SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for chromium-66.0.3359.170-158.1.x86_64.rpm :
Fri May 11 14:00:00 2018 astiegerAATTsuse.com
- Chromium 66.0.3359.170 (bsc#1092923):

* Chain leading to sandbox escape:
CVE-2018-6121: Privilege Escalation in extensions
CVE-2018-6122: Type confusion in V8

* CVE-2018-6120: Heap buffer overflow in PDFium

* Various fixes from internal audits, fuzzing and other
initiatives

Wed May 9 14:00:00 2018 tchvatalAATTsuse.com
- Add patch chromium-skia-system-fontconfig.patch to fix
bsc#1092272

Fri May 4 14:00:00 2018 guillaume.gardetAATTopensuse.org
- Enable build on AArch64
- Fix build on AArch64:

* set target_cpu to arm64

* disable tcmalloc and swiftshader for aarch64

* Add new patches:
- chromium-65.0.3325.162-skia-aarch64-buildfix.patch
- chromium-skia-neon.patch

Fri Apr 27 14:00:00 2018 tchvatalAATTsuse.com
- chromium 66.0.3359.139:

* CVE-2018-6118: Use after free in Media Cache (bsc#1091288)

* drop add-missing-blink-tools.patch, now in tarball again

Wed Apr 18 14:00:00 2018 tchvatalAATTsuse.com
- Version bump to chromium 66.0.3359.117 bsc#1090000:

* CVE-2018-6085: Use after free in Disk Cache

* CVE-2018-6086: Use after free in Disk Cache

* CVE-2018-6087: Use after free in WebAssembly

* CVE-2018-6088: Use after free in PDFium

* CVE-2018-6089: Same origin policy bypass in Service Worker

* CVE-2018-6090: Heap buffer overflow in Skia

* CVE-2018-6091: Incorrect handling of plug-ins by Service Worker

* CVE-2018-6092: Integer overflow in WebAssembly

* CVE-2018-6093: Same origin bypass in Service Worker

* CVE-2018-6094: Exploit hardening regression in Oilpan

* CVE-2018-6095: Lack of meaningful user interaction requirement before file upload

* CVE-2018-6096: Fullscreen UI spoof

* CVE-2018-6097: Fullscreen UI spoof

* CVE-2018-6098: URL spoof in Omnibox

* CVE-2018-6099: CORS bypass in ServiceWorker

* CVE-2018-6100: URL spoof in Omnibox

* CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools

* CVE-2018-6102: URL spoof in Omnibox

* CVE-2018-6103: UI spoof in Permissions

* CVE-2018-6104: URL spoof in Omnibox

* CVE-2018-6105: URL spoof in Omnibox

* CVE-2018-6106: Incorrect handling of promises in V8

* CVE-2018-6107: URL spoof in Omnibox

* CVE-2018-6108: URL spoof in Omnibox

* CVE-2018-6109: Incorrect handling of files by FileAPI

* CVE-2018-6110: Incorrect handling of plaintext files via file://

* CVE-2018-6111: Heap-use-after-free in DevTools

* CVE-2018-6112: Incorrect URL handling in DevTools

* CVE-2018-6113: URL spoof in Navigation

* CVE-2018-6114: CSP bypass

* CVE-2018-6115: SmartScreen bypass in downloads

* CVE-2018-6116: Incorrect low memory handling in WebAssembly

* CVE-2018-6117: Confusing autofill settings

* Various fixes from internal audits, fuzzing and other initiatives
- Remove obsolete patches:

* chromium-compiler.patch

* chromium-glibc-2.27.patch

* chromium-vaapi-init.patch

* exclude_ymp.diff

* fix-gn-bootstrap.diff

* fix_network_api_crash.patch

* mojo.patch
- Add new patches:

* chromium-ffmpeg.patch

* chromium-gcc7.patch

* exclude_ymp.patch

* fix-gn-bootstrap.patch
- Rebase patches:

* chromium-master-prefs-path.patch

* chromium-non-void-return.patch

* chromium-sandbox-pie.patch

* chromium-vaapi.patch
- Add patch to fix missing folder from tarball:

* add-missing-blink-tools.patch

Sun Apr 8 14:00:00 2018 tchvatalAATTsuse.com
- Add vaapi patches:

* chromium-vaapi-init.patch

* chromium-vaapi.patch

Fri Apr 6 14:00:00 2018 tchvatalAATTsuse.com
- Use memory-constraints package to limit threads as needed

Wed Mar 21 13:00:00 2018 astiegerAATTsuse.com
- Update to Chromium 65.0.3325.181:

* Various security relevant fixes from internal audits, fuzzing
and other initiatives (boo#1086124)

Tue Mar 20 13:00:00 2018 tchvatalAATTsuse.com
- Use both freetype and harfbuzz either bundled or system

Wed Mar 14 13:00:00 2018 tchvatalAATTsuse.com
- Version update to 65.0.3325.162:

* Various stability fixes only

Wed Mar 14 13:00:00 2018 tchvatalAATTsuse.com
- Bundle the harfbuzz on < 15.0 release as we would have to
use requires_ge for the library itself later on otherwise

Fri Mar 9 13:00:00 2018 tchvatalAATTsuse.com
- Make sure to require gcc7
- Add patch chromium-drm.patch to make sure to build with Leap 42.3
variant of libdrm

Thu Mar 8 13:00:00 2018 tchvatalAATTsuse.com
- Version update to 65.0.3325.146 bsc#1084296:

* High CVE-2017-11215: Use after free in Flash.

* High CVE-2017-11225: Use after free in Flash.

* High CVE-2018-6060: Use after free in Blink.

* High CVE-2018-6061: Race condition in V8.

* High CVE-2018-6062: Heap buffer overflow in Skia.

* High CVE-2018-6057: Incorrect permissions on shared memory.

* High CVE-2018-6063: Incorrect permissions on shared memory.

* High CVE-2018-6064: Type confusion in V8.

* High CVE-2018-6065: Integer overflow in V8.

* Medium CVE-2018-6066: Same Origin Bypass via canvas.

* Medium CVE-2018-6067: Buffer overflow in Skia.

* Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.

* Medium CVE-2018-6069: Stack buffer overflow in Skia.

* Medium CVE-2018-6070: CSP bypass through extensions.

* Medium CVE-2018-6071: Heap bufffer overflow in Skia.

* Medium CVE-2018-6072: Integer overflow in PDFium.

* Medium CVE-2018-6073: Heap bufffer overflow in WebGL.

* Medium CVE-2018-6074: Mark-of-the-Web bypass.

* Medium CVE-2018-6075: Overly permissive cross origin downloads.

* Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.

* Medium CVE-2018-6077: Timing attack using SVG filters.

* Medium CVE-2018-6078: URL Spoof in OmniBox.

* Medium CVE-2018-6079: Information disclosure via texture data in WebGL.

* Medium CVE-2018-6080: Information disclosure in IPC call.

* Low CVE-2018-6081: XSS in interstitials.

* Low CVE-2018-6082: Circumvention of port blocking.

* Low CVE-2018-6083: Incorrect processing of AppManifests.
- Add new patches:

* chromium-compiler.patch

* chromium-glibc-2.27.patch

* mojo.patch
- Drop patches:

* chromium-angle.patch

* chromium-memcpy.patch
- Update constraints
- Refresh patch chromium-non-void-return.patch to include more
fixes

Sat Feb 24 13:00:00 2018 astiegerAATTsuse.com
- Chromium 64.0.3282.186:

* Various minor bug fixes

Wed Feb 14 13:00:00 2018 astiegerAATTsuse.com
- update to 64.0.3282.167 (bsc#1080920):

* CVE-2018-6056: Incorrect derived class instantiation in V8

Fri Feb 2 13:00:00 2018 tchvatalAATTsuse.com
- Version update to 64.0.3282.140 bsc#1079021:

* Various asan fixes bsc#1078463 CVE-2018-6406

Fri Feb 2 13:00:00 2018 dimstarAATTopensuse.org
- Eliminate build dependency on procps: we only used it to run
\'free\', in order to find out how much RAM we have available. We
can get this information directly from the kernel, from
/proc/meminfo.

Mon Jan 29 13:00:00 2018 tchvatalAATTsuse.com
- Fix default page to not point to 404

Mon Jan 29 13:00:00 2018 tchvatalAATTsuse.com
- Install swiftshader objects too as they are needed

Fri Jan 26 13:00:00 2018 tchvatalAATTsuse.com
- Disable ozone stuff conditions for now as the headless mode
breaks up runtime bsc#1077722

Thu Jan 25 13:00:00 2018 tchvatalAATTsuse.com
- Switch to gcc7 on Leap builds

Thu Jan 25 13:00:00 2018 tchvatalAATTsuse.com
- Version update to 64.0.3282.119 bsc#1077571:

* High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01

* High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (AATTshhnjk) on 2017-11-20

* High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09

* Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12

* Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

* Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK\'s National Cyber Security Centre (NCSC) on 2017-11-30

* Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09

* Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12

* Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17

* Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent\'s Xuanwu Lab on 2017-10-26

* Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29

* Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12

* Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16

* Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23

* Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31

* Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08

* Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (AATTshhnjk) on 2017-09-08

* Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (AATT_aaspring_) on 2017-10-05

* Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent\'s Xuanwu Lab on 2017-10-13

* Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15

* Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (AATTasanso) on 2014-12-11

* Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28

* Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23

* Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
- Add patches:

* chromium-angle.patch

* chromium-memcpy.patch
- Drop patch:

* chromium-gcc.patch
- Change desktop file name to fit bellow the icon on ie KDE desktop

Thu Jan 4 13:00:00 2018 astiegerAATTsuse.com
- Chromium 63.0.3239.132:

* DevTools: do not report raw headers and cookies for protected
subresources

* Various other fixes and updates

Fri Dec 15 13:00:00 2017 tchvatalAATTsuse.com
- Version update to 63.0.3239.108 bsc#1072976:

* CVE-2017-15429: UXSS in V8

* Various fuzzing fixes

Thu Dec 7 13:00:00 2017 tchvatalAATTsuse.com
- Version update to 63.0.3239.84 bsc#1071691:

* Critical CVE-2017-15407: Out of bounds write in QUIC.

* High CVE-2017-15408: Heap buffer overflow in PDFium.

* High CVE-2017-15409: Out of bounds write in Skia.

* High CVE-2017-15410: Use after free in PDFium.

* High CVE-2017-15411: Use after free in PDFium.

* High CVE-2017-15412: Use after free in libXML.

* High CVE-2017-15413: Type confusion in WebAssembly.

* Medium CVE-2017-15415: Pointer information disclosure in IPC call.

* Medium CVE-2017-15416: Out of bounds read in Blink.

* Medium CVE-2017-15417: Cross origin information disclosure in Skia.

* Medium CVE-2017-15418: Use of uninitialized value in Skia.

* Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink.

* Medium CVE-2017-15420: URL spoofing in Omnibox.

* Medium CVE-2017-15422: Integer overflow in ICU.

* Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.

* Low CVE-2017-15424: URL Spoof in Omnibox.

* Low CVE-2017-15425: URL Spoof in Omnibox.

* Low CVE-2017-15426: URL Spoof in Omnibox.

* Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
- Rebase fix-gn-bootstrap.diff
- Drop merged patches:

* chromium-gcc5.patch

* chromium-60.0.3112.113-breakpad-ucontext.patch

* chromium-62.0.3202.62-correct-cplusplus-check.patch
- Add new patches:

* chromium-non-void-return.patch

* chromium-gcc.patch

Wed Nov 22 13:00:00 2017 idonmezAATTsuse.com
- BuildRequire nodejs8 instead of nodejs6 for suse_version >= 1330

Wed Nov 15 13:00:00 2017 astiegerAATTsuse.com
- Update to 62.0.3202.94:

* multiple minor rendering related fixes
- fix rebuilds in same chroot

Tue Nov 7 13:00:00 2017 tchvatalAATTsuse.com
- Version update to 62.0.3202.89 bsc#1066851:

* CVE-2017-15398: Stack buffer overflow in QUIC

* CVE-2017-15399: Use after free in V8
- Drop upstream merged chromium-sandbox.patch

Fri Nov 3 13:00:00 2017 tchvatalAATTsuse.com
- Restrict the version on jpeg to not waste build power

Sun Oct 29 13:00:00 2017 tchvatalAATTsuse.com
- Add patch to fix sandbox crashes wrt bsc#1064298

* chromium-sandbox.patch

Fri Oct 27 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 62.0.3202.75 bsc#1065405 CVE-2017-15396

* CVE-2017-15396: Stack overflow in V8

Thu Oct 26 14:00:00 2017 astiegerAATTsuse.com
- BuildRequire nodejs6 required for polymer-bundler.js

Thu Oct 26 14:00:00 2017 tchvatalAATTsuse.com
- Try to export properly CXX/CC variable to fix leap builds

Wed Oct 25 14:00:00 2017 tchvatalAATTsuse.com
- Apply patch to fix building crc32 with gcc7:

* chromium-62.0.3202.62-correct-cplusplus-check.patch

Thu Oct 19 14:00:00 2017 tchvatalAATTsuse.com
- Update to 62.0.3202.62 bsc#1064066:

* CVE-2017-5124: UXSS with MHTML.

* CVE-2017-5125: Heap overflow in Skia.

* CVE-2017-5126: Use after free in PDFium.

* CVE-2017-5127: Use after free in PDFium.

* CVE-2017-5128: Heap overflow in WebGL.

* CVE-2017-5129: Use after free in WebAudio.

* CVE-2017-5132: Incorrect stack manipulation in WebAssembly.

* CVE-2017-5130: Heap overflow in libxml2.

* CVE-2017-5131: Out of bounds write in Skia.

* CVE-2017-5133: Out of bounds write in Skia.

* CVE-2017-15386: UI spoofing in Blink.

* CVE-2017-15387: Content security bypass.

* CVE-2017-15388: Out of bounds read in Skia.

* CVE-2017-15389: URL spoofing in OmniBox.

* CVE-2017-15390: URL spoofing in OmniBox.

* CVE-2017-15391: Extension limitation bypass in Extensions.

* CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.

* CVE-2017-15393: Referrer leak in Devtools.

