[Pkg-chromium-commit] [pkg-chromium] 01/01: release 55.0.2883.75-1
Michael Gilbert
mgilbert at moszumanska.debian.org
Sat Dec 10 22:19:22 UTC 2016
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch master
in repository pkg-chromium.
commit 16c7b5099e8600de71a8b77d424c674a5d1043af
Author: Michael Gilbert <mgilbert at debian.org>
Date: Sat Dec 10 22:18:41 2016 +0000
release 55.0.2883.75-1
---
debian/changelog | 37 ++++++++++++++++
debian/chromium.install | 1 -
debian/clean | 1 +
debian/copyright | 2 +
debian/patches/build-flags.patch | 51 ++++++++++++++++++++++
.../patches/disable/default-browser-warning.patch | 2 +-
debian/patches/disable/google-api-warning.patch | 2 +-
debian/patches/gpu-timeout.patch | 8 ++--
debian/patches/manpage.patch | 11 -----
debian/patches/series | 3 +-
debian/patches/system/clang.patch | 16 -------
debian/patches/system/event.patch | 6 +--
debian/patches/system/ffmpeg.patch | 4 +-
debian/patches/system/icu.patch | 12 +++++
debian/patches/system/nspr.patch | 6 +--
debian/patches/system/vpx.patch | 4 +-
debian/rules | 12 ++---
17 files changed, 125 insertions(+), 53 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 4554f04..98eead0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,40 @@
+chromium-browser (55.0.2883.75-1) unstable; urgency=medium
+
+ * New upstream stable release:
+ - CVE-2016-9651: Private property access in V8. Credit to Guang Gong
+ - CVE-2016-5208: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2016-5207: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2016-5206: Same-origin bypass in PDFium. Credit to Rob Wu
+ - CVE-2016-5205: Universal XSS in Blink. Credit to Anonymous
+ - CVE-2016-5204: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2016-5209: Out of bounds write in Blink. Credit to Giwan Go
+ - CVE-2016-5203: Use after free in PDFium. Credit to Anonymous
+ - CVE-2016-5210: Out of bounds write in PDFium. Credit to Ke Liu
+ - CVE-2016-5212: Local file disclosure in DevTools. Credit to Khalil Zhani
+ - CVE-2016-5211: Use after free in PDFium. Credit to Anonymous
+ - CVE-2016-5213: Use after free in V8. Credit to Khalil Zhani
+ - CVE-2016-5214: File download protection bypass. Credit to Jonathan Birch
+ and MSVR
+ - CVE-2016-5216: Use after free in PDFium. Credit to Anonymous
+ - CVE-2016-5215: Use after free in Webaudio. Credit to Looben Yang
+ - CVE-2016-5217: Use of unvalidated data in PDFium. Credit to Rob Wu
+ - CVE-2016-5218: Address spoofing in Omnibox. Credit to Abdulrahman
+ Alqabandi
+ - CVE-2016-5219: Use after free in V8. Credit to Rob Wu
+ - CVE-2016-5221: Integer overflow in ANGLE. Credit to Tim Becker
+ - CVE-2016-5220: Local file access in PDFium. Credit to Rob Wu
+ - CVE-2016-5222: Address spoofing in Omnibox. Credit to xisigr
+ - CVE-2016-9650: CSP Referrer disclosure. Credit to Jakub Żoczek
+ - CVE-2016-5223: Integer overflow in PDFium. Credit to Hwiwon Lee
+ - CVE-2016-5226: Limited XSS in Blink. Credit to Jun Kokatsu
+ - CVE-2016-5225: CSP bypass in Blink. Credit to Scott Helme
+ - CVE-2016-5224: Same-origin bypass in SVG. Credit to Roeland Krak
+ - CVE-2016-9652: Various fixes from internal audits, fuzzing and other
+ initiatives
+ * Make it possible to pass build flags into gn (closes: #845785).
+
+ -- Michael Gilbert <mgilbert at debian.org> Fri, 02 Dec 2016 02:06:59 +0000
+
chromium-browser (54.0.2840.101-1) unstable; urgency=medium
* New upstream stable release:
diff --git a/debian/chromium.install b/debian/chromium.install
index 5e0256f..ff9f26d 100644
--- a/debian/chromium.install
+++ b/debian/chromium.install
@@ -3,7 +3,6 @@ out/Release/chrome-sandbox usr/lib/chromium
out/Release/*.bin usr/lib/chromium
out/Release/*.pak usr/lib/chromium
-out/Release/icudtl.dat usr/lib/chromium
out/Release/resources/en-US.pak usr/lib/chromium/locales
diff --git a/debian/clean b/debian/clean
index e1c582b..44bef22 100644
--- a/debian/clean
+++ b/debian/clean
@@ -16,3 +16,4 @@ third_party/re2/BUILD.gn
third_party/snappy/BUILD.gn
third_party/yasm/yasm_assemble.gni
third_party/zlib/BUILD.gn
+third_party/icu/BUILD.gn
diff --git a/debian/copyright b/debian/copyright
index 9b581ce..8b38885 100644
--- a/debian/copyright
+++ b/debian/copyright
@@ -34,7 +34,9 @@ Files-Excluded:
third_party/libxslt/libxslt
third_party/libxslt/mac
third_party/libxslt/win32
+ third_party/libxslt/linux
third_party/catapult/tracing/test_data
+ third_party/google_input_tools/src/chrome/os/inputview/_locales/*.js
base/test/data
base/third_party/nspr
third_party/binutils
diff --git a/debian/patches/build-flags.patch b/debian/patches/build-flags.patch
new file mode 100644
index 0000000..abb2ab0
--- /dev/null
+++ b/debian/patches/build-flags.patch
@@ -0,0 +1,51 @@
+description: support build flags passed in the --args to gn
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/build/toolchain/linux/BUILD.gn
++++ b/build/toolchain/linux/BUILD.gn
+@@ -5,6 +5,12 @@
+ import("//build/config/sysroot.gni")
+ import("//build/toolchain/gcc_toolchain.gni")
+
++declare_args() {
++ target_extra_cflags = ""
++ target_extra_ldflags = ""
++ target_extra_cxxflags = ""
++}
++
+ clang_toolchain("clang_arm") {
+ toolprefix = "arm-linux-gnueabihf-"
+ toolchain_args = {
+@@ -32,6 +38,10 @@ gcc_toolchain("arm") {
+ readelf = "${toolprefix}readelf"
+ nm = "${toolprefix}nm"
+
++ extra_cflags = target_extra_cflags
++ extra_ldflags = target_extra_ldflags
++ extra_cxxflags = target_extra_cxxflags
++
+ toolchain_args = {
+ current_cpu = "arm"
+ current_os = "linux"
+@@ -71,6 +81,10 @@ gcc_toolchain("x86") {
+ ar = "ar"
+ ld = cxx
+
++ extra_cflags = target_extra_cflags
++ extra_ldflags = target_extra_ldflags
++ extra_cxxflags = target_extra_cxxflags
++
+ toolchain_args = {
+ current_cpu = "x86"
+ current_os = "linux"
+@@ -110,6 +124,10 @@ gcc_toolchain("x64") {
+ ar = "ar"
+ ld = cxx
+
++ extra_cflags = target_extra_cflags
++ extra_ldflags = target_extra_ldflags
++ extra_cxxflags = target_extra_cxxflags
++
+ toolchain_args = {
+ current_cpu = "x64"
+ current_os = "linux"
diff --git a/debian/patches/disable/default-browser-warning.patch b/debian/patches/disable/default-browser-warning.patch
index 98f78f7..da7a1e0 100644
--- a/debian/patches/disable/default-browser-warning.patch
+++ b/debian/patches/disable/default-browser-warning.patch
@@ -2,7 +2,7 @@ description: never show the default browser question
--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
-@@ -808,7 +808,7 @@ void StartupBrowserCreatorImpl::AddInfoB
+@@ -809,7 +809,7 @@ void StartupBrowserCreatorImpl::AddInfoB
browser->tab_strip_model()->GetActiveWebContents()));
#if !defined(OS_CHROMEOS)
diff --git a/debian/patches/disable/google-api-warning.patch b/debian/patches/disable/google-api-warning.patch
index 309ebd3..88a15d7 100644
--- a/debian/patches/disable/google-api-warning.patch
+++ b/debian/patches/disable/google-api-warning.patch
@@ -2,7 +2,7 @@ description: disable the google api key warning when those aren't found
--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
-@@ -804,8 +804,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+@@ -805,8 +805,6 @@ void StartupBrowserCreatorImpl::AddInfoB
if (is_process_startup == chrome::startup::IS_PROCESS_STARTUP &&
!command_line_.HasSwitch(switches::kTestType)) {
chrome::ShowBadFlagsPrompt(browser);
diff --git a/debian/patches/gpu-timeout.patch b/debian/patches/gpu-timeout.patch
index 836d6bd..e075caf 100644
--- a/debian/patches/gpu-timeout.patch
+++ b/debian/patches/gpu-timeout.patch
@@ -2,9 +2,9 @@ description: 10 seconds may not be enough, so don't kill the gpu process until 2
author: Chad MILLER <chad.miller at canonical.com>
bug-debian: http://bugs.debian.org/781940
---- a/content/gpu/gpu_main.cc
-+++ b/content/gpu/gpu_main.cc
-@@ -93,7 +93,7 @@ const int kGpuTimeout = 30000;
+--- a/gpu/ipc/service/gpu_watchdog_thread.cc
++++ b/gpu/ipc/service/gpu_watchdog_thread.cc
+@@ -36,7 +36,7 @@ const int kGpuTimeout = 30000;
// infected machines.
const int kGpuTimeout = 15000;
#else
@@ -12,4 +12,4 @@ bug-debian: http://bugs.debian.org/781940
+const int kGpuTimeout = 20000;
#endif
- namespace content {
+ #if defined(USE_X11)
diff --git a/debian/patches/manpage.patch b/debian/patches/manpage.patch
index 960463a..f8d3823 100644
--- a/debian/patches/manpage.patch
+++ b/debian/patches/manpage.patch
@@ -40,14 +40,3 @@ Author: Daniel Echeverry <epsilon77 at gmail.com>
<http://library.gnome.org/devel/gtk/stable/gtk-x11.html>
.SH ENVIRONMENT
---- a/chrome/chrome_exe.gypi
-+++ b/chrome/chrome_exe.gypi
-@@ -115,7 +115,7 @@
- }, { # else branding!="Chrome"
- 'variables': {
- 'name': 'Chromium',
-- 'filename': 'chromium-browser',
-+ 'filename': 'chromium',
- 'confdir': 'chromium',
- },
- }],
diff --git a/debian/patches/series b/debian/patches/series
index 099631a..948caa2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -14,11 +14,12 @@ glibc2.24.patch
ps-print.patch
gpu-timeout.patch
+build-flags.patch
master-preferences.patch
chromedriver-revision.patch
+system/icu.patch
system/vpx.patch
system/nspr.patch
system/event.patch
-system/clang.patch
system/ffmpeg.patch
diff --git a/debian/patches/system/clang.patch b/debian/patches/system/clang.patch
deleted file mode 100644
index c962971..0000000
--- a/debian/patches/system/clang.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-description: use system clang compilers
-author: Michael Gilbert <mgilbert at debian.org>
-
---- a/build/common.gypi
-+++ b/build/common.gypi
-@@ -5978,8 +5978,8 @@
- ['clang==1 and ((OS!="mac" and OS!="ios") or clang_xcode==0) '
- 'and OS!="win"', {
- 'make_global_settings': [
-- ['CC', '<(make_clang_dir)/bin/clang'],
-- ['CXX', '<(make_clang_dir)/bin/clang++'],
-+ ['CC', '/usr/bin/clang'],
-+ ['CXX', '/usr/bin/clang++'],
- ['CC.host', '$(CC)'],
- ['CXX.host', '$(CXX)'],
- ],
diff --git a/debian/patches/system/event.patch b/debian/patches/system/event.patch
index 452f3de..d09295c 100644
--- a/debian/patches/system/event.patch
+++ b/debian/patches/system/event.patch
@@ -14,7 +14,7 @@ author: Michael Gilbert <mgilbert at debian.org>
#include "webrtc/base/task_queue_posix.h"
--- a/tools/gn/bootstrap/bootstrap.py
+++ b/tools/gn/bootstrap/bootstrap.py
-@@ -540,29 +540,9 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -541,29 +541,9 @@ def write_gn_ninja(path, root_gen_dir, o
'base/time/time_posix.cc',
'base/trace_event/heap_profiler_allocation_register_posix.cc',
])
@@ -45,7 +45,7 @@ author: Michael Gilbert <mgilbert at debian.org>
ldflags.extend(['-pthread'])
static_libraries['xdg_user_dirs'] = {
-@@ -586,13 +566,6 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -587,13 +567,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/threading/platform_thread_linux.cc',
'base/trace_event/malloc_dump_provider.cc',
])
@@ -59,7 +59,7 @@ author: Michael Gilbert <mgilbert at debian.org>
if is_mac:
static_libraries['base']['sources'].extend([
-@@ -621,12 +594,6 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -622,12 +595,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/threading/platform_thread_mac.mm',
'base/trace_event/malloc_dump_provider.cc',
])
diff --git a/debian/patches/system/ffmpeg.patch b/debian/patches/system/ffmpeg.patch
index 21c5404..d0299b2 100644
--- a/debian/patches/system/ffmpeg.patch
+++ b/debian/patches/system/ffmpeg.patch
@@ -17,7 +17,7 @@ Last-Update: <2015-07-26>
#include <libavutil/imgutils.h>
--- a/media/filters/ffmpeg_demuxer.cc
+++ b/media/filters/ffmpeg_demuxer.cc
-@@ -1151,24 +1151,6 @@ void FFmpegDemuxer::OnFindStreamInfoDone
+@@ -1186,24 +1186,6 @@ void FFmpegDemuxer::OnFindStreamInfoDone
// If no estimate is found, the stream entry will be kInfiniteDuration.
std::vector<base::TimeDelta> start_time_estimates(format_context->nb_streams,
kInfiniteDuration);
@@ -41,7 +41,7 @@ Last-Update: <2015-07-26>
- }
std::unique_ptr<MediaTracks> media_tracks(new MediaTracks());
- AVStream* audio_stream = NULL;
+
--- a/third_party/webrtc/modules/video_coding/codecs/h264/h264_decoder_impl.cc
+++ b/third_party/webrtc/modules/video_coding/codecs/h264/h264_decoder_impl.cc
@@ -15,9 +15,9 @@
diff --git a/debian/patches/system/icu.patch b/debian/patches/system/icu.patch
new file mode 100644
index 0000000..e41b682
--- /dev/null
+++ b/debian/patches/system/icu.patch
@@ -0,0 +1,12 @@
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -833,8 +833,7 @@ group("gn_only") {
+ deps += [ "//ui/ozone/demo" ]
+ }
+
+- if ((is_linux && !is_chromeos && !is_chromecast) || (is_win && use_drfuzz) ||
+- (use_libfuzzer && is_mac)) {
++ if (false) {
+ deps += [
+ "//testing/libfuzzer/fuzzers",
+ "//testing/libfuzzer/tests:libfuzzer_tests",
diff --git a/debian/patches/system/nspr.patch b/debian/patches/system/nspr.patch
index 1920bee..266a05f 100644
--- a/debian/patches/system/nspr.patch
+++ b/debian/patches/system/nspr.patch
@@ -25,7 +25,7 @@ author: Michael Gilbert <mgilbert at debian.org>
namespace base {
--- a/tools/gn/bootstrap/bootstrap.py
+++ b/tools/gn/bootstrap/bootstrap.py
-@@ -463,7 +463,6 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -464,7 +464,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/third_party/dmg_fp/dtoa_wrapper.cc',
'base/third_party/dmg_fp/g_fmt.cc',
'base/third_party/icu/icu_utf.cc',
@@ -33,7 +33,7 @@ author: Michael Gilbert <mgilbert at debian.org>
'base/threading/non_thread_safe_impl.cc',
'base/threading/post_task_and_reply_impl.cc',
'base/threading/sequenced_task_runner_handle.cc',
-@@ -563,7 +562,7 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -564,7 +563,7 @@ def write_gn_ninja(path, root_gen_dir, o
}
if is_linux:
@@ -54,7 +54,7 @@ author: Michael Gilbert <mgilbert at debian.org>
}
config("base_implementation") {
-@@ -814,8 +817,6 @@ component("base") {
+@@ -823,8 +826,6 @@ component("base") {
"third_party/dmg_fp/g_fmt.cc",
"third_party/icu/icu_utf.cc",
"third_party/icu/icu_utf.h",
diff --git a/debian/patches/system/vpx.patch b/debian/patches/system/vpx.patch
index fefd09c..75474f0 100644
--- a/debian/patches/system/vpx.patch
+++ b/debian/patches/system/vpx.patch
@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert at debian.org>
--- a/third_party/webrtc/modules/video_coding/BUILD.gn
+++ b/third_party/webrtc/modules/video_coding/BUILD.gn
-@@ -91,7 +91,6 @@ source_set("video_coding") {
+@@ -88,7 +88,6 @@ rtc_static_library("video_coding") {
":webrtc_h264",
":webrtc_i420",
":webrtc_vp8",
@@ -25,7 +25,7 @@ author: Michael Gilbert <mgilbert at debian.org>
return nullptr;
--- a/third_party/webrtc/media/engine/webrtcvideoengine2.cc
+++ b/third_party/webrtc/media/engine/webrtcvideoengine2.cc
-@@ -160,10 +160,6 @@ bool CodecIsInternallySupported(const st
+@@ -161,10 +161,6 @@ bool CodecIsInternallySupported(const st
if (CodecNamesEq(codec_name, kVp8CodecName)) {
return true;
}
diff --git a/debian/rules b/debian/rules
index 8fd8356..a76d517 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,18 +6,14 @@ export DH_VERBOSE=1
# enable all build hardening flags
export DEB_BUILD_MAINT_OPTIONS=hardening=+all
-# linker flags to avoid memory allocation issues on i386
-export LDFLAGS+=-Wl,--no-keep-memory -Wl,--reduce-memory-overheads -Wl,--hash-size=7919
+# build with gcc instead of clang
+defines=is_clang=false clang_use_chrome_plugins=false
# more verbose linker output
-export LDFLAGS+=-Wl,--stats
+defines+=target_extra_ldflags=\"-Wl,--stats\"
# avoid error in v8's garbage collector (see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=68853)
-export CFLAGS+=-fno-delete-null-pointer-checks
-export CXXFLAGS+=-fno-delete-null-pointer-checks
-
-# build with gcc instead of clang
-defines=is_clang=false clang_use_chrome_plugins=false
+defines+=target_extra_cxxflags=\"-fno-delete-null-pointer-checks\"
# set the appropriate cpu architecture
ifeq (i386,$(shell dpkg-architecture -qDEB_HOST_ARCH))
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git
More information about the Pkg-chromium-commit
mailing list