~pali/chromium-browser/precise-working : changes

~pali/chromium-browser/precise-working » Changes from revision 980

From Revision 980 to 961

Rev	Summary	Authors	Date
980	Disable patch ld-memory-32bit.patch Disable patch ld-memory-32bit.patch	Pali Rohár	8 years ago
979	Fix patch ld-memory-32bit.patch Fix patch ld-memory-32bit.patch	Pali Rohár	8 years ago
978	* Upstream release 45.0.2454.85 * Upstream release 45.0.2454.85	Pali Rohár	8 years ago
977	Fix gcc ABI for precise Fix gcc ABI for precise	Pali Rohár	8 years ago
976	* debian/control: codec library packages replace the libffmp... * debian/control: codec library packages replace the libffmpeg.so that was in chromium packages before now. * debian/control: codec packages can't reasonably be updated separately than chromium. Depend with version specification also.	Chad MILLER	8 years ago
975	Re-add accidentally deleted lib copy line. Re-add accidentally deleted lib copy line.	Chad MILLER	8 years ago
974	* Upstream release 44.0.2403.89: (LP: #1477662) * Upstream release 44.0.2403.89: (LP: #1477662) - CVE-2015-1271: Heap-buffer-overflow in pdfium. - CVE-2015-1273: Heap-buffer-overflow in pdfium. - CVE-2015-1274: Settings allowed executable files to run immediately after download. - CVE-2015-1275: UXSS in Chrome for Android. - CVE-2015-1276: Use-after-free in IndexedDB. - CVE-2015-1279: Heap-buffer-overflow in pdfium. - CVE-2015-1280: Memory corruption in skia. - CVE-2015-1281: CSP bypass. - CVE-2015-1282: Use-after-free in pdfium. - CVE-2015-1283: Heap-buffer-overflow in expat. - CVE-2015-1284: Use-after-free in blink. - CVE-2015-1286: UXSS in blink. - CVE-2015-1287: SOP bypass with CSS. - CVE-2015-1270: Uninitialized memory read in ICU. - CVE-2015-1272: Use-after-free related to unexpected GPU process termination. - CVE-2015-1277: Use-after-free in accessibility. - CVE-2015-1278: URL spoofing using pdf files. - CVE-2015-1285: Information leak in XSS auditor. - CVE-2015-1288: Spell checking dictionaries fetched over HTTP. - CVE-2015-1289: Various fixes from internal audits, fuzzing and other initiatives. * debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a first-class component library now, not a special snowflake. Still, build it differently, but build flags are different. * debian/tests/smoketest-actual: Remove some innocuous mentions of "error" before testing for actual errors. [Chad Miller] * Upstream release 43.0.2357.130: - CVE-2015-1266: Scheme validation error in WebUI. - CVE-2015-1268: Cross-origin bypass in Blink. - CVE-2015-1267: Cross-origin bypass in Blink. - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. * debian/tests/smoketest-actual: Capture web-server log so we can get port and test retreival. Fixes autopkgtest failures. * debian/patches/widevine-other-locations: Search Chrome install location to find widevine plugins. * Use new Flash plugin name in apport collector. * debian/patches/gpu_default_disabled: Make GPU activation a (default off) preference instead of blacklisting. [Iain Lane] * Test fixes. * debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11 which are required by the testsuite. * debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so that the test can read these.	Chad MILLER	8 years ago
973	Add Webkit linking to be smarter for bit-starved machines. Add Webkit linking to be smarter for bit-starved machines.	Chad MILLER	8 years ago
972	Replace patch name. Replace patch name.	Chad MILLER	8 years ago
971	[Chad Miller] [Chad Miller] * Upstream release 43.0.2357.130: - CVE-2015-1266: Scheme validation error in WebUI. - CVE-2015-1268: Cross-origin bypass in Blink. - CVE-2015-1267: Cross-origin bypass in Blink. - CVE-2015-1269: Normalization error in HSTS/HPKP preload list. * debian/tests/smoketest-actual: Capture web-server log so we can get port and test retreival. Fixes autopkgtest failures. * debian/patches/widevine-other-locations: Search Chrome install location to find widevine plugins. * Use new Flash plugin name in apport collector. * debian/patches/gpu_default_disabled: Make GPU activation a (default off) preference instead of blacklisting. [Iain Lane] * Test fixes. * debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11 which are required by the testsuite. * debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so that the test can read these. * Upstream release 43.0.2357.81. - "Icons not displaying properly on Linux" (LP: #1449063) * Upstream release 43.0.2357.65: - CVE-2015-1252: Sandbox escape in Chrome. - CVE-2015-1253: Cross-origin bypass in DOM. - CVE-2015-1254: Cross-origin bypass in Editing. - CVE-2015-1255: Use-after-free in WebAudio. - CVE-2015-1256: Use-after-free in SVG. - CVE-2015-1251: Use-after-free in Speech. - CVE-2015-1257: Container-overflow in SVG. - CVE-2015-1258: Negative-size parameter in Libvpx. - CVE-2015-1259: Uninitialized value in PDFium. - CVE-2015-1260: Use-after-free in WebRTC. - CVE-2015-1261: URL bar spoofing. - CVE-2015-1262: Uninitialized value in Blink. - CVE-2015-1263: Insecure download of spellcheck dictionary. - CVE-2015-1264: Cross-site scripting in bookmarks. - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21). * debian/patches/display-scaling-report-hardware-info: removed, unnecessary. * debian/patches/coordinate-space-map: removed, unnecessary. * debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until ARM works. * debian/chromium-browser.sh.in: Add --verbose to get logging info. * debian/patches/{notifications-nicer,mir-support}: disable unnecessary patches. * debian/control, debian/chromium-browser.sh.in: Prompt nothing about Flash plugin. Send Help clicks to Wiki instead. * Upstream release 42.0.2311.135: - CVE-2015-1243: Use-after-free in DOM. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. * Upstream release 42.0.2311.90: - CVE-2015-1235: Cross-origin-bypass in HTML parser. - CVE-2015-1236: Cross-origin-bypass in Blink. - CVE-2015-1237: Use-after-free in IPC. - CVE-2015-1238: Out-of-bounds write in Skia. - CVE-2015-1240: Out-of-bounds read in WebGL. - CVE-2015-1241: Tap-Jacking. - CVE-2015-1242: Type confusion in V8. - CVE-2015-1244: HSTS bypass in WebSockets. - CVE-2015-1245: Use-after-free in PDFium. - CVE-2015-1247: Scheme issues in OpenSearch. - CVE-2015-1248: SafeBrowsing bypass. * Upstream release 41.0.2272.118: - CVE-2015-1233: A special thanks to Anonymous for a combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2015-1234: Buffer overflow via race condition in GPU. * Change assumed X-resource DPI from 108 to 96. That's closer to 100. * Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val nonzero on failure. * debian/generate-snappy.mk, debian/rules: Start to generate snap packages if available. * debian/chromium-browser.sh.in: Test for /etc/ dir before listing it. * debian/chromium-browser.sh.in, debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users to update flash player. * debian/chromium-browser-etc-customizations-flash-staleness: Pass only one flash-player start param to chromium. Prefer the new one. * debian/patches/arm-neon.patch: exclude new armv7=neon assumptions. * debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all contribute to the largest crash report in errors.ubuntu.com. Let's disable GPUs for now. * debian/chromium-browser.sh.in: Presence of old Flash is not a reason to suggest new plugin. If new plugin exists, be silent. Do not rely on new plugin to Conflicts and remove all the old bad ones. * debian/patches/enable_vaapi_on_linux.diff: Enable video acceleration library. * debian/patches/fix_building_widevinecdm_with_chromium.patch: If exterior-sourced widevine library exists at run-time, use it.	Chad MILLER	8 years ago
970	Fix ld free-memory patch Fix ld free-memory patch	Chad MILLER	8 years ago
969	debian/patches/ld-memory-32bit.patch: Keep. We still need on... debian/patches/ld-memory-32bit.patch: Keep. We still need on precise.	Chad MILLER	8 years ago
968	Remove references to staleness check file. Remove references to staleness check file.	Chad MILLER	8 years ago
967	debian/control, debian/chromium-browser.sh.in: Prompt nothin... debian/control, debian/chromium-browser.sh.in: Prompt nothing about Flash plugin. Send Help clicks to Wiki instead.	Chad MILLER	8 years ago
966	Don't include any scaling features for precise. Too old gset... Don't include any scaling features for precise. Too old gsettings, and new feature.	Chad MILLER	8 years ago
965	* Upstream release 43.0.2357.81. * Upstream release 43.0.2357.81. - "Icons not displaying properly on Linux" (LP: #1449063) * debian/chromium-browser.sh.in: Add --verbose to get logging info.	Chad MILLER	8 years ago
964	debian/patches/enable_vaapi_on_linux.diff: Temporarily disab... debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until ARM works.	Chad MILLER	8 years ago
963	* Upstream release 43.0.2357.65: * Upstream release 43.0.2357.65: - CVE-2015-1252: Sandbox escape in Chrome. - CVE-2015-1253: Cross-origin bypass in DOM. - CVE-2015-1254: Cross-origin bypass in Editing. - CVE-2015-1255: Use-after-free in WebAudio. - CVE-2015-1256: Use-after-free in SVG. - CVE-2015-1251: Use-after-free in Speech. - CVE-2015-1257: Container-overflow in SVG. - CVE-2015-1258: Negative-size parameter in Libvpx. - CVE-2015-1259: Uninitialized value in PDFium. - CVE-2015-1260: Use-after-free in WebRTC. - CVE-2015-1261: URL bar spoofing. - CVE-2015-1262: Uninitialized value in Blink. - CVE-2015-1263: Insecure download of spellcheck dictionary. - CVE-2015-1264: Cross-site scripting in bookmarks. - CVE-2015-1265: Various fixes from internal audits, fuzzing and other initiatives. - Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch (currently 4.3.61.21). * debian/patches/display-scaling-report-hardware-info: removed, unnecessary. * debian/patches/coordinate-space-map: removed, unnecessary. * Upstream release 42.0.2311.135: - CVE-2015-1243: Use-after-free in DOM. - CVE-2015-1250: Various fixes from internal audits, fuzzing and other initiatives. * debian/chromium-browser.sh.in, debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users * debian/chromium-browser-etc-customizations-flash-staleness: Pass only one flash-player start param to chromium. Prefer the new one. * debian/patches/all_gpus_blacklisted: AMD, Intel, and NVIDIA cards all contribute to the largest crash report in errors.ubuntu.com. Let's disable GPUs for now. * debian/chromium-browser.sh.in: Presence of old Flash is not a reason to suggest new plugin. If new plugin exists, be silent. Do not rely on new plugin to Conflicts and remove all the old bad ones. * debian/patches/enable_vaapi_on_linux.diff: Enable video acceleration library. * debian/patches/fix_building_widevinecdm_with_chromium.patch: If exterior-sourced widevine library exists at run-time, use it.	Chad MILLER	8 years ago
962	debian/patches/arm-neon.patch: exclude new armv7=neon assump... debian/patches/arm-neon.patch: exclude new armv7=neon assumptions.	Chad MILLER	9 years ago
961	* Upstream release 42.0.2311.90: * Upstream release 42.0.2311.90: - CVE-2015-1235: Cross-origin-bypass in HTML parser. - CVE-2015-1236: Cross-origin-bypass in Blink. - CVE-2015-1237: Use-after-free in IPC. - CVE-2015-1238: Out-of-bounds write in Skia. - CVE-2015-1240: Out-of-bounds read in WebGL. - CVE-2015-1241: Tap-Jacking. - CVE-2015-1242: Type confusion in V8. - CVE-2015-1244: HSTS bypass in WebSockets. - CVE-2015-1245: Use-after-free in PDFium. - CVE-2015-1247: Scheme issues in OpenSearch. - CVE-2015-1248: SafeBrowsing bypass. * Upstream release 41.0.2272.118: - CVE-2015-1233: A special thanks to Anonymous for a combination of V8, Gamepad and IPC bugs that can lead to remote code execution outside of the sandbox. - CVE-2015-1234: Buffer overflow via race condition in GPU. * Change assumed X-resource DPI from 108 to 96. That's closer to 100. * Autopkgtest now depends on x11-apps to get xwd. Make smoketest exit val nonzero on failure. * debian/generate-snappy.mk, debian/rules: Start to generate snap packages if available. * debian/chromium-browser.sh.in: Test for /etc/ dir before listing it. * debian/chromium-browser-etc-customizations-flash-staleness: Ask sudo users to update flash player. * Upstream release 41.0.2272.76: - CVE-2015-1212: Out-of-bounds write in media. - CVE-2015-1213: Out-of-bounds write in skia filters. - CVE-2015-1214: Out-of-bounds write in skia filters. - CVE-2015-1215: Out-of-bounds write in skia filters. - CVE-2015-1216: Use-after-free in v8 bindings. - CVE-2015-1217: Type confusion in v8 bindings. - CVE-2015-1218: Use-after-free in dom. - CVE-2015-1219: Integer overflow in webgl. - CVE-2015-1220: Use-after-free in gif decoder. - CVE-2015-1221: Use-after-free in web databases. - CVE-2015-1222: Use-after-free in service workers. - CVE-2015-1223: Use-after-free in dom. - CVE-2015-1230: Type confusion in v8. - CVE-2015-1224: Out-of-bounds read in vpxdecoder. - CVE-2015-1225: Out-of-bounds read in pdfium. - CVE-2015-1226: Validation issue in debugger. - CVE-2015-1227: Uninitialized value in blink. - CVE-2015-1228: Uninitialized value in rendering. - CVE-2015-1229: Cookie injection via proxies. - CVE-2015-1231: Various fixes from internal audits, fuzzing and other initiatives.	Chad MILLER	9 years ago

Older »