| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: chromium | Distribution: openSUSE Tumbleweed |
| Version: 130.0.6723.69 | Vendor: openSUSE |
| Release: 154.1 | Build date: Mon Oct 28 12:13:15 2024 |
| Group: Unspecified | Build host: reproducible |
| Size: 704140154 | Source RPM: chromium-130.0.6723.69-154.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.chromium.org/ | |
| Summary: Google's open source browser project | |
Chromium is the open-source project behind Google Chrome. We invite you to join us in our effort to help build a safer, faster, and more stable way for all Internet users to experience the web, and to create a powerful platform for developing a new generation of web applications.
BSD-3-Clause AND LGPL-2.1-or-later
* Mon Oct 28 2024 ro@suse.de
- change BR for rust to require version 1.81
(1.82 uses a newer llvm)
* Sat Oct 26 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 130.0.6723.69 (boo#1232060)
* CVE-2024-10229: Inappropriate implementation in Extensions
* CVE-2024-10230: Type Confusion in V8
* CVE-2024-10231: Type Confusion in V8
* Sat Oct 12 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 130.0.6723.58 (boo#1231694)
* CVE-2024-9954: Use after free in AI
* CVE-2024-9955: Use after free in Web Authentication
* CVE-2024-9956: Inappropriate implementation in Web Authentication
* CVE-2024-9957: Use after free in UI
* CVE-2024-9958: Inappropriate implementation in PictureInPicture
* CVE-2024-9959: Use after free in DevTools
* CVE-2024-9960: Use after free in Dawn
* CVE-2024-9961: Use after free in Parcel Tracking
* CVE-2024-9962: Inappropriate implementation in Permissions
* CVE-2024-9963: Insufficient data validation in Downloads
* CVE-2024-9964: Inappropriate implementation in Payments
* CVE-2024-9965: Insufficient data validation in DevTools
* CVE-2024-9966: Inappropriate implementation in Navigations
- modified patches:
* exclude_ymp.patch update context
* chromium-125-compiler.patch update context
* chromium-125-lp155-typename.patch drop hunks for rewritten
proto_fetcher.h
* chromium-127-bindgen.patch update context
- added patches:
* chromium-130-missing-includes.patch include optional, stack
* chromium-130-no-hardware_destructive_interference_size.patch
workaround for older libcpp
- drop from keeplibs:
courgette/third_party dropped upstream
- add to keepllibs:
third_party/fast_float needed by v8/src/numbers/conversion.cc
* Sat Oct 12 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 129.0.6668.100 (boo#1231420)
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V8
* Wed Oct 02 2024 ro@suse.de
- Chromium 129.0.6668.89 (stable released 2024-09-24)
(boo#1231232)
* CVE-2024-7025: Integer overflow in Layout
* CVE-2024-9369: Insufficient data validation in Mojo
* CVE-2024-9370: Inappropriate implementation in V8
* Wed Sep 25 2024 ro@suse.de
- Chromium 129.0.6668.70 (stable released 2024-09-24)
(boo#1230964)
* CVE-2024-9120: Use after free in Dawn
* CVE-2024-9121: Inappropriate implementation in V8
* CVE-2024-9122: Type Confusion in V8
* CVE-2024-9123: Integer overflow in Skia
* Thu Sep 19 2024 ro@suse.de
- bump BR for nodejs to minimal 20.0
- dropped patches:
* chromium-disable-GlobalMediaControlsCastStartStop.patch
it was applied at the wrong place and the crash is gone
* Wed Sep 18 2024 ro@suse.de
- Chromium 129.0.6668.58 (stable released 2024-09-17)
(boo#1230678)
* CVE-2024-8904: Type Confusion in V8
* CVE-2024-8905: Inappropriate implementation in V8
* CVE-2024-8906: Incorrect security UI in Downloads
* CVE-2024-8907: Insufficient data validation in Omnibox
* CVE-2024-8908: Inappropriate implementation in Autofill
* CVE-2024-8909: Inappropriate implementation in UI
- modified patches:
* chromium-prop-codecs.patch update context
- add to keeplibs:
third_party/rapidhash
- drop from keeplibs:
third_party/libudev dropped upstream
third_party/catapult/third_party/html5lib-python dropped upstream
- add patches:
chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch
(not in our ffmpeg yet)
* Wed Sep 11 2024 ro@suse.de
- Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391)
* CVE-2024-8636: Heap buffer overflow in Skia
* CVE-2024-8637: Use after free in Media Router
* CVE-2024-8638: Type Confusion in V8
* CVE-2024-8639: Use after free in Autofill
* Tue Sep 03 2024 ro@suse.de
- Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108)
* CVE-2024-8362: Use after free in WebAudio
* CVE-2024-7970: Out of bounds write in V8
* Thu Aug 29 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 128.0.6613.113 (boo#1229897)
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-8193: Heap buffer overflow in Skia
* CVE-2024-8194: Type Confusion in V8
* CVE-2024-8198: Heap buffer overflow in Skia
* Wed Aug 21 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 128.0.6613.84 (boo#1229591)
* CVE-2024-7964: Use after free in Passwords
* CVE-2024-7965: Inappropriate implementation in V8
* CVE-2024-7966: Out of bounds memory access in Skia
* CVE-2024-7967: Heap buffer overflow in Fonts
* CVE-2024-7968: Use after free in Autofill
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-7971: Type confusion in V8
* CVE-2024-7972: Inappropriate implementation in V8
* CVE-2024-7973: Heap buffer overflow in PDFium
* CVE-2024-7974: Insufficient data validation in V8 API
* CVE-2024-7975: Inappropriate implementation in Permissions
* CVE-2024-7976: Inappropriate implementation in FedCM
* CVE-2024-7977: Insufficient data validation in Installer
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
* CVE-2024-7979: Insufficient data validation in Installer
* CVE-2024-7980: Insufficient data validation in Installer
* CVE-2024-7981: Inappropriate implementation in Views
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
* CVE-2024-8035: Inappropriate implementation in Extensions
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Aug 18 2024 ro@suse.de
- Chromium 128.0.6613.36 (boo#1229426)
- modified patches:
* chromium-norar.patch drop most hunks,
upstream has a config for this now
* gcc-enable-lto.patch update context
* chromium-125-compiler.patch update context
* chromium-127-constexpr.patch update context
- drop patches: (should be obsolete with llvm>17 and libc++)
chromium-120-emplace.patch
chromium-125-emplace-struct.patch
- drop patches: (upstream)
* chromium-121-nullptr_t-without-namespace-std.patch
* chromium-123-stats-collector.patch
* chromium-127-paint-layer-header.patch
* chromium-127-ninja-1.21.1-deps-part0.patch
* chromium-127-ninja-1.21.1-deps-part1.patch
* chromium-127-ninja-1.21.1-deps-part2.patch
* chromium-127-ninja-1.21.1-deps-part3.patch
- disable rpmlint only for factory/tw where it is broken because
of the large archive size of the source here
- keeplibs add
third_party/devtools-frontend/src/front_end/third_party/
puppeteer/package/lib/esm/third_party/parsel-js
third_party/tflite/src/third_party/xla/xla/tsl/framework
- buildflags add
safe_browsing_use_unrar=false
* Thu Aug 15 2024 ro@suse.de
- Chromium 127.0.6533.119 (boo#1228941)
* CVE-2024-7532: Out of bounds memory access in ANGLE
* CVE-2024-7533: Use after free in Sharing
* CVE-2024-7550: Type Confusion in V8
* CVE-2024-7534: Heap buffer overflow in Layout
* CVE-2024-7535: Inappropriate implementation in V8
* CVE-2024-7536: Use after free in WebAudio
* Thu Aug 01 2024 ro@suse.de
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-7005: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-6990: Uninitialized Use in Dawn
* CVE-2024-7255: Out of bounds read in WebTransport
* CVE-2024-7256: Insufficient data validation in Dawn
- drop patches:
* chromium-115-compiler-SkColor4f.patch only for llvm < 16
* chromium-117-system-zstd.patch upstreamed
* chromium-122-workaround_clang_bug-structured_binding.patch
* chromium-125-tabstrip-include.patch upstreamed
* chromium-126-missing-header-files.patch
* chromium-126-RealTimeReportingBindings-missing-decl.patch
upstreamed
* chromium-126-no_matching_constructor.patch
* chromium-126-no-format.patch upstreamed
- switch from libstdc++ to libc++
- drop patches obsolete when using libc++
* chromium-126-debian-bad-font-gc00000.patch
* chromium-126-debian-bad-font-gc2.patch
* chromium-126-debian-bad-font-gc1.patch
* chromium-126-debian-bad-font-gc00.patch
* chromium-126-debian-bad-font-gc000.patch
* chromium-126-debian-bad-font-gc11.patch
* chromium-126-debian-bad-font-gc0.patch
* chromium-126-debian-bad-font-gc0000.patch
* chromium-126-debian-bad-font-gc3.patch
- modify patches:
* chromium-125-lp155-typename.patch
- drop hunk in model_execution_util.h
- drop hunk in model_quality_log_entry.h
- dropping from keeplibs: (does not exist)
base/third_party/valgrind
third_party/maldoca
third_party/maldoca/src/third_party
- requires updated gn to build (newer than Feb 14 2024)
- add patches:
* chromium-127-bindgen.patch (from debian/patches/fixes))
* chromium-127-rust-clanglib.patch (just first hunk from fedora)
* chromium-127-clang17-traitors.patch
workaround for clang < 18 from debiana (only used on 15.6)
* chromium-127-constexpr.patch (from debian/patches/bookworm)
* chromium-127-paint-layer-header.patch (from debian/patches/upstream)
* chromium-127-ninja-1.21.1-deps-part0.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part1.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part2.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part3.patch (from fedora)
- buildrequire rust-bindgen to get proper binaries per arch
- use qt5 for factory as well, qt6 fails with:
ld.lld: error: undefined symbol: QByteArray::toStdString() const
referenced by qt_shim.cc
obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const)
- drop patches:
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc1.patch
* Wed Jul 17 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 126.0.6478.182 (boo#1227979)
* CVE-2024-6772: Inappropriate implementation in V8
* CVE-2024-6773: Type Confusion in V8
* CVE-2024-6774: Use after free in Screen Capture
* CVE-2024-6775: Use after free in Media Stream
* CVE-2024-6776: Use after free in Audio
* CVE-2024-6777: Use after free in Navigation
* CVE-2024-6778: Race in DevTools
* CVE-2024-6779: Out of bounds memory access in V8
* Tue Jul 09 2024 Callum Farmer <gmbr3@opensuse.org>
- Finalize 126
- Removed patches:
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch
- Added patches:
* chromium-126-RealTimeReportingBindings-missing-decl.patch
* chromium-126-no-format.patch
* Mon Jul 01 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
* CVE-2024-6290: Use after free in Dawn
* CVE-2024-6291: Use after free in Swiftshader
* CVE-2024-6292: Use after free in Dawn
* CVE-2024-6293: Use after free in Dawn
* CVE-2024-6100: Type Confusion in V8
* CVE-2024-6101: Inappropriate implementation in WebAssembly
* CVE-2024-6102: Out of bounds memory access in Dawn
* CVE-2024-6103: Use after free in Dawn
* CVE-2024-5830: Type Confusion in V8
* CVE-2024-5831: Use after free in Dawn
* CVE-2024-5832: Use after free in Dawn
* CVE-2024-5833: Type Confusion in V8
* CVE-2024-5834: Inappropriate implementation in Dawn
* CVE-2024-5835: Heap buffer overflow in Tab Groups
* CVE-2024-5836: Inappropriate Implementation in DevTools
* CVE-2024-5837: Type Confusion in V8
* CVE-2024-5838: Type Confusion in V8
* CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* CVE-2024-5840: Policy Bypass in CORS
* CVE-2024-5841: Use after free in V8
* CVE-2024-5842: Use after free in Browser UI
* CVE-2024-5843: Inappropriate implementation in Downloads
* CVE-2024-5844: Heap buffer overflow in Tab Strip
* CVE-2024-5845: Use after free in Audio
* CVE-2024-5846: Use after free in PDFium
* CVE-2024-5847: Use after free in PDFium
- drop patches:
* chromium-disable-parallel-gold.patch
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-ninja.patch
* chromium-125-no_matching_constructor.patch
* chromium-125-missing-header-files.patch
- add patches:
* chromium-126-missing-header-files.patch
* chromium-126-quiche-interator.patch
* chromium-126-no_matching_constructor.patch
* Wed Jun 12 2024 Callum Farmer <gmbr3@opensuse.org>
- Amend fix_building_widevinecdm_with_chromium.patch to allow
Widevine on ARM64 (bsc#1226170)
* Fri May 31 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.141 (boo#1225690)
* CVE-2024-5493: Heap buffer overflow in WebRTC
* CVE-2024-5494: Use after free in Dawn
* CVE-2024-5495: Use after free in Dawn
* CVE-2024-5496: Use after free in Media Session
* CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
* CVE-2024-5498: Use after free in Presentation API
* CVE-2024-5499: Out of bounds write in Streams API
* Fri May 24 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.112
* CVE-2024-5274: Type Confusion in V8 (boo#1225199)
* Tue May 21 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.76 (boo#1224818)
* CVE-2024-5157: Use after free in Scheduling
* CVE-2024-5158: Type Confusion in V8
* CVE-2024-5159: Heap buffer overflow in ANGLE
* CVE-2024-5160: Heap buffer overflow in Dawn
* Various fixes from internal audits, fuzzing and other initiatives
* Thu May 16 2024 ro@suse.de
- Chromium 125.0.6422.60 (boo#1224341)
* CVE-2024-4947: Type Confusion in V8
* CVE-2024-4948: Use after free in Dawn
* CVE-2024-4949: Use after free in V8
* CVE-2024-4950: Inappropriate implementation in Downloads
- Chromium 125.0.6422.41
* New upstream (early) stable release.
- drop upstreamed patches:
* chromium-124-uint-includes.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-extractor-bitset.patch
* chromium-124-atomic.patch
* chromium-124-webgpu-optional.patch
* chromium-124-angle-powf.patch
- add debian upstream patches added for 125:
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-tabstrip-include.patch
* chromium-125-ninja.patch
- add debian fixes patches to fix font gc crashes:
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc1.patch
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch
- add from fedora (reverse applied for older ffmpeg):
* chromium-125-ffmpeg-5.x-reordered_opaque.patch
- re-diff and rename:
* from chromium-110-compiler.patch
to chromium-125-compiler.patch
* from chromium-120-emplace-struct.patch
to chromium-125-emplace-struct.patch
* from chromium-disable-FFmpegAllowLists.patch
to chromium-125-disable-FFmpegAllowLists.patch
* from chromium-122-missing-header-files.patch
to chromium-125-missing-header-files.patch
* from chromium-122-no_matching_constructor.patch
to chromium-125-no_matching_constructor.patch
* from chromium-122-lp155-typename.patch
to chromium-125-lp155-typename.patch
- third_party/zstd
added to keeplibs for
third_party/blink/renderer/platform:platform
- third_party/tflite/src/third_party/xla/xla/tsl/util
added to keeplibs for
third_party/tflite/tflite
- third_party/lens_server_proto
added to keeplibs for
gen/third_party/lens_server_proto
* Tue May 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.207 (boo#1224294)
* CVE-2024-4761: Out of bounds write in V8
* Fri May 10 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.201 (boo#1224208)
* CVE-2024-4671: Use after free in Visuals
- Chromium 124.0.6367.155 (boo#1224045)
* CVE-2024-4558: Use after free in ANGLE
* CVE-2024-4559: Heap buffer overflow in WebAudio
* Fri May 03 2024 ro@suse.de
- drop patches:
* chromium-123-WebUI-static_assert.patch
* Thu May 02 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.118 (boo#1223846)
* CVE-2024-4331: Use after free in Picture In Picture
* CVE-2024-4368: Use after free in Dawn
* Wed May 01 2024 Callum Farmer <gmbr3@opensuse.org>
- Add patches:
* chromium-123-missing-QtGui.patch
- Restore libxml 2.12 check for chromium-124-system-libxml.patch
which replaced chromium-121-blink-libxml-const.patch
* Fri Apr 26 2024 ro@suse.de
- Chromium 124.0.6367.78 (boo#1223845)
* CVE-2024-4058: Type Confusion in ANGLE
* CVE-2024-4059: Out of bounds read in V8 API
* CVE-2024-4060: Use after free in Dawn
* Wed Apr 17 2024 ro@suse.de
- Chromium 124.0.6367.60 (boo#1222958)
* CVE-2024-3832: Object corruption in V8.
