Package Release Info

chromium-79.0.3945.79-19.1

Update Info: openSUSE-2019-2692
Available in Package Hub : 12 SP3-SP5

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

chromedriver
chromium

Change Logs

* Wed Dec 11 2019 tchvatal@suse.com
- Update to 79.0.3945.79:
  * CVE-2019-13725: Use after free in Bluetooth
  * CVE-2019-13726: Heap buffer overflow in password manager
  * CVE-2019-13727: Insufficient policy enforcement in WebSockets
  * CVE-2019-13728: Out of bounds write in V8
  * CVE-2019-13729: Use after free in WebSockets
  * CVE-2019-13730: Type Confusion in V8
  * CVE-2019-13732: Use after free in WebAudio
  * CVE-2019-13734: Out of bounds write in SQLite
  * CVE-2019-13735: Out of bounds write in V8
  * CVE-2019-13764: Type Confusion in V8
  * CVE-2019-13736: Integer overflow in PDFium
  * CVE-2019-13737: Insufficient policy enforcement in autocomplete
  * CVE-2019-13738: Insufficient policy enforcement in navigation
  * CVE-2019-13739: Incorrect security UI in Omnibox
  * CVE-2019-13740: Incorrect security UI in sharing
  * CVE-2019-13741: Insufficient validation of untrusted input in Blink
  * CVE-2019-13742: Incorrect security UI in Omnibox
  * CVE-2019-13743: Incorrect security UI in external protocol handling
  * CVE-2019-13744: Insufficient policy enforcement in cookies
  * CVE-2019-13745: Insufficient policy enforcement in audio
  * CVE-2019-13746: Insufficient policy enforcement in Omnibox
  * CVE-2019-13747: Uninitialized Use in rendering
  * CVE-2019-13748: Insufficient policy enforcement in developer tools
  * CVE-2019-13749: Incorrect security UI in Omnibox
  * CVE-2019-13750: Insufficient data validation in SQLite
  * CVE-2019-13751: Uninitialized Use in SQLite
  * CVE-2019-13752: Out of bounds read in SQLite
  * CVE-2019-13753: Out of bounds read in SQLite
  * CVE-2019-13754: Insufficient policy enforcement in extensions
  * CVE-2019-13755: Insufficient policy enforcement in extensions
  * CVE-2019-13756: Incorrect security UI in printing
  * CVE-2019-13757: Incorrect security UI in Omnibox
  * CVE-2019-13758: Insufficient policy enforcement in navigation
  * CVE-2019-13759: Incorrect security UI in interstitials
  * CVE-2019-13761: Incorrect security UI in Omnibox
  * CVE-2019-13762: Insufficient policy enforcement in downloads
  * CVE-2019-13763: Insufficient policy enforcement in payments
- Remove merged patches:
  * chromium-77-clang.patch
  * chromium-78-gcc-enum-range.patch
  * chromium-78-gcc-noexcept.patch
  * chromium-78-gcc-std-vector.patch
  * chromium-78-icon.patch
  * chromium-78-include.patch
  * chromium-78-noexcept.patch
  * chromium-78-pm-crash.patch
  * chromium-78-protobuf-export.patch
- Add new patches:
  * chromium-79-gcc-alignas.patch
  * chromium-79-gcc-ambiguous-nodestructor.patch
  * chromium-79-gcc-name-clash.patch
  * chromium-79-gcc-permissive.patch
  * chromium-79-include.patch
  * chromium-79-system-hb.patch
- Rebase patches:
  * chromium-dma-buf.patch
  * chromium-old-glibc-noexcept.patch
  * chromium-vaapi-fix.patch
  * fix_building_widevinecdm_with_chromium.patch
  * old-libva.patch
Version: 127.0.6533.119-bp155.2.102.1
* Thu Aug 15 2024 ro@suse.de
- Chromium 127.0.6533.119 (boo#1228941)
  * CVE-2024-7532: Out of bounds memory access in ANGLE
  * CVE-2024-7533: Use after free in Sharing
  * CVE-2024-7550: Type Confusion in V8
  * CVE-2024-7534: Heap buffer overflow in Layout
  * CVE-2024-7535: Inappropriate implementation in V8
  * CVE-2024-7536: Use after free in WebAudio
* Thu Aug 01 2024 ro@suse.de
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
  * CVE-2024-6988: Use after free in Downloads
  * CVE-2024-6989: Use after free in Loader
  * CVE-2024-6991: Use after free in Dawn
  * CVE-2024-6992: Out of bounds memory access in ANGLE
  * CVE-2024-6993: Inappropriate implementation in Canvas
  * CVE-2024-6994: Heap buffer overflow in Layout
  * CVE-2024-6995: Inappropriate implementation in Fullscreen
  * CVE-2024-6996: Race in Frames
  * CVE-2024-6997: Use after free in Tabs
  * CVE-2024-6998: Use after free in User Education
  * CVE-2024-6999: Inappropriate implementation in FedCM
  * CVE-2024-7000: Use after free in CSS. Reported by Anonymous
  * CVE-2024-7001: Inappropriate implementation in HTML
  * CVE-2024-7003: Inappropriate implementation in FedCM
  * CVE-2024-7004: Insufficient validation of untrusted input
    in Safe Browsing
  * CVE-2024-7005: Insufficient validation of untrusted input
    in Safe Browsing
  * CVE-2024-6990: Uninitialized Use in Dawn
  * CVE-2024-7255: Out of bounds read in WebTransport
  * CVE-2024-7256: Insufficient data validation in Dawn
- drop patches:
  * chromium-115-compiler-SkColor4f.patch only for llvm < 16
  * chromium-117-system-zstd.patch upstreamed
  * chromium-122-workaround_clang_bug-structured_binding.patch
  * chromium-125-tabstrip-include.patch upstreamed
  * chromium-126-missing-header-files.patch
  * chromium-126-RealTimeReportingBindings-missing-decl.patch
    upstreamed
  * chromium-126-no_matching_constructor.patch
  * chromium-126-no-format.patch upstreamed
- switch from libstdc++ to libc++
- drop patches obsolete when using libc++
  * chromium-126-debian-bad-font-gc00000.patch
  * chromium-126-debian-bad-font-gc2.patch
  * chromium-126-debian-bad-font-gc1.patch
  * chromium-126-debian-bad-font-gc00.patch
  * chromium-126-debian-bad-font-gc000.patch
  * chromium-126-debian-bad-font-gc11.patch
  * chromium-126-debian-bad-font-gc0.patch
  * chromium-126-debian-bad-font-gc0000.patch
  * chromium-126-debian-bad-font-gc3.patch
- modify patches:
  * chromium-125-lp155-typename.patch
  - drop hunk in model_execution_util.h
  - drop hunk in model_quality_log_entry.h
- dropping from keeplibs: (does not exist)
  base/third_party/valgrind
  third_party/maldoca
  third_party/maldoca/src/third_party
- requires updated gn to build (newer than Feb 14 2024)
- add patches:
  * chromium-127-bindgen.patch (from debian/patches/fixes))
  * chromium-127-rust-clanglib.patch (just first hunk from fedora)
  * chromium-127-clang17-traitors.patch
    workaround for clang < 18 from debiana (only used on 15.6)
  * chromium-127-constexpr.patch (from debian/patches/bookworm)
  * chromium-127-paint-layer-header.patch (from debian/patches/upstream)
  * chromium-127-ninja-1.21.1-deps-part0.patch (from fedora)
  * chromium-127-ninja-1.21.1-deps-part1.patch (from fedora)
  * chromium-127-ninja-1.21.1-deps-part2.patch (from fedora)
  * chromium-127-ninja-1.21.1-deps-part3.patch (from fedora)
- buildrequire rust-bindgen to get proper binaries per arch
- use qt5 for factory as well, qt6 fails with:
  ld.lld: error: undefined symbol: QByteArray::toStdString() const
  referenced by qt_shim.cc
  obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const)
- drop patches:
  * chromium-125-debian-bad-font-gc11.patch
  * chromium-125-debian-bad-font-gc0000.patch
  * chromium-125-debian-bad-font-gc00.patch
  * chromium-125-debian-bad-font-gc0.patch
  * chromium-125-debian-bad-font-gc000.patch
  * chromium-125-debian-bad-font-gc1.patch
Version: 126.0.6478.182-bp155.2.99.1
* Wed Jul 17 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 126.0.6478.182 (boo#1227979)
  * CVE-2024-6772: Inappropriate implementation in V8
  * CVE-2024-6773: Type Confusion in V8
  * CVE-2024-6774: Use after free in Screen Capture
  * CVE-2024-6775: Use after free in Media Stream
  * CVE-2024-6776: Use after free in Audio
  * CVE-2024-6777: Use after free in Navigation
  * CVE-2024-6778: Race in DevTools
  * CVE-2024-6779: Out of bounds memory access in V8
Version: 126.0.6478.126-bp155.2.94.1
* Tue Jul 09 2024 Callum Farmer <gmbr3@opensuse.org>
- Finalize 126
- Removed patches:
  * chromium-125-debian-bad-font-gc2.patch
  * chromium-125-debian-bad-font-gc3.patch
- Added patches:
  * chromium-126-RealTimeReportingBindings-missing-decl.patch
  * chromium-126-no-format.patch
* Mon Jul 01 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
  * CVE-2024-6290: Use after free in Dawn
  * CVE-2024-6291: Use after free in Swiftshader
  * CVE-2024-6292: Use after free in Dawn
  * CVE-2024-6293: Use after free in Dawn
  * CVE-2024-6100: Type Confusion in V8
  * CVE-2024-6101: Inappropriate implementation in WebAssembly
  * CVE-2024-6102: Out of bounds memory access in Dawn
  * CVE-2024-6103: Use after free in Dawn
  * CVE-2024-5830: Type Confusion in V8
  * CVE-2024-5831: Use after free in Dawn
  * CVE-2024-5832: Use after free in Dawn
  * CVE-2024-5833: Type Confusion in V8
  * CVE-2024-5834: Inappropriate implementation in Dawn
  * CVE-2024-5835: Heap buffer overflow in Tab Groups
  * CVE-2024-5836: Inappropriate Implementation in DevTools
  * CVE-2024-5837: Type Confusion in V8
  * CVE-2024-5838: Type Confusion in V8
  * CVE-2024-5839: Inappropriate Implementation in Memory Allocator
  * CVE-2024-5840: Policy Bypass in CORS
  * CVE-2024-5841: Use after free in V8
  * CVE-2024-5842: Use after free in Browser UI
  * CVE-2024-5843: Inappropriate implementation in Downloads
  * CVE-2024-5844: Heap buffer overflow in Tab Strip
  * CVE-2024-5845: Use after free in Audio
  * CVE-2024-5846: Use after free in PDFium
  * CVE-2024-5847: Use after free in PDFium
- drop patches:
  * chromium-disable-parallel-gold.patch
  * chromium-125-appservice-include.patch
  * chromium-125-lens-include.patch
  * chromium-125-mojo-bindings-include.patch
  * chromium-125-no-vector-consts.patch
  * chromium-125-vulkan-include.patch
  * chromium-125-ninja.patch
  * chromium-125-no_matching_constructor.patch
  * chromium-125-missing-header-files.patch
- add patches:
  * chromium-126-missing-header-files.patch
  * chromium-126-quiche-interator.patch
  * chromium-126-no_matching_constructor.patch
* Wed Jun 12 2024 Callum Farmer <gmbr3@opensuse.org>
- Amend fix_building_widevinecdm_with_chromium.patch to allow
  Widevine on ARM64 (bsc#1226170)
Version: 125.0.6422.141-bp155.2.91.1
* Fri May 31 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.141 (boo#1225690)
  * CVE-2024-5493: Heap buffer overflow in WebRTC
  * CVE-2024-5494: Use after free in Dawn
  * CVE-2024-5495: Use after free in Dawn
  * CVE-2024-5496: Use after free in Media Session
  * CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
  * CVE-2024-5498: Use after free in Presentation API
  * CVE-2024-5499: Out of bounds write in Streams API
Version: 125.0.6422.112-bp155.2.88.1
* Fri May 24 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.112
  * CVE-2024-5274: Type Confusion in V8 (boo#1225199)
Version: 125.0.6422.76-bp155.2.85.2
* Tue May 21 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.76 (boo#1224818)
  * CVE-2024-5157: Use after free in Scheduling
  * CVE-2024-5158: Type Confusion in V8
  * CVE-2024-5159: Heap buffer overflow in ANGLE
  * CVE-2024-5160: Heap buffer overflow in Dawn
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 125.0.6422.60-bp155.2.82.1
* Thu May 16 2024 ro@suse.de
- Chromium 125.0.6422.60 (boo#1224341)
  * CVE-2024-4947: Type Confusion in V8
  * CVE-2024-4948: Use after free in Dawn
  * CVE-2024-4949: Use after free in V8
  * CVE-2024-4950: Inappropriate implementation in Downloads
- Chromium 125.0.6422.41
  * New upstream (early) stable release.
- drop upstreamed patches:
  * chromium-124-uint-includes.patch
  * chromium-124-fps-optional.patch
  * chromium-124-span-optional.patch
  * chromium-124-extractor-bitset.patch
  * chromium-124-atomic.patch
  * chromium-124-webgpu-optional.patch
  * chromium-124-angle-powf.patch
- add debian upstream patches added for 125:
  * chromium-125-appservice-include.patch
  * chromium-125-lens-include.patch
  * chromium-125-mojo-bindings-include.patch
  * chromium-125-no-vector-consts.patch
  * chromium-125-vulkan-include.patch
  * chromium-125-tabstrip-include.patch
  * chromium-125-ninja.patch
- add debian fixes patches to fix font gc crashes:
  * chromium-125-debian-bad-font-gc0000.patch
  * chromium-125-debian-bad-font-gc000.patch
  * chromium-125-debian-bad-font-gc00.patch
  * chromium-125-debian-bad-font-gc0.patch
  * chromium-125-debian-bad-font-gc11.patch
  * chromium-125-debian-bad-font-gc1.patch
  * chromium-125-debian-bad-font-gc2.patch
  * chromium-125-debian-bad-font-gc3.patch
- add from fedora (reverse applied for older ffmpeg):
  * chromium-125-ffmpeg-5.x-reordered_opaque.patch
- re-diff and rename:
  * from chromium-110-compiler.patch
    to chromium-125-compiler.patch
  * from chromium-120-emplace-struct.patch
    to chromium-125-emplace-struct.patch
  * from chromium-disable-FFmpegAllowLists.patch
    to chromium-125-disable-FFmpegAllowLists.patch
  * from chromium-122-missing-header-files.patch
    to chromium-125-missing-header-files.patch
  * from chromium-122-no_matching_constructor.patch
    to chromium-125-no_matching_constructor.patch
  * from chromium-122-lp155-typename.patch
    to chromium-125-lp155-typename.patch
- third_party/zstd
  added to keeplibs for
  third_party/blink/renderer/platform:platform
- third_party/tflite/src/third_party/xla/xla/tsl/util
  added to keeplibs for
  third_party/tflite/tflite
- third_party/lens_server_proto
  added to keeplibs for
  gen/third_party/lens_server_proto
* Tue May 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.207 (boo#1224294)
  * CVE-2024-4761: Out of bounds write in V8
Version: 124.0.6367.201-bp155.2.78.1
* Fri May 10 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.201 (boo#1224208)
  * CVE-2024-4671: Use after free in Visuals
- Chromium 124.0.6367.155 (boo#1224045)
  * CVE-2024-4558: Use after free in ANGLE
  * CVE-2024-4559: Heap buffer overflow in WebAudio
* Fri May 03 2024 ro@suse.de
- drop patches:
  * chromium-123-WebUI-static_assert.patch
* Thu May 02 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.118 (boo#1223846)
  * CVE-2024-4331: Use after free in Picture In Picture
  * CVE-2024-4368: Use after free in Dawn
* Wed May 01 2024 Callum Farmer <gmbr3@opensuse.org>
- Add patches:
  * chromium-123-missing-QtGui.patch
- Restore libxml 2.12 check for chromium-124-system-libxml.patch
  which replaced chromium-121-blink-libxml-const.patch
* Fri Apr 26 2024 ro@suse.de
- Chromium 124.0.6367.78 (boo#1223845)
  * CVE-2024-4058: Type Confusion in ANGLE
  * CVE-2024-4059: Out of bounds read in V8 API
  * CVE-2024-4060: Use after free in Dawn
* Wed Apr 17 2024 ro@suse.de
- Chromium 124.0.6367.60 (boo#1222958)
  * CVE-2024-3832: Object corruption in V8.
  * CVE-2024-3833: Object corruption in WebAssembly.
  * CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
  * CVE-2024-3837: Use after free in QUIC.
  * CVE-2024-3838: Inappropriate implementation in Autofill.
  * CVE-2024-3839: Out of bounds read in Fonts.
  * CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
  * CVE-2024-3841: Insufficient data validation in Browser Switcher.
  * CVE-2024-3843: Insufficient data validation in Downloads.
  * CVE-2024-3844: Inappropriate implementation in Extensions.
  * CVE-2024-3845: Inappropriate implementation in Network.
  * CVE-2024-3846: Inappropriate implementation in Prompts.
  * CVE-2024-3847: Insufficient policy enforcement in WebUI.
- drop patches:
  * chromium-123-optional2.patch
  * chromium-122-avoid-SFINAE-TypeConverter.patch
  * chromium-123-PA-InternalAllocator.patch
- rediff patches:
  * chromium-110-compiler.patch
  * chromium-120-emplace.patch
  * chromium-122-no_matching_constructor.patch
  * chromium-122-lp155-typename.patch
- add patches: from debian/fixes
  * chromium-123-stats-collector.patch
- add patches: from debian/upstream
  * chromium-124-angle-powf.patch
  * chromium-124-atomic.patch
  * chromium-124-extractor-bitset.patch
  * chromium-124-fps-optional.patch
  * chromium-124-span-optional.patch
  * chromium-124-uint-includes.patch
  * chromium-124-webgpu-optional.patch
- add patches:
  * chromium-123-WebUI-static_assert.patch
    workaround for compile issue in webui_contents_wrapper.h
  * chromium-124-system-libxml.patch (from fedora)
* Sun Apr 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 123.0.6312.122 (boo#1222707)
  * CVE-2024-3157: Out of bounds write in Compositing
  * CVE-2024-3516: Heap buffer overflow in ANGLE
  * CVE-2024-3515: Use after free in Dawn
- Chromium 123.0.6312.105 (boo#1222260)
  * CVE-2024-3156: Inappropriate implementation in V8
  * CVE-2024-3158: Use after free in Bookmarks
  * CVE-2024-3159: Out of bounds memory access in V8
- Chromium 123.0.6312.86 (boo#1222035)
  * CVE-2024-2883: Use after free in ANGLE
  * CVE-2024-2885: Use after free in Dawn
  * CVE-2024-2886: Use after free in WebCodecs
  * CVE-2024-2887: Type Confusion in WebAssembly
- Chromium 123.0.6312.58 (boo#1221732)
  * CVE-2024-2625: Object lifecycle issue in V8
  * CVE-2024-2626: Out of bounds read in Swiftshader
  * CVE-2024-2627: Use after free in Canvas
  * CVE-2024-2628: Inappropriate implementation in Downloads
- drop patches:
  * chromium-117-blink-BUILD-mnemonic.patch
  * chromium-121-blink-libxml-const.patch
  * chromium-122-BookmarkNode-missing-operator.patch
  * chromium-122-WebUI-static_assert.patch
  * chromium-122-PA-undo-internal-alloc.patch
* Mon Mar 18 2024 Callum Farmer <gmbr3@opensuse.org>
- Use Python 3.11 on Leap
- Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch
  to chromium-122-WebUI-static_assert.patch
- Rename chromium-122-disable-FFmpegAllowLists.patch to
  chromium-disable-FFmpegAllowLists.patch
- Rename chromium-122-static-assert.patch to
  chromium-122-BookmarkNode-missing-operator.patch
- Rename chromium-122-undo-internal-alloc.patch to
  chromium-122-PA-undo-internal-alloc.patch
- Rename chromium-122-typename.patch to
  chromium-122-lp155-typename.patch
- Removed patches:
  * chromium-121-v8-c++20-p1.patch
  * chromium-121-v8-c++20.patch
  * chromium-122-unique_ptr.patch
  * chromium-122-python3-assignment-expressions.patch
  * chromium-122-el8-support-64kpage.patch
  * chromium-122-el7-inline-function.patch
  * chromium-122-el7-extra-operator.patch
  * chromium-122-el7-default-constructor-involving-anonymous-union.patch
  * chromium-122-constexpr.patch
  * chromium-122-clang-build-flags.patch
  * chromium-122-clang16-disable-auto-upgrade-debug-info.patch
  * chromium-122-clang16-buildflags.patch
  * chromium-122-arm64-memory_tagging.patch
  * chromium-121-el7-clang-version-warning.patch
  * chromium-116-lp155-url_load_stats-size-t.patch
  * chromium-icu72-2.patch
  * chromium-122-debian-upstream-mojo.patch
- Patches merged into other patches:
  * chromium-122-debian-upstream-bitset.patch
  * chromium-122-debian-upstream-optional.patch
  * chromium-122-debian-upstream-uniqptr.patch
  * chromium-122-debian-fixes-optional.patch
  * chromium-122-norar.patch
- Restore time clamper change to
  chromium-122-missing-header-files.patch
- Fix missing/invalid casting in
  chromium-122-no_matching_constructor.patch
Version: 122.0.6261.128-bp155.2.75.1
* Wed Mar 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 122.0.6261.128 (boo#1221335)
  * CVE-2024-2400: Use after free in Performance Manager
* Fri Mar 08 2024 ro@suse.de
- Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
  * New upstream security release.
  * CVE-2024-2173: Out of bounds memory access in V8.
  * CVE-2024-2174: Inappropriate implementation in V8.
  * CVE-2024-2176: Use after free in FedCM.
- Chromium 122.0.6261.94
  * CVE-2024-1669: Out of bounds memory access in Blink.
  * CVE-2024-1670: Use after free in Mojo.
  * CVE-2024-1671: Inappropriate implementation in Site Isolation.
  * CVE-2024-1672: Inappropriate implementation in Content Security Policy.
  * CVE-2024-1673: Use after free in Accessibility.
  * CVE-2024-1674: Inappropriate implementation in Navigation.
  * CVE-2024-1675: Insufficient policy enforcement in Download.
  * CVE-2024-1676: Inappropriate implementation in Navigation.
