* CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21
* CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
* CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
* CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
* CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
* CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30
* CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
* CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
* CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
* CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
* CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
* CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
* CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
* CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
* CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
* CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
* CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
* CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
* CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
* CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
* CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
* CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
* CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06
* CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21
* CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10
* CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19
* CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07
- Rebase patch:
* chromium-vaapi.patch
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1407
- Add icu-v67.patch from upstream to fix build with icu v67
- Disable lto to avoid the overflow >16GB ram used
- Use internal resources for icon and appdata
- Added patch chromium-vaapi-fix.patch again to fix boo#1146219
-------------------------------------------------------------------
- Up to 78.0.3887.7
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
* chromium-non-void-return.patch
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
OBS-URL: https://build.opensuse.org/request/show/807553
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1406
* CVE-2020-6454: Use after free in extensions
* CVE-2020-6423: Use after free in audio
* CVE-2020-6455: Out of bounds read in WebSQL
* CVE-2020-6430: Type Confusion in V8
* CVE-2020-6456: Insufficient validation of untrusted input in clipboard
* CVE-2020-6431: Insufficient policy enforcement in full screen
* CVE-2020-6432: Insufficient policy enforcement in navigations
* CVE-2020-6433: Insufficient policy enforcement in extensions
* CVE-2020-6434: Use after free in devtools
* CVE-2020-6435: Insufficient policy enforcement in extensions
* CVE-2020-6436: Use after free in window management
* CVE-2020-6437: Inappropriate implementation in WebView
* CVE-2020-6438: Insufficient policy enforcement in extensions
* CVE-2020-6439: Insufficient policy enforcement in navigations
* CVE-2020-6440: Inappropriate implementation in extensions
* CVE-2020-6441: Insufficient policy enforcement in omnibox
* CVE-2020-6442: Inappropriate implementation in cache
* CVE-2020-6443: Insufficient data validation in developer tools
* CVE-2020-6444: Uninitialized Use in WebRTC
* CVE-2020-6445: Insufficient policy enforcement in trusted types
* CVE-2020-6446: Insufficient policy enforcement in trusted types
* CVE-2020-6447: Inappropriate implementation in developer tools
* CVE-2020-6448: Use after free in V8
- Add new patches:
* chromium-81-gcc-constexpr.patch
* chromium-81-gcc-noexcept.patch
* fix-vaapi-with-glx.patch
- Remove no longer needed patches:
* chromium-80-gcc-abstract.patch
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1389
* High CVE-2020-6422: Use after free in WebGL.
* High CVE-2020-6424: Use after free in media.
* High CVE-2020-6425: Insufficient policy enforcement in extensions.
* High CVE-2020-6426: Inappropriate implementation in V8.
* High CVE-2020-6427: Use after free in audio.
* High CVE-2020-6428: Use after free in audio.
* High CVE-2020-6429: Use after free in audio.
* High CVE-2019-20503: Out of bounds read in usersctplib.
* High CVE-2020-6449: Use after free in audio.
* Various fixes from internal audits, fuzzing and other initiatives
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1378
* CVE-2020-6381: Integer overflow in JavaScript
* CVE-2020-6382: Type Confusion in JavaScript
* CVE-2019-18197: Multiple vulnerabilities in XML
* CVE-2019-19926: Inappropriate implementation in SQLite
* CVE-2020-6385: Insufficient policy enforcement in storage
* CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
* CVE-2020-6387: Out of bounds write in WebRTC
* CVE-2020-6388: Out of bounds memory access in WebAudio
* CVE-2020-6389: Out of bounds write in WebRTC
* CVE-2020-6390: Out of bounds memory access in streams
* CVE-2020-6391: Insufficient validation of untrusted input in Blink
* CVE-2020-6392: Insufficient policy enforcement in extensions
* CVE-2020-6393: Insufficient policy enforcement in Blink
* CVE-2020-6394: Insufficient policy enforcement in Blink
* CVE-2020-6395: Out of bounds read in JavaScript
* CVE-2020-6396: Inappropriate implementation in Skia
* CVE-2020-6397: Incorrect security UI in sharing
* CVE-2020-6398: Uninitialized use in PDFium
* CVE-2020-6399: Insufficient policy enforcement in AppCache
* CVE-2020-6400: Inappropriate implementation in CORS
* CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
* CVE-2020-6402: Insufficient policy enforcement in downloads
* CVE-2020-6403: Incorrect security UI in Omnibox
* CVE-2020-6404: Inappropriate implementation in Blink
* CVE-2020-6405: Out of bounds read in SQLite
* CVE-2020-6406: Use after free in audio
* CVE-2019-19923: Out of bounds memory access in SQLite
* CVE-2020-6408: Insufficient policy enforcement in CORS
* CVE-2020-6409: Inappropriate implementation in Omnibox
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1364
- Disable lto to avoid the overflow >16GB ram used
- Use internal resources for icon and appdata
- Added patch chromium-vaapi-fix.patch again to fix boo#1146219
-------------------------------------------------------------------
- Up to 78.0.3887.7
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
* chromium-non-void-return.patch
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
* chromium-system-icu.patch
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
- Up to chromium-69.0.3497.12
OBS-URL: https://build.opensuse.org/request/show/770266
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1363
* CVE-2019-13725: Use after free in Bluetooth
* CVE-2019-13726: Heap buffer overflow in password manager
* CVE-2019-13727: Insufficient policy enforcement in WebSockets
* CVE-2019-13728: Out of bounds write in V8
* CVE-2019-13729: Use after free in WebSockets
* CVE-2019-13730: Type Confusion in V8
* CVE-2019-13732: Use after free in WebAudio
* CVE-2019-13734: Out of bounds write in SQLite
* CVE-2019-13735: Out of bounds write in V8
* CVE-2019-13764: Type Confusion in V8
* CVE-2019-13736: Integer overflow in PDFium
* CVE-2019-13737: Insufficient policy enforcement in autocomplete
* CVE-2019-13738: Insufficient policy enforcement in navigation
* CVE-2019-13739: Incorrect security UI in Omnibox
* CVE-2019-13740: Incorrect security UI in sharing
* CVE-2019-13741: Insufficient validation of untrusted input in Blink
* CVE-2019-13742: Incorrect security UI in Omnibox
* CVE-2019-13743: Incorrect security UI in external protocol handling
* CVE-2019-13744: Insufficient policy enforcement in cookies
* CVE-2019-13745: Insufficient policy enforcement in audio
* CVE-2019-13746: Insufficient policy enforcement in Omnibox
* CVE-2019-13747: Uninitialized Use in rendering
* CVE-2019-13748: Insufficient policy enforcement in developer tools
* CVE-2019-13749: Incorrect security UI in Omnibox
* CVE-2019-13750: Insufficient data validation in SQLite
* CVE-2019-13751: Uninitialized Use in SQLite
* CVE-2019-13752: Out of bounds read in SQLite
* CVE-2019-13753: Out of bounds read in SQLite
* CVE-2019-13754: Insufficient policy enforcement in extensions
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1350
- Use internal resources for icon and appdata
- Added patch chromium-vaapi-fix.patch again to fix boo#1146219
-------------------------------------------------------------------
- Up to 78.0.3887.7
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
gcc-lto-rsp-clobber.patch patches.
- Refresh patch:
* chromium-non-void-return.patch
- Add new patch to fix aarch64 build:
* chromium-fix_swiftshader.patch
- Update %arm build, but keep it disabled for now, as ld requires
lots of RAM
- Up to 72.0.3626.14
- Update chromium-vaapi.patch
- Update chromium-system-icu.patch
- Increase %limit_build value to avoid OOM
- Rework aarch64 build requirements
- Reduce jumbo_file_merge_limit to 8 for aarch64 to avoid OOM
- Fix again aarch64 skia build:
* chromium-skia-aarch64-buildfix.patch
- Up to 71.0.3551.3
- Up to 70.0.3528.4
- Up to chromium-70.0.3521.2
- Add patch trying to build with system icu:
* chromium-system-icu.patch
- Up to chromium-70.0.3510.0
- Up to 69.0.3497.23
- Up to chromium-69.0.3497.12
- Add patch to fix aarch64 build:
OBS-URL: https://build.opensuse.org/request/show/755755
OBS-URL: https://build.opensuse.org/package/show/network:chromium/chromium?expand=0&rev=1349
