~ubuntu-branches/ubuntu/lucid/chromium-browser/lucid-updates

Viewing changes to debian/rules

Committer: Bazaar Package Importer
Author(s): Micah Gersten, Fabien Tassin, Micah Gersten
Date: 2011-10-12 01:16:47 UTC
mfrom: (18.1.20 lucid-security)
Revision ID: james.westby@ubuntu.com-20111012011647-9l6d1zzpjf67a3fl

Tags: 14.0.835.202~r103287-0ubuntu0.10.04.2

* New upstream release from the Stable Channel (LP: #858744)
  This release fixes the following security issues:
  + Chromium issues (13.0.782.220):
    - Trust in Diginotar Intermediate CAs revoked
  + Chromium issues (14.0.835.163):
    - [49377] High CVE-2011-2835: Race condition in the certificate cache.
      Credit to Ryan Sleevi.
    - [57908] Low CVE-2011-2837: Use PIC / pie compiler flags. Credit to
      wbrana.
    - [75070] Low CVE-2011-2838: Treat MIME type more authoritatively when
      loading plug-ins. Credit to Michal Zalewski.
    - [78639] High CVE-2011-2841: Garbage collection error in PDF. Credit to
      Mario Gomes.
    - [82438] Medium CVE-2011-2843: Out-of-bounds read with media buffers.
      Credit to Kostya Serebryany.
    - [85041] Medium CVE-2011-2844: Out-of-bounds read with mp3 files. Credit
      to Mario Gomes.
    - [89564] Medium CVE-2011-2848: URL bar spoof with forward button. Credit
      to Jordi Chancel.
    - [89795] Low CVE-2011-2849: Browser NULL pointer crash with WebSockets.
      Credit to Arthur Gerkis.
    - [90134] Medium CVE-2011-2850: Out-of-bounds read with Khmer characters.
      Credit to miaubiz.
    - [90173] Medium CVE-2011-2851: Out-of-bounds read in video handling.
      Credit to Google Chrome Security Team (Inferno).
    - [91197] High CVE-2011-2853: Use-after-free in plug-in handling. Credit
      to Google Chrome Security Team (SkyLined).
    - [93497] Medium CVE-2011-2859: Incorrect permissions assigned to
      non-gallery pages. Credit to Bernhard ‘Bruhns’ Brehm
    - [93596] Medium CVE-2011-2861: Bad string read in PDF. Credit to Aki
      Helin of OUSPG.
    - [95563] Medium CVE-2011-2864: Out-of-bounds read with Tibetan
      characters. Credit to Google Chrome Security Team (Inferno).
    - [95625] Medium CVE-2011-2858: Out-of-bounds read with triangle arrays.
      Credit to Google Chrome Security Team (Inferno).
    - [95917] Low CVE-2011-2874: Failure to pin a self-signed cert for a
      session. Credit to Nishant Yadant and Craig Chamberlain (@randomuserid).
  + Chromium issues (14.0.835.202):
    - [95671] High CVE-2011-2878: Inappropriate cross-origin access to the
      window prototype. Credit to Sergey Glazunov.
    - [96150] High CVE-2011-2879: Lifetime and threading issues in audio node
      handling. Credit to Google Chrome Security Team (Inferno).
    - [98089] Critical CVE-2011-3873: Memory corruption in shader translator.
      Credit to Zhenyao Mo.
  + Webkit issues (14.0.835.163):
    - [78427] [83031] Low CVE-2011-2840: Possible URL bar spoofs with unusual
      user interaction. Credit to kuzzcc.
    - [89219] High CVE-2011-2846: Use-after-free in unload event handling.
      Credit to Arthur Gerkis.
    - [89330] High CVE-2011-2847: Use-after-free in document loader. Credit to
      miaubiz.
    - [89991] Medium CVE-2011-3234: Out-of-bounds read in box handling. Credit
      to miaubiz.
    - [92651] [94800] High CVE-2011-2854: Use-after-free in ruby / table style
      handing. Credit to Sławomir Błażek, and independent later discoveries by
      miaubiz and Google Chrome Security Team (Inferno).
    - [92959] High CVE-2011-2855: Stale node in stylesheet handling. Credit to
      Arthur Gerkis.
    - [93420] High CVE-2011-2857: Use-after-free in focus controller. Credit
      to miaubiz.
    - [93587] High CVE-2011-2860: Use-after-free in table style handling.
      Credit to miaubiz.
  + Webkit issues (14.0.835.202):
    - [93788] High CVE-2011-2876: Use-after-free in text line box handling.
      Credit to miaubiz.
    - [95072] High CVE-2011-2877: Stale font in SVG text handling. Credit to
      miaubiz.
  + LibXML issue (14.0.835.163):
    - [93472] High CVE-2011-2834: Double free in libxml XPath handling. Credit
      to Yang Dingning
  + V8 issues (14.0.835.163):
    - [76771] High CVE-2011-2839: Crash in v8 script object wrappers. Credit
      to Kostya Serebryany
    - [91120] High CVE-2011-2852: Off-by-one in v8. Credit to Christian Holler
    - [93416] High CVE-2011-2856: Cross-origin bypass in v8. Credit to Daniel
      Divricean.
    - [93906] High CVE-2011-2862: Unintended access to v8 built-in objects.
      Credit to Sergey Glazunov.
    - [95920] High CVE-2011-2875: Type confusion in v8 object sealing. Credit
      to Christian Holler.
  + V8 issues (14.0.835.202):
    - [97451] [97520] [97615] High CVE-2011-2880: Use-after-free in the v8
      bindings. Credit to Sergey Glazunov.
    - [97784] High CVE-2011-2881: Memory corruption with v8 hidden objects.
      Credit to Sergey Glazunov.

