lp://staging/ubuntu/lucid-updates/chromium-browser

Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/lucid-updates/chromium-browser
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

39. By Micah Gersten

* New upstream release from the Stable Channel (LP: #881786)
  This release fixes the following security issues:
  - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to
    Jordi Chancel.
  - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit
    to Jordi Chancel.
  - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of
    download filenames. Credit to Marc Novak.
  - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to
    Google Chrome Security Team (Tom Sepez) plus independent discovery by
    Juho Nurminen.
  - [94487] Medium CVE-2011-3878: Race condition in worker process
    initialization. Credit to miaubiz.
  - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to
    Masato Kinugawa.
  - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit
    to Vladimir Vorontsov, ONsec company.
  - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin
    policy violations. Credit to Sergey Glazunov.
  - [96292] High CVE-2011-3882: Use-after-free in media buffer handling.
    Credit to Google Chrome Security Team (Inferno).
  - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to
    miaubiz.
  - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to
    Brian Ryner of the Chromium development community.
  - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale
    style bugs leading to use-after-free. Credit to miaubiz.
  - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to
    Christian Holler.
  - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to
    Sergey Glazunov.
  - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing.
    Credit to miaubiz.
  - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz.
  - [99553] High CVE-2011-3890: Use-after-free in video source handling.
    Credit to Ami Fischman of the Chromium development community.
  - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to
    Steven Keuchel of the Chromium development community plus independent
    discovery by Daniel Divricean.

[ Chris Coulson <email address hidden> ]
* Refresh patches
  - update debian/patches/dlopen_sonamed_gl.patch
  - update debian/patches/webkit_rev_parser.patch

[ Fabien Tassin ]
* Disable NaCl until we figure out what to do with the private toolchain
  - update debian/rules
* Do not install the pseudo_locales files in the debs
  - update debian/rules
* Add python-simplejson to Build-depends. This is needed by NaCl even with
  NaCl disabled, so this is a temporary workaround to unbreak the build, it
  must be fixed upstream
  - update debian/control

38. By Micah Gersten

* New upstream release from the Stable Channel (LP: #858744)
  This release fixes the following security issues:
  + Chromium issues (13.0.782.220):
    - Trust in Diginotar Intermediate CAs revoked
  + Chromium issues (14.0.835.163):
    - [49377] High CVE-2011-2835: Race condition in the certificate cache.
      Credit to Ryan Sleevi.
    - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
      wbrana.
    - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
      loading plug-ins. Credit to Michal Zalewski.
    - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
      Mario Gomes.
    - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
      Credit to Kostya Serebryany.
    - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
      to Mario Gomes.
    - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
      to Jordi Chancel.
    - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
      Credit to Arthur Gerkis.
    - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
      Credit to miaubiz.
    - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
      Credit to Google Chrome Security Team (Inferno).
    - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
      to Google Chrome Security Team (SkyLined).
    - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
      non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
    - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
      Helin of OUSPG.
    - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
      characters. Credit to Google Chrome Security Team (Inferno).
    - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
      Credit to Google Chrome Security Team (Inferno).
    - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
      session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
  + Chromium issues (14.0.835.202):
    - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
      window prototype. Credit to Sergey Glazunov.
    - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
      handling. Credit to Google Chrome Security Team (Inferno).
    - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
      Credit to Zhenyao Mo.
  + Webkit issues (14.0.835.163):
    - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
      user interaction. Credit to kuzzcc.
    - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
      Credit to Arthur Gerkis.
    - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
      miaubiz.
    - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
      to miaubiz.
    - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
      handing. Credit to Sławomir Błażek, and independent later discoveries by
      miaubiz and Google Chrome Security Team (Inferno).
    - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
      Arthur Gerkis.
    - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
      to miaubiz.
    - [93587] High CVE-2011-2860: Use-after-free in table style handling.
      Credit to miaubiz.
  + Webkit issues (14.0.835.202):
    - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
      Credit to miaubiz.
    - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
      miaubiz.
  + LibXML issue (14.0.835.163):
    - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
      to Yang Dingning
  + V8 issues (14.0.835.163):
    - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
      to Kostya Serebryany
    - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
    - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
      Divricean.
    - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
      Credit to Sergey Glazunov.
    - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
      to Christian Holler.
  + V8 issues (14.0.835.202):
    - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
      bindings. Credit to Sergey Glazunov.
    - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
      Credit to Sergey Glazunov.

[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
  - update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
  the upstream rename, and add a mapping flag to the grit converter
  - update debian/rules
* Refresh Patches

[ Micah Gersten ]
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
  - update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
  - update debian/control

37. By Micah Gersten

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #803107)
  This release fixes the following security issues:
  + WebKit issues:
    - [84355] High, CVE-2011-2346: Use-after-free in SVG font handling.
      Credit to miaubiz.
    - [85003] High, CVE-2011-2347: Memory corruption in CSS parsing. Credit
      to miaubiz.
    - [85102] High, CVE-2011-2350: Lifetime and re-entrancy issues in the
      HTML parser. Credit to miaubiz.
    - [85211] High, CVE-2011-2351: Use-after-free with SVG use element.
      Credit to miaubiz.
    - [85418] High, CVE-2011-2349: Use-after-free in text selection. Credit
      to miaubiz.
  + Chromium issues:
    - [77493] Medium, CVE-2011-2345: Out-of-bounds read in NPAPI string
      handling. Credit to Philippe Arteau.
    - [85177] High, CVE-2011-2348: Bad bounds check in v8. Credit to Aki
      Helin of OUSPG.

[ Micah Gersten <email address hidden> ]
* Drop armel again from control file to not block on i386/amd64 updates
  - update debian/control

36. By Micah Gersten

[ Fabien Tassin <email address hidden> ]
* New upstream release from the Stable Channel (LP: #794197)
  It includes:
  - Hardware accelerated 3D CSS
  - New Safe Browsing protection against downloading malicious files
  - Integrated Sync into new settings pages
  This release fixes the following security issues:
  + WebKit issues:
    - [73962] [79746] High CVE-2011-1808: Use-after-free due to integer
      issues in float handling. Credit to miaubiz.
    - [75496] Medium CVE-2011-1809: Use-after-free in accessibility support.
      Credit to Google Chrome Security Team (SkyLined).
    - [75643] Low CVE-2011-1810: Visit history information leak in CSS.
      Credit to Jesse Mohrland of Microsoft and Microsoft Vulnerability
      Research (MSVR).
    - [80358] Medium CVE-2011-1816: Use-after-free in developer tools. Credit
      to kuzzcc.
    - [81949] High CVE-2011-1818: Use-after-free in image loader. Credit to
      miaubiz.
    - [83743] High CVE-2011-2342: Same origin bypass in DOM. Credit to Sergey
      Glazunov.
  + Chromium issues:
    - [76034] Low CVE-2011-1811: Browser crash with lots of form submissions.
      Credit to “DimitrisV22”.
    - [77026] Medium CVE-2011-1812: Extensions permission bypass. Credit to
      kuzzcc.
    - [78516] High CVE-2011-1813: Stale pointer in extension framework.
      Credit to Google Chrome Security Team (Inferno).
    - [79862] Low CVE-2011-1815: Extension script injection into new tab
      page. Credit to kuzzcc.
    - [81916] Medium CVE-2011-1817: Browser memory corruption in history
      deletion. Credit to Collin Payne.
    - [83010] Medium CVE-2011-1819: Extension injection into chrome:// pages.
      Credit to Vladislavas Jarmalis, plus subsequent independent discovery
      by Sergey Glazunov.
    - [83275] High CVE-2011-2332: Same origin bypass in v8. Credit to Sergey
      Glazunov.
* Drop the stored passwords patch (fixed upstream)
  - remove debian/patches/stored_passwords_lp743494.patch
  - update debian/patches/series
* Empty the -inspector package now that it has been merged into the main
  resources.pak file (so that the Inspector remains usable after an upgrade
  until the next browser restart). Also remove the resources directory,
  now empty
  - remove debian/chromium-browser-inspector.install
  - update debian/chromium-browser.dirs
  - update debian/rules
* Update the location of the app_strings templates
  - update debian/rules
* Don't build with libjpeg-turbo on armel, to prevent a FTBFS
  - update debian/rules
* Rebase the GL dlopen patch
  - update debian/patches/dlopen_sonamed_gl.patch

[ Micah Gersten <email address hidden> ]
* Don't have chromium-browser depend on chromium-browser-inspector anymore
  it's now a transitional package; Change text of chromium-browser-inspector
  to reflect its transitional nature
  - update debian/control
* Re-enable armel builds
  - update debian/control

35. By Micah Gersten

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #787846)
  This release fixes the following security issues:
  + WebKit issues:
    - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
      Silva.
    - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
      to Martin Barbella.
    - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
      Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
      of the Chromium development community.
  + GPU/WebGL issue:
    - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
      buffer. Credit to Google Chrome Security Team (Cris Neckar).
* Update the svg icon once again, the previous one contained an embedded png
  (LP: #748881)
  - update debian/chromium-browser.svg

34. By Micah Gersten

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #781822)
  This release fixes the following security issues:
  + WebKit issues:
    - [64046] High, CVE-2011-1799: Bad casts in Chromium WebKit glue. Credit
      to Google Chrome Security Team (SkyLined).
    - [80608] High, CVE-2011-1800: Integer overflows in SVG filters. Credit
      to Google Chrome Security Team (Cris Neckar).

33. By Micah Gersten

[ Fabien Tassin <email address hidden> ]
* New Minor upstream release from the Stable Channel (LP: #778822)
  This release fixes the following security issues:
  + WebKit issues:
    - [67923] High, CVE-2011-1793: stale pointer in SVG image handling
      (credit: Mitz)
    - [78327] High, CVE-2011-1794: integer overflow in SVG filters (credit:
      Inferno)
    - [78948] High, CVE-2011-1795: integer underflow in forms handling
      (credit: Cris Neckar)
    - [79055] High, CVE-2011-1796: use-after-free in frame handling (credit:
      Inferno)
    - [79075] High, CVE-2011-1797: stale pointer in table captioning (credit:
      wushi)
    - [79595] High, CVE-2011-1798: bad cast in SVG text handling (credit:
      Inferno)
* Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
  workaround.
  - update debian/rules

[ Micah Gersten <email address hidden> ]
* Switch arch: any to arch: i386 amd64 so that we don't have to wait for armel
  - update debian/control

32. By Fabien Tassin

* New Major upstream release from the Stable Channel (LP: #771935)
  This release fixes the following security issues:
  + WebKit issues:
    - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
      Credit to Scott Hess of the Chromium development community and Martin
      Barbella.
    - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
      Chamal De Silva.
    - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
      Credit to Kostya Serebryany of the Chromium development community.
    - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
      Credit to miaubiz.
    - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
      Credit to kuzzcc.
    - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
      Credit to Jose A. Vazquez.
    - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
      Credit to Michael Griffiths.
    - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
      Credit to Sergey Glazunov and wushi of team 509.
    - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
      Martin Barbella.
    - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
      wushi of team509.
    - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
      with navigation errors and interrupted loads. Credit to kuzzcc.
    - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
      Credit to miaubiz.
    - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
      Credit to wushi of team509.
    - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
      Marek Majkowski.
    - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
      Sergey Glazunov.
    - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
      to Sergey Glazunov.
  + Chromium issues:
    - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
      Credit to Aki Helin.
    - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
      capture local files. Credit to Cole Snodgrass.
    - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
      interaction with X. Credit to miaubiz.
    - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
      to Dan Rosenberg.
    - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
      to kuzzcc.
    - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
      reload. Credit to Jordi Chancel.
    - [74763] High, CVE-2011-1439: Prevent interference between renderer
      processes. Credit to Julien Tinnes of the Google Security Team.
* Fix the password store regression from the last Chromium 10 update.
  Backport from trunk provided by Elliot Glaysher from upstream (LP: #743494)
  - add debian/patches/stored_passwords_lp743494.patch
  - update debian/patches/series
* Update the SVG logo to match the new simplified 2D logo (LP: #748881)
  - update debian/chromium-browser.svg
* Ship the app icon in all the sizes provided upstream
  - update debian/rules
* Add libpam0g-dev to Build-depends, needed by "Chromoting"
  - update debian/control
* Enable the new use_third_party_translations flag at build time (it enables
  the Launchpad translations already used in Ubuntu since Chromium 8)
  - update debian/rules

31. By Fabien Tassin

* New upstream minor release from the Stable Channel (LP: #762275)
  This release fixes the following security issues:
  - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
    Credit to Google Chrome Security Team (Inferno).
  - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
    to Christoph Diehl.
  This releasse also contains the security fixes from 10.0.648.204~r79063
  (which has been skipped by the sponsors) (LP: #742118)
  + Webkit bugs:
    - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
      to Sławomir Błażek.
    - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
      to Sergey Glazunov.
    - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
      Sergey Glazunov.
    - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
      parentage. Credit to Sergey Glazunov.
    - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
      to Sergey Glazunov.
  + Chromium bugs:
    - [72517] High, CVE-2011-1291: Buffer error in base string handling.
      Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
  preventing a SIGILL crash on some boards (LP: #735877)
  - update debian/control
* Install libppGoogleNaClPluginChrome.so (LP: #738331)
  - update debian/rules
  - update debian/chromium-browser.install
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
  called from apport/ubuntu-bug (LP: #759635)
  - update debian/apport/chromium-browser.py
* NaCL may be blacklisted, so only include it when it's actually been
  built (fixes the ftbfs on arm) (LP: #745854)
  - update debian/rules
  - update debian/chromium-browser.install
* Harden the apport hooks in the extensions section
  - update debian/apport/chromium-browser.py

30. By Fabien Tassin

* New upstream security release from the Stable Channel (LP: #733514)
  + Webkit:
    - CVE-2011-1290 [75712] High, Memory corruption in style handling. Credit
      to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
      through ZDI.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/maverick/chromium-browser
This branch contains Public information 
Everyone can see this information.

Subscribers