* New upstream release 34.0.1847.116: - CVE-2014-1716: UXSS in V8. - CVE-2014-1717: OOB access in V8. - CVE-2014-1718: Integer overflow in compositor. - CVE-2014-1719: Use-after-free in web workers. - CVE-2014-1720: Use-after-free in DOM. - CVE-2014-1721: Memory corruption in V8. - CVE-2014-1722: Use-after-free in rendering. - CVE-2014-1723: Url confusion with RTL characters. - CVE-2014-1724: Use-after-free in speech. - CVE-2014-1725: OOB read with window property. - CVE-2014-1726: Local cross-origin bypass. - CVE-2014-1727: Use-after-free in forms. - CVE-2014-1728: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2014-1729: Multiple vulnerabilities in V8 fixed in version 3.24.35.22. + Now ignores "autocomplete=off" in web forms. (LP: #1294325) * debian/rules: Enable high-DPI. Enable touch support. These require using Aura toolkit. * debian/patches/gsettings-display-scaling: Get scaling factor from gsettings. * debian/patches/touch: Enable touch on XInput2 slave pointer touch devices. * debian/rules, debian/chromium-browser.sh.in: If lib dir contains a dir matching our version, then use version dir as the new lib dir. This is an attempto to mitigate version upgrade hangs. * debian/chromium-browser.sh.in: Add a command line parameter to diasble pinch gestures. * debian/patches/display-scaling-default-value: Set default scaling to 1 on hardware, because hardware often lies, but should be recoverable at 1:1. * debian/patches/display-scaling-report-hardware-info: Log hardware reports. * debian/rules: Emit messages on a timer to prevent dumb build-bots from killing long, silent linker stages. * debian/control: Add libexif-dev, libgcrypt-dev to build-deps. * debian/control: Add Recommend pepperflashplugin-nonfree . NPAPI is dying. * debian/control: Drop Recommend x11-xserver-utils, x11-utils . * debian/control: Add libexif-dev to build-deps. * debian/apport/chromium-browser.py: Convert encoded bytes to str before splitting. Converting these to str at all is wrong, though.