Upstream just released the version 102.0.5005.115, fixing bugs and 7 security vulnerabilities. https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html
I see it is building in cauldron. __Thought: I know we use to build for Cauldron first. But our users are on mga8, and build time is long, and it should be tested too before release - during which time our users are not covered by the security update. So maybe we should in future consider building for mga8 before mga9 ?
CC: (none) => fri
Building first in stable breaks upgrades to Cauldron.
It can be submitted to the build system for Mageia 8 first, but qa can not approve the release of the update until it's also available in cauldron.
CC: (none) => davidwhodgins
Hi -> Ready for QA in core/Testing ADVISORY NOTICE PROPOSAL ======================== Updated chromium-browser-stable packages fix bugs and security vulnerabilities Description The chromium-browser-stable package has been updated to the 102.0.5005.115 version, fixing many bugs and 7 CVE. Some of them are listed below: [1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17 [1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19 [1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13 [1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31 [1333948] Various fixes from internal audits, fuzzing and other initiatives References https://bugs.mageia.org/show_bug.cgi?id=30547 https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html SRPMS 8/core chromium-browser-stable-102.0.5005.115-1.mga8 PROVIDED PACKAGES ================= x86_64 chromium-browser-102.0.5005.115-1.mga8.x86_64.rpm chromium-browser-stable-102.0.5005.115-1.mga8.x86_64.rpm i586 chromium-browser-102.0.5005.115-1.mga8.i586.rpm chromium-browser-stable-102.0.5005.115-1.mga8.i586.rpm
Assignee: chb0 => qa-bugsCC: (none) => sysadmin-bugs
No regressions on my system including online banking, and a few other sites. Will wait for a non English tester before validating.
Keywords: (none) => advisoryWhiteboard: (none) => MGA8-64-OK
mga8-64, Plasma, nvidia-current, Swedish § Localisation OK § opened saved tabs § a bunch of warnings output in konsole - normal of modern software :( § watched some video sites § logged in to a couple banks As my test was OK and non-English, per comment 5 I validate
Keywords: (none) => validated_update
(In reply to Morgan Leijström from comment #6) > § a bunch of warnings output in konsole - normal of modern software :( Hi Could you post a list? Is the test done in a VM?
Chromium always does that. It has nothing to do with a VM. You can see it for yourself if you launch it from a terminal. It is ugly, but it's not alone in this. Firefox does it too.
I mentioned the VM because I have seen some warnings related to EGL and GPU acceleration, that I don't see on a hardcore machine. I am not worried, I am just wondering whether there is something to improve (performance wise, maybe); continuous improvement mode.
If you're interested, the messages are ... [46284:46284:0615/192605.832144:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KWallet.isEnabled: object_path= /modules/kwalletd: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.kwalletd was not provided by any .service files [46284:46284:0615/192605.832214:ERROR:kwallet_dbus.cc(100)] Error contacting kwalletd (isEnabled) [46284:46284:0615/192605.832965:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KLauncher.start_service_by_desktop_name: object_path= /KLauncher: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.klauncher was not provided by any .service files [46284:46284:0615/192605.832984:ERROR:kwallet_dbus.cc(72)] Error contacting klauncher to start kwalletd [46284:46284:0615/192605.833993:ERROR:object_proxy.cc(623)] Failed to call method: org.kde.KWallet.close: object_path= /modules/kwalletd: org.freedesktop.DBus.Error.ServiceUnknown: The name org.kde.kwalletd was not provided by any .service files [46284:46284:0615/192605.834013:ERROR:kwallet_dbus.cc(418)] Error contacting kwalletd (close) ATTENTION: default value of option vblank_mode overridden by environment. ATTENTION: default value of option vblank_mode overridden by environment. [46322:46322:0615/192606.062263:ERROR:gbm_wrapper.cc(292)] Failed to export buffer to dma_buf: No such file or directory (2) the above/below message repeated about 30 times. [46322:46322:0615/192606.065142:ERROR:gbm_wrapper.cc(292)] Failed to export buffer to dma_buf: No such file or directory (2) libpng warning: iCCP: known incorrect sRGB profile I don't use kwallet.
Yes and Thunderbird pukes on my terminal too. If not told to, I would never pass a product that spew a lot of errors that looks like they are serious (especially on precious mail), but is normal. And hard to track seriousness unless you know the code... I presiume errors are just fron trying to do something and then it fall backs on alternate ways or it did not matter - but the output should really say so then!! This is sloppy and very arrogant to testers and users! I may be a bit sensitive from working on machinery where defunct control system actually may kill people. A browser just emptying my bank account would not kill me. And I would not kill the programmer either. ;) $ chromium-browser [1485305:1485305:0615/192954.207265:ERROR:vaapi_wrapper.cc(1131)] vaQuerySurfaceAttributes failed, VA error: invalid parameter [1485305:1485305:0615/192954.207310:ERROR:vaapi_wrapper.cc(1078)] FillProfileInfo_Locked failed for va_profile VAProfileH264High and entryptrypointVLD [1485305:1485305:0615/192954.447074:ERROR:gpu_memory_buffer_support_x11.cc(44)] dri3 extension not supported. libpng warning: iCCP: known incorrect sRGB profile [1485272:1485272:0615/195247.839346:ERROR:interface_endpoint_client.cc(665)] Message 1 rejected by interface blink.mojom.WidgetHost [1485272:1485272:0615/195705.676393:ERROR:interface_endpoint_client.cc(665)] Message 0 rejected by interface blink.mojom.WidgetHost Above is after a few sites, and manually removed duplicate lines.
Thanks Morgan and Dave for the additional information. What is reported by Morgan is more what I used to see, here and there, related to graphic acceleration. I have activated our system vaapi. Overall, I think it is beneficial (even if I don't have robust benchmarks), even if leads to some errors/warnings, sometimes to time. I have never seen the kwallet related errors from Dave. I will have a deeper look. I am not concerned by any of these messages. It seems not to impact the customer experience, beside polluting the logs, at a first glance.
I guess I don't see kwallet errors because I am not fond of tying to a DE, so if chromium ever asked to use kwallet I have declined.
The messages for kwallet are due to chromium looking to see if it's available. In systemsettings5/Personalisation/KDE Wallet I have unchecked the box for "Enable KDE wallet subsystem". I wouldn't worry about those messages from chromium about it.
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0232.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED