- Update to 130.0.6723.116

* High CVE-2024-10826: Use after free in Family Experience * High CVE-2024-10827: Use after free in Serial
3 days ago · 4f84e8f7c1
parent c026ffc7d8
commit 4f84e8f7c1
4 changed files with 9 additions and 4 deletions
--- a/.chromium.metadata
+++ b/.chromium.metadata
@ -1,4 +1,4 @@
-7e8cb77c981b633d158326c6b170ca6e6b93075b  SOURCES/chromium-130.0.6723.91.tar.xz
+9946798d9178374002690cd754a13cbb54696794  SOURCES/chromium-130.0.6723.116.tar.xz
 ccd15016324e640c40f6fc01ab076dc52196ea54  SOURCES/msspi-e91bd46306cc7044b2903cd07b788c13c36481e3.tar.xz
 6445256b9e87e59aeec1f486174a27a15f6caa2c  SOURCES/Chromium-Gost-7706f212673c41cdc1df94f95710358598c119f3.tar.xz
 dea187019741602d57aaf189a80abba261fbd2aa  SOURCES/linux-x64-0.19.2.tgz
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/chromium-130.0.6723.91.tar.xz
+SOURCES/chromium-130.0.6723.116.tar.xz
 SOURCES/linux-x64-0.19.2.tgz
 SOURCES/linux-arm64-0.19.2.tgz
 SOURCES/node-v20.6.1-linux-x64.tar.xz
--- a/SOURCES/chromium.conf
+++ b/SOURCES/chromium.conf
@ -34,7 +34,7 @@ case "$GRAPHIC_DRIVER" in
      # The NVIDIA VaAPI drivers are known to not support Chromium
      # see https://crbug.com/1492880. This feature switch is
      # provided for developers to test VaAPI drivers on NVIDIA GPUs
-      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl --disable-gpu-compositing"
      FEATURES+="VaapiVideoDecodeLinuxGL,VaapiVideoEncoder,VaapiOnNvidiaGPUs"
      ;;
   intel)
--- a/SPECS/chromium.spec
+++ b/SPECS/chromium.spec
@ -313,7 +313,7 @@
 %endif

 Name:	chromium%{chromium_channel}
-Version: 130.0.6723.91
+Version: 130.0.6723.116
 Release: 1%{?dist}.inferit
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@ -2111,6 +2111,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif

 %changelog
+* Mon Nov 11 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 130.0.6723.116-1.inferit
+- Update to 130.0.6723.116
+  * High CVE-2024-10826: Use after free in Family Experience
+  * High CVE-2024-10827: Use after free in Serial
+
 * Thu Oct 31 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 130.0.6723.91-1.inferit
 - update to 130.0.6723.91
  * Critical CVE-2024-10487: Out of bounds write in Dawn