From b011b57f357af97f3a003a3b1c481fc8bd2b869c Mon Sep 17 00:00:00 2001
From: Marius Bakke <address@hidden>
Date: Thu, 11 Jan 2018 14:36:47 +0100
Subject: [PATCH] gnu: chromium: Add spectre mitigation.

* gnu/packages/patches/chromium-spectre-mitigation.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/chromium.scm (chromium)[source]: Use it.
---
 gnu/local.mk                                           |  1 +
 gnu/packages/chromium.scm                              |  3 ++-
 gnu/packages/patches/chromium-spectre-mitigation.patch | 13 +++++++++++++
 3 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/chromium-spectre-mitigation.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 513f64043..89dab227c 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -575,6 +575,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/ceph-skip-collect-sys-info-test.patch	\
   %D%/packages/patches/ceph-skip-unittest_blockdev.patch	\
   %D%/packages/patches/chmlib-inttypes.patch			\
+  %D%/packages/patches/chromium-spectre-mitigation.patch	\
   %D%/packages/patches/clang-libc-search-path.patch		\
   %D%/packages/patches/clang-3.8-libc-search-path.patch		\
   %D%/packages/patches/clementine-use-openssl.patch		\
diff --git a/gnu/packages/chromium.scm b/gnu/packages/chromium.scm
index dd040527b..1e9dba42e 100644
--- a/gnu/packages/chromium.scm
+++ b/gnu/packages/chromium.scm
@@ -240,7 +240,8 @@
                              %chromium-system-icu.patch
                              %chromium-system-nspr.patch
                              %chromium-system-libevent.patch
-                             %chromium-disable-api-keys-warning.patch))
+                             %chromium-disable-api-keys-warning.patch
+                             (search-patch "chromium-spectre-mitigation.patch")))
               (modules '((srfi srfi-1)
                          (guix build utils)))
               (snippet
diff --git a/gnu/packages/patches/chromium-spectre-mitigation.patch b/gnu/packages/patches/chromium-spectre-mitigation.patch
new file mode 100644
index 000000000..a44a3bce4
--- /dev/null
+++ b/gnu/packages/patches/chromium-spectre-mitigation.patch
@@ -0,0 +1,13 @@
+diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
+index 43feb76..33a49b8 100644
+--- a/content/public/common/content_features.cc
++++ b/content/public/common/content_features.cc
+@@ -308,7 +308,7 @@
+ 
+ // http://tc39.github.io/ecmascript_sharedmem/shmem.html
+ const base::Feature kSharedArrayBuffer{"SharedArrayBuffer",
+-                                       base::FEATURE_ENABLED_BY_DEFAULT};
++                                       base::FEATURE_DISABLED_BY_DEFAULT};
+ 
+ // An experiment to require process isolation for the sign-in origin,
+ // https://accounts.google.com.  Launch bug: https://crbug.com/739418.
-- 
2.15.1