-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jul 2024 23:50:29 -0400 Source: chromium Architecture: source Version: 127.0.6533.88-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian Chromium Team <chromium@packages.debian.org> Changed-By: Andres Salomon <dilinger@debian.org> Changes: chromium (127.0.6533.88-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2024-6988: Use after free in Downloads. Reported by lime(@limeSec_) from TIANGONG Team of Legendsec at QI-ANXIN Group. - CVE-2024-6989: Use after free in Loader. Reported by Anonymous. - CVE-2024-6991: Use after free in Dawn. Reported by wgslfuzz. - CVE-2024-6992: Out of bounds memory access in ANGLE. Reported by Xiantong Hou of Wuheng Lab and Pisanbao. - CVE-2024-6993: Inappropriate implementation in Canvas. Reported by Anonymous. - CVE-2024-6994: Heap buffer overflow in Layout. Reported by Huang Xilin of Ant Group Light-Year Security Lab. - CVE-2024-6995: Inappropriate implementation in Fullscreen. Reported by Alesandro Ortiz. - CVE-2024-6996: Race in Frames. Reported by Louis Jannett (Ruhr University Bochum). - CVE-2024-6997: Use after free in Tabs. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6998: Use after free in User Education. Reported by Sven Dysthe (@svn-dys). - CVE-2024-6999: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7000: Use after free in CSS. Reported by Anonymous. - CVE-2024-7001: Inappropriate implementation in HTML. Reported by Jake Archibald. - CVE-2024-7003: Inappropriate implementation in FedCM. Reported by Alesandro Ortiz. - CVE-2024-7004: Insufficient validation of untrusted input in Safe Browsing. Reported by Anonymous. - CVE-2024-7005: Insufficient validation of untrusted input in Safe Browsing. Reported by Umar Farooq. - CVE-2024-6990: Uninitialized Use in Dawn. Reported by gelatin dessert. - CVE-2024-7255: Out of bounds read in WebTransport. Reported by Marten Richter. - CVE-2024-7256: Insufficient data validation in Dawn. Reported by gelatin dessert. * Switch from building against (gcc's) libstdc++ to (clang's) libc++. Upstream is playing fast and loose with memory in ways that results in crashes with gcc's stricter libstdc++, but not with clang's libc++ (which allows accessing deleting memory apparently). We can't maintain workarounds any more, and upstream really doesn't care (see, for example, https://crbug.com/346174906 , where they add workarounds only for their ASAN memory checker). * d/copyright: - delete new rust, cargo, llvm, and node binaries. - delete third_party/zstd so we can link against system zstd. - stop deleting the bundled woff, snappy, and jsoncpp; those can't be dynamically linked against with clang's libc++. * d/control: - build-dep against libzstd-dev and bindgen. - drop build-dep on libwoff-dev, libsnappy-dev, libjsoncpp-dev, and add build-deps on libc++-16-dev / libc++abi-16-dev. * d/rules: - drop use_goma=false (upstream switched to rbe). - set rust_bindgen_root. - rework get-orig-source to not use mk-origtargz, which is incredibly slow (total run 45 mins for the current 6.2G upstream release). Instead, use d/scripts/get-exludes.pl and tar's --exclude-from to drastically speed things up (total run now takes 8 mins). - include bindgen 0.66.1-3 packages from snapshot.debian.org, as bookworm's bindgen 0.60.1 is too old. The packages are unpacked during build. * d/patches: - upstream/tabstrip-include.patch: drop, merged upstream. - upstream/quiche-deque.patch: drop, merged upstream. - upstream/gpu-header.patch: drop, merged upstream. - upstream/blink-header.patch: drop, merged upstream. - upstream/blink-header2.patch: drop, merged upstream. - upstream/blink-header3.patch: drop, merged upstream. - upstream/realtime-reporting.patch: drop, merged upstream. - upstream/urlvisit-header.patch: drop, merged upstream. - upstream/accessibility-format.patch: drop, merged upstream. - upstream/observer.patch: drop, merged upstream. - bookworm/clang16.patch: refresh. - bookworm/rust-downgrade-osstr-users.patch: refresh w/ minor changes. - ungoogled/disable-privacy-sandbox.patch: refresh. - disable/signin.patch: upstream dropped prefs::kAutologinEnabled. - upstream/crabbyav1f.patch: add build fix pulled from upstream. - upstream/lock-impl.patch: add build fix pulled from upstream. - upstream/containers-header.patch: add build fix pulled from upstream. - upstream/paint-layer-header.patch: add build fix pulled from upstream - fixes/bindgen.patch: work around bindgen-related things (hopefully correctly?) - bookworm/lex-3way.patch: add patch to support std::lexicographical_compare_three_way, which was added in clang-17. - bookworm/traitors.patch: another clang-16 hack; backport pointer_traits.h from libc++-18-dev to work around clang std::to_address() issue. - bookworm/constexpr.patch: add more of the usual constexpr workarounds; only needed for clang-16. - bookworm/constcountrycode.patch, bookworm/omnibox-constexpr.patch: remove, now part of bookworm/constexpr.patch. - fixes/absl-optional.patch: drop, only needed for libstdc++-dev. - fixes/bad-font-gc*: drop, only needed for libstdc++-dev. - fixes/chromium-browser-ui-missing-deps.patch: add a bunch of mojo-related dependency build fixes. - bookworm/bubble-contents.patch: refresh. - bookworm/gn-funcs.patch: add workarounds for missing functions in bookworm's older generate-ninja. - bookworm/gn-absl.patch: add workarounds for absl changes that rely on newer gn. - bookworm/crabbyav1f.patch: add experimental feature toggle, needed for older rustc. . [ Timothy Pearson ] * d/patches: - fixes/fixes/memory-allocator-dcheck-assert-fix.patch: Fix assert on 64k page systems such as aarch64 and ppc64el * d/patches/ppc64le: - ffmpeg/0001-Add-support-for-ppc64.patch: Drop, no longer needed - third_party/use-sysconf-page-size-on-ppc64.patch: Refresh for upstream changes Checksums-Sha1: c78fdce8e1d111626e8aa62db927cace5cdb8f27 3789 chromium_127.0.6533.88-1~deb12u1.dsc a81a33c056af65fb74b4ce6dd855eef511185aef 873345564 chromium_127.0.6533.88.orig.tar.xz 026aec18935a6839904121b0865fa2a3af80dfa9 8493024 chromium_127.0.6533.88-1~deb12u1.debian.tar.xz 18531f2a61845bc7d3e6e9ef5cecfacbd1d1c33b 22054 chromium_127.0.6533.88-1~deb12u1_source.buildinfo Checksums-Sha256: 718fae385161e6a9995fb15604df582a96f72ca54540343d6ecd503c923a7b6c 3789 chromium_127.0.6533.88-1~deb12u1.dsc 54f1a7f7ccebdbe62654751c9939f9c3ee6d25ebd3a7f823f944764d8fb84aa4 873345564 chromium_127.0.6533.88.orig.tar.xz 8e0ba139f3ef2522045238a9930b251be503afd3a9deea7c614c37e87a86770c 8493024 chromium_127.0.6533.88-1~deb12u1.debian.tar.xz e10501ea61b7bf7cf2f069e0f1b8c71ff8f7ab8b7d1d620405567099c53a9015 22054 chromium_127.0.6533.88-1~deb12u1_source.buildinfo Files: 8d8920e206937af1b74d22caba017d35 3789 web optional chromium_127.0.6533.88-1~deb12u1.dsc 5ce7abbb21378ea5e2d567a93ba12808 873345564 web optional chromium_127.0.6533.88.orig.tar.xz d9a56fee6a686435ec445dc822ab56a6 8493024 web optional chromium_127.0.6533.88-1~deb12u1.debian.tar.xz caafe952643040ac9a42679c3ea5c657 22054 web optional chromium_127.0.6533.88-1~deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmap7cgUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjdLMQ/8DZ56cE66EyL3sbBicE81UoOGZr+A Fn6BF3XaLUYcPSOME62DspLAPoD9TQEwxTT/KDen9vGDGIzMRbOm5A8L+RNpxmQ2 dXIUkhlCfM3XULlJ/+mYBWOmb2CrEwSmfXUdjNWz6z9tOAxwH3Ezy7XxvlkuVxKb c26hCMk7yPVH//pih2Vr0EfRlZrn6Rr5MYk4ILBfElewb47EwLVPNSGO/ygKpcad WGYEiIs/D7L+7XgPpn0QPD+nVlIyXKRtJwOaZtK+clT69Tdy4RV5X5j/LDs9f4UK 3QWa2LsVVnuIcoPP9yMirkyggpgIzOqO0j+1bNGyicOk59uQo3PnzbpKKfSQJw4/ 2jMEhpnSpOZQpvqHuJKjaydNRKe7wmCvi21iiBfbv8GXJV+ehOofVT0Y3n0yeIm/ 9RNQ0mVVuB5AeCLxMugfAjM7F3qcVZdNbAgfXW83GNPaw48Be5FXaKOCfupMwMwL tagrz/PeAKaHQCk7y91ZEuc2LRay45NkVtMoDPAArkBoURCuFOuZEkx/BHZ+wUJ7 IQJr2H019/n/byeOlby8gy6xaCyxdwnOOlEtMlDomVNCfvoUIacUjjlrA1666l3C R3j45nLx3Xa5um+iiI7fn1rbmVZAgyFWT6FRHcqNoE7pxC4+8s0OpoCcAfA10h8P V0Ke0ZXNR3ncs/o= =6EL/ -----END PGP SIGNATURE-----