From 77a98883593f5afa60c2f41d60df38e0391552e9 Mon Sep 17 00:00:00 2001 From: tigro Date: Thu, 21 Nov 2024 21:31:30 +0300 Subject: [PATCH] - Update to 131.0.6778.85 * High CVE-2024-11395: Type Confusion in V8 - Update to 131.0.6778.69 * High CVE-2024-11110: Inappropriate implementation in Blink * Medium CVE-2024-11111: Inappropriate implementation in Autofill * Medium CVE-2024-11112: Use after free in Media * Medium CVE-2024-11113: Use after free in Accessibility * Medium CVE-2024-11114: Inappropriate implementation in Views * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation * Medium CVE-2024-11116: Inappropriate implementation in Paint * Low CVE-2024-11117: Inappropriate implementation in FileSystem --- .chromium.metadata | 5 +- .gitignore | 4 +- ...rch-bar-as-default-on-newtab-and-new.patch | 76 +++++++++---------- ...party-libvpx-Remove-bad-ppc64-config.patch | 54 ++++++------- ...K-debian-clang-disable-base-musttail.patch | 31 +++++--- SOURCES/chromium-131-system-freetype.patch | 13 ++++ SOURCES/chromium.conf | 2 +- SOURCES/clean_ffmpeg.sh | 7 -- SOURCES/fix-rustc.patch | 16 ++-- SOURCES/get_chromium_from_git.sh | 61 +++++++++++++++ SPECS/chromium.spec | 53 +++++++++---- 11 files changed, 210 insertions(+), 112 deletions(-) create mode 100644 SOURCES/chromium-131-system-freetype.patch create mode 100644 SOURCES/get_chromium_from_git.sh diff --git a/.chromium.metadata b/.chromium.metadata index 88bbb7b8..201b50ac 100644 --- a/.chromium.metadata +++ b/.chromium.metadata @@ -1,6 +1,6 @@ -9946798d9178374002690cd754a13cbb54696794 SOURCES/chromium-130.0.6723.116.tar.xz +28642f34c08161258a0c3194b011b777fad790cd SOURCES/chromium-131.0.6778.85.tar.xz +90d7b49571c3c1b5fbf7354222a1ed70c0bbc127 SOURCES/Chromium-Gost-e60ce2a2a889f72a20dcd9d89c458b6836ee67f6.tar.xz ccd15016324e640c40f6fc01ab076dc52196ea54 SOURCES/msspi-e91bd46306cc7044b2903cd07b788c13c36481e3.tar.xz -6445256b9e87e59aeec1f486174a27a15f6caa2c SOURCES/Chromium-Gost-7706f212673c41cdc1df94f95710358598c119f3.tar.xz dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz 7e5d2c7864c5c83ec789b59c77cd9c20d2594916 SOURCES/linux-arm64-0.19.2.tgz 769196d081c6a0ad37f1c63dec56febfff3370de SOURCES/node-v20.6.1-linux-x64.tar.xz @@ -8,3 +8,4 @@ dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz 8e9bc55cce3899627b2810ecfe87116c5a9147b5 SOURCES/chromium-browser-gost-icons.tar.xz b66519ed49abdd4712315ae3a4645830073c09cf SOURCES/bindgen-cli-aarch64.tar.xz 107a886d1095bb01268e6cd51f1878385e694229 SOURCES/bindgen-cli-x86_64.tar.xz + diff --git a/.gitignore b/.gitignore index 1ae1dd93..84b7cf65 100644 --- a/.gitignore +++ b/.gitignore @@ -1,10 +1,10 @@ -SOURCES/chromium-130.0.6723.116.tar.xz +SOURCES/chromium-131.0.6778.85.tar.xz SOURCES/linux-x64-0.19.2.tgz SOURCES/linux-arm64-0.19.2.tgz SOURCES/node-v20.6.1-linux-x64.tar.xz SOURCES/node-v20.6.1-linux-arm64.tar.xz SOURCES/chromium-browser-gost-icons.tar.xz SOURCES/msspi-e91bd46306cc7044b2903cd07b788c13c36481e3.tar.xz -SOURCES/Chromium-Gost-124a371049d7a087a24f25ee4c5ed51c897a157b.tar.xz +SOURCES/Chromium-Gost-e60ce2a2a889f72a20dcd9d89c458b6836ee67f6.tar.xz SOURCES/bindgen-cli-aarch64.tar.xz SOURCES/bindgen-cli-x86_64.tar.xz diff --git a/SOURCES/0001-Added-Yandex-search-bar-as-default-on-newtab-and-new.patch b/SOURCES/0001-Added-Yandex-search-bar-as-default-on-newtab-and-new.patch index d6e34a69..966a7569 100644 --- a/SOURCES/0001-Added-Yandex-search-bar-as-default-on-newtab-and-new.patch +++ b/SOURCES/0001-Added-Yandex-search-bar-as-default-on-newtab-and-new.patch @@ -1,4 +1,4 @@ -From 44a40a76c7f7a0a4effc7a99ce25825a3dbec0ab Mon Sep 17 00:00:00 2001 +From a7f4daf245fae8cbee949584a3d10d141c221a5a Mon Sep 17 00:00:00 2001 From: tigro Date: Thu, 19 Sep 2024 17:54:08 +0300 Subject: [PATCH] Added Yandex search bar as default on newtab and new-tab-page @@ -30,10 +30,10 @@ Subject: [PATCH] Added Yandex search bar as default on newtab and new-tab-page 23 files changed, 88 insertions(+), 33 deletions(-) diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd -index b597bcdb0c..4da22b920c 100644 +index 47cecfd278..024a9dc2f6 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd -@@ -7741,10 +7741,8 @@ Keep your key file in a safe place. You will need it to create new versions of y +@@ -7698,10 +7698,8 @@ Keep your key file in a safe place. You will need it to create new versions of y @@ -45,10 +45,10 @@ index b597bcdb0c..4da22b920c 100644 Add to your search diff --git a/chrome/app/resources/generated_resources_be.xtb b/chrome/app/resources/generated_resources_be.xtb -index ba534914bc..b79dc7658e 100644 +index 03dc88027c..1f056930cd 100644 --- a/chrome/app/resources/generated_resources_be.xtb +++ b/chrome/app/resources/generated_resources_be.xtb -@@ -9737,7 +9737,7 @@ +@@ -9816,7 +9816,7 @@ Стварайце рэзервовыя копіі сваіх даных, каб іх можна было выкарыстоўваць на іншых прыладах Стварыце ярлык на працоўным стале прылады, каб мець прамы доступ да гэтага профілю Падключыце клавіятуру або мыш. Калі вы выкарыстоўваеце прылады з Bluetooth, упэўніцеся, што яны гатовыя да спалучэння. @@ -57,7 +57,7 @@ index ba534914bc..b79dc7658e 100644 У Google пашырэнне "" абазначана як шкоднае. Яго ўсталяванне было прадухілена Адваротная прагортка сэнсарнай панэллю Камерцыйнае падпісванне кода ў Microsoft -@@ -11485,4 +11485,4 @@ +@@ -11578,4 +11578,4 @@ Пры наведванні сайтаў яны будуць аўтаматычна ўлічваць гэту наладу. Звычайна сайты адпраўляюць апавяшчэнні, каб паведаміць вам пра экстранныя навіны або новыя паведамленні ў чаце. Каб выкарыстоўваць функцыю сінхранізацыі параметраў Wi-Fi, уключыце Сінхранізацыю Chrome. Даведацца больш Пра&верыць @@ -65,10 +65,10 @@ index ba534914bc..b79dc7658e 100644 \ No newline at end of file + diff --git a/chrome/app/resources/generated_resources_en-GB.xtb b/chrome/app/resources/generated_resources_en-GB.xtb -index 969e766c16..a6e8f938ef 100644 +index f283ab5ede..5d7368f6e7 100644 --- a/chrome/app/resources/generated_resources_en-GB.xtb +++ b/chrome/app/resources/generated_resources_en-GB.xtb -@@ -9748,7 +9748,7 @@ Keep your key file in a safe place. You will need it to create new versions of y +@@ -9827,7 +9827,7 @@ Keep your key file in a safe place. You will need it to create new versions of y Back up your stuff and use it on any device Create a desktop shortcut on your device to access directly to this profile Connect a keyboard or mouse. If you are using Bluetooth devices, make sure that your devices are ready to pair. @@ -78,10 +78,10 @@ index 969e766c16..a6e8f938ef 100644 Touchpad reverse scrolling Microsoft Commercial Code Signing diff --git a/chrome/app/resources/generated_resources_ru.xtb b/chrome/app/resources/generated_resources_ru.xtb -index 2f8d4a2a1f..75c68ba79b 100644 +index 2cea179a09..60a3fd18a2 100644 --- a/chrome/app/resources/generated_resources_ru.xtb +++ b/chrome/app/resources/generated_resources_ru.xtb -@@ -9741,7 +9741,7 @@ +@@ -9820,7 +9820,7 @@ Создайте резервную копию данных и используйте их на любом устройстве. Чтобы быстро переключаться на этот профиль, создайте ярлык на рабочем столе Подключите мышь или клавиатуру. Если вы используете устройства Bluetooth, убедитесь, что они готовы к подключению. @@ -91,10 +91,10 @@ index 2f8d4a2a1f..75c68ba79b 100644 Обратное направление прокрутки с помощью сенсорной панели Подписывание коммерческого кода Microsoft diff --git a/chrome/app/resources/generated_resources_uk.xtb b/chrome/app/resources/generated_resources_uk.xtb -index 06937a3c8d..0a9a6a2b5b 100644 +index 2579b09b79..83edc733cb 100644 --- a/chrome/app/resources/generated_resources_uk.xtb +++ b/chrome/app/resources/generated_resources_uk.xtb -@@ -9751,7 +9751,7 @@ +@@ -9830,7 +9830,7 @@ Створюйте резервні копії даних і використовуйте їх на будь-якому пристрої Створити ярлик на робочому столі, щоб відразу переходити до цього профілю Підключіть клавіатуру або мишу. Якщо ви користуєтеся пристроями з Bluetooth, переконайтеся, що вони готові до підключення. @@ -160,7 +160,7 @@ index cc89f05912..020eb1413d 100644 /** Entrypoint for the upload by url action. */ const UPLOAD_URL_ENTRYPOINT: string = 'cntpubu'; diff --git a/chrome/browser/resources/new_tab_page/lens_upload_dialog.css b/chrome/browser/resources/new_tab_page/lens_upload_dialog.css -index bde20d9920..ef6dfbdd24 100644 +index 2f53948285..422291d042 100644 --- a/chrome/browser/resources/new_tab_page/lens_upload_dialog.css +++ b/chrome/browser/resources/new_tab_page/lens_upload_dialog.css @@ -109,7 +109,7 @@ @@ -173,7 +173,7 @@ index bde20d9920..ef6dfbdd24 100644 position: relative; width: 100%; diff --git a/chrome/browser/resources/new_tab_page/lens_upload_dialog.html b/chrome/browser/resources/new_tab_page/lens_upload_dialog.html -index 9e02b5266c..7a4fbfb75f 100644 +index 09f613f71a..69ee3a7366 100644 --- a/chrome/browser/resources/new_tab_page/lens_upload_dialog.html +++ b/chrome/browser/resources/new_tab_page/lens_upload_dialog.html @@ -22,7 +22,7 @@ @@ -270,18 +270,18 @@ index c7ae65114f..5859d72731 100644 bool IsNTPOrRelatedURL(const GURL& url, Profile* profile); diff --git a/chrome/browser/ui/webui/new_tab_page/new_tab_page_ui.cc b/chrome/browser/ui/webui/new_tab_page/new_tab_page_ui.cc -index 7e67bf7265..b43a0d7bf8 100644 +index 9fd661ba51..be7febae29 100644 --- a/chrome/browser/ui/webui/new_tab_page/new_tab_page_ui.cc +++ b/chrome/browser/ui/webui/new_tab_page/new_tab_page_ui.cc -@@ -35,6 +35,7 @@ +@@ -36,6 +36,7 @@ #include "chrome/browser/search/background/ntp_custom_background_service_factory.h" #include "chrome/browser/search_engines/template_url_service_factory.h" #include "chrome/browser/search_provider_logos/logo_service_factory.h" +#include "chrome/browser/search/search.h" + #include "chrome/browser/segmentation_platform/segmentation_platform_service_factory.h" #include "chrome/browser/signin/identity_manager_factory.h" #include "chrome/browser/sync/sync_service_factory.h" - #include "chrome/browser/themes/theme_service_factory.h" -@@ -424,6 +425,10 @@ content::WebUIDataSource* CreateAndAddNewTabPageUiHtmlSource(Profile* profile) { +@@ -453,6 +454,10 @@ content::WebUIDataSource* CreateAndAddNewTabPageUiHtmlSource(Profile* profile) { base::NumberToString( ntp_features::kNtpCalendarModuleWindowEndDeltaParam.Get().InHours())); @@ -334,7 +334,7 @@ index 98572faa77..cfb6727848 100644 #endif // COMPONENTS_SEARCH_SEARCH_H_ diff --git a/components/search_engines/keyword_table.cc b/components/search_engines/keyword_table.cc -index d4a9489e93..6cd91a2147 100644 +index c88f019f8d..85afef9757 100644 --- a/components/search_engines/keyword_table.cc +++ b/components/search_engines/keyword_table.cc @@ -173,7 +173,9 @@ void BindURLToStatement(const TemplateURLData& data, @@ -358,10 +358,10 @@ index d4a9489e93..6cd91a2147 100644 data->suggestions_url_post_params = s.ColumnString(18); data->image_url_post_params = s.ColumnString(19); diff --git a/components/search_engines/prepopulated_engines.json b/components/search_engines/prepopulated_engines.json -index 40a13e733c..a4911f5394 100644 +index 2036ba59e6..5236f359f7 100644 --- a/components/search_engines/prepopulated_engines.json +++ b/components/search_engines/prepopulated_engines.json -@@ -855,7 +855,7 @@ +@@ -838,7 +838,7 @@ "suggest_url": "https://suggest.yandex.by/suggest-ff.cgi?part={searchTerms}&{google:cursorPosition}", "image_url": "https://yandex.by/images/search/?rpt=imageview", "image_url_post_params": "upfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1", @@ -370,7 +370,7 @@ index 40a13e733c..a4911f5394 100644 "type": "SEARCH_ENGINE_YANDEX", "id": 15 }, -@@ -868,6 +868,7 @@ +@@ -851,6 +851,7 @@ "suggest_url": "https://suggest.yandex.com/suggest-ff.cgi?part={searchTerms}&{google:cursorPosition}", "image_url": "https://yandex.com/images/search?rpt=imageview", "image_url_post_params": "upfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1", @@ -378,7 +378,7 @@ index 40a13e733c..a4911f5394 100644 "type": "SEARCH_ENGINE_YANDEX", "id": 15, "regulatory_extensions": [ -@@ -893,7 +894,7 @@ +@@ -876,7 +877,7 @@ "suggest_url": "https://suggest.yandex.kz/suggest-ff.cgi?part={searchTerms}&{google:cursorPosition}", "image_url": "https://yandex.kz/images/search/?rpt=imageview", "image_url_post_params": "upfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1", @@ -387,7 +387,7 @@ index 40a13e733c..a4911f5394 100644 "type": "SEARCH_ENGINE_YANDEX", "id": 15 }, -@@ -907,7 +908,7 @@ +@@ -890,7 +891,7 @@ "suggest_url": "https://suggest.yandex.ru/suggest-ff.cgi?part={searchTerms}&{google:cursorPosition}", "image_url": "https://yandex.ru/images/search/?rpt=imageview", "image_url_post_params": "upfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1", @@ -396,7 +396,7 @@ index 40a13e733c..a4911f5394 100644 "type": "SEARCH_ENGINE_YANDEX", "id": 15 }, -@@ -920,7 +921,7 @@ +@@ -903,7 +904,7 @@ "suggest_url": "https://suggest.yandex.com.tr/suggest-ff.cgi?part={searchTerms}&{google:cursorPosition}", "image_url": "https://yandex.com.tr/gorsel/search?rpt=imageview", "image_url_post_params": "upfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1", @@ -405,7 +405,7 @@ index 40a13e733c..a4911f5394 100644 "type": "SEARCH_ENGINE_YANDEX", "id": 15 }, -@@ -934,7 +935,7 @@ +@@ -917,7 +918,7 @@ "suggest_url": "https://suggest.yandex.ua/suggest-ff.cgi?part={searchTerms}&{google:cursorPosition}", "image_url": "https://yandex.ua/images/search/?rpt=imageview", "image_url_post_params": "upfile={google:imageThumbnail},original_width={google:imageOriginalWidth},original_height={google:imageOriginalHeight},prg=1", @@ -415,7 +415,7 @@ index 40a13e733c..a4911f5394 100644 "id": 15 }, diff --git a/components/search_engines/search_engine_countries-inc.cc b/components/search_engines/search_engine_countries-inc.cc -index 468d6ca0ef..029c2c2966 100644 +index a4a0459de0..616430f279 100644 --- a/components/search_engines/search_engine_countries-inc.cc +++ b/components/search_engines/search_engine_countries-inc.cc @@ -38,6 +38,7 @@ struct EngineAndTier { @@ -426,7 +426,7 @@ index 468d6ca0ef..029c2c2966 100644 {SearchEngineTier::kTopEngines, &google}, {SearchEngineTier::kTopEngines, &bing}, {SearchEngineTier::kTopEngines, &yahoo}, -@@ -174,8 +175,8 @@ constexpr EngineAndTier engines_BR[] = { +@@ -173,8 +174,8 @@ constexpr EngineAndTier engines_BR[] = { // Belarus constexpr EngineAndTier engines_BY[] = { @@ -436,7 +436,7 @@ index 468d6ca0ef..029c2c2966 100644 {SearchEngineTier::kTopEngines, &bing}, {SearchEngineTier::kTopEngines, &duckduckgo}, {SearchEngineTier::kTopEngines, &mail_ru}, -@@ -499,9 +500,9 @@ constexpr EngineAndTier engines_IN[] = { +@@ -498,9 +499,9 @@ constexpr EngineAndTier engines_IN[] = { // Iraq constexpr EngineAndTier engines_IQ[] = { @@ -447,7 +447,7 @@ index 468d6ca0ef..029c2c2966 100644 {SearchEngineTier::kTopEngines, &yahoo}, {SearchEngineTier::kTopEngines, &duckduckgo}, }; -@@ -595,8 +596,8 @@ constexpr EngineAndTier engines_KW[] = { +@@ -594,8 +595,8 @@ constexpr EngineAndTier engines_KW[] = { // Kazakhstan constexpr EngineAndTier engines_KZ[] = { @@ -457,7 +457,7 @@ index 468d6ca0ef..029c2c2966 100644 {SearchEngineTier::kTopEngines, &bing}, {SearchEngineTier::kTopEngines, &mail_ru}, {SearchEngineTier::kTopEngines, &yahoo}, -@@ -1012,8 +1013,8 @@ constexpr EngineAndTier engines_TN[] = { +@@ -1010,8 +1011,8 @@ constexpr EngineAndTier engines_TN[] = { // Turkey constexpr EngineAndTier engines_TR[] = { @@ -468,10 +468,10 @@ index 468d6ca0ef..029c2c2966 100644 {SearchEngineTier::kTopEngines, &bing}, {SearchEngineTier::kTopEngines, &duckduckgo}, diff --git a/components/search_engines/template_url_data_util.cc b/components/search_engines/template_url_data_util.cc -index 2616957c6a..54ee4d1811 100644 +index 18364f4324..6dc09f5e63 100644 --- a/components/search_engines/template_url_data_util.cc +++ b/components/search_engines/template_url_data_util.cc -@@ -80,10 +80,12 @@ std::unique_ptr TemplateURLDataFromDictionary( +@@ -75,10 +75,12 @@ std::unique_ptr TemplateURLDataFromDictionary( if (string_value) { result->image_translate_url = *string_value; } @@ -484,7 +484,7 @@ index 2616957c6a..54ee4d1811 100644 string_value = dict.FindString(DefaultSearchManager::kContextualSearchURL); if (string_value) { result->contextual_search_url = *string_value; -@@ -351,7 +353,7 @@ std::unique_ptr TemplateURLDataFromPrepopulatedEngine( +@@ -343,7 +345,7 @@ std::unique_ptr TemplateURLDataFromPrepopulatedEngine( ToU16StringView(engine.name), ToU16StringView(engine.keyword), ToStringView(engine.search_url), ToStringView(engine.suggest_url), ToStringView(engine.image_url), ToStringView(engine.image_translate_url), @@ -493,7 +493,7 @@ index 2616957c6a..54ee4d1811 100644 ToStringView(engine.contextual_search_url), ToStringView(engine.logo_url), ToStringView(engine.doodle_url), ToStringView(engine.search_url_post_params), -@@ -443,10 +445,12 @@ std::unique_ptr TemplateURLDataFromOverrideDictionary( +@@ -434,10 +436,12 @@ std::unique_ptr TemplateURLDataFromOverrideDictionary( if (string_value) { image_translate_url = *string_value; } @@ -507,10 +507,10 @@ index 2616957c6a..54ee4d1811 100644 if (string_value) { contextual_search_url = *string_value; diff --git a/components/search_engines/template_url_prepopulate_data.cc b/components/search_engines/template_url_prepopulate_data.cc -index 208ef4af2b..f30c8a9cb5 100644 +index 6c32b0e684..42e0d25e16 100644 --- a/components/search_engines/template_url_prepopulate_data.cc +++ b/components/search_engines/template_url_prepopulate_data.cc -@@ -84,6 +84,13 @@ GetPrepopulatedEnginesForEeaRegionCountries(int country_id, +@@ -79,6 +79,13 @@ GetPrepopulatedEnginesForEeaRegionCountries(int country_id, std::shuffle(t_urls.begin(), t_urls.end(), generator); CHECK_LE(t_urls.size(), kMaxEeaPrepopulatedEngines); @@ -524,7 +524,7 @@ index 208ef4af2b..f30c8a9cb5 100644 return t_urls; } -@@ -324,7 +331,7 @@ std::unique_ptr GetPrepopulatedFallbackSearch( +@@ -318,7 +325,7 @@ std::unique_ptr GetPrepopulatedFallbackSearch( PrefService* prefs, search_engines::SearchEngineChoiceService* search_engine_choice_service) { return FindPrepopulatedEngineInternal(prefs, search_engine_choice_service, diff --git a/SOURCES/0002-third_party-libvpx-Remove-bad-ppc64-config.patch b/SOURCES/0002-third_party-libvpx-Remove-bad-ppc64-config.patch index 6b655bd9..585d4b8f 100644 --- a/SOURCES/0002-third_party-libvpx-Remove-bad-ppc64-config.patch +++ b/SOURCES/0002-third_party-libvpx-Remove-bad-ppc64-config.patch @@ -1,7 +1,6 @@ -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h -+++ /dev/null +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,330 +0,0 @@ -/* - * Copyright (c) 2024 The WebM project authors. All Rights Reserved. @@ -333,11 +332,10 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vp8_r -#endif - -#endif // VP8_RTCD_H_ -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h -+++ /dev/null -@@ -1,203 +0,0 @@ +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h 1970-01-01 01:00:00.000000000 +0100 +@@ -1,206 +0,0 @@ -/* - * Copyright (c) 2024 The WebM project authors. All Rights Reserved. - * @@ -366,6 +364,9 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vp9_r -#include "vp9/common/vp9_enums.h" -#include "vp9/common/vp9_filter.h" -#include "vpx/vpx_integer.h" +-#if !CONFIG_REALTIME_ONLY && CONFIG_VP9_ENCODER +-#include "vp9/encoder/vp9_temporal_filter.h" +-#endif - -struct macroblockd; - @@ -541,10 +542,9 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vp9_r -#endif - -#endif // VP9_RTCD_H_ -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm -+++ /dev/null +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm 1970-01-01 01:00:00.000000000 +0100 @@ -1,108 +0,0 @@ -@ This file was created from a .asm file -@ using the ads2gas.pl script. @@ -654,10 +654,9 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_c -.equ DECODE_WIDTH_LIMIT , 16384 -.equ DECODE_HEIGHT_LIMIT , 16384 - .section .note.GNU-stack,"",%progbits -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_config.c -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.c -+++ /dev/null +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.c chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_config.c +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.c 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_config.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,10 +0,0 @@ -/* Copyright (c) 2011 The WebM project authors. All Rights Reserved. */ -/* */ @@ -669,10 +668,9 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_c -#include "vpx/vpx_codec.h" -static const char* const cfg = "--target=ppc64le-linux-gcc --enable-external-build --enable-postproc --enable-multi-res-encoding --enable-temporal-denoising --enable-vp9-temporal-denoising --enable-vp9-postproc --size-limit=16384x16384 --enable-realtime-only --disable-install-docs --disable-libyuv --enable-unit-tests"; -const char *vpx_codec_build_config(void) {return cfg;} -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_config.h -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.h -+++ /dev/null +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.h chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_config.h +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.h 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_config.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,117 +0,0 @@ -/* Copyright (c) 2011 The WebM project authors. All Rights Reserved. */ -/* */ @@ -791,10 +789,9 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_c -#define DECODE_WIDTH_LIMIT 16384 -#define DECODE_HEIGHT_LIMIT 16384 -#endif /* VPX_CONFIG_H */ -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h -+++ /dev/null +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,2138 +0,0 @@ -/* - * Copyright (c) 2024 The WebM project authors. All Rights Reserved. @@ -2934,10 +2931,9 @@ Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_d -#endif - -#endif // VPX_DSP_RTCD_H_ -Index: chromium-130.0.6723.44/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h -=================================================================== ---- chromium-130.0.6723.44.orig/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h -+++ /dev/null +diff -Nur chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h +--- chromium-131.0.6778.69.orig/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h 2024-11-12 22:49:02.000000000 +0100 ++++ chromium-131.0.6778.69/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,110 +0,0 @@ -/* - * Copyright (c) 2024 The WebM project authors. All Rights Reserved. diff --git a/SOURCES/HACK-debian-clang-disable-base-musttail.patch b/SOURCES/HACK-debian-clang-disable-base-musttail.patch index 0b3d3521..fbc91160 100644 --- a/SOURCES/HACK-debian-clang-disable-base-musttail.patch +++ b/SOURCES/HACK-debian-clang-disable-base-musttail.patch @@ -1,13 +1,24 @@ -Index: chromium-128.0.6613.113/base/compiler_specific.h -=================================================================== ---- chromium-128.0.6613.113.orig/base/compiler_specific.h -+++ chromium-128.0.6613.113/base/compiler_specific.h -@@ -88,7 +88,7 @@ - // Can be used only on return statements, even for functions returning void. - // Caller and callee must have the same number of arguments and its types must - // be "similar". --#if defined(__clang__) && HAS_ATTRIBUTE(musttail) -+#if defined(__clang__) && HAS_ATTRIBUTE(musttail) && !defined(__powerpc64__) +diff -up chromium-131.0.6778.69/base/compiler_specific.h.me chromium-131.0.6778.69/base/compiler_specific.h +--- chromium-131.0.6778.69/base/compiler_specific.h.me 2024-11-19 20:44:12.404060581 +0100 ++++ chromium-131.0.6778.69/base/compiler_specific.h 2024-11-19 20:44:54.434121935 +0100 +@@ -152,7 +152,7 @@ + // MUSTTAIL return Func1(d + 1); // `Func1()` will be tail-called. + // } + // ``` +-#if __has_cpp_attribute(clang::musttail) ++#if __has_cpp_attribute(clang::musttail) && !defined(__powerpc64__) #define MUSTTAIL [[clang::musttail]] #else #define MUSTTAIL +diff -up chromium-131.0.6778.85/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_base/compiler_specific.h.me chromium-131.0.6778.85/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_base/compiler_specific.h +--- chromium-131.0.6778.85/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_base/compiler_specific.h.me 2024-11-20 18:50:28.690761262 +0100 ++++ chromium-131.0.6778.85/base/allocator/partition_allocator/src/partition_alloc/partition_alloc_base/compiler_specific.h 2024-11-20 18:54:49.374711202 +0100 +@@ -138,7 +138,7 @@ + // PA_MUSTTAIL return Func1(d + 1); // `Func1()` will be tail-called. + // } + // ``` +-#if PA_HAS_CPP_ATTRIBUTE(clang::musttail) ++#if PA_HAS_CPP_ATTRIBUTE(clang::musttail) && !defined(__powerpc64__) + #define PA_MUSTTAIL [[clang::musttail]] + #else + #define PA_MUSTTAIL diff --git a/SOURCES/chromium-131-system-freetype.patch b/SOURCES/chromium-131-system-freetype.patch new file mode 100644 index 00000000..2959690b --- /dev/null +++ b/SOURCES/chromium-131-system-freetype.patch @@ -0,0 +1,13 @@ +diff -up chromium-131.0.6778.69/build/linux/unbundle/freetype.gn.me chromium-131.0.6778.69/build/linux/unbundle/freetype.gn +--- chromium-131.0.6778.69/build/linux/unbundle/freetype.gn.me 2024-11-13 08:48:26.212329841 +0100 ++++ chromium-131.0.6778.69/build/linux/unbundle/freetype.gn 2024-11-13 08:49:03.071985611 +0100 +@@ -11,4 +11,9 @@ declare_args() { + # System FreeType configurations other than as described WILL INTRODUCE TEXT + # RENDERING AND SECURITY REGRESSIONS. + use_system_freetype = true ++ ++ # Use FreeType for font rendering. If this is set to false, FreeType is ++ # replaced with the Rust-based Fontations set of libraries plus Skia ++ # path rendering. ++ enable_freetype = true + } diff --git a/SOURCES/chromium.conf b/SOURCES/chromium.conf index d89ba3cc..62cecce8 100644 --- a/SOURCES/chromium.conf +++ b/SOURCES/chromium.conf @@ -34,7 +34,7 @@ case "$GRAPHIC_DRIVER" in # The NVIDIA VaAPI drivers are known to not support Chromium # see https://crbug.com/1492880. This feature switch is # provided for developers to test VaAPI drivers on NVIDIA GPUs - CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl --disable-gpu-compositing" + CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl" FEATURES+="VaapiVideoDecodeLinuxGL,VaapiVideoEncoder,VaapiOnNvidiaGPUs" ;; intel) diff --git a/SOURCES/clean_ffmpeg.sh b/SOURCES/clean_ffmpeg.sh index 1fb4b804..07460ce6 100644 --- a/SOURCES/clean_ffmpeg.sh +++ b/SOURCES/clean_ffmpeg.sh @@ -99,7 +99,6 @@ header_files=" libavcodec/x86/inline_asm.h \ libavcodec/get_bits.h \ libavcodec/h263dsp.h \ libavcodec/h264chroma.h \ - libavcodec/hevc.h \ libavcodec/hpeldsp.h \ libavcodec/hwaccels.h \ libavcodec/hwaccel_internal.h \ @@ -126,11 +125,6 @@ header_files=" libavcodec/x86/inline_asm.h \ libavcodec/mpegvideodata.h \ libavcodec/mpegvideoencdsp.h \ libavcodec/options_table.h \ - libavcodec/opus.h \ - libavcodec/opusdsp.h \ - libavcodec/opus_celt.h \ - libavcodec/opus_pvq.h \ - libavcodec/opus_rc.h \ libavcodec/packet.h \ libavcodec/packet_internal.h \ libavcodec/pcm_tablegen.h \ @@ -270,7 +264,6 @@ manual_files=" libavcodec/aarch64/h264pred_neon.S \ libavformat/utils.c \ libavformat/version.c \ libavutil/aarch64/asm.S \ - libavutil/aarch64/bswap.h \ libavutil/aarch64/cpu.c \ libavutil/aarch64/float_dsp_init.c \ libavutil/aarch64/float_dsp_neon.S \ diff --git a/SOURCES/fix-rustc.patch b/SOURCES/fix-rustc.patch index 7f955940..5129bed2 100644 --- a/SOURCES/fix-rustc.patch +++ b/SOURCES/fix-rustc.patch @@ -1,15 +1,13 @@ -author: Andres Salomon -description: allow ppc64le to build by using proper rustc target -Index: chromium-128.0.6613.113/build/config/rust.gni -=================================================================== ---- chromium-128.0.6613.113.orig/build/config/rust.gni -+++ chromium-128.0.6613.113/build/config/rust.gni -@@ -186,6 +186,8 @@ rust_abi_target = "" - if (is_linux || is_chromeos) { +diff -up chromium-131.0.6778.69/build/config/rust.gni.fix-rustc chromium-131.0.6778.69/build/config/rust.gni +--- chromium-131.0.6778.69/build/config/rust.gni.fix-rustc 2024-11-12 22:48:45.000000000 +0100 ++++ chromium-131.0.6778.69/build/config/rust.gni 2024-11-19 23:01:25.484436409 +0100 +@@ -200,6 +200,9 @@ if (is_linux || is_chromeos) { if (current_cpu == "arm64") { rust_abi_target = "aarch64-unknown-linux-gnu" + cargo_target_abi = "" + } else if (current_cpu == "ppc64") { + rust_abi_target = "powerpc64le-unknown-linux-gnu" ++ cargo_target_abi = "" } else if (current_cpu == "x86") { rust_abi_target = "i686-unknown-linux-gnu" - } else if (current_cpu == "x64") { + cargo_target_abi = "" diff --git a/SOURCES/get_chromium_from_git.sh b/SOURCES/get_chromium_from_git.sh new file mode 100644 index 00000000..c36e5c05 --- /dev/null +++ b/SOURCES/get_chromium_from_git.sh @@ -0,0 +1,61 @@ +#! /bin/bash + +SRC_DIR=chromium-src +VERSION=$1 +if [[ -z $VERSION ]]; then + echo "Version is missing" + exit 1 +fi + +rm -rf $SRC_DIR && mkdir -p $SRC_DIR +pushd $SRC_DIR +cat >.gclient < chromium-$VERSION-clean.tar.xz +echo "Finished!" + diff --git a/SPECS/chromium.spec b/SPECS/chromium.spec index 81e6d303..e9edd3e3 100644 --- a/SPECS/chromium.spec +++ b/SPECS/chromium.spec @@ -166,7 +166,10 @@ %global __requires_exclude ^(%{chromium_path}/.*\\.so|%{chromium_path}/.*\\.so.*)$ # enable|disable use_custom_libcxx +%global use_custom_libcxx 0 +%if 0%{?rhel} || 0%{?fedora} == 39 %global use_custom_libcxx 1 +%endif # enable|disable control flow integrity support %global cfi 0 @@ -180,9 +183,11 @@ %endif # enable qt backend +%global enable_qt 0 %global use_qt6 0 %global use_qt 0 +%if %{enable_qt} %if 0%{?rhel} > 9 || 0%{?fedora} > 39 %global use_qt6 1 %global use_qt 1 @@ -192,6 +197,7 @@ %global use_qt 1 %endif %endif +%endif # Chromium's fork of ICU is now something we can't unbundle. # This is left here to ease the change if that ever switches. @@ -217,6 +223,7 @@ %global bundlelibdrm 1 %global bundlefontconfig 1 %global bundleffmpegfree 1 +# openjpeg2, need to update to 2.5.x %global bundlelibopenjpeg2 1 %global bundlelibtiff 1 %global bundlelibxml 1 @@ -245,7 +252,7 @@ # Always build with internal ffmpeg %global bundleffmpegfree 0 -%if 0%{?fedora} || 0%{?rhel} >= 9 +%if 0%{?fedora} || 0%{?rhel} > 8 %global bundlezstd 0 %global bundlefontconfig 0 %global bundledav1d 0 @@ -257,15 +264,17 @@ %global bundlelibopenjpeg2 1 %global bundlelibtiff 0 %global bundlelibxml 0 -%if 0%{?rhel} == 9 -%global bundlecrc32c 1 -%global bundleharfbuzz 1 -%global bundlebrotli 1 -%global bundlelibwebp 1 -%else +%if 0%{?rhel} > 9 +%global bundlelibopenjpeg2 0 +%global bundleharfbuzz 0 +%global bundlebrotli 0 +%global bundlelibwebp 0 +%endif +%if 0%{?fedora} +%global bundlelibopenjpeg2 0 %global bundlecrc32c 0 %global bundleharfbuzz 0 -%global bundlebrotli 0 +%global bundlebrotli 0 %global bundlelibwebp 0 %endif %endif @@ -274,7 +283,7 @@ # Build with GOST patches # https://github.com/deemru/chromium-gost/ %global gost_build 1 -%define chromium_gost_commit 7706f212673c41cdc1df94f95710358598c119f3 +%define chromium_gost_commit e60ce2a2a889f72a20dcd9d89c458b6836ee67f6 %define msspi_commit e91bd46306cc7044b2903cd07b788c13c36481e3 %define chromium_path_gost %{_builddir}/chromium-gost %endif @@ -313,7 +322,7 @@ %endif Name: chromium%{chromium_channel} -Version: 130.0.6723.116 +Version: 131.0.6778.85 Release: 1%{?dist}.inferit Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home @@ -346,6 +355,9 @@ Patch91: chromium-108-system-opus.patch # python-3,13, Deprecationwarning: 'count' is passed as positionaö argument Patch100: chromium-128.0.6613.137-python-3.13-warning.patch +# fix build error with system freetype +Patch101: chromium-131-system-freetype.patch + # system ffmpeg # need for old ffmpeg 5.x on epel9 Patch129: chromium-125-ffmpeg-5.x-reordered_opaque.patch @@ -1166,6 +1178,8 @@ sed -i 's/std::string data_dir_basename = "chromium"/std::string data_dir_basena %patch -P100 -p1 -b .python-3.13-warning %endif +%patch -P101 -p1 -b .chromium-131-system-freetype + %if 0%{?rhel} == 8 || 0%{?rhel} == 9 %patch -P141 -p1 -b .dma_buf_export_sync_file-conflict %endif @@ -1363,10 +1377,6 @@ sed -i 's|/opt/google/chrome-remote-desktop|%{crd_path}|g' remoting/host/setup/d # bz#2265957, add correct platform sed -i "s/Linux x86_64/Linux %{_arch}/" content/common/user_agent.cc -%if ! %{bundledav1d} -cp -a third_party/dav1d/version/version.h third_party/dav1d/libdav1d/include/dav1d/ -%endif - %build # reduce warnings @@ -2111,6 +2121,21 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %endif %changelog +* Wed Nov 20 2024 Arkady L. Shane - 131.0.6778.85-1.inferit +- Update to 131.0.6778.85 + * High CVE-2024-11395: Type Confusion in V8 + +* Tue Nov 12 2024 Arkady L. Shane - 131.0.6778.69-1.inferit +- Update to 131.0.6778.69 + * High CVE-2024-11110: Inappropriate implementation in Blink + * Medium CVE-2024-11111: Inappropriate implementation in Autofill + * Medium CVE-2024-11112: Use after free in Media + * Medium CVE-2024-11113: Use after free in Accessibility + * Medium CVE-2024-11114: Inappropriate implementation in Views + * Medium CVE-2024-11115: Insufficient policy enforcement in Navigation + * Medium CVE-2024-11116: Inappropriate implementation in Paint + * Low CVE-2024-11117: Inappropriate implementation in FileSystem + * Mon Nov 11 2024 Arkady L. Shane - 130.0.6723.116-1.inferit - Update to 130.0.6723.116 * High CVE-2024-10826: Use after free in Family Experience