Change log for chromium package in Debian
| 1 → 75 of 230 results | First • Previous • Next • Last |
| Published in sid-release |
chromium (131.0.6778.204-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-12692: Type Confusion in V8.
Reported by Seunghyun Lee (@0x10n).
- CVE-2024-12693: Out of bounds memory access in V8.
Reported by 303f06e3.
- CVE-2024-12694: Use after free in Compositing. Reported by Anonymous.
- CVE-2024-12695: Out of bounds write in V8. Reported by 303f06e3.
* d/patches/fixes/absl-optional.patch: comment out __glibcxx_assert()
that we keep hitting with gcc 12; it was previously commented out, but
we lost the change when we switched from libstdc++ and then back.
[ Bo Yu ]
* Build swiftshader with llvm-16 instead of llvm-10.
-- Andres Salomon <email address hidden> Wed, 18 Dec 2024 16:52:56 -0500
| Published in sid-release |
chromium (131.0.6778.139-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-12381: Type Confusion in V8.
Reported by Seunghyun Lee (@0x10n).
- CVE-2024-12382: Use after free in Translate. Reported by
lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
* (Temporarily?) switch from llvm's libc++ to gcc's libstdc++ to
simplify the prior clang-16/19 upgrades.
* d/patches:
- fixes/bindgen.patch: refresh.
- upstream/dawn-strlen.patch: add gcc-specific build fix.
- upstream/ink-isfinite.patch: add gcc-specific build fix.
- upstream/webrtc-optional.patch: add gcc-specific build fix.
- upstream/variant.patch: add gcc-specific build fixes.
- upstream/array.patch: add gcc-specific build fix.
- fixes/absl-optional.patch: re-introduce clang/gcc build workaround.
- upstream/mrc-copy-op.patch: add gcc-specific build fix.
- fixes/font-gc-asan.patch: add a better workaround for bad font-gc
behavior under libstdc++. This is self-contained and small, unlike
the prior reverts of the switch to font garbage collection.
[ Nathan Teodosio ]
* Simplify fixes/bindgen.patch so it doesn't need frequent rebasing.
[ Daniel Richard G. ]
* d/copyright: Expand list of Files-Excluded: entries.
* d/rules: Various updates to get-orig-source rule, including use of
grep-dctrl(1) and the LASTCHANGE.committime timestamp.
* d/scripts/check-upstream: Avoid issues with inaccurate $(pwd) value and
spaces in filenames, and print all errors instead of only the first one.
-- Andres Salomon <email address hidden> Wed, 11 Dec 2024 15:33:53 -0500
| Superseded in sid-release |
chromium (131.0.6778.108-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-12053: Type Confusion in V8.
Reported by gal1ium and chluo.
-- Andres Salomon <email address hidden> Wed, 04 Dec 2024 01:55:50 -0500
| Superseded in sid-release |
chromium (131.0.6778.85-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-11110: Inappropriate implementation in Blink.
Reported by Vsevolod Kokorin (Slonser) of Solidlab.
- CVE-2024-11111: Inappropriate implementation in Autofill.
Reported by Narendra Bhati, Suma Soft Pvt. Ltd - Pune (India).
- CVE-2024-11112: Use after free in Media. Reported by
Nan Wang(@eternalsakura13) and Zhenghang Xiao(@Kipreyyy) of
360 Vulnerability Research Institute.
- CVE-2024-11113: Use after free in Accessibility.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2024-11114: Inappropriate implementation in Views.
Reported by Micky.
- CVE-2024-11115: Insufficient policy enforcement in Navigation.
Reported by mastersplinter.
- CVE-2024-11116: Inappropriate implementation in Paint.
Reported by Thomas Orlita.
- CVE-2024-11117: Inappropriate implementation in FileSystem.
Reported by Ameen Basha M K.
- CVE-2024-11395: Type Confusion in V8. Reported by Anonymous.
* d/patches:
- upstream/wayland-gbm-pixmap.patch: drop, merged upstream.
- disable/catapult.patch: refresh.
- fixes/bindgen.patch: refresh.
- fixes/freetype.patch: add new patch to fix missing
enable_freetype arg declaration.
- fixes/updater-test.patch: add simple build fix for deleted
third_party/updater/.
[ Timothy Pearson ]
* d/patches/ppc64le:
- workarounds/HACK-debian-clang-disable-pa-musttail.patch: Work around
additional upstream musttail definitions
- workarounds/HACK-debian-clang-disable-base-musttail.patch: Refresh for
upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
Refresh for upstream changes
-- Andres Salomon <email address hidden> Thu, 21 Nov 2024 16:12:03 -0500
| Superseded in sid-release |
chromium (130.0.6723.116-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-10826: Use after free in Family Experiences.
Reported by Anonymous.
- CVE-2024-10827: Use after free in Serial. Reported by Anonymous.
-- Andres Salomon <email address hidden> Wed, 06 Nov 2024 02:30:57 -0500
| Published in bookworm-release |
chromium (130.0.6723.91-1~deb12u1) bookworm-security; urgency=high
* New upstream security release.
- CVE-2024-10487: Out of bounds write in Dawn.
Reported by Apple Security Engineering and Architecture (SEAR).
- CVE-2024-10488: Use after free in WebRTC.
Reported by Cassidy Kim(@cassidy6564).
-- Andres Salomon <email address hidden> Tue, 29 Oct 2024 20:36:38 -0400
| Superseded in sid-release |
chromium (130.0.6723.91-2) unstable; urgency=high * d/patches/fixes/armhf-timespec.patch: add patch to fix armhf FTBFS. -- Andres Salomon <email address hidden> Sun, 03 Nov 2024 02:47:53 -0500
| Superseded in sid-release |
chromium (130.0.6723.91-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-10487: Out of bounds write in Dawn.
Reported by Apple Security Engineering and Architecture (SEAR).
- CVE-2024-10488: Use after free in WebRTC.
Reported by Cassidy Kim(@cassidy6564).
-- Andres Salomon <email address hidden> Tue, 29 Oct 2024 20:36:38 -0400
| Superseded in sid-release |
chromium (130.0.6723.69-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-10229: Inappropriate implementation in Extensions.
Reported by Vsevolod Kokorin (Slonser) of Solidlab.
- CVE-2024-10230: Type Confusion in V8.
Reported by Seunghyun Lee (@0x10n).
- CVE-2024-10231: Type Confusion in V8.
Reported by Seunghyun Lee (@0x10n).
-- Andres Salomon <email address hidden> Tue, 22 Oct 2024 21:34:57 -0400
| Superseded in sid-release |
chromium (130.0.6723.58-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-9954: Use after free in AI. Reported by DarkNavy.
- CVE-2024-9955: Use after free in Web Authentication.
Reported by anonymous.
- CVE-2024-9956: Inappropriate implementation in Web Authentication.
Reported by mastersplinter.
- CVE-2024-9957: Use after free in UI. Reported by lime(@limeSec_) and
fmyy(@binary_fmyy) From TIANGONG Team of Legendsec at QI-ANXIN Group.
- CVE-2024-9958: Inappropriate implementation in PictureInPicture.
Reported by Lyra Rebane (rebane2001).
- CVE-2024-9959: Use after free in DevTools. Reported by Sakana.S.
- CVE-2024-9960: Use after free in Dawn. Reported by Anonymous.
- CVE-2024-9961: Use after free in Parcel Tracking. Reported by
lime(@limeSec_) and fmyy(@binary_fmyy) From TIANGONG Team of
Legendsec at QI-ANXIN Group.
- CVE-2024-9962: Inappropriate implementation in Permissions.
Reported by Shaheen Fazim.
- CVE-2024-9963: Insufficient data validation in Downloads.
Reported by Anonymous.
- CVE-2024-9964: Inappropriate implementation in Payments.
Reported by Hafiizh.
- CVE-2024-9965: Insufficient data validation in DevTools.
Reported by Shaheen Fazim.
- CVE-2024-9966: Inappropriate implementation in Navigations.
Reported by Harry Chen.
* d/copyright: rollup -> @rollup deletion.
* d/patches:
- debianization/sandbox.patch: refresh.
- fixes/bindgen.patch: refresh.
- disable/catapult.patch: refresh.
- system/zlib.patch: drop. Upstream removed courgette, and its
replacement (zucchini) doesn't appear to use zlib.
- system/rollup.patch: update path due to upstream renaming; call
./rollup/.../rollup instead of ./@rollup/wasm-node/.../rollup.
- system/event.patch: drop half of patch due to upstream deletions.
- upstream/mojo-null.patch: merged into mojo.patch.
- upstream/mojo.patch: update based on 130 test files.
[ Daniel Richard G. ]
* d/rules: Drop the clang-16 -I/-Wl,-rpath flags from CXXFLAGS/LDFLAGS as
they are no longer needed.
[ Timothy Pearson ]
* d/patches:
- upstream/blink-fix-size-assertions.patch: Fix build on non-amd64
platforms
- fixes/fix-assert-in-vnc-sessions.patch: Fix assertion and SIGTRAP
when starting Chromium from within a VNC session
* d/patches/ppc64le:
- core/add-ppc64-pthread-stack-size.patch: Define correct pthread
stack size on ppc64 systems
- core/cargo-add-ppc64.diff
- third_party/0001-Add-PPC64-support-for-boringssl.patch: Refresh for
upstream changes
- third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-
.patch: Refresh for upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
Refresh for upstream changes
- third_party/skia-vsx-instructions.patch: Refresh for upstream changes
- workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
for upstream changes
-- Andres Salomon <email address hidden> Sat, 19 Oct 2024 01:12:11 -0400
| Superseded in sid-release |
chromium (129.0.6668.100-2) unstable; urgency=high
* Switch to using clang-19, and drop all d/patches/bookworm/ workarounds
except for libxml-parsererr.patch (closes: #1081241).
-- Andres Salomon <email address hidden> Wed, 09 Oct 2024 14:13:00 -0400
| Superseded in sid-release |
chromium (129.0.6668.100-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-9602: Type Confusion in V8.
Reported by Seunghyun Lee (@0x10n).
- CVE-2024-9603: Type Confusion in V8.
Reported by @WeShotTheMoon and @Nguyen Hoang Thach of starlabs.
-- Andres Salomon <email address hidden> Tue, 08 Oct 2024 19:36:09 -0400
| Superseded in sid-release |
chromium (129.0.6668.89-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-7025: Integer overflow in Layout.
Reported by Tashita Software Security.
- CVE-2024-9369: Insufficient data validation in Mojo.
Reported by Xiantong Hou and Pisanbao of Wuheng Lab.
- CVE-2024-9370: Inappropriate implementation in V8. Reported by
Nguyễn Hoàng Thạch, Đỗ Minh Tuấn, and Wu JinLin of STAR Labs SG Pte Ltd.
* d/patches:
- bookworm/libxml-parseerr.patch: readd for downgraded libxml2 in
unstable (closes: #1082907).
- upstream/wayland-gbm-pixmap.patch: backport two patches to fix
noisy wayland video playback (closes: #1077345).
* Build against system libtiff, thanks to
Soren Stoutner <email address hidden> for getting this fixed upstream
(closes: #1033747).
-- Andres Salomon <email address hidden> Wed, 02 Oct 2024 01:07:19 -0400
| Superseded in sid-release |
chromium (129.0.6668.70-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-9120: Use after free in Dawn. Reported by Anonymous.
- CVE-2024-9121: Inappropriate implementation in V8.
Reported by Tashita Software Security.
- CVE-2024-9122: Type Confusion in V8.
Reported by Seunghyun Lee (@0x10n).
- CVE-2024-9123: Integer overflow in Skia.
Reported by raven at KunLun lab.
* d/copyright: delete more upstream .clang, .git, and android residue.
[ Timothy Pearson ]
* d/patches:
- fixes/predictor-denial-of-service.patch: Work around upstream
issue #368562245, which can cause denial of service of the entire
browser process on specific types of Web sites.
-- Andres Salomon <email address hidden> Wed, 25 Sep 2024 15:23:27 -0400
| Superseded in sid-release |
chromium (129.0.6668.58-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-8904: Type Confusion in V8. Reported by Popax21.
- CVE-2024-8905: Inappropriate implementation in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-8906: Incorrect security UI in Downloads.
Reported by @retsew0x01.
- CVE-2024-8907: Insufficient data validation in Omnibox.
Reported by Muhammad Zaid Ghifari.
- CVE-2024-8908: Inappropriate implementation in Autofill.
Reported by Levit Nudi from Kenya.
- CVE-2024-8909: Inappropriate implementation in UI.
Reported by Shaheen Fazim.
* d/patches:
- debianization/sandbox.patch: refresh for upstream changes. Since we
have some downstream users of this package, retain the Ubuntu wording.
- disable/tests.patch: refresh.
- disable/catapult.patch: refresh.
- bookworm/clang16.patch: refresh, delete -Wno-dangling-assignment-gsl
- ppc64le/crashpad/0001-Implement-support-for-PPC64-on-Linux.patch:
refresh.
- ppc64le/sandbox/Sandbox-linux-services-credentials.cc-PPC.patch:
refresh.
- ppc64le/third_party/dawn-fix-ppc64le-detection.patch: refresh.
- bookworm/more-spaceships.patch: yet another clang-17 header
backport for clang-16 inadequecies.
- bookworm/signer-lambda.patch: clang-16 lambda bug workaround.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/dawn-fix-typos.patch: drop, applied upstream
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
refresh for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
for upstream changes
- core/cargo-add-ppc64.diff: Add ppc64 to cargo architecture definitions
-- Andres Salomon <email address hidden> Wed, 18 Sep 2024 20:47:23 -0400
| Superseded in sid-release |
chromium (128.0.6613.137-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-8636: Heap buffer overflow in Skia.
Reported by Renan Rios (@hyhy_100).
- CVE-2024-8637: Use after free in Media Router. Reported by
lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
- CVE-2024-8638: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-8639: Use after free in Autofill. Reported by
lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
[ Timothy Pearson ]
* d/patches/ppc64le:
- core/add-ppc64-architecture-string.patch
- fixes/fix-study-crash.patch
[ Daniel Richard G. ]
* d/copyright: Add some more Files-Excluded: entries.
* d/rules: Ensure all files in orig source tarball are user-writable.
* d/patches/disable:
- tests.patch: Break out SwiftShader tests deletion to...
- tests-swiftshader.patch: ...a separate file, to simplify resolving
conflicts with the ungoogled-chromium patch series.
-- Andres Salomon <email address hidden> Tue, 10 Sep 2024 21:56:02 -0400
| Superseded in sid-release |
chromium (128.0.6613.119-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-8362: Use after free in WebAudio.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-7970: Out of bounds write in V8.
Reported by Cassidy Kim(@cassidy6564).
* Enable swiftshader support; thanks to Charles Samuels for helping out
on this (closes: #1064465).
* d/patches:
- disable/swiftshader.patch: drop.
- disable/swiftshader-2.patch: drop.
- disable/tests.patch: some swiftshader tests deletion needed.
[ Timothy Pearson ]
* d/patches:
- fixes/gpu-crash.patch: Fix GPU process crash (upstream issue #364568422)
- ppc64le/third_party/0001-swiftshader-fix-build.patch: Fix SwiftShader
build on ppc64el systems
-- Andres Salomon <email address hidden> Wed, 04 Sep 2024 15:05:06 -0400
| Superseded in bookworm-release |
chromium (128.0.6613.84-1~deb12u1) bookworm-security; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-7964: Use after free in Passwords. Reported by Anonymous.
- CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog.
- CVE-2024-7966: Out of bounds memory access in Skia.
Reported by Renan Rios (@HyHy100).
- CVE-2024-7967: Heap buffer overflow in Fonts.
Reported by Tashita Software Security.
- CVE-2024-7968: Use after free in Autofill.
Reported by Han Zheng (HexHive).
- CVE-2024-7969: Type Confusion in V8.
Reported by CFF of Topsec Alpha Team.
- CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat
Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC).
- CVE-2024-7972: Inappropriate implementation in V8.
Reported by Simon Gerst (intrigus-lgtm).
- CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax.
- CVE-2024-7974: Insufficient data validation in V8 API.
Reported by bowu(@gocrashed).
- CVE-2024-7975: Inappropriate implementation in Permissions.
Reported by Thomas Orlita.
- CVE-2024-7976: Inappropriate implementation in FedCM.
Reported by Alesandro Ortiz.
- CVE-2024-7977: Insufficient data validation in Installer.
Reported by Kim Dong-uk (@justlikebono).
- CVE-2024-7978: Insufficient policy enforcement in Data Transfer.
Reported by NDevTK.
- CVE-2024-7979: Insufficient data validation in Installer.
Reported by VulnNoob.
- CVE-2024-7980: Insufficient data validation in Installer.
Reported by VulnNoob.
- CVE-2024-7981: Inappropriate implementation in Views.
Reported by Thomas Orlita.
- CVE-2024-8033: Inappropriate implementation in WebApp Installs.
Reported by Lijo A.T.
- CVE-2024-8034: Inappropriate implementation in Custom Tabs.
Reported by Bharat (mrnoob).
- CVE-2024-8035: Inappropriate implementation in Extensions.
Reported by Microsoft.
* d/copyright: delete third_party/siso/ which contains binaries.
* d/rules: set safe_browsing_use_unrar=false to disable unrar.
* d/patches:
- fixes/blink-frags.patch: drop, merged upstream.
- fixes/stats-collector.patch: drop, upstream deleted broken code.
- fixes/chromium-browser-ui-missing-deps.patch: drop, fixed upstream.
- upstream/armhf-ftbfs.patch: drop, merged upstream.
- upstream/containers-header.patch: drop, merged upstream.
- upstream/crabbyav1f.patch: drop, merged upstream.
- upstream/lock-impl.patch: drop, merged upstream.
- upstream/paint-layer-header.patch: drop, merged upstream.
- disable/unrar.patch: drop, merged upstream w/ build arg.
- bookworm/nvt.patch: drop, no longer needed.
- fixes/ps-print.patch: refresh.
- system/openjpeg.patch: refresh.
- bookworm/clang16.patch: refresh & remove another unsupported option.
- bookworm/constexpr.patch: refresh & add more fixes.
- bookworm/lex-3way.patch: pull in another STL function from clang-17.
- bookworm/blink-attrib.patch: add build fix to reorder __attribute__.
- fixes/highway-include-path.patch: upstream fixed the original issue
in a broken way, making this worse. Add more to this patch to work
around that.
- bookworm/bubble-contents.patch: refresh.
- bookworm/crabbyav1f.patch: refresh.
- bookworm/gn-absl.patch: refresh.
[ Daniel Richard G. ]
* d/rules: Parameterize Rust sysroot to simplify using a different one.
* d/patches:
- bookworm/highway-blink.patch: Avoid armhf/arm64 FTBFS by disabling
Blink feature that requires newer libhwy-dev version.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/dawn-fix-typos.patch: Refresh for upstream changes
- third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
changes
- third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
Refresh for upstream changes
- workarounds/HACK-debian-clang-disable-base-musttail.patch: Disable
musttail on ppc64el platforms
-- Andres Salomon <email address hidden> Thu, 22 Aug 2024 14:06:28 -0400
| Superseded in sid-release |
chromium (128.0.6613.113-1~deb13u1) trixie; urgency=high
* Rebuild for trixie.
* Revert libxml2-dev versioned build-dep, and re-add
d/patches/bookworm/libxml/parseerr.patch.
-- Andres Salomon <email address hidden> Sun, 18 Aug 2024 01:41:43 +0000
| Superseded in sid-release |
chromium (128.0.6613.113-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-7969: Type Confusion in V8.
Reported by CFF of Topsec Alpha Team.
- CVE-2024-8193: Heap buffer overflow in Skia.
Reported by Renan Rios (@hyhy_100).
- CVE-2024-8194: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n).
- CVE-2024-8198: Heap buffer overflow in Skia.
Reported by Renan Rios (@hyhy_100).
* d/control:
- Bump rustc build-dep up to >= 1.74.
* d/patches:
- bookworm/rust-downgrade-osstr-users.patch: drop, now that we have a
newer rust in bookworm.
-- Andres Salomon <email address hidden> Thu, 29 Aug 2024 01:10:43 -0400
| Superseded in sid-release |
chromium (128.0.6613.84-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-7964: Use after free in Passwords. Reported by Anonymous.
- CVE-2024-7965: Inappropriate implementation in V8. Reported by TheDog.
- CVE-2024-7966: Out of bounds memory access in Skia.
Reported by Renan Rios (@HyHy100).
- CVE-2024-7967: Heap buffer overflow in Fonts.
Reported by Tashita Software Security.
- CVE-2024-7968: Use after free in Autofill.
Reported by Han Zheng (HexHive).
- CVE-2024-7969: Type Confusion in V8.
Reported by CFF of Topsec Alpha Team.
- CVE-2024-7971: Type confusion in V8. Reported by Microsoft Threat
Intelligence Center (MSTIC), Microsoft Security Response Center (MSRC).
- CVE-2024-7972: Inappropriate implementation in V8.
Reported by Simon Gerst (intrigus-lgtm).
- CVE-2024-7973: Heap buffer overflow in PDFium. Reported by soiax.
- CVE-2024-7974: Insufficient data validation in V8 API.
Reported by bowu(@gocrashed).
- CVE-2024-7975: Inappropriate implementation in Permissions.
Reported by Thomas Orlita.
- CVE-2024-7976: Inappropriate implementation in FedCM.
Reported by Alesandro Ortiz.
- CVE-2024-7977: Insufficient data validation in Installer.
Reported by Kim Dong-uk (@justlikebono).
- CVE-2024-7978: Insufficient policy enforcement in Data Transfer.
Reported by NDevTK.
- CVE-2024-7979: Insufficient data validation in Installer.
Reported by VulnNoob.
- CVE-2024-7980: Insufficient data validation in Installer.
Reported by VulnNoob.
- CVE-2024-7981: Inappropriate implementation in Views.
Reported by Thomas Orlita.
- CVE-2024-8033: Inappropriate implementation in WebApp Installs.
Reported by Lijo A.T.
- CVE-2024-8034: Inappropriate implementation in Custom Tabs.
Reported by Bharat (mrnoob).
- CVE-2024-8035: Inappropriate implementation in Extensions.
Reported by Microsoft.
* d/copyright: delete third_party/siso/ which contains binaries.
* d/rules: set safe_browsing_use_unrar=false to disable unrar.
* d/patches:
- fixes/blink-frags.patch: drop, merged upstream.
- fixes/stats-collector.patch: drop, upstream deleted broken code.
- fixes/chromium-browser-ui-missing-deps.patch: drop, fixed upstream.
- upstream/armhf-ftbfs.patch: drop, merged upstream.
- upstream/containers-header.patch: drop, merged upstream.
- upstream/crabbyav1f.patch: drop, merged upstream.
- upstream/lock-impl.patch: drop, merged upstream.
- upstream/paint-layer-header.patch: drop, merged upstream.
- disable/unrar.patch: drop, merged upstream w/ build arg.
- bookworm/nvt.patch: drop, no longer needed.
- fixes/ps-print.patch: refresh.
- system/openjpeg.patch: refresh.
- bookworm/clang16.patch: refresh & remove another unsupported option.
- bookworm/constexpr.patch: refresh & add more fixes.
- bookworm/lex-3way.patch: pull in another STL function from clang-17.
- bookworm/blink-attrib.patch: add build fix to reorder __attribute__.
- fixes/highway-include-path.patch: upstream fixed the original issue
in a broken way, making this worse. Add more to this patch to work
around that.
[ Daniel Richard G. ]
* d/rules: Parameterize Rust sysroot to simplify using a different one.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/dawn-fix-typos.patch: Refresh for upstream changes
- third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
changes
- third_party/0002-Add-PPC64-generated-files-for-boringssl.patch:
Refresh for upstream changes
- workarounds/HACK-debian-clang-disable-base-musttail.patch: Disable
musttail on ppc64el platforms
-- Andres Salomon <email address hidden> Thu, 22 Aug 2024 14:06:28 -0400
| Superseded in sid-release |
chromium (127.0.6533.119-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
* d/patches/upstream/armhf-ftbfs.patch: armhf FTBFS fix from upstream.
[ Daniel Richard G. ]
* d/patches:
- ppc64le/crashpad/0002-Include-cstddef-to-fix-build.patch: Drop, as
the original FTBFS that this fixed is no longer reproducible.
- ppc64le/fixes/fix-different-data-layouts.patch: Fix ppc64el FTBFS due
to minor LLVM data-layout clash between older clang and newer rustc.
* d/rules: Add to ppc64el CXXFLAGS to quash copious AltiVec warnings.
-- Andres Salomon <email address hidden> Wed, 14 Aug 2024 13:11:25 -0400
| Superseded in sid-release |
chromium (127.0.6533.99-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream security release.
- CVE-2024-7532: Out of bounds memory access in ANGLE.
Reported by wgslfuzz.
- CVE-2024-7533: Use after free in Sharing. Reported by
lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
- CVE-2024-7550: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-7534: Heap buffer overflow in Layout.
Reported by Tashita Software Security.
- CVE-2024-7535: Inappropriate implementation in V8.
Reported by Tashita Software Security.
- CVE-2024-7536: Use after free in WebAudio.
Reported by Cassidy Kim(@cassidy6564).
[ Timothy Pearson ]
* d/patches/ppc64le:
- core/add-ppc64-architecture-to-extensions.diff: Fix runtime assertion
trap on ppc64el systems
[ Daniel Richard G. ]
* Enable ThinLTO (slower linking, faster runtime) on archs that can
support it (closes: #1033305).
* Avoid some hard-coded Debian references to simplify package builds for
other distributions, e.g. Ubuntu.
* d/patches:
- bookworm/constexpr.patch: Add no_destroy attributes to quash many
"declaration requires an exit-time destructor" warnings.
- fixes/highway-include-path.patch: New patch to fix highway.h path.
[ Grzegorz Szymaszek ]
* Use https instead of http in initial_bookmarks.html.
-- Andres Salomon <email address hidden> Wed, 07 Aug 2024 00:18:54 -0400
| Superseded in sid-release |
chromium (127.0.6533.88-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-6988: Use after free in Downloads. Reported by
lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
- CVE-2024-6989: Use after free in Loader. Reported by Anonymous.
- CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6992: Out of bounds memory access in ANGLE.
Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
- CVE-2024-6993: Inappropriate implementation in Canvas.
Reported by Anonymous.
- CVE-2024-6994: Heap buffer overflow in Layout.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2024-6995: Inappropriate implementation in Fullscreen.
Reported by Alesandro Ortiz.
- CVE-2024-6996: Race in Frames.
Reported by Louis Jannett (Ruhr University Bochum).
- CVE-2024-6997: Use after free in Tabs.
Reported by Sven Dysthe (@svn-dys).
- CVE-2024-6998: Use after free in User Education.
Reported by Sven Dysthe (@svn-dys).
- CVE-2024-6999: Inappropriate implementation in FedCM.
Reported by Alesandro Ortiz.
- CVE-2024-7000: Use after free in CSS. Reported by Anonymous.
- CVE-2024-7001: Inappropriate implementation in HTML.
Reported by Jake Archibald.
- CVE-2024-7003: Inappropriate implementation in FedCM.
Reported by Alesandro Ortiz.
- CVE-2024-7004: Insufficient validation of untrusted input in Safe
Browsing. Reported by Anonymous.
- CVE-2024-7005: Insufficient validation of untrusted input in Safe
Browsing. Reported by Umar Farooq.
- CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert.
- CVE-2024-7255: Out of bounds read in WebTransport.
Reported by Marten Richter.
- CVE-2024-7256: Insufficient data validation in Dawn.
Reported by gelatin dessert.
* Switch from building against (gcc's) libstdc++ to (clang's) libc++.
Upstream is playing fast and loose with memory in ways that results
in crashes with gcc's stricter libstdc++, but not with clang's libc++
(which allows accessing deleting memory apparently). We can't maintain
workarounds any more, and upstream really doesn't care (see, for
example, https://crbug.com/346174906 , where they add workarounds only
for their ASAN memory checker).
* d/copyright:
- delete new rust, cargo, llvm, and node binaries.
- delete third_party/zstd so we can link against system zstd.
- stop deleting the bundled woff, snappy, and jsoncpp; those can't be
dynamically linked against with clang's libc++.
* d/control:
- build-dep against libzstd-dev and bindgen.
- drop build-dep on libwoff-dev, libsnappy-dev, libjsoncpp-dev, and
add build-deps on libc++-16-dev / libc++abi-16-dev.
* d/rules:
- drop use_goma=false (upstream switched to rbe).
- set rust_bindgen_root.
- rework get-orig-source to not use mk-origtargz, which is
incredibly slow (total run 45 mins for the current 6.2G upstream
release). Instead, use d/scripts/get-exludes.pl and tar's
--exclude-from to drastically speed things up (total run now takes
8 mins).
* d/patches:
- upstream/tabstrip-include.patch: drop, merged upstream.
- upstream/quiche-deque.patch: drop, merged upstream.
- upstream/gpu-header.patch: drop, merged upstream.
- upstream/blink-header.patch: drop, merged upstream.
- upstream/blink-header2.patch: drop, merged upstream.
- upstream/blink-header3.patch: drop, merged upstream.
- upstream/realtime-reporting.patch: drop, merged upstream.
- upstream/urlvisit-header.patch: drop, merged upstream.
- upstream/accessibility-format.patch: drop, merged upstream.
- upstream/observer.patch: drop, merged upstream.
- bookworm/clang16.patch: refresh.
- bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes.
- ungoogled/disable-privacy-sandbox.patch: refresh.
- disable/signin.patch: upstream dropped prefs::kAutologinEnabled.
- upstream/crabbyav1f.patch: add build fix pulled from upstream.
- upstream/lock-impl.patch: add build fix pulled from upstream.
- upstream/containers-header.patch: add build fix pulled from upstream.
- upstream/paint-layer-header.patch: add build fix pulled from upstream
- fixes/bindgen.patch: work around bindgen-related things (hopefully
correctly?)
- bookworm/lex-3way.patch: add patch to support
std::lexicographical_compare_three_way, which was added in clang-17.
- bookworm/traitors.patch: another clang-16 hack; backport
pointer_traits.h from libc++-18-dev to work around clang
std::to_address() issue.
- bookworm/constexpr.patch: add more of the usual constexpr
workarounds; only needed for clang-16.
- fixes/absl-optional.patch: drop, only needed for libstdc++-dev.
- fixes/bad-font-gc*: drop, only needed for libstdc++-dev.
- fixes/chromium-browser-ui-missing-deps.patch: add a bunch of
mojo-related dependency build fixes.
[ Timothy Pearson ]
* d/patches:
- fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on
64k page systems such as aarch64 and ppc64el
* d/patches/ppc64le:
- ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed
- third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
changes
-- Andres Salomon <email address hidden> Tue, 30 Jul 2024 23:50:29 -0400
| Superseded in sid-release |
chromium (126.0.6478.182-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-6772: Inappropriate implementation in V8.
Reported by 5fceb6172bbf7e2c5a948183b53565b9.
- CVE-2024-6773: Type Confusion in V8. Reported by 2ourc3 | Salim Largo.
- CVE-2024-6774: Use after free in Screen Capture. Reported by
lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec
at QI-ANXIN Group.
- CVE-2024-6775: Use after free in Media Stream. Reported by Anonymous.
- CVE-2024-6776: Use after free in Audio. Reported by
lime(@limeSec_) and fmyy(@binary_fmyy) from TIANGONG Team of Legendsec
at QI-ANXIN Group.
- CVE-2024-6777: Use after free in Navigation.
Reported by Sven Dysthe (@svn-dys).
- CVE-2024-6778: Race in DevTools. Reported by Allen Ding.
- CVE-2024-6779: Out of bounds memory access in V8.
Reported by Seunghyun Lee (@0x10n).
-- Andres Salomon <email address hidden> Tue, 16 Jul 2024 16:50:59 -0400
| Superseded in sid-release |
chromium (126.0.6478.126-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-6290: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6291: Use after free in Swiftshader.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-6292: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6293: Use after free in Dawn. Reported by wgslfuzz.
* d/patches/upstream/observer.patch: add crash-on-exit fix from
upstream (closes: #1073378).
-- Andres Salomon <email address hidden> Tue, 25 Jun 2024 03:28:40 -0400
| Superseded in sid-release |
chromium (126.0.6478.114-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee
(@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024.
- CVE-2024-6101: Inappropriate implementation in WebAssembly.
Reported by @ginggilBesel.
- CVE-2024-6102: Out of bounds memory access in Dawn.
Reported by wgslfuzz.
- CVE-2024-6103: Use after free in Dawn. Reported by wgslfuzz.
-- Andres Salomon <email address hidden> Tue, 18 Jun 2024 15:55:14 -0400
| Superseded in sid-release |
chromium (126.0.6478.56-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-5830: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-5831: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5832: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5833: Type Confusion in V8. Reported by @ginggilBesel.
- CVE-2024-5834: Inappropriate implementation in Dawn.
Reported by gelatin dessert.
- CVE-2024-5835: Heap buffer overflow in Tab Groups.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2024-5836: Inappropriate Implementation in DevTools.
Reported by Allen Ding.
- CVE-2024-5837: Type Confusion in V8. Reported by Anonymous.
- CVE-2024-5838: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-5839: Inappropriate Implementation in Memory Allocator.
Reported by Mickey.
- CVE-2024-5840: Policy Bypass in CORS. Reported by Matt Howard.
- CVE-2024-5841: Use after free in V8.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-5842: Use after free in Browser UI.
Reported by Sven Dysthe (@svn_dy).
- CVE-2024-5843: Inappropriate implementation in Downloads.
Reported by hjy79425575.
- CVE-2024-5844: Heap buffer overflow in Tab Strip. Reported by Sri.
- CVE-2024-5845: Use after free in Audio. Reported by anonymous.
- CVE-2024-5846: Use after free in PDFium.
Reported by Han Zheng (HexHive).
- CVE-2024-5847: Use after free in PDFium.
Reported by Han Zheng (HexHive).
* d/copyright: delete bullseye environment that upstream ships (??).
* d/patches:
- upstream/appservice-include.patch: drop, merged upstream.
- upstream/lens-include.patch: drop, merged upstream.
- upstream/mojo-bindings-include.patch: drop, merged upstream.
- upstream/ninja.patch: drop, merged upstream.
- upstream/no-vector-consts.patch: drop, merged upstream.
- upstream/vulkan-include.patch: drop, merged upstream.
- system/clang-format.patch: drop it; we broke it some time ago, and
didn't notice. Guess we don't need it?
- bookworm/clang16.patch: refresh.
- fixes/bad-font-gc00000.patch: refresh
- fixes/bad-font-gc11.patch: refresh
- fixes/bad-font-gc2.patch: refresh
- disable/signin.patch: refresh
- upstream/quiche-deque.patch: gcc build fix pulled from upstream.
- upstream/gpu-header.patch: add header build fix from upstream.
- upstream/blink-header.patch: add header build fix from upstream.
- upstream/blink-header2.patch: add header build fix from upstream.
- upstream/blink-header3.patch: add header build fix from upstream.
- upstream/realtime-reporting.patch: gcc build fix from upstream.
- upstream/urlvisit-header.patch: add header build fix from upstream.
- upstream/accessibility-format.patch: gcc build fix from upstream.
- bookworm/urlhelper-ctor.patch: work around a clang-16 bug; add an
explicit constructor.
[ Timothy Pearson ]
* d/patches/ppc64le:
- sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: Modify for upstream
changes
- third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Modify
for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Refresh
for upstream changes
-- Andres Salomon <email address hidden> Thu, 13 Jun 2024 21:31:56 -0400
| Superseded in sid-release |
chromium (125.0.6422.141-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-5493: Heap buffer overflow in WebRTC.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-5494: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5495: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-5496: Use after free in Media Session.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-5497: Out of bounds memory access in Keyboard Inputs.
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
- CVE-2024-5498: Use after free in Presentation API.
- CVE-2024-5499: Out of bounds write in Streams API.
* d/patches/fixes/libxml-parseerr.patch: delete, now that we have a
newer libxml2.
* d/control: add versioned build-dep on libxml2-dev >= 2.12.
-- Andres Salomon <email address hidden> Thu, 30 May 2024 22:11:26 -0400
| Superseded in sid-release |
chromium (125.0.6422.112-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-5274: Type Confusion in V8. Reported by Clément Lecigne of
Google's Threat Analysis Group and Brendon Tiszka of Chrome Security.
* Fix handling of quoted arguments (closes: #1071662).
-- Andres Salomon <email address hidden> Thu, 23 May 2024 20:51:14 -0400
| Superseded in sid-release |
chromium (125.0.6422.76-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-5157: Use after free in Scheduling. Reported by Looben Yang.
- CVE-2024-5158: Type Confusion in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-5159: Heap buffer overflow in ANGLE.
Reported by David Sievers (@loknop).
- CVE-2024-5160: Heap buffer overflow in Dawn. Reported by wgslfuzz.
* Don't silently ignore arguments meant for the wrapper script if chromium
args happen to come first (closes: #1068096).
* d/patches:
- upstream/tabstrip-include.patch: add header build fix.
-- Andres Salomon <email address hidden> Tue, 21 May 2024 16:12:47 -0400
| Superseded in sid-release |
chromium (125.0.6422.60-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-4947: Type Confusion in V8. Reported by Vasily
Berdnikov (@vaber_b) and Boris Larin (@oct0xor) of Kaspersky.
- CVE-2024-4948: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-4949: Use after free in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-4950: Inappropriate implementation in Downloads.
Reported by Shaheen Fazim.
* d/copyright: fix instrumented_libs deletion; upstream renamed it.
* d/scripts/unbundle: bundle new requirement absl_crc (which is
unavailable in bookworm).
* d/patches:
- upstream/uint-includes.patch: drop,merged upstream.
- upstream/fps-optional.patch: drop, merged upstream.
- upstream/span-optional.patch: drop, merged upstream.
- upstream/extractor-bitset.patch: drop, merged upstream.
- upstream/atomic.patch: drop, merged upstream.
- upstream/webgpu-optional.patch: drop, merged upstream.
- disable/catapult.patch: refresh.
- i386/angle-lockfree.patch: drop, I _think_ it's no longer needed.
- upstream/ruy-include.patch: add header build fix.
- upstream/vulkan-include.patch: add header build fix.
- upstream/mojo-bindings-include.patch: add header build fix.
- upstream/appservice-include.patch: add header build fix.
- upstream/no-vector-consts.patch: add build fix; gnu libstdc++
doesn't allow const types inside vectors.
- upstream/lens-include.patch: add header build fix.
- bookworm/nvt2.patch: drop (replace with a better non-revert patch).
- bookworm/v8-wrappable.patch: add nvt2.patch build fix replacement
that just defines a single struct member.
- upstream/ninja.patch: add build fix for failure triggered by
ninja-1.12 (closes: #1071197).
- fixes/bad-font-gc00000.patch: add formatting patch revert to make
other patches easier to apply.
- fixes/bad-font-gc2.patch: add a build failure fix & refresh.
- fixes/bad-font-gc11.patch: add a build failure fix & refresh.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/0001-Add-PPC64-support-for-boringssl.patch: Modify for
upstream changes
- third_party/0002-Add-PPC64-generated-files-for-boringssl.patch: Add
pregenerated configuration for ppc64el support in BoringSSL
- third_party/0002-third-party-boringssl-add-generated-files.patch:
Rename to third_party/0002-Add-PPC64-generated-files-for-boringssl.patch
- workarounds/HACK-debian-clang-disable-skia-musttail.patch: Refresh
for upstream changes
- third_party/skia-vsx-instructions.patch: Refresh for upstream changes
- ffmpeg/0001-Add-support-for-ppc64.patch: Refresh for upstream changes
-- Andres Salomon <email address hidden> Thu, 16 May 2024 18:55:41 -0400
| Superseded in sid-release |
chromium (124.0.6367.207-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous.
-- Andres Salomon <email address hidden> Tue, 14 May 2024 22:17:42 -0400
| Superseded in sid-release |
chromium (124.0.6367.201-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-4671: Use after free in Visuals. Reported by Anonymous.
-- Andres Salomon <email address hidden> Thu, 09 May 2024 20:37:07 -0400
| Superseded in sid-release |
chromium (124.0.6367.155-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-4558: Use after free in ANGLE. Reported by gelatin dessert.
- CVE-2024-4559: Heap buffer overflow in WebAudio.
Reported by Cassidy Kim(@cassidy6564).
* d/control: replace libu2f-udev recommends with udev (closes: #1070283).
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/skia-vsx-instructions.patch: fix various issues.
-- Andres Salomon <email address hidden> Tue, 07 May 2024 14:47:32 -0400
| Superseded in sid-release |
chromium (124.0.6367.118-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-4331: Use after free in Picture In Picture.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz.
* Build-dep on libhwy-dev and delete the bundled third_party/highway.
* Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng.
* Build-dep on libdav1d-dev and delete the bundled third_party/dav1d.
* d/patches:
- ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch,
ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch,
ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch,
fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed
for bundled libdav1d.
- ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch,
ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop
these two patches that were needed for bundled highway.
- upstream/ozone1.patch: drop, merged upstream.
- upstream/ozone2.patch: drop, merged upstream.
- fixes/bad-font-gc2.patch: refresh.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent
breakage of i386 build
-- Andres Salomon <email address hidden> Tue, 30 Apr 2024 17:53:52 -0400
| Superseded in sid-release |
chromium (124.0.6367.78-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-4058: Type Confusion in ANGLE.
Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure.
- CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik.
- CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz.
-- Andres Salomon <email address hidden> Thu, 25 Apr 2024 19:07:35 -0400
| Superseded in sid-release |
chromium (124.0.6367.60-2) unstable; urgency=high
* d/patches/ppc64le:
- third_party/0001-Add-PPC64-support-for-boringssl.patch: update for
upstream boringssl changes and reenable
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
regenerate from new ffmpeg source tree
- third_party/skia-vsx-instructions.patch: update for upstream changes
[ Andres Salomon ]
* d/patches:
- fixes/arm64-ftbfs.patch: add arm64-specific ftbfs fix for libdav1d.
- upstream/ozone1.patch, upstream/ozone2.patch: backport fixes for
broken wayland support (closes: #1069586).
-- Timothy Pearson <email address hidden> Thu, 25 Apr 2024 15:21:00 -0500
| Superseded in sid-release |
chromium (124.0.6367.60-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-3832: Object corruption in V8.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-3833: Object corruption in WebAssembly.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
- CVE-2024-3837: Use after free in QUIC.
Reported by {rotiple, dch3ck} of CW Research Inc.
- CVE-2024-3838: Inappropriate implementation in Autofill.
Reported by Ardyan Vicky Ramadhan.
- CVE-2024-3839: Out of bounds read in Fonts.
Reported by Ronald Crane (Zippenhop LLC).
- CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
Reported by Ahmed ElMasry.
- CVE-2024-3841: Insufficient data validation in Browser Switcher.
Reported by Oleg.
- CVE-2024-3843: Insufficient data validation in Downloads.
Reported by Azur.
- CVE-2024-3844: Inappropriate implementation in Extensions.
Reported by Alesandro Ortiz.
- CVE-2024-3845: Inappropriate implementation in Network.
Reported by Daniel Baulig.
- CVE-2024-3846: Inappropriate implementation in Prompts.
Reported by Ahmed ElMasry.
- CVE-2024-3847: Insufficient policy enforcement in WebUI.
Reported by Yan Zhu.
* d/copyright:
- delete __pycache__ directories to shut up dpkg warnings.
- stop deleting bundled libwebp directory.
* Drop build-dep on libwebp-dev and start building against the bundled
libwebp. We need to do this because chromium uses features of libavif
that require libsharpyuv-dev; but that's only available in sid/trixie.
* d/patches:
- upstream/std-to-address.patch: drop, merged upstream.
- fixes/optional2.patch: drop, merged upstream.
- fixes/blink-fonts-shape-result.patch: drop, merged upstream.
- bookworm/constexpr-equality.patch: drop, merged upstream.
- disable/catapult.patch: refresh.
- disable/google-api-warning.patch: rework to be a smaller patch.
- bookworm/clang16.patch: refresh.
- ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
preference.
- upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
- upstream/uint-includes.patch: simple header build fix from upstream.
- upstream/fps-optional.patch: add header build fix.
- upstream/span-optional.patch: add header build fix.
- upstream/extractor-bitset.patch: add header build fix.
- upstream/atomic.patch: add header build fix.
- upstream/webgpu-optional.patch: add header build fix.
- fixes/absl-optional.patch: comment out assert() that caused crash.
This could be another clang16/libstdc++ miscompilation issue, but
needs further investigation.
- fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
- fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
more (new) upstream commits related to bad-font-gc2.patch. When the
use-after-free bug gets fixed, all this can be dropped.
* d/patches/ppc64le:
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
ffmpeg/0001-Add-support-for-ppc64.patch,
third_party/dawn-fix-typos.patch,
third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
- third_party/skia-vsx-instructions.patch: refresh & update for header
renaming.
- third_party/0001-Add-PPC64-support-for-boringssl.patch,
third_party/0002-third-party-boringssl-add-generated-files.patch:
disable these two until Tim has a chance to look at them.
-- Andres Salomon <email address hidden> Fri, 19 Apr 2024 12:33:38 -0400
| Superseded in sid-release |
chromium (123.0.6312.122-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-3157: Out of bounds write in Compositing.
Reported by DarkNavy.
- CVE-2024-3516: Heap buffer overflow in ANGLE.
Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure.
- CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz.
-- Andres Salomon <email address hidden> Wed, 10 Apr 2024 21:21:05 -0400
| Superseded in sid-release |
chromium (123.0.6312.105-2) unstable; urgency=high
* Depend on libgtk-3-0t64 instead of libgtk-3-0 for time_t transition
(closes: #1068540).
-- Andres Salomon <email address hidden> Sun, 07 Apr 2024 12:43:26 -0400
| Superseded in sid-release |
chromium (123.0.6312.105-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-3156: Inappropriate implementation in V8.
Reported by Zhenghang Xiao (@Kipreyyy).
- CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish.
- CVE-2024-3159: Out of bounds memory access in V8. Reported by
Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto
Networks, via Pwn2Own 2024.
-- Andres Salomon <email address hidden> Tue, 02 Apr 2024 18:28:18 -0400
| Superseded in sid-release |
chromium (123.0.6312.86-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-2883: Use after free in ANGLE.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-2885: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-2886: Use after free in WebCodecs. Reported by
Seunghyun Lee (@0x10n) of KAIST Hacking Lab, via Pwn2Own 2024.
- CVE-2024-2887: Type Confusion in WebAssembly.
Reported by Manfred Paul, via Pwn2Own 2024.
* d/patches/ppc64le:
- fixes/fix-clang-selection.patch: select clang on ppc64 platforms
- ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: fix
ARM builds.
[ Andres Salomon ]
* d/patches:
- fixes/bad-font-gc1.patch, fixes/bad-font-gc2.patch: revert a pair of
upstream commits that result in blink's garbage collector frequently
deadlocking and crashing (closes: #1067886).
-- Timothy Pearson <email address hidden> Wed, 28 Mar 2024 16:58:00 -0500
| Superseded in sid-release |
chromium (123.0.6312.58-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-2625: Object lifecycle issue in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-2626: Out of bounds read in Swiftshader.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
- CVE-2024-2628: Inappropriate implementation in Downloads.
Reported by Ath3r1s.
- CVE-2024-2629: Incorrect security UI in iOS.
Reported by Muneaki Nishimura (nishimunea).
- CVE-2024-2630: Inappropriate implementation in iOS.
Reported by James Lee (@Windowsrcer).
- CVE-2024-2631: Inappropriate implementation in iOS.
Reported by Ramit Gangwar.
* d/patches:
- upstream/bitset.patch: drop, merged upstream.
- upstream/bookmarknode.patch: drop, merged upstream.
- upstream/optional.patch: drop, merged upstream.
- upstream/uniqptr.patch: drop, merged upstream.
- fixes/gcc13-headers.patch: drop, merged upstream.
- fixes/optional.patch: drop, merged upstream.
- fixes/material-utils.patch: drop part that was merged upstream.
- disable/catapult.patch: refresh.
- bookworm/constexpr-equality.patch: include another similar fix.
- bookworm/nvt.patch: refresh.
- bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
- disable/angle-perftests.patch: drop, replace with a gn build argument.
- bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
clap-lex crate, as it's using 1.74 features and we only have 1.70.
- fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
- fixes/optional2.patch: add another missing <optional> inclusion.
- fixes/stats-collector.patch: add build fix for wrong header.
- disable/screen-ai-blob.patch: add patch to not register the
ScreenAI component. Previously, if you opened a PDF and clicked
"open in reader mode", it would download a binary blob to
~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
what else) in that opaque blob without warning you. We, uh, don't
want that. (closes: #1066910).
* d/rules: add angle_build_tests=false build argument, which allows us to
drop angle-perftests.patch.
[ Timothy Pearson ]
* d/patches:
- fixes/blink-fonts-shape-result.patch: pull in upstream patch for
compilation failure in Blink SameSizeAsShapeResult class
* d/patches/ppc64le:
- ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
refresh for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
for upstream changes
- third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
upstream changes
- third_party/skia-vsx-instructions.patch: refresh & harden Skia against
timing attacks.
-- Andres Salomon <email address hidden> Fri, 22 Mar 2024 12:45:06 -0400
| Superseded in sid-release |
chromium (122.0.6261.128-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-2400: Use after free in Performance Manager.
Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab.
-- Andres Salomon <email address hidden> Tue, 12 Mar 2024 18:43:05 -0400
| Superseded in sid-release |
chromium (122.0.6261.111-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-2173: Out of bounds memory access in V8.
Reported by 5fceb6172bbf7e2c5a948183b53565b9.
- CVE-2024-2174: Inappropriate implementation in V8.
Reported by 5f46f4ee2e17957ba7b39897fb376be8.
- CVE-2024-2176: Use after free in FedCM. Reported by Anonymous.
-- Andres Salomon <email address hidden> Tue, 05 Mar 2024 16:40:05 -0500
| Superseded in sid-release |
chromium (122.0.6261.94-1) unstable; urgency=high
* New upstream security release.
- Type Confusion in V8. Reported by 5f46f4ee2e17957ba7b39897fb376be8.
- Type Confusion in V8. Reported by
Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab.
-- Andres Salomon <email address hidden> Tue, 27 Feb 2024 15:15:03 -0500
| Superseded in sid-release |
chromium (122.0.6261.57-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-1669: Out of bounds memory access in Blink.
Reported by Anonymous.
- CVE-2024-1670: Use after free in Mojo.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-1671: Inappropriate implementation in Site Isolation.
Reported by Harry Chen.
- CVE-2024-1672: Inappropriate implementation in Content Security Policy.
Reported by Georg Felber (TU Wien) & Marco Squarcina (TU Wien).
- CVE-2024-1673: Use after free in Accessibility.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2024-1674: Inappropriate implementation in Navigation.
Reported by David Erceg.
- CVE-2024-1675: Insufficient policy enforcement in Download.
Reported by Bartłomiej Wacko.
- CVE-2024-1676: Inappropriate implementation in Navigation.
Reported by Khalil Zhani.
* d/patches:
- fixes/v8-compressed-ptrs.patch: drop, merged upstream.
- fixes/stdint.patch: drop, merged upstream.
- upstream/vector.patch: drop, merged upstream.
- upstream/display-header.patch: drop, merged upstream.
- upstream/bitset.patch: drop, merged upstream.
- upstream/once_flag.patch: drop, merged upstream.
- fixes/std-to-address.patch: refresh.
- disable/signin.patch: refresh.
- disable/catapult.patch: refresh.
- bookworm/clang16.patch: refresh, and change
-Wno-c++11-narrowing-const-reference to -Wno-c++11-narrowing.
- bookworm/nvt.patch: refresh.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
- bookworm/undo-internal-alloc.patch: revert a commit that confuses
clang16 w/ libstdc++. We need a better workaround than this.
- upstream/mojo.patch: update from git.
- bookworm/constexpr-equality.patch: add a few more build fixes
(constexpr removals).
- upstream/uniqptr.patch: add missing include.
- upstream/optional.patch: add missing include.
- upstream/bookmarknode.patch: add comparison equality fix pulled from
upstream.
- fixes/optional.patch: add missing includes.
- bookworm/nvt2.patch: revert another upstream c++-20 change for clang-16.
- upstream/bitset.patch: add missing include.
- ppc64le/v8/0002-Add-ppc64-trap-instructions.patch: refresh.
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Properly-detect-little-endian-PPC64-systems.patch: drop, upstream
fix in GIT hash 25a6e6
- 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
- 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
upstream changes
- skia-vsx-instructions.patch: refresh for upstream changes
-- Andres Salomon <email address hidden> Wed, 21 Feb 2024 19:56:32 -0500
| Published in bullseye-release |
chromium (120.0.6099.224-1~deb11u1) bullseye-security; urgency=high
* New upstream security release.
- CVE-2024-0517: Out of bounds write in V8.
Reported by Toan (suto) Pham of Qrious Secure.
- CVE-2024-0518: Type Confusion in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous.
* d/rules: fix search path for clang libs.
-- Andres Salomon <email address hidden> Tue, 16 Jan 2024 15:35:05 -0500
| Superseded in bookworm-release |
chromium (121.0.6167.139-1~deb12u1) bookworm-security; urgency=high
* New upstream security release.
- CVE-2024-1060: Use after free in Canvas. Reported by Anonymous.
- CVE-2024-1059: Use after free in WebRTC.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-1077: Use after free in Network.
Reported by Microsoft Security Research Center.
-- Andres Salomon <email address hidden> Wed, 31 Jan 2024 11:49:10 -0500
| Superseded in sid-release |
chromium (121.0.6167.160-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-1284: Use after free in Mojo. Reported by Anonymous.
- CVE-2024-1283: Heap buffer overflow in Skia.
Reported by Jorge Buzeti (@r3tr074).
-- Andres Salomon <email address hidden> Tue, 06 Feb 2024 22:41:53 -0500
| Superseded in sid-release |
chromium (121.0.6167.139-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-1060: Use after free in Canvas. Reported by Anonymous.
- CVE-2024-1059: Use after free in WebRTC.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-1077: Use after free in Network.
Reported by Microsoft Security Research Center.
-- Andres Salomon <email address hidden> Wed, 31 Jan 2024 11:49:10 -0500
| Superseded in sid-release |
chromium (121.0.6167.85-1) unstable; urgency=high
* New upstream stable release.
- CVE-2024-0807: Use after free in WebAudio.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2024-0812: Inappropriate implementation in Accessibility.
Reported by Anonymous.
- CVE-2024-0808: Integer underflow in WebUI.
Reported by Lyra Rebane (rebane2001).
- CVE-2024-0810: Insufficient policy enforcement in DevTools.
Reported by Shaheen Fazim.
- CVE-2024-0814: Incorrect security UI in Payments.
Reported by Muneaki Nishimura (nishimunea).
- CVE-2024-0813: Use after free in Reading Mode. Reported by @retsew0x01.
- CVE-2024-0806: Use after free in Passwords.
Reported by 18楼梦想改造家.
- CVE-2024-0805: Inappropriate implementation in Downloads.
Reported by Om Apip.
- CVE-2024-0804: Insufficient policy enforcement in iOS Security UI.
Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) .
- CVE-2024-0811: Inappropriate implementation in Extensions API.
Reported by Jann Horn of Google Project Zero.
- CVE-2024-0809: Inappropriate implementation in Autofill.
Reported by Ahmed ElMasry.
* d/copyright: drop another eu-strip binary.
* d/patches:
- fixes/atspi.patch: drop, merged upstream.
- fixes/gcc13-headers.patch: drop portions that were merged upstream.
- upstream/nullptr_t.patch: drop, merged upstream.
- upstream/string-include.patch: drop, merged upstream.
- ungoogled/disable-web-environment-integrity.patch: remove, upstream
wisely backed off and removed WEI.
- disable/signin.patch: refresh for minor upstream changes.
- disable/catapult.patch: refresh for minor upstream changes.
- system/openjpeg.patch: refresh for minor upstream changes.
- bookworm/clang16.patch: drop portion that was merged upstream.
- upstream/vector.patch: missing header fix, pulled from upstream.
- upstream/display-header.patch: missing header fix, pulled from upstream.
- upstream/bitset.patch: missing header fix, pulled from upstream.
- upstream/once_flag.patch: missing header fix, pulled from upstream.
- bookworm/constexpr-equality.patch: add clang-16 workaround.
- bookworm/nvt.patch: revert an upstream c++-20 change that confuses
clang-16.
- fixes/libxml-parseerr.patch: revert change from a newer libxml than
debian's.
[ Timothy Pearson ]
* d/patches:
- fixes/std-to-address.patch: work around incorrect template selection
in Mojo ConvertTo()
- fixes/stdint.patch: add missing stdint include to performance manager
* d/patches/ppc64le:
- fixes/fix-rust-linking.patch: allow linking C and Rust libraries in full
archive mode
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
for upstream changes
- third_party/skia-vsx-instructions.patch: refresh for upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
refresh for upstream changes
- third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
refresh for upstream changes
-- Andres Salomon <email address hidden> Tue, 23 Jan 2024 17:59:49 -0500
| Superseded in sid-release |
chromium (120.0.6099.224-2) unstable; urgency=high * d/patches/ppc64le/fixes/fix-rustc.patch: add patch to fix ppc64le build. -- Andres Salomon <email address hidden> Thu, 18 Jan 2024 03:05:12 -0500
| Superseded in sid-release |
chromium (120.0.6099.224-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-0517: Out of bounds write in V8.
Reported by Toan (suto) Pham of Qrious Secure.
- CVE-2024-0518: Type Confusion in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-0519: Out of bounds memory access in V8. Reported by Anonymous.
* d/rules: enable rust and (relatedly) fix search path for clang libs.
* Add versioned build-dep on rustc >= 1.70.0+dfsg1-5 for profiler support.
-- Andres Salomon <email address hidden> Tue, 16 Jan 2024 15:35:05 -0500
| Superseded in sid-release |
chromium (120.0.6099.216-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-0333: Insufficient data validation in Extensions.
Reported by Malcolm Stagg (@malcolmst) of SODIUM-24, LLC.
-- Andres Salomon <email address hidden> Tue, 09 Jan 2024 20:54:53 -0500
| Superseded in sid-release |
chromium (120.0.6099.199-1) unstable; urgency=high
* New upstream security release.
- CVE-2024-0222: Use after free in ANGLE.
Reported by Toan (suto) Pham of Qrious Secure.
- CVE-2024-0223: Heap buffer overflow in ANGLE.
Reported by Toan (suto) Pham and Tri Dang of Qrious Secure.
- CVE-2024-0224: Use after free in WebAudio.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2024-0225: Use after free in WebGPU. Reported by Anonymous.
-- Andres Salomon <email address hidden> Wed, 03 Jan 2024 22:53:21 -0500
| Superseded in sid-release |
chromium (120.0.6099.129-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-7024: Heap buffer overflow in WebRTC. Reported by
Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group.
-- Andres Salomon <email address hidden> Wed, 20 Dec 2023 21:05:12 -0500
| Superseded in sid-release |
chromium (120.0.6099.109-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-6702: Type Confusion in V8. Reported by
Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group.
- CVE-2023-6703: Use after free in Blink.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2023-6704: Use after free in libavif. Reported by Fudan University.
- CVE-2023-6705: Use after free in WebRTC.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2023-6706: Use after free in FedCM. Reported by anonymous.
- CVE-2023-6707: Use after free in CSS. Reported by @ginggilBesel.
-- Andres Salomon <email address hidden> Tue, 12 Dec 2023 19:52:08 -0500
| Superseded in bookworm-release |
chromium (119.0.6045.199-1~deb12u1) bookworm-security; urgency=high
* New upstream security release.
- CVE-2023-6348: Type Confusion in Spellcheck.
Reported by Mark Brand of Google Project Zero.
- CVE-2023-6347: Use after free in Mojo. Reported by
Leecraso and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2023-6346: Use after free in WebAudio.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2023-6350: Out of bounds memory access in libavif.
Reported by Fudan University.
- CVE-2023-6351: Use after free in libavif. Reported by Fudan University.
- CVE-2023-6345: Integer overflow in Skia. Reported by
Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group.
-- Andres Salomon <email address hidden> Tue, 28 Nov 2023 23:33:06 -0500
| Superseded in sid-release |
chromium (120.0.6099.71-1) unstable; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2023-6508: Use after free in Media Stream.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2023-6509: Use after free in Side Panel Search.
Reported by Khalil Zhani.
- CVE-2023-6510: Use after free in Media Capture. Reported by [pwn2car].
- CVE-2023-6511: Inappropriate implementation in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-6512: Inappropriate implementation in Web Browser UI.
Reported by Om Apip.
* d/copyright: adjust path for chai.js & mocha.js deletion.
- delete third_party/libsecret.
* d/control: new build depends on libsecret-1-dev.
* d/scripts/unbundle: keep bundled libhwy; it's not available in bullseye.
- also keep vulkan_memory_allocator and flatbuffers.
* d/patches:
- fixes/gcc13-headers.patch: refresh.
- fixes/blink-frags.patch: drop part of patch & refresh.
- disable/catapult.patch: refresh.
- disable/driver-chrome-path.patch: update for minor upstream changes.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
- ungoogled/disable-web-environment-integrity.patch: update from
from ungoogled-chromium.
- upstream/mojo.patch: update patch from upstream's git.
- bookworm/clang16.patch: new patch working around upstream's clang18 flags.
- upstream/nullptr_t.patch: more libstdc++13 build fixes.
- upstream/string-include.patch: add a simple header include build fix.
- fixes/absl-optional.patch: add a workaround for a clang bug
(https://github.com/llvm/llvm-project/issues/50248) by providing our
own 'optional' header.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/0001-Add-PPC64-support-for-libdav1d.patch: refresh for
upstream changes
- third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch:
refresh for upstream changes
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
regenerate
- third_party/skia-vsx-instructions.patch: refresh for upstream changes
- third_party/use-sysconf-page-size-on-ppc64.patch: refresh for upstream
changes
- Mass refresh all other patches against 120 codebase. No functional
change.
-- Andres Salomon <email address hidden> Thu, 07 Dec 2023 15:00:36 -0500
| Superseded in sid-release |
chromium (119.0.6045.199-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-6348: Type Confusion in Spellcheck.
Reported by Mark Brand of Google Project Zero.
- CVE-2023-6347: Use after free in Mojo. Reported by
Leecraso and Guang Gong of 360 Vulnerability Research Institute.
- CVE-2023-6346: Use after free in WebAudio.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2023-6350: Out of bounds memory access in libavif.
Reported by Fudan University.
- CVE-2023-6351: Use after free in libavif. Reported by Fudan University.
- CVE-2023-6345: Integer overflow in Skia. Reported by
Benoît Sevens and Clément Lecigne of Google's Threat Analysis Group.
-- Andres Salomon <email address hidden> Tue, 28 Nov 2023 23:33:06 -0500
| Superseded in sid-release |
chromium (119.0.6045.159-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-5997: Use after free in Garbage Collection.
Reported by Anonymous.
- CVE-2023-6112: Use after free in Navigation.
Reported by Sergei Glazunov of Google Project Zero.
* Don't show errors on startup if Crash Reports directory doesn't exist.
* Check for $DISPLAY before trying to run xmessage in chromium's wrapper
script. Fall back to just using echo (closes: #1055765).
-- Andres Salomon <email address hidden> Tue, 14 Nov 2023 20:04:30 -0500
| Superseded in sid-release |
chromium (119.0.6045.123-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-5996: Use after free in WebAudio. Reported by
Huang Xilin of Ant Group Light-Year Security Lab via Tianfu Cup 2023.
* Replace libgl1-mesa-dev build dependency with libgl-dev.
* Drop d/patches/system/convertutf.patch; license issue has been fixed.
* d/copyright: stop deleting convert_UTF.* and document Unicode copyright
(closes: #1033136).
* d/patches/ppc64le/fixes/fix-breakpad-compile.patch: refresh due to convertutf
change.
-- Andres Salomon <email address hidden> Tue, 07 Nov 2023 23:49:10 -0500
| Superseded in sid-release |
chromium (119.0.6045.105-1) unstable; urgency=high
* New upstream stable release.
- CVE-2023-5480: Inappropriate implementation in Payments.
Reported by Vsevolod Kokorin (Slonser) of Solidlab.
- CVE-2023-5482: Insufficient data validation in USB. Reported by DarkNavy.
- CVE-2023-5849: Integer overflow in USB. Reported by DarkNavy.
- CVE-2023-5850: Incorrect security UI in Downloads.
Reported by Mohit Raj (shadow2639) .
- CVE-2023-5851: Inappropriate implementation in Downloads.
Reported by Shaheen Fazim.
- CVE-2023-5852: Use after free in Printing. Reported by [pwn2car].
- CVE-2023-5853: Incorrect security UI in Downloads. Reported by Hafiizh.
- CVE-2023-5854: Use after free in Profiles.
Reported by Dohyun Lee (@l33d0hyun) of SSD-Disclosure Labs & DNSLab, Korea Univ.
- CVE-2023-5855: Use after free in Reading Mode. Reported by ChaobinZhang.
- CVE-2023-5856: Use after free in Side Panel.
Reported by Weipeng Jiang (@Krace) of VRI.
- CVE-2023-5857: Inappropriate implementation in Downloads.
Reported by Will Dormann.
- CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Reported by Axel Chong.
- CVE-2023-5859: Incorrect security UI in Picture In Picture.
Reported by Junsung Lee
* d/patches:
- patches/bullseye/constexpr.patch: Add MiracleParameter workaround
* d/patches/ppc64le:
- Mass refresh all patches against 119 codebase. No functional change.
[ Andres Salomon ]
* d/patches:
- fixes/gcc13-headers.patch: drop parts that have been merged upstream.
- fixes/perfetto.patch: drop part that was merged upstream.
- upstream/sensor-reading.patch: drop, merged upstream.
- upstream/lweight.patch: drop, merged upstream.
- upstream/freetype.patch: drop, merged upstream.
- upstream/sizet.patch: drop, merged upstream.
- disable/catapult.patch: drop an unused hunk.
- disable/widevine-cdm-cu.patch: refresh.
- disable/privacy-sandbox.patch: rename, sync up with ungoogled-chromium,
and use the full ungoogled patch. The privacy sandbox config interface
is now gone, with no way to enable it.
- ungoogled/core/ungoogled-chromium/disable-web-environment-integrity.patch:
sync up with with ungoogled-chromium, and rename.
- fixes/blink-frags.patch: additional build fix for libstdc++13.
- fixes/gcc13-with-clang14.patch: drop, now that we've switched to clang-16.
- fixes/atspi.patch: fix build failure with atspi >= 2.50.
-- Timothy Pearson <email address hidden> Tue, 31 Oct 2023 23:50:00 -0500
| Superseded in sid-release |
chromium (118.0.5993.117-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-5472: Use after free in Profiles.
Reported by @18楼梦想改造家.
* d/patches:
- bookworm/clang-attribs.patch: drop, now that we've switched to clang-16.
- bookworm/typename.patch: drop, now that we've switched to clang-16.
- bookworm/struct-ctor.patch: drop, now that we've switched to clang-16.
- bookworm/structured-binding-scope-bug.patch: drop, now that we've
switched to clang-16.
- bookworm/stringpiece3.patch: drop, now that we've switched to clang-16.
- bookworm/initialize-const-ctor.patch: drop, now that we've switched to
clang-16.
- fixes/brandversion-construct.patch: drop, now that we've switched to
clang-16.
- fixes/SkColor4f-init.patch: drop, now that we've switched to clang-16.
-- Andres Salomon <email address hidden> Tue, 24 Oct 2023 20:00:54 -0400
| Superseded in sid-release |
chromium (118.0.5993.70-1) unstable; urgency=high
* New upstream stable release.
- CVE-2023-5218: Use after free in Site Isolation.
Reported by @18楼梦想改造家.
- CVE-2023-5487: Inappropriate implementation in Fullscreen.
Reported by Anonymous.
- CVE-2023-5484: Inappropriate implementation in Navigation.
Reported by Thomas Orlita.
- CVE-2023-5475: Inappropriate implementation in DevTools.
Reported by Axel Chong.
- CVE-2023-5483: Inappropriate implementation in Intents.
Reported by Axel Chong.
- CVE-2023-5481: Inappropriate implementation in Downloads.
Reported by Om Apip.
- CVE-2023-5476: Use after free in Blink History. Reported by Yunqin Sun.
- CVE-2023-5474: Heap buffer overflow in PDF. Reported by [pwn2car].
- CVE-2023-5479: Inappropriate implementation in Extensions API.
Reported by Axel Chong.
- CVE-2023-5485: Inappropriate implementation in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-5478: Inappropriate implementation in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-5477: Inappropriate implementation in Installer.
Reported by Bahaa Naamneh of Crosspoint Labs.
- CVE-2023-5486: Inappropriate implementation in Input. Reported by Hafiizh.
- CVE-2023-5473: Use after free in Cast. Reported by DarkNavy.
* d/patches/ppc64le:
- 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
upstream changes
- 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
- skia-vsx-instructions.patch: refresh for upstream changes
- third_party/0003-third_party-libvpx-Add-ppc64-generated-config.patch:
regenerate configs from upstream source
- database/0001-Properly-detect-little-endian-PPC64-systems.patch:
refresh
- ffmpeg/0001-Add-support-for-ppc64.patch: refresh
- fixes/fix-breakpad-compile.patch: refresh
- fixes/fix-unknown-warning-option-messages.diff: refresh
- libaom/0001-Add-ppc64-target-to-libaom.patch: refresh
- sandbox/0001-sandbox-linux-Update-IsSyscallAllowed-in-broker_proc.patch:
refresh
- sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch:
refresh
- sandbox/0008-sandbox-fix-ppc64le-glibc234.patch: refresh
- third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh
- third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.patch:
refresh
- third_party/0001-third_party-libvpx-Properly-generate-gni-on-ppc64.patch:
refresh
- third_party/0002-third-party-boringssl-add-generated-files.patch: refresh
- third_party/dawn-fix-ppc64le-detection.patch: refresh
- third_party/dawn-fix-typos.patch: refresh
- third_party/skia-vsx-instructions.patch: refresh
- third_party/use-sysconf-page-size-on-ppc64.patch: refresh
- workarounds/HACK-third_party-libvpx-use-generic-gnu.patch: refresh
[ Andres Salomon]
* d/copyright:
- blanket.js is gone, no need to remove it any more.
- delete some khronos images marked executable.
* d/patches:
- upstream/memory.patch: drop, merged upstream.
- upstream/sensor-reading.patch: add, gcc13 build fix from upstream.
- upstream/lweight.patch: add, gcc13 build fix from upstream.
- upstream/freetype.patch: add, fix freetype header inclusion FTBFS.
- upstream/sizet.patch: add, libstdc++ build fix from upstream.
- disable/unrar.patch: update for minor upstream changes.
- bookworm/struct-ctor.patch: add various new workarounds for clang-14.
- bookworm/structured-binding-scope-bug.patch: drop part of the patch.
- bullseye/clang13.patch: drop bullseye patches from sid.
- bullseye/constexpr.patch: drop bullseye patches from sid.
- ungoogled/.../disable-web-environment-integrity.patch: sync with
ungoogled-chromium for upstream changes.
-- Timothy Pearson <email address hidden> Tue, 10 Oct 2023 22:03:00 -0500
| Superseded in bullseye-release |
chromium (116.0.5845.180-1~deb11u1) bullseye-security; urgency=high
[ Andres Salomon]
* New upstream security release.
- CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy.
- CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI.
- CVE-2023-4763: Use after free in Networks. Reported by anonymous.
- CVE-2023-4764: Incorrect security UI in BFCache.
Reported by Irvan Kurniawan (sourc7).
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Add-PPC64-support-for-boringssl.patch: Fix incorrect function call
parameter types in gmult_func() and ghash_func() implementations
-- Andres Salomon <email address hidden> Tue, 05 Sep 2023 19:10:10 -0400
| Superseded in bookworm-release |
chromium (116.0.5845.180-1~deb12u1) bookworm-security; urgency=high
[ Andres Salomon]
* New upstream security release.
- CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy.
- CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI.
- CVE-2023-4763: Use after free in Networks. Reported by anonymous.
- CVE-2023-4764: Incorrect security UI in BFCache.
Reported by Irvan Kurniawan (sourc7).
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Add-PPC64-support-for-boringssl.patch: Fix incorrect function call
parameter types in gmult_func() and ghash_func() implementations
-- Andres Salomon <email address hidden> Tue, 05 Sep 2023 19:10:10 -0400
| Superseded in sid-release |
chromium (117.0.5938.149-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-5346: Type Confusion in V8. Reported by Amit Kumar.
-- Andres Salomon <email address hidden> Tue, 03 Oct 2023 19:31:26 -0400
| Superseded in sid-release |
chromium (117.0.5938.132-2) unstable; urgency=high * d/patches/fixes/v8-compressed-ptrs.patch: fix another armhf FTBFS. -- Andres Salomon <email address hidden> Sun, 01 Oct 2023 15:46:49 -0400
| Superseded in sid-release |
chromium (117.0.5938.132-1) unstable; urgency=high
* New upstream security release.
- CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx.
Reported by Clément Lecigne of Google's Threat Analysis Group.
- CVE-2023-5186: Use after free in Passwords. Reported by [pwn2car].
- CVE-2023-5187: Use after free in Extensions. Reported by Thomas Orlita.
-- Andres Salomon <email address hidden> Thu, 28 Sep 2023 00:41:20 -0400
| Superseded in sid-release |
chromium (117.0.5938.92-1) unstable; urgency=high
* New upstream stable release.
* Enable NEON on armhf. See
<https://lists.debian.org/debian-devel/2023/09/msg00175.html>.
* Add check in d/rules & chromium wrapper to ensure we don't build or
run on non-NEON armhf machines.
-- Andres Salomon <email address hidden> Wed, 27 Sep 2023 01:00:07 -0400
| Superseded in sid-release |
chromium (117.0.5938.62-1) unstable; urgency=high
[ Andres Salomon]
* New upstream stable release.
- CVE-2023-4900: Inappropriate implementation in Custom Tabs.
Reported by Levit Nudi from Kenya.
- CVE-2023-4901: Inappropriate implementation in Prompts.
Reported by Kang Ali.
- CVE-2023-4902: Inappropriate implementation in Input.
Reported by Axel Chong.
- CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
Reported by Ahmed ElMasry.
- CVE-2023-4904: Insufficient policy enforcement in Downloads.
Reported by Tudor Enache @tudorhacks.
- CVE-2023-4905: Inappropriate implementation in Prompts.
Reported by Hafiizh.
- CVE-2023-4906: Insufficient policy enforcement in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-4907: Inappropriate implementation in Intents.
Reported by Mohit Raj (shadow2639) .
- CVE-2023-4908: Inappropriate implementation in Picture in Picture.
Reported by Axel Chong.
- CVE-2023-4909: Inappropriate implementation in Interstitials.
Reported by Axel Chong.
* d/copyright: drop rust, llvm, siso, & cargo binaries.
* d/patches:
- fixes/size.patch: drop, merged upstream.
- fixes/variant.patch: drop, merged upstream.
- fixes/vector.patch: drop, merged upstream.
- upstream/contains.patch: drop, merged upstream.
- upstream/hvec.patch: drop, merged upstream.
- upstream/limits.patch: drop, merged upstream.
- upstream/statelessV4L2.patch: drop, merged upstream.
- fixes/widevine-locations.patch: refresh for minor upstream changes.
- disable/android.patch: drop half the patch.
- disable/catapult.patch: refresh for minor upstream changes.
- disable/tests.patch: refresh for minor upstream changes.
- disable/unrar.patch: refresh for minor upstream changes.
- fixes/material-utils.patch: build fix for clang w/ libstdc++.
- rename fixes/null.patch to fixes/perfetto.patch.
- upstream/memory.patch: build fix for missing header.
- bookworm/struct-ctor.patch: add a bunch more build workarounds for
clang-14.
- bookworm/stringpiece3.patch: another clang-14 StringPiece to
std::string explicit conversion.
- bookworm/typename.patch: add more explicit typename declarations for
clang-14.
- bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
scope workarounds.
- bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
const member inside a struct.
- ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
- disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
off by default.
* Switch to using bundled brotli, as the version in debian is too old.
And so we can drop d/patches/bookworm/brotli.patch, too.
* Switch from clang-14 to clang-16 (closes: #1051355).
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
changes
- 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
- 0002-third-party-boringssl-add-generated-files.patch: refresh for
upstream changes
- 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
upstream changes
- 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
upstream changes
- skia-vsx-instructions.patch: refresh for upstream changes
- 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
- 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
* d/patches/ungoogled:
- core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
"Web Environment Integrity" trial and remove from build (closes: #1042111)
-- Andres Salomon <email address hidden> Wed, 13 Sep 2023 22:26:10 -0400
| Superseded in sid-release |
chromium (116.0.5845.180-1) unstable; urgency=high
[ Andres Salomon]
* New upstream security release.
- CVE-2023-4761: Out of bounds memory access in FedCM. Reported by DarkNavy.
- CVE-2023-4762: Type Confusion in V8. Reported by Rong Jian of VRI.
- CVE-2023-4763: Use after free in Networks. Reported by anonymous.
- CVE-2023-4764: Incorrect security UI in BFCache.
Reported by Irvan Kurniawan (sourc7).
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Add-PPC64-support-for-boringssl.patch: Fix incorrect function call
parameter types in gmult_func() and ghash_func() implementations
-- Andres Salomon <email address hidden> Tue, 05 Sep 2023 19:10:10 -0400
Available diffs
| 1 → 75 of 230 results | First • Previous • Next • Last |
