diff --git a/chromium-120-disable-GlobalMediaControlsCastStartStop.patch b/chromium-120-disable-GlobalMediaControlsCastStartStop.patch deleted file mode 100644 index 6a2585b9..00000000 --- a/chromium-120-disable-GlobalMediaControlsCastStartStop.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- chromium-120.0.6099.35/chrome/browser/media/router/media_router_feature.cc.orig 2023-11-26 13:25:34.724228755 +0100 -+++ chromium-120.0.6099.35/chrome/browser/media/router/media_router_feature.cc 2023-11-26 13:28:26.452359146 +0100 -@@ -71,11 +71,7 @@ - // TODO(b/202294946): Remove when enabled by default on ChromeOS. - BASE_FEATURE(kGlobalMediaControlsCastStartStop, - "GlobalMediaControlsCastStartStop", --#if BUILDFLAG(IS_CHROMEOS) - base::FEATURE_DISABLED_BY_DEFAULT); --#else -- base::FEATURE_ENABLED_BY_DEFAULT); --#endif // BUILDFLAG(IS_CHROMEOS) - #endif // !BUILDFLAG(IS_ANDROID) - - namespace { diff --git a/chromium-121-missing-header-files.patch b/chromium-121-missing-header-files.patch index 377de0d1..b686ed7b 100644 --- a/chromium-121-missing-header-files.patch +++ b/chromium-121-missing-header-files.patch @@ -457,3 +457,59 @@ diff -up chromium-119.0.6045.105/ui/gfx/linux/drm_util_linux.h.missing-header-fi namespace ui { int GetFourCCFormatFromBufferFormat(gfx::BufferFormat format); +diff -up chromium-121.0.6167.139/crypto/hkdf.h.me chromium-121.0.6167.139/crypto/hkdf.h +--- chromium-121.0.6167.139/crypto/hkdf.h.me 2024-02-03 17:24:49.957949670 +0100 ++++ chromium-121.0.6167.139/crypto/hkdf.h 2024-02-03 17:26:05.753312178 +0100 +@@ -7,6 +7,7 @@ + + #include + ++#include + #include + #include + +diff -up chromium-121.0.6167.139/ui/display/types/display_color_management.h.me chromium-121.0.6167.139/ui/display/types/display_color_management.h +--- chromium-121.0.6167.139/ui/display/types/display_color_management.h.me 2024-02-03 18:55:34.889499101 +0100 ++++ chromium-121.0.6167.139/ui/display/types/display_color_management.h 2024-02-03 18:55:59.608945624 +0100 +@@ -6,6 +6,7 @@ + #define UI_DISPLAY_TYPES_DISPLAY_COLOR_MANAGEMENT_H_ + + #include ++#include + + #include "third_party/skia/modules/skcms/skcms.h" + #include "ui/display/types/display_types_export.h" +diff -up chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc.me chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc +--- chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc.me 2024-02-03 21:20:32.126285578 +0100 ++++ chromium-121.0.6167.139/ui/gfx/x/visual_manager.cc 2024-02-03 21:20:50.272607248 +0100 +@@ -2,6 +2,8 @@ + // Use of this source code is governed by a BSD-style license that can be + // found in the LICENSE file. + ++#include ++ + #include "ui/gfx/x/visual_manager.h" + + #include "base/strings/string_number_conversions.h" +diff -up chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h.me chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h +--- chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h.me 2024-02-03 22:47:05.632713381 +0100 ++++ chromium-121.0.6167.139/third_party/blink/renderer/platform/fonts/simple_font_data.h 2024-02-03 22:47:30.788293027 +0100 +@@ -26,6 +26,7 @@ + + #include + #include ++#include + + #include "build/build_config.h" + #include "third_party/blink/renderer/platform/fonts/canvas_rotation_in_vertical.h" +diff -up chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h.me chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h +--- chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h.me 2024-02-04 