Update SVG logo

Dmitry’s link is a vector SVG, what was shipped with Chromium PPA is a PNG embedded in an SVG. Quite pointless.

not my fault, it's dh_scour:

https://launchpadlibrarian.net/69162492/buildlog_ubuntu-natty-i386.chromium-browser_12.0.733.0~svn20110412r81202-0ubuntu1~ucd2_BUILDING.txt.gz

==============
# only call dh_scour for packages in main
if grep -q '^Component:[[:space:]]*main' /CurrentlyBuilding 2>/dev/null; then dh_scour -pchromium-browser ; fi
scour 0.25
Copyright Jeff Schiller, Louis Simard, 2010
 File: chromium-browser.svg
 Time taken: 0.02s
 Number of elements removed: 1
 Number of attributes removed: 8
 Number of unreferenced id attributes removed: 0
 Number of style properties fixed: 0
 Number of raster images embedded inline: 0
 Number of path segments reduced/removed: 0
 Number of bytes saved in path data: 0
 Number of bytes saved in colors: 0
 Number of points removed from polygons: 0
 Number of bytes saved in comments: 0
 Number of bytes saved in id attributes: 0
 Number of bytes saved in lengths: 0
 Number of bytes saved in transformations: 0
 Original file size: 40841 bytes; new file size: 40649 bytes (99.52%)
cmpsvg: python-rsvg not installed, cannot compare SVG images
=========

This bug was fixed in the package chromium-browser - 11.0.696.57~r82915-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.57~r82915-0ubuntu0.10.04.1) lucid-security; urgency=high

  * New Major upstream release from the Stable Channel (LP: #771935)
    This release fixes the following security issues:
    + WebKit issues:
      - [61502] High, CVE-2011-1303: Stale pointer in floating object handling.
        Credit to Scott Hess of the Chromium development community and Martin
        Barbella.
      - [70538] Low, CVE-2011-1304: Pop-up block bypass via plug-ins. Credit to
        Chamal De Silva.
      - [70589] Medium, CVE-2011-1305: Linked-list race in database handling.
        Credit to Kostya Serebryany of the Chromium development community.
      - [73526] High, CVE-2011-1437: Integer overflows in float rendering.
        Credit to miaubiz.
      - [74653] High, CVE-2011-1438: Same origin policy violation with blobs.
        Credit to kuzzcc.
      - [75186] High, CVE-2011-1440: Use-after-free with <ruby> tag and CSS.
        Credit to Jose A. Vazquez.
      - [75347] High, CVE-2011-1441: Bad cast with floating select lists.
        Credit to Michael Griffiths.
      - [75801] High, CVE-2011-1442: Corrupt node trees with mutation events.
        Credit to Sergey Glazunov and wushi of team 509.
      - [76001] High, CVE-2011-1443: Stale pointers in layering code. Credit to
        Martin Barbella.
      - [76646] Medium, CVE-2011-1445: Out-of-bounds read in SVG. Credit to
        wushi of team509.
      - [76666] [77507] [78031] High, CVE-2011-1446: Possible URL bar spoofs
        with navigation errors and interrupted loads. Credit to kuzzcc.
      - [76966] High, CVE-2011-1447: Stale pointer in drop-down list handling.
        Credit to miaubiz.
      - [77130] High, CVE-2011-1448: Stale pointer in height calculations.
        Credit to wushi of team509.
      - [77346] High, CVE-2011-1449: Use-after-free in WebSockets. Credit to
        Marek Majkowski.
      - [77463] High, CVE-2011-1451: Dangling pointers in DOM id map. Credit to
        Sergey Glazunov.
      - [79199] High, CVE-2011-1454: Use-after-free in DOM id handling. Credit
        to Sergey Glazunov.
    + Chromium issues:
      - [71586] Medium, CVE-2011-1434: Lack of thread safety in MIME handling.
        Credit to Aki Helin.
      - [72523] Medium, CVE-2011-1435: Bad extension with ‘tabs’ permission can
        capture local files. Credit to Cole Snodgrass.
      - [72910] Low, CVE-2011-1436: Possible browser crash due to bad
        interaction with X. Credit to miaubiz.
      - [76542] High, CVE-2011-1444: Race condition in sandbox launcher. Credit
        to Dan Rosenberg.
      - [77349] Low, CVE-2011-1450: Dangling pointers in file dialogs. Credit
        to kuzzcc.
      - [77786] Medium, CVE-2011-1452: URL bar spoof with redirect and manual
        reload. Credit to Jordi Chancel.
      - [74763] High, CVE-2011-1439: Prevent interference between renderer
        processes. Credit to Julien Tinnes of the Google Security Team.
  * Fix the password store regression from the last Chromium 10 update.
    Backport from trunk provided by Elliot Glaysher from...

It's still embedded PNG there!

As I said, the svg is modified at build time by dh_scour, it's not something the chromium-browser package does, that's part of the cdbs magic.

@pitti: dh_scour runs on PPAs, I assume that's not expected. Also, it would be nice to be able to disable it using a CDBS variable.

@Fabien,

scour is expected to run in PPAs, it's part of the normal toolchain, not pkgbinarymangler.

You can disable scouring with setting DEB_DH_SCOUR_ARGS=-X..., either by-file with -Xpattern or globally with -Xsvg (it's a standard debhelper option).

This bug was fixed in the package chromium-browser - 11.0.696.65~r84435-0ubuntu1

---------------
chromium-browser (11.0.696.65~r84435-0ubuntu1) oneiric; urgency=high

  * New Minor upstream release from the Stable Channel (LP: #778822)
    This release fixes the following security issues:
    + WebKit issues:
      - [67923] High, CVE-2010-1793: stale pointer in SVG image handling
        (credit: Mitz)
      - [78327] High, CVE-2010-1794: integer overflow in SVG filters (credit:
        Inferno)
      - [78948] High, CVE-2010-1795: integer underflow in forms handling
        (credit: Cris Neckar)
      - [79055] High, CVE-2010-1796: use-after-free in frame handling (credit:
        Inferno)
      - [79075] High, CVE-2010-1797: stale pointer in table captioning (credit:
        wushi)
      - [79595] High, CVE-2010-1798: bad cast in SVG text handling (credit:
        Inferno)
  * Add a static quicklist for Unity allowing to open a new window (either regular
    or incognito) or a fresh session with a temporary profile
    - update debian/chromium-browser.desktop
  * Don't let scour touch the svg files (LP: #748881)
    - update debian/rules
  * Pass --delete_unversioned_trees to gclient and drop the git.chromium.org
    workaround.
    - update debian/rules
  * Build with gcc-4.5 on Oneiric for now. It's not ready for 4.6
    - update debian/control
    - update debian/rules
 -- Fabien Tassin <email address hidden> Fri, 06 May 2011 23:04:53 +0200

@ubuntu-sru
Could I please get an ACK for this and whether or not this can be included in the next security update or if it needs to go through -proposed separately?

OK from my side to fold it into the security update, it's easy enough to test in the built binaries.

Can someone please improve the test case for me here? I can't really tell what I'm supposed to test. The menu and panel icon look the same to me.

Still embedded PNG in dev ppa for natty.

@Micah: new test case:
cat /usr/share/icons/hicolor/scalable/apps/chromium-browser.svg | grep data:image/png
There should be nothing in the output.

This probably won't make it into the next upload. I'll wait until it's confirmed fixed in the PPA before I SRU whatever the fix is.

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu1) oneiric; urgency=low

  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
      - other issues covered by CVE-2011-1802, CVE-2011-1803, CVE-2011-1805
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
  * Don't build with libjpeg-turbo on armel, to prevent a FTBFS
    - update debian/rules
 -- Fabien Tassin <email address hidden> Thu, 24 May 2011 23:42:08 +0200

Added Maverick and Lucid tasks since the broke version was pushed to those releases as well.

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu0.10.04.1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu0.10.04.1) lucid-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
 -- Micah Gersten <email address hidden> Wed, 25 May 2011 15:24:22 -0500

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu0.10.10.1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu0.10.10.1) maverick-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
 -- Micah Gersten <email address hidden> Wed, 25 May 2011 17:12:59 -0500

This bug was fixed in the package chromium-browser - 11.0.696.71~r86024-0ubuntu0.11.04.1

---------------
chromium-browser (11.0.696.71~r86024-0ubuntu0.11.04.1) natty-security; urgency=low

  [ Fabien Tassin <email address hidden> ]
  * New Minor upstream release from the Stable Channel (LP: #787846)
    This release fixes the following security issues:
    + WebKit issues:
      - [72189] Low, CVE-2011-1801: Pop-up blocker bypass. Credit to Chamal De
        Silva.
      - [82546] High, CVE-2011-1804: Stale pointer in floats rendering. Credit
        to Martin Barbella.
      - [82903] Critical, CVE-2011-1807: Out-of-bounds write in blob handling.
        Credit to Google Chrome Security Team (Inferno) and Kostya Serebryany
        of the Chromium development community.
    + GPU/WebGL issue:
      - [82873] Critical, CVE-2011-1806: Memory corruption in GPU command
        buffer. Credit to Google Chrome Security Team (Cris Neckar).
  * Update the svg icon once again, the previous one contained an embedded png
    (LP: #748881)
    - update debian/chromium-browser.svg
 -- Micah Gersten <email address hidden> Wed, 25 May 2011 18:01:58 -0500