From 3ea7f80282a5f119517ef1dfc1ba23bd64891749 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 22 May 2024 08:33:42 +0200 Subject: [PATCH] - fix bz#2282246, update to 125.0.6422.76 * High CVE-2024-5157: Use after free in Scheduling * High CVE-2024-5158: Type Confusion in V8 * High CVE-2024-5159: Heap buffer overflow in ANGLE * High CVE-2024-5160: Heap buffer overflow in Dawn - cleanup --- chromium.spec | 43 ++++++++++++++++++++----------------------- sources | 2 +- 2 files changed, 21 insertions(+), 24 deletions(-) diff --git a/chromium.spec b/chromium.spec index 5b83a2a8..1f9d9f68 100644 --- a/chromium.spec +++ b/chromium.spec @@ -211,13 +211,17 @@ %global bundlelibaom 1 %global bundlelibavif 1 %global bundlesnappy 1 - -# Fedora's Python 2 stack is being removed, we use the bundled Python libraries -# This can be revisited once we upgrade to Python 3 %global bundlepylibs 0 %global bundlelibxslt 0 %global bundleflac 0 %global bundledoubleconversion 0 +%global bundlelibXNVCtrl 0 +%global bundlehighway 0 +%global bundlelibusbx 0 +%global bundlelibevent 0 +%global bundlelibsecret 0 +%global bundleopus 0 +%global bundlelcms2 0 # RHEL 7.9 dropped minizip. # enable bundleminizip for Fedora > 39 due to switch to minizip-ng @@ -228,8 +232,6 @@ %endif %if 0%{?rhel} == 7 || 0%{?rhel} == 8 -%global bundleopus 1 -%global bundlelibusbx 1 %global bundleharfbuzz 1 %global bundlelibwebp 1 %global bundlelibpng 1 @@ -240,14 +242,9 @@ %global bundleffmpegfree 1 %global bundlebrotli 1 %global bundlelibopenjpeg2 1 -%global bundlelcms2 1 %global bundlelibtiff 1 %global bundlecrc32c 1 -%global bundlelibsecret 1 -%global bundlelibXNVCtrl 1 %global bundlelibxml 1 -%global bundlelibevent 1 -%global bundlehighway 1 %global bundledav1d 1 %else %if 0%{?fedora} > 38 || 0%{?rhel} > 9 @@ -255,10 +252,7 @@ %else %global bundlebrotli 1 %endif -%global bundlehighway 0 %global bundledav1d 0 -%global bundleopus 0 -%global bundlelibusbx 0 %global bundlelibwebp 0 %global bundlelibpng 0 %global bundlelibjpeg 0 @@ -267,7 +261,6 @@ %global bundleffmpegfree 0 %global bundlefreetype 0 %global bundlelibopenjpeg2 0 -%global bundlelcms2 0 %global bundlelibtiff 0 %if 0%{?rhel} == 9 %global bundlecrc32c 1 @@ -276,10 +269,7 @@ %global bundlecrc32c 0 %global bundleharfbuzz 0 %endif -%global bundlelibsecret 0 -%global bundlelibXNVCtrl 0 %global bundlelibxml 0 -%global bundlelibevent 0 %endif ### From 2013 until early 2021, Google permitted distribution builds of @@ -316,8 +306,8 @@ %endif Name: chromium%{chromium_channel} -Version: 125.0.6422.60 -Release: 3%{?dist} +Version: 125.0.6422.76 +Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) @@ -441,6 +431,8 @@ Patch131: chromium-107-proprietary-codecs.patch Patch132: chromium-118-sigtrap_system_ffmpeg.patch # need for old ffmpeg 6.0/5.x on epel9 and fedora < 40 Patch133: chromium-121-system-old-ffmpeg.patch +# disable FFmpegAllowLists by default to allow external ffmpeg +patch134: chromium-125-disable-FFmpegAllowLists.patch # revert AV1 VAAPI video encode due to old libva on el9 (rhel9.3) Patch140: chromium-122-revert-av1enc-el9.patch @@ -487,9 +479,6 @@ Patch354: chromium-120-split-threshold-for-reg-with-hint.patch # use system libstdc++ Patch355: chromium-125-system-libstdc++.patch -# disable FFmpegAllowLists by default to allow external ffmpeg -patch356: chromium-125-disable-FFmpegAllowLists.patch - # set clang_lib path Patch358: chromium-124-rust-clang_lib.patch @@ -1174,6 +1163,7 @@ udev. %patch -P131 -p1 -b .prop-codecs %patch -P132 -p1 -b .sigtrap_system_ffmpeg %patch -P133 -p1 -b .system-old-ffmpeg +%patch -P134 -p1 -b .disable-FFmpegAllowLists %endif # EPEL specific patches @@ -1250,7 +1240,6 @@ cp /opt/rh/%{toolset}-%{dts_version}/root/usr/include/c++/%{dts_version}/optiona %if ! %{use_custom_libcxx} %patch -P355 -p1 -b .system-libstdc++ %endif -%patch -P356 -p1 -b .disable-FFmpegAllowLists %patch -P358 -p1 -b .rust-clang_lib %patch -P359 -p1 -b .libavif-deps @@ -2118,6 +2107,14 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %endif %changelog +* Wed May 22 2024 Than Ngo - 125.0.6422.76-1 +- fix bz#2282246, update to 125.0.6422.76 + * High CVE-2024-5157: Use after free in Scheduling + * High CVE-2024-5158: Type Confusion in V8 + * High CVE-2024-5159: Heap buffer overflow in ANGLE + * High CVE-2024-5160: Heap buffer overflow in Dawn +- cleanup + * Mon May 20 2024 Than Ngo - 125.0.6422.60-3 - remove unneeded BRs - workarounds for el7 build diff --git a/sources b/sources index c58c6e63..377eb972 100644 --- a/sources +++ b/sources @@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d -SHA512 (chromium-125.0.6422.60-clean.tar.xz) = a14671b17ad50b9c65efab84941f7cddf12dc720f690b71cf57614f718c682e9fc5a2906efde7896a2a07ce16c289b5581060709cec44e39fc7ab887eb55b632 +SHA512 (chromium-125.0.6422.76-clean.tar.xz) = f587c116e9f38d1fa96586a51e53412731857da15e5a7057d14059760cd5dd6c2fe693bcb71a41295c8c3439634ea9420d9a2255a8c62fd60fea8c71678da450