pool/qt6-webengine
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 970816 from KDE:Qt6

Browse Source 
Qt 6.3.0 (forwarded request 970780 from cgiboudeaux)

OBS-URL: https://build.opensuse.org/request/show/970816
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/qt6-webengine?expand=0&rev=8
This commit is contained in:
Dominique Leuenberger 2022-04-20 14:56:12 +00:00 committed by Git OBS Bridge
commit 259ef13b0e
11 changed files with 112 additions and 283 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
0001-Find-GIO-with-QtBase-6.2.patch Normal file
View File

@ -0,0 +1,41 @@
From 7c112f5c613cfc8a93ca3d85ccdab7a38b82a3c3 Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Thu, 3 Feb 2022 15:03:22 +0100
Subject: [PATCH] Find GIO with QtBase 6.2
GLIB2 doesn't find GIO with Qt 6.2, so try adding a fallback.
Pick-to: 6.3
Task-number: QTBUG-100435
Change-Id: Ic98a7aea07b726dc4f6e76a65669ca92b1916b5c
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
---
src/core/api/configure.cmake | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/core/api/configure.cmake b/src/core/api/configure.cmake
index 231eaa8d2..a9dd9eb09 100644
--- a/src/core/api/configure.cmake
+++ b/src/core/api/configure.cmake
@@ -8,6 +8,9 @@ if(NOT QT_CONFIGURE_RUNNING)
pkg_check_modules(ALSA alsa IMPORTED_TARGET)
pkg_check_modules(PULSEAUDIO libpulse>=0.9.10 libpulse-mainloop-glib)
pkg_check_modules(XDAMAGE xdamage)
+ if(NOT GIO_FOUND)
+ pkg_check_modules(GIO gio-2.0)
+ endif()
endif()
find_package(Qt6 ${PROJECT_VERSION} CONFIG QUIET
@@ -111,7 +114,7 @@ qt_feature("webengine-webrtc-pipewire" PRIVATE
LABEL "PipeWire over GIO"
PURPOSE "Provides PipeWire support in WebRTC using GIO."
AUTODETECT false
- CONDITION QT_FEATURE_webengine_webrtc AND TARGET GLIB2::GIO
+ CONDITION QT_FEATURE_webengine_webrtc AND GIO_FOUND
)
qt_feature("webengine-full-debug-info" PRIVATE
SECTION "WebEngine"
--
2.35.1

22
0001-Fix-build-with-glibc-2.34.patch
View File

@ -1,22 +0,0 @@
From 6dc7ed884091eb373f72d53f2b87371cd899378e Mon Sep 17 00:00:00 2001
From: Christophe Giboudeaux <christophe@krop.fr>
Date: Wed, 11 Aug 2021 11:39:59 +0200
Subject: [PATCH] Fix build with glibc 2.34
diff --git a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc
index d7b5d8c4413..a62cb21bd7a 100644
--- a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc
+++ b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc
@@ -98,7 +98,9 @@ bool ChrootToSafeEmptyDir() {
// attempt this optimization.
clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS;
- char tls_buf[PTHREAD_STACK_MIN] = {0};
+ const std::size_t pthread_stack_min = PTHREAD_STACK_MIN;
+ char tls_buf[pthread_stack_min];
+ memset(tls_buf, 0, pthread_stack_min);
tls = tls_buf;
#endif
--
2.32.0

