Merge from chromium-browser.lucid #637 * New upstream release from the Stable Channel (LP: #881786) This release fixes the following security issues: - [86758] High CVE-2011-2845: URL bar spoof in history handling. Credit to Jordi Chancel. - [88949] Medium CVE-2011-3875: URL bar spoof with drag+drop of URLs. Credit to Jordi Chancel. - [90217] Low CVE-2011-3876: Avoid stripping whitespace at the end of download filenames. Credit to Marc Novak. - [91218] Low CVE-2011-3877: XSS in appcache internals page. Credit to Google Chrome Security Team (Tom Sepez) plus independent discovery by Juho Nurminen. - [94487] Medium CVE-2011-3878: Race condition in worker process initialization. Credit to miaubiz. - [95374] Low CVE-2011-3879: Avoid redirect to chrome scheme URIs. Credit to Masato Kinugawa. - [95992] Low CVE-2011-3880: Don’t permit as a HTTP header delimiter. Credit to Vladimir Vorontsov, ONsec company. - [96047] [96885] [98053] [99512] [99750] High CVE-2011-3881: Cross-origin policy violations. Credit to Sergey Glazunov. - [96292] High CVE-2011-3882: Use-after-free in media buffer handling. Credit to Google Chrome Security Team (Inferno). - [96902] High CVE-2011-3883: Use-after-free in counter handling. Credit to miaubiz. - [97148] High CVE-2011-3884: Timing issues in DOM traversal. Credit to Brian Ryner of the Chromium development community. - [97599] [98064] [98556] [99294] [99880] [100059] High CVE-2011-3885: Stale style bugs leading to use-after-free. Credit to miaubiz. - [98773] [99167] High CVE-2011-3886: Out of bounds writes in v8. Credit to Christian Holler. - [98407] Medium CVE-2011-3887: Cookie theft with javascript URIs. Credit to Sergey Glazunov. - [99138] High CVE-2011-3888: Use-after-free with plug-in and editing. Credit to miaubiz. - [99211] High CVE-2011-3889: Heap overflow in Web Audio. Credit to miaubiz. - [99553] High CVE-2011-3890: Use-after-free in video source handling. Credit to Ami Fischman of the Chromium development community. - [100332] High CVE-2011-3891: Exposure of internal v8 functions. Credit to Steven Keuchel of the Chromium development community plus independent discovery by Daniel Divricean. * Refresh patches - update debian/patches/dlopen_sonamed_gl.patch - update debian/patches/webkit_rev_parser.patch * Disable NaCl until we figure out what to do with the private toolchain - update debian/rules * Do not install the pseudo_locales files in the debs - update debian/rules * Add python-simplejson to Build-depends. This is needed by NaCl even with NaCl disabled, so this is a temporary workaround to unbreak the build, it must be fixed upstream - update debian/control