- Update to 117.0.5938.149

- fix CVE-2023-5346: Type Confusion in V8
- add workaround for the crash on BTI capable system
i9e-gost-119.0.6045.159 changed/i9/chromium-117.0.5938.149-1.el9.inferit
Arkady L. Shane 1 year ago
parent e4943c0737
commit 7e891dc0ca
Signed by: tigro
GPG Key ID: 9C7900103E1C4F8B

@ -1,4 +1,4 @@
83071e9aa0adf2c5b079c8531cea2014e5a7515b SOURCES/chromium-117.0.5938.132.tar.xz 1023932b50c493e0060f28055d64113b67bae8df SOURCES/chromium-117.0.5938.149.tar.xz
dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz
7e5d2c7864c5c83ec789b59c77cd9c20d2594916 SOURCES/linux-arm64-0.19.2.tgz 7e5d2c7864c5c83ec789b59c77cd9c20d2594916 SOURCES/linux-arm64-0.19.2.tgz
769196d081c6a0ad37f1c63dec56febfff3370de SOURCES/node-v20.6.1-linux-x64.tar.xz 769196d081c6a0ad37f1c63dec56febfff3370de SOURCES/node-v20.6.1-linux-x64.tar.xz

2
.gitignore vendored

@ -1,4 +1,4 @@
SOURCES/chromium-117.0.5938.132.tar.xz SOURCES/chromium-117.0.5938.149.tar.xz
SOURCES/linux-x64-0.19.2.tgz SOURCES/linux-x64-0.19.2.tgz
SOURCES/linux-arm64-0.19.2.tgz SOURCES/linux-arm64-0.19.2.tgz
SOURCES/node-v20.6.1-linux-x64.tar.xz SOURCES/node-v20.6.1-linux-x64.tar.xz

@ -0,0 +1,12 @@
diff -up chromium-117.0.5938.132/build/config/arm.gni.me chromium-117.0.5938.132/build/config/arm.gni
--- chromium-117.0.5938.132/build/config/arm.gni.me 2023-09-29 15:37:18.281122162 +0200
+++ chromium-117.0.5938.132/build/config/arm.gni 2023-09-29 15:38:24.855369796 +0200
@@ -140,7 +140,7 @@ if (current_cpu == "arm" || v8_current_c
# target_cpu == "arm64" filters out some cases (e.g. the ChromeOS x64
# MSAN build) where the target platform is x64, but V8 is configured to
# use the arm64 simulator.
- arm_control_flow_integrity = "standard"
+ arm_control_flow_integrity = "pac"
}
}
assert(arm_control_flow_integrity == "none" ||

@ -82,6 +82,16 @@
%endif %endif
%endif %endif
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2239523
# Disable BTI until this is fixed upstream.
%global disable_bti 0
%ifarch aarch64
%if 0%{?fedora}
%global optflags %(echo %{optflags} | sed 's/-mbranch-protection=standard /-mbranch-protection=pac-ret /')
%global disable_bti 1
%endif
%endif
# Seems like we might need this sometimes # Seems like we might need this sometimes
# Practically, no. But it's here in case we do. # Practically, no. But it's here in case we do.
%global use_gold 0 %global use_gold 0
@ -238,7 +248,7 @@
%endif %endif
Name: chromium%{chromium_channel} Name: chromium%{chromium_channel}
Version: 117.0.5938.132 Version: 117.0.5938.149
Release: 1%{?dist}.inferit Release: 1%{?dist}.inferit
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home Url: http://www.chromium.org/Home
@ -375,6 +385,11 @@ Patch350: chromium-116-tweak_about_gpu.patch
# build error # build error
Patch351: chromium-117-mnemonic-error.patch Patch351: chromium-117-mnemonic-error.patch
# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2239523
# https://bugs.chromium.org/p/chromium/issues/detail?id=1145581#c60
# Disable BTI until this is fixed upstream.
Patch352: chromium-117-workaround_for_crash_on_BTI_capable_system.patch
# upstream patches # upstream patches
Patch400: chromium-117-memory_leak_in_xserver.patch Patch400: chromium-117-memory_leak_in_xserver.patch
@ -1003,6 +1018,10 @@ udev.
%patch -P350 -p1 -b .tweak_about_gpu %patch -P350 -p1 -b .tweak_about_gpu
%patch -P351 -p1 -b .mnemonic-error %patch -P351 -p1 -b .mnemonic-error
%if %{disable_bti}
%patch -P352 -p1 -b .workaround_for_crash_on_BTI_capable_system
%endif
%patch -P400 -p1 -b .memory_leak_in_xserve %patch -P400 -p1 -b .memory_leak_in_xserve
%patch -P500 -p1 -b .Yandex-as-default-search-engine %patch -P500 -p1 -b .Yandex-as-default-search-engine
@ -1215,10 +1234,6 @@ CHROMIUM_BROWSER_GN_DEFINES+=' ffmpeg_branding="Chromium" proprietary_codecs=fal
%endif %endif
CHROMIUM_BROWSER_GN_DEFINES+=' use_kerberos=true' CHROMIUM_BROWSER_GN_DEFINES+=' use_kerberos=true'
%if 0%{?rhel} == 8
CHROMIUM_BROWSER_GN_DEFINES+=' use_gnome_keyring=false use_glib=true'
%endif
%if %{use_qt} %if %{use_qt}
CHROMIUM_BROWSER_GN_DEFINES+=' use_qt=true' CHROMIUM_BROWSER_GN_DEFINES+=' use_qt=true'
%else %else
@ -1709,6 +1724,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%{chromium_path}/chromedriver %{chromium_path}/chromedriver
%changelog %changelog
* Fri Oct 6 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 117.0.5938.149-1.inferit
- Update to 117.0.5938.149
- fix CVE-2023-5346: Type Confusion in V8
- add workaround for the crash on BTI capable system
* Thu Sep 28 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 117.0.5938.132-1.inferit * Thu Sep 28 2023 Arkady L. Shane <ashejn@msvsphere.ru> - 117.0.5938.132-1.inferit
- Update to 117.0.5938.132 - Update to 117.0.5938.132

Loading…
Cancel
Save