[Pkg-chromium-commit] chromium-browser/chromium-browser.experimental: 706 merge from sid

Fri Feb 18 16:29:37 UTC 2011

Branch name: chromium-browser/chromium-browser.experimental
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.experimental
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 706
Revision Id: iuculano at debian.org-20110218162937-n26424vbnzdsz0bk
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : merge from sid

[ Giuseppe Iuculano ]
* New stable version:
  - [67234] High Stale pointer in animation event handling. Credit to Rik
    Cabanier.
  - [68120] High Use-after-free in SVG font faces. Credit to miaubiz.
  - [69556] High Stale pointer with anonymous block handling. Credit to
    Martin Barbella.
  - [69970] Medium Out-of-bounds read in plug-in handling. Credit to Bill
    Budge of Google.
  - [70456] Medium Possible failure to terminate process on out-of-memory
    condition. Credit to David Warren of CERT/CC.
[ Daniel Echeverry ]
* Fixed FTBFS caused by nspr.patch (Closes: #612618)
* New stable version:
  - [55831] High Use-after-free in image loading. Credit to Aki Helin of OUSPG
  - [59081] Low Apply some restrictions to cross-origin drag + drop. Credit to
    Google Chrome Security Team (SkyLined) and the Google Security Team
    (Michal Zalewski, David Bloom).
  - [62791] Low Browser crash with extension with missing key. Credit to Brian
    Kirchoff.
  - [65669] Low Handle merging of autofill profiles more gracefully. Credit to
    Google Chrome Security Team (Inferno).
  - [68244] Low Browser crash with bad volume setting. Credit to Matthew
    Heidermann.
  - [69195] Critical Race condition in audio handling. Credit to the gamers of
    Reddit!
[ Giuseppe Iuculano ]
* New beta version.
* Added a README.Debian and warn about downgrading (Closes: #605548) 
* honor DEB_BUILD_OPTIONS=nocheck, thanks to Jonathan Nieder
  (Closes: #589653)
* Avoid "cannot access" messagges when using ffmpeg internal copy. Thanks to
  Jonathan Nieder. (Closes: #589563)
* Refreshed patches.
* Build against libv8
* Use libicu system headers
* Use system glew
* Use system xdg-utils
* Build-depends on libv8-dev >= 2.5.9
* Update translations in Desktop file. Thanks to the Ubuntu translation team.
* Upload to unstable
[ Fabien Tassin ]
* Add libxt-dev to Build-deps needed by ppGoogleNaClPluginChrome
* Add x-scheme-handler/http and x-scheme-handler/https to the MimeType
  entry of the desktop file
* Set CHROME_WRAPPER to the real name of the wrapper now that upstream
  use its value
* Set CHROME_DESKTOP in the wrapper to help the default browser
  checker (LP: #513133)
[ Daniel Echeverry ]
* Updated copyright file to DEP5. Closes: #580784
* Backported security patches from stable:
  - High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
  - High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. 
  - High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
  - High Stale pointer with SVG use element. Credited anonymously; plus
    indepdent discovery by miaubiz.
  - High Vorbis decoder buffer overflows. Credit to David Warren of CERT. 
  - High Bad cast in anchor handling. Credit to Sergey Glazunov. 
  - High Bad cast in video handling. Credit to Sergey Glazunov. 
  - High Stale rendering node after DOM node removal. Credit to Martin
    Barbella; plus independent discovery by Google Chrome Security Team
    (SkyLined). 
* Backported security patches from stable:
  - [64-bit Linux only] High Bad validation for message deserialization on
    64-bit builds. Credit to Lei Zhang of the Chromium development community.
  - Low Browser crash with NULL pointer in web worker handling. Credit to 
    Nathan Weizenbaum of Google.
  - Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
  - High Stale pointers in cursor handling. Credit to Sławomir Błażek and
    Sergey Glazunov.
* Backported security patches from stable:
  - Medium Cross-origin video theft with <canvas>. Credit to Nirankush
    Panchbhai and Microsoft Vulnerability Research (MSVR).
  - High Use after free in history handling. Credit to Stefan Troger.
  - Medium Make sure the “dangerous file types” list is uptodate with the
    Windows platforms. Credit to Billy Rios of the Google Security Team.
  - High Crash due to bad indexing with malformed video. Credit to miaubiz. 
  - High Use after free with SVG animations. Credit to Sławomir Błażek.
  - Medium Use after free in mouse dragging event handling. Credit to kuzzcc.
* Added the missing changelog credit for the 5.0.375.29~r46008-1 revision.
  Obviously this was not a "stealing" as foolishly written by Fabien Tassin
  in a blog rant, but was a bad debian/changelog merge.
* Backported security patches from stable:
  - High Use-after-free in text editing. Credit to David Bloom of the Google
    Security Team, Google Chrome Security Team (Inferno) and Google Chrome
    Security Team (Cris Neckar).
  - High Memory corruption with enormous text area. Credit to wushi of
    team509.
  - High Bad cast with the SVG use element. Credit to the kuzzcc.
  - High Use-after-free in text control selections. Credit to "vkouchna".
  - High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
  - High Bad use of destroyed frame object. Credit to various developers,
    including "gundlach".
  - High Type confusions with event objects. Credit to "fam.lam" and Google
    Chrome Security Team (Inferno).
  - High Out-of-bounds array access in SVG handling. Credit to wushi of
    team509.
* New stable microrelease.
* Allow to choose whether links are opened in a new link or new tab.
  (Closes: #581391) Thanks to Sam Morris
* Backported security patches:
  - Medium Possible autofill / autocomplete profile spamming. Credit to
    Google Chrome Security Team (Inferno).
  - High Crash with forms. Credit to the Chromium development community.
  - Critical Browser crash with form autofill. Credit to the Chromium
    development community.
  - High Possible URL spoofing on page unload. Credit to kuzzcc; plus
    independent discovery by Jordi Chancel.
  - High Possible memory corruption with animated GIF. Credit to Simon Schaak.
  - High Failure to sandbox worker processes on Linux. Credit to Google
    Chrome Security Team (Chris Evans).
  - High Stale elements in an element map. Credit to Michal Zalewski of the
    Google Security Team.
[Giuseppe Iuculano]
* New upstream release from the Beta Channel
* Fixed a typo in the maintainer field
  - update debian/control
* Removed ubuntu_dont_overwrite_default_download_directory.patch, the default
  download location can be set via the options dialog
  - update debian/patches/series
  - removed ubuntu_dont_overwrite_default_download_directory.patch
* use dh_install --list-missing
  - update debian/rules
* Updated VCS control field, at this moment is a private branch on launchpad
  - update debian/control
* Updated debian/copyright and fixed glitches pointed out by ftpmaster
  - update debian/copyright
  - update debian/copyright.problems
* Added a strict depend in chromium-browser-inspector
  - update debian/control
[ Fabien Tassin ]


--------------------------------------------------------
  ** Added :
        - debian/README.Debian
        - debian/patches/icu.patch

  ** Modified :
        - debian/changelog
        - debian/chromium-browser.desktop
        - debian/chromium-browser.docs
        - debian/chromium-browser.sh.in
        - debian/chromium-browser.xml
        - debian/control
        - debian/copyright
        - debian/patches/glew.patch
        - debian/patches/nspr.patch
        - debian/patches/series
        - debian/patches/system-speech.patch
        - debian/patches/system_v8.patch
        - debian/patches/vpx.patch
        - debian/rules

-------------- next part --------------
Diff too large for email (31949 lines, the limit is 100).