------------------------------------------------------------------- Sat Aug 23 19:50:33 UTC 2025 - Andreas Stieger - Chromium 141.0.7367.0 (dev released 2025-08-21) - dropped patches: ppc-fedora-fix-rustc.patch (obsolete) ------------------------------------------------------------------- Wed Aug 20 19:24:57 UTC 2025 - ro@suse.de - Chromium 140.0.7339.24 (beta released 2025-08-20) - modified patches: chromium-125-compiler.patch chromium-libusb_interrupt_event_handler.patch gcc-enable-lto.patch ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff chromium-102-regex_pattern-array.patch gtk-414.patch ppc-fedora-fix-study-crash.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch (stub, needs to be redone) ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch - added patches: chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch (revert of upstream patch 8393b61ba876c8e1614275c97767f9b06b889f48) chromium-140-old-flac.patch (applied for flac < 1.5.0) - change rust_version to 1.86 - keeplibs: removed buildtools/third_party/eu-strip (gone upstream) removed wasm_tts_engine (gone upstream) - bump gn BuildReq to 0.20250619 - do not use system_harfbuzz for 16+ for now, unbundle is broken ------------------------------------------------------------------- Tue Aug 19 21:07:41 UTC 2025 - Andreas Stieger - Chromium 139.0.7258.138 (boo#1248315): * CVE-2025-9132: Out of bounds write in V8 ------------------------------------------------------------------- Wed Aug 13 04:21:07 UTC 2025 - Andreas Stieger - Chromium 139.0.7258.127 (boo#1247981): * CVE-2025-8879: Heap buffer overflow in libaom * CVE-2025-8880: Race in V8 * CVE-2025-8901: Out of bounds write in ANGLE * CVE-2025-8881: Inappropriate implementation in File Picker * CVE-2025-8882: Use after free in Aura * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Thu Aug 7 15:48:37 CEST 2025 - ro@suse.de - really install libffmpeg.so if using the bundled one and block the extra dependency ------------------------------------------------------------------- Wed Aug 6 12:47:40 CEST 2025 - ro@suse.de - add patch: chromium-139-pdfium-openjpeg-CVE-2025-54874.patch (CVE-2025-54874 bsc#1247661) fix missing error check in openjpeg ------------------------------------------------------------------- Wed Aug 6 12:28:51 CEST 2025 - ro@suse.de - re-add updated patch: ppc-fedora-0002-regenerate-xnn-buildgn.patch from https://src.fedoraproject.org/rpms/chromium/blob/ rawhide/f/0002-regenerate-xnn-buildgn.patch ------------------------------------------------------------------- Tue Aug 5 19:55:25 UTC 2025 - Andreas Stieger - Chromium 139.0.7258.66 (boo#1247664): * CVE-2025-8576: Use after free in Extensions * CVE-2025-8577: Inappropriate implementation in Picture In Picture * CVE-2025-8578: Use after free in Cast * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome * CVE-2025-8580: Inappropriate implementation in Filesystems * CVE-2025-8581: Inappropriate implementation in Extensions * CVE-2025-8582: Insufficient validation of untrusted input in DOM * CVE-2025-8583: Inappropriate implementation in Permissions - modified patches: gcc-enable-lto.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-skia-vsx-instructions.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-0001-add-xnn-ppc64el-support.patch - dropped patches: chromium-warning-suppression-mappings.patch (using cmdline switch) chromium-93-ffmpeg-4.4.patch - dropped the ffmpeg revert patches that were only applied for 15: chromium-125-ffmpeg-5.x-reordered_opaque.patch Cr122-ffmpeg-new-channel-layout.patch ffmpeg-new-channel-layout.patch chromium-106-ffmpeg-duration.patch chromium-93-ffmpeg-4.4-rest.patch chromium-138-revert_ffmpeg_FF_AV.patch - added patches: ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch - keeplibs: removed chrome/third_party/mozilla_security_manager removed third_party/mesa added third_party/ml_dtypes (needed in tflite/xla) added third_party/readability (needed in tools/grit/grit) added third_party/ffmpeg (gave up on reverting all recent commits in the code using ffmpeg, need at least ffmpeg-7) - remove disabled ppc-fedora-0002-regenerate-xnn-buildgn.patch to please factory-auto ------------------------------------------------------------------- Wed Jul 30 10:26:40 CEST 2025 - ro@suse.de - Chromium 138.0.7204.183 (boo#1247365): * CVE-2025-8292: Use after free in Media Stream - try to switch to smaller linux tarball from https://github.com/chromium-linux-tarballs) - disable chromium-91-java-only-allowed-in-android-builds.patch (not part of reduced tarball) ------------------------------------------------------------------- Tue Jul 29 10:44:14 CEST 2025 - ro@suse.de - set official_build to true (like other distributions) "official builds have less debugging and go faster..." - added patches: chromium-139-deterministic.patch (undefine __DATE__,__TIME__ like without official-build set to keep the build reproducible) ------------------------------------------------------------------- Thu Jul 24 18:23:20 CEST 2025 - ro@suse.de - modified patches: ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch (update context to apply) ------------------------------------------------------------------- Tue Jul 22 21:31:06 UTC 2025 - Andreas Stieger - Chromium 138.0.7204.168 (boo#1246902): * CVE-2025-8010: Type Confusion in V8 * CVE-2025-8011: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Tue Jul 15 19:46:14 UTC 2025 - Andreas Stieger - Chromium 138.0.7204.157 (boo#1246558): * CVE-2025-7656: Integer overflow in V8 * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU * CVE-2025-7657: Use after free in WebRTC ------------------------------------------------------------------- Wed Jul 9 16:52:34 UTC 2025 - Andreas Stieger - Chromium 138.0.7204.100: * tweaks to the Google services settings page ------------------------------------------------------------------- Tue Jul 1 12:18:23 CEST 2025 - ro@suse.de - update from debian: ppc-fedora-skia-vsx-instructions.patch - dropped patches: ppc-skia-revert-1.patch ppc-skia-revert-2.patch ppc-skia-revert-3.patch ------------------------------------------------------------------- Tue Jul 1 10:43:12 CEST 2025 - ro@suse.de - Chromium 138.0.7204.96 (stable released 2025-06-30) (boo#1245544) * CVE-2025-6554: Type Confusion in V8 ------------------------------------------------------------------- Wed Jun 25 10:32:36 CEST 2025 - ro@suse.de - Chromium 138.0.7204.49 (stable released 2025-06-24) (boo#1245332) * CVE-2025-6555: Use after free in Animation * CVE-2025-6556: Insufficient policy enforcement in Loader * CVE-2025-6557: Insufficient data validation in DevTools - dropped patches: chromium-137-heuristics_missing_includes.patch (upstream) chromium-137-pdfium_fix_pattribute.patch (upstream) - modified patches: chromium-125-compiler.patch (context) ffmpeg-new-channel-layout.patch (context) chromium-134-revert-rust-adler2.patch (context,reverse application) ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context) ppc-fedora-0002-regenerate-xnn-buildgn.patch (context) ppc-fedora-memory-allocator-dcheck-assert-fix.patch (context) chromium-warning-suppression-mappings.patch (context) - added patches: (conditional revert for old ffmpeg, upstream 129f48501a7c3fa4236234f2fa0aee490a845b59) chromium-138-revert_ffmpeg_FF_AV.patch - keeplibs: removed third_party/distributed_point_functions removed third_party/tflite/src/third_party/eigen3 removed third_party/webrtc/rtc_base/third_party/base64 added third_party/dragonbox (needed by ../v8/src/numbers/conversions.cc ) - bump gn buildrequires to 0.20250520 ------------------------------------------------------------------- Tue Jun 17 23:36:50 CEST 2025 - ro@suse.de - Chromium 137.0.7151.119 (stable release 2025-06-17) (boo#1244711) * CVE-2025-6191: Integer overflow in V8 * CVE-2025-6192: Use after free in Profiler ------------------------------------------------------------------- Thu Jun 12 09:05:12 UTC 2025 - Bernhard Wiedemann - Replace usage of %jobs for reproducible builds (boo#1237231) ------------------------------------------------------------------- Wed Jun 11 12:18:31 CEST 2025 - ro@suse.de - Chromium 137.0.7151.103 (stable release 2025-06-10) (boo#1244452) * CVE-2025-5958: Use after free in Media * CVE-2025-5959: Type Confusion in V8 ------------------------------------------------------------------- Tue Jun 3 12:48:01 CEST 2025 - ro@suse.de - Chromium 137.0.7151.68 (stable release 2025-06-03) (boo#1244019) * CVE-2025-5419: Out of bounds read and write in V8 * CVE-2025-5068: Use after free in Blink - Google is aware that an exploit for CVE-2025-5419 exists in the wild. ------------------------------------------------------------------- Fri May 30 00:25:43 CEST 2025 - ro@suse.de - added patches: ppc-fedora-0001-add-xnn-ppc64el-support.patch ppc-fedora-0002-regenerate-xnn-buildgn.patch ------------------------------------------------------------------- Wed May 28 01:08:19 CEST 2025 - ro@suse.de - Chromium 137.0.7151.55 (stable release 2025-05-27) (boo#1243741) * CVE-2025-5063: Use after free in Compositing * CVE-2025-5280: Out of bounds write in V8 * CVE-2025-5064: Inappropriate implementation in Background Fetch API * CVE-2025-5065: Inappropriate implementation in FileSystemAccess API * CVE-2025-5066: Inappropriate implementation in Messages * CVE-2025-5281: Inappropriate implementation in BFCache * CVE-2025-5283: Use after free in libvpx * CVE-2025-5067: Inappropriate implementation in Tab Strip - dropped patches: chromium-135-gperf-output.patch (upstream) - modified patches: chromium-125-compiler.patch (context) chromium-127-rust-clanglib.patch (context) ffmpeg-new-channel-layout.patch (drop one hunk where upstream dropped the code) system-libdrm.patch (context) ppc-fedora-fix-partition-alloc-compile.patch (context) ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch (context) ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch (context) - added patches: chromium-137-pdfium_fix_pattribute.patch (fix typo in pAttribute attributes) chromium-137-heuristics_missing_includes.patch (upstream patch 4c736420952f355f18bdc4f4ea2d16e4514fa034) chromium-137-disruptive_notification_permissions_manager-missing_include.patch (missing include) - revert last skia patches for gather_unaligned until we have a port for ppc64le ppc-skia-revert-1.patch ppc-skia-revert-2.patch ppc-skia-revert-3.patch - keeplibs: added third_party/compiler-rt ------------------------------------------------------------------- Thu May 15 00:07:25 CEST 2025 - ro@suse.de - Chromium 136.0.7103.113 (stable release 2025-05-14) (boo#1243205) * CVE-2025-4664: Insufficient policy enforcement in Loader * CVE-2025-4609: Incorrect handle provided in unspecified circumstances in Mojo ------------------------------------------------------------------- Mon May 12 17:13:38 CEST 2025 - ro@suse.de - try build on ppc64le - added patches (from fedora) ppc-fedora-add-ppc64-architecture-string.patch ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch ppc-fedora-0002-third_party-lss-kernel-structs.patch ppc-fedora-0001-swiftshader-fix-build.patch ppc-fedora-Rtc_base-system-arch.h-PPC.patch ppc-fedora-0002-Include-cstddef-to-fix-build.patch ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch ppc-fedora-0001-third-party-hwy-wrong-include.patch ppc-fedora-HACK-debian-clang-disable-base-musttail.patch ppc-fedora-0001-Add-ppc64-target-to-libaom.patch ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch ppc-fedora-skia-vsx-instructions.patch ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch ppc-fedora-fix-clang-selection.patch ppc-fedora-fix-rustc.patch ppc-fedora-fix-rust-linking.patch ppc-fedora-fix-breakpad-compile.patch ppc-fedora-fix-partition-alloc-compile.patch ppc-fedora-fix-study-crash.patch ppc-fedora-memory-allocator-dcheck-assert-fix.patch ppc-fedora-fix-different-data-layouts.patch ppc-fedora-0002-Add-ppc64-trap-instructions.patch ppc-fedora-fix-ppc64-linux-syscalls-headers.patch ppc-fedora-use-sysconf-page-size-on-ppc64.patch ppc-fedora-0001-Enable-ppc64-pointer-compression.patch ppc-fedora-dawn-fix-ppc64le-detection.patch ppc-fedora-add-ppc64-architecture-to-extensions.diff ppc-fedora-fix-unknown-warning-option-messages.diff ppc-fedora-add-ppc64-pthread-stack-size.patch ppc-fedora-fix-ppc64-rust_png-build-error.patch - added patches ppc-chromium-136-clang-config.patch - disable swiftshader on ppc64le like on aarch64 ------------------------------------------------------------------- Wed May 7 10:17:50 CEST 2025 - ro@suse.de - Chromium 136.0.7103.92 (stable release 2025-05-06) (boo#1242717) * CVE-2025-4372: Use after free in WebAudio ------------------------------------------------------------------- Fri May 2 16:40:19 CEST 2025 - ro@suse.de - Chromium 136.0.7103.48 (stable release 2025-04-29) (boo#1242153) * CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 * CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 * CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-1 * CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10 - added patches: chromium-warning-suppression-mappings.patch (from upstream, revert for llvm < 20) - dropped patches: fix-build-with-pipewire-1.3.82.patch (upstream) - modified patches: chromium-125-compiler.patch (context) gtk-414.patch (one more place with GSK_SUBSURFACE_NODE) - bump esbuild from 0.24.0 to 0.25.1 * Fix incorrect paths in inline source maps (#4070, #4075, #4105) * Fix invalid generated source maps (#4080, #4082, #4104, #4107) * Fix a regression with non-file source map paths (#4078) * Update Go from 1.23.5 to 1.23.7 (#4076, #4077) ------------------------------------------------------------------- Thu Apr 24 01:38:01 CEST 2025 - ro@suse.de - Chromium 135.0.7049.114 (stable release 2025-04-22) * stability fixes ------------------------------------------------------------------- Tue Apr 22 14:28:27 CEST 2025 - ro@suse.de - add patch chromium-135-gperf-output.patch from upstream to fix compilation when using gperp-3.2 and above which resolved the issue with the FALLTHROUGH comment ------------------------------------------------------------------- Wed Apr 16 16:30:29 CEST 2025 - ro@suse.de - Chromium 135.0.7049.95 (stable release 2025-04-15) (boo#1241288) * CVE-2025-3619: Heap buffer overflow in Codecs * CVE-2025-3620: Use after free in USB ------------------------------------------------------------------- Thu Apr 10 12:27:46 CEST 2025 - ro@suse.de - update chromium-121-rust-clang_lib.patch to apply cleanly ------------------------------------------------------------------- Wed Apr 9 01:09:30 CEST 2025 - ro@suse.de - Chromium 135.0.7049.84 (stable release 2025-04-08) (boo#1240968) * CVE-2025-3066: Use after free in Site Isolation ------------------------------------------------------------------- Fri Apr 4 10:30:57 CEST 2025 - ro@suse.de - add patch chromium-135-add_map_droppable.patch add MAP_DROPPABLE introduced by recent QT (boo#1238826, boo#1239780) ------------------------------------------------------------------- Wed Apr 2 01:20:57 CEST 2025 - ro@suse.de - Chromium 135.0.7049.52 (stable release 2025-04-01) (boo#1240555) * CVE-2025-3066: Use after free in Navigations * CVE-2025-3067: Inappropriate implementation in Custom Tabs * CVE-2025-3068: Inappropriate implementation in Intents * CVE-2025-3069: Inappropriate implementation in Extensions * CVE-2025-3070: Insufficient validation of untrusted input in Extensions * CVE-2025-3071: Inappropriate implementation in Navigations * CVE-2025-3072: Inappropriate implementation in Custom Tabs * CVE-2025-3073: Inappropriate implementation in Autofill * CVE-2025-3074: Inappropriate implementation in Downloads - modified patches: system-libdrm.patch (context update) gcc-enable-lto.patch (context update) chromium-127-constexpr.patch (context update) chromium-norar.patch (context update) - added patches: gtk-414.patch (reverse apply since our gtk4 is too old) - add to keeplibs: third_party/protobuf/third_party/utf8_range - drop from keeplibs: third_party/iccjpeg (gone upstream) - config variable changed from use_qt to use_qt5 - bump buildrequires for gn to 0.20250306 ------------------------------------------------------------------- Wed Mar 26 12:29:38 CET 2025 - ro@suse.de - drop chromium-134-revert-allowlist.patch (obsolete, gn has been updated) - also use nodejs 22 for sle15 ------------------------------------------------------------------- Sat Mar 22 14:18:24 UTC 2025 - Andreas Stieger - Chromium 134.0.6998.165 * stability fixes (boo#1240022) ------------------------------------------------------------------- Fri Mar 21 16:57:02 CET 2025 - ro@suse.de - drop chromium-120-make_unique-struct.patch (not needed) ------------------------------------------------------------------- Thu Mar 20 12:05:15 CET 2025 - ro@suse.de - Chromium 134.0.6998.117 (stable released 2025-03-20) (boo#1239819) * CVE-2025-2476: Use after free in Lens ------------------------------------------------------------------- Wed Mar 19 12:37:13 CET 2025 - ro@suse.de - use rust1.85 ------------------------------------------------------------------- Fri Mar 14 14:11:39 CET 2025 - ro@suse.de - drop chromium-94-ffmpeg-roll.patch (build fail after ffmpeg updated from 4.4 to 4.4.5 in code15) ------------------------------------------------------------------- Tue Mar 11 10:32:17 CET 2025 - ro@suse.de - Chromium 134.0.6998.88 (stable released 2025-03-11) (boo#1239216) * CVE-2025-1920: Type Confusion in V8 * CVE-2025-2135: Type Confusion in V8 * CVE-TBD: Out of bounds write in GPU * CVE-2025-2136: Use after free in Inspector * CVE-2025-2137: Out of bounds read in V8 ------------------------------------------------------------------- Wed Mar 5 16:56:22 CET 2025 - ro@suse.de - replace patch chromium-134-specialize-some-to_value_list.patch by patch chromium-134-type-mismatch-error.patch (from fedora) ------------------------------------------------------------------- Thu Feb 27 15:33:11 CET 2025 - ro@suse.de - Chromium 134.0.6998.35 (stable release 2025-03-04) (boo#1238575) * CVE-2025-1914: Out of bounds read in V8 * CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools * CVE-2025-1916: Use after free in Profiles * CVE-2025-1917: Inappropriate Implementation in Browser UI * CVE-2025-1918: Out of bounds read in PDFium * CVE-2025-1919: Out of bounds read in Media * CVE-2025-1921: Inappropriate Implementation in Media Stream * CVE-2025-1922: Inappropriate Implementation in Selection * CVE-2025-1923: Inappropriate Implementation in Permission Prompts - modified patches: fix_building_widevinecdm_with_chromium.patch (do not define WIDEVINE_CDM_VERSION_STRING, gone upstream) system-libdrm.patch (context update) - added patches: chromium-134-revert-allowlist.patch (avoid having to update gn on all targets) chromium-134-revert-rust-adler2.patch (revert rust change from adler to adler2 while we have 1.83) chromium-134-specialize-some-to_value_list.patch - dropped patches (llvm17 is gone): chromium-127-clang17-traitors.patch chromium-add-atomicops.patch chromium-133-string_view.patch - add to keeplibs: third_party/search_engines_data v8/third_party/rapidhash-v8 - drop from keeplibs: third_party/libavif (gone) (FIXME cleanup) - reenable qt6 for TW ------------------------------------------------------------------- Wed Feb 26 02:05:16 CET 2025 - ro@suse.de - Chromium 133.0.6943.141 (boo#1237699) This update includes 1 security fix. * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Mon Feb 24 14:31:33 CET 2025 - ro@suse.de - fix build with qt6 and enable qt6 also for 15.x - added patches: chromium-131-fix-qt-ui.pach (from fedora) ------------------------------------------------------------------- Wed Feb 19 07:13:06 UTC 2025 - Andreas Stieger - Chromium 133.0.6943.126 (boo#1237343) * CVE-2025-0999: Heap buffer overflow in V8 * CVE-2025-1426: Heap buffer overflow in GPU * CVE-2025-1006: Use after free in Network ------------------------------------------------------------------- Tue Feb 18 17:12:14 CET 2025 - ro@suse.de - replace "with qt" by "with qt5" - add patch chromium-133-bring_back_and_disable_allowlist.patch trying to fix issues with YT playback (bsc#1237071) ------------------------------------------------------------------- Fri Feb 14 09:12:39 UTC 2025 - Antonio Larrosa - Fix patch to actually fix build with pipewire 1.3.82: * fix-build-with-pipewire-1.3.82.patch ------------------------------------------------------------------- Thu Feb 13 08:22:29 UTC 2025 - Antonio Larrosa - Add patch to fix build with pipewire 1.3.82: * fix-build-with-pipewire-1.3.82.patch ------------------------------------------------------------------- Thu Feb 13 01:15:05 CET 2025 - ro@suse.de - Chromium 133.0.6943.98 (stable released 2025-02-12) (bsc#1237121) * CVE-2025-0995: Use after free in V8 * CVE-2025-0996: Inappropriate implementation in Browser UI * CVE-2025-0997: Use after free in Navigation * CVE-2025-0998: Out of bounds memory access in V8 ------------------------------------------------------------------- Wed Feb 5 10:36:43 CET 2025 - ro@suse.de - Chromium 133.0.6943.53 (stable released 2024-02-04) (bsc#1236806) * CVE-2025-0444: Use after free in Skia * CVE-2025-0445: Use after free in V8 * CVE-2025-0451: Inappropriate implementation in Extensions API ------------------------------------------------------------------- Thu Jan 30 18:17:42 CET 2025 - ro@suse.de - dropped patches: (obsolete with recent llvm) chromium-130-no-hardware_destructive_interference_size.patch ------------------------------------------------------------------- Thu Jan 30 18:08:11 CET 2025 - ro@suse.de - Chromium 133.0.6943.35 (beta released 2025-01-29) - use llvm19 also on 15.6/SLE-15-SP6 - dropped patches: chromium-125-disable-FFmpegAllowLists.patch chromium-119-assert.patch (code dropped upstream) - modified patches chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch (rest of code is gone upstream, see commit 574c1e6678da435efb2ea9dba5dd890c2704b8af) - update context in chromium-102-regex_pattern-array.patch chromium-125-ffmpeg-5.x-reordered_opaque.patch - add to keeplibs: third_party/simdutf third_party/wasm_tts_engine (needed by tools/grit) v8/third_party/siphash (moved inside of v8) v8/third_party/utf8-decoder (moved inside of v8) v8/third_party/valgrind (moved inside of v8) - drop from keeplibs (gone in source): third_party/jstemplate does not exist third_party/qcms does not exist - drop buildreq for libevent and libevent from system libs as the lib was dropped upstream - added patches (as revert for llvm17 in sp6): chromium-add-atomicops.patch (upstream commit d29b01737a841b5627249d50f007dcdc7e26462b) (upstream commit 780efe38034cfdc1bdf4c74e82e7ca7c14e8ac5b does not seem to be in 133 yet) chromium-133-string_view.patch (one more place to use string_view, also only llvm17) - update INSTALL.sh to generate appdata.xml from template ------------------------------------------------------------------- Thu Jan 30 18:06:26 CET 2025 - ro@suse.de - drop chromium-132-old_libdrm.patch obsolete as we are not building for 15.5 anymore ------------------------------------------------------------------- Wed Jan 29 06:10:35 UTC 2025 - Andreas Stieger - Chromium 132.0.6834.159 (boo#1236586) * CVE-2025-0762: Use after free in DevTools ------------------------------------------------------------------- Thu Jan 23 08:01:42 UTC 2025 - Andreas Stieger - Chromium 132.0.6834.110 (boo#1236306) * CVE-2025-0611: Object corruption in V8 * CVE-2025-0612: Out of bounds memory access in V8 ------------------------------------------------------------------- Mon Jan 13 13:21:48 CET 2025 - ro@suse.de - Chromium 132.0.6834.83 (stable released 2024-01-14) (bsc#1235892) * CVE-2025-0434: Out of bounds memory access in V8 * CVE-2025-0435: Inappropriate implementation in Navigation * CVE-2025-0436: Integer overflow in Skia * CVE-2025-0437: Out of bounds read in Metrics * CVE-2025-0438: Stack buffer overflow in Tracing * CVE-2025-0439: Race in Frames * CVE-2025-0440: Inappropriate implementation in Fullscreen * CVE-2025-0441: Inappropriate implementation in Fenced Frames * CVE-2025-0442: Inappropriate implementation in Payments * CVE-2025-0443: Insufficient data validation in Extensions * CVE-2025-0446: Inappropriate implementation in Extensions * CVE-2025-0447: Inappropriate implementation in Navigation * CVE-2025-0448: Inappropriate implementation in Compositing - dropped patches: * chromium-131-unbundle-enable-freetype.patch (upstream) - added patches: * chromium-8d882c289f17e3a67d6d67d5ff7e9d16ebb4f19a.patch (apply git upstream reverse for 15.x with llvm17) * chromium-93-ffmpeg-4.4-rest.patch (split off to only apply after the reverse) * chromium-132-old_libdrm.patch (applied only on 15.5 with libdrm < 2.4.116) * chromium-132-pdfium-explicit-template.patch (error: alias template requires template arguments) - update context in * chromium-125-compiler.patch * chromium-127-rust-clanglib.patch * Cr122-ffmpeg-new-channel-layout.patch * gcc-enable-lto.patch * chromium-127-constexpr.patch - update esbuild to 0.24.0 - drop old tarball - use upstream release tarball for 0.24.0 - add vendor tarball for golang.org/x/sys - add to keeplibs: third_party/libtess2 third_party/devtools-frontend/src/node_modules/fast-glob ------------------------------------------------------------------- Fri Jan 10 14:56:40 CET 2025 - ro@suse.de - more work on 15.7/15-SP7 using recent llvm,rust,gcc - cleanup use of suse_version macro - cleanup use of conditionally applied patches, switch from autoset to setup/autopatch which allows to specify a range and apply remaining patches conditionally ------------------------------------------------------------------- Wed Jan 8 11:18:49 CET 2025 - ro@suse.de - Chromium 131.0.6778.264 (boo#1235422) * CVE-2025-0291: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Thu Dec 19 14:58:31 CET 2024 - ro@suse.de - Chromium 131.0.6778.204 (boo#1234704) * CVE-2024-12692: Type Confusion in V8 * CVE-2024-12693: Out of bounds memory access in V8 * CVE-2024-12694: Use after free in Compositing * CVE-2024-12695: Out of bounds write in V8 * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Wed Dec 11 01:24:06 UTC 2024 - Andreas Stieger - Chromium 131.0.6778.139 (boo#1234361) * CVE-2024-12381: Type Confusion in V8 * CVE-2024-12382: Use after free in Translate * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Wed Dec 4 10:31:04 CET 2024 - ro@suse.de - Chromium 131.0.6778.108 (stable released 2024-12-04) (boo#1234118) * CVE-2024-12053: Type Confusion in V8 - update patches: chromium-127-constexpr.patch ------------------------------------------------------------------- Wed Nov 20 23:20:12 CET 2024 - ro@suse.de - Chromium 131.0.6778.85 (stable released 2024-11-19) (boo#1233534) * CVE-2024-11395: Type Confusion in V8 ------------------------------------------------------------------- Thu Nov 7 00:32:31 CET 2024 - ro@suse.de - Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311) * CVE-2024-11110: Inappropriate implementation in Blink. * CVE-2024-11111: Inappropriate implementation in Autofill. * CVE-2024-11112: Use after free in Media. (n/a for linux) * CVE-2024-11113: Use after free in Accessibility. * CVE-2024-11114: Inappropriate implementation in Views. (n/a for linux) * CVE-2024-11115: Insufficient policy enforcement in Navigation. (n/a for linux) * CVE-2024-11116: Inappropriate implementation in Paint. * CVE-2024-11117: Inappropriate implementation in FileSystem. - dropped patches: * chromium-130-missing-includes.patch (upstream) * chromium-125-lp155-typename.patch (not required with llvm) - modified patches: * chromium-127-bindgen.patch (drop all allowlist changes) * chromium-127-constexpr.patch (update from debian patch) - added patches: * chromium-131-unbundle-enable-freetype.patch from git, missing in 131 release * chromium-131-clang-stack-protector.patch (partial revert of upstream commit c3dadb02f611a360fb40fd8844ed3c1ef1e7834e) - drop from keeplibs: (deleted upstream) third_party/devtools-frontend/src/front_end/third_party/lodash-isequal - add to keeplibs: third_party/tflite/src/third_party/xla/xla/tsl (drop subdirs) third_party/ink ------------------------------------------------------------------- Wed Nov 6 00:52:13 CET 2024 - ro@suse.de - Chromium 130.0.6723.116 (boo#1232843) * CVE-2024-10826: Use after free in Family Experiences * CVE-2024-10827: Use after free in Serial ------------------------------------------------------------------- Wed Oct 30 11:16:19 CET 2024 - ro@suse.de - Chromium 130.0.6723.91 (boo#1232566) * CVE-2024-10487: Out of bounds write in Dawn * CVE-2024-10488: Use after free in WebRTC ------------------------------------------------------------------- Mon Oct 28 12:13:15 CET 2024 - ro@suse.de - change BR for rust to require version 1.81 (1.82 uses a newer llvm) ------------------------------------------------------------------- Sat Oct 26 08:16:55 UTC 2024 - Andreas Stieger - Chromium 130.0.6723.69 (boo#1232060) * CVE-2024-10229: Inappropriate implementation in Extensions * CVE-2024-10230: Type Confusion in V8 * CVE-2024-10231: Type Confusion in V8 ------------------------------------------------------------------- Sat Oct 12 10:45:36 UTC 2024 - Andreas Stieger - Chromium 130.0.6723.58 (boo#1231694) * CVE-2024-9954: Use after free in AI * CVE-2024-9955: Use after free in Web Authentication * CVE-2024-9956: Inappropriate implementation in Web Authentication * CVE-2024-9957: Use after free in UI * CVE-2024-9958: Inappropriate implementation in PictureInPicture * CVE-2024-9959: Use after free in DevTools * CVE-2024-9960: Use after free in Dawn * CVE-2024-9961: Use after free in Parcel Tracking * CVE-2024-9962: Inappropriate implementation in Permissions * CVE-2024-9963: Insufficient data validation in Downloads * CVE-2024-9964: Inappropriate implementation in Payments * CVE-2024-9965: Insufficient data validation in DevTools * CVE-2024-9966: Inappropriate implementation in Navigations - modified patches: * exclude_ymp.patch update context * chromium-125-compiler.patch update context * chromium-125-lp155-typename.patch drop hunks for rewritten proto_fetcher.h * chromium-127-bindgen.patch update context - added patches: * chromium-130-missing-includes.patch include optional, stack * chromium-130-no-hardware_destructive_interference_size.patch workaround for older libcpp - drop from keeplibs: courgette/third_party dropped upstream - add to keepllibs: third_party/fast_float needed by v8/src/numbers/conversion.cc ------------------------------------------------------------------- Sat Oct 12 10:07:57 UTC 2024 - Andreas Stieger - Chromium 129.0.6668.100 (boo#1231420) * CVE-2024-9602: Type Confusion in V8 * CVE-2024-9603: Type Confusion in V8 ------------------------------------------------------------------- Wed Oct 2 10:54:17 CEST 2024 - ro@suse.de - Chromium 129.0.6668.89 (stable released 2024-09-24) (boo#1231232) * CVE-2024-7025: Integer overflow in Layout * CVE-2024-9369: Insufficient data validation in Mojo * CVE-2024-9370: Inappropriate implementation in V8 ------------------------------------------------------------------- Wed Sep 25 16:01:32 CEST 2024 - ro@suse.de - Chromium 129.0.6668.70 (stable released 2024-09-24) (boo#1230964) * CVE-2024-9120: Use after free in Dawn * CVE-2024-9121: Inappropriate implementation in V8 * CVE-2024-9122: Type Confusion in V8 * CVE-2024-9123: Integer overflow in Skia ------------------------------------------------------------------- Thu Sep 19 15:23:46 CEST 2024 - ro@suse.de - bump BR for nodejs to minimal 20.0 - dropped patches: * chromium-disable-GlobalMediaControlsCastStartStop.patch it was applied at the wrong place and the crash is gone ------------------------------------------------------------------- Wed Sep 18 17:29:16 CEST 2024 - ro@suse.de - Chromium 129.0.6668.58 (stable released 2024-09-17) (boo#1230678) * CVE-2024-8904: Type Confusion in V8 * CVE-2024-8905: Inappropriate implementation in V8 * CVE-2024-8906: Incorrect security UI in Downloads * CVE-2024-8907: Insufficient data validation in Omnibox * CVE-2024-8908: Inappropriate implementation in Autofill * CVE-2024-8909: Inappropriate implementation in UI - modified patches: * chromium-prop-codecs.patch update context - add to keeplibs: third_party/rapidhash - drop from keeplibs: third_party/libudev dropped upstream third_party/catapult/third_party/html5lib-python dropped upstream - add patches: chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch (not in our ffmpeg yet) ------------------------------------------------------------------- Wed Sep 11 12:07:53 CEST 2024 - ro@suse.de - Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391) * CVE-2024-8636: Heap buffer overflow in Skia * CVE-2024-8637: Use after free in Media Router * CVE-2024-8638: Type Confusion in V8 * CVE-2024-8639: Use after free in Autofill ------------------------------------------------------------------- Tue Sep 3 14:42:04 CEST 2024 - ro@suse.de - Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108) * CVE-2024-8362: Use after free in WebAudio * CVE-2024-7970: Out of bounds write in V8 ------------------------------------------------------------------- Thu Aug 29 04:50:54 UTC 2024 - Andreas Stieger - Chromium 128.0.6613.113 (boo#1229897) * CVE-2024-7969: Type Confusion in V8 * CVE-2024-8193: Heap buffer overflow in Skia * CVE-2024-8194: Type Confusion in V8 * CVE-2024-8198: Heap buffer overflow in Skia ------------------------------------------------------------------- Wed Aug 21 21:10:50 UTC 2024 - Andreas Stieger - Chromium 128.0.6613.84 (boo#1229591) * CVE-2024-7964: Use after free in Passwords * CVE-2024-7965: Inappropriate implementation in V8 * CVE-2024-7966: Out of bounds memory access in Skia * CVE-2024-7967: Heap buffer overflow in Fonts * CVE-2024-7968: Use after free in Autofill * CVE-2024-7969: Type Confusion in V8 * CVE-2024-7971: Type confusion in V8 * CVE-2024-7972: Inappropriate implementation in V8 * CVE-2024-7973: Heap buffer overflow in PDFium * CVE-2024-7974: Insufficient data validation in V8 API * CVE-2024-7975: Inappropriate implementation in Permissions * CVE-2024-7976: Inappropriate implementation in FedCM * CVE-2024-7977: Insufficient data validation in Installer * CVE-2024-7978: Insufficient policy enforcement in Data Transfer * CVE-2024-7979: Insufficient data validation in Installer * CVE-2024-7980: Insufficient data validation in Installer * CVE-2024-7981: Inappropriate implementation in Views * CVE-2024-8033: Inappropriate implementation in WebApp Installs * CVE-2024-8034: Inappropriate implementation in Custom Tabs * CVE-2024-8035: Inappropriate implementation in Extensions * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Mon Aug 19 00:24:44 CEST 2024 - ro@suse.de - Chromium 128.0.6613.36 (boo#1229426) - modified patches: * chromium-norar.patch drop most hunks, upstream has a config for this now * gcc-enable-lto.patch update context * chromium-125-compiler.patch update context * chromium-127-constexpr.patch update context - drop patches: (should be obsolete with llvm>17 and libc++) chromium-120-emplace.patch chromium-125-emplace-struct.patch - drop patches: (upstream) * chromium-121-nullptr_t-without-namespace-std.patch * chromium-123-stats-collector.patch * chromium-127-paint-layer-header.patch * chromium-127-ninja-1.21.1-deps-part0.patch * chromium-127-ninja-1.21.1-deps-part1.patch * chromium-127-ninja-1.21.1-deps-part2.patch * chromium-127-ninja-1.21.1-deps-part3.patch - disable rpmlint only for factory/tw where it is broken because of the large archive size of the source here - keeplibs add third_party/devtools-frontend/src/front_end/third_party/ puppeteer/package/lib/esm/third_party/parsel-js third_party/tflite/src/third_party/xla/xla/tsl/framework - buildflags add safe_browsing_use_unrar=false ------------------------------------------------------------------- Thu Aug 15 15:35:42 CEST 2024 - ro@suse.de - Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio ------------------------------------------------------------------- Thu Aug 1 18:40:59 CEST 2024 - ro@suse.de - Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942) * CVE-2024-6988: Use after free in Downloads * CVE-2024-6989: Use after free in Loader * CVE-2024-6991: Use after free in Dawn * CVE-2024-6992: Out of bounds memory access in ANGLE * CVE-2024-6993: Inappropriate implementation in Canvas * CVE-2024-6994: Heap buffer overflow in Layout * CVE-2024-6995: Inappropriate implementation in Fullscreen * CVE-2024-6996: Race in Frames * CVE-2024-6997: Use after free in Tabs * CVE-2024-6998: Use after free in User Education * CVE-2024-6999: Inappropriate implementation in FedCM * CVE-2024-7000: Use after free in CSS. Reported by Anonymous * CVE-2024-7001: Inappropriate implementation in HTML * CVE-2024-7003: Inappropriate implementation in FedCM * CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing * CVE-2024-6990: Uninitialized Use in Dawn * CVE-2024-7255: Out of bounds read in WebTransport * CVE-2024-7256: Insufficient data validation in Dawn - drop patches: * chromium-115-compiler-SkColor4f.patch only for llvm < 16 * chromium-117-system-zstd.patch upstreamed * chromium-122-workaround_clang_bug-structured_binding.patch * chromium-125-tabstrip-include.patch upstreamed * chromium-126-missing-header-files.patch * chromium-126-RealTimeReportingBindings-missing-decl.patch upstreamed * chromium-126-no_matching_constructor.patch * chromium-126-no-format.patch upstreamed - switch from libstdc++ to libc++ - drop patches obsolete when using libc++ * chromium-126-debian-bad-font-gc00000.patch * chromium-126-debian-bad-font-gc2.patch * chromium-126-debian-bad-font-gc1.patch * chromium-126-debian-bad-font-gc00.patch * chromium-126-debian-bad-font-gc000.patch * chromium-126-debian-bad-font-gc11.patch * chromium-126-debian-bad-font-gc0.patch * chromium-126-debian-bad-font-gc0000.patch * chromium-126-debian-bad-font-gc3.patch - modify patches: * chromium-125-lp155-typename.patch - drop hunk in model_execution_util.h - drop hunk in model_quality_log_entry.h - dropping from keeplibs: (does not exist) base/third_party/valgrind third_party/maldoca third_party/maldoca/src/third_party - requires updated gn to build (newer than Feb 14 2024) - add patches: * chromium-127-bindgen.patch (from debian/patches/fixes)) * chromium-127-rust-clanglib.patch (just first hunk from fedora) * chromium-127-clang17-traitors.patch workaround for clang < 18 from debiana (only used on 15.6) * chromium-127-constexpr.patch (from debian/patches/bookworm) * chromium-127-paint-layer-header.patch (from debian/patches/upstream) * chromium-127-ninja-1.21.1-deps-part0.patch (from fedora) * chromium-127-ninja-1.21.1-deps-part1.patch (from fedora) * chromium-127-ninja-1.21.1-deps-part2.patch (from fedora) * chromium-127-ninja-1.21.1-deps-part3.patch (from fedora) - buildrequire rust-bindgen to get proper binaries per arch - use qt5 for factory as well, qt6 fails with: ld.lld: error: undefined symbol: QByteArray::toStdString() const referenced by qt_shim.cc obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const) - drop patches: * chromium-125-debian-bad-font-gc11.patch * chromium-125-debian-bad-font-gc0000.patch * chromium-125-debian-bad-font-gc00.patch * chromium-125-debian-bad-font-gc0.patch * chromium-125-debian-bad-font-gc000.patch * chromium-125-debian-bad-font-gc1.patch ------------------------------------------------------------------- Wed Jul 17 16:11:41 UTC 2024 - Andreas Stieger - Chromium 126.0.6478.182 (boo#1227979) * CVE-2024-6772: Inappropriate implementation in V8 * CVE-2024-6773: Type Confusion in V8 * CVE-2024-6774: Use after free in Screen Capture * CVE-2024-6775: Use after free in Media Stream * CVE-2024-6776: Use after free in Audio * CVE-2024-6777: Use after free in Navigation * CVE-2024-6778: Race in DevTools * CVE-2024-6779: Out of bounds memory access in V8 ------------------------------------------------------------------- Tue Jul 9 10:09:56 UTC 2024 - Callum Farmer - Finalize 126 - Removed patches: * chromium-125-debian-bad-font-gc2.patch * chromium-125-debian-bad-font-gc3.patch - Added patches: * chromium-126-RealTimeReportingBindings-missing-decl.patch * chromium-126-no-format.patch ------------------------------------------------------------------- Mon Jul 1 14:09:50 UTC 2024 - Andreas Stieger - Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933) * CVE-2024-6290: Use after free in Dawn * CVE-2024-6291: Use after free in Swiftshader * CVE-2024-6292: Use after free in Dawn * CVE-2024-6293: Use after free in Dawn * CVE-2024-6100: Type Confusion in V8 * CVE-2024-6101: Inappropriate implementation in WebAssembly * CVE-2024-6102: Out of bounds memory access in Dawn * CVE-2024-6103: Use after free in Dawn * CVE-2024-5830: Type Confusion in V8 * CVE-2024-5831: Use after free in Dawn * CVE-2024-5832: Use after free in Dawn * CVE-2024-5833: Type Confusion in V8 * CVE-2024-5834: Inappropriate implementation in Dawn * CVE-2024-5835: Heap buffer overflow in Tab Groups * CVE-2024-5836: Inappropriate Implementation in DevTools * CVE-2024-5837: Type Confusion in V8 * CVE-2024-5838: Type Confusion in V8 * CVE-2024-5839: Inappropriate Implementation in Memory Allocator * CVE-2024-5840: Policy Bypass in CORS * CVE-2024-5841: Use after free in V8 * CVE-2024-5842: Use after free in Browser UI * CVE-2024-5843: Inappropriate implementation in Downloads * CVE-2024-5844: Heap buffer overflow in Tab Strip * CVE-2024-5845: Use after free in Audio * CVE-2024-5846: Use after free in PDFium * CVE-2024-5847: Use after free in PDFium - drop patches: * chromium-disable-parallel-gold.patch * chromium-125-appservice-include.patch * chromium-125-lens-include.patch * chromium-125-mojo-bindings-include.patch * chromium-125-no-vector-consts.patch * chromium-125-vulkan-include.patch * chromium-125-ninja.patch * chromium-125-no_matching_constructor.patch * chromium-125-missing-header-files.patch - add patches: * chromium-126-missing-header-files.patch * chromium-126-quiche-interator.patch * chromium-126-no_matching_constructor.patch ------------------------------------------------------------------- Wed Jun 12 13:00:59 UTC 2024 - Callum Farmer - Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (bsc#1226170) ------------------------------------------------------------------- Fri May 31 07:29:22 UTC 2024 - Andreas Stieger - Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API ------------------------------------------------------------------- Fri May 24 04:24:22 UTC 2024 - Andreas Stieger - Chromium 125.0.6422.112 * CVE-2024-5274: Type Confusion in V8 (boo#1225199) ------------------------------------------------------------------- Tue May 21 20:47:44 UTC 2024 - Andreas Stieger - Chromium 125.0.6422.76 (boo#1224818) * CVE-2024-5157: Use after free in Scheduling * CVE-2024-5158: Type Confusion in V8 * CVE-2024-5159: Heap buffer overflow in ANGLE * CVE-2024-5160: Heap buffer overflow in Dawn * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Thu May 16 16:57:33 CEST 2024 - ro@suse.de - Chromium 125.0.6422.60 (boo#1224341) * CVE-2024-4947: Type Confusion in V8 * CVE-2024-4948: Use after free in Dawn * CVE-2024-4949: Use after free in V8 * CVE-2024-4950: Inappropriate implementation in Downloads - Chromium 125.0.6422.41 * New upstream (early) stable release. - drop upstreamed patches: * chromium-124-uint-includes.patch * chromium-124-fps-optional.patch * chromium-124-span-optional.patch * chromium-124-extractor-bitset.patch * chromium-124-atomic.patch * chromium-124-webgpu-optional.patch * chromium-124-angle-powf.patch - add debian upstream patches added for 125: * chromium-125-appservice-include.patch * chromium-125-lens-include.patch * chromium-125-mojo-bindings-include.patch * chromium-125-no-vector-consts.patch * chromium-125-vulkan-include.patch * chromium-125-tabstrip-include.patch * chromium-125-ninja.patch - add debian fixes patches to fix font gc crashes: * chromium-125-debian-bad-font-gc0000.patch * chromium-125-debian-bad-font-gc000.patch * chromium-125-debian-bad-font-gc00.patch * chromium-125-debian-bad-font-gc0.patch * chromium-125-debian-bad-font-gc11.patch * chromium-125-debian-bad-font-gc1.patch * chromium-125-debian-bad-font-gc2.patch * chromium-125-debian-bad-font-gc3.patch - add from fedora (reverse applied for older ffmpeg): * chromium-125-ffmpeg-5.x-reordered_opaque.patch - re-diff and rename: * from chromium-110-compiler.patch to chromium-125-compiler.patch * from chromium-120-emplace-struct.patch to chromium-125-emplace-struct.patch * from chromium-disable-FFmpegAllowLists.patch to chromium-125-disable-FFmpegAllowLists.patch * from chromium-122-missing-header-files.patch to chromium-125-missing-header-files.patch * from chromium-122-no_matching_constructor.patch to chromium-125-no_matching_constructor.patch * from chromium-122-lp155-typename.patch to chromium-125-lp155-typename.patch - third_party/zstd added to keeplibs for third_party/blink/renderer/platform:platform - third_party/tflite/src/third_party/xla/xla/tsl/util added to keeplibs for third_party/tflite/tflite - third_party/lens_server_proto added to keeplibs for gen/third_party/lens_server_proto ------------------------------------------------------------------- Tue May 14 05:03:09 UTC 2024 - Andreas Stieger - Chromium 124.0.6367.207 (boo#1224294) * CVE-2024-4761: Out of bounds write in V8 ------------------------------------------------------------------- Fri May 10 12:16:29 UTC 2024 - Andreas Stieger - Chromium 124.0.6367.201 (boo#1224208) * CVE-2024-4671: Use after free in Visuals - Chromium 124.0.6367.155 (boo#1224045) * CVE-2024-4558: Use after free in ANGLE * CVE-2024-4559: Heap buffer overflow in WebAudio ------------------------------------------------------------------- Fri May 3 11:10:19 CEST 2024 - ro@suse.de - drop patches: * chromium-123-WebUI-static_assert.patch ------------------------------------------------------------------- Thu May 2 19:41:37 UTC 2024 - Andreas Stieger - Chromium 124.0.6367.118 (boo#1223846) * CVE-2024-4331: Use after free in Picture In Picture * CVE-2024-4368: Use after free in Dawn ------------------------------------------------------------------- Wed May 1 11:29:39 UTC 2024 - Callum Farmer - Add patches: * chromium-123-missing-QtGui.patch - Restore libxml 2.12 check for chromium-124-system-libxml.patch which replaced chromium-121-blink-libxml-const.patch ------------------------------------------------------------------- Fri Apr 26 14:56:40 CEST 2024 - ro@suse.de - Chromium 124.0.6367.78 (boo#1223845) * CVE-2024-4058: Type Confusion in ANGLE * CVE-2024-4059: Out of bounds read in V8 API * CVE-2024-4060: Use after free in Dawn ------------------------------------------------------------------- Wed Apr 17 17:38:12 CEST 2024 - ro@suse.de - Chromium 124.0.6367.60 (boo#1222958) * CVE-2024-3832: Object corruption in V8. * CVE-2024-3833: Object corruption in WebAssembly. * CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang * CVE-2024-3837: Use after free in QUIC. * CVE-2024-3838: Inappropriate implementation in Autofill. * CVE-2024-3839: Out of bounds read in Fonts. * CVE-2024-3840: Insufficient policy enforcement in Site Isolation. * CVE-2024-3841: Insufficient data validation in Browser Switcher. * CVE-2024-3843: Insufficient data validation in Downloads. * CVE-2024-3844: Inappropriate implementation in Extensions. * CVE-2024-3845: Inappropriate implementation in Network. * CVE-2024-3846: Inappropriate implementation in Prompts. * CVE-2024-3847: Insufficient policy enforcement in WebUI. - drop patches: * chromium-123-optional2.patch * chromium-122-avoid-SFINAE-TypeConverter.patch * chromium-123-PA-InternalAllocator.patch - rediff patches: * chromium-110-compiler.patch * chromium-120-emplace.patch * chromium-122-no_matching_constructor.patch * chromium-122-lp155-typename.patch - add patches: from debian/fixes * chromium-123-stats-collector.patch - add patches: from debian/upstream * chromium-124-angle-powf.patch * chromium-124-atomic.patch * chromium-124-extractor-bitset.patch * chromium-124-fps-optional.patch * chromium-124-span-optional.patch * chromium-124-uint-includes.patch * chromium-124-webgpu-optional.patch - add patches: * chromium-123-WebUI-static_assert.patch workaround for compile issue in webui_contents_wrapper.h * chromium-124-system-libxml.patch (from fedora) ------------------------------------------------------------------- Sun Apr 14 11:06:41 UTC 2024 - Andreas Stieger - Chromium 123.0.6312.122 (boo#1222707) * CVE-2024-3157: Out of bounds write in Compositing * CVE-2024-3516: Heap buffer overflow in ANGLE * CVE-2024-3515: Use after free in Dawn - Chromium 123.0.6312.105 (boo#1222260) * CVE-2024-3156: Inappropriate implementation in V8 * CVE-2024-3158: Use after free in Bookmarks * CVE-2024-3159: Out of bounds memory access in V8 - Chromium 123.0.6312.86 (boo#1222035) * CVE-2024-2883: Use after free in ANGLE * CVE-2024-2885: Use after free in Dawn * CVE-2024-2886: Use after free in WebCodecs * CVE-2024-2887: Type Confusion in WebAssembly - Chromium 123.0.6312.58 (boo#1221732) * CVE-2024-2625: Object lifecycle issue in V8 * CVE-2024-2626: Out of bounds read in Swiftshader * CVE-2024-2627: Use after free in Canvas * CVE-2024-2628: Inappropriate implementation in Downloads - drop patches: * chromium-117-blink-BUILD-mnemonic.patch * chromium-121-blink-libxml-const.patch * chromium-122-BookmarkNode-missing-operator.patch * chromium-122-WebUI-static_assert.patch * chromium-122-PA-undo-internal-alloc.patch ------------------------------------------------------------------- Mon Mar 18 13:13:01 UTC 2024 - Callum Farmer - Use Python 3.11 on Leap - Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch to chromium-122-WebUI-static_assert.patch - Rename chromium-122-disable-FFmpegAllowLists.patch to chromium-disable-FFmpegAllowLists.patch - Rename chromium-122-static-assert.patch to chromium-122-BookmarkNode-missing-operator.patch - Rename chromium-122-undo-internal-alloc.patch to chromium-122-PA-undo-internal-alloc.patch - Rename chromium-122-typename.patch to chromium-122-lp155-typename.patch - Removed patches: * chromium-121-v8-c++20-p1.patch * chromium-121-v8-c++20.patch * chromium-122-unique_ptr.patch * chromium-122-python3-assignment-expressions.patch * chromium-122-el8-support-64kpage.patch * chromium-122-el7-inline-function.patch * chromium-122-el7-extra-operator.patch * chromium-122-el7-default-constructor-involving-anonymous-union.patch * chromium-122-constexpr.patch * chromium-122-clang-build-flags.patch * chromium-122-clang16-disable-auto-upgrade-debug-info.patch * chromium-122-clang16-buildflags.patch * chromium-122-arm64-memory_tagging.patch * chromium-121-el7-clang-version-warning.patch * chromium-116-lp155-url_load_stats-size-t.patch * chromium-icu72-2.patch * chromium-122-debian-upstream-mojo.patch - Patches merged into other patches: * chromium-122-debian-upstream-bitset.patch * chromium-122-debian-upstream-optional.patch * chromium-122-debian-upstream-uniqptr.patch * chromium-122-debian-fixes-optional.patch * chromium-122-norar.patch - Restore time clamper change to chromium-122-missing-header-files.patch - Fix missing/invalid casting in chromium-122-no_matching_constructor.patch ------------------------------------------------------------------- Wed Mar 13 05:35:05 UTC 2024 - Andreas Stieger - Chromium 122.0.6261.128 (boo#1221335) * CVE-2024-2400: Use after free in Performance Manager ------------------------------------------------------------------- Fri Mar 8 16:14:39 CET 2024 - ro@suse.de - Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105) * New upstream security release. * CVE-2024-2173: Out of bounds memory access in V8. * CVE-2024-2174: Inappropriate implementation in V8. * CVE-2024-2176: Use after free in FedCM. - Chromium 122.0.6261.94 * CVE-2024-1669: Out of bounds memory access in Blink. * CVE-2024-1670: Use after free in Mojo. * CVE-2024-1671: Inappropriate implementation in Site Isolation. * CVE-2024-1672: Inappropriate implementation in Content Security Policy. * CVE-2024-1673: Use after free in Accessibility. * CVE-2024-1674: Inappropriate implementation in Navigation. * CVE-2024-1675: Insufficient policy enforcement in Download. * CVE-2024-1676: Inappropriate implementation in Navigation. * Type Confusion in V8 * rediff chromium-disable-GlobalMediaControlsCastStartStop.patch * drop chromium-114-lld-argument.patch replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch * drop chromium-121-no_matching_constructor.patch replaced by chromium-122-no_matching_constructor.patch * drop chromium-113-webview-namespace.patch (obsolete) * reduce chromium-norar.patch by the hunks in chromium-122-norar.patch * drop chromium-114-revert-av1enc-lp154.patch replaced by chromium-122-revert-av1enc-el9.patch * drop chromium-115-lp155-typename.patch chromium-116-lp155-typenames.patch chromium-117-lp155-typename.patch chromium-120-lp155-typename.patch replaced by chromium-122-typename.patch * drop chromium-121-missing-header-files.patch replaced by chromium-122-missing-header-files.patch * drop chromium-121-workaround_clang_bug-structured_binding.patch replaced by chromium-122-workaround_clang_bug-structured_binding.patch * drop chromium-121-no_matching_constructor.patch replaced by chromium-122-no_matching_constructor.patch * drop chromium-121-python3-invalid-escape-sequence.patch (upstream) * drop chromium-disable-FFmpegAllowLists.patch replaced by chromium-122-disable-FFmpegAllowLists.patch * drop chromium-121-avoid-SFINAE-TypeConverter.patch replaced by chromium-122-avoid-SFINAE-TypeConverter.patch * add buildrequires for rust * add patches from fedora package for 121 and 122 * chromium-121-el7-clang-version-warning.patch * chromium-121-v8-c++20-p1.patch * chromium-121-v8-c++20.patch * chromium-122-arm64-memory_tagging.patch * chromium-122-clang16-buildflags.patch * chromium-122-clang16-disable-auto-upgrade-debug-info.patch * chromium-122-clang-build-flags.patch * chromium-122-constexpr.patch * chromium-122-disable-FFmpegAllowLists.patch * chromium-122-el7-default-constructor-involving-anonymous-union.patch * chromium-122-el7-extra-operator.patch * chromium-122-el7-inline-function.patch * chromium-122-el8-support-64kpage.patch * chromium-122-missing-header-files.patch * chromium-122-no_matching_constructor.patch * chromium-122-norar.patch * chromium-122-python3-assignment-expressions.patch * chromium-122-revert-av1enc-el9.patch * chromium-122-static-assert.patch * chromium-122-typename.patch * chromium-122-unique_ptr.patch * chromium-122-workaround_clang_bug-structured_binding.patch * from debian add * chromium-122-undo-internal-alloc.patch * chromium-122-debian-upstream-bitset.patch * chromium-122-debian-upstream-mojo.patch * chromium-122-debian-upstream-optional.patch * chromium-122-debian-upstream-uniqptr.patch * chromium-122-debian-fixes-optional.patch * added compile fix needed on code15 chromium-122-skip_bubble_contents_wrapper_static_assert.patch to prevent "static assertion expression is not an integral constant expression" "in call to 'operator+(&"."[0], ShoppingInsightsSidePanelUI::GetWebUIName())'" in bubble_contents_wrapper.h:153 - replace Cr121-ffmpeg-new-channel-layout.patch by Cr122-ffmpeg-new-channel-layout.patch (rediff against 122) - drop chromium-121-system-old-ffmpeg.patch ------------------------------------------------------------------- Fri Mar 8 13:16:51 UTC 2024 - Callum Farmer - Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg changes so that FFmpeg 4 will work on Leap - Prepare for libxml 2.12 ------------------------------------------------------------------- Sat Mar 2 12:39:17 UTC 2024 - Callum Farmer - Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661) * CVE-2024-1284: Use after free in Mojo * CVE-2024-1283: Heap buffer overflow in Skia * CVE-2024-1060: Use after free in Canvas * CVE-2024-1059: Use after free in WebRTC * CVE-2024-1077: Use after free in Network * CVE-2024-0807: Use after free in WebAudio * CVE-2024-0812: Inappropriate implementation in Accessibility * CVE-2024-0808: Integer underflow in WebUI * CVE-2024-0810: Insufficient policy enforcement in DevTools * CVE-2024-0814: Incorrect security UI in Payments * CVE-2024-0813: Use after free in Reading Mode * CVE-2024-0806: Use after free in Passwords * CVE-2024-0805: Inappropriate implementation in Downloads * CVE-2024-0804: Insufficient policy enforcement in iOS Security UI * CVE-2024-0811: Inappropriate implementation in Extensions API * CVE-2024-0809: Inappropriate implementation in Autofill - Removed patches: * chromium-117-includes.patch * chromium-118-includes.patch * chromium-119-dont-redefine-ATSPI-version-macros.patch * chromium-120-missing-header-files.patch * chromium-120-no_matching_constructor.patch * chromium-120-nullptr_t-without-namespace-std.patch * chromium-120-workaround_clang_bug-structured_binding.patch * gcc13-fix.patch * chromium-113-webauth-include-variant.patch * chromium-110-system-libffi.patch - Added patches: * chromium-121-no_matching_constructor.patch * chromium-121-nullptr_t-without-namespace-std.patch * chromium-121-workaround_clang_bug-structured_binding.patch * chromium-121-missing-header-files.patch * chromium-121-rust-clang_lib.patch * chromium-121-python3-invalid-escape-sequence.patch * chromium-121-rust-clang_lib.patch * chromium-121-avoid-SFINAE-TypeConverter.patch * chromium-121-blink-libxml-const.patch - Add patch chromium-disable-FFmpegAllowLists.patch: disable codec checker this will always fail (bsc#1219070) ------------------------------------------------------------------- Wed Jan 17 08:54:07 UTC 2024 - Andreas Stieger - Chromium 120.0.6099.224 (boo#1218892) * CVE-2024-0517: Out of bounds write in V8 * CVE-2024-0518: Type Confusion in V8 * CVE-2024-0519: Out of bounds memory access in V8 * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Sun Jan 14 10:07:12 UTC 2024 - Callum Farmer - Replace chromium-120-lp155-revert-clang-build-failure.patch with chromium-120-make_unique-struct.patch - which avoids reverting changes and instead provides a stub constructor to fix build on Leap ------------------------------------------------------------------- Sat Jan 13 08:29:26 UTC 2024 - Andreas Stieger - Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302, boo#1218533, boo#1218719) * CVE-2024-0333: Insufficient data validation in Extensions * CVE-2024-0222: Use after free in ANGLE * CVE-2024-0223: Heap buffer overflow in ANGLE * CVE-2024-0224: Use after free in WebAudio * CVE-2024-0225: Use after free in WebGPU * CVE-2023-7024: Heap buffer overflow in WebRTC * CVE-2023-6702: Type Confusion in V8 * CVE-2023-6703: Use after free in Blink * CVE-2023-6704: Use after free in libavif (boo#1218303) * CVE-2023-6705: Use after free in WebRTC * CVE-2023-6706: Use after free in FedCM * CVE-2023-6707: Use after free in CSS * CVE-2023-6508: Use after free in Media Stream * CVE-2023-6509: Use after free in Side Panel Search * CVE-2023-6510: Use after free in Media Capture * CVE-2023-6511: Inappropriate implementation in Autofill * CVE-2023-6512: Inappropriate implementation in Web Browser UI - drop patches: * chromium-system-libusb.patch * chromium-119-nullptr_t-without-namespace-std.patch * chromium-119-no_matching_constructor.patch * chromium-117-workaround_clang_bug-structured_binding.patch - add patches: * chromium-120-nullptr_t-without-namespace-std.patch * chromium-120-emplace.patch * chromium-120-lp155-typename.patch * chromium-120-no_matching_constructor.patch * chromium-120-missing-header-files.patch * chromium-120-emplace-struct.patch * chromium-120-workaround_clang_bug-structured_binding.patch - add patches for Leap that revert braking changes: * chromium-120-lp155-revert-clang-build-failure.patch ------------------------------------------------------------------- Wed Nov 29 06:26:02 UTC 2023 - Andreas Stieger - Chromium 119.0.6045.199 (boo#1217616) * CVE-2023-6348: Type Confusion in Spellcheck * CVE-2023-6347: Use after free in Mojo * CVE-2023-6346: Use after free in WebAudio * CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614) * CVE-2023-6351: Use after free in libavif (boo#1217615) * CVE-2023-6345: Integer overflow in Skia * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Wed Nov 15 06:18:42 UTC 2023 - Andreas Stieger - Chromium 119.0.6045.159 (boo#1217142) * CVE-2023-5997: Use after free in Garbage Collection * CVE-2023-6112: Use after free in Navigation * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Fri Nov 10 18:50:48 UTC 2023 - Andreas Stieger - Chromium 119.0.6045.123 (boo#1216978) * CVE-2023-5996: Use after free in WebAudio - Chromium 119.0.6045.105 (boo#1216783) * CVE-2023-5480: Inappropriate implementation in Payments * CVE-2023-5482: Insufficient data validation in USB * CVE-2023-5849: Integer overflow in USB * CVE-2023-5850: Incorrect security UI in Downloads * CVE-2023-5851: Inappropriate implementation in Downloads * CVE-2023-5852: Use after free in Printing * CVE-2023-5853: Incorrect security UI in Downloads * CVE-2023-5854: Use after free in Profiles * CVE-2023-5855: Use after free in Reading Mode * CVE-2023-5856: Use after free in Side Panel * CVE-2023-5857: Inappropriate implementation in Downloads * CVE-2023-5858: Inappropriate implementation in WebApp Provider * CVE-2023-5859: Incorrect security UI in Picture In Picture - dropped patches: * chromium-98-gtk4-build.patch * chromium-118-system-freetype.patch * chromium-118-no_matching_constructor.patch - added patches: * chromium-119-no_matching_constructor.patch * chromium-119-dont-redefine-ATSPI-version-macros.patch * chromium-119-nullptr_t-without-namespace-std.patch * chromium-119-assert.patch ------------------------------------------------------------------- Tue Oct 24 21:20:15 UTC 2023 - Andreas Stieger - Chromium 118.0.5993.117 (boo#1216549) * CVE-2023-5472: Use after free in Profiles * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Wed Oct 18 20:39:57 UTC 2023 - Andreas Stieger - Chromium 118.0.5993.88: * unspecified security fix (boo#1216392) ------------------------------------------------------------------- Wed Oct 11 18:56:28 UTC 2023 - Andreas Stieger - refresh chromium-117-emplace_back_on_vector-c++20.patch and chromium-117-lp155-constructors.patch to chromium-118-no_matching_constructor.patch ------------------------------------------------------------------- Tue Oct 10 20:18:54 UTC 2023 - Andreas Stieger - Chromium 118.0.5993.70 (boo#1216111) * CVE-2023-5218: Use after free in Site Isolation * CVE-2023-5487: Inappropriate implementation in Fullscreen * CVE-2023-5484: Inappropriate implementation in Navigation * CVE-2023-5475: Inappropriate implementation in DevTools * CVE-2023-5483: Inappropriate implementation in Intents * CVE-2023-5481: Inappropriate implementation in Downloads * CVE-2023-5476: Use after free in Blink History * CVE-2023-5474: Heap buffer overflow in PDF * CVE-2023-5479: Inappropriate implementation in Extensions API * CVE-2023-5485: Inappropriate implementation in Autofill * CVE-2023-5478: Inappropriate implementation in Autofill * CVE-2023-5477: Inappropriate implementation in Installer * CVE-2023-5486: Inappropriate implementation in Input * CVE-2023-5473: Use after free in Cast - Build with system freetype (again), and zstd - add patches: * chromium-118-system-freetype.patch * chromium-117-system-zstd.patch ------------------------------------------------------------------- Sat Oct 7 15:32:52 UTC 2023 - Andreas Stieger - Chromium 118.0.5993.54 - add patches: * chromium-118-includes.patch ------------------------------------------------------------------- Wed Oct 4 05:22:08 UTC 2023 - Andreas Stieger - Chromium 117.0.5938.149: * CVE-2023-5346: Type Confusion in V8 (boo#1215924) ------------------------------------------------------------------- Wed Sep 27 21:39:34 UTC 2023 - Andreas Stieger - Chromium 117.0.5938.132 (boo#1215776): * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778) * CVE-2023-5186: Use after free in Passwords * CVE-2023-5187: Use after free in Extensions ------------------------------------------------------------------- Fri Sep 22 06:27:24 UTC 2023 - Andreas Stieger - Chromium 117.0.5938.92: * stability improvements ------------------------------------------------------------------- Wed Sep 20 13:59:22 UTC 2023 - Andreas Stieger - Add explicit build dependency on libepoxy for Tumbleweed ------------------------------------------------------------------- Sun Sep 17 11:47:10 UTC 2023 - Andreas Stieger - Chromium 117.0.5938.88 (boo#1215279) * CVE-2023-4900: Inappropriate implementation in Custom Tabs * CVE-2023-4901: Inappropriate implementation in Prompts * CVE-2023-4902: Inappropriate implementation in Input * CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs * CVE-2023-4904: Insufficient policy enforcement in Downloads * CVE-2023-4905: Inappropriate implementation in Prompts * CVE-2023-4906: Insufficient policy enforcement in Autofill * CVE-2023-4907: Inappropriate implementation in Intents * CVE-2023-4908: Inappropriate implementation in Picture in Picture * CVE-2023-4909: Inappropriate implementation in Interstitials - drop patches: * chromium-100-InMilliseconds-constexpr.patch * chromium-115-Qt-moc-version.patch * chromium-116-profile-view-utils-vector-include.patch * chromium-116-blink-variant-include.patch * chromium-116-abseil-limits-include.patch * chromium-116-lp155-constuctors.patch * chromium-115-workaround_clang_bug-structured_binding.patch * chromium-115-emplace_back_on_vector-c++20.patch - add patches: * chromium-117-blink-BUILD-mnemonic.patch * chromium-117-includes.patch * chromium-117-lp155-constructors.patch * chromium-117-string-convert.patch * chromium-117-lp155-typename.patch * chromium-117-workaround_clang_bug-structured_binding.patch * chromium-117-emplace_back_on_vector-c++20.patch ------------------------------------------------------------------- Wed Sep 13 20:04:46 UTC 2023 - Andreas Stieger - CVE-2023-4863: build with the bundled library on Leap (boo#1215231) ------------------------------------------------------------------- Tue Sep 12 06:18:00 UTC 2023 - Andreas Stieger - Chromium 116.0.5845.187 (boo#1215231): * CVE-2023-4863: Heap buffer overflow in WebP ------------------------------------------------------------------- Wed Sep 6 05:08:13 UTC 2023 - Andreas Stieger - Chromium 116.0.5845.179 (boo#1215023): * CVE-2023-4761: Out of bounds memory access in FedCM * CVE-2023-4762: Type Confusion in V8 * CVE-2023-4763: Use after free in Networks * CVE-2023-4764: Incorrect security UI in BFCache ------------------------------------------------------------------- Wed Aug 30 00:57:21 UTC 2023 - Andreas Stieger - Chromium 116.0.5845.140 (boo#1214758): * CVE-2023-4572: Use after free in MediaStream ------------------------------------------------------------------- Wed Aug 23 06:09:03 UTC 2023 - Andreas Stieger - Chromium 116.0.5845.110 (boo#1214487): * CVE-2023-4427: Out of bounds memory access in V8 * CVE-2023-4428: Out of bounds memory access in CSS * CVE-2023-4429: Use after free in Loader * CVE-2023-4430: Use after free in Vulkan * CVE-2023-4431: Out of bounds memory access in Fonts ------------------------------------------------------------------- Mon Aug 14 19:17:09 UTC 2023 - Andreas Stieger - Chromium 116.0.5845.96 * New CSS features: Motion Path, and "display" and "content-visibility" animations * Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info API, and RP Context API, Non-composed Mouse and Pointer enter/leave events, Remove document.open sandbox inheritance, Report Critical-CH caused restart in NavigationTiming - fix a number of security issues (boo#1214301): * CVE-2023-2312: Use after free in Offline * CVE-2023-4349: Use after free in Device Trust Connectors * CVE-2023-4350: Inappropriate implementation in Fullscreen * CVE-2023-4351: Use after free in Network * CVE-2023-4352: Type Confusion in V8 * CVE-2023-4353: Heap buffer overflow in ANGLE * CVE-2023-4354: Heap buffer overflow in Skia * CVE-2023-4355: Out of bounds memory access in V8 * CVE-2023-4356: Use after free in Audio * CVE-2023-4357: Insufficient validation of untrusted input in XML * CVE-2023-4358: Use after free in DNS * CVE-2023-4359: Inappropriate implementation in App Launcher * CVE-2023-4360: Inappropriate implementation in Color * CVE-2023-4361: Inappropriate implementation in Autofill * CVE-2023-4362: Heap buffer overflow in Mojom IDL * CVE-2023-4363: Inappropriate implementation in WebShare * CVE-2023-4364: Inappropriate implementation in Permission Prompts * CVE-2023-4365: Inappropriate implementation in Fullscreen * CVE-2023-4366: Use after free in Extensions * CVE-2023-4367: Insufficient policy enforcement in Extensions API * CVE-2023-4368: Insufficient policy enforcement in Extensions API - drop patches: * chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch * chromium-115-verify_name_match-include.patch * chromium-86-fix-vaapi-on-intel.patch * chromium-115-skia-include.patch * chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch - add patches: * chromium-116-profile-view-utils-vector-include.patch * chromium-116-blink-variant-include.patch * chromium-116-lp155-url_load_stats-size-t.patch * chromium-116-abseil-limits-include.patch * chromium-116-lp155-typenames.patch * chromium-116-lp155-constuctors.patch - Build with bundled re2 on Leap ------------------------------------------------------------------- Wed Aug 9 17:24:31 UTC 2023 - Andreas Stieger - Fix crash with extensions (boo#1214003) chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch ------------------------------------------------------------------- Thu Aug 3 06:00:39 UTC 2023 - Andreas Stieger - Chromium 115.0.5790.170 (boo#1213920) * CVE-2023-4068: Type Confusion in V8 * CVE-2023-4069: Type Confusion in V8 * CVE-2023-4070: Type Confusion in V8 * CVE-2023-4071: Heap buffer overflow in Visuals * CVE-2023-4072: Out of bounds read and write in WebGL * CVE-2023-4073: Out of bounds memory access in ANGLE * CVE-2023-4074: Use after free in Blink Task Scheduling * CVE-2023-4075: Use after free in Cast * CVE-2023-4076: Use after free in WebRTC * CVE-2023-4077: Insufficient data validation in Extensions * CVE-2023-4078: Inappropriate implementation in Extensions ------------------------------------------------------------------- Fri Jul 28 22:01:46 UTC 2023 - Andreas Stieger - Specify re2 build dependency in a way that makes Leap packages build in devel project and in Maintenance ------------------------------------------------------------------- Sun Jul 23 11:55:15 UTC 2023 - Andreas Stieger - Chromium 115.0.5790.102: * stability fix - Add build fixes on Leap: * chromium-115-emplace_back_on_vector-c++20.patch * chromium-115-compiler-SkColor4f.patch * chromium-115-workaround_clang_bug-structured_binding.patch * chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch - adjust chromium-115-lp155-typename.patch - drop chromium-114-workaround_clang_bug-structured_binding.patch ------------------------------------------------------------------- Wed Jul 19 09:23:32 UTC 2023 - Andreas Stieger - Chromium 115.0.5790.98 * Security: The Storage, Service Worker, and Communication APIs are now partitioned in third-party contexts to prevent certain types of side-channel cross-site tracking * HTTPS: Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP. * CSS: accept multiple values of the display property * CSS: support boolean context style container queries * CSS: support scroll-driven animations * Increase the maximum size of a WebAssembly.Module() on the main thread to 8 MB * FedCM: Support credential management mediation requirements for auto re-authentication * Deprecate the document.domain setter * Deprecate mutation events * Security fixes (boo#1213462): CVE-2023-3727: Use after free in WebRTC CVE-2023-3728: Use after free in WebRTC CVE-2023-3730: Use after free in Tab Groups CVE-2023-3732: Out of bounds memory access in Mojo CVE-2023-3733: Inappropriate implementation in WebApp Installs CVE-2023-3734: Inappropriate implementation in Picture In Picture CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts CVE-2023-3736: Inappropriate implementation in Custom Tabs CVE-2023-3737: Inappropriate implementation in Notifications CVE-2023-3738: Inappropriate implementation in Autofill CVE-2023-3740: Insufficient validation of untrusted input in Themes Various fixes from internal audits, fuzzing and other initiatives - drop chromium-113-typename.patch - add chromium-115-skia-include.patch - add chromium-115-verify_name_match-include.patch - add chromium-115-lp155-typename.patch - Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without built-in copy of shim ------------------------------------------------------------------- Tue Jun 27 07:39:29 UTC 2023 - Andreas Stieger - Chromium 114.0.5735.198 (boo#1212755): * CVE-2023-3420: Type Confusion in V8 * CVE-2023-3421: Use after free in Media * CVE-2023-3422: Use after free in Guest View ------------------------------------------------------------------- Sun Jun 25 09:54:37 UTC 2023 - Callum Farmer - Install Qt5 library & prepare for Qt6 in 115 ------------------------------------------------------------------- Wed Jun 14 05:23:16 UTC 2023 - Andreas Stieger - Chromium 114.0.5735.133 (boo#1212302): * CVE-2023-3214: Use after free in Autofill payments * CVE-2023-3215: Use after free in WebRTC * CVE-2023-3216: Type Confusion in V8 * CVE-2023-3217: Use after free in WebXR * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Wed Jun 7 18:13:06 UTC 2023 - Andreas Stieger - Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch ------------------------------------------------------------------- Tue Jun 6 05:34:13 UTC 2023 - Andreas Stieger - Chromium 114.0.5735.106 (boo#1212044): * CVE-2023-3079: Type Confusion in V8 ------------------------------------------------------------------- Sun Jun 4 18:52:01 UTC 2023 - Callum Farmer - Chromium 114.0.5735.90 (boo#1211843): * CSS text-wrap: balance is available * Cookies partitioned by top level site (CHIPS) * New Popover API - Security fixes: * CVE-2023-2929: Out of bounds write in Swiftshader * CVE-2023-2930: Use after free in Extensions * CVE-2023-2931: Use after free in PDF * CVE-2023-2932: Use after free in PDF * CVE-2023-2933: Use after free in PDF * CVE-2023-2934: Out of bounds memory access in Mojo * CVE-2023-2935: Type Confusion in V8 * CVE-2023-2936: Type Confusion in V8 * CVE-2023-2937: Inappropriate implementation in Picture In Picture * CVE-2023-2938: Inappropriate implementation in Picture In Picture * CVE-2023-2939: Insufficient data validation in Installer * CVE-2023-2940: Inappropriate implementation in Downloads * CVE-2023-2941: Inappropriate implementation in Extensions API - Drop patches: * chromium-103-VirtualCursor-std-layout.patch * chromium-113-system-zlib.patch * chromium-113-workaround_clang_bug-structured_binding.patch - Add patches * chromium-114-workaround_clang_bug-structured_binding.patch * chromium-114-lld-argument.patch ------------------------------------------------------------------- Tue May 30 21:53:45 UTC 2023 - Callum Farmer - Un-bundle zlib again - Remove un-needed patches: * chromium-112-default-comparison-operators.patch * chromium-109-clang-lp154.patch * chromium-clang-nomerge.patch * chromium-ffmpeg-lp152.patch * chromium-lp151-old-drm.patch - Added patches: * chromium-113-system-zlib.patch ------------------------------------------------------------------- Sun May 28 21:32:03 UTC 2023 - Andreas Stieger - build with llvm15 on Leap ------------------------------------------------------------------- Tue May 16 21:16:23 UTC 2023 - Andreas Stieger - Chromium 113.0.5672.126 (boo#1211442): * CVE-2023-2721: Use after free in Navigation * CVE-2023-2722: Use after free in Autofill UI * CVE-2023-2723: Use after free in DevTools * CVE-2023-2724: Type Confusion in V8 * CVE-2023-2725: Use after free in Guest View * CVE-2023-2726: Inappropriate implementation in WebApp Installs * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Tue May 9 19:14:20 UTC 2023 - Andreas Stieger - Chromium 113.0.5672.92 (boo#1211211) - Multiple security fixes (boo#1211036): * CVE-2023-2459: Inappropriate implementation in Prompts * CVE-2023-2460: Insufficient validation of untrusted input in Extensions * CVE-2023-2461: Use after free in OS Inputs * CVE-2023-2462: Inappropriate implementation in Prompts * CVE-2023-2463: Inappropriate implementation in Full Screen Mode * CVE-2023-2464: Inappropriate implementation in PictureInPicture * CVE-2023-2465: Inappropriate implementation in CORS * CVE-2023-2466: Inappropriate implementation in Prompts * CVE-2023-2467: Inappropriate implementation in Prompts * CVE-2023-2468: Inappropriate implementation in PictureInPicture - drop chromium-94-sql-no-assert.patch - drop no-location-leap151.patch - add chromium-113-webview-namespace.patch - add chromium-113-webauth-include-variant.patch - add chromium-113-typename.patch - add chromium-113-workaround_clang_bug-structured_binding.patch ------------------------------------------------------------------- Wed Apr 19 19:55:51 UTC 2023 - Andreas Stieger - Chromium 112.0.5615.165 (boo#1210618): * CVE-2023-2133: Out of bounds memory access in Service Worker API * CVE-2023-2134: Out of bounds memory access in Service Worker API * CVE-2023-2135: Use after free in DevTools * CVE-2023-2136: Integer overflow in Skia * CVE-2023-2137: Heap buffer overflow in sqlite - drop chromium-112-feed_protos.patch ------------------------------------------------------------------- Sun Apr 16 02:10:30 UTC 2023 - Andreas Stieger - Fix Leap 15.4 build failures from default comparison operators defined outside of the class definition, a C++20 feature adding chromium-112-default-comparison-operators.patch ------------------------------------------------------------------- Sat Apr 15 10:49:51 UTC 2023 - Andreas Stieger - Chromium 112.0.5615.121: * CVE-2023-2033: Type Confusion in V8 (boo#1210478) ------------------------------------------------------------------- Fri Apr 7 07:57:40 UTC 2023 - Andreas Stieger - Revert a breaking change with chromium-112-feed_protos.patch ------------------------------------------------------------------- Tue Apr 4 22:38:23 UTC 2023 - Andreas Stieger - Chromium 112.0.5615.49 * CSS now supports nesting rules. * The algorithm to set the initial focus on elements was updated. * No-op fetch() handlers on service workers are skipped from now on to make navigations faster * The setter for document.domain is now deprecated. * The recorder in devtools can now record with pierce selectors. * Security fixes (boo#1210126): * CVE-2023-1810: Heap buffer overflow in Visuals * CVE-2023-1811: Use after free in Frames * CVE-2023-1812: Out of bounds memory access in DOM Bindings * CVE-2023-1813: Inappropriate implementation in Extensions * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing * CVE-2023-1815: Use after free in Networking APIs * CVE-2023-1816: Incorrect security UI in Picture In Picture * CVE-2023-1817: Insufficient policy enforcement in Intents * CVE-2023-1818: Use after free in Vulkan * CVE-2023-1819: Out of bounds read in Accessibility * CVE-2023-1820: Heap buffer overflow in Browser History * CVE-2023-1821: Inappropriate implementation in WebShare * CVE-2023-1822: Incorrect security UI in Navigation * CVE-2023-1823: Inappropriate implementation in FedCM ------------------------------------------------------------------- Mon Mar 27 20:12:21 UTC 2023 - Andreas Stieger - Chromium 111.0.5563.147: * nth-child() validation performance regression for SAP apps ------------------------------------------------------------------- Thu Mar 23 08:40:11 UTC 2023 - Guillaume GARDET - Update gcc13-fix.patch with few fixes required for aarch64, borrowed from Fedora's gcc13 patch ------------------------------------------------------------------- Wed Mar 22 09:03:45 UTC 2023 - Andreas Stieger - Chromium 111.0.5563.110 (boo#1209598) * CVE-2023-1528: Use after free in Passwords * CVE-2023-1529: Out of bounds memory access in WebHID * CVE-2023-1530: Use after free in PDF * CVE-2023-1531: Use after free in ANGLE * CVE-2023-1532: Out of bounds read in GPU Video * CVE-2023-1533: Use after free in WebProtect * CVE-2023-1534: Out of bounds read in ANGLE ------------------------------------------------------------------- Mon Mar 20 11:59:36 UTC 2023 - Martin Liška - Add gcc13-fix.patch in order to support GCC 13. ------------------------------------------------------------------- Thu Mar 9 23:54:55 UTC 2023 - Callum Farmer - Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12 ------------------------------------------------------------------- Thu Mar 9 15:48:22 UTC 2023 - Callum Farmer - Bump Leap's GCC to 12 as Chromium really likes newer standards ------------------------------------------------------------------- Thu Mar 9 01:58:25 UTC 2023 - Andreas Stieger - Chromium 111.0.5563.64 * New View Transitions API * CSS Color Level 4 * New developer tools in style panel for color functionality * CSS added trigonometric functions, additional root font units and extended the n-th child pseudo selector. * previousslide and nextslide actions are now part of the Media Session API * A number of security fixes (boo#1209040) * CVE-2023-1213: Use after free in Swiftshader * CVE-2023-1214: Type Confusion in V8 * CVE-2023-1215: Type Confusion in CSS * CVE-2023-1216: Use after free in DevTools * CVE-2023-1217: Stack buffer overflow in Crash reporting * CVE-2023-1218: Use after free in WebRTC * CVE-2023-1219: Heap buffer overflow in Metrics * CVE-2023-1220: Heap buffer overflow in UMA * CVE-2023-1221: Insufficient policy enforcement in Extensions API * CVE-2023-1222: Heap buffer overflow in Web Audio API * CVE-2023-1223: Insufficient policy enforcement in Autofill * CVE-2023-1224: Insufficient policy enforcement in Web Payments API * CVE-2023-1225: Insufficient policy enforcement in Navigation * CVE-2023-1226: Insufficient policy enforcement in Web Payments API * CVE-2023-1227: Use after free in Core * CVE-2023-1228: Insufficient policy enforcement in Intents * CVE-2023-1229: Inappropriate implementation in Permission prompts * CVE-2023-1230: Inappropriate implementation in WebApp Installs * CVE-2023-1231: Inappropriate implementation in Autofill * CVE-2023-1232: Insufficient policy enforcement in Resource Timing * CVE-2023-1233: Insufficient policy enforcement in Resource Timing * CVE-2023-1234: Inappropriate implementation in Intents * CVE-2023-1235: Type Confusion in DevTools * CVE-2023-1236: Inappropriate implementation in Internals - drop patches: * chromium-86-ImageMemoryBarrierData-init.patch * chromium-93-InkDropHost-crash.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch * chromium-icu72-1.patch ------------------------------------------------------------------- Thu Feb 23 08:21:24 UTC 2023 - Andreas Stieger - Chromium 110.0.5481.177 (boo#1208589) * CVE-2023-0927: Use after free in Web Payments API * CVE-2023-0928: Use after free in SwiftShader * CVE-2023-0929: Use after free in Vulkan * CVE-2023-0930: Heap buffer overflow in Video * CVE-2023-0931: Use after free in Video * CVE-2023-0932: Use after free in WebRTC * CVE-2023-0933: Integer overflow in PDF * CVE-2023-0941: Use after free in Prompts * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Thu Feb 16 20:30:43 UTC 2023 - Andreas Stieger - Chromium 110.0.5481.100 * fix regression on SAP Business Objects web UI * fix date formatting behavior change from ICU 72 ------------------------------------------------------------------- Wed Feb 8 20:16:01 UTC 2023 - Andreas Stieger - Chromium 110.0.5481.77 (boo#1208029): * CVE-2023-0696: Type Confusion in V8 * CVE-2023-0697: Inappropriate implementation in Full screen mode * CVE-2023-0698: Out of bounds read in WebRTC * CVE-2023-0699: Use after free in GPU * CVE-2023-0700: Inappropriate implementation in Download * CVE-2023-0701: Heap buffer overflow in WebUI * CVE-2023-0702: Type Confusion in Data Transfer * CVE-2023-0703: Type Confusion in DevTools * CVE-2023-0704: Insufficient policy enforcement in DevTools * CVE-2023-0705: Integer overflow in Core * Various fixes from internal audits, fuzzing and other initiatives - build with bundled libavif - dropped patches: * chromium-109-compiler.patch * chromium-icu72-3.patch - added patches: * chromium-110-compiler.patch * chromium-110-system-libffi.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch ------------------------------------------------------------------- Wed Jan 25 04:51:29 UTC 2023 - Andreas Stieger - Chromium 109.0.5414.119 (boo#1207512): * CVE-2023-0471: Use after free in WebTransport * CVE-2023-0472: Use after free in WebRTC * CVE-2023-0473: Type Confusion in ServiceWorker API * CVE-2023-0474: Use after free in GuestView * Various fixes from internal audits, fuzzing and other initiatives ------------------------------------------------------------------- Tue Jan 17 21:03:29 UTC 2023 - Callum Farmer - Added patches: * chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict with system icu (bsc#1207147) * chromium-icu72-2.patch: align default characters for old icu with that of ICU 72 * chromium-icu72-3.patch: make V8 aware of space in ICU 72 time format ------------------------------------------------------------------- Tue Jan 10 21:24:55 UTC 2023 - Andreas Stieger - Chromium 109.0.5414.74: * Add support for MathML Core * CSS: Auto range support for font descriptors inside @font-face rule * CSS: Add lh length unit * CSS: Add hyphenate-limit-chars property * CSS: Snap border, outline and column-rule widths before layout * API: Improved screen sharing and web conferencing: hints for suppressing local audio playback, and Conditional Focus * API: HTTP response status code in the Resource Timing API * API: Same-site cross-origin prerendering triggered by the speculation rules API * Remove Event.path API * CVE-2023-0128: Use after free in Overview Mode * CVE-2023-0129: Heap buffer overflow in Network Service * CVE-2023-0130: Inappropriate implementation in Fullscreen API * CVE-2023-0131: Inappropriate implementation in iframe Sandbox * CVE-2023-0132: Inappropriate implementation in Permission prompts * CVE-2023-0133: Inappropriate implementation in Permission prompts * CVE-2023-0134: Use after free in Cart * CVE-2023-0135: Use after free in Cart * CVE-2023-0136: Inappropriate implementation in Fullscreen API * CVE-2023-0137: Heap buffer overflow in Platform Apps * CVE-2023-0138: Heap buffer overflow in libphonenumber * CVE-2023-0139: Insufficient validation of untrusted input in Downloads * CVE-2023-0140: Inappropriate implementation in File System API * CVE-2023-0141: Insufficient policy enforcement in CORS * Various fixes from internal audits, fuzzing and other initiatives - drop patches: * chromium-gcc11.patch - not needed * chromium-107-system-zlib.patch - upstream * chromium-108-compiler.patch - add patches: * chromium-109-compiler.patch * chromium-109-clang-lp154.patch ------------------------------------------------------------------- Sun Dec 18 17:31:22 UTC 2022 - Callum Farmer - Add chromium-disable-GlobalMediaControlsCastStartStop.patch: disable GlobalMediaControlsCastStartStop to fix crashes occurring when interacting with the Media UI (bsc#1198124) ------------------------------------------------------------------- Wed Dec 14 09:01:57 UTC 2022 - Andreas Stieger - Chromium 108.0.5359.124 (boo#1206403): * CVE-2022-4436: Use after free in Blink Media * CVE-2022-4437: Use after free in Mojo IPC * CVE-2022-4438: Use after free in Blink Frames * CVE-2022-4439: Use after free in Aura * CVE-2022-4440: Use after free in Profiles ------------------------------------------------------------------- Wed Dec 7 20:43:54 UTC 2022 - Andreas Stieger - Chromium 108.0.5359.98 * Fix regression in computing selection renders white text on white background in apps. (Issue: 158422) * Fixed translate infobar button to show selected language. (Issue: 155350) * Fixed broken Arabic language. (Issue: 158978) * Fixed pre-rendering if the preference is disabled at start up. (Issue: 159393) * Fixed JavaScript rendering issue. (Issue: 159655) * No further indications in the ChangeLog ------------------------------------------------------------------- Tue Nov 20 23:27:56 UTC 2012 - tittiatcoke@gmail.com - Update to 25.0.1329 * No further indications in the ChangeLog - Removed patch chomium-ffmpeg-no-pkgconfig.patch - Building now internal libffmpegsumo.so based on the standard chromium ffmpeg codecs ------------------------------------------------------------------- Tue Nov 6 18:42:46 UTC 2012 - tittiatcoke@gmail.com - Update to 25.0.1319 * No further indications in the Changelog ------------------------------------------------------------------- Fri Oct 26 08:58:02 UTC 2012 - tittiatcoke@gmail.com - Update to 24.0.1308 * Updated V8 - 3.14.5.0 * Bookmarks are now searched by their title while typing into the omnibox with matching bookmarks being shown in the autocomplete suggestions pop-down list. Matching is done by prefix. * Fixed chromium issues 155871, 154173, 155133. ------------------------------------------------------------------- Tue Oct 16 12:41:55 UTC 2012 - coolo@suse.com - add explicit buildrequire on libbz2-devel ------------------------------------------------------------------- Sun Oct 7 11:28:56 UTC 2012 - tittiatcoke@gmail.com - Update to 24.0.1290 * No further indications in the ChangeLog. ------------------------------------------------------------------- Sun Sep 30 09:38:06 UTC 2012 - tittiatcoke@gmail.com - Update to 24.0.1283 * Security Fixes (bnc#782257) - High CVE-2012-2889: UXSS in frame handling - High CVE-2012-2886: UXSS in v8 bindings. - High CVE-2012-2881: DOM tree corruption with plug-ins. - High CVE-2012-2876: Buffer overflow in SSE2 optimizations. - High CVE-2012-2883: Out-of-bounds write in Skia. - High CVE-2012-2887: Use-after-free in onclick handling. - High CVE-2012-2888: Use-after-free in SVG text references. - High CVE-2012-2894: Crash in graphics context handling. - High CVE-2012-2896: Integer overflow in WebGL. - Medium CVE-2012-2877: Browser crash with extensions and modal dialogs - Low CVE-2012-2879: DOM topology corruption. - Medium CVE-2012-2884: Out-of-bounds read in Skia. - High CVE-2012-2874: Out-of-bounds write in Skia. - High CVE-2012-2878: Use-after-free in plug-in handling. - Medium CVE-2012-2880: Race condition in plug-in paint buffer. - High CVE-2012-2882: Wild pointer in OGG container handling. - Medium CVE-2012-2885: Possible double free on exit. - Low CVE-2012-2891: Address leak over IPC. - Low CVE-2012-2892: Pop-up block bypass. - High CVE-2012-2893: Double free in XSL transforms. ------------------------------------------------------------------- Sat Sep 15 06:27:56 UTC 2012 - tittiatcoke@gmail.com - Update to 23.0.1268 * Updated V8 - 3.13.6.0 * Updated WebKit - 537.10 * Make the new sandbox more robust when denying socket calls. * Fix crashes (Issues 142388 and 146606) ------------------------------------------------------------------- Fri Sep 7 15:49:57 UTC 2012 - tittiatcoke@gmail.com - Update to 23.0.1259 * No further indications in the ChangeLog. ------------------------------------------------------------------- Sun Sep 2 14:31:22 UTC 2012 - tittiatcoke@gmail.com - Update to 23.0.1255 * Security Fixes (bnc#778005): - Medium CVE-2012-2865: Out-of-bounds read in line breaking. - High CVE-2012-2866: Bad cast with run-ins. - Low CVE-2012-2867: Browser crash with SPDY. - Medium CVE-2012-2868: Race condition with workers and XHR. - High CVE-2012-2869: Avoid stale buffer in URL loading. - Low CVE-2012-2870: Lower severity memory management issues in XPath. - High CVE-2012-2871: Bad cast in XSL transforms. - Medium CVE-2012-2872: XSS in SSL interstitial. ------------------------------------------------------------------- Wed Aug 29 19:19:31 UTC 2012 - tittiatcoke@gmail.com - Update to 23.0.1249 * No longer building with system libraries. This caused issues with high CPU utilization and a blank homescreen. Now the in-source libraries are used. ------------------------------------------------------------------- Sun Aug 19 08:32:45 UTC 2012 - tittiatcoke@gmail.com - Update to 23.0.1240 * Duplex Printing defaults to Yes, which prints extra pages even for a 1 page print out (Issue 138312). * Print preview takes forever on Win XP (issue: 140044) * Anti-DDoS inversion of logic (Issues: 141643, 141081) * Projectmanager.com application causes Flash to hang (Issue: 141018) * An additional scroll bar appears at the right on many sites (issue: 140239) * Setting and unsetting display:none obliterates current scroll position (issue: 140101) - Utilize the patched zlib sources from Chromium in order to build ------------------------------------------------------------------- Fri Aug 3 15:54:24 UTC 2012 - tittiatcoke@gmail.com - Update to 22.0.1226 * Security Fixes (bnc#770821): CVE-2012-2843: Use-after-free in layout height tracking CVE-2012-2842: Use-after-free in counter handling ------------------------------------------------------------------- Mon Jul 30 13:21:27 UTC 2012 - aj@suse.de - Fix build with glibc 2.16 (struct siginfo is not exported anymore). ------------------------------------------------------------------- Sun Jul 29 13:32:21 UTC 2012 - tittiatcoke@gmail.com - Update to 22.0.1221 * Several crash fixes (Issues: 131310, 134574) * Can't press Enter to save to PDF (Issue: 137690) ------------------------------------------------------------------- Wed Jul 25 14:17:53 UTC 2012 - tittiatcoke@gmail.com - Update to 22.0.1218 * New Connection Manager * New Print UI. * No further indications in the ChangeLog. ------------------------------------------------------------------- Sun Jul 8 13:10:48 UTC 2012 - tittiatcoke@gmail.com - Update to 22.0.1201 * No further indications in the ChangeLog. - exclude ppc and ppc64. There is no v8 for ppc. (Update from dvaleev@suse.com) ------------------------------------------------------------------- Fri Jun 29 08:52:58 UTC 2012 - tittiatcoke@gmail.com - Update to 22.0.1190 * Security Fixes: * CVE-2012-2815: Leak of iframe fragment id * CVE-2012-2816: Prevent sandboxed processes interfering with each other * CVE-2012-2817: Use-after-free in table section handling * CVE-2012-2818: Use-after-free in counter layout * CVE-2012-2819: Crash in texture handling * CVE-2012-2820: Out-of-bounds read in SVG filter handling * CVE-2012-2821: Autofill display problem * CVE-2012-2823: Use-after-free in SVG resource handling * CVE-2012-2826: Out-of-bounds read in texture conversion * CVE-2012-2829: Use-after-free in first-letter handling * CVE-2012-2830: Wild pointer in array value setting * CVE-2012-2831: Use-after-free in SVG reference handling * CVE-2012-2834: Integer overflow in Matroska container * CVE-2012-2825: Wild read in XSL handling * CVE-2012-2807: Integer overflows in libxml * Fix update-alternatives within the spec-file ------------------------------------------------------------------- Thu Jun 21 12:20:28 UTC 2012 - tittiatcoke@gmail.com - Update to 22.0.1183 * Content settings for Cookies now also show protected storage granted to hosted apps * Chromoting client plugin correctly up-scales on when page-zoom is >100%. ------------------------------------------------------------------- Tue Jun 19 13:06:52 UTC 2012 - tittiatcoke@gmail.com - Update to 21.0.1181 * Bugfixes. * Remove obsolete patch * Do not execute update-alternatives when building ------------------------------------------------------------------- Fri Jun 15 12:19:24 UTC 2012 - coolo@suse.com - fix update-alternative usage to fix build ------------------------------------------------------------------- Thu May 31 08:27:09 UTC 2012 - tittiatcoke@gmail.com - Update to 21.0.1158 * Bugfixes * Gamepad API prototype http://www.w3.org/TR/gamepad/ available by default. * TLS 1.1 is enabled by default. ------------------------------------------------------------------- Sun May 20 16:40:03 UTC 2012 - tittiatcoke@gmail.com - Update to 21.0.1145 * Fixed several issues around audio not playing with videos * Crash Fixes * Improvements to trackpad on Cr-48 * Security Fixes (bnc#762481) - CVE-2011-3083: Browser crash with video + FTP - CVE-2011-3084: Load links from internal pages in their own process. - CVE-2011-3085: UI corruption with long autofilled values - CVE-2011-3086: Use-after-free with style element. - CVE-2011-3087: Incorrect window navigation - CVE-2011-3088: Out-of-bounds read in hairline drawing - CVE-2011-3089: Use-after-free in table handling. - CVE-2011-3090: Race condition with workers. - CVE-2011-3091: Use-after-free with indexed DB - CVE-2011-3092: Invalid write in v8 regex - CVE-2011-3093: Out-of-bounds read in glyph handling - CVE-2011-3094: Out-of-bounds read in Tibetan handling - CVE-2011-3095: Out-of-bounds write in OGG container. - CVE-2011-3096: Use-after-free in GTK omnibox handling. - CVE-2011-3098: Bad search path for Windows Media Player plug-in - CVE-2011-3100: Out-of-bounds read drawing dash paths. - CVE-2011-3101: Work around Linux Nvidia driver bug - CVE-2011-3102: Off-by-one out-of-bounds write in libxml. ------------------------------------------------------------------- Sun May 13 19:53:59 UTC 2012 - tittiatcoke@gmail.com - Update to 21.0.1137 * Fixes crashes when manually typing in URL's ------------------------------------------------------------------- Fri May 11 14:22:22 UTC 2012 - tittiatcoke@gmail.com - Update to 21.0.1135.0 * Added patch for Sqlite which should resolve crashes when build with GCC 4.7 * Fixes for rendering and stability * Fixed about:inducebrowsercrashforrealz (Issue: 124843) * Mouse over on apps/extensions makes place holder blank in web store. (Issue: 125777) * Security Fixes (bnc#760264): - CVE-2011-3078: Use after free in floats handling. - CVE-2012-1521: Use after free in xml parser. - CVE-2011-3079: IPC validation failure. - CVE-2011-3080: Race condition in sandbox IPC - CVE-2011-3081: Use after free in floats handling. ------------------------------------------------------------------- Sun Apr 29 15:38:00 UTC 2012 - tittiatcoke@gmail.com - Update to 20.0.1123.0 ------------------------------------------------------------------- Fri Apr 27 09:54:43 UTC 2012 - tittiatcoke@gmail.com - Update to 20.0.1119.0 Fixes - Adjust spec-file to include two new resource files that are required for the UI. (bnc#759381) ------------------------------------------------------------------- Wed Apr 25 11:32:07 UTC 2012 - tittiatcoke@gmail.com - Update to 20.0.1116.0 * Fixes and update to newer v8 version ------------------------------------------------------------------- Thu Apr 19 09:12:44 UTC 2012 - tittiatcoke@gmail.com - Added the ChromeDriver as a separate package. Normal users will not require this as it is a standalone server for testing webbrowsers ------------------------------------------------------------------- Tue Apr 17 13:53:49 UTC 2012 - tittiatcoke@gmail.com - Update to 20.0.1106.0 * Fixes issues with fonts (Issue: 108645). * Enable the Chrome To Mobile page action for users with compatible registered devices * file: downloads allowed again ------------------------------------------------------------------- Fri Apr 13 09:12:42 UTC 2012 - fcrozat@suse.com - Use desktop_database macros at install time. ------------------------------------------------------------------- Fri Apr 6 14:32:07 UTC 2012 - tittiatcoke@gmail.com - Update to 20.0.1094.0 Fixes: * Other Devices menu shows last update time for other sessions, and allows sessions to be hidden using a context menu. * Fix sync issue with sessions (open tabs) triggering an unrecoverable error. * Fixed Sync/Apps: NTP apps icons missing after sync. [Issue: 117857] * Fixed bookmarks drag-n-drop in Bookmark Manager. [Issue: 118715] Security Fixes: * Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. * Medium CVE-2011-3067: Cross-origin iframe replacement. * High CVE-2011-3068: Use-after-free in run-in handling. * High CVE-2011-3069: Use-after-free in line box handling. * High CVE-2011-3070: Use-after-free in v8 bindings. * High CVE-2011-3071: Use-after-free in HTMLMediaElement. * Low CVE-2011-3072: Cross-origin violation parenting pop-up window. * High CVE-2011-3073: Use-after-free in SVG resource handling. * Medium CVE-2011-3074: Use-after-free in media handling. * High CVE-2011-3075: Use-after-free applying style command. * High CVE-2011-3076: Use-after-free in focus handling. * Medium CVE-2011-3077: Read-after-free in script bindings. ------------------------------------------------------------------- Tue Apr 3 06:51:49 UTC 2012 - tittiatcoke@gmail.com - Update to 20.0.1090 Fixes: * Fixed issue cannot add GMail app to Chrome. [Issue: 119975] * Fixed theme and bookmarks bar notifications. [Issue: 117027] * Fixed popup prompting permission for flash plugin. [Issue: 120358] Security Fixes: * Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. * Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. * Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. * Medium CVE-2011-3061: SPDY proxy certificate checking error. * High CVE-2011-3062: Off-by-one in OpenType Sanitizer. * Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. * High CVE-2011-3064: Use-after-free in SVG clipping. * High CVE-2011-3065: Memory corruption in Skia. * Medium CVE-2011-3057: Invalid read in v8. ------------------------------------------------------------------- Sat Mar 24 06:40:10 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1079 Security Fixes (bnc#754456): * High CVE-2011-3050: Use-after-free with first-letter handling * High CVE-2011-3045: libpng integer issue from upstream * High CVE-2011-3051: Use-after-free in CSS cross-fade handling * High CVE-2011-3052: Memory corruption in WebGL canvas handling * High CVE-2011-3053: Use-after-free in block splitting * Low CVE-2011-3054: Apply additional isolations to webui privileges * Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation * High CVE-2011-3056: Cross-origin violation with “magic iframe”. * Low CVE-2011-3049: Extension web request API can interfere with system requests Other Fixes: * The short-cut key for caps lock (Shift + Search) is disabled when an accessibility screen reader is enabled * Fixes an issue with files not being displayed in File Manager when some file names contain UTF-8 characters (generally accented characters) * Fixed dialog boxes in settings. (Issue: 118031) * Fixed flash videos turning white on mac when running with --disable-composited-core-animation-plugins (Issue: 117916) * Change to look for correctly sized favicon when multiple images are provided. (Issue: 118275) * Fixed issues - 116044, 117470, 117068, 117668, 118620 ------------------------------------------------------------------- Wed Mar 21 12:36:42 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1077 ------------------------------------------------------------------- Sun Mar 18 17:35:02 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1074 - Build Chromium on openSUSE > 12.1 with the gold linker - Fix build issues with GCC 4.7 ------------------------------------------------------------------- Thu Mar 15 12:51:21 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1071 * Several fixes and improvements in the new Settings, Extensions, and Help pages. * Fixed the flashing when switched between composited and non-composited mode. [Issue: 116603] * Fixed stability issues 116913, 117217, 117347, 117081 ------------------------------------------------------------------- Sun Mar 11 08:01:15 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1066 * Fixed Chrome install/update resets Google search preferences (Issue: 105390) * Don't trigger accelerated compositing on 3D CSS when using swiftshader (Issue: 116401) * Fixed a GPU crash (Issue: 116096) * More fixes for Back button frequently hangs (Issue: 93427) * Bastion now works (Issue: 116285) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Composited layer sorting irregularity with accelerated canvas (Issue: 102943) * Fixed Google Feedback causes render process to use too much memory (Issue: 114489) * Fixed after upgrade, some pages are rendered as blank (Issue: 109888) * Fixed Pasting text into a single-line text field shouldn't keep literal newlines (Issue: 106551) - Security Fixes: * Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption * Critical CVE-2011-3046: UXSS and bad history navigation. ------------------------------------------------------------------- Mon Mar 5 20:53:06 UTC 2012 - vdziewiecki@suse.com - add Provides: browser(npapi) FATE#313084 ------------------------------------------------------------------- Sat Mar 3 16:55:15 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1060 * Fixed NTP signed in state is missing (Issue: 112676) * Fixed gmail seems to redraw itself (all white) occasionally (Issue: 111263) * Focus "OK" button on Javascript dialogs (Issue: 111015) * Fixed Back button frequently hangs (Issue: 93427) * Increase the buffer size to fix muted playback rate (Issue: 108239) * Fixed Empty span with line-height renders with non-zero height (Issue: 109811) * Marked the Certum Trusted Network CA as an issuer of extended-validation (EV) certificates. * Fixed importing of bookmarks, history, etc. from Firefox 10+. * Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636, 112676 * Fixed several crashes (Issues: 111376, 108688, 114391) * Fixed Firefox browser in Import Bookmarks and Settings drop-down (Issue: 114476) * Sync: Sessions aren't associating pre-existing tabs (Issue: 113319) * Fixed All "Extensions" make an entry under the "NTP Apps" page (Issue: 113672) + Security Fixes (bnc#750407): * High CVE-2011-3031: Use-after-free in v8 element wrapper. * High CVE-2011-3032: Use-after-free in SVG value handling. * High CVE-2011-3033: Buffer overflow in the Skia drawing library. * High CVE-2011-3034: Use-after-free in SVG document handling. * High CVE-2011-3035: Use-after-free in SVG use handling. * High CVE-2011-3036: Bad cast in line box handling. * High CVE-2011-3037: Bad casts in anonymous block splitting. * High CVE-2011-3038: Use-after-free in multi-column handling. * High CVE-2011-3039: Use-after-free in quote handling. * High CVE-2011-3040: Out-of-bounds read in text handling. * High CVE-2011-3041: Use-after-free in class attribute handling. * High CVE-2011-3042: Use-after-free in table section handling. * High CVE-2011-3043: Use-after-free in flexbox with floats. * High CVE-2011-3044: Use-after-free with SVG animation elements. - Remove the external ffmepg headers and start using the ones delivered with Chromium. Changes to Chromium are no longer in line with any ffmpeg version :-(. So we can only use the Chromium ffmpeg headers. ------------------------------------------------------------------- Mon Feb 20 14:39:23 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1046 * Security updates + CVE-2011-3015: Integer overflows in PDF codecs. + CVE-2011-3016: Read-after-free with counter nodes. + CVE-2011-3017: Possible use-after-free in database handling. + CVE-2011-3018: Heap overflow in path rendering. + CVE-2011-3019: Heap buffer overflow in MKV handling. + CVE-2011-3020: Native client validator error. + CVE-2011-3021: Use-after-free in subframe loading. + CVE-2011-3022: Inappropriate use of http for translation script. + CVE-2011-3023: Use-after-free with drag and drop. + CVE-2011-3024: Browser crash with empty x509 certificate. + CVE-2011-3025: Out-of-bounds read in h.264 parsing. + CVE-2011-3026: Integer overflow / truncation in libpng. + CVE-2011-3027: Bad cast in column handling. ------------------------------------------------------------------- Wed Feb 15 07:40:59 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1042 * Make speech input bubble borders close with the bubble [Issue: 112194] * Fixed stability issues [Issues: 113531, 113492, 113654, 113546, 113847, 114011] * Use Google’s online spellchecker to identify misspelled words as well as provide suggestions, for pasted text only. * Fix: open incognito windows at exit created extra normal windows when the session was restored * When translating a page, get the code and translation via HTTPS ------------------------------------------------------------------- Fri Feb 10 05:36:56 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1037 * Fix crashing timing bug where panel animates after its closed (issue#111120) * Remove patch to build with newer glib version. This was merged upstream * Added option to disable building with gold for x86_64. Used linker option "--icf=none" is not supported yet. ------------------------------------------------------------------- Mon Feb 6 10:45:25 UTC 2012 - tittiatcoke@gmail.com - Update to 19.0.1031 * Block plugins for platform apps To block plugins a new content settings has been added, with the highest priority (i.e. at the front of the list). This could be used down the track to hang off more platform app specific stuff. * Remove unconditional -msse3 -mssse3 CFLAGS from media.gyp (issue#107532) * Refactoring of Settings page * Other bugfixes * Security Fixes: CVE-2011-3953: Avoid clipboard monitoring after paste event. CVE-2011-3954: Crash with excessive database usage. CVE-2011-3955: Crash aborting an IndexDB transaction CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions CVE-2011-3957: Use-after-free in PDF garbage collection CVE-2011-3958: Bad casts with column spans CVE-2011-3959: Buffer overflow in locale handling CVE-2011-3960: Out-of-bounds read in audio decoding CVE-2011-3961: Race condition after crash of utility process CVE-2011-3962: Out-of-bounds read in path clipping CVE-2011-3963: Out-of-bounds read in PDF fax image handling CVE-2011-3964: URL bar confusion after drag + drop CVE-2011-3965: Crash in signature check CVE-2011-3966: Use-after-free in stylesheet error handling CVE-2011-3967: Crash with unusual certificate. CVE-2011-3968: Use-after-free in CSS handling CVE-2011-3969: Use-after-free in SVG layout. CVE-2011-3970: Out-of-bounds read in libxslt CVE-2011-3971: Use-after-free with mousemove events CVE-2011-3972: Out-of-bounds read in shader translator ------------------------------------------------------------------- Sun Jan 29 21:11:37 UTC 2012 - tittiatcoke@gmail.com - Update to 18.0.1022 * Security fixes (bnc#743319) + CVE-2011-3924 Use-after-free vulnerability + CVE-2011-3925 Use-after-free vulnerability + CVE-2011-3926 Heap-based buffer overflow in the tree builder + CVE-2011-3927 Skia does not perform all required initialization of values + CVE-2011-3928 Use-after-free vulnerability * Compile the chrome_sandbox binary with -fPIE flags ------------------------------------------------------------------- Mon Jan 23 09:44:42 UTC 2012 - tittiatcoke@gmail.com - Update to 18.0.1017 * Security Issues fixed (bnc#740493) + CVE-2011-3921 Use-after-free in animation frames + CVE-2011-3919 Heap-buffer-overflow in libxml + CVE-2011-3922 Stack-buffer-overflow in glyph handling ------------------------------------------------------------------- Sat Dec 31 22:29:20 UTC 2011 - tittiatcoke@gmail.com - Update to 18.0.992 * Delay some extension startup until after first run import. (issue 108286) * Add function support for Sleep with TimeDelta input. (issue 108171) * Make webstore installs work when the Downloads folder is missing. (issue 108812) * Disable GL_EXT_texture_storage support in Linux. (issue 107782) ------------------------------------------------------------------- Wed Dec 28 12:00:11 UTC 2011 - tittiatcoke@gmail.com - Update to 18.0.985 + Webkit layout: * Suppress a leak in http/tests/appcache/reload.html (issue 108621) * Suppress a leak in xmlhttprequest/workers/referer.html (issue 108622) * Extend the suppression for uninit value in fast/forms/input-text-paste-maxlength.html (issue 106183) * Suppress memory leaks in fast/files/workers/worker-read-blob-async.html (issue 108624) * Suppress a leak in websocket/tests/hybi/workers/receive-arraybuffer.html (issue 108627) * Suppress a leak in http/tests/xmlhttprequest/workers/methods-async.html (issue 108628) + Set opaque on the WebMediaPlayerClient based on the decoder ------------------------------------------------------------------- Mon Dec 19 06:41:16 UTC 2011 - tittiatcoke@gmail.com - Update to 18.0.975 + Updating extensions code to use UTF16. (issue#71980) + Assign F5 to cycle forward (issue#107417) + [Sync] Add NOTREACHED for empty passphrase (issue#104189) + Add libudev as build-dependency (issue#79050) + Enable mnemonic and bookmark folder key activation on menu (issue#107869) - Removed conflict with xine-browser-plugins. ------------------------------------------------------------------- Wed Dec 14 10:25:20 UTC 2011 - tittiatcoke@gmail.com - Update to 18.0.972 * Security issues fixed: (bnc#736716) + CVE-2011-3903: Out-of-bounds read in regex matching. + CVE-2011-3905: Out-of-bounds reads in libxml. + CVE-2011-3906: Out-of-bounds read in PDF parser. + CVE-2011-3907: URL bar spoofing with view-source. + CVE-2011-3908: Out-of-bounds read in SVG parsing. + CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. + CVE-2011-3910: Out-of-bounds read in YUV video frame handling. + CVE-2011-3911: Out-of-bounds read in PDF. + CVE-2011-3912: Use-after-free in SVG filters. + CVE-2011-3914: Out-of-bounds write in v8 i18n handling + CVE-2011-3915: Buffer overflow in PDF font handling. + CVE-2011-3916: Out-of-bounds reads in PDF cross references. + CVE-2011-3917: Stack-buffer-overflow in FileWatcher. + CVE-2011-3904: Use-after-free in bidi handling. * No longer build against the system libjpeg, but build against the libjpeg that comes with Chromium to prevent graphics issues * Chromium for openSUSE:Factory now builds against libjpeg8 * Removed explicit -fPIC from the C-flags ------------------------------------------------------------------- Sat Dec 10 18:51:39 UTC 2011 - tittiatcoke@gmail.com - Update to 18.0.968 + Print preview: Disable the right context menu items in print preview. (issue#106876,#106915) + Fix page zoom for plug-in documents (PDF, etc.) (issue#106013,#106228) + ntp: track number of times a user switches pages in a single session (issue#106575) +