Merge branch 'rawhide' into epel8

chromium-133-pipewire-cast.patch

@@ -0,0 +1,21 @@
+diff -up chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc.me chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc
+--- chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc.me	2025-02-12 19:09:54.742875003 +0100
++++ chromium-133.0.6943.53/third_party/webrtc/modules/video_capture/linux/pipewire_session.cc	2025-02-12 19:12:17.492620559 +0100
+@@ -87,7 +87,7 @@ PipeWireNode::PipeWireNode(PipeWireSessi
+       .param = OnNodeParam,
+   };
+ 
+-  pw_node_add_listener(proxy_, &node_listener_, &node_events, this);
++  pw_node_add_listener((struct pw_node*) proxy_, &node_listener_, &node_events, this);
+ }
+ 
+ // static
+@@ -119,7 +119,7 @@ void PipeWireNode::OnNodeInfo(void* data
+       uint32_t id = info->params[i].id;
+       if (id == SPA_PARAM_EnumFormat &&
+           info->params[i].flags & SPA_PARAM_INFO_READ) {
+-        pw_node_enum_params(that->proxy_, 0, id, 0, UINT32_MAX, nullptr);
++        pw_node_enum_params((struct pw_node*)that->proxy_, 0, id, 0, UINT32_MAX, nullptr);
+         break;
+       }
+     }

chromium.spec

@@ -271,7 +271,7 @@
 %endif
 
 Name:	chromium%{chromium_channel}
-Version: 133.0.6943.53
+Version: 133.0.6943.98
 Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
@@ -357,6 +357,9 @@ Patch353: chromium-127-aarch64-duplicate-case-value.patch
 # remove flag split-threshold-for-reg-with-hint, it's not supported in clang <= 17
 Patch354: chromium-126-split-threshold-for-reg-with-hint.patch
 
+# fix build error with new pipewire in f43
+Patch356: chromium-133-pipewire-cast.patch
+
 # fix build error: no member named 'hardware_destructive_interference_size' in namespace 'std'
 Patch355: chromium-130-hardware_destructive_interference_size.patch
 
@@ -1060,6 +1063,10 @@ Qt6 UI for chromium.
 
 %patch -P355 -p1 -b .hardware_destructive_interference_size
 
+%if 0%{?fedora} > 42
+%patch -P356 -p1 -b .pipewire-cast
+%endif
+
 %patch -P358 -p1 -b .rust-clang_lib
 
 %ifarch ppc64le
@@ -1244,7 +1251,11 @@ rust_sysroot_absolute="$(rustc --print sysroot)"
 
 # set clang version
 clang_version="$(clang --version | sed -n 's/clang version //p' | cut -d. -f1)"
+%if 0%{?fedora} > 42
+clang_base_path="/usr"
+%else
 clang_base_path="$(clang --version | grep InstalledDir | cut -d' ' -f2 | sed 's#/bin##')"
+%endif
 
 # Core defines are flags that are true for both the browser and headless.
 CHROMIUM_CORE_GN_DEFINES=""
@@ -1785,6 +1796,13 @@ fi
 %endif
 
 %changelog
+* Thu Feb 13 2025 Than Ngo <than@redhat.com> - 133.0.6943.98-1
+- Update to 133.0.6943.98
+  * CVE-2025-0995: Use after free in V8
+  * CVE-2025-0996: Inappropriate implementation in Browser UI
+  * CVE-2025-0997: Use after free in Navigation
+  * CVE-2025-0998: Out of bounds memory access in V8
+
 * Tue Feb 04 2025 Than Ngo <than@redhat.com> - 133.0.6943.53-1
 - Update to 133.0.6943.53
   * CVE-2025-0444: Use after free in Skia

sources

@@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
 SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
-SHA512 (chromium-133.0.6943.53-clean.tar.xz) = 0ae9f0e38993eb87b3fdfe5170e4db8e962e257c5b36eb88f1c4ced32424da9ffec08d69b746cb29b92b8de137e9bca96d621faad511f220c59171680eed3044
+SHA512 (chromium-133.0.6943.98-clean.tar.xz) = 2a1382b00d8e48a9404c735cd9f80d78f3d1904ae501ea507ae6b528e5c664ade64799963f7fdb5f04592ae77d7a7a8e65e877278577cd4e92b3247228f8803b