lp://qastaging/ubuntu/maverick/chromium-browser
- Get this branch:
- bzr branch lp://qastaging/ubuntu/maverick/chromium-browser
Branch merges
Branch information
Recent revisions
- 26. By Fabien Tassin
-
* Fix the default browser selection on KDE4 by bringing in a fresher
xdg-mime (See http://crbug.com/ 18106) and ship it in the main deb
- add debian/patches/ xdg-utils- update. patch
- update debian/chromium- browser. install
* Set CHROME_DESKTOP in the wrapper to help the default browser
checker (LP: #513133)
- update debian/chromium- browser. sh.in - 25. By Fabien Tassin
-
* New upstream release from the Stable Channel
* Set CHROME_WRAPPER to the real name of the wrapper now that upstream
use its value
- update debian/chromium- browser. sh.in
* Add some apport hooks adding useful information to the bugs
- add debian/apport/ chromium- browser. py
- update debian/chromium- browser. install
* Update the Desktop translations for ast/ca/pt_BR
- update debian/chromium- browser. desktop - 24. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #641699)
This release fixes the following security issues:
- [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
- [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
Mike Belshe of the Chromium development community.
- [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
of MindedSecurity.
* Add some translations for the "Name" field in the desktop file, and fix
some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
See https://wiki.ubuntu. com/Translation s/Wanted/ ChromiumDesktop to
contribute more translations (LP: #631670) - 23. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #638736)
This release fixes the following security issues:
- [50250] High, Use-after-free when using document APIs during parse.
Credit to David Weston of Microsoft + Microsoft Vulnerability Research
(MSVR) and wushi of team 509 (independent discoveries).
- [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
- [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
- [51709] Low, Possible browser assert in cursor handling. Credit to
“magnusmorton”.
- [51919] High, Race condition in console handling. Credit to kuzzcc.
- [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
- [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
- [53930] High, Memory corruption in Khmer handling. Credit to Google
Chrome Security Team (Chris Evans).
- [54006] Low, Failure to prompt for extension history access. Credit to
“adriennefelt”.
* Don't build with PIE on armel for now, it fails to link.
- update debian/rules - 22. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #635949)
This release fixes the following issues/regressions:
- [51727] [52940] Failures when using autocomplete
- [10913] Default search engine settings wiped out
- [1906] Shift reload not working
* Build with the Hardening Wrapper (to gain PIE), adding another layer of
protection (See https://wiki.ubuntu. com/Security/ HardeningWrappe r)
- update debian/control
- update debian/rules
* On Armel, when checking for armv7, also test for Maverick version
- update debian/rules - 21. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #628924)
This release fixes the following security issues:
- [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
Google Chrome Security Team (Inferno) and “ironfist99”.
- [37201] Medium, URL bar visual spoofing with homographic sequences.
Credit to Chris Weber of Casaba Security.
- [41654] Medium, Apply more restrictions on setting clipboard content.
Credit to Brook Novak.
- [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
the Google Security Team.
- [45876] Medium, Possible installed extension enumeration. Credit to
Lostmon.
- [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
and Keith Campbell.
- [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
Glazunov.
- [50839] High, Notification permissions memory corruption. Credit to
Michal Zalewski of the Google Security Team and Google Chrome Security
Team (SkyLined).
- [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
Campbell and Google Chrome Security Team (Cris Neckar).
- [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
- [51727] Low, Avoid storing excessive autocomplete entries. Credit to
Google Chrome Security Team (Inferno).
- [52443] High, Stale pointer in focus handling. Credit to VUPEN
Vulnerability Research Team (VUPEN-SR-2010- 249).
- [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
- [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
* Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
is installed, the set of usable codecs (at runtime) will still vary.
This is now done by setting proprietary_codecs= 1 so we can drop our patch
- update debian/rules
- drop debian/patches/ html5_video_ mimetypes. patch
- update debian/patches/ series
* Bump the Dependencies on chromium-codecs- ffmpeg to >= 0.6, needed for the new API
- update debian/control
* Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
This is needed for Cloud Printing
- update debian/control
* Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_ FILES and
DumpRenderTree_resources/ to INSTALL_ EXCLUDE_ DIRS
- update debian/rules
* Install resources.pak in the main deb, and remove all resources/ accordingly
- update debian/chromium- browser. install
* Add libgnome-keyring- dev to Build-Depends. This is needed for the GNOME
Keyring and KWallet integration. See http://crbug.com/ 12351
- update debian/control
* Ship empty policy dirs (for now) in /etc/chromium-browser/ policies
- update debian/rules
- update debian/chromium- browser. dirs
* Bump build-deps for gyp to >= 0.1~svn837
- update debian/control
* Drop the icedtea6-plugin workaround, it's no longer needed and it may cause
troubles when the default xulrunner contains older nss/nspr libs
- update debian/chromium- browser. sh.in - 20. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #622823)
This release fixes the following security issues:
- [45400] Critical, Memory corruption with file dialog. Credit to Sergey
Glazunov.
- [49596] High, Memory corruption with SVGs. Credit to wushi of team509.
- [49628] High, Bad cast with text editing. Credit to wushi of team509.
- [49964] High, Possible address bar spoofing with history bug. Credit to
Mike Taylor.
- [50515] [51835] High, Memory corruption in MIME type handling. Credit to
Sergey Glazunov.
- [50553] Critical, Crash on shutdown due to notifications bug. Credit to
Sergey Glazunov.
- [51146] Medium, Stop omnibox autosuggest if the user might be about to
type a password. Credit to Robert Hansen.
- [51654] High, Memory corruption with Ruby support. Credit to kuzzcc.
- [51670] High, Memory corruption with Geolocation support. Credit to
kuzzcc.
* Add the xul libdir to LD_LIBRARY_PATH in the wrapper to help icedtea6-plugin
(LP: #529242). This is needed at least for openjdk-6 6b18.
- update debian/chromium- browser. sh
* No longer use tar --lzma in get-orig-source now that it silently uses xz
(since tar 1.23-2) which is not available in the backports. Use "tar | lzma"
instead so the embedded tarball is always a lzma file
- update debian/rules
* Tweak the user agent to include Chromium and the Distro's name and version.
- add debian/patches/ chromium_ useragent. patch.in
- update debian/patches/ series
- update debian/rules
* Fix a typo in the subst_files rule
- update debian/rules
* Fix a gyp file that triggers an error with newer gyp (because of dead code)
- add debian/patches/ drop_unused_ rules_to_ please_ newer_gyp. patch
- update debian/patches/ series
* Bump gyp Build-Depends to >= 0.1~svn810 to match upstream requirement
- update debian/control - 19. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #612109)
This release fixes the following security issues:
- [42736] Medium Memory contents disclosure in layout code. Credit to
Michail Nikolaev.
- [43813] High Issue with large canvases. Credit to sp3x of
SecurityReason.com.
- [47866] High Memory corruption in rendering code. Credit to Jose A.
Vazquez.
- [48284] High Memory corruption in SVG handling. Credit to Aki Helin of
OUSPG.
- [48597] Low Avoid hostname truncation and incorrect eliding. Credit to
Google Chrome Security Team (Inferno).
* lsb_release is slow so try to source the static file /etc/lsb-release
instead, and fallback to lsb_release if we didn't get the information we need
for about:version (LP: #608253). Thanks to pitti for the idea.
- update debian/chromium- browser. sh.in - 18. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #602142)
This release fixes the following security issues:
- [42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome
Security Team (SkyLined).
- [42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to
sirdarckcat of Google Security Team.
- [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of
OUSPG; wushi of team509.
- [44424] High Memory corruption in bidi algorithm. Credit to wushi of
team509.
- [45164] Low Crash with invalid image. Credit to Jose A. Vazquez.
- [45983] High Memory corruption with invalid PNG (libpng bug). Credit to
Aki Helin of OUSPG.
- [46360] High Memory corruption in CSS style rendering. Credit to wushi of
team509.
- [46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.
- [47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG. - 17. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #598913)
Fixes the following security issues:
- [38105] Medium XSS via application/json response (regression). Credit to
Ben Davis for original discovery and Emanuele Gentili for regression
discovery.
- [43322] Medium Memory error in video handling. Credit to Mark Dowd under
contract to Google Chrome Security Team.
- [43967] High Subresource displayed in omnibox loading. Credit to Michal
Zalewski of Google Security Team.
- [45267] High Memory error in video handling. Credit to Google Chrome
Security Team (Cris Neckar).
- [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo
Marcos of SECFORCE.
* Drop the XLIB_SKIP_ARGB_VISUALS workaround now that the rgba patch has
been backed off from gtk2 (LP: #584959)
- update debian/chromium- browser. sh
* Show in about:version and in the About UI when chromium is running on a different
distribution that it has been built on
- udpate debian/rules
- rename and update debian/chromium- browser. sh => debian/ chromium- browser. sh.in
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/natty/chromium-browser