RPM Search

Changelog for chromium-101.0.4951.67-1679.1.x86_64.rpm :

* Sun May 15 2022 Andreas Stieger - Chromium 101.0.4951.67
* fixes for other platforms
* Wed May 11 2022 Andreas Stieger - Chromium 101.0.4951.64 (boo#1199409)
* CVE-2022-1633: Use after free in Sharesheet
* CVE-2022-1634: Use after free in Browser UI
* CVE-2022-1635: Use after free in Permission Prompts
* CVE-2022-1636: Use after free in Performance APIs
* CVE-2022-1637: Inappropriate implementation in Web Contents
* CVE-2022-1638: Heap buffer overflow in V8 Internationalization
* CVE-2022-1639: Use after free in ANGLE
* CVE-2022-1640: Use after free in Sharing
* CVE-2022-1641: Use after free in Web UI Diagnostics
* Wed May 04 2022 Callum Farmer - Chromium 101.0.4951.54 (boo#1199118)- Chromium 101.0.4951.41 (boo#1198917)
* CVE-2022-1477: Use after free in Vulkan
* CVE-2022-1478: Use after free in SwiftShader
* CVE-2022-1479: Use after free in ANGLE
* CVE-2022-1480: Use after free in Device API
* CVE-2022-1481: Use after free in Sharing
* CVE-2022-1482: Inappropriate implementation in WebGL
* CVE-2022-1483: Heap buffer overflow in WebGPU
* CVE-2022-1484: Heap buffer overflow in Web UI Settings
* CVE-2022-1485: Use after free in File System API
* CVE-2022-1486: Type Confusion in V8
* CVE-2022-1487: Use after free in Ozone
* CVE-2022-1488: Inappropriate implementation in Extensions API
* CVE-2022-1489: Out of bounds memory access in UI Shelf
* CVE-2022-1490: Use after free in Browser Switcher
* CVE-2022-1491: Use after free in Bookmarks
* CVE-2022-1492: Insufficient data validation in Blink Editing
* CVE-2022-1493: Use after free in Dev Tools
* CVE-2022-1494: Insufficient data validation in Trusted Types
* CVE-2022-1495: Incorrect security UI in Downloads
* CVE-2022-1496: Use after free in File Manager
* CVE-2022-1497: Inappropriate implementation in Input
* CVE-2022-1498: Inappropriate implementation in HTML Parser
* CVE-2022-1499: Inappropriate implementation in WebAuthentication
* CVE-2022-1500: Insufficient data validation in Dev Tools
* CVE-2022-1501: Inappropriate implementation in iframe- Added patches:
* chromium-101-libxml-unbundle.patch
* chromium-101-segmentation_platform-type.patch- Removed patches:
* chromium-100-SCTHashdanceMetadata-move.patch
* chromium-100-GLImplementationParts-constexpr.patch
* chromium-100-macro-typo.patch
* Thu Apr 21 2022 Callum Farmer - Fixes for go 1.18
* Fri Apr 15 2022 Andreas Stieger - Chromium 100.0.4896.127 (boo#1198509)
* CVE-2022-1364: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Tue Apr 12 2022 Andreas Stieger - Chromium 100.0.4896.88 (boo#1198361)
* CVE-2022-1305: Use after free in storage
* CVE-2022-1306: Inappropriate implementation in compositing
* CVE-2022-1307: Inappropriate implementation in full screen
* CVE-2022-1308: Use after free in BFCache
* CVE-2022-1309: Insufficient policy enforcement in developer tools
* CVE-2022-1310: Use after free in regular expressions
* CVE-2022-1311: Use after free in Chrome OS shell
* CVE-2022-1312: Use after free in storage
* CVE-2022-1313: Use after free in tab groups
* CVE-2022-1314: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Apr 10 2022 Callum Farmer - Patches for GCC 12:
* chromium-fix-swiftshader-template.patch
* chromium-missing-include-tuple.patch
* chromium-webrtc-stats-missing-vector.patch
* Tue Apr 05 2022 Andreas Stieger - Chromium 100.0.4896.75:
* CVE-2022-1232: Type Confusion in V8 (boo#1198053)
* Wed Mar 30 2022 Callum Farmer - Chromium 100.0.4896.60 (boo#1197680)
* CVE-2022-1125: Use after free in Portals
* CVE-2022-1127: Use after free in QR Code Generator
* CVE-2022-1128: Inappropriate implementation in Web Share API
* CVE-2022-1129: Inappropriate implementation in Full Screen Mode
* CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
* CVE-2022-1131: Use after free in Cast UI
* CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
* CVE-2022-1133: Use after free in WebRTC
* CVE-2022-1134: Type Confusion in V8
* CVE-2022-1135: Use after free in Shopping Cart
* CVE-2022-1136: Use after free in Tab Strip
* CVE-2022-1137: Inappropriate implementation in Extensions
* CVE-2022-1138: Inappropriate implementation in Web Cursor
* CVE-2022-1139: Inappropriate implementation in Background Fetch API
* CVE-2022-1141: Use after free in File Manager
* CVE-2022-1142: Heap buffer overflow in WebUI
* CVE-2022-1143: Heap buffer overflow in WebUI
* CVE-2022-1144: Use after free in WebUI
* CVE-2022-1145: Use after free in Extensions
* CVE-2022-1146: Inappropriate implementation in Resource Timing- Added patches:
* chromium-100-compiler.patch
* chromium-100-GLImplementationParts-constexpr.patch
* chromium-100-InMilliseconds-constexpr.patch
* chromium-100-SCTHashdanceMetadata-move.patch
* chromium-100-macro-typo.patch- Removed patches:
* chromium-98-compiler.patch
* chromium-86-nearby-explicit.patch
* chromium-glibc-2.34.patch
* chromium-v8-missing-utility-include.patch
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* Tue Mar 29 2022 Andreas Schwab - Update disk constraints
* Sat Mar 26 2022 Andreas Stieger - Chromium 99.0.4844.84:
* CVE-2022-1096: Type Confusion in V8 (boo#1197552)
* Mon Mar 21 2022 Andreas Stieger - Chromium 99.0.4844.82:
* Fix potential problem in Hangouts (boo#1197332)
* Wed Mar 16 2022 Andreas Stieger - Chromium 99.0.4844.74 (boo#1197163)
* CVE-2022-0971: Use after free in Blink Layout
* CVE-2022-0972: Use after free in Extensions
* CVE-2022-0973: Use after free in Safe Browsing
* CVE-2022-0974: Use after free in Splitscreen
* CVE-2022-0975: Use after free in ANGLE
* CVE-2022-0976: Heap buffer overflow in GPU
* CVE-2022-0977: Use after free in Browser UI
* CVE-2022-0978: Use after free in ANGLE
* CVE-2022-0979: Use after free in Safe Browsing
* CVE-2022-0980: Use after free in New Tab Page
* Various fixes from internal audits, fuzzing and other initiatives
* Fri Mar 04 2022 Callum Farmer - Chromium 99.0.4844.51 (boo#1196641)
* CVE-2022-0789: Heap buffer overflow in ANGLE
* CVE-2022-0790: Use after free in Cast UI
* CVE-2022-0791: Use after free in Omnibox
* CVE-2022-0792: Out of bounds read in ANGLE
* CVE-2022-0793: Use after free in Views
* CVE-2022-0794: Use after free in WebShare
* CVE-2022-0795: Type Confusion in Blink Layout
* CVE-2022-0796: Use after free in Media
* CVE-2022-0797: Out of bounds memory access in Mojo
* CVE-2022-0798: Use after free in MediaStream
* CVE-2022-0799: Insufficient policy enforcement in Installer
* CVE-2022-0800: Heap buffer overflow in Cast UI
* CVE-2022-0801: Inappropriate implementation in HTML parser
* CVE-2022-0802: Inappropriate implementation in Full screen mode
* CVE-2022-0803: Inappropriate implementation in Permissions
* CVE-2022-0804: Inappropriate implementation in Full screen mode
* CVE-2022-0805: Use after free in Browser Switcher
* CVE-2022-0806: Data leak in Canvas
* CVE-2022-0807: Inappropriate implementation in Autofill
* CVE-2022-0808: Use after free in Chrome OS Shell
* CVE-2022-0809: Out of bounds memory access in WebXR- Removed patches:
* chromium-96-EnumTable-crash.patch
* chromium-89-missing-cstring-header.patch
* chromium-95-libyuv-aarch64.patch
* chromium-95-libyuv-arm.patch
* chromium-98-MiraclePtr-gcc-ice.patch
* chromium-98-WaylandFrameManager-check.patch- Added patches:
* chromium-97-arm-tflite-cast.patch
* chromium-98-gtk4-build.patch
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* chromium-98-EnumTable-crash.patch
* chromium-third_party-symbolize-missing-include.patch
* chromium-v8-missing-utility-include.patch
* Tue Feb 15 2022 Andreas Stieger - Chromium 98.0.4758.102 (boo#1195986)
* CVE-2022-0603: Use after free in File Manager
* CVE-2022-0604: Heap buffer overflow in Tab Groups
* CVE-2022-0605: Use after free in Webstore API
* CVE-2022-0606: Use after free in ANGLE
* CVE-2022-0607: Use after free in GPU
* CVE-2022-0608: Integer overflow in Mojo
* CVE-2022-0609: Use after free in Animation
* CVE-2022-0610: Inappropriate implementation in Gamepad API
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 03 2022 Andreas Stieger - Chromium 98.0.4758.80 (boo#1195420)
* CVE-2022-0452: Use after free in Safe Browsing
* CVE-2022-0453: Use after free in Reader Mode
* CVE-2022-0454: Heap buffer overflow in ANGLE
* CVE-2022-0455: Inappropriate implementation in Full Screen Mode
* CVE-2022-0456: Use after free in Web Search
* CVE-2022-0457: Type Confusion in V8
* CVE-2022-0459: Use after free in Screen Capture
* CVE-2022-0460: Use after free in Window Dialog
* CVE-2022-0461: Policy bypass in COOP
* CVE-2022-0462: Inappropriate implementation in Scroll
* CVE-2022-0463: Use after free in Accessibility
* CVE-2022-0464: Use after free in Accessibility
* CVE-2022-0465: Use after free in Extensions
* CVE-2022-0466: Inappropriate implementation in Extensions Platform
* CVE-2022-0467: Inappropriate implementation in Pointer Lock
* CVE-2022-0468: Use after free in Payments
* CVE-2022-0469: Use after free in Cast
* CVE-2022-0470: Out of bounds memory access in V8
* Various fixes from internal audits, fuzzing and other initiatives- drop upstreamed patches:
* chromium-97-Point-constexpr.patch- add patches:
* chromium-98-MiraclePtr-gcc-ice.patch
* chromium-98-WaylandFrameManager-check.patch- change chromium-97-compiler.patch to chromium-98-compiler.patch
* Fri Jan 21 2022 Andreas Stieger - Chromium 97.0.4692.99 (boo#1194919):
* CVE-2022-0289: Use after free in Safe browsing
* CVE-2022-0290: Use after free in Site isolation
* CVE-2022-0291: Inappropriate implementation in Storage
* CVE-2022-0292: Inappropriate implementation in Fenced Frames
* CVE-2022-0293: Use after free in Web packaging
* CVE-2022-0294: Inappropriate implementation in Push messaging
* CVE-2022-0295: Use after free in Omnibox
* CVE-2022-0296: Use after free in Printing
* CVE-2022-0297: Use after free in Vulkan
* CVE-2022-0298: Use after free in Scheduling
* CVE-2022-0300: Use after free in Text Input Method Editor
* CVE-2022-0301: Heap buffer overflow in DevTools
* CVE-2022-0302: Use after free in Omnibox
* CVE-2022-0303: Race in GPU Watchdog
* CVE-2022-0304: Use after free in Bookmarks
* CVE-2022-0305: Inappropriate implementation in Service Worker API
* CVE-2022-0306: Heap buffer overflow in PDFium
* CVE-2022-0307: Use after free in Optimization Guide
* CVE-2022-0308: Use after free in Data Transfer
* CVE-2022-0309: Inappropriate implementation in Autofill
* CVE-2022-0310: Heap buffer overflow in Task Manager
* CVE-2022-0311: Heap buffer overflow in Task Manager
* Various fixes from internal audits, fuzzing and other initiatives- drop upstreamed patches:
* fix-tag-dragging-in-Mutter.patch
* fix-tag-dragging-in-KWin.patch
* Thu Jan 20 2022 Callum Farmer - Revert chromium-94-ffmpeg-roll.patch on TW: fix moved to FFmpeg
* Tue Jan 11 2022 Callum Farmer - Chromium 97.0.4692.71 (boo#1194331):
* CVE-2022-0096: Use after free in Storage
* CVE-2022-0097: Inappropriate implementation in DevTools
* CVE-2022-0098: Use after free in Screen Capture
* CVE-2022-0099: Use after free in Sign-in
* CVE-2022-0100: Heap buffer overflow in Media streams API
* CVE-2022-0101: Heap buffer overflow in Bookmarks
* CVE-2022-0102: Type Confusion in V8
* CVE-2022-0103: Use after free in SwiftShader
* CVE-2022-0104: Heap buffer overflow in ANGLE
* CVE-2022-0105: Use after free in PDF
* CVE-2022-0106: Use after free in Autofill
* CVE-2022-0107: Use after free in File Manager API
* CVE-2022-0108: Inappropriate implementation in Navigation
* CVE-2022-0109: Inappropriate implementation in Autofill
* CVE-2022-0110: Incorrect security UI in Autofill
* CVE-2022-0111: Inappropriate implementation in Navigation
* CVE-2022-0112: Incorrect security UI in Browser UI
* CVE-2022-0113: Inappropriate implementation in Blink
* CVE-2022-0114: Out of bounds memory access in Web Serial
* CVE-2022-0115: Uninitialized Use in File API
* CVE-2022-0116: Inappropriate implementation in Compositing
* CVE-2022-0117: Policy bypass in Service Workers
* CVE-2022-0118: Inappropriate implementation in WebShare
* CVE-2022-0120: Inappropriate implementation in Passwords- Removed patches:
* chromium-96-CommandLine-include.patch
* chromium-96-RestrictedCookieManager-tuple.patch
* chromium-96-DrmRenderNodePathFinder-include.patch
* chromium-96-CouponDB-include.patch
* chromium-96-freetype-unbundle.patch
* chromium-96-compiler.patch
* chromium-vaapi.patch
* chromium-86-nearby-include.patch- Added patches:
* chromium-97-compiler.patch
* chromium-97-Point-constexpr.patch
* chromium-97-ScrollView-reference.patch
* chromium-95-libyuv-arm.patch
* fix-tag-dragging-in-KWin.patch
* fix-tag-dragging-in-Mutter.patch
* Thu Dec 30 2021 Callum Farmer - Revert wayland fixes because it doesn\'t handle GPU correctly (boo#1194182)
* Thu Dec 30 2021 Martin Liška - Use GCC 11, but disable LTO (boo#1194055).
