diff --git a/.chromium.metadata b/.chromium.metadata index e8f280bd..3b8e440d 100644 --- a/.chromium.metadata +++ b/.chromium.metadata @@ -1,3 +1,3 @@ -c200de9f287b8c1cb1998ba4bb3336cd957939fe SOURCES/chromium-122.0.6261.57-clean.tar.xz +62dd4bcdc7b0f4c0983c0168feb6a00de483da82 SOURCES/chromium-122.0.6261.69-clean.tar.xz 7e5d2c7864c5c83ec789b59c77cd9c20d2594916 SOURCES/linux-arm64-0.19.2.tgz dea187019741602d57aaf189a80abba261fbd2aa SOURCES/linux-x64-0.19.2.tgz diff --git a/.gitignore b/.gitignore index 2497b3cc..943ac2d9 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ -SOURCES/chromium-122.0.6261.57-clean.tar.xz +SOURCES/chromium-122.0.6261.69-clean.tar.xz SOURCES/linux-arm64-0.19.2.tgz SOURCES/linux-x64-0.19.2.tgz diff --git a/SOURCES/chromium-122-clang-build-flags.patch b/SOURCES/chromium-122-clang-build-flags.patch new file mode 100644 index 00000000..dc1508d7 --- /dev/null +++ b/SOURCES/chromium-122-clang-build-flags.patch @@ -0,0 +1,17 @@ +diff -up chromium-122.0.6261.57/build/config/compiler/BUILD.gn.me chromium-122.0.6261.57/build/config/compiler/BUILD.gn +--- chromium-122.0.6261.57/build/config/compiler/BUILD.gn.me 2024-02-23 12:32:11.248584653 +0100 ++++ chromium-122.0.6261.57/build/config/compiler/BUILD.gn 2024-02-23 12:45:26.672302958 +0100 +@@ -399,6 +399,13 @@ config("compiler") { + } + } + ++ if (is_clang) { ++ cflags += [ "-ftrivial-auto-var-init=zero" ] ++ if (!is_ubsan && !is_ubsan_security) { ++ cflags += [ "-fwrapv" ] ++ } ++ } ++ + # Linker warnings. + if (fatal_linker_warnings && !is_apple && current_os != "aix" && + current_os != "zos") { diff --git a/SOURCES/chromium-122-python3-assignment-expressions.patch b/SOURCES/chromium-122-python3-assignment-expressions.patch new file mode 100644 index 00000000..61ce0378 --- /dev/null +++ b/SOURCES/chromium-122-python3-assignment-expressions.patch @@ -0,0 +1,13 @@ +diff -up chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py.me chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py +--- chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py.me 2024-02-23 12:04:45.451423995 +0100 ++++ chromium-122.0.6261.57/tools/json_to_struct/json_to_struct.py 2024-02-23 12:18:04.099824392 +0100 +@@ -124,7 +124,8 @@ def _GenerateH(basepath, fileroot, head, + f.write(u'#include \n') + f.write(u'\n') + +- if system_headers := schema.get(u'system-headers', []): ++ system_headers = schema.get(u'system-headers', []) ++ if system_headers: + for header in system_headers: + f.write(u'#include <%s>\n' % header) + f.write(u'\n') diff --git a/SPECS/chromium.spec b/SPECS/chromium.spec index 8da2a5d4..f6b7e91c 100644 --- a/SPECS/chromium.spec +++ b/SPECS/chromium.spec @@ -300,7 +300,7 @@ %endif Name: chromium%{chromium_channel} -Version: 122.0.6261.57 +Version: 122.0.6261.69 Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home @@ -452,6 +452,12 @@ Patch312: chromium-119-fstack-protector-strong.patch Patch313: chromium-122-static-assert.patch Patch314: chromium-122-clang16-buildflags.patch +# assignment-expressions not suport in python < 3.8 on el 7/8 +Patch315: chromium-122-python3-assignment-expressions.patch + +# add -ftrivial-auto-var-init=zero and -fwrapv +Patch316: chromium-122-clang-build-flags.patch + # build error Patch351: chromium-121-mnemonic-error.patch @@ -1119,8 +1125,9 @@ udev. %patch -P130 -p1 -b .revert-av1enc %endif -%ifarch aarch64 %if 0%{?rhel} <= 8 +%patch -P315 -p1 -b .assignment-expressions +%ifarch aarch64 %patch -P305 -p1 -b .memory_tagging %endif %endif @@ -1136,6 +1143,7 @@ udev. %patch -P310 -p1 -b .missing-header-files %patch -P311 -p1 -b .clang-warnings %patch -P312 -p1 -b .fstack-protector-strong +%patch -P316 -p1 -b .clang-build-flags %patch -P351 -p1 -b .mnemonic-error @@ -1934,6 +1942,12 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %{chromium_path}/chromedriver %changelog +* Fri Feb 23 2024 Than Ngo - 122.0.6261.69-1 +- update to 122.0.6261.69 +- fix build error on el8 +- bz#2265039, built with -fwrapv for improved memory safety +- bz#2265043, built with -ftrivial-auto-var-init=zero for improved security and preditability + * Wed Feb 21 2024 Than Ngo - 122.0.6261.57-1 - update to 122.0.6261.57 * High CVE-2024-1669: Out of bounds memory access in Blink