Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libqt5-qtwebengine for openSUSE:Factory checked in at 2022-01-14 23:12:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old) and /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1892 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtwebengine" Fri Jan 14 23:12:25 2022 rev:75 rq:945986 version:5.15.8 Changes: -------- --- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes 2021-11-03 17:26:00.437328736 +0100 +++ /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1892/libqt5-qtwebengine.changes 2022-01-14 23:12:35.634606775 +0100 @@ -1,0 +2,67 @@ +Tue Jan 04 22:22:01 UTC 2022 - [email protected] + +- Update to version 5.15.8: + * Update Chromium: + [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow + in xmlEncodeEntitiesInternal() in entities.c + [Backport] CVE-2021-3541 libxml2: Exponential entity expansion + attack bypasses all existing protection mechanisms + [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium + [Backport] CVE-2021-37987 : Use after free in Network APIs + [Backport] CVE-2021-37989 : Inappropriate implementation in Blink + [Backport] CVE-2021-37992 : Out of bounds read in WebAudio + [Backport] CVE-2021-37993 : Use after free in PDF Accessibility + [Backport] CVE-2021-37996 : Insufficient validation of untrusted + input in Downloads + [Backport] CVE-2021-38001 : Type Confusion in V8 + [Backport] CVE-2021-38003 : Inappropriate implementation in V8 + [Backport] CVE-2021-38005: Use after free in loader (1/3) + [Backport] CVE-2021-38005: Use after free in loader (2/3) + [Backport] CVE-2021-38005: Use after free in loader (3/3) + [Backport] CVE-2021-38007: Type Confusion in V8 + [Backport] CVE-2021-38009: Inappropriate implementation in cache + [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers + [Backport] CVE-2021-38012: Type Confusion in V8 + [Backport] CVE-2021-38015: Inappropriate implementation in input + [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe + sandbox + [Backport] CVE-2021-38018: Inappropriate implementation in navigation + [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS + [Backport] CVE-2021-38021: Inappropriate implementation in referrer + [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication + [Backport] CVE-2021-4057: Use after free in file API + [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2) + [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2) + [Backport] CVE-2021-4059: Insufficient data validation in loader + [Backport] CVE-2021-4062: Heap buffer overflow in BFCache + [Backport] CVE-2021-4078: Type confusion in V8 + [Backport] CVE-2021-4079: Out of bounds write in WebRTC + [Backport] CVE-2021-4098: Insufficient data validation in Mojo + [Backport] CVE-2021-4099: Use after free in Swiftshader + [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader. + [Backport] CVE-2021-4102: Use after free in V8 + [Backport] Dependency for CVE-2021-37989 + [Backport] Dependency for CVE-2021-38009 + [Backport] Security bug 1245870 + [Backport] Security bug 1252858 + [Backport] Security bug 1259899 + Bump V8_PATCH_LEVEL + Compile with GCC 11 -std=c++20 + Fix stack overflow on gpu channel recreate with an error + Use wglSetPixelFormat directly only if in software mode + [Backport] Handle long SIGSTKSZ in glibc > 2.33 + [Backport] abseil-cpp: Fixes build with latest glibc + * Handle qtpdf compilation with static runtime + * Add bitcode support for qtpdf on ios + * Do not access accessibility from qt post routines + * Blacklist javascriptClipboard test on ubuntu 20.04 + * Re-enable network-service-in-process + * Bump version from 5.15.7 to 5.15.8 + * Update patch level + * Fix pinch gesture + * Fix leak of properties after XkbRF_GetNamesProp + * Fix leak on getDefaultScreeenId +- Drop patch: + * 0001-Fix-build-with-glibc-2.34.patch + +------------------------------------------------------------------- Old: ---- 0001-Fix-build-with-glibc-2.34.patch qtwebengine-everywhere-src-5.15.7.tar.xz New: ---- qtwebengine-everywhere-src-5.15.8.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libqt5-qtwebengine.spec ++++++ --- /var/tmp/diff_new_pack.gK70Gg/_old 2022-01-14 23:12:44.242612324 +0100 +++ /var/tmp/diff_new_pack.gK70Gg/_new 2022-01-14 23:12:44.246612327 +0100 @@ -29,15 +29,15 @@ %global _qtwebengine_dictionaries_dir %{_libqt5_datadir}/qtwebengine_dictionaries Name: libqt5-qtwebengine -Version: 5.15.7 +Version: 5.15.8 Release: 0 Summary: Qt 5 WebEngine Library License: LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only Group: Development/Libraries/X11 URL: https://www.qt.io %define base_name libqt5 -%define real_version 5.15.7 -%define so_version 5.15.7 +%define real_version 5.15.8 +%define so_version 5.15.8 %define tar_version qtwebengine-everywhere-src-%{version} Source: %{tar_version}.tar.xz # PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration for armv6 @@ -47,8 +47,6 @@ Patch2: sandbox-statx-futex_time64.patch # PATCH-FIX-OPENSUSE Patch3: rtc-dont-use-h264.patch -# PATCH-FIX-UPSTREAM -Patch4: 0001-Fix-build-with-glibc-2.34.patch # http://www.chromium.org/blink is not ported to PowerPC & s390 ExcludeArch: ppc ppc64 ppc64le s390 s390x # Try to fix i586 MemoryErrors with rpmlint ++++++ _service ++++++ --- /var/tmp/diff_new_pack.gK70Gg/_old 2022-01-14 23:12:44.286612353 +0100 +++ /var/tmp/diff_new_pack.gK70Gg/_new 2022-01-14 23:12:44.290612355 +0100 @@ -1,11 +1,11 @@ <services> <service name="tar_scm" mode="disabled"> <param name="changesgenerate">enable</param> - <param name="version">5.15.7</param> + <param name="version">5.15.8</param> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> <param name="scm">git</param> <param name="filename">qtwebengine-everywhere-src</param> - <param name="revision">v5.15.7-lts</param> + <param name="revision">v5.15.8-lts</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.gK70Gg/_old 2022-01-14 23:12:44.306612365 +0100 +++ /var/tmp/diff_new_pack.gK70Gg/_new 2022-01-14 23:12:44.310612368 +0100 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">git://code.qt.io/qt/qtwebengine.git</param> - <param name="changesrevision">f0a1cb8da24518c03858b85378f9ad82b0603a1a</param></service></servicedata> + <param name="changesrevision">96e932d73057c3e705b849249fb02e1837b7576d</param></service></servicedata> (No newline at EOF) ++++++ qtwebengine-everywhere-src-5.15.7.tar.xz -> qtwebengine-everywhere-src-5.15.8.tar.xz ++++++ /work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.15.7.tar.xz /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new.1892/qtwebengine-everywhere-src-5.15.8.tar.xz differ: char 15, line 1
