commit libqt5-qtwebengine for openSUSE:Factory

3 Nov 2021

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libqt5-qtwebengine for openSUSE:Factory checked in at 2021-11-03 17:25:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old)
 and      /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1890 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "libqt5-qtwebengine"

Wed Nov  3 17:25:23 2021 rev:74 rq:928291 version:5.15.7

Changes:
--------

--- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes	2021-09-26 21:49:21.090825011 +0200
+++ /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1890/libqt5-qtwebengine.changes	2021-11-03 17:26:00.437328736 +0100
@@ -1,0 +2,65 @@
+Fri Oct 29 09:53:05 UTC 2021 - christophe@krop.fr
+
+- Update to version 5.15.7:
+  * Update Chromium:
+    [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
+    [Backport] sandbox: linux: allow clock_nanosleep & gettime64
+    [Backport] Linux sandbox: update syscall numbers for all platforms.
+    [Backport] Ease HarfBuzz API change with feature detection
+    [Backport] Security bug 1248665
+    [Backport] CVE-2021-37975 : Use after free in V8
+    [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
+    [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
+    [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
+    [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
+    [Backport] CVE-2021-30616: Use after free in Media.
+    [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
+    [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
+    [Backport] CVE-2021-37973 : Use after free in Portals
+    [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
+    [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
+    [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
+    [Backport] Linux sandbox: return ENOSYS for clone3
+    [Backport] Linux sandbox: fix fstatat() crash
+    [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+    [Backport] Security bug 1238178 (2/2)
+    [Backport] Security bug 1238178 (1/2)
+    [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
+    [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
+    [Backport] CVE-2021-30630: Inappropriate implementation in Blink
+    [Backport] CVE-2021-30629: Use after free in Permissions
+    [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
+    [Backport] CVE-2021-30627: Type Confusion in Blink layout
+    [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
+    [Backport] CVE-2021-30625: Use after free in Selection API
+    [Backport] Security bug 1206289
+    [Backport] CVE-2021-30613: Use after free in Base internals
+    [Backport] Security bug 1227228
+    [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
+  * Update patch level
+  * Blacklist certificate test until certicates have been renewed
+  * Block CORS from local URLs when remote access is not enabled
+  * Do not wait on weak_pointer for termination errors
+  * Support MSVC_VER 16.8
+  * Fix wrong save file filter for Markdown Editor example
+  * Add Chromium version source documentation
+  * Bump version from 5.15.6 to 5.15.7
+  * Fix crash when clicking on a link in PDF
+- Drop openSUSE patches:
+  * fix1163766.patch. Should be addressed with:
+    https://github.com/qt/qtwebengine-chromium/commit/652f834de
+    https://github.com/qt/qtwebengine-chromium/commit/faae106ed
+    https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf
+  * chromium-glibc-2.33.patch. Should be addressed with the
+    [Backport] Linux sandbox: fix fstatat() crash and
+    Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
+    changes.
+  * chromium-older-harfbuzz.patch
+- Drop upstream changes:
+  * 0001-return-ENOSYS-for-clone3.patch
+  * chromium-harfbuzz-3.0.0.patch
+  * skia-harfbuzz-3.0.0.patch
+- Rebase patches:
+  * sandbox-statx-futex_time64.patch
+
+-------------------------------------------------------------------

Old:
----
  0001-return-ENOSYS-for-clone3.patch
  chromium-glibc-2.33.patch
  chromium-harfbuzz-3.0.0.patch
  chromium-older-harfbuzz.patch
  fix1163766.patch
  qtwebengine-everywhere-src-5.15.6.tar.xz
  skia-harfbuzz-3.0.0.patch

New:
----
  qtwebengine-everywhere-src-5.15.7.tar.xz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libqt5-qtwebengine.spec ++++++
--- /var/tmp/diff_new_pack.ubc07p/_old	2021-11-03 17:26:12.589335382 +0100
+++ /var/tmp/diff_new_pack.ubc07p/_new	2021-11-03 17:26:12.589335382 +0100
@@ -29,35 +29,26 @@
 %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries
 
