| AArch64 | |
| ppc64le | |
| s390x | |
| x86-64 |
- Version update to 54.0.2840.59 bnc#1004465:
- CVE-2016-5181: Universal XSS in Blink (Anonymous)
- CVE-2016-5182: Heap overflow in Blink (Giwan Go of STEALIEN)
- CVE-2016-5183: Use after free in PDFium (Anonymous)
- CVE-2016-5184: Use after free in PDFium (Anonymous)
- CVE-2016-5185: Use after free in Blink (cloudfuzzer)
- CVE-2016-5187: URL spoofing (Luan Herrera)
- CVE-2016-5188: UI spoofing (Luan Herrera)
- CVE-2016-5192: Cross-origin bypass in Blink (haojunhou at gmail)
- CVE-2016-5189: URL spoofing (xisigr of Tencent's Xuanwu Lab)
- CVE-2016-5186: Out of bounds read in DevTools (Abdulrahman Alqabandi)
- CVE-2016-5191: Universal XSS in Bookmarks (Gareth Hughes)
- CVE-2016-5190: Use after free in Internals (Atte Kettunen of OUSPG)
- CVE-2016-5193: Scheme bypass (Yuyang ZHOUmartinzhou96)
- packaging changes:
* disable build for chromium-beta on %arm.
* Make linker use less memory by tweaking its options:
chromium-linker-memory.patch
* obsolete desktop subpackages
* Switch to gold to reduce memory use use during build
* fix build on 4.5+ kernels with systemlibs:
chromium-sandbox.patch
* various compiler and linker flag adjustments
* enable gtk3 ui, add patch gtk3-missing-define.patch
* switch from some bundled libraries to the system versions
chromium-system-ffmpeg-r3.patch
chromium-system-jinja-r13.patch
fix-gn-bootstrap.diff
* remove service file covered by download_files
- run time bug fixes:
* Add --ui-disable-partial-swap to the launcher bnc#1000019
* Use default chromium values from master_preferences on first run
rather than pseudo-duplicating in shellscript
- added features:
* hangouts extension
- Chromium 127.0.6533.119 (boo#1228941) * CVE-2024-7532: Out of bounds memory access in ANGLE * CVE-2024-7533: Use after free in Sharing * CVE-2024-7550: Type Confusion in V8 * CVE-2024-7534: Heap buffer overflow in Layout * CVE-2024-7535: Inappropriate implementation in V8 * CVE-2024-7536: Use after free in WebAudio
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-7005: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-6990: Uninitialized Use in Dawn
* CVE-2024-7255: Out of bounds read in WebTransport
* CVE-2024-7256: Insufficient data validation in Dawn
- drop patches:
* chromium-115-compiler-SkColor4f.patch only for llvm < 16
* chromium-117-system-zstd.patch upstreamed
* chromium-122-workaround_clang_bug-structured_binding.patch
* chromium-125-tabstrip-include.patch upstreamed
* chromium-126-missing-header-files.patch
* chromium-126-RealTimeReportingBindings-missing-decl.patch
upstreamed
* chromium-126-no_matching_constructor.patch
* chromium-126-no-format.patch upstreamed
- switch from libstdc++ to libc++
- drop patches obsolete when using libc++
* chromium-126-debian-bad-font-gc00000.patch
* chromium-126-debian-bad-font-gc2.patch
* chromium-126-debian-bad-font-gc1.patch
* chromium-126-debian-bad-font-gc00.patch
* chromium-126-debian-bad-font-gc000.patch
* chromium-126-debian-bad-font-gc11.patch
* chromium-126-debian-bad-font-gc0.patch
* chromium-126-debian-bad-font-gc0000.patch
* chromium-126-debian-bad-font-gc3.patch
- modify patches:
* chromium-125-lp155-typename.patch
- drop hunk in model_execution_util.h
- drop hunk in model_quality_log_entry.h
- dropping from keeplibs: (does not exist)
base/third_party/valgrind
third_party/maldoca
third_party/maldoca/src/third_party
- requires updated gn to build (newer than Feb 14 2024)
- add patches:
* chromium-127-bindgen.patch (from debian/patches/fixes))
* chromium-127-rust-clanglib.patch (just first hunk from fedora)
* chromium-127-clang17-traitors.patch
workaround for clang < 18 from debiana (only used on 15.6)
* chromium-127-constexpr.patch (from debian/patches/bookworm)
* chromium-127-paint-layer-header.patch (from debian/patches/upstream)
* chromium-127-ninja-1.21.1-deps-part0.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part1.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part2.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part3.patch (from fedora)
- buildrequire rust-bindgen to get proper binaries per arch
- use qt5 for factory as well, qt6 fails with:
ld.lld: error: undefined symbol: QByteArray::toStdString() const
referenced by qt_shim.cc
obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const)
- drop patches:
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc1.patch
- Chromium 126.0.6478.182 (boo#1227979) * CVE-2024-6772: Inappropriate implementation in V8 * CVE-2024-6773: Type Confusion in V8 * CVE-2024-6774: Use after free in Screen Capture * CVE-2024-6775: Use after free in Media Stream * CVE-2024-6776: Use after free in Audio * CVE-2024-6777: Use after free in Navigation * CVE-2024-6778: Race in DevTools * CVE-2024-6779: Out of bounds memory access in V8
- Finalize 126 - Removed patches: * chromium-125-debian-bad-font-gc2.patch * chromium-125-debian-bad-font-gc3.patch - Added patches: * chromium-126-RealTimeReportingBindings-missing-decl.patch * chromium-126-no-format.patch
- Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933) * CVE-2024-6290: Use after free in Dawn * CVE-2024-6291: Use after free in Swiftshader * CVE-2024-6292: Use after free in Dawn * CVE-2024-6293: Use after free in Dawn * CVE-2024-6100: Type Confusion in V8 * CVE-2024-6101: Inappropriate implementation in WebAssembly * CVE-2024-6102: Out of bounds memory access in Dawn * CVE-2024-6103: Use after free in Dawn * CVE-2024-5830: Type Confusion in V8 * CVE-2024-5831: Use after free in Dawn * CVE-2024-5832: Use after free in Dawn * CVE-2024-5833: Type Confusion in V8 * CVE-2024-5834: Inappropriate implementation in Dawn * CVE-2024-5835: Heap buffer overflow in Tab Groups * CVE-2024-5836: Inappropriate Implementation in DevTools * CVE-2024-5837: Type Confusion in V8 * CVE-2024-5838: Type Confusion in V8 * CVE-2024-5839: Inappropriate Implementation in Memory Allocator * CVE-2024-5840: Policy Bypass in CORS * CVE-2024-5841: Use after free in V8 * CVE-2024-5842: Use after free in Browser UI * CVE-2024-5843: Inappropriate implementation in Downloads * CVE-2024-5844: Heap buffer overflow in Tab Strip * CVE-2024-5845: Use after free in Audio * CVE-2024-5846: Use after free in PDFium * CVE-2024-5847: Use after free in PDFium - drop patches: * chromium-disable-parallel-gold.patch * chromium-125-appservice-include.patch * chromium-125-lens-include.patch * chromium-125-mojo-bindings-include.patch * chromium-125-no-vector-consts.patch * chromium-125-vulkan-include.patch * chromium-125-ninja.patch * chromium-125-no_matching_constructor.patch * chromium-125-missing-header-files.patch - add patches: * chromium-126-missing-header-files.patch * chromium-126-quiche-interator.patch * chromium-126-no_matching_constructor.patch
- Amend fix_building_widevinecdm_with_chromium.patch to allow Widevine on ARM64 (bsc#1226170)
- Chromium 125.0.6422.141 (boo#1225690) * CVE-2024-5493: Heap buffer overflow in WebRTC * CVE-2024-5494: Use after free in Dawn * CVE-2024-5495: Use after free in Dawn * CVE-2024-5496: Use after free in Media Session * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs * CVE-2024-5498: Use after free in Presentation API * CVE-2024-5499: Out of bounds write in Streams API
- Chromium 125.0.6422.112 * CVE-2024-5274: Type Confusion in V8 (boo#1225199)
- Chromium 125.0.6422.76 (boo#1224818) * CVE-2024-5157: Use after free in Scheduling * CVE-2024-5158: Type Confusion in V8 * CVE-2024-5159: Heap buffer overflow in ANGLE * CVE-2024-5160: Heap buffer overflow in Dawn * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 125.0.6422.60 (boo#1224341)
* CVE-2024-4947: Type Confusion in V8
* CVE-2024-4948: Use after free in Dawn
* CVE-2024-4949: Use after free in V8
* CVE-2024-4950: Inappropriate implementation in Downloads
- Chromium 125.0.6422.41
* New upstream (early) stable release.
- drop upstreamed patches:
* chromium-124-uint-includes.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-extractor-bitset.patch
* chromium-124-atomic.patch
* chromium-124-webgpu-optional.patch
* chromium-124-angle-powf.patch
- add debian upstream patches added for 125:
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-tabstrip-include.patch
* chromium-125-ninja.patch
- add debian fixes patches to fix font gc crashes:
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc1.patch
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch
- add from fedora (reverse applied for older ffmpeg):
* chromium-125-ffmpeg-5.x-reordered_opaque.patch
- re-diff and rename:
* from chromium-110-compiler.patch
to chromium-125-compiler.patch
* from chromium-120-emplace-struct.patch
to chromium-125-emplace-struct.patch
* from chromium-disable-FFmpegAllowLists.patch
to chromium-125-disable-FFmpegAllowLists.patch
* from chromium-122-missing-header-files.patch
to chromium-125-missing-header-files.patch
* from chromium-122-no_matching_constructor.patch
to chromium-125-no_matching_constructor.patch
* from chromium-122-lp155-typename.patch
to chromium-125-lp155-typename.patch
- third_party/zstd
added to keeplibs for
third_party/blink/renderer/platform:platform
- third_party/tflite/src/third_party/xla/xla/tsl/util
added to keeplibs for
third_party/tflite/tflite
- third_party/lens_server_proto
added to keeplibs for
gen/third_party/lens_server_proto
- Chromium 124.0.6367.207 (boo#1224294) * CVE-2024-4761: Out of bounds write in V8
- Chromium 124.0.6367.201 (boo#1224208) * CVE-2024-4671: Use after free in Visuals - Chromium 124.0.6367.155 (boo#1224045) * CVE-2024-4558: Use after free in ANGLE * CVE-2024-4559: Heap buffer overflow in WebAudio
- drop patches: * chromium-123-WebUI-static_assert.patch
- Chromium 124.0.6367.118 (boo#1223846) * CVE-2024-4331: Use after free in Picture In Picture * CVE-2024-4368: Use after free in Dawn
- Add patches: * chromium-123-missing-QtGui.patch - Restore libxml 2.12 check for chromium-124-system-libxml.patch which replaced chromium-121-blink-libxml-const.patch
- Chromium 124.0.6367.78 (boo#1223845) * CVE-2024-4058: Type Confusion in ANGLE * CVE-2024-4059: Out of bounds read in V8 API * CVE-2024-4060: Use after free in Dawn
- Chromium 124.0.6367.60 (boo#1222958)
* CVE-2024-3832: Object corruption in V8.
* CVE-2024-3833: Object corruption in WebAssembly.
* CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
* CVE-2024-3837: Use after free in QUIC.
* CVE-2024-3838: Inappropriate implementation in Autofill.
* CVE-2024-3839: Out of bounds read in Fonts.
* CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
* CVE-2024-3841: Insufficient data validation in Browser Switcher.
* CVE-2024-3843: Insufficient data validation in Downloads.
* CVE-2024-3844: Inappropriate implementation in Extensions.
* CVE-2024-3845: Inappropriate implementation in Network.
* CVE-2024-3846: Inappropriate implementation in Prompts.
* CVE-2024-3847: Insufficient policy enforcement in WebUI.
- drop patches:
* chromium-123-optional2.patch
* chromium-122-avoid-SFINAE-TypeConverter.patch
* chromium-123-PA-InternalAllocator.patch
- rediff patches:
* chromium-110-compiler.patch
* chromium-120-emplace.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-lp155-typename.patch
- add patches: from debian/fixes
* chromium-123-stats-collector.patch
- add patches: from debian/upstream
* chromium-124-angle-powf.patch
* chromium-124-atomic.patch
* chromium-124-extractor-bitset.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-uint-includes.patch
* chromium-124-webgpu-optional.patch
- add patches:
* chromium-123-WebUI-static_assert.patch
workaround for compile issue in webui_contents_wrapper.h
* chromium-124-system-libxml.patch (from fedora)
- Chromium 123.0.6312.122 (boo#1222707) * CVE-2024-3157: Out of bounds write in Compositing * CVE-2024-3516: Heap buffer overflow in ANGLE * CVE-2024-3515: Use after free in Dawn - Chromium 123.0.6312.105 (boo#1222260) * CVE-2024-3156: Inappropriate implementation in V8 * CVE-2024-3158: Use after free in Bookmarks * CVE-2024-3159: Out of bounds memory access in V8 - Chromium 123.0.6312.86 (boo#1222035) * CVE-2024-2883: Use after free in ANGLE * CVE-2024-2885: Use after free in Dawn * CVE-2024-2886: Use after free in WebCodecs * CVE-2024-2887: Type Confusion in WebAssembly - Chromium 123.0.6312.58 (boo#1221732) * CVE-2024-2625: Object lifecycle issue in V8 * CVE-2024-2626: Out of bounds read in Swiftshader * CVE-2024-2627: Use after free in Canvas * CVE-2024-2628: Inappropriate implementation in Downloads - drop patches: * chromium-117-blink-BUILD-mnemonic.patch * chromium-121-blink-libxml-const.patch * chromium-122-BookmarkNode-missing-operator.patch * chromium-122-WebUI-static_assert.patch * chromium-122-PA-undo-internal-alloc.patch
- Use Python 3.11 on Leap - Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch to chromium-122-WebUI-static_assert.patch - Rename chromium-122-disable-FFmpegAllowLists.patch to chromium-disable-FFmpegAllowLists.patch - Rename chromium-122-static-assert.patch to chromium-122-BookmarkNode-missing-operator.patch - Rename chromium-122-undo-internal-alloc.patch to chromium-122-PA-undo-internal-alloc.patch - Rename chromium-122-typename.patch to chromium-122-lp155-typename.patch - Removed patches: * chromium-121-v8-c++20-p1.patch * chromium-121-v8-c++20.patch * chromium-122-unique_ptr.patch * chromium-122-python3-assignment-expressions.patch * chromium-122-el8-support-64kpage.patch * chromium-122-el7-inline-function.patch * chromium-122-el7-extra-operator.patch * chromium-122-el7-default-constructor-involving-anonymous-union.patch * chromium-122-constexpr.patch * chromium-122-clang-build-flags.patch * chromium-122-clang16-disable-auto-upgrade-debug-info.patch * chromium-122-clang16-buildflags.patch * chromium-122-arm64-memory_tagging.patch * chromium-121-el7-clang-version-warning.patch * chromium-116-lp155-url_load_stats-size-t.patch * chromium-icu72-2.patch * chromium-122-debian-upstream-mojo.patch - Patches merged into other patches: * chromium-122-debian-upstream-bitset.patch * chromium-122-debian-upstream-optional.patch * chromium-122-debian-upstream-uniqptr.patch * chromium-122-debian-fixes-optional.patch * chromium-122-norar.patch - Restore time clamper change to chromium-122-missing-header-files.patch - Fix missing/invalid casting in chromium-122-no_matching_constructor.patch
- Chromium 122.0.6261.128 (boo#1221335) * CVE-2024-2400: Use after free in Performance Manager
- Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
* New upstream security release.
* CVE-2024-2173: Out of bounds memory access in V8.
* CVE-2024-2174: Inappropriate implementation in V8.
* CVE-2024-2176: Use after free in FedCM.
- Chromium 122.0.6261.94
* CVE-2024-1669: Out of bounds memory access in Blink.
* CVE-2024-1670: Use after free in Mojo.
* CVE-2024-1671: Inappropriate implementation in Site Isolation.
* CVE-2024-1672: Inappropriate implementation in Content Security Policy.
* CVE-2024-1673: Use after free in Accessibility.
* CVE-2024-1674: Inappropriate implementation in Navigation.
* CVE-2024-1675: Insufficient policy enforcement in Download.
* CVE-2024-1676: Inappropriate implementation in Navigation.
* Type Confusion in V8
* rediff chromium-disable-GlobalMediaControlsCastStartStop.patch
* drop chromium-114-lld-argument.patch
replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* drop chromium-121-no_matching_constructor.patch
replaced by chromium-122-no_matching_constructor.patch
* drop chromium-113-webview-namespace.patch (obsolete)
* reduce chromium-norar.patch
by the hunks in chromium-122-norar.patch
* drop chromium-114-revert-av1enc-lp154.patch
replaced by chromium-122-revert-av1enc-el9.patch
* drop chromium-115-lp155-typename.patch
chromium-116-lp155-typenames.patch
chromium-117-lp155-typename.patch
chromium-120-lp155-typename.patch
replaced by chromium-122-typename.patch
* drop chromium-121-missing-header-files.patch
replaced by chromium-122-missing-header-files.patch
* drop chromium-121-workaround_clang_bug-structured_binding.patch
replaced by chromium-122-workaround_clang_bug-structured_binding.patch
* drop chromium-121-no_matching_constructor.patch
replaced by chromium-122-no_matching_constructor.patch
* drop chromium-121-python3-invalid-escape-sequence.patch (upstream)
* drop chromium-disable-FFmpegAllowLists.patch
replaced by chromium-122-disable-FFmpegAllowLists.patch
* drop chromium-121-avoid-SFINAE-TypeConverter.patch
replaced by chromium-122-avoid-SFINAE-TypeConverter.patch
* add buildrequires for rust
* add patches from fedora package for 121 and 122
* chromium-121-el7-clang-version-warning.patch
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang-build-flags.patch
* chromium-122-constexpr.patch
* chromium-122-disable-FFmpegAllowLists.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-missing-header-files.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-norar.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-revert-av1enc-el9.patch
* chromium-122-static-assert.patch
* chromium-122-typename.patch
* chromium-122-unique_ptr.patch
* chromium-122-workaround_clang_bug-structured_binding.patch
* from debian add
* chromium-122-undo-internal-alloc.patch
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-mojo.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* added compile fix needed on code15
chromium-122-skip_bubble_contents_wrapper_static_assert.patch
to prevent "static assertion expression is not an integral constant expression"
"in call to 'operator+(&"."[0], ShoppingInsightsSidePanelUI::GetWebUIName())'"
in bubble_contents_wrapper.h:153
- replace Cr121-ffmpeg-new-channel-layout.patch by
Cr122-ffmpeg-new-channel-layout.patch (rediff against 122)
- drop chromium-121-system-old-ffmpeg.patch
- Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg changes so that FFmpeg 4 will work on Leap - Prepare for libxml 2.12
- Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661) * CVE-2024-1284: Use after free in Mojo * CVE-2024-1283: Heap buffer overflow in Skia * CVE-2024-1060: Use after free in Canvas * CVE-2024-1059: Use after free in WebRTC * CVE-2024-1077: Use after free in Network * CVE-2024-0807: Use after free in WebAudio * CVE-2024-0812: Inappropriate implementation in Accessibility * CVE-2024-0808: Integer underflow in WebUI * CVE-2024-0810: Insufficient policy enforcement in DevTools * CVE-2024-0814: Incorrect security UI in Payments * CVE-2024-0813: Use after free in Reading Mode * CVE-2024-0806: Use after free in Passwords * CVE-2024-0805: Inappropriate implementation in Downloads * CVE-2024-0804: Insufficient policy enforcement in iOS Security UI * CVE-2024-0811: Inappropriate implementation in Extensions API * CVE-2024-0809: Inappropriate implementation in Autofill - Removed patches: * chromium-117-includes.patch * chromium-118-includes.patch * chromium-119-dont-redefine-ATSPI-version-macros.patch * chromium-120-missing-header-files.patch * chromium-120-no_matching_constructor.patch * chromium-120-nullptr_t-without-namespace-std.patch * chromium-120-workaround_clang_bug-structured_binding.patch * gcc13-fix.patch * chromium-113-webauth-include-variant.patch * chromium-110-system-libffi.patch - Added patches: * chromium-121-no_matching_constructor.patch * chromium-121-nullptr_t-without-namespace-std.patch * chromium-121-workaround_clang_bug-structured_binding.patch * chromium-121-missing-header-files.patch * chromium-121-rust-clang_lib.patch * chromium-121-python3-invalid-escape-sequence.patch * chromium-121-rust-clang_lib.patch * chromium-121-avoid-SFINAE-TypeConverter.patch * chromium-121-blink-libxml-const.patch - Add patch chromium-disable-FFmpegAllowLists.patch: disable codec checker this will always fail (bsc#1219070)
- Add patch chromium-disable-FFmpegAllowLists.patch: disable codec checker this will always fail (bsc#1219070)
- Chromium 120.0.6099.224 (boo#1218892) * CVE-2024-0517: Out of bounds write in V8 * CVE-2024-0518: Type Confusion in V8 * CVE-2024-0519: Out of bounds memory access in V8 * Various fixes from internal audits, fuzzing and other initiatives
- Replace chromium-120-lp155-revert-clang-build-failure.patch with chromium-120-make_unique-struct.patch - which avoids reverting changes and instead provides a stub constructor to fix build on Leap
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302, boo#1218533, boo#1218719) * CVE-2024-0333: Insufficient data validation in Extensions * CVE-2024-0222: Use after free in ANGLE * CVE-2024-0223: Heap buffer overflow in ANGLE * CVE-2024-0224: Use after free in WebAudio * CVE-2024-0225: Use after free in WebGPU * CVE-2023-7024: Heap buffer overflow in WebRTC * CVE-2023-6702: Type Confusion in V8 * CVE-2023-6703: Use after free in Blink * CVE-2023-6704: Use after free in libavif (boo#1218303) * CVE-2023-6705: Use after free in WebRTC * CVE-2023-6706: Use after free in FedCM * CVE-2023-6707: Use after free in CSS * CVE-2023-6508: Use after free in Media Stream * CVE-2023-6509: Use after free in Side Panel Search * CVE-2023-6510: Use after free in Media Capture * CVE-2023-6511: Inappropriate implementation in Autofill * CVE-2023-6512: Inappropriate implementation in Web Browser UI - drop patches: * chromium-system-libusb.patch * chromium-119-nullptr_t-without-namespace-std.patch * chromium-119-no_matching_constructor.patch * chromium-117-workaround_clang_bug-structured_binding.patch - add patches: * chromium-120-nullptr_t-without-namespace-std.patch * chromium-120-emplace.patch * chromium-120-lp155-typename.patch * chromium-120-no_matching_constructor.patch * chromium-120-missing-header-files.patch * chromium-120-emplace-struct.patch * chromium-120-workaround_clang_bug-structured_binding.patch - add patches for Leap that revert braking changes: * chromium-120-lp155-revert-clang-build-failure.patch
- Chromium 119.0.6045.199 (boo#1217616) * CVE-2023-6348: Type Confusion in Spellcheck * CVE-2023-6347: Use after free in Mojo * CVE-2023-6346: Use after free in WebAudio * CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614) * CVE-2023-6351: Use after free in libavif (boo#1217615) * CVE-2023-6345: Integer overflow in Skia * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 119.0.6045.159 (boo#1217142) * CVE-2023-5997: Use after free in Garbage Collection * CVE-2023-6112: Use after free in Navigation * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 119.0.6045.123 (boo#1216978) * CVE-2023-5996: Use after free in WebAudio - Chromium 119.0.6045.105 (boo#1216783) * CVE-2023-5480: Inappropriate implementation in Payments * CVE-2023-5482: Insufficient data validation in USB * CVE-2023-5849: Integer overflow in USB * CVE-2023-5850: Incorrect security UI in Downloads * CVE-2023-5851: Inappropriate implementation in Downloads * CVE-2023-5852: Use after free in Printing * CVE-2023-5853: Incorrect security UI in Downloads * CVE-2023-5854: Use after free in Profiles * CVE-2023-5855: Use after free in Reading Mode * CVE-2023-5856: Use after free in Side Panel * CVE-2023-5857: Inappropriate implementation in Downloads * CVE-2023-5858: Inappropriate implementation in WebApp Provider * CVE-2023-5859: Incorrect security UI in Picture In Picture - dropped patches: * chromium-98-gtk4-build.patch * chromium-118-system-freetype.patch * chromium-118-no_matching_constructor.patch - added patches: * chromium-119-no_matching_constructor.patch * chromium-119-dont-redefine-ATSPI-version-macros.patch * chromium-119-nullptr_t-without-namespace-std.patch * chromium-119-assert.patch
- Chromium 118.0.5993.117 (boo#1216549) * CVE-2023-5472: Use after free in Profiles * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 118.0.5993.88: * unspecified security fix (boo#1216392)
- refresh chromium-117-emplace_back_on_vector-c++20.patch and chromium-117-lp155-constructors.patch to chromium-118-no_matching_constructor.patch
- Chromium 118.0.5993.70 (boo#1216111) * CVE-2023-5218: Use after free in Site Isolation * CVE-2023-5487: Inappropriate implementation in Fullscreen * CVE-2023-5484: Inappropriate implementation in Navigation * CVE-2023-5475: Inappropriate implementation in DevTools * CVE-2023-5483: Inappropriate implementation in Intents * CVE-2023-5481: Inappropriate implementation in Downloads * CVE-2023-5476: Use after free in Blink History * CVE-2023-5474: Heap buffer overflow in PDF * CVE-2023-5479: Inappropriate implementation in Extensions API * CVE-2023-5485: Inappropriate implementation in Autofill * CVE-2023-5478: Inappropriate implementation in Autofill * CVE-2023-5477: Inappropriate implementation in Installer * CVE-2023-5486: Inappropriate implementation in Input * CVE-2023-5473: Use after free in Cast - Build with system freetype (again), and zstd - add patches: * chromium-118-system-freetype.patch * chromium-117-system-zstd.patch
- Chromium 118.0.5993.54 - add patches: * chromium-118-includes.patch
- Chromium 117.0.5938.149: * CVE-2023-5346: Type Confusion in V8 (boo#1215924)
- Chromium 117.0.5938.132 (boo#1215776): * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778) * CVE-2023-5186: Use after free in Passwords * CVE-2023-5187: Use after free in Extensions
- Chromium 117.0.5938.92: * stability improvements
- Add explicit build dependency on libepoxy for Tumbleweed
- Chromium 117.0.5938.88 (boo#1215279) * CVE-2023-4900: Inappropriate implementation in Custom Tabs * CVE-2023-4901: Inappropriate implementation in Prompts * CVE-2023-4902: Inappropriate implementation in Input * CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs * CVE-2023-4904: Insufficient policy enforcement in Downloads * CVE-2023-4905: Inappropriate implementation in Prompts * CVE-2023-4906: Insufficient policy enforcement in Autofill * CVE-2023-4907: Inappropriate implementation in Intents * CVE-2023-4908: Inappropriate implementation in Picture in Picture * CVE-2023-4909: Inappropriate implementation in Interstitials - drop patches: * chromium-100-InMilliseconds-constexpr.patch * chromium-115-Qt-moc-version.patch * chromium-116-profile-view-utils-vector-include.patch * chromium-116-blink-variant-include.patch * chromium-116-abseil-limits-include.patch * chromium-116-lp155-constuctors.patch * chromium-115-workaround_clang_bug-structured_binding.patch * chromium-115-emplace_back_on_vector-c++20.patch - add patches: * chromium-117-blink-BUILD-mnemonic.patch * chromium-117-includes.patch * chromium-117-lp155-constructors.patch * chromium-117-string-convert.patch * chromium-117-lp155-typename.patch * chromium-117-workaround_clang_bug-structured_binding.patch * chromium-117-emplace_back_on_vector-c++20.patch
- CVE-2023-4863: build with the bundled library on Leap (boo#1215231)
- Chromium 116.0.5845.187 (boo#1215231): * CVE-2023-4863: Heap buffer overflow in WebP
- Chromium 116.0.5845.179 (boo#1215023): * CVE-2023-4761: Out of bounds memory access in FedCM * CVE-2023-4762: Type Confusion in V8 * CVE-2023-4763: Use after free in Networks * CVE-2023-4764: Incorrect security UI in BFCache
- Chromium 116.0.5845.140 (boo#1214758): * CVE-2023-4572: Use after free in MediaStream
- Chromium 116.0.5845.110 (boo#1214487): * CVE-2023-4427: Out of bounds memory access in V8 * CVE-2023-4428: Out of bounds memory access in CSS * CVE-2023-4429: Use after free in Loader * CVE-2023-4430: Use after free in Vulkan * CVE-2023-4431: Out of bounds memory access in Fonts
- Chromium 116.0.5845.96
* New CSS features: Motion Path, and "display" and
"content-visibility" animations
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
forward cache NotRestoredReason API, Document Picture-in-
Picture, Expanded Wildcards in Permissions Policy Origins,
FedCM bundle: Login Hint API, User Info API, and RP Context API,
Non-composed Mouse and Pointer enter/leave events,
Remove document.open sandbox inheritance,
Report Critical-CH caused restart in NavigationTiming
- fix a number of security issues (boo#1214301):
* CVE-2023-2312: Use after free in Offline
* CVE-2023-4349: Use after free in Device Trust Connectors
* CVE-2023-4350: Inappropriate implementation in Fullscreen
* CVE-2023-4351: Use after free in Network
* CVE-2023-4352: Type Confusion in V8
* CVE-2023-4353: Heap buffer overflow in ANGLE
* CVE-2023-4354: Heap buffer overflow in Skia
* CVE-2023-4355: Out of bounds memory access in V8
* CVE-2023-4356: Use after free in Audio
* CVE-2023-4357: Insufficient validation of untrusted input in XML
* CVE-2023-4358: Use after free in DNS
* CVE-2023-4359: Inappropriate implementation in App Launcher
* CVE-2023-4360: Inappropriate implementation in Color
* CVE-2023-4361: Inappropriate implementation in Autofill
* CVE-2023-4362: Heap buffer overflow in Mojom IDL
* CVE-2023-4363: Inappropriate implementation in WebShare
* CVE-2023-4364: Inappropriate implementation in Permission Prompts
* CVE-2023-4365: Inappropriate implementation in Fullscreen
* CVE-2023-4366: Use after free in Extensions
* CVE-2023-4367: Insufficient policy enforcement in Extensions API
* CVE-2023-4368: Insufficient policy enforcement in Extensions API
- drop patches:
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
* chromium-115-verify_name_match-include.patch
* chromium-86-fix-vaapi-on-intel.patch
* chromium-115-skia-include.patch
* chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
- add patches:
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-typenames.patch
* chromium-116-lp155-constuctors.patch
- Build with bundled re2 on Leap
- Fix crash with extensions (boo#1214003) chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
- Chromium 115.0.5790.170 (boo#1213920) * CVE-2023-4068: Type Confusion in V8 * CVE-2023-4069: Type Confusion in V8 * CVE-2023-4070: Type Confusion in V8 * CVE-2023-4071: Heap buffer overflow in Visuals * CVE-2023-4072: Out of bounds read and write in WebGL * CVE-2023-4073: Out of bounds memory access in ANGLE * CVE-2023-4074: Use after free in Blink Task Scheduling * CVE-2023-4075: Use after free in Cast * CVE-2023-4076: Use after free in WebRTC * CVE-2023-4077: Insufficient data validation in Extensions * CVE-2023-4078: Inappropriate implementation in Extensions
- Specify re2 build dependency in a way that makes Leap packages build in devel project and in Maintenance
- Chromium 115.0.5790.102: * stability fix - Add build fixes on Leap: * chromium-115-emplace_back_on_vector-c++20.patch * chromium-115-compiler-SkColor4f.patch * chromium-115-workaround_clang_bug-structured_binding.patch * chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch - adjust chromium-115-lp155-typename.patch - drop chromium-114-workaround_clang_bug-structured_binding.patch
- Chromium 115.0.5790.98
* Security: The Storage, Service Worker, and Communication APIs
are now partitioned in third-party contexts to prevent certain
types of side-channel cross-site tracking
* HTTPS: Automatically and optimistically upgrade all main-frame
navigations to HTTPS, with fast fallback to HTTP.
* CSS: accept multiple values of the display property
* CSS: support boolean context style container queries
* CSS: support scroll-driven animations
* Increase the maximum size of a WebAssembly.Module() on the main
thread to 8 MB
* FedCM: Support credential management mediation requirements for
auto re-authentication
* Deprecate the document.domain setter
* Deprecate mutation events
* Security fixes (boo#1213462):
CVE-2023-3727: Use after free in WebRTC
CVE-2023-3728: Use after free in WebRTC
CVE-2023-3730: Use after free in Tab Groups
CVE-2023-3732: Out of bounds memory access in Mojo
CVE-2023-3733: Inappropriate implementation in WebApp Installs
CVE-2023-3734: Inappropriate implementation in Picture In Picture
CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
CVE-2023-3736: Inappropriate implementation in Custom Tabs
CVE-2023-3737: Inappropriate implementation in Notifications
CVE-2023-3738: Inappropriate implementation in Autofill
CVE-2023-3740: Insufficient validation of untrusted input in Themes
Various fixes from internal audits, fuzzing and other initiatives
- drop chromium-113-typename.patch
- add chromium-115-skia-include.patch
- add chromium-115-verify_name_match-include.patch
- add chromium-115-lp155-typename.patch
- Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without
built-in copy of shim
- Chromium 114.0.5735.198 (boo#1212755): * CVE-2023-3420: Type Confusion in V8 * CVE-2023-3421: Use after free in Media * CVE-2023-3422: Use after free in Guest View
- Install Qt5 library & prepare for Qt6 in 115
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
- Chromium 114.0.5735.133 (boo#1212302): * CVE-2023-3214: Use after free in Autofill payments * CVE-2023-3215: Use after free in WebRTC * CVE-2023-3216: Type Confusion in V8 * CVE-2023-3217: Use after free in WebXR * Various fixes from internal audits, fuzzing and other initiatives
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
- Chromium 114.0.5735.106 (boo#1212044): * CVE-2023-3079: Type Confusion in V8
- Chromium 114.0.5735.90 (boo#1211843): * CSS text-wrap: balance is available * Cookies partitioned by top level site (CHIPS) * New Popover API - Security fixes: * CVE-2023-2929: Out of bounds write in Swiftshader * CVE-2023-2930: Use after free in Extensions * CVE-2023-2931: Use after free in PDF * CVE-2023-2932: Use after free in PDF * CVE-2023-2933: Use after free in PDF * CVE-2023-2934: Out of bounds memory access in Mojo * CVE-2023-2935: Type Confusion in V8 * CVE-2023-2936: Type Confusion in V8 * CVE-2023-2937: Inappropriate implementation in Picture In Picture * CVE-2023-2938: Inappropriate implementation in Picture In Picture * CVE-2023-2939: Insufficient data validation in Installer * CVE-2023-2940: Inappropriate implementation in Downloads * CVE-2023-2941: Inappropriate implementation in Extensions API - Drop patches: * chromium-103-VirtualCursor-std-layout.patch * chromium-113-system-zlib.patch * chromium-113-workaround_clang_bug-structured_binding.patch - Add patches * chromium-114-workaround_clang_bug-structured_binding.patch * chromium-114-lld-argument.patch
- Un-bundle zlib again - Remove un-needed patches: * chromium-112-default-comparison-operators.patch * chromium-109-clang-lp154.patch * chromium-clang-nomerge.patch * chromium-ffmpeg-lp152.patch * chromium-lp151-old-drm.patch - Added patches: * chromium-113-system-zlib.patch
- build with llvm15 on Leap
- Chromium 113.0.5672.126 (boo#1211442): * CVE-2023-2721: Use after free in Navigation * CVE-2023-2722: Use after free in Autofill UI * CVE-2023-2723: Use after free in DevTools * CVE-2023-2724: Type Confusion in V8 * CVE-2023-2725: Use after free in Guest View * CVE-2023-2726: Inappropriate implementation in WebApp Installs * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 113.0.5672.92 (boo#1211211) - Multiple security fixes (boo#1211036): * CVE-2023-2459: Inappropriate implementation in Prompts * CVE-2023-2460: Insufficient validation of untrusted input in Extensions * CVE-2023-2461: Use after free in OS Inputs * CVE-2023-2462: Inappropriate implementation in Prompts * CVE-2023-2463: Inappropriate implementation in Full Screen Mode * CVE-2023-2464: Inappropriate implementation in PictureInPicture * CVE-2023-2465: Inappropriate implementation in CORS * CVE-2023-2466: Inappropriate implementation in Prompts * CVE-2023-2467: Inappropriate implementation in Prompts * CVE-2023-2468: Inappropriate implementation in PictureInPicture - drop chromium-94-sql-no-assert.patch - drop no-location-leap151.patch - add chromium-113-webview-namespace.patch - add chromium-113-webauth-include-variant.patch - add chromium-113-typename.patch - add chromium-113-workaround_clang_bug-structured_binding.patch
- Chromium 112.0.5615.165 (boo#1210618): * CVE-2023-2133: Out of bounds memory access in Service Worker API * CVE-2023-2134: Out of bounds memory access in Service Worker API * CVE-2023-2135: Use after free in DevTools * CVE-2023-2136: Integer overflow in Skia * CVE-2023-2137: Heap buffer overflow in sqlite - drop chromium-112-feed_protos.patch
- Fix Leap 15.4 build failures from default comparison operators defined outside of the class definition, a C++20 feature adding chromium-112-default-comparison-operators.patch
- Chromium 112.0.5615.121: * CVE-2023-2033: Type Confusion in V8 (boo#1210478)
- Revert a breaking change with chromium-112-feed_protos.patch
- Chromium 112.0.5615.49 * CSS now supports nesting rules. * The algorithm to set the initial focus on <dialog> elements was updated. * No-op fetch() handlers on service workers are skipped from now on to make navigations faster * The setter for document.domain is now deprecated. * The recorder in devtools can now record with pierce selectors. * Security fixes (boo#1210126): * CVE-2023-1810: Heap buffer overflow in Visuals * CVE-2023-1811: Use after free in Frames * CVE-2023-1812: Out of bounds memory access in DOM Bindings * CVE-2023-1813: Inappropriate implementation in Extensions * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing * CVE-2023-1815: Use after free in Networking APIs * CVE-2023-1816: Incorrect security UI in Picture In Picture * CVE-2023-1817: Insufficient policy enforcement in Intents * CVE-2023-1818: Use after free in Vulkan * CVE-2023-1819: Out of bounds read in Accessibility * CVE-2023-1820: Heap buffer overflow in Browser History * CVE-2023-1821: Inappropriate implementation in WebShare * CVE-2023-1822: Incorrect security UI in Navigation * CVE-2023-1823: Inappropriate implementation in FedCM
- Chromium 111.0.5563.147: * nth-child() validation performance regression for SAP apps
- Update gcc13-fix.patch with few fixes required for aarch64, borrowed from Fedora's gcc13 patch
- Chromium 111.0.5563.110 (boo#1209598) * CVE-2023-1528: Use after free in Passwords * CVE-2023-1529: Out of bounds memory access in WebHID * CVE-2023-1530: Use after free in PDF * CVE-2023-1531: Use after free in ANGLE * CVE-2023-1532: Out of bounds read in GPU Video * CVE-2023-1533: Use after free in WebProtect * CVE-2023-1534: Out of bounds read in ANGLE
- Add gcc13-fix.patch in order to support GCC 13.
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
- Bump Leap's GCC to 12 as Chromium really likes newer standards
- Update to Chromium 53.0.2785.89 - Improvements to the GN build system (boo#996032, boo#99606, boo#995932) - Security fixes (boo#996648) * CVE-2016-5147: Universal XSS in Blink. * CVE-2016-5148: Universal XSS in Blink. * CVE-2016-5149: Script injection in extensions. * CVE-2016-5150: Use after free in Blink. * CVE-2016-5151: Use after free in PDFium. * CVE-2016-5152: Heap overflow in PDFium. * CVE-2016-5153: Use after destruction in Blink. * CVE-2016-5154: Heap overflow in PDFium. * CVE-2016-5155: Address bar spoofing. * CVE-2016-5156: Use after free in event bindings. * CVE-2016-5157: Heap overflow in PDFium. * CVE-2016-5158: Heap overflow in PDFium. * CVE-2016-5159: Heap overflow in PDFium. * CVE-2016-5161: Type confusion in Blink. * CVE-2016-5162: Extensions web accessible resources bypass. * CVE-2016-5163: Address bar spoofing. * CVE-2016-5164: Universal XSS using DevTools. * CVE-2016-5165: Script injection in DevTools. * CVE-2016-5166: SMB Relay Attack via Save Page As. * CVE-2016-5160: Extensions web accessible resources bypass. - Drop patches chromium-snapshot-toolchain-r1.patch
- Make it build on ARM. * Add build patch arm_use_right_compiler.patch - Drop unnecessary patches: * chromium-arm-r0.patch
- Change buildsystem to GN, which is the new upstream default * Make Ninja only use 4 buildprocesses for building Chromium itself * Drop unnecessary patches - chromium-gcc-fixes.patch - adjust-ldflags-no-keep-memory.patch - gcc50-fixes.diff * Add patches to ensure correct build - chromium-last-commit-position-r0.patch - chromium-snapshot-toolchain-r1.patch * Drop unnecessary sourcefiles - courgette.tar.xz - depot_tools.tar.xz - gn-binaries.tar.xz
- Use an explicit number of ninja build processes (-j 4), to further reduce the memory used.
- Version update to 53.0.2785.143 bnc#1002140: * CVE-2016-5177: Use after free in V8 * CVE-2016-5178: Various fixes from internal audits
- Export GDK_BACKEND=x11 before starting chromium, ensuring that it's started as an Xwayland client (boo#1001135).
- Apply sandbox patch to fix crashers on tumbleweed bnc#999091 * chromium-sandbox.patch
- Version update stable channel 53.0.2785.116 * Just smal bugfixes around
- Version update to 53.0.2785.113 bnc#998743: * CVE-2016-5170 Use after free in Blink * CVE-2016-5171 Use after free in Blink * CVE-2016-5172 Arbitrary Memory Read in v8 * CVE-2016-5173 Extension resource access * CVE-2016-5174 Popup not correctly suppressed * CVE-2016-5175 Various fixes from internal audits
- Reenable widevine build again bnc#998328
- Stable channel update to 53.0.2785.101 * SPDY crasher fixes * Disable NV12 DXGI video on AMD * Forward --password-store switch to os_crypt * Tell the kernel to discard USB requests when they time out.
- Update to Chromium 53.0.2785.92: * Revert of support relocatable RPM packages * disallow WKBackForwardListItem navigations for pushState pages * arc: bluetooth: Fix advertised uuid * fix conflicting PendingIntent for stop button and swipe away
- Temporarily disable fix_network_api_crash.patch. Upstream has changed part of their code, so hopefully that resolved the issue
- Update to Chromium 52.0.2743.82
* Security fixes (boo#989901):
+ CVE-2016-1706: Sandbox escape in PPAPI
+ CVE-2016-1707: URL spoofing on iOS
+ CVE-2016-1708: Use-after-free in Extensions
+ CVE-2016-1709: Heap-buffer-overflow in sfntly
+ CVE-2016-1710: Same-origin bypass in Blink
+ CVE-2016-1711: Same-origin bypass in Blink
+ CVE-2016-5127: Use-after-free in Blink
+ CVE-2016-5128: Same-origin bypass in V8
+ CVE-2016-5129: Memory corruption in V8
+ CVE-2016-5130: URL spoofing
+ CVE-2016-5131: Use-after-free in libxml
+ CVE-2016-5132: Limited same-origin bypass in Service Workers
+ CVE-2016-5133: Origin confusion in proxy authentication
+ CVE-2016-5134: URL leakage via PAC script
+ CVE-2016-5135: Content-Security-Policy bypass
+ CVE-2016-5136: Use after free in extensions
+ CVE-2016-5137: History sniffing with HSTS and CSP
+ CVE-2016-1705: Various fixes from internal audits, fuzzing
and other initiatives
- Clarification/correction to chromium-desktop-gnome and chromium-desktop-kde software descriptions due to passwords preservation reported by Chromium developer
- Update to Chromium 51.0.2704.106 * No changelog indicated
- Add gcc60-fixes.diff to resolve the crashes observed with chromium when compiled with GCC6
- Update to Chromium 52.0.2743.116:
* Security fixes (boo#992305):
+ CVE-2016-5141: Address bar spoofing (boo#992314)
+ CVE-2016-5142: Use-after-free in Blink (boo#992313)
+ CVE-2016-5139: Heap overflow in pdfium (boo#992311)
+ CVE-2016-5140: Heap overflow in pdfium (boo#992310)
+ CVE-2016-5145: Same origin bypass for images in Blink
(boo#992320)
+ CVE-2016-5143: Parameter sanitization failure in DevTools
(boo#992319)
+ CVE-2016-5144: Parameter sanitization failure in DevTools
(boo#992315)
+ CVE-2016-5146: Various fixes from internal audits, fuzzing
and other initiatives (boo#992309)
- Update to Chromium 51.0.2704.103
* Security fixes:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and
other initiatives (boo#985397)
- Update to Chromium 51.0.2704.84 * No further changelog
- Update to Chromium 51.0.2704.79 [boo#982719]
* Security fixes:
- CVE-2016-1696: Cross-origin bypass in Extension bindings
- CVE-2016-1697: Cross-origin bypass in Blink
- CVE-2016-1698: Information leak in Extension bindings
- CVE-2016-1699: Parameter sanitization failure in DevTools
- CVE-2016-1700: Use-after-free in Extensions
- CVE-2016-1701: Use-after-free in Autofill
- CVE-2016-1702: Out-of-bounds read in Skia
- CVE-2016-1703: Various fixes from internal audits, fuzzing
and other initiatives.
- Update to Chromium 51.0.2704.63 [boo#981886]
* Security fixes:
- CVE-2016-1672: Cross-origin bypass in extension bindings
- CVE-2016-1673: Cross-origin bypass in Blink
- CVE-2016-1674: Cross-origin bypass in extensions
- CVE-2016-1675: Cross-origin bypass in Blink
- CVE-2016-1676: Cross-origin bypass in extension bindings
- CVE-2016-1677: Type confusion in V8
- CVE-2016-1678: Heap overflow in V8
- CVE-2016-1679: Heap use-after-free in V8 bindings
- CVE-2016-1680: Heap use-after-free in Skia
- CVE-2016-1681: Heap overflow in PDFium
- CVE-2016-1682: CSP bypass for ServiceWorker
- CVE-2016-1683: Out-of-bounds access in libxslt
- CVE-2016-1684: Integer overflow in libxslt
- CVE-2016-1685: Out-of-bounds read in PDFium
- CVE-2016-1686: Out-of-bounds read in PDFium
- CVE-2016-1687: Information leak in extensions
- CVE-2016-1688: Out-of-bounds read in V8
- CVE-2016-1689: Heap buffer overflow in media
- CVE-2016-1690: Heap use-after-free in Autofill
- CVE-2016-1691: Heap buffer-overflow in Skia
- CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
- CVE-2016-1693: HTTP Download of Software Removal Tool
- CVE-2016-1694: HPKP pins removed on cache clearance
- CVE-2016-1695: Various fixes from internal audits, fuzzing
and other initiatives
- drop chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
now upstream
- Update to Chromium 50.0.2661.102 (boo#979859) * Security fixes: - CVE-2016-1667: Same origin bypass in DOM - CVE-2016-1668: Same origin bypass in Blink V8 bindings - CVE-2016-1669: Buffer overflow in V8 - CVE-2016-1670: Race condition in loader
- Update to Chromium 50.0.2661.94 (boo#977830) * Security fixes: - CVE-2016-1660: Out-of-bounds write in Blink - CVE-2016-1661: Memory corruption in cross-process frames - CVE-2016-1662: Use-after-free in extensions - CVE-2016-1663: Use-after-free in Blink?s V8 bindings - CVE-2016-1664: Address bar spoofing - CVE-2016-1665: Information leak in V8 - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
- _constraints: increase memory. It takes 1.2G to build some .o, and with -j4 this results in OOM.
- Update to Chromium 50.0.2661.75 (boo#975572)
* Security Fixes:
- CVE-2016-1652: Universal XSS in extension bindings
- CVE-2016-1653: Out-of-bounds write in V8
- CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
- CVE-2016-1654: Uninitialized memory read in media
- CVE-2016-1655: Use-after-free related to extensions
- CVE-2016-1656: Android downloaded file path restriction bypass
- CVE-2016-1657: Address bar spoofing
- CVE-2016-1658: Potential leak of sensitive information to
malicious extensions
- CVE-2016-1659: Various fixes from internal audits, fuzzing
and other initiatives
- add patch to fix GCC builds with component=shared_library:
chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
- Update to Chromium 49.0.2623.112 * Block user removal when login attempt is in progress * Add the SuppressUnsupportedOSWarning policy setting * Fix how Save-Page-As responds to web requests blocked by extensions * Fix preferred width calculation for 8bit ltr runs in rtl blocks
- Update to Chromium 49.0.2623.110 * No changelog available
- Update to Chromium 49.0.2623.108
* Security fixes (boo#972834):
- CVE-2016-1646: Out-of-bounds read in V8
- CVE-2016-1647: Use-after-free in Navigation
- CVE-2016-1648: Use-after-free in Extensions
- CVE-2016-1649: Buffer overflow in libANGLE
- CVE-2016-1650: Various fixes from internal audits, fuzzing
and other initiatives
- CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
tip of the 4.9 branch (currently 4.9.385.33).
- Update to Chromium 49.0.2623.87 * Security fixes: - CVE-2016-1643: Type confusion in Blink (boo#970514) - CVE-2016-1644: Use-after-free in Blink (boo#970509) - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)
- Change the build method used on Packman.
* Drop patch no-clang-on-packman.diff . This is no longer required
as that ninja is respecting the build flags correctly.
- Drop unused patch skia.patch
- Update to Chromium 49.0.2623.75
* 26 security fixes, with the most important ones being:
- CVE-2016-1630: Same-origin bypass in Blink
- CVE-2016-1631: Same-origin bypass in Pepper Plugin
- CVE-2016-1632: Bad cast in Extensions
- CVE-2016-1633: Use-after-free in Blink
- CVE-2016-1634: Use-after-free in Blink
- CVE-2016-1635: Use-after-free in Blink
- CVE-2016-1636: SRI Validation Bypass
- CVE-2015-8126: Out-of-bounds access in libpng
- CVE-2016-1637: Information Leak in Skia
- CVE-2016-1638: WebAPI Bypass
- CVE-2016-1639: Use-after-free in WebRTC
- CVE-2016-1640: Origin confusion in Extensions UI
- CVE-2016-1641: Use-after-free in Favicon
- CVE-2016-1642: Various fixes from internal audits, fuzzing
and other initiatives
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9
branch (currently 4.9.385.26)
(boo#969333)
- Update to Chromium 48.0.2564.116
* Fixes a critical security flaw:
- CVE-2016-1629: Same-origin bypass in Blink and Sandbox
escape in Chrome. (boo#967376)
- Update to Chromium 48.0.2564.109
* Security fixes (boo#965999)
- CVE-2016-1622: Same-origin bypass in Extensions
- CVE-2016-1623: Same-origin bypass in DOM
- CVE-2016-1624: Buffer overflow in Brotli
- CVE-2016-1625: Navigation bypass in Chrome Instant
- CVE-2016-1626: Out-of-bounds read in PDFium
- CVE-2016-1627: Various fixes from internal audits, fuzzing
and other initiatives
- Drop the libva support completely. It seems that this is causing more issues than it actually resolves. (boo#965566) * Drop chromium-enable-vaapi.patch
- Don't build with libva support for openSUSE 13.2 and lower (boo#966082)
- Drop completely the option to build with system libraries. This could lead to issues (boo#965738)
- Update to Chromium 48.0.2564.103 * No chnagelog available
- Chromium 111.0.5563.64
* New View Transitions API
* CSS Color Level 4
* New developer tools in style panel for color functionality
* CSS added trigonometric functions, additional root font units
and extended the n-th child pseudo selector.
* previousslide and nextslide actions are now part of the Media
Session API
* A number of security fixes (boo#1209040)
* CVE-2023-1213: Use after free in Swiftshader
* CVE-2023-1214: Type Confusion in V8
* CVE-2023-1215: Type Confusion in CSS
* CVE-2023-1216: Use after free in DevTools
* CVE-2023-1217: Stack buffer overflow in Crash reporting
* CVE-2023-1218: Use after free in WebRTC
* CVE-2023-1219: Heap buffer overflow in Metrics
* CVE-2023-1220: Heap buffer overflow in UMA
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
* CVE-2023-1222: Heap buffer overflow in Web Audio API
* CVE-2023-1223: Insufficient policy enforcement in Autofill
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
* CVE-2023-1225: Insufficient policy enforcement in Navigation
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
* CVE-2023-1227: Use after free in Core
* CVE-2023-1228: Insufficient policy enforcement in Intents
* CVE-2023-1229: Inappropriate implementation in Permission prompts
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
* CVE-2023-1231: Inappropriate implementation in Autofill
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* CVE-2023-1234: Inappropriate implementation in Intents
* CVE-2023-1235: Type Confusion in DevTools
* CVE-2023-1236: Inappropriate implementation in Internals
- drop patches:
* chromium-86-ImageMemoryBarrierData-init.patch
* chromium-93-InkDropHost-crash.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* chromium-icu72-1.patch
- Chromium 110.0.5481.77 (boo#1208029): * CVE-2023-0696: Type Confusion in V8 * CVE-2023-0697: Inappropriate implementation in Full screen mode * CVE-2023-0698: Out of bounds read in WebRTC * CVE-2023-0699: Use after free in GPU * CVE-2023-0700: Inappropriate implementation in Download * CVE-2023-0701: Heap buffer overflow in WebUI * CVE-2023-0702: Type Confusion in Data Transfer * CVE-2023-0703: Type Confusion in DevTools * CVE-2023-0704: Insufficient policy enforcement in DevTools * CVE-2023-0705: Integer overflow in Core * Various fixes from internal audits, fuzzing and other initiatives - build with bundled libavif - dropped patches: * chromium-109-compiler.patch * chromium-icu72-3.patch - added patches: * chromium-110-compiler.patch * chromium-110-system-libffi.patch * chromium-110-NativeThemeBase-fabs.patch * chromium-110-CredentialUIEntry-const.patch * chromium-110-DarkModeLABColorSpace-pow.patch * v8-move-the-Stack-object-from-ThreadLocalTop.patch
- Chromium 110.0.5481.177 (boo#1208589) * CVE-2023-0927: Use after free in Web Payments API * CVE-2023-0928: Use after free in SwiftShader * CVE-2023-0929: Use after free in Vulkan * CVE-2023-0930: Heap buffer overflow in Video * CVE-2023-0931: Use after free in Video * CVE-2023-0932: Use after free in WebRTC * CVE-2023-0933: Integer overflow in PDF * CVE-2023-0941: Use after free in Prompts * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 110.0.5481.100 * fix regression on SAP Business Objects web UI * fix date formatting behavior change from ICU 72
- Added patches:
* chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict
with system icu (bsc#1207147)
* chromium-icu72-2.patch: align default characters for old icu
with that of ICU 72
* chromium-icu72-3.patch: make V8 aware of space in ICU 72 time
format
- Chromium 109.0.5414.74:
* Add support for MathML Core
* CSS: Auto range support for font descriptors inside @font-face
rule
* CSS: Add lh length unit
* CSS: Add hyphenate-limit-chars property
* CSS: Snap border, outline and column-rule widths before layout
* API: Improved screen sharing and web conferencing: hints for
suppressing local audio playback, and Conditional Focus
* API: HTTP response status code in the Resource Timing API
* API: Same-site cross-origin prerendering triggered by the
speculation rules API
* Remove Event.path API
* CVE-2023-0128: Use after free in Overview Mode
* CVE-2023-0129: Heap buffer overflow in Network Service
* CVE-2023-0130: Inappropriate implementation in Fullscreen API
* CVE-2023-0131: Inappropriate implementation in iframe Sandbox
* CVE-2023-0132: Inappropriate implementation in Permission prompts
* CVE-2023-0133: Inappropriate implementation in Permission prompts
* CVE-2023-0134: Use after free in Cart
* CVE-2023-0135: Use after free in Cart
* CVE-2023-0136: Inappropriate implementation in Fullscreen API
* CVE-2023-0137: Heap buffer overflow in Platform Apps
* CVE-2023-0138: Heap buffer overflow in libphonenumber
* CVE-2023-0139: Insufficient validation of untrusted input in Downloads
* CVE-2023-0140: Inappropriate implementation in File System API
* CVE-2023-0141: Insufficient policy enforcement in CORS
* Various fixes from internal audits, fuzzing and other initiatives
- drop patches:
* chromium-gcc11.patch - not needed
* chromium-107-system-zlib.patch - upstream
* chromium-108-compiler.patch
- add patches:
* chromium-109-compiler.patch
* chromium-109-clang-lp154.patch
- Add chromium-disable-GlobalMediaControlsCastStartStop.patch: disable GlobalMediaControlsCastStartStop to fix crashes occurring when interacting with the Media UI (bsc#1198124)
- Chromium 109.0.5414.119 (boo#1207512):
* CVE-2023-0471: Use after free in WebTransport
* CVE-2023-0472: Use after free in WebRTC
* CVE-2023-0473: Type Confusion in ServiceWorker API
* CVE-2023-0474: Use after free in GuestView
* Various fixes from internal audits, fuzzing and other
initiatives
- Chromium 108.0.5359.94: * CVE-2022-4262: Type Confusion in V8 (boo#1205999)
- Chromium 108.0.5359.71 (boo#1205871): * CVE-2022-4174: Type Confusion in V8 * CVE-2022-4175: Use after free in Camera Capture * CVE-2022-4176: Out of bounds write in Lacros Graphics * CVE-2022-4177: Use after free in Extensions * CVE-2022-4178: Use after free in Mojo * CVE-2022-4179: Use after free in Audio * CVE-2022-4180: Use after free in Mojo * CVE-2022-4181: Use after free in Forms * CVE-2022-4182: Inappropriate implementation in Fenced Frames * CVE-2022-4183: Insufficient policy enforcement in Popup Blocker * CVE-2022-4184: Insufficient policy enforcement in Autofill * CVE-2022-4185: Inappropriate implementation in Navigation * CVE-2022-4186: Insufficient validation of untrusted input in Downloads * CVE-2022-4187: Insufficient policy enforcement in DevTools * CVE-2022-4188: Insufficient validation of untrusted input in CORS * CVE-2022-4189: Insufficient policy enforcement in DevTools * CVE-2022-4190: Insufficient data validation in Directory * CVE-2022-4191: Use after free in Sign-In * CVE-2022-4192: Use after free in Live Caption * CVE-2022-4193: Insufficient policy enforcement in File System API * CVE-2022-4194: Use after free in Accessibility * CVE-2022-4195: Insufficient policy enforcement in Safe Browsing - drop chromium-105-wayland-1.20.patch, upstream - drop chromium-107-compiler.patch - add chromium-108-compiler.patch - drop chromium-98-EnumTable-crash.patch
- Chromium 108.0.5359.124 (boo#1206403): * CVE-2022-4436: Use after free in Blink Media * CVE-2022-4437: Use after free in Mojo IPC * CVE-2022-4438: Use after free in Blink Frames * CVE-2022-4439: Use after free in Aura * CVE-2022-4440: Use after free in Profiles
- Chromium 108.0.5359.98 * Fix regression in computing <select> visibility
- Chromium 107.0.5304.87 (boo#1204819) * CVE-2022-3723: Type Confusion in V8
- Chromium 107.0.5304.68 (boo#1204732) * CVE-2022-3652: Type Confusion in V8 * CVE-2022-3653: Heap buffer overflow in Vulkan * CVE-2022-3654: Use after free in Layout * CVE-2022-3655: Heap buffer overflow in Media Galleries * CVE-2022-3656: Insufficient data validation in File System * CVE-2022-3657: Use after free in Extensions * CVE-2022-3658: Use after free in Feedback service on Chrome OS * CVE-2022-3659: Use after free in Accessibility * CVE-2022-3660: Inappropriate implementation in Full screen mode * CVE-2022-3661: Insufficient data validation in Extensions - Added patches: * chromium-107-compiler.patch * chromium-107-system-zlib.patch - Removed patches: * chromium-105-compiler.patch * chromium-105-Bitmap-include.patch * chromium-106-AutofillPopupControllerImpl-namespace.patch - Unbundle libyuv and libavif on TW - Prepare 15.5 - Use qt on 15.4+ (15.3 too old)
- Chromium 107.0.5304.121 (boo#1205736) * CVE-2022-4135: Heap buffer overflow in GPU
- Build with llvm15 on openSUSE:Backports:SLE-15-SP5 and up
- Chromium 107.0.5304.110 (boo#1205221) * CVE-2022-3885: Use after free in V8 * CVE-2022-3886: Use after free in Speech Recognition * CVE-2022-3887: Use after free in Web Workers * CVE-2022-3888: Use after free in WebCodecs * CVE-2022-3889: Type Confusion in V8 * CVE-2022-3890: Heap buffer overflow in Crashpad
- Chromium 106.0.5249.91 (boo#1203808): * CVE-2022-3370: Use after free in Custom Elements * CVE-2022-3373: Out of bounds write in V8 - includes changes from 106.0.5249.61: * CVE-2022-3304: Use after free in CSS * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools * CVE-2022-3305: Use after free in Survey * CVE-2022-3306: Use after free in Survey * CVE-2022-3307: Use after free in Media * CVE-2022-3308: Insufficient policy enforcement in Developer Tools * CVE-2022-3309: Use after free in Assistant * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs * CVE-2022-3311: Use after free in Import * CVE-2022-3312: Insufficient validation of untrusted input in VPN * CVE-2022-3313: Incorrect security UI in Full Screen * CVE-2022-3314: Use after free in Logging * CVE-2022-3315: Type confusion in Blink * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-3317: Insufficient validation of untrusted input in Intents * CVE-2022-3318: Use after free in ChromeOS Notifications - drop patches: * chromium-104-tflite-system-zlib.patch * chromium-105-AdjustMaskLayerGeometry-ceilf.patch * chromium-105-Trap-raw_ptr.patch * chromium-105-browser_finder-include.patch * chromium-105-raw_ptr-noexcept.patch - add patches * chromium-106-ffmpeg-duration.patch * chromium-106-AutofillPopupControllerImpl-namespace.patch
- Chromium 106.0.5249.119 (boo#1204223) * CVE-2022-3445: Use after free in Skia * CVE-2022-3446: Heap buffer overflow in WebSQL * CVE-2022-3447: Inappropriate implementation in Custom Tabs * CVE-2022-3448: Use after free in Permissions API * CVE-2022-3449: Use after free in Safe Browsing * CVE-2022-3450: Use after free in Peer Connection
- Chromium 106.0.5249.103:
* fix possible cache manager deadlock
* Fix right-click menu appearing unexpectedly affecting screen
readers
- Chromium 105.0.5195.127 (boo#1203419): * CVE-2022-3195: Out of bounds write in Storage * CVE-2022-3196: Use after free in PDF * CVE-2022-3197: Use after free in PDF * CVE-2022-3198: Use after free in PDF * CVE-2022-3199: Use after free in Frames * CVE-2022-3200: Heap buffer overflow in Internals * CVE-2022-3201: Insufficient validation of untrusted input in DevTools * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 105.0.5195.102 (boo#1203102): * CVE-2022-3075: Insufficient data validation in Mojo - Chromium 105.0.5195.52 (boo#1202964): * CVE-2022-3038: Use after free in Network Service * CVE-2022-3039: Use after free in WebSQL * CVE-2022-3040: Use after free in Layout * CVE-2022-3041: Use after free in WebSQL * CVE-2022-3042: Use after free in PhoneHub * CVE-2022-3043: Heap buffer overflow in Screen Capture * CVE-2022-3044: Inappropriate implementation in Site Isolation * CVE-2022-3045: Insufficient validation of untrusted input in V8 * CVE-2022-3046: Use after free in Browser Tag * CVE-2022-3071: Use after free in Tab Strip * CVE-2022-3047: Insufficient policy enforcement in Extensions API * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen * CVE-2022-3049: Use after free in SplitScreen * CVE-2022-3050: Heap buffer overflow in WebUI * CVE-2022-3051: Heap buffer overflow in Exosphere * CVE-2022-3052: Heap buffer overflow in Window Manager * CVE-2022-3053: Inappropriate implementation in Pointer Lock * CVE-2022-3054: Insufficient policy enforcement in DevTools * CVE-2022-3055: Use after free in Passwords * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy * CVE-2022-3057: Inappropriate implementation in iframe Sandbox * CVE-2022-3058: Use after free in Sign-In Flow - Added patches: * chromium-105-AdjustMaskLayerGeometry-ceilf.patch * chromium-105-Bitmap-include.patch * chromium-105-browser_finder-include.patch * chromium-105-raw_ptr-noexcept.patch * chromium-105-Trap-raw_ptr.patch * chromium-105-wayland-1.20.patch * chromium-105-compiler.patch - Removed patches: * chromium-104-compiler.patch * chromium-104-ContentRendererClient-type.patch * chromium-78-protobuf-RepeatedPtrField-export.patch
- Update chromium-symbolic.svg: this fixes bsc#1202403.
