openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of chromium

Dominique Leuenberger (dimstar_suse) accepted request 826031 from

Martin Pluskal (pluskalm) almost 4 years ago (revision 262)

Dominique Leuenberger (dimstar_suse) accepted request 821455 from

Tomáš Chvátal (scarabeus_iv) almost 4 years ago (revision 261)

- Try to fix non-wayland build for Leap builds

- Update to 84.0.4147.89 bsc#1174189:
  * Critical CVE-2020-6510: Heap buffer overflow in background fetch. 
  * High CVE-2020-6511: Side-channel information leakage in content security policy. 
  * High CVE-2020-6512: Type Confusion in V8. 
  * High CVE-2020-6513: Heap buffer overflow in PDFium. 
  * High CVE-2020-6514: Inappropriate implementation in WebRTC. 
  * High CVE-2020-6515: Use after free in tab strip. 
  * High CVE-2020-6516: Policy bypass in CORS. 
  * High CVE-2020-6517: Heap buffer overflow in history. 
  * Medium CVE-2020-6518: Use after free in developer tools. 
  * Medium CVE-2020-6519: Policy bypass in CSP. 
  * Medium CVE-2020-6520: Heap buffer overflow in Skia. 
  * Medium CVE-2020-6521: Side-channel information leakage in autofill.
  * Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. 
  * Medium CVE-2020-6523: Out of bounds write in Skia. 
  * Medium CVE-2020-6524: Heap buffer overflow in WebAudio. 
  * Medium CVE-2020-6525: Heap buffer overflow in Skia. 
  * Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. 
  * Low CVE-2020-6527: Insufficient policy enforcement in CSP. 
  * Low CVE-2020-6528: Incorrect security UI in basic auth. 
  * Low CVE-2020-6529: Inappropriate implementation in WebRTC. 
  * Low CVE-2020-6530: Out of bounds memory access in developer tools. 
  * Low CVE-2020-6531: Side-channel information leakage in scroll to text. 
  * Low CVE-2020-6533: Type Confusion in V8. 
  * Low CVE-2020-6534: Heap buffer overflow in WebRTC. 
  * Low CVE-2020-6535: Insufficient data validation in WebUI. 
  * Low CVE-2020-6536: Incorrect security UI in PWAs.
- Use bundled xcb-proto as we need to generate py2 bindings

Dominique Leuenberger (dimstar_suse) accepted request 817775 from

Tomáš Chvátal (scarabeus_iv) almost 4 years ago (revision 260)

Dominique Leuenberger (dimstar_suse) accepted request 816970 from

Tomáš Chvátal (scarabeus_iv) almost 4 years ago (revision 259)

- Disable the LTO again as it still OOMs quite often

- Add patch to work with new ffmpeg wrt bsc#1173292:
  * chromium-84-mediaalloc.patch

- Add multimedia fix for disabled location and also try one
  additional patch from Debian on the same issue bsc#1173107
  Update patch:
  * no-location-leap151.patch

- Add patch from Fedora to avoid attribute overrides in skia:
  * chromium-83.0.4103.97-skia-gcc-no_sanitize-fixes.patch

- Add patch to hopefully fix bsc#1173107:
  * chromium-dev-shm.patch

- Update to 83.0.4103.116 bsc#1173251:
  * CVE-2020-6509: Use after free in extensions

- Reduce constraints to say 20 GB disk space is enough

- Disable wayland integration on 15.x bsc#1173187 bsc#1173188
  bsc#1173254

- Enforce to not use system borders bsc#1173063

- Update to 83.0.4103.106 bsc#1173029:
  * CVE-2020-6505: Use after free in speech
  * CVE-2020-6506: Insufficient policy enforcement in WebView
  * CVE-2020-6507: Out of bounds write in V8

Dominique Leuenberger (dimstar_suse) accepted request 811311 from

Tomáš Chvátal (scarabeus_iv) almost 4 years ago (revision 258)

up

Yuchen Lin (maxlin_factory) accepted request 808194 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 257)

- Add patch to fix building with new re2:
  * chromium-81-re2-0.2020.05.01.patch

- Update _constraints to avoid very slow builds seen on obs-arm-4
  (probably due to swap)

- Update to 83.0.4103.61 bsc#1171910:
  * CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21
  * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26
  * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06
  * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30
  * CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02
  * CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30
  * CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08
  * CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25
  * CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06
  * CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07
  * CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31
  * CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18
  * CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26
  * CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24
  * CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14
  * CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21
  * CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07
  * CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17
  * CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23
  * CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26
  * CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30
  * CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24
  * CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06

Dominique Leuenberger (dimstar_suse) accepted request 800599 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 256)

- update to 81.0.4044.138 bsc#1171247:
  * CVE-2020-6831: Stack buffer overflow in SCTP
  * CVE-2020-6464: Type Confusion in Blink.

- Add icu-v67.patch from upstream to fix build with icu v67

Dominique Leuenberger (dimstar_suse) accepted request 798898 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 255)

- update to 81.0.4044.129 (boo#1170707):
  * CVE-2020-0561: Use after free in storage
  * CVE-2020-6462: Use after free in task scheduling (forwarded request 798873 from AndreasStieger)

Dominique Leuenberger (dimstar_suse) accepted request 796194 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 254)

Dominique Leuenberger (dimstar_suse) accepted request 794067 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 253)

- Try to use system version of xdg-utils

Dominique Leuenberger (dimstar_suse) accepted request 792388 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 252)

- Update to 81.0.4044.92 bsc#1168911:
  * CVE-2020-6454: Use after free in extensions
  * CVE-2020-6423: Use after free in audio
  * CVE-2020-6455: Out of bounds read in WebSQL
  * CVE-2020-6430: Type Confusion in V8
  * CVE-2020-6456: Insufficient validation of untrusted input in clipboard
  * CVE-2020-6431: Insufficient policy enforcement in full screen
  * CVE-2020-6432: Insufficient policy enforcement in navigations
  * CVE-2020-6433: Insufficient policy enforcement in extensions
  * CVE-2020-6434: Use after free in devtools
  * CVE-2020-6435: Insufficient policy enforcement in extensions
  * CVE-2020-6436: Use after free in window management
  * CVE-2020-6437: Inappropriate implementation in WebView
  * CVE-2020-6438: Insufficient policy enforcement in extensions
  * CVE-2020-6439: Insufficient policy enforcement in navigations
  * CVE-2020-6440: Inappropriate implementation in extensions
  * CVE-2020-6441: Insufficient policy enforcement in omnibox
  * CVE-2020-6442: Inappropriate implementation in cache
  * CVE-2020-6443: Insufficient data validation in developer tools
  * CVE-2020-6444: Uninitialized Use in WebRTC
  * CVE-2020-6445: Insufficient policy enforcement in trusted types
  * CVE-2020-6446: Insufficient policy enforcement in trusted types
  * CVE-2020-6447: Inappropriate implementation in developer tools
  * CVE-2020-6448: Use after free in V8
- Add new patches:
  * chromium-81-gcc-constexpr.patch
  * chromium-81-gcc-noexcept.patch
  * fix-vaapi-with-glx.patch
- Remove no longer needed patches:
  * chromium-80-gcc-abstract.patch

Dominique Leuenberger (dimstar_suse) accepted request 790832 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 251)

- Update to 80.0.3987.162 bsc#1168421:
  * CVE-2020-6450: Use after free in WebAudio.
  * CVE-2020-6451: Use after free in WebAudio.
  * CVE-2020-6452: Heap buffer overflow in media.

- Rebase build-with-pipewire-0.3.patch in order to fix
  patch collision.

- Add chromium-missing-cstdint-header.patch,
  chromium-missing-cstring-header.patch,
  chromium-missing-cstring-header2.patch and
  chromium-missing-cstddef-header.patch in order to fix boo#1167465.

- Use a symbolic icon for GNOME

Dominique Leuenberger (dimstar_suse) accepted request 788109 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 250)

- Add patch to allow building with pipewire 0.3:
  * build-with-pipewire-0.3.patch
- Use pipewire in Leap 15.2

Dominique Leuenberger (dimstar_suse) accepted request 786439 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 249)

- Update to 80.0.3987.149:
  * High CVE-2020-6422: Use after free in WebGL. 
  * High CVE-2020-6424: Use after free in media. 
  * High CVE-2020-6425: Insufficient policy enforcement in extensions. 
  * High CVE-2020-6426: Inappropriate implementation in V8. 
  * High CVE-2020-6427: Use after free in audio. 
  * High CVE-2020-6428: Use after free in audio. 
  * High CVE-2020-6429: Use after free in audio. 
  * High CVE-2019-20503: Out of bounds read in usersctplib.
  * High CVE-2020-6449: Use after free in audio. 
  * Various fixes from internal audits, fuzzing and other initiatives

Dominique Leuenberger (dimstar_suse) accepted request 784928 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 248)

- Do not pull in python deps except interpreter, the bundles
  are patched anwyays

Dominique Leuenberger (dimstar_suse) accepted request 781924 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 247)

- Update to 80.0.3987.132 bsc#1165826:
  * CVE-2020-6420: Insufficient policy enforcement in media.
  * Various fixes from internal audits, fuzzing and other initiatives [2].

- Add patch trying to fix pulse audio issues with webrtc:
  * webrtc-pulse.patch

Dominique Leuenberger (dimstar_suse) accepted request 779107 from

Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 246)

- Update to 80.0.3987.122 bsc#1164828:
  * CVE-2020-6418: Type confusion in V8
  * CVE-2020-6407: Out of bounds memory access in streams. 
  * Integer overflow in ICU

Dominique Leuenberger (dimstar_suse) accepted request 777696 from

Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 245)

- Add chromedriver binary to bindir

- Drop sandbox binary as it should not be needed really bsc#1163588
- Remove unused patch:
  * chromium-sandbox-pie.patch

Oliver Kurz (okurz-factory) accepted request 773714 from

Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 244)

- Update to 80.0.3987.100 bsc#1163484:
  * feature fixes only

- Update to 80.0.3987.87 bsc#1162833:
  * CVE-2020-6381: Integer overflow in JavaScript
  * CVE-2020-6382: Type Confusion in JavaScript
  * CVE-2019-18197: Multiple vulnerabilities in XML
  * CVE-2019-19926: Inappropriate implementation in SQLite
  * CVE-2020-6385: Insufficient policy enforcement in storage
  * CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite
  * CVE-2020-6387: Out of bounds write in WebRTC
  * CVE-2020-6388: Out of bounds memory access in WebAudio
  * CVE-2020-6389: Out of bounds write in WebRTC
  * CVE-2020-6390: Out of bounds memory access in streams
  * CVE-2020-6391: Insufficient validation of untrusted input in Blink
  * CVE-2020-6392: Insufficient policy enforcement in extensions
  * CVE-2020-6393: Insufficient policy enforcement in Blink
  * CVE-2020-6394: Insufficient policy enforcement in Blink
  * CVE-2020-6395: Out of bounds read in JavaScript
  * CVE-2020-6396: Inappropriate implementation in Skia
  * CVE-2020-6397: Incorrect security UI in sharing
  * CVE-2020-6398: Uninitialized use in PDFium
  * CVE-2020-6399: Insufficient policy enforcement in AppCache
  * CVE-2020-6400: Inappropriate implementation in CORS
  * CVE-2020-6401: Insufficient validation of untrusted input in Omnibox
  * CVE-2020-6402: Insufficient policy enforcement in downloads
  * CVE-2020-6403: Incorrect security UI in Omnibox
  * CVE-2020-6404: Inappropriate implementation in Blink
  * CVE-2020-6405: Out of bounds read in SQLite
  * CVE-2020-6406: Use after free in audio

Dominique Leuenberger (dimstar_suse) accepted request 765585 from

Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 243)

Displaying revisions 161 - 180 of 422

Places

Revisions of chromium

Places