chromium/ungoogled-chromium
SHA256
10
0
Fork 0
forked from pool/ungoogled-chromium
Code Pull Requests Activity
Files
main
ungoogled-chromium/chromium-135-add_map_droppable.patch
Ruediger Oertel 41f0d5c0de - Chromium 136.0.7103.17 
(beta release 2025-04-03)
- dropped patches:
  fix-build-with-pipewire-1.3.82.patch (upstream)
- modified patches:
  chromium-125-compiler.patch (context)
  gtk-414.patch (one more place with GSK_SUBSURFACE_NODE)
- bump esbuild from 0.24.0 to 0.25.1
  * Fix incorrect paths in inline source maps (#4070, #4075, #4105)
  * Fix invalid generated source maps (#4080, #4082, #4104, #4107)
  * Fix a regression with non-file source map paths (#4078)
  * Update Go from 1.23.5 to 1.23.7 (#4076, #4077)

- add patch chromium-135-add_map_droppable.patch
  add MAP_DROPPABLE introduced by recent QT
  (boo#1238826, boo#1239780)

- Chromium 135.0.7049.52
  (stable release 2025-04-01) (boo#1240555)
  * CVE-2025-3066: Use after free in Navigations
  * CVE-2025-3067: Inappropriate implementation in Custom Tabs
  * CVE-2025-3068: Inappropriate implementation in Intents
  * CVE-2025-3069: Inappropriate implementation in Extensions
  * CVE-2025-3070: Insufficient validation of untrusted input in Extensions
  * CVE-2025-3071: Inappropriate implementation in Navigations
  * CVE-2025-3072: Inappropriate implementation in Custom Tabs
  * CVE-2025-3073: Inappropriate implementation in Autofill
  * CVE-2025-3074: Inappropriate implementation in Downloads

- drop chromium-134-revert-allowlist.patch

OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium-beta?expand=0&rev=199
2025-04-04 12:07:06 +00:00

23 lines
1.2 KiB
Diff
Raw Permalink Blame History

--- chromium-135.0.7023.0/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2025/04/04 08:28:56 1.1
+++ chromium-135.0.7023.0/sandbox/linux/seccomp-bpf-helpers/syscall_parameters_restrictions.cc 2025/04/04 08:29:47
@@ -34,6 +34,10 @@
#include "sandbox/linux/system_headers/linux_syscalls.h"
#include "sandbox/linux/system_headers/linux_time.h"
+#if !defined(MAP_DROPPABLE)
+#define MAP_DROPPABLE 0x08 // Zero memory under memory pressure.
+#endif
+
#if BUILDFLAG(IS_LINUX) && !defined(__arm__) && !defined(__aarch64__) && \
!defined(PTRACE_GET_THREAD_AREA)
// Also include asm/ptrace-abi.h since ptrace.h in older libc (for instance
@@ -236,7 +240,7 @@
// TODO(davidung), remove MAP_DENYWRITE with updated Tegra libraries.
const uint64_t kAllowedMask = MAP_SHARED | MAP_PRIVATE | MAP_ANONYMOUS |
MAP_STACK | MAP_NORESERVE | MAP_FIXED |
- MAP_DENYWRITE | MAP_LOCKED |
+ MAP_DENYWRITE | MAP_LOCKED | MAP_DROPPABLE |
kArchSpecificAllowedMask;
const Arg<int> flags(3);
return If((flags & ~kAllowedMask) == 0, Allow()).Else(CrashSIGSYS());
View Git Blame Copy Permalink