From 3f92896b062b853f7815d511595cea7a1fca9743f5f4878355520fe347d4a49a Mon Sep 17 00:00:00 2001
From: Andreas Stieger <Andreas.Stieger@gmx.de>
Date: Wed, 28 Jan 2026 14:36:51 +0100
Subject: [PATCH 1/6] update to 144.0.7559.109 (boo#1257404)

---
 chromium-144.0.7559.109-linux.tar.xz | 3 +++
 chromium-144.0.7559.96-linux.tar.xz  | 3 ---
 chromium.changes                     | 6 ++++++
 chromium.spec                        | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 chromium-144.0.7559.109-linux.tar.xz
 delete mode 100644 chromium-144.0.7559.96-linux.tar.xz

diff --git a/chromium-144.0.7559.109-linux.tar.xz b/chromium-144.0.7559.109-linux.tar.xz
new file mode 100644
index 0000000..53535be
--- /dev/null
+++ b/chromium-144.0.7559.109-linux.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:06c6bf558a17636070495d2d33117501c361c6984d71356188cdfae7d9ee8bc1
+size 1292530744
diff --git a/chromium-144.0.7559.96-linux.tar.xz b/chromium-144.0.7559.96-linux.tar.xz
deleted file mode 100644
index 095cff0..0000000
--- a/chromium-144.0.7559.96-linux.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6f7fbeaa5ef0b1b4c0ede631edb7365ae48602f587c3c3b65af874922d21a064
-size 1287892772
diff --git a/chromium.changes b/chromium.changes
index 0e45a35..bafa13c 100644
--- a/chromium.changes
+++ b/chromium.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Wed Jan 28 13:31:17 UTC 2026 - Andreas Stieger <andreas.stieger@gmx.de>
+
+- Chromium 144.0.7559.109 (boo#1257404)
+  * CVE-2026-1504: Inappropriate implementation in Background Fetch API
+
 -------------------------------------------------------------------
 Wed Jan 21 00:29:54 UTC 2026 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/chromium.spec b/chromium.spec
index 76c6c52..127fb68 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -124,7 +124,7 @@
 %global official_build 1
 
 Name:           chromium%{n_suffix}
-Version:        144.0.7559.96
+Version:        144.0.7559.109
 Release:        0
 Summary:        Google's open source browser project
 License:        BSD-3-Clause AND LGPL-2.1-or-later
-- 
2.51.1


From 1a594affdc8af56cf8f21d6456bcb19a4efa2591c18476b532bd685661d7a05a Mon Sep 17 00:00:00 2001
From: Ruediger Oertel <ro@suse.de>
Date: Thu, 29 Jan 2026 17:17:56 +0100
Subject: [PATCH 2/6] use nodejs-common

---
 chromium.changes | 5 +++++
 chromium.spec    | 8 +++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/chromium.changes b/chromium.changes
index bafa13c..f6c159c 100644
--- a/chromium.changes
+++ b/chromium.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Jan 29 16:12:49 UTC 2026 - Ruediger Oertel <ro@suse.com>
+
+- use nodejs-common and use the version from /usr/bin/node
+
 -------------------------------------------------------------------
 Wed Jan 28 13:31:17 UTC 2026 - Andreas Stieger <andreas.stieger@gmx.de>
 
diff --git a/chromium.spec b/chromium.spec
index 127fb68..3277bc0 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -62,9 +62,6 @@
 %bcond_without noopenh264
 %define ffmpeg_version 59
 %bcond_with system_zstd
-%define node_ver 22
-%define node_ver_next 23
-%define node_version %(rpm -q --qf "%%{version}" nodejs%{node_ver})
 # LLVM version
 %define llvm_version 19
 %define llvm_version_long 19.1.7
@@ -279,7 +276,7 @@ BuildRequires:  nasm
 BuildRequires:  ninja >= 1.7.2
 BuildRequires:  pam-devel
 BuildRequires:  pkgconfig
-BuildRequires:  (nodejs >= %node_ver.0 with nodejs < %node_ver_next.0)
+BuildRequires:  nodejs-common
 %if 0%{?suse_version} >= 1600
 BuildRequires:  python3
 BuildRequires:  python3-setuptools
@@ -550,7 +547,8 @@ popd
 mkdir -p third_party/node/linux/node-linux-x64/bin
 rm -f third_party/node/linux/node-linux-x64/bin/node
 ln -s %{_bindir}/node third_party/node/linux/node-linux-x64/bin/node
-sed -i -e "s@^NODE_VERSION=.*@NODE_VERSION=\"v%{node_version}\"@" third_party/node/update_node_binaries
+node_version=$(/usr/bin/node --version)
+sed -i -e "s@^NODE_VERSION=.*@NODE_VERSION=\"${node_version}\"@" third_party/node/update_node_binaries
 
 # python3
 mkdir -p $HOME/bin
-- 
2.51.1


From 7f77d390e9ed7521604d32785a4c1ebbbdcc9561f5ba2d071c1d6e739711c652 Mon Sep 17 00:00:00 2001
From: Ruediger Oertel <ro@suse.de>
Date: Thu, 29 Jan 2026 23:45:13 +0100
Subject: [PATCH 3/6] fix for nodejs

---
 chromium.changes | 2 ++
 chromium.spec    | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/chromium.changes b/chromium.changes
index f6c159c..1914963 100644
--- a/chromium.changes
+++ b/chromium.changes
@@ -2,6 +2,8 @@
 Thu Jan 29 16:12:49 UTC 2026 - Ruediger Oertel <ro@suse.com>
 
 - use nodejs-common and use the version from /usr/bin/node
+- but use nodejs22 for code15 (while nodejs-common still
+  points to nodejs14 there)
 
 -------------------------------------------------------------------
 Wed Jan 28 13:31:17 UTC 2026 - Andreas Stieger <andreas.stieger@gmx.de>
diff --git a/chromium.spec b/chromium.spec
index 3277bc0..dcf3ab4 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -276,7 +276,11 @@ BuildRequires:  nasm
 BuildRequires:  ninja >= 1.7.2
 BuildRequires:  pam-devel
 BuildRequires:  pkgconfig
+%if 0%{?suse_version} >= 1600
 BuildRequires:  nodejs-common
+%else
+BuildRequires:  nodejs22
+%endif
 %if 0%{?suse_version} >= 1600
 BuildRequires:  python3
 BuildRequires:  python3-setuptools
-- 
2.51.1


From 5fbcf9352945235b7db6a91777c8fc2401cb6bdf3e857845db4a4ab2d72d7e1e Mon Sep 17 00:00:00 2001
From: Ruediger Oertel <ro@suse.de>
Date: Wed, 4 Feb 2026 11:08:23 +0100
Subject: [PATCH 4/6] update to 144.0.7559.132

---
 chromium-134-revert-rust-adler2.patch | 54 ---------------------------
 chromium-144-rust-adler2.patch        | 11 ------
 chromium-144.0.7559.109-linux.tar.xz  |  3 --
 chromium-144.0.7559.132-linux.tar.xz  |  3 ++
 chromium.changes                      | 23 ++++++++++++
 chromium.spec                         | 37 +++++++-----------
 force-rust-nightly.patch              | 11 ++++++
 7 files changed, 50 insertions(+), 92 deletions(-)
 delete mode 100644 chromium-134-revert-rust-adler2.patch
 delete mode 100644 chromium-144-rust-adler2.patch
 delete mode 100644 chromium-144.0.7559.109-linux.tar.xz
 create mode 100644 chromium-144.0.7559.132-linux.tar.xz
 create mode 100644 force-rust-nightly.patch

diff --git a/chromium-134-revert-rust-adler2.patch b/chromium-134-revert-rust-adler2.patch
deleted file mode 100644
index 4f21e32..0000000
--- a/chromium-134-revert-rust-adler2.patch
+++ /dev/null
@@ -1,54 +0,0 @@
---- chromium-138.0.7180.2/build/rust/std/rules/BUILD.gn	2025/05/20 14:59:34	1.1
-+++ chromium-138.0.7180.2/build/rust/std/rules/BUILD.gn	2025/05/20 15:01:08
-@@ -75,23 +75,23 @@
-   output_dir =
-       "$root_out_dir/local_rustc_sysroot/lib/rustlib/$rust_abi_target/lib/"
- }
--cargo_crate("adler2") {
-+cargo_crate("adler") {
-   crate_type = "rlib"
--  crate_root = "//third_party/rust-toolchain/lib/rustlib/src/rust/library/vendor/adler2-2.0.0/src/lib.rs"
-+  crate_root = "//third_party/rust-toolchain/lib/rustlib/src/rust/library/vendor/adler-1.0.2/src/lib.rs"
-   enabled = !is_win
-   sources = [
--    "//third_party/rust-toolchain/lib/rustlib/src/rust/library/vendor/adler2-2.0.0/src/algo.rs",
--    "//third_party/rust-toolchain/lib/rustlib/src/rust/library/vendor/adler2-2.0.0/src/lib.rs",
-+    "//third_party/rust-toolchain/lib/rustlib/src/rust/library/vendor/adler-1.0.2/src/algo.rs",
-+    "//third_party/rust-toolchain/lib/rustlib/src/rust/library/vendor/adler-1.0.2/src/lib.rs",
-   ]
-   inputs = []
-   no_std = true
- 
-   # Unit tests skipped. Generate with --with-tests to include them.
-   build_native_rust_unit_tests = false
--  edition = "2021"
--  cargo_pkg_version = "2.0.0"
--  cargo_pkg_authors = "Jonas Schievink <jonasschievink@gmail.com>, oyvindln <oyvindln@users.noreply.github.com>"
--  cargo_pkg_name = "adler2"
-+  edition = "2015"
-+  cargo_pkg_version = "1.0.2"
-+  cargo_pkg_authors = "Jonas Schievink <jonasschievink@gmail.com>"
-+  cargo_pkg_name = "adler"
-   cargo_pkg_description =
-       "A simple clean-room implementation of the Adler-32 checksum"
-   library_configs -= [
-@@ -1719,7 +1719,7 @@
-   ]
-   if (!is_win) {
-     deps += [
--      ":adler2",
-+      ":adler",
-       ":compiler_builtins",
-       ":rustc_std_workspace_alloc",
-       ":rustc_std_workspace_core",
---- chromium-138.0.7180.2/build/rust/std/BUILD.gn	2025/05/20 15:09:01	1.1
-+++ chromium-138.0.7180.2/build/rust/std/BUILD.gn	2025/05/20 15:09:08
-@@ -50,7 +50,7 @@
-     # These are no longer present in the Windows toolchain.
-     stdlib_files += [
-       "addr2line",
--      "adler2",
-+      "adler",
-       "gimli",
-       "libc",
-       "memchr",
diff --git a/chromium-144-rust-adler2.patch b/chromium-144-rust-adler2.patch
deleted file mode 100644
index 1810672..0000000
--- a/chromium-144-rust-adler2.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- chromium-144.0.7524.0/build/rust/std/BUILD.gn	2025/11/17 13:27:46	1.1
-+++ chromium-144.0.7524.0/build/rust/std/BUILD.gn	2025/11/17 13:27:58
-@@ -58,7 +58,7 @@
-     if (rustc_nightly_capability) {
-       stdlib_files += [ "adler2" ]
-     } else {
--      stdlib_files += [ "adler" ]
-+      stdlib_files += [ "adler2" ]
-     }
-   }
- 
diff --git a/chromium-144.0.7559.109-linux.tar.xz b/chromium-144.0.7559.109-linux.tar.xz
deleted file mode 100644
index 53535be..0000000
--- a/chromium-144.0.7559.109-linux.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:06c6bf558a17636070495d2d33117501c361c6984d71356188cdfae7d9ee8bc1
-size 1292530744
diff --git a/chromium-144.0.7559.132-linux.tar.xz b/chromium-144.0.7559.132-linux.tar.xz
new file mode 100644
index 0000000..76cc455
--- /dev/null
+++ b/chromium-144.0.7559.132-linux.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1e297b698b3df258f84625ae444eb9020d881dff44a23aebaad8689cd7821a33
+size 1407032252
diff --git a/chromium.changes b/chromium.changes
index 1914963..807cbfc 100644
--- a/chromium.changes
+++ b/chromium.changes
@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Wed Feb  4 09:55:40 UTC 2026 - Ruediger Oertel <ro@suse.com>
+
+- Chromium 144.0.7559.132 (boo#1257650)
+  * CVE-2026-1861: Heap buffer overflow in libvpx in Google Chrome
+    prior to 144.0.7559.132 allowed a remote attacker to potentially
+    exploit heap corruption via a crafted HTML page.
+  * CVE-2026-1862: Type Confusion in V8 in Google Chrome prior to
+    144.0.7559.132 allowed a remote attacker to potentially exploit
+    heap corruption via a crafted HTML page.
+- removed patches:
+  * chromium-134-revert-rust-adler2.patch
+  * chromium-144-rust-adler2.patch
+    (obsolete, automatic if rust_nightly is set properly)
+- added patches:
+  * force-rust-nightly.patch
+- try rust1.93 for tumbleweed, 1.92 for older
+- gn flags:
+  add toolchain_supports_rust_thin_lto=false to be able to build
+  with a llvm older than the one vendored in rust
+- use llvm21 for tumbleweed
+- drop qt5 parts from spec, not used
+
 -------------------------------------------------------------------
 Thu Jan 29 16:12:49 UTC 2026 - Ruediger Oertel <ro@suse.com>
 
diff --git a/chromium.spec b/chromium.spec
index dcf3ab4..56ce204 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -28,10 +28,8 @@
 # suse_version 1699 tw
 %if 0%{?suse_version} >= 1600 || 0%{?sle_version} >= 150400
 %bcond_without gtk4
-%bcond_without qt5
 %else
 %bcond_with gtk4
-%bcond_with qt5
 %endif
 %ifarch aarch64 ppc64le riscv64
 # ERROR Unresolved dependencies.
@@ -62,11 +60,19 @@
 %bcond_without noopenh264
 %define ffmpeg_version 59
 %bcond_with system_zstd
+%if 0%{?suse_version} > 1600
+# LLVM version
+%define llvm_version 21
+%define llvm_version_long 21.1.8
+# RUST version
+%define rust_version 1.93
+%else
 # LLVM version
 %define llvm_version 19
 %define llvm_version_long 19.1.7
 # RUST version
-%define rust_version 1.86
+%define rust_version 1.92
+%endif
 # GCC version
 %define gcc_version 14
 # esbuild version
@@ -178,6 +184,7 @@ Patch386:       chromium-143-libpng-unbundle.patch
 Patch387:       chromium-143-cookie_string_view.patch
 Patch389:       chromium-143-revert_rust_is_multiple_of.patch
 Patch390:       chromium-144-revert_gfx_value_or.patch
+Patch393:       force-rust-nightly.patch
 # conditionally applied patches ppc64le only
 Patch401:       ppc-fedora-add-ppc64-architecture-string.patch
 Patch402:       ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch
@@ -242,10 +249,6 @@ Patch460:       ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.pa
 Patch1010:      chromium-124-system-libxml.patch
 # patch where libxml < 2.13
 Patch1011:      chromium-144-revert-libxml-2.13.patch
-# patch where rust = 1.85
-Patch1030:      chromium-134-revert-rust-adler2.patch
-# patch where rust = 1.86
-Patch1031:      chromium-144-rust-adler2.patch
 # gtk4 is too old
 Patch1040:      gtk-414.patch
 Patch1041:      gtk-414-2.patch
@@ -438,11 +441,6 @@ BuildRequires:  pkgconfig(libavutil)
 BuildRequires:  pkgconfig(libavif)
 BuildRequires:  pkgconfig(libyuv)
 %endif
-%if %{with qt5}
-BuildRequires:  pkgconfig(Qt5Core)
-BuildRequires:  pkgconfig(Qt5Gui)
-BuildRequires:  pkgconfig(Qt5Widgets)
-%endif
 %if %{with qt6}
 BuildRequires:  pkgconfig(Qt6Core)
 BuildRequires:  pkgconfig(Qt6Gui)
@@ -515,14 +513,6 @@ WebDriver is an open source tool for automated testing of webapps across many br
 %patch -p1 -P 1011
 %endif
 
-%if "%{?rust_version}" == "1.85"
-%patch -p1 -P 1030
-%endif
-
-%if "%{?rust_version}" == "1.86"
-%patch -p1 -P 1031
-%endif
-
 %if %{without gtk4_4_19}
 %patch -p1 -R -P 1041
 %patch -p1 -R -P 1040
@@ -1088,11 +1078,7 @@ myconf_gn+=" safe_browsing_use_unrar=false"
 %if %{with gtk4}
 myconf_gn+=" gtk_version=4"
 %endif
-%if %{without qt5}
 myconf_gn+=" use_qt5=false"
-%else
-myconf_gn+=" moc_qt5_path=\"%{_libqt5_bindir}\""
-%endif
 %if %{with qt6}
 myconf_gn+=" use_qt6=true"
 myconf_gn+=" moc_qt6_path=\"%{?_qt6_libexecdir}\""
@@ -1144,6 +1130,9 @@ myconf_gn+=" google_api_key=\"${google_api_key}\""
 if [ "$clang_version" -lt 20 ] ; then
 myconf_gn+=" clang_warning_suppression_file=\"\""
 fi
+if [ "$clang_version" -lt 21 ] ; then
+myconf_gn+=" toolchain_supports_rust_thin_lto=false"
+fi
 myconf_gn+=" chrome_pgo_phase=0"
 
 # GN does not support passing cflags:
diff --git a/force-rust-nightly.patch b/force-rust-nightly.patch
new file mode 100644
index 0000000..fc61190
--- /dev/null
+++ b/force-rust-nightly.patch
@@ -0,0 +1,11 @@
+--- a/build/config/rust.gni
++++ b/build/config/rust.gni
+@@ -112,7 +112,7 @@ use_chromium_rust_toolchain = rust_sysro
+ # `rustc_nightly_capability = false` will make the build avoid the use of
+ # Rust nightly features. There are no bots that test this and there is no
+ # guarantee it will work, but we accept patches for this configuration.
+-rustc_nightly_capability = use_chromium_rust_toolchain
++rustc_nightly_capability = true
+ 
+ # Platform support for the Rust toolchain.
+ chromium_toolchain_supports_platform = !is_wasm
-- 
2.51.1


From f98d6401681bf5794a3e5a192532713af4f31ca6ea738c3221cb310f74521c8b Mon Sep 17 00:00:00 2001
From: Ruediger Oertel <ro@suse.de>
Date: Wed, 4 Feb 2026 11:28:05 +0100
Subject: [PATCH 5/6] fix version line

---
 chromium.spec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chromium.spec b/chromium.spec
index 56ce204..6d0192d 100644
--- a/chromium.spec
+++ b/chromium.spec
@@ -127,7 +127,7 @@
 %global official_build 1
 
 Name:           chromium%{n_suffix}
-Version:        144.0.7559.109
+Version:        144.0.7559.132
 Release:        0
 Summary:        Google's open source browser project
 License:        BSD-3-Clause AND LGPL-2.1-or-later
-- 
2.51.1


From ff3414e963a0c31f77d2972e2e713427db98c2f42f186dbd0c25b5d0ef8664ff Mon Sep 17 00:00:00 2001
From: Ruediger Oertel <ro@suse.de>
Date: Wed, 4 Feb 2026 23:48:31 +0100
Subject: [PATCH 6/6] use upstream tarball

---
 chromium-144.0.7559.132-linux.tar.xz | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chromium-144.0.7559.132-linux.tar.xz b/chromium-144.0.7559.132-linux.tar.xz
index 76cc455..4c60232 100644
--- a/chromium-144.0.7559.132-linux.tar.xz
+++ b/chromium-144.0.7559.132-linux.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:1e297b698b3df258f84625ae444eb9020d881dff44a23aebaad8689cd7821a33
-size 1407032252
+oid sha256:41cc60391836575f4a40ffd576f647c0b9105219acb494e739c9ea2c66f5ddb9
+size 1292631752
-- 
2.51.1