upd: 93 -> 94

Do not use macro which was dropped from branding-configs
2025-02-23 17:42:45 +00:00 · 2021-09-22 17:44:54 +03:00 · 2021-09-22 17:44:54 +03:00 · 975d7135e1
commit 975d7135e1
parent 0eec0147b6
5 changed files with 9 additions and 1815 deletions
--- a/.abf.yml
+++ b/.abf.yml
@ -1,8 +1,8 @@
 sources:
-  chromium-93.0.4577.82.tar.xz: 6d1ea3759f421233dbe7c0ea9bddad3afa1ce6fe
-  chromium-gost-3181acb959fcb8de4aa3aca4c51d8a89b90d367d.tar.gz: 3f81e4ac5204d61384480c59f45a3ef5b8feb3b0
+  chromium-94.0.4606.54.tar.xz: f7e748655cf994f9283d6bd7f9664ad975dd8ca2
+  chromium-gost-63275ec358b1a1c0087dc3af770d18c1d5fe661d.tar.gz: 67349ca44d66bd239b5fca98f2cdc0b7dffa154b
  depot_tools.tar.xz: 082b7f9a4dfa7eb03900755b4866aef2d73543a5
  icons.tar.bz2: a835954af164bf38f8ea4ea80608839bed7800a3
-  msspi-676e76df03782fa965d8f985f4bd2e4c3ee81386.tar.gz: 5c82ce5a5780b06a481812986e3da8b1131ca1a8
+  msspi-74a19443ca691e1acfee84e6176282e4ec338eac.tar.gz: 82954b8b58005505c32e92d4a8861ea2906f2a9f
  new-system-icons.tar.xz: 89339b8b3b05359a8745ed7968fe148902a2fa28
  xcb-proto-1.14.1.tar.xz: 836d5b2dd00ff21bd038e92764fda9a256a1b022
--- a/4b438323d68840453b5ef826c3997568e2e0e8c7.patch
+++ b/4b438323d68840453b5ef826c3997568e2e0e8c7.patch
--- a/60d5e803ef2a4874d29799b638754152285e0ed9.patch
+++ b/60d5e803ef2a4874d29799b638754152285e0ed9.patch
@ -1,348 +0,0 @@
-From 60d5e803ef2a4874d29799b638754152285e0ed9 Mon Sep 17 00:00:00 2001
-From: Matthew Denton <mpdenton@chromium.org>
-Date: Wed, 21 Jul 2021 12:55:11 +0000
-Subject: [PATCH] Linux sandbox: fix fstatat() crash
-
-This is a reland of https://crrev.com/c/2801873.
-
-Glibc has started rewriting fstat(fd, stat_buf) to
-fstatat(fd, "", stat_buf, AT_EMPTY_PATH). This works because when
-AT_EMPTY_PATH is specified, and the second argument is an empty string,
-then fstatat just performs an fstat on fd like normal.
-
-Unfortunately, fstatat() also allows stat-ing arbitrary pathnames like
-with fstatat(AT_FDCWD, "/i/am/a/file", stat_buf, 0);
-The baseline policy needs to prevent this usage of fstatat() since it
-doesn't allow access to arbitrary pathnames.
-
-Sadly, if the second argument is not an empty string, AT_EMPTY_PATH is
-simply ignored by current kernels.
-
-This means fstatat() is completely unsandboxable with seccomp, since
-we *need* to verify that the second argument is the empty string, but
-we can't dereference pointers in seccomp (due to limitations of BPF,
-and the difficulty of addressing these limitations due to TOCTOU
-issues).
-
-So, this CL Traps (raises a SIGSYS via seccomp) on any fstatat syscall.
-The signal handler, which runs in the sandboxed process, checks for
-AT_EMPTY_PATH and the empty string, and then rewrites any applicable
-fstatat() back into the old-style fstat().
