chromium-browser 24.0.1312.56-0ubuntu1 source package in Ubuntu

Changelog

chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low

  * Add comment-markers to debian/patches/series file to make patch import
    easier.
  * debian/patches/gyp-config-root.patch
    - Added. Avoids compilation bug on (at least) ARM.
  * debian/patches/arm-neon.patch
    - Added function to determine NEON functionality in ARM at runtime for
      WebRt library in WebKit.
  * Update README.source to include some of these changes.
  * Set new URL for channel-release info in rules file.
  * debian/chromium-browser.install
    - No longer install demo extension
    - Install remoting locales
  * debian/patches/chromium_useragent.patch.in renamed to drop ".in",
    OS "Ubuntu" hardcoded with no compilation-release name, and patch
    refreshed to follow new location of source.  Also remove it
    from the list of ephemeral files that "clean" rule removes.
  * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
    to be safer and faster.
  * Make most patches follow a common format (no timestamps or Index lines), to
    avoid future churn.
  * Write the "REMOVED" list files to the root of the orig tarball,
    instead of inside the src/ directory, where they could collide.
  * Fix dpkg-source warning: Clean up python cached bytecode files.
  * Also don't include python bytecode or cache files in orig tarball,
    and clean then up on "clean" rule.
  * Fix dpkg-source warning: Remove autoconf cache.
  * Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
  * Fix lintian error not-binnmuable-all-depends-any.
  * Override lintian complaints ancient-autotools-helper-file and
    unused-build-dependency-on-cdbs.
  * Drop "lzma" from build dependencies.
  * Set default binary and source package compression to xz. If
    building for Ubuntu 10.04, then make binary's compression to bzip2.
  * List explicit architectures that Chromium supports, instead of "any".
    Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}.
  * debian/patches/arm-neon.patch added to get ARM w/o Neon support.
    (LP: #1084852)
  * Add chromedriver packaging. (LP: #1069930) Thanks to
    John Rigby <email address hidden>
  * In debian/rules, avoid creating invalid subst expression in sed
    of DEBIAN* vars into files.
  * Note localization in package description for support for ast, bs, en-AU,
    eo, hy, ia, ka, ku, kw, ms.
  * No longer include Launchpad-generated translations.  Disable patch
    grd_parse_fix.patch .
  * Set default binary and source package compression to xz. If
    building for Ubuntu 10.04, then make binary's compression to bzip2.
  * No longer expect unpacked tarball to contain "build-tree".
  * Fix build warning about missing debian/source/format.  Set to "3.0
    (quilt)".
  * Remove unnecessary glib-header-single-entry.patch .
  * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
    executing program is not dpkg-buildpackage.
  * Make rules file generate LASTCHANGE file at new location.
  * Change get-sources command to kill script when it fails to disable
    gyp-chromium run from DEPS. Never fail silently again.
  * Add patches/struct-siginfo.patch to work around source bug in dereferencing
    internal stuct instead of public type.
  * Drop SCM revision from the version.
  * Refresh patches from lp:unity-chromium-extension .
  * Make all patches follow a common format, to avoid future churn.
    No timestamps, a/b parent, sorted, no index.
  * New upstream version 24.0.1312.56:
    - CVE-2013-0839: Use-after-free in canvas font handling.
    - CVE-2013-0840: Missing URL validation when opening new windows.
    - CVE-2013-0841: Unchecked array index in content blocking.
    - CVE-2013-0842: Problems with NULL characters embedded in paths.
  * New upstream version 24.0.1312.52:  (LP: #1099075)
    - CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
      OUSPG.
    - CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
      Erling A Ellingsen and Subodh Iyengar, both of Facebook.
    - CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
    - CVE-2012-5148: Missing filename sanitization in hyphenation support.
      Credit to Google Chrome Security Team (Justin Schuh).
    - CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
      Chrome Security Team (Chris Evans).
    - CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
      Security Team (Inferno).
    - CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
      Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
      Team.
    - CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
      Chrome Security Team (Inferno).
    - CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
      Rossberg of the Chromium development community.
    - CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
      Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
      Security Team.
    - CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
      with contribution from Gynvael Coldwind, both of Google Security Team.
    - CVE-2013-0829: Corruption of database metadata leading to incorrect file
      access. Credit to Google Chrome Security Team (Jüri Aedla).
    - CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
      Security Team (Justin Schuh).
    - CVE-2013-0831: Possible path traversal from extension process. Credit to
      Google Chrome Security Team (Tom Sepez).
    - CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
      Chrome Security Team (Cris Neckar).
    - CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
    - CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome
      Security Team (Cris Neckar).
    - CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
    - CVE-2013-0838: Tighten permissions on shared memory segments. Credit to
      Google Chrome Security Team (Chris Palmer).
  * New upstream version 23.0.1271.97
    - CVE-2012-5139: Use-after-free with visibility events.
    - CVE-2012-5140: Use-after-free in URL loader.
    - CVE-2012-5141: Limit Chromoting client plug-in instantiation.
    - CVE-2012-5142: Crash in history navigation.
    - CVE-2012-5143: Integer overflow in PPAPI image buffers.
    - CVE-2012-5144: Stack corruption in AAC decoding.
  * New upstream version 23.0.1271.95
    - CVE-2012-5138: Incorrect file path handling.
    - CVE-2012-5137: Use-after-free in media source handling.
  * New upstream version 23.0.1271.91
    - CVE-2012-5133: Use-after-free in SVG filters.
    - CVE-2012-5130: Out-of-bounds read in Skia.
    - CVE-2012-5132: Browser crash with chunked encoding.
    - CVE-2012-5134: Buffer underflow in libxml.
    - CVE-2012-5135: Use-after-free with printing.
    - CVE-2012-5136: Bad cast in input element handling.
  * Includes CVE fixes for 23.0.1271.64
    - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
      handling.
    - CVE-2012-5120: Out-of-bounds array access in v8.
    - CVE-2012-5116: Use-after-free in SVG filter handling.
    - CVE-2012-5121: Use-after-free in video layout.
    - CVE-2012-5117: Inappropriate load of SVG subresource in img context.
    - CVE-2012-5119: Race condition in Pepper buffer handling.
    - CVE-2012-5122: Bad cast in input handling.
    - CVE-2012-5123: Out-of-bounds reads in Skia.
    - CVE-2012-5124: Memory corruption in texture handling.
    - CVE-2012-5125: Use-after-free in extension tab handling.
    - CVE-2012-5126: Use-after-free in plug-in placeholder handling.
    - CVE-2012-5128: Bad write in v8.
  * Disable lintian warnings about outdated autoconf files in source tree.
 -- Chad Miller <email address hidden>   Wed, 23 Jan 2013 13:43:34 -0500

Upload details

Uploaded by:
Chad Miller
Sponsored by:
Jamie Strandboge
Uploaded to:
Raring
Original maintainer:
Ubuntu Developers
Architectures:
armhf armel i386 amd64 all
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
chromium-browser_24.0.1312.56.orig.tar.xz 309.4 MiB 03506562d70892230772f3dc29b2c28782764854ee4766ea639f4afcc2ffc689
chromium-browser_24.0.1312.56-0ubuntu1.debian.tar.gz 234.1 KiB 2d6a0e61e35a90cd4532dedd6a7e600f21150cfffdebae2b3fff1fc1fab2f518
chromium-browser_24.0.1312.56-0ubuntu1.dsc 3.2 KiB 1b62d36bdb9e777b8ee75f72038fad5f0eb561aff54a6490d59d9879cfeff914

View changes file

Binary packages built by this source

chromium-browser: No summary available for chromium-browser in ubuntu raring.

No description available for chromium-browser in ubuntu raring.

chromium-browser-dbg: No summary available for chromium-browser-dbg in ubuntu raring.

No description available for chromium-browser-dbg in ubuntu raring.

chromium-browser-l10n: No summary available for chromium-browser-l10n in ubuntu raring.

No description available for chromium-browser-l10n in ubuntu raring.

chromium-chromedriver: No summary available for chromium-chromedriver in ubuntu raring.

No description available for chromium-chromedriver in ubuntu raring.

chromium-codecs-ffmpeg: No summary available for chromium-codecs-ffmpeg in ubuntu raring.

No description available for chromium-codecs-ffmpeg in ubuntu raring.

chromium-codecs-ffmpeg-dbg: No summary available for chromium-codecs-ffmpeg-dbg in ubuntu raring.

No description available for chromium-codecs-ffmpeg-dbg in ubuntu raring.

chromium-codecs-ffmpeg-extra: No summary available for chromium-codecs-ffmpeg-extra in ubuntu raring.

No description available for chromium-codecs-ffmpeg-extra in ubuntu raring.

chromium-codecs-ffmpeg-extra-dbg: No summary available for chromium-codecs-ffmpeg-extra-dbg in ubuntu raring.

No description available for chromium-codecs-ffmpeg-extra-dbg in ubuntu raring.