Accepted chromium 117.0.5938.62-1~deb12u1 (source) into proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 13 Sep 2023 22:26:10 -0400
Source: chromium
Architecture: source
Version: 117.0.5938.62-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1042111
Changes:
chromium (117.0.5938.62-1~deb12u1) bookworm-security; urgency=high
.
[ Andres Salomon]
* New upstream stable release.
- CVE-2023-4900: Inappropriate implementation in Custom Tabs.
Reported by Levit Nudi from Kenya.
- CVE-2023-4901: Inappropriate implementation in Prompts.
Reported by Kang Ali.
- CVE-2023-4902: Inappropriate implementation in Input.
Reported by Axel Chong.
- CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
Reported by Ahmed ElMasry.
- CVE-2023-4904: Insufficient policy enforcement in Downloads.
Reported by Tudor Enache @tudorhacks.
- CVE-2023-4905: Inappropriate implementation in Prompts.
Reported by Hafiizh.
- CVE-2023-4906: Insufficient policy enforcement in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-4907: Inappropriate implementation in Intents.
Reported by Mohit Raj (shadow2639) .
- CVE-2023-4908: Inappropriate implementation in Picture in Picture.
Reported by Axel Chong.
- CVE-2023-4909: Inappropriate implementation in Interstitials.
Reported by Axel Chong.
* d/copyright: drop rust, llvm, siso, & cargo binaries.
* d/patches:
- fixes/size.patch: drop, merged upstream.
- fixes/variant.patch: drop, merged upstream.
- fixes/vector.patch: drop, merged upstream.
- upstream/contains.patch: drop, merged upstream.
- upstream/hvec.patch: drop, merged upstream.
- upstream/limits.patch: drop, merged upstream.
- upstream/statelessV4L2.patch: drop, merged upstream.
- fixes/widevine-locations.patch: refresh for minor upstream changes.
- disable/android.patch: drop half the patch.
- disable/catapult.patch: refresh for minor upstream changes.
- disable/tests.patch: refresh for minor upstream changes.
- disable/unrar.patch: refresh for minor upstream changes.
- fixes/material-utils.patch: build fix for clang w/ libstdc++.
- rename fixes/null.patch to fixes/perfetto.patch.
- upstream/memory.patch: build fix for missing header.
- bookworm/struct-ctor.patch: add a bunch more build workarounds for
clang-14.
- bookworm/stringpiece3.patch: another clang-14 StringPiece to
std::string explicit conversion.
- bookworm/typename.patch: add more explicit typename declarations for
clang-14.
- bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
scope workarounds.
- bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
const member inside a struct.
- ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
- disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
off by default.
- bookworm/generate-ninja.patch: fix build failure w/ bookworm's older gn.
* Switch to using bundled brotli, as the version in debian is too old.
And so we can drop d/patches/bookworm/brotli.patch, too.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
changes
- 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
- 0002-third-party-boringssl-add-generated-files.patch: refresh for
upstream changes
- 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
upstream changes
- 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
upstream changes
- skia-vsx-instructions.patch: refresh for upstream changes
- 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
- 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
* d/patches/ungoogled:
- core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
"Web Environment Integrity" trial and remove from build (closes: #1042111)
Checksums-Sha1:
c7357089169d708faf24aca71e0520720a79f67b 3700 chromium_117.0.5938.62-1~deb12u1.dsc
698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 chromium_117.0.5938.62.orig.tar.xz
40e0c1ddf89760d1c8804512033c9d59ed8905c9 385420 chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
44e117863808ea9aea9e65811bd0643572df5c45 21171 chromium_117.0.5938.62-1~deb12u1_source.buildinfo
Checksums-Sha256:
ec4b24e0ce10cce25b267320987a3714b4ca1081691d68c85c3a465c6ab44c51 3700 chromium_117.0.5938.62-1~deb12u1.dsc
f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 chromium_117.0.5938.62.orig.tar.xz
d231683c70ae406612fff71f882adb6ac94450e2e4836e39dc9263f8b4a59127 385420 chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
275fb9daad189eebcc09ebf686d874a0870af008f3754c43c62ed56c2de88045 21171 chromium_117.0.5938.62-1~deb12u1_source.buildinfo
Files:
1b55d8820a152310d9b75ba7015526f6 3700 web optional chromium_117.0.5938.62-1~deb12u1.dsc
e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional chromium_117.0.5938.62.orig.tar.xz
c575a5304f7c17ff9b6bcda3164a9639 385420 web optional chromium_117.0.5938.62-1~deb12u1.debian.tar.xz
b87c0a4d87e12e665dd1f598851abb7a 21171 web optional chromium_117.0.5938.62-1~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUDFTUUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjepixAApgaavUlt7GpJ4pSoYPmOTEcXBkNK
q73blR10FsnBSOZQkKO5zUyFbrclg2twYf8ytdp+YL44Y62X8c7VNVeHnWdQPWqy
vdv6ylae8yqZQWyzZ69lVOj9FsdVjaqfrqMD++eLLDlPxDbsMyNwH7/2vjLngwiE
UfODzvysIY6XJhEEUWbpuw3X9hHHnA7d/pHLS04vGzactM5JT6KJFYsE7j2cFBwH
2/+Z9dn+ABYTIcqWq6s0NZUvbQIgiPtDNP7cgtBDaKTdkctSD0cMWEsxm/Ax0iJi
TD4PK4X7e02xVwKB2t3802PxPMmmsxWHmp+VBeCjqkAVnh2HevnBzKJBqJzNCCZA
54nkQRq2ZQ3w8GvSk2lVFQQxJCCbeT4xoOVV1gSEIDN18WqBuiV8zZzTd1Bzdgcg
KcGG1E9I65KrLB3kbrHUDOWJXmEaSVaFPEJ/FzceKk/gUHsaQ6PswzuN3E4Xr/0z
9T3pjko601hUHlXd97UL/GfS+8iWiUzM1f8nmft9FjhS3OXmQzXlTGNjvM88oDcg
EJlBhE7sjbz8cW2JsLT+8wQamDP4Wf9B/BekrnLDFCp8zg9+We+On0+S258UmU2/
g90IC6VfC//e4fUBPLqdykWpgscl3bLO42IdvIUdKQldhsXpv0laBaVUnpF9wAsG
ne9G7OyWCa0otrQ=
=Yfkn
-----END PGP SIGNATURE-----
Reply to: