Hello community,
here is the log from the commit of package chromium for openSUSE:Leap:15.2
checked in at 2020-03-23 07:13:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.2/chromium (Old)
and /work/SRC/openSUSE:Leap:15.2/.chromium.new.3160 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "chromium"
Mon Mar 23 07:13:52 2020 rev:102 rq:787230 version:80.0.3987.149
Changes:
--------
--- /work/SRC/openSUSE:Leap:15.2/chromium/chromium.changes 2020-03-09
18:15:38.117448268 +0100
+++ /work/SRC/openSUSE:Leap:15.2/.chromium.new.3160/chromium.changes
2020-03-23 07:14:41.318527185 +0100
@@ -1,0 +2,21 @@
+Thu Mar 19 11:13:24 UTC 2020 - Tomáš Chvátal <tchva...@suse.com>
+
+- Update to 80.0.3987.149 (bsc#1167090):
+ * High CVE-2020-6422: Use after free in WebGL.
+ * High CVE-2020-6424: Use after free in media.
+ * High CVE-2020-6425: Insufficient policy enforcement in extensions.
+ * High CVE-2020-6426: Inappropriate implementation in V8.
+ * High CVE-2020-6427: Use after free in audio.
+ * High CVE-2020-6428: Use after free in audio.
+ * High CVE-2020-6429: Use after free in audio.
+ * High CVE-2019-20503: Out of bounds read in usersctplib.
+ * High CVE-2020-6449: Use after free in audio.
+ * Various fixes from internal audits, fuzzing and other initiatives
+
+-------------------------------------------------------------------
+Sat Mar 14 09:18:06 UTC 2020 - Tomáš Chvátal <tchva...@suse.com>
+
+- Do not pull in python deps except interpreter, the bundles
+ are patched anwyays
+
+-------------------------------------------------------------------
Old:
----
chromium-80.0.3987.132.tar.xz
New:
----
chromium-80.0.3987.149.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ chromium.spec ++++++
--- /var/tmp/diff_new_pack.bMunx6/_old 2020-03-23 07:14:50.502532701 +0100
+++ /var/tmp/diff_new_pack.bMunx6/_new 2020-03-23 07:14:50.506532703 +0100
@@ -57,7 +57,7 @@
%bcond_with clang
%bcond_with wayland
Name: chromium
-Version: 80.0.3987.132
+Version: 80.0.3987.149
Release: 0
Summary: Google's open source browser project
License: BSD-3-Clause AND LGPL-2.1-or-later
@@ -131,6 +131,7 @@
BuildRequires: pam-devel
BuildRequires: pkgconfig
BuildRequires: python
+BuildRequires: python-xml
BuildRequires: snappy-devel
BuildRequires: update-desktop-files
BuildRequires: util-linux
@@ -241,10 +242,6 @@
BuildRequires: pkgconfig(libxml-2.0) >= 2.9.5
%endif
%if !%{with sle_bundles}
-BuildRequires: python-beautifulsoup4
-BuildRequires: python-html5lib
-BuildRequires: python-simplejson
-BuildRequires: python-xml
BuildRequires: yasm-devel
BuildRequires: pkgconfig(libwebp)
BuildRequires: pkgconfig(opus) >= 1.3.1
@@ -342,8 +339,6 @@
third_party/catapult/common/py_vulcanize/third_party/rjsmin
third_party/catapult/third_party/beautifulsoup4
third_party/catapult/third_party/html5lib-python
- third_party/catapult/third_party/beautifulsoup4
- third_party/catapult/third_party/html5lib-python
third_party/catapult/third_party/polymer
third_party/catapult/third_party/six
third_party/catapult/tracing/third_party/d3
@@ -488,9 +483,6 @@
third_party/opus
third_party/yasm
third_party/simplejson
- third_party/catapult/third_party/beautifulsoup4
- third_party/catapult/third_party/html5lib-python
- third_party/catapult/third_party/six
third_party/zlib
)
%endif
++++++ chromium-80.0.3987.132.tar.xz -> chromium-80.0.3987.149.tar.xz ++++++
/work/SRC/openSUSE:Leap:15.2/chromium/chromium-80.0.3987.132.tar.xz
/work/SRC/openSUSE:Leap:15.2/.chromium.new.3160/chromium-80.0.3987.149.tar.xz
differ: char 27, line 1
