[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Copied to lucid-security and lucid-updates. ** Changed in: gyp (Ubuntu Lucid) Status: Fix Committed => Fix Released ** Changed in: libvpx (Ubuntu Lucid) Status: Fix Committed => Fix Released ** Changed in: chromium-codecs-ffmpeg (Ubuntu Lucid) Status: Fix Committed => Fix Released ** Changed in: chromium-browser (Ubuntu Lucid) Status: Fix Committed => Fix Released -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
I don't see that we have any option. Acked. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
chromium-codecs-ffmpeg tested with www.youtube.com/watch?v=_hTiRnqnvDs (html5 green lantern trailer, see www.webmproject.org/users/). $ apt-cache policy chromium-codecs-ffmpeg-extra chromium-codecs-ffmpeg-extra: Installed: 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1 Candidate: 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1 Version table: *** 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1 0 100 /var/lib/dpkg/status @ubuntu-sru: it is my opinion that we should pocket copy at your earliest convenience. ** Tags added: verification-done ** Tags removed: verification-needed -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
chromium-codecs-ffmpeg 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1 uploaded to lucid-proposed, which fixes the arm FTBFS. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Fabien provided updated chromium-codecs-ffmpeg packages with ARM fixes which are now building in the security-proposed PPA. When done building, I will move them to lucid-proposed. Once these are verified I think we should copy all of them to lucid-security and lucid-updates immediately (since chromium-browser and the others are verified to work). -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
As mentioned, this works well here, however unlike previous updates this will break ARM. It is my opinion that we should push this to -security and -updates regardless, since there are some rather important fixes in here. Due to the nature of the update, I am uncomfortable pushing to -security without the SRU team's input. Can someone from ubuntu-sru comment? -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Tested on amd64 with QRT and it works as well as the previous version. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Fabien pointed out the arm FTBFS is http://code.google.com/p/chromium/issues/detail?id=49617. ** Bug watch added: code.google.com/p/chromium/issues #49617 http://code.google.com/p/chromium/issues/detail?id=49617 -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** Branch linked: lp:ubuntu/lucid-proposed/gyp ** Branch linked: lp:ubuntu/lucid-proposed/chromium-codecs-ffmpeg -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** Branch linked: lp:ubuntu/lucid-proposed/libvpx -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Copied everything to lucid-proposed even though chromium-codecs-ffmpeg FTBFS on armel. Idea is that at a minimum, we can get testing on i386 amd64 while upstream fixes chromium-codecs-ffmpeg. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Pocket copied chromium-browser, gyp, chromium-codecs-ffmpeg, and libvpx to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance! To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks! ** Changed in: chromium-browser (Ubuntu Lucid) Status: In Progress => Fix Committed ** Changed in: gyp (Ubuntu Lucid) Status: In Progress => Fix Committed ** Changed in: chromium-codecs-ffmpeg (Ubuntu Lucid) Status: In Progress => Fix Committed ** Changed in: libvpx (Ubuntu Lucid) Status: In Progress => Fix Committed ** Tags added: verification-needed ** Tags removed: security-verification -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
@Jamie #6: i never asked for it, see the original description of this bug. #7: i didn't change the get-orig-source rule recently. it's probably possible to go through all the deps once again and prune the tree a little bit more, but as it is, each time upstream adopts a new project in its tree, the tarball grows accordingly. I've already spent countless hours dropping unneeded code (win/mac only), but it's a moving target. #8: i don't have access to any ARM machine, as such, i'm unable to proactively detect those situations. I've already contacted upstream and i will update the package accordingly. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
chromium-codecs-ffmpeg FTBFS on lucid and maverick, which is a regression over chromium 5.0. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Not that there is much choice in the matter due to upstream's release practices, but it should at least be mentioned that the size of the source tarball for chromium-browser_5.0.375.127~r55887.orig.tar.gz was 93M and for chromium-browser_6.0.472.53~r57914.orig.tar.gz it is a quite large 146M. This is approximately 6924398 lines of source vs 8348228-- that is a *lot* of new code. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Marking libvpx on Maverick as Invalid-- it is already in Maverick. ** Changed in: libvpx (Ubuntu Maverick) Status: New => Invalid -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** Branch linked: lp:ubuntu/gyp -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
This bug was fixed in the package gyp - 0.1~svn840-0ubuntu1 --- gyp (0.1~svn840-0ubuntu1) maverick; urgency=low * New upstream snapshot (LP: #628924) -- Fabien TassinThu, 02 Sep 2010 17:03:41 +0200 ** Branch linked: lp:ubuntu/chromium-codecs-ffmpeg ** Changed in: gyp (Ubuntu Maverick) Status: New => Fix Released -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
This bug was fixed in the package chromium-codecs-ffmpeg - 0.6+svn20100811r55740+56137-0ubuntu1 --- chromium-codecs-ffmpeg (0.6+svn20100811r55740+56137-0ubuntu1) maverick; urgency=low * New upstream snapshot (LP: #628924) * Drop the sse2 patch, it has been applied upstream, and set disable_sse2 - drop debian/patches/* - update debian/rules * Unpack the sources during pre-build so quilt has access to all source files and set QUILT_PATCHES (for hardy) - update debian/rules * Add libvpx-dev to Build-Depends and set the use_system_vpx gyp knob - update debian/control - update debian/rules * Re-do the get-orig-source rule with 2 repos instead of 3 following the upstream reorganization and follow the revision requested by Chromium for now on - update debian/rules * FTBFS when an upstream patch fails to apply, as it could lead to weird situations - update debian/rules * Bump build-deps for gyp to >= 0.1~svn837 - update debian/control -- Fabien TassinSun, 15 Aug 2010 04:00:02 +0200 -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
This bug was fixed in the package chromium-browser - 6.0.472.53~r57914-0ubuntu1 --- chromium-browser (6.0.472.53~r57914-0ubuntu1) maverick; urgency=low * New upstream release from the Stable Channel (LP: #628924) This release fixes the following security issues: - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to Google Chrome Security Team (Inferno) and “ironfist99”. - [37201] Medium, URL bar visual spoofing with homographic sequences. Credit to Chris Weber of Casaba Security. - [41654] Medium, Apply more restrictions on setting clipboard content. Credit to Brook Novak. - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of the Google Security Team. - [45876] Medium, Possible installed extension enumeration. Credit to Lostmon. - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh) and Keith Campbell. - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey Glazunov. - [50839] High, Notification permissions memory corruption. Credit to Michal Zalewski of the Google Security Team and Google Chrome Security Team (SkyLined). - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith Campbell and Google Chrome Security Team (Cris Neckar). - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc. - [51727] Low, Avoid storing excessive autocomplete entries. Credit to Google Chrome Security Team (Inferno). - [52443] High, Stale pointer in focus handling. Credit to VUPEN Vulnerability Research Team (VUPEN-SR-2010-249). - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh Mehra and Vineet Batra of the Adobe Reader Sandbox Team. - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson. * Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib is installed, the set of usable codecs (at runtime) will still vary. This is now done by setting proprietary_codecs=1 so we can drop our patch - update debian/rules - drop debian/patches/html5_video_mimetypes.patch - update debian/patches/series * Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API - update debian/control * Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends. This is needed for Cloud Printing - update debian/control * Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS - update debian/rules * Install resources.pak in the main deb, and remove all resources/ accordingly - update debian/chromium-browser.install * Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME Keyring and KWallet integration. See http://crbug.com/12351 - update debian/control * Ship empty policy dirs (for now) in /etc/chromium-browser/policies - update debian/rules - update debian/chromium-browser.dirs * Bump build-deps for gyp to >= 0.1~svn837 - update debian/control * Drop the icedtea6-plugin workaround, it's no longer needed and it may cause troubles when the default xulrunner contains older nss/nspr libs - update debian/chromium-browser.sh.in -- Fabien TassinThu, 02 Sep 2010 17:03:41 +0200 ** Changed in: chromium-browser (Ubuntu Maverick) Status: In Progress => Fix Released ** Changed in: chromium-codecs-ffmpeg (Ubuntu Maverick) Status: New => Fix Released -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** This bug has been flagged as a security vulnerability -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
Uploaded gyp, libvpx, chromium-codec-ffmpeg and chromium-browser for lucid to ubuntu-security-proposed. ** Tags added: security-verification ** Changed in: gyp (Ubuntu Lucid) Status: New => In Progress ** Changed in: gyp (Ubuntu Lucid) Assignee: (unassigned) => Fabien Tassin (fta) ** Changed in: libvpx (Ubuntu Lucid) Status: New => In Progress ** Changed in: libvpx (Ubuntu Lucid) Assignee: (unassigned) => Fabien Tassin (fta) ** Changed in: chromium-codecs-ffmpeg (Ubuntu Lucid) Status: New => In Progress ** Changed in: chromium-codecs-ffmpeg (Ubuntu Lucid) Assignee: (unassigned) => Fabien Tassin (fta) -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** Also affects: gyp (Ubuntu) Importance: Undecided Status: New ** Also affects: libvpx (Ubuntu) Importance: Undecided Status: New ** Also affects: chromium-codecs-ffmpeg (Ubuntu) Importance: Undecided Status: New -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
All done. For maverick, everything is waiting for approval. For lucid-security, it's all there: http://people.ubuntu.com/~fta/chromium/6.0.472.53~r57914-0ubuntu0.10.04.1/ it's also available in both the Beta and Stable PPAs. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** Description changed: Binary package hint: chromium-browser Upstream just released a major update of Chromium (incl several security fixes). It's needed in both maverick and lucid. http://googlechromereleases.blogspot.com/2010/09/stable-and-beta- channel-updates.html I'm preparing the following updates: Maverick and Lucid: - - chromium-browser: 6.0.472.53~r57914 - - chromium-codecs-ffmpeg: 0.6+svn20100811r55740+56137 - - gyp: 0.1~svn840 + - chromium-browser: 6.0.472.53~r57914 + - chromium-codecs-ffmpeg: 0.6+svn20100811r55740+56137 + - gyp: 0.1~svn840 Lucid only: - - libvpx: 0.9.1 (it's a NEW, backported from Maverick, and needed by chromium-codecs-ffmpeg for WebM) + - libvpx: 0.9.1 (it's a NEW, backported from Maverick, and needed by chromium-codecs-ffmpeg for WebM) - afaik, those updates (the codecs, gyp and libvpx) have no impact of + afaik, those updates (the codecs, gyp and libvpx) have no impact on other packages. -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 628924] Re: chromium update: 5.0.375.127 -> 6.0.472.53
** Also affects: chromium-browser (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: chromium-browser (Ubuntu Maverick) Importance: High Assignee: Fabien Tassin (fta) Status: In Progress ** Changed in: chromium-browser (Ubuntu Lucid) Status: New => In Progress ** Changed in: chromium-browser (Ubuntu Lucid) Assignee: (unassigned) => Fabien Tassin (fta) ** Changed in: chromium-browser (Ubuntu Lucid) Importance: Undecided => High -- chromium update: 5.0.375.127 -> 6.0.472.53 https://bugs.launchpad.net/bugs/628924 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs