Created by Fabien Tassin on 2011-05-07 and last modified on 2012-12-05
Get this branch:
bzr branch lp:~chromium-team/chromium-browser/chromium-browser.oneiric
Members of Chromium team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Chromium team
Chromium Browser

Recent revisions

701. By Micah Gersten on 2012-12-05

releasing version 23.0.1271.95-0ubuntu0.11.10.1

700. By Micah Gersten on 2012-12-05

* Switch to xz binary packages, use Pre-Depends on dpkg (>= 1.15.6~)
  - update debian/control

699. By Micah Gersten on 2012-12-05

* Disable user agent patch for the moment as it doesn't apply cleanly
  - update debian/patches/series

698. By Micah Gersten on 2012-12-05

* Reenable chromium_useragent patch (was enabled in the last upload)

697. By Micah Gersten on 2012-12-05

(merge lp:~chromium-team/chromium-browser/chromium-browser.lucid r665..670)
 - update changelog version for oneiric

* New upstream version 23.0.1271.95 (LP: #1086613)
  - CVE-2012-5138: Incorrect file path handling.
  - CVE-2012-5137: Use-after-free in media source handling.
* Hardcode Ubuntu in Chromium user agent patch; Drop release specific part
  similar to what was done with Firefox; Drop from subst_files in rules
  - rename debian/patches/chromium_useragent.patch.in => debian/patches/chromium_useragent.patch
  - update debian/patches/chromium_useragent.patch
  - update debian/rules
* Add localization support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms.
* No longer include Launchpad-generated translations.
* No longer expect unpacked tarball to contain "build-tree".
* Fix build warning about missing debian/source/format. Set to "3.0
* Make system-v8 patch use "type none" instead of "type settings".; Leave
  Patch disabled
* Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the
  executing program is not dpkg-buildpackage.
* Make rules file generate LASTCHANGE file at new location.
* Change get-sources command to kill script when it fails to disable
  gyp-chromium run from DEPS. Never fail silently again.
* Drop SCM revision from the version.
* New upstream version 23.0.1271.91
  - CVE-2012-5133: Use-after-free in SVG filters.
  - CVE-2012-5130: Out-of-bounds read in Skia.
  - CVE-2012-5132: Browser crash with chunked encoding.
  - CVE-2012-5134: Buffer underflow in libxml.
  - CVE-2012-5135: Use-after-free with printing.
  - CVE-2012-5136: Bad cast in input element handling.
* Includes CVE fixes for 23.0.1271.64
  - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP
  - CVE-2012-5120: Out-of-bounds array access in v8.
  - CVE-2012-5116: Use-after-free in SVG filter handling.
  - CVE-2012-5121: Use-after-free in video layout.
  - CVE-2012-5117: Inappropriate load of SVG subresource in img context.
  - CVE-2012-5119: Race condition in Pepper buffer handling.
  - CVE-2012-5122: Bad cast in input handling.
  - CVE-2012-5123: Out-of-bounds reads in Skia.
  - CVE-2012-5124: Memory corruption in texture handling.
  - CVE-2012-5125: Use-after-free in extension tab handling.
  - CVE-2012-5126: Use-after-free in plug-in placeholder handling.
  - CVE-2012-5128: Bad write in v8.
* Includes CVE fixes for 22.0.1229.94
  - CVE-2012-5112: SVG use-after-free and IPC arbitrary file write.
* Includes CVE fixes for 22.0.1229.92
  - CVE-2012-2900: Crash in Skia text rendering.
  - CVE-2012-5108: Race condition in audio device handling.
  - CVE-2012-5109: OOB read in ICU regex.
  - CVE-2012-5110: Out-of-bounds read in compositor.
  - CVE-2012-5111: Plug-in crash monitoring was missing for Pepper plug-ins.
* Includes CVE fixes for 22.0.1229.79
  - CVE-2012-2889: UXSS in frame handling.
  - CVE-2012-2886: UXSS in v8 bindings.
  - CVE-2012-2881: DOM tree corruption with plug-ins.
  - CVE-2012-2876: Buffer overflow in SSE2 optimizations.
  - CVE-2012-2883: Out-of-bounds write in Skia.
  - CVE-2012-2887: Use-after-free in onclick handling.
  - CVE-2012-2888: Use-after-free in SVG text references.
  - CVE-2012-2894: Crash in graphics context handling.
  - CVE-2012-2877: Browser crash with extensions and modal dialogs.
  - CVE-2012-2879: DOM topology corruption.
  - CVE-2012-2884: Out-of-bounds read in Skia.
  - CVE-2012-2874: Out-of-bounds write in Skia.
  - CVE-2012-2878: Use-after-free in plug-in handling.
  - CVE-2012-2880: Race condition in plug-in paint buffer.
  - CVE-2012-2882: Wild pointer in OGG container handling.
  - CVE-2012-2885: Possible double free on exit.
  - CVE-2012-2891: Address leak over IPC.
  - CVE-2012-2892: Pop-up block bypass.
  - CVE-2012-2893: Double free in XSL transforms.
* Includes CVE fixes for 21.0.1180.89
  - CVE-2012-2865: Out-of-bounds read in line breaking.
  - CVE-2012-2866: Bad cast with run-ins.
  - CVE-2012-2867: Browser crash with SPDY.
  - CVE-2012-2868: Race condition with workers and XHR.
  - CVE-2012-2869: Avoid stale buffer in URL loading.
  - CVE-2012-2870: Lower severity memory management issues in XPath.
  - CVE-2012-2871: Bad cast in XSL transforms.
  - CVE-2012-2872: XSS in SSL interstitial.
* Includes CVE fixes for 21.0.1180.57
  - CVE-2012-2846: Cross-process interference in renderers.
  - CVE-2012-2847: Missing re-prompt to user upon excessive downloads.
  - CVE-2012-2848: Overly broad file access granted after drag+drop.
  - CVE-2012-2849: Off-by-one read in GIF decoder.
  - CVE-2012-2853: webRequest can interfere with the Chrome Web Store.
  - CVE-2012-2854: Leak of pointer values to WebUI renderers.
  - CVE-2012-2857: Use-after-free in CSS DOM.
  - CVE-2012-2858: Buffer overflow in WebP decoder.
  - CVE-2012-2859: Crash in tab handling.
  - CVE-2012-2860: Out-of-bounds access when clicking in date picker.
* Includes CVE fixes for 20.0.1132.57
  - CVE-2012-2842: Use-after-free in counter handling.
  - CVE-2012-2843: Use-after-free in layout height tracking.
* Includes CVE fixes for 20.0.1132.43
  - CVE-2012-2815: Leak of iframe fragment id.
  - CVE-2012-2817: Use-after-free in table section handling.
  - CVE-2012-2818: Use-after-free in counter layout.
  - CVE-2012-2819: Crash in texture handling.
  - CVE-2012-2820: Out-of-bounds read in SVG filter handling.
  - CVE-2012-2821: Autofill display problem.
  - CVE-2012-2823: Use-after-free in SVG resource handling.
  - CVE-2012-2824: Use-after-free in SVG painting.
  - CVE-2012-2826: Out-of-bounds read in texture conversion.
  - CVE-2012-2829: Use-after-free in first-letter handling
  - CVE-2012-2830: Wild pointer in array value setting.
  - CVE-2012-2831: Use-after-free in SVG reference handling.
  - CVE-2012-2834: Integer overflow in Matroska container.
  - CVE-2012-2825: Wild read in XSL handling.
  - CVE-2012-2807: Integer overflows in libxml.
* Includes CVE fixes for 19.0.1084.52:
  - CVE-2011-3103: Crashes in v8 garbage collection.
  - CVE-2011-3104: Out-of-bounds read in Skia.
  - CVE-2011-3105: Use-after-free in first-letter handling.
  - CVE-2011-3106: Browser memory corruption with websockets over SSL.
  - CVE-2011-3107: Crashes in the plug-in JavaScript bindings.
  - CVE-2011-3108: Use-after-free in browser cache.
  - CVE-2011-3109: Bad cast in GTK UI.
  - CVE-2011-3111: Invalid read in v8.
  - CVE-2011-3115: Type corruption in v8.
* Includes CVE fixes for initial Chromium 19 release:
  - CVE-2011-3083: Browser crash with video + FTP.
  - CVE-2011-3084: Load links from internal pages in their own process.
  - CVE-2011-3085: UI corruption with long autofilled values.
  - CVE-2011-3086: Use-after-free with style element.
  - CVE-2011-3087: Incorrect window navigation.
  - CVE-2011-3088: Out-of-bounds read in hairline drawing.
  - CVE-2011-3089: Use-after-free in table handling.
  - CVE-2011-3090: Race condition with workers.
  - CVE-2011-3091: Use-after-free with indexed DB.
  - CVE-2011-3092: Invalid write in v8 regex.
  - CVE-2011-3093: Out-of-bounds read in glyph handling.
  - CVE-2011-3094: Out-of-bounds read in Tibetan handling.
  - CVE-2011-3095: Out-of-bounds write in OGG container.
  - CVE-2011-3096: Use-after-free in GTK omnibox handling.
  - CVE-2011-3100: Out-of-bounds read drawing dash paths.
  - CVE-2011-3101: Work around Linux Nvidia driver bug.
  - CVE-2011-3102: Off-by-one out-of-bounds write in libxml.

696. By Micah Gersten on 2012-05-01

releasing version 18.0.1025.168~r134367-0ubuntu0.11.10.1

695. By Micah Gersten on 2012-05-01

* New upstream release from the Stable Channel (LP: #992352)
  - [106413] High CVE-2011-3078: Use after free in floats handling. Credit to
    Google Chrome Security Team (Marty Barbella) and independent later
    discovery by miaubiz.
  - [117110] High CVE-2012-1521: Use after free in xml parser. Credit to
    Google Chrome Security Team (SkyLined) and independent later discovery by
    wushi of team509 reported through iDefense VCP (V-874rcfpq7z).
  - [117627] Medium CVE-2011-3079: IPC validation failure. Credit to PinkiePie
  - [121726] Medium CVE-2011-3080: Race condition in sandbox IPC. Credit to
    Willem Pinckaers of Matasano.
  - [121899] High CVE-2011-3081: Use after free in floats handling.
    Credit to miaubiz.

694. By Micah Gersten on 2012-04-10

releasing version 18.0.1025.151~r130497-0ubuntu0.11.10.1

693. By Micah Gersten on 2012-04-10

* New upstream release from the Stable Channel (LP: #977502)
  - black screen on Hybrid Graphics system with GPU accelerated compositing
    enabled (Issue: 117371)
  - CSS not applied to <content> element (Issue: 114667)
  - Regression rendering a div with background gradient and borders
    (Issue: 113726)
  - Canvas 2D line drawing bug with GPU acceleration (Issue: 121285)
  - Multiple crashes (Issues: 72235, 116825 and 92998)
  - Pop-up dialog is at wrong position (Issue: 116045)
  - HTML Canvas patterns are broken if you change the transformation matrix
    (Issue: 112165)
  - SSL interstitial error "proceed anyway" / "back to safety" buttons don't
    work (Issue: 119252)
  This release fixes the following security issues:
  - [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping.
    Credit to miaubiz.
  - [117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to
    Sergey Glazunov.
  - [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to
  - [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit
    to miaubiz.
  - [118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to
    Google Chrome Security Team (SkyLined).
  - [118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit
    to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
  - [118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up
    window. Credit to Sergey Glazunov.
  - [118593] High CVE-2011-3073: Use-after-free in SVG resource handling.
    Credit to Arthur Gerkis.
  - [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit
    to Sławomir Błażek.
  - [119525] High CVE-2011-3075: Use-after-free applying style command.
    Credit to miaubiz.
  - [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to
  - [120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit
    to Google Chrome Security Team (Inferno).

692. By Micah Gersten on 2012-04-02

releasing version 18.0.1025.142~r129054-0ubuntu0.11.10.1

Branch metadata

Branch format:
Branch format 6
Repository format:
Bazaar pack repository format 1 (needs bzr 0.92)
This branch contains Public information 
Everyone can see this information.