rpms
/
chromium
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- Update to 133.0.6943.98

Browse Source 
* CVE-2025-0995: Use after free in V8
  * CVE-2025-0996: Inappropriate implementation in Browser UI
  * CVE-2025-0997: Use after free in Navigation
  * CVE-2025-0998: Out of bounds memory access in V8
i8e changed/i8e/chromium-133.0.6943.98-1.el8.inferit
Arkady L. Shane 1 week ago
parent 503c2fedab
commit 7513149b09
Signed by: tigro
GPG Key ID: 1EC08A25C9DB2503
6 changed files with 78 additions and 38 deletions
Show Stats Download Patch File Download Diff File

2
.chromium.metadata
Unescape View File

@ -1,4 +1,4 @@
ea06e9381e5b28a56a1eb3d2d183e4b3ea3c7783 SOURCES/chromium-133.0.6943.53.tar.xz
6c74fd7c74d7d79e604fb909b8b3fbe34b7858df SOURCES/chromium-133.0.6943.98.tar.xz
f0fe87c901fd8d1e44eba483b8f4d8540d780308 SOURCES/Chromium-Gost-37dd7d5b7f087dce6afa0d354f4c1303681dbe8b.tar.xz
668e0721b89238cf10605bd02db809a9e5c3f9c7 SOURCES/msspi-7f7847892d4c69c454a58093553fa34d1b09c0a0.tar.xz
dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz

2
.gitignore vendored
Unescape View File

@ -1,4 +1,4 @@
SOURCES/chromium-133.0.6943.53.tar.xz
SOURCES/chromium-133.0.6943.98.tar.xz
SOURCES/linux-x64-0.19.2.tgz
SOURCES/linux-arm64-0.19.2.tgz
SOURCES/node-v20.6.1-linux-x64.tar.xz

21
SOURCES/chromium-133-pipewire-cast.patch
Unescape View File

@ -0,0 +1,21 @@
diff -up chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc.me chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc
--- chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc.me 2025-02-12 19:09:54.742875003 +0100
+++ chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc 2025-02-12 19:12:17.492620559 +0100
@@ -87,7 +87,7 @@ PipeWireNode::PipeWireNode(PipeWireSessi
.param = OnNodeParam,
};
- pw_node_add_listener(proxy_, &node_listener_, &node_events, this);
+ pw_node_add_listener((struct pw_node*) proxy_, &node_listener_, &node_events, this);
}
// static
@@ -119,7 +119,7 @@ void PipeWireNode::OnNodeInfo(void* data
uint32_t id = info->params[i].id;
if (id == SPA_PARAM_EnumFormat &&
info->params[i].flags & SPA_PARAM_INFO_READ) {
- pw_node_enum_params(that->proxy_, 0, id, 0, UINT32_MAX, nullptr);
+ pw_node_enum_params((struct pw_node*)that->proxy_, 0, id, 0, UINT32_MAX, nullptr);
break;
}
}

27
SOURCES/chromium-133-workaround-system-ffmpeg-whitelist.patch
Unescape View File

@ -1,21 +1,34 @@
diff -up chromium-133.0.6943.53/media/ffmpeg/ffmpeg_common.cc.me chromium-133.0.6943.53/media/ffmpeg/ffmpeg_common.cc
--- chromium-133.0.6943.53/media/ffmpeg/ffmpeg_common.cc.me 2025-02-09 19:57:35.117198035 +0100
+++ chromium-133.0.6943.53/media/ffmpeg/ffmpeg_common.cc 2025-02-09 22:57:26.429570196 +0100
diff -up chromium-133.0.6943.98/media/ffmpeg/ffmpeg_common.cc.than chromium-133.0.6943.98/media/ffmpeg/ffmpeg_common.cc
--- chromium-133.0.6943.98/media/ffmpeg/ffmpeg_common.cc.than 2025-02-13 11:59:31.035724118 +0100
+++ chromium-133.0.6943.98/media/ffmpeg/ffmpeg_common.cc 2025-02-14 10:39:07.825746076 +0100
@@ -76,6 +76,8 @@ const char* GetAllowedVideoDecoders() {
void ApplyCodecContextSecuritySettings(AVCodecContext* codec_context) {
// Future versions of ffmpeg may copy the allow list from the format
// context.
+// Workaround for codec whitelist with system ffmpeg
+ // Workaround for codec whitelist with system ffmpeg
+#if 0
if (!codec_context->codec_whitelist) {
// Note: FFmpeg will try to free this string, so we must duplicate it.
codec_context->codec_whitelist =
@@ -83,7 +85,7 @@ void ApplyCodecContextSecuritySettings(A
@@ -83,6 +85,7 @@ void ApplyCodecContextSecuritySettings(A
? GetAllowedAudioDecoders()
: GetAllowedVideoDecoders());
}
-
+#endif
// Note: This is security sensitive. FFmpeg may not always continue safely
// in the presence of errors. See https://crbug.com/379418979
if (base::FeatureList::IsEnabled(kStrictFFmpegCodecs)) {
diff -up chromium-133.0.6943.98/media/filters/ffmpeg_glue.cc.than chromium-133.0.6943.98/media/filters/ffmpeg_glue.cc
--- chromium-133.0.6943.98/media/filters/ffmpeg_glue.cc.than 2025-02-14 10:14:13.360398193 +0100
+++ chromium-133.0.6943.98/media/filters/ffmpeg_glue.cc 2025-02-14 10:36:46.762332912 +0100
@@ -131,8 +131,10 @@ FFmpegGlue::FFmpegGlue(FFmpegURLProtocol
// memory usage.
//
// Note: FFmpeg will try to free these strings, so we must duplicate them.
+#if 0
format_context_->codec_whitelist = av_strdup(GetAllowedAudioDecoders());
format_context_->format_whitelist = av_strdup(GetAllowedDemuxers());
+#endif
}
bool FFmpegGlue::OpenContext(bool is_local_file) {