157
CVE-2022-0971-qtwebengine-5.15.patch
View File

@ -1,157 +0,0 @@
From d13d0924c4e18ecc4b79adf0fec142ee9a9eaa14 Mon Sep 17 00:00:00 2001
From: "liberato@chromium.org" <liberato@chromium.org>
Date: Mon, 7 Mar 2022 20:17:13 +0000
Subject: [Backport] CVE-2022-0971
Don't use a deleted RenderFrameHost.
Since we do not check for frame liveness, a RenderFrameHost might be
deleted (in the use-after-free sense) without another call to
RenderFrameDeleted. So, WeakPtr it to avoid these cases.
Bug: 1299422
Task-number: QTBUG-101946
Change-Id: Ie4fe85f88ef80f4e4c3d0452397c0e5050ed881c
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
.../display_cutout/display_cutout_host_impl.cc | 29 +++++++++++++---------
.../display_cutout/display_cutout_host_impl.h | 10 ++++++--
2 files changed, 25 insertions(+), 14 deletions(-)
diff --git a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc
index 1640ec83489..8f89cc24b5f 100644
--- a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc
+++ b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.cc
@@ -5,6 +5,7 @@
#include "content/browser/display_cutout/display_cutout_host_impl.h"
#include "content/browser/display_cutout/display_cutout_constants.h"
+#include "content/browser/renderer_host/render_frame_host_impl.h"
#include "content/browser/web_contents/web_contents_impl.h"
#include "content/public/browser/navigation_handle.h"
#include "mojo/public/cpp/bindings/associated_remote.h"
@@ -33,7 +34,7 @@ void DisplayCutoutHostImpl::ViewportFitChangedForFrame(
// If we are the current |RenderFrameHost| frame then notify
// WebContentsObservers about the new value.
- if (current_rfh_ == rfh)
+ if (current_rfh_.get() == rfh)
web_contents_impl_->NotifyViewportFitChanged(value);
MaybeQueueUKMEvent(rfh);
@@ -60,7 +61,9 @@ void DisplayCutoutHostImpl::DidFinishNavigation(
// If we finish a main frame navigation and the |WebDisplayMode| is
// fullscreen then we should make the main frame the current
- // |RenderFrameHost|.
+ // |RenderFrameHost|. Note that this is probably not correct; we do not check
+ // that the navigation completed successfully, nor do we check if the main
+ // frame is still IsRenderFrameLive().
blink::mojom::DisplayMode mode = web_contents_impl_->GetDisplayMode();
if (mode == blink::mojom::DisplayMode::kFullscreen)
SetCurrentRenderFrameHost(web_contents_impl_->GetMainFrame());
@@ -70,7 +73,7 @@ void DisplayCutoutHostImpl::RenderFrameDeleted(RenderFrameHost* rfh) {
values_.erase(rfh);
// If we were the current |RenderFrameHost| then we should clear that.
- if (current_rfh_ == rfh)
+ if (current_rfh_.get() == rfh)
SetCurrentRenderFrameHost(nullptr);
}
@@ -87,7 +90,7 @@ void DisplayCutoutHostImpl::SetDisplayCutoutSafeArea(gfx::Insets insets) {
insets_ = insets;
if (current_rfh_)
- SendSafeAreaToFrame(current_rfh_, insets);
+ SendSafeAreaToFrame(current_rfh_.get(), insets);
// If we have a pending UKM event on the top of the stack that is |kAllowed|
// and we have a |current_rfh_| then we should update that UKM event as it
@@ -100,26 +103,28 @@ void DisplayCutoutHostImpl::SetDisplayCutoutSafeArea(gfx::Insets insets) {
}
void DisplayCutoutHostImpl::SetCurrentRenderFrameHost(RenderFrameHost* rfh) {
- if (current_rfh_ == rfh)
+ if (current_rfh_.get() == rfh)
return;
// If we had a previous frame then we should clear the insets on that frame.
if (current_rfh_)
- SendSafeAreaToFrame(current_rfh_, gfx::Insets());
-
- // Update the |current_rfh_| with the new frame.
- current_rfh_ = rfh;
+ SendSafeAreaToFrame(current_rfh_.get(), gfx::Insets());
// If the new RenderFrameHost is nullptr we should stop here and notify
// observers that the new viewport fit is kAuto (the default).
if (!rfh) {
+ current_rfh_ = nullptr;
web_contents_impl_->NotifyViewportFitChanged(
blink::mojom::ViewportFit::kAuto);
return;
}
+
+ // Update the |current_rfh_| with the new frame.
+ current_rfh_ = static_cast<RenderFrameHostImpl*>(rfh)->GetWeakPtr();
+
// Record a UKM event for the new frame.
- MaybeQueueUKMEvent(current_rfh_);
+ MaybeQueueUKMEvent(current_rfh_.get());
// Send the current safe area to the new frame.
SendSafeAreaToFrame(rfh, insets_);
@@ -159,11 +164,11 @@ void DisplayCutoutHostImpl::MaybeQueueUKMEvent(RenderFrameHost* frame) {
blink::mojom::ViewportFit supplied_value = GetValueOrDefault(frame);
if (supplied_value == blink::mojom::ViewportFit::kAuto)
return;
- blink::mojom::ViewportFit applied_value = GetValueOrDefault(current_rfh_);
+ blink::mojom::ViewportFit applied_value = GetValueOrDefault(current_rfh_.get());
// Set the reason why this frame is not the current frame.
int ignored_reason = DisplayCutoutIgnoredReason::kAllowed;
- if (current_rfh_ != frame) {
+ if (current_rfh_.get() != frame) {
ignored_reason =
current_rfh_ == nullptr
? DisplayCutoutIgnoredReason::kWebContentsNotFullscreen
diff --git a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h
index 56081029df0..2477a4bcd7d 100644
--- a/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h
+++ b/src/3rdparty/chromium/content/browser/display_cutout/display_cutout_host_impl.h
@@ -5,12 +5,15 @@
#ifndef CONTENT_BROWSER_DISPLAY_CUTOUT_DISPLAY_CUTOUT_HOST_IMPL_H_
#define CONTENT_BROWSER_DISPLAY_CUTOUT_DISPLAY_CUTOUT_HOST_IMPL_H_
+#include "base/memory/weak_ptr.h"
#include "content/public/browser/web_contents_observer.h"
#include "content/public/browser/web_contents_receiver_set.h"
#include "third_party/blink/public/mojom/page/display_cutout.mojom.h"
namespace content {
+class RenderFrameHostImpl;
+
class DisplayCutoutHostImpl : public blink::mojom::DisplayCutoutHost {
public:
explicit DisplayCutoutHostImpl(WebContentsImpl*);
@@ -74,8 +77,11 @@ class DisplayCutoutHostImpl : public blink::mojom::DisplayCutoutHost {
gfx::Insets insets_;
// Stores the current |RenderFrameHost| that has the applied safe area insets
- // and is controlling the viewport fit value.
- RenderFrameHost* current_rfh_ = nullptr;
+ // and is controlling the viewport fit value. This value is different than
+ // `WebContentsImpl::current_fullscreen_frame_` because it also considers
+ // browser side driven fullscreen mode, not just renderer side requested
+ // frames.
+ base::WeakPtr<RenderFrameHostImpl> current_rfh_;
// Stores a map of RenderFrameHosts and their current viewport fit values.
std::map<RenderFrameHost*, blink::mojom::ViewportFit> values_;
--
cgit v1.2.1

33
CVE-2022-1096-qtwebengine-6.2.patch
View File

@ -1,33 +0,0 @@
From: Allan Sandfeld Jensen <allan.jensen@qt.io>
Date: Tue, 29 Mar 2022 17:31:58 +0200
Subject: [Backport] CVE-2022-1096
[runtime] Fix handling of interceptors
--- a/src/3rdparty/chromium/v8/src/objects/objects.cc
+++ b/src/3rdparty/chromium/v8/src/objects/objects.cc
@@ -2513,6 +2513,12 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
Maybe<bool> result =
JSObject::SetPropertyWithInterceptor(it, should_throw, value);
if (result.IsNothing() || result.FromJust()) return result;
+ // Assuming that the callback have side effects, we use
+ // Object::SetSuperProperty() which works properly regardless on
+ // whether the property was present on the receiver or not when
+ // storing to the receiver.
+ // Proceed lookup from the next state.
+ it->Next();
} else {
Maybe<PropertyAttributes> maybe_attributes =
JSObject::GetPropertyAttributesWithInterceptor(it);
@@ -2533,10 +2539,8 @@ Maybe<bool> Object::SetPropertyInternal(LookupIterator* it,
// property to the receiver.
it->NotFound();
}
- return Object::SetSuperProperty(it, value, store_origin,
- should_throw);
}
- break;
+ return Object::SetSuperProperty(it, value, store_origin, should_throw);
}
case LookupIterator::ACCESSOR: {

15
_constraints
View File

@ -26,28 +26,17 @@
</memory>
</hardware>
</overwrite>
<overwrite>
<conditions>
<arch>armv6l</arch>
<arch>armv7l</arch>
</conditions>
<hardware>
<memory>
<size unit="G">10</size>
</memory>
</hardware>
</overwrite>
<overwrite>
<conditions>
<package>qt6-webengine:docs</package>
</conditions>
<hardware>
<disk>
<size unit="G">7</size>
<size unit="G">2</size>
</disk>
<memory>
<size unit="G">2</size>
</memory>
</hardware>
</overwrite>
</constraints>
</constraints>

23
qt6-webengine.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Fri Apr 8 11:57:03 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
- Update to 6.3.0:
* https://www.qt.io/blog/qt-6.3-released
- Drop patches, now upstream:
* CVE-2022-0971-qtwebengine-5.15.patch
* CVE-2022-1096-qtwebengine-6.2.patch
-------------------------------------------------------------------
Mon Apr 4 20:41:16 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
@ -5,6 +14,20 @@ Mon Apr 4 20:41:16 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
* CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163)
* CVE-2022-1096-qtwebengine-6.2.patch (CVE-2022-1096, boo#1197552)
-------------------------------------------------------------------
Tue Mar 29 12:28:44 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>
- Update to 6.3.0-rc
- Drop patches, fixed upstream:
* Drop sandbox-statx-futex_time64.patch
* 0001-Fix-build-with-glibc-2.34.patch
- Add upstream changes:
* qtwebengine-icu70.patch
* 0001-Find-GIO-with-QtBase-6.2.patch
- Disable build on 32 bits archs (i586, armv7l)
Build fails (QTBUG-102143) and upstream doesn't support 32 bits
archs.
-------------------------------------------------------------------
Mon Mar 21 08:46:39 UTC 2022 - Christophe Giboudeaux <christophe@krop.fr>

26
qt6-webengine.spec
View File

@ -16,8 +16,8 @@
#
%define real_version 6.2.4
%define short_version 6.2
%define real_version 6.3.0
%define short_version 6.3
%define tar_name qtwebengine-everywhere-src
%define tar_suffix %{nil}
#
@ -42,7 +42,7 @@
%bcond_without system_minizip
#
Name: qt6-webengine%{?pkg_suffix}
Version: 6.2.4
Version: 6.3.0
Release: 0
Summary: Web browser engine for Qt applications
License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
@ -50,21 +50,19 @@ URL: https://www.qt.io
Source: https://download.qt.io/official_releases/qt/%{short_version}/%{real_version}%{tar_suffix}/submodules/%{tar_name}-%{real_version}%{tar_suffix}.tar.xz
Source99: qt6-webengine-rpmlintrc
# Patches 0-100 are upstream patches #
Patch0: CVE-2022-0971-qtwebengine-5.15.patch
Patch1: CVE-2022-1096-qtwebengine-6.2.patch
Patch0: qtwebengine-icu70.patch
Patch1: 0001-Find-GIO-with-QtBase-6.2.patch
# Patches 100-200 are openSUSE and/or non-upstream(able) patches #
Patch100: rtc-dont-use-h264.patch
Patch101: sandbox-statx-futex_time64.patch
# PATCH-FIX-UPSTREAM
Patch102: 0001-Fix-build-with-glibc-2.34.patch
# PATCH-FIX-OPENSUSE -- disable-gpu-when-using-nouveau-boo-1005323.diff
# PATCH-NEEDS-REBASE
%if 0
Patch103: disable-gpu-when-using-nouveau-boo-1005323.diff
Patch101: disable-gpu-when-using-nouveau-boo-1005323.diff
%endif
#
# Chromium/blink don't support all archs
ExclusiveArch: %{arm} aarch64 %{ix86} x86_64 %{mips} %{riscv}
# Chromium/blink don't support PowerPC and zSystems and build fails on
# 32 bits archs (https://bugreports.qt.io/browse/QTBUG-102143)
ExclusiveArch: aarch64 x86_64 riscv64
BuildRequires: Mesa-KHR-devel
BuildRequires: bison
# Not pulled automatically on Leap
@ -75,17 +73,13 @@ BuildRequires: krb5-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel >= 1.6.0
BuildRequires: memory-constraints
# nodejs-default doesn't exist on Leap 15.2
%if 0%{?suse_version} == 1500 && 0%{?sle_version} == 150200
BuildRequires: nodejs-common
%else
BuildRequires: nodejs-default
%endif
BuildRequires: pipewire-devel
BuildRequires: pkgconfig
BuildRequires: python
BuildRequires: python-devel
BuildRequires: python-xml
BuildRequires: python3-html5lib
BuildRequires: qt6-core-private-devel
BuildRequires: qt6-gui-private-devel
BuildRequires: qt6-qml-private-devel

