Your message dated Fri, 22 Mar 2024 18:01:50 +0000
with message-id <e1rnjdc-00hfm0...@fasolo.debian.org>
and subject line Bug#1066910: fixed in chromium 123.0.6312.58-1
has caused the Debian Bug report #1066910,
regarding chromium: downloads non-free component libchromescreenai.so without
asking
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1066910: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1066910
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: chromium
Version: 122.0.6261.128-1
Severity: serious
In recent versions, chromium started downloading a file
~/.config/chromium/screen_ai/*/libchromescreenai.so. Evidently, the
source of this shared object is not in the chromium source package. I
think the chromium package - being in main - should not download a
shared object and run it without user confirmation.
Helmut
--- End Message ---
--- Begin Message ---
Source: chromium
Source-Version: 123.0.6312.58-1
Done: Andres Salomon <dilin...@debian.org>
We believe that the bug you reported is fixed in the latest version of
chromium, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1066...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andres Salomon <dilin...@debian.org> (supplier of updated chromium package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 22 Mar 2024 12:45:06 -0400
Source: chromium
Architecture: source
Version: 123.0.6312.58-1
Distribution: unstable
Urgency: high
Maintainer: Debian Chromium Team <chrom...@packages.debian.org>
Changed-By: Andres Salomon <dilin...@debian.org>
Closes: 1066235 1066910
Changes:
chromium (123.0.6312.58-1) unstable; urgency=high
.
* New upstream stable release.
- CVE-2024-2625: Object lifecycle issue in V8.
Reported by Ganjiang Zhou(@refrain_areu) of ChaMd5-H1 team.
- CVE-2024-2626: Out of bounds read in Swiftshader.
Reported by Cassidy Kim(@cassidy6564).
- CVE-2024-2627: Use after free in Canvas. Reported by Anonymous.
- CVE-2024-2628: Inappropriate implementation in Downloads.
Reported by Ath3r1s.
- CVE-2024-2629: Incorrect security UI in iOS.
Reported by Muneaki Nishimura (nishimunea).
- CVE-2024-2630: Inappropriate implementation in iOS.
Reported by James Lee (@Windowsrcer).
- CVE-2024-2631: Inappropriate implementation in iOS.
Reported by Ramit Gangwar.
* d/patches:
- upstream/bitset.patch: drop, merged upstream.
- upstream/bookmarknode.patch: drop, merged upstream.
- upstream/optional.patch: drop, merged upstream.
- upstream/uniqptr.patch: drop, merged upstream.
- fixes/gcc13-headers.patch: drop, merged upstream.
- fixes/optional.patch: drop, merged upstream.
- fixes/material-utils.patch: drop part that was merged upstream.
- disable/catapult.patch: refresh.
- bookworm/constexpr-equality.patch: include another similar fix.
- bookworm/nvt.patch: refresh.
- bookworm/undo-internal-alloc.patch: drop, as this was fixed upstream.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled-chromium.
- disable/angle-perftests.patch: drop, replace with a gn build argument.
- bookworm/rust-downgrade-osstr-users.patch: add new patch to downgrade
clap-lex crate, as it's using 1.74 features and we only have 1.70.
- fixes/strlcpy.patch: add strlcpy declaration (closes: #1066235).
- fixes/optional2.patch: add another missing <optional> inclusion.
- fixes/stats-collector.patch: add build fix for wrong header.
- disable/screen-ai-blob.patch: add patch to not register the
ScreenAI component. Previously, if you opened a PDF and clicked
"open in reader mode", it would download a binary blob to
~/.config/chromium/screen_ai/, and do OCR stuff (and who knows
what else) in that opaque blob without warning you. We, uh, don't
want that. (closes: #1066910).
* d/rules: add angle_build_tests=false build argument, which allows us to
drop angle-perftests.patch.
.
[ Timothy Pearson ]
* d/patches:
- fixes/blink-fonts-shape-result.patch: pull in upstream patch for
compilation failure in Blink SameSizeAsShapeResult class
* d/patches/ppc64le:
- ffmpeg/0001-Add-support-for-ppc64.patch: refresh for upstream changes
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
refresh for upstream changes
- libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: refresh
for upstream changes
- third_party/0001-Add-PPC64-support-for-boringssl.patch: refresh for
upstream changes
- third_party/skia-vsx-instructions.patch: refresh & harden Skia against
timing attacks.
Checksums-Sha1:
c5bd8e6d0b882a3272281867d58c3743d33b1843 3719 chromium_123.0.6312.58-1.dsc
290fd2dac9e08b2c645d2263edc090f5857e1c53 836043716
chromium_123.0.6312.58.orig.tar.xz
83f3cff9bf30a050efb3bd80b94bc568987707dd 376680
chromium_123.0.6312.58-1.debian.tar.xz
bd09840ebb9d26a916be0edac3a9f47f46d5a22b 21868
chromium_123.0.6312.58-1_source.buildinfo
Checksums-Sha256:
649eedf7edd48730f2936c99fbdeb822ed786705e97db2aaa3e0f53e2da944b3 3719
chromium_123.0.6312.58-1.dsc
3212a13a281e31e4f8b20ac69c3ed0c87e912105190a42003fb59e227b4ee8f6 836043716
chromium_123.0.6312.58.orig.tar.xz
58d6f79fb29e4756fcba608c7b100bd1ffe3b88373e6dcedbe8b40ff1c05e653 376680
chromium_123.0.6312.58-1.debian.tar.xz
e145c1ba90017654ddb4f4f740957870e08cb10835fce51292dff49071227de7 21868
chromium_123.0.6312.58-1_source.buildinfo
Files:
4fd4d76857e823b35d638044c2e11150 3719 web optional chromium_123.0.6312.58-1.dsc
f638edecb70fd37703f1b9aeca744cf4 836043716 web optional
chromium_123.0.6312.58.orig.tar.xz
6775a0cbde98fcb2b850465e7d495bfa 376680 web optional
chromium_123.0.6312.58-1.debian.tar.xz
56a7fe8f748005398cf0d797286c44e3 21868 web optional
chromium_123.0.6312.58-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmX9uNwUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8NudjeYkA//S7ZnrUHbOfd614RRTzkHkTQTMV9N
ZK9BmDD2LcYD8021e7pMoOA9G838w21xCN/WAQiSmFU9OpsAKZ/ZXiY4GZ8jalMt
5eHMZv1dppRi0JgNRZvI2dWLSDwSPYW7WaE3a4mBMof+Q1jqqx+eAZHd6OVm8U1L
io/Ff0h1AEBjjspaTBUyd4690e1/6S/iqjShpbwtzDKnLA3s5t+ws0zSE4s09FSn
siSmGAOAZeNRQtrVtvfuADN+E4w7mxO6d56S2+AZej+Wbgo1WVNnD/IH8OoXazNj
2tFAfQ79zKkc6KZAvgGK7J3T0nh9d1e6xQQHl6OjnC3XkWKMPiKj3ys9a1fdP90V
lwi6jNIbP713+jTorLQkT3mlYU0pITfkFAdegfg/kP+GkrRLcUmo8QiUq65Hg9QD
aGj8BYS4r9ILSdhvKCd/UGBhb1ZWiGyXhnW3Y5KGRD9EOpGZxtKOHdsoipi+o+ez
/kzLVn35WJhGmbMMjVuco/JEgbSPLJgkcmAmLRm5/m7GxyDOXQrdbHwMbMx8UCdt
AD82uYJIlgyOZ45a35LkcqIdEv/t423XPT1GNz881JIEmM5PXYpW1A5+FOU6WHIy
JTPfGRTWzUIUShWR5PHPt9Nl94M9pQuv3BdL+Nv6mCeAKGISWvE7sTAn2/kzbGJY
I4lrLwyY62OVMms=
=N6Lq
-----END PGP SIGNATURE-----
pgpC1ijh_lDZ_.pgp
Description: PGP signature
--- End Message ---
