chromium: 65.0.3325.181 -> 66.0.3359.117

Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28
Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30
High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20
High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15
High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04
High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12
High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05
High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08
Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01
Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01
Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11
Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19
Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26
Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03
Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03
Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11
Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19
Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20
Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24
Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08
Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18
Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25
Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02
Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27
Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10
Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24
Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02
Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29
Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25
Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13
Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07
Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15
Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15
Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
This commit is contained in:
Herwig Hochleitner 2018-04-21 13:10:41 +02:00
parent dcf7e63f37
commit 2b29e40153
3 changed files with 15 additions and 121 deletions

View File

@ -144,29 +144,7 @@ let
# https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium # https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
# for updated patches and hints about build flags # for updated patches and hints about build flags
# (gentooPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000") # (gentooPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000")
] ++ optionals (versionRange "65" "66") [ ] ++ optionals (versionRange "66" "67") [
(gentooPatch "chromium-stdint.patch" "037gjnc8h087g6dpxz53nqvzbpa9mq0z47h25vix9p62s9nhz2a8")
(gentooPatch "chromium-webrtc-r0.patch" "0wp4zivbv2wpgiwmiznbq1aw4w98mvwjvdy36cpfmnvr8yw430pd")
(gentooPatch "chromium-math.h-r0.patch" "0dlzbdj0lvp9qklgifsvgbn6p1ppxbl3hkwqqqfsw1d9jka9wy8x")
# To enable ChromeCast, go to chrome://flags and set "Load Media Router Component Extension" to Enabled
# Fixes Chromecast: https://bugs.chromium.org/p/chromium/issues/detail?id=734325
(githubPatch "1517db71cccaec48a05cdf30208e0cba7ab9b9a8" "08ac502cwwb05ml3w4wzn66i5c2d1h22xs5rzszwlnhxckxfc0fk")
