Changelog for
libqt5-qtwebengine-5.15.7-lp154.1.1.x86_64.rpm :
* Fri Oct 29 2021 christopheAATTkrop.fr- Update to version 5.15.7:
* Update Chromium: [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms [Backport] sandbox: linux: allow clock_nanosleep & gettime64 [Backport] Linux sandbox: update syscall numbers for all platforms. [Backport] Ease HarfBuzz API change with feature detection [Backport] Security bug 1248665 [Backport] CVE-2021-37975 : Use after free in V8 [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2) [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2) [Backport] CVE-2021-37978 : Heap buffer overflow in Blink [Backport] CVE-2021-30616: Use after free in Media. [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2) [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2) [Backport] CVE-2021-37973 : Use after free in Portals [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI. [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API [Backport] Linux sandbox: return ENOSYS for clone3 [Backport] Linux sandbox: fix fstatat() crash [Backport] Reland \"Reland \"Linux sandbox syscall broker: use struct kernel_stat\"\" [Backport] Security bug 1238178 (2/2) [Backport] Security bug 1238178 (1/2) [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2) [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2) [Backport] CVE-2021-30630: Inappropriate implementation in Blink [Backport] CVE-2021-30629: Use after free in Permissions [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE [Backport] CVE-2021-30627: Type Confusion in Blink layout [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE [Backport] CVE-2021-30625: Use after free in Selection API [Backport] Security bug 1206289 [Backport] CVE-2021-30613: Use after free in Base internals [Backport] Security bug 1227228 [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
* Update patch level
* Blacklist certificate test until certicates have been renewed
* Block CORS from local URLs when remote access is not enabled
* Do not wait on weak_pointer for termination errors
* Support MSVC_VER 16.8
* Fix wrong save file filter for Markdown Editor example
* Add Chromium version source documentation
* Bump version from 5.15.6 to 5.15.7
* Fix crash when clicking on a link in PDF- Drop openSUSE patches:
* fix1163766.patch. Should be addressed with: https://github.com/qt/qtwebengine-chromium/commit/652f834de https://github.com/qt/qtwebengine-chromium/commit/faae106ed https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf
* chromium-glibc-2.33.patch. Should be addressed with the [Backport] Linux sandbox: fix fstatat() crash and Reland \"Reland \"Linux sandbox syscall broker: use struct kernel_stat\"\" changes.
* chromium-older-harfbuzz.patch- Drop upstream changes:
* 0001-return-ENOSYS-for-clone3.patch
* chromium-harfbuzz-3.0.0.patch
* skia-harfbuzz-3.0.0.patch- Rebase patches:
* sandbox-statx-futex_time64.patch
* Tue Sep 21 2021 Fabian Vogt
- Add patches from Arch to fix build with HarfBuzz 3.0.0:
* chromium-harfbuzz-3.0.0.patch
* skia-harfbuzz-3.0.0.patch- ... but don\'t break with < 2.9.0:
* chromium-older-harfbuzz.patch
* Thu Sep 09 2021 christopheAATTkrop.fr- Update to version 5.15.6:
* Update Chromium: + [Backport] CVE-2021-30560: Use after free in Blink XSLT + [Backport] CVE-2021-30566: Stack buffer overflow in Printing + [Backport] CVE-2021-30585: Use after free in sensor handling + Bump V8_PATCH_LEVEL + [Backport] Security bug 1228036 + [Backport] CVE-2021-30604: Use after free in ANGLE + [Backport] CVE-2021-30603: Race in WebAudio + [Backport] CVE-2021-30602: Use after free in WebRTC + [Backport] CVE-2021-30599: Type Confusion in V8 + [Backport] CVE-2021-30598: Type Confusion in V8 + [Backport] Security bug 1227933 + [Backport] Security bug 1205059 + [Backport] Security bug 1184294 + [Backport] Security bug 1198385 + [Backport] CVE-2021-30588: Type Confusion in V8 + [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows + [Backport] CVE-2021-30573: Use after free in GPU + [Backport] CVE-2021-30569, security bugs 1198216 and 1204814 + [Backport] CVE-2021-30568: Heap buffer overflow in WebGL + [Backport] CVE-2021-30541: Use after free in V8 + [Backport] Security bugs 1197786 and 1194330 + [Backport] Security bug 1194689 + [Backport] CVE-2021-30563: Type Confusion in V8 + [Backport] Security bug 1211215 + [Backport] Security bug 1209558 + [Backport] CVE-2021-30553: Use after free in Network service + [Backport] CVE-2021-30548: Use after free in Loader + [Backport] CVE-2021-30547: Out of bounds write in ANGLE + [Backport] CVE-2021-30556: Use after free in WebAudio + [Backport] CVE-2021-30559: Out of bounds write in ANGLE + [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker + [Backport] Security bug 1202534 + [Backport] CVE-2021-30536: Out of bounds read in V8 + [Backport] CVE-2021-30522: Use after free in WebAudio + [Backport] CVE-2021-30554 Use after free in WebGL + [Backport] CVE-2021-30551: Type Confusion in V8 + [Backport] CVE-2021-30544: Use after free in BFCache + [Backport] CVE-2021-30535: Double free in ICU + [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox + [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio + [Backport] CVE-2021-30523: Use after free in WebRTC + Generate mojo bindings before compiling extension API registration
* Bump version from 5.15.5 to 5.15.6
* Always send phased wheel events beginning with Began- Import patch from the chromium package:
* 0001-return-ENOSYS-for-clone3.patch- Add changes from the chromium package to 0001-Fix-build-with-glibc-2.34.patch
* Wed Aug 04 2021 Christophe Giboudeaux - Add patch to fix build with glibc 2.34 (boo#1189095)
* 0001-Fix-build-with-glibc-2.34.patch
* Thu Jun 24 2021 Christophe Giboudeaux - Update the CMake version workaround to get qtbase\'s real version
* Tue Jun 22 2021 christopheAATTkrop.fr- Update to version 5.15.5:
* Abort findText also right on explicit navigation request
* Adapt to new Connections syntax
* Add devtools eyedropper support
* Add more tests to tst_loadsignals
* Add support for Keyboard.getLayoutMap()
* Add web-ui chrome://net-internals
* Allow leaving OCSP off
* Always send phased wheel events beginning with Began
* Avoid accessing profileAdapter when profile is shutting down
* Avoid unknownFunc messages in qmltests
* Blacklist CertificateError::test_error for macOS
* Blacklist NewViewRequest::test_loadNewViewRequest on macOS
* Blacklist handleError on macos until we merge the fix
* Blacklist numberOfStartedAndFinishedSignalsIsSame on b2q CIs
* Depend on QCoreApplication::startingUp() for checking existence of app
* Do not allow WebBluetooth to continue
* Do not hide virtual keyboard if the focused node is editable
* Doc: Add a note about navigation within a page to a fragment
* Docs: Suggest to use higher DPI for printing
* Fix FilePickerController\'s path validation for windows and corresponding tests
* Fix application locales again
* Fix embedded PDFs when plugins are disabled
* Fix first party url for cookie filter
* Fix inconsistent number of load signals and their order
* Fix normalization of app locales
* Fix not working certificates on mac > 10.14
* Fix prl files on ios
* Fix qmltests::WebEngineViewNavigationHistory auto tests
* Fix qtpdf static builds on windows
* Fix static build of qml qtpdf
* Follow InProcessGpuThread::Init() on thread priority
* Generate mojo bindings before compiling extension API registration
* Implement PluginServiceFilterQt
* Load signals test: use focusProxy for link clicking test
* Make able to override disabled features from command line
* Notify canGoBack/canGoForward changes based on web actions
* Only disconnect QWebEnginePage signals that QWebEngineView connected
