@ -209,27 +209,24 @@
%global use_qt6 0
%endif
# enable gtk3 by default
%global gtk3 1
# Chromium's fork of ICU is now something we can't unbundle.
# This is left here to ease the change if that ever switches.
%global bundleicu 1
# system libre2.so is not supported with use_custom_libcxx=true
# because the library's interface relies on libstdc++'s std::string and std::vector.
# bundle re2, jsoncpp, woff2 - build errors with use_custom_libcxx=true
%global bundlere2 1
# The libxml_utils code depends on the specific bundled libxml checkout
# which is not compatible with the current code in the Fedora package as of
# 2017-06-08.
%global bundlelibxml 1
%global bundlejsoncpp 1
%global bundlewoff2 1
%global bundlelibaom 1
%global bundlelibavif 1
%global bundledav1d 1
%global bundlesnappy 1
# Fedora's Python 2 stack is being removed, we use the bundled Python libraries
# This can be revisited once we upgrade to Python 3
%global bundlepylibs 0
%global bundlelibxslt 0
%global bundleflac 0
# RHEL 7.9 dropped minizip.
# enable bundleminizip for Fedora > 39 due to switch to minizip-ng
@ -251,14 +248,17 @@
%global bundlefontconfig 1
%global bundleffmpegfree 1
%global bundlebrotli 1
%global bundlelibopenjpeg2 1
%global bundlelcms2 1
%global bundlelibtiff 1
%global bundlecrc32c 1
%global bundledoubleconversion 1
%global bundlelibsecret 1
%global bundlelibXNVCtrl 1
%global bundlelibxml 1
%global bundlelibevent 1
%else
%if 0%{?fedora} > 37
%global bundleharfbuzz 0
%else
%global bundleharfbuzz 1
%endif
# disable system brotli due to old system brotli on el and fedora < 38
%if 0%{?fedora} > 38
%if 0%{?fedora} > 38 || 0%{?rhel} > 9
%global bundlebrotli 0
%else
%global bundlebrotli 1
@ -272,14 +272,29 @@
%global bundlefontconfig 0
%global bundleffmpegfree 0
%global bundlefreetype 0
%global bundlelibopenjpeg2 0
%global bundlelcms2 0
%global bundlelibtiff 0
%if 0%{?rhel} == 9
%global bundlecrc32c 1
%global bundleharfbuzz 1
%else
%global bundlecrc32c 0
%global bundleharfbuzz 0
%endif
%global bundledoubleconversion 0
%global bundlelibsecret 0
%global bundlelibXNVCtrl 0
%global bundlelibxml 0
%global bundlelibevent 0
%endif
%if %{with gost}
# Build with GOST patches
# https://github.com/deemru/chromium-gost/
%global gost_build 1
%define chromium_gost_commit aff4f48d738ad3749a3aa7544191f3318e2b9a84
%define msspi_commit 78f4c728303ba8c863c45fc1fda595b0b56741b8
%define chromium_gost_commit be00390a8bd3cf445bcaaeccada3324f4e1067b3
%define msspi_commit 6a2dba691dfcaa7a17aace6f798b8d5024631489
%define chromium_path_gost %{_builddir}/chromium-gost
%endif
@ -317,8 +332,8 @@
%endif
Name: chromium%{chromium_channel}
Version: 121.0.6167.139
Release: 2 %{?dist}.inferit
Version: 121.0.6167.160
Release: 1 %{?dist}.inferit
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@ -372,10 +387,8 @@ Patch82: chromium-98.0.4758.102-remoting-no-tests.patch
# patch for using system brotli
Patch89: chromium-116-system-brotli.patch
# disable GlobalMediaControlsCastStartStop to avoid crash
# when using the address bar media player button
# it works with use_custom_libcxx=true
Patch90: chromium-120-disable-GlobalMediaControlsCastStartStop.patch
# patch for using system libxml
Patch90: chromium-121-system-libxml.patch
# patch for using system opus
Patch91: chromium-108-system-opus.patch
@ -546,7 +559,7 @@ Source50: https://upload.wikimedia.org/wikipedia/commons/f/f1/Yandex_logo_2021_R
%if %{with gost}
# GOST
Source101: https://github.com/deemru/chromium-gost/archive/%{chromium_gost_commit}.tar.gz#/chromium-g ost-%{chromium_gost_commit}.tar.gz
Source101: https://github.com/deemru/chromium-gost/archive/%{chromium_gost_commit}.tar.gz#/Chromium-G ost-%{chromium_gost_commit}.tar.gz
Source102: https://github.com/deemru/msspi/archive/%{msspi_commit}.tar.gz#/msspi-%{msspi_commit}.tar.gz
Source103: chromium-browser-gost-icons.tar.xz
%endif
@ -697,17 +710,58 @@ BuildRequires: dbus-glib-devel
# For eu-strip
BuildRequires: elfutils
BuildRequires: elfutils-libelf-devel
%if ! %{bundleflac}
BuildRequires: flac-devel
%endif
%if ! %{bundlefreetype}
BuildRequires: freetype-devel
%endif
%if ! %{bundlecrc32c}
BuildRequires: google-crc32c-devel
%endif
%if ! %{bundlewoff2}
BuildRequires: woff2-devel
%endif
%if ! %{bundledav1d}
BuildRequires: libdav1d-devel
%endif
%if ! %{bundlelibavif}
BuildRequires: libavif-devel
%endif
%if ! %{bundlejsoncpp}
BuildRequires: jsoncpp-devel
%endif
%if ! %{bundlelibsecret}
BuildRequires: libsecret-devel
%endif
%if ! %{bundledoubleconversion}
BuildRequires: double-conversion-devel
%endif
%if ! %{bundlesnappy}
BuildRequires: snappy-devel
%endif
%if ! %{bundlelibXNVCtrl}
BuildRequires: libXNVCtrl-devel
%endif
# One of the python scripts invokes git to look for a hash. So helpful.
BuildRequires: /usr/bin/git
BuildRequires: hwdata
BuildRequires: kernel-headers
%if ! %{bundlelibevent}
BuildRequires: libevent-devel
%endif
BuildRequires: libffi-devel
%if ! %{bundleicu}
@ -729,6 +783,18 @@ BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
%endif
%if ! %{bundlelibopenjpeg2}
BuildRequires: openjpeg2-devel
%endif
%if ! %{bundlelcms2}
BuildRequires: lcms2-devel
%endif
%if ! %{bundlelibtiff}
BuildRequires: libtiff-devel
%endif
BuildRequires: libudev-devel
%if ! %{bundlelibusbx}
@ -747,7 +813,10 @@ BuildRequires: libva-devel
BuildRequires: libwebp-devel
%endif
%if ! %{bundlelibxslt}
BuildRequires: libxslt-devel
%endif
BuildRequires: libxshmfence-devel
# Same here, it seems.
@ -820,12 +889,7 @@ Requires: system-bookmarks
Requires: nss%{_isa} >= 3.26
Requires: nss-mdns%{_isa}
# GTK modules it expects to find for some reason.
%if %{gtk3}
Requires: libcanberra-gtk3%{_isa}
%else
Requires: libcanberra-gtk2%{_isa}
%endif
%if 0%{?fedora}
# This enables support for u2f tokens
@ -1109,8 +1173,10 @@ sed -i 's/std::string data_dir_basename = "chromium"/std::string data_dir_basena
%patch -P89 -p1 -b .system-brotli
%endif
%if ! %{use_custom_libcxx}
%patch -P90 -p1 -b .disable-GlobalMediaControlsCastStartStop
%if ! %{bundlelibxml}
%if 0%{?fedora} && 0%{?fedora} < 40 || 0%{?rhel} && 0%{?rhel} < 10
%patch -P90 -p1 -b .system-libxml
%endif
%endif
%if ! %{bundleopus}
@ -1360,10 +1426,7 @@ sed -i 's|OFFICIAL_BUILD|GOOGLE_CHROME_BUILD|g' tools/generate_shim_headers/gene
CHROMIUM_CORE_GN_DEFINES+=' chrome_pgo_phase=0'
%if %{cfi}
CHROMIUM_CORE_GN_DEFINES+=' is_cfi=true'
%else
%if ! %{cfi}
CHROMIUM_CORE_GN_DEFINES+=' is_cfi=false'
%endif
@ -1391,7 +1454,7 @@ CHROMIUM_CORE_GN_DEFINES+=' use_lld=false'
CHROMIUM_CORE_GN_DEFINES+=' rust_sysroot_absolute="%{_prefix}"'
CHROMIUM_CORE_GN_DEFINES+=" rustc_version=\"$rustc_version\""
CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false disable_fieldtrial_testing_config=true '
CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false'
%if %{use_gold}
CHROMIUM_CORE_GN_DEFINES+=' use_gold=true'
@ -1407,9 +1470,7 @@ CHROMIUM_CORE_GN_DEFINES+=' icu_use_data_file=true'
CHROMIUM_CORE_GN_DEFINES+=' target_os="linux"'
CHROMIUM_CORE_GN_DEFINES+=' current_os="linux"'
CHROMIUM_CORE_GN_DEFINES+=' treat_warnings_as_errors=false'
%if %{use_custom_libcxx}
CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=true'
%else
%if ! %{use_custom_libcxx}
CHROMIUM_CORE_GN_DEFINES+=' use_custom_libcxx=false'
%endif
CHROMIUM_CORE_GN_DEFINES+=' enable_iterator_debugging=false'
@ -1417,7 +1478,6 @@ CHROMIUM_CORE_GN_DEFINES+=' enable_vr=false'
CHROMIUM_CORE_GN_DEFINES+=' build_dawn_tests=false enable_perfetto_unittests=false'
CHROMIUM_CORE_GN_DEFINES+=' disable_fieldtrial_testing_config=true'
CHROMIUM_CORE_GN_DEFINES+=' symbol_level=%{debug_level}'
CHROMIUM_CORE_GN_DEFINES+=' blink_enable_generated_code_formatting=false'
CHROMIUM_CORE_GN_DEFINES+=' angle_has_histograms=false'
export CHROMIUM_CORE_GN_DEFINES
@ -1447,7 +1507,6 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_qt6=false'
CHROMIUM_BROWSER_GN_DEFINES+=' use_gio=true use_pulseaudio=true'
CHROMIUM_BROWSER_GN_DEFINES+=' enable_hangout_services_extension=true'
CHROMIUM_BROWSER_GN_DEFINES+=' use_aura=true'
CHROMIUM_BROWSER_GN_DEFINES+=' enable_widevine=true'
%if %{use_vaapi}
@ -1464,7 +1523,28 @@ CHROMIUM_BROWSER_GN_DEFINES+=' use_v4l2_codec=true'
CHROMIUM_BROWSER_GN_DEFINES+=' rtc_use_pipewire=true rtc_link_pipewire=true'
%endif
%if ! %{bundlelibjpeg}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libjpeg=true'
%endif
%if ! %{bundlelibpng}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libpng=true'
%endif
%if ! %{bundlelibopenjpeg2}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libopenjpeg2=true'
%endif
%if ! %{bundlelcms2}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_lcms2=true'
%endif
%if ! %{bundlelibtiff}
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libtiff=true'
%endif
CHROMIUM_BROWSER_GN_DEFINES+=' use_system_libffi=true'
export CHROMIUM_BROWSER_GN_DEFINES
# headless gn defines
@ -1480,54 +1560,94 @@ CHROMIUM_HEADLESS_GN_DEFINES+=' use_qt=false use_qt6=false is_component_build=fa
CHROMIUM_HEADLESS_GN_DEFINES+=' media_use_libvpx=false proprietary_codecs=false'
export CHROMIUM_HEADLESS_GN_DEFINES
build/linux/unbundle/replace_gn_files.py --system-libraries \
# use system libraries
system_libs=()
%if ! %{bundlelibaom}
libaom \
system_libs+=(libaom)
%endif
%if ! %{bundlelibavif}
system_libs+=(libavif)
%endif
%if ! %{bundlebrotli}
brotli \
system_libs+=(brotli)
%endif
%if ! %{bundlecrc32c}
system_libs+=(crc32c)
%endif
%if ! %{bundledav1d}
system_libs+=(dav1d)
%endif
%if ! %{bundlefontconfig}
fontconfig \
system_libs+=(fontconfig)
%endif
%if ! %{bundleffmpegfree}
system_libs+=(ffmpeg)
%endif
%if ! %{bundlefreetype}
freetype \
system_libs+=(freetype)
%endif
%if ! %{bundleharfbuzz}
harfbuzz-ng \
system_libs+=(harfbuzz-ng)
%endif
%if ! %{bundleicu}
icu \
system_libs+=(icu)
%endif
%if ! %{bundlelibdrm}
libdrm \
system_libs+=(libdrm)
%endif
%if ! %{bundlelibevent}
system_libs+=(libevent)
%endif
%if ! %{bundlelibjpeg}
libjpeg \
system_libs+=(libjpeg)
%endif
%if ! %{bundlelibpng}
libpng \
system_libs+=(libpng)
%endif
%if ! %{bundlelibusbx}
libusb \
system_libs+=(libusb)
%endif
%if ! %{bundlelibwebp}
libwebp \
system_libs+=(libwebp)
%endif
%if ! %{bundlelibxml}
libxml \
system_libs+=(libxml)
%endif
%if ! %{bundlelibxslt}
system_libs+=(libxslt)
%endif
libxslt \
%if ! %{bundleopus}
opus \
system_libs+=(opus)
%endif
%if ! %{bundlere2}
re2 \
system_libs+=(re2)
%endif
%if ! %{bundlewoff2}
system_libs+=(woff2)
%endif
%if ! %{bundleminizip}
zlib \
system_libs+=(zlib)
%endif
%if ! %{bundlejsoncpp}
system_libs+=(jsoncpp)
%endif
%if ! %{bundledoubleconversion}
system_libs+=(double-conversion)
%endif
%if ! %{bundlelibsecret}
system_libs+=(libsecret)
%endif
%if ! %{bundlesnappy}
system_libs+=(snappy)
%endif
%if ! %{bundlelibXNVCtrl}
system_libs+=(libXNVCtrl)
%endif
%if ! %{bundleflac}
system_libs+=(flac)
%endif
flac
build/linux/unbundle/replace_gn_files.py --system-libraries ${system_libs[@]}
# Check that there is no system 'google' module, shadowing bundled ones:
if python3 -c 'import google ; print google.__path__' 2> /dev/null ; then \
@ -1944,6 +2064,11 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%endif
%changelog
* Fri Feb 09 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 121.0.6167.160-1.inferit
- update to 121.0.6167.160
* High CVE-2024-1284: Use after free in Mojo
* High CVE-2024-1283: Heap buffer overflow in Skia
* Sat Feb 3 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 121.0.6167.139-2.inferit
- Define missing bundlelibwebp variable
- update to 121.0.6167.139