[ Fabien Tassin ]
* Add libpulse-dev to Build-Depends, needed for WebRTC
  - update debian/control
* Rename ui/base/strings/app_strings.grd to ui_strings.grd following
  the upstream rename, and add a mapping flag to the grit converter
  - update debian/rules
* Refresh Patches

[ Micah Gersten ]
* Switch to internal libvpx (Fixes FTBFS since we now need at least 0.9.6)
  - update debian/rules
* Drop build dependency on libvpx due to the switch to internal libvpx
  - update debian/control

files added:
chromium-browser-14.0.835.202~r103287-source.tar.lzma

files removed:
chromium-browser-12.0.742.112~r90304-source.tar.lzma

files modified:
debian/changelog

debian/chromium-browser.install

debian/control

debian/patches/chromium_useragent.patch.in

debian/patches/dlopen_sonamed_gl.patch

debian/rules

Show diffs side-by-side

added added

removed removed

debian/rules

193

build_ffmpegsumo=0 \

194

$(NULL)

195

FFMPEG_MT_GYP_DEFINES = \

196

use_system_vpx=1 \

196

use_system_vpx=0 \

197

release_extra_cflags=-g \

198

$(NULL)

199

FFMPEG_MT_STD_GYP_DEFINES = $(NULL)

358

# NaCL may be blacklisted, so only include it when it's been built

359

ifeq (,$(filter disable_nacl=1,$(GYP_DEFINES)))

360

cp -a debian/tmp/$(LIB_DIR)/libppGoogleNaClPluginChrome.so debian/$(DEBIAN_NAME)/$(LIB_DIR)/

361

cp -a debian/tmp/$(LIB_DIR)/nacl_irt_* debian/$(DEBIAN_NAME)/$(LIB_DIR)/

361

362

endif

362

363

# Locales: only keep en-US in the main deb

363

364

cd $(CURDIR)/debian/$(DEBIAN_NAME)/$(LIB_DIR)/locales && \

433

434

chrome/app/chromium_strings.grd \

434

435

chrome/app/generated_resources.grd \

435

436

chrome/app/policy/policy_templates.grd \

436

ui/base/strings/app_strings.grd \

437

ui/base/strings/ui_strings.grd \

437

438

webkit/glue/inspector_strings.grd \

438

439

webkit/glue/webkit_strings.grd \

439

440

$(NULL)

442

443

chrome/app/resources/locale_settings.grd \

443

444

chrome/app/resources/locale_settings_linux.grd \

444

445

$(NULL)

446

MAPPED_GRIT_TEMPLATES := \

447

--map-template-names ui/base/strings/ui_strings.grd=ui/base/strings/app_strings.grd \

448

$(NULL)

445

449

446

450

# New langs with enough coverage to land in official builds

447

451

# (leave empty to accept all new lang)

457

461

--export-grit ../translations-grit \

458

462

--build-gyp-file build/common.gypi \

459

463

--other-grd-files $(shell echo $(OTHER_GRIT_TEMPLATES) | tr ' ' ',') \

464

$(MAPPED_GRIT_TEMPLATES) \

460

465

$(NULL)

461

466

462

467

ifneq (,$(GRIT_WHITELISTED_LANGS))

630

635

cd $(TMP_DIR) && ./tools/depot_tools/gclient update $(GCLIENT_UPDATE_FLAGS) || \

631

636

( rm -rf $(foreach dir,src [0-9]*,$(wildcard $(TMP_DIR)/$(dir))) ; \

632

637

./tools/depot_tools/gclient update $(GCLIENT_UPDATE_FLAGS) )

638

# For NaCL, run the hooks, but not the gyp ones

639

( cd $(TMP_DIR) ; \

640

SDIR=`grep '"name"' .gclient | cut -d\" -f4` ; \

641

perl -i~ -pe 's%(.python., .src/build/gyp_chromium.)%"echo", "#disabled#", $$1%' $$SDIR/DEPS; \

642

./tools/depot_tools/gclient runhooks ; \

643

mv $$SDIR/DEPS~ $$SDIR/DEPS ; )

633

644

634

645

ifneq (,$(LOCAL_BRANCH))

635

646

rm -rf $(TMP_DDIR)

Older »