- update to 121.0.6167.160

* High CVE-2024-1284: Use after free in Mojo
  * High CVE-2024-1283: Heap buffer overflow in Skia
epel9
Than Ngo 12 months ago
parent 7ea7262aa8
commit b6171e8b50

@ -1,14 +0,0 @@
--- chromium-120.0.6099.35/chrome/browser/media/router/media_router_feature.cc.orig 2023-11-26 13:25:34.724228755 +0100
+++ chromium-120.0.6099.35/chrome/browser/media/router/media_router_feature.cc 2023-11-26 13:28:26.452359146 +0100
@@ -71,11 +71,7 @@
// TODO(b/202294946): Remove when enabled by default on ChromeOS.
BASE_FEATURE(kGlobalMediaControlsCastStartStop,
"GlobalMediaControlsCastStartStop",
-#if BUILDFLAG(IS_CHROMEOS)
base::FEATURE_DISABLED_BY_DEFAULT);
-#else
- base::FEATURE_ENABLED_BY_DEFAULT);
-#endif // BUILDFLAG(IS_CHROMEOS)
#endif // !BUILDFLAG(IS_ANDROID)
namespace {

@ -457,3 +457,59 @@ diff -up chromium-119.0.6045.105/ui/gfx/linux/drm_util_linux.h.missing-header-fi
namespace ui {
int GetFourCCFormatFromBufferFormat(gfx::BufferFormat format);
diff -up chromium-121.0.6167.139/crypto/hkdf.h.me chromium-121.0.6167.139/crypto/hkdf.h
--- chromium-121.0.6167.139/crypto/hkdf.h.me 2024-02-03 17:24:49.957949670 +0100
+++ chromium-121.0.6167.139/crypto/hkdf.h 2024-02-03 17:26:05.753312178 +0100
@@ -7,6 +7,7 @@
#include <stddef.h>
+#include <vector>
#include <string>
#include <string_view>
diff -up chromium-121.0.6167.139/ui/display/types/display_color_management.h.me chromium-121.0.6167.139/ui/display/types/display_color_management.h
--- chromium-121.0.6167.139/ui/display/types/display_color_management.h.me 2024-02-03 18:55:34.889499101 +0100
+++ chromium-121.0.6167.139/ui/display/types/display_color_management.h 2024-02-03 18:55:59.608945624 +0100
@@ -6,6 +6,7 @@
#define UI_DISPLAY_TYPES_DISPLAY_COLOR_MANAGEMENT_H_
#include <vector>
+#include <memory>
#include "third_party/skia/modules/skcms/skcms.h"
#include "ui/display/types/display_types_export.h"
diff -up chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc.me chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc
--- chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc.me 2024-02-03 21:20:32.126285578 +0100
+++ chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc 2024-02-03 21:20:50.272607248 +0100
@@ -2,6 +2,8 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include <bitset>
+
#include "ui/gfx/x/visual_manager.h"
#include "base/strings/string_number_conversions.h"
diff -up chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h.me chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h
--- chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h.me 2024-02-03 22:47:05.632713381 +0100
+++ chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h 2024-02-03 22:47:30.788293027 +0100
@@ -26,6 +26,7 @@
#include <memory>
#include <utility>
+#include <mutex>
#include "build/build_config.h"
#include "third_party/blink/renderer/platform/fonts/canvas_rotation_in_vertical.h"
diff -up chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h.me chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h
--- chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h.me 2024-02-04 09:26:02.239427860 +0100
+++ chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h 2024-02-04 09:26:10.051565081 +0100
@@ -5,6 +5,7 @@
#ifndef CHROME_BROWSER_PERFORMANCE_MANAGER_POLICIES_PROBABILITY_DISTRIBUTION_H_
#define CHROME_BROWSER_PERFORMANCE_MANAGER_POLICIES_PROBABILITY_DISTRIBUTION_H_
+#include <cstdint>
#include <utility>
#include <vector>

@ -0,0 +1,24 @@
diff -up chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h.me chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h
--- chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h.me 2024-02-06 08:22:36.013021582 +0100
+++ chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h 2024-02-06 08:23:08.281607499 +0100
@@ -77,7 +77,7 @@ class XSLTProcessor final : public Scrip
void reset();
- static void ParseErrorFunc(void* user_data, const xmlError*);
+ static void ParseErrorFunc(void* user_data, xmlError*);
static void GenericErrorFunc(void* user_data, const char* msg, ...);
// Only for libXSLT callbacks
diff -up chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc.me chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc
--- chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc.me 2024-02-06 08:14:32.368066214 +0100
+++ chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc 2024-02-06 08:23:08.282607518 +0100
@@ -66,7 +66,7 @@ void XSLTProcessor::GenericErrorFunc(voi
// It would be nice to do something with this error message.
}
-void XSLTProcessor::ParseErrorFunc(void* user_data, const xmlError* error) {
+void XSLTProcessor::ParseErrorFunc(void* user_data, xmlError* error) {
FrameConsole* console = static_cast<FrameConsole*>(user_data);
if (!console)
return;

@ -117,7 +117,7 @@
%global remotingbuilddir out/Remoting
# enable|disable debuginfo
%global enable_debug 1
%global enable_debug 0
# disable debuginfo due to a bug in debugedit on el7
# error: canonicalization unexpectedly shrank by one character
# https://bugzilla.redhat.com/show_bug.cgi?id=304121
@ -186,9 +186,6 @@
%global use_qt6 0
%endif
# enable gtk3 by default
%global gtk3 1
# Chromium's fork of ICU is now something we can't unbundle.
# This is left here to ease the change if that ever switches.
%global bundleicu 1
@ -196,17 +193,16 @@
# system libre2.so is not supported with use_custom_libcxx=true
# because the library's interface relies on libstdc++'s std::string and std::vector.
%global bundlere2 1
# The libxml_utils code depends on the specific bundled libxml checkout
# which is not compatible with the current code in the Fedora package as of
# 2017-06-08.
%global bundlelibxml 1
%global bundlelibaom 1
%global bundlelibavif 1
%global bundledav1d 1
# Fedora's Python 2 stack is being removed, we use the bundled Python libraries
# This can be revisited once we upgrade to Python 3
%global bundlepylibs 0
%global bundlelibevent 0
%global bundlelibxslt 0
%global bundleflac 0
# RHEL 7.9 dropped minizip.
# enable bundleminizip for Fedora > 39 due to switch to minizip-ng
@ -228,18 +224,20 @@
%global bundlefontconfig 1
%global bundleffmpegfree 1
%global bundlebrotli 1
%global bundlelibopenjpeg2 1
%global bundlelcms2 1
%global bundlelibtiff 1
%global bundlecrc32c 1
%global bundlewoff2 1
%global bundlejsoncpp 1
%global bundledoubleconversion 1
%global bundlelibsecret 1
%global bundlesnappy 1
%global bundlelibXNVCtrl 1
%global bundlelibxml 1
%else
%if 0%{?fedora} > 37
%global bundleharfbuzz 0
%else
%global bundleharfbuzz 1
%endif
# disable system brotli due to old system brotli on el and fedora < 38
%if 0%{?fedora} > 38
%global bundlebrotli 0
%else
%global bundlebrotli 1
%endif
%global bundleopus 0
%global bundlelibusbx 0
%global bundlelibwebp 0
@ -249,6 +247,21 @@
%global bundlefontconfig 0
%global bundleffmpegfree 0
%global bundlefreetype 0
%global bundlelibopenjpeg2 0
%global bundlelcms2 0
%global bundlelibtiff 0
%if 0%{?rhel} == 9
%global bundlecrc32c 1
%else
%global bundlecrc32c 0
%endif
%global bundlewoff2 0
%global bundlejsoncpp 0
%global bundledoubleconversion 0
%global bundlelibsecret 0
%global bundlesnappy 0
%global bundlelibXNVCtrl 0
%global bundlelibxml 0
%endif
### From 2013 until early 2021, Google permitted distribution builds of
@ -285,8 +298,8 @@
%endif
Name: chromium%{chromium_channel}
Version: 121.0.6167.139
Release: 2%{?dist}
Version: 121.0.6167.160
Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@ -340,10 +353,8 @@ Patch82: chromium-98.0.4758.102-remoting-no-tests.patch
# patch for using system brotli
Patch89: chromium-116-system-brotli.patch
# disable GlobalMediaControlsCastStartStop to avoid crash
# when using the address bar media player button
# it works with use_custom_libcxx=true
Patch90: chromium-120-disable-GlobalMediaControlsCastStartStop.patch
# patch for using system libxml
Patch90: chromium-121-system-libxml.patch
# patch for using system opus
Patch91: chromium-108-system-opus.patch
@ -649,17 +660,58 @@ BuildRequires: dbus-glib-devel
# For eu-strip
BuildRequires: elfutils
BuildRequires: elfutils-libelf-devel
%if ! %{bundleflac}
BuildRequires: flac-devel
%endif
%if ! %{bundlefreetype}
BuildRequires: freetype-devel
%endif
%if ! %{bundlecrc32c}
BuildRequires: google-crc32c-devel
%endif
%if ! %{bundlewoff2}
BuildRequires: woff2-devel
%endif
%if ! %{bundledav1d}
BuildRequires: libdav1d-devel
%endif
%if ! %{bundlelibavif}
BuildRequires: libavif-devel
%endif
%if ! %{bundlejsoncpp}
BuildRequires: jsoncpp-devel
%endif
%if ! %{bundlelibsecret}
BuildRequires: libsecret-devel
%endif
%if ! %{bundledoubleconversion}
BuildRequires: double-conversion-devel
%endif
%if ! %{bundlesnappy}
BuildRequires: snappy-devel
%endif
%if ! %{bundlelibXNVCtrl}
BuildRequires: libXNVCtrl-devel
%endif
# One of the python scripts invokes git to look for a hash. So helpful.
BuildRequires: /usr/bin/git
BuildRequires: hwdata
BuildRequires: kernel-headers
%if ! %{bundlelibevent}
BuildRequires: libevent-devel
%endif
BuildRequires: libffi-devel
%if ! %{bundleicu}
@ -681,6 +733,18 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%endif
%if ! %{bundlelibopenjpeg2}
BuildRequires: openjpeg2-devel
%endif
%if ! %{bundlelcms2}
BuildRequires: lcms2-devel
%endif
%if ! %{bundlelibtiff}
BuildRequires: libtiff-devel
%endif
BuildRequires: libudev-devel
%if ! %{bundlelibusbx}
@ -699,7 +763,10 @@ BuildRequires: libva-devel
BuildRequires: libwebp-devel
%endif
%if ! %{bundlelibxslt}
BuildRequires: libxslt-devel
%endif
BuildRequires: libxshmfence-devel
# Same here, it seems.
@ -770,11 +837,7 @@ Requires: nss%{_isa} >= 3.26
Requires: nss-mdns%{_isa}
# GTK modules it expects to find for some reason.
%if %{gtk3}
Requires: libcanberra-gtk3%{_isa}
%else
Requires: libcanberra-gtk2%{_isa}
%endif
%if 0%{?fedora}
# This enables support for u2f tokens
@ -999,8 +1062,8 @@ udev.
