Revisions of chromium
Dominique Leuenberger (dimstar_suse)
accepted
request 826031
from
Martin Pluskal (pluskalm)
(revision 262)
Dominique Leuenberger (dimstar_suse)
accepted
request 821455
from
Tomáš Chvátal (scarabeus_iv)
(revision 261)
- Try to fix non-wayland build for Leap builds - Update to 84.0.4147.89 bsc#1174189: * Critical CVE-2020-6510: Heap buffer overflow in background fetch. * High CVE-2020-6511: Side-channel information leakage in content security policy. * High CVE-2020-6512: Type Confusion in V8. * High CVE-2020-6513: Heap buffer overflow in PDFium. * High CVE-2020-6514: Inappropriate implementation in WebRTC. * High CVE-2020-6515: Use after free in tab strip. * High CVE-2020-6516: Policy bypass in CORS. * High CVE-2020-6517: Heap buffer overflow in history. * Medium CVE-2020-6518: Use after free in developer tools. * Medium CVE-2020-6519: Policy bypass in CSP. * Medium CVE-2020-6520: Heap buffer overflow in Skia. * Medium CVE-2020-6521: Side-channel information leakage in autofill. * Medium CVE-2020-6522: Inappropriate implementation in external protocol handlers. * Medium CVE-2020-6523: Out of bounds write in Skia. * Medium CVE-2020-6524: Heap buffer overflow in WebAudio. * Medium CVE-2020-6525: Heap buffer overflow in Skia. * Low CVE-2020-6526: Inappropriate implementation in iframe sandbox. * Low CVE-2020-6527: Insufficient policy enforcement in CSP. * Low CVE-2020-6528: Incorrect security UI in basic auth. * Low CVE-2020-6529: Inappropriate implementation in WebRTC. * Low CVE-2020-6530: Out of bounds memory access in developer tools. * Low CVE-2020-6531: Side-channel information leakage in scroll to text. * Low CVE-2020-6533: Type Confusion in V8. * Low CVE-2020-6534: Heap buffer overflow in WebRTC. * Low CVE-2020-6535: Insufficient data validation in WebUI. * Low CVE-2020-6536: Incorrect security UI in PWAs. - Use bundled xcb-proto as we need to generate py2 bindings
Dominique Leuenberger (dimstar_suse)
accepted
request 817775
from
Tomáš Chvátal (scarabeus_iv)
(revision 260)
Dominique Leuenberger (dimstar_suse)
accepted
request 816970
from
Tomáš Chvátal (scarabeus_iv)
(revision 259)
- Disable the LTO again as it still OOMs quite often - Add patch to work with new ffmpeg wrt bsc#1173292: * chromium-84-mediaalloc.patch - Add multimedia fix for disabled location and also try one additional patch from Debian on the same issue bsc#1173107 Update patch: * no-location-leap151.patch - Add patch from Fedora to avoid attribute overrides in skia: * chromium-83.0.4103.97-skia-gcc-no_sanitize-fixes.patch - Add patch to hopefully fix bsc#1173107: * chromium-dev-shm.patch - Update to 83.0.4103.116 bsc#1173251: * CVE-2020-6509: Use after free in extensions - Reduce constraints to say 20 GB disk space is enough - Disable wayland integration on 15.x bsc#1173187 bsc#1173188 bsc#1173254 - Enforce to not use system borders bsc#1173063 - Update to 83.0.4103.106 bsc#1173029: * CVE-2020-6505: Use after free in speech * CVE-2020-6506: Insufficient policy enforcement in WebView * CVE-2020-6507: Out of bounds write in V8
Dominique Leuenberger (dimstar_suse)
accepted
request 811311
from
Tomáš Chvátal (scarabeus_iv)
(revision 258)
up
Yuchen Lin (maxlin_factory)
accepted
request 808194
from
Tomáš Chvátal (scarabeus_iv)
(revision 257)
- Add patch to fix building with new re2: * chromium-81-re2-0.2020.05.01.patch - Update _constraints to avoid very slow builds seen on obs-arm-4 (probably due to swap) - Update to 83.0.4103.61 bsc#1171910: * CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh(@pwn_expoit) of STEALIEN on 2020-04-21 * CVE-2020-6466: Use after free in media. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-04-26 * CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song on 2020-04-06 * CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina of Seaside Security, Chani Jindal of Shellphish on 2020-04-30 * CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-04-02 * CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski of Securitum on 2020-03-30 * CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-08 * CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-03-25 * CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia on 2020-02-06 * CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin from cdsrc of Qihoo 360 on 2020-03-07 * CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani on 2019-10-31 * CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne on 2019-12-18 * CVE-2020-6477: Inappropriate implementation in installer. Reported by RACK911 Labs on 2019-03-26 * CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani on 2019-12-24 * CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen of andsecurity.cn on 2020-01-14 * CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt on 2020-02-21 * CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora on 2020-04-07 * CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi (@qab) on 2017-12-17 * CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-05-23 * CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko on 2020-01-26 * CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov of Google Project Zero on 2020-01-30 * CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg on 2020-02-24 * CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu (@shhnjk) on 2015-10-06
Dominique Leuenberger (dimstar_suse)
accepted
request 800599
from
Tomáš Chvátal (scarabeus_iv)
(revision 256)
- update to 81.0.4044.138 bsc#1171247: * CVE-2020-6831: Stack buffer overflow in SCTP * CVE-2020-6464: Type Confusion in Blink. - Add icu-v67.patch from upstream to fix build with icu v67
Dominique Leuenberger (dimstar_suse)
accepted
request 798898
from
Tomáš Chvátal (scarabeus_iv)
(revision 255)
- update to 81.0.4044.129 (boo#1170707): * CVE-2020-0561: Use after free in storage * CVE-2020-6462: Use after free in task scheduling (forwarded request 798873 from AndreasStieger)
Dominique Leuenberger (dimstar_suse)
accepted
request 796194
from
Tomáš Chvátal (scarabeus_iv)
(revision 254)
Dominique Leuenberger (dimstar_suse)
accepted
request 794067
from
Tomáš Chvátal (scarabeus_iv)
(revision 253)
- Try to use system version of xdg-utils
Dominique Leuenberger (dimstar_suse)
accepted
request 792388
from
Tomáš Chvátal (scarabeus_iv)
(revision 252)
- Update to 81.0.4044.92 bsc#1168911: * CVE-2020-6454: Use after free in extensions * CVE-2020-6423: Use after free in audio * CVE-2020-6455: Out of bounds read in WebSQL * CVE-2020-6430: Type Confusion in V8 * CVE-2020-6456: Insufficient validation of untrusted input in clipboard * CVE-2020-6431: Insufficient policy enforcement in full screen * CVE-2020-6432: Insufficient policy enforcement in navigations * CVE-2020-6433: Insufficient policy enforcement in extensions * CVE-2020-6434: Use after free in devtools * CVE-2020-6435: Insufficient policy enforcement in extensions * CVE-2020-6436: Use after free in window management * CVE-2020-6437: Inappropriate implementation in WebView * CVE-2020-6438: Insufficient policy enforcement in extensions * CVE-2020-6439: Insufficient policy enforcement in navigations * CVE-2020-6440: Inappropriate implementation in extensions * CVE-2020-6441: Insufficient policy enforcement in omnibox * CVE-2020-6442: Inappropriate implementation in cache * CVE-2020-6443: Insufficient data validation in developer tools * CVE-2020-6444: Uninitialized Use in WebRTC * CVE-2020-6445: Insufficient policy enforcement in trusted types * CVE-2020-6446: Insufficient policy enforcement in trusted types * CVE-2020-6447: Inappropriate implementation in developer tools * CVE-2020-6448: Use after free in V8 - Add new patches: * chromium-81-gcc-constexpr.patch * chromium-81-gcc-noexcept.patch * fix-vaapi-with-glx.patch - Remove no longer needed patches: * chromium-80-gcc-abstract.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 790832
from
Tomáš Chvátal (scarabeus_iv)
(revision 251)
