Package Release Info

chromium-51.0.2704.103-85.3

Update Info: openSUSE-2016-742
Available in Package Hub : 12 GA-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

chromedriver
chromium
chromium-desktop-gnome
chromium-desktop-kde
chromium-ffmpegsumo

Change Logs

* Fri Jun 17 2016 astieger@suse.com
- Update to Chromium 51.0.2704.103
  * Security fixes:
  - CVE-2016-1704: Various fixes from internal audits, fuzzing and
    other initiatives (boo#985397)
* Tue Jun 07 2016 tittiatcoke@gmail.com
- Update to Chromium 51.0.2704.84
  * No further changelog
* Thu Jun 02 2016 astieger@suse.com
- Update to Chromium 51.0.2704.79 [boo#982719]
  * Security fixes:
  - CVE-2016-1696: Cross-origin bypass in Extension bindings
  - CVE-2016-1697: Cross-origin bypass in Blink
  - CVE-2016-1698: Information leak in Extension bindings
  - CVE-2016-1699: Parameter sanitization failure in DevTools
  - CVE-2016-1700: Use-after-free in Extensions
  - CVE-2016-1701: Use-after-free in Autofill
  - CVE-2016-1702: Out-of-bounds read in Skia
  - CVE-2016-1703: Various fixes from internal audits, fuzzing
    and other initiatives.
* Thu May 26 2016 tittiatcoke@gmail.com
- Update to Chromium 51.0.2704.63 [boo#981886]
  * Security fixes:
  - CVE-2016-1672: Cross-origin bypass in extension bindings
  - CVE-2016-1673: Cross-origin bypass in Blink
  - CVE-2016-1674: Cross-origin bypass in extensions
  - CVE-2016-1675: Cross-origin bypass in Blink
  - CVE-2016-1676: Cross-origin bypass in extension bindings
  - CVE-2016-1677: Type confusion in V8
  - CVE-2016-1678: Heap overflow in V8
  - CVE-2016-1679: Heap use-after-free in V8 bindings
  - CVE-2016-1680: Heap use-after-free in Skia
  - CVE-2016-1681: Heap overflow in PDFium
  - CVE-2016-1682: CSP bypass for ServiceWorker
  - CVE-2016-1683: Out-of-bounds access in libxslt
  - CVE-2016-1684: Integer overflow in libxslt
  - CVE-2016-1685: Out-of-bounds read in PDFium
  - CVE-2016-1686: Out-of-bounds read in PDFium
  - CVE-2016-1687: Information leak in extensions
  - CVE-2016-1688: Out-of-bounds read in V8
  - CVE-2016-1689: Heap buffer overflow in media
  - CVE-2016-1690: Heap use-after-free in Autofill
  - CVE-2016-1691: Heap buffer-overflow in Skia
  - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
  - CVE-2016-1693: HTTP Download of Software Removal Tool
  - CVE-2016-1694: HPKP pins removed on cache clearance
  - CVE-2016-1695: Various fixes from internal audits, fuzzing
    and other initiatives
- drop chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
  now upstream
* Fri May 13 2016 astieger@suse.com
- Update to Chromium 50.0.2661.102 (boo#979859)
  * Security fixes:
  - CVE-2016-1667: Same origin bypass in DOM
  - CVE-2016-1668: Same origin bypass in Blink V8 bindings
  - CVE-2016-1669: Buffer overflow in V8
  - CVE-2016-1670: Race condition in loader
* Fri Apr 29 2016 astieger@suse.com
- Update to Chromium 50.0.2661.94 (boo#977830)
  * Security fixes:
  - CVE-2016-1660: Out-of-bounds write in Blink
  - CVE-2016-1661: Memory corruption in cross-process frames
  - CVE-2016-1662: Use-after-free in extensions
  - CVE-2016-1663: Use-after-free in Blink?s V8 bindings
  - CVE-2016-1664: Address bar spoofing
  - CVE-2016-1665: Information leak in V8
  - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
* Fri Apr 22 2016 jslaby@suse.com
- _constraints: increase memory. It takes 1.2G to build some .o, and
  with -j4 this results in OOM.
* Thu Apr 14 2016 tittiatcoke@gmail.com
- Update to Chromium 50.0.2661.75 (boo#975572)
  * Security Fixes:
  - CVE-2016-1652: Universal XSS in extension bindings
  - CVE-2016-1653: Out-of-bounds write in V8
  - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
  - CVE-2016-1654: Uninitialized memory read in media
  - CVE-2016-1655: Use-after-free related to extensions
  - CVE-2016-1656: Android downloaded file path restriction bypass
