[Pkg-chromium-commit] chromium-browser/chromium-browser.experimental: 706 merge from sid
Giuseppe Iuculano
iuculano at debian.org
Fri Feb 18 16:29:37 UTC 2011
Branch name: chromium-browser/chromium-browser.experimental
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.experimental
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 706
Revision Id: iuculano at debian.org-20110218162937-n26424vbnzdsz0bk
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : merge from sid
[ Giuseppe Iuculano ]
* New stable version:
- [67234] High Stale pointer in animation event handling. Credit to Rik
Cabanier.
- [68120] High Use-after-free in SVG font faces. Credit to miaubiz.
- [69556] High Stale pointer with anonymous block handling. Credit to
Martin Barbella.
- [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill
Budge of Google.
- [70456] Medium Possible failure to terminate process on out-of-memory
condition. Credit to David Warren of CERT/CC.
[ Daniel Echeverry ]
* Fixed FTBFS caused by nspr.patch (Closes: #612618)
* New stable version:
- [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG
- [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to
Google Chrome Security Team (SkyLined) and the Google Security Team
(Michal Zalewski, David Bloom).
- [62791] Low Browser crash with extension with missing key. Credit to Brian
Kirchoff.
- [65669] Low Handle merging of autofill profiles more gracefully. Credit to
Google Chrome Security Team (Inferno).
- [68244] Low Browser crash with bad volume setting. Credit to Matthew
Heidermann.
- [69195] Critical Race condition in audio handling. Credit to the gamers of
Reddit!
[ Giuseppe Iuculano ]
* New beta version.
* Added a README.Debian and warn about downgrading (Closes: #605548)
* honor DEB_BUILD_OPTIONS=nocheck, thanks to Jonathan Nieder
(Closes: #589653)
* Avoid "cannot access" messagges when using ffmpeg internal copy. Thanks to
Jonathan Nieder. (Closes: #589563)
* Refreshed patches.
* Build against libv8
* Use libicu system headers
* Use system glew
* Use system xdg-utils
* Build-depends on libv8-dev >= 2.5.9
* Update translations in Desktop file. Thanks to the Ubuntu translation team.
* Upload to unstable
[ Fabien Tassin ]
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
* Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
entry of the desktop file
* Set CHROME_WRAPPER to the real name of the wrapper now that upstream
use its value
* Set CHROME_DESKTOP in the wrapper to help the default browser
checker (LP: #513133)
[ Daniel Echeverry ]
* Updated copyright file to DEP5. Closes: #580784
* Backported security patches from stable:
- High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
- High Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
- High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
- High Stale pointer with SVG use element. Credited anonymously; plus
indepdent discovery by miaubiz.
- High Vorbis decoder buffer overflows. Credit to David Warren of CERT.
- High Bad cast in anchor handling. Credit to Sergey Glazunov.
- High Bad cast in video handling. Credit to Sergey Glazunov.
- High Stale rendering node after DOM node removal. Credit to Martin
Barbella; plus independent discovery by Google Chrome Security Team
(SkyLined).
* Backported security patches from stable:
- [64-bit Linux only] High Bad validation for message deserialization on
64-bit builds. Credit to Lei Zhang of the Chromium development community.
- Low Browser crash with NULL pointer in web worker handling. Credit to
Nathan Weizenbaum of Google.
- Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
- High Stale pointers in cursor handling. Credit to Sławomir Błażek and
Sergey Glazunov.
* Backported security patches from stable:
- Medium Cross-origin video theft with <canvas>. Credit to Nirankush
Panchbhai and Microsoft Vulnerability Research (MSVR).
- High Use after free in history handling. Credit to Stefan Troger.
- Medium Make sure the “dangerous file types” list is uptodate with the
Windows platforms. Credit to Billy Rios of the Google Security Team.
- High Crash due to bad indexing with malformed video. Credit to miaubiz.
- High Use after free with SVG animations. Credit to Sławomir Błażek.
- Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
* Added the missing changelog credit for the 5.0.375.29~r46008-1 revision.
Obviously this was not a "stealing" as foolishly written by Fabien Tassin
in a blog rant, but was a bad debian/changelog merge.
* Backported security patches from stable:
- High Use-after-free in text editing. Credit to David Bloom of the Google
Security Team, Google Chrome Security Team (Inferno) and Google Chrome
Security Team (Cris Neckar).
- High Memory corruption with enormous text area. Credit to wushi of
team509.
- High Bad cast with the SVG use element. Credit to the kuzzcc.
- High Use-after-free in text control selections. Credit to "vkouchna".
- High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
- High Bad use of destroyed frame object. Credit to various developers,
including "gundlach".
- High Type confusions with event objects. Credit to "fam.lam" and Google
Chrome Security Team (Inferno).
- High Out-of-bounds array access in SVG handling. Credit to wushi of
team509.
* New stable microrelease.
* Allow to choose whether links are opened in a new link or new tab.
(Closes: #581391) Thanks to Sam Morris
* Backported security patches:
- Medium Possible autofill / autocomplete profile spamming. Credit to
Google Chrome Security Team (Inferno).
- High Crash with forms. Credit to the Chromium development community.
- Critical Browser crash with form autofill. Credit to the Chromium
development community.
- High Possible URL spoofing on page unload. Credit to kuzzcc; plus
independent discovery by Jordi Chancel.
- High Possible memory corruption with animated GIF. Credit to Simon Schaak.
- High Failure to sandbox worker processes on Linux. Credit to Google
Chrome Security Team (Chris Evans).
- High Stale elements in an element map. Credit to Michal Zalewski of the
Google Security Team.
[Giuseppe Iuculano]
* New upstream release from the Beta Channel
* Fixed a typo in the maintainer field
- update debian/control
* Removed ubuntu_dont_overwrite_default_download_directory.patch, the default
download location can be set via the options dialog
- update debian/patches/series
- removed ubuntu_dont_overwrite_default_download_directory.patch
* use dh_install --list-missing
- update debian/rules
* Updated VCS control field, at this moment is a private branch on launchpad
- update debian/control
* Updated debian/copyright and fixed glitches pointed out by ftpmaster
- update debian/copyright
- update debian/copyright.problems
* Added a strict depend in chromium-browser-inspector
- update debian/control
[ Fabien Tassin ]
--------------------------------------------------------
** Added :
- debian/README.Debian
- debian/patches/icu.patch
** Modified :
- debian/changelog
- debian/chromium-browser.desktop
- debian/chromium-browser.docs
- debian/chromium-browser.sh.in
- debian/chromium-browser.xml
- debian/control
- debian/copyright
- debian/patches/glew.patch
- debian/patches/nspr.patch
- debian/patches/series
- debian/patches/system-speech.patch
- debian/patches/system_v8.patch
- debian/patches/vpx.patch
- debian/rules
-------------- next part --------------
Diff too large for email (31949 lines, the limit is 100).
More information about the Pkg-chromium-commit
mailing list