Opened 7 years ago
Last modified 4 years ago
#10495 closed defect
chromium-67.0.3396.87 — at Version 5
| Reported by: | Owned by: | blfs-book | |
|---|---|---|---|
| Priority: | low | Milestone: | x-future |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description (last modified by ) ¶
Vulnerability fixes. While investigating a firefox vulnerability, I got to https://security-tracker.debian.org/tracker/CVE-2018-6126 where it turns out that the vulnerability was originally found in chromium (or perhaps in chrome).
According to that, it is fixed in 67.0.3396.62. But Arch's security report says it is fixed in 67.0.3396.79.
Looking at qtwebengine there are lots more vulnerabilities addressed by upstream patches to the chromium code.
I don't know my way around chromium, but a .tar.gz for .79 is currently on about the fourth page of https://github.com/chromium/chromium/releases
According to Arch, .87 fixes an out of bounds write in the V8 code which can lead to arbitrary code execution.
I'm still trying to see if I can build this beast (Arch use clang because of a gcc-8.1 issue, but I found a patch at fedora this morning, haven't had time to try it yet).
Change History (5)
comment:1 by , 7 years ago
| Owner: | changed from to |
|---|
comment:2 by , 7 years ago
| Summary: | chromium-65.0.3325.146 → chromium-66.0.3359.117 |
|---|
comment:3 by , 7 years ago
| Description: | modified (diff) |
|---|---|
| Priority: | normal → high |
| Summary: | chromium-66.0.3359.117 → chromium-67.0.3396.79 |
| Type: | enhancement → defect |
comment:4 by , 7 years ago
I started to take a look at this, to see if I could do it. The constexpr patch has been applied upstream. The directory third_party/WebKit/Source/ re warning messages does not exist.
AFAICS kerberos is only required because we force it on. I do not have kerberos, so tried turning it off.
Apparently, widevine might be a reason for people to use chromium. First attempt to use gn failed
ERROR at //third_party/widevine/cdm/BUILD.gn:14:1: Assertion failed. assert(!enable_widevine || is_win || is_mac || is_chromecast, ^----- Component updated CDM only supported on Windows and Mac for now. See //chrome/BUILD.gn:318:9: which caused the file to be included.
There is a chromium-widevine-r2.patch at Arch, https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/chromium : with that applied gn completes, but ninja very quickly fails:
mkdir -p third_party/node/linux/node-linux-x64/bin && > ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/ && > ninja -C out/Release chrome chrome_sandbox chromedriver widevinecdmadapter ninja: Entering directory `out/Release' ninja: error: unknown target 'widevinecdmadapter'
comment:5 by , 7 years ago
| Description: | modified (diff) |
|---|---|
| Summary: | chromium-67.0.3396.79 → chromium-67.0.3396.87 |
Now version 66.0.3359.117