Changelog for
chromium-headless-125.0.6422.60-1.fc38.x86_64.rpm :
* Thu May 16 2024 Than Ngo
- 125.0.6422.60-1- update to 125.0.6422.60
* High CVE-2024-4947: Type Confusion in V8
* High CVE-2024-4948: Use after free in Dawn
* Medium CVE-2024-4949: Use after free in V8
* Low CVE-2024-4950: Inappropriate implementation in Downloads
* Sun May 12 2024 Than Ngo - 125.0.6422.41-1- update to 125.0.6422.41
* Sat May 11 2024 Than Ngo - 124.0.6367.201-2- include headless_command_resources.pak for headless_shell
* Fri May 10 2024 Than Ngo - 124.0.6367.201-1- update to 124.0.6367.201
* High CVE-2024-4671: Use after free in Visuals
* Wed May 08 2024 Than Ngo - 124.0.6367.155-1- update to 124.0.6367.155
* High CVE-2024-4558: Use after free in ANGLE
* High CVE-2024-4559: Heap buffer overflow in WebAudio
* Sun May 05 2024 Than Ngo - 124.0.6367.118-2- fixed build errors on el8- refreshed clean_ffmpeg.sh- added missing files for bundle ffmpeg
* Wed May 01 2024 Than Ngo - 124.0.6367.118-1- update to 124.0.6367.118
* High CVE-2024-4331: Use after free in Picture In Picture
* High CVE-2024-4368: Use after free in Dawn- use system highway
* Sat Apr 27 2024 Than Ngo - 124.0.6367.91-1- update to 124.0.6367.91- fixed bz#2277228 - chromium wrapper causes library issues (symbol lookup error)- use system dav1d
* Wed Apr 24 2024 Than Ngo - 124.0.6367.78-1- update to 124.0.6367.78
* Critical CVE-2024-4058: Type Confusion in ANGLE
* High CVE-2024-4059: Out of bounds read in V8 API
* High CVE-2024-4060: Use after free in Dawn
* Sat Apr 20 2024 Than Ngo - 124.0.6367.60-2- fix waylang regression
* Tue Apr 16 2024 Than Ngo - 124.0.6367.60-1- update to 124.0.6367.60
* Thu Apr 11 2024 Than Ngo - 123.0.6312.122-1- update to 123.0.6312.122
* High CVE-2024-3157: Out of bounds write in Compositing
* High CVE-2024-3516: Heap buffer overflow in ANGLE
* High CVE-2024-3515: Use after free in Dawn
* Wed Apr 03 2024 Than Ngo - 123.0.6312.105-1- update to 123.0.6312.105
* High CVE-2024-3156: Inappropriate implementation in V8
* High CVE-2024-3158: Use after free in Bookmarks
* High CVE-2024-3159: Out of bounds memory access in V8
* Wed Mar 27 2024 Than Ngo - 123.0.6312.86-2- update to 123.0.6312.86
* Critical CVE-2024-2883: Use after free in ANGLE
* High CVE-2024-2885: Use after free in Daw
* High CVE-2024-2886: Use after free in WebCodecs
* High CVE-2024-2887: Type Confusion in WebAssembly
* Sat Mar 23 2024 Than Ngo - 123.0.6312.58-2- fixed bz#2269768 - enable build ppc64le package for F40- fixed bz#2270321 - VAAPI flags in chromium.conf are out of date- fixed bz#2271183 - disable screen ai service
* Wed Mar 20 2024 Than Ngo - 123.0.6312.58-1- update to 123.0.6312.58
* High CVE-2024-2625: Object lifecycle issue in V8
* Medium CVE-2024-2626: Out of bounds read in Swiftshader
* Medium CVE-2024-2627: Use after free in Canvas
* Medium CVE-2024-2628: Inappropriate implementation in Downloads
* Medium CVE-2024-2629: Incorrect security UI in iOS
* Medium CVE-2024-2630: Inappropriate implementation in iOS
* Low CVE-2024-2631: Inappropriate implementation in iOS
* Fri Mar 15 2024 Than Ngo - 123.0.6312.46-1- update to 123.0.6312.46
* Wed Mar 13 2024 Than Ngo - 122.0.6261.128-1- upstream security release 122.0.6261.128
* High CVE-2024-2400: Use after free in Performance Manager
* Mon Mar 11 2024 Than Ngo - 122.0.6261.111-2- enable ppc64le build
* Wed Mar 06 2024 Than Ngo - 122.0.6261.111-1- upstream security release 122.0.6261.111
* High CVE-2024-2173: Out of bounds memory access in V8
* High CVE-2024-2174: Inappropriate implementation in V8
* High CVE-2024-2176: Use after free in FedCM
* Wed Feb 28 2024 Than Ngo - 122.0.6261.94-1- upstream security release 122.0.6261.94
* High : Type Confusion in V8- fixed bz#2265957, added correct platform in chromium use agent
* Tue Feb 27 2024 Łukasz Wojniłowicz - 122.0.6261.69-3- Make building of chromedriver optional
* Tue Feb 27 2024 Jiri Vanek - 122.0.6261.69-2- Rebuilt for java-21-openjdk as system jdk
* Fri Feb 23 2024 Than Ngo - 122.0.6261.69-1- update to 122.0.6261.69- fix build error on el8- bz#2265039, built with -fwrapv for improved memory safety- bz#2265043, built with -ftrivial-auto-var-init=zero for improved security and preditability
* Wed Feb 21 2024 Than Ngo - 122.0.6261.57-1- update to 122.0.6261.57
* High CVE-2024-1669: Out of bounds memory access in Blink
* High CVE-2024-1670: Use after free in Mojo
* Medium CVE-2024-1671: Inappropriate implementation in Site Isolation
* Medium CVE-2024-1672: Inappropriate implementation in Content Security Policy
* Medium CVE-2024-1673: Use after free in Accessibility
* Medium CVE-2024-1674: Inappropriate implementation in Navigation
* Medium CVE-2024-1675: Insufficient policy enforcement in Download
* Low CVE-2024-1676: Inappropriate implementation in Navigation.
* Sun Feb 18 2024 Than Ngo - 122.0.6261.39-1- update to 122.0.6261.39
* Wed Feb 14 2024 Than Ngo - 121.0.6167.184-1- update to 121.0.6167.184
* Wed Feb 07 2024 Than Ngo - 121.0.6167.160-1- update to 121.0.6167.160
* High CVE-2024-1284: Use after free in Mojo
* High CVE-2024-1283: Heap buffer overflow in Skia
* Thu Feb 01 2024 Than Ngo - 121.0.6167.139-2- Support for 64K pages on Linux/AArch64
* Wed Jan 31 2024 Than Ngo - 121.0.6167.139-1- update to 121.0.6167.139
* High CVE-2024-1060: Use after free in Canvas
* High CVE-2024-1059: Use after free in WebRTC
* High CVE-2024-1077: Use after free in Network
* Wed Jan 24 2024 Than Ngo - 121.0.6167.85-1- update to 121.0.6167.85
* High CVE-2024-0807: Use after free in WebAudio
* High CVE-2024-0812: Inappropriate implementation in Accessibility
* High CVE-2024-0808: Integer underflow in WebUI
* Medium CVE-2024-0810: Insufficient policy enforcement in DevTools
* Medium CVE-2024-0814: Incorrect security UI in Payments
* Medium CVE-2024-0813: Use after free in Reading Mode
* Medium CVE-2024-0806: Use after free in Passwords
* Medium CVE-2024-0805: Inappropriate implementation in Downloads
* Medium CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* Low CVE-2024-0811: Inappropriate implementation in Extensions API
* Low CVE-2024-0809: Inappropriate implementation in Autofill
* Tue Jan 23 2024 Than Ngo - 121.0.6167.71-1- update to 121.0.6167.71
* Tue Jan 23 2024 Fedora Release Engineering - 120.0.6099.224-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Jan 16 2024 Than Ngo - 120.0.6099.224-1- update to 120.0.6099.224
* High CVE-2024-0517: Out of bounds write in V8
* High CVE-2024-0518: Type Confusion in V8
* High CVE-2024-0519: Out of bounds memory access in V8
* Wed Jan 10 2024 Than Ngo - 120.0.6099.216-1- update to 120.0.6099.216
* High CVE-2024-0333: Insufficient data validation in Extensions
* Thu Jan 04 2024 Than Ngo - 120.0.6099.199-1- new gn update, drop workaround for broken gn on epel 8/9- update to 120.0.6099.199
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
* Thu Dec 21 2023 Than Ngo - 120.0.6099.129-1- update to 120.0.6099.129
* High CVE-2023-7024: Heap buffer overflow in WebRTC
* Wed Dec 13 2023 Than Ngo - 120.0.6099.109-1- update to 120.0.6099.109
* High CVE-2023-6702: Type Confusion in V8
* High CVE-2023-6703: Use after free in Blink
* High CVE-2023-6704: Use after free in libavif
* High CVE-2023-6705: Use after free in WebRTC
* High CVE-2023-6706: Use after free in FedCM
* Medium CVE-2023-6707: Use after free in CSS
* Fri Dec 08 2023 Than Ngo - 120.0.6099.71-1- update to 120.0.6099.71
* Wed Dec 06 2023 Than Ngo - 120.0.6099.62-2- drop unsupported ldflag which caused build failure
* Tue Dec 05 2023 Than Ngo - 120.0.6099.62-1- update to 120.0.6099.62- fixed bz#2252874, built with control flow integrity (CFI) support
* Sat Dec 02 2023 Than Ngo - 120.0.6099.56-1- update to 120.0.6099.56 - enable qt6 UI backend
* Sat Dec 02 2023 Than Ngo - 119.0.6045.199-2- fixed bz#2242271, built with bundleminizip in fedora > 39- fixed bz#2251884, built with fstack-protector-strong for improved security
* Wed Nov 29 2023 Than Ngo - 119.0.6045.199-1- update to 119.0.6045.199
* Sun Nov 19 2023 Than Ngo - 119.0.6045.159-2- fix ffmpeg conflicts
* Wed Nov 15 2023 Than Ngo - 119.0.6045.159-1- update to 119.0.6045.159, upstream security release High CVE-2023-5997, use after free in Garbage Collection High CVE-2023-6112, use after free in Navigation- add Requires/Conflicts for ABI break in fmpeg-free 6.0.1- drop first_dts patch, reintroduce first_dts patch in ffmpeg-free-6.0.1- fixed python3 syntaxWarning: invalid escape sequenc- skip clang\'s patches for epel8 that now gets clang-16 update
* Mon Nov 13 2023 Than Ngo - 119.0.6045.123-2- fixed bz#2240127, Some h.264 mp4s do not play
* Wed Nov 08 2023 Than Ngo - 119.0.6045.123-1- update to 119.0.6045.123, include following security fixes: high CVE-2023-5996: Use after free in WebAudio
* Tue Nov 07 2023 Than Ngo - 119.0.6045.105-2- enable debuginfo
* Wed Nov 01 2023 Than Ngo - 119.0.6045.105-1- update to 119.0.6045.105
* Fri Oct 27 2023 Than Ngo - 119.0.6045.59-1- update 119.0.6045.59
* Wed Oct 25 2023 Than Ngo - 118.0.5993.117-1- update to 118.0.5993.117
* Wed Oct 18 2023 Than Ngo - 118.0.5993.88-1- update to 118.0.5993.88- cleanup the package dependencies
* Mon Oct 16 2023 Than Ngo - 118.0.5993.70-2- fix tab crash with SIGTRAP when using system ffmpeg
* Wed Oct 11 2023 Than Ngo - 118.0.5993.70-1- update to 118.0.5993.70 - CVE-2023-5218: Use after free in Site Isolation. - CVE-2023-5487: Inappropriate implementation in Fullscreen. - CVE-2023-5484: Inappropriate implementation in Navigation. - CVE-2023-5475: Inappropriate implementation in DevTools. - CVE-2023-5483: Inappropriate implementation in Intents. - CVE-2023-5481: Inappropriate implementation in Downloads. - CVE-2023-5476: Use after free in Blink History. - CVE-2023-5474: Heap buffer overflow in PDF. - CVE-2023-5479: Inappropriate implementation in Extensions API. - CVE-2023-5485: Inappropriate implementation in Autofill. - CVE-2023-5478: Inappropriate implementation in Autofill. - CVE-2023-5477: Inappropriate implementation in Installer. - CVE-2023-5486: Inappropriate implementation in Input. - CVE-2023-5473: Use after free in Cast.
* Sat Oct 07 2023 Than Ngo - 118.0.5993.54-1- update to 118.0.5993.54- drop use_gnome_keyring as it\'s removed by upstream
* Thu Oct 05 2023 Than Ngo - 117.0.5938.149-1- update to 117.0.5938.149- fix CVE-2023-5346: Type Confusion in V8
* Fri Sep 29 2023 Than Ngo - 117.0.5938.132-2- add workaround for the crash on BTI capable system
* Thu Sep 28 2023 Than Ngo - 117.0.5938.132-1- update to 117.0.5938.132- CVE-2023-5217, heap buffer overflow in vp8 encoding in libvpx.- CVE-2023-5186, use after free in Passwords.- CVE-2023-5187, use after free in Extensions.
* Sat Sep 23 2023 Than Ngo - 117.0.5938.92-2- backport upstream patch to fix memory leak
* Fri Sep 22 2023 Than Ngo - 117.0.5938.92-1- update to 117.0.5938.92
* Sun Sep 17 2023 Than Ngo - 117.0.5938.88-1- update to 117.0.5938.88
* Wed Sep 13 2023 Than Ngo - 117.0.5938.62-1- update to 117.0.5938.62
* Tue Sep 12 2023 Than Ngo - 116.0.5845.187-1- update to 116.0.5845.187
* Fri Sep 08 2023 Than Ngo - 116.0.5845.179-1- update to 116.0.5845.179
* Tue Aug 15 2023 Than Ngo - 116.0.5845.96-1- update to 116.0.5845.96
* Wed Aug 09 2023 Than Ngo - 115.0.5790.170-2- set use_all_cpus=1 for aarch64
* Thu Aug 03 2023 Than Ngo - 115.0.5790.170-1- update to 115.0.5790.170
* Wed Jul 26 2023 Than Ngo - 115.0.5790.110-1- update to 115.0.5790.110
* Sat Jul 22 2023 Than Ngo - 115.0.5790.102-1- update to 115.0.5790.102
* Tue Jul 18 2023 Than Ngo - 115.0.5790.98-1- update to 115.0.5790.98
* Tue Jun 27 2023 Than Ngo - 114.0.5735.198-1- update to 114.0.5735.198
* Wed Jun 14 2023 Than Ngo - 114.0.5735.133-1- update to 114.0.5735.133 - Enable AllowQt feature flag- Fix Qt deps- Fix Qt logical scale factor
* Wed Jun 07 2023 Than Ngo - 114.0.5735.106-1- update to 114.0.5735.106
* Sun May 28 2023 Than Ngo - 114.0.5735.45-1- update to 114.0.5735.45- add qt6 linuxui backend- backport: handle scale factor changes- backport: fix font double_scaling
* Wed May 17 2023 Than Ngo - 113.0.5672.126-1- drop clang workaround for el8- update to 113.0.5672.126
* Tue May 09 2023 Than Ngo - 113.0.5672.92-1- update to 113.0.5672.92
* Wed May 03 2023 Than Ngo - 113.0.5672.63-1- update to 113.0.5672.63
* Sun Apr 23 2023 Than Ngo - 112.0.5615.165-2- make --use-gl=egl default for x11/wayland- enable WebUIDarkMode
* Thu Apr 20 2023 Than Ngo - 112.0.5615.165-1- update to 112.0.5615.165
* Mon Apr 17 2023 Than Ngo - 112.0.5615.121-2- fix vaapi issue on xwayland- fix the build order, chrome_feed_response_metadata.pb.h file not found- fix compiler flags and typo
* Sat Apr 15 2023 Than Ngo - 112.0.5615.121-1- update to 112.0.5615.121
* Wed Apr 05 2023 Than Ngo - 112.0.5615.49-1- update to 112.0.5615.49- fix #2184142, Small fonts in menus
* Tue Mar 28 2023 Than Ngo - 111.0.5563.146-1- update to 111.0.5563.146
* Sat Mar 25 2023 Neal Gompa - 111.0.5563.110-2- Fix ffmpeg note in README.fedora
* Wed Mar 22 2023 Than Ngo - 111.0.5563.110-1- update to 111.0.5563.110
* Sun Mar 12 2023 Neal Gompa - 111.0.5563.64-2- Rebuild for ffmpeg 6.0
* Tue Mar 07 2023 Than Ngo - 111.0.5563.64-1- update to 111.0.5563.64
