Bug 2246427

Summary: Using this package, the only way to stay relatively current with security patches is to use the rawhide build. All other builds, including from testing, are consistently behind.
Product: [Fedora] Fedora Reporter: pmquinn5
Component: chromiumAssignee: Than Ngo <than>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 39CC: pmquinn5, spotrh, than, tpopela, yaneti
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: chromium-118.0.5993.117-1.fc38 chromium-118.0.5993.117-1.fc37 chromium-118.0.5993.117-1.fc39 chromium-118.0.5993.117-1.el9 chromium-118.0.5993.117-1.el8 chromium-118.0.5993.117-1.el7 chromium-119.0.6045.159-2.fc39 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-11-23 11:10:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description pmquinn5 2023-10-26 18:26:11 UTC 
The stable and even the testing versions of this package consistently lag behind the latest patches. Other chromium based browsers and packages don't have this problem, including flatpak chromium builds, ungoogled-chromium, the chromium package for other distros, and Brave.

I understand that some testing is needed for each new build, and chromium releases new patches frequently, but the current model is leaving fedora users vulnerable.



Reproducible: Always

Steps to Reproduce:
1. Install chromium from the stable fedora repo
2. The version that gets installed lacks security patches
Actual Results:  
(As of 10/26/2023)
The installed version is 118.0.5993.70

Expected Results:  
(As of 10/26/2023)
The installed version should be 118.0.5993.117
Comment 1 Fedora Update System 2023-10-27 07:22:38 UTC 
FEDORA-2023-a9062a0411 has been submitted as an update to Fedora 38. https://bodhi.fedoraproject.org/updates/FEDORA-2023-a9062a0411
Comment 2 Fedora Update System 2023-10-27 07:22:44 UTC 
FEDORA-EPEL-2023-619e22a8fa has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-619e22a8fa
Comment 3 Fedora Update System 2023-10-27 07:22:50 UTC 
FEDORA-2023-0b39dc9302 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b39dc9302
Comment 4 Fedora Update System 2023-10-27 07:22:56 UTC 
FEDORA-2023-7f87c8b975 has been submitted as an update to Fedora 37. https://bodhi.fedoraproject.org/updates/FEDORA-2023-7f87c8b975
Comment 5 Fedora Update System 2023-10-27 07:23:02 UTC 
FEDORA-EPEL-2023-b475c743aa has been submitted as an update to Fedora EPEL 9. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b475c743aa
Comment 6 Fedora Update System 2023-10-27 07:23:08 UTC 
FEDORA-EPEL-2023-7d5cd32373 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7d5cd32373
Comment 7 Than Ngo 2023-10-27 13:28:18 UTC 
Please test and add Karma in https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b39dc9302

Thanks
Comment 8 Fedora Update System 2023-10-28 01:37:14 UTC 
FEDORA-EPEL-2023-b475c743aa has been pushed to the Fedora EPEL 9 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-b475c743aa

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 9 Fedora Update System 2023-10-28 01:40:08 UTC 
FEDORA-2023-a9062a0411 has been pushed to the Fedora 38 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-a9062a0411`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-a9062a0411

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 10 Fedora Update System 2023-10-28 01:54:04 UTC 
FEDORA-EPEL-2023-619e22a8fa has been pushed to the Fedora EPEL 8 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-619e22a8fa

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 11 Fedora Update System 2023-10-28 01:54:10 UTC 
FEDORA-2023-0b39dc9302 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-0b39dc9302`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-0b39dc9302

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 12 Fedora Update System 2023-10-28 02:04:27 UTC 
FEDORA-EPEL-2023-7d5cd32373 has been pushed to the Fedora EPEL 7 testing repository.

You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2023-7d5cd32373

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 13 Fedora Update System 2023-10-28 02:33:46 UTC 
FEDORA-2023-7f87c8b975 has been pushed to the Fedora 37 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-7f87c8b975`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-7f87c8b975

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 14 Fedora Update System 2023-10-29 01:33:57 UTC 
FEDORA-2023-a9062a0411 has been pushed to the Fedora 38 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 15 pmquinn5 2023-11-01 19:24:59 UTC 
This ticket should not have been closed. Fixing this one time does not constitute fixing the underlying issue. The underlying issue is that builds are not automatically kicked off and released for new stable chromium releases. At the very minimum, the rawhide build should automatically do this and so should currently be at 119.0.6045.105.
Comment 16 pmquinn5 2023-11-01 19:43:55 UTC 
It looks like this can still be used to get the latest stable version https://omahaproxy.appspot.com/linux
Comment 17 Than Ngo 2023-11-02 07:57:03 UTC 
fedora 39 should be ready on Tue 2023-11-07, until then it will not take any new packages update except packages with blockers.
Set state back to MODIFIED
Comment 18 Fedora Update System 2023-11-03 01:10:31 UTC 
FEDORA-2023-7f87c8b975 has been pushed to the Fedora 37 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 19 Fedora Update System 2023-11-03 18:48:01 UTC 
FEDORA-2023-0b39dc9302 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 20 Fedora Update System 2023-11-06 00:36:39 UTC 
FEDORA-EPEL-2023-b475c743aa has been pushed to the Fedora EPEL 9 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 21 Fedora Update System 2023-11-06 00:53:58 UTC 
FEDORA-EPEL-2023-619e22a8fa has been pushed to the Fedora EPEL 8 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 22 Fedora Update System 2023-11-06 01:25:16 UTC 
FEDORA-EPEL-2023-7d5cd32373 has been pushed to the Fedora EPEL 7 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 23 pmquinn5 2023-11-16 23:47:36 UTC 
It's not clear to me why this ticket keeps being closed. The issue is not resolved. If anything it's getting worse, as now even rawhide is behind the latest security release. All other major distributions are able to provide timely security updates for their users. For example:

OpenSUSE, already on 119.0.6045.159: https://software.opensuse.org/package/chromium
Debian, already on 119.0.6045.159: https://packages.debian.org/bookworm/chromium
Arch, already on 119.0.6045.159: https://archlinux.org/packages/extra/x86_64/chromium/
Flatpak, already on 119.0.6045.159: https://flathub.org/apps/org.chromium.Chromium
Ubuntu Snap, already on 119.0.6045.159: https://snapcraft.io/chromium

This ticket should not be closed until Fedora is pulling in new security patch versions immediately and/or is releasing them at parity with other major distros. Until then this ticket is not resolved and should not be closed.
Comment 24 pmquinn5 2023-11-16 23:53:20 UTC 
Reopening per above
Comment 25 Fedora Update System 2023-11-17 22:23:32 UTC 
FEDORA-2023-9425bb0115 has been submitted as an update to Fedora 39. https://bodhi.fedoraproject.org/updates/FEDORA-2023-9425bb0115
Comment 26 Fedora Update System 2023-11-18 02:41:57 UTC 
FEDORA-2023-9425bb0115 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-9425bb0115`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-9425bb0115

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 27 pmquinn5 2023-11-18 05:57:28 UTC 
Why was this ticket moved to QA? Again, iterating the build as a one-off doesn't solve the underlying issue. This ticket should be used to track pipeline changes needed to consistently deliver more timely security patches. Individual security patch builds are not related to this ticket and should not be attached to this ticket.
Comment 28 Fedora Update System 2023-11-21 02:30:16 UTC 
FEDORA-2023-9425bb0115 has been pushed to the Fedora 39 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2023-9425bb0115`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2023-9425bb0115

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Comment 29 Fedora Update System 2023-11-23 01:24:07 UTC 
FEDORA-2023-9425bb0115 has been pushed to the Fedora 39 stable repository.
If problem still persists, please make note of it in this bug report.
Comment 30 pmquinn5 2023-11-23 01:30:38 UTC 
Reopening this once more and reiterating my comment from above:

"Why was this ticket moved to QA? Again, iterating the build as a one-off doesn't solve the underlying issue. This ticket should be used to track pipeline changes needed to consistently deliver more timely security patches. Individual security patch builds are not related to this ticket and should not be attached to this ticket."
Comment 31 Than Ngo 2023-11-23 11:10:55 UTC 
Unfortunately it is not possible to deliver chromium update in a timely manner. We need at least 1 to 2 days to build the package after chromium source is released.
The build for rawhide will be available immediately in rawhide tree while the other builds have to go through fedora update process.

The package will be in testing for at least a week before going to stable. It can go to stable faster if the user tests immediately and grants positive karma.
Therefore i recommend every user to test the update as soon as possible and to grant positive karma so that it can go stable quickly.

It is my intention to close this bug because it makes absolutely no sense. Please do no reopen it again!

Thanks