Hello community, here is the log from the commit of package chromium for openSUSE:Leap:15.2 checked in at 2020-03-23 07:13:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/chromium (Old) and /work/SRC/openSUSE:Leap:15.2/.chromium.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium" Mon Mar 23 07:13:52 2020 rev:102 rq:787230 version:80.0.3987.149 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/chromium/chromium.changes 2020-03-09 18:15:38.117448268 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.chromium.new.3160/chromium.changes 2020-03-23 07:14:41.318527185 +0100 @@ -1,0 +2,21 @@ +Thu Mar 19 11:13:24 UTC 2020 - Tomáš Chvátal <tchva...@suse.com> + +- Update to 80.0.3987.149 (bsc#1167090): + * High CVE-2020-6422: Use after free in WebGL. + * High CVE-2020-6424: Use after free in media. + * High CVE-2020-6425: Insufficient policy enforcement in extensions. + * High CVE-2020-6426: Inappropriate implementation in V8. + * High CVE-2020-6427: Use after free in audio. + * High CVE-2020-6428: Use after free in audio. + * High CVE-2020-6429: Use after free in audio. + * High CVE-2019-20503: Out of bounds read in usersctplib. + * High CVE-2020-6449: Use after free in audio. + * Various fixes from internal audits, fuzzing and other initiatives + +------------------------------------------------------------------- +Sat Mar 14 09:18:06 UTC 2020 - Tomáš Chvátal <tchva...@suse.com> + +- Do not pull in python deps except interpreter, the bundles + are patched anwyays + +------------------------------------------------------------------- Old: ---- chromium-80.0.3987.132.tar.xz New: ---- chromium-80.0.3987.149.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ chromium.spec ++++++ --- /var/tmp/diff_new_pack.bMunx6/_old 2020-03-23 07:14:50.502532701 +0100 +++ /var/tmp/diff_new_pack.bMunx6/_new 2020-03-23 07:14:50.506532703 +0100 @@ -57,7 +57,7 @@ %bcond_with clang %bcond_with wayland Name: chromium -Version: 80.0.3987.132 +Version: 80.0.3987.149 Release: 0 Summary: Google's open source browser project License: BSD-3-Clause AND LGPL-2.1-or-later @@ -131,6 +131,7 @@ BuildRequires: pam-devel BuildRequires: pkgconfig BuildRequires: python +BuildRequires: python-xml BuildRequires: snappy-devel BuildRequires: update-desktop-files BuildRequires: util-linux @@ -241,10 +242,6 @@ BuildRequires: pkgconfig(libxml-2.0) >= 2.9.5 %endif %if !%{with sle_bundles} -BuildRequires: python-beautifulsoup4 -BuildRequires: python-html5lib -BuildRequires: python-simplejson -BuildRequires: python-xml BuildRequires: yasm-devel BuildRequires: pkgconfig(libwebp) BuildRequires: pkgconfig(opus) >= 1.3.1 @@ -342,8 +339,6 @@ third_party/catapult/common/py_vulcanize/third_party/rjsmin third_party/catapult/third_party/beautifulsoup4 third_party/catapult/third_party/html5lib-python - third_party/catapult/third_party/beautifulsoup4 - third_party/catapult/third_party/html5lib-python third_party/catapult/third_party/polymer third_party/catapult/third_party/six third_party/catapult/tracing/third_party/d3 @@ -488,9 +483,6 @@ third_party/opus third_party/yasm third_party/simplejson - third_party/catapult/third_party/beautifulsoup4 - third_party/catapult/third_party/html5lib-python - third_party/catapult/third_party/six third_party/zlib ) %endif ++++++ chromium-80.0.3987.132.tar.xz -> chromium-80.0.3987.149.tar.xz ++++++ /work/SRC/openSUSE:Leap:15.2/chromium/chromium-80.0.3987.132.tar.xz /work/SRC/openSUSE:Leap:15.2/.chromium.new.3160/chromium-80.0.3987.149.tar.xz differ: char 27, line 1