Format: 1.8 Date: Thu, 11 Apr 2013 20:08:28 -0400 Source: chromium-browser Binary: chromium-browser chromium-browser-dbg chromium-browser-l10n chromium-codecs-ffmpeg chromium-codecs-ffmpeg-dbg chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra-dbg Architecture: source Version: 26.0.1410.63-0ubuntu0.12.04.1 Distribution: precise-security Urgency: low Maintainer: Ubuntu Developers Changed-By: Chad MILLER Description: chromium-browser - Chromium browser chromium-browser-dbg - chromium-browser debug symbols chromium-browser-l10n - chromium-browser language packages chromium-codecs-ffmpeg - Free ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-dbg - chromium-codecs-ffmpeg debug symbols chromium-codecs-ffmpeg-extra - Extra ffmpeg codecs for the Chromium Browser chromium-codecs-ffmpeg-extra-dbg - chromium-codecs-ffmpeg-extra debug symbols Changes: chromium-browser (26.0.1410.63-0ubuntu0.12.04.1) precise-security; urgency=low . [Chris Coulson] * Make it possible to build armv7 without neon optimizations - update debian/patches/arm-neon.patch * Don't assume that arm linux builds are cross-builds - add debian/patches/dont-assume-cross-compile-on-arm.patch - update debian/patches/series . [Chad MILLER] * debian/chromium-browser.desktop: No absolute path to executable. Use PATH from environment. LP:1008741 * Make the "clean" rule behave better. Test differently for src/obj/ and never involve the upstream Makefile. Update debian/rules . * Don't over-clean. The makefiles generated by GYP are fine to include in orig tarball. * Use Google API keys in Ubuntu, as approved by Paweł Hajdan @ Google. * New stable version 26.0.1410.63. No CVEs to report. * New stable version 26.0.1410.43: - CVE-2013-0916: Use-after-free in Web Audio. - CVE-2013-0917: Out-of-bounds read in URL loader. - CVE-2013-0918: Do not navigate dev tools upon drag and drop. - CVE-2013-0919: Use-after-free with pop-up windows in extensions. - CVE-2013-0920: Use-after-free in extension bookmarks API. - CVE-2013-0921: Ensure isolated web sites run in their own processes. - CVE-2013-0922: Avoid HTTP basic auth brute force attempts. - CVE-2013-0923: Memory safety issues in the USB Apps API. - CVE-2013-0924: Check an extension’s permissions API usage again file permissions. - CVE-2013-0925: Avoid leaking URLs to extensions without the tabs permissions. - CVE-2013-0926: Avoid pasting active tags in certain situations. * debian/patches/arm-crypto.patch . Drop patch. Unnecessary now. * Always use verbose building. Update debian/rules . * Always use sandbox. It shouldn't be an option. Nothing works without it any more. Update debian/rules . * Always use extra debugging "-g" flag. Update debian/rules . * Try to be more multiarch aware. Update debian/control . * Drop many lintian overrides. Update debian/source/lintian-overrides . * Include autotoools-dev in build-deps so that cdbs will update autoconf helper files in source automatically. Update debian/control . * Update standards version to 3.9.4 in debian/control . * When executable is split into libraries, strip debug symbols from enormous libraries even in dbg packages. This affects webkit only, in actuality. Update debian/rules . * Clean up some "tar" usage in debian/rules . * Don't include hardening on armhf. Update debian/rules . * Drop extraneous no-circular-check in debian/rules GYP run. * Work around a SIGBUS on ARM. Added debian/patches/safe-browsing-sigbus.patch * Insert multilib info directly into nss runtime library loading. Update debian/rules . * Enable NEON support for hard-float ARM. Actual use should be a runtime check, or is a bug. Checksums-Sha1: d40b009a1692df8a2d7d2b78b4d03f449d2fc7d4 2942 chromium-browser_26.0.1410.63-0ubuntu0.12.04.1.dsc 47a0f6a8f6a4f783d9e093ff00760019423ad060 218815 chromium-browser_26.0.1410.63-0ubuntu0.12.04.1.debian.tar.gz Checksums-Sha256: 90e9d77a4e1f3361fbdd2781b4242e95b09b7c26077ae6d71286a8ab72f46884 2942 chromium-browser_26.0.1410.63-0ubuntu0.12.04.1.dsc 8756a9dc9da35c94ea5a347fafe17e97b0970bb43a834a27409f06ba8a40a9a6 218815 chromium-browser_26.0.1410.63-0ubuntu0.12.04.1.debian.tar.gz Files: d4de10e2f7b7d8eb3abce56a249e4edc 2942 web optional chromium-browser_26.0.1410.63-0ubuntu0.12.04.1.dsc a463604316703057c38a1ccf02266b90 218815 web optional chromium-browser_26.0.1410.63-0ubuntu0.12.04.1.debian.tar.gz Original-Maintainer: Micah Gersten , Fabien Tassin