* CVE-2017-15394: URL spoofing in extensions UI.

* CVE-2017-15395: Null pointer dereference in ImageCapture.
- Drop unused patches:

* arm-webrtc-fix.patch

* arm_use_right_compiler.patch

* chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch

* chromium-atk.patch

* chromium-mojo-dep.patch

* gcc60-fixes.diff
- Refresh patches:

* chromium-gcc5.patch

* chromium-prop-codecs.patch

* exclude_ymp.diff

* fix-gn-bootstrap.diff

Fri Sep 22 14:00:00 2017 astiegerAATTsuse.com
- Update to 61.0.3163.100 (boo#1060019):

* CVE-2017-5121: Out-of-bounds access in V8

* CVE-2017-5122: Out-of-bounds access in V8

* Various fixes from internal audits, fuzzing and other initiatives

Sat Sep 16 14:00:00 2017 tchvatalAATTsuse.com
- Update to 61.0.3163.91:

* Various bugfixes

Mon Sep 11 14:00:00 2017 tchvatalAATTsuse.com
- Update to 61.0.3163.79 bsc#1057364:

* CVE-2017-5111: Use after free in PDFium.

* CVE-2017-5112: Heap buffer overflow in WebGL.

* CVE-2017-5113: Heap buffer overflow in Skia.

* CVE-2017-5114: Memory lifecycle issue in PDFium.

* CVE-2017-5115: Type confusion in V8.

* CVE-2017-5116: Type confusion in V8.

* CVE-2017-5117: Use of uninitialized value in Skia.

* CVE-2017-5118: Bypass of Content Security Policy in Blink.

* CVE-2017-5119: Use of uninitialized value in Skia.

* CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
- Rebase patch:

* fix-gn-bootstrap.diff
- Remove patches:

* chromium-gcc7.patch

* chromium-override.patch
- Add new patches:

* chromium-atk.patch

* chromium-gcc5.patch

* chromium-mojo-dep.patch
- Gtk3 is hard required from now on
- Version some of the required dependencies

Mon Aug 28 14:00:00 2017 astiegerAATTsuse.com
- fix build with Factory glibc:
add chromium-60.0.3112.113-breakpad-ucontext.patch

Fri Aug 25 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 60.0.3112.113:

* Various bugfixes

Tue Aug 15 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 60.0.3112.101:

* various usability bugfixes

Thu Aug 3 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 60.0.3112.90:

* Various usability bugfixes

Wed Jul 26 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 60.0.3112.78 bsc#1050537:

* CVE-2017-5091: Use after free in IndexedDB

* CVE-2017-5092: Use after free in PPAPI

* CVE-2017-5093: UI spoofing in Blink

* CVE-2017-5094: Type confusion in extensions

* CVE-2017-5095: Out-of-bounds write in PDFium

* CVE-2017-5096: User information leak via Android intents

* CVE-2017-5097: Out-of-bounds read in Skia

* CVE-2017-5098: Use after free in V8

* CVE-2017-5099: Out-of-bounds write in PPAPI

* CVE-2017-5100: Use after free in Chrome Apps

* CVE-2017-5101: URL spoofing in OmniBox

* CVE-2017-5102: Uninitialized use in Skia

* CVE-2017-5103: Uninitialized use in Skia

* CVE-2017-5104: UI spoofing in browser

* CVE-2017-7000: Pointer disclosure in SQLite

* CVE-2017-5105: URL spoofing in OmniBox

* CVE-2017-5106: URL spoofing in OmniBox

* CVE-2017-5107: User information leak via SVG

* CVE-2017-5108: Type confusion in PDFium

* CVE-2017-5109: UI spoofing in browser

* CVE-2017-5110: UI spoofing in payments dialog

* Various fixes from internal audits, fuzzing and other initiatives
- Add patch chromium-override.patch
- Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch
- Rebase patches:

* chromium-dma-buf.patch

* chromium-gcc7.patch

* chromium-last-commit-position-r0.patch

* fix-gn-bootstrap.diff

Mon Jul 24 14:00:00 2017 tchvatalAATTsuse.com
- Recommend emoji fonts to make sure major web chats do not show
questionmarks

Wed Jun 28 14:00:00 2017 tchvatalAATTsuse.com
- Update to 59.0.3071.115:

* Various small fixes all around

Fri Jun 23 14:00:00 2017 astiegerAATTsuse.com
- Update to 59.0.3071.109:

* ozone/drm: Only reuse ScanoutBuffers with compatible modifiers

* Fixing mouse focus on WebView

* Remove gtk dependency from gles tests

* Set build flag when using own FreeType

* Revert of [scheduler] Move some task types to suspendable task runner

* Fix an incorrect method name on the chrome://site-engagement WebUI page

* Linux/Windows: Removing Guest menu item for supervised profile

Fri Jun 16 14:00:00 2017 astiegerAATTsuse.com
- Update to 59.0.3071.104 (bsc#1044690):

* CVE-2017-5087: Sandbox Escape in IndexedDB

* CVE-2017-5088: Out of bounds read in V8

* CVE-2017-5089: Domain spoofing in Omnibox

* Various fixes from internal audits, fuzzing and other initiatives

Thu Jun 8 14:00:00 2017 tchvatalAATTsuse.com
- Add patch chromium-buildname.patch bsc#1043420

Tue Jun 6 14:00:00 2017 tchvatalAATTsuse.com
- Update to 59.0.3071.86 bsc#1042833:

* CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(AATTS0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16

* CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26

* CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07

* CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28

* CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09

* CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05

* CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16

* CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06

* CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28

* CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12

* CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20

* CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05

* CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (AATTL1kvID) Yandex Security Team on 2016-12-07

* CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11

* CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24

* CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- Add patch to fix build with system dma:

* chromium-dma-buf.patch
- Drop no longer needed patches:

* chromium-linker-memory.patch

* chromium-system-jinja-r13.patch
- Refresh patches:

* chromium-gcc7.patch

* chromium-system-ffmpeg-r3.patch

* fix-gn-bootstrap.diff
- Use bundled libxml

* Upstream unfortunately uses git snapshot that is not api/abi compatible

Mon Jun 5 14:00:00 2017 tchvatalAATTsuse.com
- Add patch to build with gcc7:

* chromium-gcc7.patch
- Add patch for fpermissive build error:

* chromium-fpermissive.patch

Wed May 10 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 58.0.3029.110:

* Various small bugfixes

Thu May 4 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 58.0.3029.96:

* Fixes bsc#1037594 CVE-2017-5068

Tue Apr 25 14:00:00 2017 tchvatalAATTsuse.com
- Use bundled jinja2, system one changed in 2.9 too much to work

* It is at least used only during build

Fri Apr 21 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 58.0.3029.81 bsc#1035103:

* High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360

* High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani

* High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro\'s Zero Day Initiative

* Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng

* Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (AATTgnehsoah)

* Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous

* Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip

* Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar

* Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani

* Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu

* Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani

* Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
- Refresh patch fix-gn-bootstrap.diff
- Refresh patch chromium-system-jinja-r13.patch
- Remove obsolete patch chromium-57-gcc4.patch

Thu Mar 30 14:00:00 2017 tchvatalAATTsuse.com
- Version update to 57.0.2987.133 bsc#1031677:

* Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar

* High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs

* High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin

* High CVE-2017-5056: Use after free in Blink. Credit to anonymous

* High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

Fri Mar 24 13:00:00 2017 tchvatalAATTsuse.com
- Drop the browser(npapi) provide which is not true

Sun Mar 19 13:00:00 2017 tchvatalAATTsuse.com
- Add patch to build with gcc4

* chromium-57-gcc4.patch

Thu Mar 16 13:00:00 2017 tchvatalAATTsuse.com
- Do not use gcc5 and newer as the compat was fixed again
- Update to 57.0.2987.110 with various other small tweaks

Fri Mar 10 13:00:00 2017 tchvatalAATTsuse.com
- Version update to 57.0.2987.98 bsc#1028848:
CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034
CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040
CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043
CVE-2017-5044 CVE-2017-5045 CVE-2017-5046
- Refresh patches

* fix-gn-bootstrap.diff

* chromium-linker-memory.patch
- Remove obsolete patches:

* chromium-sandbox.patch

* chromium-54-ffmpeg2compat.patch
- Remove vaapi patch which broke rendering on non-intel cards:

* chromium-enable-vaapi-on-suse.patch
- From this release onwards i586 build is disabled

Wed Feb 15 13:00:00 2017 idonmezAATTsuse.com
- Also add harfbuzz-ng to keeplibs for SLE

Mon Feb 6 13:00:00 2017 tchvatalAATTsuse.com
- Add condition for system harfbuzz to be disabled on SLE

Mon Feb 6 13:00:00 2017 qvoheagbfovvhubzdxfxAATTposteo.net
- Fixed a typo in the build requirements for system minizip.

Fri Feb 3 13:00:00 2017 tchvatalAATTsuse.com
- Version update to 56.0.2924.87:

* Various small fixes

* Disabled option to enable/disable plugins in the chrome://plugins

Thu Feb 2 13:00:00 2017 qvoheagbfovvhubzdxfxAATTposteo.net
- Added the package \'chromium-privacy\' with multiple patches
sourced from the release version on https://github.com/
u4qo60z73t1c4hurv3ny/privacy_patches-oS_cr, which, when enabled
with the build option \'privacy\', builds a version of Chromium
with less privacy implications due to Google services
integration.

Wed Feb 1 13:00:00 2017 qvoheagbfovvhubzdxfxAATTposteo.net
- Changed the build requirement of libavformat to library version
57.41.100, as included in ffmpeg 3.1.1, as only this version
properly supports the public AVStream API \'codecpar\'.

Tue Jan 31 13:00:00 2017 tchvatalAATTsuse.com
- Version update to 56.0.2924.76 bsc#1022049:
- CVE-2017-5007: Universal XSS in Blink
- CVE-2017-5006: Universal XSS in Blink
- CVE-2017-5008: Universal XSS in Blink
- CVE-2017-5010: Universal XSS in Blink
- CVE-2017-5011: Unauthorised file access in Devtools
- CVE-2017-5009: Out of bounds memory access in WebRTC
- CVE-2017-5012: Heap overflow in V8
- CVE-2017-5013: Address spoofing in Omnibox
- CVE-2017-5014: Heap overflow in Skia
- CVE-2017-5015: Address spoofing in Omnibox
- CVE-2017-5019: Use after free in Renderer
- CVE-2017-5016: UI spoofing in Blink
- CVE-2017-5017: Uninitialised memory access in webm video
- CVE-2017-5018: Universal XSS in chrome://apps
- CVE-2017-5020: Universal XSS in chrome://downloads
- CVE-2017-5021: Use after free in Extensions
- CVE-2017-5022: Bypass of Content Security Policy in Blink
- CVE-2017-5023: Type confusion in metrics
- CVE-2017-5024: Heap overflow in FFmpeg
- CVE-2017-5025: Heap overflow in FFmpeg
- CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- Add conditional to switch between system and bundled icu
- Raise dependency on harfbuzz to 1.3.1
- Also refresh patches:
chromium-prop-codecs.patch chromium-linker-memory.patch

Sat Jan 28 13:00:00 2017 qvoheagbfovvhubzdxfxAATTposteo.net
- Added patch chromium-enable-vaapi-on-suse.patch to enable
VAAPI hardware accelerated video decoding.

Wed Dec 21 13:00:00 2016 astiegerAATTsuse.com
- Chromium 55.0.2883.87:

* various fixes for crashes and specific wesites

* update Google pinned certificates

Wed Dec 21 13:00:00 2016 tchvatalAATTsuse.com
- Disable system icu on Factory, crashes autofill

Tue Dec 13 13:00:00 2016 idonmezAATTsuse.com
- python-html5lib now depends on six, so preserve that too for SLE
builds.

Fri Dec 9 13:00:00 2016 astiegerAATTsuse.com
- Obsolete ffmpeg and ffmpegsumo package in addition to conflict

Mon Dec 5 13:00:00 2016 astiegerAATTsuse.com
- record minimum version for harfbuzz, incuding runtime
Chromium will crash with harfbuzz < 1.3.0

Sat Dec 3 13:00:00 2016 tchvatalAATTsuse.com
- Chromium 55.0.2883.75 bnc#1013236:
CVE-2016-9651 CVE-2016-5208 CVE-2016-5207 CVE-2016-5206 CVE-2016-5205
CVE-2016-5204 CVE-2016-5209 CVE-2016-5203 CVE-2016-5210 CVE-2016-5212
CVE-2016-5211 CVE-2016-5213 CVE-2016-5214 CVE-2016-5216 CVE-2016-5215
CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5221 CVE-2016-5220
CVE-2016-5222 CVE-2016-9650 CVE-2016-5223 CVE-2016-5226 CVE-2016-5225
CVE-2016-5224 CVE-2016-9652
- Switch to system libraries: harfbuzz, zlib, ffmpeg, ...
- Refreshed patches:

* chromium-system-ffmpeg-r3.patch

* chromium-system-jinja-r13.patch
- Use system ffmpeg unless on 13.2 that didn\'t include it

* chromium-54-ffmpeg2compat.patch

* Remove upstreamed chromium-more-codec-aliases.patch
- Remove bookmarks override as discussed with artwork simply just set
homepage to our openSUSE one and that is all

Sat Nov 12 13:00:00 2016 astiegerAATTsuse.com
- Chromium 54.0.2840.100:

* CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)

* CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)

* CVE-2016-5201: info leak in extensions (boo#1009894)

* CVE-2016-5202: various fixes from internal audits (boo#1009895)

Mon Nov 7 13:00:00 2016 tchvatalAATTsuse.com
- Add patch chromium-prop-codecs.patch and set properly the codecs
variable in main scope to allow ffmpeg passthrough
bnc#1008725

Wed Nov 2 13:00:00 2016 tchvatalAATTsuse.com
- Update to 54.0.2840.90:

* Few fixes and tweaks

* Fixes CVE-2016-5198 bsc#1008274

Fri Oct 21 14:00:00 2016 tchvatalAATTsuse.com
- Update to 54.0.2840.71:

* Few fixes around

Thu Oct 13 14:00:00 2016 tchvatalAATTsuse.com
- Version update to 54.0.2840.59 bnc#1004465:
- CVE-2016-5181: Universal XSS in Blink (Anonymous)
- CVE-2016-5182: Heap overflow in Blink (Giwan Go of STEALIEN)
- CVE-2016-5183: Use after free in PDFium (Anonymous)
- CVE-2016-5184: Use after free in PDFium (Anonymous)
- CVE-2016-5185: Use after free in Blink (cloudfuzzer)
- CVE-2016-5187: URL spoofing (Luan Herrera)
- CVE-2016-5188: UI spoofing (Luan Herrera)
- CVE-2016-5192: Cross-origin bypass in Blink (haojunhou at gmail)
- CVE-2016-5189: URL spoofing (xisigr of Tencent\'s Xuanwu Lab)
- CVE-2016-5186: Out of bounds read in DevTools (Abdulrahman Alqabandi)
- CVE-2016-5191: Universal XSS in Bookmarks (Gareth Hughes)
- CVE-2016-5190: Use after free in Internals (Atte Kettunen of OUSPG)
- CVE-2016-5193: Scheme bypass (Yuyang ZHOUmartinzhou96)
- packaging changes:

* disable build for chromium-beta on %arm.

* Make linker use less memory by tweaking its options:
chromium-linker-memory.patch

* obsolete desktop subpackages

* Switch to gold to reduce memory use use during build

* fix build on 4.5+ kernels with systemlibs:
chromium-sandbox.patch

* various compiler and linker flag adjustments

* enable gtk3 ui, add patch gtk3-missing-define.patch

* switch from some bundled libraries to the system versions
chromium-system-ffmpeg-r3.patch
chromium-system-jinja-r13.patch
fix-gn-bootstrap.diff

* remove service file covered by download_files
- run time bug fixes:

* Add --ui-disable-partial-swap to the launcher bnc#1000019

* Use default chromium values from master_preferences on first run
rather than pseudo-duplicating in shellscript
- added features:

* hangouts extension

Fri Sep 30 14:00:00 2016 tchvatalAATTsuse.com
- Version update to 53.0.2785.143 bnc#1002140:

* CVE-2016-5177: Use after free in V8

* CVE-2016-5178: Various fixes from internal audits

Mon Sep 26 14:00:00 2016 dimstarAATTopensuse.org
- Export GDK_BACKEND=x11 before starting chromium, ensuring that
it\'s started as an Xwayland client (boo#1001135).

Sat Sep 17 14:00:00 2016 tchvatalAATTsuse.com
- Apply sandbox patch to fix crashers on tumbleweed bnc#999091

* chromium-sandbox.patch

Thu Sep 15 14:00:00 2016 tchvatalAATTsuse.com
- Version update stable channel 53.0.2785.116

* Just smal bugfixes around

Wed Sep 14 14:00:00 2016 tchvatalAATTsuse.com
- Version update to 53.0.2785.113 bnc#998743:

* CVE-2016-5170 Use after free in Blink

* CVE-2016-5171 Use after free in Blink

* CVE-2016-5172 Arbitrary Memory Read in v8

* CVE-2016-5173 Extension resource access

* CVE-2016-5174 Popup not correctly suppressed

* CVE-2016-5175 Various fixes from internal audits

Mon Sep 12 14:00:00 2016 tchvatalAATTsuse.com
- Reenable widevine build again bnc#998328

Sat Sep 10 14:00:00 2016 tchvatalAATTsuse.com
- Stable channel update to 53.0.2785.101

* SPDY crasher fixes

* Disable NV12 DXGI video on AMD

* Forward --password-store switch to os_crypt

* Tell the kernel to discard USB requests when they time out.

Wed Sep 7 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 53.0.2785.92:

* Revert of support relocatable RPM packages

* disallow WKBackForwardListItem navigations for pushState pages

* arc: bluetooth: Fix advertised uuid

* fix conflicting PendingIntent for stop button and swipe away

Thu Sep 1 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 53.0.2785.89
- Improvements to the GN build system (boo#996032, boo#99606, boo#995932)
- Security fixes (boo#996648)

* CVE-2016-5147: Universal XSS in Blink.

* CVE-2016-5148: Universal XSS in Blink.

* CVE-2016-5149: Script injection in extensions.

* CVE-2016-5150: Use after free in Blink.

* CVE-2016-5151: Use after free in PDFium.

* CVE-2016-5152: Heap overflow in PDFium.

* CVE-2016-5153: Use after destruction in Blink.

* CVE-2016-5154: Heap overflow in PDFium.

* CVE-2016-5155: Address bar spoofing.

* CVE-2016-5156: Use after free in event bindings.

* CVE-2016-5157: Heap overflow in PDFium.

* CVE-2016-5158: Heap overflow in PDFium.

* CVE-2016-5159: Heap overflow in PDFium.

* CVE-2016-5161: Type confusion in Blink.

* CVE-2016-5162: Extensions web accessible resources bypass.

* CVE-2016-5163: Address bar spoofing.

* CVE-2016-5164: Universal XSS using DevTools.

* CVE-2016-5165: Script injection in DevTools.

* CVE-2016-5166: SMB Relay Attack via Save Page As.

* CVE-2016-5160: Extensions web accessible resources bypass.
- Drop patches chromium-snapshot-toolchain-r1.patch

Sat Aug 27 14:00:00 2016 tittiatcokeAATTgmail.com
- Make it build on ARM.

* Add build patch arm_use_right_compiler.patch
- Drop unnecessary patches:

* chromium-arm-r0.patch

Mon Aug 22 14:00:00 2016 tittiatcokeAATTgmail.com
- Change buildsystem to GN, which is the new upstream default

* Make Ninja only use 4 buildprocesses for building Chromium itself

* Drop unnecessary patches
- chromium-gcc-fixes.patch
- adjust-ldflags-no-keep-memory.patch
- gcc50-fixes.diff

* Add patches to ensure correct build
- chromium-last-commit-position-r0.patch
- chromium-snapshot-toolchain-r1.patch

* Drop unnecessary sourcefiles
- courgette.tar.xz
- depot_tools.tar.xz
- gn-binaries.tar.xz

Fri Aug 12 14:00:00 2016 tittiatcokeAATTgmail.com
- Use an explicit number of ninja build processes (-j 4), to
further reduce the memory used.

Fri Aug 5 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 52.0.2743.116:

* Security fixes (boo#992305):
+ CVE-2016-5141: Address bar spoofing (boo#992314)
+ CVE-2016-5142: Use-after-free in Blink (boo#992313)
+ CVE-2016-5139: Heap overflow in pdfium (boo#992311)
+ CVE-2016-5140: Heap overflow in pdfium (boo#992310)
+ CVE-2016-5145: Same origin bypass for images in Blink
(boo#992320)
+ CVE-2016-5143: Parameter sanitization failure in DevTools
(boo#992319)
+ CVE-2016-5144: Parameter sanitization failure in DevTools
(boo#992315)
+ CVE-2016-5146: Various fixes from internal audits, fuzzing
and other initiatives (boo#992309)

Thu Jul 21 14:00:00 2016 tittiatcokeAATTgmail.com
- Temporarily disable fix_network_api_crash.patch. Upstream has
changed part of their code, so hopefully that resolved the issue

Thu Jul 21 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 52.0.2743.82

* Security fixes (boo#989901):
+ CVE-2016-1706: Sandbox escape in PPAPI
+ CVE-2016-1707: URL spoofing on iOS
+ CVE-2016-1708: Use-after-free in Extensions
+ CVE-2016-1709: Heap-buffer-overflow in sfntly
+ CVE-2016-1710: Same-origin bypass in Blink
+ CVE-2016-1711: Same-origin bypass in Blink
+ CVE-2016-5127: Use-after-free in Blink
+ CVE-2016-5128: Same-origin bypass in V8
+ CVE-2016-5129: Memory corruption in V8
+ CVE-2016-5130: URL spoofing
+ CVE-2016-5131: Use-after-free in libxml
+ CVE-2016-5132: Limited same-origin bypass in Service Workers
+ CVE-2016-5133: Origin confusion in proxy authentication
+ CVE-2016-5134: URL leakage via PAC script
+ CVE-2016-5135: Content-Security-Policy bypass
+ CVE-2016-5136: Use after free in extensions
+ CVE-2016-5137: History sniffing with HSTS and CSP
+ CVE-2016-1705: Various fixes from internal audits, fuzzing
and other initiatives

Mon Jul 11 14:00:00 2016 Nick_LevinsonAATTyahoo.com
- Clarification/correction to chromium-desktop-gnome and
chromium-desktop-kde software descriptions due to passwords
preservation reported by Chromium developer

Fri Jun 24 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 51.0.2704.106

* No changelog indicated

Thu Jun 23 14:00:00 2016 tittiatcokeAATTgmail.com
- Add gcc60-fixes.diff to resolve the crashes observed with
chromium when compiled with GCC6

Fri Jun 17 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 51.0.2704.103

* Security fixes:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and
other initiatives (boo#985397)

Tue Jun 7 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 51.0.2704.84

* No further changelog

Thu Jun 2 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 51.0.2704.79 [boo#982719]

* Security fixes:
- CVE-2016-1696: Cross-origin bypass in Extension bindings
- CVE-2016-1697: Cross-origin bypass in Blink
- CVE-2016-1698: Information leak in Extension bindings
- CVE-2016-1699: Parameter sanitization failure in DevTools
- CVE-2016-1700: Use-after-free in Extensions
- CVE-2016-1701: Use-after-free in Autofill
- CVE-2016-1702: Out-of-bounds read in Skia
- CVE-2016-1703: Various fixes from internal audits, fuzzing
and other initiatives.

Thu May 26 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 51.0.2704.63 [boo#981886]

* Security fixes:
- CVE-2016-1672: Cross-origin bypass in extension bindings
- CVE-2016-1673: Cross-origin bypass in Blink
- CVE-2016-1674: Cross-origin bypass in extensions
- CVE-2016-1675: Cross-origin bypass in Blink
- CVE-2016-1676: Cross-origin bypass in extension bindings
- CVE-2016-1677: Type confusion in V8
- CVE-2016-1678: Heap overflow in V8
- CVE-2016-1679: Heap use-after-free in V8 bindings
- CVE-2016-1680: Heap use-after-free in Skia
- CVE-2016-1681: Heap overflow in PDFium
- CVE-2016-1682: CSP bypass for ServiceWorker
- CVE-2016-1683: Out-of-bounds access in libxslt
- CVE-2016-1684: Integer overflow in libxslt
- CVE-2016-1685: Out-of-bounds read in PDFium
- CVE-2016-1686: Out-of-bounds read in PDFium
- CVE-2016-1687: Information leak in extensions
- CVE-2016-1688: Out-of-bounds read in V8
- CVE-2016-1689: Heap buffer overflow in media
- CVE-2016-1690: Heap use-after-free in Autofill
- CVE-2016-1691: Heap buffer-overflow in Skia
- CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
- CVE-2016-1693: HTTP Download of Software Removal Tool
- CVE-2016-1694: HPKP pins removed on cache clearance
- CVE-2016-1695: Various fixes from internal audits, fuzzing
and other initiatives
- drop chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
now upstream

Fri May 13 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 50.0.2661.102 (boo#979859)

* Security fixes:
- CVE-2016-1667: Same origin bypass in DOM
- CVE-2016-1668: Same origin bypass in Blink V8 bindings
- CVE-2016-1669: Buffer overflow in V8
- CVE-2016-1670: Race condition in loader

Fri Apr 29 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 50.0.2661.94 (boo#977830)

* Security fixes:
- CVE-2016-1660: Out-of-bounds write in Blink
- CVE-2016-1661: Memory corruption in cross-process frames
- CVE-2016-1662: Use-after-free in extensions
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings
- CVE-2016-1664: Address bar spoofing
- CVE-2016-1665: Information leak in V8
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives

Fri Apr 22 14:00:00 2016 jslabyAATTsuse.com
- _constraints: increase memory. It takes 1.2G to build some .o, and
with -j4 this results in OOM.

Thu Apr 14 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 50.0.2661.75 (boo#975572)

* Security Fixes:
- CVE-2016-1652: Universal XSS in extension bindings
- CVE-2016-1653: Out-of-bounds write in V8
- CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
- CVE-2016-1654: Uninitialized memory read in media
- CVE-2016-1655: Use-after-free related to extensions
- CVE-2016-1656: Android downloaded file path restriction bypass
- CVE-2016-1657: Address bar spoofing
- CVE-2016-1658: Potential leak of sensitive information to
malicious extensions
- CVE-2016-1659: Various fixes from internal audits, fuzzing
and other initiatives
- add patch to fix GCC builds with component=shared_library:
chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch

Fri Apr 8 14:00:00 2016 astiegerAATTsuse.com
- Update to Chromium 49.0.2623.112

* Block user removal when login attempt is in progress

* Add the SuppressUnsupportedOSWarning policy setting

* Fix how Save-Page-As responds to web requests blocked by extensions

* Fix preferred width calculation for 8bit ltr runs in rtl blocks

Wed Mar 30 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 49.0.2623.110

* No changelog available

Mon Mar 28 14:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 49.0.2623.108

* Security fixes (boo#972834):
- CVE-2016-1646: Out-of-bounds read in V8
- CVE-2016-1647: Use-after-free in Navigation
- CVE-2016-1648: Use-after-free in Extensions
- CVE-2016-1649: Buffer overflow in libANGLE
- CVE-2016-1650: Various fixes from internal audits, fuzzing
and other initiatives
- CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
tip of the 4.9 branch (currently 4.9.385.33).

Wed Mar 9 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 49.0.2623.87

* Security fixes:
- CVE-2016-1643: Type confusion in Blink (boo#970514)
- CVE-2016-1644: Use-after-free in Blink (boo#970509)
- CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)

Tue Mar 8 13:00:00 2016 tittiatcokeAATTgmail.com
- Change the build method used on Packman.

* Drop patch no-clang-on-packman.diff . This is no longer required
as that ninja is respecting the build flags correctly.
- Drop unused patch skia.patch

Fri Mar 4 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 49.0.2623.75

* 26 security fixes, with the most important ones being:
- CVE-2016-1630: Same-origin bypass in Blink
- CVE-2016-1631: Same-origin bypass in Pepper Plugin
- CVE-2016-1632: Bad cast in Extensions
- CVE-2016-1633: Use-after-free in Blink
- CVE-2016-1634: Use-after-free in Blink
- CVE-2016-1635: Use-after-free in Blink
- CVE-2016-1636: SRI Validation Bypass
- CVE-2015-8126: Out-of-bounds access in libpng
- CVE-2016-1637: Information Leak in Skia
- CVE-2016-1638: WebAPI Bypass
- CVE-2016-1639: Use-after-free in WebRTC
- CVE-2016-1640: Origin confusion in Extensions UI
- CVE-2016-1641: Use-after-free in Favicon
- CVE-2016-1642: Various fixes from internal audits, fuzzing
and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9
branch (currently 4.9.385.26)
(boo#969333)

Fri Feb 19 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 48.0.2564.116

* Fixes a critical security flaw:
- CVE-2016-1629: Same-origin bypass in Blink and Sandbox
escape in Chrome. (boo#967376)

Mon Feb 15 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 48.0.2564.109

* Security fixes (boo#965999)
- CVE-2016-1622: Same-origin bypass in Extensions
- CVE-2016-1623: Same-origin bypass in DOM
- CVE-2016-1624: Buffer overflow in Brotli
- CVE-2016-1625: Navigation bypass in Chrome Instant
- CVE-2016-1626: Out-of-bounds read in PDFium
- CVE-2016-1627: Various fixes from internal audits, fuzzing
and other initiatives

Sat Feb 13 13:00:00 2016 tittiatcokeAATTgmail.com
- Drop the libva support completely. It seems that this is causing
more issues than it actually resolves. (boo#965566)

* Drop chromium-enable-vaapi.patch

Thu Feb 11 13:00:00 2016 tittiatcokeAATTgmail.com
- Don\'t build with libva support for openSUSE 13.2 and lower
(boo#966082)

Tue Feb 9 13:00:00 2016 tittiatcokeAATTgmail.com
- Drop completely the option to build with system libraries. This
could lead to issues (boo#965738)

Fri Feb 5 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 48.0.2564.103

* No chnagelog available

Sun Jan 31 13:00:00 2016 tittiatcokeAATTgmail.com
- Build against the in-source libjpeg to prevent graphical issues

Sun Jan 31 13:00:00 2016 tchvatalAATTsuse.com
- Use spec-cleaner
- Remove buildenv check that is moot for the update-alternatives script
- Build against the latest libjpeg rather than jpeg6
- Use update-alternatives as is required by the specification

Thu Jan 28 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 48.0.2564.97

* No changelog available
- Update the desktop-kde package so that on Leap and TW, the kwallet5
becomes the default. desktop-kde/gnome packages are no longer
recommended as that the default is to automatically detect the
password store. Only for those users that want to change this,
they can select a different setup.

Fri Jan 22 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 48.0.2564.82

* Security fixes:
- CVE-2016-1612: Bad cast in V8 (boo#963184)
- CVE-2016-1613: Use-after-free in PDFium (boo#963185)
- CVE-2016-1614: Information leak in Blink (boo#963186)
- CVE-2016-1615: Origin confusion in Omnibox (boo#963187)
- CVE-2016-1616: URL Spoofing (boo#963188)
- CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)
- CVE-2016-1618: Weak random number generator in Blink (boo#963190)
- CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)
- CVE-2016-1620 chromium-browser: various fixes (boo#963192)

Thu Jan 14 13:00:00 2016 tittiatcokeAATTgmail.com
- Update to Chromium 47.0.2526.111.

* No changelog available

Mon Dec 28 13:00:00 2015 stefan.bruensAATTrwth-aachen.de
- Enable SSE2 on x86_64

Sun Dec 27 13:00:00 2015 stefan.bruensAATTrwth-aachen.de
- Fix crash when trying to enable chromecast extension

* Add patch: fix_network_api_crash.patch
Fix https://code.google.com/p/chromium/issues/detail?id=572539

Sun Dec 20 13:00:00 2015 astiegerAATTsuse.com
- Update to Chromium 47.0.2525.106, fixing the following security
issue:

* CVE-2015-6792: Fixes from internal audits and fuzzing. [boo#959458]

Mon Dec 14 13:00:00 2015 jimmyAATTboombatower.com
- Enable VA-API hardware acceleration in Linux.

* chromium-enable-vaapi.patch

Thu Dec 10 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 47.0.2526.80 [boo#958481]

* Security fixes
- CVE-2015-6788: Type confusion in extensions
- CVE-2015-6789: Use-after-free in Blink
- CVE-2015-6790: Escaping issue in saved pages
- CVE-2015-6791: Various fixes from internal audits, fuzzing
and other initiatives
- Drop unused patch fix-clang.diff.

Sat Dec 5 13:00:00 2015 tittiatcokeAATTgmail.com
- Enable the possibility to utilize the Widevine plugin
within chromium. (boo#954103)

* Add patch: fix_building_widevinecdm_with_chromium.patch

Wed Dec 2 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 47.0.2526.73

* Security fixes (boo#957519)
- CVE-2015-6765: Use-after-free in AppCache
- CVE-2015-6766: Use-after-free in AppCache
- CVE-2015-6767: Use-after-free in AppCache
- CVE-2015-6768: Cross-origin bypass in DOM
- CVE-2015-6769: Cross-origin bypass in core
- CVE-2015-6770: Cross-origin bypass in DOM
- CVE-2015-6771: Out of bounds access in v8
- CVE-2015-6772: Cross-origin bypass in DOM
- CVE-2015-6764: Out of bounds access in v8
- CVE-2015-6773: Out of bounds access in Skia
- CVE-2015-6774: Use-after-free in Extensions
- CVE-2015-6775: Type confusion in PDFium
- CVE-2015-6776: Out of bounds access in PDFium
- CVE-2015-6777: Use-after-free in DOM
- CVE-2015-6778: Out of bounds access in PDFium
- CVE-2015-6779: Scheme bypass in PDFium
- CVE-2015-6780: Use-after-free in Infobars
- CVE-2015-6781: Integer overflow in Sfntly
- CVE-2015-6782: Content spoofing in Omnibox
- CVE-2015-6783: Signature validation issue in
Android Crazy Linker.
- CVE-2015-6784: Escaping issue in saved pages
- CVE-2015-6785: Wildcard matching issue in CSP
- CVE-2015-6786: Scheme bypass in CSP
- CVE-2015-6787: Various fixes from internal audits, fuzzing
and other initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the
4.7 branch (currently 4.7.80.23)

Wed Nov 11 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 46.0.2490.86

* Security fixes (boo#954579):
- CVE-2015-1302: Information leak in PDF viewer

Fri Oct 23 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 46.0.2490.80

* No changelog available

Mon Oct 19 14:00:00 2015 tittiatcokeAATTgmail.com
- Change the default homepage based on the new landingpage
for the openSUSE Project. (boo#950957)

Wed Oct 14 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 46.0.2490.71

* Security fixes (boo#950290)
- CVE-2015-6755: Cross-origin bypass in Blink
- CVE-2015-6756: Use-after-free in PDFium
- CVE-2015-6757: Use-after-free in ServiceWorker
- CVE-2015-6758: Bad-cast in PDFium
- CVE-2015-6759: Information leakage in LocalStorage
- CVE-2015-6760: Improper error handling in libANGLE
- CVE-2015-6761: Memory corruption in FFMpeg
- CVE-2015-6762: CORS bypass via CSS fonts
- CVE-2015-6763: Various fixes from internal audits, fuzzing
and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the
4.6 branch (currently 4.6.85.23) CVE-2015-7834
- drop upstreamed correct-blacklist.diff
- add chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
to fix build
- remove remoting_locales from spec

Sat Oct 3 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 45.0.2454.101

* Security fixes:
- CVE-2015-1303: Cross-origin bypass in DOM [boo#947504]
- CVE-2015-1304: Cross-origin bypass in V8 [boo#947507]

Tue Sep 22 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 45.0.2454.99
- No changelog available
- Add upstream patch correct-blacklist.diff

* This should restore the correct behavior of the option
- -ignore-gpu-blacklist.
https://code.google.com/p/chromium/issues/detail?id=509336

Wed Sep 16 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 45.0.2454.93
- No changelog available

Fri Sep 11 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 45.0.2454.85
Security fixes:

* CVE-2015-1291: Cross-origin bypass in DOM

* CVE-2015-1292: Cross-origin bypass in ServiceWorker

* CVE-2015-1293: Cross-origin bypass in DOM

* CVE-2015-1294: Use-after-free in Skia

* CVE-2015-1295: Use-after-free in Printing

* CVE-2015-1296: Character spoofing in omnibox

* CVE-2015-1297: Permission scoping error in WebRequest

* CVE-2015-1298: URL validation error in extensions

* CVE-2015-1299: Use-after-free in Blink

* CVE-2015-1300: Information leak in Blink

* CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.

Wed Aug 5 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 44.0.2403.130

* No changelog available

Wed Jul 29 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 44.0.2403.125

* No changelog available
- The chromium-ffmpeg package (on Packman) now requires the same
version for the main chromium package. This should prevent the
issues arised from the libffmpeg switch that Google did recently

Sat Jul 25 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 44.0.2403.107

* No changelog available

Tue Jul 21 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 44.0.2403.89

* A number of new apps/extension APIs

* Lots of under the hood changes for stability and performance

* Security fixes:
- CVE-2015-1271: Heap-buffer-overflow in pdfium
- CVE-2015-1273: Heap-buffer-overflow in pdfium
- CVE-2015-1274: Settings allowed executable files to run
immediately after download
- CVE-2015-1275: UXSS in Chrome for Android
- CVE-2015-1276: Use-after-free in IndexedDB
- CVE-2015-1279: Heap-buffer-overflow in pdfium
- CVE-2015-1280: Memory corruption in skia
- CVE-2015-1281: CSP bypass
- CVE-2015-1282: Use-after-free in pdfium
- CVE-2015-1283: Heap-buffer-overflow in expat
- CVE-2015-1284: Use-after-free in blink
- CVE-2015-1286: UXSS in blink
- CVE-2015-1287: SOP bypass with CSS
- CVE-2015-1270: Uninitialized memory read in ICU
- CVE-2015-1272: Use-after-free related to unexpected GPU
process termination
- CVE-2015-1277: Use-after-free in accessibility
- CVE-2015-1278: URL spoofing using pdf files
- CVE-2015-1285: Information leak in XSS auditor
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP
- CVE-2015-1289: Various fixes from internal audits, fuzzing
and other initiatives

Wed Jul 15 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 43.0.2357.134
Update of the Pepper Flash plugin to 18.0.0.209

Wed Jul 8 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 43.0.2357.132
No changelog available

Tue Jun 23 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 43.0.2357.130
- Security fixes (boo#935723)

* CVE-2015-1266: Scheme validation error in WebUI

* CVE-2015-1268: Cross-origin bypass in Blink

* CVE-2015-1267: Cross-origin bypass in Blink

* CVE-2015-1269: Normalization error in HSTS/HPKP preload list

Wed Jun 17 14:00:00 2015 tittiatcokeAATTgmail.com
- Add the buildflag enable_hotwording=0 to prevent that Chromium
downloads a binary blob for speechrecognition (boo#935022)
- Add patch gcc50-fixes.diff to enable building against GCC 5. The
patch fixes the python regular expression and ensures to return
a two digit value for the GCC version

Fri Jun 12 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 43.0.2357.125

* Bug-fixes:
- esolved browser font magnification/scaling issue.

Wed May 27 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 43.0.2357.81

* Bug-fixes:
- Fixed an issue where sometimes a blank page would print
- Icons not displaying properly on Linux

Wed May 20 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 43.0.2357.65

* Security fixes:
- CVE-2015-1252: Sandbox escape in Chrome
- CVE-2015-1253: Cross-origin bypass in DOM
- CVE-2015-1254: Cross-origin bypass in Editing
- CVE-2015-1255: Use-after-free in WebAudio
- CVE-2015-1256: Use-after-free in SVG
- CVE-2015-1251: Use-after-free in Speech
- CVE-2015-1257: Container-overflow in SVG
- CVE-2015-1258: Negative-size parameter in Libvpx
- CVE-2015-1259: Uninitialized value in PDFium
- CVE-2015-1260: Use-after-free in WebRTC
- CVE-2015-1261: URL bar spoofing
- CVE-2015-1262: Uninitialized value in Blink
- CVE-2015-1263: Insecure download of spellcheck dictionary
- CVE-2015-1264: Cross-site scripting in bookmarks
- CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21)

Wed Apr 29 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 42.0.2311.135

* Security fixes:
- CVE-2015-1243: Use-after-free in DOM
- CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives
and 3 more security fixes.

Mon Apr 27 14:00:00 2015 tittiatcokeAATTgmail.com
- Fix for missing Chromium icon in the taskbar.

Wed Apr 15 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 42.0.2311.90

* A number of new apps, extension and Web Platform APIs (including the Push API!)

