commit libqt5-qtwebengine for openSUSE:Factory

Source-Sync Mon, 10 Oct 2022 09:45:15 -0700

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package libqt5-qtwebengine for 
openSUSE:Factory checked in at 2022-10-10 18:44:23
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old)
 and      /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libqt5-qtwebengine"

Mon Oct 10 18:44:23 2022 rev:85 rq:1008339 version:5.15.11

Changes:
--------
--- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes    
2022-09-27 20:10:20.209351449 +0200
+++ 
/work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.2275/libqt5-qtwebengine.changes
  2022-10-10 18:44:56.670917984 +0200
@@ -1,0 +2,49 @@
+Wed Oct 05 17:28:40 UTC 2022 - christo...@krop.fr
+
+- Update to version 5.15.11:
+  * Work-around GNOME bug misidentifying HTML content
+  * Fix busy waiting on streaming QIODevice's
+  * Add workaround for un-minimizing QWebEngineView under Gnome
+  * Build the QtDesigner plugin in all configurations
+  * Bump version to 5.15.11
+  * Fix method check
+  * Do not use the native dialog to show the color picker on macOS
+  * FIXUP: Add workaround for unstable gn on macOS in ci
+  * Fix top level build with no widget
+  * Fix touch input for widget's delegate for html popup
+  * Keep page's zoom level on loading new urls
+  * Fix leak if loader error is seen first
+  * Add workaround for unstable gn on macOS in ci
+  * Pass archiver to gn build
+  * Fix read-after-free on EGL extensions
+  * Update Chromium:
+  * FIXUP: Fix url_utils for QtWebEngine
+  * FIXUP: Workaround MSVC2022 ICE in constexpr functions
+  * Fixup: CVE-2022-0796: Use after free in Media
+  * [Backport] CVE-2022-0796: Use after free in Media
+  * [Backport] CVE-2022-1855: Use after free in Messaging
+  * [Backport] CVE-2022-1857: Insufficient policy enforcement in
+    File System API
+  * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
+  * [Backport] CVE-2022-2010: Out of bounds read in compositing
+  * [Backport] CVE-2022-2158: Type Confusion in V8
+  * [Backport] CVE-2022-2160: Insufficient policy enforcement
+    in DevTools
+  * [Backport] CVE-2022-2162: Insufficient policy enforcement in
+    File System API
+  * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC
+  * [Backport] CVE-2022-2295: Type Confusion in V8
+  * [Backport] CVE-2022-2477 : Use after free in Guest View
+  * [Backport] CVE-2022-2610: Insufficient policy enforcement
+    in Background Fetch
+  * [Backport] CVE-2022-27404
+  * [Backport] CVE-2022-27405
+  * [Backport] CVE-2022-27406
+  * [Backport] Linux sandbox: ENOSYS for some statx syscalls
+  * [Backport] Security bug 1287804
+  * [Backport] Security bug 1316578
+  * [Backport] Security bug 1343889
+- Replace sandbox-statx-futex_time64.patch with upstream change:
+  * sandbox_futex_time64.patch
+
+-------------------------------------------------------------------

Old:
----
  qtwebengine-everywhere-src-5.15.10.tar.xz
  sandbox-statx-futex_time64.patch

New:
----
  qtwebengine-everywhere-src-5.15.11.tar.xz
  sandbox_futex_time64.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libqt5-qtwebengine.spec ++++++
--- /var/tmp/diff_new_pack.SWQSJQ/_old  2022-10-10 18:45:04.526934893 +0200
+++ /var/tmp/diff_new_pack.SWQSJQ/_new  2022-10-10 18:45:04.530934902 +0200
@@ -35,15 +35,15 @@
 %global _qtwebengine_dictionaries_dir 
%{_libqt5_datadir}/qtwebengine_dictionaries
 
 Name:           libqt5-qtwebengine
-Version:        5.15.10
+Version:        5.15.11
 Release:        0
 Summary:        Qt 5 WebEngine Library
 License:        LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
 Group:          Development/Libraries/X11
 URL:            https://www.qt.io
 %define base_name libqt5
-%define real_version 5.15.10
-%define so_version 5.15.10
+%define real_version 5.15.11
+%define so_version 5.15.11
 %define tar_version qtwebengine-everywhere-src-%{version}
 Source:         %{tar_version}.tar.xz
 # Use a git snapshot for catapult to build with python3 (git rev: b7e9d5899)
@@ -53,15 +53,16 @@
 Patch0:         armv6-ffmpeg-no-thumb.patch
 # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff
 Patch1:         disable-gpu-when-using-nouveau-boo-1005323.diff
-Patch2:         sandbox-statx-futex_time64.patch
 # PATCH-FIX-OPENSUSE
-Patch3:         rtc-dont-use-h264.patch
+Patch2:         rtc-dont-use-h264.patch
 # PATCH-FIX-UPSTREAM
-Patch4:         0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
+Patch3:         0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
 # PATCH-FIX-UPSTREAM -- build with pipewire 0.3
-Patch5:         qtwebengine-pipewire-0.3.patch
+Patch4:         qtwebengine-pipewire-0.3.patch
 # PATCH-FIX-OPENSUSE -- build with python 3
-Patch6:        qtwebengine-python3.patch
+Patch5:         qtwebengine-python3.patch
+# PATCH-FIX-UPSTREAM -- handle futex_time64
+Patch6:         sandbox_futex_time64.patch
 ### Patch 50-99 are applied conditionally
 # PATCH-FIX-OPENSUSE -- allow building qtwebengine with ffmpeg5
 Patch50:        qtwebengine-ffmpeg5.patch
@@ -304,6 +305,7 @@
 %patch4 -p1
 %patch5 -p1
 %patch6 -p1
+
 # Replace the whole catapult folder rather than picking individual changes
 pushd src/3rdparty/chromium/third_party
 rm -r catapult

++++++ _service ++++++
--- /var/tmp/diff_new_pack.SWQSJQ/_old  2022-10-10 18:45:04.602935057 +0200
+++ /var/tmp/diff_new_pack.SWQSJQ/_new  2022-10-10 18:45:04.610935074 +0200
@@ -1,11 +1,11 @@
 <services>
   <service name="tar_scm" mode="disabled">
    <param name="changesgenerate">enable</param>
-   <param name="version">5.15.10</param>
+   <param name="version">5.15.11</param>
    <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
    <param name="scm">git</param>
    <param name="filename">qtwebengine-everywhere-src</param>
-   <param name="revision">v5.15.10-lts</param>
+   <param name="revision">v5.15.11-lts</param>
   </service>
   <service name="tar_scm" mode="disabled">
    <param name="changesgenerate">disable</param>

++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.SWQSJQ/_old  2022-10-10 18:45:04.638935134 +0200
+++ /var/tmp/diff_new_pack.SWQSJQ/_new  2022-10-10 18:45:04.642935143 +0200
@@ -1,6 +1,6 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
-              <param 
name="changesrevision">c7e716ef1ffd63a8ab1f4dbf879230849eb3b505</param></service></servicedata>
+              <param 
name="changesrevision">3d23b379a7c0a87922f9f5d9600fde8c4e58f1fd</param></service></servicedata>
 (No newline at EOF)
 

++++++ qtwebengine-everywhere-src-5.15.10.tar.xz -> 
qtwebengine-everywhere-src-5.15.11.tar.xz ++++++
/work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.15.10.tar.xz
 
/work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.2275/qtwebengine-everywhere-src-5.15.11.tar.xz
 differ: char 15, line 1

++++++ sandbox_futex_time64.patch ++++++
>From 6abdfb1d7638c787081d16bb90022cde7a86309f Mon Sep 17 00:00:00 2001
From: Matthew Denton <mpden...@chromium.org>
Date: Tue, 16 Mar 2021 06:38:05 +0000
Subject: [PATCH] Linux sandbox: support futex_time64 on 32-bit platforms

This updates futex-related syscall sets to include futex_time64, which
is a version of the futex syscall which uses 64 bit time on 32-bit
systems, to prepare for the Y2038 problem.

Change-Id: Ie933d9fec221233bf837f00c08eb7daee204081d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2753571
Commit-Queue: Matthew Denton <mpden...@chromium.org>
Reviewed-by: Robert Sesek <rse...@chromium.org>
Cr-Commit-Position: refs/heads/master@{#863166}
---
 sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 7 ++++++-
 sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc    | 3 +++
 2 files changed, 9 insertions(+), 1 deletion(-)


diff --git 
a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc 
b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 5e650d93c4b..b37f082dd69 100644
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -198,8 +198,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
   }
 #endif
 
-  if (sysno == __NR_futex)
+  if (sysno == __NR_futex
+#if defined(__NR_futex_time64)
+      || sysno == __NR_futex_time64
+#endif
+  ) {
     return RestrictFutex();
+  }
 
   if (sysno == __NR_set_robust_list)
     return Error(EPERM);
diff --git 
a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc 
b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
index d1ea8e99a1c..3a8a924cc0a 100644
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
@@ -427,6 +427,9 @@ bool SyscallSets::IsAllowedFutex(int sysno) {
     case __NR_get_robust_list:
     case __NR_set_robust_list:
     case __NR_futex:
+#if defined(__NR_futex_time64)
+    case __NR_futex_time64:
+#endif
     default:
       return false;
   }

commit libqt5-qtwebengine for openSUSE:Factory

Reply via email to