-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 28 May 2025 18:47:40 -0400
Source: chromium
Architecture: source
Version: 137.0.7151.55-3~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Chromium Team <chromium@packages.debian.org>
Changed-By: Andres Salomon <dilinger@debian.org>
Changes:
 chromium (137.0.7151.55-3~deb12u1) bookworm-security; urgency=high
 .
   [ Timothy Pearson ]
   * Fix FTBFS on ppc64el due to third party xnnpack library
   * d/patches/ppc64le:
     - third_party/0001-add-xnn-ppc64el-support.patch: Add ppc64el support to
       xnn build system
     - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate xnn BUILD.gn
       file
 .
 chromium (137.0.7151.55-2) unstable; urgency=high
 .
   * Switch build-deps with :all to :native.
 .
 chromium (137.0.7151.55-1) unstable; urgency=high
 .
   [ Daniel Richard G. ]
   * d/control: Elaborate Build-Depends: clause for a cross build. Also drop
     x11-apps, as it appears to be unused, as well as libmodpbase64-dev as
     it is built in-tree under third_party/modp_b64/. Add a Build-Conflicts:
     clause to avoid some snafus on Ubuntu.
   * d/patches:
     - debianization/cross-build.patch: New patch implementing the bulk of our
       cross-build support.
     - upstream/cross-build-target.patch: New upstream patch that sets
       --target=... explicitly on all builds. Needed for a cross build.
     - fixes/clang-rust-target.patch: Drop, as this patch is made redundant by
       the preceding one.
   * d/rules: Add settings and environment exports needed for a cross build.
 .
   [ Andres Salomon ]
   * New upstream stable release.
     - CVE-2025-5063: Use after free in Compositing. Reported by Anonymous.
     - CVE-2025-5280: Out of bounds write in V8. Reported by [pwn2car].
     - CVE-2025-5064: Inappropriate implementation in Background Fetch API.
       Reported by Maurice Dauer .
     - CVE-2025-5065: Inappropriate implementation in FileSystemAccess API.
       Reported by NDevTK.
     - CVE-2025-5066: Inappropriate implementation in Messages.
       Reported by Mohit Raj (shadow2639) .
     - CVE-2025-5281: Inappropriate implementation in BFCache.
       Reported by Jesper van den Ende (Pelican Party Studios).
     - CVE-2025-5283: Use after free in libvpx. Reported by Mozilla.
     - CVE-2025-5067: Inappropriate implementation in Tab Strip.
       Reported by Khalil Zhani.
   * d/control: switch bindgen:any build-dep to bindgen:native.
   * d/rules: disable optimize_webui for now due to a rollup 3.x issue.
   * d/patches:
     - upstream/media-optional.patch: drop, merged upstream.
     - fixes/media-cstdint.patch: drop part of patch merged upstream.
     - fixes/perfetto-nullptr.patch: drop due to upstream code changes.
     - upstream/arm32-crel.patch: refresh.
     - disable/tests.patch: refresh.
     - system/gperf.patch: drop, merged upstream.
     - bookworm/gn-revert-path-exists.patch: refresh.
     - bookworm/gn-allowlist.patch: refresh.
     - ungoogled/disable-privacy-sandbox.patch: update from ungoogled.
     - bookworm/clang19.patch: add new unsupported arg removal
       (-fextend-variable-liveness).
     - upstream/span-fwd.patch: add build fix pulled from upstream.
     - upstream/mojo-optional.patch: add build fix pulled from upstream.
     - bookworm/constexpr3.patch: add yet another constexpr workaround.
     - upstream/opener-heur.patch: add build fix pulled from upstream.
     - upstream/allowed-state.patch: add build fix pulled from upstream.
     - upstream/pdfium-libpng.patch: add build fix pulled from upstream.
     - upstream/safety-hub-set.patch: add build fix pulled from upstream.
     - bookworm/gn-absl.patch: add global visibility for another type.
     - bookworm/constexpr.patch: refresh.
     - bookworm/stdarch-arm.patch: update path for rust crate.
     - bookworm/rust-is-none-or.patch: add another workaround for missing
       is_none_or() function.
     - bookworm/toktrie-utf8chunks.patch: add workaround for missing
       utf8_chunks() in rustc-web 1.78.
     - bookworm/derivre-create.patch: enable rust unstable features
       everywhere, and add some that derivre requires (from newer rustc).
 .
   [ Timothy Pearson ]
   * d/patches/ppc64le:
     - sandbox/features.gni: refresh for upstream changes
     - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch:
       regenerate from upstream sources
     - fixes/fix-partition-alloc-compile.patch: refresh for upstream changes
     - third_party/skia-vsx-instructions.patch: refresh for upstream changes
Checksums-Sha1:
 553080afe6368644b2cdd548bcd31be5059c7d21 3997 chromium_137.0.7151.55-3~deb12u1.dsc
 764e58eb7f85d5776e28e9f9fadca0a2e9148d66 943831428 chromium_137.0.7151.55.orig.tar.xz
 757246e6972644ca74c685b837e5ca71ee24d0a9 8488380 chromium_137.0.7151.55-3~deb12u1.debian.tar.xz
 6f404a9ae475712c711f89a5040e02a87e5b64fb 26603 chromium_137.0.7151.55-3~deb12u1_source.buildinfo
Checksums-Sha256:
 c092426f062857e05da58183ac53eeb76ec14b69d5583244fed4f2f83a8e6490 3997 chromium_137.0.7151.55-3~deb12u1.dsc
 1b7e9225c6ae7b44e0caf9ce4aedc1057b3b64c26f22dfc4f1f0e3dd27f68121 943831428 chromium_137.0.7151.55.orig.tar.xz
 002147373e873fcffbc720fa5cfb3fd39003f737d6246360ef785b52f8939603 8488380 chromium_137.0.7151.55-3~deb12u1.debian.tar.xz
 cd7dea34d7daf579e743735313b38997c4d440bc101b2aeaa885f0dcac1e0656 26603 chromium_137.0.7151.55-3~deb12u1_source.buildinfo
Files:
 2547c877c643901035828c80b67dd30b 3997 web optional chromium_137.0.7151.55-3~deb12u1.dsc
 11471239cb9e568ccdbb9678b2a381cb 943831428 web optional chromium_137.0.7151.55.orig.tar.xz
 c323679a9a7d5aecf098d0480e8e3ef8 8488380 web optional chromium_137.0.7151.55-3~deb12u1.debian.tar.xz
 a954a6a8dad0b4d59b720f3b84803da9 26603 web optional chromium_137.0.7151.55-3~deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEUAUk+X1YiTIjs19qZF0CR8NudjcFAmg3qwQUHGRpbGluZ2Vy
QGRlYmlhbi5vcmcACgkQZF0CR8Nudjex0BAAkCFHy86nMrFX47DnlvdERSiZ03Mk
SErN7hVf8Cj86cV2zCeMWSMa786koprYZK5dvfqHiI1jx1UcYVWQ58k+5L5mysFL
sN4U4dHqyZeCJykGX7GMyQPNV5EmEEObmz1/JolEjPM977LT4izhtX+NOnztepTi
BF66vP1lCZI87OYncWh7UbpR4ARpWKW9fsqez042WcwiteJS16dnhqrk74xqOeZU
Lf92UZnF+Ic13zDeFdvGQeEOgYQkYr9qWAtwqVbPydi/t0BcvcN1ccDuAbMBOIGv
Qi4soPD3H7D8oqqzcPZz5zB4kEXPpqsJKw7pYJA22rO+QY/dqrWrkj2h/3WtEsH0
dIcKG5j/TSmTeK48pE6ej9Qk+oE3mnS74Bjg9MlvycjnKGl5Xhaq+4FX1eYDu/LD
6dcs8asIKLmBInKxc4Qz9Hrxn0LAYWs09/J7UEYXdjK2VVqFGGcFlu9y/YS28KjJ
AUQ/JOw28/D1vtx7VXzEygP2v6w6J0cFKreJ3hyduv9waUslyIJZPpgIkLqsNrqX
1zZ0vFR9ol1eMrpeJFSIkC9Zk4ZgIcspW7RhZG8jaPyG68G5j1pcRtWmehUJvhnh
Kznf69qn36zdzQRsPDL1XQzwgEa/Vv3ijzyFVqRUQOUJxW6yx06QEjOQZ1Ez6V3B
9ACWMr2o5Pl8yo0=
=NZrv
-----END PGP SIGNATURE-----