-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 22 Mar 2024 12:45:06 -0400
Source: chromium
Architecture: source
Version: 123.0.6312.58-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Closes: 1066235 1066910
Changes:
chromium (123.0.6312.58-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2024-2625: Object lifecycle issue in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-2626: Out of bounds read in Swiftshader.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
- CVE-2024-2628: Inappropriate implementation in Downloads.
Reported by Ath3r1s.
- CVE-2024-2629: Incorrect security UI in iOS.
Reported by Muneaki Nishimura (nishimunea).
- CVE-2024-2630: Inappropriate implementation in iOS.
Reported by James Lee (@Windowsrcer).
- CVE-2024-2631: Inappropriate implementation in iOS.
Reported by Ramit Gangwar.
* d/patches:
- upstream/bitset.patch: drop, merged upstream.
- upstream/bookmarknode.patch: drop, merged upstream.
- upstream/optional.patch: drop, merged upstream.
- upstream/uniqptr.patch: drop, merged upstream.
- fixes/gcc13-headers.patch: drop, merged upstream.
- fixes/optional.patch: drop, merged upstream.
- fixes/material-utils.patch: drop part that was merged upstream.
- disable/catapult.patch: refresh.
- bookworm/constexpr-equality.patch: include another similar fix.
- bookworm/nvt.patch: refresh.
- bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
- disable/angle-perftests.patch: drop, replace with a gn build argument.
- bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
clap-lex crate, as it's using 1.74 features and we only have 1.70.
- fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
- fixes/optional2.patch: add another missing <optional> inclusion.
- fixes/stats-collector.patch: add build fix for wrong header.
- disable/screen-ai-blob.patch: add patch to not register the
ScreenAI component. Previously, if you opened a PDF and clicked
"open in reader mode", it would download a binary blob to
~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
what else) in that opaque blob without warning you. We, uh, don't
want that. (closes: #1066910).
* d/rules: add angle_build_tests=false build argument, which allows us to
drop angle-perftests.patch.
.
[ Timothy Pearson ]
* d/patches:
- fixes/blink-fonts-shape-result.patch: pull in upstream patch for
compilation failure in Blink SameSizeAsShapeResult class
* d/patches/ppc64le:
- ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
refresh for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
for upstream changes
- third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
upstream changes
- third_party/skia-vsx-instructions.patch: refresh & harden Skia against
timing attacks.
Checksums-Sha1:
c5bd8e6d0b882a3272281867d58c3743d33b1843 3719 chromium_123.0.6312.58-1.dsc
290fd2dac9e08b2c645d2263edc090f5857e1c53 836043716 chromium_123.0.6312.58.orig.tar.xz
83f3cff9bf30a050efb3bd80b94bc568987707dd 376680 chromium_123.0.6312.58-1.debian.tar.xz
bd09840ebb9d26a916be0edac3a9f47f46d5a22b 21868 chromium_123.0.6312.58-1_source.buildinfo
Checksums-Sha256:
649eedf7edd48730f2936c99fbdeb822ed786705e97db2aaa3e0f53e2da944b3 3719 chromium_123.0.6312.58-1.dsc
3212a13a281e31e4f8b20ac69c3ed0c87e912105190a42003fb59e227b4ee8f6 836043716 chromium_123.0.6312.58.orig.tar.xz
58d6f79fb29e4756fcba608c7b100bd1ffe3b88373e6dcedbe8b40ff1c05e653 376680 chromium_123.0.6312.58-1.debian.tar.xz
e145c1ba90017654ddb4f4f740957870e08cb10835fce51292dff49071227de7 21868 chromium_123.0.6312.58-1_source.buildinfo
Files:
4fd4d76857e823b35d638044c2e11150 3719 web optional chromium_123.0.6312.58-1.dsc
f638edecb70fd37703f1b9aeca744cf4 836043716 web optional chromium_123.0.6312.58.orig.tar.xz
6775a0cbde98fcb2b850465e7d495bfa 376680 web optional chromium_123.0.6312.58-1.debian.tar.xz
56a7fe8f748005398cf0d797286c44e3 21868 web optional chromium_123.0.6312.58-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmX9uNwUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8NudjeYkA//S7ZnrUHbOfd614RRTzkHkTQTMV9N ZK9BmDD2LcYD8021e7pMoOA9G838w21xCN/WAQiSmFU9OpsAKZ/ZXiY4GZ8jalMt 5eHMZv1dppRi0JgNRZvI2dWLSDwSPYW7WaE3a4mBMof+Q1jqqx+eAZHd6OVm8U1L io/Ff0h1AEBjjspaTBUyd4690e1/6S/iqjShpbwtzDKnLA3s5t+ws0zSE4s09FSn siSmGAOAZeNRQtrVtvfuADN+E4w7mxO6d56S2+AZej+Wbgo1WVNnD/IH8OoXazNj 2tFAfQ79zKkc6KZAvgGK7J3T0nh9d1e6xQQHl6OjnC3XkWKMPiKj3ys9a1fdP90V lwi6jNIbP713+jTorLQkT3mlYU0pITfkFAdegfg/kP+GkrRLcUmo8QiUq65Hg9QD aGj8BYS4r9ILSdhvKCd/UGBhb1ZWiGyXhnW3Y5KGRD9EOpGZxtKOHdsoipi+o+ez /kzLVn35WJhGmbMMjVuco/JEgbSPLJgkcmAmLRm5/m7GxyDOXQrdbHwMbMx8UCdt AD82uYJIlgyOZ45a35LkcqIdEv/t423XPT1GNz881JIEmM5PXYpW1A5+FOU6WHIy JTPfGRTWzUIUShWR5PHPt9Nl94M9pQuv3BdL+Nv6mCeAKGISWvE7sTAn2/kzbGJY I4lrLwyY62OVMms=
=N6Lq
-----END PGP SIGNATURE-----


--==============U75321083013178277=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZf3HjgAKCRCb9qggYcy5 IV5mAP4ssl4qpmA8WwG3UuCJ4H0iLbqgG0hJfsDgFO/kPENJzwEA8cfY8UVDpQUq lqJOppC0/OaQW5nke8Ncm0PZrZW7Ngs=XYKZ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)