%patch -P89 -p1 -b .system-brotli
%endif
%if ! %{use_custom_libcxx}
%patch -P90 -p1 -b .disable-GlobalMediaControlsCastStartStop
%if ! %{bundlelibxml}
%patch -P90 -p1 -b .system-libxml
%endif
%if ! %{bundleopus}
@ -1219,7 +1282,7 @@ CHROMIUM_CORE_GN_DEFINES=""
# using system toolchain
CHROMIUM_CORE_GN_DEFINES+=' custom_toolchain="//build/toolchain/linux/unbundle:default"'
CHROMIUM_CORE_GN_DEFINES+=' host_toolchain="//build/toolchain/linux/unbundle:default"'
CHROMIUM_CORE_GN_DEFINES+=' is_debug=false dcheck_always_on=false dcheck_is_configurable=false'
CHROMIUM_CORE_GN_DEFINES+=' is_debug=false'
CHROMIUM_CORE_GN_DEFINES+=' use_goma=false'
CHROMIUM_CORE_GN_DEFINES+=' enable_nacl=false'
CHROMIUM_CORE_GN_DEFINES+=' system_libdir="%{_lib}"'
@ -1231,9 +1294,7 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene
CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0'
%if %{cfi}
CHROMIUM_CORE_GN_DEFINES+=' is_cfi=true'
%else
%if ! %{cfi}
CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false'
%endif
@ -1261,7 +1322,7 @@ CHROMIUM_CORE_GN_DEFINES+=' use_lld=false'
CHROMIUM_CORE_GN_DEFINES+=' rust_sysroot_absolute="%{_prefix}"'
CHROMIUM_CORE_GN_DEFINES+=" rustc_version=\"$rustc_version\""
CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false disable_fieldtrial_testing_config=true'
CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false'
%if %{use_gold}
CHROMIUM_CORE_GN_DEFINES+=' use_gold=true'
@ -1277,9 +1338,7 @@ CHROMIUM_CORE_GN_DEFINES+=' icu_use_data_file=true'
CHROMIUM_CORE_GN_DEFINES+=' target_os="linux"'
CHROMIUM_CORE_GN_DEFINES+=' current_os="linux"'
CHROMIUM_CORE_GN_DEFINES+=' treat_warnings_as_errors=false'
%if %{use_custom_libcxx}
CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=true'
%else
%if ! %{use_custom_libcxx}
CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false'
%endif
CHROMIUM_CORE_GN_DEFINES+=' enable_iterator_debugging=false'
@ -1287,7 +1346,6 @@ CHROMIUM_CORE_GN_DEFINES+=' enable_vr=false'
CHROMIUM_CORE_GN_DEFINES+=' build_dawn_tests=false enable_perfetto_unittests=false'
CHROMIUM_CORE_GN_DEFINES+=' disable_fieldtrial_testing_config=true'
CHROMIUM_CORE_GN_DEFINES+=' symbol_level=%{debug_level}'
CHROMIUM_CORE_GN_DEFINES+=' blink_enable_generated_code_formatting=false'
CHROMIUM_CORE_GN_DEFINES+=' angle_has_histograms=false'
export CHROMIUM_CORE_GN_DEFINES
@ -1319,7 +1377,6 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false'
CHROMIUM_BROWSER_GN_DEFINES+=' use_gio=true use_pulseaudio=true'
CHROMIUM_BROWSER_GN_DEFINES+=' enable_hangout_services_extension=true'
CHROMIUM_BROWSER_GN_DEFINES+=' use_aura=true'
CHROMIUM_BROWSER_GN_DEFINES+=' enable_widevine=true'
%if %{use_vaapi}
@ -1333,10 +1390,31 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_v4l2_codec=true'
%endif
%if 0%{?fedora} || 0%{?rhel} >= 8
CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true rtc_link_pipewire=true'
CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true'
%endif
%if ! %{bundlelibjpeg}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libjpeg=true'
%endif
%if ! %{bundlelibpng}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libpng=true'
%endif
%if ! %{bundlelibopenjpeg2}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libopenjpeg2=true'
%endif
