SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for chromium-128.0.6613.84-bp155.2.105.1.x86_64.rpm :

* Wed Aug 21 2024 Andreas Stieger - Chromium 128.0.6613.84 (boo#1229591)
* CVE-2024-7964: Use after free in Passwords
* CVE-2024-7965: Inappropriate implementation in V8
* CVE-2024-7966: Out of bounds memory access in Skia
* CVE-2024-7967: Heap buffer overflow in Fonts
* CVE-2024-7968: Use after free in Autofill
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-7971: Type confusion in V8
* CVE-2024-7972: Inappropriate implementation in V8
* CVE-2024-7973: Heap buffer overflow in PDFium
* CVE-2024-7974: Insufficient data validation in V8 API
* CVE-2024-7975: Inappropriate implementation in Permissions
* CVE-2024-7976: Inappropriate implementation in FedCM
* CVE-2024-7977: Insufficient data validation in Installer
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
* CVE-2024-7979: Insufficient data validation in Installer
* CVE-2024-7980: Insufficient data validation in Installer
* CVE-2024-7981: Inappropriate implementation in Views
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
* CVE-2024-8035: Inappropriate implementation in Extensions
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Aug 18 2024 roAATTsuse.de- Chromium 128.0.6613.36 (boo#1229426)- modified patches:
* chromium-norar.patch drop most hunks, upstream has a config for this now
* gcc-enable-lto.patch update context
* chromium-125-compiler.patch update context
* chromium-127-constexpr.patch update context- drop patches: (should be obsolete with llvm>17 and libc++) chromium-120-emplace.patch chromium-125-emplace-struct.patch- drop patches: (upstream)
* chromium-121-nullptr_t-without-namespace-std.patch
* chromium-123-stats-collector.patch
* chromium-127-paint-layer-header.patch
* chromium-127-ninja-1.21.1-deps-part0.patch
* chromium-127-ninja-1.21.1-deps-part1.patch
* chromium-127-ninja-1.21.1-deps-part2.patch
* chromium-127-ninja-1.21.1-deps-part3.patch- disable rpmlint only for factory/tw where it is broken because of the large archive size of the source here- keeplibs add third_party/devtools-frontend/src/front_end/third_party/ puppeteer/package/lib/esm/third_party/parsel-js third_party/tflite/src/third_party/xla/xla/tsl/framework- buildflags add safe_browsing_use_unrar=false
* Thu Aug 15 2024 roAATTsuse.de- Chromium 127.0.6533.119 (boo#1228941)
* CVE-2024-7532: Out of bounds memory access in ANGLE
* CVE-2024-7533: Use after free in Sharing
* CVE-2024-7550: Type Confusion in V8
* CVE-2024-7534: Heap buffer overflow in Layout
* CVE-2024-7535: Inappropriate implementation in V8
* CVE-2024-7536: Use after free in WebAudio
* Thu Aug 01 2024 roAATTsuse.de- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing
* CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing
* CVE-2024-6990: Uninitialized Use in Dawn
* CVE-2024-7255: Out of bounds read in WebTransport
* CVE-2024-7256: Insufficient data validation in Dawn- drop patches:
* chromium-115-compiler-SkColor4f.patch only for llvm < 16
* chromium-117-system-zstd.patch upstreamed
* chromium-122-workaround_clang_bug-structured_binding.patch
* chromium-125-tabstrip-include.patch upstreamed
* chromium-126-missing-header-files.patch
* chromium-126-RealTimeReportingBindings-missing-decl.patch upstreamed
* chromium-126-no_matching_constructor.patch
* chromium-126-no-format.patch upstreamed- switch from libstdc++ to libc++- drop patches obsolete when using libc++
* chromium-126-debian-bad-font-gc00000.patch
* chromium-126-debian-bad-font-gc2.patch
* chromium-126-debian-bad-font-gc1.patch
* chromium-126-debian-bad-font-gc00.patch
* chromium-126-debian-bad-font-gc000.patch
* chromium-126-debian-bad-font-gc11.patch
* chromium-126-debian-bad-font-gc0.patch
* chromium-126-debian-bad-font-gc0000.patch
* chromium-126-debian-bad-font-gc3.patch- modify patches:
* chromium-125-lp155-typename.patch - drop hunk in model_execution_util.h - drop hunk in model_quality_log_entry.h- dropping from keeplibs: (does not exist) base/third_party/valgrind third_party/maldoca third_party/maldoca/src/third_party- requires updated gn to build (newer than Feb 14 2024)- add patches:
* chromium-127-bindgen.patch (from debian/patches/fixes))
* chromium-127-rust-clanglib.patch (just first hunk from fedora)
* chromium-127-clang17-traitors.patch workaround for clang < 18 from debiana (only used on 15.6)
* chromium-127-constexpr.patch (from debian/patches/bookworm)
* chromium-127-paint-layer-header.patch (from debian/patches/upstream)
* chromium-127-ninja-1.21.1-deps-part0.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part1.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part2.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part3.patch (from fedora)- buildrequire rust-bindgen to get proper binaries per arch- use qt5 for factory as well, qt6 fails with: ld.lld: error: undefined symbol: QByteArray::toStdString() const referenced by qt_shim.cc obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const)- drop patches:
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc1.patch
* Wed Jul 17 2024 Andreas Stieger - Chromium 126.0.6478.182 (boo#1227979)
* CVE-2024-6772: Inappropriate implementation in V8
* CVE-2024-6773: Type Confusion in V8
* CVE-2024-6774: Use after free in Screen Capture
* CVE-2024-6775: Use after free in Media Stream
* CVE-2024-6776: Use after free in Audio
* CVE-2024-6777: Use after free in Navigation
* CVE-2024-6778: Race in DevTools
* CVE-2024-6779: Out of bounds memory access in V8
* Tue Jul 09 2024 Callum Farmer - Finalize 126- Removed patches:
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch- Added patches:
* chromium-126-RealTimeReportingBindings-missing-decl.patch
* chromium-126-no-format.patch
* Mon Jul 01 2024 Andreas Stieger - Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
* CVE-2024-6290: Use after free in Dawn
* CVE-2024-6291: Use after free in Swiftshader
* CVE-2024-6292: Use after free in Dawn
* CVE-2024-6293: Use after free in Dawn
* CVE-2024-6100: Type Confusion in V8
* CVE-2024-6101: Inappropriate implementation in WebAssembly
* CVE-2024-6102: Out of bounds memory access in Dawn
* CVE-2024-6103: Use after free in Dawn
* CVE-2024-5830: Type Confusion in V8
* CVE-2024-5831: Use after free in Dawn
* CVE-2024-5832: Use after free in Dawn
* CVE-2024-5833: Type Confusion in V8
* CVE-2024-5834: Inappropriate implementation in Dawn
* CVE-2024-5835: Heap buffer overflow in Tab Groups
* CVE-2024-5836: Inappropriate Implementation in DevTools
* CVE-2024-5837: Type Confusion in V8
* CVE-2024-5838: Type Confusion in V8
* CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* CVE-2024-5840: Policy Bypass in CORS
* CVE-2024-5841: Use after free in V8
* CVE-2024-5842: Use after free in Browser UI
* CVE-2024-5843: Inappropriate implementation in Downloads
* CVE-2024-5844: Heap buffer overflow in Tab Strip
* CVE-2024-5845: Use after free in Audio
* CVE-2024-5846: Use after free in PDFium
* CVE-2024-5847: Use after free in PDFium- drop patches:
* chromium-disable-parallel-gold.patch
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-ninja.patch
* chromium-125-no_matching_constructor.patch
* chromium-125-missing-header-files.patch- add patches:
* chromium-126-missing-header-files.patch
* chromium-126-quiche-interator.patch
* chromium-126-no_matching_constructor.patch
* Wed Jun 12 2024 Callum Farmer - Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (bsc#1226170)
* Fri May 31 2024 Andreas Stieger - Chromium 125.0.6422.141 (boo#1225690)
* CVE-2024-5493: Heap buffer overflow in WebRTC
* CVE-2024-5494: Use after free in Dawn
* CVE-2024-5495: Use after free in Dawn
* CVE-2024-5496: Use after free in Media Session
* CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
* CVE-2024-5498: Use after free in Presentation API
* CVE-2024-5499: Out of bounds write in Streams API
* Fri May 24 2024 Andreas Stieger - Chromium 125.0.6422.112
* CVE-2024-5274: Type Confusion in V8 (boo#1225199)
* Tue May 21 2024 Andreas Stieger - Chromium 125.0.6422.76 (boo#1224818)
* CVE-2024-5157: Use after free in Scheduling
* CVE-2024-5158: Type Confusion in V8
* CVE-2024-5159: Heap buffer overflow in ANGLE
* CVE-2024-5160: Heap buffer overflow in Dawn
* Various fixes from internal audits, fuzzing and other initiatives
* Thu May 16 2024 roAATTsuse.de- Chromium 125.0.6422.60 (boo#1224341)
* CVE-2024-4947: Type Confusion in V8
* CVE-2024-4948: Use after free in Dawn
* CVE-2024-4949: Use after free in V8
* CVE-2024-4950: Inappropriate implementation in Downloads- Chromium 125.0.6422.41
* New upstream (early) stable release.- drop upstreamed patches:
* chromium-124-uint-includes.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-extractor-bitset.patch
* chromium-124-atomic.patch
* chromium-124-webgpu-optional.patch
* chromium-124-angle-powf.patch- add debian upstream patches added for 125:
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-tabstrip-include.patch
* chromium-125-ninja.patch- add debian fixes patches to fix font gc crashes:
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc1.patch
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch- add from fedora (reverse applied for older ffmpeg):
* chromium-125-ffmpeg-5.x-reordered_opaque.patch- re-diff and rename:
* from chromium-110-compiler.patch to chromium-125-compiler.patch
* from chromium-120-emplace-struct.patch to chromium-125-emplace-struct.patch
* from chromium-disable-FFmpegAllowLists.patch to chromium-125-disable-FFmpegAllowLists.patch
* from chromium-122-missing-header-files.patch to chromium-125-missing-header-files.patch
* from chromium-122-no_matching_constructor.patch to chromium-125-no_matching_constructor.patch
* from chromium-122-lp155-typename.patch to chromium-125-lp155-typename.patch- third_party/zstd added to keeplibs for third_party/blink/renderer/platform:platform- third_party/tflite/src/third_party/xla/xla/tsl/util added to keeplibs for third_party/tflite/tflite- third_party/lens_server_proto added to keeplibs for gen/third_party/lens_server_proto
* Tue May 14 2024 Andreas Stieger - Chromium 124.0.6367.207 (boo#1224294)
* CVE-2024-4761: Out of bounds write in V8
* Fri May 10 2024 Andreas Stieger - Chromium 124.0.6367.201 (boo#1224208)
* CVE-2024-4671: Use after free in Visuals- Chromium 124.0.6367.155 (boo#1224045)
* CVE-2024-4558: Use after free in ANGLE
* CVE-2024-4559: Heap buffer overflow in WebAudio
* Fri May 03 2024 roAATTsuse.de- drop patches:
* chromium-123-WebUI-static_assert.patch
* Thu May 02 2024 Andreas Stieger - Chromium 124.0.6367.118 (boo#1223846)
* CVE-2024-4331: Use after free in Picture In Picture
* CVE-2024-4368: Use after free in Dawn
* Wed May 01 2024 Callum Farmer - Add patches:
* chromium-123-missing-QtGui.patch- Restore libxml 2.12 check for chromium-124-system-libxml.patch which replaced chromium-121-blink-libxml-const.patch
* Fri Apr 26 2024 roAATTsuse.de- Chromium 124.0.6367.78 (boo#1223845)
* CVE-2024-4058: Type Confusion in ANGLE
* CVE-2024-4059: Out of bounds read in V8 API
* CVE-2024-4060: Use after free in Dawn
* Wed Apr 17 2024 roAATTsuse.de- Chromium 124.0.6367.60 (boo#1222958)
* CVE-2024-3832: Object corruption in V8.
* CVE-2024-3833: Object corruption in WebAssembly.
* CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
* CVE-2024-3837: Use after free in QUIC.
* CVE-2024-3838: Inappropriate implementation in Autofill.
* CVE-2024-3839: Out of bounds read in Fonts.
* CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
* CVE-2024-3841: Insufficient data validation in Browser Switcher.
* CVE-2024-3843: Insufficient data validation in Downloads.
* CVE-2024-3844: Inappropriate implementation in Extensions.
* CVE-2024-3845: Inappropriate implementation in Network.
* CVE-2024-3846: Inappropriate implementation in Prompts.
* CVE-2024-3847: Insufficient policy enforcement in WebUI.- drop patches:
* chromium-123-optional2.patch
* chromium-122-avoid-SFINAE-TypeConverter.patch
* chromium-123-PA-InternalAllocator.patch- rediff patches:
* chromium-110-compiler.patch
* chromium-120-emplace.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-lp155-typename.patch- add patches: from debian/fixes
* chromium-123-stats-collector.patch- add patches: from debian/upstream
* chromium-124-angle-powf.patch
* chromium-124-atomic.patch
* chromium-124-extractor-bitset.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-uint-includes.patch
* chromium-124-webgpu-optional.patch- add patches:
* chromium-123-WebUI-static_assert.patch workaround for compile issue in webui_contents_wrapper.h
* chromium-124-system-libxml.patch (from fedora)
* Sun Apr 14 2024 Andreas Stieger - Chromium 123.0.6312.122 (boo#1222707)
* CVE-2024-3157: Out of bounds write in Compositing
* CVE-2024-3516: Heap buffer overflow in ANGLE
* CVE-2024-3515: Use after free in Dawn- Chromium 123.0.6312.105 (boo#1222260)
* CVE-2024-3156: Inappropriate implementation in V8
* CVE-2024-3158: Use after free in Bookmarks
* CVE-2024-3159: Out of bounds memory access in V8- Chromium 123.0.6312.86 (boo#1222035)
* CVE-2024-2883: Use after free in ANGLE
* CVE-2024-2885: Use after free in Dawn
* CVE-2024-2886: Use after free in WebCodecs
* CVE-2024-2887: Type Confusion in WebAssembly- Chromium 123.0.6312.58 (boo#1221732)
* CVE-2024-2625: Object lifecycle issue in V8
* CVE-2024-2626: Out of bounds read in Swiftshader
* CVE-2024-2627: Use after free in Canvas
* CVE-2024-2628: Inappropriate implementation in Downloads- drop patches:
* chromium-117-blink-BUILD-mnemonic.patch
* chromium-121-blink-libxml-const.patch
* chromium-122-BookmarkNode-missing-operator.patch
* chromium-122-WebUI-static_assert.patch
* chromium-122-PA-undo-internal-alloc.patch
* Mon Mar 18 2024 Callum Farmer - Use Python 3.11 on Leap- Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch to chromium-122-WebUI-static_assert.patch- Rename chromium-122-disable-FFmpegAllowLists.patch to chromium-disable-FFmpegAllowLists.patch- Rename chromium-122-static-assert.patch to chromium-122-BookmarkNode-missing-operator.patch- Rename chromium-122-undo-internal-alloc.patch to chromium-122-PA-undo-internal-alloc.patch- Rename chromium-122-typename.patch to chromium-122-lp155-typename.patch- Removed patches:
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-unique_ptr.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-constexpr.patch
* chromium-122-clang-build-flags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-121-el7-clang-version-warning.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-icu72-2.patch
* chromium-122-debian-upstream-mojo.patch- Patches merged into other patches:
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* chromium-122-norar.patch- Restore time clamper change to chromium-122-missing-header-files.patch- Fix missing/invalid casting in chromium-122-no_matching_constructor.patch
* Wed Mar 13 2024 Andreas Stieger - Chromium 122.0.6261.128 (boo#1221335)
* CVE-2024-2400: Use after free in Performance Manager
* Fri Mar 08 2024 roAATTsuse.de- Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
* New upstream security release.
* CVE-2024-2173: Out of bounds memory access in V8.
* CVE-2024-2174: Inappropriate implementation in V8.
* CVE-2024-2176: Use after free in FedCM.- Chromium 122.0.6261.94
* CVE-2024-1669: Out of bounds memory access in Blink.
* CVE-2024-1670: Use after free in Mojo.
* CVE-2024-1671: Inappropriate implementation in Site Isolation.
* CVE-2024-1672: Inappropriate implementation in Content Security Policy.
* CVE-2024-1673: Use after free in Accessibility.
* CVE-2024-1674: Inappropriate implementation in Navigation.
* CVE-2024-1675: Insufficient policy enforcement in Download.
* CVE-2024-1676: Inappropriate implementation in Navigation.
* Type Confusion in V8
* rediff chromium-disable-GlobalMediaControlsCastStartStop.patch
* drop chromium-114-lld-argument.patch replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* drop chromium-121-no_matching_constructor.patch replaced by chromium-122-no_matching_constructor.patch
* drop chromium-113-webview-namespace.patch (obsolete)
* reduce chromium-norar.patch by the hunks in chromium-122-norar.patch
* drop chromium-114-revert-av1enc-lp154.patch replaced by chromium-122-revert-av1enc-el9.patch
* drop chromium-115-lp155-typename.patch chromium-116-lp155-typenames.patch chromium-117-lp155-typename.patch chromium-120-lp155-typename.patch replaced by chromium-122-typename.patch
* drop chromium-121-missing-header-files.patch replaced by chromium-122-missing-header-files.patch
* drop chromium-121-workaround_clang_bug-structured_binding.patch replaced by chromium-122-workaround_clang_bug-structured_binding.patch
* drop chromium-121-no_matching_constructor.patch replaced by chromium-122-no_matching_constructor.patch
* drop chromium-121-python3-invalid-escape-sequence.patch (upstream)
* drop chromium-disable-FFmpegAllowLists.patch replaced by chromium-122-disable-FFmpegAllowLists.patch
* drop chromium-121-avoid-SFINAE-TypeConverter.patch replaced by chromium-122-avoid-SFINAE-TypeConverter.patch
* add buildrequires for rust
* add patches from fedora package for 121 and 122
* chromium-121-el7-clang-version-warning.patch
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang-build-flags.patch
* chromium-122-constexpr.patch
* chromium-122-disable-FFmpegAllowLists.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-missing-header-files.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-norar.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-revert-av1enc-el9.patch
* chromium-122-static-assert.patch
* chromium-122-typename.patch
* chromium-122-unique_ptr.patch
* chromium-122-workaround_clang_bug-structured_binding.patch
* from debian add
* chromium-122-undo-internal-alloc.patch
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-mojo.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* added compile fix needed on code15 chromium-122-skip_bubble_contents_wrapper_static_assert.patch to prevent \"static assertion expression is not an integral constant expression\" \"in call to \'operator+(&\".\"[0], ShoppingInsightsSidePanelUI::GetWebUIName())\'\" in bubble_contents_wrapper.h:153- replace Cr121-ffmpeg-new-channel-layout.patch by Cr122-ffmpeg-new-channel-layout.patch (rediff against 122)- drop chromium-121-system-old-ffmpeg.patch
* Fri Mar 08 2024 Callum Farmer - Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg changes so that FFmpeg 4 will work on Leap- Prepare for libxml 2.12
* Sat Mar 02 2024 Callum Farmer - Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661)
* CVE-2024-1284: Use after free in Mojo
* CVE-2024-1283: Heap buffer overflow in Skia
* CVE-2024-1060: Use after free in Canvas
* CVE-2024-1059: Use after free in WebRTC
* CVE-2024-1077: Use after free in Network
* CVE-2024-0807: Use after free in WebAudio
* CVE-2024-0812: Inappropriate implementation in Accessibility
* CVE-2024-0808: Integer underflow in WebUI
* CVE-2024-0810: Insufficient policy enforcement in DevTools
* CVE-2024-0814: Incorrect security UI in Payments
* CVE-2024-0813: Use after free in Reading Mode
* CVE-2024-0806: Use after free in Passwords
* CVE-2024-0805: Inappropriate implementation in Downloads
* CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* CVE-2024-0811: Inappropriate implementation in Extensions API
* CVE-2024-0809: Inappropriate implementation in Autofill- Removed patches:
* chromium-117-includes.patch
* chromium-118-includes.patch
* chromium-119-dont-redefine-ATSPI-version-macros.patch
* chromium-120-missing-header-files.patch
* chromium-120-no_matching_constructor.patch
* chromium-120-nullptr_t-without-namespace-std.patch
* chromium-120-workaround_clang_bug-structured_binding.patch
* gcc13-fix.patch
* chromium-113-webauth-include-variant.patch
* chromium-110-system-libffi.patch- Added patches:
* chromium-121-no_matching_constructor.patch
* chromium-121-nullptr_t-without-namespace-std.patch
* chromium-121-workaround_clang_bug-structured_binding.patch
* chromium-121-missing-header-files.patch
* chromium-121-rust-clang_lib.patch
* chromium-121-python3-invalid-escape-sequence.patch
* chromium-121-rust-clang_lib.patch
* chromium-121-avoid-SFINAE-TypeConverter.patch
* chromium-121-blink-libxml-const.patch- Add patch chromium-disable-FFmpegAllowLists.patch: disable codec checker this will always fail (bsc#1219070)
* Wed Jan 17 2024 Andreas Stieger - Chromium 120.0.6099.224 (boo#1218892)
* CVE-2024-0517: Out of bounds write in V8
* CVE-2024-0518: Type Confusion in V8
* CVE-2024-0519: Out of bounds memory access in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Jan 14 2024 Callum Farmer - Replace chromium-120-lp155-revert-clang-build-failure.patch with chromium-120-make_unique-struct.patch - which avoids reverting changes and instead provides a stub constructor to fix build on Leap
* Sat Jan 13 2024 Andreas Stieger - Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302, boo#1218533, boo#1218719)
* CVE-2024-0333: Insufficient data validation in Extensions
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
* CVE-2023-7024: Heap buffer overflow in WebRTC
* CVE-2023-6702: Type Confusion in V8
* CVE-2023-6703: Use after free in Blink
* CVE-2023-6704: Use after free in libavif (boo#1218303)
* CVE-2023-6705: Use after free in WebRTC
* CVE-2023-6706: Use after free in FedCM
* CVE-2023-6707: Use after free in CSS
* CVE-2023-6508: Use after free in Media Stream
* CVE-2023-6509: Use after free in Side Panel Search
* CVE-2023-6510: Use after free in Media Capture
* CVE-2023-6511: Inappropriate implementation in Autofill
* CVE-2023-6512: Inappropriate implementation in Web Browser UI- drop patches:
* chromium-system-libusb.patch
* chromium-119-nullptr_t-without-namespace-std.patch
* chromium-119-no_matching_constructor.patch
* chromium-117-workaround_clang_bug-structured_binding.patch- add patches:
* chromium-120-nullptr_t-without-namespace-std.patch
* chromium-120-emplace.patch
* chromium-120-lp155-typename.patch
* chromium-120-no_matching_constructor.patch
* chromium-120-missing-header-files.patch
* chromium-120-emplace-struct.patch
* chromium-120-workaround_clang_bug-structured_binding.patch- add patches for Leap that revert braking changes:
* chromium-120-lp155-revert-clang-build-failure.patch
* Wed Nov 29 2023 Andreas Stieger - Chromium 119.0.6045.199 (boo#1217616)
* CVE-2023-6348: Type Confusion in Spellcheck
* CVE-2023-6347: Use after free in Mojo
* CVE-2023-6346: Use after free in WebAudio
* CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
* CVE-2023-6351: Use after free in libavif (boo#1217615)
* CVE-2023-6345: Integer overflow in Skia
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Nov 15 2023 Andreas Stieger - Chromium 119.0.6045.159 (boo#1217142)
* CVE-2023-5997: Use after free in Garbage Collection
* CVE-2023-6112: Use after free in Navigation
* Various fixes from internal audits, fuzzing and other initiatives
* Fri Nov 10 2023 Andreas Stieger - Chromium 119.0.6045.123 (boo#1216978)
* CVE-2023-5996: Use after free in WebAudio- Chromium 119.0.6045.105 (boo#1216783)
* CVE-2023-5480: Inappropriate implementation in Payments
* CVE-2023-5482: Insufficient data validation in USB
* CVE-2023-5849: Integer overflow in USB
* CVE-2023-5850: Incorrect security UI in Downloads
* CVE-2023-5851: Inappropriate implementation in Downloads
* CVE-2023-5852: Use after free in Printing
* CVE-2023-5853: Incorrect security UI in Downloads
* CVE-2023-5854: Use after free in Profiles
* CVE-2023-5855: Use after free in Reading Mode
* CVE-2023-5856: Use after free in Side Panel
* CVE-2023-5857: Inappropriate implementation in Downloads
* CVE-2023-5858: Inappropriate implementation in WebApp Provider
* CVE-2023-5859: Incorrect security UI in Picture In Picture- dropped patches:
* chromium-98-gtk4-build.patch
* chromium-118-system-freetype.patch
* chromium-118-no_matching_constructor.patch- added patches:
* chromium-119-no_matching_constructor.patch
* chromium-119-dont-redefine-ATSPI-version-macros.patch
* chromium-119-nullptr_t-without-namespace-std.patch
* chromium-119-assert.patch
* Tue Oct 24 2023 Andreas Stieger - Chromium 118.0.5993.117 (boo#1216549)
* CVE-2023-5472: Use after free in Profiles
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Oct 18 2023 Andreas Stieger - Chromium 118.0.5993.88:
* unspecified security fix (boo#1216392)
* Wed Oct 11 2023 Andreas Stieger - refresh chromium-117-emplace_back_on_vector-c++20.patch and chromium-117-lp155-constructors.patch to chromium-118-no_matching_constructor.patch
* Tue Oct 10 2023 Andreas Stieger - Chromium 118.0.5993.70 (boo#1216111)
* CVE-2023-5218: Use after free in Site Isolation
* CVE-2023-5487: Inappropriate implementation in Fullscreen
* CVE-2023-5484: Inappropriate implementation in Navigation
* CVE-2023-5475: Inappropriate implementation in DevTools
* CVE-2023-5483: Inappropriate implementation in Intents
* CVE-2023-5481: Inappropriate implementation in Downloads
* CVE-2023-5476: Use after free in Blink History
* CVE-2023-5474: Heap buffer overflow in PDF
* CVE-2023-5479: Inappropriate implementation in Extensions API
* CVE-2023-5485: Inappropriate implementation in Autofill
* CVE-2023-5478: Inappropriate implementation in Autofill
* CVE-2023-5477: Inappropriate implementation in Installer
* CVE-2023-5486: Inappropriate implementation in Input
* CVE-2023-5473: Use after free in Cast- Build with system freetype (again), and zstd- add patches:
* chromium-118-system-freetype.patch
* chromium-117-system-zstd.patch
* Sat Oct 07 2023 Andreas Stieger - Chromium 118.0.5993.54- add patches:
* chromium-118-includes.patch
* Wed Oct 04 2023 Andreas Stieger - Chromium 117.0.5938.149:
* CVE-2023-5346: Type Confusion in V8 (boo#1215924)
* Wed Sep 27 2023 Andreas Stieger - Chromium 117.0.5938.132 (boo#1215776):
* CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
* CVE-2023-5186: Use after free in Passwords
* CVE-2023-5187: Use after free in Extensions
* Fri Sep 22 2023 Andreas Stieger - Chromium 117.0.5938.92:
* stability improvements
* Wed Sep 20 2023 Andreas Stieger - Add explicit build dependency on libepoxy for Tumbleweed
* Sun Sep 17 2023 Andreas Stieger - Chromium 117.0.5938.88 (boo#1215279)
* CVE-2023-4900: Inappropriate implementation in Custom Tabs
* CVE-2023-4901: Inappropriate implementation in Prompts
* CVE-2023-4902: Inappropriate implementation in Input
* CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs
* CVE-2023-4904: Insufficient policy enforcement in Downloads
* CVE-2023-4905: Inappropriate implementation in Prompts
* CVE-2023-4906: Insufficient policy enforcement in Autofill
* CVE-2023-4907: Inappropriate implementation in Intents
* CVE-2023-4908: Inappropriate implementation in Picture in Picture
* CVE-2023-4909: Inappropriate implementation in Interstitials- drop patches:
* chromium-100-InMilliseconds-constexpr.patch
* chromium-115-Qt-moc-version.patch
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-constuctors.patch
* chromium-115-workaround_clang_bug-structured_binding.patch
* chromium-115-emplace_back_on_vector-c++20.patch- add patches:
* chromium-117-blink-BUILD-mnemonic.patch
* chromium-117-includes.patch
* chromium-117-lp155-constructors.patch
* chromium-117-string-convert.patch
* chromium-117-lp155-typename.patch
* chromium-117-workaround_clang_bug-structured_binding.patch
* chromium-117-emplace_back_on_vector-c++20.patch
* Wed Sep 13 2023 Andreas Stieger - CVE-2023-4863: build with the bundled library on Leap (boo#1215231)
* Tue Sep 12 2023 Andreas Stieger - Chromium 116.0.5845.187 (boo#1215231):
* CVE-2023-4863: Heap buffer overflow in WebP
* Wed Sep 06 2023 Andreas Stieger - Chromium 116.0.5845.179 (boo#1215023):
* CVE-2023-4761: Out of bounds memory access in FedCM
* CVE-2023-4762: Type Confusion in V8
* CVE-2023-4763: Use after free in Networks
* CVE-2023-4764: Incorrect security UI in BFCache
* Wed Aug 30 2023 Andreas Stieger - Chromium 116.0.5845.140 (boo#1214758):
* CVE-2023-4572: Use after free in MediaStream
* Wed Aug 23 2023 Andreas Stieger - Chromium 116.0.5845.110 (boo#1214487):
* CVE-2023-4427: Out of bounds memory access in V8
* CVE-2023-4428: Out of bounds memory access in CSS
* CVE-2023-4429: Use after free in Loader
* CVE-2023-4430: Use after free in Vulkan
* CVE-2023-4431: Out of bounds memory access in Fonts
* Mon Aug 14 2023 Andreas Stieger - Chromium 116.0.5845.96
* New CSS features: Motion Path, and \"display\" and \"content-visibility\" animations
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/ forward cache NotRestoredReason API, Document Picture-in- Picture, Expanded Wildcards in Permissions Policy Origins, FedCM bundle: Login Hint API, User Info API, and RP Context API, Non-composed Mouse and Pointer enter/leave events, Remove document.open sandbox inheritance, Report Critical-CH caused restart in NavigationTiming- fix a number of security issues (boo#1214301):
* CVE-2023-2312: Use after free in Offline
* CVE-2023-4349: Use after free in Device Trust Connectors
* CVE-2023-4350: Inappropriate implementation in Fullscreen
* CVE-2023-4351: Use after free in Network
* CVE-2023-4352: Type Confusion in V8
* CVE-2023-4353: Heap buffer overflow in ANGLE
* CVE-2023-4354: Heap buffer overflow in Skia
* CVE-2023-4355: Out of bounds memory access in V8
* CVE-2023-4356: Use after free in Audio
* CVE-2023-4357: Insufficient validation of untrusted input in XML
* CVE-2023-4358: Use after free in DNS
* CVE-2023-4359: Inappropriate implementation in App Launcher
* CVE-2023-4360: Inappropriate implementation in Color
* CVE-2023-4361: Inappropriate implementation in Autofill
* CVE-2023-4362: Heap buffer overflow in Mojom IDL
* CVE-2023-4363: Inappropriate implementation in WebShare
* CVE-2023-4364: Inappropriate implementation in Permission Prompts
* CVE-2023-4365: Inappropriate implementation in Fullscreen
* CVE-2023-4366: Use after free in Extensions
* CVE-2023-4367: Insufficient policy enforcement in Extensions API
* CVE-2023-4368: Insufficient policy enforcement in Extensions API- drop patches:
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
* chromium-115-verify_name_match-include.patch
* chromium-86-fix-vaapi-on-intel.patch
* chromium-115-skia-include.patch
* chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch- add patches:
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-typenames.patch
* chromium-116-lp155-constuctors.patch- Build with bundled re2 on Leap
* Wed Aug 09 2023 Andreas Stieger - Fix crash with extensions (boo#1214003) chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
* Thu Aug 03 2023 Andreas Stieger - Chromium 115.0.5790.170 (boo#1213920)
* CVE-2023-4068: Type Confusion in V8
* CVE-2023-4069: Type Confusion in V8
* CVE-2023-4070: Type Confusion in V8
* CVE-2023-4071: Heap buffer overflow in Visuals
* CVE-2023-4072: Out of bounds read and write in WebGL
* CVE-2023-4073: Out of bounds memory access in ANGLE
* CVE-2023-4074: Use after free in Blink Task Scheduling
* CVE-2023-4075: Use after free in Cast
* CVE-2023-4076: Use after free in WebRTC
* CVE-2023-4077: Insufficient data validation in Extensions
* CVE-2023-4078: Inappropriate implementation in Extensions
* Fri Jul 28 2023 Andreas Stieger - Specify re2 build dependency in a way that makes Leap packages build in devel project and in Maintenance
* Sun Jul 23 2023 Andreas Stieger - Chromium 115.0.5790.102:
* stability fix- Add build fixes on Leap:
* chromium-115-emplace_back_on_vector-c++20.patch
* chromium-115-compiler-SkColor4f.patch
* chromium-115-workaround_clang_bug-structured_binding.patch
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch- adjust chromium-115-lp155-typename.patch- drop chromium-114-workaround_clang_bug-structured_binding.patch
* Wed Jul 19 2023 Andreas Stieger - Chromium 115.0.5790.98
* Security: The Storage, Service Worker, and Communication APIs are now partitioned in third-party contexts to prevent certain types of side-channel cross-site tracking
* HTTPS: Automatically and optimistically upgrade all main-frame navigations to HTTPS, with fast fallback to HTTP.
* CSS: accept multiple values of the display property
* CSS: support boolean context style container queries
* CSS: support scroll-driven animations
* Increase the maximum size of a WebAssembly.Module() on the main thread to 8 MB
* FedCM: Support credential management mediation requirements for auto re-authentication
* Deprecate the document.domain setter
* Deprecate mutation events
* Security fixes (boo#1213462): CVE-2023-3727: Use after free in WebRTC CVE-2023-3728: Use after free in WebRTC CVE-2023-3730: Use after free in Tab Groups CVE-2023-3732: Out of bounds memory access in Mojo CVE-2023-3733: Inappropriate implementation in WebApp Installs CVE-2023-3734: Inappropriate implementation in Picture In Picture CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts CVE-2023-3736: Inappropriate implementation in Custom Tabs CVE-2023-3737: Inappropriate implementation in Notifications CVE-2023-3738: Inappropriate implementation in Autofill CVE-2023-3740: Insufficient validation of untrusted input in Themes Various fixes from internal audits, fuzzing and other initiatives- drop chromium-113-typename.patch- add chromium-115-skia-include.patch- add chromium-115-verify_name_match-include.patch- add chromium-115-lp155-typename.patch- Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without built-in copy of shim
* Tue Jun 27 2023 Andreas Stieger - Chromium 114.0.5735.198 (boo#1212755):
* CVE-2023-3420: Type Confusion in V8
* CVE-2023-3421: Use after free in Media
* CVE-2023-3422: Use after free in Guest View
* Sun Jun 25 2023 Callum Farmer - Install Qt5 library & prepare for Qt6 in 115
* Wed Jun 14 2023 Andreas Stieger - Chromium 114.0.5735.133 (boo#1212302):
* CVE-2023-3214: Use after free in Autofill payments
* CVE-2023-3215: Use after free in WebRTC
* CVE-2023-3216: Type Confusion in V8
* CVE-2023-3217: Use after free in WebXR
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Jun 07 2023 Andreas Stieger - Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
* Tue Jun 06 2023 Andreas Stieger - Chromium 114.0.5735.106 (boo#1212044):
* CVE-2023-3079: Type Confusion in V8
* Sun Jun 04 2023 Callum Farmer - Chromium 114.0.5735.90 (boo#1211843):
* CSS text-wrap: balance is available
* Cookies partitioned by top level site (CHIPS)
* New Popover API- Security fixes:
* CVE-2023-2929: Out of bounds write in Swiftshader
* CVE-2023-2930: Use after free in Extensions
* CVE-2023-2931: Use after free in PDF
* CVE-2023-2932: Use after free in PDF
* CVE-2023-2933: Use after free in PDF
* CVE-2023-2934: Out of bounds memory access in Mojo
* CVE-2023-2935: Type Confusion in V8
* CVE-2023-2936: Type Confusion in V8
* CVE-2023-2937: Inappropriate implementation in Picture In Picture
* CVE-2023-2938: Inappropriate implementation in Picture In Picture
* CVE-2023-2939: Insufficient data validation in Installer
* CVE-2023-2940: Inappropriate implementation in Downloads
* CVE-2023-2941: Inappropriate implementation in Extensions API- Drop patches:
* chromium-103-VirtualCursor-std-layout.patch
* chromium-113-system-zlib.patch
* chromium-113-workaround_clang_bug-structured_binding.patch- Add patches
* chromium-114-workaround_clang_bug-structured_binding.patch
* chromium-114-lld-argument.patch
* Tue May 30 2023 Callum Farmer - Un-bundle zlib again- Remove un-needed patches:
* chromium-112-default-comparison-operators.patch
* chromium-109-clang-lp154.patch
* chromium-clang-nomerge.patch
* chromium-ffmpeg-lp152.patch
* chromium-lp151-old-drm.patch- Added patches:
* chromium-113-system-zlib.patch
* Sun May 28 2023 Andreas Stieger - build with llvm15 on Leap
* Tue May 16 2023 Andreas Stieger - Chromium 113.0.5672.126 (boo#1211442):
* CVE-2023-2721: Use after free in Navigation
* CVE-2023-2722: Use after free in Autofill UI
* CVE-2023-2723: Use after free in DevTools
* CVE-2023-2724: Type Confusion in V8
* CVE-2023-2725: Use after free in Guest View
* CVE-2023-2726: Inappropriate implementation in WebApp Installs
* Various fixes from internal audits, fuzzing and other initiatives
* Tue May 09 2023 Andreas Stieger - Chromium 113.0.5672.92 (boo#1211211)- Multiple security fixes (boo#1211036):
* CVE-2023-2459: Inappropriate implementation in Prompts
* CVE-2023-2460: Insufficient validation of untrusted input in Extensions
* CVE-2023-2461: Use after free in OS Inputs
* CVE-2023-2462: Inappropriate implementation in Prompts
* CVE-2023-2463: Inappropriate implementation in Full Screen Mode
* CVE-2023-2464: Inappropriate implementation in PictureInPicture
* CVE-2023-2465: Inappropriate implementation in CORS
* CVE-2023-2466: Inappropriate implementation in Prompts
* CVE-2023-2467: Inappropriate implementation in Prompts
* CVE-2023-2468: Inappropriate implementation in PictureInPicture- drop chromium-94-sql-no-assert.patch- drop no-location-leap151.patch- add chromium-113-webview-namespace.patch- add chromium-113-webauth-include-variant.patch- add chromium-113-typename.patch- add chromium-113-workaround_clang_bug-structured_binding.patch
* Wed Apr 19 2023 Andreas Stieger - Chromium 112.0.5615.165 (boo#1210618):
* CVE-2023-2133: Out of bounds memory access in Service Worker API
* CVE-2023-2134: Out of bounds memory access in Service Worker API
* CVE-2023-2135: Use after free in DevTools
* CVE-2023-2136: Integer overflow in Skia
* CVE-2023-2137: Heap buffer overflow in sqlite- drop chromium-112-feed_protos.patch
* Sun Apr 16 2023 Andreas Stieger - Fix Leap 15.4 build failures from default comparison operators defined outside of the class definition, a C++20 feature adding chromium-112-default-comparison-operators.patch
* Sat Apr 15 2023 Andreas Stieger - Chromium 112.0.5615.121:
* CVE-2023-2033: Type Confusion in V8 (boo#1210478)
* Fri Apr 07 2023 Andreas Stieger - Revert a breaking change with chromium-112-feed_protos.patch
* Tue Apr 04 2023 Andreas Stieger - Chromium 112.0.5615.49
* CSS now supports nesting rules.
* The algorithm to set the initial focus on elements was updated.
* No-op fetch() handlers on service workers are skipped from now on to make navigations faster
* The setter for document.domain is now deprecated.
* The recorder in devtools can now record with pierce selectors.
* Security fixes (boo#1210126):
* CVE-2023-1810: Heap buffer overflow in Visuals
* CVE-2023-1811: Use after free in Frames
* CVE-2023-1812: Out of bounds memory access in DOM Bindings
* CVE-2023-1813: Inappropriate implementation in Extensions
* CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
* CVE-2023-1815: Use after free in Networking APIs
* CVE-2023-1816: Incorrect security UI in Picture In Picture
* CVE-2023-1817: Insufficient policy enforcement in Intents
* CVE-2023-1818: Use after free in Vulkan
* CVE-2023-1819: Out of bounds read in Accessibility
* CVE-2023-1820: Heap buffer overflow in Browser History
* CVE-2023-1821: Inappropriate implementation in WebShare
* CVE-2023-1822: Incorrect security UI in Navigation
* CVE-2023-1823: Inappropriate implementation in FedCM
* Mon Mar 27 2023 Andreas Stieger - Chromium 111.0.5563.147:
* nth-child() validation performance regression for SAP apps
* Thu Mar 23 2023 Guillaume GARDET - Update gcc13-fix.patch with few fixes required for aarch64, borrowed from Fedora\'s gcc13 patch
* Wed Mar 22 2023 Andreas Stieger - Chromium 111.0.5563.110 (boo#1209598)
* CVE-2023-1528: Use after free in Passwords
* CVE-2023-1529: Out of bounds memory access in WebHID
* CVE-2023-1530: Use after free in PDF
* CVE-2023-1531: Use after free in ANGLE
* CVE-2023-1532: Out of bounds read in GPU Video
* CVE-2023-1533: Use after free in WebProtect
* CVE-2023-1534: Out of bounds read in ANGLE
* Mon Mar 20 2023 Martin Liška - Add gcc13-fix.patch in order to support GCC 13.
* Thu Mar 09 2023 Callum Farmer - Revert back to GCC 11 on 15.4 as Clang 13 doesn\'t support GCC 12
* Thu Mar 09 2023 Callum Farmer - Bump Leap\'s GCC to 12 as Chromium really likes newer standards
* Thu Mar 09 2023 Andreas Stieger - Chromium 111.0.5563.64
* New View Transitions API
* CSS Color Level 4
* New developer tools in style panel for color functionality
* CSS added trigonometric functions, additional root font units and extended the n-th child pseudo selector.
* previousslide and nextslide actions are now part of the Media Session API
* A number of security fixes (boo#1209040)
* CVE-2023-1213: Use after free in Swiftshader
* CVE-2023-1214: Type Confusion in V8
* CVE-2023-1215: Type Confusion in CSS
* CVE-2023-1216: Use after free in DevTools
* CVE-2023-1217: Stack buffer overflow in Crash reporting
* CVE-2023-1218: Use after free in WebRTC
* CVE-2023-1219: Heap buffer overflow in Metrics
* CVE-2023-1220: Heap buffer overflow in UMA
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
* CVE-2023-1222: Heap buffer overflow in Web Audio API
* CVE-2023-1223: Insufficient policy enforcement in Autofill
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
* CVE-2023-1225: Insufficient policy enforcement in Navigation
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
* CVE-2023-1227: Use after free in Core
* CVE-2023-1228: Insufficient policy enforcement in Intents
* CVE-2023-1229: Inappropriate implementation in Permission prompts
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
* CVE-2023-1231: Inappropriate implementation in Autofill
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* CVE-2023-1234: Inappropriate implementation in Intents
* CVE-2023-1235: Type Confusion in DevTools
* CVE-2023-1236: Inappropriate implementation in Internals- drop patches:
* chromium-86-ImageMemoryBarrierData-init.patch
* chromium-93-InkDropHost-crash.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* chromium-icu72-1.patch
* Thu Feb 23 2023 Andreas Stieger - Chromium 110.0.5481.177 (boo#1208589)
* CVE-2023-0927: Use after free in Web Payments API
* CVE-2023-0928: Use after free in SwiftShader
* CVE-2023-0929: Use after free in Vulkan
* CVE-2023-0930: Heap buffer overflow in Video
* CVE-2023-0931: Use after free in Video
* CVE-2023-0932: Use after free in WebRTC
* CVE-2023-0933: Integer overflow in PDF
* CVE-2023-0941: Use after free in Prompts
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 16 2023 Andreas Stieger - Chromium 110.0.5481.100
* fix regression on SAP Business Objects web UI
* fix date formatting behavior change from ICU 72
* Wed Feb 08 2023 Andreas Stieger - Chromium 110.0.5481.77 (boo#1208029):
* CVE-2023-0696: Type Confusion in V8
* CVE-2023-0697: Inappropriate implementation in Full screen mode
* CVE-2023-0698: Out of bounds read in WebRTC
* CVE-2023-0699: Use after free in GPU
* CVE-2023-0700: Inappropriate implementation in Download
* CVE-2023-0701: Heap buffer overflow in WebUI
* CVE-2023-0702: Type Confusion in Data Transfer
* CVE-2023-0703: Type Confusion in DevTools
* CVE-2023-0704: Insufficient policy enforcement in DevTools
* CVE-2023-0705: Integer overflow in Core
* Various fixes from internal audits, fuzzing and other initiatives- build with bundled libavif- dropped patches:
* chromium-109-compiler.patch
* chromium-icu72-3.patch- added patches:
* chromium-110-compiler.patch
* chromium-110-system-libffi.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* Wed Jan 25 2023 Andreas Stieger - Chromium 109.0.5414.119 (boo#1207512):
* CVE-2023-0471: Use after free in WebTransport
* CVE-2023-0472: Use after free in WebRTC
* CVE-2023-0473: Type Confusion in ServiceWorker API
* CVE-2023-0474: Use after free in GuestView
* Various fixes from internal audits, fuzzing and other initiatives
* Tue Jan 17 2023 Callum Farmer - Added patches:
* chromium-icu72-1.patch: ensure TextCodecCJK doesn\'t conflict with system icu (bsc#1207147)
* chromium-icu72-2.patch: align default characters for old icu with that of ICU 72
* chromium-icu72-3.patch: make V8 aware of space in ICU 72 time format
* Tue Jan 10 2023 Andreas Stieger - Chromium 109.0.5414.74:
* Add support for MathML Core
* CSS: Auto range support for font descriptors inside AATTfont-face rule
* CSS: Add lh length unit
* CSS: Add hyphenate-limit-chars property
* CSS: Snap border, outline and column-rule widths before layout
* API: Improved screen sharing and web conferencing: hints for suppressing local audio playback, and Conditional Focus
* API: HTTP response status code in the Resource Timing API
* API: Same-site cross-origin prerendering triggered by the speculation rules API
* Remove Event.path API
* CVE-2023-0128: Use after free in Overview Mode
* CVE-2023-0129: Heap buffer overflow in Network Service
* CVE-2023-0130: Inappropriate implementation in Fullscreen API
* CVE-2023-0131: Inappropriate implementation in iframe Sandbox
* CVE-2023-0132: Inappropriate implementation in Permission prompts
* CVE-2023-0133: Inappropriate implementation in Permission prompts
* CVE-2023-0134: Use after free in Cart
* CVE-2023-0135: Use after free in Cart
* CVE-2023-0136: Inappropriate implementation in Fullscreen API
* CVE-2023-0137: Heap buffer overflow in Platform Apps
* CVE-2023-0138: Heap buffer overflow in libphonenumber
* CVE-2023-0139: Insufficient validation of untrusted input in Downloads
* CVE-2023-0140: Inappropriate implementation in File System API
* CVE-2023-0141: Insufficient policy enforcement in CORS
* Various fixes from internal audits, fuzzing and other initiatives- drop patches:
* chromium-gcc11.patch - not needed
* chromium-107-system-zlib.patch - upstream
* chromium-108-compiler.patch- add patches:
* chromium-109-compiler.patch
* chromium-109-clang-lp154.patch
* Sun Dec 18 2022 Callum Farmer - Add chromium-disable-GlobalMediaControlsCastStartStop.patch: disable GlobalMediaControlsCastStartStop to fix crashes occurring when interacting with the Media UI (bsc#1198124)
* Wed Dec 14 2022 Andreas Stieger - Chromium 108.0.5359.124 (boo#1206403):
* CVE-2022-4436: Use after free in Blink Media
* CVE-2022-4437: Use after free in Mojo IPC
* CVE-2022-4438: Use after free in Blink Frames
* CVE-2022-4439: Use after free in Aura
* CVE-2022-4440: Use after free in Profiles
* Wed Dec 07 2022 Andreas Stieger - Chromium 108.0.5359.98
* Fix regression in computing
 
ICM