3
qtwebengine-everywhere-src-6.2.4.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2e3e96b7a0335b1f683fecf8863ff2930b1bed4df00ce2ff064fa26d0a49e2b1
size 369689936

3
qtwebengine-everywhere-src-6.3.0.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:2001b45dd81dcb7ad1bc6cf1aa32f2eca5367a11fed49656053c75676c4d093d
size 398524616

33
qtwebengine-icu70.patch Normal file
View File

@ -0,0 +1,33 @@
From 75f0f4eb1e4f2823c39fe27137f78ac2c10bc293 Mon Sep 17 00:00:00 2001
From: Kirill Burtsev <kirill.burtsev@qt.io>
Date: Thu, 31 Mar 2022 19:45:39 +0200
Subject: [PATCH] [FIXUP] Fix compilation with system ICU
As of chromium 92.0.4480.0 after a set of fixes ending with a
https://chromium-review.googlesource.com/c/chromium/src/+/2830820
the need to override UCHAR_TYPE was dropped with the result that
codebase is ready for default 'char16_t'. Override was already dropped
for 98-based, which already builds fine for system ICU 70.1
Task-number: QTBUG-100495
Change-Id: I0e6d422f77b77015840647b52247f51736dd8a41
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
diff --git a/src/3rdparty/chromium/third_party/icu/BUILD.gn b/src/3rdparty/chromium/third_party/icu/BUILD.gn
index d5b1361..269de02 100644
--- a/src/3rdparty/chromium/third_party/icu/BUILD.gn
+++ b/src/3rdparty/chromium/third_party/icu/BUILD.gn
@@ -410,12 +410,6 @@
"USING_SYSTEM_ICU=1",
"ICU_UTIL_DATA_IMPL=ICU_UTIL_DATA_STATIC",
]
-
- if (is_win) {
- defines += [ "UCHAR_TYPE=wchar_t" ]
- } else {
- defines += [ "UCHAR_TYPE=uint16_t" ]
- }
}
if (use_system_icu) {

39
sandbox-statx-futex_time64.patch
View File

@ -1,39 +0,0 @@
From: Fabian Vogt <fabian@ritter-vogt.de>
Subject: Sandbox: Handle statx and futex_time64
glibc uses statx in some more places now (e.g stat64 -> __fstatat64_time64),
but it's caught by the sandbox, which doesn't handle it and breaks.
Return -ENOSYS instead to trigger the fallback in glibc.
futex_time64 is also used internally in glibc, so handle that as well.
The signature is identical where it matters.
diff --git a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
index 6f7768f7d..b3335e2bf 100644
--- a/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
+++ b/src/3rdparty/chromium/sandbox/linux/seccomp-bpf-helpers/baseline_policy.cc
@@ -203,6 +203,11 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
if (sysno == __NR_futex)
return RestrictFutex();
+#if defined(__NR_futex_time64)
+ if (sysno == __NR_futex_time64)
+ return RestrictFutex();
+#endif
+
if (sysno == __NR_set_robust_list)
return Error(EPERM);
@@ -283,6 +288,12 @@ ResultExpr EvaluateSyscallImpl(int fs_denied_errno,
return RewriteFstatatSIGSYS(fs_denied_errno);
}
+#if defined(__NR_statx)
+ if (sysno == __NR_statx) {
+ return Error(ENOSYS);
+ }
+#endif
+
if (SyscallSets::IsFileSystem(sysno) ||
SyscallSets::IsCurrentDirectory(sysno)) {
return Error(fs_denied_errno);