[Pkg-chromium-commit] [pkg-chromium] 01/01: release 56.0.2924.76-1~deb8u1
Michael Gilbert
mgilbert at moszumanska.debian.org
Sun Feb 26 03:18:49 UTC 2017
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch jessie
in repository pkg-chromium.
commit 818da0c5e358d25ed16768fe25f24316b5b22237
Author: Michael Gilbert <mgilbert at debian.org>
Date: Sun Feb 26 03:18:22 2017 +0000
release 56.0.2924.76-1~deb8u1
---
debian/changelog | 31 ++++++++++++++++++++++
debian/patches/clang.patch | 2 +-
debian/patches/clang3.5.patch | 4 +--
debian/patches/disable/google-api-warning.patch | 2 +-
debian/patches/gtk2.patch | 30 +++++++++++++++++++++
debian/patches/nspr.patch | 8 +++---
debian/patches/png12.patch | 14 ++++++++++
debian/patches/ps-print.patch | 6 ++---
debian/patches/series | 6 ++++-
debian/patches/skia.patch | 16 -----------
.../third-party-cookies-off-by-default.patch | 2 +-
debian/patches/webkit.patch | 13 +++++++++
debian/patches/webrtc.patch | 21 +++++++++++++++
debian/rules | 3 +--
14 files changed, 127 insertions(+), 31 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 16daec4..3944326 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,34 @@
+chromium-browser (56.0.2924.76-1~deb8u1) jessie-security; urgency=medium
+
+ * New upstream stable release:
+ - CVE-2017-5007: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2017-5006: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2017-5008: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2017-5010: Universal XSS in Blink. Credit to Mariusz Mlynski
+ - CVE-2017-5011: Unauthorised file access in Devtools. Credit to Khalil
+ Zhani
+ - CVE-2017-5009: Out of bounds memory access in WebRTC. Credit to Sean
+ Stanek and Chip Bradford
+ - CVE-2017-5012: Heap overflow in V8. Credit to Gergely Nagy
+ - CVE-2017-5013: Address spoofing in Omnibox. Credit to Haosheng Wang
+ - CVE-2017-5014: Heap overflow in Skia. Credit to sweetchip
+ - CVE-2017-5015: Address spoofing in Omnibox. Credit to Armin Razmdjou
+ - CVE-2017-5019: Use after free in Renderer. Credit to Wadih Matar
+ - CVE-2017-5016: UI spoofing in Blink. Credit to Haosheng Wang
+ - CVE-2017-5017: Uninitialised memory access in webm video. Credit to
+ danberm
+ - CVE-2017-5018: Universal XSS in chrome://apps. Credit to Rob Wu
+ - CVE-2017-5020: Universal XSS in chrome://downloads. Credit to Rob Wu
+ - CVE-2017-5021: Use after free in Extensions. Credit to Rob Wu
+ - CVE-2017-5022: Bypass of Content Security Policy in Blink. Credit to
+ PKAV Team.
+ - CVE-2017-5023: Type confusion in metrics. Credit to the UK's National
+ Cyber Security Centre (NCSC)
+ - CVE-2017-5026: UI spoofing. Credit to Ronni Skansing
+ * Fix regression in pulseaudio (closes: #848029).
+
+ -- Michael Gilbert <mgilbert at debian.org> Sun, 18 Dec 2016 19:22:51 +0000
+
chromium-browser (55.0.2883.75-1~deb8u1) jessie-security; urgency=medium
* New upstream stable release:
diff --git a/debian/patches/clang.patch b/debian/patches/clang.patch
index 787899d..8df1e93 100644
--- a/debian/patches/clang.patch
+++ b/debian/patches/clang.patch
@@ -14,7 +14,7 @@ author: Michael Gilbert <mgilbert at debian.org>
ld = cxx
--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
-@@ -407,7 +407,7 @@ config("compiler") {
+@@ -401,7 +401,7 @@ config("compiler") {
# clang-cl (used if is_win) doesn't expose this flag.
# Currently disabled for nacl since its toolchain lacks this flag (too old).
# TODO(zforman): Once nacl's toolchain is updated, remove check.
diff --git a/debian/patches/clang3.5.patch b/debian/patches/clang3.5.patch
index 794369c..95b4acc 100644
--- a/debian/patches/clang3.5.patch
+++ b/debian/patches/clang3.5.patch
@@ -11,7 +11,7 @@
return false;
--- a/chrome/common/extensions/chrome_extensions_client.h
+++ b/chrome/common/extensions/chrome_extensions_client.h
-@@ -57,9 +57,9 @@ class ChromeExtensionsClient : public Ex
+@@ -58,9 +58,9 @@ class ChromeExtensionsClient : public Ex
static ChromeExtensionsClient* GetInstance();
private:
@@ -26,7 +26,7 @@
// list (except in tests) without consulting the Extensions team first.
--- a/services/ui/surfaces/surfaces_context_provider.cc
+++ b/services/ui/surfaces/surfaces_context_provider.cc
-@@ -77,7 +77,7 @@ bool SurfacesContextProvider::BindToCurr
+@@ -78,7 +78,7 @@ bool SurfacesContextProvider::BindToCurr
gpu::CommandBuffer* command_buffer = command_buffer_proxy_impl_.get();
gles2_helper_.reset(new gpu::gles2::GLES2CmdHelper(command_buffer));
diff --git a/debian/patches/disable/google-api-warning.patch b/debian/patches/disable/google-api-warning.patch
index 88a15d7..309ebd3 100644
--- a/debian/patches/disable/google-api-warning.patch
+++ b/debian/patches/disable/google-api-warning.patch
@@ -2,7 +2,7 @@ description: disable the google api key warning when those aren't found
--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
-@@ -805,8 +805,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+@@ -804,8 +804,6 @@ void StartupBrowserCreatorImpl::AddInfoB
if (is_process_startup == chrome::startup::IS_PROCESS_STARTUP &&
!command_line_.HasSwitch(switches::kTestType)) {
chrome::ShowBadFlagsPrompt(browser);
diff --git a/debian/patches/gtk2.patch b/debian/patches/gtk2.patch
new file mode 100644
index 0000000..f9eb5c2
--- /dev/null
+++ b/debian/patches/gtk2.patch
@@ -0,0 +1,30 @@
+description: avoid dependence on gtk3
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -362,7 +362,9 @@ group("both_gn_and_gyp") {
+ if (is_linux && !is_chromeos && !is_chromecast && !use_ozone) {
+ # TODO(thomasanderson): Remove this once we build using
+ # GTK3 by default. (crbug.com/132847, crbug.com/79722)
++ if (use_gtk3) {
+ deps += [ "//chrome/browser/ui/libgtkui:libgtk3ui" ]
++ }
+ }
+
+ if (use_ozone) {
+--- a/chrome/browser/ui/libgtkui/BUILD.gn
++++ b/chrome/browser/ui/libgtkui/BUILD.gn
+@@ -135,6 +135,7 @@ component("libgtk2ui") {
+ ]
+ }
+
++if (use_gtk3) {
+ component("libgtk3ui") {
+ sources = common_sources
+ configs += common_configs
+@@ -148,3 +149,4 @@ component("libgtk3ui") {
+ "//chrome/browser:theme_properties",
+ ]
+ }
++}
diff --git a/debian/patches/nspr.patch b/debian/patches/nspr.patch
index 863300d..13e9540 100644
--- a/debian/patches/nspr.patch
+++ b/debian/patches/nspr.patch
@@ -24,7 +24,7 @@ Include system copy of prtime.h
namespace base {
--- a/tools/gn/bootstrap/bootstrap.py
+++ b/tools/gn/bootstrap/bootstrap.py
-@@ -467,7 +467,6 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -466,7 +466,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/third_party/dmg_fp/dtoa_wrapper.cc',
'base/third_party/dmg_fp/g_fmt.cc',
'base/third_party/icu/icu_utf.cc',
@@ -32,7 +32,7 @@ Include system copy of prtime.h
'base/threading/non_thread_safe_impl.cc',
'base/threading/post_task_and_reply_impl.cc',
'base/threading/sequenced_task_runner_handle.cc',
-@@ -567,7 +566,7 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -566,7 +565,7 @@ def write_gn_ninja(path, root_gen_dir, o
}
if is_linux:
@@ -43,7 +43,7 @@ Include system copy of prtime.h
static_libraries['xdg_user_dirs'] = {
--- a/base/BUILD.gn
+++ b/base/BUILD.gn
-@@ -52,6 +52,9 @@ config("base_flags") {
+@@ -49,6 +49,9 @@ config("base_flags") {
"-Wno-char-subscripts",
]
}
@@ -53,7 +53,7 @@ Include system copy of prtime.h
}
config("base_implementation") {
-@@ -823,8 +826,6 @@ component("base") {
+@@ -833,8 +836,6 @@ component("base") {
"third_party/dmg_fp/g_fmt.cc",
"third_party/icu/icu_utf.cc",
"third_party/icu/icu_utf.h",
diff --git a/debian/patches/png12.patch b/debian/patches/png12.patch
new file mode 100644
index 0000000..4ff279d
--- /dev/null
+++ b/debian/patches/png12.patch
@@ -0,0 +1,14 @@
+description: use correct argument type for jessie's png12
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/third_party/WebKit/Source/platform/image-decoders/png/PNGImageDecoder.cpp
++++ b/third_party/WebKit/Source/platform/image-decoders/png/PNGImageDecoder.cpp
+@@ -65,7 +65,7 @@ inline sk_sp<SkColorSpace> readColorSpac
+
+ png_charp name = nullptr;
+ int compression = 0;
+- png_bytep profile = nullptr;
++ png_charp profile = nullptr;
+ png_uint_32 length = 0;
+ if (png_get_iCCP(png, info, &name, &compression, &profile, &length)) {
+ return SkColorSpace::MakeICC(profile, length);
diff --git a/debian/patches/ps-print.patch b/debian/patches/ps-print.patch
index d0e99b4..a6d6132 100644
--- a/debian/patches/ps-print.patch
+++ b/debian/patches/ps-print.patch
@@ -1,9 +1,9 @@
description: add ps printing capability
author: Salvatore Bonaccorso
---- a/chrome/browser/ui/libgtk2ui/print_dialog_gtk2.cc
-+++ b/chrome/browser/ui/libgtk2ui/print_dialog_gtk2.cc
-@@ -346,6 +346,7 @@ void PrintDialogGtk2::ShowDialog(
+--- a/chrome/browser/ui/libgtkui/print_dialog_gtk.cc
++++ b/chrome/browser/ui/libgtkui/print_dialog_gtk.cc
+@@ -348,6 +348,7 @@ void PrintDialogGtk2::ShowDialog(
// Since we only generate PDF, only show printers that support PDF.
// TODO(thestig) Add more capabilities to support?
GtkPrintCapabilities cap = static_cast<GtkPrintCapabilities>(
diff --git a/debian/patches/series b/debian/patches/series
index 2363026..feb55e2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,5 +13,9 @@ third-party-cookies-off-by-default.patch
ps-print.patch
chromedriver-revision.patch
-skia.patch
webui.patch
+
+gtk2.patch
+webrtc.patch
+webkit.patch
+png12.patch
diff --git a/debian/patches/skia.patch b/debian/patches/skia.patch
deleted file mode 100644
index 8fca7ac..0000000
--- a/debian/patches/skia.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-description: avoid a clang 4.0 compiler intrinsic
-author: Michael Gilbert <mgilbert at debian.org>
-
---- a/third_party/skia/src/opts/SkRasterPipeline_opts.h
-+++ b/third_party/skia/src/opts/SkRasterPipeline_opts.h
-@@ -40,8 +40,10 @@ static inline void SK_VECTORCALL stage_1
- Sk4f r, Sk4f g, Sk4f b, Sk4f a,
- Sk4f dr, Sk4f dg, Sk4f db, Sk4f da) {
- #if defined(__clang__)
-+#if __has_builtin(__builtin_assume)
- __builtin_assume(tail > 0); // This flourish lets Clang compile away any tail==0 code.
- #endif
-+#endif
- kernel(st->ctx<void*>(), x,tail, r,g,b,a, dr,dg,db,da);
- if (kCallNext) {
- st->next(x,tail, r,g,b,a, dr,dg,db,da);
diff --git a/debian/patches/third-party-cookies-off-by-default.patch b/debian/patches/third-party-cookies-off-by-default.patch
index ebde120..3ba1f38 100644
--- a/debian/patches/third-party-cookies-off-by-default.patch
+++ b/debian/patches/third-party-cookies-off-by-default.patch
@@ -3,7 +3,7 @@ Author: Chad Miller <chad.miller at canonical.com>
--- a/components/content_settings/core/browser/cookie_settings.cc
+++ b/components/content_settings/core/browser/cookie_settings.cc
-@@ -82,7 +82,7 @@ void CookieSettings::GetCookieSettings(
+@@ -83,7 +83,7 @@ void CookieSettings::GetCookieSettings(
void CookieSettings::RegisterProfilePrefs(
user_prefs::PrefRegistrySyncable* registry) {
registry->RegisterBooleanPref(
diff --git a/debian/patches/webkit.patch b/debian/patches/webkit.patch
new file mode 100644
index 0000000..65a415e
--- /dev/null
+++ b/debian/patches/webkit.patch
@@ -0,0 +1,13 @@
+description: fix clang uninitialized const member error
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/third_party/WebKit/Source/modules/indexeddb/IDBTransaction.cpp
++++ b/third_party/WebKit/Source/modules/indexeddb/IDBTransaction.cpp
+@@ -133,6 +133,7 @@ IDBTransaction::IDBTransaction(Execution
+ m_database(db),
+ m_openDBRequest(openDBRequest),
+ m_mode(WebIDBTransactionModeVersionChange),
++ m_scope(),
+ m_state(Inactive),
+ m_oldDatabaseMetadata(oldMetadata) {
+ DCHECK(m_database);
diff --git a/debian/patches/webrtc.patch b/debian/patches/webrtc.patch
new file mode 100644
index 0000000..ec4e6e4
--- /dev/null
+++ b/debian/patches/webrtc.patch
@@ -0,0 +1,21 @@
+description: fix unique_ptr casting problem detected by clang
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/third_party/webrtc/modules/desktop_capture/screen_capturer_x11.cc
++++ b/third_party/webrtc/modules/desktop_capture/screen_capturer_x11.cc
+@@ -407,12 +407,12 @@ std::unique_ptr<DesktopCapturer> Desktop
+ if (!options.x_display())
+ return nullptr;
+
+- std::unique_ptr<ScreenCapturerLinux> capturer(new ScreenCapturerLinux());
+- if (!capturer.get()->Init(options)) {
++ ScreenCapturerLinux *capturer = new ScreenCapturerLinux();
++ if (!capturer->Init(options)) {
+ return nullptr;
+ }
+
+- return capturer;
++ return std::unique_ptr<DesktopCapturer>(capturer);
+ }
+
+ } // namespace webrtc
diff --git a/debian/rules b/debian/rules
index f2a8589..c429169 100755
--- a/debian/rules
+++ b/debian/rules
@@ -43,8 +43,7 @@ defines+=is_debug=false \
# enabled features
defines+=use_gio=true \
use_gold=true \
- use_pulseaudio=false \
- link_pulseaudio=false \
+ use_pulseaudio=true \
proprietary_codecs=true \
ffmpeg_branding=\"Chrome\" \
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git
More information about the Pkg-chromium-commit
mailing list