Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

chromium-50.0.2661.94-45.1 RPM for x86_64

From OpenSuSE Leap 42.1 updates for x86_64

Name: chromium Distribution: openSUSE Leap 42.1
Version: 50.0.2661.94 Vendor: openSUSE
Release: 45.1 Build date: Fri Apr 29 23:38:48 2016
Group: Productivity/Networking/Web/Browsers Build host: cloud136
Size: 236274523 Source RPM: chromium-50.0.2661.94-45.1.src.rpm
Summary: Google's opens source browser project
Chromium is the open-source project behind Google Chrome. We invite you to join us in our effort to help build a safer, faster, and more stable way for all Internet users to experience the web, and to create a powerful platform for developing a new generation of web applications.




BSD-3-Clause and LGPL-2.1+


* Fri Apr 29 2016
  - Update to Chromium 50.0.2661.94 (boo#977830)
    * Security fixes:
    - CVE-2016-1660: Out-of-bounds write in Blink
    - CVE-2016-1661: Memory corruption in cross-process frames
    - CVE-2016-1662: Use-after-free in extensions
    - CVE-2016-1663: Use-after-free in Blink’s V8 bindings
    - CVE-2016-1664: Address bar spoofing
    - CVE-2016-1665: Information leak in V8
    - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives
* Fri Apr 22 2016
  - _constraints: increase memory. It takes 1.2G to build some .o, and
    with -j4 this results in OOM.
* Thu Apr 14 2016
  - Update to Chromium 50.0.2661.75 (boo#975572)
    * Security Fixes:
    - CVE-2016-1652: Universal XSS in extension bindings
    - CVE-2016-1653: Out-of-bounds write in V8
    - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding
    - CVE-2016-1654: Uninitialized memory read in media
    - CVE-2016-1655: Use-after-free related to extensions
    - CVE-2016-1656: Android downloaded file path restriction bypass
    - CVE-2016-1657: Address bar spoofing
    - CVE-2016-1658: Potential leak of sensitive information to
      malicious extensions
    - CVE-2016-1659: Various fixes from internal audits, fuzzing
      and other initiatives
  - add patch to fix GCC builds with component=shared_library:
* Fri Apr 08 2016
  - Update to Chromium 49.0.2623.112
    * Block user removal when login attempt is in progress
    * Add the SuppressUnsupportedOSWarning policy setting
    * Fix how Save-Page-As responds to web requests blocked by extensions
    * Fix preferred width calculation for 8bit ltr runs in rtl blocks
* Wed Mar 30 2016
  - Update to Chromium 49.0.2623.110
    * No changelog available
* Mon Mar 28 2016
  - Update to Chromium 49.0.2623.108
    * Security fixes (boo#972834):
    - CVE-2016-1646: Out-of-bounds read in V8
    - CVE-2016-1647: Use-after-free in Navigation
    - CVE-2016-1648: Use-after-free in Extensions
    - CVE-2016-1649: Buffer overflow in libANGLE
    - CVE-2016-1650: Various fixes from internal audits, fuzzing
      and other initiatives
    - CVE-2016-3679: Multiple vulnerabilities in V8 fixed at the
      tip of the 4.9 branch (currently 4.9.385.33).
* Wed Mar 09 2016
  - Update to Chromium 49.0.2623.87
    * Security fixes:
    - CVE-2016-1643: Type confusion in Blink (boo#970514)
    - CVE-2016-1644: Use-after-free in Blink (boo#970509)
    - CVE-2016-1645: Out-of-bounds write in PDFium (boo#970511)
* Tue Mar 08 2016
  - Change the build method used on Packman.
    * Drop patch no-clang-on-packman.diff . This is no longer required
      as that ninja is respecting the build flags correctly.
  - Drop unused patch skia.patch
* Fri Mar 04 2016
  - Update to Chromium 49.0.2623.75
    * 26 security fixes, with the most important ones being:
    - CVE-2016-1630: Same-origin bypass in Blink
    - CVE-2016-1631: Same-origin bypass in Pepper Plugin
    - CVE-2016-1632: Bad cast in Extensions
    - CVE-2016-1633: Use-after-free in Blink
    - CVE-2016-1634: Use-after-free in Blink
    - CVE-2016-1635: Use-after-free in Blink
    - CVE-2016-1636: SRI Validation Bypass
    - CVE-2015-8126: Out-of-bounds access in libpng
    - CVE-2016-1637: Information Leak in Skia
    - CVE-2016-1638: WebAPI Bypass
    - CVE-2016-1639: Use-after-free in WebRTC
    - CVE-2016-1640: Origin confusion in Extensions UI
    - CVE-2016-1641: Use-after-free in Favicon
    - CVE-2016-1642: Various fixes from internal audits, fuzzing
      and other initiatives
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.9
      branch (currently 4.9.385.26)
* Fri Feb 19 2016
  - Update to Chromium 48.0.2564.116
    * Fixes a critical security flaw:
    - CVE-2016-1629: Same-origin bypass in Blink and Sandbox
      escape in Chrome. (boo#967376)
* Mon Feb 15 2016
  - Update to Chromium 48.0.2564.109
    * Security fixes (boo#965999)
    - CVE-2016-1622: Same-origin bypass in Extensions
    - CVE-2016-1623: Same-origin bypass in DOM
    - CVE-2016-1624: Buffer overflow in Brotli
    - CVE-2016-1625: Navigation bypass in Chrome Instant
    - CVE-2016-1626: Out-of-bounds read in PDFium
    - CVE-2016-1627: Various fixes from internal audits, fuzzing
      and other initiatives
* Sat Feb 13 2016
  - Drop the libva support completely. It seems that this is causing
    more issues than it actually resolves. (boo#965566)
    * Drop chromium-enable-vaapi.patch
* Thu Feb 11 2016
  - Don't build with libva support for openSUSE 13.2 and lower
* Tue Feb 09 2016
  - Drop completely the option to build with system libraries. This
    could lead to issues (boo#965738)
* Fri Feb 05 2016
  - Update to Chromium 48.0.2564.103
    * No chnagelog available
* Sun Jan 31 2016
  - Build against the in-source libjpeg to prevent graphical issues
* Sun Jan 31 2016
  - Use spec-cleaner
  - Remove buildenv check that is moot for the update-alternatives script
  - Build against the latest libjpeg rather than jpeg6
  - Use update-alternatives as is required by the specification
* Thu Jan 28 2016
  - Update to Chromium 48.0.2564.97
    * No changelog available
  - Update the desktop-kde package so that on Leap and TW, the kwallet5
    becomes the default. desktop-kde/gnome packages are no longer
    recommended as that the default is to automatically detect the
    password store. Only for those users that want to change this,
    they can select a different setup.
* Fri Jan 22 2016
  - Update to Chromium 48.0.2564.82
    * Security fixes:
    - CVE-2016-1612: Bad cast in V8 (boo#963184)
    - CVE-2016-1613: Use-after-free in PDFium (boo#963185)
    - CVE-2016-1614: Information leak in Blink (boo#963186)
    - CVE-2016-1615: Origin confusion in Omnibox (boo#963187)
    - CVE-2016-1616: URL Spoofing (boo#963188)
    - CVE-2016-1617: History sniffing with HSTS and CSP (boo#963189)
    - CVE-2016-1618: Weak random number generator in Blink (boo#963190)
    - CVE-2016-1619: Out-of-bounds read in PDFium (boo#963191)
    - CVE-2016-1620 chromium-browser: various fixes (boo#963192)
* Thu Jan 14 2016
  - Update to Chromium 47.0.2526.111.
    * No changelog available
* Mon Dec 28 2015
  - Enable SSE2 on x86_64
* Sun Dec 27 2015
  - Fix crash when trying to enable chromecast extension
    * Add patch: fix_network_api_crash.patch
* Sun Dec 20 2015
  - Update to Chromium 47.0.2525.106, fixing the following security
    * CVE-2015-6792: Fixes from internal audits and fuzzing. [boo#959458]
* Mon Dec 14 2015
  - Enable VA-API hardware acceleration in Linux.
    * chromium-enable-vaapi.patch
* Thu Dec 10 2015
  - Update to Chromium 47.0.2526.80 [boo#958481]
    * Security fixes
    - CVE-2015-6788: Type confusion in extensions
    - CVE-2015-6789: Use-after-free in Blink
    - CVE-2015-6790: Escaping issue in saved pages
    - CVE-2015-6791: Various fixes from internal audits, fuzzing
      and other initiatives
  - Drop unused patch fix-clang.diff.
* Sat Dec 05 2015
  - Enable the possibility to utilize the Widevine plugin
    within chromium. (boo#954103)
    * Add patch: fix_building_widevinecdm_with_chromium.patch
* Wed Dec 02 2015
  - Update to Chromium 47.0.2526.73
    * Security fixes (boo#957519)
    - CVE-2015-6765: Use-after-free in AppCache
    - CVE-2015-6766: Use-after-free in AppCache
    - CVE-2015-6767: Use-after-free in AppCache
    - CVE-2015-6768: Cross-origin bypass in DOM
    - CVE-2015-6769: Cross-origin bypass in core
    - CVE-2015-6770: Cross-origin bypass in DOM
    - CVE-2015-6771: Out of bounds access in v8
    - CVE-2015-6772: Cross-origin bypass in DOM
    - CVE-2015-6764: Out of bounds access in v8
    - CVE-2015-6773: Out of bounds access in Skia
    - CVE-2015-6774: Use-after-free in Extensions
    - CVE-2015-6775: Type confusion in PDFium
    - CVE-2015-6776: Out of bounds access in PDFium
    - CVE-2015-6777: Use-after-free in DOM
    - CVE-2015-6778: Out of bounds access in PDFium
    - CVE-2015-6779: Scheme bypass in PDFium
    - CVE-2015-6780: Use-after-free in Infobars
    - CVE-2015-6781: Integer overflow in Sfntly
    - CVE-2015-6782: Content spoofing in Omnibox
    - CVE-2015-6783: Signature validation issue in
      Android Crazy Linker.
    - CVE-2015-6784: Escaping issue in saved pages
    - CVE-2015-6785: Wildcard matching issue in CSP
    - CVE-2015-6786: Scheme bypass in CSP
    - CVE-2015-6787: Various fixes from internal audits, fuzzing
      and other initiatives.
    - Multiple vulnerabilities in V8 fixed at the tip of the
      4.7 branch (currently
* Wed Nov 11 2015
  - Update to Chromium 46.0.2490.86
    * Security fixes (boo#954579):
    - CVE-2015-1302: Information leak in PDF viewer
* Fri Oct 23 2015
  - Update to Chromium 46.0.2490.80
    * No changelog available
* Mon Oct 19 2015
  - Change the default homepage based on the new landingpage
    for the openSUSE Project. (boo#950957)
* Wed Oct 14 2015
  - Update to Chromium 46.0.2490.71
    * Security fixes (boo#950290)
    - CVE-2015-6755: Cross-origin bypass in Blink
    - CVE-2015-6756: Use-after-free in PDFium
    - CVE-2015-6757: Use-after-free in ServiceWorker
    - CVE-2015-6758: Bad-cast in PDFium
    - CVE-2015-6759: Information leakage in LocalStorage
    - CVE-2015-6760: Improper error handling in libANGLE
    - CVE-2015-6761: Memory corruption in FFMpeg
    - CVE-2015-6762: CORS bypass via CSS fonts
    - CVE-2015-6763: Various fixes from internal audits, fuzzing
      and other initiatives
    - Multiple vulnerabilities in V8 fixed at the tip of the
      4.6 branch (currently CVE-2015-7834
  - drop upstreamed correct-blacklist.diff
  - add chromium-46.0.2490.71-fix-missing-i18n_process_css_test.patch
    to fix build
  - remove remoting_locales from spec
* Sat Oct 03 2015
  - Update to Chromium 45.0.2454.101
    * Security fixes:
    - CVE-2015-1303: Cross-origin bypass in DOM [boo#947504]
    - CVE-2015-1304: Cross-origin bypass in V8 [boo#947507]
* Tue Sep 22 2015
  - Update to Chromium 45.0.2454.99
    - No changelog available
  - Add upstream patch correct-blacklist.diff
    * This should restore the correct behavior of the option
    - -ignore-gpu-blacklist.
