Back to chromium PTS page

Accepted chromium 123.0.6312.58-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted chromium 123.0.6312.58-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 22 Mar 2024 18:01:50 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: chromium_123.0.6312.58-1_source.changes
Debian-source: chromium
Debian-suite: unstable
Debian-version: 123.0.6312.58-1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=bCw9IyaBA1j7eyNic62vZjqChs/278MlIay+Kena9lE=; b=ebE27bLKRX6ZGar37ASKDSF7DW JQVxIcDo6wni4roGeemeUBf/mkfH6UzPJPs/nEEKh3jlBRsDejs58Q+ESeyaT13khat8nmqdBJSgo gzxmXzO+tCzIISwDqc5z2fL9E3H2emlCQIwPwkMMJ5zrIqiircJWfeh4zIdbxW4X5ZqmKMJvfrzXg LQWN2umsMJy7wDOril0X6Itm1/Ba8MUt41fmtDjpBm2lC92QYKso+aBbEHwoDq8Tg0FvRClRjm4wq VUCK0LDuqCx+KDMawTV7Llxi1JJf98cAAZux2GkOtNsHmKlRZZ9O/mqDyEy9noRY2T4mRJfTrBGPJ Mhr4JWIw==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rnjDC-00HFLq-9c@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Mar 2024 12:45:06 -0400
Source: chromium
Architecture: source
Version: 123.0.6312.58-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1066235 1066910
Changes:
 chromium (123.0.6312.58-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-2625: Object lifecycle issue in V8.
       Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
     - CVE-2024-2626: Out of bounds read in Swiftshader.
       Reported by Cassidy Kim(@cassidy6564).
     - CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
     - CVE-2024-2628: Inappropriate implementation in Downloads.
       Reported by Ath3r1s.
     - CVE-2024-2629: Incorrect security UI in iOS.
       Reported by Muneaki Nishimura (nishimunea).
     - CVE-2024-2630: Inappropriate implementation in iOS.
       Reported by James Lee (@Windowsrcer).
     - CVE-2024-2631: Inappropriate implementation in iOS.
       Reported by Ramit Gangwar.
   * d/patches:
     - upstream/bitset.patch: drop, merged upstream.
     - upstream/bookmarknode.patch: drop, merged upstream.
     - upstream/optional.patch: drop, merged upstream.
     - upstream/uniqptr.patch: drop, merged upstream.
     - fixes/gcc13-headers.patch: drop, merged upstream.
     - fixes/optional.patch: drop, merged upstream.
     - fixes/material-utils.patch: drop part that was merged upstream.
     - disable/catapult.patch: refresh.
     - bookworm/constexpr-equality.patch: include another similar fix.
     - bookworm/nvt.patch: refresh.
     - bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
     - disable/angle-perftests.patch: drop, replace with a gn build argument.
     - bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
       clap-lex crate, as it's using 1.74 features and we only have 1.70.
     - fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
     - fixes/optional2.patch: add another missing <optional> inclusion.
     - fixes/stats-collector.patch: add build fix for wrong header.
     - disable/screen-ai-blob.patch: add patch to not register the
       ScreenAI component. Previously, if you opened a PDF and clicked
       "open in reader mode", it would download a binary blob to
       ~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
       what else) in that opaque blob without warning you. We, uh, don't
       want that. (closes: #1066910).
   * d/rules: add angle_build_tests=false build argument, which allows us to
     drop angle-perftests.patch.
 .
   [ Timothy Pearson ]
   * d/patches:
     - fixes/blink-fonts-shape-result.patch: pull in upstream patch for
       compilation failure in Blink SameSizeAsShapeResult class
   * d/patches/ppc64le:
     - ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       refresh for upstream changes
     - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
       for upstream changes
     - third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
       upstream changes
     - third_party/skia-vsx-instructions.patch: refresh & harden Skia against
       timing attacks.
Checksums-Sha1:
 c5bd8e6d0b882a3272281867d58c3743d33b1843 3719 chromium_123.0.6312.58-1.dsc
 290fd2dac9e08b2c645d2263edc090f5857e1c53 836043716 chromium_123.0.6312.58.orig.tar.xz
 83f3cff9bf30a050efb3bd80b94bc568987707dd 376680 chromium_123.0.6312.58-1.debian.tar.xz
 bd09840ebb9d26a916be0edac3a9f47f46d5a22b 21868 chromium_123.0.6312.58-1_source.buildinfo
Checksums-Sha256:
 649eedf7edd48730f2936c99fbdeb822ed786705e97db2aaa3e0f53e2da944b3 3719 chromium_123.0.6312.58-1.dsc
 3212a13a281e31e4f8b20ac69c3ed0c87e912105190a42003fb59e227b4ee8f6 836043716 chromium_123.0.6312.58.orig.tar.xz
 58d6f79fb29e4756fcba608c7b100bd1ffe3b88373e6dcedbe8b40ff1c05e653 376680 chromium_123.0.6312.58-1.debian.tar.xz
 e145c1ba90017654ddb4f4f740957870e08cb10835fce51292dff49071227de7 21868 chromium_123.0.6312.58-1_source.buildinfo
Files:
 4fd4d76857e823b35d638044c2e11150 3719 web optional chromium_123.0.6312.58-1.dsc
 f638edecb70fd37703f1b9aeca744cf4 836043716 web optional chromium_123.0.6312.58.orig.tar.xz
 6775a0cbde98fcb2b850465e7d495bfa 376680 web optional chromium_123.0.6312.58-1.debian.tar.xz
 56a7fe8f748005398cf0d797286c44e3 21868 web optional chromium_123.0.6312.58-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmX9uNwUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeYkA//S7ZnrUHbOfd614RRTzkHkTQTMV9N
ZK9BmDD2LcYD8021e7pMoOA9G838w21xCN/WAQiSmFU9OpsAKZ/ZXiY4GZ8jalMt
5eHMZv1dppRi0JgNRZvI2dWLSDwSPYW7WaE3a4mBMof+Q1jqqx+eAZHd6OVm8U1L
io/Ff0h1AEBjjspaTBUyd4690e1/6S/iqjShpbwtzDKnLA3s5t+ws0zSE4s09FSn
siSmGAOAZeNRQtrVtvfuADN+E4w7mxO6d56S2+AZej+Wbgo1WVNnD/IH8OoXazNj
2tFAfQ79zKkc6KZAvgGK7J3T0nh9d1e6xQQHl6OjnC3XkWKMPiKj3ys9a1fdP90V
lwi6jNIbP713+jTorLQkT3mlYU0pITfkFAdegfg/kP+GkrRLcUmo8QiUq65Hg9QD
aGj8BYS4r9ILSdhvKCd/UGBhb1ZWiGyXhnW3Y5KGRD9EOpGZxtKOHdsoipi+o+ez
/kzLVn35WJhGmbMMjVuco/JEgbSPLJgkcmAmLRm5/m7GxyDOXQrdbHwMbMx8UCdt
AD82uYJIlgyOZ45a35LkcqIdEv/t423XPT1GNz881JIEmM5PXYpW1A5+FOU6WHIy
JTPfGRTWzUIUShWR5PHPt9Nl94M9pQuv3BdL+Nv6mCeAKGISWvE7sTAn2/kzbGJY
I4lrLwyY62OVMms=
=N6Lq
-----END PGP SIGNATURE-----

Attachment: pgpWqXaVOCquB.pgp
Description: PGP signature