chromium-browser (77.0.3865.90-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 77.0.3865.90 - CVE-2019-13685: Use-after-free in UI. - CVE-2019-13688: Use-after-free in media. - CVE-2019-13687: Use-after-free in media. - CVE-2019-13686: Use-after-free in offline pages. -- Olivier Tilloy Fri, 20 Sep 2019 11:33:49 +0200 chromium-browser (77.0.3865.75-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 77.0.3865.75 - CVE-2019-5870: Use-after-free in media. - CVE-2019-5871: Heap overflow in Skia. - CVE-2019-5872: Use-after-free in Mojo. - CVE-2019-5873: URL bar spoofing on iOS. - CVE-2019-5874: External URIs may trigger other browsers. - CVE-2019-5875: URL bar spoof via download redirect. - CVE-2019-5876: Use-after-free in media. - CVE-2019-5877: Out-of-bounds access in V8. - CVE-2019-5878: Use-after-free in V8. - CVE-2019-5879: Extension can bypass same origin policy. - CVE-2019-5880: SameSite cookie bypass. - CVE-2019-5881: Arbitrary read in SwiftShader. - CVE-2019-13659: URL spoof. - CVE-2019-13660: Full screen notification overlap. - CVE-2019-13661: Full screen notification spoof. - CVE-2019-13662: CSP bypass. - CVE-2019-13663: IDN spoof. - CVE-2019-13664: CSRF bypass. - CVE-2019-13665: Multiple file download protection bypass. - CVE-2019-13666: Side channel using storage size estimate. - CVE-2019-13667: URI bar spoof when using external app URIs. - CVE-2019-13668: Global window leak via console. - CVE-2019-13669: HTTP authentication spoof. - CVE-2019-13670: V8 memory corruption in regex. - CVE-2019-13671: Dialog box fails to show origin. - CVE-2019-13673: Cross-origin information leak using devtools. - CVE-2019-13674: IDN spoofing. - CVE-2019-13675: Extensions can be disabled by trailing slash. - CVE-2019-13676: Google URI shown for certificate warning. - CVE-2019-13677: Chrome web store origin needs to be isolated. - CVE-2019-13678: Download dialog spoofing. - CVE-2019-13679: User gesture needed for printing. - CVE-2019-13680: IP address spoofing to servers. - CVE-2019-13681: Bypass on download restrictions. - CVE-2019-13682: Site isolation bypass. - CVE-2019-13683: Exceptions leaked by devtools. * debian/patches/add-missing-cstddef-include.patch: refreshed * debian/patches/chromium_useragent.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/upstream-fix-blink-build-iterators.patch: removed, no longer needed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-enable-version-string.patch: refreshed -- Olivier Tilloy Tue, 10 Sep 2019 23:25:19 +0200 chromium-browser (76.0.3809.132-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 76.0.3809.132 - CVE-2019-5869: Use-after-free in Blink. * debian/tests/chromium-version: revert the last update test, the chromedriver API change isn't present in xenial's selenium -- Olivier Tilloy Mon, 26 Aug 2019 23:11:35 +0200 chromium-browser (76.0.3809.100-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 76.0.3809.100 - CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction. - CVE-2019-5867: Out-of-bounds read in V8. -- Olivier Tilloy Sat, 10 Aug 2019 15:49:36 +0200 chromium-browser (76.0.3809.87-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 76.0.3809.87 - CVE-2019-5850: Use-after-free in offline page fetcher. - CVE-2019-5860: Use-after-free in PDFium. - CVE-2019-5853: Memory corruption in regexp length check. - CVE-2019-5851: Use-after-poison in offline audio context. - CVE-2019-5859: res: URIs can load alternative browsers. - CVE-2019-5856: Insufficient checks on filesystem: URI permissions. - CVE-2019-5863: Use-after-free in WebUSB on Windows. - CVE-2019-5855: Integer overflow in PDFium. - CVE-2019-5865: Site isolation bypass from compromised renderer. - CVE-2019-5858: Insufficient filtering of Open URL service parameters. - CVE-2019-5864: Insufficient port filtering in CORS for extensions. - CVE-2019-5862: AppCache not robust to compromised renderers. - CVE-2019-5861: Click location incorrectly checked. - CVE-2019-5857: Comparison of -0 and null yields crash. - CVE-2019-5854: Integer overflow in PDFium text rendering. - CVE-2019-5852: Object leak of utility functions. * debian/patches/chromium_useragent.patch: refreshed * debian/patches/closure-compiler-java-no-client-vm.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/fix-ffmpeg-ia32-build.patch: removed, no longer needed * debian/patches/pffft-no-neon.patch: removed, no longer needed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/upstream-fix-blink-build-iterators.patch: added -- Olivier Tilloy Tue, 30 Jul 2019 21:04:42 +0200 chromium-browser (75.0.3770.142-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 75.0.3770.142 -- Olivier Tilloy Tue, 16 Jul 2019 11:52:34 +0200 chromium-browser (75.0.3770.100-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 75.0.3770.100 -- Olivier Tilloy Wed, 19 Jun 2019 13:32:00 +0200 chromium-browser (75.0.3770.90-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 75.0.3770.90 -- Olivier Tilloy Thu, 13 Jun 2019 22:20:23 +0200 chromium-browser (75.0.3770.80-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 75.0.3770.80 - CVE-2019-5828: Use after free in ServiceWorker. - CVE-2019-5829: Use after free in Download Manager. - CVE-2019-5830: Incorrectly credentialed requests in CORS. - CVE-2019-5831: Incorrect map processing in V8. - CVE-2019-5832: Incorrect CORS handling in XHR. - CVE-2019-5833: Inconsistent security UI placement. - CVE-2019-5834: URL spoof in Omnibox on iOS. - CVE-2019-5835: Out of bounds read in Swiftshader. - CVE-2019-5836: Heap buffer overflow in Angle. - CVE-2019-5837: Cross-origin resources size disclosure in Appcache. - CVE-2019-5838: Overly permissive tab access in Extensions. - CVE-2019-5839: Incorrect handling of certain code points in Blink. - CVE-2019-5840: Popup blocker bypass. * debian/rules: replace deprecated remove_webcore_debug_symbols build flag by blink_symbol_level * debian/patches/arm-neon.patch: removed, no longer needed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/fix-ptrace-header-include.patch: refreshed * debian/patches/pffft-no-neon.patch: added * debian/patches/revert-gn-4960.patch: removed, no longer needed * debian/patches/revert-gn-4980.patch: removed, no longer needed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: removed, no longer needed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-enable-version-string.patch: refreshed * debian/known_gn_gen_args-*: remove remove_webcore_debug_symbols build flag * debian/tests/chromium-version: update test to account for an undocumented chromedriver API change * debian/tests/html5test: update test expectations -- Olivier Tilloy Tue, 04 Jun 2019 22:46:48 +0200 chromium-browser (74.0.3729.169-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.169 * debian/patches/revert-gn-4960.patch: added * debian/patches/revert-gn-4980.patch: added * debian/tests/data/HTML5test/index.html: mock whichbrowser.net to remove external test dependency -- Olivier Tilloy Wed, 22 May 2019 12:35:00 +0200 chromium-browser (74.0.3729.157-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.157 -- Olivier Tilloy Mon, 20 May 2019 15:38:40 +0200 chromium-browser (74.0.3729.131-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.131 - CVE-2019-5824: Parameter passing error in media player. -- Olivier Tilloy Wed, 01 May 2019 23:31:31 +0200 chromium-browser (74.0.3729.108-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 74.0.3729.108 - CVE-2019-5805: Use after free in PDFium. - CVE-2019-5806: Integer overflow in Angle. - CVE-2019-5807: Memory corruption in V8. - CVE-2019-5808: Use after free in Blink. - CVE-2019-5809: Use after free in Blink. - CVE-2019-5810: User information disclosure in Autofill. - CVE-2019-5811: CORS bypass in Blink. - CVE-2019-5812: URL spoof in Omnibox on iOS. - CVE-2019-5813: Out of bounds read in V8. - CVE-2019-5814: CORS bypass in Blink. - CVE-2019-5815: Heap buffer overflow in Blink. - CVE-2019-5816: Exploit persistence extension on Android. - CVE-2019-5817: Heap buffer overflow in Angle on Windows. - CVE-2019-5818: Uninitialized value in media reader. - CVE-2019-5819: Incorrect escaping in developer tools. - CVE-2019-5820: Integer overflow in PDFium. - CVE-2019-5821: Integer overflow in PDFium. - CVE-2019-5822: CORS bypass in download manager. - CVE-2019-5823: Forced navigation from service worker. * debian/patches/default-allocator: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/gn-add-missing-arm-impl-files.patch: removed, no longer needed * debian/patches/gn-no-last-commit-position.patch: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-enable-version-string.patch: refreshed -- Olivier Tilloy Thu, 25 Apr 2019 17:34:57 +0200 chromium-browser (73.0.3683.86-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 73.0.3683.86 -- Olivier Tilloy Thu, 21 Mar 2019 09:32:01 +0100 chromium-browser (73.0.3683.75-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 73.0.3683.75 - CVE-2019-5787: Use after free in Canvas. - CVE-2019-5788: Use after free in FileAPI. - CVE-2019-5789: Use after free in WebMIDI. - CVE-2019-5790: Heap buffer overflow in V8. - CVE-2019-5791: Type confusion in V8. - CVE-2019-5792: Integer overflow in PDFium. - CVE-2019-5793: Excessive permissions for private API in Extensions. - CVE-2019-5794: Security UI spoofing. - CVE-2019-5795: Integer overflow in PDFium. - CVE-2019-5796: Race condition in Extensions. - CVE-2019-5797: Race condition in DOMStorage. - CVE-2019-5798: Out of bounds read in Skia. - CVE-2019-5799: CSP bypass with blob URL. - CVE-2019-5800: CSP bypass with blob URL. - CVE-2019-5801: Incorrect Omnibox display on iOS. - CVE-2019-5802: Security UI spoofing. - CVE-2019-5803: CSP bypass with Javascript URLs'. - CVE-2019-5804: Command line command injection on Windows. * debian/patches/additional-search-engines.patch: removed, no longer needed * debian/patches/closure-compiler-java-no-client-vm.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/constexpr-errors-with-old-clang.patch: added * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed * debian/patches/fix-ptrace-header-include.patch: added * debian/patches/gn-no-last-commit-position.patch: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: updated * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-enable-version-string.patch: refreshed -- Olivier Tilloy Tue, 12 Mar 2019 22:11:59 +0100 chromium-browser (72.0.3626.121-0ubuntu0.16.04.2) UNRELEASED; urgency=medium * debian/chromium-chromedriver.links: added for backwards compatibility with existing selenium scripts that expect the chromedriver executable in /usr/lib/chromium-browser/ (LP: #1667208) -- Olivier Tilloy Thu, 07 Mar 2019 15:45:43 +0100 chromium-browser (72.0.3626.121-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 72.0.3626.121 - CVE-2019-5786: Use-after-free in FileReader * debian/patches/gn-fix-link-pthread.patch: removed, no longer needed -- Olivier Tilloy Tue, 05 Mar 2019 16:34:54 +0100 chromium-browser (72.0.3626.119-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 72.0.3626.119 * debian/patches/gn-fix-link-pthread.patch: added -- Olivier Tilloy Mon, 25 Feb 2019 17:05:46 +0100 chromium-browser (72.0.3626.109-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 72.0.3626.109 * debian/rules: - restore old keepalive snippet to prevent builds from timing out during the link phase (this happens often enough on armhf, Launchpad builders have an inactivity timeout of 150 minutes) - install the chromedriver executable in /usr/bin, where python{,3}-selenium and other packages expect it by default (LP: #1667208) * debian/control: make chromium-chromedriver provide "chromium-driver" * debian/chromium-chromedriver.{dirs,install}: removed, no longer needed * debian/tests/{chromium-version,html5test}: remove custom driver path -- Olivier Tilloy Thu, 21 Feb 2019 11:49:50 +0100 chromium-browser (72.0.3626.96-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 72.0.3626.96 - CVE-2019-5784: Inappropriate implementation in V8. * debian/patches/gn-do-not-build-with-icf.patch: removed, no longer needed -- Olivier Tilloy Fri, 08 Feb 2019 18:01:05 +0100 chromium-browser (72.0.3626.81-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 72.0.3626.81 - CVE-2019-5754: Inappropriate implementation in QUIC Networking. - CVE-2019-5782: Inappropriate implementation in V8. - CVE-2019-5755: Inappropriate implementation in V8. - CVE-2019-5756: Use after free in PDFium. - CVE-2019-5757: Type Confusion in SVG. - CVE-2019-5758: Use after free in Blink. - CVE-2019-5759: Use after free in HTML select elements. - CVE-2019-5760: Use after free in WebRTC. - CVE-2019-5761: Use after free in SwiftShader. - CVE-2019-5762: Use after free in PDFium. - CVE-2019-5763: Insufficient validation of untrusted input in V8. - CVE-2019-5764: Use after free in WebRTC. - CVE-2019-5765: Insufficient policy enforcement in the browser. - CVE-2019-5766: Insufficient policy enforcement in Canvas. - CVE-2019-5767: Incorrect security UI in WebAPKs. - CVE-2019-5768: Insufficient policy enforcement in DevTools. - CVE-2019-5769: Insufficient validation of untrusted input in Blink. - CVE-2019-5770: Heap buffer overflow in WebGL. - CVE-2019-5771: Heap buffer overflow in SwiftShader. - CVE-2019-5772: Use after free in PDFium. - CVE-2019-5773: Insufficient data validation in IndexedDB. - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. - CVE-2019-5775: Insufficient policy enforcement in Omnibox. - CVE-2019-5776: Insufficient policy enforcement in Omnibox. - CVE-2019-5777: Insufficient policy enforcement in Omnibox. - CVE-2019-5778: Insufficient policy enforcement in Extensions. - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. - CVE-2019-5780: Insufficient policy enforcement. - CVE-2019-5781: Insufficient policy enforcement in Omnibox. * debian/control: add default-jre-headless as a build dependency (needed to compile the new lite JS mojom bindings) * debian/patches/additional-search-engines.patch: refreshed * debian/patches/chromium_useragent.patch: refreshed * debian/patches/closure-compiler-java-no-client-vm.patch: added * debian/patches/configuration-directory.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/fix-ffmpeg-ia32-build.patch: refreshed * debian/patches/gn-bootstrap-remove-sysroot-options.patch: removed, no longer needed * debian/patches/gn-do-not-build-with-icf.patch: added * debian/patches/gn-no-last-commit-position.patch: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-other-locations: refreshed * debian/tests/html5test: update test expectations -- Olivier Tilloy Wed, 30 Jan 2019 12:48:30 +0100 chromium-browser (71.0.3578.98-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 71.0.3578.98 - CVE-2018-17481: Use after free in PDFium. -- Olivier Tilloy Thu, 13 Dec 2018 12:56:41 +0100 chromium-browser (71.0.3578.80-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 71.0.3578.80 - CVE-2018-17480: Out of bounds write in V8. - CVE-2018-17481: Use after frees in PDFium. - CVE-2018-18335: Heap buffer overflow in Skia. - CVE-2018-18336: Use after free in PDFium. - CVE-2018-18337: Use after free in Blink. - CVE-2018-18338: Heap buffer overflow in Canvas. - CVE-2018-18339: Use after free in WebAudio. - CVE-2018-18340: Use after free in MediaRecorder. - CVE-2018-18341: Heap buffer overflow in Blink. - CVE-2018-18342: Out of bounds write in V8. - CVE-2018-18343: Use after free in Skia. - CVE-2018-18344: Inappropriate implementation in Extensions. - CVE-2018-18345: Inappropriate implementation in Site Isolation. - CVE-2018-18346: Incorrect security UI in Blink. - CVE-2018-18347: Inappropriate implementation in Navigation. - CVE-2018-18348: Inappropriate implementation in Omnibox. - CVE-2018-18349: Insufficient policy enforcement in Blink. - CVE-2018-18350: Insufficient policy enforcement in Blink. - CVE-2018-18351: Insufficient policy enforcement in Navigation. - CVE-2018-18352: Inappropriate implementation in Media. - CVE-2018-18353: Inappropriate implementation in Network Authentication. - CVE-2018-18354: Insufficient data validation in Shell Integration. - CVE-2018-18355: Insufficient policy enforcement in URL Formatter. - CVE-2018-18356: Use after free in Skia. - CVE-2018-18357: Insufficient policy enforcement in URL Formatter. - CVE-2018-18358: Insufficient policy enforcement in Proxy. - CVE-2018-18359: Out of bounds read in V8. * debian/patches/chromium_useragent.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed * debian/patches/gn-no-last-commit-position.patch: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/touch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-allow-enable.patch: removed, no longer needed * debian/patches/widevine-other-locations: refreshed * debian/patches/widevine-revision.patch: renamed to debian/patches/widevine-enable-version-string.patch and updated * debian/tests/html5test: update test expectations -- Olivier Tilloy Tue, 04 Dec 2018 23:08:03 +0100 chromium-browser (70.0.3538.110-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.110 - CVE-2018-17479: Use-after-free in GPU. * debian/patches/relax-ninja-version-requirement.patch: refreshed -- Olivier Tilloy Tue, 20 Nov 2018 12:13:30 +0100 chromium-browser (70.0.3538.102-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.102 - CVE-2018-17478: Out of bounds memory access in V8. * debian/patches/gn-bootstrap-remove-sysroot-options.patch: added -- Olivier Tilloy Thu, 15 Nov 2018 07:08:10 +0100 chromium-browser (70.0.3538.77-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.77 -- Olivier Tilloy Thu, 25 Oct 2018 07:33:53 +0200 chromium-browser (70.0.3538.67-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 70.0.3538.67 - CVE-2018-17462: Sandbox escape in AppCache. - CVE-2018-17463: Remote code execution in V8. - CVE to be assigned: Heap buffer overflow in Little CMS in PDFium. - CVE-2018-17464: URL spoof in Omnibox. - CVE-2018-17465: Use after free in V8. - CVE-2018-17466: Memory corruption in Angle. - CVE-2018-17467: URL spoof in Omnibox. - CVE-2018-17468: Cross-origin URL disclosure in Blink. - CVE-2018-17469: Heap buffer overflow in PDFium. - CVE-2018-17470: Memory corruption in GPU Internals. - CVE-2018-17471: Security UI occlusion in full screen mode. - CVE-2018-17472: iframe sandbox escape on iOS. - CVE-2018-17473: URL spoof in Omnibox. - CVE-2018-17474: Use after free in Blink. - CVE-2018-17475: URL spoof in Omnibox. - CVE-2018-17476: Security UI occlusion in full screen mode. - CVE-2018-5179: Lack of limits on update() in ServiceWorker. - CVE-2018-17477: UI spoof in Extensions. * debian/rules: - remove enable_google_now build flag - remove use_gtk3 build flag * debian/patches/arm-neon.patch: refreshed * debian/patches/chromium_useragent.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/define__libc_malloc.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-other-locations: refreshed * debian/known_gn_gen_args-*: - remove enable_google_now build flag - remove use_gtk3 build flag -- Olivier Tilloy Tue, 16 Oct 2018 22:54:27 +0200 chromium-browser (69.0.3497.100-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 69.0.3497.100 -- Olivier Tilloy Tue, 18 Sep 2018 09:40:32 +0200 chromium-browser (69.0.3497.92-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 69.0.3497.92 - CVE-2018-XXXXX: Function signature mismatch in WebAssembly. - CVE-2018-XXXXX: URL Spoofing in Omnibox. * debian/rules: exclude more build artifacts from the binary package -- Olivier Tilloy Tue, 11 Sep 2018 23:51:57 +0200 chromium-browser (69.0.3497.81-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 69.0.3497.81 - CVE-2018-16065: Out of bounds write in V8. - CVE-2018-16066: Out of bounds read in Blink. - CVE-2018-16067: Out of bounds read in WebAudio. - CVE-2018-16068: Out of bounds write in Mojo. - CVE-2018-16069: Out of bounds read in SwiftShader. - CVE-2018-16070: Integer overflow in Skia. - CVE-2018-16071: Use after free in WebRTC. - CVE-2018-16072: Cross origin pixel leak in Chrome's interaction with Android's MediaPlayer. - CVE-2018-16073: Site Isolation bypass after tab restore. - CVE-2018-16074: Site Isolation bypass using Blob URLS. - CVE-2018-16075: Local file access in Blink. - CVE-2018-16076: Out of bounds read in PDFium. - CVE-2018-16077: Content security policy bypass in Blink. - CVE-2018-16078: Credit card information leak in Autofill. - CVE-2018-16079: URL spoof in permission dialogs. - CVE-2018-16080: URL spoof in full screen mode. - CVE-2018-16081: Local file access in DevTools. - CVE-2018-16082: Stack buffer overflow in SwiftShader. - CVE-2018-16083: Out of bounds read in WebRTC. - CVE-2018-16084: User confirmation bypass in external protocol handling. - CVE-2018-16085: Use after free in Memory Instrumentation. * debian/control: add uuid-dev as a build dependency (needed by fontconfig) * debian/rules: specify AR=llvm-ar-6.0 to build gn * debian/patches/additional-search-engines.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-extra-arflags.patch: refreshed * debian/patches/gn-add-missing-arm-impl-files.patch: added * debian/patches/last-commit-position: replaced by debian/patches/gn-no-last-commit-position.patch * debian/patches/no-new-ninja-flag.patch: updated * debian/patches/relax-ninja-version-requirement.patch: updated * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/title-bar-default-system.patch-v35: refreshed -- Olivier Tilloy Wed, 05 Sep 2018 13:47:36 +0200 chromium-browser (68.0.3440.106-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 68.0.3440.106 -- Olivier Tilloy Thu, 09 Aug 2018 00:10:42 +0200 chromium-browser (68.0.3440.84-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 68.0.3440.84 * debian/patches/add-missing-base-namespace.patch: removed, no longer needed * debian/patches/widevine-other-locations: updated -- Olivier Tilloy Wed, 01 Aug 2018 09:09:41 +0200 chromium-browser (68.0.3440.75-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 68.0.3440.75 - CVE-2018-6153: Stack buffer overflow in Skia. - CVE-2018-6154: Heap buffer overflow in WebGL. - CVE-2018-6155: Use after free in WebRTC. - CVE-2018-6156: Heap buffer overflow in WebRTC. - CVE-2018-6157: Type confusion in WebRTC. - CVE-2018-6158: Use after free in Blink. - CVE-2018-6159: Same origin policy bypass in ServiceWorker. - CVE-2018-6160: URL spoof in Chrome on iOS. - CVE-2018-6161: Same origin policy bypass in WebAudio. - CVE-2018-6162: Heap buffer overflow in WebGL. - CVE-2018-6163: URL spoof in Omnibox. - CVE-2018-6164: Same origin policy bypass in ServiceWorker. - CVE-2018-6165: URL spoof in Omnibox. - CVE-2018-6166: URL spoof in Omnibox. - CVE-2018-6167: URL spoof in Omnibox. - CVE-2018-6168: CORS bypass in Blink. - CVE-2018-6169: Permissions bypass in extension installation. - CVE-2018-6170: Type confusion in PDFium. - CVE-2018-6171: Use after free in WebBluetooth. - CVE-2018-6172: URL spoof in Omnibox. - CVE-2018-6173: URL spoof in Omnibox. - CVE-2018-6174: Integer overflow in SwiftShader. - CVE-2018-6175: URL spoof in Omnibox. - CVE-2018-6176: Local user privilege escalation in Extensions. - CVE-2018-6177: Cross origin information leak in Blink. - CVE-2018-6178: UI spoof in Extensions. - CVE-2018-6179: Local file information leak in Extensions. - CVE-2018-6044: Request privilege escalation in Extensions. - CVE-2018-4117: Cross origin information leak in Blink. * debian/rules: - remove enable_webrtc build flag - make ninja less verbose to reduce build log size * debian/chromium-browser.sh.in: parse flashplugin manifest with Python 3 (LP: #1772448) * debian/patches/add-missing-base-namespace.patch: added * debian/patches/chromium_useragent.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-crashpad-linux-compat.patch: removed, no longer needed * debian/patches/fix-extra-arflags.patch: updated * debian/patches/fix-ffmpeg-ia32-build.patch: updated * debian/patches/last-commit-position: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: updated * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/touch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/known_gn_gen_args-*: remove enable_webrtc build flag -- Olivier Tilloy Wed, 25 Jul 2018 10:51:24 +0200 chromium-browser (67.0.3396.99-0ubuntu0.16.04.2) xenial; urgency=medium * debian/patches/libcxxabi-arm-ehabi-fix.patch: removed, no longer needed -- Olivier Tilloy Wed, 11 Jul 2018 10:22:52 +0200 chromium-browser (67.0.3396.99-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 67.0.3396.99 - CVE-2018-6148: Incorrect handling of CSP header. - CVE-2018-6149: Out of bounds write in V8. * debian/control: build-depend on clang-6.0 and llvm-6.0, which are now in xenial-updates * debian/rules: build gn with clang 6.0 * debian/patches/revert-clang-nostdlib++.patch: removed, no longer needed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/use-clang-versioned.patch: updated -- Olivier Tilloy Mon, 09 Jul 2018 23:51:26 +0200 chromium-browser (67.0.3396.62-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 67.0.3396.62 - CVE-2018-6123: Use after free in Blink. - CVE-2018-6124: Type confusion in Blink. - CVE-2018-6125: Overly permissive policy in WebUSB. - CVE-2018-6126: Heap buffer overflow in Skia. - CVE-2018-6127: Use after free in indexedDB. - CVE-2018-6128: uXSS in Chrome on iOS. - CVE-2018-6129: Out of bounds memory access in WebRTC. - CVE-2018-6130: Out of bounds memory access in WebRTC. - CVE-2018-6131: Incorrect mutability protection in WebAssembly. - CVE-2018-6132: Use of uninitialized memory in WebRTC. - CVE-2018-6133: URL spoof in Omnibox. - CVE-2018-6134: Referrer Policy bypass in Blink. - CVE-2018-6135: UI spoofing in Blink. - CVE-2018-6136: Out of bounds memory access in V8. - CVE-2018-6137: Leak of visited status of page in Blink. - CVE-2018-6138: Overly permissive policy in Extensions. - CVE-2018-6139: Restrictions bypass in the debugger extension API. - CVE-2018-6140: Restrictions bypass in the debugger extension API. - CVE-2018-6141: Heap buffer overflow in Skia. - CVE-2018-6142: Out of bounds memory access in V8. - CVE-2018-6143: Out of bounds memory access in V8. - CVE-2018-6144: Out of bounds memory access in PDFium. - CVE-2018-6145: Incorrect escaping of MathML in Blink. - CVE-2018-6147: Password fields not taking advantage of OS protections in Views. * debian/rules: stop installing an outdated chromium-browser.svg icon (LP: #1771847) * debian/chromium-browser.svg: removed (outdated) * debian/patches/additional-search-engines.patch: refreshed * debian/patches/configuration-directory.patch: refreshed * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: updated * debian/patches/fix-crashpad-linux-compat.patch: added * debian/patches/fix-extra-arflags.patch: added * debian/patches/libcxxabi-arm-ehabi-fix.patch: refreshed * debian/patches/no-new-ninja-flag.patch: updated * debian/patches/revert-clang-nostdlib++.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/skia-disable-neon.patch: removed, no longer needed * debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-allow-enable.patch: added * debian/patches/widevine-other-locations: updated -- Olivier Tilloy Wed, 30 May 2018 14:06:56 +0200 chromium-browser (66.0.3359.181-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 66.0.3359.181 -- Olivier Tilloy Tue, 15 May 2018 22:36:44 +0200 chromium-browser (66.0.3359.170-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 66.0.3359.170 - CVE-2018-6121: Privilege Escalation in extensions. - CVE-2018-6122: Type confusion in V8. - CVE-2018-6120: Heap buffer overflow in PDFium. -- Olivier Tilloy Fri, 11 May 2018 16:17:04 +0200 chromium-browser (66.0.3359.139-0ubuntu0.16.04.3) xenial; urgency=medium * debian/control: build-depend on clang-5.0 and llvm-5.0, which are now in xenial-updates * debian/rules: build gn with clang 5.0 * debian/patches/restore-clang-no-integrated-as.patch: removed, no longer needed * debian/patches/skia-undef-HWCAP_CRC32.patch: added * debian/patches/use-clang-versioned.patch: updated -- Olivier Tilloy Fri, 04 May 2018 16:28:21 +0200 chromium-browser (66.0.3359.139-0ubuntu0.16.04.2) xenial; urgency=medium * debian/patches/libcxxabi-arm-ehabi-fix.patch: added (LP: #1768653) -- Olivier Tilloy Thu, 03 May 2018 16:31:41 +0200 chromium-browser (66.0.3359.139-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 66.0.3359.139 - CVE-2018-6118: Use after free in Media Cache. * debian/patches/add-missing-blink-tools.patch: removed, no longer needed -- Olivier Tilloy Wed, 02 May 2018 20:32:00 +0200 chromium-browser (66.0.3359.117-0ubuntu0.16.04) UNRELEASED; urgency=medium * Upstream release: 66.0.3359.117 - CVE-2018-6085: Use after free in Disk Cache. - CVE-2018-6086: Use after free in Disk Cache. - CVE-2018-6087: Use after free in WebAssembly. - CVE-2018-6088: Use after free in PDFium. - CVE-2018-6089: Same origin policy bypass in Service Worker. - CVE-2018-6090: Heap buffer overflow in Skia. - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. - CVE-2018-6092: Integer overflow in WebAssembly. - CVE-2018-6093: Same origin bypass in Service Worker. - CVE-2018-6094: Exploit hardening regression in Oilpan. - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. - CVE-2018-6096: Fullscreen UI spoof. - CVE-2018-6097: Fullscreen UI spoof. - CVE-2018-6098: URL spoof in Omnibox. - CVE-2018-6099: CORS bypass in ServiceWorker. - CVE-2018-6100: URL spoof in Omnibox. - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools. - CVE-2018-6102: URL spoof in Omnibox. - CVE-2018-6103: UI spoof in Permissions. - CVE-2018-6104: URL spoof in Omnibox. - CVE-2018-6105: URL spoof in Omnibox. - CVE-2018-6106: Incorrect handling of promises in V8. - CVE-2018-6107: URL spoof in Omnibox. - CVE-2018-6108: URL spoof in Omnibox. - CVE-2018-6109: Incorrect handling of files by FileAPI. - CVE-2018-6110: Incorrect handling of plaintext files via file://. - CVE-2018-6111: Heap-use-after-free in DevTools. - CVE-2018-6112: Incorrect URL handling in DevTools. - CVE-2018-6113: URL spoof in Navigation. - CVE-2018-6114: CSP bypass. - CVE-2018-6115: SmartScreen bypass in downloads. - CVE-2018-6116: Incorrect low memory handling in WebAssembly. - CVE-2018-6117: Confusing autofill settings. - CVE-2018-6084: Incorrect use of Distributed Objects in Google Software Updater on MacOS. * debian/rules: - remove use_system_sqlite build flag - force rtc_use_h264=true (LP: #1763662) * debian/patches/add-missing-blink-tools.patch: added * debian/patches/configuration-directory.patch: refreshed * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/last-commit-position: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/revert-clang-nostdlib++.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/skia-disable-neon.patch: added * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/touch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-other-locations: refreshed * debian/known_gn_gen_args-*: remove use_system_sqlite build flag -- Olivier Tilloy Wed, 02 May 2018 20:17:40 +0200 chromium-browser (65.0.3325.181-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 65.0.3325.181 -- Olivier Tilloy Wed, 21 Mar 2018 13:51:29 +0100 chromium-browser (65.0.3325.146-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 65.0.3325.146 - CVE-2018-6058: Use after free in Flash. - CVE-2018-6059: Use after free in Flash. - CVE-2018-6060: Use after free in Blink. - CVE-2018-6061: Race condition in V8. - CVE-2018-6062: Heap buffer overflow in Skia. - CVE-2018-6057: Incorrect permissions on shared memory. - CVE-2018-6063: Incorrect permissions on shared memory. - CVE-2018-6064: Type confusion in V8. - CVE-2018-6065: Integer overflow in V8. - CVE-2018-6066: Same Origin Bypass via canvas. - CVE-2018-6067: Buffer overflow in Skia. - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. - CVE-2018-6069: Stack buffer overflow in Skia. - CVE-2018-6070: CSP bypass through extensions. - CVE-2018-6071: Heap bufffer overflow in Skia. - CVE-2018-6072: Integer overflow in PDFium. - CVE-2018-6073: Heap bufffer overflow in WebGL. - CVE-2018-6074: Mark-of-the-Web bypass. - CVE-2018-6075: Overly permissive cross origin downloads. - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. - CVE-2018-6077: Timing attack using SVG filters. - CVE-2018-6078: URL Spoof in OmniBox. - CVE-2018-6079: Information disclosure via texture data in WebGL. - CVE-2018-6080: Information disclosure in IPC call. - CVE-2018-6081: XSS in interstitials. - CVE-2018-6082: Circumvention of port blocking. - CVE-2018-6083: Incorrect processing of AppManifests. * debian/rules: remove use_gconf build flag * debian/patches/3-chrome-xid.patch: removed, unused * debian/patches/5-desktop-integration-settings.patch: removed, unused * debian/patches/6-passwordless-install-support.patch: removed, unused * debian/patches/7-npapi-permission-not-defaults-to-unauthorized.patch: removed, unused * debian/patches/additional-search-engines.patch: refreshed * debian/patches/breakpad: removed, unused * debian/patches/cups-include-deprecated-ppd: removed, unused * debian/patches/define__libc_malloc.patch: refreshed * debian/patches/disable-sse2: updated * debian/patches/display-scaling-default-value: removed, unused * debian/patches/do-not-use-bundled-clang: removed, unused * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/enable_vaapi_on_linux.diff: removed, unused * debian/patches/flash-redirection: removed, unused * debian/patches/format-flag.patch: removed, unused * debian/patches/gpu_default_disabled: removed, unused * debian/patches/gsettings-display-scaling: removed, unused * debian/patches/ld-memory-32bit.patch: removed, unused * debian/patches/linker-asneeded-bug.patch: removed, unused * debian/patches/lp-translations-paths: removed, unused * debian/patches/mir-ozone-module: removed, unused * debian/patches/mir-support: removed, unused * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/relax-ninja-version-requirement.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/wayland-ozone: removed, unused * debian/patches/xdg-settings-multiexec-desktopfiles.patch: removed, unused * debian/known_gn_gen_args-*: remove use_gconf build flag -- Olivier Tilloy Wed, 07 Mar 2018 14:24:07 +0100 chromium-browser (64.0.3282.167-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 64.0.3282.167 - CVE-2018-6056: Incorrect derived class instantiation in V8. -- Olivier Tilloy Wed, 14 Feb 2018 11:54:37 +0100 chromium-browser (64.0.3282.140-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 64.0.3282.140 -- Olivier Tilloy Fri, 02 Feb 2018 15:30:32 +0100 chromium-browser (64.0.3282.119-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 64.0.3282.119 - CVE-2018-6031: Use after free in PDFium. - CVE-2018-6032: Same origin bypass in Shared Worker. - CVE-2018-6033: Race when opening downloaded files. - CVE-2018-6034: Integer overflow in Blink. - CVE-2018-6035: Insufficient isolation of devtools from extensions. - CVE-2018-6036: Integer underflow in WebAssembly. - CVE-2018-6037: Insufficient user gesture requirements in autofill. - CVE-2018-6038: Heap buffer overflow in WebGL. - CVE-2018-6039: XSS in DevTools. - CVE-2018-6040: Content security policy bypass. - CVE-2018-6041: URL spoof in Navigation. - CVE-2018-6042: URL spoof in OmniBox. - CVE-2018-6043: Insufficient escaping with external URL handlers. - CVE-2018-6045: Insufficient isolation of devtools from extensions. - CVE-2018-6046: Insufficient isolation of devtools from extensions. - CVE-2018-6047: Cross origin URL leak in WebGL. - CVE-2018-6048: Referrer policy bypass in Blink. - CVE-2017-15420: URL spoofing in Omnibox. - CVE-2018-6049: UI spoof in Permissions. - CVE-2018-6050: URL spoof in OmniBox. - CVE-2018-6051: Referrer leak in XSS Auditor. - CVE-2018-6052: Incomplete no-referrer policy implementation. - CVE-2018-6053: Leak of page thumbnails in New Tab Page. - CVE-2018-6054: Use after free in WebUI. * debian/control: update reference URL for chromedriver * debian/rules: - remove enable_hotwording build flag - exclude build artifacts from the binary package (LP: #1742653) * debian/patches/add-missing-cstddef-include.patch: added * debian/patches/configuration-directory.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-ffmpeg-ia32-build.patch: added * debian/patches/last-commit-position: refreshed * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/relax-ninja-version-requirement.patch: refreshed * debian/patches/restore-clang-no-integrated-as.patch: added * debian/patches/revert-clang-nostdlib++.patch: updated * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/touch-v35: refreshed * debian/patches/widevine-other-locations: updated (LP: #1738149) * debian/known_gn_gen_args-*: remove enable_hotwording build flag -- Olivier Tilloy Wed, 24 Jan 2018 23:32:17 +0100 chromium-browser (63.0.3239.132-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 63.0.3239.132 * debian/rules: do not install files used for building only (LP: #1742653) -- Olivier Tilloy Sun, 14 Jan 2018 21:29:46 +0100 chromium-browser (63.0.3239.108-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 63.0.3239.108 - CVE-2017-15429: UXSS in V8. * debian/control: update Vcs-Bzr field -- Olivier Tilloy Fri, 15 Dec 2017 09:46:08 +0100 chromium-browser (63.0.3239.84-0ubuntu0.16.04.1) xenial; urgency=medium * Upstream release: 63.0.3239.84 - CVE-2017-15407: Out of bounds write in QUIC. - CVE-2017-15408: Heap buffer overflow in PDFium. - CVE-2017-15409: Out of bounds write in Skia. - CVE-2017-15410: Use after free in PDFium. - CVE-2017-15411: Use after free in PDFium. - CVE-2017-15412: Use after free in libXML. - CVE-2017-15413: Type confusion in WebAssembly. - CVE-2017-15415: Pointer information disclosure in IPC call. - CVE-2017-15416: Out of bounds read in Blink. - CVE-2017-15417: Cross origin information disclosure in Skia. - CVE-2017-15418: Use of uninitialized value in Skia. - CVE-2017-15419: Cross origin leak of redirect URL in Blink. - CVE-2017-15420: URL spoofing in Omnibox. - CVE-2017-15422: Integer overflow in ICU. - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. - CVE-2017-15424: URL Spoof in Omnibox. - CVE-2017-15425: URL Spoof in Omnibox. - CVE-2017-15426: URL Spoof in Omnibox. - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. * debian/rules: - replace allow_posix_link_time_opt=false by use_lld=false, is_cfi=false and use_thin_lto=false - rename use_vulcanize GN flag to optimize_webui - generate the man page as it's not being built with chromium any longer (since commit 64b961499bebc54fe48478f5e37477252c7887fa) - build gn with clang * debian/patches/arm-neon.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix-gn-bootstrap.patch: removed, no longer needed * debian/patches/fix_building_widevinecdm_with_chromium.patch: replaced by debian/patches/widevine-revision.patch * debian/patches/no-new-ninja-flag.patch: refreshed * debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: added * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: updated * debian/patches/suppress-newer-clang-warning-flags.patch: updated * debian/patches/touch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-other-locations: updated (LP: #1652110) * debian/patches/widevine-revision.patch: added (LP: #1652110) -- Olivier Tilloy Thu, 07 Dec 2017 13:43:39 +0100 chromium-browser (62.0.3202.94-0ubuntu0.16.04.1317) xenial; urgency=medium * Upstream release: 62.0.3202.94 -- Olivier Tilloy Mon, 13 Nov 2017 23:17:10 +0100 chromium-browser (62.0.3202.89-0ubuntu0.16.04.1315) xenial; urgency=medium * Upstream release: 62.0.3202.89 - CVE-2017-15398: Stack buffer overflow in QUIC. - CVE-2017-15399: Use after free in V8. -- Olivier Tilloy Mon, 06 Nov 2017 22:59:12 +0100 chromium-browser (62.0.3202.75-0ubuntu0.16.04.1313) xenial; urgency=medium * Upstream release: 62.0.3202.75 - CVE-2017-15396: Stack overflow in V8. * debian/control: bump Standards-Version to 4.1.1 * debian/patches/set-rpath-on-chromium-executables.patch: updated * debian/tests/*: - removed stale autopkgtests - added new autopkgtests based on chromium's new headless mode * debian/source/include-binaries: updated to reflect new binary data in tests -- Olivier Tilloy Fri, 27 Oct 2017 19:48:18 +0200 chromium-browser (62.0.3202.62-0ubuntu0.16.04.1308) xenial; urgency=medium * Upstream release: 62.0.3202.62 - CVE-2017-5124: UXSS with MHTML. - CVE-2017-5125: Heap overflow in Skia. - CVE-2017-5126: Use after free in PDFium. - CVE-2017-5127: Use after free in PDFium. - CVE-2017-5128: Heap overflow in WebGL. - CVE-2017-5129: Use after free in WebAudio. - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. - CVE-2017-5130: Heap overflow in libxml2. - CVE-2017-5131: Out of bounds write in Skia. - CVE-2017-5133: Out of bounds write in Skia. - CVE-2017-15386: UI spoofing in Blink. - CVE-2017-15387: Content security bypass. - CVE-2017-15388: Out of bounds read in Skia. - CVE-2017-15389: URL spoofing in OmniBox. - CVE-2017-15390: URL spoofing in OmniBox. - CVE-2017-15391: Extension limitation bypass in Extensions. - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. - CVE-2017-15393: Referrer leak in Devtools. - CVE-2017-15394: URL spoofing in extensions UI. - CVE-2017-15395: Null pointer dereference in ImageCapture. * debian/control: bump Standards-Version to 4.1.0 * debian/patches/additional-search-engines.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: removed, no longer needed * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: removed, no longer needed * debian/patches/no-new-ninja-flag.patch: added * debian/patches/revert-clang-nostdlib++.patch: added * debian/patches/search-credit.patch: refreshed * debian/patches/set-rpath-on-chromium-executables.patch: refreshed * debian/patches/suppress-newer-clang-warning-flags.patch: added * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: refreshed * debian/patches/widevine-other-locations: refreshed -- Olivier Tilloy Wed, 18 Oct 2017 22:47:27 +0200 chromium-browser (61.0.3163.100-0ubuntu0.16.04.1306) xenial; urgency=medium * debian/patches/set-rpath-on-chromium-executables.patch: added (LP: #1718885) * debian/chromium-browser.sh.in: remove LD_LIBRARY_PATH manipulation, made unnecessary by patch above -- Olivier Tilloy Tue, 26 Sep 2017 09:53:03 -0400 chromium-browser (61.0.3163.100-0ubuntu0.16.04.1304) xenial; urgency=medium * Upstream release: 61.0.3163.100 - CVE-2017-5121: Out-of-bounds access in V8. - CVE-2017-5122: Out-of-bounds access in V8. -- Olivier Tilloy Fri, 22 Sep 2017 22:30:55 +0200 chromium-browser (61.0.3163.91-0ubuntu0.16.04.1302) xenial; urgency=medium * Upstream release: 61.0.3163.91 -- Olivier Tilloy Fri, 15 Sep 2017 10:41:15 +0200 chromium-browser (61.0.3163.79-0ubuntu0.16.04.1300) xenial; urgency=medium * Upstream release: 61.0.3163.79 - CVE-2017-5111: Use after free in PDFium. - CVE-2017-5112: Heap buffer overflow in WebGL. - CVE-2017-5113: Heap buffer overflow in Skia. - CVE-2017-5114: Memory lifecycle issue in PDFium. - CVE-2017-5115: Type confusion in V8. - CVE-2017-5116: Type confusion in V8. - CVE-2017-5117: Use of uninitialized value in Skia. - CVE-2017-5118: Bypass of Content Security Policy in Blink. - CVE-2017-5119: Use of uninitialized value in Skia. - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. * debian/control: - bump Standards-Version to 4.0.0 - add build dependency on llvm-4.0 * debian/rules: build with is_component_build=false, is_official_build=true, allow_posix_link_time_opt=false and fatal_linker_warnings=false * debian/patches/additional-search-engines.patch: refreshed * debian/patches/define__libc_malloc.patch: added * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: refreshed * debian/patches/fix-compilation-for-atk.patch: added * debian/patches/fix-gn-bootstrap.patch: updated * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/make-base-numerics-build-with-gcc.patch: added * debian/patches/relax-ninja-version-requirement.patch: added * debian/patches/revert-llvm-ar.patch: removed, no longer needed * debian/patches/search-credit.patch: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: updated -- Olivier Tilloy Mon, 11 Sep 2017 22:53:22 +0200 chromium-browser (60.0.3112.113-0ubuntu0.16.04.1298) xenial; urgency=medium * Upstream release: 60.0.3112.113 -- Olivier Tilloy Fri, 25 Aug 2017 08:12:34 +0200 chromium-browser (60.0.3112.90-0ubuntu0.16.04) UNRELEASED; urgency=medium * Upstream release: 60.0.3112.90 -- Olivier Tilloy Thu, 03 Aug 2017 12:38:40 +0200 chromium-browser (60.0.3112.78-0ubuntu0.16.04.1293) xenial; urgency=medium * Upstream release: 60.0.3112.78 - CVE-2017-5091: Use after free in IndexedDB. - CVE-2017-5092: Use after free in PPAPI. - CVE-2017-5093: UI spoofing in Blink. - CVE-2017-5094: Type confusion in extensions. - CVE-2017-5095: Out-of-bounds write in PDFium. - CVE-2017-5096: User information leak via Android intents. - CVE-2017-5097: Out-of-bounds read in Skia. - CVE-2017-5098: Use after free in V8. - CVE-2017-5099: Out-of-bounds write in PPAPI. - CVE-2017-5100: Use after free in Chrome Apps. - CVE-2017-5101: URL spoofing in OmniBox. - CVE-2017-5102: Uninitialized use in Skia. - CVE-2017-5103: Uninitialized use in Skia. - CVE-2017-5104: UI spoofing in browser. - CVE-2017-5105: URL spoofing in OmniBox. - CVE-2017-5106: URL spoofing in OmniBox. - CVE-2017-5107: User information leak via SVG. - CVE-2017-5108: Type confusion in PDFium. - CVE-2017-5109: UI spoofing in browser. - CVE-2017-5110: UI spoofing in payments dialog. - CVE-2017-7000: Pointer disclosure in SQLite. * debian/control, debian/rules: build with clang 4.0 * debian/patches/additional-search-engines.patch: refreshed * debian/patches/allow-component-build: removed, unused * debian/patches/arm64-vpx-alignment: removed, no longer needed * debian/patches/defang-ct-timebomb: removed, unused * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/patches/last-commit-position: refreshed * debian/patches/linux-dma-buf.patch: removed, no longer needed * debian/patches/memory-free-assertion-failure: removed, no longer needed * debian/patches/no-fPIC.patch: removed, no longer needed * debian/patches/protobuf-fullness: removed, unused * debian/patches/revert-llvm-ar.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: removed, no longer needed * debian/patches/stdatomic: removed, no longer needed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/use-clang-versioned.patch: added * debian/patches/use-gcc-versioned: removed, no longer needed * debian/known_gyp_flags: removed, unused * debian/known_gn_gen_args-[i386,amd64,armhf]: added -- Olivier Tilloy Mon, 31 Jul 2017 17:25:16 +0200 chromium-browser (59.0.3071.109-0ubuntu0.16.04.1291) xenial; urgency=medium * debian/patches/fix-argument-evaluation-order.patch: added (LP: #1702407) -- Olivier Tilloy Fri, 07 Jul 2017 10:53:25 +0200 chromium-browser (59.0.3071.109-0ubuntu0.16.04.1289) xenial; urgency=medium * Upstream release: 59.0.3071.109 -- Olivier Tilloy Wed, 21 Jun 2017 06:47:10 +0200 chromium-browser (59.0.3071.104-0ubuntu0.16.04.1287) xenial; urgency=medium * Upstream release: 59.0.3071.104 - CVE-2017-5087: Sandbox Escape in IndexedDB. - CVE-2017-5088: Out of bounds read in V8. - CVE-2017-5089: Domain spoofing in Omnibox. -- Olivier Tilloy Fri, 16 Jun 2017 06:51:06 +0200 chromium-browser (59.0.3071.86-0ubuntu0.16.04.1285) xenial; urgency=medium * debian/control: build-depend on gcc 5 (LP: #1697496) * debian/patches/use-gcc-versioned: removed, no longer needed * debian/patches/no-fPIC.patch: removed, no longer needed -- Olivier Tilloy Tue, 13 Jun 2017 10:36:34 +0200 chromium-browser (59.0.3071.86-0ubuntu0.16.04.1283) xenial; urgency=medium * Upstream release: 59.0.3071.86 - CVE-2017-5070: Type confusion in V8. - CVE-2017-5071: Out of bounds read in V8. - CVE-2017-5072: Address spoofing in Omnibox. - CVE-2017-5073: Use after free in print preview. - CVE-2017-5074: Use after free in Apps Bluetooth. - CVE-2017-5075: Information leak in CSP reporting. - CVE-2017-5086: Address spoofing in Omnibox. - CVE-2017-5076: Address spoofing in Omnibox. - CVE-2017-5077: Heap buffer overflow in Skia. - CVE-2017-5078: Possible command injection in mailto handling. - CVE-2017-5079: UI spoofing in Blink. - CVE-2017-5080: Use after free in credit card autofill. - CVE-2017-5081: Extension verification bypass. - CVE-2017-5082: Insufficient hardening in credit card editor. - CVE-2017-5083: UI spoofing in Blink. - CVE-2017-5085: Inappropriate javascript execution on WebUI pages. * debian/patches/additional-search-engines.patch: refreshed * debian/patches/chromium_useragent.patch: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default.patch: renamed, and really enable chromecast (LP: #1621753) * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/last-commit-position: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/series: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/stdatomic: refreshed * debian/patches/touch-v35: refreshed * debian/patches/use-gcc-versioned: refreshed * debian/patches/fix-gn-bootstrap.patch: removed, no longer needed * debian/patches/revert-llvm-ar.patch: added * debian/patches/linux-dma-buf.patch: added * debian/patches/no-fPIC.patch: added * debian/control: - bump Standards-Version to 3.9.8 - remove build dependency on libgtk2.0-dev - remove build dependency on libgconf2-dev * debian/rules: - build with GTK3 by default to match upstream (https://bugs.chromium.org/p/chromium/issues/detail?id=79722) - do not build with GConf support (LP: #1669100) * debian/apport/chromium-browser.py: - fetch info about libgtk-3-0 - do not fetch GConf key values -- Olivier Tilloy Tue, 06 Jun 2017 06:39:12 +0200 chromium-browser (58.0.3029.110-0ubuntu0.16.04.1281) xenial; urgency=medium * Upstream release: 58.0.3029.110 * debian/control: bump Standards-Version to 3.9.8 -- Olivier Tilloy Wed, 10 May 2017 07:23:02 +0200 chromium-browser (58.0.3029.96-0ubuntu0.16.04.1279) xenial; urgency=medium * Upstream release: 58.0.3029.96 - CVE-2017-5068: Race condition in WebRTC. -- Olivier Tilloy Wed, 03 May 2017 06:49:16 +0200 chromium-browser (58.0.3029.81-0ubuntu0.16.04.1277) xenial; urgency=medium * Upstream release: 58.0.3029.81 - CVE-2017-5057: Type confusion in PDFium. - CVE-2017-5058: Heap use after free in Print Preview. - CVE-2017-5059: Type confusion in Blink. - CVE-2017-5060: URL spoofing in Omnibox. - CVE-2017-5061: URL spoofing in Omnibox. - CVE-2017-5062: Use after free in Chrome Apps. - CVE-2017-5063: Heap overflow in Skia. - CVE-2017-5064: Use after free in Blink. - CVE-2017-5065: Incorrect UI in Blink. - CVE-2017-5066: Incorrect signature handing in Networking. - CVE-2017-5067: URL spoofing in Omnibox. - CVE-2017-5069: Cross-origin bypass in Blink. * debian/patches/arm.patch: removed, no longer needed * debian/patches/gtk-ui-stdmove: removed, no longer needed (upstreamed) * debian/patches/screen_capturer: removed, no longer needed (upstreamed) * debian/patches/default-allocator: refreshed * debian/patches/disable-sse2: refreshed * debian/patches/enable-chromecast-by-default: refreshed * debian/patches/fix_building_widevinecdm_with_chromium.patch: refreshed * debian/patches/search-credit.patch: refreshed * debian/patches/snapshot-library-link: refreshed * debian/patches/title-bar-default-system.patch-v35: refreshed * debian/patches/fix-gn-bootstrap.patch: added * debian/rules: disable the use of Vulcanize, the required node.js modules are not readily available -- Olivier Tilloy Mon, 24 Apr 2017 11:40:21 +0200 chromium-browser (57.0.2987.98-0ubuntu1) UNRELEASED; urgency=medium * Upstream release: 57.0.2987.98. - CVE-2017-5030: Memory corruption in V8. - CVE-2017-5031: Use after free in ANGLE. - CVE-2017-5032: Out of bounds write in PDFium. - CVE-2017-5029: Integer overflow in libxslt. - CVE-2017-5034: Use after free in PDFium. - CVE-2017-5035: Incorrect security UI in Omnibox. - CVE-2017-5036: Use after free in PDFium. - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. - CVE-2017-5039: Use after free in PDFium. - CVE-2017-5040: Information disclosure in V8. - CVE-2017-5041: Address spoofing in Omnibox. - CVE-2017-5033: Bypass of Content Security Policy in Blink. - CVE-2017-5042: Incorrect handling of cookies in Cast. - CVE-2017-5038: Use after free in GuestView. - CVE-2017-5043: Use after free in GuestView. - CVE-2017-5044: Heap overflow in Skia. - CVE-2017-5045: Information disclosure in XSS Auditor. - CVE-2017-5046: Information disclosure in Blink. * debian/patches/arm64-support no longer needed * debian/patches/stdatomic: Support gcc48. * debian/patches/snapshot-library-link: Add missing libsnapshot link * debian/patches/gtk-ui-stdmove: fix && pointer return with std::move * debian/control: Drop binary arch "any" and explicitly list four. * debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some compilers. * debian/rules: Fix armhf float ABI and remove unnecessary envvars. (LP: #1673276) -- Chad MILLER Wed, 15 Mar 2017 21:12:35 -0400 chromium-browser (56.0.2924.76-0ubuntu0.16.04.1268) xenial-security; urgency=medium * Upstream release: 56.0.2924.76 - CVE-2017-5007: Universal XSS in Blink. - CVE-2017-5006: Universal XSS in Blink. - CVE-2017-5008: Universal XSS in Blink. - CVE-2017-5010: Universal XSS in Blink. - CVE-2017-5011: Unauthorised file access in Devtools. - CVE-2017-5009: Out of bounds memory access in WebRTC. - CVE-2017-5012: Heap overflow in V8. - CVE-2017-5013: Address spoofing in Omnibox. - CVE-2017-5014: Heap overflow in Skia. - CVE-2017-5015: Address spoofing in Omnibox. - CVE-2017-5019: Use after free in Renderer. - CVE-2017-5016: UI spoofing in Blink. - CVE-2017-5017: Uninitialised memory access in webm video. - CVE-2017-5018: Universal XSS in chrome://apps. - CVE-2017-5020: Universal XSS in chrome://downloads. - CVE-2017-5021: Use after free in Extensions. - CVE-2017-5022: Bypass of Content Security Policy in Blink. - CVE-2017-5023: Type confusion in metrics. - CVE-2017-5024: Heap overflow in FFmpeg. - CVE-2017-5025: Heap overflow in FFmpeg. - CVE-2017-5026: UI spoofing. * debian/patches/screen_capturer: allow compilation on gcc4 * debian/patches/arm64-support: reenable arm64 * debian/patches/memory-free-assertion-failure: discover memory management assertion failures. * debian/rules: Avoid field trial experiments to get stable code. (closes: LP#1667125) * debian/patches/enable-chromecast-by-default: (LP: #1621753) * debian/rules: no longer use gconf. (LP: #1669100) -- Chad MILLER Wed, 01 Mar 2017 19:32:54 -0500 chromium-browser (55.0.2883.87-0ubuntu0.16.04.1263) UNRELEASED; urgency=medium * debian/rules: Build extra codecs as part of main chromium program, and libre/crippled/h.264less on its own. Seems to make h.264 work again. Weird. * debian/chromium-browser.links: Make link to ./ instead of / to fix path problems that codec-using other apps might see. * Upstream release of 55.0.2883.87: - Change Flash running default to important content only. * debian/chromium-browser.sh.in: Insert the Flash version if empty and detectable. * debian/rules, debian/control: Use gcc/g++ 4.8 to build. * Upstream release of 55.0.2883.75: - CVE-2016-9651: Private property access in V8. - CVE-2016-5208: Universal XSS in Blink. - CVE-2016-5207: Universal XSS in Blink. - CVE-2016-5206: Same-origin bypass in PDFium. - CVE-2016-5205: Universal XSS in Blink. - CVE-2016-5204: Universal XSS in Blink. - CVE-2016-5209: Out of bounds write in Blink. - CVE-2016-5203: Use after free in PDFium. - CVE-2016-5210: Out of bounds write in PDFium. - CVE-2016-5212: Local file disclosure in DevTools. - CVE-2016-5211: Use after free in PDFium. - CVE-2016-5213: Use after free in V8. - CVE-2016-5214: File download protection bypass. - CVE-2016-5216: Use after free in PDFium. - CVE-2016-5215: Use after free in Webaudio. - CVE-2016-5217: Use of unvalidated data in PDFium. - CVE-2016-5218: Address spoofing in Omnibox. - CVE-2016-5219: Use after free in V8. - CVE-2016-5221: Integer overflow in ANGLE. - CVE-2016-5220: Local file access in PDFium. - CVE-2016-5222: Address spoofing in Omnibox. - CVE-2016-9650: CSP Referrer disclosure. - CVE-2016-5223: Integer overflow in PDFium. - CVE-2016-5226: Limited XSS in Blink. - CVE-2016-5225: CSP bypass in Blink. - CVE-2016-5224: Same-origin bypass in SVG - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives * Upstream release of 54.0.2840.100: - CVE-2016-5199: Heap corruption in FFmpeg. - CVE-2016-5200: Out of bounds memory access in V8. - CVE-2016-5201: Info leak in extensions. - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives * Move to using GN to build chromium. - debian/known_gn_gen_args - debian/rules patches * debian/rules, lintians, installs, script: Move component libs out of libs/, to /usr/lib/chromium-browser/ only. * debian/patches/do-not-use-bundled-clang: Use clang from path. * debian/control: Express that binary packages could be on "any" architecture. * debian/control: additionally build-dep on libgtk-3-dev * debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch. * Upstrem release of 54.0.2840.59: - CVE-2016-5181: Universal XSS in Blink. - CVE-2016-5182: Heap overflow in Blink. - CVE-2016-5183: Use after free in PDFium. - CVE-2016-5184: Use after free in PDFium. - CVE-2016-5185: Use after free in Blink. - CVE-2016-5187: URL spoofing. - CVE-2016-5188: UI spoofing. - CVE-2016-5192: Cross-origin bypass in Blink. - CVE-2016-5189: URL spoofing. - CVE-2016-5186: Out of bounds read in DevTools. - CVE-2016-5191: Universal XSS in Bookmarks. - CVE-2016-5190: Use after free in Internals. - CVE-2016-5193: Scheme bypass. - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives * debian/patches/allow-component-build: Hard-code, override release -> no component logic. * debian/known_gyp_flags: Remove old GYP known-flags list. * debian/default-allocator: Insist on not using tcmalloc allocator. * debian/rules: Set LDFLAGS to limit memory usage. * debian/control: Remove extraneous dependencies. -- Chad MILLER Sat, 17 Dec 2016 12:05:53 -0500 chromium-browser (53.0.2785.143-0ubuntu0.16.04.1.1257) xenial-security; urgency=medium * debian/patches/defang-ct-timebomb: backport TLS cert invalidity based on build-time. (LP: #1641380) -- Chad MILLER Mon, 14 Nov 2016 10:06:44 -0500 chromium-browser (53.0.2785.143-0ubuntu0.16.04.1.1254) xenial-security; urgency=medium * Upstream release 53.0.2785.143: - CVE-2016-5177: Use after free in V8. - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 53.0.2785.113: - CVE-2016-5170: Use after free in Blink. - CVE-2016-5171: Use after free in Blink. - CVE-2016-5172: Arbitrary Memory Read in v8. - CVE-2016-5173: Extension resource access. - CVE-2016-5174: Popup not correctly suppressed. - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/gsettings-display-scaling, debian/patches/display-scaling-default-value, reenable DPI scaling taken from dconf. * debian/rules: explicitly set target arch for arm64. * debian/control, debian/rules: re-add -dbg transitional packages. * Upstream release 53.0.2785.89: - CVE-2016-5147: Universal XSS in Blink. - CVE-2016-5148: Universal XSS in Blink. - CVE-2016-5149: Script injection in extensions. - CVE-2016-5150: Use after free in Blink. - CVE-2016-5151: Use after free in PDFium. - CVE-2016-5152: Heap overflow in PDFium. - CVE-2016-5153: Use after destruction in Blink. - CVE-2016-5154: Heap overflow in PDFium. - CVE-2016-5155: Address bar spoofing. - CVE-2016-5156: Use after free in event bindings. - CVE-2016-5157: Heap overflow in PDFium. - CVE-2016-5158: Heap overflow in PDFium. - CVE-2016-5159: Heap overflow in PDFium. - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. - CVE-2016-5163: Address bar spoofing. - CVE-2016-5164: Universal XSS using DevTools. - CVE-2016-5165: Script injection in DevTools. - CVE-2016-5166: SMB Relay Attack via Save Page As. - CVE-2016-5160: Extensions web accessible resources bypass. - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/cups-include-deprecated-ppd, debian/rules: include cups functions. * debian/rules, debian/control: Force using gcc-5 compiler. * Use system libraries for expat, speex, zlib, opus, png, jpeg. * Also build for arm64 architecture. * Don't compile in cups support by default on all architectures. * debian/control: remvove build-dep on clang. * debian/patches/linux45-madvfree: If MADV_FREE is not defined, do not allow it in sandbox filter. Also, undefine it so we don't use MADV_FREE and thereby depend on it at runtime. * debian/rules: Use gold ld to link. * debian/rules: Kill delete-null-pointer-checks. In the javascript engine, we can not assume a memory access to address zero always results in a trap. * debian/patches/series, debian/rules: Re-enable widevine component. -- Chad MILLER Fri, 16 Sep 2016 12:56:44 -0400 chromium-browser (52.0.2743.116-0ubuntu0.16.04.1.1250) xenial-security; urgency=medium * Upstream release 52.0.2743.116: - CVE-2016-5141 Address bar spoofing. - CVE-2016-5142 Use-after-free in Blink. - CVE-2016-5139 Heap overflow in pdfium. - CVE-2016-5140 Heap overflow in pdfium. - CVE-2016-5145 Same origin bypass for images in Blink. - CVE-2016-5143 Parameter sanitization failure in DevTools. - CVE-2016-5144 Parameter sanitization failure in DevTools. - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. * Exclude harfbuzz from system-library use. * Upstream release 52.0.2743.82: - CVE-2016-1706: Sandbox escape in PPAPI. - CVE-2016-1707: URL spoofing on iOS. - CVE-2016-1708: Use-after-free in Extensions. - CVE-2016-1709: Heap-buffer-overflow in sfntly. - CVE-2016-1710: Same-origin bypass in Blink. - CVE-2016-1711: Same-origin bypass in Blink. - CVE-2016-5127: Use-after-free in Blink. - CVE-2016-5128: Same-origin bypass in V8. - CVE-2016-5129: Memory corruption in V8. - CVE-2016-5130: URL spoofing. - CVE-2016-5131: Use-after-free in libxml. - CVE-2016-5132: Limited same-origin bypass in Service Workers. - CVE-2016-5133: Origin confusion in proxy authentication. - CVE-2016-5134: URL leakage via PAC script. - CVE-2016-5135: Content-Security-Policy bypass. - CVE-2016-5136: Use after free in extensions. - CVE-2016-5137: History sniffing with HSTS and CSP. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives * Upstream release 51.0.2704.106 * Upstream release 51.0.2704.103: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. * debian/control: remvove build-dep on clang. * Sync many things from debian: - No longer build remoting, or install its locale files. - Use many system libraries, adding build-dep on - libre2-dev, - yasm, - libopus-dev, - zlib1g-dev, - libspeex-dev, - libspeechd-dev, - libexpat1-dev, - libpng-dev, - libxml2-dev, - libjpeg-dev, - libwebp-dev, - libxslt-dev, - libsrtp-dev, - libjsoncpp-dev, - libevent-dev, - Clean up many parts of debian/rules, wrt variable names - Set hardening on. - Use gold linker. - Disable Google Now. Creepy. Might mean downloads of opaque programs too. - Disable Wallet service. * debian/compat: Use dh version 9. * debian/rules: Improve "cd;foo" logic. * debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes build failures in servers. * debian/rules: Move check steps into install steps. No need to be separate, and simplifies target names. * debian/rules: Make en-us locale files less magical, and simplify install. * debian/rules: Work around change to tar command param order with --exclude. * debian/rules: Don't use tcmalloc on armhf. * debian/rules: Remove precise-specific conditions. More simple. * debian/rules: In install-validation, don't use mktemp. Hard-code destination. * debian/patches/gsettings-display-scaling: Disable because code moved and needs refactoring. * debian/patches/display-scaling-default-value: Disable because probbly not needed any more. * debian/rules: widevine cdm is not really available in this source. No longer lie about that. * Set new GOOG keys to bisect service overuse problem. -- Chad MILLER Wed, 24 Aug 2016 13:30:26 -0400 chromium-browser (51.0.2704.79-0ubuntu0.16.04.1.1242) xenial-security; urgency=medium * Upstream release 51.0.2704.79: - CVE-2016-1696: Cross-origin bypass in Extension bindings. - CVE-2016-1697: Cross-origin bypass in Blink. - CVE-2016-1698: Information leak in Extension bindings. - CVE-2016-1699: Parameter sanitization failure in DevTools. - CVE-2016-1700: Use-after-free in Extensions. - CVE-2016-1701: Use-after-free in Autofill. - CVE-2016-1702: Out-of-bounds read in Skia. - CVE-2016-1703: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 51.0.2704.63: - CVE-2016-1672: Cross-origin bypass in extension bindings. - CVE-2016-1673: Cross-origin bypass in Blink. - CVE-2016-1674: Cross-origin bypass in extensions. - CVE-2016-1675: Cross-origin bypass in Blink. - CVE-2016-1676: Cross-origin bypass in extension bindings. - CVE-2016-1677: Type confusion in V8. - CVE-2016-1678: Heap overflow in V8. - CVE-2016-1679: Heap use-after-free in V8 bindings. - CVE-2016-1680: Heap use-after-free in Skia. - CVE-2016-1681: Heap overflow in PDFium. - CVE-2016-1682: CSP bypass for ServiceWorker. - CVE-2016-1683: Out-of-bounds access in libxslt. - CVE-2016-1684: Integer overflow in libxslt. - CVE-2016-1685: Out-of-bounds read in PDFium. - CVE-2016-1686: Out-of-bounds read in PDFium. - CVE-2016-1687: Information leak in extensions. - CVE-2016-1688: Out-of-bounds read in V8. - CVE-2016-1689: Heap buffer overflow in media. - CVE-2016-1690: Heap use-after-free in Autofill. - CVE-2016-1691: Heap buffer-overflow in Skia. - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. - CVE-2016-1693: HTTP Download of Software Removal Tool. - CVE-2016-1694: HPKP pins removed on cache clearance. - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/blink-platform-export-class: remove patch. Unnecessary. -- Chad MILLER Thu, 26 May 2016 10:54:29 -0400 chromium-browser (50.0.2661.102-0ubuntu0.16.04.1.1237) xenial-security; urgency=medium * Upstream release 50.0.2661.102: - CVE-2016-1667: Same origin bypass in DOM. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. - CVE-2016-1669: Buffer overflow in V8. - CVE-2016-1670: Race condition in loader. - CVE-2016-1671: Directory traversal using the file scheme on Android. * Upstream release 50.0.2661.94: - CVE-2016-1660: Out-of-bounds write in Blink. - CVE-2016-1661: Memory corruption in cross-process frames. - CVE-2016-1662: Use-after-free in extensions. - CVE-2016-1663: Use-after-free in Blink’s V8 bindings. - CVE-2016-1664: Address bar spoofing. - CVE-2016-1665: Information leak in V8. - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 50.0.2661.75: - CVE-2016-1652: Universal XSS in extension bindings. - CVE-2016-1653: Out-of-bounds write in V8. - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. - CVE-2016-1654: Uninitialized memory read in media. - CVE-2016-1655: Use-after-free related to extensions. - CVE-2016-1656: Android downloaded file path restriction bypass. - CVE-2016-1657: Address bar spoofing. - CVE-2016-1658: Potential leak of sensitive information to malicious extensions. - CVE-2015-1659: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/seccomp-allow-set-robust-list: pass through syscall set_robust_list. glibc nptl thread creation uses it. * debian/rules: use new libsecret way of contacting keyring. * debian/patches/blink-platform-export-class: avoid Trusty bug where WebKit Platform class vtable not found at link time. * debian/apport/chromium-browser.py: Handle case when crash and no chromium directory exists. Still report errors in apport. -- Chad MILLER Fri, 13 May 2016 10:52:23 -0400 chromium-browser (49.0.2623.108-0ubuntu1.1233) xenial; urgency=medium * Upstream release 49.0.2623.108: - CVE-2016-1646: Out-of-bounds read in V8. - CVE-2016-1647: Use-after-free in Navigation. - CVE-2016-1648: Use-after-free in Extensions. - CVE-2016-1649: Buffer overflow in libANGLE. - CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.33). -- Chad MILLER Thu, 24 Mar 2016 16:52:52 -0400 chromium-browser (49.0.2623.87-0ubuntu1.1232) xenial; urgency=medium * debian/patches/system-xdg-settings: Insist on using system xdg utilities. * Upstream release 49.0.2623.87: - CVE-2016-1643: Type confusion in Blink. - CVE-2016-1644: Use-after-free in Blink. - CVE-2016-1645: Out-of-bounds write in PDFium. * Upstream release 49.0.2623.75: - CVE-2016-1630: Same-origin bypass in Blink. - CVE-2016-1631: Same-origin bypass in Pepper Plugin. - CVE-2016-1632: Bad cast in Extensions. - CVE-2016-1633: Use-after-free in Blink. - CVE-2016-1634: Use-after-free in Blink. - CVE-2016-1635: Use-after-free in Blink. - CVE-2016-1636: SRI Validation Bypass. - CVE-2015-8126: Out-of-bounds access in libpng. - CVE-2016-1637: Information Leak in Skia. - CVE-2016-1638: WebAPI Bypass. - CVE-2016-1639: Use-after-free in WebRTC. - CVE-2016-1640: Origin confusion in Extensions UI. - CVE-2016-1641: Use-after-free in Favicon. - CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch (currently 4.9.385.26). * debian/rules: No longer fabricate snap package as side effect. * debian/control: build-dep on libffi-dev, mesa-common-dev. * debian/patches/format-flag: Remove patch. -- Chad MILLER Tue, 15 Mar 2016 09:42:48 -0400 chromium-browser (48.0.2564.116-0ubuntu1.1229) xenial; urgency=medium * Upstream release 48.0.2564.109: - CVE-2016-1622: Same-origin bypass in Extensions. - CVE-2016-1623: Same-origin bypass in DOM. - CVE-2016-1624: Buffer overflow in Brotli. - CVE-2016-1625: Navigation bypass in Chrome Instant. - CVE-2016-1626: Out-of-bounds read in PDFium. - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 48.0.2564.116: - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. -- Chad MILLER Thu, 18 Feb 2016 17:55:30 -0500 chromium-browser (48.0.2564.82-0ubuntu1.1222) xenial; urgency=medium * Upstream release 48.0.2564.82: - CVE-2016-1612: Bad cast in V8. - CVE-2016-1613: Use-after-free in PDFium. - CVE-2016-1614: Information leak in Blink. - CVE-2016-1615: Origin confusion in Omnibox. - CVE-2016-1616: URL Spoofing. - CVE-2016-1617: History sniffing with HSTS and CSP. - CVE-2016-1618: Weak random number generator in Blink. - CVE-2016-1619: Out-of-bounds read in PDFium. - CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17). -- Chad MILLER Thu, 21 Jan 2016 08:39:10 -0500 chromium-browser (47.0.2526.106-0ubuntu1) xenial; urgency=medium * Upstream release 47.0.2526.106: - CVE-2015-6792: Fixes from internal audits and fuzzing. * Upstream release 47.0.2526.80: - CVE-2015-6788: Type confusion in extensions. - CVE-2015-6789: Use-after-free in Blink. - CVE-2015-6790: Escaping issue in saved pages. - CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23). * debian/rules: Don't use bundled binutils. Remove execute bits on programs so we can be sure they aren't run. -- Chad MILLER Tue, 15 Dec 2015 19:33:00 -0500 chromium-browser (47.0.2526.73-0ubuntu1.1218) xenial; urgency=medium * Upstream release 47.0.2526.73: - CVE-2015-6765: Use-after-free in AppCache. - CVE-2015-6766: Use-after-free in AppCache. - CVE-2015-6767: Use-after-free in AppCache. - CVE-2015-6768: Cross-origin bypass in DOM. - CVE-2015-6769: Cross-origin bypass in core. - CVE-2015-6770: Cross-origin bypass in DOM. - CVE-2015-6771: Out of bounds access in v8. - CVE-2015-6772: Cross-origin bypass in DOM. - CVE-2015-6764: Out of bounds access in v8. - CVE-2015-6773: Out of bounds access in Skia. - CVE-2015-6774: Use-after-free in Extensions. - CVE-2015-6775: Type confusion in PDFium. - CVE-2015-6776: Out of bounds access in PDFium. - CVE-2015-6777: Use-after-free in DOM. - CVE-2015-6778: Out of bounds access in PDFium. - CVE-2015-6779: Scheme bypass in PDFium. - CVE-2015-6780: Use-after-free in Infobars. - CVE-2015-6781: Integer overflow in Sfntly. - CVE-2015-6782: Content spoofing in Omnibox. - CVE-2015-6783: Signature validation issue in Android Crazy Linker. - CVE-2015-6784: Escaping issue in saved pages. - CVE-2015-6785: Wildcard matching issue in CSP. - CVE-2015-6786: Scheme bypass in CSP. - CVE-2015-6787: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch (currently 4.7.80.23). * Upstream release 46.0.2490.86: - CVE-2015-1302: Information leak in PDF viewer. * Upstream release 46.0.2490.71: - CVE-2015-6755: Cross-origin bypass in Blink. - CVE-2015-6756: Use-after-free in PDFium. - CVE-2015-6757: Use-after-free in ServiceWorker. - CVE-2015-6758: Bad-cast in PDFium. - CVE-2015-6759: Information leakage in LocalStorage. - CVE-2015-6760: Improper error handling in libANGLE. - CVE-2015-6761: Memory corruption in FFMpeg. - CVE-2015-6762: CORS bypass via CSS fonts. - CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/gpu-hangs: remove. Not useful. * Switch to Clang to compile. * debian/rules: Explicitly create remoting resources. * debian/patches/cr46-missing-test-files: * debian/rules: support screen sharing in Hangouts. * debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer local xdg-settings. * debian/chromium-browser.desktop: Don't override WM class matching. -- Chad MILLER Tue, 01 Dec 2015 15:37:11 -0500 chromium-browser (45.0.2454.101-0ubuntu1.1201) wily; urgency=medium * Upstream release 45.0.2454.101: - CVE-2015-1303: Cross-origin bypass in DOM. - CVE-2015-1304: Cross-origin bypass in V8. * debian/tests/testdata/xx-test-tool-is-functional-if-this-prints-functional.sikuli Only use GUI test tool to test IF it works on its own. If it is broken, don't use that to test chromium. * debian/rules: Include our own "xdg-settings" file until a bug is fixed. * debian/patches/xdg-settings-multiexec-desktopfiles.patch : Locally fix aforementioned bug. More than one Exec line in a destop file (like ours) triggers a bug in badly-written shell code in portland xdg-utils-common.in -- Chad MILLER Tue, 29 Sep 2015 08:06:37 -0400 chromium-browser (45.0.2454.85-0ubuntu1) wily; urgency=medium * Upstream release 45.0.2454.85: - CVE-2015-1291: Cross-origin bypass in DOM. - CVE-2015-1292: Cross-origin bypass in ServiceWorker. - CVE-2015-1293: Cross-origin bypass in DOM. - CVE-2015-1294: Use-after-free in Skia. - CVE-2015-1295: Use-after-free in Printing. - CVE-2015-1296: Character spoofing in omnibox. - CVE-2015-1297: Permission scoping error in WebRequest. - CVE-2015-1298: URL validation error in extensions. - CVE-2015-1299: Use-after-free in Blink. - CVE-2015-1300: Information leak in Blink. - CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/search-credit.patch: Don't add GET param if search URL doesn't already use them. (LP: #1490237) * debian/source/lintian-overrides: Ignore new binaries in orig tar. * debian/patches/disable-sse2: SSE exclusion is smarter now. Re-include. -- Chad MILLER Mon, 14 Sep 2015 20:11:00 -0400 chromium-browser (44.0.2403.89-0ubuntu1.1195) wily; urgency=medium * Upstream release 44.0.2403.89: (LP: #1477662) - CVE-2015-1271: Heap-buffer-overflow in pdfium. - CVE-2015-1273: Heap-buffer-overflow in pdfium. - CVE-2015-1274: Settings allowed executable files to run immediately after download. - CVE-2015-1275: UXSS in Chrome for Android. - CVE-2015-1276: Use-after-free in IndexedDB. - CVE-2015-1279: Heap-buffer-overflow in pdfium. - CVE-2015-1280: Memory corruption in skia. - CVE-2015-1281: CSP bypass. - CVE-2015-1282: Use-after-free in pdfium. - CVE-2015-1283: Heap-buffer-overflow in expat. - CVE-2015-1284: Use-after-free in blink. - CVE-2015-1286: UXSS in blink. - CVE-2015-1287: SOP bypass with CSS. - CVE-2015-1270: Uninitialized memory read in ICU. - CVE-2015-1272: Use-after-free related to unexpected GPU process termination. - CVE-2015-1277: Use-after-free in accessibility. - CVE-2015-1278: URL spoofing using pdf files. - CVE-2015-1285: Information leak in XSS auditor. - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. - CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a first-class component library now, not a special snowflake. Still, build it differently, but build flags are different. * debian/tests/smoketest-actual: Remove some innocuous mentions of "error" before testing for actual errors. * debian/control: codec library packages replace the libffmpeg.so that was in chromium packages before now. * debian/control: codec packages can't reasonably be updated separately than chromium. Depend with version specification also. -- Chad MILLER Tue, 28 Jul 2015 11:19:11 -0400 chromium-browser (43.0.2357.130-0ubuntu1.1188) wily; urgency=medium * Upstream release 43.0.2357.130: - CVE-2015-1266: Scheme validation error in WebUI. - CVE-2015-1268: Cross-origin bypass in Blink. - CVE-2015-1267: Cross-origin bypass in Blink. - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. * debian/tests/smoketest-actual: Capture web-server log so we can get port and test retreival. Fixes autopkgtest failures. * debian/patches/widevine-other-locations: Search Chrome install location to find widevine plugins. * Reenable GPU usage on Wily only. Silent disabling is probably a bad idea. On all other distros, default to off, but don't blacklist. * Use new Flash plugin name in apport collector. -- Chad MILLER Mon, 29 Jun 2015 15:54:16 -0400 chromium-browser (43.0.2357.81-0ubuntu2) wily; urgency=medium * Test fixes. * debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11 which are required by the testsuite. * debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so that the test can read these. -- Iain Lane Wed, 24 Jun 2015 13:40:23 +0100 chromium-browser (43.0.2357.81-0ubuntu1.1179) wily; urgency=medium * Upstream release 43.0.2357.81. - "Icons not displaying properly on Linux" (LP: #1449063) * Upstream release 43.0.2357.65: - CVE-2015-1252: Sandbox escape in Chrome. - CVE-2015-1253: Cross-origin bypass in DOM. - CVE-2015-1254: Cross-origin bypass in Editing. - CVE-2015-1255: Use-after-free in WebAudio. - CVE-2015-1256: Use-after-free in SVG. - CVE-2015-1251: Use-after-free in Speech. - CVE-2015-1257: Container-overflow in SVG. - CVE-2015-1258: Negative-size parameter in Libvpx. - CVE-2015-1259: Uninitialized value in PDFium. - CVE-2015-1260: Use-after-free in WebRTC. - CVE-2015-1261: URL bar spoofing. - CVE-2015-1262: Uninitialized value in Blink. - CVE-2015-1263: Insecure download of spellcheck dictionary. - CVE-2015-1264: Cross-site scripting in bookmarks. - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21). * debian/patches/display-scaling-report-hardware-info: removed, unnecessary. * debian/patches/coordinate-space-map: removed, unnecessary. * debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until ARM works. * debian/chromium-browser.sh.in: Add --verbose to get logging info. * debian/patches/{notifications-nicer,mir-support}: disable unnecessary patches. * debian/control, debian/chromium-browser.sh.in: Prompt nothing about Flash plugin. Send Help clicks to Wiki instead. -- Chad MILLER Mon, 01 Jun 2015 15:29:04 -0400 chromium-browser (42.0.2311.135-1ubuntu1) UNRELEASED; urgency=medium * Upstream release 42.0.2311.135: - CVE-2015-1243: Use-after-free in DOM. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 42.0.2311.90: - CVE-2015-1235: Cross-origin-bypass in HTML parser. - CVE-2015-1236: Cross-origin-bypass in Blink. - CVE-2015-1237: Use-after-free in IPC. - CVE-2015-1238: Out-of-bounds write in Skia. - CVE-2015-1240: Out-of-bounds read in WebGL. - CVE-2015-1241: Tap-Jacking. - CVE-2015-1242: Type confusion in V8. - CVE-2015-1244: HSTS bypass in WebSockets. - CVE-2015-1245: Use-after-free in PDFium. - CVE-2015-1247: Scheme issues in OpenSearch. - CVE-2015-1248: SafeBrowsing bypass. * Upstream release 41.0.2272.118: - CVE-2015-1233: A special thanks to Anonymous for a combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2015-1234: Buffer overflow via race condition in GPU. * Change assumed X-resource DPI from 108 to 96. That's closer to 100. * Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val nonzero on failure. * debian/generate-snappy.mk, debian/rules: Start to generate snap packages if available. * debian/chromium-browser.sh.in: Test for /etc/ dir before listing it. * debian/chromium-browser.sh.in, debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users to update flash player. * debian/chromium-browser-etc-customizations-flash-staleness: Pass only one flash-player start param to chromium. Prefer the new one. * debian/patches/arm-neon.patch: exclude new armv7=neon assumptions. * debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all contribute to the largest crash report in errors.ubuntu.com. Let's disable GPUs for now. * debian/chromium-browser.sh.in: Presence of old Flash is not a reason to suggest new plugin. If new plugin exists, be silent. Do not rely on new plugin to Conflicts and remove all the old bad ones. * debian/patches/enable_vaapi_on_linux.diff: Enable video acceleration library. * debian/patches/fix_building_widevinecdm_with_chromium.patch: If exterior-sourced widevine library exists at run-time, use it. -- Chad MILLER Mon, 04 May 2015 12:09:02 -0400 chromium-browser (41.0.2272.76-0ubuntu1.1134) vivid; urgency=medium * Upstream release 41.0.2272.76: - CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213: Out-of-bounds write in skia filters. - CVE-2015-1214: Out-of-bounds write in skia filters. - CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer overflow in webgl. - CVE-2015-1220: Use-after-free in gif decoder. - CVE-2015-1221: Use-after-free in web databases. - CVE-2015-1222: Use-after-free in service workers. - CVE-2015-1223: Use-after-free in dom. - CVE-2015-1230: Type confusion in v8. - CVE-2015-1224: Out-of-bounds read in vpxdecoder. - CVE-2015-1225: Out-of-bounds read in pdfium. - CVE-2015-1226: Validation issue in debugger. - CVE-2015-1227: Uninitialized value in blink. - CVE-2015-1228: Uninitialized value in rendering. - CVE-2015-1229: Cookie injection via proxies. - CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 40.0.2214.115. * debian/patches/coordinate-space-map: Backport v43 and unofficial coordinate mapping to fix some high-dpi problems in popup menu placement. * debian/apport/chromium-browser.py: Simplify. Use more standard functions from apport utility. Add CPU usage information. Add bargraph of "running" processes, so bugpatterns can sort away busy machines, and then classify remainder according to procline "gpu-vendor=id" param. * debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the GPU is really hung, the extra time matters little. It's probably not recoverable. Reviews of apport reports find no common thread among GPUs vendors. Notes at crbug.com/221882 suggest busy CPUs could trigger hang. Will additionally use apport bugpatterns to comb dmesg for actual crashes and route to specific GPU-driver bugs. -- Chad MILLER Wed, 04 Mar 2015 10:25:03 -0500 chromium-browser (40.0.2214.111-0ubuntu1) vivid; urgency=medium * Upstream release 40.0.2214.111: - CVE-2015-1209: Use-after-free in DOM. - CVE-2015-1210: Cross-origin-bypass in V8 bindings. - CVE-2015-1211: Privilege escalation using service workers. - CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives. -- Chad MILLER Fri, 06 Feb 2015 09:38:15 -0500 chromium-browser (40.0.2214.94-0ubuntu1) vivid; urgency=medium * Upstream release 40.0.2214.94. * Upstream release 40.0.2214.93. * Upstream release 40.0.2214.91. (LP: #1414753) - CVE-2014-7923: Memory corruption in ICU. - CVE-2014-7924: Use-after-free in IndexedDB. - CVE-2014-7925: Use-after-free in WebAudio. - CVE-2014-7926: Memory corruption in ICU. - CVE-2014-7927: Memory corruption in V8. - CVE-2014-7928: Memory corruption in V8. - CVE-2014-7930: Use-after-free in DOM. - CVE-2014-7931: Memory corruption in V8. - CVE-2014-7929: Use-after-free in DOM. - CVE-2014-7932: Use-after-free in DOM. - CVE-2014-7933: Use-after-free in FFmpeg. - CVE-2014-7934: Use-after-free in DOM. - CVE-2014-7935: Use-after-free in Speech. - CVE-2014-7936: Use-after-free in Views. - CVE-2014-7937: Use-after-free in FFmpeg. - CVE-2014-7938: Memory corruption in Fonts. - CVE-2014-7939: Same-origin-bypass in V8. - CVE-2014-7940: Uninitialized-value in ICU. - CVE-2014-7941: Out-of-bounds read in UI. - CVE-2014-7942: Uninitialized-value in Fonts. - CVE-2014-7943: Out-of-bounds read in Skia. - CVE-2014-7944: Out-of-bounds read in PDFium. - CVE-2014-7945: Out-of-bounds read in PDFium. - CVE-2014-7946: Out-of-bounds read in Fonts. - CVE-2014-7947: Out-of-bounds read in PDFium. - CVE-2014-7948: Caching error in AppCache. * debian/patch/search-credit: Don't force client in GOOG suggestions search. (LP: #1398900) * debian/patches/dri3-within-sandbox: Backport V41 sandbox, fixing DRI3. (LP: #1378627) * debian/patches/macro-templates-not-match: Remove. No longer necessary. * debian/patches/arm-neon.patch: Kill armv7=neon assumption. Fix typos. * debian/rules: chrpath for all packages. (LP: #1415555) -- Chad MILLER Fri, 30 Jan 2015 15:48:09 -0500 chromium-browser (39.0.2171.65-0ubuntu1.1103) vivid; urgency=medium * Upstream release 39.0.2171.65: - CVE-2014-7899: Address bar spoofing. - CVE-2014-7900: Use-after-free in pdfium. - CVE-2014-7901: Integer overflow in pdfium. - CVE-2014-7902: Use-after-free in pdfium. - CVE-2014-7903: Buffer overflow in pdfium. - CVE-2014-7904: Buffer overflow in Skia. - CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. - CVE-2014-7906: Use-after-free in pepper plugins. - CVE-2014-0574: Double-free in Flash. - CVE-2014-7907: Use-after-free in blink. - CVE-2014-7908: Integer overflow in media. - CVE-2014-7909: Uninitialized memory read in Skia. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/search-credit.patch: Include "client" in google search prepopulated template's parameters. * debian/tests/testdata/9-search-credit.sikuli: Verify search URL has parameter. * debian/source/lintian-overrides: Ignore android tools we don't use. * debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we configure to have no symbols in builder (because they are humongous otherwise). * debian/control: Bump standards version. Version dep "bash". Remove duplicate language from package descriptions. * debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test for dead NPAPI unity-webapps extension. -- Chad MILLER Sat, 22 Nov 2014 14:06:34 -0500 chromium-browser (38.0.2125.111-0ubuntu1.1103) vivid; urgency=medium * Upstream release 38.0.2125.111. * Upstream release 38.0.2125.104. * Upstream release 38.0.2125.101: (LP: #1310163) - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2014-3189: Out-of-bounds read in PDFium. - CVE-2014-3190: Use-after-free in Events. - CVE-2014-3191: Use-after-free in Rendering. - CVE-2014-3192: Use-after-free in DOM. - CVE-2014-3193: Type confusion in Session Management. - CVE-2014-3194: Use-after-free in Web Workers. - CVE-2014-3195: Information Leak in V8. - CVE-2014-3196: Permissions bypass in Windows Sandbox. - CVE-2014-3197: Information Leak in XSS Auditor. - CVE-2014-3198: Out-of-bounds read in PDFium. - CVE-2014-3199: Release Assert in V8 bindings. - CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). * debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy. * Make the verification step in clean make more compare-able output. * debian/patches/configuration-directory.patch: Account for new location of policies directory in /etc . Change back. (LP: #1373802) * debian/patches/lp-translations-paths: Map old third_party filenames to new name after processor compiles. * debian/rules: Fix patch-translations rule, workflow. * debian/patches/macro-templates-not-match: Anonymous struct isn't sizable. * debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS, which has never worked. (LP: #1381644) * debian/patches/disable-sse: Disable more SSE #includes. * debian/rules: Omit unnecessary files from packaging. * debian/chromium-browser.sh.in: Fix variable name bug and suggest ~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS. * debian/patches/5-desktop-integration-settings.patch: Adapt to new settings APIs. -- Chad MILLER Wed, 15 Oct 2014 14:22:55 -0400 chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low * Upstream release 37.0.2062.120: - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. - CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Simplify and rearrange. * debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags, so we can fail when something changes unexpectedly. * debian/rules: Fix up patch-translations rule. -- Chad MILLER Mon, 15 Sep 2014 14:16:06 -0400 chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low * Upstream release 37.0.2062.94. - CVE-2014-3165: Use-after-free in Blink websockets. - CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3168: Use-after-free in SVG. - CVE-2014-3169: Use-after-free in DOM. - CVE-2014-3170: Extension permission dialog spoofing. - CVE-2014-3171: Use-after-free in bindings. - CVE-2014-3172: Issue related to extension debugging. - CVE-2014-3173: Uninitialized memory read in WebGL. - CVE-2014-3174: Uninitialized memory read in Web Audio. - CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync API, and Google V8 to execute arbitrary code. * Fix a shell bug in the binary-wrapper that prevented USER flags from working properly. * debian/control: Suggests chromiumflashplugin . * debian/apport: Significant cleanup. * debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs. (LP: #1353185) * debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball. * debian/patches/*: refresh line numbers. * debian/patches/search-credit.patch, debian/patches/additional-search-engines.patch: Track source files moved. * debian/patches/ffmpeg-gyp-config.patch, debian/patches/fix-gyp-space-in-object-filename-exception.patch, debian/patches/gyp-icu-m32-test: Disabled. No longer needs fixing. * debian/control: build-dep on openssl. * debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86. (LP: #1353185) * debian/rules: Use built-in PDF support. (LP: #513745, #1009902) -- Chad MILLER Fri, 29 Aug 2014 12:55:03 -0400 chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low * Upstream release 36.0.1985.143: - CVE-2014-3165: Use-after-free in web sockets. - CVE-2014-3166: Information disclosure in SPDY. - CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules: Avoid some unnecessary warning of invalid mv. * debian/control: Build-depends on libxkbcommon-dev. * debian/rules: Don't use tcmalloc on i386. * debian/control, debian/rules: Build-dep on, and use, compiler 4.8 toolchain, since 4.9 seems to be broken. * debian/control: Don't have (unused) shlibs-depends on -dbg packages and non-binary packages. * debian/chromium-browser-codecs-ffmpeg-extra.dirs, debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused. * debian/chromium-browser.lintian-overrides, debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides, debian/chromium-codecs-ffmpeg-extra.lintian-overrides, debian/chromium-codecs-ffmpeg.lintian-overrides, debian/source/lintian-overrides: Add lintian overrides. -- Chad MILLER Tue, 19 Aug 2014 14:57:03 -0400 chromium-browser (36.0.1985.125-0ubuntu2) utopic; urgency=low * Upstream release 36.0.1985.125: - CVE-2014-3160: Same-Origin-Policy bypass in SVG. - CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. * debian/patches/*: Moved more gtk related changes to aura code. * debian/control: Build-dep version of ninja-build should be recent. * debian/patches/gyp-icu-m32-test: Smarter g++ test, no "echo |bad". * Skip version -0ubuntu1 because Trusty postdates it. -- Chad MILLER Thu, 07 Aug 2014 17:22:20 -0400 chromium-browser (35.0.1916.153-0ubuntu1) utopic; urgency=low * debian/patches/display-scaling-default-value: Make default scale 1:1 when no gsettings information is available. (LP: #1302155) * debian/patches/title-bar-default-system.patch-v34: Make window title-bar frame default to system-provided instead of custom. Again. * debian/patches/fix-gyp-space-in-object-filename-exception.patch: Make is deprecated, and not well supported, but we still need it. * debian/chromium-browser.sh.in, debian/chromium-browser.dirs: Speed up chromium startup by avoiding execution of unnecessary programs for real this time, and also, add a place in /etc for other packages to hook into chromium safely. * debian/chromium-browser-customization-example, debian/chromium-browser.sh.in: Add support for better customization of chromium by other packages. Files in /etc/chromium-browser/customizations/ are sourced at startup time. * debian/patches/notifications-nicer: Make buggy background-mode processes off by default. * 7-npapi-permission-not-defaults-to-unauthorized.patch: Fix misapplication. Put inside linux test, not chromeos test. * Upstream release 35.0.1916.153. * Upstream release 34.0.1847.137: - CVE-2014-1740: Use-after-free in WebSockets. - CVE-2014-1741: Integer overflow in DOM ranges. - CVE-2014-1742: Use-after-free in editing. * Upstream release 35.0.1916.114: - CVE-2014-1743: Use-after-free in styles. - CVE-2014-1744: Integer overflow in audio. - CVE-2014-1745: Use-after-free in SVG. - CVE-2014-1746: Out-of-bounds read in media filters. - CVE-2014-1747: UXSS with local MHTML file. - CVE-2014-1748: UI spoofing with scrollbar. - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. * debian/rules: Re-enable SSE for x86. * debian/control: Add build-dep on libkrb5-dev. * debian/patches/gyp-make-generator-reenabled. * Reenable webapps patches 3,5,6,7. * Remove old, unnecessary files, debian/cdbs, debian/cdbs/scons.mk, debian/cdbs/tarball.mk, debian/enable-dist-patches.pl, debian/keep-alive.sh * Remove OS condition in webapps desktop integration patches. We know the OS. -- Chad MILLER Mon, 14 Jul 2014 13:21:47 -0400 chromium-browser (34.0.1847.116-0ubuntu2) trusty; urgency=medium * Don't recommend pepperflashplugin-nonfree, which is in multiverse. (LP: #1307606) -- Iain Lane Mon, 14 Apr 2014 17:43:53 +0100 chromium-browser (34.0.1847.116-0ubuntu1) trusty; urgency=low * New upstream release 34.0.1847.116: - CVE-2014-1716: UXSS in V8. - CVE-2014-1717: OOB access in V8. - CVE-2014-1718: Integer overflow in compositor. - CVE-2014-1719: Use-after-free in web workers. - CVE-2014-1720: Use-after-free in DOM. - CVE-2014-1721: Memory corruption in V8. - CVE-2014-1722: Use-after-free in rendering. - CVE-2014-1723: Url confusion with RTL characters. - CVE-2014-1724: Use-after-free in speech. - CVE-2014-1725: OOB read with window property. - CVE-2014-1726: Local cross-origin bypass. - CVE-2014-1727: Use-after-free in forms. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. + Now ignores "autocomplete=off" in web forms. (LP: #1294325) * debian/rules: Enable high-DPI. Enable touch support. These require using Aura toolkit. * debian/patches/gsettings-display-scaling: Get scaling factor from gsettings. * debian/patches/touch: Enable touch on XInput2 slave pointer touch devices. * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir matching our version, then use version dir as the new lib dir. This is an attempto to mitigate version upgrade hangs. * debian/chromium-browser.sh.in: Add a command line parameter to diasble pinch gestures. * debian/patches/display-scaling-default-value: Set default scaling to 1 on hardware, because hardware often lies, but should be recoverable at 1:1. * debian/patches/display-scaling-report-hardware-info: Log hardware reports. * debian/rules: Emit messages on a timer to prevent dumb build-bots from killing long, silent linker stages. * debian/control: Add libexif-dev, libgcrypt-dev to build-deps. * debian/control: Drop Recommend x11-xserver-utils, x11-utils . * debian/control: Add libexif-dev to build-deps. * debian/apport/chromium-browser.py: Convert encoded bytes to str before splitting. Converting these to str at all is wrong, though. * debian/patches/flash-redirection: Redirect Flash installation through Ubuntu wiki for better user experience. * debian/patches/clipboard: Backport a few bug fixes. * debian/patches/title-bar-default-system.patch-v34: Temporarily disable system menu default to avoid window initial placement that doesn't take into consideration the title bar. -- Chad MILLER Mon, 14 Apr 2014 12:45:38 -0400 chromium-browser (33.0.1750.152-0ubuntu1) trusty; urgency=low * debian/rules: Enable high-DPI. Enable touch support. May not work on all devices yet. * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir matching our version, then use version dir as the new lib dir. This is an attempto to mitigate version upgrade hangs. * debian/rules: Move log-removal into the section for "release" builds only. * Upstream release 33.0.1750.152: - CVE-2014-1713: Code execution outside sandbox. Use-after-free in Blink bindings. - CVE-2014-1714: Code execution outside sandbox. Windows clipboard vulnerability. - CVE-2014-1705: Code execution outside sandbox. Memory corruption in V8. - CVE-2014-1715: Code execution outside sandbox. Directory traversal issue. * Upstream release 33.0.1750.149: - CVE-2014-1700: Use-after-free in speech. - CVE-2014-1701: UXSS in events. - CVE-2014-1702: Use-after-free in web database. - CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18. * Upstream release 33.0.1750.115. * Upstream release 33.0.1750.146. - CVE-2013-6663: Use-after-free in svg images. - CVE-2013-6664: Use-after-free in speech recognition. - CVE-2013-6665: Heap buffer overflow in software rendering. - CVE-2013-6666: Chrome allows requests in flash header request. - CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10. * Add a token to get search credit at Baidu. * debian/rules, debian/control: Switch to using ninja instead of make to build. Switch from CDBS to dh. Remove many old hacks. * debian/patches/disable_gn.patch: disable broken GN before build. Temporary hack. * debian/chromium-browser.{postinst,prerm}, add debhelper token. * debian/rules: Split compare function into arch-dep and arch-indep versions, since they check different things. * debian/rules: Use actual upstream orig tarball. * debian/control: build-dep on coreutils so we can print the checksums, too. -- Chad MILLER Sat, 15 Mar 2014 15:57:19 -0400 chromium-browser (32.0.1700.107-0ubuntu1) trusty; urgency=low * Upstream release 32.0.1700.107. -- Chad MILLER Mon, 03 Feb 2014 23:55:12 +0000 chromium-browser (32.0.1700.102-0ubuntu1) trusty; urgency=low * Upstream release 32.0.1700.102: - CVE-2013-6649: Use-after-free in SVG images. - CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. -- Chad MILLER Tue, 28 Jan 2014 13:49:14 -0500 chromium-browser (32.0.1700.77-0ubuntu1) trusty; urgency=low * Upstream release 32.0.1700.77: (LP: #1269387) - Tab indicators for sound, webcam and casting - Automatically blocking malware files - A number of new apps/extension APIs - Lots of under the hood changes for stability and performance - CVE-2013-6646: Use-after-free in web workers. - CVE-2013-6641: Use-after-free related to forms. - CVE-2013-6642: Address bar spoofing in Chrome for Android. - CVE-2013-6643: Unprompted sync with an attacker’s Google account. - CVE-2013-6645: Use-after-free related to speech input elements. - CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives. * Re-merged webapps patches. * debian/control: add build-deps for libdrm-dev, libcap-dev -- Chad MILLER Mon, 27 Jan 2014 17:26:13 -0500 chromium-browser (31.0.1650.63-0ubuntu1) trusty; urgency=low * New release 31.0.1650.63: - CVE-2013-6634: Session fixation in sync related to 302 redirects. - CVE-2013-6635: Use-after-free in editing. - CVE-2013-6636: Address bar spoofing related to modal dialogs. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. - CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. - CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. -- Chad MILLER Wed, 04 Dec 2013 12:45:36 -0500 chromium-browser (31.0.1650.57-0ubuntu3) trusty; urgency=low * debian/control: Drop libnss version number in Depends. We only need to recompile. (LP: #1251454) -- Chad MILLER Mon, 02 Dec 2013 11:48:58 -0500 chromium-browser (31.0.1650.57-0ubuntu2) trusty; urgency=low * debian/apport/chromium-browser.py: Include dmesg events mentioning chromium in apport reports. * debian/control: Abandon nss transitional package as Dependency, and add real package with epoch version number. -- Chad MILLER Tue, 26 Nov 2013 07:34:31 -0500 chromium-browser (31.0.1650.57-0ubuntu1) trusty; urgency=low * New release 31.0.1650.57: - CVE-2013-6632: Multiple memory corruption issues. * New release 31.0.1650.48: (LP: #1250579) - CVE-2013-6621: Use after free related to speech input elements. - CVE-2013-6622: Use after free related to media elements. - CVE-2013-6623: Out of bounds read in SVG. - CVE-2013-6624: Use after free related to "id" attribute strings. - CVE-2013-6625: Use after free in DOM ranges. - CVE-2013-6626: Address bar spoofing related to interstitial warnings. - CVE-2013-6627: Out of bounds read in HTTP parsing. - CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. - CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. - CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. - CVE-2013-6631: Use after free in libjingle. * debian/chromium-chromedriver.install: Drop unsupported, broken old chromedriver v1 and add chromedriver2. * Update webapps patches. * Disable chromedriver testing until the new server-test client dependencies are figured out. * Drop base_unittests and automated_ui_tests build and automatic test and from installation exclusion. * Include wildcat package 'pepflashplugin-nonfree' in apport reportting. -- Chad MILLER Mon, 18 Nov 2013 10:52:14 -0500 chromium-browser (30.0.1599.114-0ubuntu1) trusty; urgency=low * debian/patches/menu-bar-visible.patch: Don't treat object as object reference. * debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem introduced in menu-bar-visible patch. * debian/rules: Fix typo of Precise conditional. * Test the compiler for "-m32" support as the canonical test of support. Only a problem on ARM. * debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make SIGSYS handler in sandbox safe and never call itself. (LP: #1195797) * debian/rules, debian/control: Use standard hardening flags, not hardening-wrapper. * debian/control: Build-depend on binutils, which already includes gold linker. * debian/control: Drop some unused build-deps: autotools-dev, binutils, flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64], libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev, libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev, libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev, libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev, patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev, * debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes tab titles disappear due to a pango bug. * debian/tests/control: Drop Depends on obselete package libunity-webapps-chromium. -- Chad MILLER Sun, 27 Oct 2013 13:08:11 -0400 chromium-browser (30.0.1599.114-0ubuntu0.13.10.1) saucy-updates; urgency=low * New release 30.0.1599.114. * New release 30.0.1599.101: - CVE-2013-2925: Use after free in XHR. - CVE-2013-2926: Use after free in editing. - CVE-2013-2927: Use after free in forms. * New release 29.0.1547.76. * New release 30.0.1599.66: - CVE-2013-2906: Races in Web Audio. - CVE-2013-2907: Out of bounds read in Window.prototype object. - CVE-2013-2908: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2909: Use after free in inline-block rendering. - CVE-2013-2910: Use-after-free in Web Audio. - CVE-2013-2911: Use-after-free in XSLT. - CVE-2013-2912: Use-after-free in PPAPI. - CVE-2013-2913: Use-after-free in XML document parsing. - CVE-2013-2914: Use after free in the Windows color chooser dialog. - CVE-2013-2915: Address bar spoofing via a malformed scheme. - CVE-2013-2916: Address bar spoofing related to the “204 No Content” status code. - CVE-2013-2917: Out of bounds read in Web Audio. - CVE-2013-2918: Use-after-free in DOM. - CVE-2013-2919: Memory corruption in V8. - CVE-2013-2920: Out of bounds read in URL parsing. - CVE-2013-2921: Use-after-free in resource loader. - CVE-2013-2922: Use-after-free in template element. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - CVE-2013-2924: Use-after-free in ICU. * debian/tests/...: Make first real tests using sikuli. Probably quite fragile on changes to upstream. (LP: #1222895) * debian/patches/4-chromeless-window-launch-option.patch: Make new windows use their own state instead of checking the parameters of the instance that started all processes for whether a window has chrome or not. (LP: #1223855) * Update autopkgtest tests. * debian/patches/series: Drop comment references to old patches. Remove files. * debian/rules: Don't build 'reliability_tests' any more. It's deprecated upstream and we don't use it anyway. * debian/rules: debian/chromium-browser.install: Handle sandbox compilation configuration changes by stopping our special handling and using the default, and "you have to change the underscore from the build target into a hyphen". * debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out. (LP: #1226143) * debian/testing/driver: Cheap run test to make sure chromedriver runs. (LP: #1226143) * debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that caused extensions to fail. (LP: #1232575) * debian/rules: Use runtime linker for all architectures, not just 64-bit. Component builds everywhere, now. More than 4GB is too much to expect. * debian/rules: clean up packaging comparison code. -- Chad MILLER Thu, 24 Oct 2013 10:53:44 -0400 chromium-browser (29.0.1547.65-0ubuntu2) saucy; urgency=low * debian/control: Make chromium-browser-l10n Replaces chromium-browser so that new translations that were added in v28 packaging are now in the correct -l10n package. (LP: #1222488) * debian/rules: Remove unused duplicate-exclusion patterns. Again. * debian/control: Make codecs packages no longer Depend on chromium-browser, so that "extras" metapackages can pull them in without enormous browser. (LP: #1208518) * debian/tests/control: Don't use needs-build flag as we don't need it presently. Also, disable autopkgtest "smoketest" failure until its misbehavior on some environments can be diagnosed from log files. * debian/patches/4-chromeless-window-launch-option.patch: Add missing construction initializer. (LP: #1223251) -- Chad MILLER Tue, 22 Oct 2013 14:29:46 -0400 chromium-browser (29.0.1547.65-0ubuntu1) saucy; urgency=low * New release 29.0.1547.65. * New release 29.0.1547.62. * New release 29.0.1547.57: (LP: #1215361) - CVE-2013-2900: Incomplete path sanitization in file handling. - CVE-2013-2905: Information leak via overly broad permissions on shared memory files. - CVE-2013-2901: Integer overflow in ANGLE. - CVE-2013-2902: Use after free in XSLT. - CVE-2013-2903: Use after free in media element. - CVE-2013-2904: Use after free in document parsing. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). * debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine list. [Caine Tighe <~caine>] * debian/patches/search-credit.patch: Update URLs. * debian/patches/disable_dlog_and_dcheck_in_release_builds.patch, debian/patches/wehkit_rev_parser.patch, No longer necessary. Deleted. * debian/chromium-browser.sh.in: Include command-line parameters for registered plugins. * Since we include remoting locales too, also split its locales info into the -l10n package correctly. * debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND breaks build right now. * debian/rules: Fix packaging-completeness checker. * debian/rules: Break long expressions into discrete parts in packaging completeness checker. * Update webapps patches. * debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser, expmplary for extension placement. * debian/patches/extensions-directory.patch: Use a /usr/share/ directory that is named with our package, not "chromium". Withouth this, we force global extensions to violate FHS. -- Chad MILLER Thu, 05 Sep 2013 16:47:55 -0400 chromium-browser (28.0.1500.95-0ubuntu2) saucy; urgency=low * debian/rules: - Make unused-file matches simpler, and install rule more descriptive. - get-orig-source has to make the directory for the orig contents. * debian/source/lintian-overrides: - Add old-fsf-address-in-copyright-file and image-file-in-usr-lib - Fix setuid-binary to be "source". Seems like it should be "binary". :( * debian/checkout-orig-source.mk: Remove tests and add unofficialness marker file to orig tarball when we can't use upstream orig releases. -- Chad MILLER Wed, 31 Jul 2013 07:10:34 -0400 chromium-browser (28.0.1500.95-0ubuntu1) saucy; urgency=low * debian/control: Set VCS URL to be accurate. * debian/rules: Start rule to create patch that includes Launchpad translations. Never change upstream orig tarball. This will be a release-time manual rule that updates a quilt patch. * New release 28.0.1500.95: - CVE-2013-2881: Origin bypass in frame handling. - CVE-2013-2882: Type confusion in V8. - CVE-2013-2883: Use-after-free in MutationObserver. - CVE-2013-2884: Use-after-free in DOM. - CVE-2013-2885: Use-after-free in input handling. - CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. -- Chad MILLER Tue, 30 Jul 2013 17:44:06 -0400 chromium-browser (28.0.1500.71-0ubuntu3) saucy; urgency=low * debian/rules: - Keepalive in tests rule, to keep builder machines from reaping. - Further exclude a few tests that interact with fakeroot, ReadOnlyFileUtilTest. -- Chad MILLER Mon, 29 Jul 2013 11:38:52 -0400 chromium-browser (28.0.1500.71-0ubuntu2) saucy; urgency=low * debian/rules: - Disable logging calls in chromium binary to save several MB of executable size. * debian/patches/linker-asneeded-bug.patch: - Add patch to work around linker bug. * debian/keep-alive.sh: - Treat disappearing /proc as error, and quit. -- Chad MILLER Fri, 26 Jul 2013 19:29:45 -0400 chromium-browser (28.0.1500.71-0ubuntu0.13.10.1) saucy; urgency=low * New release 28.0.1500.71. * debian/chromium-browser.install: Include inspector resources in chromium-browser package. * debian/control: Make new -dbg package for chromedriver. * debian/rules: - Remove tests for ancient versions of Ubuntu. - Return to using no explicity NEON fpu, and instead try to detect at runtime NEON caps. This effectively disables NEON, so far. - Build and run unit test suite as part of making a package. Abort if more than 15 out of ~1000 tests fail. - Clean up packaging sanity test that verifies everything we build is put into a package. - Set relative rpath to libs/ for chromium-browser executable, but . for libraries in libs/ ; that makes dpkg-shlibdeps happy and process run. - Strip out some ugly logic around keeping only one language in the main package, and keeping the contents verifier happy based on the architecture. - EXPERIMENT: Try not stripping enormous libraries' symbols explicitly. - Add more exceptions for packaging contents tests, this time to exclude files that are in package but not from the build tree. - Be more explicit about what files we set the rpath on. Get all executables. We missed chromedriver before. - Only one hardware arch builds the independent files, so in our sanity test that we install everything upstream built once and only once in packages, we have to consider whether this build didn't even try to take and use arch-independent files. Don't look for some file paths if we don't use them. (Also, if we match too much of what we used, also remove matches from the list of created. This should be better.) * debian/patches/arm-neon.patch: - Compile in NEON instructions for ARM, even if we can't reliably check for whether our CPU is capable of running them yet. The major problem remaining is that the sandbox security wrapper defeats any test of /proc/cpuinfo . * debian/source/lintian-overrides: - Supress warnings about known intentional decisions: Package name, statically linked bundled libraries, setuid root sandbox. * debian/chromium-browser.sh.in: - Detect at startup the features of the CPU that we might be intersted in and export info into the environment. This is step one of a longer workaround for sandbox /proc restrictions. * Make a fall-back for when upstream fails to release a Release. Package up as best we can from source control. debian/rules and debian/checkout-orig-source.mk . * debian/tests/: - Add smoketest to verify that chromium runs. - Add a empty webapps test file for notes about what parts of webapps will or should be tested. * debian/keep-alive.sh. Quit if disk environment disappears. -- Chad MILLER Thu, 18 Jul 2013 17:31:34 -0400 chromium-browser (28.0.1500.52-0ubuntu3) saucy; urgency=low * Conform to newer Ayatana standard for Desktop Actions. * Prefer "-extra" codecs package. * Add debian/patches/menu-bar-visible.patch to show the top menu-bar in contemporary Unity. * Update webapps patches, to hide the bar asking the user's permission to run webapps extension for this window. -- Chad MILLER Fri, 28 Jun 2013 15:47:42 -0400 chromium-browser (28.0.1500.52-0ubuntu2) saucy; urgency=low [Chad MILLER] * New stable release 28.0.1500.52 * New stable release 28.0.1500.45 * New stable release 27.0.1453.110: - CVE-2013-2855: Memory corruption in dev tools API. - CVE-2013-2856: Use-after-free in input handling. - CVE-2013-2857: Use-after-free in image handling. - CVE-2013-2858: Use-after-free in HTML5 Audio. - CVE-2013-2859: Cross-origin namespace pollution. - CVE-2013-2860: Use-after-free with workers accessing database APIs. - CVE-2013-2861: Use-after-free with SVG. - CVE-2013-2862: Memory corruption in Skia GPU handling. - CVE-2013-2863: Memory corruption in SSL socket handling. - CVE-2013-2864: Bad free in PDF viewer. * New stable release 27.0.1453.93: - CVE-2013-2837: Use-after-free in SVG. - CVE-2013-2838: Out-of-bounds read in v8. - CVE-2013-2839: Bad cast in clipboard handling. - CVE-2013-2840: Use-after-free in media loader. - CVE-2013-2841: Use-after-free in Pepper resource handling. - CVE-2013-2842: Use-after-free in widget handling. - CVE-2013-2843: Use-after-free in speech handling. - CVE-2013-2844: Use-after-free in style resolution. - CVE-2013-2845: Memory safety issues in Web Audio. - CVE-2013-2846: Use-after-free in media loader. - CVE-2013-2847: Use-after-free race condition with workers. - CVE-2013-2848: Possible data extraction with XSS Auditor. - CVE-2013-2849: Possible XSS with drag+drop or copy+paste. * Drop unneeded patches, safe-browsing-sigbus.patch dont-assume-cross-compile-on-arm.patch struct-siginfo.patch ld-memory-32bit.patch dlopen_sonamed_gl.patch * Temporarily disable webapps patches. * Update arm-neon patch, format-flag patch, search-credit patch, title-bar-system-default patch. * Make get-orig-source nicer. Package tarball contents from upstream correctly. * Reenable dyn-linking of major components of chromium for 32-bit machines. Fix a libdir path bug in debian/chromium-browser.sh.in . * No longer try to use system libraries. Generally, Security Team would hate bundled libraries because they provide a wide liability, but Chromium Project is pretty good about maintaining their bundled-source libraries. We can not pull cr-required lib versions forward in older Ubuntus, and we can't guarantee all the distro versions of libraries work with chromium-browser. The default security policy might be worse. Bundled libraries is less work overall. * Exclude included XDG files even if they are built. * Use NEON instructions on ARM, optionally. This might use run-time checks for hardware capability, but even if it doesn't we can add it later. * Clean up difference checks in debian/rules that make sure that all files that the build makes are used in packages, and no longer hide any, and no longer consider it an error if some are unused. Treat it as a warning, not a fatality. * Use legible shell instead of make-generated shell in setting the rpath in rules. * Add new build-dep, "chrpath". [Chris Coulson] * debian/rules: Disable tcmalloc on all component builds, not just on arm builds. -- Chad MILLER Thu, 20 Jun 2013 14:54:43 -0400 chromium-browser (26.0.1410.63-0ubuntu3) saucy; urgency=low * Work around SEGV on ARMHF that's caused by tcmalloc. -- Chad MILLER Sun, 19 May 2013 23:30:01 -0400 chromium-browser (26.0.1410.63-0ubuntu2) saucy; urgency=low * Work arround missing Apparmour feature. Set environment explicitly to disallow breaking out of apparmor protection. (LP: #1045986) * Use more system libraries, libxml, libjpeg, bzip2, libxslt, flac, libevent, protobuf, speex, xdg_utils, yasm, but not a few others -- in particular, - libpng causes render hangs, - sqlite causes link failures. Updating debian/rules, and dropping the removed ones from debian/control . * debian/rules: - Use actual original upstream tarball. No SVN snapshots, no gclient. - Rip out compiler-targeting. All versions should work. - Always use sandbox. It shouldn't be an option. Nothing works without it any more. * Drop build-dep on subversion. Not required with pristing orig.tar get-original-source. * Simpify debian/rules and use the built-in parameter for telling GYP config to include debug symbols. * Include upstream patch debian/patches/ld-memory-32bit.patch that makes 32 bit machines more likely to use BDF linker and include parameters that make it more memory efficient. * GCC doesn't allow -Wno-format with hardening -Werror=format-security . Add debian/patches/format-flag.patch . * Since we're Depending on xdg-settings, don't try to install one from upstream. Change debian/chromium-browser.install . * Invert sense of a quantal+ test so that we don't have to track things forever. Name things we know about, instead of things that don't exist yet. Update debian/rules . * Drop old unused sizes of icons to install from debian/rules . * Always default chromium to using the system title bar. Add debian/patches/title-bar-default-system.patch . * Default third-party cookies to most secure to users: off. Add debian/patches/third-party-cookies-off-by-default.patch . * Remove flags that make several useful application actions only appear on Unity. Update debian/chromium-browser.desktop . * Add a lp:app-install-data-ubuntu flag that names the package. Update debian/chromium-browser.desktop . * Remove full path from freedesktop default-apps file. Update debian/chromium-browser.xml . -- Chad MILLER Fri, 10 May 2013 17:27:45 -0400 chromium-browser (26.0.1410.63-0ubuntu1) raring; urgency=low [Chris Coulson] * Make it possible to build armv7 without neon optimizations - update debian/patches/arm-neon.patch * Don't assume that arm linux builds are cross-builds - add debian/patches/dont-assume-cross-compile-on-arm.patch - update debian/patches/series [Chad MILLER] * debian/chromium-browser.desktop: No absolute path to executable. Use PATH from environment. LP:1008741 * Make the "clean" rule behave better. Test differently for src/obj/ and never involve the upstream Makefile. Update debian/rules . * Don't over-clean. The makefiles generated by GYP are fine to include in orig tarball. * Use Google API keys in Ubuntu, as approved by Paweł Hajdan @ Google. * New stable version 26.0.1410.63. No CVEs to report. * New stable version 26.0.1410.43: - CVE-2013-0916: Use-after-free in Web Audio. - CVE-2013-0917: Out-of-bounds read in URL loader. - CVE-2013-0918: Do not navigate dev tools upon drag and drop. - CVE-2013-0919: Use-after-free with pop-up windows in extensions. - CVE-2013-0920: Use-after-free in extension bookmarks API. - CVE-2013-0921: Ensure isolated web sites run in their own processes. - CVE-2013-0922: Avoid HTTP basic auth brute force attempts. - CVE-2013-0923: Memory safety issues in the USB Apps API. - CVE-2013-0924: Check an extension’s permissions API usage again file permissions. - CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. - CVE-2013-0926: Avoid pasting active tags in certain situations. * Update webapps patches. * debian/patches/arm-crypto.patch . Drop patch. Unnecessary now. * Always use verbose building. Update debian/rules . * Always use sandbox. It shouldn't be an option. Nothing works without it any more. Update debian/rules . * Always use extra debugging "-g" flag. Update debian/rules . * Try to be more multiarch aware. Update debian/control . * Drop many lintian overrides. Update debian/source/lintian-overrides . * Include autotoools-dev in build-deps so that cdbs will update autoconf helper files in source automatically. Update debian/control . * Update standards version to 3.9.4 in debian/control . * When executable is split into libraries, strip debug symbols from enormous libraries even in dbg packages. This affects webkit only, in actuality. Update debian/rules . * Clean up some "tar" usage in debian/rules . * Don't include hardening on armhf. Update debian/rules . * Drop extraneous no-circular-check in debian/rules GYP run. * Work around a SIGBUS on ARM. Added debian/patches/safe-browsing-sigbus.patch * Insert multilib info directly into nss runtime library loading. Update debian/rules . * Enable NEON support for hard-float ARM. Actual use should be a runtime check, or is a bug. -- Chad MILLER Thu, 11 Apr 2013 20:08:28 -0400 chromium-browser (25.0.1364.160-0ubuntu2) raring; urgency=low * fix LP: #1153137 - Drop Recommends on webaccounts-chromium-extension and unity-chromium-extension to Suggests as they're not useful without Unity -- Micah Gersten Wed, 27 Mar 2013 23:52:08 -0500 chromium-browser (25.0.1364.160-0ubuntu1b1) raring; urgency=low * No-change rebuild against libudev1 -- Martin Pitt Wed, 13 Mar 2013 07:04:51 +0000 chromium-browser (25.0.1364.160-0ubuntu1) raring-proposed; urgency=low * Disable lintian warnings about outdated autoconf files in source tree. * New stable version 25.0.1364.160: - CVE-2013-0912: Type confusion in WebKit. * New stable version 25.0.1364.152: - CVE-2013-0902: Use-after-free in frame loader. - CVE-2013-0903: Use-after-free in browser navigation handling. - CVE-2013-0904: Memory corruption in Web Audio. - CVE-2013-0905: Use-after-free with SVG animations. - CVE-2013-0906: Memory corruption in Indexed DB. - CVE-2013-0907: Race condition in media thread handling. - CVE-2013-0908: Incorrect handling of bindings for extension processes. - CVE-2013-0909: Referer leakage with XSS Auditor. - CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. - CVE-2013-0911: Possible path traversal in database handling. * New stable version 25.0.1364.97: - CVE-2013-0879: Memory corruption with web audio node. - CVE-2013-0880: Use-after-free in database handling. - CVE-2013-0881: Bad read in Matroska handling. - CVE-2013-0882: Bad memory access with excessive SVG parameters. - CVE-2013-0883: Bad read in Skia. - CVE-2013-0885: Too many API permissions granted to web store. - CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - CVE-2013-0888: Out-of-bounds read in Skia. - CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - CVE-2013-0890: Memory safety issues across the IPC layer. - CVE-2013-0891: Integer overflow in blob handling. - CVE-2013-0892: Lower severity issues across the IPC layer. - CVE-2013-0893: Race condition in media handling. - CVE-2013-0894: Buffer overflow in vorbis decoding. - CVE-2013-0895: Incorrect path handling in file copying. - CVE-2013-0896: Memory management issues in plug-in message handling. - CVE-2013-0897: Off-by-one read in PDF. - CVE-2013-0898: Use-after-free in URL handling. - CVE-2013-0899: Integer overflow in Opus handling. - CVE-2013-0900: Race condition in ICU. * New stable version 24.0.1312.52: - CVE-2012-5145: Use-after-free in SVG layout. - CVE-2012-5146: Same origin policy bypass with malformed URL. - CVE-2012-5147: Use-after-free in DOM handling. - CVE-2012-5148: Missing filename sanitization in hyphenation support. - CVE-2012-5149: Integer overflow in audio IPC handling. - CVE-2012-5150: Use-after-free when seeking video. - CVE-2012-5151: Integer overflow in PDF JavaScript. - CVE-2012-5152: Out-of-bounds read when seeking video. - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5156: Use-after-free in PDF fields. - CVE-2012-5157: Out-of-bounds reads in PDF image handling. - CVE-2013-0828: Bad cast in PDF root handling. - CVE-2013-0829: Corruption of database metadata leading to incorrect file access. - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process. - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling. - CVE-2013-0835: Browser crash with geolocation. - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments. * Add libpci-dev to build-deps. * Add Recomends for webaccounts-chromium-extension. * Add Recomends for unity-chromium-extension. * debian/patches/ffmpeg-gyp-config. - Renamed from debian/patches/gyp-config-root - Write includes for more targets in ffmpeg building. * debian/patches/arm-crypto.patch - Added patch to distinguish normal ARM and hard-float ARM in crypto NSS inclusion. * Put GOOG search credit in a patch so we know when it fails. Also add credit to the other search idioms for GOOG. because releases can have any number of updates. * Update webapps patches. * debian/rules: - Adopt some ARM build conditions from Debian. - Clean up. Stop matching Ubuntu versions outside of Ubuntu environments. Match patterns instead of whole words - Write REMOVED files in correct place. - Remove all generated in-tree makefiles at clean and get-source time. - Move all file-removal lines in get-source inside the condition for stripping files out of the source. - Hack in a "clean" rule that implements what src/Makefile should. -- Chad MILLER Fri, 08 Mar 2013 09:50:59 -0500 chromium-browser (24.0.1312.56-0ubuntu2) raring-proposed; urgency=low * Update webapps patches for 24.0.1312.52. (LP: #1099828). Patches from Chad Miller. -- Jamie Strandboge Sun, 03 Feb 2013 11:55:37 -0600 chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low * Add comment-markers to debian/patches/series file to make patch import easier. * debian/patches/gyp-config-root.patch - Added. Avoids compilation bug on (at least) ARM. * debian/patches/arm-neon.patch - Added function to determine NEON functionality in ARM at runtime for WebRt library in WebKit. * Update README.source to include some of these changes. * Set new URL for channel-release info in rules file. * debian/chromium-browser.install - No longer install demo extension - Install remoting locales * debian/patches/chromium_useragent.patch.in renamed to drop ".in", OS "Ubuntu" hardcoded with no compilation-release name, and patch refreshed to follow new location of source. Also remove it from the list of ephemeral files that "clean" rule removes. * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;", to be safer and faster. * Make most patches follow a common format (no timestamps or Index lines), to avoid future churn. * Write the "REMOVED" list files to the root of the orig tarball, instead of inside the src/ directory, where they could collide. * Fix dpkg-source warning: Clean up python cached bytecode files. * Also don't include python bytecode or cache files in orig tarball, and clean then up on "clean" rule. * Fix dpkg-source warning: Remove autoconf cache. * Fix lintian warning: fta and micahg to XSBC-Original-Maintainer. * Fix lintian error not-binnmuable-all-depends-any. * Override lintian complaints ancient-autotools-helper-file and unused-build-dependency-on-cdbs. * Drop "lzma" from build dependencies. * Set default binary and source package compression to xz. If building for Ubuntu 10.04, then make binary's compression to bzip2. * List explicit architectures that Chromium supports, instead of "any". Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}. * debian/patches/arm-neon.patch added to get ARM w/o Neon support. (LP: #1084852) * Add chromedriver packaging. (LP: #1069930) Thanks to John Rigby * In debian/rules, avoid creating invalid subst expression in sed of DEBIAN* vars into files. * Note localization in package description for support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms. * No longer include Launchpad-generated translations. Disable patch grd_parse_fix.patch . * Set default binary and source package compression to xz. If building for Ubuntu 10.04, then make binary's compression to bzip2. * No longer expect unpacked tarball to contain "build-tree". * Fix build warning about missing debian/source/format. Set to "3.0 (quilt)". * Remove unnecessary glib-header-single-entry.patch . * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the executing program is not dpkg-buildpackage. * Make rules file generate LASTCHANGE file at new location. * Change get-sources command to kill script when it fails to disable gyp-chromium run from DEPS. Never fail silently again. * Add patches/struct-siginfo.patch to work around source bug in dereferencing internal stuct instead of public type. * Drop SCM revision from the version. * Refresh patches from lp:unity-chromium-extension . * Make all patches follow a common format, to avoid future churn. No timestamps, a/b parent, sorted, no index. * New upstream version 24.0.1312.56: - CVE-2013-0839: Use-after-free in canvas font handling. - CVE-2013-0840: Missing URL validation when opening new windows. - CVE-2013-0841: Unchecked array index in content blocking. - CVE-2013-0842: Problems with NULL characters embedded in paths. * New upstream version 24.0.1312.52: (LP: #1099075) - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez. - CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome Security Team (Justin Schuh). - CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. - CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). - CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. - CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer). * New upstream version 23.0.1271.97 - CVE-2012-5139: Use-after-free with visibility events. - CVE-2012-5140: Use-after-free in URL loader. - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers. - CVE-2012-5144: Stack corruption in AAC decoding. * New upstream version 23.0.1271.95 - CVE-2012-5138: Incorrect file path handling. - CVE-2012-5137: Use-after-free in media source handling. * New upstream version 23.0.1271.91 - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia. - CVE-2012-5132: Browser crash with chunked encoding. - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. * Includes CVE fixes for 23.0.1271.64 - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. - CVE-2012-5120: Out-of-bounds array access in v8. - CVE-2012-5116: Use-after-free in SVG filter handling. - CVE-2012-5121: Use-after-free in video layout. - CVE-2012-5117: Inappropriate load of SVG subresource in img context. - CVE-2012-5119: Race condition in Pepper buffer handling. - CVE-2012-5122: Bad cast in input handling. - CVE-2012-5123: Out-of-bounds reads in Skia. - CVE-2012-5124: Memory corruption in texture handling. - CVE-2012-5125: Use-after-free in extension tab handling. - CVE-2012-5126: Use-after-free in plug-in placeholder handling. - CVE-2012-5128: Bad write in v8. * Disable lintian warnings about outdated autoconf files in source tree. -- Chad Miller Wed, 23 Jan 2013 13:43:34 -0500 chromium-browser (22.0.1229.94~r161065-0ubuntu1) quantal-proposed; urgency=low * New upstream release from the Stable Channel - [154983][154987] Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write -- Ken VanDine Sat, 13 Oct 2012 00:24:57 -0400 chromium-browser (22.0.1229.79~r158531-0ubuntu1) quantal-proposed; urgency=low * New upstream release from the Stable Channel * debian/control - fixed typo in description for chromium-codecs-ffmpeg * debian/patches/fix-armhf-ftbfs.patch - Dropped, no longer needed * debian/chromium-browser.install - Install demo extension * debian/rules - Updated INSTALL_EXCLUDE_FILES - build with gcc 4.7 * debian/patches/1-infobars.patch, debian/patches/2-get-domain-tld.patch, debian/patches/3-chrome-xid.patch, debian/patches/4-chromeless-window-launch-option.patch, debian/patches/5-desktop-integration-settings.patch, debian/patches/fix-1034541.patch - Updated for v22 * debian/patches/6-passwordless-install-support.patch - Webapp package installation (LP: #1059460) * debian/patches/7-plugin-status.patch - Don't block npapi plugins on linux, which is required by unity-chromium-extension -- Ken VanDine Fri, 12 Oct 2012 09:31:11 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu6) quantal-proposed; urgency=low * debian/patches/5-desktop-integration-settings.patch - Updated to match libunity-webapps.so.0 -- Ken VanDine Wed, 19 Sep 2012 11:44:21 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu5) quantal; urgency=low * debian/patches/fix-1034541.patch - fix chromeless issues if chromeless window is launched before a regular browser window (LP: #1034541) -- Ken VanDine Tue, 14 Aug 2012 14:45:16 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu4) quantal; urgency=low * debian/patches/4-chromeless-window-launch-option.patch - updated to latest from webapps * debian/patches/5-desktop-integration-settings.patch - updated to latest from webapps -- Ken VanDine Mon, 13 Aug 2012 22:53:46 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu3) quantal; urgency=low * debian/patches/1-infobars.patch - moved infobars out of experimental, used for webapps * debian/patches/2-get-domain-tld.patch - Adds API for getting the base domain of a URI, used for webapps * debian/patches/3-chrome-xid.patch - Get xid, used for webapps * debian/patches/chromeless-window-launch-option.patch - Adds optional chromeless mode, used for webapps * debian/patches/desktop-integration-settings.patch - Adds settings for managing sites integrated with the desktop, used for webapps -- Ken VanDine Mon, 06 Aug 2012 13:40:57 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu2) quantal; urgency=low * debian/control - Dropped build depends for libvpx-dev * -debian/patches/vpx.patch - dropped, build with internal vpx [ Matthieu Baerts ] * debian/apport: - Update apport hook for python3 (LP: #1013171) patch made with the help of Edward Donovan -- Ken VanDine Thu, 12 Jul 2012 15:56:59 -0400 chromium-browser (20.0.1132.47~r144678-0ubuntu1) quantal; urgency=low * New upstream release from the Stable Channel * debian/control - Added build depends binutils-gold, libvpx-dev,libssl-dev and subversion - Bumped standards version to 3.9.3 - don't build depend on binutils-gold for armel * debian/rules - explicitly set arm_float_abi=hard for armhf builds and let the rest fallback to softfp - do not use third_party/gold as the linker. - enable compile-time dependency on gnome-keyring * -debian/patches/ubuntu_dont_overwrite_default_download_directory.patch - no longer needed * debian/patches/grd_parse_fix.patch - Patched to fix broken XML until we can get a proper fix for chromium-translation-tools. * debian/patches/vpx.patch - patch from debian to fix FTBFS on armel * debian/patches/arm.patch - patch from debian to fix FTBFS on armel -- Ken VanDine Thu, 12 Jul 2012 14:02:44 -0400 chromium-browser (18.0.1025.168~r134367-0ubuntu2) quantal; urgency=low * debian/rules - force to build with gcc 4.6 to fix ftbfs (LP: #992212) - don't build with -Werror * debian/control - add build depends for g++-4.6-multilib -- Ken VanDine Fri, 06 Jul 2012 13:51:59 -0400 chromium-browser (18.0.1025.168~r134367-0ubuntu1) quantal; urgency=low * debian/rules - include armv7 in GYP_DEFINES for 11.10, 12.04 and 12.10. Fixes FTBFS on arm (LP: #993080) -- Ken VanDine Mon, 18 Jun 2012 10:04:59 -0400 chromium-browser (18.0.1025.168~r134367-0ubuntu0.12.04.1) precise-security; urgency=low * New upstream release from the Stable Channel (LP: #992352) - [106413] High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz. - [117110] High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by wushi of team509 reported through iDefense VCP (V-874rcfpq7z). - [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie - [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano. - [121899] High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz. -- Micah Gersten Tue, 01 May 2012 00:02:53 -0500 chromium-browser (18.0.1025.151~r130497-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #977502) - black screen on Hybrid Graphics system with GPU accelerated compositing enabled (Issue: 117371) - CSS not applied to element (Issue: 114667) - Regression rendering a div with background gradient and borders (Issue: 113726) - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285) - Multiple crashes (Issues: 72235, 116825 and 92998) - Pop-up dialog is at wrong position (Issue: 116045) - HTML Canvas patterns are broken if you change the transformation matrix (Issue: 112165) - SSL interstitial error "proceed anyway" / "back to safety" buttons don't work (Issue: 119252) This release fixes the following security issues: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). -- Micah Gersten Mon, 09 Apr 2012 16:21:40 -0500 chromium-browser (18.0.1025.142~r129054-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #968901) This release fixes the following security issues: - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. * Add build dependency on libudev-dev to allow for gamepad detection; see http://code.google.com/p/chromium/issues/detail?id=79050 - update debian/control * Drop dlopen_libgnutls patch as it's been implemented upstream - drop debian/patches/dlopen_libgnutls.patch - update debian/patches/series * Start removing *.so and *.so.* from the upstream tarball creation - update debian/rules * Strip almost the entire third_party/openssl directory as it's needed only on android, but is used by the build system - update debian/rules * Use tar's --exclude-vcs flag instead of just excluding .svn - update debian/rules -- Micah Gersten Sun, 01 Apr 2012 22:17:11 -0500 chromium-browser (17.0.963.83~r127885-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #961831) This release fixes the following security issues: - [113902] High CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit to Glenn Randers-Pehrson of the libpng project. - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. - [116746] High CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. - [117418] Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”. Credit to Sergey Glazunov. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. -- Micah Gersten Wed, 21 Mar 2012 21:31:34 -0500 chromium-browser (17.0.963.79~r125985-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #952711) This release fixes the following security issue: - [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie. -- Micah Gersten Mon, 12 Mar 2012 00:01:07 -0500 chromium-browser (17.0.963.78~r125577-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #950174) This release fixes the following security issue: - [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov. * Add libgles2-mesa-dev build dependency on armhf as well; Hopefully really fix LP: #943281; Thanks to Christian Dywan for the tip - update debian/control -- Micah Gersten Fri, 09 Mar 2012 00:40:23 -0600 chromium-browser (17.0.963.66~r124982-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #948749) - fixes regression in the DOM [116789] [ Micah Gersten ] * Revert manual changes to v8 build system since we're using the gyp flag now - update debian/patches/fix-armhf-ftbfs.patch [ Jani Monoses ] * Attempt to fix armhf build again (LP: #943281) - update debian/rules -- Micah Gersten Wed, 07 Mar 2012 02:00:53 -0600 chromium-browser (17.0.963.65~r124586-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #946914) - Cursors and backgrounds sometimes do not load [111218] - Plugins not loading on some pages [108228] - Text paste includes trailing spaces [106551] - Websites using touch controls break [110332] This release fixes the following security issues: - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG. - [111748] High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis. - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis. - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz. - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz. - [113497] High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz. - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz. - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz. - [114068] High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz. - [114219] High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz. - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz. - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis. [ Jani Monoses ] * Fix FTBFS on armhf (LP: #943281) - add debian/patches/fix-armhf-ftbfs.patch - update debian/patches/series -- Micah Gersten Mon, 05 Mar 2012 03:48:05 -0600 chromium-browser (17.0.963.56~r121963-0ubuntu3) precise; urgency=low * Fix arm specific flags again; Use findstring instead of filter as arm isn't the entire build arch name - update debian/rules -- Micah Gersten Mon, 20 Feb 2012 00:59:09 -0600 chromium-browser (17.0.963.56~r121963-0ubuntu2) precise; urgency=low * Add arm specific flags for arm*, not just armel; This allows building on armhf successfully (we hope) - update debian/rules * Change chromium-browser-dbg to Priority: extra, Section: debug per lintian - update debian/control * Fix line endings in debian/copyright per lintian - update debian/copyright * Make copyright file UTF-8 per lintian - update debian/copyright -- Micah Gersten Mon, 20 Feb 2012 00:23:47 -0600 chromium-browser (17.0.963.56~r121963-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #933262) This release fixes the following security issues: - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to Google Chrome Security Team (scarybeasts). - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. - [108695] High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the Google Security Team. - [111575] Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz. -- Micah Gersten Wed, 15 Feb 2012 22:55:08 -0600 chromium-browser (17.0.963.46~r119351-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #931905) This release fixes the following security issues: - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection. Credit to Aki Helin of OUSPG. - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. - [108871] Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image handling. Credit to Atte Kettunen of OUSPG. - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek. - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno). * Rebase patch - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch * Update .install file to just install all .pak files instead of listing them by name - update debian/chromium-browser.install -- Micah Gersten Wed, 15 Feb 2012 01:32:50 -0600 chromium-browser (16.0.912.77~r118311-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #923602, #897389) (LP: #914648, #889711) This release fixes the following security issues: - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415). - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz. - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis. This upload also includes the following security fixes from 16.0.912.75: - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). This upload also includes the following security fixes from 16.0.912.63: - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security. - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google Chrome Security Team (scarybeasts) and Robert Swiecki of the Google Security Team. - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek. - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross references. Credit to Atte Kettunen of OUSPG. - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). This upload also includes the following fixes from 15.0.874.121: - fix to a regression: SVG in iframe doesn't use specified dimensions - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler [ Micah Gersten ] * Add patch to build with glib 2.31 (single entry header inclusion) - add debian/patches/glib-header-single-entry.patch - update debian/patches/series [ Brandon Snider ] * Refresh user agent patch - update debian/patches/chromium_useragent.patch.in -- Micah Gersten Mon, 30 Jan 2012 14:43:06 -0600 chromium-browser (15.0.874.120~r108895-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #889711) This release fixes the following security issues: - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). -- Micah Gersten Sun, 13 Nov 2011 00:11:03 -0600 chromium-browser (15.0.874.106~r107270-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #881786) - This release fixes a regression with regard to logging into certain websites -- Micah Gersten Wed, 26 Oct 2011 23:19:00 -0500 chromium-browser (15.0.874.102~r106587-0ubuntu1) precise; urgency=low * New upstream release from the Stable Channel (LP: #881786) - fix LP: #881607 - Error initializing NSS without a persistent database This release fixes the following security issues: - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen. - [94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov. - [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno). - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz. - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. - [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean. [ Micah Gersten ] * Switch to xz debs; Add Pre-Depends on dpkg >= 1.15.6 which is needed until after Precise - update debian/rules - update debian/control [ Chris Coulson ] * Refresh patches - update debian/patches/dlopen_sonamed_gl.patch - update debian/patches/webkit_rev_parser.patch * Dropped patches, fixed upstream - remove debian/patches/cups_1.5_build_fix.patch - update debian/patches/series * Don't depend on cdbs being installed to create a tarball - update debian/rules - update debian/cdbs/tarball.mk [ Fabien Tassin ] * Disable NaCl until we figure out what to do with the private toolchain - update debian/rules * Do not install the pseudo_locales files in the debs - update debian/rules * Add python-simplejson to Build-depends. This is needed by NaCl even with NaCl disabled, so this is a temporary workaround to unbreak the build, it must be fixed upstream - update debian/control -- Micah Gersten Wed, 26 Oct 2011 02:52:39 -0500 chromium-browser (14.0.835.202~r103287-0ubuntu2) precise; urgency=low * Switch maintainer to Ubuntu Developers; Thanks to Fabien Tassin for all his work on this package - update debian/control * Switch to internal libvpx; This makes updating easier after release - update debian/rules * Drop build dependency on libvpx due to the switch to internal libvpx - update debian/control * Switch to default libjpeg - update debian/control * Update Vcs-Bzr for precise - update debian/control -- Micah Gersten Tue, 18 Oct 2011 02:50:27 -0500 chromium-browser (14.0.835.202~r103287-0ubuntu1) oneiric; urgency=low * New upstream release from the Stable Channel (LP: #858744) This release fixes the following security issues: + Chromium issues (13.0.782.220): - Trust in Diginotar Intermediate CAs revoked + Chromium issues (14.0.835.163): - [49377] High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi. - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski. - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to Mario Gomes. - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany. - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki Helin of OUSPG. - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid). + Chromium issues (14.0.835.202): - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). - [98089] Critical CVE-2011-3873: Memory corruption in shader translator. Credit to Zhenyao Mo. + Webkit issues (14.0.835.163): - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. - [89219] High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. - [93587] High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. + Webkit issues (14.0.835.202): - [93788] High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz. + LibXML issue (14.0.835.163): - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning + V8 issues (14.0.835.163): - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. + V8 issues (14.0.835.202): - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. [ Fabien Tassin ] * Add libpulse-dev to Build-Depends, needed for WebRTC - update debian/control * Drop the HTML5 video patch, now committed upstream - remove debian/patches/html5-codecs-fix.patch - update debian/patches/series * Rename ui/base/strings/app_strings.grd to ui_strings.grd following the upstream rename, and add a mapping flag to the grit converter - update debian/rules * Add a "Conflicts" with -inspector so that it gets removed - update debian/control * Build with the default gcc-4.6 on Oneiric - update debian/control - update debian/rules * Refresh Patches -- Micah Gersten Wed, 05 Oct 2011 04:06:44 -0500 chromium-browser (13.0.782.215~r97094-0ubuntu2) oneiric; urgency=low * Enable hardening on armel. LP: #641126. -- Matthias Klose Wed, 21 Sep 2011 23:47:00 +0200 chromium-browser (13.0.782.215~r97094-0ubuntu1) oneiric; urgency=high * New upstream release from the Stable Channel This release fixes the following security issues: + Chromium issues: - [91517] High, CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined). + Webkit issues: - [82552] High, CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. - [88216] High, CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. - [88670] High, CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. - [87453] High, CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov. - [90668] High, CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. - [32-bit only] [91598] High, CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. + libxml2 issue: - [89402] High, CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Packaging changes: * Fix a FTBFS with cups 1.5.0 by including individual cups headers - add debian/patches/cups_1.5_build_fix.patch - update debian/patches/series -- Fabien Tassin Tue, 23 Aug 2011 07:22:44 +0200 chromium-browser (13.0.782.107~r94237-0ubuntu2) oneiric; urgency=high * Add libgles2-mesa-dev to Build-deps for Armel (only), fixing a FTBFS - update debian/control -- Fabien Tassin Wed, 03 Aug 2011 21:20:41 +0200 chromium-browser (13.0.782.107~r94237-0ubuntu1) oneiric; urgency=high * New Major upstream release from the Stable Channel This release fixes the following security issues: + Chromium issues: - [75821] Medium, CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. - [79266] Low, CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. - [79426] Low, CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. - [81307] Medium, CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. - [83273] Medium, CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. - [84402] Low, CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. - [84805] Medium, CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. - [85808] Medium, CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. - [87815] Low, CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. - [88827] Medium, CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). + Webkit issues: - [78841] High, CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. - [83841] Low, CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. - [84600] Low, CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. - [85559] Low, CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki. - [86502] High, CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. - [87148] High, CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. - [87227] High, CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. - [87298] Medium, CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. - [87339] Medium, CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. - [87548] High, CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. - [87729] High, CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. - [87925] High, CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. - [88337] Medium, CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. - [88591] High, CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. - [88846] High, CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. - [88889] High, CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. - [89520] High, CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. - [90222] High, CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov. + ICU 4.6 issue: - [86900] High, CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. Packaging changes: * Add a "Conflicts" with -inspector so that it gets removed - update debian/control * Disable PIE for ARM on Oneiric too - update debian/rules * Run the gclient hooks when creating the source tarball, as we need files from the Native Client's integrated runtime (IRT) library. Install the NaCL IRT files in the main deb - update debian/rules - update debian/chromium-browser.install * Drop obsolete patches - remove debian/patches/cups_cleanup_cr6883221.patch - update debian/patches/series -- Fabien Tassin Tue, 02 Aug 2011 17:33:23 +0200 chromium-browser (12.0.742.112~r90304-0ubuntu1) oneiric; urgency=high * New Minor upstream release from the Stable Channel (LP: #803107) This release fixes the following security issues: + WebKit issues: - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz. - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. - [85211] High, CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz. - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz. + Chromium issues: - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG. Packaging changes: * Add Valencian (ca@valencia) to the list of supported langs for the lang-packs - update debian/rules - update debian/control * Add support for language variants in Grit, backported from trunk. This is needed to support lang-codes like ca@valencia - add debian/patches/grit_language_variants.patch - update debian/patches/series * Add a WANT_ONLY_WHITELISTED_NEW_LANGS knob to make it easier to sync translations of new langs between all the branches - update debian/rules * Properly stop the keep-alive when the build fails - update debian/rules * Fix the HTML5