chromium-61.0.3163.79-29.1

- Update to 61.0.3163.79 bsc#1057364:
  * CVE-2017-5111: Use after free in PDFium.
  * CVE-2017-5112: Heap buffer overflow in WebGL.
  * CVE-2017-5113: Heap buffer overflow in Skia.
  * CVE-2017-5114: Memory lifecycle issue in PDFium.
  * CVE-2017-5115: Type confusion in V8.
  * CVE-2017-5116: Type confusion in V8.
  * CVE-2017-5117: Use of uninitialized value in Skia.
  * CVE-2017-5118: Bypass of Content Security Policy in Blink.
  * CVE-2017-5119: Use of uninitialized value in Skia.
  * CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
- Rebase patch:
  * fix-gn-bootstrap.diff
- Remove patches:
  * chromium-gcc7.patch
  * chromium-override.patch
- Add new patches:
  * chromium-atk.patch
  * chromium-gcc5.patch
  * chromium-mojo-dep.patch
- Gtk3 is hard required from now on
- Version some of the required dependencies

- fix build with Factory glibc:
  add chromium-60.0.3112.113-breakpad-ucontext.patch

- Version update to 60.0.3112.113:
  * Various bugfixes

- Version update to 60.0.3112.101:
  * various usability bugfixes

- Version update to 60.0.3112.90:
  * Various usability bugfixes

- Recommend emoji fonts to make sure major web chats do not show
  questionmarks

- Chromium 100.0.4896.127 (boo#1198509)
  * CVE-2022-1364: Type Confusion in V8
  * Various fixes from internal audits, fuzzing and other initiatives

- Chromium 100.0.4896.88 (boo#1198361)
  * CVE-2022-1305: Use after free in storage
  * CVE-2022-1306: Inappropriate implementation in compositing
  * CVE-2022-1307: Inappropriate implementation in full screen
  * CVE-2022-1308: Use after free in BFCache
  * CVE-2022-1309: Insufficient policy enforcement in developer tools
  * CVE-2022-1310: Use after free in regular expressions
  * CVE-2022-1311: Use after free in Chrome OS shell
  * CVE-2022-1312: Use after free in storage
  * CVE-2022-1313: Use after free in tab groups
  * CVE-2022-1314: Type Confusion in V8
  * Various fixes from internal audits, fuzzing and other initiatives

- Patches for GCC 12:
  * chromium-fix-swiftshader-template.patch
  * chromium-missing-include-tuple.patch
  * chromium-webrtc-stats-missing-vector.patch

- Chromium 100.0.4896.75:
  * CVE-2022-1232: Type Confusion in V8 (boo#1198053)

- Chromium 100.0.4896.60 (boo#1197680)
  * CVE-2022-1125: Use after free in Portals
  * CVE-2022-1127: Use after free in QR Code Generator
  * CVE-2022-1128: Inappropriate implementation in Web Share API
  * CVE-2022-1129: Inappropriate implementation in Full Screen Mode
  * CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
  * CVE-2022-1131: Use after free in Cast UI
  * CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
  * CVE-2022-1133: Use after free in WebRTC
  * CVE-2022-1134: Type Confusion in V8
  * CVE-2022-1135: Use after free in Shopping Cart
  * CVE-2022-1136: Use after free in Tab Strip
  * CVE-2022-1137: Inappropriate implementation in Extensions
  * CVE-2022-1138: Inappropriate implementation in Web Cursor
  * CVE-2022-1139: Inappropriate implementation in Background Fetch API
  * CVE-2022-1141: Use after free in File Manager
  * CVE-2022-1142: Heap buffer overflow in WebUI
  * CVE-2022-1143: Heap buffer overflow in WebUI
  * CVE-2022-1144: Use after free in WebUI
  * CVE-2022-1145: Use after free in Extensions
  * CVE-2022-1146: Inappropriate implementation in Resource Timing
- Added patches:
  * chromium-100-compiler.patch
  * chromium-100-GLImplementationParts-constexpr.patch
  * chromium-100-InMilliseconds-constexpr.patch
  * chromium-100-SCTHashdanceMetadata-move.patch
  * chromium-100-macro-typo.patch
- Removed patches:
  * chromium-98-compiler.patch
  * chromium-86-nearby-explicit.patch
  * chromium-glibc-2.34.patch
  * chromium-v8-missing-utility-include.patch
  * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch

- Update disk constraints

- Chromium 101.0.4951.54 (boo#1199118)
- Chromium 101.0.4951.41 (boo#1198917)
  * CVE-2022-1477: Use after free in Vulkan
  * CVE-2022-1478: Use after free in SwiftShader
  * CVE-2022-1479: Use after free in ANGLE
  * CVE-2022-1480: Use after free in Device API
  * CVE-2022-1481: Use after free in Sharing
  * CVE-2022-1482: Inappropriate implementation in WebGL
  * CVE-2022-1483: Heap buffer overflow in WebGPU
  * CVE-2022-1484: Heap buffer overflow in Web UI Settings
  * CVE-2022-1485: Use after free in File System API
  * CVE-2022-1486: Type Confusion in V8
  * CVE-2022-1487: Use after free in Ozone
  * CVE-2022-1488: Inappropriate implementation in Extensions API
  * CVE-2022-1489: Out of bounds memory access in UI Shelf
  * CVE-2022-1490: Use after free in Browser Switcher
  * CVE-2022-1491: Use after free in Bookmarks
  * CVE-2022-1492: Insufficient data validation in Blink Editing
  * CVE-2022-1493: Use after free in Dev Tools
  * CVE-2022-1494: Insufficient data validation in Trusted Types
  * CVE-2022-1495: Incorrect security UI in Downloads
  * CVE-2022-1496: Use after free in File Manager
  * CVE-2022-1497: Inappropriate implementation in Input
  * CVE-2022-1498: Inappropriate implementation in HTML Parser
  * CVE-2022-1499: Inappropriate implementation in WebAuthentication
  * CVE-2022-1500: Insufficient data validation in Dev Tools
  * CVE-2022-1501: Inappropriate implementation in iframe
- Added patches:
  * chromium-101-libxml-unbundle.patch
  * chromium-101-segmentation_platform-type.patch
- Removed patches:
  * chromium-100-SCTHashdanceMetadata-move.patch
  * chromium-100-GLImplementationParts-constexpr.patch
  * chromium-100-macro-typo.patch

- Fixes for go 1.18

- Chromium 101.0.4951.64 (boo#1199409)
  * CVE-2022-1633: Use after free in Sharesheet
  * CVE-2022-1634: Use after free in Browser UI
  * CVE-2022-1635: Use after free in Permission Prompts
  * CVE-2022-1636: Use after free in Performance APIs
  * CVE-2022-1637: Inappropriate implementation in Web Contents
  * CVE-2022-1638: Heap buffer overflow in V8 Internationalization
  * CVE-2022-1639: Use after free in ANGLE
  * CVE-2022-1640: Use after free in Sharing
  * CVE-2022-1641: Use after free in Web UI Diagnostics

- Chromium 101.0.4951.67
  * fixes for other platforms

- Revert wayland fixes because it doesn't handle GPU correctly
  (boo#1194182)

- Chromium 102.0.5005.115 (boo#1200423)
  * CVE-2022-2007: Use after free in WebGPU
  * CVE-2022-2008: Out of bounds memory access in WebGL
  * CVE-2022-2010: Out of bounds read in compositing
  * CVE-2022-2011: Use after free in ANGLE

- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)

- Disable ARM control flow integrity, it causes build issues
  at the moment
- Try a different SVG (black logo on GNOME)
- Removed patches:
  * chromium-third_party-symbolize-missing-include.patch
  (replaced by chromium-102-symbolize-include.patch)

- Chromium 102.0.5001.61 (boo#1199893)
  * CVE-2022-1853: Use after free in Indexed DB
  * CVE-2022-1854: Use after free in ANGLE
  * CVE-2022-1855: Use after free in Messaging
  * CVE-2022-1856: Use after free in User Education
  * CVE-2022-1857: Insufficient policy enforcement in File System API
  * CVE-2022-1858: Out of bounds read in DevTools
  * CVE-2022-1859: Use after free in Performance Manager
  * CVE-2022-1860: Use after free in UI Foundations
  * CVE-2022-1861: Use after free in Sharing
  * CVE-2022-1862: Inappropriate implementation in Extensions
  * CVE-2022-1863: Use after free in Tab Groups
  * CVE-2022-1864: Use after free in WebApp Installs
  * CVE-2022-1865: Use after free in Bookmarks
  * CVE-2022-1866: Use after free in Tablet Mode
  * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
  * CVE-2022-1868: Inappropriate implementation in Extensions API
  * CVE-2022-1869: Type Confusion in V8
  * CVE-2022-1870: Use after free in App Service
  * CVE-2022-1871: Insufficient policy enforcement in File System API
  * CVE-2022-1872: Insufficient policy enforcement in Extensions API
  * CVE-2022-1873: Insufficient policy enforcement in COOP
  * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
  * CVE-2022-1875: Inappropriate implementation in PDF
  * CVE-2022-1876: Heap buffer overflow in DevTools
- Added patches:
  * chromium-102-compiler.patch
  * chromium-102-fenced_frame_utils-include.patch
  * chromium-102-regex_pattern-array.patch
  * chromium-102-swiftshader-template-instantiation.patch
  * chromium-102-symbolize-include.patch
  * ffmpeg-new-channel-layout.patch
- Removed patches:
  * chromium-100-compiler.patch
  * chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
  * chromium-95-quiche-include.patch
  * chromium-fix-swiftshader-template.patch
  * chromium-missing-include-tuple.patch
  * chromium-webrtc-stats-missing-vector.patch
  * chromium-101-segmentation_platform-type.patch

- Chromium 103.0.5060.114 (boo#1201216)
  * CVE-2022-2294: Heap buffer overflow in WebRTC
  * CVE-2022-2295: Type Confusion in V8
  * CVE-2022-2296: Use after free in Chrome OS Shell

- Chromium 103.0.5060.66
  * no upstream release notes

- Chromium 103.0.5060.134 (boo#1201679):
  * CVE-2022-2477 : Use after free in Guest View
  * CVE-2022-2478 : Use after free in PDF
  * CVE-2022-2479 : Insufficient validation of untrusted input in File
  * CVE-2022-2480 : Use after free in Service Worker API
  * CVE-2022-2481: Use after free in Views
  * CVE-2022-2163: Use after free in Cast UI and Toolbar
  * Various fixes from internal audits, fuzzing and other initiatives

- Chromium 103.0.5060.53 (boo#1200783)
  * CVE-2022-2156: Use after free in Base
  * CVE-2022-2157: Use after free in Interest groups
  * CVE-2022-2158: Type Confusion in V8
  * CVE-2022-2160: Insufficient policy enforcement in DevTools
  * CVE-2022-2161: Use after free in WebApp Provider
  * CVE-2022-2162: Insufficient policy enforcement in File System API
  * CVE-2022-2163: Use after free in Cast UI and Toolbar
  * CVE-2022-2164: Inappropriate implementation in Extensions API
  * CVE-2022-2165: Insufficient data validation in URL formatting
- Added patches:
  * chromium-103-FrameLoadRequest-type.patch
  * chromium-103-SubstringSetMatcher-packed.patch
  * chromium-103-VirtualCursor-std-layout.patch
  * chromium-103-compiler.patch
- Removed patches:
  * chromium-102-compiler.patch
  * chromium-91-sql-standard-layout-type.patch
  * chromium-101-libxml-unbundle.patch
  * chromium-102-fenced_frame_utils-include.patch
  * chromium-102-swiftshader-template-instantiation.patch
  * chromium-102-symbolize-include.patch
  * chromium-97-arm-tflite-cast.patch
  * chromium-97-ScrollView-reference.patch

- Chromium 104.0.5112.101 (boo#1202509):
  * CVE-2022-2852: Use after free in FedCM
  * CVE-2022-2854: Use after free in SwiftShader
  * CVE-2022-2855: Use after free in ANGLE
  * CVE-2022-2857: Use after free in Blink
  * CVE-2022-2858: Use after free in Sign-In Flow
  * CVE-2022-2853: Heap buffer overflow in Downloads
  * CVE-2022-2856: Insufficient validation of untrusted input in Intents
  * CVE-2022-2859: Use after free in Chrome OS Shell
  * CVE-2022-2860: Insufficient policy enforcement in Cookies
  * CVE-2022-2861: Inappropriate implementation in Extensions API

- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)

- Chromium 104.0.5112.79 (boo#1202075)
  * CVE-2022-2603: Use after free in Omnibox
  * CVE-2022-2604: Use after free in Safe Browsing
  * CVE-2022-2605: Out of bounds read in Dawn
  * CVE-2022-2606: Use after free in Managed devices API
  * CVE-2022-2607: Use after free in Tab Strip
  * CVE-2022-2608: Use after free in Overview Mode
  * CVE-2022-2609: Use after free in Nearby Share
  * CVE-2022-2610: Insufficient policy enforcement in Background Fetch
  * CVE-2022-2611: Inappropriate implementation in Fullscreen API
  * CVE-2022-2612: Side-channel information leakage in Keyboard input
  * CVE-2022-2613: Use after free in Input
  * CVE-2022-2614: Use after free in Sign-In Flow
  * CVE-2022-2615: Insufficient policy enforcement in Cookies
  * CVE-2022-2616: Inappropriate implementation in Extensions API
  * CVE-2022-2617: Use after free in Extensions API
  * CVE-2022-2618: Insufficient validation of untrusted input in Internals
  * CVE-2022-2619: Insufficient validation of untrusted input in Settings
  * CVE-2022-2620: Use after free in WebUI
  * CVE-2022-2621: Use after free in Extensions
  * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-2623: Use after free in Offline
  * CVE-2022-2624: Heap buffer overflow in PDF
- Added patches:
  * chromium-104-compiler.patch
  * chromium-104-ContentRendererClient-type.patch
  * chromium-104-tflite-system-zlib.patch
- Removed patches:
  * chromium-103-SubstringSetMatcher-packed.patch
  * chromium-103-FrameLoadRequest-type.patch
  * chromium-103-compiler.patch
- Use FFmpeg 5.1 on TW

- Switch back to Clang so that we can use BTI on aarch64
  * Gold is too old - doesn't understand BTI
  * LD crashes on aarch64
- Re-enable LTO
- Prepare move to FFmpeg 5 for new channel layout
  (requires 5.1+)

- Chromium 105.0.5195.102 (boo#1203102):
  * CVE-2022-3075: Insufficient data validation in Mojo
- Chromium 105.0.5195.52 (boo#1202964):
  * CVE-2022-3038: Use after free in Network Service
  * CVE-2022-3039: Use after free in WebSQL
  * CVE-2022-3040: Use after free in Layout
  * CVE-2022-3041: Use after free in WebSQL
  * CVE-2022-3042: Use after free in PhoneHub
  * CVE-2022-3043: Heap buffer overflow in Screen Capture
  * CVE-2022-3044: Inappropriate implementation in Site Isolation
  * CVE-2022-3045: Insufficient validation of untrusted input in V8
  * CVE-2022-3046: Use after free in Browser Tag
  * CVE-2022-3071: Use after free in Tab Strip
  * CVE-2022-3047: Insufficient policy enforcement in Extensions API
  * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
  * CVE-2022-3049: Use after free in SplitScreen
  * CVE-2022-3050: Heap buffer overflow in WebUI
  * CVE-2022-3051: Heap buffer overflow in Exosphere
  * CVE-2022-3052: Heap buffer overflow in Window Manager
  * CVE-2022-3053: Inappropriate implementation in Pointer Lock
  * CVE-2022-3054: Insufficient policy enforcement in DevTools
  * CVE-2022-3055: Use after free in Passwords
  * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
  * CVE-2022-3057: Inappropriate implementation in iframe Sandbox
  * CVE-2022-3058: Use after free in Sign-In Flow
- Added patches:
  * chromium-105-AdjustMaskLayerGeometry-ceilf.patch
  * chromium-105-Bitmap-include.patch
  * chromium-105-browser_finder-include.patch
  * chromium-105-raw_ptr-noexcept.patch
  * chromium-105-Trap-raw_ptr.patch
  * chromium-105-wayland-1.20.patch
  * chromium-105-compiler.patch
- Removed patches:
  * chromium-104-compiler.patch
  * chromium-104-ContentRendererClient-type.patch
  * chromium-78-protobuf-RepeatedPtrField-export.patch

- Update chromium-symbolic.svg: this fixes bsc#1202403.

- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH

- Chromium 105.0.5195.127 (boo#1203419):
  * CVE-2022-3195: Out of bounds write in Storage
  * CVE-2022-3196: Use after free in PDF
  * CVE-2022-3197: Use after free in PDF
  * CVE-2022-3198: Use after free in PDF
  * CVE-2022-3199: Use after free in Frames
  * CVE-2022-3200: Heap buffer overflow in Internals
  * CVE-2022-3201: Insufficient validation of untrusted input in DevTools
  * Various fixes from internal audits, fuzzing and other initiatives

- Chromium 106.0.5249.119 (boo#1204223)
  * CVE-2022-3445: Use after free in Skia
  * CVE-2022-3446: Heap buffer overflow in WebSQL
  * CVE-2022-3447: Inappropriate implementation in Custom Tabs
  * CVE-2022-3448: Use after free in Permissions API
  * CVE-2022-3449: Use after free in Safe Browsing
  * CVE-2022-3450: Use after free in Peer Connection

- Chromium 106.0.5249.103:
  * fix possible cache manager deadlock
  * Fix right-click menu appearing unexpectedly affecting screen
    readers

- Chromium 106.0.5249.91 (boo#1203808):
  * CVE-2022-3370: Use after free in Custom Elements
  * CVE-2022-3373: Out of bounds write in V8
- includes changes from 106.0.5249.61:
  * CVE-2022-3304: Use after free in CSS
  * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
  * CVE-2022-3305: Use after free in Survey
  * CVE-2022-3306: Use after free in Survey
  * CVE-2022-3307: Use after free in Media
  * CVE-2022-3308: Insufficient policy enforcement in Developer Tools
  * CVE-2022-3309: Use after free in Assistant
  * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
  * CVE-2022-3311: Use after free in Import
  * CVE-2022-3312: Insufficient validation of untrusted input in VPN
  * CVE-2022-3313: Incorrect security UI in Full Screen
  * CVE-2022-3314: Use after free in Logging
  * CVE-2022-3315: Type confusion in Blink
  * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-3317: Insufficient validation of untrusted input in Intents
  * CVE-2022-3318: Use after free in ChromeOS Notifications
- drop patches:
  * chromium-104-tflite-system-zlib.patch
  * chromium-105-AdjustMaskLayerGeometry-ceilf.patch
  * chromium-105-Trap-raw_ptr.patch
  * chromium-105-browser_finder-include.patch
  * chromium-105-raw_ptr-noexcept.patch
- add patches
  * chromium-106-ffmpeg-duration.patch
  * chromium-106-AutofillPopupControllerImpl-namespace.patch

- Chromium 107.0.5304.110 (boo#1205221)
  * CVE-2022-3885: Use after free in V8
  * CVE-2022-3886: Use after free in Speech Recognition
  * CVE-2022-3887: Use after free in Web Workers
  * CVE-2022-3888: Use after free in WebCodecs
  * CVE-2022-3889: Type Confusion in V8
  * CVE-2022-3890: Heap buffer overflow in Crashpad

- Chromium 107.0.5304.121 (boo#1205736)
  * CVE-2022-4135: Heap buffer overflow in GPU

- Build with llvm15 on openSUSE:Backports:SLE-15-SP5 and up

- Chromium 107.0.5304.87 (boo#1204819)
  * CVE-2022-3723: Type Confusion in V8

- Chromium 107.0.5304.68 (boo#1204732)
  * CVE-2022-3652: Type Confusion in V8
  * CVE-2022-3653: Heap buffer overflow in Vulkan
  * CVE-2022-3654: Use after free in Layout
  * CVE-2022-3655: Heap buffer overflow in Media Galleries
  * CVE-2022-3656: Insufficient data validation in File System
  * CVE-2022-3657: Use after free in Extensions
  * CVE-2022-3658: Use after free in Feedback service on Chrome OS
  * CVE-2022-3659: Use after free in Accessibility
  * CVE-2022-3660: Inappropriate implementation in Full screen mode
  * CVE-2022-3661: Insufficient data validation in Extensions
- Added patches:
  * chromium-107-compiler.patch
  * chromium-107-system-zlib.patch
- Removed patches:
  * chromium-105-compiler.patch
  * chromium-105-Bitmap-include.patch
  * chromium-106-AutofillPopupControllerImpl-namespace.patch
- Unbundle libyuv and libavif on TW
- Prepare 15.5
- Use qt on 15.4+ (15.3 too old)

- Chromium 108.0.5359.124 (boo#1206403):
  * CVE-2022-4436: Use after free in Blink Media
  * CVE-2022-4437: Use after free in Mojo IPC
  * CVE-2022-4438: Use after free in Blink Frames
  * CVE-2022-4439: Use after free in Aura
  * CVE-2022-4440: Use after free in Profiles

- Chromium 108.0.5359.98
  * Fix regression in computing <select> visibility

- Chromium 108.0.5359.71 (boo#1205871):
  * CVE-2022-4174: Type Confusion in V8
  * CVE-2022-4175: Use after free in Camera Capture
  * CVE-2022-4176: Out of bounds write in Lacros Graphics
  * CVE-2022-4177: Use after free in Extensions
  * CVE-2022-4178: Use after free in Mojo
  * CVE-2022-4179: Use after free in Audio
  * CVE-2022-4180: Use after free in Mojo
  * CVE-2022-4181: Use after free in Forms
  * CVE-2022-4182: Inappropriate implementation in Fenced Frames
  * CVE-2022-4183: Insufficient policy enforcement in Popup Blocker
  * CVE-2022-4184: Insufficient policy enforcement in Autofill
  * CVE-2022-4185: Inappropriate implementation in Navigation
  * CVE-2022-4186: Insufficient validation of untrusted input in Downloads
  * CVE-2022-4187: Insufficient policy enforcement in DevTools
  * CVE-2022-4188: Insufficient validation of untrusted input in CORS
  * CVE-2022-4189: Insufficient policy enforcement in DevTools
  * CVE-2022-4190: Insufficient data validation in Directory
  * CVE-2022-4191: Use after free in Sign-In
  * CVE-2022-4192: Use after free in Live Caption
  * CVE-2022-4193: Insufficient policy enforcement in File System API
  * CVE-2022-4194: Use after free in Accessibility
  * CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
- drop chromium-105-wayland-1.20.patch, upstream
- drop chromium-107-compiler.patch
- add chromium-108-compiler.patch
- drop chromium-98-EnumTable-crash.patch

- Chromium 108.0.5359.94:
  * CVE-2022-4262: Type Confusion in V8 (boo#1205999)

- Chromium 109.0.5414.119 (boo#1207512):
  * CVE-2023-0471: Use after free in WebTransport
  * CVE-2023-0472: Use after free in WebRTC
  * CVE-2023-0473: Type Confusion in ServiceWorker API
  * CVE-2023-0474: Use after free in GuestView
  * Various fixes from internal audits, fuzzing and other
    initiatives

- Chromium 109.0.5414.74:
  * Add support for MathML Core
  * CSS: Auto range support for font descriptors inside @font-face
    rule
  * CSS: Add lh length unit
  * CSS: Add hyphenate-limit-chars property
  * CSS: Snap border, outline and column-rule widths before layout
  * API: Improved screen sharing and web conferencing: hints for
    suppressing local audio playback, and Conditional Focus
  * API: HTTP response status code in the Resource Timing API
  * API: Same-site cross-origin prerendering triggered by the
    speculation rules API
  * Remove Event.path API
  * CVE-2023-0128: Use after free in Overview Mode
  * CVE-2023-0129: Heap buffer overflow in Network Service
  * CVE-2023-0130: Inappropriate implementation in Fullscreen API
  * CVE-2023-0131: Inappropriate implementation in iframe Sandbox
  * CVE-2023-0132: Inappropriate implementation in Permission prompts
  * CVE-2023-0133: Inappropriate implementation in Permission prompts
  * CVE-2023-0134: Use after free in Cart
  * CVE-2023-0135: Use after free in Cart
  * CVE-2023-0136: Inappropriate implementation in Fullscreen API
  * CVE-2023-0137: Heap buffer overflow in Platform Apps
  * CVE-2023-0138: Heap buffer overflow in libphonenumber
  * CVE-2023-0139: Insufficient validation of untrusted input in Downloads
  * CVE-2023-0140: Inappropriate implementation in File System API
  * CVE-2023-0141: Insufficient policy enforcement in CORS
  * Various fixes from internal audits, fuzzing and other initiatives
- drop patches:
  * chromium-gcc11.patch - not needed
  * chromium-107-system-zlib.patch - upstream
  * chromium-108-compiler.patch
- add patches:
  * chromium-109-compiler.patch
  * chromium-109-clang-lp154.patch

- Add chromium-disable-GlobalMediaControlsCastStartStop.patch:
  disable GlobalMediaControlsCastStartStop to fix crashes
  occurring when interacting with the Media UI (bsc#1198124)

- Added patches:
  * chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict
    with system icu (bsc#1207147)
  * chromium-icu72-2.patch: align default characters for old icu
    with that of ICU 72
  * chromium-icu72-3.patch: make V8 aware of space in ICU 72 time
    format

- Chromium 110.0.5481.177 (boo#1208589)
  * CVE-2023-0927: Use after free in Web Payments API
  * CVE-2023-0928: Use after free in SwiftShader
  * CVE-2023-0929: Use after free in Vulkan
  * CVE-2023-0930: Heap buffer overflow in Video
  * CVE-2023-0931: Use after free in Video
  * CVE-2023-0932: Use after free in WebRTC
  * CVE-2023-0933: Integer overflow in PDF
  * CVE-2023-0941: Use after free in Prompts
  * Various fixes from internal audits, fuzzing and other initiatives

- Chromium 110.0.5481.100
  * fix regression on SAP Business Objects web UI
  * fix date formatting behavior change from ICU 72

- Chromium 110.0.5481.77 (boo#1208029):
  * CVE-2023-0696: Type Confusion in V8
  * CVE-2023-0697: Inappropriate implementation in Full screen mode
  * CVE-2023-0698: Out of bounds read in WebRTC
  * CVE-2023-0699: Use after free in GPU
  * CVE-2023-0700: Inappropriate implementation in Download
  * CVE-2023-0701: Heap buffer overflow in WebUI
  * CVE-2023-0702: Type Confusion in Data Transfer
  * CVE-2023-0703: Type Confusion in DevTools
  * CVE-2023-0704: Insufficient policy enforcement in DevTools
  * CVE-2023-0705: Integer overflow in Core
  * Various fixes from internal audits, fuzzing and other initiatives
- build with bundled libavif
- dropped patches:
  * chromium-109-compiler.patch
  * chromium-icu72-3.patch
- added patches:
  * chromium-110-compiler.patch
  * chromium-110-system-libffi.patch
  * chromium-110-NativeThemeBase-fabs.patch
  * chromium-110-CredentialUIEntry-const.patch
  * chromium-110-DarkModeLABColorSpace-pow.patch
  * v8-move-the-Stack-object-from-ThreadLocalTop.patch

- Update to Chromium 51.0.2704.103
  * Security fixes:
  - CVE-2016-1704: Various fixes from internal audits, fuzzing and
    other initiatives (boo#985397)

- Update to Chromium 51.0.2704.84
  * No further changelog

- Update to Chromium 51.0.2704.79 [boo#982719]
  * Security fixes:
  - CVE-2016-1696: Cross-origin bypass in Extension bindings
  - CVE-2016-1697: Cross-origin bypass in Blink
  - CVE-2016-1698: Information leak in Extension bindings
  - CVE-2016-1699: Parameter sanitization failure in DevTools
  - CVE-2016-1700: Use-after-free in Extensions
  - CVE-2016-1701: Use-after-free in Autofill
  - CVE-2016-1702: Out-of-bounds read in Skia
  - CVE-2016-1703: Various fixes from internal audits, fuzzing
    and other initiatives.

- Update to Chromium 51.0.2704.63 [boo#981886]
  * Security fixes:
  - CVE-2016-1672: Cross-origin bypass in extension bindings
  - CVE-2016-1673: Cross-origin bypass in Blink
  - CVE-2016-1674: Cross-origin bypass in extensions
  - CVE-2016-1675: Cross-origin bypass in Blink
  - CVE-2016-1676: Cross-origin bypass in extension bindings
  - CVE-2016-1677: Type confusion in V8
  - CVE-2016-1678: Heap overflow in V8
  - CVE-2016-1679: Heap use-after-free in V8 bindings
  - CVE-2016-1680: Heap use-after-free in Skia
  - CVE-2016-1681: Heap overflow in PDFium
  - CVE-2016-1682: CSP bypass for ServiceWorker
  - CVE-2016-1683: Out-of-bounds access in libxslt
  - CVE-2016-1684: Integer overflow in libxslt
  - CVE-2016-1685: Out-of-bounds read in PDFium
  - CVE-2016-1686: Out-of-bounds read in PDFium
  - CVE-2016-1687: Information leak in extensions
  - CVE-2016-1688: Out-of-bounds read in V8
  - CVE-2016-1689: Heap buffer overflow in media
  - CVE-2016-1690: Heap use-after-free in Autofill
  - CVE-2016-1691: Heap buffer-overflow in Skia
  - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
  - CVE-2016-1693: HTTP Download of Software Removal Tool
  - CVE-2016-1694: HPKP pins removed on cache clearance
  - CVE-2016-1695: Various fixes from internal audits, fuzzing
    and other initiatives
- drop chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
  now upstream

- Update to Chromium 50.0.2661.102 (boo#979859)
  * Security fixes:
  - CVE-2016-1667: Same origin bypass in DOM
  - CVE-2016-1668: Same origin bypass in Blink V8 bindings
  - CVE-2016-1669: Buffer overflow in V8
  - CVE-2016-1670: Race condition in loader

- Update to Chromium 50.0.2661.94 (boo#977830)
  * Security fixes:
  - CVE-2016-1660: Out-of-bounds write in Blink
  - CVE-2016-1661: Memory corruption in cross-process frames
  - CVE-2016-1662: Use-after-free in extensions
  - CVE-2016-1663: Use-after-free in Blink?s V8 bindings
  - CVE-2016-1664: Address bar spoofing
  - CVE-2016-1665: Information leak in V8
  - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives

- _constraints: increase memory. It takes 1.2G to build some .o, and
  with -j4 this results in OOM.

- Update to Chromium 50.0.2661.75 (boo#975572)
  * Security Fixes:
  - CVE-2016-1652: Universal XSS in extension bindings
  - CVE-2016-1653: Out-of-bounds write in V8
  - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
  - CVE-2016-1654: Uninitialized memory read in media
  - CVE-2016-1655: Use-after-free related to extensions
  - CVE-2016-1656: Android downloaded file path restriction bypass
  - CVE-2016-1657: Address bar spoofing
  - CVE-2016-1658: Potential leak of sensitive information to
    malicious extensions
  - CVE-2016-1659: Various fixes from internal audits, fuzzing
    and other initiatives
- add patch to fix GCC builds with component=shared_library:
  chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch

- Update to Chromium 49.0.2623.112
  * Block user removal when login attempt is in progress
  * Add the SuppressUnsupportedOSWarning policy setting
  * Fix how Save-Page-As responds to web requests blocked by extensions
  * Fix preferred width calculation for 8bit ltr runs in rtl blocks

- Update to Chromium 49.0.2623.110
  * No changelog available

- Update to Chromium 49.0.2623.108
  * Security fixes (boo#972834):
  - CVE-2016-1646: Out-of-bounds read in V8
  - CVE-2016-1647: Use-after-free in Navigation
  - CVE-2016-1648: Use-after-free in Extensions
  - CVE-2016-1649: Buffer overflow in libANGLE
  - CVE-2016-1650: Various fixes from internal audits, fuzzing
    and other initiatives
  - CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
    tip of the 4.9 branch (currently 4.9.385.33).

- Update to Chromium 49.0.2623.87
  * Security fixes:
  - CVE-2016-1643: Type confusion in Blink (boo#970514)
  - CVE-2016-1644: Use-after-free in Blink (boo#970509)
  - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)

- Change the build method used on Packman.
  * Drop patch no-clang-on-packman.diff . This is no longer required
    as that ninja is respecting the build flags correctly.
- Drop unused patch skia.patch

- Update to Chromium 49.0.2623.75
  * 26 security fixes, with the most important ones being:
  - CVE-2016-1630: Same-origin bypass in Blink
  - CVE-2016-1631: Same-origin bypass in Pepper Plugin
  - CVE-2016-1632: Bad cast in Extensions
  - CVE-2016-1633: Use-after-free in Blink
  - CVE-2016-1634: Use-after-free in Blink
  - CVE-2016-1635: Use-after-free in Blink
  - CVE-2016-1636: SRI Validation Bypass
  - CVE-2015-8126: Out-of-bounds access in libpng
  - CVE-2016-1637: Information Leak in Skia
  - CVE-2016-1638: WebAPI Bypass
  - CVE-2016-1639: Use-after-free in WebRTC
  - CVE-2016-1640: Origin confusion in Extensions UI
  - CVE-2016-1641: Use-after-free in Favicon
  - CVE-2016-1642: Various fixes from internal audits, fuzzing
    and other initiatives
  - Multiple vulnerabilities in V8 fixed at the tip of the 4.9
    branch (currently 4.9.385.26)
    (boo#969333)

- Update to Chromium 48.0.2564.116
  * Fixes a critical security flaw:
  - CVE-2016-1629: Same-origin bypass in Blink and Sandbox
    escape in Chrome. (boo#967376)

- Update to Chromium 48.0.2564.109
  * Security fixes (boo#965999)
  - CVE-2016-1622: Same-origin bypass in Extensions
  - CVE-2016-1623: Same-origin bypass in DOM
  - CVE-2016-1624: Buffer overflow in Brotli
  - CVE-2016-1625: Navigation bypass in Chrome Instant
  - CVE-2016-1626: Out-of-bounds read in PDFium
  - CVE-2016-1627: Various fixes from internal audits, fuzzing
    and other initiatives

- Drop the libva support completely. It seems that this is causing
  more issues than it actually resolves. (boo#965566)
  * Drop chromium-enable-vaapi.patch

- Don't build with libva support for openSUSE 13.2 and lower
  (boo#966082)

- Drop completely the option to build with system libraries. This
  could lead to issues (boo#965738)

- Update to Chromium 48.0.2564.103
  * No chnagelog available

- Update to Chromium 52.0.2743.116:
  * Security fixes (boo#992305):
    + CVE-2016-5141: Address bar spoofing (boo#992314)
    + CVE-2016-5142: Use-after-free in Blink (boo#992313)
    + CVE-2016-5139: Heap overflow in pdfium (boo#992311)
    + CVE-2016-5140: Heap overflow in pdfium (boo#992310)
    + CVE-2016-5145: Same origin bypass for images in Blink
    (boo#992320)
    + CVE-2016-5143: Parameter sanitization failure in DevTools
    (boo#992319)
    + CVE-2016-5144: Parameter sanitization failure in DevTools
    (boo#992315)
    + CVE-2016-5146: Various fixes from internal audits, fuzzing
    and other initiatives (boo#992309)

- Temporarily disable fix_network_api_crash.patch. Upstream has
  changed part of their code, so hopefully that resolved the issue

- Update to Chromium 52.0.2743.82
  * Security fixes (boo#989901):
    + CVE-2016-1706: Sandbox escape in PPAPI
    + CVE-2016-1707: URL spoofing on iOS
    + CVE-2016-1708: Use-after-free in Extensions
    + CVE-2016-1709: Heap-buffer-overflow in sfntly
    + CVE-2016-1710: Same-origin bypass in Blink
    + CVE-2016-1711: Same-origin bypass in Blink
    + CVE-2016-5127: Use-after-free in Blink
    + CVE-2016-5128: Same-origin bypass in V8
    + CVE-2016-5129: Memory corruption in V8
    + CVE-2016-5130: URL spoofing
    + CVE-2016-5131: Use-after-free in libxml
    + CVE-2016-5132: Limited same-origin bypass in Service Workers
    + CVE-2016-5133: Origin confusion in proxy authentication
    + CVE-2016-5134: URL leakage via PAC script
    + CVE-2016-5135: Content-Security-Policy bypass
    + CVE-2016-5136: Use after free in extensions
    + CVE-2016-5137: History sniffing with HSTS and CSP
    + CVE-2016-1705: Various fixes from internal audits, fuzzing
    and other initiatives

- Clarification/correction to chromium-desktop-gnome and
  chromium-desktop-kde software descriptions due to passwords
  preservation reported by Chromium developer

- Update to Chromium 51.0.2704.106
  * No changelog indicated

- Add gcc60-fixes.diff to resolve the crashes observed with
  chromium when compiled with GCC6

- Version update to 53.0.2785.113 bnc#998743:
  * CVE-2016-5170 Use after free in Blink
  * CVE-2016-5171 Use after free in Blink
  * CVE-2016-5172 Arbitrary Memory Read in v8
  * CVE-2016-5173 Extension resource access
  * CVE-2016-5174 Popup not correctly suppressed
  * CVE-2016-5175 Various fixes from internal audits

- Reenable widevine build again bnc#998328

- Stable channel update to  53.0.2785.101
  * SPDY crasher fixes
  * Disable NV12 DXGI video on AMD
  * Forward --password-store switch to os_crypt
  * Tell the kernel to discard USB requests when they time out.

- Update to Chromium 53.0.2785.92:
  * Revert of support relocatable RPM packages
  * disallow WKBackForwardListItem navigations for pushState pages
  * arc: bluetooth: Fix advertised uuid
  * fix conflicting PendingIntent for stop button and swipe away

- Version update to 53.0.2785.143 bnc#1002140:
  * CVE-2016-5177: Use after free in V8
  * CVE-2016-5178: Various fixes from internal audits

- Export GDK_BACKEND=x11 before starting chromium, ensuring that
  it's started as an Xwayland client (boo#1001135).

- Apply sandbox patch to fix crashers on tumbleweed bnc#999091
  * chromium-sandbox.patch

- Version update stable channel 53.0.2785.116
  * Just smal bugfixes around

- Update to Chromium 53.0.2785.89
  - Improvements to the GN build system (boo#996032, boo#99606, boo#995932)
  - Security fixes (boo#996648)
  * CVE-2016-5147: Universal XSS in Blink.
  * CVE-2016-5148: Universal XSS in Blink.
  * CVE-2016-5149: Script injection in extensions.
  * CVE-2016-5150: Use after free in Blink.
  * CVE-2016-5151: Use after free in PDFium.
  * CVE-2016-5152: Heap overflow in PDFium.
  * CVE-2016-5153: Use after destruction in Blink.
  * CVE-2016-5154: Heap overflow in PDFium.
  * CVE-2016-5155: Address bar spoofing.
  * CVE-2016-5156: Use after free in event bindings.
  * CVE-2016-5157: Heap overflow in PDFium.
  * CVE-2016-5158: Heap overflow in PDFium.
  * CVE-2016-5159: Heap overflow in PDFium.
  * CVE-2016-5161: Type confusion in Blink.
  * CVE-2016-5162: Extensions web accessible resources bypass.
  * CVE-2016-5163: Address bar spoofing.
  * CVE-2016-5164: Universal XSS using DevTools.
  * CVE-2016-5165: Script injection in DevTools.
  * CVE-2016-5166: SMB Relay Attack via Save Page As.
  * CVE-2016-5160: Extensions web accessible resources bypass.
- Drop patches chromium-snapshot-toolchain-r1.patch

- Make it build on ARM.
  * Add build patch arm_use_right_compiler.patch
- Drop unnecessary patches:
  * chromium-arm-r0.patch

- Change buildsystem to GN, which is the new upstream default
  * Make Ninja only use 4 buildprocesses for building Chromium itself
  * Drop unnecessary patches
  - chromium-gcc-fixes.patch
  - adjust-ldflags-no-keep-memory.patch
  - gcc50-fixes.diff
  * Add patches to ensure correct build
  - chromium-last-commit-position-r0.patch
  - chromium-snapshot-toolchain-r1.patch
  * Drop unnecessary sourcefiles
  - courgette.tar.xz
  - depot_tools.tar.xz
  - gn-binaries.tar.xz

- Use an explicit number of ninja build processes (-j 4), to
  further reduce the memory used.

- Version update to 54.0.2840.59 bnc#1004465:
  - CVE-2016-5181: Universal XSS in Blink (Anonymous)
  - CVE-2016-5182: Heap overflow in Blink (Giwan Go of STEALIEN)
  - CVE-2016-5183: Use after free in PDFium (Anonymous)
  - CVE-2016-5184: Use after free in PDFium (Anonymous)
  - CVE-2016-5185: Use after free in Blink (cloudfuzzer)
  - CVE-2016-5187: URL spoofing (Luan Herrera)
  - CVE-2016-5188: UI spoofing (Luan Herrera)
  - CVE-2016-5192: Cross-origin bypass in Blink (haojunhou at gmail)
  - CVE-2016-5189: URL spoofing (xisigr of Tencent's Xuanwu Lab)
  - CVE-2016-5186: Out of bounds read in DevTools (Abdulrahman Alqabandi)
  - CVE-2016-5191: Universal XSS in Bookmarks (Gareth Hughes)
  - CVE-2016-5190: Use after free in Internals (Atte Kettunen of OUSPG)
  - CVE-2016-5193: Scheme bypass (Yuyang ZHOUmartinzhou96)
- packaging changes:
  * disable build for chromium-beta on %arm.
  * Make linker use less memory by tweaking its options:
    chromium-linker-memory.patch
  * obsolete desktop subpackages
  * Switch to gold to reduce memory use use during build
  * fix build on 4.5+ kernels with systemlibs:
    chromium-sandbox.patch
  * various compiler and linker flag adjustments
  * enable gtk3 ui, add patch gtk3-missing-define.patch
  * switch from some bundled libraries to the system versions
    chromium-system-ffmpeg-r3.patch
    chromium-system-jinja-r13.patch
    fix-gn-bootstrap.diff
  * remove service file covered by download_files
- run time bug fixes:
  * Add --ui-disable-partial-swap to the launcher bnc#1000019
  * Use default chromium values from master_preferences on first run
    rather than pseudo-duplicating in shellscript
- added features:
  * hangouts extension

- Update to 54.0.2840.90:
  * Few fixes and tweaks
  * Fixes CVE-2016-5198 bsc#1008274

- Update to 54.0.2840.71:
  * Few fixes around

- Add patch chromium-prop-codecs.patch and set properly the codecs
  variable in main scope to allow ffmpeg passthrough
  bnc#1008725

- python-html5lib now depends on six, so preserve that too for SLE
  builds.

- Obsolete ffmpeg and ffmpegsumo package in addition to conflict

- record minimum version for harfbuzz, incuding runtime
  Chromium will crash with harfbuzz < 1.3.0

- Chromium 55.0.2883.75 bnc#1013236:
  CVE-2016-9651 CVE-2016-5208 CVE-2016-5207 CVE-2016-5206 CVE-2016-5205
  CVE-2016-5204 CVE-2016-5209 CVE-2016-5203 CVE-2016-5210 CVE-2016-5212
  CVE-2016-5211 CVE-2016-5213 CVE-2016-5214 CVE-2016-5216 CVE-2016-5215
  CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5221 CVE-2016-5220
  CVE-2016-5222 CVE-2016-9650 CVE-2016-5223 CVE-2016-5226 CVE-2016-5225
  CVE-2016-5224 CVE-2016-9652
- Switch to system libraries: harfbuzz, zlib, ffmpeg, ...
- Refreshed patches:
  * chromium-system-ffmpeg-r3.patch
  * chromium-system-jinja-r13.patch
- Use system ffmpeg unless on 13.2 that didn't include it
  * chromium-54-ffmpeg2compat.patch
  * Remove upstreamed chromium-more-codec-aliases.patch
- Remove bookmarks override as discussed with artwork simply just set
  homepage to our openSUSE one and that is all

- Chromium 54.0.2840.100:
  * CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)
  * CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)
  * CVE-2016-5201: info leak in extensions (boo#1009894)
  * CVE-2016-5202: various fixes from internal audits (boo#1009895)

- Also add harfbuzz-ng to keeplibs for SLE

- Add condition for system harfbuzz to be disabled on SLE

- Fixed a typo in the build requirements for system minizip.

- Version update to 56.0.2924.87:
  * Various small fixes
  * Disabled option to enable/disable plugins in the chrome://plugins

- Added the package 'chromium-privacy' with multiple patches
  sourced from the release version on https://github.com/
  u4qo60z73t1c4hurv3ny/privacy_patches-oS_cr, which, when enabled
  with the build option 'privacy', builds a version of Chromium
  with less privacy implications due to Google services
  integration.

- Changed the build requirement of libavformat to library version
  57.41.100, as included in ffmpeg 3.1.1, as only this version
  properly supports the public AVStream API 'codecpar'.

- Version update to 56.0.2924.76 bsc#1022049:
  - CVE-2017-5007: Universal XSS in Blink
  - CVE-2017-5006: Universal XSS in Blink
  - CVE-2017-5008: Universal XSS in Blink
  - CVE-2017-5010: Universal XSS in Blink
  - CVE-2017-5011: Unauthorised file access in Devtools
  - CVE-2017-5009: Out of bounds memory access in WebRTC
  - CVE-2017-5012: Heap overflow in V8
  - CVE-2017-5013: Address spoofing in Omnibox
  - CVE-2017-5014: Heap overflow in Skia
  - CVE-2017-5015: Address spoofing in Omnibox
  - CVE-2017-5019: Use after free in Renderer
  - CVE-2017-5016: UI spoofing in Blink
  - CVE-2017-5017: Uninitialised memory access in webm video
  - CVE-2017-5018: Universal XSS in chrome://apps
  - CVE-2017-5020: Universal XSS in chrome://downloads
  - CVE-2017-5021: Use after free in Extensions
  - CVE-2017-5022: Bypass of Content Security Policy in Blink
  - CVE-2017-5023: Type confusion in metrics
  - CVE-2017-5024: Heap overflow in FFmpeg
  - CVE-2017-5025: Heap overflow in FFmpeg
  - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- Add conditional to switch between system and bundled icu
- Raise dependency on harfbuzz to 1.3.1
- Also refresh patches:
  chromium-prop-codecs.patch chromium-linker-memory.patch

- Added patch chromium-enable-vaapi-on-suse.patch to enable
  VAAPI hardware accelerated video decoding.

- Chromium 55.0.2883.87:
  * various fixes for crashes and specific wesites
  * update Google pinned certificates

- Disable system icu on Factory, crashes autofill

- Version update to 57.0.2987.133 bsc#1031677:
  * Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
  * High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
  * High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
  * High CVE-2017-5056: Use after free in Blink. Credit to anonymous
  * High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)

- Drop the browser(npapi) provide which is not true

- Add patch to build with gcc4
  * chromium-57-gcc4.patch

- Do not use gcc5 and newer as the compat was fixed again
- Update to 57.0.2987.110 with various other small tweaks

- Version update to 57.0.2987.98 bsc#1028848:
  CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034
  CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040
  CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043
  CVE-2017-5044 CVE-2017-5045 CVE-2017-5046
- Refresh patches
  * fix-gn-bootstrap.diff
  * chromium-linker-memory.patch
- Remove obsolete patches:
  * chromium-sandbox.patch
  * chromium-54-ffmpeg2compat.patch
- Remove vaapi patch which broke rendering on non-intel cards:
  * chromium-enable-vaapi-on-suse.patch
- From this release onwards i586 build is disabled

- Version update to 58.0.3029.81 bsc#1035103:
  * High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
  * High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
  * High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
  * Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
  * Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
  * Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
  * Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
  * Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
  * Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
  * Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu
  * Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
  * Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
- Refresh patch fix-gn-bootstrap.diff
- Refresh patch chromium-system-jinja-r13.patch
- Remove obsolete patch chromium-57-gcc4.patch

- Version update to 58.0.3029.96:
  * Fixes bsc#1037594 CVE-2017-5068

- Use bundled jinja2, system one changed in 2.9 too much to work
  * It is at least used only during build

- Update to 59.0.3071.104 (bsc#1044690):
  * CVE-2017-5087: Sandbox Escape in IndexedDB
  * CVE-2017-5088: Out of bounds read in V8
  * CVE-2017-5089: Domain spoofing in Omnibox
  * Various fixes from internal audits, fuzzing and other initiatives

- Add patch chromium-buildname.patch bsc#1043420

- Update to 59.0.3071.86 bsc#1042833:
  * CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
  * CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
  * CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
  * CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
  * CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
  * CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
  * CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
  * CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
  * CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
  * CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
  * CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
  * CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
  * CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
  * CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
  * CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
  * CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- Add patch to fix build with system dma:
  * chromium-dma-buf.patch
- Drop no longer needed patches:
  * chromium-linker-memory.patch
  * chromium-system-jinja-r13.patch
- Refresh patches:
  * chromium-gcc7.patch
  * chromium-system-ffmpeg-r3.patch
  * fix-gn-bootstrap.diff
- Use bundled libxml
  * Upstream unfortunately uses git snapshot that is not api/abi compatible

- Add patch to build with gcc7:
  * chromium-gcc7.patch
- Add patch for fpermissive build error:
  * chromium-fpermissive.patch

- Version update to 58.0.3029.110:
  * Various small bugfixes

- Chromium 55.0.2883.87:
  * various fixes for crashes and specific wesites
  * update Google pinned certificates

- Version update to 60.0.3112.78 bsc#1050537:
  * CVE-2017-5091: Use after free in IndexedDB
  * CVE-2017-5092: Use after free in PPAPI
  * CVE-2017-5093: UI spoofing in Blink
  * CVE-2017-5094: Type confusion in extensions
  * CVE-2017-5095: Out-of-bounds write in PDFium
  * CVE-2017-5096: User information leak via Android intents
  * CVE-2017-5097: Out-of-bounds read in Skia
  * CVE-2017-5098: Use after free in V8
  * CVE-2017-5099: Out-of-bounds write in PPAPI
  * CVE-2017-5100: Use after free in Chrome Apps
  * CVE-2017-5101: URL spoofing in OmniBox
  * CVE-2017-5102: Uninitialized use in Skia
  * CVE-2017-5103: Uninitialized use in Skia
  * CVE-2017-5104: UI spoofing in browser
  * CVE-2017-7000: Pointer disclosure in SQLite
  * CVE-2017-5105: URL spoofing in OmniBox
  * CVE-2017-5106: URL spoofing in OmniBox
  * CVE-2017-5107: User information leak via SVG
  * CVE-2017-5108: Type confusion in PDFium
  * CVE-2017-5109: UI spoofing in browser
  * CVE-2017-5110: UI spoofing in payments dialog
  * Various fixes from internal audits, fuzzing and other initiatives
- Add patch chromium-override.patch
- Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch
- Rebase patches:
  * chromium-dma-buf.patch
  * chromium-gcc7.patch
  * chromium-last-commit-position-r0.patch
  * fix-gn-bootstrap.diff

- Update to 59.0.3071.115:
  * Various small fixes all around

- Update to 59.0.3071.109:
  * ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
  * Fixing mouse focus on WebView
  * Remove gtk dependency from gles tests
  * Set build flag when using own FreeType
  * Revert of [scheduler] Move some task types to suspendable task runner
  * Fix an incorrect method name on the chrome://site-engagement WebUI page
  * Linux/Windows: Removing Guest menu item for supervised profile

- Update to 61.0.3163.100 (boo#1060019):
  * CVE-2017-5121: Out-of-bounds access in V8
  * CVE-2017-5122: Out-of-bounds access in V8
  * Various fixes from internal audits, fuzzing and other initiatives

- Update to 61.0.3163.91:
  * Various bugfixes

- Chromium 111.0.5563.64
  * New View Transitions API
  * CSS Color Level 4
  * New developer tools in style panel for color functionality
  * CSS added trigonometric functions, additional root font units
    and extended the n-th child pseudo selector.
  * previousslide and nextslide actions are now part of the Media
    Session API
  * A number of security fixes (boo#1209040)
  * CVE-2023-1213: Use after free in Swiftshader
  * CVE-2023-1214: Type Confusion in V8
  * CVE-2023-1215: Type Confusion in CSS
  * CVE-2023-1216: Use after free in DevTools
  * CVE-2023-1217: Stack buffer overflow in Crash reporting
  * CVE-2023-1218: Use after free in WebRTC
  * CVE-2023-1219: Heap buffer overflow in Metrics
  * CVE-2023-1220: Heap buffer overflow in UMA
  * CVE-2023-1221: Insufficient policy enforcement in Extensions API
  * CVE-2023-1222: Heap buffer overflow in Web Audio API
  * CVE-2023-1223: Insufficient policy enforcement in Autofill
  * CVE-2023-1224: Insufficient policy enforcement in Web Payments API
  * CVE-2023-1225: Insufficient policy enforcement in Navigation
  * CVE-2023-1226: Insufficient policy enforcement in Web Payments API
  * CVE-2023-1227: Use after free in Core
  * CVE-2023-1228: Insufficient policy enforcement in Intents
  * CVE-2023-1229: Inappropriate implementation in Permission prompts
  * CVE-2023-1230: Inappropriate implementation in WebApp Installs
  * CVE-2023-1231: Inappropriate implementation in Autofill
  * CVE-2023-1232: Insufficient policy enforcement in Resource Timing
  * CVE-2023-1233: Insufficient policy enforcement in Resource Timing
  * CVE-2023-1234: Inappropriate implementation in Intents
  * CVE-2023-1235: Type Confusion in DevTools
  * CVE-2023-1236: Inappropriate implementation in Internals
- drop patches:
  * chromium-86-ImageMemoryBarrierData-init.patch
  * chromium-93-InkDropHost-crash.patch
  * chromium-110-NativeThemeBase-fabs.patch
  * chromium-110-CredentialUIEntry-const.patch
  * chromium-110-DarkModeLABColorSpace-pow.patch
  * v8-move-the-Stack-object-from-ThreadLocalTop.patch
  * chromium-icu72-1.patch