From c170aefeec7212f6545f736011401967afa38235 Mon Sep 17 00:00:00 2001 From: wchen342 Date: Thu, 27 Feb 2020 15:50:13 -0500 Subject: [PATCH] Update to 80.0.3987.122-1 --- CHANGELOG.md | 7 ++ build.sh | 2 +- misc/android_studio_setup.sh | 2 +- ...AImageReader-for-ARM64-P-and-ARM64-Q.patch | 70 +++++++++++++++++++ ...Remove-a-DCHECK-in-CreateReservation.patch | 32 +++++++++ patches/series | 2 + ...dency-on-com.google.android.gms.auth.patch | 38 +++++++++- 7 files changed, 150 insertions(+), 3 deletions(-) create mode 100644 patches/Bromite/Disable-AImageReader-for-ARM64-P-and-ARM64-Q.patch create mode 100644 patches/Bromite/Download-on-Android-Q-Remove-a-DCHECK-in-CreateReservation.patch diff --git a/CHANGELOG.md b/CHANGELOG.md index a14d4b9..02773dc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +# 80.0.3987.122-1 +* This is an important security release that fix three vulnerabilities. All previous versions should update as soon as possible. + * [1044570] High: Integer overflow in ICU. Reported by André Bargull (with thanks to Jeff Walden from Mozilla) on 2020-01-22 + * [1045931] High CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov of Google Project Zero on 2020-01-27 + * [1053604] High CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group on 2020-02-18 (_actively exploited in the wild_) +* Fix video crash on Android P on certain machines + # 80.0.3987.106-1 * Port some privacy related functionality from `Bromite`, including: * flag to disable WebGL diff --git a/build.sh b/build.sh index a35696a..8dea1d7 100755 --- a/build.sh +++ b/build.sh @@ -8,7 +8,7 @@ chrome_target=chrome_public_apk mono_target=monochrome_public_apk webview_target=system_webview_apk -chromium_version=80.0.3987.106 +chromium_version=80.0.3987.122 ungoogled_chromium_revision=1 # Argument parser from https://stackoverflow.com/questions/192249/how-do-i-parse-command-line-arguments-in-bash/29754866#29754866 diff --git a/misc/android_studio_setup.sh b/misc/android_studio_setup.sh index 1aba1ae..ea58ee9 100644 --- a/misc/android_studio_setup.sh +++ b/misc/android_studio_setup.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -eux -o pipefail -chromium_version=80.0.3987.106 +chromium_version=80.0.3987.122 chrome_target=chrome_public_apk monochrome_target=monochrome_public_apk webview_target=system_webview_apk diff --git a/patches/Bromite/Disable-AImageReader-for-ARM64-P-and-ARM64-Q.patch b/patches/Bromite/Disable-AImageReader-for-ARM64-P-and-ARM64-Q.patch new file mode 100644 index 0000000..0fc0dc1 --- /dev/null +++ b/patches/Bromite/Disable-AImageReader-for-ARM64-P-and-ARM64-Q.patch @@ -0,0 +1,70 @@ +From: csagan5 <32685696+csagan5@users.noreply.github.com> +Date: Thu, 20 Feb 2020 22:44:06 +0100 +Subject: Disable AImageReader for ARM64/P and ARM64/Q + +--- + chrome/browser/android/chrome_startup_flags.cc | 9 +++++++++ + gpu/config/gpu_finch_features.cc | 4 ++++ + media/base/media_switches.cc | 4 ++++ + 3 files changed, 17 insertions(+) + +--- a/chrome/browser/android/chrome_startup_flags.cc ++++ b/chrome/browser/android/chrome_startup_flags.cc +@@ -6,6 +6,7 @@ + + #include "chrome/browser/android/chrome_startup_flags.h" + ++#include "base/android/build_info.h" + #include "base/android/jni_android.h" + #include "base/android/jni_string.h" + #include "base/android/scoped_java_ref.h" +@@ -16,6 +17,7 @@ + #include "chrome/common/chrome_switches.h" + #include "components/browser_sync/browser_sync_switches.h" + #include "components/dom_distiller/core/dom_distiller_switches.h" ++#include "content/public/common/content_switches.h" + #include "media/base/media_switches.h" + + namespace { +@@ -40,6 +42,13 @@ void SetChromeSpecificCommandLineFlags() + if (base::SysInfo::IsLowEndDevice()) + SetCommandLineSwitchASCII(switches::kDisableSyncTypes, "Favicon Images"); + ++#ifdef ARCH_CPU_ARM64 ++ // workaround for Android 9/10 crashes on ARM64 CPUs ++ if (base::android::BuildInfo::GetInstance()->sdk_int() >= base::android::SDK_VERSION_P) { ++ SetCommandLineSwitchASCII("disable_aimagereader", "1"); ++ } ++#endif ++ + // Enable DOM Distiller backend. + SetCommandLineSwitch(switches::kEnableDomDistiller); + } +--- a/gpu/config/gpu_finch_features.cc ++++ b/gpu/config/gpu_finch_features.cc +@@ -31,7 +31,11 @@ bool FieldIsInBlacklist(const char* curr + #if defined(OS_ANDROID) + // Use android AImageReader when playing videos with MediaPlayer. + const base::Feature kAImageReaderMediaPlayer{"AImageReaderMediaPlayer", ++#ifdef ARCH_CPU_ARM64 ++ base::FEATURE_DISABLED_BY_DEFAULT}; ++#else + base::FEATURE_ENABLED_BY_DEFAULT}; ++#endif + + // Use android SurfaceControl API for managing display compositor's buffer queue + // and using overlays on Android. +--- a/media/base/media_switches.cc ++++ b/media/base/media_switches.cc +@@ -491,7 +491,11 @@ const base::Feature kMediaDrmPreprovisio + + // Enables the Android Image Reader path for Video decoding(for AVDA and MCVD) + const base::Feature kAImageReaderVideoOutput{"AImageReaderVideoOutput", ++#ifdef ARCH_CPU_ARM64 ++ base::FEATURE_DISABLED_BY_DEFAULT}; ++#else + base::FEATURE_ENABLED_BY_DEFAULT}; ++#endif + + // Prevents using SurfaceLayer for videos. This is meant to be used by embedders + // that cannot support SurfaceLayer at the moment. diff --git a/patches/Bromite/Download-on-Android-Q-Remove-a-DCHECK-in-CreateReservation.patch b/patches/Bromite/Download-on-Android-Q-Remove-a-DCHECK-in-CreateReservation.patch new file mode 100644 index 0000000..f9ce963 --- /dev/null +++ b/patches/Bromite/Download-on-Android-Q-Remove-a-DCHECK-in-CreateReservation.patch @@ -0,0 +1,32 @@ +From: Xing Liu +Date: Tue, 18 Feb 2020 21:10:54 +0000 +Subject: Download on Android Q: Remove a DCHECK in CreateReservation. + +When resuming a download, the suggested path can be content URI. This +will hit a DCHECK in CreateReservation. + +Bug: 1045642 +Change-Id: I61c452afafbbc9606f747c84ff18e6b9dc9a0fb6 +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2062759 +Reviewed-by: Min Qin +Commit-Queue: Xing Liu +Cr-Commit-Position: refs/heads/master@{#742270} +--- + .../internal/common/download_path_reservation_tracker.cc | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/components/download/internal/common/download_path_reservation_tracker.cc b/components/download/internal/common/download_path_reservation_tracker.cc +--- a/components/download/internal/common/download_path_reservation_tracker.cc ++++ b/components/download/internal/common/download_path_reservation_tracker.cc +@@ -326,8 +326,6 @@ PathValidationResult ValidatePathAndResolveConflicts( + // - Returns the result of creating the path reservation. + PathValidationResult CreateReservation(const CreateReservationInfo& info, + base::FilePath* reserved_path) { +- DCHECK(info.suggested_path.IsAbsolute()); +- + // Create a reservation map if one doesn't exist. It will be automatically + // deleted when all the reservations are revoked. + if (g_reservation_map == NULL) +-- +2.17.1 + diff --git a/patches/series b/patches/series index 4ee9816..3390b8f 100644 --- a/patches/series +++ b/patches/series @@ -34,3 +34,5 @@ Bromite/Add-user-setting-for-DNS-over-HTTPS-DoH-custom-URL.patch Bromite/Revert-flags-remove-disable-pull-to-refresh-effect.patch Bromite/updater-disable-updater-pings.patch Bromite/Use-a-minimum-DoH-timeout-of-400ms.patch +Bromite/Disable-AImageReader-for-ARM64-P-and-ARM64-Q.patch +Bromite/Download-on-Android-Q-Remove-a-DCHECK-in-CreateReservation.patch diff --git a/patches/ungoogled-chromium-android/Remove-dependency-on-com.google.android.gms.auth.patch b/patches/ungoogled-chromium-android/Remove-dependency-on-com.google.android.gms.auth.patch index 676bb68..a02547a 100644 --- a/patches/ungoogled-chromium-android/Remove-dependency-on-com.google.android.gms.auth.patch +++ b/patches/ungoogled-chromium-android/Remove-dependency-on-com.google.android.gms.auth.patch @@ -9,9 +9,10 @@ Subject: Remove dependency on com.google.android.gms.auth components/signin/core/browser/android/java/src/org/chromium/components/signin/SystemAccountManagerDelegate.java | 12 -- content/public/android/BUILD.gn | 1 content/public/android/java/src/org/chromium/content/browser/sms/SmsReceiver.java | 40 --------- + content/public/android/java/src/org/chromium/content/browser/sms/Wrappers.java | 10 -- third_party/android_deps/BUILD.gn | 44 ---------- third_party/robolectric/BUILD.gn | 1 - 8 files changed, 3 insertions(+), 104 deletions(-) + 9 files changed, 4 insertions(+), 113 deletions(-) --- a/chrome/android/BUILD.gn +++ b/chrome/android/BUILD.gn @@ -218,3 +219,38 @@ Subject: Remove dependency on com.google.android.gms.auth "$google_play_services_package:google_play_services_base_java", "$google_play_services_package:google_play_services_basement_java", "//third_party/android_deps:android_support_v4_java", +--- a/content/public/android/java/src/org/chromium/content/browser/sms/Wrappers.java ++++ b/content/public/android/java/src/org/chromium/content/browser/sms/Wrappers.java +@@ -10,8 +10,6 @@ import android.content.ContextWrapper; + import android.content.Intent; + import android.content.IntentFilter; + +-import com.google.android.gms.auth.api.phone.SmsRetrieverClient; +-import com.google.android.gms.tasks.Task; + + class Wrappers { + // Prevent instantiation. +@@ -21,11 +19,9 @@ class Wrappers { + * Wraps com.google.android.gms.auth.api.phone.SmsRetrieverClient. + */ + static class SmsRetrieverClientWrapper { +- private final SmsRetrieverClient mSmsRetrieverClient; + private SmsReceiverContext mContext; + +- public SmsRetrieverClientWrapper(SmsRetrieverClient smsRetrieverClient) { +- mSmsRetrieverClient = smsRetrieverClient; ++ public SmsRetrieverClientWrapper() { + } + + public void setContext(SmsReceiverContext context) { +@@ -35,10 +31,6 @@ class Wrappers { + public SmsReceiverContext getContext() { + return mContext; + } +- +- public Task startSmsRetriever() { +- return mSmsRetrieverClient.startSmsRetriever(); +- } + } + + /**