diff --git a/.chromium.metadata b/.chromium.metadata index e896ac90..0594eeea 100644 --- a/.chromium.metadata +++ b/.chromium.metadata @@ -1,4 +1,4 @@ -6e7dbeaa5284198421dea22629e07f6c6df18add SOURCES/chromium-130.0.6723.58-clean.tar.xz +fbd9134a02078b67332cf8788d59e20d8c63b21a SOURCES/chromium-130.0.6723.69-clean.tar.xz 7e5d2c7864c5c83ec789b59c77cd9c20d2594916 SOURCES/linux-arm64-0.19.2.tgz dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz 3e94bb4f999c636293bc745b02d98e7925da5616 SOURCES/node-v20.6.1-linux-arm64.tar.xz diff --git a/.gitignore b/.gitignore index 4e18c329..737d2636 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -SOURCES/chromium-130.0.6723.58-clean.tar.xz +SOURCES/chromium-130.0.6723.69-clean.tar.xz SOURCES/linux-arm64-0.19.2.tgz SOURCES/linux-x64-0.19.2.tgz SOURCES/node-v20.6.1-linux-arm64.tar.xz diff --git a/SOURCES/add-ppc64-pthread-stack-size.patch b/SOURCES/add-ppc64-pthread-stack-size.patch new file mode 100644 index 00000000..7252ca2f --- /dev/null +++ b/SOURCES/add-ppc64-pthread-stack-size.patch @@ -0,0 +1,12 @@ +--- a/base/process/launch.h ++++ b/base/process/launch.h +@@ -54,6 +54,9 @@ + #if defined(ARCH_CPU_ARM64) + #define PTHREAD_STACK_MIN_CONST \ + (__builtin_constant_p(PTHREAD_STACK_MIN) ? PTHREAD_STACK_MIN : 131072) ++#elif defined(ARCH_CPU_PPC64) ++#define PTHREAD_STACK_MIN_CONST \ ++ (__builtin_constant_p(PTHREAD_STACK_MIN) ? PTHREAD_STACK_MIN : 131072) + #else + #define PTHREAD_STACK_MIN_CONST \ + (__builtin_constant_p(PTHREAD_STACK_MIN) ? PTHREAD_STACK_MIN : 16384) diff --git a/SOURCES/chromium-130-size-assertions.patch b/SOURCES/chromium-130-size-assertions.patch new file mode 100644 index 00000000..cc75fb36 --- /dev/null +++ b/SOURCES/chromium-130-size-assertions.patch @@ -0,0 +1,90 @@ +commit f457e3c32b8170a39ead84ceaf9f0fdbe0696649 +Author: Michael Lippautz +Date: Tue Oct 15 19:27:32 2024 +0000 + + Fix size assertions across Blink + + The ASSERT_SIZE() macro is used to check that certain object sizes do + not grow unexpectedly. Fix a few occurrences that assumed that Member + is always the same size as debug builds may blow up the pointer size + to allow verifying some conditions. + + Bug: 373485798 + Change-Id: I243dd7d75810e2cfda0141817986a6c4a03c6392 + Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5934877 + Commit-Queue: Michael Lippautz + Reviewed-by: Steinar H Gunderson + Cr-Commit-Position: refs/heads/main@{#1368939} + +diff --git a/third_party/blink/renderer/core/css/css_selector.cc b/third_party/blink/renderer/core/css/css_selector.cc +index e9cd483e0ce13..3d99eab57489e 100644 +--- a/third_party/blink/renderer/core/css/css_selector.cc ++++ b/third_party/blink/renderer/core/css/css_selector.cc +@@ -88,7 +88,11 @@ unsigned MaximumSpecificity( + + struct SameSizeAsCSSSelector { + unsigned bitfields; +- void* pointers[1]; ++ union { ++ AtomicString value_; ++ QualifiedName tag_q_name_or_attribute_; ++ Member rare_data_; ++ } pointers; + }; + + ASSERT_SIZE(CSSSelector, SameSizeAsCSSSelector); +diff --git a/third_party/blink/renderer/core/css/resolver/match_result.h b/third_party/blink/renderer/core/css/resolver/match_result.h +index c99bae9777094..210ef8610b808 100644 +--- a/third_party/blink/renderer/core/css/resolver/match_result.h ++++ b/third_party/blink/renderer/core/css/resolver/match_result.h +@@ -34,6 +34,7 @@ + #include "third_party/blink/renderer/core/dom/tree_scope.h" + #include "third_party/blink/renderer/platform/heap/collection_support/heap_vector.h" + #include "third_party/blink/renderer/platform/heap/garbage_collected.h" ++#include "third_party/blink/renderer/platform/wtf/size_assertions.h" + #include "third_party/blink/renderer/platform/wtf/vector.h" + + namespace blink { +@@ -88,8 +89,13 @@ struct CORE_EXPORT MatchedProperties { + Member properties; + Data data_; + }; +-static_assert(sizeof(MatchedProperties) <= 12, +- "MatchedProperties should not grow without thinking"); ++ ++struct SameSizeAsMatchedProperties { ++ Member properties; ++ uint8_t data_[8]; ++}; ++ ++ASSERT_SIZE(MatchedProperties, SameSizeAsMatchedProperties); + + } // namespace blink + +diff --git a/third_party/blink/renderer/core/dom/element_data.cc b/third_party/blink/renderer/core/dom/element_data.cc +index 0e616444cbf92..6f3592bfa907b 100644 +--- a/third_party/blink/renderer/core/dom/element_data.cc ++++ b/third_party/blink/renderer/core/dom/element_data.cc +@@ -46,7 +46,8 @@ struct SameSizeAsElementData final + : public GarbageCollected { + unsigned bitfield; + Member willbe_member; +- void* pointers[2]; ++ SpaceSplitString class_names_; ++ void* pointers[1]; + }; + + ASSERT_SIZE(ElementData, SameSizeAsElementData); +diff --git a/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc b/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc +index 98a9f6988ae3d..68b3c922cb362 100644 +--- a/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc ++++ b/third_party/blink/renderer/platform/fonts/shaping/shape_result.cc +@@ -75,7 +75,7 @@ struct SameSizeAsRunInfo { + void* pointers[2]; + unsigned integer; + } glyph_data; +- void* pointer; ++ Member pointer; + Vector vector; + int integers[6]; + }; diff --git a/SPECS/chromium.spec b/SPECS/chromium.spec index 117c2fa6..ed4ec6dc 100644 --- a/SPECS/chromium.spec +++ b/SPECS/chromium.spec @@ -273,7 +273,7 @@ %endif Name: chromium%{chromium_channel} -Version: 130.0.6723.58 +Version: 130.0.6723.69 Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home @@ -354,6 +354,10 @@ Patch354: chromium-126-split-threshold-for-reg-with-hint.patch # fix build error: no member named 'hardware_destructive_interference_size' in namespace 'std' Patch355: chromium-130-hardware_destructive_interference_size.patch +# fix build error on ppc64le +# error: static assertion failed due to requirement 'sizeof(blink::MatchedProperties) <= 12': MatchedProperties should not grow without thinking +Patch356: chromium-130-size-assertions.patch + # set clang_lib path Patch358: chromium-127-rust-clanglib.patch @@ -431,6 +435,7 @@ Patch412: add-ppc64-architecture-to-extensions.diff # Suppress harmless compiler warning messages that appear on ppc64 due to arch-specific warning flags being passed Patch413: fix-unknown-warning-option-messages.diff Patch414: cargo-add-ppc64.diff +Patch415: add-ppc64-pthread-stack-size.patch # upstream patches @@ -546,7 +551,7 @@ BuildRequires: libgcrypt-devel BuildRequires: libudev-devel BuildRequires: libuuid-devel -%if 0%{?fedora} >= 37 +%if 0%{?fedora} >= 37 || 0%{?rhel} > 9 BuildRequires: libusb-compat-0.1-devel %else BuildRequires: libusb-devel @@ -1058,6 +1063,7 @@ Qt6 UI for chromium. %endif %patch -P355 -p1 -b .hardware_destructive_interference_size +%patch -P356 -p1 -b .size-assertions %patch -P358 -p1 -b .rust-clang_lib %ifarch ppc64le @@ -1116,6 +1122,7 @@ Qt6 UI for chromium. %patch -P412 -p1 -b .add-ppc64-architecture-to-extensions %patch -P413 -p1 -b .fix-unknown-warning-option-messages %patch -P414 -p1 -b .rust-add-ppc64-case +%patch -P415 -p1 -b .add-ppc64-pthread-stack-size %endif # Change shebang in all relevant files in this directory and all subdirectories @@ -1910,6 +1917,15 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %endif %changelog +* Sat Oct 26 2024 Than Ngo - 130.0.6723.69-1 +- update to 130.0.6723.69 + * High CVE-2024-10229: Inappropriate implementation in Extensions + * High CVE-2024-10230: Type Confusion in V8 + * High CVE-2024-10231: Type Confusion in V8 + +* Mon Oct 21 2024 Than Ngo - 130.0.6723.58-2 +- Add missing pthread stack size for ppc64 (openpower-patches) + * Wed Oct 16 2024 Than Ngo - 130.0.6723.58-1 - update to 130.0.6723.58 * High CVE-2024-9954: Use after free in AI @@ -2200,10 +2216,13 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt * Wed Mar 06 2024 Than Ngo - 122.0.6261.111-1 - upstream security release 122.0.6261.111 - * High CVE-2024-2173: Out of bounds memory access in V8 + * High CVE-2024-2173: Out of bounds memory access in V8 * High CVE-2024-2174: Inappropriate implementation in V8 * High CVE-2024-2176: Use after free in FedCM +* Sat Mar 02 2024 Jiri Vanek - 122.0.6261.94-2 +- Rebuilt for java-21-openjdk as system jdk + * Wed Feb 28 2024 Than Ngo - 122.0.6261.94-1 - upstream security release 122.0.6261.94 * High : Type Confusion in V8