_service

@@ -1,12 +1,11 @@
 <services>
   <service name="tar_scm" mode="disabled">
    <param name="changesgenerate">enable</param>
-   <!-- submodule from fdfef5b3 to 85337c28b -->
+   <param name="version">5.15.17</param>
-   <param name="version">5.15.18</param>
    <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
    <param name="scm">git</param>
    <param name="filename">qtwebengine-everywhere-src</param>
-   <param name="revision">v5.15.18-lts</param>
+   <param name="revision">v5.15.17-lts</param>
   </service>
   <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
-              <param name="changesrevision">87ceb6a2ef5ee25d56f765dc533728c4ca4787e0</param></service></servicedata>
+              <param name="changesrevision">17fd3176988586168bee8654008a097a5f23ec1d</param></service></servicedata>

libqt5-qtwebengine.changes

@@ -1,63 +1,3 @@
--------------------------------------------------------------------
-Wed Mar 12 08:39:57 UTC 2025 - Fabian Vogt <fvogt@suse.com>
-
-- Add patch to fix the sandbox on 32-bit x86:
-  * sandbox_recvmsg.patch
-
--------------------------------------------------------------------
-Fri Feb 14 16:17:54 UTC 2025 - Christophe Marin <christophe@krop.fr>
-
-- Add patches:
-  * python3.12-imp.patch
-  * python3.12-six.patch
-  * python3.13-pipes.patch
-
--------------------------------------------------------------------
-Tue Dec 03 13:23:13 UTC 2024 - christophe@krop.fr
-
-- Update to version 5.15.18:
-  * Bump version to 5.15.18
-  * Fix build errors with -no-opengl configuration
-  * Fixup "Add option to chose python version for building 5.15 WebEngine"
-  * [Backport] CVE-2024-9602: Type Confusion in V8
-  * [Backport] CVE-2024-9603: Type Confusion in V8
-  * FIXUP: [Backport] CVE-2024-7965: Inappropriate implementation in V8
-  * [Backport] CVE-2024-45492 / Security bug 364778067
-  * [Backport] CVE-2024-9123: Integer overflow in Skia
-  * [Backport] CVE-2024-5158: Type Confusion in V8
-  * [Backport] CVE-2024-7971: Type confusion in V8
-  * [Backport] CVE-2024-4761: Out of bounds write in V8
-  * [Backport] CVE-2024-8636: Heap buffer overflow in Skia
-  * [Backport] CVE-2024-8198: Heap buffer overflow in Skia
-  * [Backport] Security bug 346799730
-  * [Backport] CVE-2024-7967: Heap buffer overflow in Fonts
-  * [Backport] CVE-2024-7965: Inappropriate implementation in V8
-  * [Backport] CVE-2024-7532: Out of bounds memory access in ANGLE
-  * Fix build with GCC 15
-  * [Backport] CVE-2024-7536: Use after free in WebAudio
-  * [Backport] Dependency for CVE-2024-7536
-  * [Backport] Security bug 338574384
-  * [Backport] CVE-2024-6996: Race in Frames
-  * [Backport] CVE-2024-6989: Use after free in Loader
-  * [Backport] CVE-2024-6291: Use after free in Swiftshader
-  * [Backport] CVE-2024-5846: Use after free in PDFium
-  * [Backport] Security bug 340606786
-  * [Backport] CVE-2024-5496: Use after free in Media Session
-  * [Backport] Dependency for CVE-2024-3914
-  * [Backport] Security bug 329699609
-  * [Backport] CVE-2024-3914: Use after free in V8
-  * [Backport] CVE-2024-4558: Use after free in ANGLE
-  * [Backport] Security bug 327698060
-  * [Backport] CVE-2024-4058: Type Confusion in ANGLE
-  * [Backport] Security bug 40940917
-  * [Backport] CVE-2024-3837: Use after free in QUIC
-  * [Backport] CVE-2024-3839: Out of bounds read in Fonts
-  * Fix dependecy when compiling content/browser
-  * [Backport] CVE-2024-3516: Heap buffer overflow in ANGLE
-  * [Backport] CVE-2024-3157: Out of bounds write in Compositing
-  * [Backport] Security bug 329674887
-  * Prevent duplicate definition of blink::ResolveColor in jumbo builds
-
 -------------------------------------------------------------------
 Wed Sep  4 14:27:07 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 

