This would have gone to squidf, but he has left; so open to all comers.
This is what matters; "Fixed upstream in 129.0.6668.89".

Assignee: bugsquad => pkg-bugs

Upstream has issued an advisory on October 8:
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_8.html

Summary: chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369 and CVE-2024-9370 => chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602 and CVE-2024-9603
CVE: CVE-2024-7025, CVE-2024-9369, CVE-2024-9370 => CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603
Status comment: Fixed upstream in 129.0.6668.89 => Fixed upstream in 129.0.6668.100

Upstream has issued an advisory on October 15:
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_15.html

Upstream has issued an advisory on October 22:
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_22.html

CVE: CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603 => CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603, CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966
Status comment: Fixed upstream in 129.0.6668.100 => Fixed upstream in 130.0.6723.69
Summary: chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602 and CVE-2024-9603 => chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01]

Upstream has issued an advisory on October 29:
https://chromereleases.googleblog.com/2024/10/stable-channel-update-for-desktop_29.html

Severity: major => critical
Summary: chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01] => chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78]
Status comment: Fixed upstream in 130.0.6723.69 => Fixed upstream in 130.0.6723.91

Upstream has issued an advisory on November 5:
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html

Summary: chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78] => chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78], CVE-2024-1082[67]
Status comment: Fixed upstream in 130.0.6723.91 => Fixed upstream in 130.0.6723.116

Upstream has issued an advisory on November 12:
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html

CVE: CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603, CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966 => CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603, CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966,
Summary: chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78], CVE-2024-1082[67] => chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78], CVE-2024-1082[67],CVE-2024-1111(0-7)

Upstream has issued an advisory on November 19:
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_19.html

Summary: chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78], CVE-2024-1082[67],CVE-2024-1111(0-7) => chromium-browser-stable new security issues CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-960[23], CVE-2024-995[4-9], CVE-2024-996[0-6], CVE-2024-10229, CVE-2024-1023[01], CVE-2024-1048[78], CVE-2024-1082[67],CVE-2024-1111(0-7),CVE-2024-11395
Status comment: Fixed upstream in 130.0.6723.116 => Fixed upstream in 131.0.6778.85

Maybe it is time for Mageia to consider to drop Chromium. Inform the users that due to the lack of maintainers, Mageia is no longer able to provide a secure and up to date Chromium version. If the last few Maintainers care about the security of their users, this should be seriously considered.

Recommend alternatives like Firefox or Chrome or the Flatpak Chromium.

If we drop this, note in errata 9 and rel notes 10.

CC: (none) => fri

Agreed.

https://wiki.mageia.org/en/Mageia_9_Errata#Chromium_browser

Keywords: FOR_ERRATA9 => IN_ERRATA9

Upstream has issued an advisory on December 3:
https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop.html

CVE: CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603, CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966, => CVE-2024-7025, CVE-2024-9369, CVE-2024-9370, CVE-2024-9602, CVE-2024-9603, CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957, CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961, CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965, CVE-2024-9966
Status comment: Fixed upstream in 131.0.6778.85 => Fixed upstream in 131.0.6778.108

Upstream has issued an advisory on December 10:
https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_10.html

Upstream has issued an advisory on December 18:
https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html

Upstream has issued an advisory on January 7:
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html

Status comment: Fixed upstream in 131.0.6778.204 => Fixed upstream in 131.0.6778.264

Upstream has issued an advisory on January 14:
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html

Status comment: Fixed upstream in 131.0.6778.264 => Fixed upstream in 132.0.6834.83

Hi Christiaan
I see you almost built it on our build system.
Build failed after 22 hours.
Anyway, nice to "see" you :)

CC: (none) => cjw

I see it built on mga9, and i tested it OK per below :)

But I do not see it in Cauldron?  Dropped?


---

Working well in my usual tests:

Clean install

Restored previous tabs.  I had uninstalled previous old version some weeks ago, so apparently user data was kept :)

Swedish localisation.

Shopping, banking, tax, office, sites - different login methods.

Saved a picture from a Nextcloud login.

Printed web page to boomaga.

Printed fetched pdf to network printer

Opened local pdf and printed it to boomaga using both internal and system print dialogue.

[morgan@svarten ~]$ inxi -SMCG
System:
  Host: svarten.tribun Kernel: 6.6.65-desktop-2.mga9 arch: x86_64 bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASRock model: P55 Pro serial: <superuser required>
    BIOS: American Megatrends v: P2.60 date: 08/20/2010
CPU:
  Info: quad core model: Intel Core i7 870 bits: 64 type: MT MCP cache:
    L2: 1024 KiB
  Speed (MHz): avg: 3213 min/max: 1200/2934 cores: 1: 3213 2: 3213 3: 3213
    4: 3213 5: 3213 6: 3213 7: 3213 8: 3213
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 vendor: amd mesa v: 24.2.8 renderer: AMD Radeon RX
    6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.54 6.6.65-desktop-2.mga9)


Output in terminal from where I launched it, after a short usage:
[morgan@svarten ~]$ chromium-browser 
Gtk-Message: 09:48:14.438: Failed to load module "appmenu-gtk-module": 'gtk_module_display_init': /usr/lib64/gtk-3.0/modules/libwindow-decorations-gtk-module.so: undefined symbol: gtk_module_display_init
[90234:90234:0120/094816.929104:ERROR:secret_portal_key_provider.cc(200)] Keyring unlock cancelled: 2
[90234:90258:0120/094821.219764:ERROR:registration_request.cc(291)] Registration response error message: DEPRECATED_ENDPOINT
[90234:90258:0120/094845.688182:ERROR:registration_request.cc(291)] Registration response error message: DEPRECATED_ENDPOINT
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
*** stack smashing detected ***: terminated
[90234:90258:0120/094935.262432:ERROR:registration_request.cc(291)] Registration response error message: DEPRECATED_ENDPOINT
[104650:104650:0120/095115.812299:ERROR:gpu_blocklist.cc(71)] Unable to get gpu adapter
[90234:90234:0120/095115.813937:ERROR:service_client.cc(36)] Unexpected on_device_model service disconnect: The device's GPU is not supported.
[90234:90258:0120/095128.442606:ERROR:registration_request.cc(291)] Registration response error message: DEPRECATED_ENDPOINT
[90234:90234:0120/095302.621507:ERROR:interface_endpoint_client.cc(725)] Message 1 rejected by interface blink.mojom.WidgetHost
[90234:90258:0120/095500.667770:ERROR:registration_request.cc(291)] Registration response error message: QUOTA_EXCEEDED
libpng warning: iCCP: known incorrect sRGB profile


Only the first few lines, ending with first "DEPRECATED_ENDPOINT" are output at launch, even if only tab restored is Mageia Forum.

The only thing that I think *may* be of concern is "gpu_blocklist.cc(71)] Unable to get gpu adapter", if it use that for some optimisation.  But it works great in my usage.

Assignee: pkg-bugs => qa-bugs

$ chromium-browser --version
Chromium 132.0.6834.84 Mageia.Org 9

(In reply to Morgan Leijström from comment #18)
> But I do not see it in Cauldron?  Dropped?

I am currently trying to build it for Cauldron too, based upon Christiaan's work.

Ok, I have just done a test of Chromium 132 (from tainted updates testing)

I installed it. It still does not properly stream my tv. 

I installed the FLATPAK (identical version number) and the streaming works properly.

One thing I noticed is that when Chromium 132 installed, it appeared to also update the flatpak version to V.132 as well. I had both versions installed at the same time.

Either way, there is something different between the Mageia build of V.132 and the flatpak version of V.132. So whatever else V.132 fixed, it was not the streaming issue.

This one seems to be a real head-scratcher....

CC: (none) => lloyd.osten

MGA9-64 Plasma. Used "chromium*" in qarepo, and updated with no issues.

I use chromium almost exclusively for banking, as my bank doesn't seem to trust any version of Firefox as much, ours or Mozilla's. If we drop chromium, I will have to make alternative arrangements. I'm not excited about using Chrome, so maybe the flatpak version would be the way to go. Watching developments...

I had no problems logging on to my account site, looking things over, and logging out. It looks OK for me.

CC: (none) => andrewsfarm

I'm currently using Chromium V.132 Flatpak. Other than the streaming (which works in this version) the only other differences I can see are you can't select any type of network proxy I don't need that, anyway. The other thing is my bookmarks are in a smaller, non-bold font. But that's about it.

MGA9-64 Plasma Wayland on Compaq H000SB
No installation issues  from tainted update repo.
Watched stream from Washington, and played Finlandia from Youtube, all works OK.

CC: (none) => herman.viaene

Lloyd, what exactly are you trying to stream?
- can others try that without paying?

RH x86_64

installing chromium-browser-stable-132.0.6834.84-1.mga9.tainted.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/1: chromium-browser-stable
                                 ##################################################################################################
      1/1: removing chromium-browser-stable-128.0.6613.137-2.mga9.tainted.x86_64
                                 ##################################################################################################

Test some sites
Youtube OK
Webcam on zoom OK

See similar output as on comment#18

[29947:29947:0120/110705.427883:ERROR:object_proxy.cc(576)] Failed to call method: org.freedesktop.portal.Secret.RetrieveSecret: object_path= /org/freedesktop/portal/desktop: org.freedesktop.DBus.Error.UnknownMethod: No existe la interfaz «org.freedesktop.portal.Secret» en el objeto en la ruta /org/freedesktop/portal/desktop
[29947:29947:0120/110705.427917:ERROR:secret_portal_key_provider.cc(150)] Failed to retrieve secret: No response from portal.
WARNING: radv is not a conformant Vulkan implementation, testing use only.

*** stack smashing detected ***: terminated x 14
[OpenH264] this = 0x0xc64049e3d50, Warning:bEnableFrameSkip = 0,bitrate can't be controlled for RC_QUALITY_MODE,RC_BITRATE_MODE and RC_TIMESTAMP_MODE without enabling skip frame.
[30385:21:0120/110827.973807:ERROR:sdp_offer_answer.cc(425)] A BUNDLE group contains a codec collision for payload_type='111. All codecs must share the same type, encoding name, clock rate and parameters. (INVALID_PARAMETER)
[30385:21:0120/110828.093395:ERROR:sdp_offer_answer.cc(425)] A BUNDLE group contains a codec collision for payload_type='111. All codecs must share the same type, encoding name, clock rate and parameters. (INVALID_PARAMETER)
[30385:22:0120/110828.196999:ERROR:dtls_transport.cc(136)] DtlsTransport in connected state has incomplete TLS information
[30385:22:0120/110828.199190:ERROR:dtls_srtp_transport.cc(208)] No DTLS-SRTP selected crypto suite
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
WARNING: radv is not a conformant Vulkan implementation, testing use only.
[31113:31113:0120/111005.142815:ERROR:gpu_blocklist.cc(71)] Unable to get gpu adapter
[29947:29947:0120/111005.143062:ERROR:service_client.cc(36)] Unexpected on_device_model service disconnect: The device's GPU is not supported.
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
libpng warning: iCCP: known incorrect sRGB profile
[29992:29998:0120/111108.446327:ERROR:ssl_client_socket_impl.cc(876)] handshake failed; returned -1, SSL error code 1, net_error -201
[29992:29998:0120/111116.813532:ERROR:ssl_client_socket_impl.cc(876)] handshake failed; returned -1, SSL error code 1, net_error -201
[29992:29998:0120/111123.496287:ERROR:ssl_client_socket_impl.cc(876)] handshake failed; returned -1, SSL error code 1, net_error -201

libpng warning: iCCP: too many profiles x 16

[29991:29991:0120/111454.951760:ERROR:shared_image_manager.cc(249)] SharedImageManager::ProduceSkia: Trying to Produce a Skia representation from a non-existent mailbox.
libpng warning: iCCP: too many profiles
libpng warning: iCCP: too many profiles
libpng warning: iCCP: too many profiles
libpng warning: iCCP: too many profiles
libpng warning: iCCP: too many profiles
Fontconfig error: Cannot load default config file: No such file: (null)
[32446:12:0120/111900.177504:ERROR:ffmpeg_common.cc(970)] Unsupported pixel format: -1

(In reply to Morgan Leijström from comment #25)
> Lloyd, what exactly are you trying to stream?
> - can others try that without paying?

My TV provider is Bell. (satellite) Unfortunately, you can't connect to it 

(tv.bell.ca) unless you are a paying subscriber and live in Canada. It will not connect through a VPN.

It's odd, but Firefox handles it with no problem. And V.132 of Chromium doesn't work, but the FLATPAK version of Chromium V.132 does work. (same exact version number as Mageia)

Congratulations Nicholas, I see it finally built on Cauldron!
Like usual, we assume it works.

I think we can validate this, any objection?

I will when it lands in updates add a note to Errata that we have this version, but do not think we will keep updating it.  -Or will we?

Whiteboard: (none) => MGA9-64-OK

MGA9-64, ‎AMD Ryzen 5 2600, Nvidia 1650 super, GNOME

--> new install of Chromium

The following 3 packages are going to be installed:

- chromium-browser-132.0.6834.84-1.mga9.tainted.x86_64
- chromium-browser-stable-132.0.6834.84-1.mga9.tainted.x86_64
- google-roboto-fonts-1.2-4.mga9.noarch

679MB of additional disk space will be used.


---

mail, youtube, etc.

works for me

CC: (none) => brtians1

(In reply to Morgan Leijström from comment #28)
> Congratulations Nicholas, I see it finally built on Cauldron!
> Like usual, we assume it works.
> 
> I think we can validate this, any objection?
> 
> I will when it lands in updates add a note to Errata that we have this
> version, but do not think we will keep updating it.  -Or will we?

At the very least, it sounds like we should drop it from Cauldron before the Mageia 10 release, and mention in the release notes that there's a Flatpak version that works on Mageia.

This is a security update and I see no need to test more -> validating.

---

(In reply to David Walser from comment #30)
> (In reply to Morgan Leijström from comment #28)

> At the very least, it sounds like we should drop it from Cauldron before the
> Mageia 10 release, 

Added to Bug 32127 Comment 9

> and mention in the release notes that there's a Flatpak
> version that works on Mageia.

Had already said dropped, now added note on Flatpak and alternatives.

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0020.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Added "Update January 2025: currently it is updated." to
https://wiki.mageia.org/en/Mageia_9_Errata#Chromium_browser