Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2021-10-12 21:48:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new.2443 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Tue Oct 12 21:48:23 2021 rev:306 rq:924488 version:94.0.4606.81 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2021-10-04 18:40:05.202069388 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new.2443/chromium.changes 2021-10-12 21:49:19.263868949 +0200 @@ -1,0 +2,22 @@ +Sat Oct 9 19:13:28 UTC 2021 - Callum Farmer <gm...@opensuse.org> + +- Disable DCHECK(): that's for debug only + +------------------------------------------------------------------- +Sat Oct 9 12:53:41 UTC 2021 - Callum Farmer <gm...@opensuse.org> + +- Add pipewire-do-not-typecheck-the-portal-session_handle.patch: + fix WebRTC with xdg-desktop-portal 1.10 + +------------------------------------------------------------------- +Fri Oct 8 19:33:03 UTC 2021 - Callum Farmer <gm...@opensuse.org> + +- Chromium 94.0.4606.81 (boo#1191463): + * CVE-2021-37977: Use after free in Garbage Collection + * CVE-2021-37978: Heap buffer overflow in Blink + * CVE-2021-37979: Heap buffer overflow in WebRTC + * CVE-2021-37980: Inappropriate implementation in Sandbox +- Re-add after accidental deletion: + * chromium-93-InkDropHost-crash.patch + +------------------------------------------------------------------- Old: ---- chromium-94.0.4606.71.tar.xz New: ---- chromium-93-InkDropHost-crash.patch chromium-94.0.4606.81.tar.xz pipewire-do-not-typecheck-the-portal-session_handle.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.ummLdk/_old 2021-10-12 21:49:28.475882136 +0200 +++ /var/tmp/diff_new_pack.ummLdk/_new 2021-10-12 21:49:28.475882136 +0200 @@ -43,7 +43,7 @@ %bcond_with lto %bcond_without clang Name: chromium -Version: 94.0.4606.71 +Version: 94.0.4606.81 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later @@ -98,6 +98,8 @@ Patch65: chromium-94-sql-no-assert.patch Patch67: chromium-older-harfbuzz.patch Patch68: chromium-94-ffmpeg-roll.patch +Patch69: chromium-93-InkDropHost-crash.patch +Patch70: pipewire-do-not-typecheck-the-portal-session_handle.patch # Google seem not too keen on merging this but GPU accel is quite important # https://chromium-review.googlesource.com/c/chromium/src/+/532294 # https://github.com/saiarcot895/chromium-ubuntu-build/tree/master/debian/patches @@ -680,6 +682,7 @@ %endif myconf_gn+=" host_os=\"linux\"" myconf_gn+=" is_debug=false" +myconf_gn+=" dcheck_always_on=false" myconf_gn+=" enable_nacl=false" %if %{with swiftshader} myconf_gn+=" use_swiftshader_with_subzero=true" ++++++ chromium-93-InkDropHost-crash.patch ++++++ diff -up chromium-94.0.4606.71/ui/views/animation/ink_drop_host_view.h.InkDropHost-crash chromium-94.0.4606.71/ui/views/animation/ink_drop_host_view.h --- chromium-94.0.4606.71/ui/views/animation/ink_drop_host_view.h.InkDropHost-crash 2021-10-05 16:04:46.313586509 -0400 +++ chromium-94.0.4606.71/ui/views/animation/ink_drop_host_view.h 2021-10-05 16:05:12.213732558 -0400 @@ -228,6 +228,11 @@ class VIEWS_EXPORT InkDropHost { // Used to observe View and inform the InkDrop of host-transform changes. ViewLayerTransformObserver host_view_transform_observer_; + // Declared before |ink_drop_|, because InkDropImpl may call + // RemoveInkDropLayer on partly destructed InkDropHost. In + // that case |ink_drop_mask_| must be still valid. + std::unique_ptr<views::InkDropMask> ink_drop_mask_; + // Should not be accessed directly. Use GetInkDrop() instead. std::unique_ptr<InkDrop> ink_drop_; @@ -249,8 +254,6 @@ class VIEWS_EXPORT InkDropHost { int ink_drop_small_corner_radius_ = 2; int ink_drop_large_corner_radius_ = 4; - std::unique_ptr<views::InkDropMask> ink_drop_mask_; - base::RepeatingCallback<std::unique_ptr<InkDrop>()> create_ink_drop_callback_; base::RepeatingCallback<std::unique_ptr<InkDropRipple>()> create_ink_drop_ripple_callback_; ++++++ chromium-94.0.4606.71.tar.xz -> chromium-94.0.4606.81.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-94.0.4606.71.tar.xz /work/SRC/openSUSE:Factory/.chromium.new.2443/chromium-94.0.4606.81.tar.xz differ: char 26, line 1 ++++++ pipewire-do-not-typecheck-the-portal-session_handle.patch ++++++ >From 408e4da26f1b782005ab10307c83892055d7ef45 Mon Sep 17 00:00:00 2001 From: Robert Mader <robert.ma...@posteo.de> Date: Mon, 20 Sep 2021 15:15:31 +0200 Subject: [PATCH] Pipewire: Do not typecheck the portal session_handle MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Desktop sharing via Pipewire will break for clients updating to xdg-desktop-portal 1.10 due to a bug fix in the API implementation[1]. This ports over a fix from OBS Studio[2] that also is used in the downstream Firefox WebRTC copy[3]. 1: https://github.com/flatpak/xdg-desktop-portal/pull/609 2: https://github.com/obsproject/obs-studio/pull/5294 3: https://phabricator.services.mozilla.com/D126053 Bug: webrtc:13192 Change-Id: I497dd1bb53cc39dee3732c2e0014e2e36a7afb6c Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/232329 Reviewed-by: Erik Spr??ng <spr...@webrtc.org> Reviewed-by: Tommi <to...@webrtc.org> Commit-Queue: Tommi <to...@webrtc.org> Cr-Commit-Position: refs/heads/main@{#35153} --- modules/desktop_capture/linux/base_capturer_pipewire.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/desktop_capture/linux/base_capturer_pipewire.cc b/modules/desktop_capture/linux/base_capturer_pipewire.cc index 2d5e973..45229b2 100644 --- a/third_party/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc +++ b/third_party/webrtc/modules/desktop_capture/linux/base_capturer_pipewire.cc @@ -801,8 +801,9 @@ void BaseCapturerPipeWire::OnSessionRequestResponseSignal( Scoped<GVariant> response_data; g_variant_get(parameters, "(u@a{sv})", &portal_response, response_data.receive()); - g_variant_lookup(response_data.get(), "session_handle", "s", - &that->session_handle_); + Scoped<GVariant> session_handle( + g_variant_lookup_value(response_data.get(), "session_handle", nullptr)); + that->session_handle_ = g_variant_dup_string(session_handle.get(), nullptr); if (!that->session_handle_ || portal_response) { RTC_LOG(LS_ERROR)