%if ! %{bundlelcms2}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_lcms2=true'
%endif
%if ! %{bundlelibtiff}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libtiff=true'
%endif
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libffi=true'
export CHROMIUM_BROWSER_GN_DEFINES
# headless gn defines
@ -1352,57 +1430,94 @@ CHROMIUM_HEADLESS_GN_DEFINES+=' use_qt=false use_qt6=false is_component_build=fa
CHROMIUM_HEADLESS_GN_DEFINES+=' media_use_libvpx=false proprietary_codecs=false'
export CHROMIUM_HEADLESS_GN_DEFINES
build/linux/unbundle/replace_gn_files.py --system-libraries \
# use system libraries
system_libs=()
%if ! %{bundlelibaom}
libaom \
system_libs+=(libaom)
%endif
%if ! %{bundlelibavif}
system_libs+=(libavif)
%endif
%if ! %{bundlebrotli}
brotli \
system_libs+=(brotli)
%endif
%if ! %{bundlecrc32c}
system_libs+=(crc32c)
%endif
%if ! %{bundledav1d}
system_libs+=(dav1d)
%endif
%if ! %{bundlefontconfig}
fontconfig \
system_libs+=(fontconfig)
%endif
%if ! %{bundleffmpegfree}
ffmpeg \
system_libs+=(ffmpeg)
%endif
%if ! %{bundlefreetype}
freetype \
system_libs+=(freetype)
%endif
%if ! %{bundleharfbuzz}
harfbuzz-ng \
system_libs+=(harfbuzz-ng)
%endif
%if ! %{bundleicu}
icu \
system_libs+=(icu)
%endif
%if ! %{bundlelibdrm}
libdrm \
system_libs+=(libdrm)
%endif
%if ! %{bundlelibevent}
system_libs+=(libevent)
%endif
%if ! %{bundlelibjpeg}
libjpeg \
system_libs+=(libjpeg)
%endif
%if ! %{bundlelibpng}
libpng \
system_libs+=(libpng)
%endif
%if ! %{bundlelibusbx}
libusb \
system_libs+=(libusb)
%endif
%if ! %{bundlelibwebp}
libwebp \
system_libs+=(libwebp)
%endif
%if ! %{bundlelibxml}
libxml \
system_libs+=(libxml)
%endif
%if ! %{bundlelibxslt}
system_libs+=(libxslt)
%endif
libxslt \
%if ! %{bundleopus}
opus \
system_libs+=(opus)
%endif
%if ! %{bundlere2}
re2 \
system_libs+=(re2)
%endif
%if ! %{bundlewoff2}
system_libs+=(woff2)
%endif
%if ! %{bundleminizip}
zlib \
system_libs+=(zlib)
%endif
%if ! %{bundlejsoncpp}
system_libs+=(jsoncpp)
%endif
%if ! %{bundledoubleconversion}
system_libs+=(double-conversion)
%endif
%if ! %{bundlelibsecret}
system_libs+=(libsecret)
%endif
%if ! %{bundlesnappy}
system_libs+=(snappy)
%endif
%if ! %{bundlelibXNVCtrl}
system_libs+=(libXNVCtrl)
%endif
%if ! %{bundleflac}
system_libs+=(flac)
%endif
flac
build/linux/unbundle/replace_gn_files.py --system-libraries ${system_libs[@]}
# Check that there is no system 'google' module, shadowing bundled ones:
if python3 -c 'import google ; print google.__path__' 2> /dev/null ; then \
@ -1803,6 +1918,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%{chromium_path}/chromedriver
%changelog
* Wed Feb 07 2024 Than Ngo <than@redhat.com> - 121.0.6167.160-1
- update to 121.0.6167.160
* High CVE-2024-1284: Use after free in Mojo
* High CVE-2024-1283: Heap buffer overflow in Skia
* Thu Feb 01 2024 Than Ngo <than@redhat.com> - 121.0.6167.139-2
- Support for 64K pages on Linux/AArch64

@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
SHA512 (chromium-121.0.6167.139-clean.tar.xz) = a486a6a96f7af0bfb7412f2d07855d76177fc5b84a90ddf2dbdda253652bafeb5102a3a49d1e6ccff0fef17e54f95f815039cf0ca33bdfcf2ab4fe84c0593427
SHA512 (chromium-121.0.6167.160-clean.tar.xz) = 490abc9cba7be1a4dffe2362345d6a6c1f582bb3fd68582c68f7976ed6f7165e4685e0cd727b72a0d17e60daa4aa9c5db70f144398fc43ee110c32c7343303a8

Loading…
Cancel
Save