[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted chromium 137.0.7151.55-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 May 2025 23:46:49 -0400
Source: chromium
Architecture: source
Version: 137.0.7151.55-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (137.0.7151.55-1) unstable; urgency=high
 .
   [ Daniel Richard G. ]
   * d/control: Elaborate Build-Depends: clause for a cross build. Also drop
     x11-apps, as it appears to be unused, as well as libmodpbase64-dev as
     it is built in-tree under third_party/modp_b64/. Add a Build-Conflicts:
     clause to avoid some snafus on Ubuntu.
   * d/patches:
     - debianization/cross-build.patch: New patch implementing the bulk of our
       cross-build support.
     - upstream/cross-build-target.patch: New upstream patch that sets
       --target=... explicitly on all builds. Needed for a cross build.
     - fixes/clang-rust-target.patch: Drop, as this patch is made redundant by
       the preceding one.
   * d/rules: Add settings and environment exports needed for a cross build.
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-5063: Use after free in Compositing. Reported by Anonymous.
     - CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car].
     - CVE-2025-5064: Inappropriate implementation in Background Fetch API.
       Reported by Maurice Dauer .
     - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
       Reported by NDevTK.
     - CVE-2025-5066: Inappropriate implementation in Messages.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2025-5281: Inappropriate implementation in BFCache.
       Reported by Jesper van den Ende (Pelican Party Studios).
     - CVE-2025-5283: Use after free in libvpx. Reported by Mozilla.
     - CVE-2025-5067: Inappropriate implementation in Tab Strip.
       Reported by Khalil Zhani.
   * d/control: switch bindgen:any build-dep to bindgen:native.
   * d/rules: disable optimize_webui for now due to a rollup 3.x issue.
   * d/patches:
     - upstream/media-optional.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop part of patch merged upstream.
     - fixes/perfetto-nullptr.patch: drop due to upstream code changes.
     - upstream/arm32-crel.patch: refresh.
     - disable/tests.patch: refresh.
     - system/gperf.patch: drop, merged upstream.
     - bookworm/gn-revert-path-exists.patch: refresh.
     - bookworm/gn-allowlist.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - bookworm/clang19.patch: add new unsupported arg removal
       (-fextend-variable-liveness).
     - upstream/span-fwd.patch: add build fix pulled from upstream.
     - upstream/mojo-optional.patch: add build fix pulled from upstream.
     - bookworm/constexpr3.patch: add yet another constexpr workaround.
     - upstream/opener-heur.patch: add build fix pulled from upstream.
     - upstream/allowed-state.patch: add build fix pulled from upstream.
     - upstream/pdfium-libpng.patch: add build fix pulled from upstream.
     - upstream/safety-hub-set.patch: add build fix pulled from upstream.
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/features.gni: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       regenerate from upstream sources
     - fixes/fix-partition-alloc-compile.patch: refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: refresh for upstream changes
Checksums-Sha1:
 b7719c8f19a3dcc739b1ccaecc7b2d90fa53b427 3923 chromium_137.0.7151.55-1.dsc
 764e58eb7f85d5776e28e9f9fadca0a2e9148d66 943831428 chromium_137.0.7151.55.orig.tar.xz
 1c7abf11524828392cfd35bc0627ee010621666c 344648 chromium_137.0.7151.55-1.debian.tar.xz
 efe54c972a7e06dd53cebf4ed7b3a34a84cd9d6d 26504 chromium_137.0.7151.55-1_source.buildinfo
Checksums-Sha256:
 6afd81314a8d4039a0fd2ece3d99292f01b2a0a82212aae4dce7a0a43d1c5665 3923 chromium_137.0.7151.55-1.dsc
 1b7e9225c6ae7b44e0caf9ce4aedc1057b3b64c26f22dfc4f1f0e3dd27f68121 943831428 chromium_137.0.7151.55.orig.tar.xz
 78e66ac6f48d56549753ed8dac459edbcbc78f79fb76f719a949e72426bfe5eb 344648 chromium_137.0.7151.55-1.debian.tar.xz
 cb98ac13d4d5838302ece3cc95fd9c129648c3eefb7b573b4e20c58f47c4577c 26504 chromium_137.0.7151.55-1_source.buildinfo
Files:
 34626792e5cc47b30c16949e64d79df3 3923 web optional chromium_137.0.7151.55-1.dsc
 11471239cb9e568ccdbb9678b2a381cb 943831428 web optional chromium_137.0.7151.55.orig.tar.xz
 a266bb6091fa81b47a452a3479f003c6 344648 web optional chromium_137.0.7151.55-1.debian.tar.xz
 d1c93763a87876c9dfdd21be7511dc29 26504 web optional chromium_137.0.7151.55-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmg2iDQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjenfw//awK5LdpH+gBY0zec4qkIUrjPQyD6
dDoJGVrZKfDZzcOSXtdovDGP5hefjzmf9naQN2HlFVinCRrj5Ev69BNFriO4taLX
tPbo2h3cCLivCw0CZIh+reM7wnAqXVY42SVf0XZCLZA59ZwGSqi7R5O+V9q4ANSz
uv2GaG9sucyh4jf0EdVbEyHJnQqEk6Ojb6f+NdEMw/WSjIxkkMw9w9Z+dzAjUoM3
M1dA/wpJGYmOrwp5guC3FIsczZQHxLF6eelmSz19pzRKgQ5Q6NmUJ4OpwrE/c0zO
Uvc4KYPStSD462atNO3PgC64IA2OLkf8/TW0vIMv0wNsLgA8UhHpFmngcm7v6iGP
lpGTp1KN/h8XwAy0bWjbqlyrTPgDlZWoI/D8FPwCW1hKOHS7BaCDu6ZJweM4LLIG
+6YW4Fq5k4U7R8jTW1GSW+3lRw8E/INJ5wjgtDfWmw8kbWQCEK3zrz5Sb0KOmns/
M3coadIYLzlZNEbdyZzna6XJDlhNIbDRJzdWYIhsZeQN0l+bRExtmkfiOeb+JH1o
uQ3u4q/kefM0YkGqefle0dTE36C2fc5Cs2hhf2wBhfKsdpVTa1xe+WgttgWCmks/
TXQXKeEBvpPzWu8rHW9WSyMs8K+x37/YFlnALU2iNzy5+o+zFfusa4diIWZkx0Je
R/ARwjuTuE9Cb0M=
=J9Jz
-----END PGP SIGNATURE-----

Attachment: pgpYKZUKKN1AD.pgp
Description: PGP signature


Reply to: