From b58288b7fb97f2dde216da38bbc5a83217aec0bc Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Sun, 7 Jul 2024 11:19:11 +0200
Subject: [PATCH 1/4] fixed rhbz#2293202, chromium Wayland UI regression

---
 chromium-browser.sh |  1 -
 chromium.conf       | 22 ++++++++++++++++------
 chromium.spec       |  5 ++++-
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/chromium-browser.sh b/chromium-browser.sh
index 26f6a7c5..4ed62f5b 100755
--- a/chromium-browser.sh
+++ b/chromium-browser.sh
@@ -39,7 +39,6 @@ CHROMIUM_DISTRO_FLAGS=" --enable-plugins \
                         --enable-extensions \
                         --enable-user-scripts \
                         --enable-printing \
-                        --enable-gpu-rasterization \
                         --enable-sync \
                         --auto-ssl-client-auth @@EXTRA_FLAGS@@"
 
diff --git a/chromium.conf b/chromium.conf
index 267f62ee..62cecce8 100644
--- a/chromium.conf
+++ b/chromium.conf
@@ -1,17 +1,25 @@
 # system wide chromium flags
 
+ARCH="$(arch)"
+
 # GRAPHIC_DRIVER=[amd|intel|nvidia|default]
 GRAPHIC_DRIVER=default
 
 # WEB_DARKMODE=[on|off]
 WEB_DARKMODE=off
 
+# NATIVE_WAYLAND=[on|off]
+NATIVE_WAYLAND=off
+
 CHROMIUM_FLAGS=""
-CHROMIUM_FLAGS+=" --enable-native-gpu-memory-buffers"
-CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames"
-CHROMIUM_FLAGS+=" --enable-zero-copy"
-CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround"
-CHROMIUM_FLAGS+=" --enable-chrome-browser-cloud-management"
+if [ "$NATIVE_WAYLAND" == "off" ] ; then
+   CHROMIUM_FLAGS+=" --enable-native-gpu-memory-buffers"
+   CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames"
+   CHROMIUM_FLAGS+=" --enable-zero-copy"
+   CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround"
+   CHROMIUM_FLAGS+=" --enable-chrome-browser-cloud-management"
+   CHROMIUM_FLAGS+=" --enable-gpu-rasterization"
+fi
 
 FEATURES=""
 
@@ -45,4 +53,6 @@ if [ "$WEB_DARKMODE" == "on" ] ; then
    FEATURES+=",$darktype"
 fi
 
-CHROMIUM_FLAGS+=" --enable-features=$FEATURES"
+if [ "$ARCH" == "x86_64" ] ; then
+   CHROMIUM_FLAGS+=" --enable-features=$FEATURES"
+fi
diff --git a/chromium.spec b/chromium.spec
index 8f1e924b..5c6a9edb 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -311,7 +311,7 @@
 
 Name:	chromium%{chromium_channel}
 Version: 126.0.6478.126
-Release: 1%{?dist}
+Release: 2%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
 License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@@ -2131,6 +2131,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif
 
 %changelog
+* Sun Jul 07 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-2
+- fixed rhbz#2293202, chromium Wayland UI regression
+
 * Tue Jun 25 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-1
 - update to 126.0.6478.126
   * High CVE-2024-6290: Use after free in Dawn

From 3e5a07d28047873d00d624df1041c7d9baf3f470 Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Fri, 12 Jul 2024 16:25:45 +0200
Subject: [PATCH 2/4] drop qt5 ui i n rawhide

---
 chromium.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chromium.spec b/chromium.spec
index 5c6a9edb..735f12ac 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -196,7 +196,7 @@
 
 %if 0%{?rhel} > 9 || 0%{?fedora} > 39
 %global use_qt6 1
-%global use_qt 1
+%global use_qt 0
 %else
 %if 0%{?rhel} == 8 || 0%{?rhel} == 9 || 0%{?fedora}
 %global use_qt6 0

From c5bf1b53c60711bd1ac5862dc2affb6299588821 Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Sat, 13 Jul 2024 00:01:00 +0200
Subject: [PATCH 3/4] made qt5-ui and qt6-ui as subpackage

---
 chromium.spec | 30 ++++++++++++++++++++++++------
 1 file changed, 24 insertions(+), 6 deletions(-)

diff --git a/chromium.spec b/chromium.spec
index 735f12ac..fd3c0310 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -196,7 +196,7 @@
 
 %if 0%{?rhel} > 9 || 0%{?fedora} > 39
 %global use_qt6 1
-%global use_qt 0
+%global use_qt 1
 %else
 %if 0%{?rhel} == 8 || 0%{?rhel} == 9 || 0%{?fedora}
 %global use_qt6 0
@@ -1125,6 +1125,20 @@ A minimal headless client built from Chromium. headless_shell is built
 without support for alsa, cups, dbus, gconf, gio, kerberos, pulseaudio, or 
 udev.
 
