-
chromium-browser (31.0.1650.63-0ubuntu0.13.04.1~20131204.1) raring-security; urgency=low
* Release to stage at ppa:canonical-chromium-builds/stage
chromium-browser (31.0.1650.63-0ubuntu0.13.04.1) raring-security; urgency=low
* New release 31.0.1650.63:
- CVE-2013-6634: Session fixation in sync related to 302 redirects.
- CVE-2013-6635: Use-after-free in editing.
- CVE-2013-6636: Address bar spoofing related to modal dialogs.
- CVE-2013-6637: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version
3.22.24.7.
- CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8
version 3.22.24.7.
- CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8
version 3.22.24.7.
chromium-browser (31.0.1650.57-0ubuntu0.13.04.3) raring-security; urgency=low
* debian/control: Drop libnss version number in Depends. We only need to
recompile. (LP: #1251454)
chromium-browser (31.0.1650.57-0ubuntu0.13.04.2) raring-security; urgency=low
* debian/apport/chromium-browser.py: Include dmesg events mentioning chromium
in apport reports.
* debian/control: Abandon nss transitional package as Dependency, and add
real package with epoch version number.
chromium-browser (31.0.1650.57-0ubuntu0.13.04.1) raring-security; urgency=low
* New release 31.0.1650.57:
- CVE-2013-6632: Multiple memory corruption issues.
* New release 31.0.1650.48: (LP: #1250579)
- CVE-2013-6621: Use after free related to speech input elements.
- CVE-2013-6622: Use after free related to media elements.
- CVE-2013-6623: Out of bounds read in SVG.
- CVE-2013-6624: Use after free related to "id" attribute strings.
- CVE-2013-6625: Use after free in DOM ranges.
- CVE-2013-6626: Address bar spoofing related to interstitial warnings.
- CVE-2013-6627: Out of bounds read in HTTP parsing.
- CVE-2013-6628: Issue with certificates not being checked during TLS
renegotiation.
- CVE-2013-2931: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo.
- CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo.
- CVE-2013-6631: Use after free in libjingle.
* debian/chromium-chromedriver.install: Drop unsupported, broken old
chromedriver v1 and add chromedriver2.
* Update webapps patches.
* Disable chromedriver testing until the new server-test client dependencies
are figured out.
* Drop base_unittests and automated_ui_tests build and automatic test and
from installation exclusion.
* Include wildcat package 'pepflashplugin-nonfree' in apport reportting.
chromium-browser (30.0.1599.114-0ubuntu0.13.04.3) raring-security; urgency=low
* debian/patches/menu-bar-visible.patch: Don't treat object as object
reference.
* debian/patches/4-chromeless-window-launch-option.patch: Don't fix problem
introduced in menu-bar-visible patch.
* debian/rules: Fix typo of Precise conditional.
* debian/patches/cr30-sandbox-async-signal-safe.patch: Backport to make
SIGSYS handler in sandbox safe and never call itself. (LP: #1195797)
* debian/rules, debian/control: Use standard hardening flags, not
hardening-wrapper.
* debian/control: Build-depend on binutils, which already includes gold
linker.
* debian/control: Drop some unused build-deps: autotools-dev, binutils,
flex, g++-multilib [amd64], libbz2-dev, libc6-dev-i386 [amd64],
libdbus-glib-1-dev, libgl1-mesa-dev, libgl1-mesa-dri, libglib2.0-dev,
libglu1-mesa-dev, libhunspell-dev, libjpeg-dev, libnspr4-dev,
libpam0g-dev, libpango1.0-dev, libspeechd-dev, libssl-dev, libxi-dev,
libxml2-dev, libxslt1-dev, libxt-dev, mesa-common-dev,
patchutils (>= 0.2.25), python-simplejson, yasm zlib1g-dev,
* debian/patches/cr31-pango-tab-titles.patch: Backport a fix that makes
tab titles disappear due to a pango bug.
* debian/tests/control: Drop Depends on obselete package
libunity-webapps-chromium.
-- Chad MILLER <email address hidden> Mon, 09 Dec 2013 21:52:07 -0500
-
chromium-browser (30.0.1599.114-0ubuntu0.13.04.2) raring-security; urgency=low
* Test the compiler for "-m32" support as the canonical test of support.
Only a problem on ARM.
chromium-browser (30.0.1599.114-0ubuntu0.13.04.1) raring-updates; urgency=low
* New release 30.0.1599.114.
* New release 30.0.1599.101:
- CVE-2013-2925: Use after free in XHR.
- CVE-2013-2926: Use after free in editing.
- CVE-2013-2927: Use after free in forms.
* New release 29.0.1547.76.
* New release 30.0.1599.66:
- CVE-2013-2906: Races in Web Audio.
- CVE-2013-2907: Out of bounds read in Window.prototype object.
- CVE-2013-2908: Address bar spoofing related to the “204 No Content”
status code.
- CVE-2013-2909: Use after free in inline-block rendering.
- CVE-2013-2910: Use-after-free in Web Audio.
- CVE-2013-2911: Use-after-free in XSLT.
- CVE-2013-2912: Use-after-free in PPAPI.
- CVE-2013-2913: Use-after-free in XML document parsing.
- CVE-2013-2914: Use after free in the Windows color chooser dialog.
- CVE-2013-2915: Address bar spoofing via a malformed scheme.
- CVE-2013-2916: Address bar spoofing related to the “204 No Content”
status code.
- CVE-2013-2917: Out of bounds read in Web Audio.
- CVE-2013-2918: Use-after-free in DOM.
- CVE-2013-2919: Memory corruption in V8.
- CVE-2013-2920: Out of bounds read in URL parsing.
- CVE-2013-2921: Use-after-free in resource loader.
- CVE-2013-2922: Use-after-free in template element.
- CVE-2013-2923: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 30).
- CVE-2013-2924: Use-after-free in ICU.
* debian/tests/...: Make first real tests using sikuli. Probably quite
fragile on changes to upstream. (LP: #1222895)
* debian/patches/4-chromeless-window-launch-option.patch: Make new windows
use their own state instead of checking the parameters of the instance that
started all processes for whether a window has chrome or not. (LP: #1223855)
* Update autopkgtest tests.
* debian/patches/series: Drop comment references to old patches. Remove
files.
* debian/rules: Don't build 'reliability_tests' any more. It's deprecated
upstream and we don't use it anyway.
* debian/rules: debian/chromium-browser.install: Handle sandbox compilation
configuration changes by stopping our special handling and using the default,
and "you have to change the underscore from the build target into a hyphen".
* debian/rules: Process rpath of files in debian/tmp* BEFORE we copy them out.
(LP: #1226143)
* debian/testing/driver: Cheap run test to make sure chromedriver runs.
(LP: #1226143)
* debian/patches/4-chromeless-window-launch-option.patch: Fix syntax that
caused extensions to fail. (LP: #1232575)
* debian/rules: Use runtime linker for all architectures, not just 64-bit.
Component builds everywhere, now. More than 4GB is too much to expect.
* debian/rules: clean up packaging comparison code.
chromium-browser (29.0.1547.65-0ubuntu0.13.04.2) raring-security; urgency=low
* debian/control: Make chromium-browser-l10n Replaces chromium-browser so
that new translations that were added in v28 packaging are now in the
correct -l10n package. (LP: #1222488)
* debian/rules: Remove unused duplicate-exclusion patterns. Again.
* debian/control: Make codecs packages no longer Depend on chromium-browser,
so that "extras" metapackages can pull them in without enormous browser.
(LP: #1208518)
* debian/tests/control: Don't use needs-build flag as we don't need it
presently. Also, disable autopkgtest "smoketest" failure until its
misbehavior on some environments can be diagnosed from log files.
* debian/patches/4-chromeless-window-launch-option.patch: Add missing
construction initializer. (LP: #1223251)
chromium-browser (29.0.1547.65-0ubuntu0.13.04.1) raring-security; urgency=low
* New release 29.0.1547.65.
* New release 29.0.1547.62.
* New release 29.0.1547.57: (LP: #1215361)
- CVE-2013-2900: Incomplete path sanitization in file handling.
- CVE-2013-2905: Information leak via overly broad permissions on shared
memory files.
- CVE-2013-2901: Integer overflow in ANGLE.
- CVE-2013-2902: Use after free in XSLT.
- CVE-2013-2903: Use after free in media element.
- CVE-2013-2904: Use after free in document parsing.
- CVE-2013-2887: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 29).
* debian/patches/duckduckgo.patch: Include DuckDuckGo in search-engine
list. [Caine Tighe <~caine>]
* debian/patches/search-credit.patch: Update URLs.
* debian/patches/disable_dlog_and_dcheck_in_release_builds.patch,
debian/patches/wehkit_rev_parser.patch,
No longer necessary. Deleted.
