- update to 125.0.6422.141

* High CVE-2024-5493: Heap buffer overflow in WebRTC * High CVE-2024-5494: Use after free in Dawn * High CVE-2024-5495: Use after free in Dawn * High CVE-2024-5496: Use after free in Media Session * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * High CVE-2024-5498: Use after free in Presentation API * High CVE-2024-5499: Out of bounds write in Streams API - fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams - cleanup chromium.conf
5 months ago · 1f27cca60c
parent 114e571134
commit 1f27cca60c
4 changed files with 70 additions and 6 deletions
--- a/.chromium.metadata
+++ b/.chromium.metadata
@ -1,4 +1,4 @@
-00af50f76b8a3fdf27f2ba6b1e3c3397fafc0a4f  SOURCES/chromium-125.0.6422.112.tar.xz
+b4d7e98b3c1ced92626341f92503b37b941ddbc1  SOURCES/chromium-125.0.6422.141.tar.xz
 dea187019741602d57aaf189a80abba261fbd2aa  SOURCES/linux-x64-0.19.2.tgz
 7e5d2c7864c5c83ec789b59c77cd9c20d2594916  SOURCES/linux-arm64-0.19.2.tgz
 769196d081c6a0ad37f1c63dec56febfff3370de  SOURCES/node-v20.6.1-linux-x64.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/chromium-125.0.6422.112.tar.xz
+SOURCES/chromium-125.0.6422.141.tar.xz
 SOURCES/linux-x64-0.19.2.tgz
 SOURCES/linux-arm64-0.19.2.tgz
 SOURCES/node-v20.6.1-linux-x64.tar.xz
--- a/SOURCES/chromium.conf
+++ b/SOURCES/chromium.conf
@ -1,3 +1,48 @@
 # system wide chromium flags
+
+# GRAPHIC_DRIVER=[amd|intel|nvidia|default]
+GRAPHIC_DRIVER=default
+
+# WEB_DARKMODE=[on|off]
+WEB_DARKMODE=off
+
 CHROMIUM_FLAGS=""
-CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl --enable-features=VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
+CHROMIUM_FLAGS+=" --enable-native-gpu-memory-buffers"
+CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames"
+CHROMIUM_FLAGS+=" --enable-zero-copy"
+CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround"
+CHROMIUM_FLAGS+=" --enable-chrome-browser-cloud-management"
+
+FEATURES=""
+
+case "$GRAPHIC_DRIVER" in
+   amd)
+      # Need new mesa with AMD multi planes support, is not yet supported in fedora
+      # see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=vulkan --enable-accelerated-video-decode"
+      FEATURES+="Vulkan,VulkanFromANGLE,DefaultANGLEVulkan,VaapiIgnoreDriverChecks,VaapiVideoDecoder,UseMultiPlaneFormatForHardwareVideo"
+      ;;
+   nvidia)
+      # The NVIDIA VaAPI drivers are known to not support Chromium
+      # see https://crbug.com/1492880. This feature switch is
+      # provided for developers to test VaAPI drivers on NVIDIA GPUs
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      FEATURES+="VaapiVideoDecodeLinuxGL,VaapiVideoEncoder,VaapiOnNvidiaGPUs"
+      ;;
+   intel)
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      FEATURES+="VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
+      ;;
+   *)
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      FEATURES+="VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
+      ;;
+esac
+       
+# Web Dark mode
+if [ "$WEB_DARKMODE" == "on" ] ; then
+   darktype="WebContentsForceDark:inversion_method/cielab_based/image_behavior/none/foreground_lightness_threshold/150/background_lightness_threshold/205"
+   FEATURES+=",$darktype"
+fi
+
+CHROMIUM_FLAGS+=" --enable-features=$FEATURES"
--- a/SPECS/chromium.spec
+++ b/SPECS/chromium.spec
@ -199,6 +199,11 @@
 %endif
 %endif

+%ifarch ppc64le
+# workaround for a bug in new llvm on f40/rawhide (ppc64le)
+%global cfi 0
+%endif
+
 # set correct toolchain
 %if %{clang}
 %global toolchain clang
@ -337,7 +342,7 @@
 %endif

 Name:	chromium%{chromium_channel}
-Version: 125.0.6422.112
+Version: 125.0.6422.141
 Release: 1%{?dist}.inferit
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@ -724,7 +729,9 @@ BuildRequires: pkgconfig(Qt6Core)
 BuildRequires: pkgconfig(Qt6Widgets)
 %endif

-%if %{cfi}
+%if 0%{?rhel} == 7
+BuildRequires: llvm-toolset-%{llvm_toolset_version}-compiler-rt
+%else
 BuildRequires: compiler-rt
 %endif

@ -1599,7 +1606,7 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene
 CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0'

 %if ! %{cfi}
-CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false'
+CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false use_thin_lto=false'
 %endif

 %if %{useapikey}
@ -2239,6 +2246,18 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif

 %changelog
+* Sun Jun  2 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 125.0.6422.141-1.inferit
+- update to 125.0.6422.141
+  * High CVE-2024-5493: Heap buffer overflow in WebRTC
+  * High CVE-2024-5494: Use after free in Dawn
+  * High CVE-2024-5495: Use after free in Dawn
+  * High CVE-2024-5496: Use after free in Media Session
+  * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
+  * High CVE-2024-5498: Use after free in Presentation API
+  * High CVE-2024-5499: Out of bounds write in Streams API
+- fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams
+- cleanup chromium.conf
+
 * Mon May 27 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 125.0.6422.112-1.inferit
 - update to 125.0.6422.112
  * High CVE-2024-5274: Type Confusion in V8