Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2026-06-19 16:31:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Fri Jun 19 16:31:49 2026 rev:526 rq:1360200 version:149.0.7827.155 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2026-06-13 18:48:31.284380616 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new.1956/chromium.changes 2026-06-19 17:14:43.504334937 +0200 @@ -1,0 +2,54 @@ +Wed Jun 17 11:05:57 UTC 2026 - Andreas Stieger <[email protected]> + +- Use version suffix for llvm/clang commands +- added patches: + * chromium-149-strip-path.patch + +------------------------------------------------------------------- +Wed Jun 17 04:57:54 UTC 2026 - Andreas Stieger <[email protected]> + +- Chromium 149.0.7827.155 (boo#1268373): + * CVE-2026-12437: Use after free in WebShare + * CVE-2026-12438: Inappropriate implementation in WebView + * CVE-2026-12439: Use after free in Digital Credentials + * CVE-2026-12440: Use after free in DigitalCredentials + * CVE-2026-12441: Use after free in File Input + * CVE-2026-12442: Use after free in Passwords + * CVE-2026-12443: Use after free in Web Authentication + * CVE-2026-12444: Out of bounds read in Chromoting + * CVE-2026-12445: Use after free in Extensions + * CVE-2026-12446: Insufficient data validation in Passwords + * CVE-2026-12447: Heap buffer overflow in WebRTC + * CVE-2026-12448: Inappropriate implementation in WebView + * CVE-2026-12449: Use after free in Chromoting + * CVE-2026-12450: Inappropriate implementation in Media + * CVE-2026-12451: Use after free in DigitalCredentials + * CVE-2026-12452: Use after free in Downloads + * CVE-2026-12453: Insufficient validation of untrusted input in Input + * CVE-2026-12454: Race in Safe Browsing + * CVE-2026-12455: Use after free in Tab Strip + * CVE-2026-12456: Insufficient validation of untrusted input in Extensions + * CVE-2026-12457: Insufficient data validation in Extensions + * CVE-2026-12458: Incorrect security UI in Passwords + * CVE-2026-12459: Inappropriate implementation in Serial + * CVE-2026-12460: Insufficient policy enforcement in File System Access + * CVE-2026-12461: Out of bounds read in WebRTC + * CVE-2026-12462: Use after free in Media + * CVE-2026-12463: Inappropriate implementation in Views + * CVE-2026-12464: Use after free in Browser + * CVE-2026-12465: Insufficient validation of untrusted input in Metrics + * CVE-2026-12466: Heap buffer overflow in WebRTC + * CVE-2026-12467: Use after free in Extensions + * CVE-2026-12468: Inappropriate implementation in Updater + * CVE-2026-12469: Uninitialized Use in GPU + +------------------------------------------------------------------- +Sat Jun 13 13:19:38 UTC 2026 - Ruediger Oertel <[email protected]> + +- added patches: + * disable-ai.patch (re-add since now ported to 149) +- added configs: + * disable-ai.json + (both parts taken from fedora package) + +------------------------------------------------------------------- Old: ---- chromium-149.0.7827.114-linux.tar.xz New: ---- chromium-149-strip-path.patch chromium-149.0.7827.155-linux.tar.xz disable-ai.json disable-ai.patch ----------(New B)---------- New:- added patches: * chromium-149-strip-path.patch New:- added patches: * disable-ai.patch (re-add since now ported to 149) - added configs: ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.0YA73B/_old 2026-06-19 17:14:53.476676536 +0200 +++ /var/tmp/diff_new_pack.0YA73B/_new 2026-06-19 17:14:53.476676536 +0200 @@ -132,7 +132,7 @@ %global official_build 1 Name: chromium%{n_suffix} -Version: 149.0.7827.114 +Version: 149.0.7827.155 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later @@ -154,6 +154,7 @@ # Source106: chrome-wrapper Source107: chromium.conf +Source110: disable-ai.json # global patches Patch0: chromium-libusb_interrupt_event_handler.patch # PATCH-FIX-OPENSUSE Make the 1-click-install ymp file always download [bnc#836059] @@ -202,6 +203,8 @@ Patch398: chromium-147-comment_safe_assert.patch Patch399: chromium-148-no_dep_on_intree_rustc_binary.patch Patch400: chromium-149-profile_no_const.patch +Patch401: chromium-149-strip-path.patch +Patch410: disable-ai.patch # conditionally applied patches ppc64le only # where applicable patch numbers from fedora specfile + 100 Patch452: ppc-fedora-memory-allocator-dcheck-assert-fix.patch @@ -988,11 +991,11 @@ # GN sets lto on its own and we need just ldflag options, not cflags %define _lto_cflags %{nil} %if %{with clang} -export CC=clang -export CXX=clang++ -export AR=llvm-ar -export NM=llvm-nm -export RANLIB=llvm-ranlib +export CC=clang-%{llvm_version} +export CXX=clang++-%{llvm_version} +export AR=llvm-ar-%{llvm_version} +export NM=llvm-nm-%{llvm_version} +export RANLIB=llvm-ranlib-%{llvm_version} %else %if 0%{?suse_version} <= 1500 export CC=gcc-%{gcc_version} @@ -1252,6 +1255,8 @@ myconf_gn+=" toolchain_supports_rust_thin_lto=false" fi myconf_gn+=" chrome_pgo_phase=0" +myconf_gn+=" strip_binary_path=\"/usr/bin/llvm-strip-%{llvm_version}\"" +myconf_gn+=" objcopy_binary_path=\"/usr/bin/llvm-objcopy-%{llvm_version}\"" # GN does not support passing cflags: # https://bugs.chromium.org/p/chromium/issues/detail?id=642016 @@ -1281,7 +1286,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/chromium/policies mkdir %{buildroot}%{_sysconfdir}/chromium/policies/managed mkdir %{buildroot}%{_sysconfdir}/chromium/policies/recommended -chmod -w %{buildroot}%{_sysconfdir}/chromium/policies/managed +# disable AI +install -m 0644 %{SOURCE110} %{buildroot}%{_sysconfdir}/chromium/policies/managed mkdir -p %{buildroot}%{_datadir}/chromium/extensions mkdir -p %{buildroot}%{_sysconfdir}/chromium/native-messaging-hosts # SVG @@ -1301,10 +1307,11 @@ %{_datadir}/chromium %dir %{_sysconfdir}/chromium %dir %{_sysconfdir}/chromium/policies -%dir %{_sysconfdir}/chromium/policies/managed +%dir %attr(555,root,root) %{_sysconfdir}/chromium/policies/managed %dir %{_sysconfdir}/chromium/policies/recommended %dir %{_sysconfdir}/chromium/native-messaging-hosts %config %{_sysconfdir}/chromium/master_preferences +%config %{_sysconfdir}/chromium/policies/managed/disable-ai.json %config(noreplace) %{_sysconfdir}/chromium/chromium.conf %{_libdir}/chromium %{_datadir}/applications/*.desktop ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.0YA73B/_old 2026-06-19 17:14:53.728685168 +0200 +++ /var/tmp/diff_new_pack.0YA73B/_new 2026-06-19 17:14:53.732685305 +0200 @@ -1,6 +1,6 @@ -mtime: 1781239555 -commit: 669fd0ca14ad45edb3c9a9213c0f9a569c095b7c33b8c661337668841b710697 +mtime: 1781740980 +commit: 79eabdabfb62c75dcd49040fb143327aebd27d1b6db4f80676be6bcf10fe2b47 url: https://src.opensuse.org/chromium/chromium -revision: 669fd0ca14ad45edb3c9a9213c0f9a569c095b7c33b8c661337668841b710697 +revision: 79eabdabfb62c75dcd49040fb143327aebd27d1b6db4f80676be6bcf10fe2b47 projectscmsync: https://src.opensuse.org/chromium/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-18 02:03:00.000000000 +0200 @@ -0,0 +1,4 @@ +.osc +*.patch~ +*-build/ +.*.swp ++++++ chromium-149-strip-path.patch ++++++ --- chromium-149.0.7827.155/build/linux/strip_binary.gni 2026/06/17 23:42:50 1.1 +++ chromium-149.0.7827.155/build/linux/strip_binary.gni 2026/06/17 23:47:59 @@ -5,6 +5,17 @@ import("//build/config/clang/clang.gni") import("//build/toolchain/toolchain.gni") +default_strip_binary_path = "${clang_base_path}/bin/llvm-strip" +default_objcopy_binary_path = "${clang_base_path}/bin/llvm-objcopy" + +declare_args() { + # allow override + strip_binary_path = default_strip_binary_path + + # allow override + objcopy_binary_path = default_objcopy_binary_path +} + # Extracts symbols from a binary into a symbol file. # # Args: @@ -21,8 +32,8 @@ "testonly", ]) action("${target_name}") { - llvm_strip_binary = "${clang_base_path}/bin/llvm-strip" - llvm_objcopy_binary = "${clang_base_path}/bin/llvm-objcopy" + llvm_strip_binary = "${strip_binary_path}" + llvm_objcopy_binary = "${objcopy_binary_path}" script = "//build/linux/strip_binary.py" if (defined(invoker.stripped_binary_output)) { ++++++ chromium-149.0.7827.114-linux.tar.xz -> chromium-149.0.7827.155-linux.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-149.0.7827.114-linux.tar.xz /work/SRC/openSUSE:Factory/.chromium.new.1956/chromium-149.0.7827.155-linux.tar.xz differ: char 15, line 1 ++++++ disable-ai.json ++++++ { "GenAILocalFoundationalModelSettings": 1, "AIModeSettings": 2 } ++++++ disable-ai.patch ++++++ ++++ 1409 lines (skipped)
