chromium update: 5.0.375.127 -> 6.0.472.53

Bug #628924 reported by Fabien Tassin on 2010-09-02
276
This bug affects 4 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
High
Fabien Tassin
Lucid
High
Fabien Tassin
Maverick
High
Fabien Tassin
chromium-codecs-ffmpeg (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Fabien Tassin
Maverick
Undecided
Unassigned
gyp (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Fabien Tassin
Maverick
Undecided
Unassigned
libvpx (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Fabien Tassin
Maverick
Undecided
Unassigned

Bug Description

Binary package hint: chromium-browser

Upstream just released a major update of Chromium (incl several security fixes). It's needed in both maverick and lucid.

http://googlechromereleases.blogspot.com/2010/09/stable-and-beta-channel-updates.html

I'm preparing the following updates:

Maverick and Lucid:
 - chromium-browser: 6.0.472.53~r57914
 - chromium-codecs-ffmpeg: 0.6+svn20100811r55740+56137
 - gyp: 0.1~svn840

Lucid only:
 - libvpx: 0.9.1 (it's a NEW, backported from Maverick, and needed by chromium-codecs-ffmpeg for WebM)

afaik, those updates (the codecs, gyp and libvpx) have no impact on other packages.

Fabien Tassin (fta) on 2010-09-02
Changed in chromium-browser (Ubuntu):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Fabien Tassin (fta)
Changed in chromium-browser (Ubuntu Lucid):
assignee: nobody → Fabien Tassin (fta)
status: New → In Progress
importance: Undecided → High
Fabien Tassin (fta) on 2010-09-02
description: updated
Fabien Tassin (fta) wrote :

All done.

For maverick, everything is waiting for approval.
For lucid-security, it's all there: http://people.ubuntu.com/~fta/chromium/6.0.472.53~r57914-0ubuntu0.10.04.1/

it's also available in both the Beta and Stable PPAs.

Jamie Strandboge (jdstrand) wrote :

Uploaded gyp, libvpx, chromium-codec-ffmpeg and chromium-browser for lucid to ubuntu-security-proposed.

tags: added: security-verification
Changed in gyp (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Fabien Tassin (fta)
Changed in libvpx (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Fabien Tassin (fta)
Changed in chromium-codecs-ffmpeg (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Fabien Tassin (fta)
security vulnerability: no → yes
Launchpad Janitor (janitor) wrote :
Download full text (3.4 KiB)

This bug was fixed in the package chromium-browser - 6.0.472.53~r57914-0ubuntu1

---------------
chromium-browser (6.0.472.53~r57914-0ubuntu1) maverick; urgency=low

  * New upstream release from the Stable Channel (LP: #628924)
    This release fixes the following security issues:
    - [34414] Low, Pop-up blocker bypass with blank frame target. Credit to
      Google Chrome Security Team (Inferno) and “ironfist99”.
    - [37201] Medium, URL bar visual spoofing with homographic sequences.
      Credit to Chris Weber of Casaba Security.
    - [41654] Medium, Apply more restrictions on setting clipboard content.
      Credit to Brook Novak.
    - [45659] High, Stale pointer with SVG filters. Credit to Tavis Ormandy of
      the Google Security Team.
    - [45876] Medium, Possible installed extension enumeration. Credit to
      Lostmon.
    - [46750] [51846] Low, Browser NULL crash with WebSockets. Credit to Google
      Chrome Security Team (SkyLined), Google Chrome Security Team (Justin Schuh)
      and Keith Campbell.
    - [50386] High, Use-after-free in Notifications presenter. Credit to Sergey
      Glazunov.
    - [50839] High, Notification permissions memory corruption. Credit to
      Michal Zalewski of the Google Security Team and Google Chrome Security
      Team (SkyLined).
    - [51630] [51739] High, Integer errors in WebSockets. Credit to Keith
      Campbell and Google Chrome Security Team (Cris Neckar).
    - [51653] High, Memory corruption with counter nodes. Credit to kuzzcc.
    - [51727] Low, Avoid storing excessive autocomplete entries. Credit to
      Google Chrome Security Team (Inferno).
    - [52443] High, Stale pointer in focus handling. Credit to VUPEN
      Vulnerability Research Team (VUPEN-SR-2010-249).
    - [52682] High, Sandbox parameter deserialization error. Credit to Ashutosh
      Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
    - [53001] Medium, Cross-origin image theft. Credit to Isaac Dawson.
  * Enable all codecs for HTML5 in Chromium, depending on which ffmpeg sumo lib
    is installed, the set of usable codecs (at runtime) will still vary.
    This is now done by setting proprietary_codecs=1 so we can drop our patch
    - update debian/rules
    - drop debian/patches/html5_video_mimetypes.patch
    - update debian/patches/series
  * Bump the Dependencies on chromium-codecs-ffmpeg to >= 0.6, needed for the new API
    - update debian/control
  * Add "libcups2-dev | libcupsys2-dev" (the latter for Hardy) to Build-Depends.
    This is needed for Cloud Printing
    - update debian/control
  * Add libppapi_tests.so and linker.lock to INSTALL_EXCLUDE_FILES and
    DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS
    - update debian/rules
  * Install resources.pak in the main deb, and remove all resources/ accordingly
    - update debian/chromium-browser.install
  * Add libgnome-keyring-dev to Build-Depends. This is needed for the GNOME
    Keyring and KWallet integration. See http://crbug.com/12351
    - update debian/control
  * Ship empty policy dirs (for now) in /etc/chromium-browser/policies
    - update debian/rules
    - update debian/chromium-browser.dirs
  * Bump build-deps for gyp to >...

Read more...

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-codecs-ffmpeg - 0.6+svn20100811r55740+56137-0ubuntu1

---------------
chromium-codecs-ffmpeg (0.6+svn20100811r55740+56137-0ubuntu1) maverick; urgency=low

  * New upstream snapshot (LP: #628924)
  * Drop the sse2 patch, it has been applied upstream, and set disable_sse2
    - drop debian/patches/*
    - update debian/rules
  * Unpack the sources during pre-build so quilt has access to all source files
    and set QUILT_PATCHES (for hardy)
    - update debian/rules
  * Add libvpx-dev to Build-Depends and set the use_system_vpx gyp knob
    - update debian/control
    - update debian/rules
  * Re-do the get-orig-source rule with 2 repos instead of 3 following
    the upstream reorganization and follow the revision requested by
    Chromium for now on
    - update debian/rules
  * FTBFS when an upstream patch fails to apply, as it could lead to weird
    situations
    - update debian/rules
  * Bump build-deps for gyp to >= 0.1~svn837
    - update debian/control
 -- Fabien Tassin <email address hidden> Sun, 15 Aug 2010 04:00:02 +0200

Changed in chromium-browser (Ubuntu Maverick):
status: In Progress → Fix Released
Changed in chromium-codecs-ffmpeg (Ubuntu Maverick):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gyp - 0.1~svn840-0ubuntu1

---------------
gyp (0.1~svn840-0ubuntu1) maverick; urgency=low

    * New upstream snapshot (LP: #628924)
 -- Fabien Tassin <email address hidden> Thu, 02 Sep 2010 17:03:41 +0200

Changed in gyp (Ubuntu Maverick):
status: New → Fix Released
Jamie Strandboge (jdstrand) wrote :

Marking libvpx on Maverick as Invalid-- it is already in Maverick.

Changed in libvpx (Ubuntu Maverick):
status: New → Invalid
Jamie Strandboge (jdstrand) wrote :

Not that there is much choice in the matter due to upstream's release practices, but it should at least be mentioned that the size of the source tarball for chromium-browser_5.0.375.127~r55887.orig.tar.gz was 93M and for chromium-browser_6.0.472.53~r57914.orig.tar.gz it is a quite large 146M. This is approximately 6924398 lines of source vs 8348228-- that is a *lot* of new code.

Jamie Strandboge (jdstrand) wrote :

chromium-codecs-ffmpeg FTBFS on lucid and maverick, which is a regression over chromium 5.0.

Fabien Tassin (fta) wrote :

@Jamie

#6: i never asked for it, see the original description of this bug.

#7: i didn't change the get-orig-source rule recently. it's probably possible to go through all the deps once again and prune the tree a little bit more, but as it is, each time upstream adopts a new project in its tree, the tarball grows accordingly. I've already spent countless hours dropping unneeded code (win/mac only), but it's a moving target.

#8: i don't have access to any ARM machine, as such, i'm unable to proactively detect those situations.
I've already contacted upstream and i will update the package accordingly.

Jamie Strandboge (jdstrand) wrote :

Pocket copied chromium-browser, gyp, chromium-codecs-ffmpeg, and libvpx to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Changed in chromium-browser (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in gyp (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in chromium-codecs-ffmpeg (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in libvpx (Ubuntu Lucid):
status: In Progress → Fix Committed
tags: added: verification-needed
removed: security-verification
Jamie Strandboge (jdstrand) wrote :

Copied everything to lucid-proposed even though chromium-codecs-ffmpeg FTBFS on armel. Idea is that at a minimum, we can get testing on i386 amd64 while upstream fixes chromium-codecs-ffmpeg.

Jamie Strandboge (jdstrand) wrote :
Jamie Strandboge (jdstrand) wrote :

Tested on amd64 with QRT and it works as well as the previous version.

Jamie Strandboge (jdstrand) wrote :

As mentioned, this works well here, however unlike previous updates this will break ARM. It is my opinion that we should push this to -security and -updates regardless, since there are some rather important fixes in here. Due to the nature of the update, I am uncomfortable pushing to -security without the SRU team's input. Can someone from ubuntu-sru comment?

Jamie Strandboge (jdstrand) wrote :

Fabien provided updated chromium-codecs-ffmpeg packages with ARM fixes which are now building in the security-proposed PPA. When done building, I will move them to lucid-proposed. Once these are verified I think we should copy all of them to lucid-security and lucid-updates immediately (since chromium-browser and the others are verified to work).

Jamie Strandboge (jdstrand) wrote :

chromium-codecs-ffmpeg 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1 uploaded to lucid-proposed, which fixes the arm FTBFS.

Jamie Strandboge (jdstrand) wrote :

chromium-codecs-ffmpeg tested with www.youtube.com/watch?v=_hTiRnqnvDs (html5 green lantern trailer, see www.webmproject.org/users/).

$ apt-cache policy chromium-codecs-ffmpeg-extra
chromium-codecs-ffmpeg-extra:
  Installed: 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1
  Candidate: 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1
  Version table:
 *** 0.6+svn20100904r58574+58998-0ubuntu0.10.04.1 0
        100 /var/lib/dpkg/status

@ubuntu-sru: it is my opinion that we should pocket copy at your earliest convenience.

tags: added: verification-done
removed: verification-needed
Steve Langasek (vorlon) wrote :

I don't see that we have any option. Acked.

Jamie Strandboge (jdstrand) wrote :

Copied to lucid-security and lucid-updates.

Changed in gyp (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in libvpx (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in chromium-codecs-ffmpeg (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in chromium-browser (Ubuntu Lucid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.