From dd44f0abc6bba0df70af53b5a7a7f898d38e396c Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Tue, 11 Feb 2025 20:50:45 +0100
Subject: [PATCH 1/3] Set clang_base_path correctly for f43 and later

---
 chromium.spec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/chromium.spec b/chromium.spec
index 30f6ee10..9bcf736a 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -1244,7 +1244,11 @@ rust_sysroot_absolute="$(rustc --print sysroot)"
 
 # set clang version
 clang_version="$(clang --version | sed -n 's/clang version //p' | cut -d. -f1)"
+%if 0%{?fedora} > 42
+clang_base_path="/usr"
+%else
 clang_base_path="$(clang --version | grep InstalledDir | cut -d' ' -f2 | sed 's#/bin##')"
+%endif
 
 # Core defines are flags that are true for both the browser and headless.
 CHROMIUM_CORE_GN_DEFINES=""

From ed617fb21218a3fa4be7a5b70f426426edf53912 Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Wed, 12 Feb 2025 20:35:07 +0100
Subject: [PATCH 2/3] Fix build error with new pipewire in f43

---
 chromium-133-pipewire-cast.patch | 21 +++++++++++++++++++++
 chromium.spec                    |  7 +++++++
 2 files changed, 28 insertions(+)
 create mode 100644 chromium-133-pipewire-cast.patch

diff --git a/chromium-133-pipewire-cast.patch b/chromium-133-pipewire-cast.patch
new file mode 100644
index 00000000..670cb70e
--- /dev/null
+++ b/chromium-133-pipewire-cast.patch
@@ -0,0 +1,21 @@
+diff -up chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc.me chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc
+--- chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc.me	2025-02-12 19:09:54.742875003 +0100
++++ chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc	2025-02-12 19:12:17.492620559 +0100
+@@ -87,7 +87,7 @@ PipeWireNode::PipeWireNode(PipeWireSessi
+       .param = OnNodeParam,
+   };
+ 
+-  pw_node_add_listener(proxy_, &node_listener_, &node_events, this);
++  pw_node_add_listener((struct pw_node*) proxy_, &node_listener_, &node_events, this);
+ }
+ 
+ // static
+@@ -119,7 +119,7 @@ void PipeWireNode::OnNodeInfo(void* data
+       uint32_t id = info->params[i].id;
+       if (id == SPA_PARAM_EnumFormat &&
+           info->params[i].flags & SPA_PARAM_INFO_READ) {
+-        pw_node_enum_params(that->proxy_, 0, id, 0, UINT32_MAX, nullptr);
++        pw_node_enum_params((struct pw_node*)that->proxy_, 0, id, 0, UINT32_MAX, nullptr);
+         break;
+       }
+     }
diff --git a/chromium.spec b/chromium.spec
index 9bcf736a..4058c995 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -357,6 +357,9 @@ Patch353: chromium-127-aarch64-duplicate-case-value.patch
 # remove flag split-threshold-for-reg-with-hint, it's not supported in clang <= 17
 Patch354: chromium-126-split-threshold-for-reg-with-hint.patch
 
+# fix build error with new pipewire in f43
+Patch356: chromium-133-pipewire-cast.patch
+
 # fix build error: no member named 'hardware_destructive_interference_size' in namespace 'std'
 Patch355: chromium-130-hardware_destructive_interference_size.patch
 
@@ -1060,6 +1063,10 @@ Qt6 UI for chromium.
 
 %patch -P355 -p1 -b .hardware_destructive_interference_size
 
+%if 0%{?fedora} > 42
+%patch -P356 -p1 -b .pipewire-cast
+%endif
+
 %patch -P358 -p1 -b .rust-clang_lib
 
 %ifarch ppc64le

From a05771b757db0efbbfbefd5d17701750f91c759a Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Thu, 13 Feb 2025 12:23:57 +0100
Subject: [PATCH 3/3] - Update to 133.0.6943.98   * CVE-2025-0995: Use after
 free in V8   * CVE-2025-0996: Inappropriate implementation in Browser UI   *
 CVE-2025-0997: Use after free in Navigation   * CVE-2025-0998: Out of bounds
 memory access in V

---
 chromium.spec | 9 ++++++++-
 sources       | 2 +-
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/chromium.spec b/chromium.spec
index 4058c995..d3c105a3 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -271,7 +271,7 @@
 %endif
 
 Name:	chromium%{chromium_channel}
-Version: 133.0.6943.53
+Version: 133.0.6943.98
 Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@@ -1796,6 +1796,13 @@ fi
 %endif
 
 %changelog
+* Thu Feb 13 2025 Than Ngo <than@redhat.com> - 133.0.6943.98-1
+- Update to 133.0.6943.98
+  * CVE-2025-0995: Use after free in V8
+  * CVE-2025-0996: Inappropriate implementation in Browser UI
+  * CVE-2025-0997: Use after free in Navigation
+  * CVE-2025-0998: Out of bounds memory access in V8
+
 * Tue Feb 04 2025 Than Ngo <than@redhat.com> - 133.0.6943.53-1
 - Update to 133.0.6943.53
   * CVE-2025-0444: Use after free in Skia
diff --git a/sources b/sources
index dd44a7a9..e37960ea 100644
--- a/sources
+++ b/sources
@@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
 SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
-SHA512 (chromium-133.0.6943.53-clean.tar.xz) = 0ae9f0e38993eb87b3fdfe5170e4db8e962e257c5b36eb88f1c4ced32424da9ffec08d69b746cb29b92b8de137e9bca96d621faad511f220c59171680eed3044
+SHA512 (chromium-133.0.6943.98-clean.tar.xz) = 2a1382b00d8e48a9404c735cd9f80d78f3d1904ae501ea507ae6b528e5c664ade64799963f7fdb5f04592ae77d7a7a8e65e877278577cd4e92b3247228f8803b