# GCC 7 fixes
(githubPatch "f64fadcd79aebe5ed893ecbf258d1123609d28f8" "1h255w1v327r08cnifs19s4bwmkinqjmdmbwihddc5dyl43sjnvv")
(githubPatch "4d8468a07f374c11425494271256151fb6fe0c34" "0kqqq8kj0zv5bi1n9mm0vnn8wsgi98mjmj7snpav21fh3pgiqjrm")
(githubPatch "ede5178322ccd297b0ad82ae4c59119ceaab9ea5" "0rsal0dy0yhgs4lhn8h1vy1s77xcssy4f5wals7hvrz5m08jqizj")
(githubPatch "7d721f438acb38db556ae9a9e6e8b718bd503216" "13lzvxm63zq3rd8p387ylq4bm9wr4r09vk2w4p81f838pf0v1kbj")
# Following commit doesn't apply cleanly to stable branch, replace with handcrafted one
#(githubPatch "4f2b52281ce1649ea8347489443965ad33262ecc" "1g59izkicn9cpcphamdgrijs306h5b9i7i4pmy134asn1ifiax5z")
./patches/PlaybackImageProvider-copy-constructor.patch
# * base/optional.h
(githubPatch "f1c8789c71dbdaeeef98ecd52c9715495824e6b0" "0w3d82s10cl10r6zq9vpsscmdhbdkcy0vbdiqy5pvbr031nfxw5w")
(githubPatch "5cae9645215d02cb1f986a181a208f8a4817fc86" "052y0f9nwq6y6jh2gvr1pm8qdcqghyi3jj5svvrp5aqirlkwb7ri")
# * ConfigurationPolicyProviders
(githubPatch "1ee888aed9f9a6291570ce360bcdd2d06bcc68cb" "1bm34p3bsny44sk60j842ghhhx8qaibwpqnfnyndfj96f7nb2az0")
(githubPatch "76da73abaeede740fc97479c09c92a52972bc477" "03rkf514ddj9d32d3zfcnf96kzzdk6cwxvrqj8acyv93vp1hvckr")
#(gentooPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000")
] ++ optionals (versionRange "66" "67") [
(gentooPatch "chromium-webrtc-r0.patch" "0wp4zivbv2wpgiwmiznbq1aw4w98mvwjvdy36cpfmnvr8yw430pd") (gentooPatch "chromium-webrtc-r0.patch" "0wp4zivbv2wpgiwmiznbq1aw4w98mvwjvdy36cpfmnvr8yw430pd")
(gentooPatch "chromium-ffmpeg-r1.patch" "1k8agaqsvg0w0s6s5wh346ih02cc86vr0vwyshw2q9vafa0jvmq4") (gentooPatch "chromium-ffmpeg-r1.patch" "1k8agaqsvg0w0s6s5wh346ih02cc86vr0vwyshw2q9vafa0jvmq4")
# GCC 7 fixes # GCC 7 fixes
@ -176,6 +154,11 @@ let
(githubPatch "ba4141e451f4e0b1b19410b1b503bd32e150df06" "1cjxw1f9fin6z12b0mcxnxf2mdjb0n3chwz7mgvmp9yij8qhqnxj") (githubPatch "ba4141e451f4e0b1b19410b1b503bd32e150df06" "1cjxw1f9fin6z12b0mcxnxf2mdjb0n3chwz7mgvmp9yij8qhqnxj")
(githubPatch "b34ed1e6524479d61ee944ebf6ca7389ea47e563" "1s13zw93nsyr259dzck6gbhg4x46qg5sg14djf4bvrrc6hlkiczw") (githubPatch "b34ed1e6524479d61ee944ebf6ca7389ea47e563" "1s13zw93nsyr259dzck6gbhg4x46qg5sg14djf4bvrrc6hlkiczw")
(githubPatch "4f2b52281ce1649ea8347489443965ad33262ecc" "1g59izkicn9cpcphamdgrijs306h5b9i7i4pmy134asn1ifiax5z") (githubPatch "4f2b52281ce1649ea8347489443965ad33262ecc" "1g59izkicn9cpcphamdgrijs306h5b9i7i4pmy134asn1ifiax5z")
(fetchpatch {
## see https://groups.google.com/a/chromium.org/forum/#!msg/chromium-packagers/So-ojMYOQdI/K66hndtdCAAJ
url = "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch";
sha256 = "0dc4cmd05qjqyihrd4qb34kz0jlapjgah8bzgnvxf9m4791w062z";
})
] ++ optional enableWideVine ./patches/widevine.patch ] ++ optional enableWideVine ./patches/widevine.patch
++ optionals (stdenv.isAarch64 && versionRange "65" "66") [ ++ optionals (stdenv.isAarch64 && versionRange "65" "66") [
./patches/skia_buildfix.patch ./patches/skia_buildfix.patch

View File

@ -1,89 +0,0 @@
--- a/cc/raster/playback_image_provider.cc
+++ b/cc/raster/playback_image_provider.cc
@@ -20,7 +20,7 @@
PlaybackImageProvider::PlaybackImageProvider(
ImageDecodeCache* cache,
const gfx::ColorSpace& target_color_space,
- base::Optional<Settings> settings)
+ base::Optional<Settings>&& settings)
: cache_(cache),
target_color_space_(target_color_space),
settings_(std::move(settings)) {
@@ -70,7 +70,10 @@
}
PlaybackImageProvider::Settings::Settings() = default;
-PlaybackImageProvider::Settings::Settings(const Settings& other) = default;
+PlaybackImageProvider::Settings::Settings(PlaybackImageProvider::Settings&&) =
+ default;
PlaybackImageProvider::Settings::~Settings() = default;
+PlaybackImageProvider::Settings& PlaybackImageProvider::Settings::operator=(
+ PlaybackImageProvider::Settings&&) = default;
} // namespace cc
--- a/cc/raster/playback_image_provider.h
+++ b/cc/raster/playback_image_provider.h
@@ -20,8 +20,10 @@
public:
struct CC_EXPORT Settings {
Settings();
- Settings(const Settings& other);
+ Settings(const Settings&) = delete;
+ Settings(Settings&&);
~Settings();
+ Settings& operator=(Settings&&);
// The set of image ids to skip during raster.
PaintImageIdFlatSet images_to_skip;
@@ -34,7 +36,7 @@
// If no settings are provided, all images are skipped during rasterization.
PlaybackImageProvider(ImageDecodeCache* cache,
const gfx::ColorSpace& target_color_space,
- base::Optional<Settings> settings);
+ base::Optional<Settings>&& settings);
~PlaybackImageProvider() override;
PlaybackImageProvider(PlaybackImageProvider&& other);
--- a/cc/raster/playback_image_provider_unittest.cc
+++ b/cc/raster/playback_image_provider_unittest.cc
@@ -84,7 +84,8 @@ TEST(PlaybackImageProviderTest, SkipsSomeImages) {
settings.emplace();
settings->images_to_skip = {skip_image.stable_id()};
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
+ std::move(settings));
provider.BeginRaster();
SkIRect rect = SkIRect::MakeWH(10, 10);
@@ -100,7 +101,8 @@ TEST(PlaybackImageProviderTest, RefAndUnrefDecode) {
base::Optional<PlaybackImageProvider::Settings> settings;
settings.emplace();
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
+ std::move(settings));
provider.BeginRaster();
{
@@ -133,7 +135,8 @@ TEST(PlaybackImageProviderTest, AtRasterImages) {
settings.emplace();
settings->at_raster_images = {draw_image1, draw_image2};
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
+ std::move(settings));
EXPECT_EQ(cache.refed_image_count(), 0);
provider.BeginRaster();
@@ -158,7 +161,8 @@ TEST(PlaybackImageProviderTest, SwapsGivenFrames) {
settings.emplace();
settings->image_to_current_frame_index = image_to_frame;
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
+ std::move(settings));
provider.BeginRaster();
SkIRect rect = SkIRect::MakeWH(10, 10);

View File

@ -1,18 +1,18 @@
# This file is autogenerated from update.sh in the same directory. # This file is autogenerated from update.sh in the same directory.
{ {
beta = { beta = {
sha256 = "18dampi62wwvscywvdz8lil0zhxdr4p6bhr4yv08arz029w356lc"; sha256 = "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp";
sha256bin64 = "129jq8ynj4y81rhzxyyfcfpllq3a6ddhiy766zw28s7d43q4zca2"; sha256bin64 = "067gpmiwnpdaqarkz740plg0ixpp7642xf4qqkq32w9v8flx3y57";
version = "66.0.3359.45"; version = "66.0.3359.117";
}; };
dev = { dev = {
sha256 = "09x7p83p188ms0awxj3kl9kdx796ns6m42smqd3jccnljx54jls2"; sha256 = "0058g5dm5nfm7wdpd9y4fn0dmi8bq013l0ky5fsn4j7msm55rrg5";
sha256bin64 = "1aa24gvbf9awm59n05jkb4wy6ssr7fns4rl1hd2c66cq2d4mx3d8"; sha256bin64 = "1ag8kg3jjv6jsxdjq33h4ksqhhhfaz5aqw9jaaqhfma908c5mc9y";
version = "67.0.3377.1"; version = "67.0.3396.10";
}; };
stable = { stable = {
sha256 = "11w6wg862ixbgm7dpqag2lmbjknv83zlr9imd8zchvmrqr468rlk"; sha256 = "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp";
sha256bin64 = "0r14w94aa7zg2i3zjpwvb7d6fg9yg0xkki7jzcpjmzwygy78fs16"; sha256bin64 = "1ycfq6pqk7a9kyqf2112agcxav360rxbqqdc1yil0qkmz51i9zdg";
version = "65.0.3325.181"; version = "66.0.3359.117";
}; };
} }