~cmiller/chromium-browser/ppa-state-stable-lucid : changes

~cmiller/chromium-browser/ppa-state-stable-lucid » Changes from revision 750

From Revision 750 to 731

Rev	Summary	Authors	Date
750	Releasing on disto 'lucid' Releasing on disto 'lucid'	Chad Miller	11 years ago
749	* Insert multilib info directly into nss runtime library loa... * Insert multilib info directly into nss runtime library loading. Update debian/rules . * Enable NEON support for hard-float ARM. Actual use should be a runtime check, or is a bug.	Chad Miller	11 years ago
748	Work around a SIGBUS on ARM. Added Work around a SIGBUS on ARM. Added debian/patches/safe-browsing-sigbus.patch	Chad Miller	11 years ago
747	Drop extraneous no-circular-check in debian/rules GYP run. Drop extraneous no-circular-check in debian/rules GYP run. Never build with "component=shared_library".	Chad Miller	11 years ago
746	Loosen a build-dep that is not supported syntax yet. Loosen a build-dep that is not supported syntax yet.	Chad Miller	11 years ago
745	Merge rules from quantal with mutations for LTS. Merge rules from quantal with mutations for LTS.	Chad Miller	11 years ago
744	Reverse sense of src/out removal test so that it succeeds wh... Reverse sense of src/out removal test so that it succeeds when not present.	Chad Miller	11 years ago
743	[Chris Coulson] [Chris Coulson] * Make it possible to build armv7 without neon optimizations - update debian/patches/arm-neon.patch * Don't assume that arm linux builds are cross-builds - add debian/patches/dont-assume-cross-compile-on-arm.patch - update debian/patches/series * Build with "component=shared_library" on 32-bit architectures, which splits the large binary in to a smaller executable with several shared objects. This is needed since the linker runs out of address space when linking the main chromium binary with debug symbols - update debian/rules - update debian/control - update debian/chromium-browser.install [Chad MILLER] * debian/chromium-browser.desktop: No absolute path to executable. Use PATH from environment. LP:1008741 * Make the "clean" rule behave better. Test differently for src/obj/ and never involve the upstream Makefile. Update debian/rules . * Don't over-clean. The makefiles generated by GYP are fine to include in orig tarball. * Use Google API keys in Ubuntu, as approved by Paweł Hajdan @ Google. * New stable version 26.0.1410.63. No CVEs to report. * New stable version 26.0.1410.43: - CVE-2013-0916: Use-after-free in Web Audio. - CVE-2013-0917: Out-of-bounds read in URL loader. - CVE-2013-0918: Do not navigate dev tools upon drag and drop. - CVE-2013-0919: Use-after-free with pop-up windows in extensions. - CVE-2013-0920: Use-after-free in extension bookmarks API. - CVE-2013-0921: Ensure isolated web sites run in their own processes. - CVE-2013-0922: Avoid HTTP basic auth brute force attempts. - CVE-2013-0923: Memory safety issues in the USB Apps API. - CVE-2013-0924: Check an extension’s permissions API usage again file permissions. - CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. - CVE-2013-0926: Avoid pasting active tags in certain situations. * debian/patches/arm-crypto.patch . Drop patch. Unnecessary now. * Always use verbose building. Update debian/rules . * Always use sandbox. It shouldn't be an option. Nothing works without it any more. Update debian/rules . * Always use extra debugging "-g" flag. Update debian/rules . * Try to be more multiarch aware. Update debian/control . * Drop many lintian overrides. Update debian/source/lintian-overrides . * Include autotoools-dev in build-deps so that cdbs will update autoconf helper files in source automatically. Update debian/control . * Update standards version to 3.9.4 in debian/control . * When executable is split into libraries, strip debug symbols from enormous libraries even in dbg packages. This affects webkit only, in actuality. Update debian/rules . * Clean up some "tar" usage in debian/rules . * Don't include hardening on armhf. Update debian/rules .	Chad Miller	11 years ago
742	Set correct distro version. Set correct distro version.	Chad Miller	11 years ago
741	* New stable version 25.0.1364.160: * New stable version 25.0.1364.160: - CVE-2013-0912: Type confusion in WebKit.	Chad Miller	11 years ago
740	In clean, don't try to use the TMP_DIR, just the CURDIR, as ... In clean, don't try to use the TMP_DIR, just the CURDIR, as that is the build root.	Chad Miller	11 years ago
739	Release 25.0.1364.152. Release 25.0.1364.152.	Chad Miller	11 years ago
738	* New stable version 25.0.1364.152: * New stable version 25.0.1364.152: - CVE-2013-0902: Use-after-free in frame loader. - CVE-2013-0903: Use-after-free in browser navigation handling. - CVE-2013-0904: Memory corruption in Web Audio. - CVE-2013-0905: Use-after-free with SVG animations. - CVE-2013-0906: Memory corruption in Indexed DB. - CVE-2013-0907: Race condition in media thread handling. - CVE-2013-0908: Incorrect handling of bindings for extension processes. - CVE-2013-0909: Referer leakage with XSS Auditor. - CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly. - CVE-2013-0911: Possible path traversal in database handling. * debian/patches/arm-crypto.patch - Added patch to distinguish normal ARM and hard-float ARM in crypto NSS inclusion.	Chad Miller	11 years ago
737	debian/patches/lucid-compat-json-collections.patch debian/patches/lucid-compat-json-collections.patch Added to support Lucid's Python 2.6.	Chad Miller	11 years ago
736	Drop remnant of merge failure. This patch was renamed, but ... Drop remnant of merge failure. This patch was renamed, but series has old name too.	Chad Miller	11 years ago
735	Remove bad merge lines from control file about chromedriver. Remove bad merge lines from control file about chromedriver.	Chad Miller	11 years ago
734	Synch changelog from release. Synch changelog from release.	Chad Miller	11 years ago
733	* Disable lintian warnings about outdated autoconf files in ... * Disable lintian warnings about outdated autoconf files in source tree. * New stable version 25.0.1364.97: - CVE-2013-0879: Memory corruption with web audio node. - CVE-2013-0880: Use-after-free in database handling. - CVE-2013-0881: Bad read in Matroska handling. - CVE-2013-0882: Bad memory access with excessive SVG parameters. - CVE-2013-0883: Bad read in Skia. - CVE-2013-0885: Too many API permissions granted to web store. - CVE-2013-0887: Developer tools process has too many permissions and places too much trust in the connected server. - CVE-2013-0888: Out-of-bounds read in Skia. - CVE-2013-0889: Tighten user gesture check for dangerous file downloads. - CVE-2013-0890: Memory safety issues across the IPC layer. - CVE-2013-0891: Integer overflow in blob handling. - CVE-2013-0892: Lower severity issues across the IPC layer. - CVE-2013-0893: Race condition in media handling. - CVE-2013-0894: Buffer overflow in vorbis decoding. - CVE-2013-0895: Incorrect path handling in file copying. - CVE-2013-0896: Memory management issues in plug-in message handling. - CVE-2013-0897: Off-by-one read in PDF. - CVE-2013-0898: Use-after-free in URL handling. - CVE-2013-0899: Integer overflow in Opus handling. - CVE-2013-0900: Race condition in ICU. * New stable version 24.0.1312.52: - CVE-2012-5145: Use-after-free in SVG layout. - CVE-2012-5146: Same origin policy bypass with malformed URL. - CVE-2012-5147: Use-after-free in DOM handling. - CVE-2012-5148: Missing filename sanitization in hyphenation support. - CVE-2012-5149: Integer overflow in audio IPC handling. - CVE-2012-5150: Use-after-free when seeking video. - CVE-2012-5151: Integer overflow in PDF JavaScript. - CVE-2012-5152: Out-of-bounds read when seeking video. - CVE-2012-5153: Out-of-bounds stack access in v8. - CVE-2012-5156: Use-after-free in PDF fields. - CVE-2012-5157: Out-of-bounds reads in PDF image handling. - CVE-2013-0828: Bad cast in PDF root handling. - CVE-2013-0829: Corruption of database metadata leading to incorrect file access. - CVE-2013-0830: Missing NUL termination in IPC. - CVE-2013-0831: Possible path traversal from extension process. - CVE-2013-0832: Use-after-free with printing. - CVE-2013-0833: Out-of-bounds read with printing. - CVE-2013-0834: Out-of-bounds read with glyph handling. - CVE-2013-0835: Browser crash with geolocation. - CVE-2013-0836: Crash in v8 garbage collection. - CVE-2013-0837: Crash in extension tab handling. - CVE-2013-0838: Tighten permissions on shared memory segments. * Add libpci-dev to build-deps. * debian/patches/ffmpeg-gyp-config. - Renamed from debian/patches/gyp-config-root - Write includes for more targets in ffmpeg building. * debian/rules: - Adopt some ARM build conditions from Debian. - Write REMOVED files in correct place. * Put GOOG search credit in a patch so we know when it fails. Also add credit to the other search idioms for GOOG. * Clean up debian/rules file. Stop matching Ubuntu versions outside of Ubuntu environments. Match patterns instead of whole words because releases can have any number of updates. * Update README.source to include some of these changes. * Set new URL for channel-release info in rules file. * debian/patches/chromium_useragent.patch.in renamed to drop ".in", OS "Ubuntu" hardcoded with no compilation-release name, and patch refreshed to follow new location of source. Also remove it from the list of ephemeral files that "clean" rule removes. * In debian/rules, use "-delete" flag on find instead of "-exec rm {} \;", to be safer and faster. * Make most patches follow a common format (no timestamps or Index lines), to avoid future churn. * Write the "REMOVED" list files to the root of the orig tarball, instead of inside the src/ directory, where they could collide. * Fix dpkg-source warning: Clean up python cached bytecode files. * Also don't include python bytecode or cache files in orig tarball, and clean then up on "clean" rule. * Fix dpkg-source warning: Remove autoconf cache. * Fix lintian warning: fta and micahg to XSBC-Original-Maintainer. * Fix lintian error not-binnmuable-all-depends-any. * Override lintian complaints ancient-autotools-helper-file and unused-build-dependency-on-cdbs. * Drop "lzma" from build dependencies. * Set default binary and source package compression to xz. If building for Ubuntu 10.04, then make binary's compression to bzip2. * List explicit architectures that Chromium supports, instead of "any". Cr {arm ia32 x64} map into Debian {armhf armel i386 amd64}. * debian/patches/arm-neon.patch added to get ARM w/o Neon support. (LP: #1084852) * Add chromedriver packaging. (LP: #1069930) Thanks to John Rigby <john.rigby@linaro.org> * In debian/rules, avoid creating invalid subst expression in sed of DEBIAN* vars into files. * Note localization in package description for support for ast, bs, en-AU, eo, hy, ia, ka, ku, kw, ms. * No longer include Launchpad-generated translations. Disable patch grd_parse_fix.patch . * Set default binary and source package compression to xz. If building for Ubuntu 10.04, then make binary's compression to bzip2. * No longer expect unpacked tarball to contain "build-tree". * Fix build warning about missing debian/source/format. Set to "3.0 (quilt)". * Remove unnecessary glib-header-single-entry.patch . * Manually set DEB_{BUILD,HOST}_ARCH when not already set, like when the executing program is not dpkg-buildpackage. * Make rules file generate LASTCHANGE file at new location. * Change get-sources command to kill script when it fails to disable gyp-chromium run from DEPS. Never fail silently again. * Add patches/struct-siginfo.patch to work around source bug in dereferencing internal stuct instead of public type. * Drop SCM revision from the version. * Refresh patches from lp:unity-chromium-extension . * Make all patches follow a common format, to avoid future churn. No timestamps, a/b parent, sorted, no index. * New upstream version 23.0.1271.97 - CVE-2012-5139: Use-after-free with visibility events. - CVE-2012-5140: Use-after-free in URL loader. - CVE-2012-5141: Limit Chromoting client plug-in instantiation. - CVE-2012-5142: Crash in history navigation. - CVE-2012-5143: Integer overflow in PPAPI image buffers. - CVE-2012-5144: Stack corruption in AAC decoding. * New upstream version 23.0.1271.95 - CVE-2012-5138: Incorrect file path handling. - CVE-2012-5137: Use-after-free in media source handling. * New upstream version 23.0.1271.91 - CVE-2012-5133: Use-after-free in SVG filters. - CVE-2012-5130: Out-of-bounds read in Skia. - CVE-2012-5132: Browser crash with chunked encoding. - CVE-2012-5134: Buffer underflow in libxml. - CVE-2012-5135: Use-after-free with printing. - CVE-2012-5136: Bad cast in input element handling. * Includes CVE fixes for 23.0.1271.64 - CVE-2012-5127: Integer overflow leading to out-of-bounds read in WebP handling. - CVE-2012-5120: Out-of-bounds array access in v8. - CVE-2012-5116: Use-after-free in SVG filter handling. - CVE-2012-5121: Use-after-free in video layout. - CVE-2012-5117: Inappropriate load of SVG subresource in img context. - CVE-2012-5119: Race condition in Pepper buffer handling. - CVE-2012-5122: Bad cast in input handling. - CVE-2012-5123: Out-of-bounds reads in Skia. - CVE-2012-5124: Memory corruption in texture handling. - CVE-2012-5125: Use-after-free in extension tab handling. - CVE-2012-5126: Use-after-free in plug-in placeholder handling. - CVE-2012-5128: Bad write in v8.	Chad Miller	11 years ago
732	* New upstream version 24.0.1312.69. (No CVEs to report.) * New upstream version 24.0.1312.69. (No CVEs to report.) * New upstream version 24.0.1312.68. (No CVEs to report.) * New upstream version 24.0.1312.57. (No CVEs to report.)	Chad Miller	11 years ago
731	* New upstream version 24.0.1312.68. * New upstream version 24.0.1312.68. - Fixes Pepper-Flash player "not loading" bug.	Chad Miller	11 years ago

Older »