Summary: | www-client/chromium-112.0.5615.49 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Maciej S. Szmigiero <mail> |
Component: | Current packages | Assignee: | Chromium Project <chromium> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | francoisvalenduc, jwbraun, me, sam, security |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://github.com/gentoo/gentoo/pull/30468 https://chromium-review.googlesource.com/c/chromium/src/+/4276241 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 904252 | ||
Attachments: |
ebuild for chromium-112.0.5615.49
patches used by archlinux |
Description
Maciej S. Szmigiero
2023-04-11 09:48:41 UTC
There's a PR from the well-known ungoogled-chromium person at https://github.com/gentoo/gentoo/pull/30468. (In reply to Sam James from comment #1) > There's a PR from the well-known ungoogled-chromium person at > https://github.com/gentoo/gentoo/pull/30468. ...ah, but I see it isn't ready Version 112.0.5615.49 includes 16 security fixes (two with high CVE ratings): [1414018] High CVE-2023-1810: Heap buffer overflow in Visuals [1420510] High CVE-2023-1811: Use after free in Frames [1418224] Medium CVE-2023-1812: Out of bounds memory access in DOM Bindings [1423258] Medium CVE-2023-1813: Inappropriate implementation in Extensions [1417325] Medium CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing [1278708] Medium CVE-2023-1815: Use after free in Networking APIs [1413919] Medium CVE-2023-1816: Incorrect security UI in Picture In Picture [1418061] Medium CVE-2023-1817: Insufficient policy enforcement in Intents [1223346] Medium CVE-2023-1818: Use after free in Vulkan [1406588] Medium CVE-2023-1819: Out of bounds read in Accessibility [1408120] Medium CVE-2023-1820: Heap buffer overflow in Browser History [1413618] Low CVE-2023-1821: Inappropriate implementation in WebShare [1066555] Low CVE-2023-1822: Incorrect security UI in Navigation [1406900] Low CVE-2023-1823: Inappropriate implementation in FedCM (see https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop.html) The update is already out now for 8 days. Please update ASAP. (In reply to gentoolinux from comment #3) > > The update is already out now for 8 days. Please update ASAP. Updating to a new major version is non-trivial as it always takes work to get it building with GCC. Of course, there is a backup option of forcing it to be built with Clang which can be done in the ebuild in extremis. I tried compiling the latest version, but it ends with this error: In file included from ../../third_party/skia/include/core/SkString.h:14, from ../../third_party/skia/include/core/SkCanvas.h:27, from ../../cc/paint/paint_canvas.h:18, from ../../third_party/blink/public/web/web_plugin.h:35, from ../../components/plugins/renderer/webview_plugin.h:25: ../../third_party/skia/include/private/base/SkTArray.h:520:33: warning: ‘cfi’ attribute directive ignored [-Wattributes] 520 | static T* TCast(void* buffer) { | ^ In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/memory:75, from ../../chrome/renderer/chrome_content_renderer_client.h:11: /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h: In instantiation of ‘void std::default_delete<_Tp>::operator()(_Tp*) const [with _Tp = blink::URLLoader]’: /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:396:17: required from ‘std::unique_ptr<_Tp, _Dp>::~unique_ptr() [with _Tp = blink::URLLoader; _Dp = std::default_delete<blink::URLLoader>]’ ../../third_party/blink/public/web/web_local_frame_client.h:678:12: required from here /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:93:23: error: invalid application of ‘sizeof’ to incomplete type ‘blink::URLLoader’ I used the same patches as those from the patchset for the 111 version, which all applies. Created attachment 859951 [details]
ebuild for chromium-112.0.5615.49
Here is my test ebuild. I also used the patches used in archlinux.
Created attachment 859952 [details]
patches used by archlinux
(In reply to François Valenduc from comment #5) I think this changeset will resolve that error. I am testing it now. https://chromium-review.googlesource.com/c/chromium/src/+/4276241 I tried compiling chromium with gcc and the patch suggested. Compilation goes further, but it now fails like this: FAILED: obj/ui/linux/linux_ui_factory/fallback_linux_ui.o x86_64-pc-linux-gnu-g++ -MMD -MF obj/ui/linux/linux_ui_factory/fallback_linux_ui.o.d -DIS_LINUX_UI_FACTORY_IMPL -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_OZONE=1 -DOFFICIAL_BUILD -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -DNO_UNWIND_TABLES -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_56 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_56 -DVK_USE_PLATFORM_XCB_KHR -DUSE_EGL -DLIBYUV_DISABLE_NEON -DTOOLKIT_VIEWS=1 -DSK_CODEC_DECODES_PNG -DSK_CODEC_DECODES_WEBP -DSK_ENCODE_PNG -DSK_ENCODE_WEBP -DSK_ENABLE_SKSL -DSK_UNTIL_CRBUG_1187654_IS_FIXED -DSK_USER_CONFIG_HEADER=\"../../skia/config/SkUserConfig.h\" -DSK_WIN_FONTMGR_NO_SIMULATIONS -DSK_GL -DSK_CODEC_DECODES_JPEG -DSK_ENCODE_JPEG -DSK_HAS_WUFFS_LIBRARY -DSK_VULKAN=1 -DSK_SUPPORT_GPU=1 -DSK_GPU_WORKAROUNDS_HEADER=\"gpu/config/gpu_driver_bug_workaround_autogen.h\" -DUSING_SYSTEM_ICU=1 -DICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC -DU_IMPORT=U_EXPORT -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DGOOGLE_PROTOBUF_INTERNAL_DONATE_STEAL_INLINE=0 -DHAVE_PTHREAD -I../.. -Igen -I../../third_party/perfetto/include -Igen/third_party/perfetto/build_config -Igen/third_party/perfetto -Igen/shim_headers/zlib_shim -Igen/shim_headers/icui18n_shim -Igen/shim_headers/icuuc_shim -Igen/shim_headers/libpng_shim -Igen/shim_headers/libwebp_shim -Igen/third_party/dawn/include -I../../third_party/dawn/include -I../../third_party/khronos -I../../gpu -I../../third_party/vulkan-deps/vulkan-headers/src/include -Igen/shim_headers/re2_shim -I../../third_party/libyuv/include -Igen/shim_headers/flac_shim -Igen/shim_headers/aom_shim -Igen/shim_headers/openh264_shim -Igen/shim_headers/dav1d_shim -I../../third_party/jsoncpp/source/include -I../../third_party/abseil-cpp -I../../third_party/boringssl/src/include -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/ipcz/include -I../../third_party/skia -I../../third_party/wuffs/src/release/c -I../../third_party/vulkan/include -I../../third_party/ced/src -I../../net/third_party/quiche/overrides -I../../net/third_party/quiche/src/quiche/common/platform/default -I../../net/third_party/quiche/src -Igen/net/third_party/quiche/src -Wno-unused-local-typedefs -Wno-maybe-uninitialized -Wno-deprecated-declarations -Wno-comments -Wno-packed-not-aligned -Wno-missing-field-initializers -Wno-unused-parameter -Wno-psabi -fno-ident -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -fno-unwind-tables -fno-asynchronous-unwind-tables -fPIC -pipe -pthread -fno-omit-frame-pointer -fvisibility=hidden -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/lib64/libffi/include -I/usr/include/nss -I/usr/include/nspr -Wno-narrowing -Wno-class-memaccess -std=gnu++2a -fno-exceptions -fno-rtti -fvisibility-inlines-hidden -march=skylake -O2 -pipe -c ../../ui/linux/fallback_linux_ui.cc -o obj/ui/linux/linux_ui_factory/fallback_linux_ui.o In file included from ../../ui/gfx/platform_font.h:13, from ../../ui/linux/fallback_linux_ui.cc:12: ../../third_party/skia/include/core/SkRefCnt.h:220:44: warning: ‘clang::trivial_abi’ scoped attribute directive ignored [-Wattributes] 220 | template <typename T> class SK_TRIVIAL_ABI sk_sp { | ^~~~~ In file included from ../../third_party/skia/include/core/SkString.h:14, from ../../third_party/skia/include/core/SkTypeface.h:16, from ../../ui/gfx/platform_font.h:14: ../../third_party/skia/include/private/base/SkTArray.h:520:33: warning: ‘cfi’ attribute directive ignored [-Wattributes] 520 | static T* TCast(void* buffer) { | ^ In file included from /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/memory:75, from ../../skia/ext/skia_histogram.h:11, from ../../third_party/khronos/../../skia/config/SkUserConfig.h:126, from ../../third_party/skia/include/private/base/SkLoadUserConfig.h:24, from ../../third_party/skia/include/core/SkTypes.h:17, from ../../third_party/skia/include/core/SkSurfaceProps.h:11, from ../../ui/gfx/font_render_params.h:13, from ../../ui/linux/fallback_linux_ui.h:8, from ../../ui/linux/fallback_linux_ui.cc:5: /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h: In instantiation of ‘void std::default_delete<_Tp>::operator()(_Tp*) const [with _Tp = ui::LinuxInputMethodContext]’: /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:396:17: required from ‘std::unique_ptr<_Tp, _Dp>::~unique_ptr() [with _Tp = ui::LinuxInputMethodContext; _Dp = std::default_delete<ui::LinuxInputMethodContext>]’ ../../ui/linux/fallback_linux_ui.cc:35:10: required from here /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:93:23: error: invalid application of ‘sizeof’ to incomplete type ‘ui::LinuxInputMethodContext’ 93 | static_assert(sizeof(_Tp)>0, | ^~~~~~~~~~~ /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h: In instantiation of ‘void std::default_delete<_Tp>::operator()(_Tp*) const [with _Tp = ui::NavButtonProvider]’: /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:396:17: required from ‘std::unique_ptr<_Tp, _Dp>::~unique_ptr() [with _Tp = ui::NavButtonProvider; _Dp = std::default_delete<ui::NavButtonProvider>]’ ../../ui/linux/fallback_linux_ui.cc:133:10: required from here /usr/lib/gcc/x86_64-pc-linux-gnu/12/include/g++-v12/bits/unique_ptr.h:93:23: error: invalid application of ‘sizeof’ to incomplete type ‘ui::NavButtonProvider’ However, compilation with clang works. I had to remove this: myconf_gn+=" enable_js_type_check=false" Otherwise, there is a warning in the configuration step. |