Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2017-02-02 15:42:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2016-12-22 15:57:58.646238242 +0100 +++ /work/SRC/openSUSE:Factory/.chromium.new/chromium.changes 2017-02-03 17:34:26.684355254 +0100 @@ -1,0 +2,43 @@ +Wed Feb 1 09:48:35 UTC 2017 - qvoheagbfovvhubzd...@posteo.net + +- Changed the build requirement of libavformat to library version + 57.41.100, as included in ffmpeg 3.1.1, as only this version + properly supports the public AVStream API 'codecpar'. + +------------------------------------------------------------------- +Tue Jan 31 14:08:26 UTC 2017 - tchva...@suse.com + +- Version update to 56.0.2924.76: + - CVE-2017-5007: Universal XSS in Blink + - CVE-2017-5006: Universal XSS in Blink + - CVE-2017-5008: Universal XSS in Blink + - CVE-2017-5010: Universal XSS in Blink + - CVE-2017-5011: Unauthorised file access in Devtools + - CVE-2017-5009: Out of bounds memory access in WebRTC + - CVE-2017-5012: Heap overflow in V8 + - CVE-2017-5013: Address spoofing in Omnibox + - CVE-2017-5014: Heap overflow in Skia + - CVE-2017-5015: Address spoofing in Omnibox + - CVE-2017-5019: Use after free in Renderer + - CVE-2017-5016: UI spoofing in Blink + - CVE-2017-5017: Uninitialised memory access in webm video + - CVE-2017-5018: Universal XSS in chrome://apps + - CVE-2017-5020: Universal XSS in chrome://downloads + - CVE-2017-5021: Use after free in Extensions + - CVE-2017-5022: Bypass of Content Security Policy in Blink + - CVE-2017-5023: Type confusion in metrics + - CVE-2017-5024: Heap overflow in FFmpeg + - CVE-2017-5025: Heap overflow in FFmpeg + - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing +- Add conditional to switch between system and bundled icu +- Raise dependency on harfbuzz to 1.3.1 +- Also refresh patches: + chromium-prop-codecs.patch chromium-linker-memory.patch + +------------------------------------------------------------------- +Sat Jan 28 11:31:18 UTC 2017 - qvoheagbfovvhubzd...@posteo.net + +- Added patch chromium-enable-vaapi-on-suse.patch to enable + VAAPI hardware accelerated video decoding. + +------------------------------------------------------------------- Old: ---- chromium-55.0.2883.87.tar.xz New: ---- BUILD.gn chromium-56.0.2924.76.tar.xz chromium-enable-vaapi-on-suse.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.vXl538/_old 2017-02-03 17:34:36.594952538 +0100 +++ /var/tmp/diff_new_pack.vXl538/_new 2017-02-03 17:34:36.598951971 +0100 @@ -1,7 +1,7 @@ # # spec file for package chromium # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -46,13 +46,15 @@ %endif %bcond_with clang Name: chromium -Version: 55.0.2883.87 +Version: 56.0.2924.76 Release: 0 -Summary: Google's open source browser project +Summary: Google's opens source browser project License: BSD-3-Clause and LGPL-2.1+ Group: Productivity/Networking/Web/Browsers Url: http://code.google.com/p/chromium/ Source0: http://commondatastorage.googleapis.com/chromium-browser-official/%{rname}-%{version}.tar.xz +# Toolchain definitions +Source1: BUILD.gn Source30: master_preferences Source100: chromium-browser.sh Source101: chromium-browser.desktop @@ -92,6 +94,9 @@ Patch201: fix-gn-bootstrap.diff # PATCH-FIX-SUSE: allow proprietary codecs to be set with chromium branding Patch202: chromium-prop-codecs.patch +# PATCH-FEATURE-OPENSUSE: chromium-56-enable-vaapi-on-suse.patch - Enable VAAPI hardware accelerated video decoding. +# See https://github.com/saiarcot895/chromium-ubuntu-build/blob/master/debian/patches/enable_vaapi_on_linux.diff +Patch300: chromium-enable-vaapi-on-suse.patch BuildRequires: SDL-devel BuildRequires: binutils-gold BuildRequires: bison @@ -109,6 +114,7 @@ BuildRequires: libgsm-devel BuildRequires: libjpeg-devel BuildRequires: libpng-devel +BuildRequires: libva-devel BuildRequires: ncurses-devel BuildRequires: ninja BuildRequires: pam-devel @@ -134,7 +140,7 @@ BuildRequires: pkgconfig(gnome-keyring-1) BuildRequires: pkgconfig(gtk+-2.0) BuildRequires: pkgconfig(gtk+-3.0) -BuildRequires: pkgconfig(harfbuzz) >= 1.3.0 +BuildRequires: pkgconfig(harfbuzz) >= 1.3.1 BuildRequires: pkgconfig(hunspell) BuildRequires: pkgconfig(imlib2) BuildRequires: pkgconfig(jack) @@ -182,7 +188,6 @@ BuildRequires: pkgconfig(xtst) BuildRequires: pkgconfig(zlib) Requires: hicolor-icon-theme -Requires: libharfbuzz0 >= 1.3.0 Requires: xdg-utils Requires(pre): permissions Conflicts: otherproviders(chromium-browser) @@ -223,7 +228,7 @@ %if %{with system_ffmpeg} BuildRequires: pkgconfig(libavcodec) BuildRequires: pkgconfig(libavfilter) -BuildRequires: pkgconfig(libavformat) +BuildRequires: pkgconfig(libavformat) >= 57.41.100 BuildRequires: pkgconfig(libavutil) Conflicts: otherproviders(ffmpegsumo) Obsoletes: chromium-ffmpeg @@ -237,8 +242,15 @@ %if %{with clang} BuildRequires: clang >= 3.9.0 %else +%if %{?suse_version} >= 1330 +BuildRequires: gcc >= 5.0 +BuildRequires: gcc-c++ >= 5.0 +%else BuildRequires: gcc BuildRequires: gcc-c++ +BuildRequires: gcc5 +BuildRequires: gcc5-c++ +%endif %endif #Requirements to build a fully functional ffmpeg # This can only be done on packman OBS @@ -317,6 +329,13 @@ %patch100 %patch101 +# VAAPI patch +%patch300 -p1 + +# Copy the toolchain settings +mkdir toolchain +cp %{SOURCE1} toolchain/BUILD.gn + # Remove bundled libs keeplibs=( base/third_party/dmg_fp @@ -367,7 +386,7 @@ third_party/google_input_tools/third_party/closure_library/third_party/closure third_party/hunspell third_party/iccjpeg - third_party/icu + third_party/inspector_protocol third_party/jstemplate third_party/khronos third_party/leveldatabase @@ -421,6 +440,8 @@ third_party/zlib/google url/third_party/mozilla v8/src/third_party/valgrind + v8/third_party/inspector_protocol + third_party/libva ) %if %{with sle_bundles} keeplibs+=( @@ -437,6 +458,9 @@ %if !%{with system_minizip} keeplibs+=( third_party/zlib ) %endif +%if !%{with system_icu} +keeplibs+=( third_party/icu ) +%endif %if !%{with system_vpx} keeplibs+=( third_party/libvpx @@ -458,6 +482,21 @@ build/linux/unbundle/remove_bundled_libraries.py "${keeplibs[@]}" --do-remove %build +# this is as we do our own toolchain that we want to override for older distros +export CC=gcc +export CXX=g++ +%if 0%{?suse_version} < 1330 +export CC=gcc-5 +export CXX=g++-5 +%endif +%if %{with clang} +export CC=clang +export CXX=clang++ +%endif +# REDUCE DEBUG as it gets TOO large +ARCH_FLAGS="`echo %{optflags} | sed -e 's/^-g / /g' -e 's/ -g / /g' -e 's/ -g$//g'`" +export CFLAGS="${ARCH_FLAGS}" +export CXXFLAGS="${ARCH_FLAGS}" # do not eat all memory ninjaproc="%{?jobs:%{jobs}}" echo "Available memory:" @@ -504,6 +543,7 @@ # Create the configuration for GN # Available options: out/Release/gn args --list out/Release/ myconf_gn="" +myconf_gn+=" custom_toolchain=\"./toolchain:default\"" myconf_gn+=" linux_use_bundled_binutils=false" myconf_gn+=" is_debug=false" myconf_gn+=" enable_nacl=false" @@ -512,7 +552,6 @@ myconf_gn+=" use_gconf=true" myconf_gn+=" use_gtk3=true" myconf_gn+=" use_aura=true" -myconf_gn+=" enable_clipboard_aurax11=true" myconf_gn+=" symbol_level=1" myconf_gn+=" remove_webcore_debug_symbols=true" myconf_gn+=" use_kerberos=true" @@ -567,13 +606,6 @@ touch chrome/test/data/webui/i18n_process_css_test.html fi -%if %{with clang} -export CC=clang -export CXX=clang++ -%endif -export CFLAGS="%{optflags}" -export CXXFLAGS="%{optflags}" - tools/gn/bootstrap/bootstrap.py -v --gn-gen-args "${myconf_gn}" # GN does not support passing cflags: # https://bugs.chromium.org/p/chromium/issues/detail?id=642016 ++++++ BUILD.gn ++++++ import("//build/toolchain/gcc_toolchain.gni") gcc_toolchain("default") { cc = getenv("CC") cxx = getenv("CXX") ar = "ar" nm = "nm" ld = cxx extra_cflags = getenv("CFLAGS") extra_cppflags = getenv("CPPFLAGS") extra_cxxflags = getenv("CXXFLAGS") extra_ldflags = getenv("LDFLAGS") toolchain_args = { current_cpu = current_cpu current_os = current_os } } ++++++ chromium-55.0.2883.87.tar.xz -> chromium-56.0.2924.76.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-55.0.2883.87.tar.xz /work/SRC/openSUSE:Factory/.chromium.new/chromium-56.0.2924.76.tar.xz differ: char 26, line 1 ++++++ chromium-browser.sh ++++++ --- /var/tmp/diff_new_pack.vXl538/_old 2017-02-03 17:34:36.730933291 +0100 +++ /var/tmp/diff_new_pack.vXl538/_new 2017-02-03 17:34:36.730933291 +0100 @@ -88,6 +88,6 @@ $GDB "$LIBDIR/$APPNAME" -x $tmpfile exit $? else - exec $LIBDIR/$APPNAME $SANDBOX ${CHROMIUM_FLAGS} ${PEPPERFLASH} "--password-store=detect" "--enable-threaded-compositing" "--ui-disable-partial-swap" "$@" + exec $LIBDIR/$APPNAME ${PEPPERFLASH} "--password-store=detect" "--enable-threaded-compositing" "--ui-disable-partial-swap" ${CHROMIUM_FLAGS} "$@" fi ++++++ chromium-enable-vaapi-on-suse.patch ++++++ ++++ 645 lines (skipped) ++++++ chromium-linker-memory.patch ++++++ --- /var/tmp/diff_new_pack.vXl538/_old 2017-02-03 17:34:36.770927631 +0100 +++ /var/tmp/diff_new_pack.vXl538/_new 2017-02-03 17:34:36.770927631 +0100 @@ -1,8 +1,8 @@ -Index: chromium-55.0.2859.0/build/config/compiler/BUILD.gn +Index: chromium-56.0.2897.0/build/config/compiler/BUILD.gn =================================================================== ---- chromium-55.0.2859.0.orig/build/config/compiler/BUILD.gn -+++ chromium-55.0.2859.0/build/config/compiler/BUILD.gn -@@ -318,7 +318,7 @@ config("compiler") { +--- chromium-56.0.2897.0.orig/build/config/compiler/BUILD.gn ++++ chromium-56.0.2897.0/build/config/compiler/BUILD.gn +@@ -346,7 +346,7 @@ config("compiler") { # Only apply this to the target linker, since the host # linker might not be gold, but isn't used much anyway. "-Wl,--threads", @@ -11,8 +11,8 @@ ] } } -@@ -345,22 +345,6 @@ config("compiler") { - ldflags += [ "--gcc-toolchain=$_rebased_android_toolchain_root" ] +@@ -367,22 +367,6 @@ config("compiler") { + ldflags += [ "-fuse-ld=bfd" ] } - if (is_posix && (use_gold || (use_lld && !is_nacl)) && !using_sanitizer && @@ -34,7 +34,7 @@ if (linux_use_bundled_binutils) { cflags += [ "-B$binutils_path" ] } -@@ -1291,11 +1275,6 @@ if (is_win) { +@@ -1290,11 +1274,6 @@ if (is_win) { # Don't emit the GCC version ident directives, they just end up in the # .comment section taking up binary size. "-fno-ident", ++++++ chromium-prop-codecs.patch ++++++ --- /var/tmp/diff_new_pack.vXl538/_old 2017-02-03 17:34:36.786925366 +0100 +++ /var/tmp/diff_new_pack.vXl538/_new 2017-02-03 17:34:36.786925366 +0100 @@ -1,7 +1,9 @@ reverted: ---- b/media/BUILD.gn -+++ a/media/BUILD.gn -@@ -23,12 +22,6 @@ +Index: chromium-56.0.2914.3/media/BUILD.gn +=================================================================== +--- chromium-56.0.2914.3.orig/media/BUILD.gn ++++ chromium-56.0.2914.3/media/BUILD.gn +@@ -25,12 +24,6 @@ buildflag_header("media_features") { ] }
