-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Sep 2023 22:26:10 -0400 Source: chromium Architecture: source Version: 117.0.5938.62-1 Distribution: unstable Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Closes: 1042111 1051355 Changes: chromium (117.0.5938.62-1) unstable; urgency=high . [ Andres Salomon] * New upstream stable release. - CVE-2023-4900: Inappropriate implementation in Custom Tabs. Reported by Levit Nudi from Kenya. - CVE-2023-4901: Inappropriate implementation in Prompts. Reported by Kang Ali. - CVE-2023-4902: Inappropriate implementation in Input. Reported by Axel Chong. - CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs. Reported by Ahmed ElMasry. - CVE-2023-4904: Insufficient policy enforcement in Downloads. Reported by Tudor Enache @tudorhacks. - CVE-2023-4905: Inappropriate implementation in Prompts. Reported by Hafiizh. - CVE-2023-4906: Insufficient policy enforcement in Autofill. Reported by Ahmed ElMasry. - CVE-2023-4907: Inappropriate implementation in Intents. Reported by Mohit Raj (shadow2639) . - CVE-2023-4908: Inappropriate implementation in Picture in Picture. Reported by Axel Chong. - CVE-2023-4909: Inappropriate implementation in Interstitials. Reported by Axel Chong. * d/copyright: drop rust, llvm, siso, & cargo binaries. * d/patches: - fixes/size.patch: drop, merged upstream. - fixes/variant.patch: drop, merged upstream. - fixes/vector.patch: drop, merged upstream. - upstream/contains.patch: drop, merged upstream. - upstream/hvec.patch: drop, merged upstream. - upstream/limits.patch: drop, merged upstream. - upstream/statelessV4L2.patch: drop, merged upstream. - fixes/widevine-locations.patch: refresh for minor upstream changes. - disable/android.patch: drop half the patch. - disable/catapult.patch: refresh for minor upstream changes. - disable/tests.patch: refresh for minor upstream changes. - disable/unrar.patch: refresh for minor upstream changes. - fixes/material-utils.patch: build fix for clang w/ libstdc++. - rename fixes/null.patch to fixes/perfetto.patch. - upstream/memory.patch: build fix for missing header. - bookworm/struct-ctor.patch: add a bunch more build workarounds for clang-14. - bookworm/stringpiece3.patch: another clang-14 StringPiece to std::string explicit conversion. - bookworm/typename.patch: add more explicit typename declarations for clang-14. - bookworm/structured-binding-scope-bug.patch: add more clang-14 binding scope workarounds. - bookworm/initialize-const-ctor.patch: clang-14 workaround to init a const member inside a struct. - ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh. - disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are off by default. * Switch to using bundled brotli, as the version in debian is too old. And so we can drop d/patches/bookworm/brotli.patch, too. * Switch from clang-14 to clang-16 (closes: #1051355). . [ Timothy Pearson ] * d/patches/ppc64le: - 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream changes - 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes - 0002-third-party-boringssl-add-generated-files.patch: refresh for upstream changes - 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for upstream changes - skia-vsx-instructions.patch: refresh for upstream changes - 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate - 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop * d/patches/ungoogled: - core/ungoogled-chromium/disable-web-environment-integrity.patch: disable "Web Environment Integrity" trial and remove from build (closes: #1042111) Checksums-Sha1: 32adedeb59ce75e97db92be75af9107aff0fd1af 3688 chromium_117.0.5938.62-1.dsc 698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 chromium_117.0.5938.62.orig.tar.xz 390803c101081476d6f3c603fe0cfde9580610c9 385224 chromium_117.0.5938.62-1.debian.tar.xz 2456a17816b899fa9cdb7d3a78e79b888e4f8cee 21189 chromium_117.0.5938.62-1_source.buildinfo Checksums-Sha256: 0602837529f1174eb163d9e5795042f6bf81cb0e8feeed291e4a2e2db2c9e7de 3688 chromium_117.0.5938.62-1.dsc f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 chromium_117.0.5938.62.orig.tar.xz d4314538e6f9c65a4ba8582942f905730ff68763bbda54e9edbb03d2b6cbafc6 385224 chromium_117.0.5938.62-1.debian.tar.xz af04ff757a28945de9f5eae9ed39da18a7adc1a923fe964012cfc782b399324d 21189 chromium_117.0.5938.62-1_source.buildinfo Files: 2f96f940709be308c5d51126f0a968a8 3688 web optional chromium_117.0.5938.62-1.dsc e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional chromium_117.0.5938.62.orig.tar.xz 1e60b3205b4ab2bf84a061c8b4cfeeaa 385224 web optional chromium_117.0.5938.62-1.debian.tar.xz bcb398d219495740744672c53fe4a66e 21189 web optional chromium_117.0.5938.62-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUCcSAUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjeZJA/9GbHLB274VX9OelYIhRksuUdBsoa0 GsN2WZFzpxMblqp6TpKAXl+TFIVUdH4xuypfuu3X2UundCbHL0chG7JUfw1CfU4w /cMAW06ebIQegQSqAclTyIkEulvj0gIObHnZ9yl9i9y6OBB+wq1msoLnEI307LBu wP2Aibt2yVTvSpSldaZFnIg9gvt1TRiw87opuSOVkPGfN6/XhXEMc+rGfcFli5OU QQsp9DueQddhzi8YhN/Fi0yLi40lUriZiK7oR/tV2VNI1Pb1/Yd+UOdHN/sueYrC TJRoMkFe0bzHqlL75ajjIBkzExa6V9xYhwTfNtG6+To2tARQdb96r2TG0QEOs2f0 S7rEunhummwn0bYzBNt0eVrOSSemoZMeeQcfP/B6esd0jzVxdDgkXbtkaQB0+Sbk miinVshtyyHLv+7oRDcwhge9ni9JvmepbReOxWHTekEzcaWU38+vlyMP1+JYZ+/f WpiCrRJAE9L/oLq0QleXpQsgvQm8WYSpcl5kw+IhwKpiWUYI7E5dNUB1Z6istyUF jtExe0jpdMkBRMSdnQaPViZ9UG4YbWq/GWP0DpO7/HYx9sFm/Xa6OHmSzobTb+u3 tEH90f1NtywK1sO2J8zyTogtaISOmWhKJKO/j2vKThmsOLjPlHCH4knzij0m3LQy ccN27d2YrVzPiOI= =fgNo -----END PGP SIGNATURE-----
