chromium (123.0.6312.122-1)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 124.0.6367.60-1 > 123.0.6312.122-1
- Git: https://salsa.debian.org/chromium-team/chromium.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 1155072
- Browser: https://salsa.debian.org/chromium-team/chromium
- Last scan: 2024-04-19 06:26:44+00
- Next scan: 2024-04-25 04:34:00+00
- Debian changelog in Git:
chromium (124.0.6367.60-1) UNRELEASED; urgency=high
* New upstream stable release.
- CVE-2024-3832: Object corruption in V8.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-3833: Object corruption in WebAssembly.
Reported by Man Yue Mo of GitHub Security Lab.
- CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
- CVE-2024-3837: Use after free in QUIC.
Reported by {rotiple, dch3ck} of CW Research Inc.
- CVE-2024-3838: Inappropriate implementation in Autofill.
Reported by Ardyan Vicky Ramadhan.
- CVE-2024-3839: Out of bounds read in Fonts.
Reported by Ronald Crane (Zippenhop LLC).
- CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
Reported by Ahmed ElMasry.
- CVE-2024-3841: Insufficient data validation in Browser Switcher.
Reported by Oleg.
- CVE-2024-3843: Insufficient data validation in Downloads.
Reported by Azur.
- CVE-2024-3844: Inappropriate implementation in Extensions.
Reported by Alesandro Ortiz.
- CVE-2024-3845: Inappropriate implementation in Network.
Reported by Daniel Baulig.
- CVE-2024-3846: Inappropriate implementation in Prompts.
Reported by Ahmed ElMasry.
- CVE-2024-3847: Insufficient policy enforcement in WebUI.
Reported by Yan Zhu.
* d/copyright:
- delete __pycache__ directories to shut up dpkg warnings.
- stop deleting bundled libwebp directory.
* Drop build-dep on libwebp-dev and start building against the bundled
libwebp. We need to do this because chromium uses features of libavif
that require libsharpyuv-dev; but that's only available in sid/trixie.
* d/patches:
- upstream/std-to-address.patch: drop, merged upstream.
- fixes/optional2.patch: drop, merged upstream.
- fixes/blink-fonts-shape-result.patch: drop, merged upstream.
- bookworm/constexpr-equality.patch: drop, merged upstream.
- disable/catapult.patch: refresh.
- disable/google-api-warning.patch: rework to be a smaller patch.
- bookworm/clang16.patch: refresh.
- ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
preference.
- upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
- upstream/uint-includes.patch: simple header build fix from upstream.
- upstream/fps-optional.patch: add header build fix.
- upstream/span-optional.patch: add header build fix.
- upstream/extractor-bitset.patch: add header build fix.
- upstream/atomic.patch: add header build fix.
- upstream/webgpu-optional.patch: add header build fix.
- fixes/absl-optional.patch: comment out assert() that caused crash.
This could be another clang16/libstdc++ miscompilation issue, but
needs further investigation.
- fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
- fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
more (new) upstream commits related to bad-font-gc2.patch. When the
use-after-free bug gets fixed, all this can be dropped.
-- Andres Salomon <dilinger@debian.org> Wed, 10 Apr 2024 21:21:05 -0400
- This branch is 14 commits ahead of tag debian/123.0.6312.122-1
- Git log:
commit 264b5b88f24af8adb021e444cdc3d720afedf14c
Author: Andres Salomon <dilinger@queued.net>
Date: Fri Apr 19 00:05:07 2024 -0400
Build using bundled libwebp instead of debian's libwebp-dev
commit 45cfba9e3ad988ba459b10ce1ddc8ed339ad978b
Author: Andres Salomon <dilinger@queued.net>
Date: Fri Apr 19 00:01:15 2024 -0400
Revert "build fix from upstream to support bundled libavif w/ external libwebp"
This reverts commit 3bfe62ab9955fab2d312645ad42a441cb814fb4d.
commit 3bfe62ab9955fab2d312645ad42a441cb814fb4d
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Apr 18 23:21:35 2024 -0400
build fix from upstream to support bundled libavif w/ external libwebp
commit 55293b216a89774ec5923529346914f42ddcdc0a
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Apr 18 22:48:33 2024 -0400
Add a bunch more patches to get bad-font-gc2.patch working
Along with just getting the patches to apply, there's a bunch of
additional stuff that was changed upstream from using refptrs to handling
deleting through garbage collection that shared code w/
FontPlatformData. Working around it resulted in crashes, so I
thought it best to just include all of these commits for now.
commit db897b1029297ca7471eb9b11d631983f35f2d4c
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Apr 18 12:59:26 2024 -0400
comment out assertion in <optional> header
Upon startup, chromium immediately crashes with:
../../optional:477: _Tp &std::_Optional_base_impl<content::DocumentAssociatedData, std::_Optional_base<content::DocumentAssociatedData, false, false>>::_M_get() [_Tp = content::DocumentAssociatedData, _Dp = std::_Optional_base<content::DocumentAssociatedData, false, false>]: Assertion 'this->_M_is_engaged()' failed.
I don't know why this happens, but simplying commenting out the
assertion (similar to what we had to do with removing the
is_constructible assertions) makes chromium work. So we'll do this for
now..
commit 77a54f7975398a457b3287c08a706b87b98cfa3a
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 19:30:20 2024 -0400
Revert "delete bundled libavif"
This reverts commit 01c4aa59c3029df448860d9444287c53716f4bb0.
Chromium depends on some experimental gain map stuff from git HEAD; it's
not in any release yet, and there's too many patches to revert to remove
it.
commit c7d4ca1d00dfa4e3c49e9aefbd84a03a281659f3
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 17:55:22 2024 -0400
yet another <optional> header build fix
commit 8f5a148a35c5b37259a46be789239c1b1c38f082
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 12:09:54 2024 -0400
more simple build fixes
commit 38cf2f8d3ecd6f0b636a2e97e4aa19a47cd49a02
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 03:25:22 2024 -0400
two more build fixes from upstream
commit 01c4aa59c3029df448860d9444287c53716f4bb0
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 01:40:48 2024 -0400
delete bundled libavif
With commit 3bee841885cadf584753446c705e71c3f154b517
("libavif,BUILD.gn::libavif_enc: enable sharpyuv"), upstream broke
building with system libwebp and the bundled libavif. The bundled
libavif now depends on libwebp_sharpyuv, but that's not defined by
the libwebp.gn shim that we use when building against the system
libwebp.
Rather than using the bundled libwebp, or trying to fix this with a
patch, we'll just try building against the system libavif. Worst case,
we revert.
commit dff35c181376473c301cc2bcbb5728892b19a003
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 01:38:47 2024 -0400
delete __pycache__ directories from orig.tar.xz to shut up dpkg warnings
commit 21ddf0c9951c14c2ce7f4291af7337ad519a40c5
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Apr 17 01:24:20 2024 -0400
refresh and update more patches for v124
commit 9c1670bec66423d64bb1c0738339e644dcb1e3d1
Author: Andres Salomon <dilinger@queued.net>
Date: Tue Apr 16 20:51:39 2024 -0400
update to .60, and add CVEs
commit c79c335ecf27048ee855cd20e7c82606998d2ee8
Author: Andres Salomon <dilinger@queued.net>
Date: Mon Apr 15 14:30:51 2024 -0400
start preparing v124; drop patches that were merged upstream