libqt5-qtwebengine.spec

@@ -35,15 +35,15 @@
 %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries
 
 Name:           libqt5-qtwebengine
-Version:        5.15.18
+Version:        5.15.17
 Release:        0
 Summary:        Qt 5 WebEngine Library
 License:        LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
 Group:          Development/Libraries/X11
 URL:            https://www.qt.io
 %define base_name libqt5
-%define real_version 5.15.18
+%define real_version 5.15.17
-%define so_version 5.15.18
+%define so_version 5.15.17
 %define tar_version qtwebengine-everywhere-src-%{version}
 Source:         %{tar_version}.tar.xz
 Source99:       libqt5-qtwebengine-rpmlintrc
@@ -64,12 +64,6 @@ Patch6:         Add-missing-dependencies.patch
 # PATCH-FIX-UPSTREAM -- ICU 75 compatibility
 Patch7:         qt5-webengine-icu-75.patch
 Patch8:         0001-Use-default-constructor-in-place-of-self-delegation-.patch
-# PATCH-FIX-UPSTREAM -- python >= 3.12 compat
-Patch9:         python3.12-imp.patch
-Patch10:        python3.12-six.patch
-Patch11:        python3.13-pipes.patch
-# PATCH-FIX-UPSTREAM https://bugreports.qt.io/browse/QTBUG-57709?focusedId=427082#comment-427082
-Patch12:        sandbox_recvmsg.patch
 ### Patch 50-99 are applied conditionally
 # PATCH-FIX-OPENSUSE -- allow building qtwebengine with ffmpeg5
 Patch50:        qtwebengine-ffmpeg5.patch
@@ -310,10 +304,6 @@ Examples for the libqt5-qtpdf module.
 %patch -P6 -p1
 %patch -P7 -p1
 %patch -P8 -p1
-%patch -P9 -p1
-%patch -P10 -p1
-%patch -P11 -p1
-%patch -P12 -p1
 
 # FFmpeg 5
 %if %{with system_ffmpeg}

python3.12-imp.patch

@@ -1,24 +0,0 @@
-Description: stop using imp module which was removed in Python 3.12
-Origin: upstream, https://chromium.googlesource.com/chromium/src/+/f5f6e361d037c316
-Last-Update: 2024-06-30
-
---- a/src/3rdparty/chromium/mojo/public/tools/mojom/mojom/fileutil.py
-+++ b/src/3rdparty/chromium/mojo/public/tools/mojom/mojom/fileutil.py
-@@ -3,7 +3,6 @@
- # found in the LICENSE file.
- 
- import errno
--import imp
- import os.path
- import sys
- 
---- a/src/3rdparty/chromium/mojo/public/tools/mojom/mojom/parse/lexer.py
-+++ b/src/3rdparty/chromium/mojo/public/tools/mojom/mojom/parse/lexer.py
-@@ -2,7 +2,6 @@
- # Use of this source code is governed by a BSD-style license that can be
- # found in the LICENSE file.
- 
--import imp
- import os.path
- import sys
- 

python3.12-six.patch

@@ -1,56 +0,0 @@
-Description: implement find_spec() for _SixMetaPathImporter
-Origin: upstream, https://github.com/benjaminp/six/commit/25916292d96f5f09
-Last-Update: 2024-03-17
-
---- a/src/3rdparty/chromium/third_party/protobuf/third_party/six/six.py
-+++ b/src/3rdparty/chromium/third_party/protobuf/third_party/six/six.py
-@@ -71,6 +71,11 @@ else:
-             MAXSIZE = int((1 << 63) - 1)
-         del X
- 
-+if PY34:
-+    from importlib.util import spec_from_loader
-+else:
-+    spec_from_loader = None
-+
- 
- def _add_doc(func, doc):
-     """Add documentation to a function."""
-@@ -186,6 +191,11 @@ class _SixMetaPathImporter(object):
-             return self
-         return None
- 
-+    def find_spec(self, fullname, path, target=None):
-+        if fullname in self.known_modules:
-+            return spec_from_loader(fullname, self)
-+        return None
-+
-     def __get_module(self, fullname):
-         try:
-             return self.known_modules[fullname]
---- a/src/3rdparty/chromium/tools/grit/third_party/six/__init__.py
-+++ b/src/3rdparty/chromium/tools/grit/third_party/six/__init__.py
-@@ -71,6 +71,11 @@ else:
-             MAXSIZE = int((1 << 63) - 1)
-         del X
- 
-+if PY34:
-+    from importlib.util import spec_from_loader
-+else:
-+    spec_from_loader = None
-+
- 
- def _add_doc(func, doc):
-     """Add documentation to a function."""
-@@ -186,6 +191,11 @@ class _SixMetaPathImporter(object):
-             return self
-         return None
- 
-+    def find_spec(self, fullname, path, target=None):
-+        if fullname in self.known_modules:
-+            return spec_from_loader(fullname, self)
-+        return None
-+
-     def __get_module(self, fullname):
-         try:
-             return self.known_modules[fullname]

