Upstream has released version 38.0.2125.101 on October 7: http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html This fixes a handful of new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA3TOO
RedHat has issued an advisory for this today (October 14): https://rhn.redhat.com/errata/RHSA-2014-1626.html Since when does RedHat have a chromium-browser package!?
URL: (none) => http://lwn.net/Vulnerabilities/616162/
Upstream has released version 38.0.2125.104 on October 14: http://googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html It has additional bugfixes.
It's checked into SVN. This is the build failure in Cauldron: http://pkgsubmit.mageia.org/uploads/failure/cauldron/core/release/20141016090817.ennael.valstar.21030/log/chromium-browser-stable-38.0.2125.104-1.mga5/build.0.20141016093308.log
CC: (none) => pterjan
AFAICT there is no need to run tools/gn/bootstrap/bootstrap.py - have you tried building without gn?
CC: (none) => cjw
(In reply to Christiaan Welvaart from comment #4) > AFAICT there is no need to run tools/gn/bootstrap/bootstrap.py - have you > tried building without gn? No, I've checked that into SVN. I'll try it when the mass rebuild finishes.
The build for Cauldron has been pushed. The build on Mageia 3 fails: http://pkgsubmit.mageia.org/uploads/failure/3/core/updates_testing/20141021113816.luigiwalser.valstar.1020/log/chromium-browser-stable-38.0.2125.104-1.mga3/build.0.20141021113904.log
For Mageia 4, it's built in core/updates_testing. Pascal, the build system is broken and won't allow the tainted build for Mageia 4 to be submitted. Submission errors, aborting: - chromium-browser-stable-38.0.2125.104-1.mga4: - Current or newer revision(s) already exists in core/updates_testing for 4: 38.0.2125.104-1.mga4
mga3 failure: maybe that version of gcc does not understand the C++11 'alignas(n)' (at that place). See mojo/public/c/system/macros.h - *if* this is the problem there is support for GCC's alignment attribute that should be enabled. Is compiling without -std=c++11 an option? Either that or patch the header file.
You're probably right. Patches are welcome.
Strange, it accepted the tainted build here: [pterjan@chopin-cauldron-64 chromium-browser-stable]$ mgarepo submit --define section=tainted/updates_testing Submitting chromium-browser-stable at revision 791948 URL: svn+ssh://svn.mageia.org/svn/packages/updates/4/chromium-browser-stable Implicit target: 4 Package submitted!
Thanks for your help Christiaan! Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron. Note to QA: there are both core and tainted builds for this package. Advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium (CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191, CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3199, CVE-2014-3200). Several information leak flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to disclose potentially sensitive information (CVE-2014-3195, CVE-2014-3197, CVE-2014-3198). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3188 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3190 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3191 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3192 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3193 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3194 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3195 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3197 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3200 http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html https://rhn.redhat.com/errata/RHSA-2014-1626.html ======================== Updated packages in core/updates_testing: ======================== chromium-browser-stable-38.0.2125.104-1.mga3 chromium-browser-38.0.2125.104-1.mga3 chromium-browser-stable-38.0.2125.104-1.mga4 chromium-browser-38.0.2125.104-1.mga4 Updated packages in tainted/updates_testing: ======================== chromium-browser-stable-38.0.2125.104-1.mga3 chromium-browser-38.0.2125.104-1.mga3 chromium-browser-stable-38.0.2125.104-1.mga4 chromium-browser-38.0.2125.104-1.mga4 from SRPMS: chromium-browser-stable-38.0.2125.104-1.mga3.src.rpm chromium-browser-stable-38.0.2125.104-1.mga4.src.rpm
Assignee: bugsquad => qa-bugs
I will stat to testing it today it,this time i don't wan't to hear that nobody complain that java or flash are not working with chromium !!!!!!.
CC: (none) => ozkyster
Testing done Mga4&3 64&32 core/tainted builds no single crash or problems found i will validate it. Sysadmin please push this to updates.
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: MGA3TOO => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK
I think that this needs a QA team member with SVN access to upload the advisory before it can be pushed to updates.
This is not any new thing that all of qa team testers have access to svn to upload advisories remi or claire do it normally those advisories.
Advisory uploaded.
Whiteboard: MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK => MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0428.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
The tainted packages never got pushed for this update and are still in tainted/updates_testing. Sysadmins, please push them.
Status: RESOLVED => REOPENEDResolution: FIXED => (none)
Status: REOPENED => RESOLVEDResolution: (none) => FIXED
For the record, the problem was http://svnweb.mageia.org/advisories/14258.adv?r1=2177&r2=2176&pathrev=2177