* High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
* High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
* High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
* Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
* Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
* Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre (NCSC) on 2017-11-30
* Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
* Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
* Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
* Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
* Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
* Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
* Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
* Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
* Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
* Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
* Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
* Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05
* Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
* Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
* Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
* Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
* Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
* Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
- Add patches:
* chromium-angle.patch
* chromium-memcpy.patch
- Drop patch:
* chromium-gcc.patch
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1079
- Up to 64.0.3282.119
- Up to 64.0.3282.85
- Up to 64.0.3282.71
- Add patch to build with gcc chromium-angle.patch
- Bumpy to 64.0.3282.39
- Explicitely describe what ozone parts we want
- Bump to 64.0.3282.24
- Enable system icu again
- Tweak the deps to match current setup
- Add patch chromium-memcpy.patch
- Minimize desktop name to not take so much space
- Bumpyty to 64.0.3282.14
- Bumpy to 64.0.3278.0
- Drop chromium-64.0.3253.3-gpu_lists_version.h.patch
- Drop chromium-gcc.patch
- Up to 64.0.3269.3
- Add patch chromium-non-void-return.patch
- Add patch chromium-64.0.3253.3-gpu_lists_version.h.patch
- Bump to 64.0.3253.3
OBS-URL: https://build.opensuse.org/request/show/569452
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1078
* Critical CVE-2017-15407: Out of bounds write in QUIC.
* High CVE-2017-15408: Heap buffer overflow in PDFium.
* High CVE-2017-15409: Out of bounds write in Skia.
* High CVE-2017-15410: Use after free in PDFium.
* High CVE-2017-15411: Use after free in PDFium.
* High CVE-2017-15412: Use after free in libXML.
* High CVE-2017-15413: Type confusion in WebAssembly.
* Medium CVE-2017-15415: Pointer information disclosure in IPC call.
* Medium CVE-2017-15416: Out of bounds read in Blink.
* Medium CVE-2017-15417: Cross origin information disclosure in Skia.
* Medium CVE-2017-15418: Use of uninitialized value in Skia.
* Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink.
* Medium CVE-2017-15420: URL spoofing in Omnibox.
* Medium CVE-2017-15422: Integer overflow in ICU.
* Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
* Low CVE-2017-15424: URL Spoof in Omnibox.
* Low CVE-2017-15425: URL Spoof in Omnibox.
* Low CVE-2017-15426: URL Spoof in Omnibox.
* Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
- Rebase fix-gn-bootstrap.diff
- Drop merged patches:
* chromium-gcc5.patch
* chromium-60.0.3112.113-breakpad-ucontext.patch
* chromium-62.0.3202.62-correct-cplusplus-check.patch
- Add new patches:
* chromium-non-void-return.patch
* chromium-gcc.patch
- Version update to 62.0.3202.89 bsc#1066851:
* CVE-2017-15398: Stack buffer overflow in QUIC
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1071
- Bump to 63.0.3239.84
- Up to 63.0.3239.70
- Up to 63.0.3239.52
- Add patch to make gcc parsing happy:
* chromium-non-void-return.patch
- Add patch to build with gcc:
* chromium-gcc.patch
- Fix the tarball unpacking to unroll all the required content
- Update to 63.0.3239.30
- Drop patch chromium-60.0.3112.113-breakpad-ucontext.patch
- Drop patch chromium-sysroot.patch
- Bump to 63.0.3236.0
- Bump to 63.0.3230.0
- Update to 63.0.3223.8
- Rebase fix-gn-boostrap.diff
- Remove chromium-gcc5.patch
- Bump to 63.0.3218.0
- Rebase fix-gn-bootstrap.diff
- Add chromium-sysroot.patch
- Version update to 62.0.3202.18
- Update to latest
- Switch to system libxml again
- Add more folders to be kept in archive
- Build with gcc6 on leap as we now require --stdc-14
OBS-URL: https://build.opensuse.org/request/show/554955
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1070
* CVE-2017-5124: UXSS with MHTML.
* CVE-2017-5125: Heap overflow in Skia.
* CVE-2017-5126: Use after free in PDFium.
* CVE-2017-5127: Use after free in PDFium.
* CVE-2017-5128: Heap overflow in WebGL.
* CVE-2017-5129: Use after free in WebAudio.
* CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
* CVE-2017-5130: Heap overflow in libxml2.
* CVE-2017-5131: Out of bounds write in Skia.
* CVE-2017-5133: Out of bounds write in Skia.
* CVE-2017-15386: UI spoofing in Blink.
* CVE-2017-15387: Content security bypass.
* CVE-2017-15388: Out of bounds read in Skia.
* CVE-2017-15389: URL spoofing in OmniBox.
* CVE-2017-15390: URL spoofing in OmniBox.
* CVE-2017-15391: Extension limitation bypass in Extensions.
* CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
* CVE-2017-15393: Referrer leak in Devtools.
* CVE-2017-15394: URL spoofing in extensions UI.
* CVE-2017-15395: Null pointer dereference in ImageCapture.
- Drop unused patches:
* chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
* chromium-atk.patch
* chromium-mojo-dep.patch
* gcc60-fixes.diff
* chromium-gcc5.patch
* chromium-prop-codecs.patch
* exclude_ymp.diff
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1050
- Bump to 62.0.3202.62
- Bump to 62.0.3202.52
- Bump to 62.0.3202.45
- Bump to 62.0.3202.38
- Version update to 62.0.3202.29
- Version update to 62.0.3202.18
- Update to latest
- Switch to system libxml again
- Add more folders to be kept in archive
- Build with gcc6 on leap as we now require --stdc-14
- Add patch to build with new glibc:
* chromium-60.0.3112.113-breakpad-ucontext.patch
- Bump to 62.0.3198.0:
- Bump to 62.0.3192.0
- Rebase patch chromium-prop-codecs.patch
- Bump to 62.0.3188.2
- Rebase fix-gn-bootstrap.diff
- Remove arm patches as we exclude it for now:
* arm-webrtc-fix.patch
OBS-URL: https://build.opensuse.org/request/show/535086
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1049
* CVE-2017-5111: Use after free in PDFium.
* CVE-2017-5112: Heap buffer overflow in WebGL.
* CVE-2017-5113: Heap buffer overflow in Skia.
* CVE-2017-5114: Memory lifecycle issue in PDFium.
* CVE-2017-5115: Type confusion in V8.
* CVE-2017-5116: Type confusion in V8.
* CVE-2017-5117: Use of uninitialized value in Skia.
* CVE-2017-5118: Bypass of Content Security Policy in Blink.
* CVE-2017-5119: Use of uninitialized value in Skia.
* CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
- Rebase patch:
* fix-gn-bootstrap.diff
- Remove patches:
* chromium-gcc7.patch
* chromium-override.patch
- Add new patches:
* chromium-atk.patch
* chromium-mojo-dep.patch
- Gtk3 is hard required from now on
- Version some of the required dependencies
- fix build with Factory glibc:
add chromium-60.0.3112.113-breakpad-ucontext.patch
- Version update to 60.0.3112.113:
* Various bugfixes
- Version update to 60.0.3112.101:
* various usability bugfixes
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1042
- Use gcc6 on leap
- Bump to 61.0.3163.79
- Add patch to build with older gcc:
* chromium-gcc5.patch
- Bump to 61.0.3163.71
- Add patch chromium-60.0.3112.113-breakpad-ucontext.patch to fix
build with new glibc
- Bump to 61.0.3163.59
- Bump to 61.0.3163.49
- Bump to 61.0.3163.39
- Add patch to fix atk build chromium-atk.patch
- Add patch to fix mojo deps chromium-mojo-dep.patch
- Bump to 61.0.3163.31
- Remove condition for gtk3, hard on from now on
- Bump version requirement on nodejs
- Bump to 61.0.3163.13
- Rebase fix-gn-bootstrap.diff
- Refresh patches:
* gcc60-fixes.diff
- Bump to 61.0.3159.5
- Use system libcxx
OBS-URL: https://build.opensuse.org/request/show/522990
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1041
- Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch
- Rebase patches:
* chromium-dma-buf.patch
* chromium-gcc7.patch
* chromium-last-commit-position-r0.patch
* fix-gn-bootstrap.diff
- Recommend emoji fonts to make sure major web chats do not show
questionmarks
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1032
* CVE-2017-5091: Use after free in IndexedDB
* CVE-2017-5092: Use after free in PPAPI
* CVE-2017-5093: UI spoofing in Blink
* CVE-2017-5094: Type confusion in extensions
* CVE-2017-5095: Out-of-bounds write in PDFium
* CVE-2017-5096: User information leak via Android intents
* CVE-2017-5097: Out-of-bounds read in Skia
* CVE-2017-5098: Use after free in V8
* CVE-2017-5099: Out-of-bounds write in PPAPI
* CVE-2017-5100: Use after free in Chrome Apps
* CVE-2017-5101: URL spoofing in OmniBox
* CVE-2017-5102: Uninitialized use in Skia
* CVE-2017-5103: Uninitialized use in Skia
* CVE-2017-5104: UI spoofing in browser
* CVE-2017-7000: Pointer disclosure in SQLite
* CVE-2017-5105: URL spoofing in OmniBox
* CVE-2017-5106: URL spoofing in OmniBox
* CVE-2017-5107: User information leak via SVG
* CVE-2017-5108: Type confusion in PDFium
* CVE-2017-5109: UI spoofing in browser
* CVE-2017-5110: UI spoofing in payments dialog
* Various fixes from internal audits, fuzzing and other initiatives
------------------------------------------------------------------
- Update to 59.0.3071.115:
* Various small fixes all around
- Update to 59.0.3071.109:
* ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
* Fixing mouse focus on WebView
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1031
- Version bump to 60.0.3112.78
- Recommend emoji fonts to make sure major web chats do not show
questionmarks
- Bump to 60.0.3112.72
- Bump to 60.0.3112.66
- Version update to 60.0.3112.50
- Bump to 60.0.3112.40
- Version bump to 60.0.3112.32
- Bump to 60.0.3112.24
- Update to 60.0.3112.20
- Drop patch chromium-system-icu.patch
* Use bundled icu as system is unbuildable at the moment
- Bump to 60.0.3112.7
- Add patch for gcc7 chromium-gcc7.patch
- Add patch to build with gcc chromium-override.patch
- Add patch to build with system icu 59 chromium-system-icu.patch
- Update to upstream 60.0.3112.7
* Refresh patch fix-gn-bootstrap.diff
- Remove upstream merged chromium-system-harfbuzz.patch
- Update 60.0.3107.4
- Refresh patch chromium-last-commit-position-r0.patch
OBS-URL: https://build.opensuse.org/request/show/512657
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1030
* CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
* CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
* CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
* CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
* CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
* CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
* CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
* CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
* CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
* CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
* CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
* CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
* CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
* CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
* CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
* CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- Add patch to fix build with system dma:
* chromium-dma-buf.patch
- Drop no longer needed patches:
* chromium-linker-memory.patch
* chromium-system-jinja-r13.patch
- Refresh patches:
* chromium-gcc7.patch
* chromium-system-ffmpeg-r3.patch
* fix-gn-bootstrap.diff
- Use bundled libxml
* Upstream unfortunately uses git snapshot that is not api/abi compatible
- Add patch for fpermissive build error:
- Version update to 58.0.3029.110:
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1021
- Add patch to build with fpermissive:
- Update to 59.0.3071.83
- Version update to chromium-59.0.3071.71
- Update to 59.0.3071.61
- Version bump to 59.0.3071.47
- Update to 59.0.3071.36
- Use bundled libxml (they have git snapshot :/)
- Add more bundled folders
- Also drop patch chromium-system-jinja-r13.patch
- Bump to 59.0.3071.29
- Refresh patch chromium-system-ffmpeg-r3.patch
- Delete patch chromium-system-libjpeg.patch
- Update to 59.0.3071.15
- Drop exif dep, unused
- Pass no-clean option to bootstrap.py for debugging purposes
- Version update to 59.0.3071.9
- Update to 59.0.3067.0
- Sort out the harfbuzz bundling conditional to be together with minizip
OBS-URL: https://build.opensuse.org/request/show/501294
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1020
* High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
* High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
* High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
* Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
* Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
* Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
* Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
* Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
* Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
* Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu
* Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
* Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
- Refresh patch fix-gn-bootstrap.diff
- Refresh patch chromium-system-jinja-r13.patch
- Remove obsolete patch chromium-57-gcc4.patch
- Version update to 57.0.2987.133 bsc#1031677:
* Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
* High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
* High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
* High CVE-2017-5056: Use after free in Blink. Credit to anonymous
* High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
- Add patch to build with gcc4
* chromium-57-gcc4.patch
- Do not use gcc5 and newer as the compat was fixed again
- Update to 57.0.2987.110 with various other small tweaks
- Version update to 57.0.2987.98 bsc#1028848:
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1010
- Update to 58.0.3029.81
- Update to 58.0.3029.68
- Tie harfbuzz condition together with the minizip one
- Version update to 58.0.3029.54
- Update to 58.0.3029.33
- Update to 58.0.3029.19
- Reduce the requirement on gcc to be 4.8 only again
- Version update to 58.0.3029.14
- Disable system vpx for now, needs symbols that will be in 1.6.2
- Update fix-gn-bootstrap.diff to build again
- Version update to 58.0.3029.6
- Update to 58.0.3026.3
- Empty fix-gn-bootstrap.diff again as it was merged upstream
- Drop patch chromium-enable-vaapi-on-suse.patch as it breaks on
radeon and nvidia cards
- Update to 58.0.3018.3
- Update patch fix-gn-bootstrap.diff to match what is needed now
- Refresh patch chromium-system-jinja-r13.patch
- Version update to 58.0.3013.3
- Update to 58.0.3004.3
OBS-URL: https://build.opensuse.org/request/show/489762
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1009
* Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
* High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
* High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
* High CVE-2017-5056: Use after free in Blink. Credit to anonymous
* High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1007
