- fix bz#2282246, update to 125.0.6422.76

* High CVE-2024-5157: Use after free in Scheduling
  * High CVE-2024-5158: Type Confusion in V8
  * High CVE-2024-5159: Heap buffer overflow in ANGLE
  * High CVE-2024-5160: Heap buffer overflow in Dawn
- cleanup
epel8 imports/epel9/chromium-125.0.6422.76-1.el9
Than Ngo 6 months ago
parent 1a12f7ee44
commit 3ea7f80282

@ -211,13 +211,17 @@
%global bundlelibaom 1 %global bundlelibaom 1
%global bundlelibavif 1 %global bundlelibavif 1
%global bundlesnappy 1 %global bundlesnappy 1
# Fedora's Python 2 stack is being removed, we use the bundled Python libraries
# This can be revisited once we upgrade to Python 3
%global bundlepylibs 0 %global bundlepylibs 0
%global bundlelibxslt 0 %global bundlelibxslt 0
%global bundleflac 0 %global bundleflac 0
%global bundledoubleconversion 0 %global bundledoubleconversion 0
%global bundlelibXNVCtrl 0
%global bundlehighway 0
%global bundlelibusbx 0
%global bundlelibevent 0
%global bundlelibsecret 0
%global bundleopus 0
%global bundlelcms2 0
# RHEL 7.9 dropped minizip. # RHEL 7.9 dropped minizip.
# enable bundleminizip for Fedora > 39 due to switch to minizip-ng # enable bundleminizip for Fedora > 39 due to switch to minizip-ng
@ -228,8 +232,6 @@
%endif %endif
%if 0%{?rhel} == 7 || 0%{?rhel} == 8 %if 0%{?rhel} == 7 || 0%{?rhel} == 8
%global bundleopus 1
%global bundlelibusbx 1
%global bundleharfbuzz 1 %global bundleharfbuzz 1
%global bundlelibwebp 1 %global bundlelibwebp 1
%global bundlelibpng 1 %global bundlelibpng 1
@ -240,14 +242,9 @@
%global bundleffmpegfree 1 %global bundleffmpegfree 1
%global bundlebrotli 1 %global bundlebrotli 1
%global bundlelibopenjpeg2 1 %global bundlelibopenjpeg2 1
%global bundlelcms2 1
%global bundlelibtiff 1 %global bundlelibtiff 1
%global bundlecrc32c 1 %global bundlecrc32c 1
%global bundlelibsecret 1
%global bundlelibXNVCtrl 1
%global bundlelibxml 1 %global bundlelibxml 1
%global bundlelibevent 1
%global bundlehighway 1
%global bundledav1d 1 %global bundledav1d 1
%else %else
%if 0%{?fedora} > 38 || 0%{?rhel} > 9 %if 0%{?fedora} > 38 || 0%{?rhel} > 9
@ -255,10 +252,7 @@
%else %else
%global bundlebrotli 1 %global bundlebrotli 1
%endif %endif
%global bundlehighway 0
%global bundledav1d 0 %global bundledav1d 0
%global bundleopus 0
%global bundlelibusbx 0
%global bundlelibwebp 0 %global bundlelibwebp 0
%global bundlelibpng 0 %global bundlelibpng 0
%global bundlelibjpeg 0 %global bundlelibjpeg 0
@ -267,7 +261,6 @@
%global bundleffmpegfree 0 %global bundleffmpegfree 0
%global bundlefreetype 0 %global bundlefreetype 0
%global bundlelibopenjpeg2 0 %global bundlelibopenjpeg2 0
%global bundlelcms2 0
%global bundlelibtiff 0 %global bundlelibtiff 0
%if 0%{?rhel} == 9 %if 0%{?rhel} == 9
%global bundlecrc32c 1 %global bundlecrc32c 1
@ -276,10 +269,7 @@
%global bundlecrc32c 0 %global bundlecrc32c 0
%global bundleharfbuzz 0 %global bundleharfbuzz 0
%endif %endif
%global bundlelibsecret 0
%global bundlelibXNVCtrl 0
%global bundlelibxml 0 %global bundlelibxml 0
%global bundlelibevent 0
%endif %endif
### From 2013 until early 2021, Google permitted distribution builds of ### From 2013 until early 2021, Google permitted distribution builds of
@ -316,8 +306,8 @@
%endif %endif
Name: chromium%{chromium_channel} Name: chromium%{chromium_channel}
Version: 125.0.6422.60 Version: 125.0.6422.76
Release: 3%{?dist} Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home Url: http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@ -441,6 +431,8 @@ Patch131: chromium-107-proprietary-codecs.patch
Patch132: chromium-118-sigtrap_system_ffmpeg.patch Patch132: chromium-118-sigtrap_system_ffmpeg.patch
# need for old ffmpeg 6.0/5.x on epel9 and fedora < 40 # need for old ffmpeg 6.0/5.x on epel9 and fedora < 40
Patch133: chromium-121-system-old-ffmpeg.patch Patch133: chromium-121-system-old-ffmpeg.patch
# disable FFmpegAllowLists by default to allow external ffmpeg
patch134: chromium-125-disable-FFmpegAllowLists.patch
# revert AV1 VAAPI video encode due to old libva on el9 (rhel9.3) # revert AV1 VAAPI video encode due to old libva on el9 (rhel9.3)
Patch140: chromium-122-revert-av1enc-el9.patch Patch140: chromium-122-revert-av1enc-el9.patch
@ -487,9 +479,6 @@ Patch354: chromium-120-split-threshold-for-reg-with-hint.patch
# use system libstdc++ # use system libstdc++
Patch355: chromium-125-system-libstdc++.patch Patch355: chromium-125-system-libstdc++.patch
# disable FFmpegAllowLists by default to allow external ffmpeg
patch356: chromium-125-disable-FFmpegAllowLists.patch
# set clang_lib path # set clang_lib path
Patch358: chromium-124-rust-clang_lib.patch Patch358: chromium-124-rust-clang_lib.patch
@ -1174,6 +1163,7 @@ udev.
%patch -P131 -p1 -b .prop-codecs %patch -P131 -p1 -b .prop-codecs
%patch -P132 -p1 -b .sigtrap_system_ffmpeg %patch -P132 -p1 -b .sigtrap_system_ffmpeg
%patch -P133 -p1 -b .system-old-ffmpeg %patch -P133 -p1 -b .system-old-ffmpeg
%patch -P134 -p1 -b .disable-FFmpegAllowLists
%endif %endif
# EPEL specific patches # EPEL specific patches
@ -1250,7 +1240,6 @@ cp /opt/rh/%{toolset}-%{dts_version}/root/usr/include/c++/%{dts_version}/optiona
%if ! %{use_custom_libcxx} %if ! %{use_custom_libcxx}
%patch -P355 -p1 -b .system-libstdc++ %patch -P355 -p1 -b .system-libstdc++
%endif %endif
%patch -P356 -p1 -b .disable-FFmpegAllowLists
%patch -P358 -p1 -b .rust-clang_lib %patch -P358 -p1 -b .rust-clang_lib
%patch -P359 -p1 -b .libavif-deps %patch -P359 -p1 -b .libavif-deps
@ -2118,6 +2107,14 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%endif %endif
%changelog %changelog
* Wed May 22 2024 Than Ngo <than@redhat.com> - 125.0.6422.76-1
- fix bz#2282246, update to 125.0.6422.76
* High CVE-2024-5157: Use after free in Scheduling
* High CVE-2024-5158: Type Confusion in V8
* High CVE-2024-5159: Heap buffer overflow in ANGLE
* High CVE-2024-5160: Heap buffer overflow in Dawn
- cleanup
* Mon May 20 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-3 * Mon May 20 2024 Than Ngo <than@redhat.com> - 125.0.6422.60-3
- remove unneeded BRs - remove unneeded BRs
- workarounds for el7 build - workarounds for el7 build

@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
SHA512 (chromium-125.0.6422.60-clean.tar.xz) = a14671b17ad50b9c65efab84941f7cddf12dc720f690b71cf57614f718c682e9fc5a2906efde7896a2a07ce16c289b5581060709cec44e39fc7ab887eb55b632 SHA512 (chromium-125.0.6422.76-clean.tar.xz) = f587c116e9f38d1fa96586a51e53412731857da15e5a7057d14059760cd5dd6c2fe693bcb71a41295c8c3439634ea9420d9a2255a8c62fd60fea8c71678da450

Loading…
Cancel
Save