10174 lines
419 KiB
Plaintext
10174 lines
419 KiB
Plaintext
-------------------------------------------------------------------
|
||
Wed Oct 29 06:38:34 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 143.0.7489.0
|
||
(dev released 2025-10-24)
|
||
- modified patches:
|
||
gcc-enable-lto.patch (updated context)
|
||
chromium-127-constexpr.patch (file moved)
|
||
- dropped patches:
|
||
chromium-142-iwyu-field-form-data.patch (upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 29 04:54:55 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 142.0.7444.59, the stable channel promotion of 142
|
||
- drop chromium-142-dawn_commit_hash.patch, the generation of the
|
||
header was included in the tarball genration
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 27 10:33:34 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 142.0.7444.52
|
||
- added patches:
|
||
chromium-142-rust-revert_should_panic.patch
|
||
re-add __rust_alloc_error_handler_should_panic
|
||
to fix unresolved symbol
|
||
chromium-142-dawn_commit_hash.patch:
|
||
create gpu/webgpu/dawn_commit_hash.h which should be in tarball
|
||
chromium-142-rust_no_sanitize.patch:
|
||
revert rust change no_sanitize to sanitize=off
|
||
chromium-142-iwyu-field-form-data.patch
|
||
- drop chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
|
||
- update ppc patches
|
||
modified patches:
|
||
ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch#
|
||
ppc-fedora-0001-third-party-hwy-wrong-include.patch
|
||
ppc-fedora-0002-regenerate-xnn-buildgn.patch
|
||
ppc-fedora-add-ppc64-architecture-to-extensions.diff
|
||
removed patches:
|
||
ppc-fedora-fix-ppc64-rust_png-build-error.patch (obsolete)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 21 21:52:56 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 141.0.7390.122:
|
||
* CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 15 02:48:55 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 141.0.7390.107:
|
||
* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 9 21:12:28 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 141.0.7390.76:
|
||
* Do not send URLs as AIM input. This is to resolve a privacy
|
||
concern, around passing urls to AI Mode.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 9 08:53:01 UTC 2025 - Dirk Müller <dmueller@suse.com>
|
||
|
||
- exclude the main tarball from the src.rpm to reduce size
|
||
(it is anyway fully referenced, so no supply chain concern)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 8 12:04:56 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 141.0.7390.65 (boo#1251334):
|
||
* CVE-2025-11458: Heap buffer overflow in Sync
|
||
* CVE-2025-11460: Use after free in Storage
|
||
* CVE-2025-11211: Out of bounds read in WebCodecs
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 1 18:16:47 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 141.0.7390.54
|
||
(stable released 2025-09-30) (boo#1250780)
|
||
* CVE-2025-11205: Heap buffer overflow in WebGPU
|
||
* CVE-2025-11206: Heap buffer overflow in Video
|
||
* CVE-2025-11207: Side-channel information leakage in Storage
|
||
* CVE-2025-11208: Inappropriate implementation in Media
|
||
* CVE-2025-11209: Inappropriate implementation in Omnibox
|
||
* CVE-2025-11210: Side-channel information leakage in Tab
|
||
* CVE-2025-11211: Out of bounds read in Media
|
||
* CVE-2025-11212: Inappropriate implementation in Media
|
||
* CVE-2025-11213: Inappropriate implementation in Omnibox
|
||
* CVE-2025-11215: Off by one error in V8
|
||
* CVE-2025-11216: Inappropriate implementation in Storage
|
||
* CVE-2025-11219: Use after free in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
- added patches:
|
||
chromium-141-csss_style_sheet.patch (from fedora)
|
||
chromium-141-use_libcxx_modules.patch (from fedora)
|
||
chromium-141-no_cxx_modules.patch
|
||
(one more fallout from clang modules)
|
||
- modified patches: (context)
|
||
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
|
||
ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch
|
||
ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch
|
||
ppc-fedora-add-ppc64-architecture-to-extensions.diff
|
||
ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch
|
||
(updated from debian)
|
||
chromium-121-rust-clang_lib.patch (redone)
|
||
- keeplibs:
|
||
added third_party/federated_compute (pulled in)
|
||
added third_party/oak (needed by federated_compute)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 24 17:21:18 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 141.0.7390.37
|
||
(beta released 2025-09-24)
|
||
- modified patches:
|
||
chromium-125-compiler.patch
|
||
chromium-133-bring_back_and_disable_allowlist.patch
|
||
chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch
|
||
- dropped patches:
|
||
ppc-fedora-fix-rustc.patch (obsolete)
|
||
chromium-135-add_map_droppable.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 24 06:48:00 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 140.0.7339.207 (boo#1250472)
|
||
* CVE-2025-10890: Side-channel information leakage in V8
|
||
* CVE-2025-10891: Integer overflow in V8
|
||
* CVE-2025-10892: Integer overflow in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 22 10:34:45 CEST 2025 - ro@suse.de
|
||
|
||
- use the same llvm version on recent distros,
|
||
build currently fails with lvm21
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 18 00:54:55 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 140.0.7339.185 (stable released 2025-09-17) boo#1249999
|
||
* CVE-2025-10585: Type Confusion in V8
|
||
* CVE-2025-10500: Use after free in Dawn
|
||
* CVE-2025-10501: Use after free in WebRTC
|
||
* CVE-2025-10502: Heap buffer overflow in ANGLE
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 10 07:04:34 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 140.0.7339.127 (boo#1249388)
|
||
* CVE-2025-10200: Use after free in Serviceworker
|
||
* CVE-2025-10201: Inappropriate implementation in Mojo
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 2 22:29:06 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 140.0.7339.80 (boo#1249093):
|
||
* new permission prompt for local network access
|
||
* CVE-2025-9864: Use after free in V8
|
||
* CVE-2025-9865: Inappropriate implementation in Toolbar
|
||
* CVE-2025-9866: Inappropriate implementation in Extensions
|
||
* CVE-2025-9867: Inappropriate implementation in Downloads
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 2 23:02:23 CEST 2025 - ro@suse.de
|
||
|
||
- modified patches:
|
||
ppc-fedora-0002-regenerate-xnn-buildgn.patch
|
||
(updated from debian)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 28 18:06:15 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 140.0.7339.41
|
||
(early stable released 2025-08-27)
|
||
- modified patches:
|
||
chromium-125-compiler.patch
|
||
chromium-libusb_interrupt_event_handler.patch
|
||
gcc-enable-lto.patch
|
||
ppc-fedora-fix-unknown-warning-option-messages.diff
|
||
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
|
||
ppc-fedora-add-ppc64-architecture-to-extensions.diff
|
||
chromium-102-regex_pattern-array.patch
|
||
gtk-414.patch
|
||
ppc-fedora-fix-study-crash.patch
|
||
ppc-fedora-0002-regenerate-xnn-buildgn.patch (stub, needs to be redone)
|
||
ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
|
||
- added patches:
|
||
chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch
|
||
(revert of upstream patch
|
||
8393b61ba876c8e1614275c97767f9b06b889f48)
|
||
chromium-140-old-flac.patch (applied for flac < 1.5.0)
|
||
- change rust_version to 1.86
|
||
- keeplibs:
|
||
removed buildtools/third_party/eu-strip (gone upstream)
|
||
removed wasm_tts_engine (gone upstream)
|
||
- bump gn BuildReq to 0.20250619
|
||
- do not use system_harfbuzz for 16+ for now, unbundle is broken
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 27 12:12:26 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 139.0.7258.154 (boo#1248769)
|
||
* CVE-2025-9478: Use after free in ANGLE
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 19 21:07:41 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 139.0.7258.138 (boo#1248315):
|
||
* CVE-2025-9132: Out of bounds write in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 13 04:21:07 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 139.0.7258.127 (boo#1247981):
|
||
* CVE-2025-8879: Heap buffer overflow in libaom
|
||
* CVE-2025-8880: Race in V8
|
||
* CVE-2025-8901: Out of bounds write in ANGLE
|
||
* CVE-2025-8881: Inappropriate implementation in File Picker
|
||
* CVE-2025-8882: Use after free in Aura
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 7 15:48:37 CEST 2025 - ro@suse.de
|
||
|
||
- really install libffmpeg.so if using the bundled one
|
||
and block the extra dependency
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 6 12:47:40 CEST 2025 - ro@suse.de
|
||
|
||
- add patch:
|
||
chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
|
||
(CVE-2025-54874 bsc#1247661) fix missing error check in openjpeg
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 6 12:28:51 CEST 2025 - ro@suse.de
|
||
|
||
- re-add updated patch:
|
||
ppc-fedora-0002-regenerate-xnn-buildgn.patch
|
||
from https://src.fedoraproject.org/rpms/chromium/blob/
|
||
rawhide/f/0002-regenerate-xnn-buildgn.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 5 19:55:25 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 139.0.7258.66 (boo#1247664):
|
||
* CVE-2025-8576: Use after free in Extensions
|
||
* CVE-2025-8577: Inappropriate implementation in Picture In Picture
|
||
* CVE-2025-8578: Use after free in Cast
|
||
* CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
|
||
* CVE-2025-8580: Inappropriate implementation in Filesystems
|
||
* CVE-2025-8581: Inappropriate implementation in Extensions
|
||
* CVE-2025-8582: Insufficient validation of untrusted input in DOM
|
||
* CVE-2025-8583: Inappropriate implementation in Permissions
|
||
- modified patches:
|
||
gcc-enable-lto.patch
|
||
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
|
||
ppc-fedora-skia-vsx-instructions.patch
|
||
ppc-fedora-fix-partition-alloc-compile.patch
|
||
ppc-fedora-0001-add-xnn-ppc64el-support.patch
|
||
- dropped patches:
|
||
chromium-warning-suppression-mappings.patch (using cmdline switch)
|
||
chromium-93-ffmpeg-4.4.patch
|
||
- dropped the ffmpeg revert patches that were only applied for 15:
|
||
chromium-125-ffmpeg-5.x-reordered_opaque.patch
|
||
Cr122-ffmpeg-new-channel-layout.patch
|
||
ffmpeg-new-channel-layout.patch
|
||
chromium-106-ffmpeg-duration.patch
|
||
chromium-93-ffmpeg-4.4-rest.patch
|
||
chromium-138-revert_ffmpeg_FF_AV.patch
|
||
- added patches:
|
||
ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch
|
||
- keeplibs:
|
||
removed chrome/third_party/mozilla_security_manager
|
||
removed third_party/mesa
|
||
added third_party/ml_dtypes (needed in tflite/xla)
|
||
added third_party/readability (needed in tools/grit/grit)
|
||
added third_party/ffmpeg (gave up on reverting all recent
|
||
commits in the code using ffmpeg, need at least ffmpeg-7)
|
||
- remove disabled ppc-fedora-0002-regenerate-xnn-buildgn.patch
|
||
to please factory-auto
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 30 10:26:40 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 138.0.7204.183 (boo#1247365):
|
||
* CVE-2025-8292: Use after free in Media Stream
|
||
- try to switch to smaller linux tarball from
|
||
https://github.com/chromium-linux-tarballs)
|
||
- disable chromium-91-java-only-allowed-in-android-builds.patch
|
||
(not part of reduced tarball)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 29 10:44:14 CEST 2025 - ro@suse.de
|
||
|
||
- set official_build to true (like other distributions)
|
||
"official builds have less debugging and go faster..."
|
||
- added patches:
|
||
chromium-139-deterministic.patch
|
||
(undefine __DATE__,__TIME__ like without official-build set
|
||
to keep the build reproducible)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 24 18:23:20 CEST 2025 - ro@suse.de
|
||
|
||
- modified patches:
|
||
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
|
||
(update context to apply)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 22 21:31:06 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 138.0.7204.168 (boo#1246902):
|
||
* CVE-2025-8010: Type Confusion in V8
|
||
* CVE-2025-8011: Type Confusion in V8
|
||
* Various fixes from internal audits, fuzzing and other
|
||
initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 15 19:46:14 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 138.0.7204.157 (boo#1246558):
|
||
* CVE-2025-7656: Integer overflow in V8
|
||
* CVE-2025-6558: Incorrect validation of untrusted input in ANGLE
|
||
and GPU
|
||
* CVE-2025-7657: Use after free in WebRTC
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 9 16:52:34 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 138.0.7204.100:
|
||
* tweaks to the Google services settings page
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 1 12:18:23 CEST 2025 - ro@suse.de
|
||
|
||
- update from debian:
|
||
ppc-fedora-skia-vsx-instructions.patch
|
||
- dropped patches:
|
||
ppc-skia-revert-1.patch
|
||
ppc-skia-revert-2.patch
|
||
ppc-skia-revert-3.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 1 10:43:12 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 138.0.7204.96
|
||
(stable released 2025-06-30) (boo#1245544)
|
||
* CVE-2025-6554: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 25 10:32:36 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 138.0.7204.49
|
||
(stable released 2025-06-24) (boo#1245332)
|
||
* CVE-2025-6555: Use after free in Animation
|
||
* CVE-2025-6556: Insufficient policy enforcement in Loader
|
||
* CVE-2025-6557: Insufficient data validation in DevTools
|
||
|
||
- dropped patches:
|
||
chromium-137-heuristics_missing_includes.patch (upstream)
|
||
chromium-137-pdfium_fix_pattribute.patch (upstream)
|
||
- modified patches:
|
||
chromium-125-compiler.patch (context)
|
||
ffmpeg-new-channel-layout.patch (context)
|
||
chromium-134-revert-rust-adler2.patch (context,reverse application)
|
||
ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context)
|
||
ppc-fedora-0002-regenerate-xnn-buildgn.patch (context)
|
||
ppc-fedora-memory-allocator-dcheck-assert-fix.patch (context)
|
||
chromium-warning-suppression-mappings.patch (context)
|
||
- added patches:
|
||
(conditional revert for old ffmpeg,
|
||
upstream 129f48501a7c3fa4236234f2fa0aee490a845b59)
|
||
chromium-138-revert_ffmpeg_FF_AV.patch
|
||
- keeplibs:
|
||
removed third_party/distributed_point_functions
|
||
removed third_party/tflite/src/third_party/eigen3
|
||
removed third_party/webrtc/rtc_base/third_party/base64
|
||
added third_party/dragonbox
|
||
(needed by ../v8/src/numbers/conversions.cc )
|
||
- bump gn buildrequires to 0.20250520
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 17 23:36:50 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 137.0.7151.119
|
||
(stable release 2025-06-17) (boo#1244711)
|
||
* CVE-2025-6191: Integer overflow in V8
|
||
* CVE-2025-6192: Use after free in Profiler
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 12 09:05:12 UTC 2025 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||
|
||
- Replace usage of %jobs for reproducible builds (boo#1237231)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 11 12:18:31 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 137.0.7151.103
|
||
(stable release 2025-06-10) (boo#1244452)
|
||
* CVE-2025-5958: Use after free in Media
|
||
* CVE-2025-5959: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 3 12:48:01 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 137.0.7151.68
|
||
(stable release 2025-06-03) (boo#1244019)
|
||
* CVE-2025-5419: Out of bounds read and write in V8
|
||
* CVE-2025-5068: Use after free in Blink
|
||
- Google is aware that an exploit for CVE-2025-5419
|
||
exists in the wild.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 30 00:25:43 CEST 2025 - ro@suse.de
|
||
|
||
- added patches:
|
||
ppc-fedora-0001-add-xnn-ppc64el-support.patch
|
||
ppc-fedora-0002-regenerate-xnn-buildgn.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 28 01:08:19 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 137.0.7151.55
|
||
(stable release 2025-05-27) (boo#1243741)
|
||
* CVE-2025-5063: Use after free in Compositing
|
||
* CVE-2025-5280: Out of bounds write in V8
|
||
* CVE-2025-5064: Inappropriate implementation in Background Fetch API
|
||
* CVE-2025-5065: Inappropriate implementation in FileSystemAccess API
|
||
* CVE-2025-5066: Inappropriate implementation in Messages
|
||
* CVE-2025-5281: Inappropriate implementation in BFCache
|
||
* CVE-2025-5283: Use after free in libvpx
|
||
* CVE-2025-5067: Inappropriate implementation in Tab Strip
|
||
|
||
- dropped patches:
|
||
chromium-135-gperf-output.patch (upstream)
|
||
- modified patches:
|
||
chromium-125-compiler.patch (context)
|
||
chromium-127-rust-clanglib.patch (context)
|
||
ffmpeg-new-channel-layout.patch
|
||
(drop one hunk where upstream dropped the code)
|
||
system-libdrm.patch (context)
|
||
ppc-fedora-fix-partition-alloc-compile.patch (context)
|
||
ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch (context)
|
||
ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch (context)
|
||
- added patches:
|
||
chromium-137-pdfium_fix_pattribute.patch
|
||
(fix typo in pAttribute attributes)
|
||
chromium-137-heuristics_missing_includes.patch
|
||
(upstream patch 4c736420952f355f18bdc4f4ea2d16e4514fa034)
|
||
chromium-137-disruptive_notification_permissions_manager-missing_include.patch
|
||
(missing include)
|
||
- revert last skia patches for gather_unaligned until we have a port for ppc64le
|
||
ppc-skia-revert-1.patch
|
||
ppc-skia-revert-2.patch
|
||
ppc-skia-revert-3.patch
|
||
- keeplibs:
|
||
added third_party/compiler-rt
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 15 00:07:25 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 136.0.7103.113
|
||
(stable release 2025-05-14) (boo#1243205)
|
||
|
||
* CVE-2025-4664: Insufficient policy enforcement in Loader
|
||
* CVE-2025-4609: Incorrect handle provided in unspecified
|
||
circumstances in Mojo
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 12 17:13:38 CEST 2025 - ro@suse.de
|
||
|
||
- try build on ppc64le
|
||
- added patches (from fedora)
|
||
ppc-fedora-add-ppc64-architecture-string.patch
|
||
ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch
|
||
ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch
|
||
ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch
|
||
ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch
|
||
ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch
|
||
ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch
|
||
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
|
||
ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch
|
||
ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch
|
||
ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch
|
||
ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch
|
||
ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch
|
||
ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch
|
||
ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch
|
||
ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch
|
||
ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch
|
||
ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch
|
||
ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch
|
||
ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
|
||
ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch
|
||
ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch
|
||
ppc-fedora-0002-third_party-lss-kernel-structs.patch
|
||
ppc-fedora-0001-swiftshader-fix-build.patch
|
||
ppc-fedora-Rtc_base-system-arch.h-PPC.patch
|
||
ppc-fedora-0002-Include-cstddef-to-fix-build.patch
|
||
ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch
|
||
ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch
|
||
ppc-fedora-0001-third-party-hwy-wrong-include.patch
|
||
ppc-fedora-HACK-debian-clang-disable-base-musttail.patch
|
||
ppc-fedora-0001-Add-ppc64-target-to-libaom.patch
|
||
ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
|
||
ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch
|
||
ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch
|
||
ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch
|
||
ppc-fedora-skia-vsx-instructions.patch
|
||
ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch
|
||
ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch
|
||
ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch
|
||
ppc-fedora-fix-clang-selection.patch
|
||
ppc-fedora-fix-rustc.patch
|
||
ppc-fedora-fix-rust-linking.patch
|
||
ppc-fedora-fix-breakpad-compile.patch
|
||
ppc-fedora-fix-partition-alloc-compile.patch
|
||
ppc-fedora-fix-study-crash.patch
|
||
ppc-fedora-memory-allocator-dcheck-assert-fix.patch
|
||
ppc-fedora-fix-different-data-layouts.patch
|
||
ppc-fedora-0002-Add-ppc64-trap-instructions.patch
|
||
ppc-fedora-fix-ppc64-linux-syscalls-headers.patch
|
||
ppc-fedora-use-sysconf-page-size-on-ppc64.patch
|
||
ppc-fedora-0001-Enable-ppc64-pointer-compression.patch
|
||
ppc-fedora-dawn-fix-ppc64le-detection.patch
|
||
ppc-fedora-add-ppc64-architecture-to-extensions.diff
|
||
ppc-fedora-fix-unknown-warning-option-messages.diff
|
||
ppc-fedora-add-ppc64-pthread-stack-size.patch
|
||
ppc-fedora-fix-ppc64-rust_png-build-error.patch
|
||
- added patches
|
||
ppc-chromium-136-clang-config.patch
|
||
- disable swiftshader on ppc64le like on aarch64
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 7 10:17:50 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 136.0.7103.92
|
||
(stable release 2025-05-06) (boo#1242717)
|
||
* CVE-2025-4372: Use after free in WebAudio
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 2 16:40:19 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 136.0.7103.48
|
||
(stable release 2025-04-29) (boo#1242153)
|
||
* CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11
|
||
* CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09
|
||
* CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-1
|
||
* CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10
|
||
|
||
- added patches:
|
||
chromium-warning-suppression-mappings.patch
|
||
(from upstream, revert for llvm < 20)
|
||
- dropped patches:
|
||
fix-build-with-pipewire-1.3.82.patch (upstream)
|
||
- modified patches:
|
||
chromium-125-compiler.patch (context)
|
||
gtk-414.patch (one more place with GSK_SUBSURFACE_NODE)
|
||
- bump esbuild from 0.24.0 to 0.25.1
|
||
* Fix incorrect paths in inline source maps (#4070, #4075, #4105)
|
||
* Fix invalid generated source maps (#4080, #4082, #4104, #4107)
|
||
* Fix a regression with non-file source map paths (#4078)
|
||
* Update Go from 1.23.5 to 1.23.7 (#4076, #4077)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 24 01:38:01 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 135.0.7049.114
|
||
(stable release 2025-04-22)
|
||
* stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 22 14:28:27 CEST 2025 - ro@suse.de
|
||
|
||
- add patch chromium-135-gperf-output.patch from upstream
|
||
to fix compilation when using gperp-3.2 and above
|
||
which resolved the issue with the FALLTHROUGH comment
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 16 16:30:29 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 135.0.7049.95
|
||
(stable release 2025-04-15) (boo#1241288)
|
||
* CVE-2025-3619: Heap buffer overflow in Codecs
|
||
* CVE-2025-3620: Use after free in USB
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 10 12:27:46 CEST 2025 - ro@suse.de
|
||
|
||
- update chromium-121-rust-clang_lib.patch to apply cleanly
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 9 01:09:30 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 135.0.7049.84
|
||
(stable release 2025-04-08) (boo#1240968)
|
||
* CVE-2025-3066: Use after free in Site Isolation
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 4 10:30:57 CEST 2025 - ro@suse.de
|
||
|
||
- add patch chromium-135-add_map_droppable.patch
|
||
add MAP_DROPPABLE introduced by recent QT
|
||
(boo#1238826, boo#1239780)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 2 01:20:57 CEST 2025 - ro@suse.de
|
||
|
||
- Chromium 135.0.7049.52
|
||
(stable release 2025-04-01) (boo#1240555)
|
||
* CVE-2025-3066: Use after free in Navigations
|
||
* CVE-2025-3067: Inappropriate implementation in Custom Tabs
|
||
* CVE-2025-3068: Inappropriate implementation in Intents
|
||
* CVE-2025-3069: Inappropriate implementation in Extensions
|
||
* CVE-2025-3070: Insufficient validation of untrusted input in Extensions
|
||
* CVE-2025-3071: Inappropriate implementation in Navigations
|
||
* CVE-2025-3072: Inappropriate implementation in Custom Tabs
|
||
* CVE-2025-3073: Inappropriate implementation in Autofill
|
||
* CVE-2025-3074: Inappropriate implementation in Downloads
|
||
- modified patches:
|
||
system-libdrm.patch (context update)
|
||
gcc-enable-lto.patch (context update)
|
||
chromium-127-constexpr.patch (context update)
|
||
chromium-norar.patch (context update)
|
||
- added patches:
|
||
gtk-414.patch (reverse apply since our gtk4 is too old)
|
||
- add to keeplibs:
|
||
third_party/protobuf/third_party/utf8_range
|
||
- drop from keeplibs:
|
||
third_party/iccjpeg (gone upstream)
|
||
- config variable changed from use_qt to use_qt5
|
||
- bump buildrequires for gn to 0.20250306
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 26 12:29:38 CET 2025 - ro@suse.de
|
||
|
||
- drop chromium-134-revert-allowlist.patch
|
||
(obsolete, gn has been updated)
|
||
- also use nodejs 22 for sle15
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 22 14:18:24 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 134.0.6998.165
|
||
* stability fixes (boo#1240022)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 21 16:57:02 CET 2025 - ro@suse.de
|
||
|
||
- drop chromium-120-make_unique-struct.patch (not needed)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 20 12:05:15 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 134.0.6998.117
|
||
(stable released 2025-03-20) (boo#1239819)
|
||
* CVE-2025-2476: Use after free in Lens
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 19 12:37:13 CET 2025 - ro@suse.de
|
||
|
||
- use rust1.85
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 14 14:11:39 CET 2025 - ro@suse.de
|
||
|
||
- drop chromium-94-ffmpeg-roll.patch
|
||
(build fail after ffmpeg updated from 4.4 to 4.4.5 in code15)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 11 10:32:17 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 134.0.6998.88
|
||
(stable released 2025-03-11) (boo#1239216)
|
||
* CVE-2025-1920: Type Confusion in V8
|
||
* CVE-2025-2135: Type Confusion in V8
|
||
* CVE-TBD: Out of bounds write in GPU
|
||
* CVE-2025-2136: Use after free in Inspector
|
||
* CVE-2025-2137: Out of bounds read in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 5 16:56:22 CET 2025 - ro@suse.de
|
||
|
||
- replace patch
|
||
chromium-134-specialize-some-to_value_list.patch
|
||
by patch
|
||
chromium-134-type-mismatch-error.patch (from fedora)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 27 15:33:11 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 134.0.6998.35
|
||
(stable release 2025-03-04) (boo#1238575)
|
||
* CVE-2025-1914: Out of bounds read in V8
|
||
* CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools
|
||
* CVE-2025-1916: Use after free in Profiles
|
||
* CVE-2025-1917: Inappropriate Implementation in Browser UI
|
||
* CVE-2025-1918: Out of bounds read in PDFium
|
||
* CVE-2025-1919: Out of bounds read in Media
|
||
* CVE-2025-1921: Inappropriate Implementation in Media Stream
|
||
* CVE-2025-1922: Inappropriate Implementation in Selection
|
||
* CVE-2025-1923: Inappropriate Implementation in Permission Prompts
|
||
|
||
- modified patches:
|
||
fix_building_widevinecdm_with_chromium.patch
|
||
(do not define WIDEVINE_CDM_VERSION_STRING, gone upstream)
|
||
system-libdrm.patch (context update)
|
||
- added patches:
|
||
chromium-134-revert-allowlist.patch
|
||
(avoid having to update gn on all targets)
|
||
chromium-134-revert-rust-adler2.patch
|
||
(revert rust change from adler to adler2 while we have 1.83)
|
||
chromium-134-specialize-some-to_value_list.patch
|
||
- dropped patches (llvm17 is gone):
|
||
chromium-127-clang17-traitors.patch
|
||
chromium-add-atomicops.patch
|
||
chromium-133-string_view.patch
|
||
- add to keeplibs:
|
||
third_party/search_engines_data
|
||
v8/third_party/rapidhash-v8
|
||
- drop from keeplibs:
|
||
third_party/libavif (gone) (FIXME cleanup)
|
||
- reenable qt6 for TW
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 26 02:05:16 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 133.0.6943.141 (boo#1237699)
|
||
This update includes 1 security fix.
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 24 14:31:33 CET 2025 - ro@suse.de
|
||
|
||
- fix build with qt6 and enable qt6 also for 15.x
|
||
- added patches:
|
||
chromium-131-fix-qt-ui.pach (from fedora)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 19 07:13:06 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 133.0.6943.126 (boo#1237343)
|
||
* CVE-2025-0999: Heap buffer overflow in V8
|
||
* CVE-2025-1426: Heap buffer overflow in GPU
|
||
* CVE-2025-1006: Use after free in Network
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 18 17:12:14 CET 2025 - ro@suse.de
|
||
|
||
- replace "with qt" by "with qt5"
|
||
- add patch chromium-133-bring_back_and_disable_allowlist.patch
|
||
trying to fix issues with YT playback (bsc#1237071)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 14 09:12:39 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
|
||
|
||
- Fix patch to actually fix build with pipewire 1.3.82:
|
||
* fix-build-with-pipewire-1.3.82.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 13 08:22:29 UTC 2025 - Antonio Larrosa <alarrosa@suse.com>
|
||
|
||
- Add patch to fix build with pipewire 1.3.82:
|
||
* fix-build-with-pipewire-1.3.82.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 13 01:15:05 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 133.0.6943.98
|
||
(stable released 2025-02-12) (bsc#1237121)
|
||
* CVE-2025-0995: Use after free in V8
|
||
* CVE-2025-0996: Inappropriate implementation in Browser UI
|
||
* CVE-2025-0997: Use after free in Navigation
|
||
* CVE-2025-0998: Out of bounds memory access in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 5 10:36:43 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 133.0.6943.53
|
||
(stable released 2024-02-04) (bsc#1236806)
|
||
* CVE-2025-0444: Use after free in Skia
|
||
* CVE-2025-0445: Use after free in V8
|
||
* CVE-2025-0451: Inappropriate implementation in Extensions API
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 30 18:17:42 CET 2025 - ro@suse.de
|
||
|
||
- dropped patches: (obsolete with recent llvm)
|
||
chromium-130-no-hardware_destructive_interference_size.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 30 18:08:11 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 133.0.6943.35
|
||
(beta released 2025-01-29)
|
||
- use llvm19 also on 15.6/SLE-15-SP6
|
||
- dropped patches:
|
||
chromium-125-disable-FFmpegAllowLists.patch
|
||
chromium-119-assert.patch
|
||
(code dropped upstream)
|
||
- modified patches
|
||
chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch
|
||
(rest of code is gone upstream, see commit
|
||
574c1e6678da435efb2ea9dba5dd890c2704b8af)
|
||
- update context in
|
||
chromium-102-regex_pattern-array.patch
|
||
chromium-125-ffmpeg-5.x-reordered_opaque.patch
|
||
- add to keeplibs:
|
||
third_party/simdutf
|
||
third_party/wasm_tts_engine (needed by tools/grit)
|
||
v8/third_party/siphash (moved inside of v8)
|
||
v8/third_party/utf8-decoder (moved inside of v8)
|
||
v8/third_party/valgrind (moved inside of v8)
|
||
- drop from keeplibs (gone in source):
|
||
third_party/jstemplate does not exist
|
||
third_party/qcms does not exist
|
||
- drop buildreq for libevent and libevent from system libs
|
||
as the lib was dropped upstream
|
||
- added patches (as revert for llvm17 in sp6):
|
||
chromium-add-atomicops.patch
|
||
(upstream commit d29b01737a841b5627249d50f007dcdc7e26462b)
|
||
(upstream commit 780efe38034cfdc1bdf4c74e82e7ca7c14e8ac5b
|
||
does not seem to be in 133 yet)
|
||
chromium-133-string_view.patch
|
||
(one more place to use string_view, also only llvm17)
|
||
- update INSTALL.sh to generate appdata.xml from template
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 30 18:06:26 CET 2025 - ro@suse.de
|
||
|
||
- drop chromium-132-old_libdrm.patch
|
||
obsolete as we are not building for 15.5 anymore
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 29 06:10:35 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 132.0.6834.159 (boo#1236586)
|
||
* CVE-2025-0762: Use after free in DevTools
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 23 08:01:42 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 132.0.6834.110 (boo#1236306)
|
||
* CVE-2025-0611: Object corruption in V8
|
||
* CVE-2025-0612: Out of bounds memory access in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 13 13:21:48 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 132.0.6834.83
|
||
(stable released 2024-01-14) (bsc#1235892)
|
||
* CVE-2025-0434: Out of bounds memory access in V8
|
||
* CVE-2025-0435: Inappropriate implementation in Navigation
|
||
* CVE-2025-0436: Integer overflow in Skia
|
||
* CVE-2025-0437: Out of bounds read in Metrics
|
||
* CVE-2025-0438: Stack buffer overflow in Tracing
|
||
* CVE-2025-0439: Race in Frames
|
||
* CVE-2025-0440: Inappropriate implementation in Fullscreen
|
||
* CVE-2025-0441: Inappropriate implementation in Fenced Frames
|
||
* CVE-2025-0442: Inappropriate implementation in Payments
|
||
* CVE-2025-0443: Insufficient data validation in Extensions
|
||
* CVE-2025-0446: Inappropriate implementation in Extensions
|
||
* CVE-2025-0447: Inappropriate implementation in Navigation
|
||
* CVE-2025-0448: Inappropriate implementation in Compositing
|
||
|
||
- dropped patches:
|
||
* chromium-131-unbundle-enable-freetype.patch (upstream)
|
||
- added patches:
|
||
* chromium-8d882c289f17e3a67d6d67d5ff7e9d16ebb4f19a.patch
|
||
(apply git upstream reverse for 15.x with llvm17)
|
||
* chromium-93-ffmpeg-4.4-rest.patch
|
||
(split off to only apply after the reverse)
|
||
* chromium-132-old_libdrm.patch
|
||
(applied only on 15.5 with libdrm < 2.4.116)
|
||
* chromium-132-pdfium-explicit-template.patch
|
||
(error: alias template requires template arguments)
|
||
- update context in
|
||
* chromium-125-compiler.patch
|
||
* chromium-127-rust-clanglib.patch
|
||
* Cr122-ffmpeg-new-channel-layout.patch
|
||
* gcc-enable-lto.patch
|
||
* chromium-127-constexpr.patch
|
||
- update esbuild to 0.24.0
|
||
- drop old tarball
|
||
- use upstream release tarball for 0.24.0
|
||
- add vendor tarball for golang.org/x/sys
|
||
- add to keeplibs:
|
||
third_party/libtess2
|
||
third_party/devtools-frontend/src/node_modules/fast-glob
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 10 14:56:40 CET 2025 - ro@suse.de
|
||
|
||
- more work on 15.7/15-SP7 using recent llvm,rust,gcc
|
||
- cleanup use of suse_version macro
|
||
- cleanup use of conditionally applied patches, switch from
|
||
autoset to setup/autopatch which allows to specify a range
|
||
and apply remaining patches conditionally
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 8 11:18:49 CET 2025 - ro@suse.de
|
||
|
||
- Chromium 131.0.6778.264 (boo#1235422)
|
||
* CVE-2025-0291: Type Confusion in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 19 14:58:31 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 131.0.6778.204 (boo#1234704)
|
||
* CVE-2024-12692: Type Confusion in V8
|
||
* CVE-2024-12693: Out of bounds memory access in V8
|
||
* CVE-2024-12694: Use after free in Compositing
|
||
* CVE-2024-12695: Out of bounds write in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 11 01:24:06 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 131.0.6778.139 (boo#1234361)
|
||
* CVE-2024-12381: Type Confusion in V8
|
||
* CVE-2024-12382: Use after free in Translate
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 4 10:31:04 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 131.0.6778.108
|
||
(stable released 2024-12-04) (boo#1234118)
|
||
* CVE-2024-12053: Type Confusion in V8
|
||
- update patches:
|
||
chromium-127-constexpr.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 20 23:20:12 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 131.0.6778.85
|
||
(stable released 2024-11-19) (boo#1233534)
|
||
* CVE-2024-11395: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 7 00:32:31 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 131.0.6778.69
|
||
(stable released 2024-11-12) (boo#1233311)
|
||
* CVE-2024-11110: Inappropriate implementation in Blink.
|
||
* CVE-2024-11111: Inappropriate implementation in Autofill.
|
||
* CVE-2024-11112: Use after free in Media.
|
||
(n/a for linux)
|
||
* CVE-2024-11113: Use after free in Accessibility.
|
||
* CVE-2024-11114: Inappropriate implementation in Views.
|
||
(n/a for linux)
|
||
* CVE-2024-11115: Insufficient policy enforcement in Navigation.
|
||
(n/a for linux)
|
||
* CVE-2024-11116: Inappropriate implementation in Paint.
|
||
* CVE-2024-11117: Inappropriate implementation in FileSystem.
|
||
|
||
- dropped patches:
|
||
* chromium-130-missing-includes.patch (upstream)
|
||
* chromium-125-lp155-typename.patch (not required with llvm)
|
||
- modified patches:
|
||
* chromium-127-bindgen.patch (drop all allowlist changes)
|
||
* chromium-127-constexpr.patch (update from debian patch)
|
||
- added patches:
|
||
* chromium-131-unbundle-enable-freetype.patch
|
||
from git, missing in 131 release
|
||
* chromium-131-clang-stack-protector.patch
|
||
(partial revert of upstream commit
|
||
c3dadb02f611a360fb40fd8844ed3c1ef1e7834e)
|
||
|
||
- drop from keeplibs: (deleted upstream)
|
||
third_party/devtools-frontend/src/front_end/third_party/lodash-isequal
|
||
- add to keeplibs:
|
||
third_party/tflite/src/third_party/xla/xla/tsl (drop subdirs)
|
||
third_party/ink
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 6 00:52:13 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 130.0.6723.116 (boo#1232843)
|
||
* CVE-2024-10826: Use after free in Family Experiences
|
||
* CVE-2024-10827: Use after free in Serial
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 30 11:16:19 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 130.0.6723.91 (boo#1232566)
|
||
* CVE-2024-10487: Out of bounds write in Dawn
|
||
* CVE-2024-10488: Use after free in WebRTC
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 28 12:13:15 CET 2024 - ro@suse.de
|
||
|
||
- change BR for rust to require version 1.81
|
||
(1.82 uses a newer llvm)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 26 08:16:55 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 130.0.6723.69 (boo#1232060)
|
||
* CVE-2024-10229: Inappropriate implementation in Extensions
|
||
* CVE-2024-10230: Type Confusion in V8
|
||
* CVE-2024-10231: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 12 10:45:36 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 130.0.6723.58 (boo#1231694)
|
||
* CVE-2024-9954: Use after free in AI
|
||
* CVE-2024-9955: Use after free in Web Authentication
|
||
* CVE-2024-9956: Inappropriate implementation in Web Authentication
|
||
* CVE-2024-9957: Use after free in UI
|
||
* CVE-2024-9958: Inappropriate implementation in PictureInPicture
|
||
* CVE-2024-9959: Use after free in DevTools
|
||
* CVE-2024-9960: Use after free in Dawn
|
||
* CVE-2024-9961: Use after free in Parcel Tracking
|
||
* CVE-2024-9962: Inappropriate implementation in Permissions
|
||
* CVE-2024-9963: Insufficient data validation in Downloads
|
||
* CVE-2024-9964: Inappropriate implementation in Payments
|
||
* CVE-2024-9965: Insufficient data validation in DevTools
|
||
* CVE-2024-9966: Inappropriate implementation in Navigations
|
||
- modified patches:
|
||
* exclude_ymp.patch update context
|
||
* chromium-125-compiler.patch update context
|
||
* chromium-125-lp155-typename.patch drop hunks for rewritten
|
||
proto_fetcher.h
|
||
* chromium-127-bindgen.patch update context
|
||
- added patches:
|
||
* chromium-130-missing-includes.patch include optional, stack
|
||
* chromium-130-no-hardware_destructive_interference_size.patch
|
||
workaround for older libcpp
|
||
- drop from keeplibs:
|
||
courgette/third_party dropped upstream
|
||
- add to keepllibs:
|
||
third_party/fast_float needed by v8/src/numbers/conversion.cc
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 12 10:07:57 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 129.0.6668.100 (boo#1231420)
|
||
* CVE-2024-9602: Type Confusion in V8
|
||
* CVE-2024-9603: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 2 10:54:17 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 129.0.6668.89 (stable released 2024-09-24)
|
||
(boo#1231232)
|
||
* CVE-2024-7025: Integer overflow in Layout
|
||
* CVE-2024-9369: Insufficient data validation in Mojo
|
||
* CVE-2024-9370: Inappropriate implementation in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 25 16:01:32 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 129.0.6668.70 (stable released 2024-09-24)
|
||
(boo#1230964)
|
||
* CVE-2024-9120: Use after free in Dawn
|
||
* CVE-2024-9121: Inappropriate implementation in V8
|
||
* CVE-2024-9122: Type Confusion in V8
|
||
* CVE-2024-9123: Integer overflow in Skia
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 19 15:23:46 CEST 2024 - ro@suse.de
|
||
|
||
- bump BR for nodejs to minimal 20.0
|
||
- dropped patches:
|
||
* chromium-disable-GlobalMediaControlsCastStartStop.patch
|
||
it was applied at the wrong place and the crash is gone
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 18 17:29:16 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 129.0.6668.58 (stable released 2024-09-17)
|
||
(boo#1230678)
|
||
* CVE-2024-8904: Type Confusion in V8
|
||
* CVE-2024-8905: Inappropriate implementation in V8
|
||
* CVE-2024-8906: Incorrect security UI in Downloads
|
||
* CVE-2024-8907: Insufficient data validation in Omnibox
|
||
* CVE-2024-8908: Inappropriate implementation in Autofill
|
||
* CVE-2024-8909: Inappropriate implementation in UI
|
||
- modified patches:
|
||
* chromium-prop-codecs.patch update context
|
||
- add to keeplibs:
|
||
third_party/rapidhash
|
||
- drop from keeplibs:
|
||
third_party/libudev dropped upstream
|
||
third_party/catapult/third_party/html5lib-python dropped upstream
|
||
- add patches:
|
||
chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch
|
||
(not in our ffmpeg yet)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 11 12:07:53 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391)
|
||
* CVE-2024-8636: Heap buffer overflow in Skia
|
||
* CVE-2024-8637: Use after free in Media Router
|
||
* CVE-2024-8638: Type Confusion in V8
|
||
* CVE-2024-8639: Use after free in Autofill
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 3 14:42:04 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108)
|
||
* CVE-2024-8362: Use after free in WebAudio
|
||
* CVE-2024-7970: Out of bounds write in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 29 04:50:54 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 128.0.6613.113 (boo#1229897)
|
||
* CVE-2024-7969: Type Confusion in V8
|
||
* CVE-2024-8193: Heap buffer overflow in Skia
|
||
* CVE-2024-8194: Type Confusion in V8
|
||
* CVE-2024-8198: Heap buffer overflow in Skia
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 21 21:10:50 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 128.0.6613.84 (boo#1229591)
|
||
* CVE-2024-7964: Use after free in Passwords
|
||
* CVE-2024-7965: Inappropriate implementation in V8
|
||
* CVE-2024-7966: Out of bounds memory access in Skia
|
||
* CVE-2024-7967: Heap buffer overflow in Fonts
|
||
* CVE-2024-7968: Use after free in Autofill
|
||
* CVE-2024-7969: Type Confusion in V8
|
||
* CVE-2024-7971: Type confusion in V8
|
||
* CVE-2024-7972: Inappropriate implementation in V8
|
||
* CVE-2024-7973: Heap buffer overflow in PDFium
|
||
* CVE-2024-7974: Insufficient data validation in V8 API
|
||
* CVE-2024-7975: Inappropriate implementation in Permissions
|
||
* CVE-2024-7976: Inappropriate implementation in FedCM
|
||
* CVE-2024-7977: Insufficient data validation in Installer
|
||
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
|
||
* CVE-2024-7979: Insufficient data validation in Installer
|
||
* CVE-2024-7980: Insufficient data validation in Installer
|
||
* CVE-2024-7981: Inappropriate implementation in Views
|
||
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
|
||
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
|
||
* CVE-2024-8035: Inappropriate implementation in Extensions
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 19 00:24:44 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 128.0.6613.36 (boo#1229426)
|
||
- modified patches:
|
||
* chromium-norar.patch drop most hunks,
|
||
upstream has a config for this now
|
||
* gcc-enable-lto.patch update context
|
||
* chromium-125-compiler.patch update context
|
||
* chromium-127-constexpr.patch update context
|
||
- drop patches: (should be obsolete with llvm>17 and libc++)
|
||
chromium-120-emplace.patch
|
||
chromium-125-emplace-struct.patch
|
||
- drop patches: (upstream)
|
||
* chromium-121-nullptr_t-without-namespace-std.patch
|
||
* chromium-123-stats-collector.patch
|
||
* chromium-127-paint-layer-header.patch
|
||
* chromium-127-ninja-1.21.1-deps-part0.patch
|
||
* chromium-127-ninja-1.21.1-deps-part1.patch
|
||
* chromium-127-ninja-1.21.1-deps-part2.patch
|
||
* chromium-127-ninja-1.21.1-deps-part3.patch
|
||
- disable rpmlint only for factory/tw where it is broken because
|
||
of the large archive size of the source here
|
||
- keeplibs add
|
||
third_party/devtools-frontend/src/front_end/third_party/
|
||
puppeteer/package/lib/esm/third_party/parsel-js
|
||
third_party/tflite/src/third_party/xla/xla/tsl/framework
|
||
- buildflags add
|
||
safe_browsing_use_unrar=false
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 15 15:35:42 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 127.0.6533.119 (boo#1228941)
|
||
* CVE-2024-7532: Out of bounds memory access in ANGLE
|
||
* CVE-2024-7533: Use after free in Sharing
|
||
* CVE-2024-7550: Type Confusion in V8
|
||
* CVE-2024-7534: Heap buffer overflow in Layout
|
||
* CVE-2024-7535: Inappropriate implementation in V8
|
||
* CVE-2024-7536: Use after free in WebAudio
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 1 18:40:59 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
|
||
* CVE-2024-6988: Use after free in Downloads
|
||
* CVE-2024-6989: Use after free in Loader
|
||
* CVE-2024-6991: Use after free in Dawn
|
||
* CVE-2024-6992: Out of bounds memory access in ANGLE
|
||
* CVE-2024-6993: Inappropriate implementation in Canvas
|
||
* CVE-2024-6994: Heap buffer overflow in Layout
|
||
* CVE-2024-6995: Inappropriate implementation in Fullscreen
|
||
* CVE-2024-6996: Race in Frames
|
||
* CVE-2024-6997: Use after free in Tabs
|
||
* CVE-2024-6998: Use after free in User Education
|
||
* CVE-2024-6999: Inappropriate implementation in FedCM
|
||
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
|
||
* CVE-2024-7001: Inappropriate implementation in HTML
|
||
* CVE-2024-7003: Inappropriate implementation in FedCM
|
||
* CVE-2024-7004: Insufficient validation of untrusted input
|
||
in Safe Browsing
|
||
* CVE-2024-7005: Insufficient validation of untrusted input
|
||
in Safe Browsing
|
||
* CVE-2024-6990: Uninitialized Use in Dawn
|
||
* CVE-2024-7255: Out of bounds read in WebTransport
|
||
* CVE-2024-7256: Insufficient data validation in Dawn
|
||
- drop patches:
|
||
* chromium-115-compiler-SkColor4f.patch only for llvm < 16
|
||
* chromium-117-system-zstd.patch upstreamed
|
||
* chromium-122-workaround_clang_bug-structured_binding.patch
|
||
* chromium-125-tabstrip-include.patch upstreamed
|
||
* chromium-126-missing-header-files.patch
|
||
* chromium-126-RealTimeReportingBindings-missing-decl.patch
|
||
upstreamed
|
||
* chromium-126-no_matching_constructor.patch
|
||
* chromium-126-no-format.patch upstreamed
|
||
- switch from libstdc++ to libc++
|
||
- drop patches obsolete when using libc++
|
||
* chromium-126-debian-bad-font-gc00000.patch
|
||
* chromium-126-debian-bad-font-gc2.patch
|
||
* chromium-126-debian-bad-font-gc1.patch
|
||
* chromium-126-debian-bad-font-gc00.patch
|
||
* chromium-126-debian-bad-font-gc000.patch
|
||
* chromium-126-debian-bad-font-gc11.patch
|
||
* chromium-126-debian-bad-font-gc0.patch
|
||
* chromium-126-debian-bad-font-gc0000.patch
|
||
* chromium-126-debian-bad-font-gc3.patch
|
||
- modify patches:
|
||
* chromium-125-lp155-typename.patch
|
||
- drop hunk in model_execution_util.h
|
||
- drop hunk in model_quality_log_entry.h
|
||
- dropping from keeplibs: (does not exist)
|
||
base/third_party/valgrind
|
||
third_party/maldoca
|
||
third_party/maldoca/src/third_party
|
||
- requires updated gn to build (newer than Feb 14 2024)
|
||
- add patches:
|
||
* chromium-127-bindgen.patch (from debian/patches/fixes))
|
||
* chromium-127-rust-clanglib.patch (just first hunk from fedora)
|
||
* chromium-127-clang17-traitors.patch
|
||
workaround for clang < 18 from debiana (only used on 15.6)
|
||
* chromium-127-constexpr.patch (from debian/patches/bookworm)
|
||
* chromium-127-paint-layer-header.patch (from debian/patches/upstream)
|
||
* chromium-127-ninja-1.21.1-deps-part0.patch (from fedora)
|
||
* chromium-127-ninja-1.21.1-deps-part1.patch (from fedora)
|
||
* chromium-127-ninja-1.21.1-deps-part2.patch (from fedora)
|
||
* chromium-127-ninja-1.21.1-deps-part3.patch (from fedora)
|
||
- buildrequire rust-bindgen to get proper binaries per arch
|
||
- use qt5 for factory as well, qt6 fails with:
|
||
ld.lld: error: undefined symbol: QByteArray::toStdString() const
|
||
referenced by qt_shim.cc
|
||
obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const)
|
||
- drop patches:
|
||
* chromium-125-debian-bad-font-gc11.patch
|
||
* chromium-125-debian-bad-font-gc0000.patch
|
||
* chromium-125-debian-bad-font-gc00.patch
|
||
* chromium-125-debian-bad-font-gc0.patch
|
||
* chromium-125-debian-bad-font-gc000.patch
|
||
* chromium-125-debian-bad-font-gc1.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 17 16:11:41 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 126.0.6478.182 (boo#1227979)
|
||
* CVE-2024-6772: Inappropriate implementation in V8
|
||
* CVE-2024-6773: Type Confusion in V8
|
||
* CVE-2024-6774: Use after free in Screen Capture
|
||
* CVE-2024-6775: Use after free in Media Stream
|
||
* CVE-2024-6776: Use after free in Audio
|
||
* CVE-2024-6777: Use after free in Navigation
|
||
* CVE-2024-6778: Race in DevTools
|
||
* CVE-2024-6779: Out of bounds memory access in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 9 10:09:56 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Finalize 126
|
||
- Removed patches:
|
||
* chromium-125-debian-bad-font-gc2.patch
|
||
* chromium-125-debian-bad-font-gc3.patch
|
||
- Added patches:
|
||
* chromium-126-RealTimeReportingBindings-missing-decl.patch
|
||
* chromium-126-no-format.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 1 14:09:50 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
|
||
* CVE-2024-6290: Use after free in Dawn
|
||
* CVE-2024-6291: Use after free in Swiftshader
|
||
* CVE-2024-6292: Use after free in Dawn
|
||
* CVE-2024-6293: Use after free in Dawn
|
||
* CVE-2024-6100: Type Confusion in V8
|
||
* CVE-2024-6101: Inappropriate implementation in WebAssembly
|
||
* CVE-2024-6102: Out of bounds memory access in Dawn
|
||
* CVE-2024-6103: Use after free in Dawn
|
||
* CVE-2024-5830: Type Confusion in V8
|
||
* CVE-2024-5831: Use after free in Dawn
|
||
* CVE-2024-5832: Use after free in Dawn
|
||
* CVE-2024-5833: Type Confusion in V8
|
||
* CVE-2024-5834: Inappropriate implementation in Dawn
|
||
* CVE-2024-5835: Heap buffer overflow in Tab Groups
|
||
* CVE-2024-5836: Inappropriate Implementation in DevTools
|
||
* CVE-2024-5837: Type Confusion in V8
|
||
* CVE-2024-5838: Type Confusion in V8
|
||
* CVE-2024-5839: Inappropriate Implementation in Memory Allocator
|
||
* CVE-2024-5840: Policy Bypass in CORS
|
||
* CVE-2024-5841: Use after free in V8
|
||
* CVE-2024-5842: Use after free in Browser UI
|
||
* CVE-2024-5843: Inappropriate implementation in Downloads
|
||
* CVE-2024-5844: Heap buffer overflow in Tab Strip
|
||
* CVE-2024-5845: Use after free in Audio
|
||
* CVE-2024-5846: Use after free in PDFium
|
||
* CVE-2024-5847: Use after free in PDFium
|
||
- drop patches:
|
||
* chromium-disable-parallel-gold.patch
|
||
* chromium-125-appservice-include.patch
|
||
* chromium-125-lens-include.patch
|
||
* chromium-125-mojo-bindings-include.patch
|
||
* chromium-125-no-vector-consts.patch
|
||
* chromium-125-vulkan-include.patch
|
||
* chromium-125-ninja.patch
|
||
* chromium-125-no_matching_constructor.patch
|
||
* chromium-125-missing-header-files.patch
|
||
- add patches:
|
||
* chromium-126-missing-header-files.patch
|
||
* chromium-126-quiche-interator.patch
|
||
* chromium-126-no_matching_constructor.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 12 13:00:59 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Amend fix_building_widevinecdm_with_chromium.patch to allow
|
||
Widevine on ARM64 (bsc#1226170)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 31 07:29:22 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 125.0.6422.141 (boo#1225690)
|
||
* CVE-2024-5493: Heap buffer overflow in WebRTC
|
||
* CVE-2024-5494: Use after free in Dawn
|
||
* CVE-2024-5495: Use after free in Dawn
|
||
* CVE-2024-5496: Use after free in Media Session
|
||
* CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
|
||
* CVE-2024-5498: Use after free in Presentation API
|
||
* CVE-2024-5499: Out of bounds write in Streams API
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 24 04:24:22 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 125.0.6422.112
|
||
* CVE-2024-5274: Type Confusion in V8 (boo#1225199)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 21 20:47:44 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 125.0.6422.76 (boo#1224818)
|
||
* CVE-2024-5157: Use after free in Scheduling
|
||
* CVE-2024-5158: Type Confusion in V8
|
||
* CVE-2024-5159: Heap buffer overflow in ANGLE
|
||
* CVE-2024-5160: Heap buffer overflow in Dawn
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 16 16:57:33 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 125.0.6422.60 (boo#1224341)
|
||
* CVE-2024-4947: Type Confusion in V8
|
||
* CVE-2024-4948: Use after free in Dawn
|
||
* CVE-2024-4949: Use after free in V8
|
||
* CVE-2024-4950: Inappropriate implementation in Downloads
|
||
|
||
- Chromium 125.0.6422.41
|
||
* New upstream (early) stable release.
|
||
|
||
- drop upstreamed patches:
|
||
* chromium-124-uint-includes.patch
|
||
* chromium-124-fps-optional.patch
|
||
* chromium-124-span-optional.patch
|
||
* chromium-124-extractor-bitset.patch
|
||
* chromium-124-atomic.patch
|
||
* chromium-124-webgpu-optional.patch
|
||
* chromium-124-angle-powf.patch
|
||
|
||
- add debian upstream patches added for 125:
|
||
* chromium-125-appservice-include.patch
|
||
* chromium-125-lens-include.patch
|
||
* chromium-125-mojo-bindings-include.patch
|
||
* chromium-125-no-vector-consts.patch
|
||
* chromium-125-vulkan-include.patch
|
||
* chromium-125-tabstrip-include.patch
|
||
* chromium-125-ninja.patch
|
||
|
||
- add debian fixes patches to fix font gc crashes:
|
||
* chromium-125-debian-bad-font-gc0000.patch
|
||
* chromium-125-debian-bad-font-gc000.patch
|
||
* chromium-125-debian-bad-font-gc00.patch
|
||
* chromium-125-debian-bad-font-gc0.patch
|
||
* chromium-125-debian-bad-font-gc11.patch
|
||
* chromium-125-debian-bad-font-gc1.patch
|
||
* chromium-125-debian-bad-font-gc2.patch
|
||
* chromium-125-debian-bad-font-gc3.patch
|
||
|
||
- add from fedora (reverse applied for older ffmpeg):
|
||
* chromium-125-ffmpeg-5.x-reordered_opaque.patch
|
||
|
||
- re-diff and rename:
|
||
* from chromium-110-compiler.patch
|
||
to chromium-125-compiler.patch
|
||
* from chromium-120-emplace-struct.patch
|
||
to chromium-125-emplace-struct.patch
|
||
* from chromium-disable-FFmpegAllowLists.patch
|
||
to chromium-125-disable-FFmpegAllowLists.patch
|
||
* from chromium-122-missing-header-files.patch
|
||
to chromium-125-missing-header-files.patch
|
||
* from chromium-122-no_matching_constructor.patch
|
||
to chromium-125-no_matching_constructor.patch
|
||
* from chromium-122-lp155-typename.patch
|
||
to chromium-125-lp155-typename.patch
|
||
|
||
- third_party/zstd
|
||
added to keeplibs for
|
||
third_party/blink/renderer/platform:platform
|
||
- third_party/tflite/src/third_party/xla/xla/tsl/util
|
||
added to keeplibs for
|
||
third_party/tflite/tflite
|
||
- third_party/lens_server_proto
|
||
added to keeplibs for
|
||
gen/third_party/lens_server_proto
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 14 05:03:09 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 124.0.6367.207 (boo#1224294)
|
||
* CVE-2024-4761: Out of bounds write in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 10 12:16:29 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 124.0.6367.201 (boo#1224208)
|
||
* CVE-2024-4671: Use after free in Visuals
|
||
- Chromium 124.0.6367.155 (boo#1224045)
|
||
* CVE-2024-4558: Use after free in ANGLE
|
||
* CVE-2024-4559: Heap buffer overflow in WebAudio
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 3 11:10:19 CEST 2024 - ro@suse.de
|
||
|
||
- drop patches:
|
||
* chromium-123-WebUI-static_assert.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 2 19:41:37 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 124.0.6367.118 (boo#1223846)
|
||
* CVE-2024-4331: Use after free in Picture In Picture
|
||
* CVE-2024-4368: Use after free in Dawn
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 1 11:29:39 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add patches:
|
||
* chromium-123-missing-QtGui.patch
|
||
- Restore libxml 2.12 check for chromium-124-system-libxml.patch
|
||
which replaced chromium-121-blink-libxml-const.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 26 14:56:40 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 124.0.6367.78 (boo#1223845)
|
||
* CVE-2024-4058: Type Confusion in ANGLE
|
||
* CVE-2024-4059: Out of bounds read in V8 API
|
||
* CVE-2024-4060: Use after free in Dawn
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 17 17:38:12 CEST 2024 - ro@suse.de
|
||
|
||
- Chromium 124.0.6367.60 (boo#1222958)
|
||
* CVE-2024-3832: Object corruption in V8.
|
||
* CVE-2024-3833: Object corruption in WebAssembly.
|
||
* CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
|
||
* CVE-2024-3837: Use after free in QUIC.
|
||
* CVE-2024-3838: Inappropriate implementation in Autofill.
|
||
* CVE-2024-3839: Out of bounds read in Fonts.
|
||
* CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
|
||
* CVE-2024-3841: Insufficient data validation in Browser Switcher.
|
||
* CVE-2024-3843: Insufficient data validation in Downloads.
|
||
* CVE-2024-3844: Inappropriate implementation in Extensions.
|
||
* CVE-2024-3845: Inappropriate implementation in Network.
|
||
* CVE-2024-3846: Inappropriate implementation in Prompts.
|
||
* CVE-2024-3847: Insufficient policy enforcement in WebUI.
|
||
- drop patches:
|
||
* chromium-123-optional2.patch
|
||
* chromium-122-avoid-SFINAE-TypeConverter.patch
|
||
* chromium-123-PA-InternalAllocator.patch
|
||
- rediff patches:
|
||
* chromium-110-compiler.patch
|
||
* chromium-120-emplace.patch
|
||
* chromium-122-no_matching_constructor.patch
|
||
* chromium-122-lp155-typename.patch
|
||
- add patches: from debian/fixes
|
||
* chromium-123-stats-collector.patch
|
||
- add patches: from debian/upstream
|
||
* chromium-124-angle-powf.patch
|
||
* chromium-124-atomic.patch
|
||
* chromium-124-extractor-bitset.patch
|
||
* chromium-124-fps-optional.patch
|
||
* chromium-124-span-optional.patch
|
||
* chromium-124-uint-includes.patch
|
||
* chromium-124-webgpu-optional.patch
|
||
- add patches:
|
||
* chromium-123-WebUI-static_assert.patch
|
||
workaround for compile issue in webui_contents_wrapper.h
|
||
* chromium-124-system-libxml.patch (from fedora)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 14 11:06:41 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 123.0.6312.122 (boo#1222707)
|
||
* CVE-2024-3157: Out of bounds write in Compositing
|
||
* CVE-2024-3516: Heap buffer overflow in ANGLE
|
||
* CVE-2024-3515: Use after free in Dawn
|
||
- Chromium 123.0.6312.105 (boo#1222260)
|
||
* CVE-2024-3156: Inappropriate implementation in V8
|
||
* CVE-2024-3158: Use after free in Bookmarks
|
||
* CVE-2024-3159: Out of bounds memory access in V8
|
||
- Chromium 123.0.6312.86 (boo#1222035)
|
||
* CVE-2024-2883: Use after free in ANGLE
|
||
* CVE-2024-2885: Use after free in Dawn
|
||
* CVE-2024-2886: Use after free in WebCodecs
|
||
* CVE-2024-2887: Type Confusion in WebAssembly
|
||
- Chromium 123.0.6312.58 (boo#1221732)
|
||
* CVE-2024-2625: Object lifecycle issue in V8
|
||
* CVE-2024-2626: Out of bounds read in Swiftshader
|
||
* CVE-2024-2627: Use after free in Canvas
|
||
* CVE-2024-2628: Inappropriate implementation in Downloads
|
||
- drop patches:
|
||
* chromium-117-blink-BUILD-mnemonic.patch
|
||
* chromium-121-blink-libxml-const.patch
|
||
* chromium-122-BookmarkNode-missing-operator.patch
|
||
* chromium-122-WebUI-static_assert.patch
|
||
* chromium-122-PA-undo-internal-alloc.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 18 13:13:01 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Use Python 3.11 on Leap
|
||
- Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch
|
||
to chromium-122-WebUI-static_assert.patch
|
||
- Rename chromium-122-disable-FFmpegAllowLists.patch to
|
||
chromium-disable-FFmpegAllowLists.patch
|
||
- Rename chromium-122-static-assert.patch to
|
||
chromium-122-BookmarkNode-missing-operator.patch
|
||
- Rename chromium-122-undo-internal-alloc.patch to
|
||
chromium-122-PA-undo-internal-alloc.patch
|
||
- Rename chromium-122-typename.patch to
|
||
chromium-122-lp155-typename.patch
|
||
- Removed patches:
|
||
* chromium-121-v8-c++20-p1.patch
|
||
* chromium-121-v8-c++20.patch
|
||
* chromium-122-unique_ptr.patch
|
||
* chromium-122-python3-assignment-expressions.patch
|
||
* chromium-122-el8-support-64kpage.patch
|
||
* chromium-122-el7-inline-function.patch
|
||
* chromium-122-el7-extra-operator.patch
|
||
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
|
||
* chromium-122-constexpr.patch
|
||
* chromium-122-clang-build-flags.patch
|
||
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
|
||
* chromium-122-clang16-buildflags.patch
|
||
* chromium-122-arm64-memory_tagging.patch
|
||
* chromium-121-el7-clang-version-warning.patch
|
||
* chromium-116-lp155-url_load_stats-size-t.patch
|
||
* chromium-icu72-2.patch
|
||
* chromium-122-debian-upstream-mojo.patch
|
||
- Patches merged into other patches:
|
||
* chromium-122-debian-upstream-bitset.patch
|
||
* chromium-122-debian-upstream-optional.patch
|
||
* chromium-122-debian-upstream-uniqptr.patch
|
||
* chromium-122-debian-fixes-optional.patch
|
||
* chromium-122-norar.patch
|
||
- Restore time clamper change to
|
||
chromium-122-missing-header-files.patch
|
||
- Fix missing/invalid casting in
|
||
chromium-122-no_matching_constructor.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 13 05:35:05 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 122.0.6261.128 (boo#1221335)
|
||
* CVE-2024-2400: Use after free in Performance Manager
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 8 16:14:39 CET 2024 - ro@suse.de
|
||
|
||
- Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
|
||
* New upstream security release.
|
||
* CVE-2024-2173: Out of bounds memory access in V8.
|
||
* CVE-2024-2174: Inappropriate implementation in V8.
|
||
* CVE-2024-2176: Use after free in FedCM.
|
||
- Chromium 122.0.6261.94
|
||
* CVE-2024-1669: Out of bounds memory access in Blink.
|
||
* CVE-2024-1670: Use after free in Mojo.
|
||
* CVE-2024-1671: Inappropriate implementation in Site Isolation.
|
||
* CVE-2024-1672: Inappropriate implementation in Content Security Policy.
|
||
* CVE-2024-1673: Use after free in Accessibility.
|
||
* CVE-2024-1674: Inappropriate implementation in Navigation.
|
||
* CVE-2024-1675: Insufficient policy enforcement in Download.
|
||
* CVE-2024-1676: Inappropriate implementation in Navigation.
|
||
* Type Confusion in V8
|
||
* rediff chromium-disable-GlobalMediaControlsCastStartStop.patch
|
||
* drop chromium-114-lld-argument.patch
|
||
replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch
|
||
* drop chromium-121-no_matching_constructor.patch
|
||
replaced by chromium-122-no_matching_constructor.patch
|
||
* drop chromium-113-webview-namespace.patch (obsolete)
|
||
* reduce chromium-norar.patch
|
||
by the hunks in chromium-122-norar.patch
|
||
* drop chromium-114-revert-av1enc-lp154.patch
|
||
replaced by chromium-122-revert-av1enc-el9.patch
|
||
* drop chromium-115-lp155-typename.patch
|
||
chromium-116-lp155-typenames.patch
|
||
chromium-117-lp155-typename.patch
|
||
chromium-120-lp155-typename.patch
|
||
replaced by chromium-122-typename.patch
|
||
* drop chromium-121-missing-header-files.patch
|
||
replaced by chromium-122-missing-header-files.patch
|
||
* drop chromium-121-workaround_clang_bug-structured_binding.patch
|
||
replaced by chromium-122-workaround_clang_bug-structured_binding.patch
|
||
* drop chromium-121-no_matching_constructor.patch
|
||
replaced by chromium-122-no_matching_constructor.patch
|
||
* drop chromium-121-python3-invalid-escape-sequence.patch (upstream)
|
||
* drop chromium-disable-FFmpegAllowLists.patch
|
||
replaced by chromium-122-disable-FFmpegAllowLists.patch
|
||
* drop chromium-121-avoid-SFINAE-TypeConverter.patch
|
||
replaced by chromium-122-avoid-SFINAE-TypeConverter.patch
|
||
* add buildrequires for rust
|
||
* add patches from fedora package for 121 and 122
|
||
* chromium-121-el7-clang-version-warning.patch
|
||
* chromium-121-v8-c++20-p1.patch
|
||
* chromium-121-v8-c++20.patch
|
||
* chromium-122-arm64-memory_tagging.patch
|
||
* chromium-122-clang16-buildflags.patch
|
||
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
|
||
* chromium-122-clang-build-flags.patch
|
||
* chromium-122-constexpr.patch
|
||
* chromium-122-disable-FFmpegAllowLists.patch
|
||
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
|
||
* chromium-122-el7-extra-operator.patch
|
||
* chromium-122-el7-inline-function.patch
|
||
* chromium-122-el8-support-64kpage.patch
|
||
* chromium-122-missing-header-files.patch
|
||
* chromium-122-no_matching_constructor.patch
|
||
* chromium-122-norar.patch
|
||
* chromium-122-python3-assignment-expressions.patch
|
||
* chromium-122-revert-av1enc-el9.patch
|
||
* chromium-122-static-assert.patch
|
||
* chromium-122-typename.patch
|
||
* chromium-122-unique_ptr.patch
|
||
* chromium-122-workaround_clang_bug-structured_binding.patch
|
||
* from debian add
|
||
* chromium-122-undo-internal-alloc.patch
|
||
* chromium-122-debian-upstream-bitset.patch
|
||
* chromium-122-debian-upstream-mojo.patch
|
||
* chromium-122-debian-upstream-optional.patch
|
||
* chromium-122-debian-upstream-uniqptr.patch
|
||
* chromium-122-debian-fixes-optional.patch
|
||
* added compile fix needed on code15
|
||
chromium-122-skip_bubble_contents_wrapper_static_assert.patch
|
||
to prevent "static assertion expression is not an integral constant expression"
|
||
"in call to 'operator+(&"."[0], ShoppingInsightsSidePanelUI::GetWebUIName())'"
|
||
in bubble_contents_wrapper.h:153
|
||
- replace Cr121-ffmpeg-new-channel-layout.patch by
|
||
Cr122-ffmpeg-new-channel-layout.patch (rediff against 122)
|
||
- drop chromium-121-system-old-ffmpeg.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 8 13:16:51 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg
|
||
changes so that FFmpeg 4 will work on Leap
|
||
- Prepare for libxml 2.12
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 2 12:39:17 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661)
|
||
* CVE-2024-1284: Use after free in Mojo
|
||
* CVE-2024-1283: Heap buffer overflow in Skia
|
||
* CVE-2024-1060: Use after free in Canvas
|
||
* CVE-2024-1059: Use after free in WebRTC
|
||
* CVE-2024-1077: Use after free in Network
|
||
* CVE-2024-0807: Use after free in WebAudio
|
||
* CVE-2024-0812: Inappropriate implementation in Accessibility
|
||
* CVE-2024-0808: Integer underflow in WebUI
|
||
* CVE-2024-0810: Insufficient policy enforcement in DevTools
|
||
* CVE-2024-0814: Incorrect security UI in Payments
|
||
* CVE-2024-0813: Use after free in Reading Mode
|
||
* CVE-2024-0806: Use after free in Passwords
|
||
* CVE-2024-0805: Inappropriate implementation in Downloads
|
||
* CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
|
||
* CVE-2024-0811: Inappropriate implementation in Extensions API
|
||
* CVE-2024-0809: Inappropriate implementation in Autofill
|
||
- Removed patches:
|
||
* chromium-117-includes.patch
|
||
* chromium-118-includes.patch
|
||
* chromium-119-dont-redefine-ATSPI-version-macros.patch
|
||
* chromium-120-missing-header-files.patch
|
||
* chromium-120-no_matching_constructor.patch
|
||
* chromium-120-nullptr_t-without-namespace-std.patch
|
||
* chromium-120-workaround_clang_bug-structured_binding.patch
|
||
* gcc13-fix.patch
|
||
* chromium-113-webauth-include-variant.patch
|
||
* chromium-110-system-libffi.patch
|
||
- Added patches:
|
||
* chromium-121-no_matching_constructor.patch
|
||
* chromium-121-nullptr_t-without-namespace-std.patch
|
||
* chromium-121-workaround_clang_bug-structured_binding.patch
|
||
* chromium-121-missing-header-files.patch
|
||
* chromium-121-rust-clang_lib.patch
|
||
* chromium-121-python3-invalid-escape-sequence.patch
|
||
* chromium-121-rust-clang_lib.patch
|
||
* chromium-121-avoid-SFINAE-TypeConverter.patch
|
||
* chromium-121-blink-libxml-const.patch
|
||
- Add patch chromium-disable-FFmpegAllowLists.patch:
|
||
disable codec checker this will always fail (bsc#1219070)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 17 08:54:07 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 120.0.6099.224 (boo#1218892)
|
||
* CVE-2024-0517: Out of bounds write in V8
|
||
* CVE-2024-0518: Type Confusion in V8
|
||
* CVE-2024-0519: Out of bounds memory access in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 14 10:07:12 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Replace chromium-120-lp155-revert-clang-build-failure.patch
|
||
with chromium-120-make_unique-struct.patch - which avoids
|
||
reverting changes and instead provides a stub constructor to fix
|
||
build on Leap
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 13 08:29:26 UTC 2024 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302,
|
||
boo#1218533, boo#1218719)
|
||
* CVE-2024-0333: Insufficient data validation in Extensions
|
||
* CVE-2024-0222: Use after free in ANGLE
|
||
* CVE-2024-0223: Heap buffer overflow in ANGLE
|
||
* CVE-2024-0224: Use after free in WebAudio
|
||
* CVE-2024-0225: Use after free in WebGPU
|
||
* CVE-2023-7024: Heap buffer overflow in WebRTC
|
||
* CVE-2023-6702: Type Confusion in V8
|
||
* CVE-2023-6703: Use after free in Blink
|
||
* CVE-2023-6704: Use after free in libavif (boo#1218303)
|
||
* CVE-2023-6705: Use after free in WebRTC
|
||
* CVE-2023-6706: Use after free in FedCM
|
||
* CVE-2023-6707: Use after free in CSS
|
||
* CVE-2023-6508: Use after free in Media Stream
|
||
* CVE-2023-6509: Use after free in Side Panel Search
|
||
* CVE-2023-6510: Use after free in Media Capture
|
||
* CVE-2023-6511: Inappropriate implementation in Autofill
|
||
* CVE-2023-6512: Inappropriate implementation in Web Browser UI
|
||
- drop patches:
|
||
* chromium-system-libusb.patch
|
||
* chromium-119-nullptr_t-without-namespace-std.patch
|
||
* chromium-119-no_matching_constructor.patch
|
||
* chromium-117-workaround_clang_bug-structured_binding.patch
|
||
- add patches:
|
||
* chromium-120-nullptr_t-without-namespace-std.patch
|
||
* chromium-120-emplace.patch
|
||
* chromium-120-lp155-typename.patch
|
||
* chromium-120-no_matching_constructor.patch
|
||
* chromium-120-missing-header-files.patch
|
||
* chromium-120-emplace-struct.patch
|
||
* chromium-120-workaround_clang_bug-structured_binding.patch
|
||
- add patches for Leap that revert braking changes:
|
||
* chromium-120-lp155-revert-clang-build-failure.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 29 06:26:02 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 119.0.6045.199 (boo#1217616)
|
||
* CVE-2023-6348: Type Confusion in Spellcheck
|
||
* CVE-2023-6347: Use after free in Mojo
|
||
* CVE-2023-6346: Use after free in WebAudio
|
||
* CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
|
||
* CVE-2023-6351: Use after free in libavif (boo#1217615)
|
||
* CVE-2023-6345: Integer overflow in Skia
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 15 06:18:42 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 119.0.6045.159 (boo#1217142)
|
||
* CVE-2023-5997: Use after free in Garbage Collection
|
||
* CVE-2023-6112: Use after free in Navigation
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 10 18:50:48 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 119.0.6045.123 (boo#1216978)
|
||
* CVE-2023-5996: Use after free in WebAudio
|
||
- Chromium 119.0.6045.105 (boo#1216783)
|
||
* CVE-2023-5480: Inappropriate implementation in Payments
|
||
* CVE-2023-5482: Insufficient data validation in USB
|
||
* CVE-2023-5849: Integer overflow in USB
|
||
* CVE-2023-5850: Incorrect security UI in Downloads
|
||
* CVE-2023-5851: Inappropriate implementation in Downloads
|
||
* CVE-2023-5852: Use after free in Printing
|
||
* CVE-2023-5853: Incorrect security UI in Downloads
|
||
* CVE-2023-5854: Use after free in Profiles
|
||
* CVE-2023-5855: Use after free in Reading Mode
|
||
* CVE-2023-5856: Use after free in Side Panel
|
||
* CVE-2023-5857: Inappropriate implementation in Downloads
|
||
* CVE-2023-5858: Inappropriate implementation in WebApp Provider
|
||
* CVE-2023-5859: Incorrect security UI in Picture In Picture
|
||
- dropped patches:
|
||
* chromium-98-gtk4-build.patch
|
||
* chromium-118-system-freetype.patch
|
||
* chromium-118-no_matching_constructor.patch
|
||
- added patches:
|
||
* chromium-119-no_matching_constructor.patch
|
||
* chromium-119-dont-redefine-ATSPI-version-macros.patch
|
||
* chromium-119-nullptr_t-without-namespace-std.patch
|
||
* chromium-119-assert.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 24 21:20:15 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 118.0.5993.117 (boo#1216549)
|
||
* CVE-2023-5472: Use after free in Profiles
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 18 20:39:57 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 118.0.5993.88:
|
||
* unspecified security fix (boo#1216392)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 11 18:56:28 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- refresh chromium-117-emplace_back_on_vector-c++20.patch and
|
||
chromium-117-lp155-constructors.patch to
|
||
chromium-118-no_matching_constructor.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 10 20:18:54 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 118.0.5993.70 (boo#1216111)
|
||
* CVE-2023-5218: Use after free in Site Isolation
|
||
* CVE-2023-5487: Inappropriate implementation in Fullscreen
|
||
* CVE-2023-5484: Inappropriate implementation in Navigation
|
||
* CVE-2023-5475: Inappropriate implementation in DevTools
|
||
* CVE-2023-5483: Inappropriate implementation in Intents
|
||
* CVE-2023-5481: Inappropriate implementation in Downloads
|
||
* CVE-2023-5476: Use after free in Blink History
|
||
* CVE-2023-5474: Heap buffer overflow in PDF
|
||
* CVE-2023-5479: Inappropriate implementation in Extensions API
|
||
* CVE-2023-5485: Inappropriate implementation in Autofill
|
||
* CVE-2023-5478: Inappropriate implementation in Autofill
|
||
* CVE-2023-5477: Inappropriate implementation in Installer
|
||
* CVE-2023-5486: Inappropriate implementation in Input
|
||
* CVE-2023-5473: Use after free in Cast
|
||
- Build with system freetype (again), and zstd
|
||
- add patches:
|
||
* chromium-118-system-freetype.patch
|
||
* chromium-117-system-zstd.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 7 15:32:52 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 118.0.5993.54
|
||
- add patches:
|
||
* chromium-118-includes.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 4 05:22:08 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 117.0.5938.149:
|
||
* CVE-2023-5346: Type Confusion in V8 (boo#1215924)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 27 21:39:34 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 117.0.5938.132 (boo#1215776):
|
||
* CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
|
||
* CVE-2023-5186: Use after free in Passwords
|
||
* CVE-2023-5187: Use after free in Extensions
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 22 06:27:24 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 117.0.5938.92:
|
||
* stability improvements
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 20 13:59:22 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Add explicit build dependency on libepoxy for Tumbleweed
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 17 11:47:10 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 117.0.5938.88 (boo#1215279)
|
||
* CVE-2023-4900: Inappropriate implementation in Custom Tabs
|
||
* CVE-2023-4901: Inappropriate implementation in Prompts
|
||
* CVE-2023-4902: Inappropriate implementation in Input
|
||
* CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs
|
||
* CVE-2023-4904: Insufficient policy enforcement in Downloads
|
||
* CVE-2023-4905: Inappropriate implementation in Prompts
|
||
* CVE-2023-4906: Insufficient policy enforcement in Autofill
|
||
* CVE-2023-4907: Inappropriate implementation in Intents
|
||
* CVE-2023-4908: Inappropriate implementation in Picture in Picture
|
||
* CVE-2023-4909: Inappropriate implementation in Interstitials
|
||
- drop patches:
|
||
* chromium-100-InMilliseconds-constexpr.patch
|
||
* chromium-115-Qt-moc-version.patch
|
||
* chromium-116-profile-view-utils-vector-include.patch
|
||
* chromium-116-blink-variant-include.patch
|
||
* chromium-116-abseil-limits-include.patch
|
||
* chromium-116-lp155-constuctors.patch
|
||
* chromium-115-workaround_clang_bug-structured_binding.patch
|
||
* chromium-115-emplace_back_on_vector-c++20.patch
|
||
- add patches:
|
||
* chromium-117-blink-BUILD-mnemonic.patch
|
||
* chromium-117-includes.patch
|
||
* chromium-117-lp155-constructors.patch
|
||
* chromium-117-string-convert.patch
|
||
* chromium-117-lp155-typename.patch
|
||
* chromium-117-workaround_clang_bug-structured_binding.patch
|
||
* chromium-117-emplace_back_on_vector-c++20.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 13 20:04:46 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- CVE-2023-4863: build with the bundled library on Leap (boo#1215231)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 12 06:18:00 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 116.0.5845.187 (boo#1215231):
|
||
* CVE-2023-4863: Heap buffer overflow in WebP
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 6 05:08:13 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 116.0.5845.179 (boo#1215023):
|
||
* CVE-2023-4761: Out of bounds memory access in FedCM
|
||
* CVE-2023-4762: Type Confusion in V8
|
||
* CVE-2023-4763: Use after free in Networks
|
||
* CVE-2023-4764: Incorrect security UI in BFCache
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 30 00:57:21 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 116.0.5845.140 (boo#1214758):
|
||
* CVE-2023-4572: Use after free in MediaStream
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 23 06:09:03 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 116.0.5845.110 (boo#1214487):
|
||
* CVE-2023-4427: Out of bounds memory access in V8
|
||
* CVE-2023-4428: Out of bounds memory access in CSS
|
||
* CVE-2023-4429: Use after free in Loader
|
||
* CVE-2023-4430: Use after free in Vulkan
|
||
* CVE-2023-4431: Out of bounds memory access in Fonts
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 14 19:17:09 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 116.0.5845.96
|
||
* New CSS features: Motion Path, and "display" and
|
||
"content-visibility" animations
|
||
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
|
||
forward cache NotRestoredReason API, Document Picture-in-
|
||
Picture, Expanded Wildcards in Permissions Policy Origins,
|
||
FedCM bundle: Login Hint API, User Info API, and RP Context API,
|
||
Non-composed Mouse and Pointer enter/leave events,
|
||
Remove document.open sandbox inheritance,
|
||
Report Critical-CH caused restart in NavigationTiming
|
||
- fix a number of security issues (boo#1214301):
|
||
* CVE-2023-2312: Use after free in Offline
|
||
* CVE-2023-4349: Use after free in Device Trust Connectors
|
||
* CVE-2023-4350: Inappropriate implementation in Fullscreen
|
||
* CVE-2023-4351: Use after free in Network
|
||
* CVE-2023-4352: Type Confusion in V8
|
||
* CVE-2023-4353: Heap buffer overflow in ANGLE
|
||
* CVE-2023-4354: Heap buffer overflow in Skia
|
||
* CVE-2023-4355: Out of bounds memory access in V8
|
||
* CVE-2023-4356: Use after free in Audio
|
||
* CVE-2023-4357: Insufficient validation of untrusted input in XML
|
||
* CVE-2023-4358: Use after free in DNS
|
||
* CVE-2023-4359: Inappropriate implementation in App Launcher
|
||
* CVE-2023-4360: Inappropriate implementation in Color
|
||
* CVE-2023-4361: Inappropriate implementation in Autofill
|
||
* CVE-2023-4362: Heap buffer overflow in Mojom IDL
|
||
* CVE-2023-4363: Inappropriate implementation in WebShare
|
||
* CVE-2023-4364: Inappropriate implementation in Permission Prompts
|
||
* CVE-2023-4365: Inappropriate implementation in Fullscreen
|
||
* CVE-2023-4366: Use after free in Extensions
|
||
* CVE-2023-4367: Insufficient policy enforcement in Extensions API
|
||
* CVE-2023-4368: Insufficient policy enforcement in Extensions API
|
||
- drop patches:
|
||
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
|
||
* chromium-115-verify_name_match-include.patch
|
||
* chromium-86-fix-vaapi-on-intel.patch
|
||
* chromium-115-skia-include.patch
|
||
* chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
|
||
- add patches:
|
||
* chromium-116-profile-view-utils-vector-include.patch
|
||
* chromium-116-blink-variant-include.patch
|
||
* chromium-116-lp155-url_load_stats-size-t.patch
|
||
* chromium-116-abseil-limits-include.patch
|
||
* chromium-116-lp155-typenames.patch
|
||
* chromium-116-lp155-constuctors.patch
|
||
- Build with bundled re2 on Leap
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 9 17:24:31 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Fix crash with extensions (boo#1214003)
|
||
chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 3 06:00:39 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 115.0.5790.170 (boo#1213920)
|
||
* CVE-2023-4068: Type Confusion in V8
|
||
* CVE-2023-4069: Type Confusion in V8
|
||
* CVE-2023-4070: Type Confusion in V8
|
||
* CVE-2023-4071: Heap buffer overflow in Visuals
|
||
* CVE-2023-4072: Out of bounds read and write in WebGL
|
||
* CVE-2023-4073: Out of bounds memory access in ANGLE
|
||
* CVE-2023-4074: Use after free in Blink Task Scheduling
|
||
* CVE-2023-4075: Use after free in Cast
|
||
* CVE-2023-4076: Use after free in WebRTC
|
||
* CVE-2023-4077: Insufficient data validation in Extensions
|
||
* CVE-2023-4078: Inappropriate implementation in Extensions
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 28 22:01:46 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Specify re2 build dependency in a way that makes Leap packages
|
||
build in devel project and in Maintenance
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 23 11:55:15 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 115.0.5790.102:
|
||
* stability fix
|
||
- Add build fixes on Leap:
|
||
* chromium-115-emplace_back_on_vector-c++20.patch
|
||
* chromium-115-compiler-SkColor4f.patch
|
||
* chromium-115-workaround_clang_bug-structured_binding.patch
|
||
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
|
||
- adjust chromium-115-lp155-typename.patch
|
||
- drop chromium-114-workaround_clang_bug-structured_binding.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 19 09:23:32 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 115.0.5790.98
|
||
* Security: The Storage, Service Worker, and Communication APIs
|
||
are now partitioned in third-party contexts to prevent certain
|
||
types of side-channel cross-site tracking
|
||
* HTTPS: Automatically and optimistically upgrade all main-frame
|
||
navigations to HTTPS, with fast fallback to HTTP.
|
||
* CSS: accept multiple values of the display property
|
||
* CSS: support boolean context style container queries
|
||
* CSS: support scroll-driven animations
|
||
* Increase the maximum size of a WebAssembly.Module() on the main
|
||
thread to 8 MB
|
||
* FedCM: Support credential management mediation requirements for
|
||
auto re-authentication
|
||
* Deprecate the document.domain setter
|
||
* Deprecate mutation events
|
||
* Security fixes (boo#1213462):
|
||
CVE-2023-3727: Use after free in WebRTC
|
||
CVE-2023-3728: Use after free in WebRTC
|
||
CVE-2023-3730: Use after free in Tab Groups
|
||
CVE-2023-3732: Out of bounds memory access in Mojo
|
||
CVE-2023-3733: Inappropriate implementation in WebApp Installs
|
||
CVE-2023-3734: Inappropriate implementation in Picture In Picture
|
||
CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
|
||
CVE-2023-3736: Inappropriate implementation in Custom Tabs
|
||
CVE-2023-3737: Inappropriate implementation in Notifications
|
||
CVE-2023-3738: Inappropriate implementation in Autofill
|
||
CVE-2023-3740: Insufficient validation of untrusted input in Themes
|
||
Various fixes from internal audits, fuzzing and other initiatives
|
||
- drop chromium-113-typename.patch
|
||
- add chromium-115-skia-include.patch
|
||
- add chromium-115-verify_name_match-include.patch
|
||
- add chromium-115-lp155-typename.patch
|
||
- Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without
|
||
built-in copy of shim
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 27 07:39:29 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 114.0.5735.198 (boo#1212755):
|
||
* CVE-2023-3420: Type Confusion in V8
|
||
* CVE-2023-3421: Use after free in Media
|
||
* CVE-2023-3422: Use after free in Guest View
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 25 09:54:37 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Install Qt5 library & prepare for Qt6 in 115
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 14 05:23:16 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 114.0.5735.133 (boo#1212302):
|
||
* CVE-2023-3214: Use after free in Autofill payments
|
||
* CVE-2023-3215: Use after free in WebRTC
|
||
* CVE-2023-3216: Type Confusion in V8
|
||
* CVE-2023-3217: Use after free in WebXR
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 7 18:13:06 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
|
||
|
||
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 6 05:34:13 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 114.0.5735.106 (boo#1212044):
|
||
* CVE-2023-3079: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 4 18:52:01 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 114.0.5735.90 (boo#1211843):
|
||
* CSS text-wrap: balance is available
|
||
* Cookies partitioned by top level site (CHIPS)
|
||
* New Popover API
|
||
- Security fixes:
|
||
* CVE-2023-2929: Out of bounds write in Swiftshader
|
||
* CVE-2023-2930: Use after free in Extensions
|
||
* CVE-2023-2931: Use after free in PDF
|
||
* CVE-2023-2932: Use after free in PDF
|
||
* CVE-2023-2933: Use after free in PDF
|
||
* CVE-2023-2934: Out of bounds memory access in Mojo
|
||
* CVE-2023-2935: Type Confusion in V8
|
||
* CVE-2023-2936: Type Confusion in V8
|
||
* CVE-2023-2937: Inappropriate implementation in Picture In Picture
|
||
* CVE-2023-2938: Inappropriate implementation in Picture In Picture
|
||
* CVE-2023-2939: Insufficient data validation in Installer
|
||
* CVE-2023-2940: Inappropriate implementation in Downloads
|
||
* CVE-2023-2941: Inappropriate implementation in Extensions API
|
||
- Drop patches:
|
||
* chromium-103-VirtualCursor-std-layout.patch
|
||
* chromium-113-system-zlib.patch
|
||
* chromium-113-workaround_clang_bug-structured_binding.patch
|
||
- Add patches
|
||
* chromium-114-workaround_clang_bug-structured_binding.patch
|
||
* chromium-114-lld-argument.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 30 21:53:45 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Un-bundle zlib again
|
||
- Remove un-needed patches:
|
||
* chromium-112-default-comparison-operators.patch
|
||
* chromium-109-clang-lp154.patch
|
||
* chromium-clang-nomerge.patch
|
||
* chromium-ffmpeg-lp152.patch
|
||
* chromium-lp151-old-drm.patch
|
||
- Added patches:
|
||
* chromium-113-system-zlib.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 28 21:32:03 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- build with llvm15 on Leap
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 16 21:16:23 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
|
||
|
||
- Chromium 113.0.5672.126 (boo#1211442):
|
||
* CVE-2023-2721: Use after free in Navigation
|
||
* CVE-2023-2722: Use after free in Autofill UI
|
||
* CVE-2023-2723: Use after free in DevTools
|
||
* CVE-2023-2724: Type Confusion in V8
|
||
* CVE-2023-2725: Use after free in Guest View
|
||
* CVE-2023-2726: Inappropriate implementation in WebApp Installs
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 9 19:14:20 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
|
||
|
||
- Chromium 113.0.5672.92 (boo#1211211)
|
||
- Multiple security fixes (boo#1211036):
|
||
* CVE-2023-2459: Inappropriate implementation in Prompts
|
||
* CVE-2023-2460: Insufficient validation of untrusted input in Extensions
|
||
* CVE-2023-2461: Use after free in OS Inputs
|
||
* CVE-2023-2462: Inappropriate implementation in Prompts
|
||
* CVE-2023-2463: Inappropriate implementation in Full Screen Mode
|
||
* CVE-2023-2464: Inappropriate implementation in PictureInPicture
|
||
* CVE-2023-2465: Inappropriate implementation in CORS
|
||
* CVE-2023-2466: Inappropriate implementation in Prompts
|
||
* CVE-2023-2467: Inappropriate implementation in Prompts
|
||
* CVE-2023-2468: Inappropriate implementation in PictureInPicture
|
||
- drop chromium-94-sql-no-assert.patch
|
||
- drop no-location-leap151.patch
|
||
- add chromium-113-webview-namespace.patch
|
||
- add chromium-113-webauth-include-variant.patch
|
||
- add chromium-113-typename.patch
|
||
- add chromium-113-workaround_clang_bug-structured_binding.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 19 19:55:51 UTC 2023 - Andreas Stieger <Andreas.Stieger@gmx.de>
|
||
|
||
- Chromium 112.0.5615.165 (boo#1210618):
|
||
* CVE-2023-2133: Out of bounds memory access in Service Worker API
|
||
* CVE-2023-2134: Out of bounds memory access in Service Worker API
|
||
* CVE-2023-2135: Use after free in DevTools
|
||
* CVE-2023-2136: Integer overflow in Skia
|
||
* CVE-2023-2137: Heap buffer overflow in sqlite
|
||
- drop chromium-112-feed_protos.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 16 02:10:30 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Fix Leap 15.4 build failures from default comparison operators
|
||
defined outside of the class definition, a C++20 feature
|
||
adding chromium-112-default-comparison-operators.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 15 10:49:51 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 112.0.5615.121:
|
||
* CVE-2023-2033: Type Confusion in V8 (boo#1210478)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 7 07:57:40 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Revert a breaking change with chromium-112-feed_protos.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 4 22:38:23 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 112.0.5615.49
|
||
* CSS now supports nesting rules.
|
||
* The algorithm to set the initial focus on <dialog> elements was updated.
|
||
* No-op fetch() handlers on service workers are skipped from now on to make navigations faster
|
||
* The setter for document.domain is now deprecated.
|
||
* The recorder in devtools can now record with pierce selectors.
|
||
* Security fixes (boo#1210126):
|
||
* CVE-2023-1810: Heap buffer overflow in Visuals
|
||
* CVE-2023-1811: Use after free in Frames
|
||
* CVE-2023-1812: Out of bounds memory access in DOM Bindings
|
||
* CVE-2023-1813: Inappropriate implementation in Extensions
|
||
* CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
|
||
* CVE-2023-1815: Use after free in Networking APIs
|
||
* CVE-2023-1816: Incorrect security UI in Picture In Picture
|
||
* CVE-2023-1817: Insufficient policy enforcement in Intents
|
||
* CVE-2023-1818: Use after free in Vulkan
|
||
* CVE-2023-1819: Out of bounds read in Accessibility
|
||
* CVE-2023-1820: Heap buffer overflow in Browser History
|
||
* CVE-2023-1821: Inappropriate implementation in WebShare
|
||
* CVE-2023-1822: Incorrect security UI in Navigation
|
||
* CVE-2023-1823: Inappropriate implementation in FedCM
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 27 20:12:21 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 111.0.5563.147:
|
||
* nth-child() validation performance regression for SAP apps
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 23 08:40:11 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Update gcc13-fix.patch with few fixes required for aarch64,
|
||
borrowed from Fedora's gcc13 patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 22 09:03:45 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 111.0.5563.110 (boo#1209598)
|
||
* CVE-2023-1528: Use after free in Passwords
|
||
* CVE-2023-1529: Out of bounds memory access in WebHID
|
||
* CVE-2023-1530: Use after free in PDF
|
||
* CVE-2023-1531: Use after free in ANGLE
|
||
* CVE-2023-1532: Out of bounds read in GPU Video
|
||
* CVE-2023-1533: Use after free in WebProtect
|
||
* CVE-2023-1534: Out of bounds read in ANGLE
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 20 11:59:36 UTC 2023 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Add gcc13-fix.patch in order to support GCC 13.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 9 23:54:55 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 9 15:48:22 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Bump Leap's GCC to 12 as Chromium really likes newer standards
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 9 01:58:25 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 111.0.5563.64
|
||
* New View Transitions API
|
||
* CSS Color Level 4
|
||
* New developer tools in style panel for color functionality
|
||
* CSS added trigonometric functions, additional root font units
|
||
and extended the n-th child pseudo selector.
|
||
* previousslide and nextslide actions are now part of the Media
|
||
Session API
|
||
* A number of security fixes (boo#1209040)
|
||
* CVE-2023-1213: Use after free in Swiftshader
|
||
* CVE-2023-1214: Type Confusion in V8
|
||
* CVE-2023-1215: Type Confusion in CSS
|
||
* CVE-2023-1216: Use after free in DevTools
|
||
* CVE-2023-1217: Stack buffer overflow in Crash reporting
|
||
* CVE-2023-1218: Use after free in WebRTC
|
||
* CVE-2023-1219: Heap buffer overflow in Metrics
|
||
* CVE-2023-1220: Heap buffer overflow in UMA
|
||
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
|
||
* CVE-2023-1222: Heap buffer overflow in Web Audio API
|
||
* CVE-2023-1223: Insufficient policy enforcement in Autofill
|
||
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
|
||
* CVE-2023-1225: Insufficient policy enforcement in Navigation
|
||
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
|
||
* CVE-2023-1227: Use after free in Core
|
||
* CVE-2023-1228: Insufficient policy enforcement in Intents
|
||
* CVE-2023-1229: Inappropriate implementation in Permission prompts
|
||
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
|
||
* CVE-2023-1231: Inappropriate implementation in Autofill
|
||
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
|
||
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
|
||
* CVE-2023-1234: Inappropriate implementation in Intents
|
||
* CVE-2023-1235: Type Confusion in DevTools
|
||
* CVE-2023-1236: Inappropriate implementation in Internals
|
||
- drop patches:
|
||
* chromium-86-ImageMemoryBarrierData-init.patch
|
||
* chromium-93-InkDropHost-crash.patch
|
||
* chromium-110-NativeThemeBase-fabs.patch
|
||
* chromium-110-CredentialUIEntry-const.patch
|
||
* chromium-110-DarkModeLABColorSpace-pow.patch
|
||
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
|
||
* chromium-icu72-1.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 23 08:21:24 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 110.0.5481.177 (boo#1208589)
|
||
* CVE-2023-0927: Use after free in Web Payments API
|
||
* CVE-2023-0928: Use after free in SwiftShader
|
||
* CVE-2023-0929: Use after free in Vulkan
|
||
* CVE-2023-0930: Heap buffer overflow in Video
|
||
* CVE-2023-0931: Use after free in Video
|
||
* CVE-2023-0932: Use after free in WebRTC
|
||
* CVE-2023-0933: Integer overflow in PDF
|
||
* CVE-2023-0941: Use after free in Prompts
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 16 20:30:43 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 110.0.5481.100
|
||
* fix regression on SAP Business Objects web UI
|
||
* fix date formatting behavior change from ICU 72
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 8 20:16:01 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 110.0.5481.77 (boo#1208029):
|
||
* CVE-2023-0696: Type Confusion in V8
|
||
* CVE-2023-0697: Inappropriate implementation in Full screen mode
|
||
* CVE-2023-0698: Out of bounds read in WebRTC
|
||
* CVE-2023-0699: Use after free in GPU
|
||
* CVE-2023-0700: Inappropriate implementation in Download
|
||
* CVE-2023-0701: Heap buffer overflow in WebUI
|
||
* CVE-2023-0702: Type Confusion in Data Transfer
|
||
* CVE-2023-0703: Type Confusion in DevTools
|
||
* CVE-2023-0704: Insufficient policy enforcement in DevTools
|
||
* CVE-2023-0705: Integer overflow in Core
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- build with bundled libavif
|
||
- dropped patches:
|
||
* chromium-109-compiler.patch
|
||
* chromium-icu72-3.patch
|
||
- added patches:
|
||
* chromium-110-compiler.patch
|
||
* chromium-110-system-libffi.patch
|
||
* chromium-110-NativeThemeBase-fabs.patch
|
||
* chromium-110-CredentialUIEntry-const.patch
|
||
* chromium-110-DarkModeLABColorSpace-pow.patch
|
||
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 25 04:51:29 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 109.0.5414.119 (boo#1207512):
|
||
* CVE-2023-0471: Use after free in WebTransport
|
||
* CVE-2023-0472: Use after free in WebRTC
|
||
* CVE-2023-0473: Type Confusion in ServiceWorker API
|
||
* CVE-2023-0474: Use after free in GuestView
|
||
* Various fixes from internal audits, fuzzing and other
|
||
initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 17 21:03:29 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Added patches:
|
||
* chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict
|
||
with system icu (bsc#1207147)
|
||
* chromium-icu72-2.patch: align default characters for old icu
|
||
with that of ICU 72
|
||
* chromium-icu72-3.patch: make V8 aware of space in ICU 72 time
|
||
format
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 10 21:24:55 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 109.0.5414.74:
|
||
* Add support for MathML Core
|
||
* CSS: Auto range support for font descriptors inside @font-face
|
||
rule
|
||
* CSS: Add lh length unit
|
||
* CSS: Add hyphenate-limit-chars property
|
||
* CSS: Snap border, outline and column-rule widths before layout
|
||
* API: Improved screen sharing and web conferencing: hints for
|
||
suppressing local audio playback, and Conditional Focus
|
||
* API: HTTP response status code in the Resource Timing API
|
||
* API: Same-site cross-origin prerendering triggered by the
|
||
speculation rules API
|
||
* Remove Event.path API
|
||
* CVE-2023-0128: Use after free in Overview Mode
|
||
* CVE-2023-0129: Heap buffer overflow in Network Service
|
||
* CVE-2023-0130: Inappropriate implementation in Fullscreen API
|
||
* CVE-2023-0131: Inappropriate implementation in iframe Sandbox
|
||
* CVE-2023-0132: Inappropriate implementation in Permission prompts
|
||
* CVE-2023-0133: Inappropriate implementation in Permission prompts
|
||
* CVE-2023-0134: Use after free in Cart
|
||
* CVE-2023-0135: Use after free in Cart
|
||
* CVE-2023-0136: Inappropriate implementation in Fullscreen API
|
||
* CVE-2023-0137: Heap buffer overflow in Platform Apps
|
||
* CVE-2023-0138: Heap buffer overflow in libphonenumber
|
||
* CVE-2023-0139: Insufficient validation of untrusted input in Downloads
|
||
* CVE-2023-0140: Inappropriate implementation in File System API
|
||
* CVE-2023-0141: Insufficient policy enforcement in CORS
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- drop patches:
|
||
* chromium-gcc11.patch - not needed
|
||
* chromium-107-system-zlib.patch - upstream
|
||
* chromium-108-compiler.patch
|
||
- add patches:
|
||
* chromium-109-compiler.patch
|
||
* chromium-109-clang-lp154.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 18 17:31:22 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add chromium-disable-GlobalMediaControlsCastStartStop.patch:
|
||
disable GlobalMediaControlsCastStartStop to fix crashes
|
||
occurring when interacting with the Media UI (bsc#1198124)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 14 09:01:57 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 108.0.5359.124 (boo#1206403):
|
||
* CVE-2022-4436: Use after free in Blink Media
|
||
* CVE-2022-4437: Use after free in Mojo IPC
|
||
* CVE-2022-4438: Use after free in Blink Frames
|
||
* CVE-2022-4439: Use after free in Aura
|
||
* CVE-2022-4440: Use after free in Profiles
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 7 20:43:54 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 108.0.5359.98
|
||
* Fix regression in computing <select> visibility
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 3 09:40:02 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 108.0.5359.94:
|
||
* CVE-2022-4262: Type Confusion in V8 (boo#1205999)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 30 21:56:32 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 108.0.5359.71 (boo#1205871):
|
||
* CVE-2022-4174: Type Confusion in V8
|
||
* CVE-2022-4175: Use after free in Camera Capture
|
||
* CVE-2022-4176: Out of bounds write in Lacros Graphics
|
||
* CVE-2022-4177: Use after free in Extensions
|
||
* CVE-2022-4178: Use after free in Mojo
|
||
* CVE-2022-4179: Use after free in Audio
|
||
* CVE-2022-4180: Use after free in Mojo
|
||
* CVE-2022-4181: Use after free in Forms
|
||
* CVE-2022-4182: Inappropriate implementation in Fenced Frames
|
||
* CVE-2022-4183: Insufficient policy enforcement in Popup Blocker
|
||
* CVE-2022-4184: Insufficient policy enforcement in Autofill
|
||
* CVE-2022-4185: Inappropriate implementation in Navigation
|
||
* CVE-2022-4186: Insufficient validation of untrusted input in Downloads
|
||
* CVE-2022-4187: Insufficient policy enforcement in DevTools
|
||
* CVE-2022-4188: Insufficient validation of untrusted input in CORS
|
||
* CVE-2022-4189: Insufficient policy enforcement in DevTools
|
||
* CVE-2022-4190: Insufficient data validation in Directory
|
||
* CVE-2022-4191: Use after free in Sign-In
|
||
* CVE-2022-4192: Use after free in Live Caption
|
||
* CVE-2022-4193: Insufficient policy enforcement in File System API
|
||
* CVE-2022-4194: Use after free in Accessibility
|
||
* CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
|
||
- drop chromium-105-wayland-1.20.patch, upstream
|
||
- drop chromium-107-compiler.patch
|
||
- add chromium-108-compiler.patch
|
||
- drop chromium-98-EnumTable-crash.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 24 20:48:10 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 107.0.5304.121 (boo#1205736)
|
||
* CVE-2022-4135: Heap buffer overflow in GPU
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 17 21:46:42 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Build with llvm15 on openSUSE:Backports:SLE-15-SP5 and up
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 9 17:03:58 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 107.0.5304.110 (boo#1205221)
|
||
* CVE-2022-3885: Use after free in V8
|
||
* CVE-2022-3886: Use after free in Speech Recognition
|
||
* CVE-2022-3887: Use after free in Web Workers
|
||
* CVE-2022-3888: Use after free in WebCodecs
|
||
* CVE-2022-3889: Type Confusion in V8
|
||
* CVE-2022-3890: Heap buffer overflow in Crashpad
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 28 08:35:09 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 107.0.5304.87 (boo#1204819)
|
||
* CVE-2022-3723: Type Confusion in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 27 08:57:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 107.0.5304.68 (boo#1204732)
|
||
* CVE-2022-3652: Type Confusion in V8
|
||
* CVE-2022-3653: Heap buffer overflow in Vulkan
|
||
* CVE-2022-3654: Use after free in Layout
|
||
* CVE-2022-3655: Heap buffer overflow in Media Galleries
|
||
* CVE-2022-3656: Insufficient data validation in File System
|
||
* CVE-2022-3657: Use after free in Extensions
|
||
* CVE-2022-3658: Use after free in Feedback service on Chrome OS
|
||
* CVE-2022-3659: Use after free in Accessibility
|
||
* CVE-2022-3660: Inappropriate implementation in Full screen mode
|
||
* CVE-2022-3661: Insufficient data validation in Extensions
|
||
- Added patches:
|
||
* chromium-107-compiler.patch
|
||
* chromium-107-system-zlib.patch
|
||
- Removed patches:
|
||
* chromium-105-compiler.patch
|
||
* chromium-105-Bitmap-include.patch
|
||
* chromium-106-AutofillPopupControllerImpl-namespace.patch
|
||
- Unbundle libyuv and libavif on TW
|
||
- Prepare 15.5
|
||
- Use qt on 15.4+ (15.3 too old)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 12 04:47:50 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 106.0.5249.119 (boo#1204223)
|
||
* CVE-2022-3445: Use after free in Skia
|
||
* CVE-2022-3446: Heap buffer overflow in WebSQL
|
||
* CVE-2022-3447: Inappropriate implementation in Custom Tabs
|
||
* CVE-2022-3448: Use after free in Permissions API
|
||
* CVE-2022-3449: Use after free in Safe Browsing
|
||
* CVE-2022-3450: Use after free in Peer Connection
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 6 21:02:32 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 106.0.5249.103:
|
||
* fix possible cache manager deadlock
|
||
* Fix right-click menu appearing unexpectedly affecting screen
|
||
readers
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 1 07:59:24 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 106.0.5249.91 (boo#1203808):
|
||
* CVE-2022-3370: Use after free in Custom Elements
|
||
* CVE-2022-3373: Out of bounds write in V8
|
||
- includes changes from 106.0.5249.61:
|
||
* CVE-2022-3304: Use after free in CSS
|
||
* CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
|
||
* CVE-2022-3305: Use after free in Survey
|
||
* CVE-2022-3306: Use after free in Survey
|
||
* CVE-2022-3307: Use after free in Media
|
||
* CVE-2022-3308: Insufficient policy enforcement in Developer Tools
|
||
* CVE-2022-3309: Use after free in Assistant
|
||
* CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
|
||
* CVE-2022-3311: Use after free in Import
|
||
* CVE-2022-3312: Insufficient validation of untrusted input in VPN
|
||
* CVE-2022-3313: Incorrect security UI in Full Screen
|
||
* CVE-2022-3314: Use after free in Logging
|
||
* CVE-2022-3315: Type confusion in Blink
|
||
* CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
|
||
* CVE-2022-3317: Insufficient validation of untrusted input in Intents
|
||
* CVE-2022-3318: Use after free in ChromeOS Notifications
|
||
- drop patches:
|
||
* chromium-104-tflite-system-zlib.patch
|
||
* chromium-105-AdjustMaskLayerGeometry-ceilf.patch
|
||
* chromium-105-Trap-raw_ptr.patch
|
||
* chromium-105-browser_finder-include.patch
|
||
* chromium-105-raw_ptr-noexcept.patch
|
||
- add patches
|
||
* chromium-106-ffmpeg-duration.patch
|
||
* chromium-106-AutofillPopupControllerImpl-namespace.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 14 18:09:26 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 105.0.5195.127 (boo#1203419):
|
||
* CVE-2022-3195: Out of bounds write in Storage
|
||
* CVE-2022-3196: Use after free in PDF
|
||
* CVE-2022-3197: Use after free in PDF
|
||
* CVE-2022-3198: Use after free in PDF
|
||
* CVE-2022-3199: Use after free in Frames
|
||
* CVE-2022-3200: Heap buffer overflow in Internals
|
||
* CVE-2022-3201: Insufficient validation of untrusted input in DevTools
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 8 10:46:42 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 105.0.5195.102 (boo#1203102):
|
||
* CVE-2022-3075: Insufficient data validation in Mojo
|
||
- Chromium 105.0.5195.52 (boo#1202964):
|
||
* CVE-2022-3038: Use after free in Network Service
|
||
* CVE-2022-3039: Use after free in WebSQL
|
||
* CVE-2022-3040: Use after free in Layout
|
||
* CVE-2022-3041: Use after free in WebSQL
|
||
* CVE-2022-3042: Use after free in PhoneHub
|
||
* CVE-2022-3043: Heap buffer overflow in Screen Capture
|
||
* CVE-2022-3044: Inappropriate implementation in Site Isolation
|
||
* CVE-2022-3045: Insufficient validation of untrusted input in V8
|
||
* CVE-2022-3046: Use after free in Browser Tag
|
||
* CVE-2022-3071: Use after free in Tab Strip
|
||
* CVE-2022-3047: Insufficient policy enforcement in Extensions API
|
||
* CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
|
||
* CVE-2022-3049: Use after free in SplitScreen
|
||
* CVE-2022-3050: Heap buffer overflow in WebUI
|
||
* CVE-2022-3051: Heap buffer overflow in Exosphere
|
||
* CVE-2022-3052: Heap buffer overflow in Window Manager
|
||
* CVE-2022-3053: Inappropriate implementation in Pointer Lock
|
||
* CVE-2022-3054: Insufficient policy enforcement in DevTools
|
||
* CVE-2022-3055: Use after free in Passwords
|
||
* CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
|
||
* CVE-2022-3057: Inappropriate implementation in iframe Sandbox
|
||
* CVE-2022-3058: Use after free in Sign-In Flow
|
||
- Added patches:
|
||
* chromium-105-AdjustMaskLayerGeometry-ceilf.patch
|
||
* chromium-105-Bitmap-include.patch
|
||
* chromium-105-browser_finder-include.patch
|
||
* chromium-105-raw_ptr-noexcept.patch
|
||
* chromium-105-Trap-raw_ptr.patch
|
||
* chromium-105-wayland-1.20.patch
|
||
* chromium-105-compiler.patch
|
||
- Removed patches:
|
||
* chromium-104-compiler.patch
|
||
* chromium-104-ContentRendererClient-type.patch
|
||
* chromium-78-protobuf-RepeatedPtrField-export.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 1 07:39:28 UTC 2022 - Paolo Stivanin <info@paolostivanin.com>
|
||
|
||
- Update chromium-symbolic.svg: this fixes bsc#1202403.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 22 09:53:49 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 18 15:32:26 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 104.0.5112.101 (boo#1202509):
|
||
* CVE-2022-2852: Use after free in FedCM
|
||
* CVE-2022-2854: Use after free in SwiftShader
|
||
* CVE-2022-2855: Use after free in ANGLE
|
||
* CVE-2022-2857: Use after free in Blink
|
||
* CVE-2022-2858: Use after free in Sign-In Flow
|
||
* CVE-2022-2853: Heap buffer overflow in Downloads
|
||
* CVE-2022-2856: Insufficient validation of untrusted input in Intents
|
||
* CVE-2022-2859: Use after free in Chrome OS Shell
|
||
* CVE-2022-2860: Insufficient policy enforcement in Cookies
|
||
* CVE-2022-2861: Inappropriate implementation in Extensions API
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 16 14:17:49 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Re-enable our version of chrome-wrapper
|
||
- Set no sandbox if root is being used (https://crbug.com/638180)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 9 12:29:06 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 104.0.5112.79 (boo#1202075)
|
||
* CVE-2022-2603: Use after free in Omnibox
|
||
* CVE-2022-2604: Use after free in Safe Browsing
|
||
* CVE-2022-2605: Out of bounds read in Dawn
|
||
* CVE-2022-2606: Use after free in Managed devices API
|
||
* CVE-2022-2607: Use after free in Tab Strip
|
||
* CVE-2022-2608: Use after free in Overview Mode
|
||
* CVE-2022-2609: Use after free in Nearby Share
|
||
* CVE-2022-2610: Insufficient policy enforcement in Background Fetch
|
||
* CVE-2022-2611: Inappropriate implementation in Fullscreen API
|
||
* CVE-2022-2612: Side-channel information leakage in Keyboard input
|
||
* CVE-2022-2613: Use after free in Input
|
||
* CVE-2022-2614: Use after free in Sign-In Flow
|
||
* CVE-2022-2615: Insufficient policy enforcement in Cookies
|
||
* CVE-2022-2616: Inappropriate implementation in Extensions API
|
||
* CVE-2022-2617: Use after free in Extensions API
|
||
* CVE-2022-2618: Insufficient validation of untrusted input in Internals
|
||
* CVE-2022-2619: Insufficient validation of untrusted input in Settings
|
||
* CVE-2022-2620: Use after free in WebUI
|
||
* CVE-2022-2621: Use after free in Extensions
|
||
* CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
|
||
* CVE-2022-2623: Use after free in Offline
|
||
* CVE-2022-2624: Heap buffer overflow in PDF
|
||
- Added patches:
|
||
* chromium-104-compiler.patch
|
||
* chromium-104-ContentRendererClient-type.patch
|
||
* chromium-104-tflite-system-zlib.patch
|
||
- Removed patches:
|
||
* chromium-103-SubstringSetMatcher-packed.patch
|
||
* chromium-103-FrameLoadRequest-type.patch
|
||
* chromium-103-compiler.patch
|
||
- Use FFmpeg 5.1 on TW
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 23 12:20:39 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Switch back to Clang so that we can use BTI on aarch64
|
||
* Gold is too old - doesn't understand BTI
|
||
* LD crashes on aarch64
|
||
- Re-enable LTO
|
||
- Prepare move to FFmpeg 5 for new channel layout
|
||
(requires 5.1+)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 20 08:05:57 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 103.0.5060.134 (boo#1201679):
|
||
* CVE-2022-2477 : Use after free in Guest View
|
||
* CVE-2022-2478 : Use after free in PDF
|
||
* CVE-2022-2479 : Insufficient validation of untrusted input in File
|
||
* CVE-2022-2480 : Use after free in Service Worker API
|
||
* CVE-2022-2481: Use after free in Views
|
||
* CVE-2022-2163: Use after free in Cast UI and Toolbar
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 9 12:52:33 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 103.0.5060.114 (boo#1201216)
|
||
* CVE-2022-2294: Heap buffer overflow in WebRTC
|
||
* CVE-2022-2295: Type Confusion in V8
|
||
* CVE-2022-2296: Use after free in Chrome OS Shell
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 7 18:07:43 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 103.0.5060.66
|
||
* no upstream release notes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jun 25 10:43:48 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 103.0.5060.53 (boo#1200783)
|
||
* CVE-2022-2156: Use after free in Base
|
||
* CVE-2022-2157: Use after free in Interest groups
|
||
* CVE-2022-2158: Type Confusion in V8
|
||
* CVE-2022-2160: Insufficient policy enforcement in DevTools
|
||
* CVE-2022-2161: Use after free in WebApp Provider
|
||
* CVE-2022-2162: Insufficient policy enforcement in File System API
|
||
* CVE-2022-2163: Use after free in Cast UI and Toolbar
|
||
* CVE-2022-2164: Inappropriate implementation in Extensions API
|
||
* CVE-2022-2165: Insufficient data validation in URL formatting
|
||
- Added patches:
|
||
* chromium-103-FrameLoadRequest-type.patch
|
||
* chromium-103-SubstringSetMatcher-packed.patch
|
||
* chromium-103-VirtualCursor-std-layout.patch
|
||
* chromium-103-compiler.patch
|
||
- Removed patches:
|
||
* chromium-102-compiler.patch
|
||
* chromium-91-sql-standard-layout-type.patch
|
||
* chromium-101-libxml-unbundle.patch
|
||
* chromium-102-fenced_frame_utils-include.patch
|
||
* chromium-102-swiftshader-template-instantiation.patch
|
||
* chromium-102-symbolize-include.patch
|
||
* chromium-97-arm-tflite-cast.patch
|
||
* chromium-97-ScrollView-reference.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 10 15:35:20 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 102.0.5005.115 (boo#1200423)
|
||
* CVE-2022-2007: Use after free in WebGPU
|
||
* CVE-2022-2008: Out of bounds memory access in WebGL
|
||
* CVE-2022-2010: Out of bounds read in compositing
|
||
* CVE-2022-2011: Use after free in ANGLE
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 8 13:40:43 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 1 09:43:54 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Disable ARM control flow integrity, it causes build issues
|
||
at the moment
|
||
- Try a different SVG (black logo on GNOME)
|
||
- Removed patches:
|
||
* chromium-third_party-symbolize-missing-include.patch
|
||
(replaced by chromium-102-symbolize-include.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 27 19:40:42 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 102.0.5001.61 (boo#1199893)
|
||
* CVE-2022-1853: Use after free in Indexed DB
|
||
* CVE-2022-1854: Use after free in ANGLE
|
||
* CVE-2022-1855: Use after free in Messaging
|
||
* CVE-2022-1856: Use after free in User Education
|
||
* CVE-2022-1857: Insufficient policy enforcement in File System API
|
||
* CVE-2022-1858: Out of bounds read in DevTools
|
||
* CVE-2022-1859: Use after free in Performance Manager
|
||
* CVE-2022-1860: Use after free in UI Foundations
|
||
* CVE-2022-1861: Use after free in Sharing
|
||
* CVE-2022-1862: Inappropriate implementation in Extensions
|
||
* CVE-2022-1863: Use after free in Tab Groups
|
||
* CVE-2022-1864: Use after free in WebApp Installs
|
||
* CVE-2022-1865: Use after free in Bookmarks
|
||
* CVE-2022-1866: Use after free in Tablet Mode
|
||
* CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
|
||
* CVE-2022-1868: Inappropriate implementation in Extensions API
|
||
* CVE-2022-1869: Type Confusion in V8
|
||
* CVE-2022-1870: Use after free in App Service
|
||
* CVE-2022-1871: Insufficient policy enforcement in File System API
|
||
* CVE-2022-1872: Insufficient policy enforcement in Extensions API
|
||
* CVE-2022-1873: Insufficient policy enforcement in COOP
|
||
* CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
|
||
* CVE-2022-1875: Inappropriate implementation in PDF
|
||
* CVE-2022-1876: Heap buffer overflow in DevTools
|
||
- Added patches:
|
||
* chromium-102-compiler.patch
|
||
* chromium-102-fenced_frame_utils-include.patch
|
||
* chromium-102-regex_pattern-array.patch
|
||
* chromium-102-swiftshader-template-instantiation.patch
|
||
* chromium-102-symbolize-include.patch
|
||
* ffmpeg-new-channel-layout.patch
|
||
- Removed patches:
|
||
* chromium-100-compiler.patch
|
||
* chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
|
||
* chromium-95-quiche-include.patch
|
||
* chromium-fix-swiftshader-template.patch
|
||
* chromium-missing-include-tuple.patch
|
||
* chromium-webrtc-stats-missing-vector.patch
|
||
* chromium-101-segmentation_platform-type.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 15 09:03:28 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 101.0.4951.67
|
||
* fixes for other platforms
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 11 06:33:01 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 101.0.4951.64 (boo#1199409)
|
||
* CVE-2022-1633: Use after free in Sharesheet
|
||
* CVE-2022-1634: Use after free in Browser UI
|
||
* CVE-2022-1635: Use after free in Permission Prompts
|
||
* CVE-2022-1636: Use after free in Performance APIs
|
||
* CVE-2022-1637: Inappropriate implementation in Web Contents
|
||
* CVE-2022-1638: Heap buffer overflow in V8 Internationalization
|
||
* CVE-2022-1639: Use after free in ANGLE
|
||
* CVE-2022-1640: Use after free in Sharing
|
||
* CVE-2022-1641: Use after free in Web UI Diagnostics
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 4 09:34:58 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 101.0.4951.54 (boo#1199118)
|
||
- Chromium 101.0.4951.41 (boo#1198917)
|
||
* CVE-2022-1477: Use after free in Vulkan
|
||
* CVE-2022-1478: Use after free in SwiftShader
|
||
* CVE-2022-1479: Use after free in ANGLE
|
||
* CVE-2022-1480: Use after free in Device API
|
||
* CVE-2022-1481: Use after free in Sharing
|
||
* CVE-2022-1482: Inappropriate implementation in WebGL
|
||
* CVE-2022-1483: Heap buffer overflow in WebGPU
|
||
* CVE-2022-1484: Heap buffer overflow in Web UI Settings
|
||
* CVE-2022-1485: Use after free in File System API
|
||
* CVE-2022-1486: Type Confusion in V8
|
||
* CVE-2022-1487: Use after free in Ozone
|
||
* CVE-2022-1488: Inappropriate implementation in Extensions API
|
||
* CVE-2022-1489: Out of bounds memory access in UI Shelf
|
||
* CVE-2022-1490: Use after free in Browser Switcher
|
||
* CVE-2022-1491: Use after free in Bookmarks
|
||
* CVE-2022-1492: Insufficient data validation in Blink Editing
|
||
* CVE-2022-1493: Use after free in Dev Tools
|
||
* CVE-2022-1494: Insufficient data validation in Trusted Types
|
||
* CVE-2022-1495: Incorrect security UI in Downloads
|
||
* CVE-2022-1496: Use after free in File Manager
|
||
* CVE-2022-1497: Inappropriate implementation in Input
|
||
* CVE-2022-1498: Inappropriate implementation in HTML Parser
|
||
* CVE-2022-1499: Inappropriate implementation in WebAuthentication
|
||
* CVE-2022-1500: Insufficient data validation in Dev Tools
|
||
* CVE-2022-1501: Inappropriate implementation in iframe
|
||
- Added patches:
|
||
* chromium-101-libxml-unbundle.patch
|
||
* chromium-101-segmentation_platform-type.patch
|
||
- Removed patches:
|
||
* chromium-100-SCTHashdanceMetadata-move.patch
|
||
* chromium-100-GLImplementationParts-constexpr.patch
|
||
* chromium-100-macro-typo.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 21 10:04:22 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Fixes for go 1.18
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 15 07:29:35 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 100.0.4896.127 (boo#1198509)
|
||
* CVE-2022-1364: Type Confusion in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 12 05:02:45 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 100.0.4896.88 (boo#1198361)
|
||
* CVE-2022-1305: Use after free in storage
|
||
* CVE-2022-1306: Inappropriate implementation in compositing
|
||
* CVE-2022-1307: Inappropriate implementation in full screen
|
||
* CVE-2022-1308: Use after free in BFCache
|
||
* CVE-2022-1309: Insufficient policy enforcement in developer tools
|
||
* CVE-2022-1310: Use after free in regular expressions
|
||
* CVE-2022-1311: Use after free in Chrome OS shell
|
||
* CVE-2022-1312: Use after free in storage
|
||
* CVE-2022-1313: Use after free in tab groups
|
||
* CVE-2022-1314: Type Confusion in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 10 13:52:31 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Patches for GCC 12:
|
||
* chromium-fix-swiftshader-template.patch
|
||
* chromium-missing-include-tuple.patch
|
||
* chromium-webrtc-stats-missing-vector.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 5 02:11:03 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 100.0.4896.75:
|
||
* CVE-2022-1232: Type Confusion in V8 (boo#1198053)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 30 16:25:44 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 100.0.4896.60 (boo#1197680)
|
||
* CVE-2022-1125: Use after free in Portals
|
||
* CVE-2022-1127: Use after free in QR Code Generator
|
||
* CVE-2022-1128: Inappropriate implementation in Web Share API
|
||
* CVE-2022-1129: Inappropriate implementation in Full Screen Mode
|
||
* CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
|
||
* CVE-2022-1131: Use after free in Cast UI
|
||
* CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
|
||
* CVE-2022-1133: Use after free in WebRTC
|
||
* CVE-2022-1134: Type Confusion in V8
|
||
* CVE-2022-1135: Use after free in Shopping Cart
|
||
* CVE-2022-1136: Use after free in Tab Strip
|
||
* CVE-2022-1137: Inappropriate implementation in Extensions
|
||
* CVE-2022-1138: Inappropriate implementation in Web Cursor
|
||
* CVE-2022-1139: Inappropriate implementation in Background Fetch API
|
||
* CVE-2022-1141: Use after free in File Manager
|
||
* CVE-2022-1142: Heap buffer overflow in WebUI
|
||
* CVE-2022-1143: Heap buffer overflow in WebUI
|
||
* CVE-2022-1144: Use after free in WebUI
|
||
* CVE-2022-1145: Use after free in Extensions
|
||
* CVE-2022-1146: Inappropriate implementation in Resource Timing
|
||
- Added patches:
|
||
* chromium-100-compiler.patch
|
||
* chromium-100-GLImplementationParts-constexpr.patch
|
||
* chromium-100-InMilliseconds-constexpr.patch
|
||
* chromium-100-SCTHashdanceMetadata-move.patch
|
||
* chromium-100-macro-typo.patch
|
||
- Removed patches:
|
||
* chromium-98-compiler.patch
|
||
* chromium-86-nearby-explicit.patch
|
||
* chromium-glibc-2.34.patch
|
||
* chromium-v8-missing-utility-include.patch
|
||
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 29 09:23:28 UTC 2022 - Andreas Schwab <schwab@suse.de>
|
||
|
||
- Update disk constraints
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 26 15:10:15 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 99.0.4844.84:
|
||
* CVE-2022-1096: Type Confusion in V8 (boo#1197552)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 21 05:07:25 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 99.0.4844.82:
|
||
* Fix potential problem in Hangouts (boo#1197332)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 16 09:36:49 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 99.0.4844.74 (boo#1197163)
|
||
* CVE-2022-0971: Use after free in Blink Layout
|
||
* CVE-2022-0972: Use after free in Extensions
|
||
* CVE-2022-0973: Use after free in Safe Browsing
|
||
* CVE-2022-0974: Use after free in Splitscreen
|
||
* CVE-2022-0975: Use after free in ANGLE
|
||
* CVE-2022-0976: Heap buffer overflow in GPU
|
||
* CVE-2022-0977: Use after free in Browser UI
|
||
* CVE-2022-0978: Use after free in ANGLE
|
||
* CVE-2022-0979: Use after free in Safe Browsing
|
||
* CVE-2022-0980: Use after free in New Tab Page
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 4 10:46:36 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 99.0.4844.51 (boo#1196641)
|
||
* CVE-2022-0789: Heap buffer overflow in ANGLE
|
||
* CVE-2022-0790: Use after free in Cast UI
|
||
* CVE-2022-0791: Use after free in Omnibox
|
||
* CVE-2022-0792: Out of bounds read in ANGLE
|
||
* CVE-2022-0793: Use after free in Views
|
||
* CVE-2022-0794: Use after free in WebShare
|
||
* CVE-2022-0795: Type Confusion in Blink Layout
|
||
* CVE-2022-0796: Use after free in Media
|
||
* CVE-2022-0797: Out of bounds memory access in Mojo
|
||
* CVE-2022-0798: Use after free in MediaStream
|
||
* CVE-2022-0799: Insufficient policy enforcement in Installer
|
||
* CVE-2022-0800: Heap buffer overflow in Cast UI
|
||
* CVE-2022-0801: Inappropriate implementation in HTML parser
|
||
* CVE-2022-0802: Inappropriate implementation in Full screen mode
|
||
* CVE-2022-0803: Inappropriate implementation in Permissions
|
||
* CVE-2022-0804: Inappropriate implementation in Full screen mode
|
||
* CVE-2022-0805: Use after free in Browser Switcher
|
||
* CVE-2022-0806: Data leak in Canvas
|
||
* CVE-2022-0807: Inappropriate implementation in Autofill
|
||
* CVE-2022-0808: Use after free in Chrome OS Shell
|
||
* CVE-2022-0809: Out of bounds memory access in WebXR
|
||
- Removed patches:
|
||
* chromium-96-EnumTable-crash.patch
|
||
* chromium-89-missing-cstring-header.patch
|
||
* chromium-95-libyuv-aarch64.patch
|
||
* chromium-95-libyuv-arm.patch
|
||
* chromium-98-MiraclePtr-gcc-ice.patch
|
||
* chromium-98-WaylandFrameManager-check.patch
|
||
- Added patches:
|
||
* chromium-97-arm-tflite-cast.patch
|
||
* chromium-98-gtk4-build.patch
|
||
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
|
||
* chromium-98-EnumTable-crash.patch
|
||
* chromium-third_party-symbolize-missing-include.patch
|
||
* chromium-v8-missing-utility-include.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 15 19:13:43 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 98.0.4758.102 (boo#1195986)
|
||
* CVE-2022-0603: Use after free in File Manager
|
||
* CVE-2022-0604: Heap buffer overflow in Tab Groups
|
||
* CVE-2022-0605: Use after free in Webstore API
|
||
* CVE-2022-0606: Use after free in ANGLE
|
||
* CVE-2022-0607: Use after free in GPU
|
||
* CVE-2022-0608: Integer overflow in Mojo
|
||
* CVE-2022-0609: Use after free in Animation
|
||
* CVE-2022-0610: Inappropriate implementation in Gamepad API
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 3 19:35:46 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 98.0.4758.80 (boo#1195420)
|
||
* CVE-2022-0452: Use after free in Safe Browsing
|
||
* CVE-2022-0453: Use after free in Reader Mode
|
||
* CVE-2022-0454: Heap buffer overflow in ANGLE
|
||
* CVE-2022-0455: Inappropriate implementation in Full Screen Mode
|
||
* CVE-2022-0456: Use after free in Web Search
|
||
* CVE-2022-0457: Type Confusion in V8
|
||
* CVE-2022-0459: Use after free in Screen Capture
|
||
* CVE-2022-0460: Use after free in Window Dialog
|
||
* CVE-2022-0461: Policy bypass in COOP
|
||
* CVE-2022-0462: Inappropriate implementation in Scroll
|
||
* CVE-2022-0463: Use after free in Accessibility
|
||
* CVE-2022-0464: Use after free in Accessibility
|
||
* CVE-2022-0465: Use after free in Extensions
|
||
* CVE-2022-0466: Inappropriate implementation in Extensions Platform
|
||
* CVE-2022-0467: Inappropriate implementation in Pointer Lock
|
||
* CVE-2022-0468: Use after free in Payments
|
||
* CVE-2022-0469: Use after free in Cast
|
||
* CVE-2022-0470: Out of bounds memory access in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- drop upstreamed patches:
|
||
* chromium-97-Point-constexpr.patch
|
||
- add patches:
|
||
* chromium-98-MiraclePtr-gcc-ice.patch
|
||
* chromium-98-WaylandFrameManager-check.patch
|
||
- change chromium-97-compiler.patch to chromium-98-compiler.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 21 06:43:25 UTC 2022 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 97.0.4692.99 (boo#1194919):
|
||
* CVE-2022-0289: Use after free in Safe browsing
|
||
* CVE-2022-0290: Use after free in Site isolation
|
||
* CVE-2022-0291: Inappropriate implementation in Storage
|
||
* CVE-2022-0292: Inappropriate implementation in Fenced Frames
|
||
* CVE-2022-0293: Use after free in Web packaging
|
||
* CVE-2022-0294: Inappropriate implementation in Push messaging
|
||
* CVE-2022-0295: Use after free in Omnibox
|
||
* CVE-2022-0296: Use after free in Printing
|
||
* CVE-2022-0297: Use after free in Vulkan
|
||
* CVE-2022-0298: Use after free in Scheduling
|
||
* CVE-2022-0300: Use after free in Text Input Method Editor
|
||
* CVE-2022-0301: Heap buffer overflow in DevTools
|
||
* CVE-2022-0302: Use after free in Omnibox
|
||
* CVE-2022-0303: Race in GPU Watchdog
|
||
* CVE-2022-0304: Use after free in Bookmarks
|
||
* CVE-2022-0305: Inappropriate implementation in Service Worker API
|
||
* CVE-2022-0306: Heap buffer overflow in PDFium
|
||
* CVE-2022-0307: Use after free in Optimization Guide
|
||
* CVE-2022-0308: Use after free in Data Transfer
|
||
* CVE-2022-0309: Inappropriate implementation in Autofill
|
||
* CVE-2022-0310: Heap buffer overflow in Task Manager
|
||
* CVE-2022-0311: Heap buffer overflow in Task Manager
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- drop upstreamed patches:
|
||
* fix-tag-dragging-in-Mutter.patch
|
||
* fix-tag-dragging-in-KWin.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 20 09:46:50 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Revert chromium-94-ffmpeg-roll.patch on TW: fix moved to
|
||
FFmpeg
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 11 20:00:16 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 97.0.4692.71 (boo#1194331):
|
||
* CVE-2022-0096: Use after free in Storage
|
||
* CVE-2022-0097: Inappropriate implementation in DevTools
|
||
* CVE-2022-0098: Use after free in Screen Capture
|
||
* CVE-2022-0099: Use after free in Sign-in
|
||
* CVE-2022-0100: Heap buffer overflow in Media streams API
|
||
* CVE-2022-0101: Heap buffer overflow in Bookmarks
|
||
* CVE-2022-0102: Type Confusion in V8
|
||
* CVE-2022-0103: Use after free in SwiftShader
|
||
* CVE-2022-0104: Heap buffer overflow in ANGLE
|
||
* CVE-2022-0105: Use after free in PDF
|
||
* CVE-2022-0106: Use after free in Autofill
|
||
* CVE-2022-0107: Use after free in File Manager API
|
||
* CVE-2022-0108: Inappropriate implementation in Navigation
|
||
* CVE-2022-0109: Inappropriate implementation in Autofill
|
||
* CVE-2022-0110: Incorrect security UI in Autofill
|
||
* CVE-2022-0111: Inappropriate implementation in Navigation
|
||
* CVE-2022-0112: Incorrect security UI in Browser UI
|
||
* CVE-2022-0113: Inappropriate implementation in Blink
|
||
* CVE-2022-0114: Out of bounds memory access in Web Serial
|
||
* CVE-2022-0115: Uninitialized Use in File API
|
||
* CVE-2022-0116: Inappropriate implementation in Compositing
|
||
* CVE-2022-0117: Policy bypass in Service Workers
|
||
* CVE-2022-0118: Inappropriate implementation in WebShare
|
||
* CVE-2022-0120: Inappropriate implementation in Passwords
|
||
- Removed patches:
|
||
* chromium-96-CommandLine-include.patch
|
||
* chromium-96-RestrictedCookieManager-tuple.patch
|
||
* chromium-96-DrmRenderNodePathFinder-include.patch
|
||
* chromium-96-CouponDB-include.patch
|
||
* chromium-96-freetype-unbundle.patch
|
||
* chromium-96-compiler.patch
|
||
* chromium-vaapi.patch
|
||
* chromium-86-nearby-include.patch
|
||
- Added patches:
|
||
* chromium-97-compiler.patch
|
||
* chromium-97-Point-constexpr.patch
|
||
* chromium-97-ScrollView-reference.patch
|
||
* chromium-95-libyuv-arm.patch
|
||
* fix-tag-dragging-in-KWin.patch
|
||
* fix-tag-dragging-in-Mutter.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 30 15:30:19 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Revert wayland fixes because it doesn't handle GPU correctly
|
||
(boo#1194182)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 30 08:38:17 UTC 2021 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Use GCC 11, but disable LTO (boo#1194055).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 29 12:23:48 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Use our own copy of the wrapper so that we can use the fixes
|
||
for Wayland
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 26 23:02:18 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Define GNU_SOURCE and fix the below patched issues
|
||
- Removed patches:
|
||
* chromium-86-f_seal.patch
|
||
* chromium-90-fseal.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 24 11:24:13 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Added patches:
|
||
* chromium-96-freetype-unbundle.patch
|
||
* chromium-96-EnumTable-crash.patch
|
||
- Unbundle freetype on TW
|
||
- Unbundle icu on 15.4
|
||
- Disable lto and update _constraints on aarch64
|
||
- Remove MEIPreload: it gets installed through component updater
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 15 10:54:35 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Revert to gcc10 on TW: gcc11 is entirely broken
|
||
- No auto thread LTO: linker crash on ARM
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 14 15:24:47 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 96.0.4664.110 (boo#1193713):
|
||
* CVE-2021-4098: Insufficient data validation in Mojo
|
||
* CVE-2021-4099: Use after free in Swiftshader
|
||
* CVE-2021-4100: Object lifecycle issue in ANGLE
|
||
* CVE-2021-4101: Heap buffer overflow in Swiftshader
|
||
* CVE-2021-4102: Use after free in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 9 09:49:23 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Lord of the Browsers: The Two Compilers:
|
||
* Go back to GCC
|
||
* GCC: LTO removes needed assembly symbols
|
||
* Clang: issues with libstdc++
|
||
- Chromium 96.0.4664.93 (boo#1193519):
|
||
* CVE-2021-4052: Use after free in web apps
|
||
* CVE-2021-4053: Use after free in UI
|
||
* CVE-2021-4079: Out of bounds write in WebRTC
|
||
* CVE-2021-4054: Incorrect security UI in autofill
|
||
* CVE-2021-4078: Type confusion in V8
|
||
* CVE-2021-4055: Heap buffer overflow in extensions
|
||
* CVE-2021-4056: Type Confusion in loader
|
||
* CVE-2021-4057: Use after free in file API
|
||
* CVE-2021-4058: Heap buffer overflow in ANGLE
|
||
* CVE-2021-4059: Insufficient data validation in loader
|
||
* CVE-2021-4061: Type Confusion in V8
|
||
* CVE-2021-4062: Heap buffer overflow in BFCache
|
||
* CVE-2021-4063: Use after free in developer tools
|
||
* CVE-2021-4064: Use after free in screen capture
|
||
* CVE-2021-4065: Use after free in autofill
|
||
* CVE-2021-4066: Integer underflow in ANGLE
|
||
* CVE-2021-4067: Use after free in window manager
|
||
* CVE-2021-4068: Insufficient validation of untrusted input in new tab page
|
||
- Chromium 96.0.4664.45 (boo#1192734):
|
||
* CVE-2021-38007: Type Confusion in V8
|
||
* CVE-2021-38008: Use after free in media
|
||
* CVE-2021-38009: Inappropriate implementation in cache
|
||
* CVE-2021-38006: Use after free in storage foundation
|
||
* CVE-2021-38005: Use after free in loader
|
||
* CVE-2021-38010: Inappropriate implementation in service workers
|
||
* CVE-2021-38011: Use after free in storage foundation
|
||
* CVE-2021-38012: Type Confusion in V8
|
||
* CVE-2021-38013: Heap buffer overflow in fingerprint recognition
|
||
* CVE-2021-38014: Out of bounds write in Swiftshader
|
||
* CVE-2021-38015: Inappropriate implementation in input
|
||
* CVE-2021-38016: Insufficient policy enforcement in background fetch
|
||
* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
|
||
* CVE-2021-38018: Inappropriate implementation in navigation
|
||
* CVE-2021-38019: Insufficient policy enforcement in CORS
|
||
* CVE-2021-38020: Insufficient policy enforcement in contacts picker
|
||
* CVE-2021-38021: Inappropriate implementation in referrer
|
||
* CVE-2021-38022: Inappropriate implementation in WebAuthentication
|
||
- Removed old patches:
|
||
* chromium-95-compiler.patch
|
||
* chromium-95-BitstreamReader-namespace.patch
|
||
* chromium-95-system-zlib.patch
|
||
* chromium-older-harfbuzz.patch
|
||
* pipewire-do-not-typecheck-the-portal-session_handle.patch
|
||
- Removed build breaking patches:
|
||
* chromium-93-EnumTable-crash.patch
|
||
- Added patches:
|
||
* chromium-96-compiler.patch
|
||
* chromium-96-CommandLine-include.patch
|
||
* chromium-96-RestrictedCookieManager-tuple.patch
|
||
* chromium-96-DrmRenderNodePathFinder-include.patch
|
||
* chromium-96-CouponDB-include.patch
|
||
- Changed patches:
|
||
* gcc-enable-lto.patch: see above
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 19 09:32:39 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Ensure newer libs and LLVM is used on Leap (boo#1192310)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 17 10:08:55 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
|
||
|
||
- Explicitly BuildRequire python3-six.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 31 07:57:37 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 95.0.4638.69 (boo#1192184):
|
||
* CVE-2021-37997: Use after free in Sign-In
|
||
* CVE-2021-37998: Use after free in Garbage Collection
|
||
* CVE-2021-37999: Insufficient data validation in New Tab Page
|
||
* CVE-2021-38000: Insufficient validation of untrusted input in Intents
|
||
* CVE-2021-38001: Type Confusion in V8
|
||
* CVE-2021-38002: Use after free in Web Transport
|
||
* CVE-2021-38003: Inappropriate implementation in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 24 11:10:51 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 95.0.4638.54 (boo#1191844):
|
||
* CVE-2021-37981: Heap buffer overflow in Skia
|
||
* CVE-2021-37982: Use after free in Incognito
|
||
* CVE-2021-37983: Use after free in Dev Tools
|
||
* CVE-2021-37984: Heap buffer overflow in PDFium
|
||
* CVE-2021-37985: Use after free in V8
|
||
* CVE-2021-37986: Heap buffer overflow in Settings
|
||
* CVE-2021-37987: Use after free in Network APIs
|
||
* CVE-2021-37988: Use after free in Profiles
|
||
* CVE-2021-37989: Inappropriate implementation in Blink
|
||
* CVE-2021-37990: Inappropriate implementation in WebView
|
||
* CVE-2021-37991: Race in V8
|
||
* CVE-2021-37992: Out of bounds read in WebAudio
|
||
* CVE-2021-37993: Use after free in PDF Accessibility
|
||
* CVE-2021-37996: Insufficient validation of untrusted input in Downloads
|
||
* CVE-2021-37994: Inappropriate implementation in iFrame Sandbox
|
||
* CVE-2021-37995: Inappropriate implementation in WebApp Installer
|
||
- Added patches:
|
||
* chromium-95-BitstreamReader-namespace.patch
|
||
* chromium-95-compiler.patch
|
||
* chromium-95-libyuv-aarch64.patch
|
||
* chromium-95-quiche-include.patch
|
||
* chromium-95-system-zlib.patch
|
||
- Removed patches:
|
||
* chromium-94-compiler.patch
|
||
* chromium-91-libyuv-aarch64.patch
|
||
* chromium-90-ruy-include.patch
|
||
* chromium-94-CustomSpaces-include.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 16 13:13:25 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Remove Python 2 requirement
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 9 19:13:28 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Disable DCHECK(): that's for debug only
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 9 12:53:41 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add pipewire-do-not-typecheck-the-portal-session_handle.patch:
|
||
fix WebRTC with xdg-desktop-portal 1.10
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 8 19:33:03 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 94.0.4606.81 (boo#1191463):
|
||
* CVE-2021-37977: Use after free in Garbage Collection
|
||
* CVE-2021-37978: Heap buffer overflow in Blink
|
||
* CVE-2021-37979: Heap buffer overflow in WebRTC
|
||
* CVE-2021-37980: Inappropriate implementation in Sandbox
|
||
- Re-add after accidental deletion:
|
||
* chromium-93-InkDropHost-crash.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 3 09:38:33 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 94.0.4606.54 (boo#1190765):
|
||
* CVE-2021-37956: Use after free in Offline use
|
||
* CVE-2021-37957: Use after free in WebGPU
|
||
* CVE-2021-37958: Inappropriate implementation in Navigation
|
||
* CVE-2021-37959: Use after free in Task Manager
|
||
* CVE-2021-37960: Inappropriate implementation in Blink graphics
|
||
* CVE-2021-37961: Use after free in Tab Strip
|
||
* CVE-2021-37962: Use after free in Performance Manager
|
||
* CVE-2021-37963: Side-channel information leakage in DevTools
|
||
* CVE-2021-37964: Inappropriate implementation in ChromeOS Networking
|
||
* CVE-2021-37965: Inappropriate implementation in Background Fetch API
|
||
* CVE-2021-37966: Inappropriate implementation in Compositing
|
||
* CVE-2021-37967: Inappropriate implementation in Background Fetch API
|
||
* CVE-2021-37968: Inappropriate implementation in Background Fetch API
|
||
* CVE-2021-37969: Inappropriate implementation in Google Updater
|
||
* CVE-2021-37970: Use after free in File System API
|
||
* CVE-2021-37971: Incorrect security UI in Web Browser UI
|
||
* CVE-2021-37972: Out of bounds read in libjpeg-turbo
|
||
- Chromium 94.0.4606.61 (boo#1191166):
|
||
* CVE-2021-37973: Use after free in Portals
|
||
- Chromium 94.0.4606.71 (boo#1191204):
|
||
* CVE-2021-37974 : Use after free in Safe Browsing
|
||
* CVE-2021-37975 : Use after free in V8
|
||
* CVE-2021-37976 : Information leak in core
|
||
- Added patches:
|
||
* chromium-94-CustomSpaces-include.patch
|
||
* chromium-94-sql-no-assert.patch
|
||
* chromium-older-harfbuzz.patch
|
||
* chromium-94-ffmpeg-roll.patch
|
||
* chromium-94-compiler.patch
|
||
- Removed patches:
|
||
* chromium-freetype-2.11.patch
|
||
* chromium-93-ContextSet-permissive.patch
|
||
* chromium-93-ClassProperty-include.patch
|
||
* chromium-93-BluetoothLowEnergyScanFilter-include.patch
|
||
* chromium-93-HashPasswordManager-include.patch
|
||
* chromium-93-pdfium-include.patch
|
||
* chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
|
||
* chromium-93-FormForest-constexpr.patch
|
||
* chromium-93-ScopedTestDialogAutoConfirm-include.patch
|
||
* chromium-93-InkDropHost-crash.patch
|
||
* chromium-91-compiler.patch
|
||
* chromium-glibc-2.33.patch
|
||
* chromium-shim_headers.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 18 12:47:15 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add patch to fix Leap 15.2 build:
|
||
* chromium-ffmpeg-lp152.patch
|
||
- Change system-libdrm.patch: add to unbundle instead of changing
|
||
header path
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 15 21:00:27 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 93.0.4577.63 (boo#1190096):
|
||
* CVE-2021-30606: Use after free in Blink
|
||
* CVE-2021-30607: Use after free in Permissions
|
||
* CVE-2021-30608: Use after free in Web Share
|
||
* CVE-2021-30609: Use after free in Sign-In
|
||
* CVE-2021-30610: Use after free in Extensions API
|
||
* CVE-2021-30611: Use after free in WebRTC
|
||
* CVE-2021-30612: Use after free in WebRTC
|
||
* CVE-2021-30613: Use after free in Base internals
|
||
* CVE-2021-30614: Heap buffer overflow in TabStrip
|
||
* CVE-2021-30615: Cross-origin data leak in Navigation
|
||
* CVE-2021-30616: Use after free in Media
|
||
* CVE-2021-30617: Policy bypass in Blink
|
||
* CVE-2021-30618: Inappropriate implementation in DevTools
|
||
* CVE-2021-30619: UI Spoofing in Autofill
|
||
* CVE-2021-30620: Insufficient policy enforcement in Blink
|
||
* CVE-2021-30621: UI Spoofing in Autofill
|
||
* CVE-2021-30622: Use after free in WebApp Installs
|
||
* CVE-2021-30623: Use after free in Bookmarks
|
||
* CVE-2021-30624: Use after free in Autofill
|
||
- Chromium 93.0.4577.82 (boo#1190476):
|
||
* CVE-2021-30625: Use after free in Selection API
|
||
* CVE-2021-30626: Out of bounds memory access in ANGLE
|
||
* CVE-2021-30627: Type Confusion in Blink layout
|
||
* CVE-2021-30628: Stack buffer overflow in ANGLE
|
||
* CVE-2021-30629: Use after free in Permissions
|
||
* CVE-2021-30630: Inappropriate implementation in Blink
|
||
* CVE-2021-30631: Type Confusion in Blink layout
|
||
* CVE-2021-30632: Out of bounds write in V8
|
||
* CVE-2021-30633: Use after free in Indexed DB API
|
||
- Removed patches:
|
||
* chromium-88-gcc-fix-swiftshader-libEGL-visibility.patch
|
||
* chromium-92-v8-constexpr.patch
|
||
* chromium-no-writeprotection.patch
|
||
* chromium-92-EnumTable-crash.patch
|
||
- Added patches:
|
||
* chromium-93-ContextSet-permissive.patch
|
||
* chromium-93-ClassProperty-include.patch
|
||
* chromium-93-BluetoothLowEnergyScanFilter-include.patch
|
||
* chromium-93-HashPasswordManager-include.patch
|
||
* chromium-93-pdfium-include.patch
|
||
* chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
|
||
* chromium-93-FormForest-constexpr.patch
|
||
* chromium-93-ScopedTestDialogAutoConfirm-include.patch
|
||
* chromium-93-InkDropHost-crash.patch
|
||
* chromium-93-ffmpeg-4.4.patch
|
||
* chromium-93-EnumTable-crash.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 29 08:19:56 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Updated chromium-glibc-2.34.patch: Fix PTHREAD_STACK_MIN errors
|
||
with glibc 2.34
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 17 20:28:07 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 92.0.4515.159 (boo#1189490):
|
||
* CVE-2021-30598: Type Confusion in V8
|
||
* CVE-2021-30599: Type Confusion in V8
|
||
* CVE-2021-30600: Use after free in Printing
|
||
* CVE-2021-30601: Use after free in Extensions API
|
||
* CVE-2021-30602: Use after free in WebRTC
|
||
* CVE-2021-30603: Race in WebAudio
|
||
* CVE-2021-30604: Use after free in ANGLE
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 15 16:42:43 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add missing crashpad_handler (boo#1189254)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 6 16:51:50 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 92.0.4515.131 (boo#1189006)
|
||
* CVE-2021-30590: Heap buffer overflow in Bookmarks
|
||
* CVE-2021-30591: Use after free in File System API
|
||
* CVE-2021-30592: Out of bounds write in Tab Groups
|
||
* CVE-2021-30593: Out of bounds read in Tab Strip
|
||
* CVE-2021-30594: Use after free in Page Info UI
|
||
* CVE-2021-30596: Incorrect security UI in Navigation
|
||
* CVE-2021-30597: Use after free in Browser UI
|
||
- Removed patches:
|
||
* chromium-92-GetUsableSize-nullptr.patch
|
||
- Added patches:
|
||
* chromium-no-writeprotection.patch
|
||
* chromium-glibc-2.34.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 1 11:14:20 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Chromium 92.0.4515.107 (boo#1188590)
|
||
* CVE-2021-30565: Out of bounds write in Tab Groups
|
||
* CVE-2021-30566: Stack buffer overflow in Printing
|
||
* CVE-2021-30567: Use after free in DevTools
|
||
* CVE-2021-30568: Heap buffer overflow in WebGL
|
||
* CVE-2021-30569: Use after free in sqlite
|
||
* CVE-2021-30571: Insufficient policy enforcement in DevTools
|
||
* CVE-2021-30572: Use after free in Autofill
|
||
* CVE-2021-30573: Use after free in GPU
|
||
* CVE-2021-30574: Use after free in protocol handling
|
||
* CVE-2021-30575: Out of bounds read in Autofill
|
||
* CVE-2021-30576: Use after free in DevTools
|
||
* CVE-2021-30577: Insufficient policy enforcement in Installer
|
||
* CVE-2021-30578: Uninitialized Use in Media
|
||
* CVE-2021-30579: Use after free in UI framework
|
||
* CVE-2021-30581: Use after free in DevTools
|
||
* CVE-2021-30582: Inappropriate implementation in Animation
|
||
* CVE-2021-30584: Incorrect security UI in Downloads
|
||
* CVE-2021-30585: Use after free in sensor handling
|
||
* CVE-2021-30588: Type Confusion in V8
|
||
* CVE-2021-30589: Insufficient validation of untrusted input in Sharing
|
||
- Switched from GCC+LTO to Clang+ThinLTO due to errors
|
||
- Removed patches:
|
||
* chromium-90-compiler.patch
|
||
* chromium-89-EnumTable-crash.patch
|
||
* chromium-86-ConsumeDurationNumber-constexpr.patch
|
||
* chromium-lp152-missing-includes.patch
|
||
* chromium-91-GCC_fix_vector_types_in_pcscan.patch
|
||
* chromium-91-system-icu.patch
|
||
* chromium-91-1190561-boo1186948.patch
|
||
- Added patches:
|
||
* chromium-91-compiler.patch
|
||
* chromium-92-EnumTable-crash.patch
|
||
* chromium-92-v8-constexpr.patch
|
||
* chromium-92-GetUsableSize-nullptr.patch
|
||
* chromium-freetype-2.11.patch
|
||
* chromium-clang-nomerge.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 17 18:17:02 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- chromium 91.0.4472.164 (boo#1188373)
|
||
* CVE-2021-30559: Out of bounds write in ANGLE
|
||
* CVE-2021-30541: Use after free in V8
|
||
* CVE-2021-30560: Use after free in Blink XSLT
|
||
* CVE-2021-30561: Type Confusion in V8
|
||
* CVE-2021-30562: Use after free in WebSerial
|
||
* CVE-2021-30563: Type Confusion in V8
|
||
* CVE-2021-30564: Heap buffer overflow in WebXR
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 5 09:03:02 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add chromium-91-sql-standard-layout-type.patch: to fix SQL being
|
||
incorrect with libstdc++ 11
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 21 18:29:12 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- fix crash upon exit boo#1186948
|
||
add chromium-91-1190561-boo1186948.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 18 09:05:03 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 91.0.4472.114 (boo#1187481)
|
||
* CVE-2021-30554: Use after free in WebGL
|
||
* CVE-2021-30555: Use after free in Sharing
|
||
* CVE-2021-30556: Use after free in WebAudio
|
||
* CVE-2021-30557: Use after free in TabGroups
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 16 17:37:29 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 91.0.4472.106
|
||
* Fix use-after-free in SendTabToSelfSubMenuModel
|
||
* Destroy system-token NSSCertDatabase on the IO thread
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 9 20:26:43 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 91.0.4472.101 (boo#1187141)
|
||
* CVE-2021-30544: Use after free in BFCache
|
||
* CVE-2021-30545: Use after free in Extensions
|
||
* CVE-2021-30546: Use after free in Autofill
|
||
* CVE-2021-30547: Out of bounds write in ANGLE
|
||
* CVE-2021-30548: Use after free in Loader
|
||
* CVE-2021-30549: Use after free in Spell check
|
||
* CVE-2021-30550: Use after free in Accessibility
|
||
* CVE-2021-30551: Type Confusion in V8
|
||
* CVE-2021-30552: Use after free in Extensions
|
||
* CVE-2021-30553: Use after free in Network service
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 3 12:11:18 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add README.SUSE
|
||
- Fix aarch64 build:
|
||
* chromium-91-libyuv-aarch64.patch
|
||
* Update highway to 0.12.2 (arm only)
|
||
- Add -flax-vector-conversions to build flags
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 27 05:12:18 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 91.0.4472.77 (boo#1186458):
|
||
* Support Managed configuration API for Web Applications
|
||
* WebOTP API: cross-origin iframe support
|
||
* CSS custom counter styles
|
||
* Support JSON Modules
|
||
* Clipboard: read-only files support
|
||
* Remove webkitBeforeTextInserted & webkitEditableCOntentChanged
|
||
JS events
|
||
* Honor media HTML attribute for link icon
|
||
* Import Assertions
|
||
* Class static initializer blocks
|
||
* Ergonomic brand checks for private fields
|
||
* Expose WebAssembly SIMD
|
||
* New Feature: WebTransport
|
||
* ES Modules for service workers ('module' type option)
|
||
* Suggested file name and location for the File System Access API
|
||
* adaptivePTime property for RTCRtpEncodingParameters
|
||
* Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack
|
||
* Support WebSockets over HTTP/2
|
||
* Support 103 Early Hints for Navigation
|
||
* CVE-2021-30521: Heap buffer overflow in Autofill
|
||
* CVE-2021-30522: Use after free in WebAudio
|
||
* CVE-2021-30523: Use after free in WebRTC
|
||
* CVE-2021-30524: Use after free in TabStrip
|
||
* CVE-2021-30525: Use after free in TabGroups
|
||
* CVE-2021-30526: Out of bounds write in TabStrip
|
||
* CVE-2021-30527: Use after free in WebUI
|
||
* CVE-2021-30528: Use after free in WebAuthentication
|
||
* CVE-2021-30529: Use after free in Bookmarks
|
||
* CVE-2021-30530: Out of bounds memory access in WebAudio
|
||
* CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
|
||
* CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
|
||
* CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
|
||
* CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
|
||
* CVE-2021-30535: Double free in ICU
|
||
* CVE-2021-21212: Insufficient data validation in networking
|
||
* CVE-2021-30536: Out of bounds read in V8
|
||
* CVE-2021-30537: Insufficient policy enforcement in cookies
|
||
* CVE-2021-30538: Insufficient policy enforcement in content security policy
|
||
* CVE-2021-30539: Insufficient policy enforcement in content security policy
|
||
* CVE-2021-30540: Incorrect security UI in payments
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
* drop chromium-90-TokenizedOutput-include.patch
|
||
* drop chromium-90-CrossThreadCopier-qualification.patch
|
||
* drop chromium-90-quantization_utils-include.patch
|
||
* drop chromium-90-angle-constexpr.patch
|
||
* add chromium-91-java-only-allowed-in-android-builds.patch
|
||
* add chromium-91-GCC_fix_vector_types_in_pcscan.patch
|
||
* add chromium-91-system-icu.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 17 10:44:26 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||
|
||
- use asimdrdm CPU flag for aarch64 to select only more powerful buildhosts.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 11 10:59:27 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 90.0.4430.212 (boo#1185908)
|
||
* CVE-2021-30506: Incorrect security UI in Web App Installs
|
||
* CVE-2021-30507: Inappropriate implementation in Offline
|
||
* CVE-2021-30508: Heap buffer overflow in Media Feeds
|
||
* CVE-2021-30509: Out of bounds write in Tab Strip
|
||
* CVE-2021-30510: Race in Aura
|
||
* CVE-2021-30511: Out of bounds read in Tab Group
|
||
* CVE-2021-30512: Use after free in Notifications
|
||
* CVE-2021-30513: Type Confusion in V8
|
||
* CVE-2021-30514: Use after free in Autofill
|
||
* CVE-2021-30515: Use after free in File API
|
||
* CVE-2021-30516: Heap buffer overflow in History
|
||
* CVE-2021-30517: Type Confusion in V8
|
||
* CVE-2021-30518: Heap buffer overflow in Reader Mode
|
||
* CVE-2021-30519: Use after free in Payments
|
||
* CVE-2021-30520: Use after free in Tab Strip
|
||
- FTP support disabled at runtime by default since release 88.
|
||
Chromium 91 will remove support for ftp altogether
|
||
(boo#1185496)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 6 15:45:57 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
* Patch change *
|
||
- Fix build with GCC 11 again (bsc#1185716)
|
||
- Remove chromium-88-compiler.patch
|
||
- Remove chromium-90-cstdint.patch
|
||
- Remove chromium-90-gslang-linkage-fixup.patch
|
||
- Added chromium-90-compiler.patch
|
||
- Added chromium-90-angle-constexpr.patch
|
||
- Added chromium-90-TokenizedOutput-include.patch
|
||
- Added chromium-90-ruy-include.patch
|
||
- Added chromium-90-CrossThreadCopier-qualification.patch
|
||
- Added chromium-90-quantization_utils-include.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 28 08:53:55 UTC 2021 - Marcus Meissner <meissner@suse.com>
|
||
|
||
- Chromium 90.0.4430.93 (boo#1185398):
|
||
- CVE-2021-21227: Insufficient data validation in V8.
|
||
- CVE-2021-21232: Use after free in Dev Tools.
|
||
- CVE-2021-21233: Heap buffer overflow in ANGLE.
|
||
- CVE-2021-21228: Insufficient policy enforcement in extensions.
|
||
- CVE-2021-21229: Incorrect security UI in downloads.
|
||
- CVE-2021-21230: Type Confusion in V8.
|
||
- CVE-2021-21231: Insufficient data validation in V8.
|
||
|
||
- Reference: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 21 07:43:59 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 90.0.4430.85 (boo#1185047):
|
||
* CVE-2021-21222: Heap buffer overflow in V8
|
||
* CVE-2021-21223: Integer overflow in Mojo
|
||
* CVE-2021-21224: Type Confusion in V8
|
||
* CVE-2021-21225: Out of bounds memory access in V8
|
||
* CVE-2021-21226: Use after free in navigation
|
||
- Chromium 90.0.4430.72 (boo#1184764):
|
||
* CVE-2021-21201: Use after free in permissions
|
||
* CVE-2021-21202: Use after free in extensions
|
||
* CVE-2021-21203: Use after free in Blink
|
||
* CVE-2021-21204: Use after free in Blink
|
||
* CVE-2021-21205: Insufficient policy enforcement in navigation
|
||
* CVE-2021-21221: Insufficient validation of untrusted input in Mojo
|
||
* CVE-2021-21207: Use after free in IndexedDB
|
||
* CVE-2021-21208: Insufficient data validation in QR scanner
|
||
* CVE-2021-21209: Inappropriate implementation in storage
|
||
* CVE-2021-21210: Inappropriate implementation in Network
|
||
* CVE-2021-21211: Inappropriate implementation in Navigatio
|
||
* CVE-2021-21212: Incorrect security UI in Network Config UI
|
||
* CVE-2021-21213: Use after free in WebMIDI
|
||
* CVE-2021-21214: Use after free in Network API
|
||
* CVE-2021-21215: Inappropriate implementation in Autofill
|
||
* CVE-2021-21216: Inappropriate implementation in Autofill
|
||
* CVE-2021-21217: Uninitialized Use in PDFium
|
||
* CVE-2021-21218: Uninitialized Use in PDFium
|
||
* CVE-2021-21219: Uninitialized Use in PDFiu
|
||
* drop chromium-89-quiche-private.patch
|
||
* drop chromium-89-quiche-dcheck.patch
|
||
* drop chromium-89-skia-CropRect.patch
|
||
* drop chromium-89-dawn-include.patch
|
||
* drop chromium-89-webcodecs-deps.patch
|
||
* drop chromium-89-AXTreeSerializer-include.patch
|
||
* drop libva-2.11.patch
|
||
* drop libva-2.11-nolegacy.patch
|
||
* drop chromium-84-blink-disable-clang-format.patch
|
||
- chromium-90-gslang-linkage-fixup.patch: fixed a weird static/nonpic error
|
||
- chromium-90-cstdint.patch: some cstd includes added
|
||
- chromium-90-fseal.patch: F_SEAL defines added
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 14 16:09:27 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 89.0.4389.128 (boo#1184700):
|
||
* CVE-2021-21206: Use after free in blink
|
||
* CVE-2021-21220: Insufficient validation of untrusted input in
|
||
v8 for x86_64
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 3 17:41:28 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 89.0.4389.114 bsc#1184256
|
||
- CVE-2021-21194: Use after free in screen capture
|
||
- CVE-2021-21195: Use after free in V8
|
||
- CVE-2021-21196: Heap buffer overflow in TabStrip
|
||
- CVE-2021-21197: Heap buffer overflow in TabStrip
|
||
- CVE-2021-21198: Out of bounds read in IPC
|
||
- CVE-2021-21199: Use Use after free in Aura
|
||
- Add libva-2.11.patch to fix build with libva <2.11
|
||
- Add libva-2.11-nolegacy.patch to fix build with libva 2.11
|
||
- Remove x11-ozone-fix-two-edge-cases.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 15 10:55:23 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 89.0.4389.90 bsc#1183515
|
||
- CVE-2021-21191: Use after free in WebRTC.
|
||
- CVE-2021-21192: Heap buffer overflow in tab groups.
|
||
- CVE-2021-21193: Use after free in Blink.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 11 18:03:38 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 89.0.4389.82
|
||
- Add x11-ozone-fix-two-edge-cases.patch to fix tab drag errors
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 5 11:44:48 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 89.0.4389.72 bsc#1182960
|
||
- CVE-2021-21159: Heap buffer overflow in TabStrip.
|
||
- CVE-2021-21160: Heap buffer overflow in WebAudio.
|
||
- CVE-2021-21161: Heap buffer overflow in TabStrip.
|
||
- CVE-2021-21162: Use after free in WebRTC.
|
||
- CVE-2021-21163: Insufficient data validation in Reader Mode.
|
||
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
|
||
- CVE-2021-21165: Object lifecycle issue in audio.
|
||
- CVE-2021-21166: Object lifecycle issue in audio.
|
||
- CVE-2021-21167: Use after free in bookmarks.
|
||
- CVE-2021-21168: Insufficient policy enforcement in appcache.
|
||
- CVE-2021-21169: Out of bounds memory access in V8.
|
||
- CVE-2021-21170: Incorrect security UI in Loader.
|
||
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
|
||
- CVE-2021-21172: Insufficient policy enforcement in File System API.
|
||
- CVE-2021-21173: Side-channel information leakage in Network Internals.
|
||
- CVE-2021-21174: Inappropriate implementation in Referrer.
|
||
- CVE-2021-21175: Inappropriate implementation in Site isolation.
|
||
- CVE-2021-21176: Inappropriate implementation in full screen mode.
|
||
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
|
||
- CVE-2021-21178: Inappropriate implementation in Compositing.
|
||
- CVE-2021-21179: Use after free in Network Internals.
|
||
- CVE-2021-21180: Use after free in tab search.
|
||
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
|
||
- CVE-2021-21181: Side-channel information leakage in autofill.
|
||
- CVE-2021-21182: Insufficient policy enforcement in navigations.
|
||
- CVE-2021-21183: Inappropriate implementation in performance APIs.
|
||
- CVE-2021-21184: Inappropriate implementation in performance APIs.
|
||
- CVE-2021-21185: Insufficient policy enforcement in extensions.
|
||
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
|
||
- CVE-2021-21187: Insufficient data validation in URL formatting.
|
||
- CVE-2021-21188: Use after free in Blink.
|
||
- CVE-2021-21189: Insufficient policy enforcement in payments.
|
||
- CVE-2021-21190: Uninitialized Use in PDFium.
|
||
- Added patches:
|
||
- chromium-89-quiche-private.patch
|
||
- chromium-89-quiche-dcheck.patch
|
||
- chromium-89-skia-CropRect.patch
|
||
- chromium-89-dawn-include.patch
|
||
- chromium-89-webcodecs-deps.patch
|
||
- chromium-89-EnumTable-crash.patch
|
||
- chromium-shim_headers.patch
|
||
- chromium-89-missing-cstring-header.patch
|
||
- chromium-89-AXTreeSerializer-include.patch
|
||
- chromium-88-gcc-fix-swiftshader-libEGL-visibility.patch
|
||
(bsc#1182775)
|
||
- Removed patches:
|
||
- chromium-fix-char_traits.patch
|
||
- build-with-pipewire-0.3.patch
|
||
- chromium-79-gcc-protobuf-alignas.patch
|
||
- chromium-87-CursorFactory-include.patch
|
||
- chromium-87-openscreen-include.patch
|
||
- chromium-88-vaapi-attribute.patch
|
||
- chromium-88-ozone-deps.patch
|
||
- chromium-87-webcodecs-deps.patch
|
||
- chromium-88-ityp-include.patch
|
||
- chromium-88-AXTreeFormatter-include.patch
|
||
- chromium-88-BookmarkModelObserver-include.patch
|
||
- chromium-88-federated_learning-include.patch
|
||
- chromium-88-ideographicSpaceCharacter.patch
|
||
- chromium-88-StringPool-include.patch
|
||
- chromium-88-dawn-static.patch
|
||
- chromium-88-CompositorFrameReporter-dcheck.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 17 11:41:49 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 88.0.4324.182 bsc#1182358
|
||
- CVE-2021-21149: Stack overflow in Data Transfer.
|
||
- CVE-2021-21150: Use after free in Downloads.
|
||
- CVE-2021-21151: Use after free in Payments.
|
||
- CVE-2021-21152: Heap buffer overflow in Media.
|
||
- CVE-2021-21153: Stack overflow in GPU Process.
|
||
- CVE-2021-21154: Heap buffer overflow in Tab Strip.
|
||
- CVE-2021-21155: Heap buffer overflow in Tab Strip.
|
||
- CVE-2021-21156: Heap buffer overflow in V8.
|
||
- CVE-2021-21157: Use after free in Web Sockets.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 15 07:53:24 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Add chromium-glibc-2.33.patch: fix Sandbox with glibc 2.33
|
||
(bsc#1182233)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 6 13:26:42 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 88.0.4324.150 bsc#1181827
|
||
- CVE-2021-21148: Heap buffer overflow in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 4 10:09:32 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 88.0.4324.146 bsc#1181772
|
||
- CVE-2021-21142: Use after free in Payments
|
||
- CVE-2021-21143: Heap buffer overflow in Extensions
|
||
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
|
||
- CVE-2021-21145: Use after free in Fonts
|
||
- CVE-2021-21146: Use after free in Navigation.
|
||
- CVE-2021-21147: Inappropriate implementation in Skia
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 23 10:09:14 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 88.0.4324.96 bsc#1181137
|
||
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome
|
||
- CVE-2021-21118: Insufficient data validation in V8
|
||
- CVE-2021-21119: Use after free in Media
|
||
- CVE-2021-21120: Use after free in WebSQL
|
||
- CVE-2021-21121: Use after free in Omnibox
|
||
- CVE-2021-21122: Use after free in Blink
|
||
- CVE-2021-21123: Insufficient data validation in File System API
|
||
- CVE-2021-21124: Potential user after free in Speech Recognizer
|
||
- CVE-2021-21125: Insufficient policy enforcement in File System API
|
||
- CVE-2020-16044: Use after free in WebRTC
|
||
- CVE-2021-21126: Insufficient policy enforcement in extensions
|
||
- CVE-2021-21127: Insufficient policy enforcement in extensions
|
||
- CVE-2021-21128: Heap buffer overflow in Blink
|
||
- CVE-2021-21129: Insufficient policy enforcement in File System API
|
||
- CVE-2021-21130: Insufficient policy enforcement in File System API
|
||
- CVE-2021-21131: Insufficient policy enforcement in File System API
|
||
- CVE-2021-21132: Inappropriate implementation in DevTools
|
||
- CVE-2021-21133: Insufficient policy enforcement in Downloads
|
||
- CVE-2021-21134: Incorrect security UI in Page Info
|
||
- CVE-2021-21135: Inappropriate implementation in Performance API
|
||
- CVE-2021-21136: Insufficient policy enforcement in WebView
|
||
- CVE-2021-21137: Inappropriate implementation in DevTools
|
||
- CVE-2021-21138: Use after free in DevTools
|
||
- CVE-2021-21139: Inappropriate implementation in iframe sandbox
|
||
- CVE-2021-21140: Uninitialized Use in USB
|
||
- CVE-2021-21141: Insufficient policy enforcement in File System API
|
||
- Added patches:
|
||
- chromium-88-compiler.patch
|
||
- chromium-88-ozone-deps.patch
|
||
- chromium-88-ityp-include.patch
|
||
- chromium-88-AXTreeFormatter-include.patch
|
||
- chromium-88-BookmarkModelObserver-include.patch
|
||
- chromium-88-federated_learning-include.patch
|
||
- chromium-88-ideographicSpaceCharacter.patch
|
||
- chromium-88-StringPool-include.patch
|
||
- chromium-88-dawn-static.patch
|
||
- chromium-88-CompositorFrameReporter-dcheck.patch
|
||
- Removed patches:
|
||
- gpu-timeout.patch
|
||
- chromium-87-compiler.patch
|
||
- chromium-87-ServiceWorkerContainerHost-crash.patch
|
||
- chromium-87-ozone-deps.patch
|
||
- chromium-87-v8-icu68.patch
|
||
- chromium-87-icu68.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 16 11:40:43 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Remove C++ only flags from CFLAGS
|
||
- Update chromium-gcc11.patch
|
||
- Comply with new Google API key rules for Derivatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 7 08:59:35 UTC 2021 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Update to 87.0.4280.141 bsc#1180645
|
||
- CVE-2021-21106: Use after free in autofill
|
||
- CVE-2021-21107: Use after free in drag and drop
|
||
- CVE-2021-21108: Use after free in media
|
||
- CVE-2021-21109: Use after free in payments
|
||
- CVE-2021-21110: Use after free in safe browsing
|
||
- CVE-2021-21111: Insufficient policy enforcement in WebUI
|
||
- CVE-2021-21112: Use after free in Blink
|
||
- CVE-2021-21113: Heap buffer overflow in Skia
|
||
- CVE-2020-16043: Insufficient data validation in networking
|
||
- CVE-2021-21114: Use after free in audio
|
||
- CVE-2020-15995: Out of bounds write in V8
|
||
- CVE-2021-21115: Use after free in safe browsing
|
||
- CVE-2021-21116: Heap buffer overflow in audio
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 20 17:27:47 UTC 2020 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Use main URLs instead of redirects in master preferences
|
||
- Remove useless %post and %postun
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 4 15:24:58 UTC 2020 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Added patches:
|
||
- chromium-87-icu68.patch
|
||
- chromium-87-v8-icu68.patch
|
||
- Update to 87.0.4280.88 bsc#1179576
|
||
- CVE-2020-16037: Use after free in clipboard
|
||
- CVE-2020-16038: Use after free in media
|
||
- CVE-2020-16039: Use after free in extensions
|
||
- CVE-2020-16040: Insufficient data validation in V8
|
||
- CVE-2020-16041: Out of bounds read in networking
|
||
- CVE-2020-16042: Uninitialized Use in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 28 16:29:53 UTC 2020 - Callum Farmer <gmbr3@opensuse.org>
|
||
|
||
- Remove erroneous call to ldconfig which causes Firefox crashes (boo#1179298)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 19 21:17:10 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Added patches:
|
||
- chromium-gcc11.patch
|
||
- chromium-86-fix-vaapi-on-intel.patch
|
||
- chromium-87-compiler.patch
|
||
- chromium-87-CursorFactory-include.patch
|
||
- chromium-87-openscreen-include.patch
|
||
- chromium-87-ozone-deps.patch
|
||
- chromium-87-ServiceWorkerContainerHost-crash.patch
|
||
- chromium-87-webcodecs-deps.patch
|
||
- chromium-88-vaapi-attribute.patch
|
||
- chromium-lp152-missing-includes.patch
|
||
- Removed patches:
|
||
- chromium-86-ServiceWorkerRunningInfo-noexcept.patch
|
||
- chromium-86-compiler.patch
|
||
- fix-invalid-end-iterator-usage-in-CookieMonster.patch
|
||
- old-libva.patch
|
||
- Update to 87.0.4280.66 bsc#1178923
|
||
- Wayland support by default
|
||
- CVE-2020-16018: Use after free in payments.
|
||
- CVE-2020-16019: Inappropriate implementation in filesystem.
|
||
- CVE-2020-16020: Inappropriate implementation in cryptohome.
|
||
- CVE-2020-16021: Race in ImageBurner.
|
||
- CVE-2020-16022: Insufficient policy enforcement in networking.
|
||
- CVE-2020-16015: Insufficient data validation in WASM. R
|
||
- CVE-2020-16014: Use after free in PPAPI.
|
||
- CVE-2020-16023: Use after free in WebCodecs.
|
||
- CVE-2020-16024: Heap buffer overflow in UI.
|
||
- CVE-2020-16025: Heap buffer overflow in clipboard.
|
||
- CVE-2020-16026: Use after free in WebRTC.
|
||
- CVE-2020-16027: Insufficient policy enforcement in developer tools. R
|
||
- CVE-2020-16028: Heap buffer overflow in WebRTC.
|
||
- CVE-2020-16029: Inappropriate implementation in PDFium.
|
||
- CVE-2020-16030: Insufficient data validation in Blink.
|
||
- CVE-2019-8075: Insufficient data validation in Flash.
|
||
- CVE-2020-16031: Incorrect security UI in tab preview.
|
||
- CVE-2020-16032: Incorrect security UI in sharing.
|
||
- CVE-2020-16033: Incorrect security UI in WebUSB.
|
||
- CVE-2020-16034: Inappropriate implementation in WebRTC.
|
||
- CVE-2020-16035: Insufficient data validation in cros-disks.
|
||
- CVE-2020-16012: Side-channel information leakage in graphics.
|
||
- CVE-2020-16036: Inappropriate implementation in cookies.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 12 08:44:47 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Update to 86.0.4240.198 bsc#1178703
|
||
- CVE-2020-16013: Inappropriate implementation in V8
|
||
- CVE-2020-16017: Use after free in site isolation
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 11 14:21:25 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Update to 86.0.4240.193 bsc#1178630
|
||
- CVE-2020-16016: Inappropriate implementation in base.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 3 09:37:03 UTC 2020 - Callum Farmer <callumjfarmer13@gmail.com>
|
||
|
||
- Update to 86.0.4240.183 bsc#1178375
|
||
- CVE-2020-16004: Use after free in user interface.
|
||
- CVE-2020-16005: Insufficient policy enforcement in ANGLE.
|
||
- CVE-2020-16006: Inappropriate implementation in V8
|
||
- CVE-2020-16007: Insufficient data validation in installer.
|
||
- CVE-2020-16008: Stack buffer overflow in WebRTC.
|
||
- CVE-2020-16009: Inappropriate implementation in V8.
|
||
- CVE-2020-16011: Heap buffer overflow in UI on Windows.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 22 06:06:13 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||
|
||
- Update to 86.0.4240.111 bsc#1177936
|
||
- CVE-2020-16000: Inappropriate implementation in Blink.
|
||
- CVE-2020-16001: Use after free in media.
|
||
- CVE-2020-16002: Use after free in PDFium.
|
||
- CVE-2020-15999: Heap buffer overflow in Freetype.
|
||
- CVE-2020-16003: Use after free in printing.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 19 12:27:04 UTC 2020 - Marcus Meissner <meissner@suse.com>
|
||
|
||
- chromium-86-f_seal.patch: F_SEAL* definitions added for leap 15.1 and 15.2
|
||
- replace one missed g++-9 by g++-10 for leap 15.1/15.2
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 14 11:37:13 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Remove vdpau->vaapi bridge as it breaks a lot:
|
||
(fixes welcome by someone else than me)
|
||
* chromium-vaapi-fix.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 14 11:36:22 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Fix cookiemonster:
|
||
* fix-invalid-end-iterator-usage-in-CookieMonster.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 14 11:06:57 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 86.0.4240.75 bsc#1177408:
|
||
* CVE-2020-15967: Use after free in payments.
|
||
* CVE-2020-15968: Use after free in Blink.
|
||
* CVE-2020-15969: Use after free in WebRTC.
|
||
* CVE-2020-15970: Use after free in NFC.
|
||
* CVE-2020-15971: Use after free in printing.
|
||
* CVE-2020-15972: Use after free in audio.
|
||
* CVE-2020-15990: Use after free in autofill.
|
||
* CVE-2020-15991: Use after free in password manager.
|
||
* CVE-2020-15973: Insufficient policy enforcement in extensions.
|
||
* CVE-2020-15974: Integer overflow in Blink.
|
||
* CVE-2020-15975: Integer overflow in SwiftShader.
|
||
* CVE-2020-15976: Use after free in WebXR.
|
||
* CVE-2020-6557: Inappropriate implementation in networking.
|
||
* CVE-2020-15977: Insufficient data validation in dialogs.
|
||
* CVE-2020-15978: Insufficient data validation in navigation.
|
||
* CVE-2020-15979: Inappropriate implementation in V8.
|
||
* CVE-2020-15980: Insufficient policy enforcement in Intents.
|
||
* CVE-2020-15981: Out of bounds read in audio.
|
||
* CVE-2020-15982: Side-channel information leakage in cache.
|
||
* CVE-2020-15983: Insufficient data validation in webUI.
|
||
* CVE-2020-15984: Insufficient policy enforcement in Omnibox.
|
||
* CVE-2020-15985: Inappropriate implementation in Blink.
|
||
* CVE-2020-15986: Integer overflow in media.
|
||
* CVE-2020-15987: Use after free in WebRTC.
|
||
* CVE-2020-15992: Insufficient policy enforcement in networking.
|
||
* CVE-2020-15988: Insufficient policy enforcement in downloads.
|
||
* CVE-2020-15989: Uninitialized Use in PDFium.
|
||
- Add patches:
|
||
* chromium-78-protobuf-RepeatedPtrField-export.patch
|
||
* chromium-79-gcc-protobuf-alignas.patch
|
||
* chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
|
||
* chromium-86-ConsumeDurationNumber-constexpr.patch
|
||
* chromium-86-ImageMemoryBarrierData-init.patch
|
||
* chromium-86-ServiceWorkerRunningInfo-noexcept.patch
|
||
* chromium-86-compiler.patch
|
||
* chromium-86-nearby-explicit.patch
|
||
* chromium-86-nearby-include.patch
|
||
- Remove patches:
|
||
* chromium-79-gcc-alignas.patch
|
||
* chromium-80-gcc-quiche.patch
|
||
* chromium-82-gcc-constexpr.patch
|
||
* chromium-83-gcc-10.patch
|
||
* chromium-84-gcc-include.patch
|
||
* chromium-84-mediaalloc.patch
|
||
* chromium-85-DelayNode-cast.patch
|
||
* chromium-85-FrameWidget-namespace.patch
|
||
* chromium-85-NearbyConnection-abstract.patch
|
||
* chromium-85-NearbyShareEncryptedMetadataKey-include.patch
|
||
* chromium-85-oscillator_node-cast.patch
|
||
* chromium-85-ostream-operator.patch
|
||
* chromium-85-ozone-include.patch
|
||
* chromium-85-sim_hash-include.patch
|
||
* chromium-blink-gcc-diagnostic-pragma.patch
|
||
* chromium-dma-buf.patch
|
||
* chromium-drm.patch
|
||
* chromium-quiche-invalid-offsetof.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 10 17:05:01 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- build with system libevent, the gn bug is no longer present
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 23 08:38:34 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Remove TOC files to avoid warning in post and fix angle conditional
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 22 12:28:43 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 85.0.4183.121 bsc#1176791:
|
||
* CVE-2020-15960: Out of bounds read in storage
|
||
* CVE-2020-15961: Insufficient policy enforcement in extensions
|
||
* CVE-2020-15962: Insufficient policy enforcement in serial
|
||
* CVE-2020-15963: Insufficient policy enforcement in extensions
|
||
* CVE-2020-15965: Out of bounds write in V8
|
||
* CVE-2020-15966: Insufficient policy enforcement in extensions
|
||
* CVE-2020-15964: Insufficient data validation in media
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 15 08:38:18 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- The egl stuff is from angle not swiftshader, thanks Fedora
|
||
bsc#1176450
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 12 17:01:53 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add back the swiftshader folder wrt bsc#1176450
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 9 06:36:04 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update 85.0.4183.102 bsc#1176306:
|
||
* CVE-2020-6573: Use after free in video.
|
||
* CVE-2020-6574: Insufficient policy enforcement in installer.
|
||
* CVE-2020-6575: Race in Mojo.
|
||
* CVE-2020-6576: Use after free in offscreen canvas.
|
||
* CVE-2020-15959: Insufficient policy enforcement in networking.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 8 06:53:23 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Move swiftshader stuff to chromium folder directly bsc#1176207
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 1 10:15:44 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Really update to .83 we accidentally included .69 beta release
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 28 07:21:04 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch trying to compile with old libdrm on Leap 15.1:
|
||
* chromium-lp151-old-drm.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 27 08:27:42 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Version update to 85.0.4183.83 bsc#1175757
|
||
* CVE-2020-6558: Insufficient policy enforcement in iOS
|
||
* CVE-2020-6559: Use after free in presentation API
|
||
* CVE-2020-6560: Insufficient policy enforcement in autofill
|
||
* CVE-2020-6561: Inappropriate implementation in Content Security Policy
|
||
* CVE-2020-6562: Insufficient policy enforcement in Blink
|
||
* CVE-2020-6563: Insufficient policy enforcement in intent handling.
|
||
* CVE-2020-6564: Incorrect security UI in permissions
|
||
* CVE-2020-6565: Incorrect security UI in Omnibox.
|
||
* CVE-2020-6566: Insufficient policy enforcement in media.
|
||
* CVE-2020-6567: Insufficient validation of untrusted input in command line handling.
|
||
* CVE-2020-6568: Insufficient policy enforcement in intent handling.
|
||
* CVE-2020-6569: Integer overflow in WebUSB.
|
||
* CVE-2020-6570: Side-channel information leakage in WebRTC.
|
||
* CVE-2020-6571: Incorrect security UI in Omnibox.
|
||
- Use bundled vpx everywhere again as it fails to compile against
|
||
system version
|
||
- Added patches:
|
||
* chromium-85-DelayNode-cast.patch
|
||
* chromium-85-FrameWidget-namespace.patch
|
||
* chromium-85-NearbyConnection-abstract.patch
|
||
* chromium-85-NearbyShareEncryptedMetadataKey-include.patch
|
||
* chromium-85-oscillator_node-cast.patch
|
||
* chromium-85-ostream-operator.patch
|
||
* chromium-85-ozone-include.patch
|
||
* chromium-85-sim_hash-include.patch
|
||
- Removed patches:
|
||
* chromium-82-gcc-template.patch
|
||
* chromium-84-AXObject-stl-iterator.patch
|
||
* chromium-84-FilePath-add-noexcept.patch
|
||
* chromium-84-base-has_bultin.patch
|
||
* chromium-84-fix-decltype.patch
|
||
* chromium-84-gcc-DOMRect-constexpr.patch
|
||
* chromium-84-gcc-noexcept.patch
|
||
* chromium-84-gcc-template.patch
|
||
* chromium-84-gcc-unique_ptr.patch
|
||
* chromium-84-gcc-use-brace-initializer.patch
|
||
* chromium-84-nss-include.patch
|
||
* chromium-84-ozone-include.patch
|
||
* chromium-84-revert-manage-ManifestManagerHost-per-document.patch
|
||
* chromium-84-std-vector-const.patch
|
||
* chromium-clang_lto_visibility_public.patch
|
||
- Updated patches:
|
||
* chromium-83-gcc-10.patch
|
||
* chromium-84-gcc-include.patch
|
||
* chromium-prop-codecs.patch
|
||
* gcc-enable-lto.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 27 06:36:50 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Do not use libexec as we use /usr/lib as a target folder
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 21 08:12:26 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Fix the build by removing expectation of llvm-7.0
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 20 07:29:42 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 84.0.4147.135 (bsc#1175505):
|
||
* CVE-2020-6556: Heap buffer overflow in SwiftShader
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 12 12:00:41 UTC 2020 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Add chromium-disable-parallel-gold.patch in order to disable
|
||
broken parallel ld.gold with LTO.
|
||
- Enable again LTO for x86_64 and increase memory constraints.
|
||
- Use parallel WPA streaming, we will easily fit into memory constraints.
|
||
- Remove memory_constrain hack for LTO.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 10 22:06:22 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Chromium 84.0.4147.125 (boo#1175085)
|
||
* CVE-2020-6542: Use after free in ANGLE
|
||
* CVE-2020-6543: Use after free in task scheduling
|
||
* CVE-2020-6544: Use after free in media
|
||
* CVE-2020-6545: Use after free in audio
|
||
* CVE-2020-6546: Inappropriate implementation in installer
|
||
* CVE-2020-6547: Incorrect security UI in media
|
||
* CVE-2020-6548: Heap buffer overflow in Skia
|
||
* CVE-2020-6549: Use after free in media
|
||
* CVE-2020-6550: Use after free in IndexedDB
|
||
* CVE-2020-6551: Use after free in WebXR
|
||
* CVE-2020-6552: Use after free in Blink
|
||
* CVE-2020-6553: Use after free in offline mode
|
||
* CVE-2020-6554: Use after free in extensions
|
||
* CVE-2020-6555: Out of bounds read in WebGL
|
||
* Various fixes from internal audits, fuzzing and other
|
||
initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 10 10:50:11 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Disable wayland everywhere as it breaks headless and
|
||
middle mouse copy everywhere:
|
||
bsc#1174497 bsc#1175044
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 3 17:48:18 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Update to 84.0.4147.105 (boo#1174582):
|
||
* CVE-2020-6537: Type Confusion in V8
|
||
* CVE-2020-6538: Inappropriate implementation in WebView
|
||
* CVE-2020-6532: Use after free in SCTP
|
||
* CVE-2020-6539: Use after free in CSS
|
||
* CVE-2020-6540: Heap buffer overflow in Skia
|
||
* CVE-2020-6541: Use after free in WebUSB
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jul 17 07:00:20 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Try to fix non-wayland build for Leap builds
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 16 11:33:24 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 84.0.4147.89 bsc#1174189:
|
||
* Critical CVE-2020-6510: Heap buffer overflow in background fetch.
|
||
* High CVE-2020-6511: Side-channel information leakage in content security policy.
|
||
* High CVE-2020-6512: Type Confusion in V8.
|
||
* High CVE-2020-6513: Heap buffer overflow in PDFium.
|
||
* High CVE-2020-6514: Inappropriate implementation in WebRTC.
|
||
* High CVE-2020-6515: Use after free in tab strip.
|
||
* High CVE-2020-6516: Policy bypass in CORS.
|
||
* High CVE-2020-6517: Heap buffer overflow in history.
|
||
* Medium CVE-2020-6518: Use after free in developer tools.
|
||
* Medium CVE-2020-6519: Policy bypass in CSP.
|
||
* Medium CVE-2020-6520: Heap buffer overflow in Skia.
|
||
* Medium CVE-2020-6521: Side-channel information leakage in autofill.
|
||
* Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers.
|
||
* Medium CVE-2020-6523: Out of bounds write in Skia.
|
||
* Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
|
||
* Medium CVE-2020-6525: Heap buffer overflow in Skia.
|
||
* Low CVE-2020-6526: Inappropriate implementation in iframe sandbox.
|
||
* Low CVE-2020-6527: Insufficient policy enforcement in CSP.
|
||
* Low CVE-2020-6528: Incorrect security UI in basic auth.
|
||
* Low CVE-2020-6529: Inappropriate implementation in WebRTC.
|
||
* Low CVE-2020-6530: Out of bounds memory access in developer tools.
|
||
* Low CVE-2020-6531: Side-channel information leakage in scroll to text.
|
||
* Low CVE-2020-6533: Type Confusion in V8.
|
||
* Low CVE-2020-6534: Heap buffer overflow in WebRTC.
|
||
* Low CVE-2020-6535: Insufficient data validation in WebUI.
|
||
* Low CVE-2020-6536: Incorrect security UI in PWAs.
|
||
- Use bundled xcb-proto as we need to generate py2 bindings
|
||
- Add new patches:
|
||
* chromium-84-AXObject-stl-iterator.patch
|
||
* chromium-84-FilePath-add-noexcept.patch
|
||
* chromium-84-base-has_bultin.patch
|
||
* chromium-84-blink-disable-clang-format.patch
|
||
* chromium-84-fix-decltype.patch
|
||
* chromium-84-gcc-DOMRect-constexpr.patch
|
||
* chromium-84-gcc-include.patch
|
||
* chromium-84-gcc-noexcept.patch
|
||
* chromium-84-gcc-template.patch
|
||
* chromium-84-gcc-unique_ptr.patch
|
||
* chromium-84-gcc-use-brace-initializer.patch
|
||
* chromium-84-nss-include.patch
|
||
* chromium-84-ozone-include.patch
|
||
* chromium-84-revert-manage-ManifestManagerHost-per-document.patch
|
||
* chromium-84-std-vector-const.patch
|
||
* chromium-84.0.4147.89.tar.xz
|
||
* chromium-blink-gcc-diagnostic-pragma.patch
|
||
* chromium-clang_lto_visibility_public.patch
|
||
* chromium-quiche-invalid-offsetof.patch
|
||
* system-libdrm.patch
|
||
- Remove no longer needed patches:
|
||
* chromium-81-re2-0.2020.05.01.patch
|
||
* chromium-82-gcc-incomplete-type.patch
|
||
* chromium-82-gcc-iterator.patch
|
||
* chromium-82-gcc-noexcept.patch
|
||
* chromium-83-gcc-include.patch
|
||
* chromium-83-gcc-iterator.patch
|
||
* chromium-83-gcc-permissive.patch
|
||
* chromium-83-gcc-serviceworker.patch
|
||
* chromium-83-gcc-template.patch
|
||
* chromium-83-icu67.patch
|
||
* chromium-83.0.4103.97-skia-gcc-no_sanitize-fixes.patch
|
||
* chromium-dev-shm.patch
|
||
- Rebase and update patches:
|
||
* build-with-pipewire-0.3.patch
|
||
* chromium-83-gcc-10.patch
|
||
* chromium-84-mediaalloc.patch
|
||
* chromium-norar.patch
|
||
* chromium-vaapi-fix.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 28 02:27:12 UTC 2020 - Atri Bhattacharya <badshah400@gmail.com>
|
||
|
||
- Refresh build-with-pipewire-0.3.patch to mirror similar patch
|
||
by Fedora for Firefox; screen-capture wasn't actually working
|
||
with the previous version of the patch.
|
||
- Add BuildRequires: pkgconfig(libspa-2.0) when building with
|
||
pipewire support to guard against potential package splitting
|
||
off of pipewire-spa-devel from pipewire-devel.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 25 07:12:24 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Disable the LTO again as it still OOMs quite often
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 24 07:40:07 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to work with new ffmpeg wrt bsc#1173292:
|
||
* chromium-84-mediaalloc.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 23 14:20:46 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add multimedia fix for disabled location and also try one
|
||
additional patch from Debian on the same issue bsc#1173107
|
||
Update patch:
|
||
* no-location-leap151.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 23 08:20:43 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch from Fedora to avoid attribute overrides in skia:
|
||
* chromium-83.0.4103.97-skia-gcc-no_sanitize-fixes.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 23 08:08:08 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to hopefully fix bsc#1173107:
|
||
* chromium-dev-shm.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 23 07:51:28 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 83.0.4103.116 bsc#1173251:
|
||
* CVE-2020-6509: Use after free in extensions
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 19 07:34:53 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Reduce constraints to say 20 GB disk space is enough
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 19 07:13:03 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Disable wayland integration on 15.x bsc#1173187 bsc#1173188
|
||
bsc#1173254
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 18 07:39:50 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Enforce to not use system borders bsc#1173063
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 17 08:32:06 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 83.0.4103.106 bsc#1173029:
|
||
* CVE-2020-6505: Use after free in speech
|
||
* CVE-2020-6506: Insufficient policy enforcement in WebView
|
||
* CVE-2020-6507: Out of bounds write in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 15 14:05:36 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Another attempt on the location handling for Leap 15.1:
|
||
* no-location-leap151.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 11 16:31:50 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Attempt to build with wayland/ozone enabled
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 11 12:14:32 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Enable more system libs on 15.2+
|
||
- Remove the chromium-83-gcc-location-revert.patch as it is wrong
|
||
approach to fix the problem
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 11 09:05:00 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update _constraints to match up LTO enablement
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 10 12:20:57 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- With GCC 10 released we should be able to enable LTO again
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 4 06:28:45 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 83.0.4103.97 bsc#1172496:
|
||
* CVE-2020-6493: Use after free in WebAuthentication.
|
||
* CVE-2020-6494: Incorrect security UI in payments.
|
||
* CVE-2020-6495: Insufficient policy enforcement in developer tools.
|
||
* CVE-2020-6496: Use after free in payments.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 28 09:18:05 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to not use bundled unrar:
|
||
* chromium-norar.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 28 08:59:02 UTC 2020 - Fabian Vogt <fvogt@suse.com>
|
||
|
||
- Amend chromium-prop-codecs.patch to allow proprietary_codecs
|
||
without building third_party/openh264
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 27 12:03:31 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add revert of location setting commit that broke build on
|
||
openSUSE Leap 15.1:
|
||
* chromium-83-gcc-location-revert.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 25 09:16:54 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Swtich to GCC 9.x on Leaps to avoid gcc bug exposed in gcc8
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 22 09:44:37 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to fix building with new re2:
|
||
* chromium-81-re2-0.2020.05.01.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 20 16:35:28 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Update _constraints to avoid very slow builds seen on obs-arm-4
|
||
(probably due to swap)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 20 09:35:32 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 83.0.4103.61 bsc#1171910:
|
||
* CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21
|
||
* CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
|
||
* CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
|
||
* CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
|
||
* CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
|
||
* CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30
|
||
* CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
|
||
* CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
|
||
* CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
|
||
* CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
|
||
* CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
|
||
* CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
|
||
* CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
|
||
* CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
|
||
* CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
|
||
* CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
|
||
* CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
|
||
* CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
|
||
* CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
|
||
* CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
|
||
* CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
|
||
* CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
|
||
* CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06
|
||
* CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21
|
||
* CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa (Ophir LOJKINE) on 2020-02-10
|
||
* CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19
|
||
* CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07
|
||
- Rebase patch:
|
||
* chromium-vaapi.patch
|
||
- Remove merged patches:
|
||
* icu-v67.patch
|
||
* chromium-80-gcc-blink.patch
|
||
* chromium-80.0.3987.106-missing-cstddef-header.patch
|
||
* chromium-80.0.3987.87-missing-cstdint-header.patch
|
||
* chromium-80.0.3987.87-missing-string-header.patch
|
||
* chromium-81-gcc-constexpr.patch
|
||
* chromium-81-gcc-noexcept.patch
|
||
* chromium-old-glibc-noexcept.patch
|
||
* fix-vaapi-with-glx.patch
|
||
- Add new patches:
|
||
* chromium-82-gcc-constexpr.patch
|
||
* chromium-82-gcc-incomplete-type.patch
|
||
* chromium-82-gcc-iterator.patch
|
||
* chromium-82-gcc-noexcept.patch
|
||
* chromium-82-gcc-template.patch
|
||
* chromium-83-gcc-10.patch
|
||
* chromium-83-gcc-include.patch
|
||
* chromium-83-gcc-iterator.patch
|
||
* chromium-83-gcc-permissive.patch
|
||
* chromium-83-gcc-serviceworker.patch
|
||
* chromium-83-gcc-template.patch
|
||
* chromium-83-icu67.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 6 07:53:39 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- update to 81.0.4044.138 bsc#1171247:
|
||
* CVE-2020-6831: Stack buffer overflow in SCTP
|
||
* CVE-2020-6464: Type Confusion in Blink.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 5 07:39:22 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
|
||
|
||
- Add icu-v67.patch from upstream to fix build with icu v67
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 29 06:53:20 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- update to 81.0.4044.129 (boo#1170707):
|
||
* CVE-2020-0561: Use after free in storage
|
||
* CVE-2020-6462: Use after free in task scheduling
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 28 09:05:34 UTC 2020 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Add chromium-80.0.3987.87-missing-cstdint-header.patch,
|
||
chromium-80.0.3987.87-missing-string-header.patch and
|
||
chromium-80.0.3987.106-missing-cstddef-header.patch
|
||
in order to fix build with GCC 10.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 21 23:24:11 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Update to 81.0.4044.122 (boo#1170107 bsc#1171975):
|
||
* CVE-2020-6459: Use after free in payments
|
||
* CVE-2020-6460: Insufficient data validation in URL formatting
|
||
* CVE-2020-6458: Out of bounds read and write in PDFium
|
||
* CVE-2020-6463: Use after free in ANGLE
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 17 08:12:35 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 81.0.4044.113 bsc#1169729:
|
||
* CVE-2020-6457: Use after free in speech recognizer
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 14 13:38:06 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Try to use system version of xdg-utils
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 8 08:41:17 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 81.0.4044.92 bsc#1168911:
|
||
* CVE-2020-6454: Use after free in extensions
|
||
* CVE-2020-6423: Use after free in audio
|
||
* CVE-2020-6455: Out of bounds read in WebSQL
|
||
* CVE-2020-6430: Type Confusion in V8
|
||
* CVE-2020-6456: Insufficient validation of untrusted input in clipboard
|
||
* CVE-2020-6431: Insufficient policy enforcement in full screen
|
||
* CVE-2020-6432: Insufficient policy enforcement in navigations
|
||
* CVE-2020-6433: Insufficient policy enforcement in extensions
|
||
* CVE-2020-6434: Use after free in devtools
|
||
* CVE-2020-6435: Insufficient policy enforcement in extensions
|
||
* CVE-2020-6436: Use after free in window management
|
||
* CVE-2020-6437: Inappropriate implementation in WebView
|
||
* CVE-2020-6438: Insufficient policy enforcement in extensions
|
||
* CVE-2020-6439: Insufficient policy enforcement in navigations
|
||
* CVE-2020-6440: Inappropriate implementation in extensions
|
||
* CVE-2020-6441: Insufficient policy enforcement in omnibox
|
||
* CVE-2020-6442: Inappropriate implementation in cache
|
||
* CVE-2020-6443: Insufficient data validation in developer tools
|
||
* CVE-2020-6444: Uninitialized Use in WebRTC
|
||
* CVE-2020-6445: Insufficient policy enforcement in trusted types
|
||
* CVE-2020-6446: Insufficient policy enforcement in trusted types
|
||
* CVE-2020-6447: Inappropriate implementation in developer tools
|
||
* CVE-2020-6448: Use after free in V8
|
||
- Add new patches:
|
||
* chromium-81-gcc-constexpr.patch
|
||
* chromium-81-gcc-noexcept.patch
|
||
* fix-vaapi-with-glx.patch
|
||
- Remove no longer needed patches:
|
||
* chromium-80-gcc-abstract.patch
|
||
* chromium-80-gcc-incomplete-type.patch
|
||
* chromium-80-gcc-permissive.patch
|
||
* chromium-80-include.patch
|
||
* chromium-80-unbundle-libxml.patch
|
||
* chromium-missing-cstddef-header.patch
|
||
* chromium-missing-cstdint-header.patch
|
||
* chromium-missing-cstring-header.patch
|
||
* chromium-missing-cstring-header2.patch
|
||
* chromium-system-icu.patch
|
||
* chromium-unbundle-zlib.patch
|
||
* webrtc-pulse.patch
|
||
- Rebase patches:
|
||
* build-with-pipewire-0.3.patch
|
||
* chromium-vaapi-fix.patch
|
||
* chromium-vaapi.patch
|
||
* gpu-timeout.patch
|
||
* old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 2 09:21:02 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 80.0.3987.162 bsc#1168421:
|
||
* CVE-2020-6450: Use after free in WebAudio.
|
||
* CVE-2020-6451: Use after free in WebAudio.
|
||
* CVE-2020-6452: Heap buffer overflow in media.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 29 08:29:41 UTC 2020 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Rebase build-with-pipewire-0.3.patch in order to fix
|
||
patch collision.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 28 18:41:02 UTC 2020 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Add chromium-missing-cstdint-header.patch,
|
||
chromium-missing-cstring-header.patch,
|
||
chromium-missing-cstring-header2.patch and
|
||
chromium-missing-cstddef-header.patch in order to fix boo#1167465.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 27 11:48:36 UTC 2020 - Stasiek Michalski <stasiek@michalski.cc>
|
||
|
||
- Use a symbolic icon for GNOME
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 23 16:49:16 UTC 2020 - Antonio Larrosa <alarrosa@suse.com>
|
||
|
||
- Add patch to allow building with pipewire 0.3:
|
||
* build-with-pipewire-0.3.patch
|
||
- Use pipewire in Leap 15.2
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 19 11:13:24 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 80.0.3987.149:
|
||
* High CVE-2020-6422: Use after free in WebGL.
|
||
* High CVE-2020-6424: Use after free in media.
|
||
* High CVE-2020-6425: Insufficient policy enforcement in extensions.
|
||
* High CVE-2020-6426: Inappropriate implementation in V8.
|
||
* High CVE-2020-6427: Use after free in audio.
|
||
* High CVE-2020-6428: Use after free in audio.
|
||
* High CVE-2020-6429: Use after free in audio.
|
||
* High CVE-2019-20503: Out of bounds read in usersctplib.
|
||
* High CVE-2020-6449: Use after free in audio.
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 14 09:18:06 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Do not pull in python deps except interpreter, the bundles
|
||
are patched anwyays
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 5 18:15:45 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 80.0.3987.132 bsc#1165826:
|
||
* CVE-2020-6420: Insufficient policy enforcement in media.
|
||
* Various fixes from internal audits, fuzzing and other initiatives [2].
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 3 16:45:10 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch trying to fix pulse audio issues with webrtc:
|
||
* webrtc-pulse.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 25 12:25:51 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 80.0.3987.122 bsc#1164828:
|
||
* CVE-2020-6418: Type confusion in V8
|
||
* CVE-2020-6407: Out of bounds memory access in streams.
|
||
* Integer overflow in ICU
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 17 12:18:23 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add chromedriver binary to bindir
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 13 14:51:34 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Drop sandbox binary as it should not be needed really bsc#1163588
|
||
- Remove unused patch:
|
||
* chromium-sandbox-pie.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 12 13:16:28 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 80.0.3987.100 bsc#1163484:
|
||
* feature fixes only
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 5 13:04:03 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 80.0.3987.87 bsc#1162833:
|
||
* CVE-2020-6381: Integer overflow in JavaScript
|
||
* CVE-2020-6382: Type Confusion in JavaScript
|
||
* CVE-2019-18197: Multiple vulnerabilities in XML
|
||
* CVE-2019-19926: Inappropriate implementation in SQLite
|
||
* CVE-2020-6385: Insufficient policy enforcement in storage
|
||
* CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
|
||
* CVE-2020-6387: Out of bounds write in WebRTC
|
||
* CVE-2020-6388: Out of bounds memory access in WebAudio
|
||
* CVE-2020-6389: Out of bounds write in WebRTC
|
||
* CVE-2020-6390: Out of bounds memory access in streams
|
||
* CVE-2020-6391: Insufficient validation of untrusted input in Blink
|
||
* CVE-2020-6392: Insufficient policy enforcement in extensions
|
||
* CVE-2020-6393: Insufficient policy enforcement in Blink
|
||
* CVE-2020-6394: Insufficient policy enforcement in Blink
|
||
* CVE-2020-6395: Out of bounds read in JavaScript
|
||
* CVE-2020-6396: Inappropriate implementation in Skia
|
||
* CVE-2020-6397: Incorrect security UI in sharing
|
||
* CVE-2020-6398: Uninitialized use in PDFium
|
||
* CVE-2020-6399: Insufficient policy enforcement in AppCache
|
||
* CVE-2020-6400: Inappropriate implementation in CORS
|
||
* CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
|
||
* CVE-2020-6402: Insufficient policy enforcement in downloads
|
||
* CVE-2020-6403: Incorrect security UI in Omnibox
|
||
* CVE-2020-6404: Inappropriate implementation in Blink
|
||
* CVE-2020-6405: Out of bounds read in SQLite
|
||
* CVE-2020-6406: Use after free in audio
|
||
* CVE-2019-19923: Out of bounds memory access in SQLite
|
||
* CVE-2020-6408: Insufficient policy enforcement in CORS
|
||
* CVE-2020-6409: Inappropriate implementation in Omnibox
|
||
* CVE-2020-6410: Insufficient policy enforcement in navigation
|
||
* CVE-2020-6411: Insufficient validation of untrusted input in Omnibox
|
||
* CVE-2020-6412: Insufficient validation of untrusted input in Omnibox
|
||
* CVE-2020-6413: Inappropriate implementation in Blink
|
||
* CVE-2020-6414: Insufficient policy enforcement in Safe Browsing
|
||
* CVE-2020-6415: Inappropriate implementation in JavaScript
|
||
* CVE-2020-6416: Insufficient data validation in streams
|
||
* CVE-2020-6417: Inappropriate implementation in installer
|
||
- Disable lto for now as it consumes >16GB ram
|
||
- Added patches:
|
||
* chromium-80-gcc-abstract.patch
|
||
* chromium-80-gcc-blink.patch
|
||
* chromium-80-gcc-incomplete-type.patch
|
||
* chromium-80-gcc-permissive.patch
|
||
* chromium-80-gcc-quiche.patch
|
||
* chromium-80-include.patch
|
||
* chromium-80-unbundle-libxml.patch
|
||
* chromium-80.0.3987.87.tar.xz
|
||
* chromium-fix-char_traits.patch
|
||
* gpu-timeout.patch
|
||
- Removed patches:
|
||
* chromium-79-gcc-ambiguous-nodestructor.patch
|
||
* chromium-79-gcc-name-clash.patch
|
||
* chromium-79-gcc-permissive.patch
|
||
* chromium-79-icu-65.patch
|
||
* chromium-79-include.patch
|
||
* chromium-79-system-hb.patch
|
||
- Rebased patches:
|
||
* chromium-old-glibc-noexcept.patch
|
||
* chromium-vaapi-fix.patch
|
||
* chromium-vaapi.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 18 20:04:05 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Update to 79.0.3945.130 boo#1161252:
|
||
* CVE-2020-6378: Use-after-free in speech recognizer
|
||
* CVE-2020-6379: Use-after-free in speech recognizer
|
||
* CVE-2020-6380: Extension message verification error
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 8 07:48:01 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 79.0.3945.117 bsc#1160337:
|
||
* CVE-2020-6377: Use after free in audio
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 30 17:31:38 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
|
||
|
||
- Drop obsolete liboil BuildRequires.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 19 21:58:01 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- update to 79.0.3945.88:
|
||
* CVE-2019-13767: Use after free in media picker (boo#1159498)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 11 09:34:00 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 79.0.3945.79:
|
||
* CVE-2019-13725: Use after free in Bluetooth
|
||
* CVE-2019-13726: Heap buffer overflow in password manager
|
||
* CVE-2019-13727: Insufficient policy enforcement in WebSockets
|
||
* CVE-2019-13728: Out of bounds write in V8
|
||
* CVE-2019-13729: Use after free in WebSockets
|
||
* CVE-2019-13730: Type Confusion in V8
|
||
* CVE-2019-13732: Use after free in WebAudio
|
||
* CVE-2019-13734: Out of bounds write in SQLite
|
||
* CVE-2019-13735: Out of bounds write in V8
|
||
* CVE-2019-13764: Type Confusion in V8
|
||
* CVE-2019-13736: Integer overflow in PDFium
|
||
* CVE-2019-13737: Insufficient policy enforcement in autocomplete
|
||
* CVE-2019-13738: Insufficient policy enforcement in navigation
|
||
* CVE-2019-13739: Incorrect security UI in Omnibox
|
||
* CVE-2019-13740: Incorrect security UI in sharing
|
||
* CVE-2019-13741: Insufficient validation of untrusted input in Blink
|
||
* CVE-2019-13742: Incorrect security UI in Omnibox
|
||
* CVE-2019-13743: Incorrect security UI in external protocol handling
|
||
* CVE-2019-13744: Insufficient policy enforcement in cookies
|
||
* CVE-2019-13745: Insufficient policy enforcement in audio
|
||
* CVE-2019-13746: Insufficient policy enforcement in Omnibox
|
||
* CVE-2019-13747: Uninitialized Use in rendering
|
||
* CVE-2019-13748: Insufficient policy enforcement in developer tools
|
||
* CVE-2019-13749: Incorrect security UI in Omnibox
|
||
* CVE-2019-13750: Insufficient data validation in SQLite
|
||
* CVE-2019-13751: Uninitialized Use in SQLite
|
||
* CVE-2019-13752: Out of bounds read in SQLite
|
||
* CVE-2019-13753: Out of bounds read in SQLite
|
||
* CVE-2019-13754: Insufficient policy enforcement in extensions
|
||
* CVE-2019-13755: Insufficient policy enforcement in extensions
|
||
* CVE-2019-13756: Incorrect security UI in printing
|
||
* CVE-2019-13757: Incorrect security UI in Omnibox
|
||
* CVE-2019-13758: Insufficient policy enforcement in navigation
|
||
* CVE-2019-13759: Incorrect security UI in interstitials
|
||
* CVE-2019-13761: Incorrect security UI in Omnibox
|
||
* CVE-2019-13762: Insufficient policy enforcement in downloads
|
||
* CVE-2019-13763: Insufficient policy enforcement in payments
|
||
- Remove merged patches:
|
||
* chromium-77-clang.patch
|
||
* chromium-78-gcc-enum-range.patch
|
||
* chromium-78-gcc-noexcept.patch
|
||
* chromium-78-gcc-std-vector.patch
|
||
* chromium-78-icon.patch
|
||
* chromium-78-include.patch
|
||
* chromium-78-noexcept.patch
|
||
* chromium-78-pm-crash.patch
|
||
* chromium-78-protobuf-export.patch
|
||
- Add new patches:
|
||
* chromium-79-gcc-alignas.patch
|
||
* chromium-79-gcc-ambiguous-nodestructor.patch
|
||
* chromium-79-gcc-name-clash.patch
|
||
* chromium-79-gcc-permissive.patch
|
||
* chromium-79-include.patch
|
||
* chromium-79-system-hb.patch
|
||
- Rebase patches:
|
||
* chromium-dma-buf.patch
|
||
* chromium-old-glibc-noexcept.patch
|
||
* chromium-vaapi-fix.patch
|
||
* fix_building_widevinecdm_with_chromium.patch
|
||
* old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 20 10:51:40 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 78.0.3904.108 bsc#1157269:
|
||
* CVE-2019-13723: Use-after-free in Bluetooth
|
||
* CVE-2019-13724: Out-of-bounds access in Bluetooth
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 18 07:53:32 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Fix build on aarch64 with:
|
||
* chromium-79-icu-65.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 8 12:46:23 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Update to 78.0.3904.97 boo#1156172:
|
||
* Various security fixes from internal audits, fuzzing and other
|
||
initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 6 13:15:18 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Keep just one conditional for vaapi enablement
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 4 11:25:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add more magic for zlib handling for SLE12 build
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 4 10:30:40 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch trying to build on SLE12:
|
||
* chromium-old-glibc-noexcept.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 1 10:55:52 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 78.0.3904.87 bsc#1155643:
|
||
* CVE-2019-13721: Use-after-free in PDFium
|
||
* CVE-2019-13720: Use-after-free in audio
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 30 12:51:06 UTC 2019 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Enable LTO again with disabled parallel LTO WPA streaming.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 25 10:50:35 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Disable LTO for now as it consumes ~20GB of RAM, we will reenable
|
||
the feature later when some memory consumption fixes land in
|
||
GCC
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 24 12:43:15 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Adjust LDFLAGS settings for LTO to take memory-constraints into
|
||
consideration
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 23 12:53:22 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 78.0.3904.70 bsc#1154806:
|
||
* CVE-2019-13699: Use-after-free in media
|
||
* CVE-2019-13700: Buffer overrun in Blink
|
||
* CVE-2019-13701: URL spoof in navigation
|
||
* CVE-2019-13702: Privilege elevation in Installer
|
||
* CVE-2019-13703: URL bar spoofing
|
||
* CVE-2019-13704: CSP bypass
|
||
* CVE-2019-13705: Extension permission bypass
|
||
* CVE-2019-13706: Out-of-bounds read in PDFium
|
||
* CVE-2019-13707: File storage disclosure
|
||
* CVE-2019-13708: HTTP authentication spoof
|
||
* CVE-2019-13709: File download protection bypass
|
||
* CVE-2019-13710: File download protection bypass
|
||
* CVE-2019-13711: Cross-context information leak
|
||
* CVE-2019-15903: Buffer overflow in expat
|
||
* CVE-2019-13713: Cross-origin data leak
|
||
* CVE-2019-13714: CSS injection
|
||
* CVE-2019-13715: Address bar spoofing
|
||
* CVE-2019-13716: Service worker state error
|
||
* CVE-2019-13717: Notification obscured
|
||
* CVE-2019-13718: IDN spoof
|
||
* CVE-2019-13719: Notification obscured
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- Add patches:
|
||
* chromium-78-gcc-enum-range.patch
|
||
* chromium-78-gcc-noexcept.patch
|
||
* chromium-78-gcc-std-vector.patch
|
||
* chromium-78-icon.patch
|
||
* chromium-78-include.patch
|
||
* chromium-78-noexcept.patch
|
||
* chromium-78-pm-crash.patch
|
||
* chromium-78-protobuf-export.patch
|
||
- Remove patches:
|
||
* chromium-77-blink-include.patch
|
||
* chromium-77-fix-gn-gen.patch
|
||
* chromium-77-gcc-abstract.patch
|
||
* chromium-77-gcc-include.patch
|
||
* chromium-77-gcc-no-opt-safe-math.patch
|
||
* chromium-77-no-cups.patch
|
||
* chromium-77-std-string.patch
|
||
* chromium-77-system-hb.patch
|
||
* chromium-77.0.3865.120.tar.xz
|
||
* chromium-77.0.3865.75-certificate-transparency.patch
|
||
- Rebase patches:
|
||
* chromium-system-icu.patch
|
||
* chromium-unbundle-zlib.patch
|
||
* chromium-vaapi-fix.patch
|
||
* chromium-vaapi.patch
|
||
* old-libva.patch
|
||
At revision 0ad55cb9e188d5926db26003b443eec9.
|
||
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 18 09:37:21 UTC 2019 - Stasiek Michalski <hellcp@mailbox.org>
|
||
|
||
- Use internal resources for icon and appdata
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 11 08:05:49 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 77.0.3865.120 bsc#1153660:
|
||
* CVE-2019-13693: Use-after-free in IndexedDB
|
||
* CVE-2019-13694: Use-after-free in WebRTC
|
||
* CVE-2019-13695: Use-after-free in audio
|
||
* CVE-2019-13696: Use-after-free in V8
|
||
* CVE-2019-13697: Cross-origin size leak.
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 19 12:55:15 UTC 2019 - Jan Ritzerfeld <suse@bugs.jan.ritzerfeld.org>
|
||
|
||
- Added patch chromium-vaapi-fix.patch again to fix boo#1146219
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 18 19:45:29 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- update to chromium 77.0.3865.90 boo#1151229:
|
||
* CVE-2019-13685: Use-after-free in UI
|
||
* CVE-2019-13688: Use-after-free in media
|
||
* CVE-2019-13687: Use-after-free in media
|
||
* CVE-2019-13686: Use-after-free in offline pages
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 16 09:11:11 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch from Fedora for cert transparency:
|
||
* chromium-77.0.3865.75-certificate-transparency.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 16 08:06:10 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patches from gentoo:
|
||
* chromium-77-clang.patch
|
||
* chromium-77-gcc-no-opt-safe-math.patch
|
||
* chromium-77-no-cups.patch
|
||
* chromium-77-std-string.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 12 10:29:13 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update patch old-libva.patch to build on openSUSE Leap 15.0
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 12 08:34:01 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to chromium 77.0.3865.75 bsc#1150425:
|
||
* CVE-2019-5870: Use-after-free in media
|
||
* CVE-2019-5871: Heap overflow in Skia
|
||
* CVE-2019-5872: Use-after-free in Mojo
|
||
* CVE-2019-5874: External URIs may trigger other browsers
|
||
* CVE-2019-5875: URL bar spoof via download redirect
|
||
* CVE-2019-5876: Use-after-free in media
|
||
* CVE-2019-5877: Out-of-bounds access in V8
|
||
* CVE-2019-5878: Use-after-free in V8
|
||
* CVE-2019-5879: Extension can bypass same origin policy
|
||
* CVE-2019-5880: SameSite cookie bypass
|
||
* CVE-2019-5881: Arbitrary read in SwiftShader
|
||
* CVE-2019-13659: URL spoof
|
||
* CVE-2019-13660: Full screen notification overlap
|
||
* CVE-2019-13661: Full screen notification spoof
|
||
* CVE-2019-13662: CSP bypass
|
||
* CVE-2019-13663: IDN spoof
|
||
* CVE-2019-13664: CSRF bypass
|
||
* CVE-2019-13665: Multiple file download protection bypass
|
||
* CVE-2019-13666: Side channel using storage size estimate
|
||
* CVE-2019-13667: URI bar spoof when using external app URIs
|
||
* CVE-2019-13668: Global window leak via console
|
||
* CVE-2019-13669: HTTP authentication spoof
|
||
* CVE-2019-13670: V8 memory corruption in regex
|
||
* CVE-2019-13671: Dialog box fails to show origin
|
||
* CVE-2019-13673: Cross-origin information leak using devtools
|
||
* CVE-2019-13674: IDN spoofing
|
||
* CVE-2019-13675: Extensions can be disabled by trailing slash
|
||
* CVE-2019-13676: Google URI shown for certificate warning
|
||
* CVE-2019-13677: Chrome web store origin needs to be isolated
|
||
* CVE-2019-13678: Download dialog spoofing
|
||
* CVE-2019-13679: User gesture needed for printing
|
||
* CVE-2019-13680: IP address spoofing to servers
|
||
* CVE-2019-13681: Bypass on download restrictions
|
||
* CVE-2019-13682: Site isolation bypass
|
||
* CVE-2019-13683: Exceptions leaked by devtools
|
||
- Added patches:
|
||
* chromium-77-blink-include.patch
|
||
* chromium-77-fix-gn-gen.patch
|
||
* chromium-77-gcc-abstract.patch
|
||
* chromium-77-gcc-include.patch
|
||
* chromium-77-system-hb.patch
|
||
* chromium-unbundle-zlib.patch
|
||
- Removed merged patches:
|
||
* chromium-76-gcc-ambiguous-nodestructor.patch
|
||
* chromium-76-gcc-blink-constexpr.patch
|
||
* chromium-76-gcc-blink-namespace1.patch
|
||
* chromium-76-gcc-blink-namespace2.patch
|
||
* chromium-76-gcc-gl-init.patch
|
||
* chromium-76-gcc-include.patch
|
||
* chromium-76-gcc-noexcept.patch
|
||
* chromium-76-gcc-private.patch
|
||
* chromium-76-gcc-pure-virtual.patch
|
||
* chromium-76-gcc-uint32.patch
|
||
* chromium-76-gcc-vulkan.patch
|
||
* chromium-76-quiche.patch
|
||
* chromium-angle-inline.patch
|
||
* chromium-fix-char_traits.patch
|
||
* chromium-skia-aarch64-buildfix.patch
|
||
* chromium-vaapi-fix.patch
|
||
* gcc-lto-rsp-clobber.patch
|
||
- Refreshed patches:
|
||
* chromium-prop-codecs.patch
|
||
* chromium-system-icu.patch
|
||
* chromium-vaapi.patch
|
||
* old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 3 12:52:13 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 76.0.3809.132 bsc#1149143 CVE-2019-5869:
|
||
* CVE-2019-5869: Use-after-free in Blink
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- Refresh patch chromium-76-gcc-ambiguous-nodestructor.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 19 17:44:00 UTC 2019 - Jan Ritzerfeld <suse@bugs.jan.ritzerfeld.org>
|
||
|
||
- Added patch chromium-vaapi-fix.patch to fix boo#1146219
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 12 10:25:15 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 76.0.3809.100 bsc#1145242:
|
||
* CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
|
||
* CVE-2019-5867: Out-of-bounds read in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 8 07:27:14 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patches to fix few compilation issues:
|
||
* chromium-angle-inline.patch
|
||
* chromium-fix-char_traits.patch bsc#1144625
|
||
- Remove not properly applying old-glibc patch:
|
||
* chromium-old-glibc.patch
|
||
- Disable various gcc warnings as upstream does not care and it
|
||
just bloats the buildlog (from debian)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 2 08:41:33 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 76.0.3809.87 bsc#1143492:
|
||
* CVE-2019-5850: Use-after-free in offline page fetcher
|
||
* CVE-2019-5860: Use-after-free in PDFium
|
||
* CVE-2019-5853: Memory corruption in regexp length check
|
||
* CVE-2019-5851: Use-after-poison in offline audio context
|
||
* CVE-2019-5859: res: URIs can load alternative browsers
|
||
* CVE-2019-5856: Insufficient checks on filesystem: URI permissions
|
||
* CVE-2019-5855: Integer overflow in PDFium
|
||
* CVE-2019-5865: Site isolation bypass from compromised renderer
|
||
* CVE-2019-5858: Insufficient filtering of Open URL service parameters
|
||
* CVE-2019-5864: Insufficient port filtering in CORS for extensions
|
||
* CVE-2019-5862: AppCache not robust to compromised renderers
|
||
* CVE-2019-5861: Click location incorrectly checked
|
||
* CVE-2019-5857: Comparison of -0 and null yields crash
|
||
* CVE-2019-5854: Integer overflow in PDFium text rendering
|
||
* CVE-2019-5852: Object leak of utility functions
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
* Not affected:
|
||
+ CVE-2019-5863: Use-after-free in WebUSB on Windows
|
||
- Added patches:
|
||
* chromium-76-gcc-ambiguous-nodestructor.patch
|
||
* chromium-76-gcc-blink-constexpr.patch
|
||
* chromium-76-gcc-blink-namespace1.patch
|
||
* chromium-76-gcc-blink-namespace2.patch
|
||
* chromium-76-gcc-gl-init.patch
|
||
* chromium-76-gcc-include.patch
|
||
* chromium-76-gcc-noexcept.patch
|
||
* chromium-76-gcc-private.patch
|
||
* chromium-76-gcc-pure-virtual.patch
|
||
* chromium-76-gcc-uint32.patch
|
||
* chromium-76-gcc-vulkan.patch
|
||
* chromium-76-quiche.patch
|
||
- Removed patches:
|
||
* chromium-non-void-return.patch
|
||
* chromium-75.0.3770.80-SIOCGSTAMP.patch
|
||
* chromium-75.0.3770.80-pure-virtual-crash-fix.patch
|
||
* chromium-gcc.patch
|
||
* chromium-renderprocess-crash.patch
|
||
* chromium-skia-system-fontconfig.patch
|
||
- Refreshed patches:
|
||
* chromium-dma-buf.patch
|
||
* chromium-drm.patch
|
||
* chromium-libusb_interrupt_event_handler.patch
|
||
* chromium-skia-aarch64-buildfix.patch
|
||
* chromium-system-icu.patch
|
||
* chromium-vaapi.patch
|
||
* old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 30 12:47:02 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Do not use lto flags from prjconf, we need to set them using
|
||
gn buildsystem
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 30 10:07:34 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Drop patch chromium-non-void-return.patch and just pass
|
||
a cxxflags disabler for the check
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 17 08:31:56 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update gcc-enable-lto.patch to work on systems without the
|
||
lto
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 16 14:26:18 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 75.0.3770.142 bsc#1141649:
|
||
* CVE-2019-5847: V8 sealed/frozen elements cause crash
|
||
* CVE-2019-5848: Font sizes may expose sensitive information
|
||
- Add patch chromium-renderprocess-crash.patch to hopefully fix
|
||
bsc#1141102
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 2 08:55:22 UTC 2019 - Martin Liška <mliska@suse.cz>
|
||
|
||
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
|
||
gcc-lto-rsp-clobber.patch patches.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 2 07:35:44 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Install manpage
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 19 11:55:13 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 75.0.3770.100:
|
||
* This is just feature fixes update
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 14 10:56:48 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 75.0.3770.90 bsc#1137332 bsc#1138287:
|
||
* CVE-2019-5842: Use-after-free in Blink.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 11 06:47:26 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Fix build with kernel 5.2 and avoid runtime crash due to pure virtual
|
||
declaration:
|
||
* chromium-75.0.3770.80-SIOCGSTAMP.patch
|
||
* chromium-75.0.3770.80-pure-virtual-crash-fix.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jun 8 06:53:44 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update old-libva.patch to make sure we build on Leap 42.3
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 7 19:49:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 75.0.3770.80 bsc#1137332:
|
||
* CVE-2019-5828: Use after free in ServiceWorker
|
||
* CVE-2019-5829: Use after free in Download Manager
|
||
* CVE-2019-5830: Incorrectly credentialed requests in CORS
|
||
* CVE-2019-5831: Incorrect map processing in V8
|
||
* CVE-2019-5832: Incorrect CORS handling in XHR
|
||
* CVE-2019-5833: Inconsistent security UI placemen
|
||
* CVE-2019-5835: Out of bounds read in Swiftshader
|
||
* CVE-2019-5836: Heap buffer overflow in Angle
|
||
* CVE-2019-5837: Cross-origin resources size disclosure in Appcache
|
||
* CVE-2019-5838: Overly permissive tab access in Extensions
|
||
* CVE-2019-5839: Incorrect handling of certain code points in Blink
|
||
* CVE-2019-5840: Popup blocker bypass
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
* CVE-2019-5834: URL spoof in Omnibox on iOS
|
||
- Remove merged patchsets:
|
||
* 00-basevalue.patch
|
||
* 01-basevalue.patch
|
||
* 02-basevalue.patch
|
||
* 03-basevalue.patch
|
||
* 04-basevalue.patch
|
||
* 05-basevalue.patch
|
||
* 06-basevalue.patch
|
||
* chromium-fix-crc32-for-aarch64.patch
|
||
* quic.patch
|
||
- Update patches:
|
||
* chromium-gcc.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-vaapi.patch
|
||
* old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 28 07:48:51 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 74.0.3729.169:
|
||
* Feature fixes update only
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 19 09:53:53 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
|
||
|
||
- Update to 74.0.3729.157:
|
||
* Various security fixes from internal audits, fuzzing and other
|
||
initiatives
|
||
- includes security fixes from 74.0.3729.131 (boo#1134218):
|
||
* CVE-2019-5827: Out-of-bounds access in SQLite
|
||
* CVE-2019-5824: Parameter passing error in media player
|
||
|
||
-------------------------------------------------------------------
|
||
Tue May 7 09:18:05 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Add patch to fix build on aarch64:
|
||
* chromium-fix-crc32-for-aarch64.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 30 09:04:56 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 74.0.3729.108 bsc#1133313:
|
||
* CVE-2019-5805: Use after free in PDFium
|
||
* CVE-2019-5806: Integer overflow in Angle
|
||
* CVE-2019-5807: Memory corruption in V8
|
||
* CVE-2019-5808: Use after free in Blink
|
||
* CVE-2019-5809: Use after free in Blink
|
||
* CVE-2019-5810: User information disclosure in Autofill
|
||
* CVE-2019-5811: CORS bypass in Blink
|
||
* CVE-2019-5813: Out of bounds read in V8
|
||
* CVE-2019-5814: CORS bypass in Blink
|
||
* CVE-2019-5815: Heap buffer overflow in Blink
|
||
* CVE-2019-5818: Uninitialized value in media reader
|
||
* CVE-2019-5819: Incorrect escaping in developer tools
|
||
* CVE-2019-5820: Integer overflow in PDFium
|
||
* CVE-2019-5821: Integer overflow in PDFium
|
||
* CVE-2019-5822: CORS bypass in download manager
|
||
* CVE-2019-5823: Forced navigation from service worker
|
||
* CVE-2019-5812: URL spoof in Omnibox on iOS
|
||
* CVE-2019-5816: Exploit persistence extension on Android
|
||
* CVE-2019-5817: Heap buffer overflow in Angle on Windows
|
||
- Add patches:
|
||
* 00-basevalue.patch
|
||
* 01-basevalue.patch
|
||
* 02-basevalue.patch
|
||
* 03-basevalue.patch
|
||
* 04-basevalue.patch
|
||
* 05-basevalue.patch
|
||
* 06-basevalue.patch
|
||
* old-libva.patch
|
||
* quic.patch
|
||
- Remove patches:
|
||
* chromium-73.0.3683.75-pipewire-cstring-fix.patch
|
||
* chromium-fix_crashpad.patch
|
||
* chromium-fix_swiftshader.patch
|
||
* chromium-old-libva.patch
|
||
- Rebase patches:
|
||
* chromium-gcc.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-old-glibc.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 5 08:47:35 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 73.0.3686.103:
|
||
* Various feature fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 25 13:49:17 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch for pipewire build:
|
||
* chromium-73.0.3683.75-pipewire-cstring-fix.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 25 10:54:06 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 73.0.3683.86:
|
||
* Just feature fixes around
|
||
- Refresh patch:
|
||
* chromium-non-void-return.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 21 11:00:28 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update conditions to use system harfbuzz on TW+
|
||
- Require java during build
|
||
- Enable using pipewire when available
|
||
- Rebase chromium-vaapi.patch to match up the Fedora one
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 13 10:19:38 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 73.0.3683.75 bsc#1129059:
|
||
* CVE-2019-5844 CVE-2019-5845 CVE-2019-5846
|
||
* CVE-2019-5787: Use after free in Canvas.
|
||
* CVE-2019-5788: Use after free in FileAPI.
|
||
* CVE-2019-5789: Use after free in WebMIDI.
|
||
* CVE-2019-5790: Heap buffer overflow in V8.
|
||
* CVE-2019-5791: Type confusion in V8.
|
||
* CVE-2019-5792: Integer overflow in PDFium.
|
||
* CVE-2019-5793: Excessive permissions for private API in Extensions.
|
||
* CVE-2019-5794: Security UI spoofing.
|
||
* CVE-2019-5795: Integer overflow in PDFium.
|
||
* CVE-2019-5796: Race condition in Extensions.
|
||
* CVE-2019-5797: Race condition in DOMStorage.
|
||
* CVE-2019-5798: Out of bounds read in Skia.
|
||
* CVE-2019-5799: CSP bypass with blob URL.
|
||
* CVE-2019-5800: CSP bypass with blob URL.
|
||
* CVE-2019-5801: Incorrect Omnibox display on iOS.
|
||
* CVE-2019-5802: Security UI spoofing.
|
||
* CVE-2019-5803: CSP bypass with Javascript URLs'.
|
||
* CVE-2019-5804: Command line command injection on Windows.
|
||
- Update patches:
|
||
* chromium-buildname.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-old-glibc.patch
|
||
* chromium-old-libva.patch
|
||
* chromium-vaapi.patch
|
||
- Removed patches:
|
||
* chromium-crashpad-fix_aarch64.patch
|
||
* chromium-webrtc-includes.patch
|
||
- Added patches:
|
||
* chromium-gcc.patch
|
||
* chromium-fix_crashpad.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 4 09:31:41 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Drop direct dependency on libgsm, we just need the devel
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 2 14:46:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 72.0.3626.121:
|
||
* fixes bsc#1127602 CVE-2019-5786
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 25 10:25:40 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 72.0.3626.119:
|
||
* Feature fixes update only
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 20 14:07:27 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 72.0.3626.109 bsc#1120892 CVE-2018-20073:
|
||
* This is just feature fixes update
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 11 08:42:01 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 72.0.3626.96 bsc#1124936:
|
||
* CVE-2019-5784: Inappropriate implementation in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 11 04:35:53 UTC 2019 - Simon Lees <sflees@suse.de>
|
||
|
||
- Provide web_browser so chromium can be installed instead of firefox.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 30 08:58:19 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 72.0.3626.81 bsc#1123641:
|
||
* CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad on 2018-12-12
|
||
* CVE-2019-5782: Inappropriate implementation in V8. Reported by Qixun Zhao of Qihoo 360 Vulcan Team via Tianfu Cup on 2018-11-16
|
||
* CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya on 2018-12-10
|
||
* CVE-2019-5756: Use after free in PDFium. Reported by Anonymous on 2018-10-14
|
||
* CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis, Microsoft Browser Vulnerability Research on 2018-12-15
|
||
* CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-11
|
||
* CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin on 2018-12-05
|
||
* CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-05
|
||
* CVE-2019-5761: Use after free in SwiftShader. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-13
|
||
* CVE-2019-5762: Use after free in PDFium. Reported by Anonymous on 2018-10-31
|
||
* CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-12-13
|
||
* CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin from Check Point Software Technologies on 2018-12-09
|
||
* CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin (@bagipro) on 2019-01-16
|
||
* CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg on 2018-11-20
|
||
* CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao from Indiana University Bloomington on 2018-11-06
|
||
* CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu on 2018-01-24
|
||
* CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel on 2018-12-11
|
||
* CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt@ on 2018-11-27
|
||
* CVE-2019-5771: Heap buffer overflow in SwiftShader. Reported by Zhe Jin(金哲),Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-12
|
||
* CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-11-26
|
||
* CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2018-12-24
|
||
* CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang (ultract) and Juno Im on 2018-11-11
|
||
* CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
|
||
* CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang on 2018-07-14
|
||
* CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani on 2018-06-04
|
||
* CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg on 2019-01-02
|
||
* CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg on 2018-11-11
|
||
* CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg (folivora.AI GmbH) on 2018-10-03
|
||
* CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
|
||
- Added patches:
|
||
* chromium-crashpad-fix_aarch64.patch
|
||
* chromium-fix_swiftshader.patch
|
||
* chromium-webrtc-includes.patch
|
||
- Obsoleted patches:
|
||
* chromium-gcc8-alignof.patch
|
||
* chromium-initialize-list.patch
|
||
- Updated patches:
|
||
* chromium-dma-buf.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-skia-system-fontconfig.patch
|
||
* chromium-system-icu.patch
|
||
* chromium-vaapi.patch
|
||
- Try to reduce constraints to avoid being so much just in
|
||
scheduled state
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 2 08:30:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Tweak fix_building_widevinecdm_with_chromium.patch to make it
|
||
work again bsc#1120429
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 14 08:51:26 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Update %arm build, but keep it disabled for now, as ld requires
|
||
lots of RAM
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 13 11:22:25 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Version update to 71.0.3578.98 bsc#1119364:
|
||
* CVE-2018-17481: Use after free in PDFium
|
||
- Redo chromium-old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 7 14:32:25 UTC 2018 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
||
|
||
- Increase %limit_build value to avoid OOM
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 6 14:13:10 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch to build on Leap 42.x:
|
||
* chromium-old-libva.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 6 08:41:53 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Version update to 71.0.3578.80 bsc#1118529:
|
||
- CVE-2018-17480: Out of bounds write in V8
|
||
- CVE-2018-17481: Use after frees in PDFium
|
||
- CVE-2018-18335: Heap buffer overflow in Skia
|
||
- CVE-2018-18336: Use after free in PDFium
|
||
- CVE-2018-18337: Use after free in Blink
|
||
- CVE-2018-18338: Heap buffer overflow in Canvas
|
||
- CVE-2018-18339: Use after free in WebAudio
|
||
- CVE-2018-18340: Use after free in MediaRecorder
|
||
- CVE-2018-18341: Heap buffer overflow in Blink
|
||
- CVE-2018-18342: Out of bounds write in V8
|
||
- CVE-2018-18343: Use after free in Skia
|
||
- CVE-2018-18344: Inappropriate implementation in Extensions
|
||
- Multiple issues in SQLite via WebSQL
|
||
- CVE-2018-18345: Inappropriate implementation in Site Isolation
|
||
- CVE-2018-18346: Incorrect security UI in Blink
|
||
- CVE-2018-18347: Inappropriate implementation in Navigation
|
||
- CVE-2018-18348: Inappropriate implementation in Omnibox
|
||
- CVE-2018-18349: Insufficient policy enforcement in Blink
|
||
- CVE-2018-18350: Insufficient policy enforcement in Blink
|
||
- CVE-2018-18351: Insufficient policy enforcement in Navigation
|
||
- CVE-2018-18352: Inappropriate implementation in Media
|
||
- CVE-2018-18353: Inappropriate implementation in Network Authentication
|
||
- CVE-2018-18354: Insufficient data validation in Shell Integration
|
||
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter
|
||
- CVE-2018-18356: Use after free in Skia
|
||
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter
|
||
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
|
||
- CVE-2018-18359: Out of bounds read in V8
|
||
- Inappropriate implementation in PDFium
|
||
- Use after free in Extensions
|
||
- Inappropriate implementation in Navigation
|
||
- Insufficient policy enforcement in Navigation
|
||
- Insufficient policy enforcement in URL Formatter
|
||
- Various fixes from internal audits, fuzzing and other initiatives
|
||
- Updated/refreshed patches:
|
||
* fix_building_widevinecdm_with_chromium.patch
|
||
* chromium-vaapi.patch
|
||
* chromium-skia-aarch64-buildfix.patch
|
||
* chromium-prop-codecs.patch
|
||
* chromium-non-void-return.patch
|
||
- Removed patches:
|
||
* chromium-gcc8-constexpr.patch
|
||
* chromium-libva1.patch
|
||
* chromium-pdfium-include.patch
|
||
* chromium-warnings.patch
|
||
- Added patches:
|
||
* chromium-initialize-list.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 21 09:09:28 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Version update to 70.0.3538.110 bsc#1116608:
|
||
* CVE-2018-17479: Use-after-free in GPU
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 14 09:42:33 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Version update to 70.0.3538.102 bsc#1115537 CVE-2018-17478
|
||
* CVE-2018-17478: Out of bounds memory access in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 3 21:18:07 UTC 2018 - Yunhe Guo <i@guoyunhe.me>
|
||
|
||
- Remove noto-emoji-fonts recommends. noto-emoji-fonts has been
|
||
inactive for a long time. noto-coloremoji-fonts is the current
|
||
recommended emoji fonts from noto. And noto-emoji-fonts (monochrome)
|
||
disables noto-coloremoji-fonts (colorful).
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 25 09:07:47 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 70.0.3538.77:
|
||
* Few feature fixes only
|
||
- Do not meintion armv6 and armv7 in the constraints
|
||
- Update patch chromium-non-void-return.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 22 11:43:26 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add patch trying to get the pkg to build with libva 1.x releases:
|
||
* chromium-libva1.patch
|
||
- Update chromium-old-glibc.patch to contain more tweaked locations
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 19 12:43:06 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Add back chromium-old-glibc.patch to make sure we build on 42.3
|
||
- Reduce the merge number on jumbo files to reduce memory usage bit
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 19 09:58:46 UTC 2018 - astieger@suse.com
|
||
|
||
- remove trigger word from spec that trips up legal-auto
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 17 08:07:37 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 70.0.3538.67 bsc#1112111:
|
||
* CVE-2018-17462: Sandbox escape in AppCache
|
||
* CVE-2018-17463: Remote code execution in V8
|
||
* CVE to be assigned: Heap buffer overflow in Little CMS in PDFium
|
||
* CVE-2018-17464: URL spoof in Omnibox
|
||
* CVE-2018-17465: Use after free in V8
|
||
* CVE-2018-17466: Memory corruption in Angle
|
||
* CVE-2018-17467: URL spoof in Omnibox
|
||
* CVE-2018-17468: Cross-origin URL disclosure in Blink
|
||
* CVE-2018-17469: Heap buffer overflow in PDFium
|
||
* CVE-2018-17470: Memory corruption in GPU Internals
|
||
* CVE-2018-17471: Security UI occlusion in full screen mode
|
||
* CVE-2018-17472: iframe sandbox escape on iOS
|
||
* CVE-2018-17473: URL spoof in Omnibox
|
||
* CVE-2018-17474: Use after free in Blink
|
||
* CVE-2018-17475: URL spoof in Omnibox
|
||
* CVE-2018-17476: Security UI occlusion in full screen mode
|
||
* CVE-2018-5179: Lack of limits on update() in ServiceWorker
|
||
* CVE-2018-17477: UI spoof in Extensions
|
||
- Added patches:
|
||
* chromium-gcc8-constexpr.patch
|
||
* chromium-libusb_interrupt_event_handler.patch
|
||
* chromium-pdfium-include.patch
|
||
* chromium-system-libusb.patch
|
||
- Removed patches:
|
||
* chromium-old-glibc.patch
|
||
* chromium-vpx-aarch64.patch
|
||
- Updated patches:
|
||
* chromium-gcc8-alignof.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-prop-codecs.patch
|
||
* chromium-sandbox-pie.patch
|
||
* chromium-skia-system-fontconfig.patch
|
||
* chromium-vaapi.patch
|
||
- Redo the vaapi patch to be default on as there are no reports of
|
||
issues with it
|
||
- Use system libusb-1.0
|
||
- Use jumbo build to speed things up
|
||
- Use bundled harfbuzz because we need newer than latest release
|
||
- Disable gnome-keyring as it crashes the chromium quite often
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 18 09:29:55 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Keep blank line after autopatch to make SLE12 rpm macros happy
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 18 07:27:09 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Update to 69.0.3497.100 bsc#1108774
|
||
* Fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 12 12:52:08 UTC 2018 - astieger@suse.com
|
||
|
||
- Chromium 69.0.3497.92 (boo#1108114), containing 2 security fixes:
|
||
* Function signature mismatch in WebAssembly
|
||
* URL Spoofing in Omnibox
|
||
- the rpm should not provide swiftshader libs boo#1108175
|
||
- make jumbo build configurable, default off
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 8 11:12:43 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Enable jumbo build to speed things up
|
||
- Enable vulkan integration
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 6 13:27:18 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add patch to fix mojo build on 32bit:
|
||
* chromium-gcc8-alignof.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 6 09:13:49 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Split out the gn from this package, obsoletes patches:
|
||
* fix-gn-bootstrap.patch
|
||
* chromium-last-commit-position-r0.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 6 09:09:57 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||
|
||
- Version update to 69.0.3497.81 bsc#1107235:
|
||
* CVE-2018-16065: Out of bounds write in V8
|
||
* CVE-2018-16066:Out of bounds read in Blink
|
||
* CVE-2018-16067: Out of bounds read in WebAudio
|
||
* CVE-2018-16068: Out of bounds write in Mojo
|
||
* CVE-2018-16069:Out of bounds read in SwiftShader
|
||
* CVE-2018-16070: Integer overflow in Skia
|
||
* CVE-2018-16071: Use after free in WebRTC
|
||
* CVE-2018-16073: Site Isolation bypass after tab restore
|
||
* CVE-2018-16074: Site Isolation bypass using Blob URLS
|
||
* Out of bounds read in Little-CMS
|
||
* CVE-2018-16075: Local file access in Blink
|
||
* CVE-2018-16076: Out of bounds read in PDFium
|
||
* CVE-2018-16077: Content security policy bypass in Blink
|
||
* CVE-2018-16078: Credit card information leak in Autofill
|
||
* CVE-2018-16079: URL spoof in permission dialogs
|
||
* CVE-2018-16080: URL spoof in full screen mode
|
||
* CVE-2018-16081: Local file access in DevTools
|
||
* CVE-2018-16082: Stack buffer overflow in SwiftShader
|
||
* CVE-2018-16083: Out of bounds read in WebRTC
|
||
* CVE-2018-16084: User confirmation bypass in external protocol handling
|
||
* CVE-2018-16085: Use after free in Memory Instrumentation
|
||
* CVE-2018-16086: Script injection in New Tab Page.
|
||
* CVE-2018-16087: Multiple download restriction bypass.
|
||
* CVE-2018-16088: User gesture requirement bypass.
|
||
- Added patches:
|
||
* chromium-old-glibc.patch
|
||
* chromium-system-icu.patch
|
||
* chromium-warnings.patch
|
||
- Removed patches:
|
||
* chromium-cors-string.patch
|
||
* chromium-crashpad-aarch64-fix.patch
|
||
* chromium-ffmpeg.patch
|
||
* chromium-gcc.patch
|
||
* chromium-gcc7.patch
|
||
* chromium-libjpeg.patch
|
||
* chromium-libwebp-shim.patch
|
||
- Rebased patches:
|
||
* chromium-last-commit-position-r0.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-sandbox-pie.patch
|
||
* chromium-skia-system-fontconfig.patch
|
||
* chromium-vaapi.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 8 21:14:43 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Update to chromium-68.0.3440.106:
|
||
* Various feature fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 1 10:12:25 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 68.0.3440.84:
|
||
* Various small feature fixes only
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 25 15:56:24 UTC 2018 - guillaume.gardet@opensuse.org
|
||
|
||
- Add patch to fix aarch64 build:
|
||
* chromium-vpx-aarch64.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 25 14:29:16 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add patch trying to build chromium on Leap 42.3:
|
||
* chromium-gcc7.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 25 13:08:17 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Raise libvpx requirement to match what we really need
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 25 09:53:23 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 68.0.3440.75 bsc#1102530:
|
||
* CVE-2018-6153: Stack buffer overflow in Skia.
|
||
* CVE-2018-6154: Heap buffer overflow in WebGL.
|
||
* CVE-2018-6155: Use after free in WebRTC.
|
||
* CVE-2018-6156: Heap buffer overflow in WebRTC.
|
||
* CVE-2018-6157: Type confusion in WebRTC.
|
||
* CVE-2018-6158: Use after free in Blink.
|
||
* CVE-2018-6159: Same origin policy bypass in ServiceWorker.
|
||
* CVE-2018-6160: URL spoof in Chrome on iOS.
|
||
* CVE-2018-6161: Same origin policy bypass in WebAudio.
|
||
* CVE-2018-6162: Heap buffer overflow in WebGL.
|
||
* CVE-2018-6163: URL spoof in Omnibox.
|
||
* CVE-2018-6164: Same origin policy bypass in ServiceWorker.
|
||
* CVE-2018-6165: URL spoof in Omnibox.
|
||
* CVE-2018-6166: URL spoof in Omnibox.
|
||
* CVE-2018-6167: URL spoof in Omnibox.
|
||
* CVE-2018-6168: CORS bypass in Blink.
|
||
* CVE-2018-6169: Permissions bypass in extension installation.
|
||
* CVE-2018-6170: Type confusion in PDFium.
|
||
* CVE-2018-6171: Use after free in WebBluetooth.
|
||
* CVE-2018-6172: URL spoof in Omnibox.
|
||
* CVE-2018-6173: URL spoof in Omnibox.
|
||
* CVE-2018-6174: Integer overflow in SwiftShader.
|
||
* CVE-2018-6175: URL spoof in Omnibox.
|
||
* CVE-2018-6176: Local user privilege escalation in Extensions.
|
||
* CVE-2018-6177: Cross origin information leak in Blink.
|
||
* CVE-2018-6178: UI spoof in Extensions.
|
||
* CVE-2018-6179: Local file information leak in Extensions.
|
||
* CVE-2018-6044: Request privilege escalation in Extensions.
|
||
* CVE-2018-4117: Cross origin information leak in Blink.
|
||
- Rebase patches:
|
||
* chromium-master-prefs-path.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-vaapi.patch
|
||
- Add patches:
|
||
* chromium-cors-string.patch
|
||
* chromium-gcc.patch
|
||
* chromium-libjpeg.patch
|
||
* chromium-libwebp-shim.patch
|
||
- Remove patches:
|
||
* chromium-gcc8.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 10 11:40:21 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 67.0.3396.99:
|
||
* Various small feature fixes, no security
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 15 19:51:32 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add patch to build under gcc8:
|
||
* chromium-gcc8.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 13 09:26:43 UTC 2018 - security@suse.com
|
||
|
||
- Chromium 67.0.3396.87:
|
||
* CVE-2018-6149: Out of bounds write in V8 (boo#1097452)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 7 12:23:26 UTC 2018 - astieger@suse.com
|
||
|
||
- Chromium 67.0.3396.79:
|
||
* CVE-2018-6148: Incorrect handling of CSP header (boo#1096508)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 1 17:45:46 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Require ffmpeg >= 4.0 bsc#1095545
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 30 11:18:13 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Update to 67.0.3396.62 bsc#1095163
|
||
* CVE-2018-6123: Use after free in Blink.
|
||
* CVE-2018-6124: Type confusion in Blink.
|
||
* CVE-2018-6125: Overly permissive policy in WebUSB.
|
||
* CVE-2018-6126: Heap buffer overflow in Skia.
|
||
* CVE-2018-6127: Use after free in indexedDB.
|
||
* CVE-2018-6128: uXSS in Chrome on iOS.
|
||
* CVE-2018-6129: Out of bounds memory access in WebRTC.
|
||
* CVE-2018-6130: Out of bounds memory access in WebRTC.
|
||
* CVE-2018-6131: Incorrect mutability protection in WebAssembly.
|
||
* CVE-2018-6132: Use of uninitialized memory in WebRTC.
|
||
* CVE-2018-6133: URL spoof in Omnibox.
|
||
* CVE-2018-6134: Referrer Policy bypass in Blink.
|
||
* CVE-2018-6135: UI spoofing in Blink.
|
||
* CVE-2018-6136: Out of bounds memory access in V8.
|
||
* CVE-2018-6137: Leak of visited status of page in Blink.
|
||
* CVE-2018-6138: Overly permissive policy in Extensions.
|
||
* CVE-2018-6139: Restrictions bypass in the debugger extension API.
|
||
* CVE-2018-6140: Restrictions bypass in the debugger extension API.
|
||
* CVE-2018-6141: Heap buffer overflow in Skia.
|
||
* CVE-2018-6142: Out of bounds memory access in V8.
|
||
* CVE-2018-6143: Out of bounds memory access in V8.
|
||
* CVE-2018-6144: Out of bounds memory access in PDFium.
|
||
* CVE-2018-6145: Incorrect escaping of MathML in Blink.
|
||
* CVE-2018-6147: Password fields not taking advantage of OS protections in Views.
|
||
- Add patches to build on aarch and remove obsolete one:
|
||
* chromium-crashpad-aarch64-fix.patch
|
||
* chromium-skia-aarch64-buildfix.patch
|
||
* chromium-65.0.3325.162-skia-aarch64-buildfix.patch
|
||
* chromium-skia-neon.patch
|
||
- Remove no longer needed gcc patch:
|
||
* chromium-gcc7.patch
|
||
- Rebase patches:
|
||
* chromium-non-void-return.patch
|
||
* chromium-vaapi.patch
|
||
* exclude_ymp.patch
|
||
* fix_building_widevinecdm_with_chromium.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 26 23:01:20 UTC 2018 - astieger@suse.com
|
||
|
||
- on SLE 12 with SUSE PackageHub 12, do not require the SDK for
|
||
libwebpmux1 (bsc#1070421)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 26 07:08:04 UTC 2018 - astieger@suse.com
|
||
|
||
- Fix installation issue on SUSE PackageHub 12 with libminizip1
|
||
(bsc#1093031)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 16 07:05:32 UTC 2018 - astieger@suse.com
|
||
|
||
- Chromium 66.0.3359.181:
|
||
* Autoplay: Force enable on desktop for Web Audio
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 11 12:10:44 UTC 2018 - astieger@suse.com
|
||
|
||
- Chromium 66.0.3359.170 (bsc#1092923):
|
||
* Chain leading to sandbox escape:
|
||
CVE-2018-6121: Privilege Escalation in extensions
|
||
CVE-2018-6122: Type confusion in V8
|
||
* CVE-2018-6120: Heap buffer overflow in PDFium
|
||
* Various fixes from internal audits, fuzzing and other
|
||
initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 9 08:36:30 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add patch chromium-skia-system-fontconfig.patch to fix
|
||
bsc#1092272
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 4 06:53:49 UTC 2018 - guillaume.gardet@opensuse.org
|
||
|
||
- Enable build on AArch64
|
||
- Fix build on AArch64:
|
||
* set target_cpu to arm64
|
||
* disable tcmalloc and swiftshader for aarch64
|
||
* Add new patches:
|
||
- chromium-65.0.3325.162-skia-aarch64-buildfix.patch
|
||
- chromium-skia-neon.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 27 08:22:18 UTC 2018 - tchvatal@suse.com
|
||
|
||
- chromium 66.0.3359.139:
|
||
* CVE-2018-6118: Use after free in Media Cache (bsc#1091288)
|
||
* drop add-missing-blink-tools.patch, now in tarball again
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 18 09:14:21 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version bump to chromium 66.0.3359.117 bsc#1090000:
|
||
* CVE-2018-6085: Use after free in Disk Cache
|
||
* CVE-2018-6086: Use after free in Disk Cache
|
||
* CVE-2018-6087: Use after free in WebAssembly
|
||
* CVE-2018-6088: Use after free in PDFium
|
||
* CVE-2018-6089: Same origin policy bypass in Service Worker
|
||
* CVE-2018-6090: Heap buffer overflow in Skia
|
||
* CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
|
||
* CVE-2018-6092: Integer overflow in WebAssembly
|
||
* CVE-2018-6093: Same origin bypass in Service Worker
|
||
* CVE-2018-6094: Exploit hardening regression in Oilpan
|
||
* CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
|
||
* CVE-2018-6096: Fullscreen UI spoof
|
||
* CVE-2018-6097: Fullscreen UI spoof
|
||
* CVE-2018-6098: URL spoof in Omnibox
|
||
* CVE-2018-6099: CORS bypass in ServiceWorker
|
||
* CVE-2018-6100: URL spoof in Omnibox
|
||
* CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
|
||
* CVE-2018-6102: URL spoof in Omnibox
|
||
* CVE-2018-6103: UI spoof in Permissions
|
||
* CVE-2018-6104: URL spoof in Omnibox
|
||
* CVE-2018-6105: URL spoof in Omnibox
|
||
* CVE-2018-6106: Incorrect handling of promises in V8
|
||
* CVE-2018-6107: URL spoof in Omnibox
|
||
* CVE-2018-6108: URL spoof in Omnibox
|
||
* CVE-2018-6109: Incorrect handling of files by FileAPI
|
||
* CVE-2018-6110: Incorrect handling of plaintext files via file://
|
||
* CVE-2018-6111: Heap-use-after-free in DevTools
|
||
* CVE-2018-6112: Incorrect URL handling in DevTools
|
||
* CVE-2018-6113: URL spoof in Navigation
|
||
* CVE-2018-6114: CSP bypass
|
||
* CVE-2018-6115: SmartScreen bypass in downloads
|
||
* CVE-2018-6116: Incorrect low memory handling in WebAssembly
|
||
* CVE-2018-6117: Confusing autofill settings
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- Remove obsolete patches:
|
||
* chromium-compiler.patch
|
||
* chromium-glibc-2.27.patch
|
||
* chromium-vaapi-init.patch
|
||
* exclude_ymp.diff
|
||
* fix-gn-bootstrap.diff
|
||
* fix_network_api_crash.patch
|
||
* mojo.patch
|
||
- Add new patches:
|
||
* chromium-ffmpeg.patch
|
||
* chromium-gcc7.patch
|
||
* exclude_ymp.patch
|
||
* fix-gn-bootstrap.patch
|
||
- Rebase patches:
|
||
* chromium-master-prefs-path.patch
|
||
* chromium-non-void-return.patch
|
||
* chromium-sandbox-pie.patch
|
||
* chromium-vaapi.patch
|
||
- Add patch to fix missing folder from tarball:
|
||
* add-missing-blink-tools.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 8 10:49:06 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Add vaapi patches:
|
||
* chromium-vaapi-init.patch
|
||
* chromium-vaapi.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 6 12:54:24 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Use memory-constraints package to limit threads as needed
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 21 06:31:27 UTC 2018 - astieger@suse.com
|
||
|
||
- Update to Chromium 65.0.3325.181:
|
||
* Various security relevant fixes from internal audits, fuzzing
|
||
and other initiatives (boo#1086124)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 20 12:33:53 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Use both freetype and harfbuzz either bundled or system
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 14 14:18:35 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 65.0.3325.162:
|
||
* Various stability fixes only
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 14 09:00:37 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Bundle the harfbuzz on < 15.0 release as we would have to
|
||
use requires_ge for the library itself later on otherwise
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 9 09:10:01 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Make sure to require gcc7
|
||
- Add patch chromium-drm.patch to make sure to build with Leap 42.3
|
||
variant of libdrm
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 8 09:00:54 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 65.0.3325.146 bsc#1084296:
|
||
* High CVE-2017-11215: Use after free in Flash.
|
||
* High CVE-2017-11225: Use after free in Flash.
|
||
* High CVE-2018-6060: Use after free in Blink.
|
||
* High CVE-2018-6061: Race condition in V8.
|
||
* High CVE-2018-6062: Heap buffer overflow in Skia.
|
||
* High CVE-2018-6057: Incorrect permissions on shared memory.
|
||
* High CVE-2018-6063: Incorrect permissions on shared memory.
|
||
* High CVE-2018-6064: Type confusion in V8.
|
||
* High CVE-2018-6065: Integer overflow in V8.
|
||
* Medium CVE-2018-6066: Same Origin Bypass via canvas.
|
||
* Medium CVE-2018-6067: Buffer overflow in Skia.
|
||
* Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
|
||
* Medium CVE-2018-6069: Stack buffer overflow in Skia.
|
||
* Medium CVE-2018-6070: CSP bypass through extensions.
|
||
* Medium CVE-2018-6071: Heap bufffer overflow in Skia.
|
||
* Medium CVE-2018-6072: Integer overflow in PDFium.
|
||
* Medium CVE-2018-6073: Heap bufffer overflow in WebGL.
|
||
* Medium CVE-2018-6074: Mark-of-the-Web bypass.
|
||
* Medium CVE-2018-6075: Overly permissive cross origin downloads.
|
||
* Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
|
||
* Medium CVE-2018-6077: Timing attack using SVG filters.
|
||
* Medium CVE-2018-6078: URL Spoof in OmniBox.
|
||
* Medium CVE-2018-6079: Information disclosure via texture data in WebGL.
|
||
* Medium CVE-2018-6080: Information disclosure in IPC call.
|
||
* Low CVE-2018-6081: XSS in interstitials.
|
||
* Low CVE-2018-6082: Circumvention of port blocking.
|
||
* Low CVE-2018-6083: Incorrect processing of AppManifests.
|
||
- Add new patches:
|
||
* chromium-compiler.patch
|
||
* chromium-glibc-2.27.patch
|
||
* mojo.patch
|
||
- Drop patches:
|
||
* chromium-angle.patch
|
||
* chromium-memcpy.patch
|
||
- Update constraints
|
||
- Refresh patch chromium-non-void-return.patch to include more
|
||
fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 24 19:02:51 UTC 2018 - astieger@suse.com
|
||
|
||
- Chromium 64.0.3282.186:
|
||
* Various minor bug fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 14 08:16:34 UTC 2018 - astieger@suse.com
|
||
|
||
- update to 64.0.3282.167 (bsc#1080920):
|
||
* CVE-2018-6056: Incorrect derived class instantiation in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 2 11:16:23 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 64.0.3282.140 bsc#1079021:
|
||
* Various asan fixes bsc#1078463 CVE-2018-6406
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 2 10:43:48 UTC 2018 - dimstar@opensuse.org
|
||
|
||
- Eliminate build dependency on procps: we only used it to run
|
||
'free', in order to find out how much RAM we have available. We
|
||
can get this information directly from the kernel, from
|
||
/proc/meminfo.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 29 13:07:38 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Fix default page to not point to 404
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 29 12:36:31 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Install swiftshader objects too as they are needed
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 26 10:11:22 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Disable ozone stuff conditions for now as the headless mode
|
||
breaks up runtime bsc#1077722
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 25 09:51:59 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Switch to gcc7 on Leap builds
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 25 09:42:51 UTC 2018 - tchvatal@suse.com
|
||
|
||
- Version update to 64.0.3282.119 bsc#1077571:
|
||
* High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
|
||
* High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
|
||
* High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
|
||
* Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
|
||
* Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
|
||
* Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre (NCSC) on 2017-11-30
|
||
* Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
|
||
* Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
|
||
* Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
|
||
* Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
|
||
* Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
|
||
* Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
|
||
* Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
|
||
* Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
|
||
* Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
|
||
* Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
|
||
* Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
|
||
* Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05
|
||
* Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
|
||
* Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
|
||
* Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
|
||
* Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
|
||
* Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
|
||
* Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
|
||
- Add patches:
|
||
* chromium-angle.patch
|
||
* chromium-memcpy.patch
|
||
- Drop patch:
|
||
* chromium-gcc.patch
|
||
- Change desktop file name to fit bellow the icon on ie KDE desktop
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 4 20:59:31 UTC 2018 - astieger@suse.com
|
||
|
||
- Chromium 63.0.3239.132:
|
||
* DevTools: do not report raw headers and cookies for protected
|
||
subresources
|
||
* Various other fixes and updates
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 15 09:28:07 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 63.0.3239.108 bsc#1072976:
|
||
* CVE-2017-15429: UXSS in V8
|
||
* Various fuzzing fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 7 09:41:13 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 63.0.3239.84 bsc#1071691:
|
||
* bsc#1106341 CVE-2017-15430 Unsafe navigation in Chromecast
|
||
* Critical CVE-2017-15407: Out of bounds write in QUIC.
|
||
* High CVE-2017-15408: Heap buffer overflow in PDFium.
|
||
* High CVE-2017-15409: Out of bounds write in Skia.
|
||
* High CVE-2017-15410: Use after free in PDFium.
|
||
* High CVE-2017-15411: Use after free in PDFium.
|
||
* High CVE-2017-15412: Use after free in libXML.
|
||
* High CVE-2017-15413: Type confusion in WebAssembly.
|
||
* Medium CVE-2017-15415: Pointer information disclosure in IPC call.
|
||
* Medium CVE-2017-15416: Out of bounds read in Blink.
|
||
* Medium CVE-2017-15417: Cross origin information disclosure in Skia.
|
||
* Medium CVE-2017-15418: Use of uninitialized value in Skia.
|
||
* Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink.
|
||
* Medium CVE-2017-15420: URL spoofing in Omnibox.
|
||
* Medium CVE-2017-15422: Integer overflow in ICU.
|
||
* Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
|
||
* Low CVE-2017-15424: URL Spoof in Omnibox.
|
||
* Low CVE-2017-15425: URL Spoof in Omnibox.
|
||
* Low CVE-2017-15426: URL Spoof in Omnibox.
|
||
* Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
|
||
- Rebase fix-gn-bootstrap.diff
|
||
- Drop merged patches:
|
||
* chromium-gcc5.patch
|
||
* chromium-60.0.3112.113-breakpad-ucontext.patch
|
||
* chromium-62.0.3202.62-correct-cplusplus-check.patch
|
||
- Add new patches:
|
||
* chromium-non-void-return.patch
|
||
* chromium-gcc.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 22 11:05:42 UTC 2017 - idonmez@suse.com
|
||
|
||
- BuildRequire nodejs8 instead of nodejs6 for suse_version >= 1330
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 15 14:56:24 UTC 2017 - astieger@suse.com
|
||
|
||
- Update to 62.0.3202.94:
|
||
* multiple minor rendering related fixes
|
||
- fix rebuilds in same chroot
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 7 10:12:28 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 62.0.3202.89 bsc#1066851:
|
||
* CVE-2017-15398: Stack buffer overflow in QUIC
|
||
* CVE-2017-15399: Use after free in V8
|
||
- Drop upstream merged chromium-sandbox.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 3 12:40:33 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Restrict the version on jpeg to not waste build power
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 29 08:18:37 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Add patch to fix sandbox crashes wrt bsc#1064298
|
||
* chromium-sandbox.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 27 09:17:02 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 62.0.3202.75 bsc#1065405 CVE-2017-15396
|
||
* CVE-2017-15396: Stack overflow in V8
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 26 12:09:53 UTC 2017 - astieger@suse.com
|
||
|
||
- BuildRequire nodejs6 required for polymer-bundler.js
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 26 09:19:09 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Try to export properly CXX/CC variable to fix leap builds
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 25 17:52:44 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Apply patch to fix building crc32 with gcc7:
|
||
* chromium-62.0.3202.62-correct-cplusplus-check.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 19 03:29:56 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Update to 62.0.3202.62 bsc#1064066:
|
||
* CVE-2017-5124: UXSS with MHTML.
|
||
* CVE-2017-5125: Heap overflow in Skia.
|
||
* CVE-2017-5126: Use after free in PDFium.
|
||
* CVE-2017-5127: Use after free in PDFium.
|
||
* CVE-2017-5128: Heap overflow in WebGL.
|
||
* CVE-2017-5129: Use after free in WebAudio.
|
||
* CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
|
||
* CVE-2017-5130: Heap overflow in libxml2.
|
||
* CVE-2017-5131: Out of bounds write in Skia.
|
||
* CVE-2017-5133: Out of bounds write in Skia.
|
||
* CVE-2017-15386: UI spoofing in Blink.
|
||
* CVE-2017-15387: Content security bypass.
|
||
* CVE-2017-15388: Out of bounds read in Skia.
|
||
* CVE-2017-15389: URL spoofing in OmniBox.
|
||
* CVE-2017-15390: URL spoofing in OmniBox.
|
||
* CVE-2017-15391: Extension limitation bypass in Extensions.
|
||
* CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
|
||
* CVE-2017-15393: Referrer leak in Devtools.
|
||
* CVE-2017-15394: URL spoofing in extensions UI.
|
||
* CVE-2017-15395: Null pointer dereference in ImageCapture.
|
||
- Drop unused patches:
|
||
* arm-webrtc-fix.patch
|
||
* arm_use_right_compiler.patch
|
||
* chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
|
||
* chromium-atk.patch
|
||
* chromium-mojo-dep.patch
|
||
* gcc60-fixes.diff
|
||
- Refresh patches:
|
||
* chromium-gcc5.patch
|
||
* chromium-prop-codecs.patch
|
||
* exclude_ymp.diff
|
||
* fix-gn-bootstrap.diff
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 22 14:50:40 UTC 2017 - astieger@suse.com
|
||
|
||
- Update to 61.0.3163.100 (boo#1060019):
|
||
* CVE-2017-5121: Out-of-bounds access in V8
|
||
* CVE-2017-5122: Out-of-bounds access in V8
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 16 15:50:19 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Update to 61.0.3163.91:
|
||
* Various bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 11 08:45:35 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Update to 61.0.3163.79 bsc#1057364:
|
||
* CVE-2017-5111: Use after free in PDFium.
|
||
* CVE-2017-5112: Heap buffer overflow in WebGL.
|
||
* CVE-2017-5113: Heap buffer overflow in Skia.
|
||
* CVE-2017-5114: Memory lifecycle issue in PDFium.
|
||
* CVE-2017-5115: Type confusion in V8.
|
||
* CVE-2017-5116: Type confusion in V8.
|
||
* CVE-2017-5117: Use of uninitialized value in Skia.
|
||
* CVE-2017-5118: Bypass of Content Security Policy in Blink.
|
||
* CVE-2017-5119: Use of uninitialized value in Skia.
|
||
* CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
|
||
- Rebase patch:
|
||
* fix-gn-bootstrap.diff
|
||
- Remove patches:
|
||
* chromium-gcc7.patch
|
||
* chromium-override.patch
|
||
- Add new patches:
|
||
* chromium-atk.patch
|
||
* chromium-gcc5.patch
|
||
* chromium-mojo-dep.patch
|
||
- Gtk3 is hard required from now on
|
||
- Version some of the required dependencies
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 28 22:57:05 UTC 2017 - astieger@suse.com
|
||
|
||
- fix build with Factory glibc:
|
||
add chromium-60.0.3112.113-breakpad-ucontext.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 25 09:17:27 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 60.0.3112.113:
|
||
* Various bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 15 15:17:00 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 60.0.3112.101:
|
||
* various usability bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Aug 3 13:25:33 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 60.0.3112.90:
|
||
* Various usability bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 26 13:27:55 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 60.0.3112.78 bsc#1050537:
|
||
* CVE-2017-5091: Use after free in IndexedDB
|
||
* CVE-2017-5092: Use after free in PPAPI
|
||
* CVE-2017-5093: UI spoofing in Blink
|
||
* CVE-2017-5094: Type confusion in extensions
|
||
* CVE-2017-5095: Out-of-bounds write in PDFium
|
||
* CVE-2017-5096: User information leak via Android intents
|
||
* CVE-2017-5097: Out-of-bounds read in Skia
|
||
* CVE-2017-5098: Use after free in V8
|
||
* CVE-2017-5099: Out-of-bounds write in PPAPI
|
||
* CVE-2017-5100: Use after free in Chrome Apps
|
||
* CVE-2017-5101: URL spoofing in OmniBox
|
||
* CVE-2017-5102: Uninitialized use in Skia
|
||
* CVE-2017-5103: Uninitialized use in Skia
|
||
* CVE-2017-5104: UI spoofing in browser
|
||
* CVE-2017-7000: Pointer disclosure in SQLite
|
||
* CVE-2017-5105: URL spoofing in OmniBox
|
||
* CVE-2017-5106: URL spoofing in OmniBox
|
||
* CVE-2017-5107: User information leak via SVG
|
||
* CVE-2017-5108: Type confusion in PDFium
|
||
* CVE-2017-5109: UI spoofing in browser
|
||
* CVE-2017-5110: UI spoofing in payments dialog
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
- Add patch chromium-override.patch
|
||
- Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch
|
||
- Rebase patches:
|
||
* chromium-dma-buf.patch
|
||
* chromium-gcc7.patch
|
||
* chromium-last-commit-position-r0.patch
|
||
* fix-gn-bootstrap.diff
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 24 09:01:07 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Recommend emoji fonts to make sure major web chats do not show
|
||
questionmarks
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 28 19:27:55 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Update to 59.0.3071.115:
|
||
* Various small fixes all around
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 23 07:46:48 UTC 2017 - astieger@suse.com
|
||
|
||
- Update to 59.0.3071.109:
|
||
* ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
|
||
* Fixing mouse focus on WebView
|
||
* Remove gtk dependency from gles tests
|
||
* Set build flag when using own FreeType
|
||
* Revert of [scheduler] Move some task types to suspendable task runner
|
||
* Fix an incorrect method name on the chrome://site-engagement WebUI page
|
||
* Linux/Windows: Removing Guest menu item for supervised profile
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 16 12:12:56 UTC 2017 - astieger@suse.com
|
||
|
||
- Update to 59.0.3071.104 (bsc#1044690):
|
||
* CVE-2017-5087: Sandbox Escape in IndexedDB
|
||
* CVE-2017-5088: Out of bounds read in V8
|
||
* CVE-2017-5089: Domain spoofing in Omnibox
|
||
* Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 8 14:56:42 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Add patch chromium-buildname.patch bsc#1043420
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 6 07:53:53 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Update to 59.0.3071.86 bsc#1042833:
|
||
* CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
|
||
* CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
|
||
* CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
|
||
* CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
|
||
* CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
|
||
* CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
|
||
* CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
|
||
* CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
|
||
* CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
|
||
* CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
|
||
* CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
|
||
* CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
|
||
* CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
|
||
* CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
|
||
* CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
|
||
* CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
|
||
- Add patch to fix build with system dma:
|
||
* chromium-dma-buf.patch
|
||
- Drop no longer needed patches:
|
||
* chromium-linker-memory.patch
|
||
* chromium-system-jinja-r13.patch
|
||
- Refresh patches:
|
||
* chromium-gcc7.patch
|
||
* chromium-system-ffmpeg-r3.patch
|
||
* fix-gn-bootstrap.diff
|
||
- Use bundled libxml
|
||
* Upstream unfortunately uses git snapshot that is not api/abi compatible
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 5 12:55:22 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Add patch to build with gcc7:
|
||
* chromium-gcc7.patch
|
||
- Add patch for fpermissive build error:
|
||
* chromium-fpermissive.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 10 07:43:46 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 58.0.3029.110:
|
||
* Various small bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 4 12:40:32 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 58.0.3029.96:
|
||
* Fixes bsc#1037594 CVE-2017-5068
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 25 13:24:42 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Use bundled jinja2, system one changed in 2.9 too much to work
|
||
* It is at least used only during build
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 21 09:57:49 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 58.0.3029.81 bsc#1035103:
|
||
* High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
|
||
* High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
|
||
* High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
|
||
* Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
|
||
* Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
|
||
* Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
|
||
* Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
|
||
* Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
|
||
* Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
|
||
* Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu
|
||
* Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
|
||
* Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
|
||
- Refresh patch fix-gn-bootstrap.diff
|
||
- Refresh patch chromium-system-jinja-r13.patch
|
||
- Remove obsolete patch chromium-57-gcc4.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 30 13:07:50 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 57.0.2987.133 bsc#1031677:
|
||
* Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
|
||
* High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
|
||
* High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
|
||
* High CVE-2017-5056: Use after free in Blink. Credit to anonymous
|
||
* High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 24 15:22:38 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Drop the browser(npapi) provide which is not true
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 19 11:04:47 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Add patch to build with gcc4
|
||
* chromium-57-gcc4.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 16 20:45:00 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Do not use gcc5 and newer as the compat was fixed again
|
||
- Update to 57.0.2987.110 with various other small tweaks
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 10 10:55:23 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 57.0.2987.98 bsc#1028848:
|
||
CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034
|
||
CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040
|
||
CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043
|
||
CVE-2017-5044 CVE-2017-5045 CVE-2017-5046
|
||
- Refresh patches
|
||
* fix-gn-bootstrap.diff
|
||
* chromium-linker-memory.patch
|
||
- Remove obsolete patches:
|
||
* chromium-sandbox.patch
|
||
* chromium-54-ffmpeg2compat.patch
|
||
- Remove vaapi patch which broke rendering on non-intel cards:
|
||
* chromium-enable-vaapi-on-suse.patch
|
||
- From this release onwards i586 build is disabled
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 15 12:02:32 UTC 2017 - idonmez@suse.com
|
||
|
||
- Also add harfbuzz-ng to keeplibs for SLE
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 6 20:29:52 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Add condition for system harfbuzz to be disabled on SLE
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 6 12:21:34 UTC 2017 - qvoheagbfovvhubzdxfx@posteo.net
|
||
|
||
- Fixed a typo in the build requirements for system minizip.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 3 12:23:34 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 56.0.2924.87:
|
||
* Various small fixes
|
||
* Disabled option to enable/disable plugins in the chrome://plugins
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 2 20:01:27 UTC 2017 - qvoheagbfovvhubzdxfx@posteo.net
|
||
|
||
- Added the package 'chromium-privacy' with multiple patches
|
||
sourced from the release version on https://github.com/
|
||
u4qo60z73t1c4hurv3ny/privacy_patches-oS_cr, which, when enabled
|
||
with the build option 'privacy', builds a version of Chromium
|
||
with less privacy implications due to Google services
|
||
integration.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 1 09:48:35 UTC 2017 - qvoheagbfovvhubzdxfx@posteo.net
|
||
|
||
- Changed the build requirement of libavformat to library version
|
||
57.41.100, as included in ffmpeg 3.1.1, as only this version
|
||
properly supports the public AVStream API 'codecpar'.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 31 14:08:26 UTC 2017 - tchvatal@suse.com
|
||
|
||
- Version update to 56.0.2924.76 bsc#1022049:
|
||
- CVE-2017-5007: Universal XSS in Blink
|
||
- CVE-2017-5006: Universal XSS in Blink
|
||
- CVE-2017-5008: Universal XSS in Blink
|
||
- CVE-2017-5010: Universal XSS in Blink
|
||
- CVE-2017-5011: Unauthorised file access in Devtools
|
||
- CVE-2017-5009: Out of bounds memory access in WebRTC
|
||
- CVE-2017-5012: Heap overflow in V8
|
||
- CVE-2017-5013: Address spoofing in Omnibox
|
||
- CVE-2017-5014: Heap overflow in Skia
|
||
- CVE-2017-5015: Address spoofing in Omnibox
|
||
- CVE-2017-5019: Use after free in Renderer
|
||
- CVE-2017-5016: UI spoofing in Blink
|
||
- CVE-2017-5017: Uninitialised memory access in webm video
|
||
- CVE-2017-5018: Universal XSS in chrome://apps
|
||
- CVE-2017-5020: Universal XSS in chrome://downloads
|
||
- CVE-2017-5021: Use after free in Extensions
|
||
- CVE-2017-5022: Bypass of Content Security Policy in Blink
|
||
- CVE-2017-5023: Type confusion in metrics
|
||
- CVE-2017-5024: Heap overflow in FFmpeg
|
||
- CVE-2017-5025: Heap overflow in FFmpeg
|
||
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
|
||
- Add conditional to switch between system and bundled icu
|
||
- Raise dependency on harfbuzz to 1.3.1
|
||
- Also refresh patches:
|
||
chromium-prop-codecs.patch chromium-linker-memory.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 28 11:31:18 UTC 2017 - qvoheagbfovvhubzdxfx@posteo.net
|
||
|
||
- Added patch chromium-enable-vaapi-on-suse.patch to enable
|
||
VAAPI hardware accelerated video decoding.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 21 20:19:42 UTC 2016 - astieger@suse.com
|
||
|
||
- Chromium 55.0.2883.87:
|
||
* various fixes for crashes and specific wesites
|
||
* update Google pinned certificates
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 21 10:02:52 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Disable system icu on Factory, crashes autofill
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Dec 13 14:38:08 UTC 2016 - idonmez@suse.com
|
||
|
||
- python-html5lib now depends on six, so preserve that too for SLE
|
||
builds.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Dec 9 12:07:10 UTC 2016 - astieger@suse.com
|
||
|
||
- Obsolete ffmpeg and ffmpegsumo package in addition to conflict
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 5 17:08:45 UTC 2016 - astieger@suse.com
|
||
|
||
- record minimum version for harfbuzz, incuding runtime
|
||
Chromium will crash with harfbuzz < 1.3.0
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 3 09:59:21 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Chromium 55.0.2883.75 bnc#1013236:
|
||
CVE-2016-9651 CVE-2016-5208 CVE-2016-5207 CVE-2016-5206 CVE-2016-5205
|
||
CVE-2016-5204 CVE-2016-5209 CVE-2016-5203 CVE-2016-5210 CVE-2016-5212
|
||
CVE-2016-5211 CVE-2016-5213 CVE-2016-5214 CVE-2016-5216 CVE-2016-5215
|
||
CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5221 CVE-2016-5220
|
||
CVE-2016-5222 CVE-2016-9650 CVE-2016-5223 CVE-2016-5226 CVE-2016-5225
|
||
CVE-2016-5224 CVE-2016-9652
|
||
- Switch to system libraries: harfbuzz, zlib, ffmpeg, ...
|
||
- Refreshed patches:
|
||
* chromium-system-ffmpeg-r3.patch
|
||
* chromium-system-jinja-r13.patch
|
||
- Use system ffmpeg unless on 13.2 that didn't include it
|
||
* chromium-54-ffmpeg2compat.patch
|
||
* Remove upstreamed chromium-more-codec-aliases.patch
|
||
- Remove bookmarks override as discussed with artwork simply just set
|
||
homepage to our openSUSE one and that is all
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 12 08:20:05 UTC 2016 - astieger@suse.com
|
||
|
||
- Chromium 54.0.2840.100:
|
||
* CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)
|
||
* CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)
|
||
* CVE-2016-5201: info leak in extensions (boo#1009894)
|
||
* CVE-2016-5202: various fixes from internal audits (boo#1009895)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Nov 7 20:02:46 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Add patch chromium-prop-codecs.patch and set properly the codecs
|
||
variable in main scope to allow ffmpeg passthrough
|
||
bnc#1008725
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 2 07:32:27 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Update to 54.0.2840.90:
|
||
* Few fixes and tweaks
|
||
* Fixes CVE-2016-5198 bsc#1008274
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 21 10:27:16 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Update to 54.0.2840.71:
|
||
* Few fixes around
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Oct 13 10:19:03 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Version update to 54.0.2840.59 bnc#1004465:
|
||
- CVE-2016-5181: Universal XSS in Blink (Anonymous)
|
||
- CVE-2016-5182: Heap overflow in Blink (Giwan Go of STEALIEN)
|
||
- CVE-2016-5183: Use after free in PDFium (Anonymous)
|
||
- CVE-2016-5184: Use after free in PDFium (Anonymous)
|
||
- CVE-2016-5185: Use after free in Blink (cloudfuzzer)
|
||
- CVE-2016-5187: URL spoofing (Luan Herrera)
|
||
- CVE-2016-5188: UI spoofing (Luan Herrera)
|
||
- CVE-2016-5192: Cross-origin bypass in Blink (haojunhou at gmail)
|
||
- CVE-2016-5189: URL spoofing (xisigr of Tencent's Xuanwu Lab)
|
||
- CVE-2016-5186: Out of bounds read in DevTools (Abdulrahman Alqabandi)
|
||
- CVE-2016-5191: Universal XSS in Bookmarks (Gareth Hughes)
|
||
- CVE-2016-5190: Use after free in Internals (Atte Kettunen of OUSPG)
|
||
- CVE-2016-5193: Scheme bypass (Yuyang ZHOUmartinzhou96)
|
||
- packaging changes:
|
||
* disable build for chromium-beta on %arm.
|
||
* Make linker use less memory by tweaking its options:
|
||
chromium-linker-memory.patch
|
||
* obsolete desktop subpackages
|
||
* Switch to gold to reduce memory use use during build
|
||
* fix build on 4.5+ kernels with systemlibs:
|
||
chromium-sandbox.patch
|
||
* various compiler and linker flag adjustments
|
||
* enable gtk3 ui, add patch gtk3-missing-define.patch
|
||
* switch from some bundled libraries to the system versions
|
||
chromium-system-ffmpeg-r3.patch
|
||
chromium-system-jinja-r13.patch
|
||
fix-gn-bootstrap.diff
|
||
* remove service file covered by download_files
|
||
- run time bug fixes:
|
||
* Add --ui-disable-partial-swap to the launcher bnc#1000019
|
||
* Use default chromium values from master_preferences on first run
|
||
rather than pseudo-duplicating in shellscript
|
||
- added features:
|
||
* hangouts extension
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 30 08:00:45 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Version update to 53.0.2785.143 bnc#1002140:
|
||
* CVE-2016-5177: Use after free in V8
|
||
* CVE-2016-5178: Various fixes from internal audits
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 26 12:22:41 UTC 2016 - dimstar@opensuse.org
|
||
|
||
- Export GDK_BACKEND=x11 before starting chromium, ensuring that
|
||
it's started as an Xwayland client (boo#1001135).
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 17 11:36:18 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Apply sandbox patch to fix crashers on tumbleweed bnc#999091
|
||
* chromium-sandbox.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 15 13:09:21 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Version update stable channel 53.0.2785.116
|
||
* Just smal bugfixes around
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 14 07:35:09 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Version update to 53.0.2785.113 bnc#998743:
|
||
* CVE-2016-5170 Use after free in Blink
|
||
* CVE-2016-5171 Use after free in Blink
|
||
* CVE-2016-5172 Arbitrary Memory Read in v8
|
||
* CVE-2016-5173 Extension resource access
|
||
* CVE-2016-5174 Popup not correctly suppressed
|
||
* CVE-2016-5175 Various fixes from internal audits
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 12 08:31:59 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Reenable widevine build again bnc#998328
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 10 09:13:37 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Stable channel update to 53.0.2785.101
|
||
* SPDY crasher fixes
|
||
* Disable NV12 DXGI video on AMD
|
||
* Forward --password-store switch to os_crypt
|
||
* Tell the kernel to discard USB requests when they time out.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 7 14:50:44 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 53.0.2785.92:
|
||
* Revert of support relocatable RPM packages
|
||
* disallow WKBackForwardListItem navigations for pushState pages
|
||
* arc: bluetooth: Fix advertised uuid
|
||
* fix conflicting PendingIntent for stop button and swipe away
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 1 04:04:13 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 53.0.2785.89
|
||
- Improvements to the GN build system (boo#996032, boo#99606, boo#995932)
|
||
- Security fixes (boo#996648)
|
||
* CVE-2016-5147: Universal XSS in Blink.
|
||
* CVE-2016-5148: Universal XSS in Blink.
|
||
* CVE-2016-5149: Script injection in extensions.
|
||
* CVE-2016-5150: Use after free in Blink.
|
||
* CVE-2016-5151: Use after free in PDFium.
|
||
* CVE-2016-5152: Heap overflow in PDFium.
|
||
* CVE-2016-5153: Use after destruction in Blink.
|
||
* CVE-2016-5154: Heap overflow in PDFium.
|
||
* CVE-2016-5155: Address bar spoofing.
|
||
* CVE-2016-5156: Use after free in event bindings.
|
||
* CVE-2016-5157: Heap overflow in PDFium.
|
||
* CVE-2016-5158: Heap overflow in PDFium.
|
||
* CVE-2016-5159: Heap overflow in PDFium.
|
||
* CVE-2016-5161: Type confusion in Blink.
|
||
* CVE-2016-5162: Extensions web accessible resources bypass.
|
||
* CVE-2016-5163: Address bar spoofing.
|
||
* CVE-2016-5164: Universal XSS using DevTools.
|
||
* CVE-2016-5165: Script injection in DevTools.
|
||
* CVE-2016-5166: SMB Relay Attack via Save Page As.
|
||
* CVE-2016-5160: Extensions web accessible resources bypass.
|
||
- Drop patches chromium-snapshot-toolchain-r1.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Aug 27 18:46:44 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Make it build on ARM.
|
||
* Add build patch arm_use_right_compiler.patch
|
||
|
||
- Drop unnecessary patches:
|
||
* chromium-arm-r0.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 22 10:13:19 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Change buildsystem to GN, which is the new upstream default
|
||
* Make Ninja only use 4 buildprocesses for building Chromium itself
|
||
|
||
* Drop unnecessary patches
|
||
- chromium-gcc-fixes.patch
|
||
- adjust-ldflags-no-keep-memory.patch
|
||
- gcc50-fixes.diff
|
||
|
||
* Add patches to ensure correct build
|
||
- chromium-last-commit-position-r0.patch
|
||
- chromium-snapshot-toolchain-r1.patch
|
||
|
||
* Drop unnecessary sourcefiles
|
||
- courgette.tar.xz
|
||
- depot_tools.tar.xz
|
||
- gn-binaries.tar.xz
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 12 08:20:57 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Use an explicit number of ninja build processes (-j 4), to
|
||
further reduce the memory used.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 5 08:53:57 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 52.0.2743.116:
|
||
* Security fixes (boo#992305):
|
||
+ CVE-2016-5141: Address bar spoofing (boo#992314)
|
||
+ CVE-2016-5142: Use-after-free in Blink (boo#992313)
|
||
+ CVE-2016-5139: Heap overflow in pdfium (boo#992311)
|
||
+ CVE-2016-5140: Heap overflow in pdfium (boo#992310)
|
||
+ CVE-2016-5145: Same origin bypass for images in Blink
|
||
(boo#992320)
|
||
+ CVE-2016-5143: Parameter sanitization failure in DevTools
|
||
(boo#992319)
|
||
+ CVE-2016-5144: Parameter sanitization failure in DevTools
|
||
(boo#992315)
|
||
+ CVE-2016-5146: Various fixes from internal audits, fuzzing
|
||
and other initiatives (boo#992309)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 21 18:55:21 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Temporarily disable fix_network_api_crash.patch. Upstream has
|
||
changed part of their code, so hopefully that resolved the issue
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 21 07:38:12 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 52.0.2743.82
|
||
* Security fixes (boo#989901):
|
||
+ CVE-2016-1706: Sandbox escape in PPAPI
|
||
+ CVE-2016-1707: URL spoofing on iOS
|
||
+ CVE-2016-1708: Use-after-free in Extensions
|
||
+ CVE-2016-1709: Heap-buffer-overflow in sfntly
|
||
+ CVE-2016-1710: Same-origin bypass in Blink
|
||
+ CVE-2016-1711: Same-origin bypass in Blink
|
||
+ CVE-2016-5127: Use-after-free in Blink
|
||
+ CVE-2016-5128: Same-origin bypass in V8
|
||
+ CVE-2016-5129: Memory corruption in V8
|
||
+ CVE-2016-5130: URL spoofing
|
||
+ CVE-2016-5131: Use-after-free in libxml
|
||
+ CVE-2016-5132: Limited same-origin bypass in Service Workers
|
||
+ CVE-2016-5133: Origin confusion in proxy authentication
|
||
+ CVE-2016-5134: URL leakage via PAC script
|
||
+ CVE-2016-5135: Content-Security-Policy bypass
|
||
+ CVE-2016-5136: Use after free in extensions
|
||
+ CVE-2016-5137: History sniffing with HSTS and CSP
|
||
+ CVE-2016-1705: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 11 00:46 UTC 2016 - Nick_Levinson@yahoo.com
|
||
|
||
- Clarification/correction to chromium-desktop-gnome and
|
||
chromium-desktop-kde software descriptions due to passwords
|
||
preservation reported by Chromium developer
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 24 06:39:52 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 51.0.2704.106
|
||
* No changelog indicated
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 23 08:10:56 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Add gcc60-fixes.diff to resolve the crashes observed with
|
||
chromium when compiled with GCC6
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 17 11:11:46 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 51.0.2704.103
|
||
* Security fixes:
|
||
- CVE-2016-1704: Various fixes from internal audits, fuzzing and
|
||
other initiatives (boo#985397)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 7 12:15:02 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 51.0.2704.84
|
||
* No further changelog
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 2 11:08:47 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 51.0.2704.79 [boo#982719]
|
||
* Security fixes:
|
||
- CVE-2016-1696: Cross-origin bypass in Extension bindings
|
||
- CVE-2016-1697: Cross-origin bypass in Blink
|
||
- CVE-2016-1698: Information leak in Extension bindings
|
||
- CVE-2016-1699: Parameter sanitization failure in DevTools
|
||
- CVE-2016-1700: Use-after-free in Extensions
|
||
- CVE-2016-1701: Use-after-free in Autofill
|
||
- CVE-2016-1702: Out-of-bounds read in Skia
|
||
- CVE-2016-1703: Various fixes from internal audits, fuzzing
|
||
and other initiatives.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 26 04:09:46 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 51.0.2704.63 [boo#981886]
|
||
* Security fixes:
|
||
- CVE-2016-1672: Cross-origin bypass in extension bindings
|
||
- CVE-2016-1673: Cross-origin bypass in Blink
|
||
- CVE-2016-1674: Cross-origin bypass in extensions
|
||
- CVE-2016-1675: Cross-origin bypass in Blink
|
||
- CVE-2016-1676: Cross-origin bypass in extension bindings
|
||
- CVE-2016-1677: Type confusion in V8
|
||
- CVE-2016-1678: Heap overflow in V8
|
||
- CVE-2016-1679: Heap use-after-free in V8 bindings
|
||
- CVE-2016-1680: Heap use-after-free in Skia
|
||
- CVE-2016-1681: Heap overflow in PDFium
|
||
- CVE-2016-1682: CSP bypass for ServiceWorker
|
||
- CVE-2016-1683: Out-of-bounds access in libxslt
|
||
- CVE-2016-1684: Integer overflow in libxslt
|
||
- CVE-2016-1685: Out-of-bounds read in PDFium
|
||
- CVE-2016-1686: Out-of-bounds read in PDFium
|
||
- CVE-2016-1687: Information leak in extensions
|
||
- CVE-2016-1688: Out-of-bounds read in V8
|
||
- CVE-2016-1689: Heap buffer overflow in media
|
||
- CVE-2016-1690: Heap use-after-free in Autofill
|
||
- CVE-2016-1691: Heap buffer-overflow in Skia
|
||
- CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
|
||
- CVE-2016-1693: HTTP Download of Software Removal Tool
|
||
- CVE-2016-1694: HPKP pins removed on cache clearance
|
||
- CVE-2016-1695: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- drop chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
|
||
now upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 13 10:54:25 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 50.0.2661.102 (boo#979859)
|
||
* Security fixes:
|
||
- CVE-2016-1667: Same origin bypass in DOM
|
||
- CVE-2016-1668: Same origin bypass in Blink V8 bindings
|
||
- CVE-2016-1669: Buffer overflow in V8
|
||
- CVE-2016-1670: Race condition in loader
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 29 13:45:18 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 50.0.2661.94 (boo#977830)
|
||
* Security fixes:
|
||
- CVE-2016-1660: Out-of-bounds write in Blink
|
||
- CVE-2016-1661: Memory corruption in cross-process frames
|
||
- CVE-2016-1662: Use-after-free in extensions
|
||
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings
|
||
- CVE-2016-1664: Address bar spoofing
|
||
- CVE-2016-1665: Information leak in V8
|
||
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 22 14:06:30 UTC 2016 - jslaby@suse.com
|
||
|
||
- _constraints: increase memory. It takes 1.2G to build some .o, and
|
||
with -j4 this results in OOM.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 14 07:39:40 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 50.0.2661.75 (boo#975572)
|
||
* Security Fixes:
|
||
- CVE-2016-1652: Universal XSS in extension bindings
|
||
- CVE-2016-1653: Out-of-bounds write in V8
|
||
- CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
|
||
- CVE-2016-1654: Uninitialized memory read in media
|
||
- CVE-2016-1655: Use-after-free related to extensions
|
||
- CVE-2016-1656: Android downloaded file path restriction bypass
|
||
- CVE-2016-1657: Address bar spoofing
|
||
- CVE-2016-1658: Potential leak of sensitive information to
|
||
malicious extensions
|
||
- CVE-2016-1659: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- add patch to fix GCC builds with component=shared_library:
|
||
chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 8 07:55:33 UTC 2016 - astieger@suse.com
|
||
|
||
- Update to Chromium 49.0.2623.112
|
||
* Block user removal when login attempt is in progress
|
||
* Add the SuppressUnsupportedOSWarning policy setting
|
||
* Fix how Save-Page-As responds to web requests blocked by extensions
|
||
* Fix preferred width calculation for 8bit ltr runs in rtl blocks
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 30 07:42:53 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 49.0.2623.110
|
||
* No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 28 17:44:43 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 49.0.2623.108
|
||
* Security fixes (boo#972834):
|
||
- CVE-2016-1646: Out-of-bounds read in V8
|
||
- CVE-2016-1647: Use-after-free in Navigation
|
||
- CVE-2016-1648: Use-after-free in Extensions
|
||
- CVE-2016-1649: Buffer overflow in libANGLE
|
||
- CVE-2016-1650: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
|
||
tip of the 4.9 branch (currently 4.9.385.33).
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 9 08:09:13 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 49.0.2623.87
|
||
* Security fixes:
|
||
- CVE-2016-1643: Type confusion in Blink (boo#970514)
|
||
- CVE-2016-1644: Use-after-free in Blink (boo#970509)
|
||
- CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 8 09:14:00 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Change the build method used on Packman.
|
||
* Drop patch no-clang-on-packman.diff . This is no longer required
|
||
as that ninja is respecting the build flags correctly.
|
||
|
||
- Drop unused patch skia.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 4 10:49:51 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 49.0.2623.75
|
||
* 26 security fixes, with the most important ones being:
|
||
- CVE-2016-1630: Same-origin bypass in Blink
|
||
- CVE-2016-1631: Same-origin bypass in Pepper Plugin
|
||
- CVE-2016-1632: Bad cast in Extensions
|
||
- CVE-2016-1633: Use-after-free in Blink
|
||
- CVE-2016-1634: Use-after-free in Blink
|
||
- CVE-2016-1635: Use-after-free in Blink
|
||
- CVE-2016-1636: SRI Validation Bypass
|
||
- CVE-2015-8126: Out-of-bounds access in libpng
|
||
- CVE-2016-1637: Information Leak in Skia
|
||
- CVE-2016-1638: WebAPI Bypass
|
||
- CVE-2016-1639: Use-after-free in WebRTC
|
||
- CVE-2016-1640: Origin confusion in Extensions UI
|
||
- CVE-2016-1641: Use-after-free in Favicon
|
||
- CVE-2016-1642: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9
|
||
branch (currently 4.9.385.26)
|
||
(boo#969333)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 19 08:33:46 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 48.0.2564.116
|
||
* Fixes a critical security flaw:
|
||
- CVE-2016-1629: Same-origin bypass in Blink and Sandbox
|
||
escape in Chrome. (boo#967376)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 15 09:19:16 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 48.0.2564.109
|
||
* Security fixes (boo#965999)
|
||
- CVE-2016-1622: Same-origin bypass in Extensions
|
||
- CVE-2016-1623: Same-origin bypass in DOM
|
||
- CVE-2016-1624: Buffer overflow in Brotli
|
||
- CVE-2016-1625: Navigation bypass in Chrome Instant
|
||
- CVE-2016-1626: Out-of-bounds read in PDFium
|
||
- CVE-2016-1627: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 13 11:44:02 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Drop the libva support completely. It seems that this is causing
|
||
more issues than it actually resolves. (boo#965566)
|
||
* Drop chromium-enable-vaapi.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Feb 11 09:12:47 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Don't build with libva support for openSUSE 13.2 and lower
|
||
(boo#966082)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 9 12:12:47 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Drop completely the option to build with system libraries. This
|
||
could lead to issues (boo#965738)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 5 13:12:47 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 48.0.2564.103
|
||
* No chnagelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 31 12:24:47 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Build against the in-source libjpeg to prevent graphical issues
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 31 11:12:18 UTC 2016 - tchvatal@suse.com
|
||
|
||
- Use spec-cleaner
|
||
- Remove buildenv check that is moot for the update-alternatives script
|
||
- Build against the latest libjpeg rather than jpeg6
|
||
- Use update-alternatives as is required by the specification
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 28 09:59:57 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 48.0.2564.97
|
||
* No changelog available
|
||
|
||
- Update the desktop-kde package so that on Leap and TW, the kwallet5
|
||
becomes the default. desktop-kde/gnome packages are no longer
|
||
recommended as that the default is to automatically detect the
|
||
password store. Only for those users that want to change this,
|
||
they can select a different setup.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 22 19:08:56 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 48.0.2564.82
|
||
* Security fixes:
|
||
- CVE-2016-1612: Bad cast in V8 (boo#963184)
|
||
- CVE-2016-1613: Use-after-free in PDFium (boo#963185)
|
||
- CVE-2016-1614: Information leak in Blink (boo#963186)
|
||
- CVE-2016-1615: Origin confusion in Omnibox (boo#963187)
|
||
- CVE-2016-1616: URL Spoofing (boo#963188)
|
||
- CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)
|
||
- CVE-2016-1618: Weak random number generator in Blink (boo#963190)
|
||
- CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)
|
||
- CVE-2016-1620 chromium-browser: various fixes (boo#963192)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 14 15:22:38 UTC 2016 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 47.0.2526.111.
|
||
* No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 28 18:14:40 UTC 2015 - stefan.bruens@rwth-aachen.de
|
||
|
||
- Enable SSE2 on x86_64
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 27 21:44:50 UTC 2015 - stefan.bruens@rwth-aachen.de
|
||
|
||
- Fix crash when trying to enable chromecast extension
|
||
* Add patch: fix_network_api_crash.patch
|
||
Fix https://code.google.com/p/chromium/issues/detail?id=572539
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Dec 20 12:44:49 UTC 2015 - astieger@suse.com
|
||
|
||
- Update to Chromium 47.0.2525.106, fixing the following security
|
||
issue:
|
||
* CVE-2015-6792: Fixes from internal audits and fuzzing. [boo#959458]
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 14 04:31:08 UTC 2015 - jimmy@boombatower.com
|
||
|
||
- Enable VA-API hardware acceleration in Linux.
|
||
* chromium-enable-vaapi.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 10 07:11:29 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 47.0.2526.80 [boo#958481]
|
||
* Security fixes
|
||
- CVE-2015-6788: Type confusion in extensions
|
||
- CVE-2015-6789: Use-after-free in Blink
|
||
- CVE-2015-6790: Escaping issue in saved pages
|
||
- CVE-2015-6791: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
|
||
- Drop unused patch fix-clang.diff.
|
||
-------------------------------------------------------------------
|
||
Sat Dec 5 10:40:00 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Enable the possibility to utilize the Widevine plugin
|
||
within chromium. (boo#954103)
|
||
* Add patch: fix_building_widevinecdm_with_chromium.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 2 18:49:23 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 47.0.2526.73
|
||
* Security fixes (boo#957519)
|
||
- CVE-2015-6765: Use-after-free in AppCache
|
||
- CVE-2015-6766: Use-after-free in AppCache
|
||
- CVE-2015-6767: Use-after-free in AppCache
|
||
- CVE-2015-6768: Cross-origin bypass in DOM
|
||
- CVE-2015-6769: Cross-origin bypass in core
|
||
- CVE-2015-6770: Cross-origin bypass in DOM
|
||
- CVE-2015-6771: Out of bounds access in v8
|
||
- CVE-2015-6772: Cross-origin bypass in DOM
|
||
- CVE-2015-6764: Out of bounds access in v8
|
||
- CVE-2015-6773: Out of bounds access in Skia
|
||
- CVE-2015-6774: Use-after-free in Extensions
|
||
- CVE-2015-6775: Type confusion in PDFium
|
||
- CVE-2015-6776: Out of bounds access in PDFium
|
||
- CVE-2015-6777: Use-after-free in DOM
|
||
- CVE-2015-6778: Out of bounds access in PDFium
|
||
- CVE-2015-6779: Scheme bypass in PDFium
|
||
- CVE-2015-6780: Use-after-free in Infobars
|
||
- CVE-2015-6781: Integer overflow in Sfntly
|
||
- CVE-2015-6782: Content spoofing in Omnibox
|
||
- CVE-2015-6783: Signature validation issue in
|
||
Android Crazy Linker.
|
||
- CVE-2015-6784: Escaping issue in saved pages
|
||
- CVE-2015-6785: Wildcard matching issue in CSP
|
||
- CVE-2015-6786: Scheme bypass in CSP
|
||
- CVE-2015-6787: Various fixes from internal audits, fuzzing
|
||
and other initiatives.
|
||
- Multiple vulnerabilities in V8 fixed at the tip of the
|
||
4.7 branch (currently 4.7.80.23)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 11 08:55:19 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 46.0.2490.86
|
||
* Security fixes (boo#954579):
|
||
- CVE-2015-1302: Information leak in PDF viewer
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 23 17:22:51 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 46.0.2490.80
|
||
* No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 19 13:00:57 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Change the default homepage based on the new landingpage
|
||
for the openSUSE Project. (boo#950957)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 14 18:31:57 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 46.0.2490.71
|
||
* Security fixes (boo#950290)
|
||
- CVE-2015-6755: Cross-origin bypass in Blink
|
||
- CVE-2015-6756: Use-after-free in PDFium
|
||
- CVE-2015-6757: Use-after-free in ServiceWorker
|
||
- CVE-2015-6758: Bad-cast in PDFium
|
||
- CVE-2015-6759: Information leakage in LocalStorage
|
||
- CVE-2015-6760: Improper error handling in libANGLE
|
||
- CVE-2015-6761: Memory corruption in FFMpeg
|
||
- CVE-2015-6762: CORS bypass via CSS fonts
|
||
- CVE-2015-6763: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- Multiple vulnerabilities in V8 fixed at the tip of the
|
||
4.6 branch (currently 4.6.85.23) CVE-2015-7834
|
||
- drop upstreamed correct-blacklist.diff
|
||
- add chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
|
||
to fix build
|
||
- remove remoting_locales from spec
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Oct 3 06:20:10 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 45.0.2454.101
|
||
* Security fixes:
|
||
- CVE-2015-1303: Cross-origin bypass in DOM [boo#947504]
|
||
- CVE-2015-1304: Cross-origin bypass in V8 [boo#947507]
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 22 10:51:48 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 45.0.2454.99
|
||
- No changelog available
|
||
|
||
- Add upstream patch correct-blacklist.diff
|
||
* This should restore the correct behavior of the option
|
||
--ignore-gpu-blacklist.
|
||
https://code.google.com/p/chromium/issues/detail?id=509336
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 16 20:06:33 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 45.0.2454.93
|
||
- No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 11 06:15:41 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 45.0.2454.85
|
||
Security fixes:
|
||
* CVE-2015-1291: Cross-origin bypass in DOM
|
||
* CVE-2015-1292: Cross-origin bypass in ServiceWorker
|
||
* CVE-2015-1293: Cross-origin bypass in DOM
|
||
* CVE-2015-1294: Use-after-free in Skia
|
||
* CVE-2015-1295: Use-after-free in Printing
|
||
* CVE-2015-1296: Character spoofing in omnibox
|
||
* CVE-2015-1297: Permission scoping error in WebRequest
|
||
* CVE-2015-1298: URL validation error in extensions
|
||
* CVE-2015-1299: Use-after-free in Blink
|
||
* CVE-2015-1300: Information leak in Blink
|
||
* CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 5 10:25:10 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 44.0.2403.130
|
||
* No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 29 08:57:03 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 44.0.2403.125
|
||
* No changelog available
|
||
|
||
- The chromium-ffmpeg package (on Packman) now requires the same
|
||
version for the main chromium package. This should prevent the
|
||
issues arised from the libffmpeg switch that Google did recently
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 25 12:35:29 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 44.0.2403.107
|
||
* No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 21 18:56:57 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 44.0.2403.89
|
||
* A number of new apps/extension APIs
|
||
* Lots of under the hood changes for stability and performance
|
||
* Security fixes:
|
||
- CVE-2015-1271: Heap-buffer-overflow in pdfium
|
||
- CVE-2015-1273: Heap-buffer-overflow in pdfium
|
||
- CVE-2015-1274: Settings allowed executable files to run
|
||
immediately after download
|
||
- CVE-2015-1275: UXSS in Chrome for Android
|
||
- CVE-2015-1276: Use-after-free in IndexedDB
|
||
- CVE-2015-1279: Heap-buffer-overflow in pdfium
|
||
- CVE-2015-1280: Memory corruption in skia
|
||
- CVE-2015-1281: CSP bypass
|
||
- CVE-2015-1282: Use-after-free in pdfium
|
||
- CVE-2015-1283: Heap-buffer-overflow in expat
|
||
- CVE-2015-1284: Use-after-free in blink
|
||
- CVE-2015-1286: UXSS in blink
|
||
- CVE-2015-1287: SOP bypass with CSS
|
||
- CVE-2015-1270: Uninitialized memory read in ICU
|
||
- CVE-2015-1272: Use-after-free related to unexpected GPU
|
||
process termination
|
||
- CVE-2015-1277: Use-after-free in accessibility
|
||
- CVE-2015-1278: URL spoofing using pdf files
|
||
- CVE-2015-1285: Information leak in XSS auditor
|
||
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP
|
||
- CVE-2015-1289: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 15 12:01:42 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 43.0.2357.134
|
||
Update of the Pepper Flash plugin to 18.0.0.209
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 8 03:38:30 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 43.0.2357.132
|
||
No changelog available
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 23 12:29:39 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 43.0.2357.130
|
||
- Security fixes (boo#935723)
|
||
* CVE-2015-1266: Scheme validation error in WebUI
|
||
* CVE-2015-1268: Cross-origin bypass in Blink
|
||
* CVE-2015-1267: Cross-origin bypass in Blink
|
||
* CVE-2015-1269: Normalization error in HSTS/HPKP preload list
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 17 18:08:51 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Add the buildflag enable_hotwording=0 to prevent that Chromium
|
||
downloads a binary blob for speechrecognition (boo#935022)
|
||
|
||
- Add patch gcc50-fixes.diff to enable building against GCC 5. The
|
||
patch fixes the python regular expression and ensures to return
|
||
a two digit value for the GCC version
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 12 13:51:28 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 43.0.2357.125
|
||
* Bug-fixes:
|
||
- esolved browser font magnification/scaling issue.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 27 10:49:49 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 43.0.2357.81
|
||
* Bug-fixes:
|
||
- Fixed an issue where sometimes a blank page would print
|
||
- Icons not displaying properly on Linux
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 20 11:02:32 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 43.0.2357.65
|
||
* Security fixes:
|
||
- CVE-2015-1252: Sandbox escape in Chrome
|
||
- CVE-2015-1253: Cross-origin bypass in DOM
|
||
- CVE-2015-1254: Cross-origin bypass in Editing
|
||
- CVE-2015-1255: Use-after-free in WebAudio
|
||
- CVE-2015-1256: Use-after-free in SVG
|
||
- CVE-2015-1251: Use-after-free in Speech
|
||
- CVE-2015-1257: Container-overflow in SVG
|
||
- CVE-2015-1258: Negative-size parameter in Libvpx
|
||
- CVE-2015-1259: Uninitialized value in PDFium
|
||
- CVE-2015-1260: Use-after-free in WebRTC
|
||
- CVE-2015-1261: URL bar spoofing
|
||
- CVE-2015-1262: Uninitialized value in Blink
|
||
- CVE-2015-1263: Insecure download of spellcheck dictionary
|
||
- CVE-2015-1264: Cross-site scripting in bookmarks
|
||
- CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives
|
||
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21)
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 29 08:54:17 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 42.0.2311.135
|
||
* Security fixes:
|
||
- CVE-2015-1243: Use-after-free in DOM
|
||
- CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives
|
||
and 3 more security fixes.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 27 13:26:00 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Fix for missing Chromium icon in the taskbar.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 15 14:11:48 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 42.0.2311.90
|
||
* A number of new apps, extension and Web Platform APIs (including the Push API!)
|
||
* Lots of under the hood changes for stability and performance
|
||
* Security fixes, including:
|
||
- CVE-2015-1235: Cross-origin-bypass in HTML parser
|
||
- CVE-2015-1236: Cross-origin-bypass in Blink
|
||
- CVE-2015-1237: Use-after-free in IPC
|
||
- CVE-2015-1238: Out-of-bounds write in Skia
|
||
- CVE-2015-1240: Out-of-bounds read in WebGL
|
||
- CVE-2015-1241: Tap-Jacking
|
||
- CVE-2015-1242: Type confusion in V8
|
||
- CVE-2015-1244: HSTS bypass in WebSockets
|
||
- CVE-2015-1245: Use-after-free in PDFium
|
||
- CVE-2015-1246: Out-of-bounds read in Blink
|
||
- CVE-2015-1247: Scheme issues in OpenSearch
|
||
- CVE-2015-1248: SafeBrowsing bypass
|
||
- CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives
|
||
- Multiple vulnerabilities in V8 fixed
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 2 13:01:00 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 41.0.2272.118
|
||
Security fixes:
|
||
* CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that
|
||
can lead to remote code execution outside of
|
||
the sandbox
|
||
* CVE-2015-1234: Buffer overflow via race condition in GPU
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 21 07:33:54 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 41.0.2272.101
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 12 12:55:23 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 41.0.2272.89
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 4 09:57:26 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 41.0.2272.76
|
||
Security fixes:
|
||
* CVE-2015-1212: Out-of-bounds write in media
|
||
* CVE-2015-1213: Out-of-bounds write in skia filters
|
||
* CVE-2015-1214: Out-of-bounds write in skia filters
|
||
* CVE-2015-1215: Out-of-bounds write in skia filters
|
||
* CVE-2015-1216: Use-after-free in v8 bindings
|
||
* CVE-2015-1217: Type confusion in v8 bindings
|
||
* CVE-2015-1218: Use-after-free in dom
|
||
* CVE-2015-1219: Integer overflow in webgl
|
||
* CVE-2015-1220: Use-after-free in gif decoder
|
||
* CVE-2015-1221: Use-after-free in web databases
|
||
* CVE-2015-1222: Use-after-free in service workers
|
||
* CVE-2015-1223: Use-after-free in dom
|
||
* CVE-2015-1230: Type confusion in v8
|
||
* CVE-2015-1224: Out-of-bounds read in vpxdecoder
|
||
* CVE-2015-1225: Out-of-bounds read in pdfium
|
||
* CVE-2015-1226: Validation issue in debugger
|
||
* CVE-2015-1227: Uninitialized value in blink
|
||
* CVE-2015-1228: Uninitialized value in rendering
|
||
* CVE-2015-1229: Cookie injection via proxies
|
||
* CVE-2015-1231: Various fixes from internal audits
|
||
* Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 27 16:13:03 UTC 2015 - meissner@suse.com
|
||
|
||
- regular diskusage is more like 20GB+
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 23 16:06:08 UTC 2015 - meissner@suse.com
|
||
|
||
- uses around 5.8GB for building, assign like 6GB in _constraints
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 20 17:47:30 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 40.0.2214.115
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 18 12:47:30 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Utilize the _service file to download the chromium tarball
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 8 21:13:30 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 40.0.2214.111
|
||
* Security Fixes:
|
||
- CVE-2015-1209: Use-after-free in DOM
|
||
- CVE-2015-1210: Cross-origin-bypass in V8 bindings
|
||
- CVE-2015-1211: Privilege escalation using service workers
|
||
- CVE-2015-1212: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 31 16:35:39 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 40.0.2214.94
|
||
- Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 28 07:53:55 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 40.0.2214.93
|
||
- Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 23 16:26:27 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 40.0.2214.91
|
||
* Security Fixes:
|
||
- CVE-2014-7923: Memory corruption in ICU
|
||
- CVE-2014-7924: Use-after-free in IndexedDB
|
||
- CVE-2014-7925: Use-after-free in WebAudio
|
||
- CVE-2014-7926: Memory corruption in ICU
|
||
- CVE-2014-7927: Memory corruption in V8
|
||
- CVE-2014-7928: Memory corruption in V8
|
||
- CVE-2014-7930: Use-after-free in DOM
|
||
- VE-2014-7931: Memory corruption in V8
|
||
- CVE-2014-7929: Use-after-free in DOM
|
||
- CVE-2014-7932: Use-after-free in DOM
|
||
- CVE-2014-7933: Use-after-free in FFmpeg
|
||
- CVE-2014-7934: Use-after-free in DOM
|
||
- CVE-2014-7935: Use-after-free in Speech
|
||
- CVE-2014-7936: Use-after-free in Views
|
||
- CVE-2014-7937: Use-after-free in FFmpeg
|
||
- CVE-2014-7938: Memory corruption in Fonts
|
||
- CVE-2014-7939: Same-origin-bypass in V8
|
||
- CVE-2014-7940: Uninitialized-value in ICU
|
||
- CVE-2014-7941: Out-of-bounds read in UI
|
||
- CVE-2014-7942: Uninitialized-value in Fonts
|
||
- CVE-2014-7943: Out-of-bounds read in Skia
|
||
- CVE-2014-7944: Out-of-bounds read in PDFium
|
||
- CVE-2014-7945: Out-of-bounds read in PDFium
|
||
- CVE-2014-7946: Out-of-bounds read in Fonts
|
||
- CVE-2014-7947: Out-of-bounds read in PDFium
|
||
- CVE-2014-7948: Caching error in AppCache
|
||
- CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives
|
||
- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 13 21:34:07 UTC 2015 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 39.0.2171.99
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 10 09:05:47 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 39.0.2171.95
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 30 22:34:00 UTC 2014 - Led <ledest@gmail.com>
|
||
|
||
- fix using 'echo' command in chromium-browser.sh script
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 26 09:31:05 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 39.0.2171.71
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 19 12:51:03 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 39.0.2171.65
|
||
* Security fixes:
|
||
- CVE-2014-7899: Address bar spoofing (boo#906320)
|
||
- CVE-2014-7900: Use-after-free in pdfium (boo#906317)
|
||
- CVE-2014-7901: Integer overflow in pdfium (boo#906322)
|
||
- CVE-2014-7902: Use-after-free in pdfium (boo#906328)
|
||
- CVE-2014-7903: Buffer overflow in pdfium (boo#906318)
|
||
- CVE-2014-7904: Buffer overflow in Skia (boo#906321)
|
||
- CVE-2014-7905: Flaw allowing navigation to intents that do
|
||
not have the BROWSABLE category (boo#906330)
|
||
- CVE-2014-7906: Use-after-free in pepper plugins (boo#906319)
|
||
- CVE-2014-0574: Double-free in Flash
|
||
- CVE-2014-7907: Use-after-free in blink (boo#906323)
|
||
- CVE-2014-7908: Integer overflow in media (boo#906324)
|
||
- CVE-2014-7909: Uninitialized memory read in Skia (boo#906326)
|
||
- CVE-2014-7910: Various fixes from internal audits, fuzzing
|
||
and other initiatives (boo#906327)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 14 07:53:38 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 38.0.2125.122
|
||
* Several bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 28 14:16:04 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 38.0.2125.111
|
||
* Several bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 15 21:03:27 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 38.0.2125.104
|
||
* Several bugfixes
|
||
|
||
- Updated source url to point to the right location
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 8 09:12:25 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 38.0.2125.101
|
||
This update includes 159 security fixes, including 113 relatively
|
||
minor fixes. Highlighted securtiy fixes are:
|
||
CVE-2014-3188: A combination of V8 and IPC bugs that can lead to
|
||
remote code execution outside of the sandbox
|
||
CVE-2014-3189: Out-of-bounds read in PDFium
|
||
CVE-2014-3190: Use-after-free in Events
|
||
CVE-2014-3191: Use-after-free in Rendering
|
||
CVE-2014-3192: Use-after-free in DOM
|
||
CVE-2014-3193: Type confusion in Session Management
|
||
CVE-2014-3194: Use-after-free in Web Workers
|
||
CVE-2014-3195: Information Leak in V8
|
||
CVE-2014-3196: Permissions bypass in Windows Sandbox
|
||
CVE-2014-3197: Information Leak in XSS Auditor
|
||
CVE-2014-3198: Out-of-bounds read in PDFium
|
||
CVE-2014-3199: Release Assert in V8 bindings
|
||
CVE-2014-3200: Various fixes from internal audits, fuzzing and
|
||
other initiatives
|
||
|
||
- Drop the build of the Native Client. This is actually not a build
|
||
as that prebuild binaries are being shipped. Also Google no
|
||
longer provides prebuild binaries for the NativeClient for 32bit.
|
||
Chromium as webbrowser is not affected by this and it bring
|
||
Chromium inline with the regulations that prebuild binaries
|
||
should not be shipped.
|
||
* toolchaing_linux tarball dropped
|
||
* Spec-file cleaned for NaCl stuff
|
||
|
||
- Added patch no-clang-on-packman.diff to prevent the usage of
|
||
clang on packman, which is not supported there
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 10 20:40:33 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 37.0.2062.120
|
||
* Security Fixes (bnc#896106)
|
||
- CVE-2014-3178: Use-after-free in rendering
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 7 07:46:20 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 37.0.2062.103
|
||
* This addresses some user feedback related to how Chrome
|
||
renders text when display scaling is set to 125% or lower.
|
||
|
||
- Combine the two toolchain tars into a single one.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 1 07:33:24 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Switch to shared libraries as a global default. This hopefully
|
||
speeds up the builds a little and prevents out-of-memory on OBS
|
||
- Move the chrome sandbox binary to the main package and remove the
|
||
sub-package for it. This should resolve build issues when having
|
||
the debug flag on.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 31 00:39:34 UTC 2014 - josua.m@t-online.de
|
||
|
||
- add toolchain_linux_arm
|
||
- disable NaCl on ARM because it doesn't build
|
||
- add arm-webrtc-fix.patch
|
||
- add chromium-arm-r0.patch
|
||
- add skia.patch
|
||
- build components as shared libaries on arm
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 27 11:53:24 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 37.0.2062.94
|
||
Security Fixes (bnc#893720)
|
||
* CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC,
|
||
sync, and extensions that can lead to remote code execution
|
||
outside of the sandbox.
|
||
* CVE-2014-3168: Use-after-free in SVG
|
||
* CVE-2014-3169: Use-after-free in DOM
|
||
* CVE-2014-3170: Extension permission dialog spoofing
|
||
* CVE-2014-3171: Use-after-free in bindings
|
||
* CVE-2014-3172: Issue related to extension debugging
|
||
* CVE-2014-3173: Uninitialized memory read in WebGL
|
||
* CVE-2014-3174: Uninitialized memory read in Web Audio
|
||
* CVE-2014-3175: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
and 41 more security fixes for which no description was given
|
||
|
||
- Drop the following patches as they are no longer required:
|
||
* chromium-23.0.1245-no-test-sources.patch
|
||
* no-download-nacl.diff
|
||
* chromium-no-courgette.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 13 12:19:10 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 36.0.1985.143
|
||
Security Fixes (bnc#891717)
|
||
* CVE-2014-3165: Use-after-free in web sockets
|
||
* CVE-2014-3166: Information disclosure in SPDY
|
||
* CVE-2014-3167: Various fixes from internal audits, fuzzing and
|
||
other initiatives
|
||
and 9 more fixes for which no description was given
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 5 21:47:00 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Add directory remoting_locales to the package to complete
|
||
the language support within Chromium
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 22 08:19:51 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 36.0.1985.125
|
||
New Functionality:
|
||
* Rich Notifications Improvements
|
||
* An Updated Incognito / Guest NTP design
|
||
* The addition of a Browser crash recovery bubble
|
||
* Chrome App Launcher for Linux
|
||
* Lots of under the hood changes for stability and performance
|
||
|
||
Security Fixes (bnc#887952,bnc#887955):
|
||
* CVE-2014-3160: Same-Origin-Policy bypass in SVG
|
||
* CVE-2014-3162: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
and 24 more fixes for which no description was given.
|
||
|
||
Packaging changes:
|
||
* Switch to newer method to retrieve toolchain packages. Dropping
|
||
the three naclsdk_*tgz files. Everything is now included in the
|
||
toolchain_linux_x86.tar.bz2 tarball
|
||
* Add Courgette.tar.xz as that the build process now requires
|
||
some files from Courgette in order to build succesfully. This
|
||
does not mean that Courgette is build/delivered.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 11 11:01:07 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 35.0.1916.153
|
||
Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263):
|
||
* CVE-2014-3154: Use-after-free in filesystem api
|
||
* CVE-2014-3155: Out-of-bounds read in SPDY
|
||
* CVE-2014-3156: Buffer overflow in clipboard
|
||
* CVE-2014-3157: Heap overflow in media
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 22 08:48:29 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Use also Ninja for openSUSE 12.3. This is the only method
|
||
supported by upstream
|
||
|
||
- Drop support for Arm. Despite that chromium builds on Arm, it can
|
||
not complete the link process and dies with out-of-memory, etc.
|
||
Drop the specific Arm patches:
|
||
* arm_disable_gn.patch, arm_use_gold.patch, chromium-arm-webrtc-fix.patch,
|
||
chromium-fix-arm-icu.patch, chromium-fix-arm-skia-memset.patch,
|
||
chromium-fix-arm-sysroot.patch
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 21 14:54:37 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 35.0.1916.114
|
||
New Functionality
|
||
* More developer control over touch input
|
||
* New JavaScript features
|
||
* Unprefixed Shadow DOM
|
||
* A number of new apps/extension APIs
|
||
* Lots of under the hood changes for stability and performance
|
||
|
||
Security fixes:
|
||
* CVE-2014-1743: Use-after-free in styles
|
||
* CVE-2014-1744: Integer overflow in audio
|
||
* CVE-2014-1745: Use-after-free in SVG
|
||
* CVE-2014-1746: Out-of-bounds read in media filters
|
||
* CVE-2014-1747: UXSS with local MHTML file
|
||
* CVE-2014-1748: UI spoofing with scrollbar
|
||
* CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives
|
||
* CVE-2014-3152: Integer underflow in V8 fixed
|
||
and 17 more for which no detailed information is given.
|
||
|
||
- Drop patch chromium-vendor.patch.in as that does no longer apply
|
||
due to upstream changes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 14 19:12:29 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 34.0.1847.137
|
||
* Security updates:
|
||
|
||
- CVE-2014-1740: Use-after-free in WebSockets
|
||
- CVE-2014-1741: Integer overflow in DOM range
|
||
- CVE-2014-1742: Use-after-free in editing
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 28 08:48:49 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 34.0.1847.132
|
||
* Security update:
|
||
|
||
- CVE-2014-1730: Type confusion in V8
|
||
- CVE-2014-1731: Type confusion in DOM
|
||
- CVE-2014-1732: Use-after-free in Speech Recognition
|
||
- CVE-2014-1733: Compiler bug in Seccomp-BPF
|
||
- CVE-2014-1734: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- CVE-2014-1735: Multiple vulnerabilities in V8 fixed in
|
||
version 3.24.35.33
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 25 16:20:59 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 34.0.1847.131
|
||
* Bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 10 15:27:15 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Add patch chromium-fix-arm-skia-memset.patch to resolve a linking
|
||
issue on ARM with regards to missing symbols.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 9 07:25:09 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Add patch arm_use_gold.patch to use the right gold binaries on
|
||
ARM. Hopefully this resolves the build issues with running out of
|
||
memory
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 8 20:20:38 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 34.0.1847.116
|
||
* Responsive Images and Unprefixed Web Audio
|
||
* Import supervised users onto new computers
|
||
* A number of new apps/extension APIs
|
||
* Lots of under the hood changes for stability and performance
|
||
|
||
- Security fixes:
|
||
* CVE-2014-1716: UXSS in V8
|
||
* CVE-2014-1717: OOB access in V8
|
||
* CVE-2014-1718: Integer overflow in compositor
|
||
* CVE-2014-1719: Use-after-free in web workers
|
||
* CVE-2014-1720: Use-after-free in DOM
|
||
* CVE-2014-1721: Memory corruption in V8
|
||
* CVE-2014-1722: Use-after-free in rendering
|
||
* CVE-2014-1723: Url confusion with RTL characters
|
||
* CVE-2014-1724: Use-after-free in speech
|
||
* CVE-2014-1725: OOB read with window property
|
||
* CVE-2014-1726: Local cross-origin bypass
|
||
* CVE-2014-1727: Use-after-free in forms
|
||
* CVE-2014-1728: Various fixes from internal audits,
|
||
fuzzing and other initiatives
|
||
* CVE-2014-1729: Multiple vulnerabilities in V8
|
||
|
||
- No longer build against system libraries as that Chromium works
|
||
a lot better and crashes less on websites than with system libs
|
||
|
||
- Added package depot_tools.tar.gz as that the chromium build now
|
||
requires it during the initial build phase. It just contains some
|
||
utilities and nothing from it is being installed.
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 6 14:06:48 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- If people want to install newer versions of the ffmpeg library
|
||
then let them. This is what they want.
|
||
|
||
- Remove the buildscript from the sources
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 17 07:33:21 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 33.0.1750.152
|
||
Stable channel uodate:
|
||
- Security fixes:
|
||
* CVE-2014-1713: Use-after-free in Blink bindings
|
||
* CVE-2014-1714: Windows clipboard vulnerability
|
||
* CVE-2014-1705: Memory corruption in V8
|
||
* CVE-2014-1715: Directory traversal issue
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 13 06:31:45 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 33.0.1750.149
|
||
Stable channel uodate:
|
||
- Security fixes:
|
||
* CVE-2014-1700: Use-after-free in speech
|
||
* CVE-2014-1701: UXSS in events
|
||
* CVE-2014-1702: Use-after-free in web database
|
||
* CVE-2014-1703: Potential sandbox escape due to a
|
||
use-after-free in web sockets
|
||
* CVE-2014-1704: Multiple vulnerabilities in V8 fixed in
|
||
version 3.23.17.18
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 21 12:52:21 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 33.0.1750.117
|
||
Stable channel update:
|
||
- Security Fixes:
|
||
* CVE-2013-6653: Use-after-free related to web contents
|
||
* CVE-2013-6654: Bad cast in SVG
|
||
* CVE-2013-6655: Use-after-free in layout
|
||
* CVE-2013-6656: Information leak in XSS auditor
|
||
* CVE-2013-6657: Information leak in XSS auditor
|
||
* CVE-2013-6658: Use-after-free in layout
|
||
* CVE-2013-6659: Issue with certificates validation in TLS
|
||
handshake
|
||
* CVE-2013-6660: Information leak in drag and drop
|
||
* CVE-2013-6661: Various fixes from internal audits, fuzzing
|
||
and other initiatives. Of these, seven are
|
||
fixes for issues that could have allowed for
|
||
sandbox escapes from compromised renderers.
|
||
- Other:
|
||
- Google Chrome Frame has been retired
|
||
|
||
- Added gn-binaries.tar.xz to have the right version of the Google
|
||
depot tools during build.
|
||
- Added patch arm_disable_gn.patch to disable GN on ARM builds
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 28 17:50:25 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 32.0.1700.102
|
||
Stable channel update:
|
||
- Security Fixes:
|
||
* CVE-2013-6649: Use-after-free in SVG images
|
||
* CVE-2013-6650: Memory corruption in V8
|
||
* and 12 other fixes
|
||
- Other:
|
||
* Mouse Pointer disappears after exiting full-screen mode
|
||
* Drag and drop files into Chromium may not work properly
|
||
* Quicktime Plugin crashes in Chromium
|
||
* Chromium becomes unresponsive
|
||
* Trackpad users may not be able to scroll horizontally
|
||
* Scrolling does not work in combo box
|
||
* Chromium does not work with all CSS minifiers such as
|
||
whitespace around a media query's `and` keyword
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 16 20:58:04 UTC 2014 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 32.0.1700.77
|
||
Stable channel update:
|
||
- Security fixes:
|
||
* CVE-2013-6646: Use-after-free in web workers
|
||
* CVE-2013-6641: Use-after-free related to forms
|
||
* CVE-2013-6643: Unprompted sync with an attacker’s
|
||
Google account
|
||
* CVE-2013-6645: Use-after-free related to speech input
|
||
elements
|
||
* CVE-2013-6644: Various fixes from internal audits, fuzzing
|
||
and other initiatives
|
||
- Other:
|
||
* Tab indicators for sound, webcam and casting
|
||
* Automatically blocking malware files
|
||
* Lots of under the hood changes for stability and performance
|
||
- Remove patch chromium-fix-chromedriver-build.diff as that
|
||
chromedriver is fixed upstream
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 5 11:34:03 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 31.0.1650.63
|
||
Stable channel update:
|
||
- Security fixes:
|
||
* CVE-2013-6634: Session fixation in sync related to 302 redirects
|
||
* CVE-2013-6635: Use-after-free in editing
|
||
* CVE-2013-6636: Address bar spoofing related to modal dialogs
|
||
* CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.
|
||
* CVE-2013-6638: Buffer overflow in v8
|
||
* CVE-2013-6639: Out of bounds write in v8.
|
||
* CVE-2013-6640: Out of bounds read in v8
|
||
* and 12 other security fixes.
|
||
- Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le.
|
||
This is based on missing build requires (valgrind, v8, etc)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 27 09:36:08 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Remove the build flags to build according to the Chrome ffmpeg
|
||
branding and the proprietary codecs. (bnc#847971)
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 16 08:44:23 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 31.0.1650.57
|
||
Stable channel update:
|
||
- Security Fixes:
|
||
* CVE-2013-6632: Multiple memory corruption issues.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Nov 13 17:46:35 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 31.0.1650.48
|
||
Stable Channel update:
|
||
- Security fixes:
|
||
* CVE-2013-6621: Use after free related to speech input elements..
|
||
* CVE-2013-6622: Use after free related to media elements.
|
||
* CVE-2013-6623: Out of bounds read in SVG.
|
||
* CVE-2013-6624: Use after free related to “id” attribute strings.
|
||
* CVE-2013-6625: Use after free in DOM ranges.
|
||
* CVE-2013-6626: Address bar spoofing related to interstitial warnings.
|
||
* CVE-2013-6627: Out of bounds read in HTTP parsing.
|
||
* CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
|
||
* CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
|
||
* CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
|
||
* CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
|
||
* CVE-2013-6631: Use after free in libjingle.
|
||
- Added patch chromium-fix-chromedriver-build.diff to fix the
|
||
chromedriver build
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Nov 7 11:18:07 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Enable ARM build for Chromium.
|
||
* Added patches chromium-arm-webrtc-fix.patch,
|
||
chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch
|
||
to resolve ARM specific build issues
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 25 17:50:46 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 30.0.1599.114
|
||
Stable Channel update: fix build for 32bit systems
|
||
|
||
- Drop patch chromium-fix-chromedriver-build.diff. This is now
|
||
fixed upstream
|
||
- For openSUSE versions lower than 13.1, build against the in-tree
|
||
libicu
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Oct 16 05:14:12 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 30.0.1599.101
|
||
- Security Fixes:
|
||
+ CVE-2013-2925: Use after free in XHR
|
||
+ CVE-2013-2926: Use after free in editing
|
||
+ CVE-2013-2927: Use after free in forms.
|
||
+ CVE-2013-2928: Various fixes from internal audits,
|
||
fuzzing and other initiatives.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 1 20:48:13 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 30.0.1599.66
|
||
- Easier searching by image
|
||
- A number of new apps/extension APIs
|
||
- Lots of under the hood changes for stability and performance
|
||
- Security fixes:
|
||
+ CVE-2013-2906: Races in Web Audio
|
||
+ CVE-2013-2907: Out of bounds read in Window.prototype object
|
||
+ CVE-2013-2908: Address bar spoofing related to the
|
||
“204 No Content” status code
|
||
+ CVE-2013-2909: Use after free in inline-block rendering
|
||
+ CVE-2013-2910: Use-after-free in Web Audio
|
||
+ CVE-2013-2911: Use-after-free in XSLT
|
||
+ CVE-2013-2912: Use-after-free in PPAPI
|
||
+ CVE-2013-2913: Use-after-free in XML document parsing
|
||
+ CVE-2013-2914: Use after free in the Windows color chooser
|
||
dialog
|
||
+ CVE-2013-2915: Address bar spoofing via a malformed scheme
|
||
+ CVE-2013-2916: Address bar spoofing related to the “204 No
|
||
Content” status code
|
||
+ CVE-2013-2917: Out of bounds read in Web Audio
|
||
+ CVE-2013-2918: Use-after-free in DOM
|
||
+ CVE-2013-2919: Memory corruption in V8
|
||
+ CVE-2013-2920: Out of bounds read in URL parsing
|
||
+ CVE-2013-2921: Use-after-free in resource loader
|
||
+ CVE-2013-2922: Use-after-free in template element
|
||
+ CVE-2013-2923: Various fixes from internal audits, fuzzing and
|
||
other initiatives
|
||
+ CVE-2013-2924: Use-after-free in ICU. Upstream bug
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 1 09:57:35 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Add patch chromium-fix-altgrkeys.diff
|
||
- Make sure that AltGr is treated correctly (issue#296835)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 27 22:22:31 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Do not build with system libxml (bnc#825157)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 25 18:29:25 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to Chromium 31.0.1640.0
|
||
* Bug and Stability Fixes
|
||
- Fix destkop file for chromium by removing extension from icon
|
||
- Change the methodology for the Chromium packages. Build is
|
||
now based on an official tarball. As soon as the Beta channel
|
||
catches up with the current version, Chromium will be
|
||
based on the Beta channel instead of svn snapshots
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 15 10:37:00 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 31.0.1632
|
||
* Bug and Stability fixes
|
||
- Added the flag --enable-threaded-compositing to the startup
|
||
script. This flag seems to be required when hardware acceleration
|
||
is in use. This prevents websites from locking up on users in
|
||
certain cases.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 10 18:44:03 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 31.0.1627
|
||
* Bug and Stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Sep 2 13:39:12 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 31.0.1619
|
||
* bug and Stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 26 20:57:18 UTC 2013 - andreas.stieger@gmx.de
|
||
|
||
- require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel >= 4.9.5
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Aug 26 09:35:02 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Add patch exclude_ymp.diff to ensure that 1-click-install files
|
||
are downloaded and NOT opened (bnc#836059)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 25 08:25:22 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 31.0.1611
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 18 15:51:38 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 31.0.1605
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 16 13:31:17 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Change the startup script so that Chromium will not start
|
||
when the chrome_sandbox doesn't have the SETUID.
|
||
(bnc#779448)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 14 17:31:17 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 31.0.1601
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 11 08:40:31 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 30.0.1594
|
||
* Bug and stability fixes
|
||
|
||
- Correct specfile to properly own /usr/bin/chromium (bnc#831584)
|
||
|
||
- Chromium now expects the SUID-helper installed in the same
|
||
directory as chromium. So let's create a symlink to the helper
|
||
in /usr/lib
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 4 14:11:58 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 30.0.1587
|
||
* Bug and stability fixes
|
||
- Remove patch chromium-nss-compliant.diff (Upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 24 04:57:36 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 30.0.1575
|
||
* Bug and stability fixes
|
||
* Enable the gpu-sandbox again due to upstream fix (chromium#255063)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 16 17:55:57 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 30.0.1567
|
||
* bug and Stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 1 17:02:52 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 30.0.1553
|
||
* Bug and stability fixes
|
||
* Includes security update for v8 (bnc821601)
|
||
* CVE-2013-2838 Denial of service (out-of-bounds read) via
|
||
unspecified vectors
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 28 07:46:04 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Add the flag --disable-gpu-sandbox to prevent crashes and/or
|
||
slowness. The GPU Sandbox is a new sandbox introduces in M28 and
|
||
is currently causing issues
|
||
(http://code.google.com/p/chromium/issues/detail?id=255063)
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 25 12:27:22 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 29.0.1548
|
||
* Bug and Stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jun 16 15:03:32 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 29.0.1541
|
||
* Bug and Stability fixes
|
||
- Added patch chromium-nss-compatibility to fix build on Factory
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jun 5 20:24:08 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 29.0.1530
|
||
* Bug and Stability fixes.
|
||
- Dropped subversion buildrequire as svn is no longer used.
|
||
(Thanks to andreas.stieger@gmx.de)
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 27 16:31:10 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 29.0.1521
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 23 08:26:55 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 29.0.1517
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 5 18:43:49 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 28.0.1500
|
||
* Bug and stability fixes
|
||
|
||
- Added patch adjust-ldflags-no-keep-memory.patch to change a
|
||
ldflags option to reduce the memory used during linking
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 2 11:43:10 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 28.0.1497
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 29 12:20:19 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 28.0.1494
|
||
* Bug and Stability Fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 27 21:34:51 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 28.0.1493
|
||
* bug and stability fixes
|
||
* Bring back the lost buildflag to enable proprietary codecs
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 14 13:46:39 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 28.0.1479
|
||
* bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 10 20:34:07 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- use %config(noreplace) for /etc/default/chromium, so that user
|
||
changes are preserved.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Apr 6 18:55:27 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 28.0.1468
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 24 12:56:12 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 27.0.1452
|
||
* Bug and stability fixes
|
||
|
||
- Change buoldsystem to ninja for additional speed
|
||
* Dropped patch chromium_use_gold.patch
|
||
|
||
- Removed obsolete 11.4 bits and pieces in the spec-file
|
||
* includes chromium.easy patch
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Mar 19 16:51:59 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 27.0.1447
|
||
* Bug and stability fixes
|
||
* Drop patch chromium-norpath.patch. Rpath is only used when
|
||
building chromium with shared libraries.
|
||
- Deactive building against system libraries. This is now causing
|
||
issues for building on 12.3 and Factory.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 9 14:03:28 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 27.0.1435
|
||
* Bug and stability fixes
|
||
* Drop patch chromium-siginfo.patch due to upstream
|
||
inclusion
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Feb 23 08:09:58 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 27.0.1425
|
||
* Bug and stability fixes:
|
||
- Fixed crash after clicking through malware warning.
|
||
(Issue: 173986)
|
||
- Fixed broken command line to create extensions with locale info
|
||
(Issue: 176187)
|
||
- Hosted apps in Chrome will always be opened from app launcher.
|
||
(Issue: 176267)
|
||
- Added modal confirmation dialog to the enterprise profile
|
||
sign-in flow. (Issue: 171236)
|
||
- Fixed a crash with autofill. (Issues: 175454, 176576)
|
||
- Fixed issues with sign-in.
|
||
(Issues: 175672, 175819, 175541, 176190)
|
||
- Fixed spurious profile shortcuts created with a system-level
|
||
install. (Issue: 177047)
|
||
- Fixed the background tab flashing with certain themes.
|
||
(Issue: 175426)
|
||
|
||
* Security Fixes: (bnc#804986)
|
||
- High CVE-2013-0879: Memory corruption with web audio node
|
||
- High CVE-2013-0880: Use-after-free in database handling
|
||
- Medium CVE-2013-0881: Bad read in Matroska handling
|
||
- High CVE-2013-0882: Bad memory access with excessive SVG
|
||
parameters.
|
||
- Medium CVE-2013-0883: Bad read in Skia.
|
||
- Low CVE-2013-0884: Inappropriate load of NaCl.
|
||
- Medium CVE-2013-0885: Too many API permissions granted to web
|
||
store
|
||
- Medium CVE-2013-0886: Incorrect NaCl signal handling.
|
||
- Low CVE-2013-0887: Developer tools process has too many
|
||
permissions and places too much trust in the connected server
|
||
- Medium CVE-2013-0888: Out-of-bounds read in Skia
|
||
- Low CVE-2013-0889: Tighten user gesture check for dangerous
|
||
file downloads.
|
||
- High CVE-2013-0890: Memory safety issues across the IPC layer.
|
||
- High CVE-2013-0891: Integer overflow in blob handling.
|
||
- Medium CVE-2013-0892: Lower severity issues across the IPC layer
|
||
- Medium CVE-2013-0893: Race condition in media handling.
|
||
- High CVE-2013-0894: Buffer overflow in vorbis decoding.
|
||
- High CVE-2013-0895: Incorrect path handling in file copying.
|
||
- High CVE-2013-0896: Memory management issues in plug-in message
|
||
handling
|
||
- Low CVE-2013-0897: Off-by-one read in PDF
|
||
- High CVE-2013-0898: Use-after-free in URL handling
|
||
- Low CVE-2013-0899: Integer overflow in Opus handling
|
||
- Medium CVE-2013-0900: Race condition in ICU
|
||
|
||
* Make adjustment for autodetecting of the PepperFlash library.
|
||
The package with the PepperFlash hopefully will be soon
|
||
available through packman
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 12 20:12:25 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1411
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 3 11:41:13 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1403
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 26 18:19:10 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- Using system libxml2 requires system libxslt.
|
||
- Using system MESA does not work in i586 for some reason.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jan 26 15:59:32 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- Also use system MESA, factory version seems adecuate now.
|
||
- Always use system libxml2.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 25 16:15:58 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- Restrict the usage of system libraries instead of the bundled
|
||
ones to new products, too much hassle otherwise.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 25 03:32:21 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- Also link kerberos and libgps directly, do not dlopen them.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 25 02:08:01 UTC 2013 - crrodriguez@opensuse.org
|
||
|
||
- Avoid using dlopen on system libraries, rpm or the package Manager
|
||
do not handle this at all. tested for a few weeks and implemented
|
||
with a macro so it can be easily disabled if problems arise.
|
||
|
||
- Use SOME system libraries instead of the bundled ones, tested for
|
||
several weeks and implemented with a macro for easy enable/Disable
|
||
in case of trouble.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jan 24 06:45:53 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1393
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 13 18:15:47 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1383
|
||
* Security fixes
|
||
- CVE-2012-5145: Use-after-free in SVG layout
|
||
- CVE-2012-5146: Same origin policy bypass with malformed URL
|
||
- CVE-2012-5147: Use-after-free in DOM handling
|
||
- CVE-2012-5148: Missing filename sanitization in hyphenation
|
||
support
|
||
- CVE-2012-5149: Integer overflow in audio IPC handling
|
||
- CVE-2012-5150: Use-after-free when seeking video
|
||
- CVE-2012-5152: Out-of-bounds read when seeking video
|
||
- CVE-2012-5153: Out-of-bounds stack access in v8.
|
||
- CVE-2012-5154: Integer overflow in shared memory allocation
|
||
- CVE-2013-0830: Missing NUL termination in IPC.
|
||
- CVE-2013-0831: Possible path traversal from extension process
|
||
- CVE-2013-0832: Use-after-free with printing.
|
||
- CVE-2013-0833: Out-of-bounds read with printing.
|
||
- CVE-2013-0834: Out-of-bounds read with glyph handling
|
||
- CVE-2013-0835: Browser crash with geolocation
|
||
- CVE-2013-0836: Crash in v8 garbage collection.
|
||
- CVE-2013-0837: Crash in extension tab handling.
|
||
- CVE-2013-0838: Tighten permissions on shared memory segments
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jan 8 13:19:57 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
* Set up Google API keys, see
|
||
http://www.chromium.org/developers/how-tos/api-keys .
|
||
# Note: these are for openSUSE Chromium builds ONLY!!
|
||
(Setup was done based on indication from Pawel Hajdan)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jan 4 09:08:32 UTC 2013 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1375
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 27 14:43:46 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Change the default setting for password-store to basic.
|
||
(bnc#795860)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 26 12:36:13 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1371
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 20 13:25:14 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 26.0.1367
|
||
* Bug and stability fixes
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 15 13:32:15 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 25.0.1362
|
||
* Security fixes (bnc#794075):
|
||
- CVE-2012-5139: Use-after-free with visibility events
|
||
- CVE-2012-5140: Use-after-free in URL loader
|
||
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
|
||
- CVE-2012-5142: Crash in history navigation.
|
||
- CVE-2012-5143: Integer overflow in PPAPI image buffers
|
||
- CVE-2012-5144: Stack corruption in AAC decoding
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Dec 6 10:06:51 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 25.0.1352
|
||
* Fixed garbled header and footer text in print preview.
|
||
[Issue: 152893]
|
||
* Fixed extension action badges with long text. [Issue: 160069]
|
||
* Disable find if constrained window is shown. [Issue: 156969]
|
||
* Enable fullscreen for apps windows. [Issue: 161246]
|
||
* Fixed broken profile with system-wide installation and
|
||
UserDataDir & DiskCacheDir policy. [Issue: 161336]
|
||
* Fixed stability crashes like 158747, 159437, 149139, 160914,
|
||
160401, 161858, 158747, 156878
|
||
* Fixed graphical corruption in Dust. [Issue: 155258]
|
||
* Fixed scrolling issue. [Issue: 163553]
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 30 17:15:39 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 25.0.1343
|
||
* Security Fixes (bnc#791234 and bnc#792154):
|
||
- CVE-2012-5131: Corrupt rendering in the Apple OSX driver for
|
||
Intel GPUs
|
||
- CVE-2012-5133: Use-after-free in SVG filters.
|
||
- CVE-2012-5130: Out-of-bounds read in Skia
|
||
- CVE-2012-5132: Browser crash with chunked encoding
|
||
- CVE-2012-5134: Buffer underflow in libxml.
|
||
- CVE-2012-5135: Use-after-free with printing.
|
||
- CVE-2012-5136: Bad cast in input element handling.
|
||
- CVE-2012-5138: Incorrect file path handling
|
||
- CVE-2012-5137: Use-after-free in media source handling
|
||
|
||
- Correct build so that proprietary codecs can be used when
|
||
the chromium-ffmpeg package is installed
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 25 12:50:28 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Add a configuration file (/etc/default/chromium) where we can
|
||
indicate flags for the chromium-browser.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Nov 24 20:00:51 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 25.0.1335
|
||
* {gtk} Fixed <input> selection renders white text on white
|
||
background in apps. (Issue: 158422)
|
||
* Fixed translate infobar button to show selected language.
|
||
(Issue: 155350)
|
||
* Fixed broken Arabic language. (Issue: 158978)
|
||
* Fixed pre-rendering if the preference is disabled at start up.
|
||
(Issue: 159393)
|
||
* Fixed JavaScript rendering issue. (Issue: 159655)
|
||
* No further indications in the ChangeLog
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 20 23:27:56 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 25.0.1329
|
||
* No further indications in the ChangeLog
|
||
- Removed patch chomium-ffmpeg-no-pkgconfig.patch
|
||
- Building now internal libffmpegsumo.so based on the standard
|
||
chromium ffmpeg codecs
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Nov 6 18:42:46 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 25.0.1319
|
||
* No further indications in the Changelog
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 26 08:58:02 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 24.0.1308
|
||
* Updated V8 - 3.14.5.0
|
||
* Bookmarks are now searched by their title while typing into
|
||
the omnibox with matching bookmarks being shown in the
|
||
autocomplete suggestions pop-down list. Matching is done by
|
||
prefix.
|
||
* Fixed chromium issues 155871, 154173, 155133.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Oct 16 12:41:55 UTC 2012 - coolo@suse.com
|
||
|
||
- add explicit buildrequire on libbz2-devel
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 7 11:28:56 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 24.0.1290
|
||
* No further indications in the ChangeLog.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 30 09:38:06 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 24.0.1283
|
||
* Security Fixes (bnc#782257)
|
||
- High CVE-2012-2889: UXSS in frame handling
|
||
- High CVE-2012-2886: UXSS in v8 bindings.
|
||
- High CVE-2012-2881: DOM tree corruption with plug-ins.
|
||
- High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
|
||
- High CVE-2012-2883: Out-of-bounds write in Skia.
|
||
- High CVE-2012-2887: Use-after-free in onclick handling.
|
||
- High CVE-2012-2888: Use-after-free in SVG text references.
|
||
- High CVE-2012-2894: Crash in graphics context handling.
|
||
- High CVE-2012-2896: Integer overflow in WebGL.
|
||
- Medium CVE-2012-2877: Browser crash with extensions
|
||
and modal dialogs
|
||
- Low CVE-2012-2879: DOM topology corruption.
|
||
- Medium CVE-2012-2884: Out-of-bounds read in Skia.
|
||
- High CVE-2012-2874: Out-of-bounds write in Skia.
|
||
- High CVE-2012-2878: Use-after-free in plug-in handling.
|
||
- Medium CVE-2012-2880: Race condition in plug-in paint buffer.
|
||
- High CVE-2012-2882: Wild pointer in OGG container handling.
|
||
- Medium CVE-2012-2885: Possible double free on exit.
|
||
- Low CVE-2012-2891: Address leak over IPC.
|
||
- Low CVE-2012-2892: Pop-up block bypass.
|
||
- High CVE-2012-2893: Double free in XSL transforms.
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Sep 15 06:27:56 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 23.0.1268
|
||
* Updated V8 - 3.13.6.0
|
||
* Updated WebKit - 537.10
|
||
* Make the new sandbox more robust when denying socket calls.
|
||
* Fix crashes (Issues 142388 and 146606)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Sep 7 15:49:57 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 23.0.1259
|
||
* No further indications in the ChangeLog.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 2 14:31:22 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 23.0.1255
|
||
* Security Fixes (bnc#778005):
|
||
- Medium CVE-2012-2865: Out-of-bounds read in line breaking.
|
||
- High CVE-2012-2866: Bad cast with run-ins.
|
||
- Low CVE-2012-2867: Browser crash with SPDY.
|
||
- Medium CVE-2012-2868: Race condition with workers and XHR.
|
||
- High CVE-2012-2869: Avoid stale buffer in URL loading.
|
||
- Low CVE-2012-2870: Lower severity memory management issues
|
||
in XPath.
|
||
- High CVE-2012-2871: Bad cast in XSL transforms.
|
||
- Medium CVE-2012-2872: XSS in SSL interstitial.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 29 19:19:31 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 23.0.1249
|
||
* No longer building with system libraries. This caused issues
|
||
with high CPU utilization and a blank homescreen. Now the
|
||
in-source libraries are used.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 19 08:32:45 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 23.0.1240
|
||
* Duplex Printing defaults to Yes, which prints extra pages even
|
||
for a 1 page print out (Issue 138312).
|
||
* Print preview takes forever on Win XP (issue: 140044)
|
||
* Anti-DDoS inversion of logic (Issues: 141643, 141081)
|
||
* Projectmanager.com application causes Flash to hang
|
||
(Issue: 141018)
|
||
* An additional scroll bar appears at the right on many sites
|
||
(issue: 140239)
|
||
* Setting and unsetting display:none obliterates current scroll
|
||
position (issue: 140101)
|
||
- Utilize the patched zlib sources from Chromium in order to build
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 3 15:54:24 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 22.0.1226
|
||
* Security Fixes (bnc#770821):
|
||
CVE-2012-2843: Use-after-free in layout height tracking
|
||
CVE-2012-2842: Use-after-free in counter handling
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jul 30 13:21:27 UTC 2012 - aj@suse.de
|
||
|
||
- Fix build with glibc 2.16 (struct siginfo is not exported anymore).
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 29 13:32:21 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 22.0.1221
|
||
* Several crash fixes (Issues: 131310, 134574)
|
||
* Can't press Enter to save to PDF (Issue: 137690)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 25 14:17:53 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 22.0.1218
|
||
* New Connection Manager
|
||
* New Print UI.
|
||
* No further indications in the ChangeLog.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 8 13:10:48 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 22.0.1201
|
||
* No further indications in the ChangeLog.
|
||
|
||
- exclude ppc and ppc64. There is no v8 for ppc. (Update from
|
||
dvaleev@suse.com)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 29 08:52:58 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 22.0.1190
|
||
* Security Fixes:
|
||
* CVE-2012-2815: Leak of iframe fragment id
|
||
* CVE-2012-2816: Prevent sandboxed processes interfering with
|
||
each other
|
||
* CVE-2012-2817: Use-after-free in table section handling
|
||
* CVE-2012-2818: Use-after-free in counter layout
|
||
* CVE-2012-2819: Crash in texture handling
|
||
* CVE-2012-2820: Out-of-bounds read in SVG filter handling
|
||
* CVE-2012-2821: Autofill display problem
|
||
* CVE-2012-2823: Use-after-free in SVG resource handling
|
||
* CVE-2012-2826: Out-of-bounds read in texture conversion
|
||
* CVE-2012-2829: Use-after-free in first-letter handling
|
||
* CVE-2012-2830: Wild pointer in array value setting
|
||
* CVE-2012-2831: Use-after-free in SVG reference handling
|
||
* CVE-2012-2834: Integer overflow in Matroska container
|
||
* CVE-2012-2825: Wild read in XSL handling
|
||
* CVE-2012-2807: Integer overflows in libxml
|
||
* Fix update-alternatives within the spec-file
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jun 21 12:20:28 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 22.0.1183
|
||
* Content settings for Cookies now also show protected storage
|
||
granted to hosted apps
|
||
* Chromoting client plugin correctly up-scales on when page-zoom
|
||
is >100%.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jun 19 13:06:52 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 21.0.1181
|
||
* Bugfixes.
|
||
* Remove obsolete patch
|
||
* Do not execute update-alternatives when building
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Jun 15 12:19:24 UTC 2012 - coolo@suse.com
|
||
|
||
- fix update-alternative usage to fix build
|
||
|
||
-------------------------------------------------------------------
|
||
Thu May 31 08:27:09 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 21.0.1158
|
||
* Bugfixes
|
||
* Gamepad API prototype http://www.w3.org/TR/gamepad/
|
||
available by default.
|
||
* TLS 1.1 is enabled by default.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 20 16:40:03 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 21.0.1145
|
||
* Fixed several issues around audio not playing with videos
|
||
* Crash Fixes
|
||
* Improvements to trackpad on Cr-48
|
||
* Security Fixes (bnc#762481)
|
||
- CVE-2011-3083: Browser crash with video + FTP
|
||
- CVE-2011-3084: Load links from internal pages in their
|
||
own process.
|
||
- CVE-2011-3085: UI corruption with long autofilled values
|
||
- CVE-2011-3086: Use-after-free with style element.
|
||
- CVE-2011-3087: Incorrect window navigation
|
||
- CVE-2011-3088: Out-of-bounds read in hairline drawing
|
||
- CVE-2011-3089: Use-after-free in table handling.
|
||
- CVE-2011-3090: Race condition with workers.
|
||
- CVE-2011-3091: Use-after-free with indexed DB
|
||
- CVE-2011-3092: Invalid write in v8 regex
|
||
- CVE-2011-3093: Out-of-bounds read in glyph handling
|
||
- CVE-2011-3094: Out-of-bounds read in Tibetan handling
|
||
- CVE-2011-3095: Out-of-bounds write in OGG container.
|
||
- CVE-2011-3096: Use-after-free in GTK omnibox handling.
|
||
- CVE-2011-3098: Bad search path for Windows Media Player
|
||
plug-in
|
||
- CVE-2011-3100: Out-of-bounds read drawing dash paths.
|
||
- CVE-2011-3101: Work around Linux Nvidia driver bug
|
||
- CVE-2011-3102: Off-by-one out-of-bounds write in libxml.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 13 19:53:59 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 21.0.1137
|
||
* Fixes crashes when manually typing in URL's
|
||
|
||
-------------------------------------------------------------------
|
||
Fri May 11 14:22:22 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 21.0.1135.0
|
||
* Added patch for Sqlite which should resolve crashes when build
|
||
with GCC 4.7
|
||
* Fixes for rendering and stability
|
||
* Fixed about:inducebrowsercrashforrealz (Issue: 124843)
|
||
* Mouse over on apps/extensions makes place holder blank in
|
||
web store. (Issue: 125777)
|
||
* Security Fixes (bnc#760264):
|
||
- CVE-2011-3078: Use after free in floats handling.
|
||
- CVE-2012-1521: Use after free in xml parser.
|
||
- CVE-2011-3079: IPC validation failure.
|
||
- CVE-2011-3080: Race condition in sandbox IPC
|
||
- CVE-2011-3081: Use after free in floats handling.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 29 15:38:00 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 20.0.1123.0
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 27 09:54:43 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 20.0.1119.0
|
||
Fixes
|
||
- Adjust spec-file to include two new resource files that are
|
||
required for the UI. (bnc#759381)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Apr 25 11:32:07 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 20.0.1116.0
|
||
* Fixes and update to newer v8 version
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 19 09:12:44 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Added the ChromeDriver as a separate package. Normal users
|
||
will not require this as it is a standalone server for testing
|
||
webbrowsers
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 17 13:53:49 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 20.0.1106.0
|
||
* Fixes issues with fonts (Issue: 108645).
|
||
* Enable the Chrome To Mobile page action for users with
|
||
compatible registered devices
|
||
* file: downloads allowed again
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 13 09:12:42 UTC 2012 - fcrozat@suse.com
|
||
|
||
- Use desktop_database macros at install time.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 6 14:32:07 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 20.0.1094.0
|
||
Fixes:
|
||
* Other Devices menu shows last update time for other sessions,
|
||
and allows sessions to be hidden using a context menu.
|
||
* Fix sync issue with sessions (open tabs) triggering an
|
||
unrecoverable error.
|
||
* Fixed Sync/Apps: NTP apps icons missing after sync.
|
||
[Issue: 117857]
|
||
* Fixed bookmarks drag-n-drop in Bookmark Manager.
|
||
[Issue: 118715]
|
||
Security Fixes:
|
||
* Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
|
||
* Medium CVE-2011-3067: Cross-origin iframe replacement.
|
||
* High CVE-2011-3068: Use-after-free in run-in handling.
|
||
* High CVE-2011-3069: Use-after-free in line box handling.
|
||
* High CVE-2011-3070: Use-after-free in v8 bindings.
|
||
* High CVE-2011-3071: Use-after-free in HTMLMediaElement.
|
||
* Low CVE-2011-3072: Cross-origin violation parenting pop-up
|
||
window.
|
||
* High CVE-2011-3073: Use-after-free in SVG resource handling.
|
||
* Medium CVE-2011-3074: Use-after-free in media handling.
|
||
* High CVE-2011-3075: Use-after-free applying style command.
|
||
* High CVE-2011-3076: Use-after-free in focus handling.
|
||
* Medium CVE-2011-3077: Read-after-free in script bindings.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Apr 3 06:51:49 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 20.0.1090
|
||
Fixes:
|
||
* Fixed issue cannot add GMail app to Chrome. [Issue: 119975]
|
||
* Fixed theme and bookmarks bar notifications. [Issue: 117027]
|
||
* Fixed popup prompting permission for flash plugin.
|
||
[Issue: 120358]
|
||
Security Fixes:
|
||
* Medium CVE-2011-3058: Bad interaction possibly leading to
|
||
XSS in EUC-JP.
|
||
* Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
|
||
* Medium CVE-2011-3060: Out-of-bounds read in text fragment
|
||
handling.
|
||
* Medium CVE-2011-3061: SPDY proxy certificate checking error.
|
||
* High CVE-2011-3062: Off-by-one in OpenType Sanitizer.
|
||
* Low CVE-2011-3063: Validate navigation requests from the
|
||
renderer more carefully.
|
||
* High CVE-2011-3064: Use-after-free in SVG clipping.
|
||
* High CVE-2011-3065: Memory corruption in Skia.
|
||
* Medium CVE-2011-3057: Invalid read in v8.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 24 06:40:10 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1079
|
||
Security Fixes (bnc#754456):
|
||
* High CVE-2011-3050: Use-after-free with first-letter handling
|
||
* High CVE-2011-3045: libpng integer issue from upstream
|
||
* High CVE-2011-3051: Use-after-free in CSS cross-fade handling
|
||
* High CVE-2011-3052: Memory corruption in WebGL canvas handling
|
||
* High CVE-2011-3053: Use-after-free in block splitting
|
||
* Low CVE-2011-3054: Apply additional isolations to webui
|
||
privileges
|
||
* Low CVE-2011-3055: Prompt in the browser native UI for unpacked
|
||
extension installation
|
||
* High CVE-2011-3056: Cross-origin violation with “magic iframe”.
|
||
* Low CVE-2011-3049: Extension web request API can interfere with
|
||
system requests
|
||
Other Fixes:
|
||
* The short-cut key for caps lock (Shift + Search) is disabled
|
||
when an accessibility screen reader is enabled
|
||
* Fixes an issue with files not being displayed in File Manager
|
||
when some file names contain UTF-8 characters (generally
|
||
accented characters)
|
||
* Fixed dialog boxes in settings. (Issue: 118031)
|
||
* Fixed flash videos turning white on mac when running with
|
||
--disable-composited-core-animation-plugins (Issue: 117916)
|
||
* Change to look for correctly sized favicon when multiple images
|
||
are provided. (Issue: 118275)
|
||
* Fixed issues - 116044, 117470, 117068, 117668, 118620
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 21 12:36:42 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1077
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 18 17:35:02 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1074
|
||
- Build Chromium on openSUSE > 12.1 with the gold linker
|
||
- Fix build issues with GCC 4.7
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 15 12:51:21 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1071
|
||
* Several fixes and improvements in the new Settings, Extensions,
|
||
and Help pages.
|
||
* Fixed the flashing when switched between composited and
|
||
non-composited mode. [Issue: 116603]
|
||
* Fixed stability issues 116913, 117217, 117347, 117081
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Mar 11 08:01:15 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1066
|
||
* Fixed Chrome install/update resets Google search preferences
|
||
(Issue: 105390)
|
||
* Don't trigger accelerated compositing on 3D CSS when using
|
||
swiftshader (Issue: 116401)
|
||
* Fixed a GPU crash (Issue: 116096)
|
||
* More fixes for Back button frequently hangs (Issue: 93427)
|
||
* Bastion now works (Issue: 116285)
|
||
* Fixed Composited layer sorting irregularity with accelerated
|
||
canvas (Issue: 102943)
|
||
* Fixed Composited layer sorting irregularity with accelerated
|
||
canvas (Issue: 102943)
|
||
* Fixed Google Feedback causes render process to use too much
|
||
memory (Issue: 114489)
|
||
* Fixed after upgrade, some pages are rendered as blank
|
||
(Issue: 109888)
|
||
* Fixed Pasting text into a single-line text field shouldn't
|
||
keep literal newlines (Issue: 106551)
|
||
- Security Fixes:
|
||
* Critical CVE-2011-3047: Errant plug-in load and GPU process
|
||
memory corruption
|
||
* Critical CVE-2011-3046: UXSS and bad history navigation.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 5 20:53:06 UTC 2012 - vdziewiecki@suse.com
|
||
|
||
- add Provides: browser(npapi) FATE#313084
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Mar 3 16:55:15 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1060
|
||
* Fixed NTP signed in state is missing (Issue: 112676)
|
||
* Fixed gmail seems to redraw itself (all white) occasionally
|
||
(Issue: 111263)
|
||
* Focus "OK" button on Javascript dialogs (Issue: 111015)
|
||
* Fixed Back button frequently hangs (Issue: 93427)
|
||
* Increase the buffer size to fix muted playback rate
|
||
(Issue: 108239)
|
||
* Fixed Empty span with line-height renders with non-zero height
|
||
(Issue: 109811)
|
||
* Marked the Certum Trusted Network CA as an issuer of
|
||
extended-validation (EV) certificates.
|
||
* Fixed importing of bookmarks, history, etc. from Firefox 10+.
|
||
* Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636,
|
||
112676
|
||
* Fixed several crashes (Issues: 111376, 108688, 114391)
|
||
* Fixed Firefox browser in Import Bookmarks and Settings
|
||
drop-down (Issue: 114476)
|
||
* Sync: Sessions aren't associating pre-existing tabs
|
||
(Issue: 113319)
|
||
* Fixed All "Extensions" make an entry under the "NTP Apps"
|
||
page (Issue: 113672)
|
||
+ Security Fixes (bnc#750407):
|
||
* High CVE-2011-3031: Use-after-free in v8 element wrapper.
|
||
* High CVE-2011-3032: Use-after-free in SVG value handling.
|
||
* High CVE-2011-3033: Buffer overflow in the Skia drawing library.
|
||
* High CVE-2011-3034: Use-after-free in SVG document handling.
|
||
* High CVE-2011-3035: Use-after-free in SVG use handling.
|
||
* High CVE-2011-3036: Bad cast in line box handling.
|
||
* High CVE-2011-3037: Bad casts in anonymous block splitting.
|
||
* High CVE-2011-3038: Use-after-free in multi-column handling.
|
||
* High CVE-2011-3039: Use-after-free in quote handling.
|
||
* High CVE-2011-3040: Out-of-bounds read in text handling.
|
||
* High CVE-2011-3041: Use-after-free in class attribute handling.
|
||
* High CVE-2011-3042: Use-after-free in table section handling.
|
||
* High CVE-2011-3043: Use-after-free in flexbox with floats.
|
||
* High CVE-2011-3044: Use-after-free with SVG animation elements.
|
||
- Remove the external ffmepg headers and start using the ones
|
||
delivered with Chromium. Changes to Chromium are no longer in line
|
||
with any ffmpeg version :-(. So we can only use the Chromium
|
||
ffmpeg headers.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 20 14:39:23 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1046
|
||
* Security updates
|
||
+ CVE-2011-3015: Integer overflows in PDF codecs.
|
||
+ CVE-2011-3016: Read-after-free with counter nodes.
|
||
+ CVE-2011-3017: Possible use-after-free in database handling.
|
||
+ CVE-2011-3018: Heap overflow in path rendering.
|
||
+ CVE-2011-3019: Heap buffer overflow in MKV handling.
|
||
+ CVE-2011-3020: Native client validator error.
|
||
+ CVE-2011-3021: Use-after-free in subframe loading.
|
||
+ CVE-2011-3022: Inappropriate use of http for translation script.
|
||
+ CVE-2011-3023: Use-after-free with drag and drop.
|
||
+ CVE-2011-3024: Browser crash with empty x509 certificate.
|
||
+ CVE-2011-3025: Out-of-bounds read in h.264 parsing.
|
||
+ CVE-2011-3026: Integer overflow / truncation in libpng.
|
||
+ CVE-2011-3027: Bad cast in column handling.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 15 07:40:59 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1042
|
||
* Make speech input bubble borders close with the bubble
|
||
[Issue: 112194]
|
||
* Fixed stability issues
|
||
[Issues: 113531, 113492, 113654, 113546, 113847, 114011]
|
||
* Use Google’s online spellchecker to identify misspelled words
|
||
as well as provide suggestions, for pasted text only.
|
||
* Fix: open incognito windows at exit created extra normal
|
||
windows when the session was restored
|
||
* When translating a page, get the code and translation via HTTPS
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Feb 10 05:36:56 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1037
|
||
* Fix crashing timing bug where panel animates after its closed
|
||
(issue#111120)
|
||
* Remove patch to build with newer glib version. This was merged
|
||
upstream
|
||
* Added option to disable building with gold for x86_64. Used
|
||
linker option "--icf=none" is not supported yet.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Feb 6 10:45:25 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 19.0.1031
|
||
* Block plugins for platform apps
|
||
To block plugins a new content settings has been added, with
|
||
the highest priority (i.e. at the front of the list). This
|
||
could be used down the track to hang off more platform app
|
||
specific stuff.
|
||
* Remove unconditional -msse3 -mssse3 CFLAGS from media.gyp
|
||
(issue#107532)
|
||
* Refactoring of Settings page
|
||
* Other bugfixes
|
||
* Security Fixes:
|
||
CVE-2011-3953: Avoid clipboard monitoring after paste event.
|
||
CVE-2011-3954: Crash with excessive database usage.
|
||
CVE-2011-3955: Crash aborting an IndexDB transaction
|
||
CVE-2011-3956: Incorrect handling of sandboxed origins inside
|
||
extensions
|
||
CVE-2011-3957: Use-after-free in PDF garbage collection
|
||
CVE-2011-3958: Bad casts with column spans
|
||
CVE-2011-3959: Buffer overflow in locale handling
|
||
CVE-2011-3960: Out-of-bounds read in audio decoding
|
||
CVE-2011-3961: Race condition after crash of utility process
|
||
CVE-2011-3962: Out-of-bounds read in path clipping
|
||
CVE-2011-3963: Out-of-bounds read in PDF fax image handling
|
||
CVE-2011-3964: URL bar confusion after drag + drop
|
||
CVE-2011-3965: Crash in signature check
|
||
CVE-2011-3966: Use-after-free in stylesheet error handling
|
||
CVE-2011-3967: Crash with unusual certificate.
|
||
CVE-2011-3968: Use-after-free in CSS handling
|
||
CVE-2011-3969: Use-after-free in SVG layout.
|
||
CVE-2011-3970: Out-of-bounds read in libxslt
|
||
CVE-2011-3971: Use-after-free with mousemove events
|
||
CVE-2011-3972: Out-of-bounds read in shader translator
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 29 21:11:37 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.1022
|
||
* Security fixes (bnc#743319)
|
||
+ CVE-2011-3924 Use-after-free vulnerability
|
||
+ CVE-2011-3925 Use-after-free vulnerability
|
||
+ CVE-2011-3926 Heap-based buffer overflow in the tree builder
|
||
+ CVE-2011-3927 Skia does not perform all required
|
||
initialization of values
|
||
+ CVE-2011-3928 Use-after-free vulnerability
|
||
* Compile the chrome_sandbox binary with -fPIE flags
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jan 23 09:44:42 UTC 2012 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.1017
|
||
* Security Issues fixed (bnc#740493)
|
||
+ CVE-2011-3921 Use-after-free in animation frames
|
||
+ CVE-2011-3919 Heap-buffer-overflow in libxml
|
||
+ CVE-2011-3922 Stack-buffer-overflow in glyph handling
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 31 22:29:20 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.992
|
||
* Delay some extension startup until after first run import.
|
||
(issue 108286)
|
||
* Add function support for Sleep with TimeDelta input.
|
||
(issue 108171)
|
||
* Make webstore installs work when the Downloads folder is missing.
|
||
(issue 108812)
|
||
* Disable GL_EXT_texture_storage support in Linux. (issue 107782)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 28 12:00:11 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.985
|
||
+ Webkit layout:
|
||
* Suppress a leak in http/tests/appcache/reload.html
|
||
(issue 108621)
|
||
* Suppress a leak in xmlhttprequest/workers/referer.html
|
||
(issue 108622)
|
||
* Extend the suppression for uninit value in
|
||
fast/forms/input-text-paste-maxlength.html (issue 106183)
|
||
* Suppress memory leaks in
|
||
fast/files/workers/worker-read-blob-async.html
|
||
(issue 108624)
|
||
* Suppress a leak in
|
||
websocket/tests/hybi/workers/receive-arraybuffer.html
|
||
(issue 108627)
|
||
* Suppress a leak in
|
||
http/tests/xmlhttprequest/workers/methods-async.html
|
||
(issue 108628)
|
||
+ Set opaque on the WebMediaPlayerClient based on the decoder
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Dec 19 06:41:16 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.975
|
||
+ Updating extensions code to use UTF16. (issue#71980)
|
||
+ Assign F5 to cycle forward (issue#107417)
|
||
+ [Sync] Add NOTREACHED for empty passphrase (issue#104189)
|
||
+ Add libudev as build-dependency (issue#79050)
|
||
+ Enable mnemonic and bookmark folder key activation on menu
|
||
(issue#107869)
|
||
- Removed conflict with xine-browser-plugins.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Dec 14 10:25:20 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.972
|
||
* Security issues fixed: (bnc#736716)
|
||
+ CVE-2011-3903: Out-of-bounds read in regex matching.
|
||
+ CVE-2011-3905: Out-of-bounds reads in libxml.
|
||
+ CVE-2011-3906: Out-of-bounds read in PDF parser.
|
||
+ CVE-2011-3907: URL bar spoofing with view-source.
|
||
+ CVE-2011-3908: Out-of-bounds read in SVG parsing.
|
||
+ CVE-2011-3909: [64-bit only] Memory corruption in CSS
|
||
property array.
|
||
+ CVE-2011-3910: Out-of-bounds read in YUV video frame
|
||
handling.
|
||
+ CVE-2011-3911: Out-of-bounds read in PDF.
|
||
+ CVE-2011-3912: Use-after-free in SVG filters.
|
||
+ CVE-2011-3914: Out-of-bounds write in v8 i18n handling
|
||
+ CVE-2011-3915: Buffer overflow in PDF font handling.
|
||
+ CVE-2011-3916: Out-of-bounds reads in PDF cross references.
|
||
+ CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
|
||
+ CVE-2011-3904: Use-after-free in bidi handling.
|
||
* No longer build against the system libjpeg, but build against
|
||
the libjpeg that comes with Chromium to prevent graphics
|
||
issues
|
||
* Chromium for openSUSE:Factory now builds against libjpeg8
|
||
* Removed explicit -fPIC from the C-flags
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 10 18:51:39 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 18.0.968
|
||
+ Print preview: Disable the right context menu items in print
|
||
preview. (issue#106876,#106915)
|
||
+ Fix page zoom for plug-in documents (PDF, etc.)
|
||
(issue#106013,#106228)
|
||
+ ntp: track number of times a user switches pages in a single
|
||
session (issue#106575)
|
||
+ <video> decode in hardware! (issue#104579)
|
||
+ New tab button icons (issue#100775)
|
||
+ Profile/user menu on NTP should look more clickable?
|
||
(issue#102685)
|
||
|
||
- Enable the build of the Native Client (NaCl)
|
||
-------------------------------------------------------------------
|
||
Thu Dec 1 12:11:40 UTC 2011 - idoenmez@suse.de
|
||
|
||
- Support ISO_8859-X as an alias to ISO-8859-X
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 27 09:50:23 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 17.0.952
|
||
+ Message receiver on browser side that holds/starts the gamepad
|
||
data provider (issue#79050)
|
||
+ WebSocket Pepper API: in process API implementation
|
||
(issue#87310)
|
||
+ Clean up plug-in placeholders (issue#62079)
|
||
+ Schedule idle handler in the foreground tab based on CPU usage
|
||
and user activity
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 27 08:51:17 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Remove the media-probe.patch. This has one regression and that
|
||
video's are no longer played through chromium if the
|
||
chromium-ffmpeg package from packman is not installed. However
|
||
removing this patch enabled support for all video formats if
|
||
the chromium-ffmpeg package has been installed.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 20 12:27:43 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 17.0.945
|
||
+ Defer construction of NotificationUIManager to fix notification
|
||
initialization. (bug#103427)
|
||
+ Ignore button mouse enter for new tab button (bug#104326)
|
||
+ History/Downloads:
|
||
- Adding button and checkbox css to history and downloads.
|
||
- Tweaked checkbox styles for history.
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 13 09:35:03 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 17.0.937
|
||
+ Make it so that turning off sync for extensions in the
|
||
preferences UI also turns off sync for extension settings,
|
||
ditto for apps and app settings (bug#98488)
|
||
+ Cleanup: Remove unneeded forward declarations from
|
||
chrome/browser/ui/webui.
|
||
+ fix appearance of buttons in chrome://settings
|
||
+ Report correct error when connection cannot be established
|
||
(bug#103937)
|
||
+ Temporarily disables XI2 for aura until events are straightened
|
||
out. (bug#103981)
|
||
+ Make chrome communicate with gpsd through libgps/shared memory
|
||
(bug#103751)
|
||
+ Don't close tabs from crashed extensions with background pages.
|
||
Make the crashed extension reload when the sad tab is reloaded.
|
||
(bug#71629,bug#94177)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 30 08:10:13 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 17.0.922
|
||
+ Use the new ChromeV8ContextSet in
|
||
ExtensionProcessBindings::StartRequestCommon()
|
||
+ Suppress failure for downloads.DownloadsTest.testPauseAndResume,
|
||
as it is failing sporadically on pyauto win vista, and cause
|
||
is not understood. (bug#102228)
|
||
+ Fix a crash in FullscreenExitBubbleController when the user
|
||
clicks the "Exit full screen" button. (bug#101835)
|
||
+ Close all panels originated by the extension when extension
|
||
unloads. (bug#101118)
|
||
+ Fix history importing by delaying DownloadManager creation.
|
||
(bug#98966)
|
||
+ aura: Draw persistent borders around browser windows.
|
||
(bug#101977)
|
||
+ aura: brightness and volume bubble (bug#98322)
|
||
+ Associate the instant label text with a specific checkbox.
|
||
(bug#101930)
|
||
+ GTK: More profiling of the rendering path. (bug#100803)
|
||
+ Convert the non-debug logging in chrome/common to debug logging.
|
||
+ Add code to prompt for browser login during app notification
|
||
setup (bug#98145)
|
||
+ GTK: Constrain the clip area on tabstrip draws. (bug#100803)
|
||
+ Fully enable about:tracking by default (controlled by the
|
||
flag: "--enable-tracking" and the default is always on.)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 23 07:17:06 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 17.0.917
|
||
+ Convert the Flash interfaces to no longer use GetInfo
|
||
+ Now does not sync URLs that only have imported visits
|
||
+ Print Preview fixes
|
||
+ Use WebCompositor only when --enable-threaded-compositing
|
||
+ Enable privileged WebGL extensions for Chrome extensions.
|
||
+ Implement sync data type controller and UI for syncing
|
||
notifications:
|
||
+ Improve audio underflow handling.
|
||
+ Improve extension settings accessibility.
|
||
+ Other bugfixes
|
||
- Remove patch19 for system zlib adjustments as this is no longer
|
||
required
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 16 11:21:52 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 16.0.910
|
||
+ Delay network requests on startup if any webRequest or
|
||
webNavigation extensions are enabled.
|
||
+ Make escape exit tabbed fullscreen mode even if browser was in
|
||
fullscreen mode before. (bug#89208)
|
||
+ [Sync] Support open tabs experiment enabling before sync setup
|
||
completion. (bug#99403)
|
||
+ On Linux, turn off panels when there is no window manager
|
||
present. (bug#100381)
|
||
+ Linux: add the "other bookmarks" folder to the new bookmark
|
||
menu. (bug#81263)
|
||
+ Add google search app to list of apps installed by default.
|
||
(bug#94920)
|
||
+ PrintPreview: Added code to honor the grayscale color model
|
||
+ Linux: add basic bookmark menu support. More features can be
|
||
added later. Currently, only supports ctrl-click/middle click
|
||
to open in a new tab. It's supposed to be quite fancy and
|
||
support context menus and maybe other gestures as well; these
|
||
are not yet supported. (bug#81263)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 9 06:57:29 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 16.0.904
|
||
+ aura: Implement cursor support on linux
|
||
+ Add --enable-video-track commandline flag for enabling <track>
|
||
(otherwise disabled by default)
|
||
+ [Sync UI] When signed in, choosing the sync wrench menu item
|
||
should navigate to personal options
|
||
+ Fix UI quirks when doing a history navigation to a slow page
|
||
(bug#94747)
|
||
+ Auto-login UI polish. (bug#98873)
|
||
+ Fixed the gtk menu race (bug#88473)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 2 07:37:15 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Updaet to 16.0.898
|
||
+ Move webNavigation out of experimental (bug#60100)
|
||
+ Rework BrightnessLibrary using DBusThreadManager
|
||
+ Remove google search experiment
|
||
+ Only allow to lock the mouse when the tab is in fullscreen mode
|
||
(bug#41781)
|
||
+ Expose connection error code to the web app (bug#91402)
|
||
+ Make the license tools recoginze the dual license (bug#98116)
|
||
+ Don't immediately fill saved passwords in Incognito mode
|
||
+ Ensure that --disable-extensions disables extension prefs from
|
||
being enacted
|
||
+ Removing mfplayer and mfdecoder tools
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 25 09:00:41 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Make "Set as default browser" work
|
||
|
||
- Update to 16.0.891
|
||
+ Prefer curl over wget on linux if installed.
|
||
+ Printing: Fix Linux print dialog code when there are no
|
||
printers installed.
|
||
+ Do not intitialize V8 in browser process.
|
||
+ Suppress race in URLRequestHttpJob/HttpNetworkTransaction
|
||
+ Profile shouldn't own PersonalDataManager
|
||
+ Remove the old chrome://extensions page, since the URL now
|
||
redirects to the new Settings page.
|
||
+ fix disappearing bookmark star on linux/gtk
|
||
+ Fix display of "Last Synced as..." in Personal Stuff.
|
||
+ FTP: fixed compatibility with servers which send 451 response
|
||
for CWD command.
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Sep 22 09:53:18 UTC 2011 - prusnak@opensuse.org
|
||
|
||
- add versions to some dependencies of subpackages
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Sep 20 16:14:30 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Added permissions-patch so that the suid-helper will also work
|
||
on distro versions equal to 11.4.
|
||
- Moved the no-sandbox check to the browser start-up script so that
|
||
the enabling of the sandbox is done at runtime (bnc#718016)
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Sep 14 11:30:06 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 16.0.880
|
||
+ Print preview issues with self-closing popups have been fixed
|
||
+ Fixed many known stability issues.
|
||
+ Change chrome://crash (sad tab page) "Learn more" link to:
|
||
"If you're seeing this frequently, try these suggestions."
|
||
Link "these suggestions" to the "Learn more" help article.
|
||
+ Convert chrome://extensions to a settings page within the
|
||
options pages.
|
||
+ Beginnings of basic Focus and Key Events.
|
||
+ various bugfixes
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Sep 3 17:39:50 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.870
|
||
+ Fix the print preview regression bug
|
||
+ Enable low-latency audio by default
|
||
+ Add Indic IME support
|
||
+ Switch the native print path on Linux and ChromeOS to use Skia
|
||
instead of Cairo
|
||
+ Use 16x16 icons so they don't stretch
|
||
+ Turn client-side phishing detection on for non-UMA users
|
||
+ Fix a crash on Linux which occurs during drag drop operations
|
||
in the renderer
|
||
+ various bugfixes
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Aug 24 17:53:51 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.862
|
||
+ Fix pyauto autofill flakiness when submitting profile info via
|
||
webpage forms (issues: 90232,89784)
|
||
+ Get rid of static TabContentsView::Create function since the
|
||
interface is in content, but the implementations are in chrome.
|
||
(issue: 76697)
|
||
+ Suppress another race with KURLGooglePrivate + Workers.
|
||
(issue 93708)
|
||
+ Add a new content settings type AUTO-SELECT-CERTIFICATE. The
|
||
default value of the new content settings type AUTO-SELECT-CERTIFICATE
|
||
is CONTENT_SETTING_ASK
|
||
+ Add a policy for whitelisting origins for which client certificates
|
||
should be auto selected.
|
||
+ Add a policy to set a default setting for the auto select certificates
|
||
setting.
|
||
-------------------------------------------------------------------
|
||
Mon Aug 22 16:32:16 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.860
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Aug 20 20:47:53 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.859
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Aug 19 05:55:51 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.857
|
||
+ Issue with the close tab button is fixed.
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Aug 16 09:14:32 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.854
|
||
- Enable build of sandbox client as that this is now mandatory
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Aug 7 09:13:32 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Introduce an option to switch the password store for Chromium in
|
||
a more friendlier way, by using the update-alternatives. The user
|
||
has now the option to install a new package (chromium-desktop-kde
|
||
or chromium-desktop-gnome) and based on this the respective
|
||
password store is selected.
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Aug 6 10:09:02 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.846
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jul 30 08:12:51 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 15.0.839
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 21 17:06:31 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 14.0.829
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jul 17 09:15:18 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 14.0.825
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Jul 12 02:26:20 UTC 2011 - nmarques@opensuse.org
|
||
|
||
- Fix for bnc#705223:
|
||
+ Icons are installed in hicolor instead of oxygen, this ensures
|
||
compatibility with open Desktop standards.
|
||
+ Add GTK icon cache update for >= 1140 on %post and %postun.
|
||
+ Removed the .png in %{_datadir}/pixmaps as hicolor is a better
|
||
option.
|
||
+ Add hicolor-icon-theme to BuildRequires and Requires.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 13 11:49:27 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 14.0.792
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Jun 6 08:47:30 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 14.0.786
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Jun 4 07:22:05 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 14.0.785
|
||
|
||
-------------------------------------------------------------------
|
||
Sat May 28 20:05:21 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 13.0.780
|
||
|
||
-------------------------------------------------------------------
|
||
Wed May 25 13:03:04 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 13.0.777
|
||
+ Builds now based on system library for V8.
|
||
+ Removed Shared Library build due to errors. Everything is back
|
||
into one single binary
|
||
+ Added patchfile to build with GCC 4.6
|
||
|
||
-------------------------------------------------------------------
|
||
Sun May 15 12:49:33 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 13.0.767
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Apr 28 17:44:47 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 13.0.751
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 22 06:23:09 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.744
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Apr 18 17:01:00 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.741
|
||
- Include icon-set for Oxygen. (bnc#684728)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Apr 8 15:29:13 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.731
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Apr 3 15:30:49 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.724
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Mar 31 19:28:18 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.721
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Mar 28 18:26:22 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.718
|
||
- Added conflict for xine-browser-plugin
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 16 05:15:44 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.705
|
||
- Included option to detect the password store in /usr/bin/chromium
|
||
(options there are detect,default,gnome,kwallet)
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 11 08:42:36 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 12.0.700
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 9 18:45:16 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.698
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Mar 4 08:08:57 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.691
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 2 18:17:40 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.688
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 27 09:05:00 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.685
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Feb 27 08:52:51 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.683
|
||
* Chromium will now use the internal ICU libraries for all
|
||
openSUSE versions.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Feb 16 23:45:49 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.674
|
||
|
||
-------------------------------------------------------------------
|
||
Tue Feb 15 18:37:51 UTC 2011 - tittiatcoke@gmail.com
|
||
|
||
- Update to 11.0.673
|
||
* For Factory the internal ICU libraries are used as that
|
||
Chromium does not build with the ones provided by Factory
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jan 19 13:23:13 UTC 2011 - prusnak@opensuse.org
|
||
|
||
- add more mimetypes to desktop file
|
||
|
||
|
||
-------------------------------------------------------------------
|
||
Sat Dec 25 09:40:13 UTC 2010 - rwooninck@opensuse.org
|
||
|
||
- update to 10.0.622.0
|
||
|
||
-------------------------------------------------------------------
|
||
Mon Oct 25 14:30:33 UTC 2010 - tittiatcoke@gmail.com
|
||
|
||
- Update to 9.0.564 build
|
||
* Added specific patches for MeeGo.
|
||
* We are now using shared libraries for Chromium
|
||
* Spec-file cleanup (Thanks to prusnak)
|
||
|
||
-------------------------------------------------------------------
|
||
Thu Jul 8 00:13:33 UTC 2010 - cristian.rodriguez@opensuse.org
|
||
|
||
- use jobs instead of a fixed numer of jobs, buildsystem may hang
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Jul 7 20:10:06 UTC 2010 - cristian.rodriguez@opensuse.org
|
||
|
||
- workaround gcc bug, that produces extremely annoying
|
||
failure of the search bar.
|
||
|
||
-------------------------------------------------------------------
|
||
Mon May 24 01:17:14 UTC 2010 - cristian.rodriguez@opensuse.org
|
||
|
||
- do not include %{release} in RPM_VERSION that makes the
|
||
package to republish everytime to users even if there
|
||
are no code changes.
|
||
|
||
-------------------------------------------------------------------
|
||
Wed Mar 10 20:10:14 UTC 2010 - bgmerrell@novell.com
|
||
|
||
- Add master_preferences source file and install it to /etc/chromium.
|
||
- Create a new patch (chromium-master-prefs-path.patch) which tells
|
||
chromium to look in /etc/chromium for the master_preferences file
|
||
(instead of looking in the default directory, which is the same
|
||
directory as the 'chrome' binary).
|
||
|
||
-------------------------------------------------------------------
|
||
* Sun Mar 7 00:00:00 UTC 2010 - tititatcoke@gmail.com
|
||
|
||
- Update to 5.0.347
|
||
+ moved back to static binary again.
|
||
+ No longer depends on system v8
|
||
|
||
-------------------------------------------------------------------
|
||
* Mon Feb 21 00:00:00 UTC 2010 - tititatcoke@gmail.com
|
||
|
||
- Update to 5.0.341
|
||
+ remove courgette build and sources (patent issue)
|
||
+ Move to shared libraries build
|
||
+ Depends on system v8 again
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Jan 24 21:42:27 UTC 2010 - prusnak@suse.cz
|
||
|
||
- added vendor to user agent (chromium-vendor.patch.in)
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Nov 29 14:18:27 UTC 2009 - prusnak@suse.cz
|
||
|
||
- added --enable-sync to wrapper to enable bookmark sync
|
||
|
||
-------------------------------------------------------------------
|
||
* Sun Nov 29 00:00:00 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- Update to 4.0.260
|
||
|
||
-------------------------------------------------------------------
|
||
* Fri Nov 27 00:00:00 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- Update to 4.0.259
|
||
|
||
-------------------------------------------------------------------
|
||
* Thu Nov 26 00:00:00 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- Update to 4.0.258
|
||
|
||
-------------------------------------------------------------------
|
||
* Tue Nov 24 00:00:00 UTC 2009 - tittatcoke@gmai.com
|
||
|
||
- In order to complete prevent the wrong v8 version to be used,
|
||
the Chromium build has been changed to having an built-in v8
|
||
|
||
-------------------------------------------------------------------
|
||
* Tue Nov 24 00:00:00 UTC 2009 - dbuck@example.com
|
||
|
||
- Re-base patches.
|
||
- Fixed a few patch errors.
|
||
- Rename some patches to better correspond with function.
|
||
- Removed some patches.
|
||
- Minor SPEC changes.
|
||
- I changed the v8 requirement to be exact, instead of greater than a specific version.
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Nov 13 20:34:05 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- update to 247.0 svn 31928
|
||
|
||
-------------------------------------------------------------------
|
||
Fri Oct 30 13:58:11 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- update to 229.0 svn 30454
|
||
+ Fix regression where popups and app frames lost their titlebars.
|
||
+ Makes it so that when a folder is open on the bookmark bar
|
||
and the mouse moves over another folder, the menu for that
|
||
folder is shown.
|
||
+ Lazily create the find bar.
|
||
+ Polish to the gmail checker sample.
|
||
* New, crisper icons that are exactly 19x19
|
||
* Add a loading animation at the beginning before Gmail
|
||
responds.
|
||
* Fix a bug where we sometimes don't update the UI after a
|
||
logout/login cycle.
|
||
+ Refactor widget methods to support desktop notifications,
|
||
including GTK stubs.
|
||
+ Find-in-page should not ding while deleting characters.
|
||
+ Add SSL wrapper for linux and mac. This allows notifier to
|
||
use chrome's SSL layer instead of OpenSSL.
|
||
+ Add three of the six extensions to PAC that Internet Explorer supports.
|
||
+ WebSocket support in chromium. (Run with --enable-web-sockets
|
||
enables WebSocket features.)
|
||
+ Do not allow GTK File Chooser dialogs to return directories.
|
||
+ Fix the notifier SSL layer to make notifications work for
|
||
Linux Bookmark sync.
|
||
+ linux: don't override mouse selection behavior in omnibox
|
||
|
||
-------------------------------------------------------------------
|
||
Sun Oct 25 08:37:29 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- Update to 224.4 svn 30027
|
||
+ First cut at new page and browser action docs based
|
||
on new API. Deleted old stuff.
|
||
+ Add suppression for new memory leak caused by WebKit merge 49830:49844
|
||
+ Cleanup: change PIDs to base::ProcessId (or pid_t, as appropriate)
|
||
+ Minimize dependency of user scripts
|
||
+ Fixup the flip_framer eof-handling semantics now that we have
|
||
the FIN bit in place
|
||
+ app depends on x11 because of active_window_watcher_x
|
||
+ Adding two images for the new Extension managment UI
|
||
+ Removing hard-coded Chrome Frame output path
|
||
+ Rearrange clipboard code
|
||
+ Fix crash bug when attempting to download a url with unsupported scheme,
|
||
e.g. 'data:', by 'Alt + Click'
|
||
+ GTK: Change text for extension download UI
|
||
+ Ignore invalid urls on command line
|
||
+ Make dropped tabs animate from where they were dropped.
|
||
+ Make room for the full width of the tab placeholder.
|
||
+ Make tab dragging as smooth as glass.
|
||
+ Remove an annoying NOTIMPLEMNETED
|
||
+ Extensions: guarantee removal of BROWSER_WINDOW_READY registration
|
||
+ If we're in the middle of a drag, don't allow the user to middle
|
||
click to close or right click for the context menu
|
||
+ "Fix" a NOTIMPLEMENTED on Linux by using the default password store
|
||
+ Remove +x bit from files that shouldn't have it
|
||
+ Fold first 3 channels of multichannel instead of 5. Use fixed point
|
||
+ Adding new image needed for the managment UI
|
||
+ Fix a race bug where content scripts would not apply to the first page load
|
||
+ Make escape remove a bookmark if it's just been added (but not if it already existed)
|
||
+ Fix bubbles deactivating the opaque frame
|
||
+ Allow ESC to cancel ALT+SHIFT+T in Toolbar
|
||
+ ake all pepper plugins default to windowless and transparent
|
||
+ Add styles for printing
|
||
+ Implement the new extension management UI
|
||
+ Add support for to automation interface load install and load extensions
|
||
+ GTK: theme the info bar border
|
||
+ Update V8 to version 1.3.16.1
|
||
+ Introduce WebSecurityPolicy for security related methods
|
||
+ New button scheme...borders are separate from the inner contents so
|
||
that they can be highlighted / depressed independently
|
||
+ When opening Chrome maximized with an application window already
|
||
running, the Chrome window was not activated
|
||
+ Fix compatibility problems with FileZilla FTP Server
|
||
+ Remove the extension shelf on Linux
|
||
+ Fix the proxy host and port string to start with http:// if it does not already
|
||
+ Enable HTML5 databases for all extension renderer processes
|
||
|
||
-------------------------------------------------------------------
|
||
* Sat Oct 24 00:00:00 UTC 2009 - prusnak@opensuse.org
|
||
|
||
- don't create desktop files in wrapper
|
||
- fix LD_LIBRARY_PATH (chromium-fix-wrapper.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
* Tue Oct 20 00:00:00 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- update to newer svn snapshot
|
||
+ Obsoletes fwrite patch (included upstream)
|
||
|
||
-------------------------------------------------------------------
|
||
* Fri Oct 16 00:00:00 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- update to newer svn snapshot
|
||
+ Requires newer version of v8
|
||
|
||
-------------------------------------------------------------------
|
||
* Thu Oct 15 00:00:00 UTC 2009 - prusnak@suse.cz
|
||
|
||
- do not force SSE on x86 (drop-sse.patch)
|
||
|
||
-------------------------------------------------------------------
|
||
* Tue Oct 13 00:00:00 UTC 2009 - tittiatcoke@gmail.com
|
||
|
||
- Update to newer svn snapshot
|
||
- Fixed spec file in order to build
|
||
- Included patch to build with system zlib
|
||
|
||
-------------------------------------------------------------------
|
||
* Mon Oct 12 00:00:00 UTC 2009 - prusnak@suse.cz
|
||
|
||
- package renamed to chromium
|
||
- cleaned up spec file
|
||
|
||
-------------------------------------------------------------------
|
||
* Tue Oct 6 00:00:00 UTC 2009 - dbuck@example.com
|
||
|
||
- v8 is now built as a separate package, and is required
|
||
- included many patches to use system libraries:
|
||
v8, icu, libxml2, libxslt, libjpeg, libpng, libevent, bzip2, zlib, nspr, nss
|
||
|
||
-------------------------------------------------------------------
|
||
* Sun Oct 1 00:00:00 UTC 2009 - dbuck@example.com
|
||
|
||
- included a newer DEP than is in svn, native_client@823
|
||
- things should compile cleanly now
|
||
|
||
-------------------------------------------------------------------
|
||
* Sun Aug 31 00:00:00 UTC 2009 - dbuck@example.com
|
||
|
||
- initial build
|
||
|