Hello community,
here is the log from the commit of package libqt5-qtwebengine for
openSUSE:Factory checked in at 2018-03-24 16:13:06
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libqt5-qtwebengine (Old)
and /work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libqt5-qtwebengine"
Sat Mar 24 16:13:06 2018 rev:31 rq:590634 version:5.10.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/libqt5-qtwebengine/libqt5-qtwebengine.changes
2018-02-06 16:41:22.365915627 +0100
+++
/work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new/libqt5-qtwebengine.changes
2018-03-24 16:13:07.780364956 +0100
@@ -1,0 +2,26 @@
+Fri Mar 23 08:14:18 UTC 2018 - [email protected]
+
+- Also adjust the minimum versions of the private-headers-devel
+ subpackage's requirements
+
+-------------------------------------------------------------------
+Thu Mar 22 22:40:32 UTC 2018 - [email protected]
+
+- Apply a fix to make QtWE-using applications actually compile against it
+
+-------------------------------------------------------------------
+Sun Mar 18 22:57:09 UTC 2018 - [email protected]
+
+- Forward-port security backports from 5.9.5 LTS (up to Chromium 65.0.3325.146)
+ * qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch from Fedora
+ * qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch from Fedora
+
+-------------------------------------------------------------------
+Wed Feb 14 15:47:56 CET 2018 - [email protected]
+
+- Update to 5.10.1
+ * New bugfix release
+ * For more details please see:
+ *
http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.10.1/?h=v5.10.1
+
+-------------------------------------------------------------------
Old:
----
qtwebengine-everywhere-src-5.10.0.tar.xz
New:
----
qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch
qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch
qtwebengine-everywhere-src-5.10.1.tar.xz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libqt5-qtwebengine.spec ++++++
--- /var/tmp/diff_new_pack.5ZwVeq/_old 2018-03-24 16:13:35.295373093 +0100
+++ /var/tmp/diff_new_pack.5ZwVeq/_new 2018-03-24 16:13:35.295373093 +0100
@@ -50,22 +50,27 @@
%endif
Name: libqt5-qtwebengine
-Version: 5.10.0
+Version: 5.10.1
Release: 0
Summary: Qt 5 WebEngine Library
License: LGPL-2.1-with-Qt-Company-Qt-exception-1.1 or
LGPL-3.0-with-Qt-Company-Qt-exception-1.1
Group: Development/Libraries/X11
Url: https://www.qt.io
%define base_name libqt5
-%define real_version 5.10.0
-%define so_version 5.10.0
-%define tar_version qtwebengine-everywhere-src-5.10.0
+%define real_version 5.10.1
+%define so_version 5.10.1
+%define tar_version qtwebengine-everywhere-src-5.10.1
Source:
https://download.qt.io/official_releases/qt/5.10/%{real_version}/submodules/%{tar_version}.tar.xz
Source1: baselibs.conf
# PATCH-FIX-UPSTREAM armv6-ffmpeg-no-thumb.patch - Fix ffmpeg configuration
for armv6
Patch1: armv6-ffmpeg-no-thumb.patch
# PATCH-FIX-UPSTREAM disable-gpu-when-using-nouveau-boo-1005323.diff
Patch2: disable-gpu-when-using-nouveau-boo-1005323.diff
+# PATCH-FIX-UPSTREAM qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch
+# - forward-port security backports from 5.9.5 LTS (up to Chromium
65.0.3325.146)
+# see the patch metadata for the list of fixed CVEs and Chromium bug IDs
+Patch3: qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch
+Patch4: qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch
# PATCH-FIX-UPSTREAM harmony-fix.diff -- Show the patent-free LCD rendering.
Without this patch, only grayscale rendering is used. (for freetype-2.8.1)
boo#1061344
Patch5: harmony-fix.diff
# http://www.chromium.org/blink not ported to PowerPC
@@ -87,12 +92,12 @@
BuildRequires: libicu-devel
BuildRequires: libjpeg-devel
BuildRequires: libpng-devel
-BuildRequires: libqt5-qtbase-private-headers-devel >= %{version}
-BuildRequires: libqt5-qtdeclarative-private-headers-devel >= %{version}
-BuildRequires: libqt5-qttools-private-headers-devel >= %{version}
-BuildRequires: libqt5-qtlocation-private-headers-devel >= %{version}
-BuildRequires: libqt5-qtwebchannel-private-headers-devel >= %{version}
-BuildRequires: libqt5-qtxmlpatterns-private-headers-devel >= %{version}
+BuildRequires: libqt5-qtbase-private-headers-devel >= 5.9
+BuildRequires: libqt5-qtdeclarative-private-headers-devel >= 5.9
+BuildRequires: libqt5-qttools-private-headers-devel >= 5.9
+BuildRequires: libqt5-qtlocation-private-headers-devel >= 5.9
+BuildRequires: libqt5-qtwebchannel-private-headers-devel >= 5.9
+BuildRequires: libqt5-qtxmlpatterns-private-headers-devel >= 5.9
BuildRequires: libQt5QuickControls2-devel
BuildRequires: pam-devel
BuildRequires: pciutils-devel
@@ -103,6 +108,7 @@
BuildRequires: python-xml
BuildRequires: re2c
BuildRequires: re2-devel
+BuildRequires: sed
BuildRequires: snappy-devel
BuildRequires: sqlite3-devel
BuildRequires: update-desktop-files
@@ -219,8 +225,8 @@
Group: Development/Libraries/C and C++
BuildArch: noarch
Requires: %{name}-devel = %{version}
-Requires: libqt5-qtbase-private-headers-devel >= %{version}
-Requires: libqt5-qtdeclarative-private-headers-devel >= %{version}
+%requires_ge libqt5-qtbase-private-headers-devel
+%requires_ge libqt5-qtdeclarative-private-headers-devel
%description private-headers-devel
This package provides private headers of libqt5-qtwebengine that are normally
@@ -242,6 +248,8 @@
sed -i 's|$(STRIP)|strip|g' src/core/core_module.pro
%patch1 -p1
%patch2 -p1
+%patch3 -p1
+%patch4 -p1
%patch5 -p1
# QTBUG-61128
sed -i -e '/toolprefix = /d' -e 's/\${toolprefix}//g' \
@@ -310,6 +318,15 @@
# webenginecore expects icudatl.dat at this location
# ln -sf %{_datadir}/icu/*/icudt*l.dat %{buildroot}%{_datadir}/qt5/icudtl.dat
+# ---------- Workarounds for older Qt versions ---------
+## adjust cmake dep(s) to allow for using the same Qt5 that was used to build
it
+sed -i -r '/ EXACT\)/d' \
+ %{buildroot}%{_libqt5_libdir}/cmake/Qt5WebEngine*/Qt5WebEngine*Config.cmake
+
+sed -i '/find_package/!b;n;s/'%{version}/$(rpm -q --qf %%{version}
libQt5Core5)/ \
+ %{buildroot}%{_libqt5_libdir}/cmake/Qt5WebEngine*/Qt5WebEngine*Config.cmake
+# ------------------------------------------------------
+
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
++++++ qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch ++++++
>From 1fd21185614dcae0c7a6e5647ba56cff0120f563 Mon Sep 17 00:00:00 2001
Message-Id:
<1fd21185614dcae0c7a6e5647ba56cff0120f563.1521386919.git.kevin.kof...@chello.at>
From: Michal Klocek <[email protected]>
Date: Wed, 7 Mar 2018 18:36:25 +0100
Subject: [PATCH] Implement IsMostRecentDownloadItemAtFilePath call
Implement IsMostRecentDownloadItemAtFilePath
for download_manager_delegate_qt. This is required for
CVE-2018-6033.
Change-Id: I9f48dfa159d684f0fda894e68b81ff622aceaae2
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
---
src/core/download_manager_delegate_qt.cpp | 20 ++++++++++++++++++++
src/core/download_manager_delegate_qt.h | 2 ++
2 files changed, 22 insertions(+)
diff --git a/src/core/download_manager_delegate_qt.cpp
b/src/core/download_manager_delegate_qt.cpp
index 40df9b3a..487a831e 100644
--- a/src/core/download_manager_delegate_qt.cpp
+++ b/src/core/download_manager_delegate_qt.cpp
@@ -293,6 +293,26 @@ void
DownloadManagerDelegateQt::ChooseSavePath(content::WebContents *web_content
m_weakPtrFactory.GetWeakPtr()));
}
+bool
DownloadManagerDelegateQt::IsMostRecentDownloadItemAtFilePath(content::DownloadItem
*download)
+{
+ content::BrowserContext *context = download->GetBrowserContext();
+ std::vector<content::DownloadItem*> all_downloads;
+
+ content::DownloadManager* manager =
+ content::BrowserContext::GetDownloadManager(context);
+ if (manager)
+ manager->GetAllDownloads(&all_downloads);
+
+ for (const auto* item : all_downloads) {
+ if (item->GetGuid() == download->GetGuid() ||
+ item->GetTargetFilePath() != download->GetTargetFilePath())
+ continue;
+ if (item->GetState() == content::DownloadItem::IN_PROGRESS)
+ return false;
+ }
+ return true;
+}
+
void
DownloadManagerDelegateQt::savePackageDownloadCreated(content::DownloadItem
*item)
{
OnDownloadUpdated(item);
diff --git a/src/core/download_manager_delegate_qt.h
b/src/core/download_manager_delegate_qt.h
index df43211e..7563d5d3 100644
--- a/src/core/download_manager_delegate_qt.h
+++ b/src/core/download_manager_delegate_qt.h
@@ -81,6 +81,8 @@ public:
const base::FilePath::StringType &default_extension,
bool can_save_as_complete,
const content::SavePackagePathPickedCallback
&callback) override;
+ bool IsMostRecentDownloadItemAtFilePath(content::DownloadItem* download)
override;
+
void cancelDownload(quint32 downloadId);
void pauseDownload(quint32 downloadId);
--
2.14.3
++++++ qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch ++++++
++++ 1245 lines (skipped)
++++++ qtwebengine-everywhere-src-5.10.0.tar.xz ->
qtwebengine-everywhere-src-5.10.1.tar.xz ++++++
/work/SRC/openSUSE:Factory/libqt5-qtwebengine/qtwebengine-everywhere-src-5.10.0.tar.xz
/work/SRC/openSUSE:Factory/.libqt5-qtwebengine.new/qtwebengine-everywhere-src-5.10.1.tar.xz
differ: char 26, line 1
