- update to 127.0.6533.72

* CVE-2024-6988: Use after free in Downloads
       * CVE-2024-6989: Use after free in Loader
       * CVE-2024-6991: Use after free in Dawn
       * CVE-2024-6992: Out of bounds memory access in ANGLE
       * CVE-2024-6993: Inappropriate implementation in Canvas
       * CVE-2024-6994: Heap buffer overflow in Layout
       * CVE-2024-6995: Inappropriate implementation in Fullscreen
       * CVE-2024-6996: Race in Frames
       * CVE-2024-6997: Use after free in Tabs
       * CVE-2024-6998: Use after free in User Education
       * CVE-2024-6999: Inappropriate implementation in FedCM
       * CVE-2024-7000: Use after free in CSS. Reported by Anonymous
       * CVE-2024-7001: Inappropriate implementation in HTML
       * CVE-2024-7003: Inappropriate implementation in FedCM
       * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
       * CVE-2024-7005: Insufficient validation of untrusted input in Safe
- remove unsupported use_gold, use_goma
- enable bootstrap for epel as gn is old (need to update gn on epel)
- enable bundleicu and bundledav1d (need to update icu and dav1d)
- apply upstream patches to fix build issues with ninja-1.21.1 (fedora >39)
- pipewire is old on el8, new version is required, disable it temporary
epel8 imports/epel9/chromium-127.0.6533.72-1.el9
Than Ngo 4 months ago
parent d69c30e61b
commit 5b27efc518

@ -0,0 +1,44 @@
commit 4ca70656fde83d2db6ed5a8ac9ec9e7443846924
Author: Lei Zhang <thestig@chromium.org>
Date: Wed Jun 26 16:35:34 2024 +0000
Move chrome/browser/ui:webui_name_variants to public_deps
The chrome/browser/ui build target contains webui_contents_wrapper.h,
which included the generated webui_name_variants.h header. For this to
work correctly, the build system must process the webui_name_variants
target first and generate webui_name_variants.h. To do this reliably,
without having to depend on webui_name_variants in all targets that
transitively include webui_contents_wrapper.h, make it a public_deps.
Bug: 40253918, 346711540, 346699817, 345645751
Change-Id: I6e0b573427cda1b2b408702f139b2c9e83f05045
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5646245
Reviewed-by: Anthony Vallée-Dubois <anthonyvd@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1319828}
diff --git a/chrome/browser/ui/BUILD.gn b/chrome/browser/ui/BUILD.gn
index 46648a4c2194e..0883714163a31 100644
--- a/chrome/browser/ui/BUILD.gn
+++ b/chrome/browser/ui/BUILD.gn
@@ -6436,7 +6436,6 @@ static_library("ui") {
}
deps += [
- ":webui_name_variants",
"side_search:side_search_tab_data_proto",
"//base",
"//chrome/browser:main_extra_parts",
@@ -6495,7 +6494,10 @@ static_library("ui") {
"//ui/lottie",
"//ui/views:buildflags",
]
- public_deps += [ "//ui/base/dragdrop/mojom:mojom_headers" ]
+ public_deps += [
+ ":webui_name_variants",
+ "//ui/base/dragdrop/mojom:mojom_headers",
+ ]
allow_circular_includes_from += [ "//chrome/browser/ui/views" ]

@ -0,0 +1,62 @@
commit 50d63ffee3f7f1b1b9303363742ad8ebbfec31fa
Author: Lei Zhang <thestig@chromium.org>
Date: Wed Jun 26 21:27:51 2024 +0000
Make more deps entries public_deps in chrome/browser/ui/BUILD.gn
The chrome/browser/ui build target includes several buildflag headers.
For this to work correctly, the build system must be able to generate
the buildflag headers first. To do this reliably, without having to
depend on buildflag targets in all targets that transitively include the
headers that includes buildflag heaers, make these dependencies
public_deps.
For //components/paint_preview/buildflags, remove the deps entry, as it
is already in public_deps.
Bug: 40253918, 346711540, 346699817, 345645751
Change-Id: I00e78a430f2e99aa3732406882b352d31e3d7da7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5647662
Commit-Queue: Lei Zhang <thestig@chromium.org>
Reviewed-by: Peter Kasting <pkasting@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1320033}
diff --git a/chrome/browser/ui/BUILD.gn b/chrome/browser/ui/BUILD.gn
index bc6a7c03ecd1c..74f92f0431494 100644
--- a/chrome/browser/ui/BUILD.gn
+++ b/chrome/browser/ui/BUILD.gn
@@ -415,8 +415,10 @@ static_library("ui") {
"//chrome/browser/ui/tabs:tab_enums",
"//components/cross_device/logging",
"//components/dom_distiller/core",
+ "//components/enterprise/buildflags",
"//components/paint_preview/buildflags",
"//components/safe_browsing:buildflags",
+ "//components/segmentation_platform/public",
"//components/sync",
"//components/sync_user_events",
"//components/translate/content/browser",
@@ -533,7 +535,6 @@ static_library("ui") {
"//components/embedder_support:browser_util",
"//components/encrypted_messages:encrypted_message_proto",
"//components/enterprise",
- "//components/enterprise/buildflags:buildflags",
"//components/error_page/content/browser",
"//components/facilitated_payments/core/features",
"//components/favicon/content",
@@ -644,7 +645,6 @@ static_library("ui") {
"//components/security_interstitials/core:unsafe_resource",
"//components/security_state/content",
"//components/security_state/core",
- "//components/segmentation_platform/public",
"//components/send_tab_to_self",
"//components/sessions",
"//components/sharing_message",
@@ -2119,7 +2119,6 @@ static_library("ui") {
"//components/omnibox/browser:mojo_bindings",
"//components/page_load_metrics/browser",
"//components/paint_preview/browser",
- "//components/paint_preview/buildflags",
"//components/paint_preview/common",
"//components/paint_preview/public",
"//components/password_manager/content/common",

@ -0,0 +1,37 @@
commit 2c101186b60ed50f2ba4feaa2e963bd841bcca47
Author: Takuto Ikuta <tikuta@chromium.org>
Date: Fri Jun 21 06:23:27 2024 +0000
chrome/browser: add missing dependency
This is to fix build error due to missing dependency when we update
ninja to 1.12.
e.g. https://ci.chromium.org/ui/p/chromium/builders/build/linux-build-perf-no-rbe/1690/overview
Bug: 346711540, 346699817, 345645751, 40253918
Change-Id: Ife0a4e09969a4ad2e61dfc1598c9a63ac0b2abd5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5641516
Reviewed-by: Anthony Vallée-Dubois <anthonyvd@chromium.org>
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1317790}
diff --git a/chrome/browser/ui/views/side_panel/BUILD.gn b/chrome/browser/ui/views/side_panel/BUILD.gn
index 96f2c30a6dd22..2957730277a29 100644
--- a/chrome/browser/ui/views/side_panel/BUILD.gn
+++ b/chrome/browser/ui/views/side_panel/BUILD.gn
@@ -201,5 +201,13 @@ source_set("side_panel") {
"//ui/gfx:color_utils",
"//ui/gfx/geometry:geometry_skia",
"//ui/webui",
+
+ # TODO(crbug.com/346711540,crbug.com/346699817,crbug.com/345645751):
+ # Use //chrome/browser/ui instead after fixing cyclic dependency.
+ "//chrome/browser/ui:webui_name_variants",
+ "//components/enterprise/buildflags",
+ "//components/paint_preview/buildflags",
+ "//components/segmentation_platform/public/proto",
+ "//components/webapps/common:mojo_bindings",
]
}

@ -0,0 +1,49 @@
commit f2b43c18b8ecfc3ddc49c42c062d796c8b563984
Author: Takuto Ikuta <tikuta@chromium.org>
Date: Wed Jul 3 09:00:47 2024 +0000
chrome/browser/ui: add missing dependency
This is to fix build error due to missing dependency when we update
ninja to 1.12.
e.g. https://ci.chromium.org/ui/p/chromium/builders/build.shadow/win-build-perf-developer/1/overview
Bug: 40253918, 345645751, 346694160, 346709958, 346707816
Change-Id: I3ede8e345aef5d6d2d8bf5b155601650828bc817
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5644627
Reviewed-by: Hidehiko Abe <hidehiko@chromium.org>
Auto-Submit: Takuto Ikuta <tikuta@chromium.org>
Commit-Queue: Takuto Ikuta <tikuta@chromium.org>
Reviewed-by: Lei Zhang <thestig@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1322655}
diff --git a/chrome/browser/ui/views/side_panel/BUILD.gn b/chrome/browser/ui/views/side_panel/BUILD.gn
index 2957730277a29..2680a77d855d5 100644
--- a/chrome/browser/ui/views/side_panel/BUILD.gn
+++ b/chrome/browser/ui/views/side_panel/BUILD.gn
@@ -202,12 +202,24 @@ source_set("side_panel") {
"//ui/gfx/geometry:geometry_skia",
"//ui/webui",
- # TODO(crbug.com/346711540,crbug.com/346699817,crbug.com/345645751):
+ # TODO(crbug.com/345645751): Use //chrome/browser instead after fixing cyclic dependency.
+ "//components/enterprise/common/proto:connectors_proto",
+
+ # TODO(crbug.com/346711540,crbug.com/346699817,crbug.com/345645751,
+ # crbug.com/346694160,crbug.com/346709958,crbug.com/346707816):
# Use //chrome/browser/ui instead after fixing cyclic dependency.
+ "//chrome/browser/cart:mojo_bindings",
+ "//chrome/browser/companion/visual_query",
"//chrome/browser/ui:webui_name_variants",
+ "//chrome/browser/ui/webui/side_panel/bookmarks:mojo_bindings",
+ "//chrome/browser/ui/webui/side_panel/customize_chrome:mojo_bindings",
+ "//chrome/browser/ui/webui/side_panel/reading_list:mojo_bindings",
"//components/enterprise/buildflags",
+ "//components/page_image_service/mojom:mojo_bindings",
"//components/paint_preview/buildflags",
"//components/segmentation_platform/public/proto",
+ "//components/user_education/webui",
"//components/webapps/common:mojo_bindings",
+ "//ui/webui/resources/cr_components/commerce:mojo_bindings",
]
}

@ -1,4 +1,5 @@
%define _lto_cflags %{nil}
%global _default_patch_fuzz 2
# enable|disable system build flags
%global system_build_flags 0
@ -22,6 +23,10 @@
# enable|disble bootstrap
%global bootstrap 0
# workaround for old gn on rhel, it causes build error: unknown function filter_labels_include()
%if 0%{?rhel}
%global bootstrap 1
%endif
# Fancy build status, so we at least know, where we are..
# %1 where
@ -75,7 +80,7 @@
# v4l2_codec only enable for fedora aarch64
%global use_v4l2_codec 0
# libva is too old on el8.
# libva is too old on el8
%if 0%{?rhel} == 8
%global use_vaapi 0
%endif
@ -102,10 +107,6 @@
%endif
%endif
# Seems like we might need this sometimes
# Practically, no. But it's here in case we do.
%global use_gold 0
%global build_clear_key_cdm 0
# Disabled because of Google, starting with Chromium 88.
@ -196,6 +197,8 @@
%global bundlelibaom 1
%global bundlelibavif 1
%global bundlesnappy 1
%global bundleicu 1
%global bundledav1d 1
%global bundlepylibs 0
%global bundlelibxslt 0
%global bundleflac 0
@ -226,7 +229,6 @@
%global bundlefontconfig 1
%global bundleffmpegfree 1
%global bundlebrotli 1
%global bundleicu 1
%global bundlelibopenjpeg2 1
%global bundlelibtiff 1
%global bundlecrc32c 1
@ -235,14 +237,11 @@
%else
%if 0%{?fedora} > 38 || 0%{?rhel} > 9
%global bundlebrotli 0
%global bundleicu 0
%global bundlelibwebp 0
%else
%global bundlebrotli 1
%global bundleicu 1
%global bundlelibwebp 1
%endif
%global bundledav1d 0
%global bundlelibpng 0
%global bundlelibjpeg 0
%global bundlelibdrm 0
@ -295,8 +294,8 @@
%endif
Name: chromium%{chromium_channel}
Version: 126.0.6478.182
Release: 2%{?dist}
Version: 127.0.6533.72
Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@ -471,6 +470,12 @@ Patch412: fix-unknown-warning-option-messages.diff
# error: undefined symbol: llvm::MCAsmInfoXCOFF::MCAsmInfoXCOFF()
Patch413: fix-swiftshader-compile.patch
# upstream patches
Patch501: chromium-127-ninja-1.21.1-deps-part0.patch
Patch502: chromium-127-ninja-1.21.1-deps-part1.patch
Patch503: chromium-127-ninja-1.21.1-deps-part2.patch
Patch504: chromium-127-ninja-1.21.1-deps-part3.patch
# Use chromium-latest.py to generate clean tarball from released build tarballs, found here:
# http://build.chromium.org/buildbot/official/
# For Chromium Fedora use chromium-latest.py --stable --ffmpegclean --ffmpegarm
@ -635,8 +640,9 @@ BuildRequires: pciutils-devel
BuildRequires: pulseaudio-libs-devel
# For screen sharing on Wayland
%if 0%{?fedora} || 0%{?rhel} >= 8
BuildRequires: pkgconfig(libpipewire-0.3)
# pipewire is old on el8, chromium needs new version, disable it temporary
%if 0%{?fedora} || 0%{?rhel} > 8
BuildRequires: pipewire-devel
%endif
# for /usr/bin/appstream-util
@ -1179,11 +1185,19 @@ Qt6 UI for chromium.
%patch -P413 -p1 -b .fix-swiftshader-compile
%endif
%if 0%{?fedora} > 39
%patch -P501 -p1 -b .ninja-1.21.1-deps
%patch -P502 -p1 -b .ninja-1.21.1-deps
%patch -P503 -p1 -b .ninja-1.21.1-deps
%patch -P504 -p1 -b .ninja-1.21.1-deps
%endif
# Change shebang in all relevant files in this directory and all subdirectories
# See `man find` for how the `-exec command {} +` syntax works
find -type f \( -iname "*.py" \) -exec sed -i '1s=^#! */usr/bin/\(python\|env python\)[23]\?=#!%{chromium_pybin}=' {} +
# Add correct path for nodejs binary
rm -rf third_party/node/linux/node-linux-x64*
%if ! %{system_nodejs}
pushd third_party/node/linux
%ifarch x86_64
@ -1311,7 +1325,6 @@ CHROMIUM_CORE_GN_DEFINES=""
CHROMIUM_CORE_GN_DEFINES+=' custom_toolchain="//build/toolchain/linux/unbundle:default"'
CHROMIUM_CORE_GN_DEFINES+=' host_toolchain="//build/toolchain/linux/unbundle:default"'
CHROMIUM_CORE_GN_DEFINES+=' is_debug=false dcheck_always_on=false dcheck_is_configurable=false'
CHROMIUM_CORE_GN_DEFINES+=' use_goma=false'
CHROMIUM_CORE_GN_DEFINES+=' enable_nacl=false'
CHROMIUM_CORE_GN_DEFINES+=' system_libdir="%{_lib}"'
@ -1354,12 +1367,6 @@ CHROMIUM_CORE_GN_DEFINES+=" rustc_version=\"$rustc_version\""
CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false'
%if %{use_gold}
CHROMIUM_CORE_GN_DEFINES+=' use_gold=true'
%else
CHROMIUM_CORE_GN_DEFINES+=' use_gold=false'
%endif
%ifarch aarch64
CHROMIUM_CORE_GN_DEFINES+=' target_cpu="arm64"'
%endif
@ -1429,8 +1436,10 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_vaapi=false'
CHROMIUM_BROWSER_GN_DEFINES+=' use_v4l2_codec=true'
%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
%if 0%{?fedora} || 0%{?rhel} > 8
CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true rtc_link_pipewire=true'
%else
CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=false rtc_link_pipewire=false'
%endif
%if ! %{bundlelibjpeg}
@ -1979,6 +1988,25 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%endif
%changelog
* Wed Jul 24 2024 Than Ngo <than@redhat.com> - 127.0.6533.72-1
- update to 127.0.6533.72
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
* CVE-2024-7005: Insufficient validation of untrusted input in Safe
* Sat Jul 20 2024 Than Ngo <than@redhat.com> - 126.0.6478.182-2
- fix condition for is_cfi/use_thin_lto on aarch64/ppc64le
- update powerpc patches

Loading…
Cancel
Save