* Wed Dec 29 2021 Callum Farmer - Use our own copy of the wrapper so that we can use the fixes for Wayland
* Sun Dec 26 2021 Callum Farmer - Define GNU_SOURCE and fix the below patched issues- Removed patches:
* chromium-86-f_seal.patch
* chromium-90-fseal.patch
* Fri Dec 24 2021 Callum Farmer - Added patches:
* chromium-96-freetype-unbundle.patch
* chromium-96-EnumTable-crash.patch- Unbundle freetype on TW- Unbundle icu on 15.4- Disable lto and update _constraints on aarch64- Remove MEIPreload: it gets installed through component updater
* Wed Dec 15 2021 Callum Farmer - Revert to gcc10 on TW: gcc11 is entirely broken- No auto thread LTO: linker crash on ARM
* Tue Dec 14 2021 Andreas Stieger - Chromium 96.0.4664.110 (boo#1193713):
* CVE-2021-4098: Insufficient data validation in Mojo
* CVE-2021-4099: Use after free in Swiftshader
* CVE-2021-4100: Object lifecycle issue in ANGLE
* CVE-2021-4101: Heap buffer overflow in Swiftshader
* CVE-2021-4102: Use after free in V8
* Thu Dec 09 2021 Callum Farmer - Lord of the Browsers: The Two Compilers:
* Go back to GCC
* GCC: LTO removes needed assembly symbols
* Clang: issues with libstdc++- Chromium 96.0.4664.93 (boo#1193519):
* CVE-2021-4052: Use after free in web apps
* CVE-2021-4053: Use after free in UI
* CVE-2021-4079: Out of bounds write in WebRTC
* CVE-2021-4054: Incorrect security UI in autofill
* CVE-2021-4078: Type confusion in V8
* CVE-2021-4055: Heap buffer overflow in extensions
* CVE-2021-4056: Type Confusion in loader
* CVE-2021-4057: Use after free in file API
* CVE-2021-4058: Heap buffer overflow in ANGLE
* CVE-2021-4059: Insufficient data validation in loader
* CVE-2021-4061: Type Confusion in V8
* CVE-2021-4062: Heap buffer overflow in BFCache
* CVE-2021-4063: Use after free in developer tools
* CVE-2021-4064: Use after free in screen capture
* CVE-2021-4065: Use after free in autofill
* CVE-2021-4066: Integer underflow in ANGLE
* CVE-2021-4067: Use after free in window manager
* CVE-2021-4068: Insufficient validation of untrusted input in new tab page- Chromium 96.0.4664.45 (boo#1192734):
* CVE-2021-38007: Type Confusion in V8
* CVE-2021-38008: Use after free in media
* CVE-2021-38009: Inappropriate implementation in cache
* CVE-2021-38006: Use after free in storage foundation
* CVE-2021-38005: Use after free in loader
* CVE-2021-38010: Inappropriate implementation in service workers
* CVE-2021-38011: Use after free in storage foundation
* CVE-2021-38012: Type Confusion in V8
* CVE-2021-38013: Heap buffer overflow in fingerprint recognition
* CVE-2021-38014: Out of bounds write in Swiftshader
* CVE-2021-38015: Inappropriate implementation in input
* CVE-2021-38016: Insufficient policy enforcement in background fetch
* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
* CVE-2021-38018: Inappropriate implementation in navigation
* CVE-2021-38019: Insufficient policy enforcement in CORS
* CVE-2021-38020: Insufficient policy enforcement in contacts picker
* CVE-2021-38021: Inappropriate implementation in referrer
* CVE-2021-38022: Inappropriate implementation in WebAuthentication- Removed old patches:
* chromium-95-compiler.patch
* chromium-95-BitstreamReader-namespace.patch
* chromium-95-system-zlib.patch
* chromium-older-harfbuzz.patch
* pipewire-do-not-typecheck-the-portal-session_handle.patch- Removed build breaking patches:
* chromium-93-EnumTable-crash.patch- Added patches:
* chromium-96-compiler.patch
* chromium-96-CommandLine-include.patch
* chromium-96-RestrictedCookieManager-tuple.patch
* chromium-96-DrmRenderNodePathFinder-include.patch
* chromium-96-CouponDB-include.patch- Changed patches:
* gcc-enable-lto.patch: see above
* Fri Nov 19 2021 Callum Farmer - Ensure newer libs and LLVM is used on Leap (boo#1192310)
* Wed Nov 17 2021 Steve Kowalik - Explicitly BuildRequire python3-six.
* Sun Oct 31 2021 Andreas Stieger - Chromium 95.0.4638.69 (boo#1192184):
* CVE-2021-37997: Use after free in Sign-In
* CVE-2021-37998: Use after free in Garbage Collection
* CVE-2021-37999: Insufficient data validation in New Tab Page
* CVE-2021-38000: Insufficient validation of untrusted input in Intents
* CVE-2021-38001: Type Confusion in V8
* CVE-2021-38002: Use after free in Web Transport
* CVE-2021-38003: Inappropriate implementation in V8
* Sun Oct 24 2021 Callum Farmer - Chromium 95.0.4638.54 (boo#1191844):
* CVE-2021-37981: Heap buffer overflow in Skia
* CVE-2021-37982: Use after free in Incognito
* CVE-2021-37983: Use after free in Dev Tools
* CVE-2021-37984: Heap buffer overflow in PDFium
* CVE-2021-37985: Use after free in V8
* CVE-2021-37986: Heap buffer overflow in Settings
* CVE-2021-37987: Use after free in Network APIs
* CVE-2021-37988: Use after free in Profiles
* CVE-2021-37989: Inappropriate implementation in Blink
* CVE-2021-37990: Inappropriate implementation in WebView
* CVE-2021-37991: Race in V8
* CVE-2021-37992: Out of bounds read in WebAudio
* CVE-2021-37993: Use after free in PDF Accessibility
* CVE-2021-37996: Insufficient validation of untrusted input in Downloads
* CVE-2021-37994: Inappropriate implementation in iFrame Sandbox
* CVE-2021-37995: Inappropriate implementation in WebApp Installer- Added patches:
* chromium-95-BitstreamReader-namespace.patch
* chromium-95-compiler.patch
* chromium-95-libyuv-aarch64.patch
* chromium-95-quiche-include.patch
* chromium-95-system-zlib.patch- Removed patches:
* chromium-94-compiler.patch
* chromium-91-libyuv-aarch64.patch
* chromium-90-ruy-include.patch
* chromium-94-CustomSpaces-include.patch
* Sat Oct 16 2021 Callum Farmer - Remove Python 2 requirement
* Sat Oct 09 2021 Callum Farmer - Disable DCHECK(): that\'s for debug only
* Sat Oct 09 2021 Callum Farmer - Add pipewire-do-not-typecheck-the-portal-session_handle.patch: fix WebRTC with xdg-desktop-portal 1.10
* Fri Oct 08 2021 Callum Farmer - Chromium 94.0.4606.81 (boo#1191463):
* CVE-2021-37977: Use after free in Garbage Collection
* CVE-2021-37978: Heap buffer overflow in Blink
* CVE-2021-37979: Heap buffer overflow in WebRTC
* CVE-2021-37980: Inappropriate implementation in Sandbox- Re-add after accidental deletion:
* chromium-93-InkDropHost-crash.patch
* Sun Oct 03 2021 Callum Farmer - Chromium 94.0.4606.54 (boo#1190765):
* CVE-2021-37956: Use after free in Offline use
* CVE-2021-37957: Use after free in WebGPU
* CVE-2021-37958: Inappropriate implementation in Navigation
* CVE-2021-37959: Use after free in Task Manager
* CVE-2021-37960: Inappropriate implementation in Blink graphics
* CVE-2021-37961: Use after free in Tab Strip
* CVE-2021-37962: Use after free in Performance Manager
* CVE-2021-37963: Side-channel information leakage in DevTools
* CVE-2021-37964: Inappropriate implementation in ChromeOS Networking
* CVE-2021-37965: Inappropriate implementation in Background Fetch API
* CVE-2021-37966: Inappropriate implementation in Compositing
* CVE-2021-37967: Inappropriate implementation in Background Fetch API
* CVE-2021-37968: Inappropriate implementation in Background Fetch API
* CVE-2021-37969: Inappropriate implementation in Google Updater
* CVE-2021-37970: Use after free in File System API
* CVE-2021-37971: Incorrect security UI in Web Browser UI
* CVE-2021-37972: Out of bounds read in libjpeg-turbo- Chromium 94.0.4606.61 (boo#1191166):
* CVE-2021-37973: Use after free in Portals- Chromium 94.0.4606.71 (boo#1191204):
* CVE-2021-37974 : Use after free in Safe Browsing
* CVE-2021-37975 : Use after free in V8
* CVE-2021-37976 : Information leak in core- Added patches:
* chromium-94-CustomSpaces-include.patch
* chromium-94-sql-no-assert.patch
* chromium-older-harfbuzz.patch
* chromium-94-ffmpeg-roll.patch
* chromium-94-compiler.patch- Removed patches:
* chromium-freetype-2.11.patch
* chromium-93-ContextSet-permissive.patch
* chromium-93-ClassProperty-include.patch
* chromium-93-BluetoothLowEnergyScanFilter-include.patch
* chromium-93-HashPasswordManager-include.patch
* chromium-93-pdfium-include.patch
* chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
* chromium-93-FormForest-constexpr.patch
* chromium-93-ScopedTestDialogAutoConfirm-include.patch
* chromium-93-InkDropHost-crash.patch
* chromium-91-compiler.patch
* chromium-glibc-2.33.patch
* chromium-shim_headers.patch
* Sat Sep 18 2021 Callum Farmer - Add patch to fix Leap 15.2 build:
* chromium-ffmpeg-lp152.patch- Change system-libdrm.patch: add to unbundle instead of changing header path
* Wed Sep 15 2021 Callum Farmer - Chromium 93.0.4577.63 (boo#1190096):
* CVE-2021-30606: Use after free in Blink
* CVE-2021-30607: Use after free in Permissions
* CVE-2021-30608: Use after free in Web Share
* CVE-2021-30609: Use after free in Sign-In
* CVE-2021-30610: Use after free in Extensions API
* CVE-2021-30611: Use after free in WebRTC
* CVE-2021-30612: Use after free in WebRTC
* CVE-2021-30613: Use after free in Base internals
* CVE-2021-30614: Heap buffer overflow in TabStrip
* CVE-2021-30615: Cross-origin data leak in Navigation
* CVE-2021-30616: Use after free in Media
* CVE-2021-30617: Policy bypass in Blink
* CVE-2021-30618: Inappropriate implementation in DevTools
* CVE-2021-30619: UI Spoofing in Autofill
* CVE-2021-30620: Insufficient policy enforcement in Blink
* CVE-2021-30621: UI Spoofing in Autofill
* CVE-2021-30622: Use after free in WebApp Installs
* CVE-2021-30623: Use after free in Bookmarks
* CVE-2021-30624: Use after free in Autofill- Chromium 93.0.4577.82 (boo#1190476):
* CVE-2021-30625: Use after free in Selection API
* CVE-2021-30626: Out of bounds memory access in ANGLE
* CVE-2021-30627: Type Confusion in Blink layout
* CVE-2021-30628: Stack buffer overflow in ANGLE
* CVE-2021-30629: Use after free in Permissions
* CVE-2021-30630: Inappropriate implementation in Blink
* CVE-2021-30631: Type Confusion in Blink layout
* CVE-2021-30632: Out of bounds write in V8
* CVE-2021-30633: Use after free in Indexed DB API- Removed patches:
* chromium-88-gcc-fix-swiftshader-libEGL-visibility.patch
* chromium-92-v8-constexpr.patch
* chromium-no-writeprotection.patch
* chromium-92-EnumTable-crash.patch- Added patches:
* chromium-93-ContextSet-permissive.patch
* chromium-93-ClassProperty-include.patch
* chromium-93-BluetoothLowEnergyScanFilter-include.patch
* chromium-93-HashPasswordManager-include.patch
* chromium-93-pdfium-include.patch
* chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
* chromium-93-FormForest-constexpr.patch
* chromium-93-ScopedTestDialogAutoConfirm-include.patch
* chromium-93-InkDropHost-crash.patch
* chromium-93-ffmpeg-4.4.patch
* chromium-93-EnumTable-crash.patch
* Sun Aug 29 2021 Callum Farmer - Updated chromium-glibc-2.34.patch: Fix PTHREAD_STACK_MIN errors with glibc 2.34
* Tue Aug 17 2021 Andreas Stieger - Chromium 92.0.4515.159 (boo#1189490):
* CVE-2021-30598: Type Confusion in V8
* CVE-2021-30599: Type Confusion in V8
* CVE-2021-30600: Use after free in Printing
* CVE-2021-30601: Use after free in Extensions API
* CVE-2021-30602: Use after free in WebRTC
* CVE-2021-30603: Race in WebAudio
* CVE-2021-30604: Use after free in ANGLE
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Aug 15 2021 Callum Farmer - Add missing crashpad_handler (boo#1189254)
