community/chromium: security upgrade to 125.0.6422.112

"Google is aware that an exploit for CVE-2024-5274 exists in the wild." https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
2025-08-05 21:37:15 +02:00 · 2024-05-11 18:15:29 +02:00 · 2024-05-11 18:15:29 +02:00 · 74ee58a3b1
commit 74ee58a3b1
parent d516ffbb47
3 changed files with 15 additions and 62 deletions
--- a/community/chromium/APKBUILD
+++ b/community/chromium/APKBUILD
@ -3,9 +3,9 @@
 # Contributor: Elly Fong-Jones <elly@elly.town>
 # Maintainer: lauren n. liberda <lauren@selfisekai.rocks>
 pkgname=chromium
-pkgver=124.0.6367.207
+pkgver=125.0.6422.112
 pkgrel=0
-_copium_tag=124.6
+_copium_tag=125.0
 # https://source.chromium.org/chromium/chromium/src/+/main:third_party/test_fonts/test_fonts.tar.gz.sha1
 # (for the given version, when it changes)
 _testfonts=336e775eec536b2d785cc80eff6ac39051931286
@ -146,13 +146,13 @@ source="https://commondatastorage.googleapis.com/chromium-browser-official/chrom
 	pvalloc.patch
 	random-fixes.patch
 	quiche-array.patch
-	system-zstd.patch
 	temp-failure-retry.patch
 	yes-musl.patch
 	"
 _copium_patches="
 	cr124-iwyu-sys-select-dawn-terminal.patch
 	cr124-libwebp-shim-sharpyuv.patch
+	cr125-unbundle-add-zstd-replacement.patch
 	"
 # chrome-sandbox can use suid when user namespaces aren't available, but uses only userns and drops privileges normally
 options="suid"
@ -524,6 +524,7 @@ prepare() {
 	ln -s /usr/bin/node third_party/node/linux/node-linux-x64/bin/

 	# reusable system library settings
+	# flatbuffers - tensorflow has a few static_asserts for a specific patch version
 	# libavif - https://github.com/AOMediaCodec/libavif/commit/50a541469c98009016af8dcc9f83a1be79f3a7d9
 	# libaom - https://aomedia.googlesource.com/aom/+/706ee36dcc82%5E%21/
 	#   but watch this space: https://aomedia-review.googlesource.com/c/aom/+/188606
@ -535,7 +536,6 @@ prepare() {
 		double-conversion
 		ffmpeg
 		flac
-		flatbuffers
 		fontconfig
 		freetype
 		harfbuzz-ng
@ -875,10 +875,10 @@ swiftshader() {
 }

 sha512sums="
-4ab47f51653b214d78215a95ff6c52db7f1f0d9bf331ec67a9b74109be8df66e84ebc927794a74777e692a77cdfd7d3fdba79190e0a70e18ee975e33050941df  chromium-124.0.6367.207.tar.xz
-d3fcdf46bc026a48b3f450f74a1258263a29c25e02ee3480b46d0eade9663c2b54e0e0533afd50e9705b26b106ed99ef82faae24428e7cc6df3a220a7b1653a0  chromium-124.0.6367.207-testdata.tar.xz
+755fa9b0ddbe40eb37b21dc156ca9265036d6a5dc8b29f04abd9bc31de68cad32f5973ae9a3409f601a894335e1c811c0e40aaac796796e079df5e97d0538e09  chromium-125.0.6422.112.tar.xz
+387ebe7dda983835825c949e8f77da3e8ea1d09ab6229133522f88dc20cc38eca85d87e4ff36475420a50656c43d1d5573966b25a94346bc4520502520f73646  chromium-125.0.6422.112-testdata.tar.xz
 bbc928e99ebcd4d953b982688b01526cb754bad018f67be9e777a4f8ac51cdd3e01374e5a63faf55b12e7cee0d52816c88062e012b5bcc4f9bb41f28d8e0b7f7  test_fonts-336e775eec536b2d785cc80eff6ac39051931286.tar.gz
-c6293916e1780ba69686a5c629063c14b22cb1773aa207487e46ee74f4d1da61b47fffb8b9a2bc6f389d062882d5a8f9212693ed9b28f2c314364bb5e3c08e20  copium-124.6.tar.gz
+05284d7af82502127cff6f2e5c7cbac30147152a74ee1ed79684a27b119f3fb50d3d3759dade63f7775f48d9ef12a425bf4fcea2a38feafdc059cdaf347b2845  copium-125.0.tar.gz
 1b16564f85a03f3eb934ec51289dc6159e2454202d40f48354f947d6ceffac8889e9eb4c0f4dfaafb3a15101566d54039f832bc9a8433c3c463e2d1dac2d2acc  chromium-launcher.sh
 9cfcb41d69c5a515b6f9fe2a629579fa499e1f48eb58a0ce4ec8e5029d450bcafb6d963019aaac9a6838244bee9f9ba7fe5ef6146a0ca6b20fcda4ab7f059476  chromium.conf
 2d8237a940ea691bd10b08315429677a587f7ef9692a0cca53bfd066eae82998a6c71f402a8669e9de39f94d7f3280745d1628ea6eac5d76ca7116844d4e0dac  google-api.keys
@ -899,7 +899,7 @@ e75f57ae34c97ca1caf15fa4b4106c6c1e79c31ed66869cf92ed9ea0c449886c9511e455047c17c1
 50c274a420bb8a7f14fcb56e40920dac8f708792a4520789b4987facea459bef88113d5a2b60fa8c57bee6e92bff3617d6b73fa305c8c44614c638971cffd440  musl-sandbox.patch
 e7163ac5810ac85366cef2447412287c856e3d67c6b77f219a6e5a418b1965b98e449c409424ad0704a5bded9355dd0aec3dc4585918ce5a2ab36c079707afe2  musl-tid-caching.patch
 92eb002718026611f5542362ad69b67f0a398ff71b3fca5c05d55cb5c6f9f29334e5e127bb4860cfaa3fba0f0d4c901e2b98808217e7dc02e254a64a5c9521aa  musl-v8-monotonic-pthread-cont_timedwait.patch
-73bca6c6f9873f2f11cef04f3f41f71e0ae86e7e2d77e14db4298675fec390744c5081f6fdb14052e5ee2b5885be1198c3aa6068eb2b656d1a665c0c3f36e708  no-execinfo.patch
+a250cff50d282b02ce0f28880d0a2b4fb8e7df51bc072bfeeddc561c29a7c76453dbcbc7b17b82966a7b30a31409d2555720d1dcf963e1b3fb8a2a06a6abcf46  no-execinfo.patch
 8e17101d69e23b456a9c03dc2fe95bcd56846389707ba6f4720192a9e9168406d20d9168dbebbb3a47d921ec92e478f0e390f46e6b9bb43a34dda217c6e6448b  no-mallinfo.patch
 e4c4e5bc6f828f9c883dd418c0ba01887949c29c311f76206a1ec29f620b0c0ba0452949dc2778a9c46ea066405857536964a36436a68eecf7da7952736333cf  no-res-ninit-nclose.patch
 6dc4d8dc92e685dace62265a1ddb3aebc558aed54d20ff6d36b030be0c48d7e84662326c31363612492574d9a03c62653cdc21a60995b97dee1d75cae86a9f9b  no-sandbox-settls.patch
@ -908,7 +908,6 @@ d4ac7f350806b4410ccb1df3b0ad7e90a7b6d724a16919761aa2d47a6f21008c7374da528b05b754
 2eb434b4fc6aee77026492644cd86772a543d9845f112a75cd4c3e1f25c9435cc31f8454c1c73223451fc9be69b86e822ff68821978f67f2fc8bcba50296d8e0  pvalloc.patch
 803b8117c65132f76bec42054a4b2257a078b15b07fd08645fec2dfd51aa4e0075a9015300cd579d4ae0d757d9850b9988e080cfc2eea093f6684fdf82c4722c  random-fixes.patch
