From cb7b688afbf238b7cf420126af6eb9d4bddd38d816e15fa7c997124cf0835ff4 Mon Sep 17 00:00:00 2001 From: Callum Farmer Date: Tue, 9 Aug 2022 12:33:33 +0000 Subject: [PATCH] Cr104 OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1716 --- chromium-103-FrameLoadRequest-type.patch | 26 ------- chromium-103-SubstringSetMatcher-packed.patch | 70 ------------------- chromium-103.0.5060.134.tar.xz | 3 - chromium-104-ContentRendererClient-type.patch | 28 ++++++++ ...piler.patch => chromium-104-compiler.patch | 11 +-- chromium-104-tflite-system-zlib.patch | 70 +++++++++++++++++++ chromium-104.0.5112.79.tar.xz | 3 + chromium.changes | 36 ++++++++++ chromium.spec | 14 ++-- 9 files changed, 152 insertions(+), 109 deletions(-) delete mode 100644 chromium-103-FrameLoadRequest-type.patch delete mode 100644 chromium-103-SubstringSetMatcher-packed.patch delete mode 100644 chromium-103.0.5060.134.tar.xz create mode 100644 chromium-104-ContentRendererClient-type.patch rename chromium-103-compiler.patch => chromium-104-compiler.patch (96%) create mode 100644 chromium-104-tflite-system-zlib.patch create mode 100644 chromium-104.0.5112.79.tar.xz diff --git a/chromium-103-FrameLoadRequest-type.patch b/chromium-103-FrameLoadRequest-type.patch deleted file mode 100644 index 62d2f0f..0000000 --- a/chromium-103-FrameLoadRequest-type.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 491bf840da4f76fa3591cc0aa2f4c19cdbe57ec4 Mon Sep 17 00:00:00 2001 -From: Stephan Hartmann -Date: Thu, 12 May 2022 11:58:29 +0000 -Subject: [PATCH] GCC: fix ambiguous references in blink::FrameLoadRequest - -Add namespace to avoid confusion. ---- - third_party/blink/renderer/core/loader/frame_load_request.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/third_party/blink/renderer/core/loader/frame_load_request.h b/third_party/blink/renderer/core/loader/frame_load_request.h -index 444b25c..a86814d 100644 ---- a/third_party/blink/renderer/core/loader/frame_load_request.h -+++ b/third_party/blink/renderer/core/loader/frame_load_request.h -@@ -179,7 +179,7 @@ struct CORE_EXPORT FrameLoadRequest { - impression_ = impression; - } - -- const absl::optional& Impression() const { return impression_; } -+ const absl::optional& Impression() const { return impression_; } - - bool CanDisplay(const KURL&) const; - --- -2.35.1 - diff --git a/chromium-103-SubstringSetMatcher-packed.patch b/chromium-103-SubstringSetMatcher-packed.patch deleted file mode 100644 index f5bc1fe..0000000 --- a/chromium-103-SubstringSetMatcher-packed.patch +++ /dev/null @@ -1,70 +0,0 @@ -From 3d274856e792a361336eb4ae1670bc9c1905f0cb Mon Sep 17 00:00:00 2001 -From: Steinar H. Gunderson -Date: Thu, 12 May 2022 16:42:40 +0200 -Subject: [PATCH] Make AhoCorasickNode 4-aligned. - -This should fix an issue where std::vector could allocate unaligned -memory for AhoCorasickNode, and we'd then return a pointer to -inline_edges, where a caller would expect the pointer to be aligned -but it wasn't. - -Change-Id: Id9dff044c61f8e46062c63b8480b18ebc68c4862 ---- - -diff --git a/base/substring_set_matcher/substring_set_matcher.cc b/base/substring_set_matcher/substring_set_matcher.cc -index e110047..ef0b750 100644 ---- a/base/substring_set_matcher/substring_set_matcher.cc -+++ b/base/substring_set_matcher/substring_set_matcher.cc -@@ -424,7 +424,12 @@ - edges_.inline_edges[num_edges()] = AhoCorasickEdge{label, node}; - if (label == kFailureNodeLabel) { - // Make sure that kFailureNodeLabel is first. -- std::swap(edges_.inline_edges[0], edges_.inline_edges[num_edges()]); -+ // NOTE: We don't use std::swap here, because GCC -+ // doesn't understand that inline_edges[] is 4-aligned -+ // and gives a warning. -+ AhoCorasickEdge temp = edges_.inline_edges[0]; -+ edges_.inline_edges[0] = edges_.inline_edges[num_edges()]; -+ edges_.inline_edges[num_edges()] = temp; - } - --num_free_edges_; - return; -diff --git a/base/substring_set_matcher/substring_set_matcher.cc b/base/substring_set_matcher/substring_set_matcher.cc -index e110047..ef0b750 100644 ---- a/base/substring_set_matcher/substring_set_matcher.h -+++ b/base/substring_set_matcher/substring_set_matcher.h -@@ -154,8 +154,9 @@ - static constexpr uint32_t kEmptyLabel = 0x103; - - // A node in the trie, packed