| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libqt5-qtwebengine-private-headers-devel | Distribution: openSUSE Tumbleweed |
| Version: 5.15.16 | Vendor: openSUSE |
| Release: 3.3 | Build date: Sat Feb 24 12:06:56 2024 |
| Group: Development/Libraries/C and C++ | Build host: reproducible |
| Size: 350634 | Source RPM: libqt5-qtwebengine-5.15.16-3.3.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://www.qt.io | |
| Summary: Non-ABI stable experimental API for the Qt5 WebEngine library | |
This package provides private headers of libqt5-qtwebengine that are normally not used by application development and that do not have any ABI or API guarantees. The packages that build against these have to require the exact Qt version.
LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
* Sat Feb 24 2024 Jan Engelhardt <jengelh@inai.de>
- Drop BuildRequire on libsrtp, qt builds a bundled copy.
* Tue Feb 20 2024 Christophe Marin <christophe@krop.fr>
- Switch to '%patch -P'
- Build with python 3.11 on Leap
* Wed Nov 22 2023 christophe@krop.fr
- Update to version 5.15.16:
* Bump version to 5.15.16
* Add check for system ffmpeg compatibility
* Fix handling of external URLs in PDFs
* Update Chromium:
* [Backport] CVE-2023-5996: Use after free in WebAudio
* [Backport] CVE-2023-5482 and CVE-2023-5849
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip
* [Backport] Security bug 1478470
* [Backport] Security bug 1472365 and 1472366
* [Backport] CVE-2023-5218: Use after free in Site Isolation
* [Backport] Security bug 1486316
* FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Add Intel Meteorlake GPU series type
* [Backport] Add Intel Raptorlake GPU series type
* [Backport] Add a few missing IntelGpuSeriesTypes in
gpu_util.cc
* [Backport] Add Intel Alchemist GPU series type
* [Backport] Add Alderlake to intel_gpu_series field in gpu
control list.
* [Backport] Add missing Intel GPU series types.
* [Backport] Add Alderlake's GPU to list supporting two NV12
overlay planes.
* [Backport] CVE-2023-5217: Heap buffer overflow in vp8
encoding in libvpx
* [Backport] Security bug 1479104
* [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Replace uses of re2::StringPiece::set().
* Fix build with GCC 13
* Fix errors and warnings for perfetto
* Remove nodiscard attribute from cpwl_combo_box.h
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-4762: Type Confusion in V8
* [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL
* [Backport] CVE-2023-4354: Heap buffer overflow in Skia
* [Backport] CVE-2023-4351: Use after free in Network
* Disable Windows IME for GPU thread
* [Backport] CVE-2023-4863: Heap buffer overflow in WebP
* [Backport] Security bug 1465224
* [Backport] Dependency for security bug 1465224
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task
Scheduling
* Fri Sep 01 2023 christophe@krop.fr
- Update to version 5.15.15:
* Update Chromium:
* [Backport] Security bug 1454860
* Further fixes for building with GCC 13
* Fixup [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] Security bug 1447430
* [Backport] CVE-2023-2930: Use after free in Extensions
* [Backport] CVE-2023-3079: Type Confusion in V8
* [Backport] CVE-2023-3216: Type Confusion in V8
* [Backport] CVE-2023-2933: Use after free in PDF
* [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] CVE-2023-2932: Use after free in PDF
* [Backport] CVE-2023-2931: Use after free in PDF
* [Backport] Security bug 1444195
* [Backport] Security bug 1428743
* [Backport] CVE-2023-2721: Use after free in Navigation
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- build with older re2 on Tumbleweed, the upcoming re2 2023-07-01
breaks qtwebengine
* Thu May 25 2023 christophe@krop.fr
- Update to version 5.15.14:
* Blacklist TouchInputTest::touchTap for sles 15.4
* Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15
* Do not allow universal with debug builds
* Enable accessibility by default on Linux
* Fix blacklisting of mouseMovementProperties for sles 15.4
* Fix build with GCC 13
* Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets
* Fix memory management in QPdfDocument functions
* Update Chromium:
* Fixes for building with GCC-13
* [Backport] CVE-2023-1215: Type Confusion in CSS
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1530: Use after free in PDF
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
* [Backport] CVE-2023-1811: Use after free in Frames
* [Backport] CVE-2023-2033: Type Confusion in V8
* [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
* [Backport] CVE-2023-29469 / Security bug 1433328
* [Backport] Security bug 1337747
* [Backport] Security bug 1417585
* [Backport] Security bug 1418734
* [Backport] Security bug 1423360
* [Backport] Security bug 1427388
- Drop patch, merged upstream:
* 0001-Fixes-for-building-with-GCC-13.patch
* Fri Apr 28 2023 Dirk Müller <dmueller@suse.com>
- add python311-fixes.patch:
* Fix build when python3 is python 3.11+
* Tue Apr 11 2023 Christophe Marin <christophe@krop.fr>
- Add patch to fix build with GCC 13 (boo#1207469):
* 0001-Fixes-for-building-with-GCC-13.patch
* Thu Mar 09 2023 christophe@krop.fr
- Update to version 5.15.13:
* Force to disable IPC logging
* Move out GetInProcessGpuShareGroup form content browser client
* Fix probabilistic signature scheme
* Bump version to 5.15.13
* Recreate response head objects on multiple redirect
* Add checksum to mailbox name in Release build too
* Drop dependency on content/public/browser in content gpu
* FIXUP: Mark Node::opcode() and Operator::opcode()
as constexpr
* [Backport] Add missing include for std::begin and std::end
in SkParseColor.cpp
* [Backport] CVE-2022-4179: Use after free in Audio
* [Backport] CVE-2022-4437: Use after free in Mojo IPC
* [Backport] CVE-2022-4438: Use after free in Blink Frames
* [Backport] CVE-2023-0129: Heap buffer overflow in
Network Service
* [Backport] CVE-2023-0472: Use after free in WebRTC
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC
* [Backport] CVE-2023-0931: Use after free in Video
* [Backport] CVE-2023-0933: Integer overflow in PDF
* [Backport] Disable ABSL_HAVE_STD_IS_TRIVIALLY_ASSIGNABLE
for clang-cl
* [Backport] Fix more clang deprecated builtins
* [Backport] Map the absl::is_trivially_* functions to their
std impl
* [Backport] Mark Node::opcode() and Operator::opcode()
as constexpr
* [Backport] Security bug 1393384
* [Backport] Security bug 1394382
* [Backport] Security bug 1399424
* [Backport] Security bug 1406115
* [Backport][Windows] Remove unused sidestep intercepts
- Update 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
* Thu Mar 09 2023 Martin Liška <mliska@suse.cz>
- Use gcc12 for openSUSE:Factory as workaround for boo#1207469.
* Thu Dec 29 2022 christophe@krop.fr
- Update to version 5.15.12:
* Bump version to 5.15.12
* Update Chromium:
* Bump V8_PATCH_LEVEL
* Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
* Fixup the patch for CVE-2022-3200 on 87-based / 5.15
* [Backport] CVE-2022-3038: Use after free in Network Service
* [Backport] CVE-2022-3040: Use after free in Layout
* [Backport] CVE-2022-3041: Use after free in WebSQL
* [Backport] CVE-2022-3046: Use after free in Browser Tag
* [Backport] CVE-2022-3075: Insufficient data validation in Mojo
* [Backport] CVE-2022-3196: Use after free in PDF
* [Backport] CVE-2022-3197: Use after free in PDF
* [Backport] CVE-2022-3198: Use after free in PDF
* [Backport] CVE-2022-3199: Use after free in Frames.
* [Backport] CVE-2022-3200: Heap buffer overflow in Internals
* [Backport] CVE-2022-3201: Insufficient validation of untrusted
input in Developer Tools (1/2)
* [Backport] CVE-2022-3201: Insufficient validation of untrusted
input in Developer Tools (2/2)
* [Backport] CVE-2022-3304: Use after free in CSS
* [Backport] CVE-2022-3370: Use after free in Custom Elements
* [Backport] CVE-2022-3373: Out of bounds write in V8
* [Backport] CVE-2022-3445: Use after free in Skia.
* [Backport] CVE-2022-3446 and CVE-2022-35737
* [Backport] CVE-2022-3885: Use after free in V8
* [Backport] CVE-2022-3887: Use after free in Web Workers
* [Backport] CVE-2022-3889: Type Confusion in V8
* [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
* [Backport] CVE-2022-4174: Type Confusion in V8
* [Backport] CVE-2022-4180: Use after free in Mojo
* [Backport] CVE-2022-4181: Use after free in Forms
* [Backport] CVE-2022-4262: Type Confusion in V8
* [Backport] Security bug 1356308
* [Backport] Security bug 1378916
* [Backport] Security bugs 1346938 and 1338114
* Wed Oct 05 2022 christophe@krop.fr
- Update to version 5.15.11:
* Work-around GNOME bug misidentifying HTML content
* Fix busy waiting on streaming QIODevice's
* Add workaround for un-minimizing QWebEngineView under Gnome
* Build the QtDesigner plugin in all configurations
* Bump version to 5.15.11
* Fix method check
* Do not use the native dialog to show the color picker on macOS
* FIXUP: Add workaround for unstable gn on macOS in ci
* Fix top level build with no widget
* Fix touch input for widget's delegate for html popup
* Keep page's zoom level on loading new urls
* Fix leak if loader error is seen first
* Add workaround for unstable gn on macOS in ci
* Pass archiver to gn build
* Fix read-after-free on EGL extensions
* Update Chromium:
* FIXUP: Fix url_utils for QtWebEngine
* FIXUP: Workaround MSVC2022 ICE in constexpr functions
* Fixup: CVE-2022-0796: Use after free in Media
* [Backport] CVE-2022-0796: Use after free in Media
* [Backport] CVE-2022-1855: Use after free in Messaging
* [Backport] CVE-2022-1857: Insufficient policy enforcement in
File System API
* [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
* [Backport] CVE-2022-2010: Out of bounds read in compositing
* [Backport] CVE-2022-2158: Type Confusion in V8
* [Backport] CVE-2022-2160: Insufficient policy enforcement
in DevTools
* [Backport] CVE-2022-2162: Insufficient policy enforcement in
File System API
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC
* [Backport] CVE-2022-2295: Type Confusion in V8
* [Backport] CVE-2022-2477 : Use after free in Guest View
* [Backport] CVE-2022-2610: Insufficient policy enforcement
in Background Fetch
* [Backport] CVE-2022-27404
* [Backport] CVE-2022-27405
* [Backport] CVE-2022-27406
* [Backport] Linux sandbox: ENOSYS for some statx syscalls
* [Backport] Security bug 1287804
* [Backport] Security bug 1316578
* [Backport] Security bug 1343889
- Replace sandbox-statx-futex_time64.patch with upstream change:
* sandbox_futex_time64.patch
* Mon Sep 26 2022 Christophe Giboudeaux <christophe@krop.fr>
- Use python 3.9 to build qtwebengine on Leap 15.
* Fri Sep 23 2022 Christophe Giboudeaux <christophe@krop.fr>
- Add patches to build with python 3, ffmpeg 5 and pipewire 0.3:
* qtwebengine-ffmpeg5.patch
* qtwebengine-pipewire-0.3.patch
* qtwebengine-python3.patch
- Use a newer catapult snapshot when building with python3
* Mon Aug 08 2022 Christophe Giboudeaux <christophe@krop.fr>
- Stop using 'pkgconfig(xxx)' BuildRequires for FFmpeg
dependencies. They will point to FFmpeg-5 soon.
* Wed Jun 08 2022 Christophe Giboudeaux <christophe@krop.fr>
- Update to version 5.15.10:
* Fix top level build with no widget
* Fix read-after-free on EGL extensions
* Update Chromium
* Add workaround for unstable gn on macOS in ci
* Pass archiver to gn build
* Fix navigation to non-local URLs
* Add support for universal builds for qtwebengine and qtpdf
* Enable Apple Silicon support
* Fix cross compilation x86_64->arm64 on mac
* Bump version to 5.15.10
* CustomDialogs: Make custom input fields readable in dark mode
* CookieBrowser: Make alternating rows readable in dark mode
* Update Chromium:
* Bump V8_PATCH_LEVEL
* Fix clang set-but-unused-variable warning
* Fix mac toolchain python linker script call
* Fix missing dependency for gpu sources
* Fix python calls
* Fix undefined symbol for universal link
* Quick fix for regression in service workers by reverting
backports
* [Backport] CVE-2022-0797: Out of bounds memory access
in Mojo
* [Backport] CVE-2022-1125
* [Backport] CVE-2022-1138: Inappropriate implementation
in Web Cursor.
* [Backport] CVE-2022-1305: Use after free in storage
* [Backport] CVE-2022-1310: Use after free in regular
expressions
* [Backport] CVE-2022-1314: Type Confusion in V8
* [Backport] CVE-2022-1493: Use after free in Dev Tools
* [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
* [Backport] Security Bug 1296876
* [Backport] Security bug 1269999
* [Backport] Security bug 1280852
* [Backport] Security bug 1292905
* [Backport] Security bug 1304659
* [Backport] Security bug 1306507
* Mon May 02 2022 Martin Liška <mliska@suse.cz>
- Remove dependency on binutils-gold as the package will be removed
in the future. Gold linker is unmaintained by the upstream project.
* Wed Apr 27 2022 Christophe Giboudeaux <christophe@krop.fr>
- Add libqt5-qtwebengine-rpmlintrc to silence the
'shlib-policy-name-error' rpmlint error
* Wed Apr 06 2022 christophe@krop.fr
- Update to version 5.15.9:
* QPdfView: scale page rendering according to devicePixelRatio
* Update documented Chromium version
* Use IsSameDocument() rather than IsLoadingToDifferentDocument()
* Update module-split for installer
* Fix printing PDF files
* Do not override signal handlers
* Avoid using xkbcommon in non-X11 builds
* Update documentation
* Update Chromium:
* Bump V8_PATCH_LEVEL
* Do not overwrite signal handlers in the browser process.
* Replace base::ranges::set_union with std::set_union to fix
MSVC2017 build
* [Backport] CVE-2022-0100: Heap buffer overflow in Media
streams API
* [Backport] CVE-2022-0102: Type Confusion in V8
* [Backport] CVE-2022-0103: Use after free in SwiftShader
* [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE
* [Backport] CVE-2022-0108: Inappropriate implementation
in Navigation
* [Backport] CVE-2022-0109: Inappropriate implementation
in Autofill
* [Backport] CVE-2022-0111 and CVE-2022-0117
* [Backport] CVE-2022-0113: Inappropriate implementatio
n in Blink
* [Backport] CVE-2022-0116: Inappropriate implementation
in Compositing
* [Backport] CVE-2022-0289: Use after free in Safe browsing
* [Backport] CVE-2022-0291: Inappropriate implementation
in Storage
* [Backport] CVE-2022-0293: Use after free in Web packaging
* [Backport] CVE-2022-0298: Use after free in Scheduling
* [Backport] CVE-2022-0305: Inappropriate implementation in
Service Worker API
* [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
* [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow
in Task Manager
* [Backport] CVE-2022-0456: Use after free in Web Search
* [Backport] CVE-2022-0459: Use after free in Screen Capture
* [Backport] CVE-2022-0460: Use after free in Window Dialog
* [Backport] CVE-2022-0461: Policy bypass in COOP
* [Backport] CVE-2022-0606: Use after free in ANGLE
* [Backport] CVE-2022-0607: Use after free in GPU
* [Backport] CVE-2022-0608: Integer overflow in Mojo
* [Backport] CVE-2022-0609: Use after free in Animation
* [Backport] CVE-2022-0610: Inappropriate implementation
in Gamepad API
* [Backport] CVE-2022-0971 (boo#1197163)
* [Backport] CVE-2022-1096 (boo#1197552)
* [Backport] CVE-2022-23852
* [Backport] Copy 'name_' member during StyleRuleProperty::Copy
* [Backport] Security bug 1256885
* [Backport] Security bug 1258603
* [Backport] Security bug 1259557
* [Backport] Security bug 1261415
* [Backport] Security bug 1265570
* [Backport] Security bug 1268448
* [Backport] Security bug 1270014
* [Backport] Security bug 1274113
* [Backport] Security bug 1276331
* [Backport] Security bug 1280743
* [Backport] Security bug 1289394
* [Backport] Security bug 1292537
* [Backport] sandbox: build if glibc 2.34+ dynamic stack size
is enabled
- Drop patches, now upstream:
* CVE-2022-0971-qtwebengine-5.15.patch
* CVE-2022-1096-qtwebengine-5.15.patch
* Mon Apr 04 2022 Christophe Giboudeaux <christophe@krop.fr>
- Add security fixes:
* CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163)
* CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552)
* Fri Mar 25 2022 Fabian Vogt <fvogt@suse.com>
- Add patch to fix build with GCC 12:
* 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
* Tue Jan 04 2022 christophe@krop.fr
- Update to version 5.15.8:
* Update Chromium:
[Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow
in xmlEncodeEntitiesInternal() in entities.c
[Backport] CVE-2021-3541 libxml2: Exponential entity expansion
attack bypasses all existing protection mechanisms
[Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
[Backport] CVE-2021-37987 : Use after free in Network APIs
[Backport] CVE-2021-37989 : Inappropriate implementation in Blink
[Backport] CVE-2021-37992 : Out of bounds read in WebAudio
[Backport] CVE-2021-37993 : Use after free in PDF Accessibility
[Backport] CVE-2021-37996 : Insufficient validation of untrusted
input in Downloads
[Backport] CVE-2021-38001 : Type Confusion in V8
[Backport] CVE-2021-38003 : Inappropriate implementation in V8
[Backport] CVE-2021-38005: Use after free in loader (1/3)
[Backport] CVE-2021-38005: Use after free in loader (2/3)
[Backport] CVE-2021-38005: Use after free in loader (3/3)
[Backport] CVE-2021-38007: Type Confusion in V8
[Backport] CVE-2021-38009: Inappropriate implementation in cache
[Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers
[Backport] CVE-2021-38012: Type Confusion in V8
[Backport] CVE-2021-38015: Inappropriate implementation in input
[Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
sandbox
[Backport] CVE-2021-38018: Inappropriate implementation in navigation
[Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
[Backport] CVE-2021-38021: Inappropriate implementation in referrer
[Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication
[Backport] CVE-2021-4057: Use after free in file API
[Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
[Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
[Backport] CVE-2021-4059: Insufficient data validation in loader
[Backport] CVE-2021-4062: Heap buffer overflow in BFCache
[Backport] CVE-2021-4078: Type confusion in V8
[Backport] CVE-2021-4079: Out of bounds write in WebRTC
[Backport] CVE-2021-4098: Insufficient data validation in Mojo
[Backport] CVE-2021-4099: Use after free in Swiftshader
[Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
[Backport] CVE-2021-4102: Use after free in V8
[Backport] Dependency for CVE-2021-37989
[Backport] Dependency for CVE-2021-38009
[Backport] Security bug 1245870
[Backport] Security bug 1252858
[Backport] Security bug 1259899
Bump V8_PATCH_LEVEL
Compile with GCC 11 -std=c++20
Fix stack overflow on gpu channel recreate with an error
Use wglSetPixelFormat directly only if in software mode
[Backport] Handle long SIGSTKSZ in glibc > 2.33
[Backport] abseil-cpp: Fixes build with latest glibc
* Handle qtpdf compilation with static runtime
* Add bitcode support for qtpdf on ios
* Do not access accessibility from qt post routines
* Blacklist javascriptClipboard test on ubuntu 20.04
* Re-enable network-service-in-process
* Bump version from 5.15.7 to 5.15.8
* Update patch level
* Fix pinch gesture
* Fix leak of properties after XkbRF_GetNamesProp
* Fix leak on getDefaultScreeenId
- Drop patch:
* 0001-Fix-build-with-glibc-2.34.patch
* Fri Oct 29 2021 christophe@krop.fr
- Update to version 5.15.7:
* Update Chromium:
[Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
[Backport] sandbox: linux: allow clock_nanosleep & gettime64
[Backport] Linux sandbox: update syscall numbers for all platforms.
[Backport] Ease HarfBuzz API change with feature detection
[Backport] Security bug 1248665
[Backport] CVE-2021-37975 : Use after free in V8
[Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
[Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
[Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
[Backport] CVE-2021-37978 : Heap buffer overflow in Blink
[Backport] CVE-2021-30616: Use after free in Media.
[Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
[Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
[Backport] CVE-2021-37973 : Use after free in Portals
[Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
[Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
[Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
[Backport] Linux sandbox: return ENOSYS for clone3
[Backport] Linux sandbox: fix fstatat() crash
[Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
[Backport] Security bug 1238178 (2/2)
[Backport] Security bug 1238178 (1/2)
[Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
[Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
[Backport] CVE-2021-30630: Inappropriate implementation in Blink
[Backport] CVE-2021-30629: Use after free in Permissions
[Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
[Backport] CVE-2021-30627: Type Confusion in Blink layout
[Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
[Backport] CVE-2021-30625: Use after free in Selection API
[Backport] Security bug 1206289
[Backport] CVE-2021-30613: Use after free in Base internals
[Backport] Security bug 1227228
[Backport] CVE-2021-30618: Inappropriate implementation in DevTools
* Update patch level
* Blacklist certificate test until certicates have been renewed
* Block CORS from local URLs when remote access is not enabled
* Do not wait on weak_pointer for termination errors
* Support MSVC_VER 16.8
* Fix wrong save file filter for Markdown Editor example
* Add Chromium version source documentation
* Bump version from 5.15.6 to 5.15.7
* Fix crash when clicking on a link in PDF
- Drop openSUSE patches:
* fix1163766.patch. Should be addressed with:
https://github.com/qt/qtwebengine-chromium/commit/652f834de
https://github.com/qt/qtwebengine-chromium/commit/faae106ed
https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf
* chromium-glibc-2.33.patch. Should be addressed with the
[Backport] Linux sandbox: fix fstatat() crash and
Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
changes.
* chromium-older-harfbuzz.patch
- Drop upstream changes:
* 0001-return-ENOSYS-for-clone3.patch
* chromium-harfbuzz-3.0.0.patch
* skia-harfbuzz-3.0.0.patch
- Rebase patches:
* sandbox-statx-futex_time64.patch
* Tue Sep 21 2021 Fabian Vogt <fvogt@suse.com>
- Add patches from Arch to fix build with HarfBuzz 3.0.0:
* chromium-harfbuzz-3.0.0.patch
* skia-harfbuzz-3.0.0.patch
- ... but don't break with < 2.9.0:
* chromium-older-harfbuzz.patch
* Thu Sep 09 2021 christophe@krop.fr
- Update to version 5.15.6:
* Update Chromium:
+ [Backport] CVE-2021-30560: Use after free in Blink XSLT
+ [Backport] CVE-2021-30566: Stack buffer overflow in Printing
+ [Backport] CVE-2021-30585: Use after free in sensor handling
+ Bump V8_PATCH_LEVEL
+ [Backport] Security bug 1228036
+ [Backport] CVE-2021-30604: Use after free in ANGLE
+ [Backport] CVE-2021-30603: Race in WebAudio
+ [Backport] CVE-2021-30602: Use after free in WebRTC
+ [Backport] CVE-2021-30599: Type Confusion in V8
+ [Backport] CVE-2021-30598: Type Confusion in V8
+ [Backport] Security bug 1227933
+ [Backport] Security bug 1205059
+ [Backport] Security bug 1184294
+ [Backport] Security bug 1198385
+ [Backport] CVE-2021-30588: Type Confusion in V8
+ [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
+ [Backport] CVE-2021-30573: Use after free in GPU
+ [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
+ [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
+ [Backport] CVE-2021-30541: Use after free in V8
+ [Backport] Security bugs 1197786 and 1194330
+ [Backport] Security bug 1194689
+ [Backport] CVE-2021-30563: Type Confusion in V8
+ [Backport] Security bug 1211215
+ [Backport] Security bug 1209558
+ [Backport] CVE-2021-30553: Use after free in Network service
+ [Backport] CVE-2021-30548: Use after free in Loader
+ [Backport] CVE-2021-30547: Out of bounds write in ANGLE
+ [Backport] CVE-2021-30556: Use after free in WebAudio
+ [Backport] CVE-2021-30559: Out of bounds write in ANGLE
+ [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
+ [Backport] Security bug 1202534
+ [Backport] CVE-2021-30536: Out of bounds read in V8
+ [Backport] CVE-2021-30522: Use after free in WebAudio
+ [Backport] CVE-2021-30554 Use after free in WebGL
+ [Backport] CVE-2021-30551: Type Confusion in V8
+ [Backport] CVE-2021-30544: Use after free in BFCache
+ [Backport] CVE-2021-30535: Double free in ICU
+ [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
+ [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio
+ [Backport] CVE-2021-30523: Use after free in WebRTC
+ Generate mojo bindings before compiling extension API registration
* Bump version from 5.15.5 to 5.15.6
* Always send phased wheel events beginning with Began
- Import patch from the chromium package:
* 0001-return-ENOSYS-for-clone3.patch
- Add changes from the chromium package to
0001-Fix-build-with-glibc-2.34.patch
* Wed Aug 04 2021 Christophe Giboudeaux <christophe@krop.fr>
- Add patch to fix build with glibc 2.34 (boo#1189095)
* 0001-Fix-build-with-glibc-2.34.patch
* Thu Jun 24 2021 Christophe Giboudeaux <christophe@krop.fr>
- Update the CMake version workaround to get qtbase's real version
* Tue Jun 22 2021 christophe@krop.fr
- Update to version 5.15.5:
* Abort findText also right on explicit navigation request
* Adapt to new Connections syntax
* Add devtools eyedropper support
* Add more tests to tst_loadsignals
* Add support for Keyboard.getLayoutMap()
* Add web-ui chrome://net-internals
* Allow leaving OCSP off
* Always send phased wheel events beginning with Began
* Avoid accessing profileAdapter when profile is shutting down
* Avoid unknownFunc messages in qmltests
* Blacklist CertificateError::test_error for macOS
* Blacklist NewViewRequest::test_loadNewViewRequest on macOS
* Blacklist handleError on macos until we merge the fix
* Blacklist numberOfStartedAndFinishedSignalsIsSame on b2q CIs
* Depend on QCoreApplication::startingUp() for checking
existence of app
* Do not allow WebBluetooth to continue
* Do not hide virtual keyboard if the focused node is editable
* Doc: Add a note about navigation within a page to a fragment
* Docs: Suggest to use higher DPI for printing
* Fix FilePickerController's path validation for windows and
corresponding tests
* Fix application locales again
* Fix embedded PDFs when plugins are disabled
* Fix first party url for cookie filter
* Fix inconsistent number of load signals and their order
* Fix normalization of app locales
* Fix not working certificates on mac > 10.14
* Fix prl files on ios
* Fix qmltests::WebEngineViewNavigationHistory auto tests
* Fix qtpdf static builds on windows
* Fix static build of qml qtpdf
* Follow InProcessGpuThread::Init() on thread priority
* Generate mojo bindings before compiling extension API
registration
* Implement PluginServiceFilterQt
* Load signals test: use focusProxy for link clicking test
* Make able to override disabled features from command line
* Notify canGoBack/canGoForward changes based on web actions
* Only disconnect QWebEnginePage signals that QWebEngineView
connected
* Package devtools inspector overlay
* Remove ResourceTypeSubFrame check after website update
* Remove obsolete loadSignals test
secondLoadForError_WhenErrorPageEnabled
* Remove qquickwebengineprofile test
* Remove tracking of frame which load error page
* Remove ui/snapshot overrides for aura
* Report server directs in navigation type
* Return to using the default devtools page
* Set enumaration root directory for File.webkitRelativePath API
* Set more Display properties
* Show PDF viewer in a guest view
* Support devtools close button in QuickNanoBrowser
* Support zoom-in, zoom-out and cell web cursors on macOS
* Unblacklist and fix load signals test for file download
* Update Chromium and adapt PermissionManagerQt
* Update platform notes
* View: test signal for deletion of external page set to view
- Drop patches:
* 0001-Fix-normalization-of-app-locales.patch
* 0001-Fix-build-with-GCC-11.patch
* 0001-Fix-build-with-system-ICU-69.patch
* Thu May 06 2021 Fabian Vogt <fvogt@suse.com>
- Add patch to fix build with ICU 69:
* 0001-Fix-build-with-system-ICU-69.patch
* Wed Apr 14 2021 Christophe Giboudeaux <christophe@krop.fr>
- Add patch to fix build with GCC 11:
* 0001-Fix-build-with-GCC-11.patch
* Wed Apr 14 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update _constraints to avoid OOM
* Tue Apr 13 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Add back missing part in fix1163766.patch (boo#1184610)
* Wed Mar 24 2021 christophe@krop.fr
- Update to version 5.15.3:
* Fix spelling and coding style
* Fix new view request handling (QTBUG-87378)
* Fix getDefaultScreenId on X11
* Fix flaky tst_QWebEngineView::textSelectionOutOfInputField test
* Move touch input tests to separate testcase
* Add touch input tests for scrolling and pinch zooming
* Fix rare duplicate ids forming in touch point id's mapping
* Use the module's version number for QtWebEngineProcess
* Touch handling: provide id mapping without modifying TouchPoint instance
(QTBUG-88001)
* Touch handling: fix mapped ids cleanup for TouchCancel event
* et custom headers from QWebEngineUrlRequestInfo before triggering redirect
(QTBUG-88861)
* Forward modifier flags for lock keys (QTBUG-89001)
* Fix handling of more than one finger for touch event (QTBUG-86389)
* Stabilize load signals emitting (QTBUG-65223, QTBUG-87089)
* Fix building against 5.12 on most CIs
* Update minimum HarfBuzz version to 2.4.0 (QTBUG-88976)
* Fix building against Qt 5.14
* Migrate user script IPC to mojo
* Fix crashes in user resource controller when single process
* Minor. Fix namespace for user resource controller
* Minor. RenderThreadObserverQt is really a RenderConfiguration
* Remove RenderViewObserverHelper from UserResourceController
* Cache mojo interface bindings to UserResourceControllerRenderFrame
* Cache mojo interface bindings for WebChannelIPCTransport
* Migrate render_view_observer_qt to mojo
* Fix crash on linkedin.com (QTBUG-89740)
* Suppress error pages also for http errors if they are disabled
* Fix leak in QQuickWebEngineViewPrivate::contextMenuRequested
* Register PerformanceNode early enough
* Quiet log on webrtc usage
* Remove configure option that doesn't work
* Remove Java build dependency
* Fix blank popups in qml (QTBUG-86034)
* Fix position of popup on qml (QTBUG-86034, QTBUG-89358)
* Enable hangout services extension (QTBUG-85731)
* Allow to fallback to default locale for non existent data packs (QTBUG-90490)
* Support devtools close button
* Do not extract download file names from certain url schemes (QTBUG-90355)
* Leave room for the null-termination byte when checking remote drive path
(QTBUG-90347)
* Do not set open files limit for linking if not necessary
* Remove even more remains of non network service code
* Add back prefers-color-scheme support (QTBUG-89753)
* Start supporting chrome.resourcesPrivate API (QTBUG-90035)
* Enable chrome://user-actions WebUI
* Remove remains of chrome://flash
* Fix loadFinished signal if page has content but server sends HTTP error
(QTBUG-90517)
* Fix devtools page resource loading as raw data instead of html string
* Remove frame metadata observer (RenderWidgetHostViewQt) on destroy
* Resolve installed interceptors right before interception point (QTBUG-86286)
* Update searches faster
* Remove more leftovers of the old compositor
* Enable webrtc logging and the corresponding WebUI
* Support mips64el platform CPU(loongson 3A4000)
* Add tracing UI resources
* Fix crash on meet.google.com
* Fix mad popup qquickwindows on wayland
* Fix crashes on BrowserContext destruction
* Fix crash on exit in quicknanobrowser when popup
* Remove QtPdf dependency on nss at build-time
* Avoid accessing profileAdapter when profile is shutting down (QTBUG-91187)
* Do not flush messages form profile destructor
* Ignore QQuickWebEngineNewViewRequest if it is unhandled
* Fix ScopedGLContextChecker with QTWEBENGINE_DISABLE_GPU_THREAD=1
* Don't send duplicate load progress values
* Fix neon support in libpng
* Do not call deprecated profile interceptor on ui thread (QTBUG-86267)
* Add certificate error message for ERR_SSL_OBSOLETE_VERSION
* Fix assert in WebContentsAdapter::devToolsFrontendDestroyed
* Avoid to reject a certificate error twice in Quick
* Fix PDF viewer plugin
* FIXUP: Fix swap condition in DisplayGLOutputSurface::updatePaintNode
(QTBUG-86599)
* Fix favicon engine under device pixel scaling
* Do not pass a native keycode matching the menu key when it is remapped
(QTBUG-86672)
* Optimize WebEngineSettings::testAttribute
* Warn about QtWebengineProcess launching from network share (QTBUG-84632)
* Handle non-ascii names for pulseaudio (QTBUG-85363)
* Do not set audio device for desktop capture if audio loopback is unsupported
* Fix new view request handling (QTBUG-87378)
* Fix getDefaultScreenId on X11
* Touch handling: provide id mapping without modifying TouchPoint instance
(QTBUG-88001)
* Set custom headers from QWebEngineUrlRequestInfo before triggering redirect
(QTBUG-88861)
* Stabilize load signals emitting (QTBUG-65223)
- CVE fixes backported in chromium updates:
* CVE-2020-16044: Use after free in WebRTC
* CVE-2021-21118: Heap buffer overflow in Blink
* CVE-2021-21119: Use after free in Media
* CVE-2021-21120: Use after free in WebSQL
* CVE-2021-21121: Use after free in Omnibox
* CVE-2021-21122: Use after free in Blink
* CVE-2021-21123: Insufficient data validation in File System API
* CVE-2021-21125: Insufficient policy enforcement in File System API
* CVE-2021-21126: Insufficient policy enforcement in extensions
* CVE-2021-21127: Insufficient policy enforcement in extensions
* CVE-2021-21128: Heap buffer overflow in Blink
* CVE-2021-21129: Insufficient policy enforcement in File System API
* CVE-2021-21130: Insufficient policy enforcement in File System API
* CVE-2021-21131: Insufficient policy enforcement in File System API
* CVE-2021-21132: Inappropriate implementation in DevTools
* CVE-2021-21135: Inappropriate implementation in Performance API
* CVE-2021-21137: Inappropriate implementation in DevTools
* CVE-2021-21140: Uninitialized Use in USB
* CVE-2021-21141: Insufficient policy enforcement in File System API
* CVE-2021-21145: Use after free in Fonts
* CVE-2021-21146: Use after free in Navigation
* CVE-2021-21147: Inappropriate implementation in Skia
* CVE-2021-21148: Heap buffer overflow in V8
* CVE-2021-21149: Stack overflow in Data Transfer
* CVE-2021-21150: Use after free in Downloads
* CVE-2021-21152: Heap buffer overflow in Media
* CVE-2021-21153: Stack overflow in GPU Process
* CVE-2021-21156: Heap buffer overflow in V8
* CVE-2021-21157: Use after free in Web Sockets
- Drop obsolete patches:
* icu-68.patch
* icu-68-2.patch
- Rebase patches:
* fix1163766.patch
* sandbox-statx-futex_time64.patch
* rtc-dont-use-h264.patch
* chromium-glibc-2.33.patch
- Add patch to fix crash with certain locales:
* 0001-Fix-normalization-of-app-locales.patch
- Clean the spec file a bit
* Wed Mar 10 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Can't use system_vpx on Leap 15.3
* Wed Feb 17 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to fix sandbox with glibc 2.33 on 32bit:
* sandbox-statx-futex_time64.patch
* Tue Feb 16 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Relax constraints for armv6 and armv7
* Mon Feb 15 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to fix sandbox with glibc 2.33 (boo#1182233):
* chromium-glibc-2.33.patch
* Fri Jan 29 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Bump _constraints and %limit_build, hopefully avoid occasional
OOM and make the build quicker
- Drop obsolete conditions
* Fri Jan 08 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Drop baselibs.conf, not needed after libksysguard5 got adjusted
/usr/include/qt5/QtWebEngine/5.15.16 /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineaction_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineaction_p_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginecertificateerror_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineclientcertificateselection_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginecontextmenurequest_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginedialogrequests_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginedownloaditem_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginedownloaditem_p_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginefaviconprovider_p_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginehistory_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginehistory_p_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineloadrequest_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginenavigationrequest_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginenewviewrequest_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineprofile_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginescript_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginesettings_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginesingleton_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginetestsupport_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebenginetouchhandleprovider_p_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineview_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qquickwebengineview_p_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qtwebengine-config_p.h /usr/include/qt5/QtWebEngine/5.15.16/QtWebEngine/private/qtwebengineglobal_p.h /usr/include/qt5/QtWebEngineCore/5.15.16 /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private/qtwebenginecore-config_p.h /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private/qtwebenginecoreglobal_p.h /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private/qwebenginecallback_p.h /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private/qwebenginecookiestore_p.h /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private/qwebenginemessagepumpscheduler_p.h /usr/include/qt5/QtWebEngineCore/5.15.16/QtWebEngineCore/private/qwebengineurlrequestinfo_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16 /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qtwebenginewidgets-config_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebenginedownloaditem_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebenginehistory_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebenginenotificationpresenter_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebenginepage_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebengineprofile_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebenginescriptcollection_p.h /usr/include/qt5/QtWebEngineWidgets/5.15.16/QtWebEngineWidgets/private/qwebengineview_p.h /usr/share/licenses/libqt5-qtwebengine-private-headers-devel /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.Chromium /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.FDL /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.GPL2 /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.GPL3 /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.GPL3-EXCEPT /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.GPLv3 /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.LGPL3 /usr/share/licenses/libqt5-qtwebengine-private-headers-devel/LICENSE.LGPLv3
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Apr 20 23:22:12 2024