* Package devtools inspector overlay
* Remove ResourceTypeSubFrame check after website update
* Remove obsolete loadSignals test secondLoadForError_WhenErrorPageEnabled
* Remove qquickwebengineprofile test
* Remove tracking of frame which load error page
* Remove ui/snapshot overrides for aura
* Report server directs in navigation type
* Return to using the default devtools page
* Set enumaration root directory for File.webkitRelativePath API
* Set more Display properties
* Show PDF viewer in a guest view
* Support devtools close button in QuickNanoBrowser
* Support zoom-in, zoom-out and cell web cursors on macOS
* Unblacklist and fix load signals test for file download
* Update Chromium and adapt PermissionManagerQt
* Update platform notes
* View: test signal for deletion of external page set to view- Drop patches:
* 0001-Fix-normalization-of-app-locales.patch
* 0001-Fix-build-with-GCC-11.patch
* 0001-Fix-build-with-system-ICU-69.patch
* Thu May 06 2021 Fabian Vogt - Add patch to fix build with ICU 69:
* 0001-Fix-build-with-system-ICU-69.patch
* Wed Apr 14 2021 Christophe Giboudeaux - Add patch to fix build with GCC 11:
* 0001-Fix-build-with-GCC-11.patch
* Wed Apr 14 2021 Guillaume GARDET - Update _constraints to avoid OOM
* Tue Apr 13 2021 Fabian Vogt - Add back missing part in fix1163766.patch (boo#1184610)
* Wed Mar 24 2021 christopheAATTkrop.fr- Update to version 5.15.3:
* Fix spelling and coding style
* Fix new view request handling (QTBUG-87378)
* Fix getDefaultScreenId on X11
* Fix flaky tst_QWebEngineView::textSelectionOutOfInputField test
* Move touch input tests to separate testcase
* Add touch input tests for scrolling and pinch zooming
* Fix rare duplicate ids forming in touch point id\'s mapping
* Use the module\'s version number for QtWebEngineProcess
* Touch handling: provide id mapping without modifying TouchPoint instance (QTBUG-88001)
* Touch handling: fix mapped ids cleanup for TouchCancel event
* et custom headers from QWebEngineUrlRequestInfo before triggering redirect (QTBUG-88861)
* Forward modifier flags for lock keys (QTBUG-89001)
* Fix handling of more than one finger for touch event (QTBUG-86389)
* Stabilize load signals emitting (QTBUG-65223, QTBUG-87089)
* Fix building against 5.12 on most CIs
* Update minimum HarfBuzz version to 2.4.0 (QTBUG-88976)
* Fix building against Qt 5.14
* Migrate user script IPC to mojo
* Fix crashes in user resource controller when single process
* Minor. Fix namespace for user resource controller
* Minor. RenderThreadObserverQt is really a RenderConfiguration
* Remove RenderViewObserverHelper from UserResourceController
* Cache mojo interface bindings to UserResourceControllerRenderFrame
* Cache mojo interface bindings for WebChannelIPCTransport
* Migrate render_view_observer_qt to mojo
* Fix crash on linkedin.com (QTBUG-89740)
* Suppress error pages also for http errors if they are disabled
* Fix leak in QQuickWebEngineViewPrivate::contextMenuRequested
* Register PerformanceNode early enough
* Quiet log on webrtc usage
* Remove configure option that doesn\'t work
* Remove Java build dependency
* Fix blank popups in qml (QTBUG-86034)
* Fix position of popup on qml (QTBUG-86034, QTBUG-89358)
* Enable hangout services extension (QTBUG-85731)
* Allow to fallback to default locale for non existent data packs (QTBUG-90490)
* Support devtools close button
* Do not extract download file names from certain url schemes (QTBUG-90355)
* Leave room for the null-termination byte when checking remote drive path (QTBUG-90347)
* Do not set open files limit for linking if not necessary
* Remove even more remains of non network service code
* Add back prefers-color-scheme support (QTBUG-89753)
* Start supporting chrome.resourcesPrivate API (QTBUG-90035)
* Enable chrome://user-actions WebUI
* Remove remains of chrome://flash
* Fix loadFinished signal if page has content but server sends HTTP error (QTBUG-90517)
* Fix devtools page resource loading as raw data instead of html string
* Remove frame metadata observer (RenderWidgetHostViewQt) on destroy
* Resolve installed interceptors right before interception point (QTBUG-86286)
* Update searches faster
* Remove more leftovers of the old compositor
* Enable webrtc logging and the corresponding WebUI
* Support mips64el platform CPU(loongson 3A4000)
* Add tracing UI resources
* Fix crash on meet.google.com
* Fix mad popup qquickwindows on wayland
* Fix crashes on BrowserContext destruction
* Fix crash on exit in quicknanobrowser when popup
* Remove QtPdf dependency on nss at build-time
* Avoid accessing profileAdapter when profile is shutting down (QTBUG-91187)
* Do not flush messages form profile destructor
* Ignore QQuickWebEngineNewViewRequest if it is unhandled
* Fix ScopedGLContextChecker with QTWEBENGINE_DISABLE_GPU_THREAD=1
* Don\'t send duplicate load progress values
* Fix neon support in libpng
* Do not call deprecated profile interceptor on ui thread (QTBUG-86267)
* Add certificate error message for ERR_SSL_OBSOLETE_VERSION
* Fix assert in WebContentsAdapter::devToolsFrontendDestroyed
* Avoid to reject a certificate error twice in Quick
* Fix PDF viewer plugin
* FIXUP: Fix swap condition in DisplayGLOutputSurface::updatePaintNode (QTBUG-86599)
* Fix favicon engine under device pixel scaling
* Do not pass a native keycode matching the menu key when it is remapped (QTBUG-86672)
* Optimize WebEngineSettings::testAttribute
* Warn about QtWebengineProcess launching from network share (QTBUG-84632)
* Handle non-ascii names for pulseaudio (QTBUG-85363)
* Do not set audio device for desktop capture if audio loopback is unsupported
* Fix new view request handling (QTBUG-87378)
* Fix getDefaultScreenId on X11
* Touch handling: provide id mapping without modifying TouchPoint instance (QTBUG-88001)
* Set custom headers from QWebEngineUrlRequestInfo before triggering redirect (QTBUG-88861)
* Stabilize load signals emitting (QTBUG-65223)- CVE fixes backported in chromium updates:
* CVE-2020-16044: Use after free in WebRTC
* CVE-2021-21118: Heap buffer overflow in Blink
* CVE-2021-21119: Use after free in Media
* CVE-2021-21120: Use after free in WebSQL
* CVE-2021-21121: Use after free in Omnibox
* CVE-2021-21122: Use after free in Blink
* CVE-2021-21123: Insufficient data validation in File System API
* CVE-2021-21125: Insufficient policy enforcement in File System API
* CVE-2021-21126: Insufficient policy enforcement in extensions
* CVE-2021-21127: Insufficient policy enforcement in extensions
* CVE-2021-21128: Heap buffer overflow in Blink
* CVE-2021-21129: Insufficient policy enforcement in File System API
* CVE-2021-21130: Insufficient policy enforcement in File System API
* CVE-2021-21131: Insufficient policy enforcement in File System API
* CVE-2021-21132: Inappropriate implementation in DevTools
* CVE-2021-21135: Inappropriate implementation in Performance API
* CVE-2021-21137: Inappropriate implementation in DevTools
* CVE-2021-21140: Uninitialized Use in USB
* CVE-2021-21141: Insufficient policy enforcement in File System API
* CVE-2021-21145: Use after free in Fonts
* CVE-2021-21146: Use after free in Navigation
* CVE-2021-21147: Inappropriate implementation in Skia
* CVE-2021-21148: Heap buffer overflow in V8
* CVE-2021-21149: Stack overflow in Data Transfer
* CVE-2021-21150: Use after free in Downloads
* CVE-2021-21152: Heap buffer overflow in Media
* CVE-2021-21153: Stack overflow in GPU Process
* CVE-2021-21156: Heap buffer overflow in V8
* CVE-2021-21157: Use after free in Web Sockets- Drop obsolete patches:
* icu-68.patch
* icu-68-2.patch- Rebase patches:
* fix1163766.patch
* sandbox-statx-futex_time64.patch
* rtc-dont-use-h264.patch
* chromium-glibc-2.33.patch- Add patch to fix crash with certain locales:
