Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2017-06-07 09:55:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Wed Jun 7 09:55:29 2017 rev:156 rq:501295 version:59.0.3071.86 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2017-05-16 14:43:18.026765920 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new/chromium.changes 2017-06-07 09:55:52.918794943 +0200 @@ -1,0 +2,40 @@ +Tue Jun 6 07:53:53 UTC 2017 - [email protected] + +- Update to 59.0.3071.86 bsc#1042833: + * CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16 + * CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26 + * CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07 + * CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28 + * CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09 + * CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05 + * CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16 + * CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06 + * CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28 + * CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12 + * CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20 + * CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05 + * CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07 + * CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11 + * CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24 + * CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15 +- Add patch to fix build with system dma: + * chromium-dma-buf.patch +- Drop no longer needed patches: + * chromium-linker-memory.patch + * chromium-system-jinja-r13.patch +- Refresh patches: + * chromium-gcc7.patch + * chromium-system-ffmpeg-r3.patch + * fix-gn-bootstrap.diff +- Use bundled libxml + * Upstream unfortunately uses git snapshot that is not api/abi compatible + +------------------------------------------------------------------- +Mon Jun 5 12:55:22 UTC 2017 - [email protected] + +- Add patch to build with gcc7: + * chromium-gcc7.patch +- Add patch for fpermissive build error: + * chromium-fpermissive.patch + +------------------------------------------------------------------- Old: ---- chromium-58.0.3029.110.tar.xz chromium-linker-memory.patch chromium-system-jinja-r13.patch New: ---- chromium-59.0.3071.86.tar.xz chromium-dma-buf.patch chromium-fpermissive.patch chromium-gcc7.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.UM0yqK/_old 2017-06-07 09:56:08.184637672 +0200 +++ /var/tmp/diff_new_pack.UM0yqK/_new 2017-06-07 09:56:08.188637106 +0200 @@ -18,18 +18,16 @@ %define rname chromium %bcond_with system_vpx -%if %{?suse_version} < 1330 %bcond_with system_icu -%else -%bcond_with system_icu -%endif -%if %{?suse_version} >= 1320 || (0%{?suse_version} == 1315 && 0%{?leap_version} >= 420200) +%bcond_with system_libxml +%if %{?suse_version} >= 1320 || (%{?suse_version} == 1315 && 0%{?leap_version} >= 420200) %bcond_without system_minizip %bcond_without system_harfbuzz %else %bcond_with system_minizip %bcond_with system_harfbuzz %endif +# This is just overall condition to contain everything we can't provide on SLE12 %if 0%{?suse_version} >= 1320 || 0%{?is_opensuse} %bcond_with sle_bundles %else @@ -37,7 +35,7 @@ %endif %bcond_with clang Name: chromium -Version: 58.0.3029.110 +Version: 59.0.3071.86 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause and LGPL-2.1+ @@ -68,11 +66,11 @@ Patch7: fix_network_api_crash.patch # System libs Patch8: chromium-system-ffmpeg-r3.patch -Patch9: chromium-system-jinja-r13.patch # Gcc fix Patch10: gcc60-fixes.diff -# PATCH-FIX-SUSE make ld use less memory by tweaking compiler flags -Patch13: chromium-linker-memory.patch +Patch11: chromium-gcc7.patch +Patch12: chromium-dma-buf.patch +Patch13: chromium-fpermissive.patch # archlinux arm enhancement patches Patch100: arm-webrtc-fix.patch Patch101: arm_use_right_compiler.patch @@ -144,7 +142,9 @@ BuildRequires: pkgconfig(libtcmalloc) BuildRequires: pkgconfig(libudev) BuildRequires: pkgconfig(libwebp) +%if %{with system_libxml} BuildRequires: pkgconfig(libxml-2.0) +%endif BuildRequires: pkgconfig(libxslt) BuildRequires: pkgconfig(nspr) >= 4.9.5 BuildRequires: pkgconfig(nss) >= 3.14 @@ -201,10 +201,10 @@ BuildRequires: pkgconfig(minizip) %endif %if %{with system_harfbuzz} -BuildRequires: pkgconfig(harfbuzz) >= 1.3.1 +BuildRequires: pkgconfig(harfbuzz) >= 1.4.0 %endif %if %{with system_icu} -BuildRequires: pkgconfig(icu-i18n) >= 54.0 +BuildRequires: pkgconfig(icu-i18n) >= 58.0 %endif %if %{with system_vpx} BuildRequires: pkgconfig(vpx) >= 1.6.1 @@ -253,10 +253,11 @@ %patch6 -p1 %patch7 %patch8 -p1 -%if !%{with sle_bundles} -%patch9 -p1 -%endif +%if !%{with clang} %patch10 +%patch11 -p1 +%endif +%patch12 -p1 %patch13 -p1 # archlinux arm enhancements @@ -316,6 +317,7 @@ third_party/fips181 third_party/flatbuffers third_party/flot + third_party/freetype third_party/google_input_tools third_party/google_input_tools/third_party/closure_library third_party/google_input_tools/third_party/closure_library/third_party/closure @@ -328,6 +330,7 @@ third_party/leveldatabase third_party/libXNVCtrl third_party/libaddressinput + third_party/libdrm third_party/libjingle third_party/libphonenumber third_party/libsecret @@ -352,14 +355,13 @@ third_party/pdfium third_party/pdfium/third_party/agg23 third_party/pdfium/third_party/base + third_party/pdfium/third_party/build third_party/pdfium/third_party/bigint third_party/pdfium/third_party/freetype third_party/pdfium/third_party/lcms2-2.6 - third_party/pdfium/third_party/libjpeg third_party/pdfium/third_party/libopenjpeg20 third_party/pdfium/third_party/libpng16 third_party/pdfium/third_party/libtiff - third_party/pdfium/third_party/zlib_v128 third_party/ply third_party/polymer third_party/protobuf @@ -369,6 +371,10 @@ third_party/skia third_party/smhasher third_party/sqlite + third_party/swiftshader + third_party/swiftshader/third_party/llvm-subzero + third_party/swiftshader/third_party/pnacl-subzero + third_party/swiftshader/third_party/subzero third_party/tcmalloc third_party/usrsctp third_party/web-animations-js @@ -398,6 +404,9 @@ %if !%{with system_icu} keeplibs+=( third_party/icu ) %endif +%if !%{with system_libxml} +keeplibs+=( third_party/libxml ) +%endif %if !%{with system_vpx} keeplibs+=( third_party/libvpx @@ -419,17 +428,17 @@ build/linux/unbundle/remove_bundled_libraries.py "${keeplibs[@]}" --do-remove %build -# this is as we do our own toolchain that we want to override for older distros -export CC=gcc -export CXX=g++ %if %{with clang} export CC=clang export CXX=clang++ -%endif +%else # REDUCE DEBUG as it gets TOO large ARCH_FLAGS="`echo %{optflags} | sed -e 's/^-g / /g' -e 's/ -g / /g' -e 's/ -g$//g'`" export CFLAGS="${ARCH_FLAGS}" export CXXFLAGS="${ARCH_FLAGS}" +export CC=gcc +export CXX=g++ +%endif # do not eat all memory ninjaproc="%{?jobs:%{jobs}}" echo "Available memory:" @@ -448,10 +457,10 @@ gn_system_libraries=( ffmpeg flac + libdrm libjpeg libpng libwebp - libxml libxslt re2 snappy @@ -471,6 +480,9 @@ %if %{with system_vpx} gn_system_libraries+=( libvpx ) %endif +%if %{with system_libxml} +gn_system_libraries+=( libxml ) +%endif build/linux/unbundle/replace_gn_files.py --system-libraries ${gn_system_libraries[@]} # Create the configuration for GN ++++++ chromium-58.0.3029.110.tar.xz -> chromium-59.0.3071.86.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-58.0.3029.110.tar.xz /work/SRC/openSUSE:Factory/.chromium.new/chromium-59.0.3071.86.tar.xz differ: char 26, line 1 ++++++ chromium-dma-buf.patch ++++++ --- a/ui/gfx/linux/client_native_pixmap_dmabuf.cc.orig 2017-03-29 15:08:58.079790070 +0000 +++ b/ui/gfx/linux/client_native_pixmap_dmabuf.cc 2017-03-29 15:09:10.068039324 +0000 @@ -17,7 +17,6 @@ #include "base/strings/stringprintf.h" #include "base/trace_event/trace_event.h" -#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 6, 0) #include <linux/types.h> struct local_dma_buf_sync { @@ -35,10 +34,6 @@ #define LOCAL_DMA_BUF_IOCTL_SYNC \ _IOW(LOCAL_DMA_BUF_BASE, 0, struct local_dma_buf_sync) -#else -#include <linux/dma-buf.h> -#endif - namespace gfx { namespace { ++++++ chromium-fpermissive.patch ++++++ diff -up chromium-56.0.2924.87/third_party/WebKit/Source/BUILD.gn.permissive chromium-56.0.2924.87/third_party/WebKit/Source/BUILD.gn --- chromium-56.0.2924.87/third_party/WebKit/Source/BUILD.gn.permissive 2017-02-13 12:32:23.419665971 -0500 +++ chromium-56.0.2924.87/third_party/WebKit/Source/BUILD.gn 2017-02-13 12:33:16.146629190 -0500 @@ -54,6 +54,9 @@ config("config") { cflags = [] defines = [] + # error: there are no arguments to 'swapAnchor' that depend on a template parameter, so a declaration of 'swapAnchor' must be available [-fpermissive] + cflags += [ "-fpermissive" ] + if (is_win) { cflags += [ "/wd4305", # Truncation from 'type1' to 'type2'. ++++++ chromium-gcc7.patch ++++++ Index: chromium-59.0.3071.83/third_party/WebKit/Source/platform/graphics/gpu/SharedGpuContext.h =================================================================== --- chromium-59.0.3071.83.orig/third_party/WebKit/Source/platform/graphics/gpu/SharedGpuContext.h +++ chromium-59.0.3071.83/third_party/WebKit/Source/platform/graphics/gpu/SharedGpuContext.h @@ -5,6 +5,7 @@ #include "platform/PlatformExport.h" #include "platform/wtf/ThreadSpecific.h" +#include <functional> #include <memory> namespace gpu { Index: chromium-59.0.3071.83/v8/src/objects-body-descriptors.h =================================================================== --- chromium-59.0.3071.83.orig/v8/src/objects-body-descriptors.h +++ chromium-59.0.3071.83/v8/src/objects-body-descriptors.h @@ -99,7 +99,7 @@ class FixedBodyDescriptor final : public template <typename StaticVisitor> static inline void IterateBody(HeapObject* obj, int object_size) { - IterateBody(obj); + IterateBody<StaticVisitor>(obj); } }; ++++++ chromium-system-ffmpeg-r3.patch ++++++ --- /var/tmp/diff_new_pack.UM0yqK/_old 2017-06-07 09:56:08.416604891 +0200 +++ /var/tmp/diff_new_pack.UM0yqK/_new 2017-06-07 09:56:08.420604326 +0200 @@ -1,48 +1,43 @@ ---- a/media/ffmpeg/ffmpeg_common.h.orig 2016-09-09 13:16:07.757294768 +0000 -+++ b/media/ffmpeg/ffmpeg_common.h 2016-09-09 13:16:41.705989273 +0000 -@@ -22,10 +22,6 @@ +--- a/media/ffmpeg/ffmpeg_common.h.orig 2017-04-07 18:17:22.623538889 +0000 ++++ b/media/ffmpeg/ffmpeg_common.h 2017-04-07 18:18:16.780656283 +0000 +@@ -23,10 +23,12 @@ // Include FFmpeg header files. extern "C" { --// Disable deprecated features which result in spammy compile warnings. This --// list of defines must mirror those in the 'defines' section of FFmpeg's --// BUILD.gn file or the headers below will generate different structures! --#define FF_API_CONVERGENCE_DURATION 0 ++#if !defined(USE_SYSTEM_FFMPEG) + // Disable deprecated features which result in spammy compile warnings. This + // list of defines must mirror those in the 'defines' section of FFmpeg's + // BUILD.gn file or the headers below will generate different structures! + #define FF_API_CONVERGENCE_DURATION 0 ++#endif // !defined(USE_SYSTEM_FFMPEG) // Upstream libavcodec/utils.c still uses the deprecated // av_dup_packet(), causing deprecation warnings. // The normal fix for such things is to disable the feature as below, -@@ -35,7 +35,6 @@ +@@ -40,7 +42,9 @@ MSVC_PUSH_DISABLE_WARNING(4244); #include <libavcodec/avcodec.h> #include <libavformat/avformat.h> --#include <libavformat/internal.h> ++#if !defined(USE_SYSTEM_FFMPEG) + #include <libavformat/internal.h> ++#endif // !defined(USE_SYSTEM_FFMPEG) #include <libavformat/avio.h> #include <libavutil/avutil.h> #include <libavutil/imgutils.h> ---- a/media/filters/ffmpeg_demuxer.cc.orig 2016-09-09 14:21:40.185828912 +0000 -+++ b/media/filters/ffmpeg_demuxer.cc 2016-09-09 14:21:52.894089352 +0000 -@@ -1185,24 +1185,6 @@ +--- a/media/filters/ffmpeg_demuxer.cc.orig 2017-04-07 18:15:14.776901183 +0000 ++++ b/media/filters/ffmpeg_demuxer.cc 2017-04-07 18:15:54.813727201 +0000 +@@ -1223,6 +1223,7 @@ // If no estimate is found, the stream entry will be kInfiniteDuration. std::vector<base::TimeDelta> start_time_estimates(format_context->nb_streams, kInfiniteDuration); -- const AVFormatInternal* internal = format_context->internal; -- if (internal && internal->packet_buffer && -- format_context->start_time != static_cast<int64_t>(AV_NOPTS_VALUE)) { -- struct AVPacketList* packet_buffer = internal->packet_buffer; -- while (packet_buffer != internal->packet_buffer_end) { -- DCHECK_LT(static_cast<size_t>(packet_buffer->pkt.stream_index), -- start_time_estimates.size()); -- const AVStream* stream = -- format_context->streams[packet_buffer->pkt.stream_index]; -- if (packet_buffer->pkt.pts != static_cast<int64_t>(AV_NOPTS_VALUE)) { -- const base::TimeDelta packet_pts = -- ConvertFromTimeBase(stream->time_base, packet_buffer->pkt.pts); -- if (packet_pts < start_time_estimates[stream->index]) -- start_time_estimates[stream->index] = packet_pts; -- } -- packet_buffer = packet_buffer->next; -- } -- } ++#if !defined(USE_SYSTEM_FFMPEG) + const AVFormatInternal* internal = format_context->internal; + if (internal && internal->packet_buffer && + format_context->start_time != static_cast<int64_t>(AV_NOPTS_VALUE)) { +@@ -1246,6 +1247,7 @@ + packet_buffer = packet_buffer->next; + } + } ++#endif // !defined(USE_SYSTEM_FFMPEG) std::unique_ptr<MediaTracks> media_tracks(new MediaTracks()); ++++++ fix-gn-bootstrap.diff ++++++ --- /var/tmp/diff_new_pack.UM0yqK/_old 2017-06-07 09:56:08.456599240 +0200 +++ /var/tmp/diff_new_pack.UM0yqK/_new 2017-06-07 09:56:08.456599240 +0200 @@ -1,13 +0,0 @@ -Index: tools/gn/bootstrap/bootstrap.py -diff --git a/tools/gn/bootstrap/bootstrap.py b/tools/gn/bootstrap/bootstrap.py -index 38cfb117d29c3895291379f00d8dc8c8b0727474..679170e610f8292bcbeb76508fd247d322a69c79 100755 ---- a/tools/gn/bootstrap/bootstrap.py -+++ b/tools/gn/bootstrap/bootstrap.py -@@ -385,6 +385,7 @@ def write_gn_ninja(path, root_gen_dir, options): - 'base/base_switches.cc', - 'base/build_time.cc', - 'base/callback_internal.cc', -+ 'base/callback_helpers.cc', - 'base/command_line.cc', - 'base/debug/activity_tracker.cc', - 'base/debug/alias.cc',
