Upstream has released version 35.0.1916.114 on May 20: http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
This is Chromium 35, which as previously discusses, will require the Pepper Flash. It also needs to be built with Aura (-Duse_aura=1 gyp flag) as I noted in Bug 13412.
CC: (none) => anssi.hannulaWhiteboard: (none) => MGA4TOO, MGA3TOO
Debian has issued an advisory for this on May 31: https://www.debian.org/security/2014/dsa-2939
URL: (none) => http://lwn.net/Vulnerabilities/601056/
Upstream has released version 35.0.1916.153 on June 10: http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html This fixes more security issues. Debian has issued an advisory for this on June 14: https://www.debian.org/security/2014/dsa-2959
LWN reference for 35.0.1916.153: http://lwn.net/Vulnerabilities/602455/
Summary: chromium-browser-stable new security issues fixed in 35.0.1916.114 => chromium-browser-stable new security issues fixed in 35.0.1916.153
Upstream has released version 36.0.1985.125 on July 16: http://googlechromereleases.blogspot.com/search/label/Stable%20updates This fixes more security issues.
Summary: chromium-browser-stable new security issues fixed in 35.0.1916.153 => chromium-browser-stable new security issues fixed in 36.0.1985.125
Correct link for 36.0.1985.125: http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html Upstream has released version 36.0.1985.143 on August 12: http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html This fixes more security issues.
Summary: chromium-browser-stable new security issues fixed in 36.0.1985.125 => chromium-browser-stable new security issues fixed in 36.0.1985.143
Upstream has released version 37.0.2062.94 on August 26: http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html This fixes more security issues.
Summary: chromium-browser-stable new security issues fixed in 36.0.1985.143 => chromium-browser-stable new security issues fixed in 37.0.2062.94
Gentoo has issued an advisory for this on August 30: http://www.gentoo.org/security/en/glsa/glsa-201408-16.xml from http://lwn.net/Vulnerabilities/610416/
Upstream has released version 37.0.2062.120 today (September 9): http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html This fixes more security issues.
Summary: chromium-browser-stable new security issues fixed in 37.0.2062.94 => chromium-browser-stable new security issues fixed in 37.0.2062.120
Gentoo has issued an advisory for this on September 19: http://www.gentoo.org/security/en/glsa/glsa-201409-06.xml from http://lwn.net/Vulnerabilities/612811/
37.0.2062.120 is in 4/updates_testing
CC: (none) => pterjan
Just a note, it is more difficult for 3 as it seems to require a more recent harfbuzz. Looking more into it. ../../third_party/WebKit/Source/platform/fonts/harfbuzz/HarfBuzzShaper.cpp: In member function 'bool WebCore::HarfBuzzShaper::shapeHarfBuzzRuns()': ../../third_party/WebKit/Source/platform/fonts/harfbuzz/HarfBuzzShaper.cpp:830:62: error: 'hb_buffer_clear_contents' was not declared in this scope
OK. If there's a way to build with the bundled one, that would be fine. Note the change I checked into Mageia 4 SVN (mostly the one Anssi forgot to commit) from Cauldron after you pushed the current build.
A simple patch was enough, and I had missed the change, I'll submit again for 3 and 4.
4 is uploaded and 3 should finish soon, time to sleep.
Thanks Pascal! CC'ing the QA team just in case anyone wants to start playing with it. Note that plugins are not supported anymore, so things like Java and Flash won't work, although Flash should if you also have Chrome installed. TODO: update or remove in Cauldron (planning to remove before mga5) and push tainted builds. Since we missed so many updates, I don't know how many of the CVEs along the way affect the current version that we have, so it'll be a generic advisory when I get to it.
CC: (none) => qa-bugs
I tested chromium-browser-37.0.2062.120-1.mga4 on Mageia 4 64-bits. I do not remember precisely how it was before I install this new version but for now, I am not able anymore to run Flash application. rpm -qa | grep flash gives me flash-player-plugin-kde-11.2.202.406-1.mga4.nonfree flash-player-plugin-11.2.202.406-1.mga4.nonfree Other thinks look to work fine.
CC: (none) => olivier.delaune
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Thanks again to Pascal for helping with this update. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Several security issues and other bugs have been fixed since our previous update. See the upstream release announcements for details. Note that as of version 35, the Chromium browser no longer supports browser plugins, including Flash and Java. If Flash functionality is needed, it is recommended to either use Firefox, or to install the Chrome browser from Google's upstream repository. See the Mageia Forum topic on this for instructions on installing Chrome. References: http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html https://forums.mageia.org/en/viewtopic.php?t=2053 ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-37.0.2062.120-1.mga3 chromium-browser-37.0.2062.120-1.mga3 chromium-browser-stable-37.0.2062.120-1.mga4 chromium-browser-37.0.2062.120-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-37.0.2062.120-1.mga3 chromium-browser-37.0.2062.120-1.mga3 chromium-browser-stable-37.0.2062.120-1.mga4 chromium-browser-37.0.2062.120-1.mga4 from SRPMS: chromium-browser-stable-37.0.2062.120-1.mga3.src.rpm chromium-browser-stable-37.0.2062.120-1.mga4.src.rpm
CC: qa-bugs => (none)Version: Cauldron => 4Assignee: bugsquad => qa-bugsWhiteboard: MGA4TOO, MGA3TOO => MGA3TOO
Testing in mga4-32. It seemed to work fine although I only tried a couple of things. It succeeded in importing my Firefox bookmarks. All links worked. Apps -> YouTube came up OK. Did not login or play videos.
CC: (none) => tarazed25
Tested mga4-64 core and tainted builds Tested general browsing, acid 3 test at acidtests.org, mp3 streaming through https://archive.org/details/Test_Audio_MP3_File on Tainted build. Javatester does not work, as expected with the plugins being ended. Right clicking a youtube video shows it using the html5 player.
CC: (none) => wrw105Whiteboard: MGA3TOO => MGA3TOO mga4-64-ok
Yes java and adobe flash won't work because chrome from 35 version obsoleted npapi plugin support. http://thenextweb.com/google/2014/05/27/google-removes-npapi-apps-extensions-chrome-web-store-homepage-search-results-category-pages/
CC: (none) => ozkyster
Here is more info about those npapi plugins. http://www.webupd8.org/2014/05/google-chrome-stable-35-for-linux.html
Tested mga3-64, core and tainted as in comment 20 above. All OK.
Whiteboard: MGA3TOO mga4-64-ok => MGA3TOO mga4-64-ok mga3-64-ok
Testing complete mga4 32, as comment 20 Needs testing mga3 32 to validate.
Whiteboard: MGA3TOO mga4-64-ok mga3-64-ok => MGA3TOO mga3-64-ok mga4-32-ok mga4-64-ok
Whiteboard: MGA3TOO mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok
Testing complete mga3 32
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok
Validating. Advisory uploaded. Added the tainted srpms to the advisory. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0413.html
Status: NEW => RESOLVEDResolution: (none) => FIXED