chromium-browser 24.0.1312.56-0ubuntu1 source package in Ubuntu
Changelog
chromium-browser (24.0.1312.56-0ubuntu1) raring-proposed; urgency=low
* Add comment-markers to debian/patches/series file to make patch import
easier.
* debian/patches/gyp-config-root.patch
- Added. Avoids compilation bug on (at least) ARM.
* debian/patches/arm-neon.patch
- Added function to determine NEON functionality in ARM at runtime for
WebRt library in WebKit.
* Update README.source to include some of these changes.
* Set new URL for channel-release info in rules file.
* debian/chromium-browser.install
- No longer install demo extension
- Install remoting locales
* debian/patches/chromium_useragent.patch.in renamed to drop ".in",
OS "Ubuntu" hardcoded with no compilation-release name, and patch
refreshed to follow new location of source. Also remove it
from the list of ephemeral files that "clean" rule removes.
* In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;",
to be safer and faster.
* Make most patches follow a common format (no timestamps or Index lines), to
avoid future churn.
* Write the "REMOVED" list files to the root of the orig tarball,
instead of inside the src/ directory, where they could collide.
* Fix dpkg-source warning: Clean up python cached bytecode files.
* Also don't include python bytecode or cache files in orig tarball,
and clean then up on "clean" rule.
* Fix dpkg-source warning: Remove autoconf cache.
* Fix lintian warning: fta and micahg to XSBC-Original-Maintainer.
* Fix lintian error not-binnmuable-all-depends-any.
* Override lintian complaints ancient-autotools-helper-file and
unused-build-dependency-on-cdbs.
* Drop "lzma" from build dependencies.
* Set default binary and source package compression to xz. If
building for Ubuntu 10.04, then make binary's compression to bzip2.
* List explicit architectures that Chromium supports, instead of "any".
Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}.
* debian/patches/arm-neon.patch added to get ARM w/o Neon support.
(LP: #1084852)
* Add chromedriver packaging. (LP: #1069930) Thanks to
John Rigby <email address hidden>
* In debian/rules, avoid creating invalid subst expression in sed
of DEBIAN* vars into files.
* Note localization in package description for support for ast, bs, en-AU,
eo, hy, ia, ka, ku, kw, ms.
* No longer include Launchpad-generated translations. Disable patch
grd_parse_fix.patch .
* Set default binary and source package compression to xz. If
building for Ubuntu 10.04, then make binary's compression to bzip2.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
(quilt)".
* Remove unnecessary glib-header-single-entry.patch .
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
gyp-chromium run from DEPS. Never fail silently again.
* Add patches/struct-siginfo.patch to work around source bug in dereferencing
internal stuct instead of public type.
* Drop SCM revision from the version.
* Refresh patches from lp:unity-chromium-extension .
* Make all patches follow a common format, to avoid future churn.
No timestamps, a/b parent, sorted, no index.
* New upstream version 24.0.1312.56:
- CVE-2013-0839: Use-after-free in canvas font handling.
- CVE-2013-0840: Missing URL validation when opening new windows.
- CVE-2013-0841: Unchecked array index in content blocking.
- CVE-2013-0842: Problems with NULL characters embedded in paths.
* New upstream version 24.0.1312.52: (LP: #1099075)
- CVE-2012-5145: Use-after-free in SVG layout. Credit to Atte Kettunen of
OUSPG.
- CVE-2012-5146: Same origin policy bypass with malformed URL. Credit to
Erling A Ellingsen and Subodh Iyengar, both of Facebook.
- CVE-2012-5147: Use-after-free in DOM handling. Credit to José A. Vázquez.
- CVE-2012-5148: Missing filename sanitization in hyphenation support.
Credit to Google Chrome Security Team (Justin Schuh).
- CVE-2012-5149: Integer overflow in audio IPC handling. Credit to Google
Chrome Security Team (Chris Evans).
- CVE-2012-5150: Use-after-free when seeking video. Credit to Google Chrome
Security Team (Inferno).
- CVE-2012-5151: Integer overflow in PDF JavaScript. Credit to Mateusz
Jurczyk, with contribution from Gynvael Coldwind, both of Google Security
Team.
- CVE-2012-5152: Out-of-bounds read when seeking video. Credit to Google
Chrome Security Team (Inferno).
- CVE-2012-5153: Out-of-bounds stack access in v8. Credit to Andreas
Rossberg of the Chromium development community.
- CVE-2012-5156: Use-after-free in PDF fields. Credit to Mateusz Jurczyk,
with contribution from Gynvael Coldwind, both of Google Security Team.
- CVE-2012-5157: Out-of-bounds reads in PDF image handling. Credit to
Mateusz Jurczyk, with contribution from Gynvael Coldwind, both of Google
Security Team.
- CVE-2013-0828: Bad cast in PDF root handling. Credit to Mateusz Jurczyk,
with contribution from Gynvael Coldwind, both of Google Security Team.
- CVE-2013-0829: Corruption of database metadata leading to incorrect file
access. Credit to Google Chrome Security Team (Jüri Aedla).
- CVE-2013-0830: Missing NUL termination in IPC. Credit to Google Chrome
Security Team (Justin Schuh).
- CVE-2013-0831: Possible path traversal from extension process. Credit to
Google Chrome Security Team (Tom Sepez).
- CVE-2013-0832: Use-after-free with printing. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0833: Out-of-bounds read with printing. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0834: Out-of-bounds read with glyph handling. Credit to Google
Chrome Security Team (Cris Neckar).
- CVE-2013-0835: Browser crash with geolocation. Credit to Arthur Gerkis.
- CVE-2013-0836: Crash in v8 garbage collection. Credit to Google Chrome
Security Team (Cris Neckar).
- CVE-2013-0837: Crash in extension tab handling. Credit to Tom Nielsen.
- CVE-2013-0838: Tighten permissions on shared memory segments. Credit to
Google Chrome Security Team (Chris Palmer).
* New upstream version 23.0.1271.97
- CVE-2012-5139: Use-after-free with visibility events.
- CVE-2012-5140: Use-after-free in URL loader.
- CVE-2012-5141: Limit Chromoting client plug-in instantiation.
- CVE-2012-5142: Crash in history navigation.
- CVE-2012-5143: Integer overflow in PPAPI image buffers.
- CVE-2012-5144: Stack corruption in AAC decoding.
* New upstream version 23.0.1271.95
- CVE-2012-5138: Incorrect file path handling.
- CVE-2012-5137: Use-after-free in media source handling.
* New upstream version 23.0.1271.91
- CVE-2012-5133: Use-after-free in SVG filters.
- CVE-2012-5130: Out-of-bounds read in Skia.
- CVE-2012-5132: Browser crash with chunked encoding.
- CVE-2012-5134: Buffer underflow in libxml.
- CVE-2012-5135: Use-after-free with printing.
- CVE-2012-5136: Bad cast in input element handling.
* Includes CVE fixes for 23.0.1271.64
- CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
handling.
- CVE-2012-5120: Out-of-bounds array access in v8.
- CVE-2012-5116: Use-after-free in SVG filter handling.
- CVE-2012-5121: Use-after-free in video layout.
- CVE-2012-5117: Inappropriate load of SVG subresource in img context.
- CVE-2012-5119: Race condition in Pepper buffer handling.
- CVE-2012-5122: Bad cast in input handling.
- CVE-2012-5123: Out-of-bounds reads in Skia.
- CVE-2012-5124: Memory corruption in texture handling.
- CVE-2012-5125: Use-after-free in extension tab handling.
- CVE-2012-5126: Use-after-free in plug-in placeholder handling.
- CVE-2012-5128: Bad write in v8.
* Disable lintian warnings about outdated autoconf files in source tree.
-- Chad Miller <email address hidden> Wed, 23 Jan 2013 13:43:34 -0500
Upload details
- Uploaded by:
- Chad Miller
- Sponsored by:
- Jamie Strandboge
- Uploaded to:
- Raring
- Original maintainer:
- Ubuntu Developers
- Architectures:
- armhf armel i386 amd64 all
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| chromium-browser_24.0.1312.56.orig.tar.xz | 309.4 MiB | 03506562d70892230772f3dc29b2c28782764854ee4766ea639f4afcc2ffc689 |
| chromium-browser_24.0.1312.56-0ubuntu1.debian.tar.gz | 234.1 KiB | 2d6a0e61e35a90cd4532dedd6a7e600f21150cfffdebae2b3fff1fc1fab2f518 |
| chromium-browser_24.0.1312.56-0ubuntu1.dsc | 3.2 KiB | 1b62d36bdb9e777b8ee75f72038fad5f0eb561aff54a6490d59d9879cfeff914 |
Available diffs
Binary packages built by this source
- chromium-browser: No summary available for chromium-browser in ubuntu raring.
No description available for chromium-browser in ubuntu raring.
- chromium-browser-dbg: No summary available for chromium-browser-dbg in ubuntu raring.
No description available for chromium-
browser- dbg in ubuntu raring.
- chromium-browser-l10n: No summary available for chromium-browser-l10n in ubuntu raring.
No description available for chromium-
browser- l10n in ubuntu raring.
- chromium-chromedriver: No summary available for chromium-chromedriver in ubuntu raring.
No description available for chromium-
chromedriver in ubuntu raring.
- chromium-codecs-ffmpeg: No summary available for chromium-codecs-ffmpeg in ubuntu raring.
No description available for chromium-
codecs- ffmpeg in ubuntu raring.
- chromium-codecs-ffmpeg-dbg: No summary available for chromium-codecs-ffmpeg-dbg in ubuntu raring.
No description available for chromium-
codecs- ffmpeg- dbg in ubuntu raring.
- chromium-codecs-ffmpeg-extra: No summary available for chromium-codecs-ffmpeg-extra in ubuntu raring.
No description available for chromium-
codecs- ffmpeg- extra in ubuntu raring.
- chromium-codecs-ffmpeg-extra-dbg: No summary available for chromium-codecs-ffmpeg-extra-dbg in ubuntu raring.
No description available for chromium-
codecs- ffmpeg- extra-dbg in ubuntu raring.