tightly together so that it occupies 12 bytes -- // (both on 32- and 64-bit platforms). -- class AhoCorasickNode { -+ // (both on 32- and 64-bit platforms), but aligned to at least 4 (see the -+ // comment on edges_). -+ class alignas(AhoCorasickEdge) AhoCorasickNode { - public: - AhoCorasickNode(); - ~AhoCorasickNode(); -@@ -178,6 +179,10 @@ - NodeID GetEdgeNoInline(uint32_t label) const; - void SetEdge(uint32_t label, NodeID node); - const AhoCorasickEdge* edges() const { -+ // NOTE: Returning edges_.inline_edges here is fine, because it's -+ // the first thing in the struct (see the comment on edges_). -+ DCHECK_EQ(0u, reinterpret_cast(edges_.inline_edges) % -+ alignof(AhoCorasickEdge)); - return edges_capacity_ == 0 ? edges_.inline_edges : edges_.edges; - } - -@@ -258,6 +263,11 @@ - // in the first slot if it exists (ie., is not equal to kRootID), since we - // need to access that label during every single node we look at during - // traversal. -+ // -+ // NOTE: Keep this the first member in the struct, so that inline_edges gets -+ // 4-aligned (since the class is marked as such, despite being packed. -+ // Otherwise, edges() can return an unaligned pointer marked as aligned -+ // (the unalignedness gets lost). - static constexpr int kNumInlineEdges = 2; - union { - // Out-of-line edge storage, having room for edges_capacity_ elements. diff --git a/chromium-103.0.5060.134.tar.xz b/chromium-103.0.5060.134.tar.xz deleted file mode 100644 index a665151..0000000 --- a/chromium-103.0.5060.134.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e48a272481e41b1aae7aba71b55c41fe9e994cf71edd01c8ca1d0b604af0b571 -size 1488286096 diff --git a/chromium-104-ContentRendererClient-type.patch b/chromium-104-ContentRendererClient-type.patch new file mode 100644 index 0000000..fbbab0b --- /dev/null +++ b/chromium-104-ContentRendererClient-type.patch @@ -0,0 +1,28 @@ +From a61a70605f9efc81fead5bf6984bc5ce39f1569d Mon Sep 17 00:00:00 2001 +From: Stephan Hartmann +Date: Fri, 27 May 2022 18:11:52 +0000 +Subject: [PATCH] libstdc++: fix incomplete type of + content::ContentRendererClient + +Destructor of std::unique_ptr in libstdc++ uses sizeof() which +requires full definition of media::AudioEncoder for return type of +cast_streaming::ResourceProvider. +--- + content/public/renderer/content_renderer_client.cc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/content/public/renderer/content_renderer_client.cc b/content/public/renderer/content_renderer_client.cc +index 63456aa..637a2a7 100644 +--- a/content/public/renderer/content_renderer_client.cc ++++ b/content/public/renderer/content_renderer_client.cc +@@ -6,6 +6,7 @@ + + #include "base/command_line.h" + #include "build/build_config.h" ++#include "components/cast_streaming/renderer/public/resource_provider.h" + #include "content/public/common/content_switches.h" + #include "media/base/demuxer.h" + #include "media/base/renderer_factory.h" +-- +2.35.1 + diff --git a/chromium-103-compiler.patch b/chromium-104-compiler.patch similarity index 96% rename from chromium-103-compiler.patch rename to chromium-104-compiler.patch index 961e386..62fb545 100644 --- a/chromium-103-compiler.patch +++ b/chromium-104-compiler.patch @@ -1,6 +1,6 @@ From 307a0f63dd9b118f4b8470ed3d7567e81fdb7a6d Mon Sep 17 00:00:00 2001 From: Mike Gilbert -Date: Tue, 3 May 2022 10:51:55 +0000 +Date: Fri, 27 May 2022 11:06:49 +0000 Subject: [PATCH] Disable various compiler configs --- @@ -8,7 +8,7 @@ Subject: [PATCH] Disable various compiler configs 1 file changed, 17 insertions(+), 97 deletions(-) diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index f378b95..cb2aeb3 100644 +index c90821e..dcb8b87 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn @@ -286,9 +286,7 @@ config("compiler") { @@ -105,7 +105,7 @@ index f378b95..cb2aeb3 100644 - if (!is_nacl && !(is_chromeos || - default_toolchain == "//build/toolchain/cros:target")) { -- # TODO(https://crbug.com/1316298): Re-enable once test failure is figured out +- # TODO(https://crbug.com/1322823): Remove flags once potential miscompile is investigated. - cflags += [ - "-Xclang", - "-no-opaque-pointers", @@ -211,7 +211,7 @@ index f378b95..cb2aeb3 100644 if (is_win) { if (is_clang) { cflags = [ "/Z7" ] # Debug information in the .obj files. -@@ -2415,7 +2333,8 @@ config("symbols") { +@@ -2413,7 +2331,8 @@ config("symbols") { # Minimal symbols. # This config guarantees to hold symbol for stack trace which are shown to user # when crash happens in unittests running on buildbot. @@ -221,7 +221,7 @@ index f378b95..cb2aeb3 100644 if (is_win) { # Functions, files, and line tables only. cflags = [] -@@ -2488,7 +2407,8 @@ config("minimal_symbols") { +@@ -2486,7 +2405,8 @@ config("minimal_symbols") { # This configuration contains function names only. That is, the compiler is # told to not generate debug information and the linker then just puts function # names in the final debug information. @@ -233,3 +233,4 @@ index f378b95..cb2aeb3 100644 -- 2.35.1 + diff --git a/chromium-104-tflite-system-zlib.patch b/chromium-104-tflite-system-zlib.patch new file mode 100644 index 0000000..bba3729 --- /dev/null +++ b/chromium-104-tflite-system-zlib.patch @@ -0,0 +1,70 @@ +--- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/metadata_extractor.cc ++++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/metadata_extractor.cc +@@ -21,8 +21,8 @@ limitations under the License. + #include "absl/status/status.h" // from @com_google_absl + #include "absl/strings/str_format.h" // from @com_google_absl + #include "absl/strings/string_view.h" // from @com_google_absl +-#include "contrib/minizip/ioapi.h" +-#include "contrib/minizip/unzip.h" ++#include "third_party/zlib/contrib/minizip/ioapi.h" ++#include "third_party/zlib/contrib/minizip/unzip.h" + #include "flatbuffers/flatbuffers.h" // from @flatbuffers + #include "tensorflow/lite/schema/schema_generated.h" + #include "tensorflow_lite_support/cc/common.h" +--- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/metadata_populator.cc ++++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/metadata_populator.cc +@@ -19,8 +19,8 @@ limitations under the License. + #include + #include + +-#include "contrib/minizip/ioapi.h" +-#include "contrib/minizip/zip.h" ++#include "third_party/zlib/contrib/minizip/ioapi.h" ++#include "third_party/zlib/contrib/minizip/zip.h" + #include "flatbuffers/flatbuffers.h" // from @flatbuffers + #include "tensorflow/lite/schema/schema_generated.h" + #include "tensorflow_lite_support/cc/common.h" +--- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.cc ++++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.cc +@@ -19,7 +19,7 @@ limitations under the License. + #include + + #include "absl/strings/string_view.h" // from @com_google_absl +-#include "contrib/minizip/ioapi.h" ++#include "third_party/zlib/contrib/minizip/ioapi.h" + + namespace tflite { + namespace metadata { +--- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.h ++++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.h +@@ -19,7 +19,7 @@ limitations under the License. + #include + + #include "absl/strings/string_view.h" // from @com_google_absl +-#include "contrib/minizip/ioapi.h" ++#include "third_party/zlib/contrib/minizip/ioapi.h" + + namespace tflite { + namespace metadata { +--- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_writable_mem_file.cc ++++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_writable_mem_file.cc +@@ -19,7 +19,7 @@ limitations under the License. + #include + + #include "absl/strings/string_view.h" // from @com_google_absl +-#include "contrib/minizip/ioapi.h" ++#include "third_party/zlib/contrib/minizip/ioapi.h" + + namespace tflite { + namespace metadata { +--- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_writable_mem_file.h ++++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_writable_mem_file.h +@@ -19,7 +19,7 @@ limitations under the License. + #include + + #include "absl/strings/string_view.h" // from @com_google_absl +-#include "contrib/minizip/ioapi.h" ++#include "third_party/zlib/contrib/minizip/ioapi.h" + + namespace tflite { + namespace metadata { diff --git a/chromium-104.0.5112.79.tar.xz b/chromium-104.0.5112.79.tar.xz new file mode 100644 index 0000000..7f7f536 --- /dev/null +++ b/chromium-104.0.5112.79.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:9cc662f1a84c796521ee17ed2808795ca937fe7f77bc605e788f0304a81dabf3 +size 1509100404 diff --git a/chromium.changes b/chromium.changes index 52169db..af84bd8 100644 --- a/chromium.changes +++ b/chromium.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Tue Aug 9 12:29:06 UTC 2022 - Callum Farmer + +- Chromium 104.0.5112.79 (boo#1202075) + * CVE-2022-2603: Use after free in Omnibox + * CVE-2022-2604: Use after free in Safe Browsing + * CVE-2022-2605: Out of bounds read in Dawn + * CVE-2022-2606: Use after free in Managed devices API + * CVE-2022-2607: Use after free in Tab Strip + * CVE-2022-2608: Use after free in Overview Mode + * CVE-2022-2609: Use after free in Nearby Share + * CVE-2022-2610: Insufficient policy enforcement in Background Fetch + * CVE-2022-2611: Inappropriate implementation in Fullscreen API + * CVE-2022-2612: Side-channel information leakage in Keyboard input + * CVE-2022-2613: Use after free in Input + * CVE-2022-2614: Use after free in Sign-In Flow + * CVE-2022-2615: Insufficient policy enforcement in Cookies + * CVE-2022-2616: Inappropriate implementation in Extensions API + * CVE-2022-2617: Use after free in Extensions API + * CVE-2022-2618: Insufficient validation of untrusted input in Internals + * CVE-2022-2619: Insufficient validation of untrusted input in Settings + * CVE-2022-2620: Use after free in WebUI + * CVE-2022-2621: Use after free in Extensions + * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing + * CVE-2022-2623: Use after free in Offline + * CVE-2022-2624: Heap buffer overflow in PDF +- Added patches: + * chromium-104-compiler.patch + * chromium-104-ContentRendererClient-type.patch + * chromium-104-tflite-system-zlib.patch +- Removed patches: + * chromium-103-SubstringSetMatcher-packed.patch + * chromium-103-FrameLoadRequest-type.patch + * chromium-103-compiler.patch +- Use FFmpeg 5.1 on TW + ------------------------------------------------------------------- Sat Jul 23 12:20:39 UTC 2022 - Callum Farmer diff --git a/chromium.spec b/chromium.spec index c111943..0806c27 100644 --- a/chromium.spec +++ b/chromium.spec @@ -39,17 +39,18 @@ %bcond_without system_freetype %bcond_without arm_bti %bcond_without system_icu +%bcond_without ffmpeg_51 %else %bcond_with system_harfbuzz %bcond_with system_freetype %bcond_with arm_bti %bcond_with system_icu +%bcond_with ffmpeg_51 %endif %bcond_without pipewire %bcond_without system_ffmpeg %bcond_without system_zlib %bcond_with system_vpx -%bcond_with ffmpeg_51 # FFmpeg version %if %{with ffmpeg_51} @@ -66,7 +67,7 @@ %endif Name: chromium -Version: 103.0.5060.134 +Version: 104.0.5112.79 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later @@ -101,7 +102,7 @@ Patch10: chromium-disable-parallel-gold.patch Patch11: chromium-lp151-old-drm.patch # gentoo/fedora/arch patchset Patch12: chromium-78-protobuf-RepeatedPtrField-export.patch -Patch15: chromium-103-compiler.patch +Patch15: chromium-104-compiler.patch Patch17: chromium-86-ImageMemoryBarrierData-init.patch Patch21: chromium-gcc11.patch Patch40: chromium-91-java-only-allowed-in-android-builds.patch @@ -115,9 +116,9 @@ Patch78: chromium-98-EnumTable-crash.patch Patch87: chromium-98-gtk4-build.patch Patch90: chromium-100-InMilliseconds-constexpr.patch Patch98: chromium-102-regex_pattern-array.patch -Patch101: chromium-103-FrameLoadRequest-type.patch -Patch102: chromium-103-SubstringSetMatcher-packed.patch Patch103: chromium-103-VirtualCursor-std-layout.patch +Patch104: chromium-104-ContentRendererClient-type.patch +Patch105: chromium-104-tflite-system-zlib.patch Patch201: chromium-86-fix-vaapi-on-intel.patch # PATCH-FIX-SUSE: allow prop codecs to be set with chromium branding Patch202: chromium-prop-codecs.patch @@ -151,6 +152,7 @@ BuildRequires: pkgconfig BuildRequires: python3 BuildRequires: python3-setuptools BuildRequires: python3-six +BuildRequires: (python3-importlib-metadata if python3-base < 3.8) BuildRequires: snappy-devel BuildRequires: update-desktop-files BuildRequires: util-linux @@ -784,6 +786,8 @@ myconf_gn+=" use_system_harfbuzz=true" %if %{with system_freetype} myconf_gn+=" use_system_freetype=true" %endif +myconf_gn+=" use_system_libwayland=true" +myconf_gn+=" use_system_wayland_scanner=true" myconf_gn+=" enable_hangout_services_extension=true" myconf_gn+=" enable_vulkan=true" %if %{with pipewire}