From ebef65c90459c4032252ff706edf54d44f363b31 Mon Sep 17 00:00:00 2001 From: Than Ngo Date: Wed, 8 Nov 2023 18:48:06 +0100 Subject: [PATCH] update to 119.0.6045.123, security fix for high CVE-2023-5996: Use after free in WebAudio --- chromium.spec | 24 +++++++++++------------- sources | 2 +- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/chromium.spec b/chromium.spec index ff3f2a3c..43648033 100644 --- a/chromium.spec +++ b/chromium.spec @@ -263,8 +263,8 @@ %endif Name: chromium%{chromium_channel} -Version: 119.0.6045.105 -Release: 2%{?dist} +Version: 119.0.6045.123 +Release: 1%{?dist} Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use Url: http://www.chromium.org/Home License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only) @@ -373,7 +373,7 @@ Patch130: chromium-119-revert-av1enc-el9.patch # file conflict with old kernel on el8/el9 Patch140: chromium-118-dma_buf_export_sync_file-conflict.patch -# fixes for old clang version in fedora < 38 end epel (old clang <= 15) +# fixes for old clang version in fedora < 38 end epel < 9 (old clang <= 15) # compiler build errors, no matching constructor for initialization Patch300: chromium-119-no_matching_constructor.patch Patch301: chromium-115-compiler-SkColor4f.patch @@ -722,19 +722,13 @@ Requires: u2f-hidraw-policy Requires: chromium-common%{_isa} = %{version}-%{release} -# rhel 7: ia32 x86_64 -# rhel 8+: ia32, x86_64, aarch64 -# fedora 32 or older: ia32, x86_64, aarch64 -# fedora 33+: x86_64 aarch64 only +# rhel 7: x86_64 +# rhel 8+ and fedora 37+: x86_64 aarch64 %if 0%{?rhel} == 7 ExclusiveArch: x86_64 %else -%if 0%{?fedora} > 32 -ExclusiveArch: x86_64 aarch64 -%else ExclusiveArch: x86_64 aarch64 %endif -%endif # Bundled bits (I'm sure I've missed some) Provides: bundled(angle) = 2422 @@ -756,7 +750,7 @@ Provides: bundled(fdmlibm) = 5.3 # Don't get too excited. MPEG and other legally problematic stuff is stripped out. %if %{bundleffmpegfree} -Provides: bundled(ffmpeg) = 5.1.2 +Provides: bundled(ffmpeg) = 6.0 %endif %if %{bundlelibaom} @@ -992,7 +986,7 @@ udev. %endif %if %{clang} -%if 0%{?rhel} || 0%{?fedora} < 38 +%if 0%{?rhel} < 9 || 0%{?fedora} < 38 %patch -P300 -p1 -b .no_matching_constructor %patch -P301 -p1 -b .workaround_clang-SkColor4f %patch -P302 -p1 -b .workaround_clang_bug-structured_binding @@ -1709,6 +1703,10 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt %{chromium_path}/chromedriver %changelog +* Wed Nov 08 2023 Than Ngo - 119.0.6045.123-1 +- update to 119.0.6045.123, include following security fixes: + high CVE-2023-5996: Use after free in WebAudio + * Tue Nov 07 2023 Than Ngo - 119.0.6045.105-2 - enable debuginfo diff --git a/sources b/sources index d22a560e..cbd405ba 100644 --- a/sources +++ b/sources @@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d -SHA512 (chromium-119.0.6045.105-clean.tar.xz) = bf63e71c5b993c146c0876ac036768d7adb5d9b4591c55a2c1e54981995c4298abd835de20e06a1dacc82372bd6b908a2acce6a054a9d137cf6d4e2688a5f266 +SHA512 (chromium-119.0.6045.123-clean.tar.xz) = 3082cc77b5174a2f4b15a86ef2f7cdab5581a1d808f5ae71aa2dbae35aea6c368e25aa78e7232792421a3939f97df60a3d23e9ba98dfd6e0373ba8898d8ecc0a