Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2017-04-29 10:53:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "chromium" Sat Apr 29 10:53:30 2017 rev:153 rq:491735 version:58.0.3029.81 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2017-04-03 11:05:40.962810459 +0200 +++ /work/SRC/openSUSE:Factory/.chromium.new/chromium.changes 2017-04-29 10:53:45.614228115 +0200 @@ -1,0 +2,26 @@ +Tue Apr 25 13:24:42 UTC 2017 - tchvatal@suse.com + +- Use bundled jinja2, system one changed in 2.9 too much to work + * It is at least used only during build + +------------------------------------------------------------------- +Fri Apr 21 09:57:49 UTC 2017 - tchvatal@suse.com + +- Version update to 58.0.3029.81 bsc#1035103: + * High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360 + * High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani + * High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative + * Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng + * Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah) + * Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous + * Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip + * Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar + * Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani + * Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu + * Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani + * Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman +- Refresh patch fix-gn-bootstrap.diff +- Refresh patch chromium-system-jinja-r13.patch +- Remove obsolete patch chromium-57-gcc4.patch + +------------------------------------------------------------------- Old: ---- chromium-57-gcc4.patch chromium-57.0.2987.133.tar.xz New: ---- chromium-58.0.3029.81.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.NCmkKt/_old 2017-04-29 10:54:00.212165892 +0200 +++ /var/tmp/diff_new_pack.NCmkKt/_new 2017-04-29 10:54:00.212165892 +0200 @@ -17,32 +17,27 @@ %define rname chromium -%if %{?suse_version} <= 1320 %bcond_with system_vpx -%else -%bcond_without system_vpx -%endif %if %{?suse_version} < 1330 %bcond_with system_icu %else %bcond_with system_icu %endif -%if %{?suse_version} >= 1320 || (%{?suse_version} == 1315 && 0%{?leap_version} >= 420200) +%if %{?suse_version} >= 1320 || (0%{?suse_version} == 1315 && 0%{?leap_version} >= 420200) %bcond_without system_minizip +%bcond_without system_harfbuzz %else %bcond_with system_minizip +%bcond_with system_harfbuzz %endif -# This is just overall condition to contain everything we can't provide on SLE12 %if 0%{?suse_version} >= 1320 || 0%{?is_opensuse} %bcond_with sle_bundles -%bcond_without system_harfbuzz %else %bcond_without sle_bundles -%bcond_with system_harfbuzz %endif %bcond_with clang Name: chromium -Version: 57.0.2987.133 +Version: 58.0.3029.81 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause and LGPL-2.1+ @@ -78,8 +73,6 @@ Patch10: gcc60-fixes.diff # PATCH-FIX-SUSE make ld use less memory by tweaking compiler flags Patch13: chromium-linker-memory.patch -# PATCH-FIX-UPSTREAM work with old gcc -Patch14: chromium-57-gcc4.patch # archlinux arm enhancement patches Patch100: arm-webrtc-fix.patch Patch101: arm_use_right_compiler.patch @@ -108,6 +101,7 @@ BuildRequires: libva-devel BuildRequires: ncurses-devel BuildRequires: ninja +BuildRequires: nodejs BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: procps @@ -197,10 +191,8 @@ # while it would build for %arm, we exclude it as it takes forever to build ExcludeArch: %{arm} aarch64 i586 ppc ppc64 ppc64le %if !%{with sle_bundles} -BuildRequires: python-Jinja2 BuildRequires: python-beautifulsoup4 BuildRequires: python-html5lib -BuildRequires: python-ply BuildRequires: python-simplejson BuildRequires: python-xml BuildRequires: yasm-devel @@ -215,7 +207,7 @@ BuildRequires: pkgconfig(icu-i18n) >= 54.0 %endif %if %{with system_vpx} -BuildRequires: pkgconfig(vpx) >= 1.4.0 +BuildRequires: pkgconfig(vpx) >= 1.6.1 %endif BuildRequires: pkgconfig(libavcodec) BuildRequires: pkgconfig(libavfilter) @@ -228,8 +220,8 @@ %if %{with clang} BuildRequires: clang >= 3.9.0 %else -BuildRequires: gcc -BuildRequires: gcc-c++ +BuildRequires: gcc >= 4.8 +BuildRequires: gcc-c++ >= 4.8 %endif %description @@ -266,7 +258,6 @@ %endif %patch10 %patch13 -p1 -%patch14 -p1 # archlinux arm enhancements %patch100 @@ -276,6 +267,10 @@ mkdir toolchain cp %{SOURCE1} toolchain/BUILD.gn +# Fix the path to nodejs binary +mkdir -p third_party/node/linux/node-linux-x64/bin +ln -s %{_bindir}/node