Debian Quality Assurance

chromium (126.0.6478.182-1) [PTS] [DDPO]

NEW: VCS has unreleased changes: 127.0.6533.72-1 > 126.0.6478.182-1

• Git: https://salsa.debian.org/chromium-team/chromium.git
• JSON
  Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
  For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
  The next upload will reset the information from the source package headers.
• Branch: master
• Path: debian/changelog
• Repo size: 3297280
• Browser: https://salsa.debian.org/chromium-team/chromium
• Last scan: 2024-07-26 20:07:01+00
• Next scan: 2024-08-04 11:51:00+00
• Debian changelog in Git:

  chromium (127.0.6533.72-1) UNRELEASED; urgency=high
  
    [ Andres Salomon ]
    * New upstream stable release.
      - CVE-2024-6988: Use after free in Downloads. Reported by
        lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
      - CVE-2024-6989: Use after free in Loader. Reported by Anonymous.
      - CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz.
      - CVE-2024-6992: Out of bounds memory access in ANGLE.
        Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
      - CVE-2024-6993: Inappropriate implementation in Canvas.
        Reported by Anonymous.
      - CVE-2024-6994: Heap buffer overflow in Layout.
        Reported by Huang Xilin of Ant Group Light-Year Security Lab.
      - CVE-2024-6995: Inappropriate implementation in Fullscreen.
        Reported by Alesandro Ortiz.
      - CVE-2024-6996: Race in Frames.
        Reported by Louis Jannett (Ruhr University Bochum).
      - CVE-2024-6997: Use after free in Tabs.
        Reported by Sven Dysthe (@svn-dys).
      - CVE-2024-6998: Use after free in User Education.
        Reported by Sven Dysthe (@svn-dys).
      - CVE-2024-6999: Inappropriate implementation in FedCM.
        Reported by Alesandro Ortiz.
      - CVE-2024-7000: Use after free in CSS. Reported by Anonymous.
      - CVE-2024-7001: Inappropriate implementation in HTML.
        Reported by Jake Archibald.
      - CVE-2024-7003: Inappropriate implementation in FedCM.
        Reported by Alesandro Ortiz.
      - CVE-2024-7004: Insufficient validation of untrusted input in Safe
        Browsing. Reported by Anonymous.
      - CVE-2024-7005: Insufficient validation of untrusted input in Safe
        Browsing. Reported by Umar Farooq.
    * d/copyright:
      - delete new rust, cargo, llvm, and node binaries.
      - delete third_party/zstd so we can link against system zstd.
    * d/control: build-dep against libzstd-dev and bindgen.
    * d/rules:
      - set rust_bindgen_root.
      - rework get-orig-source to not use mk-origtargz, which is
      incredibly slow (total run 45 mins for the current 6.2G upstream
      release). Instead, use d/scripts/get-exludes.pl and tar's
      --exclude-from to drastically speed things up (total run now takes
      8 mins).
    * d/patches:
      - upstream/tabstrip-include.patch: drop, merged upstream.
      - upstream/quiche-deque.patch: drop, merged upstream.
      - upstream/gpu-header.patch: drop, merged upstream.
      - upstream/blink-header.patch: drop, merged upstream.
      - upstream/blink-header2.patch: drop, merged upstream.
      - upstream/blink-header3.patch: drop, merged upstream.
      - upstream/realtime-reporting.patch: drop, merged upstream.
      - upstream/urlvisit-header.patch: drop, merged upstream.
      - upstream/accessibility-format.patch: drop, merged upstream.
      - upstream/observer.patch: drop, merged upstream.
      - bookworm/clang16.patch: refresh.
      - bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes.
      - ungoogled/disable-privacy-sandbox.patch: refresh.
      - upstream/crabbyav1f.patch: add build fix pulled from upstream.
      - upstream/lock-impl.patch: add build fix pulled from upstream.
      - upstream/containers-header.patch: add build fix pulled from upstream.
      - upstream/paint-layer-header.patch: add build fix pulled from upstream
      - fixes/bindgen.patch: work around bindgen-related things (hopefully
        correctly?)
      - fixes/webui-dep.patch: add missing mojo-related header dependency.
      - fixes/chrome-cart-dep.patch: add another mojo-related header dep fix.
  
    [ Timothy Pearson ]
    * d/patches:
      - fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on
        64k page systems such as aarch64 and ppc64el
    * d/patches/ppc64le:
      - ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed
      - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
        changes
  
   -- Andres Salomon <dilinger@debian.org>  Tue, 16 Jul 2024 16:50:59 -0400

• This branch is 12 commits ahead of tag debian/126.0.6478.182-1
• Git log:

  commit e49582bb4f77760865d9ab4c0de82f69508fcc52
  Author: Timothy Pearson <tpearson@raptorengineering.com>
  Date:   Fri Jul 26 19:11:22 2024 +0000
  
      Apply remaining ppc64el patch updates
      
      Build check successful on Talos II / Sid.
  
  commit a29da3d4f8dbd55589ea0aaaf3c91a8bb3ae2f00
  Author: Timothy Pearson <tpearson@raptorengineering.com>
  Date:   Fri Jul 26 16:27:29 2024 +0000
  
      Initial ppc64el patches for 127
  
  commit 6514253919d9398a61ffa7f4e579ac565092165b
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 17:56:23 2024 -0400
  
      refresh rust-downgrade-osstr-users.patch
      
      changed path, and also some code changed indentation
  
  commit 47d6c7adaa81ab76fff1484603fbf8e490c7e819
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 17:49:19 2024 -0400
  
      pull another fix from upstream, and fix two more build errors
  
  commit cedbbb573810840223e80ecd7a8e5d5953321bfe
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 04:06:29 2024 -0400
  
      work around bindgen stuff
  
  commit ff906969f48bdaf4d98775d39870cafaca882f6d
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 03:49:07 2024 -0400
  
      write myself a note for later cleanup
  
  commit e485b8b633814d230677d21251e2768626985e51
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 03:48:13 2024 -0400
  
      more upstream build fixes
  
  commit 80d6af9e9ee7379bd611f3f3417ee95968c639cd
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 02:08:24 2024 -0400
  
      damnit, I always forget to include this with a new external library
  
  commit d80b60730dd6330af5c605906dfc98ac88547b13
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Thu Jul 25 01:12:19 2024 -0400
  
      build-dep against libzstd-dev and bindgen, and pull crabbyav1f fix
  
  commit a6861199362a0b6d55dda47436bc88efb91bbc8d
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Wed Jul 24 23:47:42 2024 -0400
  
      drop all the patches we pulled from upstream, and also refresh stuff
  
  commit cd5bf2ed6c848ea054718d8f658aa2b38c681d2c
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Wed Jul 24 21:44:36 2024 -0400
  
      delete upstream binaries, and also drop mk-origtargz usage
  
  commit 996798e6aa5192f4ab24436d7877637c7d4c8097
  Author: Andres Salomon <dilinger@queued.net>
  Date:   Tue Jul 23 21:31:45 2024 -0400
  
      start prepping 127

Package: JSON [Main page]

---

Back to the Debian Project homepage.

---