[Pkg-chromium-commit] [pkg-chromium] 01/03: release 63.0.3239.84-1~deb9u1
Michael Gilbert
mgilbert at moszumanska.debian.org
Thu Feb 1 03:05:49 UTC 2018
This is an automated email from the git hooks/post-receive script.
mgilbert pushed a commit to branch stretch
in repository pkg-chromium.
commit a531ac8d8deb9a1ebd68d7b109fc13f3d5771ffe
Author: Michael Gilbert <mgilbert at debian.org>
Date: Wed Jan 31 02:22:59 2018 +0000
release 63.0.3239.84-1~deb9u1
---
debian/changelog | 29 ++++++++++++++++++++++++
debian/clean | 1 -
debian/patches/disable/external-components.patch | 23 +++++--------------
debian/patches/disable/fuzzers.patch | 2 +-
debian/patches/disable/google-api-warning.patch | 3 ++-
debian/patches/disable/promo.patch | 2 +-
debian/patches/fixes/chromedriver-revision.patch | 1 +
debian/patches/fixes/optimize.patch | 14 ++++++++++++
debian/patches/fixes/webrtc.patch | 13 +++++++++++
debian/patches/gn/parallel.patch | 4 ++--
debian/patches/manpage.patch | 12 ++--------
debian/patches/series | 4 ++--
debian/patches/system/event.patch | 14 ++++++------
debian/patches/system/icu.patch | 22 +++++++++++++++++-
debian/patches/system/nspr.patch | 8 +++----
debian/patches/system/vpx.patch | 4 ++--
debian/rules | 6 +++--
debian/scripts/unbundle | 19 ++++++++++------
18 files changed, 123 insertions(+), 58 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index acebb62..93d992e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,32 @@
+chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium
+
+ * New upstream stable release.
+ - CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
+ - CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
+ - CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
+ - CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn
+ - CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn
+ - CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
+ - CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
+ Viktor Brange
+ - CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
+ - CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
+ Max May
+ - CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
+ Arvind Shah
+ - CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
+ Jun Kokatsu
+ - CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
+ - CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
+ Greg Hudson
+ - CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
+ - CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
+ - CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
+ - CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
+ by Junaid Farhan
+
+ -- Michael Gilbert <mgilbert at debian.org> Sun, 03 Dec 2017 15:26:02 +0000
+
chromium-browser (62.0.3202.89-1~deb9u1) stretch-security; urgency=medium
* New upstream security release.
diff --git a/debian/clean b/debian/clean
index c41c88c..45ce66c 100644
--- a/debian/clean
+++ b/debian/clean
@@ -6,7 +6,6 @@ chrome/test/data/webui/i18n_process_css_test.html
third_party/ffmpeg/BUILD.gn
third_party/flac/BUILD.gn
-third_party/harfbuzz-ng/BUILD.gn
base/third_party/libevent/BUILD.gn
build/secondary/third_party/libjpeg_turbo/BUILD.gn
third_party/libdrm/BUILD.gn
diff --git a/debian/patches/disable/external-components.patch b/debian/patches/disable/external-components.patch
index 02a394f..3863623 100644
--- a/debian/patches/disable/external-components.patch
+++ b/debian/patches/disable/external-components.patch
@@ -3,37 +3,26 @@ description: disable loading external components
--- a/chrome/browser/extensions/external_component_loader.cc
+++ b/chrome/browser/extensions/external_component_loader.cc
-@@ -38,33 +38,12 @@ ExternalComponentLoader::~ExternalCompon
+@@ -34,22 +34,6 @@ ExternalComponentLoader::~ExternalCompon
void ExternalComponentLoader::StartLoading() {
- prefs_.reset(new base::DictionaryValue());
