-
chromium-browser (48.0.2564.82-0ubuntu0.15.04.1.1193) vivid-security; urgency=medium
* Upstream release 48.0.2564.82:
- CVE-2016-1612: Bad cast in V8.
- CVE-2016-1613: Use-after-free in PDFium.
- CVE-2016-1614: Information leak in Blink.
- CVE-2016-1615: Origin confusion in Omnibox.
- CVE-2016-1616: URL Spoofing.
- CVE-2016-1617: History sniffing with HSTS and CSP.
- CVE-2016-1618: Weak random number generator in Blink.
- CVE-2016-1619: Out-of-bounds read in PDFium.
- CVE-2016-1620: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.8 branch
(currently 4.8.271.17).
-- Chad MILLER <email address hidden> Thu, 21 Jan 2016 08:39:10 -0500
-
chromium-browser (47.0.2526.106-0ubuntu0.15.04.1.1192) vivid-security; urgency=medium
* Upstream release 47.0.2526.106:
- CVE-2015-6792: Fixes from internal audits and fuzzing.
* Upstream release 47.0.2526.80:
- CVE-2015-6788: Type confusion in extensions.
- CVE-2015-6789: Use-after-free in Blink.
- CVE-2015-6790: Escaping issue in saved pages.
- CVE-2015-6791: Various fixes from internal audits, fuzzing and other
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23).
* debian/rules: Don't use bundled binutils. Remove execute bits on programs
so we can be sure they aren't run.
-- Chad MILLER <email address hidden> Wed, 16 Dec 2015 10:35:12 -0500
-
chromium-browser (47.0.2526.73-0ubuntu0.15.04.1.1190) vivid-security; urgency=medium
* Upstream release 47.0.2526.73:
- CVE-2015-6765: Use-after-free in AppCache.
- CVE-2015-6766: Use-after-free in AppCache.
- CVE-2015-6767: Use-after-free in AppCache.
- CVE-2015-6768: Cross-origin bypass in DOM.
- CVE-2015-6769: Cross-origin bypass in core.
- CVE-2015-6770: Cross-origin bypass in DOM.
- CVE-2015-6771: Out of bounds access in v8.
- CVE-2015-6772: Cross-origin bypass in DOM.
- CVE-2015-6764: Out of bounds access in v8.
- CVE-2015-6773: Out of bounds access in Skia.
- CVE-2015-6774: Use-after-free in Extensions.
- CVE-2015-6775: Type confusion in PDFium.
- CVE-2015-6776: Out of bounds access in PDFium.
- CVE-2015-6777: Use-after-free in DOM.
- CVE-2015-6778: Out of bounds access in PDFium.
- CVE-2015-6779: Scheme bypass in PDFium.
- CVE-2015-6780: Use-after-free in Infobars.
- CVE-2015-6781: Integer overflow in Sfntly.
- CVE-2015-6782: Content spoofing in Omnibox.
- CVE-2015-6783: Signature validation issue in Android Crazy Linker.
- CVE-2015-6784: Escaping issue in saved pages.
- CVE-2015-6785: Wildcard matching issue in CSP.
- CVE-2015-6786: Scheme bypass in CSP.
- CVE-2015-6787: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.7 branch
(currently 4.7.80.23).
* Upstream release 46.0.2490.86:
- CVE-2015-1302: Information leak in PDF viewer.
* Upstream release 46.0.2490.71:
- CVE-2015-6755: Cross-origin bypass in Blink.
- CVE-2015-6756: Use-after-free in PDFium.
- CVE-2015-6757: Use-after-free in ServiceWorker.
- CVE-2015-6758: Bad-cast in PDFium.
- CVE-2015-6759: Information leakage in LocalStorage.
- CVE-2015-6760: Improper error handling in libANGLE.
- CVE-2015-6761: Memory corruption in FFMpeg.
- CVE-2015-6762: CORS bypass via CSS fonts.
- CVE-2015-6763: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/gpu-hangs: remove. Not useful.
* debian/rules: Explicitly create remoting resources.
* debian/patches/cr46-missing-test-files:
* debian/rules: support screen sharing in Hangouts.
* debian/patches/xdg-settings-multiexec-desktopfiles.patch: Always prefer
local xdg-settings.
* debian/chromium-browser.desktop: Don't override WM class matching.
-- Chad MILLER <email address hidden> Tue, 01 Dec 2015 15:37:11 -0500
-
chromium-browser (45.0.2454.101-0ubuntu0.15.04.1.1183) vivid-security; urgency=medium
* Upstream release 45.0.2454.101:
- CVE-2015-1303: Cross-origin bypass in DOM.
- CVE-2015-1304: Cross-origin bypass in V8.
* debian/tests/testdata/xx-test-tool-is-functional-if-this-prints-functional.sikuli
Only use GUI test tool to test IF it works on its own. If it is broken,
don't use that to test chromium.
* debian/rules: Include our own "xdg-settings" file until a bug is fixed.
* debian/patches/xdg-settings-multiexec-desktopfiles.patch : Locally fix
aforementioned bug. More than one Exec line in a destop file (like ours)
triggers a bug in badly-written shell code in portland xdg-utils-common.in
-- Chad MILLER <email address hidden> Tue, 29 Sep 2015 08:06:37 -0400
-
chromium-browser (45.0.2454.85-0ubuntu0.15.04.1.1181) vivid-security; urgency=medium
* Upstream release 45.0.2454.85:
- CVE-2015-1291: Cross-origin bypass in DOM.
- CVE-2015-1292: Cross-origin bypass in ServiceWorker.
- CVE-2015-1293: Cross-origin bypass in DOM.
- CVE-2015-1294: Use-after-free in Skia.
- CVE-2015-1295: Use-after-free in Printing.
- CVE-2015-1296: Character spoofing in omnibox.
- CVE-2015-1297: Permission scoping error in WebRequest.
- CVE-2015-1298: URL validation error in extensions.
- CVE-2015-1299: Use-after-free in Blink.
- CVE-2015-1300: Information leak in Blink.
- CVE-2015-1301: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/search-credit.patch: Don't add GET param if search URL
doesn't already use them. (LP: #1490237)
* debian/source/lintian-overrides: Ignore new binaries in orig tar.
* debian/patches/gpu_default_disabled: No longer disable GPU rendering by
default.
* debian/patches/disable-sse2: SSE exclusion is smarter now. Re-include.
-- Chad MILLER <email address hidden> Mon, 14 Sep 2015 20:11:00 -0400
-
chromium-browser (44.0.2403.89-0ubuntu0.15.04.1.1177) vivid-security; urgency=medium
* Upstream release 44.0.2403.89: (LP: #1477662)
- CVE-2015-1271: Heap-buffer-overflow in pdfium.
- CVE-2015-1273: Heap-buffer-overflow in pdfium.
- CVE-2015-1274: Settings allowed executable files to run immediately
after download.
- CVE-2015-1275: UXSS in Chrome for Android.
- CVE-2015-1276: Use-after-free in IndexedDB.
- CVE-2015-1279: Heap-buffer-overflow in pdfium.
- CVE-2015-1280: Memory corruption in skia.
- CVE-2015-1281: CSP bypass.
- CVE-2015-1282: Use-after-free in pdfium.
- CVE-2015-1283: Heap-buffer-overflow in expat.
- CVE-2015-1284: Use-after-free in blink.
- CVE-2015-1286: UXSS in blink.
- CVE-2015-1287: SOP bypass with CSS.
- CVE-2015-1270: Uninitialized memory read in ICU.
- CVE-2015-1272: Use-after-free related to unexpected GPU process
termination.
- CVE-2015-1277: Use-after-free in accessibility.
- CVE-2015-1278: URL spoofing using pdf files.
- CVE-2015-1285: Information leak in XSS auditor.
- CVE-2015-1288: Spell checking dictionaries fetched over HTTP.
- CVE-2015-1289: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules, debian/chromium-codecs-ffmpeg{,-extra}.install: ffmpeg is a
first-class component library now, not a special snowflake. Still, build
it differently, but build flags are different.
* debian/tests/smoketest-actual: Remove some innocuous mentions of "error"
before testing for actual errors.
* debian/control: codec library packages replace the libffmpeg.so that
was in chromium packages before now.
* debian/control: codec packages can't reasonably be updated separately
than chromium. Depend with version specification also.
-- Chad MILLER <email address hidden> Tue, 28 Jul 2015 11:19:11 -0400
-
chromium-browser (43.0.2357.130-0ubuntu0.15.04.1.1174) vivid-security; urgency=medium
[Chad Miller]
* Upstream release 43.0.2357.130:
- CVE-2015-1266: Scheme validation error in WebUI.
- CVE-2015-1268: Cross-origin bypass in Blink.
- CVE-2015-1267: Cross-origin bypass in Blink.
- CVE-2015-1269: Normalization error in HSTS/HPKP preload list.
* debian/tests/smoketest-actual: Capture web-server log so we can
get port and test retreival. Fixes autopkgtest failures.
* debian/patches/widevine-other-locations: Search Chrome install
location to find widevine plugins.
* Use new Flash plugin name in apport collector.
* debian/patches/gpu_default_disabled: Make GPU activation a (default off)
preference instead of blacklisting.
[Iain Lane]
* Test fixes.
* debian/tests/control: Add a test-dep on python3-httplib2 and dbus-x11
which are required by the testsuite.
* debian/tests/smoketest-actual: Redirect webserver-out and webserver-err so
that the test can read these.
-- Chad MILLER <email address hidden> Mon, 29 Jun 2015 15:54:16 -0400
-
chromium-browser (43.0.2357.81-0ubuntu0.15.04.1.1170) vivid-security; urgency=medium
* Upstream release 43.0.2357.81.
- "Icons not displaying properly on Linux" (LP: #1449063)
* Upstream release 43.0.2357.65:
- CVE-2015-1252: Sandbox escape in Chrome.
- CVE-2015-1253: Cross-origin bypass in DOM.
- CVE-2015-1254: Cross-origin bypass in Editing.
- CVE-2015-1255: Use-after-free in WebAudio.
- CVE-2015-1256: Use-after-free in SVG.
- CVE-2015-1251: Use-after-free in Speech.
- CVE-2015-1257: Container-overflow in SVG.
- CVE-2015-1258: Negative-size parameter in Libvpx.
- CVE-2015-1259: Uninitialized value in PDFium.
- CVE-2015-1260: Use-after-free in WebRTC.
- CVE-2015-1261: URL bar spoofing.
- CVE-2015-1262: Uninitialized value in Blink.
- CVE-2015-1263: Insecure download of spellcheck dictionary.
- CVE-2015-1264: Cross-site scripting in bookmarks.
- CVE-2015-1265: Various fixes from internal audits, fuzzing and other
initiatives.
- Multiple vulnerabilities in V8 fixed at the tip of the 4.3 branch
(currently 4.3.61.21).
* debian/patches/display-scaling-report-hardware-info: removed, unnecessary.
* debian/patches/coordinate-space-map: removed, unnecessary.
* debian/patches/enable_vaapi_on_linux.diff: Temporarily disable patch until
ARM works.
* debian/chromium-browser.sh.in: Add --verbose to get logging info.
* debian/patches/{notifications-nicer,mir-support}: disable unnecessary
patches.
* debian/control, debian/chromium-browser.sh.in: Prompt nothing about
Flash plugin. Send Help clicks to Wiki instead.
-- Chad MILLER <email address hidden> Mon, 01 Jun 2015 15:29:04 -0400
-
chromium-browser (41.0.2272.76-0ubuntu1.1134) vivid; urgency=medium
* Upstream release 41.0.2272.76:
- CVE-2015-1212: Out-of-bounds write in media.
- CVE-2015-1213: Out-of-bounds write in skia filters.
- CVE-2015-1214: Out-of-bounds write in skia filters.
- CVE-2015-1215: Out-of-bounds write in skia filters.
- CVE-2015-1216: Use-after-free in v8 bindings.
- CVE-2015-1217: Type confusion in v8 bindings.
- CVE-2015-1218: Use-after-free in dom.
- CVE-2015-1219: Integer overflow in webgl.
- CVE-2015-1220: Use-after-free in gif decoder.
- CVE-2015-1221: Use-after-free in web databases.
- CVE-2015-1222: Use-after-free in service workers.
