Chromium Browser

lp://staging/~chromium-team/chromium-browser/precise-working

Created by Chad Miller and last modified
Get this branch:
bzr branch lp://staging/~chromium-team/chromium-browser/precise-working
Members of Chromium team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Chromium team
Project:
Chromium Browser
Status:
Development

Recent revisions

1039. By Chad Miller

* debian/patches/arm64-vpx-alignment: Avoid ARM64 alignment bug on some
  compilers.
* debian/rules: Fix armhf float ABI and remove unnecessary envvars.
  (LP: #1673276)

1038. By Chad Miller

null merge

1037. By Chad Miller

Remove unused build-dep on gcc47

1036. By Chad Miller

[Chad Miller]
* Upstream release: 57.0.2987.98.
  - CVE-2017-5030: Memory corruption in V8.
  - CVE-2017-5031: Use after free in ANGLE.
  - CVE-2017-5032: Out of bounds write in PDFium.
  - CVE-2017-5029: Integer overflow in libxslt.
  - CVE-2017-5034: Use after free in PDFium.
  - CVE-2017-5035: Incorrect security UI in Omnibox.
  - CVE-2017-5036: Use after free in PDFium.
  - CVE-2017-5037: Multiple out of bounds writes in ChunkDemuxer.
  - CVE-2017-5039: Use after free in PDFium.
  - CVE-2017-5040: Information disclosure in V8.
  - CVE-2017-5041: Address spoofing in Omnibox.
  - CVE-2017-5033: Bypass of Content Security Policy in Blink.
  - CVE-2017-5042: Incorrect handling of cookies in Cast.
  - CVE-2017-5038: Use after free in GuestView.
  - CVE-2017-5043: Use after free in GuestView.
  - CVE-2017-5044: Heap overflow in Skia.
  - CVE-2017-5045: Information disclosure in XSS Auditor.
  - CVE-2017-5046: Information disclosure in Blink.
* debian/patches/stdatomic: Support gcc48.
* debian/patches/snapshot-library-link: Add missing libsnapshot link
* debian/patches/gtk-ui-stdmove: fix && pointer return with std::move
* debian/control: Drop binary arch "any" and explicitly list four.
* debian/patches/enable-chromecast-by-default: (LP: #1621753)
* debian/rules: no longer use gconf. (LP: #1669100)
* debian/control: Drop binary arch "any" and explicitly list three.
* debian/rules: Avoid field trial experiments to get stable code.
  (closes: LP#1667125)

1035. By Chad Miller

Fix ARM64 prefix.

1034. By Chad Miller

* debian/control: Drop binary arch "any" and explicitly list four.
* debian/patches/arm64-support: arm64 gcc needs toolchain information.
* debian/rules: no longer use gconf. (LP: #1669100)
* debian/patches/enable-chromecast-by-default: (LP: #1621753)

1033. By Chad Miller

debian/patches/enable-chromecast-by-default: (closes: LP#1621753)

1032. By Chad Miller

* Upstream release: 56.0.2924.76
  - CVE-2017-5007: Universal XSS in Blink.
  - CVE-2017-5006: Universal XSS in Blink.
  - CVE-2017-5008: Universal XSS in Blink.
  - CVE-2017-5010: Universal XSS in Blink.
  - CVE-2017-5011: Unauthorised file access in Devtools.
  - CVE-2017-5009: Out of bounds memory access in WebRTC.
  - CVE-2017-5012: Heap overflow in V8.
  - CVE-2017-5013: Address spoofing in Omnibox.
  - CVE-2017-5014: Heap overflow in Skia.
  - CVE-2017-5015: Address spoofing in Omnibox.
  - CVE-2017-5019: Use after free in Renderer.
  - CVE-2017-5016: UI spoofing in Blink.
  - CVE-2017-5017: Uninitialised memory access in webm video.
  - CVE-2017-5018: Universal XSS in chrome://apps.
  - CVE-2017-5020: Universal XSS in chrome://downloads.
  - CVE-2017-5021: Use after free in Extensions.
  - CVE-2017-5022: Bypass of Content Security Policy in Blink.
  - CVE-2017-5023: Type confusion in metrics.
  - CVE-2017-5024: Heap overflow in FFmpeg.
  - CVE-2017-5025: Heap overflow in FFmpeg.
  - CVE-2017-5026: UI spoofing.
* debian/patches/screen_capturer: allow compilation on gcc4
* debian/patches/arm64-support: reenable arm64
* debian/patches/memory-free-assertion-failure: discover memory management
  assertion failures.
* debian/rules: Avoid field trial experiments to get stable code.
  (closes: LP#1667125)
* debian/rules: Build extra codecs as part of main chromium program,
  and libre/crippled/h.264less on its own. Seems to make h.264 work
  again. Weird.
* debian/chromium-browser.links: Make link to ./ instead of / to fix
  path problems that codec-using other apps might see.
* Upstream release of 55.0.2883.87:
  - Change Flash running default to important content only.
* debian/chromium-browser.sh.in: Insert the Flash version if empty and
  detectable.
* debian/rules, debian/control: Use gcc/g++ 4.8 to build.
* Upstream release of 55.0.2883.75:
  - CVE-2016-9651: Private property access in V8.
  - CVE-2016-5208: Universal XSS in Blink.
  - CVE-2016-5207: Universal XSS in Blink.
  - CVE-2016-5206: Same-origin bypass in PDFium.
  - CVE-2016-5205: Universal XSS in Blink.
  - CVE-2016-5204: Universal XSS in Blink.
  - CVE-2016-5209: Out of bounds write in Blink.
  - CVE-2016-5203: Use after free in PDFium.
  - CVE-2016-5210: Out of bounds write in PDFium.
  - CVE-2016-5212: Local file disclosure in DevTools.
  - CVE-2016-5211: Use after free in PDFium.
  - CVE-2016-5213: Use after free in V8.
  - CVE-2016-5214: File download protection bypass.
  - CVE-2016-5216: Use after free in PDFium.
  - CVE-2016-5215: Use after free in Webaudio.
  - CVE-2016-5217: Use of unvalidated data in PDFium.
  - CVE-2016-5218: Address spoofing in Omnibox.
  - CVE-2016-5219: Use after free in V8.
  - CVE-2016-5221: Integer overflow in ANGLE.
  - CVE-2016-5220: Local file access in PDFium.
  - CVE-2016-5222: Address spoofing in Omnibox.
  - CVE-2016-9650: CSP Referrer disclosure.
  - CVE-2016-5223: Integer overflow in PDFium.
  - CVE-2016-5226: Limited XSS in Blink.
  - CVE-2016-5225: CSP bypass in Blink.
  - CVE-2016-5224: Same-origin bypass in SVG
  - CVE-2016-9652: Various fixes from internal audits, fuzzing and other
    initiatives
* Upstream release of 54.0.2840.100:
  - CVE-2016-5199: Heap corruption in FFmpeg.
  - CVE-2016-5200: Out of bounds memory access in V8.
  - CVE-2016-5201: Info leak in extensions.
  - CVE-2016-5202: Various fixes from internal audits, fuzzing and other
    initiatives
* Move to using GN to build chromium.
  - debian/known_gn_gen_args
  - debian/rules
  patches
* debian/rules, lintians, installs, script: Move component libs out of
  libs/, to /usr/lib/chromium-browser/ only.
* debian/patches/do-not-use-bundled-clang: Use clang from path.
* debian/control: Express that binary packages could be on "any"
  architecture.
* debian/control: additionally build-dep on libgtk-3-dev
* debian/patches/arm64-support: Fail nicer if aarch64/arm64 mismatch.
* Upstrem release of 54.0.2840.59:
  - CVE-2016-5181: Universal XSS in Blink.
  - CVE-2016-5182: Heap overflow in Blink.
  - CVE-2016-5183: Use after free in PDFium.
  - CVE-2016-5184: Use after free in PDFium.
  - CVE-2016-5185: Use after free in Blink.
  - CVE-2016-5187: URL spoofing.
  - CVE-2016-5188: UI spoofing.
  - CVE-2016-5192: Cross-origin bypass in Blink.
  - CVE-2016-5189: URL spoofing.
  - CVE-2016-5186: Out of bounds read in DevTools.
  - CVE-2016-5191: Universal XSS in Bookmarks.
  - CVE-2016-5190: Use after free in Internals.
  - CVE-2016-5193: Scheme bypass.
  - CVE-2016-5194: Various fixes from internal audits, fuzzing and other
    initiatives
* debian/patches/allow-component-build: Hard-code, override
  release -> no component logic.
* debian/known_gyp_flags: Remove old GYP known-flags list.
* debian/default-allocator: Insist on not using tcmalloc allocator.
* debian/rules: Set LDFLAGS to limit memory usage.
* debian/control: Remove extraneous dependencies.

1031. By Chad Miller

debian/rules: Build extra codecs as part of main chromium program,
and libre/crippled/h.264less on its own. Seems to make h.264 work
again. Weird.

1030. By Chad Miller

* debian/control: Add build-dep on libx11-xcb1-dev.
* debian/rules, debian/control: Use gcc/g++ 4.7 to build.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.