Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chromium for openSUSE:Leap:16.0 checked in at 2025-08-05 19:12:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:16.0/chromium (Old) and /work/SRC/openSUSE:Leap:16.0/.chromium.new.1085 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Tue Aug 5 19:12:22 2025 rev:9 rq:1297585 version:138.0.7204.183 Changes: -------- --- /work/SRC/openSUSE:Leap:16.0/chromium/chromium.changes 2025-07-24 22:04:51.726567311 +0200 +++ /work/SRC/openSUSE:Leap:16.0/.chromium.new.1085/chromium.changes 2025-08-05 19:12:40.737924182 +0200 @@ -1,0 +2,27 @@ +Wed Jul 30 10:26:40 CEST 2025 - r...@suse.de + +- Chromium 138.0.7204.183 (boo#1247365): + * CVE-2025-8292: Use after free in Media Stream +- try to switch to smaller linux tarball from + https://github.com/chromium-linux-tarballs) +- disable chromium-91-java-only-allowed-in-android-builds.patch + (not part of reduced tarball) + +------------------------------------------------------------------- +Tue Jul 29 10:44:14 CEST 2025 - r...@suse.de + +- set official_build to true (like other distributions) + "official builds have less debugging and go faster..." +- added patches: + chromium-139-deterministic.patch + (undefine __DATE__,__TIME__ like without official-build set + to keep the build reproducible) + +------------------------------------------------------------------- +Thu Jul 24 18:23:20 CEST 2025 - r...@suse.de + +- modified patches: + ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch + (update context to apply) + +------------------------------------------------------------------- Old: ---- chromium-138.0.7204.168.tar.xz chromium-91-java-only-allowed-in-android-builds.patch New: ---- chromium-138.0.7204.183-linux.tar.xz chromium-139-deterministic.patch ----------(Old B)---------- Old: https://github.com/chromium-linux-tarballs) - disable chromium-91-java-only-allowed-in-android-builds.patch (not part of reduced tarball) ----------(Old E)---------- ----------(New B)---------- New:- added patches: chromium-139-deterministic.patch (undefine __DATE__,__TIME__ like without official-build set ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.eQr5gX/_old 2025-08-05 19:13:01.142773626 +0200 +++ /var/tmp/diff_new_pack.eQr5gX/_new 2025-08-05 19:13:01.146773793 +0200 @@ -109,13 +109,17 @@ %define chromedriver_name chromedriver %define n_suffix %{nil} %endif +# official builds have less debugging and go faster... but we have to shut some things off. +%global official_build 1 + Name: chromium%{n_suffix} -Version: 138.0.7204.168 +Version: 138.0.7204.183 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later URL: https://www.chromium.org/ -Source0: https://commondatastorage.googleapis.com/chromium-browser-official/%{rname}-%{version}.tar.xz +#Source0: https://commondatastorage.googleapis.com/chromium-browser-official/%{rname}-%{version}.tar.xz +Source0: https://github.com/chromium-linux-tarballs/chromium-tarballs/releases/download/%{version}/chromium-%{version}-linux.tar.xz # https://github.com/evanw/esbuild/archive/refs/tags/v%%{esbuild_version}.tar.gz Source1: esbuild-%{esbuild_version}.tar.gz Source2: esbuild-%{esbuild_version}-vendor.tar.gz @@ -141,7 +145,6 @@ Patch9: system-libdrm.patch # gentoo/fedora/arch patchset Patch15: chromium-125-compiler.patch -Patch40: chromium-91-java-only-allowed-in-android-builds.patch Patch62: chromium-93-ffmpeg-4.4.patch Patch98: chromium-102-regex_pattern-array.patch # PATCH-FIX-SUSE: allow prop codecs to be set with chromium branding @@ -160,6 +163,7 @@ Patch373: chromium-134-type-mismatch-error.patch Patch375: chromium-131-fix-qt-ui.pach Patch376: chromium-135-add_map_droppable.patch +Patch377: chromium-139-deterministic.patch # conditionally applied patches ppc64le only Patch401: ppc-fedora-add-ppc64-architecture-string.patch Patch402: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch @@ -1035,6 +1039,10 @@ myconf_gn+=" host_cpu=\"ppc64\"" %endif myconf_gn+=" host_os=\"linux\"" +%if %{official_build} +myconf_gn+=" is_official_build=true" +sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/generate_shim_headers.py +%endif myconf_gn+=" is_debug=false" myconf_gn+=" dcheck_always_on=false" myconf_gn+=" enable_nacl=false" ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.eQr5gX/_old 2025-08-05 19:13:01.326781287 +0200 +++ /var/tmp/diff_new_pack.eQr5gX/_new 2025-08-05 19:13:01.330781453 +0200 @@ -1,6 +1,6 @@ -mtime: 1753220456 -commit: ca391dc4de290b76effae9644e310efcd997bdc04e0f280717276b2e4e83fcbc +mtime: 1753898805 +commit: 6c1e4cb71aa5d1ebc9fc1051ff7806e603a8c4843bf414c53a69ce95e5fb2699 url: https://src.opensuse.org/chromium/chromium.git -revision: ca391dc4de290b76effae9644e310efcd997bdc04e0f280717276b2e4e83fcbc +revision: 6c1e4cb71aa5d1ebc9fc1051ff7806e603a8c4843bf414c53a69ce95e5fb2699 projectscmsync: https://src.opensuse.org/chromium/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ chromium-139-deterministic.patch ++++++ --- chromium-139.0.7258.5/build/config/compiler/BUILD.gn 2025/07/29 08:34:15 1.1 +++ chromium-139.0.7258.5/build/config/compiler/BUILD.gn 2025/07/29 08:35:44 @@ -1613,7 +1613,7 @@ # Eliminate build metadata (__DATE__, __TIME__ and __TIMESTAMP__) for # deterministic build. See https://crbug.com/314403 - if (!is_official_build) { + if (true) { if (is_win && !is_clang) { cflags += [ "/wd4117", # Trying to define or undefine a predefined macro. ++++++ ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ++++++ --- /var/tmp/diff_new_pack.eQr5gX/_old 2025-08-05 19:13:01.650794775 +0200 +++ /var/tmp/diff_new_pack.eQr5gX/_new 2025-08-05 19:13:01.670795608 +0200 @@ -376,7 +376,7 @@ case __NR__llseek: #endif #if !defined(__aarch64__) -@@ -604,26 +619,28 @@ bool SyscallSets::IsAllowedGeneralIo(int +@@ -619,18 +619,19 @@ case __NR_readv: case __NR_pread64: #if defined(__arm__) || \ @@ -399,15 +399,19 @@ +#if defined(__i386__) || defined(__arm__) || defined(__mips__) || defined(__powerpc64__) case __NR__newselect: #endif + case __NR_write: +@@ -650,11 +651,12 @@ + case __NR_vmsplice: + // send* syscalls need their flags filtered. #if defined(__arm__) || \ - (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) + (defined(ARCH_CPU_MIPS_FAMILY) && defined(ARCH_CPU_32_BITS)) || \ + defined(__powerpc64__) case __NR_send: #endif - #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ -- defined(__aarch64__) -+ defined(__aarch64__) || defined(__powerpc64__) + #if defined(__i386__) || defined(__x86_64__) || defined(__arm__) || \ +- defined(__mips__) || defined(__aarch64__) ++ defined(__mips__) || defined(__aarch64__) || defined(__powerpc64__) case __NR_sendmsg: // Could specify destination. case __NR_sendto: // Could specify destination. #endif
