guix/gnu at 0f87ff6672b29c11e391faad573e5ef4fba5cd43 - guix

mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-06-10 09:28:52 +02:00

Files

T

André Batista 0f87ff6672 gnu: ungoogled-chromium: Update to 147.0.7727.116.

Fixes CVEs:
2026-6296: Heap buffer overflow in ANGLE. Reported by cinzinga.
2026-6297: Use after free in Proxy. Reported by heapracer.
2026-6298: Heap buffer overflow in Skia.
      Reported by 86ac1f1587b71893ed2ad792cd7dde32.
2026-6299: Use after free in Prerender. Reported by Google.
2026-6358: Use after free in XR. Reported by Jihyeon Jeong
      (Compsec Lab, Seoul National University / Research Intern).
2026-6359: Use after free in Video.
      Reported by 86ac1f1587b71893ed2ad792cd7dde32.
2026-6300: Use after free in CSS.
      Reported by c6eed09fc8b174b0f3eebedcceb1e792.
2026-6301: Type Confusion in Turbofan. Reported by qymag1c.
2026-6302: Use after free in Video. Reported by Syn4pse.
2026-6303: Use after free in Codecs. Reported by Google.
2026-6304: Use after free in Graphite. Reported by Google.
2026-6305: Heap buffer overflow in PDFium.
      Reported by 86ac1f1587b71893ed2ad792cd7dde32.
2026-6306: Heap buffer overflow in PDFium.
      Reported by 86ac1f1587b71893ed2ad792cd7dde32.
2026-6307: Type Confusion in Turbofan.
      Reported by Project WhatForLunch (@pjwhatforlunch).
2026-6308: Out of bounds read in Media. Reported by Google.
2026-6309: Use after free in Viz. Reported by Google.
2026-6360: Use after free in FileSystem. Reported by asjidkalam.
2026-6310: Use after free in Dawn. Reported by Google.
2026-6311: Uninitialized Use in Accessibility. Reported by Google.
2026-6312: Insufficient policy enforcement in Passwords.
      Reported by Google.
2026-6313: Insufficient policy enforcement in CORS.
      Reported by Google.
2026-6314: Out of bounds write in GPU. Reported by Google.
2026-6315: Use after free in Permissions. Reported by Google.
2026-6316: Use after free in Forms. Reported by Google.
2026-6361: Heap buffer overflow in PDFium. Reported by Google.
2026-6362: Use after free in Codecs.
      Reported by c6eed09fc8b174b0f3eebedcceb1e792.
2026-6317: Use after free in Cast. Reported by Google.
2026-6363: Type Confusion in V8. Reported by Google.
2026-6318: Use after free in Codecs. Reported by Syn4pse.
2026-6319: Use after free in Payments. Reported by pwn2addr.
2026-6364: Out of bounds read in Skia.
      Reported by Google Threat Intelligence.
CVE-2026-6919: Use after free in DevTools.
      Reported by c6eed09fc8b174b0f3eebedcceb1e792.
CVE-2026-6920: Out of bounds read in GPU.
      Reported by tatiwari of Microsoft.
CVE-2026-6921: Race in GPU. Reported by soiax.

See:
<https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_15.html>
and
<https://chromereleases.googleblog.com/2026/04/stable-channel-update-for-desktop_22.html>

* gnu/packages/chromium.scm (%chromium-version): Update to 147.0.7727.116.
(%ungoogled-origin, %debian-origin): Update hashes.
(ungoogled-chromium) [arguments] <#:configure-flags>: Add
build_tflite_with_xnnpack flag and set it to false.  Without this flag the
build is unable to locate pthreadpool.h.  See:
services/webnn/webnn_graph_builder_impl.cc.
<#:phases> {include-pthreadpool}: Remove this workaround phase.
{install}: Fix regexes to the manpage and desktop file which were not
matching anymore.

Closes: guix/guix#7949
Change-Id: I4c3d58b72fc804b96137833e1e4c3060b314560d
Signed-off-by: Andreas Enge <andreas@enge.fr>

2026-04-29 12:19:57 +02:00

bootloader

guix: Ask LUKS password only once on boot when using GRUB.

2026-04-09 19:55:05 +02:00

build

linux-container: Fix hang when #:child-is-pid1? is true.

2026-04-27 10:03:04 +02:00

home

home: services: gpg-agent: Expose shepherd-requirement in configuration.

2026-04-17 03:07:05 +08:00

installer

…