lp:~chromium-team/chromium-browser/vivid-working

Created by Chad Miller on 2014-10-24 and last modified on 2016-07-15
Get this branch:
bzr branch lp:~chromium-team/chromium-browser/vivid-working
Members of Chromium team can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Chromium team
Project:
Chromium Browser
Status:
Development

Recent revisions

1207. By Chad Miller on 2016-07-15

* Upstream release 51.0.2704.106
* Upstream release 51.0.2704.103:
  - CVE-2016-1704: Various fixes from internal audits, fuzzing and other
    initiatives.
* debian/control: remvove build-dep on clang.
* Sync many things from debian:
  - No longer build remoting, or install its locale files.
  - Use many system libraries, adding build-dep on
      - libre2-dev,
      - yasm,
      - libopus-dev,
      - zlib1g-dev,
      - libspeex-dev,
      - libspeechd-dev,
      - libexpat1-dev,
      - libpng-dev,
      - libxml2-dev,
      - libjpeg-dev,
      - libwebp-dev,
      - libxslt-dev,
      - libsrtp-dev,
      - libjsoncpp-dev,
      - libevent-dev,
      - libharfbuzz-dev,
  - Clean up many parts of debian/rules, wrt variable names
  - Set hardening on.
  - Use gold linker.
  - Disable Google Now. Creepy. Might mean downloads of opaque programs too.
  - Disable Wallet service.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
  build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
  and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
  --exclude.
* debian/rules: Don't use tcmalloc on armhf.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
  build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
  and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
  --exclude.
* debian/rules: Don't use tcmalloc on armhf.

1206. By Chad Miller on 2016-06-02

* Upstream release 51.0.2704.79:
  - CVE-2016-1696: Cross-origin bypass in Extension bindings.
  - CVE-2016-1697: Cross-origin bypass in Blink.
  - CVE-2016-1698: Information leak in Extension bindings.
  - CVE-2016-1699: Parameter sanitization failure in DevTools.
  - CVE-2016-1700: Use-after-free in Extensions.
  - CVE-2016-1701: Use-after-free in Autofill.
  - CVE-2016-1702: Out-of-bounds read in Skia.
  - CVE-2016-1703: Various fixes from internal audits, fuzzing and other
    initiatives.

1205. By Chad Miller on 2016-05-27

Drop appstream test.

1204. By Chad Miller on 2016-05-26

null merge

1203. By Chad Miller on 2016-05-26

debian/patches/blink-platform-export-class: remove patch. Unnecessary.

1202. By Chad Miller on 2016-05-26

* Upstream release 51.0.2704.63:
  - CVE-2016-1672: Cross-origin bypass in extension bindings.
  - CVE-2016-1673: Cross-origin bypass in Blink.
  - CVE-2016-1674: Cross-origin bypass in extensions.
  - CVE-2016-1675: Cross-origin bypass in Blink.
  - CVE-2016-1676: Cross-origin bypass in extension bindings.
  - CVE-2016-1677: Type confusion in V8.
  - CVE-2016-1678: Heap overflow in V8.
  - CVE-2016-1679: Heap use-after-free in V8 bindings.
  - CVE-2016-1680: Heap use-after-free in Skia.
  - CVE-2016-1681: Heap overflow in PDFium.
  - CVE-2016-1682: CSP bypass for ServiceWorker.
  - CVE-2016-1683: Out-of-bounds access in libxslt.
  - CVE-2016-1684: Integer overflow in libxslt.
  - CVE-2016-1685: Out-of-bounds read in PDFium.
  - CVE-2016-1686: Out-of-bounds read in PDFium.
  - CVE-2016-1687: Information leak in extensions.
  - CVE-2016-1688: Out-of-bounds read in V8.
  - CVE-2016-1689: Heap buffer overflow in media.
  - CVE-2016-1690: Heap use-after-free in Autofill.
  - CVE-2016-1691: Heap buffer-overflow in Skia.
  - CVE-2016-1692: Limited cross-origin bypass in ServiceWorker.
  - CVE-2016-1693: HTTP Download of Software Removal Tool.
  - CVE-2016-1694: HPKP pins removed on cache clearance.
  - CVE-2016-1695: Various fixes from internal audits, fuzzing and other
    initiatives.

1201. By Chad Miller on 2016-05-13

* debian/patches/blink-platform-export-class: avoid Trusty bug where
  WebKit Platform class vtable not found at link time.
* debian/apport/chromium-browser.py: Handle case when crash and no
  chromium directory exists. Still report errors in apport.

1200. By Chad Miller on 2016-05-11

* Upstream release 50.0.2661.102:
  - CVE-2016-1667: Same origin bypass in DOM.
  - CVE-2016-1668: Same origin bypass in Blink V8 bindings.
  - CVE-2016-1669: Buffer overflow in V8.
  - CVE-2016-1670: Race condition in loader.
  - CVE-2016-1671: Directory traversal using the file scheme on Android.
* Upstream release 50.0.2661.94:
  - CVE-2016-1660: Out-of-bounds write in Blink.
  - CVE-2016-1661: Memory corruption in cross-process frames.
  - CVE-2016-1662: Use-after-free in extensions.
  - CVE-2016-1663: Use-after-free in Blink‚Äôs V8 bindings.
  - CVE-2016-1664: Address bar spoofing.
  - CVE-2016-1665: Information leak in V8.
  - CVE-2016-1666: Various fixes from internal audits, fuzzing and other
    initiatives.
  - CVE-2016-1658: Potential leak of sensitive information to malicious
    extensions.
  - CVE-2015-1659: Various fixes from internal audits, fuzzing and other
    initiatives.
* debian/rules: use new libsecret way of contacting keyring.

1199. By Chad Miller on 2016-04-14

* Upstream release 50.0.2661.75:
  - CVE-2016-1652: Universal XSS in extension bindings.
  - CVE-2016-1653: Out-of-bounds write in V8.
  - CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding.
  - CVE-2016-1654: Uninitialized memory read in media.
  - CVE-2016-1655: Use-after-free related to extensions.
  - CVE-2016-1656: Android downloaded file path restriction bypass.
  - CVE-2016-1657: Address bar spoofing.
  - CVE-2016-1658: Potential leak of sensitive information to malicious extensions.
  - CVE-2015-1659: Various fixes from internal audits, fuzzing and other initiatives.
* debian/patches/seccomp-allow-set-robust-list: pass through syscall
  set_robust_list. glibc nptl thread creation uses it.

1198. By Chad Miller on 2016-03-24

* Upstream release 49.0.2623.108:
  - CVE-2016-1646: Out-of-bounds read in V8.
  - CVE-2016-1647: Use-after-free in Navigation.
  - CVE-2016-1648: Use-after-free in Extensions.
  - CVE-2016-1649: Buffer overflow in libANGLE.
  - CVE-2016-1650: Various fixes from internal audits, fuzzing and other
    initiatives.
  - Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch
    (currently 4.9.385.33).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers