chromium/ungoogled-chromium
SHA256
10
0
Fork 0
forked from pool/ungoogled-chromium
Code Pull Requests Activity
Files
main
ungoogled-chromium/chromium-133-bring_back_and_disable_allowlist.patch
Ruediger Oertel 4182399785 - dropped patches: 
chromium-134-revert-allowlist.patch
  (need updated gn anyway)

- replace patch
  chromium-134-specialize-some-to_value_list.patch
  by patch
  chromium-134-type-mismatch-error.patch (from fedora)
- Chromium 134.0.6998.35
  (stable release 2025-03-04) (boo#1238575)
  * CVE-2025-1914: Out of bounds read in V8
  * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools
  * CVE-2025-1916: Use after free in Profiles
  * CVE-2025-1917: Inappropriate Implementation in Browser UI
  * CVE-2025-1918: Out of bounds read in PDFium
  * CVE-2025-1919: Out of bounds read in Media
  * CVE-2025-1921: Inappropriate Implementation in Media Stream
  * CVE-2025-1922: Inappropriate Implementation in Selection
  * CVE-2025-1923: Inappropriate Implementation in Permission Prompts
- modified patches:
  fix_building_widevinecdm_with_chromium.patch
  (do not define WIDEVINE_CDM_VERSION_STRING, gone upstream)
  system-libdrm.patch (context update)
- added patches:
  chromium-134-revert-allowlist.patch
  (avoid having to update gn on all targets)
  chromium-134-revert-rust-adler2.patch
  (revert rust change from adler to adler2 while we have 1.83)
  chromium-134-specialize-some-to_value_list.patch
- dropped patches (llvm17 is gone):

OBS-URL: https://build.opensuse.org/package/show/network:chromium/ungoogled-chromium?expand=0&rev=106
2025-03-06 23:22:12 +00:00

61 lines
2.6 KiB
Diff
Raw Permalink Blame History

--- chromium-133.0.6943.98/media/base/media_switches.h 2025/02/18 15:56:48 1.1
+++ chromium-133.0.6943.98/media/base/media_switches.h 2025/02/18 15:57:20
@@ -516,6 +516,8 @@
MEDIA_EXPORT BASE_DECLARE_FEATURE(kUseWindowBoundsForPip);
+MEDIA_EXPORT BASE_DECLARE_FEATURE(kFFmpegAllowLists);
+
MEDIA_EXPORT BASE_DECLARE_FEATURE(kMediaLogToConsole);
MEDIA_EXPORT BASE_DECLARE_FEATURE(kLibvpxUseChromeThreads);
--- chromium-133.0.6943.98/media/base/media_switches.cc 2025/02/18 15:56:07 1.1
+++ chromium-133.0.6943.98/media/base/media_switches.cc 2025/02/18 15:56:48
@@ -1657,6 +1657,11 @@
"UseWindowBoundsForPip",
base::FEATURE_ENABLED_BY_DEFAULT);
+// Enables FFmpeg allow lists for supported codecs / containers.
+BASE_FEATURE(kFFmpegAllowLists,
+ "FFmpegAllowLists",
+ base::FEATURE_DISABLED_BY_DEFAULT);
+
#if BUILDFLAG(IS_WIN)
// Enables audio offload when supported by endpoints.
BASE_FEATURE(kAudioOffload, "AudioOffload", base::FEATURE_DISABLED_BY_DEFAULT);
--- chromium-133.0.6943.98/media/ffmpeg/ffmpeg_common.cc 2025/02/18 16:03:18 1.1
+++ chromium-133.0.6943.98/media/ffmpeg/ffmpeg_common.cc 2025/02/18 16:04:02
@@ -19,6 +19,7 @@
#include "media/base/audio_decoder_config.h"
#include "media/base/decoder_buffer.h"
#include "media/base/encryption_scheme.h"
+#include "media/base/media_switches.h"
#include "media/base/media_util.h"
#include "media/base/supported_types.h"
#include "media/base/video_aspect_ratio.h"
@@ -76,7 +76,8 @@
void ApplyCodecContextSecuritySettings(AVCodecContext* codec_context) {
// Future versions of ffmpeg may copy the allow list from the format
// context.
- if (!codec_context->codec_whitelist) {
+ if (base::FeatureList::IsEnabled(kFFmpegAllowLists) &&
+ !codec_context->codec_whitelist) {
// Note: FFmpeg will try to free this string, so we must duplicate it.
codec_context->codec_whitelist =
av_strdup(codec_context->codec_type == AVMEDIA_TYPE_AUDIO
--- chromium-133.0.6943.98/media/filters/ffmpeg_glue.cc 2025/02/18 16:06:06 1.1
+++ chromium-133.0.6943.98/media/filters/ffmpeg_glue.cc 2025/02/18 16:07:06
@@ -131,8 +131,10 @@
// memory usage.
//
// Note: FFmpeg will try to free these strings, so we must duplicate them.
- format_context_->codec_whitelist = av_strdup(GetAllowedAudioDecoders());
- format_context_->format_whitelist = av_strdup(GetAllowedDemuxers());
+ if (base::FeatureList::IsEnabled(kFFmpegAllowLists)) {
+ format_context_->codec_whitelist = av_strdup(GetAllowedAudioDecoders());
+ format_context_->format_whitelist = av_strdup(GetAllowedDemuxers());
+ }
}
bool FFmpegGlue::OpenContext(bool is_local_file) {
View Git Blame Copy Permalink