diff --git a/chromium-117-workaround_for_crash_on_BTI_capable_system.patch b/chromium-117-workaround_for_crash_on_BTI_capable_system.patch new file mode 100644 index 00000000..c0ff2ae0 --- /dev/null +++ b/chromium-117-workaround_for_crash_on_BTI_capable_system.patch @@ -0,0 +1,12 @@ +diff -up chromium-117.0.5938.132/build/config/arm.gni.me chromium-117.0.5938.132/build/config/arm.gni +--- chromium-117.0.5938.132/build/config/arm.gni.me 2023-09-29 15:37:18.281122162 +0200 ++++ chromium-117.0.5938.132/build/config/arm.gni 2023-09-29 15:38:24.855369796 +0200 +@@ -140,7 +140,7 @@ if (current_cpu == "arm" || v8_current_c + # target_cpu == "arm64" filters out some cases (e.g. the ChromeOS x64 + # MSAN build) where the target platform is x64, but V8 is configured to + # use the arm64 simulator. +- arm_control_flow_integrity = "standard" ++ arm_control_flow_integrity = "pac" + } + } + assert(arm_control_flow_integrity == "none" || diff --git a/chromium.spec b/chromium.spec index 973b092c..c4809881 100644 --- a/chromium.spec +++ b/chromium.spec @@ -82,6 +82,16 @@ %endif %endif +# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2239523 +# Disable BTI until this is fixed upstream. +%global disable_bti 0 +%ifarch aarch64 +%if 0%{?fedora} +%global optflags %(echo %{optflags} | sed 's/-mbranch-protection=standard /-mbranch-protection=pac-ret /') +%global disable_bti 1 +%endif +%endif + # Seems like we might need this sometimes # Practically, no. But it's here in case we do. %global use_gold 0 @@ -238,7 +248,7 @@ %endif Name: chromium%{chromium_channel} -Version: 117.0.5938.132 +Version: 117.0.5938.149 Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home @@ -377,6 +387,11 @@ Patch350: chromium-116-tweak_about_gpu.patch # build error Patch351: chromium-117-mnemonic-error.patch +# Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2239523 +# https://bugs.chromium.org/p/chromium/issues/detail?id=1145581#c60 +# Disable BTI until this is fixed upstream. +Patch352: chromium-117-workaround_for_crash_on_BTI_capable_system.patch + # upstream patches Patch400: chromium-117-memory_leak_in_xserver.patch @@ -992,6 +1007,10 @@ udev. %patch -P350 -p1 -b .tweak_about_gpu %patch -P351 -p1 -b .mnemonic-error +%if %{disable_bti} +%patch -P352 -p1 -b .workaround_for_crash_on_BTI_capable_system +%endif + %patch -P400 -p1 -b .memory_leak_in_xserver # Change shebang in all relevant files in this directory and all subdirectories @@ -1192,10 +1211,6 @@ CHROMIUM_BROWSER_GN_DEFINES+=' media_use_openh264=false' CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_h264=false' CHROMIUM_BROWSER_GN_DEFINES+=' use_kerberos=true' -%if 0%{?rhel} == 8 -CHROMIUM_BROWSER_GN_DEFINES+=' use_gnome_keyring=false use_glib=true' -%endif - %if %{use_qt} CHROMIUM_BROWSER_GN_DEFINES+=' use_qt=true' %else @@ -1687,6 +1702,13 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %{chromium_path}/chromedriver %changelog +* Thu Oct 05 2023 Than Ngo - 117.0.5938.149-1 +- update to 117.0.5938.149 +- fix CVE-2023-5346: Type Confusion in V8 + +* Fri Sep 29 2023 Than Ngo - 117.0.5938.132-2 +- add workaround for the crash on BTI capable system + * Thu Sep 28 2023 Than Ngo - 117.0.5938.132-1 - update to 117.0.5938.132 - CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx. diff --git a/sources b/sources index adf35823..135e5f30 100644 --- a/sources +++ b/sources @@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d -SHA512 (chromium-117.0.5938.132-clean.tar.xz) = 5d394329a3d8829062409784b90779c6d73fd90dd95d73d20d180114aecd3ba36f02dea09bb13e8e9fe19dfd334593d203dece5e377a3ca057c3382f2075b992 +SHA512 (chromium-117.0.5938.149-clean.tar.xz) = a05968ec09d551e0f0ef6a1c221901ad95f78772a1de00b0bf6ecb53c7c0fff6b06c9ec29fb5bf6a160a00576b512d4dcce163b390ca5444db84a1955f85bf76