09:26:02.239427860 +0100 ++++ chromium-121.0.6167.139/chrome/browser/performance_manager/policies/probability_distribution.h 2024-02-04 09:26:10.051565081 +0100 +@@ -5,6 +5,7 @@ + #ifndef CHROME_BROWSER_PERFORMANCE_MANAGER_POLICIES_PROBABILITY_DISTRIBUTION_H_ + #define CHROME_BROWSER_PERFORMANCE_MANAGER_POLICIES_PROBABILITY_DISTRIBUTION_H_ + ++#include + #include + #include + diff --git a/chromium-121-system-libxml.patch b/chromium-121-system-libxml.patch new file mode 100644 index 00000000..da463c26 --- /dev/null +++ b/chromium-121-system-libxml.patch @@ -0,0 +1,24 @@ +diff -up chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h.me chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h +--- chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h.me 2024-02-06 08:22:36.013021582 +0100 ++++ chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor.h 2024-02-06 08:23:08.281607499 +0100 +@@ -77,7 +77,7 @@ class XSLTProcessor final : public Scrip + + void reset(); + +- static void ParseErrorFunc(void* user_data, const xmlError*); ++ static void ParseErrorFunc(void* user_data, xmlError*); + static void GenericErrorFunc(void* user_data, const char* msg, ...); + + // Only for libXSLT callbacks +diff -up chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc.me chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc +--- chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc.me 2024-02-06 08:14:32.368066214 +0100 ++++ chromium-121.0.6167.139/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc 2024-02-06 08:23:08.282607518 +0100 +@@ -66,7 +66,7 @@ void XSLTProcessor::GenericErrorFunc(voi + // It would be nice to do something with this error message. + } + +-void XSLTProcessor::ParseErrorFunc(void* user_data, const xmlError* error) { ++void XSLTProcessor::ParseErrorFunc(void* user_data, xmlError* error) { + FrameConsole* console = static_cast(user_data); + if (!console) + return; diff --git a/chromium.spec b/chromium.spec index a8c52e32..ec886183 100644 --- a/chromium.spec +++ b/chromium.spec @@ -117,7 +117,7 @@ %global remotingbuilddir out/Remoting # enable|disable debuginfo -%global enable_debug 1 +%global enable_debug 0 # disable debuginfo due to a bug in debugedit on el7 # error: canonicalization unexpectedly shrank by one character # https://bugzilla.redhat.com/show_bug.cgi?id=304121 @@ -186,9 +186,6 @@ %global use_qt6 0 %endif -# enable gtk3 by default -%global gtk3 1 - # Chromium's fork of ICU is now something we can't unbundle. # This is left here to ease the change if that ever switches. %global bundleicu 1 @@ -196,17 +193,16 @@ # system libre2.so is not supported with use_custom_libcxx=true # because the library's interface relies on libstdc++'s std::string and std::vector. %global bundlere2 1 - -# The libxml_utils code depends on the specific bundled libxml checkout -# which is not compatible with the current code in the Fedora package as of -# 2017-06-08. -%global bundlelibxml 1 - %global bundlelibaom 1 +%global bundlelibavif 1 +%global bundledav1d 1 # Fedora's Python 2 stack is being removed, we use the bundled Python libraries # This can be revisited once we upgrade to Python 3 %global bundlepylibs 0 +%global bundlelibevent 0 +%global bundlelibxslt 0 +%global bundleflac 0 # RHEL 7.9 dropped minizip. # enable bundleminizip for Fedora > 39 due to switch to minizip-ng @@ -228,18 +224,20 @@ %global bundlefontconfig 1 %global bundleffmpegfree 1 %global bundlebrotli 1 +%global bundlelibopenjpeg2 1 +%global bundlelcms2 1 +%global bundlelibtiff 1 +%global bundlecrc32c 1 +%global bundlewoff2 1 +%global bundlejsoncpp 1 +%global bundledoubleconversion 1 +%global bundlelibsecret 1 +%global bundlesnappy 1 +%global bundlelibXNVCtrl 1 +%global bundlelibxml 1 %else -%if 0%{?fedora} > 37 %global bundleharfbuzz 0 -%else -%global bundleharfbuzz 1 -%endif -# disable system brotli due to old system brotli on el and fedora < 38 -%if 0%{?fedora} > 38 %global bundlebrotli 0 -%else -%global bundlebrotli 1 -%endif %global bundleopus 0 %global bundlelibusbx 0 %global bundlelibwebp 0 @@ -249,6 +247,21 @@ %global bundlefontconfig 0 %global bundleffmpegfree 0 %global bundlefreetype 0 +%global bundlelibopenjpeg2 0 +%global bundlelcms2 0 +%global bundlelibtiff 0 +%if 0%{?rhel} == 9 +%global bundlecrc32c 1 +%else +%global bundlecrc32c 0 +%endif +%global bundlewoff2 0 +%global bundlejsoncpp 0 +%global bundledoubleconversion 0 +%global bundlelibsecret 0 +%global bundlesnappy 0 +%global bundlelibXNVCtrl 0 +%global bundlelibxml 0 %endif ### From 2013 until early 2021, Google permitted distribution builds of @@ -285,8 +298,8 @@ %endif Name: chromium%{chromium_channel} -Version: 121.0.6167.139 -Release: 2%{?dist} +Version: 121.0.6167.160 +Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) @@ -340,10 +353,8 @@ Patch82: chromium-98.0.4758.102-remoting-no-tests.patch # patch for using system brotli Patch89: chromium-116-system-brotli.patch -# disable GlobalMediaControlsCastStartStop to avoid crash -# when using the address bar media player button -# it works with use_custom_libcxx=true -Patch90: chromium-120-disable-GlobalMediaControlsCastStartStop.patch +# patch for using system libxml +Patch90: chromium-121-system-libxml.patch # patch for using system opus Patch91: chromium-108-system-opus.patch @@ -649,17 +660,58 @@ BuildRequires: dbus-glib-devel # For eu-strip BuildRequires: elfutils BuildRequires: elfutils-libelf-devel + +%if ! %{bundleflac} BuildRequires: flac-devel +%endif %if ! %{bundlefreetype} BuildRequires: freetype-devel %endif +%if ! %{bundlecrc32c} +BuildRequires: google-crc32c-devel +%endif + +%if ! %{bundlewoff2} +BuildRequires: woff2-devel +%endif + +%if ! %{bundledav1d} +BuildRequires: libdav1d-devel +%endif + +%if ! %{bundlelibavif} +BuildRequires: libavif-devel +%endif + +%if ! %{bundlejsoncpp} +BuildRequires: jsoncpp-devel +%endif + +%if ! %{bundlelibsecret} +BuildRequires: libsecret-devel +%endif + +%if ! %{bundledoubleconversion} +BuildRequires: double-conversion-devel +%endif + +%if ! %{bundlesnappy} +BuildRequires: snappy-devel +%endif + +%if ! %{bundlelibXNVCtrl} +BuildRequires: libXNVCtrl-devel +%endif + # One of the python scripts invokes git to look for a hash. So helpful. BuildRequires: /usr/bin/git BuildRequires: hwdata BuildRequires: kernel-headers +%if ! %{bundlelibevent} BuildRequires: libevent-devel +%endif BuildRequires: libffi-devel %if ! %{bundleicu} @@ -681,6 +733,18 @@ BuildRequires: libjpeg-devel BuildRequires: libpng-devel %endif +%if ! %{bundlelibopenjpeg2} +BuildRequires: openjpeg2-devel +%endif + +%if ! %{bundlelcms2} +BuildRequires: lcms2-devel +%endif + +%if ! %{bundlelibtiff} +BuildRequires: libtiff-devel +%endif + BuildRequires: libudev-devel %if ! %{bundlelibusbx} @@ -699,7 +763,10 @@ BuildRequires: libva-devel BuildRequires: libwebp-devel %endif +%if ! %{bundlelibxslt} BuildRequires: libxslt-devel +%endif + BuildRequires: libxshmfence-devel # Same here, it seems. @@ -770,11 +837,7 @@ Requires: nss%{_isa} >= 3.26 Requires: nss-mdns%{_isa} # GTK modules it expects to find for some reason. -%if %{gtk3} Requires: libcanberra-gtk3%{_isa} -%else -Requires: libcanberra-gtk2%{_isa} -%endif %if 0%{?fedora} # This enables support for u2f tokens @@ -999,8 +1062,8 @@ udev. %patch -P89 -p1 -b .system-brotli %endif -%if ! %{use_custom_libcxx} -%patch -P90 -p1 -b .disable-GlobalMediaControlsCastStartStop +%if ! %{bundlelibxml} +%patch -P90 -p1 -b .system-libxml %endif %if ! %{bundleopus} @@ -1219,7 +1282,7 @@ CHROMIUM_CORE_GN_DEFINES="" # using system toolchain CHROMIUM_CORE_GN_DEFINES+=' custom_toolchain="//build/toolchain/linux/unbundle:default"' CHROMIUM_CORE_GN_DEFINES+=' host_toolchain="//build/toolchain/linux/unbundle:default"' -CHROMIUM_CORE_GN_DEFINES+=' is_debug=false dcheck_always_on=false dcheck_is_configurable=false' +CHROMIUM_CORE_GN_DEFINES+=' is_debug=false' CHROMIUM_CORE_GN_DEFINES+=' use_goma=false' CHROMIUM_CORE_GN_DEFINES+=' enable_nacl=false' CHROMIUM_CORE_GN_DEFINES+=' system_libdir="%{_lib}"' @@ -1231,9 +1294,7 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0' -%if %{cfi} -CHROMIUM_CORE_GN_DEFINES+=' is_cfi=true' -%else +%if ! %{cfi} CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false' %endif @@ -1261,7 +1322,7 @@ CHROMIUM_CORE_GN_DEFINES+=' use_lld=false' CHROMIUM_CORE_GN_DEFINES+=' rust_sysroot_absolute="%{_prefix}"' CHROMIUM_CORE_GN_DEFINES+=" rustc_version=\"$rustc_version\"" -CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false disable_fieldtrial_testing_config=true' +CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false' %if %{use_gold} CHROMIUM_CORE_GN_DEFINES+=' use_gold=true' @@ -1277,9 +1338,7 @@ CHROMIUM_CORE_GN_DEFINES+=' icu_use_data_file=true' CHROMIUM_CORE_GN_DEFINES+=' target_os="linux"' CHROMIUM_CORE_GN_DEFINES+=' current_os="linux"' CHROMIUM_CORE_GN_DEFINES+=' treat_warnings_as_errors=false' -%if %{use_custom_libcxx} -CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=true' -%else +%if ! %{use_custom_libcxx} CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false' %endif CHROMIUM_CORE_GN_DEFINES+=' enable_iterator_debugging=false' @@ -1287,7 +1346,6 @@ CHROMIUM_CORE_GN_DEFINES+=' enable_vr=false' CHROMIUM_CORE_GN_DEFINES+=' build_dawn_tests=false enable_perfetto_unittests=false' CHROMIUM_CORE_GN_DEFINES+=' disable_fieldtrial_testing_config=true' CHROMIUM_CORE_GN_DEFINES+=' symbol_level=%{debug_level}' -CHROMIUM_CORE_GN_DEFINES+=' blink_enable_generated_code_formatting=false' CHROMIUM_CORE_GN_DEFINES+=' angle_has_histograms=false' export CHROMIUM_CORE_GN_DEFINES @@ -1319,7 +1377,6 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false' CHROMIUM_BROWSER_GN_DEFINES+=' use_gio=true use_pulseaudio=true' CHROMIUM_BROWSER_GN_DEFINES+=' enable_hangout_services_extension=true' -CHROMIUM_BROWSER_GN_DEFINES+=' use_aura=true' CHROMIUM_BROWSER_GN_DEFINES+=' enable_widevine=true' %if %{use_vaapi} @@ -1333,10 +1390,31 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_v4l2_codec=true' %endif %if 0%{?fedora} || 0%{?rhel} >= 8 -CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true rtc_link_pipewire=true' +CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true' +%endif + +%if ! %{bundlelibjpeg} +CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libjpeg=true' +%endif + +%if ! %{bundlelibpng} +CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libpng=true' +%endif + +%if ! %{bundlelibopenjpeg2} +CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libopenjpeg2=true' %endif +%if ! %{bundlelcms2} +CHROMIUM_BROWSER_GN_DEFINES+=' use_system_lcms2=true' +%endif + +%if ! %{bundlelibtiff} +CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libtiff=true' +%endif + CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libffi=true' + export CHROMIUM_BROWSER_GN_DEFINES # headless gn defines @@ -1352,57 +1430,94 @@ CHROMIUM_HEADLESS_GN_DEFINES+=' use_qt=false use_qt6=false is_component_build=fa CHROMIUM_HEADLESS_GN_DEFINES+=' media_use_libvpx=false proprietary_codecs=false' export CHROMIUM_HEADLESS_GN_DEFINES -build/linux/unbundle/replace_gn_files.py --system-libraries \ +# use system libraries +system_libs=() %if ! %{bundlelibaom} - libaom \ + system_libs+=(libaom) +%endif +%if ! %{bundlelibavif} + system_libs+=(libavif) %endif %if ! %{bundlebrotli} - brotli \ + system_libs+=(brotli) +%endif +%if ! %{bundlecrc32c} + system_libs+=(crc32c) +%endif +%if ! %{bundledav1d} + system_libs+=(dav1d) %endif %if ! %{bundlefontconfig} - fontconfig \ + system_libs+=(fontconfig) %endif %if ! %{bundleffmpegfree} - ffmpeg \ + system_libs+=(ffmpeg) %endif %if ! %{bundlefreetype} - freetype \ + system_libs+=(freetype) %endif %if ! %{bundleharfbuzz} - harfbuzz-ng \ + system_libs+=(harfbuzz-ng) %endif %if ! %{bundleicu} - icu \ + system_libs+=(icu) %endif %if ! %{bundlelibdrm} - libdrm \ + system_libs+=(libdrm) +%endif +%if ! %{bundlelibevent} + system_libs+=(libevent) %endif %if ! %{bundlelibjpeg} - libjpeg \ + system_libs+=(libjpeg) %endif %if ! %{bundlelibpng} - libpng \ + system_libs+=(libpng) %endif %if ! %{bundlelibusbx} - libusb \ + system_libs+=(libusb) %endif %if ! %{bundlelibwebp} - libwebp \ + system_libs+=(libwebp) %endif %if ! %{bundlelibxml} - libxml \ + system_libs+=(libxml) +%endif +%if ! %{bundlelibxslt} + system_libs+=(libxslt) %endif - libxslt \ %if ! %{bundleopus} - opus \ + system_libs+=(opus) %endif %if ! %{bundlere2} - re2 \ + system_libs+=(re2) +%endif +%if ! %{bundlewoff2} + system_libs+=(woff2) %endif %if ! %{bundleminizip} - zlib \ + system_libs+=(zlib) +%endif +%if ! %{bundlejsoncpp} + system_libs+=(jsoncpp) +%endif +%if ! %{bundledoubleconversion} + system_libs+=(double-conversion) +%endif +%if ! %{bundlelibsecret} + system_libs+=(libsecret) +%endif +%if ! %{bundlesnappy} + system_libs+=(snappy) +%endif +%if ! %{bundlelibXNVCtrl} + system_libs+=(libXNVCtrl) +%endif +%if ! %{bundleflac} + system_libs+=(flac) %endif - flac + +build/linux/unbundle/replace_gn_files.py --system-libraries ${system_libs[@]} # Check that there is no system 'google' module, shadowing bundled ones: if python3 -c 'import google ; print google.__path__' 2> /dev/null ; then \ @@ -1803,6 +1918,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %{chromium_path}/chromedriver %changelog +* Wed Feb 07 2024 Than Ngo - 121.0.6167.160-1 +- update to 121.0.6167.160 + * High CVE-2024-1284: Use after free in Mojo + * High CVE-2024-1283: Heap buffer overflow in Skia + * Thu Feb 01 2024 Than Ngo - 121.0.6167.139-2 - Support for 64K pages on Linux/AArch64 diff --git a/sources b/sources index 6b9f6b5c..28d9e5e5 100644 --- a/sources +++ b/sources @@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d -SHA512 (chromium-121.0.6167.139-clean.tar.xz) = a486a6a96f7af0bfb7412f2d07855d76177fc5b84a90ddf2dbdda253652bafeb5102a3a49d1e6ccff0fef17e54f95f815039cf0ca33bdfcf2ab4fe84c0593427 +SHA512 (chromium-121.0.6167.160-clean.tar.xz) = 490abc9cba7be1a4dffe2362345d6a6c1f582bb3fd68582c68f7976ed6f7165e4685e0cd727b72a0d17e60daa4aa9c5db70f144398fc43ee110c32c7343303a8