aioquic (1.0.0-1) unstable; urgency=medium . * New upstream release - Refresh patches and drop d/p/bob-test-fix.patch and d/p/0004-service- identity-24-compatibility.patch (addressed upstream) * Set minimum version requirement for python3-cryptography cairo (1.18.0-3) unstable; urgency=medium . * Revert "Disable tests on 32-bit architectures for time_t bootstrapping" cairo (1.18.0-2) unstable; urgency=medium . [ Samuel Thibault ] * Provide a nocheck build profile to ease bootstrapping (Closes: #1055462) * Also include specture in the nocheck profile to avoid a build-dependency loop while bootstrapping . [ Jeremy Bícha ] * Stop using debian/control.in and dh-sequence-gnome * Disable tests on 32-bit architectures for time_t bootstrapping chromium (124.0.6367.118-1) unstable; urgency=high . * New upstream security release. - CVE-2024-4331: Use after free in Picture In Picture. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-4368: Use after free in Dawn. Reported by wgslfuzz. * Build-dep on libhwy-dev and delete the bundled third_party/highway. * Build-dep on libharfbuzz-dev and delete the bundled harfbuzz-ng. * Build-dep on libdav1d-dev and delete the bundled third_party/dav1d. * d/patches: - ppc64le/third_party/0001-Add-PPC64-support-for-libdav1d.patch, ppc64le/third_party/0001-Fix-libdav1d-compilation-on-clang-ppc.patch, ppc64le/third_party/0003-thirdparty-fix-dav1d-gn.patch, fixes/arm64-ftbfs.patch: drop these 4 patches that are only needed for bundled libdav1d. - ppc64le/third_party/0001-Fix-highway-ppc-hwcap.patch, ppc64le/third_party/0002-Highway-disable-128-bit-vsx.patch: drop these two patches that were needed for bundled highway. - upstream/ozone1.patch: drop, merged upstream. - upstream/ozone2.patch: drop, merged upstream. - fixes/bad-font-gc2.patch: refresh. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: Fix inadvertent breakage of i386 build chromium (124.0.6367.78-1) unstable; urgency=high . * New upstream security release. - CVE-2024-4058: Type Confusion in ANGLE. Reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure. - CVE-2024-4059: Out of bounds read in V8 API. Reported by Eirik. - CVE-2024-4060: Use after free in Dawn. Reported by wgslfuzz. chromium (124.0.6367.60-2) unstable; urgency=high . * d/patches/ppc64le: - third_party/0001-Add-PPC64-support-for-boringssl.patch: update for upstream boringssl changes and reenable - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: regenerate from new ffmpeg source tree - third_party/skia-vsx-instructions.patch: update for upstream changes . [ Andres Salomon ] * d/patches: - fixes/arm64-ftbfs.patch: add arm64-specific ftbfs fix for libdav1d. - upstream/ozone1.patch, upstream/ozone2.patch: backport fixes for broken wayland support (closes: #1069586). chromium (124.0.6367.60-1) unstable; urgency=high . * New upstream stable release. - CVE-2024-3832: Object corruption in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-3833: Object corruption in WebAssembly. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2024-3834: Use after free in Downloads. Reported by ChaobinZhang - CVE-2024-3837: Use after free in QUIC. Reported by {rotiple, dch3ck} of CW Research Inc. - CVE-2024-3838: Inappropriate implementation in Autofill. Reported by Ardyan Vicky Ramadhan. - CVE-2024-3839: Out of bounds read in Fonts. Reported by Ronald Crane (Zippenhop LLC). - CVE-2024-3840: Insufficient policy enforcement in Site Isolation. Reported by Ahmed ElMasry. - CVE-2024-3841: Insufficient data validation in Browser Switcher. Reported by Oleg. - CVE-2024-3843: Insufficient data validation in Downloads. Reported by Azur. - CVE-2024-3844: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2024-3845: Inappropriate implementation in Network. Reported by Daniel Baulig. - CVE-2024-3846: Inappropriate implementation in Prompts. Reported by Ahmed ElMasry. - CVE-2024-3847: Insufficient policy enforcement in WebUI. Reported by Yan Zhu. * d/copyright: - delete __pycache__ directories to shut up dpkg warnings. - stop deleting bundled libwebp directory. * Drop build-dep on libwebp-dev and start building against the bundled libwebp. We need to do this because chromium uses features of libavif that require libsharpyuv-dev; but that's only available in sid/trixie. * d/patches: - upstream/std-to-address.patch: drop, merged upstream. - fixes/optional2.patch: drop, merged upstream. - fixes/blink-fonts-shape-result.patch: drop, merged upstream. - bookworm/constexpr-equality.patch: drop, merged upstream. - disable/catapult.patch: refresh. - disable/google-api-warning.patch: rework to be a smaller patch. - bookworm/clang16.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: drop hunk related to deprecated preference. - upstream/mojo-null.patch: pull a (typescript) build fix from upstream. - upstream/uint-includes.patch: simple header build fix from upstream. - upstream/fps-optional.patch: add header build fix. - upstream/span-optional.patch: add header build fix. - upstream/extractor-bitset.patch: add header build fix. - upstream/atomic.patch: add header build fix. - upstream/webgpu-optional.patch: add header build fix. - fixes/absl-optional.patch: comment out assert() that caused crash. This could be another clang16/libstdc++ miscompilation issue, but needs further investigation. - fixes/bad-font-gc2.patch: drop a bunch of test-related pieces. - fixes/bad-font-gc0000.patch, fixes/bad-font-gc000.patch, fixes/bad-font-gc00.patch, fixes/bad-font-gc0.patch, fixes/bad-font-gc11.patch, fixes/bad-font-gc3.patch: revert a bunch more (new) upstream commits related to bad-font-gc2.patch. When the use-after-free bug gets fixed, all this can be dropped. * d/patches/ppc64le: - third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch, third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch, workarounds/HACK-third_party-libvpx-use-generic-gnu.patch, breakpad/0001-Implement-support-for-ppc64-on-Linux.patch, ffmpeg/0001-Add-support-for-ppc64.patch, third_party/dawn-fix-typos.patch, third_party/use-sysconf-page-size-on-ppc64.patch: refresh. - third_party/skia-vsx-instructions.patch: refresh & update for header renaming. - third_party/0001-Add-PPC64-support-for-boringssl.patch, third_party/0002-third-party-boringssl-add-generated-files.patch: disable these two until Tim has a chance to look at them. chromium (123.0.6312.122-1) unstable; urgency=high . * New upstream security release. - CVE-2024-3157: Out of bounds write in Compositing. Reported by DarkNavy. - CVE-2024-3516: Heap buffer overflow in ANGLE. Reported by Bao (zx) Pham and Toan (suto) Pham of Qrious Secure. - CVE-2024-3515: Use after free in Dawn. Reported by wgslfuzz. chromium (123.0.6312.105-2) unstable; urgency=high . * Depend on libgtk-3-0t64 instead of libgtk-3-0 for time_t transition (closes: #1068540). chromium (123.0.6312.105-1) unstable; urgency=high . * New upstream security release. - CVE-2024-3156: Inappropriate implementation in V8. Reported by Zhenghang Xiao (@Kipreyyy). - CVE-2024-3158: Use after free in Bookmarks. Reported by undoingfish. - CVE-2024-3159: Out of bounds memory access in V8. Reported by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks, via Pwn2Own 2024. python-cryptography (42.0.5-2) unstable; urgency=medium . * Patch: upstream fix for 32-bit archs tests python-cryptography (42.0.5-1) unstable; urgency=medium . * Team upload. * Bump setuptools-rust, rust-pem, rust-openssl, rust-openssl-sys deps * Testsuite: autopkgtest-pkg-pybuild . [ Andreas Tille ] * New upstream version Closes: #1059308 (CVE-2023-50782) Closes: #1064778 (CVE-2024-26130) Closes: #1063771, #1018159 * watch file standard 4 (routine-update) Closes: #1046569 . [ Michael R. Crusoe ] * Reorder sequence of d/control fields by cme (routine-update) * d/{tests/,}control: update dependency on python3-cryptography-vectors * marked intersphinx patch as not needing forwarding . [ Andrey Rakhmatullin ] * Add myself to Uploaders. . [ Jérémy Lal ] * Testsuite: autopkgtest-pkg-pybuild python-cryptography (41.0.7-5) unstable; urgency=medium . * AMAU, Closes: #1064979 . [ Andreas Tille ] * Enable building twice in a row python-hypothesis (6.100.2-1) unstable; urgency=medium . * New upstream version 6.100.2 * Stop enforcing minimum Sphinx version for now python-onewire (0.2-2) unstable; urgency=medium . * lintian: upstream-metadata-file-is-missing * Mark :native for an arch-all pkg * Set bage's debian.org email * Fix missing-build-dependency-for-dh-addon python-onewire (0.2-1) unstable; urgency=medium . * Initial release (Closes: #971950) rust-framehop (0.7.2-2) unstable; urgency=medium . * Team upload. * Package framehop 0.7.2 from crates.io using debcargo 2.6.1 * Bump dependency on macho-unwind-info to 0.4. rust-macho-unwind-info (0.4.0-1) unstable; urgency=medium . * Package macho-unwind-info 0.4.0 from crates.io using debcargo 2.6.1 rust-thiserror (1.0.59-1) unstable; urgency=medium . * Team upload. * Package thiserror 1.0.59 from crates.io using debcargo 2.6.1 rust-thiserror-impl (1.0.59-1) unstable; urgency=medium . * Team upload. * Package thiserror-impl 1.0.59 from crates.io using debcargo 2.6.1