Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libqt5-qtwebengine for openSUSE:Factory checked in at 2022-10-10 18:44:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtwebengine" Mon Oct 10 18:44:23 2022 rev:85 rq:1008339 version:5.15.11 Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes 2022-09-27 20:10:20.209351449 +0200 +++ /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.2275/libqt5-qtwebengine.changes 2022-10-10 18:44:56.670917984 +0200 @@ -1,0 +2,49 @@ +Wed Oct 05 17:28:40 UTC 2022 - christo...@krop.fr + +- Update to version 5.15.11: + * Work-around GNOME bug misidentifying HTML content + * Fix busy waiting on streaming QIODevice's + * Add workaround for un-minimizing QWebEngineView under Gnome + * Build the QtDesigner plugin in all configurations + * Bump version to 5.15.11 + * Fix method check + * Do not use the native dialog to show the color picker on macOS + * FIXUP: Add workaround for unstable gn on macOS in ci + * Fix top level build with no widget + * Fix touch input for widget's delegate for html popup + * Keep page's zoom level on loading new urls + * Fix leak if loader error is seen first + * Add workaround for unstable gn on macOS in ci + * Pass archiver to gn build + * Fix read-after-free on EGL extensions + * Update Chromium: + * FIXUP: Fix url_utils for QtWebEngine + * FIXUP: Workaround MSVC2022 ICE in constexpr functions + * Fixup: CVE-2022-0796: Use after free in Media + * [Backport] CVE-2022-0796: Use after free in Media + * [Backport] CVE-2022-1855: Use after free in Messaging + * [Backport] CVE-2022-1857: Insufficient policy enforcement in + File System API + * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL + * [Backport] CVE-2022-2010: Out of bounds read in compositing + * [Backport] CVE-2022-2158: Type Confusion in V8 + * [Backport] CVE-2022-2160: Insufficient policy enforcement + in DevTools + * [Backport] CVE-2022-2162: Insufficient policy enforcement in + File System API + * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC + * [Backport] CVE-2022-2295: Type Confusion in V8 + * [Backport] CVE-2022-2477 : Use after free in Guest View + * [Backport] CVE-2022-2610: Insufficient policy enforcement + in Background Fetch + * [Backport] CVE-2022-27404 + * [Backport] CVE-2022-27405 + * [Backport] CVE-2022-27406 + * [Backport] Linux sandbox: ENOSYS for some statx syscalls + * [Backport] Security bug 1287804 + * [Backport] Security bug 1316578 + * [Backport] Security bug 1343889 +- Replace sandbox-statx-futex_time64.patch with upstream change: + * sandbox_futex_time64.patch + +------------------------------------------------------------------- Old: ---- qtwebengine-everywhere-src-5.15.10.tar.xz sandbox-statx-futex_time64.patch New: ---- qtwebengine-everywhere-src-5.15.11.tar.xz sandbox_futex_time64.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtwebengine.spec ++++++ --- /var/tmp/diff_new_pack.SWQSJQ/_old 2022-10-10 18:45:04.526934893 +0200 +++ /var/tmp/diff_new_pack.SWQSJQ/_new 2022-10-10 18:45:04.530934902 +0200 @@ -35,15 +35,15 @@ %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries Name: libqt5-qtwebengine -Version: 5.15.10 +Version: 5.15.11 Release: 0 Summary: Qt 5 WebEngine Library License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only Group: Development/Libraries/X11 URL: https://www.qt.io %define base_name libqt5 -%define real_version 5.15.10 -%define so_version 5.15.10 +%define real_version 5.15.11 +%define so_version 5.15.11 %define tar_version qtwebengine-everywhere-src-%{version} Source: %{tar_version}.tar.xz # Use a git snapshot for catapult to build with python3 (git rev: b7e9d5899) @@ -53,15 +53,16 @@ Patch0: armv6-ffmpeg-no-thumb.patch # PATCH-FIX-OPENSUSE disable-gpu-when-using-nouveau-boo-1005323.diff Patch1: disable-gpu-when-using-nouveau-boo-1005323.diff -Patch2: sandbox-statx-futex_time64.patch # PATCH-FIX-OPENSUSE -Patch3: rtc-dont-use-h264.patch +Patch2: rtc-dont-use-h264.patch # PATCH-FIX-UPSTREAM -Patch4: 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch +Patch3: 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch # PATCH-FIX-UPSTREAM -- build with pipewire 0.3 -Patch5: qtwebengine-pipewire-0.3.patch +Patch4: qtwebengine-pipewire-0.3.patch # PATCH-FIX-OPENSUSE -- build with python 3 -Patch6: qtwebengine-python3.patch +Patch5: qtwebengine-python3.patch +# PATCH-FIX-UPSTREAM -- handle futex_time64 +Patch6: sandbox_futex_time64.patch ### Patch 50-99 are applied conditionally # PATCH-FIX-OPENSUSE -- allow building qtwebengine with ffmpeg5 Patch50: qtwebengine-ffmpeg5.patch @@ -304,6 +305,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 + # Replace the whole catapult folder rather than picking individual changes pushd src/3rdparty/chromium/third_party rm -r catapult ++++++ _service ++++++ --- /var/tmp/diff_new_pack.SWQSJQ/_old 2022-10-10 18:45:04.602935057 +0200 +++ /var/tmp/diff_new_pack.SWQSJQ/_new 2022-10-10 18:45:04.610935074 +0200 @@ -1,11 +1,11 @@ <services> <service name="tar_scm" mode="disabled"> <param name="changesgenerate">enable</param> - <param name="version">5.15.10</param> + <param name="version">5.15.11</param> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> <param name="scm">git</param> <param name="filename">qtwebengine-everywhere-src</param> - <param name="revision">v5.15.10-lts</param> + <param name="revision">v5.15.11-lts</param> </service> <service name="tar_scm" mode="disabled"> <param name="changesgenerate">disable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.SWQSJQ/_old 2022-10-10 18:45:04.638935134 +0200 +++ /var/tmp/diff_new_pack.SWQSJQ/_new 2022-10-10 18:45:04.642935143 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> - <param name="changesrevision">c7e716ef1ffd63a8ab1f4dbf879230849eb3b505</param></service></servicedata> + <param name="changesrevision">3d23b379a7c0a87922f9f5d9600fde8c4e58f1fd</param></service></servicedata> (No newline at EOF) ++++++ qtwebengine-everywhere-src-5.15.10.tar.xz -> qtwebengine-everywhere-src-5.15.11.tar.xz ++++++ /work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.15.10.tar.xz /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.2275/qtwebengine-everywhere-src-5.15.11.tar.xz differ: char 15, line 1 ++++++ sandbox_futex_time64.patch ++++++ >From 6abdfb1d7638c787081d16bb90022cde7a86309f Mon Sep 17 00:00:00 2001 From: Matthew Denton <mpden...@chromium.org> Date: Tue, 16 Mar 2021 06:38:05 +0000 Subject: [PATCH] Linux sandbox: support futex_time64 on 32-bit platforms This updates futex-related syscall sets to include futex_time64, which is a version of the futex syscall which uses 64 bit time on 32-bit systems, to prepare for the Y2038 problem. Change-Id: Ie933d9fec221233bf837f00c08eb7daee204081d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2753571 Commit-Queue: Matthew Denton <mpden...@chromium.org> Reviewed-by: Robert Sesek <rse...@chromium.org> Cr-Commit-Position: refs/heads/master@{#863166} --- sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc | 7 ++++++- sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc | 3 +++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc index 5e650d93c4b..b37f082dd69 100644 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc @@ -198,8 +198,13 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno, } #endif - if (sysno == __NR_futex) + if (sysno == __NR_futex +#if defined(__NR_futex_time64) + || sysno == __NR_futex_time64 +#endif + ) { return RestrictFutex(); + } if (sysno == __NR_set_robust_list) return Error(EPERM); diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc index d1ea8e99a1c..3a8a924cc0a 100644 --- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc +++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc @@ -427,6 +427,9 @@ bool SyscallSets::IsAllowedFutex(int sysno) { case __NR_get_robust_list: case __NR_set_robust_list: case __NR_futex: +#if defined(__NR_futex_time64) + case __NR_futex_time64: +#endif default: return false; }