-------------------------------------------------------------------
Thu Mar 13 06:31:45 UTC 2014 - tittiatcoke@gmail.com
- Update to Chromium 33.0.1750.149
Stable channel uodate:
- Security fixes:
* CVE-2014-1700: Use-after-free in speech
* CVE-2014-1701: UXSS in events
* CVE-2014-1702: Use-after-free in web database
* CVE-2014-1703: Potential sandbox escape due to a
use-after-free in web sockets
* CVE-2014-1704: Multiple vulnerabilities in V8 fixed in
version 3.23.17.18
-------------------------------------------------------------------
Fri Feb 21 12:52:21 UTC 2014 - tittiatcoke@gmail.com
- Update to Chromium 33.0.1750.117
Stable channel update:
- Security Fixes:
* CVE-2013-6653: Use-after-free related to web contents
* CVE-2013-6654: Bad cast in SVG
* CVE-2013-6655: Use-after-free in layout
* CVE-2013-6656: Information leak in XSS auditor
* CVE-2013-6657: Information leak in XSS auditor
* CVE-2013-6658: Use-after-free in layout
* CVE-2013-6659: Issue with certificates validation in TLS
handshake
* CVE-2013-6660: Information leak in drag and drop
* CVE-2013-6661: Various fixes from internal audits, fuzzing
and other initiatives. Of these, seven are
fixes for issues that could have allowed for
sandbox escapes from compromised renderers.
- Other:
- Google Chrome Frame has been retired
- Added gn-binaries.tar.xz to have the right version of the Google
depot tools during build.
- Added patch arm_disable_gn.patch to disable GN on ARM builds
-------------------------------------------------------------------
Tue Jan 28 17:50:25 UTC 2014 - tittiatcoke@gmail.com
- Update to Chromium 32.0.1700.102
Stable channel update:
- Security Fixes:
* CVE-2013-6649: Use-after-free in SVG images
* CVE-2013-6650: Memory corruption in V8
* and 12 other fixes
- Other:
* Mouse Pointer disappears after exiting full-screen mode
* Drag and drop files into Chromium may not work properly
* Quicktime Plugin crashes in Chromium
* Chromium becomes unresponsive
* Trackpad users may not be able to scroll horizontally
* Scrolling does not work in combo box
* Chromium does not work with all CSS minifiers such as
whitespace around a media query's `and` keyword
-------------------------------------------------------------------
Thu Jan 16 20:58:04 UTC 2014 - tittiatcoke@gmail.com
- Update to Chromium 32.0.1700.77
Stable channel update:
- Security fixes:
* CVE-2013-6646: Use-after-free in web workers
* CVE-2013-6641: Use-after-free related to forms
* CVE-2013-6643: Unprompted sync with an attacker’s
Google account
* CVE-2013-6645: Use-after-free related to speech input
elements
* CVE-2013-6644: Various fixes from internal audits, fuzzing
and other initiatives
- Other:
* Tab indicators for sound, webcam and casting
* Automatically blocking malware files
* Lots of under the hood changes for stability and performance
- Remove patch chromium-fix-chromedriver-build.diff as that
chromedriver is fixed upstream
-------------------------------------------------------------------
Thu Dec 5 11:34:03 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 31.0.1650.63
Stable channel update:
- Security fixes:
* CVE-2013-6634: Session fixation in sync related to 302 redirects
* CVE-2013-6635: Use-after-free in editing
* CVE-2013-6636: Address bar spoofing related to modal dialogs
* CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2013-6638: Buffer overflow in v8
* CVE-2013-6639: Out of bounds write in v8.
* CVE-2013-6640: Out of bounds read in v8
* and 12 other security fixes.
- Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le.
This is based on missing build requires (valgrind, v8, etc)
-------------------------------------------------------------------
Wed Nov 27 09:36:08 UTC 2013 - tittiatcoke@gmail.com
- Remove the build flags to build according to the Chrome ffmpeg
branding and the proprietary codecs. (bnc#847971)
-------------------------------------------------------------------
Sat Nov 16 08:44:23 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 31.0.1650.57
Stable channel update:
- Security Fixes:
* CVE-2013-6632: Multiple memory corruption issues.
-------------------------------------------------------------------
Wed Nov 13 17:46:35 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 31.0.1650.48
Stable Channel update:
- Security fixes:
* CVE-2013-6621: Use after free related to speech input elements..
* CVE-2013-6622: Use after free related to media elements.
* CVE-2013-6623: Out of bounds read in SVG.
* CVE-2013-6624: Use after free related to “id” attribute strings.
* CVE-2013-6625: Use after free in DOM ranges.
* CVE-2013-6626: Address bar spoofing related to interstitial warnings.
* CVE-2013-6627: Out of bounds read in HTTP parsing.
* CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
* CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
* CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
* CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
* CVE-2013-6631: Use after free in libjingle.
- Added patch chromium-fix-chromedriver-build.diff to fix the
chromedriver build
-------------------------------------------------------------------
Thu Nov 7 11:18:07 UTC 2013 - tittiatcoke@gmail.com
- Enable ARM build for Chromium.
* Added patches chromium-arm-webrtc-fix.patch,
chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch
to resolve ARM specific build issues
-------------------------------------------------------------------
Fri Oct 25 17:50:46 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 30.0.1599.114
Stable Channel update: fix build for 32bit systems
- Drop patch chromium-fix-chromedriver-build.diff. This is now
fixed upstream
- For openSUSE versions lower than 13.1, build against the in-tree
libicu
-------------------------------------------------------------------
Wed Oct 16 05:14:12 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 30.0.1599.101
- Security Fixes:
+ CVE-2013-2925: Use after free in XHR
+ CVE-2013-2926: Use after free in editing
+ CVE-2013-2927: Use after free in forms.
+ CVE-2013-2928: Various fixes from internal audits,
fuzzing and other initiatives.
-------------------------------------------------------------------
Tue Oct 1 20:48:13 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Security fixes:
+ CVE-2013-2906: Races in Web Audio
+ CVE-2013-2907: Out of bounds read in Window.prototype object
+ CVE-2013-2908: Address bar spoofing related to the
“204 No Content” status code
+ CVE-2013-2909: Use after free in inline-block rendering
+ CVE-2013-2910: Use-after-free in Web Audio
+ CVE-2013-2911: Use-after-free in XSLT
+ CVE-2013-2912: Use-after-free in PPAPI
+ CVE-2013-2913: Use-after-free in XML document parsing
+ CVE-2013-2914: Use after free in the Windows color chooser
dialog
+ CVE-2013-2915: Address bar spoofing via a malformed scheme
+ CVE-2013-2916: Address bar spoofing related to the “204 No
Content” status code
+ CVE-2013-2917: Out of bounds read in Web Audio
+ CVE-2013-2918: Use-after-free in DOM
+ CVE-2013-2919: Memory corruption in V8
+ CVE-2013-2920: Out of bounds read in URL parsing
+ CVE-2013-2921: Use-after-free in resource loader
+ CVE-2013-2922: Use-after-free in template element
+ CVE-2013-2923: Various fixes from internal audits, fuzzing and
other initiatives
+ CVE-2013-2924: Use-after-free in ICU. Upstream bug
-------------------------------------------------------------------
Tue Oct 1 09:57:35 UTC 2013 - tittiatcoke@gmail.com
- Add patch chromium-fix-altgrkeys.diff
- Make sure that AltGr is treated correctly (issue#296835)
-------------------------------------------------------------------
Fri Sep 27 22:22:31 UTC 2013 - tittiatcoke@gmail.com
- Do not build with system libxml (bnc#825157)
-------------------------------------------------------------------
Wed Sep 25 18:29:25 UTC 2013 - tittiatcoke@gmail.com
- Update to Chromium 31.0.1640.0
* Bug and Stability Fixes
- Fix destkop file for chromium by removing extension from icon
- Change the methodology for the Chromium packages. Build is
now based on an official tarball. As soon as the Beta channel
catches up with the current version, Chromium will be
based on the Beta channel instead of svn snapshots
-------------------------------------------------------------------
Sun Sep 15 10:37:00 UTC 2013 - tittiatcoke@gmail.com
- Update to 31.0.1632
* Bug and Stability fixes
- Added the flag --enable-threaded-compositing to the startup
script. This flag seems to be required when hardware acceleration
is in use. This prevents websites from locking up on users in
certain cases.
-------------------------------------------------------------------
Tue Sep 10 18:44:03 UTC 2013 - tittiatcoke@gmail.com
- Update to 31.0.1627
* Bug and Stability fixes
-------------------------------------------------------------------
Mon Sep 2 13:39:12 UTC 2013 - tittiatcoke@gmail.com
- Update to 31.0.1619
* bug and Stability fixes
-------------------------------------------------------------------
Mon Aug 26 20:57:18 UTC 2013 - andreas.stieger@gmx.de
- require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel >= 4.9.5
-------------------------------------------------------------------
Mon Aug 26 09:35:02 UTC 2013 - tittiatcoke@gmail.com
- Add patch exclude_ymp.diff to ensure that 1-click-install files
are downloaded and NOT opened (bnc#836059)
-------------------------------------------------------------------
Sun Aug 25 08:25:22 UTC 2013 - tittiatcoke@gmail.com
- Update to 31.0.1611
* Bug and stability fixes
-------------------------------------------------------------------
Sun Aug 18 15:51:38 UTC 2013 - tittiatcoke@gmail.com
- Update to 31.0.1605
* Bug and stability fixes
-------------------------------------------------------------------
Fri Aug 16 13:31:17 UTC 2013 - tittiatcoke@gmail.com
- Change the startup script so that Chromium will not start
when the chrome_sandbox doesn't have the SETUID.
(bnc#779448)
-------------------------------------------------------------------
Wed Aug 14 17:31:17 UTC 2013 - tittiatcoke@gmail.com
- Update to 31.0.1601
* Bug and stability fixes
-------------------------------------------------------------------
Sun Aug 11 08:40:31 UTC 2013 - tittiatcoke@gmail.com
- Update to 30.0.1594
* Bug and stability fixes
- Correct specfile to properly own /usr/bin/chromium (bnc#831584)
- Chromium now expects the SUID-helper installed in the same
directory as chromium. So let's create a symlink to the helper
in /usr/lib
-------------------------------------------------------------------
Sun Aug 4 14:11:58 UTC 2013 - tittiatcoke@gmail.com
- Update to 30.0.1587
* Bug and stability fixes
- Remove patch chromium-nss-compliant.diff (Upstream)
-------------------------------------------------------------------
Wed Jul 24 04:57:36 UTC 2013 - tittiatcoke@gmail.com
- Update to 30.0.1575
* Bug and stability fixes
* Enable the gpu-sandbox again due to upstream fix (chromium#255063)
-------------------------------------------------------------------
Tue Jul 16 17:55:57 UTC 2013 - tittiatcoke@gmail.com
- Update to 30.0.1567
* bug and Stability fixes
-------------------------------------------------------------------
Mon Jul 1 17:02:52 UTC 2013 - tittiatcoke@gmail.com
- Update to 30.0.1553
* Bug and stability fixes
* Includes security update for v8 (bnc821601)
* CVE-2013-2838 Denial of service (out-of-bounds read) via
unspecified vectors
-------------------------------------------------------------------
Fri Jun 28 07:46:04 UTC 2013 - tittiatcoke@gmail.com
- Add the flag --disable-gpu-sandbox to prevent crashes and/or
slowness. The GPU Sandbox is a new sandbox introduces in M28 and
is currently causing issues
(http://code.google.com/p/chromium/issues/detail?id=255063)
-------------------------------------------------------------------
Tue Jun 25 12:27:22 UTC 2013 - tittiatcoke@gmail.com
- Update to 29.0.1548
* Bug and Stability fixes
-------------------------------------------------------------------
Sun Jun 16 15:03:32 UTC 2013 - tittiatcoke@gmail.com
- Update to 29.0.1541
* Bug and Stability fixes
- Added patch chromium-nss-compatibility to fix build on Factory
-------------------------------------------------------------------
Wed Jun 5 20:24:08 UTC 2013 - tittiatcoke@gmail.com
- Update to 29.0.1530
* Bug and Stability fixes.
- Dropped subversion buildrequire as svn is no longer used.
(Thanks to andreas.stieger@gmx.de)
-------------------------------------------------------------------
Mon May 27 16:31:10 UTC 2013 - tittiatcoke@gmail.com
- Update to 29.0.1521
* Bug and stability fixes
-------------------------------------------------------------------
Thu May 23 08:26:55 UTC 2013 - tittiatcoke@gmail.com
- Update to 29.0.1517
* Bug and stability fixes
-------------------------------------------------------------------
Sun May 5 18:43:49 UTC 2013 - tittiatcoke@gmail.com
- Update to 28.0.1500
* Bug and stability fixes
- Added patch adjust-ldflags-no-keep-memory.patch to change a
ldflags option to reduce the memory used during linking
-------------------------------------------------------------------
Thu May 2 11:43:10 UTC 2013 - tittiatcoke@gmail.com
- Update to 28.0.1497
* Bug and stability fixes
-------------------------------------------------------------------
Mon Apr 29 12:20:19 UTC 2013 - tittiatcoke@gmail.com
- Update to 28.0.1494
* Bug and Stability Fixes
-------------------------------------------------------------------
Sat Apr 27 21:34:51 UTC 2013 - tittiatcoke@gmail.com
- Update to 28.0.1493
* bug and stability fixes
* Bring back the lost buildflag to enable proprietary codecs
-------------------------------------------------------------------
Sun Apr 14 13:46:39 UTC 2013 - tittiatcoke@gmail.com
- Update to 28.0.1479
* bug and stability fixes
-------------------------------------------------------------------
Wed Apr 10 20:34:07 UTC 2013 - tittiatcoke@gmail.com
- use %config(noreplace) for /etc/default/chromium, so that user
changes are preserved.
-------------------------------------------------------------------
Sat Apr 6 18:55:27 UTC 2013 - tittiatcoke@gmail.com
- Update to 28.0.1468
* Bug and stability fixes
-------------------------------------------------------------------
Sun Mar 24 12:56:12 UTC 2013 - tittiatcoke@gmail.com
- Update to 27.0.1452
* Bug and stability fixes
- Change buoldsystem to ninja for additional speed
* Dropped patch chromium_use_gold.patch
- Removed obsolete 11.4 bits and pieces in the spec-file
* includes chromium.easy patch
-------------------------------------------------------------------
Tue Mar 19 16:51:59 UTC 2013 - tittiatcoke@gmail.com
- Update to 27.0.1447
* Bug and stability fixes
* Drop patch chromium-norpath.patch. Rpath is only used when
building chromium with shared libraries.
- Deactive building against system libraries. This is now causing
issues for building on 12.3 and Factory.
-------------------------------------------------------------------
Sat Mar 9 14:03:28 UTC 2013 - tittiatcoke@gmail.com
- Update to 27.0.1435
* Bug and stability fixes
* Drop patch chromium-siginfo.patch due to upstream
inclusion
-------------------------------------------------------------------
Sat Feb 23 08:09:58 UTC 2013 - tittiatcoke@gmail.com
- Update to 27.0.1425
* Bug and stability fixes:
- Fixed crash after clicking through malware warning.
(Issue: 173986)
- Fixed broken command line to create extensions with locale info
(Issue: 176187)
- Hosted apps in Chrome will always be opened from app launcher.
(Issue: 176267)
- Added modal confirmation dialog to the enterprise profile
sign-in flow. (Issue: 171236)
- Fixed a crash with autofill. (Issues: 175454, 176576)
- Fixed issues with sign-in.
(Issues: 175672, 175819, 175541, 176190)
- Fixed spurious profile shortcuts created with a system-level
install. (Issue: 177047)
- Fixed the background tab flashing with certain themes.
(Issue: 175426)
* Security Fixes: (bnc#804986)
- High CVE-2013-0879: Memory corruption with web audio node
- High CVE-2013-0880: Use-after-free in database handling
- Medium CVE-2013-0881: Bad read in Matroska handling
- High CVE-2013-0882: Bad memory access with excessive SVG
parameters.
- Medium CVE-2013-0883: Bad read in Skia.
- Low CVE-2013-0884: Inappropriate load of NaCl.
- Medium CVE-2013-0885: Too many API permissions granted to web
store
- Medium CVE-2013-0886: Incorrect NaCl signal handling.
- Low CVE-2013-0887: Developer tools process has too many
permissions and places too much trust in the connected server
- Medium CVE-2013-0888: Out-of-bounds read in Skia
- Low CVE-2013-0889: Tighten user gesture check for dangerous
file downloads.
- High CVE-2013-0890: Memory safety issues across the IPC layer.
- High CVE-2013-0891: Integer overflow in blob handling.
- Medium CVE-2013-0892: Lower severity issues across the IPC layer
- Medium CVE-2013-0893: Race condition in media handling.
- High CVE-2013-0894: Buffer overflow in vorbis decoding.
- High CVE-2013-0895: Incorrect path handling in file copying.
- High CVE-2013-0896: Memory management issues in plug-in message
handling
- Low CVE-2013-0897: Off-by-one read in PDF
- High CVE-2013-0898: Use-after-free in URL handling
- Low CVE-2013-0899: Integer overflow in Opus handling
- Medium CVE-2013-0900: Race condition in ICU
* Make adjustment for autodetecting of the PepperFlash library.
The package with the PepperFlash hopefully will be soon
available through packman
-------------------------------------------------------------------
Tue Feb 12 20:12:25 UTC 2013 - tittiatcoke@gmail.com
- Update to 26.0.1411
* Bug and stability fixes
-------------------------------------------------------------------
Sun Feb 3 11:41:13 UTC 2013 - tittiatcoke@gmail.com
- Update to 26.0.1403
* Bug and stability fixes
-------------------------------------------------------------------
Sat Jan 26 18:19:10 UTC 2013 - crrodriguez@opensuse.org
- Using system libxml2 requires system libxslt.
- Using system MESA does not work in i586 for some reason.
-------------------------------------------------------------------
Sat Jan 26 15:59:32 UTC 2013 - crrodriguez@opensuse.org
- Also use system MESA, factory version seems adecuate now.
- Always use system libxml2.
-------------------------------------------------------------------
Fri Jan 25 16:15:58 UTC 2013 - crrodriguez@opensuse.org
- Restrict the usage of system libraries instead of the bundled
ones to new products, too much hassle otherwise.
-------------------------------------------------------------------
Fri Jan 25 03:32:21 UTC 2013 - crrodriguez@opensuse.org
- Also link kerberos and libgps directly, do not dlopen them.
-------------------------------------------------------------------
Fri Jan 25 02:08:01 UTC 2013 - crrodriguez@opensuse.org
- Avoid using dlopen on system libraries, rpm or the package Manager
do not handle this at all. tested for a few weeks and implemented
with a macro so it can be easily disabled if problems arise.
- Use SOME system libraries instead of the bundled ones, tested for
several weeks and implemented with a macro for easy enable/Disable
in case of trouble.
-------------------------------------------------------------------
Thu Jan 24 06:45:53 UTC 2013 - tittiatcoke@gmail.com
- Update to 26.0.1393
* Bug and stability fixes
-------------------------------------------------------------------
Sun Jan 13 18:15:47 UTC 2013 - tittiatcoke@gmail.com
- Update to 26.0.1383
* Security fixes
- CVE-2012-5145: Use-after-free in SVG layout
- CVE-2012-5146: Same origin policy bypass with malformed URL
- CVE-2012-5147: Use-after-free in DOM handling
- CVE-2012-5148: Missing filename sanitization in hyphenation
support
- CVE-2012-5149: Integer overflow in audio IPC handling
- CVE-2012-5150: Use-after-free when seeking video
- CVE-2012-5152: Out-of-bounds read when seeking video
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5154: Integer overflow in shared memory allocation
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension process
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling
- CVE-2013-0835: Browser crash with geolocation
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory segments
-------------------------------------------------------------------
Tue Jan 8 13:19:57 UTC 2013 - tittiatcoke@gmail.com
* Set up Google API keys, see
http://www.chromium.org/developers/how-tos/api-keys .
# Note: these are for openSUSE Chromium builds ONLY!!
(Setup was done based on indication from Pawel Hajdan)
-------------------------------------------------------------------
Fri Jan 4 09:08:32 UTC 2013 - tittiatcoke@gmail.com
- Update to 26.0.1375
* Bug and stability fixes
-------------------------------------------------------------------
Thu Dec 27 14:43:46 UTC 2012 - tittiatcoke@gmail.com
- Change the default setting for password-store to basic.
(bnc#795860)
-------------------------------------------------------------------
Wed Dec 26 12:36:13 UTC 2012 - tittiatcoke@gmail.com
- Update to 26.0.1371
* Bug and stability fixes
-------------------------------------------------------------------
Thu Dec 20 13:25:14 UTC 2012 - tittiatcoke@gmail.com
- Update to 26.0.1367
* Bug and stability fixes
-------------------------------------------------------------------
Sat Dec 15 13:32:15 UTC 2012 - tittiatcoke@gmail.com
- Update to 25.0.1362
* Security fixes (bnc#794075):
- CVE-2012-5139: Use-after-free with visibility events
- CVE-2012-5140: Use-after-free in URL loader
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
- CVE-2012-5142: Crash in history navigation.
- CVE-2012-5143: Integer overflow in PPAPI image buffers
- CVE-2012-5144: Stack corruption in AAC decoding
-------------------------------------------------------------------
Thu Dec 6 10:06:51 UTC 2012 - tittiatcoke@gmail.com
- Update to 25.0.1352
* Fixed garbled header and footer text in print preview.
[Issue: 152893]
* Fixed extension action badges with long text. [Issue: 160069]
* Disable find if constrained window is shown. [Issue: 156969]
* Enable fullscreen for apps windows. [Issue: 161246]
* Fixed broken profile with system-wide installation and
UserDataDir & DiskCacheDir policy. [Issue: 161336]
* Fixed stability crashes like 158747, 159437, 149139, 160914,
160401, 161858, 158747, 156878
* Fixed graphical corruption in Dust. [Issue: 155258]
* Fixed scrolling issue. [Issue: 163553]
-------------------------------------------------------------------
Fri Nov 30 17:15:39 UTC 2012 - tittiatcoke@gmail.com
- Update to 25.0.1343
* Security Fixes (bnc#791234 and bnc#792154):
- CVE-2012-5131: Corrupt rendering in the Apple OSX driver for
Intel GPUs
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia
- CVE-2012-5132: Browser crash with chunked encoding
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
- CVE-2012-5138: Incorrect file path handling
- CVE-2012-5137: Use-after-free in media source handling
- Correct build so that proprietary codecs can be used when
the chromium-ffmpeg package is installed
-------------------------------------------------------------------
Sun Nov 25 12:50:28 UTC 2012 - tittiatcoke@gmail.com
- Add a configuration file (/etc/default/chromium) where we can
indicate flags for the chromium-browser.
-------------------------------------------------------------------
Sat Nov 24 20:00:51 UTC 2012 - tittiatcoke@gmail.com
- Update to 25.0.1335
* {gtk} Fixed selection renders white text on white
background in apps. (Issue: 158422)
* Fixed translate infobar button to show selected language.
(Issue: 155350)
* Fixed broken Arabic language. (Issue: 158978)
* Fixed pre-rendering if the preference is disabled at start up.
(Issue: 159393)
* Fixed JavaScript rendering issue. (Issue: 159655)
* No further indications in the ChangeLog
-------------------------------------------------------------------
Tue Nov 20 23:27:56 UTC 2012 - tittiatcoke@gmail.com
- Update to 25.0.1329
* No further indications in the ChangeLog
- Removed patch chomium-ffmpeg-no-pkgconfig.patch
- Building now internal libffmpegsumo.so based on the standard
chromium ffmpeg codecs
-------------------------------------------------------------------
Tue Nov 6 18:42:46 UTC 2012 - tittiatcoke@gmail.com
- Update to 25.0.1319
* No further indications in the Changelog
-------------------------------------------------------------------
Fri Oct 26 08:58:02 UTC 2012 - tittiatcoke@gmail.com
- Update to 24.0.1308
* Updated V8 - 3.14.5.0
* Bookmarks are now searched by their title while typing into
the omnibox with matching bookmarks being shown in the
autocomplete suggestions pop-down list. Matching is done by
prefix.
* Fixed chromium issues 155871, 154173, 155133.
-------------------------------------------------------------------
Tue Oct 16 12:41:55 UTC 2012 - coolo@suse.com
- add explicit buildrequire on libbz2-devel
-------------------------------------------------------------------
Sun Oct 7 11:28:56 UTC 2012 - tittiatcoke@gmail.com
- Update to 24.0.1290
* No further indications in the ChangeLog.
-------------------------------------------------------------------
Sun Sep 30 09:38:06 UTC 2012 - tittiatcoke@gmail.com
- Update to 24.0.1283
* Security Fixes (bnc#782257)
- High CVE-2012-2889: UXSS in frame handling
- High CVE-2012-2886: UXSS in v8 bindings.
- High CVE-2012-2881: DOM tree corruption with plug-ins.
- High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
- High CVE-2012-2883: Out-of-bounds write in Skia.
- High CVE-2012-2887: Use-after-free in onclick handling.
- High CVE-2012-2888: Use-after-free in SVG text references.
- High CVE-2012-2894: Crash in graphics context handling.
- High CVE-2012-2896: Integer overflow in WebGL.
- Medium CVE-2012-2877: Browser crash with extensions
and modal dialogs
- Low CVE-2012-2879: DOM topology corruption.
- Medium CVE-2012-2884: Out-of-bounds read in Skia.
- High CVE-2012-2874: Out-of-bounds write in Skia.
- High CVE-2012-2878: Use-after-free in plug-in handling.
- Medium CVE-2012-2880: Race condition in plug-in paint buffer.
- High CVE-2012-2882: Wild pointer in OGG container handling.
- Medium CVE-2012-2885: Possible double free on exit.
- Low CVE-2012-2891: Address leak over IPC.
- Low CVE-2012-2892: Pop-up block bypass.
- High CVE-2012-2893: Double free in XSL transforms.
-------------------------------------------------------------------
Sat Sep 15 06:27:56 UTC 2012 - tittiatcoke@gmail.com
- Update to 23.0.1268
* Updated V8 - 3.13.6.0
* Updated WebKit - 537.10
* Make the new sandbox more robust when denying socket calls.
* Fix crashes (Issues 142388 and 146606)
-------------------------------------------------------------------
Fri Sep 7 15:49:57 UTC 2012 - tittiatcoke@gmail.com
- Update to 23.0.1259
* No further indications in the ChangeLog.
-------------------------------------------------------------------
Sun Sep 2 14:31:22 UTC 2012 - tittiatcoke@gmail.com
- Update to 23.0.1255
* Security Fixes (bnc#778005):
- Medium CVE-2012-2865: Out-of-bounds read in line breaking.
- High CVE-2012-2866: Bad cast with run-ins.
- Low CVE-2012-2867: Browser crash with SPDY.
- Medium CVE-2012-2868: Race condition with workers and XHR.
- High CVE-2012-2869: Avoid stale buffer in URL loading.
- Low CVE-2012-2870: Lower severity memory management issues
in XPath.
- High CVE-2012-2871: Bad cast in XSL transforms.
- Medium CVE-2012-2872: XSS in SSL interstitial.
-------------------------------------------------------------------
Wed Aug 29 19:19:31 UTC 2012 - tittiatcoke@gmail.com
- Update to 23.0.1249
* No longer building with system libraries. This caused issues
with high CPU utilization and a blank homescreen. Now the
in-source libraries are used.
-------------------------------------------------------------------
Sun Aug 19 08:32:45 UTC 2012 - tittiatcoke@gmail.com
- Update to 23.0.1240
* Duplex Printing defaults to Yes, which prints extra pages even
for a 1 page print out (Issue 138312).
* Print preview takes forever on Win XP (issue: 140044)
* Anti-DDoS inversion of logic (Issues: 141643, 141081)
* Projectmanager.com application causes Flash to hang
(Issue: 141018)
* An additional scroll bar appears at the right on many sites
(issue: 140239)
* Setting and unsetting display:none obliterates current scroll
position (issue: 140101)
- Utilize the patched zlib sources from Chromium in order to build
-------------------------------------------------------------------
Fri Aug 3 15:54:24 UTC 2012 - tittiatcoke@gmail.com
- Update to 22.0.1226
* Security Fixes (bnc#770821):
CVE-2012-2843: Use-after-free in layout height tracking
CVE-2012-2842: Use-after-free in counter handling
-------------------------------------------------------------------
Mon Jul 30 13:21:27 UTC 2012 - aj@suse.de
- Fix build with glibc 2.16 (struct siginfo is not exported anymore).
-------------------------------------------------------------------
Sun Jul 29 13:32:21 UTC 2012 - tittiatcoke@gmail.com
- Update to 22.0.1221
* Several crash fixes (Issues: 131310, 134574)
* Can't press Enter to save to PDF (Issue: 137690)
-------------------------------------------------------------------
Wed Jul 25 14:17:53 UTC 2012 - tittiatcoke@gmail.com
- Update to 22.0.1218
* New Connection Manager
* New Print UI.
* No further indications in the ChangeLog.
-------------------------------------------------------------------
Sun Jul 8 13:10:48 UTC 2012 - tittiatcoke@gmail.com
- Update to 22.0.1201
* No further indications in the ChangeLog.
- exclude ppc and ppc64. There is no v8 for ppc. (Update from
dvaleev@suse.com)
-------------------------------------------------------------------
Fri Jun 29 08:52:58 UTC 2012 - tittiatcoke@gmail.com
- Update to 22.0.1190
* Security Fixes:
* CVE-2012-2815: Leak of iframe fragment id
* CVE-2012-2816: Prevent sandboxed processes interfering with
each other
* CVE-2012-2817: Use-after-free in table section handling
* CVE-2012-2818: Use-after-free in counter layout
* CVE-2012-2819: Crash in texture handling
* CVE-2012-2820: Out-of-bounds read in SVG filter handling
* CVE-2012-2821: Autofill display problem
* CVE-2012-2823: Use-after-free in SVG resource handling
* CVE-2012-2826: Out-of-bounds read in texture conversion
* CVE-2012-2829: Use-after-free in first-letter handling
* CVE-2012-2830: Wild pointer in array value setting
* CVE-2012-2831: Use-after-free in SVG reference handling
* CVE-2012-2834: Integer overflow in Matroska container
* CVE-2012-2825: Wild read in XSL handling
* CVE-2012-2807: Integer overflows in libxml
* Fix update-alternatives within the spec-file
-------------------------------------------------------------------
Thu Jun 21 12:20:28 UTC 2012 - tittiatcoke@gmail.com
- Update to 22.0.1183
* Content settings for Cookies now also show protected storage
granted to hosted apps
* Chromoting client plugin correctly up-scales on when page-zoom
is >100%.
-------------------------------------------------------------------
Tue Jun 19 13:06:52 UTC 2012 - tittiatcoke@gmail.com
- Update to 21.0.1181
* Bugfixes.
* Remove obsolete patch
* Do not execute update-alternatives when building
-------------------------------------------------------------------
Fri Jun 15 12:19:24 UTC 2012 - coolo@suse.com
- fix update-alternative usage to fix build
-------------------------------------------------------------------
Thu May 31 08:27:09 UTC 2012 - tittiatcoke@gmail.com
- Update to 21.0.1158
* Bugfixes
* Gamepad API prototype http://www.w3.org/TR/gamepad/
available by default.
* TLS 1.1 is enabled by default.
-------------------------------------------------------------------
Sun May 20 16:40:03 UTC 2012 - tittiatcoke@gmail.com
- Update to 21.0.1145
* Fixed several issues around audio not playing with videos
* Crash Fixes
* Improvements to trackpad on Cr-48
* Security Fixes (bnc#762481)
- CVE-2011-3083: Browser crash with video + FTP
- CVE-2011-3084: Load links from internal pages in their
own process.
- CVE-2011-3085: UI corruption with long autofilled values
- CVE-2011-3086: Use-after-free with style element.
- CVE-2011-3087: Incorrect window navigation
- CVE-2011-3088: Out-of-bounds read in hairline drawing
- CVE-2011-3089: Use-after-free in table handling.
- CVE-2011-3090: Race condition with workers.
- CVE-2011-3091: Use-after-free with indexed DB
- CVE-2011-3092: Invalid write in v8 regex
- CVE-2011-3093: Out-of-bounds read in glyph handling
- CVE-2011-3094: Out-of-bounds read in Tibetan handling
- CVE-2011-3095: Out-of-bounds write in OGG container.
- CVE-2011-3096: Use-after-free in GTK omnibox handling.
- CVE-2011-3098: Bad search path for Windows Media Player
plug-in
- CVE-2011-3100: Out-of-bounds read drawing dash paths.
- CVE-2011-3101: Work around Linux Nvidia driver bug
- CVE-2011-3102: Off-by-one out-of-bounds write in libxml.
-------------------------------------------------------------------
Sun May 13 19:53:59 UTC 2012 - tittiatcoke@gmail.com
- Update to 21.0.1137
* Fixes crashes when manually typing in URL's
-------------------------------------------------------------------
Fri May 11 14:22:22 UTC 2012 - tittiatcoke@gmail.com
- Update to 21.0.1135.0
* Added patch for Sqlite which should resolve crashes when build
with GCC 4.7
* Fixes for rendering and stability
* Fixed about:inducebrowsercrashforrealz (Issue: 124843)
* Mouse over on apps/extensions makes place holder blank in
web store. (Issue: 125777)
* Security Fixes (bnc#760264):
- CVE-2011-3078: Use after free in floats handling.
- CVE-2012-1521: Use after free in xml parser.
- CVE-2011-3079: IPC validation failure.
- CVE-2011-3080: Race condition in sandbox IPC
- CVE-2011-3081: Use after free in floats handling.
-------------------------------------------------------------------
Sun Apr 29 15:38:00 UTC 2012 - tittiatcoke@gmail.com
- Update to 20.0.1123.0
-------------------------------------------------------------------
Fri Apr 27 09:54:43 UTC 2012 - tittiatcoke@gmail.com
- Update to 20.0.1119.0
Fixes
- Adjust spec-file to include two new resource files that are
required for the UI. (bnc#759381)
-------------------------------------------------------------------
Wed Apr 25 11:32:07 UTC 2012 - tittiatcoke@gmail.com
- Update to 20.0.1116.0
* Fixes and update to newer v8 version
-------------------------------------------------------------------
Thu Apr 19 09:12:44 UTC 2012 - tittiatcoke@gmail.com
- Added the ChromeDriver as a separate package. Normal users
will not require this as it is a standalone server for testing
webbrowsers
-------------------------------------------------------------------
Tue Apr 17 13:53:49 UTC 2012 - tittiatcoke@gmail.com
- Update to 20.0.1106.0
* Fixes issues with fonts (Issue: 108645).
* Enable the Chrome To Mobile page action for users with
compatible registered devices
* file: downloads allowed again
-------------------------------------------------------------------
Fri Apr 13 09:12:42 UTC 2012 - fcrozat@suse.com
- Use desktop_database macros at install time.
-------------------------------------------------------------------
Fri Apr 6 14:32:07 UTC 2012 - tittiatcoke@gmail.com
- Update to 20.0.1094.0
Fixes:
* Other Devices menu shows last update time for other sessions,
and allows sessions to be hidden using a context menu.
* Fix sync issue with sessions (open tabs) triggering an
unrecoverable error.
* Fixed Sync/Apps: NTP apps icons missing after sync.
[Issue: 117857]
* Fixed bookmarks drag-n-drop in Bookmark Manager.
[Issue: 118715]
Security Fixes:
* Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
* Medium CVE-2011-3067: Cross-origin iframe replacement.
* High CVE-2011-3068: Use-after-free in run-in handling.
* High CVE-2011-3069: Use-after-free in line box handling.
* High CVE-2011-3070: Use-after-free in v8 bindings.
* High CVE-2011-3071: Use-after-free in HTMLMediaElement.
* Low CVE-2011-3072: Cross-origin violation parenting pop-up
window.
* High CVE-2011-3073: Use-after-free in SVG resource handling.
* Medium CVE-2011-3074: Use-after-free in media handling.
* High CVE-2011-3075: Use-after-free applying style command.
* High CVE-2011-3076: Use-after-free in focus handling.
* Medium CVE-2011-3077: Read-after-free in script bindings.
-------------------------------------------------------------------
Tue Apr 3 06:51:49 UTC 2012 - tittiatcoke@gmail.com
- Update to 20.0.1090
Fixes:
* Fixed issue cannot add GMail app to Chrome. [Issue: 119975]
* Fixed theme and bookmarks bar notifications. [Issue: 117027]
* Fixed popup prompting permission for flash plugin.
[Issue: 120358]
Security Fixes:
* Medium CVE-2011-3058: Bad interaction possibly leading to
XSS in EUC-JP.
* Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
* Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling.
* Medium CVE-2011-3061: SPDY proxy certificate checking error.
* High CVE-2011-3062: Off-by-one in OpenType Sanitizer.
* Low CVE-2011-3063: Validate navigation requests from the
renderer more carefully.
* High CVE-2011-3064: Use-after-free in SVG clipping.
* High CVE-2011-3065: Memory corruption in Skia.
* Medium CVE-2011-3057: Invalid read in v8.
-------------------------------------------------------------------
Sat Mar 24 06:40:10 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1079
Security Fixes (bnc#754456):
* High CVE-2011-3050: Use-after-free with first-letter handling
* High CVE-2011-3045: libpng integer issue from upstream
* High CVE-2011-3051: Use-after-free in CSS cross-fade handling
* High CVE-2011-3052: Memory corruption in WebGL canvas handling
* High CVE-2011-3053: Use-after-free in block splitting
* Low CVE-2011-3054: Apply additional isolations to webui
privileges
* Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation
* High CVE-2011-3056: Cross-origin violation with “magic iframe”.
* Low CVE-2011-3049: Extension web request API can interfere with
system requests
Other Fixes:
* The short-cut key for caps lock (Shift + Search) is disabled
when an accessibility screen reader is enabled
* Fixes an issue with files not being displayed in File Manager
when some file names contain UTF-8 characters (generally
accented characters)
* Fixed dialog boxes in settings. (Issue: 118031)
* Fixed flash videos turning white on mac when running with
--disable-composited-core-animation-plugins (Issue: 117916)
* Change to look for correctly sized favicon when multiple images
are provided. (Issue: 118275)
* Fixed issues - 116044, 117470, 117068, 117668, 118620
-------------------------------------------------------------------
Wed Mar 21 12:36:42 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1077
-------------------------------------------------------------------
Sun Mar 18 17:35:02 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1074
- Build Chromium on openSUSE > 12.1 with the gold linker
- Fix build issues with GCC 4.7
-------------------------------------------------------------------
Thu Mar 15 12:51:21 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1071
* Several fixes and improvements in the new Settings, Extensions,
and Help pages.
* Fixed the flashing when switched between composited and
non-composited mode. [Issue: 116603]
* Fixed stability issues 116913, 117217, 117347, 117081
-------------------------------------------------------------------
Sun Mar 11 08:01:15 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1066
* Fixed Chrome install/update resets Google search preferences
(Issue: 105390)
* Don't trigger accelerated compositing on 3D CSS when using
swiftshader (Issue: 116401)
* Fixed a GPU crash (Issue: 116096)
* More fixes for Back button frequently hangs (Issue: 93427)
* Bastion now works (Issue: 116285)
* Fixed Composited layer sorting irregularity with accelerated
canvas (Issue: 102943)
* Fixed Composited layer sorting irregularity with accelerated
canvas (Issue: 102943)
* Fixed Google Feedback causes render process to use too much
memory (Issue: 114489)
* Fixed after upgrade, some pages are rendered as blank
(Issue: 109888)
* Fixed Pasting text into a single-line text field shouldn't
keep literal newlines (Issue: 106551)
- Security Fixes:
* Critical CVE-2011-3047: Errant plug-in load and GPU process
memory corruption
* Critical CVE-2011-3046: UXSS and bad history navigation.
-------------------------------------------------------------------
Mon Mar 5 20:53:06 UTC 2012 - vdziewiecki@suse.com
- add Provides: browser(npapi) FATE#313084
-------------------------------------------------------------------
Sat Mar 3 16:55:15 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1060
* Fixed NTP signed in state is missing (Issue: 112676)
* Fixed gmail seems to redraw itself (all white) occasionally
(Issue: 111263)
* Focus "OK" button on Javascript dialogs (Issue: 111015)
* Fixed Back button frequently hangs (Issue: 93427)
* Increase the buffer size to fix muted playback rate
(Issue: 108239)
* Fixed Empty span with line-height renders with non-zero height
(Issue: 109811)
* Marked the Certum Trusted Network CA as an issuer of
extended-validation (EV) certificates.
* Fixed importing of bookmarks, history, etc. from Firefox 10+.
* Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636,
112676
* Fixed several crashes (Issues: 111376, 108688, 114391)
* Fixed Firefox browser in Import Bookmarks and Settings
drop-down (Issue: 114476)
* Sync: Sessions aren't associating pre-existing tabs
(Issue: 113319)
* Fixed All "Extensions" make an entry under the "NTP Apps"
page (Issue: 113672)
+ Security Fixes (bnc#750407):
* High CVE-2011-3031: Use-after-free in v8 element wrapper.
* High CVE-2011-3032: Use-after-free in SVG value handling.
* High CVE-2011-3033: Buffer overflow in the Skia drawing library.
* High CVE-2011-3034: Use-after-free in SVG document handling.
* High CVE-2011-3035: Use-after-free in SVG use handling.
* High CVE-2011-3036: Bad cast in line box handling.
* High CVE-2011-3037: Bad casts in anonymous block splitting.
* High CVE-2011-3038: Use-after-free in multi-column handling.
* High CVE-2011-3039: Use-after-free in quote handling.
* High CVE-2011-3040: Out-of-bounds read in text handling.
* High CVE-2011-3041: Use-after-free in class attribute handling.
* High CVE-2011-3042: Use-after-free in table section handling.
* High CVE-2011-3043: Use-after-free in flexbox with floats.
* High CVE-2011-3044: Use-after-free with SVG animation elements.
- Remove the external ffmepg headers and start using the ones
delivered with Chromium. Changes to Chromium are no longer in line
with any ffmpeg version :-(. So we can only use the Chromium
ffmpeg headers.
-------------------------------------------------------------------
Mon Feb 20 14:39:23 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1046
* Security updates
+ CVE-2011-3015: Integer overflows in PDF codecs.
+ CVE-2011-3016: Read-after-free with counter nodes.
+ CVE-2011-3017: Possible use-after-free in database handling.
+ CVE-2011-3018: Heap overflow in path rendering.
+ CVE-2011-3019: Heap buffer overflow in MKV handling.
+ CVE-2011-3020: Native client validator error.
+ CVE-2011-3021: Use-after-free in subframe loading.
+ CVE-2011-3022: Inappropriate use of http for translation script.
+ CVE-2011-3023: Use-after-free with drag and drop.
+ CVE-2011-3024: Browser crash with empty x509 certificate.
+ CVE-2011-3025: Out-of-bounds read in h.264 parsing.
+ CVE-2011-3026: Integer overflow / truncation in libpng.
+ CVE-2011-3027: Bad cast in column handling.
-------------------------------------------------------------------
Wed Feb 15 07:40:59 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1042
* Make speech input bubble borders close with the bubble
[Issue: 112194]
* Fixed stability issues
[Issues: 113531, 113492, 113654, 113546, 113847, 114011]
* Use Google’s online spellchecker to identify misspelled words
as well as provide suggestions, for pasted text only.
* Fix: open incognito windows at exit created extra normal
windows when the session was restored
* When translating a page, get the code and translation via HTTPS
-------------------------------------------------------------------
Fri Feb 10 05:36:56 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1037
* Fix crashing timing bug where panel animates after its closed
(issue#111120)
* Remove patch to build with newer glib version. This was merged
upstream
* Added option to disable building with gold for x86_64. Used
linker option "--icf=none" is not supported yet.
-------------------------------------------------------------------
Mon Feb 6 10:45:25 UTC 2012 - tittiatcoke@gmail.com
- Update to 19.0.1031
* Block plugins for platform apps
To block plugins a new content settings has been added, with
the highest priority (i.e. at the front of the list). This
could be used down the track to hang off more platform app
specific stuff.
* Remove unconditional -msse3 -mssse3 CFLAGS from media.gyp
(issue#107532)
* Refactoring of Settings page
* Other bugfixes
* Security Fixes:
CVE-2011-3953: Avoid clipboard monitoring after paste event.
CVE-2011-3954: Crash with excessive database usage.
CVE-2011-3955: Crash aborting an IndexDB transaction
CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions
CVE-2011-3957: Use-after-free in PDF garbage collection
CVE-2011-3958: Bad casts with column spans
CVE-2011-3959: Buffer overflow in locale handling
CVE-2011-3960: Out-of-bounds read in audio decoding
CVE-2011-3961: Race condition after crash of utility process
CVE-2011-3962: Out-of-bounds read in path clipping
CVE-2011-3963: Out-of-bounds read in PDF fax image handling
CVE-2011-3964: URL bar confusion after drag + drop
CVE-2011-3965: Crash in signature check
CVE-2011-3966: Use-after-free in stylesheet error handling
CVE-2011-3967: Crash with unusual certificate.
CVE-2011-3968: Use-after-free in CSS handling
CVE-2011-3969: Use-after-free in SVG layout.
CVE-2011-3970: Out-of-bounds read in libxslt
CVE-2011-3971: Use-after-free with mousemove events
CVE-2011-3972: Out-of-bounds read in shader translator
-------------------------------------------------------------------
Sun Jan 29 21:11:37 UTC 2012 - tittiatcoke@gmail.com
- Update to 18.0.1022
* Security fixes (bnc#743319)
+ CVE-2011-3924 Use-after-free vulnerability
+ CVE-2011-3925 Use-after-free vulnerability
+ CVE-2011-3926 Heap-based buffer overflow in the tree builder
+ CVE-2011-3927 Skia does not perform all required
initialization of values
+ CVE-2011-3928 Use-after-free vulnerability
* Compile the chrome_sandbox binary with -fPIE flags
-------------------------------------------------------------------
Mon Jan 23 09:44:42 UTC 2012 - tittiatcoke@gmail.com
- Update to 18.0.1017
* Security Issues fixed (bnc#740493)
+ CVE-2011-3921 Use-after-free in animation frames
+ CVE-2011-3919 Heap-buffer-overflow in libxml
+ CVE-2011-3922 Stack-buffer-overflow in glyph handling
-------------------------------------------------------------------
Sat Dec 31 22:29:20 UTC 2011 - tittiatcoke@gmail.com
- Update to 18.0.992
* Delay some extension startup until after first run import.
(issue 108286)
* Add function support for Sleep with TimeDelta input.
(issue 108171)
* Make webstore installs work when the Downloads folder is missing.
(issue 108812)
* Disable GL_EXT_texture_storage support in Linux. (issue 107782)
-------------------------------------------------------------------
Wed Dec 28 12:00:11 UTC 2011 - tittiatcoke@gmail.com
- Update to 18.0.985
+ Webkit layout:
* Suppress a leak in http/tests/appcache/reload.html
(issue 108621)
* Suppress a leak in xmlhttprequest/workers/referer.html
(issue 108622)
* Extend the suppression for uninit value in
fast/forms/input-text-paste-maxlength.html (issue 106183)
* Suppress memory leaks in
fast/files/workers/worker-read-blob-async.html
(issue 108624)
* Suppress a leak in
websocket/tests/hybi/workers/receive-arraybuffer.html
(issue 108627)
* Suppress a leak in
http/tests/xmlhttprequest/workers/methods-async.html
(issue 108628)
+ Set opaque on the WebMediaPlayerClient based on the decoder
-------------------------------------------------------------------
Mon Dec 19 06:41:16 UTC 2011 - tittiatcoke@gmail.com
- Update to 18.0.975
+ Updating extensions code to use UTF16. (issue#71980)
+ Assign F5 to cycle forward (issue#107417)
+ [Sync] Add NOTREACHED for empty passphrase (issue#104189)
+ Add libudev as build-dependency (issue#79050)
+ Enable mnemonic and bookmark folder key activation on menu
(issue#107869)
- Removed conflict with xine-browser-plugins.
-------------------------------------------------------------------
Wed Dec 14 10:25:20 UTC 2011 - tittiatcoke@gmail.com
- Update to 18.0.972
* Security issues fixed: (bnc#736716)
+ CVE-2011-3903: Out-of-bounds read in regex matching.
+ CVE-2011-3905: Out-of-bounds reads in libxml.
+ CVE-2011-3906: Out-of-bounds read in PDF parser.
+ CVE-2011-3907: URL bar spoofing with view-source.
+ CVE-2011-3908: Out-of-bounds read in SVG parsing.
+ CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array.
+ CVE-2011-3910: Out-of-bounds read in YUV video frame
handling.
+ CVE-2011-3911: Out-of-bounds read in PDF.
+ CVE-2011-3912: Use-after-free in SVG filters.
+ CVE-2011-3914: Out-of-bounds write in v8 i18n handling
+ CVE-2011-3915: Buffer overflow in PDF font handling.
+ CVE-2011-3916: Out-of-bounds reads in PDF cross references.
+ CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
+ CVE-2011-3904: Use-after-free in bidi handling.
* No longer build against the system libjpeg, but build against
the libjpeg that comes with Chromium to prevent graphics
issues
* Chromium for openSUSE:Factory now builds against libjpeg8
* Removed explicit -fPIC from the C-flags
-------------------------------------------------------------------
Sat Dec 10 18:51:39 UTC 2011 - tittiatcoke@gmail.com
- Update to 18.0.968
+ Print preview: Disable the right context menu items in print
preview. (issue#106876,#106915)
+ Fix page zoom for plug-in documents (PDF, etc.)
(issue#106013,#106228)
+ ntp: track number of times a user switches pages in a single
session (issue#106575)
+