42
SOURCES/flatpak-Expose-Widevine-into-the-sandbox.patch
Unescape View File

@ -3,16 +3,9 @@ From: Ryan Gonzalez <rymg19@gmail.com>
Date: Tue, 17 Nov 2020 13:00:39 -0600
Subject: [PATCH] flatpak: Expose Widevine into the sandbox
---
.../zygote_host/zygote_host_impl_linux.cc | 54 +++++++++++++-
sandbox/linux/services/flatpak_sandbox.cc | 74 ++++++++++++++-----
sandbox/linux/services/flatpak_sandbox.h | 27 ++++++-
3 files changed, 131 insertions(+), 24 deletions(-)
diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc
index 1703fb6ade044..3e8eb87981230 100644
--- a/content/browser/zygote_host/zygote_host_impl_linux.cc
+++ b/content/browser/zygote_host/zygote_host_impl_linux.cc
diff -up chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc.me chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc
--- chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc.me 2025-02-13 15:25:34.040044876 +0100
+++ chromium-133.0.6943.98/content/browser/zygote_host/zygote_host_impl_linux.cc 2025-02-13 17:19:22.030423834 +0100
@@ -9,7 +9,10 @@
#include <sys/types.h>
@ -24,10 +17,10 @@ index 1703fb6ade044..3e8eb87981230 100644
#include "base/posix/unix_domain_socket.h"
#include "base/process/kill.h"
#include "base/process/launch.h"
@@ -18,9 +21,12 @@
@@ -17,9 +20,12 @@
#include "base/strings/string_number_conversions.h"
#include "base/types/fixed_array.h"
#include "build/build_config.h"
#include "build/chromeos_buildflags.h"
+#include "chrome/common/chrome_paths.h" // nogncheck
#include "content/common/zygote/zygote_commands_linux.h"
#include "content/common/zygote/zygote_communication_linux.h"
@ -37,7 +30,7 @@ index 1703fb6ade044..3e8eb87981230 100644
#include "content/public/common/zygote/zygote_handle.h"
#include "sandbox/linux/services/credentials.h"
#include "sandbox/linux/services/flatpak_sandbox.h"
@@ -29,6 +35,7 @@
@@ -28,6 +34,7 @@
#include "sandbox/linux/suid/common/sandbox.h"
#include "sandbox/policy/linux/sandbox_linux.h"
#include "sandbox/policy/switches.h"
@ -45,7 +38,7 @@ index 1703fb6ade044..3e8eb87981230 100644
#if BUILDFLAG(IS_CHROMEOS)
#include "content/common/zygote/zygote_communication_linux.h"
@@ -193,8 +200,51 @@ pid_t ZygoteHostImpl::LaunchZygote(
@@ -192,8 +199,51 @@ pid_t ZygoteHostImpl::LaunchZygote(
if (is_sandboxed_zygote && use_namespace_sandbox_) {
process = sandbox::NamespaceSandbox::LaunchProcess(*cmd_line, options);
} else if (is_sandboxed_zygote && use_flatpak_sandbox_) {
@ -99,10 +92,9 @@ index 1703fb6ade044..3e8eb87981230 100644
} else {
process = base::LaunchProcess(*cmd_line, options);
}
diff --git a/sandbox/linux/services/flatpak_sandbox.cc b/sandbox/linux/services/flatpak_sandbox.cc
index 2a915a5b9fa11..ed8d4c0556f63 100644
--- a/sandbox/linux/services/flatpak_sandbox.cc
+++ b/sandbox/linux/services/flatpak_sandbox.cc
diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc
--- chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc.me 2025-02-13 15:25:34.048045104 +0100
+++ chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.cc 2025-02-13 17:14:05.784569012 +0100
@@ -4,6 +4,7 @@
#include "sandbox/linux/services/flatpak_sandbox.h"
@ -130,7 +122,7 @@ index 2a915a5b9fa11..ed8d4c0556f63 100644
FlatpakSandbox::FlatpakSandbox()
: bus_thread_("FlatpakPortalBus"), process_info_cv_(&process_info_lock_) {}
@@ -168,8 +181,9 @@ bool FlatpakSandbox::IsPidSandboxed(base::ProcessId relative_pid) {
@@ -168,8 +181,9 @@ bool FlatpakSandbox::IsPidSandboxed(base
base::Process FlatpakSandbox::LaunchProcess(
const base::CommandLine& cmdline,
@ -142,7 +134,7 @@ index 2a915a5b9fa11..ed8d4c0556f63 100644
if (external_pid == base::kNullProcessId) {
return base::Process();
}
@@ -363,9 +377,9 @@ void FlatpakSandbox::OnSpawnExitedSignal(dbus::Signal* signal) {
@@ -363,9 +377,9 @@ void FlatpakSandbox::OnSpawnExitedSignal
process_info_cv_.Broadcast();
}
@ -260,10 +252,9 @@ index 2a915a5b9fa11..ed8d4c0556f63 100644
if (sandbox_flags != 0) {
dbus::MessageWriter entry_writer(nullptr);
options_writer.OpenDictEntry(&entry_writer);
diff --git a/sandbox/linux/services/flatpak_sandbox.h b/sandbox/linux/services/flatpak_sandbox.h
index 167bbc85945ad..de8e7165b4573 100644
--- a/sandbox/linux/services/flatpak_sandbox.h
+++ b/sandbox/linux/services/flatpak_sandbox.h
diff -up chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h.me chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h
--- chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h.me 2025-02-13 15:25:34.048045104 +0100
+++ chromium-133.0.6943.98/sandbox/linux/services/flatpak_sandbox.h 2025-02-13 17:14:05.784569012 +0100
@@ -9,6 +9,8 @@
#include "base/compiler_specific.h"
#include "base/containers/flat_map.h"
@ -321,6 +312,3 @@ index 167bbc85945ad..de8e7165b4573 100644
void OnSpawnResponse(base::ProcessId* out_external_pid,
base::WaitableEvent* event,
dbus::Response* response,
--
2.46.1

22
SPECS/chromium.spec
Unescape View File

@ -308,7 +308,7 @@
%endif
Name: chromium%{chromium_channel}
Version: 133.0.6943.53
Version: 133.0.6943.98
Release: 1%{?dist}.inferit
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
@ -391,6 +391,9 @@ Patch353: chromium-127-aarch64-duplicate-case-value.patch
# remove flag split-threshold-for-reg-with-hint, it's not supported in clang <= 17
Patch354: chromium-126-split-threshold-for-reg-with-hint.patch
# fix build error with new pipewire in f43
Patch356: chromium-133-pipewire-cast.patch
# fix build error: no member named 'hardware_destructive_interference_size' in namespace 'std'
Patch355: chromium-130-hardware_destructive_interference_size.patch
@ -399,7 +402,7 @@ Patch358: chromium-127-rust-clanglib.patch
# PowerPC64 LE support
# Timothy Pearson's patchset
# https://gitlab.solidsilicon.io/public-development/open-source/chromium/openpower-patches/-/tree/chromium-128/patches/ppc64le
# https://gitlab.raptorengineering.com/raptor-engineering-public/chromium/openpower-patches
Patch359: add-ppc64-architecture-string.patch
Patch360: 0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch
Patch361: 0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch
@ -1203,6 +1206,10 @@ sed -i 's/std::string data_dir_basename = "chromium"/std::string data_dir_basena
%patch -P355 -p1 -b .hardware_destructive_interference_size
%if 0%{?fedora} > 42
%patch -P356 -p1 -b .pipewire-cast
%endif
%patch -P358 -p1 -b .rust-clang_lib
%patch -P359 -p1 -b .libavif-deps
@ -1424,7 +1431,11 @@ rust_bindgen_root="%{_prefix}"
# set clang version
clang_version="$(clang --version | sed -n 's/clang version //p' | cut -d. -f1)"
%if 0%{?fedora} > 41
clang_base_path="/usr"
%else
clang_base_path="$(clang --version | grep InstalledDir | cut -d' ' -f2 | sed 's#/bin##')"
%endif
# Core defines are flags that are true for both the browser and headless.
CHROMIUM_CORE_GN_DEFINES=""
@ -1974,6 +1985,13 @@ fi
%endif
%changelog
* Fri Feb 14 2025 Arkady L. Shane <tigro@msvsphere-os.ru> - 133.0.6943.98-1.inferit
- Update to 133.0.6943.98
* CVE-2025-0995: Use after free in V8
* CVE-2025-0996: Inappropriate implementation in Browser UI
* CVE-2025-0997: Use after free in Navigation
* CVE-2025-0998: Out of bounds memory access in V8
* Fri Feb 7 2025 Arkady L. Shane <tigro@msvsphere-os.ru> - 133.0.6943.53-1.inferit
- Update to 133.0.6943.53
* CVE-2025-0444: Use after free in Skia

Write Preview
Loading…
Cancel
Save