* Lots of under the hood changes for stability and performance

* Security fixes, including:
- CVE-2015-1235: Cross-origin-bypass in HTML parser
- CVE-2015-1236: Cross-origin-bypass in Blink
- CVE-2015-1237: Use-after-free in IPC
- CVE-2015-1238: Out-of-bounds write in Skia
- CVE-2015-1240: Out-of-bounds read in WebGL
- CVE-2015-1241: Tap-Jacking
- CVE-2015-1242: Type confusion in V8
- CVE-2015-1244: HSTS bypass in WebSockets
- CVE-2015-1245: Use-after-free in PDFium
- CVE-2015-1246: Out-of-bounds read in Blink
- CVE-2015-1247: Scheme issues in OpenSearch
- CVE-2015-1248: SafeBrowsing bypass
- CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed

Thu Apr 2 14:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 41.0.2272.118
Security fixes:

* CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that
can lead to remote code execution outside of
the sandbox

* CVE-2015-1234: Buffer overflow via race condition in GPU

Sat Mar 21 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 41.0.2272.101

* Bugfixes

Thu Mar 12 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 41.0.2272.89

* Bugfixes

Wed Mar 4 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 41.0.2272.76
Security fixes:

* CVE-2015-1212: Out-of-bounds write in media

* CVE-2015-1213: Out-of-bounds write in skia filters

* CVE-2015-1214: Out-of-bounds write in skia filters

* CVE-2015-1215: Out-of-bounds write in skia filters

* CVE-2015-1216: Use-after-free in v8 bindings

* CVE-2015-1217: Type confusion in v8 bindings

* CVE-2015-1218: Use-after-free in dom

* CVE-2015-1219: Integer overflow in webgl

* CVE-2015-1220: Use-after-free in gif decoder

* CVE-2015-1221: Use-after-free in web databases

* CVE-2015-1222: Use-after-free in service workers

* CVE-2015-1223: Use-after-free in dom

* CVE-2015-1230: Type confusion in v8

* CVE-2015-1224: Out-of-bounds read in vpxdecoder

* CVE-2015-1225: Out-of-bounds read in pdfium

* CVE-2015-1226: Validation issue in debugger

* CVE-2015-1227: Uninitialized value in blink

* CVE-2015-1228: Uninitialized value in rendering

* CVE-2015-1229: Cookie injection via proxies

* CVE-2015-1231: Various fixes from internal audits

* Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch

Fri Feb 27 13:00:00 2015 meissnerAATTsuse.com
- regular diskusage is more like 20GB+

Mon Feb 23 13:00:00 2015 meissnerAATTsuse.com
- uses around 5.8GB for building, assign like 6GB in _constraints

Fri Feb 20 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 40.0.2214.115

* Bugfixes

Wed Feb 18 13:00:00 2015 tittiatcokeAATTgmail.com
- Utilize the _service file to download the chromium tarball

Sun Feb 8 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 40.0.2214.111

* Security Fixes:
- CVE-2015-1209: Use-after-free in DOM
- CVE-2015-1210: Cross-origin-bypass in V8 bindings
- CVE-2015-1211: Privilege escalation using service workers
- CVE-2015-1212: Various fixes from internal audits, fuzzing
and other initiatives

Sat Jan 31 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 40.0.2214.94
- Bugfixes

Wed Jan 28 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 40.0.2214.93
- Bugfixes

Fri Jan 23 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 40.0.2214.91

* Security Fixes:
- CVE-2014-7923: Memory corruption in ICU
- CVE-2014-7924: Use-after-free in IndexedDB
- CVE-2014-7925: Use-after-free in WebAudio
- CVE-2014-7926: Memory corruption in ICU
- CVE-2014-7927: Memory corruption in V8
- CVE-2014-7928: Memory corruption in V8
- CVE-2014-7930: Use-after-free in DOM
- VE-2014-7931: Memory corruption in V8
- CVE-2014-7929: Use-after-free in DOM
- CVE-2014-7932: Use-after-free in DOM
- CVE-2014-7933: Use-after-free in FFmpeg
- CVE-2014-7934: Use-after-free in DOM
- CVE-2014-7935: Use-after-free in Speech
- CVE-2014-7936: Use-after-free in Views
- CVE-2014-7937: Use-after-free in FFmpeg
- CVE-2014-7938: Memory corruption in Fonts
- CVE-2014-7939: Same-origin-bypass in V8
- CVE-2014-7940: Uninitialized-value in ICU
- CVE-2014-7941: Out-of-bounds read in UI
- CVE-2014-7942: Uninitialized-value in Fonts
- CVE-2014-7943: Out-of-bounds read in Skia
- CVE-2014-7944: Out-of-bounds read in PDFium
- CVE-2014-7945: Out-of-bounds read in PDFium
- CVE-2014-7946: Out-of-bounds read in Fonts
- CVE-2014-7947: Out-of-bounds read in PDFium
- CVE-2014-7948: Caching error in AppCache
- CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch

Tue Jan 13 13:00:00 2015 tittiatcokeAATTgmail.com
- Update to Chromium 39.0.2171.99

* Bugfixes

Wed Dec 10 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 39.0.2171.95

* Bugfixes

Sun Nov 30 13:00:00 2014 Led
- fix using \'echo\' command in chromium-browser.sh script

Wed Nov 26 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 39.0.2171.71

* Bugfixes

Wed Nov 19 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 39.0.2171.65

* Security fixes:
- CVE-2014-7899: Address bar spoofing (boo#906320)
- CVE-2014-7900: Use-after-free in pdfium (boo#906317)
- CVE-2014-7901: Integer overflow in pdfium (boo#906322)
- CVE-2014-7902: Use-after-free in pdfium (boo#906328)
- CVE-2014-7903: Buffer overflow in pdfium (boo#906318)
- CVE-2014-7904: Buffer overflow in Skia (boo#906321)
- CVE-2014-7905: Flaw allowing navigation to intents that do
not have the BROWSABLE category (boo#906330)
- CVE-2014-7906: Use-after-free in pepper plugins (boo#906319)
- CVE-2014-0574: Double-free in Flash
- CVE-2014-7907: Use-after-free in blink (boo#906323)
- CVE-2014-7908: Integer overflow in media (boo#906324)
- CVE-2014-7909: Uninitialized memory read in Skia (boo#906326)
- CVE-2014-7910: Various fixes from internal audits, fuzzing
and other initiatives (boo#906327)

Fri Nov 14 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 38.0.2125.122

* Several bugfixes

Tue Oct 28 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 38.0.2125.111

* Several bugfixes

Wed Oct 15 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 38.0.2125.104

* Several bugfixes
- Updated source url to point to the right location

Wed Oct 8 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 38.0.2125.101
This update includes 159 security fixes, including 113 relatively
minor fixes. Highlighted securtiy fixes are:
CVE-2014-3188: A combination of V8 and IPC bugs that can lead to
remote code execution outside of the sandbox
CVE-2014-3189: Out-of-bounds read in PDFium
CVE-2014-3190: Use-after-free in Events
CVE-2014-3191: Use-after-free in Rendering
CVE-2014-3192: Use-after-free in DOM
CVE-2014-3193: Type confusion in Session Management
CVE-2014-3194: Use-after-free in Web Workers
CVE-2014-3195: Information Leak in V8
CVE-2014-3196: Permissions bypass in Windows Sandbox
CVE-2014-3197: Information Leak in XSS Auditor
CVE-2014-3198: Out-of-bounds read in PDFium
CVE-2014-3199: Release Assert in V8 bindings
CVE-2014-3200: Various fixes from internal audits, fuzzing and
other initiatives
- Drop the build of the Native Client. This is actually not a build
as that prebuild binaries are being shipped. Also Google no
longer provides prebuild binaries for the NativeClient for 32bit.
Chromium as webbrowser is not affected by this and it bring
Chromium inline with the regulations that prebuild binaries
should not be shipped.

* toolchaing_linux tarball dropped

* Spec-file cleaned for NaCl stuff
- Added patch no-clang-on-packman.diff to prevent the usage of
clang on packman, which is not supported there

Wed Sep 10 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 37.0.2062.120

* Security Fixes (bnc#896106)
- CVE-2014-3178: Use-after-free in rendering

Sun Sep 7 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 37.0.2062.103

* This addresses some user feedback related to how Chrome
renders text when display scaling is set to 125% or lower.
- Combine the two toolchain tars into a single one.

Mon Sep 1 14:00:00 2014 tittiatcokeAATTgmail.com
- Switch to shared libraries as a global default. This hopefully
speeds up the builds a little and prevents out-of-memory on OBS
- Move the chrome sandbox binary to the main package and remove the
sub-package for it. This should resolve build issues when having
the debug flag on.

Sun Aug 31 14:00:00 2014 josua.mAATTt-online.de
- add toolchain_linux_arm
- disable NaCl on ARM because it doesn\'t build
- add arm-webrtc-fix.patch
- add chromium-arm-r0.patch
- add skia.patch
- build components as shared libaries on arm

Wed Aug 27 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 37.0.2062.94
Security Fixes (bnc#893720)

* CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC,
sync, and extensions that can lead to remote code execution
outside of the sandbox.

* CVE-2014-3168: Use-after-free in SVG

* CVE-2014-3169: Use-after-free in DOM

* CVE-2014-3170: Extension permission dialog spoofing

* CVE-2014-3171: Use-after-free in bindings

* CVE-2014-3172: Issue related to extension debugging

* CVE-2014-3173: Uninitialized memory read in WebGL

* CVE-2014-3174: Uninitialized memory read in Web Audio

* CVE-2014-3175: Various fixes from internal audits, fuzzing
and other initiatives
and 41 more security fixes for which no description was given
- Drop the following patches as they are no longer required:

* chromium-23.0.1245-no-test-sources.patch

* no-download-nacl.diff

* chromium-no-courgette.patch

Wed Aug 13 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 36.0.1985.143
Security Fixes (bnc#891717)

* CVE-2014-3165: Use-after-free in web sockets

* CVE-2014-3166: Information disclosure in SPDY

* CVE-2014-3167: Various fixes from internal audits, fuzzing and
other initiatives
and 9 more fixes for which no description was given

Tue Aug 5 14:00:00 2014 tittiatcokeAATTgmail.com
- Add directory remoting_locales to the package to complete
the language support within Chromium

Tue Jul 22 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 36.0.1985.125
New Functionality:

* Rich Notifications Improvements

* An Updated Incognito / Guest NTP design

* The addition of a Browser crash recovery bubble

* Chrome App Launcher for Linux

* Lots of under the hood changes for stability and performance
Security Fixes (bnc#887952,bnc#887955):

* CVE-2014-3160: Same-Origin-Policy bypass in SVG

* CVE-2014-3162: Various fixes from internal audits, fuzzing
and other initiatives
and 24 more fixes for which no description was given.
Packaging changes:

* Switch to newer method to retrieve toolchain packages. Dropping
the three naclsdk_
*tgz files. Everything is now included in the
toolchain_linux_x86.tar.bz2 tarball

* Add Courgette.tar.xz as that the build process now requires
some files from Courgette in order to build succesfully. This
does not mean that Courgette is build/delivered.

Wed Jun 11 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 35.0.1916.153
Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263):

* CVE-2014-3154: Use-after-free in filesystem api

* CVE-2014-3155: Out-of-bounds read in SPDY

* CVE-2014-3156: Buffer overflow in clipboard

* CVE-2014-3157: Heap overflow in media

Thu May 22 14:00:00 2014 tittiatcokeAATTgmail.com
- Use also Ninja for openSUSE 12.3. This is the only method
supported by upstream
- Drop support for Arm. Despite that chromium builds on Arm, it can
not complete the link process and dies with out-of-memory, etc.
Drop the specific Arm patches:

* arm_disable_gn.patch, arm_use_gold.patch, chromium-arm-webrtc-fix.patch,
chromium-fix-arm-icu.patch, chromium-fix-arm-skia-memset.patch,
chromium-fix-arm-sysroot.patch

Wed May 21 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 35.0.1916.114
New Functionality

* More developer control over touch input

* New JavaScript features

* Unprefixed Shadow DOM

* A number of new apps/extension APIs

* Lots of under the hood changes for stability and performance
Security fixes:

* CVE-2014-1743: Use-after-free in styles

* CVE-2014-1744: Integer overflow in audio

* CVE-2014-1745: Use-after-free in SVG

* CVE-2014-1746: Out-of-bounds read in media filters

* CVE-2014-1747: UXSS with local MHTML file

* CVE-2014-1748: UI spoofing with scrollbar

* CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives

* CVE-2014-3152: Integer underflow in V8 fixed
and 17 more for which no detailed information is given.
- Drop patch chromium-vendor.patch.in as that does no longer apply
due to upstream changes

Wed May 14 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 34.0.1847.137

* Security updates:
- CVE-2014-1740: Use-after-free in WebSockets
- CVE-2014-1741: Integer overflow in DOM range
- CVE-2014-1742: Use-after-free in editing

Mon Apr 28 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 34.0.1847.132

* Security update:
- CVE-2014-1730: Type confusion in V8
- CVE-2014-1731: Type confusion in DOM
- CVE-2014-1732: Use-after-free in Speech Recognition
- CVE-2014-1733: Compiler bug in Seccomp-BPF
- CVE-2014-1734: Various fixes from internal audits, fuzzing
and other initiatives
- CVE-2014-1735: Multiple vulnerabilities in V8 fixed in
version 3.24.35.33

Fri Apr 25 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 34.0.1847.131

* Bugfixes

Thu Apr 10 14:00:00 2014 tittiatcokeAATTgmail.com
- Add patch chromium-fix-arm-skia-memset.patch to resolve a linking
issue on ARM with regards to missing symbols.

Wed Apr 9 14:00:00 2014 tittiatcokeAATTgmail.com
- Add patch arm_use_gold.patch to use the right gold binaries on
ARM. Hopefully this resolves the build issues with running out of
memory

Tue Apr 8 14:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 34.0.1847.116

* Responsive Images and Unprefixed Web Audio

* Import supervised users onto new computers

* A number of new apps/extension APIs

* Lots of under the hood changes for stability and performance
- Security fixes:

* CVE-2014-1716: UXSS in V8

* CVE-2014-1717: OOB access in V8

* CVE-2014-1718: Integer overflow in compositor

* CVE-2014-1719: Use-after-free in web workers

* CVE-2014-1720: Use-after-free in DOM

* CVE-2014-1721: Memory corruption in V8

* CVE-2014-1722: Use-after-free in rendering

* CVE-2014-1723: Url confusion with RTL characters

* CVE-2014-1724: Use-after-free in speech

* CVE-2014-1725: OOB read with window property

* CVE-2014-1726: Local cross-origin bypass

* CVE-2014-1727: Use-after-free in forms

* CVE-2014-1728: Various fixes from internal audits,
fuzzing and other initiatives

* CVE-2014-1729: Multiple vulnerabilities in V8
- No longer build against system libraries as that Chromium works
a lot better and crashes less on websites than with system libs
- Added package depot_tools.tar.gz as that the chromium build now
requires it during the initial build phase. It just contains some
utilities and nothing from it is being installed.

Sun Apr 6 14:00:00 2014 tittiatcokeAATTgmail.com
- If people want to install newer versions of the ffmpeg library
then let them. This is what they want.
- Remove the buildscript from the sources

Mon Mar 17 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 33.0.1750.152
Stable channel uodate:
- Security fixes:

* CVE-2014-1713: Use-after-free in Blink bindings

* CVE-2014-1714: Windows clipboard vulnerability

* CVE-2014-1705: Memory corruption in V8

* CVE-2014-1715: Directory traversal issue

Thu Mar 13 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 33.0.1750.149
Stable channel uodate:
- Security fixes:

* CVE-2014-1700: Use-after-free in speech

* CVE-2014-1701: UXSS in events

* CVE-2014-1702: Use-after-free in web database

* CVE-2014-1703: Potential sandbox escape due to a
use-after-free in web sockets

* CVE-2014-1704: Multiple vulnerabilities in V8 fixed in
version 3.23.17.18

Fri Feb 21 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 33.0.1750.117
Stable channel update:
- Security Fixes:

* CVE-2013-6653: Use-after-free related to web contents

* CVE-2013-6654: Bad cast in SVG

* CVE-2013-6655: Use-after-free in layout

* CVE-2013-6656: Information leak in XSS auditor

* CVE-2013-6657: Information leak in XSS auditor

* CVE-2013-6658: Use-after-free in layout

* CVE-2013-6659: Issue with certificates validation in TLS
handshake

* CVE-2013-6660: Information leak in drag and drop

* CVE-2013-6661: Various fixes from internal audits, fuzzing
and other initiatives. Of these, seven are
fixes for issues that could have allowed for
sandbox escapes from compromised renderers.
- Other:
- Google Chrome Frame has been retired
- Added gn-binaries.tar.xz to have the right version of the Google
depot tools during build.
- Added patch arm_disable_gn.patch to disable GN on ARM builds

Tue Jan 28 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 32.0.1700.102
Stable channel update:
- Security Fixes:

* CVE-2013-6649: Use-after-free in SVG images

* CVE-2013-6650: Memory corruption in V8

* and 12 other fixes
- Other:

* Mouse Pointer disappears after exiting full-screen mode

* Drag and drop files into Chromium may not work properly

* Quicktime Plugin crashes in Chromium

* Chromium becomes unresponsive

* Trackpad users may not be able to scroll horizontally

* Scrolling does not work in combo box

* Chromium does not work with all CSS minifiers such as
whitespace around a media query\'s `and` keyword

Thu Jan 16 13:00:00 2014 tittiatcokeAATTgmail.com
- Update to Chromium 32.0.1700.77
Stable channel update:
- Security fixes:

* CVE-2013-6646: Use-after-free in web workers

* CVE-2013-6641: Use-after-free related to forms

* CVE-2013-6643: Unprompted sync with an attacker’s
Google account

* CVE-2013-6645: Use-after-free related to speech input
elements

* CVE-2013-6644: Various fixes from internal audits, fuzzing
and other initiatives
- Other:

* Tab indicators for sound, webcam and casting

* Automatically blocking malware files

* Lots of under the hood changes for stability and performance
- Remove patch chromium-fix-chromedriver-build.diff as that
chromedriver is fixed upstream

Thu Dec 5 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 31.0.1650.63
Stable channel update:
- Security fixes:

* CVE-2013-6634: Session fixation in sync related to 302 redirects

* CVE-2013-6635: Use-after-free in editing

* CVE-2013-6636: Address bar spoofing related to modal dialogs

* CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.

* CVE-2013-6638: Buffer overflow in v8

* CVE-2013-6639: Out of bounds write in v8.

* CVE-2013-6640: Out of bounds read in v8

* and 12 other security fixes.
- Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le.
This is based on missing build requires (valgrind, v8, etc)

Wed Nov 27 13:00:00 2013 tittiatcokeAATTgmail.com
- Remove the build flags to build according to the Chrome ffmpeg
branding and the proprietary codecs. (bnc#847971)

Sat Nov 16 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 31.0.1650.57
Stable channel update:
- Security Fixes:

* CVE-2013-6632: Multiple memory corruption issues.

Wed Nov 13 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 31.0.1650.48
Stable Channel update:
- Security fixes:

* CVE-2013-6621: Use after free related to speech input elements..

* CVE-2013-6622: Use after free related to media elements.

* CVE-2013-6623: Out of bounds read in SVG.

* CVE-2013-6624: Use after free related to “id” attribute strings.

* CVE-2013-6625: Use after free in DOM ranges.

* CVE-2013-6626: Address bar spoofing related to interstitial warnings.

* CVE-2013-6627: Out of bounds read in HTTP parsing.

* CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.

* CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.

* CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.

* CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.

* CVE-2013-6631: Use after free in libjingle.
- Added patch chromium-fix-chromedriver-build.diff to fix the
chromedriver build

Thu Nov 7 13:00:00 2013 tittiatcokeAATTgmail.com
- Enable ARM build for Chromium.

* Added patches chromium-arm-webrtc-fix.patch,
chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch
to resolve ARM specific build issues

Fri Oct 25 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 30.0.1599.114
Stable Channel update: fix build for 32bit systems
- Drop patch chromium-fix-chromedriver-build.diff. This is now
fixed upstream
- For openSUSE versions lower than 13.1, build against the in-tree
libicu

Wed Oct 16 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 30.0.1599.101
- Security Fixes:
+ CVE-2013-2925: Use after free in XHR
+ CVE-2013-2926: Use after free in editing
+ CVE-2013-2927: Use after free in forms.
+ CVE-2013-2928: Various fixes from internal audits,
fuzzing and other initiatives.

Tue Oct 1 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 30.0.1599.66
- Easier searching by image
- A number of new apps/extension APIs
- Lots of under the hood changes for stability and performance
- Security fixes:
+ CVE-2013-2906: Races in Web Audio
+ CVE-2013-2907: Out of bounds read in Window.prototype object
+ CVE-2013-2908: Address bar spoofing related to the
“204 No Content” status code
+ CVE-2013-2909: Use after free in inline-block rendering
+ CVE-2013-2910: Use-after-free in Web Audio
+ CVE-2013-2911: Use-after-free in XSLT
+ CVE-2013-2912: Use-after-free in PPAPI
+ CVE-2013-2913: Use-after-free in XML document parsing
+ CVE-2013-2914: Use after free in the Windows color chooser
dialog
+ CVE-2013-2915: Address bar spoofing via a malformed scheme
+ CVE-2013-2916: Address bar spoofing related to the “204 No
Content” status code
+ CVE-2013-2917: Out of bounds read in Web Audio
+ CVE-2013-2918: Use-after-free in DOM
+ CVE-2013-2919: Memory corruption in V8
+ CVE-2013-2920: Out of bounds read in URL parsing
+ CVE-2013-2921: Use-after-free in resource loader
+ CVE-2013-2922: Use-after-free in template element
+ CVE-2013-2923: Various fixes from internal audits, fuzzing and
other initiatives
+ CVE-2013-2924: Use-after-free in ICU. Upstream bug

Tue Oct 1 14:00:00 2013 tittiatcokeAATTgmail.com
- Add patch chromium-fix-altgrkeys.diff
- Make sure that AltGr is treated correctly (issue#296835)

Fri Sep 27 14:00:00 2013 tittiatcokeAATTgmail.com
- Do not build with system libxml (bnc#825157)

Wed Sep 25 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to Chromium 31.0.1640.0

* Bug and Stability Fixes
- Fix destkop file for chromium by removing extension from icon
- Change the methodology for the Chromium packages. Build is
now based on an official tarball. As soon as the Beta channel
catches up with the current version, Chromium will be
based on the Beta channel instead of svn snapshots

Sun Sep 15 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 31.0.1632

* Bug and Stability fixes
- Added the flag --enable-threaded-compositing to the startup
script. This flag seems to be required when hardware acceleration
is in use. This prevents websites from locking up on users in
certain cases.

Tue Sep 10 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 31.0.1627

* Bug and Stability fixes

Mon Sep 2 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 31.0.1619

* bug and Stability fixes

Mon Aug 26 14:00:00 2013 andreas.stiegerAATTgmx.de
- require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel >= 4.9.5

Mon Aug 26 14:00:00 2013 tittiatcokeAATTgmail.com
- Add patch exclude_ymp.diff to ensure that 1-click-install files
are downloaded and NOT opened (bnc#836059)

Sun Aug 25 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 31.0.1611

* Bug and stability fixes

Sun Aug 18 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 31.0.1605

* Bug and stability fixes

Fri Aug 16 14:00:00 2013 tittiatcokeAATTgmail.com
- Change the startup script so that Chromium will not start
when the chrome_sandbox doesn\'t have the SETUID.
(bnc#779448)

Wed Aug 14 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 31.0.1601

* Bug and stability fixes

Sun Aug 11 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 30.0.1594

* Bug and stability fixes
- Correct specfile to properly own /usr/bin/chromium (bnc#831584)
- Chromium now expects the SUID-helper installed in the same
directory as chromium. So let\'s create a symlink to the helper
in /usr/lib

Sun Aug 4 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 30.0.1587

* Bug and stability fixes
- Remove patch chromium-nss-compliant.diff (Upstream)

Wed Jul 24 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 30.0.1575

* Bug and stability fixes

* Enable the gpu-sandbox again due to upstream fix (chromium#255063)

Tue Jul 16 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 30.0.1567

* bug and Stability fixes

Mon Jul 1 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 30.0.1553

* Bug and stability fixes

* Includes security update for v8 (bnc821601)

* CVE-2013-2838 Denial of service (out-of-bounds read) via
unspecified vectors

Fri Jun 28 14:00:00 2013 tittiatcokeAATTgmail.com
- Add the flag --disable-gpu-sandbox to prevent crashes and/or
slowness. The GPU Sandbox is a new sandbox introduces in M28 and
is currently causing issues
(http://code.google.com/p/chromium/issues/detail?id=255063)

Tue Jun 25 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 29.0.1548

* Bug and Stability fixes

Sun Jun 16 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 29.0.1541

* Bug and Stability fixes
- Added patch chromium-nss-compatibility to fix build on Factory

Wed Jun 5 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 29.0.1530

* Bug and Stability fixes.
- Dropped subversion buildrequire as svn is no longer used.
(Thanks to andreas.stiegerAATTgmx.de)

Mon May 27 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 29.0.1521

* Bug and stability fixes

Thu May 23 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 29.0.1517

* Bug and stability fixes

Sun May 5 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 28.0.1500

* Bug and stability fixes
- Added patch adjust-ldflags-no-keep-memory.patch to change a
ldflags option to reduce the memory used during linking

Thu May 2 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 28.0.1497

* Bug and stability fixes

Mon Apr 29 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 28.0.1494

* Bug and Stability Fixes

Sat Apr 27 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 28.0.1493

* bug and stability fixes

* Bring back the lost buildflag to enable proprietary codecs

Sun Apr 14 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 28.0.1479

* bug and stability fixes

Wed Apr 10 14:00:00 2013 tittiatcokeAATTgmail.com
- use %config(noreplace) for /etc/default/chromium, so that user
changes are preserved.

Sat Apr 6 14:00:00 2013 tittiatcokeAATTgmail.com
- Update to 28.0.1468

* Bug and stability fixes

Sun Mar 24 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 27.0.1452

* Bug and stability fixes
- Change buoldsystem to ninja for additional speed

* Dropped patch chromium_use_gold.patch
- Removed obsolete 11.4 bits and pieces in the spec-file

* includes chromium.easy patch

Tue Mar 19 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 27.0.1447

* Bug and stability fixes

* Drop patch chromium-norpath.patch. Rpath is only used when
building chromium with shared libraries.
- Deactive building against system libraries. This is now causing
issues for building on 12.3 and Factory.

Sat Mar 9 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 27.0.1435

* Bug and stability fixes

* Drop patch chromium-siginfo.patch due to upstream
inclusion

Sat Feb 23 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 27.0.1425

* Bug and stability fixes:
- Fixed crash after clicking through malware warning.
(Issue: 173986)
- Fixed broken command line to create extensions with locale info
(Issue: 176187)
- Hosted apps in Chrome will always be opened from app launcher.
(Issue: 176267)
- Added modal confirmation dialog to the enterprise profile
sign-in flow. (Issue: 171236)
- Fixed a crash with autofill. (Issues: 175454, 176576)
- Fixed issues with sign-in.
(Issues: 175672, 175819, 175541, 176190)
- Fixed spurious profile shortcuts created with a system-level
install. (Issue: 177047)
- Fixed the background tab flashing with certain themes.
(Issue: 175426)

* Security Fixes: (bnc#804986)
- High CVE-2013-0879: Memory corruption with web audio node
- High CVE-2013-0880: Use-after-free in database handling
- Medium CVE-2013-0881: Bad read in Matroska handling
- High CVE-2013-0882: Bad memory access with excessive SVG
parameters.
- Medium CVE-2013-0883: Bad read in Skia.
- Low CVE-2013-0884: Inappropriate load of NaCl.
- Medium CVE-2013-0885: Too many API permissions granted to web
store
- Medium CVE-2013-0886: Incorrect NaCl signal handling.
- Low CVE-2013-0887: Developer tools process has too many
permissions and places too much trust in the connected server
- Medium CVE-2013-0888: Out-of-bounds read in Skia
- Low CVE-2013-0889: Tighten user gesture check for dangerous
file downloads.
- High CVE-2013-0890: Memory safety issues across the IPC layer.
- High CVE-2013-0891: Integer overflow in blob handling.
- Medium CVE-2013-0892: Lower severity issues across the IPC layer
- Medium CVE-2013-0893: Race condition in media handling.
- High CVE-2013-0894: Buffer overflow in vorbis decoding.
- High CVE-2013-0895: Incorrect path handling in file copying.
- High CVE-2013-0896: Memory management issues in plug-in message
handling
- Low CVE-2013-0897: Off-by-one read in PDF
- High CVE-2013-0898: Use-after-free in URL handling
- Low CVE-2013-0899: Integer overflow in Opus handling
- Medium CVE-2013-0900: Race condition in ICU

* Make adjustment for autodetecting of the PepperFlash library.
The package with the PepperFlash hopefully will be soon
available through packman

Tue Feb 12 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 26.0.1411

* Bug and stability fixes

Sun Feb 3 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 26.0.1403

* Bug and stability fixes

Sat Jan 26 13:00:00 2013 crrodriguezAATTopensuse.org
- Using system libxml2 requires system libxslt.
- Using system MESA does not work in i586 for some reason.

