Back to chromium PTS page

Accepted chromium 124.0.6367.60-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted chromium 124.0.6367.60-1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Fri, 19 Apr 2024 18:02:25 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: chromium_124.0.6367.60-1_source.changes
Debian-source: chromium
Debian-suite: unstable
Debian-version: 124.0.6367.60-1
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=9UIT128qXUrjutR9sSJoBDDWjQnEswbtfjL0uPOrk4o=; b=bE6yxCe+qhAhoeNPPtxgw2wqgr Smz6Lh85SxPXR9xqrbmt/xCfjxF6702VstK5BzkRRzUOlhYqn8x9JIKgPdVD2gfCu2RRPU0uZICRq E9/LxbD8t4yAyKRbtkiSuB1Lcy9ZUqxtF7uzxG4mdqDTpVAfk2nm8LyeTIO19POmRaB4f7yedKZY8 CJiGyMUdtzFVgycR8v73246XgSUToqr2ILr3rPCaCd379pX+KYtv+gG33hXbT6qad9MVOXTJtvr/K RDK5wEjS2mqaybozi8Tnvd2YiKF8P7eJC6ZhTOcGi2WSymvCUYnv9FNJREtVfsJJ4Kojkwx7/Dxru HWwIFKvw==;
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1rxsZ7-007c7T-8E@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 19 Apr 2024 12:33:38 -0400
Source: chromium
Architecture: source
Version: 124.0.6367.60-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (124.0.6367.60-1) unstable; urgency=high
 .
   * New upstream stable release.
     - CVE-2024-3832: Object corruption in V8.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3833: Object corruption in WebAssembly.
       Reported by Man Yue Mo of GitHub Security Lab.
     - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang
     - CVE-2024-3837: Use after free in QUIC.
       Reported by {rotiple, dch3ck} of CW Research Inc.
     - CVE-2024-3838: Inappropriate implementation in Autofill.
       Reported by Ardyan Vicky Ramadhan.
     - CVE-2024-3839: Out of bounds read in Fonts.
       Reported by Ronald Crane (Zippenhop LLC).
     - CVE-2024-3840: Insufficient policy enforcement in Site Isolation.
       Reported by Ahmed ElMasry.
     - CVE-2024-3841: Insufficient data validation in Browser Switcher.
       Reported by Oleg.
     - CVE-2024-3843: Insufficient data validation in Downloads.
       Reported by Azur.
     - CVE-2024-3844: Inappropriate implementation in Extensions.
       Reported by Alesandro Ortiz.
     - CVE-2024-3845: Inappropriate implementation in Network.
       Reported by Daniel Baulig.
     - CVE-2024-3846: Inappropriate implementation in Prompts.
       Reported by Ahmed ElMasry.
     - CVE-2024-3847: Insufficient policy enforcement in WebUI.
       Reported by Yan Zhu.
   * d/copyright:
     - delete __pycache__ directories to shut up dpkg warnings.
     - stop deleting bundled libwebp directory.
   * Drop build-dep on libwebp-dev and start building against the bundled
     libwebp. We need to do this because chromium uses features of libavif
     that require libsharpyuv-dev; but that's only available in sid/trixie.
   * d/patches:
     - upstream/std-to-address.patch: drop, merged upstream.
     - fixes/optional2.patch: drop, merged upstream.
     - fixes/blink-fonts-shape-result.patch: drop, merged upstream.
     - bookworm/constexpr-equality.patch: drop, merged upstream.
     - disable/catapult.patch: refresh.
     - disable/google-api-warning.patch: rework to be a smaller patch.
     - bookworm/clang16.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated
       preference.
     - upstream/mojo-null.patch: pull a (typescript) build fix from upstream.
     - upstream/uint-includes.patch: simple header build fix from upstream.
     - upstream/fps-optional.patch: add header build fix.
     - upstream/span-optional.patch: add header build fix.
     - upstream/extractor-bitset.patch: add header build fix.
     - upstream/atomic.patch: add header build fix.
     - upstream/webgpu-optional.patch: add header build fix.
     - fixes/absl-optional.patch: comment out assert() that caused crash.
       This could be another clang16/libstdc++ miscompilation issue, but
       needs further investigation.
     - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces.
     - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch,
       fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch,
       fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch
       more (new) upstream commits related to bad-font-gc2.patch. When the
       use-after-free bug gets fixed, all this can be dropped.
   * d/patches/ppc64le:
     - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch,
       third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch,
       workarounds/HACK-third_party-libvpx-use-generic-gnu.patch,
       breakpad/0001-Implement-support-for-ppc64-on-Linux.patch,
       ffmpeg/0001-Add-support-for-ppc64.patch,
       third_party/dawn-fix-typos.patch,
       third_party/use-sysconf-page-size-on-ppc64.patch: refresh.
     - third_party/skia-vsx-instructions.patch: refresh & update for header
       renaming.
     - third_party/0001-Add-PPC64-support-for-boringssl.patch,
       third_party/0002-third-party-boringssl-add-generated-files.patch:
       disable these two until Tim has a chance to look at them.
Checksums-Sha1:
 54744311d3d16714282cf693a472347b9a297edc 3706 chromium_124.0.6367.60-1.dsc
 2cc0dded258c8f3c623e10e330195e1e3f9c40a5 847907384 chromium_124.0.6367.60.orig.tar.xz
 658c435815beb11bdb03801c4785e147b8f6ba58 413280 chromium_124.0.6367.60-1.debian.tar.xz
 24bae039d2f51a5cfcbbd4520b3a47526afc092e 21880 chromium_124.0.6367.60-1_source.buildinfo
Checksums-Sha256:
 ee5d7db7540efa5721480c6dbece24c5065b697fae434e6dbd538cdff9de823f 3706 chromium_124.0.6367.60-1.dsc
 b382eaade5057c56ca257bdf6a78c2c59116b56ce6c1ab166220cea1f5d950d2 847907384 chromium_124.0.6367.60.orig.tar.xz
 7269ad2b36a77fcd1b08d01183c9bf6f7991b767dc56c7c6c290d78284d7beab 413280 chromium_124.0.6367.60-1.debian.tar.xz
 6d8cea80261a5ae774b85a3ba11f818dfb38722cff0a4c6d5b32c37494c0dade 21880 chromium_124.0.6367.60-1_source.buildinfo
Files:
 115b2ca478ee47ca156a877d7b80258e 3706 web optional chromium_124.0.6367.60-1.dsc
 c229f60fab61eb4d55c385e2131236e5 847907384 web optional chromium_124.0.6367.60.orig.tar.xz
 1e93986e1a4458926e33b1e47db6044b 413280 web optional chromium_124.0.6367.60-1.debian.tar.xz
 ceba52fffb08e9eaa1a8cd65ff3cd0e9 21880 web optional chromium_124.0.6367.60-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmYintIUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjcR+w//co+PY+NDhxUG9ri8VN1Ynp5Rp/9T
ZNVTvuBPYpqdDW5nezAkgNUixhGZfnPogsdH3SvPvQjcwBbSgajo+rDSdSh4eDaF
oHJGeRc0ZfAR0i6vbSdl0SOGX916R45HGnNZ6FkF2NdnvaG+Ib8PMzUF7QTLrVO+
KVO9yo9MEsV4K4tXo97wIyjWkztGm9J+rL5NUTJtvj1VVNRv9Bb2BmrBK28u8+Ei
yL9Dl9haj78QS1LOkRsKGDl2Mdd7Ika7IuK7kiLN166Ky3FAH6By/lhBF8vbZtek
Cf1odmXIyJ5tNPxrN2eSuOaydCHODmr+7HV4NNoaANp+O/nCAkMlhg4U/Sff7R99
tuhwUpjHDOg1QuMlCCOFiJTaFjS0NlAycIPNg+H8494CLSL9Nn9ccxzPA+J4P1cv
io8I0IObmJ0zkHYt4IxDKwbLDYfXtMtiCR0MEz4z56vOHiub8wUHaFDZhRX7NlzA
s9Y/55g0F74Tf2xOZrt3+iTZlhjfug9wSO1DT1bAc082692P7BEBD3ZQzqZvJpBm
gcz+hOq7xWqv2asnmT3ci8YebyaIjTHcPuYSJacvvnK53vDVN+ypkAqR/HGeHOh8
lunqhuwYHLi7W5kbOvXbahhicklb9L7j/oUITPFIu4s9CNI8dfbbqlwPMIdG7U7B
JwT4Y/pHV6dvaYo=
=ut49
-----END PGP SIGNATURE-----

Attachment: pgpPf9CVpO0ta.pgp
Description: PGP signature