Hello community, here is the log from the commit of package chromium for openSUSE:Factory checked in at 2018-01-28 20:31:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/chromium (Old) and /work/SRC/openSUSE:Factory/.chromium.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "chromium" Sun Jan 28 20:31:41 2018 rev:175 rq:569875 version:64.0.3282.119 Changes: -------- --- /work/SRC/openSUSE:Factory/chromium/chromium.changes 2018-01-06 18:50:26.615715079 +0100 +++ /work/SRC/openSUSE:Factory/.chromium.new/chromium.changes 2018-01-28 20:32:58.016168886 +0100 @@ -1,0 +2,46 @@ +Fri Jan 26 10:11:22 UTC 2018 - tchvatal@suse.com + +- Disable ozone stuff conditions for now as the headless mode + breaks up runtime bsc#1077722 + +------------------------------------------------------------------- +Thu Jan 25 09:51:59 UTC 2018 - tchvatal@suse.com + +- Switch to gcc7 on Leap builds + +------------------------------------------------------------------- +Thu Jan 25 09:42:51 UTC 2018 - tchvatal@suse.com + +- Version update to 64.0.3282.119 bsc#1077571: + * High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01 + * High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20 + * High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09 + * Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12 + * Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23 + * Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre (NCSC) on 2017-11-30 + * Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09 + * Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12 + * Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17 + * Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26 + * Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29 + * Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12 + * Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16 + * Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23 + * Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31 + * Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08 + * Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08 + * Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05 + * Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13 + * Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15 + * Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11 + * Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28 + * Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23 + * Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24 +- Add patches: + * chromium-angle.patch + * chromium-memcpy.patch +- Drop patch: + * chromium-gcc.patch +- Change desktop file name to fit bellow the icon on ie KDE desktop + +------------------------------------------------------------------- Old: ---- chromium-63.0.3239.132.tar.xz chromium-gcc.patch New: ---- chromium-64.0.3282.119.tar.xz chromium-angle.patch chromium-memcpy.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.ISzhaf/_old 2018-01-28 20:33:22.927005265 +0100 +++ /var/tmp/diff_new_pack.ISzhaf/_new 2018-01-28 20:33:22.927005265 +0100 @@ -31,16 +31,17 @@ %else %bcond_without sle_bundles %endif -%if 0%{?suse_version} >= 1330 +%if 0%{?suse_version} >= 1500 %bcond_without system_libxml +%bcond_without system_icu %else +%bcond_with system_icu %bcond_with system_libxml %endif -%bcond_with system_icu %bcond_with system_vpx %bcond_with clang Name: chromium -Version: 63.0.3239.132 +Version: 64.0.3282.119 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1+ @@ -69,8 +70,9 @@ Patch7: fix_network_api_crash.patch Patch12: chromium-dma-buf.patch Patch14: chromium-buildname.patch -Patch15: chromium-gcc.patch -Patch16: chromium-non-void-return.patch +Patch17: chromium-non-void-return.patch +Patch18: chromium-memcpy.patch +Patch19: chromium-angle.patch # GN buildsystem related patches Patch200: chromium-last-commit-position-r0.patch Patch201: fix-gn-bootstrap.diff @@ -117,6 +119,7 @@ BuildRequires: pkgconfig(cairo) >= 1.6 BuildRequires: pkgconfig(dbus-1) BuildRequires: pkgconfig(dirac) >= 1.0.0 +BuildRequires: pkgconfig(dri) BuildRequires: pkgconfig(expat) BuildRequires: pkgconfig(flac++) BuildRequires: pkgconfig(freetype2) @@ -215,7 +218,7 @@ BuildRequires: pkgconfig(harfbuzz) >= 1.5.0 %endif %if %{with system_icu} -BuildRequires: pkgconfig(icu-i18n) >= 58.0 +BuildRequires: pkgconfig(icu-i18n) >= 59.0 %endif %if %{with system_vpx} BuildRequires: pkgconfig(vpx) >= 1.6.1 @@ -227,8 +230,8 @@ BuildRequires: gcc >= 6.0 BuildRequires: gcc-c++ >= 6.0 %else -BuildRequires: gcc6 -BuildRequires: gcc6-c++ +BuildRequires: gcc7 +BuildRequires: gcc7-c++ %endif %endif @@ -260,8 +263,9 @@ %patch7 %patch12 -p1 %patch14 -p1 -%patch15 -p1 -%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 # Copy the toolchain settings mkdir toolchain @@ -296,6 +300,7 @@ third_party/angle/src/third_party/trace_event third_party/blink third_party/boringssl + third_party/boringssl/src/third_party/fiat third_party/breakpad third_party/breakpad/breakpad/src/third_party/curl third_party/brotli @@ -311,7 +316,6 @@ third_party/catapult/tracing/third_party/oboe third_party/catapult/tracing/third_party/pako third_party/ced - third_party/cld_2 third_party/cld_3 third_party/crc32c third_party/cros_system_api @@ -321,6 +325,7 @@ third_party/flatbuffers third_party/flot third_party/freetype + third_party/glslang third_party/glslang-angle third_party/google_input_tools third_party/google_input_tools/third_party/closure_library @@ -349,6 +354,7 @@ third_party/lzma_sdk third_party/markupsafe third_party/mesa + third_party/metrics_proto third_party/modp_b64 third_party/mt19937ar third_party/node @@ -372,11 +378,13 @@ third_party/protobuf/third_party/six third_party/qcms third_party/sfntly + third_party/shaderc third_party/skia third_party/skia/third_party/gif third_party/skia/third_party/vulkan third_party/smhasher third_party/spirv-headers + third_party/SPIRV-Tools third_party/spirv-tools-angle third_party/sqlite third_party/swiftshader @@ -446,8 +454,8 @@ export CC=gcc export CXX=g++ %if 0%{?suse_version} < 1330 -export CC=gcc-6 -export CXX=g++-6 +export CC=gcc-7 +export CXX=g++-7 # some still call gcc/g++ mkdir -p "$HOME/bin/" ln -sfn /usr/bin/$CC $HOME/bin/gcc @@ -528,7 +536,13 @@ myconf_gn+=" use_sysroot=false" myconf_gn+=" treat_warnings_as_errors=false" myconf_gn+=" enable_widevine=true" +# See dependency logic in third_party/BUILD.gn +myconf_gn+=" use_system_harfbuzz=false" myconf_gn+=" enable_hangout_services_extension=true" +myconf_gn+=" enable_vulkan=false" # fails to compile now +# ozone stuff +#myconf_gn+=" use_ozone=true use_xkbcommon=false enable_mus=true ozone_auto_platforms=false" +#myconf_gn+=" ozone_platform_wayland=false ozone_platform_x11=true ozone_platform_headless=true" %if %{with clang} myconf_gn+=" is_clang=true clang_base_path=\"/usr\" clang_use_chrome_plugins=false" %else ++++++ chromium-63.0.3239.132.tar.xz -> chromium-64.0.3282.119.tar.xz ++++++ /work/SRC/openSUSE:Factory/chromium/chromium-63.0.3239.132.tar.xz /work/SRC/openSUSE:Factory/.chromium.new/chromium-64.0.3282.119.tar.xz differ: char 26, line 1 ++++++ chromium-angle.patch ++++++
From 030017a4855c7b6e7f2ff8d9566c146f31eb301b Mon Sep 17 00:00:00 2001 From: Kai Ninomiya
Date: Wed, 06 Dec 2017 14:06:53 -0800 Subject: [PATCH] Mark StaticType related functions as constexpr
Fixes compilation on some versions of GCC and probably Clang.
Follow-up to http://crrev.com/c/786317
Bug: angleproject:1432
Change-Id: I3fc3ad0f65492f9543eb27fcdce6ca29a9ad06e5
Reviewed-on: https://chromium-review.googlesource.com/812220
Reviewed-by: Jamie Madill
From 4942f56ceb6d60d6f54ebca8e6eba8ba01c278e8 Mon Sep 17 00:00:00 2001 From: Tomas Popela
Date: Thu, 7 Dec 2017 22:33:34 +0000 Subject: [PATCH] memcpy used without including string.h
Compiling Chromium with Clang 4.0.1 and using libstdc++ will fail on using
memcpy without including string.h.
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel;master.tryserver.chromium.android:android_optional_gpu_tests_rel
Change-Id: Idced1d5de3baf6b520d4a2d61774120642ead1a8
Reviewed-on: https://chromium-review.googlesource.com/813737
Reviewed-by: Thomas Anderson