From 5b27efc518c86b93dd2f30e877536599ed07beac Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 24 Jul 2024 23:45:03 +0200 Subject: [PATCH] - update to 127.0.6533.72 * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe - remove unsupported use_gold, use_goma - enable bootstrap for epel as gn is old (need to update gn on epel) - enable bundleicu and bundledav1d (need to update icu and dav1d) - apply upstream patches to fix build issues with ninja-1.21.1 (fedora >39) - pipewire is old on el8, new version is required, disable it temporary --- chromium-127-ninja-1.21.1-deps-part0.patch | 44 ++++++++++++++ chromium-127-ninja-1.21.1-deps-part1.patch | 62 +++++++++++++++++++ chromium-127-ninja-1.21.1-deps-part2.patch | 37 ++++++++++++ chromium-127-ninja-1.21.1-deps-part3.patch | 49 +++++++++++++++ chromium.spec | 70 +++++++++++++++------- 5 files changed, 241 insertions(+), 21 deletions(-) create mode 100644 chromium-127-ninja-1.21.1-deps-part0.patch create mode 100644 chromium-127-ninja-1.21.1-deps-part1.patch create mode 100644 chromium-127-ninja-1.21.1-deps-part2.patch create mode 100644 chromium-127-ninja-1.21.1-deps-part3.patch diff --git a/chromium-127-ninja-1.21.1-deps-part0.patch b/chromium-127-ninja-1.21.1-deps-part0.patch new file mode 100644 index 00000000..52581fde --- /dev/null +++ b/chromium-127-ninja-1.21.1-deps-part0.patch @@ -0,0 +1,44 @@ +commit 4ca70656fde83d2db6ed5a8ac9ec9e7443846924 +Author: Lei Zhang +Date: Wed Jun 26 16:35:34 2024 +0000 + + Move chrome/browser/ui:webui_name_variants to public_deps + + The chrome/browser/ui build target contains webui_contents_wrapper.h, + which included the generated webui_name_variants.h header. For this to + work correctly, the build system must process the webui_name_variants + target first and generate webui_name_variants.h. To do this reliably, + without having to depend on webui_name_variants in all targets that + transitively include webui_contents_wrapper.h, make it a public_deps. + + Bug: 40253918, 346711540, 346699817, 345645751 + Change-Id: I6e0b573427cda1b2b408702f139b2c9e83f05045 + Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5646245 + Reviewed-by: Anthony Vallée-Dubois + Commit-Queue: Lei Zhang + Cr-Commit-Position: refs/heads/main@{#1319828} + +diff --git a/chrome/browser/ui/BUILD.gn b/chrome/browser/ui/BUILD.gn +index 46648a4c2194e..0883714163a31 100644 +--- a/chrome/browser/ui/BUILD.gn ++++ b/chrome/browser/ui/BUILD.gn +@@ -6436,7 +6436,6 @@ static_library("ui") { + } + + deps += [ +- ":webui_name_variants", + "side_search:side_search_tab_data_proto", + "//base", + "//chrome/browser:main_extra_parts", +@@ -6495,7 +6494,10 @@ static_library("ui") { + "//ui/lottie", + "//ui/views:buildflags", + ] +- public_deps += [ "//ui/base/dragdrop/mojom:mojom_headers" ] ++ public_deps += [ ++ ":webui_name_variants", ++ "//ui/base/dragdrop/mojom:mojom_headers", ++ ] + + allow_circular_includes_from += [ "//chrome/browser/ui/views" ] + diff --git a/chromium-127-ninja-1.21.1-deps-part1.patch b/chromium-127-ninja-1.21.1-deps-part1.patch new file mode 100644 index 00000000..6d62b32d --- /dev/null +++ b/chromium-127-ninja-1.21.1-deps-part1.patch @@ -0,0 +1,62 @@ +commit 50d63ffee3f7f1b1b9303363742ad8ebbfec31fa +Author: Lei Zhang +Date: Wed Jun 26 21:27:51 2024 +0000 + + Make more deps entries public_deps in chrome/browser/ui/BUILD.gn + + The chrome/browser/ui build target includes several buildflag headers. + For this to work correctly, the build system must be able to generate + the buildflag headers first. To do this reliably, without having to + depend on buildflag targets in all targets that transitively include the + headers that includes buildflag heaers, make these dependencies + public_deps. + + For //components/paint_preview/buildflags, remove the deps entry, as it + is already in public_deps. + + Bug: 40253918, 346711540, 346699817, 345645751 + Change-Id: I00e78a430f2e99aa3732406882b352d31e3d7da7 + Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5647662 + Commit-Queue: Lei Zhang + Reviewed-by: Peter Kasting + Cr-Commit-Position: refs/heads/main@{#1320033} + +diff --git a/chrome/browser/ui/BUILD.gn b/chrome/browser/ui/BUILD.gn +index bc6a7c03ecd1c..74f92f0431494 100644 +--- a/chrome/browser/ui/BUILD.gn ++++ b/chrome/browser/ui/BUILD.gn +@@ -415,8 +415,10 @@ static_library("ui") { + "//chrome/browser/ui/tabs:tab_enums", + "//components/cross_device/logging", + "//components/dom_distiller/core", ++ "//components/enterprise/buildflags", + "//components/paint_preview/buildflags", + "//components/safe_browsing:buildflags", ++ "//components/segmentation_platform/public", + "//components/sync", + "//components/sync_user_events", + "//components/translate/content/browser", +@@ -533,7 +535,6 @@ static_library("ui") { + "//components/embedder_support:browser_util", + "//components/encrypted_messages:encrypted_message_proto", + "//components/enterprise", +- "//components/enterprise/buildflags:buildflags", + "//components/error_page/content/browser", + "//components/facilitated_payments/core/features", + "//components/favicon/content", +@@ -644,7 +645,6 @@ static_library("ui") { + "//components/security_interstitials/core:unsafe_resource", + "//components/security_state/content", + "//components/security_state/core", +- "//components/segmentation_platform/public", + "//components/send_tab_to_self", + "//components/sessions", + "//components/sharing_message", +@@ -2119,7 +2119,6 @@ static_library("ui") { + "//components/omnibox/browser:mojo_bindings", + "//components/page_load_metrics/browser", + "//components/paint_preview/browser", +- "//components/paint_preview/buildflags", + "//components/paint_preview/common", + "//components/paint_preview/public", + "//components/password_manager/content/common", diff --git a/chromium-127-ninja-1.21.1-deps-part2.patch b/chromium-127-ninja-1.21.1-deps-part2.patch new file mode 100644 index 00000000..8cfce7a1 --- /dev/null +++ b/chromium-127-ninja-1.21.1-deps-part2.patch @@ -0,0 +1,37 @@ +commit 2c101186b60ed50f2ba4feaa2e963bd841bcca47 +Author: Takuto Ikuta +Date: Fri Jun 21 06:23:27 2024 +0000 + + chrome/browser: add missing dependency + + This is to fix build error due to missing dependency when we update + ninja to 1.12. + e.g. https://ci.chromium.org/ui/p/chromium/builders/build/linux-build-perf-no-rbe/1690/overview + + Bug: 346711540, 346699817, 345645751, 40253918 + Change-Id: Ife0a4e09969a4ad2e61dfc1598c9a63ac0b2abd5 + Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5641516 + Reviewed-by: Anthony Vallée-Dubois + Commit-Queue: Takuto Ikuta + Auto-Submit: Takuto Ikuta + Reviewed-by: Lei Zhang + Cr-Commit-Position: refs/heads/main@{#1317790} + +diff --git a/chrome/browser/ui/views/side_panel/BUILD.gn b/chrome/browser/ui/views/side_panel/BUILD.gn +index 96f2c30a6dd22..2957730277a29 100644 +--- a/chrome/browser/ui/views/side_panel/BUILD.gn ++++ b/chrome/browser/ui/views/side_panel/BUILD.gn +@@ -201,5 +201,13 @@ source_set("side_panel") { + "//ui/gfx:color_utils", + "//ui/gfx/geometry:geometry_skia", + "//ui/webui", ++ ++ # TODO(crbug.com/346711540,crbug.com/346699817,crbug.com/345645751): ++ # Use //chrome/browser/ui instead after fixing cyclic dependency. ++ "//chrome/browser/ui:webui_name_variants", ++ "//components/enterprise/buildflags", ++ "//components/paint_preview/buildflags", ++ "//components/segmentation_platform/public/proto", ++ "//components/webapps/common:mojo_bindings", + ] + } diff --git a/chromium-127-ninja-1.21.1-deps-part3.patch b/chromium-127-ninja-1.21.1-deps-part3.patch new file mode 100644 index 00000000..bfb46d97 --- /dev/null +++ b/chromium-127-ninja-1.21.1-deps-part3.patch @@ -0,0 +1,49 @@ +commit f2b43c18b8ecfc3ddc49c42c062d796c8b563984 +Author: Takuto Ikuta +Date: Wed Jul 3 09:00:47 2024 +0000 + + chrome/browser/ui: add missing dependency + + This is to fix build error due to missing dependency when we