- Fri Jul 13 2012 dmorgan <dmorgan> 20.0.1132.57-2.1.mga1
+ Revision: 270499
- new upstream release 20.0.1132.57 (145807)
* [129898] High CVE-2012-2842: Use-after-free in counter handling
* [130595] High CVE-2012-2843: Use-after-free in layout height tracking
* [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF
- Fix copying of missing .pak files
- New version 20.0.1132.43
- Disable system flac ( fixes build )
- new upstream release 18.0.1025.168
* [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS
in EUC-JP
* [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling
* [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling
* [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error
* [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer
* [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
more carefully
* [117471] High CVE-2011-3064: Use-after-free in SVG clipping
* [117588] High CVE-2011-3065: Memory corruption in Skia
* [117794] Medium CVE-2011-3057: Invalid read in v8
* fix black screen on Hybrid Graphics system with GPU accelerated
compositing enabled (Issue: 117371)
* fix CSS not applied toelement (Issue: 114667)
* fix Regression rendering a div with background gradient and borders
(Issue: 113726)
* fix Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
* fix Multiple crashes (Issues: 72235, 116825 and 92998)
* fix Pop-up dialog is at wrong position (Issue: 116045)
* fix HTML Canvas patterns are broken if you change the transformation
matrix (Issue: 112165)
* fix SSL interstitial error "proceed anyway" / "back to safety" buttons
don't work (Issue: 119252)
* [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping
* [117583] Medium CVE-2011-3067: Cross-origin iframe replacement
* [117698] High CVE-2011-3068: Use-after-free in run-in handling
* [117728] High CVE-2011-3069: Use-after-free in line box handling
* [118185] High CVE-2011-3070: Use-after-free in v8 bindings
* [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement
* [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window
* [118593] High CVE-2011-3073: Use-after-free in SVG resource handling
* [119281] Medium CVE-2011-3074: Use-after-free in media handling
* [119525] High CVE-2011-3075: Use-after-free applying style command
* [120037] High CVE-2011-3076: Use-after-free in focus handling
* [120189] Medium CVE-2011-3077: Read-after-free in script bindings
* [106413] High CVE-2011-3078: Use after free in floats handling
* [117110] High CVE-2012-1521: Use after free in xml parser
* [117627] Medium CVE-2011-3079: IPC validation failure
* [121726] Medium CVE-2011-3080: Race condition in sandbox IPC
* [121899] High CVE-2011-3081: Use after free in floats handling
- new upstream release 16.0.912.63 (113337)
- security fixes
* [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching.
* [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml.
* [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser.
* [99016] High CVE-2011-3907: URL bar spoofing with view-source.
* [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing.
* [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
property array.
* [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
handling.
* [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF.
* [102359] High CVE-2011-3912: Use-after-free in SVG filters.
* [103921] High CVE-2011-3913: Use-after-free in Range handling.
* [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
* [104529] High CVE-2011-3915: Buffer overflow in PDF font handling.
* [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references.
* [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
* [107258] High CVE-2011-3904: Use-after-free in bidi handling.
- New version 15.0.874.120
- new upstream release 15.0.874.102 (106587)
* [86758] High CVE-2011-2845: URL bar spoof in history handling.
* [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs.
* [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames.
* [91218] Low CVE-2011-3877: XSS in appcache internals page.
* [94487] Medium CVE-2011-3878: Race condition in worker process
initialization.
* [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs.
* [95992] Low CVE-2011-3880: Don't permit as a HTTP header delimiter.
* [96047][96885][98053][99512][99750] High CVE-2011-3881: Cross-origin
policy violations.
* [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
* [96902] High CVE-2011-3883: Use-after-free in counter handling.
* [97148] High CVE-2011-3884: Timing issues in DOM traversal.
* [97599][98064][98556][99294][99880][100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free.
* [98773][99167] High CVE-2011-3886: Out of bounds writes in v8.
* [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs.
* [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
* [99211] High CVE-2011-3889: Heap overflow in Web Audio.
* [99553] High CVE-2011-3890: Use-after-free in video source handling.
* [100332] High CVE-2011-3891: Exposure of internal v8 functions.
- Obsolete beta and unstable versions
- Fix buildrequires
- Use %subrel
- new upstream release 14.0.835.163 (101024)
- security fixes:
* [49377] High CVE-2011-2835: Race condition in the certificate cache
* [57908] Low CVE-2011-2837: Use PIC / pie compiler flags
* [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
loading plug-ins
* [76771] High CVE-2011-2839: Crash in v8 script object wrappers
* [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
user interaction
* [78639] High CVE-2011-2841: Garbage collection error in PDF
* [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers
* [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files
* [$1000] [89219] High CVE-2011-2846: Use-after-free in unload event handling
* [$1000] [89330] High CVE-2011-2847: Use-after-free in document loader
* [89564] Medium CVE-2011-2848: URL bar spoof with forward button
* [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets
* [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling
* [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters
* [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling
* [91120] High CVE-2011-2852: Off-by-one in v8
* [91197] High CVE-2011-2853: Use-after-free in plug-in handling
* [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
handing
* [92959] High CVE-2011-2855: Stale node in stylesheet handling
* [93416] High CVE-2011-2856: Cross-origin bypass in v8
* [93420] High CVE-2011-2857: Use-after-free in focus controller
* [93472] High CVE-2011-2834: Double free in libxml XPath handling
* [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages
* [93587] High CVE-2011-2860: Use-after-free in table style handling
* [93596] Medium CVE-2011-2861: Bad string read in PDF
* [93906] High CVE-2011-2862: Unintended access to v8 built-in objects
* [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters
* [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays
* [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session
* [95920] High CVE-2011-2875: Type confusion in v8 object sealing
- detailed changelog at http://goo.gl/6B1kT
- BuildRequires gnutls-devel, otherwise cups-config fails ( from tvignaud )
- Do not apply P3: Fix build
- new upstream release 13.0.782.220 (99552)
* revoking trust for SSL certificates issued by DigiNotar-controlled
intermediate CAs used by the Dutch PKIoverheid program
( mga # 2581 ) - Wed May 18 2011 tv <tv> 11.0.696.68-1.mga1
+ Revision: 99600
- new upstream release 11.0.696.68 (stable)
- security fixes
* [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue.
* [80608] High CVE-2011-1800: Integer overflows in SVG filters. - Sat May 7 2011 tv <tv> 11.0.696.65-1.mga1
+ Revision: 95741
- new upstream release 11.0.696.65 (stable) - Fri Apr 29 2011 tv <tv> 11.0.696.57-1.mga1
+ Revision: 93388
- new upstream release 11.0.696.57 (stable)
(detailed changelog at http://goo.gl/arI9m) - Fri Apr 15 2011 tv <tv> 10.0.648.205-1.mga1
+ Revision: 85803
- new upstream release 10.0.648.205 (stable)
(detailed changelog at http://goo.gl/wJg8b) - Wed Apr 6 2011 tv <tv> 10.0.648.204-1.mga1
+ Revision: 80981
- new upstream release 10.0.648.204 (stable)
- BuildRequires: libevent-devel speex-devel
- fix a group - Tue Mar 22 2011 tv <tv> 10.0.648.151-1.mga1
+ Revision: 75407
- new upstream release 10.0.648.151 (stable)
* blacklist a small number of HTTPS certificates - Wed Mar 16 2011 tv <tv> 10.0.648.133-1.mga1
+ Revision: 72787
- imported package chromium-browser-stable - Sat Mar 12 2011 Claudio Matsuoka <claudio@mandriva.com> 10.0.648.133-1mdv2011.0
+ Revision: 644042
- new upstream release 10.0.648.133 (stable)
* [CVE-2011-1290] fix memory corruption in style handling
- check presence of patch files - Fri Mar 11 2011 Claudio Matsuoka <claudio@mandriva.com> 10.0.648.127-2
+ Revision: 643848
- apply patches correctly - Wed Mar 9 2011 Claudio Matsuoka <claudio@mandriva.com> 10.0.648.127-1
+ Revision: 643105
- new upstream release 10.0.648.127 (stable)
* New version of V8 which greatly improves javascript performance
* New settings pages that open in a tab, rather than a dialog box
* Improved security with malware reporting and disabling outdated plugins
by default
* Password sync as part of Chrome Sync now enabled by default
* GPU Accelerated Video
* Background WebApps
* webNavigation extension API
- annoucement and security fix list: http://goo.gl/PWdBi
- move chromium patch 10.0.648.114 from beta channel to stable
- move chromium patch 10.0.648.82 from beta channel to stable
- move chromium patch 10.0.648.127 from beta channel to stable
- move chromium patch 10.0.648.126 from beta channel to stable
- move chromium 10.0.648.45 from beta channel to stable
- move patch from beta channel to stable
- move patch from beta channel to stable - Tue Mar 1 2011 Claudio Matsuoka <claudio@mandriva.com> 9.0.597.107-1
+ Revision: 641075
- new upstream release 9.0.597.107 (stable)
- contains security fixes, see detais at http://goo.gl/rkTSm
- add beta browser to the downgrade notice in spec description - Sat Feb 12 2011 Claudio Matsuoka <claudio@mandriva.com> 9.0.597.98-1
+ Revision: 637364
- new upstream version 9.0.597.98
- add conflicts to beta channel browser
- add obsoletes entry for old (canary) chromium-browser package - Thu Feb 10 2011 Claudio Matsuoka <claudio@mandriva.com> 9.0.597.94-1
+ Revision: 637082
- imported package chromium-browser-stable