Revisions of chromium
1
- Version update to 60.0.3112.101: * various usability bugfixes
- Version update to 60.0.3112.90: * Various usability bugfixes
- Version update to 60.0.3112.78 bsc#1050537: * CVE-2017-5091: Use after free in IndexedDB * CVE-2017-5092: Use after free in PPAPI * CVE-2017-5093: UI spoofing in Blink * CVE-2017-5094: Type confusion in extensions * CVE-2017-5095: Out-of-bounds write in PDFium * CVE-2017-5096: User information leak via Android intents * CVE-2017-5097: Out-of-bounds read in Skia * CVE-2017-5098: Use after free in V8 * CVE-2017-5099: Out-of-bounds write in PPAPI * CVE-2017-5100: Use after free in Chrome Apps * CVE-2017-5101: URL spoofing in OmniBox * CVE-2017-5102: Uninitialized use in Skia * CVE-2017-5103: Uninitialized use in Skia * CVE-2017-5104: UI spoofing in browser * CVE-2017-7000: Pointer disclosure in SQLite * CVE-2017-5105: URL spoofing in OmniBox * CVE-2017-5106: URL spoofing in OmniBox * CVE-2017-5107: User information leak via SVG * CVE-2017-5108: Type confusion in PDFium * CVE-2017-5109: UI spoofing in browser * CVE-2017-5110: UI spoofing in payments dialog * Various fixes from internal audits, fuzzing and other initiatives - Add patch chromium-override.patch - Remove patches chromium-fpermissive.patch chromium-system-ffmpeg-r3.patch - Rebase patches: * chromium-dma-buf.patch * chromium-gcc7.patch * chromium-last-commit-position-r0.patch * fix-gn-bootstrap.diff
1
1
Automatic submission by obs-autosubmit
- Update to 59.0.3071.86 bsc#1042833: * CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun(@S0rryMybad) of Qihoo 360 Vulcan Team on 2017-05-16 * CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han on 2017-04-26 * CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-04-07 * CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani on 2017-04-28 * CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous on 2017-03-09 * CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot on 2017-01-05 * CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora on 2017-05-16 * CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb on 2017-05-06 * CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip on 2017-04-28 * CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno on 2017-04-12 * CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-20 * CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani on 2017-04-05 * CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev (@L1kvID) Yandex Security Team on 2016-12-07 * CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research on 2017-05-11 * CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani on 2017-04-24 * CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng of Tencent security platform department on 2017-02-15 - Add patch to fix build with system dma: * chromium-dma-buf.patch - Drop no longer needed patches: * chromium-linker-memory.patch * chromium-system-jinja-r13.patch - Refresh patches: * chromium-gcc7.patch * chromium-system-ffmpeg-r3.patch * fix-gn-bootstrap.diff - Use bundled libxml * Upstream unfortunately uses git snapshot that is not api/abi compatible - Add patch to build with gcc7:
- Version update to 58.0.3029.110: * Various small bugfixes
- Version update to 58.0.3029.96: * Fixes bsc#1037594 CVE-2017-5068
- Use bundled jinja2, system one changed in 2.9 too much to work * It is at least used only during build - Version update to 58.0.3029.81 bsc#1035103: * High CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong of Alpha Team, Qihoo 360 * High CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani * High CVE-2017-5059: Type confusion in Blink. Credit to SkyLined working with Trend Micro's Zero Day Initiative * Medium CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng * Medium CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang (@gnehsoah) * Medium CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous * Medium CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip * Medium CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar * Medium CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani * Medium CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu * Medium CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani * Low CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman - Refresh patch fix-gn-bootstrap.diff - Refresh patch chromium-system-jinja-r13.patch - Remove obsolete patch chromium-57-gcc4.patch
- Version update to 57.0.2987.133 bsc#1031677: * Critical CVE-2017-5055: Use after free in printing. Credit to Wadih Matar * High CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar of Zimperium zLabs * High CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin * High CVE-2017-5056: Use after free in Blink. Credit to anonymous * High CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper (Keen Lab and PC Mgr) reported through ZDI (ZDI-CAN-4587) - Drop the browser(npapi) provide which is not true - Add patch to build with gcc4 * chromium-57-gcc4.patch
- Do not use gcc5 and newer as the compat was fixed again - Update to 57.0.2987.110 with various other small tweaks
- Version update to 57.0.2987.98 bsc#1028848: CVE-2017-5030 CVE-2017-5031 CVE-2017-5032 CVE-2017-5029 CVE-2017-5034 CVE-2017-5035 CVE-2017-5036 CVE-2017-5037 CVE-2017-5039 CVE-2017-5040 CVE-2017-5041 CVE-2017-5033 CVE-2017-5042 CVE-2017-5038 CVE-2017-5043 CVE-2017-5044 CVE-2017-5045 CVE-2017-5046 - Refresh patches * fix-gn-bootstrap.diff * chromium-linker-memory.patch - Remove obsolete patches: * chromium-sandbox.patch * chromium-54-ffmpeg2compat.patch - Remove vaapi patch which broke rendering on non-intel cards: * chromium-enable-vaapi-on-suse.patch - From this release onwards i586 build is disabled
Automatic submission by obs-autosubmit
- Version update to 56.0.2924.87: * Various small fixes * Disabled option to enable/disable plugins in the chrome://plugins
1
- Version update to 56.0.2924.76: - CVE-2017-5007: Universal XSS in Blink - CVE-2017-5006: Universal XSS in Blink - CVE-2017-5008: Universal XSS in Blink - CVE-2017-5010: Universal XSS in Blink - CVE-2017-5011: Unauthorised file access in Devtools - CVE-2017-5009: Out of bounds memory access in WebRTC - CVE-2017-5012: Heap overflow in V8 - CVE-2017-5013: Address spoofing in Omnibox - CVE-2017-5014: Heap overflow in Skia - CVE-2017-5015: Address spoofing in Omnibox - CVE-2017-5019: Use after free in Renderer - CVE-2017-5016: UI spoofing in Blink - CVE-2017-5017: Uninitialised memory access in webm video - CVE-2017-5018: Universal XSS in chrome://apps - CVE-2017-5020: Universal XSS in chrome://downloads - CVE-2017-5021: Use after free in Extensions - CVE-2017-5022: Bypass of Content Security Policy in Blink - CVE-2017-5023: Type confusion in metrics - CVE-2017-5024: Heap overflow in FFmpeg - CVE-2017-5025: Heap overflow in FFmpeg - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing - Add conditional to switch between system and bundled icu - Raise dependency on harfbuzz to 1.3.1 - Also refresh patches: chromium-prop-codecs.patch chromium-linker-memory.patch - Added patch chromium-enable-vaapi-on-suse.patch to enable VAAPI hardware accelerated video decoding.
1
- Obsolete ffmpeg and ffmpegsumo package in addition to conflict - Remove bookmarks override as discussed with artwork simply just set homepage to our openSUSE one and that is all
Displaying revisions 261 - 280 of 423