* Wed Sep 16 2015
  - Update to Chromium 45.0.2454.93
    - No changelog available
* Fri Sep 11 2015
  - Update to Chromium 45.0.2454.85
    Security fixes:
    * CVE-2015-1291: Cross-origin bypass in DOM
    * CVE-2015-1292: Cross-origin bypass in ServiceWorker
    * CVE-2015-1293: Cross-origin bypass in DOM
    * CVE-2015-1294: Use-after-free in Skia
    * CVE-2015-1295: Use-after-free in Printing
    * CVE-2015-1296: Character spoofing in omnibox
    * CVE-2015-1297: Permission scoping error in WebRequest
    * CVE-2015-1298: URL validation error in extensions
    * CVE-2015-1299: Use-after-free in Blink
    * CVE-2015-1300: Information leak in Blink
    * CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives.
* Wed Aug 05 2015
  - Update to Chromium 44.0.2403.130
    * No changelog available
* Wed Jul 29 2015
  - Update to Chromium 44.0.2403.125
    * No changelog available
  - The chromium-ffmpeg package (on Packman) now requires the same
    version for the main chromium package. This should prevent the
    issues arised from the libffmpeg switch that Google did recently
* Sat Jul 25 2015
  - Update to Chromium 44.0.2403.107
    * No changelog available
* Tue Jul 21 2015
  - Update to Chromium 44.0.2403.89
    * A number of new apps/extension APIs
    * Lots of under the hood changes for stability and performance
    * Security fixes:
    - CVE-2015-1271: Heap-buffer-overflow in pdfium
    - CVE-2015-1273: Heap-buffer-overflow in pdfium
    - CVE-2015-1274: Settings allowed executable files to run
      immediately after download
    - CVE-2015-1275: UXSS in Chrome for Android
    - CVE-2015-1276: Use-after-free in IndexedDB
    - CVE-2015-1279: Heap-buffer-overflow in pdfium
    - CVE-2015-1280: Memory corruption in skia
    - CVE-2015-1281: CSP bypass
    - CVE-2015-1282: Use-after-free in pdfium
    - CVE-2015-1283: Heap-buffer-overflow in expat
    - CVE-2015-1284: Use-after-free in blink
    - CVE-2015-1286: UXSS in blink
    - CVE-2015-1287: SOP bypass with CSS
    - CVE-2015-1270: Uninitialized memory read in ICU
    - CVE-2015-1272: Use-after-free related to unexpected GPU
      process termination
    - CVE-2015-1277: Use-after-free in accessibility
    - CVE-2015-1278: URL spoofing using pdf files
    - CVE-2015-1285: Information leak in XSS auditor
    - CVE-2015-1288: Spell checking dictionaries fetched over HTTP
    - CVE-2015-1289: Various fixes from internal audits, fuzzing
      and other initiatives
* Wed Jul 15 2015
  - Update to Chromium 43.0.2357.134
    Update of the Pepper Flash plugin to
* Wed Jul 08 2015
  - Update to Chromium 43.0.2357.132
    No changelog available
* Tue Jun 23 2015
  - Update to Chromium 43.0.2357.130
    - Security fixes (boo#935723)
    * CVE-2015-1266: Scheme validation error in WebUI
    * CVE-2015-1268: Cross-origin bypass in Blink
    * CVE-2015-1267: Cross-origin bypass in Blink
    * CVE-2015-1269: Normalization error in HSTS/HPKP preload list
* Wed Jun 17 2015
  - Add the buildflag enable_hotwording=0 to prevent that Chromium
    downloads a binary blob for speechrecognition (boo#935022)
  - Add patch gcc50-fixes.diff to enable building against GCC 5. The
    patch fixes the python regular expression and ensures to return
    a two digit value for the GCC version
* Fri Jun 12 2015
  - Update to Chromium 43.0.2357.125
    * Bug-fixes:
    - esolved browser font magnification/scaling issue.
* Wed May 27 2015
  - Update to Chromium 43.0.2357.81
    * Bug-fixes:
    - Fixed an issue where sometimes a blank page would print
    - Icons not displaying properly on Linux
* Wed May 20 2015
  - Update to Chromium 43.0.2357.65
    * Security fixes:
    - CVE-2015-1252: Sandbox escape in Chrome
    - CVE-2015-1253: Cross-origin bypass in DOM
    - CVE-2015-1254: Cross-origin bypass in Editing
    - CVE-2015-1255: Use-after-free in WebAudio
    - CVE-2015-1256: Use-after-free in SVG
    - CVE-2015-1251: Use-after-free in Speech
    - CVE-2015-1257: Container-overflow in SVG
    - CVE-2015-1258: Negative-size parameter in Libvpx
    - CVE-2015-1259: Uninitialized value in PDFium
    - CVE-2015-1260: Use-after-free in WebRTC
    - CVE-2015-1261: URL bar spoofing
    - CVE-2015-1262: Uninitialized value in Blink
    - CVE-2015-1263: Insecure download of spellcheck dictionary
    - CVE-2015-1264: Cross-site scripting in bookmarks
    - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives
    - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently
* Wed Apr 29 2015
  - Update to Chromium 42.0.2311.135
    * Security fixes:
    - CVE-2015-1243: Use-after-free in DOM
    - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives
      and 3 more security fixes.
* Mon Apr 27 2015
  - Fix for missing Chromium icon in the taskbar.
* Wed Apr 15 2015
  - Update to Chromium 42.0.2311.90
    * A number of new apps, extension and Web Platform APIs (including the Push API!)
    * Lots of under the hood changes for stability and performance
    * Security fixes, including:
    - CVE-2015-1235: Cross-origin-bypass in HTML parser
    - CVE-2015-1236: Cross-origin-bypass in Blink
    - CVE-2015-1237: Use-after-free in IPC
    - CVE-2015-1238: Out-of-bounds write in Skia
    - CVE-2015-1240: Out-of-bounds read in WebGL
    - CVE-2015-1241: Tap-Jacking
    - CVE-2015-1242: Type confusion in V8
    - CVE-2015-1244: HSTS bypass in WebSockets
    - CVE-2015-1245: Use-after-free in PDFium
    - CVE-2015-1246: Out-of-bounds read in Blink
    - CVE-2015-1247: Scheme issues in OpenSearch
    - CVE-2015-1248: SafeBrowsing bypass
    - CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives
    - Multiple vulnerabilities in V8 fixed
* Thu Apr 02 2015
  - Update to Chromium 41.0.2272.118
    Security fixes:
    * CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that
      can lead to remote code execution outside of
      the sandbox
    * CVE-2015-1234: Buffer overflow via race condition in GPU
* Sat Mar 21 2015
  - Update to Chromium 41.0.2272.101
    * Bugfixes
* Thu Mar 12 2015
  - Update to Chromium 41.0.2272.89
    * Bugfixes
* Wed Mar 04 2015
  - Update to Chromium 41.0.2272.76
    Security fixes:
    * CVE-2015-1212: Out-of-bounds write in media
    * CVE-2015-1213: Out-of-bounds write in skia filters
    * CVE-2015-1214: Out-of-bounds write in skia filters
    * CVE-2015-1215: Out-of-bounds write in skia filters
    * CVE-2015-1216: Use-after-free in v8 bindings
    * CVE-2015-1217: Type confusion in v8 bindings
    * CVE-2015-1218: Use-after-free in dom
    * CVE-2015-1219: Integer overflow in webgl
    * CVE-2015-1220: Use-after-free in gif decoder
    * CVE-2015-1221: Use-after-free in web databases
    * CVE-2015-1222: Use-after-free in service workers
    * CVE-2015-1223: Use-after-free in dom
    * CVE-2015-1230: Type confusion in v8
    * CVE-2015-1224: Out-of-bounds read in vpxdecoder
    * CVE-2015-1225: Out-of-bounds read in pdfium
    * CVE-2015-1226: Validation issue in debugger
    * CVE-2015-1227: Uninitialized value in blink
    * CVE-2015-1228: Uninitialized value in rendering
    * CVE-2015-1229: Cookie injection via proxies
    * CVE-2015-1231: Various fixes from internal audits
    * Multiple vulnerabilities in V8 fixed at the tip of the 4.1 branch
* Fri Feb 27 2015
  - regular diskusage is more like 20GB+
* Mon Feb 23 2015
  - uses around 5.8GB for building, assign like 6GB in _constraints
* Fri Feb 20 2015
  - Update to Chromium 40.0.2214.115
    * Bugfixes
* Wed Feb 18 2015
  - Utilize the _service file to download the chromium tarball
* Sun Feb 08 2015
  - Update to Chromium 40.0.2214.111
    * Security Fixes:
    - CVE-2015-1209: Use-after-free in DOM
    - CVE-2015-1210: Cross-origin-bypass in V8 bindings
    - CVE-2015-1211: Privilege escalation using service workers
    - CVE-2015-1212: Various fixes from internal audits, fuzzing
      and other initiatives
* Sat Jan 31 2015
  - Update to Chromium 40.0.2214.94
    - Bugfixes
* Wed Jan 28 2015
  - Update to Chromium 40.0.2214.93
    - Bugfixes
* Fri Jan 23 2015
  - Update to Chromium 40.0.2214.91
    * Security Fixes:
    - CVE-2014-7923: Memory corruption in ICU
    - CVE-2014-7924: Use-after-free in IndexedDB
    - CVE-2014-7925: Use-after-free in WebAudio
    - CVE-2014-7926: Memory corruption in ICU
    - CVE-2014-7927: Memory corruption in V8
    - CVE-2014-7928: Memory corruption in V8
    - CVE-2014-7930: Use-after-free in DOM
    - VE-2014-7931: Memory corruption in V8
    - CVE-2014-7929: Use-after-free in DOM
    - CVE-2014-7932: Use-after-free in DOM
    - CVE-2014-7933: Use-after-free in FFmpeg
    - CVE-2014-7934: Use-after-free in DOM
    - CVE-2014-7935: Use-after-free in Speech
    - CVE-2014-7936: Use-after-free in Views
    - CVE-2014-7937: Use-after-free in FFmpeg
    - CVE-2014-7938: Memory corruption in Fonts
    - CVE-2014-7939: Same-origin-bypass in V8
    - CVE-2014-7940: Uninitialized-value in ICU
    - CVE-2014-7941: Out-of-bounds read in UI
    - CVE-2014-7942: Uninitialized-value in Fonts
    - CVE-2014-7943: Out-of-bounds read in Skia
    - CVE-2014-7944: Out-of-bounds read in PDFium
    - CVE-2014-7945: Out-of-bounds read in PDFium
    - CVE-2014-7946: Out-of-bounds read in Fonts
    - CVE-2014-7947: Out-of-bounds read in PDFium
    - CVE-2014-7948: Caching error in AppCache
    - CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives
    - Multiple vulnerabilities in V8 fixed at the tip of the 3.30 branch
* Tue Jan 13 2015
  - Update to Chromium 39.0.2171.99
    * Bugfixes
* Wed Dec 10 2014
  - Update to Chromium 39.0.2171.95
    * Bugfixes
* Sun Nov 30 2014 Led <>
  - fix using 'echo' command in script
* Wed Nov 26 2014
  - Update to Chromium 39.0.2171.71
    * Bugfixes
* Wed Nov 19 2014
  - Update to Chromium 39.0.2171.65
    * Security fixes:
    - CVE-2014-7899: Address bar spoofing (boo#906320)
    - CVE-2014-7900: Use-after-free in pdfium (boo#906317)
    - CVE-2014-7901: Integer overflow in pdfium (boo#906322)
    - CVE-2014-7902: Use-after-free in pdfium (boo#906328)
    - CVE-2014-7903: Buffer overflow in pdfium (boo#906318)
    - CVE-2014-7904: Buffer overflow in Skia (boo#906321)
    - CVE-2014-7905: Flaw allowing navigation to intents that do
      not have the BROWSABLE category (boo#906330)
    - CVE-2014-7906: Use-after-free in pepper plugins (boo#906319)
    - CVE-2014-0574: Double-free in Flash
    - CVE-2014-7907: Use-after-free in blink (boo#906323)
    - CVE-2014-7908: Integer overflow in media (boo#906324)
    - CVE-2014-7909: Uninitialized memory read in Skia (boo#906326)
    - CVE-2014-7910: Various fixes from internal audits, fuzzing
      and other initiatives (boo#906327)
* Fri Nov 14 2014
  - Update to Chromium 38.0.2125.122
    * Several bugfixes
* Tue Oct 28 2014
  - Update to Chromium 38.0.2125.111
    * Several bugfixes
* Wed Oct 15 2014
  - Update to Chromium 38.0.2125.104
    * Several bugfixes
  - Updated source url to point to the right location
* Wed Oct 08 2014
  - Update to Chromium 38.0.2125.101
    This update includes 159 security fixes, including 113 relatively
    minor fixes. Highlighted securtiy fixes are:
    CVE-2014-3188: A combination of V8 and IPC bugs that can lead to
      remote code execution outside of the sandbox
    CVE-2014-3189: Out-of-bounds read in PDFium
    CVE-2014-3190: Use-after-free in Events
    CVE-2014-3191: Use-after-free in Rendering
    CVE-2014-3192: Use-after-free in DOM
    CVE-2014-3193: Type confusion in Session Management
    CVE-2014-3194: Use-after-free in Web Workers
    CVE-2014-3195: Information Leak in V8
    CVE-2014-3196: Permissions bypass in Windows Sandbox
    CVE-2014-3197: Information Leak in XSS Auditor
    CVE-2014-3198: Out-of-bounds read in PDFium
    CVE-2014-3199: Release Assert in V8 bindings
    CVE-2014-3200: Various fixes from internal audits, fuzzing and
      other initiatives
  - Drop the build of the Native Client. This is actually not a build
    as that prebuild binaries are being shipped. Also Google no
    longer provides prebuild binaries for the NativeClient for 32bit.
    Chromium as webbrowser is not affected by this and it bring
    Chromium inline with the regulations that prebuild binaries
    should not be shipped.
    * toolchaing_linux tarball dropped
    * Spec-file cleaned for NaCl stuff
  - Added patch no-clang-on-packman.diff to prevent the usage of
    clang on packman, which is not supported there
* Wed Sep 10 2014
  - Update to Chromium 37.0.2062.120
    * Security Fixes (bnc#896106)
    - CVE-2014-3178: Use-after-free in rendering
* Sun Sep 07 2014
  - Update to Chromium 37.0.2062.103
    * This addresses some user feedback related to how Chrome
      renders text when display scaling is set to 125% or lower.
  - Combine the two toolchain tars into a single one.
* Mon Sep 01 2014
  - Switch to shared libraries as a global default. This hopefully
    speeds up the builds a little and prevents out-of-memory on OBS
  - Move the chrome sandbox binary to the main package and remove the
    sub-package for it. This should resolve build issues when having
    the debug flag on.
* Sun Aug 31 2014
  - add toolchain_linux_arm
  - disable NaCl on ARM because it doesn't build
  - add arm-webrtc-fix.patch
  - add chromium-arm-r0.patch
  - add skia.patch
  - build components as shared libaries on arm
* Wed Aug 27 2014
  - Update to Chromium 37.0.2062.94
    Security Fixes (bnc#893720)
    * CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC,
      sync, and extensions that can lead to remote code execution
      outside of the sandbox.
    * CVE-2014-3168: Use-after-free in SVG
    * CVE-2014-3169: Use-after-free in DOM
    * CVE-2014-3170: Extension permission dialog spoofing
    * CVE-2014-3171: Use-after-free in bindings
    * CVE-2014-3172: Issue related to extension debugging
    * CVE-2014-3173: Uninitialized memory read in WebGL
    * CVE-2014-3174: Uninitialized memory read in Web Audio
    * CVE-2014-3175: Various fixes from internal audits, fuzzing
      and other initiatives
    and 41 more security fixes for which no description was given
  - Drop the following patches as they are no longer required:
    * chromium-23.0.1245-no-test-sources.patch
    * no-download-nacl.diff
    * chromium-no-courgette.patch
* Wed Aug 13 2014
  - Update to Chromium 36.0.1985.143
    Security Fixes (bnc#891717)
    * CVE-2014-3165: Use-after-free in web sockets
    * CVE-2014-3166: Information disclosure in SPDY
    * CVE-2014-3167: Various fixes from internal audits, fuzzing and
      other initiatives
    and 9 more fixes for which no description was given
* Tue Aug 05 2014
  - Add directory remoting_locales to the package to complete
    the language support within Chromium
* Tue Jul 22 2014
  - Update to Chromium 36.0.1985.125
    New Functionality:
    * Rich Notifications Improvements
    * An Updated Incognito / Guest NTP design
    * The addition of a Browser crash recovery bubble
    * Chrome App Launcher for Linux
    * Lots of under the hood changes for stability and performance
    Security Fixes (bnc#887952,bnc#887955):
    * CVE-2014-3160: Same-Origin-Policy bypass in SVG
    * CVE-2014-3162: Various fixes from internal audits, fuzzing
      and other initiatives
    and 24 more fixes for which no description was given.
    Packaging changes:
    * Switch to newer method to retrieve toolchain packages. Dropping
      the three naclsdk_*tgz files. Everything is now included in the
      toolchain_linux_x86.tar.bz2 tarball
    * Add Courgette.tar.xz as that the build process now requires
      some files from Courgette in order to build succesfully. This
      does not mean that Courgette is build/delivered.
* Wed Jun 11 2014
  - Update to Chromium 35.0.1916.153
    Security fixes (bnc#882264,bnc#882264,bnc#882265,bnc#882263):
    * CVE-2014-3154: Use-after-free in filesystem api
    * CVE-2014-3155: Out-of-bounds read in SPDY
    * CVE-2014-3156: Buffer overflow in clipboard
    * CVE-2014-3157: Heap overflow in media
* Thu May 22 2014
  - Use also Ninja for openSUSE 12.3. This is the only method
    supported by upstream
  - Drop support for Arm. Despite that chromium builds on Arm, it can
    not complete the link process and dies with out-of-memory, etc.
    Drop the specific Arm patches:
    * arm_disable_gn.patch, arm_use_gold.patch, chromium-arm-webrtc-fix.patch,
      chromium-fix-arm-icu.patch, chromium-fix-arm-skia-memset.patch,
* Wed May 21 2014
  - Update to Chromium 35.0.1916.114
    New Functionality
    * More developer control over touch input
    * New JavaScript features
    * Unprefixed Shadow DOM
    * A number of new apps/extension APIs
    * Lots of under the hood changes for stability and performance
    Security fixes:
    * CVE-2014-1743: Use-after-free in styles
    * CVE-2014-1744: Integer overflow in audio
    * CVE-2014-1745: Use-after-free in SVG
    * CVE-2014-1746: Out-of-bounds read in media filters
    * CVE-2014-1747: UXSS with local MHTML file
    * CVE-2014-1748: UI spoofing with scrollbar
    * CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives
    * CVE-2014-3152: Integer underflow in V8 fixed
    and 17 more for which no detailed information is given.
  - Drop patch as that does no longer apply
    due to upstream changes
* Wed May 14 2014
  - Update to Chromium 34.0.1847.137
    * Security updates:
    - CVE-2014-1740: Use-after-free in WebSockets
    - CVE-2014-1741: Integer overflow in DOM range
    - CVE-2014-1742: Use-after-free in editing
* Mon Apr 28 2014
  - Update to Chromium 34.0.1847.132
    * Security update:
    - CVE-2014-1730: Type confusion in V8
    - CVE-2014-1731: Type confusion in DOM
    - CVE-2014-1732: Use-after-free in Speech Recognition
    - CVE-2014-1733: Compiler bug in Seccomp-BPF
    - CVE-2014-1734: Various fixes from internal audits, fuzzing
      and other initiatives
    - CVE-2014-1735: Multiple vulnerabilities in V8 fixed in
* Fri Apr 25 2014
  - Update to Chromium 34.0.1847.131
    * Bugfixes
* Thu Apr 10 2014
  - Add patch chromium-fix-arm-skia-memset.patch to resolve a linking
    issue on ARM with regards to missing symbols.
* Wed Apr 09 2014
  - Add patch arm_use_gold.patch to use the right gold binaries on
    ARM. Hopefully this resolves the build issues with running out of
* Tue Apr 08 2014
  - Update to Chromium 34.0.1847.116
    * Responsive Images and Unprefixed Web Audio
    * Import supervised users onto new computers
    * A number of new apps/extension APIs
    * Lots of under the hood changes for stability and performance
    - Security fixes:
    * CVE-2014-1716: UXSS in V8
    * CVE-2014-1717: OOB access in V8
    * CVE-2014-1718: Integer overflow in compositor
    * CVE-2014-1719: Use-after-free in web workers
    * CVE-2014-1720: Use-after-free in DOM
    * CVE-2014-1721: Memory corruption in V8
    * CVE-2014-1722: Use-after-free in rendering
    * CVE-2014-1723: Url confusion with RTL characters
    * CVE-2014-1724: Use-after-free in speech
    * CVE-2014-1725: OOB read with window property
    * CVE-2014-1726: Local cross-origin bypass
    * CVE-2014-1727: Use-after-free in forms
    * CVE-2014-1728: Various fixes from internal audits,
      fuzzing and other initiatives
    * CVE-2014-1729: Multiple vulnerabilities in V8
  - No longer build against system libraries as that Chromium works
    a lot better and crashes less on websites than with system libs
  - Added package depot_tools.tar.gz as that the chromium build now
    requires it during the initial build phase. It just contains some
    utilities and nothing from it is being installed.
* Sun Apr 06 2014
  - If people want to install newer versions of the ffmpeg library
    then let them. This is what they want.
  - Remove the buildscript from the sources
* Mon Mar 17 2014
  - Update to Chromium 33.0.1750.152
    Stable channel uodate:
    - Security fixes:
    * CVE-2014-1713: Use-after-free in Blink bindings
    * CVE-2014-1714: Windows clipboard vulnerability
    * CVE-2014-1705: Memory corruption in V8
    * CVE-2014-1715: Directory traversal issue
* Thu Mar 13 2014
  - Update to Chromium 33.0.1750.149
    Stable channel uodate:
    - Security fixes:
    * CVE-2014-1700: Use-after-free in speech
    * CVE-2014-1701: UXSS in events
    * CVE-2014-1702: Use-after-free in web database
    * CVE-2014-1703: Potential sandbox escape due to a
      use-after-free in web sockets
    * CVE-2014-1704: Multiple vulnerabilities in V8 fixed in
* Fri Feb 21 2014
  - Update to Chromium 33.0.1750.117
    Stable channel update:
    - Security Fixes:
    * CVE-2013-6653: Use-after-free related to web contents
    * CVE-2013-6654: Bad cast in SVG
    * CVE-2013-6655: Use-after-free in layout
    * CVE-2013-6656: Information leak in XSS auditor
    * CVE-2013-6657: Information leak in XSS auditor
    * CVE-2013-6658: Use-after-free in layout
    * CVE-2013-6659: Issue with certificates validation in TLS
    * CVE-2013-6660: Information leak in drag and drop
    * CVE-2013-6661: Various fixes from internal audits, fuzzing
      and other initiatives. Of these, seven are
      fixes for issues that could have allowed for
      sandbox escapes from compromised renderers.
    - Other:
    - Google Chrome Frame has been retired
  - Added gn-binaries.tar.xz to have the right version of the Google
    depot tools during build.
  - Added patch arm_disable_gn.patch to disable GN on ARM builds
* Tue Jan 28 2014
  - Update to Chromium 32.0.1700.102
    Stable channel update:
    - Security Fixes:
    * CVE-2013-6649: Use-after-free in SVG images
    * CVE-2013-6650: Memory corruption in V8
    * and 12 other fixes
    - Other:
    * Mouse Pointer disappears after exiting full-screen mode
    * Drag and drop files into Chromium may not work properly
    * Quicktime Plugin crashes in Chromium
    * Chromium becomes unresponsive
    * Trackpad users may not be able to scroll horizontally
    * Scrolling does not work in combo box
    * Chromium does not work with all CSS minifiers such as
      whitespace around a media query's `and` keyword
* Thu Jan 16 2014
  - Update to Chromium 32.0.1700.77
    Stable channel update:
    - Security fixes:
    * CVE-2013-6646: Use-after-free in web workers
    * CVE-2013-6641: Use-after-free related to forms
    * CVE-2013-6643: Unprompted sync with an attacker’s
      Google account
    * CVE-2013-6645: Use-after-free related to speech input
    * CVE-2013-6644: Various fixes from internal audits, fuzzing
      and other initiatives
    - Other:
    * Tab indicators for sound, webcam and casting
    * Automatically blocking malware files
    * Lots of under the hood changes for stability and performance
  - Remove patch chromium-fix-chromedriver-build.diff as that
    chromedriver is fixed upstream
* Thu Dec 05 2013
  - Update to Chromium 31.0.1650.63
    Stable channel update:
    - Security fixes:
    * CVE-2013-6634: Session fixation in sync related to 302 redirects
    * CVE-2013-6635: Use-after-free in editing
    * CVE-2013-6636: Address bar spoofing related to modal dialogs
    * CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives.
    * CVE-2013-6638: Buffer overflow in v8
    * CVE-2013-6639: Out of bounds write in v8.
    * CVE-2013-6640: Out of bounds read in v8
    * and 12 other security fixes.
  - Updated ExcludeArch to exclude aarch64, ppc, ppc64 and ppc64le.
      This is based on missing build requires (valgrind, v8, etc)
* Wed Nov 27 2013
  - Remove the build flags to build according to the Chrome ffmpeg
    branding and the proprietary codecs. (bnc#847971)
* Sat Nov 16 2013
  - Update to Chromium 31.0.1650.57
    Stable channel update:
    - Security Fixes:
    * CVE-2013-6632: Multiple memory corruption issues.
* Wed Nov 13 2013
  - Update to Chromium 31.0.1650.48
    Stable Channel update:
    - Security fixes:
    * CVE-2013-6621: Use after free related to speech input elements..
    * CVE-2013-6622: Use after free related to media elements.
    * CVE-2013-6623: Out of bounds read in SVG.
    * CVE-2013-6624: Use after free related to “id” attribute strings.
    * CVE-2013-6625: Use after free in DOM ranges.
    * CVE-2013-6626: Address bar spoofing related to interstitial warnings.
    * CVE-2013-6627: Out of bounds read in HTTP parsing.
    * CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation.
    * CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives.
    * CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
    * CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
    * CVE-2013-6631: Use after free in libjingle.
  - Added patch chromium-fix-chromedriver-build.diff to fix the
    chromedriver build
* Thu Nov 07 2013
  - Enable ARM build for Chromium.
    * Added patches chromium-arm-webrtc-fix.patch,
      chromium-fix-arm-icu.patch and chromium-fix-arm-sysroot.patch
      to resolve ARM specific build issues
* Fri Oct 25 2013
  - Update to Chromium 30.0.1599.114
    Stable Channel update: fix build for 32bit systems
  - Drop patch chromium-fix-chromedriver-build.diff. This is now
    fixed upstream
  - For openSUSE versions lower than 13.1, build against the in-tree
* Wed Oct 16 2013
  - Update to Chromium 30.0.1599.101
    - Security Fixes:
      + CVE-2013-2925: Use after free in XHR
      + CVE-2013-2926: Use after free in editing
      + CVE-2013-2927: Use after free in forms.
      + CVE-2013-2928: Various fixes from internal audits,
      fuzzing and other initiatives.
* Tue Oct 01 2013
  - Update to Chromium 30.0.1599.66
    - Easier searching by image
    - A number of new apps/extension APIs
    - Lots of under the hood changes for stability and performance
  - Security fixes:
    + CVE-2013-2906: Races in Web Audio
    + CVE-2013-2907: Out of bounds read in Window.prototype object
    + CVE-2013-2908: Address bar spoofing related to the
      “204 No Content” status code
    + CVE-2013-2909: Use after free in inline-block rendering
    + CVE-2013-2910: Use-after-free in Web Audio
    + CVE-2013-2911: Use-after-free in XSLT
    + CVE-2013-2912: Use-after-free in PPAPI
    + CVE-2013-2913: Use-after-free in XML document parsing
    + CVE-2013-2914: Use after free in the Windows color chooser
    + CVE-2013-2915: Address bar spoofing via a malformed scheme
    + CVE-2013-2916: Address bar spoofing related to the “204 No
      Content” status code
    + CVE-2013-2917: Out of bounds read in Web Audio
    + CVE-2013-2918: Use-after-free in DOM
    + CVE-2013-2919: Memory corruption in V8
    + CVE-2013-2920: Out of bounds read in URL parsing
    + CVE-2013-2921: Use-after-free in resource loader
    + CVE-2013-2922: Use-after-free in template element
    + CVE-2013-2923: Various fixes from internal audits, fuzzing and
      other initiatives
    + CVE-2013-2924: Use-after-free in ICU. Upstream bug
* Tue Oct 01 2013
  - Add patch chromium-fix-altgrkeys.diff
    - Make sure that AltGr is treated correctly (issue#296835)
* Fri Sep 27 2013
  - Do not build with system libxml (bnc#825157)
* Wed Sep 25 2013
  - Update to Chromium 31.0.1640.0
    * Bug and Stability Fixes
  - Fix destkop file for chromium by removing extension from icon
  - Change the methodology for the Chromium packages. Build is
    now based on an official tarball. As soon as the Beta channel
    catches up with the current version, Chromium will be
    based on the Beta channel instead of svn snapshots
* Sun Sep 15 2013
  - Update to 31.0.1632
    * Bug and Stability fixes
  - Added the flag --enable-threaded-compositing to the startup
    script. This flag seems to be required when hardware acceleration
    is in use. This prevents websites from locking up on users in
    certain cases.
* Tue Sep 10 2013
  - Update to 31.0.1627
    * Bug and Stability fixes
* Mon Sep 02 2013
  - Update to 31.0.1619
    * bug and Stability fixes
* Mon Aug 26 2013
  - require mozilla-nss-devel >= 3.14 and mozilla-nspr-devel >= 4.9.5
* Mon Aug 26 2013
  - Add patch exclude_ymp.diff to ensure that 1-click-install files
    are downloaded and NOT opened (bnc#836059)
* Sun Aug 25 2013
  - Update to 31.0.1611
    * Bug and stability fixes
* Sun Aug 18 2013
  - Update to 31.0.1605
    * Bug and stability fixes
* Fri Aug 16 2013
  - Change the startup script so that Chromium will not start
    when the chrome_sandbox doesn't have the SETUID.
* Wed Aug 14 2013
  - Update to 31.0.1601
    * Bug and stability fixes
* Sun Aug 11 2013
  - Update to 30.0.1594
    * Bug and stability fixes
  - Correct specfile to properly own /usr/bin/chromium (bnc#831584)
  - Chromium now expects the SUID-helper installed in the same
    directory as chromium. So let's create a symlink to the helper
    in /usr/lib
* Sun Aug 04 2013
  - Update to 30.0.1587
    * Bug and stability fixes
  - Remove patch chromium-nss-compliant.diff  (Upstream)
* Wed Jul 24 2013
  - Update to 30.0.1575
    * Bug and stability fixes
    * Enable the gpu-sandbox again due to upstream fix (chromium#255063)
* Tue Jul 16 2013
  - Update to 30.0.1567
    * bug and Stability fixes
* Mon Jul 01 2013
  - Update to 30.0.1553
    * Bug and stability fixes
    * Includes security update for v8 (bnc821601)
    * CVE-2013-2838 Denial of service (out-of-bounds read) via
      unspecified vectors
* Fri Jun 28 2013
  - Add the flag --disable-gpu-sandbox to prevent crashes and/or
    slowness. The GPU Sandbox is a new sandbox introduces in M28 and
    is currently causing issues
* Tue Jun 25 2013
  - Update to 29.0.1548
    * Bug and Stability fixes
* Sun Jun 16 2013
  - Update to 29.0.1541
    * Bug and Stability fixes
  - Added patch chromium-nss-compatibility to fix build on Factory
* Wed Jun 05 2013
  - Update to 29.0.1530
    * Bug and Stability fixes.
  - Dropped subversion buildrequire as svn is no longer used.
    (Thanks to
* Mon May 27 2013
  - Update to 29.0.1521
    * Bug and stability fixes
* Thu May 23 2013
  - Update to 29.0.1517
    * Bug and stability fixes
* Sun May 05 2013
  - Update to 28.0.1500
    * Bug and stability fixes
  - Added patch adjust-ldflags-no-keep-memory.patch to change a
    ldflags option to reduce the memory used during linking
* Thu May 02 2013
  - Update to 28.0.1497
    * Bug and stability fixes
* Mon Apr 29 2013
  - Update to 28.0.1494
    * Bug and Stability Fixes
* Sat Apr 27 2013
  - Update to 28.0.1493
    * bug and stability fixes
    * Bring back the lost buildflag to enable proprietary codecs
* Sun Apr 14 2013
  - Update to 28.0.1479
    * bug and stability fixes
* Wed Apr 10 2013
  - use %config(noreplace) for /etc/default/chromium, so that user
    changes are preserved.
* Sat Apr 06 2013
  - Update to 28.0.1468
    * Bug and stability fixes
* Sun Mar 24 2013
  - Update to 27.0.1452
    * Bug and stability fixes
  - Change buoldsystem to ninja for additional speed
    * Dropped patch chromium_use_gold.patch
  - Removed obsolete 11.4 bits and pieces in the spec-file
    * includes chromium.easy patch
* Tue Mar 19 2013
  - Update to 27.0.1447
    * Bug and stability fixes
    * Drop patch chromium-norpath.patch. Rpath is only used when
      building chromium with shared libraries.
  - Deactive building against system libraries. This is now causing
    issues for building on 12.3 and Factory.
* Sat Mar 09 2013
  - Update to 27.0.1435
    * Bug and stability fixes
    * Drop patch chromium-siginfo.patch due to upstream
* Sat Feb 23 2013
  - Update to 27.0.1425
    * Bug and stability fixes:
    - Fixed crash after clicking through malware warning.
      (Issue: 173986)
    - Fixed broken command line to create extensions with locale info
      (Issue: 176187)
    - Hosted apps in Chrome will always be opened from app launcher.
      (Issue: 176267)
    - Added modal confirmation dialog to the enterprise profile
      sign-in flow. (Issue: 171236)
    - Fixed a crash with autofill. (Issues: 175454, 176576)
    - Fixed issues with sign-in.
      (Issues: 175672, 175819, 175541, 176190)
    - Fixed spurious profile shortcuts created with a system-level
      install. (Issue: 177047)
    - Fixed the background tab flashing with certain themes.
      (Issue: 175426)
    * Security Fixes: (bnc#804986)
    - High CVE-2013-0879: Memory corruption with web audio node
    - High CVE-2013-0880: Use-after-free in database handling
    - Medium CVE-2013-0881: Bad read in Matroska handling
    - High CVE-2013-0882: Bad memory access with excessive SVG
    - Medium CVE-2013-0883: Bad read in Skia.
    - Low CVE-2013-0884: Inappropriate load of NaCl.
    - Medium CVE-2013-0885: Too many API permissions granted to web
    - Medium CVE-2013-0886: Incorrect NaCl signal handling.
    - Low CVE-2013-0887: Developer tools process has too many
      permissions and places too much trust in the connected server
    - Medium CVE-2013-0888: Out-of-bounds read in Skia
    - Low CVE-2013-0889: Tighten user gesture check for dangerous
      file downloads.
    - High CVE-2013-0890: Memory safety issues across the IPC layer.
    - High CVE-2013-0891: Integer overflow in blob handling.
    - Medium CVE-2013-0892: Lower severity issues across the IPC layer
    - Medium CVE-2013-0893: Race condition in media handling.
    - High CVE-2013-0894: Buffer overflow in vorbis decoding.
    - High CVE-2013-0895: Incorrect path handling in file copying.
    - High CVE-2013-0896: Memory management issues in plug-in message
    - Low CVE-2013-0897: Off-by-one read in PDF
    - High CVE-2013-0898: Use-after-free in URL handling
    - Low CVE-2013-0899: Integer overflow in Opus handling
    - Medium CVE-2013-0900: Race condition in ICU
    * Make adjustment for autodetecting of the PepperFlash library.
      The package with the PepperFlash hopefully will be soon
      available through packman
* Tue Feb 12 2013
  - Update to 26.0.1411
    * Bug and stability fixes
* Sun Feb 03 2013
  -  Update to 26.0.1403
    * Bug and stability fixes
* Sat Jan 26 2013
  - Using system libxml2 requires system libxslt.
  - Using system MESA does not work in i586 for some reason.
* Sat Jan 26 2013
  - Also use system MESA, factory version seems adecuate now.
  - Always use system libxml2.
* Fri Jan 25 2013
  - Restrict the usage of system libraries instead of the bundled
    ones to new products, too much hassle otherwise.
* Fri Jan 25 2013
  - Also link kerberos and libgps directly, do not dlopen them.
* Fri Jan 25 2013
  - Avoid using dlopen on system libraries, rpm or the package Manager
    do not handle this at all. tested for a few weeks and implemented
    with a macro so it can be easily disabled if problems arise.
    - Use SOME system libraries instead of the bundled ones, tested for
    several weeks and implemented with a macro for easy enable/Disable
    in case of trouble.
* Thu Jan 24 2013
  - Update to 26.0.1393
    * Bug and stability fixes
* Sun Jan 13 2013
  - Update to 26.0.1383
    * Security fixes
    - CVE-2012-5145: Use-after-free in SVG layout
    - CVE-2012-5146: Same origin policy bypass with malformed URL
    - CVE-2012-5147: Use-after-free in DOM handling
    - CVE-2012-5148: Missing filename sanitization in hyphenation
    - CVE-2012-5149: Integer overflow in audio IPC handling
    - CVE-2012-5150: Use-after-free when seeking video
    - CVE-2012-5152: Out-of-bounds read when seeking video
    - CVE-2012-5153: Out-of-bounds stack access in v8.
    - CVE-2012-5154: Integer overflow in shared memory allocation
    - CVE-2013-0830: Missing NUL termination in IPC.
    - CVE-2013-0831: Possible path traversal from extension process
    - CVE-2013-0832: Use-after-free with printing.
    - CVE-2013-0833: Out-of-bounds read with printing.
    - CVE-2013-0834: Out-of-bounds read with glyph handling
    - CVE-2013-0835: Browser crash with geolocation
    - CVE-2013-0836: Crash in v8 garbage collection.
    - CVE-2013-0837: Crash in extension tab handling.
    - CVE-2013-0838: Tighten permissions on shared memory segments
* Tue Jan 08 2013
  * Set up Google API keys, see .
    [#] Note: these are for openSUSE Chromium builds ONLY!!
    (Setup was done based on indication from Pawel Hajdan)
* Fri Jan 04 2013
  - Update to 26.0.1375
    * Bug and stability fixes
* Thu Dec 27 2012
  - Change the default setting for password-store to basic.
* Wed Dec 26 2012
  - Update to 26.0.1371
    * Bug and stability fixes
* Thu Dec 20 2012
  - Update to 26.0.1367
    * Bug and stability fixes
* Sat Dec 15 2012
  - Update to 25.0.1362
    * Security fixes (bnc#794075):
    - CVE-2012-5139: Use-after-free with visibility events
    - CVE-2012-5140: Use-after-free in URL loader
    - CVE-2012-5141: Limit Chromoting client plug-in instantiation.
    - CVE-2012-5142: Crash in history navigation.
    - CVE-2012-5143: Integer overflow in PPAPI image buffers
    - CVE-2012-5144: Stack corruption in AAC decoding
* Thu Dec 06 2012
  - Update to 25.0.1352
    * Fixed garbled header and footer text in print preview.
      [Issue: 152893]
    * Fixed extension action badges with long text. [Issue: 160069]
    * Disable find if constrained window is shown. [Issue: 156969]
    * Enable fullscreen for apps windows. [Issue: 161246]
    * Fixed broken profile with system-wide installation and
      UserDataDir & DiskCacheDir policy. [Issue: 161336]
    * Fixed stability crashes like 158747, 159437, 149139, 160914,
      160401, 161858, 158747, 156878
    * Fixed graphical corruption in Dust. [Issue: 155258]
    * Fixed scrolling issue. [Issue: 163553]
* Fri Nov 30 2012
  - Update to 25.0.1343
    * Security Fixes (bnc#791234 and bnc#792154):
    - CVE-2012-5131: Corrupt rendering in the Apple OSX driver for
      Intel GPUs
    - CVE-2012-5133: Use-after-free in SVG filters.
    - CVE-2012-5130: Out-of-bounds read in Skia
    - CVE-2012-5132: Browser crash with chunked encoding
    - CVE-2012-5134: Buffer underflow in libxml.
    - CVE-2012-5135: Use-after-free with printing.
    - CVE-2012-5136: Bad cast in input element handling.
    - CVE-2012-5138: Incorrect file path handling
    - CVE-2012-5137: Use-after-free in media source handling
  - Correct build so that proprietary codecs can be used when
    the chromium-ffmpeg package is installed
* Sun Nov 25 2012
  - Add a configuration file (/etc/default/chromium) where we can
    indicate flags for the chromium-browser.
* Sat Nov 24 2012
  - Update to 25.0.1335
    * {gtk} Fixed <input> selection renders white text on white
      background in apps. (Issue: 158422)
    * Fixed translate infobar button to show selected language.
      (Issue: 155350)
    * Fixed broken Arabic language. (Issue: 158978)
    * Fixed pre-rendering if the preference is disabled at start up.
      (Issue: 159393)
    * Fixed JavaScript rendering issue. (Issue: 159655)
    * No further indications in the ChangeLog
* Tue Nov 20 2012
  - Update to 25.0.1329
    * No further indications in the ChangeLog
  - Removed patch chomium-ffmpeg-no-pkgconfig.patch
  - Building now internal based on the standard
    chromium ffmpeg codecs
* Tue Nov 06 2012
  - Update to 25.0.1319
    * No further indications in the Changelog
* Fri Oct 26 2012
  - Update to 24.0.1308
    * Updated V8 -
    * Bookmarks are now searched by their title while typing into
      the omnibox with matching bookmarks being shown in the
      autocomplete suggestions pop-down list. Matching is done by
    * Fixed chromium issues 155871, 154173, 155133.
* Tue Oct 16 2012
  - add explicit buildrequire on libbz2-devel
* Sun Oct 07 2012
  - Update to 24.0.1290
    * No further indications in the ChangeLog.
* Sun Sep 30 2012
  - Update to 24.0.1283
    * Security Fixes (bnc#782257)
    - High CVE-2012-2889: UXSS in frame handling
    - High CVE-2012-2886: UXSS in v8 bindings.
    - High CVE-2012-2881: DOM tree corruption with plug-ins.
    - High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
    - High CVE-2012-2883: Out-of-bounds write in Skia.
    - High CVE-2012-2887: Use-after-free in onclick handling.
    - High CVE-2012-2888: Use-after-free in SVG text references.
    - High CVE-2012-2894: Crash in graphics context handling.
    - High CVE-2012-2896: Integer overflow in WebGL.
    - Medium CVE-2012-2877: Browser crash with extensions
    and modal dialogs
    - Low CVE-2012-2879: DOM topology corruption.
    - Medium CVE-2012-2884: Out-of-bounds read in Skia.
    - High CVE-2012-2874: Out-of-bounds write in Skia.
    - High CVE-2012-2878: Use-after-free in plug-in handling.
    - Medium CVE-2012-2880: Race condition in plug-in paint buffer.
    - High CVE-2012-2882: Wild pointer in OGG container handling.
    - Medium CVE-2012-2885: Possible double free on exit.
    - Low CVE-2012-2891: Address leak over IPC.
    - Low CVE-2012-2892: Pop-up block bypass.
    - High CVE-2012-2893: Double free in XSL transforms.
* Sat Sep 15 2012
  - Update to 23.0.1268
    * Updated V8 -
    * Updated WebKit - 537.10
    * Make the new sandbox more robust when denying socket calls.
    * Fix crashes (Issues 142388 and 146606)
* Fri Sep 07 2012
  - Update to 23.0.1259
    * No further indications in the ChangeLog.
* Sun Sep 02 2012
  - Update to 23.0.1255
    * Security Fixes (bnc#778005):
    - Medium CVE-2012-2865: Out-of-bounds read in line breaking.
    - High CVE-2012-2866: Bad cast with run-ins.
    - Low CVE-2012-2867: Browser crash with SPDY.
    - Medium CVE-2012-2868: Race condition with workers and XHR.
    - High CVE-2012-2869: Avoid stale buffer in URL loading.
    - Low CVE-2012-2870: Lower severity memory management issues
      in XPath.
    - High CVE-2012-2871: Bad cast in XSL transforms.
    - Medium CVE-2012-2872: XSS in SSL interstitial.
* Wed Aug 29 2012
  - Update to 23.0.1249
    * No longer building with system libraries. This caused issues
      with high CPU utilization and a blank homescreen. Now the
      in-source libraries are used.
* Sun Aug 19 2012
  - Update to 23.0.1240
    * Duplex Printing defaults to Yes, which prints extra pages even
      for a 1 page print out (Issue 138312).
    * Print preview takes forever on Win XP (issue: 140044)
    * Anti-DDoS inversion of logic (Issues: 141643, 141081)
    * application causes Flash to hang
      (Issue: 141018)
    * An additional scroll bar appears at the right on many sites
      (issue: 140239)
    * Setting and unsetting display:none obliterates current scroll
      position (issue: 140101)
  - Utilize the patched zlib sources from Chromium in order to build
* Fri Aug 03 2012
  - Update to 22.0.1226
    * Security Fixes (bnc#770821):
      CVE-2012-2843: Use-after-free in layout height tracking
      CVE-2012-2842: Use-after-free in counter handling
* Mon Jul 30 2012
  - Fix build with glibc 2.16 (struct siginfo is not exported anymore).
* Sun Jul 29 2012
  - Update to 22.0.1221
    * Several crash fixes (Issues: 131310, 134574)
    * Can't press Enter to save to PDF (Issue: 137690)
* Wed Jul 25 2012
  - Update to 22.0.1218
    * New Connection Manager
    * New Print UI.
    * No further indications in the ChangeLog.
* Sun Jul 08 2012
  - Update to 22.0.1201
    * No further indications in the ChangeLog.
  - exclude ppc and ppc64. There is no v8 for ppc. (Update from
* Fri Jun 29 2012
  - Update to 22.0.1190
    * Security Fixes:
    * CVE-2012-2815: Leak of iframe fragment id
    * CVE-2012-2816: Prevent sandboxed processes interfering with
      each other
    * CVE-2012-2817: Use-after-free in table section handling
    * CVE-2012-2818: Use-after-free in counter layout
    * CVE-2012-2819: Crash in texture handling
    * CVE-2012-2820: Out-of-bounds read in SVG filter handling
    * CVE-2012-2821: Autofill display problem
    * CVE-2012-2823: Use-after-free in SVG resource handling
    * CVE-2012-2826: Out-of-bounds read in texture conversion
    * CVE-2012-2829: Use-after-free in first-letter handling
    * CVE-2012-2830: Wild pointer in array value setting
    * CVE-2012-2831: Use-after-free in SVG reference handling
    * CVE-2012-2834: Integer overflow in Matroska container
    * CVE-2012-2825: Wild read in XSL handling
    * CVE-2012-2807: Integer overflows in libxml
    * Fix update-alternatives within the spec-file
* Thu Jun 21 2012
  - Update to 22.0.1183
    * Content settings for Cookies now also show protected storage
      granted to hosted apps
    * Chromoting client plugin correctly up-scales on when page-zoom
      is >100%.
* Tue Jun 19 2012
  - Update to 21.0.1181
    * Bugfixes.
    * Remove obsolete patch
    * Do not execute update-alternatives when building
* Fri Jun 15 2012
  - fix update-alternative usage to fix build
* Thu May 31 2012
  - Update to 21.0.1158
    * Bugfixes
    * Gamepad API prototype
      available by default.
    * TLS 1.1 is enabled by default.
* Sun May 20 2012
  - Update to 21.0.1145
    * Fixed several issues around audio not playing with videos
    * Crash Fixes
    * Improvements to trackpad on Cr-48
    * Security Fixes (bnc#762481)
    - CVE-2011-3083: Browser crash with video + FTP
    - CVE-2011-3084: Load links from internal pages in their
      own process.
    - CVE-2011-3085: UI corruption with long autofilled values
    - CVE-2011-3086: Use-after-free with style element.
    - CVE-2011-3087: Incorrect window navigation
    - CVE-2011-3088: Out-of-bounds read in hairline drawing
    - CVE-2011-3089: Use-after-free in table handling.
    - CVE-2011-3090: Race condition with workers.
    - CVE-2011-3091: Use-after-free with indexed DB
    - CVE-2011-3092: Invalid write in v8 regex
    - CVE-2011-3093: Out-of-bounds read in glyph handling
    - CVE-2011-3094: Out-of-bounds read in Tibetan handling
    - CVE-2011-3095: Out-of-bounds write in OGG container.
    - CVE-2011-3096: Use-after-free in GTK omnibox handling.
    - CVE-2011-3098: Bad search path for Windows Media Player
    - CVE-2011-3100: Out-of-bounds read drawing dash paths.
    - CVE-2011-3101: Work around Linux Nvidia driver bug
    - CVE-2011-3102: Off-by-one out-of-bounds write in libxml.
* Sun May 13 2012
  - Update to 21.0.1137
    * Fixes crashes when manually typing in URL's
* Fri May 11 2012
  - Update to 21.0.1135.0
    * Added patch for Sqlite which should resolve crashes when build
      with GCC 4.7
    * Fixes for rendering and stability
    * Fixed about:inducebrowsercrashforrealz (Issue: 124843)
    * Mouse over on apps/extensions makes place holder blank in
      web store. (Issue: 125777)
    * Security Fixes (bnc#760264):
    - CVE-2011-3078: Use after free in floats handling.
    - CVE-2012-1521: Use after free in xml parser.
    - CVE-2011-3079: IPC validation failure.
    - CVE-2011-3080: Race condition in sandbox IPC
    - CVE-2011-3081: Use after free in floats handling.
* Sun Apr 29 2012
  - Update to 20.0.1123.0
* Fri Apr 27 2012
  - Update to 20.0.1119.0
  - Adjust spec-file to include two new resource files that are
    required for the UI. (bnc#759381)
* Wed Apr 25 2012
  - Update to 20.0.1116.0
    * Fixes and update to newer v8 version
* Thu Apr 19 2012
  - Added the ChromeDriver as a separate package. Normal users
    will not require this as it is a standalone server for testing
* Tue Apr 17 2012
  - Update to 20.0.1106.0
    * Fixes issues with fonts (Issue: 108645).
    * Enable the Chrome To Mobile page action for users with
      compatible registered devices
    * file: downloads allowed again
* Fri Apr 13 2012
  - Use desktop_database macros at install time.
* Fri Apr 06 2012
  - Update to 20.0.1094.0
    * Other Devices menu shows last update time for other sessions,
      and allows sessions to be hidden using a context menu.
    * Fix sync issue with sessions (open tabs) triggering an
      unrecoverable error.
    * Fixed Sync/Apps: NTP apps icons missing after sync.
      [Issue: 117857]
    * Fixed bookmarks drag-n-drop in Bookmark Manager.
      [Issue: 118715]
    Security Fixes:
    * Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
    * Medium CVE-2011-3067: Cross-origin iframe replacement.
    * High CVE-2011-3068: Use-after-free in run-in handling.
    * High CVE-2011-3069: Use-after-free in line box handling.
    * High CVE-2011-3070: Use-after-free in v8 bindings.
    * High CVE-2011-3071: Use-after-free in HTMLMediaElement.
    * Low CVE-2011-3072: Cross-origin violation parenting pop-up
    * High CVE-2011-3073: Use-after-free in SVG resource handling.
    * Medium CVE-2011-3074: Use-after-free in media handling.
    * High CVE-2011-3075: Use-after-free applying style command.
    * High CVE-2011-3076: Use-after-free in focus handling.
    * Medium CVE-2011-3077: Read-after-free in script bindings.
* Tue Apr 03 2012
  - Update to 20.0.1090
    * Fixed issue cannot add GMail app to Chrome. [Issue: 119975]
    * Fixed theme and bookmarks bar notifications. [Issue: 117027]
    * Fixed popup prompting permission for flash plugin.
      [Issue: 120358]
    Security Fixes:
    * Medium CVE-2011-3058: Bad interaction possibly leading to
      XSS in EUC-JP.
    * Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
    * Medium CVE-2011-3060: Out-of-bounds read in text fragment
    * Medium CVE-2011-3061: SPDY proxy certificate checking error.
    * High CVE-2011-3062: Off-by-one in OpenType Sanitizer.
    * Low CVE-2011-3063: Validate navigation requests from the
      renderer more carefully.
    * High CVE-2011-3064: Use-after-free in SVG clipping.
    * High CVE-2011-3065: Memory corruption in Skia.
    * Medium CVE-2011-3057: Invalid read in v8.
* Sat Mar 24 2012
  - Update to 19.0.1079
    Security Fixes (bnc#754456):
    * High CVE-2011-3050: Use-after-free with first-letter handling
    * High CVE-2011-3045: libpng integer issue from upstream
    * High CVE-2011-3051: Use-after-free in CSS cross-fade handling
    * High CVE-2011-3052: Memory corruption in WebGL canvas handling
    * High CVE-2011-3053: Use-after-free in block splitting
    * Low CVE-2011-3054: Apply additional isolations to webui
    * Low CVE-2011-3055: Prompt in the browser native UI for unpacked
      extension installation
    * High CVE-2011-3056: Cross-origin violation with “magic iframe”.
    * Low CVE-2011-3049: Extension web request API can interfere with
      system requests
    Other Fixes:
    * The short-cut key for caps lock (Shift + Search) is disabled
      when an accessibility screen reader is enabled
    * Fixes an issue with files not being displayed in File Manager
      when some file names contain UTF-8 characters (generally
      accented characters)
    * Fixed dialog boxes in settings. (Issue: 118031)
    * Fixed flash videos turning white on mac when running with
    - -disable-composited-core-animation-plugins (Issue: 117916)
    * Change to look for correctly sized favicon when multiple images
      are provided. (Issue: 118275)
    * Fixed issues - 116044, 117470, 117068, 117668, 118620
* Wed Mar 21 2012
  - Update to 19.0.1077
* Sun Mar 18 2012
  - Update to 19.0.1074
  - Build Chromium on openSUSE > 12.1 with the gold linker
  - Fix build issues with GCC 4.7
* Thu Mar 15 2012
  - Update to 19.0.1071
    * Several fixes and improvements in the new Settings, Extensions,
      and Help pages.
    * Fixed the flashing when switched between composited and
      non-composited mode. [Issue: 116603]
    * Fixed stability issues 116913, 117217, 117347, 117081
* Sun Mar 11 2012
  - Update to 19.0.1066
    * Fixed Chrome install/update resets Google search preferences
      (Issue: 105390)
    * Don't trigger accelerated compositing on 3D CSS when using
      swiftshader (Issue: 116401)
    * Fixed a GPU crash (Issue: 116096)
    * More fixes for Back button frequently hangs (Issue: 93427)
    * Bastion now works (Issue: 116285)
    * Fixed Composited layer sorting irregularity with accelerated
      canvas (Issue: 102943)
    * Fixed Composited layer sorting irregularity with accelerated
      canvas (Issue: 102943)
    * Fixed Google Feedback causes render process to use too much
      memory (Issue: 114489)
    * Fixed after upgrade, some pages are rendered as blank
      (Issue: 109888)
    * Fixed Pasting text into a single-line text field shouldn't
      keep literal newlines (Issue: 106551)
  - Security Fixes:
    * Critical CVE-2011-3047: Errant plug-in load and GPU process
      memory corruption
    * Critical CVE-2011-3046: UXSS and bad history navigation.
* Mon Mar 05 2012
  - add Provides: browser(npapi) FATE#313084
* Sat Mar 03 2012
  - Update to 19.0.1060
    * Fixed NTP signed in state is missing (Issue: 112676)
    * Fixed gmail seems to redraw itself (all white) occasionally
      (Issue: 111263)
    * Focus "OK" button on Javascript dialogs (Issue: 111015)
    * Fixed Back button frequently hangs (Issue: 93427)
    * Increase the buffer size to fix muted playback rate
      (Issue: 108239)
    * Fixed Empty span with line-height renders with non-zero height
      (Issue: 109811)
    * Marked the Certum Trusted Network CA as an issuer of
      extended-validation (EV) certificates.
    * Fixed importing of bookmarks, history, etc. from Firefox 10+.
    * Fixed issues - 114001, 110785, 114168, 114598, 111663, 113636,
    * Fixed several crashes (Issues: 111376, 108688, 114391)
    * Fixed Firefox browser in Import Bookmarks and Settings
      drop-down (Issue: 114476)
    * Sync: Sessions aren't associating pre-existing tabs
      (Issue: 113319)
    * Fixed All "Extensions" make an entry under the "NTP Apps"
      page (Issue: 113672)
    + Security Fixes (bnc#750407):
    * High CVE-2011-3031: Use-after-free in v8 element wrapper.
    * High CVE-2011-3032: Use-after-free in SVG value handling.
    * High CVE-2011-3033: Buffer overflow in the Skia drawing library.
    * High CVE-2011-3034: Use-after-free in SVG document handling.
    * High CVE-2011-3035: Use-after-free in SVG use handling.
    * High CVE-2011-3036: Bad cast in line box handling.
    * High CVE-2011-3037: Bad casts in anonymous block splitting.
    * High CVE-2011-3038: Use-after-free in multi-column handling.
    * High CVE-2011-3039: Use-after-free in quote handling.
    * High CVE-2011-3040: Out-of-bounds read in text handling.
    * High CVE-2011-3041: Use-after-free in class attribute handling.
    * High CVE-2011-3042: Use-after-free in table section handling.
    * High CVE-2011-3043: Use-after-free in flexbox with floats.
    * High CVE-2011-3044: Use-after-free with SVG animation elements.
  - Remove the external ffmepg headers and start using the ones
    delivered with Chromium. Changes to Chromium are no longer in line
    with any ffmpeg version :-(. So we can only use the Chromium
    ffmpeg headers.
* Mon Feb 20 2012
  - Update to 19.0.1046
    * Security updates
      + CVE-2011-3015: Integer overflows in PDF codecs.
      + CVE-2011-3016: Read-after-free with counter nodes.
      + CVE-2011-3017: Possible use-after-free in database handling.
      + CVE-2011-3018: Heap overflow in path rendering.
      + CVE-2011-3019: Heap buffer overflow in MKV handling.
      + CVE-2011-3020: Native client validator error.
      + CVE-2011-3021: Use-after-free in subframe loading.
      + CVE-2011-3022: Inappropriate use of http for translation script.
      + CVE-2011-3023: Use-after-free with drag and drop.
      + CVE-2011-3024: Browser crash with empty x509 certificate.
      + CVE-2011-3025: Out-of-bounds read in h.264 parsing.
      + CVE-2011-3026: Integer overflow / truncation in libpng.
      + CVE-2011-3027: Bad cast in column handling.
* Wed Feb 15 2012
  - Update to 19.0.1042
    * Make speech input bubble borders close with the bubble
      [Issue: 112194]
    * Fixed stability issues
      [Issues:  113531, 113492, 113654, 113546, 113847, 114011]
    * Use Google’s online spellchecker to identify misspelled words
      as well as provide suggestions, for pasted text only.
    * Fix: open incognito windows at exit created extra normal
      windows when the session was restored
    * When translating a page, get the code and translation via HTTPS
* Fri Feb 10 2012
  - Update to 19.0.1037
    * Fix crashing timing bug where panel animates after its closed
    * Remove patch to build with newer glib version. This was merged
    * Added option to disable building with gold for x86_64. Used
      linker option "--icf=none" is not supported yet.
* Mon Feb 06 2012
  - Update to 19.0.1031
    * Block plugins for platform apps
      To block plugins a new content settings has been added, with
      the highest priority (i.e. at the front of the list). This
      could be used down the track to hang off more platform app
      specific stuff.
    * Remove unconditional -msse3 -mssse3 CFLAGS from media.gyp
    * Refactoring of Settings page
    * Other bugfixes
    * Security Fixes:
      CVE-2011-3953: Avoid clipboard monitoring after paste event.
      CVE-2011-3954: Crash with excessive database usage.
      CVE-2011-3955: Crash aborting an IndexDB transaction
      CVE-2011-3956: Incorrect handling of sandboxed origins inside
      CVE-2011-3957: Use-after-free in PDF garbage collection
      CVE-2011-3958: Bad casts with column spans
      CVE-2011-3959: Buffer overflow in locale handling
      CVE-2011-3960: Out-of-bounds read in audio decoding
      CVE-2011-3961: Race condition after crash of utility process
      CVE-2011-3962: Out-of-bounds read in path clipping
      CVE-2011-3963: Out-of-bounds read in PDF fax image handling
      CVE-2011-3964: URL bar confusion after drag + drop
      CVE-2011-3965: Crash in signature check
      CVE-2011-3966: Use-after-free in stylesheet error handling
      CVE-2011-3967: Crash with unusual certificate.
      CVE-2011-3968: Use-after-free in CSS handling
      CVE-2011-3969: Use-after-free in SVG layout.
      CVE-2011-3970: Out-of-bounds read in libxslt
      CVE-2011-3971: Use-after-free with mousemove events
      CVE-2011-3972: Out-of-bounds read in shader translator
* Sun Jan 29 2012
  - Update to 18.0.1022
    * Security fixes (bnc#743319)
      + CVE-2011-3924 Use-after-free vulnerability
      + CVE-2011-3925 Use-after-free vulnerability
      + CVE-2011-3926 Heap-based buffer overflow in the tree builder
      + CVE-2011-3927 Skia does not perform all required
      initialization of values
      + CVE-2011-3928 Use-after-free vulnerability
    * Compile the chrome_sandbox binary with -fPIE flags
* Mon Jan 23 2012
  - Update to 18.0.1017
    * Security Issues fixed (bnc#740493)
      + CVE-2011-3921 Use-after-free in animation frames
      + CVE-2011-3919 Heap-buffer-overflow in libxml
      + CVE-2011-3922 Stack-buffer-overflow in glyph handling
* Sat Dec 31 2011
  - Update to 18.0.992
    * Delay some extension startup until after first run import.
      (issue 108286)
    * Add function support for Sleep with TimeDelta input.
      (issue 108171)
    * Make webstore installs work when the Downloads folder is missing.
      (issue 108812)
    * Disable GL_EXT_texture_storage support in Linux. (issue 107782)
* Wed Dec 28 2011
  - Update to 18.0.985
    + Webkit layout:
    * Suppress a leak in http/tests/appcache/reload.html
      (issue 108621)
    * Suppress a leak in xmlhttprequest/workers/referer.html
      (issue 108622)
    * Extend the suppression for uninit value in
      fast/forms/input-text-paste-maxlength.html (issue 106183)
    * Suppress memory leaks in
      (issue 108624)
    * Suppress a leak in
      (issue 108627)
    * Suppress a leak in
      (issue 108628)
    + Set opaque on the WebMediaPlayerClient based on the decoder
* Mon Dec 19 2011
  - Update to 18.0.975
    + Updating extensions code to use UTF16. (issue#71980)
    + Assign F5 to cycle forward (issue#107417)
    + [Sync] Add NOTREACHED for empty passphrase (issue#104189)
    + Add libudev as build-dependency (issue#79050)
    + Enable mnemonic and bookmark folder key activation on menu
  - Removed conflict with xine-browser-plugins.
* Wed Dec 14 2011
  - Update to 18.0.972
    * Security issues fixed:  (bnc#736716)
      + CVE-2011-3903: Out-of-bounds read in regex matching.
      + CVE-2011-3905: Out-of-bounds reads in libxml.
      + CVE-2011-3906: Out-of-bounds read in PDF parser.
      + CVE-2011-3907: URL bar spoofing with view-source.
      + CVE-2011-3908: Out-of-bounds read in SVG parsing.
      + CVE-2011-3909: [64-bit only] Memory corruption in CSS
      property array.
      + CVE-2011-3910: Out-of-bounds read in YUV video frame
      + CVE-2011-3911: Out-of-bounds read in PDF.
      + CVE-2011-3912: Use-after-free in SVG filters.
      + CVE-2011-3914: Out-of-bounds write in v8 i18n handling
      + CVE-2011-3915: Buffer overflow in PDF font handling.
      + CVE-2011-3916: Out-of-bounds reads in PDF cross references.
      + CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
      + CVE-2011-3904: Use-after-free in bidi handling.
    * No longer build against the system libjpeg, but build against
      the libjpeg that comes with Chromium to prevent graphics
    * Chromium for openSUSE:Factory now builds against libjpeg8
    * Removed explicit -fPIC from the C-flags
* Sat Dec 10 2011
  - Update to 18.0.968
    + Print preview: Disable the right context menu items in print
      preview. (issue#106876,#106915)
    + Fix page zoom for plug-in documents (PDF, etc.)
    + ntp: track number of times a user switches pages in a single
      session (issue#106575)
    + <video> decode in hardware! (issue#104579)
    + New tab button icons (issue#100775)
    + Profile/user menu on NTP should look more clickable?
  - Enable the build of the Native Client (NaCl)
* Thu Dec 01 2011
  - Support ISO_8859-X as an alias to ISO-8859-X
* Sun Nov 27 2011
  - Update to 17.0.952
    + Message receiver on browser side that holds/starts the gamepad
      data provider (issue#79050)
    + WebSocket Pepper API: in process API implementation
    + Clean up plug-in placeholders (issue#62079)
    + Schedule idle handler in the foreground tab based on CPU usage
      and user activity
* Sun Nov 27 2011
  - Remove the media-probe.patch. This has one regression and that
    video's are no longer played through chromium if the
    chromium-ffmpeg package from packman is not installed. However
    removing this patch enabled support for all video formats if
    the chromium-ffmpeg package has been installed.
* Sun Nov 20 2011
  - Update to 17.0.945
    + Defer construction of NotificationUIManager to fix notification
      initialization. (bug#103427)
    + Ignore button mouse enter for new tab button (bug#104326)
    + History/Downloads:
    - Adding button and checkbox css to history and downloads.
    - Tweaked checkbox styles for history.
* Sun Nov 13 2011
  - Update to 17.0.937
    + Make it so that turning off sync for extensions in the
      preferences UI also turns off sync for extension settings,
      ditto for apps and app settings (bug#98488)
    + Cleanup: Remove unneeded forward declarations from
    + fix appearance of buttons in chrome://settings
    + Report correct error when connection cannot be established
    + Temporarily disables XI2 for aura until events are straightened
      out. (bug#103981)
    + Make chrome communicate with gpsd through libgps/shared memory
    + Don't close tabs from crashed extensions with background pages.
      Make the crashed extension reload when the sad tab is reloaded.
* Sun Oct 30 2011
  - Update to 17.0.922
    + Use the new ChromeV8ContextSet in
    + Suppress failure for downloads.DownloadsTest.testPauseAndResume,
      as it is failing sporadically on pyauto win vista, and cause
      is not understood. (bug#102228)
    + Fix a crash in FullscreenExitBubbleController when the user
      clicks the "Exit full screen" button. (bug#101835)
    + Close all panels originated by the extension when extension
      unloads. (bug#101118)
    + Fix history importing by delaying DownloadManager creation.
    + aura: Draw persistent borders around browser windows.
    + aura: brightness and volume bubble (bug#98322)
    + Associate the instant label text with a specific checkbox.
    + GTK: More profiling of the rendering path. (bug#100803)
    + Convert the non-debug logging in chrome/common to debug logging.
    + Add code to prompt for browser login during app notification
      setup (bug#98145)
    + GTK: Constrain the clip area on tabstrip draws. (bug#100803)
    + Fully enable about:tracking by default (controlled by the
      flag: "--enable-tracking" and the default is always on.)
* Sun Oct 23 2011
  - Update to 17.0.917
    + Convert the Flash interfaces to no longer use GetInfo
    + Now does not sync URLs that only have imported visits
    + Print Preview fixes
    + Use WebCompositor only when --enable-threaded-compositing
    + Enable privileged WebGL extensions for Chrome extensions.
    + Implement sync data type controller and UI for syncing
    + Improve audio underflow handling.
    + Improve extension settings accessibility.
    + Other bugfixes
  - Remove patch19 for system zlib adjustments as this is no longer
* Sun Oct 16 2011
  - Update to 16.0.910
    + Delay network requests on startup if any webRequest or
      webNavigation extensions are enabled.
    + Make escape exit tabbed fullscreen mode even if browser was in
      fullscreen mode before. (bug#89208)
    + [Sync] Support open tabs experiment enabling before sync setup
      completion. (bug#99403)
    + On Linux, turn off panels when there is no window manager
      present. (bug#100381)
    + Linux: add the "other bookmarks" folder to the new bookmark
      menu. (bug#81263)
    + Add google search app to list of apps installed by default.
    + PrintPreview: Added code to honor the grayscale color model
    + Linux: add basic bookmark menu support. More features can be
      added later. Currently, only supports ctrl-click/middle click
      to open in a new tab. It's supposed to be quite fancy and
      support context menus and maybe other gestures as well; these
      are not yet supported. (bug#81263)
* Sun Oct 09 2011
  - Update to 16.0.904
    + aura: Implement cursor support on linux
    + Add --enable-video-track commandline flag for enabling <track>
      (otherwise disabled by default)
    + [Sync UI] When signed in, choosing the sync wrench menu item
      should navigate to personal options
    + Fix UI quirks when doing a history navigation to a slow page
    + Auto-login UI polish. (bug#98873)
    + Fixed the gtk menu race (bug#88473)
* Sun Oct 02 2011
  - Updaet to 16.0.898
    + Move webNavigation out of experimental (bug#60100)
    + Rework BrightnessLibrary using DBusThreadManager
    + Remove google search experiment
    + Only allow to lock the mouse when the tab is in fullscreen mode
    + Expose connection error code to the web app (bug#91402)
    + Make the license tools recoginze the dual license (bug#98116)
    + Don't immediately fill saved passwords in Incognito mode
    + Ensure that --disable-extensions disables extension prefs from
      being enacted
    + Removing mfplayer and mfdecoder tools
* Sun Sep 25 2011
  - Make "Set as default browser" work
  - Update to 16.0.891
    + Prefer curl over wget on linux if installed.
    + Printing: Fix Linux print dialog code when there are no
      printers installed.
    + Do not intitialize V8 in browser process.
    + Suppress race in URLRequestHttpJob/HttpNetworkTransaction
    + Profile shouldn't own PersonalDataManager
    + Remove the old chrome://extensions page, since the URL now
      redirects to the new Settings page.
    + fix disappearing bookmark star on linux/gtk
    + Fix display of "Last Synced as..." in Personal Stuff.
    + FTP: fixed compatibility with servers which send 451 response
      for CWD command.
* Thu Sep 22 2011
  - add versions to some dependencies of subpackages
* Tue Sep 20 2011
  - Added permissions-patch so that the suid-helper will also work
    on distro versions equal to 11.4.
  - Moved the no-sandbox check to the browser start-up script so that
    the enabling of the sandbox is done at runtime (bnc#718016)
* Wed Sep 14 2011
  - Update to 16.0.880
    + Print preview issues with self-closing popups have been fixed
    + Fixed many known stability issues.
    + Change chrome://crash (sad tab page) "Learn more" link to:
      "If you're seeing this frequently, try these suggestions."
      Link "these suggestions" to the "Learn more" help article.
    + Convert chrome://extensions to a settings page within the
      options pages.
    + Beginnings of basic Focus and Key Events.
    + various bugfixes
* Sat Sep 03 2011
  - Update to 15.0.870
    + Fix the print preview regression bug
    + Enable low-latency audio by default
    + Add Indic IME support
    + Switch the native print path on Linux and ChromeOS to use Skia
      instead of Cairo
    + Use 16x16 icons so they don't stretch
    + Turn client-side phishing detection on for non-UMA users
    + Fix a crash on Linux which occurs during drag drop operations
      in the renderer
    + various bugfixes
* Wed Aug 24 2011
  - Update to 15.0.862
    + Fix pyauto autofill flakiness when submitting profile info via
      webpage forms (issues: 90232,89784)
    + Get rid of static TabContentsView::Create function since the
      interface is in content, but the implementations are in chrome.
      (issue: 76697)
    + Suppress another race with KURLGooglePrivate + Workers.
      (issue 93708)
    + Add a new content settings type AUTO-SELECT-CERTIFICATE. The
      default value of the new content settings type AUTO-SELECT-CERTIFICATE
    + Add a policy for whitelisting origins for which client certificates
      should be auto selected.
    + Add a policy to set a default setting for the auto select certificates
* Mon Aug 22 2011
  - Update to 15.0.860
* Sat Aug 20 2011
  - Update to 15.0.859
* Fri Aug 19 2011
  - Update to 15.0.857
    + Issue with the close tab button is fixed.
* Tue Aug 16 2011
  - Update to 15.0.854
  - Enable build of sandbox client as that this is now mandatory
* Sun Aug 07 2011
  - Introduce an option to switch the password store for Chromium in
    a more friendlier way, by using the update-alternatives. The user
    has now the option to install a new package (chromium-desktop-kde
    or chromium-desktop-gnome) and based on this the respective
    password store is selected.
* Sat Aug 06 2011
  - Update to 15.0.846
* Sat Jul 30 2011
  - Update to 15.0.839
* Thu Jul 21 2011
  - Update to 14.0.829
* Sun Jul 17 2011
  - Update to 14.0.825
* Tue Jul 12 2011
  - Fix for bnc#705223:
    + Icons are installed in hicolor instead of oxygen, this ensures
      compatibility with open Desktop standards.
    + Add GTK icon cache update for >= 1140 on %post and %postun.
    + Removed the .png in %{_datadir}/pixmaps as hicolor is a better
    + Add hicolor-icon-theme to BuildRequires and Requires.
* Mon Jun 13 2011
  - Update to 14.0.792
* Mon Jun 06 2011
  - Update to 14.0.786
* Sat Jun 04 2011
  - Update to 14.0.785
* Sat May 28 2011
  - Update to 13.0.780
* Wed May 25 2011
  - Update to 13.0.777
    + Builds now based on system library for V8.
    + Removed Shared Library build due to errors. Everything is back
      into one single binary
    + Added patchfile to build with GCC 4.6
* Sun May 15 2011
  - Update to 13.0.767
* Thu Apr 28 2011
  - Update to 13.0.751
* Fri Apr 22 2011
  - Update to 12.0.744
* Mon Apr 18 2011
  - Update to 12.0.741
  - Include icon-set for Oxygen. (bnc#684728)
* Fri Apr 08 2011
  - Update to 12.0.731
* Sun Apr 03 2011
  - Update to 12.0.724
* Thu Mar 31 2011
  - Update to 12.0.721
* Mon Mar 28 2011
  - Update to 12.0.718
  - Added conflict for xine-browser-plugin
* Wed Mar 16 2011
  - Update to 12.0.705
  - Included option to detect the password store in /usr/bin/chromium
    (options there are detect,default,gnome,kwallet)
* Fri Mar 11 2011
  - Update to 12.0.700
* Wed Mar 09 2011
  - Update to 11.0.698
* Fri Mar 04 2011
  - Update to 11.0.691
* Wed Mar 02 2011
  - Update to 11.0.688
* Sun Feb 27 2011
  - Update to 11.0.685
* Sun Feb 27 2011
  - Update to 11.0.683
    * Chromium will now use the internal ICU libraries for all
      openSUSE versions.
* Wed Feb 16 2011
  - Update to 11.0.674
* Tue Feb 15 2011
  - Update to 11.0.673
    * For Factory the internal ICU libraries are used as that
      Chromium does not build with the ones provided by Factory
* Wed Jan 19 2011
  - add more mimetypes to desktop file
* Sat Dec 25 2010
  - update to 10.0.622.0
* Mon Oct 25 2010
  - Update to 9.0.564 build
    * Added specific patches for MeeGo.
    * We are now using shared libraries for Chromium
    * Spec-file cleanup (Thanks to prusnak)
* Thu Jul 08 2010
  - use jobs instead of a fixed numer of jobs, buildsystem may hang
* Wed Jul 07 2010
  - workaround gcc bug, that produces extremely annoying
    failure of the search bar.
* Mon May 24 2010
  - do not include %{release} in RPM_VERSION that makes the
    package to republish everytime to users even if there
    are no code changes.
* Wed Mar 10 2010
  - Add master_preferences source file and install it to /etc/chromium.
  - Create a new patch (chromium-master-prefs-path.patch) which tells
    chromium to look in /etc/chromium for the master_preferences file
    (instead of looking in the default directory, which is the same
    directory as the 'chrome' binary).
* Sun Mar 07 2010  
  - Update to 5.0.347
    + moved back to static binary again.
    + No longer depends on system v8
* Sun Feb 21 2010  
  - Update to 5.0.341
    + remove courgette build and sources (patent issue)
    + Move to shared libraries build
    + Depends on system v8 again
* Sun Jan 24 2010
  - added vendor to user agent (
* Sun Nov 29 2009
  - added --enable-sync to wrapper to enable bookmark sync
* Sun Nov 29 2009  
  - Update to 4.0.260
* Fri Nov 27 2009  
  - Update to 4.0.259
* Thu Nov 26 2009  
  - Update to 4.0.258
* Tue Nov 24 2009  
  - In order to complete prevent the wrong v8 version to be used,
    the Chromium build has been changed to having an built-in v8
* Tue Nov 24 2009  
  - Re-base patches.
  - Fixed a few patch errors.
  - Rename some patches to better correspond with function.
  - Removed some patches.
  - Minor SPEC changes.
  - I changed the v8 requirement to be exact, instead of greater than a specific version.
* Fri Nov 13 2009
  - update to 247.0 svn 31928
* Fri Oct 30 2009
  - update to 229.0 svn 30454
    + Fix regression where popups and app frames lost their titlebars.
    + Makes it so that when a folder is open on the bookmark bar
      and the mouse moves over another folder, the menu for that
      folder is shown.
    + Lazily create the find bar.
    + Polish to the gmail checker sample.
    * New, crisper icons that are exactly 19x19
    * Add a loading animation at the beginning before Gmail
    * Fix a bug where we sometimes don't update the UI after a
      logout/login cycle.
    + Refactor widget methods to support desktop notifications,
      including GTK stubs.
    + Find-in-page should not ding while deleting characters.
    + Add SSL wrapper for linux and mac.  This allows notifier to
      use chrome's SSL layer instead of OpenSSL.
    + Add three of the six extensions to PAC that Internet Explorer supports.
    + WebSocket support in chromium. (Run with --enable-web-sockets
      enables WebSocket features.)
    + Do not allow GTK File Chooser dialogs to return directories.
    + Fix the notifier SSL layer to make notifications work for
      Linux Bookmark sync.
    + linux: don't override mouse selection behavior in omnibox
* Sun Oct 25 2009
  - Update to 224.4 svn 30027
    + First cut at new page and browser action docs based
      on new API. Deleted old stuff.
    + Add suppression for new memory leak caused by WebKit merge 49830:49844
    + Cleanup: change PIDs to base::ProcessId (or pid_t, as appropriate)
    + Minimize dependency of user scripts
    + Fixup the flip_framer eof-handling semantics now that we have
      the FIN bit in place
    + app depends on x11 because of active_window_watcher_x
    + Adding two images for the new Extension managment UI
    + Removing hard-coded Chrome Frame output path
    + Rearrange clipboard code
    + Fix crash bug when attempting to download a url with unsupported scheme,
      e.g. 'data:', by 'Alt + Click'
    + GTK: Change text for extension download UI
    + Ignore invalid urls on command line
    + Make dropped tabs animate from where they were dropped.
    + Make room for the full width of the tab placeholder.
    + Make tab dragging as smooth as glass.
    + Remove an annoying NOTIMPLEMNETED
    + Extensions: guarantee removal of BROWSER_WINDOW_READY registration
    + If we're in the middle of a drag, don't allow the user to middle
      click to close or right click for the context menu
    + "Fix" a NOTIMPLEMENTED on Linux by using the default password store
    + Remove +x bit from files that shouldn't have it
    + Fold first 3 channels of multichannel instead of 5.  Use fixed point
    + Adding new image needed for the managment UI
    + Fix a race bug where content scripts would not apply to the first page load
    + Make escape remove a bookmark if it's just been added (but not if it already existed)
    + Fix bubbles deactivating the opaque frame
    + Allow ESC to cancel ALT+SHIFT+T in Toolbar
    + ake all pepper plugins default to windowless and transparent
    + Add styles for printing
    + Implement the new extension management UI
    + Add support for to automation interface load install and load extensions
    + GTK: theme the info bar border
    + Update V8 to version
    + Introduce WebSecurityPolicy for security related methods
    + New button scheme...borders are separate from the inner contents so
      that they can be highlighted / depressed independently
    + When opening Chrome maximized with an application window already
      running, the Chrome window was not activated
    + Fix compatibility problems with FileZilla FTP Server
    + Remove the extension shelf on Linux
    + Fix the proxy host and port string to start with http:// if it does not already
    + Enable HTML5 databases for all extension renderer processes
* Sat Oct 24 2009  
  - don't create desktop files in wrapper
  - fix LD_LIBRARY_PATH (chromium-fix-wrapper.patch)
* Tue Oct 20 2009  
  - update to newer svn snapshot
    + Obsoletes fwrite patch (included upstream)
* Fri Oct 16 2009  
  - update to newer svn snapshot
    + Requires newer version of v8
* Thu Oct 15 2009  
  - do not force SSE on x86 (drop-sse.patch)
* Tue Oct 13 2009  
  - Update to newer svn snapshot
  - Fixed spec file in order to build
  - Included patch to build with system zlib
* Mon Oct 12 2009  
  - package renamed to chromium
  - cleaned up spec file
* Tue Oct 06 2009  
  - v8 is now built as a separate package, and is required
  - included many patches to use system libraries:
      v8, icu, libxml2, libxslt, libjpeg, libpng, libevent, bzip2, zlib, nspr, nss
* Thu Oct 01 2009  
  - included a newer DEP than is in svn, native_client@823
  - things should compile cleanly now
* Mon Aug 31 2009  
  - initial build



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Jan 10 06:08:53 2020