- Update to 80.0.3987.162 bsc#1168421: * CVE-2020-6450: Use after free in WebAudio. * CVE-2020-6451: Use after free in WebAudio. * CVE-2020-6452: Heap buffer overflow in media. - Rebase build-with-pipewire-0.3.patch in order to fix patch collision. - Add chromium-missing-cstdint-header.patch, chromium-missing-cstring-header.patch, chromium-missing-cstring-header2.patch and chromium-missing-cstddef-header.patch in order to fix boo#1167465. - Use a symbolic icon for GNOME
Dominique Leuenberger (dimstar_suse)
accepted
request 788109
from
Tomáš Chvátal (scarabeus_iv)
(revision 250)
- Add patch to allow building with pipewire 0.3: * build-with-pipewire-0.3.patch - Use pipewire in Leap 15.2
Dominique Leuenberger (dimstar_suse)
accepted
request 786439
from
Tomáš Chvátal (scarabeus_iv)
(revision 249)
- Update to 80.0.3987.149: * High CVE-2020-6422: Use after free in WebGL. * High CVE-2020-6424: Use after free in media. * High CVE-2020-6425: Insufficient policy enforcement in extensions. * High CVE-2020-6426: Inappropriate implementation in V8. * High CVE-2020-6427: Use after free in audio. * High CVE-2020-6428: Use after free in audio. * High CVE-2020-6429: Use after free in audio. * High CVE-2019-20503: Out of bounds read in usersctplib. * High CVE-2020-6449: Use after free in audio. * Various fixes from internal audits, fuzzing and other initiatives
Dominique Leuenberger (dimstar_suse)
accepted
request 784928
from
Tomáš Chvátal (scarabeus_iv)
(revision 248)
- Do not pull in python deps except interpreter, the bundles are patched anwyays
Dominique Leuenberger (dimstar_suse)
accepted
request 781924
from
Tomáš Chvátal (scarabeus_iv)
(revision 247)
- Update to 80.0.3987.132 bsc#1165826: * CVE-2020-6420: Insufficient policy enforcement in media. * Various fixes from internal audits, fuzzing and other initiatives [2]. - Add patch trying to fix pulse audio issues with webrtc: * webrtc-pulse.patch
Dominique Leuenberger (dimstar_suse)
accepted
request 779107
from
Tomáš Chvátal (scarabeus_iv)
(revision 246)
- Update to 80.0.3987.122 bsc#1164828: * CVE-2020-6418: Type confusion in V8 * CVE-2020-6407: Out of bounds memory access in streams. * Integer overflow in ICU
Dominique Leuenberger (dimstar_suse)
accepted
request 777696
from
Tomáš Chvátal (scarabeus_iv)
(revision 245)
- Add chromedriver binary to bindir - Drop sandbox binary as it should not be needed really bsc#1163588 - Remove unused patch: * chromium-sandbox-pie.patch
Oliver Kurz (okurz-factory)
accepted
request 773714
from
Tomáš Chvátal (scarabeus_iv)
(revision 244)
- Update to 80.0.3987.100 bsc#1163484: * feature fixes only - Update to 80.0.3987.87 bsc#1162833: * CVE-2020-6381: Integer overflow in JavaScript * CVE-2020-6382: Type Confusion in JavaScript * CVE-2019-18197: Multiple vulnerabilities in XML * CVE-2019-19926: Inappropriate implementation in SQLite * CVE-2020-6385: Insufficient policy enforcement in storage * CVE-2019-19880, CVE-2019-19925: Multiple vulnerabilities in SQLite * CVE-2020-6387: Out of bounds write in WebRTC * CVE-2020-6388: Out of bounds memory access in WebAudio * CVE-2020-6389: Out of bounds write in WebRTC * CVE-2020-6390: Out of bounds memory access in streams * CVE-2020-6391: Insufficient validation of untrusted input in Blink * CVE-2020-6392: Insufficient policy enforcement in extensions * CVE-2020-6393: Insufficient policy enforcement in Blink * CVE-2020-6394: Insufficient policy enforcement in Blink * CVE-2020-6395: Out of bounds read in JavaScript * CVE-2020-6396: Inappropriate implementation in Skia * CVE-2020-6397: Incorrect security UI in sharing * CVE-2020-6398: Uninitialized use in PDFium * CVE-2020-6399: Insufficient policy enforcement in AppCache * CVE-2020-6400: Inappropriate implementation in CORS * CVE-2020-6401: Insufficient validation of untrusted input in Omnibox * CVE-2020-6402: Insufficient policy enforcement in downloads * CVE-2020-6403: Incorrect security UI in Omnibox * CVE-2020-6404: Inappropriate implementation in Blink * CVE-2020-6405: Out of bounds read in SQLite * CVE-2020-6406: Use after free in audio
Dominique Leuenberger (dimstar_suse)
accepted
request 765585
from
Tomáš Chvátal (scarabeus_iv)
(revision 243)
Displaying revisions 161 - 180 of 422