lp://qastaging/~chromium-team/chromium-browser/raring-proposed

Created by Chad Miller and last modified
Get this branch:
bzr branch lp://qastaging/~chromium-team/chromium-browser/raring-proposed
Members of Chromium team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Chromium team
Project:
Chromium Browser
Status:
Development

Recent revisions

880. By C Miller <email address hidden>

Release '28.0.1500.71-0ubuntu1.13.04.1'.

879. By Chad Miller

Removing testing code from rules near get-orig-src.

878. By Chad Miller

* New release 28.0.1500.71.
* debian/chromium-browser.install: Include inspector resources in
  chromium-browser package.
* debian/control: Make new -dbg package for chromedriver.
* debian/rules:
  - Remove tests for ancient versions of Ubuntu.
  - Return to using no explicity NEON fpu, and instead try to detect at
    runtime NEON caps. This effectively disables NEON, so far.
  - Build and run unit test suite as part of making a package. Abort if
    more than 15 out of ~1000 tests fail.
  - Clean up packaging sanity test that verifies everything we build is
    put into a package.
  - Set relative rpath to libs/ for chromium-browser executable, but . for
    libraries in libs/ ; that makes dpkg-shlibdeps happy and process run.
  - Strip out some ugly logic around keeping only one language in the main
    package, and keeping the contents verifier happy based on the
    architecture.
  - EXPERIMENT: Try not stripping enormous libraries' symbols explicitly.
  - Add more exceptions for packaging contents tests, this time to exclude
    files that are in package but not from the build tree.
  - Be more explicit about what files we set the rpath on. Get all
    executables. We missed chromedriver before.
  - Only one hardware arch builds the independent files, so in our sanity
    test that we install everything upstream built once and only once in
    packages, we have to consider whether this build didn't even try to
    take and use arch-independent files. Don't look for some file paths if
    we don't use them. (Also, if we match too much of what we used, also
    remove matches from the list of created. This should be better.)
* debian/patches/arm-neon.patch:
  - Compile in NEON instructions for ARM, even if we can't reliably check for
    whether our CPU is capable of running them yet. The major problem
    remaining is that the sandbox security wrapper defeats any test of
    /proc/cpuinfo .
* debian/source/lintian-overrides:
  - Supress warnings about known intentional decisions: Package name,
    statically linked bundled libraries, setuid root sandbox.
* debian/chromium-browser.sh.in:
  - Detect at startup the features of the CPU that we might be intersted
    in and export info into the environment. This is step one of a longer
    workaround for sandbox /proc restrictions.
* Make a fall-back for when upstream fails to release a Release. Package up
  as best we can from source control. debian/rules and
  debian/checkout-orig-source.mk .
* debian/tests/:
  - Add smoketest to verify that chromium runs.
  - Add a empty webapps test file for notes about what parts of webapps will
    or should be tested.
* debian/keep-alive.sh. Quit if disk environment disappears.

877. By Chad Miller

Enable and refresh webapps patches.

876. By Chad Miller

* Conform to newer Ayatana standard for Desktop Actions.
* Prefer "-extra" codecs package.
* Update webapps patches, to hide the bar asking the user's permission
  to run webapps extension for this window.

875. By Chad Miller

[Chris Coulson]
debian/rules: Disable tcmalloc on all component builds, not just on
arm builds.

874. By Chad Miller

New stable release 28.0.1500.52

873. By Chad Miller

Add new build-dep, "chrpath".