+ auto prefs = std::make_unique<base::DictionaryValue>();
-#if defined(GOOGLE_CHROME_BUILD)
-- AddExternalExtension(extension_misc::kInAppPaymentsSupportAppId);
+- AddExternalExtension(extension_misc::kInAppPaymentsSupportAppId, prefs.get());
-#endif // defined(GOOGLE_CHROME_BUILD)
-
- if (HotwordServiceFactory::IsHotwordAllowed(profile_))
-- AddExternalExtension(extension_misc::kHotwordSharedModuleId);
+- AddExternalExtension(extension_misc::kHotwordSharedModuleId, prefs.get());
-
-#if defined(OS_CHROMEOS)
- {
- base::CommandLine* const command_line =
- base::CommandLine::ForCurrentProcess();
- if (!command_line->HasSwitch(chromeos::switches::kDisableNewZIPUnpacker))
-- AddExternalExtension(extension_misc::kZIPUnpackerExtensionId);
+- AddExternalExtension(extension_misc::kZIPUnpackerExtensionId,
+- prefs.get());
- }
-#endif
if (media_router::MediaRouterEnabled(profile_) &&
FeatureSwitch::load_media_router_component_extension()->IsEnabled()) {
- AddExternalExtension(extension_misc::kMediaRouterStableExtensionId);
- }
-
--#if BUILDFLAG(ENABLE_APP_LIST) && defined(OS_CHROMEOS)
-- std::string google_now_extension_id;
-- if (GetGoogleNowExtensionId(&google_now_extension_id))
-- AddExternalExtension(google_now_extension_id);
--#endif
--
- LoadFinished();
- }
-
diff --git a/debian/patches/disable/fuzzers.patch b/debian/patches/disable/fuzzers.patch
index 56044fa..fbc123b 100644
--- a/debian/patches/disable/fuzzers.patch
+++ b/debian/patches/disable/fuzzers.patch
@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert at debian.org>
--- a/BUILD.gn
+++ b/BUILD.gn
-@@ -688,8 +688,7 @@ group("gn_all") {
+@@ -698,8 +698,7 @@ group("gn_all") {
}
}
diff --git a/debian/patches/disable/google-api-warning.patch b/debian/patches/disable/google-api-warning.patch
index 94a1691..3cb5e5e 100644
--- a/debian/patches/disable/google-api-warning.patch
+++ b/debian/patches/disable/google-api-warning.patch
@@ -1,8 +1,9 @@
description: disable the google api key warning when those aren't found
+author: Michael Gilbert <mgilbert at debian.org>
--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
-@@ -836,8 +836,6 @@ void StartupBrowserCreatorImpl::AddInfoB
+@@ -778,8 +778,6 @@ void StartupBrowserCreatorImpl::AddInfoB
!command_line_.HasSwitch(switches::kTestType) &&
!command_line_.HasSwitch(switches::kEnableAutomation)) {
chrome::ShowBadFlagsPrompt(browser);
diff --git a/debian/patches/disable/promo.patch b/debian/patches/disable/promo.patch
index df57d01..ee5f017 100644
--- a/debian/patches/disable/promo.patch
+++ b/debian/patches/disable/promo.patch
@@ -1,5 +1,5 @@
-author: Michael Gilbert <mgilbert at debian.org>
description: disable the ad promo system by default
+author: Michael Gilbert <mgilbert at debian.org>
bug-debian: http://bugs.debian.org/634101
--- a/chrome/browser/ui/app_list/app_list_service.cc
diff --git a/debian/patches/fixes/chromedriver-revision.patch b/debian/patches/fixes/chromedriver-revision.patch
index 0ef12c9..9528f06 100644
--- a/debian/patches/fixes/chromedriver-revision.patch
+++ b/debian/patches/fixes/chromedriver-revision.patch
@@ -1,4 +1,5 @@
description: set chromedriver version as undefined
+author: Michael Gilbert <mgilbert at debian.org>
--- a/chrome/test/chromedriver/embed_version_in_cpp.py
+++ b/chrome/test/chromedriver/embed_version_in_cpp.py
diff --git a/debian/patches/fixes/optimize.patch b/debian/patches/fixes/optimize.patch
new file mode 100644
index 0000000..6c8b81c
--- /dev/null
+++ b/debian/patches/fixes/optimize.patch
@@ -0,0 +1,14 @@
+description: add missing variable declaration
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/build/config/compiler/BUILD.gn
++++ b/build/config/compiler/BUILD.gn
+@@ -70,6 +70,8 @@ declare_args() {
+ msvs_xtree_patched = false
+ }
+
++ optimize_for_size = true
++
+ # Enable fatal linker warnings. Building Chromium with certain versions
+ # of binutils can cause linker warning.
+ # See: https://bugs.chromium.org/p/chromium/issues/detail?id=457359
diff --git a/debian/patches/fixes/webrtc.patch b/debian/patches/fixes/webrtc.patch
new file mode 100644
index 0000000..26364aa
--- /dev/null
+++ b/debian/patches/fixes/webrtc.patch
@@ -0,0 +1,13 @@
+description: add missing include needed for call to round
+author: Michael Gilbert <mgilbert at debian.org>
+
+--- a/third_party/webrtc/p2p/base/port.cc
++++ b/third_party/webrtc/p2p/base/port.cc
+@@ -10,6 +10,7 @@
+
+ #include "p2p/base/port.h"
+
++#include <cmath>
+ #include <algorithm>
+ #include <vector>
+
diff --git a/debian/patches/gn/parallel.patch b/debian/patches/gn/parallel.patch
index 1618c6b..4111c6d 100644
--- a/debian/patches/gn/parallel.patch
+++ b/debian/patches/gn/parallel.patch
@@ -11,8 +11,8 @@ author: Michael Gilbert <mgilbert at debian.org>
options, args = parser.parse_args(argv)
if args:
-@@ -207,6 +208,8 @@ def build_gn_with_ninja_manually(tempdir
- cmd = ['ninja', '-C', tempdir]
+@@ -208,6 +209,8 @@ def build_gn_with_ninja_manually(tempdir
+ cmd = ['ninja', '-C', tempdir, '-w', 'dupbuild=err']
if options.verbose:
cmd.append('-v')
+ if options.jobs:
diff --git a/debian/patches/manpage.patch b/debian/patches/manpage.patch
index 46f6b2e..7484fde 100644
--- a/debian/patches/manpage.patch
+++ b/debian/patches/manpage.patch
@@ -4,16 +4,8 @@ Author: Daniel Echeverry <epsilon77 at gmail.com>
--- a/chrome/app/resources/manpage.1.in
+++ b/chrome/app/resources/manpage.1.in
-@@ -1,5 +1,5 @@
--." This file is processed by chrome.gyp to generate manpages in the
--." build diretory.
-+.\" This file is processed by chrome.gyp to generate manpages in the
-+.\" build diretory.
- .TH @@FILENAME@@ 1 "" "" "USER COMMANDS"
-
- .SH NAME
@@ -20,6 +20,23 @@ This manpage only describes invocation,
- @@NAME@@ has hundreds of undocumented command-line flags that are added
+ @@MENUNAME@@ has hundreds of undocumented command-line flags that are added
and removed at the whim of the developers. Here, we document relatively
stable flags.
+
@@ -36,7 +28,7 @@ Author: Daniel Echeverry <epsilon77 at gmail.com>
.TP
\fB\-\-user\-data\-dir\fR=\fIDIR\fR
Specifies the directory that user data (your "profile") is kept in.
-@@ -110,6 +127,7 @@ as
+@@ -114,6 +131,7 @@ as
See the GTK documentation for more:
.IP
<http://library.gnome.org/devel/gtk/stable/gtk-running.html>
diff --git a/debian/patches/series b/debian/patches/series
index 6eaf436..72d1e22 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,7 +2,6 @@ manpage.patch
master-preferences.patch
gn/parallel.patch
-gn/bootstrap.patch
gn/buildflags.patch
disable/promo.patch
@@ -12,7 +11,8 @@ disable/third-party-cookies.patch
disable/external-components.patch
fixes/mojo.patch
-fixes/crc32.patch
+fixes/webrtc.patch
+fixes/optimize.patch
fixes/ps-print.patch
fixes/gpu-timeout.patch
fixes/widevine-revision.patch
diff --git a/debian/patches/system/event.patch b/debian/patches/system/event.patch
index 7ed24ed..3e71ca1 100644
--- a/debian/patches/system/event.patch
+++ b/debian/patches/system/event.patch
@@ -9,13 +9,13 @@ author: Michael Gilbert <mgilbert at debian.org>
-#include "base/third_party/libevent/event.h"
+#include <event.h>
- #include "webrtc/rtc_base/checks.h"
- #include "webrtc/rtc_base/logging.h"
- #include "webrtc/rtc_base/platform_thread.h"
+ #include "rtc_base/checks.h"
+ #include "rtc_base/logging.h"
+ #include "rtc_base/platform_thread.h"
--- a/tools/gn/bootstrap/bootstrap.py
+++ b/tools/gn/bootstrap/bootstrap.py
-@@ -622,26 +622,6 @@ def write_gn_ninja(path, root_gen_dir, o
- 'base/time/time_now_posix.cc',
+@@ -614,26 +614,6 @@ def write_gn_ninja(path, root_gen_dir, o
+ 'base/time/time_conversion_posix.cc',
'base/trace_event/heap_profiler_allocation_register_posix.cc',
])
- static_libraries['libevent'] = {
@@ -41,7 +41,7 @@ author: Michael Gilbert <mgilbert at debian.org>
if is_linux or is_aix:
ldflags.extend(['-pthread'])
