chromium-browser (41.0.2272.76-0ubuntu0.14.04.1.1076) trusty-security; urgency=medium * Upstream release 41.0.2272.76: - CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213: Out-of-bounds write in skia filters. - CVE-2015-1214: Out-of-bounds write in skia filters. - CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer overflow in webgl. - CVE-2015-1220: Use-after-free in gif decoder. - CVE-2015-1221: Use-after-free in web databases. - CVE-2015-1222: Use-after-free in service workers. - CVE-2015-1223: Use-after-free in dom. - CVE-2015-1230: Type confusion in v8. - CVE-2015-1224: Out-of-bounds read in vpxdecoder. - CVE-2015-1225: Out-of-bounds read in pdfium. - CVE-2015-1226: Validation issue in debugger. - CVE-2015-1227: Uninitialized value in blink. - CVE-2015-1228: Uninitialized value in rendering. - CVE-2015-1229: Cookie injection via proxies. - CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 40.0.2214.115. * debian/patches/coordinate-space-map: Backport v43 and unofficial coordinate mapping to fix some high-dpi problems in popup menu placement. * debian/apport/chromium-browser.py: Simplify. Use more standard functions from apport utility. Add CPU usage information. Add bargraph of "running" processes, so bugpatterns can sort away busy machines, and then classify remainder according to procline "gpu-vendor=id" param. * debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the GPU is really hung, the extra time matters little. It's probably not recoverable. Reviews of apport reports find no common thread among GPUs vendors. Notes at crbug.com/221882 suggest busy CPUs could trigger hang. Will additionally use apport bugpatterns to comb dmesg for actual crashes and route to specific GPU-driver bugs. -- Chad MILLER Wed, 04 Mar 2015 10:25:03 -0500 chromium-browser (40.0.2214.111-0ubuntu0.14.04.1.1069) trusty-security; urgency=medium * Upstream release 40.0.2214.111: - CVE-2015-1209: Use-after-free in DOM. - CVE-2015-1210: Cross-origin-bypass in V8 bindings. - CVE-2015-1211: Privilege escalation using service workers. - CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives. -- Chad MILLER Fri, 06 Feb 2015 09:38:15 -0500 chromium-browser (40.0.2214.94-0ubuntu0.14.04.1.1068) trusty-security; urgency=medium * Upstream release 40.0.2214.94. * Upstream release 40.0.2214.93. * Upstream release 40.0.2214.91. (LP: #1414753) - CVE-2014-7923: Memory corruption in ICU. - CVE-2014-7924: Use-after-free in IndexedDB. - CVE-2014-7925: Use-after-free in WebAudio. - CVE-2014-7926: Memory corruption in ICU. - CVE-2014-7927: Memory corruption in V8. - CVE-2014-7928: Memory corruption in V8. - CVE-2014-7930: Use-after-free in DOM. - CVE-2014-7931: Memory corruption in V8. - CVE-2014-7929: Use-after-free in DOM. - CVE-2014-7932: Use-after-free in DOM. - CVE-2014-7933: Use-after-free in FFmpeg. - CVE-2014-7934: Use-after-free in DOM. - CVE-2014-7935: Use-after-free in Speech. - CVE-2014-7936: Use-after-free in Views. - CVE-2014-7937: Use-after-free in FFmpeg. - CVE-2014-7938: Memory corruption in Fonts. - CVE-2014-7939: Same-origin-bypass in V8. - CVE-2014-7940: Uninitialized-value in ICU. - CVE-2014-7941: Out-of-bounds read in UI. - CVE-2014-7942: Uninitialized-value in Fonts. - CVE-2014-7943: Out-of-bounds read in Skia. - CVE-2014-7944: Out-of-bounds read in PDFium. - CVE-2014-7945: Out-of-bounds read in PDFium. - CVE-2014-7946: Out-of-bounds read in Fonts. - CVE-2014-7947: Out-of-bounds read in PDFium. - CVE-2014-7948: Caching error in AppCache. * debian/patch/search-credit: Don't force client in GOOG suggestions search. (LP: #1398900) * debian/patches/dri3-within-sandbox: Backport V41 sandbox, fixing DRI3. (LP: #1378627) * debian/patches/macro-templates-not-match: Remove. No longer necessary. * debian/patches/arm-neon.patch: Kill armv7=neon assumption. Fix typos. * debian/rules: chrpath for all packages. (LP: #1415555) -- Chad MILLER Fri, 30 Jan 2015 15:48:09 -0500 chromium-browser (39.0.2171.65-0ubuntu1.1103) vivid; urgency=medium * Upstream release 39.0.2171.65: - CVE-2014-7899: Address bar spoofing. - CVE-2014-7900: Use-after-free in pdfium. - CVE-2014-7901: Integer overflow in pdfium. - CVE-2014-7902: Use-after-free in pdfium. - CVE-2014-7903: Buffer overflow in pdfium. - CVE-2014-7904: Buffer overflow in Skia. - CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. - CVE-2014-7906: Use-after-free in pepper plugins. - CVE-2014-0574: Double-free in Flash. - CVE-2014-7907: Use-after-free in blink. - CVE-2014-7908: Integer overflow in media. - CVE-2014-7909: Uninitialized memory read in Skia. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/search-credit.patch: Include "client" in google search prepopulated template's parameters. * debian/tests/testdata/9-search-credit.sikuli: Verify search URL has parameter. * debian/source/lintian-overrides: Ignore android tools we don't use. * debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we configure to have no symbols in builder (because they are humongous otherwise). * debian/control: Bump standards version. Version dep "bash". Remove duplicate language from package descriptions. * debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test for dead NPAPI unity-webapps extension. -- Chad MILLER Sat, 22 Nov 2014 14:06:34 -0500 chromium-browser (38.0.2125.111-0ubuntu1.1103) vivid; urgency=medium * Upstream release 38.0.2125.111. * Upstream release 38.0.2125.104. * Upstream release 38.0.2125.101: (LP: #1310163) - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2014-3189: Out-of-bounds read in PDFium. - CVE-2014-3190: Use-after-free in Events. - CVE-2014-3191: Use-after-free in Rendering. - CVE-2014-3192: Use-after-free in DOM. - CVE-2014-3193: Type confusion in Session Management. - CVE-2014-3194: Use-after-free in Web Workers. - CVE-2014-3195: Information Leak in V8. - CVE-2014-3196: Permissions bypass in Windows Sandbox. - CVE-2014-3197: Information Leak in XSS Auditor. - CVE-2014-3198: Out-of-bounds read in PDFium. - CVE-2014-3199: Release Assert in V8 bindings. - CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy. * Make the verification step in clean make more compare-able output. * debian/patches/configuration-directory.patch: Account for new location of policies directory in /etc . Change back. (LP: #1373802) * debian/patches/lp-translations-paths: Map old third_party filenames to new name after processor compiles. * debian/rules: Fix patch-translations rule, workflow. * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable. * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS, which has never worked. (LP: #1381644) * debian/patches/disable-sse: Disable more SSE #includes. * debian/rules: Omit unnecessary files from packaging. * debian/chromium-browser.sh.in: Fix variable name bug and suggest ~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS. * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings APIs. -- Chad MILLER Wed, 15 Oct 2014 14:22:55 -0400 chromium-browser (38.0.2125.111-0ubuntu0.14.04.1.1061) trusty-security; urgency=medium * Upstream release 38.0.2125.111. * Upstream release 38.0.2125.104. * Upstream release 38.0.2125.101: (LP: #1310163) - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2014-3189: Out-of-bounds read in PDFium. - CVE-2014-3190: Use-after-free in Events. - CVE-2014-3191: Use-after-free in Rendering. - CVE-2014-3192: Use-after-free in DOM. - CVE-2014-3193: Type confusion in Session Management. - CVE-2014-3194: Use-after-free in Web Workers. - CVE-2014-3195: Information Leak in V8. - CVE-2014-3196: Permissions bypass in Windows Sandbox. - CVE-2014-3197: Information Leak in XSS Auditor. - CVE-2014-3198: Out-of-bounds read in PDFium. - CVE-2014-3199: Release Assert in V8 bindings. - CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy. * Make the verification step in clean make more compare-able output. * debian/patches/configuration-directory.patch: Account for new location of policies directory in /etc . Change back. (LP: #1373802) * debian/patches/lp-translations-paths: Map old third_party filenames to new name after processor compiles. * debian/rules: Fix patch-translations rule, workflow. * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable. * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS, which has never worked. (LP: #1381644) * debian/patches/disable-sse: Disable more SSE #includes. * debian/rules: Omit unnecessary files from packaging. * debian/chromium-browser.sh.in: Fix variable name bug and suggest ~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS. * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings APIs. -- Chad MILLER Wed, 15 Oct 2014 14:22:55 -0400 chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low * Upstream release 37.0.2062.120: - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. - CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Simplify and rearrange. * debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags, so we can fail when something changes unexpectedly. * debian/rules: Fix up patch-translations rule. -- Chad MILLER Mon, 15 Sep 2014 14:16:06 -0400 chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low * Upstream release 37.0.2062.94. - CVE-2014-3165: Use-after-free in Blink websockets. - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3168: Use-after-free in SVG. - CVE-2014-3169: Use-after-free in DOM. - CVE-2014-3170: Extension permission dialog spoofing. - CVE-2014-3171: Use-after-free in bindings. - CVE-2014-3172: Issue related to extension debugging. - CVE-2014-3173: Uninitialized memory read in WebGL. - CVE-2014-3174: Uninitialized memory read in Web Audio. - CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync API, and Google V8 to execute arbitrary code. * Fix a shell bug in the binary-wrapper that prevented USER flags from working properly. * debian/control: Suggests chromiumflashplugin . * debian/apport: Significant cleanup. * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs. (LP: #1353185) * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball. * debian/patches/*: refresh line numbers. * debian/patches/search-credit.patch, debian/patches/additional-search-engines.patch: Track source files moved. * debian/patches/ffmpeg-gyp-config.patch, debian/patches/fix-gyp-space-in-object-filename-exception.patch, debian/patches/gyp-icu-m32-test: Disabled. No longer needs fixing. * debian/control: build-dep on openssl. * debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86. (LP: #1353185) * debian/rules: Use built-in PDF support. (LP: #513745, #1009902) -- Chad MILLER Fri, 29 Aug 2014 12:55:03 -0400 chromium-browser (36.0.1985.143-0ubuntu1) trusty-security; urgency=low * Upstream release 36.0.1985.143: - CVE-2014-3165: Use-after-free in web sockets. - CVE-2014-3166: Information disclosure in SPDY. - CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Avoid some unnecessary warning of invalid mv. * debian/rules: Don't use tcmalloc on i386. * debian/control: Don't have (unused) shlibs-depends on -dbg packages and non-binary packages. * debian/chromium-browser-codecs-ffmpeg-extra.dirs, debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused. * debian/chromium-browser.lintian-overrides, debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides, debian/chromium-codecs-ffmpeg-extra.lintian-overrides, debian/chromium-codecs-ffmpeg.lintian-overrides, debian/source/lintian-overrides: Add lintian overrides. debian/chromium-codecs-ffmpeg-extra.lintian-overrides, debian/chromium-codecs-ffmpeg.lintian-overrides, debian/source/lintian-overrides: Add lintian overrides. -- Chad MILLER Tue, 19 Aug 2014 14:57:03 -0400 chromium-browser (36.0.1985.125-0ubuntu2) utopic; urgency=low * Upstream release 36.0.1985.125: - CVE-2014-3160: Same-Origin-Policy bypass in SVG. - CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/*: Moved more gtk related changes to aura code. * debian/control: Build-dep version of ninja-build should be recent. * debian/patches/gyp-icu-m32-test: Smarter g++ test, no "echo |bad". * Skip version -0ubuntu1 because Trusty postdates it. -- Chad MILLER Thu, 07 Aug 2014 17:22:20 -0400 chromium-browser (36.0.1985.125-0ubuntu1) trusty-security; urgency=low * Upstream release 36.0.1985.125: - CVE-2014-3160: Same-Origin-Policy bypass in SVG. - CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/*: Moved more gtk related changes to aura code. * debian/control: Build-dep version of ninja-build should be recent. * debian/patches/gyp-icu-m32-test: Smarter g++ test, no "echo |bad". -- Chad MILLER Thu, 31 Jul 2014 12:06:04 -0400 chromium-browser (35.0.1916.153-0ubuntu1) trusty-security; urgency=low * debian/patches/display-scaling-default-value: Make default scale 1:1 when no gsettings information is available. (LP: #1302155) * debian/patches/title-bar-default-system.patch-v34: Make window title-bar frame default to system-provided instead of custom. Again. * debian/patches/fix-gyp-space-in-object-filename-exception.patch: Make is deprecated, and not well supported, but we still need it. * debian/chromium-browser.sh.in, debian/chromium-browser.dirs: Speed up chromium startup by avoiding execution of unnecessary programs for real this time, and also, add a place in /etc for other packages to hook into chromium safely. * debian/chromium-browser-customization-example, debian/chromium-browser.sh.in: Add support for better customization of chromium by other packages. Files in /etc/chromium-browser/customizations/ are sourced at startup time. * debian/patches/notifications-nicer: Make buggy background-mode processes off by default. * 7-npapi-permission-not-defaults-to-unauthorized.patch: Fix misapplication. Put inside linux test, not chromeos test. * Upstream release 35.0.1916.153. * Upstream release 34.0.1847.137: - CVE-2014-1740: Use-after-free in WebSockets. - CVE-2014-1741: Integer overflow in DOM ranges. - CVE-2014-1742: Use-after-free in editing. * Upstream release 35.0.1916.114: - CVE-2014-1743: Use-after-free in styles. - CVE-2014-1744: Integer overflow in audio. - CVE-2014-1745: Use-after-free in SVG. - CVE-2014-1746: Out-of-bounds read in media filters. - CVE-2014-1747: UXSS with local MHTML file. - CVE-2014-1748: UI spoofing with scrollbar. - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. * debian/rules: Re-enable SSE for x86. * debian/control: Add build-dep on libkrb5-dev. * debian/patches/gyp-make-generator-reenabled. * Reenable webapps patches 3,5,6,7. * Remove old, unnecessary files, debian/cdbs, debian/cdbs/scons.mk, debian/cdbs/tarball.mk, debian/enable-dist-patches.pl, debian/keep-alive.sh * Remove OS condition in webapps desktop integration patches. We know the OS. -- Chad MILLER Mon, 14 Jul 2014 13:21:47 -0400 chromium-browser (34.0.1847.116-0ubuntu2) trusty; urgency=medium * Don't recommend pepperflashplugin-nonfree, which is in multiverse. (LP: #1307606) -- Iain Lane Mon, 14 Apr 2014 17:43:53 +0100 chromium-browser (34.0.1847.116-0ubuntu1) trusty; urgency=low * New upstream release 34.0.1847.116: - CVE-2014-1716: UXSS in V8. - CVE-2014-1717: OOB access in V8. - CVE-2014-1718: Integer overflow in compositor. - CVE-2014-1719: Use-after-free in web workers. - CVE-2014-1720: Use-after-free in DOM. - CVE-2014-1721: Memory corruption in V8. - CVE-2014-1722: Use-after-free in rendering. - CVE-2014-1723: Url confusion with RTL characters. - CVE-2014-1724: Use-after-free in speech. - CVE-2014-1725: OOB read with window property. - CVE-2014-1726: Local cross-origin bypass. - CVE-2014-1727: Use-after-free in forms. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. + Now ignores "autocomplete=off" in web forms. (LP: #1294325) * debian/rules: Enable high-DPI. Enable touch support. These require using Aura toolkit. * debian/patches/gsettings-display-scaling: Get scaling factor from gsettings. * debian/patches/touch: Enable touch on XInput2 slave pointer touch devices. * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir matching our version, then use version dir as the new lib dir. This is an attempto to mitigate version upgrade hangs. * debian/chromium-browser.sh.in: Add a command line parameter to diasble pinch gestures. * debian/patches/display-scaling-default-value: Set default scaling to 1 on hardware, because hardware often lies, but should be recoverable at 1:1. * debian/patches/display-scaling-report-hardware-info: Log hardware reports. * debian/rules: Emit messages on a timer to prevent dumb build-bots from killing long, silent linker stages. * debian/control: Add libexif-dev, libgcrypt-dev to build-deps. * debian/control: Drop Recommend x11-xserver-utils, x11-utils . * debian/control: Add libexif-dev to build-deps. * debian/apport/chromium-browser.py: Convert encoded bytes to str before splitting. Converting these to str at all is wrong, though. * debian/patches/flash-redirection: Redirect Flash installation through Ubuntu wiki for better user experience. * debian/patches/clipboard: Backport a few bug fixes. * debian/patches/title-bar-default-system.patch-v34: Temporarily disable system menu default to avoid window initial placement that doesn't take into consideration the title bar. -- Chad MILLER Mon, 14 Apr 2014 12:45:38 -0400 chromium-browser (33.0.1750.152-0ubuntu1) trusty; urgency=low * debian/rules: Enable high-DPI. Enable touch support. May not work on all devices yet. * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir matching our version, then use version dir as the new lib dir. This is an attempto to mitigate version upgrade hangs. * debian/rules: Move log-removal into the section for "release" builds only. * Upstream release 33.0.1750.152: - CVE-2014-1713: Code execution outside sandbox. Use-after-free in Blink bindings. - CVE-2014-1714: Code execution outside sandbox. Windows clipboard vulnerability. - CVE-2014-1705: Code execution outside sandbox. Memory corruption in V8. - CVE-2014-1715: Code execution outside sandbox. Directory traversal issue. * Upstream release 33.0.1750.149: - CVE-2014-1700: Use-after-free in speech. - CVE-2014-1701: UXSS in events. - CVE-2014-1702: Use-after-free in web database. - CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18. * Upstream release 33.0.1750.115. * Upstream release 33.0.1750.146. - CVE-2013-6663: Use-after-free in svg images. - CVE-2013-6664: Use-after-free in speech recognition. - CVE-2013-6665: Heap buffer overflow in software rendering. - CVE-2013-6666: Chrome allows requests in flash header request. - CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10. * Add a token to get search credit at Baidu. * debian/rules, debian/control: Switch to using ninja instead of make to build. Switch from CDBS to dh. Remove many old hacks. * debian/patches/disable_gn.patch: disable broken GN before build. Temporary hack. * debian/chromium-browser.{postinst,prerm}, add debhelper token. * debian/rules: Split compare function into arch-dep and arch-indep versions, since they check different things. * debian/rules: Use actual upstream orig tarball. * debian/control: build-dep on coreutils so we can print the checksums, too. -- Chad MILLER Sat, 15 Mar 2014 15:57:19 -0400 chromium-browser (32.0.1700.107-0ubuntu1) trusty; urgency=low * Upstream release 32.0.1700.107. -- Chad MILLER Mon, 03 Feb 2014 23:55:12 +0000 chromium-browser (32.0.1700.102-0ubuntu1) trusty; urgency=low * Upstream release 32.0.1700.102: - CVE-2013-6649: Use-after-free in SVG images. - CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. -- Chad MILLER Tue, 28 Jan 2014 13:49:14 -0500 chromium-browser (32.0.1700.77-0ubuntu1) trusty; urgency=low * Upstream release 32.0.1700.77: (LP: #1269387) - Tab indicators for sound, webcam and casting - Automatically blocking malware files - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - CVE-2013-6646: Use-after-free in web workers. - CVE-2013-6641: Use-after-free related to forms. - CVE-2013-6642: Address bar spoofing in Chrome for Android. - CVE-2013-6643: Unprompted sync with an attacker’s Google account. - CVE-2013-6645: Use-after-free related to speech input elements. - CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives. * Re-merged webapps patches. * debian/control: add build-deps for libdrm-dev, libcap-dev -- Chad MILLER Mon, 27 Jan 2014 17:26:13 -0500 chromium-browser (31.0.1650.63-0ubuntu1) trusty; urgency=low * New release 31.0.1650.63: - CVE-2013-6634: Session fixation in sync related to 302 redirects. - CVE-2013-6635: Use-after-free in editing. - CVE-2013-6636: Address bar spoofing related to modal dialogs. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. -- Chad MILLER Wed, 04 Dec 2013 12:45:36 -0500 chromium-browser (31.0.1650.57-0ubuntu3) trusty; urgency=low * debian/control: Drop libnss version number in Depends. We only need to recompile. (LP: #1251454) -- Chad MILLER Mon, 02 Dec 2013 11:48:58 -0500 chromium-browser (31.0.1650.57-0ubuntu2) trusty; urgency=low * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium in apport reports. * debian/control: Abandon nss transitional package as Dependency, and add real package with epoch version number. -- Chad MILLER Tue, 26 Nov 2013 07:34:31 -0500 chromium-browser (31.0.1650.57-0ubuntu1) trusty; urgency=low * New release 31.0.1650.57: - CVE-2013-6632: Multiple memory corruption issues. * New release 31.0.1650.48: (LP: #1250579) - CVE-2013-6621: Use after free related to speech input elements. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to "id" attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. * debian/chromium-chromedriver.install: Drop unsupported, broken old chromedriver v1 and add chromedriver2. * Update webapps patches. * Disable chromedriver testing until the new server-test client dependencies are figured out. * Drop base_unittests and automated_ui_tests build and automatic test and from installation exclusion. * Include wildcat package 'pepflashplugin-nonfree' in apport reportting. -- Chad MILLER Mon, 18 Nov 2013 10:52:14 -0500 chromium-browser (30.0.1599.114-0ubuntu1) trusty; urgency=low * debian/patches/menu-bar-visible.patch: Don't treat object as object reference. * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem introduced in menu-bar-visible patch. * debian/rules: Fix typo of Precise conditional. * Test the compiler for "-m32" support as the canonical test of support. Only a problem on ARM. * debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make SIGSYS handler in sandbox safe and never call itself. (LP: #1195797) * debian/rules, debian/control: Use standard hardening flags, not hardening-wrapper. * debian/control: Build-depend on binutils, which already includes gold linker. * debian/control: Drop some unused build-deps: autotools-dev, binutils, flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64], libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev, libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev, libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev, libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev, patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev, * debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes tab titles disappear due to a pango bug. * debian/tests/control: Drop Depends on obselete package libunity-webapps-chromium. -- Chad MILLER Sun, 27 Oct 2013 13:08:11 -0400 chromium-browser (30.0.1599.114-0ubuntu0.13.10.1) saucy-updates; urgency=low * New release 30.0.1599.114. * New release 30.0.1599.101: - CVE-2013-2925: Use after free in XHR. - CVE-2013-2926: Use after free in editing. - CVE-2013-2927: Use after free in forms. * New release 29.0.1547.76. * New release 30.0.1599.66: - CVE-2013-2906: Races in Web Audio. - CVE-2013-2907: Out of bounds read in Window.prototype object. - CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2909: Use after free in inline-block rendering. - CVE-2013-2910: Use-after-free in Web Audio. - CVE-2013-2911: Use-after-free in XSLT. - CVE-2013-2912: Use-after-free in PPAPI. - CVE-2013-2913: Use-after-free in XML document parsing. - CVE-2013-2914: Use after free in the Windows color chooser dialog. - CVE-2013-2915: Address bar spoofing via a malformed scheme. - CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2917: Out of bounds read in Web Audio. - CVE-2013-2918: Use-after-free in DOM. - CVE-2013-2919: Memory corruption in V8. - CVE-2013-2920: Out of bounds read in URL parsing. - CVE-2013-2921: Use-after-free in resource loader. - CVE-2013-2922: Use-after-free in template element. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - CVE-2013-2924: Use-after-free in ICU. * debian/tests/...: Make first real tests using sikuli. Probably quite fragile on changes to upstream. (LP: #1222895) * debian/patches/4-chromeless-window-launch-option.patch: Make new windows use their own state instead of checking the parameters of the instance that started all processes for whether a window has chrome or not. (LP: #1223855) * Update autopkgtest tests. * debian/patches/series: Drop comment references to old patches. Remove files. * debian/rules: Don't build 'reliability_tests' any more. It's deprecated upstream and we don't use it anyway. * debian/rules: debian/chromium-browser.install: Handle sandbox compilation configuration changes by stopping our special handling and using the default, and "you have to change the underscore from the build target into a hyphen". * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out. (LP: #1226143) * debian/testing/driver: Cheap run test to make sure chromedriver runs. (LP: #1226143) * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that caused extensions to fail. (LP: #1232575) * debian/rules: Use runtime linker for all architectures, not just 64-bit. Component builds everywhere, now. More than 4GB is too much to expect. * debian/rules: clean up packaging comparison code. -- Chad MILLER Thu, 24 Oct 2013 10:53:44 -0400 chromium-browser (29.0.1547.65-0ubuntu2) saucy; urgency=low * debian/control: Make chromium-browser-l10n Replaces chromium-browser so that new translations that were added in v28 packaging are now in the correct -l10n package. (LP: #1222488) * debian/rules: Remove unused duplicate-exclusion patterns. Again. * debian/control: Make codecs packages no longer Depend on chromium-browser, so that "extras" metapackages can pull them in without enormous browser. (LP: #1208518) * debian/tests/control: Don't use needs-build flag as we don't need it presently. Also, disable autopkgtest "smoketest" failure until its misbehavior on some environments can be diagnosed from log files. * debian/patches/4-chromeless-window-launch-option.patch: Add missing construction initializer. (LP: #1223251) -- Chad MILLER Tue, 22 Oct 2013 14:29:46 -0400 chromium-browser (29.0.1547.65-0ubuntu1) saucy; urgency=low * New release 29.0.1547.65. * New release 29.0.1547.62. * New release 29.0.1547.57: (LP: #1215361) - CVE-2013-2900: Incomplete path sanitization in file handling. - CVE-2013-2905: Information leak via overly broad permissions on shared memory files. - CVE-2013-2901: Integer overflow in ANGLE. - CVE-2013-2902: Use after free in XSLT. - CVE-2013-2903: Use after free in media element. - CVE-2013-2904: Use after free in document parsing. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). * debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine list. [Caine Tighe <~caine>] * debian/patches/search-credit.patch: Update URLs. * debian/patches/disable_dlog_and_dcheck_in_release_builds.patch, debian/patches/wehkit_rev_parser.patch, No longer necessary. Deleted. * debian/chromium-browser.sh.in: Include command-line parameters for registered plugins. * Since we include remoting locales too, also split its locales info into the -l10n package correctly. * debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND breaks build right now. * debian/rules: Fix packaging-completeness checker. * debian/rules: Break long expressions into discrete parts in packaging completeness checker. * Update webapps patches. * debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser, expmplary for extension placement. * debian/patches/extensions-directory.patch: Use a /usr/share/ directory that is named with our package, not "chromium". Withouth this, we force global extensions to violate FHS. -- Chad MILLER Thu, 05 Sep 2013 16:47:55 -0400 chromium-browser (28.0.1500.95-0ubuntu2) saucy; urgency=low * debian/rules: - Make unused-file matches simpler, and install rule more descriptive. - get-orig-source has to make the directory for the orig contents. * debian/source/lintian-overrides: - Add old-fsf-address-in-copyright-file and image-file-in-usr-lib - Fix setuid-binary to be "source". Seems like it should be "binary". :( * debian/checkout-orig-source.mk: Remove tests and add unofficialness marker file to orig tarball when we can't use upstream orig releases. -- Chad MILLER Wed, 31 Jul 2013 07:10:34 -0400 chromium-browser (28.0.1500.95-0ubuntu1) saucy; urgency=low * debian/control: Set VCS URL to be accurate. * debian/rules: Start rule to create patch that includes Launchpad translations. Never change upstream orig tarball. This will be a release-time manual rule that updates a quilt patch. * New release 28.0.1500.95: - CVE-2013-2881: Origin bypass in frame handling. - CVE-2013-2882: Type confusion in V8. - CVE-2013-2883: Use-after-free in MutationObserver. - CVE-2013-2884: Use-after-free in DOM. - CVE-2013-2885: Use-after-free in input handling. - CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. -- Chad MILLER Tue, 30 Jul 2013 17:44:06 -0400 chromium-browser (28.0.1500.71-0ubuntu3) saucy; urgency=low * debian/rules: - Keepalive in tests rule, to keep builder machines from reaping. - Further exclude a few tests that interact with fakeroot, ReadOnlyFileUtilTest. -- Chad MILLER Mon, 29 Jul 2013 11:38:52 -0400 chromium-browser (28.0.1500.71-0ubuntu2) saucy; urgency=low * debian/rules: - Disable logging calls in chromium binary to save several MB of executable size. * debian/patches/linker-asneeded-bug.patch: - Add patch to work around linker bug. * debian/keep-alive.sh: - Treat disappearing /proc as error, and quit. -- Chad MILLER Fri, 26 Jul 2013 19:29:45 -0400 chromium-browser (28.0.1500.71-0ubuntu0.13.10.1) saucy; urgency=low * New release 28.0.1500.71. * debian/chromium-browser.install: Include inspector resources in chromium-browser package. * debian/control: Make new -dbg package for chromedriver. * debian/rules: - Remove tests for ancient versions of Ubuntu. - Return to using no explicity NEON fpu, and instead try to detect at runtime NEON caps. This effectively disables NEON, so far. - Build and run unit test suite as part of making a package. Abort if more than 15 out of ~1000 tests fail. - Clean up packaging sanity test that verifies everything we build is put into a package. - Set relative rpath to libs/ for chromium-browser executable, but . for libraries in libs/ ; that makes dpkg-shlibdeps happy and process run. - Strip out some ugly logic around keeping only one language in the main package, and keeping the contents verifier happy based on the architecture. - EXPERIMENT: Try not stripping enormous libraries' symbols explicitly. - Add more exceptions for packaging contents tests, this time to exclude files that are in package but not from the build tree. - Be more explicit about what files we set the rpath on. Get all executables. We missed chromedriver before. - Only one hardware arch builds the independent files, so in our sanity test that we install everything upstream built once and only once in packages, we have to consider whether this build didn't even try to take and use arch-independent files. Don't look for some file paths if we don't use them. (Also, if we match too much of what we used, also remove matches from the list of created. This should be better.) * debian/patches/arm-neon.patch: - Compile in NEON instructions for ARM, even if we can't reliably check for whether our CPU is capable of running them yet. The major problem remaining is that the sandbox security wrapper defeats any test of /proc/cpuinfo . * debian/source/lintian-overrides: - Supress warnings about known intentional decisions: Package name, statically linked bundled libraries, setuid root sandbox. * debian/chromium-browser.sh.in: - Detect at startup the features of the CPU that we might be intersted in and export info into the environment. This is step one of a longer workaround for sandbox /proc restrictions. * Make a fall-back for when upstream fails to release a Release. Package up as best we can from source control. debian/rules and debian/checkout-orig-source.mk . * debian/tests/: - Add smoketest to verify that chromium runs. - Add a empty webapps test file for notes about what parts of webapps will or should be tested. * debian/keep-alive.sh. Quit if disk environment disappears. -- Chad MILLER Thu, 18 Jul 2013 17:31:34 -0400 chromium-browser (28.0.1500.52-0ubuntu3) saucy; urgency=low * Conform to newer Ayatana standard for Desktop Actions. * Prefer "-extra" codecs package. * Add debian/patches/menu-bar-visible.patch to show the top menu-bar in contemporary Unity. * Update webapps patches, to hide the bar asking the user's permission to run webapps extension for this window. -- Chad MILLER Fri, 28 Jun 2013 15:47:42 -0400 chromium-browser (28.0.1500.52-0ubuntu2) saucy; urgency=low [Chad MILLER] * New stable release 28.0.1500.52 * New stable release 28.0.1500.45 * New stable release 27.0.1453.110: - CVE-2013-2855: Memory corruption in dev tools API. - CVE-2013-2856: Use-after-free in input handling. - CVE-2013-2857: Use-after-free in image handling. - CVE-2013-2858: Use-after-free in HTML5 Audio. - CVE-2013-2859: Cross-origin namespace pollution. - CVE-2013-2860: Use-after-free with workers accessing database APIs. - CVE-2013-2861: Use-after-free with SVG. - CVE-2013-2862: Memory corruption in Skia GPU handling. - CVE-2013-2863: Memory corruption in SSL socket handling. - CVE-2013-2864: Bad free in PDF viewer. * New stable release 27.0.1453.93: - CVE-2013-2837: Use-after-free in SVG. - CVE-2013-2838: Out-of-bounds read in v8. - CVE-2013-2839: Bad cast in clipboard handling. - CVE-2013-2840: Use-after-free in media loader. - CVE-2013-2841: Use-after-free in Pepper resource handling. - CVE-2013-2842: Use-after-free in widget handling. - CVE-2013-2843: Use-after-free in speech handling. - CVE-2013-2844: Use-after-free in style resolution. - CVE-2013-2845: Memory safety issues in Web Audio. - CVE-2013-2846: Use-after-free in media loader. - CVE-2013-2847: Use-after-free race condition with workers. - CVE-2013-2848: Possible data extraction with XSS Auditor. - CVE-2013-2849: Possible XSS with drag+drop or copy+paste. * Drop unneeded patches, safe-browsing-sigbus.patch dont-assume-cross-compile-on-arm.patch struct-siginfo.patch ld-memory-32bit.patch dlopen_sonamed_gl.patch * Temporarily disable webapps patches. * Update arm-neon patch, format-flag patch, search-credit patch, title-bar-system-default patch. * Make get-orig-source nicer. Package tarball contents from upstream correctly. * Reenable dyn-linking of major components of chromium for 32-bit machines. Fix a libdir path bug in debian/chromium-browser.sh.in . * No longer try to use system libraries. Generally, Security Team would hate bundled libraries because they provide a wide liability, but Chromium Project is pretty good about maintaining their bundled-source libraries. We can not pull cr-required lib versions forward in older Ubuntus, and we can't guarantee all the distro versions of libraries work with chromium-browser. The default security policy might be worse. Bundled libraries is less work overall. * Exclude included XDG files even if they are built. * Use NEON instructions on ARM, optionally. This might use run-time checks for hardware capability, but even if it doesn't we can add it later. * Clean up difference checks in debian/rules that make sure that all files that the build makes are used in packages, and no longer hide any, and no longer consider it an error if some are unused. Treat it as a warning, not a fatality. * Use legible shell instead of make-generated shell in setting the rpath in rules. * Add new build-dep, "chrpath". [Chris Coulson] * debian/rules: Disable tcmalloc on all component builds, not just on arm builds. -- Chad MILLER Thu, 20 Jun 2013 14:54:43 -0400 chromium-browser (26.0.1410.63-0ubuntu3) saucy; urgency=low * Work around SEGV on ARMHF that's caused by tcmalloc. -- Chad MILLER Sun, 19 May 2013 23:30:01 -0400 chromium-browser (26.0.1410.63-0ubuntu2) saucy; urgency=low * Work arround missing Apparmour feature. Set environment explicitly to disallow breaking out of apparmor protection. (LP: #1045986) * Use more system libraries, libxml, libjpeg, bzip2, libxslt, flac, libevent, protobuf, speex, xdg_utils, yasm, but not a few others -- in particular, - libpng causes render hangs, - sqlite causes link failures. Updating debian/rules, and dropping the removed ones from debian/control . * debian/rules: - Use actual original upstream tarball. No SVN snapshots, no gclient. - Rip out compiler-targeting. All versions should work. - Always use sandbox. It shouldn't be an option. Nothing works without it any more. * Drop build-dep on subversion. Not required with pristing orig.tar get-original-source. * Simpify debian/rules and use the built-in parameter for telling GYP config to include debug symbols. * Include upstream patch debian/patches/ld-memory-32bit.patch that makes 32 bit machines more likely to use BDF linker and include parameters that make it more memory efficient. * GCC doesn't allow -Wno-format with hardening -Werror=format-security . Add debian/patches/format-flag.patch . * Since we're Depending on xdg-settings, don't try to install one from upstream. Change debian/chromium-browser.install . * Invert sense of a quantal+ test so that we don't have to track things forever. Name things we know about, instead of things that don't exist yet. Update debian/rules . * Drop old unused sizes of icons to install from debian/rules . * Always default chromium to using the system title bar. Add debian/patches/title-bar-default-system.patch . * Default third-party cookies to most secure to users: off. Add debian/patches/third-party-cookies-off-by-default.patch . * Remove flags that make several useful application actions only appear on Unity. Update debian/chromium-browser.desktop . * Add a lp:app-install-data-ubuntu flag that names the package. Update debian/chromium-browser.desktop . * Remove full path from freedesktop default-apps file. Update debian/chromium-browser.xml . -- Chad MILLER Fri, 10 May 2013 17:27:45 -0400 chromium-browser (26.0.1410.63-0ubuntu1) raring; urgency=low [Chris Coulson] * Make it possible to build armv7 without neon optimizations - update debian/patches/arm-neon.patch * Don't assume that arm linux builds are cross-builds - add debian/patches/dont-assume-cross-compile-on-arm.patch - update debian/patches/series [Chad MILLER] * debian/chromium-browser.desktop: No absolute path to executable. Use PATH from environment. LP:1008741 * Make the "clean" rule behave better. Test differently for src/obj/ and never involve the upstream Makefile. Update debian/rules . * Don't over-clean. The makefiles generated by GYP are fine to include in orig tarball. * Use Google API keys in Ubuntu, as approved by Paweł Hajdan @ Google. * New stable version 26.0.1410.63. No CVEs to report. * New stable version 26.0.1410.43: - CVE-2013-0916: Use-after-free in Web Audio. - CVE-2013-0917: Out-of-bounds read in URL loader. - CVE-2013-0918: Do not navigate dev tools upon drag and drop. - CVE-2013-0919: Use-after-free with pop-up windows in extensions. - CVE-2013-0920: Use-after-free in extension bookmarks API. - CVE-2013-0921: Ensure isolated web sites run in their own processes. - CVE-2013-0922: Avoid HTTP basic auth brute force attempts. - CVE-2013-0923: Memory safety issues in the USB Apps API. - CVE-2013-0924: Check an extension’s permissions API usage again file permissions. - CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. - CVE-2013-0926: Avoid pasting active tags in certain situations. * Update webapps patches. * debian/patches/arm-crypto.patch . Drop patch. Unnecessary now. * Always use verbose building. Update debian/rules . * Always use sandbox. It shouldn't be an option. Nothing works without it any more. Update debian/rules . * Always use extra debugging "-g" flag. Update debian/rules . * Try to be more multiarch aware. Update debian/control . * Drop many lintian overrides. Update debian/source/lintian-overrides . * Include autotoools-dev in build-deps so that cdbs will update autoconf helper files in source automatically. Update debian/control . * Update standards version to 3.9.4 in debian/control . * When executable is split into libraries, strip debug symbols from enormous libraries even in dbg packages. This affects webkit only, in actuality. Update debian/rules . * Clean up some "tar" usage in debian/rules . * Don't include hardening on armhf. Update debian/rules . * Drop extraneous no-circular-check in debian/rules GYP run. * Work around a SIGBUS on ARM. Added debian/patches/safe-browsing-sigbus.patch * Insert multilib info directly into nss runtime library loading. Update debian/rules . * Enable NEON support for hard-float ARM. Actual use should be a runtime check, or is a bug. -- Chad MILLER Thu, 11 Apr 2013 20:08:28 -0400 chromium-browser (25.0.1364.160-0ubuntu2) raring; urgency=low * fix LP: #1153137 - Drop Recommends on webaccounts-chromium-extension and unity-chromium-extension to Suggests as they're not useful without Unity -- Micah Gersten Wed, 27 Mar 2013 23:52:08 -0500 chromium-browser (25.0.1364.160-0ubuntu1b1) raring; urgency=low * No-change rebuild against libudev1 -- Martin Pitt Wed, 13 Mar 2013 07:04:51 +0000 chromium-browser (25.0.1364.160-0ubuntu1) raring-proposed; urgency=low * Disable lintian warnings about outdated autoconf files in source tree. * New stable version 25.0.1364.160: - CVE-2013-0912: Type confusion in WebKit. * New stable version 25.0.1364.152: - CVE-2013-0902: Use-after-free in frame loader. - CVE-2013-0903: Use-after-free in browser navigation handling. - CVE-2013-0904: Memory corruption in Web Audio. - CVE-2013-0905: Use-after-free with SVG animations. - CVE-2013-0906: Memory corruption in Indexed DB. - CVE-2013-0907: Race condition in media thread handling. - CVE-2013-0908: Incorrect handling of bindings for extension processes. - CVE-2013-0909: Referer leakage with XSS Auditor. - CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. - CVE-2013-0911: Possible path traversal in database handling. * New stable version 25.0.1364.97: - CVE-2013-0879: Memory corruption with web audio node. - CVE-2013-0880: Use-after-free in database handling. - CVE-2013-0881: Bad read in Matroska handling. - CVE-2013-0882: Bad memory access with excessive SVG parameters. - CVE-2013-0883: Bad read in Skia. - CVE-2013-0885: Too many API permissions granted to web store. - CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - CVE-2013-0888: Out-of-bounds read in Skia. - CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - CVE-2013-0890: Memory safety issues across the IPC layer. - CVE-2013-0891: Integer overflow in blob handling. - CVE-2013-0892: Lower severity issues across the IPC layer. - CVE-2013-0893: Race condition in media handling. - CVE-2013-0894: Buffer overflow in vorbis decoding. - CVE-2013-0895: Incorrect path handling in file copying. - CVE-2013-0896: Memory management issues in plug-in message handling. - CVE-2013-0897: Off-by-one read in PDF. - CVE-2013-0898: Use-after-free in URL handling. - CVE-2013-0899: Integer overflow in Opus handling. - CVE-2013-0900: Race condition in ICU. * New stable version 24.0.1312.52: - CVE-2012-5145: Use-after-free in SVG layout. - CVE-2012-5146: Same origin policy bypass with malformed URL. - CVE-2012-5147: Use-after-free in DOM handling. - CVE-2012-5148: Missing filename sanitization in hyphenation support. - CVE-2012-5149: Integer overflow in audio IPC handling. - CVE-2012-5150: Use-after-free when seeking video. - CVE-2012-5151: Integer overflow in PDF JavaScript. - CVE-2012-5152: Out-of-bounds read when seeking video. - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5156: Use-after-free in PDF fields. - CVE-2012-5157: Out-of-bounds reads in PDF image handling. - CVE-2013-0828: Bad cast in PDF root handling. - CVE-2013-0829: Corruption of database metadata leading to incorrect file access. - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process. - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling. - CVE-2013-0835: Browser crash with geolocation. - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments. * Add libpci-dev to build-deps. * Add Recomends for webaccounts-chromium-extension. * Add Recomends for unity-chromium-extension. * debian/patches/ffmpeg-gyp-config. - Renamed from debian/patches/gyp-config-root - Write includes for more targets in ffmpeg building. * debian/patches/arm-crypto.patch - Added patch to distinguish normal ARM and hard-float ARM in crypto NSS inclusion. * Put GOOG search credit in a patch so we know when it fails. Also add credit to the other search idioms for GOOG. because releases can have any number of updates. * Update webapps patches. * debian/rules: - Adopt some ARM build conditions from Debian. - Clean up. Stop matching Ubuntu versions outside of Ubuntu environments. Match patterns instead of whole words - Write REMOVED files in correct place. - Remove all generated in-tree makefiles at clean and get-source time. - Move all file-removal lines in get-source inside the condition for stripping files out of the source. - Hack in a "clean" rule that implements what src/Makefile should. -- Chad MILLER Fri, 08 Mar 2013 09:50:59 -0500 chromium-browser (24.0.1312.56-0ubuntu2) raring-proposed; urgency=low * Update webapps patches for 24.0.1312.52. (LP: #1099828). Patches from Chad Miller. -- Jamie Strandboge Sun, 03 Feb 2013 11:55:37 -0600 chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low * Add comment-markers to debian/patches/series file to make patch import easier. * debian/patches/gyp-config-root.patch - Added. Avoids compilation bug on (at least) ARM. * debian/patches/arm-neon.patch - Added function to determine NEON functionality in ARM at runtime for WebRt library in WebKit. * Update README.source to include some of these changes. * Set new URL for channel-release info in rules file. * debian/chromium-browser.install - No longer install demo extension - Install remoting locales * debian/patches/chromium_useragent.patch.in renamed to drop ".in", OS "Ubuntu" hardcoded with no compilation-release name, and patch refreshed to follow new location of source. Also remove it from the list of ephemeral files that "clean" rule removes. * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;", to be safer and faster. * Make most patches follow a common format (no timestamps or Index lines), to avoid future churn. * Write the "REMOVED" list files to the root of the orig tarball, instead of inside the src/ directory, where they could collide. * Fix dpkg-source warning: Clean up python cached bytecode files. * Also don't include python bytecode or cache files in orig tarball, and clean then up on "clean" rule. * Fix dpkg-source warning: Remove autoconf cache. * Fix lintian warning: fta and micahg to XSBC-Original-Maintainer. * Fix lintian error not-binnmuable-all-depends-any. * Override lintian complaints ancient-autotools-helper-file and unused-build-dependency-on-cdbs. * Drop "lzma" from build dependencies. * Set default binary and source package compression to xz. If building for Ubuntu 10.04, then make binary's compression to bzip2. * List explicit architectures that Chromium supports, instead of "any". Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}. * debian/patches/arm-neon.patch added to get ARM w/o Neon support. (LP: #1084852) * Add chromedriver packaging. (LP: #1069930) Thanks to John Rigby * In debian/rules, avoid creating invalid subst expression in sed of DEBIAN* vars into files. * Note localization in package description for support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms. * No longer include Launchpad-generated translations. Disable patch grd_parse_fix.patch . * Set default binary and source package compression to xz. If building for Ubuntu 10.04, then make binary's compression to bzip2. * No longer expect unpacked tarball to contain "build-tree". * Fix build warning about missing debian/source/format. Set to "3.0 (quilt)". * Remove unnecessary glib-header-single-entry.patch . * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the executing program is not dpkg-buildpackage. * Make rules file generate LASTCHANGE file at new location. * Change get-sources command to kill script when it fails to disable gyp-chromium run from DEPS. Never fail silently again. * Add patches/struct-siginfo.patch to work around source bug in dereferencing internal stuct instead of public type. * Drop SCM revision from the version. * Refresh patches from lp:unity-chromium-extension . * Make all patches follow a common format, to avoid future churn. No timestamps, a/b parent, sorted, no index. * New upstream version 24.0.1312.56: - CVE-2013-0839: Use-after-free in canvas font handling. - CVE-2013-0840: Missing URL validation when opening new windows. - CVE-2013-0841: Unchecked array index in content blocking. - CVE-2013-0842: Problems with NULL characters embedded in paths. * New upstream version 24.0.1312.52: (LP: #1099075) - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez. - CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh). - CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. - CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. - CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer). * New upstream version 23.0.1271.97 - CVE-2012-5139: Use-after-free with visibility events. - CVE-2012-5140: Use-after-free in URL loader. - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers. - CVE-2012-5144: Stack corruption in AAC decoding. * New upstream version 23.0.1271.95 - CVE-2012-5138: Incorrect file path handling. - CVE-2012-5137: Use-after-free in media source handling. * New upstream version 23.0.1271.91 - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia. - CVE-2012-5132: Browser crash with chunked encoding. - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. * Includes CVE fixes for 23.0.1271.64 - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. - CVE-2012-5120: Out-of-bounds array access in v8. - CVE-2012-5116: Use-after-free in SVG filter handling. - CVE-2012-5121: Use-after-free in video layout. - CVE-2012-5117: Inappropriate load of SVG subresource in img context. - CVE-2012-5119: Race condition in Pepper buffer handling. - CVE-2012-5122: Bad cast in input handling. - CVE-2012-5123: Out-of-bounds reads in Skia. - CVE-2012-5124: Memory corruption in texture handling. - CVE-2012-5125: Use-after-free in extension tab handling. - CVE-2012-5126: Use-after-free in plug-in placeholder handling. - CVE-2012-5128: Bad write in v8. * Disable lintian warnings about outdated autoconf files in source tree. -- Chad Miller Wed, 23 Jan 2013 13:43:34 -0500 chromium-browser (22.0.1229.94~r161065-0ubuntu1) quantal-proposed; urgency=low * New upstream release from the Stable Channel - [154983][154987] Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write -- Ken VanDine Sat, 13 Oct 2012 00:24:57 -0400 chromium-browser (22.0.1229.79~r158531-0ubuntu1) quantal-proposed; urgency=low * New upstream release from the Stable Channel * debian/control - fixed typo in description for chromium-codecs-ffmpeg * debian/patches/fix-armhf-ftbfs.patch - Dropped, no longer needed * debian/chromium-browser.install - Install demo extension * debian/rules - Updated INSTALL_EXCLUDE_FILES - build with gcc 4.7 * debian/patches/1-infobars.patch, debian/patches/2-get-domain-tld.patch, debian/patches/3-chrome-xid.patch, debian/patches/4-chromeless-window-launch-option.patch, debian/patches/5-desktop-integration-settings.patch, debian/patches/fix-1034541.patch - Updated for v22 * debian/patches/6-passwordless-install-support.patch - Webapp package installation (LP: #1059460) * debian/patches/7-plugin-status.patch - Don't block npapi plugins on linux, which is required by unity-chromium-extension -- Ken VanDine Fri, 12 Oct 2012 09:31:11 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu6) quantal-proposed; urgency=low * debian/patches/5-desktop-integration-settings.patch - Updated to match libunity-webapps.so.0 -- Ken VanDine Wed, 19 Sep 2012 11:44:21 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu5) quantal; urgency=low * debian/patches/fix-1034541.patch - fix chromeless issues if chromeless window is launched before a regular browser window (LP: #1034541) -- Ken VanDine Tue, 14 Aug 2012 14:45:16 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu4) quantal; urgency=low * debian/patches/4-chromeless-window-launch-option.patch - updated to latest from webapps * debian/patches/5-desktop-integration-settings.patch - updated to latest from webapps -- Ken VanDine Mon, 13 Aug 2012 22:53:46 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu3) quantal; urgency=low * debian/patches/1-infobars.patch - moved infobars out of experimental, used for webapps * debian/patches/2-get-domain-tld.patch - Adds API for getting the base domain of a URI, used for webapps * debian/patches/3-chrome-xid.patch - Get xid, used for webapps * debian/patches/chromeless-window-launch-option.patch - Adds optional chromeless mode, used for webapps * debian/patches/desktop-integration-settings.patch - Adds settings for managing sites integrated with the desktop, used for webapps -- Ken VanDine Mon, 06 Aug 2012 13:40:57 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu2) quantal; urgency=low * debian/control - Dropped build depends for libvpx-dev * -debian/patches/vpx.patch - dropped, build with internal vpx [ Matthieu Baerts ] * debian/apport: - Update apport hook for python3 (LP: #1013171) patch made with the help of Edward Donovan -- Ken VanDine Thu, 12 Jul 2012 15:56:59 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu1) quantal; urgency=low * New upstream release from the Stable Channel * debian/control - Added build depends binutils-gold, libvpx-dev,libssl-dev and subversion - Bumped standards version to 3.9.3 - don't build depend on binutils-gold for armel * debian/rules - explicitly set arm_float_abi=hard for armhf builds and let the rest fallback to softfp - do not use third_party/gold as the linker. - enable compile-time dependency on gnome-keyring * -debian/patches/ubuntu_dont_overwrite_default_download_directory.patch - no longer needed * debian/patches/grd_parse_fix.patch - Patched to fix broken XML until we can get a proper fix for chromium-translation-tools. * debian/patches/vpx.patch - patch from debian to fix FTBFS on armel * debian/patches/arm.patch - patch from debian to fix FTBFS on armel -- Ken VanDine Thu, 12 Jul 2012 14:02:44 -0400 chromium-browser (18.0.1025.168~r134367-0ubuntu2) quantal; urgency=low * debian/rules - force to build with gcc 4.6 to fix ftbfs (LP: #992212) - don't build with -Werror * debian/control - add build depends for g++-4.6-multilib -- Ken VanDine Fri, 06 Jul 2012 13:51:59 -0400 chromium-browser (18.0.1025.168~r134367-0ubuntu1) quantal; urgency=low * debian/rules - include armv7 in GYP_DEFINES for 11.10, 12.04 and 12.10. Fixes FTBFS on arm (LP: #993080) -- Ken VanDine Mon, 18 Jun 2012 10:04:59 -0400 chromium-browser (18.0.1025.168~r134367-0ubuntu0.12.04.1) precise-security; urgency=low * New upstream release from the Stable Channel (LP: #992352) - [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz. - [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by wushi of team509 reported through iDefense VCP (V-874rcfpq7z). - [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie - [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano. - [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz. -- Micah Gersten Tue, 01 May 2012 00:02:53 -0500 chromium-browser (18.0.1025.151~r130497-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #977502) - black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371) - CSS not applied to element (Issue: 114667) - Regression rendering a div with background gradient and borders (Issue: 113726) - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285) - Multiple crashes (Issues: 72235, 116825 and 92998) - Pop-up dialog is at wrong position (Issue: 116045) - HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165) - SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252) This release fixes the following security issues: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). -- Micah Gersten Mon, 09 Apr 2012 16:21:40 -0500 chromium-browser (18.0.1025.142~r129054-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #968901) This release fixes the following security issues: - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. * Add build dependency on libudev-dev to allow for gamepad detection; see http://code.google.com/p/chromium/issues/detail?id=79050 - update debian/control * Drop dlopen_libgnutls patch as it's been implemented upstream - drop debian/patches/dlopen_libgnutls.patch - update debian/patches/series * Start removing *.so and *.so.* from the upstream tarball creation - update debian/rules * Strip almost the entire third_party/openssl directory as it's needed only on android, but is used by the build system - update debian/rules * Use tar's --exclude-vcs flag instead of just excluding .svn - update debian/rules -- Micah Gersten Sun, 01 Apr 2012 22:17:11 -0500 chromium-browser (17.0.963.83~r127885-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #961831) This release fixes the following security issues: - [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. - [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. - [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. -- Micah Gersten Wed, 21 Mar 2012 21:31:34 -0500 chromium-browser (17.0.963.79~r125985-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #952711) This release fixes the following security issue: - [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie. -- Micah Gersten Mon, 12 Mar 2012 00:01:07 -0500 chromium-browser (17.0.963.78~r125577-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #950174) This release fixes the following security issue: - [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov. * Add libgles2-mesa-dev build dependency on armhf as well; Hopefully really fix LP: #943281; Thanks to Christian Dywan for the tip - update debian/control -- Micah Gersten Fri, 09 Mar 2012 00:40:23 -0600 chromium-browser (17.0.963.66~r124982-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #948749) - fixes regression in the DOM [116789] [ Micah Gersten ] * Revert manual changes to v8 build system since we're using the gyp flag now - update debian/patches/fix-armhf-ftbfs.patch [ Jani Monoses ] * Attempt to fix armhf build again (LP: #943281) - update debian/rules -- Micah Gersten Wed, 07 Mar 2012 02:00:53 -0600 chromium-browser (17.0.963.65~r124586-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #946914) - Cursors and backgrounds sometimes do not load [111218] - Plugins not loading on some pages [108228] - Text paste includes trailing spaces [106551] - Websites using touch controls break [110332] This release fixes the following security issues: - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG. - [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis. - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis. - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz. - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz. - [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz. - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz. - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz. - [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz. - [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz. - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz. - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis. [ Jani Monoses ] * Fix FTBFS on armhf (LP: #943281) - add debian/patches/fix-armhf-ftbfs.patch - update debian/patches/series -- Micah Gersten Mon, 05 Mar 2012 03:48:05 -0600 chromium-browser (17.0.963.56~r121963-0ubuntu3) precise; urgency=low * Fix arm specific flags again; Use findstring instead of filter as arm isn't the entire build arch name - update debian/rules -- Micah Gersten Mon, 20 Feb 2012 00:59:09 -0600 chromium-browser (17.0.963.56~r121963-0ubuntu2) precise; urgency=low * Add arm specific flags for arm*, not just armel; This allows building on armhf successfully (we hope) - update debian/rules * Change chromium-browser-dbg to Priority: extra, Section: debug per lintian - update debian/control * Fix line endings in debian/copyright per lintian - update debian/copyright * Make copyright file UTF-8 per lintian - update debian/copyright -- Micah Gersten Mon, 20 Feb 2012 00:23:47 -0600 chromium-browser (17.0.963.56~r121963-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #933262) This release fixes the following security issues: - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. - [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. - [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz. -- Micah Gersten Wed, 15 Feb 2012 22:55:08 -0600 chromium-browser (17.0.963.46~r119351-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #931905) This release fixes the following security issues: - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG. - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. - [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG. - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek. - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno). * Rebase patch - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch * Update .install file to just install all .pak files instead of listing them by name - update debian/chromium-browser.install -- Micah Gersten Wed, 15 Feb 2012 01:32:50 -0600 chromium-browser (16.0.912.77~r118311-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #923602, #897389) (LP: #914648, #889711) This release fixes the following security issues: - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415). - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz. - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis. This upload also includes the following security fixes from 16.0.912.75: - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). This upload also includes the following security fixes from 16.0.912.63: - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security. - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team. - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek. - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG. - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). This upload also includes the following fixes from 15.0.874.121: - fix to a regression: SVG in iframe doesn't use specified dimensions - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler [ Micah Gersten ] * Add patch to build with glib 2.31 (single entry header inclusion) - add debian/patches/glib-header-single-entry.patch - update debian/patches/series [ Brandon Snider ] * Refresh user agent patch - update debian/patches/chromium_useragent.patch.in -- Micah Gersten Mon, 30 Jan 2012 14:43:06 -0600 chromium-browser (15.0.874.120~r108895-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #889711) This release fixes the following security issues: - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). -- Micah Gersten Sun, 13 Nov 2011 00:11:03 -0600 chromium-browser (15.0.874.106~r107270-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #881786) - This release fixes a regression with regard to logging into certain websites -- Micah Gersten Wed, 26 Oct 2011 23:19:00 -0500 chromium-browser (15.0.874.102~r106587-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #881786) - fix LP: #881607 - Error initializing NSS without a persistent database This release fixes the following security issues: - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen. - [94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov. - [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno). - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz. - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. - [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean. [ Micah Gersten ] * Switch to xz debs; Add Pre-Depends on dpkg >= 1.15.6 which is needed until after Precise - update debian/rules - update debian/control [ Chris Coulson ] * Refresh patches - update debian/patches/dlopen_sonamed_gl.patch - update debian/patches/webkit_rev_parser.patch * Dropped patches, fixed upstream - remove debian/patches/cups_1.5_build_fix.patch - update debian/patches/series * Don't depend on cdbs being installed to create a tarball - update debian/rules - update debian/cdbs/tarball.mk [ Fabien Tassin ] * Disable NaCl until we figure out what to do with the private toolchain - update debian/rules * Do not install the pseudo_locales files in the debs - update debian/rules * Add python-simplejson to Build-depends. This is needed by NaCl even with NaCl disabled, so this is a temporary workaround to unbreak the build, it must be fixed upstream - update debian/control -- Micah Gersten Wed, 26 Oct 2011 02:52:39 -0500 chromium-browser (14.0.835.202~r103287-0ubuntu2) precise; urgency=low * Switch maintainer to Ubuntu Developers; Thanks to Fabien Tassin for all his work on this package - update debian/control * Switch to internal libvpx; This makes updating easier after release - update debian/rules * Drop build dependency on libvpx due to the switch to internal libvpx - update debian/control * Switch to default libjpeg - update debian/control * Update Vcs-Bzr for precise - update debian/control -- Micah Gersten Tue, 18 Oct 2011 02:50:27 -0500 chromium-browser (14.0.835.202~r103287-0ubuntu1) oneiric; urgency=low * New upstream release from the Stable Channel (LP: #858744) This release fixes the following security issues: + Chromium issues (13.0.782.220): - Trust in Diginotar Intermediate CAs revoked + Chromium issues (14.0.835.163): - [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi. - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski. - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes. - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany. - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG. - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid). + Chromium issues (14.0.835.202): - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). - [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo. + Webkit issues (14.0.835.163): - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. - [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. - [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. + Webkit issues (14.0.835.202): - [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz. + LibXML issue (14.0.835.163): - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning + V8 issues (14.0.835.163): - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. + V8 issues (14.0.835.202): - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. [ Fabien Tassin ] * Add libpulse-dev to Build-Depends, needed for WebRTC - update debian/control * Drop the HTML5 video patch, now committed upstream - remove debian/patches/html5-codecs-fix.patch - update debian/patches/series * Rename ui/base/strings/app_strings.grd to ui_strings.grd following the upstream rename, and add a mapping flag to the grit converter - update debian/rules * Add a "Conflicts" with -inspector so that it gets removed - update debian/control * Build with the default gcc-4.6 on Oneiric - update debian/control - update debian/rules * Refresh Patches -- Micah Gersten Wed, 05 Oct 2011 04:06:44 -0500 chromium-browser (13.0.782.215~r97094-0ubuntu2) oneiric; urgency=low * Enable hardening on armel. LP: #641126. -- Matthias Klose Wed, 21 Sep 2011 23:47:00 +0200 chromium-browser (13.0.782.215~r97094-0ubuntu1) oneiric; urgency=high * New upstream release from the Stable Channel This release fixes the following security issues: + Chromium issues: - [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined). + Webkit issues: - [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. - [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. - [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. - [87453] High, CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov. - [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. - [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. + libxml2 issue: - [89402] High, CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Packaging changes: * Fix a FTBFS with cups 1.5.0 by including individual cups headers - add debian/patches/cups_1.5_build_fix.patch - update debian/patches/series -- Fabien Tassin Tue, 23 Aug 2011 07:22:44 +0200 chromium-browser (13.0.782.107~r94237-0ubuntu2) oneiric; urgency=high * Add libgles2-mesa-dev to Build-deps for Armel (only), fixing a FTBFS - update debian/control -- Fabien Tassin Wed, 03 Aug 2011 21:20:41 +0200 chromium-browser (13.0.782.107~r94237-0ubuntu1) oneiric; urgency=high * New Major upstream release from the Stable Channel This release fixes the following security issues: + Chromium issues: - [75821] Medium, CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. - [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. - [79426] Low, CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. - [81307] Medium, CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. - [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. - [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. - [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. - [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. - [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. - [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). + Webkit issues: - [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. - [83841] Low, CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. - [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. - [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki. - [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. - [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. - [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. - [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. - [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. - [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. - [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. - [87925] High, CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. - [88337] Medium, CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. - [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. - [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. - [88889] High, CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. - [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. - [90222] High, CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov. + ICU 4.6 issue: - [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Packaging changes: * Add a "Conflicts" with -inspector so that it gets removed - update debian/control * Disable PIE for ARM on Oneiric too - update debian/rules * Run the gclient hooks when creating the source tarball, as we need files from the Native Client's integrated runtime (IRT) library. Install the NaCL IRT files in the main deb - update debian/rules - update debian/chromium-browser.install * Drop obsolete patches - remove debian/patches/cups_cleanup_cr6883221.patch - update debian/patches/series -- Fabien Tassin Tue, 02 Aug 2011 17:33:23 +0200 chromium-browser (12.0.742.112~r90304-0ubuntu1) oneiric; urgency=high * New Minor upstream release from the Stable Channel (LP: #803107) This release fixes the following security issues: + WebKit issues: - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz. - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. - [85211] High, CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz. - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz. + Chromium issues: - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG. Packaging changes: * Add Valencian (ca@valencia) to the list of supported langs for the lang-packs - update debian/rules - update debian/control * Add support for language variants in Grit, backported from trunk. This is needed to support lang-codes like ca@valencia - add debian/patches/grit_language_variants.patch - update debian/patches/series * Add a WANT_ONLY_WHITELISTED_NEW_LANGS knob to make it easier to sync translations of new langs between all the branches - update debian/rules * Properly stop the keep-alive when the build fails - update debian/rules * Fix the HTML5