* CVE-2024-3833: Object corruption in WebAssembly.
* CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
* CVE-2024-3837: Use after free in QUIC.
* CVE-2024-3838: Inappropriate implementation in Autofill.
* CVE-2024-3839: Out of bounds read in Fonts.
* CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
* CVE-2024-3841: Insufficient data validation in Browser Switcher.
* CVE-2024-3843: Insufficient data validation in Downloads.
* CVE-2024-3844: Inappropriate implementation in Extensions.
* CVE-2024-3845: Inappropriate implementation in Network.
* CVE-2024-3846: Inappropriate implementation in Prompts.
* CVE-2024-3847: Insufficient policy enforcement in WebUI.
- drop patches:
* chromium-123-optional2.patch
* chromium-122-avoid-SFINAE-TypeConverter.patch
* chromium-123-PA-InternalAllocator.patch
- rediff patches:
* chromium-110-compiler.patch
* chromium-120-emplace.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-lp155-typename.patch
- add patches: from debian/fixes
* chromium-123-stats-collector.patch
- add patches: from debian/upstream
* chromium-124-angle-powf.patch
* chromium-124-atomic.patch
* chromium-124-extractor-bitset.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-uint-includes.patch
* chromium-124-webgpu-optional.patch
- add patches:
* chromium-123-WebUI-static_assert.patch
workaround for compile issue in webui_contents_wrapper.h
* chromium-124-system-libxml.patch (from fedora)
* Sun Apr 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 123.0.6312.122 (boo#1222707)
* CVE-2024-3157: Out of bounds write in Compositing
* CVE-2024-3516: Heap buffer overflow in ANGLE
* CVE-2024-3515: Use after free in Dawn
- Chromium 123.0.6312.105 (boo#1222260)
* CVE-2024-3156: Inappropriate implementation in V8
* CVE-2024-3158: Use after free in Bookmarks
* CVE-2024-3159: Out of bounds memory access in V8
- Chromium 123.0.6312.86 (boo#1222035)
* CVE-2024-2883: Use after free in ANGLE
* CVE-2024-2885: Use after free in Dawn
* CVE-2024-2886: Use after free in WebCodecs
* CVE-2024-2887: Type Confusion in WebAssembly
- Chromium 123.0.6312.58 (boo#1221732)
* CVE-2024-2625: Object lifecycle issue in V8
* CVE-2024-2626: Out of bounds read in Swiftshader
* CVE-2024-2627: Use after free in Canvas
* CVE-2024-2628: Inappropriate implementation in Downloads
- drop patches:
* chromium-117-blink-BUILD-mnemonic.patch
* chromium-121-blink-libxml-const.patch
* chromium-122-BookmarkNode-missing-operator.patch
* chromium-122-WebUI-static_assert.patch
* chromium-122-PA-undo-internal-alloc.patch
* Mon Mar 18 2024 Callum Farmer <gmbr3@opensuse.org>
- Use Python 3.11 on Leap
- Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch
to chromium-122-WebUI-static_assert.patch
- Rename chromium-122-disable-FFmpegAllowLists.patch to
chromium-disable-FFmpegAllowLists.patch
- Rename chromium-122-static-assert.patch to
chromium-122-BookmarkNode-missing-operator.patch
- Rename chromium-122-undo-internal-alloc.patch to
chromium-122-PA-undo-internal-alloc.patch
- Rename chromium-122-typename.patch to
chromium-122-lp155-typename.patch
- Removed patches:
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-unique_ptr.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-constexpr.patch
* chromium-122-clang-build-flags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-121-el7-clang-version-warning.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-icu72-2.patch
* chromium-122-debian-upstream-mojo.patch
- Patches merged into other patches:
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* chromium-122-norar.patch
- Restore time clamper change to
chromium-122-missing-header-files.patch
- Fix missing/invalid casting in
chromium-122-no_matching_constructor.patch
* Wed Mar 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 122.0.6261.128 (boo#1221335)
* CVE-2024-2400: Use after free in Performance Manager
* Fri Mar 08 2024 ro@suse.de
- Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
* New upstream security release.
* CVE-2024-2173: Out of bounds memory access in V8.
* CVE-2024-2174: Inappropriate implementation in V8.
* CVE-2024-2176: Use after free in FedCM.
- Chromium 122.0.6261.94
* CVE-2024-1669: Out of bounds memory access in Blink.
* CVE-2024-1670: Use after free in Mojo.
* CVE-2024-1671: Inappropriate implementation in Site Isolation.
* CVE-2024-1672: Inappropriate implementation in Content Security Policy.
* CVE-2024-1673: Use after free in Accessibility.
* CVE-2024-1674: Inappropriate implementation in Navigation.
* CVE-2024-1675: Insufficient policy enforcement in Download.
* CVE-2024-1676: Inappropriate implementation in Navigation.
* Type Confusion in V8
* rediff chromium-disable-GlobalMediaControlsCastStartStop.patch
* drop chromium-114-lld-argument.patch
replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* drop chromium-121-no_matching_constructor.patch
replaced by chromium-122-no_matching_constructor.patch
* drop chromium-113-webview-namespace.patch (obsolete)
* reduce chromium-norar.patch
by the hunks in chromium-122-norar.patch
* drop chromium-114-revert-av1enc-lp154.patch
replaced by chromium-122-revert-av1enc-el9.patch
* drop chromium-115-lp155-typename.patch
chromium-116-lp155-typenames.patch
chromium-117-lp155-typename.patch
chromium-120-lp155-typename.patch
replaced by chromium-122-typename.patch
* drop chromium-121-missing-header-files.patch
replaced by chromium-122-missing-header-files.patch
* drop chromium-121-workaround_clang_bug-structured_binding.patch
replaced by chromium-122-workaround_clang_bug-structured_binding.patch
* drop chromium-121-no_matching_constructor.patch
replaced by chromium-122-no_matching_constructor.patch
* drop chromium-121-python3-invalid-escape-sequence.patch (upstream)
* drop chromium-disable-FFmpegAllowLists.patch
replaced by chromium-122-disable-FFmpegAllowLists.patch
* drop chromium-121-avoid-SFINAE-TypeConverter.patch
replaced by chromium-122-avoid-SFINAE-TypeConverter.patch
* add buildrequires for rust
* add patches from fedora package for 121 and 122
* chromium-121-el7-clang-version-warning.patch
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang-build-flags.patch
* chromium-122-constexpr.patch
* chromium-122-disable-FFmpegAllowLists.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-missing-header-files.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-norar.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-revert-av1enc-el9.patch
* chromium-122-static-assert.patch
* chromium-122-typename.patch
* chromium-122-unique_ptr.patch
* chromium-122-workaround_clang_bug-structured_binding.patch
* from debian add
* chromium-122-undo-internal-alloc.patch
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-mojo.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* added compile fix needed on code15
chromium-122-skip_bubble_contents_wrapper_static_assert.patch
to prevent "static assertion expression is not an integral constant expression"
"in call to 'operator+(&"."[0], ShoppingInsightsSidePanelUI::GetWebUIName())'"
in bubble_contents_wrapper.h:153
- replace Cr121-ffmpeg-new-channel-layout.patch by
Cr122-ffmpeg-new-channel-layout.patch (rediff against 122)
- drop chromium-121-system-old-ffmpeg.patch
* Fri Mar 08 2024 Callum Farmer <gmbr3@opensuse.org>
- Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg
changes so that FFmpeg 4 will work on Leap
- Prepare for libxml 2.12
* Sat Mar 02 2024 Callum Farmer <gmbr3@opensuse.org>
- Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661)
* CVE-2024-1284: Use after free in Mojo
* CVE-2024-1283: Heap buffer overflow in Skia
* CVE-2024-1060: Use after free in Canvas
* CVE-2024-1059: Use after free in WebRTC
* CVE-2024-1077: Use after free in Network
* CVE-2024-0807: Use after free in WebAudio
* CVE-2024-0812: Inappropriate implementation in Accessibility
* CVE-2024-0808: Integer underflow in WebUI
* CVE-2024-0810: Insufficient policy enforcement in DevTools
* CVE-2024-0814: Incorrect security UI in Payments
* CVE-2024-0813: Use after free in Reading Mode
* CVE-2024-0806: Use after free in Passwords
* CVE-2024-0805: Inappropriate implementation in Downloads
* CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* CVE-2024-0811: Inappropriate implementation in Extensions API
* CVE-2024-0809: Inappropriate implementation in Autofill
- Removed patches:
* chromium-117-includes.patch
* chromium-118-includes.patch
* chromium-119-dont-redefine-ATSPI-version-macros.patch
* chromium-120-missing-header-files.patch
* chromium-120-no_matching_constructor.patch
* chromium-120-nullptr_t-without-namespace-std.patch
* chromium-120-workaround_clang_bug-structured_binding.patch
* gcc13-fix.patch
* chromium-113-webauth-include-variant.patch
* chromium-110-system-libffi.patch
- Added patches:
* chromium-121-no_matching_constructor.patch
* chromium-121-nullptr_t-without-namespace-std.patch
* chromium-121-workaround_clang_bug-structured_binding.patch
* chromium-121-missing-header-files.patch
* chromium-121-rust-clang_lib.patch
* chromium-121-python3-invalid-escape-sequence.patch
* chromium-121-rust-clang_lib.patch
* chromium-121-avoid-SFINAE-TypeConverter.patch
* chromium-121-blink-libxml-const.patch
- Add patch chromium-disable-FFmpegAllowLists.patch:
disable codec checker this will always fail (bsc#1219070)
* Wed Jan 17 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 120.0.6099.224 (boo#1218892)
* CVE-2024-0517: Out of bounds write in V8
* CVE-2024-0518: Type Confusion in V8
* CVE-2024-0519: Out of bounds memory access in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Jan 14 2024 Callum Farmer <gmbr3@opensuse.org>
- Replace chromium-120-lp155-revert-clang-build-failure.patch
with chromium-120-make_unique-struct.patch - which avoids
reverting changes and instead provides a stub constructor to fix
build on Leap
* Sat Jan 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302,
boo#1218533, boo#1218719)
* CVE-2024-0333: Insufficient data validation in Extensions
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
* CVE-2023-7024: Heap buffer overflow in WebRTC
* CVE-2023-6702: Type Confusion in V8
* CVE-2023-6703: Use after free in Blink
* CVE-2023-6704: Use after free in libavif (boo#1218303)
* CVE-2023-6705: Use after free in WebRTC
* CVE-2023-6706: Use after free in FedCM
* CVE-2023-6707: Use after free in CSS
* CVE-2023-6508: Use after free in Media Stream
* CVE-2023-6509: Use after free in Side Panel Search
* CVE-2023-6510: Use after free in Media Capture
* CVE-2023-6511: Inappropriate implementation in Autofill
* CVE-2023-6512: Inappropriate implementation in Web Browser UI
- drop patches:
* chromium-system-libusb.patch
* chromium-119-nullptr_t-without-namespace-std.patch
* chromium-119-no_matching_constructor.patch
* chromium-117-workaround_clang_bug-structured_binding.patch
- add patches:
* chromium-120-nullptr_t-without-namespace-std.patch
* chromium-120-emplace.patch
* chromium-120-lp155-typename.patch
* chromium-120-no_matching_constructor.patch
* chromium-120-missing-header-files.patch
* chromium-120-emplace-struct.patch
* chromium-120-workaround_clang_bug-structured_binding.patch
- add patches for Leap that revert braking changes:
* chromium-120-lp155-revert-clang-build-failure.patch
* Wed Nov 29 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.199 (boo#1217616)
* CVE-2023-6348: Type Confusion in Spellcheck
* CVE-2023-6347: Use after free in Mojo
* CVE-2023-6346: Use after free in WebAudio
* CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
* CVE-2023-6351: Use after free in libavif (boo#1217615)
* CVE-2023-6345: Integer overflow in Skia
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Nov 15 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.159 (boo#1217142)
* CVE-2023-5997: Use after free in Garbage Collection
* CVE-2023-6112: Use after free in Navigation
* Various fixes from internal audits, fuzzing and other initiatives
* Fri Nov 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.123 (boo#1216978)
* CVE-2023-5996: Use after free in WebAudio
- Chromium 119.0.6045.105 (boo#1216783)
* CVE-2023-5480: Inappropriate implementation in Payments
* CVE-2023-5482: Insufficient data validation in USB
* CVE-2023-5849: Integer overflow in USB
* CVE-2023-5850: Incorrect security UI in Downloads
* CVE-2023-5851: Inappropriate implementation in Downloads
* CVE-2023-5852: Use after free in Printing
* CVE-2023-5853: Incorrect security UI in Downloads
* CVE-2023-5854: Use after free in Profiles
* CVE-2023-5855: Use after free in Reading Mode
* CVE-2023-5856: Use after free in Side Panel
* CVE-2023-5857: Inappropriate implementation in Downloads
* CVE-2023-5858: Inappropriate implementation in WebApp Provider
* CVE-2023-5859: Incorrect security UI in Picture In Picture
- dropped patches:
* chromium-98-gtk4-build.patch
* chromium-118-system-freetype.patch
* chromium-118-no_matching_constructor.patch
- added patches:
* chromium-119-no_matching_constructor.patch
* chromium-119-dont-redefine-ATSPI-version-macros.patch
* chromium-119-nullptr_t-without-namespace-std.patch
* chromium-119-assert.patch
* Tue Oct 24 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.117 (boo#1216549)
* CVE-2023-5472: Use after free in Profiles
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Oct 18 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.88:
* unspecified security fix (boo#1216392)
* Wed Oct 11 2023 Andreas Stieger <andreas.stieger@gmx.de>
- refresh chromium-117-emplace_back_on_vector-c++20.patch and
chromium-117-lp155-constructors.patch to
chromium-118-no_matching_constructor.patch
* Tue Oct 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.70 (boo#1216111)
* CVE-2023-5218: Use after free in Site Isolation
* CVE-2023-5487: Inappropriate implementation in Fullscreen
* CVE-2023-5484: Inappropriate implementation in Navigation
* CVE-2023-5475: Inappropriate implementation in DevTools
* CVE-2023-5483: Inappropriate implementation in Intents
* CVE-2023-5481: Inappropriate implementation in Downloads
* CVE-2023-5476: Use after free in Blink History
* CVE-2023-5474: Heap buffer overflow in PDF
* CVE-2023-5479: Inappropriate implementation in Extensions API
* CVE-2023-5485: Inappropriate implementation in Autofill
* CVE-2023-5478: Inappropriate implementation in Autofill
* CVE-2023-5477: Inappropriate implementation in Installer
* CVE-2023-5486: Inappropriate implementation in Input
* CVE-2023-5473: Use after free in Cast
- Build with system freetype (again), and zstd
- add patches:
* chromium-118-system-freetype.patch
* chromium-117-system-zstd.patch
* Sat Oct 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.54
- add patches:
* chromium-118-includes.patch
* Wed Oct 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.149:
* CVE-2023-5346: Type Confusion in V8 (boo#1215924)
* Wed Sep 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.132 (boo#1215776):
* CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
* CVE-2023-5186: Use after free in Passwords
* CVE-2023-5187: Use after free in Extensions
* Fri Sep 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.92:
* stability improvements
* Wed Sep 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Add explicit build dependency on libepoxy for Tumbleweed
* Sun Sep 17 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.88 (boo#1215279)
* CVE-2023-4900: Inappropriate implementation in Custom Tabs
* CVE-2023-4901: Inappropriate implementation in Prompts
* CVE-2023-4902: Inappropriate implementation in Input
* CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs
* CVE-2023-4904: Insufficient policy enforcement in Downloads
* CVE-2023-4905: Inappropriate implementation in Prompts
* CVE-2023-4906: Insufficient policy enforcement in Autofill
* CVE-2023-4907: Inappropriate implementation in Intents
* CVE-2023-4908: Inappropriate implementation in Picture in Picture
* CVE-2023-4909: Inappropriate implementation in Interstitials
- drop patches:
* chromium-100-InMilliseconds-constexpr.patch
* chromium-115-Qt-moc-version.patch
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-constuctors.patch
* chromium-115-workaround_clang_bug-structured_binding.patch
* chromium-115-emplace_back_on_vector-c++20.patch
- add patches:
* chromium-117-blink-BUILD-mnemonic.patch
* chromium-117-includes.patch
* chromium-117-lp155-constructors.patch
* chromium-117-string-convert.patch
* chromium-117-lp155-typename.patch
* chromium-117-workaround_clang_bug-structured_binding.patch
* chromium-117-emplace_back_on_vector-c++20.patch
* Wed Sep 13 2023 Andreas Stieger <andreas.stieger@gmx.de>
- CVE-2023-4863: build with the bundled library on Leap (boo#1215231)
* Tue Sep 12 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.187 (boo#1215231):
* CVE-2023-4863: Heap buffer overflow in WebP
* Wed Sep 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.179 (boo#1215023):
* CVE-2023-4761: Out of bounds memory access in FedCM
* CVE-2023-4762: Type Confusion in V8
* CVE-2023-4763: Use after free in Networks
* CVE-2023-4764: Incorrect security UI in BFCache
* Wed Aug 30 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.140 (boo#1214758):
* CVE-2023-4572: Use after free in MediaStream
* Wed Aug 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.110 (boo#1214487):
* CVE-2023-4427: Out of bounds memory access in V8
* CVE-2023-4428: Out of bounds memory access in CSS
* CVE-2023-4429: Use after free in Loader
* CVE-2023-4430: Use after free in Vulkan
* CVE-2023-4431: Out of bounds memory access in Fonts
* Mon Aug 14 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.96
* New CSS features: Motion Path, and "display" and
"content-visibility" animations
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
forward cache NotRestoredReason API, Document Picture-in-
Picture, Expanded Wildcards in Permissions Policy Origins,
FedCM bundle: Login Hint API, User Info API, and RP Context API,
Non-composed Mouse and Pointer enter/leave events,
Remove document.open sandbox inheritance,
Report Critical-CH caused restart in NavigationTiming
- fix a number of security issues (boo#1214301):
* CVE-2023-2312: Use after free in Offline
* CVE-2023-4349: Use after free in Device Trust Connectors
* CVE-2023-4350: Inappropriate implementation in Fullscreen
* CVE-2023-4351: Use after free in Network
* CVE-2023-4352: Type Confusion in V8
* CVE-2023-4353: Heap buffer overflow in ANGLE
* CVE-2023-4354: Heap buffer overflow in Skia
* CVE-2023-4355: Out of bounds memory access in V8
* CVE-2023-4356: Use after free in Audio
* CVE-2023-4357: Insufficient validation of untrusted input in XML
* CVE-2023-4358: Use after free in DNS
* CVE-2023-4359: Inappropriate implementation in App Launcher
* CVE-2023-4360: Inappropriate implementation in Color
* CVE-2023-4361: Inappropriate implementation in Autofill
* CVE-2023-4362: Heap buffer overflow in Mojom IDL
* CVE-2023-4363: Inappropriate implementation in WebShare
* CVE-2023-4364: Inappropriate implementation in Permission Prompts
* CVE-2023-4365: Inappropriate implementation in Fullscreen
* CVE-2023-4366: Use after free in Extensions
* CVE-2023-4367: Insufficient policy enforcement in Extensions API
* CVE-2023-4368: Insufficient policy enforcement in Extensions API
- drop patches:
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
* chromium-115-verify_name_match-include.patch
* chromium-86-fix-vaapi-on-intel.patch
* chromium-115-skia-include.patch
* chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
- add patches:
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-typenames.patch
* chromium-116-lp155-constuctors.patch
- Build with bundled re2 on Leap
* Wed Aug 09 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix crash with extensions (boo#1214003)
chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
* Thu Aug 03 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.170 (boo#1213920)
* CVE-2023-4068: Type Confusion in V8
* CVE-2023-4069: Type Confusion in V8
* CVE-2023-4070: Type Confusion in V8
* CVE-2023-4071: Heap buffer overflow in Visuals
* CVE-2023-4072: Out of bounds read and write in WebGL
* CVE-2023-4073: Out of bounds memory access in ANGLE
* CVE-2023-4074: Use after free in Blink Task Scheduling
* CVE-2023-4075: Use after free in Cast
* CVE-2023-4076: Use after free in WebRTC
* CVE-2023-4077: Insufficient data validation in Extensions
* CVE-2023-4078: Inappropriate implementation in Extensions
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Specify re2 build dependency in a way that makes Leap packages
build in devel project and in Maintenance
* Sun Jul 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.102:
* stability fix
- Add build fixes on Leap:
* chromium-115-emplace_back_on_vector-c++20.patch
* chromium-115-compiler-SkColor4f.patch
* chromium-115-workaround_clang_bug-structured_binding.patch
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
- adjust chromium-115-lp155-typename.patch
- drop chromium-114-workaround_clang_bug-structured_binding.patch
* Wed Jul 19 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.98
* Security: The Storage, Service Worker, and Communication APIs
are now partitioned in third-party contexts to prevent certain
types of side-channel cross-site tracking
* HTTPS: Automatically and optimistically upgrade all main-frame
navigations to HTTPS, with fast fallback to HTTP.
* CSS: accept multiple values of the display property
* CSS: support boolean context style container queries
* CSS: support scroll-driven animations
* Increase the maximum size of a WebAssembly.Module() on the main
thread to 8 MB
* FedCM: Support credential management mediation requirements for
auto re-authentication
* Deprecate the document.domain setter
* Deprecate mutation events
* Security fixes (boo#1213462):
CVE-2023-3727: Use after free in WebRTC
CVE-2023-3728: Use after free in WebRTC
CVE-2023-3730: Use after free in Tab Groups
CVE-2023-3732: Out of bounds memory access in Mojo
CVE-2023-3733: Inappropriate implementation in WebApp Installs
CVE-2023-3734: Inappropriate implementation in Picture In Picture
CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
CVE-2023-3736: Inappropriate implementation in Custom Tabs
CVE-2023-3737: Inappropriate implementation in Notifications
CVE-2023-3738: Inappropriate implementation in Autofill
CVE-2023-3740: Insufficient validation of untrusted input in Themes
Various fixes from internal audits, fuzzing and other initiatives
- drop chromium-113-typename.patch
- add chromium-115-skia-include.patch
- add chromium-115-verify_name_match-include.patch
- add chromium-115-lp155-typename.patch
- Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without
built-in copy of shim
* Tue Jun 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.198 (boo#1212755):
* CVE-2023-3420: Type Confusion in V8
* CVE-2023-3421: Use after free in Media
* CVE-2023-3422: Use after free in Guest View
* Sun Jun 25 2023 Callum Farmer <gmbr3@opensuse.org>
- Install Qt5 library & prepare for Qt6 in 115
* Wed Jun 14 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.133 (boo#1212302):
* CVE-2023-3214: Use after free in Autofill payments
* CVE-2023-3215: Use after free in WebRTC
* CVE-2023-3216: Type Confusion in V8
* CVE-2023-3217: Use after free in WebXR
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Jun 07 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
* Tue Jun 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.106 (boo#1212044):
* CVE-2023-3079: Type Confusion in V8
* Sun Jun 04 2023 Callum Farmer <gmbr3@opensuse.org>
- Chromium 114.0.5735.90 (boo#1211843):
* CSS text-wrap: balance is available
* Cookies partitioned by top level site (CHIPS)
* New Popover API
- Security fixes:
* CVE-2023-2929: Out of bounds write in Swiftshader
* CVE-2023-2930: Use after free in Extensions
* CVE-2023-2931: Use after free in PDF
* CVE-2023-2932: Use after free in PDF
* CVE-2023-2933: Use after free in PDF
* CVE-2023-2934: Out of bounds memory access in Mojo
* CVE-2023-2935: Type Confusion in V8
* CVE-2023-2936: Type Confusion in V8
* CVE-2023-2937: Inappropriate implementation in Picture In Picture
* CVE-2023-2938: Inappropriate implementation in Picture In Picture
* CVE-2023-2939: Insufficient data validation in Installer
* CVE-2023-2940: Inappropriate implementation in Downloads
* CVE-2023-2941: Inappropriate implementation in Extensions API
- Drop patches:
* chromium-103-VirtualCursor-std-layout.patch
* chromium-113-system-zlib.patch
* chromium-113-workaround_clang_bug-structured_binding.patch
- Add patches
* chromium-114-workaround_clang_bug-structured_binding.patch
* chromium-114-lld-argument.patch
* Tue May 30 2023 Callum Farmer <gmbr3@opensuse.org>
- Un-bundle zlib again
- Remove un-needed patches:
* chromium-112-default-comparison-operators.patch
* chromium-109-clang-lp154.patch
* chromium-clang-nomerge.patch
* chromium-ffmpeg-lp152.patch
* chromium-lp151-old-drm.patch
- Added patches:
* chromium-113-system-zlib.patch
* Sun May 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- build with llvm15 on Leap
* Tue May 16 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 113.0.5672.126 (boo#1211442):
* CVE-2023-2721: Use after free in Navigation
* CVE-2023-2722: Use after free in Autofill UI
* CVE-2023-2723: Use after free in DevTools
* CVE-2023-2724: Type Confusion in V8
* CVE-2023-2725: Use after free in Guest View
* CVE-2023-2726: Inappropriate implementation in WebApp Installs
* Various fixes from internal audits, fuzzing and other initiatives
* Tue May 09 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 113.0.5672.92 (boo#1211211)
- Multiple security fixes (boo#1211036):
* CVE-2023-2459: Inappropriate implementation in Prompts
* CVE-2023-2460: Insufficient validation of untrusted input in Extensions
* CVE-2023-2461: Use after free in OS Inputs
* CVE-2023-2462: Inappropriate implementation in Prompts
* CVE-2023-2463: Inappropriate implementation in Full Screen Mode
* CVE-2023-2464: Inappropriate implementation in PictureInPicture
* CVE-2023-2465: Inappropriate implementation in CORS
* CVE-2023-2466: Inappropriate implementation in Prompts
* CVE-2023-2467: Inappropriate implementation in Prompts
* CVE-2023-2468: Inappropriate implementation in PictureInPicture
- drop chromium-94-sql-no-assert.patch
- drop no-location-leap151.patch
- add chromium-113-webview-namespace.patch
- add chromium-113-webauth-include-variant.patch
- add chromium-113-typename.patch
- add chromium-113-workaround_clang_bug-structured_binding.patch
* Wed Apr 19 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 112.0.5615.165 (boo#1210618):
* CVE-2023-2133: Out of bounds memory access in Service Worker API
* CVE-2023-2134: Out of bounds memory access in Service Worker API
* CVE-2023-2135: Use after free in DevTools
* CVE-2023-2136: Integer overflow in Skia
* CVE-2023-2137: Heap buffer overflow in sqlite
- drop chromium-112-feed_protos.patch
* Sun Apr 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix Leap 15.4 build failures from default comparison operators
defined outside of the class definition, a C++20 feature
adding chromium-112-default-comparison-operators.patch
* Sat Apr 15 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 112.0.5615.121:
* CVE-2023-2033: Type Confusion in V8 (boo#1210478)
* Fri Apr 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Revert a breaking change with chromium-112-feed_protos.patch
* Tue Apr 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 112.0.5615.49
* CSS now supports nesting rules.
* The algorithm to set the initial focus on <dialog> elements was updated.
* No-op fetch() handlers on service workers are skipped from now on to make navigations faster
* The setter for document.domain is now deprecated.
* The recorder in devtools can now record with pierce selectors.
* Security fixes (boo#1210126):
* CVE-2023-1810: Heap buffer overflow in Visuals
* CVE-2023-1811: Use after free in Frames
* CVE-2023-1812: Out of bounds memory access in DOM Bindings
* CVE-2023-1813: Inappropriate implementation in Extensions
* CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
* CVE-2023-1815: Use after free in Networking APIs
* CVE-2023-1816: Incorrect security UI in Picture In Picture
* CVE-2023-1817: Insufficient policy enforcement in Intents
* CVE-2023-1818: Use after free in Vulkan
* CVE-2023-1819: Out of bounds read in Accessibility
* CVE-2023-1820: Heap buffer overflow in Browser History
* CVE-2023-1821: Inappropriate implementation in WebShare
* CVE-2023-1822: Incorrect security UI in Navigation
* CVE-2023-1823: Inappropriate implementation in FedCM
* Mon Mar 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.147:
* nth-child() validation performance regression for SAP apps
* Thu Mar 23 2023 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update gcc13-fix.patch with few fixes required for aarch64,
borrowed from Fedora's gcc13 patch
* Wed Mar 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.110 (boo#1209598)
* CVE-2023-1528: Use after free in Passwords
* CVE-2023-1529: Out of bounds memory access in WebHID
* CVE-2023-1530: Use after free in PDF
* CVE-2023-1531: Use after free in ANGLE
* CVE-2023-1532: Out of bounds read in GPU Video
* CVE-2023-1533: Use after free in WebProtect
* CVE-2023-1534: Out of bounds read in ANGLE
* Mon Mar 20 2023 Martin Liška <mliska@suse.cz>
- Add gcc13-fix.patch in order to support GCC 13.
* Fri Mar 10 2023 Callum Farmer <gmbr3@opensuse.org>
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
* Thu Mar 09 2023 Callum Farmer <gmbr3@opensuse.org>
- Bump Leap's GCC to 12 as Chromium really likes newer standards
* Thu Mar 09 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.64
* New View Transitions API
* CSS Color Level 4
* New developer tools in style panel for color functionality
* CSS added trigonometric functions, additional root font units
and extended the n-th child pseudo selector.
* previousslide and nextslide actions are now part of the Media
Session API
* A number of security fixes (boo#1209040)
* CVE-2023-1213: Use after free in Swiftshader
* CVE-2023-1214: Type Confusion in V8
* CVE-2023-1215: Type Confusion in CSS
* CVE-2023-1216: Use after free in DevTools
* CVE-2023-1217: Stack buffer overflow in Crash reporting
* CVE-2023-1218: Use after free in WebRTC
* CVE-2023-1219: Heap buffer overflow in Metrics
* CVE-2023-1220: Heap buffer overflow in UMA
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
* CVE-2023-1222: Heap buffer overflow in Web Audio API
* CVE-2023-1223: Insufficient policy enforcement in Autofill
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
* CVE-2023-1225: Insufficient policy enforcement in Navigation
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
* CVE-2023-1227: Use after free in Core
* CVE-2023-1228: Insufficient policy enforcement in Intents
* CVE-2023-1229: Inappropriate implementation in Permission prompts
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
* CVE-2023-1231: Inappropriate implementation in Autofill
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* CVE-2023-1234: Inappropriate implementation in Intents
* CVE-2023-1235: Type Confusion in DevTools
* CVE-2023-1236: Inappropriate implementation in Internals
- drop patches:
* chromium-86-ImageMemoryBarrierData-init.patch
* chromium-93-InkDropHost-crash.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* chromium-icu72-1.patch
* Thu Feb 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.177 (boo#1208589)
* CVE-2023-0927: Use after free in Web Payments API
* CVE-2023-0928: Use after free in SwiftShader
* CVE-2023-0929: Use after free in Vulkan
* CVE-2023-0930: Heap buffer overflow in Video
* CVE-2023-0931: Use after free in Video
* CVE-2023-0932: Use after free in WebRTC
* CVE-2023-0933: Integer overflow in PDF
* CVE-2023-0941: Use after free in Prompts
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.100
* fix regression on SAP Business Objects web UI
* fix date formatting behavior change from ICU 72
* Wed Feb 08 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.77 (boo#1208029):
* CVE-2023-0696: Type Confusion in V8
* CVE-2023-0697: Inappropriate implementation in Full screen mode
* CVE-2023-0698: Out of bounds read in WebRTC
* CVE-2023-0699: Use after free in GPU
* CVE-2023-0700: Inappropriate implementation in Download
* CVE-2023-0701: Heap buffer overflow in WebUI
* CVE-2023-0702: Type Confusion in Data Transfer
* CVE-2023-0703: Type Confusion in DevTools
* CVE-2023-0704: Insufficient policy enforcement in DevTools
* CVE-2023-0705: Integer overflow in Core
* Various fixes from internal audits, fuzzing and other initiatives
- build with bundled libavif
- dropped patches:
* chromium-109-compiler.patch
* chromium-icu72-3.patch
- added patches:
* chromium-110-compiler.patch
* chromium-110-system-libffi.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* Wed Jan 25 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 109.0.5414.119 (boo#1207512):
* CVE-2023-0471: Use after free in WebTransport
* CVE-2023-0472: Use after free in WebRTC
* CVE-2023-0473: Type Confusion in ServiceWorker API
* CVE-2023-0474: Use after free in GuestView
* Various fixes from internal audits, fuzzing and other
initiatives
* Tue Jan 17 2023 Callum Farmer <gmbr3@opensuse.org>
- Added patches:
* chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict
with system icu (bsc#1207147)
* chromium-icu72-2.patch: align default characters for old icu
with that of ICU 72
* chromium-icu72-3.patch: make V8 aware of space in ICU 72 time
format
* Tue Jan 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 109.0.5414.74:
* Add support for MathML Core
* CSS: Auto range support for font descriptors inside @font-face
rule
* CSS: Add lh length unit
* CSS: Add hyphenate-limit-chars property
* CSS: Snap border, outline and column-rule widths before layout
* API: Improved screen sharing and web conferencing: hints for
suppressing local audio playback, and Conditional Focus
* API: HTTP response status code in the Resource Timing API
* API: Same-site cross-origin prerendering triggered by the
speculation rules API
* Remove Event.path API
* CVE-2023-0128: Use after free in Overview Mode
* CVE-2023-0129: Heap buffer overflow in Network Service
* CVE-2023-0130: Inappropriate implementation in Fullscreen API
* CVE-2023-0131: Inappropriate implementation in iframe Sandbox
* CVE-2023-0132: Inappropriate implementation in Permission prompts
* CVE-2023-0133: Inappropriate implementation in Permission prompts
* CVE-2023-0134: Use after free in Cart
* CVE-2023-0135: Use after free in Cart
* CVE-2023-0136: Inappropriate implementation in Fullscreen API
* CVE-2023-0137: Heap buffer overflow in Platform Apps
* CVE-2023-0138: Heap buffer overflow in libphonenumber
* CVE-2023-0139: Insufficient validation of untrusted input in Downloads
* CVE-2023-0140: Inappropriate implementation in File System API
* CVE-2023-0141: Insufficient policy enforcement in CORS
* Various fixes from internal audits, fuzzing and other initiatives
- drop patches:
* chromium-gcc11.patch - not needed
* chromium-107-system-zlib.patch - upstream
* chromium-108-compiler.patch
- add patches:
* chromium-109-compiler.patch
* chromium-109-clang-lp154.patch
* Sun Dec 18 2022 Callum Farmer <gmbr3@opensuse.org>
- Add chromium-disable-GlobalMediaControlsCastStartStop.patch:
disable GlobalMediaControlsCastStartStop to fix crashes
occurring when interacting with the Media UI (bsc#1198124)
* Wed Dec 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.124 (boo#1206403):
* CVE-2022-4436: Use after free in Blink Media
* CVE-2022-4437: Use after free in Mojo IPC
* CVE-2022-4438: Use after free in Blink Frames
* CVE-2022-4439: Use after free in Aura
* CVE-2022-4440: Use after free in Profiles
* Wed Dec 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.98
* Fix regression in computing <select> visibility
* Sat Dec 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.94:
* CVE-2022-4262: Type Confusion in V8 (boo#1205999)
* Wed Nov 30 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.71 (boo#1205871):
* CVE-2022-4174: Type Confusion in V8
* CVE-2022-4175: Use after free in Camera Capture
* CVE-2022-4176: Out of bounds write in Lacros Graphics
* CVE-2022-4177: Use after free in Extensions
* CVE-2022-4178: Use after free in Mojo
* CVE-2022-4179: Use after free in Audio
* CVE-2022-4180: Use after free in Mojo
* CVE-2022-4181: Use after free in Forms
* CVE-2022-4182: Inappropriate implementation in Fenced Frames
* CVE-2022-4183: Insufficient policy enforcement in Popup Blocker
* CVE-2022-4184: Insufficient policy enforcement in Autofill
* CVE-2022-4185: Inappropriate implementation in Navigation
* CVE-2022-4186: Insufficient validation of untrusted input in Downloads
* CVE-2022-4187: Insufficient policy enforcement in DevTools
* CVE-2022-4188: Insufficient validation of untrusted input in CORS
* CVE-2022-4189: Insufficient policy enforcement in DevTools
* CVE-2022-4190: Insufficient data validation in Directory
* CVE-2022-4191: Use after free in Sign-In
* CVE-2022-4192: Use after free in Live Caption
* CVE-2022-4193: Insufficient policy enforcement in File System API
* CVE-2022-4194: Use after free in Accessibility
* CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
- drop chromium-105-wayland-1.20.patch, upstream
- drop chromium-107-compiler.patch
- add chromium-108-compiler.patch
- drop chromium-98-EnumTable-crash.patch
* Thu Nov 24 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.121 (boo#1205736)
* CVE-2022-4135: Heap buffer overflow in GPU
* Thu Nov 17 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Build with llvm15 on openSUSE:Backports:SLE-15-SP5 and up
* Wed Nov 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.110 (boo#1205221)
* CVE-2022-3885: Use after free in V8
* CVE-2022-3886: Use after free in Speech Recognition
* CVE-2022-3887: Use after free in Web Workers
* CVE-2022-3888: Use after free in WebCodecs
* CVE-2022-3889: Type Confusion in V8
* CVE-2022-3890: Heap buffer overflow in Crashpad
* Fri Oct 28 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.87 (boo#1204819)
* CVE-2022-3723: Type Confusion in V8
* Thu Oct 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 107.0.5304.68 (boo#1204732)
* CVE-2022-3652: Type Confusion in V8
* CVE-2022-3653: Heap buffer overflow in Vulkan
* CVE-2022-3654: Use after free in Layout
* CVE-2022-3655: Heap buffer overflow in Media Galleries
* CVE-2022-3656: Insufficient data validation in File System
* CVE-2022-3657: Use after free in Extensions
* CVE-2022-3658: Use after free in Feedback service on Chrome OS
* CVE-2022-3659: Use after free in Accessibility
* CVE-2022-3660: Inappropriate implementation in Full screen mode
* CVE-2022-3661: Insufficient data validation in Extensions
- Added patches:
* chromium-107-compiler.patch
* chromium-107-system-zlib.patch
- Removed patches:
* chromium-105-compiler.patch
* chromium-105-Bitmap-include.patch
* chromium-106-AutofillPopupControllerImpl-namespace.patch
- Unbundle libyuv and libavif on TW
- Prepare 15.5
- Use qt on 15.4+ (15.3 too old)
* Wed Oct 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.119 (boo#1204223)
* CVE-2022-3445: Use after free in Skia
* CVE-2022-3446: Heap buffer overflow in WebSQL
* CVE-2022-3447: Inappropriate implementation in Custom Tabs
* CVE-2022-3448: Use after free in Permissions API
* CVE-2022-3449: Use after free in Safe Browsing
* CVE-2022-3450: Use after free in Peer Connection
* Thu Oct 06 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.103:
* fix possible cache manager deadlock
* Fix right-click menu appearing unexpectedly affecting screen
readers
* Sat Oct 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.91 (boo#1203808):
* CVE-2022-3370: Use after free in Custom Elements
* CVE-2022-3373: Out of bounds write in V8
- includes changes from 106.0.5249.61:
* CVE-2022-3304: Use after free in CSS
* CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
* CVE-2022-3305: Use after free in Survey
* CVE-2022-3306: Use after free in Survey
* CVE-2022-3307: Use after free in Media
* CVE-2022-3308: Insufficient policy enforcement in Developer Tools
* CVE-2022-3309: Use after free in Assistant
* CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
* CVE-2022-3311: Use after free in Import
* CVE-2022-3312: Insufficient validation of untrusted input in VPN
* CVE-2022-3313: Incorrect security UI in Full Screen
* CVE-2022-3314: Use after free in Logging
* CVE-2022-3315: Type confusion in Blink
* CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
* CVE-2022-3317: Insufficient validation of untrusted input in Intents
* CVE-2022-3318: Use after free in ChromeOS Notifications
- drop patches:
* chromium-104-tflite-system-zlib.patch
* chromium-105-AdjustMaskLayerGeometry-ceilf.patch
* chromium-105-Trap-raw_ptr.patch
* chromium-105-browser_finder-include.patch
* chromium-105-raw_ptr-noexcept.patch
- add patches
* chromium-106-ffmpeg-duration.patch
* chromium-106-AutofillPopupControllerImpl-namespace.patch
* Wed Sep 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 105.0.5195.127 (boo#1203419):
* CVE-2022-3195: Out of bounds write in Storage
* CVE-2022-3196: Use after free in PDF
* CVE-2022-3197: Use after free in PDF
* CVE-2022-3198: Use after free in PDF
* CVE-2022-3199: Use after free in Frames
* CVE-2022-3200: Heap buffer overflow in Internals
* CVE-2022-3201: Insufficient validation of untrusted input in DevTools
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Sep 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 105.0.5195.102 (boo#1203102):
* CVE-2022-3075: Insufficient data validation in Mojo
- Chromium 105.0.5195.52 (boo#1202964):
* CVE-2022-3038: Use after free in Network Service
* CVE-2022-3039: Use after free in WebSQL
* CVE-2022-3040: Use after free in Layout
* CVE-2022-3041: Use after free in WebSQL
* CVE-2022-3042: Use after free in PhoneHub
* CVE-2022-3043: Heap buffer overflow in Screen Capture
* CVE-2022-3044: Inappropriate implementation in Site Isolation
* CVE-2022-3045: Insufficient validation of untrusted input in V8
* CVE-2022-3046: Use after free in Browser Tag
* CVE-2022-3071: Use after free in Tab Strip
* CVE-2022-3047: Insufficient policy enforcement in Extensions API
* CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
* CVE-2022-3049: Use after free in SplitScreen
* CVE-2022-3050: Heap buffer overflow in WebUI
* CVE-2022-3051: Heap buffer overflow in Exosphere
* CVE-2022-3052: Heap buffer overflow in Window Manager
* CVE-2022-3053: Inappropriate implementation in Pointer Lock
* CVE-2022-3054: Insufficient policy enforcement in DevTools
* CVE-2022-3055: Use after free in Passwords
* CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
* CVE-2022-3057: Inappropriate implementation in iframe Sandbox
* CVE-2022-3058: Use after free in Sign-In Flow
- Added patches:
* chromium-105-AdjustMaskLayerGeometry-ceilf.patch
* chromium-105-Bitmap-include.patch
* chromium-105-browser_finder-include.patch
* chromium-105-raw_ptr-noexcept.patch
* chromium-105-Trap-raw_ptr.patch
* chromium-105-wayland-1.20.patch
* chromium-105-compiler.patch
- Removed patches:
* chromium-104-compiler.patch
* chromium-104-ContentRendererClient-type.patch
* chromium-78-protobuf-RepeatedPtrField-export.patch
* Thu Sep 01 2022 Paolo Stivanin <info@paolostivanin.com>
- Update chromium-symbolic.svg: this fixes bsc#1202403.
* Mon Aug 22 2022 Andreas Schwab <schwab@suse.de>
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
* Thu Aug 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 104.0.5112.101 (boo#1202509):
* CVE-2022-2852: Use after free in FedCM
* CVE-2022-2854: Use after free in SwiftShader
* CVE-2022-2855: Use after free in ANGLE
* CVE-2022-2857: Use after free in Blink
* CVE-2022-2858: Use after free in Sign-In Flow
* CVE-2022-2853: Heap buffer overflow in Downloads
* CVE-2022-2856: Insufficient validation of untrusted input in Intents
* CVE-2022-2859: Use after free in Chrome OS Shell
* CVE-2022-2860: Insufficient policy enforcement in Cookies
* CVE-2022-2861: Inappropriate implementation in Extensions API
* Tue Aug 16 2022 Callum Farmer <gmbr3@opensuse.org>
- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)
* Tue Aug 09 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 104.0.5112.79 (boo#1202075)
* CVE-2022-2603: Use after free in Omnibox
* CVE-2022-2604: Use after free in Safe Browsing
* CVE-2022-2605: Out of bounds read in Dawn
* CVE-2022-2606: Use after free in Managed devices API
* CVE-2022-2607: Use after free in Tab Strip
* CVE-2022-2608: Use after free in Overview Mode
* CVE-2022-2609: Use after free in Nearby Share
* CVE-2022-2610: Insufficient policy enforcement in Background Fetch
* CVE-2022-2611: Inappropriate implementation in Fullscreen API
* CVE-2022-2612: Side-channel information leakage in Keyboard input
* CVE-2022-2613: Use after free in Input
* CVE-2022-2614: Use after free in Sign-In Flow
* CVE-2022-2615: Insufficient policy enforcement in Cookies
* CVE-2022-2616: Inappropriate implementation in Extensions API
* CVE-2022-2617: Use after free in Extensions API
* CVE-2022-2618: Insufficient validation of untrusted input in Internals
* CVE-2022-2619: Insufficient validation of untrusted input in Settings
* CVE-2022-2620: Use after free in WebUI
* CVE-2022-2621: Use after free in Extensions
* CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
* CVE-2022-2623: Use after free in Offline
* CVE-2022-2624: Heap buffer overflow in PDF
- Added patches:
* chromium-104-compiler.patch
* chromium-104-ContentRendererClient-type.patch
* chromium-104-tflite-system-zlib.patch
- Removed patches:
* chromium-103-SubstringSetMatcher-packed.patch
* chromium-103-FrameLoadRequest-type.patch
* chromium-103-compiler.patch
- Use FFmpeg 5.1 on TW
* Sat Jul 23 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch back to Clang so that we can use BTI on aarch64
* Gold is too old - doesn't understand BTI
* LD crashes on aarch64
- Re-enable LTO
- Prepare move to FFmpeg 5 for new channel layout
(requires 5.1+)
* Wed Jul 20 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.134 (boo#1201679):
* CVE-2022-2477 : Use after free in Guest View
* CVE-2022-2478 : Use after free in PDF
* CVE-2022-2479 : Insufficient validation of untrusted input in File
* CVE-2022-2480 : Use after free in Service Worker API
* CVE-2022-2481: Use after free in Views
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* Various fixes from internal audits, fuzzing and other initiatives
* Sat Jul 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.114 (boo#1201216)
* CVE-2022-2294: Heap buffer overflow in WebRTC
* CVE-2022-2295: Type Confusion in V8
* CVE-2022-2296: Use after free in Chrome OS Shell
* Thu Jul 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.66
* no upstream release notes
* Sat Jun 25 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 103.0.5060.53 (boo#1200783)
* CVE-2022-2156: Use after free in Base
* CVE-2022-2157: Use after free in Interest groups
* CVE-2022-2158: Type Confusion in V8
* CVE-2022-2160: Insufficient policy enforcement in DevTools
* CVE-2022-2161: Use after free in WebApp Provider
* CVE-2022-2162: Insufficient policy enforcement in File System API
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* CVE-2022-2164: Inappropriate implementation in Extensions API
* CVE-2022-2165: Insufficient data validation in URL formatting
- Added patches:
* chromium-103-FrameLoadRequest-type.patch
* chromium-103-SubstringSetMatcher-packed.patch
* chromium-103-VirtualCursor-std-layout.patch
* chromium-103-compiler.patch
- Removed patches:
* chromium-102-compiler.patch
* chromium-91-sql-standard-layout-type.patch
* chromium-101-libxml-unbundle.patch
* chromium-102-fenced_frame_utils-include.patch
* chromium-102-swiftshader-template-instantiation.patch
* chromium-102-symbolize-include.patch
* chromium-97-arm-tflite-cast.patch
* chromium-97-ScrollView-reference.patch
* Fri Jun 10 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 102.0.5005.115 (boo#1200423)
* CVE-2022-2007: Use after free in WebGPU
* CVE-2022-2008: Out of bounds memory access in WebGL
* CVE-2022-2010: Out of bounds read in compositing
* CVE-2022-2011: Use after free in ANGLE
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)
* Wed Jun 01 2022 Callum Farmer <gmbr3@opensuse.org>
- Disable ARM control flow integrity, it causes build issues
at the moment
- Try a different SVG (black logo on GNOME)
- Removed patches:
* chromium-third_party-symbolize-missing-include.patch
(replaced by chromium-102-symbolize-include.patch)
* Fri May 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 102.0.5001.61 (boo#1199893)
* CVE-2022-1853: Use after free in Indexed DB
* CVE-2022-1854: Use after free in ANGLE
* CVE-2022-1855: Use after free in Messaging
* CVE-2022-1856: Use after free in User Education
* CVE-2022-1857: Insufficient policy enforcement in File System API
* CVE-2022-1858: Out of bounds read in DevTools
* CVE-2022-1859: Use after free in Performance Manager
* CVE-2022-1860: Use after free in UI Foundations
* CVE-2022-1861: Use after free in Sharing
* CVE-2022-1862: Inappropriate implementation in Extensions
* CVE-2022-1863: Use after free in Tab Groups
* CVE-2022-1864: Use after free in WebApp Installs
* CVE-2022-1865: Use after free in Bookmarks
* CVE-2022-1866: Use after free in Tablet Mode
* CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
* CVE-2022-1868: Inappropriate implementation in Extensions API
* CVE-2022-1869: Type Confusion in V8
* CVE-2022-1870: Use after free in App Service
* CVE-2022-1871: Insufficient policy enforcement in File System API
* CVE-2022-1872: Insufficient policy enforcement in Extensions API
* CVE-2022-1873: Insufficient policy enforcement in COOP
* CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
* CVE-2022-1875: Inappropriate implementation in PDF
* CVE-2022-1876: Heap buffer overflow in DevTools
- Added patches:
* chromium-102-compiler.patch
* chromium-102-fenced_frame_utils-include.patch
* chromium-102-regex_pattern-array.patch
* chromium-102-swiftshader-template-instantiation.patch
* chromium-102-symbolize-include.patch
* ffmpeg-new-channel-layout.patch
- Removed patches:
* chromium-100-compiler.patch
* chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
* chromium-95-quiche-include.patch
* chromium-fix-swiftshader-template.patch
* chromium-missing-include-tuple.patch
* chromium-webrtc-stats-missing-vector.patch
* chromium-101-segmentation_platform-type.patch
* Sun May 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.67
* fixes for other platforms
* Wed May 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.64 (boo#1199409)
* CVE-2022-1633: Use after free in Sharesheet
* CVE-2022-1634: Use after free in Browser UI
* CVE-2022-1635: Use after free in Permission Prompts
* CVE-2022-1636: Use after free in Performance APIs
* CVE-2022-1637: Inappropriate implementation in Web Contents
* CVE-2022-1638: Heap buffer overflow in V8 Internationalization
* CVE-2022-1639: Use after free in ANGLE
* CVE-2022-1640: Use after free in Sharing
* CVE-2022-1641: Use after free in Web UI Diagnostics
* Wed May 04 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 101.0.4951.54 (boo#1199118)
- Chromium 101.0.4951.41 (boo#1198917)
* CVE-2022-1477: Use after free in Vulkan
* CVE-2022-1478: Use after free in SwiftShader
* CVE-2022-1479: Use after free in ANGLE
* CVE-2022-1480: Use after free in Device API
* CVE-2022-1481: Use after free in Sharing
* CVE-2022-1482: Inappropriate implementation in WebGL
* CVE-2022-1483: Heap buffer overflow in WebGPU
* CVE-2022-1484: Heap buffer overflow in Web UI Settings
* CVE-2022-1485: Use after free in File System API
* CVE-2022-1486: Type Confusion in V8
* CVE-2022-1487: Use after free in Ozone
* CVE-2022-1488: Inappropriate implementation in Extensions API
* CVE-2022-1489: Out of bounds memory access in UI Shelf
* CVE-2022-1490: Use after free in Browser Switcher
* CVE-2022-1491: Use after free in Bookmarks
* CVE-2022-1492: Insufficient data validation in Blink Editing
* CVE-2022-1493: Use after free in Dev Tools
* CVE-2022-1494: Insufficient data validation in Trusted Types
* CVE-2022-1495: Incorrect security UI in Downloads
* CVE-2022-1496: Use after free in File Manager
* CVE-2022-1497: Inappropriate implementation in Input
* CVE-2022-1498: Inappropriate implementation in HTML Parser
* CVE-2022-1499: Inappropriate implementation in WebAuthentication
* CVE-2022-1500: Insufficient data validation in Dev Tools
* CVE-2022-1501: Inappropriate implementation in iframe
- Added patches:
* chromium-101-libxml-unbundle.patch
* chromium-101-segmentation_platform-type.patch
- Removed patches:
* chromium-100-SCTHashdanceMetadata-move.patch
* chromium-100-GLImplementationParts-constexpr.patch
* chromium-100-macro-typo.patch
* Thu Apr 21 2022 Callum Farmer <gmbr3@opensuse.org>
- Fixes for go 1.18
* Fri Apr 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.127 (boo#1198509)
* CVE-2022-1364: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Tue Apr 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.88 (boo#1198361)
* CVE-2022-1305: Use after free in storage
* CVE-2022-1306: Inappropriate implementation in compositing
* CVE-2022-1307: Inappropriate implementation in full screen
* CVE-2022-1308: Use after free in BFCache
* CVE-2022-1309: Insufficient policy enforcement in developer tools
* CVE-2022-1310: Use after free in regular expressions
* CVE-2022-1311: Use after free in Chrome OS shell
* CVE-2022-1312: Use after free in storage
* CVE-2022-1313: Use after free in tab groups
* CVE-2022-1314: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Apr 10 2022 Callum Farmer <gmbr3@opensuse.org>
- Patches for GCC 12:
* chromium-fix-swiftshader-template.patch
* chromium-missing-include-tuple.patch
* chromium-webrtc-stats-missing-vector.patch
* Tue Apr 05 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.75:
* CVE-2022-1232: Type Confusion in V8 (boo#1198053)
* Wed Mar 30 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 100.0.4896.60 (boo#1197680)
* CVE-2022-1125: Use after free in Portals
* CVE-2022-1127: Use after free in QR Code Generator
* CVE-2022-1128: Inappropriate implementation in Web Share API
* CVE-2022-1129: Inappropriate implementation in Full Screen Mode
* CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
* CVE-2022-1131: Use after free in Cast UI
* CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
* CVE-2022-1133: Use after free in WebRTC
* CVE-2022-1134: Type Confusion in V8
* CVE-2022-1135: Use after free in Shopping Cart
* CVE-2022-1136: Use after free in Tab Strip
* CVE-2022-1137: Inappropriate implementation in Extensions
* CVE-2022-1138: Inappropriate implementation in Web Cursor
* CVE-2022-1139: Inappropriate implementation in Background Fetch API
* CVE-2022-1141: Use after free in File Manager
* CVE-2022-1142: Heap buffer overflow in WebUI
* CVE-2022-1143: Heap buffer overflow in WebUI
* CVE-2022-1144: Use after free in WebUI
* CVE-2022-1145: Use after free in Extensions
* CVE-2022-1146: Inappropriate implementation in Resource Timing
- Added patches:
* chromium-100-compiler.patch
* chromium-100-GLImplementationParts-constexpr.patch
* chromium-100-InMilliseconds-constexpr.patch
* chromium-100-SCTHashdanceMetadata-move.patch
* chromium-100-macro-typo.patch
- Removed patches:
* chromium-98-compiler.patch
* chromium-86-nearby-explicit.patch
* chromium-glibc-2.34.patch
* chromium-v8-missing-utility-include.patch
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* Tue Mar 29 2022 Andreas Schwab <schwab@suse.de>
- Update disk constraints
* Sat Mar 26 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 99.0.4844.84:
* CVE-2022-1096: Type Confusion in V8 (boo#1197552)
* Mon Mar 21 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 99.0.4844.82:
* Fix potential problem in Hangouts (boo#1197332)
* Wed Mar 16 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 99.0.4844.74 (boo#1197163)
* CVE-2022-0971: Use after free in Blink Layout
* CVE-2022-0972: Use after free in Extensions
* CVE-2022-0973: Use after free in Safe Browsing
* CVE-2022-0974: Use after free in Splitscreen
* CVE-2022-0975: Use after free in ANGLE
* CVE-2022-0976: Heap buffer overflow in GPU
* CVE-2022-0977: Use after free in Browser UI
* CVE-2022-0978: Use after free in ANGLE
* CVE-2022-0979: Use after free in Safe Browsing
* CVE-2022-0980: Use after free in New Tab Page
* Various fixes from internal audits, fuzzing and other initiatives
* Fri Mar 04 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 99.0.4844.51 (boo#1196641)
* CVE-2022-0789: Heap buffer overflow in ANGLE
* CVE-2022-0790: Use after free in Cast UI
* CVE-2022-0791: Use after free in Omnibox
* CVE-2022-0792: Out of bounds read in ANGLE
* CVE-2022-0793: Use after free in Views
* CVE-2022-0794: Use after free in WebShare
* CVE-2022-0795: Type Confusion in Blink Layout
* CVE-2022-0796: Use after free in Media
* CVE-2022-0797: Out of bounds memory access in Mojo
* CVE-2022-0798: Use after free in MediaStream
* CVE-2022-0799: Insufficient policy enforcement in Installer
* CVE-2022-0800: Heap buffer overflow in Cast UI
* CVE-2022-0801: Inappropriate implementation in HTML parser
* CVE-2022-0802: Inappropriate implementation in Full screen mode
* CVE-2022-0803: Inappropriate implementation in Permissions
* CVE-2022-0804: Inappropriate implementation in Full screen mode
* CVE-2022-0805: Use after free in Browser Switcher
* CVE-2022-0806: Data leak in Canvas
* CVE-2022-0807: Inappropriate implementation in Autofill
* CVE-2022-0808: Use after free in Chrome OS Shell
* CVE-2022-0809: Out of bounds memory access in WebXR
- Removed patches:
* chromium-96-EnumTable-crash.patch
* chromium-89-missing-cstring-header.patch
* chromium-95-libyuv-aarch64.patch
* chromium-95-libyuv-arm.patch
* chromium-98-MiraclePtr-gcc-ice.patch
* chromium-98-WaylandFrameManager-check.patch
- Added patches:
* chromium-97-arm-tflite-cast.patch
* chromium-98-gtk4-build.patch
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* chromium-98-EnumTable-crash.patch
* chromium-third_party-symbolize-missing-include.patch
* chromium-v8-missing-utility-include.patch
* Tue Feb 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 98.0.4758.102 (boo#1195986)
* CVE-2022-0603: Use after free in File Manager
* CVE-2022-0604: Heap buffer overflow in Tab Groups
* CVE-2022-0605: Use after free in Webstore API
* CVE-2022-0606: Use after free in ANGLE
* CVE-2022-0607: Use after free in GPU
* CVE-2022-0608: Integer overflow in Mojo
* CVE-2022-0609: Use after free in Animation
* CVE-2022-0610: Inappropriate implementation in Gamepad API
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 98.0.4758.80 (boo#1195420)
* CVE-2022-0452: Use after free in Safe Browsing
* CVE-2022-0453: Use after free in Reader Mode
* CVE-2022-0454: Heap buffer overflow in ANGLE
* CVE-2022-0455: Inappropriate implementation in Full Screen Mode
* CVE-2022-0456: Use after free in Web Search
* CVE-2022-0457: Type Confusion in V8
* CVE-2022-0459: Use after free in Screen Capture
* CVE-2022-0460: Use after free in Window Dialog
* CVE-2022-0461: Policy bypass in COOP
* CVE-2022-0462: Inappropriate implementation in Scroll
* CVE-2022-0463: Use after free in Accessibility
* CVE-2022-0464: Use after free in Accessibility
* CVE-2022-0465: Use after free in Extensions
* CVE-2022-0466: Inappropriate implementation in Extensions Platform
* CVE-2022-0467: Inappropriate implementation in Pointer Lock
* CVE-2022-0468: Use after free in Payments
* CVE-2022-0469: Use after free in Cast
* CVE-2022-0470: Out of bounds memory access in V8
* Various fixes from internal audits, fuzzing and other initiatives
- drop upstreamed patches:
* chromium-97-Point-constexpr.patch
- add patches:
* chromium-98-MiraclePtr-gcc-ice.patch
* chromium-98-WaylandFrameManager-check.patch
- change chromium-97-compiler.patch to chromium-98-compiler.patch
* Fri Jan 21 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 97.0.4692.99 (boo#1194919):
* CVE-2022-0289: Use after free in Safe browsing
* CVE-2022-0290: Use after free in Site isolation
* CVE-2022-0291: Inappropriate implementation in Storage
* CVE-2022-0292: Inappropriate implementation in Fenced Frames
* CVE-2022-0293: Use after free in Web packaging
* CVE-2022-0294: Inappropriate implementation in Push messaging
* CVE-2022-0295: Use after free in Omnibox
* CVE-2022-0296: Use after free in Printing
* CVE-2022-0297: Use after free in Vulkan
* CVE-2022-0298: Use after free in Scheduling
* CVE-2022-0300: Use after free in Text Input Method Editor
* CVE-2022-0301: Heap buffer overflow in DevTools
* CVE-2022-0302: Use after free in Omnibox
* CVE-2022-0303: Race in GPU Watchdog
* CVE-2022-0304: Use after free in Bookmarks
* CVE-2022-0305: Inappropriate implementation in Service Worker API
* CVE-2022-0306: Heap buffer overflow in PDFium
* CVE-2022-0307: Use after free in Optimization Guide
* CVE-2022-0308: Use after free in Data Transfer
* CVE-2022-0309: Inappropriate implementation in Autofill
* CVE-2022-0310: Heap buffer overflow in Task Manager
* CVE-2022-0311: Heap buffer overflow in Task Manager
* Various fixes from internal audits, fuzzing and other initiatives
- drop upstreamed patches:
* fix-tag-dragging-in-Mutter.patch
* fix-tag-dragging-in-KWin.patch
* Thu Jan 20 2022 Callum Farmer <gmbr3@opensuse.org>
- Revert chromium-94-ffmpeg-roll.patch on TW: fix moved to
FFmpeg
* Tue Jan 11 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 97.0.4692.71 (boo#1194331):
* CVE-2022-0096: Use after free in Storage
* CVE-2022-0097: Inappropriate implementation in DevTools
* CVE-2022-0098: Use after free in Screen Capture
* CVE-2022-0099: Use after free in Sign-in
* CVE-2022-0100: Heap buffer overflow in Media streams API
* CVE-2022-0101: Heap buffer overflow in Bookmarks
* CVE-2022-0102: Type Confusion in V8
* CVE-2022-0103: Use after free in SwiftShader
* CVE-2022-0104: Heap buffer overflow in ANGLE
* CVE-2022-0105: Use after free in PDF
* CVE-2022-0106: Use after free in Autofill
* CVE-2022-0107: Use after free in File Manager API
* CVE-2022-0108: Inappropriate implementation in Navigation
* CVE-2022-0109: Inappropriate implementation in Autofill
* CVE-2022-0110: Incorrect security UI in Autofill
* CVE-2022-0111: Inappropriate implementation in Navigation
* CVE-2022-0112: Incorrect security UI in Browser UI
* CVE-2022-0113: Inappropriate implementation in Blink
* CVE-2022-0114: Out of bounds memory access in Web Serial
* CVE-2022-0115: Uninitialized Use in File API
* CVE-2022-0116: Inappropriate implementation in Compositing
* CVE-2022-0117: Policy bypass in Service Workers
* CVE-2022-0118: Inappropriate implementation in WebShare
* CVE-2022-0120: Inappropriate implementation in Passwords
- Removed patches:
* chromium-96-CommandLine-include.patch
* chromium-96-RestrictedCookieManager-tuple.patch
* chromium-96-DrmRenderNodePathFinder-include.patch
* chromium-96-CouponDB-include.patch
* chromium-96-freetype-unbundle.patch
* chromium-96-compiler.patch
* chromium-vaapi.patch
* chromium-86-nearby-include.patch
- Added patches:
* chromium-97-compiler.patch
* chromium-97-Point-constexpr.patch
* chromium-97-ScrollView-reference.patch
* chromium-95-libyuv-arm.patch
* fix-tag-dragging-in-KWin.patch
* fix-tag-dragging-in-Mutter.patch
* Thu Dec 30 2021 Callum Farmer <gmbr3@opensuse.org>
- Revert wayland fixes because it doesn't handle GPU correctly
(boo#1194182)
* Thu Dec 30 2021 Martin Liška <mliska@suse.cz>
- Use GCC 11, but disable LTO (boo#1194055).
* Wed Dec 29 2021 Callum Farmer <gmbr3@opensuse.org>
- Use our own copy of the wrapper so that we can use the fixes
for Wayland
* Mon Dec 27 2021 Callum Farmer <gmbr3@opensuse.org>
- Define GNU_SOURCE and fix the below patched issues
- Removed patches:
* chromium-86-f_seal.patch
* chromium-90-fseal.patch
* Fri Dec 24 2021 Callum Farmer <gmbr3@opensuse.org>
- Added patches:
* chromium-96-freetype-unbundle.patch
* chromium-96-EnumTable-crash.patch
- Unbundle freetype on TW
- Unbundle icu on 15.4
- Disable lto and update _constraints on aarch64
- Remove MEIPreload: it gets installed through component updater
* Wed Dec 15 2021 Callum Farmer <gmbr3@opensuse.org>
- Revert to gcc10 on TW: gcc11 is entirely broken
- No auto thread LTO: linker crash on ARM
* Tue Dec 14 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 96.0.4664.110 (boo#1193713):
* CVE-2021-4098: Insufficient data validation in Mojo
* CVE-2021-4099: Use after free in Swiftshader
* CVE-2021-4100: Object lifecycle issue in ANGLE
* CVE-2021-4101: Heap buffer overflow in Swiftshader
* CVE-2021-4102: Use after free in V8
* Thu Dec 09 2021 Callum Farmer <gmbr3@opensuse.org>
- Lord of the Browsers: The Two Compilers:
* Go back to GCC
* GCC: LTO removes needed assembly symbols
* Clang: issues with libstdc++
- Chromium 96.0.4664.93 (boo#1193519):
* CVE-2021-4052: Use after free in web apps
* CVE-2021-4053: Use after free in UI
* CVE-2021-4079: Out of bounds write in WebRTC
* CVE-2021-4054: Incorrect security UI in autofill
* CVE-2021-4078: Type confusion in V8
* CVE-2021-4055: Heap buffer overflow in extensions
* CVE-2021-4056: Type Confusion in loader
* CVE-2021-4057: Use after free in file API
* CVE-2021-4058: Heap buffer overflow in ANGLE
* CVE-2021-4059: Insufficient data validation in loader
* CVE-2021-4061: Type Confusion in V8
* CVE-2021-4062: Heap buffer overflow in BFCache
* CVE-2021-4063: Use after free in developer tools
* CVE-2021-4064: Use after free in screen capture
* CVE-2021-4065: Use after free in autofill
* CVE-2021-4066: Integer underflow in ANGLE
* CVE-2021-4067: Use after free in window manager
* CVE-2021-4068: Insufficient validation of untrusted input in new tab page
- Chromium 96.0.4664.45 (boo#1192734):
* CVE-2021-38007: Type Confusion in V8
* CVE-2021-38008: Use after free in media
* CVE-2021-38009: Inappropriate implementation in cache
* CVE-2021-38006: Use after free in storage foundation
* CVE-2021-38005: Use after free in loader
* CVE-2021-38010: Inappropriate implementation in service workers
* CVE-2021-38011: Use after free in storage foundation
* CVE-2021-38012: Type Confusion in V8
* CVE-2021-38013: Heap buffer overflow in fingerprint recognition
* CVE-2021-38014: Out of bounds write in Swiftshader
* CVE-2021-38015: Inappropriate implementation in input
* CVE-2021-38016: Insufficient policy enforcement in background fetch
* CVE-2021-38017: Insufficient policy enforcement in iframe sandbox
* CVE-2021-38018: Inappropriate implementation in navigation
* CVE-2021-38019: Insufficient policy enforcement in CORS
* CVE-2021-38020: Insufficient policy enforcement in contacts picker
* CVE-2021-38021: Inappropriate implementation in referrer
* CVE-2021-38022: Inappropriate implementation in WebAuthentication
- Removed old patches:
* chromium-95-compiler.patch
* chromium-95-BitstreamReader-namespace.patch
* chromium-95-system-zlib.patch
* chromium-older-harfbuzz.patch
* pipewire-do-not-typecheck-the-portal-session_handle.patch
- Removed build breaking patches:
* chromium-93-EnumTable-crash.patch
- Added patches:
* chromium-96-compiler.patch
* chromium-96-CommandLine-include.patch
* chromium-96-RestrictedCookieManager-tuple.patch
* chromium-96-DrmRenderNodePathFinder-include.patch
* chromium-96-CouponDB-include.patch
- Changed patches:
* gcc-enable-lto.patch: see above
* Fri Nov 19 2021 Callum Farmer <gmbr3@opensuse.org>
- Ensure newer libs and LLVM is used on Leap (boo#1192310)
* Wed Nov 17 2021 Steve Kowalik <steven.kowalik@suse.com>
- Explicitly BuildRequire python3-six.
* Sun Oct 31 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 95.0.4638.69 (boo#1192184):
* CVE-2021-37997: Use after free in Sign-In
* CVE-2021-37998: Use after free in Garbage Collection
* CVE-2021-37999: Insufficient data validation in New Tab Page
* CVE-2021-38000: Insufficient validation of untrusted input in Intents
* CVE-2021-38001: Type Confusion in V8
* CVE-2021-38002: Use after free in Web Transport
* CVE-2021-38003: Inappropriate implementation in V8
* Sun Oct 24 2021 Callum Farmer <gmbr3@opensuse.org>
- Chromium 95.0.4638.54 (boo#1191844):
* CVE-2021-37981: Heap buffer overflow in Skia
* CVE-2021-37982: Use after free in Incognito
* CVE-2021-37983: Use after free in Dev Tools
* CVE-2021-37984: Heap buffer overflow in PDFium
* CVE-2021-37985: Use after free in V8
* CVE-2021-37986: Heap buffer overflow in Settings
* CVE-2021-37987: Use after free in Network APIs
* CVE-2021-37988: Use after free in Profiles
* CVE-2021-37989: Inappropriate implementation in Blink
* CVE-2021-37990: Inappropriate implementation in WebView
* CVE-2021-37991: Race in V8
* CVE-2021-37992: Out of bounds read in WebAudio
* CVE-2021-37993: Use after free in PDF Accessibility
* CVE-2021-37996: Insufficient validation of untrusted input in Downloads
* CVE-2021-37994: Inappropriate implementation in iFrame Sandbox
* CVE-2021-37995: Inappropriate implementation in WebApp Installer
- Added patches:
* chromium-95-BitstreamReader-namespace.patch
* chromium-95-compiler.patch
* chromium-95-libyuv-aarch64.patch
* chromium-95-quiche-include.patch
* chromium-95-system-zlib.patch
- Removed patches:
* chromium-94-compiler.patch
* chromium-91-libyuv-aarch64.patch
* chromium-90-ruy-include.patch
* chromium-94-CustomSpaces-include.patch
* Sat Oct 16 2021 Callum Farmer <gmbr3@opensuse.org>
- Remove Python 2 requirement
* Sat Oct 09 2021 Callum Farmer <gmbr3@opensuse.org>
- Disable DCHECK(): that's for debug only
* Sat Oct 09 2021 Callum Farmer <gmbr3@opensuse.org>
- Add pipewire-do-not-typecheck-the-portal-session_handle.patch:
fix WebRTC with xdg-desktop-portal 1.10
* Fri Oct 08 2021 Callum Farmer <gmbr3@opensuse.org>
- Chromium 94.0.4606.81 (boo#1191463):
* CVE-2021-37977: Use after free in Garbage Collection
* CVE-2021-37978: Heap buffer overflow in Blink
* CVE-2021-37979: Heap buffer overflow in WebRTC
* CVE-2021-37980: Inappropriate implementation in Sandbox
- Re-add after accidental deletion:
* chromium-93-InkDropHost-crash.patch
* Sun Oct 03 2021 Callum Farmer <gmbr3@opensuse.org>
- Chromium 94.0.4606.54 (boo#1190765):
* CVE-2021-37956: Use after free in Offline use
* CVE-2021-37957: Use after free in WebGPU
* CVE-2021-37958: Inappropriate implementation in Navigation
* CVE-2021-37959: Use after free in Task Manager
* CVE-2021-37960: Inappropriate implementation in Blink graphics
* CVE-2021-37961: Use after free in Tab Strip
* CVE-2021-37962: Use after free in Performance Manager
* CVE-2021-37963: Side-channel information leakage in DevTools
* CVE-2021-37964: Inappropriate implementation in ChromeOS Networking
* CVE-2021-37965: Inappropriate implementation in Background Fetch API
* CVE-2021-37966: Inappropriate implementation in Compositing
* CVE-2021-37967: Inappropriate implementation in Background Fetch API
* CVE-2021-37968: Inappropriate implementation in Background Fetch API
* CVE-2021-37969: Inappropriate implementation in Google Updater
* CVE-2021-37970: Use after free in File System API
* CVE-2021-37971: Incorrect security UI in Web Browser UI
* CVE-2021-37972: Out of bounds read in libjpeg-turbo
- Chromium 94.0.4606.61 (boo#1191166):
* CVE-2021-37973: Use after free in Portals
- Chromium 94.0.4606.71 (boo#1191204):
* CVE-2021-37974 : Use after free in Safe Browsing
* CVE-2021-37975 : Use after free in V8
* CVE-2021-37976 : Information leak in core
- Added patches:
* chromium-94-CustomSpaces-include.patch
* chromium-94-sql-no-assert.patch
* chromium-older-harfbuzz.patch
* chromium-94-ffmpeg-roll.patch
* chromium-94-compiler.patch
- Removed patches:
* chromium-freetype-2.11.patch
* chromium-93-ContextSet-permissive.patch
* chromium-93-ClassProperty-include.patch
* chromium-93-BluetoothLowEnergyScanFilter-include.patch
* chromium-93-HashPasswordManager-include.patch
* chromium-93-pdfium-include.patch
* chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
* chromium-93-FormForest-constexpr.patch
* chromium-93-ScopedTestDialogAutoConfirm-include.patch
* chromium-93-InkDropHost-crash.patch
* chromium-91-compiler.patch
* chromium-glibc-2.33.patch
* chromium-shim_headers.patch
* Sat Sep 18 2021 Callum Farmer <gmbr3@opensuse.org>
- Add patch to fix Leap 15.2 build:
* chromium-ffmpeg-lp152.patch
- Change system-libdrm.patch: add to unbundle instead of changing
header path
* Wed Sep 15 2021 Callum Farmer <gmbr3@opensuse.org>
- Chromium 93.0.4577.63 (boo#1190096):
* CVE-2021-30606: Use after free in Blink
* CVE-2021-30607: Use after free in Permissions
* CVE-2021-30608: Use after free in Web Share
* CVE-2021-30609: Use after free in Sign-In
* CVE-2021-30610: Use after free in Extensions API
* CVE-2021-30611: Use after free in WebRTC
* CVE-2021-30612: Use after free in WebRTC
* CVE-2021-30613: Use after free in Base internals
* CVE-2021-30614: Heap buffer overflow in TabStrip
* CVE-2021-30615: Cross-origin data leak in Navigation
* CVE-2021-30616: Use after free in Media
* CVE-2021-30617: Policy bypass in Blink
* CVE-2021-30618: Inappropriate implementation in DevTools
* CVE-2021-30619: UI Spoofing in Autofill
* CVE-2021-30620: Insufficient policy enforcement in Blink
* CVE-2021-30621: UI Spoofing in Autofill
* CVE-2021-30622: Use after free in WebApp Installs
* CVE-2021-30623: Use after free in Bookmarks
* CVE-2021-30624: Use after free in Autofill
- Chromium 93.0.4577.82 (boo#1190476):
* CVE-2021-30625: Use after free in Selection API
* CVE-2021-30626: Out of bounds memory access in ANGLE
* CVE-2021-30627: Type Confusion in Blink layout
* CVE-2021-30628: Stack buffer overflow in ANGLE
* CVE-2021-30629: Use after free in Permissions
* CVE-2021-30630: Inappropriate implementation in Blink
* CVE-2021-30631: Type Confusion in Blink layout
* CVE-2021-30632: Out of bounds write in V8
* CVE-2021-30633: Use after free in Indexed DB API
- Removed patches:
* chromium-88-gcc-fix-swiftshader-libEGL-visibility.patch
* chromium-92-v8-constexpr.patch
* chromium-no-writeprotection.patch
* chromium-92-EnumTable-crash.patch
- Added patches:
* chromium-93-ContextSet-permissive.patch
* chromium-93-ClassProperty-include.patch
* chromium-93-BluetoothLowEnergyScanFilter-include.patch
* chromium-93-HashPasswordManager-include.patch
* chromium-93-pdfium-include.patch
* chromium-93-DevToolsEmbedderMessageDispatcher-include.patch
* chromium-93-FormForest-constexpr.patch
* chromium-93-ScopedTestDialogAutoConfirm-include.patch
* chromium-93-InkDropHost-crash.patch
* chromium-93-ffmpeg-4.4.patch
* chromium-93-EnumTable-crash.patch
* Sun Aug 29 2021 Callum Farmer <gmbr3@opensuse.org>
- Updated chromium-glibc-2.34.patch: Fix PTHREAD_STACK_MIN errors
with glibc 2.34
* Tue Aug 17 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 92.0.4515.159 (boo#1189490):
* CVE-2021-30598: Type Confusion in V8
* CVE-2021-30599: Type Confusion in V8
* CVE-2021-30600: Use after free in Printing
* CVE-2021-30601: Use after free in Extensions API
* CVE-2021-30602: Use after free in WebRTC
* CVE-2021-30603: Race in WebAudio
* CVE-2021-30604: Use after free in ANGLE
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Aug 15 2021 Callum Farmer <gmbr3@opensuse.org>
- Add missing crashpad_handler (boo#1189254)
* Fri Aug 06 2021 Callum Farmer <gmbr3@opensuse.org>
- Chromium 92.0.4515.131 (boo#1189006)
* CVE-2021-30590: Heap buffer overflow in Bookmarks
* CVE-2021-30591: Use after free in File System API
* CVE-2021-30592: Out of bounds write in Tab Groups
* CVE-2021-30593: Out of bounds read in Tab Strip
* CVE-2021-30594: Use after free in Page Info UI
* CVE-2021-30596: Incorrect security UI in Navigation
* CVE-2021-30597: Use after free in Browser UI
- Removed patches:
* chromium-92-GetUsableSize-nullptr.patch
- Added patches:
* chromium-no-writeprotection.patch
* chromium-glibc-2.34.patch
* Sun Aug 01 2021 Callum Farmer <gmbr3@opensuse.org>
- Chromium 92.0.4515.107 (boo#1188590)
* CVE-2021-30565: Out of bounds write in Tab Groups
* CVE-2021-30566: Stack buffer overflow in Printing
* CVE-2021-30567: Use after free in DevTools
* CVE-2021-30568: Heap buffer overflow in WebGL
* CVE-2021-30569: Use after free in sqlite
* CVE-2021-30571: Insufficient policy enforcement in DevTools
* CVE-2021-30572: Use after free in Autofill
* CVE-2021-30573: Use after free in GPU
* CVE-2021-30574: Use after free in protocol handling
* CVE-2021-30575: Out of bounds read in Autofill
* CVE-2021-30576: Use after free in DevTools
* CVE-2021-30577: Insufficient policy enforcement in Installer
* CVE-2021-30578: Uninitialized Use in Media
* CVE-2021-30579: Use after free in UI framework
* CVE-2021-30581: Use after free in DevTools
* CVE-2021-30582: Inappropriate implementation in Animation
* CVE-2021-30584: Incorrect security UI in Downloads
* CVE-2021-30585: Use after free in sensor handling
* CVE-2021-30588: Type Confusion in V8
* CVE-2021-30589: Insufficient validation of untrusted input in Sharing
- Switched from GCC+LTO to Clang+ThinLTO due to errors
- Removed patches:
* chromium-90-compiler.patch
* chromium-89-EnumTable-crash.patch
* chromium-86-ConsumeDurationNumber-constexpr.patch
* chromium-lp152-missing-includes.patch
* chromium-91-GCC_fix_vector_types_in_pcscan.patch
* chromium-91-system-icu.patch
* chromium-91-1190561-boo1186948.patch
- Added patches:
* chromium-91-compiler.patch
* chromium-92-EnumTable-crash.patch
* chromium-92-v8-constexpr.patch
* chromium-92-GetUsableSize-nullptr.patch
* chromium-freetype-2.11.patch
* chromium-clang-nomerge.patch
* Sat Jul 17 2021 Andreas Stieger <andreas.stieger@gmx.de>
- chromium 91.0.4472.164 (boo#1188373)
* CVE-2021-30559: Out of bounds write in ANGLE
* CVE-2021-30541: Use after free in V8
* CVE-2021-30560: Use after free in Blink XSLT
* CVE-2021-30561: Type Confusion in V8
* CVE-2021-30562: Use after free in WebSerial
* CVE-2021-30563: Type Confusion in V8
* CVE-2021-30564: Heap buffer overflow in WebXR
* Various fixes from internal audits, fuzzing and other initiatives
* Mon Jul 05 2021 Callum Farmer <gmbr3@opensuse.org>
- Add chromium-91-sql-standard-layout-type.patch: to fix SQL being
incorrect with libstdc++ 11
* Mon Jun 21 2021 Andreas Stieger <andreas.stieger@gmx.de>
- fix crash upon exit boo#1186948
add chromium-91-1190561-boo1186948.patch
* Fri Jun 18 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 91.0.4472.114 (boo#1187481)
* CVE-2021-30554: Use after free in WebGL
* CVE-2021-30555: Use after free in Sharing
* CVE-2021-30556: Use after free in WebAudio
* CVE-2021-30557: Use after free in TabGroups
* Wed Jun 16 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 91.0.4472.106
* Fix use-after-free in SendTabToSelfSubMenuModel
* Destroy system-token NSSCertDatabase on the IO thread
* Wed Jun 09 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 91.0.4472.101 (boo#1187141)
* CVE-2021-30544: Use after free in BFCache
* CVE-2021-30545: Use after free in Extensions
* CVE-2021-30546: Use after free in Autofill
* CVE-2021-30547: Out of bounds write in ANGLE
* CVE-2021-30548: Use after free in Loader
* CVE-2021-30549: Use after free in Spell check
* CVE-2021-30550: Use after free in Accessibility
* CVE-2021-30551: Type Confusion in V8
* CVE-2021-30552: Use after free in Extensions
* CVE-2021-30553: Use after free in Network service
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Jun 03 2021 Callum Farmer <gmbr3@opensuse.org>
- Add README.SUSE
- Fix aarch64 build:
* chromium-91-libyuv-aarch64.patch
* Update highway to 0.12.2 (arm only)
- Add -flax-vector-conversions to build flags
* Thu May 27 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 91.0.4472.77 (boo#1186458):
* Support Managed configuration API for Web Applications
* WebOTP API: cross-origin iframe support
* CSS custom counter styles
* Support JSON Modules
* Clipboard: read-only files support
* Remove webkitBeforeTextInserted & webkitEditableCOntentChanged
JS events
* Honor media HTML attribute for link icon
* Import Assertions
* Class static initializer blocks
* Ergonomic brand checks for private fields
* Expose WebAssembly SIMD
* New Feature: WebTransport
* ES Modules for service workers ('module' type option)
* Suggested file name and location for the File System Access API
* adaptivePTime property for RTCRtpEncodingParameters
* Block HTTP port 10080 - mitigation for NAT Slipstream 2.0 attack
* Support WebSockets over HTTP/2
* Support 103 Early Hints for Navigation
* CVE-2021-30521: Heap buffer overflow in Autofill
* CVE-2021-30522: Use after free in WebAudio
* CVE-2021-30523: Use after free in WebRTC
* CVE-2021-30524: Use after free in TabStrip
* CVE-2021-30525: Use after free in TabGroups
* CVE-2021-30526: Out of bounds write in TabStrip
* CVE-2021-30527: Use after free in WebUI
* CVE-2021-30528: Use after free in WebAuthentication
* CVE-2021-30529: Use after free in Bookmarks
* CVE-2021-30530: Out of bounds memory access in WebAudio
* CVE-2021-30531: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30532: Insufficient policy enforcement in Content Security Policy
* CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
* CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
* CVE-2021-30535: Double free in ICU
* CVE-2021-21212: Insufficient data validation in networking
* CVE-2021-30536: Out of bounds read in V8
* CVE-2021-30537: Insufficient policy enforcement in cookies
* CVE-2021-30538: Insufficient policy enforcement in content security policy
* CVE-2021-30539: Insufficient policy enforcement in content security policy
* CVE-2021-30540: Incorrect security UI in payments
* Various fixes from internal audits, fuzzing and other initiatives
* drop chromium-90-TokenizedOutput-include.patch
* drop chromium-90-CrossThreadCopier-qualification.patch
* drop chromium-90-quantization_utils-include.patch
* drop chromium-90-angle-constexpr.patch
* add chromium-91-java-only-allowed-in-android-builds.patch
* add chromium-91-GCC_fix_vector_types_in_pcscan.patch
* add chromium-91-system-icu.patch
* Mon May 17 2021 Marcus Meissner <meissner@suse.com>
- use asimdrdm CPU flag for aarch64 to select only more powerful buildhosts.
* Tue May 11 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 90.0.4430.212 (boo#1185908)
* CVE-2021-30506: Incorrect security UI in Web App Installs
* CVE-2021-30507: Inappropriate implementation in Offline
* CVE-2021-30508: Heap buffer overflow in Media Feeds
* CVE-2021-30509: Out of bounds write in Tab Strip
* CVE-2021-30510: Race in Aura
* CVE-2021-30511: Out of bounds read in Tab Group
* CVE-2021-30512: Use after free in Notifications
* CVE-2021-30513: Type Confusion in V8
* CVE-2021-30514: Use after free in Autofill
* CVE-2021-30515: Use after free in File API
* CVE-2021-30516: Heap buffer overflow in History
* CVE-2021-30517: Type Confusion in V8
* CVE-2021-30518: Heap buffer overflow in Reader Mode
* CVE-2021-30519: Use after free in Payments
* CVE-2021-30520: Use after free in Tab Strip
- FTP support disabled at runtime by default since release 88.
Chromium 91 will remove support for ftp altogether
(boo#1185496)
* Thu May 06 2021 Callum Farmer <gmbr3@opensuse.org>
* Patch change *
- Fix build with GCC 11 again (bsc#1185716)
- Remove chromium-88-compiler.patch
- Remove chromium-90-cstdint.patch
- Remove chromium-90-gslang-linkage-fixup.patch
- Added chromium-90-compiler.patch
- Added chromium-90-angle-constexpr.patch
- Added chromium-90-TokenizedOutput-include.patch
- Added chromium-90-ruy-include.patch
- Added chromium-90-CrossThreadCopier-qualification.patch
- Added chromium-90-quantization_utils-include.patch
* Wed Apr 28 2021 Marcus Meissner <meissner@suse.com>
- Chromium 90.0.4430.93 (boo#1185398):
- CVE-2021-21227: Insufficient data validation in V8.
- CVE-2021-21232: Use after free in Dev Tools.
- CVE-2021-21233: Heap buffer overflow in ANGLE.
- CVE-2021-21228: Insufficient policy enforcement in extensions.
- CVE-2021-21229: Incorrect security UI in downloads.
- CVE-2021-21230: Type Confusion in V8.
- CVE-2021-21231: Insufficient data validation in V8.
- Reference: https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_26.html
* Wed Apr 21 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 90.0.4430.85 (boo#1185047):
* CVE-2021-21222: Heap buffer overflow in V8
* CVE-2021-21223: Integer overflow in Mojo
* CVE-2021-21224: Type Confusion in V8
* CVE-2021-21225: Out of bounds memory access in V8
* CVE-2021-21226: Use after free in navigation
- Chromium 90.0.4430.72 (boo#1184764):
* CVE-2021-21201: Use after free in permissions
* CVE-2021-21202: Use after free in extensions
* CVE-2021-21203: Use after free in Blink
* CVE-2021-21204: Use after free in Blink
* CVE-2021-21205: Insufficient policy enforcement in navigation
* CVE-2021-21221: Insufficient validation of untrusted input in Mojo
* CVE-2021-21207: Use after free in IndexedDB
* CVE-2021-21208: Insufficient data validation in QR scanner
* CVE-2021-21209: Inappropriate implementation in storage
* CVE-2021-21210: Inappropriate implementation in Network
* CVE-2021-21211: Inappropriate implementation in Navigatio
* CVE-2021-21212: Incorrect security UI in Network Config UI
* CVE-2021-21213: Use after free in WebMIDI
* CVE-2021-21214: Use after free in Network API
* CVE-2021-21215: Inappropriate implementation in Autofill
* CVE-2021-21216: Inappropriate implementation in Autofill
* CVE-2021-21217: Uninitialized Use in PDFium
* CVE-2021-21218: Uninitialized Use in PDFium
* CVE-2021-21219: Uninitialized Use in PDFiu
* drop chromium-89-quiche-private.patch
* drop chromium-89-quiche-dcheck.patch
* drop chromium-89-skia-CropRect.patch
* drop chromium-89-dawn-include.patch
* drop chromium-89-webcodecs-deps.patch
* drop chromium-89-AXTreeSerializer-include.patch
* drop libva-2.11.patch
* drop libva-2.11-nolegacy.patch
* drop chromium-84-blink-disable-clang-format.patch
- chromium-90-gslang-linkage-fixup.patch: fixed a weird static/nonpic error
- chromium-90-cstdint.patch: some cstd includes added
- chromium-90-fseal.patch: F_SEAL defines added
* Wed Apr 14 2021 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 89.0.4389.128 (boo#1184700):
* CVE-2021-21206: Use after free in blink
* CVE-2021-21220: Insufficient validation of untrusted input in
v8 for x86_64
* Sat Apr 03 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 89.0.4389.114 bsc#1184256
- CVE-2021-21194: Use after free in screen capture
- CVE-2021-21195: Use after free in V8
- CVE-2021-21196: Heap buffer overflow in TabStrip
- CVE-2021-21197: Heap buffer overflow in TabStrip
- CVE-2021-21198: Out of bounds read in IPC
- CVE-2021-21199: Use Use after free in Aura
- Add libva-2.11.patch to fix build with libva <2.11
- Add libva-2.11-nolegacy.patch to fix build with libva 2.11
- Remove x11-ozone-fix-two-edge-cases.patch
* Mon Mar 15 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 89.0.4389.90 bsc#1183515
- CVE-2021-21191: Use after free in WebRTC.
- CVE-2021-21192: Heap buffer overflow in tab groups.
- CVE-2021-21193: Use after free in Blink.
* Thu Mar 11 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 89.0.4389.82
- Add x11-ozone-fix-two-edge-cases.patch to fix tab drag errors
* Fri Mar 05 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 89.0.4389.72 bsc#1182960
- CVE-2021-21159: Heap buffer overflow in TabStrip.
- CVE-2021-21160: Heap buffer overflow in WebAudio.
- CVE-2021-21161: Heap buffer overflow in TabStrip.
- CVE-2021-21162: Use after free in WebRTC.
- CVE-2021-21163: Insufficient data validation in Reader Mode.
- CVE-2021-21164: Insufficient data validation in Chrome for iOS.
- CVE-2021-21165: Object lifecycle issue in audio.
- CVE-2021-21166: Object lifecycle issue in audio.
- CVE-2021-21167: Use after free in bookmarks.
- CVE-2021-21168: Insufficient policy enforcement in appcache.
- CVE-2021-21169: Out of bounds memory access in V8.
- CVE-2021-21170: Incorrect security UI in Loader.
- CVE-2021-21171: Incorrect security UI in TabStrip and Navigation.
- CVE-2021-21172: Insufficient policy enforcement in File System API.
- CVE-2021-21173: Side-channel information leakage in Network Internals.
- CVE-2021-21174: Inappropriate implementation in Referrer.
- CVE-2021-21175: Inappropriate implementation in Site isolation.
- CVE-2021-21176: Inappropriate implementation in full screen mode.
- CVE-2021-21177: Insufficient policy enforcement in Autofill.
- CVE-2021-21178: Inappropriate implementation in Compositing.
- CVE-2021-21179: Use after free in Network Internals.
- CVE-2021-21180: Use after free in tab search.
- CVE-2020-27844: Heap buffer overflow in OpenJPEG.
- CVE-2021-21181: Side-channel information leakage in autofill.
- CVE-2021-21182: Insufficient policy enforcement in navigations.
- CVE-2021-21183: Inappropriate implementation in performance APIs.
- CVE-2021-21184: Inappropriate implementation in performance APIs.
- CVE-2021-21185: Insufficient policy enforcement in extensions.
- CVE-2021-21186: Insufficient policy enforcement in QR scanning.
- CVE-2021-21187: Insufficient data validation in URL formatting.
- CVE-2021-21188: Use after free in Blink.
- CVE-2021-21189: Insufficient policy enforcement in payments.
- CVE-2021-21190: Uninitialized Use in PDFium.
- Added patches:
- chromium-89-quiche-private.patch
- chromium-89-quiche-dcheck.patch
- chromium-89-skia-CropRect.patch
- chromium-89-dawn-include.patch
- chromium-89-webcodecs-deps.patch
- chromium-89-EnumTable-crash.patch
- chromium-shim_headers.patch
- chromium-89-missing-cstring-header.patch
- chromium-89-AXTreeSerializer-include.patch
- chromium-88-gcc-fix-swiftshader-libEGL-visibility.patch
(bsc#1182775)
- Removed patches:
- chromium-fix-char_traits.patch
- build-with-pipewire-0.3.patch
- chromium-79-gcc-protobuf-alignas.patch
- chromium-87-CursorFactory-include.patch
- chromium-87-openscreen-include.patch
- chromium-88-vaapi-attribute.patch
- chromium-88-ozone-deps.patch
- chromium-87-webcodecs-deps.patch
- chromium-88-ityp-include.patch
- chromium-88-AXTreeFormatter-include.patch
- chromium-88-BookmarkModelObserver-include.patch
- chromium-88-federated_learning-include.patch
- chromium-88-ideographicSpaceCharacter.patch
- chromium-88-StringPool-include.patch
- chromium-88-dawn-static.patch
- chromium-88-CompositorFrameReporter-dcheck.patch
* Wed Feb 17 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 88.0.4324.182 bsc#1182358
- CVE-2021-21149: Stack overflow in Data Transfer.
- CVE-2021-21150: Use after free in Downloads.
- CVE-2021-21151: Use after free in Payments.
- CVE-2021-21152: Heap buffer overflow in Media.
- CVE-2021-21153: Stack overflow in GPU Process.
- CVE-2021-21154: Heap buffer overflow in Tab Strip.
- CVE-2021-21155: Heap buffer overflow in Tab Strip.
- CVE-2021-21156: Heap buffer overflow in V8.
- CVE-2021-21157: Use after free in Web Sockets.
* Mon Feb 15 2021 Callum Farmer <gmbr3@opensuse.org>
- Add chromium-glibc-2.33.patch: fix Sandbox with glibc 2.33
(bsc#1182233)
* Sat Feb 06 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 88.0.4324.150 bsc#1181827
- CVE-2021-21148: Heap buffer overflow in V8
* Thu Feb 04 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 88.0.4324.146 bsc#1181772
- CVE-2021-21142: Use after free in Payments
- CVE-2021-21143: Heap buffer overflow in Extensions
- CVE-2021-21144: Heap buffer overflow in Tab Groups.
- CVE-2021-21145: Use after free in Fonts
- CVE-2021-21146: Use after free in Navigation.
- CVE-2021-21147: Inappropriate implementation in Skia
* Sat Jan 23 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 88.0.4324.96 bsc#1181137
- CVE-2021-21117: Insufficient policy enforcement in Cryptohome
- CVE-2021-21118: Insufficient data validation in V8
- CVE-2021-21119: Use after free in Media
- CVE-2021-21120: Use after free in WebSQL
- CVE-2021-21121: Use after free in Omnibox
- CVE-2021-21122: Use after free in Blink
- CVE-2021-21123: Insufficient data validation in File System API
- CVE-2021-21124: Potential user after free in Speech Recognizer
- CVE-2021-21125: Insufficient policy enforcement in File System API
- CVE-2020-16044: Use after free in WebRTC
- CVE-2021-21126: Insufficient policy enforcement in extensions
- CVE-2021-21127: Insufficient policy enforcement in extensions
- CVE-2021-21128: Heap buffer overflow in Blink
- CVE-2021-21129: Insufficient policy enforcement in File System API
- CVE-2021-21130: Insufficient policy enforcement in File System API
- CVE-2021-21131: Insufficient policy enforcement in File System API
- CVE-2021-21132: Inappropriate implementation in DevTools
- CVE-2021-21133: Insufficient policy enforcement in Downloads
- CVE-2021-21134: Incorrect security UI in Page Info
- CVE-2021-21135: Inappropriate implementation in Performance API
- CVE-2021-21136: Insufficient policy enforcement in WebView
- CVE-2021-21137: Inappropriate implementation in DevTools
- CVE-2021-21138: Use after free in DevTools
- CVE-2021-21139: Inappropriate implementation in iframe sandbox
- CVE-2021-21140: Uninitialized Use in USB
- CVE-2021-21141: Insufficient policy enforcement in File System API
- Added patches:
- chromium-88-compiler.patch
- chromium-88-ozone-deps.patch
- chromium-88-ityp-include.patch
- chromium-88-AXTreeFormatter-include.patch
- chromium-88-BookmarkModelObserver-include.patch
- chromium-88-federated_learning-include.patch
- chromium-88-ideographicSpaceCharacter.patch
- chromium-88-StringPool-include.patch
- chromium-88-dawn-static.patch
- chromium-88-CompositorFrameReporter-dcheck.patch
- Removed patches:
- gpu-timeout.patch
- chromium-87-compiler.patch
- chromium-87-ServiceWorkerContainerHost-crash.patch
- chromium-87-ozone-deps.patch
- chromium-87-v8-icu68.patch
- chromium-87-icu68.patch
* Sat Jan 16 2021 Callum Farmer <gmbr3@opensuse.org>
- Remove C++ only flags from CFLAGS
- Update chromium-gcc11.patch
- Comply with new Google API key rules for Derivatives
* Thu Jan 07 2021 Callum Farmer <gmbr3@opensuse.org>
- Update to 87.0.4280.141 bsc#1180645
- CVE-2021-21106: Use after free in autofill
- CVE-2021-21107: Use after free in drag and drop
- CVE-2021-21108: Use after free in media
- CVE-2021-21109: Use after free in payments
- CVE-2021-21110: Use after free in safe browsing
- CVE-2021-21111: Insufficient policy enforcement in WebUI
- CVE-2021-21112: Use after free in Blink
- CVE-2021-21113: Heap buffer overflow in Skia
- CVE-2020-16043: Insufficient data validation in networking
- CVE-2021-21114: Use after free in audio
- CVE-2020-15995: Out of bounds write in V8
- CVE-2021-21115: Use after free in safe browsing
- CVE-2021-21116: Heap buffer overflow in audio
/etc/chromium /etc/chromium/master_preferences /etc/chromium/native-messaging-hosts /etc/chromium/policies /etc/chromium/policies/managed /etc/chromium/policies/recommended /usr/bin/chromium /usr/bin/chromium-browser /usr/lib64/chromium /usr/lib64/chromium/chrome /usr/lib64/chromium/chrome-wrapper /usr/lib64/chromium/chrome_100_percent.pak /usr/lib64/chromium/chrome_200_percent.pak /usr/lib64/chromium/chrome_crashpad_handler /usr/lib64/chromium/icudtl.dat /usr/lib64/chromium/libEGL.so /usr/lib64/chromium/libGLESv2.so /usr/lib64/chromium/libqt5_shim.so /usr/lib64/chromium/libvk_swiftshader.so /usr/lib64/chromium/libvulkan.so.1 /usr/lib64/chromium/locales /usr/lib64/chromium/locales/af.pak /usr/lib64/chromium/locales/am.pak /usr/lib64/chromium/locales/ar-XB.pak /usr/lib64/chromium/locales/ar.pak /usr/lib64/chromium/locales/bg.pak /usr/lib64/chromium/locales/bn.pak /usr/lib64/chromium/locales/ca.pak /usr/lib64/chromium/locales/cs.pak /usr/lib64/chromium/locales/da.pak /usr/lib64/chromium/locales/de.pak /usr/lib64/chromium/locales/el.pak /usr/lib64/chromium/locales/en-GB.pak /usr/lib64/chromium/locales/en-US.pak /usr/lib64/chromium/locales/en-XA.pak /usr/lib64/chromium/locales/es-419.pak /usr/lib64/chromium/locales/es.pak /usr/lib64/chromium/locales/et.pak /usr/lib64/chromium/locales/fa.pak /usr/lib64/chromium/locales/fi.pak /usr/lib64/chromium/locales/fil.pak /usr/lib64/chromium/locales/fr.pak /usr/lib64/chromium/locales/gu.pak /usr/lib64/chromium/locales/he.pak /usr/lib64/chromium/locales/hi.pak /usr/lib64/chromium/locales/hr.pak /usr/lib64/chromium/locales/hu.pak /usr/lib64/chromium/locales/id.pak /usr/lib64/chromium/locales/it.pak /usr/lib64/chromium/locales/ja.pak /usr/lib64/chromium/locales/kn.pak /usr/lib64/chromium/locales/ko.pak /usr/lib64/chromium/locales/lt.pak /usr/lib64/chromium/locales/lv.pak /usr/lib64/chromium/locales/ml.pak /usr/lib64/chromium/locales/mr.pak /usr/lib64/chromium/locales/ms.pak /usr/lib64/chromium/locales/nb.pak /usr/lib64/chromium/locales/nl.pak /usr/lib64/chromium/locales/pl.pak /usr/lib64/chromium/locales/pt-BR.pak /usr/lib64/chromium/locales/pt-PT.pak /usr/lib64/chromium/locales/ro.pak /usr/lib64/chromium/locales/ru.pak /usr/lib64/chromium/locales/sk.pak /usr/lib64/chromium/locales/sl.pak /usr/lib64/chromium/locales/sr.pak /usr/lib64/chromium/locales/sv.pak /usr/lib64/chromium/locales/sw.pak /usr/lib64/chromium/locales/ta.pak /usr/lib64/chromium/locales/te.pak /usr/lib64/chromium/locales/th.pak /usr/lib64/chromium/locales/tr.pak /usr/lib64/chromium/locales/uk.pak /usr/lib64/chromium/locales/ur.pak /usr/lib64/chromium/locales/vi.pak /usr/lib64/chromium/locales/zh-CN.pak /usr/lib64/chromium/locales/zh-TW.pak /usr/lib64/chromium/plugins /usr/lib64/chromium/resources.pak /usr/lib64/chromium/v8_context_snapshot.bin /usr/lib64/chromium/vk_swiftshader_icd.json /usr/share/applications/chromium-browser.desktop /usr/share/chromium /usr/share/chromium/extensions /usr/share/doc/packages/chromium /usr/share/doc/packages/chromium/AUTHORS /usr/share/icons/hicolor /usr/share/icons/hicolor/128x128 /usr/share/icons/hicolor/128x128/apps /usr/share/icons/hicolor/128x128/apps/chromium-browser.png /usr/share/icons/hicolor/16x16 /usr/share/icons/hicolor/16x16/apps /usr/share/icons/hicolor/16x16/apps/chromium-browser.png /usr/share/icons/hicolor/24x24 /usr/share/icons/hicolor/24x24/apps /usr/share/icons/hicolor/24x24/apps/chromium-browser.png /usr/share/icons/hicolor/256x256 /usr/share/icons/hicolor/256x256/apps /usr/share/icons/hicolor/256x256/apps/chromium-browser.png /usr/share/icons/hicolor/32x32 /usr/share/icons/hicolor/32x32/apps /usr/share/icons/hicolor/32x32/apps/chromium-browser.png /usr/share/icons/hicolor/48x48 /usr/share/icons/hicolor/48x48/apps /usr/share/icons/hicolor/48x48/apps/chromium-browser.png /usr/share/icons/hicolor/64x64 /usr/share/icons/hicolor/64x64/apps /usr/share/icons/hicolor/64x64/apps/chromium-browser.png /usr/share/icons/hicolor/symbolic /usr/share/icons/hicolor/symbolic/apps /usr/share/icons/hicolor/symbolic/apps/chromium-browser.svg /usr/share/licenses/chromium /usr/share/licenses/chromium/LICENSE /usr/share/man/man1/chromium-browser.1.gz /usr/share/metainfo/chromium-browser.appdata.xml
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 13 00:41:02 2024