Accepted chromium 100.0.4896.60-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Apr 2022 15:02:16 -0400
Source: chromium
Architecture: source
Version: 100.0.4896.60-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (100.0.4896.60-1) unstable; urgency=high
.
* Fix debian/watch to find the correct upstream version.
* Ensure xz uses all available cpu cores when preparing orig.tar.gz
* Switch to bundled ICU, since Debian's ICU is 2 years old at this point
and upstream depends on a bunch of new API in ICU 69.1.
* debian/copyright:
- ensure all *.dlls are dropped from source.
- Stop dropping '*fuzz' directories. It was too aggressive, resulting
in build errors for perfectly fine BSD-3-clause and similar code.
- Instead, drop '*corpus' and '*corpora' directories. Some of it is
fine (lots generated by oss-fuzz with .dict files provided), but
not all of it is and it's easier to just drop it.
- Drop an esbuild binary.
- The full upstream tarball includes additional stuff we don't want,
so drop *.jar, tools/win, and some other stuff in third_party/.
* debian/rules:
- Disabling & deleting swiftshader now also needs to add
dawn_use_swiftshader=false.
- Switch from -lite upstream tarball to the full tarball in order to
include ICU sources.
* debian/patches:
- upstream/libdrm.patch - drop, merged upstream.
- debianization/manpage.patch - drop a small chunk merged upstream.
- system/icu.patch - drop now that we're bundling ICU.
- bullseye/icu-types.patch - drop now that we're bundling ICU.
- system/convertutf.patch - update build for bundled ICU path.
- fixes/closure.patch - drop now that we're no longer using lite tarball.
- disable/driver-chrome-path.patch - refresh for BUILDFLAG() macro.
- system/jsoncpp.patch - refresh for unrelated ios change.
- disable/catapult.patch - refresh due to moving around of .pak files.
* New upstream stable release.
- CVE-2022-1125: Use after free in Portals. Reported by Khalil Zhani
- CVE-2022-1127: Use after free in QR Code Generator.
Reported by anonymous
- CVE-2022-1128: Inappropriate implementation in Web Share API.
Reported by Abdel Adim (@smaury92) Oisfi of Shielder
- CVE-2022-1129: Inappropriate implementation in Full Screen Mode.
Reported by Irvan Kurniawan (sourc7)
- CVE-2022-1130: Insufficient validation of untrusted input in WebOTP.
Reported by Sergey Toshin of Oversecurity Inc.
- CVE-2022-1131: Use after free in Cast UI. Reported by
Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research
- CVE-2022-1132: Inappropriate implementation in Virtual Keyboard.
Reported by Andr.Ess
- CVE-2022-1133: Use after free in WebRTC. Reported by Anonymous
- CVE-2022-1134: Type Confusion in V8.
Reported by Man Yue Mo of GitHub Security Lab
- CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab
- CVE-2022-1136: Use after free in Tab Strip . Reported by Krace
- CVE-2022-1137: Inappropriate implementation in Extensions.
Reported by Thomas Orlita
- CVE-2022-1138: Inappropriate implementation in Web Cursor.
Reported by Alesandro Ortiz
- CVE-2022-1139: Inappropriate implementation in Background Fetch API.
Reported by Maurice Dauer
- CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab
- CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab
- CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab
- CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab
- CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security
- CVE-2022-1146: Inappropriate implementation in Resource Timing.
Reported by Sohom Datta
Checksums-Sha1:
74798d08ca8a1d2869f34604b7671214043dc158 3619 chromium_100.0.4896.60-1.dsc
93757e1dc5f4cc5593b3c09b656c59a7ca3276f6 586200052 chromium_100.0.4896.60.orig.tar.xz
3a772e3b033444d06a39ede3a7cad049acc6d813 210160 chromium_100.0.4896.60-1.debian.tar.xz
5caf543c2bcfbc540b1543aa8ef221748b89daee 20430 chromium_100.0.4896.60-1_source.buildinfo
Checksums-Sha256:
e5cd5a2ee6349a9749cd98100da20f3e58d225a85c56ca2d87aaf1a7c11a9e1d 3619 chromium_100.0.4896.60-1.dsc
358bfbcdd4acb3f345cd001be3e34dc231c0e29b0658b09b63d5bbf914b420d6 586200052 chromium_100.0.4896.60.orig.tar.xz
4e5cf870bcd1959796761968a7b761d358453e73ae848cfdd3f437e8bda0ab25 210160 chromium_100.0.4896.60-1.debian.tar.xz
e6a964b50b2b16709ace427497e4598b02be2f93ec0d5a32c00e6fb46c9e3481 20430 chromium_100.0.4896.60-1_source.buildinfo
Files:
18436efe52f60bacb077562cb645f984 3619 web optional chromium_100.0.4896.60-1.dsc
c45fd4f7cff66fcbb761f26095204d29 586200052 web optional chromium_100.0.4896.60.orig.tar.xz
185c1f4534c3be22a54f6215a00d78cf 210160 web optional chromium_100.0.4896.60-1.debian.tar.xz
cfa243b9504f3471fa9b4d0762bf668c 20430 web optional chromium_100.0.4896.60-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmJHVAEUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjfE6g/+N+nNk6CAZZ739F9oZ8n/WTd40WAh
ri8cbxuEFVoYJPaG+krVQfnpIL2KgIgmH8NMTF9ayMOlUo37qnODkajMThaDBSAy
34TA/k4kY8TErKFJHRs4/YZi8DLn3tX+bNDAQRDNYubC8bCvUUx1q787YXhaRmX5
dLetLqHrDCkvdGfxrBjoxD+q8tSmfqXWz4+ktGaqw9FSdAmObDpn959BGTYCYwoL
2wkwUzmJpWKIDY0YLugdKs9GzPgVtOCWy3X3omQbjuc5buDQscIDOjCAnMohEUVh
9l1V+qFezNOCKcelkwrG6kprLnMlhvXhHe8jYmvkA8cUL/MbgEUMvpVy2FcPiCSa
SY4MdsRc7MCKBSOx1pezwgwv2LUnUXLrFRraTJsCuvSohuGI1q8Q0mXIr3y9HRNT
3YxgZOuS386OboblK3hYQaX5nOGoXQ6pF52HIuqITtVxbCRWXp6UvwqLL36ccBoe
0GihZm1ulZRSzSRl1M8YpyVcEl0bEtTah6b2Ku2+9wlcsjX/ob7+tB/QYcMOrgV2
kPtA1NRzgAGPztO6HmyUPnTgbhjZKYZjD32SDd7IhNXiUBCDuP4/wnCPxvM0EZSz
05H7JFrSJSMZTYc5tYdPh6sDZrPwZF+TUgKbAreyJzYuzuufIDpRMFp3dUXefNgo
K8834XGde1pNzXM=
=B0Jl
-----END PGP SIGNATURE-----