public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Than Ngo <than@than-thinkpadp1gen4i.stuttmso.csb>
To: git-commits@fedoraproject.org
Subject: [rpms/chromium] rawhide: - Update to 149.0.7827.102
Date: Tue, 09 Jun 2026 16:49:10 GMT [thread overview]
Message-ID: <178102375032.1.9839144432813564608.rpms-chromium-a1c2293de67e@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/chromium
Branch : rawhide
Commit : a1c2293de67e3069e4dcda73bc1d9c5ef3cbd80f
Author : Than Ngo <than@than-thinkpadp1gen4i.stuttmso.csb>
Date : 2026-06-09T18:48:31+02:00
Stats : +203/-64 in 9 file(s)
URL : https://src.fedoraproject.org/rpms/chromium/c/a1c2293de67e3069e4dcda73bc1d9c5ef3cbd80f?branch=rawhide
Log:
- Update to 149.0.7827.102
* CVE-2026-11628: Use after free in Ozone
* CVE-2026-11629: Use after free in Ozone
* CVE-2026-11630: Use after free in File Input
* CVE-2026-11631: Use after free in Aura
* CVE-2026-11632: Use after free in TabStrip
* CVE-2026-11633: Use after free in Bluetooth
* CVE-2026-11634: Use after free in Gamepad
* CVE-2026-11635: Use after free in Bluetooth
* CVE-2026-11636: Use after free in Autofill
* CVE-2026-11637: Use after free in Views
* CVE-2026-11638: Use after free in Printing
* CVE-2026-11639: Use after free in Compositing
* CVE-2026-11640: Integer overflow in libyuv
* CVE-2026-11641: Use after free in Bluetooth
* CVE-2026-11642: Use after free in Web Apps
* CVE-2026-11643: Use after free in Proxy
* CVE-2026-11644: Use after free in Views
* CVE-2026-11645: Out of bounds memory access in V8
* CVE-2026-11646: Use after free in ViewTransitions
* CVE-2026-11647: Use after free in Printing
* CVE-2026-11648: Use after free in FullScreen
* CVE-2026-11649: Use after free in V8
* CVE-2026-11650: Use after free in V8
* CVE-2026-11651: Use after free in Network
* CVE-2026-11652: Use after free in Extensions
* CVE-2026-11653: Insufficient validation of untrusted input in Extensions
* CVE-2026-11654: Use after free in CameraCapture
* CVE-2026-11655: Integer overflow in Media
* CVE-2026-11656: Use after free in ServiceWorker
* CVE-2026-11657: Use after free in Payments
* CVE-2026-11658: Insufficient validation of untrusted input in Extensions
* CVE-2026-11659: Insufficient validation of untrusted input in UI
* CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-11661: Use after free in Views
* CVE-2026-11662: Type Confusion in Bindings
* CVE-2026-11663: Use after free in Skia
* CVE-2026-11664: Use after free in Payments
* CVE-2026-11665: Out of bounds read in Dawn
* CVE-2026-11666: Insufficient validation of untrusted input in Input
* CVE-2026-11667: Out of bounds read in WebRTC
* CVE-2026-11668: Uninitialized Use in Codecs
* CVE-2026-11669: Integer overflow in Media
* CVE-2026-11670: Use after free in PDF
* CVE-2026-11671: Use after free in Navigation
* CVE-2026-11672: Out of bounds write in GPU
* CVE-2026-11673: Use after free in InterestGroups
* CVE-2026-11674: Use after free in Guest View
* CVE-2026-11675: Insufficient validation of untrusted input in Skia
* CVE-2026-11676: Insufficient validation of untrusted input in Dawn
* CVE-2026-11677: Race in Network
* CVE-2026-11678: Integer overflow in libyuv
* CVE-2026-11679: Use after free in Codecs
* CVE-2026-11680: Use after free in Media
* CVE-2026-11681: Use after free in Ozone
* CVE-2026-11682: Insufficient validation of untrusted input in Views
* CVE-2026-11683: Use after free in WebCodecs
* CVE-2026-11684: Insufficient policy enforcement in Network
* CVE-2026-11685: Insufficient data validation in MediaCapture
* CVE-2026-11686: Insufficient validation of untrusted input in Dawn
* CVE-2026-11687: Use after free in Dawn
* CVE-2026-11688: Object lifecycle issue in SVG
* CVE-2026-11689: Insufficient validation of untrusted input in Passwords
* CVE-2026-11690: Out of bounds read and write in Media
* CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
* CVE-2026-11692: Use after free in Read Anything
* CVE-2026-11693: Inappropriate implementation in Plugins
* CVE-2026-11694: Use after free in ServiceWorker
* CVE-2026-11695: Inappropriate implementation in Passwords
* CVE-2026-11696: Uninitialized Use in Video
* CVE-2026-11697: Insufficient validation of untrusted input in UI
* CVE-2026-11698: Use after free in Bluetooth
* CVE-2026-11699: Use after free in Bluetooth
* CVE-2026-11700: Use after free in Tracing
* CVE-2026-11701: Insufficient validation of untrusted input in Guest View
- Refresh ppc64le patches
---
diff --git a/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch b/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
index 5bcf8a3..7a02ced 100644
--- a/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
+++ b/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
@@ -2,7 +2,7 @@ Index: chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/confi
===================================================================
--- /dev/null
+++ chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/config/aom_config.asm
-@@ -0,0 +1,101 @@
+@@ -0,0 +1,100 @@
+;
+; Copyright (c) 2026, Alliance for Open Media. All rights reserved.
+;
@@ -71,7 +71,6 @@ Index: chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/confi
+CONFIG_SHARED equ 0
+CONFIG_SIZE_LIMIT equ 1
+CONFIG_SPEED_STATS equ 0
-+CONFIG_SVT_AV1 equ 0
+CONFIG_TFLITE equ 0
+CONFIG_THREE_PASS equ 0
+CONFIG_TUNE_BUTTERAUGLI equ 0
@@ -120,13 +119,13 @@ Index: chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/confi
+ * PATENTS file, you can obtain it at www.aomedia.org/license/patent.
+ */
+#include "aom/aom_codec.h"
-+static const char* const cfg = "cmake ../source/libaom -G \"Unix Makefiles\" -DCMAKE_TOOLCHAIN_FILE=\"../source/libaom/build/cmake/toolchains/ppc-linux-gcc.cmake\" -DCONFIG_AV1_DECODER=0 -DCONFIG_AV1_ENCODER=1 -DCONFIG_SVT_AV1=0 -DCONFIG_AV1_HIGHBITDEPTH=0 -DCONFIG_AV1_TEMPORAL_DENOISING=0 -DCONFIG_QUANT_MATRIX=0 -DCONFIG_REALTIME_ONLY=1 -DCONFIG_DENOISE=0 -DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=16384 -DDECODE_WIDTH_LIMIT=16384";
++static const char* const cfg = "cmake ../source/libaom -G \"Unix Makefiles\" -DCMAKE_TOOLCHAIN_FILE=\"../source/libaom/cmake/toolchains/ppc-linux-gcc.cmake\" -DCONFIG_AV1_DECODER=0 -DCONFIG_AV1_ENCODER=1 -DCONFIG_AV1_HIGHBITDEPTH=0 -DCONFIG_AV1_TEMPORAL_DENOISING=0 -DCONFIG_QUANT_MATRIX=0 -DCONFIG_REALTIME_ONLY=1 -DCONFIG_DENOISE=0 -DCONFIG_SIZE_LIMIT=1 -DDECODE_HEIGHT_LIMIT=16384 -DDECODE_WIDTH_LIMIT=16384";
+const char *aom_codec_build_config(void) {return cfg;}
Index: chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/config/aom_config.h
===================================================================
--- /dev/null
+++ chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/config/aom_config.h
-@@ -0,0 +1,104 @@
+@@ -0,0 +1,103 @@
+/*
+ * Copyright (c) 2026, Alliance for Open Media. All rights reserved.
+ *
@@ -197,7 +196,6 @@ Index: chromium-149.0.7827.53/third_party/libaom/source/config/linux/ppc64/confi
+#define CONFIG_SHARED 0
+#define CONFIG_SIZE_LIMIT 1
+#define CONFIG_SPEED_STATS 0
-+#define CONFIG_SVT_AV1 0
+#define CONFIG_TFLITE 0
+#define CONFIG_THREE_PASS 0
+#define CONFIG_TUNE_BUTTERAUGLI 0
diff --git a/0001-third_party-libvpx-Disable-vsx-on-ppc64.patch b/0001-third_party-libvpx-Disable-vsx-on-ppc64.patch
new file mode 100644
index 0000000..0144749
--- /dev/null
+++ b/0001-third_party-libvpx-Disable-vsx-on-ppc64.patch
@@ -0,0 +1,31 @@
+Index: chromium-149.0.7827.53/third_party/libvpx/generate_gni.sh
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/generate_gni.sh
++++ chromium-149.0.7827.53/third_party/libvpx/generate_gni.sh
+@@ -407,6 +407,8 @@ x86_platforms="--enable-pic --as=yasm $D
+ # third_party\llvm-build\Release+Asserts\lib\clang\18\include\arm_sve.h(271,1):
+ # error: cannot mangle this built-in __SVInt8_t type yet
+ disable_sve="--disable-sve --disable-sve2"
++# VSX support is still broken upstream (causes artifacting in VP9 videos)
++disable_vsx="--disable-vsx"
+
+ gen_config_files linux/ia32 \
+ "--target=x86-linux-gcc ${all_platforms} ${x86_platforms}"
+@@ -424,7 +426,7 @@ gen_config_files linux/mipsel "--target=
+ gen_config_files linux/mips64el "--target=mips64-linux-gcc ${all_platforms}"
+ gen_config_files linux/loongarch \
+ "--target=loongarch64-linux-gcc ${all_platforms}"
+-gen_config_files linux/ppc64 "--target=ppc64le-linux-gcc ${all_platforms}"
++gen_config_files linux/ppc64 "--target=ppc64le-linux-gcc ${all_platforms} ${disable_vsx}"
+ gen_config_files linux/generic "--target=generic-gnu $HIGHBD ${all_platforms}"
+ gen_config_files win/arm64-highbd \
+ "--target=arm64-win64-vs15 ${all_platforms} ${HIGHBD} ${disable_sve}"
+@@ -484,7 +486,7 @@ gen_rtcd_header linux/arm64-highbd armv8
+ gen_rtcd_header linux/mipsel mipsel
+ gen_rtcd_header linux/mips64el mips64el
+ gen_rtcd_header linux/loongarch loongarch
+-gen_rtcd_header linux/ppc64 ppc
++gen_rtcd_header linux/ppc64 ppc "${disable_vsx}"
+ gen_rtcd_header linux/generic generic
+ gen_rtcd_header win/arm64-highbd armv8 "${require_neon} ${disable_sve}"
+ gen_rtcd_header win/ia32 x86 "${require_sse3}"
diff --git a/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch b/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
index 358582b..359a1ca 100644
--- a/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
+++ b/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
@@ -8,11 +8,11 @@ Subject: [PATCH] third_party/libvpx: Properly generate gni on ppc64
third_party/libvpx/generate_gni.sh | 10 ++++++++++
2 files changed, 12 insertions(+)
-Index: chromium-144.0.7559.59/third_party/libvpx/BUILD.gn
+Index: chromium-149.0.7827.53/third_party/libvpx/BUILD.gn
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/BUILD.gn
-+++ chromium-144.0.7559.59/third_party/libvpx/BUILD.gn
-@@ -297,6 +297,8 @@ if (current_cpu == "x86" || (current_cpu
+--- chromium-149.0.7827.53.orig/third_party/libvpx/BUILD.gn
++++ chromium-149.0.7827.53/third_party/libvpx/BUILD.gn
+@@ -294,6 +294,8 @@ if (current_cpu == "x86" || (current_cpu
} else if (current_cpu == "x64") {
deps = [ ":libvpx_x86_64_headers" ]
sources = libvpx_srcs_x86_64_avx512
diff --git a/0002-third_party-libvpx-Remove-bad-ppc64-config.patch b/0002-third_party-libvpx-Remove-bad-ppc64-config.patch
index ca43d3f..8501ac5 100644
--- a/0002-third_party-libvpx-Remove-bad-ppc64-config.patch
+++ b/0002-third_party-libvpx-Remove-bad-ppc64-config.patch
@@ -1,7 +1,6 @@
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h b/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h
-deleted file mode 100644
-index 4b367b1..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vp8_rtcd.h
+++ /dev/null
@@ -1,186 +0,0 @@
-/*
@@ -190,10 +189,9 @@ index 4b367b1..0000000
-#endif
-
-#endif // VP8_RTCD_H_
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h b/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h
-deleted file mode 100644
-index b3ab12b..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vp9_rtcd.h
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
@@ -309,10 +307,9 @@ index b3ab12b..0000000
-#endif
-
-#endif // VP9_RTCD_H_
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm b/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm
-deleted file mode 100644
-index f55178d..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.asm
+++ /dev/null
@@ -1,109 +0,0 @@
-@ This file was created from a .asm file
@@ -424,10 +421,9 @@ index f55178d..0000000
-.equ DECODE_WIDTH_LIMIT , 16384
-.equ DECODE_HEIGHT_LIMIT , 16384
- .section .note.GNU-stack,"",%progbits
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vpx_config.c b/third_party/libvpx/source/config/linux/ppc64/vpx_config.c
-deleted file mode 100644
-index 46ff848..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vpx_config.c
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vpx_config.c
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.c
+++ /dev/null
@@ -1,10 +0,0 @@
-/* Copyright (c) 2011 The WebM project authors. All Rights Reserved. */
@@ -440,10 +436,9 @@ index 46ff848..0000000
-#include "vpx/vpx_codec.h"
-static const char* const cfg = "--target=ppc64le-linux-gcc --enable-external-build --enable-postproc --enable-multi-res-encoding --enable-temporal-denoising --enable-vp9-temporal-denoising --disable-vp9-postproc --size-limit=16384x16384 --enable-realtime-only --disable-install-docs --disable-libyuv --enable-unit-tests";
-const char *vpx_codec_build_config(void) {return cfg;}
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vpx_config.h b/third_party/libvpx/source/config/linux/ppc64/vpx_config.h
-deleted file mode 100644
-index fa31289..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vpx_config.h
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vpx_config.h
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vpx_config.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/* Copyright (c) 2011 The WebM project authors. All Rights Reserved. */
@@ -564,10 +559,9 @@ index fa31289..0000000
-#define DECODE_WIDTH_LIMIT 16384
-#define DECODE_HEIGHT_LIMIT 16384
-#endif /* VPX_CONFIG_H */
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h b/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h
-deleted file mode 100644
-index d325dbd..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vpx_dsp_rtcd.h
+++ /dev/null
@@ -1,858 +0,0 @@
-/*
@@ -1428,10 +1422,9 @@ index d325dbd..0000000
-#endif
-
-#endif // VPX_DSP_RTCD_H_
-diff --git a/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h b/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h
-deleted file mode 100644
-index b01ed62..0000000
---- a/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h
+Index: chromium-149.0.7827.53/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/config/linux/ppc64/vpx_scale_rtcd.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
diff --git a/0003-third_party-libvpx-Add-ppc64-vsx-files.patch b/0003-third_party-libvpx-Add-ppc64-vsx-files.patch
new file mode 100644
index 0000000..d6d8393
--- /dev/null
+++ b/0003-third_party-libvpx-Add-ppc64-vsx-files.patch
@@ -0,0 +1,37 @@
+Index: chromium-149.0.7827.53/third_party/libvpx/libvpx_srcs.gni
+===================================================================
+--- chromium-149.0.7827.53.orig/third_party/libvpx/libvpx_srcs.gni
++++ chromium-149.0.7827.53/third_party/libvpx/libvpx_srcs.gni
+@@ -3958,6 +3958,7 @@ libvpx_srcs_generic = [
+ "//third_party/libvpx/source/libvpx/vp9/common/vp9_seg_common.c",
+ "//third_party/libvpx/source/libvpx/vp9/common/vp9_thread_common.c",
+ "//third_party/libvpx/source/libvpx/vp9/common/vp9_tile_common.c",
++ "//third_party/libvpx/source/libvpx/vp9/common/ppc/vp9_idct_vsx.c",
+ "//third_party/libvpx/source/libvpx/vp9/decoder/vp9_decodeframe.c",
+ "//third_party/libvpx/source/libvpx/vp9/decoder/vp9_decodemv.c",
+ "//third_party/libvpx/source/libvpx/vp9/decoder/vp9_decoder.c",
+@@ -3997,6 +3998,7 @@ libvpx_srcs_generic = [
+ "//third_party/libvpx/source/libvpx/vp9/encoder/vp9_tokenize.c",
+ "//third_party/libvpx/source/libvpx/vp9/encoder/vp9_tpl_model.c",
+ "//third_party/libvpx/source/libvpx/vp9/encoder/vp9_treewriter.c",
++ "//third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c",
+ "//third_party/libvpx/source/libvpx/vp9/vp9_cx_iface.c",
+ "//third_party/libvpx/source/libvpx/vp9/vp9_dx_iface.c",
+ "//third_party/libvpx/source/libvpx/vp9/vp9_iface_common.c",
+@@ -4026,6 +4028,16 @@ libvpx_srcs_generic = [
+ "//third_party/libvpx/source/libvpx/vpx_dsp/variance.c",
+ "//third_party/libvpx/source/libvpx/vpx_dsp/vpx_convolve.c",
+ "//third_party/libvpx/source/libvpx/vpx_dsp/vpx_dsp_rtcd.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/deblock_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/hadamard_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/intrapred_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/inv_txfm_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/sad_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/subtract_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/variance_vsx.c",
++ "//third_party/libvpx/source/libvpx/vpx_dsp/ppc/vpx_convolve_vsx.c",
+ "//third_party/libvpx/source/libvpx/vpx_mem/vpx_mem.c",
+ "//third_party/libvpx/source/libvpx/vpx_scale/generic/gen_scalers.c",
+ "//third_party/libvpx/source/libvpx/vpx_scale/generic/vpx_scale.c",
diff --git a/0004-third_party-libvpx-work-around-ambiguous-vsx.patch b/0004-third_party-libvpx-work-around-ambiguous-vsx.patch
index 9adceb3..39af90d 100644
--- a/0004-third_party-libvpx-work-around-ambiguous-vsx.patch
+++ b/0004-third_party-libvpx-work-around-ambiguous-vsx.patch
@@ -1,7 +1,7 @@
-Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c
+Index: chromium-149.0.7827.53/third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c
-+++ chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c
++++ chromium-149.0.7827.53/third_party/libvpx/source/libvpx/vp9/encoder/ppc/vp9_quantize_vsx.c
@@ -38,6 +38,28 @@ static INLINE int16x8_t vec_max_across(i
return vec_max(a, vec_perm(a, a, vec_perm16));
}
@@ -137,10 +137,10 @@ Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vp9/encoder/ppc/v
eob = vec_max(eob, vec_or(scan0, zero_coeff0));
eob2 = vec_max(vec_or(scan1, zero_coeff1), vec_or(scan2, zero_coeff2));
-Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c
+Index: chromium-149.0.7827.53/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c
-+++ chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c
++++ chromium-149.0.7827.53/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct32x32_vsx.c
@@ -15,6 +15,28 @@
#include "vpx_dsp/ppc/txfm_common_vsx.h"
#include "vpx_dsp/ppc/types_vsx.h"
@@ -255,10 +255,10 @@ Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vpx_dsp/ppc/fdct3
}
// Returns 1 if negative 0 if positive
-Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c
+Index: chromium-149.0.7827.53/third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c
-+++ chromium-144.0.7559.59/third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c
++++ chromium-149.0.7827.53/third_party/libvpx/source/libvpx/vpx_dsp/ppc/quantize_vsx.c
@@ -13,6 +13,28 @@
#include "./vpx_dsp_rtcd.h"
#include "vpx_dsp/ppc/types_vsx.h"
diff --git a/HACK-third_party-libvpx-use-generic-gnu.patch b/HACK-third_party-libvpx-use-generic-gnu.patch
index 215eb0d..f2277b9 100644
--- a/HACK-third_party-libvpx-use-generic-gnu.patch
+++ b/HACK-third_party-libvpx-use-generic-gnu.patch
@@ -1,21 +1,21 @@
-Index: chromium-144.0.7559.59/third_party/libvpx/generate_gni.sh
+Index: chromium-149.0.7827.53/third_party/libvpx/generate_gni.sh
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/generate_gni.sh
-+++ chromium-144.0.7559.59/third_party/libvpx/generate_gni.sh
-@@ -429,7 +429,7 @@ gen_config_files linux/mipsel "--target=
+--- chromium-149.0.7827.53.orig/third_party/libvpx/generate_gni.sh
++++ chromium-149.0.7827.53/third_party/libvpx/generate_gni.sh
+@@ -426,7 +426,7 @@ gen_config_files linux/mipsel "--target=
gen_config_files linux/mips64el "--target=mips64-linux-gcc ${all_platforms}"
gen_config_files linux/loongarch \
"--target=loongarch64-linux-gcc ${all_platforms}"
--gen_config_files linux/ppc64 "--target=ppc64le-linux-gcc ${all_platforms}"
-+gen_config_files linux/ppc64 "--target=generic-gnu $HIGHBD ${all_platforms}"
+-gen_config_files linux/ppc64 "--target=ppc64le-linux-gcc ${all_platforms} ${disable_vsx}"
++gen_config_files linux/ppc64 "--target=generic-gnu $HIGHBD ${all_platforms} ${disable_vsx}"
gen_config_files linux/generic "--target=generic-gnu $HIGHBD ${all_platforms}"
gen_config_files win/arm64-highbd \
"--target=arm64-win64-vs15 ${all_platforms} ${HIGHBD} ${disable_sve}"
-Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/build/make/rtcd.pl
+Index: chromium-149.0.7827.53/third_party/libvpx/source/libvpx/build/make/rtcd.pl
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/source/libvpx/build/make/rtcd.pl
-+++ chromium-144.0.7559.59/third_party/libvpx/source/libvpx/build/make/rtcd.pl
-@@ -527,8 +527,9 @@ if ($opts{arch} eq 'x86') {
+--- chromium-149.0.7827.53.orig/third_party/libvpx/source/libvpx/build/make/rtcd.pl
++++ chromium-149.0.7827.53/third_party/libvpx/source/libvpx/build/make/rtcd.pl
+@@ -525,8 +525,9 @@ if ($opts{arch} eq 'x86') {
}
arm;
} elsif ($opts{arch} =~ /^ppc/ ) {
@@ -27,11 +27,11 @@ Index: chromium-144.0.7559.59/third_party/libvpx/source/libvpx/build/make/rtcd.p
} elsif ($opts{arch} =~ /loongarch/ ) {
@ALL_ARCHS = filter(qw/lsx lasx/);
loongarch;
-Index: chromium-144.0.7559.59/third_party/libvpx/BUILD.gn
+Index: chromium-149.0.7827.53/third_party/libvpx/BUILD.gn
===================================================================
---- chromium-144.0.7559.59.orig/third_party/libvpx/BUILD.gn
-+++ chromium-144.0.7559.59/third_party/libvpx/BUILD.gn
-@@ -98,6 +98,14 @@ config("libvpx_config") {
+--- chromium-149.0.7827.53.orig/third_party/libvpx/BUILD.gn
++++ chromium-149.0.7827.53/third_party/libvpx/BUILD.gn
+@@ -95,6 +95,14 @@ config("libvpx_config") {
"-Wno-sign-compare",
]
}
diff --git a/chromium.spec b/chromium.spec
index fa9e59a..cb1696f 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -268,7 +268,7 @@
%endif
Name: chromium
-Version: 149.0.7827.53
+Version: 149.0.7827.102
Release: 1%{?dist}
Summary: A WebKit (Blink) powered web browser that Google doesn't want you to use
Url: http://www.chromium.org/Home
@@ -447,7 +447,8 @@ Patch361: 0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch
Patch376: 0001-third_party-angle-Include-missing-header-cstddef-in-.patch
Patch377: 0001-Add-PPC64-support-for-boringssl.patch
-Patch378: 0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
+Patch378: 0001-third_party-libvpx-Disable-vsx-on-ppc64.patch
+Patch379: 0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
Patch380: 0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch
Patch381: 0002-Add-PPC64-generated-files-for-boringssl.patch
Patch382: 0002-third_party-lss-kernel-structs.patch
@@ -1184,7 +1185,8 @@ Qt6 UI for chromium.
%patch -P361 -p1 -b .0001-sandbox-Enable-seccomp_bpf-for-ppc64
%patch -P376 -p1 -b .0001-third_party-angle-Include-missing-header-cstddef-in-
%patch -P377 -p1 -b .0001-Add-PPC64-support-for-boringssl
-%patch -P378 -p1 -b .0001-third_party-libvpx-Properly-generate-gni-on-ppc64
+%patch -P378 -p1 -b .0001-third_party-libvpx-Disable-vsx-on-ppc64
+%patch -P379 -p1 -b .0001-third_party-libvpx-Properly-generate-gni-on-ppc64
%patch -P380 -p1 -b .0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI
%patch -P381 -p1 -b .0002-Add-PPC64-generated-files-for-boringssl
%patch -P382 -p1 -b .0002-third_party-lss-kernel-structs
@@ -1908,6 +1910,84 @@ fi
%endif
%changelog
+* Tue Jun 09 2026 Than Ngo <than@redhat.com> - 149.0.7827.102-1
+- Update to 149.0.7827.102
+ * CVE-2026-11628: Use after free in Ozone
+ * CVE-2026-11629: Use after free in Ozone
+ * CVE-2026-11630: Use after free in File Input
+ * CVE-2026-11631: Use after free in Aura
+ * CVE-2026-11632: Use after free in TabStrip
+ * CVE-2026-11633: Use after free in Bluetooth
+ * CVE-2026-11634: Use after free in Gamepad
+ * CVE-2026-11635: Use after free in Bluetooth
+ * CVE-2026-11636: Use after free in Autofill
+ * CVE-2026-11637: Use after free in Views
+ * CVE-2026-11638: Use after free in Printing
+ * CVE-2026-11639: Use after free in Compositing
+ * CVE-2026-11640: Integer overflow in libyuv
+ * CVE-2026-11641: Use after free in Bluetooth
+ * CVE-2026-11642: Use after free in Web Apps
+ * CVE-2026-11643: Use after free in Proxy
+ * CVE-2026-11644: Use after free in Views
+ * CVE-2026-11645: Out of bounds memory access in V8
+ * CVE-2026-11646: Use after free in ViewTransitions
+ * CVE-2026-11647: Use after free in Printing
+ * CVE-2026-11648: Use after free in FullScreen
+ * CVE-2026-11649: Use after free in V8
+ * CVE-2026-11650: Use after free in V8
+ * CVE-2026-11651: Use after free in Network
+ * CVE-2026-11652: Use after free in Extensions
+ * CVE-2026-11653: Insufficient validation of untrusted input in Extensions
+ * CVE-2026-11654: Use after free in CameraCapture
+ * CVE-2026-11655: Integer overflow in Media
+ * CVE-2026-11656: Use after free in ServiceWorker
+ * CVE-2026-11657: Use after free in Payments
+ * CVE-2026-11658: Insufficient validation of untrusted input in Extensions
+ * CVE-2026-11659: Insufficient validation of untrusted input in UI
+ * CVE-2026-11660: Insufficient validation of untrusted input in New Tab Page
+ * CVE-2026-11661: Use after free in Views
+ * CVE-2026-11662: Type Confusion in Bindings
+ * CVE-2026-11663: Use after free in Skia
+ * CVE-2026-11664: Use after free in Payments
+ * CVE-2026-11665: Out of bounds read in Dawn
+ * CVE-2026-11666: Insufficient validation of untrusted input in Input
+ * CVE-2026-11667: Out of bounds read in WebRTC
+ * CVE-2026-11668: Uninitialized Use in Codecs
+ * CVE-2026-11669: Integer overflow in Media
+ * CVE-2026-11670: Use after free in PDF
+ * CVE-2026-11671: Use after free in Navigation
+ * CVE-2026-11672: Out of bounds write in GPU
+ * CVE-2026-11673: Use after free in InterestGroups
+ * CVE-2026-11674: Use after free in Guest View
+ * CVE-2026-11675: Insufficient validation of untrusted input in Skia
+ * CVE-2026-11676: Insufficient validation of untrusted input in Dawn
+ * CVE-2026-11677: Race in Network
+ * CVE-2026-11678: Integer overflow in libyuv
+ * CVE-2026-11679: Use after free in Codecs
+ * CVE-2026-11680: Use after free in Media
+ * CVE-2026-11681: Use after free in Ozone
+ * CVE-2026-11682: Insufficient validation of untrusted input in Views
+ * CVE-2026-11683: Use after free in WebCodecs
+ * CVE-2026-11684: Insufficient policy enforcement in Network
+ * CVE-2026-11685: Insufficient data validation in MediaCapture
+ * CVE-2026-11686: Insufficient validation of untrusted input in Dawn
+ * CVE-2026-11687: Use after free in Dawn
+ * CVE-2026-11688: Object lifecycle issue in SVG
+ * CVE-2026-11689: Insufficient validation of untrusted input in Passwords
+ * CVE-2026-11690: Out of bounds read and write in Media
+ * CVE-2026-11691: Insufficient validation of untrusted input in New Tab Page
+ * CVE-2026-11692: Use after free in Read Anything
+ * CVE-2026-11693: Inappropriate implementation in Plugins
+ * CVE-2026-11694: Use after free in ServiceWorker
+ * CVE-2026-11695: Inappropriate implementation in Passwords
+ * CVE-2026-11696: Uninitialized Use in Video
+ * CVE-2026-11697: Insufficient validation of untrusted input in UI
+ * CVE-2026-11698: Use after free in Bluetooth
+ * CVE-2026-11699: Use after free in Bluetooth
+ * CVE-2026-11700: Use after free in Tracing
+ * CVE-2026-11701: Insufficient validation of untrusted input in Guest View
+- Refresh ppc64le patches
+
* Fri Jun 05 2026 Than Ngo <than@redhat.com> - 149.0.7827.53-1
- Update to 149.0.7827.53
* CVE-2026-10881: Out of bounds read and write in ANGLE
diff --git a/sources b/sources
index 8c580bb..7b789b6 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
SHA512 (node-v22.22.0-stripped.tar.gz) = f32a8a73063b3c78cbacf941e11dd529ebcf2618b3ba661966312e49ee9870c43a3acf256e8d331a4b0b621b16a501810c02a3ad763c75884cc250addca8e106
-SHA512 (chromium-149.0.7827.53-clean.tar.xz) = 27499aa9f6adbaefabe5a61168157286c6fb3d53415a9b76bf7b6ce9a361621a6afd301e8a9d796a14ffc8cefc7d0bf3f660e4595013503ae09be077d24be230
+SHA512 (chromium-149.0.7827.102-clean.tar.xz) = 9d97852877cf7c124c3986f6db7e809f519ae685753ed125fcd903c2d26546b34ae8969df2a3a6079183c370d82379c9d0376d3a719b62f60c1fe35831a0d518
reply other threads:[~2026-06-09 16:49 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178102375032.1.9839144432813564608.rpms-chromium-a1c2293de67e@fedoraproject.org \
--to=than@than-thinkpadp1gen4i.stuttmso.csb \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox