Chromium Browser

lp://staging/~chromium-team/chromium-browser/chromium-browser.stable

Created by Fabien Tassin and last modified
Get this branch:
bzr branch lp://staging/~chromium-team/chromium-browser/chromium-browser.stable
Members of Chromium team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Chromium team
Project:
Chromium Browser
Status:
Development

Recent revisions

679. By Micah Gersten

releasing version 18.0.1025.162~r131933-0ubuntu1~ucd

678. By Micah Gersten

New upstream release from the Stable Channel

677. By Micah Gersten

(merge from chromium-browser.precise)

* New upstream release from the Stable Channel (LP: #977502)
  - black screen on Hybrid Graphics system with GPU accelerated compositing
    enabled (Issue: 117371)
  - CSS not applied to <content> element (Issue: 114667)
  - Regression rendering a div with background gradient and borders
    (Issue: 113726)
  - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
  - Multiple crashes (Issues: 72235, 116825 and 92998)
  - Pop-up dialog is at wrong position (Issue: 116045)
  - HTML Canvas patterns are broken if you change the transformation matrix
    (Issue: 112165)
  - SSL interstitial error "proceed anyway" / "back to safety" buttons don't
    work (Issue: 119252)
  This release fixes the following security issues:
  - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
    Credit to miaubiz.
  - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
    Sergey Glazunov.
  - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
    miaubiz.
  - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
    to miaubiz.
  - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
    Google Chrome Security Team (SkyLined).
  - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
    to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
  - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
    window. Credit to Sergey Glazunov.
  - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
    Credit to Arthur Gerkis.
  - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
    to Sławomir Błażek.
  - [119525] High CVE-2011-3075: Use-after-free applying style command.
    Credit to miaubiz.
  - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
    miaubiz.
  - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
    to Google Chrome Security Team (Inferno).

676. By Micah Gersten

(merge 18.0.1025.142~r129054 from chromium-browser.precise)

* New upstream release from the Stable Channel (LP: #968901)
  This release fixes the following security issues:
  - [109574] Medium CVE-2011-3058: Bad interaction possibly leading to XSS in
    EUC-JP. Credit to Masato Kinugawa.
  - [112317] Medium CVE-2011-3059: Out-of-bounds read in SVG text handling.
    Credit to Arthur Gerkis.
  - [114056] Medium CVE-2011-3060: Out-of-bounds read in text fragment
    handling. Credit to miaubiz.
  - [116398] Medium CVE-2011-3061: SPDY proxy certificate checking error.
    Credit to Leonidas Kontothanassis of Google.
  - [116524] High CVE-2011-3062: Off-by-one in OpenType Sanitizer. Credit to
    Mateusz Jurczyk of the Google Security Team.
  - [117417] Low CVE-2011-3063: Validate navigation requests from the renderer
    more carefully. Credit to kuzzcc, Sergey Glazunov, PinkiePie and
    scarybeasts (Google Chrome Security Team).
  - [117471] High CVE-2011-3064: Use-after-free in SVG clipping. Credit to
    Atte Kettunen of OUSPG.
  - [117588] High CVE-2011-3065: Memory corruption in Skia. Credit to Omair.
  - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
    Holler.
* Add build dependency on libudev-dev to allow for gamepad detection; see
  http://code.google.com/p/chromium/issues/detail?id=79050
  - update debian/control
* Drop dlopen_libgnutls patch as it's been implemented upstream
   - drop debian/patches/dlopen_libgnutls.patch
   - update debian/patches/series
* Start removing *.so and *.so.* from the upstream tarball creation
  - update debian/rules
* Strip almost the entire third_party/openssl directory as it's needed only
  on android, but is used by the build system
  - update debian/rules
* Use tar's --exclude-vcs flag instead of just excluding .svn
  - update debian/rules

675. By Micah Gersten

(merge r724 from chromium-browser.precise)

* New upstream release from the Stable Channel (LP: #961831)
  This release fixes the following security issues:
  - [113902] High CVE-2011-3050: Use-after-free with first-letter handling.
    Credit to miaubiz.
  - [116162] High CVE-2011-3045: libpng integer issue from upstream. Credit
    to Glenn Randers-Pehrson of the libpng project.
  - [116461] High CVE-2011-3051: Use-after-free in CSS cross-fade handling.
    Credit to Arthur Gerkis.
  - [116637] High CVE-2011-3052: Memory corruption in WebGL canvas handling.
    Credit to Ben Vanik of Google.
  - [116746] High CVE-2011-3053: Use-after-free in block splitting.
    Credit to miaubiz.
  - [117418] Low CVE-2011-3054: Apply additional isolations to webui
    privileges. Credit to Sergey Glazunov.
  - [117736] Low CVE-2011-3055: Prompt in the browser native UI for unpacked
    extension installation. Credit to PinkiePie.
  - [117550] High CVE-2011-3056: Cross-origin violation with “magic iframe”.
    Credit to Sergey Glazunov.
  - [117794] Medium CVE-2011-3057: Invalid read in v8. Credit to Christian
    Holler.

674. By Micah Gersten

(merge from chromium-browser.precise)

* New upstream release from the Stable Channel (LP: #952711)
  This release fixes the following security issue:
  - [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU
    process memory corruption. Credit to PinkiePie.
* New upstream release from the Stable Channel (LP: #950174)
  This release fixes the following security issue:
  - [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation.
    Credit to Sergey Glazunov.
* Add libgles2-mesa-dev build dependency on armhf as well; Hopefully really
  fix LP: #943281; Thanks to Christian Dywan for the tip
  - update debian/control

673. By Micah Gersten

(merge from chromium-browser.precise)

* New upstream release from the Stable Channel (LP: #948749)
  - fixes regression in the DOM [116789]
* Revert manual changes to v8 build system since we're using the gyp flag now
  - update debian/patches/fix-armhf-ftbfs.patch
* Attempt to fix armhf build again (LP: #943281)
  - update debian/rules

672. By Micah Gersten

Merge from chromium-browser.precise

* New upstream release from the Stable Channel (LP: #946914)
  - Cursors and backgrounds sometimes do not load [111218]
  - Plugins not loading on some pages [108228]
  - Text paste includes trailing spaces [106551]
  - Websites using touch controls break [110332]
  This release fixes the following security issues:
  - [105867] High CVE-2011-3031: Use-after-free in v8 element wrapper. Credit
    to Chamal de Silva.
  - [108037] High CVE-2011-3032: Use-after-free in SVG value handling. Credit
    to Arthur Gerkis.
  - [108406] [115471] High CVE-2011-3033: Buffer overflow in the Skia drawing
    library. Credit to Aki Helin of OUSPG.
  - [111748] High CVE-2011-3034: Use-after-free in SVG document handling.
    Credit to Arthur Gerkis.
  - [112212] High CVE-2011-3035: Use-after-free in SVG use handling. Credit to
    Arthur Gerkis.
  - [113258] High CVE-2011-3036: Bad cast in line box handling. Credit to
    miaubiz.
  - [113439] [114924] [115028] High CVE-2011-3037: Bad casts in anonymous
    block splitting. Credit to miaubiz.
  - [113497] High CVE-2011-3038: Use-after-free in multi-column handling.
    Credit to miaubiz.
  - [113707] High CVE-2011-3039: Use-after-free in quote handling. Credit to
    miaubiz.
  - [114054] High CVE-2011-3040: Out-of-bounds read in text handling. Credit
    to miaubiz.
  - [114068] High CVE-2011-3041: Use-after-free in class attribute handling.
    Credit to miaubiz.
  - [114219] High CVE-2011-3042: Use-after-free in table section handling.
    Credit to miaubiz.
  - [115681] High CVE-2011-3043: Use-after-free in flexbox with floats. Credit
    to miaubiz.
  - [116093] High CVE-2011-3044: Use-after-free with SVG animation elements.
    Credit to Arthur Gerkis.
* Fix FTBFS on armhf (LP: #943281)
  - add debian/patches/fix-armhf-ftbfs.patch
  - update debian/patches/series

671. By Micah Gersten

Merge from (chromium-browser.precise up to #709)

* Fix arm specific flags again; Use findstring instead of filter as arm
  isn't the entire build arch name
  - update debian/rules
* Add arm specific flags for arm*, not just armel; This allows building on
  armhf successfully (we hope)
  - update debian/rules
* Change chromium-browser-dbg to Priority: extra, Section: debug per lintian
  - update debian/control
* Fix line endings in debian/copyright per lintian
  - update debian/copyright
* Make copyright file UTF-8 per lintian
  - update debian/copyright
* New upstream release from the Stable Channel (LP: #933262)
  This release fixes the following security issues:
  - [105803] High CVE-2011-3015: Integer overflows in PDF codecs. Credit to
    Google Chrome Security Team (scarybeasts).
  - [106336] Medium CVE-2011-3016: Read-after-free with counter nodes. Credit
    to miaubiz.
  - [108695] High CVE-2011-3017: Possible use-after-free in database handling.
    Credit to miaubiz.
  - [110172] High CVE-2011-3018: Heap overflow in path rendering. Credit to
    Aki Helin of OUSPG.
  - [110849] High CVE-2011-3019: Heap buffer overflow in MKV handling. Credit
    to Google Chrome Security Team (scarybeasts) and Mateusz Jurczyk of the
    Google Security Team.
  - [111575] Medium CVE-2011-3020: Native client validator error. Credit to
    Nick Bray of the Chromium development community.
  - [111779] High CVE-2011-3021: Use-after-free in subframe loading. Credit to
    Arthur Gerkis.
  - [112236] Medium CVE-2011-3022: Inappropriate use of http for translation
    script. Credit to Google Chrome Security Team (Jorge Obes).
  - [112259] Medium CVE-2011-3023: Use-after-free with drag and drop. Credit
    to pa_kt.
  - [112451] Low CVE-2011-3024: Browser crash with empty x509 certificate.
    Credit to chrometot.
  - [112670] Medium CVE-2011-3025: Out-of-bounds read in h.264 parsing. Credit
    to Sławomir Błażek.
  - [112822] High CVE-2011-3026: Integer overflow / truncation in libpng.
    Credit to Jüri Aedla.
  - [112847] High CVE-2011-3027: Bad cast in column handling. Credit to
    miaubiz.
* New upstream release from the Stable Channel (LP: #931905)
  This release fixes the following security issues:
  - [73478] Low CVE-2011-3953: Avoid clipboard monitoring after paste event.
    Credit to Daniel Cheng of the Chromium development community.
  - [92550] Low CVE-2011-3954: Crash with excessive database usage. Credit to
    Collin Payne.
  - [93106] High CVE-2011-3955: Crash aborting an IndexDB transaction. Credit
    to David Grogan of the Chromium development community.
  - [103630] Low CVE-2011-3956: Incorrect handling of sandboxed origins inside
    extensions. Credit to Devdatta Akhawe, UC Berkeley.
  - [104056] High CVE-2011-3957: Use-after-free in PDF garbage collection.
    Credit to Aki Helin of OUSPG.
  - [105459] High CVE-2011-3958: Bad casts with column spans. Credit to
    miaubiz.
  - [106441] High CVE-2011-3959: Buffer overflow in locale handling. Credit to
    Aki Helin of OUSPG.
  - [108416] Medium CVE-2011-3960: Out-of-bounds read in audio decoding.
    Credit to Aki Helin of OUSPG.
  - [108871] Critical CVE-2011-3961: Race condition after crash of utility
    process. Credit to Shawn Goertzen.
  - [108901] Medium CVE-2011-3962: Out-of-bounds read in path clipping. Credit
    to Aki Helin of OUSPG.
  - [109094] Medium CVE-2011-3963: Out-of-bounds read in PDF fax image
    handling. Credit to Atte Kettunen of OUSPG.
  - [109245] Low CVE-2011-3964: URL bar confusion after drag + drop. Credit to
    Code Audit Labs of VulnHunt.com.
  - [109664] Low CVE-2011-3965: Crash in signature check. Credit to Sławomir
    Błażek.
  - [109716] High CVE-2011-3966: Use-after-free in stylesheet error handling.
    Credit to Aki Helin of OUSPG.
  - [109717] Low CVE-2011-3967: Crash with unusual certificate. Credit to Ben
    Carrillo.
  - [109743] High CVE-2011-3968: Use-after-free in CSS handling. Credit to
    Arthur Gerkis.
  - [110112] High CVE-2011-3969: Use-after-free in SVG layout. Credit to
    Arthur Gerkis.
  - [110277] Medium CVE-2011-3970: Out-of-bounds read in libxslt. Credit to
    Aki Helin of OUSPG.
  - [110374] High CVE-2011-3971: Use-after-free with mousemove events. Credit
    to Arthur Gerkis.
  - [110559] Medium CVE-2011-3972: Out-of-bounds read in shader translator.
    Credit to Google Chrome Security Team (Inferno).
* Rebase patch
  - update debian/patches/disable_dlog_and_dcheck_in_release_builds.patch
* Update .install file to just install all .pak files instead of listing them
  by name
  - update debian/chromium-browser.install
* New upstream release from the Stable Channel (LP: #923602, #897389)
  (LP: #914648, #889711)
  This release fixes the following security issues:
  - [106484] High CVE-2011-3924: Use-after-free in DOM selections. Credit to
    Arthur Gerkis.
  - [107182] Critical CVE-2011-3925: Use-after-free in Safe Browsing
    navigation. Credit to Chamal de Silva.
  - [108461] High CVE-2011-3928: Use-after-free in DOM handling. Credit to
    wushi of team509 reported through ZDI (ZDI-CAN-1415).
  - [108605] High CVE-2011-3927: Uninitialized value in Skia. Credit to
    miaubiz.
  - [109556] High CVE-2011-3926: Heap-buffer-overflow in tree builder.
    Credit to Arthur Gerkis.
  This upload also includes the following security fixes from 16.0.912.75:
  - [106672] High CVE-2011-3921: Use-after-free in animation frames. Credit to
    Boris Zbarsky of Mozilla.
  - [107128] High CVE-2011-3919: Heap-buffer-overflow in libxml. Credit to
    Jüri Aedla.
  - [108006] High CVE-2011-3922: Stack-buffer-overflow in glyph handling.
    Credit to Google Chrome Security Team (Cris Neckar).
  This upload also includes the following security fixes from 16.0.912.63:
  - [81753] Medium CVE-2011-3903: Out-of-bounds read in regex matching. Credit
    to David Holloway of the Chromium development community.
  - [95465] Low CVE-2011-3905: Out-of-bounds reads in libxml. Credit to Google
    Chrome Security Team (Inferno).
  - [98809] Medium CVE-2011-3906: Out-of-bounds read in PDF parser. Credit to
    Aki Helin of OUSPG.
  - [99016] High CVE-2011-3907: URL bar spoofing with view-source. Credit to
    Luka Treiber of ACROS Security.
  - [100863] Low CVE-2011-3908: Out-of-bounds read in SVG parsing. Credit to
    Aki Helin of OUSPG.
  - [101010] Medium CVE-2011-3909: [64-bit only] Memory corruption in CSS
    property array. Credit to Google Chrome Security Team (scarybeasts) and
    Chu.
  - [101494] Medium CVE-2011-3910: Out-of-bounds read in YUV video frame
    handling. Credit to Google Chrome Security Team (Cris Neckar).
  - [101779] Medium CVE-2011-3911: Out-of-bounds read in PDF. Credit to Google
    Chrome Security Team (scarybeasts) and Robert Swiecki of the Google
    Security Team.
  - [102359] High CVE-2011-3912: Use-after-free in SVG filters. Credit to
    Arthur Gerkis.
  - [103921] High CVE-2011-3913: Use-after-free in Range handling. Credit to
    Arthur Gerkis.
  - [104011] High CVE-2011-3914: Out-of-bounds write in v8 i18n handling.
    Credit to Sławomir Błażek.
  - [104529] High CVE-2011-3915: Buffer overflow in PDF font handling. Credit
    to Atte Kettunen of OUSPG.
  - [104959] Medium CVE-2011-3916: Out-of-bounds reads in PDF cross
    references. Credit to Atte Kettunen of OUSPG.
  - [105162] Medium CVE-2011-3917: Stack-buffer-overflow in FileWatcher.
    Credit to Google Chrome Security Team (Marty Barbella).
  This upload also includes the following fixes from 15.0.874.121:
  - fix to a regression: SVG in iframe doesn't use specified dimensions
  - [103259] High CVE-2011-3900: Out-of-bounds write in v8. Credit to
    Christian Holler
* Add patch to build with glib 2.31 (single entry header inclusion)
  - add debian/patches/glib-header-single-entry.patch
  - update debian/patches/series
* Refresh user agent patch
  - update debian/patches/chromium_useragent.patch.in
* New upstream release from the Stable Channel (LP: #889711)
  This release fixes the following security issues:
  - [100465] High CVE-2011-3892: Double free in Theora decoder. Credit to Aki
    Helin of OUSPG.
  - [100492] [100543] Medium CVE-2011-3893: Out of bounds reads in MKV and
    Vorbis media handlers. Credit to Aki Helin of OUSPG.
  - [101172] High CVE-2011-3894: Memory corruption regression in VP8 decoding.
    Credit to Andrew Scherkus of the Chromium development community.
  - [101458] High CVE-2011-3895: Heap overflow in Vorbis decoder. Credit to
    Aki Helin of OUSPG.
  - [101624] High CVE-2011-3896: Buffer overflow in shader variable mapping.
    Credit to Ken “strcpy” Russell of the Chromium development community.
  - [102242] High CVE-2011-3897: Use-after-free in editing. Credit to pa_kt
    reported through ZDI (ZDI-CAN-1416).

670. By Micah Gersten

* Trying again to refresh the chromium_useragent.patch.in patch

Branch metadata

Branch format:
Branch format 6
Repository format:
Bazaar pack repository format 1 (needs bzr 0.92)
This branch contains Public information 
Everyone can see this information.