- update to 125.0.6422.141

* High CVE-2024-5493: Heap buffer overflow in WebRTC
  * High CVE-2024-5494: Use after free in Dawn
  * High CVE-2024-5495: Use after free in Dawn
  * High CVE-2024-5496: Use after free in Media Session
  * High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
  * High CVE-2024-5498: Use after free in Presentation API
  * High CVE-2024-5499: Out of bounds write in Streams API
- fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams
- cleanup chromium.conf
epel8 imports/epel9/chromium-125.0.6422.141-1.el9
Than Ngo 5 months ago
parent 9dc48d8486
commit d8daa47044

@ -7,43 +7,42 @@ GRAPHIC_DRIVER=default
WEB_DARKMODE=off WEB_DARKMODE=off
CHROMIUM_FLAGS="" CHROMIUM_FLAGS=""
CHROMIUM_FLAGS+=" --disable-features=AudioServiceSandbox"
CHROMIUM_FLAGS+=" --enable-native-gpu-memory-buffers" CHROMIUM_FLAGS+=" --enable-native-gpu-memory-buffers"
CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames" CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames"
CHROMIUM_FLAGS+=" --enable-zero-copy" CHROMIUM_FLAGS+=" --enable-zero-copy"
CHROMIUM_FLAGS+=" --use-gl=angle"
CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround" CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround"
CHROMIUM_FLAGS+=" --enable-chrome-browser-cloud-management" CHROMIUM_FLAGS+=" --enable-chrome-browser-cloud-management"
FEATURES=""
case "$GRAPHIC_DRIVER" in case "$GRAPHIC_DRIVER" in
amd) amd)
# Need new mesa with AMD multi planes support, is not yet supported in fedora # Need new mesa with AMD multi planes support, is not yet supported in fedora
# see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165 # see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165
CHROMIUM_FLAGS+=" --use-angle=vulkan --enable-accelerated-video-decode" CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=vulkan --enable-accelerated-video-decode"
CHROMIUM_FLAGS+=" --enable-features=Vulkan,VulkanFromANGLE,DefaultANGLEVulkan,VaapiIgnoreDriverChecks,VaapiVideoDecoder,UseMultiPlaneFormatForHardwareVideo" FEATURES+="Vulkan,VulkanFromANGLE,DefaultANGLEVulkan,VaapiIgnoreDriverChecks,VaapiVideoDecoder,UseMultiPlaneFormatForHardwareVideo"
;; ;;
nvidia) nvidia)
# The NVIDIA VaAPI drivers are known to not support Chromium # The NVIDIA VaAPI drivers are known to not support Chromium
# see https://crbug.com/1492880. This feature switch is # see https://crbug.com/1492880. This feature switch is
# provided for developers to test VaAPI drivers on NVIDIA GPUs # provided for developers to test VaAPI drivers on NVIDIA GPUs
CHROMIUM_FLAGS+=" --use-angle=gl" CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
CHROMIUM_FLAGS+=" --enable-features=VaapiVideoDecodeLinuxGL,VaapiVideoEncoder,VaapiOnNvidiaGPUs" FEATURES+="VaapiVideoDecodeLinuxGL,VaapiVideoEncoder,VaapiOnNvidiaGPUs"
;; ;;
intel) intel)
CHROMIUM_FLAGS+=" --use-angle=gl" CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
CHROMIUM_FLAGS+=" --enable-features=VaapiVideoEncoder,VaapiVideoDecodeLinuxGL" FEATURES+="VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
;; ;;
*) *)
CHROMIUM_FLAGS="" CHROMIUM_FLAGS+=" --use-gl=angle --use-angle=gl"
FEATURES+="VaapiVideoEncoder,VaapiVideoDecodeLinuxGL"
;; ;;
esac esac
# Web Dark mode # Web Dark mode
if [ "$WEB_DARKMODE" == "on" ] ; then if [ "$WEB_DARKMODE" == "on" ] ; then
darktype="WebContentsForceDark:inversion_method/cielab_based/image_behavior/none/foreground_lightness_threshold/150/background_lightness_threshold/205" darktype="WebContentsForceDark:inversion_method/cielab_based/image_behavior/none/foreground_lightness_threshold/150/background_lightness_threshold/205"
if [ -z "$CHROMIUM_FLAGS" ] ; then FEATURES+=",$darktype"
CHROMIUM_FLAGS+=" --enable-features=$darktype"
else
CHROMIUM_FLAGS+=",$darktype"
fi
fi fi
CHROMIUM_FLAGS+=" --enable-features=$FEATURES"

@ -315,8 +315,8 @@
%endif %endif
Name: chromium%{chromium_channel} Name: chromium%{chromium_channel}
Version: 125.0.6422.112 Version: 125.0.6422.141
Release: 3%{?dist} Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home Url: http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@ -2127,6 +2127,18 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%endif %endif
%changelog %changelog
* Fri May 31 2024 Than Ngo <than@redhat.com> - 125.0.6422.141-1
- update to 125.0.6422.141
* High CVE-2024-5493: Heap buffer overflow in WebRTC
* High CVE-2024-5494: Use after free in Dawn
* High CVE-2024-5495: Use after free in Dawn
* High CVE-2024-5496: Use after free in Media Session
* High CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
* High CVE-2024-5498: Use after free in Presentation API
* High CVE-2024-5499: Out of bounds write in Streams API
- fixed rhbz#2264332 - Chromium is unable to send/receive video on MS Teams
- cleanup chromium.conf
* Wed May 29 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-3 * Wed May 29 2024 Than Ngo <than@redhat.com> - 125.0.6422.112-3
- build against noopenh264 - build against noopenh264

@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
SHA512 (chromium-125.0.6422.112-clean.tar.xz) = e10413e1c07195b2702c44f3c867d1b3d2c1993584dd41e1ffbbd7f09e416a6678f9bd225a25ed6e244e2b5f9b607156631f35481cd085e3db11218db5ce5d52 SHA512 (chromium-125.0.6422.141-clean.tar.xz) = d3933731cad4ca2ce32e5343709dcff6c60769b43ccc0bdb982f846477a6439974aaeeafac740ddbdc4132e92e3510e4663d9095cc9a02d4a7cad63269adebdb

Loading…
Cancel
Save