* CVE-2019-5870: Use-after-free in media
* CVE-2019-5871: Heap overflow in Skia
* CVE-2019-5872: Use-after-free in Mojo
* CVE-2019-5874: External URIs may trigger other browsers
* CVE-2019-5875: URL bar spoof via download redirect
* CVE-2019-5876: Use-after-free in media
* CVE-2019-5877: Out-of-bounds access in V8
* CVE-2019-5878: Use-after-free in V8
* CVE-2019-5879: Extension can bypass same origin policy
* CVE-2019-5880: SameSite cookie bypass
* CVE-2019-5881: Arbitrary read in SwiftShader
* CVE-2019-13659: URL spoof
* CVE-2019-13660: Full screen notification overlap
* CVE-2019-13661: Full screen notification spoof
* CVE-2019-13662: CSP bypass
* CVE-2019-13663: IDN spoof
* CVE-2019-13664: CSRF bypass
* CVE-2019-13665: Multiple file download protection bypass
* CVE-2019-13666: Side channel using storage size estimate
* CVE-2019-13667: URI bar spoof when using external app URIs
* CVE-2019-13668: Global window leak via console
* CVE-2019-13669: HTTP authentication spoof
* CVE-2019-13670: V8 memory corruption in regex
* CVE-2019-13671: Dialog box fails to show origin
* CVE-2019-13673: Cross-origin information leak using devtools
* CVE-2019-13674: IDN spoofing
* CVE-2019-13675: Extensions can be disabled by trailing slash
* CVE-2019-13676: Google URI shown for certificate warning
* CVE-2019-13677: Chrome web store origin needs to be isolated
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1309
* CVE-2019-5870: Use-after-free in media
* CVE-2019-5871: Heap overflow in Skia
* CVE-2019-5872: Use-after-free in Mojo
* CVE-2019-5874: External URIs may trigger other browsers
* CVE-2019-5875: URL bar spoof via download redirect
* CVE-2019-5876: Use-after-free in media
* CVE-2019-5877: Out-of-bounds access in V8
* CVE-2019-5878: Use-after-free in V8
* CVE-2019-5879: Extension can bypass same origin policy
* CVE-2019-5880: SameSite cookie bypass
* CVE-2019-5881: Arbitrary read in SwiftShader
* CVE-2019-13659: URL spoof
* CVE-2019-13660: Full screen notification overlap
* CVE-2019-13661: Full screen notification spoof
* CVE-2019-13662: CSP bypass
* CVE-2019-13663: IDN spoof
* CVE-2019-13664: CSRF bypass
* CVE-2019-13665: Multiple file download protection bypass
* CVE-2019-13666: Side channel using storage size estimate
* CVE-2019-13667: URI bar spoof when using external app URIs
* CVE-2019-13668: Global window leak via console
* CVE-2019-13669: HTTP authentication spoof
* CVE-2019-13670: V8 memory corruption in regex
* CVE-2019-13671: Dialog box fails to show origin
* CVE-2019-13673: Cross-origin information leak using devtools
* CVE-2019-13674: IDN spoofing
* CVE-2019-13675: Extensions can be disabled by trailing slash
* CVE-2019-13676: Google URI shown for certificate warning
* CVE-2019-13677: Chrome web store origin needs to be isolated
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1309
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
* chromium-system-icu.patch
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
- Up to chromium-69.0.3497.12
- Add patch to fix aarch64 build:
* chromium-vpx-aarch64.patch
- Up to 69.0.3493.3
- Up to 69.0.3486.0
- Up to 69.0.3472.3
- Up to 69.0.3452.0
OBS-URL: https://build.opensuse.org/request/show/730294
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1308
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
* chromium-system-icu.patch
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
- Up to chromium-69.0.3497.12
- Add patch to fix aarch64 build:
* chromium-vpx-aarch64.patch
- Up to 69.0.3493.3
- Up to 69.0.3486.0
- Up to 69.0.3472.3
- Up to 69.0.3452.0
OBS-URL: https://build.opensuse.org/request/show/730294
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1308
* CVE-2019-5850: Use-after-free in offline page fetcher
* CVE-2019-5860: Use-after-free in PDFium
* CVE-2019-5853: Memory corruption in regexp length check
* CVE-2019-5851: Use-after-poison in offline audio context
* CVE-2019-5859: res: URIs can load alternative browsers
* CVE-2019-5856: Insufficient checks on filesystem: URI permissions
* CVE-2019-5855: Integer overflow in PDFium
* CVE-2019-5865: Site isolation bypass from compromised renderer
* CVE-2019-5858: Insufficient filtering of Open URL service parameters
* CVE-2019-5864: Insufficient port filtering in CORS for extensions
* CVE-2019-5862: AppCache not robust to compromised renderers
* CVE-2019-5861: Click location incorrectly checked
* CVE-2019-5857: Comparison of -0 and null yields crash
* CVE-2019-5854: Integer overflow in PDFium text rendering
* CVE-2019-5852: Object leak of utility functions
* Various fixes from internal audits, fuzzing and other initiatives
* Not affected:
+ CVE-2019-5863: Use-after-free in WebUSB on Windows
- Added patches:
* chromium-76-gcc-ambiguous-nodestructor.patch
* chromium-76-gcc-blink-constexpr.patch
* chromium-76-gcc-blink-namespace1.patch
* chromium-76-gcc-blink-namespace2.patch
* chromium-76-gcc-gl-init.patch
* chromium-76-gcc-include.patch
* chromium-76-gcc-noexcept.patch
* chromium-76-gcc-private.patch
* chromium-76-gcc-pure-virtual.patch
* chromium-76-gcc-uint32.patch
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1285
* CVE-2019-5850: Use-after-free in offline page fetcher
* CVE-2019-5860: Use-after-free in PDFium
* CVE-2019-5853: Memory corruption in regexp length check
* CVE-2019-5851: Use-after-poison in offline audio context
* CVE-2019-5859: res: URIs can load alternative browsers
* CVE-2019-5856: Insufficient checks on filesystem: URI permissions
* CVE-2019-5855: Integer overflow in PDFium
* CVE-2019-5865: Site isolation bypass from compromised renderer
* CVE-2019-5858: Insufficient filtering of Open URL service parameters
* CVE-2019-5864: Insufficient port filtering in CORS for extensions
* CVE-2019-5862: AppCache not robust to compromised renderers
* CVE-2019-5861: Click location incorrectly checked
* CVE-2019-5857: Comparison of -0 and null yields crash
* CVE-2019-5854: Integer overflow in PDFium text rendering
* CVE-2019-5852: Object leak of utility functions
* Various fixes from internal audits, fuzzing and other initiatives
* Not affected:
+ CVE-2019-5863: Use-after-free in WebUSB on Windows
- Added patches:
* chromium-76-gcc-ambiguous-nodestructor.patch
* chromium-76-gcc-blink-constexpr.patch
* chromium-76-gcc-blink-namespace1.patch
* chromium-76-gcc-blink-namespace2.patch
* chromium-76-gcc-gl-init.patch
* chromium-76-gcc-include.patch
* chromium-76-gcc-noexcept.patch
* chromium-76-gcc-private.patch
* chromium-76-gcc-pure-virtual.patch
* chromium-76-gcc-uint32.patch
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1285
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
* chromium-non-void-return.patch
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
* chromium-system-icu.patch
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
- Up to chromium-69.0.3497.12
- Add patch to fix aarch64 build:
* chromium-vpx-aarch64.patch
- Up to 69.0.3493.3
- Up to 69.0.3486.0
- Up to 69.0.3472.3
- Up to 69.0.3452.0
OBS-URL: https://build.opensuse.org/request/show/720533
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1284
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
* chromium-non-void-return.patch
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
* chromium-system-icu.patch
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
- Up to chromium-69.0.3497.12
- Add patch to fix aarch64 build:
* chromium-vpx-aarch64.patch
- Up to 69.0.3493.3
- Up to 69.0.3486.0
- Up to 69.0.3472.3
- Up to 69.0.3452.0
OBS-URL: https://build.opensuse.org/request/show/720533
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1284
