From 3e972378cee8d82af3f229b753e99d5cef14d9795ae35df023d3b94a51466562 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Fri, 13 Feb 2026 17:32:32 +0100 Subject: [PATCH 1/6] Update submodules from pool/chromium#33 and create patchinfo.20260213163213815955.255638743075857/_patchinfo --- chromium | 2 +- .../_patchinfo | 37 +++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 patchinfo.20260213163213815955.255638743075857/_patchinfo diff --git a/chromium b/chromium index ff3414e..423d777 160000 --- a/chromium +++ b/chromium @@ -1 +1 @@ -Subproject commit ff3414e963a0c31f77d2972e2e713427db98c2f42f186dbd0c25b5d0ef8664ff +Subproject commit 423d7771f642731d9ca31fdc5411c33c409198cbdd47b89b31060d05ac65fac2 diff --git a/patchinfo.20260213163213815955.255638743075857/_patchinfo b/patchinfo.20260213163213815955.255638743075857/_patchinfo new file mode 100644 index 0000000..4131ac6 --- /dev/null +++ b/patchinfo.20260213163213815955.255638743075857/_patchinfo @@ -0,0 +1,37 @@ + + CVE-2026-2321 chromium-browser: Use after free in Ozone + CVE-2026-2317 chromium-browser: Inappropriate implementation in Animation + CVE-2026-2322 chromium-browser: Inappropriate implementation in File input + VUL-0: chromium: release 145.0.7632.45 + CVE-2026-2319 chromium-browser: Race in DevTools + CVE-2026-2315 chromium-browser: Inappropriate implementation in WebGPU + CVE-2026-2318 chromium-browser: Inappropriate implementation in PictureInPicture + CVE-2026-2314 chromium-browser: Heap buffer overflow in Codecs + CVE-2026-2323 chromium-browser: Inappropriate implementation in Downloads + VUL-0: chromium: release 145.0.7632.45 + CVE-2026-2316 chromium-browser: Insufficient policy enforcement in Frames + CVE-2026-2320 chromium-browser: Inappropriate implementation in File input + oertel + important + security + Security update for chromium + This update for chromium fixes the following issues: + +Changes in chromium: + +- Chromium 145.0.7632.45 (boo#1258116) + * jpeg-xl support has been readded + * CVE-2026-2313: Use after free in CSS + * CVE-2026-2314: Heap buffer overflow in Codecs + * CVE-2026-2315: Inappropriate implementation in WebGPU + * CVE-2026-2316: Insufficient policy enforcement in Frames + * CVE-2026-2317: Inappropriate implementation in Animation + * CVE-2026-2318: Inappropriate implementation in PictureInPicture + * CVE-2026-2319: Race in DevTools + * CVE-2026-2320: Inappropriate implementation in File input + * CVE-2026-2321: Use after free in Ozone + * CVE-2026-2322: Inappropriate implementation in File input + * CVE-2026-2323: Inappropriate implementation in Downloads + + chromium + -- 2.51.1 From f366e3a76ff100f00ceba8ba9d32dec42910beb4783579b8f39ccd66d6dc2111 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Fri, 13 Feb 2026 20:41:19 +0100 Subject: [PATCH 2/6] Update patchinfo.20260213163213815955.255638743075857/_patchinfo update patchinfo --- patchinfo.20260213163213815955.255638743075857/_patchinfo | 2 ++ 1 file changed, 2 insertions(+) diff --git a/patchinfo.20260213163213815955.255638743075857/_patchinfo b/patchinfo.20260213163213815955.255638743075857/_patchinfo index 4131ac6..7b0be00 100644 --- a/patchinfo.20260213163213815955.255638743075857/_patchinfo +++ b/patchinfo.20260213163213815955.255638743075857/_patchinfo @@ -18,6 +18,8 @@ This update for chromium fixes the following issues: Changes in chromium: +- Chromium 145.0.7632.67: + * Revert a change in url_fixer that may have caused crashes - Chromium 145.0.7632.45 (boo#1258116) * jpeg-xl support has been readded -- 2.51.1 From c125f5317e60f3890311424b0e2ed5d8b0dbf54b965731a0d6f30ec68a3d263c Mon Sep 17 00:00:00 2001 From: AutoGits PR Review Bot Date: Fri, 13 Feb 2026 19:41:49 +0000 Subject: [PATCH 3/6] auto-created for chromium This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/chromium!33 --- chromium | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chromium b/chromium index 423d777..a4bd5e7 160000 --- a/chromium +++ b/chromium @@ -1 +1 @@ -Subproject commit 423d7771f642731d9ca31fdc5411c33c409198cbdd47b89b31060d05ac65fac2 +Subproject commit a4bd5e799b73380b8b35934808b45217f260dda3b971c033ec2120dc5aa0294b -- 2.51.1 From a8d1ade5b7dd4798bd442b8a84039ec73d0a734602a20fc5f1a8b10c4efa1782 Mon Sep 17 00:00:00 2001 From: AutoGits PR Review Bot Date: Fri, 13 Feb 2026 19:59:46 +0000 Subject: [PATCH 4/6] auto-created for chromium This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/chromium!33 --- chromium | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chromium b/chromium index a4bd5e7..65a7ae5 160000 --- a/chromium +++ b/chromium @@ -1 +1 @@ -Subproject commit a4bd5e799b73380b8b35934808b45217f260dda3b971c033ec2120dc5aa0294b +Subproject commit 65a7ae503754819bdcda10d25664598e4680d3459f46649b93b003594c750f82 -- 2.51.1 From 058e86b532b3ded4ce3d43ba9376ae9342f0232a3e2061875e6ebd44d40d7cd6 Mon Sep 17 00:00:00 2001 From: AutoGits PR Review Bot Date: Tue, 17 Feb 2026 08:34:45 +0000 Subject: [PATCH 5/6] auto-created for chromium This commit was autocreated by AutoGits PR Review Bot referencing PRs: PR: pool/chromium!33 --- chromium | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chromium b/chromium index 65a7ae5..f0003f0 160000 --- a/chromium +++ b/chromium @@ -1 +1 @@ -Subproject commit 65a7ae503754819bdcda10d25664598e4680d3459f46649b93b003594c750f82 +Subproject commit f0003f0c35de44e3da4f9c3d49429d4655f046d28face25f1f7c862c0a15b719 -- 2.51.1 From 5b687c4a592fc4c21d95edda8eb709ac4b133cfaad9830520d612acc6c39e112 Mon Sep 17 00:00:00 2001 From: Robert Frohl Date: Tue, 17 Feb 2026 09:41:20 +0100 Subject: [PATCH 6/6] Update patchinfo.20260213163213815955.255638743075857/_patchinfo update patchinfo for latest pool PR update --- .../_patchinfo | 44 ++++++++++++++----- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/patchinfo.20260213163213815955.255638743075857/_patchinfo b/patchinfo.20260213163213815955.255638743075857/_patchinfo index 7b0be00..c15f249 100644 --- a/patchinfo.20260213163213815955.255638743075857/_patchinfo +++ b/patchinfo.20260213163213815955.255638743075857/_patchinfo @@ -1,16 +1,19 @@ - CVE-2026-2321 chromium-browser: Use after free in Ozone - CVE-2026-2317 chromium-browser: Inappropriate implementation in Animation - CVE-2026-2322 chromium-browser: Inappropriate implementation in File input - VUL-0: chromium: release 145.0.7632.45 - CVE-2026-2319 chromium-browser: Race in DevTools - CVE-2026-2315 chromium-browser: Inappropriate implementation in WebGPU - CVE-2026-2318 chromium-browser: Inappropriate implementation in PictureInPicture - CVE-2026-2314 chromium-browser: Heap buffer overflow in Codecs - CVE-2026-2323 chromium-browser: Inappropriate implementation in Downloads + + + + + + + VUL-0: CVE-2026-2441: chromium: Use after free in CSS (fixed in 145.0.7632.75) + + + VUL-0: chromium: release 145.0.7632.45 - CVE-2026-2316 chromium-browser: Insufficient policy enforcement in Frames - CVE-2026-2320 chromium-browser: Inappropriate implementation in File input + + + + chromium desktop icon shows @@MENUNAME oertel important security @@ -18,6 +21,25 @@ This update for chromium fixes the following issues: Changes in chromium: + +- more fixes for desktop file, some variables were lowercased, + further adaptions in INSTALL script (boo#1258199) + +- also copy rollup into third_party/node/node_modules +- stay on llvm-10 for swiftshader but bring a similar patch + +- drop use of rollup binaries and use rollup-3.x which does not + use prebuilt binaries (that fail at least on older ppc64le) + follow the approach of the debian packaging + +- update/resync ppc64le patches from fedora + +- fix INSTALL.sh again to replace the tags in desktop file, + appdata and manpage (boo#1258199) + +- Chromium 145.0.7632.75: + * CVE-2026-2441: Use after free in CSS (boo#1258185) + - Chromium 145.0.7632.67: * Revert a change in url_fixer that may have caused crashes -- 2.51.1