Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2022-10-28 19:30:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Fri Oct 28 19:30:31 2022 rev:356 rq:1031906 version:107.0.5304.87 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2022-10-12 18:28:18.590167784 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new.2275/chromium.changes 2022-10-28 19:31:27.819213044 +0200 @@ -1,0 +2,31 @@ +Fri Oct 28 08:35:09 UTC 2022 - Andreas Stieger <andreas.stie...@gmx.de> + +- Chromium 107.0.5304.87 (boo#1204819) + * CVE-2022-3723: Type Confusion in V8 + +------------------------------------------------------------------- +Thu Oct 27 08:57:48 UTC 2022 - Callum Farmer <gm...@opensuse.org> + +- Chromium 107.0.5304.68 (boo#1204732) + * CVE-2022-3652: Type Confusion in V8 + * CVE-2022-3653: Heap buffer overflow in Vulkan + * CVE-2022-3654: Use after free in Layout + * CVE-2022-3655: Heap buffer overflow in Media Galleries + * CVE-2022-3656: Insufficient data validation in File System + * CVE-2022-3657: Use after free in Extensions + * CVE-2022-3658: Use after free in Feedback service on Chrome OS + * CVE-2022-3659: Use after free in Accessibility + * CVE-2022-3660: Inappropriate implementation in Full screen mode + * CVE-2022-3661: Insufficient data validation in Extensions +- Added patches: + * chromium-107-compiler.patch + * chromium-107-system-zlib.patch +- Removed patches: + * chromium-105-compiler.patch + * chromium-105-Bitmap-include.patch + * chromium-106-AutofillPopupControllerImpl-namespace.patch +- Unbundle libyuv and libavif on TW +- Prepare 15.5 +- Use qt on 15.4+ (15.3 too old) + +------------------------------------------------------------------- Old: ---- chromium-105-Bitmap-include.patch chromium-105-compiler.patch chromium-106-AutofillPopupControllerImpl-namespace.patch chromium-106.0.5249.119.tar.xz New: ---- chromium-107-compiler.patch chromium-107-system-zlib.patch chromium-107.0.5304.87.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.kGHybj/_old 2022-10-28 19:31:35.159249853 +0200 +++ /var/tmp/diff_new_pack.kGHybj/_new 2022-10-28 19:31:35.175249934 +0200 @@ -26,26 +26,30 @@ %bcond_without lto %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400 %bcond_without gtk4 +%bcond_without qt %else %bcond_with gtk4 +%bcond_with qt %endif %ifarch aarch64 %bcond_with swiftshader %else %bcond_without swiftshader %endif -%if 0%{?suse_version} >= 1550 +%if 0%{?suse_version} >= 1599 %bcond_without system_harfbuzz %bcond_without system_freetype %bcond_without arm_bti %bcond_without system_icu %bcond_without ffmpeg_51 +%bcond_without system_avif %else %bcond_with system_harfbuzz %bcond_with system_freetype %bcond_with arm_bti %bcond_with system_icu %bcond_with ffmpeg_51 +%bcond_with system_avif %endif %bcond_without pipewire %bcond_without system_ffmpeg @@ -63,11 +67,15 @@ %if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150400 %define llvm_version 12 %else +%if 0%{?suse_version} < 1599 && 0%{?sle_version} < 150500 %define llvm_version 13 +%else +%define llvm_version 14 +%endif %endif Name: chromium -Version: 106.0.5249.119 +Version: 107.0.5304.87 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later @@ -101,7 +109,7 @@ Patch10: chromium-disable-parallel-gold.patch Patch11: chromium-lp151-old-drm.patch # gentoo/fedora/arch patchset -Patch15: chromium-105-compiler.patch +Patch15: chromium-107-compiler.patch Patch17: chromium-86-ImageMemoryBarrierData-init.patch Patch21: chromium-gcc11.patch Patch40: chromium-91-java-only-allowed-in-android-builds.patch @@ -116,13 +124,12 @@ Patch90: chromium-100-InMilliseconds-constexpr.patch Patch98: chromium-102-regex_pattern-array.patch Patch103: chromium-103-VirtualCursor-std-layout.patch -Patch107: chromium-105-Bitmap-include.patch Patch111: chromium-105-wayland-1.20.patch Patch201: chromium-86-fix-vaapi-on-intel.patch # PATCH-FIX-SUSE: allow prop codecs to be set with chromium branding Patch202: chromium-prop-codecs.patch Patch203: chromium-106-ffmpeg-duration.patch -Patch204: chromium-106-AutofillPopupControllerImpl-namespace.patch +Patch204: chromium-107-system-zlib.patch BuildRequires: SDL-devel BuildRequires: bison BuildRequires: cups-devel @@ -280,6 +287,14 @@ BuildRequires: pkgconfig(libavformat) >= %{ffmpeg_version} BuildRequires: pkgconfig(libavutil) %endif +%if %{with system_avif} +BuildRequires: pkgconfig(libavif) +BuildRequires: pkgconfig(libyuv) +%endif +%if %{with qt} +BuildRequires: pkgconfig(Qt5Core) +BuildRequires: pkgconfig(Qt5Widgets) +%endif %if %{with clang} %if 0%{?suse_version} < 1550 #!BuildIgnore: gcc @@ -476,7 +491,6 @@ third_party/libaom/source/libaom/third_party/fastfeat third_party/libaom/source/libaom/third_party/vector third_party/libaom/source/libaom/third_party/x86inc - third_party/libavif third_party/libgav1 third_party/libgifcodec third_party/libjingle @@ -492,7 +506,6 @@ third_party/libx11/src third_party/libxcb-keysyms/keysyms third_party/libxml/chromium - third_party/libyuv third_party/libzip third_party/lottie third_party/lss @@ -508,7 +521,7 @@ third_party/nasm third_party/nearby third_party/node - third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2 + third_party/omnibox_proto third_party/one_euro_filter third_party/openscreen third_party/openscreen/src/third_party/mozilla @@ -543,9 +556,7 @@ third_party/shell-encryption third_party/simplejson third_party/skia - third_party/skia/include/third_party/skcms/ third_party/skia/include/third_party/vulkan/ - third_party/skia/third_party/skcms third_party/skia/third_party/vulkan third_party/smhasher third_party/sqlite @@ -616,6 +627,10 @@ third_party/libvpx/source/libvpx/third_party/x86inc ) %endif +%if !%{with system_avif} +keeplibs+=( third_party/libyuv ) +keeplibs+=( third_party/libavif ) +%endif # needed due to bugs in GN keeplibs+=( third_party/speech-dispatcher @@ -731,6 +746,10 @@ %if %{with system_ffmpeg} gn_system_libraries+=( ffmpeg ) %endif +%if %{with system_avif} +gn_system_libraries+=( libyuv ) +gn_system_libraries+=( libavif ) +%endif build/linux/unbundle/replace_gn_files.py --system-libraries ${gn_system_libraries[@]} # Create the configuration for GN @@ -783,6 +802,9 @@ %if %{with gtk4} myconf_gn+=" gtk_version=4" %endif +%if %{without qt} +myconf_gn+=" use_qt=false" +%endif # See dependency logic in third_party/BUILD.gn %if %{with system_harfbuzz} myconf_gn+=" use_system_harfbuzz=true" @@ -791,6 +813,7 @@ myconf_gn+=" use_system_freetype=true" %endif myconf_gn+=" use_system_libwayland=true" +myconf_gn+=" use_system_libwayland_server=true" myconf_gn+=" use_system_wayland_scanner=true" myconf_gn+=" enable_hangout_services_extension=true" myconf_gn+=" enable_vulkan=true" ++++++ chromium-105-compiler.patch -> chromium-107-compiler.patch ++++++ --- /work/SRC/openSUSE:Factory/chromium/chromium-105-compiler.patch 2022-09-09 18:25:08.980551757 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new.2275/chromium-107-compiler.patch 2022-10-28 19:30:52.115033995 +0200 @@ -1,17 +1,17 @@ From 307a0f63dd9b118f4b8470ed3d7567e81fdb7a6d Mon Sep 17 00:00:00 2001 From: Mike Gilbert <flop...@gentoo.org> -Date: Sat, 13 Aug 2022 13:48:07 +0000 +Date: Mon, 26 Sep 2022 10:19:23 +0000 Subject: [PATCH] Disable various compiler configs --- - build/config/compiler/BUILD.gn | 106 ++++++--------------------------- - 1 file changed, 17 insertions(+), 89 deletions(-) + build/config/compiler/BUILD.gn | 132 +++++---------------------------- + 1 file changed, 17 insertions(+), 115 deletions(-) diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn -index b6aaae9..e0f109d 100644 +index a094aa4..6b61fe8 100644 --- a/build/config/compiler/BUILD.gn +++ b/build/config/compiler/BUILD.gn -@@ -283,9 +283,7 @@ config("compiler") { +@@ -274,9 +274,7 @@ config("compiler") { configs += [ # See the definitions below. @@ -21,7 +21,7 @@ ":compiler_codegen", ":compiler_deterministic", ] -@@ -536,31 +534,6 @@ config("compiler") { +@@ -527,36 +525,6 @@ config("compiler") { ldflags += [ "-Wl,-z,keep-text-section-prefix" ] } @@ -50,10 +50,15 @@ - } - } - - # Rust compiler setup (for either clang or rustc). - if (enable_rust) { - defines += [ "RUST_ENABLED" ] -@@ -1236,45 +1209,6 @@ config("compiler_deterministic") { +- # Rust compiler setup (for either clang or rustc). +- if (enable_rust) { +- defines += [ "RUST_ENABLED" ] +- } +- + # C11/C++11 compiler flags setup. + # --------------------------- + if (is_linux || is_chromeos || is_android || (is_nacl && is_clang) || +@@ -1245,45 +1213,6 @@ config("compiler_deterministic") { } } @@ -99,7 +104,35 @@ # Tells the compiler not to use absolute paths when passing the default # paths to the tools it invokes. We don't want this because we don't # really need it and it can mess up the goma cache entries. -@@ -1618,7 +1552,7 @@ config("chromium_code") { +@@ -1302,27 +1231,6 @@ config("compiler_deterministic") { + } + } + +-config("clang_revision") { +- if (is_clang && clang_base_path == default_clang_base_path) { +- update_args = [ +- "--print-revision", +- "--verify-version=$clang_version", +- ] +- if (llvm_force_head_revision) { +- update_args += [ "--llvm-force-head-revision" ] +- } +- clang_revision = exec_script("//tools/clang/scripts/update.py", +- update_args, +- "trim string") +- +- # This is here so that all files get recompiled after a clang roll and +- # when turning clang on or off. (defines are passed via the command line, +- # and build system rebuild things when their commandline changes). Nothing +- # should ever read this define. +- defines = [ "CR_CLANG_REVISION=\"$clang_revision\"" ] +- } +-} +- + config("rustc_revision") { + if (enable_rust && defined(rustc_version)) { + # Similar to the above config, this is here so that all files get +@@ -1612,7 +1520,7 @@ config("chromium_code") { defines = [ "_HAS_NODISCARD" ] } } else { @@ -108,7 +141,7 @@ if (treat_warnings_as_errors) { cflags += [ "-Werror" ] -@@ -1627,10 +1561,6 @@ config("chromium_code") { +@@ -1621,10 +1529,6 @@ config("chromium_code") { # well. ldflags = [ "-Werror" ] } @@ -119,7 +152,7 @@ # In Chromium code, we define __STDC_foo_MACROS in order to get the # C99 macros on Mac and Linux. -@@ -1639,16 +1569,6 @@ config("chromium_code") { +@@ -1633,16 +1537,6 @@ config("chromium_code") { "__STDC_FORMAT_MACROS", ] @@ -136,7 +169,7 @@ if (is_mac) { cflags_objc = [ "-Wobjc-missing-property-synthesis" ] cflags_objcc = [ "-Wobjc-missing-property-synthesis" ] -@@ -2039,7 +1959,8 @@ config("default_stack_frames") { +@@ -2035,7 +1929,8 @@ config("default_stack_frames") { } # Default "optimization on" config. @@ -146,7 +179,7 @@ if (is_win) { if (chrome_pgo_phase != 2) { # Favor size over speed, /O1 must be before the common flags. -@@ -2077,7 +1998,8 @@ config("optimize") { +@@ -2080,7 +1975,8 @@ config("optimize") { } # Turn off optimizations. @@ -156,7 +189,7 @@ if (is_win) { cflags = [ "/Od", # Disable optimization. -@@ -2117,7 +2039,8 @@ config("no_optimize") { +@@ -2120,7 +2016,8 @@ config("no_optimize") { # Turns up the optimization level. On Windows, this implies whole program # optimization and link-time code generation which is very expensive and should # be used sparingly. @@ -166,7 +199,7 @@ if (is_nacl && is_nacl_irt) { # The NaCl IRT is a special case and always wants its own config. # Various components do: -@@ -2150,7 +2073,8 @@ config("optimize_max") { +@@ -2153,7 +2050,8 @@ config("optimize_max") { # # TODO(crbug.com/621335) - rework how all of these configs are related # so that we don't need this disclaimer. @@ -176,7 +209,7 @@ if (is_nacl && is_nacl_irt) { # The NaCl IRT is a special case and always wants its own config. # Various components do: -@@ -2176,7 +2100,8 @@ config("optimize_speed") { +@@ -2179,7 +2077,8 @@ config("optimize_speed") { } } @@ -186,7 +219,7 @@ cflags = [ "-O1" ] + common_optimize_on_cflags rustflags = [ "-Copt-level=1" ] ldflags = common_optimize_on_ldflags -@@ -2295,7 +2220,8 @@ config("win_pdbaltpath") { +@@ -2299,7 +2198,8 @@ config("win_pdbaltpath") { } # Full symbols. @@ -196,7 +229,7 @@ if (is_win) { if (is_clang) { cflags = [ "/Z7" ] # Debug information in the .obj files. -@@ -2420,7 +2346,8 @@ config("symbols") { +@@ -2432,7 +2332,8 @@ config("symbols") { # Minimal symbols. # This config guarantees to hold symbol for stack trace which are shown to user # when crash happens in unittests running on buildbot. @@ -206,7 +239,7 @@ if (is_win) { # Functions, files, and line tables only. cflags = [] -@@ -2492,7 +2419,8 @@ config("minimal_symbols") { +@@ -2504,7 +2405,8 @@ config("minimal_symbols") { # This configuration contains function names only. That is, the compiler is # told to not generate debug information and the linker then just puts function # names in the final debug information. ++++++ chromium-107-system-zlib.patch ++++++ --- a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.cc +++ b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.cc @@ -19,7 +19,7 @@ limitations under the License. #include <cstdio> #include "absl/strings/string_view.h" // from @com_google_absl -#include "contrib/minizip/ioapi.h" +#include "third_party/zlib/contrib/minizip/ioapi.h" namespace tflite { namespace metadata { ++++++ chromium-106.0.5249.119.tar.xz -> chromium-107.0.5304.87.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-106.0.5249.119.tar.xz /work/SRC/openSUSE:Factory/.chromium.new.2275/chromium-107.0.5304.87.tar.xz differ: char 15, line 1