chromium: 65.0.3325.181 -> 66.0.3359.117
Critical CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-28 Critical CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson on 2018-03-30 High CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous on 2018-02-20 High CVE-2018-6088: Use after free in PDFium. Reported by Anonymous on 2018-03-15 High CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu on 2018-02-04 High CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song on 2018-03-12 High CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-10-05 High CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich of Google Project Zero on 2018-03-08 Medium CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-01 Medium CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf on 2016-08-01 Medium CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi (@qab) on 2016-08-11 Medium CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-19 Medium CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr of Tencent's Xuanwu Lab on 2018-01-26 Medium CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-03 Medium CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu (@shhnjk) on 2018-02-03 Medium CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang on 2018-02-11 Medium CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu on 2018-02-19 Medium CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-20 Medium CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani on 2018-02-24 Medium CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-03-08 Medium CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-01-18 Medium CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt of Google Project Zero on 2018-01-25 Medium CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-02 Medium CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani on 2018-02-27 Low CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber (@DoWeb_) on 2017-04-10 Low CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian (aka blastxiang) on 2017-10-24 Low CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani on 2017-11-02 Low CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu on 2017-12-29 Low CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani on 2018-01-25 Low CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang on 2018-02-13 Low CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher on 2018-03-07 Low CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Jin from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd. on 2018-03-15 Low CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey on 2018-03-15 Low CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. Reported by Ian Beer of Google Project Zero on 2018-03-15
This commit is contained in:
parent
dcf7e63f37
commit
2b29e40153
|
@ -144,29 +144,7 @@ let
|
|||
# https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium
|
||||
# for updated patches and hints about build flags
|
||||
# (gentooPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000")
|
||||
] ++ optionals (versionRange "65" "66") [
|
||||
(gentooPatch "chromium-stdint.patch" "037gjnc8h087g6dpxz53nqvzbpa9mq0z47h25vix9p62s9nhz2a8")
|
||||
(gentooPatch "chromium-webrtc-r0.patch" "0wp4zivbv2wpgiwmiznbq1aw4w98mvwjvdy36cpfmnvr8yw430pd")
|
||||
(gentooPatch "chromium-math.h-r0.patch" "0dlzbdj0lvp9qklgifsvgbn6p1ppxbl3hkwqqqfsw1d9jka9wy8x")
|
||||
# To enable ChromeCast, go to chrome://flags and set "Load Media Router Component Extension" to Enabled
|
||||
# Fixes Chromecast: https://bugs.chromium.org/p/chromium/issues/detail?id=734325
|
||||
(githubPatch "1517db71cccaec48a05cdf30208e0cba7ab9b9a8" "08ac502cwwb05ml3w4wzn66i5c2d1h22xs5rzszwlnhxckxfc0fk")
|
||||
# GCC 7 fixes
|
||||
(githubPatch "f64fadcd79aebe5ed893ecbf258d1123609d28f8" "1h255w1v327r08cnifs19s4bwmkinqjmdmbwihddc5dyl43sjnvv")
|
||||
(githubPatch "4d8468a07f374c11425494271256151fb6fe0c34" "0kqqq8kj0zv5bi1n9mm0vnn8wsgi98mjmj7snpav21fh3pgiqjrm")
|
||||
(githubPatch "ede5178322ccd297b0ad82ae4c59119ceaab9ea5" "0rsal0dy0yhgs4lhn8h1vy1s77xcssy4f5wals7hvrz5m08jqizj")
|
||||
(githubPatch "7d721f438acb38db556ae9a9e6e8b718bd503216" "13lzvxm63zq3rd8p387ylq4bm9wr4r09vk2w4p81f838pf0v1kbj")
|
||||
# Following commit doesn't apply cleanly to stable branch, replace with handcrafted one
|
||||
#(githubPatch "4f2b52281ce1649ea8347489443965ad33262ecc" "1g59izkicn9cpcphamdgrijs306h5b9i7i4pmy134asn1ifiax5z")
|
||||
./patches/PlaybackImageProvider-copy-constructor.patch
|
||||
# * base/optional.h
|
||||
(githubPatch "f1c8789c71dbdaeeef98ecd52c9715495824e6b0" "0w3d82s10cl10r6zq9vpsscmdhbdkcy0vbdiqy5pvbr031nfxw5w")
|
||||
(githubPatch "5cae9645215d02cb1f986a181a208f8a4817fc86" "052y0f9nwq6y6jh2gvr1pm8qdcqghyi3jj5svvrp5aqirlkwb7ri")
|
||||
# * ConfigurationPolicyProviders
|
||||
(githubPatch "1ee888aed9f9a6291570ce360bcdd2d06bcc68cb" "1bm34p3bsny44sk60j842ghhhx8qaibwpqnfnyndfj96f7nb2az0")
|
||||
(githubPatch "76da73abaeede740fc97479c09c92a52972bc477" "03rkf514ddj9d32d3zfcnf96kzzdk6cwxvrqj8acyv93vp1hvckr")
|
||||
#(gentooPatch "<patch>" "0000000000000000000000000000000000000000000000000000000000000000")
|
||||
] ++ optionals (versionRange "66" "67") [
|
||||
] ++ optionals (versionRange "66" "67") [
|
||||
(gentooPatch "chromium-webrtc-r0.patch" "0wp4zivbv2wpgiwmiznbq1aw4w98mvwjvdy36cpfmnvr8yw430pd")
|
||||
(gentooPatch "chromium-ffmpeg-r1.patch" "1k8agaqsvg0w0s6s5wh346ih02cc86vr0vwyshw2q9vafa0jvmq4")
|
||||
# GCC 7 fixes
|
||||
|
@ -176,6 +154,11 @@ let
|
|||
(githubPatch "ba4141e451f4e0b1b19410b1b503bd32e150df06" "1cjxw1f9fin6z12b0mcxnxf2mdjb0n3chwz7mgvmp9yij8qhqnxj")
|
||||
(githubPatch "b34ed1e6524479d61ee944ebf6ca7389ea47e563" "1s13zw93nsyr259dzck6gbhg4x46qg5sg14djf4bvrrc6hlkiczw")
|
||||
(githubPatch "4f2b52281ce1649ea8347489443965ad33262ecc" "1g59izkicn9cpcphamdgrijs306h5b9i7i4pmy134asn1ifiax5z")
|
||||
(fetchpatch {
|
||||
## see https://groups.google.com/a/chromium.org/forum/#!msg/chromium-packagers/So-ojMYOQdI/K66hndtdCAAJ
|
||||
url = "https://bazaar.launchpad.net/~chromium-team/chromium-browser/bionic-stable/download/head:/addmissingblinktools-20180416203514-02f50sz15c2mn6ei-1/add-missing-blink-tools.patch";
|
||||
sha256 = "0dc4cmd05qjqyihrd4qb34kz0jlapjgah8bzgnvxf9m4791w062z";
|
||||
})
|
||||
] ++ optional enableWideVine ./patches/widevine.patch
|
||||
++ optionals (stdenv.isAarch64 && versionRange "65" "66") [
|
||||
./patches/skia_buildfix.patch
|
||||
|
|
|
@ -1,89 +0,0 @@
|
|||
--- a/cc/raster/playback_image_provider.cc
|
||||
+++ b/cc/raster/playback_image_provider.cc
|
||||
@@ -20,7 +20,7 @@
|
||||
PlaybackImageProvider::PlaybackImageProvider(
|
||||
ImageDecodeCache* cache,
|
||||
const gfx::ColorSpace& target_color_space,
|
||||
- base::Optional<Settings> settings)
|
||||
+ base::Optional<Settings>&& settings)
|
||||
: cache_(cache),
|
||||
target_color_space_(target_color_space),
|
||||
settings_(std::move(settings)) {
|
||||
@@ -70,7 +70,10 @@
|
||||
}
|
||||
|
||||
PlaybackImageProvider::Settings::Settings() = default;
|
||||
-PlaybackImageProvider::Settings::Settings(const Settings& other) = default;
|
||||
+PlaybackImageProvider::Settings::Settings(PlaybackImageProvider::Settings&&) =
|
||||
+ default;
|
||||
PlaybackImageProvider::Settings::~Settings() = default;
|
||||
+PlaybackImageProvider::Settings& PlaybackImageProvider::Settings::operator=(
|
||||
+ PlaybackImageProvider::Settings&&) = default;
|
||||
|
||||
} // namespace cc
|
||||
--- a/cc/raster/playback_image_provider.h
|
||||
+++ b/cc/raster/playback_image_provider.h
|
||||
@@ -20,8 +20,10 @@
|
||||
public:
|
||||
struct CC_EXPORT Settings {
|
||||
Settings();
|
||||
- Settings(const Settings& other);
|
||||
+ Settings(const Settings&) = delete;
|
||||
+ Settings(Settings&&);
|
||||
~Settings();
|
||||
+ Settings& operator=(Settings&&);
|
||||
|
||||
// The set of image ids to skip during raster.
|
||||
PaintImageIdFlatSet images_to_skip;
|
||||
@@ -34,7 +36,7 @@
|
||||
// If no settings are provided, all images are skipped during rasterization.
|
||||
PlaybackImageProvider(ImageDecodeCache* cache,
|
||||
const gfx::ColorSpace& target_color_space,
|
||||
- base::Optional<Settings> settings);
|
||||
+ base::Optional<Settings>&& settings);
|
||||
~PlaybackImageProvider() override;
|
||||
|
||||
PlaybackImageProvider(PlaybackImageProvider&& other);
|
||||
--- a/cc/raster/playback_image_provider_unittest.cc
|
||||
+++ b/cc/raster/playback_image_provider_unittest.cc
|
||||
@@ -84,7 +84,8 @@ TEST(PlaybackImageProviderTest, SkipsSomeImages) {
|
||||
settings.emplace();
|
||||
settings->images_to_skip = {skip_image.stable_id()};
|
||||
|
||||
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
|
||||
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
|
||||
+ std::move(settings));
|
||||
provider.BeginRaster();
|
||||
|
||||
SkIRect rect = SkIRect::MakeWH(10, 10);
|
||||
@@ -100,7 +101,8 @@ TEST(PlaybackImageProviderTest, RefAndUnrefDecode) {
|
||||
|
||||
base::Optional<PlaybackImageProvider::Settings> settings;
|
||||
settings.emplace();
|
||||
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
|
||||
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
|
||||
+ std::move(settings));
|
||||
provider.BeginRaster();
|
||||
|
||||
{
|
||||
@@ -133,7 +135,8 @@ TEST(PlaybackImageProviderTest, AtRasterImages) {
|
||||
settings.emplace();
|
||||
settings->at_raster_images = {draw_image1, draw_image2};
|
||||
|
||||
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
|
||||
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
|
||||
+ std::move(settings));
|
||||
|
||||
EXPECT_EQ(cache.refed_image_count(), 0);
|
||||
provider.BeginRaster();
|
||||
@@ -158,7 +161,8 @@ TEST(PlaybackImageProviderTest, SwapsGivenFrames) {
|
||||
settings.emplace();
|
||||
settings->image_to_current_frame_index = image_to_frame;
|
||||
|
||||
- PlaybackImageProvider provider(&cache, gfx::ColorSpace(), settings);
|
||||
+ PlaybackImageProvider provider(&cache, gfx::ColorSpace(),
|
||||
+ std::move(settings));
|
||||
provider.BeginRaster();
|
||||
|
||||
SkIRect rect = SkIRect::MakeWH(10, 10);
|
||||
|
|
@ -1,18 +1,18 @@
|
|||
# This file is autogenerated from update.sh in the same directory.
|
||||
{
|
||||
beta = {
|
||||
sha256 = "18dampi62wwvscywvdz8lil0zhxdr4p6bhr4yv08arz029w356lc";
|
||||
sha256bin64 = "129jq8ynj4y81rhzxyyfcfpllq3a6ddhiy766zw28s7d43q4zca2";
|
||||
version = "66.0.3359.45";
|
||||
sha256 = "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp";
|
||||
sha256bin64 = "067gpmiwnpdaqarkz740plg0ixpp7642xf4qqkq32w9v8flx3y57";
|
||||
version = "66.0.3359.117";
|
||||
};
|
||||
dev = {
|
||||
sha256 = "09x7p83p188ms0awxj3kl9kdx796ns6m42smqd3jccnljx54jls2";
|
||||
sha256bin64 = "1aa24gvbf9awm59n05jkb4wy6ssr7fns4rl1hd2c66cq2d4mx3d8";
|
||||
version = "67.0.3377.1";
|
||||
sha256 = "0058g5dm5nfm7wdpd9y4fn0dmi8bq013l0ky5fsn4j7msm55rrg5";
|
||||
sha256bin64 = "1ag8kg3jjv6jsxdjq33h4ksqhhhfaz5aqw9jaaqhfma908c5mc9y";
|
||||
version = "67.0.3396.10";
|
||||
};
|
||||
stable = {
|
||||
sha256 = "11w6wg862ixbgm7dpqag2lmbjknv83zlr9imd8zchvmrqr468rlk";
|
||||
sha256bin64 = "0r14w94aa7zg2i3zjpwvb7d6fg9yg0xkki7jzcpjmzwygy78fs16";
|
||||
version = "65.0.3325.181";
|
||||
sha256 = "1mlfavs0m0lf60s42krqxqiyx73hdfd4r1mkjwv31p2gchsa7ibp";
|
||||
sha256bin64 = "1ycfq6pqk7a9kyqf2112agcxav360rxbqqdc1yil0qkmz51i9zdg";
|
||||
version = "66.0.3359.117";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue