Main menu:

Sponsoring

Please consider a small donation:

 

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 417 other subscribers

My Favourites

Slackware

Calendar

February 2019
M T W T F S S
« Jan    
 123
45678910
11121314151617
18192021222324
25262728  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

RSS Slackware64-current

RSS SBo

Meta

Chromium 44 available (Netflix still works)

chromium_iconI have made new packages for the chromium browser and its widevine plugin. Chromium version 44 was released a bit earlier this week, and it took me a while to compile, because the new OpenJDK 7u85 and LibreOffice 5.0.0.rc3 packages were ahead of it in the build queue. Guess what… now that I am writing this blog article after uploading the packages for chromium-44.0.2403.89, I notice that there was a second release of Chromium 44 Stable… today. Which makes me wonder if there was a regression in the earlier source release.

That updated version 44.0.2403.107 may have to wait, because I will be unable to do a lot of Slackware related stuff until august; real life is catching up with me. If there are real useability issues with 44.0.2403.89, let me know and I will see if I can shift priorities or make the older 43.x packages available again. My initial (not exhaustive) testing showed no weirdness at least.

Regardless, it took a few iterations before I got the Widevine CDM adapter to compile properly. I had to look at my chromium-dev package’s history to remember what had changed in version 44. Once I applied that knowledge to the stable sources, it all began to come together. Netflix still works 🙂 … well, after you’ve installed/upgraded my chromium-widevine-plugin package of course. which contains the proprietary Content Decryption Module.

The new chromium source I compiled into a package, comes with several security fixes, and here are the CVE’s:

  • [$3000][446032] High CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer.
  • [$3000][459215] High CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft.
  • [$TBD][461858] High CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to  andrewm.bpi.
  • [$7500][462843] High CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte) of Baidu X-Team.
  • [$TBD][472614] High CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne.
  • [$5500][483981] High CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon.
  • [$5000][486947] High CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer.
  • [$1000][487155] High CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa.
  • [$TBD][487928] High CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva.
  • [$TBD][492052] High CVE-2015-1283: Heap-buffer-overflow in expat. Credit to sidhpurwala.huzaifa.
  • [$2000][493243] High CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen of OUSPG.
  • [$7500][504011] High CVE-2015-1286: UXSS in blink. Credit to anonymous.
  • [$1337][419383] Medium CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor.
  • [$1000][444573] Medium CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen of OUSPG.
  • [$500][451456] Medium CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva.
  • [479743] Medium CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined.
  • [$500][482380] Medium CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva.
  • [$1337][498982] Medium CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes.
  • [$500][479162] Low CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to mike@michaelruddy.com
  • [512110] CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives.

Get my chromium packages in one of the usual locations:

Change the URL a bit to get the chromium-widevine-plugin  package.

Have fun! Eric

Comments

Comment from Ryan McQuen
Posted: July 24, 2015 at 22:42

Is this why they had the second release?

https://spunmonkey.design/chrome-beta-44-causing-problems-with-httpsssl/

Comment from Richard Herbert
Posted: July 25, 2015 at 02:24

Since upgrading to Chromium 44.0.2403.89 I can’t load any Web page, not even chrome://settings; all I get is “Aw, snap”. Every other update until now has gone well. I tried reinstalling, to no avail. Any ideas? Thanks.

Comment from alienbob
Posted: July 25, 2015 at 06:02

Ryan, well, the Chromium developers apparently tried to make the world a bit more secure by forcing HTTPS where possible. That article you link to, shows an “Update 4: The problem appears to lie more with faulty plugin coding than anything else”, so it’s more like a two-way issue.
When I tested the new package against my own WordPress blog, I did not have any issues.
Nevertheless, I am temporarily re-adding the older v43 chromium package for those who need it.

Comment from alienbob
Posted: July 25, 2015 at 06:02

Richard, no idea.

Pingback from Links 25/7/2015: Plasma Mobile, Linux Mint 17.2 OEM | Techrights
Posted: July 25, 2015 at 17:09

[…] Chromium 44 available (Netflix still works) […]

Comment from alienbob
Posted: July 26, 2015 at 13:10

I have uploaded packages for the new Chromium version 44.0.2403.107 now.

Comment from Richard Herbert
Posted: July 26, 2015 at 14:27

Thanks, Eric. Downgrading to version 43.0.2357.132 makes Chromium functional for me. I’ll start troubleshooting with 44.0.2403.107. BTW, I’m running Slackware 14.1 stable.

Comment from Alberto
Posted: July 26, 2015 at 20:46

Thanks for your work Eric.
In both 44 versions I think there are bugs in displaying the status of an SSL certificate that the website is using. For example, on https://slack.com I see the HTTPS part crossed and in red, but I can navigate the website (usually this situation would raise an exception leading the user to go back to a safer place). I don’t know if I’m the only one with this issue.
Other things are totally ok, instead.

Comment from Alberto
Posted: July 27, 2015 at 11:12

I confirm the issue, same certificates on Windows (same version of Chrome) are totally right.

Comment from Drakeo
Posted: August 14, 2015 at 10:28

I wonder why you use number of NUMJOBS= because ninja already reads sets up jobs. That’s one of the wonderful things about ninja. Unless you want it to do less jobs.
Just wondering. I have tested this on my 8 core and 4 core machines. Ninja will except the -j flag but the wonderful thing about the small build system it reads your resources and set things up that way.
Anyway keep up the great work Eric love your work.

Comment from alienbob
Posted: August 14, 2015 at 16:30

Hi Drakeo

Indeed I can remove that NUMJOBS statement.

Comment from cwizardone
Posted: August 24, 2015 at 02:37

Eric,
The last two versions of Chromium you have posted have returned the following error,
“bash-4.3$ chromium
[2897:2897:0823/183243:ERROR:shared_memory_posix.cc(255)] Creating shared memory in /dev/shm/.org.chromium.Chromium.o7ZPSv failed: Permission denied
[2897:2897:0823/183243:ERROR:shared_memory_posix.cc(258)] Unable to access(W_OK|X_OK) /dev/shm: Permission denied
[2897:2897:0823/183243:FATAL:shared_memory_posix.cc(260)] This is frequently caused by incorrect permissions on /dev/shm. Try ‘sudo chmod 1777 /dev/shm’ to fix.
Aborted
bash-4.3$ libva info: VA-API version 0.37.0
libva info: va_getDriverName() returns 0
libva info: Trying to open /usr/lib64/dri/nvidia_drv_video.so
libva info: va_openDriver() returns -1
[2931:2931:0823/183243:FATAL:sandbox_seccomp_bpf_linux.cc(203)] Check failed: policy->PreSandboxHook().”

I’ve done as direct, that is change the permissions, and then it works, but when I’ve finished the session,
that is, close the browser, I cannot disconnect from ISP.
Regardless, I only use it to view Netflix, as I prefer not to install anything from google on my computer.

Comment from alienbob
Posted: August 24, 2015 at 07:20

cwizardone, your box is fundamentally not healthy, looking back at all those reports in the past.
Does your fstab have this line:

tmpfs /dev/shm tmpfs defaults 0 0

And does your shared memory device look like this:

# ls -al /dev/ |grep shm
drwxrwxrwt 2 root root 40 Aug 21 03:47 shm/

Comment from cwizardone
Posted: August 24, 2015 at 14:47

It is a fresh install as of 8 August and up to date with the latest -current.

As to the fstab, no, it does not have the tmpfs line.

and, ls -al /dev/ |grep shm
returns,
drwxr-xr-x 2 root root 40 Aug 23 22:40 shm/

Comment from alienbob
Posted: August 24, 2015 at 15:13

cwizardone, so try what happens if you re-add the missing tmpfs line and reboot.

Comment from cwizardone
Posted: August 24, 2015 at 16:50

That did it. Thanks!

Comment from Richard Herbert
Posted: September 24, 2015 at 04:05

It’s been a while… I finally found that I can run Chromium 45.0.2454.93 by starting it with –disable-seccomp-filter-sandbox, or simply –disable-sandbox. I can also run it if I compile the kernel with CONFIG_COMPAT_VDSO=n, but that prevents me from running KDE with OpenGL support, which disables all of the eye candy. Otherwise, it’s all “Aw, snap!”.

Comment from Andrew Patrzalek
Posted: December 26, 2015 at 22:29

I submitted the following bug report to http://www.chromium.org but it probably should be entered here too.
Maybe helpful.
Thanks and I hope you’ve had a Merry Christmas.
-Andy sls92
Summary: Chromium 47.0.2526.73 Install Starts but with Stack Dump

Chrome Version : Slackware64 package chromium-47.0.2526.73-x86_64-1alien.txz
URLs (if applicable) : N/A
Other browsers tested:
Add OK or FAIL, along with the version, after other browsers where you
have tested this issue:
Safari:
Firefox:
IE:

What steps will reproduce the problem?
1. sbopkg install chromium
2. chromium
3.

What is the expected result?
Chrome browser start without errors

What happens instead?

Three package installs were successful, resulting in:
Package chromium-47.0.2526.73-x86_64-1alien.txz installed.
Package chromium-pepperflash-plugin-20.0.0.228-x86_64-1alien.txz installed.
Package chromium-widevine-plugin-47.0.2526.73-x86_64-1alien.txz installed.

The browser starts, and appears to be functional, but with the following stack dump:

bash-4.2$ chromium
[22727:22727:1226/143203:FATAL:sandbox_seccomp_bpf_linux.cc(203)] Check failed: policy->PreSandboxHook().
#0 0x7fe420760cae
#1 0x7fe420776957
#2 0x7fe42423713b
#3 0x7fe4242363da
#4 0x7fe424236724
#5 0x7fe4240dba94
#6 0x7fe4240dd12f
#7 0x7fe420733e05
#8 0x7fe420732a31
#9 0x7fe42026a7a8
#10 0x7fe418c59d05 __libc_start_main
#11 0x7fe42026a635

Received signal 6
#0 0x7fe420760cae
#1 0x7fe420760d91
#2 0x7fe41a7c5670
#3 0x7fe418c6e979 __GI_raise
#4 0x7fe418c70088 __GI_abort
#5 0x7fe420760635
#6 0x7fe4207769e5
#7 0x7fe42423713b
#8 0x7fe4242363da
#9 0x7fe424236724
#10 0x7fe4240dba94
#11 0x7fe4240dd12f
#12 0x7fe420733e05
#13 0x7fe420732a31
#14 0x7fe42026a7a8
#15 0x7fe418c59d05 __libc_start_main
#16 0x7fe42026a635
r8: 6637783020313123 r9: 3661363230323465 r10: 0000000000000008 r11: 0000000000000202
r12: 00007fff8f272368 r13: 0000000000000000 r14: 00007fff8f271f00 r15: 000000000000005d
di: 00000000000058c7 si: 00000000000058c7 bp: 00007fe41981b3e0 bx: 00007fff8f272360
dx: 0000000000000006 ax: 0000000000000000 cx: ffffffffffffffff sp: 00007fff8f271b78
ip: 00007fe418c6e979 efl: 0000000000000202 cgf: 0000000000000033 erf: 0000000000000000
trp: 0000000000000000 msk: 0000000000000000 cr2: 0000000000000000
[end of stack trace]

Please provide any additional information below. Attach a screenshot if
possible.
A search for ‘Chromium stack dump’ in existing issues did not report any pertinent hits.

Comment from alienbob
Posted: December 26, 2015 at 22:51

Hi Andrew

Looking at a similar bug reported for the Debian package: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=803319 perhaps the conclusion should be that I have to stop applying the hardware rendering support (vaapi) patch, just like debian has done starting with their 47.0.2526.80-1 package.

I was looking at new packages for chromium and chromium-dev anyway, so what I will probably do is keep my “chromium_vaapi.patch” patch available in the source directory but without applying it.

Comment from p431i7o
Posted: July 19, 2016 at 14:58

hello,
I just had this problem again (last time I just reinstalled a fresh custom), and reading some threads on LQ, the conclusion is, I have to uninstall udev, if you are using current, udev wasn’t uninstalled, and it has to be uninstalled after eudev was installed (or before)
I’ll just leave this comment for future references.
Thanks

PD. this comment,is about the /dev/shm and having to give the 1777 permission everytime after booting.

Comment from alienbob
Posted: July 19, 2016 at 15:52

Good remark, p431i7o.

Comment from Andrew Patrzalek
Posted: June 4, 2018 at 14:56

Thanks for the post. I hope others realize that information like this and resolutions of ‘cold cases’ actually can be the missing link to a long standing problem or rapid help for newbies. So many times google searches turn up ruminations of a problem with no solution.

Write a comment