| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: chromedriver | Distribution: openSUSE Tumbleweed |
| Version: 141.0.7390.107 | Vendor: openSUSE |
| Release: 1.1 | Build date: Wed Oct 15 04:48:55 2025 |
| Group: Unspecified | Build host: reproducible |
| Size: 27448598 | Source RPM: chromium-141.0.7390.107-1.1.nosrc.rpm |
| Packager: http://bugs.opensuse.org | |
| Url: https://www.chromium.org/ | |
| Summary: WebDriver for Google Chrome/Chromium | |
WebDriver is an open source tool for automated testing of webapps across many browsers. It provides capabilities for navigating to web pages, user input, JavaScript execution, and more. ChromeDriver is a standalone server which implements WebDriver's wire protocol for Chromium. It is being developed by members of the Chromium and WebDriver teams.
BSD-3-Clause
* Wed Oct 15 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 141.0.7390.107:
* CVE-2025-11756: Use after free in Safe Browsing (boo#1252013)
* Thu Oct 09 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 141.0.7390.76:
* Do not send URLs as AIM input. This is to resolve a privacy
concern, around passing urls to AI Mode.
* Thu Oct 09 2025 Dirk Müller <dmueller@suse.com>
- exclude the main tarball from the src.rpm to reduce size
(it is anyway fully referenced, so no supply chain concern)
* Wed Oct 08 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 141.0.7390.65 (boo#1251334):
* CVE-2025-11458: Heap buffer overflow in Sync
* CVE-2025-11460: Use after free in Storage
* CVE-2025-11211: Out of bounds read in WebCodecs
* Wed Oct 01 2025 ro@suse.de
- Chromium 141.0.7390.54
(stable released 2025-09-30) (boo#1250780)
* CVE-2025-11205: Heap buffer overflow in WebGPU
* CVE-2025-11206: Heap buffer overflow in Video
* CVE-2025-11207: Side-channel information leakage in Storage
* CVE-2025-11208: Inappropriate implementation in Media
* CVE-2025-11209: Inappropriate implementation in Omnibox
* CVE-2025-11210: Side-channel information leakage in Tab
* CVE-2025-11211: Out of bounds read in Media
* CVE-2025-11212: Inappropriate implementation in Media
* CVE-2025-11213: Inappropriate implementation in Omnibox
* CVE-2025-11215: Off by one error in V8
* CVE-2025-11216: Inappropriate implementation in Storage
* CVE-2025-11219: Use after free in V8
* Various fixes from internal audits, fuzzing and other initiatives
- added patches:
chromium-141-csss_style_sheet.patch (from fedora)
chromium-141-use_libcxx_modules.patch (from fedora)
chromium-141-no_cxx_modules.patch
(one more fallout from clang modules)
- modified patches: (context)
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch
ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch
ppc-fedora-add-ppc64-architecture-to-extensions.diff
ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch
(updated from debian)
chromium-121-rust-clang_lib.patch (redone)
- keeplibs:
added third_party/federated_compute (pulled in)
added third_party/oak (needed by federated_compute)
* Wed Sep 24 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 141.0.7390.37
(beta released 2025-09-24)
- modified patches:
chromium-125-compiler.patch
chromium-133-bring_back_and_disable_allowlist.patch
chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch
- dropped patches:
ppc-fedora-fix-rustc.patch (obsolete)
chromium-135-add_map_droppable.patch
* Wed Sep 24 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 140.0.7339.207 (boo#1250472)
* CVE-2025-10890: Side-channel information leakage in V8
* CVE-2025-10891: Integer overflow in V8
* CVE-2025-10892: Integer overflow in V8
* Mon Sep 22 2025 ro@suse.de
- use the same llvm version on recent distros,
build currently fails with lvm21
* Wed Sep 17 2025 ro@suse.de
- Chromium 140.0.7339.185 (stable released 2025-09-17) boo#1249999
* CVE-2025-10585: Type Confusion in V8
* CVE-2025-10500: Use after free in Dawn
* CVE-2025-10501: Use after free in WebRTC
* CVE-2025-10502: Heap buffer overflow in ANGLE
* Wed Sep 10 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 140.0.7339.127 (boo#1249388)
* CVE-2025-10200: Use after free in Serviceworker
* CVE-2025-10201: Inappropriate implementation in Mojo
* Tue Sep 02 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 140.0.7339.80 (boo#1249093):
* new permission prompt for local network access
* CVE-2025-9864: Use after free in V8
* CVE-2025-9865: Inappropriate implementation in Toolbar
* CVE-2025-9866: Inappropriate implementation in Extensions
* CVE-2025-9867: Inappropriate implementation in Downloads
* Various fixes from internal audits, fuzzing and other initiatives
* Tue Sep 02 2025 ro@suse.de
- modified patches:
ppc-fedora-0002-regenerate-xnn-buildgn.patch
(updated from debian)
* Thu Aug 28 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 140.0.7339.41
(early stable released 2025-08-27)
- modified patches:
chromium-125-compiler.patch
chromium-libusb_interrupt_event_handler.patch
gcc-enable-lto.patch
ppc-fedora-fix-unknown-warning-option-messages.diff
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
ppc-fedora-add-ppc64-architecture-to-extensions.diff
chromium-102-regex_pattern-array.patch
gtk-414.patch
ppc-fedora-fix-study-crash.patch
ppc-fedora-0002-regenerate-xnn-buildgn.patch (stub, needs to be redone)
ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
- added patches:
chromium-140-keep-__rust_no_alloc_shim_is_unstable.patch
(revert of upstream patch
8393b61ba876c8e1614275c97767f9b06b889f48)
chromium-140-old-flac.patch (applied for flac < 1.5.0)
- change rust_version to 1.86
- keeplibs:
removed buildtools/third_party/eu-strip (gone upstream)
removed wasm_tts_engine (gone upstream)
- bump gn BuildReq to 0.20250619
- do not use system_harfbuzz for 16+ for now, unbundle is broken
* Wed Aug 27 2025 ro@suse.de
- Chromium 139.0.7258.154 (boo#1248769)
* CVE-2025-9478: Use after free in ANGLE
* Tue Aug 19 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 139.0.7258.138 (boo#1248315):
* CVE-2025-9132: Out of bounds write in V8
* Wed Aug 13 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 139.0.7258.127 (boo#1247981):
* CVE-2025-8879: Heap buffer overflow in libaom
* CVE-2025-8880: Race in V8
* CVE-2025-8901: Out of bounds write in ANGLE
* CVE-2025-8881: Inappropriate implementation in File Picker
* CVE-2025-8882: Use after free in Aura
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Aug 07 2025 ro@suse.de
- really install libffmpeg.so if using the bundled one
and block the extra dependency
* Wed Aug 06 2025 ro@suse.de
- add patch:
chromium-139-pdfium-openjpeg-CVE-2025-54874.patch
(CVE-2025-54874 bsc#1247661) fix missing error check in openjpeg
* Wed Aug 06 2025 ro@suse.de
- re-add updated patch:
ppc-fedora-0002-regenerate-xnn-buildgn.patch
from https://src.fedoraproject.org/rpms/chromium/blob/
rawhide/f/0002-regenerate-xnn-buildgn.patch
* Tue Aug 05 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 139.0.7258.66 (boo#1247664):
* CVE-2025-8576: Use after free in Extensions
* CVE-2025-8577: Inappropriate implementation in Picture In Picture
* CVE-2025-8578: Use after free in Cast
* CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
* CVE-2025-8580: Inappropriate implementation in Filesystems
* CVE-2025-8581: Inappropriate implementation in Extensions
* CVE-2025-8582: Insufficient validation of untrusted input in DOM
* CVE-2025-8583: Inappropriate implementation in Permissions
- modified patches:
gcc-enable-lto.patch
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
ppc-fedora-skia-vsx-instructions.patch
ppc-fedora-fix-partition-alloc-compile.patch
ppc-fedora-0001-add-xnn-ppc64el-support.patch
- dropped patches:
chromium-warning-suppression-mappings.patch (using cmdline switch)
chromium-93-ffmpeg-4.4.patch
- dropped the ffmpeg revert patches that were only applied for 15:
chromium-125-ffmpeg-5.x-reordered_opaque.patch
Cr122-ffmpeg-new-channel-layout.patch
ffmpeg-new-channel-layout.patch
chromium-106-ffmpeg-duration.patch
chromium-93-ffmpeg-4.4-rest.patch
chromium-138-revert_ffmpeg_FF_AV.patch
- added patches:
ppc-debian-0003-third_party-ffmpeg-Add-ppc64-generated-config.patch
- keeplibs:
removed chrome/third_party/mozilla_security_manager
removed third_party/mesa
added third_party/ml_dtypes (needed in tflite/xla)
added third_party/readability (needed in tools/grit/grit)
added third_party/ffmpeg (gave up on reverting all recent
commits in the code using ffmpeg, need at least ffmpeg-7)
- remove disabled ppc-fedora-0002-regenerate-xnn-buildgn.patch
to please factory-auto
* Wed Jul 30 2025 ro@suse.de
- Chromium 138.0.7204.183 (boo#1247365):
* CVE-2025-8292: Use after free in Media Stream
- try to switch to smaller linux tarball from
https://github.com/chromium-linux-tarballs)
- disable chromium-91-java-only-allowed-in-android-builds.patch
(not part of reduced tarball)
* Tue Jul 29 2025 ro@suse.de
- set official_build to true (like other distributions)
"official builds have less debugging and go faster..."
- added patches:
chromium-139-deterministic.patch
(undefine __DATE__,__TIME__ like without official-build set
to keep the build reproducible)
* Thu Jul 24 2025 ro@suse.de
- modified patches:
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
(update context to apply)
* Tue Jul 22 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 138.0.7204.168 (boo#1246902):
* CVE-2025-8010: Type Confusion in V8
* CVE-2025-8011: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other
initiatives
* Tue Jul 15 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 138.0.7204.157 (boo#1246558):
* CVE-2025-7656: Integer overflow in V8
* CVE-2025-6558: Incorrect validation of untrusted input in ANGLE
and GPU
* CVE-2025-7657: Use after free in WebRTC
* Wed Jul 09 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 138.0.7204.100:
* tweaks to the Google services settings page
* Tue Jul 01 2025 ro@suse.de
- update from debian:
ppc-fedora-skia-vsx-instructions.patch
- dropped patches:
ppc-skia-revert-1.patch
ppc-skia-revert-2.patch
ppc-skia-revert-3.patch
* Tue Jul 01 2025 ro@suse.de
- Chromium 138.0.7204.96
(stable released 2025-06-30) (boo#1245544)
* CVE-2025-6554: Type Confusion in V8
* Wed Jun 25 2025 ro@suse.de
- Chromium 138.0.7204.49
(stable released 2025-06-24) (boo#1245332)
* CVE-2025-6555: Use after free in Animation
* CVE-2025-6556: Insufficient policy enforcement in Loader
* CVE-2025-6557: Insufficient data validation in DevTools
- dropped patches:
chromium-137-heuristics_missing_includes.patch (upstream)
chromium-137-pdfium_fix_pattribute.patch (upstream)
- modified patches:
chromium-125-compiler.patch (context)
ffmpeg-new-channel-layout.patch (context)
chromium-134-revert-rust-adler2.patch (context,reverse application)
ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch (context)
ppc-fedora-0002-regenerate-xnn-buildgn.patch (context)
ppc-fedora-memory-allocator-dcheck-assert-fix.patch (context)
chromium-warning-suppression-mappings.patch (context)
- added patches:
(conditional revert for old ffmpeg,
upstream 129f48501a7c3fa4236234f2fa0aee490a845b59)
chromium-138-revert_ffmpeg_FF_AV.patch
- keeplibs:
removed third_party/distributed_point_functions
removed third_party/tflite/src/third_party/eigen3
removed third_party/webrtc/rtc_base/third_party/base64
added third_party/dragonbox
(needed by ../v8/src/numbers/conversions.cc )
- bump gn buildrequires to 0.20250520
* Tue Jun 17 2025 ro@suse.de
- Chromium 137.0.7151.119
(stable release 2025-06-17) (boo#1244711)
* CVE-2025-6191: Integer overflow in V8
* CVE-2025-6192: Use after free in Profiler
* Thu Jun 12 2025 Bernhard Wiedemann <bwiedemann@suse.com>
- Replace usage of %jobs for reproducible builds (boo#1237231)
* Wed Jun 11 2025 ro@suse.de
- Chromium 137.0.7151.103
(stable release 2025-06-10) (boo#1244452)
* CVE-2025-5958: Use after free in Media
* CVE-2025-5959: Type Confusion in V8
* Tue Jun 03 2025 ro@suse.de
- Chromium 137.0.7151.68
(stable release 2025-06-03) (boo#1244019)
* CVE-2025-5419: Out of bounds read and write in V8
* CVE-2025-5068: Use after free in Blink
- Google is aware that an exploit for CVE-2025-5419
exists in the wild.
* Thu May 29 2025 ro@suse.de
- added patches:
ppc-fedora-0001-add-xnn-ppc64el-support.patch
ppc-fedora-0002-regenerate-xnn-buildgn.patch
* Tue May 27 2025 ro@suse.de
- Chromium 137.0.7151.55
(stable release 2025-05-27) (boo#1243741)
* CVE-2025-5063: Use after free in Compositing
* CVE-2025-5280: Out of bounds write in V8
* CVE-2025-5064: Inappropriate implementation in Background Fetch API
* CVE-2025-5065: Inappropriate implementation in FileSystemAccess API
* CVE-2025-5066: Inappropriate implementation in Messages
* CVE-2025-5281: Inappropriate implementation in BFCache
* CVE-2025-5283: Use after free in libvpx
* CVE-2025-5067: Inappropriate implementation in Tab Strip
- dropped patches:
chromium-135-gperf-output.patch (upstream)
- modified patches:
chromium-125-compiler.patch (context)
chromium-127-rust-clanglib.patch (context)
ffmpeg-new-channel-layout.patch
(drop one hunk where upstream dropped the code)
system-libdrm.patch (context)
ppc-fedora-fix-partition-alloc-compile.patch (context)
ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch (context)
ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch (context)
- added patches:
chromium-137-pdfium_fix_pattribute.patch
(fix typo in pAttribute attributes)
chromium-137-heuristics_missing_includes.patch
(upstream patch 4c736420952f355f18bdc4f4ea2d16e4514fa034)
chromium-137-disruptive_notification_permissions_manager-missing_include.patch
(missing include)
- revert last skia patches for gather_unaligned until we have a port for ppc64le
ppc-skia-revert-1.patch
ppc-skia-revert-2.patch
ppc-skia-revert-3.patch
- keeplibs:
added third_party/compiler-rt
* Wed May 14 2025 ro@suse.de
- Chromium 136.0.7103.113
(stable release 2025-05-14) (boo#1243205)
* CVE-2025-4664: Insufficient policy enforcement in Loader
* CVE-2025-4609: Incorrect handle provided in unspecified
circumstances in Mojo
* Mon May 12 2025 ro@suse.de
- try build on ppc64le
- added patches (from fedora)
ppc-fedora-add-ppc64-architecture-string.patch
ppc-fedora-0001-linux-seccomp-bpf-ppc64-glibc-workaround-in-SIGSYS-h.patch
ppc-fedora-0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch
ppc-fedora-0001-services-service_manager-sandbox-linux-Fix-TCGETS-de.patch
ppc-fedora-0001-sandbox-linux-bpf_dsl-Update-syscall-ranges-for-ppc6.patch
ppc-fedora-0001-sandbox-linux-Implement-partial-support-for-ppc64-sy.patch
ppc-fedora-0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch
ppc-fedora-0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch
ppc-fedora-0002-sandbox-linux-bpf_dsl-Modify-seccomp_macros-to-add-s.patch
ppc-fedora-0003-sandbox-linux-system_headers-Update-linux-seccomp-he.patch
ppc-fedora-0004-sandbox-linux-system_headers-Update-linux-signal-hea.patch
ppc-fedora-0005-sandbox-linux-seccomp-bpf-Add-ppc64-syscall-stub.patch
ppc-fedora-0005-sandbox-linux-update-unit-test-for-ppc64.patch
ppc-fedora-0006-sandbox-linux-disable-timedwait-time64-ppc64.patch
ppc-fedora-0007-sandbox-linux-add-ppc64-stat.patch
ppc-fedora-Sandbox-linux-services-credentials.cc-PPC.patch
ppc-fedora-0008-sandbox-fix-ppc64le-glibc234.patch
ppc-fedora-0001-third_party-angle-Include-missing-header-cstddef-in-.patch
ppc-fedora-0001-Add-PPC64-support-for-boringssl.patch
ppc-fedora-0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch
ppc-fedora-0001-third_party-pffft-Include-altivec.h-on-ppc64-with-SI.patch
ppc-fedora-0002-Add-PPC64-generated-files-for-boringssl.patch
ppc-fedora-0002-third_party-lss-kernel-structs.patch
ppc-fedora-0001-swiftshader-fix-build.patch
ppc-fedora-Rtc_base-system-arch.h-PPC.patch
ppc-fedora-0002-Include-cstddef-to-fix-build.patch
ppc-fedora-0004-third_party-crashpad-port-curl-transport-ppc64.patch
ppc-fedora-HACK-third_party-libvpx-use-generic-gnu.patch
ppc-fedora-0001-third-party-hwy-wrong-include.patch
ppc-fedora-HACK-debian-clang-disable-base-musttail.patch
ppc-fedora-0001-Add-ppc64-target-to-libaom.patch
ppc-fedora-0001-Add-pregenerated-config-for-libaom-on-ppc64.patch
ppc-fedora-0002-third_party-libvpx-Remove-bad-ppc64-config.patch
ppc-fedora-0003-third_party-libvpx-Add-ppc64-generated-config.patch
ppc-fedora-0004-third_party-libvpx-work-around-ambiguous-vsx.patch
ppc-fedora-skia-vsx-instructions.patch
ppc-fedora-0001-Implement-support-for-ppc64-on-Linux.patch
ppc-fedora-0001-Implement-support-for-PPC64-on-Linux.patch
ppc-fedora-0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch
ppc-fedora-fix-clang-selection.patch
ppc-fedora-fix-rustc.patch
ppc-fedora-fix-rust-linking.patch
ppc-fedora-fix-breakpad-compile.patch
ppc-fedora-fix-partition-alloc-compile.patch
ppc-fedora-fix-study-crash.patch
ppc-fedora-memory-allocator-dcheck-assert-fix.patch
ppc-fedora-fix-different-data-layouts.patch
ppc-fedora-0002-Add-ppc64-trap-instructions.patch
ppc-fedora-fix-ppc64-linux-syscalls-headers.patch
ppc-fedora-use-sysconf-page-size-on-ppc64.patch
ppc-fedora-0001-Enable-ppc64-pointer-compression.patch
ppc-fedora-dawn-fix-ppc64le-detection.patch
ppc-fedora-add-ppc64-architecture-to-extensions.diff
ppc-fedora-fix-unknown-warning-option-messages.diff
ppc-fedora-add-ppc64-pthread-stack-size.patch
ppc-fedora-fix-ppc64-rust_png-build-error.patch
- added patches
ppc-chromium-136-clang-config.patch
- disable swiftshader on ppc64le like on aarch64
* Wed May 07 2025 ro@suse.de
- Chromium 136.0.7103.92
(stable release 2025-05-06) (boo#1242717)
* CVE-2025-4372: Use after free in WebAudio
* Fri May 02 2025 ro@suse.de
- Chromium 136.0.7103.48
(stable release 2025-04-29) (boo#1242153)
* CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11
* CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09
* CVE-2025-4051: Insufficient data validation in DevTools. Reported by Daniel Fröjdendahl on 2025-03-1
* CVE-2025-4052: Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10
- added patches:
chromium-warning-suppression-mappings.patch
(from upstream, revert for llvm < 20)
- dropped patches:
fix-build-with-pipewire-1.3.82.patch (upstream)
- modified patches:
chromium-125-compiler.patch (context)
gtk-414.patch (one more place with GSK_SUBSURFACE_NODE)
- bump esbuild from 0.24.0 to 0.25.1
* Fix incorrect paths in inline source maps (#4070, #4075, #4105)
* Fix invalid generated source maps (#4080, #4082, #4104, #4107)
* Fix a regression with non-file source map paths (#4078)
* Update Go from 1.23.5 to 1.23.7 (#4076, #4077)
* Wed Apr 23 2025 ro@suse.de
- Chromium 135.0.7049.114
(stable release 2025-04-22)
* stability fixes
* Tue Apr 22 2025 ro@suse.de
- add patch chromium-135-gperf-output.patch from upstream
to fix compilation when using gperp-3.2 and above
which resolved the issue with the FALLTHROUGH comment
* Wed Apr 16 2025 ro@suse.de
- Chromium 135.0.7049.95
(stable release 2025-04-15) (boo#1241288)
* CVE-2025-3619: Heap buffer overflow in Codecs
* CVE-2025-3620: Use after free in USB
* Thu Apr 10 2025 ro@suse.de
- update chromium-121-rust-clang_lib.patch to apply cleanly
* Tue Apr 08 2025 ro@suse.de
- Chromium 135.0.7049.84
(stable release 2025-04-08) (boo#1240968)
* CVE-2025-3066: Use after free in Site Isolation
* Fri Apr 04 2025 ro@suse.de
- add patch chromium-135-add_map_droppable.patch
add MAP_DROPPABLE introduced by recent QT
(boo#1238826, boo#1239780)
* Tue Apr 01 2025 ro@suse.de
- Chromium 135.0.7049.52
(stable release 2025-04-01) (boo#1240555)
* CVE-2025-3066: Use after free in Navigations
* CVE-2025-3067: Inappropriate implementation in Custom Tabs
* CVE-2025-3068: Inappropriate implementation in Intents
* CVE-2025-3069: Inappropriate implementation in Extensions
* CVE-2025-3070: Insufficient validation of untrusted input in Extensions
* CVE-2025-3071: Inappropriate implementation in Navigations
* CVE-2025-3072: Inappropriate implementation in Custom Tabs
* CVE-2025-3073: Inappropriate implementation in Autofill
* CVE-2025-3074: Inappropriate implementation in Downloads
- modified patches:
system-libdrm.patch (context update)
gcc-enable-lto.patch (context update)
chromium-127-constexpr.patch (context update)
chromium-norar.patch (context update)
- added patches:
gtk-414.patch (reverse apply since our gtk4 is too old)
- add to keeplibs:
third_party/protobuf/third_party/utf8_range
- drop from keeplibs:
third_party/iccjpeg (gone upstream)
- config variable changed from use_qt to use_qt5
- bump buildrequires for gn to 0.20250306
* Wed Mar 26 2025 ro@suse.de
- drop chromium-134-revert-allowlist.patch
(obsolete, gn has been updated)
- also use nodejs 22 for sle15
* Sat Mar 22 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 134.0.6998.165
* stability fixes (boo#1240022)
* Fri Mar 21 2025 ro@suse.de
- drop chromium-120-make_unique-struct.patch (not needed)
* Thu Mar 20 2025 ro@suse.de
- Chromium 134.0.6998.117
(stable released 2025-03-20) (boo#1239819)
* CVE-2025-2476: Use after free in Lens
* Wed Mar 19 2025 ro@suse.de
- use rust1.85
* Fri Mar 14 2025 ro@suse.de
- drop chromium-94-ffmpeg-roll.patch
(build fail after ffmpeg updated from 4.4 to 4.4.5 in code15)
* Tue Mar 11 2025 ro@suse.de
- Chromium 134.0.6998.88
(stable released 2025-03-11) (boo#1239216)
* CVE-2025-1920: Type Confusion in V8
* CVE-2025-2135: Type Confusion in V8
* CVE-TBD: Out of bounds write in GPU
* CVE-2025-2136: Use after free in Inspector
* CVE-2025-2137: Out of bounds read in V8
* Wed Mar 05 2025 ro@suse.de
- replace patch
chromium-134-specialize-some-to_value_list.patch
by patch
chromium-134-type-mismatch-error.patch (from fedora)
* Thu Feb 27 2025 ro@suse.de
- Chromium 134.0.6998.35
(stable release 2025-03-04) (boo#1238575)
* CVE-2025-1914: Out of bounds read in V8
* CVE-2025-1915: Improper Limitation of a Pathname to a Restricted Directory in DevTools
* CVE-2025-1916: Use after free in Profiles
* CVE-2025-1917: Inappropriate Implementation in Browser UI
* CVE-2025-1918: Out of bounds read in PDFium
* CVE-2025-1919: Out of bounds read in Media
* CVE-2025-1921: Inappropriate Implementation in Media Stream
* CVE-2025-1922: Inappropriate Implementation in Selection
* CVE-2025-1923: Inappropriate Implementation in Permission Prompts
- modified patches:
fix_building_widevinecdm_with_chromium.patch
(do not define WIDEVINE_CDM_VERSION_STRING, gone upstream)
system-libdrm.patch (context update)
- added patches:
chromium-134-revert-allowlist.patch
(avoid having to update gn on all targets)
chromium-134-revert-rust-adler2.patch
(revert rust change from adler to adler2 while we have 1.83)
chromium-134-specialize-some-to_value_list.patch
- dropped patches (llvm17 is gone):
chromium-127-clang17-traitors.patch
chromium-add-atomicops.patch
chromium-133-string_view.patch
- add to keeplibs:
third_party/search_engines_data
v8/third_party/rapidhash-v8
- drop from keeplibs:
third_party/libavif (gone) (FIXME cleanup)
- reenable qt6 for TW
* Wed Feb 26 2025 ro@suse.de
- Chromium 133.0.6943.141 (boo#1237699)
This update includes 1 security fix.
* Various fixes from internal audits, fuzzing and other initiatives
* Mon Feb 24 2025 ro@suse.de
- fix build with qt6 and enable qt6 also for 15.x
- added patches:
chromium-131-fix-qt-ui.pach (from fedora)
* Wed Feb 19 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 133.0.6943.126 (boo#1237343)
* CVE-2025-0999: Heap buffer overflow in V8
* CVE-2025-1426: Heap buffer overflow in GPU
* CVE-2025-1006: Use after free in Network
* Tue Feb 18 2025 ro@suse.de
- replace "with qt" by "with qt5"
- add patch chromium-133-bring_back_and_disable_allowlist.patch
trying to fix issues with YT playback (bsc#1237071)
* Fri Feb 14 2025 Antonio Larrosa <alarrosa@suse.com>
- Fix patch to actually fix build with pipewire 1.3.82:
* fix-build-with-pipewire-1.3.82.patch
* Thu Feb 13 2025 Antonio Larrosa <alarrosa@suse.com>
- Add patch to fix build with pipewire 1.3.82:
* fix-build-with-pipewire-1.3.82.patch
* Thu Feb 13 2025 ro@suse.de
- Chromium 133.0.6943.98
(stable released 2025-02-12) (bsc#1237121)
* CVE-2025-0995: Use after free in V8
* CVE-2025-0996: Inappropriate implementation in Browser UI
* CVE-2025-0997: Use after free in Navigation
* CVE-2025-0998: Out of bounds memory access in V8
* Wed Feb 05 2025 ro@suse.de
- Chromium 133.0.6943.53
(stable released 2024-02-04) (bsc#1236806)
* CVE-2025-0444: Use after free in Skia
* CVE-2025-0445: Use after free in V8
* CVE-2025-0451: Inappropriate implementation in Extensions API
* Thu Jan 30 2025 ro@suse.de
- dropped patches: (obsolete with recent llvm)
chromium-130-no-hardware_destructive_interference_size.patch
* Thu Jan 30 2025 ro@suse.de
- Chromium 133.0.6943.35
(beta released 2025-01-29)
- use llvm19 also on 15.6/SLE-15-SP6
- dropped patches:
chromium-125-disable-FFmpegAllowLists.patch
chromium-119-assert.patch
(code dropped upstream)
- modified patches
chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch
(rest of code is gone upstream, see commit
574c1e6678da435efb2ea9dba5dd890c2704b8af)
- update context in
chromium-102-regex_pattern-array.patch
chromium-125-ffmpeg-5.x-reordered_opaque.patch
- add to keeplibs:
third_party/simdutf
third_party/wasm_tts_engine (needed by tools/grit)
v8/third_party/siphash (moved inside of v8)
v8/third_party/utf8-decoder (moved inside of v8)
v8/third_party/valgrind (moved inside of v8)
- drop from keeplibs (gone in source):
third_party/jstemplate does not exist
third_party/qcms does not exist
- drop buildreq for libevent and libevent from system libs
as the lib was dropped upstream
- added patches (as revert for llvm17 in sp6):
chromium-add-atomicops.patch
(upstream commit d29b01737a841b5627249d50f007dcdc7e26462b)
(upstream commit 780efe38034cfdc1bdf4c74e82e7ca7c14e8ac5b
does not seem to be in 133 yet)
chromium-133-string_view.patch
(one more place to use string_view, also only llvm17)
- update INSTALL.sh to generate appdata.xml from template
* Thu Jan 30 2025 ro@suse.de
- drop chromium-132-old_libdrm.patch
obsolete as we are not building for 15.5 anymore
* Wed Jan 29 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 132.0.6834.159 (boo#1236586)
* CVE-2025-0762: Use after free in DevTools
* Thu Jan 23 2025 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 132.0.6834.110 (boo#1236306)
* CVE-2025-0611: Object corruption in V8
* CVE-2025-0612: Out of bounds memory access in V8
* Mon Jan 13 2025 ro@suse.de
- Chromium 132.0.6834.83
(stable released 2024-01-14) (bsc#1235892)
* CVE-2025-0434: Out of bounds memory access in V8
* CVE-2025-0435: Inappropriate implementation in Navigation
* CVE-2025-0436: Integer overflow in Skia
* CVE-2025-0437: Out of bounds read in Metrics
* CVE-2025-0438: Stack buffer overflow in Tracing
* CVE-2025-0439: Race in Frames
* CVE-2025-0440: Inappropriate implementation in Fullscreen
* CVE-2025-0441: Inappropriate implementation in Fenced Frames
* CVE-2025-0442: Inappropriate implementation in Payments
* CVE-2025-0443: Insufficient data validation in Extensions
* CVE-2025-0446: Inappropriate implementation in Extensions
* CVE-2025-0447: Inappropriate implementation in Navigation
* CVE-2025-0448: Inappropriate implementation in Compositing
- dropped patches:
* chromium-131-unbundle-enable-freetype.patch (upstream)
- added patches:
* chromium-8d882c289f17e3a67d6d67d5ff7e9d16ebb4f19a.patch
(apply git upstream reverse for 15.x with llvm17)
* chromium-93-ffmpeg-4.4-rest.patch
(split off to only apply after the reverse)
* chromium-132-old_libdrm.patch
(applied only on 15.5 with libdrm < 2.4.116)
* chromium-132-pdfium-explicit-template.patch
(error: alias template requires template arguments)
- update context in
* chromium-125-compiler.patch
* chromium-127-rust-clanglib.patch
* Cr122-ffmpeg-new-channel-layout.patch
* gcc-enable-lto.patch
* chromium-127-constexpr.patch
- update esbuild to 0.24.0
- drop old tarball
- use upstream release tarball for 0.24.0
- add vendor tarball for golang.org/x/sys
- add to keeplibs:
third_party/libtess2
third_party/devtools-frontend/src/node_modules/fast-glob
* Fri Jan 10 2025 ro@suse.de
- more work on 15.7/15-SP7 using recent llvm,rust,gcc
- cleanup use of suse_version macro
- cleanup use of conditionally applied patches, switch from
autoset to setup/autopatch which allows to specify a range
and apply remaining patches conditionally
* Wed Jan 08 2025 ro@suse.de
- Chromium 131.0.6778.264 (boo#1235422)
* CVE-2025-0291: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Dec 19 2024 ro@suse.de
- Chromium 131.0.6778.204 (boo#1234704)
* CVE-2024-12692: Type Confusion in V8
* CVE-2024-12693: Out of bounds memory access in V8
* CVE-2024-12694: Use after free in Compositing
* CVE-2024-12695: Out of bounds write in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Dec 11 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 131.0.6778.139 (boo#1234361)
* CVE-2024-12381: Type Confusion in V8
* CVE-2024-12382: Use after free in Translate
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Dec 04 2024 ro@suse.de
- Chromium 131.0.6778.108
(stable released 2024-12-04) (boo#1234118)
* CVE-2024-12053: Type Confusion in V8
- update patches:
chromium-127-constexpr.patch
* Wed Nov 20 2024 ro@suse.de
- Chromium 131.0.6778.85
(stable released 2024-11-19) (boo#1233534)
* CVE-2024-11395: Type Confusion in V8
* Wed Nov 06 2024 ro@suse.de
- Chromium 131.0.6778.69
(stable released 2024-11-12) (boo#1233311)
* CVE-2024-11110: Inappropriate implementation in Blink.
* CVE-2024-11111: Inappropriate implementation in Autofill.
* CVE-2024-11112: Use after free in Media.
(n/a for linux)
* CVE-2024-11113: Use after free in Accessibility.
* CVE-2024-11114: Inappropriate implementation in Views.
(n/a for linux)
* CVE-2024-11115: Insufficient policy enforcement in Navigation.
(n/a for linux)
* CVE-2024-11116: Inappropriate implementation in Paint.
* CVE-2024-11117: Inappropriate implementation in FileSystem.
- dropped patches:
* chromium-130-missing-includes.patch (upstream)
* chromium-125-lp155-typename.patch (not required with llvm)
- modified patches:
* chromium-127-bindgen.patch (drop all allowlist changes)
* chromium-127-constexpr.patch (update from debian patch)
- added patches:
* chromium-131-unbundle-enable-freetype.patch
from git, missing in 131 release
* chromium-131-clang-stack-protector.patch
(partial revert of upstream commit
c3dadb02f611a360fb40fd8844ed3c1ef1e7834e)
- drop from keeplibs: (deleted upstream)
third_party/devtools-frontend/src/front_end/third_party/lodash-isequal
- add to keeplibs:
third_party/tflite/src/third_party/xla/xla/tsl (drop subdirs)
third_party/ink
* Tue Nov 05 2024 ro@suse.de
- Chromium 130.0.6723.116 (boo#1232843)
* CVE-2024-10826: Use after free in Family Experiences
* CVE-2024-10827: Use after free in Serial
* Wed Oct 30 2024 ro@suse.de
- Chromium 130.0.6723.91 (boo#1232566)
* CVE-2024-10487: Out of bounds write in Dawn
* CVE-2024-10488: Use after free in WebRTC
* Mon Oct 28 2024 ro@suse.de
- change BR for rust to require version 1.81
(1.82 uses a newer llvm)
* Sat Oct 26 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 130.0.6723.69 (boo#1232060)
* CVE-2024-10229: Inappropriate implementation in Extensions
* CVE-2024-10230: Type Confusion in V8
* CVE-2024-10231: Type Confusion in V8
* Sat Oct 12 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 130.0.6723.58 (boo#1231694)
* CVE-2024-9954: Use after free in AI
* CVE-2024-9955: Use after free in Web Authentication
* CVE-2024-9956: Inappropriate implementation in Web Authentication
* CVE-2024-9957: Use after free in UI
* CVE-2024-9958: Inappropriate implementation in PictureInPicture
* CVE-2024-9959: Use after free in DevTools
* CVE-2024-9960: Use after free in Dawn
* CVE-2024-9961: Use after free in Parcel Tracking
* CVE-2024-9962: Inappropriate implementation in Permissions
* CVE-2024-9963: Insufficient data validation in Downloads
* CVE-2024-9964: Inappropriate implementation in Payments
* CVE-2024-9965: Insufficient data validation in DevTools
* CVE-2024-9966: Inappropriate implementation in Navigations
- modified patches:
* exclude_ymp.patch update context
* chromium-125-compiler.patch update context
* chromium-125-lp155-typename.patch drop hunks for rewritten
proto_fetcher.h
* chromium-127-bindgen.patch update context
- added patches:
* chromium-130-missing-includes.patch include optional, stack
* chromium-130-no-hardware_destructive_interference_size.patch
workaround for older libcpp
- drop from keeplibs:
courgette/third_party dropped upstream
- add to keepllibs:
third_party/fast_float needed by v8/src/numbers/conversion.cc
* Sat Oct 12 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 129.0.6668.100 (boo#1231420)
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V8
* Wed Oct 02 2024 ro@suse.de
- Chromium 129.0.6668.89 (stable released 2024-09-24)
(boo#1231232)
* CVE-2024-7025: Integer overflow in Layout
* CVE-2024-9369: Insufficient data validation in Mojo
* CVE-2024-9370: Inappropriate implementation in V8
* Wed Sep 25 2024 ro@suse.de
- Chromium 129.0.6668.70 (stable released 2024-09-24)
(boo#1230964)
* CVE-2024-9120: Use after free in Dawn
* CVE-2024-9121: Inappropriate implementation in V8
* CVE-2024-9122: Type Confusion in V8
* CVE-2024-9123: Integer overflow in Skia
* Thu Sep 19 2024 ro@suse.de
- bump BR for nodejs to minimal 20.0
- dropped patches:
* chromium-disable-GlobalMediaControlsCastStartStop.patch
it was applied at the wrong place and the crash is gone
* Wed Sep 18 2024 ro@suse.de
- Chromium 129.0.6668.58 (stable released 2024-09-17)
(boo#1230678)
* CVE-2024-8904: Type Confusion in V8
* CVE-2024-8905: Inappropriate implementation in V8
* CVE-2024-8906: Incorrect security UI in Downloads
* CVE-2024-8907: Insufficient data validation in Omnibox
* CVE-2024-8908: Inappropriate implementation in Autofill
* CVE-2024-8909: Inappropriate implementation in UI
- modified patches:
* chromium-prop-codecs.patch update context
- add to keeplibs:
third_party/rapidhash
- drop from keeplibs:
third_party/libudev dropped upstream
third_party/catapult/third_party/html5lib-python dropped upstream
- add patches:
chromium-129-revert-AVFMT_FLAG_NOH264PARSE.patch
(not in our ffmpeg yet)
* Wed Sep 11 2024 ro@suse.de
- Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391)
* CVE-2024-8636: Heap buffer overflow in Skia
* CVE-2024-8637: Use after free in Media Router
* CVE-2024-8638: Type Confusion in V8
* CVE-2024-8639: Use after free in Autofill
* Tue Sep 03 2024 ro@suse.de
- Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108)
* CVE-2024-8362: Use after free in WebAudio
* CVE-2024-7970: Out of bounds write in V8
* Thu Aug 29 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 128.0.6613.113 (boo#1229897)
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-8193: Heap buffer overflow in Skia
* CVE-2024-8194: Type Confusion in V8
* CVE-2024-8198: Heap buffer overflow in Skia
* Wed Aug 21 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 128.0.6613.84 (boo#1229591)
* CVE-2024-7964: Use after free in Passwords
* CVE-2024-7965: Inappropriate implementation in V8
* CVE-2024-7966: Out of bounds memory access in Skia
* CVE-2024-7967: Heap buffer overflow in Fonts
* CVE-2024-7968: Use after free in Autofill
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-7971: Type confusion in V8
* CVE-2024-7972: Inappropriate implementation in V8
* CVE-2024-7973: Heap buffer overflow in PDFium
* CVE-2024-7974: Insufficient data validation in V8 API
* CVE-2024-7975: Inappropriate implementation in Permissions
* CVE-2024-7976: Inappropriate implementation in FedCM
* CVE-2024-7977: Insufficient data validation in Installer
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
* CVE-2024-7979: Insufficient data validation in Installer
* CVE-2024-7980: Insufficient data validation in Installer
* CVE-2024-7981: Inappropriate implementation in Views
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
* CVE-2024-8035: Inappropriate implementation in Extensions
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Aug 18 2024 ro@suse.de
- Chromium 128.0.6613.36 (boo#1229426)
- modified patches:
* chromium-norar.patch drop most hunks,
upstream has a config for this now
* gcc-enable-lto.patch update context
* chromium-125-compiler.patch update context
* chromium-127-constexpr.patch update context
- drop patches: (should be obsolete with llvm>17 and libc++)
chromium-120-emplace.patch
chromium-125-emplace-struct.patch
- drop patches: (upstream)
* chromium-121-nullptr_t-without-namespace-std.patch
* chromium-123-stats-collector.patch
* chromium-127-paint-layer-header.patch
* chromium-127-ninja-1.21.1-deps-part0.patch
* chromium-127-ninja-1.21.1-deps-part1.patch
* chromium-127-ninja-1.21.1-deps-part2.patch
* chromium-127-ninja-1.21.1-deps-part3.patch
- disable rpmlint only for factory/tw where it is broken because
of the large archive size of the source here
- keeplibs add
third_party/devtools-frontend/src/front_end/third_party/
puppeteer/package/lib/esm/third_party/parsel-js
third_party/tflite/src/third_party/xla/xla/tsl/framework
- buildflags add
safe_browsing_use_unrar=false
* Thu Aug 15 2024 ro@suse.de
- Chromium 127.0.6533.119 (boo#1228941)
* CVE-2024-7532: Out of bounds memory access in ANGLE
* CVE-2024-7533: Use after free in Sharing
* CVE-2024-7550: Type Confusion in V8
* CVE-2024-7534: Heap buffer overflow in Layout
* CVE-2024-7535: Inappropriate implementation in V8
* CVE-2024-7536: Use after free in WebAudio
* Thu Aug 01 2024 ro@suse.de
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-7005: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-6990: Uninitialized Use in Dawn
* CVE-2024-7255: Out of bounds read in WebTransport
* CVE-2024-7256: Insufficient data validation in Dawn
- drop patches:
* chromium-115-compiler-SkColor4f.patch only for llvm < 16
* chromium-117-system-zstd.patch upstreamed
* chromium-122-workaround_clang_bug-structured_binding.patch
* chromium-125-tabstrip-include.patch upstreamed
* chromium-126-missing-header-files.patch
* chromium-126-RealTimeReportingBindings-missing-decl.patch
upstreamed
* chromium-126-no_matching_constructor.patch
* chromium-126-no-format.patch upstreamed
- switch from libstdc++ to libc++
- drop patches obsolete when using libc++
* chromium-126-debian-bad-font-gc00000.patch
* chromium-126-debian-bad-font-gc2.patch
* chromium-126-debian-bad-font-gc1.patch
* chromium-126-debian-bad-font-gc00.patch
* chromium-126-debian-bad-font-gc000.patch
* chromium-126-debian-bad-font-gc11.patch
* chromium-126-debian-bad-font-gc0.patch
* chromium-126-debian-bad-font-gc0000.patch
* chromium-126-debian-bad-font-gc3.patch
- modify patches:
* chromium-125-lp155-typename.patch
- drop hunk in model_execution_util.h
- drop hunk in model_quality_log_entry.h
- dropping from keeplibs: (does not exist)
base/third_party/valgrind
third_party/maldoca
third_party/maldoca/src/third_party
- requires updated gn to build (newer than Feb 14 2024)
- add patches:
* chromium-127-bindgen.patch (from debian/patches/fixes))
* chromium-127-rust-clanglib.patch (just first hunk from fedora)
* chromium-127-clang17-traitors.patch
workaround for clang < 18 from debiana (only used on 15.6)
* chromium-127-constexpr.patch (from debian/patches/bookworm)
* chromium-127-paint-layer-header.patch (from debian/patches/upstream)
* chromium-127-ninja-1.21.1-deps-part0.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part1.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part2.patch (from fedora)
* chromium-127-ninja-1.21.1-deps-part3.patch (from fedora)
- buildrequire rust-bindgen to get proper binaries per arch
- use qt5 for factory as well, qt6 fails with:
ld.lld: error: undefined symbol: QByteArray::toStdString() const
referenced by qt_shim.cc
obj/ui/qt/qt6_shim/libqt6_shim.so.lto.qt_shim.o:(qt::QtShim::GetFontDescription() const)
- drop patches:
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc1.patch
* Wed Jul 17 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 126.0.6478.182 (boo#1227979)
* CVE-2024-6772: Inappropriate implementation in V8
* CVE-2024-6773: Type Confusion in V8
* CVE-2024-6774: Use after free in Screen Capture
* CVE-2024-6775: Use after free in Media Stream
* CVE-2024-6776: Use after free in Audio
* CVE-2024-6777: Use after free in Navigation
* CVE-2024-6778: Race in DevTools
* CVE-2024-6779: Out of bounds memory access in V8
* Tue Jul 09 2024 Callum Farmer <gmbr3@opensuse.org>
- Finalize 126
- Removed patches:
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch
- Added patches:
* chromium-126-RealTimeReportingBindings-missing-decl.patch
* chromium-126-no-format.patch
* Mon Jul 01 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
* CVE-2024-6290: Use after free in Dawn
* CVE-2024-6291: Use after free in Swiftshader
* CVE-2024-6292: Use after free in Dawn
* CVE-2024-6293: Use after free in Dawn
* CVE-2024-6100: Type Confusion in V8
* CVE-2024-6101: Inappropriate implementation in WebAssembly
* CVE-2024-6102: Out of bounds memory access in Dawn
* CVE-2024-6103: Use after free in Dawn
* CVE-2024-5830: Type Confusion in V8
* CVE-2024-5831: Use after free in Dawn
* CVE-2024-5832: Use after free in Dawn
* CVE-2024-5833: Type Confusion in V8
* CVE-2024-5834: Inappropriate implementation in Dawn
* CVE-2024-5835: Heap buffer overflow in Tab Groups
* CVE-2024-5836: Inappropriate Implementation in DevTools
* CVE-2024-5837: Type Confusion in V8
* CVE-2024-5838: Type Confusion in V8
* CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* CVE-2024-5840: Policy Bypass in CORS
* CVE-2024-5841: Use after free in V8
* CVE-2024-5842: Use after free in Browser UI
* CVE-2024-5843: Inappropriate implementation in Downloads
* CVE-2024-5844: Heap buffer overflow in Tab Strip
* CVE-2024-5845: Use after free in Audio
* CVE-2024-5846: Use after free in PDFium
* CVE-2024-5847: Use after free in PDFium
- drop patches:
* chromium-disable-parallel-gold.patch
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-ninja.patch
* chromium-125-no_matching_constructor.patch
* chromium-125-missing-header-files.patch
- add patches:
* chromium-126-missing-header-files.patch
* chromium-126-quiche-interator.patch
* chromium-126-no_matching_constructor.patch
* Wed Jun 12 2024 Callum Farmer <gmbr3@opensuse.org>
- Amend fix_building_widevinecdm_with_chromium.patch to allow
Widevine on ARM64 (bsc#1226170)
* Fri May 31 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.141 (boo#1225690)
* CVE-2024-5493: Heap buffer overflow in WebRTC
* CVE-2024-5494: Use after free in Dawn
* CVE-2024-5495: Use after free in Dawn
* CVE-2024-5496: Use after free in Media Session
* CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
* CVE-2024-5498: Use after free in Presentation API
* CVE-2024-5499: Out of bounds write in Streams API
* Fri May 24 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.112
* CVE-2024-5274: Type Confusion in V8 (boo#1225199)
* Tue May 21 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 125.0.6422.76 (boo#1224818)
* CVE-2024-5157: Use after free in Scheduling
* CVE-2024-5158: Type Confusion in V8
* CVE-2024-5159: Heap buffer overflow in ANGLE
* CVE-2024-5160: Heap buffer overflow in Dawn
* Various fixes from internal audits, fuzzing and other initiatives
* Thu May 16 2024 ro@suse.de
- Chromium 125.0.6422.60 (boo#1224341)
* CVE-2024-4947: Type Confusion in V8
* CVE-2024-4948: Use after free in Dawn
* CVE-2024-4949: Use after free in V8
* CVE-2024-4950: Inappropriate implementation in Downloads
- Chromium 125.0.6422.41
* New upstream (early) stable release.
- drop upstreamed patches:
* chromium-124-uint-includes.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-extractor-bitset.patch
* chromium-124-atomic.patch
* chromium-124-webgpu-optional.patch
* chromium-124-angle-powf.patch
- add debian upstream patches added for 125:
* chromium-125-appservice-include.patch
* chromium-125-lens-include.patch
* chromium-125-mojo-bindings-include.patch
* chromium-125-no-vector-consts.patch
* chromium-125-vulkan-include.patch
* chromium-125-tabstrip-include.patch
* chromium-125-ninja.patch
- add debian fixes patches to fix font gc crashes:
* chromium-125-debian-bad-font-gc0000.patch
* chromium-125-debian-bad-font-gc000.patch
* chromium-125-debian-bad-font-gc00.patch
* chromium-125-debian-bad-font-gc0.patch
* chromium-125-debian-bad-font-gc11.patch
* chromium-125-debian-bad-font-gc1.patch
* chromium-125-debian-bad-font-gc2.patch
* chromium-125-debian-bad-font-gc3.patch
- add from fedora (reverse applied for older ffmpeg):
* chromium-125-ffmpeg-5.x-reordered_opaque.patch
- re-diff and rename:
* from chromium-110-compiler.patch
to chromium-125-compiler.patch
* from chromium-120-emplace-struct.patch
to chromium-125-emplace-struct.patch
* from chromium-disable-FFmpegAllowLists.patch
to chromium-125-disable-FFmpegAllowLists.patch
* from chromium-122-missing-header-files.patch
to chromium-125-missing-header-files.patch
* from chromium-122-no_matching_constructor.patch
to chromium-125-no_matching_constructor.patch
* from chromium-122-lp155-typename.patch
to chromium-125-lp155-typename.patch
- third_party/zstd
added to keeplibs for
third_party/blink/renderer/platform:platform
- third_party/tflite/src/third_party/xla/xla/tsl/util
added to keeplibs for
third_party/tflite/tflite
- third_party/lens_server_proto
added to keeplibs for
gen/third_party/lens_server_proto
* Tue May 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.207 (boo#1224294)
* CVE-2024-4761: Out of bounds write in V8
* Fri May 10 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.201 (boo#1224208)
* CVE-2024-4671: Use after free in Visuals
- Chromium 124.0.6367.155 (boo#1224045)
* CVE-2024-4558: Use after free in ANGLE
* CVE-2024-4559: Heap buffer overflow in WebAudio
* Fri May 03 2024 ro@suse.de
- drop patches:
* chromium-123-WebUI-static_assert.patch
* Thu May 02 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 124.0.6367.118 (boo#1223846)
* CVE-2024-4331: Use after free in Picture In Picture
* CVE-2024-4368: Use after free in Dawn
* Wed May 01 2024 Callum Farmer <gmbr3@opensuse.org>
- Add patches:
* chromium-123-missing-QtGui.patch
- Restore libxml 2.12 check for chromium-124-system-libxml.patch
which replaced chromium-121-blink-libxml-const.patch
* Fri Apr 26 2024 ro@suse.de
- Chromium 124.0.6367.78 (boo#1223845)
* CVE-2024-4058: Type Confusion in ANGLE
* CVE-2024-4059: Out of bounds read in V8 API
* CVE-2024-4060: Use after free in Dawn
* Wed Apr 17 2024 ro@suse.de
- Chromium 124.0.6367.60 (boo#1222958)
* CVE-2024-3832: Object corruption in V8.
* CVE-2024-3833: Object corruption in WebAssembly.
* CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
* CVE-2024-3837: Use after free in QUIC.
* CVE-2024-3838: Inappropriate implementation in Autofill.
* CVE-2024-3839: Out of bounds read in Fonts.
* CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
* CVE-2024-3841: Insufficient data validation in Browser Switcher.
* CVE-2024-3843: Insufficient data validation in Downloads.
* CVE-2024-3844: Inappropriate implementation in Extensions.
* CVE-2024-3845: Inappropriate implementation in Network.
* CVE-2024-3846: Inappropriate implementation in Prompts.
* CVE-2024-3847: Insufficient policy enforcement in WebUI.
- drop patches:
* chromium-123-optional2.patch
* chromium-122-avoid-SFINAE-TypeConverter.patch
* chromium-123-PA-InternalAllocator.patch
- rediff patches:
* chromium-110-compiler.patch
* chromium-120-emplace.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-lp155-typename.patch
- add patches: from debian/fixes
* chromium-123-stats-collector.patch
- add patches: from debian/upstream
* chromium-124-angle-powf.patch
* chromium-124-atomic.patch
* chromium-124-extractor-bitset.patch
* chromium-124-fps-optional.patch
* chromium-124-span-optional.patch
* chromium-124-uint-includes.patch
* chromium-124-webgpu-optional.patch
- add patches:
* chromium-123-WebUI-static_assert.patch
workaround for compile issue in webui_contents_wrapper.h
* chromium-124-system-libxml.patch (from fedora)
* Sun Apr 14 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 123.0.6312.122 (boo#1222707)
* CVE-2024-3157: Out of bounds write in Compositing
* CVE-2024-3516: Heap buffer overflow in ANGLE
* CVE-2024-3515: Use after free in Dawn
- Chromium 123.0.6312.105 (boo#1222260)
* CVE-2024-3156: Inappropriate implementation in V8
* CVE-2024-3158: Use after free in Bookmarks
* CVE-2024-3159: Out of bounds memory access in V8
- Chromium 123.0.6312.86 (boo#1222035)
* CVE-2024-2883: Use after free in ANGLE
* CVE-2024-2885: Use after free in Dawn
* CVE-2024-2886: Use after free in WebCodecs
* CVE-2024-2887: Type Confusion in WebAssembly
- Chromium 123.0.6312.58 (boo#1221732)
* CVE-2024-2625: Object lifecycle issue in V8
* CVE-2024-2626: Out of bounds read in Swiftshader
* CVE-2024-2627: Use after free in Canvas
* CVE-2024-2628: Inappropriate implementation in Downloads
- drop patches:
* chromium-117-blink-BUILD-mnemonic.patch
* chromium-121-blink-libxml-const.patch
* chromium-122-BookmarkNode-missing-operator.patch
* chromium-122-WebUI-static_assert.patch
* chromium-122-PA-undo-internal-alloc.patch
* Mon Mar 18 2024 Callum Farmer <gmbr3@opensuse.org>
- Use Python 3.11 on Leap
- Rename chromium-122-skip_bubble_contents_wrapper_static_assert.patch
to chromium-122-WebUI-static_assert.patch
- Rename chromium-122-disable-FFmpegAllowLists.patch to
chromium-disable-FFmpegAllowLists.patch
- Rename chromium-122-static-assert.patch to
chromium-122-BookmarkNode-missing-operator.patch
- Rename chromium-122-undo-internal-alloc.patch to
chromium-122-PA-undo-internal-alloc.patch
- Rename chromium-122-typename.patch to
chromium-122-lp155-typename.patch
- Removed patches:
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-unique_ptr.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-constexpr.patch
* chromium-122-clang-build-flags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-121-el7-clang-version-warning.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-icu72-2.patch
* chromium-122-debian-upstream-mojo.patch
- Patches merged into other patches:
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* chromium-122-norar.patch
- Restore time clamper change to
chromium-122-missing-header-files.patch
- Fix missing/invalid casting in
chromium-122-no_matching_constructor.patch
* Wed Mar 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 122.0.6261.128 (boo#1221335)
* CVE-2024-2400: Use after free in Performance Manager
* Fri Mar 08 2024 ro@suse.de
- Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
* New upstream security release.
* CVE-2024-2173: Out of bounds memory access in V8.
* CVE-2024-2174: Inappropriate implementation in V8.
* CVE-2024-2176: Use after free in FedCM.
- Chromium 122.0.6261.94
* CVE-2024-1669: Out of bounds memory access in Blink.
* CVE-2024-1670: Use after free in Mojo.
* CVE-2024-1671: Inappropriate implementation in Site Isolation.
* CVE-2024-1672: Inappropriate implementation in Content Security Policy.
* CVE-2024-1673: Use after free in Accessibility.
* CVE-2024-1674: Inappropriate implementation in Navigation.
* CVE-2024-1675: Insufficient policy enforcement in Download.
* CVE-2024-1676: Inappropriate implementation in Navigation.
* Type Confusion in V8
* rediff chromium-disable-GlobalMediaControlsCastStartStop.patch
* drop chromium-114-lld-argument.patch
replaced by chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* drop chromium-121-no_matching_constructor.patch
replaced by chromium-122-no_matching_constructor.patch
* drop chromium-113-webview-namespace.patch (obsolete)
* reduce chromium-norar.patch
by the hunks in chromium-122-norar.patch
* drop chromium-114-revert-av1enc-lp154.patch
replaced by chromium-122-revert-av1enc-el9.patch
* drop chromium-115-lp155-typename.patch
chromium-116-lp155-typenames.patch
chromium-117-lp155-typename.patch
chromium-120-lp155-typename.patch
replaced by chromium-122-typename.patch
* drop chromium-121-missing-header-files.patch
replaced by chromium-122-missing-header-files.patch
* drop chromium-121-workaround_clang_bug-structured_binding.patch
replaced by chromium-122-workaround_clang_bug-structured_binding.patch
* drop chromium-121-no_matching_constructor.patch
replaced by chromium-122-no_matching_constructor.patch
* drop chromium-121-python3-invalid-escape-sequence.patch (upstream)
* drop chromium-disable-FFmpegAllowLists.patch
replaced by chromium-122-disable-FFmpegAllowLists.patch
* drop chromium-121-avoid-SFINAE-TypeConverter.patch
replaced by chromium-122-avoid-SFINAE-TypeConverter.patch
* add buildrequires for rust
* add patches from fedora package for 121 and 122
* chromium-121-el7-clang-version-warning.patch
* chromium-121-v8-c++20-p1.patch
* chromium-121-v8-c++20.patch
* chromium-122-arm64-memory_tagging.patch
* chromium-122-clang16-buildflags.patch
* chromium-122-clang16-disable-auto-upgrade-debug-info.patch
* chromium-122-clang-build-flags.patch
* chromium-122-constexpr.patch
* chromium-122-disable-FFmpegAllowLists.patch
* chromium-122-el7-default-constructor-involving-anonymous-union.patch
* chromium-122-el7-extra-operator.patch
* chromium-122-el7-inline-function.patch
* chromium-122-el8-support-64kpage.patch
* chromium-122-missing-header-files.patch
* chromium-122-no_matching_constructor.patch
* chromium-122-norar.patch
* chromium-122-python3-assignment-expressions.patch
* chromium-122-revert-av1enc-el9.patch
* chromium-122-static-assert.patch
* chromium-122-typename.patch
* chromium-122-unique_ptr.patch
* chromium-122-workaround_clang_bug-structured_binding.patch
* from debian add
* chromium-122-undo-internal-alloc.patch
* chromium-122-debian-upstream-bitset.patch
* chromium-122-debian-upstream-mojo.patch
* chromium-122-debian-upstream-optional.patch
* chromium-122-debian-upstream-uniqptr.patch
* chromium-122-debian-fixes-optional.patch
* added compile fix needed on code15
chromium-122-skip_bubble_contents_wrapper_static_assert.patch
to prevent "static assertion expression is not an integral constant expression"
"in call to 'operator+(&"."[0], ShoppingInsightsSidePanelUI::GetWebUIName())'"
in bubble_contents_wrapper.h:153
- replace Cr121-ffmpeg-new-channel-layout.patch by
Cr122-ffmpeg-new-channel-layout.patch (rediff against 122)
- drop chromium-121-system-old-ffmpeg.patch
* Fri Mar 08 2024 Callum Farmer <gmbr3@opensuse.org>
- Add Cr121-ffmpeg-new-channel-layout.patch to rollback more FFmpeg
changes so that FFmpeg 4 will work on Leap
- Prepare for libxml 2.12
* Sat Mar 02 2024 Callum Farmer <gmbr3@opensuse.org>
- Chromium 121.0.6167.184 (boo#1219118, boo#1219387, boo#1219661)
* CVE-2024-1284: Use after free in Mojo
* CVE-2024-1283: Heap buffer overflow in Skia
* CVE-2024-1060: Use after free in Canvas
* CVE-2024-1059: Use after free in WebRTC
* CVE-2024-1077: Use after free in Network
* CVE-2024-0807: Use after free in WebAudio
* CVE-2024-0812: Inappropriate implementation in Accessibility
* CVE-2024-0808: Integer underflow in WebUI
* CVE-2024-0810: Insufficient policy enforcement in DevTools
* CVE-2024-0814: Incorrect security UI in Payments
* CVE-2024-0813: Use after free in Reading Mode
* CVE-2024-0806: Use after free in Passwords
* CVE-2024-0805: Inappropriate implementation in Downloads
* CVE-2024-0804: Insufficient policy enforcement in iOS Security UI
* CVE-2024-0811: Inappropriate implementation in Extensions API
* CVE-2024-0809: Inappropriate implementation in Autofill
- Removed patches:
* chromium-117-includes.patch
* chromium-118-includes.patch
* chromium-119-dont-redefine-ATSPI-version-macros.patch
* chromium-120-missing-header-files.patch
* chromium-120-no_matching_constructor.patch
* chromium-120-nullptr_t-without-namespace-std.patch
* chromium-120-workaround_clang_bug-structured_binding.patch
* gcc13-fix.patch
* chromium-113-webauth-include-variant.patch
* chromium-110-system-libffi.patch
- Added patches:
* chromium-121-no_matching_constructor.patch
* chromium-121-nullptr_t-without-namespace-std.patch
* chromium-121-workaround_clang_bug-structured_binding.patch
* chromium-121-missing-header-files.patch
* chromium-121-rust-clang_lib.patch
* chromium-121-python3-invalid-escape-sequence.patch
* chromium-121-rust-clang_lib.patch
* chromium-121-avoid-SFINAE-TypeConverter.patch
* chromium-121-blink-libxml-const.patch
- Add patch chromium-disable-FFmpegAllowLists.patch:
disable codec checker this will always fail (bsc#1219070)
* Wed Jan 17 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 120.0.6099.224 (boo#1218892)
* CVE-2024-0517: Out of bounds write in V8
* CVE-2024-0518: Type Confusion in V8
* CVE-2024-0519: Out of bounds memory access in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Jan 14 2024 Callum Farmer <gmbr3@opensuse.org>
- Replace chromium-120-lp155-revert-clang-build-failure.patch
with chromium-120-make_unique-struct.patch - which avoids
reverting changes and instead provides a stub constructor to fix
build on Leap
* Sat Jan 13 2024 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302,
boo#1218533, boo#1218719)
* CVE-2024-0333: Insufficient data validation in Extensions
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
* CVE-2023-7024: Heap buffer overflow in WebRTC
* CVE-2023-6702: Type Confusion in V8
* CVE-2023-6703: Use after free in Blink
* CVE-2023-6704: Use after free in libavif (boo#1218303)
* CVE-2023-6705: Use after free in WebRTC
* CVE-2023-6706: Use after free in FedCM
* CVE-2023-6707: Use after free in CSS
* CVE-2023-6508: Use after free in Media Stream
* CVE-2023-6509: Use after free in Side Panel Search
* CVE-2023-6510: Use after free in Media Capture
* CVE-2023-6511: Inappropriate implementation in Autofill
* CVE-2023-6512: Inappropriate implementation in Web Browser UI
- drop patches:
* chromium-system-libusb.patch
* chromium-119-nullptr_t-without-namespace-std.patch
* chromium-119-no_matching_constructor.patch
* chromium-117-workaround_clang_bug-structured_binding.patch
- add patches:
* chromium-120-nullptr_t-without-namespace-std.patch
* chromium-120-emplace.patch
* chromium-120-lp155-typename.patch
* chromium-120-no_matching_constructor.patch
* chromium-120-missing-header-files.patch
* chromium-120-emplace-struct.patch
* chromium-120-workaround_clang_bug-structured_binding.patch
- add patches for Leap that revert braking changes:
* chromium-120-lp155-revert-clang-build-failure.patch
* Wed Nov 29 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.199 (boo#1217616)
* CVE-2023-6348: Type Confusion in Spellcheck
* CVE-2023-6347: Use after free in Mojo
* CVE-2023-6346: Use after free in WebAudio
* CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
* CVE-2023-6351: Use after free in libavif (boo#1217615)
* CVE-2023-6345: Integer overflow in Skia
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Nov 15 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.159 (boo#1217142)
* CVE-2023-5997: Use after free in Garbage Collection
* CVE-2023-6112: Use after free in Navigation
* Various fixes from internal audits, fuzzing and other initiatives
* Fri Nov 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 119.0.6045.123 (boo#1216978)
* CVE-2023-5996: Use after free in WebAudio
- Chromium 119.0.6045.105 (boo#1216783)
* CVE-2023-5480: Inappropriate implementation in Payments
* CVE-2023-5482: Insufficient data validation in USB
* CVE-2023-5849: Integer overflow in USB
* CVE-2023-5850: Incorrect security UI in Downloads
* CVE-2023-5851: Inappropriate implementation in Downloads
* CVE-2023-5852: Use after free in Printing
* CVE-2023-5853: Incorrect security UI in Downloads
* CVE-2023-5854: Use after free in Profiles
* CVE-2023-5855: Use after free in Reading Mode
* CVE-2023-5856: Use after free in Side Panel
* CVE-2023-5857: Inappropriate implementation in Downloads
* CVE-2023-5858: Inappropriate implementation in WebApp Provider
* CVE-2023-5859: Incorrect security UI in Picture In Picture
- dropped patches:
* chromium-98-gtk4-build.patch
* chromium-118-system-freetype.patch
* chromium-118-no_matching_constructor.patch
- added patches:
* chromium-119-no_matching_constructor.patch
* chromium-119-dont-redefine-ATSPI-version-macros.patch
* chromium-119-nullptr_t-without-namespace-std.patch
* chromium-119-assert.patch
* Tue Oct 24 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.117 (boo#1216549)
* CVE-2023-5472: Use after free in Profiles
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Oct 18 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.88:
* unspecified security fix (boo#1216392)
* Wed Oct 11 2023 Andreas Stieger <andreas.stieger@gmx.de>
- refresh chromium-117-emplace_back_on_vector-c++20.patch and
chromium-117-lp155-constructors.patch to
chromium-118-no_matching_constructor.patch
* Tue Oct 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.70 (boo#1216111)
* CVE-2023-5218: Use after free in Site Isolation
* CVE-2023-5487: Inappropriate implementation in Fullscreen
* CVE-2023-5484: Inappropriate implementation in Navigation
* CVE-2023-5475: Inappropriate implementation in DevTools
* CVE-2023-5483: Inappropriate implementation in Intents
* CVE-2023-5481: Inappropriate implementation in Downloads
* CVE-2023-5476: Use after free in Blink History
* CVE-2023-5474: Heap buffer overflow in PDF
* CVE-2023-5479: Inappropriate implementation in Extensions API
* CVE-2023-5485: Inappropriate implementation in Autofill
* CVE-2023-5478: Inappropriate implementation in Autofill
* CVE-2023-5477: Inappropriate implementation in Installer
* CVE-2023-5486: Inappropriate implementation in Input
* CVE-2023-5473: Use after free in Cast
- Build with system freetype (again), and zstd
- add patches:
* chromium-118-system-freetype.patch
* chromium-117-system-zstd.patch
* Sat Oct 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 118.0.5993.54
- add patches:
* chromium-118-includes.patch
* Wed Oct 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.149:
* CVE-2023-5346: Type Confusion in V8 (boo#1215924)
* Wed Sep 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.132 (boo#1215776):
* CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
* CVE-2023-5186: Use after free in Passwords
* CVE-2023-5187: Use after free in Extensions
* Fri Sep 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.92:
* stability improvements
* Wed Sep 20 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Add explicit build dependency on libepoxy for Tumbleweed
* Sun Sep 17 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 117.0.5938.88 (boo#1215279)
* CVE-2023-4900: Inappropriate implementation in Custom Tabs
* CVE-2023-4901: Inappropriate implementation in Prompts
* CVE-2023-4902: Inappropriate implementation in Input
* CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs
* CVE-2023-4904: Insufficient policy enforcement in Downloads
* CVE-2023-4905: Inappropriate implementation in Prompts
* CVE-2023-4906: Insufficient policy enforcement in Autofill
* CVE-2023-4907: Inappropriate implementation in Intents
* CVE-2023-4908: Inappropriate implementation in Picture in Picture
* CVE-2023-4909: Inappropriate implementation in Interstitials
- drop patches:
* chromium-100-InMilliseconds-constexpr.patch
* chromium-115-Qt-moc-version.patch
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-constuctors.patch
* chromium-115-workaround_clang_bug-structured_binding.patch
* chromium-115-emplace_back_on_vector-c++20.patch
- add patches:
* chromium-117-blink-BUILD-mnemonic.patch
* chromium-117-includes.patch
* chromium-117-lp155-constructors.patch
* chromium-117-string-convert.patch
* chromium-117-lp155-typename.patch
* chromium-117-workaround_clang_bug-structured_binding.patch
* chromium-117-emplace_back_on_vector-c++20.patch
* Wed Sep 13 2023 Andreas Stieger <andreas.stieger@gmx.de>
- CVE-2023-4863: build with the bundled library on Leap (boo#1215231)
* Tue Sep 12 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.187 (boo#1215231):
* CVE-2023-4863: Heap buffer overflow in WebP
* Wed Sep 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.179 (boo#1215023):
* CVE-2023-4761: Out of bounds memory access in FedCM
* CVE-2023-4762: Type Confusion in V8
* CVE-2023-4763: Use after free in Networks
* CVE-2023-4764: Incorrect security UI in BFCache
* Wed Aug 30 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.140 (boo#1214758):
* CVE-2023-4572: Use after free in MediaStream
* Wed Aug 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.110 (boo#1214487):
* CVE-2023-4427: Out of bounds memory access in V8
* CVE-2023-4428: Out of bounds memory access in CSS
* CVE-2023-4429: Use after free in Loader
* CVE-2023-4430: Use after free in Vulkan
* CVE-2023-4431: Out of bounds memory access in Fonts
* Mon Aug 14 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 116.0.5845.96
* New CSS features: Motion Path, and "display" and
"content-visibility" animations
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
forward cache NotRestoredReason API, Document Picture-in-
Picture, Expanded Wildcards in Permissions Policy Origins,
FedCM bundle: Login Hint API, User Info API, and RP Context API,
Non-composed Mouse and Pointer enter/leave events,
Remove document.open sandbox inheritance,
Report Critical-CH caused restart in NavigationTiming
- fix a number of security issues (boo#1214301):
* CVE-2023-2312: Use after free in Offline
* CVE-2023-4349: Use after free in Device Trust Connectors
* CVE-2023-4350: Inappropriate implementation in Fullscreen
* CVE-2023-4351: Use after free in Network
* CVE-2023-4352: Type Confusion in V8
* CVE-2023-4353: Heap buffer overflow in ANGLE
* CVE-2023-4354: Heap buffer overflow in Skia
* CVE-2023-4355: Out of bounds memory access in V8
* CVE-2023-4356: Use after free in Audio
* CVE-2023-4357: Insufficient validation of untrusted input in XML
* CVE-2023-4358: Use after free in DNS
* CVE-2023-4359: Inappropriate implementation in App Launcher
* CVE-2023-4360: Inappropriate implementation in Color
* CVE-2023-4361: Inappropriate implementation in Autofill
* CVE-2023-4362: Heap buffer overflow in Mojom IDL
* CVE-2023-4363: Inappropriate implementation in WebShare
* CVE-2023-4364: Inappropriate implementation in Permission Prompts
* CVE-2023-4365: Inappropriate implementation in Fullscreen
* CVE-2023-4366: Use after free in Extensions
* CVE-2023-4367: Insufficient policy enforcement in Extensions API
* CVE-2023-4368: Insufficient policy enforcement in Extensions API
- drop patches:
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
* chromium-115-verify_name_match-include.patch
* chromium-86-fix-vaapi-on-intel.patch
* chromium-115-skia-include.patch
* chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
- add patches:
* chromium-116-profile-view-utils-vector-include.patch
* chromium-116-blink-variant-include.patch
* chromium-116-lp155-url_load_stats-size-t.patch
* chromium-116-abseil-limits-include.patch
* chromium-116-lp155-typenames.patch
* chromium-116-lp155-constuctors.patch
- Build with bundled re2 on Leap
* Wed Aug 09 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix crash with extensions (boo#1214003)
chromium-115-dont-pass-nullptr-to-construct-re2-StringPiece.patch
* Thu Aug 03 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.170 (boo#1213920)
* CVE-2023-4068: Type Confusion in V8
* CVE-2023-4069: Type Confusion in V8
* CVE-2023-4070: Type Confusion in V8
* CVE-2023-4071: Heap buffer overflow in Visuals
* CVE-2023-4072: Out of bounds read and write in WebGL
* CVE-2023-4073: Out of bounds memory access in ANGLE
* CVE-2023-4074: Use after free in Blink Task Scheduling
* CVE-2023-4075: Use after free in Cast
* CVE-2023-4076: Use after free in WebRTC
* CVE-2023-4077: Insufficient data validation in Extensions
* CVE-2023-4078: Inappropriate implementation in Extensions
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Specify re2 build dependency in a way that makes Leap packages
build in devel project and in Maintenance
* Sun Jul 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.102:
* stability fix
- Add build fixes on Leap:
* chromium-115-emplace_back_on_vector-c++20.patch
* chromium-115-compiler-SkColor4f.patch
* chromium-115-workaround_clang_bug-structured_binding.patch
* chromium-115-add_BoundSessionRefreshCookieFetcher::Result.patch
- adjust chromium-115-lp155-typename.patch
- drop chromium-114-workaround_clang_bug-structured_binding.patch
* Wed Jul 19 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 115.0.5790.98
* Security: The Storage, Service Worker, and Communication APIs
are now partitioned in third-party contexts to prevent certain
types of side-channel cross-site tracking
* HTTPS: Automatically and optimistically upgrade all main-frame
navigations to HTTPS, with fast fallback to HTTP.
* CSS: accept multiple values of the display property
* CSS: support boolean context style container queries
* CSS: support scroll-driven animations
* Increase the maximum size of a WebAssembly.Module() on the main
thread to 8 MB
* FedCM: Support credential management mediation requirements for
auto re-authentication
* Deprecate the document.domain setter
* Deprecate mutation events
* Security fixes (boo#1213462):
CVE-2023-3727: Use after free in WebRTC
CVE-2023-3728: Use after free in WebRTC
CVE-2023-3730: Use after free in Tab Groups
CVE-2023-3732: Out of bounds memory access in Mojo
CVE-2023-3733: Inappropriate implementation in WebApp Installs
CVE-2023-3734: Inappropriate implementation in Picture In Picture
CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
CVE-2023-3736: Inappropriate implementation in Custom Tabs
CVE-2023-3737: Inappropriate implementation in Notifications
CVE-2023-3738: Inappropriate implementation in Autofill
CVE-2023-3740: Insufficient validation of untrusted input in Themes
Various fixes from internal audits, fuzzing and other initiatives
- drop chromium-113-typename.patch
- add chromium-115-skia-include.patch
- add chromium-115-verify_name_match-include.patch
- add chromium-115-lp155-typename.patch
- Add chromium-115-Qt-moc-version.patch: support Qt5 & Qt6 without
built-in copy of shim
* Tue Jun 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.198 (boo#1212755):
* CVE-2023-3420: Type Confusion in V8
* CVE-2023-3421: Use after free in Media
* CVE-2023-3422: Use after free in Guest View
* Sun Jun 25 2023 Callum Farmer <gmbr3@opensuse.org>
- Install Qt5 library & prepare for Qt6 in 115
* Wed Jun 14 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.133 (boo#1212302):
* CVE-2023-3214: Use after free in Autofill payments
* CVE-2023-3215: Use after free in WebRTC
* CVE-2023-3216: Type Confusion in V8
* CVE-2023-3217: Use after free in WebXR
* Various fixes from internal audits, fuzzing and other initiatives
* Wed Jun 07 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Fix Leap 15.4 build - chromium-114-revert-av1enc-lp154.patch
* Tue Jun 06 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 114.0.5735.106 (boo#1212044):
* CVE-2023-3079: Type Confusion in V8
* Sun Jun 04 2023 Callum Farmer <gmbr3@opensuse.org>
- Chromium 114.0.5735.90 (boo#1211843):
* CSS text-wrap: balance is available
* Cookies partitioned by top level site (CHIPS)
* New Popover API
- Security fixes:
* CVE-2023-2929: Out of bounds write in Swiftshader
* CVE-2023-2930: Use after free in Extensions
* CVE-2023-2931: Use after free in PDF
* CVE-2023-2932: Use after free in PDF
* CVE-2023-2933: Use after free in PDF
* CVE-2023-2934: Out of bounds memory access in Mojo
* CVE-2023-2935: Type Confusion in V8
* CVE-2023-2936: Type Confusion in V8
* CVE-2023-2937: Inappropriate implementation in Picture In Picture
* CVE-2023-2938: Inappropriate implementation in Picture In Picture
* CVE-2023-2939: Insufficient data validation in Installer
* CVE-2023-2940: Inappropriate implementation in Downloads
* CVE-2023-2941: Inappropriate implementation in Extensions API
- Drop patches:
* chromium-103-VirtualCursor-std-layout.patch
* chromium-113-system-zlib.patch
* chromium-113-workaround_clang_bug-structured_binding.patch
- Add patches
* chromium-114-workaround_clang_bug-structured_binding.patch
* chromium-114-lld-argument.patch
* Tue May 30 2023 Callum Farmer <gmbr3@opensuse.org>
- Un-bundle zlib again
- Remove un-needed patches:
* chromium-112-default-comparison-operators.patch
* chromium-109-clang-lp154.patch
* chromium-clang-nomerge.patch
* chromium-ffmpeg-lp152.patch
* chromium-lp151-old-drm.patch
- Added patches:
* chromium-113-system-zlib.patch
* Sun May 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- build with llvm15 on Leap
* Tue May 16 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 113.0.5672.126 (boo#1211442):
* CVE-2023-2721: Use after free in Navigation
* CVE-2023-2722: Use after free in Autofill UI
* CVE-2023-2723: Use after free in DevTools
* CVE-2023-2724: Type Confusion in V8
* CVE-2023-2725: Use after free in Guest View
* CVE-2023-2726: Inappropriate implementation in WebApp Installs
* Various fixes from internal audits, fuzzing and other initiatives
* Tue May 09 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 113.0.5672.92 (boo#1211211)
- Multiple security fixes (boo#1211036):
* CVE-2023-2459: Inappropriate implementation in Prompts
* CVE-2023-2460: Insufficient validation of untrusted input in Extensions
* CVE-2023-2461: Use after free in OS Inputs
* CVE-2023-2462: Inappropriate implementation in Prompts
* CVE-2023-2463: Inappropriate implementation in Full Screen Mode
* CVE-2023-2464: Inappropriate implementation in PictureInPicture
* CVE-2023-2465: Inappropriate implementation in CORS
* CVE-2023-2466: Inappropriate implementation in Prompts
* CVE-2023-2467: Inappropriate implementation in Prompts
* CVE-2023-2468: Inappropriate implementation in PictureInPicture
- drop chromium-94-sql-no-assert.patch
- drop no-location-leap151.patch
- add chromium-113-webview-namespace.patch
- add chromium-113-webauth-include-variant.patch
- add chromium-113-typename.patch
- add chromium-113-workaround_clang_bug-structured_binding.patch
* Wed Apr 19 2023 Andreas Stieger <Andreas.Stieger@gmx.de>
- Chromium 112.0.5615.165 (boo#1210618):
* CVE-2023-2133: Out of bounds memory access in Service Worker API
* CVE-2023-2134: Out of bounds memory access in Service Worker API
* CVE-2023-2135: Use after free in DevTools
* CVE-2023-2136: Integer overflow in Skia
* CVE-2023-2137: Heap buffer overflow in sqlite
- drop chromium-112-feed_protos.patch
* Sun Apr 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Fix Leap 15.4 build failures from default comparison operators
defined outside of the class definition, a C++20 feature
adding chromium-112-default-comparison-operators.patch
* Sat Apr 15 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 112.0.5615.121:
* CVE-2023-2033: Type Confusion in V8 (boo#1210478)
* Fri Apr 07 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Revert a breaking change with chromium-112-feed_protos.patch
* Tue Apr 04 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 112.0.5615.49
* CSS now supports nesting rules.
* The algorithm to set the initial focus on <dialog> elements was updated.
* No-op fetch() handlers on service workers are skipped from now on to make navigations faster
* The setter for document.domain is now deprecated.
* The recorder in devtools can now record with pierce selectors.
* Security fixes (boo#1210126):
* CVE-2023-1810: Heap buffer overflow in Visuals
* CVE-2023-1811: Use after free in Frames
* CVE-2023-1812: Out of bounds memory access in DOM Bindings
* CVE-2023-1813: Inappropriate implementation in Extensions
* CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing
* CVE-2023-1815: Use after free in Networking APIs
* CVE-2023-1816: Incorrect security UI in Picture In Picture
* CVE-2023-1817: Insufficient policy enforcement in Intents
* CVE-2023-1818: Use after free in Vulkan
* CVE-2023-1819: Out of bounds read in Accessibility
* CVE-2023-1820: Heap buffer overflow in Browser History
* CVE-2023-1821: Inappropriate implementation in WebShare
* CVE-2023-1822: Incorrect security UI in Navigation
* CVE-2023-1823: Inappropriate implementation in FedCM
* Mon Mar 27 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.147:
* nth-child() validation performance regression for SAP apps
* Thu Mar 23 2023 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update gcc13-fix.patch with few fixes required for aarch64,
borrowed from Fedora's gcc13 patch
* Wed Mar 22 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.110 (boo#1209598)
* CVE-2023-1528: Use after free in Passwords
* CVE-2023-1529: Out of bounds memory access in WebHID
* CVE-2023-1530: Use after free in PDF
* CVE-2023-1531: Use after free in ANGLE
* CVE-2023-1532: Out of bounds read in GPU Video
* CVE-2023-1533: Use after free in WebProtect
* CVE-2023-1534: Out of bounds read in ANGLE
* Mon Mar 20 2023 Martin Liška <mliska@suse.cz>
- Add gcc13-fix.patch in order to support GCC 13.
* Thu Mar 09 2023 Callum Farmer <gmbr3@opensuse.org>
- Revert back to GCC 11 on 15.4 as Clang 13 doesn't support GCC 12
* Thu Mar 09 2023 Callum Farmer <gmbr3@opensuse.org>
- Bump Leap's GCC to 12 as Chromium really likes newer standards
* Thu Mar 09 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 111.0.5563.64
* New View Transitions API
* CSS Color Level 4
* New developer tools in style panel for color functionality
* CSS added trigonometric functions, additional root font units
and extended the n-th child pseudo selector.
* previousslide and nextslide actions are now part of the Media
Session API
* A number of security fixes (boo#1209040)
* CVE-2023-1213: Use after free in Swiftshader
* CVE-2023-1214: Type Confusion in V8
* CVE-2023-1215: Type Confusion in CSS
* CVE-2023-1216: Use after free in DevTools
* CVE-2023-1217: Stack buffer overflow in Crash reporting
* CVE-2023-1218: Use after free in WebRTC
* CVE-2023-1219: Heap buffer overflow in Metrics
* CVE-2023-1220: Heap buffer overflow in UMA
* CVE-2023-1221: Insufficient policy enforcement in Extensions API
* CVE-2023-1222: Heap buffer overflow in Web Audio API
* CVE-2023-1223: Insufficient policy enforcement in Autofill
* CVE-2023-1224: Insufficient policy enforcement in Web Payments API
* CVE-2023-1225: Insufficient policy enforcement in Navigation
* CVE-2023-1226: Insufficient policy enforcement in Web Payments API
* CVE-2023-1227: Use after free in Core
* CVE-2023-1228: Insufficient policy enforcement in Intents
* CVE-2023-1229: Inappropriate implementation in Permission prompts
* CVE-2023-1230: Inappropriate implementation in WebApp Installs
* CVE-2023-1231: Inappropriate implementation in Autofill
* CVE-2023-1232: Insufficient policy enforcement in Resource Timing
* CVE-2023-1233: Insufficient policy enforcement in Resource Timing
* CVE-2023-1234: Inappropriate implementation in Intents
* CVE-2023-1235: Type Confusion in DevTools
* CVE-2023-1236: Inappropriate implementation in Internals
- drop patches:
* chromium-86-ImageMemoryBarrierData-init.patch
* chromium-93-InkDropHost-crash.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* chromium-icu72-1.patch
* Thu Feb 23 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.177 (boo#1208589)
* CVE-2023-0927: Use after free in Web Payments API
* CVE-2023-0928: Use after free in SwiftShader
* CVE-2023-0929: Use after free in Vulkan
* CVE-2023-0930: Heap buffer overflow in Video
* CVE-2023-0931: Use after free in Video
* CVE-2023-0932: Use after free in WebRTC
* CVE-2023-0933: Integer overflow in PDF
* CVE-2023-0941: Use after free in Prompts
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 16 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.100
* fix regression on SAP Business Objects web UI
* fix date formatting behavior change from ICU 72
* Wed Feb 08 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 110.0.5481.77 (boo#1208029):
* CVE-2023-0696: Type Confusion in V8
* CVE-2023-0697: Inappropriate implementation in Full screen mode
* CVE-2023-0698: Out of bounds read in WebRTC
* CVE-2023-0699: Use after free in GPU
* CVE-2023-0700: Inappropriate implementation in Download
* CVE-2023-0701: Heap buffer overflow in WebUI
* CVE-2023-0702: Type Confusion in Data Transfer
* CVE-2023-0703: Type Confusion in DevTools
* CVE-2023-0704: Insufficient policy enforcement in DevTools
* CVE-2023-0705: Integer overflow in Core
* Various fixes from internal audits, fuzzing and other initiatives
- build with bundled libavif
- dropped patches:
* chromium-109-compiler.patch
* chromium-icu72-3.patch
- added patches:
* chromium-110-compiler.patch
* chromium-110-system-libffi.patch
* chromium-110-NativeThemeBase-fabs.patch
* chromium-110-CredentialUIEntry-const.patch
* chromium-110-DarkModeLABColorSpace-pow.patch
* v8-move-the-Stack-object-from-ThreadLocalTop.patch
* Wed Jan 25 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 109.0.5414.119 (boo#1207512):
* CVE-2023-0471: Use after free in WebTransport
* CVE-2023-0472: Use after free in WebRTC
* CVE-2023-0473: Type Confusion in ServiceWorker API
* CVE-2023-0474: Use after free in GuestView
* Various fixes from internal audits, fuzzing and other
initiatives
* Tue Jan 17 2023 Callum Farmer <gmbr3@opensuse.org>
- Added patches:
* chromium-icu72-1.patch: ensure TextCodecCJK doesn't conflict
with system icu (bsc#1207147)
* chromium-icu72-2.patch: align default characters for old icu
with that of ICU 72
* chromium-icu72-3.patch: make V8 aware of space in ICU 72 time
format
* Tue Jan 10 2023 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 109.0.5414.74:
* Add support for MathML Core
* CSS: Auto range support for font descriptors inside @font-face
rule
* CSS: Add lh length unit
* CSS: Add hyphenate-limit-chars property
* CSS: Snap border, outline and column-rule widths before layout
* API: Improved screen sharing and web conferencing: hints for
suppressing local audio playback, and Conditional Focus
* API: HTTP response status code in the Resource Timing API
* API: Same-site cross-origin prerendering triggered by the
speculation rules API
* Remove Event.path API
* CVE-2023-0128: Use after free in Overview Mode
* CVE-2023-0129: Heap buffer overflow in Network Service
* CVE-2023-0130: Inappropriate implementation in Fullscreen API
* CVE-2023-0131: Inappropriate implementation in iframe Sandbox
* CVE-2023-0132: Inappropriate implementation in Permission prompts
* CVE-2023-0133: Inappropriate implementation in Permission prompts
* CVE-2023-0134: Use after free in Cart
* CVE-2023-0135: Use after free in Cart
* CVE-2023-0136: Inappropriate implementation in Fullscreen API
* CVE-2023-0137: Heap buffer overflow in Platform Apps
* CVE-2023-0138: Heap buffer overflow in libphonenumber
* CVE-2023-0139: Insufficient validation of untrusted input in Downloads
* CVE-2023-0140: Inappropriate implementation in File System API
* CVE-2023-0141: Insufficient policy enforcement in CORS
* Various fixes from internal audits, fuzzing and other initiatives
- drop patches:
* chromium-gcc11.patch - not needed
* chromium-107-system-zlib.patch - upstream
* chromium-108-compiler.patch
- add patches:
* chromium-109-compiler.patch
* chromium-109-clang-lp154.patch
* Sun Dec 18 2022 Callum Farmer <gmbr3@opensuse.org>
- Add chromium-disable-GlobalMediaControlsCastStartStop.patch:
disable GlobalMediaControlsCastStartStop to fix crashes
occurring when interacting with the Media UI (bsc#1198124)
* Wed Dec 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.124 (boo#1206403):
* CVE-2022-4436: Use after free in Blink Media
* CVE-2022-4437: Use after free in Mojo IPC
* CVE-2022-4438: Use after free in Blink Frames
* CVE-2022-4439: Use after free in Aura
* CVE-2022-4440: Use after free in Profiles
* Wed Dec 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.98
* Fix regression in computing <select> visibility
* Sat Dec 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.94:
* CVE-2022-4262: Type Confusion in V8 (boo#1205999)
* Wed Nov 30 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 108.0.5359.71 (boo#1205871):
* CVE-2022-4174: Type Confusion in V8
* CVE-2022-4175: Use after free in Camera Capture
* CVE-2022-4176: Out of bounds write in Lacros Graphics
* CVE-2022-4177: Use after free in Extensions
* CVE-2022-4178: Use after free in Mojo
* CVE-2022-4179: Use after free in Audio
* CVE-2022-4180: Use after free in Mojo
* CVE-2022-4181: Use after free in Forms
* CVE-2022-4182: Inappropriate implementation in Fenced Frames
* CVE-2022-4183: Insufficient policy enforcement in Popup Blocker
* CVE-2022-4184: Insufficient policy enforcement in Autofill
* CVE-2022-4185: Inappropriate implementation in Navigation
* CVE-2022-4186: Insufficient validation of untrusted input in Downloads
* CVE-2022-4187: Insufficient policy enforcement in DevTools
* CVE-2022-4188: Insufficient validation of untrusted input in CORS
* CVE-2022-4189: Insufficient policy enforcement in DevTools
* CVE-2022-4190: Insufficient data validation in Directory
* CVE-2022-4191: Use after free in Sign-In
* CVE-2022-4192: Use after free in Live Caption
* CVE-2022-4193: Insufficient policy enforcement in File System API
* CVE-2022-4194: Use after free in Accessibility
* CVE-2022-4195: Insufficient policy enforcement in Safe Browsing
- drop chromium-105-wayland-1.20.patch, upstream
- drop chromium-107-compiler.patch
- add chromium-108-compiler.patch
- drop chromium-98-EnumTable-crash.patch
* Thu Nov 24 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.121 (boo#1205736)
* CVE-2022-4135: Heap buffer overflow in GPU
* Thu Nov 17 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Build with llvm15 on openSUSE:Backports:SLE-15-SP5 and up
* Wed Nov 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.110 (boo#1205221)
* CVE-2022-3885: Use after free in V8
* CVE-2022-3886: Use after free in Speech Recognition
* CVE-2022-3887: Use after free in Web Workers
* CVE-2022-3888: Use after free in WebCodecs
* CVE-2022-3889: Type Confusion in V8
* CVE-2022-3890: Heap buffer overflow in Crashpad
* Fri Oct 28 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 107.0.5304.87 (boo#1204819)
* CVE-2022-3723: Type Confusion in V8
* Thu Oct 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 107.0.5304.68 (boo#1204732)
* CVE-2022-3652: Type Confusion in V8
* CVE-2022-3653: Heap buffer overflow in Vulkan
* CVE-2022-3654: Use after free in Layout
* CVE-2022-3655: Heap buffer overflow in Media Galleries
* CVE-2022-3656: Insufficient data validation in File System
* CVE-2022-3657: Use after free in Extensions
* CVE-2022-3658: Use after free in Feedback service on Chrome OS
* CVE-2022-3659: Use after free in Accessibility
* CVE-2022-3660: Inappropriate implementation in Full screen mode
* CVE-2022-3661: Insufficient data validation in Extensions
- Added patches:
* chromium-107-compiler.patch
* chromium-107-system-zlib.patch
- Removed patches:
* chromium-105-compiler.patch
* chromium-105-Bitmap-include.patch
* chromium-106-AutofillPopupControllerImpl-namespace.patch
- Unbundle libyuv and libavif on TW
- Prepare 15.5
- Use qt on 15.4+ (15.3 too old)
* Wed Oct 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.119 (boo#1204223)
* CVE-2022-3445: Use after free in Skia
* CVE-2022-3446: Heap buffer overflow in WebSQL
* CVE-2022-3447: Inappropriate implementation in Custom Tabs
* CVE-2022-3448: Use after free in Permissions API
* CVE-2022-3449: Use after free in Safe Browsing
* CVE-2022-3450: Use after free in Peer Connection
* Thu Oct 06 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.103:
* fix possible cache manager deadlock
* Fix right-click menu appearing unexpectedly affecting screen
readers
* Sat Oct 01 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 106.0.5249.91 (boo#1203808):
* CVE-2022-3370: Use after free in Custom Elements
* CVE-2022-3373: Out of bounds write in V8
- includes changes from 106.0.5249.61:
* CVE-2022-3304: Use after free in CSS
* CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools
* CVE-2022-3305: Use after free in Survey
* CVE-2022-3306: Use after free in Survey
* CVE-2022-3307: Use after free in Media
* CVE-2022-3308: Insufficient policy enforcement in Developer Tools
* CVE-2022-3309: Use after free in Assistant
* CVE-2022-3310: Insufficient policy enforcement in Custom Tabs
* CVE-2022-3311: Use after free in Import
* CVE-2022-3312: Insufficient validation of untrusted input in VPN
* CVE-2022-3313: Incorrect security UI in Full Screen
* CVE-2022-3314: Use after free in Logging
* CVE-2022-3315: Type confusion in Blink
* CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing
* CVE-2022-3317: Insufficient validation of untrusted input in Intents
* CVE-2022-3318: Use after free in ChromeOS Notifications
- drop patches:
* chromium-104-tflite-system-zlib.patch
* chromium-105-AdjustMaskLayerGeometry-ceilf.patch
* chromium-105-Trap-raw_ptr.patch
* chromium-105-browser_finder-include.patch
* chromium-105-raw_ptr-noexcept.patch
- add patches
* chromium-106-ffmpeg-duration.patch
* chromium-106-AutofillPopupControllerImpl-namespace.patch
* Wed Sep 14 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 105.0.5195.127 (boo#1203419):
* CVE-2022-3195: Out of bounds write in Storage
* CVE-2022-3196: Use after free in PDF
* CVE-2022-3197: Use after free in PDF
* CVE-2022-3198: Use after free in PDF
* CVE-2022-3199: Use after free in Frames
* CVE-2022-3200: Heap buffer overflow in Internals
* CVE-2022-3201: Insufficient validation of untrusted input in DevTools
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Sep 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 105.0.5195.102 (boo#1203102):
* CVE-2022-3075: Insufficient data validation in Mojo
- Chromium 105.0.5195.52 (boo#1202964):
* CVE-2022-3038: Use after free in Network Service
* CVE-2022-3039: Use after free in WebSQL
* CVE-2022-3040: Use after free in Layout
* CVE-2022-3041: Use after free in WebSQL
* CVE-2022-3042: Use after free in PhoneHub
* CVE-2022-3043: Heap buffer overflow in Screen Capture
* CVE-2022-3044: Inappropriate implementation in Site Isolation
* CVE-2022-3045: Insufficient validation of untrusted input in V8
* CVE-2022-3046: Use after free in Browser Tag
* CVE-2022-3071: Use after free in Tab Strip
* CVE-2022-3047: Insufficient policy enforcement in Extensions API
* CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen
* CVE-2022-3049: Use after free in SplitScreen
* CVE-2022-3050: Heap buffer overflow in WebUI
* CVE-2022-3051: Heap buffer overflow in Exosphere
* CVE-2022-3052: Heap buffer overflow in Window Manager
* CVE-2022-3053: Inappropriate implementation in Pointer Lock
* CVE-2022-3054: Insufficient policy enforcement in DevTools
* CVE-2022-3055: Use after free in Passwords
* CVE-2022-3056: Insufficient policy enforcement in Content Security Policy
* CVE-2022-3057: Inappropriate implementation in iframe Sandbox
* CVE-2022-3058: Use after free in Sign-In Flow
- Added patches:
* chromium-105-AdjustMaskLayerGeometry-ceilf.patch
* chromium-105-Bitmap-include.patch
* chromium-105-browser_finder-include.patch
* chromium-105-raw_ptr-noexcept.patch
* chromium-105-Trap-raw_ptr.patch
* chromium-105-wayland-1.20.patch
* chromium-105-compiler.patch
- Removed patches:
* chromium-104-compiler.patch
* chromium-104-ContentRendererClient-type.patch
* chromium-78-protobuf-RepeatedPtrField-export.patch
* Thu Sep 01 2022 Paolo Stivanin <info@paolostivanin.com>
- Update chromium-symbolic.svg: this fixes bsc#1202403.
* Mon Aug 22 2022 Andreas Schwab <schwab@suse.de>
- Fix quoting in chrome-wrapper, don't put cwd on LD_LIBRARY_PATH
* Thu Aug 18 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 104.0.5112.101 (boo#1202509):
* CVE-2022-2852: Use after free in FedCM
* CVE-2022-2854: Use after free in SwiftShader
* CVE-2022-2855: Use after free in ANGLE
* CVE-2022-2857: Use after free in Blink
* CVE-2022-2858: Use after free in Sign-In Flow
* CVE-2022-2853: Heap buffer overflow in Downloads
* CVE-2022-2856: Insufficient validation of untrusted input in Intents
* CVE-2022-2859: Use after free in Chrome OS Shell
* CVE-2022-2860: Insufficient policy enforcement in Cookies
* CVE-2022-2861: Inappropriate implementation in Extensions API
* Tue Aug 16 2022 Callum Farmer <gmbr3@opensuse.org>
- Re-enable our version of chrome-wrapper
- Set no sandbox if root is being used (https://crbug.com/638180)
* Tue Aug 09 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 104.0.5112.79 (boo#1202075)
* CVE-2022-2603: Use after free in Omnibox
* CVE-2022-2604: Use after free in Safe Browsing
* CVE-2022-2605: Out of bounds read in Dawn
* CVE-2022-2606: Use after free in Managed devices API
* CVE-2022-2607: Use after free in Tab Strip
* CVE-2022-2608: Use after free in Overview Mode
* CVE-2022-2609: Use after free in Nearby Share
* CVE-2022-2610: Insufficient policy enforcement in Background Fetch
* CVE-2022-2611: Inappropriate implementation in Fullscreen API
* CVE-2022-2612: Side-channel information leakage in Keyboard input
* CVE-2022-2613: Use after free in Input
* CVE-2022-2614: Use after free in Sign-In Flow
* CVE-2022-2615: Insufficient policy enforcement in Cookies
* CVE-2022-2616: Inappropriate implementation in Extensions API
* CVE-2022-2617: Use after free in Extensions API
* CVE-2022-2618: Insufficient validation of untrusted input in Internals
* CVE-2022-2619: Insufficient validation of untrusted input in Settings
* CVE-2022-2620: Use after free in WebUI
* CVE-2022-2621: Use after free in Extensions
* CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing
* CVE-2022-2623: Use after free in Offline
* CVE-2022-2624: Heap buffer overflow in PDF
- Added patches:
* chromium-104-compiler.patch
* chromium-104-ContentRendererClient-type.patch
* chromium-104-tflite-system-zlib.patch
- Removed patches:
* chromium-103-SubstringSetMatcher-packed.patch
* chromium-103-FrameLoadRequest-type.patch
* chromium-103-compiler.patch
- Use FFmpeg 5.1 on TW
* Sat Jul 23 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch back to Clang so that we can use BTI on aarch64
* Gold is too old - doesn't understand BTI
* LD crashes on aarch64
- Re-enable LTO
- Prepare move to FFmpeg 5 for new channel layout
(requires 5.1+)
* Wed Jul 20 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.134 (boo#1201679):
* CVE-2022-2477 : Use after free in Guest View
* CVE-2022-2478 : Use after free in PDF
* CVE-2022-2479 : Insufficient validation of untrusted input in File
* CVE-2022-2480 : Use after free in Service Worker API
* CVE-2022-2481: Use after free in Views
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* Various fixes from internal audits, fuzzing and other initiatives
* Sat Jul 09 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.114 (boo#1201216)
* CVE-2022-2294: Heap buffer overflow in WebRTC
* CVE-2022-2295: Type Confusion in V8
* CVE-2022-2296: Use after free in Chrome OS Shell
* Thu Jul 07 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 103.0.5060.66
* no upstream release notes
* Sat Jun 25 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 103.0.5060.53 (boo#1200783)
* CVE-2022-2156: Use after free in Base
* CVE-2022-2157: Use after free in Interest groups
* CVE-2022-2158: Type Confusion in V8
* CVE-2022-2160: Insufficient policy enforcement in DevTools
* CVE-2022-2161: Use after free in WebApp Provider
* CVE-2022-2162: Insufficient policy enforcement in File System API
* CVE-2022-2163: Use after free in Cast UI and Toolbar
* CVE-2022-2164: Inappropriate implementation in Extensions API
* CVE-2022-2165: Insufficient data validation in URL formatting
- Added patches:
* chromium-103-FrameLoadRequest-type.patch
* chromium-103-SubstringSetMatcher-packed.patch
* chromium-103-VirtualCursor-std-layout.patch
* chromium-103-compiler.patch
- Removed patches:
* chromium-102-compiler.patch
* chromium-91-sql-standard-layout-type.patch
* chromium-101-libxml-unbundle.patch
* chromium-102-fenced_frame_utils-include.patch
* chromium-102-swiftshader-template-instantiation.patch
* chromium-102-symbolize-include.patch
* chromium-97-arm-tflite-cast.patch
* chromium-97-ScrollView-reference.patch
* Fri Jun 10 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 102.0.5005.115 (boo#1200423)
* CVE-2022-2007: Use after free in WebGPU
* CVE-2022-2008: Out of bounds memory access in WebGL
* CVE-2022-2010: Out of bounds read in compositing
* CVE-2022-2011: Use after free in ANGLE
* Wed Jun 08 2022 Callum Farmer <gmbr3@opensuse.org>
- Switch to GTK4 on TW and Leap 15.4+ (boo#1200139)
* Wed Jun 01 2022 Callum Farmer <gmbr3@opensuse.org>
- Disable ARM control flow integrity, it causes build issues
at the moment
- Try a different SVG (black logo on GNOME)
- Removed patches:
* chromium-third_party-symbolize-missing-include.patch
(replaced by chromium-102-symbolize-include.patch)
* Fri May 27 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 102.0.5001.61 (boo#1199893)
* CVE-2022-1853: Use after free in Indexed DB
* CVE-2022-1854: Use after free in ANGLE
* CVE-2022-1855: Use after free in Messaging
* CVE-2022-1856: Use after free in User Education
* CVE-2022-1857: Insufficient policy enforcement in File System API
* CVE-2022-1858: Out of bounds read in DevTools
* CVE-2022-1859: Use after free in Performance Manager
* CVE-2022-1860: Use after free in UI Foundations
* CVE-2022-1861: Use after free in Sharing
* CVE-2022-1862: Inappropriate implementation in Extensions
* CVE-2022-1863: Use after free in Tab Groups
* CVE-2022-1864: Use after free in WebApp Installs
* CVE-2022-1865: Use after free in Bookmarks
* CVE-2022-1866: Use after free in Tablet Mode
* CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer
* CVE-2022-1868: Inappropriate implementation in Extensions API
* CVE-2022-1869: Type Confusion in V8
* CVE-2022-1870: Use after free in App Service
* CVE-2022-1871: Insufficient policy enforcement in File System API
* CVE-2022-1872: Insufficient policy enforcement in Extensions API
* CVE-2022-1873: Insufficient policy enforcement in COOP
* CVE-2022-1874: Insufficient policy enforcement in Safe Browsing
* CVE-2022-1875: Inappropriate implementation in PDF
* CVE-2022-1876: Heap buffer overflow in DevTools
- Added patches:
* chromium-102-compiler.patch
* chromium-102-fenced_frame_utils-include.patch
* chromium-102-regex_pattern-array.patch
* chromium-102-swiftshader-template-instantiation.patch
* chromium-102-symbolize-include.patch
* ffmpeg-new-channel-layout.patch
- Removed patches:
* chromium-100-compiler.patch
* chromium-80-QuicStreamSendBuffer-deleted-move-constructor.patch
* chromium-95-quiche-include.patch
* chromium-fix-swiftshader-template.patch
* chromium-missing-include-tuple.patch
* chromium-webrtc-stats-missing-vector.patch
* chromium-101-segmentation_platform-type.patch
* Sun May 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.67
* fixes for other platforms
* Wed May 11 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 101.0.4951.64 (boo#1199409)
* CVE-2022-1633: Use after free in Sharesheet
* CVE-2022-1634: Use after free in Browser UI
* CVE-2022-1635: Use after free in Permission Prompts
* CVE-2022-1636: Use after free in Performance APIs
* CVE-2022-1637: Inappropriate implementation in Web Contents
* CVE-2022-1638: Heap buffer overflow in V8 Internationalization
* CVE-2022-1639: Use after free in ANGLE
* CVE-2022-1640: Use after free in Sharing
* CVE-2022-1641: Use after free in Web UI Diagnostics
* Wed May 04 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 101.0.4951.54 (boo#1199118)
- Chromium 101.0.4951.41 (boo#1198917)
* CVE-2022-1477: Use after free in Vulkan
* CVE-2022-1478: Use after free in SwiftShader
* CVE-2022-1479: Use after free in ANGLE
* CVE-2022-1480: Use after free in Device API
* CVE-2022-1481: Use after free in Sharing
* CVE-2022-1482: Inappropriate implementation in WebGL
* CVE-2022-1483: Heap buffer overflow in WebGPU
* CVE-2022-1484: Heap buffer overflow in Web UI Settings
* CVE-2022-1485: Use after free in File System API
* CVE-2022-1486: Type Confusion in V8
* CVE-2022-1487: Use after free in Ozone
* CVE-2022-1488: Inappropriate implementation in Extensions API
* CVE-2022-1489: Out of bounds memory access in UI Shelf
* CVE-2022-1490: Use after free in Browser Switcher
* CVE-2022-1491: Use after free in Bookmarks
* CVE-2022-1492: Insufficient data validation in Blink Editing
* CVE-2022-1493: Use after free in Dev Tools
* CVE-2022-1494: Insufficient data validation in Trusted Types
* CVE-2022-1495: Incorrect security UI in Downloads
* CVE-2022-1496: Use after free in File Manager
* CVE-2022-1497: Inappropriate implementation in Input
* CVE-2022-1498: Inappropriate implementation in HTML Parser
* CVE-2022-1499: Inappropriate implementation in WebAuthentication
* CVE-2022-1500: Insufficient data validation in Dev Tools
* CVE-2022-1501: Inappropriate implementation in iframe
- Added patches:
* chromium-101-libxml-unbundle.patch
* chromium-101-segmentation_platform-type.patch
- Removed patches:
* chromium-100-SCTHashdanceMetadata-move.patch
* chromium-100-GLImplementationParts-constexpr.patch
* chromium-100-macro-typo.patch
* Thu Apr 21 2022 Callum Farmer <gmbr3@opensuse.org>
- Fixes for go 1.18
* Fri Apr 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.127 (boo#1198509)
* CVE-2022-1364: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Tue Apr 12 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.88 (boo#1198361)
* CVE-2022-1305: Use after free in storage
* CVE-2022-1306: Inappropriate implementation in compositing
* CVE-2022-1307: Inappropriate implementation in full screen
* CVE-2022-1308: Use after free in BFCache
* CVE-2022-1309: Insufficient policy enforcement in developer tools
* CVE-2022-1310: Use after free in regular expressions
* CVE-2022-1311: Use after free in Chrome OS shell
* CVE-2022-1312: Use after free in storage
* CVE-2022-1313: Use after free in tab groups
* CVE-2022-1314: Type Confusion in V8
* Various fixes from internal audits, fuzzing and other initiatives
* Sun Apr 10 2022 Callum Farmer <gmbr3@opensuse.org>
- Patches for GCC 12:
* chromium-fix-swiftshader-template.patch
* chromium-missing-include-tuple.patch
* chromium-webrtc-stats-missing-vector.patch
* Tue Apr 05 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 100.0.4896.75:
* CVE-2022-1232: Type Confusion in V8 (boo#1198053)
* Wed Mar 30 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 100.0.4896.60 (boo#1197680)
* CVE-2022-1125: Use after free in Portals
* CVE-2022-1127: Use after free in QR Code Generator
* CVE-2022-1128: Inappropriate implementation in Web Share API
* CVE-2022-1129: Inappropriate implementation in Full Screen Mode
* CVE-2022-1130: Insufficient validation of untrusted input in WebOTP
* CVE-2022-1131: Use after free in Cast UI
* CVE-2022-1132: Inappropriate implementation in Virtual Keyboard
* CVE-2022-1133: Use after free in WebRTC
* CVE-2022-1134: Type Confusion in V8
* CVE-2022-1135: Use after free in Shopping Cart
* CVE-2022-1136: Use after free in Tab Strip
* CVE-2022-1137: Inappropriate implementation in Extensions
* CVE-2022-1138: Inappropriate implementation in Web Cursor
* CVE-2022-1139: Inappropriate implementation in Background Fetch API
* CVE-2022-1141: Use after free in File Manager
* CVE-2022-1142: Heap buffer overflow in WebUI
* CVE-2022-1143: Heap buffer overflow in WebUI
* CVE-2022-1144: Use after free in WebUI
* CVE-2022-1145: Use after free in Extensions
* CVE-2022-1146: Inappropriate implementation in Resource Timing
- Added patches:
* chromium-100-compiler.patch
* chromium-100-GLImplementationParts-constexpr.patch
* chromium-100-InMilliseconds-constexpr.patch
* chromium-100-SCTHashdanceMetadata-move.patch
* chromium-100-macro-typo.patch
- Removed patches:
* chromium-98-compiler.patch
* chromium-86-nearby-explicit.patch
* chromium-glibc-2.34.patch
* chromium-v8-missing-utility-include.patch
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* Tue Mar 29 2022 Andreas Schwab <schwab@suse.de>
- Update disk constraints
* Sat Mar 26 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 99.0.4844.84:
* CVE-2022-1096: Type Confusion in V8 (boo#1197552)
* Mon Mar 21 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 99.0.4844.82:
* Fix potential problem in Hangouts (boo#1197332)
* Wed Mar 16 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 99.0.4844.74 (boo#1197163)
* CVE-2022-0971: Use after free in Blink Layout
* CVE-2022-0972: Use after free in Extensions
* CVE-2022-0973: Use after free in Safe Browsing
* CVE-2022-0974: Use after free in Splitscreen
* CVE-2022-0975: Use after free in ANGLE
* CVE-2022-0976: Heap buffer overflow in GPU
* CVE-2022-0977: Use after free in Browser UI
* CVE-2022-0978: Use after free in ANGLE
* CVE-2022-0979: Use after free in Safe Browsing
* CVE-2022-0980: Use after free in New Tab Page
* Various fixes from internal audits, fuzzing and other initiatives
* Fri Mar 04 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 99.0.4844.51 (boo#1196641)
* CVE-2022-0789: Heap buffer overflow in ANGLE
* CVE-2022-0790: Use after free in Cast UI
* CVE-2022-0791: Use after free in Omnibox
* CVE-2022-0792: Out of bounds read in ANGLE
* CVE-2022-0793: Use after free in Views
* CVE-2022-0794: Use after free in WebShare
* CVE-2022-0795: Type Confusion in Blink Layout
* CVE-2022-0796: Use after free in Media
* CVE-2022-0797: Out of bounds memory access in Mojo
* CVE-2022-0798: Use after free in MediaStream
* CVE-2022-0799: Insufficient policy enforcement in Installer
* CVE-2022-0800: Heap buffer overflow in Cast UI
* CVE-2022-0801: Inappropriate implementation in HTML parser
* CVE-2022-0802: Inappropriate implementation in Full screen mode
* CVE-2022-0803: Inappropriate implementation in Permissions
* CVE-2022-0804: Inappropriate implementation in Full screen mode
* CVE-2022-0805: Use after free in Browser Switcher
* CVE-2022-0806: Data leak in Canvas
* CVE-2022-0807: Inappropriate implementation in Autofill
* CVE-2022-0808: Use after free in Chrome OS Shell
* CVE-2022-0809: Out of bounds memory access in WebXR
- Removed patches:
* chromium-96-EnumTable-crash.patch
* chromium-89-missing-cstring-header.patch
* chromium-95-libyuv-aarch64.patch
* chromium-95-libyuv-arm.patch
* chromium-98-MiraclePtr-gcc-ice.patch
* chromium-98-WaylandFrameManager-check.patch
- Added patches:
* chromium-97-arm-tflite-cast.patch
* chromium-98-gtk4-build.patch
* chromium-99-AutofillAssistantModelExecutor-NoDestructor.patch
* chromium-98-EnumTable-crash.patch
* chromium-third_party-symbolize-missing-include.patch
* chromium-v8-missing-utility-include.patch
* Tue Feb 15 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 98.0.4758.102 (boo#1195986)
* CVE-2022-0603: Use after free in File Manager
* CVE-2022-0604: Heap buffer overflow in Tab Groups
* CVE-2022-0605: Use after free in Webstore API
* CVE-2022-0606: Use after free in ANGLE
* CVE-2022-0607: Use after free in GPU
* CVE-2022-0608: Integer overflow in Mojo
* CVE-2022-0609: Use after free in Animation
* CVE-2022-0610: Inappropriate implementation in Gamepad API
* Various fixes from internal audits, fuzzing and other initiatives
* Thu Feb 03 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 98.0.4758.80 (boo#1195420)
* CVE-2022-0452: Use after free in Safe Browsing
* CVE-2022-0453: Use after free in Reader Mode
* CVE-2022-0454: Heap buffer overflow in ANGLE
* CVE-2022-0455: Inappropriate implementation in Full Screen Mode
* CVE-2022-0456: Use after free in Web Search
* CVE-2022-0457: Type Confusion in V8
* CVE-2022-0459: Use after free in Screen Capture
* CVE-2022-0460: Use after free in Window Dialog
* CVE-2022-0461: Policy bypass in COOP
* CVE-2022-0462: Inappropriate implementation in Scroll
* CVE-2022-0463: Use after free in Accessibility
* CVE-2022-0464: Use after free in Accessibility
* CVE-2022-0465: Use after free in Extensions
* CVE-2022-0466: Inappropriate implementation in Extensions Platform
* CVE-2022-0467: Inappropriate implementation in Pointer Lock
* CVE-2022-0468: Use after free in Payments
* CVE-2022-0469: Use after free in Cast
* CVE-2022-0470: Out of bounds memory access in V8
* Various fixes from internal audits, fuzzing and other initiatives
- drop upstreamed patches:
* chromium-97-Point-constexpr.patch
- add patches:
* chromium-98-MiraclePtr-gcc-ice.patch
* chromium-98-WaylandFrameManager-check.patch
- change chromium-97-compiler.patch to chromium-98-compiler.patch
* Fri Jan 21 2022 Andreas Stieger <andreas.stieger@gmx.de>
- Chromium 97.0.4692.99 (boo#1194919):
* CVE-2022-0289: Use after free in Safe browsing
* CVE-2022-0290: Use after free in Site isolation
* CVE-2022-0291: Inappropriate implementation in Storage
* CVE-2022-0292: Inappropriate implementation in Fenced Frames
* CVE-2022-0293: Use after free in Web packaging
* CVE-2022-0294: Inappropriate implementation in Push messaging
* CVE-2022-0295: Use after free in Omnibox
* CVE-2022-0296: Use after free in Printing
* CVE-2022-0297: Use after free in Vulkan
* CVE-2022-0298: Use after free in Scheduling
* CVE-2022-0300: Use after free in Text Input Method Editor
* CVE-2022-0301: Heap buffer overflow in DevTools
* CVE-2022-0302: Use after free in Omnibox
* CVE-2022-0303: Race in GPU Watchdog
* CVE-2022-0304: Use after free in Bookmarks
* CVE-2022-0305: Inappropriate implementation in Service Worker API
* CVE-2022-0306: Heap buffer overflow in PDFium
* CVE-2022-0307: Use after free in Optimization Guide
* CVE-2022-0308: Use after free in Data Transfer
* CVE-2022-0309: Inappropriate implementation in Autofill
* CVE-2022-0310: Heap buffer overflow in Task Manager
* CVE-2022-0311: Heap buffer overflow in Task Manager
* Various fixes from internal audits, fuzzing and other initiatives
- drop upstreamed patches:
* fix-tag-dragging-in-Mutter.patch
* fix-tag-dragging-in-KWin.patch
* Thu Jan 20 2022 Callum Farmer <gmbr3@opensuse.org>
- Revert chromium-94-ffmpeg-roll.patch on TW: fix moved to
FFmpeg
* Tue Jan 11 2022 Callum Farmer <gmbr3@opensuse.org>
- Chromium 97.0.4692.71 (boo#1194331):
* CVE-2022-0096: Use after free in Storage
* CVE-2022-0097: Inappropriate implementation in DevTools
* CVE-2022-0098: Use after free in Screen Capture
* CVE-2022-0099: Use after free in Sign-in
* CVE-2022-0100: Heap buffer overflow in Media streams API
* CVE-2022-0101: Heap buffer overflow in Bookmarks
* CVE-2022-0102: Type Confusion in V8
* CVE-2022-0103: Use after free in SwiftShader
* CVE-2022-0104: Heap buffer overflow in ANGLE
* CVE-2022-0105: Use after free in PDF
* CVE-2022-0106: Use after free in Autofill
* CVE-2022-0107: Use after free in File Manager API
* CVE-2022-0108: Inappropriate implementation in Navigation
* CVE-2022-0109: Inappropriate implementation in Autofill
* CVE-2022-0110: Incorrect security UI in Autofill
* CVE-2022-0111: Inappropriate implementation in Navigation
* CVE-2022-0112: Incorrect security UI in Browser UI
* CVE-2022-0113: Inappropriate implementation in Blink
* CVE-2022-0114: Out of bounds memory access in Web Serial
* CVE-2022-0115: Uninitialized Use in File API
* CVE-2022-0116: Inappropriate implementation in Compositing
* CVE-2022-0117: Policy bypass in Service Workers
* CVE-2022-0118: Inappropriate implementation in WebShare
* CVE-2022-0120: Inappropriate implementation in Passwords
- Removed patches:
* chromium-96-CommandLine-include.patch
* chromium-96-RestrictedCookieManager-tuple.patch
* chromium-96-DrmRenderNodePathFinder-include.patch
* chromium-96-CouponDB-include.patch
* chromium-96-freetype-unbundle.patch
* chromium-96-compiler.patch
* chromium-vaapi.patch
* chromium-86-nearby-include.patch
- Added patches:
* chromium-97-compiler.patch
* chromium-97-Point-constexpr.patch
* chromium-97-ScrollView-reference.patch
* chromium-95-libyuv-arm.patch
* fix-tag-dragging-in-KWin.patch
* fix-tag-dragging-in-Mutter.patch
/usr/bin/chromedriver /usr/lib64/chromium/chromedriver /usr/share/licenses/chromedriver /usr/share/licenses/chromedriver/LICENSE
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Oct 23 23:06:42 2025