-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jul 2024 23:50:29 -0400 Source: chromium Architecture: source Version: 127.0.6533.88-1 Distribution: unstable Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (127.0.6533.88-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-6989: Use after free in Loader. Reported by Anonymous. - CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-6992: Out of bounds memory access in ANGLE. Reported by Xiantong Hou of Wuheng Lab and Pisanbao. - CVE-2024-6993: Inappropriate implementation in Canvas. Reported by Anonymous. - CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz. - CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum). - CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7000: Use after free in CSS. Reported by Anonymous. - CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald. - CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous. - CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq. - CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert. - CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter. - CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert. * Switch from building against (gcc's) libstdc++ to (clang's) libc++. Upstream is playing fast and loose with memory in ways that results in crashes with gcc's stricter libstdc++, but not with clang's libc++ (which allows accessing deleting memory apparently). We can't maintain workarounds any more, and upstream really doesn't care (see, for example, https://crbug.com/346174906 , where they add workarounds only for their ASAN memory checker). * d/copyright: - delete new rust, cargo, llvm, and node binaries. - delete third_party/zstd so we can link against system zstd. - stop deleting the bundled woff, snappy, and jsoncpp; those can't be dynamically linked against with clang's libc++. * d/control: - build-dep against libzstd-dev and bindgen. - drop build-dep on libwoff-dev, libsnappy-dev, libjsoncpp-dev, and add build-deps on libc++-16-dev / libc++abi-16-dev. * d/rules: - drop use_goma=false (upstream switched to rbe). - set rust_bindgen_root. - rework get-orig-source to not use mk-origtargz, which is incredibly slow (total run 45 mins for the current 6.2G upstream release). Instead, use d/scripts/get-exludes.pl and tar's --exclude-from to drastically speed things up (total run now takes 8 mins). * d/patches: - upstream/tabstrip-include.patch: drop, merged upstream. - upstream/quiche-deque.patch: drop, merged upstream. - upstream/gpu-header.patch: drop, merged upstream. - upstream/blink-header.patch: drop, merged upstream. - upstream/blink-header2.patch: drop, merged upstream. - upstream/blink-header3.patch: drop, merged upstream. - upstream/realtime-reporting.patch: drop, merged upstream. - upstream/urlvisit-header.patch: drop, merged upstream. - upstream/accessibility-format.patch: drop, merged upstream. - upstream/observer.patch: drop, merged upstream. - bookworm/clang16.patch: refresh. - bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes. - ungoogled/disable-privacy-sandbox.patch: refresh. - disable/signin.patch: upstream dropped prefs::kAutologinEnabled. - upstream/crabbyav1f.patch: add build fix pulled from upstream. - upstream/lock-impl.patch: add build fix pulled from upstream. - upstream/containers-header.patch: add build fix pulled from upstream. - upstream/paint-layer-header.patch: add build fix pulled from upstream - fixes/bindgen.patch: work around bindgen-related things (hopefully correctly?) - bookworm/lex-3way.patch: add patch to support std::lexicographical_compare_three_way, which was added in clang-17. - bookworm/traitors.patch: another clang-16 hack; backport pointer_traits.h from libc++-18-dev to work around clang std::to_address() issue. - bookworm/constexpr.patch: add more of the usual constexpr workarounds; only needed for clang-16. - fixes/absl-optional.patch: drop, only needed for libstdc++-dev. - fixes/bad-font-gc*: drop, only needed for libstdc++-dev. - fixes/chromium-browser-ui-missing-deps.patch: add a bunch of mojo-related dependency build fixes. . [ Timothy Pearson ] * d/patches: - fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on 64k page systems such as aarch64 and ppc64el * d/patches/ppc64le: - ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: 2c18463d16bd66996a78804e29c9de0e15ccad38 3770 chromium_127.0.6533.88-1.dsc a81a33c056af65fb74b4ce6dd855eef511185aef 873345564 chromium_127.0.6533.88.orig.tar.xz 8d460352235b92350e06543e8944b651634fb810 413552 chromium_127.0.6533.88-1.debian.tar.xz f0909fd10d192a15665c01f78d3a6527e3b2f232 22182 chromium_127.0.6533.88-1_source.buildinfo Checksums-Sha256: c34fa4689620ec33a95a0ec9b53f3d95f06cd40009fe33f91010729ed74eb48a 3770 chromium_127.0.6533.88-1.dsc 54f1a7f7ccebdbe62654751c9939f9c3ee6d25ebd3a7f823f944764d8fb84aa4 873345564 chromium_127.0.6533.88.orig.tar.xz 117987755b43ef614ec728572b062e14f2a6627bb67290953d1eadcb8f6d86ef 413552 chromium_127.0.6533.88-1.debian.tar.xz 9d29ec5456a547ed0b187c6800a8ab8754bc4f05b1c576fd32931e656ec908e6 22182 chromium_127.0.6533.88-1_source.buildinfo Files: 811270cc5c123cebd1202d565ae6d35a 3770 web optional chromium_127.0.6533.88-1.dsc 5ce7abbb21378ea5e2d567a93ba12808 873345564 web optional chromium_127.0.6533.88.orig.tar.xz ce75950b4ef590796151337e07ada4ff 413552 web optional chromium_127.0.6533.88-1.debian.tar.xz 14998527ea0ffb8879a424d4b4092b2e 22182 web optional chromium_127.0.6533.88-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmapvuEUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8Nudjephg//fSRB+FPd93QVA8vXRUiv9oSSzEWV G1mXkZkEhE055PiBYurnTywWzSpqVx2woOx5QQCHrBWB7pVKCoHhTjJJ4lfa2S4d CxetSG6qFCRcuKc7nMsjW7pGcIOWPlqed9mJxfitrx07ExqxwgRXayoLzdOIPTSr oTQgnj/cqDCkJ68S9lyHBhsbYGvzPbmg8vfUIx4kAAtWxvMAHL9rHgWXTIJNQe3m fMhSI8ZICqdX0nwmKdqT25IeKnkCcw+cvwtmxzRyTp/DTKE2qqIoEdvnTj4T0gcE 7BHEBq6XOgPaRszKWeWTouYvd4hZBWky/JK0/3iork3+JcvBuUtkYeBI4KDKqpOz 3lo9YVDF6MeI8BfqZOXE2QCcuETM3Fac3b4U0av92AfQ7aou4+0fXGT9qJFiyKya pOBNq4EVK8yau9dX61nYjiD/sV66oG/m/GaUxuyCO0PUX4WtskKcjSGdHU6la2Fu iy3ScrpN5mUiYq8GVqAvAyOInZ/OmQectuN+Ox+IXNTiG2mYsCUS/db7vgYMlnIb D3rkjlxZ0R5ju7iOTdspU6XMPM7dTu3k6WaIu4RgK4AGn+/a28GLtQ35kxGmGFyE fOCHVoaD6iCMssVPKqc1/X3T7LmroOEHr12AMR451CJbiqX5JBlVjSN048k/L399 iGMrKDtYpCZEvrA= =g+RH -----END PGP SIGNATURE-----