Sat Jan 26 13:00:00 2013 crrodriguezAATTopensuse.org
- Also use system MESA, factory version seems adecuate now.
- Always use system libxml2.

Fri Jan 25 13:00:00 2013 crrodriguezAATTopensuse.org
- Restrict the usage of system libraries instead of the bundled
ones to new products, too much hassle otherwise.

Fri Jan 25 13:00:00 2013 crrodriguezAATTopensuse.org
- Also link kerberos and libgps directly, do not dlopen them.

Fri Jan 25 13:00:00 2013 crrodriguezAATTopensuse.org
- Avoid using dlopen on system libraries, rpm or the package Manager
do not handle this at all. tested for a few weeks and implemented
with a macro so it can be easily disabled if problems arise.
- Use SOME system libraries instead of the bundled ones, tested for
several weeks and implemented with a macro for easy enable/Disable
in case of trouble.

Thu Jan 24 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 26.0.1393

* Bug and stability fixes

Sun Jan 13 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 26.0.1383

* Security fixes
- CVE-2012-5145: Use-after-free in SVG layout
- CVE-2012-5146: Same origin policy bypass with malformed URL
- CVE-2012-5147: Use-after-free in DOM handling
- CVE-2012-5148: Missing filename sanitization in hyphenation
support
- CVE-2012-5149: Integer overflow in audio IPC handling
- CVE-2012-5150: Use-after-free when seeking video
- CVE-2012-5152: Out-of-bounds read when seeking video
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5154: Integer overflow in shared memory allocation
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension process
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling
- CVE-2013-0835: Browser crash with geolocation
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory segments

Tue Jan 8 13:00:00 2013 tittiatcokeAATTgmail.com

* Set up Google API keys, see
http://www.chromium.org/developers/how-tos/api-keys .
[#] Note: these are for openSUSE Chromium builds ONLY!!
(Setup was done based on indication from Pawel Hajdan)

Fri Jan 4 13:00:00 2013 tittiatcokeAATTgmail.com
- Update to 26.0.1375

* Bug and stability fixes

Thu Dec 27 13:00:00 2012 tittiatcokeAATTgmail.com
- Change the default setting for password-store to basic.
(bnc#795860)

Wed Dec 26 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 26.0.1371

* Bug and stability fixes

Thu Dec 20 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 26.0.1367

* Bug and stability fixes

Sat Dec 15 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 25.0.1362

* Security fixes (bnc#794075):
- CVE-2012-5139: Use-after-free with visibility events
- CVE-2012-5140: Use-after-free in URL loader
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
- CVE-2012-5142: Crash in history navigation.
- CVE-2012-5143: Integer overflow in PPAPI image buffers
- CVE-2012-5144: Stack corruption in AAC decoding

Thu Dec 6 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 25.0.1352

* Fixed garbled header and footer text in print preview.
[Issue: 152893]

* Fixed extension action badges with long text. [Issue: 160069]

* Disable find if constrained window is shown. [Issue: 156969]

* Enable fullscreen for apps windows. [Issue: 161246]

* Fixed broken profile with system-wide installation and
UserDataDir & DiskCacheDir policy. [Issue: 161336]

* Fixed stability crashes like 158747, 159437, 149139, 160914,
160401, 161858, 158747, 156878

* Fixed graphical corruption in Dust. [Issue: 155258]

* Fixed scrolling issue. [Issue: 163553]

Fri Nov 30 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 25.0.1343

* Security Fixes (bnc#791234 and bnc#792154):
- CVE-2012-5131: Corrupt rendering in the Apple OSX driver for
Intel GPUs
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia
- CVE-2012-5132: Browser crash with chunked encoding
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
- CVE-2012-5138: Incorrect file path handling
- CVE-2012-5137: Use-after-free in media source handling
- Correct build so that proprietary codecs can be used when
the chromium-ffmpeg package is installed

Sun Nov 25 13:00:00 2012 tittiatcokeAATTgmail.com
- Add a configuration file (/etc/default/chromium) where we can
indicate flags for the chromium-browser.

Sat Nov 24 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 25.0.1335

* {gtk} Fixed selection renders white text on white
background in apps. (Issue: 158422)

* Fixed translate infobar button to show selected language.
(Issue: 155350)

* Fixed broken Arabic language. (Issue: 158978)

* Fixed pre-rendering if the preference is disabled at start up.
(Issue: 159393)

* Fixed JavaScript rendering issue. (Issue: 159655)

* No further indications in the ChangeLog

Tue Nov 20 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 25.0.1329

* No further indications in the ChangeLog
- Removed patch chomium-ffmpeg-no-pkgconfig.patch
- Building now internal libffmpegsumo.so based on the standard
chromium ffmpeg codecs

Tue Nov 6 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 25.0.1319

* No further indications in the Changelog

Fri Oct 26 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 24.0.1308

* Updated V8 - 3.14.5.0

* Bookmarks are now searched by their title while typing into
the omnibox with matching bookmarks being shown in the
autocomplete suggestions pop-down list. Matching is done by
prefix.

* Fixed chromium issues 155871, 154173, 155133.

Tue Oct 16 14:00:00 2012 cooloAATTsuse.com
- add explicit buildrequire on libbz2-devel

Sun Oct 7 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 24.0.1290

* No further indications in the ChangeLog.

Sun Sep 30 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 24.0.1283

* Security Fixes (bnc#782257)
- High CVE-2012-2889: UXSS in frame handling
- High CVE-2012-2886: UXSS in v8 bindings.
- High CVE-2012-2881: DOM tree corruption with plug-ins.
- High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
- High CVE-2012-2883: Out-of-bounds write in Skia.
- High CVE-2012-2887: Use-after-free in onclick handling.
- High CVE-2012-2888: Use-after-free in SVG text references.
- High CVE-2012-2894: Crash in graphics context handling.
- High CVE-2012-2896: Integer overflow in WebGL.
- Medium CVE-2012-2877: Browser crash with extensions
and modal dialogs
- Low CVE-2012-2879: DOM topology corruption.
- Medium CVE-2012-2884: Out-of-bounds read in Skia.
- High CVE-2012-2874: Out-of-bounds write in Skia.
- High CVE-2012-2878: Use-after-free in plug-in handling.
- Medium CVE-2012-2880: Race condition in plug-in paint buffer.
- High CVE-2012-2882: Wild pointer in OGG container handling.
- Medium CVE-2012-2885: Possible double free on exit.
- Low CVE-2012-2891: Address leak over IPC.
- Low CVE-2012-2892: Pop-up block bypass.
- High CVE-2012-2893: Double free in XSL transforms.

Sat Sep 15 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 23.0.1268

* Updated V8 - 3.13.6.0

* Updated WebKit - 537.10

* Make the new sandbox more robust when denying socket calls.

* Fix crashes (Issues 142388 and 146606)

Fri Sep 7 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 23.0.1259

* No further indications in the ChangeLog.

Sun Sep 2 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 23.0.1255

* Security Fixes (bnc#778005):
- Medium CVE-2012-2865: Out-of-bounds read in line breaking.
- High CVE-2012-2866: Bad cast with run-ins.
- Low CVE-2012-2867: Browser crash with SPDY.
- Medium CVE-2012-2868: Race condition with workers and XHR.
- High CVE-2012-2869: Avoid stale buffer in URL loading.
- Low CVE-2012-2870: Lower severity memory management issues
in XPath.
- High CVE-2012-2871: Bad cast in XSL transforms.
- Medium CVE-2012-2872: XSS in SSL interstitial.

Wed Aug 29 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 23.0.1249

* No longer building with system libraries. This caused issues
with high CPU utilization and a blank homescreen. Now the
in-source libraries are used.

Sun Aug 19 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 23.0.1240

* Duplex Printing defaults to Yes, which prints extra pages even
for a 1 page print out (Issue 138312).

* Print preview takes forever on Win XP (issue: 140044)

* Anti-DDoS inversion of logic (Issues: 141643, 141081)

* Projectmanager.com application causes Flash to hang
(Issue: 141018)

* An additional scroll bar appears at the right on many sites
(issue: 140239)

* Setting and unsetting display:none obliterates current scroll
position (issue: 140101)
- Utilize the patched zlib sources from Chromium in order to build

Fri Aug 3 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 22.0.1226

* Security Fixes (bnc#770821):
CVE-2012-2843: Use-after-free in layout height tracking
CVE-2012-2842: Use-after-free in counter handling

Mon Jul 30 14:00:00 2012 ajAATTsuse.de
- Fix build with glibc 2.16 (struct siginfo is not exported anymore).

Sun Jul 29 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 22.0.1221

* Several crash fixes (Issues: 131310, 134574)

* Can\'t press Enter to save to PDF (Issue: 137690)

Wed Jul 25 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 22.0.1218

* New Connection Manager

* New Print UI.

* No further indications in the ChangeLog.

Sun Jul 8 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 22.0.1201

* No further indications in the ChangeLog.
- exclude ppc and ppc64. There is no v8 for ppc. (Update from
dvaleevAATTsuse.com)

Fri Jun 29 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 22.0.1190

* Security Fixes:

* CVE-2012-2815: Leak of iframe fragment id

* CVE-2012-2816: Prevent sandboxed processes interfering with
each other

* CVE-2012-2817: Use-after-free in table section handling

* CVE-2012-2818: Use-after-free in counter layout

* CVE-2012-2819: Crash in texture handling

* CVE-2012-2820: Out-of-bounds read in SVG filter handling

* CVE-2012-2821: Autofill display problem

* CVE-2012-2823: Use-after-free in SVG resource handling

* CVE-2012-2826: Out-of-bounds read in texture conversion

* CVE-2012-2829: Use-after-free in first-letter handling

* CVE-2012-2830: Wild pointer in array value setting

* CVE-2012-2831: Use-after-free in SVG reference handling

* CVE-2012-2834: Integer overflow in Matroska container

* CVE-2012-2825: Wild read in XSL handling

* CVE-2012-2807: Integer overflows in libxml

* Fix update-alternatives within the spec-file

Thu Jun 21 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 22.0.1183

* Content settings for Cookies now also show protected storage
granted to hosted apps

* Chromoting client plugin correctly up-scales on when page-zoom
is >100%.

Tue Jun 19 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 21.0.1181

* Bugfixes.

* Remove obsolete patch

* Do not execute update-alternatives when building

Fri Jun 15 14:00:00 2012 cooloAATTsuse.com
- fix update-alternative usage to fix build

Thu May 31 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 21.0.1158

* Bugfixes

* Gamepad API prototype http://www.w3.org/TR/gamepad/
available by default.

* TLS 1.1 is enabled by default.

Sun May 20 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 21.0.1145

* Fixed several issues around audio not playing with videos

* Crash Fixes

* Improvements to trackpad on Cr-48

* Security Fixes (bnc#762481)
- CVE-2011-3083: Browser crash with video + FTP
- CVE-2011-3084: Load links from internal pages in their
own process.
- CVE-2011-3085: UI corruption with long autofilled values
- CVE-2011-3086: Use-after-free with style element.
- CVE-2011-3087: Incorrect window navigation
- CVE-2011-3088: Out-of-bounds read in hairline drawing
- CVE-2011-3089: Use-after-free in table handling.
- CVE-2011-3090: Race condition with workers.
- CVE-2011-3091: Use-after-free with indexed DB
- CVE-2011-3092: Invalid write in v8 regex
- CVE-2011-3093: Out-of-bounds read in glyph handling
- CVE-2011-3094: Out-of-bounds read in Tibetan handling
- CVE-2011-3095: Out-of-bounds write in OGG container.
- CVE-2011-3096: Use-after-free in GTK omnibox handling.
- CVE-2011-3098: Bad search path for Windows Media Player
plug-in
- CVE-2011-3100: Out-of-bounds read drawing dash paths.
- CVE-2011-3101: Work around Linux Nvidia driver bug
- CVE-2011-3102: Off-by-one out-of-bounds write in libxml.

Sun May 13 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 21.0.1137

* Fixes crashes when manually typing in URL\'s

Fri May 11 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 21.0.1135.0

* Added patch for Sqlite which should resolve crashes when build
with GCC 4.7

* Fixes for rendering and stability

* Fixed about:inducebrowsercrashforrealz (Issue: 124843)

* Mouse over on apps/extensions makes place holder blank in
web store. (Issue: 125777)

* Security Fixes (bnc#760264):
- CVE-2011-3078: Use after free in floats handling.
- CVE-2012-1521: Use after free in xml parser.
- CVE-2011-3079: IPC validation failure.
- CVE-2011-3080: Race condition in sandbox IPC
- CVE-2011-3081: Use after free in floats handling.

Sun Apr 29 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 20.0.1123.0

Fri Apr 27 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 20.0.1119.0
Fixes
- Adjust spec-file to include two new resource files that are
required for the UI. (bnc#759381)

Wed Apr 25 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 20.0.1116.0

* Fixes and update to newer v8 version

Thu Apr 19 14:00:00 2012 tittiatcokeAATTgmail.com
- Added the ChromeDriver as a separate package. Normal users
will not require this as it is a standalone server for testing
webbrowsers

Tue Apr 17 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 20.0.1106.0

* Fixes issues with fonts (Issue: 108645).

* Enable the Chrome To Mobile page action for users with
compatible registered devices

* file: downloads allowed again

Fri Apr 13 14:00:00 2012 fcrozatAATTsuse.com
- Use desktop_database macros at install time.

Fri Apr 6 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 20.0.1094.0
Fixes:

* Other Devices menu shows last update time for other sessions,
and allows sessions to be hidden using a context menu.

* Fix sync issue with sessions (open tabs) triggering an
unrecoverable error.

* Fixed Sync/Apps: NTP apps icons missing after sync.
[Issue: 117857]

* Fixed bookmarks drag-n-drop in Bookmark Manager.
[Issue: 118715]
Security Fixes:

* Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.

* Medium CVE-2011-3067: Cross-origin iframe replacement.

* High CVE-2011-3068: Use-after-free in run-in handling.

* High CVE-2011-3069: Use-after-free in line box handling.

* High CVE-2011-3070: Use-after-free in v8 bindings.

* High CVE-2011-3071: Use-after-free in HTMLMediaElement.

* Low CVE-2011-3072: Cross-origin violation parenting pop-up
window.

* High CVE-2011-3073: Use-after-free in SVG resource handling.

* Medium CVE-2011-3074: Use-after-free in media handling.

* High CVE-2011-3075: Use-after-free applying style command.

* High CVE-2011-3076: Use-after-free in focus handling.

* Medium CVE-2011-3077: Read-after-free in script bindings.

Tue Apr 3 14:00:00 2012 tittiatcokeAATTgmail.com
- Update to 20.0.1090
Fixes:

* Fixed issue cannot add GMail app to Chrome. [Issue: 119975]

* Fixed theme and bookmarks bar notifications. [Issue: 117027]

* Fixed popup prompting permission for flash plugin.
[Issue: 120358]
Security Fixes:

* Medium CVE-2011-3058: Bad interaction possibly leading to
XSS in EUC-JP.

* Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.

* Medium CVE-2011-3060: Out-of-bounds read in text fragment
handling.

* Medium CVE-2011-3061: SPDY proxy certificate checking error.

* High CVE-2011-3062: Off-by-one in OpenType Sanitizer.

* Low CVE-2011-3063: Validate navigation requests from the
renderer more carefully.

* High CVE-2011-3064: Use-after-free in SVG clipping.

* High CVE-2011-3065: Memory corruption in Skia.

* Medium CVE-2011-3057: Invalid read in v8.

Sat Mar 24 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1079
Security Fixes (bnc#754456):

* High CVE-2011-3050: Use-after-free with first-letter handling

* High CVE-2011-3045: libpng integer issue from upstream

* High CVE-2011-3051: Use-after-free in CSS cross-fade handling

* High CVE-2011-3052: Memory corruption in WebGL canvas handling

* High CVE-2011-3053: Use-after-free in block splitting

* Low CVE-2011-3054: Apply additional isolations to webui
privileges

* Low CVE-2011-3055: Prompt in the browser native UI for unpacked
extension installation

* High CVE-2011-3056: Cross-origin violation with “magic iframe”.

* Low CVE-2011-3049: Extension web request API can interfere with
system requests
Other Fixes:

* The short-cut key for caps lock (Shift + Search) is disabled
when an accessibility screen reader is enabled

* Fixes an issue with files not being displayed in File Manager
when some file names contain UTF-8 characters (generally
accented characters)

* Fixed dialog boxes in settings. (Issue: 118031)

* Fixed flash videos turning white on mac when running with
- -disable-composited-core-animation-plugins (Issue: 117916)

* Change to look for correctly sized favicon when multiple images
are provided. (Issue: 118275)

* Fixed issues - 116044, 117470, 117068, 117668, 118620

Wed Mar 21 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1077

Sun Mar 18 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1074
- Build Chromium on openSUSE > 12.1 with the gold linker
- Fix build issues with GCC 4.7

Thu Mar 15 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1071

* Several fixes and improvements in the new Settings, Extensions,
and Help pages.

* Fixed the flashing when switched between composited and
non-composited mode. [Issue: 116603]

* Fixed stability issues 116913, 117217, 117347, 117081

Sun Mar 11 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1066

* Fixed Chrome install/update resets Google search preferences
(Issue: 105390)

* Don\'t trigger accelerated compositing on 3D CSS when using
swiftshader (Issue: 116401)

* Fixed a GPU crash (Issue: 116096)

* More fixes for Back button frequently hangs (Issue: 93427)

* Bastion now works (Issue: 116285)

* Fixed Composited layer sorting irregularity with accelerated
canvas (Issue: 102943)

* Fixed Composited layer sorting irregularity with accelerated
canvas (Issue: 102943)

* Fixed Google Feedback causes render process to use too much
memory (Issue: 114489)

* Fixed after upgrade, some pages are rendered as blank
(Issue: 109888)

* Fixed Pasting text into a single-line text field shouldn\'t
keep literal newlines (Issue: 106551)
- Security Fixes:

* Critical CVE-2011-3047: Errant plug-in load and GPU process
memory corruption

* Critical CVE-2011-3046: UXSS and bad history navigation.

Mon Mar 5 13:00:00 2012 vdziewieckiAATTsuse.com
- add Provides: browser(npapi) FATE#313084

Sat Mar 3 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1060

* Fixed NTP signed in state is missing (Issue: 112676)

* Fixed gmail seems to redraw itself (all white) occasionally
(Issue: 111263)

* Focus \"OK\" button on Javascript dialogs (Issue: 111015)

* Fixed Back button frequently hangs (Issue: 93427)

* Increase the buffer size to fix muted playback rate
(Issue: 108239)

* Fixed Empty span with line-height renders with non-zero height
(Issue: 109811)

* Marked the Certum Trusted Network CA as an issuer of
extended-validation (EV) certificates.

* Fixed importing of bookmarks, history, etc. from Firefox 10+.

* Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636,
112676

* Fixed several crashes (Issues: 111376, 108688, 114391)

* Fixed Firefox browser in Import Bookmarks and Settings
drop-down (Issue: 114476)

* Sync: Sessions aren\'t associating pre-existing tabs
(Issue: 113319)

* Fixed All \"Extensions\" make an entry under the \"NTP Apps\"
page (Issue: 113672)
+ Security Fixes (bnc#750407):

* High CVE-2011-3031: Use-after-free in v8 element wrapper.

* High CVE-2011-3032: Use-after-free in SVG value handling.

* High CVE-2011-3033: Buffer overflow in the Skia drawing library.

* High CVE-2011-3034: Use-after-free in SVG document handling.

* High CVE-2011-3035: Use-after-free in SVG use handling.

* High CVE-2011-3036: Bad cast in line box handling.

* High CVE-2011-3037: Bad casts in anonymous block splitting.

* High CVE-2011-3038: Use-after-free in multi-column handling.

* High CVE-2011-3039: Use-after-free in quote handling.

* High CVE-2011-3040: Out-of-bounds read in text handling.

* High CVE-2011-3041: Use-after-free in class attribute handling.

* High CVE-2011-3042: Use-after-free in table section handling.

* High CVE-2011-3043: Use-after-free in flexbox with floats.

* High CVE-2011-3044: Use-after-free with SVG animation elements.
- Remove the external ffmepg headers and start using the ones
delivered with Chromium. Changes to Chromium are no longer in line
with any ffmpeg version :-(. So we can only use the Chromium
ffmpeg headers.

Mon Feb 20 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1046

* Security updates
+ CVE-2011-3015: Integer overflows in PDF codecs.
+ CVE-2011-3016: Read-after-free with counter nodes.
+ CVE-2011-3017: Possible use-after-free in database handling.
+ CVE-2011-3018: Heap overflow in path rendering.
+ CVE-2011-3019: Heap buffer overflow in MKV handling.
+ CVE-2011-3020: Native client validator error.
+ CVE-2011-3021: Use-after-free in subframe loading.
+ CVE-2011-3022: Inappropriate use of http for translation script.
+ CVE-2011-3023: Use-after-free with drag and drop.
+ CVE-2011-3024: Browser crash with empty x509 certificate.
+ CVE-2011-3025: Out-of-bounds read in h.264 parsing.
+ CVE-2011-3026: Integer overflow / truncation in libpng.
+ CVE-2011-3027: Bad cast in column handling.

Wed Feb 15 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1042

* Make speech input bubble borders close with the bubble
[Issue: 112194]

* Fixed stability issues
[Issues: 113531, 113492, 113654, 113546, 113847, 114011]

* Use Google’s online spellchecker to identify misspelled words
as well as provide suggestions, for pasted text only.

* Fix: open incognito windows at exit created extra normal
windows when the session was restored

* When translating a page, get the code and translation via HTTPS

Fri Feb 10 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1037

* Fix crashing timing bug where panel animates after its closed
(issue#111120)

* Remove patch to build with newer glib version. This was merged
upstream

* Added option to disable building with gold for x86_64. Used
linker option \"--icf=none\" is not supported yet.

Mon Feb 6 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 19.0.1031

* Block plugins for platform apps
To block plugins a new content settings has been added, with
the highest priority (i.e. at the front of the list). This
could be used down the track to hang off more platform app
specific stuff.

* Remove unconditional -msse3 -mssse3 CFLAGS from media.gyp
(issue#107532)

* Refactoring of Settings page

* Other bugfixes

* Security Fixes:
CVE-2011-3953: Avoid clipboard monitoring after paste event.
CVE-2011-3954: Crash with excessive database usage.
CVE-2011-3955: Crash aborting an IndexDB transaction
CVE-2011-3956: Incorrect handling of sandboxed origins inside
extensions
CVE-2011-3957: Use-after-free in PDF garbage collection
CVE-2011-3958: Bad casts with column spans
CVE-2011-3959: Buffer overflow in locale handling
CVE-2011-3960: Out-of-bounds read in audio decoding
CVE-2011-3961: Race condition after crash of utility process
CVE-2011-3962: Out-of-bounds read in path clipping
CVE-2011-3963: Out-of-bounds read in PDF fax image handling
CVE-2011-3964: URL bar confusion after drag + drop
CVE-2011-3965: Crash in signature check
CVE-2011-3966: Use-after-free in stylesheet error handling
CVE-2011-3967: Crash with unusual certificate.
CVE-2011-3968: Use-after-free in CSS handling
CVE-2011-3969: Use-after-free in SVG layout.
CVE-2011-3970: Out-of-bounds read in libxslt
CVE-2011-3971: Use-after-free with mousemove events
CVE-2011-3972: Out-of-bounds read in shader translator

Sun Jan 29 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 18.0.1022

* Security fixes (bnc#743319)
+ CVE-2011-3924 Use-after-free vulnerability
+ CVE-2011-3925 Use-after-free vulnerability
+ CVE-2011-3926 Heap-based buffer overflow in the tree builder
+ CVE-2011-3927 Skia does not perform all required
initialization of values
+ CVE-2011-3928 Use-after-free vulnerability

* Compile the chrome_sandbox binary with -fPIE flags

Mon Jan 23 13:00:00 2012 tittiatcokeAATTgmail.com
- Update to 18.0.1017

* Security Issues fixed (bnc#740493)
+ CVE-2011-3921 Use-after-free in animation frames
+ CVE-2011-3919 Heap-buffer-overflow in libxml
+ CVE-2011-3922 Stack-buffer-overflow in glyph handling

Sat Dec 31 13:00:00 2011 tittiatcokeAATTgmail.com
- Update to 18.0.992

* Delay some extension startup until after first run import.
(issue 108286)

* Add function support for Sleep with TimeDelta input.
(issue 108171)

* Make webstore installs work when the Downloads folder is missing.
(issue 108812)

* Disable GL_EXT_texture_storage support in Linux. (issue 107782)

Wed Dec 28 13:00:00 2011 tittiatcokeAATTgmail.com
- Update to 18.0.985
+ Webkit layout:

* Suppress a leak in http/tests/appcache/reload.html
(issue 108621)

* Suppress a leak in xmlhttprequest/workers/referer.html
(issue 108622)

* Extend the suppression for uninit value in
fast/forms/input-text-paste-maxlength.html (issue 106183)

* Suppress memory leaks in
fast/files/workers/worker-read-blob-async.html
(issue 108624)

* Suppress a leak in
websocket/tests/hybi/workers/receive-arraybuffer.html
(issue 108627)

* Suppress a leak in
http/tests/xmlhttprequest/workers/methods-async.html
(issue 108628)
+ Set opaque on the WebMediaPlayerClient based on the decoder

Mon Dec 19 13:00:00 2011 tittiatcokeAATTgmail.com
- Update to 18.0.975
+ Updating extensions code to use UTF16. (issue#71980)
+ Assign F5 to cycle forward (issue#107417)
+ [Sync] Add NOTREACHED for empty passphrase (issue#104189)
+ Add libudev as build-dependency (issue#79050)
+ Enable mnemonic and bookmark folder key activation on menu
(issue#107869)
- Removed conflict with xine-browser-plugins.

Wed Dec 14 13:00:00 2011 tittiatcokeAATTgmail.com
- Update to 18.0.972

* Security issues fixed: (bnc#736716)
+ CVE-2011-3903: Out-of-bounds read in regex matching.
+ CVE-2011-3905: Out-of-bounds reads in libxml.
+ CVE-2011-3906: Out-of-bounds read in PDF parser.
+ CVE-2011-3907: URL bar spoofing with view-source.
+ CVE-2011-3908: Out-of-bounds read in SVG parsing.
+ CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array.
+ CVE-2011-3910: Out-of-bounds read in YUV video frame
handling.
+ CVE-2011-3911: Out-of-bounds read in PDF.
+ CVE-2011-3912: Use-after-free in SVG filters.
+ CVE-2011-3914: Out-of-bounds write in v8 i18n handling
+ CVE-2011-3915: Buffer overflow in PDF font handling.
+ CVE-2011-3916: Out-of-bounds reads in PDF cross references.
+ CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
+ CVE-2011-3904: Use-after-free in bidi handling.

* No longer build against the system libjpeg, but build against
the libjpeg that comes with Chromium to prevent graphics
issues

* Chromium for openSUSE:Factory now builds against libjpeg8

* Removed explicit -fPIC from the C-flags

Sat Dec 10 13:00:00 2011 tittiatcokeAATTgmail.com
- Update to 18.0.968
+ Print preview: Disable the right context menu items in print
preview. (issue#106876,#106915)
+ Fix page zoom for plug-in documents (PDF, etc.)
(issue#106013,#106228)
+ ntp: track number of times a user switches pages in a single
session (issue#106575)
+
 
ICM