python3.13-pipes.patch

@@ -1,27 +0,0 @@
-Description: replace removed pipes module with shlex
-Origin: upstream, https://chromium.googlesource.com/chromium/src/+/4c6fc1984970af4b
-Last-Update: 2025-01-08
-
---- a/src/3rdparty/chromium/build/android/gyp/util/build_utils.py
-+++ b/src/3rdparty/chromium/build/android/gyp/util/build_utils.py
-@@ -12,8 +12,8 @@ import fnmatch
- import json
- import logging
- import os
--import pipes
- import re
-+import shlex
- import shutil
- import stat
- import subprocess
-@@ -197,8 +197,9 @@ class CalledProcessError(Exception):
-   def __str__(self):
-     # A user should be able to simply copy and paste the command that failed
-     # into their shell.
-+    printed_cmd = shlex.join(self.args)
-     copyable_command = '( cd {}; {} )'.format(os.path.abspath(self.cwd),
--        ' '.join(map(pipes.quote, self.args)))
-+                                              printed_cmd)
-     return 'Command failed: {}\n{}'.format(copyable_command, self.output)
- 
- 

sandbox_recvmsg.patch

@@ -1,74 +0,0 @@
-From: Allan Sandfeld Jensen
-Subject: Allow recvfrom and recvmsg on 32-bit x86
-
-From https://bugreports.qt.io/browse/QTBUG-57709
-
-Edited by fvogt@suse.com to include even more stuff.
-
-Index: qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-===================================================================
---- qtwebengine-everywhere-src-5.15.18.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-+++ qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/syscall_sets.cc
-@@ -363,7 +363,7 @@ bool SyscallSets::IsAllowedOperationOnFd
- #endif
-     case __NR_dup3:
- #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
--    defined(__aarch64__)
-+    defined(__aarch64__) || defined(__i386__)
-     case __NR_shutdown:
- #endif
-       return true;
-@@ -465,7 +465,7 @@ bool SyscallSets::IsAllowedGetOrModifySo
-       return true;
-     default:
- #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
--    defined(__aarch64__)
-+    defined(__aarch64__) || defined(__i386__)
-     case __NR_socketpair:  // We will want to inspect its argument.
- #endif
-       return false;
-@@ -483,6 +483,13 @@ bool SyscallSets::IsDeniedGetOrModifySoc
-     case __NR_socket:
-     case __NR_listen:
-       return true;
-+#elif defined(__i386__)
-+    case __NR_accept4:
-+    case __NR_bind:
-+    case __NR_connect:
-+    case __NR_socket:
-+    case __NR_listen:
-+      return true;
- #endif
-     default:
-       return false;
-@@ -575,7 +582,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
-     case __NR_recv:
- #endif
- #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
--    defined(__aarch64__)
-+    defined(__aarch64__) || defined(__i386__)
-     case __NR_recvfrom:  // Could specify source.
-     case __NR_recvmsg:   // Could specify source.
- #endif
-@@ -590,7 +597,7 @@ bool SyscallSets::IsAllowedGeneralIo(int
-     case __NR_send:
- #endif
- #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
--    defined(__aarch64__)
-+    defined(__aarch64__) || defined(__i386__)
-     case __NR_sendmsg:  // Could specify destination.
-     case __NR_sendto:   // Could specify destination.
- #endif
-Index: qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-===================================================================
---- qtwebengine-everywhere-src-5.15.18.orig/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-+++ qtwebengine-everywhere-src-5.15.18/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
-@@ -249,7 +249,7 @@ ResultExpr EvaluateSyscallImpl(int fs_de
-     return RestrictPrctl();
- 
- #if defined(__x86_64__) || defined(__arm__) || defined(__mips__) || \
--    defined(__aarch64__)
-+    defined(__aarch64__) || defined(__i386__)
-   if (sysno == __NR_socketpair) {
-     // Only allow AF_UNIX, PF_UNIX. Crash if anything else is seen.
-     static_assert(AF_UNIX == PF_UNIX,