d8aadbb750
(dev released 2025-03-27) - Chromium 136.0.7103.17 (beta release 2025-04-03) - dropped patches: fix-build-with-pipewire-1.3.82.patch (upstream) - modified patches: chromium-125-compiler.patch (context) gtk-414.patch (one more place with GSK_SUBSURFACE_NODE) - add patch chromium-135-add_map_droppable.patch add MAP_DROPPABLE introduced by recent QT (boo#1238826, boo#1239780) - Chromium 135.0.7049.52 (stable release 2025-04-01) (boo#1240555) * CVE-2025-3066: Use after free in Navigations * CVE-2025-3067: Inappropriate implementation in Custom Tabs * CVE-2025-3068: Inappropriate implementation in Intents * CVE-2025-3069: Inappropriate implementation in Extensions * CVE-2025-3070: Insufficient validation of untrusted input in Extensions * CVE-2025-3071: Inappropriate implementation in Navigations * CVE-2025-3072: Inappropriate implementation in Custom Tabs * CVE-2025-3073: Inappropriate implementation in Autofill * CVE-2025-3074: Inappropriate implementation in Downloads - drop chromium-134-revert-allowlist.patch (obsolete, gn has been updated) - also use nodejs 22 for sle15 - drop chromium-120-make_unique-struct.patch (not needed) OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium-dev?expand=0&rev=96
23 lines
1.2 KiB
Diff
23 lines
1.2 KiB
Diff
--- chromium-135.0.7023.0/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2025/04/04 08:28:56 1.1
|
|
+++ chromium-135.0.7023.0/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2025/04/04 08:29:47
|
|
@@ -34,6 +34,10 @@
|
|
#include "sandbox/linux/system_headers/linux_syscalls.h"
|
|
#include "sandbox/linux/system_headers/linux_time.h"
|
|
|
|
+#if !defined(MAP_DROPPABLE)
|
|
+#define MAP_DROPPABLE 0x08 // Zero memory under memory pressure.
|
|
+#endif
|
|
+
|
|
#if BUILDFLAG(IS_LINUX) && !defined(__arm__) && !defined(__aarch64__) && \
|
|
!defined(PTRACE_GET_THREAD_AREA)
|
|
// Also include asm/ptrace-abi.h since ptrace.h in older libc (for instance
|
|
@@ -236,7 +240,7 @@
|
|
// TODO(davidung), remove MAP_DENYWRITE with updated Tegra libraries.
|
|
const uint64_t kAllowedMask = MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS |
|
|
MAP_STACK | MAP_NORESERVE | MAP_FIXED |
|
|
- MAP_DENYWRITE | MAP_LOCKED |
|
|
+ MAP_DENYWRITE | MAP_LOCKED | MAP_DROPPABLE |
|
|
kArchSpecificAllowedMask;
|
|
const Arg<int> flags(3);
|
|
return If((flags & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS());
|