-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 31 Aug 2022 20:48:11 -0400 Source: chromium Binary: chromium chromium-common chromium-common-dbgsym chromium-dbgsym chromium-driver chromium-sandbox chromium-sandbox-dbgsym chromium-shell chromium-shell-dbgsym Architecture: amd64 Version: 105.0.5195.52-1~deb11u1 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Andres Salomon Description: chromium - web browser chromium-common - web browser - common resources used by the chromium packages chromium-driver - web browser - WebDriver support chromium-sandbox - web browser - setuid security sandbox for chromium chromium-shell - web browser - minimal shell Closes: 987292 Changes: chromium (105.0.5195.52-1~deb11u1) bullseye-security; urgency=high . * New upstream stable release. - CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero. - CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3040: Use after free in Layout. Reported by Anonymous. - CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute. - CVE-2022-3042: Use after free in PhoneHub. Reported by koocola (@alo_cook) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel. - CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research - CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis . - CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI. - CVE-2022-3071: Use after free in Tab Strip. Reported by @ginggilBesel. - CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer. - CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess. - CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel. - CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab. - CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel. - CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani. - CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios). - CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li. - CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute. - CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous. - CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes. - CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab. * Drop workaround for lack of older clang's -ffile-prefix-map. This should make reproducible builds happy. * debian/copyright: - Update for new libevent location (moved out of base/). - libopenjpeg20 -> libopenjpeg * debian/patches: - debianization/support-i386.patch: refresh. - disable/catapult.patch: refresh. - disable/libaom-arm.patch: refresh. - system/event.patch: update for new libevent location. - system/openjpeg.patch: refresh. - bullseye/clang13.patch: drop part of patch dropped upstream. - upstream/disk-cache.patch: build fix pulled from upstream. - upstream/browser-finder.patch: build fix pulled from upstream. - upstream/masklayer-geom.patch: build fix pulled from upstream. - system/jsoncpp.patch: drop, merged upstream. - fixes/angle-wayland: build fix due to mismatched wayland headers on sid. Only needed until angle updates its copy of wayland. - disable/welcome-page.patch: drop. Upstream fixed the original issue some time ago, and this new version finally cleaned up the workaround. - fixes/connection-message.patch: drop it. I looked at sending this upstream, but the original extension doesn't exist any more, and chromium properly prints an error if a proxy is unreachable. If you can still reproduce the issue (described in http://bugs.debian.org/864539), let me know so I can get it fixed upstream. * debian/scripts/unbundle: upstream tripled the number of (previously vendored) libraries that we can use system versions of. However, the majority of them are either not in bullseye or are too old, so we'll have to wait to use the debian versions for the ones not newly added as build-deps. * Disable optimize_webui, due to a build failure using nodejs from bullseye. I'll reenable this when it either gets fixed or we're done with bullseye security support. * Remove sse3-support dependency and just refuse to run if SSE3 is not present. Breaking via preinst script isn't appropriate for packages that might be installed by default (eg, by Debian Edu). * debian/control: add build-deps for brotli, libdouble-conversion-dev, libwoff-dev, and libxnvctrl-dev (closes: #987292). * Rework default search engine stuff. People did not like the "Your browser is managed" and "Your administrator can change your browser setup remotely" messages, which are admittedly alarming. Instead of using /etc/chromium/policies/recommended/duckduckgo.json, delete that and use /etc/chromium/master_preferences instead. Checksums-Sha1: 62f51573536435a26dd322a05148a27f6c9abbcb 1015300 chromium-common-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb 6b61baf508b1647c354c5b7dd68f39a32e281aaa 4844684 chromium-common_105.0.5195.52-1~deb11u1_amd64.deb ea9c3444ce665fb6580b6cd01a41d270796bb4ef 27564612 chromium-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb 1dfe69ee3ac2b692c87646723c3a767ec665fed6 5007532 chromium-driver_105.0.5195.52-1~deb11u1_amd64.deb 69748f27726aa6465d7facab30a3a3d5d250deae 12220 chromium-sandbox-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb c65a4f1e11ae841d370cb6d9136d15b7a3739fc7 125652 chromium-sandbox_105.0.5195.52-1~deb11u1_amd64.deb 68b078f153a64bdec7eecebe3b1bd7dabc9c22fe 23889256 chromium-shell-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb bb61742076fd4aefbcc4d9c77c0b3e20111cd458 45137536 chromium-shell_105.0.5195.52-1~deb11u1_amd64.deb e4c285b3a49627ef6d66b89ea3ba92d827cd6a28 23924 chromium_105.0.5195.52-1~deb11u1_amd64-buildd.buildinfo 5ca2d4cac26f6a2a5a50ba44f3816ba9db71b9f2 64407348 chromium_105.0.5195.52-1~deb11u1_amd64.deb Checksums-Sha256: fe2c8e6fcc3bfcf1947745e2f737fe3b8aa572ef851f4bd7891205eabc3a869a 1015300 chromium-common-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb e55924640d745d3383dedba8cdbb8443d78ced17038810d006605676f688f73a 4844684 chromium-common_105.0.5195.52-1~deb11u1_amd64.deb 761ad4a4ad8dc126dd09b7715031764ca9ca1f15133890a98a7cf9d3728f19ed 27564612 chromium-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb e82c5a213ef0e69f01ec996b6805ff8efd41373d442aab9096ca06554db7638b 5007532 chromium-driver_105.0.5195.52-1~deb11u1_amd64.deb 0aff0c94b112ca87ae68795c17ccb0a08f77d78d233238afc5b33186fa4e485c 12220 chromium-sandbox-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb db02a89d4459be817217b4d2f3bb41f4536a46d8810985302b41fc9625f46d02 125652 chromium-sandbox_105.0.5195.52-1~deb11u1_amd64.deb 73054ae6f7b452744c9cac1faec012a874e00954d9f9e0ce91b9d57ae47ddb4c 23889256 chromium-shell-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb 5d9b5e082aa54c2f3449db2dd2dbdcea774ef5ae4564fcdb422eb236fcfd892a 45137536 chromium-shell_105.0.5195.52-1~deb11u1_amd64.deb 74c20b9da36ad25dca91e99728397a1a235738494ed5cb8ea83d94998970a10c 23924 chromium_105.0.5195.52-1~deb11u1_amd64-buildd.buildinfo 7d5999f0e5b3a4d76c9a05d347d504e08094d467d9aaeabdc469213dcad844c1 64407348 chromium_105.0.5195.52-1~deb11u1_amd64.deb Files: 83b8906e8ad1af4a1c15a08f04261596 1015300 debug optional chromium-common-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb 95fc201c88bd3cce696f547605e6c38a 4844684 web optional chromium-common_105.0.5195.52-1~deb11u1_amd64.deb 20faf59ce41883fcbde80fc64e932592 27564612 debug optional chromium-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb 04a590d932cb13ff37138166049bc68e 5007532 web optional chromium-driver_105.0.5195.52-1~deb11u1_amd64.deb 49fb3d90a24751fe5f748eb9d7aa1dac 12220 debug optional chromium-sandbox-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb a5743868b66972b9e5be2169afaabd41 125652 web optional chromium-sandbox_105.0.5195.52-1~deb11u1_amd64.deb 5b9b9c45f3edc3a41e7ff68b77cea72f 23889256 debug optional chromium-shell-dbgsym_105.0.5195.52-1~deb11u1_amd64.deb 0c47a74ed207dd5671ad76dc05b27516 45137536 web optional chromium-shell_105.0.5195.52-1~deb11u1_amd64.deb e596f44f82dbd304cdb163e76b49536b 23924 web optional chromium_105.0.5195.52-1~deb11u1_amd64-buildd.buildinfo 8602c32f27fa704cc798013293d1c51f 64407348 web optional chromium_105.0.5195.52-1~deb11u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHWxRmfLuR591d5l2LWlxuzKfiVUFAmMQgJYACgkQLWlxuzKf iVUt5xAAwaSLcPtFCzIsPh1i0w3xKxX0fzypjVGgG8tAdbIeONxEPRV+UT0B2CfQ +eP/y4tiPc6QD0DD+HURku4wd7keBGo9Wke3bkbEIC5aoLnsp+nqd/JvsaE/gZ1h Vw8bqGHApu3GPfDfEMC5e3ihLDv33DpwA129BamxwZ+ugvtxdjaHBFUuAwdp+SGJ kiP4jXTHysgn5+IRwiDIVPDEzrmRoUtcjgbmANDALhcfj0s/F6G3VNvePJoyuzkq QPaqh4oLiauxtOc/SklAegD1k4lheh8R0NcpsbcbUVjQhQwdqsxs1IZzzeZCXbm2 /CRRFDMLtxysAw3e/9gC6a3aiJWAh1HpBjzbciAijFqaj+U3JUp6jyzNFxFQnxgW azCkLu/fLXIWqFI8pXdftKKoj8egOFHziORte363D5P6oOgHTL+2+h0+hBWjUEP3 OYyT/NYxXxhHR7aer6UOtlXmOeXQKaayeirdqiavdZ/avKo0AawrS515+yR9oDRb smoawpCUWW9TL3vsdPOyadRsgHm3OGndT+Y64SPrAVM436jXZnkDHcAcBsdavw9y y6xwMwXYAtaPKJzfXaTp9ZSxfIzOezkQ2VGMzAIXPDEMB7ksipuEgw32QntAI00B NcMC9wujwAgrfRWozZT6tsflgzCPBM91Qdap5RhjwHdlUApRk+g= =Sg5i -----END PGP SIGNATURE-----