chromium (130.0.6723.91-2) unstable; urgency=high * d/patches/fixes/armhf-timespec.patch: add patch to fix armhf FTBFS. -- Andres Salomon Sun, 03 Nov 2024 02:47:53 -0500 chromium (130.0.6723.91-1) unstable; urgency=high * New upstream security release. - CVE-2024-10487: Out of bounds write in Dawn. Reported by Apple Security Engineering and Architecture (SEAR). - CVE-2024-10488: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). -- Andres Salomon Tue, 29 Oct 2024 20:36:38 -0400 chromium (130.0.6723.69-1) unstable; urgency=high * New upstream security release. - CVE-2024-10229: Inappropriate implementation in Extensions. Reported by Vsevolod Kokorin (Slonser) of Solidlab. - CVE-2024-10230: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2024-10231: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n). -- Andres Salomon Tue, 22 Oct 2024 21:34:57 -0400 chromium (130.0.6723.58-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2024-9954: Use after free in AI. Reported by DarkNavy. - CVE-2024-9955: Use after free in Web Authentication. Reported by anonymous. - CVE-2024-9956: Inappropriate implementation in Web Authentication. Reported by mastersplinter. - CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-9958: Inappropriate implementation in PictureInPicture. Reported by Lyra Rebane (rebane2001). - CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S. - CVE-2024-9960: Use after free in Dawn. Reported by Anonymous. - CVE-2024-9961: Use after free in Parcel Tracking. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-9962: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. - CVE-2024-9963: Insufficient data validation in Downloads. Reported by Anonymous. - CVE-2024-9964: Inappropriate implementation in Payments. Reported by Hafiizh. - CVE-2024-9965: Insufficient data validation in DevTools. Reported by Shaheen Fazim. - CVE-2024-9966: Inappropriate implementation in Navigations. Reported by Harry Chen. * d/copyright: rollup -> @rollup deletion. * d/patches: - debianization/sandbox.patch: refresh. - fixes/bindgen.patch: refresh. - disable/catapult.patch: refresh. - system/zlib.patch: drop. Upstream removed courgette, and its replacement (zucchini) doesn't appear to use zlib. - system/rollup.patch: update path due to upstream renaming; call ./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup. - system/event.patch: drop half of patch due to upstream deletions. - upstream/mojo-null.patch: merged into mojo.patch. - upstream/mojo.patch: update based on 130 test files. [ Daniel Richard G. ] * d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as they are no longer needed. [ Timothy Pearson ] * d/patches: - upstream/blink-fix-size-assertions.patch: Fix build on non-amd64 platforms - fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP when starting Chromium from within a VNC session * d/patches/ppc64le: - core/add-ppc64-pthread-stack-size.patch: Define correct pthread stack size on ppc64 systems - core/cargo-add-ppc64.diff - third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for upstream changes - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when- .patch: Refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: Refresh for upstream changes - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh for upstream changes -- Andres Salomon Sat, 19 Oct 2024 01:12:11 -0400 chromium (129.0.6668.100-2) unstable; urgency=high * Switch to using clang-19, and drop all d/patches/bookworm/ workarounds except for libxml-parsererr.patch (closes: #1081241). -- Andres Salomon Wed, 09 Oct 2024 14:13:00 -0400 chromium (129.0.6668.100-1) unstable; urgency=high * New upstream security release. - CVE-2024-9602: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2024-9603: Type Confusion in V8. Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs. -- Andres Salomon Tue, 08 Oct 2024 19:36:09 -0400 chromium (129.0.6668.89-1) unstable; urgency=high * New upstream security release. - CVE-2024-7025: Integer overflow in Layout. Reported by Tashita Software Security. - CVE-2024-9369: Insufficient data validation in Mojo. Reported by Xiantong Hou and Pisanbao of Wuheng Lab. - CVE-2024-9370: Inappropriate implementation in V8. Reported by Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte Ltd. * d/patches: - bookworm/libxml-parseerr.patch: readd for downgraded libxml2 in unstable (closes: #1082907). - upstream/wayland-gbm-pixmap.patch: backport two patches to fix noisy wayland video playback (closes: #1077345). * Build against system libtiff, thanks to Soren Stoutner for getting this fixed upstream (closes: #1033747). -- Andres Salomon Wed, 02 Oct 2024 01:07:19 -0400 chromium (129.0.6668.70-1) unstable; urgency=high [ Andres Salomon ] * New upstream security release. - CVE-2024-9120: Use after free in Dawn. Reported by Anonymous. - CVE-2024-9121: Inappropriate implementation in V8. Reported by Tashita Software Security. - CVE-2024-9122: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2024-9123: Integer overflow in Skia. Reported by raven at KunLun lab. * d/copyright: delete more upstream .clang, .git, and android residue. [ Timothy Pearson ] * d/patches: - fixes/predictor-denial-of-service.patch: Work around upstream issue #368562245, which can cause denial of service of the entire browser process on specific types of Web sites. -- Andres Salomon Wed, 25 Sep 2024 15:23:27 -0400 chromium (129.0.6668.58-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2024-8904: Type Confusion in V8. Reported by Popax21. - CVE-2024-8905: Inappropriate implementation in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team. - CVE-2024-8906: Incorrect security UI in Downloads. Reported by @retsew0x01. - CVE-2024-8907: Insufficient data validation in Omnibox. Reported by Muhammad Zaid Ghifari. - CVE-2024-8908: Inappropriate implementation in Autofill. Reported by Levit Nudi from Kenya. - CVE-2024-8909: Inappropriate implementation in UI. Reported by Shaheen Fazim. * d/patches: - debianization/sandbox.patch: refresh for upstream changes. Since we have some downstream users of this package, retain the Ubuntu wording. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - bookworm/clang16.patch: refresh, delete -Wno-dangling-assignment-gsl - ppc64le/crashpad/0001-Implement-support-for-PPC64-on-Linux.patch: refresh. - ppc64le/sandbox/Sandbox-linux-services-credentials.cc-PPC.patch: refresh. - ppc64le/third_party/dawn-fix-ppc64le-detection.patch: refresh. - bookworm/more-spaceships.patch: yet another clang-17 header backport for clang-16 inadequecies. - bookworm/signer-lambda.patch: clang-16 lambda bug workaround. [ Timothy Pearson ] * d/patches/ppc64le: - third_party/dawn-fix-typos.patch: drop, applied upstream - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for upstream changes - core/cargo-add-ppc64.diff: Add ppc64 to cargo architecture definitions -- Andres Salomon Wed, 18 Sep 2024 20:47:23 -0400 chromium (128.0.6613.137-1) unstable; urgency=high [ Andres Salomon ] * New upstream security release. - CVE-2024-8636: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100). - CVE-2024-8637: Use after free in Media Router. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-8638: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-8639: Use after free in Autofill. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. [ Timothy Pearson ] * d/patches/ppc64le: - core/add-ppc64-architecture-string.patch - fixes/fix-study-crash.patch [ Daniel Richard G. ] * d/copyright: Add some more Files-Excluded: entries. * d/rules: Ensure all files in orig source tarball are user-writable. * d/patches/disable: - tests.patch: Break out SwiftShader tests deletion to... - tests-swiftshader.patch: ...a separate file, to simplify resolving conflicts with the ungoogled-chromium patch series. -- Andres Salomon Tue, 10 Sep 2024 21:56:02 -0400 chromium (128.0.6613.119-1) unstable; urgency=high [ Andres Salomon ] * New upstream security release. - CVE-2024-8362: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-7970: Out of bounds write in V8. Reported by Cassidy Kim(@cassidy6564). * Enable swiftshader support; thanks to Charles Samuels for helping out on this (closes: #1064465). * d/patches: - disable/swiftshader.patch: drop. - disable/swiftshader-2.patch: drop. - disable/tests.patch: some swiftshader tests deletion needed. [ Timothy Pearson ] * d/patches: - fixes/gpu-crash.patch: Fix GPU process crash (upstream issue #364568422) - ppc64le/third_party/0001-swiftshader-fix-build.patch: Fix SwiftShader build on ppc64el systems -- Andres Salomon Wed, 04 Sep 2024 15:05:06 -0400 chromium (128.0.6613.113-1) unstable; urgency=high [ Andres Salomon ] * New upstream security release. - CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team. - CVE-2024-8193: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100). - CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2024-8198: Heap buffer overflow in Skia. Reported by Renan Rios (@hyhy_100). * d/control: - Bump rustc build-dep up to >= 1.74. * d/patches: - bookworm/rust-downgrade-osstr-users.patch: drop, now that we have a newer rust in bookworm. -- Andres Salomon Thu, 29 Aug 2024 01:10:43 -0400 chromium (128.0.6613.84-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2024-7964: Use after free in Passwords. Reported by Anonymous. - CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog. - CVE-2024-7966: Out of bounds memory access in Skia. Reported by Renan Rios (@HyHy100). - CVE-2024-7967: Heap buffer overflow in Fonts. Reported by Tashita Software Security. - CVE-2024-7968: Use after free in Autofill. Reported by Han Zheng (HexHive). - CVE-2024-7969: Type Confusion in V8. Reported by CFF of Topsec Alpha Team. - CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC). - CVE-2024-7972: Inappropriate implementation in V8. Reported by Simon Gerst (intrigus-lgtm). - CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax. - CVE-2024-7974: Insufficient data validation in V8 API. Reported by bowu(@gocrashed). - CVE-2024-7975: Inappropriate implementation in Permissions. Reported by Thomas Orlita. - CVE-2024-7976: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7977: Insufficient data validation in Installer. Reported by Kim Dong-uk (@justlikebono). - CVE-2024-7978: Insufficient policy enforcement in Data Transfer. Reported by NDevTK. - CVE-2024-7979: Insufficient data validation in Installer. Reported by VulnNoob. - CVE-2024-7980: Insufficient data validation in Installer. Reported by VulnNoob. - CVE-2024-7981: Inappropriate implementation in Views. Reported by Thomas Orlita. - CVE-2024-8033: Inappropriate implementation in WebApp Installs. Reported by Lijo A.T. - CVE-2024-8034: Inappropriate implementation in Custom Tabs. Reported by Bharat (mrnoob). - CVE-2024-8035: Inappropriate implementation in Extensions. Reported by Microsoft. * d/copyright: delete third_party/siso/ which contains binaries. * d/rules: set safe_browsing_use_unrar=false to disable unrar. * d/patches: - fixes/blink-frags.patch: drop, merged upstream. - fixes/stats-collector.patch: drop, upstream deleted broken code. - fixes/chromium-browser-ui-missing-deps.patch: drop, fixed upstream. - upstream/armhf-ftbfs.patch: drop, merged upstream. - upstream/containers-header.patch: drop, merged upstream. - upstream/crabbyav1f.patch: drop, merged upstream. - upstream/lock-impl.patch: drop, merged upstream. - upstream/paint-layer-header.patch: drop, merged upstream. - disable/unrar.patch: drop, merged upstream w/ build arg. - bookworm/nvt.patch: drop, no longer needed. - fixes/ps-print.patch: refresh. - system/openjpeg.patch: refresh. - bookworm/clang16.patch: refresh & remove another unsupported option. - bookworm/constexpr.patch: refresh & add more fixes. - bookworm/lex-3way.patch: pull in another STL function from clang-17. - bookworm/blink-attrib.patch: add build fix to reorder __attribute__. - fixes/highway-include-path.patch: upstream fixed the original issue in a broken way, making this worse. Add more to this patch to work around that. [ Daniel Richard G. ] * d/rules: Parameterize Rust sysroot to simplify using a different one. [ Timothy Pearson ] * d/patches/ppc64le: - third_party/dawn-fix-typos.patch: Refresh for upstream changes - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Refresh for upstream changes - workarounds/HACK-debian-clang-disable-base-musttail.patch: Disable musttail on ppc64el platforms -- Andres Salomon Thu, 22 Aug 2024 14:06:28 -0400 chromium (127.0.6533.119-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. * d/patches/upstream/armhf-ftbfs.patch: armhf FTBFS fix from upstream. [ Daniel Richard G. ] * d/patches: - ppc64le/crashpad/0002-Include-cstddef-to-fix-build.patch: Drop, as the original FTBFS that this fixed is no longer reproducible. - ppc64le/fixes/fix-different-data-layouts.patch: Fix ppc64el FTBFS due to minor LLVM data-layout clash between older clang and newer rustc. * d/rules: Add to ppc64el CXXFLAGS to quash copious AltiVec warnings. -- Andres Salomon Wed, 14 Aug 2024 13:11:25 -0400 chromium (127.0.6533.99-1) unstable; urgency=high [ Andres Salomon ] * New upstream security release. - CVE-2024-7532: Out of bounds memory access in ANGLE. Reported by wgslfuzz. - CVE-2024-7533: Use after free in Sharing. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-7550: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-7534: Heap buffer overflow in Layout. Reported by Tashita Software Security. - CVE-2024-7535: Inappropriate implementation in V8. Reported by Tashita Software Security. - CVE-2024-7536: Use after free in WebAudio. Reported by Cassidy Kim(@cassidy6564). [ Timothy Pearson ] * d/patches/ppc64le: - core/add-ppc64-architecture-to-extensions.diff: Fix runtime assertion trap on ppc64el systems [ Daniel Richard G. ] * Enable ThinLTO (slower linking, faster runtime) on archs that can support it (closes: #1033305). * Avoid some hard-coded Debian references to simplify package builds for other distributions, e.g. Ubuntu. * d/patches: - bookworm/constexpr.patch: Add no_destroy attributes to quash many "declaration requires an exit-time destructor" warnings. - fixes/highway-include-path.patch: New patch to fix highway.h path. [ Grzegorz Szymaszek ] * Use https instead of http in initial_bookmarks.html. -- Andres Salomon Wed, 07 Aug 2024 00:18:54 -0400 chromium (127.0.6533.88-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-6989: Use after free in Loader. Reported by Anonymous. - CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-6992: Out of bounds memory access in ANGLE. Reported by Xiantong Hou of Wuheng Lab and Pisanbao. - CVE-2024-6993: Inappropriate implementation in Canvas. Reported by Anonymous. - CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz. - CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum). - CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7000: Use after free in CSS. Reported by Anonymous. - CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald. - CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous. - CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq. - CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert. - CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter. - CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert. * Switch from building against (gcc's) libstdc++ to (clang's) libc++. Upstream is playing fast and loose with memory in ways that results in crashes with gcc's stricter libstdc++, but not with clang's libc++ (which allows accessing deleting memory apparently). We can't maintain workarounds any more, and upstream really doesn't care (see, for example, https://crbug.com/346174906 , where they add workarounds only for their ASAN memory checker). * d/copyright: - delete new rust, cargo, llvm, and node binaries. - delete third_party/zstd so we can link against system zstd. - stop deleting the bundled woff, snappy, and jsoncpp; those can't be dynamically linked against with clang's libc++. * d/control: - build-dep against libzstd-dev and bindgen. - drop build-dep on libwoff-dev, libsnappy-dev, libjsoncpp-dev, and add build-deps on libc++-16-dev / libc++abi-16-dev. * d/rules: - drop use_goma=false (upstream switched to rbe). - set rust_bindgen_root. - rework get-orig-source to not use mk-origtargz, which is incredibly slow (total run 45 mins for the current 6.2G upstream release). Instead, use d/scripts/get-exludes.pl and tar's --exclude-from to drastically speed things up (total run now takes 8 mins). * d/patches: - upstream/tabstrip-include.patch: drop, merged upstream. - upstream/quiche-deque.patch: drop, merged upstream. - upstream/gpu-header.patch: drop, merged upstream. - upstream/blink-header.patch: drop, merged upstream. - upstream/blink-header2.patch: drop, merged upstream. - upstream/blink-header3.patch: drop, merged upstream. - upstream/realtime-reporting.patch: drop, merged upstream. - upstream/urlvisit-header.patch: drop, merged upstream. - upstream/accessibility-format.patch: drop, merged upstream. - upstream/observer.patch: drop, merged upstream. - bookworm/clang16.patch: refresh. - bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes. - ungoogled/disable-privacy-sandbox.patch: refresh. - disable/signin.patch: upstream dropped prefs::kAutologinEnabled. - upstream/crabbyav1f.patch: add build fix pulled from upstream. - upstream/lock-impl.patch: add build fix pulled from upstream. - upstream/containers-header.patch: add build fix pulled from upstream. - upstream/paint-layer-header.patch: add build fix pulled from upstream - fixes/bindgen.patch: work around bindgen-related things (hopefully correctly?) - bookworm/lex-3way.patch: add patch to support std::lexicographical_compare_three_way, which was added in clang-17. - bookworm/traitors.patch: another clang-16 hack; backport pointer_traits.h from libc++-18-dev to work around clang std::to_address() issue. - bookworm/constexpr.patch: add more of the usual constexpr workarounds; only needed for clang-16. - fixes/absl-optional.patch: drop, only needed for libstdc++-dev. - fixes/bad-font-gc*: drop, only needed for libstdc++-dev. - fixes/chromium-browser-ui-missing-deps.patch: add a bunch of mojo-related dependency build fixes. [ Timothy Pearson ] * d/patches: - fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on 64k page systems such as aarch64 and ppc64el * d/patches/ppc64le: - ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream changes -- Andres Salomon Tue, 30 Jul 2024 23:50:29 -0400 chromium (126.0.6478.182-1) unstable; urgency=high * New upstream security release. - CVE-2024-6772: Inappropriate implementation in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9. - CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo. - CVE-2024-6774: Use after free in Screen Capture. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous. - CVE-2024-6776: Use after free in Audio. Reported by lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-6777: Use after free in Navigation. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6778: Race in DevTools. Reported by Allen Ding. - CVE-2024-6779: Out of bounds memory access in V8. Reported by Seunghyun Lee (@0x10n). -- Andres Salomon Tue, 16 Jul 2024 16:50:59 -0400 chromium (126.0.6478.126-1) unstable; urgency=high * New upstream security release. - CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-6291: Use after free in Swiftshader. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz. * d/patches/upstream/observer.patch: add crash-on-exit fix from upstream (closes: #1073378). -- Andres Salomon Tue, 25 Jun 2024 03:28:40 -0400 chromium (126.0.6478.114-1) unstable; urgency=high * New upstream security release. - CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024. - CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel. - CVE-2024-6102: Out of bounds memory access in Dawn. Reported by wgslfuzz. - CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz. -- Andres Salomon Tue, 18 Jun 2024 15:55:14 -0400 chromium (126.0.6478.56-1) unstable; urgency=high * New upstream stable release. - CVE-2024-5830: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel. - CVE-2024-5834: Inappropriate implementation in Dawn. Reported by gelatin dessert. - CVE-2024-5835: Heap buffer overflow in Tab Groups. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-5836: Inappropriate Implementation in DevTools. Reported by Allen Ding. - CVE-2024-5837: Type Confusion in V8. Reported by Anonymous. - CVE-2024-5838: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5839: Inappropriate Implementation in Memory Allocator. Reported by Mickey. - CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard. - CVE-2024-5841: Use after free in V8. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5842: Use after free in Browser UI. Reported by Sven Dysthe (@svn_dy). - CVE-2024-5843: Inappropriate implementation in Downloads. Reported by hjy79425575. - CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri. - CVE-2024-5845: Use after free in Audio. Reported by anonymous. - CVE-2024-5846: Use after free in PDFium. Reported by Han Zheng (HexHive). - CVE-2024-5847: Use after free in PDFium. Reported by Han Zheng (HexHive). * d/copyright: delete bullseye environment that upstream ships (??). * d/patches: - upstream/appservice-include.patch: drop, merged upstream. - upstream/lens-include.patch: drop, merged upstream. - upstream/mojo-bindings-include.patch: drop, merged upstream. - upstream/ninja.patch: drop, merged upstream. - upstream/no-vector-consts.patch: drop, merged upstream. - upstream/vulkan-include.patch: drop, merged upstream. - system/clang-format.patch: drop it; we broke it some time ago, and didn't notice. Guess we don't need it? - bookworm/clang16.patch: refresh. - fixes/bad-font-gc00000.patch: refresh - fixes/bad-font-gc11.patch: refresh - fixes/bad-font-gc2.patch: refresh - disable/signin.patch: refresh - upstream/quiche-deque.patch: gcc build fix pulled from upstream. - upstream/gpu-header.patch: add header build fix from upstream. - upstream/blink-header.patch: add header build fix from upstream. - upstream/blink-header2.patch: add header build fix from upstream. - upstream/blink-header3.patch: add header build fix from upstream. - upstream/realtime-reporting.patch: gcc build fix from upstream. - upstream/urlvisit-header.patch: add header build fix from upstream. - upstream/accessibility-format.patch: gcc build fix from upstream. - bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an explicit constructor. [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh for upstream changes -- Andres Salomon Thu, 13 Jun 2024 21:31:56 -0400 chromium (125.0.6422.141-1) unstable; urgency=high * New upstream security release. - CVE-2024-5493: Heap buffer overflow in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-5496: Use after free in Media Session. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-5497: Out of bounds memory access in Keyboard Inputs. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2024-5498: Use after free in Presentation API. - CVE-2024-5499: Out of bounds write in Streams API. * d/patches/fixes/libxml-parseerr.patch: delete, now that we have a newer libxml2. * d/control: add versioned build-dep on libxml2-dev >= 2.12. -- Andres Salomon Thu, 30 May 2024 22:11:26 -0400 chromium (125.0.6422.112-1) unstable; urgency=high * New upstream security release. - CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group and Brendon Tiszka of Chrome Security. * Fix handling of quoted arguments (closes: #1071662). -- Andres Salomon Thu, 23 May 2024 20:51:14 -0400 chromium (125.0.6422.76-1) unstable; urgency=high * New upstream security release. - CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang. - CVE-2024-5158: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-5159: Heap buffer overflow in ANGLE. Reported by David Sievers (@loknop). - CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz. * Don't silently ignore arguments meant for the wrapper script if chromium args happen to come first (closes: #1068096). * d/patches: - upstream/tabstrip-include.patch: add header build fix. -- Andres Salomon Tue, 21 May 2024 16:12:47 -0400 chromium (125.0.6422.60-1) unstable; urgency=high * New upstream stable release. - CVE-2024-4947: Type Confusion in V8. Reported by Vasily Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky. - CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-4949: Use after free in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team. - CVE-2024-4950: Inappropriate implementation in Downloads. Reported by Shaheen Fazim. * d/copyright: fix instrumented_libs deletion; upstream renamed it. * d/scripts/unbundle: bundle new requirement absl_crc (which is unavailable in bookworm). * d/patches: - upstream/uint-includes.patch: drop,merged upstream. - upstream/fps-optional.patch: drop, merged upstream. - upstream/span-optional.patch: drop, merged upstream. - upstream/extractor-bitset.patch: drop, merged upstream. - upstream/atomic.patch: drop, merged upstream. - upstream/webgpu-optional.patch: drop, merged upstream. - disable/catapult.patch: refresh. - i386/angle-lockfree.patch: drop, I _think_ it's no longer needed. - upstream/ruy-include.patch: add header build fix. - upstream/vulkan-include.patch: add header build fix. - upstream/mojo-bindings-include.patch: add header build fix. - upstream/appservice-include.patch: add header build fix. - upstream/no-vector-consts.patch: add build fix; gnu libstdc++ doesn't allow const types inside vectors. - upstream/lens-include.patch: add header build fix. - bookworm/nvt2.patch: drop (replace with a better non-revert patch). - bookworm/v8-wrappable.patch: add nvt2.patch build fix replacement that just defines a single struct member. - upstream/ninja.patch: add build fix for failure triggered by ninja-1.12 (closes: #1071197). - fixes/bad-font-gc00000.patch: add formatting patch revert to make other patches easier to apply. - fixes/bad-font-gc2.patch: add a build failure fix & refresh. - fixes/bad-font-gc11.patch: add a build failure fix & refresh. [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: Modify for upstream changes - third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Add pregenerated configuration for ppc64el support in BoringSSL - third_party/0002-third-party-boringssl-add-generated-files.patch: Rename to third_party/0002-Add-PPC64-generated-files-for-boringssl.patch - workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh for upstream changes - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - ffmpeg/0001-Add-support-for-ppc64.patch: Refresh for upstream changes -- Andres Salomon Thu, 16 May 2024 18:55:41 -0400 chromium (124.0.6367.207-1) unstable; urgency=high * New upstream security release. - CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous. -- Andres Salomon Tue, 14 May 2024 22:17:42 -0400 chromium (124.0.6367.201-1) unstable; urgency=high * New upstream security release. - CVE-2024-4671: Use after free in Visuals. Reported by Anonymous. -- Andres Salomon Thu, 09 May 2024 20:37:07 -0400 chromium (124.0.6367.155-1) unstable; urgency=high * New upstream security release. - CVE-2024-4558: Use after free in ANGLE. Reported by gelatin dessert. - CVE-2024-4559: Heap buffer overflow in WebAudio. Reported by Cassidy Kim(@cassidy6564). * d/control: replace libu2f-udev recommends with udev (closes: #1070283). [ Timothy Pearson ] * d/patches/ppc64le: - third_party/skia-vsx-instructions.patch: fix various issues. -- Andres Salomon Tue, 07 May 2024 14:47:32 -0400 chromium (124.0.6367.118-1) unstable; urgency=high * New upstream security release. - CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz. * Build-dep on libhwy-dev and delete the bundled third_party/highway. * Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng. * Build-dep on libdav1d-dev and delete the bundled third_party/dav1d. * d/patches: - ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch, ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch, ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch, fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed for bundled libdav1d. - ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch, ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop these two patches that were needed for bundled highway. - upstream/ozone1.patch: drop, merged upstream. - upstream/ozone2.patch: drop, merged upstream. - fixes/bad-font-gc2.patch: refresh. [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent breakage of i386 build -- Andres Salomon Tue, 30 Apr 2024 17:53:52 -0400 chromium (124.0.6367.78-1) unstable; urgency=high * New upstream security release. - CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure. - CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik. - CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz. -- Andres Salomon Thu, 25 Apr 2024 19:07:35 -0400 chromium (124.0.6367.60-2) unstable; urgency=high * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: update for upstream boringssl changes and reenable - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate from new ffmpeg source tree - third_party/skia-vsx-instructions.patch: update for upstream changes [ Andres Salomon ] * d/patches: - fixes/arm64-ftbfs.patch: add arm64-specific ftbfs fix for libdav1d. - upstream/ozone1.patch, upstream/ozone2.patch: backport fixes for broken wayland support (closes: #1069586). -- Timothy Pearson Thu, 25 Apr 2024 15:21:00 -0500 chromium (124.0.6367.60-1) unstable; urgency=high * New upstream stable release. - CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-3914: Use after free in V8. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024. - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang - CVE-2024-3837: Use after free in QUIC. Reported by {rotiple, dch3ck} of CW Research Inc. - CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan. - CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC). - CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry. - CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg. - CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur. - CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig. - CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry. - CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu. * d/copyright: - delete __pycache__ directories to shut up dpkg warnings. - stop deleting bundled libwebp directory. * Drop build-dep on libwebp-dev and start building against the bundled libwebp. We need to do this because chromium uses features of libavif that require libsharpyuv-dev; but that's only available in sid/trixie. * d/patches: - upstream/std-to-address.patch: drop, merged upstream. - fixes/optional2.patch: drop, merged upstream. - fixes/blink-fonts-shape-result.patch: drop, merged upstream. - bookworm/constexpr-equality.patch: drop, merged upstream. - disable/catapult.patch: refresh. - disable/google-api-warning.patch: rework to be a smaller patch. - bookworm/clang16.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated preference. - upstream/mojo-null.patch: pull a (typescript) build fix from upstream. - upstream/uint-includes.patch: simple header build fix from upstream. - upstream/fps-optional.patch: add header build fix. - upstream/span-optional.patch: add header build fix. - upstream/extractor-bitset.patch: add header build fix. - upstream/atomic.patch: add header build fix. - upstream/webgpu-optional.patch: add header build fix. - fixes/absl-optional.patch: comment out assert() that caused crash. This could be another clang16/libstdc++ miscompilation issue, but needs further investigation. - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces. - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch, fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch, fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch more (new) upstream commits related to bad-font-gc2.patch. When the use-after-free bug gets fixed, all this can be dropped. * d/patches/ppc64le: - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch, third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch, workarounds/HACK-third_party-libvpx-use-generic-gnu.patch, breakpad/0001-Implement-support-for-ppc64-on-Linux.patch, ffmpeg/0001-Add-support-for-ppc64.patch, third_party/dawn-fix-typos.patch, third_party/use-sysconf-page-size-on-ppc64.patch: refresh. - third_party/skia-vsx-instructions.patch: refresh & update for header renaming. - third_party/0001-Add-PPC64-support-for-boringssl.patch, third_party/0002-third-party-boringssl-add-generated-files.patch: disable these two until Tim has a chance to look at them. -- Andres Salomon Fri, 19 Apr 2024 12:33:38 -0400 chromium (123.0.6312.122-1) unstable; urgency=high * New upstream security release. - CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy. - CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure. - CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz. -- Andres Salomon Wed, 10 Apr 2024 21:21:05 -0400 chromium (123.0.6312.105-2) unstable; urgency=high * Depend on libgtk-3-0t64 instead of libgtk-3-0 for time_t transition (closes: #1068540). -- Andres Salomon Sun, 07 Apr 2024 12:43:26 -0400 chromium (123.0.6312.105-1) unstable; urgency=high * New upstream security release. - CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish. - CVE-2024-3159: Out of bounds memory access in V8. Reported by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks, via Pwn2Own 2024. -- Andres Salomon Tue, 02 Apr 2024 18:28:18 -0400 chromium (123.0.6312.86-1) unstable; urgency=high * New upstream stable release. - CVE-2024-2883: Use after free in ANGLE. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-2886: Use after free in WebCodecs. Reported by Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024. - CVE-2024-2887: Type Confusion in WebAssembly. Reported by Manfred Paul, via Pwn2Own 2024. * d/patches/ppc64le: - fixes/fix-clang-selection.patch: select clang on ppc64 platforms - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: fix ARM builds. [ Andres Salomon ] * d/patches: - fixes/bad-font-gc1.patch, fixes/bad-font-gc2.patch: revert a pair of upstream commits that result in blink's garbage collector frequently deadlocking and crashing (closes: #1067886). -- Timothy Pearson Wed, 28 Mar 2024 16:58:00 -0500 chromium (123.0.6312.58-1) unstable; urgency=high * New upstream stable release. - CVE-2024-2625: Object lifecycle issue in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team. - CVE-2024-2626: Out of bounds read in Swiftshader. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-2627: Use after free in Canvas. Reported by Anonymous. - CVE-2024-2628: Inappropriate implementation in Downloads. Reported by Ath3r1s. - CVE-2024-2629: Incorrect security UI in iOS. Reported by Muneaki Nishimura (nishimunea). - CVE-2024-2630: Inappropriate implementation in iOS. Reported by James Lee (@Windowsrcer). - CVE-2024-2631: Inappropriate implementation in iOS. Reported by Ramit Gangwar. * d/patches: - upstream/bitset.patch: drop, merged upstream. - upstream/bookmarknode.patch: drop, merged upstream. - upstream/optional.patch: drop, merged upstream. - upstream/uniqptr.patch: drop, merged upstream. - fixes/gcc13-headers.patch: drop, merged upstream. - fixes/optional.patch: drop, merged upstream. - fixes/material-utils.patch: drop part that was merged upstream. - disable/catapult.patch: refresh. - bookworm/constexpr-equality.patch: include another similar fix. - bookworm/nvt.patch: refresh. - bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium. - disable/angle-perftests.patch: drop, replace with a gn build argument. - bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade clap-lex crate, as it's using 1.74 features and we only have 1.70. - fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235). - fixes/optional2.patch: add another missing inclusion. - fixes/stats-collector.patch: add build fix for wrong header. - disable/screen-ai-blob.patch: add patch to not register the ScreenAI component. Previously, if you opened a PDF and clicked "open in reader mode", it would download a binary blob to ~/.config/chromium/screen_ai/, and do OCR stuff (and who knows what else) in that opaque blob without warning you. We, uh, don't want that. (closes: #1066910). * d/rules: add angle_build_tests=false build argument, which allows us to drop angle-perftests.patch. [ Timothy Pearson ] * d/patches: - fixes/blink-fonts-shape-result.patch: pull in upstream patch for compilation failure in Blink SameSizeAsShapeResult class * d/patches/ppc64le: - ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for upstream changes - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - third_party/skia-vsx-instructions.patch: refresh & harden Skia against timing attacks. -- Andres Salomon Fri, 22 Mar 2024 12:45:06 -0400 chromium (122.0.6261.128-1) unstable; urgency=high * New upstream security release. - CVE-2024-2400: Use after free in Performance Manager. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. -- Andres Salomon Tue, 12 Mar 2024 18:43:05 -0400 chromium (122.0.6261.111-1) unstable; urgency=high * New upstream security release. - CVE-2024-2173: Out of bounds memory access in V8. Reported by 5fceb6172bbf7e2c5a948183b53565b9. - CVE-2024-2174: Inappropriate implementation in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8. - CVE-2024-2176: Use after free in FedCM. Reported by Anonymous. -- Andres Salomon Tue, 05 Mar 2024 16:40:05 -0500 chromium (122.0.6261.94-1) unstable; urgency=high * New upstream security release. - Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8. - Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab. -- Andres Salomon Tue, 27 Feb 2024 15:15:03 -0500 chromium (122.0.6261.57-1) unstable; urgency=high * New upstream stable release. - CVE-2024-1669: Out of bounds memory access in Blink. Reported by Anonymous. - CVE-2024-1670: Use after free in Mojo. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-1671: Inappropriate implementation in Site Isolation. Reported by Harry Chen. - CVE-2024-1672: Inappropriate implementation in Content Security Policy. Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien). - CVE-2024-1673: Use after free in Accessibility. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2024-1674: Inappropriate implementation in Navigation. Reported by David Erceg. - CVE-2024-1675: Insufficient policy enforcement in Download. Reported by Bartłomiej Wacko. - CVE-2024-1676: Inappropriate implementation in Navigation. Reported by Khalil Zhani. * d/patches: - fixes/v8-compressed-ptrs.patch: drop, merged upstream. - fixes/stdint.patch: drop, merged upstream. - upstream/vector.patch: drop, merged upstream. - upstream/display-header.patch: drop, merged upstream. - upstream/bitset.patch: drop, merged upstream. - upstream/once_flag.patch: drop, merged upstream. - fixes/std-to-address.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - bookworm/clang16.patch: refresh, and change -Wno-c++11-narrowing-const-reference to -Wno-c++11-narrowing. - bookworm/nvt.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium. - bookworm/undo-internal-alloc.patch: revert a commit that confuses clang16 w/ libstdc++. We need a better workaround than this. - upstream/mojo.patch: update from git. - bookworm/constexpr-equality.patch: add a few more build fixes (constexpr removals). - upstream/uniqptr.patch: add missing include. - upstream/optional.patch: add missing include. - upstream/bookmarknode.patch: add comparison equality fix pulled from upstream. - fixes/optional.patch: add missing includes. - bookworm/nvt2.patch: revert another upstream c++-20 change for clang-16. - upstream/bitset.patch: add missing include. - ppc64le/v8/0002-Add-ppc64-trap-instructions.patch: refresh. [ Timothy Pearson ] * d/patches/ppc64le: - 0001-Properly-detect-little-endian-PPC64-systems.patch: drop, upstream fix in GIT hash 25a6e6 - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes -- Andres Salomon Wed, 21 Feb 2024 19:56:32 -0500 chromium (121.0.6167.160-1) unstable; urgency=high * New upstream security release. - CVE-2024-1284: Use after free in Mojo. Reported by Anonymous. - CVE-2024-1283: Heap buffer overflow in Skia. Reported by Jorge Buzeti (@r3tr074). -- Andres Salomon Tue, 06 Feb 2024 22:41:53 -0500 chromium (121.0.6167.139-1) unstable; urgency=high * New upstream security release. - CVE-2024-1060: Use after free in Canvas. Reported by Anonymous. - CVE-2024-1059: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2024-1077: Use after free in Network. Reported by Microsoft Security Research Center. -- Andres Salomon Wed, 31 Jan 2024 11:49:10 -0500 chromium (121.0.6167.85-1) unstable; urgency=high * New upstream stable release. - CVE-2024-0807: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2024-0812: Inappropriate implementation in Accessibility. Reported by Anonymous. - CVE-2024-0808: Integer underflow in WebUI. Reported by Lyra Rebane (rebane2001). - CVE-2024-0810: Insufficient policy enforcement in DevTools. Reported by Shaheen Fazim. - CVE-2024-0814: Incorrect security UI in Payments. Reported by Muneaki Nishimura (nishimunea). - CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01. - CVE-2024-0806: Use after free in Passwords. Reported by 18楼梦想改造家. - CVE-2024-0805: Inappropriate implementation in Downloads. Reported by Om Apip. - CVE-2024-0804: Insufficient policy enforcement in iOS Security UI. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2024-0811: Inappropriate implementation in Extensions API. Reported by Jann Horn of Google Project Zero. - CVE-2024-0809: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. * d/copyright: drop another eu-strip binary. * d/patches: - fixes/atspi.patch: drop, merged upstream. - fixes/gcc13-headers.patch: drop portions that were merged upstream. - upstream/nullptr_t.patch: drop, merged upstream. - upstream/string-include.patch: drop, merged upstream. - ungoogled/disable-web-environment-integrity.patch: remove, upstream wisely backed off and removed WEI. - disable/signin.patch: refresh for minor upstream changes. - disable/catapult.patch: refresh for minor upstream changes. - system/openjpeg.patch: refresh for minor upstream changes. - bookworm/clang16.patch: drop portion that was merged upstream. - upstream/vector.patch: missing header fix, pulled from upstream. - upstream/display-header.patch: missing header fix, pulled from upstream. - upstream/bitset.patch: missing header fix, pulled from upstream. - upstream/once_flag.patch: missing header fix, pulled from upstream. - bookworm/constexpr-equality.patch: add clang-16 workaround. - bookworm/nvt.patch: revert an upstream c++-20 change that confuses clang-16. - fixes/libxml-parseerr.patch: revert change from a newer libxml than debian's. [ Timothy Pearson ] * d/patches: - fixes/std-to-address.patch: work around incorrect template selection in Mojo ConvertTo() - fixes/stdint.patch: add missing stdint include to performance manager * d/patches/ppc64le: - fixes/fix-rust-linking.patch: allow linking C and Rust libraries in full archive mode - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh for upstream changes - third_party/skia-vsx-instructions.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: refresh for upstream changes -- Andres Salomon Tue, 23 Jan 2024 17:59:49 -0500 chromium (120.0.6099.224-2) unstable; urgency=high * d/patches/ppc64le/fixes/fix-rustc.patch: add patch to fix ppc64le build. -- Andres Salomon Thu, 18 Jan 2024 03:05:12 -0500 chromium (120.0.6099.224-1) unstable; urgency=high * New upstream security release. - CVE-2024-0517: Out of bounds write in V8. Reported by Toan (suto) Pham of Qrious Secure. - CVE-2024-0518: Type Confusion in V8. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team. - CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous. * d/rules: enable rust and (relatedly) fix search path for clang libs. * Add versioned build-dep on rustc >= 1.70.0+dfsg1-5 for profiler support. -- Andres Salomon Tue, 16 Jan 2024 15:35:05 -0500 chromium (120.0.6099.216-1) unstable; urgency=high * New upstream security release. - CVE-2024-0333: Insufficient data validation in Extensions. Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC. -- Andres Salomon Tue, 09 Jan 2024 20:54:53 -0500 chromium (120.0.6099.199-1) unstable; urgency=high * New upstream security release. - CVE-2024-0222: Use after free in ANGLE. Reported by Toan (suto) Pham of Qrious Secure. - CVE-2024-0223: Heap buffer overflow in ANGLE. Reported by Toan (suto) Pham and Tri Dang of Qrious Secure. - CVE-2024-0224: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous. -- Andres Salomon Wed, 03 Jan 2024 22:53:21 -0500 chromium (120.0.6099.129-1) unstable; urgency=high * New upstream security release. - CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group. -- Andres Salomon Wed, 20 Dec 2023 21:05:12 -0500 chromium (120.0.6099.109-1) unstable; urgency=high * New upstream security release. - CVE-2023-6702: Type Confusion in V8. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group. - CVE-2023-6703: Use after free in Blink. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-6704: Use after free in libavif. Reported by Fudan University. - CVE-2023-6705: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-6706: Use after free in FedCM. Reported by anonymous. - CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel. -- Andres Salomon Tue, 12 Dec 2023 19:52:08 -0500 chromium (120.0.6099.71-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2023-6508: Use after free in Media Stream. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-6509: Use after free in Side Panel Search. Reported by Khalil Zhani. - CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car]. - CVE-2023-6511: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-6512: Inappropriate implementation in Web Browser UI. Reported by Om Apip. * d/copyright: adjust path for chai.js & mocha.js deletion. - delete third_party/libsecret. * d/control: new build depends on libsecret-1-dev. * d/scripts/unbundle: keep bundled libhwy; it's not available in bullseye. - also keep vulkan_memory_allocator and flatbuffers. * d/patches: - fixes/gcc13-headers.patch: refresh. - fixes/blink-frags.patch: drop part of patch & refresh. - disable/catapult.patch: refresh. - disable/driver-chrome-path.patch: update for minor upstream changes. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium. - ungoogled/disable-web-environment-integrity.patch: update from from ungoogled-chromium. - upstream/mojo.patch: update patch from upstream's git. - bookworm/clang16.patch: new patch working around upstream's clang18 flags. - upstream/nullptr_t.patch: more libstdc++13 build fixes. - upstream/string-include.patch: add a simple header include build fix. - fixes/absl-optional.patch: add a workaround for a clang bug (https://github.com/llvm/llvm-project/issues/50248) by providing our own 'optional' header. [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-libdav1d.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate - third_party/skia-vsx-instructions.patch: refresh for upstream changes - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream changes - Mass refresh all other patches against 120 codebase. No functional change. -- Andres Salomon Thu, 07 Dec 2023 15:00:36 -0500 chromium (119.0.6045.199-1) unstable; urgency=high * New upstream security release. - CVE-2023-6348: Type Confusion in Spellcheck. Reported by Mark Brand of Google Project Zero. - CVE-2023-6347: Use after free in Mojo. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute. - CVE-2023-6346: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2023-6350: Out of bounds memory access in libavif. Reported by Fudan University. - CVE-2023-6351: Use after free in libavif. Reported by Fudan University. - CVE-2023-6345: Integer overflow in Skia. Reported by Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group. -- Andres Salomon Tue, 28 Nov 2023 23:33:06 -0500 chromium (119.0.6045.159-1) unstable; urgency=high * New upstream security release. - CVE-2023-5997: Use after free in Garbage Collection. Reported by Anonymous. - CVE-2023-6112: Use after free in Navigation. Reported by Sergei Glazunov of Google Project Zero. * Don't show errors on startup if Crash Reports directory doesn't exist. * Check for $DISPLAY before trying to run xmessage in chromium's wrapper script. Fall back to just using echo (closes: #1055765). -- Andres Salomon Tue, 14 Nov 2023 20:04:30 -0500 chromium (119.0.6045.123-1) unstable; urgency=high * New upstream security release. - CVE-2023-5996: Use after free in WebAudio. Reported by Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023. * Replace libgl1-mesa-dev build dependency with libgl-dev. * Drop d/patches/system/convertutf.patch; license issue has been fixed. * d/copyright: stop deleting convert_UTF.* and document Unicode copyright (closes: #1033136). * d/patches/ppc64le/fixes/fix-breakpad-compile.patch: refresh due to convertutf change. -- Andres Salomon Tue, 07 Nov 2023 23:49:10 -0500 chromium (119.0.6045.105-1) unstable; urgency=high * New upstream stable release. - CVE-2023-5480: Inappropriate implementation in Payments. Reported by Vsevolod Kokorin (Slonser) of Solidlab. - CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy. - CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy. - CVE-2023-5850: Incorrect security UI in Downloads. Reported by Mohit Raj (shadow2639) . - CVE-2023-5851: Inappropriate implementation in Downloads. Reported by Shaheen Fazim. - CVE-2023-5852: Use after free in Printing. Reported by [pwn2car]. - CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh. - CVE-2023-5854: Use after free in Profiles. Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ. - CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang. - CVE-2023-5856: Use after free in Side Panel. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2023-5857: Inappropriate implementation in Downloads. Reported by Will Dormann. - CVE-2023-5858: Inappropriate implementation in WebApp Provider. Reported by Axel Chong. - CVE-2023-5859: Incorrect security UI in Picture In Picture. Reported by Junsung Lee * d/patches: - patches/bullseye/constexpr.patch: Add MiracleParameter workaround * d/patches/ppc64le: - Mass refresh all patches against 119 codebase. No functional change. [ Andres Salomon ] * d/patches: - fixes/gcc13-headers.patch: drop parts that have been merged upstream. - fixes/perfetto.patch: drop part that was merged upstream. - upstream/sensor-reading.patch: drop, merged upstream. - upstream/lweight.patch: drop, merged upstream. - upstream/freetype.patch: drop, merged upstream. - upstream/sizet.patch: drop, merged upstream. - disable/catapult.patch: drop an unused hunk. - disable/widevine-cdm-cu.patch: refresh. - disable/privacy-sandbox.patch: rename, sync up with ungoogled-chromium, and use the full ungoogled patch. The privacy sandbox config interface is now gone, with no way to enable it. - ungoogled/core/ungoogled-chromium/disable-web-environment-integrity.patch: sync up with ungoogled-chromium, and rename. - fixes/blink-frags.patch: additional build fix for libstdc++13. - fixes/gcc13-with-clang14.patch: drop, now that we've switched to clang-16. - fixes/atspi.patch: fix build failure with atspi >= 2.50. -- Timothy Pearson Tue, 31 Oct 2023 23:50:00 -0500 chromium (118.0.5993.117-1) unstable; urgency=high * New upstream security release. - CVE-2023-5472: Use after free in Profiles. Reported by @18楼梦想改造家. * d/patches: - bookworm/clang-attribs.patch: drop, now that we've switched to clang-16. - bookworm/typename.patch: drop, now that we've switched to clang-16. - bookworm/struct-ctor.patch: drop, now that we've switched to clang-16. - bookworm/structured-binding-scope-bug.patch: drop, now that we've switched to clang-16. - bookworm/stringpiece3.patch: drop, now that we've switched to clang-16. - bookworm/initialize-const-ctor.patch: drop, now that we've switched to clang-16. - fixes/brandversion-construct.patch: drop, now that we've switched to clang-16. - fixes/SkColor4f-init.patch: drop, now that we've switched to clang-16. -- Andres Salomon Tue, 24 Oct 2023 20:00:54 -0400 chromium (118.0.5993.70-1) unstable; urgency=high * New upstream stable release. - CVE-2023-5218: Use after free in Site Isolation. Reported by @18楼梦想改造家. - CVE-2023-5487: Inappropriate implementation in Fullscreen. Reported by Anonymous. - CVE-2023-5484: Inappropriate implementation in Navigation. Reported by Thomas Orlita. - CVE-2023-5475: Inappropriate implementation in DevTools. Reported by Axel Chong. - CVE-2023-5483: Inappropriate implementation in Intents. Reported by Axel Chong. - CVE-2023-5481: Inappropriate implementation in Downloads. Reported by Om Apip. - CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun. - CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car]. - CVE-2023-5479: Inappropriate implementation in Extensions API. Reported by Axel Chong. - CVE-2023-5485: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-5478: Inappropriate implementation in Autofill. Reported by Ahmed ElMasry. - CVE-2023-5477: Inappropriate implementation in Installer. Reported by Bahaa Naamneh of Crosspoint Labs. - CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh. - CVE-2023-5473: Use after free in Cast. Reported by DarkNavy. * d/patches/ppc64le: - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes - third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh - ffmpeg/0001-Add-support-for-ppc64.patch: refresh - fixes/fix-breakpad-compile.patch: refresh - fixes/fix-unknown-warning-option-messages.diff: refresh - libaom/0001-Add-ppc64-target-to-libaom.patch: refresh - sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch: refresh - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: refresh - sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh - third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch: refresh - third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch: refresh - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh - third_party/dawn-fix-ppc64le-detection.patch: refresh - third_party/dawn-fix-typos.patch: refresh - third_party/skia-vsx-instructions.patch: refresh - third_party/use-sysconf-page-size-on-ppc64.patch: refresh - workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh [ Andres Salomon] * d/copyright: - blanket.js is gone, no need to remove it any more. - delete some khronos images marked executable. * d/patches: - upstream/memory.patch: drop, merged upstream. - upstream/sensor-reading.patch: add, gcc13 build fix from upstream. - upstream/lweight.patch: add, gcc13 build fix from upstream. - upstream/freetype.patch: add, fix freetype header inclusion FTBFS. - upstream/sizet.patch: add, libstdc++ build fix from upstream. - disable/unrar.patch: update for minor upstream changes. - bookworm/struct-ctor.patch: add various new workarounds for clang-14. - bookworm/structured-binding-scope-bug.patch: drop part of the patch. - bullseye/clang13.patch: drop bullseye patches from sid. - bullseye/constexpr.patch: drop bullseye patches from sid. - ungoogled/.../disable-web-environment-integrity.patch: sync with ungoogled-chromium for upstream changes. -- Timothy Pearson Tue, 10 Oct 2023 22:03:00 -0500 chromium (117.0.5938.149-1) unstable; urgency=high * New upstream security release. - CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar. -- Andres Salomon Tue, 03 Oct 2023 19:31:26 -0400 chromium (117.0.5938.132-2) unstable; urgency=high * d/patches/fixes/v8-compressed-ptrs.patch: fix another armhf FTBFS. -- Andres Salomon Sun, 01 Oct 2023 15:46:49 -0400 chromium (117.0.5938.132-1) unstable; urgency=high * New upstream security release. - CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car]. - CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita. -- Andres Salomon Thu, 28 Sep 2023 00:41:20 -0400 chromium (117.0.5938.92-1) unstable; urgency=high * New upstream stable release. * Enable NEON on armhf. See . * Add check in d/rules & chromium wrapper to ensure we don't build or run on non-NEON armhf machines. -- Andres Salomon Wed, 27 Sep 2023 01:00:07 -0400 chromium (117.0.5938.62-1) unstable; urgency=high [ Andres Salomon] * New upstream stable release. - CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya. - CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali. - CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong. - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry. - CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks. - CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh. - CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry. - CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) . - CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong. - CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong. * d/copyright: drop rust, llvm, siso, & cargo binaries. * d/patches: - fixes/size.patch: drop, merged upstream. - fixes/variant.patch: drop, merged upstream. - fixes/vector.patch: drop, merged upstream. - upstream/contains.patch: drop, merged upstream. - upstream/hvec.patch: drop, merged upstream. - upstream/limits.patch: drop, merged upstream. - upstream/statelessV4L2.patch: drop, merged upstream. - fixes/widevine-locations.patch: refresh for minor upstream changes. - disable/android.patch: drop half the patch. - disable/catapult.patch: refresh for minor upstream changes. - disable/tests.patch: refresh for minor upstream changes. - disable/unrar.patch: refresh for minor upstream changes. - fixes/material-utils.patch: build fix for clang w/ libstdc++. - rename fixes/null.patch to fixes/perfetto.patch. - upstream/memory.patch: build fix for missing header. - bookworm/struct-ctor.patch: add a bunch more build workarounds for clang-14. - bookworm/stringpiece3.patch: another clang-14 StringPiece to std::string explicit conversion. - bookworm/typename.patch: add more explicit typename declarations for clang-14. - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding scope workarounds. - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a const member inside a struct. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are off by default. * Switch to using bundled brotli, as the version in debian is too old. And so we can drop d/patches/bookworm/brotli.patch, too. * Switch from clang-14 to clang-16 (closes: #1051355). [ Timothy Pearson ] * d/patches/ppc64le: - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream changes - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - 0002-third-party-boringssl-add-generated-files.patch: refresh for upstream changes - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop * d/patches/ungoogled: - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable "Web Environment Integrity" trial and remove from build (closes: #1042111) -- Andres Salomon Wed, 13 Sep 2023 22:26:10 -0400 chromium (116.0.5845.180-1) unstable; urgency=high [ Andres Salomon] * New upstream security release. - CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy. - CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI. - CVE-2023-4763: Use after free in Networks. Reported by anonymous. - CVE-2023-4764: Incorrect security UI in BFCache. Reported by Irvan Kurniawan (sourc7). [ Timothy Pearson ] * d/patches/ppc64le: - 0001-Add-PPC64-support-for-boringssl.patch: Fix incorrect function call parameter types in gmult_func() and ghash_func() implementations -- Andres Salomon Tue, 05 Sep 2023 19:10:10 -0400 chromium (116.0.5845.140-1) unstable; urgency=high * New upstream security release. - CVE-2023-4572: Use after free in MediaStream. Reported by fwnfwn(@_fwnfwn). * Drop d/chromium.conffiles; it's been a year (and major debian release) since started deleting /etc/chromium/policies/recommended/duckduckgo.json (closes: #1024981). -- Andres Salomon Wed, 30 Aug 2023 04:14:41 -0400 chromium (116.0.5845.110-2) unstable; urgency=high * Remove Bullseye-specific workarounds from debian/rules (closes: #1038679). -- Timothy Pearson Wed, 23 Aug 2023 13:25:00 -0500 chromium (116.0.5845.110-1) unstable; urgency=high [ Timothy Pearson ] * New upstream security release. - CVE-2023-4430: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-4429: Use after free in Loader. Reported by Anonymous. - CVE-2023-4428: Out of bounds memory access in CSS. Reported by Francisco Alonso (@revskills). - CVE-2023-4427: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-4431: Out of bounds memory access in Fonts. Reported by Microsoft Security Researcher. [ Andres Salomon ] * d/patches/upstream hvec.patch: add arm* v4l2 build fix. * d/rules: FTBFS if we're uploading to -security distribution w/out CVEs. -- Timothy Pearson Wed, 23 Aug 2023 08:58:00 -0500 chromium (116.0.5845.96-2) unstable; urgency=high * d/patches/upstream/limits.patch: Add a build fix for arm64. * The follow CVEs were fixed in the prior release and I forgot them. - CVE-2023-2312: Use after free in Offline. Reported by avaue at S.S.L.. - CVE-2023-4349: Use after free in Device Trust Connectors. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2023-4350: Inappropriate implementation in Fullscreen. Reported by Khiem Tran (@duckhiem). - CVE-2023-4351: Use after free in Network. Reported by Guang and Weipeng Jiang of VRI. - CVE-2023-4352: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-4353: Heap buffer overflow in ANGLE. Reported by Christoph Diehl / Microsoft Vulnerability Research. - CVE-2023-4354: Heap buffer overflow in Skia. Reported by Mark Brand of Google Project Zero. - CVE-2023-4355: Out of bounds memory access in V8. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-4356: Use after free in Audio. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-4357: Insufficient validation of untrusted input in XML. Reported by Igor Sak-Sakovskii. - CVE-2023-4358: Use after free in DNS. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2023-4359: Inappropriate implementation in App Launcher. Reported by @retsew0x01. - CVE-2023-4360: Inappropriate implementation in Color. Reported by Axel Chong. - CVE-2023-4361: Inappropriate implementation in Autofill. Reported by Thomas Orlita. - CVE-2023-4362: Heap buffer overflow in Mojom IDL. Reported by Zhao Hai of NanJing Cyberpeace TianYu Lab. - CVE-2023-4363: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz. - CVE-2023-4364: Inappropriate implementation in Permission Prompts. Reported by Jasper Rebane. - CVE-2023-4365: Inappropriate implementation in Fullscreen. Reported by Hafiizh. - CVE-2023-4366: Use after free in Extensions. Reported by asnine. - CVE-2023-4367: Insufficient policy enforcement in Extensions API. Reported by Axel Chong. - CVE-2023-4368: Insufficient policy enforcement in Extensions API. Reported by Axel Chong. -- Andres Salomon Wed, 16 Aug 2023 04:48:02 -0400 chromium (116.0.5845.96-1) unstable; urgency=high * New upstream stable release. * d/patches: - fixes/cmath.patch: drop, merged upstream. - fixes/vector.patch: drop, merged upstream. - fixes/cookieresult.patch: drop, merged upstream. - fixes/gcc13-headers.patch: drop portions which have been merged upstream. - upstream/feature-list-static.patch: drop, merged upstream. - disable/catapult.patch: refresh. - upstream/statelessV4L2.patch: refresh. - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh. - ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: refresh. - fixes/rust-clanglib.patch: add patch to handle new clang deps for rust. - debianization/clang-15.patch: add patch to use lld-15. - bookworm/typename.patch: more typename fixes needed. - fixes/variant.patch: add a missing header that libstdc++ needs. - fixes/vector.patch: add a missing header that libstdc++ needs. - fixes/null.patch: fix missing namespace for nullptr_t + header fix. - fixes/size.patch: missing header fix. - bookworm/brotli.patch: revert upstream change that requires newer brotli. - bookworm/struct-ctor.patch: add a bunch of explicit struct constructors to make clang-15 happy. - fixes/size.patch - bullseye/stringpiece.patch: drop, since we're bundling re2 now. * d/rules: automatically detect rust/clang versions & add needed rust args. But also disable rust for now. * d/rules: drop use_gnome_keyring=false, upstream has completely removed libgnome-keyring support in favor of gnome's libsecret. * d/control: add build-dep on libclang-rt-dev for rust. * Use bundled re2 (for now) instead of libre2-dev due to random crashes we're seeing. Adjust build-deps, Files-Excluded, d/clean, and d/scripts/unbundle accordingly. [ Timothy Pearson ] * d/patches/ppc64le: - database/0001-Properly-detect-little-endian-PPC64-systems.patch: refresh for upstream changes - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - third_party/0002-third-party-boringssl-add-generated-files.patch: refresh, no changes - third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream changes - third_party/skia-vsx-instructions.patch: refresh for upstream changes -- Andres Salomon Tue, 15 Aug 2023 17:46:56 -0400 chromium (115.0.5790.170-1) unstable; urgency=high * New upstream security release. - CVE-2023-4068: Type Confusion in V8. Reported by Jerry. - CVE-2023-4069: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2023-4070: Type Confusion in V8. Reported by Jerry. - CVE-2023-4071: Heap buffer overflow in Visuals. Reported by Guang and Weipeng Jiang of VRI. - CVE-2023-4072: Out of bounds read and write in WebGL. Reported by Apple Security Engineering and Architecture (SEAR). - CVE-2023-4073: Out of bounds memory access in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori. - CVE-2023-4074: Use after free in Blink Task Scheduling. Reported by Anonymous. - CVE-2023-4075: Use after free in Cast. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-4076: Use after free in WebRTC. Reported by Natalie Silvanovich of Google Project Zero. - CVE-2023-4077: Insufficient data validation in Extensions. Reported by Anonymous. - CVE-2023-4078: Inappropriate implementation in Extensions. Reported by Anonymous. * debian/patches/disable/driver-chrome-path.patch: refresh for minor changes. -- Andres Salomon Wed, 02 Aug 2023 19:26:52 -0400 chromium (115.0.5790.102-2) unstable; urgency=high * debian/patches/upstream/contains.patch:Yet Another v4l2 ARM build fix. -- Andres Salomon Tue, 25 Jul 2023 18:25:50 -0400 chromium (115.0.5790.102-1) unstable; urgency=high * New upstream stable release. * debian/patches/upstream/statelessV4L2.patch: add v4l2 build fix. -- Andres Salomon Fri, 21 Jul 2023 02:36:46 -0400 chromium (115.0.5790.98-2) unstable; urgency=high * Add build fix for gcc13 on arm64. -- Andres Salomon Wed, 19 Jul 2023 22:23:08 -0400 chromium (115.0.5790.98-1) unstable; urgency=high * New upstream release - CVE-2023-3727: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-3728: Use after free in WebRTC. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2023-3730: Use after free in Tab Groups. Reported by @ginggilBesel. - CVE-2023-3732: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-3733: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. - CVE-2023-3734: Inappropriate implementation in Picture In Picture. Reported by Thomas Orlita. - CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts. Reported by Ahmed ElMasry. - CVE-2023-3736: Inappropriate implementation in Custom Tabs. Reported by Philipp Beer (TU Wien). - CVE-2023-3737: Inappropriate implementation in Notifications. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) . - CVE-2023-3738: Inappropriate implementation in Autofill. Reported by Hafiizh. - CVE-2023-3740: Insufficient validation of untrusted input in Themes. Reported by Fardeen Siddiqui. * d/rules: - use system rustc installation * Add build-dep on rustc. * d/patches: - debianization/master-preferences.patch: upstream variable renamed - disable/catapult.patch: upstream changes required reworking - disable/tests.patch: remove new upstream puffin test data file dependencies - disable/unrar.patch: upstream changes required reworking - fixes/cmath.patch: add missing header include for skia - fixes/vector.patch: add missing header include for net - upstream/sizet.patch: drop, merged upstream - ppc64le/fixes/fix-partition-alloc-compile.patch: refresh for upstream changes - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch: regenerate configs from upstream source - ppc64le/third_party/skia-vsx-instructions.patch: refresh for upstream changes [ Andres Salomon ] - fixes/clang-and-gcc11.patch: drop, (a different version) merged upstream. - bookworm/typename.patch: drop parts that were merged upstream, and add new build fixes. - bookworm/structured-binding-scope-bug.patch: drop some of it, add new bits - bullseye/constexpr.patch: refresh for string -> StringPiece change. - bullseye/stringpiece.patch: add to work around older libre2. - bullseye/default-equality-op.patch: add more workarounds for older compilers - fixes/brandversion-construct.patch: add to fix build failure. - fixes/SkColor4f-init.patch: another missing struct constructor fix. - fixes/cookieresult.patch: another struct ctor build fix. - fixes/gcc13-with-clang14.patch: fix FTBFS with gcc-13 (closes: #1037604). - fixes/gcc13-headers.patch: fix a bunch of missing includes which gcc-13 wants - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - ppc64le/third_party/0002-third-party-boringssl-add-generated-files.patch: refresh. -- Timothy Pearson Tue, 18 Jul 2023 17:50:00 -0500 chromium (114.0.5735.198-1) unstable; urgency=high * New upstream security release. - CVE-2023-3420: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2023-3421: Use after free in Media. Reported by Piotr Bania of Cisco Talos. - CVE-2023-3422: Use after free in Guest View. Reported by asnine. -- Andres Salomon Tue, 27 Jun 2023 02:21:12 -0400 chromium (114.0.5735.133-1) unstable; urgency=high * New upstream security release. - CVE-2023-3214: Use after free in Autofill payments. Reported by Rong Jian of VRI. - CVE-2023-3215: Use after free in WebRTC. Reported by asnine. - CVE-2023-3216: Type Confusion in V8. Reported by 5n1p3r0010 from Topsec ChiXiao Lab. - CVE-2023-3217: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero. -- Andres Salomon Tue, 13 Jun 2023 13:31:55 -0400 chromium (114.0.5735.106-1) unstable; urgency=high * New upstream stable release. - CVE-2023-3079: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. * d/patches: - ppc64le/third_party/skia-vsx-instructions.patch: rewrite for POWER8 compatibility, fix graphics corruption, and enable in builds -- Timothy Pearson Mon, 05 Jun 2023 21:38:00 -0500 chromium (114.0.5735.90-2) unstable; urgency=high * d/patches: - Add upstream/feature-list-static.patch This patch fixes an out of scope array access that can lead to crashes at startup -- Timothy Pearson Wed, 31 May 2023 12:36:00 -0500 chromium (114.0.5735.90-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2023-2929: Out of bounds write in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori. - CVE-2023-2930: Use after free in Extensions. Reported by asnine. - CVE-2023-2931: Use after free in PDF. Reported by Huyna at Viettel Cyber Security. - CVE-2023-2932: Use after free in PDF. Reported by Huyna at Viettel Cyber Security. - CVE-2023-2933: Use after free in PDF. Reported by Quang Nguyễn (@quangnh89) of Viettel Cyber Security and Nguyen Phuong. - CVE-2023-2934: Out of bounds memory access in Mojo. Reported by Mark Brand of Google Project Zero. - CVE-2023-2935: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-2936: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-2937: Inappropriate implementation in Picture In Picture. Reported by NDevTK. - CVE-2023-2938: Inappropriate implementation in Picture In Picture. Reported by Alesandro Ortiz. - CVE-2023-2939: Insufficient data validation in Installer. Reported by ycdxsb from VARAS@IIE. - CVE-2023-2940: Inappropriate implementation in Downloads. Reported by Axel Chong. - CVE-2023-2941: Inappropriate implementation in Extensions API. Reported by Jasper Rebane. * d/copyright: properly delete some android & chromeos stuff. * d/patches: - fixes/clang-and-gcc11.patch: refresh. - upstream/webview-cstr.patch: drop, merged upstream. - upstream/monostate.patch: drop, merged upstream. - disable/unrar.patch: additional upstream changes required more reworking. - disable/android.patch: refresh, & add one more build fix. - disable/catapult.patch: refresh. - disable/swiftshader.patch: refresh. - disable/angle-perftest.patch: refresh. - system/jpeg.patch: refresh. - upstream/mojo.patch: regenerate from git. - upstream/sizet.patch: add an upstream build fix. - bookworm/typename.patch: include more build fixes. - bookworm/lambda-bug.patch -> bookworm/structured-binding-scope-bug.patch, and add another place it's happening (turns out it's not just lambdas). * Add build-dep on libevdev-dev - now required by upstream. [ Timothy Pearson ] * d/patches: - Refresh ppc64le patches -- Andres Salomon Wed, 31 May 2023 03:06:35 -0400 chromium (113.0.5672.126-1) unstable; urgency=low * New upstream security release. - CVE-2023-2721: Use after free in Navigation. Reported by Guang Gong of Alpha Lab, Qihoo 360. - CVE-2023-2722: Use after free in Autofill UI. Reported by Rong Jian of VRI. - CVE-2023-2723: Use after free in DevTools. Reported by asnine. - CVE-2023-2724: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-2725: Use after free in Guest View. Reported by asnine. - CVE-2023-2726: Inappropriate implementation in WebApp Installs. Reported by Ahmed ElMasry. -- Andres Salomon Tue, 16 May 2023 16:25:03 -0400 chromium (113.0.5672.63-2) unstable; urgency=low * d/patches: - Set baseline ppc64 CPU back to POWER ISA 2.07 (POWER8) -- Timothy Pearson Wed, 03 May 2023 10:47:00 -0500 chromium (113.0.5672.63-1) unstable; urgency=high * New upstream stable release. - CVE-2023-2459: Inappropriate implementation in Prompts. Reported by Rong Jian of VRI. - CVE-2023-2460: Insufficient validation of untrusted input in Extensions. Reported by Martin Bajanik, Fingerprint[.]com. - CVE-2023-2461: Use after free in OS Inputs. Reported by @ginggilBesel. - CVE-2023-2462: Inappropriate implementation in Prompts. Reported by Alesandro Ortiz. - CVE-2023-2463: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7). - CVE-2023-2464: Inappropriate implementation in PictureInPicture. Reported by Thomas Orlita. - CVE-2023-2465: Inappropriate implementation in CORS. Reported by @kunte_ctf. - CVE-2023-2466: Inappropriate implementation in Prompts. Reported by Jasper Rebane (popstonia). - CVE-2023-2467: Inappropriate implementation in Prompts. Reported by Thomas Orlita. - CVE-2023-2468: Inappropriate implementation in PictureInPicture. Reported by Alesandro Ortiz. [ Andres Salomon] * Remove Michel from Uploaders. * Build against libopenh264-dev (closes: #1031352). * d/copyright: - drop fuchsia*: entirely different OS. - drop chrome/build: 200MB of PGO optimizations for official chrome builds. - drop third_party/updater: upstream included update binary. - re-add part of chrome/browser/resources/chromeos/ and chrome/android/ to fix build errors. * d/patches: - debianization/master-preferences.patch: check for initial_preferences or master_preferences, rather than just for the latter (closes: #992178). - disable/unrar.patch: complete rewrite for upstream's nested archive changes. - disable/catapult.patch: refresh. - upstream/webview-cstr.patch: add simple build fix from upstream. - upstream/monostate.patch: add simple build fix from upstream. - bookworm/clang-attribs.patch: build fix for clang-14 to keep from generating hundreds of warnings per compilation unit. - bookworm/typename.patch: add another build fix for missing typename. - bookworm/lamba-bug.patch: add to work around compiler bug (clang < 16). - bullseye/constexpr.patch: work around build failure w/ bullseye's clang/libstdc++. - disable/openh264.patch -> bullseye/openh264.patch, and stop using it for sid & bookworm. [ Timothy Pearson ] * d/patches: - Set baseline ppc64 CPU to POWER ISA 3.0 (OpenPOWER, POWER9) - Enable VSX acceleration in Skia - Refresh ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch - Add fixes for new Highway library on ppc64 - Suppress harmless warning messages from compiler during ppc64 builds -- Timothy Pearson Wed, 03 May 2023 00:42:00 -0500 chromium (112.0.5615.138-1) unstable; urgency=high * New upstream security release. - CVE-2023-2133: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI. - CVE-2023-2134: Out of bounds memory access in Service Worker API. Reported by Rong Jian of VRI. - CVE-2023-2135: Use after free in DevTools. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-2136: Integer overflow in Skia. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2023-2137: Heap buffer overflow in sqlite. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute * d/patches: - upstream/protobuf.patch: drop, merged upstream. -- Timothy Pearson Tue, 18 Apr 2023 22:00:00 -0500 chromium (112.0.5615.121-1) unstable; urgency=high * New upstream security release. - CVE-2023-2033: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. * Build-dep on rollup. * Delete the bundled acorn & rollup node modules, and build using the debian packaged version of those and other modules. * (Re-)enable optimize_webui. * Add d/patches/upstream/protobuf.patch to fix FTBFS due to race. -- Andres Salomon Sat, 15 Apr 2023 00:24:54 -0400 chromium (112.0.5615.49-2) unstable; urgency=high [ Andres Salomon ] * Add d/patches/i386/angle-lockfree.patch to fix FTBFS on i386. Also create & populate that d/patches/i386/ directory, since we now have multiple i386 patches. * Remove enable_js_type_check=false build arg; upstream dropped it. [ Timothy Pearson ] * d/patches: - Re-add boringssl support for ppc64le (dropped by Google upstream) - Add ppc64le detection to partition allocator build - Regenerate 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch -- Andres Salomon Fri, 07 Apr 2023 03:40:50 -0400 chromium (112.0.5615.49-1) unstable; urgency=high * New upstream stable release. - CVE-2023-1810: Heap buffer overflow in Visuals. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2023-1811: Use after free in Frames. Reported by Thomas Orlita. - CVE-2023-1812: Out of bounds memory access in DOM Bindings. Reported by Shijiang Yu. - CVE-2023-1813: Inappropriate implementation in Extensions. Reported by Axel Chong. - CVE-2023-1814: Insufficient validation of untrusted input in Safe Browsing. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University. - CVE-2023-1815: Use after free in Networking APIs. Reported by DDV_UA. - CVE-2023-1816: Incorrect security UI in Picture In Picture. Reported by NDevTK. - CVE-2023-1817: Insufficient policy enforcement in Intents. Reported by Axel Chong. - CVE-2023-1818: Use after free in Vulkan. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research, Eric Lawrence, Microsoft, Patrick Walker (@HomeSen), & Kirtikumar Anandrao Ramchandani. - CVE-2023-1819: Out of bounds read in Accessibility. Reported by Microsoft Edge Team. - CVE-2023-1820: Heap buffer overflow in Browser History. Reported by raven at KunLun lab. - CVE-2023-1821: Inappropriate implementation in WebShare. Reported by Axel Chong. - CVE-2023-1822: Incorrect security UI in Navigation. Reported by 강우진. - CVE-2023-1823: Inappropriate implementation in FedCM. Reported by Jasper Rebane (popstonia). * d/copyright: change location for deleted image_diff directory. * d/patches: - disable/unrar.patch: update for stuff dropped upstream. - disable/swiftshader.patch: straight refresh. - bullseye/clang13.patch: straight refresh. - ppc64le/third_party/0001-third_party-angle-Include-missing-header-cstddef-in-.patch: straight refresh. - ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: straight refresh. - debian/patches/ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: change is_mac to is_apple. -- Andres Salomon Tue, 04 Apr 2023 18:44:47 -0400 chromium (111.0.5563.110-1) unstable; urgency=high * New upstream security release. - CVE-2023-1528: Use after free in Passwords. Reported by Wan Choi of Seoul National University. - CVE-2023-1529: Out of bounds memory access in WebHID. - CVE-2023-1530: Use after free in PDF. Reported by The UK's National Cyber Security Centre (NCSC). - CVE-2023-1531: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos. - CVE-2023-1532: Out of bounds read in GPU Video. Reported by Mark Brand of Google Project Zero. - CVE-2023-1533: Use after free in WebProtect. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2023-1534: Out of bounds read in ANGLE. Reported by Jann Horn and Mark Brand of Google Project Zero. * Document how to properly enable Wayland support in README.Debian (closes: #1033223). * d/rules patch from "Daniel Richard G." : - Disable lto flags (closes: #1015367). - don't clobber LDFLAGS from dpkg-buildflags (closes: #1033015). -- Andres Salomon Wed, 22 Mar 2023 03:17:36 -0400 chromium (111.0.5563.64-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2023-1213: Use after free in Swiftshader. Reported by Jaehun Jeong(@n3sk) of Theori. - CVE-2023-1214: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2023-1215: Type Confusion in CSS. Reported by Anonymous. - CVE-2023-1216: Use after free in DevTools. Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team. - CVE-2023-1217: Stack buffer overflow in Crash reporting. Reported by sunburst of Ant Group Tianqiong Security Lab. - CVE-2023-1218: Use after free in WebRTC. Reported by Anonymous. - CVE-2023-1219: Heap buffer overflow in Metrics. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-1220: Heap buffer overflow in UMA. Reported by Sergei Glazunov of Google Project Zero. - CVE-2023-1221: Insufficient policy enforcement in Extensions API. Reported by Ahmed ElMasry. - CVE-2023-1222: Heap buffer overflow in Web Audio API. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-1223: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry. - CVE-2023-1224: Insufficient policy enforcement in Web Payments API. Reported by Thomas Orlita. - CVE-2023-1225: Insufficient policy enforcement in Navigation. Reported by Roberto Ffrench-Davis @Lihaft. - CVE-2023-1226: Insufficient policy enforcement in Web Payments API. Reported by Anonymous. - CVE-2023-1227: Use after free in Core. Reported by @ginggilBesel. - CVE-2023-1228: Insufficient policy enforcement in Intents. Reported by Axel Chong. - CVE-2023-1229: Inappropriate implementation in Permission prompts. Reported by Thomas Orlita. - CVE-2023-1230: Inappropriate implementation in WebApp Installs. Reported by Axel Chong. - CVE-2023-1231: Inappropriate implementation in Autofill. Reported by Yan Zhu, Brave. - CVE-2023-1232: Insufficient policy enforcement in Resource Timing. Reported by Sohom Datta. - CVE-2023-1233: Insufficient policy enforcement in Resource Timing. Reported by Soroush Karami. - CVE-2023-1234: Inappropriate implementation in Intents. Reported by Axel Chong. - CVE-2023-1235: Type Confusion in DevTools. Reported by raven at KunLun lab. - CVE-2023-1236: Inappropriate implementation in Internals. Reported by Alesandro Ortiz. * Document upcoming security support in README.Debian.security. * Document switching the default search engine in README.debian. * d/patches: - upstream/clamp.patch: drop, merged upstream. - upstream/pwman-const.patch: drop, merged upstream. - upstream/move-stack-to-isolate.patch: drop, merged upstream. - upstream/blink-dbl-float.patch: drop, merged upstream. - upstream/v4l2-fix.patch: drop, merged upstream. - disable/catapult.patch: refresh & remove unnecessary android bits. - disable/google-api-warning.patch: refresh. [ Timothy Pearson ] * d/patches: - ppc64le/third_party/0005-third_party-dav1d-crash-fix.patch: drop, merged upstream - ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch: skia musttail is back in upstream, disable on ppc64le due to contining Clang bugs - ppc64le: refresh libaom configuration -- Andres Salomon Tue, 07 Mar 2023 18:12:37 -0500 chromium (110.0.5481.177-1) unstable; urgency=high * New upstream security release. - CVE-2023-0941: Use after free in Prompts. Reported by Anonymous. - CVE-2023-0927: Use after free in Web Payments API. Reported by Rong Jian of VRI. - CVE-2023-0928: Use after free in SwiftShader. Reported by Anonymous. - CVE-2023-0929: Use after free in Vulkan. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-0930: Heap buffer overflow in Video. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-0931: Use after free in Video. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-0932: Use after free in WebRTC. Reported by Omri Bushari (Talon Cyber Security). - CVE-2023-0933: Integer overflow in PDF. Reported by Zhiyi Zhang from Codesafe Team of Legendsec at QI-ANXIN Group. -- Andres Salomon Wed, 22 Feb 2023 16:11:07 -0500 chromium (110.0.5481.77-2) unstable; urgency=high * Fix build failure on arm* platforms with upstream/v4l2-fix.patch. -- Andres Salomon Wed, 08 Feb 2023 15:20:57 -0500 chromium (110.0.5481.77-1) unstable; urgency=high [ Andres Salomon ] * New upstream stable release. - CVE-2023-0696: Type Confusion in V8. Reported by Haein Lee at KAIST Hacking Lab. - CVE-2023-0697: Inappropriate implementation in Full screen mode. Reported by Ahmed ElMasry. - CVE-2023-0698: Out of bounds read in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-0699: Use after free in GPU. Reported by 7o8v and Cassidy Kim(@cassidy6564). - CVE-2023-0700: Inappropriate implementation in Download. Reported by Axel Chong. - CVE-2023-0701: Heap buffer overflow in WebUI. Reported by Sumin Hwang of SSD Labs. - CVE-2023-0702: Type Confusion in Data Transfer. Reported by Sri. - CVE-2023-0703: Type Confusion in DevTools. Reported by raven at KunLun lab. - CVE-2023-0704: Insufficient policy enforcement in DevTools. Reported by Rhys Elsmore and Zac Sims of the Canva security team. - CVE-2023-0705: Integer overflow in Core. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab. * d/copyright: libpng16 binaries are gone, no longer need to exclude them. * d/scripts/unbundle: drop libjxl, which is dropped upstream. Add absl_log*. * d/patches: - debianization/optimization.patch: drop. This is unnecessary, as Debian's optimization flags override Chromium's by default. - disable/android.patch: upstream removed android_crazy_linker, so we can remove half of this patch. - disable/catapult.patch: refresh. - disable/google-api-warning.patch: refresh. - upstream/mojo.patch: refresh w/ what's in 110. - system/openjpeg.patch: completely rework due to upstream changes. - upstream/clamp.patch: backport a build fix. - upstream/blink-dbl-float.patch: another build fix. * Drop unused use_allocator="none" argument. This was used previously to switch from the default "partition" allocator. Upstream dropped the build flag in chromium v109. So in v109 we switched to the default "partition" allocator and I don't think anyone noticed, so let's just leave it on. Report issues if you notice any. [ Timothy Pearson ] * d/patches: - Refresh ppc64le patches for v110 - Add upstream patches to fix build errors when use_custom_libcxx=false - Drop stack smashing fix patch for ppc64le due to fix included upstream -- Andres Salomon Wed, 08 Feb 2023 00:20:01 -0500 chromium (109.0.5414.119-1) unstable; urgency=high * New upstream security release. - CVE-2023-0471: Use after free in WebTransport. Reported by chichoo Kim(chichoo) and Cassidy Kim(@cassidy6564). - CVE-2023-0472: Use after free in WebRTC. Reported by Cassidy Kim(@cassidy6564). - CVE-2023-0473: Type Confusion in ServiceWorker API. Reported by raven at KunLun lab. - CVE-2023-0474: Use after free in GuestView. Reported by avaue at S.S.L. * Re-enable v4l2 for arm platforms (closes: #1011346). -- Andres Salomon Wed, 25 Jan 2023 01:19:49 -0500 chromium (109.0.5414.74-2) unstable; urgency=high [ Andres Salomon ] * d/patches/bullseye/clang13.patch: don't use -gsimple-template-names in clang arguments, as it doesn't work with clang-13. [ Timothy Pearson ] * Fix crashes in dav1d during video playback on ppc64le * d/patches: - Apply upstream dav1d ppc64le fix from videolan merge request #1464 -- Andres Salomon Thu, 12 Jan 2023 18:23:51 -0500 chromium (109.0.5414.74-1) unstable; urgency=high * New upstream stable release. - CVE-2023-0128: Use after free in Overview Mode. Reported by Khalil Zhani. - CVE-2023-0129: Heap buffer overflow in Network Service. Reported by asnine. - CVE-2023-0130: Inappropriate implementation in Fullscreen API. Reported by Hafiizh. - CVE-2023-0131: Inappropriate implementation in iframe Sandbox. Reported by NDevTK. - CVE-2023-0132: Inappropriate implementation in Permission prompts. Reported by Jasper Rebane (popstonia). - CVE-2023-0133: Inappropriate implementation in Permission prompts. Reported by Alesandro Ortiz. - CVE-2023-0134: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy). - CVE-2023-0135: Use after free in Cart. Reported by Chaoyuan Peng (@ret2happy). - CVE-2023-0136: Inappropriate implementation in Fullscreen API. Reported by Axel Chong. - CVE-2023-0137: Heap buffer overflow in Platform Apps. Reported by avaue and Buff3tts at S.S.L.. - CVE-2023-0138: Heap buffer overflow in libphonenumber. Reported by Michael Dau. - CVE-2023-0139: Insufficient validation of untrusted input in Downloads. Reported by Axel Chong. - CVE-2023-0140: Inappropriate implementation in File System API. Reported by harrison.mitchell, cybercx.com.au. - CVE-2023-0141: Insufficient policy enforcement in CORS. Reported by scarlet. * d/patches: - upstream/re-fix-tflite.patch: drop, merged upstream. - disable/catapult.patch: refresh - disable/angle-perftests.patch: refresh [ Timothy Pearson ] * d/patches: - Regenerate ppc64le configuration files from source - Fix register corruption in v8 on ppc64 systems -- Andres Salomon Thu, 12 Jan 2023 13:01:02 -0500 chromium (108.0.5359.124-1) unstable; urgency=high * New upstream security release. - CVE-2022-4436: Use after free in Blink Media. Reported by Anonymous on 2022-11-15 - CVE-2022-4437: Use after free in Mojo IPC. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-11-30 - CVE-2022-4438: Use after free in Blink Frames. Reported by Anonymous on 2022-11-07 - CVE-2022-4439: Use after free in Aura. Reported by Anonymous on 2022-11-22 - CVE-2022-4440: Use after free in Profiles. Reported by Anonymous on 2022-11-09 [ Andres Salomon ] * Drop fixes/disable-cxx20.patch; turned out to be a clang-14 bug (https://bugs.debian.org/1025394) causing the issue that is now fixed. -- Timothy Pearson Tue, 13 Dec 2022 19:10:00 -0600 chromium (108.0.5359.94-1) unstable; urgency=high * New upstream security release. - CVE-2022-4262: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group. * Drop bullseye/mulodic.patch from unstable, it's too difficult to get this right between the two distributions. It'll live in the bullseye branch only. -- Andres Salomon Sat, 03 Dec 2022 13:29:49 -0500 chromium (108.0.5359.71-2) unstable; urgency=high * Fix bullseye/mulodic.patch to actually work right on 32-bit platforms. Again. [ Timothy Pearson ] * Regenerate libaom configuration for ppc64el -- Andres Salomon Fri, 02 Dec 2022 15:03:21 -0500 chromium (108.0.5359.71-1) unstable; urgency=high * New upstream stable release. - CVE-2022-4174: Type Confusion in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2022-4175: Use after free in Camera Capture. Reported by Leecraso and Guang Gong of 360 Alpha Lab. - CVE-2022-4176: Out of bounds write in Lacros Graphics. Reported by @ginggilBesel. - CVE-2022-4177: Use after free in Extensions. Reported by Chaoyuan Peng (@ret2happy). - CVE-2022-4178: Use after free in Mojo. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-4179: Use after free in Audio. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-4180: Use after free in Mojo. Reported by Anonymous. - CVE-2022-4181: Use after free in Forms. Reported by Aviv A. - CVE-2022-4182: Inappropriate implementation in Fenced Frames. Reported by Peter Nemeth. - CVE-2022-4183: Insufficient policy enforcement in Popup Blocker. Reported by David Sievers. - CVE-2022-4184: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry. - CVE-2022-4185: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer). - CVE-2022-4186: Insufficient validation of untrusted input in Downloads. Reported by Luan Herrera (@lbherrera_). - CVE-2022-4187: Insufficient policy enforcement in DevTools. Reported by Axel Chong. - CVE-2022-4188: Insufficient validation of untrusted input in CORS. Reported by Philipp Beer (TU Wien). - CVE-2022-4189: Insufficient policy enforcement in DevTools. Reported by NDevTK. - CVE-2022-4190: Insufficient data validation in Directory. Reported by Axel Chong. - CVE-2022-4191: Use after free in Sign-In. Reported by Jaehun Jeong(@n3sk) of Theori. - CVE-2022-4192: Use after free in Live Caption. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-4193: Insufficient policy enforcement in File System API. Reported by Axel Chong. - CVE-2022-4194: Use after free in Accessibility. Reported by Anonymous. - CVE-2022-4195: Insufficient policy enforcement in Safe Browsing. Reported by Eric Lawrence of Microsoft. * d/copyright: - drop multiple ninja executables from upstream tarball. - Stop deleting chrome/test/data/*, since it's all just empty directories except for one BUILD.gn that is required to build. * d/scripts/unbundle: build against the bundled absl_utility. * d/patches: - upstream/fix-missing-cmath.patch: drop, merged upstream. - fixes/angle-wayland.patch: drop, merged upstream. - fixes/fix-arm-vfpv3-d16-libaom.patch: drop, merged upstream. - disable/unrar.patch: refresh due to 7z support added. - ppc64le/workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh for loongarch update. - ppc64le/third_party/use-sysconf-page-size-on-ppc64.patch: drop half of patch as upstream removed duplicate code. - fixes/disable-cxx20.patch: switch clang complication back to the c++17 standard, as c++20 breaks linking. -- Andres Salomon Thu, 01 Dec 2022 22:23:10 -0500 chromium (107.0.5304.121-1) unstable; urgency=high * New upstream security release. - CVE-2022-4135: Heap buffer overflow in GPU. Reported by Clement Lecigne of Google's Threat Analysis Group on 2022-11-22 -- Timothy Pearson Sat, 26 Nov 2022 12:34:00 -0600 chromium (107.0.5304.110-2) unstable; urgency=high * Fix bullseye/mulodic.patch to actually work right. Sigh. -- Andres Salomon Thu, 10 Nov 2022 13:48:01 -0500 chromium (107.0.5304.110-1) unstable; urgency=high * New upstream security release. - CVE-2022-3885: Use after free in V8. Reported by gzobqq@. - CVE-2022-3886: Use after free in Speech Recognition. - CVE-2022-3887: Use after free in Web Workers. Reported by anonymous. - CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth. - CVE-2022-3889: Type Confusion in V8. Reported by anonymous. - CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous. * Clean up old crash dump files on launch (closes: #1015931). * debian/patches: - bullseye/mulodic.patch: (hopefully!) fix FTBFS on bullseye under i386 and armhf. -- Andres Salomon Wed, 09 Nov 2022 19:57:34 -0500 chromium (107.0.5304.87-1) unstable; urgency=high * New upstream security release. - CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtěšek, Milánek, and Przemek Gmerek of Avast. * Revert v4l2 enable for arm platforms until a build error is fixed. -- Andres Salomon Fri, 28 Oct 2022 07:02:02 -0400 chromium (107.0.5304.68-1) unstable; urgency=high * New upstream stable release. - CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team. - CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa). - CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva. - CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security. - CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel. - CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University. * Disable building against QT5 (for now). https://groups.google.com/a/chromium.org/g/chromium-packagers/c/-2VGexQAK6w * debian/copyright: - delete third_party/dawn/tools/golang binaries. * debian/patches: - upstream/armhf-ftbfs.patch: drop, merged upstream. - upstream/fix-nullptr-qual.patch: drop, merged upstream. - disable/catapult.patch: delete add'l blink reference to catapult. - bullseye/clang13.patch: refresh for minor upstream changes. - ppc64le/workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh - disable/clang-version-check.patch: added to fix build failure. Needs to go upstream. - ppc64le/workarounds/HACK-debian-clang-disable-skia-musttail.patch: drop, upstream skia stopped using clang::musttail. - upstream/re-fix-tflite.patch: re-add a build fix that upstream lost. [ Timothy Pearson ] * regenerate libaom configuration on ppc64el systems. -- Andres Salomon Tue, 25 Oct 2022 17:40:14 -0400 chromium (106.0.5249.119-1) unstable; urgency=high * New upstream security release. - CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16 - CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26 - CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22 - CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13 - CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17 - CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30 -- Timothy Pearson Tue, 11 Oct 2022 19:42:00 -0500 chromium (106.0.5249.103-2) unstable; urgency=low * Reduce baseline compatibility for ppc64el builds from POWER9 to POWER8. This matches the current Debian build farm. -- Timothy Pearson Sat, 08 Oct 2022 14:35:00 -0500 chromium (106.0.5249.103-1) unstable; urgency=medium * New upstream release. * Add ppc64el patches maintained by me, and enable builds for ppc64el (closes #1005083). -- Timothy Pearson Fri, 07 Oct 2022 17:54:00 -0500 chromium (106.0.5249.91-1) unstable; urgency=high * New upstream security release. - CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. - CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek. -- Andres Salomon Sat, 01 Oct 2022 03:21:58 -0400 chromium (106.0.5249.61-1) unstable; urgency=high * New upstream stable release. - CVE-2022-3304: Use after free in CSS. Reported by Anonymous. - CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK. - CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. - CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder. - CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab. - CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney. - CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess. - CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7). - CVE-2022-3314: Use after free in Logging. Reported by Anonymous. - CVE-2022-3315: Type confusion in Blink. Reported by Anonymous. - CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy). - CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh. - CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0. * debian/patches: - disable/angle-perftests.patch: drop most of patch. build_angle_perftests=false is set in d/rules, so no need to patch it and its dependencies. - upstream/browser-finder.patch: drop, merged upstream. - upstream/disk-cache.patch: drop, merged upstream. - upstream/masklayer-geom.patch: drop, merged upstream. - fixes/tflite.patch: drop, merged upstream. - bullseye/clang13.patch: update for upstream switching from one unsupported clang warning flag to another. - disable/catapult.patch: refresh. - disable/installer.patch: drop, as there's no real need to delete chrome/install_static; there's no licensing issues and it's only actually built on windows. - upstream/fix-missing-cmath.patch: added from upstream to fix ftbfs. - upstream/fix-nullptr-qual.patch: added from upstream to fix ftbfs. - fixes/fix-arm-vfpv3-d16-libaom.patch: add to fix a problem that was currently papered over by disabling libaom on arm. This new patch (hopefully) allows libaom to be built for the armhf arch. - disable/libaom-arm.patch: drop now that we've fixed libaom on arm. - system/event.patch: remove some old unused bits that patch gn. * Stop deleting chrome/install_static in d/copyright, and also start deleting third party libraries that we began linking to in v105 as well as tools/gn. * Remove mgilbert as an uploader; thanks for all your work on chromium packaging! -- Andres Salomon Tue, 27 Sep 2022 14:14:44 -0400 chromium (105.0.5195.125-1) unstable; urgency=high * New upstream security release. - CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute. - CVE-2022-3196: Use after free in PDF. Reported by triplepwns. - CVE-2022-3197: Use after free in PDF. Reported by triplepwns. - CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG. - CVE-2022-3199: Use after free in Frames. Reported by Anonymous. - CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP. - CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK -- Andres Salomon Wed, 14 Sep 2022 12:43:31 -0400 chromium (105.0.5195.102-1) unstable; urgency=high * New upstream security release. - CVE-2022-3075: Insufficient data validation in Mojo. * Update the cpu check to allow pni instead of sse3 (closes: #1018937). * Enable v4l2 for arm platforms. This also disables VA-API on arm64, so if that breaks things let me know. Thanks Eschenbacher.Stefan@Scheidt-Bachmann.de for the patch (#1011346). * debian/patches: - upstream/armhf-ftbfs.patch: fix FTBFS introduced with v105 on armhf. -- Andres Salomon Mon, 05 Sep 2022 15:57:26 -0400 chromium (105.0.5195.52-1) unstable; urgency=high * New upstream stable release. - CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3040: Use after free in Layout. Reported by Anonymous. - CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute. - CVE-2022-3042: Use after free in PhoneHub. Reported by koocola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel. - CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis . - CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI. - CVE-2022-3071: Use after free in Tab Strip. Reported by @ginggilBesel. - CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer. - CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess. - CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel. - CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab. - CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel. - CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani. - CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios). - CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li. - CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous. - CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes. - CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab. * Drop workaround for lack of older clang's -ffile-prefix-map. This should make reproducible builds happy. * debian/copyright: - Update for new libevent location (moved out of base/). - libopenjpeg20 -> libopenjpeg * debian/patches: - debianization/support-i386.patch: refresh. - disable/catapult.patch: refresh. - disable/libaom-arm.patch: refresh. - system/event.patch: update for new libevent location. - system/openjpeg.patch: refresh. - bullseye/clang13.patch: drop part of patch dropped upstream. - upstream/disk-cache.patch: build fix pulled from upstream. - upstream/browser-finder.patch: build fix pulled from upstream. - upstream/masklayer-geom.patch: build fix pulled from upstream. - system/jsoncpp.patch: drop, merged upstream. - fixes/angle-wayland: build fix due to mismatched wayland headers on sid. Only needed until angle updates its copy of wayland. - disable/welcome-page.patch: drop. Upstream fixed the original issue some time ago, and this new version finally cleaned up the workaround. - fixes/connection-message.patch: drop it. I looked at sending this upstream, but the original extension doesn't exist any more, and chromium properly prints an error if a proxy is unreachable. If you can still reproduce the issue (described in http://bugs.debian.org/864539), let me know so I can get it fixed upstream. * debian/scripts/unbundle: upstream tripled the number of (previously vendored) libraries that we can use system versions of. However, the majority of them are either not in bullseye or are too old, so we'll have to wait to use the debian versions for the ones not newly added as build-deps. * Disable optimize_webui, due to a build failure using nodejs from bullseye. I'll reenable this when it either gets fixed or we're done with bullseye security support. * Remove sse3-support dependency and just refuse to run if SSE3 is not present. Breaking via preinst script isn't appropriate for packages that might be installed by default (eg, by Debian Edu). * debian/control: add build-deps for brotli, libdouble-conversion-dev, libwoff-dev, and libxnvctrl-dev (closes: #987292). * Rework default search engine stuff. People did not like the "Your browser is managed" and "Your administrator can change your browser setup remotely" messages, which are admittedly alarming. Instead of using /etc/chromium/policies/recommended/duckduckgo.json, delete that and use /etc/chromium/master_preferences instead. -- Andres Salomon Wed, 31 Aug 2022 20:48:11 -0400 chromium (104.0.5112.101-1) unstable; urgency=high * New upstream security release. - CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero - CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-2857: Use after free in Blink. Reported by Anonymous - CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab - CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero - CVE-2022-2856: Insufficient validation of untrusted input in Intents Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group - CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong - CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI * Change default search engine to DuckDuckGo for privacy reasons. Set a different search engine under Settings -> Search Engine (closes: #956012). * Drop a bunch of versioned build-deps that have been satisfied since at least oldoldstable. * debian/NEWS.Debian: - Document upstream dropping support for older TLSv1 and TLSv1.1 protocols (closes: #1005808). - Document upstream dropping support for older x86 CPUs without SSE3 instruction support (closes: #1010407). - Document the Google to DuckDuckGo change. - Document upstream's config renaming of AuthServerWhitelist to AuthServerAllowlist (closes: #1013268). -- Andres Salomon Tue, 16 Aug 2022 17:29:29 -0400 chromium (104.0.5112.79-1) unstable; urgency=high * New upstream stable release. - CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous - CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang - CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel - CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani - CVE-2022-2609: Use after free in Nearby Share. Reported by koocola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute - CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer - CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) - CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) - CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) - CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab - CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer - CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz - CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel - CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine - CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk - CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security - CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean - CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab - CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program * debian/patches: - bullseye/nomerge.patch: drop, was only needed for clang-11. - bullseye/clang11.patch: drop clang-11 bits, rename to clang13.patch. - bullseye/blink-constexpr.patch: drop, only needed for clang-11. - bullseye/byteswap-constexpr2.patch: drop, only needed for clang-11. - disable/angle-perftests.patch: refresh - disable/catapult.patch: refresh & drop some no longer needed bits. - fixes/tflite.patch: fix a build error. * debian/copyright: - upstream dropped perfetto/ui/src/gen/. -- Andres Salomon Thu, 04 Aug 2022 11:31:44 -0400 chromium (103.0.5060.134-1) unstable; urgency=high * New upstream security release. - CVE-2022-2477 : Use after free in Guest View. Reported by anonymous - CVE-2022-2478 : Use after free in PDF. Reported by triplepwns - CVE-2022-2479 : Insufficient validation of untrusted input in File. Reported by anonymous - CVE-2022-2480 : Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero - CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University - CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) -- Andres Salomon Wed, 20 Jul 2022 00:51:39 -0400 chromium (103.0.5060.114-1) unstable; urgency=high * New upstream security release. - CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team - CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. - CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani -- Andres Salomon Sun, 10 Jul 2022 12:44:03 -0400 chromium (103.0.5060.53-1) unstable; urgency=high * New upstream stable release. - CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero - CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab - CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg - CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab - CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) - CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) - CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M - CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora * debian/patches: - upstream/dawn-version-fix.patch: drop merged upstream. - upstream/blink-ftbfs.patch: drop, merged upstream. - upstream/libxml.patch: drop, merged upstream. - upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch: drop, merged upstream. - upstream/byteswap-constexpr.patch: drop, merged upstream. - bullseye/byteswap-constexpr2.patch: sys_byteswap.h moved directories. - disable/angle-perftests.patch: simple refresh. - disable/catapult.patch: simple refresh. - bullseye/clang11.patch: minor update for some code dropped upstream. - system/openjpeg.patch: update for libopenjp2-7-dev's 2.4 -> 2.5 path change. -- Andres Salomon Tue, 21 Jun 2022 02:59:01 +0000 chromium (102.0.5005.115-1) unstable; urgency=high * New upstream security release. - CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri - CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) - CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero - CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) * debian/patches: - bullseye/byteswap-constexpr2.patch - additional fix for bullseye builds on 32-bit platforms (closes: #1011096). - debianization/support-i386.patch - re-enable support for i386 builds. Upstream no longer officially supports i386 builds on linux, so we are on our own here. -- Andres Salomon Fri, 10 Jun 2022 02:37:57 +0000 chromium (102.0.5005.61-1) unstable; urgency=high * New upstream stable release. - CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous - CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) - CVE-2022-1855: Use after free in Messaging. Reported by Anonymous - CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea - CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad - CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab - CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel - CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani - CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz - CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg - CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab - CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI - CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel - CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michał Bentkowski of Securitum - CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz - CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab - CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita - CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang - CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK - CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 - CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK - CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel * debian/patches: - system/jpeg.patch - straight refresh. - disable/swiftshader.patch - straight refresh. - disable/swiftshader-2.patch - refresh for upstream dropping of legacy swiftshader GL stuff; they now use ANGLE. - disable/angle-perftests.patch - refresh. - system/jsoncpp.patch - refresh for jsoncpp_no_deprecated_declarations argument change. - bullseye/clang11.patch - merge cast-call.patch into it, as well as dropping additional unsupported clang arguments. - bullseye/cast-call.patch - drop. - upstream/dawn-version-fix.patch - add patch to deal w/ FTBFS. - upstream/blink-ftbfs.patch - another FTBFS patch. - upstream/nested-nested-nested-nested-nested-nested-regex-patterns.patch - fix a build failure that only happens with clang + GNU's libstdc++. - upstream/byteswap-constexpr.patch - add this to fix bullsye builds on 32-bit platforms (closes: #1011096). * Don't build unneccessary dawn build tests. -- Andres Salomon Wed, 25 May 2022 02:09:10 -0400 chromium (101.0.4951.64-1) unstable; urgency=high * New upstream security release. - CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani - CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani - CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous - CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft - CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz - CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University - CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) - CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute - CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI -- Andres Salomon Tue, 10 May 2022 21:52:11 -0400 chromium (101.0.4951.54-1) unstable; urgency=low * Depend on sse3-support to ensure that chromium is only installed on machines that support the SSE3 instruction set. Otherwise we crash, as described in #1010407. We can also remove the manual sse2 check now. Upstream describes the SSE3 requirement @ http://crbug.com/1123353 * New upstream stable release. -- Andres Salomon Tue, 03 May 2022 12:16:07 -0400 chromium (101.0.4951.41-2) unstable; urgency=high * No changes, just the CVE list. The original blog post *did not* have CVEs. >:( - CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) - CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) - CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori - CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 - CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute - CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft - CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero - CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) - CVE-2022-1485: Use after free in File System API. - CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka - CVE-2022-1487: Use after free in Ozone. Reported by Sri - CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io - CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani - CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab - CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab - CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michał Bentkowski of Securitum - CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab - CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa - CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq - CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) - CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen - CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau -- Andres Salomon Tue, 26 Apr 2022 18:06:08 -0400 chromium (101.0.4951.41-1) unstable; urgency=low * New upstream stable release. * debian/copyright: - Delete a bunch of file exclusion lines that no longer exist. That png file workaround also goes away. - Add a line to delete a prebuilt apache server & related modules that upstream now includes for some reason? * debian/patches: - upstream/rvo-workaround.patch - drop, merged upstream. - disable/android.patch - drop part of it that upstream fixed. - disable/swiftshader.patch - refresh. - upstream/libxml.patch - add fix for upstream bug related to building against the system libxml. - bullseye/cast-call.patch - add a patch to silence unsupported flag warnings in clang <= 13. -- Andres Salomon Tue, 26 Apr 2022 17:18:09 -0400 chromium (100.0.4896.127-1) unstable; urgency=high * New upstream security release. - CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group -- Andres Salomon Thu, 14 Apr 2022 20:51:15 -0400 chromium (100.0.4896.88-1) unstable; urgency=high * New upstream security release. - CVE-2022-1305: Use after free in storage. Reported by Anonymous - CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe - CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) - CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci @sametbekmezci - CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka - CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute - CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita - CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab -- Andres Salomon Mon, 11 Apr 2022 23:45:07 -0400 chromium (100.0.4896.75-1) unstable; urgency=high * debian/copyright: - Stop dropping third_party/zlib/contrib/, which is just source code with acceptable licenses. - Replace the rule that dropped third_party/depot_tools with a more specific rule that drops just the ninja binaries. Also delete some unused png files to work around a bug in our scripts. - Replace a rule that dropped third_party/devtools-frontend/src/test with just dropping all wasm files ('*.wasm'), as well as third_party/devtools-frontend/src/test/screenshots/image_diff/. * debian/patches: - upstream/rvo-workaround.patch - added to fix FTBFS w/ clang-11. Pulled from upstream git. - disable/swiftshader-2.patch - drop most of it that's wrapped in a check for windows. - disable/fuzzers.patch - drop it; with the last release modifying fuzzer inclusion, we can now configure the build without this. - disable/owners.patch - drop it; no longer needed with depot_tools remaining in the source tree. - disable/devtools-unittests.patch - drop it; no longer needed if we keep third_party/devtools-frontend/src/test in the source tree. - disable/tests.patch - drop half of it; the media/gpu changes aren't needed, while keeping stuff in third_party/devtools-frontend/src/test from building is still necessary. * Drop enable_nacl_nonsfi=false from debian/rules, as upstream got rid of the variable. * New upstream security release. - CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero. -- Andres Salomon Wed, 06 Apr 2022 04:24:45 -0400 chromium (100.0.4896.60-1) unstable; urgency=high * Fix debian/watch to find the correct upstream version. * Ensure xz uses all available cpu cores when preparing orig.tar.gz * Switch to bundled ICU, since Debian's ICU is 2 years old at this point and upstream depends on a bunch of new API in ICU 69.1. * debian/copyright: - ensure all *.dlls are dropped from source. - Stop dropping '*fuzz' directories. It was too aggressive, resulting in build errors for perfectly fine BSD-3-clause and similar code. - Instead, drop '*corpus' and '*corpora' directories. Some of it is fine (lots generated by oss-fuzz with .dict files provided), but not all of it is and it's easier to just drop it. - Drop an esbuild binary. - The full upstream tarball includes additional stuff we don't want, so drop *.jar, tools/win, and some other stuff in third_party/. * debian/rules: - Disabling & deleting swiftshader now also needs to add dawn_use_swiftshader=false. - Switch from -lite upstream tarball to the full tarball in order to include ICU sources. * debian/patches: - upstream/libdrm.patch - drop, merged upstream. - debianization/manpage.patch - drop a small chunk merged upstream. - system/icu.patch - drop now that we're bundling ICU. - bullseye/icu-types.patch - drop now that we're bundling ICU. - system/convertutf.patch - update build for bundled ICU path. - fixes/closure.patch - drop now that we're no longer using lite tarball. - disable/driver-chrome-path.patch - refresh for BUILDFLAG() macro. - system/jsoncpp.patch - refresh for unrelated ios change. - disable/catapult.patch - refresh due to moving around of .pak files. * New upstream stable release. - CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani - CVE-2022-1127: Use after free in QR Code Generator. Reported by anonymous - CVE-2022-1128: Inappropriate implementation in Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of Shielder - CVE-2022-1129: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7) - CVE-2022-1130: Insufficient validation of untrusted input in WebOTP. Reported by Sergey Toshin of Oversecurity Inc. - CVE-2022-1131: Use after free in Cast UI. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2022-1132: Inappropriate implementation in Virtual Keyboard. Reported by Andr.Ess - CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous - CVE-2022-1134: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab - CVE-2022-1135: Use after free in Shopping Cart. Reported by Wei Yuan of MoyunSec VLab - CVE-2022-1136: Use after free in Tab Strip . Reported by Krace - CVE-2022-1137: Inappropriate implementation in Extensions. Reported by Thomas Orlita - CVE-2022-1138: Inappropriate implementation in Web Cursor. Reported by Alesandro Ortiz - CVE-2022-1139: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer - CVE-2022-1141: Use after free in File Manager. Reported by raven at KunLun lab - CVE-2022-1142: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2022-1143: Heap buffer overflow in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2022-1144: Use after free in WebUI. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2022-1145: Use after free in Extensions. Reported by Yakun Zhang of Baidu Security - CVE-2022-1146: Inappropriate implementation in Resource Timing. Reported by Sohom Datta -- Andres Salomon Fri, 01 Apr 2022 15:02:16 -0400 chromium (99.0.4844.84-1) unstable; urgency=high * New upstream security ("just *ONE* security hole, that's it?!") release. - CVE-2022-1096: Type Confusion in V8. Reported by anonymous. -- Andres Salomon Sat, 26 Mar 2022 00:16:52 -0500 chromium (99.0.4844.74-1) unstable; urgency=high * New upstream security release. - CVE-2022-0971: Use after free in Blink Layout. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0972: Use after free in Extensions. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0973: Use after free in Safe Browsing. Reported by avaue and Buff3tts at S.S.L. - CVE-2022-0974 : Use after free in Splitscreen. Reported by @ginggilBesel. - CVE-2022-0975: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa). - CVE-2022-0976: Heap buffer overflow in GPU. Reported by Omair. - CVE-2022-0977: Use after free in Browser UI. Reported by Khalil Zhani. - CVE-2022-0978: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0979: Use after free in Safe Browsing. Reported by anonymous. - CVE-2022-0980: Use after free in New Tab Page. Reported by Krace. -- Andres Salomon Wed, 16 Mar 2022 13:30:00 -0500 chromium (99.0.4844.51-2) unstable; urgency=medium * Change dependency on xdg-desktop-portal-* packages to be libgtk-3-0|xdg-desktop-portal-backend. Some folks don't want all the dependencies of the xdg portal packages, and chromium really just requires gtk unless runnning under KDE (closes: #1006267). * Disable fieldtrial testing config to fix some sandboxing issues. We used to do this, but the config flag was renamed (closes: #1003622). * Adjust patches: + system/zlib.patch: drop part of it that is unnecessary. -- Andres Salomon Sun, 06 Mar 2022 12:46:55 -0500 chromium (99.0.4844.51-1) unstable; urgency=high * Embed harfbuzz instead of using the system harfbuzz. Debian doesn't yet package harfbuzz-subset (see #988781). Once it is packaged, we can go back to using it. * Build against Debian's rapidjson-dev package instead of ANGLE's bundled rapidjson. * Adjust patches: + system/harfbuzz.patch - drop, we're using bundled harfbuzz now. + upstream/quiche-include.patch - drop, merged upstream. + upstream/restrict.patch - drop, merged upstream. + upstream/sequence-point.patch - drop, merged upstream. + disable/installer.patch - use new BUILDFLAG() macro. + disable/unrar.patch - use new BUILDFLAG() macro. + disable/welcome-page.patch - use new BUILDFLAG() macro. + disable/widevine-cdm.cu.patch - use new BUILDFLAG() macro. + disable/tests.patch - drop unnecessary parts of the patch (which ends up being most of it). + disable/angle-perftests.patch - drop config disabling ANGLE's rapidjson. + disable/swiftshader.patch - drop removal of rapidjson dependency. + system/rapidjson.patch - add to enable building w/ rapidjson-dev. * New upstream stable release. - CVE-2022-0789: Heap buffer overflow in ANGLE. Reported by SeongHwan Park (SeHwa). - CVE-2022-0790: Use after free in Cast UI. Reported by Anonymous. - CVE-2022-0791: Use after free in Omnibox. Reported by Zhihua Yao of KunLun Lab. - CVE-2022-0792: Out of bounds read in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori. - CVE-2022-0793: Use after free in Views. Reported by Thomas Orlita. - CVE-2022-0794: Use after free in WebShare. Reported by Khalil Zhani. - CVE-2022-0795: Type Confusion in Blink Layout. Reported by 0x74960. - CVE-2022-0796: Use after free in Media. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0797: Out of bounds memory access in Mojo. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0798: Use after free in MediaStream. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-0799: Insufficient policy enforcement in Installer. Reported by Abdelhamid Naceri (halov). - CVE-2022-0800: Heap buffer overflow in Cast UI. Reported by Khalil Zhani. - CVE-2022-0801: Inappropriate implementation in HTML parser. Reported by Michał Bentkowski of Securitum. - CVE-2022-0802: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7). - CVE-2022-0803: Inappropriate implementation in Permissions. Reported by Abdulla Aldoseri. - CVE-2022-0804: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7). - CVE-2022-0805: Use after free in Browser Switcher. Reported by raven at KunLun Lab. - CVE-2022-0806: Data leak in Canvas. Reported by Paril. - CVE-2022-0807: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz. - CVE-2022-0808: Use after free in Chrome OS Shell. Reported by @ginggilBesel. - CVE-2022-0809: Out of bounds memory access in WebXR. Reported by @uwu7586. -- Andres Salomon Wed, 02 Mar 2022 21:53:14 -0500 chromium (98.0.4758.102-1) unstable; urgency=high * Enable pipewire support in webrtc (closes: #954824). * Enable optimize_webui. This UI speed improvement was originally disabled due to nodejs deps, but recent upstream changes makes those deps necessary either way (closes: #970571). * Switch to using bundled node modules, to deal with (frequent) build failures (closes: #1005466). * Manually depend on xdg-desktop-portal-* packages. The file saving dialog needs a UI toolkit (closes: #1005230). * New upstream security release. - CVE-2022-0603: Use after free in File Manager. Reported by Chaoyuan Peng (@ret2happy). - CVE-2022-0604: Heap buffer overflow in Tab Groups. Reported by Krace. - CVE-2022-0605: Use after free in Webstore API. Reported by Thomas Orlita. - CVE-2022-0606: Use after free in ANGLE. - CVE-2022-0606: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0607: Use after free in GPU. Reported by 0x74960. - CVE-2022-0608: Integer overflow in Mojo. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0609: Use after free in Animation. Reported by Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group. - CVE-2022-0610: Inappropriate implementation in Gamepad API. Reported by Anonymous. -- Andres Salomon Tue, 15 Feb 2022 15:37:54 -0500 chromium (98.0.4758.80-1) unstable; urgency=high * Update manpage for package rename and everyone moving to https. * Drop libnpsr4-dev versioned dep. * Drop a bunch of patches (changes shouldn't affect chromium users). See https://salsa.debian.org/chromium-team/chromium/-/commits/master/ for the dropped patches. * New upstream stable release. - CVE-2022-0452: Use after free in Safe Browsing. Reported by avaue at S.S.L. - CVE-2022-0453: Use after free in Reader Mode. Reported by Rong Jian of VRI. - CVE-2022-0454: Heap buffer overflow in ANGLE. Reported by Seong-Hwan Park (SeHwa). - CVE-2022-0455: Inappropriate implementation in Full Screen Mode. Reported by Irvan Kurniawan (sourc7). - CVE-2022-0456: Use after free in Web Search. Reported by Zhihua Yao of KunLun Lab. - CVE-2022-0457: Type Confusion in V8. Reported by rax of the Group0x58. - CVE-2022-0458: Use after free in Thumbnail Tab Strip. Reported by Anonymous. - CVE-2022-0459: Use after free in Screen Capture. Reported by raven (@raid_akame). - CVE-2022-0460: Use after free in Window Dialog. Reported by 0x74960. - CVE-2022-0461: Policy bypass in COOP. Reported by NDevTK. - CVE-2022-0462: Inappropriate implementation in Scroll. Reported by Youssef Sammouda. - CVE-2022-0463: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab. - CVE-2022-0464: Use after free in Accessibility. Reported by Zhihua Yao of KunLun Lab. - CVE-2022-0465: Use after free in Extensions. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-0466: Inappropriate implementation in Extensions Platform. Reported by David Erceg. - CVE-2022-0467: Inappropriate implementation in Pointer Lock. Reported by Alesandro Ortiz. - CVE-2022-0468: Use after free in Payments. Reported by Krace. - CVE-2022-0469: Use after free in Cast. Reported by Thomas Orlita. - CVE-2022-0470: Out of bounds memory access in V8. Reported by Looben Yang. -- Andres Salomon Sat, 05 Feb 2022 01:12:10 -0500 chromium (97.0.4692.99-1) unstable; urgency=high * Add myself as an uploader. * Ack my NMU (closes: #1003440). * Remove Riku Voipio from uploaders at the request of the Debian MIA team - thanks for all your past work on chromium, Riku! (closes: #1001562) * Build-dep on terser | uglifyjs.terser (closes: #1001036). * Revert automatic wayland detection for now (closes: #1003689). We'll try again in chromium v98 or v99. * New upstream stable release. - CVE-2022-0289: Use after free in Safe browsing. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0290: Use after free in Site isolation. Reported by Brendon Tiszka and Sergei Glazunov of Google Project Zero. - CVE-2022-0291: Inappropriate implementation in Storage. Reported by Anonymous. - CVE-2022-0292: Inappropriate implementation in Fenced Frames. Reported by Brendon Tiszka. - CVE-2022-0293: Use after free in Web packaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab. - CVE-2022-0294: Inappropriate implementation in Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha Lab. - CVE-2022-0295: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-0296: Use after free in Printing. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-0297: Use after free in Vulkan. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0298: Use after free in Scheduling. Reported by Yangkang (@dnpushme) of 360 ATA. - CVE-2022-0300: Use after free in Text Input Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha Lab. - CVE-2022-0301: Heap buffer overflow in DevTools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research. - CVE-2022-0302: Use after free in Omnibox. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-0303: Race in GPU Watchdog. Reported by Yiğit Can YILMAZ (@yilmazcanyigit). - CVE-2022-0304: Use after free in Bookmarks. Reported by Rong Jian and Guang Gong of 360 Alpha Lab. - CVE-2022-0305: Inappropriate implementation in Service Worker API. Reported by @uwu7586. - CVE-2022-0306: Heap buffer overflow in PDFium. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-0307: Use after free in Optimization Guide. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-0308: Use after free in Data Transfer. Reported by @ginggilBesel. - CVE-2022-0309: Inappropriate implementation in Autofill. Reported by Alesandro Ortiz. - CVE-2022-0310: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci. - CVE-2022-0311: Heap buffer overflow in Task Manager. Reported by Samet Bekmezci @sametbekmezci. -- Andres Salomon Wed, 19 Jan 2022 23:53:45 -0500 chromium (97.0.4692.71-0.1) unstable; urgency=high * Non-maintainer upload. * Stop building chromium's bunded gn and instead build-dep on generate-ninja. * Drop numerous patches related to gcc building, since we just build w/ clang. * Use python3 as default instead of relying on python2 (closes: #942962, #996375). * Enable the ozone backend in the build (closes: #955540). * Automatically detect & enable Wayland support when launching chromium (closes: #861796). * Rename crashpad_handler to chrome_crashpad_handler. * No longer hardcode desktop GL implementation as default - it causes the chromium compositor's draw buffer to fill up & crash on my system. * Enable official builds. * Switch to using bundled ffmpeg instead of debian's ffmpeg. * New upstream stable release (closes: #995212). - CVE-2022-0096: Use after free in Storage. Reported by Yangkang (@dnpushme) of 360 ATA - CVE-2022-0097: Inappropriate implementation in DevTools. Reported by David Erceg - CVE-2022-0098: Use after free in Screen Capture. Reported by @ginggilBesel - CVE-2022-0099: Use after free in Sign-in. Reported by Rox - CVE-2022-0100: Heap buffer overflow in Media streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0101: Heap buffer overflow in Bookmarks. Reported by raven (@raid_akame) - CVE-2022-0102: Type Confusion in V8. Reported by Brendon Tiszka - CVE-2022-0103: Use after free in SwiftShader. Reported by Abraruddin Khan and Omair - CVE-2022-0104: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair - CVE-2022-0105: Use after free in PDF. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani - CVE-2022-0107: Use after free in File Manager API. Reported by raven (@raid_akame) - CVE-2022-0108: Inappropriate implementation in Navigation. Reported by Luan Herrera (@lbherrera_) - CVE-2022-0109: Inappropriate implementation in Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University - CVE-2022-0110: Incorrect security UI in Autofill. Reported by Alesandro Ortiz - CVE-2022-0111: Inappropriate implementation in Navigation. Reported by garygreen - CVE-2022-0112: Incorrect security UI in Browser UI. Reported by Thomas Orlita - CVE-2022-0113: Inappropriate implementation in Blink. Reported by Luan Herrera (@lbherrera_) - CVE-2022-0114: Out of bounds memory access in Web Serial. Reported by Looben Yang - CVE-2022-0115: Uninitialized Use in File API. Reported by Mark Brand of Google Project Zero - CVE-2022-0116: Inappropriate implementation in Compositing. Reported by Irvan Kurniawan (sourc7) - CVE-2022-0117: Policy bypass in Service Workers. Reported by Dongsung Kim (@kid1ng) - CVE-2022-0118: Inappropriate implementation in WebShare. Reported by Alesandro Ortiz - CVE-2022-0120: Inappropriate implementation in Passwords. Reported by CHAKRAVARTHI (Ruler96) (96.0.4664.110) - CVE-2021-4098: Insufficient data validation in Mojo. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-4099: Use after free in Swiftshader. Reported by Aki Helin of Solita - CVE-2021-4100: Object lifecycle issue in ANGLE. Reported by Aki Helin of Solita - CVE-2021-4101: Heap buffer overflow in Swiftshader. Reported by Abraruddin Khan and Omair - CVE-2021-4102: Use after free in V8. Reported by Anonymous (96.0.4664.93) - CVE-2021-4052: Use after free in web apps. Reported by Wei Yuan of MoyunSec VLab - CVE-2021-4053: Use after free in UI. Reported by Rox - CVE-2021-4079: Out of bounds write in WebRTC. Reported by Brendon Tiszka - CVE-2021-4054: Incorrect security UI in autofill. Reported by Alesandro Ortiz - CVE-2021-4078: Type confusion in V8. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab - CVE-2021-4055: Heap buffer overflow in extensions. Reported by Chen Rong - CVE-2021-4056: Type Confusion in loader. Reported by @__R0ng of 360 Alpha Lab - CVE-2021-4057: Use after free in file API. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-4058: Heap buffer overflow in ANGLE. Reported by Abraruddin Khan and Omair - CVE-2021-4059: Insufficient data validation in loader. Reported by Luan Herrera (@lbherrera_) - CVE-2021-4061: Type Confusion in V8. Reported by Paolo Severini - CVE-2021-4062: Heap buffer overflow in BFCache. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-4063: Use after free in developer tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-4064: Use after free in screen capture. Reported by @ginggilBesel - CVE-2021-4065: Use after free in autofill. Reported by 5n1p3r0010 from Topsec ChiXiao Lab - CVE-2021-4066: Integer underflow in ANGLE. Reported by Jaehun Jeong(@n3sk) of Theori - CVE-2021-4067: Use after free in window manager. Reported by @ginggilBesel - CVE-2021-4068: Insufficient validation of untrusted input in new tab page. Reported by NDevTK (96.0.4664.45) - CVE-2021-38008: Use after free in media. Reported by Marcin Towalski - CVE-2021-38009: Inappropriate implementation in cache. Reported by Luan Herrera (@lbherrera_) - CVE-2021-38006: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-38007: Type Confusion in V8. Reported by Polaris Feng and SGFvamll at Singular Security Lab - CVE-2021-38005: Use after free in loader. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-38010: Inappropriate implementation in service workers. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-38011: Use after free in storage foundation. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-38012: Type Confusion in V8. Reported by Yonghwi Jin (@jinmo123) - CVE-2021-38013: Heap buffer overflow in fingerprint recognition. Reported by raven (@raid_akame) - CVE-2021-38014: Out of bounds write in Swiftshader. Reported by Atte Kettunen of OUSPG - CVE-2021-38015: Inappropriate implementation in input. Reported by David Erceg - CVE-2021-38016: Insufficient policy enforcement in background fetch. Reported by Maurice Dauer - CVE-2021-38017: Insufficient policy enforcement in iframe sandbox. Reported by NDevTK - CVE-2021-38018: Inappropriate implementation in navigation. Reported by Alesandro Ortiz - CVE-2021-38019: Insufficient policy enforcement in CORS. Reported by Maurice Dauer - CVE-2021-38020: Insufficient policy enforcement in contacts picker. Reported by Luan Herrera (@lbherrera_) - CVE-2021-38021: Inappropriate implementation in referrer. Reported by Prakash (@1lastBr3ath) - CVE-2021-38022: Inappropriate implementation in WebAuthentication. Reported by Michal Kepkowski (95.0.4638.69) - CVE-2021-37997: Use after free in Sign-In. Reported by Wei Yuan of MoyunSec VLab - CVE-2021-37998: Use after free in Garbage Collection. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2021-37999: Insufficient data validation in New Tab Page. Reported by Ashish Arun Dhone - CVE-2021-38000: Insufficient validation of untrusted input in Intents. Reported by Clement Lecigne, Neel Mehta, and Maddie Stone of Google Threat Analysis Group - CVE-2021-38001: Type Confusion in V8. Reported by @s0rrymybad of Kunlun Lab via Tianfu Cup - CVE-2021-38002: Use after free in Web Transport. Reported by @__R0ng of 360 Alpha Lab, 漏洞研究院青训队 via Tianfu Cup - CVE-2021-38003: Inappropriate implementation in V8. Reported by Clément Lecigne from Google TAG and Samuel Groß from Google Project Zero - CVE-2021-38004: Insufficient policy enforcement in Autofill. Reported by Mark Amery (95.0.4638.54) - CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang (@dnpushme) of 360 ATA - CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-37983: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab - CVE-2021-37984: Heap buffer overflow in PDFium. Reported by Antti Levomäki, Joonas Pihlaja and Christian Jalio from Forcepoint - CVE-2021-37985: Use after free in V8. Reported by Yangkang (@dnpushme) of 360 ATA - CVE-2021-37986: Heap buffer overflow in Settings. Reported by raven (@raid_akame) - CVE-2021-37987: Use after free in Network APIs. Reported by Yangkang (@dnpushme) of 360 ATA - CVE-2021-37988: Use after free in Profiles. Reported by raven (@raid_akame) - CVE-2021-37989: Inappropriate implementation in Blink. Reported by Matt Dyas, Ankur Sundara - CVE-2021-37990: Inappropriate implementation in WebView. Reported by Kareem Selim of CyShield - CVE-2021-37991: Race in V8. Reported by Samuel Groß of Google Project Zero - CVE-2021-37992: Out of bounds read in WebAudio. Reported by sunburst@Ant Security Light-Year Lab - CVE-2021-37993: Use after free in PDF Accessibility. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2021-37996: Insufficient validation of untrusted input in Downloads. Reported by Anonymous - CVE-2021-37994: Inappropriate implementation in iFrame Sandbox. Reported by David Erceg - CVE-2021-37995: Inappropriate implementation in WebApp Installer. Reported by Terence Eden (94.0.4606.81) - CVE-2021-37977: Use after free in Garbage Collection. Reported by Anonymous - CVE-2021-37978: Heap buffer overflow in Blink. Reported by Yangkang (@dnpushme) of 360 ATA - CVE-2021-37979: Heap buffer overflow in WebRTC. Reported by Marcin Towalski of Cisco Talos - CVE-2021-37980: Inappropriate implementation in Sandbox. Reported by Yonghwi Jin (@jinmo123) of Theori (94.0.4606.71) - CVE-2021-37974: Use after free in Safe Browsing. Reported by Weipeng Jiang (@Krace) from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-37975: Use after free in V8. Reported by Anonymous - CVE-2021-37976: Information leak in core. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero (94.0.4606.61) - CVE-2021-37973: Use after free in Portals. Reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero (94.0.4606.54) - CVE-2021-37956 Use after free in Offline use. Reported by Huyna at Viettel Cyber Security - CVE-2021-37957: Use after free in WebGPU. Reported by Looben Yang - CVE-2021-37958: Inappropriate implementation in Navigation. Reported by James Lee (@Windowsrcer) - CVE-2021-37959: Use after free in Task Manager. Reported by raven (@raid_akame) - CVE-2021-37961: Use after free in Tab Strip. Reported by Khalil Zhani - CVE-2021-37962: Use after free in Performance Manager. Reported by Sri - CVE-2021-37963: Side-channel information leakage in DevTools. Reported by Daniel Genkin and Ayush Agarwal, University of Michigan, Eyal Ronen and Shaked Yehezkel, Tel Aviv University, Sioli O’Connell, University of Adelaide, and Jason Kim, Georgia Institute of Technology - CVE-2021-37964: Inappropriate implementation in ChromeOS Networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong - CVE-2021-37965: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer - CVE-2021-37966: Inappropriate implementation in Compositing. Reported by Mohit Raj (shadow2639) - CVE-2021-37967: Inappropriate implementation in Background Fetch API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab - CVE-2021-37968: Inappropriate implementation in Background Fetch API. Reported by Maurice Dauer - CVE-2021-37969: Inappropriate implementation in Google Updater. Reported by Abdelhamid Naceri (halov) - CVE-2021-37970: Use after free in File System API. Reported by SorryMybad (@S0rryMybad) of Kunlun Lab - CVE-2021-37971: Incorrect security UI in Web Browser UI. Reported by Rayyan Bijoora - CVE-2021-37972: Out of bounds read in libjpeg-turbo. Reported by Xu Hanyu and Lu Yutao from Panguite-Forensics-Lab of Qianxin -- Andres Salomon Mon, 10 Jan 2022 01:38:13 -0500 chromium (93.0.4577.82-1) unstable; urgency=medium * New upstream stable release. - CVE-2021-30625: Use after free in Selection API. Reported by Marcin Towalski of Cisco Talos - CVE-2021-30626: Out of bounds memory access in ANGLE. Reported by Jeonghoon Shin of Theori - CVE-2021-30627: Type Confusion in Blink layout. Reported by Aki Helin of OUSPG - CVE-2021-30628: Stack buffer overflow in ANGLE. Reported by Jaehun Jeong @n3sk of Theori - CVE-2021-30629: Use after free in Permissions. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-30630: Inappropriate implementation in Blink . Reported by SorryMybad @S0rryMybad of Kunlun Lab - CVE-2021-30631: Type Confusion in Blink layout. Reported by Atte Kettunen of OUSPG - CVE-2021-30632: Out of bounds write in V8. Reported by Anonymous - CVE-2021-30633: Use after free in Indexed DB API. Reported by Anonymous - CVE-2021-30606: Use after free in Blink. Reported by Nan Wang @eternalsakura13 and koocola @alo_cook of 360 Alpha Lab - CVE-2021-30607: Use after free in Permissions. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-30608: Use after free in Web Share. Reported by Huyna at Viettel Cyber Security - CVE-2021-30609: Use after free in Sign-In. Reported by raven @raid_akame - CVE-2021-30610: Use after free in Extensions API. Reported by Igor Bukanov from Vivaldi - CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang @eternalsakura13 and koocola @alo_cook of 360 Alpha Lab - CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang @eternalsakura13 and koocola @alo_cook of 360 Alpha Lab - CVE-2021-30613: Use after free in Base internals. Reported by Yangkang @dnpushme of 360 ATA - CVE-2021-30614: Heap buffer overflow in TabStrip. Reported by Huinian Yang @vmth6 of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. - CVE-2021-30615: Cross-origin data leak in Navigation. Reported by NDevTK - CVE-2021-30616: Use after free in Media. Reported by Anonymous - CVE-2021-30617: Policy bypass in Blink. Reported by NDevTK - CVE-2021-30618: Inappropriate implementation in DevTools. Reported by @DanAmodio and @mattaustin from Contrast Security - CVE-2021-30619: UI Spoofing in Autofill. Reported by Alesandro Ortiz - CVE-2021-30620: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-30621: UI Spoofing in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-30622: Use after free in WebApp Installs. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-30623: Use after free in Bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-30624: Use after free in Autofill. Reported by Wei Yuan of MoyunSec VLab - CVE-2021-30598: Type Confusion in V8. Reported by Manfred Paul - CVE-2021-30599: Type Confusion in V8. Reported by Manfred Paul - CVE-2021-30600: Use after free in Printing. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-30601: Use after free in Extensions API. Reported by koocola @alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab - CVE-2021-30602: Use after free in WebRTC. Reported by Marcin Towalski of Cisco Talos - CVE-2021-30603: Race in WebAudio. Reported by Sergei Glazunov of Google Project Zero - CVE-2021-30604: Use after free in ANGLE. Reported by Seong-Hwan Park SeHwa of SecunologyLab - CVE-2021-30554: Use after free in WebGL. Reported by anonymous - CVE-2021-30555: Use after free in Sharing. Reported by David Erceg - CVE-2021-30556: Use after free in WebAudio. Reported by Yangkang @dnpushme of 360 ATA - CVE-2021-30557: Use after free in TabGroups. Reported by David Erceg - CVE-2021-30544: Use after free in BFCache. Reported by Rong Jian and Guang Gong of 360 Alpha Lab - CVE-2021-30545: Use after free in Extensions. Reported by kkwon with everpall and kkomdal - CVE-2021-30546: Use after free in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-30547: Out of bounds write in ANGLE. Reported by Seong-Hwan Park SeHwa of SecunologyLab - CVE-2021-30548: Use after free in Loader. Reported by Yangkang @dnpushme & Wanglu of Qihoo360 Qex Team - CVE-2021-30549: Use after free in Spell check. Reported by David Erceg - CVE-2021-30550: Use after free in Accessibility. Reported by David Erceg - CVE-2021-30551: Type Confusion in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Sergei Glazunov of Google Project Zero - CVE-2021-30552: Use after free in Extensions. Reported by David Erceg - CVE-2021-30553: Use after free in Network service. Reported by Anonymous - CVE-2021-30521: Heap buffer overflow in Autofill. Reported by ZhanJia Song - CVE-2021-30522: Use after free in WebAudio. Reported by Piotr Bania of Cisco Talos - CVE-2021-30523: Use after free in WebRTC. Reported by Tolyan Korniltsev - CVE-2021-30524: Use after free in TabStrip. Reported by David Erceg - CVE-2021-30525: Use after free in TabGroups. Reported by David Erceg - CVE-2021-30526: Out of bounds write in TabStrip. Reported by David Erceg - CVE-2021-30527: Use after free in WebUI. Reported by David Erceg - CVE-2021-30528: Use after free in WebAuthentication. Reported by Man Yue Mo of GitHub Security Lab - CVE-2021-30529: Use after free in Bookmarks. Reported by koocola @alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab - CVE-2021-30530: Out of bounds memory access in WebAudio. Reported by kkwon - CVE-2021-30531: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt - CVE-2021-30532: Insufficient policy enforcement in Content Security Policy. Reported by Philip Papurt - CVE-2021-30533: Insufficient policy enforcement in PopupBlocker. Reported by Eliya Stein - CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox. Reported by Alesandro Ortiz - CVE-2021-30535: Double free in ICU. Reported by nocma, leogan, cheneyxu of WeChat Open Platform Security Team - CVE-2021-21212: Insufficient data validation in networking. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong - CVE-2021-30536: Out of bounds read in V8. Reported by Chris Salls @salls - CVE-2021-30537: Insufficient policy enforcement in cookies. Reported by Jun Kokatsu @shhnjk - CVE-2021-30538: Insufficient policy enforcement in content security policy. Reported by Tianze Ding @D1iv3 of Tencent Security Xuanwu Lab - CVE-2021-30539: Insufficient policy enforcement in content security policy. Reported by unnamed researcher - CVE-2021-30540: Incorrect security UI in payments. Reported by @retsew0x01 -- Michel Le Bihan Thu, 16 Sep 2021 17:48:15 +0200 chromium (90.0.4430.212-1) unstable; urgency=medium * New upstream security release. - CVE-2021-30506: Incorrect security UI in Web App Installs. Reported by @retsew0x01 - CVE-2021-30507: Inappropriate implementation in Offline. Reported by Alison Huffman - CVE-2021-30508: Heap buffer overflow in Media Feeds. Reported by Leecraso and Guang Gong - CVE-2021-30509: Out of bounds write in Tab Strip. Reported by David Erceg - CVE-2021-30510: Race in Aura. Reported by Weipeng Jiang - CVE-2021-30511: Out of bounds read in Tab Groups. Reported by David Erceg - CVE-2021-30512: Use after free in Notifications. Reported by ZhanJia Song - CVE-2021-30513: Type Confusion in V8. Reported by Man Yue Mo - CVE-2021-30514: Use after free in Autofill. Reported by koocola and Wang - CVE-2021-30515: Use after free in File API. Reported by Rong Jian and Guang Gong - CVE-2021-30516: Heap buffer overflow in History. Reported by ZhanJia Song - CVE-2021-30517: Type Confusion in V8. Reported by laural - CVE-2021-30518: Heap buffer overflow in Reader Mode. Reported by Jun Kokatsu - CVE-2021-30519: Use after free in Payments. Reported by asnine - CVE-2021-30520: Use after free in Tab Strip. Reported by Khalil Zhani -- Michael Gilbert Thu, 13 May 2021 02:50:43 +0000 chromium (90.0.4430.93-1) unstable; urgency=medium * New upstream security release (closes: #987715). - CVE-2021-21227: Insufficient data validation in V8. Reported by Gengming Liu of Singular Security Lab - CVE-2021-21232: Use after free in Dev Tools. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21233: Heap buffer overflow in ANGLE. Reported by Omair - CVE-2021-21228: Insufficient policy enforcement in extensions. Reported by Rob Wu - CVE-2021-21229: Incorrect security UI in downloads. Reported by Mohit Raj shadow2639 - CVE-2021-21230: Type Confusion in V8. Reported by Manfred Paul - CVE-2021-21231: Insufficient data validation in V8. Reported by Sergei Glazunov of Google Project Zero * Disable libaom on arm to potentially fix FTBFS on armhf -- Michel Le Bihan Wed, 28 Apr 2021 12:15:32 +0200 chromium (90.0.4430.85-1) unstable; urgency=medium * New upstream security release (closes: #987358). - CVE-2021-21222: Heap buffer overflow in V8. Reported by Guang Gong of Alpha Lab, Qihoo 360 - CVE-2021-21223: Integer overflow in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 - CVE-2021-21224: Type Confusion in V8. Reported by Jose Martinez tr0y4 from VerSprite Inc. - CVE-2021-21225: Out of bounds memory access in V8. Reported by Brendon Tiszka @btiszka supporting the EFF - CVE-2021-21226: Use after free in navigation. Reported by Brendon Tiszka @btiszka supporting the EFF -- Michel Le Bihan Thu, 22 Apr 2021 13:01:41 +0200 chromium (90.0.4430.72-1) unstable; urgency=medium * New upstream security release (closes: #987053). - CVE-2021-21201: Use after free in permissions. Reported by Gengming Liu and Jianyu Chen when working at Tencent KeenLab - CVE-2021-21202: Use after free in extensions. Reported by David Erceg - CVE-2021-21203: Use after free in Blink. Reported by asnine - CVE-2021-21204: Use after free in Blink. Reported by Chelse Tsai-Simek, Jeanette Ulloa, and Emily Voigtlander of Seesaw - CVE-2021-21205: Insufficient policy enforcement in navigation. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21221: Insufficient validation of untrusted input in Mojo. Reported by Guang Gong of Alpha Lab, Qihoo 360 - CVE-2021-21207: Use after free in IndexedDB. Reported by koocola @alo_cook and Nan Wang @eternalsakura13 of 360 Alpha Lab - CVE-2021-21208: Insufficient data validation in QR scanner. Reported by Ahmed Elsobky @0xsobky - CVE-2021-21209: Inappropriate implementation in storage. Reported by Tom Van Goethem @tomvangoethem - CVE-2021-21210: Inappropriate implementation in Network. Reported by @bananabr - CVE-2021-21211: Inappropriate implementation in Navigation. Reported by Akash Labade m0ns7er - CVE-2021-21212: Incorrect security UI in Network Config UI. Reported by Hugo Hue and Sze Yiu Chau of the Chinese University of Hong Kong - CVE-2021-21213: Use after free in WebMIDI. Reported by raven @raid_akame - CVE-2021-21214: Use after free in Network API. Reported by Anonymous - CVE-2021-21215: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21216: Inappropriate implementation in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21217: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team - CVE-2021-21218: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team - CVE-2021-21219: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team -- Michel Le Bihan Mon, 19 Apr 2021 19:13:47 +0200 chromium (89.0.4389.114-1) unstable; urgency=medium * New upstream security release (closes: #986335). - CVE-2021-21194: Use after free in screen capture. Reported by Leecraso and Guang Gong - CVE-2021-21195: Use after free in V8. Reported by Liu and Liang - CVE-2021-21196: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21197: Heap buffer overflow in TabStrip. Reported by Abdulrahman Alqabandi - CVE-2021-21198: Out of bounds read in IPC. Reported by Mark Brand - CVE-2021-21199: Use Use after free in Aura. Reported by Weipeng Jiang -- Michael Gilbert Sun, 04 Apr 2021 00:34:12 +0000 chromium (89.0.4389.90-1) unstable; urgency=medium * New upstream security release (closes: #985271). - CVE-2021-21191: Use after free in WebRTC. Reported by raven @raid_akame - CVE-2021-21192: Heap buffer overflow in tab groups. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21193: Use after free in Blink. Reported by Anonymous (closes: #985142) * Fix build with libvpx 1.7.0 and libicu63 (closes: #984926). * Change debian/rules to not leave debian/scripts/mk-origtargz -- Michel Le Bihan Mon, 15 Mar 2021 12:57:00 +0100 chromium (89.0.4389.82-1) unstable; urgency=medium * New upstream stable release (closes: #984532). - CVE-2021-21159: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21160: Heap buffer overflow in WebAudio. Reported by Marcin 'Icewall' Noga of Cisco Talos - CVE-2021-21161: Heap buffer overflow in TabStrip. Reported by Khalil Zhani - CVE-2021-21162: Use after free in WebRTC. Reported by Anonymous - CVE-2021-21163: Insufficient data validation in Reader Mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21164: Insufficient data validation in Chrome for iOS. Reported by Muneaki Nishimura nishimunea - CVE-2021-21165: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21166: Object lifecycle issue in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2021-21167: Use after free in bookmarks. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21168: Insufficient policy enforcement in appcache. Reported by Luan Herrera @lbherrera_ - CVE-2021-21169: Out of bounds memory access in V8. Reported by Bohan Liu @P4nda20371774 and Moon Liang of Tencent Security Xuanwu Lab - CVE-2021-21170: Incorrect security UI in Loader. Reported by David Erceg - CVE-2021-21171: Incorrect security UI in TabStrip and Navigation. Reported by Irvan Kurniawan sourc7 - CVE-2021-21172: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21173: Side-channel information leakage in Network Internals. Reported by Tom Van Goethem from imec-DistriNet, KU Leuven - CVE-2021-21174: Inappropriate implementation in Referrer. Reported by Ashish Gautam Kamble - CVE-2021-21175: Inappropriate implementation in Site isolation. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-21176: Inappropriate implementation in full screen mode. Reported by Luan Herrera @lbherrera_ - CVE-2021-21177: Insufficient policy enforcement in Autofill. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2021-21178: Inappropriate implementation in Compositing. Reported by Japong - CVE-2021-21179: Use after free in Network Internals. Reported by Anonymous - CVE-2021-21180: Use after free in tab search. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-27844: Heap buffer overflow in OpenJPEG. Reported by Sean Campbell at Tableau - CVE-2021-21181: Side-channel information leakage in autofill. Reported by Xu Lin (University of Illinois at Chicago), Panagiotis Ilia University of Illinois at Chicago, Jason Polakis University of Illinois at Chicago - CVE-2021-21182: Insufficient policy enforcement in navigations. Reported by Luan Herrera @lbherrera_ - CVE-2021-21183: Inappropriate implementation in performance APIs. Reported by Takashi Yoneuchi @y0n3uchy - CVE-2021-21184: Inappropriate implementation in performance APIs. Reported by James Hartig - CVE-2021-21185: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21186: Insufficient policy enforcement in QR scanning. Reported by dhirajkumarnifty - CVE-2021-21187: Insufficient data validation in URL formatting. Reported by Kirtikumar Anandrao Ramchandani - CVE-2021-21188: Use after free in Blink. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2021-21189: Insufficient policy enforcement in payments. Reported by Khalil Zhani - CVE-2021-21190: Uninitialized Use in PDFium. Reported by Zhou Aiting @zhouat1 of Qihoo 360 Vulcan Team -- Michel Le Bihan Mon, 08 Mar 2021 09:48:03 +0100 chromium (88.0.4324.182-1) unstable; urgency=medium * New upstream security release. - CVE-2021-21149: Stack overflow in Data Transfer. Reported by Ryoya Tsukasaki - CVE-2021-21150: Use after free in Downloads. Reported by Woojin Oh - CVE-2021-21151: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21152: Heap buffer overflow in Media. Reported by Anonymous - CVE-2021-21153: Stack overflow in GPU Process. Reported by Jan Ruge - CVE-2021-21154: Heap buffer overflow in Tab Strip . Reported by Abdulrahman Alqabandi - CVE-2021-21155: Heap buffer overflow in Tab Strip . Reported by Khalil Zhani - CVE-2021-21156: Heap buffer overflow in V8. Reported by Sergei Glazunov - CVE-2021-21157: Use after free in Web Sockets. Reported by Anonymous -- Michael Gilbert Thu, 18 Feb 2021 00:56:55 +0000 chromium (88.0.4324.150-1) unstable; urgency=medium * New upstream security release (closes: #982205). - CVE-2021-21148: Heap buffer overflow in V8. Reported by Mattias Buelens -- Michel Le Bihan Tue, 09 Feb 2021 13:02:34 +0100 chromium (88.0.4324.146-1) unstable; urgency=medium * New upstream stable release. - CVE-2021-21142: Use after free in Payments. Reported by Khalil Zhani - CVE-2021-21143: Heap buffer overflow in Extensions. Reported by Allen Parker & Alex Morgan of MU - CVE-2021-21144: Heap buffer overflow in Tab Groups. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21145: Use after free in Fonts. Reported by Anonymous - CVE-2021-21146: Use after free in Navigation. Reported by Alison Huffman and Choongwoo Han of Microsoft Browser Vulnerability Research - CVE-2021-21147: Inappropriate implementation in Skia. Reported by Roman Starkov -- Michel Le Bihan Wed, 03 Feb 2021 11:11:02 +0100 chromium (88.0.4324.96-2) unstable; urgency=medium * Add Michel Le Bihan to uploaders. * Add openjpeg include dirs to pdfium BUILD.gn (closes: #981270). -- Michel Le Bihan Fri, 29 Jan 2021 12:37:49 +0100 chromium (88.0.4324.96-1) unstable; urgency=medium * Organize patches. * Use system vpx again. * Support icu 6.3 and clang 7 in buster again. * Apply the non-maintainer uploads (closes: #972134). - Thanks to Michel Le Bihan, Jan Luca Naumann, and Peter Michael Green. -- Michael Gilbert Wed, 27 Jan 2021 01:40:59 +0000 chromium (88.0.4324.96-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream stable release (closes: #980564). - CVE-2021-21117: Insufficient policy enforcement in Cryptohome. Reported by Rory McNamara - CVE-2021-21118: Insufficient data validation in V8. Reported by Tyler Nighswander @tylerni7 of Theori - CVE-2021-21119: Use after free in Media. Reported by Anonymous - CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang @eternalsakura13 and Guang Gong of 360 Alpha Lab - CVE-2021-21121: Use after free in Omnibox. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21122: Use after free in Blink. Reported by Renata Hodovan - CVE-2021-21123: Insufficient data validation in File System API. Reported by Maciej Pulikowski - CVE-2021-21124: Potential user after free in Speech Recognizer. Reported by Chaoyang Ding(@V4kst1z) from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21125: Insufficient policy enforcement in File System API. Reported by Ron Masas - CVE-2020-16044: Use after free in WebRTC. Reported by Ned Williamson of Project Zero - CVE-2021-21126: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2021-21127: Insufficient policy enforcement in extensions. Reported by Jasminder Pal Singh, Web Services Point WSP, Kotkapura - CVE-2021-21128: Heap buffer overflow in Blink. Reported by Liang Dong - CVE-2021-21129: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21130: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21131: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski - CVE-2021-21132: Inappropriate implementation in DevTools. Reported by David Erceg - CVE-2021-21133: Insufficient policy enforcement in Downloads. Reported by wester0x01 - CVE-2021-21134: Incorrect security UI in Page Info. Reported by wester0x01 - CVE-2021-21135: Inappropriate implementation in Performance API. Reported by ndevtk - CVE-2021-21136: Insufficient policy enforcement in WebView. Reported by Shiv Sahni, Movnavinothan V and Imdad Mohammed - CVE-2021-21137: Inappropriate implementation in DevTools. Reported by bobblybear - CVE-2021-21138: Use after free in DevTools. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21139: Inappropriate implementation in iframe sandbox. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2021-21140: Uninitialized Use in USB. Reported by David Manouchehri - CVE-2021-21141: Insufficient policy enforcement in File System API. Reported by Maciej Pulikowski [ Jan Luca Naumann ] * Add watch file. [ Mattia Rizzolo ] * Change get-orig-source to produce reproducible tarballs. -- Michel Le Bihan Wed, 20 Jan 2021 23:23:08 +0100 chromium (87.0.4280.141-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream security release (closes: #979520). - CVE-2021-21106: Use after free in autofill. Reported by Weipeng Jiang @Krace from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2021-21107: Use after free in drag and drop. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21108: Use after free in media. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21109: Use after free in payments. Reported by Rong Jian and Guang Gong of 360 Alpha Lab - CVE-2021-21110: Use after free in safe browsing. Reported by Anonymous - CVE-2021-21111: Insufficient policy enforcement in WebUI. Reported by Alesandro Ortiz - CVE-2021-21112: Use after free in Blink. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2021-21113: Heap buffer overflow in Skia. Reported by tsubmunu - CVE-2020-16043: Insufficient data validation in networking. Reported by Samy Kamkar, Ben Seri at Armis, Gregory Vishnepolsky at Armis - CVE-2021-21114: Use after free in audio. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15995: Out of bounds write in V8. Reported by Bohan Liu @P4nda20371774 of Tencent Security Xuanwu Lab - CVE-2021-21115: Use after free in safe browsing. Reported by Leecraso and Guang Gong of 360 Alpha Lab - CVE-2021-21116: Heap buffer overflow in audio. Reported by Alison Huffman, Microsoft Browser Vulnerability Research [ Jan Luca Naumann ] * Use desktop gl implementation as default. (closes: #979135) -- Michel Le Bihan Sat, 09 Jan 2021 11:24:58 +0100 chromium (87.0.4280.88-0.4) unstable; urgency=medium * Non-maintainer upload. [ Michel Le Bihan ] * Install ANGLE EGL and GLESv2 libs (closes: #977870). * Disable Widevine CDM component updater (closes: #960454). * Disable usage of google-chrome in driver (closes: #930543). [ Jan Luca Naumann ] * Remove python3-xcbgen from Build-Deps * Changes to allow building on buster * Add patch for explicit python2 usage in scripts -- Michel Le Bihan Tue, 29 Dec 2020 10:58:42 +0100 chromium (87.0.4280.88-0.3) unstable; urgency=medium * Non-maintainer upload. * Fix double-delete in content service worker (closes: #977901). -- Michel Le Bihan Wed, 23 Dec 2020 11:55:48 +0100 chromium (87.0.4280.88-0.2) unstable; urgency=medium * Non-maintainer upload. * Exclude debian dir from unversioned python conversion script -- Michel Le Bihan Sun, 20 Dec 2020 22:14:50 +0100 chromium (87.0.4280.88-0.1) unstable; urgency=medium * Non-maintainer upload. * New upstream stable release (closes: #973848). - CVE-2020-16037: Use after free in clipboard. Reported by Ryoya Tsukasaki - CVE-2020-16038: Use after free in media. Reported by Khalil Zhani - CVE-2020-16039: Use after free in extensions. Reported by Anonymous - CVE-2020-16040: Insufficient data validation in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-16041: Out of bounds read in networking. Reported by Sergei Glazunov and Mark Brand of Google Project Zero - CVE-2020-16042: Uninitialized Use in V8. Reported by André Bargull - CVE-2020-16018: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-16019: Inappropriate implementation in filesystem. Reported by Rory McNamara - CVE-2020-16020: Inappropriate implementation in cryptohome. Reported by Rory McNamara - CVE-2020-16021: Race in ImageBurner. Reported by Rory McNamara - CVE-2020-16022: Insufficient policy enforcement in networking. Reported by @SamyKamkar - CVE-2020-16015: Insufficient data validation in WASM. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16014: Use after free in PPAPI. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16023: Use after free in WebCodecs. Reported by Brendon Tiszka and David Manouchehri supporting the @eff - CVE-2020-16024: Heap buffer overflow in UI. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16025: Heap buffer overflow in clipboard. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16026: Use after free in WebRTC. Reported by Jong-Gwon Kim - CVE-2020-16027: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-16028: Heap buffer overflow in WebRTC. Reported by asnine - CVE-2020-16029: Inappropriate implementation in PDFium. Reported by Anonymous - CVE-2020-16030: Insufficient data validation in Blink. Reported by Michał Bentkowski of Securitum - CVE-2019-8075: Insufficient data validation in Flash. Reported by Nethanel Gelernter, Cyberpion - CVE-2020-16031: Incorrect security UI in tab preview. Reported by wester0x01 - CVE-2020-16032: Incorrect security UI in sharing. Reported by wester0x01 - CVE-2020-16033: Incorrect security UI in WebUSB. Reported by Khalil Zhani - CVE-2020-16034: Inappropriate implementation in WebRTC. Reported by Benjamin Petermaier - CVE-2020-16035: Insufficient data validation in cros-disks. Reported by Rory McNamara - CVE-2020-16012: Side-channel information leakage in graphics. Reported by Aleksejs Popovs - CVE-2020-16036: Inappropriate implementation in cookies. Reported by Jun Kokatsu @shhnjk - CVE-2020-16013: Inappropriate implementation in V8. Reported by Anonymous - CVE-2020-16017: Use after free in site isolation. Reported by Anonymous - CVE-2020-16016: Inappropriate implementation in base. Reported by Rong Jian and Leecraso of 360 Alpha Lab - CVE-2020-16004: Use after free in user interface. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-16005: Insufficient policy enforcement in ANGLE. Reported by Jaehun Jeong @n3sk of Theori - CVE-2020-16006: Inappropriate implementation in V8. Reported by Bill Parks - CVE-2020-16007: Insufficient data validation in installer. Reported by Abdelhamid Naceri - CVE-2020-16008: Stack buffer overflow in WebRTC. Reported by Tolya Korniltsev - CVE-2020-16009: Inappropriate implementation in V8. Reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero - CVE-2020-16011: Heap buffer overflow in UI on Windows. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16000: Inappropriate implementation in Blink. Reported by amaebi_jp - CVE-2020-16001: Use after free in media. Reported by Khalil Zhani - CVE-2020-16002: Use after free in PDFium. Reported by Weipeng Jiang from Codesafe Team of Legendsec at Qi'anxin Group - CVE-2020-15999: Heap buffer overflow in Freetype. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-16003: Use after free in printing. Reported by Khalil Zhani - CVE-2020-15967: Use after free in payments. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15968: Use after free in Blink. Reported by Anonymous - CVE-2020-15969: Use after free in WebRTC. Reported by Anonymous - CVE-2020-15970: Use after free in NFC. Reported by Man Yue Mo of GitHub Security Lab - CVE-2020-15971: Use after free in printing. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15972: Use after free in audio. Reported by Anonymous - CVE-2020-15990: Use after free in autofill. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15991: Use after free in password manager. Reported by Rong Jian and Guang Gong of Alpha Lab, Qihoo 360 - CVE-2020-15973: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15974: Integer overflow in Blink. Reported by Juno Im of Theori - CVE-2020-15975: Integer overflow in SwiftShader. Reported by Anonymous - CVE-2020-15976: Use after free in WebXR. Reported by YoungJoo Lee @ashuu_lee of Raon Whitehat - CVE-2020-6557: Inappropriate implementation in networking. Reported by Matthias Gierlings and Marcus Brinkmann - CVE-2020-15977: Insufficient data validation in dialogs. Reported by Narendra Bhati - CVE-2020-15978: Insufficient data validation in navigation. Reported by Luan Herrera @lbherrera_ - CVE-2020-15979: Inappropriate implementation in V8. Reported by Avihay Cohen @ SeraphicAlgorithms - CVE-2020-15980: Insufficient policy enforcement in Intents. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-15981: Out of bounds read in audio. Reported by Christoph Guttandin - CVE-2020-15982: Side-channel information leakage in cache. Reported by Luan Herrera @lbherrera_ - CVE-2020-15983: Insufficient data validation in webUI. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-15984: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-15985: Inappropriate implementation in Blink. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research - CVE-2020-15986: Integer overflow in media. Reported by Mark Brand of Google Project Zero - CVE-2020-15987: Use after free in WebRTC. Reported by Philipp Hancke - CVE-2020-15992: Insufficient policy enforcement in networking. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-15988: Insufficient policy enforcement in downloads. Reported by Samuel Attard - CVE-2020-15989: Uninitialized Use in PDFium. Reported by Gareth Evans - CVE-2020-15960: Out of bounds read in storage. Reported by Anonymous - CVE-2020-15961: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15962: Insufficient policy enforcement in serial. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-15963: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15965: Out of bounds write in V8. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2020-15966: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-15964: Insufficient data validation in media. Reported by Woojin Oh @pwn_expoit of STEALIEN - CVE-2020-6573: Use after free in video. Reported by Leecraso and Guang Gong of 360 Alpha Lab working with 360 BugCloud - CVE-2020-6574: Insufficient policy enforcement in installer. Reported by CodeColorist of Ant-Financial LightYear Labs - CVE-2020-6575: Race in Mojo. Reported by Microsoft - CVE-2020-6576: Use after free in offscreen canvas. Reported by Looben Yang - CVE-2020-15959: Insufficient policy enforcement in networking. Reported by Eric Lawrence of Microsoft - CVE-2020-6558: Insufficient policy enforcement in iOS. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6559: Use after free in presentation API. Reported by Liu Wei and Wu Zekai of Tencent Security Xuanwu Lab - CVE-2020-6560: Insufficient policy enforcement in autofill. Reported by Nadja Ungethuem from www.unnex.de - CVE-2020-6561: Inappropriate implementation in Content Security Policy. Reported by Rob Wu - CVE-2020-6562: Insufficient policy enforcement in Blink. Reported by Masato Kinugawa - CVE-2020-6563: Insufficient policy enforcement in intent handling. Reported by Pedro Oliveira - CVE-2020-6564: Incorrect security UI in permissions. Reported by Khalil Zhani - CVE-2020-6565: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6566: Insufficient policy enforcement in media. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research - CVE-2020-6567: Insufficient validation of untrusted input in command line handling. Reported by Joshua Graham of TSS - CVE-2020-6568: Insufficient policy enforcement in intent handling. Reported by Yongke Wang @Rudykewang and Aryb1n @aryb1n of Tencent Security Xuanwu Lab - CVE-2020-6569: Integer overflow in WebUSB. Reported by guaixiaomei - CVE-2020-6570: Side-channel information leakage in WebRTC. Reported by Signal/Tenable - CVE-2020-6571: Incorrect security UI in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6556: Heap buffer overflow in SwiftShader. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6542: Use after free in ANGLE. Reported by Piotr Bania of Cisco Talos - CVE-2020-6543: Use after free in task scheduling. Reported by Looben Yang - CVE-2020-6544: Use after free in media. Reported by Tim Becker of Theori - CVE-2020-6545: Use after free in audio. Reported by Anonymous - CVE-2020-6546: Inappropriate implementation in installer. Reported by Andrew Hess - CVE-2020-6547: Incorrect security UI in media. Reported by David Albert - CVE-2020-6548: Heap buffer overflow in Skia. Reported by Choongwoo Han, Microsoft Browser Vulnerability Research - CVE-2020-6549: Use after free in media. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6550: Use after free in IndexedDB. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6551: Use after free in WebXR. Reported by Sergei Glazunov of Google Project Zero - CVE-2020-6552: Use after free in Blink. Reported by Tim Becker of Theori - CVE-2020-6553: Use after free in offline mode. Reported by Alison Huffman, Microsoft Browser Vulnerability Research - CVE-2020-6554: Use after free in extensions. Reported by Anonymous - CVE-2020-6555: Out of bounds read in WebGL. Reported by Marcin Towalski of Cisco Talos -- Michel Le Bihan Tue, 01 Dec 2020 00:00:00 +0000 chromium (84.0.4147.105-1) experimental; urgency=medium * New upstream security release. - CVE-2020-6537: Type Confusion in V8. Reported by Rong Jian and Guang Gong - CVE-2020-6532: Use after free in SCTP. Reported by Anonymous - CVE-2020-6538: Inappropriate implementation in WebView. Reported by Yongke Wang and Aryb1n - CVE-2020-6539: Use after free in CSS. Reported by Oriol Brufau - CVE-2020-6540: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6541: Use after free in WebUSB. Reported by Sergei Glazunov -- Michael Gilbert Sat, 01 Aug 2020 03:00:31 +0000 chromium (84.0.4147.89-1) experimental; urgency=medium * New upstream stable release. - CVE-2020-6510: Heap buffer overflow in background fetch. Reported by Leecraso and Guang Gong - CVE-2020-6511: Side-channel information leakage in content security policy. Reported by Mikhail Oblozhikhin - CVE-2020-6512: Type Confusion in V8. Reported by nocma, leogan, cheneyxu - CVE-2020-6513: Heap buffer overflow in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6514: Inappropriate implementation in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6515: Use after free in tab strip. Reported by DDV_UA - CVE-2020-6516: Policy bypass in CORS. Reported by Yongke Wang and Aryb1n - CVE-2020-6517: Heap buffer overflow in history. Reported by ZeKai Wu - CVE-2020-6518: Use after free in developer tools. Reported by David Erceg - CVE-2020-6519: Policy bypass in CSP. Reported by Gal Weizman - CVE-2020-6520: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6521: Side-channel information leakage in autofill. Reported by Xu Lin, Panagiotis Ilia, Jason Polakis - CVE-2020-6522: Inappropriate implementation in external protocol handlers. Reported by Eric Lawrence - CVE-2020-6523: Out of bounds write in Skia. Reported by Liu Wei and Wu Zekai - CVE-2020-6524: Heap buffer overflow in WebAudio. Reported by Sung Ta - CVE-2020-6525: Heap buffer overflow in Skia. Reported by Zhen Zhou - CVE-2020-6526: Inappropriate implementation in iframe sandbox. Reported by Jonathan Kingston - CVE-2020-6527: Insufficient policy enforcement in CSP. Reported by Zhong Zhaochen - CVE-2020-6528: Incorrect security UI in basic auth. Reported by Rayyan Bijoora - CVE-2020-6529: Inappropriate implementation in WebRTC. Reported by kaustubhvats7 - CVE-2020-6530: Out of bounds memory access in developer tools. Reported by myvyang - CVE-2020-6531: Side-channel information leakage in scroll to text. Reported by Jun Kokatsu - CVE-2020-6533: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6534: Heap buffer overflow in WebRTC. Reported by Anonymous - CVE-2020-6535: Insufficient data validation in WebUI. Reported by Jun Kokatsu - CVE-2020-6536: Incorrect security UI in PWAs. Reported by Zhiyang Zeng * Update information in debian/copyright. * Include more upstream metadata information. -- Michael Gilbert Sun, 26 Jul 2020 15:21:41 +0000 chromium (83.0.4103.116-3.1) unstable; urgency=medium * Non-maintainer upload. * Add 64-bit time syscalls to syscall whitelist and clock selection parameter filtering code * Switch to explicitly versioned python2 + Update build-depends + Replace references to /usr/bin/python and to env python with /usr/bin/python2 and env python2 + make exec_script in gn use python2 + add code in debian/rules clean to set the shebang in third_party/closure_compiler/compiler.py it seems someting in the upstream build system sometimes resets it. -- Peter Michael Green Tue, 15 Sep 2020 13:10:35 +0000 chromium (83.0.4103.116-3) unstable; urgency=high * Fix crashes when a connection error occurs (closes: #963548). - Thank you so much to Riku Voipio. -- Michael Gilbert Sat, 11 Jul 2020 14:56:34 +0000 chromium (83.0.4103.116-2) unstable; urgency=medium * Fix crashes due to ffmpeg 4.3 (closes: #963035). -- Michael Gilbert Mon, 29 Jun 2020 10:28:15 +0000 chromium (83.0.4103.116-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6509: Use after free in extensions. Reported by Anonymous -- Michael Gilbert Mon, 22 Jun 2020 19:45:51 +0000 chromium (83.0.4103.106-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6493: Use after free in WebAuthentication. Reported by Anonymous - CVE-2020-6494: Incorrect security UI in payments. Reported by Juho Nurminen - CVE-2020-6495: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6496: Use after free in payments. Reported by Khalil Zhani - CVE-2020-6497: Insufficient policy enforcement in Omnibox. Reported by Rayyan Bijoora - CVE-2020-6498: Incorrect security UI in progress display. Reported by Rayyan Bijoora - CVE-2020-6505: Use after free in speech. Reported by Khalil Zhani - CVE-2020-6506: Insufficient policy enforcement in WebView. Reported by Alesandro Ortiz - CVE-2020-6507: Out of bounds write in V8. Reported by Sergei Glazunov * Conflict with ffmpeg 4.3 (closes: #963080). * Support building with icu 67 (closes: #960236). * Support building with re2 20200501 (closes: #960361). -- Michael Gilbert Fri, 19 Jun 2020 00:40:28 +0000 chromium (83.0.4103.83-1) unstable; urgency=medium * New upstream stable release. - CVE-2020-6457: Use after free in speech recognizer. Reported by Leecraso and Guang Gong - CVE-2020-6458: Out of bounds read and write in PDFium. Reported by Aleksandar Nikolic - CVE-2020-6459: Use after free in payments. Reported by Zhe Jin - CVE-2020-6460: Insufficient data validation in URL formatting. Reported by Anonymous - CVE-2020-6461: Use after free in storage. Reported by Zhe Jin - CVE-2020-6462: Use after free in task scheduling. Reported by Zhe Jin - CVE-2020-6463: Use after free in ANGLE. Reported by Pawel Wylecial - CVE-2020-6464: Type Confusion in Blink. Reported by Looben Yang - CVE-2020-6465: Use after free in reader mode. Reported by Woojin Oh - CVE-2020-6466: Use after free in media. Reported by Zhe Jin - CVE-2020-6467: Use after free in WebRTC. Reported by ZhanJia Song - CVE-2020-6468: Type Confusion in V8. Reported by Chris Salls and Jake Corina - CVE-2020-6469: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6470: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski - CVE-2020-6471: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6472: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2020-6473: Insufficient policy enforcement in Blink. Reported by Soroush Karami and Panagiotis Ilia - CVE-2020-6474: Use after free in Blink. Reported by Zhe Jin - CVE-2020-6475: Incorrect security UI in full screen. Reported by Khalil Zhani - CVE-2020-6476: Insufficient policy enforcement in tab strip. Reported by Alexandre Le Borgne - CVE-2020-6478: Inappropriate implementation in full screen. Reported by Khalil Zhani - CVE-2020-6479: Inappropriate implementation in sharing. Reported by Zhong Zhaochen - CVE-2020-6480: Insufficient policy enforcement in enterprise. Reported by Marvin Witt - CVE-2020-6481: Insufficient policy enforcement in URL formatting. Reported by Rayyan Bijoora - CVE-2020-6482: Insufficient policy enforcement in developer tools. Reported by Abdulrahman Alqabandi - CVE-2020-6483: Insufficient policy enforcement in payments. Reported by Jun Kokatsu - CVE-2020-6484: Insufficient data validation in ChromeDriver. Reported by Artem Zinenko - CVE-2020-6485: Insufficient data validation in media router. Reported by Sergei Glazunov - CVE-2020-6486: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6487: Insufficient policy enforcement in downloads. Reported by Jun Kokatsu - CVE-2020-6488: Insufficient policy enforcement in downloads. Reported by David Erceg - CVE-2020-6489: Inappropriate implementation in developer tools. Reported by @lovasoa - CVE-2020-6490: Insufficient data validation in loader. Reported by Twitter - CVE-2020-6491: Incorrect security UI in site information. Reported by Sultan Haikal - CVE-2020-6831: Stack buffer overflow in SCTP. Reported by Natalie Silvanovich -- Michael Gilbert Thu, 18 Jun 2020 02:05:11 +0000 chromium (81.0.4044.92-1) unstable; urgency=medium * New upstream stable release. - CVE-2020-6423: Use after free in audio. Reported by Anonymous - CVE-2020-6430: Type Confusion in V8. Reported by Avihay Cohen - CVE-2020-6431: Insufficient policy enforcement in full screen. Reported by Luan Herrera - CVE-2020-6432: Insufficient policy enforcement in navigations. Reported by David Erceg - CVE-2020-6433: Insufficient policy enforcement in extensions. Reported by David Erceg - CVE-2020-6434: Use after free in devtools. Reported by HyungSeok Han - CVE-2020-6435: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6436: Use after free in window management. Reported by Igor Bukanov - CVE-2020-6437: Inappropriate implementation in WebView. Reported by Jann Horn - CVE-2020-6438: Insufficient policy enforcement in extensions. Reported by Ng Yik Phang - CVE-2020-6439: Insufficient policy enforcement in navigations. Reported by remkoboonstra - CVE-2020-6440: Inappropriate implementation in extensions. Reported by David Erceg - CVE-2020-6441: Insufficient policy enforcement in omnibox. Reported by David Erceg - CVE-2020-6442: Inappropriate implementation in cache. Reported by B@rMey - CVE-2020-6443: Insufficient data validation in developer tools. Reported by @lovasoa - CVE-2020-6444: Uninitialized use in WebRTC. Reported by mlfbrown - CVE-2020-6445: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6446: Insufficient policy enforcement in trusted types. Reported by Jun Kokatsu - CVE-2020-6447: Inappropriate implementation in developer tools. Reported by David Erceg - CVE-2020-6448: Use after free in V8. Reported by Guang Gong - CVE-2020-6454: Use after free in extensions. Reported by leecraso and Guang Gong - CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang and Guang Gong - CVE-2020-6456: Insufficient validation of untrusted input in clipboard. Reported by Michał Bentkowski -- Michael Gilbert Tue, 07 Apr 2020 23:05:20 +0000 chromium (80.0.3987.162-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6450: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6451: Use after free in WebAudio. Reported by Man Yue Mo - CVE-2020-6452: Heap buffer overflow in media. Reported by asnine -- Michael Gilbert Wed, 01 Apr 2020 04:30:14 +0000 chromium (80.0.3987.149-1) unstable; urgency=medium * New upstream security release. - CVE-2019-20503: Out of bounds read in usersctplib. Reported by Natalie Silvanovich - CVE-2020-6422: Use after free in WebGL. Reported by David Manouchehri - CVE-2020-6424: Use after free in media. Reported by Sergei Glazunov - CVE-2020-6425: Insufficient policy enforcement in extensions. Reported by Sergei Glazunov - CVE-2020-6426: Inappropriate implementation in V8. Reported by Avihay Cohen - CVE-2020-6427: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6428: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6429: Use after free in audio. Reported by Man Yue Mo - CVE-2020-6449: Use after free in audio. Reported by Man Yue Mo -- Michael Gilbert Fri, 20 Mar 2020 00:18:06 +0000 chromium (80.0.3987.132-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6420: Insufficient policy enforcement in media. Reported by Taras Uzdenov -- Michael Gilbert Fri, 06 Mar 2020 16:40:19 +0000 chromium (80.0.3987.122-2) unstable; urgency=medium * Reduce debugging symbols to avoid memory exhaustion while linking. -- Michael Gilbert Tue, 03 Mar 2020 04:15:34 +0000 chromium (80.0.3987.122-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6407: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6418: Type confusion in V8. Reported by Clement Lecigne -- Michael Gilbert Sun, 01 Mar 2020 01:25:59 +0000 chromium (80.0.3987.116-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6383: Type confusion in V8. Reported by Sergei Glazunov - CVE-2020-6384: Use after free in WebAudio. Reported by David Manouchehri - CVE-2020-6386: Use after free in speech. Reported by Zhe Jin -- Michael Gilbert Sat, 22 Feb 2020 03:01:15 +0000 chromium (80.0.3987.106-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-19923: Out of bounds memory access in SQLite. Reported by Richard Lorenz - CVE-2019-19925: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2019-19926: Inappropriate implementation in SQLite. Reported by Richard Lorenz - CVE-2019-19880: Vulnerability in SQLite. Reported by Richard Lorenz - CVE-2020-6381: Integer overflow in JavaScript. Reported by The UK's National Cyber Security Centre - CVE-2020-6382: Type Confusion in JavaScript. Reported by Soyeon Park and Wen Xu - CVE-2020-6385: Insufficient policy enforcement in storage. Reported by Sergei Glazunov - CVE-2020-6387: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6388: Out of bounds memory access in WebAudio. Reported by Sergei Glazunov - CVE-2020-6389: Out of bounds write in WebRTC. Reported by Natalie Silvanovich - CVE-2020-6390: Out of bounds memory access in streams. Reported by Sergei Glazunov - CVE-2020-6391: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2020-6392: Insufficient policy enforcement in extensions. Reported by Microsoft Edge Team - CVE-2020-6393: Insufficient policy enforcement in Blink. Reported by Mark Amery - CVE-2020-6394: Insufficient policy enforcement in Blink. Reported by Phil Freo - CVE-2020-6395: Out of bounds read in JavaScript. Reported by Pierre Langlois - CVE-2020-6396: Inappropriate implementation in Skia. Reported by William Luc Ritchie - CVE-2020-6397: Incorrect security UI in sharing. Reported by Khalil Zhani - CVE-2020-6398: Uninitialized use in PDFium. Reported by pdknsk - CVE-2020-6399: Insufficient policy enforcement in AppCache. Reported by Luan Herrera - CVE-2020-6400: Inappropriate implementation in CORS. Reported by Takashi Yoneuchi - CVE-2020-6401: Insufficient validation of untrusted input in Omnibox. Reported by Tzachy Horesh - CVE-2020-6402: Insufficient policy enforcement in downloads. Reported by Vladimir Metnew - CVE-2020-6403: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2020-6404: Inappropriate implementation in Blink. Reported by kanchi - CVE-2020-6405: Out of bounds read in SQLite. Reported by Yongheng Chen and Rui Zhong - CVE-2020-6406: Use after free in audio. Reported by Sergei Glazunov - CVE-2020-6408: Insufficient policy enforcement in CORS. Reported by Zhong Zhaochen - CVE-2020-6409: Inappropriate implementation in Omnibox. Reported by Divagar S and Bharathi V - CVE-2020-6410: Insufficient policy enforcement in navigation. Reported by evi1m0 - CVE-2020-6411: Insufficient validation of untrusted input in Omnibox. Reported by Khalil Zhani - CVE-2020-6412: Insufficient validation of untrusted input in Omnibox. Reported by Zihan Zheng - CVE-2020-6413: Inappropriate implementation in Blink. Reported by Michał Bentkowski - CVE-2020-6414: Insufficient policy enforcement in Safe Browsing. Reported by Lijo A.T - CVE-2020-6415: Inappropriate implementation in JavaScript. Reported by Avihay Cohen - CVE-2020-6416: Insufficient data validation in streams. Reported by Woojin Oh - CVE-2020-6417: Inappropriate implementation in installer. Reported by Renato Moraes and Altieres Rohr * Remove --ignore-gpu-blacklist from the default flags (closes: #947207). * Update standards version to 4.5.0. * Build with clang instead of gcc. -- Michael Gilbert Sun, 16 Feb 2020 23:33:50 +0000 chromium (79.0.3945.130-2) unstable; urgency=medium * Add libx11-xcb-dev as a build dependency. -- Michael Gilbert Sun, 19 Jan 2020 08:42:14 +0000 chromium (79.0.3945.130-1) unstable; urgency=medium * New upstream security release. - CVE-2020-6377: Use after free in audio. Reported by Zhe Jin - CVE-2020-6378: Use-after-free in speech recognizer. Reported by Antti Levomäki and Christian Jalio - CVE-2020-6379: Use-after-free in speech recognizer. Reported by Guang Gong - CVE-2020-6380: Extension message verification error. Reported by Sergei Glazunov - CVE-2019-13767: Use after free in media picker. Reported by Sergei Glazunov * Fix memory instrumentation singleton initialization errors caused by tracing patch included in the previous upload (closes: #945920). -- Michael Gilbert Sat, 18 Jan 2020 20:26:26 +0000 chromium (79.0.3945.79-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-13725: Use after free in Bluetooth. Reported by Gengming Liu and Jianyu Chen - CVE-2019-13726: Heap buffer overflow in password manager. Reported by Sergei Glazunov - CVE-2019-13727: Insufficient policy enforcement in WebSockets. Reported by @piochu - CVE-2019-13728: Out of bounds write in V8. Reported by Rong Jian and Guang Gong - CVE-2019-13729: Use after free in WebSockets. Reported by Zhe Jin - CVE-2019-13730: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13732: Use after free in WebAudio. Reported by Sergei Glazunov - CVE-2019-13734: Out of bounds write in SQLite. Reported by Wenxiang Qian - CVE-2019-13735: Out of bounds write in V8. Reported by Gengming Liu and Zhen Feng - CVE-2019-13764: Type Confusion in V8. Reported by Soyeon Park and Wen Xu - CVE-2019-13736: Integer overflow in PDFium. Reported by Anonymous - CVE-2019-13737: Insufficient policy enforcement in autocomplete. Reported by Mark Amery - CVE-2019-13738: Insufficient policy enforcement in navigation. Reported by Johnathan Norman and Daniel Clark - CVE-2019-13739: Incorrect security UI in Omnibox. Reported by xisigr - CVE-2019-13740: Incorrect security UI. Reported by Khalil Zhani - CVE-2019-13741: Insufficient validation of untrusted input in Blink. Reported by Michał Bentkowski - CVE-2019-13742: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13743: Incorrect security UI in external protocol handling. Reported by Zhiyang Zeng - CVE-2019-13744: Insufficient policy enforcement in cookies. Reported by Prakash - CVE-2019-13745: Insufficient policy enforcement in audio. Reported by Luan Herrera - CVE-2019-13746: Insufficient policy enforcement in Omnibox. Reported by David Erceg - CVE-2019-13747: Uninitialized Use in rendering. Reported by Ivan Popelyshev and André Bonatti - CVE-2019-13748: Insufficient policy enforcement in developer tools. Reported by David Erceg - CVE-2019-13749: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13750: Insufficient data validation in SQLite. Reported by Wenxiang Qian - CVE-2019-13751: Uninitialized Use in SQLite. Reported by Wenxiang Qian - CVE-2019-13752: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13753: Out of bounds read in SQLite. Reported by Wenxiang Qian - CVE-2019-13754: Insufficient policy enforcement in extensions. Reported by Cody Crews - CVE-2019-13755: Insufficient policy enforcement in extensions. Reported by Masato Kinugawa - CVE-2019-13756: Incorrect security UI in printing. Reported by Khalil Zhani - CVE-2019-13757: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13758: Insufficient policy enforcement in navigation. Reported by Khalil Zhani - CVE-2019-13759: Incorrect security UI. Reported by Wenxu Wu - CVE-2019-13761: Incorrect security UI in Omnibox. Reported by Khalil Zhani - CVE-2019-13762: Insufficient policy enforcement in downloads. Reported by csanuragjain - CVE-2019-13763: Insufficient policy enforcement in payments. Reported by weiwangpp93 -- Michael Gilbert Thu, 12 Dec 2019 04:36:09 +0000 chromium (79.0.3945.56-1) experimental; urgency=medium * New upstream beta release. * Update standards version to 4.4.1. * Ignore the gpu blacklist by default again. -- Michael Gilbert Wed, 27 Nov 2019 23:59:29 +0000 chromium (78.0.3904.108-1) unstable; urgency=medium * New upstream security release. - CVE-2019-13723: Use-after-free in Bluetooth. Reported by Yuxiang Li - CVE-2019-13724: Out-of-bounds in Bluetooth. Reported by Yuxiang Li * Disable vaapi on armhf (closes: #944627). -- Michael Gilbert Wed, 20 Nov 2019 23:46:06 +0000 chromium (78.0.3904.97-1) unstable; urgency=medium * New upstream security release. * Enable vaapi (closes: #940074). * Fix crash during profile manager shutdown. * Drop libglewmx-dev build dependency (closes: #941050). -- Michael Gilbert Sat, 09 Nov 2019 03:33:52 +0000 chromium (78.0.3904.87-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5869: Use-after-free in Blink. Reported by Zhe Jin - CVE-2019-5870: Use-after-free in media. Reported by Guang Gong - CVE-2019-5871: Heap overflow in Skia. Reported by Anonymous - CVE-2019-5872: Use-after-free in Mojo. Reported by Zhe Jin - CVE-2019-5874: External URIs may trigger other browsers. Reported by James Lee - CVE-2019-5875: URL bar spoof. Reported by Khalil Zhani - CVE-2019-5876: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-5877: Out-of-bounds access in V8. Reported by Guang Gong - CVE-2019-5878: Use-after-free in V8. Reported by Guang Gong - CVE-2019-5879: Extensions can read some local files. Reported by Jinseo Kim - CVE-2019-5880: SameSite cookie bypass. Reported by Jun Kokatsu - CVE-2019-13659: URL spoof. Reported by Lnyas Zhang - CVE-2019-13660: Full screen notification overlap. Reported by Wenxu Wu - CVE-2019-13661: Full screen notification spoof. Reported by Wenxu Wu - CVE-2019-13662: CSP bypass. Reported by David Erceg - CVE-2019-13663: IDN spoof. Reported by Lnyas Zhang - CVE-2019-13664: CSRF bypass. Reported by thomas "zemnmez" shadwell - CVE-2019-13665: Multiple file download protection bypass. Reported by Jun Kokatsu - CVE-2019-13666: Side channel using storage size estimate. Reported by Tom Van Goethem - CVE-2019-13667: URI bar spoof when using external app URIs. Reported by Khalil Zhani - CVE-2019-13668: Global window leak via console. Reported by David Erceg - CVE-2019-13669: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13670: V8 memory corruption in regex. Reported by Guang Gong - CVE-2019-13671: Dialog box fails to show origin. Reported by xisigr - CVE-2019-13673: Cross-origin information leak using devtools. Reported by David Erceg - CVE-2019-13674: IDN spoofing. Reported by Khalil Zhani - CVE-2019-13675: Extensions can be disabled by trailing slash. Reported by Jun Kokatsu - CVE-2019-13676: Google URI shown for certificate warning. Reported by Wenxu Wu - CVE-2019-13677: Chrome web store origin needs to be isolated. Reported by Jun Kokatsu - CVE-2019-13678: Download dialog spoofing. Reported by Ronni Skansing - CVE-2019-13679: User gesture needed for printing. Reported by Conrad Irwin - CVE-2019-13680: IP address spoofing to servers. Reported by Thijs Alkemade - CVE-2019-13681: Bypass on download restrictions. Reported by David Erceg - CVE-2019-13682: Site isolation bypass. Reported by Jun Kokatsu - CVE-2019-13683: Exceptions leaked by devtools. Reported by David Erceg - CVE-2019-13685: Use-after-free in UI. Reported by Khalil Zhani - CVE-2019-13686: Use-after-free in offline pages. Reported by Brendon - CVE-2019-13687: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13688: Use-after-free in media. Reported by Man Yue Mo Tiszka - CVE-2019-13691: Omnibox spoof. Reported by David Erceg - CVE-2019-13692: SOP bypass. Reported by Jun Kokatsu - CVE-2019-13693: Use-after-free in IndexedDB. Reported by Guang Gong - CVE-2019-13694: Use-after-free in WebRTC. Reported by banananapenguin - CVE-2019-13695: Use-after-free in audio. Reported by Man Yue Mo - CVE-2019-13696: Use-after-free in V8. Reported by Guang Gong - CVE-2019-13697: Cross-origin size leak. Reported by Luan Herrera - CVE-2019-13699: Use-after-free in media. Reported by Man Yue Mo - CVE-2019-13700: Buffer overrun in Blink. Reported by Man Yue Mo - CVE-2019-13701: URL spoof in navigation. Reported by David Erceg - CVE-2019-13702: Privilege elevation in Installer. Reported by Phillip Langlois and Edward Torkington - CVE-2019-13703: URL bar spoofing. Reported by Khalil Zhani - CVE-2019-13704: CSP bypass. Reported by Jun Kokatsu - CVE-2019-13705: Extension permission bypass. Reported by Luan Herrera - CVE-2019-13706: Out-of-bounds read in PDFium. Reported by pdknsk - CVE-2019-13707: File storage disclosure. Reported by Andrea Palazzo - CVE-2019-13708: HTTP authentication spoof. Reported by Khalil Zhani - CVE-2019-13709: File download protection bypass. Reported by Zhong Zhaochen - CVE-2019-13710: File download protection bypass. Reported by bernardo.mrod - CVE-2019-13711: Cross-context information leak. Reported by David Erceg - CVE-2019-13713: Cross-origin data leak. Reported by David Erceg - CVE-2019-13714: CSS injection. Reported by Jun Kokatsu - CVE-2019-13715: Address bar spoofing. Reported by xisigr - CVE-2019-13716: Service worker state error. Reported by Barron Hagerman - CVE-2019-13717: Notification obscured. Reported by xisigr - CVE-2019-13718: IDN spoof. Reported by Khalil Zhani - CVE-2019-13719: Notification obscured. Reported by Khalil Zhani - CVE-2019-13720: Use-after-free in audio. Reported by Anton Ivanov and Alexey Kulaev - CVE-2019-13721: Use-after-free in PDFium. Reported by banananapenguin * Drop support for building with gcc 6 and gtk 2. -- Michael Gilbert Sat, 02 Nov 2019 22:30:42 +0000 chromium (76.0.3809.100-1) unstable; urgency=medium * New upstream security release. - CVE-2019-5867: Out-of-bounds read in V8. Reported by Lucas Pinheiro - CVE-2019-5868: Use-after-free in PDFium ExecuteFieldAction. Reported by banananapenguin -- Michael Gilbert Fri, 09 Aug 2019 19:58:55 +0000 chromium (76.0.3809.87-2) unstable; urgency=medium * Fix inverted logic in enum comparison (closes: #933598). -- Michael Gilbert Sat, 03 Aug 2019 14:31:59 +0000 chromium (76.0.3809.87-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5847: V8 sealed/frozen elements cause crash. Reported by m3plex - CVE-2019-5848: Font sizes may expose sensitive information. Reported by Mark Amery - CVE-2019-5850: Use-after-free in offline page fetcher. Reported by Brendon Tiszka - CVE-2019-5851: Use-after-poison in offline audio context. Reported by Zhe Jin - CVE-2019-5852: Object leak of utility functions. Reported by David Erceg - CVE-2019-5853: Memory corruption in regexp length check. Reported by yngwei and sakura - CVE-2019-5854: Integer overflow in PDFium text rendering. Reported by Zhen Zhou - CVE-2019-5855: Integer overflow in PDFium. Reported by Zhen Zhou - CVE-2019-5856: Insufficient checks on filesystem: URI permissions. Reported by Yongke Wang - CVE-2019-5857: Comparison of -0 and null yields crash. Reported by cloudfuzzer - CVE-2019-5858: Insufficient filtering of Open URL service parameters. Reported by evi1m0 - CVE-2019-5859: res: URIs can load alternative browsers. Reported by James Lee - CVE-2019-5860: Use-after-free in PDFium. Reported by Anonymous - CVE-2019-5861: Click location incorrectly checked. Reported by Robin Linus - CVE-2019-5862: AppCache not robust to compromised renderers. Reported by Jun Kokatsu - CVE-2019-5864: Insufficient port filtering in CORS for extensions. Reported by Devin Grindle - CVE-2019-5865: Site isolation bypass from compromised renderer. Reported by Ivan Fratric * Use legacy call to avoid error in icu 6.3 (closes: #932049). -- Michael Gilbert Mon, 29 Jul 2019 23:22:44 +0000 chromium (76.0.3809.71-1) unstable; urgency=medium * New upstream beta release. * Recommend system-config-printer (closes: #929106). * Add -fno-delete-null-pointer-checks back into the build flags. -- Michael Gilbert Wed, 24 Jul 2019 22:51:41 +0000 chromium (76.0.3809.62-1) unstable; urgency=medium * New upstream beta release. - Fixes error restoring multiple profiles on startup (closes: #930469). * Update standards version to 4.4.0. -- Michael Gilbert Wed, 10 Jul 2019 23:52:45 +0000 chromium (75.0.3770.90-1) unstable; urgency=medium [ Riku Voipio ] * Fix build on armhf (closes: #930348). [ Michael Gilbert ] * New upstream security release. - CVE-2019-5842: Use-after-free in Blink. Reported by BUGFENSE * Disable hardware accelerated video (closes: #926032). * Fix signedness error when built with gcc (closes: #914886). - Thanks to Maciej S. Szmigiero. -- Michael Gilbert Fri, 14 Jun 2019 00:10:43 +0000 chromium (75.0.3770.80-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5824: Parameter passing error in media player. Reported by leecraso and Guang Gong - CVE-2019-5825: Out-of-bounds write in V8. Reported by Gengming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu - CVE-2019-5826: Use-after-free in IndexedDB. Reported by Gengming Liu, Jianyu Chen, Zhen Feng, and Jessica Liu - CVE-2019-5827: Out-of-bounds access issue in SQLite. Reported by mlfbrown - CVE-2019-5828: Use after free in ServiceWorker. Reported by leecraso and Guang Gong - CVE-2019-5829: Use after free in Download Manager. Reported by Lucas Pinheiro - CVE-2019-5830: Incorrectly credentialed requests in CORS. Reported by Andrew Krasichkov - CVE-2019-5831: Incorrect map processing in V8. Reported by yngwei - CVE-2019-5832: Incorrect CORS handling in XHR. Reported by Sergey Shekyan - CVE-2019-5833: Inconsistent security UI placement. Reported by Khalil Zhani - CVE-2019-5834: URL spoof in Omnibox on iOS. Reported by Khalil Zhani - CVE-2019-5836: Heap buffer overflow in Angle. Reported by Omair - CVE-2019-5837: Cross-origin resources size disclosure in Appcache. Reported by Adam Iwaniuk - CVE-2019-5838: Overly permissive tab access in Extensions. Reported by David Erceg - CVE-2019-5839: Incorrect handling of certain code points in Blink. Reported by Masato Kinugawa - CVE-2019-5840: Popup blocker bypass. Reported by Eliya Stein and Jerome Dangu - CVE-2019-5849: Out-of-bounds read in Skia. Reported by Zhen Zhou -- Michael Gilbert Sun, 09 Jun 2019 18:59:50 +0000 chromium (75.0.3770.10-1) experimental; urgency=medium * New upstream development release. - Fixes crash when launching chromium a second time (closes: #927913). * Document how to use widevine in README.debian (closes: #929026). * Apply vaapi update from the Fedora chromium 73 package (closes: #926032). -- Michael Gilbert Sun, 09 Jun 2019 18:35:36 +0000 chromium (74.0.3729.108-1) unstable; urgency=medium * New upstream stable release. - Eliminates flood of vsync error messages (closes: #901831). - Correctly shuts down when SIGTERM is recieved (closes: #924901). - Fixes regression in hardware accelerated video (closes: #926032). - CVE-2019-5805: Use after free in PDFium. Reported by Anonymous - CVE-2019-5806: Integer overflow in Angle. Reported by Wen Xu - CVE-2019-5807: Memory corruption in V8. Reported by TimGMichaud - CVE-2019-5808: Use after free in Blink. Reported by cloudfuzzer - CVE-2019-5809: Use after free in Blink. Reported by Mark Brand - CVE-2019-5810: User information disclosure in Autofill. Reported by Mark Amery - CVE-2019-5811: CORS bypass in Blink. Reported by Jun Kokatsu - CVE-2019-5813: Out of bounds read in V8. Reported by Aleksandar Nikolic - CVE-2019-5814: CORS bypass in Blink. Reported by @AaylaSecura1138 - CVE-2019-5815: Heap buffer overflow in Blink. Reported by Nicolas Grégoire - CVE-2019-5818: Uninitialized value in media reader. Reported by Adrian Tolbaru - CVE-2019-5819: Incorrect escaping in developer tools. Reported by Svyat Mitin - CVE-2019-5820: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5821: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5822: CORS bypass in download manager. Reported by Jun Kokatsu - CVE-2019-5823: Forced navigation from service worker. Reported by David Erceg -- Michael Gilbert Wed, 24 Apr 2019 00:08:54 +0000 chromium (73.0.3683.75-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5787: Use after free in Canvas. Reported by Zhe Jin - CVE-2019-5788: Use after free in FileAPI. Reported by Mark Brand - CVE-2019-5789: Use after free in WebMIDI. Reported by Mark Brand - CVE-2019-5790: Heap buffer overflow in V8. Reported by Dimitri Fourny - CVE-2019-5791: Type confusion in V8. Reported by Choongwoo Han - CVE-2019-5792: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5793: Excessive permissions for private API in Extensions. Reported by Jun Kokatsu - CVE-2019-5794: Security UI spoofing. Reported by Juno Im of Theori - CVE-2019-5795: Integer overflow in PDFium. Reported by pdknsk - CVE-2019-5796: Race condition in Extensions. Reported by Mark Brand - CVE-2019-5797: Race condition in DOMStorage. Reported by Mark Brand - CVE-2019-5798: Out of bounds read in Skia. Reported by Tran Tien Hung - CVE-2019-5799: CSP bypass with blob URL. Reported by sohalt - CVE-2019-5800: CSP bypass with blob URL. Reported by Jun Kokatsu - CVE-2019-5802: Security UI spoofing. Reported by Ronni Skansing - CVE-2019-5803: CSP bypass with Javascript URLs'. Reported by Andrew Comminos -- Michael Gilbert Tue, 19 Mar 2019 02:19:17 +0000 chromium (73.0.3683.56-2) experimental; urgency=medium * Fix build failure on armhf. -- Michael Gilbert Sun, 10 Mar 2019 04:35:32 +0000 chromium (73.0.3683.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 02 Mar 2019 18:02:02 +0000 chromium (72.0.3626.122-1) unstable; urgency=medium * New upstream stable release. -- Michael Gilbert Thu, 07 Mar 2019 14:05:20 +0000 chromium (72.0.3626.121-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5786: Use-after-free in FileReader -- Michael Gilbert Sat, 02 Mar 2019 16:28:16 +0000 chromium (72.0.3626.109-1) unstable; urgency=medium * New upstream stable release. - CVE-2019-5784: Inappropriate implementation in V8. Reported by Lucas Pinheiro * Build pdfium using system lcms. * Renable support for kerberos (closes: #916684). * Fix 32-bit type error in the vaapi implementation (closes: #921823). -- Michael Gilbert Mon, 04 Feb 2019 04:27:06 +0000 chromium (72.0.3626.81-1) unstable; urgency=medium * New upstream stable release. - Stack buffer overflow in Skia. Reported by Ivan Fratric - Use after free in Mojo, FileAPI, and Payments. Reported by Mark Brand - CVE-2018-17481: Use after free in PDFium. Reported by Anonymous - CVE-2019-5754: Inappropriate implementation in QUIC Networking. Reported by Klzgrad - CVE-2019-5755: Inappropriate implementation in V8. Reported by Jay Bosamiya - CVE-2019-5756: Use after free in PDFium. Reported by Anonymous - CVE-2019-5757: Type Confusion in SVG. Reported by Alexandru Pitis - CVE-2019-5758: Use after free in Blink. Reported by Zhe Jin - CVE-2019-5759: Use after free in HTML select elements. Reported by Almog Benin - CVE-2019-5760: Use after free in WebRTC. Reported by Zhe Jin - CVE-2019-5762: Use after free in PDFium. Reported by Anonymous - CVE-2019-5763: Insufficient validation of untrusted input in V8. Reported by Guang Gong - CVE-2019-5764: Use after free in WebRTC. Reported by Eyal Itkin - CVE-2019-5765: Insufficient policy enforcement in the browser. Reported by Sergey Toshin - CVE-2019-5766: Insufficient policy enforcement in Canvas. Reported by David Erceg - CVE-2019-5767: Incorrect security UI in WebAPKs. Reported by Haoran Lu, Yifan Zhang, Luyi Xing, and Xiaojing Liao - CVE-2019-5768: Insufficient policy enforcement in DevTools. Reported by Rob Wu - CVE-2019-5769: Insufficient validation of untrusted input in Blink. Reported by Guy Eshel - CVE-2019-5770: Heap buffer overflow in WebGL. Reported by hemidallt - CVE-2019-5772: Use after free in PDFium. Reported by Zhen Zhou - CVE-2019-5773: Insufficient data validation in IndexedDB. Reported by Yongke Wang - CVE-2019-5774: Insufficient validation of untrusted input in SafeBrowsing. Reported by Junghwan Kang and Juno Im - CVE-2019-5775: Insufficient policy enforcement in Omnibox. Reported by evi1m0 - CVE-2019-5776: Insufficient policy enforcement in Omnibox. Reported by Lnyas Zhang - CVE-2019-5777: Insufficient policy enforcement in Omnibox. Reported by Khalil Zhani - CVE-2019-5778: Insufficient policy enforcement in Extensions. Reported by David Erceg - CVE-2019-5779: Insufficient policy enforcement in ServiceWorker. Reported by David Erceg - CVE-2019-5780: Insufficient policy enforcement. Reported by Andreas Hegenberg - CVE-2019-5781: Insufficient policy enforcement in Omnibox. Reported by evi1m0 - CVE-2019-5782: Inappropriate implementation in V8 reported by Qixun Zhao - CVE-2019-5783: Insufficient validation of untrusted input in DevTools. Reported by Shintaro Kobori * Opt out of all Google web service options by default (closes: #916320). * Enable support for hardware accelerated video decoding (closes: #856255). - Thanks to Akarshan Biswas. -- Michael Gilbert Sat, 02 Feb 2019 05:05:43 +0000 chromium (72.0.3626.53-1) unstable; urgency=medium * New upstream beta release. * Organize the gcc 6 patches. * Update standards version to 4.3.0. * Drop libsrtp from the build dependencies (closes: #918542). -- Michael Gilbert Sat, 12 Jan 2019 07:17:20 +0000 chromium (72.0.3626.7-6) unstable; urgency=medium * Upload to unstable: fix FTBFS on arm64 and armhf -- Riku Voipio Tue, 08 Jan 2019 14:41:13 +0200 chromium (72.0.3626.7-5) experimental; urgency=medium * Fix armhf and arm64 builds -- Riku Voipio Fri, 04 Jan 2019 16:17:43 +0200 chromium (72.0.3626.7-4) unstable; urgency=medium * Reenable support for widevine (closes: #916058). * Update maintainer to chromium@packages.debian.org (closes: #915988). -- Michael Gilbert Mon, 24 Dec 2018 19:41:02 +0000 chromium (72.0.3626.7-3) unstable; urgency=medium * Remove unintended extra brace in arm patch. -- Michael Gilbert Sun, 16 Dec 2018 22:37:19 +0000 chromium (72.0.3626.7-2) experimental; urgency=medium * Fix build failures on arm. -- Michael Gilbert Fri, 14 Dec 2018 02:50:58 +0000 chromium (72.0.3626.7-1) experimental; urgency=medium * New upstream developmental release. -- Michael Gilbert Tue, 11 Dec 2018 03:31:15 +0000 chromium (71.0.3578.80-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-17480: Out of bounds write in V8. Reported by Guang Gong - CVE-2018-17481: Use after frees in PDFium. Reported by Anonymous - CVE-2018-18335: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-18336: Use after free in PDFium. Reported by Huyna - CVE-2018-18337: Use after free in Blink. Reported by cloudfuzzer - CVE-2018-18338: Heap buffer overflow in Canvas. Reported by Zhe Jin - CVE-2018-18339: Use after free in WebAudio. Reported by cloudfuzzer - CVE-2018-18340: Use after free in MediaRecorder. Reported by Anonymous - CVE-2018-18341: Heap buffer overflow in Blink. Reported by cloudfuzzer - CVE-2018-18342: Out of bounds write in V8. Reported by Guang Gong - CVE-2018-18343: Use after free in Skia. Reported by Tran Tien Hung - CVE-2018-18344: Inappropriate implementation in Extensions. Reported by Jann Horn - CVE-2018-18345: Inappropriate implementation in Site Isolation. Reported by Masato Kinugawa and Jun Kokatsu - CVE-2018-18346: Incorrect security UI in Blink. Reported by Luan Herrera - CVE-2018-18347: Inappropriate implementation in Navigation. Reported by Luan Herrera - CVE-2018-18348: Inappropriate implementation in Omnibox. Reported by Ahmed Elsobky - CVE-2018-18349: Insufficient policy enforcement in Blink. Reported by David Erceg - CVE-2018-18350: Insufficient policy enforcement in Blink. Reported by Jun Kokatsu - CVE-2018-18351: Insufficient policy enforcement in Navigation. Reported by Jun Kokatsu - CVE-2018-18352: Inappropriate implementation in Media. Reported by Jun Kokatsu - CVE-2018-18353: Inappropriate implementation in Network Authentication. Reported by Wenxu Wu - CVE-2018-18354: Insufficient data validation in Shell Integration. Reported by Wenxu Wu - CVE-2018-18355: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 - CVE-2018-18356: Use after free in Skia. Reported by Tran Tien Hung - CVE-2018-18357: Insufficient policy enforcement in URL Formatter. Reported by evi1m0 - CVE-2018-18358: Insufficient policy enforcement in Proxy. Reported by Jann Horn - CVE-2018-18359: Out of bounds read in V8. Reported by cyrilliu - Inappropriate implementation in PDFium. Reported by Salem Faisal Elmrayed - Use after free in Extensions. Reported by Zhe Jin - Inappropriate implementation in Navigation. Reported by Luan Herrera - Inappropriate implementation in Navigation. Reported by Jesper van den Ende - Insufficient policy enforcement in Navigation. Reported by Ryan Pickren - Insufficient policy enforcement in URL Formatter. Reported by evi1m0 -- Michael Gilbert Wed, 05 Dec 2018 00:45:35 +0000 chromium (71.0.3578.62-1) unstable; urgency=medium * New upstream beta release. * Rename the source package to chromium. * Build using the system jsoncpp library. * Remove non-free unrar source from the upstream tarball (closes: #914487). - Requires safe browsing inspection of rar files to be disabled. -- Michael Gilbert Wed, 21 Nov 2018 02:37:35 +0000 chromium-browser (70.0.3538.110-1) unstable; urgency=medium * New upstream security release. - CVE-2018-17479: Use-after-free in GPU. -- Michael Gilbert Tue, 20 Nov 2018 00:45:46 +0000 chromium-browser (70.0.3538.102-1) unstable; urgency=medium * New upstream security release. - CVE-2018-17478: Out of bounds memory access in V8. Reported by cloudfuzzer * Fix new lintian warnings. * Drop libjs-excanvas build dependency. * Add support for building with harfbuzz 2.1.1. * Document how to run chromium as root (closes: #838534). * Output debian specific instructions when no working sandbox is available. * Do not rely on transitive recommendation for the sandbox (closes: #913116). -- Michael Gilbert Fri, 16 Nov 2018 03:12:53 +0000 chromium-browser (70.0.3538.67-3) unstable; urgency=medium * Fix a compiler warning. * Move the setuid sandbox into a separate package (closes: #839277). -- Michael Gilbert Sat, 03 Nov 2018 17:30:16 +0000 chromium-browser (70.0.3538.67-2) unstable; urgency=medium * Restore support for building with gtk2. -- Michael Gilbert Tue, 23 Oct 2018 01:11:35 +0000 chromium-browser (70.0.3538.67-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-17462: Sandbox escape in AppCache. Reported by Ned Williamson and Niklas Baumstark - CVE-2018-17463: Remote code execution in V8. Reported by Ned Williamson and Niklas Baumstark - Heap buffer overflow in Little CMS in PDFium. Reported by Quang Nguyễn - CVE-2018-17464: URL spoof in Omnibox. Reported by xisigr - CVE-2018-17465: Use after free in V8. Reported by Lin Zuojian - CVE-2018-17466: Memory corruption in Angle. Reported by Omair - CVE-2018-17467: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17468: Cross-origin URL disclosure in Blink. Reported by James Lee - CVE-2018-17469: Heap buffer overflow in PDFium. Reported by Zhen Zhou - CVE-2018-17470: Memory corruption in GPU Internals. Reported by Zhe Jin - CVE-2018-17471: Security UI occlusion in full screen mode. Reported by Lnyas Zhang - CVE-2018-17473: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-17474: Use after free in Blink. Reported by Zhe Jin - CVE-2018-17475: URL spoof in Omnibox. Reported by Vladimir Metnew - CVE-2018-17476: Security UI occlusion in full screen mode. Reported by Khalil Zhani - CVE-2018-5179: Lack of limits on update() in ServiceWorker. Reported by Yannic Bonenberger - CVE-2018-17477: UI spoof in Extensions. Reported by Aaron Muir Hamilton * Fix build failure on i386. * Fix installation path of the master preferences file (closes: #911056). -- Michael Gilbert Tue, 16 Oct 2018 12:36:22 +0000 chromium-browser (70.0.3538.54-2) unstable; urgency=medium * Build with gcc 8 (closes: #901368). * Move the master preferences file to /etc/chromium (closes: #891232). -- Michael Gilbert Sun, 14 Oct 2018 00:49:46 +0000 chromium-browser (70.0.3538.54-1) unstable; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 13 Oct 2018 04:18:08 +0000 chromium-browser (69.0.3497.100-1) unstable; urgency=medium * New upstream stable release. * Update standards version to 4.2.1. * Clarify debugging section in README.debian (closes: #910842). * Remove ConvertUTF from the upstream tarball (closes: #900596). * Load all extensions installed to /usr/share/chromium/extensions. - Thanks to Michael Meskes (closes: #890392). * Remove audio_capture_enable setting from the default preferences (closes: #884887). -- Michael Gilbert Sat, 13 Oct 2018 02:35:46 +0000 chromium-browser (69.0.3497.92-1) unstable; urgency=medium * New upstream security release. - Function signature mismatch in WebAssembly. Reported by Kevin Cheung - URL Spoofing in Omnibox. Reported by evi1m0 -- Michael Gilbert Thu, 13 Sep 2018 03:12:53 +0000 chromium-browser (69.0.3497.81-3) unstable; urgency=medium * Move another file needed for the armhf build to where it is expected. -- Michael Gilbert Fri, 07 Sep 2018 00:06:13 +0000 chromium-browser (69.0.3497.81-2) unstable; urgency=medium * Disable swiftshader. * Move file needed for the armhf build to where it is expected. * Document disabled built-in extensions in README.debian (closes: #886358). -- Michael Gilbert Thu, 06 Sep 2018 01:45:12 +0000 chromium-browser (69.0.3497.81-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-16065: Out of bounds write in V8. Reported by Brendon Tiszka - CVE-2018-16066: Out of bounds read in Blink. Reported by cloudfuzzer - CVE-2018-16067: Out of bounds read in WebAudio. Reported by Zhe Jin - CVE-2018-16068: Out of bounds write in Mojo. Reported by Mark Brand - CVE-2018-16069: Out of bounds read in SwiftShader. Reported by Mark Brand - CVE-2018-16070: Integer overflow in Skia. Reported by Ivan Fratric - CVE-2018-16071: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-16073: Site Isolation bypass after tab restore. Reported by Jun Kokatsu - CVE-2018-16074: Site Isolation bypass using Blob URLS. Reported by Jun Kokatsu - CVE-2018-16075: Local file access in Blink. Reported by Pepe Vila - CVE-2018-16076: Out of bounds read in PDFium. Reported by Aleksandar Nikolic - CVE-2018-16077: Content security policy bypass in Blink. Reported by Manuel Caballero - CVE-2018-16078: Credit card information leak in Autofill. Reported by Cailan Sacks - CVE-2018-16079: URL spoof in permission dialogs. Reported by Markus Vervier and Michele Orrù - CVE-2018-16080: URL spoof in full screen mode. Reported by Khalil Zhani - CVE-2018-16081: Local file access in DevTools. Reported by Jann Horn - CVE-2018-16082: Stack buffer overflow in SwiftShader. Reported by Omair - CVE-2018-16083: Out of bounds read in WebRTC. Reported by Natalie Silvanovich - CVE-2018-16084: User confirmation bypass in external protocol handling. Reported by Jun Kokatsu - CVE-2018-16085: Use after free in Memory Instrumentation. Reported by Roman Kuksin -- Michael Gilbert Wed, 05 Sep 2018 00:01:50 +0000 chromium-browser (69.0.3497.12-1) experimental; urgency=medium * New upstream development release. - Fixes an error that can occur on pages containing xml (closes: #865592). * Install swiftshader libraries to /usr/lib/chromium (closes: #901831). -- Michael Gilbert Sun, 29 Jul 2018 09:30:34 +0000 chromium-browser (68.0.3440.75-2) unstable; urgency=medium * Restore a mistakenly omitted call to InitializeFFmpeg (closes: #902909). -- Michael Gilbert Thu, 26 Jul 2018 00:37:11 +0000 chromium-browser (68.0.3440.75-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-4117: Cross origin information leak in Blink. Reported by AhsanEjaz - CVE-2018-6044: Request privilege escalation in Extensions . Reported by Rob Wu - CVE-2018-6150: Cross origin information disclosure in Service Workers. Reported by Rob Wu - CVE-2018-6151: Bad cast in DevTools. Reported by Rob Wu - CVE-2018-6152: Local file write in DevTools. Reported by Rob Wu - CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou - CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6155: Use after free in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6156: Heap buffer overflow in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6157: Type confusion in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6158: Use after free in Blink. Reported by Zhe Jin - CVE-2018-6159: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6161: Same origin policy bypass in WebAudio. Reported by Jun Kokatsu - CVE-2018-6162: Heap buffer overflow in WebGL. Reported by Omair - CVE-2018-6163: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6164: Same origin policy bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6165: URL spoof in Omnibox. Reported by evi1m0 - CVE-2018-6166: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6167: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6168: CORS bypass in Blink. Reported by Gunes Acar and Danny Y. Huang - CVE-2018-6169: Permissions bypass in extension installation . Reported by Sam P - CVE-2018-6170: Type confusion in PDFium. Reported by Anonymous - CVE-2018-6171: Use after free in WebBluetooth. - CVE-2018-6172: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6173: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6174: Integer overflow in SwiftShader. Reported by Mark Brand - CVE-2018-6175: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6176: Local user privilege escalation in Extensions. Reported by Jann Horn - CVE-2018-6177: Cross origin information leak in Blink. Reported by Ron Masas - CVE-2018-6178: UI spoof in Extensions. Reported by Khalil Zhani - CVE-2018-6179: Local file information leak in Extensions. -- Michael Gilbert Wed, 25 Jul 2018 00:28:20 +0000 chromium-browser (68.0.3440.42-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 30 Jun 2018 17:46:03 +0000 chromium-browser (68.0.3440.33-1) experimental; urgency=medium * New upstream beta release. * Build using upstream's "lite" tarball. * Restore decoder initialization from chromium 66 to maintain compatibility with ffmpeg 3.4 (closes: #900533). -- Michael Gilbert Fri, 29 Jun 2018 20:48:51 +0000 chromium-browser (68.0.3440.25-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sun, 24 Jun 2018 16:32:18 +0000 chromium-browser (68.0.3440.17-1) experimental; urgency=medium * New upstream beta release. * Recommend upower and notification-daemon. -- Michael Gilbert Mon, 11 Jun 2018 04:40:58 +0000 chromium-browser (68.0.3440.7-1) experimental; urgency=medium * New upstream development release. -- Michael Gilbert Sun, 10 Jun 2018 23:44:14 +0000 chromium-browser (67.0.3396.87-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6149: Out of bounds write in V8. Reported by Yu Zhou and Jundong Xie -- Michael Gilbert Tue, 19 Jun 2018 12:13:46 +0000 chromium-browser (67.0.3396.79-2) unstable; urgency=medium * Use embedded ffmpeg code copy (closes: #900533). -- Michael Gilbert Mon, 11 Jun 2018 00:33:39 +0000 chromium-browser (67.0.3396.79-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6148: Incorrect handling of CSP header. Reported by Michał Bentkowski -- Michael Gilbert Sun, 10 Jun 2018 21:48:45 +0000 chromium-browser (67.0.3396.62-2) unstable; urgency=medium * Fix build on arm64/armhf -- Riku Voipio Fri, 08 Jun 2018 15:37:05 +0300 chromium-browser (67.0.3396.62-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-6123: Use after free in Blink. Reported by Looben Yang - CVE-2018-6124: Type confusion in Blink. Reported by Guang Gong - CVE-2018-6125: Overly permissive policy in WebUSB. Reported by Yubico - CVE-2018-6126: Heap buffer overflow in Skia. Reported by Ivan Fratric - CVE-2018-6127: Use after free in indexedDB. Reported by Looben Yang - CVE-2018-6129: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6130: Out of bounds memory access in WebRTC. Reported by Natalie Silvanovich - CVE-2018-6131: Incorrect mutability protection in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6132: Use of uninitialized memory in WebRTC. Reported by Ronald E. Crane - CVE-2018-6133: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6134: Referrer Policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6135: UI spoofing in Blink. Reported by Jasper Rebane - CVE-2018-6136: Out of bounds memory access in V8. Reported by Peter Wong - CVE-2018-6137: Leak of visited status of page in Blink. Reported by Michael Smith - CVE-2018-6138: Overly permissive policy in Extensions. Reported by François Lajeunesse-Robert - CVE-2018-6139: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6140: Restrictions bypass in the debugger extension API. Reported by Rob Wu - CVE-2018-6141: Heap buffer overflow in Skia. Reported by Yangkang - CVE-2018-6142: Out of bounds memory access in V8. Reported by Choongwoo Han - CVE-2018-6143: Out of bounds memory access in V8. Reported by Guang Gong - CVE-2018-6144: Out of bounds memory access in PDFium. Reported by pdknsk - CVE-2018-6145: Incorrect escaping of MathML in Blink. Reported by Masato Kinugawa - CVE-2018-6147: Password fields not taking advantage of OS protections in Views. Reported by Michail Pishchagin -- Michael Gilbert Wed, 30 May 2018 13:03:02 +0000 chromium-browser (67.0.3396.57-1) experimental; urgency=medium * New upstream beta release. * Ignore more compiler warnings. -- Michael Gilbert Tue, 29 May 2018 13:06:17 +0000 chromium-browser (67.0.3396.56-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sun, 27 May 2018 04:27:00 +0000 chromium-browser (67.0.3396.48-1) experimental; urgency=medium * New upstream beta release. * Indicate that binary rules do not require root. * Change maintainer address to chromium-browser@packages.debian.org. * Drop widevine adapter package, no longer supported upstream (chromium should automatically detect and use libwidevinecdm.so without the extra adapter library now). -- Michael Gilbert Sat, 19 May 2018 03:30:20 +0000 chromium-browser (66.0.3359.181-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6120: Heap buffer overflow in PDFium. Reported by Zhou Aiting - CVE-2018-6121: Privilege Escalation in extensions. - CVE-2018-6122: Type confusion in V8. -- Michael Gilbert Fri, 18 May 2018 21:08:59 +0000 chromium-browser (66.0.3359.139-1) unstable; urgency=medium * New upstream security release. - CVE-2018-6118: Use after free in Media Cache. Reported by Ned Williamson * Enable jumbo build. * Recommend libgl1-mesa-dri. -- Michael Gilbert Sat, 28 Apr 2018 02:44:15 +0000 chromium-browser (66.0.3359.117-1) unstable; urgency=medium * New upstream stable release. - CVE-2018-6085: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6086: Use after free in Disk Cache. Reported by Ned Williamson - CVE-2018-6087: Use after free in WebAssembly. Reported by Anonymous - CVE-2018-6088: Use after free in PDFium. Reported by Anonymous - CVE-2018-6089: Same origin policy bypass in Service Worker. Reported by Rob Wu - CVE-2018-6090: Heap buffer overflow in Skia. Reported by ZhanJia Song - CVE-2018-6091: Incorrect handling of plug-ins by Service Worker. Reported by Jun Kokatsu - CVE-2018-6092: Integer overflow in WebAssembly. Reported by Natalie Silvanovich - CVE-2018-6093: Same origin bypass in Service Worker. Reported by Jun Kokatsu - CVE-2018-6094: Exploit hardening regression in Oilpan. Reported by Chris Rohlf - CVE-2018-6095: Lack of meaningful user interaction requirement before file upload. Reported by Abdulrahman Alqabandi - CVE-2018-6096: Fullscreen UI spoof. Reported by WenXu Wu - CVE-2018-6097: Fullscreen UI spoof. Reported by xisigr - CVE-2018-6098: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6099: CORS bypass in ServiceWorker. Reported by Jun Kokatsu - CVE-2018-6100: URL spoof in Omnibox. Reported by Lnyas Zhang - CVE-2018-6101: Insufficient protection of remote debugging prototol in DevTools . Reported by Rob Wu - CVE-2018-6102: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6103: UI spoof in Permissions. Reported by Khalil Zhani - CVE-2018-6104: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6105: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6106: Incorrect handling of promises in V8. Reported by lokihardt - CVE-2018-6107: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6108: URL spoof in Omnibox. Reported by Khalil Zhani - CVE-2018-6109: Incorrect handling of files by FileAPI. Reported by Dominik Weber - CVE-2018-6110: Incorrect handling of plaintext files via file:// . Reported by Wenxiang Qian - CVE-2018-6111: Heap-use-after-free in DevTools. Reported by Khalil Zhani - CVE-2018-6112: Incorrect URL handling in DevTools. Reported by Rob Wu - CVE-2018-6113: URL spoof in Navigation. Reported by Khalil Zhani - CVE-2018-6114: CSP bypass. Reported by Lnyas Zhang - CVE-2018-6115: SmartScreen bypass in downloads. Reported by James Feher - CVE-2018-6116: Incorrect low memory handling in WebAssembly. Reported by Chengdu Security Response Center - CVE-2018-6117: Confusing autofill settings. Reported by Spencer Dailey - Fixes proxy time out error (closes: #892994). - Removes not implemented messages (closes: #893799). * Remove third_party/chromite from the upstream tarball (closes: #895076). -- Michael Gilbert Thu, 26 Apr 2018 01:27:39 +0000 chromium-browser (66.0.3359.26-2) unstable; urgency=medium [ Michael Gilbert ] * Build using gcc6. * Move version control to salsa.debian.org. * Change maintainer address to chromium-browser@tracker.debian.org. [ Riku Voipio ] * [arm64/armhf] Fix neon autodetection with patch from upstream * [armhf] drop debug symbols -- Michael Gilbert Sun, 08 Apr 2018 03:11:08 +0000 chromium-browser (66.0.3359.26-1) experimental; urgency=medium * New upstream release. * Use threaded compression while repacking the upstream tarball. -- Michael Gilbert Mon, 26 Mar 2018 00:53:25 +0000 chromium-browser (66.0.3359.22-3) experimental; urgency=medium * Build pdfium using the system openjpeg library. -- Michael Gilbert Sat, 24 Mar 2018 22:53:20 +0000 chromium-browser (66.0.3359.22-2) experimental; urgency=medium * Fix typo in vpx patch. -- Michael Gilbert Sat, 24 Mar 2018 21:39:20 +0000 chromium-browser (66.0.3359.22-1) experimental; urgency=medium * New upstream release. - Fixes swiftshader library loading error (closes: #864606). -- Michael Gilbert Mon, 19 Mar 2018 01:04:11 +0000 chromium-browser (65.0.3325.146-4) unstable; urgency=medium * Fix another incomplete type build error (closes: #892891). -- Michael Gilbert Thu, 15 Mar 2018 01:22:51 +0000 chromium-browser (65.0.3325.146-3) unstable; urgency=medium * Fix incomplete type build error. -- Michael Gilbert Sun, 11 Mar 2018 00:33:12 +0000 chromium-browser (65.0.3325.146-2) unstable; urgency=medium * Fix a few gcc build warnings. * Apply upstream's fix for a bug in gcc7's handling of non-copyable types (closes: #890954). -- Michael Gilbert Sat, 10 Mar 2018 00:36:33 +0000 chromium-browser (65.0.3325.146-1) unstable; urgency=medium * New upstream stable release release. - CVE-2018-6056: Incorrect derived class instantiation in V8. Reported by lokihardt - CVE-2018-6060: Use after free in Blink. Reported by Omair - CVE-2018-6061: Race condition in V8. Reported by Guang Gong - CVE-2018-6062: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2018-6057: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6063: Incorrect permissions on shared memory. Reported by Gal Beniamini - CVE-2018-6064: Type confusion in V8. Reported by lokihardt - CVE-2018-6065: Integer overflow in V8. Reported by Mark Brand - CVE-2018-6066: Same Origin Bypass via canvas. Reported by Masato Kinugawa - CVE-2018-6067: Buffer overflow in Skia. Reported by Ned Williamson - CVE-2018-6068: Object lifecycle issues in Chrome Custom Tab. Reported by Luan Herrera - CVE-2018-6069: Stack buffer overflow in Skia. Reported by Wanglu & Yangkang - CVE-2018-6070: CSP bypass through extensions. Reported by Rob Wu - CVE-2018-6071: Heap bufffer overflow in Skia. Reported by Anonymous - CVE-2018-6072: Integer overflow in PDFium. Reported by Atte Kettunen - CVE-2018-6073: Heap bufffer overflow in WebGL. Reported by Omair - CVE-2018-6074: Mark-of-the-Web bypass. Reported by Abdulrahman Alqabandi - CVE-2018-6075: Overly permissive cross origin downloads. Reported by Inti De Ceukelaire - CVE-2018-6076: Incorrect handling of URL fragment identifiers in Blink. Reported by Mateusz Krzeszowiec - CVE-2018-6077: Timing attack using SVG filters. Reported by Khalil Zhani - CVE-2018-6078: URL Spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6079: Information disclosure via texture data in WebGL. Reported by Ivars Atteka - CVE-2018-6080: Information disclosure in IPC call. Reported by Gal Beniamini - CVE-2018-6081: XSS in interstitials. Reported by Rob Wu - CVE-2018-6082: Circumvention of port blocking. Reported by WenXu Wu - CVE-2018-6083: Incorrect processing of AppManifests. Reported by Jun Kokatsu * Enable support for vp9 (closes: #891831). -- Michael Gilbert Mon, 05 Mar 2018 01:26:31 +0000 chromium-browser (65.0.3325.85-1) experimental; urgency=medium * New upstream beta release. * Remove third_party/ffmpeg from the upstream tarball. -- Michael Gilbert Sat, 24 Feb 2018 08:17:44 +0000 chromium-browser (65.0.3325.74-1) experimental; urgency=medium [ Michael Gilbert ] * New upstream release. * Update to debhelper 11. * Update standards version. * Remove third_party/llvm from the upstream tarball. * Drop -fno-delete-null-pointer from debian/rules, applied upstream now. [ Riku Voipio ] * Fix skia build on arm64, (closes: #891062) * Set some armhf specific gn args to help linking -- Michael Gilbert Sat, 24 Feb 2018 02:36:40 +0000 chromium-browser (65.0.3325.73-1) experimental; urgency=medium * New upstream beta release. * Recommend libu2f-udev (closes: #890239). * Add support for ffmpeg 4.0 (closes: #888387). * Remove icc_profiles from the upstream tarball. -- Michael Gilbert Sun, 18 Feb 2018 02:22:56 +0000 chromium-browser (64.0.3282.119-2) unstable; urgency=medium * Drop chromecast patch (closes: #884173). -- Michael Gilbert Sun, 11 Feb 2018 03:00:09 +0000 chromium-browser (64.0.3282.119-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-15420: URL spoofing in Omnibox. Reported by Drew Springall - CVE-2017-15429: UXSS in V8. Reported by Anonymous - CVE-2018-6031: Use after free in PDFium. Reported by Anonymous - CVE-2018-6032: Same origin bypass in Shared Worker. Reported by Jun Kokatsu - CVE-2018-6033: Race when opening downloaded files. Reported by Juho Nurminen - CVE-2018-6034: Integer overflow in Blink. Reported by Tobias Klein - CVE-2018-6035: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6036: Integer underflow in WebAssembly. Reported by The UK's National Cyber Security Centre - CVE-2018-6037: Insufficient user gesture requirements in autofill. Reported by Paul Stone - CVE-2018-6038: Heap buffer overflow in WebGL. Reported by cloudfuzzer - CVE-2018-6039: XSS in DevTools. Reported by Juho Nurminen - CVE-2018-6040: Content security policy bypass. Reported by WenXu Wu - CVE-2018-6041: URL spoof in Navigation. Reported by Luan Herrera - CVE-2018-6042: URL spoof in OmniBox. Reported by Khalil Zhani - CVE-2018-6043: Insufficient escaping with external URL handlers. Reported by 0x09AL - CVE-2018-6045: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6046: Insufficient isolation of devtools from extensions. Reported by Rob Wu - CVE-2018-6047: Cross origin URL leak in WebGL. Reported by Masato Kinugawa - CVE-2018-6048: Referrer policy bypass in Blink. Reported by Jun Kokatsu - CVE-2018-6049: UI spoof in Permissions. Reported by WenXu Wu - CVE-2018-6050: URL spoof in OmniBox. Reported by Jonathan Kew - CVE-2018-6051: Referrer leak in XSS Auditor. Reported by Antonio Sanso - CVE-2018-6052: Incomplete no-referrer policy implementation. Reported by Tanner Emek - CVE-2018-6053: Leak of page thumbnails in New Tab Page. Reported by Asset Kabdenov - CVE-2018-6054: Use after free in WebUI. Reported by Rob Wu -- Michael Gilbert Sun, 28 Jan 2018 01:00:12 +0000 chromium-browser (63.0.3239.84-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by Viktor Brange - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by Max May - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal Arvind Shah - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by Jun Kokatsu - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by Greg Hudson - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported by Junaid Farhan * Update standards version to 4.1.2. * Stricter default master preferences. * Avoid showing the welcome page (closes: #857767). * Switch from gtk2 to gtk3 again (closes: #883364). -- Michael Gilbert Sun, 03 Dec 2017 16:05:00 +0000 chromium-browser (63.0.3239.40-1) experimental; urgency=medium * New upstream beta release. * Disable chromium signin feature. * Fix error in icon installation script. * Update to the latest standards version. * Indicate that the package can be built without root. -- Michael Gilbert Sun, 12 Nov 2017 05:36:26 +0000 chromium-browser (63.0.3239.30-1) experimental; urgency=medium * New upstream beta release. * Install 16 and 32 pixel png icon files (closes: #857071). * Improve description for --temp-profile (closes: #881040). * Document Debian bug reports in the manpage (closes: #880965). * Stricter breaks/replaces to support security uploads (closes: #877970). -- Michael Gilbert Wed, 08 Nov 2017 01:54:47 +0000 chromium-browser (62.0.3202.89-1) unstable; urgency=medium * New upstream security release. - CVE-2017-15398: Stack buffer overflow in QUIC. Reported by Ned Williamson - CVE-2017-15399: Use after free in V8. Reported by Zhao Qixun * Revert new dependency on gconf. * Link against system lcms2 library (closes: #879153). * Disable device notifications by default (closes: #856571). * Remove icon extension from the desktop file (closes: #860256). -- Michael Gilbert Tue, 07 Nov 2017 02:22:17 +0000 chromium-browser (62.0.3202.75-1) unstable; urgency=medium * New upstream stable release (closes: #879451). - CVE-2017-5124: UXSS with MHTML. Reported by Anonymous - CVE-2017-5125: Heap overflow in Skia. Reported by Anonymous - CVE-2017-5126: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5127: Use after free in PDFium. Reported by Luat Nguyen - CVE-2017-5128: Heap overflow in WebGL. Reported by Omair - CVE-2017-5129: Use after free in WebAudio. Reported by Omair - CVE-2017-5131: Out of bounds write in Skia. Reported by Anonymous - CVE-2017-5132: Incorrect stack manipulation in WebAssembly. Reported by Gaurav Dewan - CVE-2017-5133: Out of bounds write in Skia. Reported by Aleksandar Nikolic - CVE-2017-15386: UI spoofing in Blink. Reported by WenXu Wu - CVE-2017-15387: Content security bypass. Reported by Jun Kokatsu - CVE-2017-15388: Out of bounds read in Skia. Reported by Kushal Arvind Shah - CVE-2017-15389: URL spoofing in OmniBox. Reported by xisigr - CVE-2017-15390: URL spoofing in OmniBox. Reported by Haosheng Wang - CVE-2017-15391: Extension limitation bypass in Extensions. Reported by João Lucas Melo Brasio - CVE-2017-15392: Incorrect registry key handling in PlatformIntegration. Reported by Xiaoyin Liu - CVE-2017-15393: Referrer leak in Devtools. Reported by Svyat Mitin - CVE-2017-15394: URL spoofing in extensions UI. Reported by Sam - CVE-2017-15395: Null pointer dereference in ImageCapture. Reported by Johannes Bergman - CVE-2017-15396: Stack overflow in V8. Reported by Yuan Deng * Enable chromecast feature switch (closes: #878244). -- Michael Gilbert Sat, 04 Nov 2017 19:01:28 +0000 chromium-browser (61.0.3163.100-2) unstable; urgency=medium * Add liblcms2-dev as a build dependency (closes: #876804). -- Michael Gilbert Tue, 26 Sep 2017 12:54:35 +0000 chromium-browser (61.0.3163.100-1) unstable; urgency=medium * New upstream stable release (closes: #876030). - CVE-2017-5111: Use after free in PDFium. Reported by Luật Nguyễn - CVE-2017-5112: Heap buffer overflow in WebGL. Reported by Tobias Klein - CVE-2017-5113: Heap buffer overflow in Skia. Reported by Anonymous - CVE-2017-5114: Memory lifecycle issue in PDFium. Reported by Ke Liu - CVE-2017-5115: Type confusion in V8. Reported by Marco Giovannini - CVE-2017-5116: Type confusion in V8. Reported by Anonymous - CVE-2017-5117: Use of uninitialized value in Skia. Reported by Tobias Klein - CVE-2017-5118: Bypass of Content Security Policy in Blink. Reported by WenXu Wu - CVE-2017-5119: Use of uninitialized value in Skia. Reported by Anonymous - CVE-2017-5120: Potential HTTPS downgrade during redirect navigation. Reported by Xiaoyin Liu - CVE-2017-5121: Out-of-bounds access in V8. Reported by Jordan Rabet - CVE-2017-5122: Out-of-bounds access in V8. Reported by Choongwoo Han - Adds support for gcc7 (closes: #853347). * Update standards version. * Use system libstdc++ instead of chromium's bundled custom libc++. * Improve error message when network is unreachable (closes: #864539). * Fix a mistake that lead to unstripped binary files (closes: #870531). -- Michael Gilbert Sun, 24 Sep 2017 20:26:02 +0000 chromium-browser (60.0.3112.78-1) unstable; urgency=medium * New upstream stable release: - CVE-2017-5091: Use after free in IndexedDB. Reported by Ned Williamson - CVE-2017-5092: Use after free in PPAPI. Reported by Yu Zhou, Yuan Deng - CVE-2017-5093: UI spoofing in Blink. Reported by Luan Herrera - CVE-2017-5094: Type confusion in extensions. Reported by Anonymous - CVE-2017-5095: Out-of-bounds write in PDFium. Reported by Anonymous - CVE-2017-5096: User information leak via Android intents. Reported by Takeshi Terada - CVE-2017-5097: Out-of-bounds read in Skia. Reported by Anonymous - CVE-2017-5098: Use after free in V8. Reported by Jihoon Kim - CVE-2017-5099: Out-of-bounds write in PPAPI. Reported by Yuan Deng, Yu Zhou - CVE-2017-5100: Use after free in Chrome Apps. Reported by Anonymous - CVE-2017-5101: URL spoofing in OmniBox. Reported by Luan Herrera - CVE-2017-5102: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5103: Uninitialized use in Skia. Reported by Anonymous - CVE-2017-5104: UI spoofing in browser. Reported by Khalil Zhani - CVE-2017-7000: Pointer disclosure in SQLite. Reported by Chaitin Security Research Lab - CVE-2017-5105: URL spoofing in OmniBox. Reported by Rayyan Bijoora - CVE-2017-5106: URL spoofing in OmniBox. Reported by Jack Zac - CVE-2017-5107: User information leak via SVG. Reported by David Kohlbrenner - CVE-2017-5108: Type confusion in PDFium. Reported by Guang Gong - CVE-2017-5109: UI spoofing in browser. Reported by José María Acuña Morgado - CVE-2017-5110: UI spoofing in payments dialog. Reported by xisigr -- Michael Gilbert Thu, 27 Jul 2017 03:22:03 +0000 chromium-browser (60.0.3112.72-1) unstable; urgency=medium * New upstream beta release. - Adds support for gcc 6.4 (closes: #868926). * Update to debhelper version 10. * Update to standards version 4.0.0. * Only include pak files that are needed. * Drop chromedriver transitional package. * Drop ffmpeg.patch, now applied upstream. * Drop libgnome-keyring-dev build dependency (closes: #867917). * Install chromium-shell to /usr/lib/chromium (closes: #864565). - Thanks to Bert Schulze. -- Michael Gilbert Sat, 22 Jul 2017 16:41:59 +0000 chromium-browser (59.0.3071.104-1) unstable; urgency=medium * New upstream security release. - CVE-2017-5087: Sandbox Escape in IndexedDB. Reported by Ned Williamson - CVE-2017-5088: Out of bounds read in V8. Reported by Xiling Gong - CVE-2017-5089: Domain spoofing in Omnibox. Reported by Michał Bentkowski * Update get-orig-source to support really long arguments to tar --delete. -- Michael Gilbert Sat, 17 Jun 2017 20:03:49 +0000 chromium-browser (59.0.3071.86-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5070: Type confusion in V8. Reported by Zhao Qixun - CVE-2017-5071: Out of bounds read in V8. Reported by Choongwoo Han - CVE-2017-5072: Address spoofing in Omnibox. Reported by Rayyan Bijoora - CVE-2017-5073: Use after free in print preview. Reported by Khalil Zhani - CVE-2017-5074: Use after free in Apps Bluetooth. Reported by anonymous - CVE-2017-5075: Information leak in CSP reporting. Reported by Emmanuel Gil Peyrot - CVE-2017-5076: Address spoofing in Omnibox. Reported by Samuel Erb - CVE-2017-5077: Heap buffer overflow in Skia. Reported by Sweetchip - CVE-2017-5078: Possible command injection in mailto handling. Reported by Jose Carlos Exposito Bueno - CVE-2017-5079: UI spoofing in Blink. Reported by Khalil Zhani - CVE-2017-5080: Use after free in credit card autofill. Reported by Khalil Zhani - CVE-2017-5081: Extension verification bypass. Reported by Andrey Kovalev - CVE-2017-5082: Insufficient hardening in credit card editor. Reported by Nightwatch Cybersecurity Research - CVE-2017-5083: UI spoofing in Blink. Reported by Khalil Zhani - CVE-2017-5085: Inappropriate javascript execution on WebUI pages. Reported by Zhiyang Zeng - CVE-2017-5086: Address spoofing in Omnibox. Reported by Rayyan Bijoora -- Michael Gilbert Mon, 05 Jun 2017 23:09:28 +0000 chromium-browser (59.0.3071.71-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sat, 27 May 2017 03:30:14 +0000 chromium-browser (59.0.3071.61-1) experimental; urgency=medium * New upstream beta release. -- Michael Gilbert Sun, 21 May 2017 19:34:39 +0000 chromium-browser (59.0.3071.47-1) experimental; urgency=medium * New upstream beta release. * Simplify approach for disabling vp9. * Fix incomplete new interfaces to system ICU library. * Remove XML_PARSE_NOXXE flag since system libxml2 does not yet support it. -- Michael Gilbert Sat, 13 May 2017 16:09:05 +0000 chromium-browser (58.0.3029.96-1) unstable; urgency=medium * New upstream security release. - CVE-2017-5068: Race condition in WebRTC. Credit to Philipp Hancke -- Michael Gilbert Sun, 07 May 2017 00:36:22 +0000 chromium-browser (58.0.3029.81-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5057: Type confusion in PDFium. Credit to Guang Gong. - CVE-2017-5058: Heap use after free in Print Preview. Credit to Khalil Zhani - CVE-2017-5059: Type confusion in Blink. Credit to SkyLined - CVE-2017-5060: URL spoofing in Omnibox. Credit to Xudong Zheng - CVE-2017-5061: URL spoofing in Omnibox. Credit to Haosheng Wang - CVE-2017-5062: Use after free in Chrome Apps. Credit to anonymous - CVE-2017-5063: Heap overflow in Skia. Credit to Sweetchip - CVE-2017-5064: Use after free in Blink. Credit to Wadih Matar - CVE-2017-5065: Incorrect UI in Blink. Credit to Khalil Zhani - CVE-2017-5066: Incorrect signature handing in Networking. Credit to chenchu - CVE-2017-5067: URL spoofing in Omnibox. Credit to Khalil Zhani - CVE-2017-5069: Cross-origin bypass in Blink. Credit to Michael Reizelman -- Michael Gilbert Wed, 19 Apr 2017 23:20:29 +0000 chromium-browser (58.0.3029.68-1) experimental; urgency=medium * New upstream beta release. - Drop arm patch, now applied upstream. - Add missing file needed to be able to build gn. - Update vpx.patch to continue using the system library. - Set use_vulcanize=false to avoid bringing in the entire nodejs ecosystem. * Enable remote extensions by default (closes: #856183). -- Michael Gilbert Fri, 07 Apr 2017 04:51:22 +0000 chromium-browser (57.0.2987.133-1) unstable; urgency=medium * New upstream security update. - CVE-2017-5055: Use after free in printing. Credit to Wadih Matar - CVE-2017-5054: Heap buffer overflow in V8. Credit to Nicolas Trippar - CVE-2017-5052: Bad cast in Blink. Credit to JeongHoon Shin - CVE-2017-5056: Use after free in Blink. Credit to anonymous - CVE-2017-5053: Out of bounds memory access in V8. Credit to Team Sniper -- Michael Gilbert Fri, 07 Apr 2017 01:07:17 +0000 chromium-browser (57.0.2987.98-1) unstable; urgency=medium * New upstream stable release. - CVE-2017-5030: Memory corruption in V8. Credit to Brendon Tiszka - CVE-2017-5031: Use after free in ANGLE. Credit to Looben Yang - CVE-2017-5032: Out of bounds write in PDFium. Credit to Ashfaq Ansari - CVE-2017-5029: Integer overflow in libxslt. Credit to Holger Fuhrmannek - CVE-2017-5034: Use after free in PDFium. Credit to Ke Liu - CVE-2017-5035: Incorrect security UI in Omnibox. Credit to Enzo Aguado - CVE-2017-5036: Use after free in PDFium. Credit to Anonymous - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer. Credit to Yongke Wang - CVE-2017-5039: Use after free in PDFium. Credit to jinmo123 - CVE-2017-5040: Information disclosure in V8. Credit to Choongwoo Han - CVE-2017-5041: Address spoofing in Omnibox. Credit to Jordi Chancel - CVE-2017-5033: Bypass of Content Security Policy in Blink. Credit to Nicolai Grødum - CVE-2017-5042: Incorrect handling of cookies in Cast. Credit to Mike Ruddy - CVE-2017-5038: Use after free in GuestView. Credit to Anonymous - CVE-2017-5043: Use after free in GuestView. Credit to Anonymous - CVE-2017-5044: Heap overflow in Skia. Credit to Kushal Arvind Shah - CVE-2017-5045: Information disclosure in XSS Auditor. Credit to Dhaval Kapil - CVE-2017-5046: Information disclosure in Blink. Credit to Masato Kinugawa * Drop arm and MADV_FREE patches, which are now applied upstream. -- Michael Gilbert Fri, 10 Mar 2017 22:00:06 +0000 chromium-browser (56.0.2924.76-5) unstable; urgency=medium * Configure with fieldtrial_testing_like_official_build=true to avoid building with experimental features enabled (closes: #855434). * Do not disable background networking when remote extensions are enabled, since that option also blocks updates to extensions (closes: #841401). - Thanks to Tarmo Huuhka. -- Michael Gilbert Sat, 25 Feb 2017 21:41:02 +0000 chromium-browser (56.0.2924.76-4) unstable; urgency=medium * Do not create a dbgsym package for widevine (closes: #855529). -- Michael Gilbert Sun, 19 Feb 2017 20:17:38 +0000 chromium-browser (56.0.2924.76-3) unstable; urgency=medium * Upload to unstable. -- Michael Gilbert Sun, 05 Feb 2017 19:47:22 +0000 chromium-browser (56.0.2924.76-2) experimental; urgency=medium * Backport upstream bugfix for non-NEON builds (closes: #853108). * Fix seccomp sandboxing on arm64 platforms with DRI3 -- Riku Voipio Thu, 02 Feb 2017 09:37:05 +0200 chromium-browser (56.0.2924.76-1) experimental; urgency=medium * New upstream stable release: - CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil Zhani - CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean Stanek and Chip Bradford - CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy - CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang - CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip - CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou - CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar - CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang - CVE-2017-5017: Uninitialised memory access in webm video. Credit to danberm - CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu - CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu - CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu - CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to PKAV Team. - CVE-2017-5023: Type confusion in metrics. Credit to the UK's National Cyber Security Centre (NCSC) - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing -- Michael Gilbert Thu, 26 Jan 2017 01:42:21 +0000 chromium-browser (55.0.2883.75-6) unstable; urgency=medium * Organize patches. * Move widevine package to contrib (closes: #851917). * Conflict with very old versions of libsecret (closes: #838864). * Support --enable-remote-extensions option passed through CHROMIUM_FLAGS (closes: #851927). -- Michael Gilbert Sun, 22 Jan 2017 00:47:28 +0000 chromium-browser (55.0.2883.75-5) unstable; urgency=medium * Fix new lintian warnings. * Fix quoting error in run script (closes: #851634). -- Michael Gilbert Thu, 19 Jan 2017 01:19:24 +0000 chromium-browser (55.0.2883.75-4) unstable; urgency=medium * Add chromium-shell package. * Rename chromedriver package to chromium-driver. * Add chromium-widevine package (closes: #838515). - Thanks to Felix Geyer. * Add initial upstream metadata (closes: #848228). * Set more options at runtime instead of build time. * Install chromedriver to /usr/bin (closes: #845312). * Update webkit copyright information (closes: #849264). - Thanks to Sandro Knauß. * Better handling of browser extensions (closes: #841401). - Only support locally installed extensions by default. - Add new command line flag --enable-remote-extensions, which bypasses the new default, allowing remote extensions and automatic updating. -- Michael Gilbert Mon, 02 Jan 2017 02:44:11 +0000 chromium-browser (55.0.2883.75-3) unstable; urgency=medium * Merge experimental branch. * Respect parallel setting in DEB_BUILD_OPTIONS while bootstrapping gn. * Conflict libnettle4 rather than depend on libnettle6 (closes: #841213). * Disable builtin media router since it only works with official Google Chrome builds, not chromium (closes: #833477). -- Michael Gilbert Sun, 18 Dec 2016 23:14:18 +0000 chromium-browser (55.0.2883.75-2+exp3) experimental; urgency=medium * Correct typo from last build. -- Riku Voipio Fri, 16 Dec 2016 14:31:37 +0200 chromium-browser (55.0.2883.75-2+exp2) experimental; urgency=medium * Set arm_use_neon=false on armhf until we enable a neon-supporting buildd in Debian. -- Riku Voipio Thu, 15 Dec 2016 14:34:45 +0200 chromium-browser (55.0.2883.75-2+exp1) experimental; urgency=medium * Add patches from upstream for gn builds on arm64 * Enable arm64/armhf builds -- Riku Voipio Mon, 12 Dec 2016 14:04:19 +0200 chromium-browser (55.0.2883.75-2) unstable; urgency=medium * Don't set FF_API_CONVERGENCE_DURATION since it is not a part of ffmpeg's public API, and when defined leads to crashes (closes: #846648). -- Michael Gilbert Sat, 10 Dec 2016 22:24:06 +0000 chromium-browser (55.0.2883.75-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-9651: Private property access in V8. Credit to Guang Gong - CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu - CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski - CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go - CVE-2016-5203: Use after free in PDFium. Credit to Anonymous - CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu - CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani - CVE-2016-5211: Use after free in PDFium. Credit to Anonymous - CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani - CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch and MSVR - CVE-2016-5216: Use after free in PDFium. Credit to Anonymous - CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang - CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu - CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman Alqabandi - CVE-2016-5219: Use after free in V8. Credit to Rob Wu - CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker - CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu - CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr - CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek - CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee - CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu - CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme - CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak - CVE-2016-9652: Various fixes from internal audits, fuzzing and other initiatives * Make it possible to pass build flags into gn (closes: #845785). -- Michael Gilbert Fri, 02 Dec 2016 02:06:59 +0000 chromium-browser (54.0.2840.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-5181: Universal XSS in Blink. Credit to Anonymous - CVE-2016-5182: Heap overflow in Blink. Credit to Giwan Go - CVE-2016-5183: Use after free in PDFium. Credit to Anonymous - CVE-2016-5184: Use after free in PDFium. Credit to Anonymous - CVE-2016-5185: Use after free in Blink. Credit to cloudfuzzer - CVE-2016-5187: URL spoofing. Credit to Luan Herrera - CVE-2016-5188: UI spoofing. Credit to Luan Herrera - CVE-2016-5192: Cross-origin bypass in Blink. Credit to haojunhou@gmail.com - CVE-2016-5189: URL spoofing. Credit to xisigr - CVE-2016-5186: Out of bounds read in DevTools. Credit to Abdulrahman Alqabandi - CVE-2016-5191: Universal XSS in Bookmarks. Credit to Gareth Hughes - CVE-2016-5190: Use after free in Internals. Credit to Atte Kettunen - CVE-2016-5193: Scheme bypass. Credit to Yuyang ZHOU - CVE-2016-5194: Various fixes from internal audits, fuzzing and other initiatives - CVE-2016-5198: Out of bounds memory access in V8. Credit to Tencent Keen Security Lab - CVE-2016-5200: Out of bounds memory access in V8. Credit to Choongwoo Han - CVE-2016-5201: Info leak in extensions. Credit to Rob Wu - CVE-2016-5202: Various fixes from internal audits, fuzzing and other initiatives * Remove libxslt symlinks from the upstream taball. * Drop cups patch that's been applied upstream. * Build using gn and drop gyp dependency. * Update debian/copyright. -- Michael Gilbert Fri, 18 Nov 2016 01:36:36 +0000 chromium-browser (53.0.2785.143-1) unstable; urgency=medium * New upstream security release: - CVE-2016-5177: Use after free in V8. Credit to Anonymous - CVE-2016-5178: Various fixes from internal audits, fuzzing and other initiatives. * Change StartupWMClass in the desktop file to chromium (closes: #813079). * Support building with cups 2.2 (closes: #839377). * Update debian/copyright. -- Michael Gilbert Sat, 01 Oct 2016 11:08:42 +0000 chromium-browser (53.0.2785.113-1) unstable; urgency=medium * New upstream security release: - CVE-2016-5170: Use after free in Blink. Credit to Anonymous - CVE-2016-5171: Use after free in Blink. Credit to Anonymous - CVE-2016-5172: Arbitrary Memory Read in v8. Credit to Choongwoo Han - CVE-2016-5173: Extension resource access. Credit to Anonymous - CVE-2016-5174: Popup not correctly suppressed. Credit to Andrey Kovalev - CVE-2016-5175: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Tue, 13 Sep 2016 23:12:03 +0000 chromium-browser (53.0.2785.92-3) unstable; urgency=medium * Add -fno-delete-null-pointer checks to the build flags (closes: #833501). -- Michael Gilbert Sun, 11 Sep 2016 14:47:55 +0000 chromium-browser (53.0.2785.92-2) unstable; urgency=medium * Build with gcc 6 (closes: #835943). * Add versioned harfbuzz dependency (closes: #833953). -- Michael Gilbert Tue, 06 Sep 2016 00:53:14 +0000 chromium-browser (53.0.2785.92-1) unstable; urgency=medium * New upstream stable release. * Support building with glibc 2.24 (closes: #836611). -- Michael Gilbert Sun, 04 Sep 2016 19:33:10 +0000 chromium-browser (53.0.2785.89-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-5147: Universal XSS in Blink. Credit to anonymous - CVE-2016-5148: Universal XSS in Blink. Credit to anonymous - CVE-2016-5149: Script injection in extensions. Credit to Max Justicz - CVE-2016-5150: Use after free in Blink. Credit to anonymous - CVE-2016-5151: Use after free in PDFium. Credit to anonymous - CVE-2016-5152: Heap overflow in PDFium. Credit to GiWan Go of Stealien - CVE-2016-5153: Use after destruction in Blink. Credit to Atte Kettunen - CVE-2016-5154: Heap overflow in PDFium. Credit to anonymous - CVE-2016-5155: Address bar spoofing. Credit to anonymous - CVE-2016-5156: Use after free in event bindings. Credit to jinmo123 - CVE-2016-5157: Heap overflow in PDFium. Credit to anonymous - CVE-2016-5158: Heap overflow in PDFium. Credit to GiWan Go - CVE-2016-5159: Heap overflow in PDFium. Credit to GiWan Go - CVE-2016-5160: Extensions web accessible resources bypass. Credit to @l33terally - CVE-2016-5161: Type confusion in Blink. - CVE-2016-5162: Extensions web accessible resources bypass. Credit to Nicolas Golubovic - CVE-2016-5163: Address bar spoofing. Credit to Rafay Baloch - CVE-2016-5164: Universal XSS using DevTools. Credit to anonymous - CVE-2016-5165: Script injection in DevTools. Credit to Gregory Panakkal - CVE-2016-5166: SMB Relay Attack via Save Page As. Credit to Gregory Panakkal - CVE-2016-5167: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Sat, 03 Sep 2016 16:30:44 +0000 chromium-browser (52.0.2743.116-2) unstable; urgency=medium * Fix syntax error in debian/copyright. * Include compiler info in the build log. * Add information about debugging to README.debian. * Build with gcc 5 during the gcc 6 transition (closes: #833501). -- Michael Gilbert Sun, 07 Aug 2016 01:05:40 +0000 chromium-browser (52.0.2743.116-1) unstable; urgency=medium * New upstream security release: - CVE-2016-5141 Address bar spoofing. Credit to Sergey Glazunov - CVE-2016-5142 Use-after-free in Blink. Credit to Sergey Glazunov - CVE-2016-5139 Heap overflow in pdfium. Credit to GiWan Go - CVE-2016-5140 Heap overflow in pdfium. Credit to Ke Liu - CVE-2016-5145 Same origin bypass for images in Blink. Credit to Sergey Glazunov - CVE-2016-5143 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal - CVE-2016-5144 Parameter sanitization failure in DevTools. Credit to Gregory Panakkal - CVE-2016-5146: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Thu, 04 Aug 2016 13:01:42 +0000 chromium-browser (52.0.2743.82-4) unstable; urgency=medium * Remove menu file. * Build with fastbuild=2. * Disable background networking features. * Link against system harfbuzz library again. -- Michael Gilbert Sat, 30 Jul 2016 21:25:30 +0000 chromium-browser (52.0.2743.82-3) unstable; urgency=medium * Fix a few lintian warnings. * Use gtk3 backend instead of gtk2. * Launch as a single process when debugging to get useful symbol info. -- Michael Gilbert Sat, 30 Jul 2016 04:07:46 +0000 chromium-browser (52.0.2743.82-2) unstable; urgency=medium * Bump standards version. * Drop no longer needed speechd patch. * Build complete debugging symbols again. * Link against libusb 1.0 (closes: #810403). * Fix path to master_preferences (closes: #830274). * Add an explicit dependency on libnettle6 (closes: #832125). -- Michael Gilbert Sun, 24 Jul 2016 22:02:56 +0000 chromium-browser (52.0.2743.82-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1704: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1705: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie - CVE-2016-1707: URL spoofing on iOS. Credit to xisigr. - CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan - CVE-2016-1709: Heap-buffer-overflow in sfntly. Credit to ChenQin. - CVE-2016-1710: Same-origin bypass in Blink. Credit to Mariusz Mlynski - CVE-2016-1711: Same-origin bypass in Blink. Credit to Mariusz Mlynski - CVE-2016-5127: Use-after-free in Blink. Credit to cloudfuzzer - CVE-2016-5128: Same-origin bypass in V8. Credit to Anonymous - CVE-2016-5129: Memory corruption in V8. Credit to Jeonghoon Shin - CVE-2016-5130: URL spoofing. Credit to Wadih Matar - CVE-2016-5131: Use-after-free in libxml. Credit to Nick Wellnhofer - CVE-2016-5132: Limited same-origin bypass in Service Workers. Credit to Ben Kelly - CVE-2016-5133: Origin confusion in proxy authentication. Credit to Patch Eudor - CVE-2016-5134: URL leakage via PAC script. Credit to Paul Stone - CVE-2016-5135: Content-Security-Policy bypass. Credit to ShenYeYinJiu - CVE-2016-5136: Use after free in extensions. Credit to Rob Wu - CVE-2016-5137: History sniffing with HSTS and CSP. Credit to Xiaoyin Liu -- Michael Gilbert Sat, 23 Jul 2016 03:56:18 +0000 chromium-browser (51.0.2704.79-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1696: Cross-origin bypass in Extension bindings. Credit to anonymous. - CVE-2016-1697: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1698: Information leak in Extension bindings. Credit to Rob Wu. - CVE-2016-1699: Parameter sanitization failure in DevTools. Credit to Gregory Panakkal. - CVE-2016-1700: Use-after-free in Extensions. Credit to Rob Wu. - CVE-2016-1701: Use-after-free in Autofill. Credit to Rob Wu. - CVE-2016-1702: Out-of-bounds read in Skia. Credit to cloudfuzzer. -- Michael Gilbert Thu, 02 Jun 2016 23:55:13 +0000 chromium-browser (51.0.2704.63-2) unstable; urgency=medium * Fix libspeechd build error. -- Michael Gilbert Sun, 29 May 2016 01:42:46 +0000 chromium-browser (51.0.2704.63-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1667: Same origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1668: Same origin bypass in Blink V8 bindings. Credit to Mariusz Mlynski. - CVE-2016-1669: Buffer overflow in V8. Credit to Choongwoo Han. - CVE-2016-1670: Race condition in loader. Credit to anonymous. - CVE-2016-1672: Cross-origin bypass in extension bindings. Credit to Mariusz Mlynski. - CVE-2016-1673: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1674: Cross-origin bypass in extensions. Credit to Mariusz Mlynski. - CVE-2016-1675: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1676: Cross-origin bypass in extension bindings. Credit to Rob Wu. - CVE-2016-1677: Type confusion in V8. Credit to Guang Gong. - CVE-2016-1678: Heap overflow in V8. Credit to Christian Holler. - CVE-2016-1679: Heap use-after-free in V8 bindings. Credit to Rob Wu. - CVE-2016-1680: Heap use-after-free in Skia. Credit to Atte Kettunen. - CVE-2016-1681: Heap overflow in PDFium. Credit to Aleksandar Nikolic. - CVE-2016-1682: CSP bypass for ServiceWorker. Credit to KingstonTime. - CVE-2016-1685: Out-of-bounds read in PDFium. Credit to Ke Liu. - CVE-2016-1686: Out-of-bounds read in PDFium. Credit to Ke Liu. - CVE-2016-1687: Information leak in extensions. Credit to Rob Wu. - CVE-2016-1688: Out-of-bounds read in V8. Credit to Max Korenko. - CVE-2016-1689: Heap buffer overflow in media. Credit to Atte Kettunen. - CVE-2016-1690: Heap use-after-free in Autofill. Credit to Rob Wu. - CVE-2016-1691: Heap buffer-overflow in Skia. Credit to Atte Kettunen. - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker. Credit to Til Jasper Ullrich. - CVE-2016-1693: HTTP Download of Software Removal Tool. Credit to Khalil Zhani. - CVE-2016-1694: HPKP pins removed on cache clearance. Credit to Ryan Lester and Bryant Zadegan. - CVE-2016-1695: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Fri, 27 May 2016 01:52:42 +0000 chromium-browser (50.0.2661.94-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1660: Out-of-bounds write in Blink. Credit to Atte Kettunen. - CVE-2016-1661: Memory corruption in cross-process frames. Credit to Wadih Matar. - CVE-2016-1662: Use-after-free in extensions. Credit to Rob Wu. - CVE-2016-1663: Use-after-free in Blink’s V8 bindings. Credit to anonymous. - CVE-2016-1664: Address bar spoofing. Credit to Wadih Matar. - CVE-2016-1665: Information leak in V8. Credit to gksgudtjr456. - CVE-2016-1666: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Sat, 30 Apr 2016 03:39:44 +0000 chromium-browser (50.0.2661.75-2) unstable; urgency=medium * Fix problem with linking to ffmpeg (closes: #821154). - Thanks to Sebastian Ramacher. -- Michael Gilbert Sat, 23 Apr 2016 00:55:40 +0000 chromium-browser (50.0.2661.75-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1652: Universal XSS in extension bindings. Credit to anonymous. - CVE-2016-1653: Out-of-bounds write in V8. Credit to Choongwoo Han. - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding. - CVE-2016-1654: Uninitialized memory read in media. Credit to Atte Kettunen. - CVE-2016-1655: Use-after-free related to extensions. Credit to Rob Wu. - CVE-2016-1657: Address bar spoofing. Credit to Luan Herrera. - CVE-2016-1658: Potential leak of sensitive information to malicious extensions. Credit to Antonio Sanso. - CVE-2015-1659: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Thu, 14 Apr 2016 01:04:58 +0000 chromium-browser (49.0.2623.108-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1646: Out-of-bounds read in V8. Credit to Wen Xu. - CVE-2016-1647: Use-after-free in Navigation. Credit to anonymous. - CVE-2016-1648: Use-after-free in Extensions. Credit to anonymous. - CVE-2016-1649: Buffer overflow in libANGLE. Credit to lokihardt. - CVE-2016-1650: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Sat, 12 Mar 2016 20:12:03 +0000 chromium-browser (49.0.2623.87-1) unstable; urgency=medium * New upstream security release: - CVE-2016-1643: Type confusion in Blink. Credit to cloudfuzzer. - CVE-2016-1644: Use-after-free in Blink. Credit to Atte Kettunen. - CVE-2016-1645: Out-of-bounds write in PDFium. -- Michael Gilbert Wed, 09 Mar 2016 02:27:50 +0000 chromium-browser (49.0.2623.75-2) unstable; urgency=medium * Update standards version. * Add libffi-dev build dependency. -- Michael Gilbert Fri, 04 Mar 2016 00:14:12 +0000 chromium-browser (49.0.2623.75-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1630: Same-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2016-1631: Same-origin bypass in Pepper Plugin. Credit to Mariusz Mlynski. - CVE-2016-1632: Bad cast in Extensions. Credit to anonymous. - CVE-2016-1633: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2016-1634: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2016-1635: Use-after-free in Blink. Credit to Rob Wu. - CVE-2016-1636: SRI Validation Bypass. Credit to ryan@cyph.com. - CVE-2015-8126: Out-of-bounds access in libpng. Credit to joerg.bornemann. - CVE-2016-1637: Information Leak in Skia. Credit to Keve Nagy. - CVE-2016-1638: WebAPI Bypass. Credit to Rob Wu. - CVE-2016-1639: Use-after-free in WebRTC. Credit to Khalil Zhani. - CVE-2016-1640: Origin confusion in Extensions UI. Credit to Luan Herrera. - CVE-2016-1641: Use-after-free in Favicon. Credit to Atte Kettunen. - CVE-2016-1642: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in libv8 (version 4.9.385.26). * Set use_sysroot=0 to continue using system libraries. -- Michael Gilbert Wed, 02 Mar 2016 23:47:54 +0000 chromium-browser (48.0.2564.116-1) unstable; urgency=medium * New stable security release: - CVE-2016-1622: Same-origin bypass in Extensions. Credit to anonymous. - CVE-2016-1623: Same-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli. - CVE-2016-1625: Navigation bypass in Chrome Instant. Credit to Jann Horn. - CVE-2016-1626: Out-of-bounds read in PDFium. Credit to anonymous. - CVE-2016-1627: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2016-1628: Out-of-bounds read in PDFium. Credit to anonymous. - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. Credit to anonymous. -- Michael Gilbert Fri, 12 Feb 2016 02:53:42 +0000 chromium-browser (48.0.2564.82-2) unstable; urgency=medium * Build with gcc instead of clang. * Use ld.gold to avoid memory exhaustion while linking (closes: #812569). -- Michael Gilbert Sun, 24 Jan 2016 21:35:33 +0000 chromium-browser (48.0.2564.82-1) unstable; urgency=medium * New upstream stable release: - CVE-2016-1612: Bad cast in V8. Credit to cloudfuzzer. - CVE-2016-1613: Use-after-free in PDFium. Credit to anonymous. - CVE-2016-1614: Information leak in Blink. Credit to Christoph Diehl. - CVE-2016-1615: Origin confusion in Omnibox. Credit to Ron Masas. - CVE-2016-1616: URL Spoofing. Credit to Luan Herrera. - CVE-2016-1617: History sniffing with HSTS and CSP. Credit to jenuis. - CVE-2016-1618: Weak random number generator in Blink. Credit to Aaron Toponce. - CVE-2016-1619: Out-of-bounds read in PDFium. Credit to Keve Nagy. - CVE-2016-1620: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch (currently 4.8.271.17). -- Michael Gilbert Thu, 21 Jan 2016 00:06:10 +0000 chromium-browser (47.0.2526.111-1) unstable; urgency=medium * New upstream stable release: - Removes native_client/toolchain files introduced in the previous upstream version (closes: #807973) * Drop libssl-dev build dependency. * Migrate to dbgsym debug packages. * Recommend fonts-liberation (closes: #808106). -- Michael Gilbert Tue, 29 Dec 2015 02:45:48 +0000 chromium-browser (47.0.2526.80-3) unstable; urgency=medium * Drop change to the fullscreen UI (closes: #808076). * Fix installation of the English language pak (closes: #808046). * Avoid symbol conflicts between the jpeg library embedded in pdfium and the system jpeg library (closes: #794031). -- Michael Gilbert Wed, 16 Dec 2015 02:27:17 +0000 chromium-browser (47.0.2526.80-2) unstable; urgency=medium * Greatly simplify the arch:all build. * Don't hide the UI in fullscreen mode. * Ignore the GPU blacklist (closes: #802933). * Fix WMClass in the desktop launcher (closes: #803989). * Set the correct file name for the desktop launcher (closes: #806402). -- Michael Gilbert Sun, 13 Dec 2015 06:16:19 +0000 chromium-browser (47.0.2526.80-1) unstable; urgency=medium * New upstream stable release: - Multiple vulnerabilities fixed in libv8 4.7.80.23. - CVE-2015-6788: Type confusion in extensions. Credit to anonymous. - CVE-2015-6789: Use-after-free in Blink. Credit to cloudfuzzer. - CVE-2015-6790: Escaping issue in saved pages. Credit to Inti De Ceukelaire. - CVE-2015-6791: Various fixes from internal audits, fuzzing and other initiatives. * Add support for ffmpeg 2.9 (closes: #803806). * Disable accelerated video decoding (closes: #804901). -- Michael Gilbert Sat, 12 Dec 2015 22:37:45 +0000 chromium-browser (47.0.2526.73-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1302: Information leak in PDF viewer. Credit to Rob Wu. - CVE-2015-6765: Use-after-free in AppCache. Credit to anonymous. - CVE-2015-6766: Use-after-free in AppCache. Credit to anonymous. - CVE-2015-6767: Use-after-free in AppCache. Credit to anonymous. - CVE-2015-6768: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6769: Cross-origin bypass in core. Credit to Mariusz Mlynski. - CVE-2015-6770: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6771: Out of bounds access in v8. Credit to anonymous. - CVE-2015-6772: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-6764: Out of bounds access in v8. Credit to Guang Gong. - CVE-2015-6773: Out of bounds access in Skia. Credit to cloudfuzzer. - CVE-2015-6774: Use-after-free in Extensions. Credit to anonymous. - CVE-2015-6775: Type confusion in PDFium. Credit to Atte Kettunen. - CVE-2015-6776: Out of bounds access in PDFium. Credit to Hanno Böck. - CVE-2015-6777: Use-after-free in DOM. Credit to Long Liu. - CVE-2015-6778: Out of bounds access in PDFium. Credit to Karl Skomski. - CVE-2015-6779: Scheme bypass in PDFium. Credit to Til Jasper Ullrich. - CVE-2015-6780: Use-after-free in Infobars. Credit to Khalil Zhani. - CVE-2015-6781: Integer overflow in Sfntly. Credit to miaubiz. - CVE-2015-6782: Content spoofing in Omnibox. Credit to Luan Herrera. - CVE-2015-6784: Escaping issue in saved pages. Credit to Inti De Ceukelaire. - CVE-2015-6785: Wildcard matching issue in CSP. Credit to Michael Ficarra. - CVE-2015-6786: Scheme bypass in CSP. Credit to Michael Ficarra. * Lengthen GPU timeout (closes: #781940). * Enable accelerated video decoding (closes: #793815). -- Michael Gilbert Thu, 03 Dec 2015 00:59:47 +0000 chromium-browser (46.0.2490.71-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-6755: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2015-6756: Use-after-free in PDFium. Credit to anonymous. - CVE-2015-6757: Use-after-free in ServiceWorker. Credit to Collin Payne. - CVE-2015-6758: Bad-cast in PDFium. Credit to Atte Kettunen of OUSPG. - CVE-2015-6759: Information leakage in LocalStorage. Credit to Muneaki Nishimura. - CVE-2015-6760: Improper error handling in libANGLE. Credit to Ronald Crane, an independent security researcher. - CVE-2015-6762: CORS bypass via CSS fonts. Credit to Muneaki Nishimura. - CVE-2015-6763: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.6 branch (currently 4.6.85.23). -- Michael Gilbert Fri, 16 Oct 2015 01:43:28 +0000 chromium-browser (45.0.2454.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1303: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1304: Cross-origin bypass in V8. Credit to Mariusz Mlynski. -- Michael Gilbert Sat, 26 Sep 2015 15:57:23 +0000 chromium-browser (45.0.2454.85-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1291: Cross-origin bypass in DOM. Credit to anonymous. - CVE-2015-1292: Cross-origin bypass in ServiceWorker. Credit to Mariusz Mlynski. - CVE-2015-1293: Cross-origin bypass in DOM. Credit to Mariusz Mlynski. - CVE-2015-1294: Use-after-free in Skia. Credit to cloudfuzzer. - CVE-2015-1295: Use-after-free in Printing. Credit to anonymous. - CVE-2015-1296: Character spoofing in omnibox. Credit to zcorpan. - CVE-2015-1297: Permission scoping error in WebRequest. Credit to Alexander Kashev. - CVE-2015-1298: URL validation error in extensions. Credit to Rob Wu. - CVE-2015-1299: Use-after-free in Blink. Credit to taro.suzuki.dev. - CVE-2015-1300: Information leak in Blink. Credit to cgvwzq. - CVE-2015-1301: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in the libv8 library (updated to 4.5.103.29). -- Michael Gilbert Tue, 01 Sep 2015 22:07:59 +0000 chromium-browser (44.0.2403.157-1) unstable; urgency=medium * New upstream stable release: - GPU process race condition fixed (closes: #794472). * Use system ffmpeg (closes: #763632): - Thanks to Andreas Cadhalpun. -- Michael Gilbert Sun, 23 Aug 2015 22:43:20 +0000 chromium-browser (44.0.2403.107-2) unstable; urgency=medium * More updates to debian/copyright. * Add some more instructions for bug presubmission. * Remove no longer needed mainscript and preinst scripts. * Use chromium.png in the desktop launcher (closes: #794818). -- Michael Gilbert Sat, 08 Aug 2015 23:03:26 +0000 chromium-browser (44.0.2403.107-1) unstable; urgency=medium * New upstream stable release. * More updates to debian/copyright. -- Michael Gilbert Sun, 26 Jul 2015 01:41:55 +0000 chromium-browser (44.0.2403.89-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1270: Uninitialized memory read in ICU. Credit to Atte Kettunen. - CVE-2015-1271: Heap-buffer-overflow in pdfium. Credit to cloudfuzzer. - CVE-2015-1272: Use-after-free related to unexpected GPU process termination. Credit to Chamal de Silva. - CVE-2015-1273: Heap-buffer-overflow in pdfium. Credit to makosoft. - CVE-2015-1274: Settings allowed executable files to run immediately after download. Credit to andrewm.bpi. - CVE-2015-1275: UXSS in Chrome for Android. Credit to WangTao(neobyte). - CVE-2015-1276: Use-after-free in IndexedDB. Credit to Collin Payne. - CVE-2015-1277: Use-after-free in accessibility. Credit to SkyLined. - CVE-2015-1278: URL spoofing using pdf files. Credit to Chamal de Silva. - CVE-2015-1279: Heap-buffer-overflow in pdfium. Credit to mlafon. - CVE-2015-1280: Memory corruption in skia. Credit to cloudfuzzer. - CVE-2015-1281: CSP bypass. Credit to Masato Kinugawa. - CVE-2015-1282: Use-after-free in pdfium. Credit to Chamal de Silva. - CVE-2015-1283: Heap-buffer-overflow in expat. Credit to Huzaifa Sidhpurwala. - CVE-2015-1284: Use-after-free in blink. Credit to Atte Kettunen. - CVE-2015-1285: Information leak in XSS auditor. Credit to gazheyes. - CVE-2015-1286: UXSS in blink. Credit to anonymous. - CVE-2015-1287: SOP bypass with CSS. Credit to filedescriptor. - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. Credit to Mike Ruddy. - CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives. * Remove hotword patch, now disabled by default upstream. -- Michael Gilbert Tue, 21 Jul 2015 22:33:06 +0000 chromium-browser (43.0.2357.130-1) unstable; urgency=medium * New upstream security release: - CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. - CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous. - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy. * Don't build the Google Now extension. * More updates to debian/copyright. -- Michael Gilbert Tue, 23 Jun 2015 21:43:54 +0000 chromium-browser (43.0.2357.124-3) unstable; urgency=medium * Fix syntax error in default-flags (closes: #789310). -- Michael Gilbert Fri, 19 Jun 2015 22:04:28 +0000 chromium-browser (43.0.2357.124-2) unstable; urgency=medium * More updates to debian/copyright. * Disable all external component loading. * Set flag to avoid hidden items in the about:extensions dialog. -- Michael Gilbert Fri, 19 Jun 2015 05:31:48 +0000 chromium-browser (43.0.2357.124-1) unstable; urgency=medium * New upstream release. * Disable wallet extension. * Remove more sourceless files. * Remove files no longer included from debian/copright. -- Michael Gilbert Wed, 17 Jun 2015 03:00:44 +0000 chromium-browser (43.0.2357.81-1) unstable; urgency=medium * New upstream release fixing missing icon (closes: #786490). * Disable hotword (closes: #786909). * Remove some sourceless files. -- Michael Gilbert Mon, 15 Jun 2015 04:04:34 +0000 chromium-browser (43.0.2357.65-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1252: Sandbox escape in Chrome. Credit to anonymous. - CVE-2015-1253: Cross-origin bypass in DOM. Credit to anonymous. - CVE-2015-1254: Cross-origin bypass in Editing. Credit to armin@rawsec.net. - CVE-2015-1255: Use-after-free in WebAudio. Credit to Khalil Zhani. - CVE-2015-1256: Use-after-free in SVG. Credit to Atte Kettunen. - CVE-2015-1251: Use-after-free in Speech. Credit to SkyLined. - CVE-2015-1257: Container-overflow in SVG. Credit to miaubiz. - CVE-2015-1258: Negative-size parameter in Libvpx. Credit to cloudfuzzer - CVE-2015-1259: Uninitialized value in PDFium. Credit to Atte Kettunen. - CVE-2015-1260: Use-after-free in WebRTC. Credit to Khalil Zhani. - CVE-2015-1261: URL bar spoofing. Credit to Juho Nurminen. - CVE-2015-1262: Uninitialized value in Blink. Credit to miaubiz. - CVE-2015-1263: Insecure download of spellcheck dictionary. Credit to Mike Ruddy. - CVE-2015-1264: Cross-site scripting in bookmarks. Credit to K0r3Ph1L. - Fix for gzip file downloading (closes: #677948). - Fix for bookmark navigation (closes: #756211). * Enable HiDPI (closes: #763421). * Make chromium-l10n binnmuable. * Fix Built-Using fields. -- Michael Gilbert Sat, 09 May 2015 22:37:06 +0000 chromium-browser (42.0.2311.135-2) unstable; urgency=medium * Remove src/ prefix in debian/copyright. * Fix path to default configuration files. * Describe omnibox search in README.debian (closes: 781591). * Fix application name in the launcher script (closes: #783858). * Set CHROME_WRAPPER to /usr/bin/chromium by default (closes: #783097). -- Michael Gilbert Sat, 09 May 2015 14:53:34 +0000 chromium-browser (42.0.2311.135-1) unstable; urgency=medium [ Michael Gilbert ] * Remove some unneeded files from the upstream tarball. * Move default configuration files to /usr/share/chromium. * New upstream stable release: - CVE-2015-1243: Use-after-free in DOM. Credit to Saif El-Sherei. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. [ Shawn Landden ] * Suppress first run welcome page. * Turn off safebrowsing. * Turn off pinging Google on 404 and other HTTP errors. -- Michael Gilbert Thu, 30 Apr 2015 01:08:53 +0000 chromium-browser (42.0.2311.90-2) unstable; urgency=medium * Update debian/copyright. * Drop some unused patches. * Drop chromium-inspector package. * Remove Giuseppe from the uploaders. - Many thanks for the prior contributions. * Fix built on text (closes: #782052). * Fix path to master_preferences (closes: #777708). * Disable default browser warning (closes: #777265). * Conflict with libgl1-mesa-swx11 (closes: #776388). * Add MHTML mimetype to chromium.desktop (closes: #769039). * Tighten chromium-l10n versioned dependency (closes: #781505). -- Michael Gilbert Sun, 26 Apr 2015 18:49:52 +0000 chromium-browser (42.0.2311.90-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1235: Cross-origin-bypass in HTML parser. Credit to anonymous. - CVE-2015-1236: Cross-origin-bypass in Blink. Credit to Amitay Dobo. - CVE-2015-1237: Use-after-free in IPC. Credit to Khalil Zhani. - CVE-2015-1238: Out-of-bounds write in Skia. Credit to cloudfuzzer. - CVE-2015-1240: Out-of-bounds read in WebGL. Credit to w3bd3vil. - CVE-2015-1241: Tap-Jacking. Credit to Phillip Moon and Matt Weston. - CVE-2015-1242: Type confusion in V8. Credit to fcole@onshape.com. - CVE-2015-1244: HSTS bypass in WebSockets. Credit to Mike Ruddy. - CVE-2015-1245: Use-after-free in PDFium. Credit to Khalil Zhani. - CVE-2015-1246: Out-of-bounds read in Blink. Credit to Atte Kettunen. - CVE-2015-1247: Scheme issues in OpenSearch. Credit to Jann Horn. - CVE-2015-1248: SafeBrowsing bypass. Credit to Vittorio Gambaletta. - CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. Also multiple issues in v8 4.2.77.14. -- Michael Gilbert Thu, 16 Apr 2015 00:12:00 +0000 chromium-browser (41.0.2272.118-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1233: A combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2015-1234: Buffer overflow via race condition in GPU. Credit to lokihardt working with Pwn2Own and HP’s Zero Day Initiative. -- Michael Gilbert Thu, 02 Apr 2015 00:33:12 +0000 chromium-browser (41.0.2272.76-2) unstable; urgency=medium * Install v8 natives and snapshot blob files (closes: #779717). - Thanks to Jason Rhinelander. -- Michael Gilbert Fri, 06 Mar 2015 00:59:50 +0000 chromium-browser (41.0.2272.76-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1212: Out-of-bounds write in media. Credit to anonymous. - CVE-2015-1213: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - CVE-2015-1214: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - CVE-2015-1215: Out-of-bounds write in skia filters. Credit to cloudfuzzer. - CVE-2015-1216: Use-after-free in v8 bindings. Credit to anonymous. - CVE-2015-1217: Type confusion in v8 bindings. Credit to anonymous. - CVE-2015-1218: Use-after-free in dom. Credit to cloudfuzzer. - CVE-2015-1219: Integer overflow in webgl. Credit to Chen Zhang. - CVE-2015-1220: Use-after-free in gif decoder. Credit to Aki Helin. - CVE-2015-1221: Use-after-free in web databases. Credit to Collin Payne. - CVE-2015-1222: Use-after-free in service workers. Credit to Collin Payne. - CVE-2015-1223: Use-after-free in dom. Credit to Maksymillian Motyl. - CVE-2015-1224: Out-of-bounds read in vpxdecoder. Credit to Aki Helin. - CVE-2015-1225: Out-of-bounds read in pdfium. Credit to cloudfuzzer. - CVE-2015-1226: Validation issue in debugger. Credit to Rob Wu. - CVE-2015-1227: Uninitialized value in blink. Credit to Christoph Diehl. - CVE-2015-1228: Uninitialized value in rendering. Credit to miaubiz. - CVE-2015-1229: Cookie injection via proxies. Credit to iliwoy. - CVE-2015-1230: Type confusion in v8. Credit to Skylined. - CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Wed, 04 Mar 2015 00:11:46 +0000 chromium-browser (40.0.2214.111-1) unstable; urgency=medium * New upstream stable release: - CVE-2015-1209: Use-after-free in DOM. Credit to Maksymillian Motyl. - CVE-2015-1210: Cross-origin-bypass in V8 bindings. Credit to anonymous. - CVE-2015-1211: Privilege escalation using service workers. Credit to anonymous. - CVE-2015-1212: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Fri, 13 Feb 2015 02:32:16 +0000 chromium-browser (40.0.2214.91-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-7923: Memory corruption in ICU. Credit to yangdingning. - CVE-2014-7924: Use-after-free in IndexedDB. Credit to Collin Payne. - CVE-2014-7925: Use-after-free in WebAudio. Credit to mark.buer. - CVE-2014-7926: Memory corruption in ICU. Credit to yangdingning. - CVE-2014-7927: Memory corruption in V8. Credit to Christian Holler. - CVE-2014-7928: Memory corruption in V8. Credit to Christian Holler. - CVE-2014-7929: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-7930: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-7931: Memory corruption in V8. Credit to cloudfuzzer. - CVE-2014-7932: Use-after-free in DOM. Credit to Atte Kettunen. - CVE-2014-7933: Use-after-free in FFmpeg. Credit to aohelin. - CVE-2014-7934: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-7935: Use-after-free in Speech. Credit to Khalil Zhani. - CVE-2014-7936: Use-after-free in Views. Credit to Christoph Diehl. - CVE-2014-7937: Use-after-free in FFmpeg. Credit to Atte Kettunen. - CVE-2014-7938: Memory corruption in Fonts. Credit to Atte Kettunen. - CVE-2014-7939: Same-origin-bypass in V8. Credit to Takeshi Terada. - CVE-2014-7940: Uninitialized-value in ICU. Credit to miaubiz. - CVE-2014-7941: Out-of-bounds read in UI. Credit to Atte Kettunen and Christoph Diehl. - CVE-2014-7942: Uninitialized-value in Fonts. Credit to miaubiz. - CVE-2014-7943: Out-of-bounds read in Skia. Credit to Atte Kettunen. - CVE-2014-7944: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - CVE-2014-7945: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - CVE-2014-7946: Out-of-bounds read in Fonts. Credit to miaubiz. - CVE-2014-7947: Out-of-bounds read in PDFium. Credit to fuzztercluck. - CVE-2014-7948: Caching error in AppCache. Credit to jiayaoqijia. - CVE-2015-1205: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Thu, 22 Jan 2015 04:42:18 +0000 chromium-browser (39.0.2171.71-2) unstable; urgency=medium * Add missing test to chromium.preinst (closes: #771684). -- Michael Gilbert Tue, 02 Dec 2014 01:30:33 +0000 chromium-browser (39.0.2171.71-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-3566: SSLv3 support is now disabled by default. - CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen. - CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen. - CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte). - CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang. - CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang. - CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. * Display info about upstream ending support for non-sse2 (closes: #769836). * Remove non-free RFCs from the upstream tarball (closes: #771640). * Include a conf file for Google's API keys (closes: #748867). * Handle dangling chromium icon directory (closes: #766420). * Install icons into the correct path (closes: #767697). -- Michael Gilbert Mon, 01 Dec 2014 01:13:44 +0000 chromium-browser (38.0.2125.101-3) unstable; urgency=medium * Ignore dpkg files in /etc/chromium.d (closes: #765959). * Remove trailing maintscript arguments (closes: #765528). * Use libjpeg-dev instead of libjpeg8-dev (closes: #765821). -- Michael Gilbert Fri, 17 Oct 2014 21:27:05 +0000 chromium-browser (38.0.2125.101-2) unstable; urgency=medium * Disable HiDPI (closes: #764883). * Fix conffile handling (closes: #764769). * Correct icon installation logic (closes: #764828). * Use embedded protobuf code copy (closes: #764911). * Support larger set of html5 video formats again (closes: #764793). -- Michael Gilbert Sun, 12 Oct 2014 21:34:26 +0000 chromium-browser (38.0.2125.101-1) unstable; urgency=medium * New upstream stable release: - CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2014-3189: Out-of-bounds read in PDFium. Credit to cloudfuzzer. - CVE-2014-3190: Use-after-free in Events. Credit to cloudfuzzer, Chen Zhang. - CVE-2014-3191: Use-after-free in Rendering. Credit to cloudfuzzer. - CVE-2014-3192: Use-after-free in DOM. Credit to cloudfuzzer. - CVE-2014-3193: Type confusion in Session Management. Credit to miaubiz. - CVE-2014-3194: Use-after-free in Web Workers. Credit to Collin Payne. - CVE-2014-3195: Information Leak in V8. Credit to Jüri Aedla. - CVE-2014-3196: Permissions bypass in Windows Sandbox. Credit to James Forshaw. - CVE-2014-3197: Information Leak in XSS Auditor. Credit to Takeshi Terada. - CVE-2014-3198: Out-of-bounds read in PDFium. Credit to Atte Kettunen. - CVE-2014-3199: Release Assert in V8 bindings. Credit to Collin Payne. - CVE-2014-3200: Various fixes from internal audits, fuzzing and other initiatives (Chrome 38). - Improved support for HiDPI displays (closes: #763421). * Add libgnome-keyring-dev build dependency (closes: #764548). * Install desktop file and icons again (closes: #764373). * Correctly handle old conffiles (closes: #764180). -- Michael Gilbert Fri, 10 Oct 2014 00:49:02 +0000 chromium-browser (37.0.2062.120-4) unstable; urgency=medium * Merge changes from the experimental branch. * Install chromium menu entry (closes: #752855). * Use /etc/chromium.d for preferences (closes: #762574). -- Michael Gilbert Sun, 28 Sep 2014 17:39:41 +0000 chromium-browser (37.0.2062.120-3) unstable; urgency=medium * Build with clang 3.5. * Enable support for HiDPI displays (closes: #763421). * Document debian-specific command-line options (closes: #755401). -- Michael Gilbert Sun, 28 Sep 2014 17:39:41 +0000 chromium-browser (37.0.2062.120-2) unstable; urgency=medium * Build with clang instead of gcc. * Add libexif-dev build dependency. -- Michael Gilbert Sun, 21 Sep 2014 22:57:11 +0000 chromium-browser (37.0.2062.120-1) unstable; urgency=medium * New upstream stable release (closes: #761090): - CVE-2014-3160: Same-Origin-Policy bypass in SVG. Credit to Christian Schneider. - CVE-2014-3162: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3165: Use-after-free in web sockets. Credit to Collin Payne. - CVE-2014-3166: Information disclosure in SPDY. Credit to Antoine Delignat-Lavaud. - CVE-2014-3167: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3168: Use-after-free in SVG. Credit to cloudfuzzer. - CVE-2014-3169: Use-after-free in DOM. Credit to Andrzej Dyjak. - CVE-2014-3170: Extension permission dialog spoofing. Credit to Rob Wu. - CVE-2014-3171: Use-after-free in bindings. Credit to cloudfuzzer. - CVE-2014-3172: Issue related to extension debugging. Credit to Eli Grey. - CVE-2014-3173: Uninitialized memory read in WebGL. Credit to jmuizelaar. - CVE-2014-3174: Uninitialized memory read in Web Audio. Credit to Atte Kettunen from OUSPG. - CVE-2014-3175: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3176: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3177: A special reward to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and extensions that can lead to remote code execution outside of the sandbox. - CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz. - CVE-2014-3179: Various fixes from internal audits, fuzzing and other initiatives. - Fixes segfault in angle with gcc 4.9 (closes: #751652). - Includes an embedded pdf viewer (closes: #667591). * Use pristine upstream that doesn't have pre-built nacl (closes: #753761). * Correct webbrowser spelling in the desktop file (closes: #758143). * Remove leftover conffiles (closes: #751848). * Build using gcc 4.9 (closes: #754182). -- Michael Gilbert Wed, 13 Aug 2014 22:56:16 +0000 chromium-browser (36.0.1985.125-0) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Wed, 16 Jul 2014 00:49:19 +0000 chromium-browser (36.0.1985.103-1) experimental; urgency=medium * New upstream beta release. * Remove android folders. -- Michael Gilbert Sat, 12 Jul 2014 21:38:26 +0000 chromium-browser (36.0.1985.98-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Sun, 06 Jul 2014 04:05:56 +0000 chromium-browser (36.0.1985.97-1) experimental; urgency=medium * New upstream beta release. * Use system srtp, modpbase64, zlib, and minizip. * Remove srtp files from the upstream tarball (closes: #753826). -- Michael Gilbert Sun, 06 Jul 2014 00:06:57 +0000 chromium-browser (36.0.1985.84-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Sat, 21 Jun 2014 23:41:14 +0000 chromium-browser (36.0.1985.67-1) experimental; urgency=medium * New upstream beta release. * More verbose linking output. * Fix unwanted output (closes: #751359). * More robust fix for older processors (closes: #750361). -- Michael Gilbert Wed, 18 Jun 2014 00:18:47 +0000 chromium-browser (36.0.1985.49-1) experimental; urgency=medium * New upstream beta release. * Remove more files from the upstream tarball. -- Michael Gilbert Sun, 08 Jun 2014 01:49:51 +0000 chromium-browser (36.0.1985.36-1) experimental; urgency=medium * Use system libre2. * Remove more files from the upstream tarball. * Don't set sse2 compiler flags on i386 (closes: #750361). -- Michael Gilbert Sat, 07 Jun 2014 22:00:14 +0000 chromium-browser (36.0.1985.35-1) experimental; urgency=medium * Remove more files from the upstream tarball. * Only include TODO.Debian once (closes: #750568). -- Michael Gilbert Thu, 05 Jun 2014 20:21:28 +0000 chromium-browser (36.0.1985.32-1) experimental; urgency=medium * New upstream beta release. * Add icon to menu entry (closes: #703307). * Remove third_party/wtl (closes: #647529). * Update package descriptions (closes: #749673). -- Michael Gilbert Sat, 31 May 2014 19:05:32 +0000 chromium-browser (36.0.1985.18-2) experimental; urgency=medium * Add libexif-dev build dependency. * Add flags to avoid memory exhaustion while linking on i386. -- Michael Gilbert Mon, 26 May 2014 23:43:25 +0000 chromium-browser (36.0.1985.18-1) experimental; urgency=medium * New upstream beta release. * Build with gcc 4.9. * Rebuild the packaging from scratch using the "lite" upstream packages, ninja instead of make, debhelper 9 instead of cdbs, and simplified debian/rules. * Use system versions of icu, png, jpeg, opus, snappy, and jsoncpp. * No longer provide get-current-source rule (closes: #585814). * Add a README.debian document with information about chromium-inspector and command-line flags (closes: #629505, #649812). * Add protobuf-compiler, ninja-build, bison, and gperf build dependencies (closes: #748673). -- Michael Gilbert Sun, 25 May 2014 03:39:39 +0000 chromium-browser (35.0.1916.153-2) unstable; urgency=medium * Avoid gcc 4.9 (closes: #751294) -- Michael Gilbert Thu, 12 Jun 2014 01:11:09 +0000 chromium-browser (35.0.1916.153-1) unstable; urgency=high * New upstream stable release: - CVE-2014-3154: Use-after-free in filesystem api. Credit to Collin Payne. - CVE-2014-3155: Out-of-bounds read in SPDY. Credit to James March, Daniel Sommermann and Alan Frindell of Facebook. - CVE-2014-3156: Buffer overflow in clipboard. Credit to Atte Kettunen. - CVE-2014-3157: Heap overflow in media. * Don't set sse2 compiler flags on i386 (closes: #750361). * Prefer libgcrypt11 (closes: #750304). -- Michael Gilbert Wed, 11 Jun 2014 02:31:22 +0000 chromium-browser (35.0.1916.114-2) unstable; urgency=medium * Add flags to avoid memory exhaustion while linking on i386 (closes: #746034). -- Michael Gilbert Tue, 27 May 2014 03:09:00 +0000 chromium-browser (35.0.1916.114-1) unstable; urgency=high * New upstream stable release: - CVE-2014-1743: Use-after-free in styles. Credit to cloudfuzzer. - CVE-2014-1744: Integer overflow in audio. Credit to Aaron Staple. - CVE-2014-1745: Use-after-free in SVG. Credit to Atte Kettunen. - CVE-2014-1746: Out-of-bounds read in media filters. Credit to Holger Fuhrmannek. - CVE-2014-1747: UXSS with local MHTML file. Credit to packagesu. - CVE-2014-1748: UI spoofing with scrollbar. Credit to Jordan Milne. - CVE-2014-1749: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-3152: Integer underflow in V8 fixed in version 3.25.28.16. -- Michael Gilbert Wed, 21 May 2014 23:15:51 +0000 chromium-browser (34.0.1847.137-1) unstable; urgency=medium * New upstream stable release: - High CVE-2014-1740: Use-after-free in WebSockets. Credit to Collin Payne. - High CVE-2014-1741: Integer overflow in DOM ranges. Credit to John Butler. - High CVE-2014-1742: Use-after-free in editing. Credit to cloudfuzzer. -- Michael Gilbert Sat, 17 May 2014 13:06:30 +0000 chromium-browser (34.0.1847.132-1) unstable; urgency=medium * New upstream stable release: - High CVE-2014-1730: Type confusion in V8. Credit to Anonymous. - High CVE-2014-1731: Type confusion in DOM. Credit to John Butler. - High CVE-2014-1736: Integer overflow in V8. Credit to SkyLined working with HP's Zero Day Initiative - Medium CVE-2014-1732: Use-after-free in Speech Recognition. Credit to Khalil Zhani - Medium CVE-2014-1733: Compiler bug in Seccomp-BPF. Credit to Jed Davis - CVE-2014-1734: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1735: Multiple vulnerabilities in V8 fixed in version 3.24.35.33. * Add libkrb5-dev build-dependency (closes: #745794). * Remove non-free file (closes: #745397). -- Michael Gilbert Sat, 26 Apr 2014 18:03:53 +0000 chromium-browser (34.0.1847.116-2) unstable; urgency=medium * Add libgcrypt build-dependency. -- Michael Gilbert Tue, 15 Apr 2014 00:22:36 +0000 chromium-browser (34.0.1847.116-1) unstable; urgency=high * New upstream stable release: - High CVE-2014-1716: UXSS in V8. Credit to Anonymous. - High CVE-2014-1717: OOB access in V8. Credit to Anonymous. - High CVE-2014-1718: Integer overflow in compositor. Credit to Aaron Staple. - High CVE-2014-1719: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2014-1720: Use-after-free in DOM. Credit to cloudfuzzer. - High CVE-2014-1721: Memory corruption in V8. Credit to Christian Holler. - High CVE-2014-1722: Use-after-free in rendering. Credit to miaubiz. - High CVE-2014-1723: Url confusion with RTL characters. Credit to George McBay. - High CVE-2014-1724: Use-after-free in speech. Credit to Atte Kettunen. - Medium CVE-2014-1725: OOB read with window property. Credit to Anonymous. - Medium CVE-2014-1726: Local cross-origin bypass. Credit to Jann Horn. - Medium CVE-2014-1727: Use-after-free in forms. Credit to Khalil Zhani. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. * Remove sourceless javascript files (closes: #735355). * Remove sourceless swf files (closes: #735344). -- Michael Gilbert Fri, 11 Apr 2014 01:42:04 +0000 chromium-browser (33.0.1750.152-1) unstable; urgency=high * [641361a] Disable new GN stuff * [43cea90] Refreshed patches * New stable release: - High CVE-2014-1713: Use-after-free in Blink bindings - High CVE-2014-1714: Windows clipboard vulnerability - High CVE-2014-1705: Memory corruption in V8 - High CVE-2014-1715: Directory traversal issue - High CVE-2014-1700: Use-after-free in speech. Credit to Chamal de Silva. - High CVE-2014-1701: UXSS in events. Credit to aidanhs. - High CVE-2014-1702: Use-after-free in web database. Credit to Collin Payne. - High CVE-2014-1703: Potential sandbox escape due to a use-after-free in web sockets. - CVE-2014-1704: Multiple vulnerabilities in V8 fixed in version 3.23.17.18 - High CVE-2013-6663: Use-after-free in svg images. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6664: Use-after-free in speech recognition. Credit to Khalil Zhani. - High CVE-2013-6665: Heap buffer overflow in software rendering. Credit to cloudfuzzer. - Medium CVE-2013-6666: Chrome allows requests in flash header request. Credit to netfuzzerr. - CVE-2013-6667: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2013-6668: Multiple vulnerabilities in V8 fixed in version 3.24.35.10 - High CVE-2013-6653: Use-after-free related to web contents. Credit to Khalil Zhani. - High CVE-2013-6654: Bad cast in SVG. Credit to TheShow3511. - High CVE-2013-6655: Use-after-free in layout. Credit to cloudfuzzer. - High CVE-2013-6656: Information leak in XSS auditor. Credit to NeexEmil. - Medium CVE-2013-6657: Information leak in XSS auditor. Credit to NeexEmil - Medium CVE-2013-6658: Use-after-free in layout. Credit to cloudfuzzer. - Medium CVE-2013-6659: Issue with certificates validation in TLS handshake. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco, Inria Paris. - Low CVE-2013-6660: Information leak in drag and drop. Credit to bishopjeffreys. - Low-High CVE-2013-6661: Various fixes from internal audits, fuzzing and other initiatives. Of these, seven are fixes for issues that could have allowed for sandbox escapes from compromised renderers. -- Giuseppe Iuculano Fri, 21 Mar 2014 17:20:44 +0100 chromium-browser (32.0.1700.123-4) unstable; urgency=medium * Remove polymer.js.min. -- Michael Gilbert Sun, 09 Mar 2014 22:30:14 +0000 chromium-browser (32.0.1700.123-3) unstable; urgency=medium * Remove a lot of sourceless files. * Suggest mozplugger (closes: #626400). * Use file's -E option (closes: #740476). * Capitalize Chromium in descriptions (closes: #632928, #715802). -- Michael Gilbert Sun, 16 Feb 2014 18:50:06 +0000 chromium-browser (32.0.1700.123-2) unstable; urgency=medium * Build with system libjs-jquery-flot. * Build chromedriver (closes: #725130). - Thanks to Vincent Bernat and Adrian Lang. -- Michael Gilbert Sun, 16 Feb 2014 02:32:18 +0000 chromium-browser (32.0.1700.123-1) unstable; urgency=medium * [a7cf72b] Refreshed Patches * [0da7fc2] Added libdrm-dev and libcap-dev in build-deps * New stable release: - High CVE-2013-6649: Use-after-free in SVG images. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6650: Memory corruption in V8. This issue was fixed in v8 version 3.22.24.16. Credit to Christian Holler. - High CVE-2013-6646: Use-after-free in web workers. Credit to Collin Payne. - High CVE-2013-6641: Use-after-free related to forms. Credit to Atte Kettunen of OUSPG. - High CVE-2013-6643: Unprompted sync with an attacker’s Google account. Credit to Joao Lucas Melo Brasio. - CVE-2013-6645 Use-after-free related to speech input elements. Credit to Khalil Zhani. - CVE-2013-6644: Various fixes from internal audits, fuzzing and other initiatives. -- Giuseppe Iuculano Thu, 13 Feb 2014 19:36:17 +0100 chromium-browser (31.0.1650.63-1) unstable; urgency=medium * New upstream stable release: - Medium CVE-2013-6634: Session fixation in sync related to 302 redirects. Credit to Andrey Labunets. - High CVE-2013-6635: Use-after-free in editing. Credit to cloudfuzzer. - Medium CVE-2013-6636: Address bar spoofing related to modal dialogs. Credit to Bas Venis. - CVE-2013-6637: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6638: Buffer overflow in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - High CVE-2013-6639: Out of bounds write in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. - Medium CVE-2013-6640: Out of bounds read in v8. This issue was fixed in v8 version 3.22.24.7. Credit to Jakob Kummerow of the Chromium project. -- Michael Gilbert Thu, 05 Dec 2013 14:05:22 +0000 chromium-browser (31.0.1650.57-1) unstable; urgency=medium * New upstream stable release: - Medium-Critical CVE-2013-2931: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-6621: Use after free related to speech input elements. Credit to Khalil Zhani. - High CVE-2013-6622: Use after free related to media elements. Credit to cloudfuzzer. - High CVE-2013-6623: Out of bounds read in SVG. Credit to miaubiz. - High CVE-2013-6624: Use after free related to “id” attribute strings. Credit to Jon Butler. - High CVE-2013-6625: Use after free in DOM ranges. Credit to cloudfuzzer. - Low CVE-2013-6626: Address bar spoofing related to interstitial warnings. Credit to Chamal de Silva. - High CVE-2013-6627: Out of bounds read in HTTP parsing. Credit to skylined. - Medium CVE-2013-6628: Issue with certificates not being checked during TLS renegotiation. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco of INRIA Paris. - Medium CVE-2013-6629: Read of uninitialized memory in libjpeg and libjpeg-turbo. Credit to Michal Zalewski of Google. - Medium CVE-2013-6630: Read of uninitialized memory in libjpeg-turbo. Credit to Michal Zalewski of Google. - High CVE-2013-6631: Use after free in libjingle. Credit to Patrik Höglund of the Chromium project. - Critical CVE-2013-6632: Multiple memory corruption issues. Credit to Pinkie Pie. * Disable promos by default (closes: #634101). * Set WANT_TESTS=0 if WANT_TESTS=1 fails (closes: #589654). * Maintain window ordering when new tabs are opened (closes: #725350). * Install chromium-inspector files to /usr/share instead of /usr/lib. * Don't remove third party libraries from the upstream tarball. * Remove non-default compression selections from debian/rules. * Build with breakpad crash reporting. * Fix some lintian warnings. -- Michael Gilbert Wed, 13 Nov 2013 07:44:55 +0000 chromium-browser (30.0.1599.101-3) unstable; urgency=medium * Fix sandbox installation path (closes: #728823). -- Michael Gilbert Thu, 07 Nov 2013 04:24:55 +0000 chromium-browser (30.0.1599.101-2) unstable; urgency=medium * Use system zlib. * Remove arm patches. * Update lintian overrides. * Remove an unsafe symlink. * Remove icu build dependency. * Support poststript printing (closes: #717722). * Use fonts-ipafont instead of ttf-kochi (closes: #725800). -- Michael Gilbert Sat, 02 Nov 2013 21:25:50 +0000 chromium-browser (30.0.1599.101-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable release: - High CVE-2013-2925: Use after free in XHR. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2926: Use after free in editing. Credit to cloudfuzzer. - High CVE-2013-2927: Use after free in forms. Credit to cloudfuzzer. - CVE-2013-2928: Various fixes from internal audits, fuzzing and other initiatives. - Medium CVE-2013-2906: Races in Web Audio. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2907: Out of bounds read in Window.prototype object. Credit to Boris Zbarsky. - Medium CVE-2013-2908: Address bar spoofing related to the "204 No Content" status code. Credit to Chamal de Silva. - High CVE-2013-2909: Use after free in inline-block rendering. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-2910: Use-after-free in Web Audio. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2911: Use-after-free in XSLT. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2912: Use-after-free in PPAPI. Credit to Chamal de Silva and 41.w4r10r(at)garage4hackers.com. - High CVE-2013-2913: Use-after-free in XML document parsing. Credit to cloudfuzzer. - High CVE-2013-2914: Use after free in the Windows color chooser dialog. Credit to Khalil Zhani. - Low CVE-2013-2915: Address bar spoofing via a malformed scheme. Credit to Wander Groeneveld. - High CVE-2013-2916: Address bar spoofing related to the "204 No Content” status code. Credit to Masato Kinugawa. - Medium CVE-2013-2917: Out of bounds read in Web Audio. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2918: Use-after-free in DOM. Credit to Byoungyoung Lee of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2919: Memory corruption in V8. Credit to Adam Haile of Concrete Data. - Medium CVE-2013-2920: Out of bounds read in URL parsing. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2921: Use-after-free in resource loader. Credit to Byoungyoung Lee and Tielei Wang of Georgia Tech Information Security Center (GTISC). - High CVE-2013-2922: Use-after-free in template element. Credit to Jon Butler. - CVE-2013-2923: Various fixes from internal audits, fuzzing and other initiatives (Chrome 30). - Medium CVE-2013-2924: Use-after-free in ICU. Upstream bug here. * [6651f1c] Added chrpath to build-depends * [3c88b20] Refreshed Patches for version 30 * [743a0a6] Make default of third-party cookies the most secure for users. Thanks to Chad Miller * [9507f07] Do not install remoting_locales/en-US.pak * [64b895b] Move chrome_sandbox to chrome-sandbox, chromium reads that file [ Shawn Landden ] * [6d027f1] rules: dpkg compresses .deb files with xz by default now [ Michael Gilbert ] * [18341ce] add some TODO tasks -- Giuseppe Iuculano Mon, 21 Oct 2013 13:06:14 +0200 chromium-browser (29.0.1547.57-3) unstable; urgency=medium * Drop transitional packages (closes: #684369). * Fix another copyright file syntax error. * Remove libav build dependencies. * Fix lintian override syntax. * Fix version control URL. * Use system vpx. -- Michael Gilbert Tue, 27 Aug 2013 01:01:35 +0000 chromium-browser (29.0.1547.57-2) unstable; urgency=medium * Mark chromium-inspector as multi-arch: foreign (closes: #695229). * Use system libpng (closes: #699918). * Fix copyright file syntax error. * Drop implicit g++ dependency. * Add some lintian overrides. * Update my email address. * Remove unsafe symlink. -- Michael Gilbert Sun, 25 Aug 2013 02:15:35 +0000 chromium-browser (29.0.1547.57-1) unstable; urgency=medium [ Michael Gilbert ] * New upstream stable release: - High CVE-2013-2900: Incomplete path sanitization in file handling. Credit to Krystian Bigaj. - Low CVE-2013-2905: Information leak via overly broad permissions on shared memory files. Credit to Christian Jaeger. - High CVE-2013-2901: Integer overflow in ANGLE. Credit to Alex Chapman. - High CVE-2013-2902: Use after free in XSLT. Credit to cloudfuzzer. - High CVE-2013-2903: Use after free in media element. Credit to cloudfuzzer. - High CVE-2013-2904: Use after free in document parsing. Credit to cloudfuzzer. - CVE-2013-2887: Various fixes from internal audits, fuzzing and other initiatives (Chrome 29). * Remove unused webkit layout tests (closes: 720446). * Use source package name for get-orig-source rule. * Remove gfdl documentation (closes: #708860). * Build-depend on git. [ Shawn Landden ] * New standards version. * Use canonical VCS url. * Always use system includes rather than ones of a chroot. -- Michael Gilbert Sat, 24 Aug 2013 20:14:52 +0000 chromium-browser (28.0.1500.95-3) unstable; urgency=medium * Fix placement of -fuse-ld=gold in ldflags. -- Michael Gilbert Thu, 01 Aug 2013 16:38:05 +0000 chromium-browser (28.0.1500.95-2) unstable; urgency=medium * Use -fuse-ld=gold instead of binutils-gold. * Drop libv8-dev build-dependency. -- Michael Gilbert Wed, 31 Jul 2013 20:22:33 +0000 chromium-browser (28.0.1500.95-1) unstable; urgency=medium * New upstream stable release: - Medium CVE-2013-2881: Origin bypass in frame handling. Credit to Karthik Bhargavan. - High CVE-2013-2882: Type confusion in V8. Credit to Cloudfuzzer. - High CVE-2013-2883: Use-after-free in MutationObserver. Credit to Cloudfuzzer. - High CVE-2013-2884: Use-after-free in DOM. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2885: Use-after-free in input handling. Credit to Ivan Fratric of Google Security Team. - High CVE-2013-2886: Various fixes from internal audits, fuzzing and other initiatives. -- Michael Gilbert Tue, 30 Jul 2013 20:34:19 +0000 chromium-browser (28.0.1500.71-2) unstable; urgency=medium * Disable armhf. * Remove outdated patches. * Eliminate special handling for old compiler versions. -- Michael Gilbert Mon, 15 Jul 2013 18:40:47 +0000 chromium-browser (28.0.1500.71-1) unstable; urgency=medium [ Michael Gilbert ] * New upstream stable release: - Low CVE-2013-2867: Block pop-unders in various scenarios. - High CVE-2013-2879: Confusion setting up sign-in and sync. Credit to Andrey Labunets. - Medium CVE-2013-2868: Incorrect sync of NPAPI extension component. Credit to Andrey Labunets. - Medium CVE-2013-2869: Out-of-bounds read in JPEG2000 handling. Credit to Felix Groebert of Google Security Team. - Critical CVE-2013-2870: Use-after-free with network sockets. Credit to Collin Payne. - Medium CVE-2013-2853: Man-in-the-middle attack against HTTP in SSL. Credit to Antoine Delignat-Lavaud and Karthikeyan Bhargavan from Prosecco at INRIA Paris. - High CVE-2013-2871: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2873: Use-after-free in resource loading. Credit to miaubiz. - Medium CVE-2013-2875: Out-of-bounds-read in SVG. Credit to miaubiz. - Medium CVE-2013-2876: Extensions permissions confusion with interstitials. Credit to Dev Akhawe. - Low CVE-2013-2877: Out-of-bounds read in XML parsing. Credit to Aki Helin of OUSPG. - None: Remove the “viewsource” attribute on iframes. Credit to Collin Jackson. - Medium CVE-2013-2878: Out-of-bounds read in text handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2880: Various fixes from internal audits, fuzzing and other initiatives. Credit to Chrome 28 team. * Install mksnapshot. [ Shawn Landden ] * Enable armhf. * Build with system libwebp when version >= 0.3.0. -- Michael Gilbert Fri, 12 Jul 2013 15:19:18 +0000 chromium-browser (27.0.1453.110-2) unstable; urgency=low [ Michael Gilbert ] * Use default gcc. * Enable verbose build. * Support gcc 4.8 (closes: #701256). * Disable pie hardening flag due to ffmpeg linking issue. [ Giuseppe Iuculano ] * Remove hardening-wrapper and switch to dpkg-buildflags. -- Michael Gilbert Sun, 07 Jul 2013 20:06:05 +0000 chromium-browser (27.0.1453.110-1) unstable; urgency=low * New stable release: - Medium CVE-2013-2855: Memory corruption in dev tools API. Credit to "daniel.zulla". - High CVE-2013-2856: Use-after-free in input handling. Credit to miaubiz. - High CVE-2013-2857: Use-after-free in image handling. Credit to miaubiz. - High CVE-2013-2858: Use-after-free in HTML5 Audio. Credit to "cdel921". - High CVE-2013-2859: Cross-origin namespace pollution. Credit to "bobbyholley". - High CVE-2013-2860: Use-after-free with workers accessing database APIs. Credit to Collin Payne. - High CVE-2013-2861: Use-after-free with SVG. Credit to miaubiz. - High CVE-2013-2862: Memory corruption in Skia GPU handling. Credit to Atte Kettunen of OUSPG. - Critical CVE-2013-2863: Memory corruption in SSL socket handling. Credit to Sebastien Marchand of the Chromium development community. - High CVE-2013-2864: Bad free in PDF viewer. Credit to Mateusz Jurczyk, with contributions by Gynvael Coldwind, both from Google Security Team. - High CVE-2013-2865: Various fixes from internal audits, fuzzing and other initiatives. -- Giuseppe Iuculano Wed, 05 Jun 2013 17:00:28 +0200 chromium-browser (27.0.1453.93-1) unstable; urgency=low * New stable release: - High CVE-2013-2837: Use-after-free in SVG. Credit to Sławomir Błażek. - Medium CVE-2013-2838: Out-of-bounds read in v8. Credit to Christian Holler. - High CVE-2013-2839: Bad cast in clipboard handling. Credit to Jon of MWR InfoSecurity. - High CVE-2013-2840: Use-after-free in media loader. Credit to Nils of MWR InfoSecurity. - High CVE-2013-2841: Use-after-free in Pepper resource handling. Credit to Chamal de Silva. - High CVE-2013-2842: Use-after-free in widget handling. Credit to Cyril Cattiaux. - High CVE-2013-2843: Use-after-free in speech handling. Credit to Khalil Zhani. - High CVE-2013-2844: Use-after-free in style resolution. Credit to Sachin Shinde (@cons0ul). - High CVE-2013-2845: Memory safety issues in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-2846: Use-after-free in media loader. Credit to Chamal de Silva. - High CVE-2013-2847: Use-after-free race condition with workers. Credit to Collin Payne. - Medium CVE-2013-2848: Possible data extraction with XSS Auditor. Credit to Egor Homakov. - Low CVE-2013-2849: Possible XSS with drag+drop or copy+paste. Credit to Mario Heiderich. -- Michael Gilbert Wed, 22 May 2013 03:03:49 +0000 chromium-browser (26.0.1410.43-1) unstable; urgency=medium * New stable release: - High CVE-2013-0916: Use-after-free in Web Audio. Credit to Atte Kettunen of OUSPG. - Low CVE-2013-0917: Out-of-bounds read in URL loader. Credit to Google Chrome Security Team (Cris Neckar). - Low CVE-2013-0918: Do not navigate dev tools upon drag and drop. Credit to Vsevolod Vlasov of the Chromium development community. - Medium CVE-2013-0919: Use-after-free with pop-up windows in extensions. Credit to Google Chrome Security Team (Mustafa Emre Acer). - Medium CVE-2013-0920: Use-after-free in extension bookmarks API. Credit to Google Chrome Security Team (Mustafa Emre Acer). - High CVE-2013-0921: Ensure isolated web sites run in their own processes. - Low CVE-2013-0922: Avoid HTTP basic auth brute force attempts. Credit to “t3553r”. - Medium CVE-2013-0923: Memory safety issues in the USB Apps API. Credit to Google Chrome Security Team (Mustafa Emre Acer). - Low CVE-2013-0924: Check an extension’s permissions API usage again file permissions. Credit to Benjamin Kalman of the Chromium development community. - Low CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. Credit to Michael Vrable of Google. - Medium CVE-2013-0926: Avoid pasting active tags in certain situations. Credit to Subho Halder, Aditya Gupta, and Dev Kar of xys3c. * Use embedded libvpx for vp9 support, which chromium now requires. * Add libspeechd-dev build-dependency. * Disable breakpad crash reporting. -- Michael Gilbert Sat, 30 Mar 2013 14:44:33 +0000 chromium-browser (25.0.1364.160-1) unstable; urgency=high * New stable security release: - High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs. -- Michael Gilbert Fri, 08 Mar 2013 03:46:20 +0000 chromium-browser (25.0.1364.152-1) unstable; urgency=high * [8761d73] Remove armel and armhf. We cannot support them in wheezy * New stable security release: - High CVE-2013-0902: Use-after-free in frame loader. Credit to Chamal de Silva. - High CVE-2013-0903: Use-after-free in browser navigation handling. Credit to "chromium.khalil". - High CVE-2013-0904: Memory corruption in Web Audio. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0905: Use-after-free with SVG animations. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0906: Memory corruption in Indexed DB. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0907: Race condition in media thread handling. Credit to Andrew Scherkus of the Chromium development community. - Medium CVE-2013-0908: Incorrect handling of bindings for extension processes. - Low CVE-2013-0909: Referer leakage with XSS Auditor. Credit to Egor Homakov. - Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2013-0911: Possible path traversal in database handling. Credit to Google Chrome Security Team (Jüri Aedla). -- Giuseppe Iuculano Tue, 05 Mar 2013 11:14:34 +0100 chromium-browser (25.0.1364.97-1) unstable; urgency=low * New stable release: - High CVE-2013-0879: Memory corruption with web audio node. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0880: Use-after-free in database handling. Credit to Chamal de Silva. - Medium CVE-2013-0881: Bad read in Matroska handling. Credit to Atte Kettunen of OUSPG. - High CVE-2013-0882: Bad memory access with excessive SVG parameters. Credit to Renata Hodovan. - Medium CVE-2013-0883: Bad read in Skia. Credit to Atte Kettunen of OUSPG. - Low CVE-2013-0884: Inappropriate load of NaCl. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0885: Too many API permissions granted to web store. - Low CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - Medium CVE-2013-0888: Out-of-bounds read in Skia. Credit to Google Chrome Security Team (Inferno). - Low CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - High CVE-2013-0890: Memory safety issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2013-0891: Integer overflow in blob handling. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0892: Lower severity issues across the IPC layer. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0893: Race condition in media handling. Credit to Andrew Scherkus of the Chromium development community. - High CVE-2013-0894: Buffer overflow in vorbis decoding. Credit to Google Chrome Security Team (Inferno). - High CVE-2013-0895: Incorrect path handling in file copying. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2013-0896: Memory management issues in plug-in message handling. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2013-0898: Use-after-free in URL handling. Credit to Alexander Potapenko of the Chromium development community. - Low CVE-2013-0899: Integer overflow in Opus handling. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno). * [a5f15ae] Added libpci-dev to B-depends * [ace2b7a] Refreshed patches * [32c84fa] Install remoting_locales * [f868804] Do not enable NEON on ARM, thanks Ubuntu. * [d1a3e36] Ignore stamp files in missing checks -- Giuseppe Iuculano Sat, 23 Feb 2013 11:45:07 +0100 chromium-browser (24.0.1312.68-1) unstable; urgency=high * New stable release: - High CVE-2013-0839: Use-after-free in canvas font handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2013-0840: Missing URL validation when opening new windows. - High CVE-2013-0841: Unchecked array index in content blocking. Credit to Google Chrome Security Team (Chris Evans). - Medium CVE-2013-0842: Problems with NULL characters embedded in paths. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of OUSPG. - High CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to Erling A Ellingsen and Subodh Iyengar, both of Facebook. - High CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez. - Medium CVE-2012-5148: Missing filename sanitization in hyphenation support. Credit to Google Chrome Security Team (Justin Schuh). - High CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google Security Team. - Medium CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas Rossberg of the Chromium development community. - High CVE-2013-0829: Corruption of database metadata leading to incorrect file access. Credit to Google Chrome Security Team (Jüri Aedla). - Low CVE-2013-0831: Possible path traversal from extension process. Credit to Google Chrome Security Team (Tom Sepez). - [160380] Medium CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google Chrome Security Team (Cris Neckar). - Low CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis. - High CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome Security Team (Cris Neckar). - Medium CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen. - Low CVE-2013-0838: Tighten permissions on shared memory segments. Credit to Google Chrome Security Team (Chris Palmer). - High CVE-2012-5139: Use-after-free with visibility events. Credit to Chamal de Silva. - High CVE-2012-5140: Use-after-free in URL loader. Credit to Chamal de Silva. - Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation. Credit to Google Chrome Security Team (Jüri Aedla). - Critical CVE-2012-5142: Crash in history navigation. Credit to Michal Zalewski of Google Security Team. - Medium CVE-2012-5143: Integer overflow in PPAPI image buffers. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-5144: Stack corruption in AAC decoding. Credit to pawlkt. - High CVE-2012-5138: Incorrect file path handling. Credit to Google Chrome Security Team (Jüri Aedla). - High CVE-2012-5137: Use-after-free in media source handling. Credit to Pinkie Pie. - High CVE-2012-5133: Use-after-free in SVG filters. Credit to miaubiz. - Medium CVE-2012-5130: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. - Low CVE-2012-5132: Browser crash with chunked encoding. Credit to Attila Szász. - High CVE-2012-5134: Buffer underflow in libxml. Credit to Google Chrome Security Team (Jüri Aedla). - Medium CVE-2012-5135: Use-after-free with printing. Credit to Fermin Serna of Google Security Team. - Medium CVE-2012-5136: Bad cast in input element handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. Credit to Phil Turnbull. - [Linux 64-bit only] Medium CVE-2012-5120: Out-of-bounds array access in v8. Credit to Atte Kettunen of OUSPG. - High CVE-2012-5116: Use-after-free in SVG filter handling. Credit to miaubiz. - High CVE-2012-5121: Use-after-free in video layout. Credit to Atte Kettunen of OUSPG. - Low CVE-2012-5117: Inappropriate load of SVG subresource in img context. Credit to Felix Gröbert of the Google Security Team. - Medium CVE-2012-5119: Race condition in Pepper buffer handling. Credit to Fermin Serna of the Google Security Team. - Medium CVE-2012-5122: Bad cast in input handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-5123: Out-of-bounds reads in Skia. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5124: Memory corruption in texture handling. Credit to Al Patrick of the Chromium development community. - Medium CVE-2012-5125: Use-after-free in extension tab handling. Credit to Alexander Potapenko of the Chromium development community. - Medium CVE-2012-5126: Use-after-free in plug-in placeholder handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-5128: Bad write in v8. Credit to Google Chrome Security Team (Cris Neckar). * [574d76c] Override the lintian flag: embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec * [3105012] Updated changelog * [ac9c032] Use explicit library dependencies instead of dlopen * [1ad217c] Fixed CHANNELS_URL * [7c2d359] Drop SCM revision from the version * [ca31c0c] Install all chromium libs * [167aea7] Use internal copy of libpng. This is necessary because with system libpng render process is consuming 100% CPU (see http://code.google.com/p/chromium/issues/detail?id=174603) * [8742d82] debian/patches/pulse_ftbfs.patch: Fix FTBFS * [9e76ec7] Refreshed patches * [1c6f4c3] Use Debian api key * [cdf5c74] Refreshed patches * [ad9480c] Remove useless embedded copy of documentation from source containing non DFSG-compliant material: - src/native_client/toolchain/linux_x86/info - src/native_client/toolchain/linux_x86/man - src/native_client/toolchain/linux_x86/share/info - src/native_client/toolchain/linux_x86/x86_64-nacl/share/info - src/native_client/toolchain/linux_x86_newlib/info - src/native_client/toolchain/linux_x86_newlib/man - src/native_client/toolchain/linux_x86_newlib/share/info (Closes: #695703) * [31ea388] Fixed Homepage field. Thanks to Dmitry Shachnev (Closes: #686561) * [d509e07] Override the lintian flag: embedded-library usr/lib/chromium/chromium: libpng -- Giuseppe Iuculano Wed, 06 Feb 2013 15:34:17 +0100 chromium-browser (22.0.1229.94~r161065-3) unstable; urgency=medium * Use system vpx library again (resolves armel build failures). -- Michael Gilbert Sun, 28 Oct 2012 00:55:58 -0400 chromium-browser (22.0.1229.94~r161065-2) unstable; urgency=medium * [574d76c] Override the lintian flag: embedded-library usr/lib/chromium/libffmpegsumo.so: libavcodec -- Giuseppe Iuculano Tue, 23 Oct 2012 17:51:56 +0200 chromium-browser (22.0.1229.94~r161065-1) unstable; urgency=medium * New stable release: - High CVE-2012-2889: UXSS in frame handling. Credit to Sergey Glazunov. - High CVE-2012-2886: UXSS in v8 bindings. Credit to Sergey Glazunov. - High CVE-2012-2881: DOM tree corruption with plug-ins. Credit to Chamal de Silva. - High CVE-2012-2876: Buffer overflow in SSE2 optimizations. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2883: Out-of-bounds write in Skia. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2887: Use-after-free in onclick handling. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2888: Use-after-free in SVG text references. Credit to miaubiz. - High CVE-2012-2894: Crash in graphics context handling. Credit to Sławomir Błażek. - Medium CVE-2012-2877: Browser crash with extensions and modal dialogs. Credit to Nir Moshe. - Low CVE-2012-2879: DOM topology corruption. Credit to pawlkt. - Medium CVE-2012-2884: Out-of-bounds read in Skia. Credit to Atte Kettunen of OUSPG. - High CVE-2012-2874: Out-of-bounds write in Skia. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-2878: Use-after-free in plug-in handling. Credit to Fermin Serna of Google Security Team. - Medium CVE-2012-2880: Race condition in plug-in paint buffer. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-2882: Wild pointer in OGG container handling. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2012-2885: Possible double free on exit. Credit to the Chromium development community. - Low CVE-2012-2891: Address leak over IPC. Credit to Lei Zhang of the Chromium development community. - Low CVE-2012-2892: Pop-up block bypass. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-2893: Double free in XSL transforms. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2012-2900: Crash in Skia text rendering. Credit to Atte Kettunen of OUSPG. - Critical CVE-2012-5108: Race condition in audio device handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-5109: OOB read in ICU regex. Credit to Arthur Gerkis. - Medium CVE-2012-5110: Out-of-bounds read in compositor. Credit to Google Chrome Security Team (Inferno). - Low CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins. Credit to Google Chrome Security Team (Chris Evans). - Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie. * [3de18b6] Use zlib internal copy. This is necessary due to the CRIME work around. We can use the system zlib when chrome will remove SPDY 2/3 support. * [3b9811a] Updated patches * [152902d] Install libvpx_obj_int_extract -- Giuseppe Iuculano Mon, 01 Oct 2012 15:22:27 +0200 chromium-browser (21.0.1180.89~r154005-1) unstable; urgency=high * New stable security release: - Medium CVE-2012-2865: Out-of-bounds read in line breaking. Credit to miaubiz. - High CVE-2012-2866: Bad cast with run-ins. Credit to miaubiz. - Low CVE-2012-2867: Browser crash with SPDY. - Medium CVE-2012-2868: Race condition with workers and XHR. Credit to miaubiz. - High CVE-2012-2869: Avoid stale buffer in URL loading. Credit to Fermin Serna of the Google Security Team. - Low CVE-2012-2870: Lower severity memory management issues in XPath. Credit to Nicolas Gregoire. - High CVE-2012-2871: Bad cast in XSL transforms. Credit to Nicolas Gregoire. - Medium CVE-2012-2872: XSS in SSL interstitial. Credit to Emmanuel Bronshtein. -- Giuseppe Iuculano Fri, 31 Aug 2012 11:24:58 +0200 chromium-browser (21.0.1180.75~r150248-1) unstable; urgency=medium [ Shawn Landden ] * [b7c6ba3] update changelog to record changes in last upload * [3c6a149] master_prefs: don't go straight to internet, don't prompt to change default browser * [e441276] initial_bookmarks.html: add Debian support page * [2bb621a] compress source tarball as xz (Closes: #676774) [ Giuseppe Iuculano ] * New stable minor release fixing the following issues: - REGRESSION: Rendering difference in Chrome 21 and 22 that affected on Persian Wikipedia - Some known crashes - Audio objects are not "switched" immediately - Print and Print Preview ignore paper size default in printer config - Candidate windows is shown in wrong place in Retina display - more of the choppy and distorted audio issues - Japanese characters showing in Chinese font - Sync invalidation notification broken after restart -- Giuseppe Iuculano Fri, 10 Aug 2012 17:31:57 +0200 chromium-browser (21.0.1180.57~r148591-1) unstable; urgency=medium [ Giuseppe Iuculano ] * [fd04758] Install demo extension * New upstream stable release: - Medium CVE-2012-2846: Cross-process interference in renderers. Credit to Google Chrome Security Team (Julien Tinnes). - Low CVE-2012-2847: Missing re-prompt to user upon excessive downloads. Credit to Matt Austin of Aspect Security. - Medium CVE-2012-2848: Overly broad file access granted after drag+drop. Credit to Matt Austin of Aspect Security. - Low CVE-2012-2849: Off-by-one read in GIF decoder. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-2853: webRequest can interfere with the Chrome Web Store. Credit to Trev of Adblock. - Low CVE-2012-2854: Leak of pointer values to WebUI renderers. Credit to Nasko Oskov of the Chromium development community. - High CVE-2012-2855: Use-after-free in PDF viewer. Credit to Mateusz Jurczyk of Google Security Team, with contributions by Gynvael Coldwind of Google Security Team. - High CVE-2012-2857: Use-after-free in CSS DOM. Credit to - Arthur Gerkis. - High CVE-2012-2858: Buffer overflow in WebP decoder. Credit to Jüri Aedla. - Critical CVE-2012-2859: Crash in tab handling. Credit to Jeff Roberts of Google Security Team. - Medium CVE-2012-2860: Out-of-bounds access when clicking in date picker. Credit to Chamal de Silva. [ Shawn Landden ] * [0d2e43a9] Switch to xz/lzma2 compression for debs. (from lzma) * [e3e9a801] replace incorrect prefs.patch with patch from OpenSUSE * [faed2b9e] /etc/chromium/master_preferences: don't bug user for Google account. -- Giuseppe Iuculano Tue, 07 Aug 2012 10:55:17 +0200 chromium-browser (20.0.1132.57~r145807-1) unstable; urgency=medium [ Michael Gilbert ] * New ustream stable security release: - [129898] High CVE-2012-2842: Use-after-free in counter handling. Credit to miaubiz. - [130595] High CVE-2012-2843: Use-after-free in layout height tracking. Credit to miaubiz. - [133450] High CVE-2012-2844: Bad object access with JavaScript in PDF. Credit to Alexey Samsonov of Google. [ Shawn Landden ] * Revert "Do not use binutils-gold in armel and armhf". * Update vpx patch to use system headers (Closes: #674728). * Fixup skia fixup for Fri, 13 Jul 2012 15:31:11 -0400 chromium-browser (20.0.1132.43~r143823-1) unstable; urgency=high * New stable release - Low CVE-2012-2815: Leak of iframe fragment id. Credit to Elie Bursztein of Google. - High CVE-2012-2817: Use-after-free in table section handling. Credit to miaubiz. - High CVE-2012-2818: Use-after-free in counter layout. Credit to miaubiz. - High CVE-2012-2819: Crash in texture handling. Credit to Ken "gets" Russell of the Chromium development community. - Medium CVE-2012-2820: Out-of-bounds read in SVG filter handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2012-2821: Autofill display problem. Credit to "simonbrown60" - High CVE-2012-2823: Use-after-free in SVG resource handling. Credit to miaubiz. - High CVE-2012-2824: Use-after-free in SVG painting. Credit to miaubiz. - Medium CVE-2012-2826: Out-of-bounds read in texture conversion. Credit to Google Chrome Security Team (Inferno). - High CVE-2012-2829: Use-after-free in first-letter handling. Credit to miaubiz. - High CVE-2012-2830: Wild pointer in array value setting. Credit to miaubiz. - [130356] High CVE-2012-2831: Use-after-free in SVG reference handling. Credit to miaubiz. - High CVE-2012-2834: Integer overflow in Matroska container. Credit to Jüri Aedla. -- Giuseppe Iuculano Sat, 30 Jun 2012 14:33:40 +0200 chromium-browser (20.0.1132.41~r143299-1) unstable; urgency=medium * [98cf55e] Do not use binutils-gold in armel and armhf * New beta release -- Giuseppe Iuculano Fri, 22 Jun 2012 16:41:48 +0200 chromium-browser (20.0.1132.34~r141824-1) unstable; urgency=low * [29f002e] Add -DUSE_EABI_HARDFLOAT in gyp defines for armhf * [3a003ca] Added some armel and armhf patches. Thanks to Shawn * [2f15044] Search te correct icon when minimised. Thanks to Jonathan Nieder (Closes: #651455) -- Giuseppe Iuculano Wed, 20 Jun 2012 19:05:50 +0200 chromium-browser (20.0.1132.27~r140692-2) unstable; urgency=low * [c0e9499] Improved sqlite patch. Thanks to Andrew Chant (Closes: #676636) * [62d276b] Backported: Use 32-byte alignment in AudioArray if using WEBAUDIO_FFMPEG https://bugs.webkit.org/show_bug.cgi?id=87430 * [1183b6a] Added -DUSE_EABI_HARDFLOAT for armhf -- Giuseppe Iuculano Wed, 13 Jun 2012 13:21:26 +0200 chromium-browser (20.0.1132.27~r140692-1) unstable; urgency=low * New beta release. * [e2adf90] Applied sqlite patch and fixed omnibox crash (Closes: #676636) * [69cc508] Define arm_float_abi=soft for armel and arm_float_abi=hard for armhf -- Giuseppe Iuculano Mon, 11 Jun 2012 17:54:51 +0200 chromium-browser (20.0.1132.21~r139451-3) unstable; urgency=low * Upload to unstable. -- Giuseppe Iuculano Wed, 06 Jun 2012 10:29:58 +0200 chromium-browser (20.0.1132.21~r139451-2) experimental; urgency=low * [1de8e21] Build depends on binutils-gold also in armel and armhf * [5890c9b] Do not use third_party/gold as the linker. (Closes: #675563) * [e883861] Strip third_party/gold from upstream tarball. Thanks to Andrew Chant * [c9ac368] Use gcc 4.7 * [7f1ad3e] link against libgnome-keyring instead of using dlopen() * [57f6712] Added gcc 4.7 patch * [2be55e4] Use GConf and GIO -- Giuseppe Iuculano Sun, 03 Jun 2012 17:01:46 +0200 chromium-browser (20.0.1132.21~r139451-1) experimental; urgency=low [ Jonathan Nieder ] * [70fc5ec] Refresh patches and add descriptions [ Giuseppe Iuculano ] * [8cb8e89] Use gcc 4.6 for the moment (Closes: #671994) [ Jonathan Nieder ] * [cd6baae] Build-Depends: g++-4.6 * [09908a2] Remove workaround for bug #651912, which seems to have been fixed in libnspr (Closes: #661948) * [58d631d] Remove hardcoded versioned dependency on libnss3-1d * [c9e2e81] Require nspr4 >= 2:4.9-2 (Closes: #651912) [ Giuseppe Iuculano ] * [150b326] Added libssl-dev in B-depends * [88ff66a] Refreshed patches * [7e7de0c] Disable tcmalloc, use internal copy of ffmpeg and libv8 * [ca0f508] Updated patches * [1343b0c] Fixed floating point exception in protobuf internal copy. Thanks to Andrew Chant * [2b62b38] Disable protobuf patch * [cae4c9c] updated vpx patch * [7233f03] Start to fix build issues with gcc 4.7 * [b4e5b1d] Fix FTBFS when compiling with pulseaudio support * [235e171] install all .pak files -- Giuseppe Iuculano Fri, 01 Jun 2012 15:36:07 +0200 chromium-browser (18.0.1025.168~r134367-1) unstable; urgency=low * New stable release: - High CVE-2011-3078: Use after free in floats handling. Credit to Google Chrome Security Team (Marty Barbella) and independent later discovery by miaubiz. - High CVE-2012-1521: Use after free in xml parser. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by wushi of team509 reported through iDefense VCP (V-874rcfpq7z). - Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie. - Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to Willem Pinckaers of Matasano. - High CVE-2011-3081: Use after free in floats handling. Credit to miaubiz -- Giuseppe Iuculano Wed, 02 May 2012 09:30:45 +0200 chromium-browser (18.0.1025.151~r130497-1) unstable; urgency=medium * new stable release: - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz. - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined). - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528). - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov. - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis. - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek. - [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz. - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz. - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno). * [85dfed9] build-depend on libglewmx-dev instead of versioned libglewmx1.5-dev * medium urgency for security fixes -- Michael Gilbert Thu, 05 Apr 2012 16:43:11 -0400 chromium-browser (18.0.1025.142~r129054-1) unstable; urgency=low * New stable release: - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in EUC-JP. Credit to Masato Kinugawa. - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling. Credit to Arthur Gerkis. - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment handling. Credit to miaubiz. - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error. Credit to Leonidas Kontothanassis of Google. - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to Mateusz Jurczyk of the Google Security Team. - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and scarybeasts (Google Chrome Security Team). - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to Atte Kettunen of OUSPG. - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair. - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian Holler. * [19c4b51] include glib.h directly (closes: #666640) * [d6e7094] remove .tmp files on clean * [fd014ca] fix pulseaudio messageloop comparisons * [6984cf7] build-depend on svn (required for upstream depot_tools checkout) * [aae52af] refresh patches * [102f9b7] depend on libv8 >= 3.8 * [bbd5511] build-depend on libudev-dev -- Michael Gilbert Sun, 01 Apr 2012 20:02:53 -0400 chromium-browser (17.0.963.83~r127885-1) unstable; urgency=high * New stable release: - CVE-2011-3050: Use-after-free with first-letter handling. Credit to miaubiz. - CVE-2011-3051: Use-after-free in CSS cross-fade handling. Credit to Arthur Gerkis. - CVE-2011-3052: Memory corruption in WebGL canvas handling. Credit to Ben Vanik of Google. - CVE-2011-3053: Use-after-free in block splitting. Credit to miaubiz. - Low CVE-2011-3054: Apply additional isolations to webui privileges. Credit to Sergey Glazunov. - CVE-2011-3055: Prompt in the browser native UI for unpacked extension installation. Credit to PinkiePie. - High CVE-2011-3056: Cross-origin violation with "magic iframe". Credit to Sergey Glazunov. - Low CVE-2011-3049: Extension web request API can interfere with system requests. Credit to Michael Gundlach. - CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie. -- Giuseppe Iuculano Fri, 23 Mar 2012 09:45:08 +0100 chromium-browser (17.0.963.78~r125577-1) unstable; urgency=high * New stable release fixed issue found at Google's Pwnium competition: - CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov. -- Giuseppe Iuculano Thu, 08 Mar 2012 23:41:39 +0100 chromium-browser (17.0.963.66~r124982-1) unstable; urgency=high [ Jonathan Nieder ] * [78437ab] Depend on libpng-dev instead of libpng12-dev at build time (Closes: #662287) [ Giuseppe Iuculano ] * New stable release: - High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit to Chamal de Silva. - High CVE-2011-3032: Use-after-free in SVG value handling. Credit to Arthur Gerkis. - High CVE-2011-3033: Buffer overflow in the Skia drawing library. Credit to Aki Helin of OUSPG. - High CVE-2011-3034: Use-after-free in SVG document handling. Credit to Arthur Gerkis. - High CVE-2011-3035: Use-after-free in SVG use handling. Credit to Arthur Gerkis. - High CVE-2011-3036: Bad cast in line box handling. Credit to miaubiz. - High CVE-2011-3037: Bad casts in anonymous block splitting. Credit to miaubiz. - High CVE-2011-3038: Use-after-free in multi-column handling. Credit to miaubiz. - High CVE-2011-3039: Use-after-free in quote handling. Credit to miaubiz. - Medium CVE-2011-3040: Out-of-bounds read in text handling. Credit to miaubiz. - High CVE-2011-3041: Use-after-free in class attribute handling. Credit to miaubiz. - High CVE-2011-3042: Use-after-free in table section handling. Credit to miaubiz. - High CVE-2011-3043: Use-after-free in flexbox with floats. Credit to miaubiz. - High CVE-2011-3044: Use-after-free with SVG animation elements. Credit to Arthur Gerkis. -- Giuseppe Iuculano Wed, 07 Mar 2012 17:21:51 +0100 chromium-browser (17.0.963.56~r121963-1) unstable; urgency=high [ Michael Gilbert ] * [5c3bb1e] remove duplicate dependency on libgconf2-dev * [a978400] exclude .git directories from upstream tarball * [d29d859] add descriptions to patches * [52af88b] update debian/copyright field to adhere to latest DEP5 specification * [f3b7ba9] update patches for chromium 17 * [4634823] install content_resources.pak * [e7883c9] depend on libv8 >= 3.7 * [dd4fe7d] use pulseaudio [ Giuseppe Iuculano ] * [826649a] Fix FTBFS on armel and added armhf. Thanks to Riku Voipio (Closes: #632119) * [e9ac7ab] Link against system vpx (Closes: #642760) * [b88a849] Remove ardcoded dependency on libvpx0 (Closes: #660159) * [9dec8df] Updated patches * New stable release: - Medium CVE-2011-3016: Read-after-free with counter nodes. Credit to miaubiz. - High CVE-2011-3017: Possible use-after-free in database handling. Credit to miaubiz. - High CVE-2011-3018: Heap overflow in path rendering. Credit to Aki Helin of OUSPG. - High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk / Gynvael Coldwind of the Google Security Team. - Medium CVE-2011-3020: Native client validator error. Credit to Nick Bray of the Chromium development community. - High CVE-2011-3021: Use-after-free in subframe loading. Credit to Arthur Gerkis. - Medium CVE-2011-3022: Inappropriate use of http for translation script. Credit to Google Chrome Security Team (Jorge Obes). - Medium CVE-2011-3023: Use-after-free with drag and drop. Credit to pa_kt. - Low CVE-2011-3024: Browser crash with empty x509 certificate. Credit to chrometot. - Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit to Sławomir Błażek. - High CVE-2011-3026: Integer overflow / truncation in libpng. Credit to Jüri Aedla. - High CVE-2011-3027: Bad cast in column handling. Credit to miaubiz - Low CVE-2011-3953: Avoid clipboard monitoring after paste event. Credit to Daniel Cheng of the Chromium development community. - Low CVE-2011-3954: Crash with excessive database usage. Credit to Collin Payne. - High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit to David Grogan of the Chromium development community. - Low CVE-2011-3956: Incorrect handling of sandboxed origins inside extensions. Credit to Devdatta Akhawe, UC Berkeley. - High CVE-2011-3958: Bad casts with column spans. Credit to miaubiz. - High CVE-2011-3959: Buffer overflow in locale handling. Credit to Aki Helin of OUSPG. - Medium CVE-2011-3960: Out-of-bounds read in audio decoding. Credit to Aki Helin of OUSPG. - Critical CVE-2011-3961: Race condition after crash of utility process. Credit to Shawn Goertzen. - Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit to Aki Helin of OUSPG. - Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to Code Audit Labs of VulnHunt.com. - Low CVE-2011-3965: Crash in signature check. Credit to Sławomir Błażek. - High CVE-2011-3966: Use-after-free in stylesheet error handling. Credit to Aki Helin of OUSPG. - Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben Carrillo. - High CVE-2011-3968: Use-after-free in CSS handling. Credit to Arthur Gerkis. - High CVE-2011-3969: Use-after-free in SVG layout. Credit to Arthur Gerkis. - Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to Aki Helin of OUSPG. - High CVE-2011-3971: Use-after-free with mousemove events. Credit to Arthur Gerkis. - Medium CVE-2011-3972: Out-of-bounds read in shader translator. Credit to Google Chrome Security Team (Inferno). -- Giuseppe Iuculano Sun, 19 Feb 2012 20:29:17 +0100 chromium-browser (16.0.912.77~r118311-1) unstable; urgency=high [ Jonathan Nieder ] * [b9c1859] fix path in Ubuntu-specific build rules. Thanks to Michael Kuhn (Closes: #655521) [ Giuseppe Iuculano ] * [c6132fa] Fix FTBFS with libav 0.8 (Closes: #654215) * New stable release: - High CVE-2011-3924: Use-after-free in DOM selections. Credit to Arthur Gerkis. - Critical CVE-2011-3925: Use-after-free in Safe Browsing navigation. Credit to Chamal de Silva. - High CVE-2011-3928: Use-after-free in DOM handling. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1415). - High CVE-2011-3927: Uninitialized value in Skia. Credit to miaubiz. - High CVE-2011-3926: Heap-buffer-overflow in tree builder. Credit to Arthur Gerkis. -- Giuseppe Iuculano Thu, 26 Jan 2012 10:57:28 +0100 chromium-browser (16.0.912.75~r116452-1) unstable; urgency=low * New stable version: - High CVE-2011-3921: Use-after-free in animation frames. Credit to Boris Zbarsky of Mozilla. - High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to Jüri Aedla. - High CVE-2011-3922: Stack-buffer-overflow in glyph handling. Credit to Google Chrome Security Team (Cris Neckar). -- Giuseppe Iuculano Mon, 09 Jan 2012 10:30:41 +0100 chromium-browser (16.0.912.63~r113337-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable version: - Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit to David Holloway of the Chromium development community. - Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to Aki Helin of OUSPG. - High CVE-2011-3907: URL bar spoofing with view-source. Credit to Luka Treiber of ACROS Security. - Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to Aki Helin of OUSPG. - Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS property array. Credit to Google Chrome Security Team (scarybeasts) and Chu. - Medium CVE-2011-3910: Out-of-bounds read in YUV video frame handling. Credit to Google Chrome Security Team (Cris Neckar). - High CVE-2011-3912: Use-after-free in SVG filters. Credit to Arthur Gerkis. - High CVE-2011-3913: Use-after-free in Range handling. Credit to Arthur Gerkis. - High CVE-2011-3914: Out-of-bounds write in v8 i18n handling. Credit to Sławomir Błażek. - High CVE-2011-3915: Buffer overflow in PDF font handling. Credit to Atte Kettunen of OUSPG. - Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher. Credit to Google Chrome Security Team (Marty Barbella). - High CVE-2011-3904: Use-after-free in bidi handling. Credit to Google Chrome Security Team (Inferno) and miaubiz. * [5299644] Update patches for v16 [ Michael Gilbert ] * [ce38c6a] depend on gyp >= r1119 * [d4236b8] fix upstream channel naming in source readme * [3683f5d] refresh nss-workaround.patch and system_v8.patch * [4c18347] add myself to uploaders -- Giuseppe Iuculano Sun, 01 Jan 2012 13:45:54 +0100 chromium-browser (15.0.874.121~r109964-1) unstable; urgency=high [ Jonathan Nieder ] * [f67eee0] chromium-inspector: Recommend chromium (>= 10) to avoid pulling in chromium-bsu * [4de64d5] Use /etc/debian_version, not `lsb_release -sr`, to populate BUILD_DIST * [7dba3cb] Permit '/' in Debian release names (Closes: #644526) * [aa996fe] Unbreak get-orig-source in non-C locales by using "svn log --xml" instead of "svn info" [ Giuseppe Iuculano ] * [dc3b8be] Revert "Merge 104421 - Fix library paths for preloading NSS on Ubuntu 11.10." Thanks to Jonathan Nieder (Closes: #647992) * [d729967] Use system v8 * New stable release: - High CVE-2011-3892: Double free in Theora decoder. Credit to Aki Helin of OUSPG. - Medium CVE-2011-3893: Out of bounds reads in MKV and Vorbis media handlers. Credit to Aki Helin of OUSPG. - High CVE-2011-3894: Memory corruption regression in VP8 decoding. Credit to Andrew Scherkus of the Chromium development community. - High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to Aki Helin of OUSPG. - High CVE-2011-3896: Buffer overflow in shader variable mapping. Credit to Ken “strcpy” Russell of the Chromium development community. - High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt reported through ZDI (ZDI-CAN-1416). - Low CVE-2011-3898: Failure to ask for permission to run applets in JRE7. Credit to Google Chrome Security Team (Chris Evans). - High CVE-2011-3900: Out-of-bounds write in v8. Credit to Christian Holler. -- Giuseppe Iuculano Wed, 07 Dec 2011 09:12:54 +0100 chromium-browser (15.0.874.106~r107270-1) unstable; urgency=medium [ Matteo F. Vescovi ] * [fb744c6] debian/control: cosmetic typo corrections (Closes: #644386) [ Giuseppe Iuculano ] * New stable release: - High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. - Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. - Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. - Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen. - Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. - Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. - Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. - High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov. - High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. - High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. - High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz. - High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. - Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. - High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. - High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. - High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean. * [62dfe31] Refreshed patches * [ebe38a0] Added scons, libelf-dev, and python-simplejson in Build-Depends * [301651c] Use icu and libv8 private copy and disable nacl [ Jonathan Nieder ] * [59f4ae6] debian/licenses: add Ms-PL license snippet. Thanks to Alexander Reichle-Schmehl (Closes: #647528) -- Giuseppe Iuculano Sun, 06 Nov 2011 14:27:45 +0100 chromium-browser (14.0.835.202~r103287-1) unstable; urgency=low [ Michael Gilbert ] * [0e3387d] Remove unneeded shlibs:Depends * [d7d8b22] Support libav's transition to multiarch * [3211a33] Use url to writable git repo in vcs-git field * [1c83896] Use relative symlinks to ffmpeg libraries [ Giuseppe Iuculano ] * New stable release: - High CVE-2011-2876: Use-after-free in text line box handling. Credit to miaubiz. - High CVE-2011-2877: Stale font in SVG text handling. Credit to miaubiz. - High CVE-2011-2878: Inappropriate cross-origin access to the window prototype. Credit to Sergey Glazunov. - High CVE-2011-2879: Lifetime and threading issues in audio node handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2880: Use-after-free in the v8 bindings. Credit to Sergey Glazunov. - High CVE-2011-2881: Memory corruption with v8 hidden objects. Credit to Sergey Glazunov. - Critical CVE-2011-3873: Memory corruption in shader translator. -- Giuseppe Iuculano Wed, 05 Oct 2011 11:15:53 +0200 chromium-browser (14.0.835.163~r101024-1) unstable; urgency=low [ Matteo F. Vescovi ] * [82a8b0b] debian/control: changing b-deps to libjpeg-dev (Closes: 641099) [ Giuseppe Iuculano ] * [ac85d47] Use system ffmpeg and icu * [b4fbcd0] debian/gbp.conf: Added conf for git-dch * [a4f4ee1] Do not install ffmpeg internal copy * New stable release: - High CVE-2011-2835: Race condition in the certificate cache. Credit to Ryan Sleevi of the Chromium development community. - Low CVE-2011-2836: Infobar the Windows Media Player plug-in to avoid click-free access to the system Flash. Credit to electronixtar. - Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to wbrana. - Low CVE-2011-2838: Treat MIME type more authoritatively when loading plug-ins. Credit to Michal Zalewski of the Google Security Team. - High CVE-2011-2839: Crash in v8 script object wrappers. Credit to Kostya Serebryany of the Chromium development community. - Low CVE-2011-2840: Possible URL bar spoofs with unusual user interaction. Credit to kuzzcc. - Medium CVE-2011-2843: Out-of-bounds read with media buffers. Credit to Kostya Serebryany of the Chromium development community. - Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit to Mario Gomes. - High CVE-2011-2846: Use-after-free in unload event handling. Credit to Arthur Gerkis. - High CVE-2011-2847: Use-after-free in document loader. Credit to miaubiz. - Medium CVE-2011-2848: URL bar spoof with forward button. Credit to Jordi Chancel. - Low CVE-2011-2849: Browser NULL pointer crash with WebSockets. Credit to Arthur Gerkis. - Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit to miaubiz. - Medium CVE-2011-2850: Out-of-bounds read with Khmer characters. Credit to miaubiz. - Medium CVE-2011-2851: Out-of-bounds read in video handling. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler. - High CVE-2011-2853: Use-after-free in plug-in handling. Credit to Google Chrome Security Team (SkyLined). - High CVE-2011-2854: Use-after-free in ruby / table style handing. Credit to Sławomir Błażek, and independent later discoveries by miaubiz and Google Chrome Security Team (Inferno). - High CVE-2011-2855: Stale node in stylesheet handling. Credit to Arthur Gerkis. - High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel Divricean. - High CVE-2011-2857: Use-after-free in focus controller. Credit to miaubiz. - High CVE-2011-2834: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - Medium CVE-2011-2859: Incorrect permissions assigned to non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm of Recurity Labs. - High CVE-2011-2860: Use-after-free in table style handling. Credit to miaubiz. - High CVE-2011-2862: Unintended access to v8 built-in objects. Credit to Sergey Glazunov. - Medium CVE-2011-2864: Out-of-bounds read with Tibetan characters. Credit to Google Chrome Security Team (Inferno). - Medium CVE-2011-2858: Out-of-bounds read with triangle arrays. Credit to Google Chrome Security Team (Inferno). - Low CVE-2011-2874: Failure to pin a self-signed cert for a session. Credit to Nishant Yadant of VMware and Craig Chamberlain (@randomuserid). - High CVE-2011-2875: Type confusion in v8 object sealing. Credit to Christian Holler. -- Giuseppe Iuculano Sat, 17 Sep 2011 21:46:29 +0200 chromium-browser (14.0.835.157~r99685-1) experimental; urgency=low * New beta release * Fix gbp.conf for experimental branch * Refreshed patches * Use libv8 system copy * Do not remove Makefile files * Added libpulse-dev in Build-Depends. * re-enable armel build * Patch v8_i18n to compile with libv8 system copy, thanks to Jérémy Lal * Added a lintian override for the NaCL IRT files -- Giuseppe Iuculano Wed, 07 Sep 2011 13:06:57 +0200 chromium-browser (13.0.782.220~r99552-1) unstable; urgency=high [ Giuseppe Iuculano ] * Fixed the dummy chromium-browser-l10n dependency (Closes: 639126) * New stable release: - Revoked trust for SSL certificates issued by DigiNotar-controlled intermediate CAs used by the Dutch PKIoverheid program. [ Jonathan Nieder ] * Add a replace and breaks entry to reflect the compatibility symlinks having moved to the chromium-browser package. [ Michael Gilbert ] * Fix lintian warning. * Fix manpage comment characters. * Strip the Native Client Integrated RunTime (NaCl IRT) libraries. * Objectify an old changelog entry (closes: #606261). -- Giuseppe Iuculano Tue, 06 Sep 2011 08:34:50 +0200 chromium-browser (13.0.782.215~r97094-1) unstable; urgency=low [ Michael Gilbert ] * Remove all automatically generated files during clean up (this makes it possible to build from source twice in a row now). * Bump standards version to 3.9.2. * Fix an obsolete character encoding in debian/copyright. * Fix build failure with cups >= 1.5.0. * Don't support lenny's cups anymore. * Use system config.guess and config.sub for yasm's autotools files. * Add chromium-browser.png symlink so old menu entries keep their icons (closes: #622841). * Add chromium-browser manpage symlink. * Clean up package short descriptions. [ Giuseppe Iuculano ] * Move the compatibility symlinks to the chromium-browser package * Fix the Vcs-Browser control field * New stable release: - High CVE-2011-2823: Use-after-free in line box handling. Credit to Google Chrome Security Team (SkyLined) and independent later discovery by miaubiz. - High CVE-2011-2824: Use-after-free with counter nodes. Credit to miaubiz. - High CVE-2011-2825: Use-after-free with custom fonts. Credit to wushi of team509 reported through ZDI (ZDI-CAN-1283), plus indepdendent later discovery by miaubiz. - High CVE-2011-2821: Double free in libxml XPath handling. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - High CVE-2011-2826: Cross-origin violation with empty origins. Credit to Sergey Glazunov. - High CVE-2011-2827: Use-after-free in text searching. Credit to miaubiz. - High CVE-2011-2828: Out-of-bounds write in v8. Credit to Google Chrome Security Team (SkyLined). - High CVE-2011-2829: Integer overflow in uniform arrays. Credit to Sergey Glazunov. * Added autotools-dev in Build-Depends -- Giuseppe Iuculano Tue, 23 Aug 2011 17:31:19 +0200 chromium-browser (13.0.782.107~r94237-1) unstable; urgency=high * New stable version - Medium CVE-2011-2358: Always confirm an extension install via a browser dialog. Credit to Sergey Glazunov. - High CVE-2011-2359: Stale pointer due to bad line box tracking in rendering. Credit to miaubiz and Martin Barbella. - Low CVE-2011-2360: Potential bypass of dangerous file prompt. Credit to kuzzcc. - Low CVE-2011-2361: Improve designation of strings in the basic auth dialog. Credit to kuzzcc. - Medium CVE-2011-2782: File permissions error with drag and drop. Credit to Evan Martin of the Chromium development community. - Medium CVE-2011-2783: Always confirm a developer mode NPAPI extension install via a browser dialog. Credit to Sergey Glazunov. - Low CVE-2011-2784: Local file path disclosure via GL program log. Credit to kuzzcc. - Low CVE-2011-2785: Sanitize the homepage URL in extensions. Credit to kuzzcc. - Low CVE-2011-2786: Make sure the speech input bubble is always on-screen. Credit to Olli Pettay of Mozilla. - Medium CVE-2011-2787: Browser crash due to GPU lock re-entrancy issue. Credit to kuzzcc. - Low CVE-2011-2788: Buffer overflow in inspector serialization. Credit to Mikołaj Małecki. - Medium CVE-2011-2789: Use after free in Pepper plug-in instantiation. Credit to Mario Gomes and kuzzcc. - High CVE-2011-2790: Use-after-free with floating styles. Credit to miaubiz. - High CVE-2011-2791: Out-of-bounds write in ICU. Credit to Yang Dingning from NCNIPC, Graduate University of Chinese Academy of Sciences. - High CVE-2011-2792: Use-after-free with float removal. Credit to miaubiz. - High CVE-2011-2793: Use-after-free in media selectors. Credit to miaubiz. - Medium CVE-2011-2794: Out-of-bounds read in text iteration. Credit to miaubiz. - Medium CVE-2011-2795: Cross-frame function leak. Credit to Shih Wei-Long. - High CVE-2011-2796: Use-after-free in Skia. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. - High CVE-2011-2797: Use-after-free in resource caching. Credit to miaubiz. - Low CVE-2011-2798: Prevent a couple of internal schemes from being web accessible. Credit to sirdarckcat of the Google Security Team. - High CVE-2011-2799: Use-after-free in HTML range handling. Credit to miaubiz. - Medium CVE-2011-2800: Leak of client-side redirect target. Credit to Juho Nurminen. - High CVE-2011-2802: v8 crash with const lookups. Credit to Christian Holler. - Medium CVE-2011-2803: Out-of-bounds read in Skia paths. Credit to Google Chrome Security Team (Inferno). - High CVE-2011-2801: Use-after-free in frame loader. Credit to miaubiz. - High CVE-2011-2818: Use-after-free in display box rendering. Credit to Martin Barbella. - High CVE-2011-2805: Cross-origin script injection. Credit to Sergey Glazunov. - [90222] High CVE-2011-2819: Cross-origin violation in base URI handling. Credit to Sergey Glazunov. * Re-added binutils-gold in Build-depends * Refreshed patches * Switch to git * Use system vpx, flac, webp, speex libs * Build-depens on gyp >= 0.1~svn971 * Run the gclient hooks when creating the source tarball, as we need files from the Native Client's integrated runtime (IRT) library (Thanks to Fabien Tassin) * Install the NaCL IRT files * Added a lintian override for the NaCL IRT files -- Giuseppe Iuculano Thu, 04 Aug 2011 11:02:34 +0200 chromium-browser (12.0.742.112~r90304-1) unstable; urgency=high * New stable micro release - [77493] Medium CVE-2011-2345: Out-of-bounds read in NPAPI string handling. Credit to Philippe Arteau. - [84355] High CVE-2011-2346: Use-after-free in SVG font handling. Credit to miaubiz. - [85003] High CVE-2011-2347: Memory corruption in CSS parsing. Credit to miaubiz. - [85102] High CVE-2011-2350: Lifetime and re-entrancy issues in the HTML parser. Credit to miaubiz. - [85177] High CVE-2011-2348: Bad bounds check in v8. Credit to Aki Helin of OUSPG. - [85211] High CVE-2011-2351: Use-after-free with SVG use element. Credit to miaubiz. - [85418] High CVE-2011-2349: Use-after-free in text selection. Credit to miaubiz. * Do not use the experimental gold linker -- Giuseppe Iuculano Wed, 29 Jun 2011 15:28:33 +0200 chromium-browser (12.0.742.91~r87961-1) unstable; urgency=high * New stable major release (Closes: 630548) - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer issues in float handling. Credit to miaubiz. - [75496] Medium CVE-2011-1809: Use-after-free in accessibility support. Credit to Google Chrome Security Team (SkyLined). - [75643] Low CVE-2011-1810: Visit history information leak in CSS. Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability Research - [76034] Low CVE-2011-1811: Browser crash with lots of form submissions. Credit to “DimitrisV22”. - [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to kuzzcc. - [78516] High CVE-2011-1813: Stale pointer in extension framework. Credit to Google Chrome Security Team (Inferno). - [79362] Medium CVE-2011-1814: Read from uninitialized pointer. Credit to Eric Roman of the Chromium development community. - [79862] Low CVE-2011-1815: Extension script injection into new tab page. Credit to kuzzcc. - [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit to kuzzcc. - [81916] Medium CVE-2011-1817: Browser memory corruption in history deletion. Credit to Collin Payne. - [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to miaubiz. - [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages. Credit to Vladislavas Jarmalis, plus subsequent independent discovery by Sergey Glazunov. - [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey Glazunov. - [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey Glazunov. * Refreshed patches. * Use internal libv8 copy * Use internal protobuf copy * Remove armel from archs, too many toolchain issues and we want chromium in testing. * Override the embedded-library error, chromium uses a modified sqlite copy. -- Giuseppe Iuculano Fri, 17 Jun 2011 11:13:54 +0200 chromium-browser (11.0.696.71~r86024-1) unstable; urgency=low * New Stable release: - [72189] Low CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De Silva - [82546] High CVE-2011-1804: Stale pointer in floats rendering. Credit to Martin Barbella. - [82873] Critical CVE-2011-1806: Memory corruption in GPU command buffer. Credit to Google Chrome Security Team (Cris Neckar). - [82903] Critical CVE-2011-1807: Out-of-bounds write in blob handling. Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany of the Chromium development community. -- Giuseppe Iuculano Wed, 25 May 2011 09:16:11 +0200 chromium-browser (11.0.696.68~r84545-3) unstable; urgency=low * Use the experimental gold linker -- Giuseppe Iuculano Mon, 23 May 2011 08:57:21 +0200 chromium-browser (11.0.696.68~r84545-2) unstable; urgency=low * Fix the libv8 patch * Disable javascript i18n api, we will re-enable it when libv8 will compile i18n experimental extension, #627066 -- Giuseppe Iuculano Tue, 17 May 2011 22:18:11 +0200 chromium-browser (11.0.696.68~r84545-1) unstable; urgency=high * New Stable release: - [64046] High CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit to Google Chrome Security Team (SkyLined). - [80608] High CVE-2011-1800: Integer overflows in SVG filters. Credit to Google Chrome Security Team (Cris Neckar). * Added --password-store=detect in chromium flags * Updated the svg logo * Ship the app icon in all the sizes provided upstream (Thanks Fabien Tassin) * Build-dep on gyp >= 0.1~svn917 to try to fix FTBFS on armel * Use protobuf system copy, this should fix FTBFS on armel #616662 * Bump urgency, we want chromium 11 in wheezy * Remove *.pyc from src/depot_tools and src/build (Closes: #626894) -- Giuseppe Iuculano Mon, 16 May 2011 22:05:07 +0200 chromium-browser (11.0.696.65~r84435-1) unstable; urgency=low * New Stable release: - Fixed password loss (Closes: #619903) - [61502] High CVE-2011-1303: Stale pointer in floating object handling. Credit to Scott Hess of the Chromium development community and Martin Barbella. - [70538] Low CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to Chamal De Silva. - [70589] Medium CVE-2011-1305: Linked-list race in database handling. Credit to Kostya Serebryany of the Chromium development community. - [71586] Medium CVE-2011-1434: Lack of thread safety in MIME handling. Credit to Aki Helin. - [72523] Medium CVE-2011-1435: Bad extension with ‘tabs’ permission can capture local files. Credit to Cole Snodgrass. - [72910] Low CVE-2011-1436: Possible browser crash due to bad interaction with X. Credit to miaubiz. - [73526] High CVE-2011-1437: Integer overflows in float rendering. Credit to miaubiz. - [74653] High CVE-2011-1438: Same origin policy violation with blobs. Credit to kuzzcc. - [74763] High CVE-2011-1439: Prevent interference between renderer processes. Credit to Julien Tinnes of the Google Security Team. - [75186] High CVE-2011-1440: Use-after-free with tag and CSS. Credit to Jose A. Vazquez. - [75347] High CVE-2011-1441: Bad cast with floating select lists. Credit to Michael Griffiths. - [75801] High CVE-2011-1442: Corrupt node trees with mutation events. Credit to Sergey Glazunov and wushi of team 509. - [76001] High CVE-2011-1443: Stale pointers in layering code. Credit to Martin Barbella. - [76542] High CVE-2011-1444: Race condition in sandbox launcher. Credit to Dan Rosenberg. - [76646] Medium CVE-2011-1445: Out-of-bounds read in SVG. Credit to wushi of team509. - [76666] [77507] [78031] High CVE-2011-1446: Possible URL bar spoofs with navigation errors and interrupted loads. Credit to kuzzcc. - [76966] High CVE-2011-1447: Stale pointer in drop-down list handling. Credit to miaubiz. - [77130] High CVE-2011-1448: Stale pointer in height calculations. Credit to wushi of team509. - [77346] High CVE-2011-1449: Use-after-free in WebSockets. Credit to Marek Majkowski. - [77349] Low CVE-2011-1450: Dangling pointers in file dialogs. Credit to kuzzcc. - [77463] High CVE-2011-1451: Dangling pointers in DOM id map. Credit to Sergey Glazunov. - [77786] Medium CVE-2011-1452: URL bar spoof with redirect and manual reload. Credit to Jordi Chancel. - [79199] High CVE-2011-1454: Use-after-free in DOM id handling. Credit to Sergey Glazunov. * Updated patches * Use libv8 system copy * Fixed FTBFS (converting to non-pointer type from NULL) * Addeed libpam0g-dev in Build-Depends * Fixed FTBFS with gcc 4.6 (closes: 624814) * Do not use the to use the experimental gold linker, it causes FTBFS * Added in install excluded files: genmacro genmodule genperf genstring genversion re2c yasm -- Giuseppe Iuculano Sat, 14 May 2011 15:22:23 +0200 chromium-browser (10.0.648.205~r81283-1) unstable; urgency=low * New stable release: - [75629] Critical CVE-2011-1301: Use-after-free in the GPU process. Credit to Google Chrome Security Team (Inferno). - [78524] Critical CVE-2011-1302: Heap overflow in the GPU process. Credit to Christoph Diehl. -- Giuseppe Iuculano Fri, 15 Apr 2011 09:13:45 +0200 chromium-browser (10.0.648.204~r79063-1) unstable; urgency=low * New stable release: - [72517] High CVE-2011-1291: Buffer error in base string handling. Credit to Alex Turpin. - [73216] High CVE-2011-1292: Use-after-free in the frame loader. Credit to Sławomir Błażek. - [73595] High CVE-2011-1293: Use-after-free in HTMLCollection. Credit to Sergey Glazunov. - [74562] High CVE-2011-1294: Stale pointer in CSS handling. Credit to Sergey Glazunov. - [74991] High CVE-2011-1295: DOM tree corruption with broken node parentage. Credit to Sergey Glazunov. - [75170] High CVE-2011-1296: Stale pointer in SVG text handling. Credit to Sergey Glazunov. * Depends on libvpx0 >= 0.9.6 (Closes: #618621) -- Giuseppe Iuculano Fri, 25 Mar 2011 12:20:13 +0100 chromium-browser (10.0.648.133~r77742-1) unstable; urgency=high * New stable release: - Fix CVE-2011-1290: Memory corruption in style handling. Credit to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported through ZDI. * chromium-browser: Depend on chromium (>= 10) (Closes: #617760) * Added a symlink to old binary name in chromium-browser package (Closes: #616623) * Document the binary renaming in the NEWS file. -- Giuseppe Iuculano Fri, 11 Mar 2011 23:10:31 +0100 chromium-browser (10.0.648.127~r76697-1) unstable; urgency=low * New stable version * Refreshed patches -- Giuseppe Iuculano Wed, 09 Mar 2011 23:04:13 +0100 chromium-browser (10.0.648.114~r75702-1) experimental; urgency=low * New beta version * Refreshed pathces * Renamed binary packages, new names: chromium, chromium-l10n, chromium-inspector, chromium-dbg * Removed SMULBB instructions (Closes: 611725) Thanks to Jérémy Lal * Move /etc/chromium-browser/{default,master_preferences} to /etc/chromium/{default,master_preferences} * Remove mips from archs * Use in-source v8 * Added binutils-gold in build-depends to use the experimental gold linker * debian/rules: Force $DEBIAN_NAME to chromium * Fixed the webkit version parser. Patch from Ubuntu, thanks to Fabien Tassin * Do not install anymore xdg-settings and xdg-mime copy * Install libppGoogleNaClPluginChrome.so -- Giuseppe Iuculano Wed, 02 Mar 2011 11:36:53 +0100 chromium-browser (9.0.597.107~r75357-1) unstable; urgency=low [ Giuseppe Iuculano ] * New Stable version: - [54262] High URL bar spoof. Credit to Jordi Chancel. - [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko. - [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov. - [68741] High Stale pointer with key frame rule. Credit to Sergey Glazunov. - [70078] High Crash with forms controls. Credit to Stefan van Zanden. - [70244] High Crash in SVG rendering. Credit to Sławomir Błażek. - [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle deserialization. Credit to Evgeniy Stepanov of the Chromium development community. - [71114] High Stale node in table handling. Credit to Martin Barbella. - [71115] High Stale pointer in table rendering. Credit to Martin Barbella. - [71296] High Stale pointer in SVG animations. Credit to miaubiz. - [71386] High Stale nodes in XHTML. Credit to wushi of team509. - [71388] High Crash in textarea handling. Credit to wushi of team509. - [71595] High Stale pointer in device orientation. Credit to Sergey Glazunov. - [71717] Medium Out-of-bounds read in WebGL. Credit to miaubiz. - [71855] High Integer overflow in textarea handling. Credit to miaubiz. - [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome Security Team (Inferno). - [72214] High Accidental exposure of internal extension functions. Credit to Tavis Ormandy of the Google Security Team. - [72437] High Use-after-free with blocked plug-ins. Credit to Chamal de Silva. - [73235] High Stale pointer in layout. Credit to Martin Barbella. [ Daniel Echeverry ] * Added patch fix-manpage.patch Closes: #607503 -- Giuseppe Iuculano Thu, 03 Mar 2011 11:42:01 +0100 chromium-browser (9.0.597.98~r74359-1) unstable; urgency=low [ Giuseppe Iuculano ] * New stable version: - [67234] High Stale pointer in animation event handling. Credit to Rik Cabanier. - [68120] High Use-after-free in SVG font faces. Credit to miaubiz. - [69556] High Stale pointer with anonymous block handling. Credit to Martin Barbella. - [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of Google. - [70456] Medium Possible failure to terminate process on out-of-memory condition. Credit to David Warren of CERT/CC. [ Daniel Echeverry ] * Fixed FTBFS caused by nspr.patch (Closes: #612618) -- Daniel Echeverry Sun, 20 Feb 2011 13:57:29 -0500 chromium-browser (9.0.597.84~r72991-1) unstable; urgency=low * New stable version: - [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG - [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to Google Chrome Security Team (SkyLined) and the Google Security Team (Michal Zalewski, David Bloom). - [62791] Low Browser crash with extension with missing key. Credit to Brian Kirchoff. - [65669] Low Handle merging of autofill profiles more gracefully. Credit to Google Chrome Security Team (Inferno). - [68244] Low Browser crash with bad volume setting. Credit to Matthew Heidermann. - [69195] Critical Race condition in audio handling. Credit to the gamers of Reddit! -- Giuseppe Iuculano Sun, 06 Feb 2011 23:50:23 +0100 chromium-browser (9.0.597.83~r72435-1) unstable; urgency=low [ Giuseppe Iuculano ] * New beta version. * Added a README.Debian and warn about downgrading (Closes: #605548) * honor DEB_BUILD_OPTIONS=nocheck, thanks to Jonathan Nieder (Closes: #589653) * Avoid "cannot access" messagges when using ffmpeg internal copy. Thanks to Jonathan Nieder. (Closes: #589563) * Refreshed patches. * Build against libv8 * Use libicu system headers * Use system glew * Use system xdg-utils * Build-depends on libv8-dev >= 2.5.9 * Update translations in Desktop file. Thanks to the Ubuntu translation team. * Upload to unstable [ Fabien Tassin ] * Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome * Add x-scheme-handler/http and x-scheme-handler/https to the MimeType entry of the desktop file * Set CHROME_WRAPPER to the real name of the wrapper now that upstream use its value * Set CHROME_DESKTOP in the wrapper to help the default browser checker (LP: #513133) -- Giuseppe Iuculano Sun, 30 Jan 2011 22:14:01 +0100 chromium-browser (9.0.597.45~r70550-1) experimental; urgency=low * New beta version -- Giuseppe Iuculano Mon, 17 Jan 2011 09:55:51 +0100 chromium-browser (9.0.597.19~r68937-1) experimental; urgency=low * New beta version * Refreshed patches -- Giuseppe Iuculano Wed, 29 Dec 2010 09:17:12 +0100 chromium-browser (9.0.587.0~r66374-1) experimental; urgency=low * New dev version -- Giuseppe Iuculano Sat, 20 Nov 2010 18:33:03 +0100 chromium-browser (9.0.576.0~r65344-1) experimental; urgency=low * New dev version * Refreshed patches * Added libxtst-dev in build-depends * Use v8, libvpx and glew system copy for the moment. * Disable tests * Do not install /usr/lib/chromium-browser/libosmesa.so (Closes: #599511) -- Giuseppe Iuculano Wed, 17 Nov 2010 22:26:37 +0100 chromium-browser (7.0.544.0~r61416-1) UNRELEASED; urgency=low * New dev version * Remove system-icu.patch, applied upstream * Remove icu44.patch, applied upstream * Refreshed patches * Enable compile-time dependency on gnome-keyring * Use system speex * Build depends on libv8-dev >= 2.4.7 * Remove disable_dlog_and_dcheck_in_release_builds.patch * Install libosmesa.so ssl_false_start_blacklist_process and xdg-mime -- Giuseppe Iuculano Wed, 06 Oct 2010 14:55:53 +0200 chromium-browser (6.0.472.63~r59945-5.1) unstable; urgency=low [ Daniel Echeverry ] * Updated copyright file to DEP5. Closes: #580784 -- Daniel Echeverry Mon, 17 Jan 2011 22:36:28 -0500 chromium-browser (6.0.472.63~r59945-5) unstable; urgency=high * Backported security patches from stable: - High Bad pointer handling in node iteration. Credit to Sergey Glazunov. - High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. - High Stale pointer with CSS + cursors. Credit to Jan Tošovský. - High Stale pointer with SVG use element. Credited anonymously; plus indepdent discovery by miaubiz. - High Vorbis decoder buffer overflows. Credit to David Warren of CERT. - High Bad cast in anchor handling. Credit to Sergey Glazunov. - High Bad cast in video handling. Credit to Sergey Glazunov. - High Stale rendering node after DOM node removal. Credit to Martin Barbella; plus independent discovery by Google Chrome Security Team (SkyLined). -- Giuseppe Iuculano Sat, 15 Jan 2011 12:04:52 +0100 chromium-browser (6.0.472.63~r59945-4) unstable; urgency=high * Backported security patches from stable: - [64-bit Linux only] High Bad validation for message deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium development community. - Low Browser crash with NULL pointer in web worker handling. Credit to Nathan Weizenbaum of Google. - Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf. - High Stale pointers in cursor handling. Credit to Sławomir Błażek and Sergey Glazunov. -- Giuseppe Iuculano Sat, 18 Dec 2010 17:39:19 +0100 chromium-browser (6.0.472.63~r59945-3) unstable; urgency=high * Backported security patches from stable: - Medium Cross-origin video theft with . Credit to Nirankush Panchbhai and Microsoft Vulnerability Research (MSVR). - High Use after free in history handling. Credit to Stefan Troger. - Medium Make sure the “dangerous file types” list is uptodate with the Windows platforms. Credit to Billy Rios of the Google Security Team. - High Crash due to bad indexing with malformed video. Credit to miaubiz. - High Use after free with SVG animations. Credit to Sławomir Błażek. - Medium Use after free in mouse dragging event handling. Credit to kuzzcc. -- Giuseppe Iuculano Tue, 07 Dec 2010 12:53:25 +0100 chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high * Added the missing changelog credit for the 5.0.375.29~r46008-1 revision. This corrects a bad debian/changelog merge. * Backported security patches from stable: - High Use-after-free in text editing. Credit to David Bloom of the Google Security Team, Google Chrome Security Team (Inferno) and Google Chrome Security Team (Cris Neckar). - High Memory corruption with enormous text area. Credit to wushi of team509. - High Bad cast with the SVG use element. Credit to the kuzzcc. - High Use-after-free in text control selections. Credit to "vkouchna". - High Integer overflows in font handling. Credit to Aki Helin of OUSPG. - High Bad use of destroyed frame object. Credit to various developers, including "gundlach". - High Type confusions with event objects. Credit to "fam.lam" and Google Chrome Security Team (Inferno). - High Out-of-bounds array access in SVG handling. Credit to wushi of team509. -- Giuseppe Iuculano Fri, 05 Nov 2010 09:19:33 +0100 chromium-browser (6.0.472.63~r59945-1) unstable; urgency=high * New stable microrelease. * Allow to choose whether links are opened in a new link or new tab. (Closes: #581391) Thanks to Sam Morris * Backported security patches: - Medium Possible autofill / autocomplete profile spamming. Credit to Google Chrome Security Team (Inferno). - High Crash with forms. Credit to the Chromium development community. - Critical Browser crash with form autofill. Credit to the Chromium development community. - High Possible URL spoofing on page unload. Credit to kuzzcc; plus independent discovery by Jordi Chancel. - High Possible memory corruption with animated GIF. Credit to Simon Schaak. - High Failure to sandbox worker processes on Linux. Credit to Google Chrome Security Team (Chris Evans). - High Stale elements in an element map. Credit to Michal Zalewski of the Google Security Team. -- Giuseppe Iuculano Tue, 19 Oct 2010 12:59:21 +0200 chromium-browser (6.0.472.62~r59676-1) unstable; urgency=low * New stable security microrelease: - [55114] High Bad cast with malformed SVG. Credit to wushi of team 509. - [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron Ten-Hove of Google. - [55350] High Cross-origin property pollution. Credit to Stefano Di Paola of MindedSecurity. * Add translations for the "Name" field in the desktop file, and fix some "Comment" / "GenericName". Thanks to the Ubuntu translation team. * Build with PIE (Position Independent Executable) -- Giuseppe Iuculano Sat, 18 Sep 2010 16:48:44 +0200 chromium-browser (6.0.472.59~r59126-1) unstable; urgency=low * New stable security microrelease: - [50250] High Use-after-free when using document APIs during parse. Credit to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and wushi of team 509 (independent discoveries). - [50712] High Use-after-free in SVG styles. Credit to kuzzcc. - [51252] High Use-after-free with nested SVG elements. Credit to kuzzcc. - [51709] Low Possible browser assert in cursor handling. Credit to "magnusmorton". - [51919] High Race condition in console handling. Credit to kuzzcc. - [53176] Low Unlikely browser crash in pop-up blocking. Credit to kuzzcc. - [53394] High Memory corruption in Geolocation. Credit to kuzzcc. - [53930] High Memory corruption in Khmer handling. Credit to Google Chrome Security Team (Chris Evans). - [54006] Low Failure to prompt for extension history access. Credit to "adriennefelt". -- Giuseppe Iuculano Wed, 15 Sep 2010 16:00:10 +0200 chromium-browser (6.0.472.53~r57914-3) unstable; urgency=low * Upload to unstable, this release fixes the following security issue: - [34414] Low Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”. - [37201] Medium URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security. - [41654] Medium Apply more restrictions on setting clipboard content. Credit to Brook Novak. - [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team. - [45876] Medium Possible installed extension enumeration. Credit to Lostmon. - [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell. - [50386] High Use-after-free in Notifications presenter. Credit to Sergey Glazunov. - [50839] High Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined). - [51630] [51739] High Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar). - [51653] High Memory corruption with counter nodes. Credit to kuzzcc. - [51727] Low Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno). - [52443] High Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249). - [52682] High Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team. - [53001] Medium Cross-origin image theft. Credit to Isaac Dawson. * Provide gnome-www-browser (Closes: #594057) * use startup-notification correctly (Closes: #581347) * the main scrollbar doesn'have anymore low contrast (Closes: #582648) * check DISPLAY envvar (Closes: #587398) * Doesn't segfault with cups (Closes: #593748) -- Giuseppe Iuculano Tue, 07 Sep 2010 18:49:45 +0200 chromium-browser (6.0.472.53~r57914-2) experimental; urgency=low * Do not install libppapi_tests.so and DumpRenderTree_resources/ * Add libppapi_tests.so to INSTALL_EXCLUDE_FILES and DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS -- Giuseppe Iuculano Sat, 04 Sep 2010 08:28:27 +0200 chromium-browser (6.0.472.53~r57914-1) experimental; urgency=low * New upstream release * Merge the unstable branch * Backport arm ffmpeg fix from unstable (v5) * chromium-browser-inspector: added a conflict with chromium-browser (<< ${source:Version}) (Closes: #594909) -- Giuseppe Iuculano Wed, 01 Sep 2010 15:39:16 +0200 chromium-browser (6.0.472.36~r55963-1) experimental; urgency=low * New beta release * Refreshed patches * Build and use the custom ffmpeg copy * Build and use the custom protobuf copy. -- Giuseppe Iuculano Thu, 19 Aug 2010 09:53:03 +0200 chromium-browser (6.0.466.0~r52279-1) experimental; urgency=low * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164) * New dev upstream for experimental suite * Refreshed patches. * Install new resource.pak * Added libcups2-dev, libgnome-keyring-dev, libgconf2-dev in BUild-depends * set disable_sse2=1 * Switch back to ffmpeg system libs * Install DumpRenderTree_resources * Define GOOGLE_PROTOBUF_NO_RTTI to fix FTBFS when compiling against system protobuf -- Giuseppe Iuculano Wed, 21 Jul 2010 14:40:57 +0200 chromium-browser (5.0.375.127~r55887-2) UNRELEASED; urgency=low * Provide gnome-www-browser (Closes: #594057) * Use hardening-wrapper -- Giuseppe Iuculano Sun, 29 Aug 2010 12:20:18 +0200 chromium-browser (5.0.375.127~r55887-1) unstable; urgency=high * New stable security microrelease. - Critical. Memory corruption with file dialog. Credit to Sergey Glazunov. - High. Memory corruption with SVGs. Credit to wushi of team509. - High. Bad cast with text editing. Credit to wushi of team509. - High. Possible address bar spoofing with history bug. Credit to Mike Taylor. - High. Memory corruption in MIME type handling. Credit to Sergey Glazunov. - Critical. Crash on shutdown due to notifications bug. Credit to Sergey Glazunov. - Medium. Stop omnibox autosuggest if the user might be about to type a password. Credit to Robert Hansen. - High. Memory corruption with Ruby support. Credit to kuzzcc. - High. Memory corruption with Geolocation support. Credit to kuzzcc. * Remove gecko-mediaplayer from blacklist (Closes: #590145) -- Giuseppe Iuculano Fri, 20 Aug 2010 11:09:16 +0200 chromium-browser (5.0.375.125~r53311-1) unstable; urgency=medium * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164) * New stable micro release: - Medium Memory contents disclosure in layout code. Credit to Michail Nikolaev. - High Issue with large canvases. Credit to sp3x of SecurityReason.com. - High Memory corruption in rendering code. Credit to Jose A. Vazquez. - High Memory corruption in SVG handling. Credit to Aki Helin of OUSPG. - Low Avoid hostname truncation and incorrect eliding. Credit to Google Chrome Security Team (Inferno). -- Giuseppe Iuculano Tue, 27 Jul 2010 12:44:58 +0200 chromium-browser (5.0.375.99~r51029-4) unstable; urgency=low * Fix FTBFS with icu 4.4 (Closes: #589414) * Do not use armv4 incompatible code * Remove src/out and "*.pyc" files in clean target. (Closes: #589160) Thanks to Timo Juhani Lindfors. -- Giuseppe Iuculano Sat, 17 Jul 2010 17:22:47 +0200 chromium-browser (5.0.375.99~r51029-3) unstable; urgency=low * [armel] Disabled thumb to fix FTBFS in armel * Bump to Standards-Version 3.9.0, no changes needed * Backport support for the Ambiance/Radiance and Dust themes button ordering by reading the gconf pref -- Giuseppe Iuculano Thu, 08 Jul 2010 13:34:15 +0200 chromium-browser (5.0.375.99~r51029-2) unstable; urgency=low * Backport patch for CVE-2010-1760 * [armel] set arm_neon=0 * [armel] Remove all V5TE, VFP code from ffmpeg -- Giuseppe Iuculano Tue, 06 Jul 2010 16:14:12 +0200 chromium-browser (5.0.375.99~r51029-1) unstable; urgency=low * DEB_HOST_ARCH_CPU in armel is arm, updating debian/rules * New stable version, this release fixes the following security issues: - [42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome Security Team (SkyLined). - [42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to sirdarckcat of Google Security Team. - [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of OUSPG; wushi of team509. - [44424] High Memory corruption in bidi algorithm. Credit to wushi of team509. - [45164] Low Crash with invalid image. Credit to javg0x83. - [45983] High Memory corruption with invalid PNG (libpng bug). Credit to Aki Helin of OUSPG. - [46360] High Memory corruption in CSS style rendering. Credit to wushi of team509. - [46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren. - [47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG. * Remove armv6 and armv7 support from ffmpeg internal copy * Set arm_thumb=0 to avoid FTBFS in armel. Thanks to Peter De Schrijver, Timo Lindfors and Reinhard Tartler -- Giuseppe Iuculano Sat, 03 Jul 2010 13:23:26 +0200 chromium-browser (5.0.375.86~r49890-4) unstable; urgency=low * Use the full path in chromium-browser.desktop Exec field (Closes: #580582) * Remove the 3d patch, non-3d videos are messed up (Closes: 587389) * Build depends on libicu-dev (>= 4.2.1) and libevent-dev (>= 1.4.13) to avoid bad backports -- Giuseppe Iuculano Mon, 28 Jun 2010 15:10:05 +0200 chromium-browser (5.0.375.86~r49890-3) unstable; urgency=low * Set ffmpeg_branding=Chrome to enable the h264 decoder (Closes: #587293) * Backport VP8/WebM code and use system copy of libvpx * Add xulrunner lib path to LD_LIBRARY_PATH (Closes: #574679) * Removed license info for src/native_client/src/third_party/valgrind/bin/ * Fixed 3d visualization on youtube video with html5 and Webm -- Giuseppe Iuculano Sun, 27 Jun 2010 13:01:44 +0200 chromium-browser (5.0.375.86~r49890-2) unstable; urgency=low * Partially revert info in about:version, it has significant impact in first-run performance * Build and use the custom ffmpeg copy, when ffmpeg 0.6 will be uploaded in unstable chromium will use the system copy of ffmpeg. (Closes: #581507) * Install libffmpegsumo * Add a replace and conflict entry for chromium-codecs-ffmpeg and chromium-codecs-ffmpeg-extra. This is necessary for people who used or are using the unofficial PPA build. * Update language list in chromium-browser-l10n description -- Giuseppe Iuculano Sat, 26 Jun 2010 09:47:17 +0200 chromium-browser (5.0.375.86~r49890-1) unstable; urgency=low [ Jonathan Nieder ] * Use dpkg-architecture directly instead of relying on dpkg-buildpackage to set DEB_*_ARCH variables. Use DEB_HOST_ARCH_CPU instead of DEB_BUILD_ARCH to detect target CPU. (Closes: #585801) [ Giuseppe Iuculano ] * New stable version, this release fixes the following security issues: - [38105] Medium XSS via application/json response (regression). Credit to Ben Davis for original discovery and Emanuele Gentili for regression discovery. - [43322] Medium Memory error in video handling. Credit to Mark Dowd under contract to Google Chrome Security Team. - [43967] High Subresource displayed in omnibox loading. Credit to Michal Zalewski of Google Security Team. - [45267] High Memory error in video handling. Credit to Google Chrome Security Team (Cris Neckar). - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo Marcos of SECFORCE. - Drop the XLIB_SKIP_ARGB_VISUALS workaround as it creates regressions. See http://crbug.com/46439 * Use /usr/bin/chromium-browser in chromium-browser.xml (Closes: #580582) [ Fabien Tassin ] * Show in about:version when chromium is running on a different distribution that it has been built on - udpate debian/rules - rename and update debian/chromium-browser.sh => debian/chromium-browser.sh.in -- Giuseppe Iuculano Fri, 25 Jun 2010 10:15:35 +0200 chromium-browser (5.0.375.70~r48679-2) unstable; urgency=low [ Fabien Tassin ] * Accept 'stable' as value for $(CHANNEL) - update debian/rules [ Giuseppe Iuculano ] * Use the full path in chromium-browser.xml, now Gnome's Preferred Applications doesn't get confused. (Closes: #580582) * debian/patches/protobuf.patch: Use system copy of libprotobuf * Added protobuf-compiler and libprotobuf-dev in Build-Depends * debian/patches/glew.patch: Use system copy of libglewmx (version with support for thread-safe usage of multiple rendering contexts) * Added libglewmx1.5-dev in Build-Depends * Removed Fabien and Alexander from Uploaders. * Updated VCS control fields * Fix an infinite recursion crash when trying to wrap media elements without a media player. (Closes: #582709) -- Giuseppe Iuculano Sun, 13 Jun 2010 22:23:59 +0200 chromium-browser (5.0.375.70~r48679-1) unstable; urgency=low [ Fabien Tassin ] * Add a --temp-profile knob to the launcher script starting Chromium with a new profile which will last only for the duration of the session - update debian/chromium-browser.sh * Change StartupWMClass to Chromium-browser in the desktop launcher so cairo-dock does the right thing (LP: #587664) - update debian/chromium-browser.desktop * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick). (LP: #584959) - update debian/chromium-browser.sh [ Giuseppe Iuculano ] * New upstream stable release, this release fixes the following security issues: - [15766] Medium Cross-origin keystroke redirection. - [39985] High Cross-origin bypass in DOM methods. - [42723] High Memory error in table layout. - [43304] High Linux sandbox escape. - [43307] High Bitmap stale pointer. - [43315] High Memory corruption in DOM node normalization. - [43487] High Memory corruption in text transforms. - [43902] Medium XSS in innerHTML property of textarea. - [44740] High Memory corruption in font handling. - [44868] High Geolocation events fire after document deletion. - [44955] High Memory corruption in rendering of list markers. -- Giuseppe Iuculano Wed, 09 Jun 2010 12:08:42 +0200 chromium-browser (5.0.375.55~r47796-1) unstable; urgency=low * New beta release. - This release contains some minor crash and stability fixes. * Switch to dpkg-source 3.0 (quilt) format. * Don't use a tar.lzma-in-a-tar.gz - Now debian/rules binary works (Closes: #580535) * Refreshed patches and removed zoom_incognito.patch (applied upstream) * Removed quilt from Build-Depends * Build-depends on libv8-dev >= 2.2.7 and fix build-depends-on-1-revision lintian warning -- Giuseppe Iuculano Sun, 23 May 2010 23:22:16 +0200 chromium-browser (5.0.375.38~r46659-2) unstable; urgency=low [ Fabien Tassin ] * Unbreak get-orig-source when it needs to drop its cache after a channel jump (replace brace expansion - which is a bashism - with proper $(wildcard)) - update debian/rules [ Giuseppe Iuculano ] * chromium-browser-inspector: demoted chromium-browser to Recommend and avoid circular dependency (Closes: #581743) * Tell Chromium to look in /etc/chromium-browser for the master_preferences file - update debian/patches/series - add debian/patches/prefs.patch * Ship a custom first-run preferences file - update debian/chromium-browser.install - add debian/master_preferences * Removed g++-4.3 | g++-4.2 from Build-Depends - update debian/control * Removed the icon field from the menu file - update debian/chromium-browser.menu * Removed libc6-dev-i386 [amd64] and g++-multilib [amd64] from Build-Depends - update debian/control * Install a presubj bug file - update debian/chromium-browser.install - add debian/presubj * Forget zoom levels set/changed in incognito mode - add debian/patches/zoom_incognito.patch - update debian/patches/series -- Giuseppe Iuculano Tue, 18 May 2010 23:52:40 +0200 chromium-browser (5.0.375.38~r46659-1) unstable; urgency=low [ Giuseppe Iuculano ] * Use system copy of libv8 - update debian/control - update debian/patches/series - update debian/patches/system_v8.patch - update debian/rules * Build-depends on libv8-dev >= 2.2.7 See http://code.google.com/p/v8/issues/detail?id=506 - update debian/control * Recognize iceweasel in about:memory - update debian/patches/series - add debian/patches/memory_iceweasel.patch * Set arch to i386 amd64 armel mips * New beta release - In addition to crash and stability fixes, this release also includes a localization refresh * Upload in unstable [ Andres Mejia ] * Be able to use system ffmpeg-0.5.1. (Closes: #580947) -- Giuseppe Iuculano Thu, 13 May 2010 11:31:32 +0200 chromium-browser (5.0.375.29~r46008-3) experimental; urgency=low * Include system copy of prtime.h - add debian/patches/nspr.patch - update debian/patches/series * Use system libicu - add debian/patches/system-icu.patch * webkit needs to call nss to pull in nspr headers - add debian/patches/nss.patch - update debian/patches/series * Ops, libavutil50 is not yet in Debian, removed from depends (Closes: #580769) - update debian/control * Include system copy of expat.h - update debian/patches/series - add debian/patches/expat.patch -- Giuseppe Iuculano Sun, 09 May 2010 11:34:10 +0200 chromium-browser (5.0.375.29~r46008-2) experimental; urgency=low * Do not pre-depend on lzma. Thanks to Sven Joachim. (Closes: #580485) - update debian/control * Do not force -j$(PROCESSORS), use DEB_BUILD_OPTIONS's parallel=n option instead so the person doing the build can decide how many processes to run in parallel. (Closes: #580490) - update debian/rules * Reintroduce add_enable_sse2_flag.patch (Closes: #580608) - update debian/rules - update debian/patches/add_enable_sse2_flag.patch - update debian/patches/series * Added a Debian menu file (Closes: #580591) - add debian/chromium-browser.menu * Use system yasm - update debian/rules - update debian/control * Removed DEB_MAKE_EXTRA_ARGS, we already use DEB_MAKE_ENVVARS for parallel build - update debian/rules * Set use_system_ffmpeg and symlink libavcodec libavformat and libavutil. This enables HTML5 video (Closes: 580610) - update debian/rules - update debian/patches/series - add debian/chromium-browser.links - add debian/patches/ffmpeg-no-pkgconfig.patch - add debian/patches/ffmpegfix.patch * Added libavcodec52, libavformat52 and libavutil50 in Depends - update debian/control -- Giuseppe Iuculano Sat, 08 May 2010 00:41:38 +0200 chromium-browser (5.0.375.29~r46008-1) experimental; urgency=low [Giuseppe Iuculano] * Switch to system libs and enabled libxml - update debian/rules * Use system libevent, libicu and libxslt - update debian/rules - update debian/control * New upstream release from the Beta Channel * Fixed a typo in the maintainer field - update debian/control * Removed ubuntu_dont_overwrite_default_download_directory.patch, the default download location can be set via the options dialog - update debian/patches/series - removed ubuntu_dont_overwrite_default_download_directory.patch * use dh_install --list-missing - update debian/rules * Updated VCS control field, at this moment is a private branch on launchpad - update debian/control * Updated debian/copyright and fixed glitches pointed out by ftpmaster - update debian/copyright - update debian/copyright.problems * Added a strict depend in chromium-browser-inspector - update debian/control [ Fabien Tassin ] * Add app_unittests_strings to INSTALL_EXCLUDE_DIRS - update debian/rules * Add a gnome-www-browser alternative (LP: #571103) - update debian/chromium-browser.{postinst,prerm} * Build with build_ffmpegsumo=0 instead of use_system_ffmpeg=1 (which now means something else) - update debian/rules * Install resources/{bookmark_manager,net_internals} in the main deb - update debian/chromium-browser.install * Drop the sse2 patch, it has been applied upstream, and set disable_sse2 - drop debian/patches/drop_sse2.patch - update debian/patches/series - update debian/rules * Add app_unittests_strings, resources/{calendar_app,docs_app,gmail_app} and pyproto to INSTALL_EXCLUDE_DIRS - update debian/rules -- Giuseppe Iuculano Thu, 06 May 2010 12:01:07 +0200 chromium-browser (5.0.342.9~r43360-1) experimental; urgency=low [ Fabien Tassin ] * Add xdg-utils to Depends (LP: #568984) - update debian/control * Disable DLOG and DCHECK. This should improve performances. - update debian/rules [ Giuseppe Iuculano ] * Replace xbase-clients with x11-apps in build-depdends - update debian/control * Bump debhelper compatibility to 7 - update debian/control - update debian/compat * Bump to Standards-Version 3.8.4, no changes needed - update debian/control * Removed the strict depends in chromium-browser-l10n, and made chromium-browser safely binNMUable - update debian/control * Set Priority extra for chromium-browser-dbg - update debian/control * Added the debhelper token in prerm and postinst scripts - update debian/chromium-browser.postinst - update debian/chromium-browser.prerm * Removed cdbs cruft and fix patch-system-but-direct-changes-in-diff lintian warning - update debian/rules * Build-depends on coreutils >= 7.5 | timeout - update debian/control * Use lzma only in Ubuntu, this is not yet permitted in the Debian archive - update debian/rules * Move chromium-browser-dbg in debug section and improve its extended description - update debian/control * Set CHROME_VERSION_EXTRA to Debian in the Debian package - update debian/rules * Updated Maintainer and Uploader lists - update debian/control * Upload to experimental (Closes: #520324) * Removed chromium-codecs-ffmpeg from Depends - update debian/control -- Giuseppe Iuculano Mon, 26 Apr 2010 15:03:00 +0200 chromium-browser (5.0.342.9~r43360-0ubuntu2) lucid; urgency=low [ Fabien Tassin ] * Mention 'Chrome' in the main package description (LP: #561667) - update debian/control * When 'gclient update' fails, clear up the cache and retry. This helps the channels updates often failing with a "Can't switch the checkout" error - update debian/rules [ Chris Coulson ] * Update the default search URL - update debian/rules -- Fabien Tassin Fri, 16 Apr 2010 17:36:29 +0200 chromium-browser (5.0.342.9~r43360-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - Fix extensions installer where some extensions cannot be installed (issue 38220) * Don't build with system zlib on Intrepid/Jaunty (needed to unbreak the backports). See http://crbug.com/38073 - update debian/rules -- Fabien Tassin Wed, 07 Apr 2010 21:02:55 +0200 chromium-browser (5.0.342.7~r42476-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - fix an issue with Google SSL sites failing with 'error 107 (net::ERR_SSL_PROTOCOL_ERROR)' (issue 37722) - Automatic translations and greater control over content for privacy - Really, really reload. A normal reload causes the browser to check with the server before reusing its cached content. The server can decide whether or not the browser should use its cached content. A force reload causes the browser to ignore its cached content and ask the server for a fresh copy of the page. Use Shift+Reload to force a reload. * Add libdbus-glib-1-dev to Build-Depends - update debian/control * Move third_party/gles2_book from STRIPPED_DIRS to ALMOST_STRIPPED_DIRS as we now need its gyp file (but nothing else) - update debian/rules * Bump gyp requirement to >= 0.1~svn795, it's needed for the new syntax - update debian/control * Add 'timestats' to INSTALL_EXCLUDE_FILES - update debian/rules * Import translations and mime-types from the upstream desktop file Thanks to Julien Lavergne (LP: #538664) - update debian/chromium-browser.desktop * Import the free SVG logo from the Chromium website and install it in /usr/share/icons/hicolor/scalable/apps (LP: #528640) - add debian/chromium-browser.svg - update debian/rules * Move chromium-browser-inspector to Depends, it breaks some features when it's not installed - update debian/control * Rename chromium-codecs-ffmpeg-nonfree into chromium-codecs-ffmpeg-extra and move the two codecs back to Depends (LP: #537617, #513776) - update debian/control -- Fabien Tassin Thu, 25 Mar 2010 08:22:40 +0100 chromium-browser (5.0.307.11~r39572-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - Fixed an issue where an error resolving a proxy server would not try a direct connection. (Issue 32316) - Fixed an extensions bug that could crash the entire browser. (Issue 34778) - Fixed an issue in the cross-site scripting auditor that could prevent Google translate from working on sites. (Issue 33115) -- Fabien Tassin Sat, 27 Feb 2010 17:07:23 +0100 chromium-browser (5.0.307.9~r39052-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel - Fixed a tab crash that could be triggered by visiting wordpress.com, http://acid3.acidtests.org/, and many other sites. (Issue 35498) - Fixed a tab crash in image loading. (Issue 32230) - Improved font bolding for fonts without native bold. (Issue 22360) * Bump gyp Build-Depends to >= 0.1~svn785 - update debian/control * Add --no-circular-check to gyp_chromium to prevent gyp from failing - update debian/rules -- Fabien Tassin Thu, 18 Feb 2010 00:20:07 +0100 chromium-browser (5.0.307.7~r38400+0-0ubuntu1) lucid; urgency=low * Disable WANT_SYSTEM_LIBS since it makes Gmail/GCal crash (libxml, libxslt, ..). See http://crbug.com/34725 (LP: #522078) - update debian/rules -- Fabien Tassin Mon, 15 Feb 2010 12:17:07 +0100 chromium-browser (5.0.307.7~r38400-0ubuntu1) lucid; urgency=low * New upstream release from the Beta Channel * Re-add the -l10n strict version dependency on chromium-browser - update debian/control -- Fabien Tassin Fri, 12 Feb 2010 22:00:39 +0100 chromium-browser (5.0.307.5~r37950+0-0ubuntu1) lucid; urgency=low * Drop third_party/libxml from STRIPPED_SYSTEM_LIB_DIRS - update debian/rules -- Fabien Tassin Wed, 10 Feb 2010 18:46:55 +0100 chromium-browser (5.0.307.5~r37950-0ubuntu1) lucid; urgency=low * Add libxss-dev to Build-Depends, the new browser sync engine needs X11/extensions/scrnsaver.h - update debian/control * Add a safety net to get-orig-source when fetching sources for a channel - update debian/rules -- Fabien Tassin Tue, 09 Feb 2010 17:07:18 +0100 chromium-browser (4.0.305.0~svn20100123r36929-0ubuntu1) lucid; urgency=low [ Fabien Tassin ] * Initial release. (Closes: #520324, LP: #387765) [ Alexander Sack ] * extensive license review; see copyright and copyright.problems; also see debian/licensecheck.pl for details how the copyright files are generated * address archive-admin comments: + add "Paul Hsieh's Public Domain Option" license snippet and mark net/disk_cache/hash.cc to be govered by that; recreate copyright* - add debian/licenses/LICENSE.Paul Hsieh's Public Domain Option - update debian/licensecheck.pl - update debian/copyright - update debian/copyright.problems -- Fabien Tassin Tue, 26 Jan 2010 17:43:19 +0100