  * Type Confusion in V8
  * rediff chromium-disable-GlobalMediaControlsCastStartStop.patch
  * drop chromium-114-lld-argument.patch
    replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch
  * drop chromium-121-no_matching_constructor.patch
    replaced by chromium-122-no_matching_constructor.patch
  * drop chromium-113-webview-namespace.patch (obsolete)
  * reduce chromium-norar.patch
    by the hunks in chromium-122-norar.patch
  * drop chromium-114-revert-av1enc-lp154.patch
    replaced by chromium-122-revert-av1enc-el9.patch
  * drop chromium-115-lp155-typename.patch
    chromium-116-lp155-typenames.patch
    chromium-117-lp155-typename.patch
    chromium-120-lp155-typename.patch
    replaced by chromium-122-typename.patch
  * drop chromium-121-missing-header-files.patch
    replaced by chromium-122-missing-header-files.patch
  * drop chromium-121-workaround_clang_bug-structured_binding.patch
    replaced by chromium-122-workaround_clang_bug-structured_binding.patch
  * drop chromium-121-no_matching_constructor.patch
    replaced by chromium-122-no_matching_constructor.patch
  * drop chromium-121-python3-invalid-escape-sequence.patch (upstream)
  * drop chromium-disable-FFmpegAllowLists.patch
    replaced by chromium-122-disable-FFmpegAllowLists.patch
  * drop chromium-121-avoid-SFINAE-TypeConverter.patch
    replaced by chromium-122-avoid-SFINAE-TypeConverter.patch
  * add buildrequires for rust
  * add patches from fedora package for 121 and 122
  * chromium-121-el7-clang-version-warning.patch
  * chromium-121-v8-c++20-p1.patch
  * chromium-121-v8-c++20.patch
  * chromium-122-arm64-memory_tagging.patch
  * chromium-122-clang16-buildflags.patch
  * chromium-122-clang16-disable-auto-upgrade-debug-info.patch
  * chromium-122-clang-build-flags.patch
  * chromium-122-constexpr.patch
  * chromium-122-disable-FFmpegAllowLists.patch
  * chromium-122-el7-default-constructor-involving-anonymous-union.patch
  * chromium-122-el7-extra-operator.patch
  * chromium-122-el7-inline-function.patch
  * chromium-122-el8-support-64kpage.patch
  * chromium-122-missing-header-files.patch
  * chromium-122-no_matching_constructor.patch
  * chromium-122-norar.patch
  * chromium-122-python3-assignment-expressions.patch
  * chromium-122-revert-av1enc-el9.patch
  * chromium-122-static-assert.patch
  * chromium-122-typename.patch
  * chromium-122-unique_ptr.patch
  * chromium-122-workaround_clang_bug-structured_binding.patch
  * from debian add
  * chromium-122-undo-internal-alloc.patch
  * chromium-122-debian-upstream-bitset.patch
  * chromium-122-debian-upstream-mojo.patch
  * chromium-122-debian-upstream-optional.patch
  * chromium-122-debian-upstream-uniqptr.patch
  * chromium-122-debian-fixes-optional.patch
  * added compile fix needed on code15
    chromium-122-skip_bubble_contents_wrapper_static_assert.patch
    to prevent "static assertion expression is not an integral constant expression"
    "in call to 'operator+(&"."[0], ShoppingInsightsSidePanelUI::GetWebUIName())'"
    in bubble_contents_wrapper.h:153
- replace Cr121-ffmpeg-new-channel-layout.patch by
  Cr122-ffmpeg-new-channel-layout.patch (rediff against 122)
- drop chromium-121-system-old-ffmpeg.patch
* Fri Mar 08 2024 Callum Farmer <gmbr3@opensuse.org>
- Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg
  changes so that FFmpeg 4 will work on Leap
- Prepare for libxml 2.12
* Sat Mar 02 2024 Callum Farmer <gmbr3@opensuse.org>
- Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661)
  * CVE-2024-1284: Use after free in Mojo
  * CVE-2024-1283: Heap buffer overflow in Skia
  * CVE-2024-1060: Use after free in Canvas
  * CVE-2024-1059: Use after free in WebRTC
  * CVE-2024-1077: Use after free in Network
  * CVE-2024-0807: Use after free in WebAudio
  * CVE-2024-0812: Inappropriate implementation in Accessibility
  * CVE-2024-0808: Integer underflow in WebUI
  * CVE-2024-0810: Insufficient policy enforcement in DevTools
  * CVE-2024-0814: Incorrect security UI in Payments
  * CVE-2024-0813: Use after free in Reading Mode
  * CVE-2024-0806: Use after free in Passwords
  * CVE-2024-0805: Inappropriate implementation in Downloads
  * CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
  * CVE-2024-0811: Inappropriate implementation in Extensions API
  * CVE-2024-0809: Inappropriate implementation in Autofill
- Removed patches:
  * chromium-117-includes.patch
  * chromium-118-includes.patch
  * chromium-119-dont-redefine-ATSPI-version-macros.patch
  * chromium-120-missing-header-files.patch
  * chromium-120-no_matching_constructor.patch
  * chromium-120-nullptr_t-without-namespace-std.patch
  * chromium-120-workaround_clang_bug-structured_binding.patch
  * gcc13-fix.patch
  * chromium-113-webauth-include-variant.patch
  * chromium-110-system-libffi.patch
- Added patches:
  * chromium-121-no_matching_constructor.patch
  * chromium-121-nullptr_t-without-namespace-std.patch
  * chromium-121-workaround_clang_bug-structured_binding.patch
  * chromium-121-missing-header-files.patch
  * chromium-121-rust-clang_lib.patch
  * chromium-121-python3-invalid-escape-sequence.patch
  * chromium-121-rust-clang_lib.patch
  * chromium-121-avoid-SFINAE-TypeConverter.patch
  * chromium-121-blink-libxml-const.patch
- Add patch chromium-disable-FFmpegAllowLists.patch:
  disable codec checker this will always fail (bsc#1219070)
Version: 120.0.6099.224-bp155.2.70.1
* Sat Mar 09 2024 Callum Farmer <gmbr3@opensuse.org>
- Add patch chromium-disable-FFmpegAllowLists.patch:
  disable codec checker this will always fail (bsc#1219070)
Version: 120.0.6099.224-bp155.2.67.1
* Wed Jan 17 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 120.0.6099.224 (boo#1218892)
  * CVE-2024-0517: Out of bounds write in V8
  * CVE-2024-0518: Type Confusion in V8
  * CVE-2024-0519: Out of bounds memory access in V8
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 120.0.6099.216-bp155.2.64.1
* Sun Jan 14 2024 Callum Farmer <gmbr3@opensuse.org>
- Replace chromium-120-lp155-revert-clang-build-failure.patch
  with chromium-120-make_unique-struct.patch - which avoids
  reverting changes and instead provides a stub constructor to fix
  build on Leap
* Sat Jan 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302,
  boo#1218533, boo#1218719)
  * CVE-2024-0333: Insufficient data validation in Extensions
  * CVE-2024-0222: Use after free in ANGLE
  * CVE-2024-0223: Heap buffer overflow in ANGLE
  * CVE-2024-0224: Use after free in WebAudio
  * CVE-2024-0225: Use after free in WebGPU
  * CVE-2023-7024: Heap buffer overflow in WebRTC
  * CVE-2023-6702: Type Confusion in V8
  * CVE-2023-6703: Use after free in Blink
  * CVE-2023-6704: Use after free in libavif (boo#1218303)
  * CVE-2023-6705: Use after free in WebRTC
  * CVE-2023-6706: Use after free in FedCM
  * CVE-2023-6707: Use after free in CSS
  * CVE-2023-6508: Use after free in Media Stream
  * CVE-2023-6509: Use after free in Side Panel Search
  * CVE-2023-6510: Use after free in Media Capture
  * CVE-2023-6511: Inappropriate implementation in Autofill
  * CVE-2023-6512: Inappropriate implementation in Web Browser UI
- drop patches:
  * chromium-system-libusb.patch
  * chromium-119-nullptr_t-without-namespace-std.patch
  * chromium-119-no_matching_constructor.patch
  * chromium-117-workaround_clang_bug-structured_binding.patch
- add patches:
  * chromium-120-nullptr_t-without-namespace-std.patch
  * chromium-120-emplace.patch
  * chromium-120-lp155-typename.patch
  * chromium-120-no_matching_constructor.patch
  * chromium-120-missing-header-files.patch
  * chromium-120-emplace-struct.patch
  * chromium-120-workaround_clang_bug-structured_binding.patch
- add patches for Leap that revert braking changes:
  * chromium-120-lp155-revert-clang-build-failure.patch
Version: 119.0.6045.199-bp154.2.147.1
* Wed Nov 29 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.199 (boo#1217616)
  * CVE-2023-6348: Type Confusion in Spellcheck
  * CVE-2023-6347: Use after free in Mojo
  * CVE-2023-6346: Use after free in WebAudio
  * CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
  * CVE-2023-6351: Use after free in libavif (boo#1217615)
  * CVE-2023-6345: Integer overflow in Skia
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 119.0.6045.159-bp154.2.144.1
* Wed Nov 15 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.159 (boo#1217142)
  * CVE-2023-5997: Use after free in Garbage Collection
  * CVE-2023-6112: Use after free in Navigation
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 119.0.6045.123-bp154.2.141.1
* Fri Nov 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.123 (boo#1216978)
  * CVE-2023-5996: Use after free in WebAudio
- Chromium 119.0.6045.105 (boo#1216783)
  * CVE-2023-5480: Inappropriate implementation in Payments
  * CVE-2023-5482: Insufficient data validation in USB
  * CVE-2023-5849: Integer overflow in USB
  * CVE-2023-5850: Incorrect security UI in Downloads
  * CVE-2023-5851: Inappropriate implementation in Downloads
  * CVE-2023-5852: Use after free in Printing
  * CVE-2023-5853: Incorrect security UI in Downloads
  * CVE-2023-5854: Use after free in Profiles
  * CVE-2023-5855: Use after free in Reading Mode
  * CVE-2023-5856: Use after free in Side Panel
  * CVE-2023-5857: Inappropriate implementation in Downloads
  * CVE-2023-5858: Inappropriate implementation in WebApp Provider
  * CVE-2023-5859: Incorrect security UI in Picture In Picture
- dropped patches:
  * chromium-98-gtk4-build.patch
  * chromium-118-system-freetype.patch
  * chromium-118-no_matching_constructor.patch
- added patches:
  * chromium-119-no_matching_constructor.patch
  * chromium-119-dont-redefine-ATSPI-version-macros.patch
  * chromium-119-nullptr_t-without-namespace-std.patch
  * chromium-119-assert.patch
Version: 118.0.5993.117-bp154.2.138.1
* Tue Oct 24 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.117 (boo#1216549)
  * CVE-2023-5472: Use after free in Profiles
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 118.0.5993.88-bp154.2.135.1
* Wed Oct 18 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.88:
  * unspecified security fix (boo#1216392)
Version: 118.0.5993.70-bp154.2.132.1
* Wed Oct 11 2023 Andreas Stieger <andreas.stieger@gmx.de>
- refresh chromium-117-emplace_back_on_vector-c++20.patch and
  chromium-117-lp155-constructors.patch to
  chromium-118-no_matching_constructor.patch
* Tue Oct 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.70 (boo#1216111)
  * CVE-2023-5218: Use after free in Site Isolation
  * CVE-2023-5487: Inappropriate implementation in Fullscreen
  * CVE-2023-5484: Inappropriate implementation in Navigation
  * CVE-2023-5475: Inappropriate implementation in DevTools
  * CVE-2023-5483: Inappropriate implementation in Intents
  * CVE-2023-5481: Inappropriate implementation in Downloads
  * CVE-2023-5476: Use after free in Blink History
  * CVE-2023-5474: Heap buffer overflow in PDF
  * CVE-2023-5479: Inappropriate implementation in Extensions API
  * CVE-2023-5485: Inappropriate implementation in Autofill
  * CVE-2023-5478: Inappropriate implementation in Autofill
  * CVE-2023-5477: Inappropriate implementation in Installer
  * CVE-2023-5486: Inappropriate implementation in Input
  * CVE-2023-5473: Use after free in Cast
- Build with system freetype (again), and zstd
- add patches:
  * chromium-118-system-freetype.patch
  * chromium-117-system-zstd.patch
* Sat Oct 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.54
- add patches:
  * chromium-118-includes.patch
Version: 117.0.5938.149-bp154.2.129.1
* Wed Oct 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.149:
  * CVE-2023-5346: Type Confusion in V8 (boo#1215924)
Version: 117.0.5938.132-bp154.2.126.1
* Wed Sep 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.132 (boo#1215776):
  * CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
  * CVE-2023-5186: Use after free in Passwords
  * CVE-2023-5187: Use after free in Extensions
* Fri Sep 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.92:
  * stability improvements
* Wed Sep 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Add explicit build dependency on libepoxy for Tumbleweed
Version: 117.0.5938.88-bp154.2.123.1
* Sun Sep 17 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.88 (boo#1215279)
  * CVE-2023-4900: Inappropriate implementation in Custom Tabs
  * CVE-2023-4901: Inappropriate implementation in Prompts
  * CVE-2023-4902: Inappropriate implementation in Input
  * CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs
  * CVE-2023-4904: Insufficient policy enforcement in Downloads
  * CVE-2023-4905: Inappropriate implementation in Prompts
  * CVE-2023-4906: Insufficient policy enforcement in Autofill
  * CVE-2023-4907: Inappropriate implementation in Intents
  * CVE-2023-4908: Inappropriate implementation in Picture in Picture
  * CVE-2023-4909: Inappropriate implementation in Interstitials
- drop patches:
  * chromium-100-InMilliseconds-constexpr.patch
  * chromium-115-Qt-moc-version.patch
  * chromium-116-profile-view-utils-vector-include.patch
  * chromium-116-blink-variant-include.patch
  * chromium-116-abseil-limits-include.patch
  * chromium-116-lp155-constuctors.patch
  * chromium-115-workaround_clang_bug-structured_binding.patch
  * chromium-115-emplace_back_on_vector-c++20.patch
- add patches:
  * chromium-117-blink-BUILD-mnemonic.patch
  * chromium-117-includes.patch
  * chromium-117-lp155-constructors.patch
  * chromium-117-string-convert.patch
  * chromium-117-lp155-typename.patch
  * chromium-117-workaround_clang_bug-structured_binding.patch
  * chromium-117-emplace_back_on_vector-c++20.patch
Version: 116.0.5845.187-bp154.2.120.1
* Wed Sep 13 2023 Andreas Stieger <andreas.stieger@gmx.de>
- CVE-2023-4863: build with the bundled library on Leap (boo#1215231)
Version: 116.0.5845.187-bp154.2.117.1
* Tue Sep 12 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.187 (boo#1215231):
  * CVE-2023-4863: Heap buffer overflow in WebP
Version: 116.0.5845.179-bp154.2.114.1
* Wed Sep 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.179 (boo#1215023):
  * CVE-2023-4761: Out of bounds memory access in FedCM
  * CVE-2023-4762: Type Confusion in V8
  * CVE-2023-4763: Use after free in Networks
  * CVE-2023-4764: Incorrect security UI in BFCache
Version: 116.0.5845.140-bp154.2.111.1
* Wed Aug 30 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.140 (boo#1214758):
  * CVE-2023-4572: Use after free in MediaStream
Version: 116.0.5845.110-bp154.2.108.1
* Wed Aug 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.110 (boo#1214487):
  * CVE-2023-4427: Out of bounds memory access in V8
  * CVE-2023-4428: Out of bounds memory access in CSS
  * CVE-2023-4429: Use after free in Loader
  * CVE-2023-4430: Use after free in Vulkan
  * CVE-2023-4431: Out of bounds memory access in Fonts
Version: 116.0.5845.96-bp154.2.105.1
* Mon Aug 14 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.96
  * New CSS features: Motion Path, and "display" and
    "content-visibility" animations
  * Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
    forward cache NotRestoredReason API, Document Picture-in-
    Picture, Expanded Wildcards in Permissions Policy Origins,
    FedCM bundle: Login Hint API, User Info API, and RP Context API,
    Non-composed Mouse and Pointer enter/leave events,
    Remove document.open sandbox inheritance,
    Report Critical-CH caused restart in NavigationTiming
- fix a number of security issues (boo#1214301):
  * CVE-2023-2312: Use after free in Offline
  * CVE-2023-4349: Use after free in Device Trust Connectors
  * CVE-2023-4350: Inappropriate implementation in Fullscreen
  * CVE-2023-4351: Use after free in Network
  * CVE-2023-4352: Type Confusion in V8
  * CVE-2023-4353: Heap buffer overflow in ANGLE
  * CVE-2023-4354: Heap buffer overflow in Skia
  * CVE-2023-4355: Out of bounds memory access in V8
  * CVE-2023-4356: Use after free in Audio
  * CVE-2023-4357: Insufficient validation of untrusted input in XML
  * CVE-2023-4358: Use after free in DNS
  * CVE-2023-4359: Inappropriate implementation in App Launcher
  * CVE-2023-4360: Inappropriate implementation in Color
  * CVE-2023-4361: Inappropriate implementation in Autofill
  * CVE-2023-4362: Heap buffer overflow in Mojom IDL
  * CVE-2023-4363: Inappropriate implementation in WebShare
  * CVE-2023-4364: Inappropriate implementation in Permission Prompts
  * CVE-2023-4365: Inappropriate implementation in Fullscreen
  * CVE-2023-4366: Use after free in Extensions
  * CVE-2023-4367: Insufficient policy enforcement in Extensions API
  * CVE-2023-4368: Insufficient policy enforcement in Extensions API
- drop patches:
  * chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
  * chromium-115-verify_name_match-include.patch
  * chromium-86-fix-vaapi-on-intel.patch
  * chromium-115-skia-include.patch
  * chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
- add patches:
  * chromium-116-profile-view-utils-vector-include.patch
  * chromium-116-blink-variant-include.patch
  * chromium-116-lp155-url_load_stats-size-t.patch
  * chromium-116-abseil-limits-include.patch
  * chromium-116-lp155-typenames.patch
  * chromium-116-lp155-constuctors.patch
- Build with bundled re2 on Leap
* Wed Aug 09 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix crash with extensions (boo#1214003)
  chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
Version: 115.0.5790.170-bp154.2.102.1
* Thu Aug 03 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.170 (boo#1213920)
  * CVE-2023-4068: Type Confusion in V8
  * CVE-2023-4069: Type Confusion in V8
  * CVE-2023-4070: Type Confusion in V8
  * CVE-2023-4071: Heap buffer overflow in Visuals
  * CVE-2023-4072: Out of bounds read and write in WebGL
  * CVE-2023-4073: Out of bounds memory access in ANGLE
  * CVE-2023-4074: Use after free in Blink Task Scheduling
  * CVE-2023-4075: Use after free in Cast
  * CVE-2023-4076: Use after free in WebRTC
  * CVE-2023-4077: Insufficient data validation in Extensions
  * CVE-2023-4078: Inappropriate implementation in Extensions
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Specify re2 build dependency in a way that makes Leap packages
  build in devel project and in Maintenance
Version: 115.0.5790.102-bp154.2.99.1
* Sun Jul 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.102:
  * stability fix
- Add build fixes on Leap:
  * chromium-115-emplace_back_on_vector-c++20.patch
  * chromium-115-compiler-SkColor4f.patch
  * chromium-115-workaround_clang_bug-structured_binding.patch
  * chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
- adjust chromium-115-lp155-typename.patch
- drop chromium-114-workaround_clang_bug-structured_binding.patch
* Wed Jul 19 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.98
  * Security: The Storage, Service Worker, and Communication APIs
    are now partitioned in third-party contexts to prevent certain
    types of side-channel cross-site tracking
  * HTTPS: Automatically and optimistically upgrade all main-frame
    navigations to HTTPS, with fast fallback to HTTP.
  * CSS: accept multiple values of the display property
  * CSS: support boolean context style container queries
  * CSS: support scroll-driven animations
  * Increase the maximum size of a WebAssembly.Module() on the main
    thread to 8 MB
  * FedCM: Support credential management mediation requirements for
    auto re-authentication
  * Deprecate the document.domain setter
  * Deprecate mutation events
  * Security fixes (boo#1213462):
    CVE-2023-3727: Use after free in WebRTC
    CVE-2023-3728: Use after free in WebRTC
    CVE-2023-3730: Use after free in Tab Groups
    CVE-2023-3732: Out of bounds memory access in Mojo
    CVE-2023-3733: Inappropriate implementation in WebApp Installs
    CVE-2023-3734: Inappropriate implementation in Picture In Picture
    CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
    CVE-2023-3736: Inappropriate implementation in Custom Tabs
    CVE-2023-3737: Inappropriate implementation in Notifications
    CVE-2023-3738: Inappropriate implementation in Autofill
    CVE-2023-3740: Insufficient validation of untrusted input in Themes
    Various fixes from internal audits, fuzzing and other initiatives
- drop chromium-113-typename.patch
- add chromium-115-skia-include.patch
- add chromium-115-verify_name_match-include.patch
- add chromium-115-lp155-typename.patch
- Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without
  built-in copy of shim
Version: 114.0.5735.198-bp154.2.96.1
* Tue Jun 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.198 (boo#1212755):
  * CVE-2023-3420: Type Confusion in V8
  * CVE-2023-3421: Use after free in Media
  * CVE-2023-3422: Use after free in Guest View
* Sun Jun 25 2023 Callum Farmer <gmbr3@opensuse.org>
- Install Qt5 library & prepare for Qt6 in 115
* Thu Mar 09 2023 Callum Farmer <gmbr3@opensuse.org>
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
Version: 114.0.5735.133-bp154.2.93.1
* Wed Jun 14 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.133 (boo#1212302):
  * CVE-2023-3214: Use after free in Autofill payments
  * CVE-2023-3215: Use after free in WebRTC
  * CVE-2023-3216: Type Confusion in V8
  * CVE-2023-3217: Use after free in WebXR
  * Various fixes from internal audits, fuzzing and other initiatives
* Wed Jun 07 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
Version: 114.0.5735.106-bp154.2.90.1
* Tue Jun 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
* Tue Jun 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.106 (boo#1212044):
  * CVE-2023-3079: Type Confusion in V8
* Sun Jun 04 2023 Callum Farmer <gmbr3@opensuse.org>
- Chromium 114.0.5735.90 (boo#1211843):
  * CSS text-wrap: balance is available
  * Cookies partitioned by top level site (CHIPS)
  * New Popover API
- Security fixes:
  * CVE-2023-2929: Out of bounds write in Swiftshader
  * CVE-2023-2930: Use after free in Extensions
  * CVE-2023-2931: Use after free in PDF
  * CVE-2023-2932: Use after free in PDF
  * CVE-2023-2933: Use after free in PDF
  * CVE-2023-2934: Out of bounds memory access in Mojo
  * CVE-2023-2935: Type Confusion in V8
  * CVE-2023-2936: Type Confusion in V8
  * CVE-2023-2937: Inappropriate implementation in Picture In Picture
  * CVE-2023-2938: Inappropriate implementation in Picture In Picture
  * CVE-2023-2939: Insufficient data validation in Installer
  * CVE-2023-2940: Inappropriate implementation in Downloads
  * CVE-2023-2941: Inappropriate implementation in Extensions API
- Drop patches:
  * chromium-103-VirtualCursor-std-layout.patch
  * chromium-113-system-zlib.patch
  * chromium-113-workaround_clang_bug-structured_binding.patch
- Add patches
  * chromium-114-workaround_clang_bug-structured_binding.patch
  * chromium-114-lld-argument.patch
* Tue May 30 2023 Callum Farmer <gmbr3@opensuse.org>
- Un-bundle zlib again
- Remove un-needed patches:
  * chromium-112-default-comparison-operators.patch
  * chromium-109-clang-lp154.patch
  * chromium-clang-nomerge.patch
  * chromium-ffmpeg-lp152.patch
  * chromium-lp151-old-drm.patch
- Added patches:
  * chromium-113-system-zlib.patch
Version: 113.0.5672.126-bp154.2.87.1
* Sun May 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- build with llvm15 on Leap
* Tue May 16 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 113.0.5672.126 (boo#1211442):
  * CVE-2023-2721: Use after free in Navigation
  * CVE-2023-2722: Use after free in Autofill UI
  * CVE-2023-2723: Use after free in DevTools
  * CVE-2023-2724: Type Confusion in V8
  * CVE-2023-2725: Use after free in Guest View
  * CVE-2023-2726: Inappropriate implementation in WebApp Installs
  * Various fixes from internal audits, fuzzing and other initiatives
* Tue May 09 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 113.0.5672.92 (boo#1211211)
- Multiple security fixes (boo#1211036):
  * CVE-2023-2459: Inappropriate implementation in Prompts
  * CVE-2023-2460: Insufficient validation of untrusted input in Extensions
  * CVE-2023-2461: Use after free in OS Inputs
  * CVE-2023-2462: Inappropriate implementation in Prompts
  * CVE-2023-2463: Inappropriate implementation in Full Screen Mode
  * CVE-2023-2464: Inappropriate implementation in PictureInPicture
  * CVE-2023-2465: Inappropriate implementation in CORS
  * CVE-2023-2466: Inappropriate implementation in Prompts
  * CVE-2023-2467: Inappropriate implementation in Prompts
  * CVE-2023-2468: Inappropriate implementation in PictureInPicture
- drop chromium-94-sql-no-assert.patch
- drop no-location-leap151.patch
- add chromium-113-webview-namespace.patch
- add chromium-113-webauth-include-variant.patch
- add chromium-113-typename.patch
- add chromium-113-workaround_clang_bug-structured_binding.patch
Version: 112.0.5615.165-bp154.2.84.1
* Wed Apr 19 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 112.0.5615.165 (boo#1210618):
  * CVE-2023-2133: Out of bounds memory access in Service Worker API
  * CVE-2023-2134: Out of bounds memory access in Service Worker API
  * CVE-2023-2135: Use after free in DevTools
  * CVE-2023-2136: Integer overflow in Skia
  * CVE-2023-2137: Heap buffer overflow in sqlite
- drop chromium-112-feed_protos.patch
Version: 112.0.5615.121-bp154.2.79.1
* Sun Apr 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix Leap 15.4 build failures from default comparison operators
  defined outside of the class definition, a C++20 feature
  adding chromium-112-default-comparison-operators.patch
* Sat Apr 15 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 112.0.5615.121:
  * CVE-2023-2033: Type Confusion in V8 (boo#1210478)
* Fri Apr 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Revert a breaking change with chromium-112-feed_protos.patch
* Tue Apr 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 112.0.5615.49
  * CSS now supports nesting rules.
