- New upstream release 22.3.23
  * Security fixes for V8 (CVE-2023-4427) and CSS (CVE-2023-4428)

• Files Changed
• Browse Source

- New upstream release 22.3.22
  * Fixed decorations for tiled windows on Wayland.
  * Security fixes for V8 (CVE-2023-4355, CVE-2023-4352), Skia (CVE-2023-4354), ANGLE (CVE-2023-4353), and Network (CVE-2023-4351)
- Clean up third_party/… in tarball.
  * drop chromium-99-pdfium-system-libtiff.patch which is dead code

• Files Changed
• Browse Source

- New upstream release 22.3.21
  * Fixed unnecessary package.json check on built-in modules. 
- Disabled video hardware acceleration (vaapi) and use system libvpx everywhere.
  This is not a web browser where users regularly watch 4K videos,
  and i think the need to vendor dependencies and increased buildtime is not worth it.
- Use system dav1d and libjxl on Leap 15.5 as they're available now.
- Fix unreasolvabe build and use llhttp 8 on Fedora 37.

• Files Changed
• Browse Source

- New upstream release 22.3.20
  * Security fixes for ipcz (CVE-2023-3732) and WebRTC (CVE-2023-3728).

• Files Changed
• Browse Source

- Add backported re2-11-StringPiece.patch to fix FTBFS.

• Files Changed
• Browse Source

fix changelog typo patch name

• Files Changed
• Browse Source

- New upstream release 22.3.17
  * Security fixes: CVE-2023-3422, CVE-2023-3421, CVE-2023-3420.
- Add fileutil-python3.12-imp.patch and Partial-migration-from-imp-to-importlib.patch to fix ftbfs on Rawhide

• Files Changed
• Browse Source

- New upstream release 22.3.14
  * Security fixes for WebRTC: CVE-2023-3215, CVE-2023-0698, CVE-2023-0932
  * Security fix for V8: CVE-2023-3216

• Files Changed
• Browse Source

- New upstream release 22.3.13
  * Security fixes: CVE-2023-3079, CVE-2023-2724, CVE-2023-2723,
    CVE-2023-2725, CVE-2023-2721, CVE-2023-2936, CVE-2023-2935,
    CVE-2023-2930

• Files Changed
• Browse Source

- New upstream release 22.3.11
  * Fix ScopedObservation use after free in BubbleDialogDelegate::AnchorWidgetObserver
- Re-enable use of flat_map in ANGLE.

• Files Changed
• Browse Source

- New upstream release 22.3.9
  * Fixed drag-and-drop crash on Wayland
- Correct bogus export of private symbols from chrome_crashpad_handler executable
  * add another section and note to chromium-102-compiler.patch
  * add rdynamic.patch

• Files Changed
• Browse Source

- New upstream release 22.3.8
  * Fixed crash when executing eval in the utility process.
- Drop ‘Revert-e2c4acd-apply-csp-correctly-when-contextIsolation-false.patch’ due to proper upstream fix in this release.

• Files Changed
• Browse Source

- Fix unresolvable build on Fedora 38 

• Files Changed
• Browse Source

- New upstream release 22.3.7
  * Fixed an issue which made defaultFontFamily in webPreferences have no effect
  * Fixed broken defaults in shell.openExternal() options.
  * v8: Make Error.captureStackTrace() a no-op for global object (CVE-2023-2033)
  * Blink: Use ScriptState::Scope instead of setting HandleScope. (CVE-2023-2133)
  * Blink: Stop supporting { handleEvent }. (CVE-2023-2134)
  * Dev tools: Retain DevToolsAgentHost after ForceDetachAllSessions() (CVE-2023-2135)
  * Skia: Enforce program stack limits on function parameters (CVE-2023-2136)

• Files Changed
• Browse Source

- Disable thread_annotations-fix-build-with-system-abseil.patch on Tumbleweed to fix FTBFS with Abseil 20230125.

• Files Changed
• Browse Source

- Add Revert-e2c4acd-apply-csp-correctly-when-contextIsolation-false.patch
  * revert changes causing crash of VSCode: https://github.com/microsoft/vscode/pull/179991

• Files Changed
• Browse Source

- New upstream release 22.3.6
  * Fixed an issue with Content-Security-Policy not being correctly enforced when sandbox: false and contextIsolation: false. (CVE-2023-23623)
  * Fixed a memory leak in v8.serialize() when running Node.js within Electron. 
  * Viz: Add CHECKs in HostFrameSinkManager (CVE-2023-1810)
  * Blink: Move the edit commands to an on stack variable (CVE-2023-1811)
- Fix download tarball script wrongly setting GPU_LISTS_VERSION to zero
- Change 647d3d2.patch to fix FTBFS on aarch64 Fedora
- Fix unresolvable build on Fedora 37

• Files Changed
• Browse Source

- Add upstream patches to fix build on aarch64:
  * d0aa9ad.patch
  * 647d3d2.patch

• Files Changed
• Browse Source

- New upstream release 22.3.5
  * Fixed an issue where calling port.postMessage in MessagePortMain with some invalid parameters could cause a crash.
  * Fixed canceling of bluetooth requests when no devices are returned.
  * webcodecs: Fix VP9 p2 encoding of NV12 frames
  * Fix crash in AnnotationAgentImpl
  * v8: Fix map transition chain following w/ dictionary maps (CVE-2023-1214)
  * Shutdown RtpContributingSourceCache in Dispose() (CVE-2023-1218)
  * Prevent potential integer overflow in PersistentMemoryAllocator (CVE-2023-1219)
  * hid: Handle empty input reports (CVE-2023-1529)
  * Improve checks for VideoFrame layouts (CVE-2023-1532)
  * Disable glShaderBinary in the passthrough cmd decoder (CVE-2023-1534)
- Fix build error with absl_core_headers 2023xxxx.

• Files Changed
• Browse Source

- New upstream release 22.3.4
  * Improved error messages on session.cookies.set failure.
  * Vulkan: Don't close render pass if rebind to same fbo (CVE-2023-1213)
  * CSS: In Typed CSSOM, reject adding to something that is not a list. (CVE-2023-1215)
  * Fix potential out of bounds write in base::SampleVectorBase (CVE-2023-1220)
- Add services-network-optional-explicit-constructor.patch

• Files Changed
• Browse Source