-
chromium-browser (79.0.3945.79-0ubuntu0.19.04.3) disco; urgency=medium
* debian/patches/add-missing-vector-include.patch: added
-- Olivier Tilloy <email address hidden> Wed, 11 Dec 2019 21:19:41 +0100
-
chromium-browser (78.0.3904.108-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 78.0.3904.108 (LP: #1853149)
- CVE-2019-13723: Use-after-free in Bluetooth.
- CVE-2019-13724: Out-of-bounds access in Bluetooth.
-- Olivier Tilloy <email address hidden> Tue, 19 Nov 2019 16:35:43 +0100
-
chromium-browser (78.0.3904.97-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 78.0.3904.97
-- Olivier Tilloy <email address hidden> Thu, 07 Nov 2019 07:03:18 +0100
-
chromium-browser (78.0.3904.70-0ubuntu0.19.04.4) disco; urgency=medium
* debian/patches/widevine-other-locations: updated
-- Olivier Tilloy <email address hidden> Fri, 01 Nov 2019 10:24:33 +0100
-
chromium-browser (76.0.3809.100-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 76.0.3809.100
- CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction.
- CVE-2019-5867: Out-of-bounds read in V8.
-- Olivier Tilloy <email address hidden> Sat, 10 Aug 2019 15:55:11 +0200
-
chromium-browser (76.0.3809.87-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 76.0.3809.87
- CVE-2019-5850: Use-after-free in offline page fetcher.
- CVE-2019-5860: Use-after-free in PDFium.
- CVE-2019-5853: Memory corruption in regexp length check.
- CVE-2019-5851: Use-after-poison in offline audio context.
- CVE-2019-5859: res: URIs can load alternative browsers.
- CVE-2019-5856: Insufficient checks on filesystem: URI permissions.
- CVE-2019-5863: Use-after-free in WebUSB on Windows.
- CVE-2019-5855: Integer overflow in PDFium.
- CVE-2019-5865: Site isolation bypass from compromised renderer.
- CVE-2019-5858: Insufficient filtering of Open URL service parameters.
- CVE-2019-5864: Insufficient port filtering in CORS for extensions.
- CVE-2019-5862: AppCache not robust to compromised renderers.
- CVE-2019-5861: Click location incorrectly checked.
- CVE-2019-5857: Comparison of -0 and null yields crash.
- CVE-2019-5854: Integer overflow in PDFium text rendering.
- CVE-2019-5852: Object leak of utility functions.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: removed, no longer needed
* debian/patches/fix-libstdc++-build-aeed4d1.patch: removed, no longer needed
* debian/patches/pffft-no-neon.patch: removed, no longer needed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/skia-undef-HWCAP_CRC32.patch: refreshed
* debian/patches/upstream-fix-blink-build-iterators.patch: added
-- Olivier Tilloy <email address hidden> Tue, 30 Jul 2019 22:41:19 +0200
-
chromium-browser (75.0.3770.142-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 75.0.3770.142
-- Olivier Tilloy <email address hidden> Tue, 16 Jul 2019 22:11:56 +0200
-
chromium-browser (75.0.3770.90-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 75.0.3770.90
-- Olivier Tilloy <email address hidden> Thu, 13 Jun 2019 22:26:14 +0200
-
chromium-browser (74.0.3729.169-0ubuntu0.19.04.1) disco; urgency=medium
* Upstream release: 74.0.3729.169
* debian/patches/revert-gn-4960.patch: added
* debian/patches/revert-gn-4980.patch: added
* debian/tests/data/HTML5test/index.html: mock whichbrowser.net to remove
external test dependency
-- Olivier Tilloy <email address hidden> Wed, 22 May 2019 10:15:40 +0200
-
chromium-browser (73.0.3683.103-0ubuntu1) disco; urgency=medium
* Upstream release: 73.0.3683.103
* debian/patches/gn-add-missing-arm-impl-files.patch: removed, no longer
needed
-- Olivier Tilloy <email address hidden> Fri, 05 Apr 2019 07:12:20 +0200
-
chromium-browser (73.0.3683.86-0ubuntu1) disco; urgency=medium
* Upstream release: 73.0.3683.86
-- Olivier Tilloy <email address hidden> Thu, 21 Mar 2019 06:22:46 +0100
-
chromium-browser (73.0.3683.75-0ubuntu3) disco; urgency=medium
* debian/patches/fix-build-with-libstdc++.patch: added
-- Olivier Tilloy <email address hidden> Wed, 13 Mar 2019 21:12:47 +0100
-
chromium-browser (73.0.3683.75-0ubuntu2) disco; urgency=medium
* debian/patches/fix-sqrtf-missing-definition.patch: added
-- Olivier Tilloy <email address hidden> Wed, 13 Mar 2019 09:47:23 +0100
-
chromium-browser (73.0.3683.75-0ubuntu1) disco; urgency=medium
* Upstream release: 73.0.3683.75
- CVE-2019-5787: Use after free in Canvas.
- CVE-2019-5788: Use after free in FileAPI.
- CVE-2019-5789: Use after free in WebMIDI.
- CVE-2019-5790: Heap buffer overflow in V8.
- CVE-2019-5791: Type confusion in V8.
- CVE-2019-5792: Integer overflow in PDFium.
- CVE-2019-5793: Excessive permissions for private API in Extensions.
- CVE-2019-5794: Security UI spoofing.
- CVE-2019-5795: Integer overflow in PDFium.
- CVE-2019-5796: Race condition in Extensions.
- CVE-2019-5797: Race condition in DOMStorage.
- CVE-2019-5798: Out of bounds read in Skia.
- CVE-2019-5799: CSP bypass with blob URL.
- CVE-2019-5800: CSP bypass with blob URL.
- CVE-2019-5801: Incorrect Omnibox display on iOS.
- CVE-2019-5802: Security UI spoofing.
- CVE-2019-5803: CSP bypass with Javascript URLs'.
- CVE-2019-5804: Command line command injection on Windows.
* debian/patches/add-missing-cstring-include.patch: removed, no longer needed
* debian/patches/additional-search-engines.patch: removed, no longer needed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: updated
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/widevine-enable-version-string.patch: refreshed
-- Olivier Tilloy <email address hidden> Tue, 12 Mar 2019 21:37:28 +0100
-
chromium-browser (72.0.3626.121-0ubuntu1) disco; urgency=medium
* Upstream release: 72.0.3626.121
- CVE-2019-5786: Use-after-free in FileReader
* debian/patches/gn-fix-link-pthread.patch: removed, no longer needed
-- Olivier Tilloy <email address hidden> Sat, 02 Mar 2019 11:43:06 +0100
-
chromium-browser (72.0.3626.119-0ubuntu3) disco; urgency=medium
* debian/patches/add-missing-limits-include.patch: added
-- Olivier Tilloy <email address hidden> Mon, 25 Feb 2019 17:02:21 +0100
-
chromium-browser (72.0.3626.119-0ubuntu2) disco; urgency=medium
* debian/patches/gn-fix-link-pthread.patch: added
-- Olivier Tilloy <email address hidden> Mon, 25 Feb 2019 11:55:50 +0100
-
chromium-browser (72.0.3626.119-0ubuntu1) disco; urgency=medium
* Upstream release: 72.0.3626.119
* debian/patches/add-missing-cstring-include.patch: added
-- Olivier Tilloy <email address hidden> Mon, 25 Feb 2019 10:55:09 +0100
-
chromium-browser (72.0.3626.109-0ubuntu2) disco; urgency=medium
* debian/rules: build with use_custom_libcxx=false because the custom libc++
embedded in chromium 72's tarball is too old for the version of clang in
disco (8.0.0 RC2, see
http://lists.llvm.org/pipermail/llvm-dev/2019-February/130174.html)
-- Olivier Tilloy <email address hidden> Thu, 21 Feb 2019 16:10:40 +0100
-
chromium-browser (72.0.3626.109-0ubuntu1) disco; urgency=medium
* Upstream release: 72.0.3626.109
* debian/rules:
- restore old keepalive snippet to prevent builds from timing out during
the link phase (this happens often enough on armhf, Launchpad builders
have an inactivity timeout of 150 minutes)
- install the chromedriver executable in /usr/bin, where python{,3}-selenium
and other packages expect it by default (LP: #1667208)
* debian/control: make chromium-chromedriver provide "chromium-driver"
* debian/chromium-chromedriver.{dirs,install}: removed, no longer needed
* debian/tests/{chromium-version,html5test}: remove custom driver path
-- Olivier Tilloy <email address hidden> Thu, 21 Feb 2019 11:20:52 +0100
-
chromium-browser (72.0.3626.96-0ubuntu1) disco; urgency=medium
* Upstream release: 72.0.3626.96
- CVE-2019-5784: Inappropriate implementation in V8.
* debian/patches/gn-do-not-build-with-icf.patch: removed, no longer needed
-- Olivier Tilloy <email address hidden> Fri, 08 Feb 2019 16:45:43 +0100
-
chromium-browser (72.0.3626.81-0ubuntu1) disco; urgency=medium
* Upstream release: 72.0.3626.81
- CVE-2019-5754: Inappropriate implementation in QUIC Networking.
- CVE-2019-5782: Inappropriate implementation in V8.
- CVE-2019-5755: Inappropriate implementation in V8.
- CVE-2019-5756: Use after free in PDFium.
- CVE-2019-5757: Type Confusion in SVG.
- CVE-2019-5758: Use after free in Blink.
- CVE-2019-5759: Use after free in HTML select elements.
- CVE-2019-5760: Use after free in WebRTC.
- CVE-2019-5761: Use after free in SwiftShader.
- CVE-2019-5762: Use after free in PDFium.
- CVE-2019-5763: Insufficient validation of untrusted input in V8.
- CVE-2019-5764: Use after free in WebRTC.
- CVE-2019-5765: Insufficient policy enforcement in the browser.
- CVE-2019-5766: Insufficient policy enforcement in Canvas.
- CVE-2019-5767: Incorrect security UI in WebAPKs.
- CVE-2019-5768: Insufficient policy enforcement in DevTools.
- CVE-2019-5769: Insufficient validation of untrusted input in Blink.
- CVE-2019-5770: Heap buffer overflow in WebGL.
- CVE-2019-5771: Heap buffer overflow in SwiftShader.
- CVE-2019-5772: Use after free in PDFium.
- CVE-2019-5773: Insufficient data validation in IndexedDB.
- CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing.
- CVE-2019-5775: Insufficient policy enforcement in Omnibox.
- CVE-2019-5776: Insufficient policy enforcement in Omnibox.
- CVE-2019-5777: Insufficient policy enforcement in Omnibox.
- CVE-2019-5778: Insufficient policy enforcement in Extensions.
- CVE-2019-5779: Insufficient policy enforcement in ServiceWorker.
- CVE-2019-5780: Insufficient policy enforcement.
- CVE-2019-5781: Insufficient policy enforcement in Omnibox.
* debian/control: add default-jre-headless as a build dependency
(needed to compile the new lite JS mojom bindings)
* debian/patches/additional-search-engines.patch: refreshed
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/fix-ffmpeg-ia32-build.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: removed, no longer
needed
* debian/patches/gn-do-not-build-with-icf.patch: added
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
needed
* debian/patches/swiftshader-gl-entry-trampoline.patch: removed, no longer
needed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/widevine-other-locations: refreshed
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Wed, 30 Jan 2019 10:53:04 +0100
-
chromium-browser (71.0.3578.98-0ubuntu1) disco; urgency=medium
* Upstream release: 71.0.3578.98
- CVE-2018-17481: Use after free in PDFium.
* debian/patches/suppress-newer-clang-warning-flags.patch: added back
-- Olivier Tilloy <email address hidden> Thu, 13 Dec 2018 11:57:41 +0100
-
chromium-browser (71.0.3578.80-0ubuntu1) disco; urgency=medium
* Upstream release: 71.0.3578.80
- CVE-2018-17480: Out of bounds write in V8.
- CVE-2018-17481: Use after frees in PDFium.
- CVE-2018-18335: Heap buffer overflow in Skia.
- CVE-2018-18336: Use after free in PDFium.
- CVE-2018-18337: Use after free in Blink.
- CVE-2018-18338: Heap buffer overflow in Canvas.
- CVE-2018-18339: Use after free in WebAudio.