  * The algorithm to set the initial focus on <dialog> elements was updated.
  * No-op fetch() handlers on service workers are skipped from now on to make navigations faster
  * The setter for document.domain is now deprecated.
  * The recorder in devtools can now record with pierce selectors.
  * Security fixes (boo#1210126):
  * CVE-2023-1810: Heap buffer overflow in Visuals
  * CVE-2023-1811: Use after free in Frames
  * CVE-2023-1812: Out of bounds memory access in DOM Bindings
  * CVE-2023-1813: Inappropriate implementation in Extensions
  * CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2023-1815: Use after free in Networking APIs
  * CVE-2023-1816: Incorrect security UI in Picture In Picture
  * CVE-2023-1817: Insufficient policy enforcement in Intents
  * CVE-2023-1818: Use after free in Vulkan
  * CVE-2023-1819: Out of bounds read in Accessibility
  * CVE-2023-1820: Heap buffer overflow in Browser History
  * CVE-2023-1821: Inappropriate implementation in WebShare
  * CVE-2023-1822: Incorrect security UI in Navigation
  * CVE-2023-1823: Inappropriate implementation in FedCM
* Mon Mar 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.147:
  * nth-child() validation performance regression for SAP apps
* Thu Mar 23 2023 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update gcc13-fix.patch with few fixes required for aarch64,
  borrowed from Fedora's gcc13 patch
Version: 111.0.5563.110-bp154.2.76.1
* Wed Mar 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.110 (boo#1209598)
  * CVE-2023-1528: Use after free in Passwords
  * CVE-2023-1529: Out of bounds memory access in WebHID
  * CVE-2023-1530: Use after free in PDF
  * CVE-2023-1531: Use after free in ANGLE
  * CVE-2023-1532: Out of bounds read in GPU Video
  * CVE-2023-1533: Use after free in WebProtect
  * CVE-2023-1534: Out of bounds read in ANGLE
* Mon Mar 20 2023 Martin Liška <mliska@suse.cz>
- Add gcc13-fix.patch in order to support GCC 13.
* Thu Mar 09 2023 Callum Farmer <gmbr3@opensuse.org>
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
* Thu Mar 09 2023 Callum Farmer <gmbr3@opensuse.org>
- Bump Leap's GCC to 12 as Chromium really likes newer standards
Version: 79.0.3945.130-bp151.3.56.3
* Sat Jan 18 2020 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 79.0.3945.130 boo#1161252:
  * CVE-2020-6378: Use-after-free in speech recognizer
  * CVE-2020-6379: Use-after-free in speech recognizer
  * CVE-2020-6380: Extension message verification error
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 79.0.3945.130-28.1
* Sat Jan 18 2020 andreas.stieger@gmx.de
- Update to 79.0.3945.130 boo#1161252:
  * CVE-2020-6378: Use-after-free in speech recognizer
  * CVE-2020-6379: Use-after-free in speech recognizer
  * CVE-2020-6380: Extension message verification error
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 79.0.3945.117-bp151.3.41.1
* Wed Jan 08 2020 Tomá? Chvátal <tchvatal@suse.com>
- Update to 79.0.3945.117 bsc#1160337:
  * CVE-2020-6377: Use after free in audio
  * Various fixes from internal audits, fuzzing and other initiatives
* Mon Dec 30 2019 Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Drop obsolete liboil BuildRequires.
Version: 79.0.3945.117-25.1
* Wed Jan 08 2020 tchvatal@suse.com
- Update to 79.0.3945.117 bsc#1160337:
  * CVE-2020-6377: Use after free in audio
  * Various fixes from internal audits, fuzzing and other initiatives
* Mon Dec 30 2019 stefan.bruens@rwth-aachen.de
- Drop obsolete liboil BuildRequires.
Version: 78.0.3904.97-bp150.246.1
* Fri Nov 08 2019 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 78.0.3904.97 boo#1156172:
  * Various security fixes from internal audits, fuzzing and other
    initiatives
* Wed Nov 06 2019 Tomá? Chvátal <tchvatal@suse.com>
- Keep just one conditional for vaapi enablement
* Mon Nov 04 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add more magic for zlib handling for SLE12 build
* Mon Nov 04 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patch trying to build on SLE12:
  * chromium-old-glibc-noexcept.patch
Version: 78.0.3904.97-13.1
* Fri Nov 08 2019 andreas.stieger@gmx.de
- Update to 78.0.3904.97 boo#1156172:
  * Various security fixes from internal audits, fuzzing and other
    initiatives
* Wed Nov 06 2019 tchvatal@suse.com
- Keep just one conditional for vaapi enablement
Version: 78.0.3904.87-bp150.243.1
* Fri Nov 01 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 78.0.3904.87 bsc#1155643:
  * CVE-2019-13721: Use-after-free in PDFium
  * CVE-2019-13720: Use-after-free in audio
* Wed Oct 30 2019 Martin Li?ka <mliska@suse.cz>
- Enable LTO again with disabled parallel LTO WPA streaming.
Version: 78.0.3904.87-10.1
* Mon Nov 04 2019 tchvatal@suse.com
- Add more magic for zlib handling for SLE12 build
* Mon Nov 04 2019 tchvatal@suse.com
- Add patch trying to build on SLE12:
  * chromium-old-glibc-noexcept.patch
* Fri Nov 01 2019 tchvatal@suse.com
- Update to 78.0.3904.87 bsc#1155643:
  * CVE-2019-13721: Use-after-free in PDFium
  * CVE-2019-13720: Use-after-free in audio
* Wed Oct 30 2019 mliska@suse.cz
- Enable LTO again with disabled parallel LTO WPA streaming.
* Fri Oct 25 2019 tchvatal@suse.com
- Disable LTO for now as it consumes ~20GB of RAM, we will reenable
  the feature later when some memory consumption fixes land in
  GCC
* Thu Oct 24 2019 tchvatal@suse.com
- Adjust LDFLAGS settings for LTO to take memory-constraints into
  consideration
* Wed Oct 23 2019 tchvatal@suse.com
- Update to 78.0.3904.70 bsc#1154806:
  * CVE-2019-13699: Use-after-free in media
  * CVE-2019-13700: Buffer overrun in Blink
  * CVE-2019-13701: URL spoof in navigation
  * CVE-2019-13702: Privilege elevation in Installer
  * CVE-2019-13703: URL bar spoofing
  * CVE-2019-13704: CSP bypass
  * CVE-2019-13705: Extension permission bypass
  * CVE-2019-13706: Out-of-bounds read in PDFium
  * CVE-2019-13707: File storage disclosure
  * CVE-2019-13708: HTTP authentication spoof
  * CVE-2019-13709: File download protection bypass
  * CVE-2019-13710: File download protection bypass
  * CVE-2019-13711: Cross-context information leak
  * CVE-2019-15903: Buffer overflow in expat
  * CVE-2019-13713: Cross-origin data leak
  * CVE-2019-13714: CSS injection
  * CVE-2019-13715: Address bar spoofing
  * CVE-2019-13716: Service worker state error
  * CVE-2019-13717: Notification obscured
  * CVE-2019-13718: IDN spoof
  * CVE-2019-13719: Notification obscured
  * Various fixes from internal audits, fuzzing and other initiatives
- Add patches:
  * chromium-78-gcc-enum-range.patch
  * chromium-78-gcc-noexcept.patch
  * chromium-78-gcc-std-vector.patch
  * chromium-78-icon.patch
  * chromium-78-include.patch
  * chromium-78-noexcept.patch
  * chromium-78-pm-crash.patch
  * chromium-78-protobuf-export.patch
- Remove patches:
  * chromium-77-blink-include.patch
  * chromium-77-fix-gn-gen.patch
  * chromium-77-gcc-abstract.patch
  * chromium-77-gcc-include.patch
  * chromium-77-gcc-no-opt-safe-math.patch
  * chromium-77-no-cups.patch
  * chromium-77-std-string.patch
  * chromium-77-system-hb.patch
  * chromium-77.0.3865.120.tar.xz
  * chromium-77.0.3865.75-certificate-transparency.patch
- Rebase patches:
  * chromium-system-icu.patch
  * chromium-unbundle-zlib.patch
  * chromium-vaapi-fix.patch
  * chromium-vaapi.patch
  * old-libva.patch
  At revision 0ad55cb9e188d5926db26003b443eec9.
* Fri Oct 18 2019 hellcp@mailbox.org
- Use internal resources for icon and appdata
* Fri Oct 11 2019 tchvatal@suse.com
- Update to 77.0.3865.120 bsc#1153660:
  * CVE-2019-13693: Use-after-free in IndexedDB
  * CVE-2019-13694: Use-after-free in WebRTC
  * CVE-2019-13695: Use-after-free in audio
  * CVE-2019-13696: Use-after-free in V8
  * CVE-2019-13697: Cross-origin size leak.
  * Various fixes from internal audits, fuzzing and other initiatives
* Thu Sep 19 2019 suse@bugs.jan.ritzerfeld.org
- Added patch chromium-vaapi-fix.patch again to fix boo#1146219
* Wed Sep 18 2019 andreas.stieger@gmx.de
- update to chromium 77.0.3865.90 boo#1151229:
  * CVE-2019-13685: Use-after-free in UI
  * CVE-2019-13688: Use-after-free in media
  * CVE-2019-13687: Use-after-free in media
  * CVE-2019-13686: Use-after-free in offline pages
* Mon Sep 16 2019 tchvatal@suse.com
- Add patch from Fedora for cert transparency:
  * chromium-77.0.3865.75-certificate-transparency.patch
* Mon Sep 16 2019 tchvatal@suse.com
- Add patches from gentoo:
  * chromium-77-clang.patch
  * chromium-77-gcc-no-opt-safe-math.patch
  * chromium-77-no-cups.patch
  * chromium-77-std-string.patch
* Thu Sep 12 2019 tchvatal@suse.com
- Update patch old-libva.patch to build on openSUSE Leap 15.0
* Thu Sep 12 2019 tchvatal@suse.com
- Update patch old-libva.patch to build on openSUSE Leap 15.0
* Tue Sep 03 2019 tchvatal@suse.com
- Update to 76.0.3809.132 bsc#1149143 CVE-2019-5869:
  * CVE-2019-5869: Use-after-free in Blink
  * Various fixes from internal audits, fuzzing and other initiatives
- Refresh patch chromium-76-gcc-ambiguous-nodestructor.patch
* Mon Aug 19 2019 suse@bugs.jan.ritzerfeld.org
- Added patch chromium-vaapi-fix.patch to fix boo#1146219
* Mon Aug 12 2019 tchvatal@suse.com
- Update to 76.0.3809.100 bsc#1145242:
  * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
  * CVE-2019-5867: Out-of-bounds read in V8
* Thu Aug 08 2019 tchvatal@suse.com
- Add patches to fix few compilation issues:
  * chromium-angle-inline.patch
  * chromium-fix-char_traits.patch bsc#1144625
- Remove not properly applying old-glibc patch:
  * chromium-old-glibc.patch
- Disable various gcc warnings as upstream does not care and it
  just bloats the buildlog (from debian)
* Fri Aug 02 2019 tchvatal@suse.com
- Update to 76.0.3809.87 bsc#1143492:
  * CVE-2019-5850: Use-after-free in offline page fetcher
  * CVE-2019-5860: Use-after-free in PDFium
  * CVE-2019-5853: Memory corruption in regexp length check
  * CVE-2019-5851: Use-after-poison in offline audio context
  * CVE-2019-5859: res: URIs can load alternative browsers
  * CVE-2019-5856: Insufficient checks on filesystem: URI permissions
  * CVE-2019-5855: Integer overflow in PDFium
  * CVE-2019-5865: Site isolation bypass from compromised renderer
  * CVE-2019-5858: Insufficient filtering of Open URL service parameters
  * CVE-2019-5864: Insufficient port filtering in CORS for extensions
  * CVE-2019-5862: AppCache not robust to compromised renderers
  * CVE-2019-5861: Click location incorrectly checked
  * CVE-2019-5857: Comparison of -0 and null yields crash
  * CVE-2019-5854: Integer overflow in PDFium text rendering
  * CVE-2019-5852: Object leak of utility functions
  * Various fixes from internal audits, fuzzing and other initiatives
  * Not affected:
    + CVE-2019-5863: Use-after-free in WebUSB on Windows
- Added patches:
  * chromium-76-gcc-ambiguous-nodestructor.patch
  * chromium-76-gcc-blink-constexpr.patch
  * chromium-76-gcc-blink-namespace1.patch
  * chromium-76-gcc-blink-namespace2.patch
  * chromium-76-gcc-gl-init.patch
  * chromium-76-gcc-include.patch
  * chromium-76-gcc-noexcept.patch
  * chromium-76-gcc-private.patch
  * chromium-76-gcc-pure-virtual.patch
  * chromium-76-gcc-uint32.patch
  * chromium-76-gcc-vulkan.patch
  * chromium-76-quiche.patch
- Removed patches:
  * chromium-non-void-return.patch
  * chromium-75.0.3770.80-SIOCGSTAMP.patch
  * chromium-75.0.3770.80-pure-virtual-crash-fix.patch
  * chromium-gcc.patch
  * chromium-renderprocess-crash.patch
  * chromium-skia-system-fontconfig.patch
- Refreshed patches:
  * chromium-dma-buf.patch
  * chromium-drm.patch
  * chromium-libusb_interrupt_event_handler.patch
  * chromium-skia-aarch64-buildfix.patch
  * chromium-system-icu.patch
  * chromium-vaapi.patch
  * old-libva.patch
Version: 78.0.3904.70-bp150.240.1
* Fri Oct 25 2019 Tomá? Chvátal <tchvatal@suse.com>
- Disable LTO for now as it consumes ~20GB of RAM, we will reenable
  the feature later when some memory consumption fixes land in
  GCC
* Thu Oct 24 2019 Tomá? Chvátal <tchvatal@suse.com>
- Adjust LDFLAGS settings for LTO to take memory-constraints into
  consideration
* Wed Oct 23 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 78.0.3904.70 bsc#1154806:
  * CVE-2019-13699: Use-after-free in media
  * CVE-2019-13700: Buffer overrun in Blink
  * CVE-2019-13701: URL spoof in navigation
  * CVE-2019-13702: Privilege elevation in Installer
  * CVE-2019-13703: URL bar spoofing
  * CVE-2019-13704: CSP bypass
  * CVE-2019-13705: Extension permission bypass
  * CVE-2019-13706: Out-of-bounds read in PDFium
  * CVE-2019-13707: File storage disclosure
  * CVE-2019-13708: HTTP authentication spoof
  * CVE-2019-13709: File download protection bypass
  * CVE-2019-13710: File download protection bypass
  * CVE-2019-13711: Cross-context information leak
  * CVE-2019-15903: Buffer overflow in expat
  * CVE-2019-13713: Cross-origin data leak
  * CVE-2019-13714: CSS injection
  * CVE-2019-13715: Address bar spoofing
  * CVE-2019-13716: Service worker state error
  * CVE-2019-13717: Notification obscured
  * CVE-2019-13718: IDN spoof
  * CVE-2019-13719: Notification obscured
  * Various fixes from internal audits, fuzzing and other initiatives
- Add patches:
  * chromium-78-gcc-enum-range.patch
  * chromium-78-gcc-noexcept.patch
  * chromium-78-gcc-std-vector.patch
  * chromium-78-icon.patch
  * chromium-78-include.patch
  * chromium-78-noexcept.patch
  * chromium-78-pm-crash.patch
  * chromium-78-protobuf-export.patch
- Remove patches:
  * chromium-77-blink-include.patch
  * chromium-77-fix-gn-gen.patch
  * chromium-77-gcc-abstract.patch
  * chromium-77-gcc-include.patch
  * chromium-77-gcc-no-opt-safe-math.patch
  * chromium-77-no-cups.patch
  * chromium-77-std-string.patch
  * chromium-77-system-hb.patch
  * chromium-77.0.3865.120.tar.xz
  * chromium-77.0.3865.75-certificate-transparency.patch
- Rebase patches:
  * chromium-system-icu.patch
  * chromium-unbundle-zlib.patch
  * chromium-vaapi-fix.patch
  * chromium-vaapi.patch
  * old-libva.patch
  At revision 0ad55cb9e188d5926db26003b443eec9.
* Fri Oct 18 2019 Stasiek Michalski <hellcp@mailbox.org>
- Use internal resources for icon and appdata
Version: 78.0.3904.108-bp150.249.1
* Wed Nov 20 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 78.0.3904.108 bsc#1157269:
  * CVE-2019-13723: Use-after-free in Bluetooth
  * CVE-2019-13724: Out-of-bounds access in Bluetooth
  * Various fixes from internal audits, fuzzing and other initiatives
* Mon Nov 18 2019 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Fix build on aarch64 with:
  * chromium-79-icu-65.patch
Version: 77.0.3865.90-bp150.234.1
* Wed Sep 18 2019 Andreas Stieger <andreas.stieger@gmx.de>
- update to chromium 77.0.3865.90 boo#1151229:
  * CVE-2019-13685: Use-after-free in UI
  * CVE-2019-13688: Use-after-free in media
  * CVE-2019-13687: Use-after-free in media
  * CVE-2019-13686: Use-after-free in offline pages
Version: 77.0.3865.75-bp150.231.1
* Mon Sep 16 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patch from Fedora for cert transparency:
  * chromium-77.0.3865.75-certificate-transparency.patch
* Mon Sep 16 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patches from gentoo:
  * chromium-77-clang.patch
  * chromium-77-gcc-no-opt-safe-math.patch
  * chromium-77-no-cups.patch
  * chromium-77-std-string.patch
* Thu Sep 12 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update patch old-libva.patch to build on openSUSE Leap 15.0
* Thu Sep 12 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update patch old-libva.patch to build on openSUSE Leap 15.0
Version: 77.0.3865.120-bp150.237.1
* Fri Oct 11 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 77.0.3865.120 bsc#1153660:
  * CVE-2019-13693: Use-after-free in IndexedDB
  * CVE-2019-13694: Use-after-free in WebRTC
  * CVE-2019-13695: Use-after-free in audio
  * CVE-2019-13696: Use-after-free in V8
  * CVE-2019-13697: Cross-origin size leak.
  * Various fixes from internal audits, fuzzing and other initiatives
* Thu Sep 19 2019 Jan Ritzerfeld <suse@bugs.jan.ritzerfeld.org>
- Added patch chromium-vaapi-fix.patch again to fix boo#1146219
Version: 76.0.3809.87-bp150.220.1
* Thu Aug 08 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patches to fix few compilation issues:
  * chromium-angle-inline.patch
  * chromium-fix-char_traits.patch bsc#1144625
- Remove not properly applying old-glibc patch:
  * chromium-old-glibc.patch
- Disable various gcc warnings as upstream does not care and it
  just bloats the buildlog (from debian)
* Fri Aug 02 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 76.0.3809.87 bsc#1143492:
  * CVE-2019-5850: Use-after-free in offline page fetcher
  * CVE-2019-5860: Use-after-free in PDFium
  * CVE-2019-5853: Memory corruption in regexp length check
  * CVE-2019-5851: Use-after-poison in offline audio context
  * CVE-2019-5859: res: URIs can load alternative browsers
  * CVE-2019-5856: Insufficient checks on filesystem: URI permissions
  * CVE-2019-5855: Integer overflow in PDFium
  * CVE-2019-5865: Site isolation bypass from compromised renderer
  * CVE-2019-5858: Insufficient filtering of Open URL service parameters
  * CVE-2019-5864: Insufficient port filtering in CORS for extensions
  * CVE-2019-5862: AppCache not robust to compromised renderers
  * CVE-2019-5861: Click location incorrectly checked
  * CVE-2019-5857: Comparison of -0 and null yields crash
  * CVE-2019-5854: Integer overflow in PDFium text rendering
  * CVE-2019-5852: Object leak of utility functions
  * Various fixes from internal audits, fuzzing and other initiatives
  * Not affected:
    + CVE-2019-5863: Use-after-free in WebUSB on Windows
- Added patches:
  * chromium-76-gcc-ambiguous-nodestructor.patch
  * chromium-76-gcc-blink-constexpr.patch
  * chromium-76-gcc-blink-namespace1.patch
  * chromium-76-gcc-blink-namespace2.patch
  * chromium-76-gcc-gl-init.patch
  * chromium-76-gcc-include.patch
  * chromium-76-gcc-noexcept.patch
  * chromium-76-gcc-private.patch
  * chromium-76-gcc-pure-virtual.patch
  * chromium-76-gcc-uint32.patch
  * chromium-76-gcc-vulkan.patch
  * chromium-76-quiche.patch
- Removed patches:
  * chromium-non-void-return.patch
  * chromium-75.0.3770.80-SIOCGSTAMP.patch
  * chromium-75.0.3770.80-pure-virtual-crash-fix.patch
  * chromium-gcc.patch
  * chromium-renderprocess-crash.patch
  * chromium-skia-system-fontconfig.patch
- Refreshed patches:
  * chromium-dma-buf.patch
  * chromium-drm.patch
  * chromium-libusb_interrupt_event_handler.patch
  * chromium-skia-aarch64-buildfix.patch
  * chromium-system-icu.patch
  * chromium-vaapi.patch
  * old-libva.patch
* Tue Jul 30 2019 Tomá? Chvátal <tchvatal@suse.com>
- Do not use lto flags from prjconf, we need to set them using
  gn buildsystem
* Tue Jul 30 2019 Tomá? Chvátal <tchvatal@suse.com>
- Drop patch chromium-non-void-return.patch and just pass
  a cxxflags disabler for the check
Version: 78.0.3904.108-16.1
* Wed Nov 20 2019 tchvatal@suse.com
- Update to 78.0.3904.108 bsc#1157269:
  * CVE-2019-13723: Use-after-free in Bluetooth
  * CVE-2019-13724: Out-of-bounds access in Bluetooth
  * Various fixes from internal audits, fuzzing and other initiatives
* Mon Nov 18 2019 guillaume.gardet@opensuse.org
- Fix build on aarch64 with:
  * chromium-79-icu-65.patch
Version: 76.0.3809.132-bp150.228.1
* Tue Sep 03 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 76.0.3809.132 bsc#1149143 CVE-2019-5869:
  * CVE-2019-5869: Use-after-free in Blink
  * Various fixes from internal audits, fuzzing and other initiatives
- Refresh patch chromium-76-gcc-ambiguous-nodestructor.patch
* Mon Aug 19 2019 Jan Ritzerfeld <suse@bugs.jan.ritzerfeld.org>
- Added patch chromium-vaapi-fix.patch to fix boo#1146219
Version: 76.0.3809.100-bp150.223.1
* Mon Aug 12 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 76.0.3809.100 bsc#1145242:
  * CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction
  * CVE-2019-5867: Out-of-bounds read in V8
Version: 75.0.3770.90-bp150.213.3
* Fri Jun 14 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 75.0.3770.90 bsc#1137332 bsc#1138287:
  * CVE-2019-5842: Use-after-free in Blink.
* Tue Jun 11 2019 Tomá? Chvátal <tchvatal@suse.com>
- Fix build with kernel 5.2 and avoid runtime crash due to pure virtual
  declaration:
  * chromium-75.0.3770.80-SIOCGSTAMP.patch
  * chromium-75.0.3770.80-pure-virtual-crash-fix.patch
* Sat Jun 08 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update old-libva.patch to make sure we build on Leap 42.3
* Fri Jun 07 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 75.0.3770.80 bsc#1137332:
  * CVE-2019-5828: Use after free in ServiceWorker
  * CVE-2019-5829: Use after free in Download Manager
  * CVE-2019-5830: Incorrectly credentialed requests in CORS
  * CVE-2019-5831: Incorrect map processing in V8
  * CVE-2019-5832: Incorrect CORS handling in XHR
  * CVE-2019-5833: Inconsistent security UI placemen
  * CVE-2019-5835: Out of bounds read in Swiftshader
  * CVE-2019-5836: Heap buffer overflow in Angle
  * CVE-2019-5837: Cross-origin resources size disclosure in Appcache
  * CVE-2019-5838: Overly permissive tab access in Extensions
  * CVE-2019-5839: Incorrect handling of certain code points in Blink
  * CVE-2019-5840: Popup blocker bypass
  * Various fixes from internal audits, fuzzing and other initiatives
  * CVE-2019-5834: URL spoof in Omnibox on iOS
- Remove merged patchsets:
  * 00-basevalue.patch
  * 01-basevalue.patch
  * 02-basevalue.patch
  * 03-basevalue.patch
  * 04-basevalue.patch
  * 05-basevalue.patch
  * 06-basevalue.patch
  * chromium-fix-crc32-for-aarch64.patch
  * quic.patch
- Update patches:
  * chromium-gcc.patch
  * chromium-non-void-return.patch
  * chromium-vaapi.patch
  * old-libva.patch
* Tue May 28 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 74.0.3729.169:
  * Feature fixes update only
Version: 75.0.3770.90-2.1
* Fri Jun 14 2019 tchvatal@suse.com
- Update to 75.0.3770.90 bsc#1137332 bsc#1138287:
  * CVE-2019-5842: Use-after-free in Blink.
* Tue Jun 11 2019 tchvatal@suse.com
- Fix build with kernel 5.2 and avoid runtime crash due to pure virtual
  declaration:
  * chromium-75.0.3770.80-SIOCGSTAMP.patch
  * chromium-75.0.3770.80-pure-virtual-crash-fix.patch
* Sat Jun 08 2019 tchvatal@suse.com
- Update old-libva.patch to make sure we build on Leap 42.3
* Fri Jun 07 2019 tchvatal@suse.com
- Update to 75.0.3770.80 bsc#1137332:
  * CVE-2019-5828: Use after free in ServiceWorker
  * CVE-2019-5829: Use after free in Download Manager
  * CVE-2019-5830: Incorrectly credentialed requests in CORS
  * CVE-2019-5831: Incorrect map processing in V8
  * CVE-2019-5832: Incorrect CORS handling in XHR
  * CVE-2019-5833: Inconsistent security UI placemen
  * CVE-2019-5835: Out of bounds read in Swiftshader
  * CVE-2019-5836: Heap buffer overflow in Angle
  * CVE-2019-5837: Cross-origin resources size disclosure in Appcache
  * CVE-2019-5838: Overly permissive tab access in Extensions
  * CVE-2019-5839: Incorrect handling of certain code points in Blink
  * CVE-2019-5840: Popup blocker bypass
  * Various fixes from internal audits, fuzzing and other initiatives
  * CVE-2019-5834: URL spoof in Omnibox on iOS
- Remove merged patchsets:
  * 00-basevalue.patch
  * 01-basevalue.patch
  * 02-basevalue.patch
  * 03-basevalue.patch
  * 04-basevalue.patch
  * 05-basevalue.patch
  * 06-basevalue.patch
  * chromium-fix-crc32-for-aarch64.patch
  * quic.patch
- Update patches:
  * chromium-gcc.patch
  * chromium-non-void-return.patch
  * chromium-vaapi.patch
  * old-libva.patch
* Tue May 28 2019 tchvatal@suse.com
- Update to 74.0.3729.169:
  * Feature fixes update only
* Sun May 19 2019 andreas.stieger@gmx.de
- Update to 74.0.3729.157:
  * Various security fixes from internal audits, fuzzing and other
    initiatives
- includes security fixes from 74.0.3729.131 (boo#1134218):
  * CVE-2019-5827: Out-of-bounds access in SQLite
  * CVE-2019-5824: Parameter passing error in media player
* Tue May 07 2019 guillaume.gardet@opensuse.org
- Add patch to fix build on aarch64:
  * chromium-fix-crc32-for-aarch64.patch
* Tue Apr 30 2019 tchvatal@suse.com
- Update to 74.0.3729.108 bsc#1133313:
  * CVE-2019-5805: Use after free in PDFium
  * CVE-2019-5806: Integer overflow in Angle
  * CVE-2019-5807: Memory corruption in V8
  * CVE-2019-5808: Use after free in Blink
  * CVE-2019-5809: Use after free in Blink
  * CVE-2019-5810: User information disclosure in Autofill
  * CVE-2019-5811: CORS bypass in Blink
  * CVE-2019-5813: Out of bounds read in V8
  * CVE-2019-5814: CORS bypass in Blink
  * CVE-2019-5815: Heap buffer overflow in Blink
  * CVE-2019-5818: Uninitialized value in media reader
  * CVE-2019-5819: Incorrect escaping in developer tools
  * CVE-2019-5820: Integer overflow in PDFium
  * CVE-2019-5821: Integer overflow in PDFium
  * CVE-2019-5822: CORS bypass in download manager
  * CVE-2019-5823: Forced navigation from service worker
  * CVE-2019-5812: URL spoof in Omnibox on iOS
  * CVE-2019-5816: Exploit persistence extension on Android
  * CVE-2019-5817: Heap buffer overflow in Angle on Windows
- Add patches:
  * 00-basevalue.patch
  * 01-basevalue.patch
  * 02-basevalue.patch
  * 03-basevalue.patch
  * 04-basevalue.patch
  * 05-basevalue.patch
  * 06-basevalue.patch
  * old-libva.patch
  * quic.patch
- Remove patches:
  * chromium-73.0.3683.75-pipewire-cstring-fix.patch
  * chromium-fix_crashpad.patch
  * chromium-fix_swiftshader.patch
  * chromium-old-libva.patch
- Rebase patches:
  * chromium-gcc.patch
  * chromium-non-void-return.patch
  * chromium-old-glibc.patch
* Fri Apr 05 2019 tchvatal@suse.com
- Update to 73.0.3686.103:
  * Various feature fixes
* Mon Mar 25 2019 tchvatal@suse.com
- Add patch for pipewire build:
  * chromium-73.0.3683.75-pipewire-cstring-fix.patch
* Mon Mar 25 2019 tchvatal@suse.com
- Update to 73.0.3683.86:
  * Just feature fixes around
- Refresh patch:
  * chromium-non-void-return.patch
* Thu Mar 21 2019 tchvatal@suse.com
- Update conditions to use system harfbuzz on TW+
- Require java during build
- Enable using pipewire when available
- Rebase chromium-vaapi.patch to match up the Fedora one
* Wed Mar 13 2019 tchvatal@suse.com
- Update to 73.0.3683.75 bsc#1129059:
  * CVE-2019-5787: Use after free in Canvas.
  * CVE-2019-5788: Use after free in FileAPI.
  * CVE-2019-5789: Use after free in WebMIDI.
  * CVE-2019-5790: Heap buffer overflow in V8.
  * CVE-2019-5791: Type confusion in V8.
  * CVE-2019-5792: Integer overflow in PDFium.
  * CVE-2019-5793: Excessive permissions for private API in Extensions.
  * CVE-2019-5794: Security UI spoofing.
  * CVE-2019-5795: Integer overflow in PDFium.
  * CVE-2019-5796: Race condition in Extensions.
  * CVE-2019-5797: Race condition in DOMStorage.
  * CVE-2019-5798: Out of bounds read in Skia.
  * CVE-2019-5799: CSP bypass with blob URL.
  * CVE-2019-5800: CSP bypass with blob URL.
  * CVE-2019-5801: Incorrect Omnibox display on iOS.
  * CVE-2019-5802: Security UI spoofing.
  * CVE-2019-5803: CSP bypass with Javascript URLs'.
  * CVE-2019-5804: Command line command injection on Windows.
- Update patches:
  * chromium-buildname.patch
  * chromium-non-void-return.patch
  * chromium-old-glibc.patch
  * chromium-old-libva.patch
  * chromium-vaapi.patch
- Removed patches:
  * chromium-crashpad-fix_aarch64.patch
  * chromium-webrtc-includes.patch
- Added patches:
  * chromium-gcc.patch
  * chromium-fix_crashpad.patch
Version: 75.0.3770.142-bp150.217.1
* Wed Jul 17 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update gcc-enable-lto.patch to work on systems without the
  lto
* Tue Jul 16 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 75.0.3770.142 bsc#1141649:
  * CVE-2019-5847: V8 sealed/frozen elements cause crash
  * CVE-2019-5848: Font sizes may expose sensitive information
- Add patch chromium-renderprocess-crash.patch to hopefully fix
  bsc#1141102
* Tue Jul 02 2019 Martin Li?ka <mliska@suse.cz>
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
  gcc-lto-rsp-clobber.patch patches.
* Tue Jul 02 2019 Tomá? Chvátal <tchvatal@suse.com>
- Install manpage
* Wed Jun 19 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 75.0.3770.100:
  * This is just feature fixes update
Version: 75.0.3770.142-7.1
* Wed Jul 17 2019 tchvatal@suse.com
- Update gcc-enable-lto.patch to work on systems without the
  lto
* Tue Jul 16 2019 tchvatal@suse.com
- Update to 75.0.3770.142 bsc#1141649:
  * CVE-2019-5847: V8 sealed/frozen elements cause crash
  * CVE-2019-5848: Font sizes may expose sensitive information
- Add patch chromium-renderprocess-crash.patch to hopefully fix
  bsc#1141102
* Tue Jul 02 2019 mliska@suse.cz
- Enable LTO for x86_64 - add gcc-enable-lto.patch and
  gcc-lto-rsp-clobber.patch patches.
* Tue Jul 02 2019 tchvatal@suse.com
- Install manpage
* Wed Jun 19 2019 tchvatal@suse.com
- Update to 75.0.3770.100:
  * This is just feature fixes update
Version: 74.0.3729.157-bp150.210.1
* Sun May 19 2019 Andreas Stieger <andreas.stieger@gmx.de>
- Update to 74.0.3729.157:
  * Various security fixes from internal audits, fuzzing and other
    initiatives
- includes security fixes from 74.0.3729.131 (boo#1134218):
  * CVE-2019-5827: Out-of-bounds access in SQLite
  * CVE-2019-5824: Parameter passing error in media player
* Tue May 07 2019 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Add patch to fix build on aarch64:
  * chromium-fix-crc32-for-aarch64.patch
Version: 74.0.3729.108-bp150.207.1
* Tue Apr 30 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 74.0.3729.108 bsc#1133313:
  * CVE-2019-5805: Use after free in PDFium
  * CVE-2019-5806: Integer overflow in Angle
  * CVE-2019-5807: Memory corruption in V8
  * CVE-2019-5808: Use after free in Blink
  * CVE-2019-5809: Use after free in Blink
  * CVE-2019-5810: User information disclosure in Autofill
  * CVE-2019-5811: CORS bypass in Blink
  * CVE-2019-5813: Out of bounds read in V8
  * CVE-2019-5814: CORS bypass in Blink
  * CVE-2019-5815: Heap buffer overflow in Blink
  * CVE-2019-5818: Uninitialized value in media reader
  * CVE-2019-5819: Incorrect escaping in developer tools
  * CVE-2019-5820: Integer overflow in PDFium
  * CVE-2019-5821: Integer overflow in PDFium
  * CVE-2019-5822: CORS bypass in download manager
  * CVE-2019-5823: Forced navigation from service worker
  * CVE-2019-5812: URL spoof in Omnibox on iOS
  * CVE-2019-5816: Exploit persistence extension on Android
  * CVE-2019-5817: Heap buffer overflow in Angle on Windows
- Add patches:
  * 00-basevalue.patch
  * 01-basevalue.patch
  * 02-basevalue.patch
  * 03-basevalue.patch
  * 04-basevalue.patch
  * 05-basevalue.patch
  * 06-basevalue.patch
  * old-libva.patch
  * quic.patch
- Remove patches:
  * chromium-73.0.3683.75-pipewire-cstring-fix.patch
  * chromium-fix_crashpad.patch
  * chromium-fix_swiftshader.patch
  * chromium-old-libva.patch
- Rebase patches:
  * chromium-gcc.patch
  * chromium-non-void-return.patch
  * chromium-old-glibc.patch
* Fri Apr 05 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 73.0.3686.103:
  * Various feature fixes
* Mon Mar 25 2019 Tomá? Chvátal <tchvatal@suse.com>
- Add patch for pipewire build:
  * chromium-73.0.3683.75-pipewire-cstring-fix.patch
* Mon Mar 25 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 73.0.3683.86:
  * Just feature fixes around
- Refresh patch:
  * chromium-non-void-return.patch
* Thu Mar 21 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update conditions to use system harfbuzz on TW+
- Require java during build
- Enable using pipewire when available
- Rebase chromium-vaapi.patch to match up the Fedora one
Version: 73.0.3683.75-bp151.5.6
* Wed Mar 13 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 73.0.3683.75 bsc#1129059:
  * CVE-2019-5787: Use after free in Canvas.
  * CVE-2019-5788: Use after free in FileAPI.
  * CVE-2019-5789: Use after free in WebMIDI.
  * CVE-2019-5790: Heap buffer overflow in V8.
  * CVE-2019-5791: Type confusion in V8.
  * CVE-2019-5792: Integer overflow in PDFium.
  * CVE-2019-5793: Excessive permissions for private API in Extensions.
  * CVE-2019-5794: Security UI spoofing.
  * CVE-2019-5795: Integer overflow in PDFium.
  * CVE-2019-5796: Race condition in Extensions.
  * CVE-2019-5797: Race condition in DOMStorage.
  * CVE-2019-5798: Out of bounds read in Skia.
  * CVE-2019-5799: CSP bypass with blob URL.
  * CVE-2019-5800: CSP bypass with blob URL.
  * CVE-2019-5801: Incorrect Omnibox display on iOS.
  * CVE-2019-5802: Security UI spoofing.
  * CVE-2019-5803: CSP bypass with Javascript URLs'.
  * CVE-2019-5804: Command line command injection on Windows.
- Update patches:
  * chromium-buildname.patch
  * chromium-non-void-return.patch
  * chromium-old-glibc.patch
  * chromium-old-libva.patch
  * chromium-vaapi.patch
- Removed patches:
  * chromium-crashpad-fix_aarch64.patch
  * chromium-webrtc-includes.patch
- Added patches:
  * chromium-gcc.patch
  * chromium-fix_crashpad.patch
* Fri Oct 19 2018 Tomá? Chvátal <tchvatal@suse.com>
- Add back chromium-old-glibc.patch to make sure we build on 42.3
- Reduce the merge number on jumbo files to reduce memory usage bit
Version: 72.0.3626.96-bp150.2.32.1
* Mon Feb 11 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 72.0.3626.96 bsc#1124936:
  * CVE-2019-5784: Inappropriate implementation in V8
* Mon Feb 11 2019 Simon Lees <sflees@suse.de>
- Provide web_browser so chromium can be installed instead of firefox.
* Wed Jan 30 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 72.0.3626.81 bsc#1123641:
  * CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad on 2018-12-12
  * CVE-2019-5782:  Inappropriate implementation in V8. Reported by Qixun Zhao of Qihoo 360 Vulcan Team via Tianfu Cup on 2018-11-16
  * CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya on 2018-12-10
  * CVE-2019-5756: Use after free in PDFium. Reported by Anonymous on 2018-10-14
  * CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis, Microsoft Browser Vulnerability Research on 2018-12-15
  * CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-11
  * CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin on 2018-12-05
  * CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-05
  * CVE-2019-5761: Use after free in SwiftShader. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-13
  * CVE-2019-5762: Use after free in PDFium. Reported by Anonymous on 2018-10-31
  * CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-12-13
  * CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin from Check Point Software Technologies on 2018-12-09
  * CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin (@bagipro) on 2019-01-16
  * CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg on 2018-11-20
  * CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao from Indiana University Bloomington on 2018-11-06
  * CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu on 2018-01-24
  * CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel on 2018-12-11
  * CVE-2019-5770: Heap buffer overflow in WebGL. Reported by  hemidallt@ on 2018-11-27
  * CVE-2019-5771: Heap buffer overflow in SwiftShader. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-12
  * CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-11-26
  * CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2018-12-24
  * CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang (ultract) and Juno Im on 2018-11-11
  * CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
  * CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang on 2018-07-14
  * CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani on 2018-06-04
  * CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg on 2019-01-02
  * CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg on 2018-11-11
  * CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg (folivora.AI GmbH) on 2018-10-03
  * CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
- Added patches:
  * chromium-crashpad-fix_aarch64.patch
  * chromium-fix_swiftshader.patch
  * chromium-webrtc-includes.patch
- Obsoleted patches:
  * chromium-gcc8-alignof.patch
  * chromium-initialize-list.patch
- Updated patches:
  * chromium-dma-buf.patch
  * chromium-non-void-return.patch
  * chromium-skia-system-fontconfig.patch
  * chromium-system-icu.patch
  * chromium-vaapi.patch
- Try to reduce constraints to avoid being so much just in
  scheduled state
Version: 72.0.3626.96-88.1
* Mon Feb 11 2019 tchvatal@suse.com
- Update to 72.0.3626.96 bsc#1124936:
  * CVE-2019-5784: Inappropriate implementation in V8
* Mon Feb 11 2019 sflees@suse.de
- Provide web_browser so chromium can be installed instead of firefox.
* Wed Jan 30 2019 tchvatal@suse.com
- Update to 72.0.3626.81 bsc#1123641:
  * CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad on 2018-12-12
  * CVE-2019-5782:  Inappropriate implementation in V8. Reported by Qixun Zhao of Qihoo 360 Vulcan Team via Tianfu Cup on 2018-11-16
  * CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya on 2018-12-10
  * CVE-2019-5756: Use after free in PDFium. Reported by Anonymous on 2018-10-14
  * CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis, Microsoft Browser Vulnerability Research on 2018-12-15
  * CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-11
  * CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin on 2018-12-05
  * CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-12-05
  * CVE-2019-5761: Use after free in SwiftShader. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-13
  * CVE-2019-5762: Use after free in PDFium. Reported by Anonymous on 2018-10-31
  * CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong of Alpha Team, Qihoo 360 on 2018-12-13
  * CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin from Check Point Software Technologies on 2018-12-09
  * CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin (@bagipro) on 2019-01-16
  * CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg on 2018-11-20
  * CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao from Indiana University Bloomington on 2018-11-06
  * CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu on 2018-01-24
  * CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel on 2018-12-11
  * CVE-2019-5770: Heap buffer overflow in WebGL. Reported by  hemidallt@ on 2018-11-27
  * CVE-2019-5771: Heap buffer overflow in SwiftShader. Reported by Zhe Jin?????Luyao Liu(???) from Chengdu Security Response Center of Qihoo 360 Technology Co. Ltd on 2018-11-12
  * CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-11-26
  * CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang of Tencent's Xuanwu Lab (xlab.tencent.com) on 2018-12-24
  * CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang (ultract) and Juno Im on 2018-11-11
  * CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
  * CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang on 2018-07-14
  * CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani on 2018-06-04
  * CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg on 2019-01-02
  * CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg on 2018-11-11
  * CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg (folivora.AI GmbH) on 2018-10-03
  * CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 of Bilibili Security Team on 2018-10-18
- Added patches:
  * chromium-crashpad-fix_aarch64.patch
  * chromium-fix_swiftshader.patch
  * chromium-webrtc-includes.patch
- Obsoleted patches:
  * chromium-gcc8-alignof.patch
  * chromium-initialize-list.patch
- Updated patches:
  * chromium-dma-buf.patch
  * chromium-non-void-return.patch
  * chromium-skia-system-fontconfig.patch
  * chromium-system-icu.patch
  * chromium-vaapi.patch
- Try to reduce constraints to avoid being so much just in
  scheduled state
Version: 72.0.3626.121-bp150.2.37.1
* Mon Mar 04 2019 Tomá? Chvátal <tchvatal@suse.com>
- Drop direct dependency on libgsm, we just need the devel
* Sat Mar 02 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 72.0.3626.121:
  * fixes bsc#1127602 CVE-2019-5786
* Mon Feb 25 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 72.0.3626.119:
  * Feature fixes update only
* Wed Feb 20 2019 Tomá? Chvátal <tchvatal@suse.com>
- Update to 72.0.3626.109:
  * This is just feature fixes update
Version: 72.0.3626.121-92.1
* Mon Mar 04 2019 tchvatal@suse.com
- Drop direct dependency on libgsm, we just need the devel
* Sat Mar 02 2019 tchvatal@suse.com
- Update to 72.0.3626.121:
  * fixes bsc#1127602 CVE-2019-5786
* Mon Feb 25 2019 tchvatal@suse.com
- Update to 72.0.3626.119:
  * Feature fixes update only
* Wed Feb 20 2019 tchvatal@suse.com
- Update to 72.0.3626.109:
  * This is just feature fixes update
Version: 71.0.3578.98-bp150.2.29.1
* Wed Jan 02 2019 Tomá? Chvátal <tchvatal@suse.com>
- Tweak fix_building_widevinecdm_with_chromium.patch to make it
  work again bsc#1120429
* Fri Dec 14 2018 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update %arm build, but keep it disabled for now, as ld requires
  lots of RAM
Version: 71.0.3578.98-bp150.2.26.1
* Thu Dec 13 2018 Tomá? Chvátal <tchvatal@suse.com>
- Version update to 71.0.3578.98 bsc#1119364:
  * CVE-2018-17481: Use after free in PDFium
- Redo chromium-old-libva.patch
* Fri Dec 07 2018 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Increase %limit_build value to avoid OOM
Version: 71.0.3578.98-83.1
* Wed Jan 02 2019 tchvatal@suse.com
- Tweak fix_building_widevinecdm_with_chromium.patch to make it
  work again bsc#1120429
* Fri Dec 14 2018 guillaume.gardet@opensuse.org
- Update %arm build, but keep it disabled for now, as ld requires
  lots of RAM
Version: 71.0.3578.98-80.1
* Thu Dec 13 2018 tchvatal@suse.com
- Version update to 71.0.3578.98 bsc#1119364:
  * CVE-2018-17481: Use after free in PDFium
- Redo chromium-old-libva.patch
* Fri Dec 07 2018 guillaume.gardet@opensuse.org
- Increase %limit_build value to avoid OOM
* Thu Dec 06 2018 tchvatal@suse.com
- Add patch to build on Leap 42.x:
  * chromium-old-libva.patch
* Thu Dec 06 2018 tchvatal@suse.com
- Version update to 71.0.3578.80 bsc#1118529:
  - CVE-2018-17480: Out of bounds write in V8
  - CVE-2018-17481: Use after frees in PDFium
  - CVE-2018-18335: Heap buffer overflow in Skia
  - CVE-2018-18336: Use after free in PDFium
  - CVE-2018-18337: Use after free in Blink
  - CVE-2018-18338: Heap buffer overflow in Canvas
  - CVE-2018-18339: Use after free in WebAudio
  - CVE-2018-18340: Use after free in MediaRecorder
  - CVE-2018-18341: Heap buffer overflow in Blink
  - CVE-2018-18342: Out of bounds write in V8
  - CVE-2018-18343: Use after free in Skia
  - CVE-2018-18344: Inappropriate implementation in Extensions
  - Multiple issues in SQLite via WebSQL
  - CVE-2018-18345: Inappropriate implementation in Site Isolation
  - CVE-2018-18346: Incorrect security UI in Blink
  - CVE-2018-18347: Inappropriate implementation in Navigation
  - CVE-2018-18348: Inappropriate implementation in Omnibox
  - CVE-2018-18349: Insufficient policy enforcement in Blink
  - CVE-2018-18350: Insufficient policy enforcement in Blink
  - CVE-2018-18351: Insufficient policy enforcement in Navigation
  - CVE-2018-18352: Inappropriate implementation in Media
  - CVE-2018-18353: Inappropriate implementation in Network Authentication
  - CVE-2018-18354: Insufficient data validation in Shell Integration
  - CVE-2018-18355: Insufficient policy enforcement in URL Formatter
  - CVE-2018-18356: Use after free in Skia
  - CVE-2018-18357: Insufficient policy enforcement in URL Formatter
  - CVE-2018-18358: Insufficient policy enforcement in Proxy.
  - CVE-2018-18359: Out of bounds read in V8
  - Inappropriate implementation in PDFium
  - Use after free in Extensions
  - Inappropriate implementation in Navigation
  - Insufficient policy enforcement in Navigation
  - Insufficient policy enforcement in URL Formatter
  - Various fixes from internal audits, fuzzing and other initiatives
- Updated/refreshed patches:
  * fix_building_widevinecdm_with_chromium.patch
  * chromium-vaapi.patch
  * chromium-skia-aarch64-buildfix.patch
  * chromium-prop-codecs.patch
  * chromium-non-void-return.patch
- Removed patches:
  * chromium-gcc8-constexpr.patch
  * chromium-libva1.patch
  * chromium-pdfium-include.patch
  * chromium-warnings.patch
- Added patches:
  * chromium-initialize-list.patch
Version: 71.0.3578.80-bp150.2.23.1
* Thu Dec 06 2018 Tomá? Chvátal <tchvatal@suse.com>
- Add patch to build on Leap 42.x:
  * chromium-old-libva.patch
* Thu Dec 06 2018 Tomá? Chvátal <tchvatal@suse.com>
- Version update to 71.0.3578.80 bsc#1118529:
  - CVE-2018-17480: Out of bounds write in V8
  - CVE-2018-17481: Use after frees in PDFium
  - CVE-2018-18335: Heap buffer overflow in Skia
  - CVE-2018-18336: Use after free in PDFium
  - CVE-2018-18337: Use after free in Blink
  - CVE-2018-18338: Heap buffer overflow in Canvas
  - CVE-2018-18339: Use after free in WebAudio
  - CVE-2018-18340: Use after free in MediaRecorder
  - CVE-2018-18341: Heap buffer overflow in Blink
  - CVE-2018-18342: Out of bounds write in V8
  - CVE-2018-18343: Use after free in Skia
  - CVE-2018-18344: Inappropriate implementation in Extensions
  - Multiple issues in SQLite via WebSQL
  - CVE-2018-18345: Inappropriate implementation in Site Isolation
  - CVE-2018-18346: Incorrect security UI in Blink
  - CVE-2018-18347: Inappropriate implementation in Navigation
  - CVE-2018-18348: Inappropriate implementation in Omnibox
  - CVE-2018-18349: Insufficient policy enforcement in Blink
  - CVE-2018-18350: Insufficient policy enforcement in Blink
  - CVE-2018-18351: Insufficient policy enforcement in Navigation
  - CVE-2018-18352: Inappropriate implementation in Media
  - CVE-2018-18353: Inappropriate implementation in Network Authentication
  - CVE-2018-18354: Insufficient data validation in Shell Integration
  - CVE-2018-18355: Insufficient policy enforcement in URL Formatter
  - CVE-2018-18356: Use after free in Skia
  - CVE-2018-18357: Insufficient policy enforcement in URL Formatter
  - CVE-2018-18358: Insufficient policy enforcement in Proxy.
  - CVE-2018-18359: Out of bounds read in V8
  - Inappropriate implementation in PDFium
  - Use after free in Extensions
  - Inappropriate implementation in Navigation
  - Insufficient policy enforcement in Navigation
  - Insufficient policy enforcement in URL Formatter
  - Various fixes from internal audits, fuzzing and other initiatives
- Updated/refreshed patches:
  * fix_building_widevinecdm_with_chromium.patch
  * chromium-vaapi.patch
  * chromium-skia-aarch64-buildfix.patch
  * chromium-prop-codecs.patch
  * chromium-non-void-return.patch
- Removed patches:
  * chromium-gcc8-constexpr.patch
  * chromium-libva1.patch
  * chromium-pdfium-include.patch
  * chromium-warnings.patch
- Added patches:
  * chromium-initialize-list.patch
* Wed Jul 25 2018 guillaume.gardet@opensuse.org
- Add patch to fix aarch64 build:
  * chromium-vpx-aarch64.patch
Version: 70.0.3538.67-bp150.2.14.1
* Fri Oct 19 2018 Tomá? Chvátal <tchvatal@suse.com>
- Add back chromium-old-glibc.patch to make sure we build on 42.3
- Reduce the merge number on jumbo files to reduce memory usage bit
* Fri Oct 19 2018 astieger@suse.com
- remove trigger word from spec that trips up legal-auto
* Wed Oct 17 2018 Tomá? Chvátal <tchvatal@suse.com>
- Update to 70.0.3538.67 bsc#1112111:
  * CVE-2018-17462: Sandbox escape in AppCache
  * CVE-2018-17463: Remote code execution in V8
  * CVE to be assigned: Heap buffer overflow in Little CMS in PDFium
  * CVE-2018-17464: URL spoof in Omnibox
  * CVE-2018-17465: Use after free in V8
  * CVE-2018-17466: Memory corruption in Angle
  * CVE-2018-17467: URL spoof in Omnibox
  * CVE-2018-17468: Cross-origin URL disclosure in Blink
  * CVE-2018-17469: Heap buffer overflow in PDFium
  * CVE-2018-17470: Memory corruption in GPU Internals
  * CVE-2018-17471: Security UI occlusion in full screen mode
  * CVE-2018-17472: iframe sandbox escape on iOS
  * CVE-2018-17473: URL spoof in Omnibox
  * CVE-2018-17474: Use after free in Blink
  * CVE-2018-17475: URL spoof in Omnibox
  * CVE-2018-17476: Security UI occlusion in full screen mode
  * CVE-2018-5179: Lack of limits on update() in ServiceWorker
  * CVE-2018-17477: UI spoof in Extensions
- Added patches:
  * chromium-gcc8-constexpr.patch
  * chromium-libusb_interrupt_event_handler.patch
  * chromium-pdfium-include.patch
  * chromium-system-libusb.patch
- Removed patches:
  * chromium-old-glibc.patch
  * chromium-vpx-aarch64.patch
- Updated patches:
  * chromium-gcc8-alignof.patch
  * chromium-non-void-return.patch
  * chromium-prop-codecs.patch
  * chromium-sandbox-pie.patch
  * chromium-skia-system-fontconfig.patch
  * chromium-vaapi.patch
- Redo the vaapi patch to be default on as there are no reports of
  issues with it
- Use system libusb-1.0
- Use jumbo build to speed things up
- Use bundled harfbuzz because we need newer than latest release
- Disable gnome-keyring as it crashes the chromium quite often
Version: 70.0.3538.110-bp150.2.20.1
* Wed Nov 21 2018 Tomá? Chvátal <tchvatal@suse.com>
- Version update to 70.0.3538.110 bsc#1116608:
  * CVE-2018-17479: Use-after-free in GPU
Version: 70.0.3538.110-77.1
* Wed Nov 21 2018 tchvatal@suse.com
- Version update to 70.0.3538.110 bsc#1116608:
  * CVE-2018-17479: Use-after-free in GPU
* Wed Jul 25 2018 guillaume.gardet@opensuse.org
- Add patch to fix aarch64 build:
  * chromium-vpx-aarch64.patch
Version: 70.0.3538.102-bp150.2.17.1
* Wed Nov 14 2018 Tomá? Chvátal <tchvatal@suse.com>
- Version update to 70.0.3538.102 bsc#1115537 CVE-2018-17478
  * CVE-2018-17478: Out of bounds memory access in V8
* Sat Nov 03 2018 Yunhe Guo <i@guoyunhe.me>
- Remove noto-emoji-fonts recommends. noto-emoji-fonts has been
  inactive for a long time. noto-coloremoji-fonts is the current
  recommended emoji fonts from noto. And noto-emoji-fonts (monochrome)
  disables noto-coloremoji-fonts (colorful).
* Thu Oct 25 2018 Tomá? Chvátal <tchvatal@suse.com>
- Update to 70.0.3538.77:
  * Few feature fixes only
- Do not meintion armv6 and armv7 in the constraints
- Update patch chromium-non-void-return.patch
* Mon Oct 22 2018 Tomá? Chvátal <tchvatal@suse.com>
- Add patch trying to get the pkg to build with libva 1.x releases:
  * chromium-libva1.patch
- Update chromium-old-glibc.patch to contain more tweaked locations
Version: 70.0.3538.102-74.1
* Wed Nov 14 2018 tchvatal@suse.com
- Version update to 70.0.3538.102 bsc#1115537 CVE-2018-17478
  * CVE-2018-17478: Out of bounds memory access in V8
* Sat Nov 03 2018 i@guoyunhe.me
- Remove noto-emoji-fonts recommends. noto-emoji-fonts has been
  inactive for a long time. noto-coloremoji-fonts is the current
  recommended emoji fonts from noto. And noto-emoji-fonts (monochrome)
  disables noto-coloremoji-fonts (colorful).
* Thu Oct 25 2018 tchvatal@suse.com
- Update to 70.0.3538.77:
  * Few feature fixes only
- Do not meintion armv6 and armv7 in the constraints
- Update patch chromium-non-void-return.patch
* Mon Oct 22 2018 tchvatal@suse.com
- Add patch trying to get the pkg to build with libva 1.x releases:
  * chromium-libva1.patch
- Update chromium-old-glibc.patch to contain more tweaked locations
* Fri Oct 19 2018 tchvatal@suse.com
- Add back chromium-old-glibc.patch to make sure we build on 42.3
- Reduce the merge number on jumbo files to reduce memory usage bit
* Wed Oct 17 2018 tchvatal@suse.com
- Update to 70.0.3538.67 bsc#1112111:
  * CVE-2018-17462: Sandbox escape in AppCache
  * CVE-2018-17463: Remote code execution in V8
  * CVE to be assigned: Heap buffer overflow in Little CMS in PDFium
  * CVE-2018-17464: URL spoof in Omnibox
  * CVE-2018-17465: Use after free in V8
  * CVE-2018-17466: Memory corruption in Angle
  * CVE-2018-17467: URL spoof in Omnibox
  * CVE-2018-17468: Cross-origin URL disclosure in Blink
  * CVE-2018-17469: Heap buffer overflow in PDFium
  * CVE-2018-17470: Memory corruption in GPU Internals
  * CVE-2018-17471: Security UI occlusion in full screen mode
  * CVE-2018-17472: iframe sandbox escape on iOS
  * CVE-2018-17473: URL spoof in Omnibox
  * CVE-2018-17474: Use after free in Blink
  * CVE-2018-17475: URL spoof in Omnibox
  * CVE-2018-17476: Security UI occlusion in full screen mode
  * CVE-2018-5179: Lack of limits on update() in ServiceWorker
  * CVE-2018-17477: UI spoof in Extensions
- Added patches:
  * chromium-gcc8-constexpr.patch
  * chromium-libusb_interrupt_event_handler.patch
  * chromium-pdfium-include.patch
  * chromium-system-libusb.patch
- Removed patches:
  * chromium-old-glibc.patch
  * chromium-vpx-aarch64.patch
- Updated patches:
  * chromium-gcc8-alignof.patch
  * chromium-non-void-return.patch
  * chromium-prop-codecs.patch
  * chromium-sandbox-pie.patch
  * chromium-skia-system-fontconfig.patch
  * chromium-vaapi.patch
- Redo the vaapi patch to be default on as there are no reports of
  issues with it
- Use system libusb-1.0
- Use jumbo build to speed things up
- Use bundled harfbuzz because we need newer than latest release
- Disable gnome-keyring as it crashes the chromium quite often
Version: 69.0.3497.92-68.1
* Wed Sep 12 2018 astieger@suse.com
- Chromium 69.0.3497.92 (boo#1108114), containing 2 security fixes:
  * Function signature mismatch in WebAssembly
  * URL Spoofing in Omnibox
- the rpm should not provide swiftshader libs boo#1108175
- make jumbo build configurable, default off
* Sat Sep 08 2018 tchvatal@suse.com
- Enable jumbo build to speed things up
- Enable vulkan integration
Version: 69.0.3497.81-bp150.2.4.1
* Thu Sep 06 2018 Tomá? Chvátal <tchvatal@suse.com>
- Split out the gn from this package, obsoletes patches:
  * fix-gn-bootstrap.patch
  * chromium-last-commit-position-r0.patch
* Thu Sep 06 2018 Tomá? Chvátal <tchvatal@suse.com>
- Split out the gn from this package, obsoletes patches:
  * fix-gn-bootstrap.patch
  * chromium-last-commit-position-r0.patch
Version: 69.0.3497.81-65.1
* Thu Sep 06 2018 tchvatal@suse.com
- Add patch to fix mojo build on 32bit:
  * chromium-gcc8-alignof.patch
* Thu Sep 06 2018 tchvatal@suse.com
- Add patch to fix mojo build on 32bit:
  * chromium-gcc8-alignof.patch
* Thu Sep 06 2018 tchvatal@suse.com
- Split out the gn from this package, obsoletes patches:
  * fix-gn-bootstrap.patch
  * chromium-last-commit-position-r0.patch
* Wed Aug 08 2018 tchvatal@suse.com
- Update to chromium-68.0.3440.106:
  * Various feature fixes
* Wed Aug 01 2018 tchvatal@suse.com
- Version update to 68.0.3440.84:
  * Various small feature fixes only
Version: 69.0.3497.100-bp150.2.10.1
* Tue Sep 18 2018 Tomá? Chvátal <tchvatal@suse.com>
- Keep blank line after autopatch to make SLE12 rpm macros happy
* Tue Sep 18 2018 Tomá? Chvátal <tchvatal@suse.com>
- Update to 69.0.3497.100 bsc#1108774
  * Fixes from internal audits, fuzzing and other initiatives
Version: 69.0.3497.100-71.1
* Tue Sep 18 2018 tchvatal@suse.com
- Keep blank line after autopatch to make SLE12 rpm macros happy
* Tue Sep 18 2018 tchvatal@suse.com
- Update to 69.0.3497.100 bsc#1108774
  * Fixes from internal audits, fuzzing and other initiatives
Version: 68.0.3440.75-61.1
* Wed Jul 25 2018 guillaume.gardet@opensuse.org
- Add patch to fix aarch64 build:
  * chromium-vpx-aarch64.patch
* Wed Jul 25 2018 tchvatal@suse.com
- Add patch trying to build chromium on Leap 42.3:
  * chromium-gcc7.patch
* Wed Jul 25 2018 tchvatal@suse.com
- Raise libvpx requirement to match what we really need
* Wed Jul 25 2018 tchvatal@suse.com
- Version update to 68.0.3440.75 bsc#1102530:
  * CVE-2018-6153: Stack buffer overflow in Skia.
  * CVE-2018-6154: Heap buffer overflow in WebGL.
  * CVE-2018-6155: Use after free in WebRTC.
  * CVE-2018-6156: Heap buffer overflow in WebRTC.
  * CVE-2018-6157: Type confusion in WebRTC.
  * CVE-2018-6158: Use after free in Blink.
  * CVE-2018-6159: Same origin policy bypass in ServiceWorker.
  * CVE-2018-6160: URL spoof in Chrome on iOS.
  * CVE-2018-6161: Same origin policy bypass in WebAudio.
  * CVE-2018-6162: Heap buffer overflow in WebGL.
  * CVE-2018-6163: URL spoof in Omnibox.
  * CVE-2018-6164: Same origin policy bypass in ServiceWorker.
  * CVE-2018-6165: URL spoof in Omnibox.
  * CVE-2018-6166: URL spoof in Omnibox.
  * CVE-2018-6167: URL spoof in Omnibox.
  * CVE-2018-6168: CORS bypass in Blink.
  * CVE-2018-6169: Permissions bypass in extension installation.
  * CVE-2018-6170: Type confusion in PDFium.
  * CVE-2018-6171: Use after free in WebBluetooth.
  * CVE-2018-6172: URL spoof in Omnibox.
  * CVE-2018-6173: URL spoof in Omnibox.
  * CVE-2018-6174: Integer overflow in SwiftShader.
  * CVE-2018-6175: URL spoof in Omnibox.
  * CVE-2018-6176: Local user privilege escalation in Extensions.
  * CVE-2018-6177: Cross origin information leak in Blink.
  * CVE-2018-6178: UI spoof in Extensions.
  * CVE-2018-6179: Local file information leak in Extensions.
  * CVE-2018-6044: Request privilege escalation in Extensions.
  * CVE-2018-4117: Cross origin information leak in Blink.
- Rebase patches:
  * chromium-master-prefs-path.patch
  * chromium-non-void-return.patch
  * chromium-vaapi.patch
- Add patches:
  * chromium-cors-string.patch
  * chromium-gcc.patch
  * chromium-libjpeg.patch
  * chromium-libwebp-shim.patch
- Remove patches:
  * chromium-gcc8.patch
Version: 67.0.3396.99-58.2
* Tue Jul 10 2018 tchvatal@suse.com
- Version update to 67.0.3396.99:
  * Various small feature fixes, no security
* Fri Jun 15 2018 tchvatal@suse.com
- Add patch to build under gcc8:
  * chromium-gcc8.patch
* Wed Jun 13 2018 security@suse.com
- Chromium 67.0.3396.87:
  * CVE-2018-6149: Out of bounds write in V8 (boo#1097452)
* Thu Jun 07 2018 astieger@suse.com
- Chromium 67.0.3396.79:
  * CVE-2018-6148: Incorrect handling of CSP header (boo#1096508)
* Fri Jun 01 2018 tchvatal@suse.com
- Require ffmpeg >= 4.0 bsc#1095545
* Wed May 30 2018 tchvatal@suse.com
- Update to 67.0.3396.62 bsc#1095163
  * CVE-2018-6123: Use after free in Blink.
  * CVE-2018-6124: Type confusion in Blink.
  * CVE-2018-6125: Overly permissive policy in WebUSB.
  * CVE-2018-6126: Heap buffer overflow in Skia.
  * CVE-2018-6127: Use after free in indexedDB.
  * CVE-2018-6128: uXSS in Chrome on iOS.
  * CVE-2018-6129: Out of bounds memory access in WebRTC.
  * CVE-2018-6130: Out of bounds memory access in WebRTC.
  * CVE-2018-6131: Incorrect mutability protection in WebAssembly.
  * CVE-2018-6132: Use of uninitialized memory in WebRTC.
  * CVE-2018-6133: URL spoof in Omnibox.
  * CVE-2018-6134: Referrer Policy bypass in Blink.
  * CVE-2018-6135: UI spoofing in Blink.
  * CVE-2018-6136: Out of bounds memory access in V8.
  * CVE-2018-6137: Leak of visited status of page in Blink.
  * CVE-2018-6138: Overly permissive policy in Extensions.
  * CVE-2018-6139: Restrictions bypass in the debugger extension API.
  * CVE-2018-6140: Restrictions bypass in the debugger extension API.
  * CVE-2018-6141: Heap buffer overflow in Skia.
  * CVE-2018-6142: Out of bounds memory access in V8.
  * CVE-2018-6143: Out of bounds memory access in V8.
  * CVE-2018-6144: Out of bounds memory access in PDFium.
  * CVE-2018-6145: Incorrect escaping of MathML in Blink.
  * CVE-2018-6147: Password fields not taking advantage of OS protections in Views.
- Add patches to build on aarch and remove obsolete one:
  * chromium-crashpad-aarch64-fix.patch
  * chromium-skia-aarch64-buildfix.patch
  * chromium-65.0.3325.162-skia-aarch64-buildfix.patch
  * chromium-skia-neon.patch
- Remove no longer needed gcc patch:
  * chromium-gcc7.patch
- Rebase patches:
  * chromium-non-void-return.patch
  * chromium-vaapi.patch
  * exclude_ymp.patch
  * fix_building_widevinecdm_with_chromium.patch
Version: 66.0.3359.181-55.1
* Sat May 26 2018 astieger@suse.com
- on SLE 12 with SUSE PackageHub 12, do not require the SDK for
  libwebpmux1 (bsc#1070421)
* Sat May 26 2018 astieger@suse.com
- Fix installation issue on SUSE PackageHub 12 with libminizip1
  (bsc#1093031)
* Wed May 16 2018 astieger@suse.com
- Chromium 66.0.3359.181:
  * Autoplay: Force enable on desktop for Web Audio
* Fri May 11 2018 astieger@suse.com
- Chromium 66.0.3359.170 (bsc#1092923):
  * Chain leading to sandbox escape:
    CVE-2018-6121: Privilege Escalation in extensions
    CVE-2018-6122: Type confusion in V8
  * CVE-2018-6120: Heap buffer overflow in PDFium
  * Various fixes from internal audits, fuzzing and other
    initiatives
* Wed May 09 2018 tchvatal@suse.com
- Add patch chromium-skia-system-fontconfig.patch to fix
  bsc#1092272
* Fri May 04 2018 guillaume.gardet@opensuse.org
- Enable build on AArch64
- Fix build on AArch64:
  * set target_cpu to arm64
  * disable tcmalloc and swiftshader for aarch64
  * Add new patches:
  - chromium-65.0.3325.162-skia-aarch64-buildfix.patch
  - chromium-skia-neon.patch
* Fri Apr 27 2018 tchvatal@suse.com
- chromium 66.0.3359.139:
  * CVE-2018-6118: Use after free in Media Cache (bsc#1091288)
  * drop add-missing-blink-tools.patch, now in tarball again
* Wed Apr 18 2018 tchvatal@suse.com
- Version bump to chromium 66.0.3359.117 bsc#1090000:
  * CVE-2018-6085: Use after free in Disk Cache
  * CVE-2018-6086: Use after free in Disk Cache
  * CVE-2018-6087: Use after free in WebAssembly
  * CVE-2018-6088: Use after free in PDFium
  * CVE-2018-6089: Same origin policy bypass in Service Worker
  * CVE-2018-6090: Heap buffer overflow in Skia
  * CVE-2018-6091: Incorrect handling of plug-ins by Service Worker
  * CVE-2018-6092: Integer overflow in WebAssembly
  * CVE-2018-6093: Same origin bypass in Service Worker
  * CVE-2018-6094: Exploit hardening regression in Oilpan
  * CVE-2018-6095: Lack of meaningful user interaction requirement before file upload
  * CVE-2018-6096: Fullscreen UI spoof
  * CVE-2018-6097: Fullscreen UI spoof
  * CVE-2018-6098: URL spoof in Omnibox
  * CVE-2018-6099: CORS bypass in ServiceWorker
  * CVE-2018-6100: URL spoof in Omnibox
  * CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools
  * CVE-2018-6102: URL spoof in Omnibox
  * CVE-2018-6103: UI spoof in Permissions
  * CVE-2018-6104: URL spoof in Omnibox
  * CVE-2018-6105: URL spoof in Omnibox
  * CVE-2018-6106: Incorrect handling of promises in V8
  * CVE-2018-6107: URL spoof in Omnibox
  * CVE-2018-6108: URL spoof in Omnibox
  * CVE-2018-6109: Incorrect handling of files by FileAPI
  * CVE-2018-6110: Incorrect handling of plaintext files via file://
  * CVE-2018-6111: Heap-use-after-free in DevTools
  * CVE-2018-6112: Incorrect URL handling in DevTools
  * CVE-2018-6113: URL spoof in Navigation
  * CVE-2018-6114: CSP bypass
  * CVE-2018-6115: SmartScreen bypass in downloads
  * CVE-2018-6116: Incorrect low memory handling in WebAssembly
  * CVE-2018-6117: Confusing autofill settings
  * Various fixes from internal audits, fuzzing and other initiatives
- Remove obsolete patches:
  * chromium-compiler.patch
  * chromium-glibc-2.27.patch
  * chromium-vaapi-init.patch
  * exclude_ymp.diff
  * fix-gn-bootstrap.diff
  * fix_network_api_crash.patch
  * mojo.patch
- Add new patches:
  * chromium-ffmpeg.patch
  * chromium-gcc7.patch
  * exclude_ymp.patch
  * fix-gn-bootstrap.patch
- Rebase patches:
  * chromium-master-prefs-path.patch
  * chromium-non-void-return.patch
  * chromium-sandbox-pie.patch
  * chromium-vaapi.patch
- Add patch to fix missing folder from tarball:
  * add-missing-blink-tools.patch
* Sun Apr 08 2018 tchvatal@suse.com
- Add vaapi patches:
  * chromium-vaapi-init.patch
  * chromium-vaapi.patch
* Fri Apr 06 2018 tchvatal@suse.com
- Use memory-constraints package to limit threads as needed
* Wed Mar 21 2018 astieger@suse.com
- Update to Chromium 65.0.3325.181:
  * Various security relevant fixes from internal audits, fuzzing
    and other initiatives (boo#1086124)
* Tue Mar 20 2018 tchvatal@suse.com
- Use both freetype and harfbuzz either bundled or system
* Wed Mar 14 2018 tchvatal@suse.com
- Version update to 65.0.3325.162:
  * Various stability fixes only
* Wed Mar 14 2018 tchvatal@suse.com
- Bundle the harfbuzz on < 15.0 release as we would have to
  use requires_ge for the library itself later on otherwise
* Fri Mar 09 2018 tchvatal@suse.com
- Make sure to require gcc7
- Add patch chromium-drm.patch to make sure to build with Leap 42.3
  variant of libdrm
* Thu Mar 08 2018 tchvatal@suse.com
- Version update to 65.0.3325.146 bsc#1084296:
  * High CVE-2017-11215: Use after free in Flash.
  * High CVE-2017-11225: Use after free in Flash.
  * High CVE-2018-6060: Use after free in Blink.
  * High CVE-2018-6061: Race condition in V8.
  * High CVE-2018-6062: Heap buffer overflow in Skia.
  * High CVE-2018-6057: Incorrect permissions on shared memory.
  * High CVE-2018-6063: Incorrect permissions on shared memory.
  * High CVE-2018-6064: Type confusion in V8.
  * High CVE-2018-6065: Integer overflow in V8.
  * Medium CVE-2018-6066: Same Origin Bypass via canvas.
  * Medium CVE-2018-6067: Buffer overflow in Skia.
  * Medium CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab.
  * Medium CVE-2018-6069: Stack buffer overflow in Skia.
  * Medium CVE-2018-6070: CSP bypass through extensions.
  * Medium CVE-2018-6071: Heap bufffer overflow in Skia.
  * Medium CVE-2018-6072: Integer overflow in PDFium.
  * Medium CVE-2018-6073: Heap bufffer overflow in WebGL.
  * Medium CVE-2018-6074: Mark-of-the-Web bypass.
  * Medium CVE-2018-6075: Overly permissive cross origin downloads.
  * Medium CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink.
  * Medium CVE-2018-6077: Timing attack using SVG filters.
  * Medium CVE-2018-6078: URL Spoof in OmniBox.
  * Medium CVE-2018-6079: Information disclosure via texture data in WebGL.
  * Medium CVE-2018-6080: Information disclosure in IPC call.
  * Low CVE-2018-6081: XSS in interstitials.
  * Low CVE-2018-6082: Circumvention of port blocking.
  * Low CVE-2018-6083: Incorrect processing of AppManifests.
- Add new patches:
  * chromium-compiler.patch
  * chromium-glibc-2.27.patch
  * mojo.patch
- Drop patches:
  * chromium-angle.patch
  * chromium-memcpy.patch
- Update constraints
- Refresh patch chromium-non-void-return.patch to include more
  fixes
* Sat Feb 24 2018 astieger@suse.com
- Chromium 64.0.3282.186:
  * Various minor bug fixes
Version: 64.0.3282.167-52.1
* Wed Feb 14 2018 astieger@suse.com
- update to 64.0.3282.167 (bsc#1080920):
  * CVE-2018-6056: Incorrect derived class instantiation in V8
Version: 64.0.3282.140-49.1
* Fri Feb 02 2018 tchvatal@suse.com
- Version update to 64.0.3282.140 bsc#1079021:
  * Various asan fixes bsc#1078463 CVE-2018-6406
* Fri Feb 02 2018 dimstar@opensuse.org
- Eliminate build dependency on procps: we only used it to run
  'free', in order to find out how much RAM we have available. We
  can get this information directly from the kernel, from
  /proc/meminfo.
* Mon Jan 29 2018 tchvatal@suse.com
- Fix default page to not point to 404
* Mon Jan 29 2018 tchvatal@suse.com
- Install swiftshader objects too as they are needed
Version: 64.0.3282.119-46.2
* Fri Jan 26 2018 tchvatal@suse.com
- Disable ozone stuff conditions for now as the headless mode
  breaks up runtime bsc#1077722
* Thu Jan 25 2018 tchvatal@suse.com
- Switch to gcc7 on Leap builds
* Thu Jan 25 2018 tchvatal@suse.com
- Version update to 64.0.3282.119 bsc#1077571:
  * High CVE-2018-6031: Use after free in PDFium. Reported by Anonymous on 2017-11-01
  * High CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu (@shhnjk) on 2017-11-20
  * High CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen on 2017-12-09
  * Medium CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein (www.trapkit.de) on 2017-11-12
  * Medium CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
  * Medium CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre (NCSC) on 2017-11-30
  * Medium CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone of Context Information Security on 2017-08-09
  * Medium CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer on 2017-10-12
  * Medium CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen on 2017-10-17
  * Medium CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-26
  * Medium CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera on 2017-08-29
  * Medium CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani on 2017-10-12
  * Medium CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL on 2017-11-16
  * Medium CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-23
  * Medium CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu on 2017-12-31
  * Medium CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa on 2018-01-08
  * Low CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu (@shhnjk) on 2017-09-08
  * Low CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall (@_aaspring_) on 2017-10-05
  * Low CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu of Tencent's Xuanwu Lab on 2017-10-13
  * Low CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew on 2017-10-15
  * Low CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso (@asanso) on 2014-12-11
  * Low CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek on 2016-05-28
  * Low CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov on 2017-08-23
  * Low CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu on 2017-12-24
- Add patches:
  * chromium-angle.patch
  * chromium-memcpy.patch
- Drop patch:
  * chromium-gcc.patch
- Change desktop file name to fit bellow the icon on ie KDE desktop
* Thu Jan 04 2018 astieger@suse.com
- Chromium 63.0.3239.132:
  * DevTools: do not report raw headers and cookies for protected
    subresources
  * Various other fixes and updates
Version: 63.0.3239.84-40.1
* Thu Dec 07 2017 tchvatal@suse.com
- Version update to 63.0.3239.84 bsc#1071691:
  * Critical CVE-2017-15407: Out of bounds write in QUIC.
  * High CVE-2017-15408: Heap buffer overflow in PDFium.
  * High CVE-2017-15409: Out of bounds write in Skia.
  * High CVE-2017-15410: Use after free in PDFium.
  * High CVE-2017-15411: Use after free in PDFium.
  * High CVE-2017-15412: Use after free in libXML.
  * High CVE-2017-15413: Type confusion in WebAssembly.
  * Medium CVE-2017-15415: Pointer information disclosure in IPC call.
  * Medium CVE-2017-15416: Out of bounds read in Blink.
  * Medium CVE-2017-15417: Cross origin information disclosure in Skia.
  * Medium CVE-2017-15418: Use of uninitialized value in Skia.
  * Medium CVE-2017-15419: Cross origin leak of redirect URL in Blink.
  * Medium CVE-2017-15420: URL spoofing in Omnibox.
  * Medium CVE-2017-15422: Integer overflow in ICU.
  * Low CVE-2017-15423: Issue with SPAKE implementation in BoringSSL.
  * Low CVE-2017-15424: URL Spoof in Omnibox.
  * Low CVE-2017-15425: URL Spoof in Omnibox.
  * Low CVE-2017-15426: URL Spoof in Omnibox.
  * Low CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox.
- Rebase fix-gn-bootstrap.diff
- Drop merged patches:
  * chromium-gcc5.patch
  * chromium-60.0.3112.113-breakpad-ucontext.patch
  * chromium-62.0.3202.62-correct-cplusplus-check.patch
- Add new patches:
  * chromium-non-void-return.patch
  * chromium-gcc.patch
* Wed Nov 22 2017 idonmez@suse.com
- BuildRequire nodejs8 instead of nodejs6 for suse_version >= 1330
* Wed Nov 15 2017 astieger@suse.com
- Update to 62.0.3202.94:
  * multiple minor rendering related fixes
- fix rebuilds in same chroot
* Tue Nov 07 2017 tchvatal@suse.com
- Version update to 62.0.3202.89 bsc#1066851:
  * CVE-2017-15398: Stack buffer overflow in QUIC
  * CVE-2017-15399: Use after free in V8
- Drop upstream merged chromium-sandbox.patch
* Fri Nov 03 2017 tchvatal@suse.com
- Restrict the version on jpeg to not waste build power
* Sun Oct 29 2017 tchvatal@suse.com
- Add patch to fix sandbox crashes wrt bsc#1064298
  * chromium-sandbox.patch
* Fri Oct 27 2017 tchvatal@suse.com
- Version update to 62.0.3202.75 bsc#1065405 CVE-2017-15396
  * CVE-2017-15396: Stack overflow in V8
* Thu Oct 26 2017 astieger@suse.com
- BuildRequire nodejs6 required for polymer-bundler.js
* Thu Oct 26 2017 tchvatal@suse.com
- Try to export properly CXX/CC variable to fix leap builds
* Wed Oct 25 2017 tchvatal@suse.com
- Apply patch to fix building crc32 with gcc7:
  * chromium-62.0.3202.62-correct-cplusplus-check.patch
* Thu Oct 19 2017 tchvatal@suse.com
- Update to 62.0.3202.62 bsc#1064066:
  * CVE-2017-5124: UXSS with MHTML.
  * CVE-2017-5125: Heap overflow in Skia.
  * CVE-2017-5126: Use after free in PDFium.
  * CVE-2017-5127: Use after free in PDFium.
  * CVE-2017-5128: Heap overflow in WebGL.
  * CVE-2017-5129: Use after free in WebAudio.
  * CVE-2017-5132: Incorrect stack manipulation in WebAssembly.
  * CVE-2017-5130: Heap overflow in libxml2.
  * CVE-2017-5131: Out of bounds write in Skia.
  * CVE-2017-5133: Out of bounds write in Skia.
  * CVE-2017-15386: UI spoofing in Blink.
  * CVE-2017-15387: Content security bypass.
  * CVE-2017-15388: Out of bounds read in Skia.
  * CVE-2017-15389: URL spoofing in OmniBox.
  * CVE-2017-15390: URL spoofing in OmniBox.
  * CVE-2017-15391: Extension limitation bypass in Extensions.
  * CVE-2017-15392: Incorrect registry key handling in PlatformIntegration.
  * CVE-2017-15393: Referrer leak in Devtools.
  * CVE-2017-15394: URL spoofing in extensions UI.
  * CVE-2017-15395: Null pointer dereference in ImageCapture.
- Drop unused patches:
  * arm-webrtc-fix.patch
  * arm_use_right_compiler.patch
  * chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
  * chromium-atk.patch
  * chromium-mojo-dep.patch
  * gcc60-fixes.diff
- Refresh patches:
  * chromium-gcc5.patch
  * chromium-prop-codecs.patch
  * exclude_ymp.diff
  * fix-gn-bootstrap.diff
Version: 63.0.3239.108-43.1
* Fri Dec 15 2017 tchvatal@suse.com
- Version update to 63.0.3239.108 bsc#1072976:
  * CVE-2017-15429: UXSS in V8
  * Various fuzzing fixes
Version: 61.0.3163.79-29.1
* Mon Sep 11 2017 tchvatal@suse.com
- Update to 61.0.3163.79 bsc#1057364:
  * CVE-2017-5111: Use after free in PDFium.
  * CVE-2017-5112: Heap buffer overflow in WebGL.
  * CVE-2017-5113: Heap buffer overflow in Skia.
  * CVE-2017-5114: Memory lifecycle issue in PDFium.
  * CVE-2017-5115: Type confusion in V8.
  * CVE-2017-5116: Type confusion in V8.
  * CVE-2017-5117: Use of uninitialized value in Skia.
  * CVE-2017-5118: Bypass of Content Security Policy in Blink.
  * CVE-2017-5119: Use of uninitialized value in Skia.
  * CVE-2017-5120: Potential HTTPS downgrade during redirect navigation.
- Rebase patch:
  * fix-gn-bootstrap.diff
- Remove patches:
  * chromium-gcc7.patch
  * chromium-override.patch
- Add new patches:
  * chromium-atk.patch
  * chromium-gcc5.patch
  * chromium-mojo-dep.patch
- Gtk3 is hard required from now on
- Version some of the required dependencies
* Mon Aug 28 2017 astieger@suse.com
- fix build with Factory glibc:
  add chromium-60.0.3112.113-breakpad-ucontext.patch
* Fri Aug 25 2017 tchvatal@suse.com
- Version update to 60.0.3112.113:
  * Various bugfixes
* Tue Aug 15 2017 tchvatal@suse.com
- Version update to 60.0.3112.101:
  * various usability bugfixes
* Thu Aug 03 2017 tchvatal@suse.com
- Version update to 60.0.3112.90:
  * Various usability bugfixes
* Mon Jul 24 2017 tchvatal@suse.com
- Recommend emoji fonts to make sure major web chats do not show
  questionmarks
Version: 61.0.3163.100-32.1
* Fri Sep 22 2017 astieger@suse.com
- Update to 61.0.3163.100 (boo#1060019):
  * CVE-2017-5121: Out-of-bounds access in V8
  * CVE-2017-5122: Out-of-bounds access in V8
  * Various fixes from internal audits, fuzzing and other initiatives
* Sat Sep 16 2017 tchvatal@suse.com
- Update to 61.0.3163.91:
  * Various bugfixes
Version: 60.0.3112.78-26.1
* Wed Jul 26 2017 tchvatal@suse.com
- Version update to 60.0.3112.78 bsc#1050537:
  * CVE-2017-5091: Use after free in IndexedDB
  * CVE-2017-5092: Use after free in PPAPI
  * CVE-2017-5093: UI spoofing in Blink
  * CVE-2017-5094: Type confusion in extensions
  * CVE-2017-5095: Out-of-bounds write in PDFium
  * CVE-2017-5096: User information leak via Android intents
  * CVE-2017-5097: Out-of-bounds read in Skia
  * CVE-2017-5098: Use after free in V8
  * CVE-2017-5099: Out-of-bounds write in PPAPI
  * CVE-2017-5100: Use after free in Chrome Apps
  * CVE-2017-5101: URL spoofing in OmniBox
  * CVE-2017-5102: Uninitialized use in Skia
  * CVE-2017-5103: Uninitialized use in Skia
  * CVE-2017-5104: UI spoofing in browser
  * CVE-2017-7000: Pointer disclosure in SQLite
  * CVE-2017-5105: URL spoofing in OmniBox
  * CVE-2017-5106: URL spoofing in OmniBox
  * CVE-2017-5107: User information leak via SVG
  * CVE-2017-5108: Type confusion in PDFium
  * CVE-2017-5109: UI spoofing in browser
  * CVE-2017-5110: UI spoofing in payments dialog
  * Various fixes from internal audits, fuzzing and other initiatives
- Add patch chromium-override.patch
- Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch
- Rebase patches:
  * chromium-dma-buf.patch
  * chromium-gcc7.patch
  * chromium-last-commit-position-r0.patch
  * fix-gn-bootstrap.diff
* Wed Jun 28 2017 tchvatal@suse.com
- Update to 59.0.3071.115:
  * Various small fixes all around
* Fri Jun 23 2017 astieger@suse.com
- Update to 59.0.3071.109:
  * ozone/drm: Only reuse ScanoutBuffers with compatible modifiers
  * Fixing mouse focus on WebView
  * Remove gtk dependency from gles tests
  * Set build flag when using own FreeType
  * Revert of [scheduler] Move some task types to suspendable task runner
  * Fix an incorrect method name on the chrome://site-engagement WebUI page
  * Linux/Windows: Removing Guest menu item for supervised profile
Version: 59.0.3071.86-20.1
* Tue Jun 06 2017 tchvatal@suse.com
- Update to 59.0.3071.86 bsc#1042833:
  * CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16
  * CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26
  * CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07
  * CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28
  * CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09
  * CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05
  * CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16
  * CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06
  * CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28
  * CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12
  * CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20
  * CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05
  * CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07
  * CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11
  * CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24
  * CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15
- Add patch to fix build with system dma:
  * chromium-dma-buf.patch
- Drop no longer needed patches:
  * chromium-linker-memory.patch
  * chromium-system-jinja-r13.patch
- Refresh patches:
  * chromium-gcc7.patch
  * chromium-system-ffmpeg-r3.patch
  * fix-gn-bootstrap.diff
- Use bundled libxml
  * Upstream unfortunately uses git snapshot that is not api/abi compatible
* Mon Jun 05 2017 tchvatal@suse.com
- Add patch to build with gcc7:
  * chromium-gcc7.patch
- Add patch for fpermissive build error:
  * chromium-fpermissive.patch
* Wed May 10 2017 tchvatal@suse.com
- Version update to 58.0.3029.110:
  * Various small bugfixes
* Wed Dec 21 2016 astieger@suse.com
- Chromium 55.0.2883.87:
  * various fixes for crashes and specific wesites
  * update Google pinned certificates
Version: 59.0.3071.104-23.1
* Fri Jun 16 2017 astieger@suse.com
- Update to 59.0.3071.104 (bsc#1044690):
  * CVE-2017-5087: Sandbox Escape in IndexedDB
  * CVE-2017-5088: Out of bounds read in V8
  * CVE-2017-5089: Domain spoofing in Omnibox
  * Various fixes from internal audits, fuzzing and other initiatives
* Thu Jun 08 2017 tchvatal@suse.com
- Add patch chromium-buildname.patch bsc#1043420
Version: 58.0.3029.96-17.1
* Thu May 04 2017 tchvatal@suse.com
- Version update to 58.0.3029.96:
  * Fixes bsc#1037594 CVE-2017-5068
* Tue Apr 25 2017 tchvatal@suse.com
- Use bundled jinja2, system one changed in 2.9 too much to work
  * It is at least used only during build
Version: 58.0.3029.81-14.1
* Fri Apr 21 2017 tchvatal@suse.com
- Version update to 58.0.3029.81 bsc#1035103:
  * High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360
  * High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani
  * High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative
  * Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng
  * Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah)
  * Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous
  * Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip
  * Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar
  * Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani
  * Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu
  * Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani
  * Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman
- Refresh patch fix-gn-bootstrap.diff
- Refresh patch chromium-system-jinja-r13.patch
- Remove obsolete patch chromium-57-gcc4.patch
Version: 57.0.2987.98-8.1
* Fri Mar 10 2017 tchvatal@suse.com
- Version update to 57.0.2987.98 bsc#1028848:
  CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034
  CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040
  CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043
  CVE-2017-5044 CVE-2017-5045 CVE-2017-5046
- Refresh patches
  * fix-gn-bootstrap.diff
  * chromium-linker-memory.patch
- Remove obsolete patches:
  * chromium-sandbox.patch
  * chromium-54-ffmpeg2compat.patch
- Remove vaapi patch which broke rendering on non-intel cards:
  * chromium-enable-vaapi-on-suse.patch
- From this release onwards i586 build is disabled
Version: 57.0.2987.133-11.1
* Thu Mar 30 2017 tchvatal@suse.com
- Version update to 57.0.2987.133 bsc#1031677:
  * Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar
  * High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs
  * High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin
  * High CVE-2017-5056: Use after free in Blink. Credit to anonymous
  * High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587)
* Fri Mar 24 2017 tchvatal@suse.com
- Drop the browser(npapi) provide which is not true
* Sun Mar 19 2017 tchvatal@suse.com
- Add patch to build with gcc4
  * chromium-57-gcc4.patch
* Thu Mar 16 2017 tchvatal@suse.com
- Do not use gcc5 and newer as the compat was fixed again
- Update to 57.0.2987.110 with various other small tweaks
Version: 56.0.2924.87-5.1
* Wed Feb 15 2017 idonmez@suse.com
- Also add harfbuzz-ng to keeplibs for SLE
* Mon Feb 06 2017 tchvatal@suse.com
- Add condition for system harfbuzz to be disabled on SLE
* Mon Feb 06 2017 qvoheagbfovvhubzdxfx@posteo.net
- Fixed a typo in the build requirements for system minizip.
* Fri Feb 03 2017 tchvatal@suse.com
- Version update to 56.0.2924.87:
  * Various small fixes
  * Disabled option to enable/disable plugins in the chrome://plugins
* Thu Feb 02 2017 qvoheagbfovvhubzdxfx@posteo.net
- Added the package 'chromium-privacy' with multiple patches
  sourced from the release version on https://github.com/
  u4qo60z73t1c4hurv3ny/privacy_patches-oS_cr, which, when enabled
  with the build option 'privacy', builds a version of Chromium
  with less privacy implications due to Google services
  integration.
* Wed Feb 01 2017 qvoheagbfovvhubzdxfx@posteo.net
- Changed the build requirement of libavformat to library version
  57.41.100, as included in ffmpeg 3.1.1, as only this version
  properly supports the public AVStream API 'codecpar'.
* Tue Jan 31 2017 tchvatal@suse.com
- Version update to 56.0.2924.76 bsc#1022049:
  - CVE-2017-5007: Universal XSS in Blink
  - CVE-2017-5006: Universal XSS in Blink
  - CVE-2017-5008: Universal XSS in Blink
  - CVE-2017-5010: Universal XSS in Blink
  - CVE-2017-5011: Unauthorised file access in Devtools
  - CVE-2017-5009: Out of bounds memory access in WebRTC
  - CVE-2017-5012: Heap overflow in V8
  - CVE-2017-5013: Address spoofing in Omnibox
  - CVE-2017-5014: Heap overflow in Skia
  - CVE-2017-5015: Address spoofing in Omnibox
  - CVE-2017-5019: Use after free in Renderer
  - CVE-2017-5016: UI spoofing in Blink
  - CVE-2017-5017: Uninitialised memory access in webm video
  - CVE-2017-5018: Universal XSS in chrome://apps
  - CVE-2017-5020: Universal XSS in chrome://downloads
  - CVE-2017-5021: Use after free in Extensions
  - CVE-2017-5022: Bypass of Content Security Policy in Blink
  - CVE-2017-5023: Type confusion in metrics
  - CVE-2017-5024: Heap overflow in FFmpeg
  - CVE-2017-5025: Heap overflow in FFmpeg
  - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
- Add conditional to switch between system and bundled icu
- Raise dependency on harfbuzz to 1.3.1
- Also refresh patches:
  chromium-prop-codecs.patch chromium-linker-memory.patch
* Sat Jan 28 2017 qvoheagbfovvhubzdxfx@posteo.net
- Added patch chromium-enable-vaapi-on-suse.patch to enable
  VAAPI hardware accelerated video decoding.
* Wed Dec 21 2016 astieger@suse.com
- Chromium 55.0.2883.87:
  * various fixes for crashes and specific wesites
  * update Google pinned certificates
* Wed Dec 21 2016 tchvatal@suse.com
- Disable system icu on Factory, crashes autofill
Version: 55.0.2883.75-2.1
* Tue Dec 13 2016 idonmez@suse.com
- python-html5lib now depends on six, so preserve that too for SLE
  builds.
* Fri Dec 09 2016 astieger@suse.com
- Obsolete ffmpeg and ffmpegsumo package in addition to conflict
* Mon Dec 05 2016 astieger@suse.com
- record minimum version for harfbuzz, incuding runtime
  Chromium will crash with harfbuzz < 1.3.0
* Sat Dec 03 2016 tchvatal@suse.com
- Chromium 55.0.2883.75 bnc#1013236:
  CVE-2016-9651 CVE-2016-5208 CVE-2016-5207 CVE-2016-5206 CVE-2016-5205
  CVE-2016-5204 CVE-2016-5209 CVE-2016-5203 CVE-2016-5210 CVE-2016-5212
  CVE-2016-5211 CVE-2016-5213 CVE-2016-5214 CVE-2016-5216 CVE-2016-5215
  CVE-2016-5217 CVE-2016-5218 CVE-2016-5219 CVE-2016-5221 CVE-2016-5220
  CVE-2016-5222 CVE-2016-9650 CVE-2016-5223 CVE-2016-5226 CVE-2016-5225
  CVE-2016-5224 CVE-2016-9652
- Switch to system libraries: harfbuzz, zlib, ffmpeg, ...
- Refreshed patches:
  * chromium-system-ffmpeg-r3.patch
  * chromium-system-jinja-r13.patch
- Use system ffmpeg unless on 13.2 that didn't include it
  * chromium-54-ffmpeg2compat.patch
  * Remove upstreamed chromium-more-codec-aliases.patch
- Remove bookmarks override as discussed with artwork simply just set
  homepage to our openSUSE one and that is all
* Sat Nov 12 2016 astieger@suse.com
- Chromium 54.0.2840.100:
  * CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)
  * CVE-2016-5200: out of bounds memory access in v8 (boo#1009893)
  * CVE-2016-5201: info leak in extensions (boo#1009894)
  * CVE-2016-5202: various fixes from internal audits (boo#1009895)
Version: 54.0.2840.90-115.1
* Mon Nov 07 2016 tchvatal@suse.com
- Add patch chromium-prop-codecs.patch and set properly the codecs
  variable in main scope to allow ffmpeg passthrough
  bnc#1008725
Version: 54.0.2840.90-112.1
* Wed Nov 02 2016 tchvatal@suse.com
- Update to 54.0.2840.90:
  * Few fixes and tweaks
  * Fixes CVE-2016-5198 bsc#1008274
* Fri Oct 21 2016 tchvatal@suse.com
- Update to 54.0.2840.71:
  * Few fixes around
Version: 54.0.2840.59-109.1
* Thu Oct 13 2016 tchvatal@suse.com
- Version update to 54.0.2840.59 bnc#1004465:
  - CVE-2016-5181: Universal XSS in Blink (Anonymous)
  - CVE-2016-5182: Heap overflow in Blink (Giwan Go of STEALIEN)
  - CVE-2016-5183: Use after free in PDFium (Anonymous)
  - CVE-2016-5184: Use after free in PDFium (Anonymous)
  - CVE-2016-5185: Use after free in Blink (cloudfuzzer)
  - CVE-2016-5187: URL spoofing (Luan Herrera)
  - CVE-2016-5188: UI spoofing (Luan Herrera)
  - CVE-2016-5192: Cross-origin bypass in Blink (haojunhou at gmail)
  - CVE-2016-5189: URL spoofing (xisigr of Tencent's Xuanwu Lab)
  - CVE-2016-5186: Out of bounds read in DevTools (Abdulrahman Alqabandi)
  - CVE-2016-5191: Universal XSS in Bookmarks (Gareth Hughes)
  - CVE-2016-5190: Use after free in Internals (Atte Kettunen of OUSPG)
  - CVE-2016-5193: Scheme bypass (Yuyang ZHOUmartinzhou96)
- packaging changes:
  * disable build for chromium-beta on %arm.
  * Make linker use less memory by tweaking its options:
    chromium-linker-memory.patch
  * obsolete desktop subpackages
  * Switch to gold to reduce memory use use during build
  * fix build on 4.5+ kernels with systemlibs:
    chromium-sandbox.patch
  * various compiler and linker flag adjustments
  * enable gtk3 ui, add patch gtk3-missing-define.patch
  * switch from some bundled libraries to the system versions
    chromium-system-ffmpeg-r3.patch
    chromium-system-jinja-r13.patch
    fix-gn-bootstrap.diff
  * remove service file covered by download_files
- run time bug fixes:
  * Add --ui-disable-partial-swap to the launcher bnc#1000019
  * Use default chromium values from master_preferences on first run
    rather than pseudo-duplicating in shellscript
- added features:
  * hangouts extension
Version: 53.0.2785.89-96.1
* Thu Sep 01 2016 tittiatcoke@gmail.com
- Update to Chromium 53.0.2785.89
  - Improvements to the GN build system (boo#996032, boo#99606, boo#995932)
  - Security fixes (boo#996648)
  * CVE-2016-5147: Universal XSS in Blink.
  * CVE-2016-5148: Universal XSS in Blink.
  * CVE-2016-5149: Script injection in extensions.
  * CVE-2016-5150: Use after free in Blink.
  * CVE-2016-5151: Use after free in PDFium.
  * CVE-2016-5152: Heap overflow in PDFium.
  * CVE-2016-5153: Use after destruction in Blink.
  * CVE-2016-5154: Heap overflow in PDFium.
  * CVE-2016-5155: Address bar spoofing.
  * CVE-2016-5156: Use after free in event bindings.
  * CVE-2016-5157: Heap overflow in PDFium.
  * CVE-2016-5158: Heap overflow in PDFium.
  * CVE-2016-5159: Heap overflow in PDFium.
  * CVE-2016-5161: Type confusion in Blink.
  * CVE-2016-5162: Extensions web accessible resources bypass.
  * CVE-2016-5163: Address bar spoofing.
  * CVE-2016-5164: Universal XSS using DevTools.
  * CVE-2016-5165: Script injection in DevTools.
  * CVE-2016-5166: SMB Relay Attack via Save Page As.
  * CVE-2016-5160: Extensions web accessible resources bypass.
- Drop patches chromium-snapshot-toolchain-r1.patch
* Sat Aug 27 2016 tittiatcoke@gmail.com
- Make it build on ARM.
  * Add build patch arm_use_right_compiler.patch
- Drop unnecessary patches:
  * chromium-arm-r0.patch
* Mon Aug 22 2016 tittiatcoke@gmail.com
- Change buildsystem to GN, which is the new upstream default
  * Make Ninja only use 4 buildprocesses for building Chromium itself
  * Drop unnecessary patches
  - chromium-gcc-fixes.patch
  - adjust-ldflags-no-keep-memory.patch
  - gcc50-fixes.diff
  * Add patches to ensure correct build
  - chromium-last-commit-position-r0.patch
  - chromium-snapshot-toolchain-r1.patch
  * Drop unnecessary sourcefiles
  - courgette.tar.xz
  - depot_tools.tar.xz
  - gn-binaries.tar.xz
* Fri Aug 12 2016 tittiatcoke@gmail.com
- Use an explicit number of ninja build processes (-j 4), to
  further reduce the memory used.
Version: 53.0.2785.143-106.1
* Fri Sep 30 2016 tchvatal@suse.com
- Version update to 53.0.2785.143 bnc#1002140:
  * CVE-2016-5177: Use after free in V8
  * CVE-2016-5178: Various fixes from internal audits
* Mon Sep 26 2016 dimstar@opensuse.org
- Export GDK_BACKEND=x11 before starting chromium, ensuring that
  it's started as an Xwayland client (boo#1001135).
* Sat Sep 17 2016 tchvatal@suse.com
- Apply sandbox patch to fix crashers on tumbleweed bnc#999091
  * chromium-sandbox.patch
* Thu Sep 15 2016 tchvatal@suse.com
- Version update stable channel 53.0.2785.116
  * Just smal bugfixes around
Version: 53.0.2785.113-100.1
* Wed Sep 14 2016 tchvatal@suse.com
- Version update to 53.0.2785.113 bnc#998743:
  * CVE-2016-5170 Use after free in Blink
  * CVE-2016-5171 Use after free in Blink
  * CVE-2016-5172 Arbitrary Memory Read in v8
  * CVE-2016-5173 Extension resource access
  * CVE-2016-5174 Popup not correctly suppressed
  * CVE-2016-5175 Various fixes from internal audits
* Mon Sep 12 2016 tchvatal@suse.com
- Reenable widevine build again bnc#998328
* Sat Sep 10 2016 tchvatal@suse.com
- Stable channel update to  53.0.2785.101
  * SPDY crasher fixes
  * Disable NV12 DXGI video on AMD
  * Forward --password-store switch to os_crypt
  * Tell the kernel to discard USB requests when they time out.
* Wed Sep 07 2016 astieger@suse.com
- Update to Chromium 53.0.2785.92:
  * Revert of support relocatable RPM packages
  * disallow WKBackForwardListItem navigations for pushState pages
  * arc: bluetooth: Fix advertised uuid
  * fix conflicting PendingIntent for stop button and swipe away
Version: 52.0.2743.82-89.1
* Thu Jul 21 2016 tittiatcoke@gmail.com
- Temporarily disable fix_network_api_crash.patch. Upstream has
  changed part of their code, so hopefully that resolved the issue
* Thu Jul 21 2016 tittiatcoke@gmail.com
- Update to Chromium 52.0.2743.82
  * Security fixes (boo#989901):
    + CVE-2016-1706: Sandbox escape in PPAPI
    + CVE-2016-1707: URL spoofing on iOS
    + CVE-2016-1708: Use-after-free in Extensions
    + CVE-2016-1709: Heap-buffer-overflow in sfntly
    + CVE-2016-1710: Same-origin bypass in Blink
    + CVE-2016-1711: Same-origin bypass in Blink
    + CVE-2016-5127: Use-after-free in Blink
    + CVE-2016-5128: Same-origin bypass in V8
    + CVE-2016-5129: Memory corruption in V8
    + CVE-2016-5130: URL spoofing
    + CVE-2016-5131: Use-after-free in libxml
    + CVE-2016-5132: Limited same-origin bypass in Service Workers
    + CVE-2016-5133: Origin confusion in proxy authentication
    + CVE-2016-5134: URL leakage via PAC script
    + CVE-2016-5135: Content-Security-Policy bypass
    + CVE-2016-5136: Use after free in extensions
    + CVE-2016-5137: History sniffing with HSTS and CSP
    + CVE-2016-1705: Various fixes from internal audits, fuzzing
    and other initiatives
* Mon Jul 11 2016 Nick_Levinson@yahoo.com
- Clarification/correction to chromium-desktop-gnome and
  chromium-desktop-kde software descriptions due to passwords
  preservation reported by Chromium developer
* Fri Jun 24 2016 tittiatcoke@gmail.com
- Update to Chromium 51.0.2704.106
  * No changelog indicated
* Thu Jun 23 2016 tittiatcoke@gmail.com
- Add gcc60-fixes.diff to resolve the crashes observed with
  chromium when compiled with GCC6
Version: 52.0.2743.116-92.1
* Fri Aug 05 2016 astieger@suse.com
- Update to Chromium 52.0.2743.116:
  * Security fixes (boo#992305):
    + CVE-2016-5141: Address bar spoofing (boo#992314)
    + CVE-2016-5142: Use-after-free in Blink (boo#992313)
    + CVE-2016-5139: Heap overflow in pdfium (boo#992311)
    + CVE-2016-5140: Heap overflow in pdfium (boo#992310)
    + CVE-2016-5145: Same origin bypass for images in Blink
    (boo#992320)
    + CVE-2016-5143: Parameter sanitization failure in DevTools
    (boo#992319)
    + CVE-2016-5144: Parameter sanitization failure in DevTools
    (boo#992315)
    + CVE-2016-5146: Various fixes from internal audits, fuzzing
    and other initiatives (boo#992309)
Version: 51.0.2704.103-85.3
* Fri Jun 17 2016 astieger@suse.com
- Update to Chromium 51.0.2704.103
  * Security fixes:
  - CVE-2016-1704: Various fixes from internal audits, fuzzing and
    other initiatives (boo#985397)
* Tue Jun 07 2016 tittiatcoke@gmail.com
- Update to Chromium 51.0.2704.84
  * No further changelog
* Thu Jun 02 2016 astieger@suse.com
- Update to Chromium 51.0.2704.79 [boo#982719]
  * Security fixes:
  - CVE-2016-1696: Cross-origin bypass in Extension bindings
  - CVE-2016-1697: Cross-origin bypass in Blink
  - CVE-2016-1698: Information leak in Extension bindings
  - CVE-2016-1699: Parameter sanitization failure in DevTools
  - CVE-2016-1700: Use-after-free in Extensions
  - CVE-2016-1701: Use-after-free in Autofill
  - CVE-2016-1702: Out-of-bounds read in Skia
  - CVE-2016-1703: Various fixes from internal audits, fuzzing
    and other initiatives.
* Thu May 26 2016 tittiatcoke@gmail.com
- Update to Chromium 51.0.2704.63 [boo#981886]
  * Security fixes:
  - CVE-2016-1672: Cross-origin bypass in extension bindings
  - CVE-2016-1673: Cross-origin bypass in Blink
  - CVE-2016-1674: Cross-origin bypass in extensions
  - CVE-2016-1675: Cross-origin bypass in Blink
  - CVE-2016-1676: Cross-origin bypass in extension bindings
  - CVE-2016-1677: Type confusion in V8
  - CVE-2016-1678: Heap overflow in V8
  - CVE-2016-1679: Heap use-after-free in V8 bindings
  - CVE-2016-1680: Heap use-after-free in Skia
  - CVE-2016-1681: Heap overflow in PDFium
  - CVE-2016-1682: CSP bypass for ServiceWorker
  - CVE-2016-1683: Out-of-bounds access in libxslt
  - CVE-2016-1684: Integer overflow in libxslt
  - CVE-2016-1685: Out-of-bounds read in PDFium
  - CVE-2016-1686: Out-of-bounds read in PDFium
  - CVE-2016-1687: Information leak in extensions
  - CVE-2016-1688: Out-of-bounds read in V8
  - CVE-2016-1689: Heap buffer overflow in media
  - CVE-2016-1690: Heap use-after-free in Autofill
  - CVE-2016-1691: Heap buffer-overflow in Skia
  - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker
  - CVE-2016-1693: HTTP Download of Software Removal Tool
  - CVE-2016-1694: HPKP pins removed on cache clearance
  - CVE-2016-1695: Various fixes from internal audits, fuzzing
    and other initiatives
- drop chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
  now upstream
* Fri May 13 2016 astieger@suse.com
- Update to Chromium 50.0.2661.102 (boo#979859)
  * Security fixes:
  - CVE-2016-1667: Same origin bypass in DOM
  - CVE-2016-1668: Same origin bypass in Blink V8 bindings
  - CVE-2016-1669: Buffer overflow in V8
  - CVE-2016-1670: Race condition in loader
* Fri Apr 29 2016 astieger@suse.com
- Update to Chromium 50.0.2661.94 (boo#977830)
  * Security fixes:
  - CVE-2016-1660: Out-of-bounds write in Blink
  - CVE-2016-1661: Memory corruption in cross-process frames
  - CVE-2016-1662: Use-after-free in extensions
  - CVE-2016-1663: Use-after-free in Blink?s V8 bindings
  - CVE-2016-1664: Address bar spoofing
  - CVE-2016-1665: Information leak in V8
  - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
* Fri Apr 22 2016 jslaby@suse.com
- _constraints: increase memory. It takes 1.2G to build some .o, and
  with -j4 this results in OOM.
* Thu Apr 14 2016 tittiatcoke@gmail.com
- Update to Chromium 50.0.2661.75 (boo#975572)
  * Security Fixes:
  - CVE-2016-1652: Universal XSS in extension bindings
  - CVE-2016-1653: Out-of-bounds write in V8
  - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
  - CVE-2016-1654: Uninitialized memory read in media
  - CVE-2016-1655: Use-after-free related to extensions
  - CVE-2016-1656: Android downloaded file path restriction bypass
  - CVE-2016-1657: Address bar spoofing
  - CVE-2016-1658: Potential leak of sensitive information to
    malicious extensions
  - CVE-2016-1659: Various fixes from internal audits, fuzzing
    and other initiatives
- add patch to fix GCC builds with component=shared_library:
  chromium-50.0.2661.75-export_blink_Platform_symbols_in_shared_library_builds.patch
* Fri Apr 08 2016 astieger@suse.com
- Update to Chromium 49.0.2623.112
  * Block user removal when login attempt is in progress
  * Add the SuppressUnsupportedOSWarning policy setting
  * Fix how Save-Page-As responds to web requests blocked by extensions
  * Fix preferred width calculation for 8bit ltr runs in rtl blocks
* Wed Mar 30 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.110
  * No changelog available
* Mon Mar 28 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.108
  * Security fixes (boo#972834):
  - CVE-2016-1646: Out-of-bounds read in V8
  - CVE-2016-1647: Use-after-free in Navigation
  - CVE-2016-1648: Use-after-free in Extensions
  - CVE-2016-1649: Buffer overflow in libANGLE
  - CVE-2016-1650: Various fixes from internal audits, fuzzing
    and other initiatives
  - CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
    tip of the 4.9 branch (currently 4.9.385.33).
* Wed Mar 09 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.87
  * Security fixes:
  - CVE-2016-1643: Type confusion in Blink (boo#970514)
  - CVE-2016-1644: Use-after-free in Blink (boo#970509)
  - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)
* Tue Mar 08 2016 tittiatcoke@gmail.com
- Change the build method used on Packman.
  * Drop patch no-clang-on-packman.diff . This is no longer required
    as that ninja is respecting the build flags correctly.
- Drop unused patch skia.patch
* Fri Mar 04 2016 tittiatcoke@gmail.com
- Update to Chromium 49.0.2623.75
  * 26 security fixes, with the most important ones being:
  - CVE-2016-1630: Same-origin bypass in Blink
  - CVE-2016-1631: Same-origin bypass in Pepper Plugin
  - CVE-2016-1632: Bad cast in Extensions
  - CVE-2016-1633: Use-after-free in Blink
  - CVE-2016-1634: Use-after-free in Blink
  - CVE-2016-1635: Use-after-free in Blink
  - CVE-2016-1636: SRI Validation Bypass
  - CVE-2015-8126: Out-of-bounds access in libpng
  - CVE-2016-1637: Information Leak in Skia
  - CVE-2016-1638: WebAPI Bypass
  - CVE-2016-1639: Use-after-free in WebRTC
  - CVE-2016-1640: Origin confusion in Extensions UI
  - CVE-2016-1641: Use-after-free in Favicon
  - CVE-2016-1642: Various fixes from internal audits, fuzzing
    and other initiatives
  - Multiple vulnerabilities in V8 fixed at the tip of the 4.9
    branch (currently 4.9.385.26)
    (boo#969333)
* Fri Feb 19 2016 tittiatcoke@gmail.com
- Update to Chromium 48.0.2564.116
  * Fixes a critical security flaw:
  - CVE-2016-1629: Same-origin bypass in Blink and Sandbox
    escape in Chrome. (boo#967376)
* Mon Feb 15 2016 tittiatcoke@gmail.com
- Update to Chromium 48.0.2564.109
  * Security fixes (boo#965999)
  - CVE-2016-1622: Same-origin bypass in Extensions
  - CVE-2016-1623: Same-origin bypass in DOM
  - CVE-2016-1624: Buffer overflow in Brotli
  - CVE-2016-1625: Navigation bypass in Chrome Instant
  - CVE-2016-1626: Out-of-bounds read in PDFium
  - CVE-2016-1627: Various fixes from internal audits, fuzzing
    and other initiatives
* Sat Feb 13 2016 tittiatcoke@gmail.com
- Drop the libva support completely. It seems that this is causing
  more issues than it actually resolves. (boo#965566)
  * Drop chromium-enable-vaapi.patch
* Thu Feb 11 2016 tittiatcoke@gmail.com
- Don't build with libva support for openSUSE 13.2 and lower
  (boo#966082)
* Tue Feb 09 2016 tittiatcoke@gmail.com
- Drop completely the option to build with system libraries. This
  could lead to issues (boo#965738)
* Fri Feb 05 2016 tittiatcoke@gmail.com
- Update to Chromium 48.0.2564.103
  * No chnagelog available
Version: 111.0.5563.64-bp154.2.73.1
* Thu Mar 09 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.64
  * New View Transitions API
  * CSS Color Level 4
  * New developer tools in style panel for color functionality
  * CSS added trigonometric functions, additional root font units
    and extended the n-th child pseudo selector.
