-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 30 Apr 2025 17:38:38 -0400
Source: chromium
Architecture: source
Version: 136.0.7103.59-2
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (136.0.7103.59-2) unstable; urgency=high
.
* Delete third_party/jetstream due to non-free ("do no evil") license.
.
chromium (136.0.7103.59-1) unstable; urgency=high
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous.
- CVE-2025-4050: Out of bounds memory access in DevTools.
Reported by Anonymous.
- CVE-2025-4051: Insufficient data validation in DevTools.
Reported by Daniel Fröjdendahl.
- CVE-2025-4052: Inappropriate implementation in DevTools.
Reported by vanillawebdev.
* d/rules: disable warning-suppression-mappings; llvm too old.
* d/control: drop libevent-dev build-dep, no longer used.
* d/scripts/unbundle:
- libavif no longer used, no need to specify bundling.
- bundle simdutf, which isn't packaged for debian.
* d/patches:
- fixes/pipewire14.patch: drop, merged upstream.
- disable/catapult.patch: refresh.
- disable/buildtools-libc.patch: rework patch to be easier to maintain.
- bookworm/gn-revert-path-exists.patch: update for a bunch of new
path_exists() users.
- disable/node-version-ck.patch: add patch to disable upstream's strict
nodejs version check.
- fixes/media-cstdint.patch: add missing header include.
- upstream/media-optional.patch: add missing header include.
- fixes/perfetto-nullptr.patch: add nullptr_t std qualification.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- third_party/0001-third_party-lss-Don-t-look-for-mmap2-on-ppc64.patch:
drop due to upstream fixes
- third_party/0002-third_party-lss-kernel-structs.patch: refresh for
upstream changes
- breakpad/0001-Implement-support-for-ppc64-on-Linux.patch: refresh for
upstream changes
- core/cargo-add-ppc64.diff: drop due to upstream fixes
Checksums-Sha1:
dcf9deb735d8df0eca6425c49f1439d8169eaae5 3793 chromium_136.0.7103.59-2.dsc
ba675872dbbd206064f739a22a6cf7e44bc039ee 937911104 chromium_136.0.7103.59.orig.tar.xz
0f45d0e810ca23747a885783daea9ebf9bf95331 338276 chromium_136.0.7103.59-2.debian.tar.xz
4e0003def0a4f195fa0faeb64dfeb16f8d12d755 26714 chromium_136.0.7103.59-2_source.buildinfo
Checksums-Sha256:
7a3fe05c7cffd0b0b148ea200d6ba394c200607ac433b47261fe5c3bb6e21494 3793 chromium_136.0.7103.59-2.dsc
2061f9a965393eb443727c98f67616775dc3bc774ad4d71f91986df1ad33e16c 937911104 chromium_136.0.7103.59.orig.tar.xz
6fbaeba574750967192ba648151ef8925ae6c8e9e73a3d9025715dc49e768234 338276 chromium_136.0.7103.59-2.debian.tar.xz
059056c6929881f1bad95313061e6686c38f99e40a6e2121cc9738e187c40e58 26714 chromium_136.0.7103.59-2_source.buildinfo
Files:
172c477236c6df366229744c3adab6b5 3793 web optional chromium_136.0.7103.59-2.dsc
44f0fcb5941ee89b763daf76e899f672 937911104 web optional chromium_136.0.7103.59.orig.tar.xz
21768101932a566d6ba9b228cf4974b3 338276 web optional chromium_136.0.7103.59-2.debian.tar.xz
f291c7605184ac4db66ddfd7343da159 26714 web optional chromium_136.0.7103.59-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmgSsD4UHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudje8qRAAmsGfWaVyqntIzqmveUpR/WOyQ16i
jxa6wKHZbMLQYM8r2aCon/9o9B7qDp92fwQLWLw6E8xjdLJkRxlc9c5G1psL4aSN
yqHW3PCuQW1x4Sv04ca2iXT1b7cqao07q7wbZYwXOvhkodDCtUkE8BQcZbqGwdJw
bmxtdumMP7CxNvFjFA6wQnNCBhqm2iT/P6HH5K3kKpbxIuO9wv8pIs3gRNLXRYmy
CVhSqHra0IhkvMHVKsXttkkf06u0W+HaUS5worLYyzUQE3z/4sAEh3hp5dJtq1vJ
aRRi4fUq4iX/O6Irn6VynQevTYyhYUxzEz1wrgSJdAAcqWiyEwSDgKh1xLpU3Sc9
NUVoLpg8DbLmIss6O3kbWKH/BGwkmd5RbX0C0qtrIWkCe7ZfvXQ8FG+VCHFhF+ru
J/A0m01tchVFHRjkaCkRcFdmqDf+oT532fAMSOshgD2mns2UUvcGZPn+g0oX0mZB
F9BqAobTkSQmnkR47t+sm/OSI1MBjOaBKGdTDsu1a0PlXHmiiu56AjIFy7e1Ufzm
tJR3eTwCCJjXeBxKj/tMAOi/9azisSehcJ5XBgx0XM1CGmlTpczWiFcfA/Y3njN3
UWWzB+3VDZX5EcWrE+a8Lr917nmylW/KtFZnbqt1h6LqLJNaI1RiRc1Rv7fQlh7b
QjZ+D15nlP5VCCg=
=n6Lf
-----END PGP SIGNATURE-----
