakke
2018-01-16 20:41 ` Leo Famulari
2018-01-17 8:53 ` Ludovic Courtès
2018-01-17 14:55 ` Mike Gerwitz
2018-02-26 18:18 ` Marius Bakke
2018-02-26 20:01 ` ng0
2018-02-26 20:06 ` Marius Bakke
2018-02-26 20:34 ` ng0
2018-02-26 22:41 ` Björn Höfling
2018-02-27 21:57 ` ng0
2018-02-28 17:38 ` Marius Bakke
2018-02-28 18:09 ` Björn Höfling
2018-03-16 17:30 ` ng0
2018-03-16 17:45 ` Marius Bakke
2018-03-16 17:52 ` ng0
2018-07-25 8:08 ` ng0
2018-08-05 13:04 ` Marius Bakke
2018-08-05 16:18 ` ng0
2018-08-05 18:25 ` Marius Bakke
2018-08-05 20:32 ` ng0
2018-08-05 23:58 ` ng0
2018-08-30 13:25 ` ng0
2018-08-06 8:22 ` Oleg Pykhalov
2018-08-30 6:04 ` Amirouche Boubekki
2018-03-16 19:01 ` Adonay Felipe Nogueira
2018-03-16 19:34 ` ng0
2018-03-16 21:20 ` Adonay Felipe Nogueira
2018-02-27 22:17 ` ng0
2018-02-28 17:14 ` Marius Bakke
2018-02-27 2:00 ` Mike Gerwitz
2018-02-28 8:17 ` ng0
2018-02-28 17:28 ` Marius Bakke
2018-01-16 20:04 ` ng0
2018-01-09 6:58 ` ng0
2018-01-12 0:03 ` Marius Bakke
2018-01-12 9:38 ` ng0
2018-02-26 18:19 ` [bug#28004] [PATCH] gnu: Add chromium Marius Bakke
2018-04-13 19:10 ` [bug#28004] Chromium 65 Marius Bakke
2018-04-17 19:10 ` Oleg Pykhalov
2018-04-24 17:05 ` Christopher Lemmer Webber
2018-04-24 18:08 ` [bug#28004] Chromium 66 + status update Marius Bakke
2018-04-24 18:45 ` Christopher Lemmer Webber
2018-04-24 18:48 ` Tobias Geerinckx-Rice
2018-04-24 18:46 ` Tobias Geerinckx-Rice
2018-04-24 19:30 ` Marius Bakke
2018-04-25 17:00 ` Leo Famulari
2018-04-25 17:02 ` Leo Famulari
2018-05-03 17:49 ` Nils Gillmann
2018-05-03 17:58 ` Nils Gillmann
2018-05-04 12:10 ` Marius Bakke
2018-05-04 13:02 ` Nils Gillmann
2018-08-29 23:31 ` [bug#28004] (no subject) Amirouche Boubekki
2018-09-02 4:37 ` [bug#28004] Chromium FSDG requirements Mark H Weaver
2018-09-02 13:16 ` Marius Bakke
2019-02-02 19:20 ` [PATCH] gnu: Add ungoogled-chromium Marius Bakke
2019-02-03 18:16 ` Joshua Branson
2019-02-04 4:52 ` bill-auger
2019-02-04 5:52 ` brettg
2019-02-04 7:46 ` Ineiev
2019-02-04 10:56 ` bill-auger
2019-02-04 14:43 ` Jean Louis
2019-02-04 12:26 ` [GNU-linux-libre] " Julie Marchant
2019-02-04 15:03 ` bill-auger
2019-02-04 13:46 ` [bug#28004] " Leo Famulari
2019-02-04 14:47 ` bill-auger
2019-02-04 22:34 ` Ludovic Courtès
2019-02-04 22:34 ` [bug#28004] " Ludovic Courtès
2019-02-06 21:04 ` [GNU-linux-libre] " Marius Bakke
2019-02-07 23:52 ` Christopher Lemmer Webber
2019-02-07 23:59 ` Julie Marchant
2019-02-16 8:00 ` bill-auger
2019-02-16 10:25 ` Brett Gilio
2019-02-16 14:18 ` Julie Marchant
2019-02-16 15:37 ` [GNU-linux-libre] " Adam Van Ymeren
2019-02-16 19:47 ` Adonay Felipe Nogueira
2019-02-16 20:01 ` Brett Gilio
2019-02-16 20:06 ` Brett Gilio
2019-02-17 1:39 ` bill-auger
2019-02-17 22:33 ` [GNU-linux-libre] " Ricardo Wurmus
2019-02-18 12:05 ` bill-auger
2019-02-18 12:15 ` Hartmut Goebel
2019-02-18 13:44 ` Tobias Geerinckx-Rice
2019-02-18 19:22 ` Simon Nielsen
2019-02-19 20:45 ` [GNU-linux-libre] " bill-auger
[not found] ` <671b6c83-0ed0-84eb-4cc5-b6a8fd14cb90@fsf.org>
[not found] ` <20190220010728.3426713f@parabola>
[not found] ` <87r2c2ms4l.fsf@fastmail.com>
[not found] ` <20190220114742.0d2034fb@parabola>
[not found] ` <87ftsim7qc.fsf@fastmail.com>
[not found] ` <1740db7c-29c4-137e-85b7-33c9a6b71b16@hyperbola.info>
2019-02-21 8:02 ` bug#34605: ungoogled-chromium: proprietary codecs enabled? Giovanni Biscuolo
2019-02-21 15:50 ` Ricardo Wurmus
2021-11-14 1:29 ` Maxim Cournoyer
2019-02-16 20:07 ` [GNU-linux-libre] [PATCH] gnu: Add ungoogled-chromium Alex Griffin
2019-02-17 1:49 ` bill-auger
2019-02-17 1:37 ` bill-auger
2019-02-17 2:30 ` Julie Marchant
2019-02-17 2:42 ` bill-auger
2019-02-17 4:19 ` Julie Marchant
2019-02-17 7:43 ` bill-auger
2019-02-17 14:06 ` Julie Marchant
2019-02-18 7:43 ` bill-auger
2019-02-17 20:55 ` Christopher Lemmer Webber
2019-02-16 11:16 ` Gábor Boskovits
2019-02-16 12:55 ` ng0
2019-02-16 13:10 ` Gábor Boskovits
2019-02-18 13:47 ` Denis 'GNUtoo' Carikli
2019-02-16 15:10 ` znavko
2019-02-16 15:50 ` Marius Bakke
2019-02-16 16:20 ` [GNU-linux-libre] " Amin Bandali
2019-02-16 16:33 ` Marius Bakke
2019-02-16 19:27 ` Amin Bandali
2019-02-17 2:20 ` bill-auger
2019-02-16 16:34 ` Alexandre Oliva
2019-02-16 16:54 ` Marius Bakke
2019-02-17 3:38 ` bill-auger
2019-02-16 18:56 ` Giovanni Biscuolo
2019-02-19 16:28 ` Giovanni Biscuolo
2019-02-09 14:04 ` Adonay Felipe Nogueira
2019-02-03 20:21 ` Amin Bandali
2019-02-05 5:22 ` [bug#28004] " swedebugia
2019-02-05 5:22 ` swedebugia
2019-02-12 15:58 ` [PATCH v2] " Marius Bakke
2019-02-18 22:43 ` [bug#28004] " Marius Bakke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87373cey5b.fsf@fastmail.com \
--to=mbakke@fastmail.com \
--cc=28004@debbugs.gnu.org \
--cc=ng0@n0.is \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.