* 0001-Fix-normalization-of-app-locales.patch- Clean the spec file a bit
* Wed Mar 10 2021 Fabian Vogt - Can\'t use system_vpx on Leap 15.3
* Wed Feb 17 2021 Fabian Vogt - Add patch to fix sandbox with glibc 2.33 on 32bit:
* sandbox-statx-futex_time64.patch
* Tue Feb 16 2021 Guillaume GARDET - Relax constraints for armv6 and armv7
* Mon Feb 15 2021 Fabian Vogt - Add patch to fix sandbox with glibc 2.33 (boo#1182233):
* chromium-glibc-2.33.patch
* Fri Jan 29 2021 Fabian Vogt - Bump _constraints and %limit_build, hopefully avoid occasional OOM and make the build quicker- Drop obsolete conditions
* Fri Jan 08 2021 Fabian Vogt - Drop baselibs.conf, not needed after libksysguard5 got adjusted
* Tue Dec 15 2020 Callum Farmer - Fix build with ICU 68:
* Added icu-68.patch
* Added icu-68-2.patch
* Fri Nov 20 2020 Fabian Vogt - Update to 5.15.2:
* New bugfix release
* For more details please see: http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.2/?h=5.15.2
* Thu Sep 10 2020 Fabian Vogt - Update to 5.15.1:
* New bugfix release
* For more details please see: http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.1/?h=5.15.1- Drop patches, now upstream:
* icu-v67.patch
* 0001-fix-build-after-y2038-changes-in-glibc.patch- Refresh disable-gpu-when-using-nouveau-boo-1005323.diff- Update rtc-dont-use-h264.patch
* Thu May 28 2020 Fabian Vogt - Add patch to not require openh264 and don\'t build the bundled version:
* rtc-dont-use-h264.patch
* Wed May 27 2020 Fabian Vogt - Can\'t use system VPX on Leap 15.2
* Tue May 26 2020 Callum Farmer - Update to version 5.15.0:
* No changelog available
* Thu May 21 2020 Callum Farmer - Update to version 5.15.0-rc2:
* No changelog available
* Removed some-more-includes-gcc10.patch: contained in upstream
* Wed May 06 2020 Fabian Vogt - Update to 5.15.0-rc:
* New bugfix release
* For the changes between 5.14.2 and 5.15.0 please see: http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.0/?h=5.15.0- Drop patches, now upstream:
* QTBUG-82186.patch
* Fri Apr 24 2020 Ismail Dönmez - Add icu-v67.patch to fix compilation with icu v67, this is a backport of https://github.com/v8/v8/commit/3f8dc4b2e5baf77b463334c769af85b79d8c1463- Rebase icu-v67.patch on 5.15.0-beta4
* Fri Apr 24 2020 Fabian Vogt - Update to 5.15.0-beta4:
* New bugfix release
* No changelog available- Refresh QTBUG-82186.patch
* Tue Apr 14 2020 Fabian Vogt - Update to 5.15.0-beta3:
* New bugfix release
* No changelog available- Refresh fix1163766.patch
* Thu Apr 09 2020 Bernhard Wiedemann - Add fix1163766.patch to fix opensuse-welcome on i686 (boo#1163766)
* Mon Mar 30 2020 Fabian Vogt - Add patch to fix build with GCC 10 (boo#1158516):
* some-more-includes-gcc10.patch
* Tue Mar 24 2020 Fabian Vogt - Update to 5.15.0-beta2:
* New bugfix release
* No changelog available
* Fri Feb 28 2020 Fabian Vogt - Update to 5.15.0-beta1:
* New bugfix release
* No changelog available- Drop patches, now upstream:
* fix-missing-designerplugin.patch
* QTBUG-81574.patch
* Fri Feb 21 2020 Fabian Vogt - Fix a deadlock causing audio/video playback to fail (boo#1163744):
* QTBUG-82186.patch
* Fri Feb 21 2020 Fabian Vogt - Fix an issue with selections breaking replying in KMail:
* QTBUG-81574.patch
* Wed Feb 19 2020 Fabian Vogt - Update to 5.15.0-alpha:
* New feature release
* For more details please see: https://wiki.qt.io/New_Features_in_Qt_5.15- Add patch to fix building the designer plugin:
* fix-missing-designerplugin.patch- Move designer plugin into -devel subpackage- Add packages for new Qt PDF module (which is technically separate from WebEngine, but shares the source tarball)
* Mon Jan 27 2020 Fabian Vogt - Update to 5.14.1:
* New bugfix release
* For more details please see: http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.14.1/?h=v5.14.1
* Mon Jan 20 2020 Guillaume GARDET - Disable valgrind on %arm due to boo#1130395