@ -226,8 +226,22 @@
%global bundlelibaom 1
%global bundlelibavif 1
%global bundlesnappy 1
%global bundlezstd 1
%global bundleicu 1
%global bundledav1d 1
%global bundlebrotli 1
%global bundlelibwebp 1
%global bundlecrc32c 1
%global bundleharfbuzz 1
%global bundlelibpng 1
%global bundlelibjpeg 1
%global bundlefreetype 1
%global bundlelibdrm 1
%global bundlefontconfig 1
%global bundleffmpegfree 1
%global bundlelibopenjpeg2 1
%global bundlelibtiff 1
%global bundlelibxml 1
%global bundlepylibs 0
%global bundlelibxslt 0
%global bundleflac 0
@ -240,7 +254,11 @@
%global bundleopus 0
%global bundlelcms2 0
# RHEL 7.9 dropped minizip.
# workaround for build error on aarch64
%ifarch aarch64
%global bundlehighway 1
%endif
# enable bundleminizip for Fedora > 39 due to switch to minizip-ng
# which breaks the build
%global bundleminizip 0
@ -251,44 +269,29 @@
# Always build with internal ffmpeg
%global bundleffmpegfree 0
%if 0%{?rhel} == 8
%global bundleharfbuzz 1
%global bundlelibwebp 1
%global bundlelibpng 1
%global bundlelibjpeg 1
%global bundlefreetype 1
%global bundlelibdrm 1
%global bundlefontconfig 1
%global bundlebrotli 1
%global bundlelibopenjpeg2 1
%global bundlelibtiff 1
%global bundlecrc32c 1
%global bundlelibxml 1
%global bundledav1d 1
%else
%if 0%{?fedora} > 38 || 0%{?rhel} > 9
%global bundlebrotli 0
%global bundlelibwebp 0
%else
%global bundlebrotli 1
%global bundlelibwebp 1
%endif
%if 0%{?fedora} || 0%{?rhel} >= 9
%global bundlezstd 0
%global bundlefontconfig 0
%global bundledav1d 0
%global bundlelibpng 0
%global bundlelibjpeg 0
%global bundlelibdrm 0
%global bundlefontconfig 0
%global bundleffmpegfree 0
%global bundlefreetype 0
%global bundlelibopenjpeg2 0
%global bundlelibtiff 0
%global bundlelibxml 0
%if 0%{?rhel} == 9
%global bundlecrc32c 1
%global bundleharfbuzz 1
%global bundlebrotli 1
%global bundlelibwebp 1
%else
%global bundlecrc32c 0
%global bundleharfbuzz 0
%global bundlebrotli 0
%global bundlelibwebp 0
%endif
%global bundlelibxml 0
%endif
%if %{with gost}
@ -335,7 +338,7 @@
Name: chromium%{chromium_channel}
Version: 127.0.6533.72
Release: 1%{?dist}.inferit
Release: 1%{?dist}.inferit.1
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@ -411,9 +414,7 @@ Patch150: chromium-124-qt6.patch
# disable memory tagging (epel8 on aarch64) due to new feature IFUNC-Resolver
# it is not supported in old glibc < 2.30, error: fatal error: 'sys/ifunc.h' file not found
Patch305: chromium-124-el8-arm64-memory_tagging.patch
Patch306: chromium-126-el8-ifunc-header.patch
# build error: unknown architectural extension on aarch64 (epel8)
Patch307: chromium-124-el8-libdav1d-aarch64.patch
Patch306: chromium-127-el8-ifunc-header.patch
# 64kpage support on aarch64 (el8)
Patch308: chromium-124-el8-support-64kpage.patch
# enable fstack-protector-strong
@ -434,7 +435,7 @@ Patch354: chromium-126-split-threshold-for-reg-with-hint.patch
Patch355: chromium-126-system-libstdc++.patch
# set clang_lib path
Patch358: chromium-124-rust-clang_ lib.patch
Patch358: chromium-127-rust-clang lib.patch
# PowerPC64 LE support
# Timothy Pearson's patchset
@ -514,6 +515,7 @@ Patch501: chromium-127-ninja-1.21.1-deps-part0.patch
Patch502: chromium-127-ninja-1.21.1-deps-part1.patch
Patch503: chromium-127-ninja-1.21.1-deps-part2.patch
Patch504: chromium-127-ninja-1.21.1-deps-part3.patch
Patch505: chromium-127-crabbyavif.patch
# Old Yandex patch
Patch600: 0001-Yandex-as-default-search-engine.patch
@ -557,6 +559,10 @@ Source14: https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-%{esbuild_ve
Source15: https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-%{esbuild_version}.tgz
%endif
# bindgen for epel8
Source16: https://than.fedorapeople.org/epel8/bindgen-cli-aarch64.tar.xz
Source17: https://than.fedorapeople.org/epel8/bindgen-cli-x86_64.tar.xz
# esbuild binary from fedora
%if 0%{?fedora}
BuildRequires: golang-github-evanw-esbuild
@ -594,6 +600,17 @@ BuildRequires: binutils
BuildRequires: rustc
%if 0%{?rhel} == 8
# need to build bindgen on el8
BuildRequires: cargo
%else
BuildRequires: bindgen-cli
%endif
%if ! %{bundlezstd}
BuildRequires: libzstd-devel
%endif
# We do not need to do this with internal build of libffmpeg.so
# build with system ffmpeg-free
#%%if ! %%{bundleffmpegfree}
@ -902,13 +919,6 @@ ExclusiveArch: x86_64 aarch64 ppc64le
ExclusiveArch: x86_64 aarch64
%endif
# FIXME
%if "%{_lib}" == "lib64"
Provides: libffmpeg.so()(64bit)
%else
Provides: libffmpeg.so
%endif
# Bundled bits (I'm sure I've missed some)
Provides: bundled(angle) = 2422
Provides: bundled(bintrees) = 1.0.1
@ -1039,6 +1049,9 @@ Provides: bundled(xdg-user-dirs)
Requires(post): /usr/sbin/semanage
Requires(post): /usr/sbin/restorecon
# Package with libffmpeg.so
Requires: %{name}-ffmpeg%{_isa} = %{version}-%{release}
%description
Chromium is an open-source web browser, powered by WebKit (Blink).
%if %{with gost}
@ -1111,6 +1124,19 @@ Requires: chromium%{chromium_channel}%{_isa} = %{version}-%{release}
%description qt6-ui
Qt6 UI for chromium.
%package ffmpeg
Summary: Library libffmpeg.so
# FIXME
%if "%{_lib}" == "lib64"
Provides: libffmpeg.so()(64bit)
%else
Provides: libffmpeg.so
%endif
Conflicts: %{name} < %{version}-%{release}
%description ffmpeg
Library libffmpeg.so for Chromium based browsers.
%prep
%setup -q -n chromium-%{version}
@ -1219,7 +1245,6 @@ sed -i 's/std::string data_dir_basename = "chromium"/std::string data_dir_basena
%ifarch aarch64
%patch -P305 -p1 -b .el8-memory_tagging
%patch -P306 -p1 -b .el8-ifunc-header
%patch -P307 -p1 -b .el8-libdav1d-aarch64
%patch -P308 -p1 -b .el8-support-64kpage.patch
%endif
%endif
@ -1300,7 +1325,7 @@ sed -i 's/std::string data_dir_basename = "chromium"/std::string data_dir_basena
%patch -P407 -p1 -b .fix-ppc64-linux-syscalls-headers
%patch -P408 -p1 -b .use-sysconf-page-size-on-ppc64
%patch -P409 -p1 -b .partition-alloc-4k-detect
#% %patch -P409 -p1 -b .partition-alloc-4k-detect
%patch -P410 -p1 -b .dawn-fix-typos
%patch -P411 -p1 -b .dawn-fix-ppc64le-detection
@ -1316,6 +1341,8 @@ sed -i 's/std::string data_dir_basename = "chromium"/std::string data_dir_basena
%patch -P504 -p1 -b .ninja-1.21.1-deps
%endif
%patch -P505 -p1 -b .crabbyavif
%patch -P601 -p1 -b .Added-Russian-description-and-summary-for-gnome-soft
%if ! %{with gost}
%patch -P602 -p1 -b .Yandex-as-default-search-engine
@ -1338,6 +1365,20 @@ install -m0644 %{SOURCE50} ./chrome/browser/resources/new_tab_page/icons/google_
# See `man find` for how the `-exec command {} +` syntax works
find -type f \( -iname "*.py" \) -exec sed -i '1s=^#! */usr/bin/\(python\|env python\)[23]\?=#!%{chromium_pybin}=' {} +
# workaround for missing bindgen on el8
%if 0%{?rhel} == 8
%ifarch aarch64
tar -Jxf %{SOURCE16}
%endif
%ifarch x86_64
tar -Jxf %{SOURCE17}
%endif
mkdir -p usr/%{_lib}
pushd usr/%{_lib}
ln -fs %{_libdir}/libclang* .
popd
%endif
# Add correct path for nodejs binary
%if ! %{system_nodejs}
pushd third_party/node/linux
@ -1458,6 +1499,12 @@ export RUSTC_BOOTSTRAP=1
# set rustc version
rustc_version="$(rustc --version)"
# set rust bindgen root
%if 0%{?rhel} == 8
rust_bindgen_root="$PWD%{_prefix}"
%else
rust_bindgen_root="%{_prefix}"
%endif
# set clang version
clang_version="$(clang --version | sed -n 's/clang version //p' | cut -d. -f1)"
@ -1507,6 +1554,7 @@ CHROMIUM_CORE_GN_DEFINES+=' use_lld=false'
# enable system rust
CHROMIUM_CORE_GN_DEFINES+=' rust_sysroot_absolute="%{_prefix}"'
CHROMIUM_CORE_GN_DEFINES+=" rust_bindgen_root=\"$rust_bindgen_root\""
CHROMIUM_CORE_GN_DEFINES+=" rustc_version=\"$rustc_version\""
CHROMIUM_CORE_GN_DEFINES+=' use_sysroot=false'
@ -1706,6 +1754,9 @@ system_libs=()
%if ! %{bundleflac}
system_libs+=(flac)
%endif
%if ! %{bundlezstd}
system_libs+=(zstd)
%endif
%if 0%{?noopenh264}
system_libs+=(openh264)
%endif
@ -2007,7 +2058,6 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%{chromium_path}/chrome_*.pak
%{chromium_path}/chrome_crashpad_handler
%{chromium_path}/resources.pak
%{chromium_path}/libffmpeg.so
%{chromium_path}/%{chromium_browser_channel}
%{chromium_path}/%{chromium_browser_channel}.sh
%attr(4755, root, root) %{chromium_path}/chrome-sandbox
@ -2027,6 +2077,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%{chromium_path}/libqt6_shim.so
%endif
%files ffmpeg
%{chromium_path}/libffmpeg.so
%files common
%if %{build_clear_key_cdm}
%{chromium_path}/libclearkeycdm.so
@ -2141,6 +2194,9 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
%endif
%changelog
* Sat Jul 27 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 127.0.6533.72-1.inferit.1
- Added chromium-ffmpeg package
* Thu Jul 25 2024 Arkady L. Shane <tigro@msvsphere-os.ru> - 127.0.6533.72-1.inferit
- update to 127.0.6533.72
* CVE-2024-6988: Use after free in Downloads