Update SVG logo

Bug #748881 reported by Dmitry Shachnev on 2011-04-03
26
This bug affects 3 people
Affects Status Importance Assigned to Milestone
chromium-browser (Ubuntu)
Low
Fabien Tassin
Lucid
Low
Unassigned
Maverick
Low
Unassigned
Natty
Low
Unassigned
scour (Ubuntu)
Undecided
Unassigned
Lucid
Undecided
Unassigned
Maverick
Undecided
Unassigned
Natty
Undecided
Unassigned

Bug Description

TEST CASE (thanks to Dmitry Shachnev):
grep -c data:image/png /usr/share/icons/hicolor/scalable/apps/chromium-browser.svg
Should report 0, not 1

--------------------------------

Binary package hint: chromium-browser

[PPA beta, dev]
Chromium 11's logo has been updated.
In ppa, PNGs are updated but SVG (/usr/share/icons/hicolor/scalable/apps/chromium-browser.svg) is not, so the pixmap in the menu and in the panel shortcut are different.

You can get the new SVG here: http://upload.wikimedia.org/wikipedia/commons/5/5f/Chromium_11_Logo.svg

Please update it before Chromium 11 gets into the main repositories!

Fabien Tassin (fta) on 2011-04-03
Changed in chromium-browser (Ubuntu):
assignee: nobody → Fabien Tassin (fta)
importance: Undecided → Low
status: New → Fix Committed
Tobias Wolf (towolf) wrote :

Dmitry’s link is a vector SVG, what was shipped with Chromium PPA is a PNG embedded in an SVG. Quite pointless.

Fabien Tassin (fta) wrote :

not my fault, it's dh_scour:

https://launchpadlibrarian.net/69162492/buildlog_ubuntu-natty-i386.chromium-browser_12.0.733.0~svn20110412r81202-0ubuntu1~ucd2_BUILDING.txt.gz

==============
# only call dh_scour for packages in main
if grep -q '^Component:[[:space:]]*main' /CurrentlyBuilding 2>/dev/null; then dh_scour -pchromium-browser ; fi
scour 0.25
Copyright Jeff Schiller, Louis Simard, 2010
 File: chromium-browser.svg
 Time taken: 0.02s
 Number of elements removed: 1
 Number of attributes removed: 8
 Number of unreferenced id attributes removed: 0
 Number of style properties fixed: 0
 Number of raster images embedded inline: 0
 Number of path segments reduced/removed: 0
 Number of bytes saved in path data: 0
 Number of bytes saved in colors: 0
 Number of points removed from polygons: 0
 Number of bytes saved in comments: 0
 Number of bytes saved in id attributes: 0
 Number of bytes saved in lengths: 0
 Number of bytes saved in transformations: 0
 Original file size: 40841 bytes; new file size: 40649 bytes (99.52%)
cmpsvg: python-rsvg not installed, cannot compare SVG images
=========

Launchpad Janitor (janitor) wrote :
Download full text (3.8 KiB)

This bug was fixed in the package chromium-browser - 11.0.696.57~r82915-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.57~r82915-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New Major upstream release from the Stable Channel (LP: #771935)
    This release fixes the following security issues:
    + WebKit issues:
      - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
        Credit to Scott Hess of the Chromium development community and Martin
        Barbella.
      - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
        Chamal De Silva.
      - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
        Credit to Kostya Serebryany of the Chromium development community.
      - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
        Credit to miaubiz.
      - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
        Credit to kuzzcc.
      - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
        Credit to Jose A. Vazquez.
      - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
        Credit to Michael Griffiths.
      - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
        Credit to Sergey Glazunov and wushi of team 509.
      - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
        Martin Barbella.
      - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
        wushi of team509.
      - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
        with navigation errors and interrupted loads. Credit to kuzzcc.
      - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
        Credit to miaubiz.
      - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
        Credit to wushi of team509.
      - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
        Marek Majkowski.
      - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
        Sergey Glazunov.
      - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
        to Sergey Glazunov.
    + Chromium issues:
      - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
        Credit to Aki Helin.
      - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
        capture local files. Credit to Cole Snodgrass.
      - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
        interaction with X. Credit to miaubiz.
      - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
        to Dan Rosenberg.
      - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
        to kuzzcc.
      - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
        reload. Credit to Jordi Chancel.
      - [74763] High, CVE-2011-1439: Prevent interference between renderer
        processes. Credit to Julien Tinnes of the Google Security Team.
  * Fix the password store regression from the last Chromium 10 update.
    Backport from trunk provided by Elliot Glaysher from...

Read more...

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released

It's still embedded PNG there!

Fabien Tassin (fta) wrote :

As I said, the svg is modified at build time by dh_scour, it's not something the chromium-browser package does, that's part of the cdbs magic.

Fabien Tassin (fta) wrote :

@pitti: dh_scour runs on PPAs, I assume that's not expected. Also, it would be nice to be able to disable it using a CDBS variable.

Martin Pitt (pitti) wrote :

@Fabien,

scour is expected to run in PPAs, it's part of the normal toolchain, not pkgbinarymangler.

You can disable scouring with setting DEB_DH_SCOUR_ARGS=-X..., either by-file with -Xpattern or globally with -Xsvg (it's a standard debhelper option).

Fabien Tassin (fta) on 2011-05-06
Changed in chromium-browser (Ubuntu):
status: Fix Released → Fix Committed
Changed in scour (Ubuntu):
status: New → Invalid
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu1) oneiric; urgency=high

  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2010-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2010-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2010-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2010-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2010-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2010-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Add a static quicklist for Unity allowing to open a new window (either regular
    or incognito) or a fresh session with a temporary profile
    - update debian/chromium-browser.desktop
  * Don't let scour touch the svg files (LP: #748881)
    - update debian/rules
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules
  * Build with gcc-4.5 on Oneiric for now. It's not ready for 4.6
    - update debian/control
    - update debian/rules
 -- Fabien Tassin <email address hidden> Fri, 06 May 2011 23:04:53 +0200

Changed in chromium-browser (Ubuntu):
status: Fix Committed → Fix Released
Micah Gersten (micahg) on 2011-05-07
Changed in scour (Ubuntu Natty):
status: New → Invalid
Changed in chromium-browser (Ubuntu Natty):
importance: Undecided → Low
status: New → Triaged
Micah Gersten (micahg) wrote :

@ubuntu-sru
Could I please get an ACK for this and whether or not this can be included in the next security update or if it needs to go through -proposed separately?

description: updated
description: updated
Martin Pitt (pitti) wrote :

OK from my side to fold it into the security update, it's easy enough to test in the built binaries.

Micah Gersten (micahg) wrote :

Can someone please improve the test case for me here? I can't really tell what I'm supposed to test. The menu and panel icon look the same to me.

Dmitry Shachnev (mitya57) wrote :

Still embedded PNG in dev ppa for natty.

@Micah: new test case:
cat /usr/share/icons/hicolor/scalable/apps/chromium-browser.svg | grep data:image/png
There should be nothing in the output.

Fabien Tassin (fta) on 2011-05-13
Changed in chromium-browser (Ubuntu):
status: Fix Released → In Progress
Micah Gersten (micahg) wrote :

This probably won't make it into the next upload. I'll wait until it's confirmed fixed in the PPA before I SRU whatever the fix is.

description: updated
Fabien Tassin (fta) on 2011-05-13
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu1) oneiric; urgency=low

  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
      - other issues covered by CVE-2011-1802, CVE-2011-1803, CVE-2011-1805
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
  * Don't build with libjpeg-turbo on armel, to prevent a FTBFS
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 24 May 2011 23:42:08 +0200

Changed in chromium-browser (Ubuntu):
status: In Progress → Fix Released
Micah Gersten (micahg) wrote :

Added Maverick and Lucid tasks since the broke version was pushed to those releases as well.

Changed in scour (Ubuntu Lucid):
status: New → Invalid
Changed in scour (Ubuntu Maverick):
status: New → Invalid
Changed in chromium-browser (Ubuntu Maverick):
status: New → Triaged
importance: Undecided → Low
Changed in chromium-browser (Ubuntu Lucid):
importance: Undecided → Low
status: New → Triaged
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu0.10.04.1) lucid-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
 -- Micah Gersten <email address hidden> Wed, 25 May 2011 15:24:22 -0500

Changed in chromium-browser (Ubuntu Lucid):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu0.10.10.1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
 -- Micah Gersten <email address hidden> Wed, 25 May 2011 17:12:59 -0500

Changed in chromium-browser (Ubuntu Maverick):
status: Triaged → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu0.11.04.1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu0.11.04.1) natty-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
 -- Micah Gersten <email address hidden> Wed, 25 May 2011 18:01:58 -0500

Changed in chromium-browser (Ubuntu Natty):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers