Architecture specific change in rpms/chromium.git - Arch-excludes - Fedora mailing-lists

27 Mar 2024

The package rpms/chromium.git has added or updated architecture specific content in its
spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s):
https://src.fedoraproject.org/cgit/rpms/chromium.git/commit/?id=e64265a9ddca....
Change:
+%ifarch ppc64le
Thanks.
Full change:
============
commit aeeaa52f2a12c61473e17722d73a95670bd82544
Author: Than Ngo than@redhat.com
Date:   Wed Mar 27 11:10:46 2024 +0100
add missing fix-clang-selection.patch

diff --git a/fix-clang-selection.patch b/fix-clang-selection.patch
new file mode 100644
index 0000000..b869fca
--- /dev/null
+++ b/fix-clang-selection.patch
@@ -0,0 +1,12 @@
+Index: chromium-123.0.6312.86/build/config/BUILDCONFIG.gn
+===================================================================
+--- chromium-123.0.6312.86.orig/build/config/BUILDCONFIG.gn
++++ chromium-123.0.6312.86/build/config/BUILDCONFIG.gn
+@@ -138,7 +138,6 @@ declare_args() {
+   # Set to true when compiling with the Clang compiler.
+   is_clang = current_os != "linux" ||
+              (current_cpu != "s390x" && current_cpu != "s390" &&
+-              current_cpu != "ppc64" && current_cpu != "ppc" &&
+               current_cpu != "mips" && current_cpu != "mips64" &&
+               current_cpu != "riscv64")
+
commit e64265a9ddcaf18e6a16028005690e61b81b0b9f
Author: Than Ngo than@redhat.com
Date:   Wed Mar 27 11:08:27 2024 +0100
- update to 123.0.6312.86
      * Critical CVE-2024-2883: Use after free in ANGLE
      * High CVE-2024-2885: Use after free in Daw
      * High CVE-2024-2886: Use after free in WebCodecs
      * High CVE-2024-2887: Type Confusion in WebAssembly
diff --git a/0001-Add-PPC64-support-for-boringssl.patch b/0001-Add-PPC64-support-for-boringssl.patch
index ab5a175..2e35ef9 100644
--- a/0001-Add-PPC64-support-for-boringssl.patch
+++ b/0001-Add-PPC64-support-for-boringssl.patch
@@ -5086,7 +5086,7 @@ Index: chromium-123.0.6312.58/third_party/boringssl/src/crypto/fipsmodule/sha/in
  #endif
+#if defined(OPENSSL_PPC64LE) ||                                                   \
-+    (!defined(OPENSSL_NO_ASM) && (defined(OPENSSL_X86) || defined(OPENSSL_ARM)))
++    (!defined(OPENSSL_NO_ASM) && defined(OPENSSL_X86))
 +// POWER has an intrinsics-based implementation of SHA-1 and thus the functions
 +// normally defined in assembly are available even with |OPENSSL_NO_ASM| in
 +// this case.
diff --git a/chromium.spec b/chromium.spec
index 72c5e16..8c04d90 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -35,6 +35,9 @@
# enable|disable headless client build
 %global build_headless 1
+%ifarch ppc64le
+%global build_headless 0
+%endif
# enable|disable chrome-remote-desktop build
 %global build_remoting 0
@@ -303,8 +306,8 @@
 %endif
Name:	chromium%{chromium_channel}
-Version: 123.0.6312.58
-Release: 2%{?dist}
+Version: 123.0.6312.86
+Release: 1%{?dist}
 Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
 Url: http://www.chromium.org/Home
 License: BSD-3-Clause AND LGPL-2.1-or-later AND Apache-2.0 AND IJG AND MIT AND GPL-2.0-or-later AND ISC AND OpenSSL AND (MPL-1.1 OR GPL-2.0-only OR LGPL-2.0-only)
@@ -558,6 +561,7 @@ Patch413: fix-unknown-warning-option-messages.diff
 # and Highway gets confused when building in POWER8 mode
 # (POWER8 compiler flags) on POWER9 hosts.
 Patch414: 0002-Highway-disable-128-bit-vsx.patch
+Patch415: fix-clang-selection.patch
# upstream patches
 # 64kpage support on el8
@@ -1313,6 +1317,7 @@ udev.
 %patch -P413 -p1 -b .fix-unknown-warning-option-messages
%patch -P414 -p1 -b .0002-Highway-disable-128-bit-vsx
+%patch -P415 -p1 -b .fix-clang-selection
 %endif
%%ifarch aarch64
@@ -2115,6 +2120,13 @@ getent group chrome-remote-desktop >/dev/null || groupadd -r chrome-remote-deskt
 %endif
%changelog
+* Wed Mar 27 2024 Than Ngo than@redhat.com - 123.0.6312.86-2
+- update to 123.0.6312.86
+  * Critical CVE-2024-2883: Use after free in ANGLE
+  * High CVE-2024-2885: Use after free in Daw
+  * High CVE-2024-2886: Use after free in WebCodecs
+  * High CVE-2024-2887: Type Confusion in WebAssembly
+
 * Sat Mar 23 2024 Than Ngo than@redhat.com - 123.0.6312.58-2
 - fixed bz#2269768 - enable build ppc64le package for F40
 - fixed bz#2270321 - VAAPI flags in chromium.conf are out of date
diff --git a/sources b/sources
index bce4070..c2f7d83 100644
--- a/sources
+++ b/sources
@@ -2,4 +2,4 @@ SHA512 (node-v20.6.1-linux-arm64.tar.xz) = adfcaf2c22614797fd69fb46d94c1cbf64dea
 SHA512 (node-v20.6.1-linux-x64.tar.xz) = 7e15c05041a9a50f0046266aadb2e092a5aefbec19be1c7c809471add520cb57c7df3c47d88b1888b29bf2979dca3c92adddfd965370fa2a9da4ea02186464fd
 SHA512 (linux-arm64-0.19.2.tgz) = 8a0d8fec6786fffcd6954d00820037a55d61e60762c74300df0801f8db27057562c221a063bedfb8df56af9ba80abb366336987e881782c5996e6f871abd3dc6
 SHA512 (linux-x64-0.19.2.tgz) = a31cc74c4bfa54f9b75d735a1cfc944d3b5efb7c06bfba9542da9a642ae0b2d235ea00ae84d3ad0572c406405110fe7b61377af0fd15803806ef78d20fc6f05d
-SHA512 (chromium-123.0.6312.58-clean.tar.xz) = 17424362c1bf3aa4602bf751f21b8f240a0e061fdeced1c3ceed6565326b8a6b43c158eb726d9d47e96883320789384b265331b1ae91a9eca095b388052514a8
+SHA512 (chromium-123.0.6312.86-clean.tar.xz) = af2244ac4354f879048bbc1d1121f3b2c6ff41eebfba09569a2b04f5a1132256e1aec4e061b0044e4ff7ddcc524d15f40f2e40daf34df18046847d5f529dc0ce

    