lp:~pali/chromium-browser/precise-working

Created by Pali on 2015-09-28 and last modified on 2015-09-28
Get this branch:
bzr branch lp:~pali/chromium-browser/precise-working
Only Pali can upload to this branch. If you are Pali please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Pali
Project:
Chromium Browser
Status:
Development

Recent revisions

980. By Pali on 2015-09-28

Disable patch ld-memory-32bit.patch

979. By Pali on 2015-09-28

Fix patch ld-memory-32bit.patch

978. By Pali on 2015-09-28

* Upstream release 45.0.2454.85

977. By Pali on 2015-09-28

Fix gcc ABI for precise

976. By Chad Miller on 2015-07-28

* debian/control: codec library packages replace the libffmpeg.so that
  was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
  than chromium. Depend with version specification also.

975. By Chad Miller on 2015-07-28

Re-add accidentally deleted lib copy line.

974. By Chad Miller on 2015-07-28

* Upstream release 44.0.2403.89: (LP: #1477662)
  - CVE-2015-1271: Heap-buffer-overflow in pdfium.
  - CVE-2015-1273: Heap-buffer-overflow in pdfium.
  - CVE-2015-1274: Settings allowed executable files to run immediately
    after download.
  - CVE-2015-1275: UXSS in Chrome for Android.
  - CVE-2015-1276: Use-after-free in IndexedDB.
  - CVE-2015-1279: Heap-buffer-overflow in pdfium.
  - CVE-2015-1280: Memory corruption in skia.
  - CVE-2015-1281: CSP bypass.
  - CVE-2015-1282: Use-after-free in pdfium.
  - CVE-2015-1283: Heap-buffer-overflow in expat.
  - CVE-2015-1284: Use-after-free in blink.
  - CVE-2015-1286: UXSS in blink.
  - CVE-2015-1287: SOP bypass with CSS.
  - CVE-2015-1270: Uninitialized memory read in ICU.
  - CVE-2015-1272: Use-after-free related to unexpected GPU process
    termination.
  - CVE-2015-1277: Use-after-free in accessibility.
  - CVE-2015-1278: URL spoofing using pdf files.
  - CVE-2015-1285: Information leak in XSS auditor.
  - CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
  - CVE-2015-1289: Various fixes from internal audits, fuzzing and other
    initiatives.
* debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
  first-class component library now, not a special snowflake. Still, build
  it differently, but build flags are different.
* debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
  before testing for actual errors.
[Chad Miller]
* Upstream release 43.0.2357.130:
  - CVE-2015-1266: Scheme validation error in WebUI.
  - CVE-2015-1268: Cross-origin bypass in Blink.
  - CVE-2015-1267: Cross-origin bypass in Blink.
  - CVE-2015-1269: Normalization error in HSTS/HPKP preload list.
* debian/tests/smoketest-actual: Capture web-server log so we can
  get port and test retreival. Fixes autopkgtest failures.
* debian/patches/widevine-other-locations: Search Chrome install
  location to find widevine plugins.
* Use new Flash plugin name in apport collector.
* debian/patches/gpu_default_disabled: Make GPU activation a (default off)
  preference instead of blacklisting.
[Iain Lane]
* Test fixes.
* debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11
  which are required by the testsuite.
* debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so
  that the test can read these.

973. By Chad Miller on 2015-07-01

Add Webkit linking to be smarter for bit-starved machines.

972. By Chad Miller on 2015-06-30

Replace patch name.

971. By Chad Miller on 2015-06-30

[Chad Miller]
* Upstream release 43.0.2357.130:
  - CVE-2015-1266: Scheme validation error in WebUI.
  - CVE-2015-1268: Cross-origin bypass in Blink.
  - CVE-2015-1267: Cross-origin bypass in Blink.
  - CVE-2015-1269: Normalization error in HSTS/HPKP preload list.
* debian/tests/smoketest-actual: Capture web-server log so we can
  get port and test retreival. Fixes autopkgtest failures.
* debian/patches/widevine-other-locations: Search Chrome install
  location to find widevine plugins.
* Use new Flash plugin name in apport collector.
* debian/patches/gpu_default_disabled: Make GPU activation a (default off)
  preference instead of blacklisting.
[Iain Lane]
* Test fixes.
* debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11
  which are required by the testsuite.
* debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so
  that the test can read these.
* Upstream release 43.0.2357.81.
  - "Icons not displaying properly on Linux" (LP: #1449063)
* Upstream release 43.0.2357.65:
  - CVE-2015-1252: Sandbox escape in Chrome.
  - CVE-2015-1253: Cross-origin bypass in DOM.
  - CVE-2015-1254: Cross-origin bypass in Editing.
  - CVE-2015-1255: Use-after-free in WebAudio.
  - CVE-2015-1256: Use-after-free in SVG.
  - CVE-2015-1251: Use-after-free in Speech.
  - CVE-2015-1257: Container-overflow in SVG.
  - CVE-2015-1258: Negative-size parameter in Libvpx.
  - CVE-2015-1259: Uninitialized value in PDFium.
  - CVE-2015-1260: Use-after-free in WebRTC.
  - CVE-2015-1261: URL bar spoofing.
  - CVE-2015-1262: Uninitialized value in Blink.
  - CVE-2015-1263: Insecure download of spellcheck dictionary.
  - CVE-2015-1264: Cross-site scripting in bookmarks.
  - CVE-2015-1265: Various fixes from internal audits, fuzzing and other
    initiatives.
  - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
    (currently 4.3.61.21).
* debian/patches/display-scaling-report-hardware-info: removed, unnecessary.
* debian/patches/coordinate-space-map: removed, unnecessary.
* debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until
  ARM works.
* debian/chromium-browser.sh.in: Add --verbose to get logging info.
* debian/patches/{notifications-nicer,mir-support}: disable unnecessary
  patches.
* debian/control, debian/chromium-browser.sh.in: Prompt nothing about
  Flash plugin. Send Help clicks to Wiki instead.
* Upstream release 42.0.2311.135:
  - CVE-2015-1243: Use-after-free in DOM.
  - CVE-2015-1250: Various fixes from internal audits, fuzzing and other
    initiatives.
* Upstream release 42.0.2311.90:
  - CVE-2015-1235: Cross-origin-bypass in HTML parser.
  - CVE-2015-1236: Cross-origin-bypass in Blink.
  - CVE-2015-1237: Use-after-free in IPC.
  - CVE-2015-1238: Out-of-bounds write in Skia.
  - CVE-2015-1240: Out-of-bounds read in WebGL.
  - CVE-2015-1241: Tap-Jacking.
  - CVE-2015-1242: Type confusion in V8.
  - CVE-2015-1244: HSTS bypass in WebSockets.
  - CVE-2015-1245: Use-after-free in PDFium.
  - CVE-2015-1247: Scheme issues in OpenSearch.
  - CVE-2015-1248: SafeBrowsing bypass.
* Upstream release 41.0.2272.118:
  - CVE-2015-1233: A special thanks to Anonymous for a combination of V8,
    Gamepad and IPC bugs that can lead to remote code execution outside of
    the sandbox.
  - CVE-2015-1234: Buffer overflow via race condition in GPU.
* Change assumed X-resource DPI from 108 to 96. That's closer to 100.
* Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val
  nonzero on failure.
* debian/generate-snappy.mk, debian/rules: Start to generate snap packages
  if available.
* debian/chromium-browser.sh.in: Test for /etc/ dir before listing it.
* debian/chromium-browser.sh.in,
  debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users
  to update flash player.
* debian/chromium-browser-etc-customizations-flash-staleness: Pass only one
  flash-player start param to chromium. Prefer the new one.
* debian/patches/arm-neon.patch: exclude new armv7=neon assumptions.
* debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all
  contribute to the largest crash report in errors.ubuntu.com. Let's disable
  GPUs for now.
* debian/chromium-browser.sh.in: Presence of old Flash is not a reason
  to suggest new plugin. If new plugin exists, be silent. Do not rely on
  new plugin to Conflicts and remove all the old bad ones.
* debian/patches/enable_vaapi_on_linux.diff: Enable video acceleration
  library.
* debian/patches/fix_building_widevinecdm_with_chromium.patch: If
  exterior-sourced widevine library exists at run-time, use it.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
This branch contains Public information 
Everyone can see this information.

Subscribers