Back to chromium PTS page

Accepted chromium 117.0.5938.62-1~deb12u1 (source) into proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted chromium 117.0.5938.62-1~deb12u1 (source) into proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 07 Oct 2023 17:47:10 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: chromium_117.0.5938.62-1~deb12u1_source.changes
Debian-source: chromium
Debian-suite: proposed-updates
Debian-version: 117.0.5938.62-1~deb12u1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=3WIGzAVoixX8k/i+DZdR8lOSC/2FWmQtEJXo8jQl/1E=; b=Z/RibAJX83eR8CJfRn57sGdWEo ImhwhQBVXJUPQdZMdb4R9XT4yEfZrPQogNQCuw7NfdRMV8jDWdjGg62CuQAHJMr8NkDDZe5xk3s++ 1WhJzBKjumH09RPnQC2J/Hpf+XaAe1ZlLOlnxS4AtYM49ynwO2RcPcl24TnA6B9sEpwHl0Ez3dloD qnYTwmg81HD6q800gm+XHoXXVexuXDa5QRYKbgqfxUw1hqV2/gKRWrUGM/yhSQHRi63F2F54v/uye k2GF7mlNCJcVxlLmIBrS96jSCDdrzOhKJcbuypUP+jJKHqiAk9Kx4Pw9p0ffnbNxAg0NbXT3yVaPE KUjap0UA==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1qpBOQ-00CmxP-Eq@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 13 Sep 2023 22:26:10 -0400
Source: chromium
Architecture: source
Version: 117.0.5938.62-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1042111
Changes:
 chromium (117.0.5938.62-1~deb12u1) bookworm-security; urgency=high
 .
   [ Andres Salomon]
   * New upstream stable release.
     - CVE-2023-4900: Inappropriate implementation in Custom Tabs.
       Reported by Levit Nudi from Kenya.
     - CVE-2023-4901: Inappropriate implementation in Prompts.
       Reported by Kang Ali.
     - CVE-2023-4902: Inappropriate implementation in Input.
       Reported by Axel Chong.
     - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
       Reported by Ahmed ElMasry.
     - CVE-2023-4904: Insufficient policy enforcement in Downloads.
       Reported by Tudor Enache @tudorhacks.
     - CVE-2023-4905: Inappropriate implementation in Prompts.
       Reported by Hafiizh.
     - CVE-2023-4906: Insufficient policy enforcement in Autofill.
       Reported by Ahmed ElMasry.
     - CVE-2023-4907: Inappropriate implementation in Intents.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2023-4908: Inappropriate implementation in Picture in Picture.
       Reported by Axel Chong.
     - CVE-2023-4909: Inappropriate implementation in Interstitials.
       Reported by Axel Chong.
   * d/copyright: drop rust, llvm, siso, & cargo binaries.
   * d/patches:
     - fixes/size.patch: drop, merged upstream.
     - fixes/variant.patch: drop, merged upstream.
     - fixes/vector.patch: drop, merged upstream.
     - upstream/contains.patch: drop, merged upstream.
     - upstream/hvec.patch: drop, merged upstream.
     - upstream/limits.patch: drop, merged upstream.
     - upstream/statelessV4L2.patch: drop, merged upstream.
     - fixes/widevine-locations.patch: refresh for minor upstream changes.
     - disable/android.patch: drop half the patch.
     - disable/catapult.patch: refresh for minor upstream changes.
     - disable/tests.patch: refresh for minor upstream changes.
     - disable/unrar.patch: refresh for minor upstream changes.
     - fixes/material-utils.patch: build fix for clang w/ libstdc++.
     - rename fixes/null.patch to fixes/perfetto.patch.
     - upstream/memory.patch: build fix for missing header.
     - bookworm/struct-ctor.patch: add a bunch more build workarounds for
       clang-14.
     - bookworm/stringpiece3.patch: another clang-14 StringPiece to
       std::string explicit conversion.
     - bookworm/typename.patch: add more explicit typename declarations for
       clang-14.
     - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
       scope workarounds.
     - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
       const member inside a struct.
     - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
     - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
       off by default.
     - bookworm/generate-ninja.patch: fix build failure w/ bookworm's older gn.
   * Switch to using bundled brotli, as the version in debian is too old.
     And so we can drop d/patches/bookworm/brotli.patch, too.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
        changes
     - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
     - 0002-third-party-boringssl-add-generated-files.patch: refresh for
        upstream changes
     - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
        upstream changes
     - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
        upstream changes
     - skia-vsx-instructions.patch: refresh for upstream changes
     - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
     - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
   * d/patches/ungoogled:
     - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
       "Web Environment Integrity" trial and remove from build (closes: #1042111)
Checksums-Sha1:
 c7357089169d708faf24aca71e0520720a79f67b 3700 chromium_117.0.5938.62-1~deb12u1.dsc
 698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 chromium_117.0.5938.62.orig.tar.xz
 40e0c1ddf89760d1c8804512033c9d59ed8905c9 385420 chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
 44e117863808ea9aea9e65811bd0643572df5c45 21171 chromium_117.0.5938.62-1~deb12u1_source.buildinfo
Checksums-Sha256:
 ec4b24e0ce10cce25b267320987a3714b4ca1081691d68c85c3a465c6ab44c51 3700 chromium_117.0.5938.62-1~deb12u1.dsc
 f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 chromium_117.0.5938.62.orig.tar.xz
 d231683c70ae406612fff71f882adb6ac94450e2e4836e39dc9263f8b4a59127 385420 chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
 275fb9daad189eebcc09ebf686d874a0870af008f3754c43c62ed56c2de88045 21171 chromium_117.0.5938.62-1~deb12u1_source.buildinfo
Files:
 1b55d8820a152310d9b75ba7015526f6 3700 web optional chromium_117.0.5938.62-1~deb12u1.dsc
 e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional chromium_117.0.5938.62.orig.tar.xz
 c575a5304f7c17ff9b6bcda3164a9639 385420 web optional chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
 b87c0a4d87e12e665dd1f598851abb7a 21171 web optional chromium_117.0.5938.62-1~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUDFTUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjepixAApgaavUlt7GpJ4pSoYPmOTEcXBkNK
q73blR10FsnBSOZQkKO5zUyFbrclg2twYf8ytdp+YL44Y62X8c7VNVeHnWdQPWqy
vdv6ylae8yqZQWyzZ69lVOj9FsdVjaqfrqMD++eLLDlPxDbsMyNwH7/2vjLngwiE
UfODzvysIY6XJhEEUWbpuw3X9hHHnA7d/pHLS04vGzactM5JT6KJFYsE7j2cFBwH
2/+Z9dn+ABYTIcqWq6s0NZUvbQIgiPtDNP7cgtBDaKTdkctSD0cMWEsxm/Ax0iJi
TD4PK4X7e02xVwKB2t3802PxPMmmsxWHmp+VBeCjqkAVnh2HevnBzKJBqJzNCCZA
54nkQRq2ZQ3w8GvSk2lVFQQxJCCbeT4xoOVV1gSEIDN18WqBuiV8zZzTd1Bzdgcg
KcGG1E9I65KrLB3kbrHUDOWJXmEaSVaFPEJ/FzceKk/gUHsaQ6PswzuN3E4Xr/0z
9T3pjko601hUHlXd97UL/GfS+8iWiUzM1f8nmft9FjhS3OXmQzXlTGNjvM88oDcg
EJlBhE7sjbz8cW2JsLT+8wQamDP4Wf9B/BekrnLDFCp8zg9+We+On0+S258UmU2/
g90IC6VfC//e4fUBPLqdykWpgscl3bLO42IdvIUdKQldhsXpv0laBaVUnpF9wAsG
ne9G7OyWCa0otrQ=
=Yfkn
-----END PGP SIGNATURE-----