Commit a531ac8d authored by Michael Gilbert's avatar Michael Gilbert

release 63.0.3239.84-1~deb9u1

parent 463d3b3b
chromium-browser (63.0.3239.84-1~deb9u1) stretch-security; urgency=medium
* New upstream stable release.
- CVE-2017-15407: Out of bounds write in QUIC. Reported by Ned Williamson
- CVE-2017-15408: Heap buffer overflow in PDFium. Reported by Ke Liu
- CVE-2017-15409: Out of bounds write in Skia. Reported by Anonymous
- CVE-2017-15410: Use after free in PDFium. Reported by Luật Nguyễn
- CVE-2017-15411: Use after free in PDFium. Reported by Luật Nguyễn
- CVE-2017-15413: Type confusion in WebAssembly. Reported by Gaurav Dewan
- CVE-2017-15415: Pointer information disclosure in IPC call. Reported by
Viktor Brange
- CVE-2017-15416: Out of bounds read in Blink. Reported by Ned Williamson
- CVE-2017-15417: Cross origin information disclosure in Skia . Reported by
Max May
- CVE-2017-15418: Use of uninitialized value in Skia. Reported by Kushal
Arvind Shah
- CVE-2017-15419: Cross origin leak of redirect URL in Blink. Reported by
Jun Kokatsu
- CVE-2017-15420: URL spoofing in Omnibox. Reported by WenXu Wu
- CVE-2017-15423: Issue with SPAKE implementation in BoringSSL. Reported by
Greg Hudson
- CVE-2017-15424: URL Spoof in Omnibox. Reported by Khalil Zhani
- CVE-2017-15425: URL Spoof in Omnibox. Reported by xisigr
- CVE-2017-15426: URL Spoof in Omnibox. Reported by WenXu Wu
- CVE-2017-15427: Insufficient blocking of JavaScript in Omnibox. Reported
by Junaid Farhan
-- Michael Gilbert <mgilbert@debian.org> Sun, 03 Dec 2017 15:26:02 +0000
chromium-browser (62.0.3202.89-1~deb9u1) stretch-security; urgency=medium
* New upstream security release.
......
......@@ -6,7 +6,6 @@ chrome/test/data/webui/i18n_process_css_test.html
third_party/ffmpeg/BUILD.gn
third_party/flac/BUILD.gn
third_party/harfbuzz-ng/BUILD.gn
base/third_party/libevent/BUILD.gn
build/secondary/third_party/libjpeg_turbo/BUILD.gn
third_party/libdrm/BUILD.gn
......
......@@ -3,37 +3,26 @@ description: disable loading external components
--- a/chrome/browser/extensions/external_component_loader.cc
+++ b/chrome/browser/extensions/external_component_loader.cc
@@ -38,33 +38,12 @@ ExternalComponentLoader::~ExternalCompon
@@ -34,22 +34,6 @@ ExternalComponentLoader::~ExternalCompon
void ExternalComponentLoader::StartLoading() {
prefs_.reset(new base::DictionaryValue());
auto prefs = std::make_unique<base::DictionaryValue>();
-#if defined(GOOGLE_CHROME_BUILD)
- AddExternalExtension(extension_misc::kInAppPaymentsSupportAppId);
- AddExternalExtension(extension_misc::kInAppPaymentsSupportAppId, prefs.get());
-#endif // defined(GOOGLE_CHROME_BUILD)
-
- if (HotwordServiceFactory::IsHotwordAllowed(profile_))
- AddExternalExtension(extension_misc::kHotwordSharedModuleId);
- AddExternalExtension(extension_misc::kHotwordSharedModuleId, prefs.get());
-
-#if defined(OS_CHROMEOS)
- {
- base::CommandLine* const command_line =
- base::CommandLine::ForCurrentProcess();
- if (!command_line->HasSwitch(chromeos::switches::kDisableNewZIPUnpacker))
- AddExternalExtension(extension_misc::kZIPUnpackerExtensionId);
- AddExternalExtension(extension_misc::kZIPUnpackerExtensionId,
- prefs.get());
- }
-#endif
if (media_router::MediaRouterEnabled(profile_) &&
FeatureSwitch::load_media_router_component_extension()->IsEnabled()) {
AddExternalExtension(extension_misc::kMediaRouterStableExtensionId);
}
-#if BUILDFLAG(ENABLE_APP_LIST) && defined(OS_CHROMEOS)
- std::string google_now_extension_id;
- if (GetGoogleNowExtensionId(&google_now_extension_id))
- AddExternalExtension(google_now_extension_id);
-#endif
-
LoadFinished();
}
......@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert@debian.org>
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -688,8 +688,7 @@ group("gn_all") {
@@ -698,8 +698,7 @@ group("gn_all") {
}
}
......
description: disable the google api key warning when those aren't found
author: Michael Gilbert <mgilbert@debian.org>
--- a/chrome/browser/ui/startup/startup_browser_creator_impl.cc
+++ b/chrome/browser/ui/startup/startup_browser_creator_impl.cc
@@ -836,8 +836,6 @@ void StartupBrowserCreatorImpl::AddInfoB
@@ -778,8 +778,6 @@ void StartupBrowserCreatorImpl::AddInfoB
!command_line_.HasSwitch(switches::kTestType) &&
!command_line_.HasSwitch(switches::kEnableAutomation)) {
chrome::ShowBadFlagsPrompt(browser);
......
author: Michael Gilbert <mgilbert@debian.org>
description: disable the ad promo system by default
author: Michael Gilbert <mgilbert@debian.org>
bug-debian: http://bugs.debian.org/634101
--- a/chrome/browser/ui/app_list/app_list_service.cc
......
description: set chromedriver version as undefined
author: Michael Gilbert <mgilbert@debian.org>
--- a/chrome/test/chromedriver/embed_version_in_cpp.py
+++ b/chrome/test/chromedriver/embed_version_in_cpp.py
......
description: add missing variable declaration
author: Michael Gilbert <mgilbert@debian.org>
--- a/build/config/compiler/BUILD.gn
+++ b/build/config/compiler/BUILD.gn
@@ -70,6 +70,8 @@ declare_args() {
msvs_xtree_patched = false
}
+ optimize_for_size = true
+
# Enable fatal linker warnings. Building Chromium with certain versions
# of binutils can cause linker warning.
# See: https://bugs.chromium.org/p/chromium/issues/detail?id=457359
description: add missing include needed for call to round
author: Michael Gilbert <mgilbert@debian.org>
--- a/third_party/webrtc/p2p/base/port.cc
+++ b/third_party/webrtc/p2p/base/port.cc
@@ -10,6 +10,7 @@
#include "p2p/base/port.h"
+#include <cmath>
#include <algorithm>
#include <vector>
......@@ -11,8 +11,8 @@ author: Michael Gilbert <mgilbert@debian.org>
options, args = parser.parse_args(argv)
if args:
@@ -207,6 +208,8 @@ def build_gn_with_ninja_manually(tempdir
cmd = ['ninja', '-C', tempdir]
@@ -208,6 +209,8 @@ def build_gn_with_ninja_manually(tempdir
cmd = ['ninja', '-C', tempdir, '-w', 'dupbuild=err']
if options.verbose:
cmd.append('-v')
+ if options.jobs:
......
......@@ -4,16 +4,8 @@ Author: Daniel Echeverry <epsilon77@gmail.com>
--- a/chrome/app/resources/manpage.1.in
+++ b/chrome/app/resources/manpage.1.in
@@ -1,5 +1,5 @@
-." This file is processed by chrome.gyp to generate manpages in the
-." build diretory.
+.\" This file is processed by chrome.gyp to generate manpages in the
+.\" build diretory.
.TH @@FILENAME@@ 1 "" "" "USER COMMANDS"
.SH NAME
@@ -20,6 +20,23 @@ This manpage only describes invocation,
@@NAME@@ has hundreds of undocumented command-line flags that are added
@@MENUNAME@@ has hundreds of undocumented command-line flags that are added
and removed at the whim of the developers. Here, we document relatively
stable flags.
+
......@@ -36,7 +28,7 @@ Author: Daniel Echeverry <epsilon77@gmail.com>
.TP
\fB\-\-user\-data\-dir\fR=\fIDIR\fR
Specifies the directory that user data (your "profile") is kept in.
@@ -110,6 +127,7 @@ as
@@ -114,6 +131,7 @@ as
See the GTK documentation for more:
.IP
<http://library.gnome.org/devel/gtk/stable/gtk-running.html>
......
......@@ -2,7 +2,6 @@ manpage.patch
master-preferences.patch
gn/parallel.patch
gn/bootstrap.patch
gn/buildflags.patch
disable/promo.patch
......@@ -12,7 +11,8 @@ disable/third-party-cookies.patch
disable/external-components.patch
fixes/mojo.patch
fixes/crc32.patch
fixes/webrtc.patch
fixes/optimize.patch
fixes/ps-print.patch
fixes/gpu-timeout.patch
fixes/widevine-revision.patch
......
......@@ -9,13 +9,13 @@ author: Michael Gilbert <mgilbert@debian.org>
-#include "base/third_party/libevent/event.h"
+#include <event.h>
#include "webrtc/rtc_base/checks.h"
#include "webrtc/rtc_base/logging.h"
#include "webrtc/rtc_base/platform_thread.h"
#include "rtc_base/checks.h"
#include "rtc_base/logging.h"
#include "rtc_base/platform_thread.h"
--- a/tools/gn/bootstrap/bootstrap.py
+++ b/tools/gn/bootstrap/bootstrap.py
@@ -622,26 +622,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/time/time_now_posix.cc',
@@ -614,26 +614,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/time/time_conversion_posix.cc',
'base/trace_event/heap_profiler_allocation_register_posix.cc',
])
- static_libraries['libevent'] = {
......@@ -41,7 +41,7 @@ author: Michael Gilbert <mgilbert@debian.org>
if is_linux or is_aix:
ldflags.extend(['-pthread'])
@@ -673,13 +653,7 @@ def write_gn_ninja(path, root_gen_dir, o
@@ -667,13 +647,7 @@ def write_gn_ninja(path, root_gen_dir, o
'base/allocator/allocator_shim.cc',
'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
])
......@@ -56,7 +56,7 @@ author: Michael Gilbert <mgilbert@debian.org>
else:
libs.extend(['-lrt'])
static_libraries['base']['sources'].extend([
@@ -716,12 +690,6 @@ def write_gn_ninja(path, root_gen_dir, o
@@ -711,12 +685,6 @@ def write_gn_ninja(path, root_gen_dir, o
'base/time/time_mac.cc',
'base/threading/platform_thread_mac.mm',
])
......
......@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert@debian.org>
--- a/v8/src/runtime/runtime-intl.cc
+++ b/v8/src/runtime/runtime-intl.cc
@@ -632,7 +632,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
@@ -714,7 +714,11 @@ RUNTIME_FUNCTION(Runtime_PluralRulesSele
return *isolate->factory()
->NewStringFromTwoByte(Vector<const uint16_t>(
reinterpret_cast<const uint16_t*>(
......@@ -30,3 +30,23 @@ author: Michael Gilbert <mgilbert@debian.org>
}
String StringForText(const void* text,
--- a/net/BUILD.gn
+++ b/net/BUILD.gn
@@ -11,7 +11,6 @@ import("//build/config/ui.gni")
import("//net/features.gni")
import("//testing/libfuzzer/fuzzer_test.gni")
import("//testing/test.gni")
-import("//third_party/icu/config.gni")
import("//third_party/protobuf/proto_library.gni")
import("//tools/grit/grit_rule.gni")
import("//url/features.gni")
--- a/v8/gni/isolate.gni
+++ b/v8/gni/isolate.gni
@@ -3,7 +3,6 @@
# found in the LICENSE file.
import("//build/config/sanitizers/sanitizers.gni")
-import("//third_party/icu/config.gni")
import("v8.gni")
declare_args() {
......@@ -31,9 +31,9 @@ author: Michael Gilbert <mgilbert@debian.org>
'base/third_party/icu/icu_utf.cc',
- 'base/third_party/nspr/prtime.cc',
'base/threading/post_task_and_reply_impl.cc',
'base/threading/scoped_blocking_call.cc',
'base/threading/sequence_local_storage_map.cc',
'base/threading/sequenced_task_runner_handle.cc',
@@ -674,7 +673,7 @@ def write_gn_ninja(path, root_gen_dir, o
@@ -668,7 +667,7 @@ def write_gn_ninja(path, root_gen_dir, o
'base/allocator/allocator_shim.cc',
'base/allocator/allocator_shim_default_dispatch_to_glibc.cc',
])
......@@ -44,7 +44,7 @@ author: Michael Gilbert <mgilbert@debian.org>
])
--- a/base/BUILD.gn
+++ b/base/BUILD.gn
@@ -53,6 +53,9 @@ config("base_flags") {
@@ -58,6 +58,9 @@ config("base_flags") {
"-Wno-char-subscripts",
]
}
......@@ -54,7 +54,7 @@ author: Michael Gilbert <mgilbert@debian.org>
}
config("base_implementation") {
@@ -852,8 +855,6 @@ component("base") {
@@ -851,8 +854,6 @@ component("base") {
"third_party/dmg_fp/g_fmt.cc",
"third_party/icu/icu_utf.cc",
"third_party/icu/icu_utf.h",
......
......@@ -3,7 +3,7 @@ author: Michael Gilbert <mgilbert@debian.org>
--- a/third_party/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
+++ b/third_party/webrtc/modules/video_coding/codecs/vp8/vp8_impl.cc
@@ -1171,9 +1171,6 @@ int VP8DecoderImpl::Decode(const Encoded
@@ -1188,9 +1188,6 @@ int VP8DecoderImpl::Decode(const Encoded
img = vpx_codec_get_frame(decoder_, &iter);
int qp;
......@@ -13,7 +13,7 @@ author: Michael Gilbert <mgilbert@debian.org>
ret = ReturnFrame(img, input_image._timeStamp, input_image.ntp_time_ms_, qp);
if (ret != 0) {
// Reset to avoid requesting key frames too often.
@@ -1227,8 +1224,9 @@ int VP8DecoderImpl::ReturnFrame(const vp
@@ -1244,8 +1241,9 @@ int VP8DecoderImpl::ReturnFrame(const vp
VideoFrame decoded_image(buffer, timestamp, 0, kVideoRotation_0);
decoded_image.set_ntp_time_ms(ntp_time_ms);
......
......@@ -39,11 +39,11 @@ defines+=is_debug=false \
use_gconf=false \
use_sysroot=false \
use_openh264=false \
use_vulcanize=false \
use_custom_libcxx=false \
use_gnome_keyring=false \
rtc_libvpx_build_vp9=false \
treat_warnings_as_errors=false \
optimize_webui=false \
enable_nacl=false \
enable_nacl_nonsfi=false \
enable_google_now=false \
......@@ -60,6 +60,7 @@ defines+=use_gio=true \
link_pulseaudio=true \
enable_widevine=true \
use_jumbo_build=true \
use_system_freetype=true \
proprietary_codecs=true \
ffmpeg_branding=\"Chrome\" \
fieldtrial_testing_like_official_build=true \
......@@ -99,11 +100,12 @@ override_dh_auto_build-arch:
./out/Release/gn gen out/Release --args="$(defines)"
ninja $(njobs) -C out/Release chrome chrome_sandbox content_shell chromedriver
mv out/Release/chrome out/Release/chromium || true
mv out/Release/chrome.1 out/Release/chromium.1 || true
mv out/Release/content_shell out/Release/chromium-shell || true
mv out/Release/chrome_sandbox out/Release/chrome-sandbox || true
mv out/Release/locales/en-US.pak out/Release/resources || true
chmod 4755 out/Release/chrome-sandbox # suid sandbox
sed -e s/@@PACKAGE@@/chromium/g -e s/@@MENUNAME@@/chromium/g \
< chrome/app/resources/manpage.1.in > out/Release/chromium.1
override_dh_auto_build-indep:
ninja $(njobs) -C out/Release packed_resources
......
......@@ -23,16 +23,21 @@ def strip(path):
else:
os.remove(removal)
keepers = ('openh264')
keepers = ('openh264','harfbuzz-ng')
for lib,rule in replace_gn_files.REPLACEMENTS.items():
if lib not in keepers:
# remove conflicting embedded third party source files
strip(os.path.dirname(rule))
strip(os.path.join('third_party',lib))
# remove the gn file that builds the embedded library
if os.path.lexists(rule):
os.remove(rule)
libdir = os.path.join('third_party',lib)
if os.path.exists(libdir):
# remove conflicting embedded third party source files
strip(libdir)
strip(os.path.dirname(rule))
# remove the gn file that builds the embedded library
if os.path.lexists(rule):
os.remove(rule)
else:
# otherwise, create the missing directory
os.mkdir(libdir)
# create a symlink to the unbundle gn file
symlink = "ln -s "
path = os.path.split(rule)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment