Upstream has released version 98.0.4758.80 on February 1: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html It fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Hi src.rpm is ready for review by neoclust A few users have been testing it, without any issue reported. There is still this strange "flood" of messages while launched from a terminal, as reported in https://bugs.mageia.org/show_bug.cgi?id=29846 Even if it doesn't happen so with Cauldron, I will file a bug report against Chromium to get their view. It does sound to impact the user experience though.
CC: (none) => chb0
Chromium bug report link: https://bugs.chromium.org/p/chromium/issues/detail?id=1293898 No impact for the user though. Cauldron is not affected.
CC: (none) => mageia
"Flood" of *stack smashing* messages is now fixed. @Nicolas, up to you now.
Hi. Package for 98.0.4758.102 is now ready for review. I have fixed also a few bugs leading to error messages in the terminal, without any crash.
I don't see anything attached or committed in SVN.
Upstream has released version 98.0.4758.102 on February 14: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html It fixes several new security issues. One of the issues is reportedly being exploited in the wild. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Summary: chromium-browser-stable new security issues fixed in 98.0.4758.80 => chromium-browser-stable new security issues fixed in 98.0.4758.102
(In reply to David Walser from comment #5) > I don't see anything attached or committed in SVN. I usually go through Nicolas Lecureuil who is my packager mentor. He knows where to find the src.rpm Or do you want me to put it somewhere else as well?
You could attach an svn diff here.
(In reply to David Walser from comment #8) > You could attach an svn diff here. Hi. Sadly, I don't use svn and I don't know how to. But if you or Nicolas guide me a little, I am always eager to learn! I did some reading and it looks like svn is a bit like Github, offering the ability to clone a tree and to work on it. Is it correct?
All of our package sources are in SVN (yes its a revision control system like git). If you're a packaging mentee, you should be working from SVN checkouts of our package sources and submitting svn diffs to your mentor. We have a tool called mgarepo that you can use to easily checkout package sources from SVN. All you have to do is install the mgarepo package (you might have to edit mgarepo.conf to change it to anonymous checkouts if it doesn't default to that. There's pages on the Mageia wiki explaining mgarepo and our packaging processes.
i will add it :)
Upstream has released version 99.0.4844.51 on March 1: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html It fixes several new security issues. This is the current version in the stable channel: http://googlechromereleases.blogspot.com/search/label/Stable%20updates
Summary: chromium-browser-stable new security issues fixed in 98.0.4758.102 => chromium-browser-stable new security issues fixed in 99.0.4844.51
Hi Meanwhile, 98.0.4758.102 has landed on testing. I have not found any announcement in a bug report; it is not listed on the QA list either. Who has put it there? With Nicolas, we are working to propose 99.0.4844.51 some time next week. What should we do with the 98 version in testing?
Anyone can test it for regressions if they want, but formal testing should wait for 99.
Hi 99.0.4844.51 is now available in Cauldron. Build is ongoing for MGA8. I'll let you know when ready; within 1 or 2 days, most probably.
Hi 99.0.4844.51 is now available in core-updates_testing, MGA8. @David: do you need any help with the advisory notice, or have you prepared it already? SRPMS 8/core chromium-browser-stable-99.0.4844.51-1.mga8.src.rpm PROVIDED PACKAGES: x86_64 chromium-browser-99.0.4844.51-1.mga8.x86_64.rpm chromium-browser-stable-99.0.4844.51-1.mga8.x86_64.rpm i586 chromium-browser-99.0.4844.51-1.mga8.i586.rpm chromium-browser-stable-99.0.4844.51-1.mga8.i586.rpm
CC: (none) => sysadmin-bugsAssignee: cjw => qa-bugs
We use a generic advisory for this one. You can copy it from a previous bug. References are the release announcements in Comment 0, Comment 6, and Comment 12.
CC: sysadmin-bugs => (none)
Hi David. All the CVEs were listed on the previous advisory. It would be more than 60 since the previous release (97_). Should I do that? It would be a very long list, that anyone could retrieve right away by looking at the links in reference. If CVEs don't need to be listed, here is an advisory proposal: Description Chrome 99.0.4844.51 contains a number of fixes and improvements. - 99.0.4844.51: 28 security fixes. - 98.0.4758.102: 11 security fixes. - 98.0.4758.80: 27 security fixes. References https://bugs.mageia.org/show_bug.cgi?id=29988 https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html SRPMS 8/core chromium-browser-stable-99.0.4844.51-1.mga8
Yeah, we usually don't list the CVEs when there gets to be that many. This will work. Suggested advisory: ======================== Updated chromium-browser-stable packages fix security vulnerabilities. The chromium-browser-stable package has been updated to the 99.0.4844.51 version that fixes multiples security vulnerabilities. References: https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Updated chromium without issues: Video (youtube) OK Bank Site OK Facebook OK
CC: (none) => guillaume.royer
Tested on real hardware with Mageia 8 Plasma i586 Youtube Ok Common browsing looks fine Not regression related to bug#29680
Mageia 8 x86_64, working fine here too.
Whiteboard: (none) => MGA8-64-OK
mga8-64 Plasma. No installation issues. Checked several sites: 1) NASA GRACE root zone moisture map for the United States. Lots of dryness in the West, but not in the northeast where I live. 2) NOAA Climate Prediction Center. Predictions for the next month are for warmer than normal temperatures and wetter than normal. 3) Video of the latest forecast from a local TV station. Relatively nice weather in store for this week. 4) Arcamax comics. Looked at a couple of today's comic strips. 5) This page, where I successfully logged in using saved login credentials imported from Firefox, and where I am now making this report. Looking good to me. Since this is listed as a critical update, and because one issue is reported as having been exploited, I'm not going to delay this while waiting for more tests. Validating.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
Hi, Updated from 98 version, without issues. Banks ok. Video ok. Sound ok. Settings ok. Addons ok. Greetings!
CC: (none) => joselp
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0099.html
Status: NEW => RESOLVEDResolution: (none) => FIXED