* Fri Aug 06 2021 Callum Farmer - Chromium 92.0.4515.131 (boo#1189006)
* CVE-2021-30590: Heap buffer overflow in Bookmarks
* CVE-2021-30591: Use after free in File System API
* CVE-2021-30592: Out of bounds write in Tab Groups
* CVE-2021-30593: Out of bounds read in Tab Strip
* CVE-2021-30594: Use after free in Page Info UI
* CVE-2021-30596: Incorrect security UI in Navigation
* CVE-2021-30597: Use after free in Browser UI- Removed patches:
* chromium-92-GetUsableSize-nullptr.patch- Added patches:
* chromium-no-writeprotection.patch
* chromium-glibc-2.34.patch
* Sun Aug 01 2021 Callum Farmer - Chromium 92.0.4515.107 (boo#1188590)
* CVE-2021-30565: Out of bounds write in Tab Groups
* CVE-2021-30566: Stack buffer overflow in Printing
* CVE-2021-30567: Use after free in DevTools
* CVE-2021-30568: Heap buffer overflow in WebGL
* CVE-2021-30569: Use after free in sqlite
* CVE-2021-30571: Insufficient policy enforcement in DevTools
* CVE-2021-30572: Use after free in Autofill
* CVE-2021-30573: Use after free in GPU
* CVE-2021-30574: Use after free in protocol handling
* CVE-2021-30575: Out of bounds read in Autofill
* CVE-2021-30576: Use after free in DevTools
* CVE-2021-30577: Insufficient policy enforcement in Installer
* CVE-2021-30578: Uninitialized Use in Media
* CVE-2021-30579: Use after free in UI framework
* CVE-2021-30581: Use after free in DevTools
* CVE-2021-30582: Inappropriate implementation in Animation
* CVE-2021-30584: Incorrect security UI in Downloads
* CVE-2021-30585: Use after free in sensor handling
* CVE-2021-30588: Type Confusion in V8
* CVE-2021-30589: Insufficient validation of untrusted input in Sharing- Switched from GCC+LTO to Clang+ThinLTO due to errors- Removed patches:
* chromium-90-compiler.patch
* chromium-89-EnumTable-crash.patch
* chromium-86-ConsumeDurationNumber-constexpr.patch
* chromium-lp152-missing-includes.patch
* chromium-91-GCC_fix_vector_types_in_pcscan.patch
* chromium-91-system-icu.patch
* chromium-91-1190561-boo1186948.patch- Added patches:
* chromium-91-compiler.patch
* chromium-92-EnumTable-crash.patch
* chromium-92-v8-constexpr.patch
* chromium-92-GetUsableSize-nullptr.patch
* chromium-freetype-2.11.patch
* chromium-clang-nomerge.patch
* Sat Jul 17 2021 Andreas Stieger - chromium 91.0.4472.164 (boo#1188373)
* CVE-2021-30559: Out of bounds write in ANGLE
* CVE-2021-30541: Use after free in V8
* CVE-2021-30560: Use after free in Blink XSLT
* CVE-2021-30561: Type Confusion in V8
* CVE-2021-30562: Use after free in WebSerial
* CVE-2021-30563: Type Confusion in V8
* CVE-2021-30564: Heap buffer overflow in WebXR
* Various fixes from internal audits, fuzzing and other initiatives
* Mon Jul 05 2021 Callum Farmer - Add chromium-91-sql-standard-layout-type.patch: to fix SQL being incorrect with libstdc++ 11
* Mon Jun 21 2021 Andreas Stieger - fix crash upon exit boo#1186948 add chromium-91-1190561-boo1186948.patch
* Fri Jun 18 2021 Andreas Stieger - Chromium 91.0.4472.114 (boo#1187481)
* CVE-2021-30554: Use after free in WebGL
* CVE-2021-30555: Use after free in Sharing
* CVE-2021-30556: Use after free in WebAudio
* CVE-2021-30557: Use after free in TabGroups
* Wed Jun 16 2021 Andreas Stieger - Chromium 91.0.4472.106
* Fix use-after-free in SendTabToSelfSubMenuModel
* Destroy system-token NSSCertDatabase on the IO thread
* Wed Jun 09 2021 Andreas Stieger - Chromium 91.0.4472.101 (boo#1187141)
* CVE-2021-30544: Use after free in BFCache
* CVE-2021-30545: Use after free in Extensions
* CVE-2021-30546: Use after free in Autofill
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-30548: Use after free in Loader
* CVE-2021-30549: Use after free in Spell check
* CVE-2021-30550: Use after free in Accessibility
* CVE-2021-30551: Type Confusion in V8
* CVE-2021-30552: Use after free in Extensions
* CVE-2021-30553: Use after free in Network service
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Jun 03 2021 Callum Farmer - Add README.SUSE- Fix aarch64 build:
* chromium-91-libyuv-aarch64.patch
* Update highway to 0.12.2 (arm only)- Add -flax-vector-conversions to build flags
* Thu May 27 2021 Andreas Stieger - Chromium 91.0.4472.77 (boo#1186458):
* Support Managed configuration API for Web Applications
* WebOTP API: cross-origin iframe support
* CSS custom counter styles
* Support JSON Modules
* Clipboard: read-only files support
* Remove webkitBeforeTextInserted & webkitEditableCOntentChanged JS events
* Honor media HTML attribute for link icon
* Import Assertions
* Class static initializer blocks
* Ergonomic brand checks for private fields
* Expose WebAssembly SIMD
* New Feature: WebTransport
* ES Modules for service workers (\'module\' type option)
* Suggested file name and location for the File System Access API
* adaptivePTime property for RTCRtpEncodingParameters
* Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack
* Support WebSockets over HTTP/2
* Support 103 Early Hints for Navigation
* CVE-2021-30521: Heap buffer overflow in Autofill
* CVE-2021-30522: Use after free in WebAudio
* CVE-2021-30523: Use after free in WebRTC
* CVE-2021-30524: Use after free in TabStrip
* CVE-2021-30525: Use after free in TabGroups
* CVE-2021-30526: Out of bounds write in TabStrip
* CVE-2021-30527: Use after free in WebUI
* CVE-2021-30528: Use after free in WebAuthentication
* CVE-2021-30529: Use after free in Bookmarks
* CVE-2021-30530: Out of bounds memory access in WebAudio
* CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
* CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
* CVE-2021-30535: Double free in ICU
* CVE-2021-21212: Insufficient data validation in networking
* CVE-2021-30536: Out of bounds read in V8
* CVE-2021-30537: Insufficient policy enforcement in cookies
* CVE-2021-30538: Insufficient policy enforcement in content security policy
* CVE-2021-30539: Insufficient policy enforcement in content security policy
* CVE-2021-30540: Incorrect security UI in payments
* Various fixes from internal audits, fuzzing and other initiatives
* drop chromium-90-TokenizedOutput-include.patch
* drop chromium-90-CrossThreadCopier-qualification.patch
* drop chromium-90-quantization_utils-include.patch
* drop chromium-90-angle-constexpr.patch
* add chromium-91-java-only-allowed-in-android-builds.patch
* add chromium-91-GCC_fix_vector_types_in_pcscan.patch
* add chromium-91-system-icu.patch
* Mon May 17 2021 Marcus Meissner - use asimdrdm CPU flag for aarch64 to select only more powerful buildhosts.
* Tue May 11 2021 Andreas Stieger - Chromium 90.0.4430.212 (boo#1185908)
* CVE-2021-30506: Incorrect security UI in Web App Installs
* CVE-2021-30507: Inappropriate implementation in Offline
* CVE-2021-30508: Heap buffer overflow in Media Feeds
* CVE-2021-30509: Out of bounds write in Tab Strip
* CVE-2021-30510: Race in Aura
* CVE-2021-30511: Out of bounds read in Tab Group
* CVE-2021-30512: Use after free in Notifications
* CVE-2021-30513: Type Confusion in V8
* CVE-2021-30514: Use after free in Autofill
* CVE-2021-30515: Use after free in File API
* CVE-2021-30516: Heap buffer overflow in History
* CVE-2021-30517: Type Confusion in V8
* CVE-2021-30518: Heap buffer overflow in Reader Mode
* CVE-2021-30519: Use after free in Payments
* CVE-2021-30520: Use after free in Tab Strip- FTP support disabled at runtime by default since release 88. Chromium 91 will remove support for ftp altogether (boo#1185496)
* Thu May 06 2021 Callum Farmer
* Patch change
*- Fix build with GCC 11 again (bsc#1185716)- Remove chromium-88-compiler.patch- Remove chromium-90-cstdint.patch- Remove chromium-90-gslang-linkage-fixup.patch- Added chromium-90-compiler.patch- Added chromium-90-angle-constexpr.patch- Added chromium-90-TokenizedOutput-include.patch- Added chromium-90-ruy-include.patch- Added chromium-90-CrossThreadCopier-qualification.patch- Added chromium-90-quantization_utils-include.patch
* Wed Apr 28 2021 Marcus Meissner - Chromium 90.0.4430.93 (boo#1185398): - CVE-2021-21227: Insufficient data validation in V8. - CVE-2021-21232: Use after free in Dev Tools. - CVE-2021-21233: Heap buffer overflow in ANGLE. - CVE-2021-21228: Insufficient policy enforcement in extensions. - CVE-2021-21229: Incorrect security UI in downloads. - CVE-2021-21230: Type Confusion in V8. - CVE-2021-21231: Insufficient data validation in V8. - Reference: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
* Wed Apr 21 2021 Andreas Stieger - Chromium 90.0.4430.85 (boo#1185047):
* CVE-2021-21222: Heap buffer overflow in V8
* CVE-2021-21223: Integer overflow in Mojo
* CVE-2021-21224: Type Confusion in V8
* CVE-2021-21225: Out of bounds memory access in V8
* CVE-2021-21226: Use after free in navigation- Chromium 90.0.4430.72 (boo#1184764):
* CVE-2021-21201: Use after free in permissions
* CVE-2021-21202: Use after free in extensions
* CVE-2021-21203: Use after free in Blink
* CVE-2021-21204: Use after free in Blink
* CVE-2021-21205: Insufficient policy enforcement in navigation
* CVE-2021-21221: Insufficient validation of untrusted input in Mojo
* CVE-2021-21207: Use after free in IndexedDB
* CVE-2021-21208: Insufficient data validation in QR scanner
* CVE-2021-21209: Inappropriate implementation in storage
* CVE-2021-21210: Inappropriate implementation in Network
* CVE-2021-21211: Inappropriate implementation in Navigatio
* CVE-2021-21212: Incorrect security UI in Network Config UI
* CVE-2021-21213: Use after free in WebMIDI
* CVE-2021-21214: Use after free in Network API
* CVE-2021-21215: Inappropriate implementation in Autofill
* CVE-2021-21216: Inappropriate implementation in Autofill
* CVE-2021-21217: Uninitialized Use in PDFium
* CVE-2021-21218: Uninitialized Use in PDFium
* CVE-2021-21219: Uninitialized Use in PDFiu
* drop chromium-89-quiche-private.patch
* drop chromium-89-quiche-dcheck.patch
* drop chromium-89-skia-CropRect.patch
* drop chromium-89-dawn-include.patch
* drop chromium-89-webcodecs-deps.patch
* drop chromium-89-AXTreeSerializer-include.patch
* drop libva-2.11.patch
* drop libva-2.11-nolegacy.patch
* drop chromium-84-blink-disable-clang-format.patch- chromium-90-gslang-linkage-fixup.patch: fixed a weird static/nonpic error- chromium-90-cstdint.patch: some cstd includes added- chromium-90-fseal.patch: F_SEAL defines added
* Wed Apr 14 2021 Andreas Stieger - Chromium 89.0.4389.128 (boo#1184700):
* CVE-2021-21206: Use after free in blink
* CVE-2021-21220: Insufficient validation of untrusted input in v8 for x86_64
* Sat Apr 03 2021 Callum Farmer - Update to 89.0.4389.114 bsc#1184256 - CVE-2021-21194: Use after free in screen capture - CVE-2021-21195: Use after free in V8 - CVE-2021-21196: Heap buffer overflow in TabStrip - CVE-2021-21197: Heap buffer overflow in TabStrip - CVE-2021-21198: Out of bounds read in IPC - CVE-2021-21199: Use Use after free in Aura- Add libva-2.11.patch to fix build with libva <2.11- Add libva-2.11-nolegacy.patch to fix build with libva 2.11- Remove x11-ozone-fix-two-edge-cases.patch
* Mon Mar 15 2021 Callum Farmer - Update to 89.0.4389.90 bsc#1183515 - CVE-2021-21191: Use after free in WebRTC. - CVE-2021-21192: Heap buffer overflow in tab groups. - CVE-2021-21193: Use after free in Blink.