-@@ -673,13 +653,7 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -667,13 +647,7 @@ def write_gn_ninja(path, root_gen_dir, o
'base/allocator/allocator_shim.cc',
'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
])
@@ -56,7 +56,7 @@ author: Michael Gilbert <mgilbert at debian.org>
else:
libs.extend(['-lrt'])
static_libraries['base']['sources'].extend([
-@@ -716,12 +690,6 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -711,12 +685,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/time/time_mac.cc',
'base/threading/platform_thread_mac.mm',
])
diff --git a/debian/patches/system/icu.patch b/debian/patches/system/icu.patch
index 9bd7921..f90d29c 100644
--- a/debian/patches/system/icu.patch
+++ b/debian/patches/system/icu.patch
@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert at debian.org>
--- a/v8/src/runtime/runtime-intl.cc
+++ b/v8/src/runtime/runtime-intl.cc
-@@ -632,7 +632,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
+@@ -714,7 +714,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
return *isolate->factory()
->NewStringFromTwoByte(Vector<const uint16_t>(
reinterpret_cast<const uint16_t*>(
@@ -30,3 +30,23 @@ author: Michael Gilbert <mgilbert at debian.org>
}
String StringForText(const void* text,
+--- a/net/BUILD.gn
++++ b/net/BUILD.gn
+@@ -11,7 +11,6 @@ import("//build/config/ui.gni")
+ import("//net/features.gni")
+ import("//testing/libfuzzer/fuzzer_test.gni")
+ import("//testing/test.gni")
+-import("//third_party/icu/config.gni")
+ import("//third_party/protobuf/proto_library.gni")
+ import("//tools/grit/grit_rule.gni")
+ import("//url/features.gni")
+--- a/v8/gni/isolate.gni
++++ b/v8/gni/isolate.gni
+@@ -3,7 +3,6 @@
+ # found in the LICENSE file.
+
+ import("//build/config/sanitizers/sanitizers.gni")
+-import("//third_party/icu/config.gni")
+ import("v8.gni")
+
+ declare_args() {
diff --git a/debian/patches/system/nspr.patch b/debian/patches/system/nspr.patch
index abb4373..2f386fd 100644
--- a/debian/patches/system/nspr.patch
+++ b/debian/patches/system/nspr.patch
@@ -31,9 +31,9 @@ author: Michael Gilbert <mgilbert at debian.org>
'base/third_party/icu/icu_utf.cc',
- 'base/third_party/nspr/prtime.cc',
'base/threading/post_task_and_reply_impl.cc',
+ 'base/threading/scoped_blocking_call.cc',
'base/threading/sequence_local_storage_map.cc',
- 'base/threading/sequenced_task_runner_handle.cc',
-@@ -674,7 +673,7 @@ def write_gn_ninja(path, root_gen_dir, o
+@@ -668,7 +667,7 @@ def write_gn_ninja(path, root_gen_dir, o
'base/allocator/allocator_shim.cc',
'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
])
@@ -44,7 +44,7 @@ author: Michael Gilbert <mgilbert at debian.org>
])
--- a/base/BUILD.gn
+++ b/base/BUILD.gn
-@@ -53,6 +53,9 @@ config("base_flags") {
+@@ -58,6 +58,9 @@ config("base_flags") {
"-Wno-char-subscripts",
]
}
@@ -54,7 +54,7 @@ author: Michael Gilbert <mgilbert at debian.org>
}
config("base_implementation") {
-@@ -852,8 +855,6 @@ component("base") {
+@@ -851,8 +854,6 @@ component("base") {
"third_party/dmg_fp/g_fmt.cc",
"third_party/icu/icu_utf.cc",
"third_party/icu/icu_utf.h",
diff --git a/debian/patches/system/vpx.patch b/debian/patches/system/vpx.patch
index 30732ef..414a2ab 100644
--- a/debian/patches/system/vpx.patch
+++ b/debian/patches/system/vpx.patch
@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert at debian.org>
--- a/third_party/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
+++ b/third_party/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
-@@ -1171,9 +1171,6 @@ int VP8DecoderImpl::Decode(const Encoded
+@@ -1188,9 +1188,6 @@ int VP8DecoderImpl::Decode(const Encoded
img = vpx_codec_get_frame(decoder_, &iter);
int qp;
@@ -13,7 +13,7 @@ author: Michael Gilbert <mgilbert at debian.org>
ret = ReturnFrame(img, input_image._timeStamp, input_image.ntp_time_ms_, qp);
if (ret != 0) {
// Reset to avoid requesting key frames too often.
-@@ -1227,8 +1224,9 @@ int VP8DecoderImpl::ReturnFrame(const vp
+@@ -1244,8 +1241,9 @@ int VP8DecoderImpl::ReturnFrame(const vp
VideoFrame decoded_image(buffer, timestamp, 0, kVideoRotation_0);
decoded_image.set_ntp_time_ms(ntp_time_ms);
diff --git a/debian/rules b/debian/rules
index 4655f07..44226bb 100755
--- a/debian/rules
+++ b/debian/rules
@@ -39,11 +39,11 @@ defines+=is_debug=false \
use_gconf=false \
use_sysroot=false \
use_openh264=false \
- use_vulcanize=false \
use_custom_libcxx=false \
use_gnome_keyring=false \
rtc_libvpx_build_vp9=false \
treat_warnings_as_errors=false \
+ optimize_webui=false \
enable_nacl=false \
enable_nacl_nonsfi=false \
enable_google_now=false \
@@ -60,6 +60,7 @@ defines+=use_gio=true \
link_pulseaudio=true \
enable_widevine=true \
use_jumbo_build=true \
+ use_system_freetype=true \
proprietary_codecs=true \
ffmpeg_branding=\"Chrome\" \
fieldtrial_testing_like_official_build=true \
@@ -99,11 +100,12 @@ override_dh_auto_build-arch:
./out/Release/gn gen out/Release --args="$(defines)"
ninja $(njobs) -C out/Release chrome chrome_sandbox content_shell chromedriver
mv out/Release/chrome out/Release/chromium || true
- mv out/Release/chrome.1 out/Release/chromium.1 || true
mv out/Release/content_shell out/Release/chromium-shell || true
mv out/Release/chrome_sandbox out/Release/chrome-sandbox || true
mv out/Release/locales/en-US.pak out/Release/resources || true
chmod 4755 out/Release/chrome-sandbox # suid sandbox
+ sed -e s/@@PACKAGE@@/chromium/g -e s/@@MENUNAME@@/chromium/g \
+ < chrome/app/resources/manpage.1.in > out/Release/chromium.1
override_dh_auto_build-indep:
ninja $(njobs) -C out/Release packed_resources
diff --git a/debian/scripts/unbundle b/debian/scripts/unbundle
index e1a340b..9e7052e 100755
--- a/debian/scripts/unbundle
+++ b/debian/scripts/unbundle
@@ -23,16 +23,21 @@ def strip(path):
else:
os.remove(removal)
-keepers = ('openh264')
+keepers = ('openh264','harfbuzz-ng')
for lib,rule in replace_gn_files.REPLACEMENTS.items():
if lib not in keepers:
- # remove conflicting embedded third party source files
- strip(os.path.dirname(rule))
- strip(os.path.join('third_party',lib))
- # remove the gn file that builds the embedded library
- if os.path.lexists(rule):
- os.remove(rule)
+ libdir = os.path.join('third_party',lib)
+ if os.path.exists(libdir):
+ # remove conflicting embedded third party source files
+ strip(libdir)
+ strip(os.path.dirname(rule))
+ # remove the gn file that builds the embedded library
+ if os.path.lexists(rule):
+ os.remove(rule)
+ else:
+ # otherwise, create the missing directory
+ os.mkdir(libdir)
# create a symlink to the unbundle gn file
symlink = "ln -s "
path = os.path.split(rule)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-chromium/pkg-chromium.git
More information about the Pkg-chromium-commit
mailing list