 Name:           libqt5-qtwebengine
-Version:        5.15.6
+Version:        5.15.7
 Release:        0
 Summary:        Qt 5 WebEngine Library
 License:        LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
 Group:          Development/Libraries/X11
 URL:            https://www.qt.io
 %define base_name libqt5
-%define real_version 5.15.6
-%define so_version 5.15.6
+%define real_version 5.15.7
+%define so_version 5.15.7
 %define tar_version qtwebengine-everywhere-src-%{version}
 Source:         %{tar_version}.tar.xz
 # PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration for armv6
 Patch0:         armv6-ffmpeg-no-thumb.patch
 # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff
 Patch1:         disable-gpu-when-using-nouveau-boo-1005323.diff
-Patch2:         fix1163766.patch
-Patch3:         sandbox-statx-futex_time64.patch
+Patch2:         sandbox-statx-futex_time64.patch
 # PATCH-FIX-OPENSUSE
-Patch4:         rtc-dont-use-h264.patch
+Patch3:         rtc-dont-use-h264.patch
 # PATCH-FIX-UPSTREAM
-Patch5:         chromium-glibc-2.33.patch
-# PATCH-FIX-UPSTREAM
-Patch6:         0001-Fix-build-with-glibc-2.34.patch
-# PATCH-FIX-UPSTREAM
-Patch7:         0001-return-ENOSYS-for-clone3.patch
-Patch8:         chromium-harfbuzz-3.0.0.patch
-Patch9:         skia-harfbuzz-3.0.0.patch
-# PATCH-FIX-OPENSUSE
-Patch10:        chromium-older-harfbuzz.patch
+Patch4:         0001-Fix-build-with-glibc-2.34.patch
 # http://www.chromium.org/blink is not ported to PowerPC & s390
 ExcludeArch:    ppc ppc64 ppc64le s390 s390x
 # Try to fix i586 MemoryErrors with rpmlint

++++++ _service ++++++
--- /var/tmp/diff_new_pack.ubc07p/_old	2021-11-03 17:26:12.625335402 +0100
+++ /var/tmp/diff_new_pack.ubc07p/_new	2021-11-03 17:26:12.625335402 +0100
@@ -1,11 +1,11 @@
 <services>
   <service name="tar_scm" mode="disabled">
    <param name="changesgenerate">enable</param>
-   <param name="version">5.15.6</param>
+   <param name="version">5.15.7</param>
    <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
    <param name="scm">git</param>
    <param name="filename">qtwebengine-everywhere-src</param>
-   <param name="revision">v5.15.6-lts</param>
+   <param name="revision">v5.15.7-lts</param>
   </service>
   <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.ubc07p/_old	2021-11-03 17:26:12.641335411 +0100
+++ /var/tmp/diff_new_pack.ubc07p/_new	2021-11-03 17:26:12.641335411 +0100
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
-              <param name="changesrevision">2acbba86362ac3a1c2d8c20390dc263875f8f09c</param></service></servicedata>
\ No newline at end of file
+              <param name="changesrevision">f0a1cb8da24518c03858b85378f9ad82b0603a1a</param></service></servicedata>
\ No newline at end of file

++++++ qtwebengine-everywhere-src-5.15.6.tar.xz -> qtwebengine-everywhere-src-5.15.7.tar.xz ++++++
/work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.15.6.tar.xz /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1890/qtwebengine-everywhere-src-5.15.7.tar.xz differ: char 15, line 1

++++++ sandbox-statx-futex_time64.patch ++++++
--- /var/tmp/diff_new_pack.ubc07p/_old	2021-11-03 17:26:12.669335427 +0100
+++ /var/tmp/diff_new_pack.ubc07p/_new	2021-11-03 17:26:12.673335428 +0100
@@ -8,11 +8,11 @@
 futex_time64 is also used internally in glibc, so handle that as well.
 The signature is identical where it matters.
 
-diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-index 3c67b124786..4772dc096f5 100644
+diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+index 6f7768f7d..b3335e2bf 100644
 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
 +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-@@ -194,6 +194,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+@@ -203,6 +203,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
    if (sysno == __NR_futex)
      return RestrictFutex();
  
@@ -24,8 +24,8 @@
    if (sysno == __NR_set_robust_list)
      return Error(EPERM);
  
-@@ -257,6 +262,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
-     return RestrictKillTarget(current_pid, sysno);
+@@ -283,6 +288,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
+     return RewriteFstatatSIGSYS(fs_denied_errno);
    }
  
 +#if defined(__NR_statx)

    

Source-Sync

tags

participants (1)