third_party/node/linux/node-linux-x64/bin/node + # Remove bundled libs keeplibs=( base/third_party/dmg_fp @@ -327,6 +322,7 @@ third_party/hunspell third_party/iccjpeg third_party/inspector_protocol + third_party/jinja2 third_party/jstemplate third_party/khronos third_party/leveldatabase @@ -343,9 +339,12 @@ third_party/libyuv third_party/lss third_party/lzma_sdk + third_party/markupsafe third_party/mesa third_party/modp_b64 third_party/mt19937ar + third_party/node + third_party/node/node_modules/vulcanize/third_party/UglifyJS2 third_party/openh264 third_party/openmax_dl third_party/opus @@ -361,6 +360,7 @@ third_party/pdfium/third_party/libpng16 third_party/pdfium/third_party/libtiff third_party/pdfium/third_party/zlib_v128 + third_party/ply third_party/polymer third_party/protobuf third_party/protobuf/third_party/six @@ -386,10 +386,7 @@ %if %{with sle_bundles} keeplibs+=( third_party/yasm - third_party/jinja2 - third_party/markupsafe third_party/simplejson - third_party/ply third_party/catapult/third_party/beautifulsoup4 third_party/catapult/third_party/html5lib-python third_party/catapult/third_party/six ++++++ chromium-57.0.2987.133.tar.xz -> chromium-58.0.3029.81.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-57.0.2987.133.tar.xz /work/SRC/openSUSE:Factory/.chromium.new/chromium-58.0.3029.81.tar.xz differ: char 26, line 1 ++++++ chromium-system-jinja-r13.patch ++++++ --- /var/tmp/diff_new_pack.NCmkKt/_old 2017-04-29 10:54:00.364144422 +0200 +++ /var/tmp/diff_new_pack.NCmkKt/_new 2017-04-29 10:54:00.368143858 +0200 @@ -1,19 +1,23 @@ ---- a/third_party/WebKit/Source/build/scripts/scripts.gni.orig 2016-06-02 09:54:28.510152077 +0000 -+++ b/third_party/WebKit/Source/build/scripts/scripts.gni 2016-06-02 09:54:50.966612510 +0000 -@@ -9,10 +9,6 @@ +Index: chromium-58.0.3018.3/third_party/WebKit/Source/build/scripts/scripts.gni +=================================================================== +--- chromium-58.0.3018.3.orig/third_party/WebKit/Source/build/scripts/scripts.gni ++++ chromium-58.0.3018.3/third_party/WebKit/Source/build/scripts/scripts.gni +@@ -10,10 +10,6 @@ import("//third_party/WebKit/Source/conf _scripts_dir = "//third_party/WebKit/Source/build/scripts" - scripts_for_in_files = [ + scripts_for_json5_files = [ - # jinja2/__init__.py contains version string, so sufficient as - # dependency for whole jinja2 package - "//third_party/jinja2/__init__.py", - "//third_party/markupsafe/__init__.py", # jinja2 dep "$_scripts_dir/hasher.py", - "$_scripts_dir/in_file.py", - "$_scripts_dir/in_generator.py", ---- a/third_party/WebKit/Source/bindings/scripts/scripts.gni.orig 2016-09-09 13:40:51.971660406 +0000 -+++ b/third_party/WebKit/Source/bindings/scripts/scripts.gni 2016-09-09 13:41:15.472141236 +0000 -@@ -9,15 +9,9 @@ + "$_scripts_dir/json5_generator.py", + "$_scripts_dir/license.py", +Index: chromium-58.0.3018.3/third_party/WebKit/Source/bindings/scripts/scripts.gni +=================================================================== +--- chromium-58.0.3018.3.orig/third_party/WebKit/Source/bindings/scripts/scripts.gni ++++ chromium-58.0.3018.3/third_party/WebKit/Source/bindings/scripts/scripts.gni +@@ -9,15 +9,9 @@ bindings_scripts_dir = get_path_info("." bindings_scripts_output_dir = "$root_gen_dir/blink/bindings/scripts" jinja_module_files = [ ++++++ fix-gn-bootstrap.diff ++++++ --- /var/tmp/diff_new_pack.NCmkKt/_old 2017-04-29 10:54:00.400139338 +0200 +++ /var/tmp/diff_new_pack.NCmkKt/_new 2017-04-29 10:54:00.400139338 +0200 @@ -1,13 +1,13 @@ -Index: chromium-57.0.2970.0/tools/gn/err.cc -=================================================================== ---- chromium-57.0.2970.0.orig/tools/gn/err.cc -+++ chromium-57.0.2970.0/tools/gn/err.cc -@@ -158,8 +158,6 @@ void Err::AppendSubErr(const Err& err) { - } - - void Err::InternalPrintToStdout(bool is_sub_err) const { -- DCHECK(has_error_); -- - if (!is_sub_err) - OutputString("ERROR ", DECORATION_RED); - +Index: tools/gn/bootstrap/bootstrap.py +diff --git a/tools/gn/bootstrap/bootstrap.py b/tools/gn/bootstrap/bootstrap.py +index 38cfb117d29c3895291379f00d8dc8c8b0727474..679170e610f8292bcbeb76508fd247d322a69c79 100755 +--- a/tools/gn/bootstrap/bootstrap.py ++++ b/tools/gn/bootstrap/bootstrap.py +@@ -385,6 +385,7 @@ def write_gn_ninja(path, root_gen_dir, options): + 'base/base_switches.cc', + 'base/build_time.cc', + 'base/callback_internal.cc', ++ 'base/callback_helpers.cc', + 'base/command_line.cc', + 'base/debug/activity_tracker.cc', + 'base/debug/alias.cc',