  * previousslide and nextslide actions are now part of the Media
    Session API
  * A number of security fixes (boo#1209040)
  * CVE-2023-1213: Use after free in Swiftshader
  * CVE-2023-1214: Type Confusion in V8
  * CVE-2023-1215: Type Confusion in CSS
  * CVE-2023-1216: Use after free in DevTools
  * CVE-2023-1217: Stack buffer overflow in Crash reporting
  * CVE-2023-1218: Use after free in WebRTC
  * CVE-2023-1219: Heap buffer overflow in Metrics
  * CVE-2023-1220: Heap buffer overflow in UMA
  * CVE-2023-1221: Insufficient policy enforcement in Extensions API
  * CVE-2023-1222: Heap buffer overflow in Web Audio API
  * CVE-2023-1223: Insufficient policy enforcement in Autofill
  * CVE-2023-1224: Insufficient policy enforcement in Web Payments API
  * CVE-2023-1225: Insufficient policy enforcement in Navigation
  * CVE-2023-1226: Insufficient policy enforcement in Web Payments API
  * CVE-2023-1227: Use after free in Core
  * CVE-2023-1228: Insufficient policy enforcement in Intents
  * CVE-2023-1229: Inappropriate implementation in Permission prompts
  * CVE-2023-1230: Inappropriate implementation in WebApp Installs
  * CVE-2023-1231: Inappropriate implementation in Autofill
  * CVE-2023-1232: Insufficient policy enforcement in Resource Timing
  * CVE-2023-1233: Insufficient policy enforcement in Resource Timing
  * CVE-2023-1234: Inappropriate implementation in Intents
  * CVE-2023-1235: Type Confusion in DevTools
  * CVE-2023-1236: Inappropriate implementation in Internals
- drop patches:
  * chromium-86-ImageMemoryBarrierData-init.patch
  * chromium-93-InkDropHost-crash.patch
  * chromium-110-NativeThemeBase-fabs.patch
  * chromium-110-CredentialUIEntry-const.patch
  * chromium-110-DarkModeLABColorSpace-pow.patch
  * v8-move-the-Stack-object-from-ThreadLocalTop.patch
  * chromium-icu72-1.patch
Version: 110.0.5481.77-bp154.2.67.1
* Wed Feb 08 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.77 (boo#1208029):
  * CVE-2023-0696: Type Confusion in V8
  * CVE-2023-0697: Inappropriate implementation in Full screen mode
  * CVE-2023-0698: Out of bounds read in WebRTC
  * CVE-2023-0699: Use after free in GPU
  * CVE-2023-0700: Inappropriate implementation in Download
  * CVE-2023-0701: Heap buffer overflow in WebUI
  * CVE-2023-0702: Type Confusion in Data Transfer
  * CVE-2023-0703: Type Confusion in DevTools
  * CVE-2023-0704: Insufficient policy enforcement in DevTools
  * CVE-2023-0705: Integer overflow in Core
  * Various fixes from internal audits, fuzzing and other initiatives
- build with bundled libavif
- dropped patches:
  * chromium-109-compiler.patch
  * chromium-icu72-3.patch
- added patches:
  * chromium-110-compiler.patch
  * chromium-110-system-libffi.patch
  * chromium-110-NativeThemeBase-fabs.patch
  * chromium-110-CredentialUIEntry-const.patch
  * chromium-110-DarkModeLABColorSpace-pow.patch
  * v8-move-the-Stack-object-from-ThreadLocalTop.patch
Version: 110.0.5481.177-bp154.2.70.1
* Thu Feb 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.177 (boo#1208589)
  * CVE-2023-0927: Use after free in Web Payments API
  * CVE-2023-0928: Use after free in SwiftShader
  * CVE-2023-0929: Use after free in Vulkan
  * CVE-2023-0930: Heap buffer overflow in Video
  * CVE-2023-0931: Use after free in Video
  * CVE-2023-0932: Use after free in WebRTC
  * CVE-2023-0933: Integer overflow in PDF
  * CVE-2023-0941: Use after free in Prompts
  * Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.100
  * fix regression on SAP Business Objects web UI
  * fix date formatting behavior change from ICU 72
Version: 109.0.5414.74-bp154.2.61.1
* Tue Jan 17 2023 Callum Farmer <gmbr3@opensuse.org>
- Added patches:
  * chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict
    with system icu (bsc#1207147)
  * chromium-icu72-2.patch: align default characters for old icu
    with that of ICU 72
  * chromium-icu72-3.patch: make V8 aware of space in ICU 72 time
    format
Version: 109.0.5414.74-bp154.2.58.1
* Tue Jan 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 109.0.5414.74:
  * Add support for MathML Core
  * CSS: Auto range support for font descriptors inside @font-face
    rule
  * CSS: Add lh length unit
  * CSS: Add hyphenate-limit-chars property
  * CSS: Snap border, outline and column-rule widths before layout
  * API: Improved screen sharing and web conferencing: hints for
    suppressing local audio playback, and Conditional Focus
  * API: HTTP response status code in the Resource Timing API
  * API: Same-site cross-origin prerendering triggered by the
    speculation rules API
  * Remove Event.path API
  * CVE-2023-0128: Use after free in Overview Mode
  * CVE-2023-0129: Heap buffer overflow in Network Service
  * CVE-2023-0130: Inappropriate implementation in Fullscreen API
  * CVE-2023-0131: Inappropriate implementation in iframe Sandbox
  * CVE-2023-0132: Inappropriate implementation in Permission prompts
  * CVE-2023-0133: Inappropriate implementation in Permission prompts
  * CVE-2023-0134: Use after free in Cart
  * CVE-2023-0135: Use after free in Cart
  * CVE-2023-0136: Inappropriate implementation in Fullscreen API
  * CVE-2023-0137: Heap buffer overflow in Platform Apps
  * CVE-2023-0138: Heap buffer overflow in libphonenumber
  * CVE-2023-0139: Insufficient validation of untrusted input in Downloads
  * CVE-2023-0140: Inappropriate implementation in File System API
  * CVE-2023-0141: Insufficient policy enforcement in CORS
  * Various fixes from internal audits, fuzzing and other initiatives
- drop patches:
  * chromium-gcc11.patch - not needed
  * chromium-107-system-zlib.patch - upstream
  * chromium-108-compiler.patch
- add patches:
  * chromium-109-compiler.patch
  * chromium-109-clang-lp154.patch
* Sun Dec 18 2022 Callum Farmer <gmbr3@opensuse.org>
- Add chromium-disable-GlobalMediaControlsCastStartStop.patch:
  disable GlobalMediaControlsCastStartStop to fix crashes
  occurring when interacting with the Media UI (bsc#1198124)
Version: 109.0.5414.119-bp154.2.64.1
* Wed Jan 25 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 109.0.5414.119 (boo#1207512):
  * CVE-2023-0471: Use after free in WebTransport
  * CVE-2023-0472: Use after free in WebRTC
  * CVE-2023-0473: Type Confusion in ServiceWorker API
  * CVE-2023-0474: Use after free in GuestView
  * Various fixes from internal audits, fuzzing and other
    initiatives
Version: 108.0.5359.94-bp153.2.145.1
* Sat Dec 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.94:
  * CVE-2022-4262: Type Confusion in V8 (boo#1205999)
Version: 108.0.5359.71-bp153.2.142.1
* Wed Nov 30 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.71 (boo#1205871):
  * CVE-2022-4174: Type Confusion in V8
  * CVE-2022-4175: Use after free in Camera Capture
  * CVE-2022-4176: Out of bounds write in Lacros Graphics
  * CVE-2022-4177: Use after free in Extensions
  * CVE-2022-4178: Use after free in Mojo
  * CVE-2022-4179: Use after free in Audio
  * CVE-2022-4180: Use after free in Mojo
  * CVE-2022-4181: Use after free in Forms
  * CVE-2022-4182: Inappropriate implementation in Fenced Frames
  * CVE-2022-4183: Insufficient policy enforcement in Popup Blocker
  * CVE-2022-4184: Insufficient policy enforcement in Autofill
  * CVE-2022-4185: Inappropriate implementation in Navigation
  * CVE-2022-4186: Insufficient validation of untrusted input in Downloads
  * CVE-2022-4187: Insufficient policy enforcement in DevTools
  * CVE-2022-4188: Insufficient validation of untrusted input in CORS
  * CVE-2022-4189: Insufficient policy enforcement in DevTools
  * CVE-2022-4190: Insufficient data validation in Directory
  * CVE-2022-4191: Use after free in Sign-In
  * CVE-2022-4192: Use after free in Live Caption
  * CVE-2022-4193: Insufficient policy enforcement in File System API
  * CVE-2022-4194: Use after free in Accessibility
  * CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
- drop chromium-105-wayland-1.20.patch, upstream
- drop chromium-107-compiler.patch
- add chromium-108-compiler.patch
- drop chromium-98-EnumTable-crash.patch
Version: 108.0.5359.124-bp153.2.148.1
* Wed Dec 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.124 (boo#1206403):
  * CVE-2022-4436: Use after free in Blink Media
  * CVE-2022-4437: Use after free in Mojo IPC
  * CVE-2022-4438: Use after free in Blink Frames
  * CVE-2022-4439: Use after free in Aura
  * CVE-2022-4440: Use after free in Profiles
* Wed Dec 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.98
  * Fix regression in computing <select> visibility
Version: 107.0.5304.87-bp153.2.133.1
* Fri Oct 28 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.87 (boo#1204819)
  * CVE-2022-3723: Type Confusion in V8
* Thu Oct 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 107.0.5304.68 (boo#1204732)
  * CVE-2022-3652: Type Confusion in V8
  * CVE-2022-3653: Heap buffer overflow in Vulkan
  * CVE-2022-3654: Use after free in Layout
  * CVE-2022-3655: Heap buffer overflow in Media Galleries
  * CVE-2022-3656: Insufficient data validation in File System
  * CVE-2022-3657: Use after free in Extensions
  * CVE-2022-3658: Use after free in Feedback service on Chrome OS
  * CVE-2022-3659: Use after free in Accessibility
  * CVE-2022-3660: Inappropriate implementation in Full screen mode
  * CVE-2022-3661: Insufficient data validation in Extensions
- Added patches:
  * chromium-107-compiler.patch
  * chromium-107-system-zlib.patch
- Removed patches:
  * chromium-105-compiler.patch
  * chromium-105-Bitmap-include.patch
  * chromium-106-AutofillPopupControllerImpl-namespace.patch
- Unbundle libyuv and libavif on TW
- Prepare 15.5
- Use qt on 15.4+ (15.3 too old)
Version: 107.0.5304.121-bp153.2.139.1
* Thu Nov 24 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.121 (boo#1205736)
  * CVE-2022-4135: Heap buffer overflow in GPU
* Thu Nov 17 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Build with llvm15 on openSUSE:Backports:SLE-15-SP5 and up
Version: 107.0.5304.110-bp153.2.136.1
* Wed Nov 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.110 (boo#1205221)
  * CVE-2022-3885: Use after free in V8
  * CVE-2022-3886: Use after free in Speech Recognition
  * CVE-2022-3887: Use after free in Web Workers
  * CVE-2022-3888: Use after free in WebCodecs
  * CVE-2022-3889: Type Confusion in V8
  * CVE-2022-3890: Heap buffer overflow in Crashpad
Version: 106.0.5249.91-bp153.2.125.1
* Sat Oct 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.91 (boo#1203808):
  * CVE-2022-3370: Use after free in Custom Elements
  * CVE-2022-3373: Out of bounds write in V8
- includes changes from 106.0.5249.61:
  * CVE-2022-3304: Use after free in CSS
  * CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
  * CVE-2022-3305: Use after free in Survey
  * CVE-2022-3306: Use after free in Survey
  * CVE-2022-3307: Use after free in Media
  * CVE-2022-3308: Insufficient policy enforcement in Developer Tools
  * CVE-2022-3309: Use after free in Assistant
  * CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
  * CVE-2022-3311: Use after free in Import
  * CVE-2022-3312: Insufficient validation of untrusted input in VPN
  * CVE-2022-3313: Incorrect security UI in Full Screen
  * CVE-2022-3314: Use after free in Logging
  * CVE-2022-3315: Type confusion in Blink
  * CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-3317: Insufficient validation of untrusted input in Intents
  * CVE-2022-3318: Use after free in ChromeOS Notifications
- drop patches:
  * chromium-104-tflite-system-zlib.patch
  * chromium-105-AdjustMaskLayerGeometry-ceilf.patch
  * chromium-105-Trap-raw_ptr.patch
  * chromium-105-browser_finder-include.patch
  * chromium-105-raw_ptr-noexcept.patch
- add patches
  * chromium-106-ffmpeg-duration.patch
  * chromium-106-AutofillPopupControllerImpl-namespace.patch
Version: 106.0.5249.119-bp153.2.128.1
* Wed Oct 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.119 (boo#1204223)
  * CVE-2022-3445: Use after free in Skia
  * CVE-2022-3446: Heap buffer overflow in WebSQL
  * CVE-2022-3447: Inappropriate implementation in Custom Tabs
  * CVE-2022-3448: Use after free in Permissions API
  * CVE-2022-3449: Use after free in Safe Browsing
  * CVE-2022-3450: Use after free in Peer Connection
* Thu Oct 06 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.103:
  * fix possible cache manager deadlock
  * Fix right-click menu appearing unexpectedly affecting screen
    readers
Version: 105.0.5195.127-bp153.2.122.1
* Wed Sep 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 105.0.5195.127 (boo#1203419):
  * CVE-2022-3195: Out of bounds write in Storage
  * CVE-2022-3196: Use after free in PDF
  * CVE-2022-3197: Use after free in PDF
  * CVE-2022-3198: Use after free in PDF
  * CVE-2022-3199: Use after free in Frames
  * CVE-2022-3200: Heap buffer overflow in Internals
  * CVE-2022-3201: Insufficient validation of untrusted input in DevTools
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 105.0.5195.102-bp153.2.119.1
* Thu Sep 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 105.0.5195.102 (boo#1203102):
  * CVE-2022-3075: Insufficient data validation in Mojo
- Chromium 105.0.5195.52 (boo#1202964):
  * CVE-2022-3038: Use after free in Network Service
  * CVE-2022-3039: Use after free in WebSQL
  * CVE-2022-3040: Use after free in Layout
  * CVE-2022-3041: Use after free in WebSQL
  * CVE-2022-3042: Use after free in PhoneHub
  * CVE-2022-3043: Heap buffer overflow in Screen Capture
  * CVE-2022-3044: Inappropriate implementation in Site Isolation
  * CVE-2022-3045: Insufficient validation of untrusted input in V8
  * CVE-2022-3046: Use after free in Browser Tag
  * CVE-2022-3071: Use after free in Tab Strip
  * CVE-2022-3047: Insufficient policy enforcement in Extensions API
  * CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
  * CVE-2022-3049: Use after free in SplitScreen
  * CVE-2022-3050: Heap buffer overflow in WebUI
  * CVE-2022-3051: Heap buffer overflow in Exosphere
  * CVE-2022-3052: Heap buffer overflow in Window Manager
  * CVE-2022-3053: Inappropriate implementation in Pointer Lock
  * CVE-2022-3054: Insufficient policy enforcement in DevTools
  * CVE-2022-3055: Use after free in Passwords
  * CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
  * CVE-2022-3057: Inappropriate implementation in iframe Sandbox
  * CVE-2022-3058: Use after free in Sign-In Flow
- Added patches:
  * chromium-105-AdjustMaskLayerGeometry-ceilf.patch
  * chromium-105-Bitmap-include.patch
  * chromium-105-browser_finder-include.patch
  * chromium-105-raw_ptr-noexcept.patch
  * chromium-105-Trap-raw_ptr.patch
  * chromium-105-wayland-1.20.patch
  * chromium-105-compiler.patch
- Removed patches:
  * chromium-104-compiler.patch
  * chromium-104-ContentRendererClient-type.patch
  * chromium-78-protobuf-RepeatedPtrField-export.patch
* Thu Sep 01 2022 Paolo Stivanin <info@paolostivanin.com>
- Update chromium-symbolic.svg: this fixes bsc#1202403.
* Mon Aug 22 2022 Andreas Schwab <schwab@suse.de>
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
Version: 104.0.5112.79-bp153.2.113.1
* Tue Aug 09 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 104.0.5112.79 (boo#1202075)
  * CVE-2022-2603: Use after free in Omnibox
  * CVE-2022-2604: Use after free in Safe Browsing
  * CVE-2022-2605: Out of bounds read in Dawn
  * CVE-2022-2606: Use after free in Managed devices API
  * CVE-2022-2607: Use after free in Tab Strip
  * CVE-2022-2608: Use after free in Overview Mode
  * CVE-2022-2609: Use after free in Nearby Share
  * CVE-2022-2610: Insufficient policy enforcement in Background Fetch
  * CVE-2022-2611: Inappropriate implementation in Fullscreen API
  * CVE-2022-2612: Side-channel information leakage in Keyboard input
  * CVE-2022-2613: Use after free in Input
  * CVE-2022-2614: Use after free in Sign-In Flow
  * CVE-2022-2615: Insufficient policy enforcement in Cookies
  * CVE-2022-2616: Inappropriate implementation in Extensions API
  * CVE-2022-2617: Use after free in Extensions API
  * CVE-2022-2618: Insufficient validation of untrusted input in Internals
  * CVE-2022-2619: Insufficient validation of untrusted input in Settings
  * CVE-2022-2620: Use after free in WebUI
  * CVE-2022-2621: Use after free in Extensions
  * CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
  * CVE-2022-2623: Use after free in Offline
  * CVE-2022-2624: Heap buffer overflow in PDF
- Added patches:
  * chromium-104-compiler.patch
  * chromium-104-ContentRendererClient-type.patch
  * chromium-104-tflite-system-zlib.patch
- Removed patches:
  * chromium-103-SubstringSetMatcher-packed.patch
  * chromium-103-FrameLoadRequest-type.patch
  * chromium-103-compiler.patch
- Use FFmpeg 5.1 on TW
* Sat Jul 23 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch back to Clang so that we can use BTI on aarch64
  * Gold is too old - doesn't understand BTI
  * LD crashes on aarch64
- Re-enable LTO
- Prepare move to FFmpeg 5 for new channel layout
  (requires 5.1+)
Version: 104.0.5112.101-bp153.2.116.1
* Thu Aug 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 104.0.5112.101 (boo#1202509):
  * CVE-2022-2852: Use after free in FedCM
  * CVE-2022-2854: Use after free in SwiftShader
  * CVE-2022-2855: Use after free in ANGLE
  * CVE-2022-2857: Use after free in Blink
  * CVE-2022-2858: Use after free in Sign-In Flow
  * CVE-2022-2853: Heap buffer overflow in Downloads
  * CVE-2022-2856: Insufficient validation of untrusted input in Intents
  * CVE-2022-2859: Use after free in Chrome OS Shell
  * CVE-2022-2860: Insufficient policy enforcement in Cookies
  * CVE-2022-2861: Inappropriate implementation in Extensions API
* Tue Aug 16 2022 Callum Farmer <gmbr3@opensuse.org>
- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)
Version: 103.0.5060.53-bp153.2.104.1
* Sat Jun 25 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 103.0.5060.53 (boo#1200783)
  * CVE-2022-2156: Use after free in Base
  * CVE-2022-2157: Use after free in Interest groups
  * CVE-2022-2158: Type Confusion in V8
  * CVE-2022-2160: Insufficient policy enforcement in DevTools
  * CVE-2022-2161: Use after free in WebApp Provider
  * CVE-2022-2162: Insufficient policy enforcement in File System API
  * CVE-2022-2163: Use after free in Cast UI and Toolbar
  * CVE-2022-2164: Inappropriate implementation in Extensions API
  * CVE-2022-2165: Insufficient data validation in URL formatting
- Added patches:
  * chromium-103-FrameLoadRequest-type.patch
  * chromium-103-SubstringSetMatcher-packed.patch
  * chromium-103-VirtualCursor-std-layout.patch
  * chromium-103-compiler.patch
- Removed patches:
  * chromium-102-compiler.patch
  * chromium-91-sql-standard-layout-type.patch
  * chromium-101-libxml-unbundle.patch
  * chromium-102-fenced_frame_utils-include.patch
  * chromium-102-swiftshader-template-instantiation.patch
  * chromium-102-symbolize-include.patch
  * chromium-97-arm-tflite-cast.patch
  * chromium-97-ScrollView-reference.patch
Version: 103.0.5060.134-bp153.2.110.1
* Wed Jul 20 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.134 (boo#1201679):
  * CVE-2022-2477 : Use after free in Guest View
  * CVE-2022-2478 : Use after free in PDF
  * CVE-2022-2479 : Insufficient validation of untrusted input in File
  * CVE-2022-2480 : Use after free in Service Worker API
  * CVE-2022-2481: Use after free in Views
  * CVE-2022-2163: Use after free in Cast UI and Toolbar
  * Various fixes from internal audits, fuzzing and other initiatives
Version: 103.0.5060.114-bp153.2.107.1
* Sat Jul 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.114 (boo#1201216)
  * CVE-2022-2294: Heap buffer overflow in WebRTC
  * CVE-2022-2295: Type Confusion in V8
  * CVE-2022-2296: Use after free in Chrome OS Shell
* Thu Jul 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.66
  * no upstream release notes
Version: 102.0.5005.61-bp154.2.5.3
* Wed Jun 01 2022 Callum Farmer <gmbr3@opensuse.org>
- Disable ARM control flow integrity, it causes build issues
  at the moment
- Try a different SVG (black logo on GNOME)
- Removed patches:
  * chromium-third_party-symbolize-missing-include.patch
  (replaced by chromium-102-symbolize-include.patch)
* Fri May 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 102.0.5001.61 (boo#1199893)
  * CVE-2022-1853: Use after free in Indexed DB
  * CVE-2022-1854: Use after free in ANGLE
  * CVE-2022-1855: Use after free in Messaging
  * CVE-2022-1856: Use after free in User Education
  * CVE-2022-1857: Insufficient policy enforcement in File System API
  * CVE-2022-1858: Out of bounds read in DevTools
  * CVE-2022-1859: Use after free in Performance Manager
  * CVE-2022-1860: Use after free in UI Foundations
  * CVE-2022-1861: Use after free in Sharing
  * CVE-2022-1862: Inappropriate implementation in Extensions
  * CVE-2022-1863: Use after free in Tab Groups
  * CVE-2022-1864: Use after free in WebApp Installs
  * CVE-2022-1865: Use after free in Bookmarks
  * CVE-2022-1866: Use after free in Tablet Mode
  * CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
  * CVE-2022-1868: Inappropriate implementation in Extensions API
  * CVE-2022-1869: Type Confusion in V8
  * CVE-2022-1870: Use after free in App Service
  * CVE-2022-1871: Insufficient policy enforcement in File System API
  * CVE-2022-1872: Insufficient policy enforcement in Extensions API
  * CVE-2022-1873: Insufficient policy enforcement in COOP
  * CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
  * CVE-2022-1875: Inappropriate implementation in PDF
  * CVE-2022-1876: Heap buffer overflow in DevTools
- Added patches:
  * chromium-102-compiler.patch
  * chromium-102-fenced_frame_utils-include.patch
  * chromium-102-regex_pattern-array.patch
  * chromium-102-swiftshader-template-instantiation.patch
  * chromium-102-symbolize-include.patch
  * ffmpeg-new-channel-layout.patch
- Removed patches:
  * chromium-100-compiler.patch
  * chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
  * chromium-95-quiche-include.patch
  * chromium-fix-swiftshader-template.patch
  * chromium-missing-include-tuple.patch
  * chromium-webrtc-stats-missing-vector.patch
  * chromium-101-segmentation_platform-type.patch
Version: 102.0.5005.115-bp153.2.101.1
* Fri Jun 10 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 102.0.5005.115 (boo#1200423)
  * CVE-2022-2007: Use after free in WebGPU
  * CVE-2022-2008: Out of bounds memory access in WebGL
  * CVE-2022-2010: Out of bounds read in compositing
  * CVE-2022-2011: Use after free in ANGLE
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)
Version: 101.0.4951.67-bp153.2.94.1
* Sun May 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.67
  * fixes for other platforms
* Thu Dec 30 2021 Callum Farmer <gmbr3@opensuse.org>
- Revert wayland fixes because it doesn't handle GPU correctly
  (boo#1194182)
Version: 101.0.4951.64-bp153.2.91.1
* Wed May 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.64 (boo#1199409)
  * CVE-2022-1633: Use after free in Sharesheet
  * CVE-2022-1634: Use after free in Browser UI
  * CVE-2022-1635: Use after free in Permission Prompts
  * CVE-2022-1636: Use after free in Performance APIs
  * CVE-2022-1637: Inappropriate implementation in Web Contents
  * CVE-2022-1638: Heap buffer overflow in V8 Internationalization
  * CVE-2022-1639: Use after free in ANGLE
  * CVE-2022-1640: Use after free in Sharing
  * CVE-2022-1641: Use after free in Web UI Diagnostics
Version: 101.0.4951.54-bp153.2.88.1
* Wed May 04 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 101.0.4951.54 (boo#1199118)
- Chromium 101.0.4951.41 (boo#1198917)
  * CVE-2022-1477: Use after free in Vulkan
  * CVE-2022-1478: Use after free in SwiftShader
  * CVE-2022-1479: Use after free in ANGLE
  * CVE-2022-1480: Use after free in Device API
  * CVE-2022-1481: Use after free in Sharing
  * CVE-2022-1482: Inappropriate implementation in WebGL
  * CVE-2022-1483: Heap buffer overflow in WebGPU
  * CVE-2022-1484: Heap buffer overflow in Web UI Settings
  * CVE-2022-1485: Use after free in File System API
  * CVE-2022-1486: Type Confusion in V8
  * CVE-2022-1487: Use after free in Ozone
  * CVE-2022-1488: Inappropriate implementation in Extensions API
  * CVE-2022-1489: Out of bounds memory access in UI Shelf
  * CVE-2022-1490: Use after free in Browser Switcher
  * CVE-2022-1491: Use after free in Bookmarks
  * CVE-2022-1492: Insufficient data validation in Blink Editing
  * CVE-2022-1493: Use after free in Dev Tools
  * CVE-2022-1494: Insufficient data validation in Trusted Types
  * CVE-2022-1495: Incorrect security UI in Downloads
  * CVE-2022-1496: Use after free in File Manager
  * CVE-2022-1497: Inappropriate implementation in Input
  * CVE-2022-1498: Inappropriate implementation in HTML Parser
  * CVE-2022-1499: Inappropriate implementation in WebAuthentication
  * CVE-2022-1500: Insufficient data validation in Dev Tools
  * CVE-2022-1501: Inappropriate implementation in iframe
- Added patches:
  * chromium-101-libxml-unbundle.patch
  * chromium-101-segmentation_platform-type.patch
- Removed patches:
  * chromium-100-SCTHashdanceMetadata-move.patch
  * chromium-100-GLImplementationParts-constexpr.patch
  * chromium-100-macro-typo.patch
* Thu Apr 21 2022 Callum Farmer <gmbr3@opensuse.org>
- Fixes for go 1.18
Version: 100.0.4896.88-bp153.2.82.1
* Tue Apr 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.88 (boo#1198361)
  * CVE-2022-1305: Use after free in storage
  * CVE-2022-1306: Inappropriate implementation in compositing
  * CVE-2022-1307: Inappropriate implementation in full screen
  * CVE-2022-1308: Use after free in BFCache
  * CVE-2022-1309: Insufficient policy enforcement in developer tools
  * CVE-2022-1310: Use after free in regular expressions
  * CVE-2022-1311: Use after free in Chrome OS shell
  * CVE-2022-1312: Use after free in storage
  * CVE-2022-1313: Use after free in tab groups
  * CVE-2022-1314: Type Confusion in V8
  * Various fixes from internal audits, fuzzing and other initiatives
* Sun Apr 10 2022 Callum Farmer <gmbr3@opensuse.org>
- Patches for GCC 12:
  * chromium-fix-swiftshader-template.patch
  * chromium-missing-include-tuple.patch
  * chromium-webrtc-stats-missing-vector.patch
* Tue Apr 05 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.75:
  * CVE-2022-1232: Type Confusion in V8 (boo#1198053)
* Wed Mar 30 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 100.0.4896.60 (boo#1197680)
  * CVE-2022-1125: Use after free in Portals
  * CVE-2022-1127: Use after free in QR Code Generator
  * CVE-2022-1128: Inappropriate implementation in Web Share API
  * CVE-2022-1129: Inappropriate implementation in Full Screen Mode
  * CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
  * CVE-2022-1131: Use after free in Cast UI
  * CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
  * CVE-2022-1133: Use after free in WebRTC
  * CVE-2022-1134: Type Confusion in V8
  * CVE-2022-1135: Use after free in Shopping Cart
  * CVE-2022-1136: Use after free in Tab Strip
  * CVE-2022-1137: Inappropriate implementation in Extensions
  * CVE-2022-1138: Inappropriate implementation in Web Cursor
  * CVE-2022-1139: Inappropriate implementation in Background Fetch API
  * CVE-2022-1141: Use after free in File Manager
  * CVE-2022-1142: Heap buffer overflow in WebUI
  * CVE-2022-1143: Heap buffer overflow in WebUI
  * CVE-2022-1144: Use after free in WebUI
  * CVE-2022-1145: Use after free in Extensions
  * CVE-2022-1146: Inappropriate implementation in Resource Timing
- Added patches:
  * chromium-100-compiler.patch
  * chromium-100-GLImplementationParts-constexpr.patch
  * chromium-100-InMilliseconds-constexpr.patch
  * chromium-100-SCTHashdanceMetadata-move.patch
  * chromium-100-macro-typo.patch
- Removed patches:
  * chromium-98-compiler.patch
  * chromium-86-nearby-explicit.patch
  * chromium-glibc-2.34.patch
  * chromium-v8-missing-utility-include.patch
  * chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* Tue Mar 29 2022 Andreas Schwab <schwab@suse.de>
- Update disk constraints
Version: 100.0.4896.127-bp153.2.85.1
* Fri Apr 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.127 (boo#1198509)
  * CVE-2022-1364: Type Confusion in V8
  * Various fixes from internal audits, fuzzing and other initiatives