Accepting request 945985 from home:cgiboudeaux:qtwebengine-lts

Update to 5.15.8

OBS-URL: https://build.opensuse.org/request/show/945985
OBS-URL: https://build.opensuse.org/package/show/KDE:Qt:5.15/libqt5-qtwebengine?expand=0&rev=35

0001-Fix-build-with-glibc-2.34.patch

@@ -1,54 +0,0 @@
-From 6dc7ed884091eb373f72d53f2b87371cd899378e Mon Sep 17 00:00:00 2001
-From: Christophe Giboudeaux <christophe@krop.fr>
-Date: Wed, 11 Aug 2021 11:39:59 +0200
-Subject: [PATCH] Fix build with glibc 2.34
-
----
- .../abseil-cpp/absl/debugging/failure_signal_handler.cc        | 3 ++-
- .../breakpad/src/client/linux/handler/exception_handler.cc     | 2 +-
- 2 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc
-index d7b5d8c4413..a62cb21bd7a 100644
---- a/src/3rdparty/chromium/sandbox/linux/services/credentials.cc
-+++ b/src/3rdparty/chromium/sandbox/linux/services/credentials.cc
-@@ -98,7 +98,9 @@ bool ChrootToSafeEmptyDir() {
-   // attempt this optimization.
-   clone_flags |= CLONE_VM | CLONE_VFORK | CLONE_SETTLS;
- 
--  char tls_buf[PTHREAD_STACK_MIN] = {0};
-+  const std::size_t pthread_stack_min = PTHREAD_STACK_MIN;
-+  char tls_buf[pthread_stack_min];
-+  memset(tls_buf, 0, pthread_stack_min);
-   tls = tls_buf;
- #endif
- 
-diff --git a/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc b/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc
-index 5d13bdbbbd1..2ed137b58f1 100644
---- a/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc
-+++ b/src/3rdparty/chromium/third_party/abseil-cpp/absl/debugging/failure_signal_handler.cc
-@@ -135,7 +135,8 @@ static bool SetupAlternateStackOnce() {
- #else
-   const size_t page_mask = sysconf(_SC_PAGESIZE) - 1;
- #endif
--  size_t stack_size = (std::max(SIGSTKSZ, 65536) + page_mask) & ~page_mask;
-+  size_t stack_size =
-+      (std::max<size_t>(SIGSTKSZ, 65536) + page_mask) & ~page_mask;
- #if defined(ABSL_HAVE_ADDRESS_SANITIZER) || \
-     defined(ABSL_HAVE_MEMORY_SANITIZER) || defined(ABSL_HAVE_THREAD_SANITIZER)
-   // Account for sanitizer instrumentation requiring additional stack space.
-diff --git a/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc b/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc
-index ca353c40997..2e43ba6fc04 100644
---- a/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc
-+++ b/src/3rdparty/chromium/third_party/breakpad/breakpad/src/client/linux/handler/exception_handler.cc
-@@ -138,7 +138,7 @@ void InstallAlternateStackLocked() {
-   // SIGSTKSZ may be too small to prevent the signal handlers from overrunning
-   // the alternative stack. Ensure that the size of the alternative stack is
-   // large enough.
--  static const unsigned kSigStackSize = std::max(16384, SIGSTKSZ);
-+  static const unsigned kSigStackSize = std::max<size_t>(16384, SIGSTKSZ);
- 
-   // Only set an alternative stack if there isn't already one, or if the current
-   // one is too small.
---
-2.32.0

_service

@@ -1,11 +1,11 @@
 <services>
   <service name="tar_scm" mode="disabled">
    <param name="changesgenerate">enable</param>
-   <param name="version">5.15.7</param>
+   <param name="version">5.15.8</param>
    <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
    <param name="scm">git</param>
    <param name="filename">qtwebengine-everywhere-src</param>
-   <param name="revision">v5.15.7-lts</param>
+   <param name="revision">v5.15.8-lts</param>
   </service>
   <service name="recompress" mode="disabled">
    <param name="file">*.tar</param>

_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">git://code.qt.io/qt/qtwebengine.git</param>
-              <param name="changesrevision">f0a1cb8da24518c03858b85378f9ad82b0603a1a</param></service></servicedata>
+              <param name="changesrevision">96e932d73057c3e705b849249fb02e1837b7576d</param></service></servicedata>

libqt5-qtwebengine.changes

@@ -1,3 +1,70 @@
+-------------------------------------------------------------------
+Tue Jan 04 22:22:01 UTC 2022 - christophe@krop.fr
+
+- Update to version 5.15.8:
+  * Update Chromium:
+    [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow
+    in xmlEncodeEntitiesInternal() in entities.c
+    [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
+    attack bypasses all existing protection mechanisms
+    [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
+    [Backport] CVE-2021-37987 : Use after free in Network APIs
+    [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
+    [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
+    [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
+    [Backport] CVE-2021-37996 : Insufficient validation of untrusted
+    input in Downloads
+    [Backport] CVE-2021-38001 : Type Confusion in V8
+    [Backport] CVE-2021-38003 : Inappropriate implementation in V8
+    [Backport] CVE-2021-38005: Use after free in loader (1/3)
+    [Backport] CVE-2021-38005: Use after free in loader (2/3)
+    [Backport] CVE-2021-38005: Use after free in loader (3/3)
+    [Backport] CVE-2021-38007: Type Confusion in V8
+    [Backport] CVE-2021-38009: Inappropriate implementation in cache
+    [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers
+    [Backport] CVE-2021-38012: Type Confusion in V8
+    [Backport] CVE-2021-38015: Inappropriate implementation in input
+    [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
+    sandbox
+    [Backport] CVE-2021-38018: Inappropriate implementation in navigation
+    [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
+    [Backport] CVE-2021-38021: Inappropriate implementation in referrer
+    [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication
+    [Backport] CVE-2021-4057: Use after free in file API
+    [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
+    [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
+    [Backport] CVE-2021-4059: Insufficient data validation in loader
+    [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
+    [Backport] CVE-2021-4078: Type confusion in V8
+    [Backport] CVE-2021-4079: Out of bounds write in WebRTC
+    [Backport] CVE-2021-4098: Insufficient data validation in Mojo
+    [Backport] CVE-2021-4099: Use after free in Swiftshader
+    [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
+    [Backport] CVE-2021-4102: Use after free in V8
+    [Backport] Dependency for CVE-2021-37989
+    [Backport] Dependency for CVE-2021-38009
+    [Backport] Security bug 1245870
+    [Backport] Security bug 1252858
+    [Backport] Security bug 1259899
+    Bump V8_PATCH_LEVEL
+    Compile with GCC 11 -std=c++20
+    Fix stack overflow on gpu channel recreate with an error
+    Use wglSetPixelFormat directly only if in software mode
+    [Backport] Handle long SIGSTKSZ in glibc > 2.33
+    [Backport] abseil-cpp: Fixes build with latest glibc
+  * Handle qtpdf compilation with static runtime
+  * Add bitcode support for qtpdf on ios
+  * Do not access accessibility from qt post routines
+  * Blacklist javascriptClipboard test on ubuntu 20.04
+  * Re-enable network-service-in-process
+  * Bump version from 5.15.7 to 5.15.8
+  * Update patch level
+  * Fix pinch gesture
+  * Fix leak of properties after XkbRF_GetNamesProp
+  * Fix leak on getDefaultScreeenId
+- Drop patch:
+  * 0001-Fix-build-with-glibc-2.34.patch
+
 -------------------------------------------------------------------
 Fri Oct 29 09:53:05 UTC 2021 - christophe@krop.fr
 

libqt5-qtwebengine.spec

@@ -29,15 +29,15 @@
 %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries
 
 Name:           libqt5-qtwebengine
-Version:        5.15.7
+Version:        5.15.8
 Release:        0
 Summary:        Qt 5 WebEngine Library
 License:        LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only
 Group:          Development/Libraries/X11
 URL:            https://www.qt.io
 %define base_name libqt5
-%define real_version 5.15.7
-%define so_version 5.15.7
+%define real_version 5.15.8
+%define so_version 5.15.8
 %define tar_version qtwebengine-everywhere-src-%{version}
 Source:         %{tar_version}.tar.xz
 # PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration for armv6
@@ -47,8 +47,6 @@ Patch1:         disable-gpu-when-using-nouveau-boo-1005323.diff
 Patch2:         sandbox-statx-futex_time64.patch
 # PATCH-FIX-OPENSUSE
 Patch3:         rtc-dont-use-h264.patch
-# PATCH-FIX-UPSTREAM
-Patch4:         0001-Fix-build-with-glibc-2.34.patch
 # http://www.chromium.org/blink is not ported to PowerPC & s390
 ExcludeArch:    ppc ppc64 ppc64le s390 s390x
 # Try to fix i586 MemoryErrors with rpmlint

qtwebengine-everywhere-src-5.15.7.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3b7360ee119506bb89016f97ee0e5391fa5b3967b542f10092909feeaef460f7
-size 319447784

qtwebengine-everywhere-src-5.15.8.tar.xz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:acb9be08d9ef4ab59274953235c364181aab58d06feb4bff1845d43a70406975
+size 319364220