CVS commit: pkgsrc/www/chromium

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/chromium
From: "Robert Bagdan" <kikadf%netbsd.org@localhost>
Date: Sat, 20 Jun 2026 13:34:26 +0000

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Sat Jun 20 13:34:26 UTC 2026

Modified Files:
        pkgsrc/www/chromium: Makefile distinfo options.mk

Log Message:
chromium: update to 149.0.7827.155

* 149.0.7827.155
This update includes 33 security fixes. Below, we highlight fixes
that were contributed by external researchers.
Please see the Chrome Security Page for more information.

[N/A][516496659] Critical CVE-2026-12437: Use after free in WebShare. Reported by Google on 2026-05-25
[N/A][516947912] Critical CVE-2026-12438: Inappropriate implementation in WebView. Reported by Google on 2026-05-27
[N/A][519728275] Critical CVE-2026-12439: Use after free in Digital Credentials. Reported by Google on 2026-06-03
[N/A][519731619] Critical CVE-2026-12440: Use after free in DigitalCredentials. Reported by Google on 2026-06-03
[N/A][520157118] Critical CVE-2026-12441: Use after free in File Input. Reported by Google on 2026-06-05
[N/A][521950423] Critical CVE-2026-12442: Use after free in Passwords. Reported by Google on 2026-06-09
[N/A][522566295] Critical CVE-2026-12443: Use after free in Web Authentication. Reported by Google on 2026-06-11
[N/A][513160088] High CVE-2026-12444: Out of bounds read in Chromoting. Reported by Google on 2026-05-14
[N/A][513199795] High CVE-2026-12445: Use after free in Extensions. Reported by Google on 2026-05-14
[N/A][513313107] High CVE-2026-12446: Insufficient data validation in Passwords. Reported by Google on 2026-05-14
[N/A][513405023] High CVE-2026-12447: Heap buffer overflow in WebRTC. Reported by Google on 2026-05-15
[N/A][513458233] High CVE-2026-12448: Inappropriate implementation in WebView. Reported by Google on 2026-05-15
[N/A][513480539] High CVE-2026-12449: Use after free in Chromoting. Reported by Google on 2026-05-15
[N/A][514531776] High CVE-2026-12450: Inappropriate implementation in Media. Reported by Zhixin Tu on 2026-05-19
[N/A][514741076] High CVE-2026-12451: Use after free in DigitalCredentials. Reported by Google on 2026-05-19
[N/A][515462244] High CVE-2026-12452: Use after free in Downloads. Reported by Google on 2026-05-21
[N/A][516448843] High CVE-2026-12453: Insufficient validation of untrusted input in Input. Reported by Google on 2026-05-25
[N/A][516926968] High CVE-2026-12454: Race in Safe Browsing. Reported by Google on 2026-05-27
[N/A][517069848] High CVE-2026-12455: Use after free in Tab Strip. Reported by Google on 2026-05-27
[N/A][517124587] High CVE-2026-12456: Insufficient validation of untrusted input in Extensions. Reported by Google on 2026-05-27
[N/A][517153117] High CVE-2026-12457: Insufficient data validation in Extensions. Reported by Google on 2026-05-27
[N/A][517258337] High CVE-2026-12458: Incorrect security UI in Passwords. Reported by Google on 2026-05-27
[N/A][517406035] High CVE-2026-12459: Inappropriate implementation in Serial. Reported by Google on 2026-05-28
[N/A][517484284] High CVE-2026-12460: Insufficient policy enforcement in File System Access. Reported by Google on 2026-05-28
[N/A][517727318] High CVE-2026-12461: Out of bounds read in WebRTC. Reported by Google on 2026-05-29
[N/A][517916024] High CVE-2026-12462: Use after free in Media. Reported by Google on 2026-05-29
[N/A][518042749] High CVE-2026-12463: Inappropriate implementation in Views. Reported by Google on 2026-05-30
[N/A][519358344] High CVE-2026-12464: Use after free in Browser. Reported by Google on 2026-06-03
[N/A][520189702] High CVE-2026-12465: Insufficient validation of untrusted input in Metrics. Reported by Google on 2026-06-05
[N/A][520199394] High CVE-2026-12466: Heap buffer overflow in WebRTC. Reported by Google on 2026-06-05
[N/A][520202726] High CVE-2026-12467: Use after free in Extensions. Reported by Google on 2026-06-05
[N/A][521485244] High CVE-2026-12468: Inappropriate implementation in Updater. Reported by Google on 2026-06-08
[N/A][521618871] High CVE-2026-12469: Uninitialized Use in GPU. Reported by Google on 2026-06-09

* pkgsrc: make wayland support optional
  Fix build on NetBSD-10: disable wayland support with native X11_TYPE


To generate a diff of this commit:
cvs rdiff -u -r1.61 -r1.62 pkgsrc/www/chromium/Makefile
cvs rdiff -u -r1.46 -r1.47 pkgsrc/www/chromium/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/chromium/options.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/chromium/Makefile
diff -u pkgsrc/www/chromium/Makefile:1.61 pkgsrc/www/chromium/Makefile:1.62
--- pkgsrc/www/chromium/Makefile:1.61   Sat Jun 13 08:22:49 2026
+++ pkgsrc/www/chromium/Makefile        Sat Jun 20 13:34:25 2026
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.61 2026/06/13 08:22:49 kikadf Exp $
+# $NetBSD: Makefile,v 1.62 2026/06/20 13:34:25 kikadf Exp $
 
 DISTNAME=                      chromium-${VERSION}
-VERSION=                       149.0.7827.114
+VERSION=                       149.0.7827.155
 CATEGORIES=                    www
 MASTER_SITES=                  https://commondatastorage.googleapis.com/chromium-browser-official/
 EXTRACT_SUFX_C=                        .tar.xz
@@ -201,7 +201,6 @@ GN_ARGS+=   use_sysroot=false
 GN_ARGS+=      use_system_freetype=true
 GN_ARGS+=      use_system_harfbuzz=true
 GN_ARGS+=      use_system_libdrm=true
-GN_ARGS+=      use_system_libffi=true
 GN_ARGS+=      use_system_libjpeg=true #libjpeg-turbo
 GN_ARGS+=      use_thin_lto=false
 GN_ARGS+=      use_udev=true
@@ -390,14 +389,11 @@ do-install:
 .include "../../audio/speech-dispatcher/buildlink3.mk"
 .include "../../audio/speex/buildlink3.mk"
 .include "../../devel/dconf/buildlink3.mk"
-.include "../../devel/input-headers/buildlink3.mk"
 .include "../../devel/libepoll-shim/buildlink3.mk"
-.include "../../devel/libffi/buildlink3.mk"
 .include "../../devel/libudev-bsd/buildlink3.mk"
 .include "../../devel/libusb1/buildlink3.mk"
 .include "../../devel/nspr/buildlink3.mk"
 .include "../../devel/nss/buildlink3.mk"
-.include "../../devel/wayland/buildlink3.mk"
 .include "../../fonts/fontconfig/buildlink3.mk"
 .include "../../fonts/harfbuzz/buildlink3.mk"
 .include "../../graphics/cairo/buildlink3.mk"

Index: pkgsrc/www/chromium/distinfo
diff -u pkgsrc/www/chromium/distinfo:1.46 pkgsrc/www/chromium/distinfo:1.47
--- pkgsrc/www/chromium/distinfo:1.46   Sat Jun 13 08:22:49 2026
+++ pkgsrc/www/chromium/distinfo        Sat Jun 20 13:34:25 2026
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.46 2026/06/13 08:22:49 kikadf Exp $
+$NetBSD: distinfo,v 1.47 2026/06/20 13:34:25 kikadf Exp $
 
 BLAKE2s (Inflector-0.11.4.crate) = 2f8b4a805230be3b58267c7fb6b9c26c2ec966378d195673d1128a851cca515d
 SHA512 (Inflector-0.11.4.crate) = f1f6463e033b6d3c16c51dc1e1a3f5569954308b95b59058294b7f9310919bbda797e99e6a07529071bb83f0688867a243997d33795a7136b0af73977004296e
@@ -51,12 +51,12 @@ Size (cc-1.1.21.crate) = 83463 bytes
 BLAKE2s (cfg-if-1.0.0.crate) = fbb02f63b24cc224b045ff2aac3aefd0a77cf7b578df4d5f9da9517a59aaf9bb
 SHA512 (cfg-if-1.0.0.crate) = 0fb16a8882fd30e86b62c5143b1cb18ab564e84e75bd1f28fd12f24ffdc4a42e0d2e012a99abb606c12efe3c11061ff5bf8e24ab053e550ae083f7d90f6576ff
 Size (cfg-if-1.0.0.crate) = 7934 bytes
-BLAKE2s (chromium-149.0.7827.114-lite.tar.xz) = c3a3180df1a5aaa3137f269a386e0eec82e65c8e204b6457fe0f3cfb004e2b03
-SHA512 (chromium-149.0.7827.114-lite.tar.xz) = 805ccb7d7befb9afefcaf43fb473bc8054aeb2a3cad3da341d5cb3d7624d011ffd96fba8153d06d1afb15b95728338f4c7f1c236f7576508f3ed8b095364a83f
-Size (chromium-149.0.7827.114-lite.tar.xz) = 1610476084 bytes
-BLAKE2s (chromium-149.0.7827.114-testdata.tar.xz) = a835b212066285fa2b8e1c7ac5c1fa5812c4b9a249ad6357097e670b24366165
-SHA512 (chromium-149.0.7827.114-testdata.tar.xz) = 9c660aa1f673aab1b93343a4d16fd05bc3e818e348c415062f7a2baaca44a72fb53c81e2aa45a324c2e2c73a2295fd952d003baae8674ea3a3df8b483946d59b
-Size (chromium-149.0.7827.114-testdata.tar.xz) = 1314860504 bytes
+BLAKE2s (chromium-149.0.7827.155-lite.tar.xz) = b363a7656e35c057de8dd27d9069058802122614283bab56e15d7cf957a69716
+SHA512 (chromium-149.0.7827.155-lite.tar.xz) = 54acfe3adf3d3149c049660149cfa700dc0e3aeff59e37546ab8c1974b13eb6a1837edaf9c6cfab22f04de085865dff12bef2313e3ae6fa1f60e22bde9630c22
+Size (chromium-149.0.7827.155-lite.tar.xz) = 1610093724 bytes
+BLAKE2s (chromium-149.0.7827.155-testdata.tar.xz) = b88b76062349b25835b7279b07435b478d75bf7102a272e88a6aaeeee79b61e6
+SHA512 (chromium-149.0.7827.155-testdata.tar.xz) = 9f5586e1ed4ae8b1e7c447f21aad04e7b32cb947d3ac8d74ee5bec526aaaeb2884ddf7b119b3bf1889f150655e30f9789f02572a27aa70b56b41cf8aa1f5b84a
+Size (chromium-149.0.7827.155-testdata.tar.xz) = 1314813100 bytes
 BLAKE2s (convert_case-0.6.0.crate) = c65fc0970543af9611c565957751df80f31efa3aa7c4d8e5eac41712864a67d5
 SHA512 (convert_case-0.6.0.crate) = 3b17449195a9a36e3965db89eeb967979c192ad7743217ea08e8c8b91ecae1ac1674362d05dc6f32f1f361fface3f783398285bb78060403f65a777a9d29adf2
 Size (convert_case-0.6.0.crate) = 18675 bytes

Index: pkgsrc/www/chromium/options.mk
diff -u pkgsrc/www/chromium/options.mk:1.3 pkgsrc/www/chromium/options.mk:1.4
--- pkgsrc/www/chromium/options.mk:1.3  Mon Jul  7 09:23:23 2025
+++ pkgsrc/www/chromium/options.mk      Sat Jun 20 13:34:26 2026
@@ -1,9 +1,9 @@
-# $NetBSD: options.mk,v 1.3 2025/07/07 09:23:23 kikadf Exp $
+# $NetBSD: options.mk,v 1.4 2026/06/20 13:34:26 kikadf Exp $
 
 PKG_OPTIONS_VAR=               PKG_OPTIONS.chromium
 PKG_OPTIONS_REQUIRED_GROUPS=   audio
 PKG_OPTIONS_GROUP.audio=       alsa pulseaudio sunaudio
-PKG_SUPPORTED_OPTIONS+=                debug
+PKG_SUPPORTED_OPTIONS+=                debug wayland
 
 .if ${OPSYS} == "NetBSD"
 PKG_SUGGESTED_OPTIONS+=                sunaudio
@@ -11,6 +11,15 @@ PKG_SUGGESTED_OPTIONS+=              sunaudio
 PKG_SUGGESTED_OPTIONS+=                pulseaudio
 .endif
 
+.include "../../devel/wayland/platform.mk"
+.if ${PLATFORM_SUPPORTS_WAYLAND} == "yes"
+.  if ${OPSYS} == "NetBSD" && ${OPSYS_VERSION} < 110000 && ${X11_TYPE} == "native"
+# Need libdrm >= 2.4.116 for wayland support
+.  else
+PKG_SUGGESTED_OPTIONS+=        wayland
+.  endif
+.endif
+
 .include "../../mk/bsd.options.mk"
 
 .if !empty(PKG_OPTIONS:Msunaudio)
@@ -35,6 +44,15 @@ WITH_PA=     no
 GN_ARGS+=      use_pulseaudio=false
 .endif
 
+.if !empty(PKG_OPTIONS:Mwayland)
+GN_ARGS+=      use_system_libffi=true
+.include "../../devel/input-headers/buildlink3.mk"
+.include "../../devel/libffi/buildlink3.mk"
+.include "../../devel/wayland/buildlink3.mk"
+.else
+GN_ARGS+=      ozone_platform_wayland=false
+.endif
+
 .if !empty(PKG_OPTIONS:Mdebug)
 #BUILDTYPE=            Debug
 #GN_ARGS+=             is_debug=true

Prev by Date: CVS commit: pkgsrc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index