- CVE-2015-1223: Use-after-free in dom.
- CVE-2015-1230: Type confusion in v8.
- CVE-2015-1224: Out-of-bounds read in vpxdecoder.
- CVE-2015-1225: Out-of-bounds read in pdfium.
- CVE-2015-1226: Validation issue in debugger.
- CVE-2015-1227: Uninitialized value in blink.
- CVE-2015-1228: Uninitialized value in rendering.
- CVE-2015-1229: Cookie injection via proxies.
- CVE-2015-1231: Various fixes from internal audits, fuzzing and other
initiatives.
* Upstream release 40.0.2214.115.
* debian/patches/coordinate-space-map: Backport v43 and unofficial
coordinate mapping to fix some high-dpi problems in popup menu placement.
* debian/apport/chromium-browser.py: Simplify. Use more standard functions
from apport utility. Add CPU usage information. Add bargraph of "running"
processes, so bugpatterns can sort away busy machines, and then classify
remainder according to procline "gpu-vendor=id" param.
* debian/patches/gpu-hangs: Extend the GPU watchdog to 30 seconds. If the
GPU is really hung, the extra time matters little. It's probably not
recoverable. Reviews of apport reports find no common thread among GPUs
vendors. Notes at crbug.com/221882 suggest busy CPUs could trigger hang.
Will additionally use apport bugpatterns to comb dmesg for actual crashes
and route to specific GPU-driver bugs.
-- Chad MILLER <email address hidden> Wed, 04 Mar 2015 10:25:03 -0500
-
chromium-browser (40.0.2214.111-0ubuntu1.1121) vivid; urgency=medium
* Upstream release 40.0.2214.111:
- CVE-2015-1209: Use-after-free in DOM.
- CVE-2015-1210: Cross-origin-bypass in V8 bindings.
- CVE-2015-1211: Privilege escalation using service workers.
- CVE-2015-1212: Various fixes from internal audits, fuzzing and other
initiatives.
-- Chad MILLER <email address hidden> Fri, 06 Feb 2015 09:38:15 -0500
-
chromium-browser (40.0.2214.94-0ubuntu1.1120) vivid; urgency=medium
* Upstream release 40.0.2214.94.
* Upstream release 40.0.2214.93.
* Upstream release 40.0.2214.91. (LP: #1414753)
- CVE-2014-7923: Memory corruption in ICU.
- CVE-2014-7924: Use-after-free in IndexedDB.
- CVE-2014-7925: Use-after-free in WebAudio.
- CVE-2014-7926: Memory corruption in ICU.
- CVE-2014-7927: Memory corruption in V8.
- CVE-2014-7928: Memory corruption in V8.
- CVE-2014-7930: Use-after-free in DOM.
- CVE-2014-7931: Memory corruption in V8.
- CVE-2014-7929: Use-after-free in DOM.
- CVE-2014-7932: Use-after-free in DOM.
- CVE-2014-7933: Use-after-free in FFmpeg.
- CVE-2014-7934: Use-after-free in DOM.
- CVE-2014-7935: Use-after-free in Speech.
- CVE-2014-7936: Use-after-free in Views.
- CVE-2014-7937: Use-after-free in FFmpeg.
- CVE-2014-7938: Memory corruption in Fonts.
- CVE-2014-7939: Same-origin-bypass in V8.
- CVE-2014-7940: Uninitialized-value in ICU.
- CVE-2014-7941: Out-of-bounds read in UI.
- CVE-2014-7942: Uninitialized-value in Fonts.
- CVE-2014-7943: Out-of-bounds read in Skia.
- CVE-2014-7944: Out-of-bounds read in PDFium.
- CVE-2014-7945: Out-of-bounds read in PDFium.
- CVE-2014-7946: Out-of-bounds read in Fonts.
- CVE-2014-7947: Out-of-bounds read in PDFium.
- CVE-2014-7948: Caching error in AppCache.
* debian/patch/search-credit: Don't force client in GOOG suggestions search.
(LP: #1398900)
* debian/patches/dri3-within-sandbox: Backport V41 sandbox, fixing DRI3.
(LP: #1378627)
* debian/patches/macro-templates-not-match: Remove. No longer necessary.
* debian/patches/arm-neon.patch: Kill armv7=neon assumption. Fix typos.
* debian/rules: chrpath for all packages. (LP: #1415555)
-- Chad MILLER <email address hidden> Fri, 30 Jan 2015 15:48:09 -0500
-
chromium-browser (39.0.2171.65-0ubuntu1.1108) vivid; urgency=medium
* Upstream release 39.0.2171.65:
- CVE-2014-7899: Address bar spoofing.
- CVE-2014-7900: Use-after-free in pdfium.
- CVE-2014-7901: Integer overflow in pdfium.
- CVE-2014-7902: Use-after-free in pdfium.
- CVE-2014-7903: Buffer overflow in pdfium.
- CVE-2014-7904: Buffer overflow in Skia.
- CVE-2014-7905: Flaw allowing navigation to intents that do not have the
BROWSABLE category.
- CVE-2014-7906: Use-after-free in pepper plugins.
- CVE-2014-0574: Double-free in Flash.
- CVE-2014-7907: Use-after-free in blink.
- CVE-2014-7908: Integer overflow in media.
- CVE-2014-7909: Uninitialized memory read in Skia.
- CVE-2014-7910: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/patches/search-credit.patch: Include "client" in google search
prepopulated template's parameters.
* debian/tests/testdata/9-search-credit.sikuli: Verify search URL has
parameter.
* debian/source/lintian-overrides: Ignore android tools we don't use.
* debian/chromium-browser-dbg.lintian-overrides: Ignore libraries that we
configure to have no symbols in builder (because they are humongous
otherwise).
* debian/control: Bump standards version. Version dep "bash". Remove
duplicate language from package descriptions.
* debian/tests/testdata/1-normal-extension-active.sikuli/: Destroy test
for dead NPAPI unity-webapps extension.
-- Chad MILLER <email address hidden> Sat, 22 Nov 2014 14:06:34 -0500
-
chromium-browser (38.0.2125.111-0ubuntu1.1103) vivid; urgency=medium
* Upstream release 38.0.2125.111.
* Upstream release 38.0.2125.104.
* Upstream release 38.0.2125.101: (LP: #1310163)
- CVE-2014-3188: A special thanks to Jüri Aedla for a combination of V8 and
IPC bugs that can lead to remote code execution outside of the sandbox.
- CVE-2014-3189: Out-of-bounds read in PDFium.
- CVE-2014-3190: Use-after-free in Events.
- CVE-2014-3191: Use-after-free in Rendering.
- CVE-2014-3192: Use-after-free in DOM.
- CVE-2014-3193: Type confusion in Session Management.
- CVE-2014-3194: Use-after-free in Web Workers.
- CVE-2014-3195: Information Leak in V8.
- CVE-2014-3196: Permissions bypass in Windows Sandbox.
- CVE-2014-3197: Information Leak in XSS Auditor.
- CVE-2014-3198: Out-of-bounds read in PDFium.
- CVE-2014-3199: Release Assert in V8 bindings.
- CVE-2014-3200: Various fixes from internal audits, fuzzing and other
initiatives (Chrome 38).
* debian/rules: Prefer GCC 4.8 when compiling. 4.9 remains buggy.
* Make the verification step in clean make more compare-able output.
* debian/patches/configuration-directory.patch: Account for new location of
policies directory in /etc . Change back. (LP: #1373802)
* debian/patches/lp-translations-paths: Map old third_party filenames to
new name after processor compiles.
* debian/rules: Fix patch-translations rule, workflow.
* debian/patches/macro-templates-not-match: Anonymous struct isn't sizable.
* debian/chromium-browser.sh.in: Fix broken logic of CHROMIUM_USER_FLAGS,
which has never worked. (LP: #1381644)
* debian/patches/disable-sse: Disable more SSE #includes.
* debian/rules: Omit unnecessary files from packaging.
* debian/chromium-browser.sh.in: Fix variable name bug and suggest
~/.chromium-browser.init file over hamfisted CHROMIUM_USER_FLAGS.
* debian/patches/5-desktop-integration-settings.patch: Adapt to new settings
APIs.
chromium-browser (37.0.2062.120-0ubuntu1) utopic; urgency=low
* Upstream release 37.0.2062.120:
- CVE-2014-3178: Use-after-free in rendering. Credit to miaubiz.
- CVE-2014-3179: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Simplify and rearrange.
* debian/rules, debian/known_gyp_flags: Keep better track of known GYP flags,
so we can fail when something changes unexpectedly.
* debian/rules: Fix up patch-translations rule.
chromium-browser (37.0.2062.94-0ubuntu1) utopic; urgency=low
* Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
API, and Google V8 to execute arbitrary code.
* Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
* debian/control: Suggests chromiumflashplugin .
* debian/apport: Significant cleanup.
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
* debian/control: build-dep on openssl.
* debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
* debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
-- Chad MILLER <email address hidden> Wed, 15 Oct 2014 14:22:55 -0400
-
chromium-browser (37.0.2062.94-0ubuntu1~pkg1065) utopic; urgency=medium
* Release to stage
chromium-browser (37.0.2062.94-0ubuntu1) UNRELEASED; urgency=low
* Upstream release 37.0.2062.94.
- CVE-2014-3165: Use-after-free in Blink websockets.
- CVE-2014-3176, CVE-2014-3177: A combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the sandbox.
- CVE-2014-3168: Use-after-free in SVG.
- CVE-2014-3169: Use-after-free in DOM.
- CVE-2014-3170: Extension permission dialog spoofing.
- CVE-2014-3171: Use-after-free in bindings.
- CVE-2014-3172: Issue related to extension debugging.
- CVE-2014-3173: Uninitialized memory read in WebGL.
- CVE-2014-3174: Uninitialized memory read in Web Audio.
- CVE-2014-3175: Various fixes from internal audits, fuzzing and other
initiatives.
- CVE-2014-3176, CVE-2014-3177: Interaction of extensions, IPC, the sync
API, and Google V8 to execute arbitrary code.
* Fix a shell bug in the binary-wrapper that prevented USER flags
from working properly.
* debian/control: Suggests chromiumflashplugin .
* debian/apport: Significant cleanup.
* debian/rules: Disable SSE instructions on x86 to avoid SIGILL on some CPUs.
(LP: #1353185)
* debian/checkout-orig-source.mk: Don't include src/ prefix in orig tarball.
* debian/patches/*: refresh line numbers.
* debian/patches/search-credit.patch,
debian/patches/additional-search-engines.patch: Track source files moved.
* debian/patches/ffmpeg-gyp-config.patch,
debian/patches/fix-gyp-space-in-object-filename-exception.patch,
debian/patches/gyp-icu-m32-test:
Disabled. No longer needs fixing.
* debian/control: build-dep on openssl.
* debian/patches/disable-sse2: Don't require SSE/SSE2 CPU features on x86.
(LP: #1353185)
* debian/rules: Use built-in PDF support. (LP: #513745, #1009902)
chromium-browser (36.0.1985.143-0ubuntu1) utopic; urgency=low
* Upstream release 36.0.1985.143:
- CVE-2014-3165: Use-after-free in web sockets.
- CVE-2014-3166: Information disclosure in SPDY.
- CVE-2014-3167: Various fixes from internal audits, fuzzing and other
initiatives.
* debian/rules: Avoid some unnecessary warning of invalid mv.
* debian/control: Build-depends on libxkbcommon-dev.
* debian/rules: Don't use tcmalloc on i386.
* debian/control, debian/rules: Build-dep on, and use, compiler 4.8
toolchain, since 4.9 seems to be broken.
* debian/control: Don't have (unused) shlibs-depends on -dbg packages
and non-binary packages.
* debian/chromium-browser-codecs-ffmpeg-extra.dirs,
debian/chromium-browser-codecs-ffmpeg.dirs: Removed. Unused.
* debian/chromium-browser.lintian-overrides,
debian/chromium-codecs-ffmpeg-extra-dbg.lintian-overrides,
debian/chromium-codecs-ffmpeg-extra.lintian-overrides,
debian/chromium-codecs-ffmpeg.lintian-overrides,
debian/source/lintian-overrides: Add lintian overrides.
-- Chad MILLER <email address hidden> Sun, 31 Aug 2014 14:26:29 -0400
