* CVE-2017-5124: UXSS with MHTML.
* CVE-2017-5125: Heap overflow in Skia.
* CVE-2017-5126: Use after free in PDFium.
* CVE-2017-5127: Use after free in PDFium.
* CVE-2017-5128: Heap overflow in WebGL.
* CVE-2017-5129: Use after free in WebAudio.
* CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
* CVE-2017-5130: Heap overflow in libxml2.
* CVE-2017-5131: Out of bounds write in Skia.
* CVE-2017-5133: Out of bounds write in Skia.
* CVE-2017-15386: UI spoofing in Blink.
* CVE-2017-15387: Content security bypass.
* CVE-2017-15388: Out of bounds read in Skia.
* CVE-2017-15389: URL spoofing in OmniBox.
* CVE-2017-15390: URL spoofing in OmniBox.
* CVE-2017-15391: Extension limitation bypass in Extensions.
* CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
* CVE-2017-15393: Referrer leak in Devtools.
* CVE-2017-15394: URL spoofing in extensions UI.
* CVE-2017-15395: Null pointer dereference in ImageCapture.
- Drop unused patches:
* chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
* chromium-atk.patch
* chromium-mojo-dep.patch
* gcc60-fixes.diff
* chromium-gcc5.patch
* chromium-prop-codecs.patch
* exclude_ymp.diff
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1050
- Bump to 62.0.3202.62
- Bump to 62.0.3202.52
- Bump to 62.0.3202.45
- Bump to 62.0.3202.38
- Version update to 62.0.3202.29
- Version update to 62.0.3202.18
- Update to latest
- Switch to system libxml again
- Add more folders to be kept in archive
- Build with gcc6 on leap as we now require --stdc-14
- Add patch to build with new glibc:
* chromium-60.0.3112.113-breakpad-ucontext.patch
- Bump to 62.0.3198.0:
- Bump to 62.0.3192.0
- Rebase patch chromium-prop-codecs.patch
- Bump to 62.0.3188.2
- Rebase fix-gn-bootstrap.diff
- Remove arm patches as we exclude it for now:
* arm-webrtc-fix.patch
OBS-URL: https://build.opensuse.org/request/show/535086
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1049
* CVE-2017-5111: Use after free in PDFium.
* CVE-2017-5112: Heap buffer overflow in WebGL.
* CVE-2017-5113: Heap buffer overflow in Skia.
* CVE-2017-5114: Memory lifecycle issue in PDFium.
* CVE-2017-5115: Type confusion in V8.
* CVE-2017-5116: Type confusion in V8.
* CVE-2017-5117: Use of uninitialized value in Skia.
* CVE-2017-5118: Bypass of Content Security Policy in Blink.
* CVE-2017-5119: Use of uninitialized value in Skia.
* CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
- Rebase patch:
* fix-gn-bootstrap.diff
- Remove patches:
* chromium-gcc7.patch
* chromium-override.patch
- Add new patches:
* chromium-atk.patch
* chromium-mojo-dep.patch
- Gtk3 is hard required from now on
- Version some of the required dependencies
- fix build with Factory glibc:
add chromium-60.0.3112.113-breakpad-ucontext.patch
- Version update to 60.0.3112.113:
* Various bugfixes
- Version update to 60.0.3112.101:
* various usability bugfixes
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1042
- Use gcc6 on leap
- Bump to 61.0.3163.79
- Add patch to build with older gcc:
* chromium-gcc5.patch
- Bump to 61.0.3163.71
- Add patch chromium-60.0.3112.113-breakpad-ucontext.patch to fix
build with new glibc
- Bump to 61.0.3163.59
- Bump to 61.0.3163.49
- Bump to 61.0.3163.39
- Add patch to fix atk build chromium-atk.patch
- Add patch to fix mojo deps chromium-mojo-dep.patch
- Bump to 61.0.3163.31
- Remove condition for gtk3, hard on from now on
- Bump version requirement on nodejs
- Bump to 61.0.3163.13
- Rebase fix-gn-bootstrap.diff
- Refresh patches:
* gcc60-fixes.diff
- Bump to 61.0.3159.5
- Use system libcxx
OBS-URL: https://build.opensuse.org/request/show/522990
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1041
- Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch
- Rebase patches:
* chromium-dma-buf.patch
* chromium-gcc7.patch
* chromium-last-commit-position-r0.patch
* fix-gn-bootstrap.diff
- Recommend emoji fonts to make sure major web chats do not show
questionmarks
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1032
* CVE-2017-5091: Use after free in IndexedDB
* CVE-2017-5092: Use after free in PPAPI
* CVE-2017-5093: UI spoofing in Blink
* CVE-2017-5094: Type confusion in extensions
* CVE-2017-5095: Out-of-bounds write in PDFium
* CVE-2017-5096: User information leak via Android intents
* CVE-2017-5097: Out-of-bounds read in Skia
* CVE-2017-5098: Use after free in V8
* CVE-2017-5099: Out-of-bounds write in PPAPI
* CVE-2017-5100: Use after free in Chrome Apps
* CVE-2017-5101: URL spoofing in OmniBox
* CVE-2017-5102: Uninitialized use in Skia
* CVE-2017-5103: Uninitialized use in Skia
* CVE-2017-5104: UI spoofing in browser
* CVE-2017-7000: Pointer disclosure in SQLite
* CVE-2017-5105: URL spoofing in OmniBox
* CVE-2017-5106: URL spoofing in OmniBox
* CVE-2017-5107: User information leak via SVG
* CVE-2017-5108: Type confusion in PDFium
* CVE-2017-5109: UI spoofing in browser
* CVE-2017-5110: UI spoofing in payments dialog
* Various fixes from internal audits, fuzzing and other initiatives
------------------------------------------------------------------
- Update to 59.0.3071.115:
* Various small fixes all around
- Update to 59.0.3071.109:
* ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
* Fixing mouse focus on WebView
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1031
- Version bump to 60.0.3112.78
- Recommend emoji fonts to make sure major web chats do not show
questionmarks
- Bump to 60.0.3112.72
- Bump to 60.0.3112.66
- Version update to 60.0.3112.50
- Bump to 60.0.3112.40
- Version bump to 60.0.3112.32
- Bump to 60.0.3112.24
- Update to 60.0.3112.20
- Drop patch chromium-system-icu.patch
* Use bundled icu as system is unbuildable at the moment
- Bump to 60.0.3112.7
- Add patch for gcc7 chromium-gcc7.patch