update + ninja to 1.12. + e.g. https://ci.chromium.org/ui/p/chromium/builders/build.shadow/win-build-perf-developer/1/overview + + Bug: 40253918, 345645751, 346694160, 346709958, 346707816 + Change-Id: I3ede8e345aef5d6d2d8bf5b155601650828bc817 + Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5644627 + Reviewed-by: Hidehiko Abe + Auto-Submit: Takuto Ikuta + Commit-Queue: Takuto Ikuta + Reviewed-by: Lei Zhang + Cr-Commit-Position: refs/heads/main@{#1322655} + +diff --git a/chrome/browser/ui/views/side_panel/BUILD.gn b/chrome/browser/ui/views/side_panel/BUILD.gn +index 2957730277a29..2680a77d855d5 100644 +--- a/chrome/browser/ui/views/side_panel/BUILD.gn ++++ b/chrome/browser/ui/views/side_panel/BUILD.gn +@@ -202,12 +202,24 @@ source_set("side_panel") { + "//ui/gfx/geometry:geometry_skia", + "//ui/webui", + +- # TODO(crbug.com/346711540,crbug.com/346699817,crbug.com/345645751): ++ # TODO(crbug.com/345645751): Use //chrome/browser instead after fixing cyclic dependency. ++ "//components/enterprise/common/proto:connectors_proto", ++ ++ # TODO(crbug.com/346711540,crbug.com/346699817,crbug.com/345645751, ++ # crbug.com/346694160,crbug.com/346709958,crbug.com/346707816): + # Use //chrome/browser/ui instead after fixing cyclic dependency. ++ "//chrome/browser/cart:mojo_bindings", ++ "//chrome/browser/companion/visual_query", + "//chrome/browser/ui:webui_name_variants", ++ "//chrome/browser/ui/webui/side_panel/bookmarks:mojo_bindings", ++ "//chrome/browser/ui/webui/side_panel/customize_chrome:mojo_bindings", ++ "//chrome/browser/ui/webui/side_panel/reading_list:mojo_bindings", + "//components/enterprise/buildflags", ++ "//components/page_image_service/mojom:mojo_bindings", + "//components/paint_preview/buildflags", + "//components/segmentation_platform/public/proto", ++ "//components/user_education/webui", + "//components/webapps/common:mojo_bindings", ++ "//ui/webui/resources/cr_components/commerce:mojo_bindings", + ] + } diff --git a/chromium.spec b/chromium.spec index 7750c4db..47fe68ea 100644 --- a/chromium.spec +++ b/chromium.spec @@ -1,4 +1,5 @@ %define _lto_cflags %{nil} +%global _default_patch_fuzz 2 # enable|disable system build flags %global system_build_flags 0 @@ -22,6 +23,10 @@ # enable|disble bootstrap %global bootstrap 0 +# workaround for old gn on rhel, it causes build error: unknown function filter_labels_include() +%if 0%{?rhel} +%global bootstrap 1 +%endif # Fancy build status, so we at least know, where we are.. # %1 where @@ -75,7 +80,7 @@ # v4l2_codec only enable for fedora aarch64 %global use_v4l2_codec 0 -# libva is too old on el8. +# libva is too old on el8 %if 0%{?rhel} == 8 %global use_vaapi 0 %endif @@ -102,10 +107,6 @@ %endif %endif -# Seems like we might need this sometimes -# Practically, no. But it's here in case we do. -%global use_gold 0 - %global build_clear_key_cdm 0 # Disabled because of Google, starting with Chromium 88. @@ -196,6 +197,8 @@ %global bundlelibaom 1 %global bundlelibavif 1 %global bundlesnappy 1 +%global bundleicu 1 +%global bundledav1d 1 %global bundlepylibs 0 %global bundlelibxslt 0 %global bundleflac 0 @@ -226,7 +229,6 @@ %global bundlefontconfig 1 %global bundleffmpegfree 1 %global bundlebrotli 1 -%global bundleicu 1 %global bundlelibopenjpeg2 1 %global bundlelibtiff 1 %global bundlecrc32c 1 @@ -235,14 +237,11 @@ %else %if 0%{?fedora} > 38 || 0%{?rhel} > 9 %global bundlebrotli 0 -%global bundleicu 0 %global bundlelibwebp 0 %else %global bundlebrotli 1 -%global bundleicu 1 %global bundlelibwebp 1 %endif -%global bundledav1d 0 %global bundlelibpng 0 %global bundlelibjpeg 0 %global bundlelibdrm 0 @@ -295,8 +294,8 @@ %endif Name: chromium%{chromium_channel} -Version: 126.0.6478.182 -Release: 2%{?dist} +Version: 127.0.6533.72 +Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) @@ -471,6 +470,12 @@ Patch412: fix-unknown-warning-option-messages.diff # error: undefined symbol: llvm::MCAsmInfoXCOFF::MCAsmInfoXCOFF() Patch413: fix-swiftshader-compile.patch +# upstream patches +Patch501: chromium-127-ninja-1.21.1-deps-part0.patch +Patch502: chromium-127-ninja-1.21.1-deps-part1.patch +Patch503: chromium-127-ninja-1.21.1-deps-part2.patch +Patch504: chromium-127-ninja-1.21.1-deps-part3.patch + # Use chromium-latest.py to generate clean tarball from released build tarballs, found here: # http://build.chromium.org/buildbot/official/ # For Chromium Fedora use chromium-latest.py --stable --ffmpegclean --ffmpegarm @@ -635,8 +640,9 @@ BuildRequires: pciutils-devel BuildRequires: pulseaudio-libs-devel # For screen sharing on Wayland -%if 0%{?fedora} || 0%{?rhel} >= 8 -BuildRequires: pkgconfig(libpipewire-0.3) +# pipewire is old on el8, chromium needs new version, disable it temporary +%if 0%{?fedora} || 0%{?rhel} > 8 +BuildRequires: pipewire-devel %endif # for /usr/bin/appstream-util @@ -1179,11 +1185,19 @@ Qt6 UI for chromium. %patch -P413 -p1 -b .fix-swiftshader-compile %endif +%if 0%{?fedora} > 39 +%patch -P501 -p1 -b .ninja-1.21.1-deps +%patch -P502 -p1 -b .ninja-1.21.1-deps +%patch -P503 -p1 -b .ninja-1.21.1-deps +%patch -P504 -p1 -b .ninja-1.21.1-deps +%endif + # Change shebang in all relevant files in this directory and all subdirectories # See `man find` for how the `-exec command {} +` syntax works find -type f \( -iname "*.py" \) -exec sed -i '1s=^#! */usr/bin/\(python\|env python\)[23]\?=#!%{chromium_pybin}=' {} + # Add correct path for nodejs binary +rm -rf third_party/node/linux/node-linux-x64* %if ! %{system_nodejs} pushd third_party/node/linux %ifarch x86_64 @@ -1311,7 +1325,6 @@ CHROMIUM_CORE_GN_DEFINES="" CHROMIUM_CORE_GN_DEFINES+=' custom_toolchain="//build/toolchain/linux/unbundle:default"' CHROMIUM_CORE_GN_DEFINES+=' host_toolchain="//build/toolchain/linux/unbundle:default"' CHROMIUM_CORE_GN_DEFINES+=' is_debug=false dcheck_always_on=false dcheck_is_configurable=false' -CHROMIUM_CORE_GN_DEFINES+=' use_goma=false' CHROMIUM_CORE_GN_DEFINES+=' enable_nacl=false' CHROMIUM_CORE_GN_DEFINES+=' system_libdir="%{_lib}"' @@ -1354,12 +1367,6 @@ CHROMIUM_CORE_GN_DEFINES+=" rustc_version=\"$rustc_version\"" CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false' -%if %{use_gold} -CHROMIUM_CORE_GN_DEFINES+=' use_gold=true' -%else -CHROMIUM_CORE_GN_DEFINES+=' use_gold=false' -%endif - %ifarch aarch64 CHROMIUM_CORE_GN_DEFINES+=' target_cpu="arm64"' %endif @@ -1429,8 +1436,10 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_vaapi=false' CHROMIUM_BROWSER_GN_DEFINES+=' use_v4l2_codec=true' %endif -%if 0%{?fedora} || 0%{?rhel} >= 8 +%if 0%{?fedora} || 0%{?rhel} > 8 CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true rtc_link_pipewire=true' +%else +CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=false rtc_link_pipewire=false' %endif %if ! %{bundlelibjpeg} @@ -1979,6 +1988,25 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %endif %changelog +* Wed Jul 24 2024 Than Ngo - 127.0.6533.72-1 +- update to 127.0.6533.72 + * CVE-2024-6988: Use after free in Downloads + * CVE-2024-6989: Use after free in Loader + * CVE-2024-6991: Use after free in Dawn + * CVE-2024-6992: Out of bounds memory access in ANGLE + * CVE-2024-6993: Inappropriate implementation in Canvas + * CVE-2024-6994: Heap buffer overflow in Layout + * CVE-2024-6995: Inappropriate implementation in Fullscreen + * CVE-2024-6996: Race in Frames + * CVE-2024-6997: Use after free in Tabs + * CVE-2024-6998: Use after free in User Education + * CVE-2024-6999: Inappropriate implementation in FedCM + * CVE-2024-7000: Use after free in CSS. Reported by Anonymous + * CVE-2024-7001: Inappropriate implementation in HTML + * CVE-2024-7003: Inappropriate implementation in FedCM + * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing + * CVE-2024-7005: Insufficient validation of untrusted input in Safe + * Sat Jul 20 2024 Than Ngo - 126.0.6478.182-2 - fix condition for is_cfi/use_thin_lto on aarch64/ppc64le - update powerpc patches