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
- Chromium 104.0.5112.79 (boo#1202075) * CVE-2022-2603: Use after free in Omnibox * CVE-2022-2604: Use after free in Safe Browsing * CVE-2022-2605: Out of bounds read in Dawn * CVE-2022-2606: Use after free in Managed devices API * CVE-2022-2607: Use after free in Tab Strip * CVE-2022-2608: Use after free in Overview Mode * CVE-2022-2609: Use after free in Nearby Share * CVE-2022-2610: Insufficient policy enforcement in Background Fetch * CVE-2022-2611: Inappropriate implementation in Fullscreen API * CVE-2022-2612: Side-channel information leakage in Keyboard input * CVE-2022-2613: Use after free in Input * CVE-2022-2614: Use after free in Sign-In Flow * CVE-2022-2615: Insufficient policy enforcement in Cookies * CVE-2022-2616: Inappropriate implementation in Extensions API * CVE-2022-2617: Use after free in Extensions API * CVE-2022-2618: Insufficient validation of untrusted input in Internals * CVE-2022-2619: Insufficient validation of untrusted input in Settings * CVE-2022-2620: Use after free in WebUI * CVE-2022-2621: Use after free in Extensions * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing * CVE-2022-2623: Use after free in Offline * CVE-2022-2624: Heap buffer overflow in PDF - Added patches: * chromium-104-compiler.patch * chromium-104-ContentRendererClient-type.patch * chromium-104-tflite-system-zlib.patch - Removed patches: * chromium-103-SubstringSetMatcher-packed.patch * chromium-103-FrameLoadRequest-type.patch * chromium-103-compiler.patch - Use FFmpeg 5.1 on TW
- Switch back to Clang so that we can use BTI on aarch64 * Gold is too old - doesn't understand BTI * LD crashes on aarch64 - Re-enable LTO - Prepare move to FFmpeg 5 for new channel layout (requires 5.1+)
- Chromium 104.0.5112.101 (boo#1202509): * CVE-2022-2852: Use after free in FedCM * CVE-2022-2854: Use after free in SwiftShader * CVE-2022-2855: Use after free in ANGLE * CVE-2022-2857: Use after free in Blink * CVE-2022-2858: Use after free in Sign-In Flow * CVE-2022-2853: Heap buffer overflow in Downloads * CVE-2022-2856: Insufficient validation of untrusted input in Intents * CVE-2022-2859: Use after free in Chrome OS Shell * CVE-2022-2860: Insufficient policy enforcement in Cookies * CVE-2022-2861: Inappropriate implementation in Extensions API
- Re-enable our version of chrome-wrapper - Set no sandbox if root is being used (https://crbug.com/638180)
- Chromium 103.0.5060.53 (boo#1200783) * CVE-2022-2156: Use after free in Base * CVE-2022-2157: Use after free in Interest groups * CVE-2022-2158: Type Confusion in V8 * CVE-2022-2160: Insufficient policy enforcement in DevTools * CVE-2022-2161: Use after free in WebApp Provider * CVE-2022-2162: Insufficient policy enforcement in File System API * CVE-2022-2163: Use after free in Cast UI and Toolbar * CVE-2022-2164: Inappropriate implementation in Extensions API * CVE-2022-2165: Insufficient data validation in URL formatting - Added patches: * chromium-103-FrameLoadRequest-type.patch * chromium-103-SubstringSetMatcher-packed.patch * chromium-103-VirtualCursor-std-layout.patch * chromium-103-compiler.patch - Removed patches: * chromium-102-compiler.patch * chromium-91-sql-standard-layout-type.patch * chromium-101-libxml-unbundle.patch * chromium-102-fenced_frame_utils-include.patch * chromium-102-swiftshader-template-instantiation.patch * chromium-102-symbolize-include.patch * chromium-97-arm-tflite-cast.patch * chromium-97-ScrollView-reference.patch
- Chromium 103.0.5060.134 (boo#1201679): * CVE-2022-2477 : Use after free in Guest View * CVE-2022-2478 : Use after free in PDF * CVE-2022-2479 : Insufficient validation of untrusted input in File * CVE-2022-2480 : Use after free in Service Worker API * CVE-2022-2481: Use after free in Views * CVE-2022-2163: Use after free in Cast UI and Toolbar * Various fixes from internal audits, fuzzing and other initiatives
- Chromium 103.0.5060.114 (boo#1201216) * CVE-2022-2294: Heap buffer overflow in WebRTC * CVE-2022-2295: Type Confusion in V8 * CVE-2022-2296: Use after free in Chrome OS Shell
- Chromium 103.0.5060.66 * no upstream release notes
- Disable ARM control flow integrity, it causes build issues at the moment - Try a different SVG (black logo on GNOME) - Removed patches: * chromium-third_party-symbolize-missing-include.patch (replaced by chromium-102-symbolize-include.patch)
- Chromium 102.0.5001.61 (boo#1199893) * CVE-2022-1853: Use after free in Indexed DB * CVE-2022-1854: Use after free in ANGLE * CVE-2022-1855: Use after free in Messaging * CVE-2022-1856: Use after free in User Education * CVE-2022-1857: Insufficient policy enforcement in File System API * CVE-2022-1858: Out of bounds read in DevTools * CVE-2022-1859: Use after free in Performance Manager * CVE-2022-1860: Use after free in UI Foundations * CVE-2022-1861: Use after free in Sharing * CVE-2022-1862: Inappropriate implementation in Extensions * CVE-2022-1863: Use after free in Tab Groups * CVE-2022-1864: Use after free in WebApp Installs * CVE-2022-1865: Use after free in Bookmarks * CVE-2022-1866: Use after free in Tablet Mode * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer * CVE-2022-1868: Inappropriate implementation in Extensions API * CVE-2022-1869: Type Confusion in V8 * CVE-2022-1870: Use after free in App Service * CVE-2022-1871: Insufficient policy enforcement in File System API * CVE-2022-1872: Insufficient policy enforcement in Extensions API * CVE-2022-1873: Insufficient policy enforcement in COOP * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing * CVE-2022-1875: Inappropriate implementation in PDF * CVE-2022-1876: Heap buffer overflow in DevTools - Added patches: * chromium-102-compiler.patch * chromium-102-fenced_frame_utils-include.patch * chromium-102-regex_pattern-array.patch * chromium-102-swiftshader-template-instantiation.patch * chromium-102-symbolize-include.patch * ffmpeg-new-channel-layout.patch - Removed patches: * chromium-100-compiler.patch * chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch * chromium-95-quiche-include.patch * chromium-fix-swiftshader-template.patch * chromium-missing-include-tuple.patch * chromium-webrtc-stats-missing-vector.patch * chromium-101-segmentation_platform-type.patch
- Chromium 102.0.5005.115 (boo#1200423) * CVE-2022-2007: Use after free in WebGPU * CVE-2022-2008: Out of bounds memory access in WebGL * CVE-2022-2010: Out of bounds read in compositing * CVE-2022-2011: Use after free in ANGLE
- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)
- Chromium 101.0.4951.67 * fixes for other platforms
- Revert wayland fixes because it doesn't handle GPU correctly (boo#1194182)
- Chromium 101.0.4951.64 (boo#1199409) * CVE-2022-1633: Use after free in Sharesheet * CVE-2022-1634: Use after free in Browser UI * CVE-2022-1635: Use after free in Permission Prompts * CVE-2022-1636: Use after free in Performance APIs * CVE-2022-1637: Inappropriate implementation in Web Contents * CVE-2022-1638: Heap buffer overflow in V8 Internationalization * CVE-2022-1639: Use after free in ANGLE * CVE-2022-1640: Use after free in Sharing * CVE-2022-1641: Use after free in Web UI Diagnostics
- Chromium 101.0.4951.54 (boo#1199118) - Chromium 101.0.4951.41 (boo#1198917) * CVE-2022-1477: Use after free in Vulkan * CVE-2022-1478: Use after free in SwiftShader * CVE-2022-1479: Use after free in ANGLE * CVE-2022-1480: Use after free in Device API * CVE-2022-1481: Use after free in Sharing * CVE-2022-1482: Inappropriate implementation in WebGL * CVE-2022-1483: Heap buffer overflow in WebGPU * CVE-2022-1484: Heap buffer overflow in Web UI Settings * CVE-2022-1485: Use after free in File System API * CVE-2022-1486: Type Confusion in V8 * CVE-2022-1487: Use after free in Ozone * CVE-2022-1488: Inappropriate implementation in Extensions API * CVE-2022-1489: Out of bounds memory access in UI Shelf * CVE-2022-1490: Use after free in Browser Switcher * CVE-2022-1491: Use after free in Bookmarks * CVE-2022-1492: Insufficient data validation in Blink Editing * CVE-2022-1493: Use after free in Dev Tools * CVE-2022-1494: Insufficient data validation in Trusted Types * CVE-2022-1495: Incorrect security UI in Downloads * CVE-2022-1496: Use after free in File Manager * CVE-2022-1497: Inappropriate implementation in Input * CVE-2022-1498: Inappropriate implementation in HTML Parser * CVE-2022-1499: Inappropriate implementation in WebAuthentication * CVE-2022-1500: Insufficient data validation in Dev Tools * CVE-2022-1501: Inappropriate implementation in iframe - Added patches: * chromium-101-libxml-unbundle.patch * chromium-101-segmentation_platform-type.patch - Removed patches: * chromium-100-SCTHashdanceMetadata-move.patch * chromium-100-GLImplementationParts-constexpr.patch * chromium-100-macro-typo.patch
- Fixes for go 1.18
- Chromium 100.0.4896.88 (boo#1198361) * CVE-2022-1305: Use after free in storage * CVE-2022-1306: Inappropriate implementation in compositing * CVE-2022-1307: Inappropriate implementation in full screen * CVE-2022-1308: Use after free in BFCache * CVE-2022-1309: Insufficient policy enforcement in developer tools * CVE-2022-1310: Use after free in regular expressions * CVE-2022-1311: Use after free in Chrome OS shell * CVE-2022-1312: Use after free in storage * CVE-2022-1313: Use after free in tab groups * CVE-2022-1314: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives
- Patches for GCC 12: * chromium-fix-swiftshader-template.patch * chromium-missing-include-tuple.patch * chromium-webrtc-stats-missing-vector.patch
- Chromium 100.0.4896.75: * CVE-2022-1232: Type Confusion in V8 (boo#1198053)
- Chromium 100.0.4896.60 (boo#1197680) * CVE-2022-1125: Use after free in Portals * CVE-2022-1127: Use after free in QR Code Generator * CVE-2022-1128: Inappropriate implementation in Web Share API * CVE-2022-1129: Inappropriate implementation in Full Screen Mode * CVE-2022-1130: Insufficient validation of untrusted input in WebOTP * CVE-2022-1131: Use after free in Cast UI * CVE-2022-1132: Inappropriate implementation in Virtual Keyboard * CVE-2022-1133: Use after free in WebRTC * CVE-2022-1134: Type Confusion in V8 * CVE-2022-1135: Use after free in Shopping Cart * CVE-2022-1136: Use after free in Tab Strip * CVE-2022-1137: Inappropriate implementation in Extensions * CVE-2022-1138: Inappropriate implementation in Web Cursor * CVE-2022-1139: Inappropriate implementation in Background Fetch API * CVE-2022-1141: Use after free in File Manager * CVE-2022-1142: Heap buffer overflow in WebUI * CVE-2022-1143: Heap buffer overflow in WebUI * CVE-2022-1144: Use after free in WebUI * CVE-2022-1145: Use after free in Extensions * CVE-2022-1146: Inappropriate implementation in Resource Timing - Added patches: * chromium-100-compiler.patch * chromium-100-GLImplementationParts-constexpr.patch * chromium-100-InMilliseconds-constexpr.patch * chromium-100-SCTHashdanceMetadata-move.patch * chromium-100-macro-typo.patch - Removed patches: * chromium-98-compiler.patch * chromium-86-nearby-explicit.patch * chromium-glibc-2.34.patch * chromium-v8-missing-utility-include.patch * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
- Update disk constraints
- Chromium 100.0.4896.127 (boo#1198509) * CVE-2022-1364: Type Confusion in V8 * Various fixes from internal audits, fuzzing and other initiatives