- Add patch to build with gcc chromium-override.patch
- Add patch to build with system icu 59 chromium-system-icu.patch
- Update to upstream 60.0.3112.7
* Refresh patch fix-gn-bootstrap.diff
- Remove upstream merged chromium-system-harfbuzz.patch
- Update 60.0.3107.4
- Refresh patch chromium-last-commit-position-r0.patch
OBS-URL: https://build.opensuse.org/request/show/512657
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1030
* CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
* CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
* CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
* CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
* CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
* CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
* CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
* CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
* CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
* CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
* CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
* CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
* CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
* CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
* CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
* CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- Add patch to fix build with system dma:
* chromium-dma-buf.patch
- Drop no longer needed patches:
* chromium-linker-memory.patch
* chromium-system-jinja-r13.patch
- Refresh patches:
* chromium-gcc7.patch
* chromium-system-ffmpeg-r3.patch
* fix-gn-bootstrap.diff
- Use bundled libxml
* Upstream unfortunately uses git snapshot that is not api/abi compatible
- Add patch for fpermissive build error:
- Version update to 58.0.3029.110:
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1021
- Add patch to build with fpermissive:
- Update to 59.0.3071.83
- Version update to chromium-59.0.3071.71
- Update to 59.0.3071.61
- Version bump to 59.0.3071.47
- Update to 59.0.3071.36
- Use bundled libxml (they have git snapshot :/)
- Add more bundled folders
- Also drop patch chromium-system-jinja-r13.patch
- Bump to 59.0.3071.29
- Refresh patch chromium-system-ffmpeg-r3.patch
- Delete patch chromium-system-libjpeg.patch
- Update to 59.0.3071.15
- Drop exif dep, unused
- Pass no-clean option to bootstrap.py for debugging purposes
- Version update to 59.0.3071.9
- Update to 59.0.3067.0
- Sort out the harfbuzz bundling conditional to be together with minizip
OBS-URL: https://build.opensuse.org/request/show/501294
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1020
* High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
* High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
* High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
* Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
* Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
* Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
* Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
* Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
* Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
* Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu
* Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
* Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
- Refresh patch fix-gn-bootstrap.diff
- Refresh patch chromium-system-jinja-r13.patch
- Remove obsolete patch chromium-57-gcc4.patch
- Version update to 57.0.2987.133 bsc#1031677:
* Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
* High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
* High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
* High CVE-2017-5056: Use after free in Blink. Credit to anonymous
* High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
- Add patch to build with gcc4
* chromium-57-gcc4.patch
- Do not use gcc5 and newer as the compat was fixed again
- Update to 57.0.2987.110 with various other small tweaks
- Version update to 57.0.2987.98 bsc#1028848:
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1010
- Update to 58.0.3029.81
- Update to 58.0.3029.68
- Tie harfbuzz condition together with the minizip one
- Version update to 58.0.3029.54
- Update to 58.0.3029.33
- Update to 58.0.3029.19
- Reduce the requirement on gcc to be 4.8 only again
- Version update to 58.0.3029.14
- Disable system vpx for now, needs symbols that will be in 1.6.2
- Update fix-gn-bootstrap.diff to build again
- Version update to 58.0.3029.6
- Update to 58.0.3026.3
- Empty fix-gn-bootstrap.diff again as it was merged upstream
- Drop patch chromium-enable-vaapi-on-suse.patch as it breaks on
radeon and nvidia cards
- Update to 58.0.3018.3
- Update patch fix-gn-bootstrap.diff to match what is needed now
- Refresh patch chromium-system-jinja-r13.patch
- Version update to 58.0.3013.3
- Update to 58.0.3004.3
OBS-URL: https://build.opensuse.org/request/show/489762
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1009
* Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
* High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
* High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
* High CVE-2017-5056: Use after free in Blink. Credit to anonymous
* High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1007
CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034
CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040
CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043
CVE-2017-5044 CVE-2017-5045 CVE-2017-5046
- Refresh patches
* fix-gn-bootstrap.diff
* chromium-linker-memory.patch
- Remove obsolete patches:
* chromium-sandbox.patch
- Remove vaapi patch which broke rendering on non-intel cards:
- Fixed a typo in the build requirements for system minizip.
- Version update to 56.0.2924.87:
* Various small fixes
* Disabled option to enable/disable plugins in the chrome://plugins
- Added the package 'chromium-privacy' with multiple patches
sourced from the release version on https://github.com/
u4qo60z73t1c4hurv3ny/privacy_patches-oS_cr, which, when enabled
with the build option 'privacy', builds a version of Chromium
with less privacy implications due to Google services
integration.
- Version update to 56.0.2924.76 bsc#1022049:
- CVE-2017-5007: Universal XSS in Blink
- CVE-2017-5006: Universal XSS in Blink
- CVE-2017-5008: Universal XSS in Blink
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1000
- Version update to 57.0.2987.98
- Remove vaapi patch that broke amd and nvidia cards
- Remove ffmpeg2 patch that is obsolete
* chromium-54-ffmpeg2compat.patch
* chromium-enable-vaapi-on-suse.patch
- Update to 57.0.2987.88
- Update to 57.0.2987.74
- Update to 57.0.2987.54
- Version update to 57.0.2987.37
- Changed the build requirement of libavformat to library version
57.41.100, as included in ffmpeg 3.1.1, as only this version
properly supports the public AVStream API 'codecpar'.
- Added patch chromium-enable-vaapi-on-suse.patch to enable
VAAPI hardware accelerated video decoding.
* chromium-enable-vaapi-on-suse.patch
- Update to 57.0.2987.21
- Update to 57.0.2987.19
- Version update to 57.0.2987.13
- Update to 57.0.2987.8
- Update to 57.0.2986.0
- Version update to 57.0.2984.0
- Drop the support code for builtin ffmpeg and rely on the system one always
OBS-URL: https://build.opensuse.org/request/show/478466
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=999
- CVE-2017-5007: Universal XSS in Blink
- CVE-2017-5006: Universal XSS in Blink
- CVE-2017-5008: Universal XSS in Blink
- CVE-2017-5010: Universal XSS in Blink
- CVE-2017-5011: Unauthorised file access in Devtools
- CVE-2017-5009: Out of bounds memory access in WebRTC
- CVE-2017-5012: Heap overflow in V8
- CVE-2017-5013: Address spoofing in Omnibox
- CVE-2017-5014: Heap overflow in Skia
- CVE-2017-5015: Address spoofing in Omnibox
- CVE-2017-5019: Use after free in Renderer
- CVE-2017-5016: UI spoofing in Blink
- CVE-2017-5017: Uninitialised memory access in webm video
- CVE-2017-5018: Universal XSS in chrome://apps
- CVE-2017-5020: Universal XSS in chrome://downloads
- CVE-2017-5021: Use after free in Extensions
- CVE-2017-5022: Bypass of Content Security Policy in Blink
- CVE-2017-5023: Type confusion in metrics
- CVE-2017-5024: Heap overflow in FFmpeg
- CVE-2017-5025: Heap overflow in FFmpeg
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- Also refresh patches:
chromium-prop-codecs.patch chromium-linker-memory.patch
- Added patch chromium-enable-vaapi-on-suse.patch to enable
VAAPI hardware accelerated video decoding.
- Chromium 55.0.2883.87:
* various fixes for crashes and specific wesites
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=982
- Added patch chromium-56-enable-vaapi-on-suse.patch to enable VAAPI hardware accelerated video decoding.
- Update to 56.0.2924.76
- Version update to 56.0.2924.67
- Version update to 56.0.2924.59
- Version update to 56.0.2924.53
- Version update to 56.0.2924.51
- Fix the gcc5 usage on Leap
- Disable system icu, crashes autofill
- Use gcc5 on Leap
- Update to 56.0.2924.28
- Allow building with non-system icu on older systems
- Version update to 56.0.2924.21
- Version update to 56.0.2924.18
- Version update to 56.0.2924.14
- Version update to 56.0.2924.10
- Version update to 56.0.2922.1
- Version update to 56.0.2920.0
- Version update to 56.0.2914.3:
* refresh patch chromium-prop-codecs.patch
OBS-URL: https://build.opensuse.org/request/show/453614
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=981
