Created by James Westby on 2010-05-01 and last modified on 2011-05-23
Get this branch:
bzr branch lp:ubuntu/maverick/chromium-browser
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

26. By Fabien Tassin on 2010-09-29

* Fix the default browser selection on KDE4 by bringing in a fresher
  xdg-mime (See http://crbug.com/18106) and ship it in the main deb
  - add debian/patches/xdg-utils-update.patch
  - update debian/chromium-browser.install
* Set CHROME_DESKTOP in the wrapper to help the default browser
  checker (LP: #513133)
  - update debian/chromium-browser.sh.in

25. By Fabien Tassin on 2010-09-24

* New upstream release from the Stable Channel
* Set CHROME_WRAPPER to the real name of the wrapper now that upstream
  use its value
  - update debian/chromium-browser.sh.in
* Add some apport hooks adding useful information to the bugs
  - add debian/apport/chromium-browser.py
  - update debian/chromium-browser.install
* Update the Desktop translations for ast/ca/pt_BR
  - update debian/chromium-browser.desktop

24. By Fabien Tassin on 2010-09-17

* New upstream release from the Stable Channel (LP: #641699)
  This release fixes the following security issues:
  - [55114] High, Bad cast with malformed SVG. Credit to wushi of team 509.
  - [55119] Critical, Buffer mismanagement in the SPDY protocol. Credit to
    Mike Belshe of the Chromium development community.
  - [55350] High, Cross-origin property pollution. Credit to Stefano Di Paola
    of MindedSecurity.
* Add some translations for the "Name" field in the desktop file, and fix
  some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
  See https://wiki.ubuntu.com/Translations/Wanted/ChromiumDesktop to
  contribute more translations (LP: #631670)

23. By Fabien Tassin on 2010-09-15

* New upstream release from the Stable Channel (LP: #638736)
  This release fixes the following security issues:
  - [50250] High, Use-after-free when using document APIs during parse.
    Credit to David Weston of Microsoft + Microsoft Vulnerability Research
    (MSVR) and wushi of team 509 (independent discoveries).
  - [50712] High, Use-after-free in SVG styles. Credit to kuzzcc.
  - [51252] High, Use-after-free with nested SVG elements. Credit to kuzzcc.
  - [51709] Low, Possible browser assert in cursor handling. Credit to
  - [51919] High, Race condition in console handling. Credit to kuzzcc.
  - [53176] Low, Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
  - [53394] High, Memory corruption in Geolocation. Credit to kuzzcc.
  - [53930] High, Memory corruption in Khmer handling. Credit to Google
    Chrome Security Team (Chris Evans).
  - [54006] Low, Failure to prompt for extension history access. Credit to
* Don't build with PIE on armel for now, it fails to link.
  - update debian/rules

22. By Fabien Tassin on 2010-09-08

* New upstream release from the Stable Channel (LP: #635949)
  This release fixes the following issues/regressions:
  - [51727] [52940] Failures when using autocomplete
  - [10913] Default search engine settings wiped out
  - [1906] Shift reload not working
* Build with the Hardening Wrapper (to gain PIE), adding another layer of
  protection (See https://wiki.ubuntu.com/Security/HardeningWrapper)
  - update debian/control
  - update debian/rules
* On Armel, when checking for armv7, also test for Maverick version
  - update debian/rules

21. By Fabien Tassin on 2010-09-02

* New upstream release from the Stable Channel (LP: #628924)
  This release fixes the following security issues:
  - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
    Google Chrome Security Team (Inferno) and “ironfist99”.
  - [37201] Medium, URL bar visual spoofing with homographic sequences.
    Credit to Chris Weber of Casaba Security.
  - [41654] Medium, Apply more restrictions on setting clipboard content.
    Credit to Brook Novak.
  - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
    the Google Security Team.
  - [45876] Medium, Possible installed extension enumeration. Credit to
  - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
    Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
    and Keith Campbell.
  - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
  - [50839] High, Notification permissions memory corruption. Credit to
    Michal Zalewski of the Google Security Team and Google Chrome Security
    Team (SkyLined).
  - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
    Campbell and Google Chrome Security Team (Cris Neckar).
  - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
  - [51727] Low, Avoid storing excessive autocomplete entries. Credit to
    Google Chrome Security Team (Inferno).
  - [52443] High, Stale pointer in focus handling. Credit to VUPEN
    Vulnerability Research Team (VUPEN-SR-2010-249).
  - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
    Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
  - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
* Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
  is installed, the set of usable codecs (at runtime) will still vary.
  This is now done by setting proprietary_codecs=1 so we can drop our patch
  - update debian/rules
  - drop debian/patches/html5_video_mimetypes.patch
  - update debian/patches/series
* Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API
  - update debian/control
* Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
  This is needed for Cloud Printing
  - update debian/control
* Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and
  DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS
  - update debian/rules
* Install resources.pak in the main deb, and remove all resources/ accordingly
  - update debian/chromium-browser.install
* Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME
  Keyring and KWallet integration. See http://crbug.com/12351
  - update debian/control
* Ship empty policy dirs (for now) in /etc/chromium-browser/policies
  - update debian/rules
  - update debian/chromium-browser.dirs
* Bump build-deps for gyp to >= 0.1~svn837
  - update debian/control
* Drop the icedtea6-plugin workaround, it's no longer needed and it may cause
  troubles when the default xulrunner contains older nss/nspr libs
  - update debian/chromium-browser.sh.in

20. By Fabien Tassin on 2010-08-20

* New upstream release from the Stable Channel (LP: #622823)
  This release fixes the following security issues:
  - [45400] Critical, Memory corruption with file dialog. Credit to Sergey
  - [49596] High, Memory corruption with SVGs. Credit to wushi of team509.
  - [49628] High, Bad cast with text editing. Credit to wushi of team509.
  - [49964] High, Possible address bar spoofing with history bug. Credit to
    Mike Taylor.
  - [50515] [51835] High, Memory corruption in MIME type handling. Credit to
    Sergey Glazunov.
  - [50553] Critical, Crash on shutdown due to notifications bug. Credit to
    Sergey Glazunov.
  - [51146] Medium, Stop omnibox autosuggest if the user might be about to
    type a password. Credit to Robert Hansen.
  - [51654] High, Memory corruption with Ruby support. Credit to kuzzcc.
  - [51670] High, Memory corruption with Geolocation support. Credit to
* Add the xul libdir to LD_LIBRARY_PATH in the wrapper to help icedtea6-plugin
  (LP: #529242). This is needed at least for openjdk-6 6b18.
  - update debian/chromium-browser.sh
* No longer use tar --lzma in get-orig-source now that it silently uses xz
  (since tar 1.23-2) which is not available in the backports. Use "tar | lzma"
  instead so the embedded tarball is always a lzma file
  - update debian/rules
* Tweak the user agent to include Chromium and the Distro's name and version.
  - add debian/patches/chromium_useragent.patch.in
  - update debian/patches/series
  - update debian/rules
* Fix a typo in the subst_files rule
  - update debian/rules
* Fix a gyp file that triggers an error with newer gyp (because of dead code)
  - add debian/patches/drop_unused_rules_to_please_newer_gyp.patch
  - update debian/patches/series
* Bump gyp Build-Depends to >= 0.1~svn810 to match upstream requirement
  - update debian/control

19. By Fabien Tassin on 2010-07-27

* New upstream release from the Stable Channel (LP: #612109)
  This release fixes the following security issues:
  - [42736] Medium Memory contents disclosure in layout code. Credit to
    Michail Nikolaev.
  - [43813] High Issue with large canvases. Credit to sp3x of
  - [47866] High Memory corruption in rendering code. Credit to Jose A.
  - [48284] High Memory corruption in SVG handling. Credit to Aki Helin of
  - [48597] Low Avoid hostname truncation and incorrect eliding. Credit to
    Google Chrome Security Team (Inferno).
* lsb_release is slow so try to source the static file /etc/lsb-release
  instead, and fallback to lsb_release if we didn't get the information we need
  for about:version (LP: #608253). Thanks to pitti for the idea.
  - update debian/chromium-browser.sh.in

18. By Fabien Tassin on 2010-07-02

* New upstream release from the Stable Channel (LP: #602142)
  This release fixes the following security issues:
  - [42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome
    Security Team (SkyLined).
  - [42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to
    sirdarckcat of Google Security Team.
  - [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of
    OUSPG; wushi of team509.
  - [44424] High Memory corruption in bidi algorithm. Credit to wushi of
  - [45164] Low Crash with invalid image. Credit to Jose A. Vazquez.
  - [45983] High Memory corruption with invalid PNG (libpng bug). Credit to
    Aki Helin of OUSPG.
  - [46360] High Memory corruption in CSS style rendering. Credit to wushi of
  - [46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.
  - [47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG.

17. By Fabien Tassin on 2010-06-25

* New upstream release from the Stable Channel (LP: #598913)
  Fixes the following security issues:
  - [38105] Medium XSS via application/json response (regression). Credit to
    Ben Davis for original discovery and Emanuele Gentili for regression
  - [43322] Medium Memory error in video handling. Credit to Mark Dowd under
    contract to Google Chrome Security Team.
  - [43967] High Subresource displayed in omnibox loading. Credit to Michal
    Zalewski of Google Security Team.
  - [45267] High Memory error in video handling. Credit to Google Chrome
    Security Team (Cris Neckar).
  - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo
    Marcos of SECFORCE.
* Drop the XLIB_SKIP_ARGB_VISUALS workaround now that the rgba patch has
  been backed off from gtk2 (LP: #584959)
  - update debian/chromium-browser.sh
* Show in about:version and in the About UI when chromium is running on a different
  distribution that it has been built on
  - udpate debian/rules
  - rename and update debian/chromium-browser.sh => debian/chromium-browser.sh.in

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.