- update to 124.0.6367.118

* High CVE-2024-4331: Use after free in Picture In Picture
  * High CVE-2024-4368: Use after free in Dawn
- use system highway
epel9
Than Ngo 9 months ago
parent f09d3f6cf3
commit 37db6b60fe

@ -1,88 +0,0 @@
commit c7f4c58f896a651eba80ad805ebdb49d19ebdbd4
Author: Tom Anderson <thomasanderson@chromium.org>
Date: Wed Mar 20 00:00:12 2024 +0000
Fix --ozone-platform-hint
This fixes a regression after r1269993 which moved ozone platform
early initialization before the ozone platform hint flag was
processed. This CL ensures the flag processing happens even earlier.
R=sky
Change-Id: Icc9649beb0b86753265be2b6cdf3059611eb410f
Bug: None
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5375669
Reviewed-by: Scott Violet <sky@chromium.org>
Auto-Submit: Thomas Anderson <thomasanderson@chromium.org>
Commit-Queue: Thomas Anderson <thomasanderson@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1275306}
diff --git a/chrome/app/chrome_main_delegate.cc b/chrome/app/chrome_main_delegate.cc
index 73b6ab0934b14..0b4c44be679d0 100644
--- a/chrome/app/chrome_main_delegate.cc
+++ b/chrome/app/chrome_main_delegate.cc
@@ -249,6 +249,9 @@
#include "base/scoped_add_feature_flags.h"
#include "ui/base/ui_base_features.h"
#include "ui/ozone/public/ozone_platform.h"
+#if BUILDFLAG(IS_LINUX)
+#include "chrome/browser/chrome_browser_main_extra_parts_linux.h"
+#endif
#endif // BUILDFLAG(IS_OZONE)
base::LazyInstance<ChromeContentGpuClient>::DestructorAtExit
@@ -959,6 +962,9 @@ std::optional<int> ChromeMainDelegate::PostEarlyInitialization(
// Initialize Ozone platform and add required feature flags as per platform's
// properties. Must be added before feature list is created otherwise the
// added flag won't be picked up.
+#if BUILDFLAG(IS_LINUX)
+ ChromeBrowserMainExtraPartsLinux::InitOzonePlatformHint();
+#endif
ui::OzonePlatform::PreEarlyInitialization();
AddFeatureFlagsToCommandLine();
#endif // BUILDFLAG(IS_OZONE)
diff --git a/chrome/browser/chrome_browser_main_extra_parts_linux.cc b/chrome/browser/chrome_browser_main_extra_parts_linux.cc
index dba7b116ecaa0..ea0487022dcdc 100644
--- a/chrome/browser/chrome_browser_main_extra_parts_linux.cc
+++ b/chrome/browser/chrome_browser_main_extra_parts_linux.cc
@@ -168,7 +168,13 @@ ChromeBrowserMainExtraPartsLinux::ChromeBrowserMainExtraPartsLinux() = default;
ChromeBrowserMainExtraPartsLinux::~ChromeBrowserMainExtraPartsLinux() = default;
-void ChromeBrowserMainExtraPartsLinux::PreEarlyInitialization() {
+void ChromeBrowserMainExtraPartsLinux::PostBrowserStart() {
+ RecordDisplayServerProtocolSupport();
+ ChromeBrowserMainExtraPartsOzone::PostBrowserStart();
+}
+
+// static
+void ChromeBrowserMainExtraPartsLinux::InitOzonePlatformHint() {
#if BUILDFLAG(IS_LINUX)
// On the desktop, we fix the platform name if necessary.
// See https://crbug.com/1246928.
@@ -189,8 +195,3 @@ void ChromeBrowserMainExtraPartsLinux::PreEarlyInitialization() {
}
#endif // BUILDFLAG(IS_LINUX)
}
-
-void ChromeBrowserMainExtraPartsLinux::PostBrowserStart() {
- RecordDisplayServerProtocolSupport();
- ChromeBrowserMainExtraPartsOzone::PostBrowserStart();
-}
diff --git a/chrome/browser/chrome_browser_main_extra_parts_linux.h b/chrome/browser/chrome_browser_main_extra_parts_linux.h
index 3847bd2090e28..4f188a7bdfe38 100644
--- a/chrome/browser/chrome_browser_main_extra_parts_linux.h
+++ b/chrome/browser/chrome_browser_main_extra_parts_linux.h
@@ -17,9 +17,10 @@ class ChromeBrowserMainExtraPartsLinux
const ChromeBrowserMainExtraPartsLinux&) = delete;
~ChromeBrowserMainExtraPartsLinux() override;
+ static void InitOzonePlatformHint();
+
private:
// ChromeBrowserMainExtraParts overrides.
- void PreEarlyInitialization() override;
void PostBrowserStart() override;
};

@ -245,6 +245,7 @@
%else
%global bundlebrotli 1
%endif
%global bundlehighway 0
%global bundledav1d 0
%global bundleopus 0
%global bundlelibusbx 0
@ -306,7 +307,7 @@
%endif
Name: chromium%{chromium_channel}
Version: 124.0.6367.91
Version: 124.0.6367.118
Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
@ -564,7 +565,6 @@ Patch415: fix-clang-selection.patch
# upstream patches
# 64kpage support on el8
Patch500: chromium-124-el8-support-64kpage.patch
Patch501: chromium-124-wayland-regression.patch
# Use chromium-latest.py to generate clean tarball from released build tarballs, found here:
# http://build.chromium.org/buildbot/official/
@ -771,6 +771,10 @@ BuildRequires: woff2-devel
BuildRequires: libdav1d-devel
%endif
%if ! %{bundlehighway}
BuildRequires: highway-devel
%endif
%if ! %{bundlelibavif}
BuildRequires: libavif-devel
%endif
@ -1322,7 +1326,6 @@ udev.
%patch -P500 -p1 -b .el8-support-64kpage.patch
%endif
%endif
%patch -P501 -p1 -b .wayland-regression
# Change shebang in all relevant files in this directory and all subdirectories
# See `man find` for how the `-exec command {} +` syntax works
@ -1642,6 +1645,9 @@ system_libs=()
%if ! %{bundledav1d}
system_libs+=(dav1d)
%endif
%if ! %{bundlehighway}
system_libs+=(highway)
%endif
%if ! %{bundlefontconfig}
system_libs+=(fontconfig)
%endif
@ -2120,6 +2126,12 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%endif
%changelog
* Wed May 01 2024 Than Ngo <than@redhat.com> - 124.0.6367.118-1
- update to 124.0.6367.118
* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn
- use system highway
* Sat Apr 27 2024 Than Ngo <than@redhat.com> - 124.0.6367.91-1
- update to 124.0.6367.91
- fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error)

@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
SHA512 (chromium-124.0.6367.91-clean.tar.xz) = 183a3af2b639e63bec636e9ad9e6d091993cb63bb4369b9804b8a72d8fb946e6efd9288884bd9698426b0f595cc57ff4e9884ff91fba7ec1ed16d9d96eb046d1
SHA512 (chromium-124.0.6367.118-clean.tar.xz) = 203d0abe379aceee628f8e38b8e57265d984aba260a319bf9c2c718aa71bc211dc7a38ca443d01d3fb5f0867debb4cc49fcda0b9b8e4b12aef68af2cfba90e06

Loading…
Cancel
Save