+%package qt5-ui
+Summary: Qt5 UI built from Chromium
+Requires: chromium%{_isa} = %{version}-%{release}
+
+%description qt5-ui
+Qt5 UI for chromium.
+
+%package qt6-ui
+Summary: Qt6 UI built from Chromium
+Requires: chromium%{_isa} = %{version}-%{release}
+
+%description qt6-ui
+Qt6 UI for chromium.
+
 %prep
 %setup -q -n chromium-%{version}
 
@@ -2005,17 +2019,21 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %{chromium_path}/%{chromium_browser_channel}
 %{chromium_path}/%{chromium_browser_channel}.sh
 %attr(4755, root, root) %{chromium_path}/chrome-sandbox
+%{_mandir}/man1/%{chromium_browser_channel}.*
+%{_datadir}/icons/hicolor/*/apps/%{chromium_browser_channel}.png
+%{_datadir}/applications/*.desktop
+%{_datadir}/metainfo/*.appdata.xml
+%{_datadir}/gnome-control-center/default-apps/chromium-browser.xml
+
 %if %{use_qt}
+%files qt5-ui
 %{chromium_path}/libqt5_shim.so
 %endif
+
 %if %{use_qt6}
+%files qt6-ui
 %{chromium_path}/libqt6_shim.so
 %endif
-%{_mandir}/man1/%{chromium_browser_channel}.*
-%{_datadir}/icons/hicolor/*/apps/%{chromium_browser_channel}.png
-%{_datadir}/applications/*.desktop
-%{_datadir}/metainfo/*.appdata.xml
-%{_datadir}/gnome-control-center/default-apps/chromium-browser.xml
 
 %files common
 %if %{build_clear_key_cdm}

From 8d635cb4c462aa487394ee490f525a59fa7eca71 Mon Sep 17 00:00:00 2001
From: Than Ngo <than@redhat.com>
Date: Wed, 17 Jul 2024 10:49:21 +0200
Subject: [PATCH 4/4] - update to 126.0.6478.182   * High CVE-2024-6772:
 Inappropriate implementation in V8   * High CVE-2024-6773: Type Confusion in
 V8   * High CVE-2024-6774: Use after free in Screen Capture   * High
 CVE-2024-6775: Use after free in Media Stream   * High CVE-2024-6776: Use
 after free in Audio   * High CVE-2024-6777: Use after free in Navigation   *
 High CVE-2024-6778: Race in DevTools   * High CVE-2024-6779: Out of bounds
 memory access in V8

---
 chromium.spec | 15 +++++++++++++--
 sources       |  2 +-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/chromium.spec b/chromium.spec
index fd3c0310..931b9c04 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -310,8 +310,8 @@
 %endif
 
 Name:	chromium%{chromium_channel}
-Version: 126.0.6478.126
-Release: 2%{?dist}
+Version: 126.0.6478.182
+Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
 License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@@ -2149,6 +2149,17 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif
 
 %changelog
+* Tue Jul 16 2024 Than Ngo <than@redhat.com> - 126.0.6478.182-1
+- update to 126.0.6478.182
+  * High CVE-2024-6772: Inappropriate implementation in V8
+  * High CVE-2024-6773: Type Confusion in V8
+  * High CVE-2024-6774: Use after free in Screen Capture
+  * High CVE-2024-6775: Use after free in Media Stream
+  * High CVE-2024-6776: Use after free in Audio
+  * High CVE-2024-6777: Use after free in Navigation
+  * High CVE-2024-6778: Race in DevTools
+  * High CVE-2024-6779: Out of bounds memory access in V8
+
 * Sun Jul 07 2024 Than Ngo <than@redhat.com> - 126.0.6478.126-2
 - fixed rhbz#2293202, chromium Wayland UI regression
 
diff --git a/sources b/sources
index 15e82efc..6efdb7ee 100644
--- a/sources
+++ b/sources
@@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
 SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
-SHA512 (chromium-126.0.6478.126-clean.tar.xz) = 38a3df461cd883828e179d2e566a639030a600c08341a54d05062e30beab05fc2a49da8953d139c51090204551c3e2f7c204b3905c88db056c863b0ff8f444d8
+SHA512 (chromium-126.0.6478.182-clean.tar.xz) = f442fe2b8e79f9b48e29e7e122815142e6cff7d767cc21ce390e367ae8ee374c4bf6334477fe3fb2a5514d5b2d8a5d724542de7cf3adeafb6efda75e9ee157f7