lp://qastaging/ubuntu/natty/chromium-browser
- Get this branch:
- bzr branch lp://qastaging/ubuntu/natty/chromium-browser
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 39. By Fabien Tassin
-
* New upstream minor release from the Stable Channel (LP: #762275)
This release fixes the following security issues:
- [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
Credit to Google Chrome Security Team (Inferno).
- [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
to Christoph Diehl.
* Make the default mail client and browser settings work with the
x-scheme-handler method of registering URI handlers in gnome3.
This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
<email address hidden>, itself based on Bastien Nocera <email address hidden>
upstream fix (LP: #670128)
- add debian/patches/ xdg-utils_ gnome3_ lp670128_ for_natty. patch
- update debian/patches/ series
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
called from apport/ubuntu-bug (LP: #759635)
- update debian/apport/ chromium- browser. py
* Report a dedicated WMClass per webapp, needed by Unity/bamf.
(backported from trunk) (LP: #692462)
- add debian/patches/ webapps- wm-class- lp692462. patch
- update debian/patches/ series - 38. By Fabien Tassin
-
* NaCL may be blacklisted, so only include it when it's actually been
built (fixes the ftbfs on arm) (LP: #745854)
- update debian/rules
- update debian/chromium- browser. install
* Harden the apport hooks in the extensions section
- update debian/apport/ chromium- browser. py - 37. By Fabien Tassin
-
* New upstream minor release from the Stable Channel (LP: #742118)
This release fixes the following security issues:
+ Webkit bugs:
- [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
to Sławomir Błażek.
- [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
to Sergey Glazunov.
- [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
Sergey Glazunov.
- [74991] High, CVE-2011-1295: DOM tree corruption with broken node
parentage. Credit to Sergey Glazunov.
- [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
to Sergey Glazunov.
+ Chromium bugs:
- [72517] High, CVE-2011-1291: Buffer error in base string handling.
Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
preventing a SIGILL crash on some boards (LP: #735877)
- update debian/control
* Install libppGoogleNaClPluginChrome. so (LP: #738331)
- update debian/rules
- update debian/chromium- browser. install - 36. By Fabien Tassin
-
* New upstream security release from the Stable Channel (LP: #733514)
+ Webkit:
- CVE-2011-1290 [75712] High, Memory corruption in style handling. Credit
to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
through ZDI. - 35. By Fabien Tassin
-
* New upstream major release from the Stable Channel (LP: #731520)
It includes:
- New version of V8 - Crankshaft - which greatly improves javascript
performance
- New settings pages that open in a tab, rather than a dialog box
- Improved security with malware reporting and disabling outdated plugins
by default
- Password sync as part of Chrome Sync now enabled by default
- GPU Accelerated Video
- Background WebApps
- webNavigation extension API
This release also fixes the following security issues:
+ Webkit bugs:
- [42574] [42765] Low, Possible to navigate or close the top location in
a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
- [69628] High, Memory corruption with counter nodes. Credit to Martin
Barbella.
- [70027] High, Stale node in box layout. Credit to Martin Barbella.
- [70336] Medium, Cross-origin error message leak with workers. Credit to
Daniel Divricean.
- [70442] High, Use after free with DOM URL handling. Credit to Sergey
Glazunov.
- [70779] Medium, Out of bounds read handling unicode ranges. Credit to
miaubiz.
- [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
Silva.
- [71763] High, Use-after-free in document script lifetime handling.
Credit to miaubiz.
- [72028] High, Stale pointer in table painting. Credit to Martin
Barbella.
- [73066] High, Crash with the DataView object. Credit to Sergey
Glazunov.
- [73134] High, Bad cast in text rendering. Credit to miaubiz.
- [73196] High, Stale pointer in WebKit context code. Credit to Sergey
Glazunov.
- [73746] High, Stale pointer with SVG cursors. Credit to Sergey
Glazunov.
- [74030] High, DOM tree corruption with attribute handling. Credit to
Sergey Glazunov.
+ Chromium bugs:
- [49747] Low, Work around an X server bug and crash with long messages.
Credit to Louis Lang.
- [66962] Low, Possible browser crash with parallel print()s. Credit to
Aki Helin of OUSPG.
- [69187] Medium, Cross-origin error message leak. Credit to Daniel
Divricean.
- [70877] High, Same origin policy bypass in v8. Credit to Daniel
Divricean.
+ v8:
- [74662] High, Corruption via re-entrancy of RegExp code. Credit to
Christian Holler.
- [74675] High, Invalid memory access in v8. Credit to Christian Holler.
+ ffmpeg:
- [71788] High, Out-of-bounds write in the OGG container. Credit to
Google Chrome Security Team (SkyLined); plus subsequent independent
discovery by David Weston of Microsoft and MSVR.
- [73026] High, Use of corrupt out-of-bounds structure in video code.
Credit to Tavis Ormandy of the Google Security Team.
+ libxslt:
- [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
- update debian/rules
- update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
on maverick and natty
- update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
- update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
- update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
or git directories to be available at build time)
- add debian/patches/ webkit_ rev_parser. patch
- update debian/patches/ series - 34. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #726895)
This release fixes the following security issues:
+ Webkit bugs:
- [54262] High, URL bar spoof with history interaction. Credit to Jordi
Chancel.
- [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
- [68741] High, Stale pointer with key frame rule. Credit to Sergey
Glazunov.
- [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
- [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
- [71114] High, Stale node in table child handling. Credit to Martin
Barbella.
- [71115] High, Stale pointer in table rendering. Credit to Martin
Barbella.
- [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
- [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
- [71388] High, Crash in textarea handling. Credit to wushi of team509.
- [71595] High, Stale pointer in device orientation. Credit to Sergey
Glazunov.
- [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
- [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
Security Team (Inferno).
- [73235] High, Stale pointer in layout. Credit to Martin Barbella.
+ Chromium bugs:
- [63732] High, Crash with javascript dialogs. Credit to Sergey
Radchenko.
- [64-bit only] [70376] Medium, Out-of-bounds read in pickle
deserialization. Credit to Evgeniy Stepanov of the Chromium development
community.
- [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
- [72214] High, Accidental exposure of internal extension functions.
Credit to Tavis Ormandy of the Google Security Team.
- [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
Silva.
* Bump the lang-pack package from Suggests to Recommends (LP: #689267)
- update debian/control
* Disable PIE on Armel/Lucid (LP: #716703)
- update debian/rules
* Add the disk usage to the Apport hooks
- update debian/apport/ chromium- browser. py
* Drop gyp from Build-Depends, use in-source gyp instead
- update debian/control
* Merge back the ffmpeg codecs (from the chromium-codecs- ffmpeg source package)
- update debian/rules
- update debian/control
- add debian/chromium- codecs- ffmpeg- extra.install
- add debian/chromium- codecs- ffmpeg. install - 33. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #715357)
This release fixes the following security issues:
- [67234] High, Stale pointer in animation event handling. Credit to Rik
Cabanier.
- [68120] High, Use-after-free in SVG font faces. Credit to miaubiz.
- [69556] High, Stale pointer with anonymous block handling. Credit to
Martin Barbella.
- [69970] Medium, Out-of-bounds read in plug-in handling. Credit to Bill
Budge of Google.
- [70456] Medium, Possible failure to terminate process on out-of-memory
condition. Credit to David Warren of CERT/CC.
* Update the gl dlopen patch to search for libGLESv2.so.2 instead of .1
- update debian/patches/ dlopen_ sonamed_ gl.patch - 32. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #712655)
This release fixes the following security issues:
- [55831] High, Use-after-free in image loading. Credit to Aki Helin of
OUSPG.
- [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
to Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low, Browser crash with extension with missing key. Credit to
Brian Kirchoff.
- [65669] Low, Handle merging of autofill profiles more gracefully. Credit
to Google Chrome Security Team (Inferno).
- [68244] Low, Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical, Race condition in audio handling. Credit to the gamers
of Reddit!
* Add the app/resources/app_strings. grd template to the list
of templates translated in Launchpad
- update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
- remove debian/patches/ gcc-4.5- build-workaroun d.patch
- update debian/patches/ series
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
now done in the upstream gyp files
- update debian/control
- update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
to execute mouse and keyboard events
- update debian/control
* Remove GNOME_DESKTOP_SESSION_ ID from the Apport report, it's useless
- update debian/apport/ chromium- browser. py
* Add a system to enable/disable distribution specific patches from the quilt
series
- add debian/enable- dist-patches. pl
- update debian/rules
* Disable the gtk resize grip on Natty (LP: #703451)
Original patch by Cody Russell <email address hidden>, ported to v9
- add debian/patches/ disable_ gtk_resize_ grip_on_ natty.patch
- update debian/patches/ series
* Fix the libgnutls dlopen to look for the sonamed lib
- add debian/patches/ dlopen_ libgnutls. patch
- update debian/patches/ series
* Fix the libosmesa/libGLESv2/ libEGL dlopen() to look for the sonamed libs.
This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
the libosmesa6 package are installed
- add debian/patches/ dlopen_ sonamed_ gl.patch
- update debian/patches/ series - 31. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #702542)
This release fixes the following security issues:
- [58053] Medium, Browser crash in extensions notification handling. Credit
to Eric Roman of the Chromium development community.
- [65764] High, Bad pointer handling in node iteration. Credit to Sergey
Glazunov.
- [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
- [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
- [67303] High, Bad memory access with mismatched video frame sizes. Credit
to Aki Helin of OUSPG; plus independent discovery by Google Chrome
Security Team (SkyLined) and David Warren of CERT.
- [67363] High, Stale pointer with SVG use element. Credited anonymously;
plus indepdent discovery by miaubiz.
- [67393] Medium, Uninitialized pointer in the browser triggered by rogue
extension. Credit to kuzzcc.
- [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
CERT.
- [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
- [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
- [68439] High, Stale rendering node after DOM node removal. Credit to
Martin Barbella; plus independent discovery by Google Chrome Security
Team (SkyLined).
- [68666] Critical, Stale pointer in speech handling. Credit to Sergey
Glazunov.
* Add the chrome/app/policy/ policy_ templates. grd template to the list
of templates translated in Launchpad
- update debian/rules
* Add Basque and Galician to the list of supported langs for the lang-packs
(translations from Launchpad/Rosetta)
- update debian/rules - 30. By Fabien Tassin
-
* New upstream release from the Stable Channel (LP: #689849)
This release fixes the following security issues:
- [64-bit Linux only] [56449] High Bad validation for message
deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium
development community.
- [60761] Medium, Bad extension can cause browser crash in tab handling.
Credit to kuzzcc.
- [63529] Low, Browser crash with NULL pointer in web worker handling.
Credit to Nathan Weizenbaum of Google.
- [63866] Medium, Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
- [64959] High, Stale pointers in cursor handling. Credit to Sławomir
Błażek and Sergey Glazunov.
* Don't build with PIE on Natty/armel, for the same reason as for Maverick
- update debian/rules
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://qastaging/ubuntu/oneiric/chromium-browser