Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libqt5-qtwebengine for openSUSE:Factory checked in at 2021-09-13 16:24:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtwebengine" Mon Sep 13 16:24:25 2021 rev:72 rq:917890 version:5.15.6 Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes 2021-08-16 10:05:47.787510678 +0200 +++ /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1899/libqt5-qtwebengine.changes 2021-09-13 16:24:57.930774840 +0200 @@ -1,0 +2,54 @@ +Thu Sep 09 07:19:58 UTC 2021 - [email protected] + +- Update to version 5.15.6: + * Update Chromium: + + [Backport] CVE-2021-30560: Use after free in Blink XSLT + + [Backport] CVE-2021-30566: Stack buffer overflow in Printing + + [Backport] CVE-2021-30585: Use after free in sensor handling + + Bump V8_PATCH_LEVEL + + [Backport] Security bug 1228036 + + [Backport] CVE-2021-30604: Use after free in ANGLE + + [Backport] CVE-2021-30603: Race in WebAudio + + [Backport] CVE-2021-30602: Use after free in WebRTC + + [Backport] CVE-2021-30599: Type Confusion in V8 + + [Backport] CVE-2021-30598: Type Confusion in V8 + + [Backport] Security bug 1227933 + + [Backport] Security bug 1205059 + + [Backport] Security bug 1184294 + + [Backport] Security bug 1198385 + + [Backport] CVE-2021-30588: Type Confusion in V8 + + [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows + + [Backport] CVE-2021-30573: Use after free in GPU + + [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 + + [Backport] CVE-2021-30568: Heap buffer overflow in WebGL + + [Backport] CVE-2021-30541: Use after free in V8 + + [Backport] Security bugs 1197786 and 1194330 + + [Backport] Security bug 1194689 + + [Backport] CVE-2021-30563: Type Confusion in V8 + + [Backport] Security bug 1211215 + + [Backport] Security bug 1209558 + + [Backport] CVE-2021-30553: Use after free in Network service + + [Backport] CVE-2021-30548: Use after free in Loader + + [Backport] CVE-2021-30547: Out of bounds write in ANGLE + + [Backport] CVE-2021-30556: Use after free in WebAudio + + [Backport] CVE-2021-30559: Out of bounds write in ANGLE + + [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker + + [Backport] Security bug 1202534 + + [Backport] CVE-2021-30536: Out of bounds read in V8 + + [Backport] CVE-2021-30522: Use after free in WebAudio + + [Backport] CVE-2021-30554 Use after free in WebGL + + [Backport] CVE-2021-30551: Type Confusion in V8 + + [Backport] CVE-2021-30544: Use after free in BFCache + + [Backport] CVE-2021-30535: Double free in ICU + + [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox + + [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio + + [Backport] CVE-2021-30523: Use after free in WebRTC + + Generate mojo bindings before compiling extension API registration + * Bump version from 5.15.5 to 5.15.6 + * Always send phased wheel events beginning with Began +- Import patch from the chromium package: + * 0001-return-ENOSYS-for-clone3.patch +- Add changes from the chromium package to + 0001-Fix-build-with-glibc-2.34.patch + +------------------------------------------------------------------- Old: ---- qtwebengine-everywhere-src-5.15.5.tar.xz sync.profile New: ---- 0001-return-ENOSYS-for-clone3.patch qtwebengine-everywhere-src-5.15.6.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtwebengine.spec ++++++ --- /var/tmp/diff_new_pack.wOiCew/_old 2021-09-13 16:25:08.474787029 +0200 +++ /var/tmp/diff_new_pack.wOiCew/_new 2021-09-13 16:25:08.478787034 +0200 @@ -29,19 +29,17 @@ %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries Name: libqt5-qtwebengine -Version: 5.15.5 +Version: 5.15.6 Release: 0 Summary: Qt 5 WebEngine Library License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only Group: Development/Libraries/X11 URL: https://www.qt.io %define base_name libqt5 -%define real_version 5.15.5 -%define so_version 5.15.5 +%define real_version 5.15.6 +%define so_version 5.15.6 %define tar_version qtwebengine-everywhere-src-%{version} Source: %{tar_version}.tar.xz -# Generated from a local build -Source1: sync.profile # PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration for armv6 Patch0: armv6-ffmpeg-no-thumb.patch # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff @@ -54,7 +52,9 @@ Patch5: chromium-glibc-2.33.patch # PATCH-FIX-UPSTREAM Patch6: 0001-Fix-build-with-glibc-2.34.patch -# http://www.chromium.org/blink not ported to PowerPC +# PATCH-FIX-UPSTREAM +Patch7: 0001-return-ENOSYS-for-clone3.patch +# http://www.chromium.org/blink is not ported to PowerPC & s390 ExcludeArch: ppc ppc64 ppc64le s390 s390x # Try to fix i586 MemoryErrors with rpmlint #!BuildIgnore: rpmlint @@ -68,7 +68,7 @@ BuildRequires: krb5 BuildRequires: krb5-devel BuildRequires: libQt5QuickControls2-devel -# For building pdf exmples... +# For building pdf examples... BuildRequires: libqt5-qtsvg-devel BuildRequires: libcap-devel BuildRequires: libgcrypt-devel @@ -82,7 +82,7 @@ BuildRequires: libqt5-qtxmlpatterns-private-headers-devel >= 5.12 BuildRequires: memory-constraints BuildRequires: ninja -# nodejs-default doesn't exist on Leap 15.2 and nodejs/nodejs-common is confused on TW/i586 +# nodejs-default doesn't exist on Leap 15.2 %if 0%{?suse_version} == 1500 && 0%{?sle_version} == 150200 BuildRequires: nodejs-common %else @@ -278,9 +278,11 @@ Examples for the libqt5-qtpdf module. %prep -%setup -q -n %{tar_version} +%autosetup -p1 -n %{tar_version} sed -i 's|$(STRIP)|strip|g' src/core/core_module.pro -%autopatch -p1 + +#force the configure script to generate the forwarding headers (it checks whether .git directory exists) +mkdir .git # QTBUG-61128 sed -i -e '/toolprefix = /d' -e 's/\${toolprefix}//g' \ @@ -318,12 +320,6 @@ -webengine-proprietary-codecs \ %endif -# For an unknown reason, syncqt isn't executed when building the package on the build service -cp %{SOURCE1} . -for i in QtWebEngine QtWebEngineCore QtWebEngineWidgets QtPdf QtPdfWidgets ; do - perl -w %{_libqt5_bindir}/syncqt.pl -module $i -version %{version} -outdir $PWD -builddir $PWD $PWD -done - # Determine the right number of parallel processes based on the available memory %limit_build -m 2750 @@ -344,9 +340,6 @@ # kill .la files rm -f %{buildroot}%{_libqt5_libdir}/*.la -# webenginecore expects icudatl.dat at this location -# ln -sf %{_datadir}/icu/*/icudt*l.dat %{buildroot}%{_datadir}/qt5/icudtl.dat - # Workaround to allow using QtWE with older Qt versions %global qtcore_version %(printf %{pkg_version libQt5Core5} | cut -d + -f 1) # NOTE the space after '%%{version}' is important to only match '5.15.X ${_Qt5XXX_FIND_VERSION_EXACT}' ++++++ 0001-Fix-build-with-glibc-2.34.patch ++++++ --- /var/tmp/diff_new_pack.wOiCew/_old 2021-09-13 16:25:08.498787057 +0200 +++ /var/tmp/diff_new_pack.wOiCew/_new 2021-09-13 16:25:08.502787061 +0200 @@ -8,8 +8,23 @@ .../breakpad/src/client/linux/handler/exception_handler.cc | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) +diff --git a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc +index d7b5d8c4413..a62cb21bd7a 100644 +--- a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc ++++ b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc +@@ -98,7 +98,9 @@ bool ChrootToSafeEmptyDir() { + // attempt this optimization. + clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS; + +- char tls_buf[PTHREAD_STACK_MIN] = {0}; ++ const std::size_t pthread_stack_min = PTHREAD_STACK_MIN; ++ char tls_buf[pthread_stack_min]; ++ memset(tls_buf, 0, pthread_stack_min); + tls = tls_buf; + #endif + diff --git a/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc b/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc -index 5d13bdbbb..2ed137b58 100644 +index 5d13bdbbbd1..2ed137b58f1 100644 --- a/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc +++ b/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc @@ -135,7 +135,8 @@ static bool SetupAlternateStackOnce() { @@ -23,7 +38,7 @@ defined(ABSL_HAVE_MEMORY_SANITIZER) || defined(ABSL_HAVE_THREAD_SANITIZER) // Account for sanitizer instrumentation requiring additional stack space. diff --git a/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc b/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc -index ca353c409..2e43ba6fc 100644 +index ca353c40997..2e43ba6fc04 100644 --- a/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc +++ b/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc @@ -138,7 +138,7 @@ void InstallAlternateStackLocked() { @@ -35,6 +50,5 @@ // Only set an alternative stack if there isn't already one, or if the current // one is too small. --- +-- 2.32.0 - ++++++ 0001-return-ENOSYS-for-clone3.patch ++++++ >From 218438259dd795456f0a48f67cbe5b4e520db88b Mon Sep 17 00:00:00 2001 From: Matthew Denton <[email protected]> Date: Thu, 3 Jun 2021 20:06:13 +0000 Subject: [PATCH] Linux sandbox: return ENOSYS for clone3 Because clone3 uses a pointer argument rather than a flags argument, we cannot examine the contents with seccomp, which is essential to preventing sandboxed processes from starting other processes. So, we won't be able to support clone3 in Chromium. This CL modifies the BPF policy to return ENOSYS for clone3 so glibc always uses the fallback to clone. Bug: 1213452 Change-Id: I7c7c585a319e0264eac5b1ebee1a45be2d782303 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2936184 Reviewed-by: Robert Sesek <[email protected]> Commit-Queue: Matthew Denton <[email protected]> Cr-Commit-Position: refs/heads/master@{#888980} --- .../sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 8 ++++++++ diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc index 3c67b124786..81cb25e139e 100644 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -165,6 +165,14 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, return RestrictCloneToThreadsAndEPERMFork(); } + // clone3 takes a pointer argument which we cannot examine, so return ENOSYS + // to force the libc to use clone. See https://crbug.com/1213452. + #if defined(__NR_clone3) + if (sysno == __NR_clone3) { + return Error(ENOSYS); + } + #endif + if (sysno == __NR_fcntl) return RestrictFcntlCommands(); -- 2.32.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.wOiCew/_old 2021-09-13 16:25:08.566787135 +0200 +++ /var/tmp/diff_new_pack.wOiCew/_new 2021-09-13 16:25:08.566787135 +0200 @@ -1,11 +1,11 @@ <services> <service name="tar_scm" mode="disabled"> <param name="changesgenerate">enable</param> - <param name="version">5.15.5</param> + <param name="version">5.15.6</param> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> <param name="scm">git</param> <param name="filename">qtwebengine-everywhere-src</param> - <param name="revision">v5.15.5-lts</param> + <param name="revision">v5.15.6-lts</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.wOiCew/_old 2021-09-13 16:25:08.598787173 +0200 +++ /var/tmp/diff_new_pack.wOiCew/_new 2021-09-13 16:25:08.602787177 +0200 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> - <param name="changesrevision">9711f64c5082040cb76f6da5ef4a16037dbda08f</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">2acbba86362ac3a1c2d8c20390dc263875f8f09c</param></service></servicedata> \ No newline at end of file ++++++ qtwebengine-everywhere-src-5.15.5.tar.xz -> qtwebengine-everywhere-src-5.15.6.tar.xz ++++++ /work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.15.5.tar.xz /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1899/qtwebengine-everywhere-src-5.15.6.tar.xz differ: char 15, line 1