* Mon Mar 06 2023 Than Ngo - 111.0.5563.50-1- update to 111.0.5563.50- system freetype on fedora > 36
* Thu Feb 23 2023 Than Ngo - 110.0.5481.177-1- update to 110.0.5481.177- workaround for crash on aarch64, rhel8
* Wed Feb 22 2023 Jan Grulich - 110.0.5481.100-3- Enable PipeWire screen sharing on RHEL8+
* Tue Feb 21 2023 Than Ngo - 110.0.5481.100-2- fixed bz#2036205, failed to load GLES library
* Fri Feb 17 2023 Than Ngo - 110.0.5481.100-1- update to 110.0.5481.100
* Thu Feb 16 2023 Than Ngo - 110.0.5481.77-2- fix #2071126, enable support V4L2 stateless decoders for aarch64 plattform- fix prefers-color-scheme- drop snapshot_blob.bin, replace snapshot_blob.bin with v8_context_snapshot.bin- move headless_lib
*.pak to headless subpackage
* Wed Feb 08 2023 Than Ngo - 110.0.5481.77-1- update to 110.0.5481.77
* Sat Feb 04 2023 Than Ngo - 110.0.5481.61-1- update to 110.0.5481.61
* Thu Feb 02 2023 Jan Grulich - 109.0.5414.119-2- Use ffmpeg decoders for h264 support
* Wed Jan 25 2023 Than Ngo - 109.0.5414.119-1- update to 109.0.5414.119
* Sun Jan 22 2023 Than Ngo - 109.0.5414.74-4- clean up
* Wed Jan 18 2023 Fedora Release Engineering - 109.0.5414.74-3- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Sun Jan 15 2023 Than Ngo - 109.0.5414.74-2- conditionalize system_build_flags- cleaned up gn defines- add BR on python3-importlib-metadata- set correct toolchain gcc|clang- fix FTBFS with gcc13
* Wed Jan 11 2023 Than Ngo - 109.0.5414.74-1- update to 109.0.5414.74
* Tue Jan 10 2023 Than Ngo - 108.0.5359.124-5- enable qt backend for el >= 9 and fedora >= 35- drop i686- conditional BR on java-1.8.0-openjdk-headless
* Sun Jan 08 2023 Than Ngo - 108.0.5359.124-4- vaapi support for wayland
* Wed Jan 04 2023 Than Ngo - 108.0.5359.124-3- build with system ffmpeg-free and system libaom- fix widewine extension issue- vaapi, disable UseChromeOSDirectVideoDecoder- workaround for linking issue in clang <= 14
* Sun Jan 01 2023 Tom Callaway - 108.0.5359.124-2- turn headless back on (chrome-remote-desktop will stay off, probably forever)
* Wed Dec 28 2022 Than Ngo - 108.0.5359.124-1- update to 108.0.5359.124- switch to clang
* Tue Nov 29 2022 Than Ngo - 107.0.5304.121-1- update to 107.0.5304.121
* Fri Nov 11 2022 Than Ngo - 107.0.5304.110-1- update to 107.0.5304.110
* Fri Sep 23 2022 Tom Callaway - 105.0.5195.125-2- apply upstream fix for wayland menu misplacement bug
* Mon Sep 19 2022 Tom Callaway - 105.0.5195.125-1- update to 105.0.5195.125
* Thu Sep 01 2022 Tom Callaway - 105.0.5195.52-1- update to 105.0.5195.52
* Thu Aug 18 2022 Tom Callaway - 104.0.5112.101-1- update to 104.0.5112.101
* Wed Jul 20 2022 Fedora Release Engineering - 103.0.5060.114-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jul 13 2022 Tom Callaway - 103.0.5060.114-1- update to 103.0.5060.114
* Wed Jun 22 2022 Tom Callaway - 103.0.5060.53-1- update to 103.0.5060.53
* Thu Jun 16 2022 Tom Callaway - 102.0.5005.115-2- fix minizip Requires for EL9
* Fri Jun 10 2022 Tom Callaway - 102.0.5005.115-1- update to 102.0.5005.115
* Fri Jun 03 2022 Tom Callaway - 102.0.5005.61-1- update to 102.0.5005.61