Releases: secureblue/Trivalent
Releases · secureblue/Trivalent
142.0.7444.59-440428
What's Changed
- chore: switch to environment secrets by @RoyalOughtness in #485
- fix: environment change based on test_build variable by @RoyalOughtness in #486
- chore: delete approvals action by @RoyalOughtness in #487
- docs(versioning): add note about off-versioning by @RKNF404 in #489
- feat: force third party ntp by @RoyalOughtness in #490
- chore(port): update patches to version 142 by @RKNF404 in #480
- fix(formatting): incorrect placement of commas by @RKNF404 in #491
- fix: add patch reverting upstream changes to gclient path logic by @RoyalOughtness in #492
Upstream CVEs Fixed
- CVE-2025-12428
- CVE-2025-12429
- CVE-2025-12430
- CVE-2025-12431
- CVE-2025-12432
- CVE-2025-12433
- CVE-2025-12036
- CVE-2025-12434
- CVE-2025-12435
- CVE-2025-12436
- CVE-2025-12437
- CVE-2025-12438
- CVE-2025-12439
- CVE-2025-12440
- CVE-2025-12441
- CVE-2025-12443
- CVE-2025-12444
- CVE-2025-12445
- CVE-2025-12446
- CVE-2025-12447
Full Changelog: 141.0.7390.127-440331...142.0.7444.59-440428
Contributors
RoyalOughtness and RKNF404
Assets 4
141.0.7390.127-440331
What's Changed
- feat: Disable optimizers with JIT enabled by @RKNF404 in #481
- feat(versioning): add support for off-version tag releases by @RKNF404 in #482
- chore: set 141.0.7390.127 version due to chromium issue #454351794 by @RoyalOughtness in #484
Upstream CVE fixes
- Fixes CVE-2025-12036, thanks to @uazo for identifying this miss by Google.
Full Changelog: 141.0.7390.122-440271...141.0.7390.127-440331
Contributors
uazo, RoyalOughtness, and RKNF404
Assets 4
141.0.7390.122-440271
What's Changed
- chore: add dependabot cooldown by @RoyalOughtness in #469
- feat: switch to stepsecurity image by @RoyalOughtness in #471
- fix: update deps so that dnf doesn't get confused by @RoyalOughtness in #472
- chore(port): port patches to 142 by @RKNF404 in #478
- chore: Revert "chore(port): port patches to 142 (#478)" by @RoyalOughtness in #479
Full Changelog: 141.0.7390.107-440120...141.0.7390.122-440271
Contributors
RoyalOughtness and RKNF404
Assets 4
141.0.7390.107-440120
What's Changed
- fix(build): grep command should be arch-agnostic by @RoyalOughtness in #456
- chore: add openssf scorecard.dev scanning by @RoyalOughtness in #455
- chore: delete auth schemes patch by @RoyalOughtness in #460
- fix(provenance): sign rpm before generating subject hash by @RoyalOughtness in #459
- chore: Use absolute path for trivalent everywhere In the desktop entry by @nrz-21 in #458
- chore: label .spec for linguist by @RoyalOughtness in #457
- chore(deps): bump github/codeql-action from 4.30.7 to 4.30.8 by @dependabot[bot] in #461
- chore: Various Improvements by @RKNF404 in #438
- fix: only search processes run by current user by @HastD in #463
- chore: update vanadium patches by @RoyalOughtness in #464
- feat(supplychain): enable egress auditing by @RoyalOughtness in #465
- chore(scorecard): add SECURITY.md by @RoyalOughtness in #466
- docs: add more README badges by @RoyalOughtness in #467
New Contributors
Full Changelog: 141.0.7390.76-440020...141.0.7390.107-440120
Contributors
dependabot, HastD, and 3 other contributors
Assets 4
141.0.7390.76-440020
What's Changed
- chore: Revert "chore(build): switch back to github large runners unti… by @RoyalOughtness in #440
- fix(supplychain): set subject correctly for provenance generation by @RoyalOughtness in #441
- fix(provenance): reduce error prone provenance subject generation by @RoyalOughtness in #442
- feat: try runs-on by @RoyalOughtness in #443
- feat(build): define parameters for runs-on runners by @RoyalOughtness in #444
- chore: set runs-on runners for the right build step by @RoyalOughtness in #445
- fix(build): runs-on syntax by @RoyalOughtness in #446
- fix(build): set correct ami identifiers by @RoyalOughtness in #447
- fix(build): need sudo for installing packages by @RoyalOughtness in #448
- fix(build): install mock from EPEL by @RoyalOughtness in #449
- fix(build): pass -y to epel installer by @RoyalOughtness in #450
- fix(build): add build user to the mock group by @RoyalOughtness in #451
- chore(build): switch to price-capacity-optimized to reduce the chance… by @RoyalOughtness in #452
- chore(build): switch image families to ensure disk space by @RoyalOughtness in #453
- fix(supplychain): set correct step id for subject hash by @RoyalOughtness in #454
Full Changelog: 141.0.7390.65-439968...141.0.7390.76-440020
Contributors
RoyalOughtness
Assets 4
141.0.7390.65-439968
What's Changed
- fix(arm): update rust clanglib patch by @RoyalOughtness in #424
- chore: add initial changelog by @RoyalOughtness in #426
- chore(build): remove dep on sysroot by @RKNF404 in #427
- chore: pull upstream bugfix patch from fedora by @RoyalOughtness in #428
- chore(cicd): bump hashes and switch to github large runners by @RoyalOughtness in #429
- fix: rpm still needs srpm by @RoyalOughtness in #430
- chore: surface build.log to github logs by @RoyalOughtness in #432
- chore: cap rpm build time to 3 hours by @RoyalOughtness in #433
- feat(supplychain): add build provenance by @RoyalOughtness in #434
- build(blacksmith): Migrate rpm workflow to Blacksmith runners by @blacksmith-sh[bot] in #435
- feat(ci): add test build workflows by @RoyalOughtness in #436
- fix: worfklow permissions required for provenance generation by @RoyalOughtness in #437
- chore(build): switch back to github large runners until blacksmith is… by @RoyalOughtness in #439
New Contributors
- @blacksmith-sh[bot] made their first contribution in #435
Full Changelog: 141.0.7390.54-439843...141.0.7390.65-439968
Contributors
RoyalOughtness and RKNF404
Assets 2
141.0.7390.54-439843
What's Changed
- feat: enable drumbrake by default by @RKNF404 in #411
- chore: adjust wording on DrumBrake flag by @RKNF404 in #412
- chore: 141 port by @RKNF404 in #413
- chore: pull 141 patches from Vanadium by @RoyalOughtness in #414
- fix: 141 libcxx modules build by @RKNF404 in #415
- chore: Revert "fix: 141 libcxx modules build (#415)" by @RoyalOughtness in #416
- fix(build): enable sysroot by @RoyalOughtness in #417
- fix(build): drop unavailable image policy by @RoyalOughtness in #418
- chore: remove old fix patch by @RKNF404 in #419
- fix: use bundled ffi by @RoyalOughtness in #420
- chore: temporarily drop search selection patch by @RoyalOughtness in #421
- fix: hide safety hub by @RoyalOughtness in #422
- fix: search selection crashes by @RKNF404 in #423
Full Changelog: 140.0.7339.207-439665...141.0.7390.54-439843
Contributors
RoyalOughtness and RKNF404
Assets 2
140.0.7339.207-439665
What's Changed
Full Changelog: 140.0.7339.185-439535...140.0.7339.207-439665
Contributors
RKNF404
Assets 2
140.0.7339.185-439535
What's Changed
- fix: build hardening typo by @RoyalOughtness in #403
- build: disable shadow_call_stack for aarch64 by @RoyalOughtness in #404
- chore: hide ui popup text by @RKNF404 in #405
- chore: hide google help link in settings search by @RKNF404 in #407
- chore(deps): bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 by @dependabot[bot] in #406
Full Changelog: 140.0.7339.127-439381...140.0.7339.185-439535
Contributors
dependabot, RoyalOughtness, and RKNF404
Assets 2
140.0.7339.127-439381
What's Changed
- chore: re-enable audio sandbox by @RKNF404 in #393
- fix: FTBFS patch by @RoyalOughtness in #394
- chore: remove fedora patches from updater by @RKNF404 in #395
- fix: search selection screen by @RKNF404 in #398
- chore: Fix hide tab preview by @RKNF404 in #397
- fix: patch to disable ai features by @RoyalOughtness in #399
- fix: audio sandbox fix patch by @RoyalOughtness in #402
Full Changelog: 140.0.7339.80-439230...140.0.7339.127-439381
Contributors
RoyalOughtness and RKNF404