872. By Chad Miller

* New stable release 28.0.1500.45
* New stable release 27.0.1453.110:
  - CVE-2013-2855: Memory corruption in dev tools API.
  - CVE-2013-2856: Use-after-free in input handling.
  - CVE-2013-2857: Use-after-free in image handling.
  - CVE-2013-2858: Use-after-free in HTML5 Audio.
  - CVE-2013-2859: Cross-origin namespace pollution.
  - CVE-2013-2860: Use-after-free with workers accessing database APIs.
  - CVE-2013-2861: Use-after-free with SVG.
  - CVE-2013-2862: Memory corruption in Skia GPU handling.
  - CVE-2013-2863: Memory corruption in SSL socket handling.
  - CVE-2013-2864: Bad free in PDF viewer.
* New stable release 27.0.1453.93:
  - CVE-2013-2837: Use-after-free in SVG.
  - CVE-2013-2838: Out-of-bounds read in v8.
  - CVE-2013-2839: Bad cast in clipboard handling.
  - CVE-2013-2840: Use-after-free in media loader.
  - CVE-2013-2841: Use-after-free in Pepper resource handling.
  - CVE-2013-2842: Use-after-free in widget handling.
  - CVE-2013-2843: Use-after-free in speech handling.
  - CVE-2013-2844: Use-after-free in style resolution.
  - CVE-2013-2845: Memory safety issues in Web Audio.
  - CVE-2013-2846: Use-after-free in media loader.
  - CVE-2013-2847: Use-after-free race condition with workers.
  - CVE-2013-2848: Possible data extraction with XSS Auditor.
  - CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
* Drop unneeded patches,
    safe-browsing-sigbus.patch
    dont-assume-cross-compile-on-arm.patch
    struct-siginfo.patch
    ld-memory-32bit.patch
    dlopen_sonamed_gl.patch
* Temporarily disable webapps patches.
* Update arm-neon patch, format-flag patch, search-credit patch,
  title-bar-system-default patch.
* Make get-orig-source nicer. Package tarball contents from upstream
  correctly.
* Reenable dyn-linking of major components of chromium for 32-bit machines.
  Fix a libdir path bug in debian/chromium-browser.sh.in .
* No longer try to use system libraries. Generally, Security Team would
  hate bundled libraries because they provide a wide liability, but
  Chromium Project is pretty good about maintaining their bundled-source
  libraries. We can not pull cr-required lib versions forward in older
  Ubuntus, and we can't guarantee all the distro versions of libraries work
  with chromium-browser. The default security policy might be worse. Bundled
  libraries is less work overall.
* Exclude included XDG files even if they are built.
* Use NEON instructions on ARM, optionally. This might use run-time checks
  for hardware capability, but even if it doesn't we can add it later.
* Clean up difference checks in debian/rules that make sure that all files
  that the build makes are used in packages, and no longer hide any, and no
  longer consider it an error if some are unused. Treat it as a warning,
  not a fatality.
* Use legible shell instead of make-generated shell in setting the rpath
  in rules.

871. By Chad Miller

* New stable release 27.0.1453.93:
  - CVE-2013-2837: Use-after-free in SVG.
  - CVE-2013-2838: Out-of-bounds read in v8.
  - CVE-2013-2839: Bad cast in clipboard handling.
  - CVE-2013-2840: Use-after-free in media loader.
  - CVE-2013-2841: Use-after-free in Pepper resource handling.
  - CVE-2013-2842: Use-after-free in widget handling.
  - CVE-2013-2843: Use-after-free in speech handling.
  - CVE-2013-2844: Use-after-free in style resolution.
  - CVE-2013-2845: Memory safety issues in Web Audio.
  - CVE-2013-2846: Use-after-free in media loader.
  - CVE-2013-2847: Use-after-free race condition with workers.
  - CVE-2013-2848: Possible data extraction with XSS Auditor.
  - CVE-2013-2849: Possible XSS with drag+drop or copy+paste.
* Drop unneeded patches,
  safe-browsing-sigbus.patch
  dont-assume-cross-compile-on-arm.patch
  struct-siginfo.patch
  ld-memory-32bit.patch
* Update webapps patches.
* Update arm-neon patch, format-flag patch, search-credit patch,
  title-bar-system-default patch.
* Make get-orig-source nicer. Package tarball contents from upstream
  correctly.
* Update webapps patches.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers