lp:ubuntu/natty/chromium-browser

Created by James Westby on 2010-10-13 and last modified on 2011-10-22
Get this branch:
bzr branch lp:ubuntu/natty/chromium-browser
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

39. By Fabien Tassin on 2011-04-14

* New upstream minor release from the Stable Channel (LP: #762275)
  This release fixes the following security issues:
  - [75629] Critical, CVE-2011-1301: Use-after-free in the GPU process.
    Credit to Google Chrome Security Team (Inferno).
  - [78524] Critical, CVE-2011-1302: Heap overflow in the GPU process. Credit
    to Christoph Diehl.
* Make the default mail client and browser settings work with the
  x-scheme-handler method of registering URI handlers in gnome3.
  This is based on the xdg-utils 1.1.0~rc1-2ubuntu3 fix by Chris Coulson
  <email address hidden>, itself based on Bastien Nocera <email address hidden>
  upstream fix (LP: #670128)
  - add debian/patches/xdg-utils_gnome3_lp670128_for_natty.patch
  - update debian/patches/series
* Fix the apport hooks to pass the expected 'ui' to add_info(), needed when
  called from apport/ubuntu-bug (LP: #759635)
  - update debian/apport/chromium-browser.py
* Report a dedicated WMClass per webapp, needed by Unity/bamf.
  (backported from trunk) (LP: #692462)
  - add debian/patches/webapps-wm-class-lp692462.patch
  - update debian/patches/series

38. By Fabien Tassin on 2011-03-30

* NaCL may be blacklisted, so only include it when it's actually been
  built (fixes the ftbfs on arm) (LP: #745854)
  - update debian/rules
  - update debian/chromium-browser.install
* Harden the apport hooks in the extensions section
  - update debian/apport/chromium-browser.py

37. By Fabien Tassin on 2011-03-24

* New upstream minor release from the Stable Channel (LP: #742118)
  This release fixes the following security issues:
  + Webkit bugs:
    - [73216] High, CVE-2011-1292: Use-after-free in the frame loader. Credit
      to Sławomir Błażek.
    - [73595] High, CVE-2011-1293: Use-after-free in HTMLCollection. Credit
      to Sergey Glazunov.
    - [74562] High, CVE-2011-1294: Stale pointer in CSS handling. Credit to
      Sergey Glazunov.
    - [74991] High, CVE-2011-1295: DOM tree corruption with broken node
      parentage. Credit to Sergey Glazunov.
    - [75170] High, CVE-2011-1296: Stale pointer in SVG text handling. Credit
      to Sergey Glazunov.
  + Chromium bugs:
    - [72517] High, CVE-2011-1291: Buffer error in base string handling.
      Credit to Alex Turpin.
Packaging changes:
* Set arm_fpu=vfpv3-d16 on arm (less restrictive than the default vfpv3)
  preventing a SIGILL crash on some boards (LP: #735877)
  - update debian/control
* Install libppGoogleNaClPluginChrome.so (LP: #738331)
  - update debian/rules
  - update debian/chromium-browser.install

36. By Fabien Tassin on 2011-03-11

* New upstream security release from the Stable Channel (LP: #733514)
  + Webkit:
    - CVE-2011-1290 [75712] High, Memory corruption in style handling. Credit
      to Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers reported
      through ZDI.

35. By Fabien Tassin on 2011-03-08

* New upstream major release from the Stable Channel (LP: #731520)
  It includes:
  - New version of V8 - Crankshaft - which greatly improves javascript
    performance
  - New settings pages that open in a tab, rather than a dialog box
  - Improved security with malware reporting and disabling outdated plugins
    by default
  - Password sync as part of Chrome Sync now enabled by default
  - GPU Accelerated Video
  - Background WebApps
  - webNavigation extension API
  This release also fixes the following security issues:
  + Webkit bugs:
    - [42574] [42765] Low, Possible to navigate or close the top location in
      a sandboxed frame. Credit to sirdarckcat of the Google Security Team.
    - [69628] High, Memory corruption with counter nodes. Credit to Martin
      Barbella.
    - [70027] High, Stale node in box layout. Credit to Martin Barbella.
    - [70336] Medium, Cross-origin error message leak with workers. Credit to
      Daniel Divricean.
    - [70442] High, Use after free with DOM URL handling. Credit to Sergey
      Glazunov.
    - [70779] Medium, Out of bounds read handling unicode ranges. Credit to
      miaubiz.
    - [70885] [71167] Low, Pop-up blocker bypasses. Credit to Chamal de
      Silva.
    - [71763] High, Use-after-free in document script lifetime handling.
      Credit to miaubiz.
    - [72028] High, Stale pointer in table painting. Credit to Martin
      Barbella.
    - [73066] High, Crash with the DataView object. Credit to Sergey
      Glazunov.
    - [73134] High, Bad cast in text rendering. Credit to miaubiz.
    - [73196] High, Stale pointer in WebKit context code. Credit to Sergey
      Glazunov.
    - [73746] High, Stale pointer with SVG cursors. Credit to Sergey
      Glazunov.
    - [74030] High, DOM tree corruption with attribute handling. Credit to
      Sergey Glazunov.
  + Chromium bugs:
    - [49747] Low, Work around an X server bug and crash with long messages.
      Credit to Louis Lang.
    - [66962] Low, Possible browser crash with parallel print()s. Credit to
      Aki Helin of OUSPG.
    - [69187] Medium, Cross-origin error message leak. Credit to Daniel
      Divricean.
    - [70877] High, Same origin policy bypass in v8. Credit to Daniel
      Divricean.
  + v8:
    - [74662] High, Corruption via re-entrancy of RegExp code. Credit to
      Christian Holler.
    - [74675] High, Invalid memory access in v8. Credit to Christian Holler.
  + ffmpeg:
    - [71788] High, Out-of-bounds write in the OGG container. Credit to
      Google Chrome Security Team (SkyLined); plus subsequent independent
      discovery by David Weston of Microsoft and MSVR.
    - [73026] High, Use of corrupt out-of-bounds structure in video code.
      Credit to Tavis Ormandy of the Google Security Team.
  + libxslt:
    - [73716] Low, Leak of heap address in XSLT. Credit to Google Chrome
      Security Team (Chris Evans).
Packaging changes:
* Promote Uyghur to the list of supported translations
  - update debian/rules
  - update debian/control
* Fix the FTBFS on arm by re-adding the lost arm_neon=0, and really set armv7=1
  on maverick and natty
  - update debian/rules
* Fix the broken symlinks in /usr/share/doc created by CDBS (See LP: #194574)
  - update debian/rules
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
  - update debian/control
* Fix the Webkit version in about:version (the build system expects the svn
  or git directories to be available at build time)
  - add debian/patches/webkit_rev_parser.patch
  - update debian/patches/series

34. By Fabien Tassin on 2011-03-01

* New upstream release from the Stable Channel (LP: #726895)
  This release fixes the following security issues:
  + Webkit bugs:
    - [54262] High, URL bar spoof with history interaction. Credit to Jordi
      Chancel.
    - [68263] High, Stylesheet node stale pointer. Credit to Sergey Glazunov.
    - [68741] High, Stale pointer with key frame rule. Credit to Sergey
      Glazunov.
    - [70078] High, Crash with forms controls. Credit to Stefan van Zanden.
    - [70244] High, Crash in SVG rendering. Credit to Sławomir Błażek.
    - [71114] High, Stale node in table child handling. Credit to Martin
      Barbella.
    - [71115] High, Stale pointer in table rendering. Credit to Martin
      Barbella.
    - [71296] High, Stale pointer in SVG animations. Credit to miaubiz.
    - [71386] High, Stale nodes in XHTML. Credit to wushi of team509.
    - [71388] High, Crash in textarea handling. Credit to wushi of team509.
    - [71595] High, Stale pointer in device orientation. Credit to Sergey
      Glazunov.
    - [71855] High, Integer overflow in textarea handling. Credit to miaubiz.
    - [71960] Medium, Out-of-bounds read in WebGL. Credit to Google Chrome
      Security Team (Inferno).
    - [73235] High, Stale pointer in layout. Credit to Martin Barbella.
  + Chromium bugs:
    - [63732] High, Crash with javascript dialogs. Credit to Sergey
      Radchenko.
    - [64-bit only] [70376] Medium, Out-of-bounds read in pickle
      deserialization. Credit to Evgeniy Stepanov of the Chromium development
      community.
    - [71717] Medium, Out-of-bounds read in WebGL. Credit to miaubiz.
    - [72214] High, Accidental exposure of internal extension functions.
      Credit to Tavis Ormandy of the Google Security Team.
    - [72437] High, Use-after-free with blocked plug-ins. Credit to Chamal de
      Silva.
* Bump the lang-pack package from Suggests to Recommends (LP: #689267)
  - update debian/control
* Disable PIE on Armel/Lucid (LP: #716703)
  - update debian/rules
* Add the disk usage to the Apport hooks
  - update debian/apport/chromium-browser.py
* Drop gyp from Build-Depends, use in-source gyp instead
  - update debian/control
* Merge back the ffmpeg codecs (from the chromium-codecs-ffmpeg source package)
  - update debian/rules
  - update debian/control
  - add debian/chromium-codecs-ffmpeg-extra.install
  - add debian/chromium-codecs-ffmpeg.install

33. By Fabien Tassin on 2011-02-08

* New upstream release from the Stable Channel (LP: #715357)
  This release fixes the following security issues:
  - [67234] High, Stale pointer in animation event handling. Credit to Rik
    Cabanier.
  - [68120] High, Use-after-free in SVG font faces. Credit to miaubiz.
  - [69556] High, Stale pointer with anonymous block handling. Credit to
    Martin Barbella.
  - [69970] Medium, Out-of-bounds read in plug-in handling. Credit to Bill
    Budge of Google.
  - [70456] Medium, Possible failure to terminate process on out-of-memory
    condition. Credit to David Warren of CERT/CC.
* Update the gl dlopen patch to search for libGLESv2.so.2 instead of .1
  - update debian/patches/dlopen_sonamed_gl.patch

32. By Fabien Tassin on 2011-02-03

* New upstream release from the Stable Channel (LP: #712655)
  This release fixes the following security issues:
  - [55831] High, Use-after-free in image loading. Credit to Aki Helin of
    OUSPG.
  - [59081] Low, Apply some restrictions to cross-origin drag + drop. Credit
    to Google Chrome Security Team (SkyLined) and the Google Security Team
    (Michal Zalewski, David Bloom).
  - [62791] Low, Browser crash with extension with missing key. Credit to
    Brian Kirchoff.
  - [65669] Low, Handle merging of autofill profiles more gracefully. Credit
    to Google Chrome Security Team (Inferno).
  - [68244] Low, Browser crash with bad volume setting. Credit to Matthew
    Heidermann.
  - [69195] Critical, Race condition in audio handling. Credit to the gamers
    of Reddit!
* Add the app/resources/app_strings.grd template to the list
  of templates translated in Launchpad
  - update debian/rules
* Drop the gcc 4.5 work-around, applied upstream
  - remove debian/patches/gcc-4.5-build-workaround.patch
  - update debian/patches/series
* Drop gcc 4.2/4.3 from Build-depends and remove the gcc 4.4 workarounds
  now done in the upstream gyp files
  - update debian/control
  - update debian/rules
* Add libxtst-dev to Build-deps now that chromoting uses the XTest extension
  to execute mouse and keyboard events
  - update debian/control
* Remove GNOME_DESKTOP_SESSION_ID from the Apport report, it's useless
  - update debian/apport/chromium-browser.py
* Add a system to enable/disable distribution specific patches from the quilt
  series
  - add debian/enable-dist-patches.pl
  - update debian/rules
* Disable the gtk resize grip on Natty (LP: #703451)
  Original patch by Cody Russell <email address hidden>, ported to v9
  - add debian/patches/disable_gtk_resize_grip_on_natty.patch
  - update debian/patches/series
* Fix the libgnutls dlopen to look for the sonamed lib
  - add debian/patches/dlopen_libgnutls.patch
  - update debian/patches/series
* Fix the libosmesa/libGLESv2/libEGL dlopen() to look for the sonamed libs.
  This assumes either the libgles2-mesa + libegl1-mesa packages (better) or
  the libosmesa6 package are installed
  - add debian/patches/dlopen_sonamed_gl.patch
  - update debian/patches/series

31. By Fabien Tassin on 2011-01-13

* New upstream release from the Stable Channel (LP: #702542)
  This release fixes the following security issues:
  - [58053] Medium, Browser crash in extensions notification handling. Credit
    to Eric Roman of the Chromium development community.
  - [65764] High, Bad pointer handling in node iteration. Credit to Sergey
    Glazunov.
  - [66560] High, Stale pointer with CSS + canvas. Credit to Sergey Glazunov.
  - [66748] High, Stale pointer with CSS + cursors. Credit to Jan Tošovský.
  - [67303] High, Bad memory access with mismatched video frame sizes. Credit
    to Aki Helin of OUSPG; plus independent discovery by Google Chrome
    Security Team (SkyLined) and David Warren of CERT.
  - [67363] High, Stale pointer with SVG use element. Credited anonymously;
    plus indepdent discovery by miaubiz.
  - [67393] Medium, Uninitialized pointer in the browser triggered by rogue
    extension. Credit to kuzzcc.
  - [68115] High, Vorbis decoder buffer overflows. Credit to David Warren of
    CERT.
  - [68178] High, Bad cast in anchor handling. Credit to Sergey Glazunov.
  - [68181] High, Bad cast in video handling. Credit to Sergey Glazunov.
  - [68439] High, Stale rendering node after DOM node removal. Credit to
    Martin Barbella; plus independent discovery by Google Chrome Security
    Team (SkyLined).
  - [68666] Critical, Stale pointer in speech handling. Credit to Sergey
    Glazunov.
* Add the chrome/app/policy/policy_templates.grd template to the list
  of templates translated in Launchpad
  - update debian/rules
* Add Basque and Galician to the list of supported langs for the lang-packs
  (translations from Launchpad/Rosetta)
  - update debian/rules

30. By Fabien Tassin on 2010-12-13

* New upstream release from the Stable Channel (LP: #689849)
  This release fixes the following security issues:
  - [64-bit Linux only] [56449] High Bad validation for message
    deserialization on 64-bit builds. Credit to Lei Zhang of the Chromium
    development community.
  - [60761] Medium, Bad extension can cause browser crash in tab handling.
    Credit to kuzzcc.
  - [63529] Low, Browser crash with NULL pointer in web worker handling.
    Credit to Nathan Weizenbaum of Google.
  - [63866] Medium, Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
  - [64959] High, Stale pointers in cursor handling. Credit to Sławomir
    Błażek and Sergey Glazunov.
* Don't build with PIE on Natty/armel, for the same reason as for Maverick
  - update debian/rules

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/oneiric/chromium-browser
This branch contains Public information 
Everyone can see this information.

Subscribers