Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package chromium for openSUSE:Factory
checked in at 2022-10-28 19:30:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/chromium (Old)
and /work/SRC/openSUSE:Factory/.chromium.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium"
Fri Oct 28 19:30:31 2022 rev:356 rq:1031906 version:107.0.5304.87
Changes:
--------
--- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2022-10-12
18:28:18.590167784 +0200
+++ /work/SRC/openSUSE:Factory/.chromium.new.2275/chromium.changes
2022-10-28 19:31:27.819213044 +0200
@@ -1,0 +2,31 @@
+Fri Oct 28 08:35:09 UTC 2022 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- Chromium 107.0.5304.87 (boo#1204819)
+ * CVE-2022-3723: Type Confusion in V8
+
+-------------------------------------------------------------------
+Thu Oct 27 08:57:48 UTC 2022 - Callum Farmer <gm...@opensuse.org>
+
+- Chromium 107.0.5304.68 (boo#1204732)
+ * CVE-2022-3652: Type Confusion in V8
+ * CVE-2022-3653: Heap buffer overflow in Vulkan
+ * CVE-2022-3654: Use after free in Layout
+ * CVE-2022-3655: Heap buffer overflow in Media Galleries
+ * CVE-2022-3656: Insufficient data validation in File System
+ * CVE-2022-3657: Use after free in Extensions
+ * CVE-2022-3658: Use after free in Feedback service on Chrome OS
+ * CVE-2022-3659: Use after free in Accessibility
+ * CVE-2022-3660: Inappropriate implementation in Full screen mode
+ * CVE-2022-3661: Insufficient data validation in Extensions
+- Added patches:
+ * chromium-107-compiler.patch
+ * chromium-107-system-zlib.patch
+- Removed patches:
+ * chromium-105-compiler.patch
+ * chromium-105-Bitmap-include.patch
+ * chromium-106-AutofillPopupControllerImpl-namespace.patch
+- Unbundle libyuv and libavif on TW
+- Prepare 15.5
+- Use qt on 15.4+ (15.3 too old)
+
+-------------------------------------------------------------------
Old:
----
chromium-105-Bitmap-include.patch
chromium-105-compiler.patch
chromium-106-AutofillPopupControllerImpl-namespace.patch
chromium-106.0.5249.119.tar.xz
New:
----
chromium-107-compiler.patch
chromium-107-system-zlib.patch
chromium-107.0.5304.87.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ chromium.spec ++++++
--- /var/tmp/diff_new_pack.kGHybj/_old 2022-10-28 19:31:35.159249853 +0200
+++ /var/tmp/diff_new_pack.kGHybj/_new 2022-10-28 19:31:35.175249934 +0200
@@ -26,26 +26,30 @@
%bcond_without lto
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
%bcond_without gtk4
+%bcond_without qt
%else
%bcond_with gtk4
+%bcond_with qt
%endif
%ifarch aarch64
%bcond_with swiftshader
%else
%bcond_without swiftshader
%endif
-%if 0%{?suse_version} >= 1550
+%if 0%{?suse_version} >= 1599
%bcond_without system_harfbuzz
%bcond_without system_freetype
%bcond_without arm_bti
%bcond_without system_icu
%bcond_without ffmpeg_51
+%bcond_without system_avif
%else
%bcond_with system_harfbuzz
%bcond_with system_freetype
%bcond_with arm_bti
%bcond_with system_icu
%bcond_with ffmpeg_51
+%bcond_with system_avif
%endif
%bcond_without pipewire
%bcond_without system_ffmpeg
@@ -63,11 +67,15 @@
%if 0%{?suse_version} < 1550 && 0%{?sle_version} < 150400
%define llvm_version 12
%else
+%if 0%{?suse_version} < 1599 && 0%{?sle_version} < 150500
%define llvm_version 13
+%else
+%define llvm_version 14
+%endif
%endif
Name: chromium
-Version: 106.0.5249.119
+Version: 107.0.5304.87
Release: 0
Summary: Google's open source browser project
License: BSD-3-Clause AND LGPL-2.1-or-later
@@ -101,7 +109,7 @@
Patch10: chromium-disable-parallel-gold.patch
Patch11: chromium-lp151-old-drm.patch
# gentoo/fedora/arch patchset
-Patch15: chromium-105-compiler.patch
+Patch15: chromium-107-compiler.patch
Patch17: chromium-86-ImageMemoryBarrierData-init.patch
Patch21: chromium-gcc11.patch
Patch40: chromium-91-java-only-allowed-in-android-builds.patch
@@ -116,13 +124,12 @@
Patch90: chromium-100-InMilliseconds-constexpr.patch
Patch98: chromium-102-regex_pattern-array.patch
Patch103: chromium-103-VirtualCursor-std-layout.patch
-Patch107: chromium-105-Bitmap-include.patch
Patch111: chromium-105-wayland-1.20.patch
Patch201: chromium-86-fix-vaapi-on-intel.patch
# PATCH-FIX-SUSE: allow prop codecs to be set with chromium branding
Patch202: chromium-prop-codecs.patch
Patch203: chromium-106-ffmpeg-duration.patch
-Patch204: chromium-106-AutofillPopupControllerImpl-namespace.patch
+Patch204: chromium-107-system-zlib.patch
BuildRequires: SDL-devel
BuildRequires: bison
BuildRequires: cups-devel
@@ -280,6 +287,14 @@
BuildRequires: pkgconfig(libavformat) >= %{ffmpeg_version}
BuildRequires: pkgconfig(libavutil)
%endif
+%if %{with system_avif}
+BuildRequires: pkgconfig(libavif)
+BuildRequires: pkgconfig(libyuv)
+%endif
+%if %{with qt}
+BuildRequires: pkgconfig(Qt5Core)
+BuildRequires: pkgconfig(Qt5Widgets)
+%endif
%if %{with clang}
%if 0%{?suse_version} < 1550
#!BuildIgnore: gcc
@@ -476,7 +491,6 @@
third_party/libaom/source/libaom/third_party/fastfeat
third_party/libaom/source/libaom/third_party/vector
third_party/libaom/source/libaom/third_party/x86inc
- third_party/libavif
third_party/libgav1
third_party/libgifcodec
third_party/libjingle
@@ -492,7 +506,6 @@
third_party/libx11/src
third_party/libxcb-keysyms/keysyms
third_party/libxml/chromium
- third_party/libyuv
third_party/libzip
third_party/lottie
third_party/lss
@@ -508,7 +521,7 @@
third_party/nasm
third_party/nearby
third_party/node
- third_party/node/node_modules/polymer-bundler/lib/third_party/UglifyJS2
+ third_party/omnibox_proto
third_party/one_euro_filter
third_party/openscreen
third_party/openscreen/src/third_party/mozilla
@@ -543,9 +556,7 @@
third_party/shell-encryption
third_party/simplejson
third_party/skia
- third_party/skia/include/third_party/skcms/
third_party/skia/include/third_party/vulkan/
- third_party/skia/third_party/skcms
third_party/skia/third_party/vulkan
third_party/smhasher
third_party/sqlite
@@ -616,6 +627,10 @@
third_party/libvpx/source/libvpx/third_party/x86inc
)
%endif
+%if !%{with system_avif}
+keeplibs+=( third_party/libyuv )
+keeplibs+=( third_party/libavif )
+%endif
# needed due to bugs in GN
keeplibs+=(
third_party/speech-dispatcher
@@ -731,6 +746,10 @@
%if %{with system_ffmpeg}
gn_system_libraries+=( ffmpeg )
%endif
+%if %{with system_avif}
+gn_system_libraries+=( libyuv )
+gn_system_libraries+=( libavif )
+%endif
build/linux/unbundle/replace_gn_files.py --system-libraries
${gn_system_libraries[@]}
# Create the configuration for GN
@@ -783,6 +802,9 @@
%if %{with gtk4}
myconf_gn+=" gtk_version=4"
%endif
+%if %{without qt}
+myconf_gn+=" use_qt=false"
+%endif
# See dependency logic in third_party/BUILD.gn
%if %{with system_harfbuzz}
myconf_gn+=" use_system_harfbuzz=true"
@@ -791,6 +813,7 @@
myconf_gn+=" use_system_freetype=true"
%endif
myconf_gn+=" use_system_libwayland=true"
+myconf_gn+=" use_system_libwayland_server=true"
myconf_gn+=" use_system_wayland_scanner=true"
myconf_gn+=" enable_hangout_services_extension=true"
myconf_gn+=" enable_vulkan=true"
++++++ chromium-105-compiler.patch -> chromium-107-compiler.patch ++++++
--- /work/SRC/openSUSE:Factory/chromium/chromium-105-compiler.patch
2022-09-09 18:25:08.980551757 +0200
+++ /work/SRC/openSUSE:Factory/.chromium.new.2275/chromium-107-compiler.patch
2022-10-28 19:30:52.115033995 +0200
@@ -1,17 +1,17 @@
From 307a0f63dd9b118f4b8470ed3d7567e81fdb7a6d Mon Sep 17 00:00:00 2001
From: Mike Gilbert <flop...@gentoo.org>
-Date: Sat, 13 Aug 2022 13:48:07 +0000
+Date: Mon, 26 Sep 2022 10:19:23 +0000
Subject: [PATCH] Disable various compiler configs
---
- build/config/compiler/BUILD.gn | 106 ++++++---------------------------
- 1 file changed, 17 insertions(+), 89 deletions(-)
+ build/config/compiler/BUILD.gn | 132 +++++----------------------------
+ 1 file changed, 17 insertions(+), 115 deletions(-)
diff --git a/build/config/compiler/BUILD.gn b/build/config/compiler/BUILD.gn
-index b6aaae9..e0f109d 100644
+index a094aa4..6b61fe8 100644
--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
-@@ -283,9 +283,7 @@ config("compiler") {
+@@ -274,9 +274,7 @@ config("compiler") {
configs += [
# See the definitions below.
@@ -21,7 +21,7 @@
":compiler_codegen",
":compiler_deterministic",
]
-@@ -536,31 +534,6 @@ config("compiler") {
+@@ -527,36 +525,6 @@ config("compiler") {
ldflags += [ "-Wl,-z,keep-text-section-prefix" ]
}
@@ -50,10 +50,15 @@
- }
- }
-
- # Rust compiler setup (for either clang or rustc).
- if (enable_rust) {
- defines += [ "RUST_ENABLED" ]
-@@ -1236,45 +1209,6 @@ config("compiler_deterministic") {
+- # Rust compiler setup (for either clang or rustc).
+- if (enable_rust) {
+- defines += [ "RUST_ENABLED" ]
+- }
+-
+ # C11/C++11 compiler flags setup.
+ # ---------------------------
+ if (is_linux || is_chromeos || is_android || (is_nacl && is_clang) ||
+@@ -1245,45 +1213,6 @@ config("compiler_deterministic") {
}
}
@@ -99,7 +104,35 @@
# Tells the compiler not to use absolute paths when passing the default
# paths to the tools it invokes. We don't want this because we don't
# really need it and it can mess up the goma cache entries.
-@@ -1618,7 +1552,7 @@ config("chromium_code") {
+@@ -1302,27 +1231,6 @@ config("compiler_deterministic") {
+ }
+ }
+
+-config("clang_revision") {
+- if (is_clang && clang_base_path == default_clang_base_path) {
+- update_args = [
+- "--print-revision",
+- "--verify-version=$clang_version",
+- ]
+- if (llvm_force_head_revision) {
+- update_args += [ "--llvm-force-head-revision" ]
+- }
+- clang_revision = exec_script("//tools/clang/scripts/update.py",
+- update_args,
+- "trim string")
+-
+- # This is here so that all files get recompiled after a clang roll and
+- # when turning clang on or off. (defines are passed via the command line,
+- # and build system rebuild things when their commandline changes). Nothing
+- # should ever read this define.
+- defines = [ "CR_CLANG_REVISION=\"$clang_revision\"" ]
+- }
+-}
+-
+ config("rustc_revision") {
+ if (enable_rust && defined(rustc_version)) {
+ # Similar to the above config, this is here so that all files get
+@@ -1612,7 +1520,7 @@ config("chromium_code") {
defines = [ "_HAS_NODISCARD" ]
}
} else {
@@ -108,7 +141,7 @@
if (treat_warnings_as_errors) {
cflags += [ "-Werror" ]
-@@ -1627,10 +1561,6 @@ config("chromium_code") {
+@@ -1621,10 +1529,6 @@ config("chromium_code") {
# well.
ldflags = [ "-Werror" ]
}
@@ -119,7 +152,7 @@
# In Chromium code, we define __STDC_foo_MACROS in order to get the
# C99 macros on Mac and Linux.
-@@ -1639,16 +1569,6 @@ config("chromium_code") {
+@@ -1633,16 +1537,6 @@ config("chromium_code") {
"__STDC_FORMAT_MACROS",
]
@@ -136,7 +169,7 @@
if (is_mac) {
cflags_objc = [ "-Wobjc-missing-property-synthesis" ]
cflags_objcc = [ "-Wobjc-missing-property-synthesis" ]
-@@ -2039,7 +1959,8 @@ config("default_stack_frames") {
+@@ -2035,7 +1929,8 @@ config("default_stack_frames") {
}
# Default "optimization on" config.
@@ -146,7 +179,7 @@
if (is_win) {
if (chrome_pgo_phase != 2) {
# Favor size over speed, /O1 must be before the common flags.
-@@ -2077,7 +1998,8 @@ config("optimize") {
+@@ -2080,7 +1975,8 @@ config("optimize") {
}
# Turn off optimizations.
@@ -156,7 +189,7 @@
if (is_win) {
cflags = [
"/Od", # Disable optimization.
-@@ -2117,7 +2039,8 @@ config("no_optimize") {
+@@ -2120,7 +2016,8 @@ config("no_optimize") {
# Turns up the optimization level. On Windows, this implies whole program
# optimization and link-time code generation which is very expensive and
should
# be used sparingly.
@@ -166,7 +199,7 @@
if (is_nacl && is_nacl_irt) {
# The NaCl IRT is a special case and always wants its own config.
# Various components do:
-@@ -2150,7 +2073,8 @@ config("optimize_max") {
+@@ -2153,7 +2050,8 @@ config("optimize_max") {
#
# TODO(crbug.com/621335) - rework how all of these configs are related
# so that we don't need this disclaimer.
@@ -176,7 +209,7 @@
if (is_nacl && is_nacl_irt) {
# The NaCl IRT is a special case and always wants its own config.
# Various components do:
-@@ -2176,7 +2100,8 @@ config("optimize_speed") {
+@@ -2179,7 +2077,8 @@ config("optimize_speed") {
}
}
@@ -186,7 +219,7 @@
cflags = [ "-O1" ] + common_optimize_on_cflags
rustflags = [ "-Copt-level=1" ]
ldflags = common_optimize_on_ldflags
-@@ -2295,7 +2220,8 @@ config("win_pdbaltpath") {
+@@ -2299,7 +2198,8 @@ config("win_pdbaltpath") {
}
# Full symbols.
@@ -196,7 +229,7 @@
if (is_win) {
if (is_clang) {
cflags = [ "/Z7" ] # Debug information in the .obj files.
-@@ -2420,7 +2346,8 @@ config("symbols") {
+@@ -2432,7 +2332,8 @@ config("symbols") {
# Minimal symbols.
# This config guarantees to hold symbol for stack trace which are shown to
user
# when crash happens in unittests running on buildbot.
@@ -206,7 +239,7 @@
if (is_win) {
# Functions, files, and line tables only.
cflags = []
-@@ -2492,7 +2419,8 @@ config("minimal_symbols") {
+@@ -2504,7 +2405,8 @@ config("minimal_symbols") {
# This configuration contains function names only. That is, the compiler is
# told to not generate debug information and the linker then just puts
function
# names in the final debug information.
++++++ chromium-107-system-zlib.patch ++++++
---
a/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.cc
+++
b/third_party/tflite_support/src/tensorflow_lite_support/metadata/cc/utils/zip_readonly_mem_file.cc
@@ -19,7 +19,7 @@ limitations under the License.
#include <cstdio>
#include "absl/strings/string_view.h" // from @com_google_absl
-#include "contrib/minizip/ioapi.h"
+#include "third_party/zlib/contrib/minizip/ioapi.h"
namespace tflite {
namespace metadata {
++++++ chromium-106.0.5249.119.tar.xz -> chromium-107.0.5304.87.tar.xz ++++++
/work/SRC/openSUSE:Factory/chromium/chromium-106.0.5249.119.tar.xz
/work/SRC/openSUSE:Factory/.chromium.new.2275/chromium-107.0.5304.87.tar.xz
differ: char 15, line 1
