[Pkg-chromium-maint] Bug#606822: chromium-browser: uses insecure site marker even when insecure resources are not loaded

brian m. carlson sandals at crustytoothpaste.net
Sat Dec 11 23:46:18 UTC 2010 

Package: chromium-browser
Version: 9.0.587.0~r66374-1
Severity: minor

I use the Chromium Adblock extension with some additional filters to
block analytics and such.  As a result, when I go to https://lkml.org/,
all the resources that are loaded (as seen with the Resources tab of
Developer Tools) are securely loaded over HTTPS from the lkml.org
domain.

However, the icon in the toolbar still uses the lock with a red X and
has a large red crossout over the "https" part of the URL.  Clicking on
the lock icon, I am told that "this page includes other resources which
are not secure."

There is a problem here.  Chromium is determining that there are
insecure resources despite the fact that these resources are never
loaded.  I specifically checked this using Wireshark, and no HTTP
connections are made (only HTTPS).  Please fix this so users are not
warned unnecessarily.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.37-rc4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages chromium-browser depends on:
ii  chromium-browser-ins 9.0.587.0~r66374-1  page inspector for the chromium-br
ii  libasound2           1.0.23-2.1          shared library for ALSA applicatio
ii  libbz2-1.0           1.0.5-6             high-quality block-sorting file co
ii  libc6                2.11.2-7            Embedded GNU C Library: Shared lib
ii  libcairo2            1.8.10-6            The Cairo 2D vector graphics libra
ii  libcups2             1.4.5-1             Common UNIX Printing System(tm) - 
ii  libdbus-1-3          1.2.24-3            simple interprocess messaging syst
ii  libdbus-glib-1-2     0.88-2              simple interprocess messaging syst
ii  libevent-1.4-2       1.4.13-stable-1     An asynchronous event notification
ii  libexpat1            2.0.1-7             XML parsing C library - runtime li
ii  libfontconfig1       2.8.0-2.1           generic font configuration library
ii  libfreetype6         2.4.2-2.1           FreeType 2 font engine, shared lib
ii  libgcc1              1:4.5.1-9           GCC support library
ii  libgconf2-4          2.31.5-1            GNOME configuration database syste
ii  libgcrypt11          1.4.5-2             LGPL Crypto library - runtime libr
ii  libglib2.0-0         2.27.3-1            The GLib library of C routines
ii  libgtk2.0-0          2.22.0-1            The GTK+ graphical user interface 
ii  libicu44             4.4.2-2             International Components for Unico
ii  libjpeg62            6b1-1               The Independent JPEG Group's JPEG 
ii  libnspr4-0d          4.8.6-1             NetScape Portable Runtime Library
ii  libnss3-1d           3.12.8-1            Network Security Service libraries
ii  libpango1.0-0        1.28.3-2            Layout and rendering of internatio
ii  libpng12-0           1.2.44-1            PNG library - runtime
ii  libspeex1            1.2~rc1-1           The Speex codec runtime library
ii  libstdc++6           4.5.1-9             The GNU Standard C++ Library v3
ii  libvpx0              0.9.5-1             VP8 video codec (shared library)
ii  libx11-6             2:1.3.3-4           X11 client-side library
ii  libxdamage1          1:1.1.3-1           X11 damaged region extension libra
ii  libxext6             2:1.1.2-1           X11 miscellaneous extension librar
ii  libxml2              2.7.8.dfsg-1        GNOME XML library
ii  libxrender1          1:0.9.6-1           X Rendering Extension client libra
ii  libxslt1.1           1.1.26-6            XSLT 1.0 processing library - runt
ii  libxss1              1:1.2.1-1           X11 Screen Saver extension library
ii  libxtst6             2:1.2.0-1           X11 Testing -- Record extension li
ii  xdg-utils            1.0.2+cvs20100307-3 desktop integration utilities from
ii  zlib1g               1:1.2.3.4.dfsg-3    compression library - runtime

chromium-browser recommends no packages.

Versions of packages chromium-browser suggests:
pn  chromium-browser-l10n         <none>     (no description available)

-- no debconf information

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-chromium-maint/attachments/20101211/e5829d4d/attachment-0001.pgp>

More information about the Pkg-chromium-maint mailing list