Hello community,
here is the log from the commit of package chromium for openSUSE:Factory
checked in at 2018-01-28 20:31:41
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/chromium (Old)
and /work/SRC/openSUSE:Factory/.chromium.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium"
Sun Jan 28 20:31:41 2018 rev:175 rq:569875 version:64.0.3282.119
Changes:
--------
--- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2018-01-06
18:50:26.615715079 +0100
+++ /work/SRC/openSUSE:Factory/.chromium.new/chromium.changes 2018-01-28
20:32:58.016168886 +0100
@@ -1,0 +2,46 @@
+Fri Jan 26 10:11:22 UTC 2018 - tchva...@suse.com
+
+- Disable ozone stuff conditions for now as the headless mode
+ breaks up runtime bsc#1077722
+
+-------------------------------------------------------------------
+Thu Jan 25 09:51:59 UTC 2018 - tchva...@suse.com
+
+- Switch to gcc7 on Leap builds
+
+-------------------------------------------------------------------
+Thu Jan 25 09:42:51 UTC 2018 - tchva...@suse.com
+
+- Version update to 64.0.3282.119 bsc#1077571:
+ * High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on
2017-11-01
+ * High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun
Kokatsu (@shhnjk) on 2017-11-20
+ * High CVE-2018-6033: Race when opening downloaded files. Reported by Juho
Nurminen on 2017-12-09
+ * Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein
(www.trapkit.de) on 2017-11-12
+ * Medium CVE-2018-6035: Insufficient isolation of devtools from extensions.
Reported by Rob Wu on 2017-12-23
+ * Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The
UK's National Cyber Security Centre (NCSC) on 2017-11-30
+ * Medium CVE-2018-6037: Insufficient user gesture requirements in autofill.
Reported by Paul Stone of Context Information Security on 2017-08-09
+ * Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by
cloudfuzzer on 2017-10-12
+ * Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on
2017-10-17
+ * Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu
of Tencent's Xuanwu Lab on 2017-10-26
+ * Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on
2017-08-29
+ * Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on
2017-10-12
+ * Medium CVE-2018-6043: Insufficient escaping with external URL handlers.
Reported by 0x09AL on 2017-11-16
+ * Medium CVE-2018-6045: Insufficient isolation of devtools from extensions.
Reported by Rob Wu on 2017-12-23
+ * Medium CVE-2018-6046: Insufficient isolation of devtools from extensions.
Reported by Rob Wu on 2017-12-31
+ * Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato
Kinugawa on 2018-01-08
+ * Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun
Kokatsu (@shhnjk) on 2017-09-08
+ * Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall
(@_aaspring_) on 2017-10-05
+ * Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of
Tencent's Xuanwu Lab on 2017-10-13
+ * Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on
2017-10-15
+ * Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso
(@asanso) on 2014-12-11
+ * Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported
by Tanner Emek on 2016-05-28
+ * Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by
Asset Kabdenov on 2017-08-23
+ * Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on
2017-12-24
+- Add patches:
+ * chromium-angle.patch
+ * chromium-memcpy.patch
+- Drop patch:
+ * chromium-gcc.patch
+- Change desktop file name to fit bellow the icon on ie KDE desktop
+
+-------------------------------------------------------------------
Old:
----
chromium-63.0.3239.132.tar.xz
chromium-gcc.patch
New:
----
chromium-64.0.3282.119.tar.xz
chromium-angle.patch
chromium-memcpy.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ chromium.spec ++++++
--- /var/tmp/diff_new_pack.ISzhaf/_old 2018-01-28 20:33:22.927005265 +0100
+++ /var/tmp/diff_new_pack.ISzhaf/_new 2018-01-28 20:33:22.927005265 +0100
@@ -31,16 +31,17 @@
%else
%bcond_without sle_bundles
%endif
-%if 0%{?suse_version} >= 1330
+%if 0%{?suse_version} >= 1500
%bcond_without system_libxml
+%bcond_without system_icu
%else
+%bcond_with system_icu
%bcond_with system_libxml
%endif
-%bcond_with system_icu
%bcond_with system_vpx
%bcond_with clang
Name: chromium
-Version: 63.0.3239.132
+Version: 64.0.3282.119
Release: 0
Summary: Google's open source browser project
License: BSD-3-Clause AND LGPL-2.1+
@@ -69,8 +70,9 @@
Patch7: fix_network_api_crash.patch
Patch12: chromium-dma-buf.patch
Patch14: chromium-buildname.patch
-Patch15: chromium-gcc.patch
-Patch16: chromium-non-void-return.patch
+Patch17: chromium-non-void-return.patch
+Patch18: chromium-memcpy.patch
+Patch19: chromium-angle.patch
# GN buildsystem related patches
Patch200: chromium-last-commit-position-r0.patch
Patch201: fix-gn-bootstrap.diff
@@ -117,6 +119,7 @@
BuildRequires: pkgconfig(cairo) >= 1.6
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(dirac) >= 1.0.0
+BuildRequires: pkgconfig(dri)
BuildRequires: pkgconfig(expat)
BuildRequires: pkgconfig(flac++)
BuildRequires: pkgconfig(freetype2)
@@ -215,7 +218,7 @@
BuildRequires: pkgconfig(harfbuzz) >= 1.5.0
%endif
%if %{with system_icu}
-BuildRequires: pkgconfig(icu-i18n) >= 58.0
+BuildRequires: pkgconfig(icu-i18n) >= 59.0
%endif
%if %{with system_vpx}
BuildRequires: pkgconfig(vpx) >= 1.6.1
@@ -227,8 +230,8 @@
BuildRequires: gcc >= 6.0
BuildRequires: gcc-c++ >= 6.0
%else
-BuildRequires: gcc6
-BuildRequires: gcc6-c++
+BuildRequires: gcc7
+BuildRequires: gcc7-c++
%endif
%endif
@@ -260,8 +263,9 @@
%patch7
%patch12 -p1
%patch14 -p1
-%patch15 -p1
-%patch16 -p1
+%patch17 -p1
+%patch18 -p1
+%patch19 -p1
# Copy the toolchain settings
mkdir toolchain
@@ -296,6 +300,7 @@
third_party/angle/src/third_party/trace_event
third_party/blink
third_party/boringssl
+ third_party/boringssl/src/third_party/fiat
third_party/breakpad
third_party/breakpad/breakpad/src/third_party/curl
third_party/brotli
@@ -311,7 +316,6 @@
third_party/catapult/tracing/third_party/oboe
third_party/catapult/tracing/third_party/pako
third_party/ced
- third_party/cld_2
third_party/cld_3
third_party/crc32c
third_party/cros_system_api
@@ -321,6 +325,7 @@
third_party/flatbuffers
third_party/flot
third_party/freetype
+ third_party/glslang
third_party/glslang-angle
third_party/google_input_tools
third_party/google_input_tools/third_party/closure_library
@@ -349,6 +354,7 @@
third_party/lzma_sdk
third_party/markupsafe
third_party/mesa
+ third_party/metrics_proto
third_party/modp_b64
third_party/mt19937ar
third_party/node
@@ -372,11 +378,13 @@
third_party/protobuf/third_party/six
third_party/qcms
third_party/sfntly
+ third_party/shaderc
third_party/skia
third_party/skia/third_party/gif
third_party/skia/third_party/vulkan
third_party/smhasher
third_party/spirv-headers
+ third_party/SPIRV-Tools
third_party/spirv-tools-angle
third_party/sqlite
third_party/swiftshader
@@ -446,8 +454,8 @@
export CC=gcc
export CXX=g++
%if 0%{?suse_version} < 1330
-export CC=gcc-6
-export CXX=g++-6
+export CC=gcc-7
+export CXX=g++-7
# some still call gcc/g++
mkdir -p "$HOME/bin/"
ln -sfn /usr/bin/$CC $HOME/bin/gcc
@@ -528,7 +536,13 @@
myconf_gn+=" use_sysroot=false"
myconf_gn+=" treat_warnings_as_errors=false"
myconf_gn+=" enable_widevine=true"
+# See dependency logic in third_party/BUILD.gn
+myconf_gn+=" use_system_harfbuzz=false"
myconf_gn+=" enable_hangout_services_extension=true"
+myconf_gn+=" enable_vulkan=false" # fails to compile now
+# ozone stuff
+#myconf_gn+=" use_ozone=true use_xkbcommon=false enable_mus=true
ozone_auto_platforms=false"
+#myconf_gn+=" ozone_platform_wayland=false ozone_platform_x11=true
ozone_platform_headless=true"
%if %{with clang}
myconf_gn+=" is_clang=true clang_base_path=\"/usr\"
clang_use_chrome_plugins=false"
%else
++++++ chromium-63.0.3239.132.tar.xz -> chromium-64.0.3282.119.tar.xz ++++++
/work/SRC/openSUSE:Factory/chromium/chromium-63.0.3239.132.tar.xz
/work/SRC/openSUSE:Factory/.chromium.new/chromium-64.0.3282.119.tar.xz differ:
char 26, line 1
++++++ chromium-angle.patch ++++++
>From 030017a4855c7b6e7f2ff8d9566c146f31eb301b Mon Sep 17 00:00:00 2001
From: Kai Ninomiya <kain...@chromium.org>
Date: Wed, 06 Dec 2017 14:06:53 -0800
Subject: [PATCH] Mark StaticType related functions as constexpr
Fixes compilation on some versions of GCC and probably Clang.
Follow-up to http://crrev.com/c/786317
Bug: angleproject:1432
Change-Id: I3fc3ad0f65492f9543eb27fcdce6ca29a9ad06e5
Reviewed-on: https://chromium-review.googlesource.com/812220
Reviewed-by: Jamie Madill <jmad...@chromium.org>
Commit-Queue: Kai Ninomiya <kain...@chromium.org>
---
diff --git a/third_party/angle/src/compiler/translator/StaticType.h
b/third_party/angle/src/compiler/translator/StaticType.h
index e26e5ff..30b391a 100644
--- a/third_party/angle/src/compiler/translator/StaticType.h
+++ b/third_party/angle/src/compiler/translator/StaticType.h
@@ -160,7 +160,7 @@
TPrecision precision,
TQualifier qualifier,
unsigned char secondarySize>
-const TType *GetForVecMatHelper(unsigned char primarySize)
+constexpr const TType *GetForVecMatHelper(unsigned char primarySize)
{
static_assert(basicType == EbtFloat || basicType == EbtInt || basicType ==
EbtUInt ||
basicType == EbtBool,
@@ -186,7 +186,7 @@
template <TBasicType basicType,
TPrecision precision = EbpUndefined,
TQualifier qualifier = EvqGlobal>
-const TType *GetForVecMat(unsigned char primarySize, unsigned char
secondarySize = 1)
+constexpr const TType *GetForVecMat(unsigned char primarySize, unsigned char
secondarySize = 1)
{
static_assert(basicType == EbtFloat || basicType == EbtInt || basicType ==
EbtUInt ||
basicType == EbtBool,
@@ -208,7 +208,7 @@
}
template <TBasicType basicType, TPrecision precision = EbpUndefined>
-const TType *GetForVec(TQualifier qualifier, unsigned char size)
+constexpr const TType *GetForVec(TQualifier qualifier, unsigned char size)
{
switch (qualifier)
{
diff --git a/third_party/angle/src/compiler/translator/SymbolTable.cpp
b/third_party/angle/src/compiler/translator/SymbolTable.cpp
index adf1e4e..90d4c15 100644
--- a/third_party/angle/src/compiler/translator/SymbolTable.cpp
+++ b/third_party/angle/src/compiler/translator/SymbolTable.cpp
@@ -236,7 +236,7 @@
pop();
}
-bool IsGenType(const TType *type)
+constexpr bool IsGenType(const TType *type)
{
if (type)
{
@@ -248,7 +248,7 @@
return false;
}
-bool IsVecType(const TType *type)
+constexpr bool IsVecType(const TType *type)
{
if (type)
{
diff --git a/third_party/angle/src/compiler/translator/Types.h
b/third_party/angle/src/compiler/translator/Types.h
index 04f46f1..a54d447 100644
--- a/third_party/angle/src/compiler/translator/Types.h
+++ b/third_party/angle/src/compiler/translator/Types.h
@@ -142,13 +142,13 @@
{
}
- TBasicType getBasicType() const { return type; }
+ constexpr TBasicType getBasicType() const { return type; }
void setBasicType(TBasicType t);
TPrecision getPrecision() const { return precision; }
void setPrecision(TPrecision p) { precision = p; }
- TQualifier getQualifier() const { return qualifier; }
+ constexpr TQualifier getQualifier() const { return qualifier; }
void setQualifier(TQualifier q) { qualifier = q; }
bool isInvariant() const { return invariant; }
++++++ chromium-browser.desktop ++++++
--- /var/tmp/diff_new_pack.ISzhaf/_old 2018-01-28 20:33:23.027000595 +0100
+++ /var/tmp/diff_new_pack.ISzhaf/_new 2018-01-28 20:33:23.031000408 +0100
@@ -1,6 +1,6 @@
[Desktop Entry]
Version=1.0
-Name=Chromium Web Browser
+Name=Chromium
Comment=Browse the World Wide Web
GenericName=Web Browser
Exec=chromium %u
++++++ chromium-memcpy.patch ++++++
>From 4942f56ceb6d60d6f54ebca8e6eba8ba01c278e8 Mon Sep 17 00:00:00 2001
From: Tomas Popela <tomas.pop...@gmail.com>
Date: Thu, 7 Dec 2017 22:33:34 +0000
Subject: [PATCH] memcpy used without including string.h
Compiling Chromium with Clang 4.0.1 and using libstdc++ will fail on using
memcpy without including string.h.
Cq-Include-Trybots:
master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: Idced1d5de3baf6b520d4a2d61774120642ead1a8
Reviewed-on: https://chromium-review.googlesource.com/813737
Reviewed-by: Thomas Anderson <thomasander...@chromium.org>
Reviewed-by: vmpstr <vmp...@chromium.org>
Commit-Queue: Thomas Anderson <thomasander...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#522579}
---
cc/paint/raw_memory_transfer_cache_entry.cc | 2 ++
1 file changed, 2 insertions(+)
diff --git a/cc/paint/raw_memory_transfer_cache_entry.cc
b/cc/paint/raw_memory_transfer_cache_entry.cc
index 9e4660c685ee..95ad50b1a338 100644
--- a/cc/paint/raw_memory_transfer_cache_entry.cc
+++ b/cc/paint/raw_memory_transfer_cache_entry.cc
@@ -4,6 +4,8 @@
#include "cc/paint/raw_memory_transfer_cache_entry.h"
+#include <string.h>
+
namespace cc {
ClientRawMemoryTransferCacheEntry::ClientRawMemoryTransferCacheEntry(
--
2.15.1
