Upstream has released version 38.0.2125.101 on October 7:
This fixes a handful of new security issues.
This is the current version in the stable channel:
Steps to Reproduce:
RedHat has issued an advisory for this today (October 14):
Since when does RedHat have a chromium-browser package!?
Upstream has released version 38.0.2125.104 on October 14:
It has additional bugfixes.
It's checked into SVN. This is the build failure in Cauldron:
AFAICT there is no need to run tools/gn/bootstrap/bootstrap.py - have you tried building without gn?
(In reply to Christiaan Welvaart from comment #4)
> AFAICT there is no need to run tools/gn/bootstrap/bootstrap.py - have you
> tried building without gn?
No, I've checked that into SVN. I'll try it when the mass rebuild finishes.
The build for Cauldron has been pushed.
The build on Mageia 3 fails:
For Mageia 4, it's built in core/updates_testing.
Pascal, the build system is broken and won't allow the tainted build for Mageia 4 to be submitted.
Submission errors, aborting:
- Current or newer revision(s) already exists in core/updates_testing for 4: 38.0.2125.104-1.mga4
mga3 failure: maybe that version of gcc does not understand the C++11 'alignas(n)' (at that place). See mojo/public/c/system/macros.h - *if* this is the problem there is support for GCC's alignment attribute that should be enabled. Is compiling without -std=c++11 an option? Either that or patch the header file.
You're probably right. Patches are welcome.
Strange, it accepted the tainted build here:
[pterjan@chopin-cauldron-64 chromium-browser-stable]$ mgarepo submit --define section=tainted/updates_testing
Submitting chromium-browser-stable at revision 791948
Implicit target: 4
Thanks for your help Christiaan!
Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.
Note to QA: there are both core and tainted builds for this package.
Updated chromium-browser-stable packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Chromium to crash or,
potentially, execute arbitrary code with the privileges of the user running
Chromium (CVE-2014-3188, CVE-2014-3189, CVE-2014-3190, CVE-2014-3191,
CVE-2014-3192, CVE-2014-3193, CVE-2014-3194, CVE-2014-3199, CVE-2014-3200).
Several information leak flaws were found in the processing of malformed
web content. A web page containing malicious content could cause Chromium
to disclose potentially sensitive information (CVE-2014-3195,
Updated packages in core/updates_testing:
Updated packages in tainted/updates_testing:
I will stat to testing it today it,this time i don't wan't to hear that nobody complain that java or flash are not working with chromium !!!!!!.
Testing done Mga4&3 64&32 core/tainted builds no single crash or problems found i will validate it.
Sysadmin please push this to updates.
MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK
I think that this needs a QA team member with SVN access to upload the advisory before it can be pushed to updates.
This is not any new thing that all of qa team testers have access to svn to upload advisories remi or claire do it normally those advisories.
MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK =>
MGA3TOO MGA4-32-OK MGA4-64-OK MGA3-32-OK MGA3-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository.
The tainted packages never got pushed for this update and are still in tainted/updates_testing. Sysadmins, please push them.
For the record, the problem was http://svnweb.mageia.org/advisories/14258.adv?r1=2177&r2=2176&pathrev=2177