Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libQt5Pdf5 | Distribution: openSUSE Tumbleweed |
Version: 5.15.18 | Vendor: openSUSE |
Release: 1.1 | Build date: Tue Dec 3 14:23:13 2024 |
Group: Development/Libraries/X11 | Build host: reproducible |
Size: 3340717 | Source RPM: libqt5-qtwebengine-5.15.18-1.1.src.rpm |
Packager: http://bugs.opensuse.org | |
Url: https://www.qt.io | |
Summary: Qt5 PDF library |
Main library of the Qt PDF module.
LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
* Tue Dec 03 2024 christophe@krop.fr - Update to version 5.15.18: * Bump version to 5.15.18 * Fix build errors with -no-opengl configuration * Fixup "Add option to chose python version for building 5.15 WebEngine" * [Backport] CVE-2024-9602: Type Confusion in V8 * [Backport] CVE-2024-9603: Type Confusion in V8 * FIXUP: [Backport] CVE-2024-7965: Inappropriate implementation in V8 * [Backport] CVE-2024-45492 / Security bug 364778067 * [Backport] CVE-2024-9123: Integer overflow in Skia * [Backport] CVE-2024-5158: Type Confusion in V8 * [Backport] CVE-2024-7971: Type confusion in V8 * [Backport] CVE-2024-4761: Out of bounds write in V8 * [Backport] CVE-2024-8636: Heap buffer overflow in Skia * [Backport] CVE-2024-8198: Heap buffer overflow in Skia * [Backport] Security bug 346799730 * [Backport] CVE-2024-7967: Heap buffer overflow in Fonts * [Backport] CVE-2024-7965: Inappropriate implementation in V8 * [Backport] CVE-2024-7532: Out of bounds memory access in ANGLE * Fix build with GCC 15 * [Backport] CVE-2024-7536: Use after free in WebAudio * [Backport] Dependency for CVE-2024-7536 * [Backport] Security bug 338574384 * [Backport] CVE-2024-6996: Race in Frames * [Backport] CVE-2024-6989: Use after free in Loader * [Backport] CVE-2024-6291: Use after free in Swiftshader * [Backport] CVE-2024-5846: Use after free in PDFium * [Backport] Security bug 340606786 * [Backport] CVE-2024-5496: Use after free in Media Session * [Backport] Dependency for CVE-2024-3914 * [Backport] Security bug 329699609 * [Backport] CVE-2024-3914: Use after free in V8 * [Backport] CVE-2024-4558: Use after free in ANGLE * [Backport] Security bug 327698060 * [Backport] CVE-2024-4058: Type Confusion in ANGLE * [Backport] Security bug 40940917 * [Backport] CVE-2024-3837: Use after free in QUIC * [Backport] CVE-2024-3839: Out of bounds read in Fonts * Fix dependecy when compiling content/browser * [Backport] CVE-2024-3516: Heap buffer overflow in ANGLE * [Backport] CVE-2024-3157: Out of bounds write in Compositing * [Backport] Security bug 329674887 * Prevent duplicate definition of blink::ResolveColor in jumbo builds * Wed Sep 04 2024 Guillaume GARDET <guillaume.gardet@opensuse.org> - Disable LTO on %{arm} to fix build * Thu Aug 29 2024 Antonio Larrosa <alarrosa@suse.com> - Remove the unrar sources from the third_party directory in %prep so we're sure not to use any code with a non-free license. * Wed Aug 07 2024 Christophe Marin <christophe@krop.fr> - Add ffmpeg 7 compatibility patch (Picked from Arch): * qt5-webengine-ffmpeg7.patch * Sun Jun 09 2024 Andreas Stieger <andreas.stieger@gmx.de> - use bundled re2 (boo#1226119) * Thu May 23 2024 Christophe Marin <christophe@krop.fr> - Add compatibility patches for ICU 75: * qt5-webengine-icu-75.patch * 0001-Use-default-constructor-in-place-of-self-delegation-.patch - Consequently build with a newer compiler on Leap 15 * Wed May 22 2024 christophe@krop.fr - Update to version 5.15.17: * Add option to chose python version for building 5.15 WebEngine * Update Chromium. Backported fixes: * [Backport] Security bug 325296797 * [Backport] CVE-2024-1059: Use after free in WebRTC * [Backport] Security bug 1518994 * Fixup for [Backport] Security bug 1519980 * [Backport] CVE-2024-1283: Heap buffer overflow in Skia * [Backport] CVE-2024-1060: Use after free in Canvas * [Backport] CVE-2024-1077: Use after free in Network * [Backport] Security bug 1519980 * [Backport] CVE-2024-0808: Integer underflow in WebUI * [Backport] CVE-2024-0807: Use after free in WebAudio * Fix ffmpeg assembly with newer binutil * [Backport] Security bug 1511689 * [Backport] CVE-2024-0224: Use after free in WebAudio * [Backport] CVE-2023-7024: Heap buffer overflow in WebRTC * [Backport] Security bug 1506535 * [Backport] CVE-2024-0519: Out of bounds memory access in V8 * [Backport] CVE-2024-0518: Type Confusion in V8 * [Backport] CVE-2024-0333: Insufficient data validation in Extensions * [Backport] CVE-2024-0222: Use after free in ANGLE * Fixup: [Backport] Security bug 1488199 * FIXUP: Fix compilation with system ICU * Fixup: [Backport] Security bug 1505632 * [Backport] Security bug 1505632 * [Backport] CVE-2023-6702: Type Confusion in V8 * [Backport] CVE-2023-6345: Integer overflow in Skia * Bump V8_PATCH_LEVEL * [Backport] Security bug 1488199 (2/2) * [Backport] Security bug 1488199 (1/2) * [Backport] CVE-2023-6510: Use after free in Media Capture * Fix building with system libxml2 * [Backport] CVE-2023-6347: Use after free in Mojo * [Backport] CVE-2023-6112: Use after free in Navigation * [Backport] CVE-2023-5997: Use after free in Garbage Collection - Drop patches, merged upstream: * 0001-Fix-building-with-system-libxml2.patch * qtwebengine-python3.patch * python311-fixes.patch - Update _service file, catapult snapshots are not needed anymore * Fri May 17 2024 Christoph G <foss@grueninger.de> - Backport Ninja 1.12 compatibility patch (and adjust paths) Add-missing-dependencies.patch from upstream * Fri Apr 19 2024 Christophe Marin <christophe@krop.fr> - Add patch to fix build with libxml >= 2.12: * 0001-Fix-building-with-system-libxml2.patch * Sat Feb 24 2024 Jan Engelhardt <jengelh@inai.de> - Drop BuildRequire on libsrtp, qt builds a bundled copy. * Tue Feb 20 2024 Christophe Marin <christophe@krop.fr> - Switch to '%patch -P' - Build with python 3.11 on Leap * Wed Nov 22 2023 christophe@krop.fr - Update to version 5.15.16: * Bump version to 5.15.16 * Add check for system ffmpeg compatibility * Fix handling of external URLs in PDFs * Update Chromium: * [Backport] CVE-2023-5996: Use after free in WebAudio * [Backport] CVE-2023-5482 and CVE-2023-5849 * [Backport] CVE-2023-45853: Buffer overflow in MiniZip * [Backport] Security bug 1478470 * [Backport] Security bug 1472365 and 1472366 * [Backport] CVE-2023-5218: Use after free in Site Isolation * [Backport] Security bug 1486316 * FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64 * [Backport] Add Intel Meteorlake GPU series type * [Backport] Add Intel Raptorlake GPU series type * [Backport] Add a few missing IntelGpuSeriesTypes in gpu_util.cc * [Backport] Add Intel Alchemist GPU series type * [Backport] Add Alderlake to intel_gpu_series field in gpu control list. * [Backport] Add missing Intel GPU series types. * [Backport] Add Alderlake's GPU to list supporting two NV12 overlay planes. * [Backport] CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx * [Backport] Security bug 1479104 * [Backport] [PA] Support 16kb pagesize on Linux+ARM64 * [Backport] Replace uses of re2::StringPiece::set(). * Fix build with GCC 13 * Fix errors and warnings for perfetto * Remove nodiscard attribute from cpwl_combo_box.h * Bump V8_PATCH_LEVEL * [Backport] CVE-2023-4762: Type Confusion in V8 * [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL * [Backport] CVE-2023-4354: Heap buffer overflow in Skia * [Backport] CVE-2023-4351: Use after free in Network * Disable Windows IME for GPU thread * [Backport] CVE-2023-4863: Heap buffer overflow in WebP * [Backport] Security bug 1465224 * [Backport] Dependency for security bug 1465224 * [Backport] CVE-2023-4071: Heap buffer overflow in Visuals * [Backport] CVE-2023-4076: Use after free in WebRTC * [Backport] CVE-2023-4074: Use after free in Blink Task Scheduling * Fri Sep 01 2023 christophe@krop.fr - Update to version 5.15.15: * Update Chromium: * [Backport] Security bug 1454860 * Further fixes for building with GCC 13 * Fixup [Backport] CVE-2023-2935: Type Confusion in V8 * [Backport] Security bug 1447430 * [Backport] CVE-2023-2930: Use after free in Extensions * [Backport] CVE-2023-3079: Type Confusion in V8 * [Backport] CVE-2023-3216: Type Confusion in V8 * [Backport] CVE-2023-2933: Use after free in PDF * [Backport] CVE-2023-2935: Type Confusion in V8 * [Backport] CVE-2023-2932: Use after free in PDF * [Backport] CVE-2023-2931: Use after free in PDF * [Backport] Security bug 1444195 * [Backport] Security bug 1428743 * [Backport] CVE-2023-2721: Use after free in Navigation * Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de> - build with older re2 on Tumbleweed, the upcoming re2 2023-07-01 breaks qtwebengine * Thu May 25 2023 christophe@krop.fr - Update to version 5.15.14: * Blacklist TouchInputTest::touchTap for sles 15.4 * Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15 * Do not allow universal with debug builds * Enable accessibility by default on Linux * Fix blacklisting of mouseMovementProperties for sles 15.4 * Fix build with GCC 13 * Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets * Fix memory management in QPdfDocument functions * Update Chromium: * Fixes for building with GCC-13 * [Backport] CVE-2023-1215: Type Confusion in CSS * [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting * [Backport] CVE-2023-1219: Heap buffer overflow in Metrics * [Backport] CVE-2023-1220: Heap buffer overflow in UMA * [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API * [Backport] CVE-2023-1529: Out of bounds memory access in WebHID * [Backport] CVE-2023-1530: Use after free in PDF * [Backport] CVE-2023-1531: Use after free in ANGLE * [Backport] CVE-2023-1534: Out of bounds read in ANGLE * [Backport] CVE-2023-1810: Heap buffer overflow in Visuals * [Backport] CVE-2023-1811: Use after free in Frames * [Backport] CVE-2023-2033: Type Confusion in V8 * [Backport] CVE-2023-2137: Heap buffer overflow in sqlite * [Backport] CVE-2023-29469 / Security bug 1433328 * [Backport] Security bug 1337747 * [Backport] Security bug 1417585 * [Backport] Security bug 1418734 * [Backport] Security bug 1423360 * [Backport] Security bug 1427388 - Drop patch, merged upstream: * 0001-Fixes-for-building-with-GCC-13.patch * Fri Apr 28 2023 Dirk Müller <dmueller@suse.com> - add python311-fixes.patch: * Fix build when python3 is python 3.11+ * Tue Apr 11 2023 Christophe Marin <christophe@krop.fr> - Add patch to fix build with GCC 13 (boo#1207469): * 0001-Fixes-for-building-with-GCC-13.patch * Thu Mar 09 2023 christophe@krop.fr - Update to version 5.15.13: * Force to disable IPC logging * Move out GetInProcessGpuShareGroup form content browser client * Fix probabilistic signature scheme * Bump version to 5.15.13 * Recreate response head objects on multiple redirect * Add checksum to mailbox name in Release build too * Drop dependency on content/public/browser in content gpu * FIXUP: Mark Node::opcode() and Operator::opcode() as constexpr * [Backport] Add missing include for std::begin and std::end in SkParseColor.cpp * [Backport] CVE-2022-4179: Use after free in Audio * [Backport] CVE-2022-4437: Use after free in Mojo IPC * [Backport] CVE-2022-4438: Use after free in Blink Frames * [Backport] CVE-2023-0129: Heap buffer overflow in Network Service * [Backport] CVE-2023-0472: Use after free in WebRTC * [Backport] CVE-2023-0698: Out of bounds read in WebRTC * [Backport] CVE-2023-0931: Use after free in Video * [Backport] CVE-2023-0933: Integer overflow in PDF * [Backport] Disable ABSL_HAVE_STD_IS_TRIVIALLY_ASSIGNABLE for clang-cl * [Backport] Fix more clang deprecated builtins * [Backport] Map the absl::is_trivially_* functions to their std impl * [Backport] Mark Node::opcode() and Operator::opcode() as constexpr * [Backport] Security bug 1393384 * [Backport] Security bug 1394382 * [Backport] Security bug 1399424 * [Backport] Security bug 1406115 * [Backport][Windows] Remove unused sidestep intercepts - Update 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch * Thu Mar 09 2023 Martin Liška <mliska@suse.cz> - Use gcc12 for openSUSE:Factory as workaround for boo#1207469. * Thu Dec 29 2022 christophe@krop.fr - Update to version 5.15.12: * Bump version to 5.15.12 * Update Chromium: * Bump V8_PATCH_LEVEL * Fixup for patch for CVE-2022-3200 on OpenSuse 15.1 * Fixup the patch for CVE-2022-3200 on 87-based / 5.15 * [Backport] CVE-2022-3038: Use after free in Network Service * [Backport] CVE-2022-3040: Use after free in Layout * [Backport] CVE-2022-3041: Use after free in WebSQL * [Backport] CVE-2022-3046: Use after free in Browser Tag * [Backport] CVE-2022-3075: Insufficient data validation in Mojo * [Backport] CVE-2022-3196: Use after free in PDF * [Backport] CVE-2022-3197: Use after free in PDF * [Backport] CVE-2022-3198: Use after free in PDF * [Backport] CVE-2022-3199: Use after free in Frames. * [Backport] CVE-2022-3200: Heap buffer overflow in Internals * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (1/2) * [Backport] CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools (2/2) * [Backport] CVE-2022-3304: Use after free in CSS * [Backport] CVE-2022-3370: Use after free in Custom Elements * [Backport] CVE-2022-3373: Out of bounds write in V8 * [Backport] CVE-2022-3445: Use after free in Skia. * [Backport] CVE-2022-3446 and CVE-2022-35737 * [Backport] CVE-2022-3885: Use after free in V8 * [Backport] CVE-2022-3887: Use after free in Web Workers * [Backport] CVE-2022-3889: Type Confusion in V8 * [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad * [Backport] CVE-2022-4174: Type Confusion in V8 * [Backport] CVE-2022-4180: Use after free in Mojo * [Backport] CVE-2022-4181: Use after free in Forms * [Backport] CVE-2022-4262: Type Confusion in V8 * [Backport] Security bug 1356308 * [Backport] Security bug 1378916 * [Backport] Security bugs 1346938 and 1338114 * Wed Oct 05 2022 christophe@krop.fr - Update to version 5.15.11: * Work-around GNOME bug misidentifying HTML content * Fix busy waiting on streaming QIODevice's * Add workaround for un-minimizing QWebEngineView under Gnome * Build the QtDesigner plugin in all configurations * Bump version to 5.15.11 * Fix method check * Do not use the native dialog to show the color picker on macOS * FIXUP: Add workaround for unstable gn on macOS in ci * Fix top level build with no widget * Fix touch input for widget's delegate for html popup * Keep page's zoom level on loading new urls * Fix leak if loader error is seen first * Add workaround for unstable gn on macOS in ci * Pass archiver to gn build * Fix read-after-free on EGL extensions * Update Chromium: * FIXUP: Fix url_utils for QtWebEngine * FIXUP: Workaround MSVC2022 ICE in constexpr functions * Fixup: CVE-2022-0796: Use after free in Media * [Backport] CVE-2022-0796: Use after free in Media * [Backport] CVE-2022-1855: Use after free in Messaging * [Backport] CVE-2022-1857: Insufficient policy enforcement in File System API * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL * [Backport] CVE-2022-2010: Out of bounds read in compositing * [Backport] CVE-2022-2158: Type Confusion in V8 * [Backport] CVE-2022-2160: Insufficient policy enforcement in DevTools * [Backport] CVE-2022-2162: Insufficient policy enforcement in File System API * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC * [Backport] CVE-2022-2295: Type Confusion in V8 * [Backport] CVE-2022-2477 : Use after free in Guest View * [Backport] CVE-2022-2610: Insufficient policy enforcement in Background Fetch * [Backport] CVE-2022-27404 * [Backport] CVE-2022-27405 * [Backport] CVE-2022-27406 * [Backport] Linux sandbox: ENOSYS for some statx syscalls * [Backport] Security bug 1287804 * [Backport] Security bug 1316578 * [Backport] Security bug 1343889 - Replace sandbox-statx-futex_time64.patch with upstream change: * sandbox_futex_time64.patch * Mon Sep 26 2022 Christophe Giboudeaux <christophe@krop.fr> - Use python 3.9 to build qtwebengine on Leap 15. * Fri Sep 23 2022 Christophe Giboudeaux <christophe@krop.fr> - Add patches to build with python 3, ffmpeg 5 and pipewire 0.3: * qtwebengine-ffmpeg5.patch * qtwebengine-pipewire-0.3.patch * qtwebengine-python3.patch - Use a newer catapult snapshot when building with python3 * Mon Aug 08 2022 Christophe Giboudeaux <christophe@krop.fr> - Stop using 'pkgconfig(xxx)' BuildRequires for FFmpeg dependencies. They will point to FFmpeg-5 soon. * Wed Jun 08 2022 Christophe Giboudeaux <christophe@krop.fr> - Update to version 5.15.10: * Fix top level build with no widget * Fix read-after-free on EGL extensions * Update Chromium * Add workaround for unstable gn on macOS in ci * Pass archiver to gn build * Fix navigation to non-local URLs * Add support for universal builds for qtwebengine and qtpdf * Enable Apple Silicon support * Fix cross compilation x86_64->arm64 on mac * Bump version to 5.15.10 * CustomDialogs: Make custom input fields readable in dark mode * CookieBrowser: Make alternating rows readable in dark mode * Update Chromium: * Bump V8_PATCH_LEVEL * Fix clang set-but-unused-variable warning * Fix mac toolchain python linker script call * Fix missing dependency for gpu sources * Fix python calls * Fix undefined symbol for universal link * Quick fix for regression in service workers by reverting backports * [Backport] CVE-2022-0797: Out of bounds memory access in Mojo * [Backport] CVE-2022-1125 * [Backport] CVE-2022-1138: Inappropriate implementation in Web Cursor. * [Backport] CVE-2022-1305: Use after free in storage * [Backport] CVE-2022-1310: Use after free in regular expressions * [Backport] CVE-2022-1314: Type Confusion in V8 * [Backport] CVE-2022-1493: Use after free in Dev Tools * [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm' * [Backport] Security Bug 1296876 * [Backport] Security bug 1269999 * [Backport] Security bug 1280852 * [Backport] Security bug 1292905 * [Backport] Security bug 1304659 * [Backport] Security bug 1306507 * Mon May 02 2022 Martin Liška <mliska@suse.cz> - Remove dependency on binutils-gold as the package will be removed in the future. Gold linker is unmaintained by the upstream project. * Wed Apr 27 2022 Christophe Giboudeaux <christophe@krop.fr> - Add libqt5-qtwebengine-rpmlintrc to silence the 'shlib-policy-name-error' rpmlint error * Wed Apr 06 2022 christophe@krop.fr - Update to version 5.15.9: * QPdfView: scale page rendering according to devicePixelRatio * Update documented Chromium version * Use IsSameDocument() rather than IsLoadingToDifferentDocument() * Update module-split for installer * Fix printing PDF files * Do not override signal handlers * Avoid using xkbcommon in non-X11 builds * Update documentation * Update Chromium: * Bump V8_PATCH_LEVEL * Do not overwrite signal handlers in the browser process. * Replace base::ranges::set_union with std::set_union to fix MSVC2017 build * [Backport] CVE-2022-0100: Heap buffer overflow in Media streams API * [Backport] CVE-2022-0102: Type Confusion in V8 * [Backport] CVE-2022-0103: Use after free in SwiftShader * [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE * [Backport] CVE-2022-0108: Inappropriate implementation in Navigation * [Backport] CVE-2022-0109: Inappropriate implementation in Autofill * [Backport] CVE-2022-0111 and CVE-2022-0117 * [Backport] CVE-2022-0113: Inappropriate implementatio n in Blink * [Backport] CVE-2022-0116: Inappropriate implementation in Compositing * [Backport] CVE-2022-0289: Use after free in Safe browsing * [Backport] CVE-2022-0291: Inappropriate implementation in Storage * [Backport] CVE-2022-0293: Use after free in Web packaging * [Backport] CVE-2022-0298: Use after free in Scheduling * [Backport] CVE-2022-0305: Inappropriate implementation in Service Worker API * [Backport] CVE-2022-0306: Heap buffer overflow in PDFium * [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow in Task Manager * [Backport] CVE-2022-0456: Use after free in Web Search * [Backport] CVE-2022-0459: Use after free in Screen Capture * [Backport] CVE-2022-0460: Use after free in Window Dialog * [Backport] CVE-2022-0461: Policy bypass in COOP * [Backport] CVE-2022-0606: Use after free in ANGLE * [Backport] CVE-2022-0607: Use after free in GPU * [Backport] CVE-2022-0608: Integer overflow in Mojo * [Backport] CVE-2022-0609: Use after free in Animation * [Backport] CVE-2022-0610: Inappropriate implementation in Gamepad API * [Backport] CVE-2022-0971 (boo#1197163) * [Backport] CVE-2022-1096 (boo#1197552) * [Backport] CVE-2022-23852 * [Backport] Copy 'name_' member during StyleRuleProperty::Copy * [Backport] Security bug 1256885 * [Backport] Security bug 1258603 * [Backport] Security bug 1259557 * [Backport] Security bug 1261415 * [Backport] Security bug 1265570 * [Backport] Security bug 1268448 * [Backport] Security bug 1270014 * [Backport] Security bug 1274113 * [Backport] Security bug 1276331 * [Backport] Security bug 1280743 * [Backport] Security bug 1289394 * [Backport] Security bug 1292537 * [Backport] sandbox: build if glibc 2.34+ dynamic stack size is enabled - Drop patches, now upstream: * CVE-2022-0971-qtwebengine-5.15.patch * CVE-2022-1096-qtwebengine-5.15.patch * Mon Apr 04 2022 Christophe Giboudeaux <christophe@krop.fr> - Add security fixes: * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163) * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552) * Fri Mar 25 2022 Fabian Vogt <fvogt@suse.com> - Add patch to fix build with GCC 12: * 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch * Tue Jan 04 2022 christophe@krop.fr - Update to version 5.15.8: * Update Chromium: [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c [Backport] CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium [Backport] CVE-2021-37987 : Use after free in Network APIs [Backport] CVE-2021-37989 : Inappropriate implementation in Blink [Backport] CVE-2021-37992 : Out of bounds read in WebAudio [Backport] CVE-2021-37993 : Use after free in PDF Accessibility [Backport] CVE-2021-37996 : Insufficient validation of untrusted input in Downloads [Backport] CVE-2021-38001 : Type Confusion in V8 [Backport] CVE-2021-38003 : Inappropriate implementation in V8 [Backport] CVE-2021-38005: Use after free in loader (1/3) [Backport] CVE-2021-38005: Use after free in loader (2/3) [Backport] CVE-2021-38005: Use after free in loader (3/3) [Backport] CVE-2021-38007: Type Confusion in V8 [Backport] CVE-2021-38009: Inappropriate implementation in cache [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers [Backport] CVE-2021-38012: Type Confusion in V8 [Backport] CVE-2021-38015: Inappropriate implementation in input [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe sandbox [Backport] CVE-2021-38018: Inappropriate implementation in navigation [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS [Backport] CVE-2021-38021: Inappropriate implementation in referrer [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication [Backport] CVE-2021-4057: Use after free in file API [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2) [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2) [Backport] CVE-2021-4059: Insufficient data validation in loader [Backport] CVE-2021-4062: Heap buffer overflow in BFCache [Backport] CVE-2021-4078: Type confusion in V8 [Backport] CVE-2021-4079: Out of bounds write in WebRTC [Backport] CVE-2021-4098: Insufficient data validation in Mojo [Backport] CVE-2021-4099: Use after free in Swiftshader [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader. [Backport] CVE-2021-4102: Use after free in V8 [Backport] Dependency for CVE-2021-37989 [Backport] Dependency for CVE-2021-38009 [Backport] Security bug 1245870 [Backport] Security bug 1252858 [Backport] Security bug 1259899 Bump V8_PATCH_LEVEL Compile with GCC 11 -std=c++20 Fix stack overflow on gpu channel recreate with an error Use wglSetPixelFormat directly only if in software mode [Backport] Handle long SIGSTKSZ in glibc > 2.33 [Backport] abseil-cpp: Fixes build with latest glibc * Handle qtpdf compilation with static runtime * Add bitcode support for qtpdf on ios * Do not access accessibility from qt post routines * Blacklist javascriptClipboard test on ubuntu 20.04 * Re-enable network-service-in-process * Bump version from 5.15.7 to 5.15.8 * Update patch level * Fix pinch gesture * Fix leak of properties after XkbRF_GetNamesProp * Fix leak on getDefaultScreeenId - Drop patch: * 0001-Fix-build-with-glibc-2.34.patch * Fri Oct 29 2021 christophe@krop.fr - Update to version 5.15.7: * Update Chromium: [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms [Backport] sandbox: linux: allow clock_nanosleep & gettime64 [Backport] Linux sandbox: update syscall numbers for all platforms. [Backport] Ease HarfBuzz API change with feature detection [Backport] Security bug 1248665 [Backport] CVE-2021-37975 : Use after free in V8 [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2) [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2) [Backport] CVE-2021-37978 : Heap buffer overflow in Blink [Backport] CVE-2021-30616: Use after free in Media. [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2) [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2) [Backport] CVE-2021-37973 : Use after free in Portals [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI. [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API [Backport] Linux sandbox: return ENOSYS for clone3 [Backport] Linux sandbox: fix fstatat() crash [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" [Backport] Security bug 1238178 (2/2) [Backport] Security bug 1238178 (1/2) [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2) [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2) [Backport] CVE-2021-30630: Inappropriate implementation in Blink [Backport] CVE-2021-30629: Use after free in Permissions [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE [Backport] CVE-2021-30627: Type Confusion in Blink layout [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE [Backport] CVE-2021-30625: Use after free in Selection API [Backport] Security bug 1206289 [Backport] CVE-2021-30613: Use after free in Base internals [Backport] Security bug 1227228 [Backport] CVE-2021-30618: Inappropriate implementation in DevTools * Update patch level * Blacklist certificate test until certicates have been renewed * Block CORS from local URLs when remote access is not enabled * Do not wait on weak_pointer for termination errors * Support MSVC_VER 16.8 * Fix wrong save file filter for Markdown Editor example * Add Chromium version source documentation * Bump version from 5.15.6 to 5.15.7 * Fix crash when clicking on a link in PDF - Drop openSUSE patches: * fix1163766.patch. Should be addressed with: https://github.com/qt/qtwebengine-chromium/commit/652f834de https://github.com/qt/qtwebengine-chromium/commit/faae106ed https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf * chromium-glibc-2.33.patch. Should be addressed with the [Backport] Linux sandbox: fix fstatat() crash and Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat"" changes. * chromium-older-harfbuzz.patch - Drop upstream changes: * 0001-return-ENOSYS-for-clone3.patch * chromium-harfbuzz-3.0.0.patch * skia-harfbuzz-3.0.0.patch - Rebase patches: * sandbox-statx-futex_time64.patch * Tue Sep 21 2021 Fabian Vogt <fvogt@suse.com> - Add patches from Arch to fix build with HarfBuzz 3.0.0: * chromium-harfbuzz-3.0.0.patch * skia-harfbuzz-3.0.0.patch - ... but don't break with < 2.9.0: * chromium-older-harfbuzz.patch * Thu Sep 09 2021 christophe@krop.fr - Update to version 5.15.6: * Update Chromium: + [Backport] CVE-2021-30560: Use after free in Blink XSLT + [Backport] CVE-2021-30566: Stack buffer overflow in Printing + [Backport] CVE-2021-30585: Use after free in sensor handling + Bump V8_PATCH_LEVEL + [Backport] Security bug 1228036 + [Backport] CVE-2021-30604: Use after free in ANGLE + [Backport] CVE-2021-30603: Race in WebAudio + [Backport] CVE-2021-30602: Use after free in WebRTC + [Backport] CVE-2021-30599: Type Confusion in V8 + [Backport] CVE-2021-30598: Type Confusion in V8 + [Backport] Security bug 1227933 + [Backport] Security bug 1205059 + [Backport] Security bug 1184294 + [Backport] Security bug 1198385 + [Backport] CVE-2021-30588: Type Confusion in V8 + [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows + [Backport] CVE-2021-30573: Use after free in GPU + [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 + [Backport] CVE-2021-30568: Heap buffer overflow in WebGL + [Backport] CVE-2021-30541: Use after free in V8 + [Backport] Security bugs 1197786 and 1194330 + [Backport] Security bug 1194689 + [Backport] CVE-2021-30563: Type Confusion in V8 + [Backport] Security bug 1211215 + [Backport] Security bug 1209558 + [Backport] CVE-2021-30553: Use after free in Network service + [Backport] CVE-2021-30548: Use after free in Loader + [Backport] CVE-2021-30547: Out of bounds write in ANGLE + [Backport] CVE-2021-30556: Use after free in WebAudio + [Backport] CVE-2021-30559: Out of bounds write in ANGLE + [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker + [Backport] Security bug 1202534 + [Backport] CVE-2021-30536: Out of bounds read in V8 + [Backport] CVE-2021-30522: Use after free in WebAudio + [Backport] CVE-2021-30554 Use after free in WebGL + [Backport] CVE-2021-30551: Type Confusion in V8 + [Backport] CVE-2021-30544: Use after free in BFCache + [Backport] CVE-2021-30535: Double free in ICU + [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox + [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio + [Backport] CVE-2021-30523: Use after free in WebRTC + Generate mojo bindings before compiling extension API registration * Bump version from 5.15.5 to 5.15.6 * Always send phased wheel events beginning with Began - Import patch from the chromium package: * 0001-return-ENOSYS-for-clone3.patch - Add changes from the chromium package to 0001-Fix-build-with-glibc-2.34.patch * Wed Aug 04 2021 Christophe Giboudeaux <christophe@krop.fr> - Add patch to fix build with glibc 2.34 (boo#1189095) * 0001-Fix-build-with-glibc-2.34.patch * Thu Jun 24 2021 Christophe Giboudeaux <christophe@krop.fr> - Update the CMake version workaround to get qtbase's real version * Tue Jun 22 2021 christophe@krop.fr - Update to version 5.15.5: * Abort findText also right on explicit navigation request * Adapt to new Connections syntax * Add devtools eyedropper support * Add more tests to tst_loadsignals * Add support for Keyboard.getLayoutMap() * Add web-ui chrome://net-internals * Allow leaving OCSP off * Always send phased wheel events beginning with Began * Avoid accessing profileAdapter when profile is shutting down * Avoid unknownFunc messages in qmltests * Blacklist CertificateError::test_error for macOS * Blacklist NewViewRequest::test_loadNewViewRequest on macOS * Blacklist handleError on macos until we merge the fix * Blacklist numberOfStartedAndFinishedSignalsIsSame on b2q CIs * Depend on QCoreApplication::startingUp() for checking existence of app * Do not allow WebBluetooth to continue * Do not hide virtual keyboard if the focused node is editable * Doc: Add a note about navigation within a page to a fragment * Docs: Suggest to use higher DPI for printing * Fix FilePickerController's path validation for windows and corresponding tests * Fix application locales again * Fix embedded PDFs when plugins are disabled * Fix first party url for cookie filter * Fix inconsistent number of load signals and their order * Fix normalization of app locales * Fix not working certificates on mac > 10.14 * Fix prl files on ios * Fix qmltests::WebEngineViewNavigationHistory auto tests * Fix qtpdf static builds on windows * Fix static build of qml qtpdf * Follow InProcessGpuThread::Init() on thread priority * Generate mojo bindings before compiling extension API registration * Implement PluginServiceFilterQt * Load signals test: use focusProxy for link clicking test * Make able to override disabled features from command line * Notify canGoBack/canGoForward changes based on web actions * Only disconnect QWebEnginePage signals that QWebEngineView connected * Package devtools inspector overlay * Remove ResourceTypeSubFrame check after website update * Remove obsolete loadSignals test secondLoadForError_WhenErrorPageEnabled * Remove qquickwebengineprofile test * Remove tracking of frame which load error page * Remove ui/snapshot overrides for aura * Report server directs in navigation type * Return to using the default devtools page * Set enumaration root directory for File.webkitRelativePath API * Set more Display properties * Show PDF viewer in a guest view * Support devtools close button in QuickNanoBrowser * Support zoom-in, zoom-out and cell web cursors on macOS * Unblacklist and fix load signals test for file download * Update Chromium and adapt PermissionManagerQt * Update platform notes * View: test signal for deletion of external page set to view - Drop patches: * 0001-Fix-normalization-of-app-locales.patch * 0001-Fix-build-with-GCC-11.patch * 0001-Fix-build-with-system-ICU-69.patch * Thu May 06 2021 Fabian Vogt <fvogt@suse.com> - Add patch to fix build with ICU 69: * 0001-Fix-build-with-system-ICU-69.patch * Wed Apr 14 2021 Christophe Giboudeaux <christophe@krop.fr> - Add patch to fix build with GCC 11: * 0001-Fix-build-with-GCC-11.patch * Wed Apr 14 2021 Guillaume GARDET <guillaume.gardet@opensuse.org> - Update _constraints to avoid OOM * Tue Apr 13 2021 Fabian Vogt <fabian@ritter-vogt.de> - Add back missing part in fix1163766.patch (boo#1184610) * Wed Mar 24 2021 christophe@krop.fr - Update to version 5.15.3: * Fix spelling and coding style * Fix new view request handling (QTBUG-87378) * Fix getDefaultScreenId on X11 * Fix flaky tst_QWebEngineView::textSelectionOutOfInputField test * Move touch input tests to separate testcase * Add touch input tests for scrolling and pinch zooming * Fix rare duplicate ids forming in touch point id's mapping * Use the module's version number for QtWebEngineProcess * Touch handling: provide id mapping without modifying TouchPoint instance (QTBUG-88001) * Touch handling: fix mapped ids cleanup for TouchCancel event * et custom headers from QWebEngineUrlRequestInfo before triggering redirect (QTBUG-88861) * Forward modifier flags for lock keys (QTBUG-89001) * Fix handling of more than one finger for touch event (QTBUG-86389) * Stabilize load signals emitting (QTBUG-65223, QTBUG-87089) * Fix building against 5.12 on most CIs * Update minimum HarfBuzz version to 2.4.0 (QTBUG-88976) * Fix building against Qt 5.14 * Migrate user script IPC to mojo * Fix crashes in user resource controller when single process * Minor. Fix namespace for user resource controller * Minor. RenderThreadObserverQt is really a RenderConfiguration * Remove RenderViewObserverHelper from UserResourceController * Cache mojo interface bindings to UserResourceControllerRenderFrame * Cache mojo interface bindings for WebChannelIPCTransport * Migrate render_view_observer_qt to mojo * Fix crash on linkedin.com (QTBUG-89740) * Suppress error pages also for http errors if they are disabled * Fix leak in QQuickWebEngineViewPrivate::contextMenuRequested * Register PerformanceNode early enough * Quiet log on webrtc usage * Remove configure option that doesn't work * Remove Java build dependency * Fix blank popups in qml (QTBUG-86034) * Fix position of popup on qml (QTBUG-86034, QTBUG-89358) * Enable hangout services extension (QTBUG-85731) * Allow to fallback to default locale for non existent data packs (QTBUG-90490) * Support devtools close button * Do not extract download file names from certain url schemes (QTBUG-90355) * Leave room for the null-termination byte when checking remote drive path (QTBUG-90347) * Do not set open files limit for linking if not necessary * Remove even more remains of non network service code * Add back prefers-color-scheme support (QTBUG-89753) * Start supporting chrome.resourcesPrivate API (QTBUG-90035) * Enable chrome://user-actions WebUI * Remove remains of chrome://flash * Fix loadFinished signal if page has content but server sends HTTP error (QTBUG-90517) * Fix devtools page resource loading as raw data instead of html string * Remove frame metadata observer (RenderWidgetHostViewQt) on destroy * Resolve installed interceptors right before interception point (QTBUG-86286) * Update searches faster * Remove more leftovers of the old compositor * Enable webrtc logging and the corresponding WebUI * Support mips64el platform CPU(loongson 3A4000) * Add tracing UI resources * Fix crash on meet.google.com * Fix mad popup qquickwindows on wayland * Fix crashes on BrowserContext destruction * Fix crash on exit in quicknanobrowser when popup * Remove QtPdf dependency on nss at build-time * Avoid accessing profileAdapter when profile is shutting down (QTBUG-91187) * Do not flush messages form profile destructor * Ignore QQuickWebEngineNewViewRequest if it is unhandled * Fix ScopedGLContextChecker with QTWEBENGINE_DISABLE_GPU_THREAD=1 * Don't send duplicate load progress values * Fix neon support in libpng * Do not call deprecated profile interceptor on ui thread (QTBUG-86267) * Add certificate error message for ERR_SSL_OBSOLETE_VERSION * Fix assert in WebContentsAdapter::devToolsFrontendDestroyed * Avoid to reject a certificate error twice in Quick * Fix PDF viewer plugin * FIXUP: Fix swap condition in DisplayGLOutputSurface::updatePaintNode (QTBUG-86599) * Fix favicon engine under device pixel scaling * Do not pass a native keycode matching the menu key when it is remapped (QTBUG-86672) * Optimize WebEngineSettings::testAttribute * Warn about QtWebengineProcess launching from network share (QTBUG-84632) * Handle non-ascii names for pulseaudio (QTBUG-85363) * Do not set audio device for desktop capture if audio loopback is unsupported * Fix new view request handling (QTBUG-87378) * Fix getDefaultScreenId on X11 * Touch handling: provide id mapping without modifying TouchPoint instance (QTBUG-88001) * Set custom headers from QWebEngineUrlRequestInfo before triggering redirect (QTBUG-88861) * Stabilize load signals emitting (QTBUG-65223) - CVE fixes backported in chromium updates: * CVE-2020-16044: Use after free in WebRTC * CVE-2021-21118: Heap buffer overflow in Blink * CVE-2021-21119: Use after free in Media * CVE-2021-21120: Use after free in WebSQL * CVE-2021-21121: Use after free in Omnibox * CVE-2021-21122: Use after free in Blink * CVE-2021-21123: Insufficient data validation in File System API * CVE-2021-21125: Insufficient policy enforcement in File System API * CVE-2021-21126: Insufficient policy enforcement in extensions * CVE-2021-21127: Insufficient policy enforcement in extensions * CVE-2021-21128: Heap buffer overflow in Blink * CVE-2021-21129: Insufficient policy enforcement in File System API * CVE-2021-21130: Insufficient policy enforcement in File System API * CVE-2021-21131: Insufficient policy enforcement in File System API * CVE-2021-21132: Inappropriate implementation in DevTools * CVE-2021-21135: Inappropriate implementation in Performance API * CVE-2021-21137: Inappropriate implementation in DevTools * CVE-2021-21140: Uninitialized Use in USB * CVE-2021-21141: Insufficient policy enforcement in File System API * CVE-2021-21145: Use after free in Fonts * CVE-2021-21146: Use after free in Navigation * CVE-2021-21147: Inappropriate implementation in Skia * CVE-2021-21148: Heap buffer overflow in V8 * CVE-2021-21149: Stack overflow in Data Transfer * CVE-2021-21150: Use after free in Downloads * CVE-2021-21152: Heap buffer overflow in Media * CVE-2021-21153: Stack overflow in GPU Process * CVE-2021-21156: Heap buffer overflow in V8 * CVE-2021-21157: Use after free in Web Sockets - Drop obsolete patches: * icu-68.patch * icu-68-2.patch - Rebase patches: * fix1163766.patch * sandbox-statx-futex_time64.patch * rtc-dont-use-h264.patch * chromium-glibc-2.33.patch - Add patch to fix crash with certain locales: * 0001-Fix-normalization-of-app-locales.patch - Clean the spec file a bit * Wed Mar 10 2021 Fabian Vogt <fabian@ritter-vogt.de> - Can't use system_vpx on Leap 15.3 * Wed Feb 17 2021 Fabian Vogt <fabian@ritter-vogt.de> - Add patch to fix sandbox with glibc 2.33 on 32bit: * sandbox-statx-futex_time64.patch * Tue Feb 16 2021 Guillaume GARDET <guillaume.gardet@opensuse.org> - Relax constraints for armv6 and armv7 * Mon Feb 15 2021 Fabian Vogt <fabian@ritter-vogt.de> - Add patch to fix sandbox with glibc 2.33 (boo#1182233): * chromium-glibc-2.33.patch * Fri Jan 29 2021 Fabian Vogt <fabian@ritter-vogt.de> - Bump _constraints and %limit_build, hopefully avoid occasional OOM and make the build quicker - Drop obsolete conditions * Fri Jan 08 2021 Fabian Vogt <fabian@ritter-vogt.de> - Drop baselibs.conf, not needed after libksysguard5 got adjusted
/usr/lib/libQt5Pdf.so.5 /usr/lib/libQt5Pdf.so.5.15 /usr/lib/libQt5Pdf.so.5.15.18 /usr/lib/qt5/plugins/imageformats/libqpdf.so /usr/share/licenses/libQt5Pdf5 /usr/share/licenses/libQt5Pdf5/LICENSE.Chromium /usr/share/licenses/libQt5Pdf5/LICENSE.FDL /usr/share/licenses/libQt5Pdf5/LICENSE.GPL2 /usr/share/licenses/libQt5Pdf5/LICENSE.GPL3 /usr/share/licenses/libQt5Pdf5/LICENSE.GPL3-EXCEPT /usr/share/licenses/libQt5Pdf5/LICENSE.GPLv3 /usr/share/licenses/libQt5Pdf5/LICENSE.LGPL3 /usr/share/licenses/libQt5Pdf5/LICENSE.LGPLv3
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Jan 8 00:02:01 2025