Merge lp:~itachi-san/chromium-browser/precise-working into lp:~chromium-team/chromium-browser/precise-working
- precise-working
- Merge into precise-working
Status: | Merged |
---|---|
Merged at revision: | 996 |
Proposed branch: | lp:~itachi-san/chromium-browser/precise-working |
Merge into: | lp:~chromium-team/chromium-browser/precise-working |
Diff against target: |
536 lines (+453/-7) 4 files modified
debian/changelog (+373/-0) debian/patches/series (+1/-0) debian/patches/static-libstdc++.patch (+58/-0) debian/rules (+21/-7) |
To merge this branch: | bzr merge lp:~itachi-san/chromium-browser/precise-working |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Chad Miller (community) | Approve | ||
Review via email: mp+296136@code.launchpad.net |
Commit message
Description of the change
Little changes to debian/rules and addition of a patch which allows to statically link against libstdc++ and so make Chromium working again without the backport of GCC 4.8.
- 996. By Chad Miller
-
* debian/
patches/ static- libstdc+ +.patch: allow builds on Precise to statically
link against libstdc++. This allows to use Chromium without backporting
libstdc++ or entirely GCC.
* debian/rules: some changes were done, listed below.
- add the 'setup' target which allows to fetch and unpack the official
Chromium sources easily.
- allow jobs number control by passing "parallel=N" in DEB_BUILD_OPTS.
Before it was totally ignored by ninja.
Obviously, not having DEB_BUILD_OPTS setted will make ninja choose the
jobs number.
- fix check for Precise flags.
- add flag for statically linking libstdc++.
Giovanni Santini (itachi-san) wrote : | # |
When will the package be officially released?
I mean, in Ubuntu official repositories. :)
Preview Diff
1 | === modified file 'debian/changelog' |
2 | --- debian/changelog 2016-05-26 18:30:24 +0000 |
3 | +++ debian/changelog 2016-05-31 20:03:38 +0000 |
4 | @@ -470,6 +470,18 @@ |
5 | * Fixes to the building problems had from the Security Team. |
6 | - Use "binutils-gold" also for i386, should fix the build. |
7 | - Remove "/debian/patches/gccabi", it is useless if using "mozilla-gcc". |
8 | + * debian/patches/static-libstdc++.patch: allow builds on Precise to statically |
9 | + link against libstdc++. This allows to use Chromium without backporting |
10 | + libstdc++ or entirely GCC. |
11 | + * debian/rules: some changes were done, listed below. |
12 | + - add the 'setup' target which allows to fetch and unpack the official |
13 | + Chromium sources easily. |
14 | + - allow jobs number control by passing "parallel=N" in DEB_BUILD_OPTS. |
15 | + Before it was totally ignored by ninja. |
16 | + Obviously, not having DEB_BUILD_OPTS setted will make ninja choose the |
17 | + jobs number. |
18 | + - fix check for Precise flags. |
19 | + - add flag for statically linking libstdc++. |
20 | |
21 | -- Chad MILLER <chad.miller@canonical.com> Thu, 26 May 2016 10:54:29 -0400 |
22 | |
23 | @@ -512,6 +524,367 @@ |
24 | |
25 | -- Chad MILLER <chad.miller@canonical.com> Fri, 13 May 2016 10:52:23 -0400 |
26 | |
27 | +chromium-browser (48.0.2564.116-0ubuntu1) UNRELEASED; urgency=medium |
28 | + |
29 | + [Chad Miller] |
30 | + * Upstream release 48.0.2564.116: |
31 | + - CVE-2016-1629: Same-origin bypass in Blink and Sandbox escape in Chrome. |
32 | + * Upstream release 48.0.2564.109: |
33 | + - CVE-2016-1622: Same-origin bypass in Extensions. |
34 | + - CVE-2016-1623: Same-origin bypass in DOM. |
35 | + - CVE-2016-1624: Buffer overflow in Brotli. |
36 | + - CVE-2016-1625: Navigation bypass in Chrome Instant. |
37 | + - CVE-2016-1626: Out-of-bounds read in PDFium. |
38 | + - CVE-2016-1627: Various fixes from internal audits, fuzzing and other |
39 | + initiatives. |
40 | + * Upstream release 48.0.2564.82: |
41 | + - CVE-2016-1612: Bad cast in V8. |
42 | + - CVE-2016-1613: Use-after-free in PDFium. |
43 | + - CVE-2016-1614: Information leak in Blink. |
44 | + - CVE-2016-1615: Origin confusion in Omnibox. |
45 | + - CVE-2016-1616: URL Spoofing. |
46 | + - CVE-2016-1617: History sniffing with HSTS and CSP. |
47 | + - CVE-2016-1618: Weak random number generator in Blink. |
48 | + - CVE-2016-1619: Out-of-bounds read in PDFium. |
49 | + - CVE-2016-1620: Various fixes from internal audits, fuzzing and other |
50 | + initiatives. |
51 | + - Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch |
52 | + (currently 4.8.271.17). |
53 | + * Upstream release 48.0.2564.82: |
54 | + - CVE-2016-1612: Bad cast in V8. |
55 | + - CVE-2016-1613: Use-after-free in PDFium. |
56 | + - CVE-2016-1614: Information leak in Blink. |
57 | + - CVE-2016-1615: Origin confusion in Omnibox. |
58 | + - CVE-2016-1616: URL Spoofing. |
59 | + - CVE-2016-1617: History sniffing with HSTS and CSP. |
60 | + - CVE-2016-1618: Weak random number generator in Blink. |
61 | + - CVE-2016-1619: Out-of-bounds read in PDFium. |
62 | + - CVE-2016-1620: Various fixes from internal audits, fuzzing and other |
63 | + initiatives. |
64 | + - Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch |
65 | + (currently 4.8.271.17). |
66 | + * Upstream release 47.0.2526.106: |
67 | + - CVE-2015-6792: Fixes from internal audits and fuzzing. |
68 | + * Upstream release 47.0.2526.80: |
69 | + - CVE-2015-6788: Type confusion in extensions. |
70 | + - CVE-2015-6789: Use-after-free in Blink. |
71 | + - CVE-2015-6790: Escaping issue in saved pages. |
72 | + - CVE-2015-6791: Various fixes from internal audits, fuzzing and other |
73 | + - Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch |
74 | + (currently 4.7.80.23). |
75 | + * debian/rules: Don't use bundled binutils. Remove execute bits on programs |
76 | + so we can be sure they aren't run. |
77 | + * Upstream release 47.0.2526.73: |
78 | + - CVE-2015-6765: Use-after-free in AppCache. |
79 | + - CVE-2015-6766: Use-after-free in AppCache. |
80 | + - CVE-2015-6767: Use-after-free in AppCache. |
81 | + - CVE-2015-6768: Cross-origin bypass in DOM. |
82 | + - CVE-2015-6769: Cross-origin bypass in core. |
83 | + - CVE-2015-6770: Cross-origin bypass in DOM. |
84 | + - CVE-2015-6771: Out of bounds access in v8. |
85 | + - CVE-2015-6772: Cross-origin bypass in DOM. |
86 | + - CVE-2015-6764: Out of bounds access in v8. |
87 | + - CVE-2015-6773: Out of bounds access in Skia. |
88 | + - CVE-2015-6774: Use-after-free in Extensions. |
89 | + - CVE-2015-6775: Type confusion in PDFium. |
90 | + - CVE-2015-6776: Out of bounds access in PDFium. |
91 | + - CVE-2015-6777: Use-after-free in DOM. |
92 | + - CVE-2015-6778: Out of bounds access in PDFium. |
93 | + - CVE-2015-6779: Scheme bypass in PDFium. |
94 | + - CVE-2015-6780: Use-after-free in Infobars. |
95 | + - CVE-2015-6781: Integer overflow in Sfntly. |
96 | + - CVE-2015-6782: Content spoofing in Omnibox. |
97 | + - CVE-2015-6783: Signature validation issue in Android Crazy Linker. |
98 | + - CVE-2015-6784: Escaping issue in saved pages. |
99 | + - CVE-2015-6785: Wildcard matching issue in CSP. |
100 | + - CVE-2015-6786: Scheme bypass in CSP. |
101 | + - CVE-2015-6787: Various fixes from internal audits, fuzzing and other |
102 | + initiatives. |
103 | + - Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch |
104 | + (currently 4.7.80.23). |
105 | + * /debian/patches/gccabi: Implement some new ABI the old libc doesn't have. |
106 | + * Upstream release 46.0.2490.86: |
107 | + - CVE-2015-1302: Information leak in PDF viewer. |
108 | + * Upstream release 46.0.2490.71: |
109 | + - CVE-2015-6755: Cross-origin bypass in Blink. |
110 | + - CVE-2015-6756: Use-after-free in PDFium. |
111 | + - CVE-2015-6757: Use-after-free in ServiceWorker. |
112 | + - CVE-2015-6758: Bad-cast in PDFium. |
113 | + - CVE-2015-6759: Information leakage in LocalStorage. |
114 | + - CVE-2015-6760: Improper error handling in libANGLE. |
115 | + - CVE-2015-6761: Memory corruption in FFMpeg. |
116 | + - CVE-2015-6762: CORS bypass via CSS fonts. |
117 | + - CVE-2015-6763: Various fixes from internal audits, fuzzing and other |
118 | + initiatives. |
119 | + * debian/rules: Explicitly create remoting resources. |
120 | + * debian/patches/cr46-missing-test-files: |
121 | + * debian/rules: support screen sharing in Hangouts. |
122 | + * debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer |
123 | + local xdg-settings. |
124 | + * debian/chromium-browser.desktop: Don't override WM class matching. |
125 | + * Upstream release 45.0.2454.101: |
126 | + - CVE-2015-1303: Cross-origin bypass in DOM. |
127 | + - CVE-2015-1304: Cross-origin bypass in V8. |
128 | + * debian/tests/testdata/xx-test-tool-is-functional-if-this-prints-functional.sikuli |
129 | + Only use GUI test tool to test IF it works on its own. If it is broken, |
130 | + don't use that to test chromium. |
131 | + * debian/rules: Include our own "xdg-settings" file until a bug is fixed. |
132 | + * debian/patches/xdg-settings-multiexec-desktopfiles.patch : Locally fix |
133 | + aforementioned bug. More than one Exec line in a destop file (like ours) |
134 | + triggers a bug in badly-written shell code in portland xdg-utils-common.in |
135 | + * Upstream release 45.0.2454.85: |
136 | + - CVE-2015-1291: Cross-origin bypass in DOM. |
137 | + - CVE-2015-1292: Cross-origin bypass in ServiceWorker. |
138 | + - CVE-2015-1293: Cross-origin bypass in DOM. |
139 | + - CVE-2015-1294: Use-after-free in Skia. |
140 | + - CVE-2015-1295: Use-after-free in Printing. |
141 | + - CVE-2015-1296: Character spoofing in omnibox. |
142 | + - CVE-2015-1297: Permission scoping error in WebRequest. |
143 | + - CVE-2015-1298: URL validation error in extensions. |
144 | + - CVE-2015-1299: Use-after-free in Blink. |
145 | + - CVE-2015-1300: Information leak in Blink. |
146 | + - CVE-2015-1301: Various fixes from internal audits, fuzzing and other |
147 | + initiatives. |
148 | + * debian/patches/search-credit.patch: Don't add GET param if search URL |
149 | + doesn't already use them. (LP: #1490237) |
150 | + * debian/source/lintian-overrides: Ignore new binaries in orig tar. |
151 | + * debian/patches/gpu_default_disabled: No longer disable GPU rendering by |
152 | + default. |
153 | + * debian/patches/disable-sse2: SSE exclusion is smarter now. Re-include. |
154 | + * Upstream release 44.0.2403.89: (LP: #1477662) |
155 | + - CVE-2015-1271: Heap-buffer-overflow in pdfium. |
156 | + - CVE-2015-1273: Heap-buffer-overflow in pdfium. |
157 | + - CVE-2015-1274: Settings allowed executable files to run immediately |
158 | + after download. |
159 | + - CVE-2015-1275: UXSS in Chrome for Android. |
160 | + - CVE-2015-1276: Use-after-free in IndexedDB. |
161 | + - CVE-2015-1279: Heap-buffer-overflow in pdfium. |
162 | + - CVE-2015-1280: Memory corruption in skia. |
163 | + - CVE-2015-1281: CSP bypass. |
164 | + - CVE-2015-1282: Use-after-free in pdfium. |
165 | + - CVE-2015-1283: Heap-buffer-overflow in expat. |
166 | + - CVE-2015-1284: Use-after-free in blink. |
167 | + - CVE-2015-1286: UXSS in blink. |
168 | + - CVE-2015-1287: SOP bypass with CSS. |
169 | + - CVE-2015-1270: Uninitialized memory read in ICU. |
170 | + - CVE-2015-1272: Use-after-free related to unexpected GPU process |
171 | + termination. |
172 | + - CVE-2015-1277: Use-after-free in accessibility. |
173 | + - CVE-2015-1278: URL spoofing using pdf files. |
174 | + - CVE-2015-1285: Information leak in XSS auditor. |
175 | + - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. |
176 | + - CVE-2015-1289: Various fixes from internal audits, fuzzing and other |
177 | + initiatives. |
178 | + * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a |
179 | + first-class component library now, not a special snowflake. Still, build |
180 | + it differently, but build flags are different. |
181 | + * debian/tests/smoketest-actual: Remove some innocuous mentions of "error" |
182 | + before testing for actual errors. |
183 | + * debian/control: codec library packages replace the libffmpeg.so that |
184 | + was in chromium packages before now. |
185 | + * debian/control: codec packages can't reasonably be updated separately |
186 | + than chromium. Depend with version specification also. |
187 | + * Upstream release 43.0.2357.130: |
188 | + - CVE-2015-1266: Scheme validation error in WebUI. |
189 | + - CVE-2015-1268: Cross-origin bypass in Blink. |
190 | + - CVE-2015-1267: Cross-origin bypass in Blink. |
191 | + - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. |
192 | + * debian/tests/smoketest-actual: Capture web-server log so we can |
193 | + get port and test retreival. Fixes autopkgtest failures. |
194 | + * debian/patches/widevine-other-locations: Search Chrome install |
195 | + location to find widevine plugins. |
196 | + * Use new Flash plugin name in apport collector. |
197 | + * debian/patches/gpu_default_disabled: Make GPU activation a (default off) |
198 | + preference instead of blacklisting. |
199 | + * Upstream release 43.0.2357.81. |
200 | + - "Icons not displaying properly on Linux" (LP: #1449063) |
201 | + * Upstream release 43.0.2357.65: |
202 | + - CVE-2015-1252: Sandbox escape in Chrome. |
203 | + - CVE-2015-1253: Cross-origin bypass in DOM. |
204 | + - CVE-2015-1254: Cross-origin bypass in Editing. |
205 | + - CVE-2015-1255: Use-after-free in WebAudio. |
206 | + - CVE-2015-1256: Use-after-free in SVG. |
207 | + - CVE-2015-1251: Use-after-free in Speech. |
208 | + - CVE-2015-1257: Container-overflow in SVG. |
209 | + - CVE-2015-1258: Negative-size parameter in Libvpx. |
210 | + - CVE-2015-1259: Uninitialized value in PDFium. |
211 | + - CVE-2015-1260: Use-after-free in WebRTC. |
212 | + - CVE-2015-1261: URL bar spoofing. |
213 | + - CVE-2015-1262: Uninitialized value in Blink. |
214 | + - CVE-2015-1263: Insecure download of spellcheck dictionary. |
215 | + - CVE-2015-1264: Cross-site scripting in bookmarks. |
216 | + - CVE-2015-1265: Various fixes from internal audits, fuzzing and other |
217 | + initiatives. |
218 | + - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch |
219 | + (currently 4.3.61.21). |
220 | + * debian/patches/display-scaling-report-hardware-info: removed, unnecessary. |
221 | + * debian/patches/coordinate-space-map: removed, unnecessary. |
222 | + * debian/chromium-browser.sh.in: Add --verbose to get logging info. |
223 | + * Upstream release 42.0.2311.135: |
224 | + - CVE-2015-1243: Use-after-free in DOM. |
225 | + - CVE-2015-1250: Various fixes from internal audits, fuzzing and other |
226 | + initiatives. |
227 | + * Upstream release 42.0.2311.90: |
228 | + - CVE-2015-1235: Cross-origin-bypass in HTML parser. |
229 | + - CVE-2015-1236: Cross-origin-bypass in Blink. |
230 | + - CVE-2015-1237: Use-after-free in IPC. |
231 | + - CVE-2015-1238: Out-of-bounds write in Skia. |
232 | + - CVE-2015-1240: Out-of-bounds read in WebGL. |
233 | + - CVE-2015-1241: Tap-Jacking. |
234 | + - CVE-2015-1242: Type confusion in V8. |
235 | + - CVE-2015-1244: HSTS bypass in WebSockets. |
236 | + - CVE-2015-1245: Use-after-free in PDFium. |
237 | + - CVE-2015-1247: Scheme issues in OpenSearch. |
238 | + - CVE-2015-1248: SafeBrowsing bypass. |
239 | + * Upstream release 41.0.2272.118: |
240 | + - CVE-2015-1233: A special thanks to Anonymous for a combination of V8, |
241 | + Gamepad and IPC bugs that can lead to remote code execution outside of |
242 | + the sandbox. |
243 | + - CVE-2015-1234: Buffer overflow via race condition in GPU. |
244 | + * Change assumed X-resource DPI from 108 to 96. That's closer to 100. |
245 | + * Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val |
246 | + nonzero on failure. |
247 | + * debian/generate-snappy.mk, debian/rules: Start to generate snap packages |
248 | + if available. |
249 | + * debian/chromium-browser.sh.in: Test for /etc/ dir before listing it. |
250 | + * debian/chromium-browser.sh.in, |
251 | + debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users |
252 | + to update flash player. |
253 | + * debian/chromium-browser-etc-customizations-flash-staleness: Pass only one |
254 | + flash-player start param to chromium. Prefer the new one. |
255 | + * debian/patches/arm-neon.patch: exclude new armv7=neon assumptions. |
256 | + * debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all |
257 | + contribute to the largest crash report in errors.ubuntu.com. Let's disable |
258 | + GPUs for now. |
259 | + * debian/chromium-browser.sh.in: Presence of old Flash is not a reason |
260 | + to suggest new plugin. If new plugin exists, be silent. Do not rely on |
261 | + new plugin to Conflicts and remove all the old bad ones. |
262 | + * debian/patches/enable_vaapi_on_linux.diff: Enable video acceleration |
263 | + library. |
264 | + * debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until |
265 | + ARM works. |
266 | + * debian/patches/fix_building_widevinecdm_with_chromium.patch: If |
267 | + exterior-sourced widevine library exists at run-time, use it. |
268 | + * debian/control, debian/chromium-browser.sh.in: Prompt nothing about |
269 | + Flash plugin. Send Help clicks to Wiki instead. |
270 | + * Upstream release 41.0.2272.76: |
271 | + - CVE-2015-1212: Out-of-bounds write in media. |
272 | + - CVE-2015-1213: Out-of-bounds write in skia filters. |
273 | + - CVE-2015-1214: Out-of-bounds write in skia filters. |
274 | + - CVE-2015-1215: Out-of-bounds write in skia filters. |
275 | + - CVE-2015-1216: Use-after-free in v8 bindings. |
276 | + - CVE-2015-1217: Type confusion in v8 bindings. |
277 | + - CVE-2015-1218: Use-after-free in dom. |
278 | + - CVE-2015-1219: Integer overflow in webgl. |
279 | + - CVE-2015-1220: Use-after-free in gif decoder. |
280 | + - CVE-2015-1221: Use-after-free in web databases. |
281 | + - CVE-2015-1222: Use-after-free in service workers. |
282 | + - CVE-2015-1223: Use-after-free in dom. |
283 | + - CVE-2015-1230: Type confusion in v8. |
284 | + - CVE-2015-1224: Out-of-bounds read in vpxdecoder. |
285 | + - CVE-2015-1225: Out-of-bounds read in pdfium. |
286 | + - CVE-2015-1226: Validation issue in debugger. |
287 | + - CVE-2015-1227: Uninitialized value in blink. |
288 | + - CVE-2015-1228: Uninitialized value in rendering. |
289 | + - CVE-2015-1229: Cookie injection via proxies. |
290 | + - CVE-2015-1231: Various fixes from internal audits, fuzzing and other |
291 | + initiatives. |
292 | + * Upstream release 40.0.2214.115. |
293 | + * Upstream release 40.0.2214.111: |
294 | + - CVE-2015-1209: Use-after-free in DOM. |
295 | + - CVE-2015-1210: Cross-origin-bypass in V8 bindings. |
296 | + - CVE-2015-1211: Privilege escalation using service workers. |
297 | + - CVE-2015-1212: Various fixes from internal audits, fuzzing and other |
298 | + initiatives. |
299 | + * debian/apport/chromium-browser.py: Simplify. Use more standard functions |
300 | + from apport utility. Add CPU usage information. Add bargraph of "running" |
301 | + processes, so bugpatterns can sort away busy machines, and then classify |
