FEDORA-2020-b68c0b124f created by spot 7 months ago for Fedora 32
obsolete

Black Lives Matter. Saying this does not mean that other lives do not matter. It should not be controversial to say this. If I say Chromium updates matter, it does not mean that other Fedora packages do not matter, it means that a Chromium update is needed to fix this giant pile of severe security vulnerabilities, here, today, now:

CVE-2020-6463 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6469 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6476 CVE-2020-6478 CVE-2020-6479 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 CVE-2020-6483 CVE-2020-6484 CVE-2020-6485 CVE-2020-6486 CVE-2020-6487 CVE-2020-6488 CVE-2020-6489 CVE-2020-6490 CVE-2020-6491 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507

In making that analogy, I do not intend to trivialize BLM. In no way do I mean to compare the lives of people to a silly web browser update. People are infinitely important than software. But since I'm here to push this software update out, I am also choosing to say clearly and unambiguously that Black Lives Matter.

Open Source proves that many voices, many contributions, together can change the world. It depends on it. This is my voice.

This update has been submitted for testing by spot.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

spot edited this update.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago
User Icon imabug provided feedback 7 months ago
karma

This update has been pushed to testing.

7 months ago
User Icon cserpentis commented & provided feedback 7 months ago
karma

works for me

This update can be pushed to stable now if the maintainer wishes

7 months ago
User Icon ojab commented & provided feedback 7 months ago
karma

Scaling using GDK_SCALE= is broken (i. e. GDK_SCALE=2 chromium shows unscaled browser).

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

7 months ago
User Icon spot commented & provided feedback 7 months ago

Did GDK_SCALE= work before? Does it work in Google Chrome?

User Icon ojab commented & provided feedback 7 months ago

It works in chromium-81.0.4044.138-1.fc32 from updates repo & it works in google-chrome-stable-83.0.4103.116 from google's rpm.

User Icon spot commented & provided feedback 7 months ago

Hmmmm. Okay. Is this in Wayland or Xorg?

User Icon ojab commented & provided feedback 7 months ago

Wayland (sway), but I suppose it would behave the same way in GNOME.

User Icon spot commented & provided feedback 7 months ago

This is going to be difficult for me to troubleshoot, as I do not have a hiDPI monitor and GTK_SCALE does nothing for me without one. I need this update to go out to fix the serious security issues, so please open a bug to track this in bugzilla.

User Icon spot commented & provided feedback 7 months ago

Never mind, I see my typo now and have reproduced. :/

User Icon atim provided feedback 7 months ago
karma

don't use it much.

User Icon kat75ro commented & provided feedback 7 months ago
karma

chromium crashes when trying to screenshare/window share in meet.google.com or meet.jit.si or similar webrtc apps. Does not crash when sharing a tab.

User Icon ojab commented & provided feedback 7 months ago

Also paste from non-gtk wayland apps is broken. sudo dnf install wireshark, input something into display filter field, copy it via Ctrl-C, Ctrl-V in chromium does nothing (this is Qt5). The same is reproducible with https://github.com/alacritty/alacritty (it's not in fedora, but there is spec in the repo), which doesn't use UI-frameworks.

User Icon spot commented & provided feedback 7 months ago

I'm about to push updates for 83.0.4103.116 into bodhi, which will supercede this one (and inherit it). I think I figured out what I did that broke the behavior, but please test and let me know.

This update has been obsoleted by chromium-83.0.4103.116-2.fc32.

7 months ago
User Icon johnmh commented & provided feedback 7 months ago

Maybe, within the Fedora project itself, we should stay away from highly controversial political issues, such as support for terrorist organizations such as Black Lives Matter. While the statement itself is certainly something I'm sure we can all agree with, the organization itself is another issue entirely.

User Icon spot commented & provided feedback 7 months ago

Maybe, but then again, no.


Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 months ago
in testing
7 months ago
modified
7 months ago
BZ#1837877 CVE-2020-6465 chromium-browser: Use after free in reader mode
0
0
BZ#1837878 CVE-2020-6466 chromium-browser: Use after free in media
0
0
BZ#1837879 CVE-2020-6467 chromium-browser: Use after free in WebRTC
0
0
BZ#1837880 CVE-2020-6468 chromium-browser: Type Confusion in V8
0
0
BZ#1837882 CVE-2020-6470 chromium-browser: Insufficient validation of untrusted input in clipboard
0
0
BZ#1837883 CVE-2020-6471 chromium-browser: Insufficient policy enforcement in developer tools
0
0
BZ#1837884 CVE-2020-6472 chromium-browser: Insufficient policy enforcement in developer tools
0
0
BZ#1837885 CVE-2020-6473 chromium-browser: Insufficient policy enforcement in Blink
0
0
BZ#1837886 CVE-2020-6474 chromium-browser: Use after free in Blink
0
0
BZ#1837887 CVE-2020-6475 chromium-browser: Incorrect security UI in full screen
0
0
BZ#1837888 CVE-2020-6477 chromium-browser: Inappropriate implementation in installer
0
0
BZ#1837889 CVE-2020-6478 chromium-browser: Inappropriate implementation in full screen
0
0
BZ#1837890 CVE-2020-6480 chromium-browser: Insufficient policy enforcement in enterprise
0
0
BZ#1837891 CVE-2020-6481 chromium-browser: Insufficient policy enforcement in URL formatting
0
0
BZ#1837892 CVE-2020-6482 chromium-browser: Insufficient policy enforcement in developer tools
0
0
BZ#1837893 CVE-2020-6483 chromium-browser: Insufficient policy enforcement in payments
0
0
BZ#1837894 CVE-2020-6484 chromium-browser: Insufficient data validation in ChromeDriver
0
0
BZ#1837896 CVE-2020-6485 chromium-browser: Insufficient data validation in media router
0
0
BZ#1837897 CVE-2020-6486 chromium-browser: Insufficient policy enforcement in navigations
0
0
BZ#1837898 CVE-2020-6487 chromium-browser: Insufficient policy enforcement in downloads
0
0
BZ#1837899 CVE-2020-6488 chromium-browser: Insufficient policy enforcement in downloads
0
0
BZ#1837900 CVE-2020-6489 chromium-browser: Inappropriate implementation in developer tools
0
0
BZ#1837901 CVE-2020-6490 chromium-browser: Insufficient data validation in loader
0
0
BZ#1837902 CVE-2020-6491 chromium-browser: Incorrect security UI in site information
0
0
BZ#1837904 CVE-2020-6465 CVE-2020-6466 CVE-2020-6467 CVE-2020-6468 CVE-2020-6470 CVE-2020-6471 CVE-2020-6472 CVE-2020-6473 CVE-2020-6474 CVE-2020-6475 CVE-2020-6477 CVE-2020-6478 CVE-2020-6480 CVE-2020-6481 CVE-2020-6482 ... chromium: various flaws [fedora-all]
0
0
BZ#1837907 CVE-2020-6469 chromium-browser: Insufficient policy enforcement in developer tools
0
0
BZ#1837908 CVE-2020-6469 chromium: chromium-browser: Insufficient policy enforcement in developer tools [fedora-all]
0
0
BZ#1837912 CVE-2020-6476 chromium-browser: Insufficient policy enforcement in tab strip
0
0
BZ#1837914 CVE-2020-6476 chromium: chromium-browser: Insufficient policy enforcement in tab strip [fedora-all]
0
0
BZ#1837927 CVE-2020-6479 chromium-browser: Inappropriate implementation in sharing
0
0
BZ#1837930 CVE-2020-6479 chromium: chromium-browser: Inappropriate implementation in sharing [fedora-all]
0
0
BZ#1847268 CVE-2020-6505 chromium-browser: Use after free in speech
0
0
BZ#1847269 CVE-2020-6506 chromium-browser: Insufficient policy enforcement in WebView
0
0
BZ#1847270 CVE-2020-6507 chromium-browser: Out of bounds write in V8
0
0
BZ#1847272 CVE-2020-6505 CVE-2020-6506 CVE-2020-6507 chromium: various flaws [fedora-all]
0
0

Automated Test Results