- upstream security release 122.0.6261.111

* High CVE-2024-2173: Out of bounds memory access in V8 * High CVE-2024-2174: Inappropriate implementation in V8 * High CVE-2024-2176: Use after free in FedCM
7 months ago · 3475273f86
parent ec95efb479
commit 3475273f86
4 changed files with 11 additions and 5 deletions
--- a/.chromium.metadata
+++ b/.chromium.metadata
@ -1,4 +1,4 @@
-d241e12a875e17ab2595d1bfde7ebe6a82dad5a7  SOURCES/chromium-122.0.6261.94.tar.xz
+f821455b00eeac196dea07e378f45505b95c746e  SOURCES/chromium-122.0.6261.111.tar.xz
 dea187019741602d57aaf189a80abba261fbd2aa  SOURCES/linux-x64-0.19.2.tgz
 7e5d2c7864c5c83ec789b59c77cd9c20d2594916  SOURCES/linux-arm64-0.19.2.tgz
 769196d081c6a0ad37f1c63dec56febfff3370de  SOURCES/node-v20.6.1-linux-x64.tar.xz
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/chromium-122.0.6261.94.tar.xz
+SOURCES/chromium-122.0.6261.111.tar.xz
 SOURCES/linux-x64-0.19.2.tgz
 SOURCES/linux-arm64-0.19.2.tgz
 SOURCES/node-v20.6.1-linux-x64.tar.xz
--- a/SOURCES/chromium-122-rust-clang_lib.patch
+++ b/SOURCES/chromium-122-rust-clang_lib.patch
@ -34,7 +34,7 @@ diff -up chromium-121.0.6167.57/build/config/clang/BUILD.gn.rust-clang_lib chrom
 +          assert(false)  # Unhandled cpu type
 +        }
 +        # different clang lib dir in fedora/epel
-+        if (clang_version == "17") {
+        if (clang_version == "17" || clang_version == "18") {
 +          _suffix = ""
 +        } else if (clang_version == "16" || clang_version == "14") {
 +          _libprefix = "64"
--- a/SPECS/chromium.spec
+++ b/SPECS/chromium.spec
@ -333,7 +333,7 @@
 %endif

 Name:	chromium%{chromium_channel}
-Version: 122.0.6261.94
+Version: 122.0.6261.111
 Release: 1%{?dist}.inferit
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@ -508,7 +508,7 @@ patch356: chromium-122-disable-FFmpegAllowLists.patch
 Patch357: chromium-122-clang16-disable-auto-upgrade-debug-info.patch

 # set clang_lib path
-Patch358: chromium-121-rust-clang_lib.patch
+Patch358: chromium-122-rust-clang_lib.patch

 # upstream patches
 Patch400: chromium-122-el8-support-64kpage.patch
@ -2079,6 +2079,12 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif

 %changelog
+* Thu Mar 07 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 122.0.6261.111-1.inferit
+- upstream security release 122.0.6261.111
+   * High CVE-2024-2173: Out of bounds memory access in V8
+   * High CVE-2024-2174: Inappropriate implementation in V8
+   * High CVE-2024-2176: Use after free in FedCM
+
 * Thu Feb 29 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 122.0.6261.94-1.inferit.1
 - upstream security release 122.0.6261.94
   * High : Type Confusion in V8