- CVE-2018-18340: Use after free in MediaRecorder.
- CVE-2018-18341: Heap buffer overflow in Blink.
- CVE-2018-18342: Out of bounds write in V8.
- CVE-2018-18343: Use after free in Skia.
- CVE-2018-18344: Inappropriate implementation in Extensions.
- CVE-2018-18345: Inappropriate implementation in Site Isolation.
- CVE-2018-18346: Incorrect security UI in Blink.
- CVE-2018-18347: Inappropriate implementation in Navigation.
- CVE-2018-18348: Inappropriate implementation in Omnibox.
- CVE-2018-18349: Insufficient policy enforcement in Blink.
- CVE-2018-18350: Insufficient policy enforcement in Blink.
- CVE-2018-18351: Insufficient policy enforcement in Navigation.
- CVE-2018-18352: Inappropriate implementation in Media.
- CVE-2018-18353: Inappropriate implementation in Network Authentication.
- CVE-2018-18354: Insufficient data validation in Shell Integration.
- CVE-2018-18355: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18356: Use after free in Skia.
- CVE-2018-18357: Insufficient policy enforcement in URL Formatter.
- CVE-2018-18358: Insufficient policy enforcement in Proxy.
- CVE-2018-18359: Out of bounds read in V8.
* debian/patches/chromium_useragent.patch: refreshed
* debian/patches/configuration-directory.patch: refreshed
* debian/patches/disable-sse2: refreshed
* debian/patches/fix-extra-arflags.patch: refreshed
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: refreshed
* debian/patches/gn-no-last-commit-position.patch: refreshed
* debian/patches/revert-Xclang-instcombine-lower-dbg-declare.patch: refreshed
* debian/patches/search-credit.patch: refreshed
* debian/patches/set-rpath-on-chromium-executables.patch: refreshed
* debian/patches/suppress-newer-clang-warning-flags.patch: removed, no longer
needed
* debian/patches/swiftshader-gl-entry-trampoline.patch: refreshed
* debian/patches/title-bar-default-system.patch-v35: refreshed
* debian/patches/touch-v35: refreshed
* debian/patches/widevine-allow-enable.patch: removed, no longer needed
* debian/patches/widevine-other-locations: refreshed
* debian/patches/widevine-revision.patch: renamed to
debian/patches/widevine-enable-version-string.patch and updated
* debian/tests/html5test: update test expectations
-- Olivier Tilloy <email address hidden> Tue, 04 Dec 2018 21:54:05 +0100
-
chromium-browser (70.0.3538.110-0ubuntu1) disco; urgency=medium
* Upstream release: 70.0.3538.110
- CVE-2018-17479: Use-after-free in GPU.
-- Olivier Tilloy <email address hidden> Tue, 20 Nov 2018 11:00:39 +0100
-
chromium-browser (70.0.3538.102-0ubuntu1) disco; urgency=medium
* Upstream release: 70.0.3538.102
- CVE-2018-17478: Out of bounds memory access in V8.
* debian/patches/gn-bootstrap-remove-sysroot-options.patch: added
-- Olivier Tilloy <email address hidden> Wed, 14 Nov 2018 22:29:24 +0100
-
chromium-browser (70.0.3538.77-0ubuntu1) disco; urgency=medium
* Bump version number for the new development release
(Ubuntu 19.04, the Disco Dingo)
* debian/control: update Vcs-Bzr field
* debian/patches/fix-extra-arflags.patch: updated
* debian/patches/suppress-newer-clang-warning-flags.patch: updated
-- Olivier Tilloy <email address hidden> Mon, 05 Nov 2018 10:20:01 +0100
-
chromium-browser (70.0.3538.67-0ubuntu0.18.10.1) cosmic; urgency=medium
* debian/patches/swiftshader-upstream-entry-points.patch: renamed to
debian/patches/swiftshader-gl-entry-trampoline.patch and updated
-- Olivier Tilloy <email address hidden> Tue, 23 Oct 2018 10:03:06 +0200
-
chromium-browser (69.0.3497.100-0ubuntu1) cosmic; urgency=medium
* Upstream release: 69.0.3497.100
-- Olivier Tilloy <email address hidden> Tue, 18 Sep 2018 08:54:33 +0200