* Thu Mar 11 2021 Callum Farmer - Update to 89.0.4389.82- Add x11-ozone-fix-two-edge-cases.patch to fix tab drag errors
* Fri Mar 05 2021 Callum Farmer - Update to 89.0.4389.72 bsc#1182960 - CVE-2021-21159: Heap buffer overflow in TabStrip. - CVE-2021-21160: Heap buffer overflow in WebAudio. - CVE-2021-21161: Heap buffer overflow in TabStrip. - CVE-2021-21162: Use after free in WebRTC. - CVE-2021-21163: Insufficient data validation in Reader Mode. - CVE-2021-21164: Insufficient data validation in Chrome for iOS. - CVE-2021-21165: Object lifecycle issue in audio. - CVE-2021-21166: Object lifecycle issue in audio. - CVE-2021-21167: Use after free in bookmarks. - CVE-2021-21168: Insufficient policy enforcement in appcache. - CVE-2021-21169: Out of bounds memory access in V8. - CVE-2021-21170: Incorrect security UI in Loader. - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. - CVE-2021-21172: Insufficient policy enforcement in File System API. - CVE-2021-21173: Side-channel information leakage in Network Internals. - CVE-2021-21174: Inappropriate implementation in Referrer. - CVE-2021-21175: Inappropriate implementation in Site isolation. - CVE-2021-21176: Inappropriate implementation in full screen mode. - CVE-2021-21177: Insufficient policy enforcement in Autofill. - CVE-2021-21178: Inappropriate implementation in Compositing. - CVE-2021-21179: Use after free in Network Internals. - CVE-2021-21180: Use after free in tab search. - CVE-2020-27844: Heap buffer overflow in OpenJPEG. - CVE-2021-21181: Side-channel information leakage in autofill. - CVE-2021-21182: Insufficient policy enforcement in navigations. - CVE-2021-21183: Inappropriate implementation in performance APIs. - CVE-2021-21184: Inappropriate implementation in performance APIs. - CVE-2021-21185: Insufficient policy enforcement in extensions. - CVE-2021-21186: Insufficient policy enforcement in QR scanning. - CVE-2021-21187: Insufficient data validation in URL formatting. - CVE-2021-21188: Use after free in Blink. - CVE-2021-21189: Insufficient policy enforcement in payments. - CVE-2021-21190: Uninitialized Use in PDFium.- Added patches: - chromium-89-quiche-private.patch - chromium-89-quiche-dcheck.patch - chromium-89-skia-CropRect.patch - chromium-89-dawn-include.patch - chromium-89-webcodecs-deps.patch - chromium-89-EnumTable-crash.patch - chromium-shim_headers.patch - chromium-89-missing-cstring-header.patch - chromium-89-AXTreeSerializer-include.patch - chromium-88-gcc-fix-swiftshader-libEGL-visibility.patch (bsc#1182775)- Removed patches: - chromium-fix-char_traits.patch - build-with-pipewire-0.3.patch - chromium-79-gcc-protobuf-alignas.patch - chromium-87-CursorFactory-include.patch - chromium-87-openscreen-include.patch - chromium-88-vaapi-attribute.patch - chromium-88-ozone-deps.patch - chromium-87-webcodecs-deps.patch - chromium-88-ityp-include.patch - chromium-88-AXTreeFormatter-include.patch - chromium-88-BookmarkModelObserver-include.patch - chromium-88-federated_learning-include.patch - chromium-88-ideographicSpaceCharacter.patch - chromium-88-StringPool-include.patch - chromium-88-dawn-static.patch - chromium-88-CompositorFrameReporter-dcheck.patch
* Wed Feb 17 2021 Callum Farmer - Update to 88.0.4324.182 bsc#1182358 - CVE-2021-21149: Stack overflow in Data Transfer. - CVE-2021-21150: Use after free in Downloads. - CVE-2021-21151: Use after free in Payments. - CVE-2021-21152: Heap buffer overflow in Media. - CVE-2021-21153: Stack overflow in GPU Process. - CVE-2021-21154: Heap buffer overflow in Tab Strip. - CVE-2021-21155: Heap buffer overflow in Tab Strip. - CVE-2021-21156: Heap buffer overflow in V8. - CVE-2021-21157: Use after free in Web Sockets.
* Mon Feb 15 2021 Callum Farmer - Add chromium-glibc-2.33.patch: fix Sandbox with glibc 2.33 (bsc#1182233)
* Sat Feb 06 2021 Callum Farmer - Update to 88.0.4324.150 bsc#1181827 - CVE-2021-21148: Heap buffer overflow in V8
* Thu Feb 04 2021 Callum Farmer - Update to 88.0.4324.146 bsc#1181772 - CVE-2021-21142: Use after free in Payments - CVE-2021-21143: Heap buffer overflow in Extensions - CVE-2021-21144: Heap buffer overflow in Tab Groups. - CVE-2021-21145: Use after free in Fonts - CVE-2021-21146: Use after free in Navigation. - CVE-2021-21147: Inappropriate implementation in Skia
* Sat Jan 23 2021 Callum Farmer - Update to 88.0.4324.96 bsc#1181137 - CVE-2021-21117: Insufficient policy enforcement in Cryptohome - CVE-2021-21118: Insufficient data validation in V8 - CVE-2021-21119: Use after free in Media - CVE-2021-21120: Use after free in WebSQL - CVE-2021-21121: Use after free in Omnibox - CVE-2021-21122: Use after free in Blink - CVE-2021-21123: Insufficient data validation in File System API - CVE-2021-21124: Potential user after free in Speech Recognizer - CVE-2021-21125: Insufficient policy enforcement in File System API - CVE-2020-16044: Use after free in WebRTC - CVE-2021-21126: Insufficient policy enforcement in extensions - CVE-2021-21127: Insufficient policy enforcement in extensions - CVE-2021-21128: Heap buffer overflow in Blink - CVE-2021-21129: Insufficient policy enforcement in File System API - CVE-2021-21130: Insufficient policy enforcement in File System API - CVE-2021-21131: Insufficient policy enforcement in File System API - CVE-2021-21132: Inappropriate implementation in DevTools - CVE-2021-21133: Insufficient policy enforcement in Downloads - CVE-2021-21134: Incorrect security UI in Page Info - CVE-2021-21135: Inappropriate implementation in Performance API - CVE-2021-21136: Insufficient policy enforcement in WebView - CVE-2021-21137: Inappropriate implementation in DevTools - CVE-2021-21138: Use after free in DevTools - CVE-2021-21139: Inappropriate implementation in iframe sandbox - CVE-2021-21140: Uninitialized Use in USB - CVE-2021-21141: Insufficient policy enforcement in File System API- Added patches: - chromium-88-compiler.patch - chromium-88-ozone-deps.patch - chromium-88-ityp-include.patch - chromium-88-AXTreeFormatter-include.patch - chromium-88-BookmarkModelObserver-include.patch - chromium-88-federated_learning-include.patch - chromium-88-ideographicSpaceCharacter.patch - chromium-88-StringPool-include.patch - chromium-88-dawn-static.patch - chromium-88-CompositorFrameReporter-dcheck.patch- Removed patches: - gpu-timeout.patch - chromium-87-compiler.patch - chromium-87-ServiceWorkerContainerHost-crash.patch - chromium-87-ozone-deps.patch - chromium-87-v8-icu68.patch - chromium-87-icu68.patch
* Sat Jan 16 2021 Callum Farmer - Remove C++ only flags from CFLAGS- Update chromium-gcc11.patch- Comply with new Google API key rules for Derivatives
* Thu Jan 07 2021 Callum Farmer - Update to 87.0.4280.141 bsc#1180645 - CVE-2021-21106: Use after free in autofill - CVE-2021-21107: Use after free in drag and drop - CVE-2021-21108: Use after free in media - CVE-2021-21109: Use after free in payments - CVE-2021-21110: Use after free in safe browsing - CVE-2021-21111: Insufficient policy enforcement in WebUI - CVE-2021-21112: Use after free in Blink - CVE-2021-21113: Heap buffer overflow in Skia - CVE-2020-16043: Insufficient data validation in networking - CVE-2021-21114: Use after free in audio - CVE-2020-15995: Out of bounds write in V8 - CVE-2021-21115: Use after free in safe browsing - CVE-2021-21116: Heap buffer overflow in audio
* Sun Dec 20 2020 Callum Farmer - Use main URLs instead of redirects in master preferences- Remove useless %post and %postun
* Fri Dec 04 2020 Callum Farmer - Added patches: - chromium-87-icu68.patch - chromium-87-v8-icu68.patch- Update to 87.0.4280.88 bsc#1179576 - CVE-2020-16037: Use after free in clipboard - CVE-2020-16038: Use after free in media - CVE-2020-16039: Use after free in extensions - CVE-2020-16040: Insufficient data validation in V8 - CVE-2020-16041: Out of bounds read in networking - CVE-2020-16042: Uninitialized Use in V8
* Sat Nov 28 2020 Callum Farmer - Remove erroneous call to ldconfig which causes Firefox crashes (boo#1179298)
* Thu Nov 19 2020 Callum Farmer - Added patches: - chromium-gcc11.patch - chromium-86-fix-vaapi-on-intel.patch - chromium-87-compiler.patch - chromium-87-CursorFactory-include.patch - chromium-87-openscreen-include.patch - chromium-87-ozone-deps.patch - chromium-87-ServiceWorkerContainerHost-crash.patch - chromium-87-webcodecs-deps.patch - chromium-88-vaapi-attribute.patch - chromium-lp152-missing-includes.patch- Removed patches: - chromium-86-ServiceWorkerRunningInfo-noexcept.patch - chromium-86-compiler.patch - fix-invalid-end-iterator-usage-in-CookieMonster.patch - old-libva.patch- Update to 87.0.4280.66 bsc#1178923 - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies.
* Thu Nov 12 2020 Callum Farmer - Update to 86.0.4240.198 bsc#1178703 - CVE-2020-16013: Inappropriate implementation in V8 - CVE-2020-16017: Use after free in site isolation
* Wed Nov 11 2020 Callum Farmer - Update to 86.0.4240.193 bsc#1178630 - CVE-2020-16016: Inappropriate implementation in base.
* Tue Nov 03 2020 Callum Farmer - Update to 86.0.4240.183 bsc#1178375 - CVE-2020-16004: Use after free in user interface. - CVE-2020-16005: Insufficient policy enforcement in ANGLE. - CVE-2020-16006: Inappropriate implementation in V8 - CVE-2020-16007: Insufficient data validation in installer. - CVE-2020-16008: Stack buffer overflow in WebRTC. - CVE-2020-16009: Inappropriate implementation in V8. - CVE-2020-16011: Heap buffer overflow in UI on Windows.
* Thu Oct 22 2020 Marcus Meissner - Update to 86.0.4240.111 bsc#1177936 - CVE-2020-16000: Inappropriate implementation in Blink. - CVE-2020-16001: Use after free in media. - CVE-2020-16002: Use after free in PDFium. - CVE-2020-15999: Heap buffer overflow in Freetype. - CVE-2020-16003: Use after free in printing.
* Mon Oct 19 2020 Marcus Meissner - chromium-86-f_seal.patch: F_SEAL
* definitions added for leap 15.1 and 15.2- replace one missed g++-9 by g++-10 for leap 15.1/15.2
* Wed Oct 14 2020 Tomáš Chvátal - Remove vdpau->vaapi bridge as it breaks a lot: (fixes welcome by someone else than me)
* chromium-vaapi-fix.patch
* Wed Oct 14 2020 Tomáš Chvátal - Fix cookiemonster:
* fix-invalid-end-iterator-usage-in-CookieMonster.patch
* Wed Oct 14 2020 Tomáš Chvátal - Update to 86.0.4240.75 bsc#1177408:
* CVE-2020-15967: Use after free in payments.
* CVE-2020-15968: Use after free in Blink.
* CVE-2020-15969: Use after free in WebRTC.
* CVE-2020-15970: Use after free in NFC.
* CVE-2020-15971: Use after free in printing.
* CVE-2020-15972: Use after free in audio.
* CVE-2020-15990: Use after free in autofill.
* CVE-2020-15991: Use after free in password manager.
* CVE-2020-15973: Insufficient policy enforcement in extensions.
* CVE-2020-15974: Integer overflow in Blink.
* CVE-2020-15975: Integer overflow in SwiftShader.
* CVE-2020-15976: Use after free in WebXR.
* CVE-2020-6557: Inappropriate implementation in networking.
* CVE-2020-15977: Insufficient data validation in dialogs.
* CVE-2020-15978: Insufficient data validation in navigation.
* CVE-2020-15979: Inappropriate implementation in V8.
* CVE-2020-15980: Insufficient policy enforcement in Intents.
* CVE-2020-15981: Out of bounds read in audio.
* CVE-2020-15982: Side-channel information leakage in cache.
* CVE-2020-15983: Insufficient data validation in webUI.
* CVE-2020-15984: Insufficient policy enforcement in Omnibox.
* CVE-2020-15985: Inappropriate implementation in Blink.
* CVE-2020-15986: Integer overflow in media.
* CVE-2020-15987: Use after free in WebRTC.
* CVE-2020-15992: Insufficient policy enforcement in networking.
* CVE-2020-15988: Insufficient policy enforcement in downloads.
* CVE-2020-15989: Uninitialized Use in PDFium.- Add patches:
* chromium-78-protobuf-RepeatedPtrField-export.patch
* chromium-79-gcc-protobuf-alignas.patch
* chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
* chromium-86-ConsumeDurationNumber-constexpr.patch
* chromium-86-ImageMemoryBarrierData-init.patch
* chromium-86-ServiceWorkerRunningInfo-noexcept.patch
* chromium-86-compiler.patch
* chromium-86-nearby-explicit.patch
* chromium-86-nearby-include.patch- Remove patches:
* chromium-79-gcc-alignas.patch
* chromium-80-gcc-quiche.patch
* chromium-82-gcc-constexpr.patch
* chromium-83-gcc-10.patch
* chromium-84-gcc-include.patch
* chromium-84-mediaalloc.patch
* chromium-85-DelayNode-cast.patch
* chromium-85-FrameWidget-namespace.patch
* chromium-85-NearbyConnection-abstract.patch
* chromium-85-NearbyShareEncryptedMetadataKey-include.patch
* chromium-85-oscillator_node-cast.patch
* chromium-85-ostream-operator.patch
* chromium-85-ozone-include.patch
* chromium-85-sim_hash-include.patch
* chromium-blink-gcc-diagnostic-pragma.patch
* chromium-dma-buf.patch
* chromium-drm.patch
* chromium-quiche-invalid-offsetof.patch
* Sat Oct 10 2020 Andreas Stieger - build with system libevent, the gn bug is no longer present
* Wed Sep 23 2020 Tomáš Chvátal - Remove TOC files to avoid warning in post and fix angle conditional
* Tue Sep 22 2020 Tomáš Chvátal - Update to 85.0.4183.121 bsc#1176791:
* CVE-2020-15960: Out of bounds read in storage
* CVE-2020-15961: Insufficient policy enforcement in extensions
* CVE-2020-15962: Insufficient policy enforcement in serial
* CVE-2020-15963: Insufficient policy enforcement in extensions
* CVE-2020-15965: Out of bounds write in V8
* CVE-2020-15966: Insufficient policy enforcement in extensions
* CVE-2020-15964: Insufficient data validation in media
* Tue Sep 15 2020 Tomáš Chvátal - The egl stuff is from angle not swiftshader, thanks Fedora bsc#1176450
* Sat Sep 12 2020 Tomáš Chvátal - Add back the swiftshader folder wrt bsc#1176450
* Wed Sep 09 2020 Tomáš Chvátal - Update 85.0.4183.102 bsc#1176306:
* CVE-2020-6573: Use after free in video.
* CVE-2020-6574: Insufficient policy enforcement in installer.
* CVE-2020-6575: Race in Mojo.
* CVE-2020-6576: Use after free in offscreen canvas.
* CVE-2020-15959: Insufficient policy enforcement in networking.
* Tue Sep 08 2020 Tomáš Chvátal - Move swiftshader stuff to chromium folder directly bsc#1176207
* Tue Sep 01 2020 Tomáš Chvátal - Really update to .83 we accidentally included .69 beta release
* Fri Aug 28 2020 Tomáš Chvátal - Add patch trying to compile with old libdrm on Leap 15.1:
* chromium-lp151-old-drm.patch
* Thu Aug 27 2020 Tomáš Chvátal - Version update to 85.0.4183.83 bsc#1175757
* CVE-2020-6558: Insufficient policy enforcement in iOS
* CVE-2020-6559: Use after free in presentation API
* CVE-2020-6560: Insufficient policy enforcement in autofill
* CVE-2020-6561: Inappropriate implementation in Content Security Policy
* CVE-2020-6562: Insufficient policy enforcement in Blink
* CVE-2020-6563: Insufficient policy enforcement in intent handling.
* CVE-2020-6564: Incorrect security UI in permissions
* CVE-2020-6565: Incorrect security UI in Omnibox.
* CVE-2020-6566: Insufficient policy enforcement in media.
* CVE-2020-6567: Insufficient validation of untrusted input in command line handling.
* CVE-2020-6568: Insufficient policy enforcement in intent handling.
* CVE-2020-6569: Integer overflow in WebUSB.
* CVE-2020-6570: Side-channel information leakage in WebRTC.
* CVE-2020-6571: Incorrect security UI in Omnibox.- Use bundled vpx everywhere again as it fails to compile against system version- Added patches:
* chromium-85-DelayNode-cast.patch
* chromium-85-FrameWidget-namespace.patch
* chromium-85-NearbyConnection-abstract.patch
* chromium-85-NearbyShareEncryptedMetadataKey-include.patch
* chromium-85-oscillator_node-cast.patch
* chromium-85-ostream-operator.patch
* chromium-85-ozone-include.patch
* chromium-85-sim_hash-include.patch- Removed patches:
* chromium-82-gcc-template.patch
* chromium-84-AXObject-stl-iterator.patch
* chromium-84-FilePath-add-noexcept.patch
* chromium-84-base-has_bultin.patch
* chromium-84-fix-decltype.patch
* chromium-84-gcc-DOMRect-constexpr.patch
* chromium-84-gcc-noexcept.patch
* chromium-84-gcc-template.patch
* chromium-84-gcc-unique_ptr.patch
* chromium-84-gcc-use-brace-initializer.patch
* chromium-84-nss-include.patch
* chromium-84-ozone-include.patch
* chromium-84-revert-manage-ManifestManagerHost-per-document.patch
* chromium-84-std-vector-const.patch
* chromium-clang_lto_visibility_public.patch- Updated patches:
* chromium-83-gcc-10.patch
* chromium-84-gcc-include.patch
* chromium-prop-codecs.patch
* gcc-enable-lto.patch
* Thu Aug 27 2020 Tomáš Chvátal - Do not use libexec as we use /usr/lib as a target folder
* Fri Aug 21 2020 Tomáš Chvátal - Fix the build by removing expectation of llvm-7.0
* Thu Aug 20 2020 Tomáš Chvátal - Update to 84.0.4147.135 (bsc#1175505):
* CVE-2020-6556: Heap buffer overflow in SwiftShader
* Wed Aug 12 2020 Martin Liška - Add chromium-disable-parallel-gold.patch in order to disable broken parallel ld.gold with LTO.- Enable again LTO for x86_64 and increase memory constraints.- Use parallel WPA streaming, we will easily fit into memory constraints.- Remove memory_constrain hack for LTO.
* Mon Aug 10 2020 Andreas Stieger - Chromium 84.0.4147.125 (boo#1175085)
* CVE-2020-6542: Use after free in ANGLE
* CVE-2020-6543: Use after free in task scheduling
* CVE-2020-6544: Use after free in media
* CVE-2020-6545: Use after free in audio
* CVE-2020-6546: Inappropriate implementation in installer
* CVE-2020-6547: Incorrect security UI in media
* CVE-2020-6548: Heap buffer overflow in Skia
* CVE-2020-6549: Use after free in media
* CVE-2020-6550: Use after free in IndexedDB
* CVE-2020-6551: Use after free in WebXR
* CVE-2020-6552: Use after free in Blink
* CVE-2020-6553: Use after free in offline mode
* CVE-2020-6554: Use after free in extensions
* CVE-2020-6555: Out of bounds read in WebGL
* Various fixes from internal audits, fuzzing and other initiatives
* Mon Aug 10 2020 Tomáš Chvátal - Disable wayland everywhere as it breaks headless and middle mouse copy everywhere: bsc#1174497 bsc#1175044
* Mon Aug 03 2020 Andreas Stieger - Update to 84.0.4147.105 (boo#1174582):
* CVE-2020-6537: Type Confusion in V8
* CVE-2020-6538: Inappropriate implementation in WebView
* CVE-2020-6532: Use after free in SCTP
* CVE-2020-6539: Use after free in CSS
* CVE-2020-6540: Heap buffer overflow in Skia
* CVE-2020-6541: Use after free in WebUSB
* Fri Jul 17 2020 Tomáš Chvátal - Try to fix non-wayland build for Leap builds
* Thu Jul 16 2020 Tomáš Chvátal - Update to 84.0.4147.89 bsc#1174189:
* Critical CVE-2020-6510: Heap buffer overflow in background fetch.
* High CVE-2020-6511: Side-channel information leakage in content security policy.
* High CVE-2020-6512: Type Confusion in V8.
* High CVE-2020-6513: Heap buffer overflow in PDFium.
* High CVE-2020-6514: Inappropriate implementation in WebRTC.
* High CVE-2020-6515: Use after free in tab strip.
* High CVE-2020-6516: Policy bypass in CORS.
* High CVE-2020-6517: Heap buffer overflow in history.
* Medium CVE-2020-6518: Use after free in developer tools.
* Medium CVE-2020-6519: Policy bypass in CSP.
* Medium CVE-2020-6520: Heap buffer overflow in Skia.
* Medium CVE-2020-6521: Side-channel information leakage in autofill.
* Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers.
* Medium CVE-2020-6523: Out of bounds write in Skia.
* Medium CVE-2020-6524: Heap buffer overflow in WebAudio.
* Medium CVE-2020-6525: Heap buffer overflow in Skia.
* Low CVE-2020-6526: Inappropriate implementation in iframe sandbox.
* Low CVE-2020-6527: Insufficient policy enforcement in CSP.
* Low CVE-2020-6528: Incorrect security UI in basic auth.
* Low CVE-2020-6529: Inappropriate implementation in WebRTC.
* Low CVE-2020-6530: Out of bounds memory access in developer tools.
* Low CVE-2020-6531: Side-channel information leakage in scroll to text.
* Low CVE-2020-6533: Type Confusion in V8.
* Low CVE-2020-6534: Heap buffer overflow in WebRTC.
* Low CVE-2020-6535: Insufficient data validation in WebUI.
* Low CVE-2020-6536: Incorrect security UI in PWAs.- Use bundled xcb-proto as we need to generate py2 bindings- Add new patches:
* chromium-84-AXObject-stl-iterator.patch
* chromium-84-FilePath-add-noexcept.patch
* chromium-84-base-has_bultin.patch
* chromium-84-blink-disable-clang-format.patch
* chromium-84-fix-decltype.patch
* chromium-84-gcc-DOMRect-constexpr.patch
* chromium-84-gcc-include.patch
* chromium-84-gcc-noexcept.patch
* chromium-84-gcc-template.patch
* chromium-84-gcc-unique_ptr.patch
* chromium-84-gcc-use-brace-initializer.patch
* chromium-84-nss-include.patch
* chromium-84-ozone-include.patch
* chromium-84-revert-manage-ManifestManagerHost-per-document.patch
* chromium-84-std-vector-const.patch
* chromium-84.0.4147.89.tar.xz
* chromium-blink-gcc-diagnostic-pragma.patch
* chromium-clang_lto_visibility_public.patch
* chromium-quiche-invalid-offsetof.patch
* system-libdrm.patch- Remove no longer needed patches:
* chromium-81-re2-0.2020.05.01.patch
* chromium-82-gcc-incomplete-type.patch
* chromium-82-gcc-iterator.patch
* chromium-82-gcc-noexcept.patch
* chromium-83-gcc-include.patch
* chromium-83-gcc-iterator.patch
* chromium-83-gcc-permissive.patch
* chromium-83-gcc-serviceworker.patch
* chromium-83-gcc-template.patch
* chromium-83-icu67.patch
* chromium-83.0.4103.97-skia-gcc-no_sanitize-fixes.patch
* chromium-dev-shm.patch- Rebase and update patches:
* build-with-pipewire-0.3.patch
* chromium-83-gcc-10.patch
* chromium-84-mediaalloc.patch
* chromium-norar.patch
* chromium-vaapi-fix.patch
* Sun Jun 28 2020 Atri Bhattacharya - Refresh build-with-pipewire-0.3.patch to mirror similar patch by Fedora for Firefox; screen-capture wasn\'t actually working with the previous version of the patch.- Add BuildRequires: pkgconfig(libspa-2.0) when building with pipewire support to guard against potential package splitting off of pipewire-spa-devel from pipewire-devel.
* Thu Jun 25 2020 Tomáš Chvátal - Disable the LTO again as it still OOMs quite often
* Wed Jun 24 2020 Tomáš Chvátal - Add patch to work with new ffmpeg wrt bsc#1173292:
* chromium-84-mediaalloc.patch
* Tue Jun 23 2020 Tomáš Chvátal - Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue bsc#1173107 Update patch:
* no-location-leap151.patch
* Tue Jun 23 2020 Tomáš Chvátal - Add patch from Fedora to avoid attribute overrides in skia:
* chromium-83.0.4103.97-skia-gcc-no_sanitize-fixes.patch
* Tue Jun 23 2020 Tomáš Chvátal - Add patch to hopefully fix bsc#1173107:
* chromium-dev-shm.patch
* Tue Jun 23 2020 Tomáš Chvátal - Update to 83.0.4103.116 bsc#1173251:
* CVE-2020-6509: Use after free in extensions
* Fri Jun 19 2020 Tomáš Chvátal - Reduce constraints to say 20 GB disk space is enough
* Fri Jun 19 2020 Tomáš Chvátal - Disable wayland integration on 15.x bsc#1173187 bsc#1173188 bsc#1173254
* Thu Jun 18 2020 Tomáš Chvátal - Enforce to not use system borders bsc#1173063
* Wed Jun 17 2020 Tomáš Chvátal - Update to 83.0.4103.106 bsc#1173029:
* CVE-2020-6505: Use after free in speech
* CVE-2020-6506: Insufficient policy enforcement in WebView
* CVE-2020-6507: Out of bounds write in V8
* Mon Jun 15 2020 Tomáš Chvátal - Another attempt on the location handling for Leap 15.1:
* no-location-leap151.patch
* Thu Jun 11 2020 Tomáš Chvátal - Attempt to build with wayland/ozone enabled
* Thu Jun 11 2020 Tomáš Chvátal - Enable more system libs on 15.2+- Remove the chromium-83-gcc-location-revert.patch as it is wrong approach to fix the problem
* Thu Jun 11 2020 Tomáš Chvátal - Update _constraints to match up LTO enablement
* Wed Jun 10 2020 Tomáš Chvátal - With GCC 10 released we should be able to enable LTO again
* Thu Jun 04 2020 Tomáš Chvátal - Update to 83.0.4103.97 bsc#1172496:
* CVE-2020-6493: Use after free in WebAuthentication.
* CVE-2020-6494: Incorrect security UI in payments.
* CVE-2020-6495: Insufficient policy enforcement in developer tools.
* CVE-2020-6496: Use after free in payments.
* Thu May 28 2020 Tomáš Chvátal - Add patch to not use bundled unrar:
* chromium-norar.patch
* Thu May 28 2020 Fabian Vogt - Amend chromium-prop-codecs.patch to allow proprietary_codecs without building third_party/openh264
* Wed May 27 2020 Tomáš Chvátal - Add revert of location setting commit that broke build on openSUSE Leap 15.1:
* chromium-83-gcc-location-revert.patch
* Mon May 25 2020 Tomáš Chvátal - Swtich to GCC 9.x on Leaps to avoid gcc bug exposed in gcc8
* Fri May 22 2020 Tomáš Chvátal - Add patch to fix building with new re2:
* chromium-81-re2-0.2020.05.01.patch
* Wed May 20 2020 Guillaume GARDET - Update _constraints to avoid very slow builds seen on obs-arm-4 (probably due to swap)
* Wed May 20 2020 Tomáš Chvátal - Update to 83.0.4103.61 bsc#1171910:
* CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(AATTpwn_expoit) of STEALIEN on 2020-04-21
* CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
* CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
* CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
* CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
* CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30
* CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
* CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
* CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
* CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
* CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
* CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
* CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
* CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
* CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
* CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
* CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
* CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (AATTqab) on 2017-12-17
* CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
* CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
* CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
* CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
* CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (AATTshhnjk) on 2015-10-06
* CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg on 2020-01-21
* CVE-2020-6489: Inappropriate implementation in developer tools. Reported by AATTlovasoa (Ophir LOJKINE) on 2020-02-10
* CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter on 2019-12-19
* CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal M.A on 2020-02-07- Rebase patch:
* chromium-vaapi.patch- Remove merged patches:
* icu-v67.patch
* chromium-80-gcc-blink.patch
* chromium-80.0.3987.106-missing-cstddef-header.patch
* chromium-80.0.3987.87-missing-cstdint-header.patch
* chromium-80.0.3987.87-missing-string-header.patch
* chromium-81-gcc-constexpr.patch
* chromium-81-gcc-noexcept.patch
* chromium-old-glibc-noexcept.patch
* fix-vaapi-with-glx.patch- Add new patches:
* chromium-82-gcc-constexpr.patch
* chromium-82-gcc-incomplete-type.patch
* chromium-82-gcc-iterator.patch
* chromium-82-gcc-noexcept.patch
* chromium-82-gcc-template.patch
* chromium-83-gcc-10.patch
* chromium-83-gcc-include.patch
* chromium-83-gcc-iterator.patch
* chromium-83-gcc-permissive.patch
* chromium-83-gcc-serviceworker.patch
* chromium-83-gcc-template.patch
* chromium-83-icu67.patch
* Wed May 06 2020 Tomáš Chvátal - update to 81.0.4044.138 bsc#1171247:
* CVE-2020-6831: Stack buffer overflow in SCTP
* CVE-2020-6464: Type Confusion in Blink.
* Tue May 05 2020 Ismail Dönmez - Add icu-v67.patch from upstream to fix build with icu v67
* Wed Apr 29 2020 Andreas Stieger - update to 81.0.4044.129 (boo#1170707):
* CVE-2020-0561: Use after free in storage
* CVE-2020-6462: Use after free in task scheduling
* Tue Apr 28 2020 Martin Liška - Add chromium-80.0.3987.87-missing-cstdint-header.patch, chromium-80.0.3987.87-missing-string-header.patch and chromium-80.0.3987.106-missing-cstddef-header.patch in order to fix build with GCC 10.
* Tue Apr 21 2020 Andreas Stieger - Update to 81.0.4044.122 (boo#1170107 bsc#1171975):
* CVE-2020-6459: Use after free in payments
* CVE-2020-6460: Insufficient data validation in URL formatting
* CVE-2020-6458: Out of bounds read and write in PDFium
* CVE-2020-6463: Use after free in ANGLE
* Fri Apr 17 2020 Tomáš Chvátal - Update to 81.0.4044.113 bsc#1169729:
* CVE-2020-6457: Use after free in speech recognizer
* Tue Apr 14 2020 Tomáš Chvátal - Try to use system version of xdg-utils
* Wed Apr 08 2020 Tomáš Chvátal - Update to 81.0.4044.92 bsc#1168911:
* CVE-2020-6454: Use after free in extensions
* CVE-2020-6423: Use after free in audio
* CVE-2020-6455: Out of bounds read in WebSQL
* CVE-2020-6430: Type Confusion in V8
* CVE-2020-6456: Insufficient validation of untrusted input in clipboard
* CVE-2020-6431: Insufficient policy enforcement in full screen
* CVE-2020-6432: Insufficient policy enforcement in navigations
* CVE-2020-6433: Insufficient policy enforcement in extensions
* CVE-2020-6434: Use after free in devtools
* CVE-2020-6435: Insufficient policy enforcement in extensions
* CVE-2020-6436: Use after free in window management
* CVE-2020-6437: Inappropriate implementation in WebView
* CVE-2020-6438: Insufficient policy enforcement in extensions
* CVE-2020-6439: Insufficient policy enforcement in navigations
* CVE-2020-6440: Inappropriate implementation in extensions
* CVE-2020-6441: Insufficient policy enforcement in omnibox
* CVE-2020-6442: Inappropriate implementation in cache
* CVE-2020-6443: Insufficient data validation in developer tools
* CVE-2020-6444: Uninitialized Use in WebRTC
* CVE-2020-6445: Insufficient policy enforcement in trusted types
* CVE-2020-6446: Insufficient policy enforcement in trusted types
* CVE-2020-6447: Inappropriate implementation in developer tools
* CVE-2020-6448: Use after free in V8- Add new patches:
* chromium-81-gcc-constexpr.patch
* chromium-81-gcc-noexcept.patch
* fix-vaapi-with-glx.patch- Remove no longer needed patches:
* chromium-80-gcc-abstract.patch
* chromium-80-gcc-incomplete-type.patch
* chromium-80-gcc-permissive.patch
* chromium-80-include.patch
* chromium-80-unbundle-libxml.patch
* chromium-missing-cstddef-header.patch
* chromium-missing-cstdint-header.patch
* chromium-missing-cstring-header.patch
* chromium-missing-cstring-header2.patch
* chromium-system-icu.patch
* chromium-unbundle-zlib.patch
* webrtc-pulse.patch- Rebase patches:
* build-with-pipewire-0.3.patch
* chromium-vaapi-fix.patch
* chromium-vaapi.patch
* gpu-timeout.patch
* old-libva.patch
* Thu Apr 02 2020 Tomáš Chvátal - Update to 80.0.3987.162 bsc#1168421:
* CVE-2020-6450: Use after free in WebAudio.
* CVE-2020-6451: Use after free in WebAudio.
* CVE-2020-6452: Heap buffer overflow in media.
* Sun Mar 29 2020 Martin Liška - Rebase build-with-pipewire-0.3.patch in order to fix patch collision.
* Sat Mar 28 2020 Martin Liška - Add chromium-missing-cstdint-header.patch, chromium-missing-cstring-header.patch, chromium-missing-cstring-header2.patch and chromium-missing-cstddef-header.patch in order to fix boo#1167465.
* Fri Mar 27 2020 Stasiek Michalski - Use a symbolic icon for GNOME
* Mon Mar 23 2020 Antonio Larrosa - Add patch to allow building with pipewire 0.3:
* build-with-pipewire-0.3.patch- Use pipewire in Leap 15.2
* Thu Mar 19 2020 Tomáš Chvátal - Update to 80.0.3987.149:
* High CVE-2020-6422: Use after free in WebGL.
* High CVE-2020-6424: Use after free in media.
* High CVE-2020-6425: Insufficient policy enforcement in extensions.
* High CVE-2020-6426: Inappropriate implementation in V8.
* High CVE-2020-6427: Use after free in audio.
* High CVE-2020-6428: Use after free in audio.
* High CVE-2020-6429: Use after free in audio.
* High CVE-2019-20503: Out of bounds read in usersctplib.
* High CVE-2020-6449: Use after free in audio.
* Various fixes from internal audits, fuzzing and other initiatives
* Sat Mar 14 2020 Tomáš Chvátal - Do not pull in python deps except interpreter, the bundles are patched anwyays
* Thu Mar 05 2020 Tomáš Chvátal - Update to 80.0.3987.132 bsc#1165826:
* CVE-2020-6420: Insufficient policy enforcement in media.
* Various fixes from internal audits, fuzzing and other initiatives [2].
* Tue Mar 03 2020 Tomáš Chvátal - Add patch trying to fix pulse audio issues with webrtc:
* webrtc-pulse.patch
* Tue Feb 25 2020 Tomáš Chvátal - Update to 80.0.3987.122 bsc#1164828:
* CVE-2020-6418: Type confusion in V8
* CVE-2020-6407: Out of bounds memory access in streams.
* Integer overflow in ICU
* Mon Feb 17 2020 Tomáš Chvátal - Add chromedriver binary to bindir
* Thu Feb 13 2020 Tomáš Chvátal - Drop sandbox binary as it should not be needed really bsc#1163588- Remove unused patch:
* chromium-sandbox-pie.patch
* Wed Feb 12 2020 Tomáš Chvátal - Update to 80.0.3987.100 bsc#1163484:
* feature fixes only
* Wed Feb 05 2020 Tomáš Chvátal - Update to 80.0.3987.87 bsc#1162833:
* CVE-2020-6381: Integer overflow in JavaScript
* CVE-2020-6382: Type Confusion in JavaScript
* CVE-2019-18197: Multiple vulnerabilities in XML
* CVE-2019-19926: Inappropriate implementation in SQLite
* CVE-2020-6385: Insufficient policy enforcement in storage
* CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
* CVE-2020-6387: Out of bounds write in WebRTC
* CVE-2020-6388: Out of bounds memory access in WebAudio
* CVE-2020-6389: Out of bounds write in WebRTC
* CVE-2020-6390: Out of bounds memory access in streams
* CVE-2020-6391: Insufficient validation of untrusted input in Blink
* CVE-2020-6392: Insufficient policy enforcement in extensions
* CVE-2020-6393: Insufficient policy enforcement in Blink
* CVE-2020-6394: Insufficient policy enforcement in Blink
* CVE-2020-6395: Out of bounds read in JavaScript
* CVE-2020-6396: Inappropriate implementation in Skia
* CVE-2020-6397: Incorrect security UI in sharing
* CVE-2020-6398: Uninitialized use in PDFium
* CVE-2020-6399: Insufficient policy enforcement in AppCache
* CVE-2020-6400: Inappropriate implementation in CORS
* CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
* CVE-2020-6402: Insufficient policy enforcement in downloads
* CVE-2020-6403: Incorrect security UI in Omnibox
* CVE-2020-6404: Inappropriate implementation in Blink
* CVE-2020-6405: Out of bounds read in SQLite
* CVE-2020-6406: Use after free in audio
* CVE-2019-19923: Out of bounds memory access in SQLite
* CVE-2020-6408: Insufficient policy enforcement in CORS
* CVE-2020-6409: Inappropriate implementation in Omnibox
* CVE-2020-6410: Insufficient policy enforcement in navigation
* CVE-2020-6411: Insufficient validation of untrusted input in Omnibox
* CVE-2020-6412: Insufficient validation of untrusted input in Omnibox
* CVE-2020-6413: Inappropriate implementation in Blink
* CVE-2020-6414: Insufficient policy enforcement in Safe Browsing
* CVE-2020-6415: Inappropriate implementation in JavaScript
* CVE-2020-6416: Insufficient data validation in streams
* CVE-2020-6417: Inappropriate implementation in installer- Disable lto for now as it consumes >16GB ram- Added patches:
* chromium-80-gcc-abstract.patch
* chromium-80-gcc-blink.patch
* chromium-80-gcc-incomplete-type.patch
* chromium-80-gcc-permissive.patch
* chromium-80-gcc-quiche.patch
* chromium-80-include.patch
* chromium-80-unbundle-libxml.patch
* chromium-80.0.3987.87.tar.xz
* chromium-fix-char_traits.patch
* gpu-timeout.patch- Removed patches:
* chromium-79-gcc-ambiguous-nodestructor.patch
* chromium-79-gcc-name-clash.patch
* chromium-79-gcc-permissive.patch
* chromium-79-icu-65.patch
* chromium-79-include.patch
* chromium-79-system-hb.patch- Rebased patches:
* chromium-old-glibc-noexcept.patch
* chromium-vaapi-fix.patch
* chromium-vaapi.patch
* Sat Jan 18 2020 Andreas Stieger - Update to 79.0.3945.130 boo#1161252:
* CVE-2020-6378: Use-after-free in speech recognizer
* CVE-2020-6379: Use-after-free in speech recognizer
* CVE-2020-6380: Extension message verification error
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Jan 08 2020 Tomáš Chvátal - Update to 79.0.3945.117 bsc#1160337:
* CVE-2020-6377: Use after free in audio
* Various fixes from internal audits, fuzzing and other initiatives
* Mon Dec 30 2019 Stefan Brüns - Drop obsolete liboil BuildRequires.
* Thu Dec 19 2019 Andreas Stieger - update to 79.0.3945.88:
* CVE-2019-13767: Use after free in media picker (boo#1159498)
* Wed Dec 11 2019 Tomáš Chvátal - Update to 79.0.3945.79:
* CVE-2019-13725: Use after free in Bluetooth
* CVE-2019-13726: Heap buffer overflow in password manager
* CVE-2019-13727: Insufficient policy enforcement in WebSockets
* CVE-2019-13728: Out of bounds write in V8
* CVE-2019-13729: Use after free in WebSockets
* CVE-2019-13730: Type Confusion in V8
* CVE-2019-13732: Use after free in WebAudio
* CVE-2019-13734: Out of bounds write in SQLite
* CVE-2019-13735: Out of bounds write in V8
* CVE-2019-13764: Type Confusion in V8
* CVE-2019-13736: Integer overflow in PDFium
* CVE-2019-13737: Insufficient policy enforcement in autocomplete
* CVE-2019-13738: Insufficient policy enforcement in navigation
* CVE-2019-13739: Incorrect security UI in Omnibox
* CVE-2019-13740: Incorrect security UI in sharing
* CVE-2019-13741: Insufficient validation of untrusted input in Blink
* CVE-2019-13742: Incorrect security UI in Omnibox
* CVE-2019-13743: Incorrect security UI in external protocol handling
* CVE-2019-13744: Insufficient policy enforcement in cookies
* CVE-2019-13745: Insufficient policy enforcement in audio
* CVE-2019-13746: Insufficient policy enforcement in Omnibox
* CVE-2019-13747: Uninitialized Use in rendering
* CVE-2019-13748: Insufficient policy enforcement in developer tools
* CVE-2019-13749: Incorrect security UI in Omnibox
* CVE-2019-13750: Insufficient data validation in SQLite
* CVE-2019-13751: Uninitialized Use in SQLite
* CVE-2019-13752: Out of bounds read in SQLite
* CVE-2019-13753: Out of bounds read in SQLite
* CVE-2019-13754: Insufficient policy enforcement in extensions
* CVE-2019-13755: Insufficient policy enforcement in extensions
* CVE-2019-13756: Incorrect security UI in printing
* CVE-2019-13757: Incorrect security UI in Omnibox
* CVE-2019-13758: Insufficient policy enforcement in navigation
* CVE-2019-13759: Incorrect security UI in interstitials
* CVE-2019-13761: Incorrect security UI in Omnibox
* CVE-2019-13762: Insufficient policy enforcement in downloads
* CVE-2019-13763: Insufficient policy enforcement in payments- Remove merged patches:
* chromium-77-clang.patch
* chromium-78-gcc-enum-range.patch
* chromium-78-gcc-noexcept.patch
* chromium-78-gcc-std-vector.patch
* chromium-78-icon.patch
* chromium-78-include.patch
* chromium-78-noexcept.patch
* chromium-78-pm-crash.patch
* chromium-78-protobuf-export.patch- Add new patches:
* chromium-79-gcc-alignas.patch
* chromium-79-gcc-ambiguous-nodestructor.patch
* chromium-79-gcc-name-clash.patch
* chromium-79-gcc-permissive.patch
* chromium-79-include.patch
* chromium-79-system-hb.patch- Rebase patches:
* chromium-dma-buf.patch
* chromium-old-glibc-noexcept.patch
* chromium-vaapi-fix.patch
* fix_building_widevinecdm_with_chromium.patch
* old-libva.patch
* Wed Nov 20 2019 Tomáš Chvátal - Update to 78.0.3904.108 bsc#1157269:
* CVE-2019-13723: Use-after-free in Bluetooth
* CVE-2019-13724: Out-of-bounds access in Bluetooth
* Various fixes from internal audits, fuzzing and other initiatives
* Mon Nov 18 2019 Guillaume GARDET - Fix build on aarch64 with:
* chromium-79-icu-65.patch
* Fri Nov 08 2019 Andreas Stieger - Update to 78.0.3904.97 boo#1156172:
* Various security fixes from internal audits, fuzzing and other initiatives
* Wed Nov 06 2019 Tomáš Chvátal - Keep just one conditional for vaapi enablement
* Mon Nov 04 2019 Tomáš Chvátal - Add more magic for zlib handling for SLE12 build
* Mon Nov 04 2019 Tomáš Chvátal - Add patch trying to build on SLE12:
* chromium-old-glibc-noexcept.patch
* Fri Nov 01 2019 Tomáš Chvátal - Update to 78.0.3904.87 bsc#1155643:
* CVE-2019-13721: Use-after-free in PDFium
* CVE-2019-13720: Use-after-free in audio
* Wed Oct 30 2019 Martin Liška - Enable LTO again with disabled parallel LTO WPA streaming.
* Fri Oct 25 2019 Tomáš Chvátal - Disable LTO for now as it consumes ~20GB of RAM, we will reenable the feature later when some memory consumption fixes land in GCC
* Thu Oct 24 2019 Tomáš Chvátal - Adjust LDFLAGS settings for LTO to take memory-constraints into consideration
* Wed Oct 23 2019 Tomáš Chvátal - Update to 78.0.3904.70 bsc#1154806:
* CVE-2019-13699: Use-after-free in media
* CVE-2019-13700: Buffer overrun in Blink
* CVE-2019-13701: URL spoof in navigation
* CVE-2019-13702: Privilege elevation in Installer
* CVE-2019-13703: URL bar spoofing
* CVE-2019-13704: CSP bypass
* CVE-2019-13705: Extension permission bypass
* CVE-2019-13706: Out-of-bounds read in PDFium
* CVE-2019-13707: File storage disclosure
* CVE-2019-13708: HTTP authentication spoof
* CVE-2019-13709: File download protection bypass
* CVE-2019-13710: File download protection bypass
* CVE-2019-13711: Cross-context information leak
* CVE-2019-15903: Buffer overflow in expat
* CVE-2019-13713: Cross-origin data leak
* CVE-2019-13714: CSS injection
* CVE-2019-13715: Address bar spoofing
* CVE-2019-13716: Service worker state error
* CVE-2019-13717: Notification obscured
* CVE-2019-13718: IDN spoof
* CVE-2019-13719: Notification obscured
* Various fixes from internal audits, fuzzing and other initiatives- Add patches:
* chromium-78-gcc-enum-range.patch
* chromium-78-gcc-noexcept.patch
* chromium-78-gcc-std-vector.patch
* chromium-78-icon.patch
* chromium-78-include.patch
* chromium-78-noexcept.patch
* chromium-78-pm-crash.patch
* chromium-78-protobuf-export.patch- Remove patches:
* chromium-77-blink-include.patch
* chromium-77-fix-gn-gen.patch
* chromium-77-gcc-abstract.patch
* chromium-77-gcc-include.patch
* chromium-77-gcc-no-opt-safe-math.patch
* chromium-77-no-cups.patch
* chromium-77-std-string.patch
* chromium-77-system-hb.patch
* chromium-77.0.3865.120.tar.xz
* chromium-77.0.3865.75-certificate-transparency.patch- Rebase patches:
* chromium-system-icu.patch
* chromium-unbundle-zlib.patch
* chromium-vaapi-fix.patch
* chromium-vaapi.patch
* old-libva.patch At revision 0ad55cb9e188d5926db26003b443eec9.
* Fri Oct 18 2019 Stasiek Michalski - Use internal resources for icon and appdata
* Fri Oct 11 2019 Tomáš Chvátal - Update to 77.0.3865.120 bsc#1153660:
* CVE-2019-13693: Use-after-free in IndexedDB
* CVE-2019-13694: Use-after-free in WebRTC
* CVE-2019-13695: Use-after-free in audio
* CVE-2019-13696: Use-after-free in V8
* CVE-2019-13697: Cross-origin size leak.
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Sep 19 2019 Jan Ritzerfeld - Added patch chromium-vaapi-fix.patch again to fix boo#1146219
* Wed Sep 18 2019 Andreas Stieger - update to chromium 77.0.3865.90 boo#1151229:
* CVE-2019-13685: Use-after-free in UI
* CVE-2019-13688: Use-after-free in media
* CVE-2019-13687: Use-after-free in media
* CVE-2019-13686: Use-after-free in offline pages
* Mon Sep 16 2019 Tomáš Chvátal - Add patch from Fedora for cert transparency:
* chromium-77.0.3865.75-certificate-transparency.patch
* Mon Sep 16 2019 Tomáš Chvátal - Add patches from gentoo:
* chromium-77-clang.patch
* chromium-77-gcc-no-opt-safe-math.patch
* chromium-77-no-cups.patch
* chromium-77-std-string.patch
* Thu Sep 12 2019 Tomáš Chvátal - Update patch old-libva.patch to build on openSUSE Leap 15.0
* Thu Sep 12 2019 Tomáš Chvátal - Update to chromium 77.0.3865.75 bsc#1150425:
* CVE-2019-5870: Use-after-free in media
* CVE-2019-5871: Heap overflow in Skia
* CVE-2019-5872: Use-after-free in Mojo
* CVE-2019-5874: External URIs may trigger other browsers
* CVE-2019-5875: URL bar spoof via download redirect
* CVE-2019-5876: Use-after-free in media
* CVE-2019-5877: Out-of-bounds access in V8
* CVE-2019-5878: Use-after-free in V8
* CVE-2019-5879: Extension can bypass same origin policy
* CVE-2019-5880: SameSite cookie bypass
* CVE-2019-5881: Arbitrary read in SwiftShader
* CVE-2019-13659: URL spoof
* CVE-2019-13660: Full screen notification overlap
* CVE-2019-13661: Full screen notification spoof
* CVE-2019-13662: CSP bypass
* CVE-2019-13663: IDN spoof
* CVE-2019-13664: CSRF bypass
* CVE-2019-13665: Multiple file download protection bypass
* CVE-2019-13666: Side channel using storage size estimate
* CVE-2019-13667: URI bar spoof when using external app URIs
* CVE-2019-13668: Global window leak via console
* CVE-2019-13669: HTTP authentication spoof
* CVE-2019-13670: V8 memory corruption in regex
* CVE-2019-13671: Dialog box fails to show origin
* CVE-2019-13673: Cross-origin information leak using devtools
* CVE-2019-13674: IDN spoofing
* CVE-2019-13675: Extensions can be disabled by trailing slash
* CVE-2019-13676: Google URI shown for certificate warning
* CVE-2019-13677: Chrome web store origin needs to be isolated
* CVE-2019-13678: Download dialog spoofing
* CVE-2019-13679: User gesture needed for printing
* CVE-2019-13680: IP address spoofing to servers
* CVE-2019-13681: Bypass on download restrictions
* CVE-2019-13682: Site isolation bypass
* CVE-2019-13683: Exceptions leaked by devtools- Added patches:
* chromium-77-blink-include.patch
* chromium-77-fix-gn-gen.patch
* chromium-77-gcc-abstract.patch
* chromium-77-gcc-include.patch
* chromium-77-system-hb.patch
* chromium-unbundle-zlib.patch- Removed merged patches:
* chromium-76-gcc-ambiguous-nodestructor.patch
* chromium-76-gcc-blink-constexpr.patch
* chromium-76-gcc-blink-namespace1.patch
* chromium-76-gcc-blink-namespace2.patch
* chromium-76-gcc-gl-init.patch
* chromium-76-gcc-include.patch
* chromium-76-gcc-noexcept.patch
* chromium-76-gcc-private.patch
* chromium-76-gcc-pure-virtual.patch
* chromium-76-gcc-uint32.patch
* chromium-76-gcc-vulkan.patch
* chromium-76-quiche.patch
* chromium-angle-inline.patch
* chromium-fix-char_traits.patch
* chromium-skia-aarch64-buildfix.patch
* chromium-vaapi-fix.patch
* gcc-lto-rsp-clobber.patch - Refreshed patches:
* chromium-prop-codecs.patch
* chromium-system-icu.patch
* chromium-vaapi.patch
* old-libva.patch
* Tue Sep 03 2019 Tomáš Chvátal - Update to 76.0.3809.132 bsc#1149143 CVE-2019-5869:
* CVE-2019-5869: Use-after-free in Blink
* Various fixes from internal audits, fuzzing and other initiatives- Refresh patch chromium-76-gcc-ambiguous-nodestructor.patch
* Mon Aug 19 2019 Jan Ritzerfeld - Added patch chromium-vaapi-fix.patch to fix boo#1146219
* Mon Aug 12 2019 Tomáš Chvátal - Update to 76.0.3809.100 bsc#1145242:
* CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
* CVE-2019-5867: Out-of-bounds read in V8
* Thu Aug 08 2019 Tomáš Chvátal - Add patches to fix few compilation issues:
* chromium-angle-inline.patch
* chromium-fix-char_traits.patch bsc#1144625- Remove not properly applying old-glibc patch:
* chromium-old-glibc.patch- Disable various gcc warnings as upstream does not care and it just bloats the buildlog (from debian)
* Fri Aug 02 2019 Tomáš Chvátal - Update to 76.0.3809.87 bsc#1143492:
* CVE-2019-5850: Use-after-free in offline page fetcher
* CVE-2019-5860: Use-after-free in PDFium
* CVE-2019-5853: Memory corruption in regexp length check
* CVE-2019-5851: Use-after-poison in offline audio context
* CVE-2019-5859: res: URIs can load alternative browsers
* CVE-2019-5856: Insufficient checks on filesystem: URI permissions
* CVE-2019-5855: Integer overflow in PDFium
* CVE-2019-5865: Site isolation bypass from compromised renderer
* CVE-2019-5858: Insufficient filtering of Open URL service parameters
* CVE-2019-5864: Insufficient port filtering in CORS for extensions
* CVE-2019-5862: AppCache not robust to compromised renderers
* CVE-2019-5861: Click location incorrectly checked
* CVE-2019-5857: Comparison of -0 and null yields crash
* CVE-2019-5854: Integer overflow in PDFium text rendering
* CVE-2019-5852: Object leak of utility functions
* Various fixes from internal audits, fuzzing and other initiatives
* Not affected: + CVE-2019-5863: Use-after-free in WebUSB on Windows- Added patches:
* chromium-76-gcc-ambiguous-nodestructor.patch
* chromium-76-gcc-blink-constexpr.patch
* chromium-76-gcc-blink-namespace1.patch
* chromium-76-gcc-blink-namespace2.patch
* chromium-76-gcc-gl-init.patch
* chromium-76-gcc-include.patch
* chromium-76-gcc-noexcept.patch
* chromium-76-gcc-private.patch
* chromium-76-gcc-pure-virtual.patch
* chromium-76-gcc-uint32.patch
* chromium-76-gcc-vulkan.patch
* chromium-76-quiche.patch- Removed patches:
* chromium-non-void-return.patch
* chromium-75.0.3770.80-SIOCGSTAMP.patch
* chromium-75.0.3770.80-pure-virtual-crash-fix.patch
* chromium-gcc.patch
* chromium-renderprocess-crash.patch
* chromium-skia-system-fontconfig.patch- Refreshed patches:
* chromium-dma-buf.patch
* chromium-drm.patch
* chromium-libusb_interrupt_event_handler.patch
* chromium-skia-aarch64-buildfix.patch
* chromium-system-icu.patch
* chromium-vaapi.patch
* old-libva.patch
* Tue Jul 30 2019 Tomáš Chvátal - Do not use lto flags from prjconf, we need to set them using gn buildsystem
* Tue Jul 30 2019 Tomáš Chvátal - Drop patch chromium-non-void-return.patch and just pass a cxxflags disabler for the check
* Wed Jul 17 2019 Tomáš Chvátal - Update gcc-enable-lto.patch to work on systems without the lto
* Tue Jul 16 2019 Tomáš Chvátal - Update to 75.0.3770.142 bsc#1141649:
* CVE-2019-5847: V8 sealed/frozen elements cause crash
* CVE-2019-5848: Font sizes may expose sensitive information- Add patch chromium-renderprocess-crash.patch to hopefully fix bsc#1141102
* Tue Jul 02 2019 Martin Liška - Enable LTO for x86_64 - add gcc-enable-lto.patch and gcc-lto-rsp-clobber.patch patches.
* Tue Jul 02 2019 Tomáš Chvátal - Install manpage
* Wed Jun 19 2019 Tomáš Chvátal - Update to 75.0.3770.100:
* This is just feature fixes update
* Fri Jun 14 2019 Tomáš Chvátal - Update to 75.0.3770.90 bsc#1137332 bsc#1138287:
* CVE-2019-5842: Use-after-free in Blink.
* Tue Jun 11 2019 Tomáš Chvátal - Fix build with kernel 5.2 and avoid runtime crash due to pure virtual declaration:
* chromium-75.0.3770.80-SIOCGSTAMP.patch
* chromium-75.0.3770.80-pure-virtual-crash-fix.patch
* Sat Jun 08 2019 Tomáš Chvátal - Update old-libva.patch to make sure we build on Leap 42.3
* Fri Jun 07 2019 Tomáš Chvátal - Update to 75.0.3770.80 bsc#1137332:
* CVE-2019-5828: Use after free in ServiceWorker
* CVE-2019-5829: Use after free in Download Manager
* CVE-2019-5830: Incorrectly credentialed requests in CORS
* CVE-2019-5831: Incorrect map processing in V8
* CVE-2019-5832: Incorrect CORS handling in XHR
* CVE-2019-5833: Inconsistent security UI placemen
* CVE-2019-5835: Out of bounds read in Swiftshader
* CVE-2019-5836: Heap buffer overflow in Angle
* CVE-2019-5837: Cross-origin resources size disclosure in Appcache
* CVE-2019-5838: Overly permissive tab access in Extensions
* CVE-2019-5839: Incorrect handling of certain code points in Blink
* CVE-2019-5840: Popup blocker bypass
* Various fixes from internal audits, fuzzing and other initiatives
* CVE-2019-5834: URL spoof in Omnibox on iOS- Remove merged patchsets:
* 00-basevalue.patch
* 01-basevalue.patch
* 02-basevalue.patch
* 03-basevalue.patch
* 04-basevalue.patch
* 05-basevalue.patch
* 06-basevalue.patch
* chromium-fix-crc32-for-aarch64.patch
* quic.patch- Update patches:
* chromium-gcc.patch
* chromium-non-void-return.patch
* chromium-vaapi.patch
* old-libva.patch
* Tue May 28 2019 Tomáš Chvátal - Update to 74.0.3729.169:
* Feature fixes update only
* Sun May 19 2019 Andreas Stieger - Update to 74.0.3729.157:
* Various security fixes from internal audits, fuzzing and other initiatives- includes security fixes from 74.0.3729.131 (boo#1134218):
* CVE-2019-5827: Out-of-bounds access in SQLite
* CVE-2019-5824: Parameter passing error in media player
* Tue May 07 2019 Guillaume GARDET - Add patch to fix build on aarch64:
* chromium-fix-crc32-for-aarch64.patch
* Tue Apr 30 2019 Tomáš Chvátal - Update to 74.0.3729.108 bsc#1133313:
* CVE-2019-5805: Use after free in PDFium
* CVE-2019-5806: Integer overflow in Angle
* CVE-2019-5807: Memory corruption in V8
* CVE-2019-5808: Use after free in Blink
* CVE-2019-5809: Use after free in Blink
* CVE-2019-5810: User information disclosure in Autofill
* CVE-2019-5811: CORS bypass in Blink
* CVE-2019-5813: Out of bounds read in V8
* CVE-2019-5814: CORS bypass in Blink
* CVE-2019-5815: Heap buffer overflow in Blink
* CVE-2019-5818: Uninitialized value in media reader
* CVE-2019-5819: Incorrect escaping in developer tools
* CVE-2019-5820: Integer overflow in PDFium
* CVE-2019-5821: Integer overflow in PDFium
* CVE-2019-5822: CORS bypass in download manager
* CVE-2019-5823: Forced navigation from service worker
* CVE-2019-5812: URL spoof in Omnibox on iOS
* CVE-2019-5816: Exploit persistence extension on Android
* CVE-2019-5817: Heap buffer overflow in Angle on Windows- Add patches:
* 00-basevalue.patch
* 01-basevalue.patch
* 02-basevalue.patch
* 03-basevalue.patch
* 04-basevalue.patch
* 05-basevalue.patch
* 06-basevalue.patch
* old-libva.patch
* quic.patch- Remove patches:
* chromium-73.0.3683.75-pipewire-cstring-fix.patch
* chromium-fix_crashpad.patch
* chromium-fix_swiftshader.patch
* chromium-old-libva.patch- Rebase patches:
* chromium-gcc.patch
* chromium-non-void-return.patch
* chromium-old-glibc.patch
* Fri Apr 05 2019 Tomáš Chvátal - Update to 73.0.3686.103:
* Various feature fixes
* Mon Mar 25 2019 Tomáš Chvátal - Add patch for pipewire build:
* chromium-73.0.3683.75-pipewire-cstring-fix.patch
* Mon Mar 25 2019 Tomáš Chvátal - Update to 73.0.3683.86:
* Just feature fixes around- Refresh patch:
* chromium-non-void-return.patch
* Thu Mar 21 2019 Tomáš Chvátal - Update conditions to use system harfbuzz on TW+- Require java during build- Enable using pipewire when available- Rebase chromium-vaapi.patch to match up the Fedora one
* Wed Mar 13 2019 Tomáš Chvátal - Update to 73.0.3683.75 bsc#1129059:
* CVE-2019-5844 CVE-2019-5845 CVE-2019-5846
* CVE-2019-5787: Use after free in Canvas.
* CVE-2019-5788: Use after free in FileAPI.
* CVE-2019-5789: Use after free in WebMIDI.
* CVE-2019-5790: Heap buffer overflow in V8.
* CVE-2019-5791: Type confusion in V8.
* CVE-2019-5792: Integer overflow in PDFium.
* CVE-2019-5793: Excessive permissions for private API in Extensions.
* CVE-2019-5794: Security UI spoofing.
* CVE-2019-5795: Integer overflow in PDFium.
* CVE-2019-5796: Race condition in Extensions.
* CVE-2019-5797: Race condition in DOMStorage.
* CVE-2019-5798: Out of bounds read in Skia.
* CVE-2019-5799: CSP bypass with blob URL.
* CVE-2019-5800: CSP bypass with blob URL.
* CVE-2019-5801: Incorrect Omnibox display on iOS.
* CVE-2019-5802: Security UI spoofing.
* CVE-2019-5803: CSP bypass with Javascript URLs\'.
* CVE-2019-5804: Command line command injection on Windows.- Update patches:
* chromium-buildname.patch
* chromium-non-void-return.patch
* chromium-old-glibc.patch
* chromium-old-libva.patch
* chromium-vaapi.patch- Removed patches:
* chromium-crashpad-fix_aarch64.patch
* chromium-webrtc-includes.patch- Added patches:
* chromium-gcc.patch
* chromium-fix_crashpad.patch
* Mon Mar 04 2019 Tomáš Chvátal - Drop direct dependency on libgsm, we just need the devel
* Sat Mar 02 2019 Tomáš Chvátal - Update to 72.0.3626.121:
* fixes bsc#1127602 CVE-2019-5786
* Mon Feb 25 2019 Tomáš Chvátal - Update to 72.0.3626.119:
* Feature fixes update only
* Wed Feb 20 2019 Tomáš Chvátal - Update to 72.0.3626.109 bsc#1120892 CVE-2018-20073:
* This is just feature fixes update
* Mon Feb 11 2019 Tomáš Chvátal - Update to 72.0.3626.96 bsc#1124936:
* CVE-2019-5784: Inappropriate implementation in V8
* Mon Feb 11 2019 Simon Lees - Provide web_browser so chromium can be installed instead of firefox.
* Wed Jan 30 2019 Tomáš Chvátal - Update to 72.0.3626.81 bsc#1123641:
* CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad on 2018-12-12
* CVE-2019-5782: Inappropriate implementation in V8. Reported by Qixun Zhao of Qihoo 360 Vulcan Team via Tianfu Cup on 2018-11-16
* CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya on 2018-12-10
* CVE-2019-5756: Use after free in PDFium. Reported by Anonymous on 2018-10-14
* CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis, Microsoft Browser Vulnerability Research on 2018-12-15
* CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-11
* CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin on 2018-12-05
* CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-05
* CVE-2019-5761: Use after free in SwiftShader. Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-13
* CVE-2019-5762: Use after free in PDFium. Reported by Anonymous on 2018-10-31
* CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-12-13
* CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin from Check Point Software Technologies on 2018-12-09
* CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin (AATTbagipro) on 2019-01-16
* CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg on 2018-11-20
* CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao from Indiana University Bloomington on 2018-11-06
* CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu on 2018-01-24
* CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel on 2018-12-11
* CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidalltAATT on 2018-11-27
* CVE-2019-5771: Heap buffer overflow in SwiftShader. Reported by Zhe Jin（金哲），Luyao Liu(刘路遥) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-12
* CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-11-26
* CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang of Tencent\'s Xuanwu Lab (xlab.tencent.com) on 2018-12-24
* CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang (ultract) and Juno Im on 2018-11-11
* CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
* CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang on 2018-07-14
* CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani on 2018-06-04
* CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg on 2019-01-02
* CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg on 2018-11-11
* CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg (folivora.AI GmbH) on 2018-10-03
* CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18- Added patches:
* chromium-crashpad-fix_aarch64.patch
* chromium-fix_swiftshader.patch
* chromium-webrtc-includes.patch- Obsoleted patches:
* chromium-gcc8-alignof.patch
* chromium-initialize-list.patch- Updated patches:
* chromium-dma-buf.patch
* chromium-non-void-return.patch
* chromium-skia-system-fontconfig.patch
* chromium-system-icu.patch
* chromium-vaapi.patch- Try to reduce constraints to avoid being so much just in scheduled state
* Wed Jan 02 2019 Tomáš Chvátal - Tweak fix_building_widevinecdm_with_chromium.patch to make it work again bsc#1120429