-
-Bug: 1164975
-Change-Id: I3df6c04c0d781eb1f181d707ccaaead779337291
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042179
-Reviewed-by: Robert Sesek <rsesek@chromium.org>
-Commit-Queue: Matthew Denton <mpdenton@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#903873}
---
- .../seccomp-bpf-helpers/baseline_policy.cc    |  8 ++++++
- .../baseline_policy_unittest.cc               | 17 ++++++++++++-
- .../seccomp-bpf-helpers/sigsys_handlers.cc    | 25 +++++++++++++++++++
- .../seccomp-bpf-helpers/sigsys_handlers.h     | 14 +++++++++++
- .../linux/syscall_broker/broker_process.cc    | 21 ++++++++++------
- .../syscall_broker/broker_process_unittest.cc | 18 ++++++-------
- sandbox/linux/system_headers/linux_stat.h     |  4 +++
- 7 files changed, 89 insertions(+), 18 deletions(-)
-
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-index f2a60bb4d738d..9df0d2dbd3b5f 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-@@ -20,6 +20,7 @@
- #include "sandbox/linux/seccomp-bpf-helpers/syscall_sets.h"
- #include "sandbox/linux/seccomp-bpf/sandbox_bpf.h"
- #include "sandbox/linux/services/syscall_wrappers.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
- 
- #if !defined(SO_PEEK_OFF)
-@@ -304,6 +305,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
-     return Allow();
-   }
- 
-+  // The fstatat syscalls are file system syscalls, which will be denied below
-+  // with fs_denied_errno. However some allowed fstat syscalls are rewritten by
-+  // libc implementations to fstatat syscalls, and we need to rewrite them back.
-+  if (sysno == __NR_fstatat_default) {
-+    return RewriteFstatatSIGSYS(fs_denied_errno);
-+  }
-+
-   if (SyscallSets::IsFileSystem(sysno) ||
-       SyscallSets::IsCurrentDirectory(sysno)) {
-     return Error(fs_denied_errno);
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-index 68c29b564bb8f..57d307e09d36b 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy_unittest.cc
-@@ -51,7 +51,8 @@ namespace sandbox {
- 
- namespace {
- 
-// This also tests that read(), write() and fstat() are allowed.
-+// This also tests that read(), write(), fstat(), and fstatat(.., "", ..,
-+// AT_EMPTY_PATH) are allowed.
- void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
-   BPF_ASSERT_LE(0, read_end.get());
-   BPF_ASSERT_LE(0, write_end.get());
-@@ -60,6 +61,20 @@ void TestPipeOrSocketPair(base::ScopedFD read_end, base::ScopedFD write_end) {
-   BPF_ASSERT_EQ(0, sys_ret);
-   BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
- 
-+  sys_ret = fstatat(read_end.get(), "", &stat_buf, AT_EMPTY_PATH);
-+  BPF_ASSERT_EQ(0, sys_ret);
-+  BPF_ASSERT(S_ISFIFO(stat_buf.st_mode) || S_ISSOCK(stat_buf.st_mode));
-+
-+  // Make sure fstatat with anything other than an empty string is denied.
-+  sys_ret = fstatat(read_end.get(), "/", &stat_buf, AT_EMPTY_PATH);
-+  BPF_ASSERT_EQ(sys_ret, -1);
-+  BPF_ASSERT_EQ(EPERM, errno);
-+
-+  // Make sure fstatat without AT_EMPTY_PATH is denied.
-+  sys_ret = fstatat(read_end.get(), "", &stat_buf, 0);
-+  BPF_ASSERT_EQ(sys_ret, -1);
-+  BPF_ASSERT_EQ(EPERM, errno);
-+
-   const ssize_t kTestTransferSize = 4;
-   static const char kTestString[kTestTransferSize] = {'T', 'E', 'S', 'T'};
-   ssize_t transfered = 0;
-diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
-index 64edbd68bde6b..71068a045277b 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.cc
-@@ -6,6 +6,7 @@
- 
- #include "sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h"
- 
-+#include <fcntl.h>
- #include <stddef.h>
- #include <stdint.h>
- #include <string.h>
-@@ -22,6 +23,7 @@
- #include "sandbox/linux/seccomp-bpf/syscall.h"
- #include "sandbox/linux/services/syscall_wrappers.h"
- #include "sandbox/linux/system_headers/linux_seccomp.h"
-+#include "sandbox/linux/system_headers/linux_stat.h"
- #include "sandbox/linux/system_headers/linux_syscalls.h"
- 
- #if defined(__mips__)
-@@ -355,6 +357,24 @@ intptr_t SIGSYSSchedHandler(const struct arch_seccomp_data& args,
-   return -ENOSYS;
- }
- 
-+intptr_t SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+                              void* fs_denied_errno) {
-+  if (args.nr == __NR_fstatat_default) {
-+    if (*reinterpret_cast<const char*>(args.args[1]) == '\0' &&
-+        args.args[3] == static_cast<uint64_t>(AT_EMPTY_PATH)) {
-+      return syscall(__NR_fstat_default, static_cast<int>(args.args[0]),
-+                     reinterpret_cast<default_stat_struct*>(args.args[2]));
-+    }
-+    return -reinterpret_cast<intptr_t>(fs_denied_errno);
-+  }
-+
-+  CrashSIGSYS_Handler(args, fs_denied_errno);
-+
-+  // Should never be reached.
-+  RAW_CHECK(false);
-+  return -ENOSYS;
-+}
-+
- bpf_dsl::ResultExpr CrashSIGSYS() {
-   return bpf_dsl::Trap(CrashSIGSYS_Handler, NULL);
- }
-@@ -387,6 +407,11 @@ bpf_dsl::ResultExpr RewriteSchedSIGSYS() {
-   return bpf_dsl::Trap(SIGSYSSchedHandler, NULL);
- }
- 
-+bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno) {
-+  return bpf_dsl::Trap(SIGSYSFstatatHandler,
-+                       reinterpret_cast<void*>(fs_denied_errno));
-+}
-+
- void AllocateCrashKeys() {
- #if !defined(OS_NACL_NONSFI)
-   if (seccomp_crash_key)
-diff --git a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
-index 7a958b93b27a7..8cd735ce15793 100644
--- a/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
-+++ b/sandbox/linux/seccomp-bpf-helpers/sigsys_handlers.h
-@@ -62,6 +62,19 @@ SANDBOX_EXPORT intptr_t SIGSYSPtraceFailure(const arch_seccomp_data& args,
- // sched_setparam(), sched_setscheduler()
- SANDBOX_EXPORT intptr_t SIGSYSSchedHandler(const arch_seccomp_data& args,
-                                            void* aux);
-+// If the fstatat() syscall is functionally equivalent to an fstat() syscall,
-+// then rewrite the syscall to the equivalent fstat() syscall which can be
-+// adequately sandboxed.
-+// If the fstatat() is not functionally equivalent to an fstat() syscall, we
-+// fail with -fs_denied_errno.
-+// If the syscall is not an fstatat() at all, crash in the same way as
-+// CrashSIGSYS_Handler.
-+// This is necessary because glibc and musl have started rewriting fstat(fd,
-+// stat_buf) as fstatat(fd, "", stat_buf, AT_EMPTY_PATH). We rewrite the latter
-+// back to the former, which is actually sandboxable.
-+SANDBOX_EXPORT intptr_t
-+SIGSYSFstatatHandler(const struct arch_seccomp_data& args,
-+                     void* fs_denied_errno);
- 
- // Variants of the above functions for use with bpf_dsl.
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYS();
-@@ -72,6 +85,7 @@ SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSKill();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSFutex();
- SANDBOX_EXPORT bpf_dsl::ResultExpr CrashSIGSYSPtrace();
- SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteSchedSIGSYS();
-+SANDBOX_EXPORT bpf_dsl::ResultExpr RewriteFstatatSIGSYS(int fs_denied_errno);
- 
- // Allocates a crash key so that Seccomp information can be recorded.
- void AllocateCrashKeys();
-diff --git a/sandbox/linux/syscall_broker/broker_process.cc b/sandbox/linux/syscall_broker/broker_process.cc
-index c2176eb785e78..e9dad37485aef 100644
--- a/sandbox/linux/syscall_broker/broker_process.cc
-+++ b/sandbox/linux/syscall_broker/broker_process.cc
-@@ -113,44 +113,49 @@ bool BrokerProcess::IsSyscallAllowed(int sysno) const {
- }
- 
- bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
-+  // The syscalls unavailable on aarch64 are all blocked by Android's default
-+  // seccomp policy, even on non-aarch64 architectures. I.e., the syscalls XX()
-+  // with a corresponding XXat() versions are typically unavailable in aarch64
-+  // and are default disabled in Android. So, we should refuse to broker them
-+  // to be consistent with the platform's restrictions.
-   switch (sysno) {
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_access:
- #endif
-     case __NR_faccessat:
-       return !fast_check || allowed_command_set_.test(COMMAND_ACCESS);
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_mkdir:
- #endif
-     case __NR_mkdirat:
-       return !fast_check || allowed_command_set_.test(COMMAND_MKDIR);
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_open:
- #endif
-     case __NR_openat:
-       return !fast_check || allowed_command_set_.test(COMMAND_OPEN);
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_readlink:
- #endif
-     case __NR_readlinkat:
-       return !fast_check || allowed_command_set_.test(COMMAND_READLINK);
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_rename:
- #endif
-     case __NR_renameat:
-     case __NR_renameat2:
-       return !fast_check || allowed_command_set_.test(COMMAND_RENAME);
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_rmdir:
-       return !fast_check || allowed_command_set_.test(COMMAND_RMDIR);
- #endif
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_stat:
-     case __NR_lstat:
- #endif
-@@ -175,7 +180,7 @@ bool BrokerProcess::IsSyscallBrokerable(int sysno, bool fast_check) const {
-       return !fast_check || allowed_command_set_.test(COMMAND_STAT);
- #endif
- 
-#if !defined(__aarch64__)
-+#if !defined(__aarch64__) && !defined(OS_ANDROID)
-     case __NR_unlink:
-       return !fast_check || allowed_command_set_.test(COMMAND_UNLINK);
- #endif
-diff --git a/sandbox/linux/syscall_broker/broker_process_unittest.cc b/sandbox/linux/syscall_broker/broker_process_unittest.cc
-index c65f25a78a999..f0db08d84e06c 100644
--- a/sandbox/linux/syscall_broker/broker_process_unittest.cc
-+++ b/sandbox/linux/syscall_broker/broker_process_unittest.cc
-@@ -1596,52 +1596,52 @@ TEST(BrokerProcess, IsSyscallAllowed) {
-   const base::flat_map<BrokerCommand, base::flat_set<int>> kSysnosForCommand = {
-       {COMMAND_ACCESS,
-        {__NR_faccessat,
-#if defined(__NR_access)
-+#if defined(__NR_access) && !defined(OS_ANDROID)
-         __NR_access
- #endif
-        }},
-       {COMMAND_MKDIR,
-        {__NR_mkdirat,
-#if defined(__NR_mkdir)
-+#if defined(__NR_mkdir) && !defined(OS_ANDROID)
-         __NR_mkdir
- #endif
-        }},
-       {COMMAND_OPEN,
-        {__NR_openat,
-#if defined(__NR_open)
-+#if defined(__NR_open) && !defined(OS_ANDROID)
-         __NR_open
- #endif
-        }},
-       {COMMAND_READLINK,
-        {__NR_readlinkat,
-#if defined(__NR_readlink)
-+#if defined(__NR_readlink) && !defined(OS_ANDROID)
-         __NR_readlink
- #endif
-        }},
-       {COMMAND_RENAME,
-        {__NR_renameat,
-#if defined(__NR_rename)
-+#if defined(__NR_rename) && !defined(OS_ANDROID)
-         __NR_rename
- #endif
-        }},
-       {COMMAND_UNLINK,
-        {__NR_unlinkat,
-#if defined(__NR_unlink)
-+#if defined(__NR_unlink) && !defined(OS_ANDROID)
-         __NR_unlink
- #endif
-        }},
-       {COMMAND_RMDIR,
-        {__NR_unlinkat,
-#if defined(__NR_rmdir)
-+#if defined(__NR_rmdir) && !defined(OS_ANDROID)
-         __NR_rmdir
- #endif
-        }},
-       {COMMAND_STAT,
-        {
-#if defined(__NR_stat)
-+#if defined(__NR_stat) && !defined(OS_ANDROID)
-            __NR_stat,
- #endif
-#if defined(__NR_lstat)
-+#if defined(__NR_lstat) && !defined(OS_ANDROID)
-            __NR_lstat,
- #endif
- #if defined(__NR_fstatat)
-diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
-index 35788eb22a4e5..83b89efc75e5e 100644
--- a/sandbox/linux/system_headers/linux_stat.h
-+++ b/sandbox/linux/system_headers/linux_stat.h
-@@ -157,6 +157,10 @@ struct kernel_stat {
- };
- #endif
- 
-+#if !defined(AT_EMPTY_PATH)
-+#define AT_EMPTY_PATH 0x1000
-+#endif
-+
- // On 32-bit systems, we default to the 64-bit stat struct like libc
- // implementations do. Otherwise we default to the normal stat struct which is
- // already 64-bit.
--- a/b2fbcdbe30cb84cd2f0b63e453f3782c49213264.patch
+++ b/b2fbcdbe30cb84cd2f0b63e453f3782c49213264.patch
@ -1,70 +0,0 @@
-From b2fbcdbe30cb84cd2f0b63e453f3782c49213264 Mon Sep 17 00:00:00 2001
-From: Matthew Denton <mpdenton@chromium.org>
-Date: Wed, 21 Jul 2021 17:12:27 +0000
-Subject: [PATCH] Linux sandbox: ENOSYS for some statx syscalls
-
-On some platforms, glibc will default to statx for normal stat-family
-calls. Unfortunately there's no way to rewrite statx to something safe
-using a signal handler. Returning ENOSYS will cause glibc to fallback
-to old stat paths.
-
-Change-Id: Ieaddc8020b6555f2dfdc443197d13cb3fccc6bf1
-Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2823150
-Commit-Queue: Matthew Denton <mpdenton@chromium.org>
-Reviewed-by: Robert Sesek <rsesek@chromium.org>
-Cr-Commit-Position: refs/heads/master@{#903952}
---
- sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 11 +++++++++++
- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc    |  1 +
- sandbox/linux/system_headers/linux_stat.h            |  4 ++++
- 3 files changed, 16 insertions(+)
-
-diff --git a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-index 9df0d2dbd3b5f..049e921694eda 100644
--- a/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-@@ -312,6 +312,17 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
-     return RewriteFstatatSIGSYS(fs_denied_errno);
-   }
- 
-+  // The statx syscall is a filesystem syscall, which will be denied below with
-+  // fs_denied_errno. However, on some platforms, glibc will default to statx
-+  // for normal stat-family calls. Unfortunately there's no way to rewrite statx
-+  // to something safe using a signal handler. Returning ENOSYS will cause glibc
-+  // to fallback to old stat paths.
-+  if (sysno == __NR_statx) {
-+    const Arg<int> mask(3);
-+    return If(mask == STATX_BASIC_STATS, Error(ENOSYS))
-+        .Else(Error(fs_denied_errno));
-+  }
-+
-   if (SyscallSets::IsFileSystem(sysno) ||
-       SyscallSets::IsCurrentDirectory(sysno)) {
-     return Error(fs_denied_errno);
-diff --git a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-index 96c9f490e28cd..8227dc1854643 100644
--- a/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-+++ b/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-@@ -171,6 +171,7 @@ bool SyscallSets::IsFileSystem(int sysno) {
-     (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS))
-     case __NR_statfs64:
- #endif
-+    case __NR_statx:  // EPERM not a valid errno.
-     case __NR_symlinkat:
-     case __NR_truncate:
- #if defined(__i386__) || defined(__arm__) || \
-diff --git a/sandbox/linux/system_headers/linux_stat.h b/sandbox/linux/system_headers/linux_stat.h
-index 83b89efc75e5e..e697dd6777ef5 100644
--- a/sandbox/linux/system_headers/linux_stat.h
-+++ b/sandbox/linux/system_headers/linux_stat.h
-@@ -161,6 +161,10 @@ struct kernel_stat {
- #define AT_EMPTY_PATH 0x1000
- #endif
- 
-+#if !defined(STATX_BASIC_STATS)
-+#define STATX_BASIC_STATS 0x000007ffU
-+#endif
-+
- // On 32-bit systems, we default to the 64-bit stat struct like libc
- // implementations do. Otherwise we default to the normal stat struct which is
- // already 64-bit.
