-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 May 2025 18:47:40 -0400
Source: chromium
Architecture: source
Version: 137.0.7151.55-3~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
chromium (137.0.7151.55-3~deb12u1) bookworm-security; urgency=high
.
[ Timothy Pearson ]
* Fix FTBFS on ppc64el due to third party xnnpack library
* d/patches/ppc64le:
- third_party/0001-add-xnn-ppc64el-support.patch: Add ppc64el support to
xnn build system
- third_party/0002-regenerate-xnn-buildgn.patch: Regenerate xnn BUILD.gn
file
.
chromium (137.0.7151.55-2) unstable; urgency=high
.
* Switch build-deps with :all to :native.
.
chromium (137.0.7151.55-1) unstable; urgency=high
.
[ Daniel Richard G. ]
* d/control: Elaborate Build-Depends: clause for a cross build. Also drop
x11-apps, as it appears to be unused, as well as libmodpbase64-dev as
it is built in-tree under third_party/modp_b64/. Add a Build-Conflicts:
clause to avoid some snafus on Ubuntu.
* d/patches:
- debianization/cross-build.patch: New patch implementing the bulk of our
cross-build support.
- upstream/cross-build-target.patch: New upstream patch that sets
--target=... explicitly on all builds. Needed for a cross build.
- fixes/clang-rust-target.patch: Drop, as this patch is made redundant by
the preceding one.
* d/rules: Add settings and environment exports needed for a cross build.
.
[ Andres Salomon ]
* New upstream stable release.
- CVE-2025-5063: Use after free in Compositing. Reported by Anonymous.
- CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car].
- CVE-2025-5064: Inappropriate implementation in Background Fetch API.
Reported by Maurice Dauer .
- CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
Reported by NDevTK.
- CVE-2025-5066: Inappropriate implementation in Messages.
Reported by Mohit Raj (shadow2639)Ă‚ .
- CVE-2025-5281: Inappropriate implementation in BFCache.
Reported by Jesper van den Ende (Pelican Party Studios).
- CVE-2025-5283: Use after free in libvpx. Reported by Mozilla.
- CVE-2025-5067: Inappropriate implementation in Tab Strip.
Reported by Khalil Zhani.
* d/control: switch bindgen:any build-dep to bindgen:native.
* d/rules: disable optimize_webui for now due to a rollup 3.x issue.
* d/patches:
- upstream/media-optional.patch: drop, merged upstream.
- fixes/media-cstdint.patch: drop part of patch merged upstream.
- fixes/perfetto-nullptr.patch: drop due to upstream code changes.
- upstream/arm32-crel.patch: refresh.
- disable/tests.patch: refresh.
- system/gperf.patch: drop, merged upstream.
- bookworm/gn-revert-path-exists.patch: refresh.
- bookworm/gn-allowlist.patch: refresh.
- ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
- bookworm/clang19.patch: add new unsupported arg removal
(-fextend-variable-liveness).
- upstream/span-fwd.patch: add build fix pulled from upstream.
- upstream/mojo-optional.patch: add build fix pulled from upstream.
- bookworm/constexpr3.patch: add yet another constexpr workaround.
- upstream/opener-heur.patch: add build fix pulled from upstream.
- upstream/allowed-state.patch: add build fix pulled from upstream.
- upstream/pdfium-libpng.patch: add build fix pulled from upstream.
- upstream/safety-hub-set.patch: add build fix pulled from upstream.
- bookworm/gn-absl.patch: add global visibility for another type.
- bookworm/constexpr.patch: refresh.
- bookworm/stdarch-arm.patch: update path for rust crate.
- bookworm/rust-is-none-or.patch: add another workaround for missing
is_none_or() function.
- bookworm/toktrie-utf8chunks.patch: add workaround for missing
utf8_chunks() in rustc-web 1.78.
- bookworm/derivre-create.patch: enable rust unstable features
everywhere, and add some that derivre requires (from newer rustc).
.
[ Timothy Pearson ]
* d/patches/ppc64le:
- sandbox/features.gni: refresh for upstream changes
- third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
regenerate from upstream sources
- fixes/fix-partition-alloc-compile.patch: refresh for upstream changes
- third_party/skia-vsx-instructions.patch: refresh for upstream changes
Checksums-Sha1:
553080afe6368644b2cdd548bcd31be5059c7d21 3997 chromium_137.0.7151.55-3~deb12u1.dsc
764e58eb7f85d5776e28e9f9fadca0a2e9148d66 943831428 chromium_137.0.7151.55.orig.tar.xz
757246e6972644ca74c685b837e5ca71ee24d0a9 8488380 chromium_137.0.7151.55-3~deb12u1.debian.tar.xz
6f404a9ae475712c711f89a5040e02a87e5b64fb 26603 chromium_137.0.7151.55-3~deb12u1_source.buildinfo
Checksums-Sha256:
c092426f062857e05da58183ac53eeb76ec14b69d5583244fed4f2f83a8e6490 3997 chromium_137.0.7151.55-3~deb12u1.dsc
1b7e9225c6ae7b44e0caf9ce4aedc1057b3b64c26f22dfc4f1f0e3dd27f68121 943831428 chromium_137.0.7151.55.orig.tar.xz
002147373e873fcffbc720fa5cfb3fd39003f737d6246360ef785b52f8939603 8488380 chromium_137.0.7151.55-3~deb12u1.debian.tar.xz
cd7dea34d7daf579e743735313b38997c4d440bc101b2aeaa885f0dcac1e0656 26603 chromium_137.0.7151.55-3~deb12u1_source.buildinfo
Files:
2547c877c643901035828c80b67dd30b 3997 web optional chromium_137.0.7151.55-3~deb12u1.dsc
11471239cb9e568ccdbb9678b2a381cb 943831428 web optional chromium_137.0.7151.55.orig.tar.xz
c323679a9a7d5aecf098d0480e8e3ef8 8488380 web optional chromium_137.0.7151.55-3~deb12u1.debian.tar.xz
a954a6a8dad0b4d59b720f3b84803da9 26603 web optional chromium_137.0.7151.55-3~deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmg3qwQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjex0BAAkCFHy86nMrFX47DnlvdERSiZ03Mk
SErN7hVf8Cj86cV2zCeMWSMa786koprYZK5dvfqHiI1jx1UcYVWQ58k+5L5mysFL
sN4U4dHqyZeCJykGX7GMyQPNV5EmEEObmz1/JolEjPM977LT4izhtX+NOnztepTi
BF66vP1lCZI87OYncWh7UbpR4ARpWKW9fsqez042WcwiteJS16dnhqrk74xqOeZU
Lf92UZnF+Ic13zDeFdvGQeEOgYQkYr9qWAtwqVbPydi/t0BcvcN1ccDuAbMBOIGv
Qi4soPD3H7D8oqqzcPZz5zB4kEXPpqsJKw7pYJA22rO+QY/dqrWrkj2h/3WtEsH0
dIcKG5j/TSmTeK48pE6ej9Qk+oE3mnS74Bjg9MlvycjnKGl5Xhaq+4FX1eYDu/LD
6dcs8asIKLmBInKxc4Qz9Hrxn0LAYWs09/J7UEYXdjK2VVqFGGcFlu9y/YS28KjJ
AUQ/JOw28/D1vtx7VXzEygP2v6w6J0cFKreJ3hyduv9waUslyIJZPpgIkLqsNrqX
1zZ0vFR9ol1eMrpeJFSIkC9Zk4ZgIcspW7RhZG8jaPyG68G5j1pcRtWmehUJvhnh
Kznf69qn36zdzQRsPDL1XQzwgEa/Vv3ijzyFVqRUQOUJxW6yx06QEjOQZ1Ez6V3B
9ACWMr2o5Pl8yo0=
=NZrv
-----END PGP SIGNATURE-----