Superseded
by chromium-browser - 26.0.1410.63-0ubuntu0.12.04.2
Published
Changelog
chromium-browser (26.0.1410.63-0ubuntu0.12.04.1) precise-security; urgency=low
[Chris Coulson]
* Make it possible to build armv7 without neon optimizations
- update debian/patches/arm-neon.patch
* Don't assume that arm linux builds are cross-builds
- add debian/patches/dont-assume-cross-compile-on-arm.patch
- update debian/patches/series
[Chad MILLER]
* debian/chromium-browser.desktop: No absolute path to executable. Use PATH
from environment. LP:1008741
* Make the "clean" rule behave better. Test differently for src/obj/ and
never involve the upstream Makefile. Update debian/rules .
* Don't over-clean. The makefiles generated by GYP are fine to include in
orig tarball.
* Use Google API keys in Ubuntu, as approved by Paweł Hajdan @ Google.
* New stable version 26.0.1410.63. No CVEs to report.
* New stable version 26.0.1410.43:
- CVE-2013-0916: Use-after-free in Web Audio.
- CVE-2013-0917: Out-of-bounds read in URL loader.
- CVE-2013-0918: Do not navigate dev tools upon drag and drop.
- CVE-2013-0919: Use-after-free with pop-up windows in extensions.
- CVE-2013-0920: Use-after-free in extension bookmarks API.
- CVE-2013-0921: Ensure isolated web sites run in their own processes.
- CVE-2013-0922: Avoid HTTP basic auth brute force attempts.
- CVE-2013-0923: Memory safety issues in the USB Apps API.
- CVE-2013-0924: Check an extension’s permissions API usage again file
permissions.
- CVE-2013-0925: Avoid leaking URLs to extensions without the tabs
permissions.
- CVE-2013-0926: Avoid pasting active tags in certain situations.
* debian/patches/arm-crypto.patch . Drop patch. Unnecessary now.
* Always use verbose building. Update debian/rules .
* Always use sandbox. It shouldn't be an option. Nothing works without it
any more. Update debian/rules .
* Always use extra debugging "-g" flag. Update debian/rules .
* Try to be more multiarch aware. Update debian/control .
* Drop many lintian overrides. Update debian/source/lintian-overrides .
* Include autotoools-dev in build-deps so that cdbs will update autoconf
helper files in source automatically. Update debian/control .
* Update standards version to 3.9.4 in debian/control .
* When executable is split into libraries, strip debug symbols from
enormous libraries even in dbg packages. This affects webkit only,
in actuality. Update debian/rules .
* Clean up some "tar" usage in debian/rules .
* Don't include hardening on armhf. Update debian/rules .
* Drop extraneous no-circular-check in debian/rules GYP run.
* Work around a SIGBUS on ARM. Added
debian/patches/safe-browsing-sigbus.patch
* Insert multilib info directly into nss runtime library loading. Update
debian/rules .
* Enable NEON support for hard-float ARM. Actual use should be a
runtime check, or is a bug.
-- Chad MILLER <email address hidden> Thu, 11 Apr 2013 20:08:28 -0400