--- a/chromium-browser-stable.spec
+++ b/chromium-browser-stable.spec
@ -50,8 +50,8 @@
 # GOST patches and sources
 # Using commit hashes because upstream often puts tags long after making changes
 # (they wait for builds to finish to make a new "release" with binary packages)
-%define chromium_gost_commit 3181acb959fcb8de4aa3aca4c51d8a89b90d367d
-%define msspi_commit 676e76df03782fa965d8f985f4bd2e4c3ee81386
+%define chromium_gost_commit 63275ec358b1a1c0087dc3af770d18c1d5fe661d
+%define msspi_commit 74a19443ca691e1acfee84e6176282e4ec338eac
 %define _gostsourcedir %{_builddir}/chromium-gost

 %define xcb_version 1.14.1
@ -83,7 +83,7 @@

 Summary:	A fast web browser based on the Blink engine
 Name:		chromium-browser-stable
-Version:	93.0.4577.82
+Version:	94.0.4606.54
 Release:	1
 License:	BSD, LGPL
 Group:		Networking/WWW
@ -125,10 +125,6 @@ Patch647:	ALT-allow-to-override-clang-through-env-variables.patch
 # XXX This patch is not enough to fully fix debuginfo and debugsource subpackages
 Patch648:	fix-debugsource.patch
 Patch649:	off-java-check.patch
-# From Chromium 94+ for new glibc
-Patch650:	https://github.com/chromium/chromium/commit/4b438323d68840453b5ef826c3997568e2e0e8c7.patch
-Patch651:	https://github.com/chromium/chromium/commit/60d5e803ef2a4874d29799b638754152285e0ed9.patch
-Patch652:	https://github.com/chromium/chromium/commit/b2fbcdbe30cb84cd2f0b63e453f3782c49213264.patch

 BuildRequires:	bison
 BuildRequires:	llvm12
@ -255,7 +251,7 @@ if proprietary CryptoPro is installed.
 %{_crdir}/chromium-wrapper
 %{_crdir}/chrome
 %{_crdir}/chrome-sandbox
-%{_crdir}/crashpad_handler
+%{_crdir}/chrome_crashpad_handler
 %{_crdir}/icudtl.dat
 %{_crdir}/locales
 %{_crdir}/*.pak
@ -358,7 +354,7 @@ popd

 # Hard code extra version
 FILE=chrome/common/channel_info_posix.cc
-sed -i.orig -e 's/getenv("CHROME_VERSION_EXTRA")/"%{vendor} %{product_version}, RPM %{name} %{EVRD}%{?with_gost: + GOST TLS via CryptoPro}"/' $FILE
+sed -i.orig -e 's/getenv("CHROME_VERSION_EXTRA")/"%{vendor} %{rosa_release}, RPM %{name} %{EVRD}%{?with_gost: + GOST TLS via CryptoPro}"/' $FILE
 cmp $FILE $FILE.orig && exit 1

 # Use native page size on aarch64 ("if (current_cpu == "arm64")"), otherwise:
@ -585,7 +581,7 @@ mkdir -p %{buildroot}%{_crdir}/themes
 install -m 755 %{SOURCE1} %{buildroot}%{_crdir}/chromium-wrapper
 install -m 755 out/Release/chrome %{buildroot}%{_crdir}/
 install -m 4755 out/Release/chrome_sandbox %{buildroot}%{_crdir}/chrome-sandbox
-install -m 755 out/Release/crashpad_handler %{buildroot}%{_crdir}/crashpad_handler
+install -m 755 out/Release/chrome_crashpad_handler %{buildroot}%{_crdir}/chrome_crashpad_handler
 cp -a out/Release/chromedriver %{buildroot}%{_crdir}/chromedriver
 install -m 644 out/Release/*.pak %{buildroot}%{_crdir}/
 install -m 644 out/Release/icudtl.dat %{buildroot}%{_crdir}/