chromium (126.0.6478.182-1)
[PTS] [DDPO]
NEW: VCS has unreleased changes: 127.0.6533.72-1 > 126.0.6478.182-1
- Git: https://salsa.debian.org/chromium-team/chromium.git
-
- Branch: master
- Path: debian/changelog
- Repo size: 3297280
- Browser: https://salsa.debian.org/chromium-team/chromium
- Last scan: 2024-07-26 20:07:01+00
- Next scan: 2024-08-04 11:51:00+00
- Debian changelog in Git:
chromium (127.0.6533.72-1) UNRELEASED; urgency=high
[ Andres Salomon ]
* New upstream stable release.
- CVE-2024-6988: Use after free in Downloads. Reported by
lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group.
- CVE-2024-6989: Use after free in Loader. Reported by Anonymous.
- CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz.
- CVE-2024-6992: Out of bounds memory access in ANGLE.
Reported by Xiantong Hou of Wuheng Lab and Pisanbao.
- CVE-2024-6993: Inappropriate implementation in Canvas.
Reported by Anonymous.
- CVE-2024-6994: Heap buffer overflow in Layout.
Reported by Huang Xilin of Ant Group Light-Year Security Lab.
- CVE-2024-6995: Inappropriate implementation in Fullscreen.
Reported by Alesandro Ortiz.
- CVE-2024-6996: Race in Frames.
Reported by Louis Jannett (Ruhr University Bochum).
- CVE-2024-6997: Use after free in Tabs.
Reported by Sven Dysthe (@svn-dys).
- CVE-2024-6998: Use after free in User Education.
Reported by Sven Dysthe (@svn-dys).
- CVE-2024-6999: Inappropriate implementation in FedCM.
Reported by Alesandro Ortiz.
- CVE-2024-7000: Use after free in CSS. Reported by Anonymous.
- CVE-2024-7001: Inappropriate implementation in HTML.
Reported by Jake Archibald.
- CVE-2024-7003: Inappropriate implementation in FedCM.
Reported by Alesandro Ortiz.
- CVE-2024-7004: Insufficient validation of untrusted input in Safe
Browsing. Reported by Anonymous.
- CVE-2024-7005: Insufficient validation of untrusted input in Safe
Browsing. Reported by Umar Farooq.
* d/copyright:
- delete new rust, cargo, llvm, and node binaries.
- delete third_party/zstd so we can link against system zstd.
* d/control: build-dep against libzstd-dev and bindgen.
* d/rules:
- set rust_bindgen_root.
- rework get-orig-source to not use mk-origtargz, which is
incredibly slow (total run 45 mins for the current 6.2G upstream
release). Instead, use d/scripts/get-exludes.pl and tar's
--exclude-from to drastically speed things up (total run now takes
8 mins).
* d/patches:
- upstream/tabstrip-include.patch: drop, merged upstream.
- upstream/quiche-deque.patch: drop, merged upstream.
- upstream/gpu-header.patch: drop, merged upstream.
- upstream/blink-header.patch: drop, merged upstream.
- upstream/blink-header2.patch: drop, merged upstream.
- upstream/blink-header3.patch: drop, merged upstream.
- upstream/realtime-reporting.patch: drop, merged upstream.
- upstream/urlvisit-header.patch: drop, merged upstream.
- upstream/accessibility-format.patch: drop, merged upstream.
- upstream/observer.patch: drop, merged upstream.
- bookworm/clang16.patch: refresh.
- bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes.
- ungoogled/disable-privacy-sandbox.patch: refresh.
- upstream/crabbyav1f.patch: add build fix pulled from upstream.
- upstream/lock-impl.patch: add build fix pulled from upstream.
- upstream/containers-header.patch: add build fix pulled from upstream.
- upstream/paint-layer-header.patch: add build fix pulled from upstream
- fixes/bindgen.patch: work around bindgen-related things (hopefully
correctly?)
- fixes/webui-dep.patch: add missing mojo-related header dependency.
- fixes/chrome-cart-dep.patch: add another mojo-related header dep fix.
[ Timothy Pearson ]
* d/patches:
- fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on
64k page systems such as aarch64 and ppc64el
* d/patches/ppc64le:
- ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed
- third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream
changes
-- Andres Salomon <dilinger@debian.org> Tue, 16 Jul 2024 16:50:59 -0400
- This branch is 12 commits ahead of tag debian/126.0.6478.182-1
- Git log:
commit e49582bb4f77760865d9ab4c0de82f69508fcc52
Author: Timothy Pearson <tpearson@raptorengineering.com>
Date: Fri Jul 26 19:11:22 2024 +0000
Apply remaining ppc64el patch updates
Build check successful on Talos II / Sid.
commit a29da3d4f8dbd55589ea0aaaf3c91a8bb3ae2f00
Author: Timothy Pearson <tpearson@raptorengineering.com>
Date: Fri Jul 26 16:27:29 2024 +0000
Initial ppc64el patches for 127
commit 6514253919d9398a61ffa7f4e579ac565092165b
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 17:56:23 2024 -0400
refresh rust-downgrade-osstr-users.patch
changed path, and also some code changed indentation
commit 47d6c7adaa81ab76fff1484603fbf8e490c7e819
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 17:49:19 2024 -0400
pull another fix from upstream, and fix two more build errors
commit cedbbb573810840223e80ecd7a8e5d5953321bfe
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 04:06:29 2024 -0400
work around bindgen stuff
commit ff906969f48bdaf4d98775d39870cafaca882f6d
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 03:49:07 2024 -0400
write myself a note for later cleanup
commit e485b8b633814d230677d21251e2768626985e51
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 03:48:13 2024 -0400
more upstream build fixes
commit 80d6af9e9ee7379bd611f3f3417ee95968c639cd
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 02:08:24 2024 -0400
damnit, I always forget to include this with a new external library
commit d80b60730dd6330af5c605906dfc98ac88547b13
Author: Andres Salomon <dilinger@queued.net>
Date: Thu Jul 25 01:12:19 2024 -0400
build-dep against libzstd-dev and bindgen, and pull crabbyav1f fix
commit a6861199362a0b6d55dda47436bc88efb91bbc8d
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Jul 24 23:47:42 2024 -0400
drop all the patches we pulled from upstream, and also refresh stuff
commit cd5bf2ed6c848ea054718d8f658aa2b38c681d2c
Author: Andres Salomon <dilinger@queued.net>
Date: Wed Jul 24 21:44:36 2024 -0400
delete upstream binaries, and also drop mk-origtargz usage
commit 996798e6aa5192f4ab24436d7877637c7d4c8097
Author: Andres Salomon <dilinger@queued.net>
Date: Tue Jul 23 21:31:45 2024 -0400
start prepping 127