302 | + remainder according to procline "gpu-vendor=id" param. |
303 | + * debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the |
304 | + GPU is really hung, the extra time matters little. It's probably not |
305 | + recoverable. Reviews of apport reports find no common thread among GPUs |
306 | + vendors. Notes at crbug.com/221882 suggest busy CPUs could trigger hang. |
307 | + Will additionally use apport bugpatterns to comb dmesg for actual crashes |
308 | + and route to specific GPU-driver bugs. |
309 | + * Upstream release 40.0.2214.94. |
310 | + * Upstream release 40.0.2214.93. |
311 | + * Upstream release 40.0.2214.91. (LP: #1414753) |
312 | + - CVE-2014-7923: Memory corruption in ICU. |
313 | + - CVE-2014-7924: Use-after-free in IndexedDB. |
314 | + - CVE-2014-7925: Use-after-free in WebAudio. |
315 | + - CVE-2014-7926: Memory corruption in ICU. |
316 | + - CVE-2014-7927: Memory corruption in V8. |
317 | + - CVE-2014-7928: Memory corruption in V8. |
318 | + - CVE-2014-7930: Use-after-free in DOM. |
319 | + - CVE-2014-7931: Memory corruption in V8. |
320 | + - CVE-2014-7929: Use-after-free in DOM. |
321 | + - CVE-2014-7932: Use-after-free in DOM. |
322 | + - CVE-2014-7933: Use-after-free in FFmpeg. |
323 | + - CVE-2014-7934: Use-after-free in DOM. |
324 | + - CVE-2014-7935: Use-after-free in Speech. |
325 | + - CVE-2014-7936: Use-after-free in Views. |
326 | + - CVE-2014-7937: Use-after-free in FFmpeg. |
327 | + - CVE-2014-7938: Memory corruption in Fonts. |
328 | + - CVE-2014-7939: Same-origin-bypass in V8. |
329 | + - CVE-2014-7940: Uninitialized-value in ICU. |
330 | + - CVE-2014-7941: Out-of-bounds read in UI. |
331 | + - CVE-2014-7942: Uninitialized-value in Fonts. |
332 | + - CVE-2014-7943: Out-of-bounds read in Skia. |
333 | + - CVE-2014-7944: Out-of-bounds read in PDFium. |
334 | + - CVE-2014-7945: Out-of-bounds read in PDFium. |
335 | + - CVE-2014-7946: Out-of-bounds read in Fonts. |
336 | + - CVE-2014-7947: Out-of-bounds read in PDFium. |
337 | + - CVE-2014-7948: Caching error in AppCache. |
338 | + * debian/patch/search-credit: Don't force client in GOOG suggestions search. |
339 | + (LP: #1398900) |
340 | + * debian/patches/dri3-within-sandbox: Backport V41 sandbox, fixing DRI3. |
341 | + (LP: #1378627) |
342 | + * debian/patches/macro-templates-not-match: Remove. No longer necessary. |
343 | + * debian/patches/arm-neon.patch: Kill armv7=neon assumption. Fix typos. |
344 | + * debian/rules: chrpath for all packages. (LP: #1415555) |
345 | + * Upstream release 39.0.2171.65: |
346 | + - CVE-2014-7899: Address bar spoofing. |
347 | + - CVE-2014-7900: Use-after-free in pdfium. |
348 | + - CVE-2014-7901: Integer overflow in pdfium. |
349 | + - CVE-2014-7902: Use-after-free in pdfium. |
350 | + - CVE-2014-7903: Buffer overflow in pdfium. |
351 | + - CVE-2014-7904: Buffer overflow in Skia. |
352 | + - CVE-2014-7905: Flaw allowing navigation to intents that do not have the |
353 | + BROWSABLE category. |
354 | + - CVE-2014-7906: Use-after-free in pepper plugins. |
355 | + - CVE-2014-0574: Double-free in Flash. |
356 | + - CVE-2014-7907: Use-after-free in blink. |
357 | + - CVE-2014-7908: Integer overflow in media. |
358 | + - CVE-2014-7909: Uninitialized memory read in Skia. |
359 | + - CVE-2014-7910: Various fixes from internal audits, fuzzing and other |
360 | + initiatives. |
361 | + * debian/patches/search-credit.patch: Include "client" in google search |
362 | + prepopulated template's parameters. |
363 | + * debian/tests/testdata/9-search-credit.sikuli: Verify search URL has |
364 | + parameter. |
365 | + * debian/source/lintian-overrides: Ignore android tools we don't use. |
366 | + * debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we |
367 | + configure to have no symbols in builder (because they are humongous |
368 | + otherwise). |
369 | + * debian/control: Bump standards version. Version dep "bash". Remove |
370 | + duplicate language from package descriptions. |
371 | + * debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test |
372 | + for dead NPAPI unity-webapps extension. |
373 | + * debian/rules, debian/control: Use backported GCC that supports c++11. |
374 | + * debian/patches/ld-memory-32bit.patch: Keep. We still need on precise. |
375 | + [Iain Lane] |
376 | + * Test fixes. |
377 | + * debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11 |
378 | + which are required by the testsuite. |
379 | + * debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so |
380 | + that the test can read these. |
381 | + [Giovanni Santini <giovannisantini93@yahoo.it>] |
382 | + * Fixes to the building problems had from the Security Team. |
383 | + - Use "binutils-gold" also for i386, should fix the build. |
384 | + - Remove "/debian/patches/gccabi", it is useless if using "mozilla-gcc". |
385 | + |
386 | + -- Chad MILLER <chad.miller@canonical.com> Wed, 17 Feb 2016 16:36:30 -0500 |
387 | + |
388 | chromium-browser (47.0.2526.73-0ubuntu0.14.04.1.1106) trusty-security; urgency=medium |
389 | |
390 | * Upstream release 47.0.2526.73: |
391 | |
392 | === modified file 'debian/patches/series' |
393 | --- debian/patches/series 2016-05-26 18:30:24 +0000 |
394 | +++ debian/patches/series 2016-05-31 20:03:38 +0000 |
395 | @@ -25,3 +25,4 @@ |
396 | cr46-missing-test-files |
397 | #gccabi |
398 | seccomp-allow-set-robust-list |
399 | +static-libstdc++.patch |
400 | |
401 | === added file 'debian/patches/static-libstdc++.patch' |
402 | --- debian/patches/static-libstdc++.patch 1970-01-01 00:00:00 +0000 |
403 | +++ debian/patches/static-libstdc++.patch 2016-05-31 20:03:38 +0000 |
404 | @@ -0,0 +1,58 @@ |
405 | +Attempt of linking against libstdc++ in order to avoid dependencies on GCC |
406 | +libraries not present on older systems. |
407 | +Author: Giovanni 'ItachiSan' Santini <giovannisantini93@yahoo.it> |
408 | +--- a/build/common.gypi |
409 | ++++ b/build/common.gypi |
410 | +@@ -3766,6 +3766,10 @@ |
411 | + # TODO(bradnelson): reexamine how this is done if we change the |
412 | + # expansion of configurations |
413 | + 'release_valgrind_build%': 0, |
414 | ++ |
415 | ++ # Allow to statically link to the Standard C++ library, in order |
416 | ++ # to support older systems which ships an old version of it. |
417 | ++ 'static_libstdc%': 0, |
418 | + }, |
419 | + 'cflags': [ |
420 | + '-O<(release_optimize)', |
421 | +@@ -3835,6 +3839,16 @@ |
422 | + '-Wl,--no-as-needed', |
423 | + ], |
424 | + }], |
425 | ++ # Allow to statically link against libstdc++, for operating systems |
426 | ++ # which have lower versions of GCC (such as Ubuntu Precise). |
427 | ++ # Here it would propagate to almost all the build elements. |
428 | ++ # Be careful. |
429 | ++ ['OS=="linux" and static_libstdc==1', { |
430 | ++ 'ldflags': [ |
431 | ++ # We want to statically link libstdc++/libgcc. |
432 | ++ '-static-libstdc++', |
433 | ++ ], |
434 | ++ }], |
435 | + ], |
436 | + }, |
437 | + }, |
438 | +--- a/chrome/chrome_exe.gypi |
439 | ++++ b/chrome/chrome_exe.gypi |
440 | +@@ -56,6 +56,9 @@ |
441 | + 'variables': { |
442 | + 'use_system_xdg_utils%': 0, |
443 | + 'enable_wexit_time_destructors': 1, |
444 | ++ # Allow to statically link to the Standard C++ library, in order |
445 | ++ # to support older systems which ships an old version of it. |
446 | ++ #'static_libstdc%': 0, |
447 | + }, |
448 | + 'sources': [ |
449 | + # Note that due to InitializeSandboxInfo, this must be directly linked |
450 | +@@ -187,6 +190,12 @@ |
451 | + '../pdf/pdf.gyp:pdf', |
452 | + ], |
453 | + }], |
454 | ++ #['OS=="linux" and static_libstdc==1', { |
455 | ++ # 'ldflags': [ |
456 | ++ # # We want to statically link libstdc++/libgcc. |
457 | ++ # '-static-libstdc++', |
458 | ++ # ], |
459 | ++ #}], |
460 | + ], |
461 | + 'sources': [ |
462 | + 'app/chrome_dll_resource.h', |
463 | |
464 | === modified file 'debian/rules' |
465 | --- debian/rules 2016-05-26 16:36:45 +0000 |
466 | +++ debian/rules 2016-05-31 20:03:38 +0000 |
467 | @@ -213,10 +213,18 @@ |
468 | FFMPEG_EXTRA_GYP_DEFINES = ffmpeg_branding=Chrome |
469 | |
470 | # Precise doesn't set some settings. |
471 | -ifeq (,$(filter 12.04%,$(UBUNTU_DIST))) |
472 | +ifneq (,$(filter 12.04%,$(UBUNTU_DIST))) |
473 | # controlling the use of GConf (the classic GNOME configuration |
474 | # and GIO, which contains GSettings (the new GNOME config system) |
475 | GYP_DEFINES += use_gconf=1 use_gio=1 |
476 | +# Statically link Chromium to libstdc++ |
477 | +GYP_DEFINES += static_libstdc=1 |
478 | +endif |
479 | + |
480 | +# Set up jobs number with "parallel=N". |
481 | +# If unsetted, |
482 | +ifneq (,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) |
483 | + JOBS = -j$(patsubst parallel=%,%,$(filter parallel=%,$(DEB_BUILD_OPTIONS))) |
484 | endif |
485 | |
486 | # Build chrome and chrome_sandbox, and chromedriver |
487 | @@ -257,15 +265,18 @@ |
488 | @set -eux |
489 | wget --continue --progress=dot:giga $(URL) |
490 | diff -u <(wget -O - -q $(SUMURL); echo) <(for crypto in md5 sha1 sha224 sha256 sha384 sha512; do echo -n "$$crypto "; $${crypto}sum 'chromium-$(ORIG_VERSION).tar.xz'; done) |
491 | - mv "chromium-$(ORIG_VERSION).tar.xz" "$(DEST_FILENAME)" |
492 | + mv "chromium-$(ORIG_VERSION).tar.xz" "../$(DEST_FILENAME)" |
493 | |
494 | # Debian Policy ยง4.9 |
495 | get-orig-source: |
496 | @set -eux |
497 | - test "$(ORIG_VERSION)" || { echo "Set ORIG_VERSION" to use this rule.; exit 1; } |
498 | - ORIG_VERSION=$(ORIG_VERSION) $(MAKE) get-packaged-orig-source |
499 | - |
500 | - |
501 | + #test "$(ORIG_VERSION)" || { echo "Set ORIG_VERSION" to use this rule.; exit 1; } |
502 | + ORIG_VERSION=$(DEBIAN_UPSTREAM_VERSION) $(MAKE) -f debian/rules get-packaged-orig-source |
503 | + |
504 | +# Setup build when we have only the debian folder |
505 | +setup: get-orig-source |
506 | + @echo Unpacking stuff... |
507 | + tar xf "../chromium-browser_$(DEBIAN_UPSTREAM_VERSION).orig.tar.xz" -C . --strip-components 1 |
508 | |
509 | ### Below here, rules that support those above required ones. "override_dh_"* |
510 | ### are of course DH customizations. |
511 | @@ -394,7 +405,8 @@ |
512 | |
513 | dh_listpackages -a |grep -v -- -dbg |while read pkg; do dh_strip --package=$$pkg --dbg-package=$${pkg}-dbg; done |
514 | |
515 | -local-install-indep: debian/appstream.yaml |
516 | +#local-install-indep: debian/appstream.yaml |
517 | +local-install-indep: |
518 | @set -eux |
519 | dh_install -i |
520 | install --directory debian/chromium-browser/etc/chromium-browser/customizations |
521 | @@ -438,6 +450,7 @@ |
522 | # This is really configure+build in one step. b depends on c. |
523 | build-stamp: GYP_ENV = GYP_GENERATORS=ninja |
524 | build-stamp: GYP_ENV += GYP_DEFINES="$(GYP_DEFINES) $(BROWSER_GYP_DEFINES)" |
525 | +build-stamp: BUILD_ARGS += $(JOBS) |
526 | build-stamp: debian/chromium-browser.sh |
527 | @set -eux |
528 | test ! -e $(SRC_DIR)/out/$(BUILD_TYPE) |
529 | @@ -455,6 +468,7 @@ |
530 | build-stamp-ffmpeg-%: GYP_DEFINES += $(FFMPEG_EXTRA_GYP_DEFINES) $(FFMPEG_GYP_DEFINES) |
531 | build-stamp-ffmpeg-%: GYP_ENV = GYP_GENERATORS=ninja |
532 | build-stamp-ffmpeg-%: GYP_ENV += GYP_DEFINES="$(GYP_DEFINES)" |
533 | +build-stamp-ffmpeg-%: BUILD_ARGS += $(JOBS) |
534 | build-stamp-ffmpeg-%: TARGET := lib/libffmpeg.so |
535 | build-stamp-ffmpeg-%: |
536 | @set -eux |
Looks great!