mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2026-07-05 16:54:07 +02:00
10ea4f874e
Fixes various CVEs, too many to list.
* gnu/packages/chromium.scm (%preserved-third-party-files): Add
base/third_party/nspr,
buildtools/third_party/libc++,
buildtools/third_party/libc++abi,
third_party/catapult/third_party/beautifulsoup4-4.9.3,
third_party/catapult/third_party/html5lib-1.1,
third_party/catapult/third_party/typ,
third_party/dawn/third_party/renderdoc,
third_party/dawn/third_party/webgpu-headers,
third_party/devscripts,
third_party/devtools-frontend/src/front_end/third_party/csp_evaluator,
third_party/devtools-frontend/src/front_end/third_party/legacy-javascript,
third_party/devtools-frontend/src/front_end/third_party/source-map-scopes-codec,
third_party/federated_compute/chromium/fcp/confidentialcompute,
third_party/freetype,
third_party/fxdiv,
third_party/hyphenation-patterns,
third_party/icu,
third_party/libc++,
third_party/libpfm4,
third_party/libpng,
third_party/libx11,
third_party/libxcb-keysyms,
third_party/llvm-libc,
third_party/neon_2_sse,
third_party/opus,
third_party/pdfium/third_party/lcms,
third_party/pdfium/third_party/libopenjpeg,
third_party/perfetto/protos/third_party/pprof,
third_party/perfetto/protos/third_party/primes,
third_party/perfetto/protos/third_party/simpleperf,
third_party/pyyaml,
third_party/sentencepiece,
third_party/sentencepiece/src/third_party/darts_clone,
third_party/six and
third_party/skia/include/third_party/vulkan.
Remove:
net/third_party/nss,
third_party/compiler-rt/src/lib,
third_party/libaom/source/libaom/third_party/SVT-AV1,
third_party/skia/third_party/vulkanmemoryallocator and
third_party/webrtc/rtc_base/third_party/sigslot.
(%chromium-version): Update to 147.0.7727.55.
(%ungoogled-origin, %debian-origin): Update hashes.
(%debian-patches): Add debianization/safe-libcxx.patch,
disable/enterprise-tests.patch,
disable/rustc-allow-features.patch,
fixes/bytemuck.patch,
fixes/libpng-testonly.patch,
llvm-19/clang19.patch (move from bookwork),
llvm-19/clone-traits.patch,
llvm-19/keyfactory.patch,
llvm-19/value-or.patch,
llvm-22/ignore-for-ubsan.patch,
trixie/cookie-string-view.patch and
trixie/nodejs-main.patch.
Remove trixie/rust-no-alloc-shim.patch.
(%guix-patches): Add ungoogled-chromium-custom-compiler.patch and
ungoogled-chromium-empty-parsed-rustc-args.patch. Remove
ungoogled-chromium-unbundle-icu-target.patch which was merged upstream.
(ungoogled-chromium-snippet): Remove icu from replace_gn_files args. Our
icu does not have ucmndata.h, umapfile.h and putilimp.h which are required
to build now.
(ungoogled-chromium) [arguments] <#:configure-flags>: Add is_component_build,
webnn_use_tflite, fatal_linker_warnings, enable_perfetto_unittests,
skia_enable_skshapper_tests, tint_build_unittests, enable_nocompile_tests,
enable_screen_ai_browsertests flags and set them to false. Set
use_system_icu to false. Remove enable_glic, enable_js_type_check and
removed_rust_stdlib_libs. The first two were removed and the last one is
not necessary any longer. Add blink_symbol_level and v8_symbol_level and
set them to zero.
[arguments] <#:phases> {patch-stuff}: Remove compiler substitution which
is not needed anymore. Adjust rustfmt_path to guix.
{include-pthreadpool}: New phase.
{adjust-CPLUS_INCLUDE_PATH}: Help clang find gcc's bits/c++config.h.
[inputs]: icu-77 is required now, even though we're not using it this time.
* gnu/packages/patches/ungoogled-chromium-custom-compiler.patch: Add it.
* gnu/packages/patches/ungoogled-chromium-empty-parsed-rustc-args.patch: Same.
* gnu/packages/patches/ungoogled-chromium-unbundle-icu-target.patch: Remove it.
* gnu/local.mk: (Un)register the above patches.
Change-Id: I597b69b15368e9b410fa3d29342700d9ea0b0d82
Signed-off-by: Andreas Enge <andreas@enge.fr>
300 lines
11 KiB
Diff
300 lines
11 KiB
Diff
From 7a372a6914e9d9d6f0c914a1ca8cdff592c40593 Mon Sep 17 00:00:00 2001
|
|
From: Matt Jolly <kangie@gentoo.org>
|
|
Date: Thu, 12 Mar 2026 11:57:11 +1000
|
|
Subject: [PATCH] Update compiler patch for M147 beta
|
|
|
|
Signed-off-by: Matt Jolly <kangie@gentoo.org>
|
|
--- a/build/config/compiler/BUILD.gn
|
|
+++ b/build/config/compiler/BUILD.gn
|
|
@@ -367,9 +367,6 @@ config("compiler") {
|
|
|
|
configs += [
|
|
# See the definitions below.
|
|
- ":clang_revision",
|
|
- ":rustc_revision",
|
|
- ":compiler_cpu_abi",
|
|
":compiler_codegen",
|
|
":compiler_deterministic",
|
|
":clang_warning_suppression",
|
|
@@ -1690,43 +1687,6 @@ config("compiler_deterministic") {
|
|
}
|
|
}
|
|
|
|
- # Makes builds independent of absolute file path.
|
|
- if (is_clang && strip_absolute_paths_from_debug_symbols) {
|
|
- # If debug option is given, clang includes $cwd in debug info by default.
|
|
- # For such build, this flag generates reproducible obj files even we use
|
|
- # different build directory like "out/feature_a" and "out/feature_b" if
|
|
- # we build same files with same compile flag.
|
|
- # Other paths are already given in relative, no need to normalize them.
|
|
-
|
|
- # -ffile-compilation-dir is an alias for both -fdebug-compilation-dir=
|
|
- # and -fcoverage-compilation-dir=.
|
|
- cflags += [ "-ffile-compilation-dir=." ]
|
|
-
|
|
- # Convert absolute paths to relative paths. Expands to, for example:
|
|
- # -file-prefix-map /path/to/chromium/src=../..
|
|
- swiftflags += [
|
|
- "-file-prefix-map",
|
|
- rebase_path("//.", "") + "=" + rebase_path("//.", root_build_dir),
|
|
- ]
|
|
- if (!is_win) {
|
|
- # We don't use clang -cc1as on Windows (yet? https://crbug.com/762167)
|
|
- asmflags = [ "-Wa,-fdebug-compilation-dir,." ]
|
|
- }
|
|
-
|
|
- if (is_win && use_lld) {
|
|
- if (symbol_level == 2 || (is_clang && using_sanitizer)) {
|
|
- # Absolutize source file paths for PDB. Pass the real build directory
|
|
- # if the pdb contains source-level debug information and if linker
|
|
- # reproducibility is not critical.
|
|
- ldflags += [ "/PDBSourcePath:" + rebase_path(root_build_dir) ]
|
|
- } else {
|
|
- # Use a fake fixed base directory for paths in the pdb to make the pdb
|
|
- # output fully deterministic and independent of the build directory.
|
|
- ldflags += [ "/PDBSourcePath:o:\fake\prefix" ]
|
|
- }
|
|
- }
|
|
- }
|
|
-
|
|
# Tells the compiler not to use absolute paths when passing the default
|
|
# paths to the tools it invokes. We don't want this because we don't
|
|
# really need it and it can mess up the RBE cache entries.
|
|
@@ -1759,88 +1719,6 @@ config("compiler_deterministic") {
|
|
}
|
|
}
|
|
|
|
-config("clang_revision") {
|
|
- if (is_clang && clang_base_path == default_clang_base_path &&
|
|
- current_os != "zos") {
|
|
- _perform_consistency_checks = current_toolchain == default_toolchain
|
|
- if (llvm_force_head_revision) {
|
|
- _head_revision_stamp_path = "//third_party/llvm-build/force_head_revision"
|
|
- _head_revision = ""
|
|
- if (path_exists(_head_revision_stamp_path)) {
|
|
- _head_revision = read_file(_head_revision_stamp_path, "trim string")
|
|
- }
|
|
- assert(
|
|
- _head_revision != "",
|
|
- "llvm_force_head_revision=true, but no locally built version was detected.")
|
|
- _clang_revision = _head_revision
|
|
- } else {
|
|
- _clang_revision = read_file(
|
|
- "//third_party/llvm-build/Release+Asserts/cr_build_revision",
|
|
- "trim string")
|
|
-
|
|
- # Ensure that the synced clang version matches what's in git.
|
|
- if (_perform_consistency_checks) {
|
|
- # Parse the clang version from the Python script.
|
|
- _clang_version_lines = filter_include(
|
|
- read_file("//tools/clang/scripts/update.py", "list lines"),
|
|
- [ "CLANG_*REVISION = *" ])
|
|
- _py_revision =
|
|
- string_replace(_clang_version_lines[0], "CLANG_REVISION = '", "")
|
|
- _py_revision = string_replace(_py_revision, "'", "")
|
|
- _py_subrevision =
|
|
- string_replace(_clang_version_lines[1], "CLANG_SUB_REVISION = ", "")
|
|
- _expected_clang_revision = "$_py_revision-$_py_subrevision"
|
|
-
|
|
- # TODO(agrieve): Change filter_include to _clang_revision ==
|
|
- # _expected_clang_revision once angle & webrtc use a GCS DEPS entry
|
|
- # rather than a update.py runhook.
|
|
- assert(
|
|
- filter_include([ _clang_revision ],
|
|
- [
|
|
- _expected_clang_revision,
|
|
- "$_expected_clang_revision,*",
|
|
- ]) != [],
|
|
- "clang_revision=\"$_clang_revision\" but update.py expected \"$_expected_clang_revision\". Did you forget to gclient sync?")
|
|
- }
|
|
- }
|
|
-
|
|
- if (_perform_consistency_checks) {
|
|
- # Ensure that the revision matches the version major expected by GN.
|
|
- _versions_match = filter_include([ _clang_revision ],
|
|
- [ "llvmorg-$clang_version-*" ]) != []
|
|
- assert(
|
|
- _versions_match,
|
|
- "clang_revision=\"$_clang_revision\" but clang_version=\"$clang_version\". clang_version in build/toolchain/toolchain.gni is likely outdated.")
|
|
- }
|
|
-
|
|
- if (toolchain_has_rust && _perform_consistency_checks &&
|
|
- !rust_force_head_revision) {
|
|
- # Ensure that the synced rust version matches what's in git.
|
|
- _rust_revision_lines =
|
|
- filter_include(read_file("//tools/rust/update_rust.py", "list lines"),
|
|
- [ "RUST_*REVISION = *" ])
|
|
- _py_revision =
|
|
- string_replace(_rust_revision_lines[0], "RUST_REVISION = '", "")
|
|
- _py_revision = string_replace(_py_revision, "'", "")
|
|
- _py_subrevision =
|
|
- string_replace(_rust_revision_lines[1], "RUST_SUB_REVISION = ", "")
|
|
- _expected_rust_revision = "$_py_revision-$_py_subrevision"
|
|
-
|
|
- # Ensure the rust version matches the clang version.
|
|
- assert(
|
|
- filter_include([ rustc_revision ],
|
|
- [ "*-$_expected_rust_revision-*" ]) != [],
|
|
- "rustc_revision=\"$rustc_revision\" but update_rust.py expected \"$_expected_rust_revision\". Run \"gclient sync\"?")
|
|
- }
|
|
-
|
|
- # This is here so that all files get recompiled after a clang roll and
|
|
- # when turning clang on or off. (defines are passed via the command line,
|
|
- # and build system rebuild things when their commandline changes). Nothing
|
|
- # should ever read this define.
|
|
- defines = [ "CR_CLANG_REVISION=\"$_clang_revision\"" ]
|
|
- }
|
|
-}
|
|
-
|
|
# Controls the usage of a warning suppression mapping (WSM) file to suppress
|
|
# warnings based on the path of the file they come from. It's controlled by the
|
|
# `clang_warning_suppression_file` gn argument , which points to a text file
|
|
@@ -1896,18 +1774,6 @@ config("sanitize_c_array_bounds") {
|
|
}
|
|
}
|
|
|
|
-config("rustc_revision") {
|
|
- if (rustc_revision != "") {
|
|
- # Similar to the `clang_revision` config, this is here so that all `.rs`
|
|
- # sources get recompiled after a rustc roll. Nothing should ever read this
|
|
- # cfg. This will not be set if a custom toolchain is used.
|
|
- rustflags = [
|
|
- "--cfg",
|
|
- "cr_rustc_revision=\"$rustc_revision\"",
|
|
- ]
|
|
- }
|
|
-}
|
|
-
|
|
config("compiler_arm_fpu") {
|
|
if (current_cpu == "arm" && !is_ios) {
|
|
cflags = [ "-mfpu=neon" ]
|
|
@@ -2386,11 +2252,7 @@ config("chromium_code") {
|
|
defines = [ "_HAS_NODISCARD" ]
|
|
}
|
|
} else {
|
|
- cflags = [ "-Wall" ]
|
|
- if (is_clang) {
|
|
- # Enable extra warnings for chromium_code when we control the compiler.
|
|
- cflags += [ "-Wextra" ]
|
|
- }
|
|
+ cflags = []
|
|
|
|
# In Chromium code, we define __STDC_foo_MACROS in order to get the
|
|
# C99 macros on Mac and Linux.
|
|
@@ -2399,32 +2261,6 @@ config("chromium_code") {
|
|
"__STDC_FORMAT_MACROS",
|
|
]
|
|
|
|
- if (!is_debug && !using_sanitizer && current_cpu != "s390x" &&
|
|
- current_cpu != "ppc64" && current_cpu != "mips" &&
|
|
- current_cpu != "mips64" && current_cpu != "riscv64" &&
|
|
- current_cpu != "loong64") {
|
|
- # Non-chromium code is not guaranteed to compile cleanly with
|
|
- # _FORTIFY_SOURCE. Also, fortified build may fail when optimizations are
|
|
- # disabled, so only do that for Release build.
|
|
- fortify_level = "2"
|
|
-
|
|
- # ChromeOS's toolchain supports a high-quality _FORTIFY_SOURCE=3
|
|
- # implementation with a few custom glibc patches. Use that if it's
|
|
- # available.
|
|
- if (is_chromeos_device) {
|
|
- fortify_level = "3"
|
|
- }
|
|
-
|
|
- # _FORTIFY_SOURCE=3 is available in glibc 2.34+. Enable it when building
|
|
- # with the sysroot where support is guaranteed. Clang is also required since
|
|
- # the system gcc is often patched to add _FORTIFY_SOURCE=2 which would conflict
|
|
- # with our definition.
|
|
- if (use_sysroot && is_clang) {
|
|
- fortify_level = "3"
|
|
- }
|
|
- defines += [ "_FORTIFY_SOURCE=" + fortify_level ]
|
|
- }
|
|
-
|
|
if (is_apple) {
|
|
cflags_objc = [ "-Wimplicit-retain-self" ]
|
|
cflags_objcc = [ "-Wimplicit-retain-self" ]
|
|
@@ -2848,7 +2684,8 @@ config("default_stack_frames") {
|
|
# [0]: https://pinpoint-dot-chromeperf.appspot.com/job/147634a8be0000
|
|
# [1]: https://pinpoint-dot-chromeperf.appspot.com/job/132bc772be0000
|
|
# [2]: https://crrev.com/c/5447532
|
|
-config("optimize") {
|
|
+config("optimize") { }
|
|
+config("xoptimize") {
|
|
if (is_win) {
|
|
# clang-cl's /O2 corresponds to clang's -O3, and really want -O2 for
|
|
# consistency with the other platforms.
|
|
@@ -2897,7 +2734,8 @@ config("optimize") {
|
|
}
|
|
|
|
# Turn off optimizations.
|
|
-config("no_optimize") {
|
|
+config("no_optimize") { }
|
|
+config("xno_optimize") {
|
|
if (is_win) {
|
|
cflags = [
|
|
"/Od", # Disable optimization.
|
|
@@ -2932,7 +2770,8 @@ config("no_optimize") {
|
|
# Turns up the optimization level. Used to explicitly enable -O2 instead of
|
|
# -Os for select targets on platforms that use optimize_for_size. No-op
|
|
# elsewhere.
|
|
-config("optimize_max") {
|
|
+config("optimize_max") { }
|
|
+config("xoptimize_max") {
|
|
ldflags = common_optimize_on_ldflags
|
|
if (is_win) {
|
|
# Favor speed over size, /O2 must be before the common flags.
|
|
@@ -2953,7 +2792,8 @@ config("optimize_max") {
|
|
#
|
|
# TODO(crbug.com/41259697) - rework how all of these configs are related
|
|
# so that we don't need this disclaimer.
|
|
-config("optimize_speed") {
|
|
+config("optimize_speed") { }
|
|
+config("xoptimize_speed") {
|
|
ldflags = common_optimize_on_ldflags
|
|
if (is_win) {
|
|
# Favor speed over size, /O2 must be before the common flags.
|
|
@@ -2970,7 +2810,8 @@ config("optimize_speed") {
|
|
rustflags = [ "-Copt-level=3" ]
|
|
}
|
|
|
|
-config("optimize_fuzzing") {
|
|
+config("optimize_fuzzing") { }
|
|
+config("xoptimize_fuzzing") {
|
|
cflags = [ "-O1" ] + common_optimize_on_cflags
|
|
rustflags = [ "-Copt-level=1" ]
|
|
ldflags = common_optimize_on_ldflags
|
|
@@ -3115,7 +2956,8 @@ config("split_dwarf") {
|
|
}
|
|
|
|
# Full symbols.
|
|
-config("symbols") {
|
|
+config("symbols") { }
|
|
+config("xsymbols") {
|
|
rustflags = []
|
|
configs = []
|
|
if (is_win) {
|
|
@@ -3275,7 +3117,8 @@ config("symbols") {
|
|
# Minimal symbols.
|
|
# This config guarantees to hold symbol for stack trace which are shown to user
|
|
# when crash happens in unittests running on buildbot.
|
|
-config("minimal_symbols") {
|
|
+config("minimal_symbols") { }
|
|
+config("xminimal_symbols") {
|
|
configs = []
|
|
rustflags = []
|
|
if (is_win) {
|
|
@@ -3355,7 +3198,8 @@ config("minimal_symbols") {
|
|
# This configuration contains function names only. That is, the compiler is
|
|
# told to not generate debug information and the linker then just puts function
|
|
# names in the final debug information.
|
|
-config("no_symbols") {
|
|
+config("no_symbols") { }
|
|
+config("xno_symbols") {
|
|
if (is_win) {
|
|
ldflags = [ "/DEBUG" ]
|
|
|
|
--
|
|
2.52.0
|
|
|