import chromium-125.0.6422.141-1.el9

4 months ago · ae97dda27a
parent 92dc475bdd
commit ae97dda27a
5 changed files with 93 additions and 8 deletions
--- a/.chromium.metadata
+++ b/.chromium.metadata
@ -1,3 +1,3 @@
-0396fc951cb2fe7b9b4a572d66433ac59e6df24d  SOURCES/chromium-125.0.6422.112-clean.tar.xz
+6eed516c8166d4a3e9865cb54ab5948d2bbb3a95  SOURCES/chromium-125.0.6422.141-clean.tar.xz
 7e5d2c7864c5c83ec789b59c77cd9c20d2594916  SOURCES/linux-arm64-0.19.2.tgz
 dea187019741602d57aaf189a80abba261fbd2aa  SOURCES/linux-x64-0.19.2.tgz
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,3 @@
-SOURCES/chromium-125.0.6422.112-clean.tar.xz
+SOURCES/chromium-125.0.6422.141-clean.tar.xz
 SOURCES/linux-arm64-0.19.2.tgz
 SOURCES/linux-x64-0.19.2.tgz
--- a/SOURCES/chromium-latest.py
+++ b/SOURCES/chromium-latest.py
@ -1,5 +1,5 @@
 #!/usr/bin/python3
-# Copyright 2021-2023, Than Ngo <than@redhat.com>
+# Copyright 2021-2024, Than Ngo <than@redhat.com>
 # Copyright 2010,2015-2019 Tom Callaway <tcallawa@redhat.com>
 # Copyright 2013-2016 Tomas Popela <tpopela@redhat.com>
 # Permission is hereby granted, free of charge, to any person obtaining
@ -335,6 +335,8 @@ if __name__ == '__main__':
  if (args.ffmpegclean):
    print("Cleaning ffmpeg from proprietary things...")
    os.system("./clean_ffmpeg.sh %s %d" % (latest_dir, 0 if args.ffmpegarm else 1))
+    print("Cleaning openh264 from proprietary things...")
+    os.system("find %s/third_party/openh264/src -type f -not -name '*.h' -delete " % latest_dir)
    print("Done!")

  if (not args.prep):
--- a/SOURCES/chromium.conf
+++ b/SOURCES/chromium.conf
@ -1,3 +1,48 @@
 # system wide chromium flags
+
+# GRAPHIC_DRIVER=[amd|intel|nvidia|default]
+GRAPHIC_DRIVER=default
+
+# WEB_DARKMODE=[on|off]
+WEB_DARKMODE=off
+
 CHROMIUM_FLAGS=""
-CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl --enable-features=VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
+CHROMIUM_FLAGS+=" --enable-native-gpu-memory-buffers"
+CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames"
+CHROMIUM_FLAGS+=" --enable-zero-copy"
+CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround"
+CHROMIUM_FLAGS+=" --enable-chrome-browser-cloud-management"
+
+FEATURES=""
+
+case "$GRAPHIC_DRIVER" in
+   amd)
+      # Need new mesa with AMD multi planes support, is not yet supported in fedora
+      # see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=vulkan --enable-accelerated-video-decode"
+      FEATURES+="Vulkan,VulkanFromANGLE,DefaultANGLEVulkan,VaapiIgnoreDriverChecks,VaapiVideoDecoder,UseMultiPlaneFormatForHardwareVideo"
+      ;;
+   nvidia)
+      # The NVIDIA VaAPI drivers are known to not support Chromium
+      # see https://crbug.com/1492880. This feature switch is
+      # provided for developers to test VaAPI drivers on NVIDIA GPUs
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      FEATURES+="VaapiVideoDecodeLinuxGL,VaapiVideoEncoder,VaapiOnNvidiaGPUs"
+      ;;
+   intel)
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      FEATURES+="VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
+      ;;
+   *)
+      CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
+      FEATURES+="VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
+      ;;
+esac
+       
+# Web Dark mode
+if [ "$WEB_DARKMODE" == "on" ] ; then
+   darktype="WebContentsForceDark:inversion_method/cielab_based/image_behavior/none/foreground_lightness_threshold/150/background_lightness_threshold/205"
+   FEATURES+=",$darktype"
+fi
+
+CHROMIUM_FLAGS+=" --enable-features=$FEATURES"
--- a/SPECS/chromium.spec
+++ b/SPECS/chromium.spec
@ -99,6 +99,10 @@
 %endif
 %endif

+%if 0%{?fedora} >= 40
+%global noopenh264 1
+%endif
+
 # Workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2239523
 # Disable BTI until this is fixed upstream.
 %global disable_bti 0
@ -179,6 +183,11 @@
 %endif
 %endif

+%ifarch ppc64le
+# workaround for a bug in new llvm on f40/rawhide (ppc64le)
+%global cfi 0
+%endif
+
 # set correct toolchain
 %if %{clang}
 %global toolchain clang
@ -306,7 +315,7 @@
 %endif

 Name:	chromium%{chromium_channel}
-Version: 125.0.6422.112
+Version: 125.0.6422.141
 Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@ -646,6 +655,10 @@ Conflicts: ffmpeg-libs%{_isa} < 6.0.1-2
 %endif
 %endif

+%if 0%{?noopenh264}
+BuildRequires: pkgconfig(openh264)
+%endif
+
 # build with system libaom
 %if ! %{bundlelibaom}
 BuildRequires: libaom-devel
@ -674,9 +687,7 @@ BuildRequires: pkgconfig(Qt6Core)
 BuildRequires: pkgconfig(Qt6Widgets)
 %endif

-%if %{cfi}
 BuildRequires: compiler-rt
-%endif

 %if ! %{bundleharfbuzz}
 BuildRequires:	harfbuzz-devel >= 2.4.0
@ -1471,7 +1482,7 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene
 CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0'

 %if ! %{cfi}
-CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false'
+CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false use_thin_lto=false'
 %endif

 %if %{useapikey}
@ -1539,8 +1550,14 @@ CHROMIUM_BROWSER_GN_DEFINES+=' ffmpeg_branding="Chrome" proprietary_codecs=true
 %else
 CHROMIUM_BROWSER_GN_DEFINES+=' ffmpeg_branding="Chromium" proprietary_codecs=false is_component_ffmpeg=false enable_ffmpeg_video_decoders=false media_use_ffmpeg=true'
 %endif
+# link against noopenh264 library
+%if 0%{?noopenh264}
+CHROMIUM_BROWSER_GN_DEFINES+=' media_use_openh264=true'
+CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_h264=true'
+%else
 CHROMIUM_BROWSER_GN_DEFINES+=' media_use_openh264=false'
 CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_h264=false'
+%endif
 CHROMIUM_BROWSER_GN_DEFINES+=' use_kerberos=true'

 %if %{use_qt}
@ -1699,6 +1716,9 @@ system_libs=()
 %if ! %{bundleflac}
 	system_libs+=(flac)
 %endif
+%if 0%{?noopenh264}
+	system_libs+=(openh264)
+%endif

 build/linux/unbundle/replace_gn_files.py --system-libraries ${system_libs[@]}

@ -2107,6 +2127,24 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif

 %changelog
+* Fri May 31 2024 Than Ngo <than@redhat.com> - 125.0.6422.141-1
+- update to 125.0.6422.141
+  * High CVE-2024-5493: Heap buffer overflow in WebRTC
+  * High CVE-2024-5494: Use after free in Dawn
+  * High CVE-2024-5495: Use after free in Dawn
+  * High CVE-2024-5496: Use after free in Media Session
+  * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
+  * High CVE-2024-5498: Use after free in Presentation API
+  * High CVE-2024-5499: Out of bounds write in Streams API
+- fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams
+- cleanup chromium.conf
+
+* Wed May 29 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-3
+- build against noopenh264
+
+* Tue May 28 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-2
+- Workaround for build error on pp64le
+
 * Sun May 26 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-1
 - update to 125.0.6422.112
  * High CVE-2024-5274: Type Confusion in V8