 86f612dd2b39602984a75b1b11c2ab8bc8cc6b4e78fae998570a777a6901ae45fdcdb22e46dd006dab703a0674e64c72cf8120af2dc5b9e78004f402c7e65358  quiche-array.patch
-b3beb98b539fe160fbc493ba410ae0f68540cc4b6834f1f8ce9a22c3f4f59ef5d583ad48793e10549fd02a701f833a3969791ef4524322cd1e715ca5bf226bc8  system-zstd.patch
 e48693e6b7aeebf69a5acbf80d9a35defe4c23835121dfeb58b051ac7c527e758a41004f4d193274fe1b01c0bfb1dbc77b09cb6a404a3fdee507a2918afb0edb  temp-failure-retry.patch
 914ccf649d7771f19f209ab97f99c481aebc6f66174d68e8b539f6ad4a70bc8cb0fae2df6dadbf0415958ffb3574c420fe029079dcce45f5e5add4db2e903566  yes-musl.patch
 "
--- a/community/chromium/no-execinfo.patch
+++ b/community/chromium/no-execinfo.patch
@ -37,16 +37,16 @@ for discussion about this, see https://www.openwall.com/lists/musl/2021/07/16/1
 #define HAVE_FCNTL_H 1
 --- a/base/debug/stack_trace.cc
 +++ b/base/debug/stack_trace.cc
-@@ -291,7 +291,7 @@
- }
- std::string StackTrace::ToStringWithPrefix(const char* prefix_string) const {
+@@ -311,7 +311,7 @@
+ 
+ std::string StackTrace::ToStringWithPrefix(cstring_view prefix_string) const {
   std::stringstream stream;
 -#if !defined(__UCLIBC__) && !defined(_AIX)
 +#if defined(__GLIBC__) && !defined(_AIX)
-   if (ShouldSuppressOutput()) {
-     return "Backtrace suppressed.";
-   }
-@@ -301,7 +301,7 @@
+   OutputToStreamWithPrefix(&stream, prefix_string);
+ #endif
+   return stream.str();
+@@ -335,7 +335,7 @@
 }
 
 std::ostream& operator<<(std::ostream& os, const StackTrace& s) {
--- a/community/chromium/system-zstd.patch
+++ b/community/chromium/system-zstd.patch
@ -1,46 +0,0 @@
-From ae3ae3711784865bdc38bf119a6182a7b8dae91c Mon Sep 17 00:00:00 2001
-From: Matt Jolly <Matt.Jolly@footclan.ninja>
-Date: Sun, 17 Sep 2023 16:51:42 +1000
-Subject: [PATCH] Add system-zstd
-
--- a/build/linux/unbundle/replace_gn_files.py
-+++ b/build/linux/unbundle/replace_gn_files.py
-@@ -74,6 +74,7 @@ REPLACEMENTS = {
-   #
-   'woff2': 'third_party/woff2/BUILD.gn',
-   'zlib': 'third_party/zlib/BUILD.gn',
-+  'zstd': 'third_party/zstd/BUILD.gn',
- }
- 
- 
--- /dev/null
-+++ b/build/linux/unbundle/zstd.gn
-@@ -0,0 +1,25 @@
-+import("//build/config/linux/pkg_config.gni")
-+import("//build/shim_headers.gni")
-+
-+pkg_config("system_zstd") {
-+  packages = [ "libzstd" ]
-+}
-+
-+shim_headers("zstd_shim") {
-+  root_path = "src/lib"
-+  headers = [
-+    "zdict.h",
-+    "zstd.h",
-+    "zstd_errors.h",
-+  ]
-+}
-+
-+source_set("zstd") {
-+  deps = [ ":zstd_shim" ]
-+  public_configs = [ ":system_zstd" ]
-+}
-+
-+source_set("decompress") {
-+  deps = [ ":zstd_shim" ]
-+  public_configs = [ ":system_zstd" ]
-+}
-- 
-2.42.0
-