My thoughts on Slackware, life and everything

Chromium 44 available (Netflix still works)

chromium_iconI have made new packages for the chromium browser and its widevine plugin. Chromium version 44 was released a bit earlier this week, and it took me a while to compile, because the new OpenJDK 7u85 and LibreOffice 5.0.0.rc3 packages were ahead of it in the build queue. Guess what… now that I am writing this blog article after uploading the packages for chromium-44.0.2403.89, I notice that there was a second release of Chromium 44 Stable… today. Which makes me wonder if there was a regression in the earlier source release.

That updated version 44.0.2403.107 may have to wait, because I will be unable to do a lot of Slackware related stuff until august; real life is catching up with me. If there are real useability issues with 44.0.2403.89, let me know and I will see if I can shift priorities or make the older 43.x packages available again. My initial (not exhaustive) testing showed no weirdness at least.

Regardless, it took a few iterations before I got the Widevine CDM adapter to compile properly. I had to look at my chromium-dev package’s history to remember what had changed in version 44. Once I applied that knowledge to the stable sources, it all began to come together. Netflix still works 🙂 … well, after you’ve installed/upgraded my chromium-widevine-plugin package of course. which contains the proprietary Content Decryption Module.

The new chromium source I compiled into a package, comes with several security fixes, and here are the CVE’s:

  • [$3000][446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
  • [$3000][459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
  • [$TBD][461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to  andrewm.bpi.
  • [$7500][462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.
  • [$TBD][472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
  • [$5500][483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
  • [$5000][486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
  • [$1000][487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
  • [$TBD][487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
  • [$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.
  • [$2000][493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
  • [$7500][504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
  • [$1337][419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
  • [$1000][444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
  • [$500][451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.
  • [479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
  • [$500][482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
  • [$1337][498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
  • [$500][479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com
  • [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.

Get my chromium packages in one of the usual locations:

Change the URL a bit to get the chromium-widevine-plugin  package.

Have fun! Eric

21 Comments

  1. Ryan McQuen

    Is this why they had the second release?

    https://spunmonkey.design/chrome-beta-44-causing-problems-with-httpsssl/

  2. Richard Herbert

    Since upgrading to Chromium 44.0.2403.89 I can’t load any Web page, not even chrome://settings; all I get is “Aw, snap”. Every other update until now has gone well. I tried reinstalling, to no avail. Any ideas? Thanks.

  3. alienbob

    Ryan, well, the Chromium developers apparently tried to make the world a bit more secure by forcing HTTPS where possible. That article you link to, shows an “Update 4: The problem appears to lie more with faulty plugin coding than anything else”, so it’s more like a two-way issue.
    When I tested the new package against my own WordPress blog, I did not have any issues.
    Nevertheless, I am temporarily re-adding the older v43 chromium package for those who need it.

  4. alienbob

    Richard, no idea.

  5. alienbob

    I have uploaded packages for the new Chromium version 44.0.2403.107 now.

  6. Richard Herbert

    Thanks, Eric. Downgrading to version 43.0.2357.132 makes Chromium functional for me. I’ll start troubleshooting with 44.0.2403.107. BTW, I’m running Slackware 14.1 stable.

  7. Alberto

    Thanks for your work Eric.
    In both 44 versions I think there are bugs in displaying the status of an SSL certificate that the website is using. For example, on https://slack.com I see the HTTPS part crossed and in red, but I can navigate the website (usually this situation would raise an exception leading the user to go back to a safer place). I don’t know if I’m the only one with this issue.
    Other things are totally ok, instead.

  8. Alberto

    I confirm the issue, same certificates on Windows (same version of Chrome) are totally right.

  9. Drakeo

    I wonder why you use number of NUMJOBS= because ninja already reads sets up jobs. That’s one of the wonderful things about ninja. Unless you want it to do less jobs.
    Just wondering. I have tested this on my 8 core and 4 core machines. Ninja will except the -j flag but the wonderful thing about the small build system it reads your resources and set things up that way.
    Anyway keep up the great work Eric love your work.

  10. alienbob

    Hi Drakeo

    Indeed I can remove that NUMJOBS statement.

  11. cwizardone

    Eric,
    The last two versions of Chromium you have posted have returned the following error,
    “bash-4.3$ chromium
    [2897:2897:0823/183243:ERROR:shared_memory_posix.cc(255)] Creating shared memory in /dev/shm/.org.chromium.Chromium.o7ZPSv failed: Permission denied
    [2897:2897:0823/183243:ERROR:shared_memory_posix.cc(258)] Unable to access(W_OK|X_OK) /dev/shm: Permission denied
    [2897:2897:0823/183243:FATAL:shared_memory_posix.cc(260)] This is frequently caused by incorrect permissions on /dev/shm. Try ‘sudo chmod 1777 /dev/shm’ to fix.
    Aborted
    bash-4.3$ libva info: VA-API version 0.37.0
    libva info: va_getDriverName() returns 0
    libva info: Trying to open /usr/lib64/dri/nvidia_drv_video.so
    libva info: va_openDriver() returns -1
    [2931:2931:0823/183243:FATAL:sandbox_seccomp_bpf_linux.cc(203)] Check failed: policy->PreSandboxHook().”

    I’ve done as direct, that is change the permissions, and then it works, but when I’ve finished the session,
    that is, close the browser, I cannot disconnect from ISP.
    Regardless, I only use it to view Netflix, as I prefer not to install anything from google on my computer.

  12. alienbob

    cwizardone, your box is fundamentally not healthy, looking back at all those reports in the past.
    Does your fstab have this line:

    tmpfs /dev/shm tmpfs defaults 0 0

    And does your shared memory device look like this:

    # ls -al /dev/ |grep shm
    drwxrwxrwt 2 root root 40 Aug 21 03:47 shm/

  13. cwizardone

    It is a fresh install as of 8 August and up to date with the latest -current.

    As to the fstab, no, it does not have the tmpfs line.

    and, ls -al /dev/ |grep shm
    returns,
    drwxr-xr-x 2 root root 40 Aug 23 22:40 shm/

  14. alienbob

    cwizardone, so try what happens if you re-add the missing tmpfs line and reboot.

  15. cwizardone

    That did it. Thanks!

  16. Richard Herbert

    It’s been a while… I finally found that I can run Chromium 45.0.2454.93 by starting it with –disable-seccomp-filter-sandbox, or simply –disable-sandbox. I can also run it if I compile the kernel with CONFIG_COMPAT_VDSO=n, but that prevents me from running KDE with OpenGL support, which disables all of the eye candy. Otherwise, it’s all “Aw, snap!”.

  17. Andrew Patrzalek

    I submitted the following bug report to http://www.chromium.org but it probably should be entered here too.
    Maybe helpful.
    Thanks and I hope you’ve had a Merry Christmas.
    -Andy sls92
    Summary: Chromium 47.0.2526.73 Install Starts but with Stack Dump

    Chrome Version : Slackware64 package chromium-47.0.2526.73-x86_64-1alien.txz
    URLs (if applicable) : N/A
    Other browsers tested:
    Add OK or FAIL, along with the version, after other browsers where you
    have tested this issue:
    Safari:
    Firefox:
    IE:

    What steps will reproduce the problem?
    1. sbopkg install chromium
    2. chromium
    3.

    What is the expected result?
    Chrome browser start without errors

    What happens instead?

    Three package installs were successful, resulting in:
    Package chromium-47.0.2526.73-x86_64-1alien.txz installed.
    Package chromium-pepperflash-plugin-20.0.0.228-x86_64-1alien.txz installed.
    Package chromium-widevine-plugin-47.0.2526.73-x86_64-1alien.txz installed.

    The browser starts, and appears to be functional, but with the following stack dump:

    bash-4.2$ chromium
    [22727:22727:1226/143203:FATAL:sandbox_seccomp_bpf_linux.cc(203)] Check failed: policy->PreSandboxHook().
    #0 0x7fe420760cae
    #1 0x7fe420776957
    #2 0x7fe42423713b
    #3 0x7fe4242363da
    #4 0x7fe424236724
    #5 0x7fe4240dba94
    #6 0x7fe4240dd12f
    #7 0x7fe420733e05
    #8 0x7fe420732a31
    #9 0x7fe42026a7a8
    #10 0x7fe418c59d05 __libc_start_main
    #11 0x7fe42026a635

    Received signal 6
    #0 0x7fe420760cae
    #1 0x7fe420760d91
    #2 0x7fe41a7c5670
    #3 0x7fe418c6e979 __GI_raise
    #4 0x7fe418c70088 __GI_abort
    #5 0x7fe420760635
    #6 0x7fe4207769e5
    #7 0x7fe42423713b
    #8 0x7fe4242363da
    #9 0x7fe424236724
    #10 0x7fe4240dba94
    #11 0x7fe4240dd12f
    #12 0x7fe420733e05
    #13 0x7fe420732a31
    #14 0x7fe42026a7a8
    #15 0x7fe418c59d05 __libc_start_main
    #16 0x7fe42026a635
    r8: 6637783020313123 r9: 3661363230323465 r10: 0000000000000008 r11: 0000000000000202
    r12: 00007fff8f272368 r13: 0000000000000000 r14: 00007fff8f271f00 r15: 000000000000005d
    di: 00000000000058c7 si: 00000000000058c7 bp: 00007fe41981b3e0 bx: 00007fff8f272360
    dx: 0000000000000006 ax: 0000000000000000 cx: ffffffffffffffff sp: 00007fff8f271b78
    ip: 00007fe418c6e979 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
    trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
    [end of stack trace]

    Please provide any additional information below. Attach a screenshot if
    possible.
    A search for ‘Chromium stack dump’ in existing issues did not report any pertinent hits.

  18. alienbob

    Hi Andrew

    Looking at a similar bug reported for the Debian package: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803319 perhaps the conclusion should be that I have to stop applying the hardware rendering support (vaapi) patch, just like debian has done starting with their 47.0.2526.80-1 package.

    I was looking at new packages for chromium and chromium-dev anyway, so what I will probably do is keep my “chromium_vaapi.patch” patch available in the source directory but without applying it.

  19. p431i7o

    hello,
    I just had this problem again (last time I just reinstalled a fresh custom), and reading some threads on LQ, the conclusion is, I have to uninstall udev, if you are using current, udev wasn’t uninstalled, and it has to be uninstalled after eudev was installed (or before)
    I’ll just leave this comment for future references.
    Thanks

    PD. this comment,is about the /dev/shm and having to give the 1777 permission everytime after booting.

  20. alienbob

    Good remark, p431i7o.

  21. Andrew Patrzalek

    Thanks for the post. I hope others realize that information like this and resolutions of ‘cold cases’ actually can be the missing link to a long standing problem or rapid help for newbies. So many times google searches turn up ruminations of a problem with no solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024 Alien Pastures

Theme by Anders NorenUp ↑