chromium-browser (6.0.472.63~r59945-5+squeeze6) stable-security; urgency=low

  * Added gbp.conf
  * Fixed CVE-2011-2818: Use-after-free in display box rendering.
    Credit to Martin Barbella.
  * Fixed CVE-2011-2800: Leak of client-side redirect target.
    Credit to Juho Nurminen
  * FIxed CVE-2011-2359: Stale pointer due to bad line box tracking in
    rendering. Credit to miaubiz and Martin Barbella.
  * Blacklist SSL certificates issued by DigiNotar-controlled intermediate CAs
    used by the Dutch PKIoverheid program

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 09 Sep 2011 22:05:07 +0200

chromium-browser (6.0.472.63~r59945-5+squeeze5) stable-security; urgency=low

  * Fixed CVE-2011-1292: Use-after-free in the frame loader.
    Credit to Sławomir Błażek.
  * Fixed CVE-2011-1293: Use-after-free in HTMLCollection.
    Credit to Sergey Glazunov.
  * Fixed CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
    Credit to Jose A. Vazquez.
  * Fixed CVE-2011-1444: Race condition in sandbox launcher.
    Credit to Dan Rosenberg.
  * Fixed CVE-2011-1797: stale pointer in table captioning (credit: wushi)
  * Fixed CVE-2011-1799: Bad casts in Chromium WebKit glue.
    Credit to Google Chrome Security Team (SkyLined).

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 13 May 2011 18:57:51 +0200

chromium-browser (6.0.472.63~r59945-5+squeeze4) stable-security; urgency=low

  * Fixed CVE-2011-0779: does not properly handle a missing key in an extension,
    which allows remote attackers to cause a denial of service
   (application crash) via a crafted extension.
  * Fixed CVE-2011-1290: Integer overflow in style elements
  * Removed mips from arch to avoid flood of given-back build log

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 11 Mar 2011 13:56:22 +0100

chromium-browser (6.0.472.63~r59945-5+squeeze3) stable-security; urgency=low

  * Backported security patches from stable:
    - [54262] High URL bar spoof with history interaction. Credit to Jordi
      Chancel.
    - [63732] High Crash with javascript dialogs. Credit to Sergey Radchenko.
    - [68263] High Stylesheet node stale pointer. Credit to Sergey Glazunov.
    - [69640] Medium Out-of-bounds read in text searching. Credit to Kostya
      Serebryany of the Chromium development community
    - [64-bit Linux only] [70376] Medium Out-of-bounds read in pickle
      deserialization. Credit to Evgeniy Stepanov of the Chromium development
      community.
    - [71114] High Stale node in table child handling. Credit to Martin Barbella
    - [71115] High Stale pointer in table rendering. Credit to Martin Barbella.
    - [71855] High Integer overflow in textarea handling. Credit to miaubiz.
    - [71960] Medium Out-of-bounds read in WebGL. Credit to Google Chrome
      Security Team (Inferno).
    - [72134] High Memory corruption in SVG fonts. Credit to Andreas Kling.
    - [69628] High Memory corruption with counter nodes. Credit to Martin
      Barbella.
    - [70027] High Stale node in box layout. Credit to Martin Barbella. 
    - [70336] Medium Cross-origin error message leak with workers.
      Credit to Daniel Divricean.
    - [72028] High Stale pointer in table painting. Credit to Martin Barbella.
    - [73746] High Stale pointer with SVG cursors. Credit to Sergey Glazunov.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 06 Mar 2011 22:07:44 +0100

chromium-browser (6.0.472.63~r59945-5+squeeze2) stable-security; urgency=high

  * Backported security patches from stable:
    - High Stale pointer in animation event handling. Credit to Rik Cabanier.
    - High Stale pointer with anonymous block handling. Credit to Martin
      Barbella.
    - Medium Out-of-bounds read in plug-in handling. Credit to Bill Budge of
      Google. 
    - Medium Possible failure to terminate process on out-of-memory condition.
      Credit to David Warren of CERT/CC.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 11 Feb 2011 17:09:54 +0100

chromium-browser (6.0.472.63~r59945-5+squeeze1) stable-security; urgency=high

  * Backported security patches from stable:
    - High Use-after-free in image loading. Credit to Aki Helin of OUSPG
    - Low Browser crash with extension with missing key. Credit to Brian Kirchoff.
    - Low Browser crash with bad volume setting. Credit to Matthew Heidermann.

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 07 Feb 2011 19:39:37 +0100

chromium-browser (6.0.472.63~r59945-5) unstable; urgency=high

  * Backported security patches from stable:
    - High Bad pointer handling in node iteration. Credit to Sergey Glazunov.
    - High Stale pointer with CSS + canvas. Credit to Sergey Glazunov. 
    - High Stale pointer with CSS + cursors. Credit to Jan Tošovský.
    - High Stale pointer with SVG use element. Credited anonymously; plus
      indepdent discovery by miaubiz.
    - High Vorbis decoder buffer overflows. Credit to David Warren of CERT. 
    - High Bad cast in anchor handling. Credit to Sergey Glazunov. 
    - High Bad cast in video handling. Credit to Sergey Glazunov. 
    - High Stale rendering node after DOM node removal. Credit to Martin
      Barbella; plus independent discovery by Google Chrome Security Team
      (SkyLined). 

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 15 Jan 2011 12:04:52 +0100

chromium-browser (6.0.472.63~r59945-4) unstable; urgency=high

  * Backported security patches from stable:
    - [64-bit Linux only] High Bad validation for message deserialization on
      64-bit builds. Credit to Lei Zhang of the Chromium development community.
    - Low Browser crash with NULL pointer in web worker handling. Credit to 
      Nathan Weizenbaum of Google.
    - Medium Out-of-bounds read in CSS parsing. Credit to Chris Rohlf.
    - High Stale pointers in cursor handling. Credit to Sławomir Błażek and
      Sergey Glazunov.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 18 Dec 2010 17:39:19 +0100

chromium-browser (6.0.472.63~r59945-3) unstable; urgency=high

  * Backported security patches from stable:
    - Medium Cross-origin video theft with <canvas>. Credit to Nirankush
      Panchbhai and Microsoft Vulnerability Research (MSVR).
    - High Use after free in history handling. Credit to Stefan Troger.
    - Medium Make sure the “dangerous file types” list is uptodate with the
      Windows platforms. Credit to Billy Rios of the Google Security Team.
    - High Crash due to bad indexing with malformed video. Credit to miaubiz. 
    - High Use after free with SVG animations. Credit to Sławomir Błażek.
    - Medium Use after free in mouse dragging event handling. Credit to kuzzcc.

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 07 Dec 2010 12:53:25 +0100

chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high

  * Added the missing changelog credit for the 5.0.375.29~r46008-1 revision.
    Obviously this was not a "stealing" as foolishly written by Fabien Tassin
    in a blog rant, but was a bad debian/changelog merge.
  * Backported security patches from stable:
    - High Use-after-free in text editing. Credit to David Bloom of the Google
      Security Team, Google Chrome Security Team (Inferno) and Google Chrome
      Security Team (Cris Neckar).
    - High Memory corruption with enormous text area. Credit to wushi of
      team509.
    - High Bad cast with the SVG use element. Credit to the kuzzcc.
    - High Use-after-free in text control selections. Credit to "vkouchna".
    - High Integer overflows in font handling. Credit to Aki Helin of OUSPG.
    - High Bad use of destroyed frame object. Credit to various developers,
      including "gundlach".
    - High Type confusions with event objects. Credit to "fam.lam" and Google
      Chrome Security Team (Inferno).
    - High Out-of-bounds array access in SVG handling. Credit to wushi of
      team509.

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 05 Nov 2010 09:19:33 +0100

chromium-browser (6.0.472.63~r59945-1) unstable; urgency=high

  * New stable microrelease.
  * Allow to choose whether links are opened in a new link or new tab.
    (Closes: #581391) Thanks to Sam Morris
  * Backported security patches:
    - Medium Possible autofill / autocomplete profile spamming. Credit to
      Google Chrome Security Team (Inferno).
    - High Crash with forms. Credit to the Chromium development community.
    - Critical Browser crash with form autofill. Credit to the Chromium
      development community.
    - High Possible URL spoofing on page unload. Credit to kuzzcc; plus
      independent discovery by Jordi Chancel.
    - High Possible memory corruption with animated GIF. Credit to Simon Schaak.
    - High Failure to sandbox worker processes on Linux. Credit to Google
      Chrome Security Team (Chris Evans).
    - High Stale elements in an element map. Credit to Michal Zalewski of the
      Google Security Team.

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 19 Oct 2010 12:59:21 +0200

chromium-browser (6.0.472.62~r59676-1) unstable; urgency=low

  * New stable security microrelease:
    - [55114] High Bad cast with malformed SVG. Credit to wushi of team 509.
    - [55119] Critical Buffer mismanagement in the SPDY protocol. Credit to Ron
      Ten-Hove of Google.
    - [55350] High Cross-origin property pollution. Credit to Stefano Di Paola
      of MindedSecurity.
  * Add translations for the "Name" field in the desktop file, and fix
    some "Comment" / "GenericName". Thanks to the Ubuntu translation team.
  * Build with PIE (Position Independent Executable) 

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 18 Sep 2010 16:48:44 +0200

chromium-browser (6.0.472.59~r59126-1) unstable; urgency=low

  * New stable security microrelease:
    - [50250] High Use-after-free when using document APIs during parse. Credit
      to David Weston of Microsoft + Microsoft Vulnerability Research (MSVR) and
      wushi of team 509 (independent discoveries).
    - [50712] High Use-after-free in SVG styles. Credit to kuzzcc.
    - [51252] High Use-after-free with nested SVG elements. Credit to kuzzcc.
    - [51709] Low Possible browser assert in cursor handling. Credit to
      "magnusmorton".
    - [51919] High Race condition in console handling. Credit to kuzzcc.
    - [53176] Low Unlikely browser crash in pop-up blocking. Credit to kuzzcc.
    - [53394] High Memory corruption in Geolocation. Credit to kuzzcc.
    - [53930] High Memory corruption in Khmer handling. Credit to Google Chrome
      Security Team (Chris Evans).
    - [54006] Low Failure to prompt for extension history access. Credit to
      "adriennefelt".

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 15 Sep 2010 16:00:10 +0200

chromium-browser (6.0.472.53~r57914-3) unstable; urgency=low

  * Upload to unstable, this release fixes the following security issue:
    - [34414] Low Pop-up blocker bypass with blank frame target. Credit to
      Google Chrome Security Team (Inferno) and “ironfist99”.
    - [37201] Medium URL bar visual spoofing with homographic sequences. Credit
      to Chris Weber of Casaba Security.
    - [41654] Medium Apply more restrictions on setting clipboard content.
      Credit to Brook Novak.
    - [45659] High Stale pointer with SVG filters. Credit to Tavis Ormandy of
      the Google Security Team.
    - [45876] Medium Possible installed extension enumeration. Credit to
      Lostmon.
    - [46750] [51846] Low Browser NULL crash with WebSockets. Credit to Google
      Chrome Security Team (SkyLined), Google Chrome Security Team
      (Justin Schuh) and Keith Campbell.
    - [50386] High Use-after-free in Notifications presenter. Credit to Sergey
      Glazunov.
    - [50839] High Notification permissions memory corruption. Credit to Michal
      Zalewski of the Google Security Team and Google Chrome Security Team
      (SkyLined).
    - [51630] [51739] High Integer errors in WebSockets. Credit to
      Keith Campbell and Google Chrome Security Team (Cris Neckar).
    - [51653] High Memory corruption with counter nodes. Credit to kuzzcc.
    - [51727] Low Avoid storing excessive autocomplete entries. Credit to Google
      Chrome Security Team (Inferno).
    - [52443] High Stale pointer in focus handling. Credit to VUPEN
      Vulnerability Research Team (VUPEN-SR-2010-249).
    - [52682] High Sandbox parameter deserialization error. Credit to Ashutosh
      Mehra and Vineet Batra of the Adobe Reader Sandbox Team.
    - [53001] Medium Cross-origin image theft. Credit to Isaac Dawson.
   * Provide gnome-www-browser (Closes: #594057)
   * use startup-notification correctly (Closes: #581347)
   * the main scrollbar doesn'have anymore low contrast (Closes: #582648)
   * check DISPLAY envvar (Closes: #587398)
   * Doesn't segfault with cups (Closes: #593748)

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 07 Sep 2010 18:49:45 +0200

chromium-browser (6.0.472.53~r57914-2) experimental; urgency=low

  * Do not install libppapi_tests.so and DumpRenderTree_resources/
  * Add libppapi_tests.so to INSTALL_EXCLUDE_FILES and
    DumpRenderTree_resources/ to INSTALL_EXCLUDE_DIRS

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 04 Sep 2010 08:28:27 +0200

chromium-browser (6.0.472.53~r57914-1) experimental; urgency=low

  * New upstream release
  * Merge the unstable branch
  * Backport arm ffmpeg fix from unstable (v5)
  * chromium-browser-inspector: added a conflict with
    chromium-browser (<< ${source:Version}) (Closes: #594909)

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 01 Sep 2010 15:39:16 +0200

chromium-browser (6.0.472.36~r55963-1) experimental; urgency=low

  * New beta release
  * Refreshed patches
  * Build and use the custom ffmpeg copy
  * Build and use the custom protobuf copy.

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 19 Aug 2010 09:53:03 +0200

chromium-browser (6.0.466.0~r52279-1) experimental; urgency=low

  * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164)
  * New dev upstream for experimental suite
  * Refreshed patches.
  * Install new resource.pak
  * Added libcups2-dev, libgnome-keyring-dev, libgconf2-dev in BUild-depends
  * set disable_sse2=1
  * Switch back to ffmpeg system libs
  * Install DumpRenderTree_resources
  * Define GOOGLE_PROTOBUF_NO_RTTI to fix FTBFS when compiling against system
    protobuf

 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 21 Jul 2010 14:40:57 +0200

chromium-browser (5.0.375.127~r55887-2) UNRELEASED; urgency=low

  * Provide gnome-www-browser (Closes: #594057)
  * Use hardening-wrapper

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 29 Aug 2010 12:20:18 +0200

chromium-browser (5.0.375.127~r55887-1) unstable; urgency=high

  * New stable security microrelease.
    - Critical. Memory corruption with file dialog. Credit to Sergey Glazunov.
    - High. Memory corruption with SVGs. Credit to wushi of team509.
    - High. Bad cast with text editing. Credit to wushi of team509.
    - High. Possible address bar spoofing with history bug. Credit to Mike
      Taylor.
    - High. Memory corruption in MIME type handling. Credit to Sergey Glazunov.
    - Critical. Crash on shutdown due to notifications bug. Credit to Sergey
      Glazunov.
    - Medium. Stop omnibox autosuggest if the user might be about to type a
      password. Credit to Robert Hansen.
    - High. Memory corruption with Ruby support. Credit to kuzzcc.
    - High. Memory corruption with Geolocation support. Credit to kuzzcc.
  * Remove gecko-mediaplayer from blacklist (Closes: #590145)

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 20 Aug 2010 11:09:16 +0200

chromium-browser (5.0.375.125~r53311-1) unstable; urgency=medium

  * Flush cairo surface at end of CanvasPaintLinux (Closes: #587164)
  * New stable micro release:
    - Medium Memory contents disclosure in layout code. Credit to Michail
      Nikolaev.
    - High Issue with large canvases. Credit to sp3x of SecurityReason.com.
    - High Memory corruption in rendering code. Credit to Jose A. Vazquez.
    - High Memory corruption in SVG handling. Credit to Aki Helin of OUSPG.
    - Low Avoid hostname truncation and incorrect eliding. Credit to Google
      Chrome Security Team (Inferno).

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 27 Jul 2010 12:44:58 +0200

chromium-browser (5.0.375.99~r51029-4) unstable; urgency=low

  * Fix FTBFS with icu 4.4 (Closes: #589414)
  * Do not use armv4 incompatible code
  * Remove src/out and "*.pyc" files in clean target. (Closes: #589160)
    Thanks to Timo Juhani Lindfors.

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 17 Jul 2010 17:22:47 +0200

chromium-browser (5.0.375.99~r51029-3) unstable; urgency=low

  * [armel] Disabled thumb to fix FTBFS in armel
  * Bump to Standards-Version 3.9.0, no changes needed
  * Backport support for the Ambiance/Radiance and Dust themes button ordering
    by reading the gconf pref

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 08 Jul 2010 13:34:15 +0200

chromium-browser (5.0.375.99~r51029-2) unstable; urgency=low

  * Backport patch for CVE-2010-1760
  * [armel] set arm_neon=0
  * [armel] Remove all V5TE, VFP code from ffmpeg

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 06 Jul 2010 16:14:12 +0200

chromium-browser (5.0.375.99~r51029-1) unstable; urgency=low

  * DEB_HOST_ARCH_CPU in armel is arm, updating debian/rules
  * New stable version, this release fixes the following security
    issues:
    - [42396] Low OOB read with WebGL. Credit to Sergey Glazunov; Google Chrome
      Security Team (SkyLined). 
    - [42575] [42980] Medium Isolate sandboxed iframes more strongly. Credit to
      sirdarckcat of Google Security Team.
    - [43488] High Memory corruption with invalid SVGs. Credit to Aki Hekin of
      OUSPG; wushi of team509.
    - [44424] High Memory corruption in bidi algorithm. Credit to wushi of
      team509.
    - [45164] Low Crash with invalid image. Credit to javg0x83.
    - [45983] High Memory corruption with invalid PNG (libpng bug). Credit to
      Aki Helin of OUSPG.
    - [46360] High Memory corruption in CSS style rendering. Credit to wushi of
      team509.
    - [46575] Low Annoyance with print dialogs. Credit to Mats Ahlgren.
    - [47056] Low Crash with modal dialogs. Credit to Aki Helin of OUSPG.
  * Remove armv6 and armv7 support from ffmpeg internal copy
  * Set arm_thumb=0 to avoid FTBFS in armel. Thanks to Peter De Schrijver,
    Timo Lindfors and Reinhard Tartler

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 03 Jul 2010 13:23:26 +0200

chromium-browser (5.0.375.86~r49890-4) unstable; urgency=low

  * Use the full path in chromium-browser.desktop Exec field (Closes: #580582)
  * Remove the 3d patch, non-3d videos are messed up (Closes: 587389)
  * Build depends on libicu-dev (>= 4.2.1) and libevent-dev (>= 1.4.13) to
    avoid bad backports

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 28 Jun 2010 15:10:05 +0200

chromium-browser (5.0.375.86~r49890-3) unstable; urgency=low

  * Set ffmpeg_branding=Chrome to enable the h264 decoder (Closes: #587293)
  * Backport VP8/WebM code and use system copy of libvpx
  * Add xulrunner lib path to LD_LIBRARY_PATH (Closes: #574679)
  * Removed license info for src/native_client/src/third_party/valgrind/bin/
  * Fixed 3d visualization on youtube video with html5 and Webm

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 27 Jun 2010 13:01:44 +0200

chromium-browser (5.0.375.86~r49890-2) unstable; urgency=low

  * Partially revert info in about:version, it has significant impact in
    first-run performance
  * Build and use the custom ffmpeg copy, when ffmpeg 0.6 will be uploaded in
    unstable chromium will use the system copy of ffmpeg. (Closes: #581507) 
  * Install libffmpegsumo
  * Add a replace and conflict entry for chromium-codecs-ffmpeg and
    chromium-codecs-ffmpeg-extra. This is necessary for people who used or
    are using the unofficial PPA build.
  * Update language list in chromium-browser-l10n description

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 26 Jun 2010 09:47:17 +0200

chromium-browser (5.0.375.86~r49890-1) unstable; urgency=low

  [ Jonathan Nieder ]
  * Use dpkg-architecture directly instead of relying on
    dpkg-buildpackage to set DEB_*_ARCH variables.  Use
    DEB_HOST_ARCH_CPU instead of DEB_BUILD_ARCH to detect target CPU.
    (Closes: #585801)

  [ Giuseppe Iuculano ]
  * New stable version, this release fixes the following security
    issues:
    - [38105] Medium XSS via application/json response (regression). Credit to
       Ben Davis for original discovery and Emanuele Gentili for regression
       discovery.
    - [43322] Medium Memory error in video handling. Credit to Mark Dowd under
       contract to Google Chrome Security Team.
    - [43967] High Subresource displayed in omnibox loading. Credit to Michal
       Zalewski of Google Security Team.
    - [45267] High Memory error in video handling. Credit to Google Chrome
      Security Team (Cris Neckar).
    - [46126] High Stale pointer in x509-user-cert response. Credit to Rodrigo
      Marcos of SECFORCE. 
    - Drop the XLIB_SKIP_ARGB_VISUALS workaround as it creates regressions.
      See http://crbug.com/46439 
  * Use /usr/bin/chromium-browser in chromium-browser.xml (Closes: #580582)

  [ Fabien Tassin ]
  * Show in about:version when chromium is running on a different
    distribution that it has been built on
    - udpate debian/rules
    - rename and update debian/chromium-browser.sh =>
      debian/chromium-browser.sh.in

 -- Giuseppe Iuculano <iuculano@debian.org>  Fri, 25 Jun 2010 10:15:35 +0200

chromium-browser (5.0.375.70~r48679-2) unstable; urgency=low

  [ Fabien Tassin ]
  * Accept 'stable' as value for $(CHANNEL)
    - update debian/rules

  [ Giuseppe Iuculano ]
  * Use the full path in chromium-browser.xml, now Gnome's Preferred
    Applications doesn't get confused. (Closes: #580582)
  * debian/patches/protobuf.patch: Use system copy of libprotobuf
  * Added protobuf-compiler and libprotobuf-dev in Build-Depends
  * debian/patches/glew.patch: Use system copy of libglewmx (version with
    support for thread-safe usage of multiple rendering contexts)
  * Added libglewmx1.5-dev in Build-Depends
  * Removed Fabien and Alexander from Uploaders.
  * Updated VCS control fields
  * Fix an infinite recursion crash when trying to wrap media elements without
    a media player. (Closes: #582709)

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 13 Jun 2010 22:23:59 +0200

chromium-browser (5.0.375.70~r48679-1) unstable; urgency=low

  [ Fabien Tassin ]
  * Add a --temp-profile knob to the launcher script starting Chromium with
    a new profile which will last only for the duration of the session
    - update debian/chromium-browser.sh
  * Change StartupWMClass to Chromium-browser in the desktop launcher so
    cairo-dock does the right thing (LP: #587664)
    - update debian/chromium-browser.desktop
  * Set XLIB_SKIP_ARGB_VISUALS=1 in the wrapper to prevent flash from dying
    with a Gdk-ERROR when gtk2 is built with RGBA support (like in Maverick).
    (LP: #584959)
    - update debian/chromium-browser.sh
  
  [ Giuseppe Iuculano ]
  * New upstream stable release, this release fixes the following security
    issues:
    - [15766] Medium Cross-origin keystroke redirection.
    - [39985] High Cross-origin bypass in DOM methods.
    - [42723] High Memory error in table layout.
    - [43304] High Linux sandbox escape.
    - [43307] High Bitmap stale pointer.
    - [43315] High Memory corruption in DOM node normalization.
    - [43487] High Memory corruption in text transforms.
    - [43902] Medium XSS in innerHTML property of textarea.
    - [44740] High Memory corruption in font handling.
    - [44868] High Geolocation events fire after document deletion.
    - [44955] High Memory corruption in rendering of list markers.


 -- Giuseppe Iuculano <iuculano@debian.org>  Wed, 09 Jun 2010 12:08:42 +0200

chromium-browser (5.0.375.55~r47796-1) unstable; urgency=low

  * New beta release.
    - This release contains some minor crash and stability fixes.
  * Switch to dpkg-source 3.0 (quilt) format.
  * Don't use a tar.lzma-in-a-tar.gz
    - Now debian/rules binary works (Closes: #580535)
  * Refreshed patches and removed zoom_incognito.patch (applied upstream)
  * Removed quilt from Build-Depends
  * Build-depends on libv8-dev >= 2.2.7 and fix build-depends-on-1-revision
    lintian warning

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 23 May 2010 23:22:16 +0200

chromium-browser (5.0.375.38~r46659-2) unstable; urgency=low

  [ Fabien Tassin ]
  * Unbreak get-orig-source when it needs to drop its cache after a channel jump
    (replace brace expansion - which is a bashism - with proper $(wildcard))
    - update debian/rules
  
  [ Giuseppe Iuculano ]
  * chromium-browser-inspector: demoted chromium-browser to Recommend and
    avoid circular dependency (Closes: #581743)
  * Tell Chromium to look in /etc/chromium-browser for the master_preferences
    file
   - update debian/patches/series
   - add debian/patches/prefs.patch
  * Ship a custom first-run preferences file
    - update debian/chromium-browser.install
    - add debian/master_preferences
  * Removed g++-4.3 | g++-4.2 from Build-Depends
    - update debian/control
  * Removed the icon field from the menu file
    - update debian/chromium-browser.menu
  * Removed libc6-dev-i386 [amd64] and g++-multilib [amd64] from Build-Depends
    - update debian/control
  * Install a presubj bug file
    - update debian/chromium-browser.install 
    - add debian/presubj
  * Forget zoom levels set/changed in incognito mode
    - add debian/patches/zoom_incognito.patch
    - update debian/patches/series

 -- Giuseppe Iuculano <iuculano@debian.org>  Tue, 18 May 2010 23:52:40 +0200

chromium-browser (5.0.375.38~r46659-1) unstable; urgency=low

  [ Giuseppe Iuculano ]
  * Use system copy of libv8
   - update debian/control
   - update debian/patches/series
   - update debian/patches/system_v8.patch
   - update debian/rules
  * Build-depends on libv8-dev >= 2.2.7
    See http://code.google.com/p/v8/issues/detail?id=506
   - update debian/control
  * Recognize iceweasel in about:memory
    - update debian/patches/series
    - add debian/patches/memory_iceweasel.patch
  * Set arch to i386 amd64 armel mips
  * New beta release
    - In addition to crash and stability fixes, this release also includes
      a localization refresh
  * Upload in unstable

  [ Andres Mejia ]
  * Be able to use system ffmpeg-0.5.1. (Closes: #580947)

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 13 May 2010 11:31:32 +0200

chromium-browser (5.0.375.29~r46008-3) experimental; urgency=low

  * Include system copy of prtime.h
   - add debian/patches/nspr.patch
   - update debian/patches/series
  * Use system libicu
    - add debian/patches/system-icu.patch
  * webkit needs to call nss to pull in nspr headers
    - add debian/patches/nss.patch
    - update debian/patches/series
  * Ops, libavutil50 is not yet in Debian, removed from depends
   (Closes: #580769)
    - update debian/control
  * Include system copy of expat.h
    - update debian/patches/series
    - add debian/patches/expat.patch

 -- Giuseppe Iuculano <iuculano@debian.org>  Sun, 09 May 2010 11:34:10 +0200

chromium-browser (5.0.375.29~r46008-2) experimental; urgency=low

  * Do not pre-depend on lzma. Thanks to Sven Joachim. (Closes: #580485)
    - update debian/control
  * Do not force -j$(PROCESSORS), use DEB_BUILD_OPTIONS's parallel=n option
    instead so the person doing the build can decide how many processes to run
    in parallel. (Closes: #580490)
    - update debian/rules
  * Reintroduce add_enable_sse2_flag.patch (Closes: #580608)
    - update debian/rules
    - update debian/patches/add_enable_sse2_flag.patch
    - update debian/patches/series
  * Added a Debian menu file (Closes: #580591)
    - add debian/chromium-browser.menu 
  * Use system yasm
    - update debian/rules
    - update debian/control
  * Removed DEB_MAKE_EXTRA_ARGS, we already use DEB_MAKE_ENVVARS for parallel
    build
    - update debian/rules
  * Set use_system_ffmpeg and symlink libavcodec libavformat and libavutil.
    This enables HTML5 video (Closes: 580610)
    - update debian/rules
    - update debian/patches/series
    - add debian/chromium-browser.links
    - add debian/patches/ffmpeg-no-pkgconfig.patch
    - add debian/patches/ffmpegfix.patch
  * Added libavcodec52, libavformat52 and libavutil50 in Depends
    - update debian/control

 -- Giuseppe Iuculano <iuculano@debian.org>  Sat, 08 May 2010 00:41:38 +0200

chromium-browser (5.0.375.29~r46008-1) experimental; urgency=low

  [Giuseppe Iuculano]
  * Switch to system libs and enabled libxml
    - update debian/rules
  * Use system libevent, libicu and libxslt
    - update debian/rules
    - update debian/control
  * New upstream release from the Beta Channel
  * Fixed a typo in the maintainer field
    - update debian/control
  * Removed ubuntu_dont_overwrite_default_download_directory.patch, the default
    download location can be set via the options dialog
    - update debian/patches/series
    - removed ubuntu_dont_overwrite_default_download_directory.patch
  * use dh_install --list-missing
    - update debian/rules
  * Updated VCS control field, at this moment is a private branch on launchpad
    - update debian/control
  * Updated debian/copyright and fixed glitches pointed out by ftpmaster
    - update debian/copyright
    - update debian/copyright.problems
  * Added a strict depend in chromium-browser-inspector
    - update debian/control

  [ Fabien Tassin ]
  * Add app_unittests_strings to INSTALL_EXCLUDE_DIRS
    - update debian/rules
  * Add a gnome-www-browser alternative (LP: #571103)
    - update debian/chromium-browser.{postinst,prerm}
  * Build with build_ffmpegsumo=0 instead of use_system_ffmpeg=1 (which
    now means something else)
    - update debian/rules
  * Install resources/{bookmark_manager,net_internals} in the main deb
    - update debian/chromium-browser.install
  * Drop the sse2 patch, it has been applied upstream, and set disable_sse2
    - drop debian/patches/drop_sse2.patch
    - update debian/patches/series
    - update debian/rules
  * Add app_unittests_strings, resources/{calendar_app,docs_app,gmail_app}
    and pyproto to INSTALL_EXCLUDE_DIRS
    - update debian/rules

 -- Giuseppe Iuculano <iuculano@debian.org>  Thu, 06 May 2010 12:01:07 +0200

chromium-browser (5.0.342.9~r43360-1) experimental; urgency=low

  [ Fabien Tassin ]
  * Add xdg-utils to Depends (LP: #568984)
    - update debian/control
  * Disable DLOG and DCHECK. This should improve performances.
    - update debian/rules

  [ Giuseppe Iuculano ]
  * Replace xbase-clients with x11-apps in build-depdends
    - update debian/control
  * Bump debhelper compatibility to 7
    - update debian/control
    - update debian/compat
  * Bump to Standards-Version 3.8.4, no changes needed
    - update debian/control
  * Removed the strict depends in chromium-browser-l10n, and made
    chromium-browser safely binNMUable
    - update debian/control
  * Set Priority extra for chromium-browser-dbg
    - update debian/control
  * Added the debhelper token in prerm and postinst scripts
    - update debian/chromium-browser.postinst
    - update debian/chromium-browser.prerm
  * Removed cdbs cruft and fix patch-system-but-direct-changes-in-diff lintian
    warning
    - update debian/rules
  * Build-depends on coreutils >= 7.5 | timeout
    - update debian/control
  * Use lzma only in Ubuntu, this is not yet permitted in the Debian archive
    - update debian/rules
  * Move chromium-browser-dbg in debug section and improve its extended
    description
    - update debian/control
  * Set CHROME_VERSION_EXTRA to Debian in the Debian package
    - update debian/rules
  * Updated Maintainer and Uploader lists
    - update debian/control
  * Upload to experimental (Closes: #520324)
  * Removed chromium-codecs-ffmpeg from Depends
    - update debian/control

 -- Giuseppe Iuculano <iuculano@debian.org>  Mon, 26 Apr 2010 15:03:00 +0200

chromium-browser (5.0.342.9~r43360-0ubuntu2) lucid; urgency=low

  [ Fabien Tassin <fta@ubuntu.com> ]
  * Mention 'Chrome' in the main package description (LP: #561667)
    - update debian/control
  * When 'gclient update' fails, clear up the cache and retry. This helps
    the channels updates often failing with a "Can't switch the checkout" error
    - update debian/rules

  [ Chris Coulson <chris.coulson@canonical.com> ]
  * Update the default search URL
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Fri, 16 Apr 2010 17:36:29 +0200

chromium-browser (5.0.342.9~r43360-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - Fix extensions installer where some extensions cannot be installed
      (issue 38220)
  * Don't build with system zlib on Intrepid/Jaunty (needed to unbreak the
    backports). See http://crbug.com/38073
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Wed, 07 Apr 2010 21:02:55 +0200

chromium-browser (5.0.342.7~r42476-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - fix an issue with Google SSL sites failing with 'error 107
      (net::ERR_SSL_PROTOCOL_ERROR)' (issue 37722)
    - Automatic translations and greater control over content for privacy
    - Really, really reload. A normal reload causes the browser to check with
      the server before reusing its cached content.  The server can decide
      whether or not the browser should use its cached content.  A force reload
      causes the browser to ignore its cached content and ask the server for a
      fresh copy of the page. Use Shift+Reload to force a reload.
  * Add libdbus-glib-1-dev to Build-Depends
    - update debian/control
  * Move third_party/gles2_book from STRIPPED_DIRS to ALMOST_STRIPPED_DIRS
    as we now need its gyp file (but nothing else)
    - update debian/rules
  * Bump gyp requirement to >= 0.1~svn795, it's needed for the new syntax
    - update debian/control
  * Add 'timestats' to INSTALL_EXCLUDE_FILES
    - update debian/rules
  * Import translations and mime-types from the upstream desktop file
    Thanks to Julien Lavergne <gilir@ubuntu.com> (LP: #538664)
    - update debian/chromium-browser.desktop
  * Import the free SVG logo from the Chromium website and install it
    in /usr/share/icons/hicolor/scalable/apps (LP: #528640)
    - add debian/chromium-browser.svg
    - update debian/rules
  * Move chromium-browser-inspector to Depends, it breaks some features
    when it's not installed
    - update debian/control
  * Rename chromium-codecs-ffmpeg-nonfree into chromium-codecs-ffmpeg-extra
    and move the two codecs back to Depends (LP: #537617, #513776)
    - update debian/control
 
 -- Fabien Tassin <fta@ubuntu.com>  Thu, 25 Mar 2010 08:22:40 +0100

chromium-browser (5.0.307.11~r39572-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - Fixed an issue where an error resolving a proxy server would not try a
      direct connection. (Issue 32316)
    - Fixed an extensions bug that could crash the entire browser. (Issue 34778)
    - Fixed an issue in the cross-site scripting auditor that could prevent
      Google translate from working on sites. (Issue 33115)

 -- Fabien Tassin <fta@ubuntu.com>  Sat, 27 Feb 2010 17:07:23 +0100

chromium-browser (5.0.307.9~r39052-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
    - Fixed a tab crash that could be triggered by visiting wordpress.com,
      http://acid3.acidtests.org/, and many other sites. (Issue 35498)
    - Fixed a tab crash in image loading. (Issue 32230)
    - Improved font bolding for fonts without native bold. (Issue 22360)
  * Bump gyp Build-Depends to >= 0.1~svn785
    - update debian/control
  * Add --no-circular-check to gyp_chromium to prevent gyp from failing
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Thu, 18 Feb 2010 00:20:07 +0100

chromium-browser (5.0.307.7~r38400+0-0ubuntu1) lucid; urgency=low

  * Disable WANT_SYSTEM_LIBS since it makes Gmail/GCal crash (libxml,
    libxslt, ..). See http://crbug.com/34725 (LP: #522078)
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Mon, 15 Feb 2010 12:17:07 +0100

chromium-browser (5.0.307.7~r38400-0ubuntu1) lucid; urgency=low

  * New upstream release from the Beta Channel
  * Re-add the -l10n strict version dependency on chromium-browser
    - update debian/control

 -- Fabien Tassin <fta@ubuntu.com>  Fri, 12 Feb 2010 22:00:39 +0100

chromium-browser (5.0.307.5~r37950+0-0ubuntu1) lucid; urgency=low

  * Drop third_party/libxml from STRIPPED_SYSTEM_LIB_DIRS
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Wed, 10 Feb 2010 18:46:55 +0100

chromium-browser (5.0.307.5~r37950-0ubuntu1) lucid; urgency=low

  * Add libxss-dev to Build-Depends, the new browser sync engine needs
    X11/extensions/scrnsaver.h
    - update debian/control
  * Add a safety net to get-orig-source when fetching sources for a channel
    - update debian/rules

 -- Fabien Tassin <fta@ubuntu.com>  Tue, 09 Feb 2010 17:07:18 +0100

chromium-browser (4.0.305.0~svn20100123r36929-0ubuntu1) lucid; urgency=low

  [ Fabien Tassin <fta@ubuntu.com> ]
  * Initial release. (Closes: #520324, LP: #387765)

  [ Alexander Sack <asac@ubuntu.com> ]
  * extensive license review; see copyright and copyright.problems;
    also see debian/licensecheck.pl for details how the copyright files are
    generated
  * address archive-admin comments:
    + add "Paul Hsieh's Public Domain Option" license snippet and mark
      net/disk_cache/hash.cc to be govered by that; recreate copyright*
      - add debian/licenses/LICENSE.Paul Hsieh's Public Domain Option
      - update debian/licensecheck.pl
      - update debian/copyright
      - update debian/copyright.problems

 -- Fabien Tassin <fta@ubuntu.com>  Tue, 26 Jan 2010 17:43:19 +0100
