Comment 1 Sam James 2023-04-11 16:07:03 UTC

There's a PR from the well-known ungoogled-chromium person at https://github.com/gentoo/gentoo/pull/30468.

Comment 2 Sam James 2023-04-11 16:12:08 UTC

(In reply to Sam James from comment #1)
> There's a PR from the well-known ungoogled-chromium person at
> https://github.com/gentoo/gentoo/pull/30468.

...ah, but I see it isn't ready

Version 112.0.5615.49 includes 16 security fixes (two with high CVE ratings):

[1414018] High CVE-2023-1810: Heap buffer overflow in Visuals
[1420510] High CVE-2023-1811: Use after free in Frames
[1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings
[1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions
[1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
[1278708] Medium CVE-2023-1815: Use after free in Networking APIs
[1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture
[1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents
[1223346] Medium CVE-2023-1818: Use after free in Vulkan
[1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility
[1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History
[1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare
[1066555] Low CVE-2023-1822: Incorrect security UI in Navigation
[1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM

(see https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html)

The update is already out now for 8 days. Please update ASAP.

Comment 4 Sam James 2023-04-12 13:33:26 UTC

(In reply to gentoolinux from comment #3)
> 
> The update is already out now for 8 days. Please update ASAP.

Updating to a new major version is non-trivial as it always takes work to get it building with GCC.

Of course, there is a backup option of forcing it to be built with Clang which can be done in the ebuild in extremis.

I tried compiling the latest version, but it ends with this error:

In file included from ../../third_party/skia/include/core/SkString.h:14,
                 from ../../third_party/skia/include/core/SkCanvas.h:27,
                 from ../../cc/paint/paint_canvas.h:18,
                 from ../../third_party/blink/public/web/web_plugin.h:35,
                 from ../../components/plugins/renderer/webview_plugin.h:25:
../../third_party/skia/include/private/base/SkTArray.h:520:33: warning: ‘cfi’ attribute directive ignored [-Wattributes]
  520 |     static T* TCast(void* buffer) {
      |                                 ^
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/memory:75,
                 from ../../chrome/renderer/chrome_content_renderer_client.h:11:
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h: In instantiation of ‘void std::default_delete<_Tp>::operator()(_Tp*) const [with _Tp = blink::URLLoader]’:
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:396:17:   required from ‘std::unique_ptr<_Tp, _Dp>::~unique_ptr() [with _Tp = blink::URLLoader; _Dp = std::default_delete<blink::URLLoader>]’
../../third_party/blink/public/web/web_local_frame_client.h:678:12:   required from here
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:93:23: error: invalid application of ‘sizeof’ to incomplete type ‘blink::URLLoader’


I used the same patches as those from the patchset for the 111 version, which all applies.

Created attachment 859951 [details]
ebuild for chromium-112.0.5615.49

Here is my test ebuild. I also used the patches used in archlinux.

Created attachment 859952 [details]
patches used by archlinux

Comment 8 Mike Gilbert 2023-04-12 18:10:45 UTC

(In reply to François Valenduc from comment #5)

I think this changeset will resolve that error. I am testing it now.

https://chromium-review.googlesource.com/c/chromium/src/+/4276241

I tried compiling chromium with gcc and the patch suggested. Compilation goes further, but it now fails like this:


FAILED: obj/ui/linux/linux_ui_factory/fallback_linux_ui.o
x86_64-pc-linux-gnu-g++ -MMD -MF obj/ui/linux/linux_ui_factory/fallback_linux_ui.o.d -DIS_LINUX_UI_FACTORY_IMPL -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_56 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_56 -DVK_USE_PLATFORM_XCB_KHR -DUSE_EGL -DLIBYUV_DISABLE_NEON -DTOOLKIT_VIEWS=1 -DSK_CODEC_DECODES_PNG -DSK_CODEC_DECODES_WEBP -DSK_ENCODE_PNG -DSK_ENCODE_WEBP -DSK_ENABLE_SKSL -DSK_UNTIL_CRBUG_1187654_IS_FIXED -DSK_USER_CONFIG_HEADER=\"../../skia/config/SkUserConfig.h\" -DSK_WIN_FONTMGR_NO_SIMULATIONS -DSK_GL -DSK_CODEC_DECODES_JPEG -DSK_ENCODE_JPEG -DSK_HAS_WUFFS_LIBRARY -DSK_VULKAN=1 -DSK_SUPPORT_GPU=1 -DSK_GPU_WORKAROUNDS_HEADER=\"gpu/config/gpu_driver_bug_workaround_autogen.h\" -DUSING_SYSTEM_ICU=1 -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC -DU_IMPORT=U_EXPORT -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DGOOGLE_PROTOBUF_INTERNAL_DONATE_STEAL_INLINE=0 -DHAVE_PTHREAD -I../.. -Igen -I../../third_party/perfetto/include -Igen/third_party/perfetto/build_config -Igen/third_party/perfetto -Igen/shim_headers/zlib_shim -Igen/shim_headers/icui18n_shim -Igen/shim_headers/icuuc_shim -Igen/shim_headers/libpng_shim -Igen/shim_headers/libwebp_shim -Igen/third_party/dawn/include -I../../third_party/dawn/include -I../../third_party/khronos -I../../gpu -I../../third_party/vulkan-deps/vulkan-headers/src/include -Igen/shim_headers/re2_shim -I../../third_party/libyuv/include -Igen/shim_headers/flac_shim -Igen/shim_headers/aom_shim -Igen/shim_headers/openh264_shim -Igen/shim_headers/dav1d_shim -I../../third_party/jsoncpp/source/include -I../../third_party/abseil-cpp -I../../third_party/boringssl/src/include -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/ipcz/include -I../../third_party/skia -I../../third_party/wuffs/src/release/c -I../../third_party/vulkan/include -I../../third_party/ced/src -I../../net/third_party/quiche/overrides -I../../net/third_party/quiche/src/quiche/common/platform/default -I../../net/third_party/quiche/src -Igen/net/third_party/quiche/src -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -Wno-comments -Wno-packed-not-aligned -Wno-missing-field-initializers -Wno-unused-parameter -Wno-psabi -fno-ident -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -fno-omit-frame-pointer -fvisibility=hidden -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib64/libffi/include -I/usr/include/nss -I/usr/include/nspr -Wno-narrowing -Wno-class-memaccess -std=gnu++2a -fno-exceptions -fno-rtti -fvisibility-inlines-hidden -march=skylake -O2 -pipe -c ../../ui/linux/fallback_linux_ui.cc -o obj/ui/linux/linux_ui_factory/fallback_linux_ui.o
In file included from ../../ui/gfx/platform_font.h:13,
                 from ../../ui/linux/fallback_linux_ui.cc:12:
../../third_party/skia/include/core/SkRefCnt.h:220:44: warning: ‘clang::trivial_abi’ scoped attribute directive ignored [-Wattributes]
  220 | template <typename T> class SK_TRIVIAL_ABI sk_sp {
      |                                            ^~~~~
In file included from ../../third_party/skia/include/core/SkString.h:14,
                 from ../../third_party/skia/include/core/SkTypeface.h:16,
                 from ../../ui/gfx/platform_font.h:14:
../../third_party/skia/include/private/base/SkTArray.h:520:33: warning: ‘cfi’ attribute directive ignored [-Wattributes]
  520 |     static T* TCast(void* buffer) {
      |                                 ^
In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/memory:75,
                 from ../../skia/ext/skia_histogram.h:11,
                 from ../../third_party/khronos/../../skia/config/SkUserConfig.h:126,
                 from ../../third_party/skia/include/private/base/SkLoadUserConfig.h:24,
                 from ../../third_party/skia/include/core/SkTypes.h:17,
                 from ../../third_party/skia/include/core/SkSurfaceProps.h:11,
                 from ../../ui/gfx/font_render_params.h:13,
                 from ../../ui/linux/fallback_linux_ui.h:8,
                 from ../../ui/linux/fallback_linux_ui.cc:5:
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h: In instantiation of ‘void std::default_delete<_Tp>::operator()(_Tp*) const [with _Tp = ui::LinuxInputMethodContext]’:
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:396:17:   required from ‘std::unique_ptr<_Tp, _Dp>::~unique_ptr() [with _Tp = ui::LinuxInputMethodContext; _Dp = std::default_delete<ui::LinuxInputMethodContext>]’
../../ui/linux/fallback_linux_ui.cc:35:10:   required from here
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:93:23: error: invalid application of ‘sizeof’ to incomplete type ‘ui::LinuxInputMethodContext’
   93 |         static_assert(sizeof(_Tp)>0,
      |                       ^~~~~~~~~~~
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h: In instantiation of ‘void std::default_delete<_Tp>::operator()(_Tp*) const [with _Tp = ui::NavButtonProvider]’:
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:396:17:   required from ‘std::unique_ptr<_Tp, _Dp>::~unique_ptr() [with _Tp = ui::NavButtonProvider; _Dp = std::default_delete<ui::NavButtonProvider>]’
../../ui/linux/fallback_linux_ui.cc:133:10:   required from here
/usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:93:23: error: invalid application of ‘sizeof’ to incomplete type ‘ui::NavButtonProvider’

However, compilation with clang works. I had to remove this:
myconf_gn+=" enable_js_type_check=false"

Otherwise, there is a warning in the configuration step.

Comment 11 Sam James 2023-04-14 05:48:52 UTC

https://github.com/gentoo/gentoo/commit/f76a08d017e0e725b96b126b9b67f07c97e20d2a