Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package chromium for openSUSE:Leap:16.0 checked in at 2025-08-07 09:07:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:16.0/chromium (Old) and /work/SRC/openSUSE:Leap:16.0/.chromium.new.1085 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Thu Aug 7 09:07:24 2025 rev:10 rq:1297929 version:139.0.7258.66 Changes: -------- --- /work/SRC/openSUSE:Leap:16.0/chromium/chromium.changes 2025-08-05 19:12:40.737924182 +0200 +++ /work/SRC/openSUSE:Leap:16.0/.chromium.new.1085/chromium.changes 2025-08-07 09:07:48.382388040 +0200 @@ -1,0 +2,55 @@ +Wed Aug 6 12:47:40 CEST 2025 - r...@suse.de + +- add patch: + chromium-139-pdfium-openjpeg-CVE-2025-54874.patch + (CVE-2025-54874 bsc#1247661) fix missing error check in openjpeg + +------------------------------------------------------------------- +Wed Aug 6 12:28:51 CEST 2025 - r...@suse.de + +- re-add updated patch: + ppc-fedora-0002-regenerate-xnn-buildgn.patch + from https://src.fedoraproject.org/rpms/chromium/blob/ + rawhide/f/0002-regenerate-xnn-buildgn.patch + +------------------------------------------------------------------- +Tue Aug 5 19:55:25 UTC 2025 - Andreas Stieger <andreas.stie...@gmx.de> + +- Chromium 139.0.7258.66 (boo#1247664): + * CVE-2025-8576: Use after free in Extensions + * CVE-2025-8577: Inappropriate implementation in Picture In Picture + * CVE-2025-8578: Use after free in Cast + * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome + * CVE-2025-8580: Inappropriate implementation in Filesystems + * CVE-2025-8581: Inappropriate implementation in Extensions + * CVE-2025-8582: Insufficient validation of untrusted input in DOM + * CVE-2025-8583: Inappropriate implementation in Permissions + - modified patches: + gcc-enable-lto.patch + ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch + ppc-fedora-skia-vsx-instructions.patch + ppc-fedora-fix-partition-alloc-compile.patch + ppc-fedora-0001-add-xnn-ppc64el-support.patch + - dropped patches: + chromium-warning-suppression-mappings.patch (using cmdline switch) + chromium-93-ffmpeg-4.4.patch + - dropped the ffmpeg revert patches that were only applied for 15: + chromium-125-ffmpeg-5.x-reordered_opaque.patch + Cr122-ffmpeg-new-channel-layout.patch + ffmpeg-new-channel-layout.patch + chromium-106-ffmpeg-duration.patch + chromium-93-ffmpeg-4.4-rest.patch + chromium-138-revert_ffmpeg_FF_AV.patch + - added patches: + ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch + - keeplibs: + removed chrome/third_party/mozilla_security_manager + removed third_party/mesa + added third_party/ml_dtypes (needed in tflite/xla) + added third_party/readability (needed in tools/grit/grit) + added third_party/ffmpeg (gave up on reverting all recent + commits in the code using ffmpeg, need at least ffmpeg-7) +- remove disabled ppc-fedora-0002-regenerate-xnn-buildgn.patch + to please factory-auto + +------------------------------------------------------------------- Old: ---- Cr122-ffmpeg-new-channel-layout.patch chromium-106-ffmpeg-duration.patch chromium-125-ffmpeg-5.x-reordered_opaque.patch chromium-138-revert_ffmpeg_FF_AV.patch chromium-138.0.7204.183-linux.tar.xz chromium-93-ffmpeg-4.4-rest.patch chromium-93-ffmpeg-4.4.patch chromium-warning-suppression-mappings.patch ffmpeg-new-channel-layout.patch New: ---- chromium-139-pdfium-openjpeg-CVE-2025-54874.patch chromium-139.0.7258.66-linux.tar.xz ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch ----------(Old B)---------- Old: chromium-125-ffmpeg-5.x-reordered_opaque.patch Cr122-ffmpeg-new-channel-layout.patch ffmpeg-new-channel-layout.patch Old: ffmpeg-new-channel-layout.patch chromium-106-ffmpeg-duration.patch chromium-93-ffmpeg-4.4-rest.patch Old: - dropped the ffmpeg revert patches that were only applied for 15: chromium-125-ffmpeg-5.x-reordered_opaque.patch Cr122-ffmpeg-new-channel-layout.patch Old: chromium-93-ffmpeg-4.4-rest.patch chromium-138-revert_ffmpeg_FF_AV.patch - added patches: Old: chromium-106-ffmpeg-duration.patch chromium-93-ffmpeg-4.4-rest.patch chromium-138-revert_ffmpeg_FF_AV.patch Old: chromium-warning-suppression-mappings.patch (using cmdline switch) chromium-93-ffmpeg-4.4.patch - dropped the ffmpeg revert patches that were only applied for 15: Old: - dropped patches: chromium-warning-suppression-mappings.patch (using cmdline switch) chromium-93-ffmpeg-4.4.patch Old: chromium-125-ffmpeg-5.x-reordered_opaque.patch Cr122-ffmpeg-new-channel-layout.patch ffmpeg-new-channel-layout.patch ----------(Old E)---------- ----------(New B)---------- New:- add patch: chromium-139-pdfium-openjpeg-CVE-2025-54874.patch (CVE-2025-54874 bsc#1247661) fix missing error check in openjpeg New: - added patches: ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch - keeplibs: ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:52.322552348 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:52.326552515 +0200 @@ -49,17 +49,16 @@ # needs //third_party/icu:icuuc_public(//build/toolchain/linux/unbundle:default) %bcond_with system_icu %bcond_without qt6 -%bcond_without ffmpeg_51 -%define ffmpeg_version 59 +%bcond_without system_ffmpeg %else %bcond_with system_harfbuzz %bcond_with system_freetype %bcond_with arm_bti %bcond_with system_icu %bcond_without qt6 -%bcond_with ffmpeg_51 -%define ffmpeg_version 58 +%bcond_with system_ffmpeg %endif +%define ffmpeg_version 59 %bcond_with system_zstd %define node_ver 22 %define node_ver_next 23 @@ -88,7 +87,6 @@ # Chromium built with GCC 11 and LTO enabled crashes (boo#1194055) %bcond_without lto %bcond_without pipewire -%bcond_without system_ffmpeg %bcond_with system_zlib %bcond_with system_vpx %if %{pkg_vcmp libxml2-devel >= 2.12} @@ -113,12 +111,11 @@ %global official_build 1 Name: chromium%{n_suffix} -Version: 138.0.7204.183 +Version: 139.0.7258.66 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later URL: https://www.chromium.org/ -#Source0: https://commondatastorage.googleapis.com/chromium-browser-official/%{rname}-%{version}.tar.xz Source0: https://github.com/chromium-linux-tarballs/chromium-tarballs/releases/download/%{version}/chromium-%{version}-linux.tar.xz # https://github.com/evanw/esbuild/archive/refs/tags/v%%{esbuild_version}.tar.gz Source1: esbuild-%{esbuild_version}.tar.gz @@ -145,7 +142,6 @@ Patch9: system-libdrm.patch # gentoo/fedora/arch patchset Patch15: chromium-125-compiler.patch -Patch62: chromium-93-ffmpeg-4.4.patch Patch98: chromium-102-regex_pattern-array.patch # PATCH-FIX-SUSE: allow prop codecs to be set with chromium branding Patch202: chromium-prop-codecs.patch @@ -164,6 +160,7 @@ Patch375: chromium-131-fix-qt-ui.pach Patch376: chromium-135-add_map_droppable.patch Patch377: chromium-139-deterministic.patch +Patch378: chromium-139-pdfium-openjpeg-CVE-2025-54874.patch # conditionally applied patches ppc64le only Patch401: ppc-fedora-add-ppc64-architecture-string.patch Patch402: ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch @@ -223,23 +220,16 @@ Patch456: ppc-fedora-fix-ppc64-rust_png-build-error.patch Patch457: ppc-chromium-136-clang-config.patch Patch458: ppc-fedora-0001-add-xnn-ppc64el-support.patch +# https://src.fedoraproject.org/rpms/chromium/blob/rawhide/f/0002-regenerate-xnn-buildgn.patch Patch459: ppc-fedora-0002-regenerate-xnn-buildgn.patch +Patch460: ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch # conditionally applied patches -# patch where ffmpeg < 5 -Patch1002: chromium-125-ffmpeg-5.x-reordered_opaque.patch -Patch1003: Cr122-ffmpeg-new-channel-layout.patch -Patch1004: ffmpeg-new-channel-layout.patch -Patch1005: chromium-106-ffmpeg-duration.patch -Patch1006: chromium-93-ffmpeg-4.4-rest.patch -Patch1007: chromium-138-revert_ffmpeg_FF_AV.patch # patch where libxml < 2.12 Patch1010: chromium-124-system-libxml.patch # patch where rust <= 1.85 Patch1030: chromium-134-revert-rust-adler2.patch # gtk4 is too old Patch1040: gtk-414.patch -# clang is too old -Patch1050: chromium-warning-suppression-mappings.patch # end conditionally applied patches BuildRequires: SDL-devel BuildRequires: bison @@ -502,16 +492,6 @@ %autopatch -p1 -m 400 -M 499 %endif -%if %{without ffmpeg_51} -# ffmpeg is too old -%patch -p1 -R -P 1002 -%patch -p1 -R -P 1003 -%patch -p1 -R -P 1004 -%patch -p1 -P 1005 -%patch -p1 -P 1006 -%patch -p1 -P 1007 -%endif - %if %{without libxml2_2_12} %patch -p1 -P 1010 %endif @@ -524,14 +504,6 @@ %patch -p1 -R -P 1040 %endif -clang_version="$(clang --version | sed -n 's/clang version //p')" -if [[ $(echo ${clang_version} | cut -d. -f1) -ge 16 ]]; then - clang_version="$(echo ${clang_version} | cut -d. -f1)" -fi -if [ "$clang_version" -lt 20 ] ; then -%patch -p1 -R -P 1050 -fi - %build # esbuild rm third_party/devtools-frontend/src/third_party/esbuild/esbuild @@ -593,7 +565,6 @@ buildtools/third_party/libc++ buildtools/third_party/libc++abi buildtools/third_party/libunwind - chrome/third_party/mozilla_security_manager net/third_party/mozilla_security_manager net/third_party/nss net/third_party/quic @@ -725,9 +696,9 @@ third_party/mako third_party/markupsafe third_party/material_color_utilities - third_party/mesa third_party/metrics_proto third_party/minigbm + third_party/ml_dtypes third_party/modp_b64 third_party/nasm third_party/nearby @@ -759,6 +730,7 @@ third_party/pyjson5 third_party/pyyaml third_party/rapidhash + third_party/readability third_party/rnnoise third_party/rust third_party/ruy @@ -1137,6 +1109,10 @@ google_api_key="AIzaSyD1hTe85_a14kr1Ks8T3Ce75rvbR1_Dx7Q" myconf_gn+=" google_api_key=\"${google_api_key}\"" +if [ "$clang_version" -lt 20 ] ; then +myconf_gn+=" clang_warning_suppression_file=\"\"" +fi + # GN does not support passing cflags: # https://bugs.chromium.org/p/chromium/issues/detail?id=642016 gn gen --args="${myconf_gn}" %{outputdir} ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:52.518560521 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:52.522560688 +0200 @@ -1,6 +1,6 @@ -mtime: 1753898805 -commit: 6c1e4cb71aa5d1ebc9fc1051ff7806e603a8c4843bf414c53a69ce95e5fb2699 +mtime: 1754477433 +commit: afa2535e4be46bd5c4824de3f8c9b4906fba1b8b7d9631bc468c6454883d92fe url: https://src.opensuse.org/chromium/chromium.git -revision: 6c1e4cb71aa5d1ebc9fc1051ff7806e603a8c4843bf414c53a69ce95e5fb2699 +revision: afa2535e4be46bd5c4824de3f8c9b4906fba1b8b7d9631bc468c6454883d92fe projectscmsync: https://src.opensuse.org/chromium/_ObsPrj.git ++++++ build.specials.obscpio ++++++ ++++++ chromium-139-pdfium-openjpeg-CVE-2025-54874.patch ++++++ --- chromium-139.0.7258.66/third_party/pdfium/third_party/libopenjpeg/jp2.c 2025/08/06 10:46:12 1.1 +++ chromium-139.0.7258.66/third_party/pdfium/third_party/libopenjpeg/jp2.c 2025/08/06 10:46:36 @@ -2899,7 +2899,7 @@ p_image, p_manager); - if (p_image && *p_image) { + if (ret && p_image && *p_image) { /* Set Image Color Space */ if (jp2->enumcs == 16) { (*p_image)->color_space = OPJ_CLRSPC_SRGB; ++++++ chromium-138.0.7204.183-linux.tar.xz -> chromium-139.0.7258.66-linux.tar.xz ++++++ /work/SRC/openSUSE:Leap:16.0/chromium/chromium-138.0.7204.183-linux.tar.xz /work/SRC/openSUSE:Leap:16.0/.chromium.new.1085/chromium-139.0.7258.66-linux.tar.xz differ: char 15, line 1 ++++++ gcc-enable-lto.patch ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:52.766570863 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:52.770571030 +0200 @@ -65,7 +65,7 @@ + configs -= [ "//build/config/compiler:gcc_lto" ] + } + - if (!is_nacl) { - sources += [ - "containers/span_rust_unittest.cc", + sources += [ + "containers/span_rust_unittest.cc", + "strings/string_piece_rust_unittest.cc", ++++++ ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch ++++++ ++++ 10639 lines (skipped) ++++++ ppc-fedora-0001-add-xnn-ppc64el-support.patch ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:52.830573533 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:52.830573533 +0200 @@ -1,17 +1,15 @@ --- a/third_party/xnnpack/generate_build_gn.py +++ b/third_party/xnnpack/generate_build_gn.py -@@ -236,7 +236,10 @@ - _Platform(gn_cpu='x64', bazel_cpu='k8', bazel_platform='//:linux_x64'), +@@ -219,6 +219,9 @@ _Platform(gn_cpu='arm64', bazel_cpu='aarch64', -- bazel_platform='//:linux_aarch64') -+ bazel_platform='//:linux_aarch64'), + bazel_platform='//:linux_aarch64'), + _Platform(gn_cpu='ppc64', + bazel_cpu='ppc64le', -+ bazel_platform='//:linux_ppc64le') - ] - - ++ bazel_platform='//:linux_ppc64le'), + _Platform(gn_cpu='riscv64', + bazel_cpu='riscv64', + bazel_platform='//:linux_riscv64') --- a/third_party/xnnpack/bazelroot/BUILD +++ b/third_party/xnnpack/bazelroot/BUILD @@ -21,6 +21,14 @@ ++++++ ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:52.854574534 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:52.858574700 +0200 @@ -26,24 +26,15 @@ SyscallSets::IsSocketCall(sysno) || #endif #if defined(__arm__) -@@ -255,7 +256,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de - } +@@ -259,7 +259,7 @@ + // TODO(crbug.com/40528912): should i386 really be in this list? #if defined(__i386__) || defined(__x86_64__) || defined(__mips__) || \ - defined(__aarch64__) + defined(__aarch64__) || defined(__powerpc64__) if (sysno == __NR_mmap) return RestrictMmapFlags(); #endif -@@ -276,7 +277,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de - return RestrictPrctl(); - - #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \ -- defined(__aarch64__) -+ defined(__aarch64__) || defined(__powerpc64__) - if (sysno == __NR_socketpair) { - // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen. - static_assert(AF_UNIX == PF_UNIX, @@ -340,7 +341,8 @@ ResultExpr EvaluateSyscallImpl(int fs_de } ++++++ ppc-fedora-0002-regenerate-xnn-buildgn.patch ++++++ ++++ 140943 lines (skipped) ++++ between /work/SRC/openSUSE:Leap:16.0/chromium/ppc-fedora-0002-regenerate-xnn-buildgn.patch ++++ and /work/SRC/openSUSE:Leap:16.0/.chromium.new.1085/ppc-fedora-0002-regenerate-xnn-buildgn.patch ++++++ ppc-fedora-fix-partition-alloc-compile.patch ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:53.690609396 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:53.694609563 +0200 @@ -1,16 +1,11 @@ -kIndex: chromium-114.0.5735.45/base/allocator/partition_allocator/partition_alloc.gni -=================================================================== -Index: chromium-128.0.6613.113/base/allocator/partition_allocator/partition_alloc.gni -=================================================================== ---- chromium-128.0.6613.113.orig/base/allocator/partition_allocator/partition_alloc.gni -+++ chromium-128.0.6613.113/base/allocator/partition_allocator/partition_alloc.gni -@@ -70,7 +70,8 @@ - has_64_bit_pointers = false - } else if (current_cpu == "x64" || current_cpu == "arm64" || - current_cpu == "arm64e" || current_cpu == "loong64" || -- current_cpu == "riscv64") { -+ current_cpu == "riscv64" || current_cpu == "ppc64") { -+ +--- chromium-139.0.7258.5/base/allocator/partition_allocator/partition_alloc.gni 2025/06/30 09:01:19 1.1 ++++ chromium-139.0.7258.5/base/allocator/partition_allocator/partition_alloc.gni 2025/06/30 09:01:57 +@@ -66,7 +66,7 @@ + # Whether 64-bit pointers are used. + # A static_assert in partition_alloc_config.h verifies that. + if (current_cpu == "x64" || current_cpu == "arm64" || current_cpu == "arm64e" || +- current_cpu == "loong64" || current_cpu == "riscv64") { ++ current_cpu == "loong64" || current_cpu == "riscv64" || current_cpu == "ppc64") { assert(current_cpu != "arm64e" || (is_ios && target_environment == "device")) has_64_bit_pointers = true } else if (current_cpu == "x86" || current_cpu == "arm" || ++++++ ppc-fedora-skia-vsx-instructions.patch ++++++ --- /var/tmp/diff_new_pack.B56fCa/_old 2025-08-07 09:07:53.734611231 +0200 +++ /var/tmp/diff_new_pack.B56fCa/_new 2025-08-07 09:07:53.738611398 +0200 @@ -23,18 +23,6 @@ ":webp_decode", ":wuffs", ":xml", -@@ -1832,7 +1839,10 @@ skia_static_library("pathkit") { - public_configs = [ ":skia_public" ] - configs = skia_library_configs - -- deps = [ ":hsw" ] -+ deps = [ -+ ":hsw", -+ ":vsx", -+ ] - - sources = [] - sources += skia_pathops_sources Index: chromium-138.0.7204.35/third_party/skia/gn/skia/BUILD.gn =================================================================== --- chromium-138.0.7204.35.orig/third_party/skia/gn/skia/BUILD.gn
