lp://staging/ubuntu/lucid-updates/chromium-browser
- Get this branch:
- bzr branch lp://staging/ubuntu/lucid-updates/chromium-browser
Branch merges
Branch information
Recent revisions
- 39. By Micah Gersten
-
* New upstream release from the Stable Channel (LP: #881786)
This release fixes the following security issues:
- [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
Jordi Chancel.
- [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
to Jordi Chancel.
- [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
download filenames. Credit to Marc Novak.
- [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
Google Chrome Security Team (Tom Sepez) plus independent discovery by
Juho Nurminen.
- [94487] Medium CVE-2011-3878: Race condition in worker process
initialization. Credit to miaubiz.
- [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
Masato Kinugawa.
- [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
to Vladimir Vorontsov, ONsec company.
- [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
policy violations. Credit to Sergey Glazunov.
- [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
Credit to Google Chrome Security Team (Inferno).
- [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
miaubiz.
- [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
Brian Ryner of the Chromium development community.
- [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
style bugs leading to use-after-free. Credit to miaubiz.
- [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
Christian Holler.
- [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
Sergey Glazunov.
- [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
Credit to miaubiz.
- [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
- [99553] High CVE-2011-3890: Use-after-free in video source handling.
Credit to Ami Fischman of the Chromium development community.
- [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
Steven Keuchel of the Chromium development community plus independent
discovery by Daniel Divricean.[ Chris Coulson <email address hidden> ]
* Refresh patches
- update debian/patches/ dlopen_ sonamed_ gl.patch
- update debian/patches/ webkit_ rev_parser. patch [ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
- update debian/rules
* Do not install the pseudo_locales files in the debs
- update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
NaCl disabled, so this is a temporary workaround to unbreak the build, it
must be fixed upstream
- update debian/control - 38. By Micah Gersten
-
* New upstream release from the Stable Channel (LP: #858744)
This release fixes the following security issues:
+ Chromium issues (13.0.782.220):
- Trust in Diginotar Intermediate CAs revoked
+ Chromium issues (14.0.835.163):
- [49377] High CVE-2011-2835: Race condition in the certificate cache.
Credit to Ryan Sleevi.
- [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
wbrana.
- [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
loading plug-ins. Credit to Michal Zalewski.
- [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
Mario Gomes.
- [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
Credit to Kostya Serebryany.
- [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
to Mario Gomes.
- [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
to Jordi Chancel.
- [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
Credit to Arthur Gerkis.
- [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
Credit to miaubiz.
- [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
Credit to Google Chrome Security Team (Inferno).
- [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
to Google Chrome Security Team (SkyLined).
- [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
- [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
Helin of OUSPG.
- [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
characters. Credit to Google Chrome Security Team (Inferno).
- [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
Credit to Google Chrome Security Team (Inferno).
- [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
+ Chromium issues (14.0.835.202):
- [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
window prototype. Credit to Sergey Glazunov.
- [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
handling. Credit to Google Chrome Security Team (Inferno).
- [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
Credit to Zhenyao Mo.
+ Webkit issues (14.0.835.163):
- [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
user interaction. Credit to kuzzcc.
- [89219] High CVE-2011-2846: Use-after-free in unload event handling.
Credit to Arthur Gerkis.
- [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
miaubiz.
- [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
to miaubiz.
- [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
handing. Credit to Sławomir Błażek, and independent later discoveries by
miaubiz and Google Chrome Security Team (Inferno).
- [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
Arthur Gerkis.
- [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
to miaubiz.
- [93587] High CVE-2011-2860: Use-after-free in table style handling.
Credit to miaubiz.
+ Webkit issues (14.0.835.202):
- [93788] High CVE-2011-2876: Use-after-free in text line box handling.
Credit to miaubiz.
- [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
miaubiz.
+ LibXML issue (14.0.835.163):
- [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
to Yang Dingning
+ V8 issues (14.0.835.163):
- [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
to Kostya Serebryany
- [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
- [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
Divricean.
- [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
Credit to Sergey Glazunov.
- [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
to Christian Holler.
+ V8 issues (14.0.835.202):
- [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
bindings. Credit to Sergey Glazunov.
- [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
Credit to Sergey Glazunov.[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
- update debian/control
* Rename ui/base/strings/ app_strings. grd to ui_strings.grd following
the upstream rename, and add a mapping flag to the grit converter
- update debian/rules
* Refresh Patches[ Micah Gersten ]
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
- update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
- update debian/control - 37. By Micah Gersten
-
[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
This release fixes the following security issues:
+ WebKit issues:
- [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
Credit to miaubiz.
- [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
to miaubiz.
- [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
HTML parser. Credit to miaubiz.
- [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
Credit to miaubiz.
- [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
to miaubiz.
+ Chromium issues:
- [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
handling. Credit to Philippe Arteau.
- [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
Helin of OUSPG.[ Micah Gersten <email address hidden> ]
* Drop armel again from control file to not block on i386/amd64 updates
- update debian/control - 36. By Micah Gersten
-
[ Fabien Tassin <email address hidden> ]
* New upstream release from the Stable Channel (LP: #794197)
It includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Integrated Sync into new settings pages
This release fixes the following security issues:
+ WebKit issues:
- [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
issues in float handling. Credit to miaubiz.
- [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
Credit to Google Chrome Security Team (SkyLined).
- [75643] Low CVE-2011-1810: Visit history information leak in CSS.
Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
Research (MSVR).
- [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
to kuzzcc.
- [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
miaubiz.
- [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
Glazunov.
+ Chromium issues:
- [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
Credit to “DimitrisV22”.
- [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
kuzzcc.
- [78516] High CVE-2011-1813: Stale pointer in extension framework.
Credit to Google Chrome Security Team (Inferno).
- [79862] Low CVE-2011-1815: Extension script injection into new tab
page. Credit to kuzzcc.
- [81916] Medium CVE-2011-1817: Browser memory corruption in history
deletion. Credit to Collin Payne.
- [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
Credit to Vladislavas Jarmalis, plus subsequent independent discovery
by Sergey Glazunov.
- [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
Glazunov.
* Drop the stored passwords patch (fixed upstream)
- remove debian/patches/ stored_ passwords_ lp743494. patch
- update debian/patches/ series
* Empty the -inspector package now that it has been merged into the main
resources.pak file (so that the Inspector remains usable after an upgrade
until the next browser restart). Also remove the resources directory,
now empty
- remove debian/chromium- browser- inspector. install
- update debian/chromium- browser. dirs
- update debian/rules
* Update the location of the app_strings templates
- update debian/rules
* Don't build with libjpeg-turbo on armel, to prevent a FTBFS
- update debian/rules
* Rebase the GL dlopen patch
- update debian/patches/ dlopen_ sonamed_ gl.patch [ Micah Gersten <email address hidden> ]
* Don't have chromium-browser depend on chromium-browser- inspector anymore
it's now a transitional package; Change text of chromium-browser- inspector
to reflect its transitional nature
- update debian/control
* Re-enable armel builds
- update debian/control - 35. By Micah Gersten
-
[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #787846)
This release fixes the following security issues:
+ WebKit issues:
- [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
Silva.
- [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
to Martin Barbella.
- [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
of the Chromium development community.
+ GPU/WebGL issue:
- [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
(LP: #748881)
- update debian/chromium- browser. svg - 34. By Micah Gersten
-
[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #781822)
This release fixes the following security issues:
+ WebKit issues:
- [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
to Google Chrome Security Team (SkyLined).
- [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
to Google Chrome Security Team (Cris Neckar). - 33. By Micah Gersten
-
[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #778822)
This release fixes the following security issues:
+ WebKit issues:
- [67923] High, CVE-2011-1793: stale pointer in SVG image handling
(credit: Mitz)
- [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
Inferno)
- [78948] High, CVE-2011-1795: integer underflow in forms handling
(credit: Cris Neckar)
- [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
Inferno)
- [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
wushi)
- [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
Inferno)
* Pass --delete_unversioned_ trees to gclient and drop the git.chromium.org
workaround.
- update debian/rules[ Micah Gersten <email address hidden> ]
* Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
- update debian/control - 32. By Fabien Tassin
-
* New Major upstream release from the Stable Channel (LP: #771935)
This release fixes the following security issues:
+ WebKit issues:
- [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
Credit to Scott Hess of the Chromium development community and Martin
Barbella.
- [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
Chamal De Silva.
- [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
Credit to Kostya Serebryany of the Chromium development community.
- [73526] High, CVE-2011-1437: Integer overflows in float rendering.
Credit to miaubiz.
- [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
Credit to kuzzcc.
- [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
Credit to Jose A. Vazquez.
- [75347] High, CVE-2011-1441: Bad cast with floating select lists.
Credit to Michael Griffiths.
- [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
Credit to Sergey Glazunov and wushi of team 509.
- [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
Martin Barbella.
- [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
wushi of team509.
- [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
with navigation errors and interrupted loads. Credit to kuzzcc.
- [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
Credit to miaubiz.
- [77130] High, CVE-2011-1448: Stale pointer in height calculations.
Credit to wushi of team509.
- [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
Marek Majkowski.
- [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
Sergey Glazunov.
- [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
to Sergey Glazunov.
+ Chromium issues:
- [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
Credit to Aki Helin.
- [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
capture local files. Credit to Cole Snodgrass.
- [72910] Low, CVE-2011-1436: Possible browser crash due to bad
interaction with X. Credit to miaubiz.
- [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
to Dan Rosenberg.
- [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
to kuzzcc.
- [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
reload. Credit to Jordi Chancel.
- [74763] High, CVE-2011-1439: Prevent interference between renderer
processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
- add debian/patches/ stored_ passwords_ lp743494. patch
- update debian/patches/ series
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
- update debian/chromium- browser. svg
* Ship the app icon in all the sizes provided upstream
- update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
- update debian/control
* Enable the new use_third_party_translati ons flag at build time (it enables
the Launchpad translations already used in Ubuntu since Chromium 8)
- update debian/rules - 31. By Fabien Tassin
-
* New upstream minor release from the Stable Channel (LP: #762275)
This release fixes the following security issues:
- [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
Credit to Google Chrome Security Team (Inferno).
- [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
to Christoph Diehl.
This releasse also contains the security fixes from 10.0.648.204~r79063
(which has been skipped by the sponsors) (LP: #742118)
+ Webkit bugs:
- [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
to Sławomir Błażek.
- [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
to Sergey Glazunov.
- [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
Sergey Glazunov.
- [74991] High, CVE-2011-1295: DOM tree corruption with broken node
parentage. Credit to Sergey Glazunov.
- [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
to Sergey Glazunov.
+ Chromium bugs:
- [72517] High, CVE-2011-1291: Buffer error in base string handling.
Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
preventing a SIGILL crash on some boards (LP: #735877)
- update debian/control
* Install libppGoogleNaClPluginChrome. so (LP: #738331)
- update debian/rules
- update debian/chromium- browser. install
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
called from apport/ubuntu-bug (LP: #759635)
- update debian/apport/ chromium- browser. py
* NaCL may be blacklisted, so only include it when it's actually been
built (fixes the ftbfs on arm) (LP: #745854)
- update debian/rules
- update debian/chromium- browser. install
* Harden the apport hooks in the extensions section
- update debian/apport/ chromium- browser. py - 30. By Fabien Tassin
-
* New upstream security release from the Stable Channel (LP: #733514)
+ Webkit:
- CVE-2011-1290 [75712] High, Memory corruption in style handling. Credit
to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
through ZDI.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp://staging/ubuntu/maverick/chromium-browser