lp:~chromium-team/chromium-browser/vivid-working
- Get this branch:
- bzr branch lp:~chromium-team/chromium-browser/vivid-working
Branch merges
Branch information
Recent revisions
- 1207. By Chad Miller
-
* Upstream release 51.0.2704.106
* Upstream release 51.0.2704.103:
- CVE-2016-1704: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/control: remvove build-dep on clang.
* Sync many things from debian:
- No longer build remoting, or install its locale files.
- Use many system libraries, adding build-dep on
- libre2-dev,
- yasm,
- libopus-dev,
- zlib1g-dev,
- libspeex-dev,
- libspeechd-dev,
- libexpat1-dev,
- libpng-dev,
- libxml2-dev,
- libjpeg-dev,
- libwebp-dev,
- libxslt-dev,
- libsrtp-dev,
- libjsoncpp-dev,
- libevent-dev,
- libharfbuzz-dev,
- Clean up many parts of debian/rules, wrt variable names
- Set hardening on.
- Use gold linker.
- Disable Google Now. Creepy. Might mean downloads of opaque programs too.
- Disable Wallet service.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
--exclude.
* debian/rules: Don't use tcmalloc on armhf.
* debian/compat: Use dh version 9.
* debian/rules: Improve "cd;foo" logic.
* debian/rules: Remove files in tar-copy pipelines, to conserve space. Fixes
build failures in servers.
* debian/rules: Move check steps into install steps. No need to be separate,
and simplifies target names.
* debian/rules: Make en-us locale files less magical, and simplify install.
* debian/rules: Work around change to tar command param order with
--exclude.
* debian/rules: Don't use tcmalloc on armhf. - 1206. By Chad Miller
-
* Upstream release 51.0.2704.79:
- CVE-2016-1696: Cross-origin bypass in Extension bindings.
- CVE-2016-1697: Cross-origin bypass in Blink.
- CVE-2016-1698: Information leak in Extension bindings.
- CVE-2016-1699: Parameter sanitization failure in DevTools.
- CVE-2016-1700: Use-after-free in Extensions.
- CVE-2016-1701: Use-after-free in Autofill.
- CVE-2016-1702: Out-of-bounds read in Skia.
- CVE-2016-1703: Various fixes from internal audits, fuzzing and other
initiatives. - 1202. By Chad Miller
-
* Upstream release 51.0.2704.63:
- CVE-2016-1672: Cross-origin bypass in extension bindings.
- CVE-2016-1673: Cross-origin bypass in Blink.
- CVE-2016-1674: Cross-origin bypass in extensions.
- CVE-2016-1675: Cross-origin bypass in Blink.
- CVE-2016-1676: Cross-origin bypass in extension bindings.
- CVE-2016-1677: Type confusion in V8.
- CVE-2016-1678: Heap overflow in V8.
- CVE-2016-1679: Heap use-after-free in V8 bindings.
- CVE-2016-1680: Heap use-after-free in Skia.
- CVE-2016-1681: Heap overflow in PDFium.
- CVE-2016-1682: CSP bypass for ServiceWorker.
- CVE-2016-1683: Out-of-bounds access in libxslt.
- CVE-2016-1684: Integer overflow in libxslt.
- CVE-2016-1685: Out-of-bounds read in PDFium.
- CVE-2016-1686: Out-of-bounds read in PDFium.
- CVE-2016-1687: Information leak in extensions.
- CVE-2016-1688: Out-of-bounds read in V8.
- CVE-2016-1689: Heap buffer overflow in media.
- CVE-2016-1690: Heap use-after-free in Autofill.
- CVE-2016-1691: Heap buffer-overflow in Skia.
- CVE-2016-1692: Limited cross-origin bypass in ServiceWorker.
- CVE-2016-1693: HTTP Download of Software Removal Tool.
- CVE-2016-1694: HPKP pins removed on cache clearance.
- CVE-2016-1695: Various fixes from internal audits, fuzzing and other
initiatives. - 1201. By Chad Miller
-
* debian/
patches/ blink-platform- export- class: avoid Trusty bug where
WebKit Platform class vtable not found at link time.
* debian/apport/ chromium- browser. py: Handle case when crash and no
chromium directory exists. Still report errors in apport. - 1200. By Chad Miller
-
* Upstream release 50.0.2661.102:
- CVE-2016-1667: Same origin bypass in DOM.
- CVE-2016-1668: Same origin bypass in Blink V8 bindings.
- CVE-2016-1669: Buffer overflow in V8.
- CVE-2016-1670: Race condition in loader.
- CVE-2016-1671: Directory traversal using the file scheme on Android.
* Upstream release 50.0.2661.94:
- CVE-2016-1660: Out-of-bounds write in Blink.
- CVE-2016-1661: Memory corruption in cross-process frames.
- CVE-2016-1662: Use-after-free in extensions.
- CVE-2016-1663: Use-after-free in Blink’s V8 bindings.
- CVE-2016-1664: Address bar spoofing.
- CVE-2016-1665: Information leak in V8.
- CVE-2016-1666: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2016-1658: Potential leak of sensitive information to malicious
extensions.
- CVE-2015-1659: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: use new libsecret way of contacting keyring. - 1199. By Chad Miller
-
* Upstream release 50.0.2661.75:
- CVE-2016-1652: Universal XSS in extension bindings.
- CVE-2016-1653: Out-of-bounds write in V8.
- CVE-2016-1651: Out-of-bounds read in Pdfium JPEG2000 decoding.
- CVE-2016-1654: Uninitialized memory read in media.
- CVE-2016-1655: Use-after-free related to extensions.
- CVE-2016-1656: Android downloaded file path restriction bypass.
- CVE-2016-1657: Address bar spoofing.
- CVE-2016-1658: Potential leak of sensitive information to malicious extensions.
- CVE-2015-1659: Various fixes from internal audits, fuzzing and other initiatives.
* debian/patches/ seccomp- allow-set- robust- list: pass through syscall
set_robust_list. glibc nptl thread creation uses it. - 1198. By Chad Miller
-
* Upstream release 49.0.2623.108:
- CVE-2016-1646: Out-of-bounds read in V8.
- CVE-2016-1647: Use-after-free in Navigation.
- CVE-2016-1648: Use-after-free in Extensions.
- CVE-2016-1649: Buffer overflow in libANGLE.
- CVE-2016-1650: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.9 branch
(currently 4.9.385.33).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)