Commit graph

34 commits

Author SHA1 Message Date
Than Ngo
125d451ec5 - Update to 142.0.7444.175
- * High CVE-2025-13223: Type Confusion in V8
- * High CVE-2025-13224: Type Confusion in V8
2025-12-01 21:52:46 +09:00
Asahi Lina
975764e257 Update to cef-142.0.14+gceaf578 (rhbz#2413981) 2025-11-18 17:23:07 +09:00
Than Ngo
8707dcd994 - Update to 142.0.7444.162
- * High CVE-2025-13042: Inappropriate implementation in V8
2025-11-15 04:40:46 +09:00
Asahi Lina
0159773b24 Update to cef-142.0.10+g29548e2 (rhbz#2413981) 2025-11-11 17:32:15 +09:00
Than Ngo
2c29b05488 Update to 142.0.7444.134 (rhbz#2413621)
- * High CVE-2025-12725: Out of bounds write in WebGPU
- * High CVE-2025-12726: Inappropriate implementation in Views
- * High CVE-2025-12727: Inappropriate implementation in V8
- * Medium CVE-2025-12728: Inappropriate implementation in Omnibox
- * Medium CVE-2025-12729: Inappropriate implementation in Omnibox
2025-11-09 22:05:49 +09:00
Than Ngo
dde15b4d42 Update to 142.0.7444.59
- * Update to cef-142.0.6+ga56110d (Asahi Lina) (beta)
- * Refreshed ppc64le patches
- * Refreshed system-brotli patch
- * Refreshed clang++-unknown-argument patch
- * Refreshed split-threshold-for-reg-with-hint patch
- * Fixed some FTBFS caused by missing header files
- * Fixed FTBFS caused by old rust compiler
- * Fixed FTBFS caused by new glibc-2.42 in Rawhide
- * Fixed FTBFS caused by old python-3.9.x in EL8/9
- * Dropped obsoleted chromium-141-el9-ffmpeg-5.x-duration.patch for old ffmpeg on EL9
2025-10-30 21:57:11 +09:00
Than Ngo
0f0c5cf790 Update to 141.0.7390.122
- * High CVE-2025-12036 chromium: Inappropriate implementation in V8
2025-10-30 20:33:53 +09:00
Than Ngo
d12d52e97e Update 141.0.7390.107
- * High CVE-2025-11756: Use after free in Safe Browsing
2025-10-30 20:33:53 +09:00
Than Ngo
a860d6d748 Update to 141.0.7390.76 2025-10-30 20:33:53 +09:00
Than Ngo
f7c2acbf51 Update to 141.0.7390.65
- * High CVE-2025-11458: Heap buffer overflow in Sync
- * High CVE-2025-11460: Use after free in Storage
- * Medium CVE-2025-11211: Out of bounds read in WebCodecs
- remove 0001-Change-use-of-removed-intrinsic.patch as it is included in
  141.0.7390.65
2025-10-30 20:33:53 +09:00
Than Ngo
bdf0e5a857 Update to 141.0.7390.54
- * Update to cef-141.0.11+g7e73ac4 (rhbz#2402447) (Asahi Lina)
- * High CVE-2025-11205: Heap buffer overflow in WebGPU
- * High CVE-2025-11206: Heap buffer overflow in Video
- * Medium CVE-2025-11207: Side-channel information leakage in Storage
- * Medium CVE-2025-11208: Inappropriate implementation in Media
- * Medium CVE-2025-11209: Inappropriate implementation in Omnibox
- * Medium CVE-2025-11210: Side-channel information leakage in Tab
- * Medium CVE-2025-11211: Out of bounds read in Media
- * Medium CVE-2025-11212: Inappropriate implementation in Media
- * Medium CVE-2025-11213: Inappropriate implementation in Omnibox
- * Medium CVE-2025-11215: Off by one error in V8
- * Low CVE-2025-11216: Inappropriate implementation in Storage
- * Low CVE-2025-11219: Use after free in V8
- Refreshed ppc64le patches
- Fixed issue with incorrect display of the links on startpage in Darkmode
- Fixed FTBFS - error: no member named 'bPsnrY' in 'Source_Picture_s'
- Fixed, DebugInfo packages aren't being produced
- Refreshed rust-clanglib patch
- Fixed FTBFS due to old ffmpeg on Epel9
- Fixed FTBFS - error: invalid application of 'sizeof' to an incomplete type 'blink::CSSStyleSheet'
- Fixed FTBFS due to missing header files
2025-10-30 20:33:53 +09:00
Than Ngo
4b5a9c1270 Update to 140.0.7339.207
- * CVE-2025-10890: Side-channel information leakage in V8
- * CVE-2025-10891: Integer overflow in V8
- * CVE-2025-10892: Integer overflow in V8
2025-09-30 22:13:00 +09:00
Than Ngo
a7f42a823b Update to 140.0.7339.185
- * CVE-2025-10585: Type Confusion in V8
- * CVE-2025-10500: Use after free in Dawn
- * CVE-2025-10501: Use after free in WebRTC
- * CVE-2025-10502: Heap buffer overflow in ANGLE
- * Fix rendering issue on epel9
2025-09-30 22:13:00 +09:00
Than Ngo
933e2cdd13 Update to 140.0.7339.127
- * CVE-2025-10200: Use after free in Serviceworker
- * CVE-2025-10201: Inappropriate implementation in Mojo
2025-09-30 22:13:00 +09:00
Than Ngo
28dc83db64 Update to 140.0.7339.80 (rhbz#2396308)
- * Update to cef-140.1.15+gfaef09b (rhbz#2380429) (Asahi Lina)
- * CVE-2025-9864: Use after free in V8
- * CVE-2025-9865: Inappropriate implementation in Toolbar
- * CVE-2025-9866: Inappropriate implementation in Extensions
- * CVE-2025-9867: Inappropriate implementation in Downloads
2025-09-30 22:13:00 +09:00
Than Ngo
5f5eceb27f - Update to 139.0.7258.154
- * CVE-2025-9478: Use after free in ANGLE
2025-08-29 19:59:59 +09:00
Asahi Lina
168e14b56b Update to cef 139.0.37+gb457b0b (rhbz#2391243) 2025-08-29 19:59:59 +09:00
Than Ngo
7e2484b8cb - Updated to 139.0.7258.138
- * CVE-2025-9132: Out of bounds write in V8
2025-08-29 19:57:58 +09:00
Asahi Lina
eb81941eaf Update to cef-139.0.26+g9d80e0d 2025-08-21 22:30:33 +09:00
Than Ngo
c8e140d475 - Updated to 139.0.7258.127 (rhbz#2381869)
- * CVE-2025-8879: Heap buffer overflow in libaom
- * CVE-2025-8880: Race in V8
- * CVE-2025-8901: Out of bounds write in ANGLE
- * CVE-2025-8881: Inappropriate implementation in File Picker
- * CVE-2025-8882: Use after free in Aura
2025-08-14 22:05:09 +09:00
Than Ngo
118f391e94 - Updated to 139.0.7258.66
- Asahi Lina: Update to cef-139.0.20+g60bd77d
- * CVE-2025-8576: Use after free in Extensions
- * CVE-2025-8578: Use after free in Cast
- * CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome
- * CVE-2025-8580: Inappropriate implementation in Filesystems
- * CVE-2025-8581: Inappropriate implementation in Extensions
- * CVE-2025-8582: Insufficient validation of untrusted input in DOM
- * CVE-2025-8583: Inappropriate implementation in Permissions
2025-08-14 22:05:04 +09:00
Than Ngo
8f60fa14a7 - Update to 138.0.7204.183
- * CVE-2025-8292: Use after free in Media Stream
2025-08-14 21:53:41 +09:00
Than Ngo
0902ffe4c0 - Update to 138.0.7204.168
- * CVE-2025-8010: Type Confusion in V8
- * CVE-2025-8011: Type Confusion in V8
2025-08-14 21:53:41 +09:00
Asahi Lina
ec604311a2 Update to cef-138.0.25+g251e1c1 (rhbz#2380429) 2025-07-18 00:32:39 +09:00
Than Ngo
62d08ec152 Update to 138.0.7204.157
- * CVE-2025-7656: Integer overflow in V8
- * CVE-2025-7657: Use after free in WebRTC
- * CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU
2025-07-17 21:07:05 +09:00
Asahi Lina
ab41cb19d9 Update to cef-138.0.21+g54811fe (rhbz#2379500)
- Add cherry-pick.sh convenience script
2025-07-12 19:22:33 +09:00
Than Ngo
bc69227c7c Update to 138.0.7204.100 2025-07-12 18:16:19 +09:00
Than Ngo
b8cb2b8882 Update to 138.0.7204.92
- * High CVE-2025-6554: Type Confusion in V8
2025-07-04 19:31:32 +09:00
Asahi Lina
647c02e355 Update to cef-138.0.15+gd0f1f64
- Than Ngo <than@redhat.com>: Update to 138.0.7204.49
- * CVE-2025-6555: Use after free in Animation
- * CVE-2025-6556: Insufficient policy enforcement in Loader
- * CVE-2025-6557: Insufficient data validation in DevTools
2025-07-04 19:31:25 +09:00
Than Ngo
8b2ee14905 Update to 137.0.7151.119
- * CVE-2025-6191: Integer overflow in V8
- * CVE-2025-6192: Use after free in Profiler
2025-07-02 20:20:28 +09:00
Than Ngo
a6e0c0fc47 Update to 137.0.7151.103
- Provide correct version for bundle librarires
- Fix rhbz#2368923, Chromium crash
2025-06-17 23:03:35 +09:00
Than Ngo
8b35dc7f16 Update to 137.0.7151.68 2025-06-17 23:03:23 +09:00
Asahi Lina
f9c6dd4635 Update to cef-137.0.17+gf354b0e
- Than Ngo <than@redhat.com>: Update to 137.0.7151.55
- Fix FTBFS caused by simdutf and pdfium-png_decoder
- Remove chromium-135-gperf.patch and chromium-135-add-cfi-suppressions-for-pipewire-functions.patch, merged by upstream
- Refresh ppc64le patches
- Enable system simdutf for F43
2025-06-17 23:03:08 +09:00
Asahi Lina
a6685f4c36 Initial import (rhbz#2368737)
cef-136.1.6^chromium136.0.7103.113

Based on rpms/chromium.git#e5d715b3d601
2025-06-17 22:58:48 +09:00