Accepted chromium 117.0.5938.62-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 13 Sep 2023 22:26:10 -0400
Source: chromium
Architecture: source
Version: 117.0.5938.62-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1042111 1051355
Changes:
chromium (117.0.5938.62-1) unstable; urgency=high
.
[ Andres Salomon]
* New upstream stable release.
- CVE-2023-4900: Inappropriate implementation in Custom Tabs.
Reported by Levit Nudi from Kenya.
- CVE-2023-4901: Inappropriate implementation in Prompts.
Reported by Kang Ali.
- CVE-2023-4902: Inappropriate implementation in Input.
Reported by Axel Chong.
- CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs.
Reported by Ahmed ElMasry.
- CVE-2023-4904: Insufficient policy enforcement in Downloads.
Reported by Tudor Enache @tudorhacks.
- CVE-2023-4905: Inappropriate implementation in Prompts.
Reported by Hafiizh.
- CVE-2023-4906: Insufficient policy enforcement in Autofill.
Reported by Ahmed ElMasry.
- CVE-2023-4907: Inappropriate implementation in Intents.
Reported by Mohit Raj (shadow2639) .
- CVE-2023-4908: Inappropriate implementation in Picture in Picture.
Reported by Axel Chong.
- CVE-2023-4909: Inappropriate implementation in Interstitials.
Reported by Axel Chong.
* d/copyright: drop rust, llvm, siso, & cargo binaries.
* d/patches:
- fixes/size.patch: drop, merged upstream.
- fixes/variant.patch: drop, merged upstream.
- fixes/vector.patch: drop, merged upstream.
- upstream/contains.patch: drop, merged upstream.
- upstream/hvec.patch: drop, merged upstream.
- upstream/limits.patch: drop, merged upstream.
- upstream/statelessV4L2.patch: drop, merged upstream.
- fixes/widevine-locations.patch: refresh for minor upstream changes.
- disable/android.patch: drop half the patch.
- disable/catapult.patch: refresh for minor upstream changes.
- disable/tests.patch: refresh for minor upstream changes.
- disable/unrar.patch: refresh for minor upstream changes.
- fixes/material-utils.patch: build fix for clang w/ libstdc++.
- rename fixes/null.patch to fixes/perfetto.patch.
- upstream/memory.patch: build fix for missing header.
- bookworm/struct-ctor.patch: add a bunch more build workarounds for
clang-14.
- bookworm/stringpiece3.patch: another clang-14 StringPiece to
std::string explicit conversion.
- bookworm/typename.patch: add more explicit typename declarations for
clang-14.
- bookworm/structured-binding-scope-bug.patch: add more clang-14 binding
scope workarounds.
- bookworm/initialize-const-ctor.patch: clang-14 workaround to init a
const member inside a struct.
- ppc64le/libaom/0001-Add-ppc64-target-to-libaom.patch: refresh.
- disable/privacy-sandbox.patch: ensure Privacy Sandbox "features" are
off by default.
* Switch to using bundled brotli, as the version in debian is too old.
And so we can drop d/patches/bookworm/brotli.patch, too.
* Switch from clang-14 to clang-16 (closes: #1051355).
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- 0001-Implement-support-for-PPC64-on-Linux.patch: refresh for upstream
changes
- 0001-Add-PPC64-support-for-boringssl.patch: refresh for upstream changes
- 0002-third-party-boringssl-add-generated-files.patch: refresh for
upstream changes
- 0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for
upstream changes
- 0004-third_party-crashpad-port-curl-transport-ppc64.patch: refresh for
upstream changes
- skia-vsx-instructions.patch: refresh for upstream changes
- 0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate
- 0001-third_party-boringssl-Properly-detect-ppc64le-in-BUI.patch: drop
* d/patches/ungoogled:
- core/ungoogled-chromium/disable-web-environment-integrity.patch: disable
"Web Environment Integrity" trial and remove from build (closes: #1042111)
Checksums-Sha1:
32adedeb59ce75e97db92be75af9107aff0fd1af 3688 chromium_117.0.5938.62-1.dsc
698cf464e1b71908a8a38e47dce08ecffe3e5d8e 683897300 chromium_117.0.5938.62.orig.tar.xz
390803c101081476d6f3c603fe0cfde9580610c9 385224 chromium_117.0.5938.62-1.debian.tar.xz
2456a17816b899fa9cdb7d3a78e79b888e4f8cee 21189 chromium_117.0.5938.62-1_source.buildinfo
Checksums-Sha256:
0602837529f1174eb163d9e5795042f6bf81cb0e8feeed291e4a2e2db2c9e7de 3688 chromium_117.0.5938.62-1.dsc
f14582a21c933cc5a3b9e3461c87fdb3ff6a41c01d599c44950e0580200d0050 683897300 chromium_117.0.5938.62.orig.tar.xz
d4314538e6f9c65a4ba8582942f905730ff68763bbda54e9edbb03d2b6cbafc6 385224 chromium_117.0.5938.62-1.debian.tar.xz
af04ff757a28945de9f5eae9ed39da18a7adc1a923fe964012cfc782b399324d 21189 chromium_117.0.5938.62-1_source.buildinfo
Files:
2f96f940709be308c5d51126f0a968a8 3688 web optional chromium_117.0.5938.62-1.dsc
e9a68cf8d33b2be80b6a984602cf55b5 683897300 web optional chromium_117.0.5938.62.orig.tar.xz
1e60b3205b4ab2bf84a061c8b4cfeeaa 385224 web optional chromium_117.0.5938.62-1.debian.tar.xz
bcb398d219495740744672c53fe4a66e 21189 web optional chromium_117.0.5938.62-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmUCcSAUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeZJA/9GbHLB274VX9OelYIhRksuUdBsoa0
GsN2WZFzpxMblqp6TpKAXl+TFIVUdH4xuypfuu3X2UundCbHL0chG7JUfw1CfU4w
/cMAW06ebIQegQSqAclTyIkEulvj0gIObHnZ9yl9i9y6OBB+wq1msoLnEI307LBu
wP2Aibt2yVTvSpSldaZFnIg9gvt1TRiw87opuSOVkPGfN6/XhXEMc+rGfcFli5OU
QQsp9DueQddhzi8YhN/Fi0yLi40lUriZiK7oR/tV2VNI1Pb1/Yd+UOdHN/sueYrC
TJRoMkFe0bzHqlL75ajjIBkzExa6V9xYhwTfNtG6+To2tARQdb96r2TG0QEOs2f0
S7rEunhummwn0bYzBNt0eVrOSSemoZMeeQcfP/B6esd0jzVxdDgkXbtkaQB0+Sbk
miinVshtyyHLv+7oRDcwhge9ni9JvmepbReOxWHTekEzcaWU38+vlyMP1+JYZ+/f
WpiCrRJAE9L/oLq0QleXpQsgvQm8WYSpcl5kw+IhwKpiWUYI7E5dNUB1Z6istyUF
jtExe0jpdMkBRMSdnQaPViZ9UG4YbWq/GWP0DpO7/HYx9sFm/Xa6OHmSzobTb+u3
tEH90f1NtywK1sO2J8zyTogtaISOmWhKJKO/j2vKThmsOLjPlHCH4knzij0m3LQy
ccN27d2YrVzPiOI=
=fgNo
-----END PGP SIGNATURE-----
Reply to: