Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2026-05-21 18:26:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new.2084 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Thu May 21 18:26:09 2026 rev:520 rq:1354293 version:148.0.7778.178 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2026-05-15 23:54:21.839217778 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new.2084/chromium.changes 2026-05-21 18:28:07.000477309 +0200 @@ -1,0 +2,28 @@ +Tue May 19 20:23:40 UTC 2026 - Andreas Stieger <[email protected]> + +- Chromium 148.0.7778.178 (boo#1265848) + * CVE-2026-9111: Use after free in WebRTC + * CVE-2026-9110: Inappropriate implementation in UI + * CVE-2026-9112: Use after free in GPU + * CVE-2026-9113: Out of bounds read in GPU + * CVE-2026-9114: Use after free in QUIC + * CVE-2026-9115: Insufficient policy enforcement in Service Worker + * CVE-2026-9116: Insufficient policy enforcement in ServiceWorker + * CVE-2026-9117: Type Confusion in GFX + * CVE-2026-9118: Use after free in XR + * CVE-2026-9119: Heap buffer overflow in WebRTC + * CVE-2026-9120: Use after free in WebRTC + * CVE-2026-9126: Use after free in DOM + * CVE-2026-9121: Out of bounds read in GPU + * CVE-2026-9122: Out of bounds read in GPU + * CVE-2026-9123: Heap buffer overflow in Chromecast + * CVE-2026-9124: Insufficient validation of untrusted input in Input + +------------------------------------------------------------------- +Mon May 18 10:05:53 UTC 2026 - Ruediger Oertel <[email protected]> + +- add system-wide chromium.conf as in fedora package + enable several features by default and disable ai features + allow to override via setting CHROMIUM_USER_FLAGS + +------------------------------------------------------------------- Old: ---- chromium-148.0.7778.167-linux.tar.xz New: ---- chromium-148.0.7778.178-linux.tar.xz chromium.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.QW2Rbg/_old 2026-05-21 18:28:15.936844427 +0200 +++ /var/tmp/diff_new_pack.QW2Rbg/_new 2026-05-21 18:28:15.940844591 +0200 @@ -132,7 +132,7 @@ %global official_build 1 Name: chromium%{n_suffix} -Version: 148.0.7778.167 +Version: 148.0.7778.178 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later @@ -153,6 +153,7 @@ Source105: INSTALL.sh # Source106: chrome-wrapper +Source107: chromium.conf # global patches Patch0: chromium-libusb_interrupt_event_handler.patch # PATCH-FIX-OPENSUSE Make the 1-click-install ymp file always download [bnc#836059] @@ -1266,6 +1267,8 @@ # Install the master_preferences file mkdir -p %{buildroot}%{_sysconfdir}/chromium install -m 0644 %{SOURCE30} %{buildroot}%{_sysconfdir}/chromium +# install system wide config +install -m 0644 %{SOURCE107} %{buildroot}%{_sysconfdir}/chromium/chromium.conf # Compat link ln -s %{_bindir}/chromium-browser %{buildroot}%{_bindir}/chromium # Policy dirs @@ -1296,6 +1299,7 @@ %dir %{_sysconfdir}/chromium/policies/recommended %dir %{_sysconfdir}/chromium/native-messaging-hosts %config %{_sysconfdir}/chromium/master_preferences +%config(noreplace) %{_sysconfdir}/chromium/chromium.conf %{_libdir}/chromium %{_datadir}/applications/*.desktop %{_datadir}/metainfo/chromium-browser.appdata.xml ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.QW2Rbg/_old 2026-05-21 18:28:16.096851000 +0200 +++ /var/tmp/diff_new_pack.QW2Rbg/_new 2026-05-21 18:28:16.100851165 +0200 @@ -1,6 +1,6 @@ -mtime: 1778825223 -commit: 516a4d79865f7f9867fceeafd5cd407429fee424b3192088bdf1c8d3439768a4 +mtime: 1779307304 +commit: dee293c04b66cb8129693190f95f338cc83d7cfdb8b47dbb4fbdc50dc9842724 url: https://src.opensuse.org/chromium/chromium -revision: 516a4d79865f7f9867fceeafd5cd407429fee424b3192088bdf1c8d3439768a4 +revision: dee293c04b66cb8129693190f95f338cc83d7cfdb8b47dbb4fbdc50dc9842724 projectscmsync: https://src.opensuse.org/chromium/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-05-20 22:01:44.000000000 +0200 @@ -0,0 +1,4 @@ +.osc +*.patch~ +*-build/ +.*.swp ++++++ chrome-wrapper ++++++ --- /var/tmp/diff_new_pack.QW2Rbg/_old 2026-05-21 18:28:16.288858888 +0200 +++ /var/tmp/diff_new_pack.QW2Rbg/_new 2026-05-21 18:28:16.292859052 +0200 @@ -18,12 +18,24 @@ # We don't want bug-buddy intercepting our crashes. http://crbug.com/24120 export GNOME_DISABLE_CRASH_DIALOG=SET_BY_GOOGLE_CHROME +# Allow users to override command-line options and prefer user defined +# CHROMIUM_USER_FLAGS from env over system wide CHROMIUM_FLAGS +[[ -f /etc/chromium/chromium.conf ]] && . /etc/chromium/chromium.conf +CHROMIUM_FLAGS=${CHROMIUM_USER_FLAGS:-$CHROMIUM_FLAGS} + # Allow root usage no_sandbox= if [ "`id -u`" == "0" ]; then no_sandbox=--no-sandbox fi +CHROMIUM_DISTRO_FLAGS=" --enable-plugins \ + --enable-extensions \ + --enable-user-scripts \ + --enable-printing \ + --enable-sync \ + --auto-ssl-client-auth" + # Sanitize std{in,out,err} because they'll be shared with untrusted child # processes (http://crbug.com/376567). exec < /dev/null @@ -31,5 +43,5 @@ exec 2> >(exec cat >&2) # Note: exec -a below is a bashism. -exec -a "$0" "$HERE/chrome" $no_sandbox "$@" +exec -a "$0" "$HERE/chrome" $no_sandbox $CHROMIUM_FLAGS $CHROMIUM_DISTRO_FLAGS "$@" ++++++ chromium-148.0.7778.167-linux.tar.xz -> chromium-148.0.7778.178-linux.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-148.0.7778.167-linux.tar.xz /work/SRC/openSUSE:Factory/.chromium.new.2084/chromium-148.0.7778.178-linux.tar.xz differ: char 15, line 1 ++++++ chromium.conf ++++++ # system wide chromium flags ARCH="$(arch)" MODE="$(systemd-detect-virt)" # GRAPHIC_DRIVER=[amd|intel|nvidia|default] GRAPHIC_DRIVER=default # WEB_AUTO_DARKMODE_WEBCONTENT=[on|off] WEB_AUTO_DARKMODE_WEBCONTENT=off # NATIVE_WAYLAND=[on|off] # chromium >=141 switched to --ozone-platform-hint=auto if [ ! -z "$WAYLAND_DISPLAY" ]; then NATIVE_WAYLAND=on else NATIVE_WAYLAND=off fi # Disable chromium's AI model DISABLE_FEATURES="LensOverlay,OptimizationGuideOnDeviceModel,PromptAPIForGeminiNano,Compose,TabOrganization" ENABLE_FEATURES="AllowQt" CHROMIUM_FLAGS=" --enable-chrome-browser-cloud-management" if [ "$NATIVE_WAYLAND" == "on" ] ; then ENABLE_FEATURES+=",WaylandLinuxDrmSyncobj,WaylandPerSurfaceScale,WaylandUiScale" else CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames" CHROMIUM_FLAGS+=" --enable-zero-copy" CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround" CHROMIUM_FLAGS+=" --enable-gpu-rasterization" fi ENABLE_FEATURES+=",AcceleratedVideoDecodeLinuxGL,AcceleratedVideoDecodeLinuxZeroCopyGL" case "$GRAPHIC_DRIVER" in amd|intel) # Need new mesa with AMD multi planes support, is supported in fedora >= 40 (mesa-24.1.1 or newer) # see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165 CHROMIUM_FLAGS+=" --enable-accelerated-video-decode" ENABLE_FEATURES+=",VaapiIgnoreDriverChecks,UseMultiPlaneFormatForHardwareVideo" ;; nvidia) # The NVIDIA VaAPI drivers are known to not support Chromium # see https://crbug.com/1492880. This feature switch is # provided for developers to test VaAPI drivers on NVIDIA GPUs ENABLE_FEATURES+=",VaapiOnNvidiaGPUs" export CUDA_DISABLE_PERF_BOOST=1 ;; *) ENABLE_FEATURES+=",AcceleratedVideoEncoder" ;; esac if [ "$MODE" != "none" ] ; then # chromium in VM, running with standard setting CHROMIUM_FLAGS="" DISABLE_FEATURES="" ENABLE_FEATURES="" fi # Web Dark mode if [ "$WEB_AUTO_DARKMODE_WEBCONTENT" == "on" ] ; then darktype="WebContentsForceDark" if [ -z "$ENABLE_FEATURES" ] ; then ENABLE_FEATURES+="$darktype" else ENABLE_FEATURES+=",$darktype" fi CHROMIUM_FLAGS+=" --force-dark-mode" fi [ -z "$DISABLE_FEATURES" ] || CHROMIUM_FLAGS+=" --disable-features=$DISABLE_FEATURES" [ -z "$ENABLE_FEATURES" ] || CHROMIUM_FLAGS+=" --enable-features=$ENABLE_FEATURES"
