On Tue, May 17, 2011 at 7:20 AM, An Ahooja <ajaho...@gmail.com> wrote: > This was reported to meego bugzilla but got no response. > > The meego-app-browser to be released in MeeGo 1.2 is still based on chromium > 12.0.712.0. It is a trunk version released on late March and misses multiple > security fixes in chrome 11.0.696.57, which was released on a different branch > in late April.
More issues not receiving adequate response: (1) Chromium browser sandbox feature is not working in MeeGo builds https://bugs.meego.com/show_bug.cgi?id=16284 In particular, note that the issue also applies to meego-tv-browser and meego-app-browser: /////////////////////////////////////////// https://bugs.meego.com/show_bug.cgi?id=16284#c5 (In reply to comment #4) ryanware 2011-05-03 22:24:07 UTC > We really need to figure out how to fix this before release. This allows > protections *when* future arbitrary code execution issues are found in > Chromium. Without sandboxing, we're running without [sic] safeties off. That's why I proposed this issue as a release blocker. MeeGo can have all the security in the world, and then a small omission like this can leave a gaping web-sized hole being exposed through the browser. Furthermore, I see no updates to the sanity test plans (e.g. "run about:sandbox" and "about:plugins" in chromium on each image) to make sure this kind of error doesn't regress, which is probably easy enough to do with a tiny change of configuration in the build rules of such complex programs. Also, I haven't seen any follow-up regarding all the other places this issue surfaces. For example: Repository: oss Name: meego-tv-browser Version: 8.0.552.0-1.22 Arch: i586 Vendor: meego Installed: No Status: not installed Installed Size: 57.8 MiB Summary: A Qt-based WebKit powered web browser Description: Qt-based Chromium is an open-source web browser, powered by WebKit. Repository: oss Name: meego-app-browser Version: 8.0.552.0-6.18 Arch: i586 Vendor: meego Installed: No Status: not installed Installed Size: 56.6 MiB Summary: A Qt-based WebKit powered web browser Description: Qt-based Chromium is an open-source web browser, powered /////////////////////////////////////////////// (2) Finally, if you invoke a text field in the browser with spelling checking option enabled, you'll crash, given the pervasive-crash-causing ability (evolution, browsers, pidgin, etc) of having a language dictionary installed alongside 'hunspell'. It's a pretty easy thing to test... just try composing an email message in gmail/yahoo/ovi/etc. "hunspell dumps core with default english dictionary, and is installed with no default dictionary" ( https://bugs.meego.com/show_bug.cgi?id=16879 ). Niels http://nielsmayer.com PS: All of the above, and also recent personal preference after having used chrome for years, is why I'm running http://wiki.meego.com/MeeGo-Lem-Firefox4 and got awesome firefox4-based BlueGriffon wysiwyg thrown in for "even more free" .... also I'm enjoying the delights of pretending i'm on an i-pad using the meego- 1.2 touch netbook with http://chrispederick.com/work/user-agent-switcher/ firefox plugin.... _______________________________________________ MeeGo-dev mailing list MeeGo-dev@meego.com http://lists.meego.com/listinfo/meego-dev http://wiki.meego.com/Mailing_list_guidelines
