-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 May 2025 23:46:49 -0400
Source: chromium
Architecture: source
Version: 137.0.7151.55-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <[email protected]>
Changed-By: Andres Salomon <[email protected]>
Changes:
chromium (137.0.7151.55-1) unstable; urgency=high
.
[ Daniel Richard G. ]
* d/control: Elaborate Build-Depends: clause for a cross build. Also drop
x11-apps, as it appears to be unused, as well as libmodpbase64-dev as
it is built in-tree under third_party/modp_b64/. Add a Build-Conflicts:
clause to avoid some snafus on Ubuntu.
* d/patches:
- debianization/cross-build.patch: New patch implementing the bulk of our
cross-build support.
- upstream/cross-build-target.patch: New upstream patch that sets
--target=... explicitly on all builds. Needed for a cross build.
- fixes/clang-rust-target.patch: Drop, as this patch is made redundant by
the preceding one.
* d/rules: Add settings and environment exports needed for a cross build.
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2025-5063: Use after free in Compositing. Reported by Anonymous.
- CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car].
- CVE-2025-5064: Inappropriate implementation in Background Fetch API.
Reported by Maurice Dauer .
- CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
Reported by NDevTK.
- CVE-2025-5066: Inappropriate implementation in Messages.
Reported by Mohit Raj (shadow2639) .
- CVE-2025-5281: Inappropriate implementation in BFCache.
Reported by Jesper van den Ende (Pelican Party Studios).
- CVE-2025-5283: Use after free in libvpx. Reported by Mozilla.
- CVE-2025-5067: Inappropriate implementation in Tab Strip.
Reported by Khalil Zhani.
* d/control: switch bindgen:any build-dep to bindgen:native.
* d/rules: disable optimize_webui for now due to a rollup 3.x issue.
* d/patches:
- upstream/media-optional.patch: drop, merged upstream.
- fixes/media-cstdint.patch: drop part of patch merged upstream.
- fixes/perfetto-nullptr.patch: drop due to upstream code changes.
- upstream/arm32-crel.patch: refresh.
- disable/tests.patch: refresh.
- system/gperf.patch: drop, merged upstream.
- bookworm/gn-revert-path-exists.patch: refresh.
- bookworm/gn-allowlist.patch: refresh.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
- bookworm/clang19.patch: add new unsupported arg removal
(-fextend-variable-liveness).
- upstream/span-fwd.patch: add build fix pulled from upstream.
- upstream/mojo-optional.patch: add build fix pulled from upstream.
- bookworm/constexpr3.patch: add yet another constexpr workaround.
- upstream/opener-heur.patch: add build fix pulled from upstream.
- upstream/allowed-state.patch: add build fix pulled from upstream.
- upstream/pdfium-libpng.patch: add build fix pulled from upstream.
- upstream/safety-hub-set.patch: add build fix pulled from upstream.
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- sandbox/features.gni: refresh for upstream changes
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
regenerate from upstream sources
- fixes/fix-partition-alloc-compile.patch: refresh for upstream changes
- third_party/skia-vsx-instructions.patch: refresh for upstream changes Checksums-Sha1:
b7719c8f19a3dcc739b1ccaecc7b2d90fa53b427 3923 chromium_137.0.7151.55-1.dsc
764e58eb7f85d5776e28e9f9fadca0a2e9148d66 943831428 chromium_137.0.7151.55.orig.tar.xz
1c7abf11524828392cfd35bc0627ee010621666c 344648 chromium_137.0.7151.55-1.debian.tar.xz
efe54c972a7e06dd53cebf4ed7b3a34a84cd9d6d 26504 chromium_137.0.7151.55-1_source.buildinfo
Checksums-Sha256:
6afd81314a8d4039a0fd2ece3d99292f01b2a0a82212aae4dce7a0a43d1c5665 3923 chromium_137.0.7151.55-1.dsc
1b7e9225c6ae7b44e0caf9ce4aedc1057b3b64c26f22dfc4f1f0e3dd27f68121 943831428 chromium_137.0.7151.55.orig.tar.xz
78e66ac6f48d56549753ed8dac459edbcbc78f79fb76f719a949e72426bfe5eb 344648 chromium_137.0.7151.55-1.debian.tar.xz
cb98ac13d4d5838302ece3cc95fd9c129648c3eefb7b573b4e20c58f47c4577c 26504 chromium_137.0.7151.55-1_source.buildinfo
Files:
34626792e5cc47b30c16949e64d79df3 3923 web optional chromium_137.0.7151.55-1.dsc
11471239cb9e568ccdbb9678b2a381cb 943831428 web optional chromium_137.0.7151.55.orig.tar.xz
a266bb6091fa81b47a452a3479f003c6 344648 web optional chromium_137.0.7151.55-1.debian.tar.xz
d1c93763a87876c9dfdd21be7511dc29 26504 web optional chromium_137.0.7151.55-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmg2iDQUHGRpbGluZ2Vy QGRlYmlhbi5vcmcACgkQZF0CR8Nudjenfw//awK5LdpH+gBY0zec4qkIUrjPQyD6 dDoJGVrZKfDZzcOSXtdovDGP5hefjzmf9naQN2HlFVinCRrj5Ev69BNFriO4taLX tPbo2h3cCLivCw0CZIh+reM7wnAqXVY42SVf0XZCLZA59ZwGSqi7R5O+V9q4ANSz uv2GaG9sucyh4jf0EdVbEyHJnQqEk6Ojb6f+NdEMw/WSjIxkkMw9w9Z+dzAjUoM3 M1dA/wpJGYmOrwp5guC3FIsczZQHxLF6eelmSz19pzRKgQ5Q6NmUJ4OpwrE/c0zO Uvc4KYPStSD462atNO3PgC64IA2OLkf8/TW0vIMv0wNsLgA8UhHpFmngcm7v6iGP lpGTp1KN/h8XwAy0bWjbqlyrTPgDlZWoI/D8FPwCW1hKOHS7BaCDu6ZJweM4LLIG +6YW4Fq5k4U7R8jTW1GSW+3lRw8E/INJ5wjgtDfWmw8kbWQCEK3zrz5Sb0KOmns/ M3coadIYLzlZNEbdyZzna6XJDlhNIbDRJzdWYIhsZeQN0l+bRExtmkfiOeb+JH1o uQ3u4q/kefM0YkGqefle0dTE36C2fc5Cs2hhf2wBhfKsdpVTa1xe+WgttgWCmks/ TXQXKeEBvpPzWu8rHW9WSyMs8K+x37/YFlnALU2iNzy5+o+zFfusa4diIWZkx0Je R/ARwjuTuE9Cb0M=
=J9Jz
-----END PGP SIGNATURE-----


--==============u63599519344032391=Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaDaWZAAKCRCb9qggYcy5 Ia+4APsFkZ5EYgQOYiH2xzUQO1BI9wR4jkW7cNE0pOl0JFXUegEAijGHWbqPZkw+ ihcNwPrZkiRDWK8b9u8gA/+9pGwmWgE=ziuv
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)