  - CVE-2016-1657: Address bar spoofing
  - CVE-2016-1658: Potential leak of sensitive information to
    malicious extensions
  - CVE-2016-1659: Various fixes from internal audits, fuzzing
    and other initiatives
- add patch to fix GCC builds with component=shared_library:
  chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
* Fri Apr 08 2016 astieger@suse.com
- Update to Chromium 49.0.2623.112
  * Block user removal when login attempt is in progress
  * Add the SuppressUnsupportedOSWarning policy setting
  * Fix how Save-Page-As responds to web requests blocked by extensions
  * Fix preferred width calculation for 8bit ltr runs in rtl blocks
* Wed Mar 30 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.110
  * No changelog available
* Mon Mar 28 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.108
  * Security fixes (boo#972834):
  - CVE-2016-1646: Out-of-bounds read in V8
  - CVE-2016-1647: Use-after-free in Navigation
  - CVE-2016-1648: Use-after-free in Extensions
  - CVE-2016-1649: Buffer overflow in libANGLE
  - CVE-2016-1650: Various fixes from internal audits, fuzzing
    and other initiatives
  - CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
    tip of the 4.9 branch (currently 4.9.385.33).
* Wed Mar 09 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.87
  * Security fixes:
  - CVE-2016-1643: Type confusion in Blink (boo#970514)
  - CVE-2016-1644: Use-after-free in Blink (boo#970509)
  - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)
* Tue Mar 08 2016 tittiatcoke@gmail.com
- Change the build method used on Packman.
  * Drop patch no-clang-on-packman.diff . This is no longer required
    as that ninja is respecting the build flags correctly.
- Drop unused patch skia.patch
* Fri Mar 04 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.75
  * 26 security fixes, with the most important ones being:
  - CVE-2016-1630: Same-origin bypass in Blink
  - CVE-2016-1631: Same-origin bypass in Pepper Plugin
  - CVE-2016-1632: Bad cast in Extensions
  - CVE-2016-1633: Use-after-free in Blink
  - CVE-2016-1634: Use-after-free in Blink
  - CVE-2016-1635: Use-after-free in Blink
  - CVE-2016-1636: SRI Validation Bypass
  - CVE-2015-8126: Out-of-bounds access in libpng
  - CVE-2016-1637: Information Leak in Skia
  - CVE-2016-1638: WebAPI Bypass
  - CVE-2016-1639: Use-after-free in WebRTC
  - CVE-2016-1640: Origin confusion in Extensions UI
  - CVE-2016-1641: Use-after-free in Favicon
  - CVE-2016-1642: Various fixes from internal audits, fuzzing
    and other initiatives
  - Multiple vulnerabilities in V8 fixed at the tip of the 4.9
    branch (currently 4.9.385.26)
    (boo#969333)
* Fri Feb 19 2016 tittiatcoke@gmail.com
- Update to Chromium 48.0.2564.116
  * Fixes a critical security flaw:
  - CVE-2016-1629: Same-origin bypass in Blink and Sandbox
    escape in Chrome. (boo#967376)
* Mon Feb 15 2016 tittiatcoke@gmail.com
- Update to Chromium 48.0.2564.109
  * Security fixes (boo#965999)
  - CVE-2016-1622: Same-origin bypass in Extensions
  - CVE-2016-1623: Same-origin bypass in DOM
  - CVE-2016-1624: Buffer overflow in Brotli
  - CVE-2016-1625: Navigation bypass in Chrome Instant
  - CVE-2016-1626: Out-of-bounds read in PDFium
  - CVE-2016-1627: Various fixes from internal audits, fuzzing
    and other initiatives
* Sat Feb 13 2016 tittiatcoke@gmail.com
- Drop the libva support completely. It seems that this is causing
  more issues than it actually resolves. (boo#965566)
  * Drop chromium-enable-vaapi.patch
* Thu Feb 11 2016 tittiatcoke@gmail.com
- Don't build with libva support for openSUSE 13.2 and lower
  (boo#966082)
* Tue Feb 09 2016 tittiatcoke@gmail.com
- Drop completely the option to build with system libraries. This
  could lead to issues (boo#965738)
* Fri Feb 05 2016 tittiatcoke@gmail.com
- Update to Chromium 48.0.2564.103
  * No chnagelog available