* debian/chromium-browser.sh.in: Include command-line parameters for
registered plugins.
* Since we include remoting locales too, also split its locales info
into the -l10n package correctly.
* debian/rules: Disable arm_neon_optional. Impossible with sandbox, AND
breaks build right now.
* debian/rules: Fix packaging-completeness checker.
* debian/rules: Break long expressions into discrete parts in packaging
completeness checker.
* Update webapps patches.
* debian/rules:
- Make unused-file matches simpler, and install rule more descriptive.
- get-orig-source has to make the directory for the orig contents.
* debian/source/lintian-overrides:
- Add old-fsf-address-in-copyright-file and image-file-in-usr-lib
- Fix setuid-binary to be "source". Seems like it should be "binary". :(
* debian/checkout-orig-source.mk: Remove tests and add unofficialness
marker file to orig tarball when we can't use upstream orig releases.
* debian/chromium-browser.dirs: Add reference to /usr/share/chromium-browser,
expmplary for extension placement.
* debian/patches/extensions-directory.patch: Use a /usr/share/ directory that
is named with our package, not "chromium". Withouth this, we force global
extensions to violate FHS.
chromium-browser (28.0.1500.95-0ubuntu0.13.04.2) raring-security; urgency=low
* debian/control: Set VCS URL to be accurate.
* New release 28.0.1500.95:
- CVE-2013-2881: Origin bypass in frame handling.
- CVE-2013-2882: Type confusion in V8.
- CVE-2013-2883: Use-after-free in MutationObserver.
- CVE-2013-2884: Use-after-free in DOM.
- CVE-2013-2885: Use-after-free in input handling.
- CVE-2013-2886: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules:
- Keepalive in tests rule, to keep builder machines from reaping.
- Further exclude a few tests that interact with fakeroot,
ReadOnlyFileUtilTest.
* debian/rules:
- Disable logging calls in chromium binary to save several MB of executable
size.
* debian/patches/linker-asneeded-bug.patch:
- Add patch to work around linker bug.
* debian/keep-alive.sh:
- Treat disappearing /proc as error, and quit.
-- Chad MILLER <email address hidden> Sun, 27 Oct 2013 13:08:11 -0400
-
chromium-browser (28.0.1500.71-0ubuntu1.13.04.1) raring-security; urgency=low
* New release 28.0.1500.71.
* debian/chromium-browser.install: Include inspector resources in
chromium-browser package.
* debian/control: Make new -dbg package for chromedriver.
* debian/rules:
- Remove tests for ancient versions of Ubuntu.
- Return to using no explicity NEON fpu, and instead try to detect at
runtime NEON caps. This effectively disables NEON, so far.
- Build and run unit test suite as part of making a package. Abort if
more than 15 out of ~1000 tests fail.
- Clean up packaging sanity test that verifies everything we build is
put into a package.
- Set relative rpath to libs/ for chromium-browser executable, but . for
libraries in libs/ ; that makes dpkg-shlibdeps happy and process run.
- Strip out some ugly logic around keeping only one language in the main
package, and keeping the contents verifier happy based on the
architecture.
- EXPERIMENT: Try not stripping enormous libraries' symbols explicitly.
- Add more exceptions for packaging contents tests, this time to exclude
files that are in package but not from the build tree.
- Be more explicit about what files we set the rpath on. Get all
executables. We missed chromedriver before.
- Only one hardware arch builds the independent files, so in our sanity
test that we install everything upstream built once and only once in
packages, we have to consider whether this build didn't even try to
take and use arch-independent files. Don't look for some file paths if
we don't use them. (Also, if we match too much of what we used, also
remove matches from the list of created. This should be better.)
* debian/patches/arm-neon.patch:
- Compile in NEON instructions for ARM, even if we can't reliably check for
whether our CPU is capable of running them yet. The major problem
remaining is that the sandbox security wrapper defeats any test of
/proc/cpuinfo .
* debian/source/lintian-overrides:
- Supress warnings about known intentional decisions: Package name,
statically linked bundled libraries, setuid root sandbox.
* debian/chromium-browser.sh.in:
- Detect at startup the features of the CPU that we might be intersted
in and export info into the environment. This is step one of a longer
workaround for sandbox /proc restrictions.
* Make a fall-back for when upstream fails to release a Release. Package up
as best we can from source control. debian/rules and
debian/checkout-orig-source.mk .
* debian/tests/:
- Add smoketest to verify that chromium runs.
- Add a empty webapps test file for notes about what parts of webapps will
or should be tested.
* debian/keep-alive.sh. Quit if disk environment disappears.
-- Chad MILLER <email address hidden> Mon, 15 Jul 2013 17:44:47 -0400
-
chromium-browser (28.0.1500.52-0ubuntu1.13.04.3) raring-security; urgency=low
* Conform to newer Ayatana standard for Desktop Actions.
* Prefer "-extra" codecs package.
* Update webapps patches, to hide the bar asking the user's permission
to run webapps extension for this window.
-- Chad MILLER <email address hidden> Fri, 28 Jun 2013 15:47:42 -0400
-
chromium-browser (28.0.1500.52-0ubuntu1.13.04.2) raring-security; urgency=low
[Chad MILLER]
* New stable release 28.0.1500.52
* New stable release 28.0.1500.45
* New stable release 27.0.1453.110:
- CVE-2013-2855: Memory corruption in dev tools API.
- CVE-2013-2856: Use-after-free in input handling.
- CVE-2013-2857: Use-after-free in image handling.
- CVE-2013-2858: Use-after-free in HTML5 Audio.
- CVE-2013-2859: Cross-origin namespace pollution.
- CVE-2013-2860: Use-after-free with workers accessing database APIs.
- CVE-2013-2861: Use-after-free with SVG.
- CVE-2013-2862: Memory corruption in Skia GPU handling.
- CVE-2013-2863: Memory corruption in SSL socket handling.
- CVE-2013-2864: Bad free in PDF viewer.
* New stable release 27.0.1453.93:
- CVE-2013-2837: Use-after-free in SVG.
- CVE-2013-2838: Out-of-bounds read in v8.
- CVE-2013-2839: Bad cast in clipboard handling.
- CVE-2013-2840: Use-after-free in media loader.
- CVE-2013-2841: Use-after-free in Pepper resource handling.
- CVE-2013-2842: Use-after-free in widget handling.
- CVE-2013-2843: Use-after-free in speech handling.
- CVE-2013-2844: Use-after-free in style resolution.
- CVE-2013-2845: Memory safety issues in Web Audio.
- CVE-2013-2846: Use-after-free in media loader.
- CVE-2013-2847: Use-after-free race condition with workers.
- CVE-2013-2848: Possible data extraction with XSS Auditor.
- CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
* Drop unneeded patches,
safe-browsing-sigbus.patch
dont-assume-cross-compile-on-arm.patch
struct-siginfo.patch
ld-memory-32bit.patch
dlopen_sonamed_gl.patch
* Temporarily disable webapps patches.
* Update arm-neon patch, format-flag patch, search-credit patch,
title-bar-system-default patch.
* Make get-orig-source nicer. Package tarball contents from upstream
correctly.
* Reenable dyn-linking of major components of chromium for 32-bit machines.
Fix a libdir path bug in debian/chromium-browser.sh.in .
* No longer try to use system libraries. Generally, Security Team would
hate bundled libraries because they provide a wide liability, but
Chromium Project is pretty good about maintaining their bundled-source
libraries. We can not pull cr-required lib versions forward in older
Ubuntus, and we can't guarantee all the distro versions of libraries work
with chromium-browser. The default security policy might be worse. Bundled
libraries is less work overall.
* Exclude included XDG files even if they are built.
* Use NEON instructions on ARM, optionally. This might use run-time checks
for hardware capability, but even if it doesn't we can add it later.
* Clean up difference checks in debian/rules that make sure that all files
that the build makes are used in packages, and no longer hide any, and no
longer consider it an error if some are unused. Treat it as a warning,
not a fatality.
* Use legible shell instead of make-generated shell in setting the rpath
in rules.
* Add new build-dep, "chrpath".
[Chris Coulson]
* debian/rules: Disable tcmalloc on all component builds, not just on
arm builds.
chromium-browser (26.0.1410.63-0ubuntu2.13.04.2) raring-security; urgency=low
* Work around SEGV on ARMHF that's caused by tcmalloc.
chromium-browser (26.0.1410.63-0ubuntu2.13.04.1) raring-security; urgency=low
* Work arround missing Apparmour feature. Set environment explicitly
to disallow breaking out of apparmor protection. (LP: #1045986)
* Use more system libraries, libxml, libjpeg, bzip2, libxslt, flac,
libevent, protobuf, speex, xdg_utils, yasm, but not a few others -- in
particular,
- libpng causes render hangs,
- sqlite causes link failures.
Updating debian/rules, and dropping the removed ones from debian/control .
* debian/rules:
- Use actual original upstream tarball. No SVN snapshots, no gclient.
- Rip out compiler-targeting. All versions should work.
- Always use sandbox. It shouldn't be an option. Nothing works without it
any more.
* Drop build-dep on subversion. Not required with pristing orig.tar
get-original-source.
* Simpify debian/rules and use the built-in parameter for telling GYP config
to include debug symbols.
* Include upstream patch debian/patches/ld-memory-32bit.patch that makes
32 bit machines more likely to use BDF linker and include parameters
that make it more memory efficient.
* GCC doesn't allow -Wno-format with hardening -Werror=format-security .
Add debian/patches/format-flag.patch .
* Since we're Depending on xdg-settings, don't try to install one from
upstream. Change debian/chromium-browser.install .
* Invert sense of a quantal+ test so that we don't have to track things
forever. Name things we know about, instead of things that don't exist
yet. Update debian/rules .
* Drop old unused sizes of icons to install from debian/rules .
* Always default chromium to using the system title bar. Add
debian/patches/title-bar-default-system.patch .
* Add a lp:app-install-data-ubuntu flag that names the package. Update
debian/chromium-browser.desktop .
* Remove full path from freedesktop default-apps file. Update
debian/chromium-browser.xml .
chromium-browser (26.0.1410.63-0ubuntu1) raring; urgency=low
[Chris Coulson]
* Make it possible to build armv7 without neon optimizations
- update debian/patches/arm-neon.patch
* Don't assume that arm linux builds are cross-builds
- add debian/patches/dont-assume-cross-compile-on-arm.patch
- update debian/patches/series
[Chad MILLER]
* debian/chromium-browser.desktop: No absolute path to executable. Use PATH
from environment. LP:1008741
* Make the "clean" rule behave better. Test differently for src/obj/ and
never involve the upstream Makefile. Update debian/rules .
* Don't over-clean. The makefiles generated by GYP are fine to include in
orig tarball.
* Use Google API keys in Ubuntu, as approved by Paweł Hajdan @ Google.
* New stable version 26.0.1410.63. No CVEs to report.
* New stable version 26.0.1410.43:
- CVE-2013-0916: Use-after-free in Web Audio.
- CVE-2013-0917: Out-of-bounds read in URL loader.
- CVE-2013-0918: Do not navigate dev tools upon drag and drop.
- CVE-2013-0919: Use-after-free with pop-up windows in extensions.
- CVE-2013-0920: Use-after-free in extension bookmarks API.
- CVE-2013-0921: Ensure isolated web sites run in their own processes.
- CVE-2013-0922: Avoid HTTP basic auth brute force attempts.
- CVE-2013-0923: Memory safety issues in the USB Apps API.
- CVE-2013-0924: Check an extension’s permissions API usage again file
permissions.
- CVE-2013-0925: Avoid leaking URLs to extensions without the tabs
permissions.
- CVE-2013-0926: Avoid pasting active tags in certain situations.
* Update webapps patches.
* debian/patches/arm-crypto.patch . Drop patch. Unnecessary now.
* Always use verbose building. Update debian/rules .
* Always use sandbox. It shouldn't be an option. Nothing works without it
any more. Update debian/rules .
* Always use extra debugging "-g" flag. Update debian/rules .
* Try to be more multiarch aware. Update debian/control .
* Drop many lintian overrides. Update debian/source/lintian-overrides .
* Include autotoools-dev in build-deps so that cdbs will update autoconf
helper files in source automatically. Update debian/control .
* Update standards version to 3.9.4 in debian/control .
* When executable is split into libraries, strip debug symbols from
enormous libraries even in dbg packages. This affects webkit only,
in actuality. Update debian/rules .
* Clean up some "tar" usage in debian/rules .
* Don't include hardening on armhf. Update debian/rules .
* Drop extraneous no-circular-check in debian/rules GYP run.
* Work around a SIGBUS on ARM. Added
debian/patches/safe-browsing-sigbus.patch
* Insert multilib info directly into nss runtime library loading. Update
debian/rules .
* Enable NEON support for hard-float ARM. Actual use should be a
runtime check, or is a bug.
-- Chad MILLER <email address hidden> Thu, 20 Jun 2013 14:54:43 -0400
-
chromium-browser (25.0.1364.160-0ubuntu3) raring; urgency=low
* add arm-ftbfs-fix-drop-sysroot.patch which fixes the silly hardcoding of
sysroot in the src/build/common.gypi file as this breaks native building
on armhf systems.
-- Oliver Grawert <email address hidden> Sun, 31 Mar 2013 21:32:32 +0200
-
chromium-browser (25.0.1364.160-0ubuntu2) raring; urgency=low
* fix LP: #1153137 - Drop Recommends on webaccounts-chromium-extension and
unity-chromium-extension to Suggests as they're not useful without Unity
-- Micah Gersten <email address hidden> Wed, 27 Mar 2013 23:52:08 -0500
-
chromium-browser (25.0.1364.160-0ubuntu1b1) raring; urgency=low
* No-change rebuild against libudev1
-- Martin Pitt <email address hidden> Wed, 13 Mar 2013 07:04:51 +0000
-
chromium-browser (25.0.1364.160-0ubuntu1) raring-proposed; urgency=low
* Disable lintian warnings about outdated autoconf files in source tree.
* New stable version 25.0.1364.160:
- CVE-2013-0912: Type confusion in WebKit.
* New stable version 25.0.1364.152:
- CVE-2013-0902: Use-after-free in frame loader.
- CVE-2013-0903: Use-after-free in browser navigation handling.
- CVE-2013-0904: Memory corruption in Web Audio.
- CVE-2013-0905: Use-after-free with SVG animations.
- CVE-2013-0906: Memory corruption in Indexed DB.
- CVE-2013-0907: Race condition in media thread handling.
- CVE-2013-0908: Incorrect handling of bindings for extension processes.
- CVE-2013-0909: Referer leakage with XSS Auditor.
- CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly.
- CVE-2013-0911: Possible path traversal in database handling.
* New stable version 25.0.1364.97:
- CVE-2013-0879: Memory corruption with web audio node.
- CVE-2013-0880: Use-after-free in database handling.
- CVE-2013-0881: Bad read in Matroska handling.
- CVE-2013-0882: Bad memory access with excessive SVG parameters.
- CVE-2013-0883: Bad read in Skia.
- CVE-2013-0885: Too many API permissions granted to web store.
- CVE-2013-0887: Developer tools process has too many permissions and
places too much trust in the connected server.
- CVE-2013-0888: Out-of-bounds read in Skia.
- CVE-2013-0889: Tighten user gesture check for dangerous file downloads.
- CVE-2013-0890: Memory safety issues across the IPC layer.
- CVE-2013-0891: Integer overflow in blob handling.
- CVE-2013-0892: Lower severity issues across the IPC layer.
- CVE-2013-0893: Race condition in media handling.
- CVE-2013-0894: Buffer overflow in vorbis decoding.
- CVE-2013-0895: Incorrect path handling in file copying.
- CVE-2013-0896: Memory management issues in plug-in message handling.
- CVE-2013-0897: Off-by-one read in PDF.
- CVE-2013-0898: Use-after-free in URL handling.
- CVE-2013-0899: Integer overflow in Opus handling.
- CVE-2013-0900: Race condition in ICU.
* New stable version 24.0.1312.52:
- CVE-2012-5145: Use-after-free in SVG layout.
- CVE-2012-5146: Same origin policy bypass with malformed URL.
- CVE-2012-5147: Use-after-free in DOM handling.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
- CVE-2012-5149: Integer overflow in audio IPC handling.
- CVE-2012-5150: Use-after-free when seeking video.
- CVE-2012-5151: Integer overflow in PDF JavaScript.
- CVE-2012-5152: Out-of-bounds read when seeking video.
- CVE-2012-5153: Out-of-bounds stack access in v8.
- CVE-2012-5156: Use-after-free in PDF fields.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling.
- CVE-2013-0828: Bad cast in PDF root handling.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access.
- CVE-2013-0830: Missing NUL termination in IPC.
- CVE-2013-0831: Possible path traversal from extension process.
- CVE-2013-0832: Use-after-free with printing.
- CVE-2013-0833: Out-of-bounds read with printing.
- CVE-2013-0834: Out-of-bounds read with glyph handling.
- CVE-2013-0835: Browser crash with geolocation.
- CVE-2013-0836: Crash in v8 garbage collection.
- CVE-2013-0837: Crash in extension tab handling.
- CVE-2013-0838: Tighten permissions on shared memory segments.
* Add libpci-dev to build-deps.
* Add Recomends for webaccounts-chromium-extension.
* Add Recomends for unity-chromium-extension.
* debian/patches/ffmpeg-gyp-config.
- Renamed from debian/patches/gyp-config-root
- Write includes for more targets in ffmpeg building.
* debian/patches/arm-crypto.patch
- Added patch to distinguish normal ARM and hard-float ARM in crypto
NSS inclusion.
* Put GOOG search credit in a patch so we know when it fails. Also
add credit to the other search idioms for GOOG.
because releases can have any number of updates.
* Update webapps patches.
* debian/rules:
- Adopt some ARM build conditions from Debian.
- Clean up. Stop matching Ubuntu versions outside of Ubuntu environments.
Match patterns instead of whole words
- Write REMOVED files in correct place.
- Remove all generated in-tree makefiles at clean and get-source time.
- Move all file-removal lines in get-source inside the condition
for stripping files out of the source.
- Hack in a "clean" rule that implements what src/Makefile should.
-- Chad MILLER <email address hidden> Fri, 08 Mar 2013 09:50:59 -0500
-
chromium-browser (24.0.1312.56-0ubuntu2) raring-proposed; urgency=low
* Update webapps patches for 24.0.1312.52. (LP: #1099828). Patches from
Chad Miller.
-- Jamie Strandboge <email address hidden> Sun, 03 Feb 2013 11:55:37 -0600
-
chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low
* Add comment-markers to debian/patches/series file to make patch import
easier.
* debian/patches/gyp-config-root.patch
- Added. Avoids compilation bug on (at least) ARM.
* debian/patches/arm-neon.patch
- Added function to determine NEON functionality in ARM at runtime for
WebRt library in WebKit.
* Update README.source to include some of these changes.
* Set new URL for channel-release info in rules file.
* debian/chromium-browser.install
- No longer install demo extension
- Install remoting locales
* debian/patches/chromium_useragent.patch.in renamed to drop ".in",
OS "Ubuntu" hardcoded with no compilation-release name, and patch
refreshed to follow new location of source. Also remove it
from the list of ephemeral files that "clean" rule removes.
* In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
to be safer and faster.
* Make most patches follow a common format (no timestamps or Index lines), to
avoid future churn.
* Write the "REMOVED" list files to the root of the orig tarball,
instead of inside the src/ directory, where they could collide.
* Fix dpkg-source warning: Clean up python cached bytecode files.
* Also don't include python bytecode or cache files in orig tarball,
and clean then up on "clean" rule.
* Fix dpkg-source warning: Remove autoconf cache.
* Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
* Fix lintian error not-binnmuable-all-depends-any.
* Override lintian complaints ancient-autotools-helper-file and
unused-build-dependency-on-cdbs.
* Drop "lzma" from build dependencies.
* Set default binary and source package compression to xz. If
building for Ubuntu 10.04, then make binary's compression to bzip2.
* List explicit architectures that Chromium supports, instead of "any".
Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}.
* debian/patches/arm-neon.patch added to get ARM w/o Neon support.
(LP: #1084852)
* Add chromedriver packaging. (LP: #1069930) Thanks to
John Rigby <email address hidden>
* In debian/rules, avoid creating invalid subst expression in sed
of DEBIAN* vars into files.
* Note localization in package description for support for ast, bs, en-AU,
eo, hy, ia, ka, ku, kw, ms.
* No longer include Launchpad-generated translations. Disable patch
grd_parse_fix.patch .
* Set default binary and source package compression to xz. If
building for Ubuntu 10.04, then make binary's compression to bzip2.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Remove unnecessary glib-header-single-entry.patch .
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* Add patches/struct-siginfo.patch to work around source bug in dereferencing
internal stuct instead of public type.
* Drop SCM revision from the version.
* Refresh patches from lp:unity-chromium-extension .
* Make all patches follow a common format, to avoid future churn.
No timestamps, a/b parent, sorted, no index.
* New upstream version 24.0.1312.56:
- CVE-2013-0839: Use-after-free in canvas font handling.
- CVE-2013-0840: Missing URL validation when opening new windows.
- CVE-2013-0841: Unchecked array index in content blocking.
- CVE-2013-0842: Problems with NULL characters embedded in paths.
* New upstream version 24.0.1312.52: (LP: #1099075)
- CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
OUSPG.
- CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
Erling A Ellingsen and Subodh Iyengar, both of Facebook.
- CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
Credit to Google Chrome Security Team (Justin Schuh).
- CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
Chrome Security Team (Chris Evans).
- CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
Security Team (Inferno).
- CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
Team.
- CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
Chrome Security Team (Inferno).
- CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
Rossberg of the Chromium development community.
- CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
with contribution from Gynvael Coldwind, both of Google Security Team.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
Security Team.
- CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
with contribution from Gynvael Coldwind, both of Google Security Team.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access. Credit to Google Chrome Security Team (Jüri Aedla).
- CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
Security Team (Justin Schuh).
- CVE-2013-0831: Possible path traversal from extension process. Credit to
Google Chrome Security Team (Tom Sepez).
- CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
Chrome Security Team (Cris Neckar).
- CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
- CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
- CVE-2013-0838: Tighten permissions on shared memory segments. Credit to
Google Chrome Security Team (Chris Palmer).
* New upstream version 23.0.1271.97
- CVE-2012-5139: Use-after-free with visibility events.
- CVE-2012-5140: Use-after-free in URL loader.
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
- CVE-2012-5142: Crash in history navigation.
- CVE-2012-5143: Integer overflow in PPAPI image buffers.
- CVE-2012-5144: Stack corruption in AAC decoding.
* New upstream version 23.0.1271.95
- CVE-2012-5138: Incorrect file path handling.
- CVE-2012-5137: Use-after-free in media source handling.
* New upstream version 23.0.1271.91
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia.
- CVE-2012-5132: Browser crash with chunked encoding.
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
* Includes CVE fixes for 23.0.1271.64
- CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
handling.
- CVE-2012-5120: Out-of-bounds array access in v8.
- CVE-2012-5116: Use-after-free in SVG filter handling.
- CVE-2012-5121: Use-after-free in video layout.
- CVE-2012-5117: Inappropriate load of SVG subresource in img context.
- CVE-2012-5119: Race condition in Pepper buffer handling.
- CVE-2012-5122: Bad cast in input handling.
- CVE-2012-5123: Out-of-bounds reads in Skia.
- CVE-2012-5124: Memory corruption in texture handling.
- CVE-2012-5125: Use-after-free in extension tab handling.
- CVE-2012-5126: Use-after-free in plug-in placeholder handling.
- CVE-2012-5128: Bad write in v8.
* Disable lintian warnings about outdated autoconf files in source tree.
-- Chad Miller <email address hidden> Wed, 23 Jan 2013 13:43:34 -0500
-
chromium-browser (23.0.1271.91-0ubuntu1) raring; urgency=low
* Add localization support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms.
* No longer include Launchpad-generated translations.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Refresh patches from lp:unity-chromium-extension .
* patches/glib-header-single-entry.patch deleted.
* patches/7-plugin-status.patch renamed to
patches/7-npapi-permission-not-defaults-to-unauthorized.patch
* patches/struct-siginfo.patch added to work around source bug in
dereferencing internal stuct instead of public type.
* Make system-v8 patch use "type none" instead of "type settings".
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* Drop SCM revision from the version.
* New upstream version 23.0.1271.91
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia.
- CVE-2012-5132: Browser crash with chunked encoding.
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
* Includes CVE fixes for 23.0.1271.64
- CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
handling.
- CVE-2012-5120: Out-of-bounds array access in v8.
- CVE-2012-5116: Use-after-free in SVG filter handling.
- CVE-2012-5121: Use-after-free in video layout.
- CVE-2012-5117: Inappropriate load of SVG subresource in img context.
- CVE-2012-5119: Race condition in Pepper buffer handling.
- CVE-2012-5122: Bad cast in input handling.
- CVE-2012-5123: Out-of-bounds reads in Skia.
- CVE-2012-5124: Memory corruption in texture handling.
- CVE-2012-5125: Use-after-free in extension tab handling.
- CVE-2012-5126: Use-after-free in plug-in placeholder handling.
- CVE-2012-5128: Bad write in v8.
-- Chad Miller <email address hidden> Wed, 28 Nov 2012 18:15:46 -0500
-
chromium-browser (22.0.1229.94~r161065-0ubuntu1) quantal-proposed; urgency=low
* New upstream release from the Stable Channel
- [154983][154987] Critical CVE-2012-5112: SVG use-after-free and IPC
arbitrary file write
-- Ken VanDine <email address hidden> Sat, 13 Oct 2012 00:24:57 -0400
