* Wed Mar 24 2021 christophe@krop.fr
- Update to version 5.15.3:
* Fix spelling and coding style
* Fix new view request handling (QTBUG-87378)
* Fix getDefaultScreenId on X11
* Fix flaky tst_QWebEngineView::textSelectionOutOfInputField test
* Move touch input tests to separate testcase
* Add touch input tests for scrolling and pinch zooming
* Fix rare duplicate ids forming in touch point id's mapping
* Use the module's version number for QtWebEngineProcess
* Touch handling: provide id mapping without modifying TouchPoint instance
(QTBUG-88001)
* Touch handling: fix mapped ids cleanup for TouchCancel event
* et custom headers from QWebEngineUrlRequestInfo before triggering redirect
(QTBUG-88861)
* Forward modifier flags for lock keys (QTBUG-89001)
* Fix handling of more than one finger for touch event (QTBUG-86389)
* Stabilize load signals emitting (QTBUG-65223, QTBUG-87089)
* Fix building against 5.12 on most CIs
* Update minimum HarfBuzz version to 2.4.0 (QTBUG-88976)
* Fix building against Qt 5.14
* Migrate user script IPC to mojo
* Fix crashes in user resource controller when single process
* Minor. Fix namespace for user resource controller
* Minor. RenderThreadObserverQt is really a RenderConfiguration
* Remove RenderViewObserverHelper from UserResourceController
* Cache mojo interface bindings to UserResourceControllerRenderFrame
* Cache mojo interface bindings for WebChannelIPCTransport
* Migrate render_view_observer_qt to mojo
* Fix crash on linkedin.com (QTBUG-89740)
* Suppress error pages also for http errors if they are disabled
* Fix leak in QQuickWebEngineViewPrivate::contextMenuRequested
* Register PerformanceNode early enough
* Quiet log on webrtc usage
* Remove configure option that doesn't work
* Remove Java build dependency
* Fix blank popups in qml (QTBUG-86034)
* Fix position of popup on qml (QTBUG-86034, QTBUG-89358)
* Enable hangout services extension (QTBUG-85731)
* Allow to fallback to default locale for non existent data packs (QTBUG-90490)
* Support devtools close button
* Do not extract download file names from certain url schemes (QTBUG-90355)
* Leave room for the null-termination byte when checking remote drive path
(QTBUG-90347)
* Do not set open files limit for linking if not necessary
* Remove even more remains of non network service code
* Add back prefers-color-scheme support (QTBUG-89753)
* Start supporting chrome.resourcesPrivate API (QTBUG-90035)
* Enable chrome://user-actions WebUI
* Remove remains of chrome://flash
* Fix loadFinished signal if page has content but server sends HTTP error
(QTBUG-90517)
* Fix devtools page resource loading as raw data instead of html string
* Remove frame metadata observer (RenderWidgetHostViewQt) on destroy
* Resolve installed interceptors right before interception point (QTBUG-86286)
* Update searches faster
* Remove more leftovers of the old compositor
* Enable webrtc logging and the corresponding WebUI
* Support mips64el platform CPU(loongson 3A4000)
* Add tracing UI resources
* Fix crash on meet.google.com
* Fix mad popup qquickwindows on wayland
* Fix crashes on BrowserContext destruction
* Fix crash on exit in quicknanobrowser when popup
* Remove QtPdf dependency on nss at build-time
* Avoid accessing profileAdapter when profile is shutting down (QTBUG-91187)
* Do not flush messages form profile destructor
* Ignore QQuickWebEngineNewViewRequest if it is unhandled
* Fix ScopedGLContextChecker with QTWEBENGINE_DISABLE_GPU_THREAD=1
* Don't send duplicate load progress values
* Fix neon support in libpng
* Do not call deprecated profile interceptor on ui thread (QTBUG-86267)
* Add certificate error message for ERR_SSL_OBSOLETE_VERSION
* Fix assert in WebContentsAdapter::devToolsFrontendDestroyed
* Avoid to reject a certificate error twice in Quick
* Fix PDF viewer plugin
* FIXUP: Fix swap condition in DisplayGLOutputSurface::updatePaintNode
(QTBUG-86599)
* Fix favicon engine under device pixel scaling
* Do not pass a native keycode matching the menu key when it is remapped
(QTBUG-86672)
* Optimize WebEngineSettings::testAttribute
* Warn about QtWebengineProcess launching from network share (QTBUG-84632)
* Handle non-ascii names for pulseaudio (QTBUG-85363)
* Do not set audio device for desktop capture if audio loopback is unsupported
* Fix new view request handling (QTBUG-87378)
* Fix getDefaultScreenId on X11
* Touch handling: provide id mapping without modifying TouchPoint instance
(QTBUG-88001)
* Set custom headers from QWebEngineUrlRequestInfo before triggering redirect
(QTBUG-88861)
* Stabilize load signals emitting (QTBUG-65223)
- CVE fixes backported in chromium updates:
* CVE-2020-16044: Use after free in WebRTC
* CVE-2021-21118: Heap buffer overflow in Blink
* CVE-2021-21119: Use after free in Media
* CVE-2021-21120: Use after free in WebSQL
* CVE-2021-21121: Use after free in Omnibox
* CVE-2021-21122: Use after free in Blink
* CVE-2021-21123: Insufficient data validation in File System API
* CVE-2021-21125: Insufficient policy enforcement in File System API
* CVE-2021-21126: Insufficient policy enforcement in extensions
* CVE-2021-21127: Insufficient policy enforcement in extensions
* CVE-2021-21128: Heap buffer overflow in Blink
* CVE-2021-21129: Insufficient policy enforcement in File System API
* CVE-2021-21130: Insufficient policy enforcement in File System API
* CVE-2021-21131: Insufficient policy enforcement in File System API
* CVE-2021-21132: Inappropriate implementation in DevTools
* CVE-2021-21135: Inappropriate implementation in Performance API
* CVE-2021-21137: Inappropriate implementation in DevTools
* CVE-2021-21140: Uninitialized Use in USB
* CVE-2021-21141: Insufficient policy enforcement in File System API
* CVE-2021-21145: Use after free in Fonts
* CVE-2021-21146: Use after free in Navigation
* CVE-2021-21147: Inappropriate implementation in Skia
* CVE-2021-21148: Heap buffer overflow in V8
* CVE-2021-21149: Stack overflow in Data Transfer
* CVE-2021-21150: Use after free in Downloads
* CVE-2021-21152: Heap buffer overflow in Media
* CVE-2021-21153: Stack overflow in GPU Process
* CVE-2021-21156: Heap buffer overflow in V8
* CVE-2021-21157: Use after free in Web Sockets
- Drop obsolete patches:
* icu-68.patch
* icu-68-2.patch
- Rebase patches:
* fix1163766.patch
* sandbox-statx-futex_time64.patch
* rtc-dont-use-h264.patch
* chromium-glibc-2.33.patch
- Add patch to fix crash with certain locales:
* 0001-Fix-normalization-of-app-locales.patch
- Clean the spec file a bit
* Wed Mar 10 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Can't use system_vpx on Leap 15.3
* Wed Feb 17 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to fix sandbox with glibc 2.33 on 32bit:
* sandbox-statx-futex_time64.patch
* Tue Feb 16 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Relax constraints for armv6 and armv7
* Mon Feb 15 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Add patch to fix sandbox with glibc 2.33 (boo#1182233):
* chromium-glibc-2.33.patch
* Fri Jan 29 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Bump _constraints and %limit_build, hopefully avoid occasional
OOM and make the build quicker
- Drop obsolete conditions
* Fri Jan 08 2021 Fabian Vogt <fabian@ritter-vogt.de>
- Drop baselibs.conf, not needed after libksysguard5 got adjusted
* Tue Dec 15 2020 Callum Farmer <gmbr3@opensuse.org>
- Fix build with ICU 68:
* Added icu-68.patch
* Added icu-68-2.patch
* Fri Nov 20 2020 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.15.2:
* New bugfix release
* For more details please see:
http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.2/?h=5.15.2
* Thu Sep 10 2020 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.15.1:
* New bugfix release
* For more details please see:
http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.1/?h=5.15.1
- Drop patches, now upstream:
* icu-v67.patch
* 0001-fix-build-after-y2038-changes-in-glibc.patch
- Refresh disable-gpu-when-using-nouveau-boo-1005323.diff
- Update rtc-dont-use-h264.patch
* Thu May 28 2020 Fabian Vogt <fvogt@suse.com>
- Add patch to not require openh264 and don't build the bundled version:
* rtc-dont-use-h264.patch
* Wed May 27 2020 Fabian Vogt <fvogt@suse.com>
- Can't use system VPX on Leap 15.2
* Tue May 26 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Update to version 5.15.0:
* No changelog available
* Thu May 21 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Update to version 5.15.0-rc2:
* No changelog available
* Removed some-more-includes-gcc10.patch: contained in upstream
* Wed May 06 2020 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.15.0-rc:
* New bugfix release
* For the changes between 5.14.2 and 5.15.0 please see:
http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.15.0/?h=5.15.0
- Drop patches, now upstream:
* QTBUG-82186.patch
* Fri Apr 24 2020 Ismail Dönmez <idonmez@suse.com>
- Add icu-v67.patch to fix compilation with icu v67, this is a backport
of https://github.com/v8/v8/commit/3f8dc4b2e5baf77b463334c769af85b79d8c1463
- Rebase icu-v67.patch on 5.15.0-beta4
* Fri Apr 24 2020 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.15.0-beta4:
* New bugfix release
* No changelog available
- Refresh QTBUG-82186.patch
* Tue Apr 14 2020 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.15.0-beta3:
* New bugfix release
* No changelog available
- Refresh fix1163766.patch
* Thu Apr 09 2020 Bernhard Wiedemann <bwiedemann@suse.com>
- Add fix1163766.patch to fix opensuse-welcome on i686 (boo#1163766)
* Mon Mar 30 2020 Fabian Vogt <fvogt@suse.com>
- Add patch to fix build with GCC 10 (boo#1158516):
* some-more-includes-gcc10.patch
Version: 5.15.17-bp156.1.1
* Thu May 23 2024 Christophe Marin <christophe@krop.fr>
- Add compatibility patches for ICU 75:
* qt5-webengine-icu-75.patch
* 0001-Use-default-constructor-in-place-of-self-delegation-.patch
- Consequently build with a newer compiler on Leap 15
* Wed May 22 2024 christophe@krop.fr
- Update to version 5.15.17:
* Add option to chose python version for building 5.15 WebEngine
* Update Chromium. Backported fixes:
* [Backport] Security bug 325296797
* [Backport] CVE-2024-1059: Use after free in WebRTC
* [Backport] Security bug 1518994
* Fixup for [Backport] Security bug 1519980
* [Backport] CVE-2024-1283: Heap buffer overflow in Skia
* [Backport] CVE-2024-1060: Use after free in Canvas
* [Backport] CVE-2024-1077: Use after free in Network
* [Backport] Security bug 1519980
* [Backport] CVE-2024-0808: Integer underflow in WebUI
* [Backport] CVE-2024-0807: Use after free in WebAudio
* Fix ffmpeg assembly with newer binutil
* [Backport] Security bug 1511689
* [Backport] CVE-2024-0224: Use after free in WebAudio
* [Backport] CVE-2023-7024: Heap buffer overflow in WebRTC
* [Backport] Security bug 1506535
* [Backport] CVE-2024-0519: Out of bounds memory access in V8
* [Backport] CVE-2024-0518: Type Confusion in V8
* [Backport] CVE-2024-0333: Insufficient data validation in Extensions
* [Backport] CVE-2024-0222: Use after free in ANGLE
* Fixup: [Backport] Security bug 1488199
* FIXUP: Fix compilation with system ICU
* Fixup: [Backport] Security bug 1505632
* [Backport] Security bug 1505632
* [Backport] CVE-2023-6702: Type Confusion in V8
* [Backport] CVE-2023-6345: Integer overflow in Skia
* Bump V8_PATCH_LEVEL
* [Backport] Security bug 1488199 (2/2)
* [Backport] Security bug 1488199 (1/2)
* [Backport] CVE-2023-6510: Use after free in Media Capture
* Fix building with system libxml2
* [Backport] CVE-2023-6347: Use after free in Mojo
* [Backport] CVE-2023-6112: Use after free in Navigation
* [Backport] CVE-2023-5997: Use after free in Garbage Collection
- Drop patches, merged upstream:
* 0001-Fix-building-with-system-libxml2.patch
* qtwebengine-python3.patch
* python311-fixes.patch
- Update _service file, catapult snapshots are not needed anymore
* Fri May 17 2024 Christoph G <foss@grueninger.de>
- Backport Ninja 1.12 compatibility patch (and adjust paths)
Add-missing-dependencies.patch from upstream
* Fri Apr 19 2024 Christophe Marin <christophe@krop.fr>
- Add patch to fix build with libxml >= 2.12:
* 0001-Fix-building-with-system-libxml2.patch
* Sat Feb 24 2024 Jan Engelhardt <jengelh@inai.de>
- Drop BuildRequire on libsrtp, qt builds a bundled copy.
* Tue Feb 20 2024 Christophe Marin <christophe@krop.fr>
- Switch to '%patch -P'
- Build with python 3.11 on Leap
* Wed Nov 22 2023 christophe@krop.fr
- Update to version 5.15.16:
* Bump version to 5.15.16
* Add check for system ffmpeg compatibility
* Fix handling of external URLs in PDFs
* Update Chromium:
* [Backport] CVE-2023-5996: Use after free in WebAudio
* [Backport] CVE-2023-5482 and CVE-2023-5849
* [Backport] CVE-2023-45853: Buffer overflow in MiniZip
* [Backport] Security bug 1478470
* [Backport] Security bug 1472365 and 1472366
* [Backport] CVE-2023-5218: Use after free in Site Isolation
* [Backport] Security bug 1486316
* FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Add Intel Meteorlake GPU series type
* [Backport] Add Intel Raptorlake GPU series type
* [Backport] Add a few missing IntelGpuSeriesTypes in
gpu_util.cc
* [Backport] Add Intel Alchemist GPU series type
* [Backport] Add Alderlake to intel_gpu_series field in gpu
control list.
* [Backport] Add missing Intel GPU series types.
* [Backport] Add Alderlake's GPU to list supporting two NV12
overlay planes.
* [Backport] CVE-2023-5217: Heap buffer overflow in vp8
encoding in libvpx
* [Backport] Security bug 1479104
* [Backport] [PA] Support 16kb pagesize on Linux+ARM64
* [Backport] Replace uses of re2::StringPiece::set().
* Fix build with GCC 13
* Fix errors and warnings for perfetto
* Remove nodiscard attribute from cpwl_combo_box.h
* Bump V8_PATCH_LEVEL
* [Backport] CVE-2023-4762: Type Confusion in V8
* [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL
* [Backport] CVE-2023-4354: Heap buffer overflow in Skia
* [Backport] CVE-2023-4351: Use after free in Network
* Disable Windows IME for GPU thread
* [Backport] CVE-2023-4863: Heap buffer overflow in WebP
* [Backport] Security bug 1465224
* [Backport] Dependency for security bug 1465224
* [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
* [Backport] CVE-2023-4076: Use after free in WebRTC
* [Backport] CVE-2023-4074: Use after free in Blink Task
Scheduling
* Fri Sep 01 2023 christophe@krop.fr
- Update to version 5.15.15:
* Update Chromium:
* [Backport] Security bug 1454860
* Further fixes for building with GCC 13
* Fixup [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] Security bug 1447430
* [Backport] CVE-2023-2930: Use after free in Extensions
* [Backport] CVE-2023-3079: Type Confusion in V8
* [Backport] CVE-2023-3216: Type Confusion in V8
* [Backport] CVE-2023-2933: Use after free in PDF
* [Backport] CVE-2023-2935: Type Confusion in V8
* [Backport] CVE-2023-2932: Use after free in PDF
* [Backport] CVE-2023-2931: Use after free in PDF
* [Backport] Security bug 1444195
* [Backport] Security bug 1428743
* [Backport] CVE-2023-2721: Use after free in Navigation
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
- build with older re2 on Tumbleweed, the upcoming re2 2023-07-01
breaks qtwebengine
* Thu May 25 2023 christophe@krop.fr
- Update to version 5.15.14:
* Blacklist TouchInputTest::touchTap for sles 15.4
* Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15
* Do not allow universal with debug builds
* Enable accessibility by default on Linux
* Fix blacklisting of mouseMovementProperties for sles 15.4
* Fix build with GCC 13
* Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets
* Fix memory management in QPdfDocument functions
* Update Chromium:
* Fixes for building with GCC-13
* [Backport] CVE-2023-1215: Type Confusion in CSS
* [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
* [Backport] CVE-2023-1219: Heap buffer overflow in Metrics
* [Backport] CVE-2023-1220: Heap buffer overflow in UMA
* [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
* [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
* [Backport] CVE-2023-1530: Use after free in PDF
* [Backport] CVE-2023-1531: Use after free in ANGLE
* [Backport] CVE-2023-1534: Out of bounds read in ANGLE
* [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
* [Backport] CVE-2023-1811: Use after free in Frames
* [Backport] CVE-2023-2033: Type Confusion in V8
* [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
* [Backport] CVE-2023-29469 / Security bug 1433328
* [Backport] Security bug 1337747
* [Backport] Security bug 1417585
* [Backport] Security bug 1418734
* [Backport] Security bug 1423360
* [Backport] Security bug 1427388
- Drop patch, merged upstream:
* 0001-Fixes-for-building-with-GCC-13.patch
* Fri Apr 28 2023 Dirk Müller <dmueller@suse.com>
- add python311-fixes.patch:
* Fix build when python3 is python 3.11+
* Tue Apr 11 2023 Christophe Marin <christophe@krop.fr>
- Add patch to fix build with GCC 13 (boo#1207469):
* 0001-Fixes-for-building-with-GCC-13.patch
* Thu Mar 09 2023 christophe@krop.fr
- Update to version 5.15.13:
* Force to disable IPC logging
* Move out GetInProcessGpuShareGroup form content browser client
* Fix probabilistic signature scheme
* Bump version to 5.15.13
* Recreate response head objects on multiple redirect
* Add checksum to mailbox name in Release build too
* Drop dependency on content/public/browser in content gpu
* FIXUP: Mark Node::opcode() and Operator::opcode()
as constexpr
* [Backport] Add missing include for std::begin and std::end
in SkParseColor.cpp
* [Backport] CVE-2022-4179: Use after free in Audio
* [Backport] CVE-2022-4437: Use after free in Mojo IPC
* [Backport] CVE-2022-4438: Use after free in Blink Frames
* [Backport] CVE-2023-0129: Heap buffer overflow in
Network Service
* [Backport] CVE-2023-0472: Use after free in WebRTC
* [Backport] CVE-2023-0698: Out of bounds read in WebRTC
* [Backport] CVE-2023-0931: Use after free in Video
* [Backport] CVE-2023-0933: Integer overflow in PDF
* [Backport] Disable ABSL_HAVE_STD_IS_TRIVIALLY_ASSIGNABLE
for clang-cl
* [Backport] Fix more clang deprecated builtins
* [Backport] Map the absl::is_trivially_* functions to their
std impl
* [Backport] Mark Node::opcode() and Operator::opcode()
as constexpr
* [Backport] Security bug 1393384
* [Backport] Security bug 1394382
* [Backport] Security bug 1399424
* [Backport] Security bug 1406115
* [Backport][Windows] Remove unused sidestep intercepts
- Update 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
* Thu Mar 09 2023 Martin Liška <mliska@suse.cz>
- Use gcc12 for openSUSE:Factory as workaround for boo#1207469.
* Thu Dec 29 2022 christophe@krop.fr
- Update to version 5.15.12:
* Bump version to 5.15.12
* Update Chromium:
* Bump V8_PATCH_LEVEL
* Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
* Fixup the patch for CVE-2022-3200 on 87-based / 5.15
* [Backport] CVE-2022-3038: Use after free in Network Service
* [Backport] CVE-2022-3040: Use after free in Layout
* [Backport] CVE-2022-3041: Use after free in WebSQL
* [Backport] CVE-2022-3046: Use after free in Browser Tag
* [Backport] CVE-2022-3075: Insufficient data validation in Mojo
* [Backport] CVE-2022-3196: Use after free in PDF
* [Backport] CVE-2022-3197: Use after free in PDF
* [Backport] CVE-2022-3198: Use after free in PDF
* [Backport] CVE-2022-3199: Use after free in Frames.
* [Backport] CVE-2022-3200: Heap buffer overflow in Internals
* [Backport] CVE-2022-3201: Insufficient validation of untrusted
input in Developer Tools (1/2)
* [Backport] CVE-2022-3201: Insufficient validation of untrusted
input in Developer Tools (2/2)
* [Backport] CVE-2022-3304: Use after free in CSS
* [Backport] CVE-2022-3370: Use after free in Custom Elements
* [Backport] CVE-2022-3373: Out of bounds write in V8
* [Backport] CVE-2022-3445: Use after free in Skia.
* [Backport] CVE-2022-3446 and CVE-2022-35737
* [Backport] CVE-2022-3885: Use after free in V8
* [Backport] CVE-2022-3887: Use after free in Web Workers
* [Backport] CVE-2022-3889: Type Confusion in V8
* [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
* [Backport] CVE-2022-4174: Type Confusion in V8
* [Backport] CVE-2022-4180: Use after free in Mojo
* [Backport] CVE-2022-4181: Use after free in Forms
* [Backport] CVE-2022-4262: Type Confusion in V8
* [Backport] Security bug 1356308
* [Backport] Security bug 1378916
* [Backport] Security bugs 1346938 and 1338114
* Wed Oct 05 2022 christophe@krop.fr
- Update to version 5.15.11:
* Work-around GNOME bug misidentifying HTML content
* Fix busy waiting on streaming QIODevice's
* Add workaround for un-minimizing QWebEngineView under Gnome
* Build the QtDesigner plugin in all configurations
* Bump version to 5.15.11
* Fix method check
* Do not use the native dialog to show the color picker on macOS
* FIXUP: Add workaround for unstable gn on macOS in ci
* Fix top level build with no widget
* Fix touch input for widget's delegate for html popup
* Keep page's zoom level on loading new urls
* Fix leak if loader error is seen first
* Add workaround for unstable gn on macOS in ci
* Pass archiver to gn build
* Fix read-after-free on EGL extensions
* Update Chromium:
* FIXUP: Fix url_utils for QtWebEngine
* FIXUP: Workaround MSVC2022 ICE in constexpr functions
* Fixup: CVE-2022-0796: Use after free in Media
* [Backport] CVE-2022-0796: Use after free in Media
* [Backport] CVE-2022-1855: Use after free in Messaging
* [Backport] CVE-2022-1857: Insufficient policy enforcement in
File System API
* [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
* [Backport] CVE-2022-2010: Out of bounds read in compositing
* [Backport] CVE-2022-2158: Type Confusion in V8
* [Backport] CVE-2022-2160: Insufficient policy enforcement
in DevTools
* [Backport] CVE-2022-2162: Insufficient policy enforcement in
File System API
* [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC
* [Backport] CVE-2022-2295: Type Confusion in V8
* [Backport] CVE-2022-2477 : Use after free in Guest View
* [Backport] CVE-2022-2610: Insufficient policy enforcement
in Background Fetch
* [Backport] CVE-2022-27404
* [Backport] CVE-2022-27405
* [Backport] CVE-2022-27406
* [Backport] Linux sandbox: ENOSYS for some statx syscalls
* [Backport] Security bug 1287804
* [Backport] Security bug 1316578
* [Backport] Security bug 1343889
- Replace sandbox-statx-futex_time64.patch with upstream change:
* sandbox_futex_time64.patch
* Mon Sep 26 2022 Christophe Giboudeaux <christophe@krop.fr>
- Use python 3.9 to build qtwebengine on Leap 15.
* Fri Sep 23 2022 Christophe Giboudeaux <christophe@krop.fr>
- Add patches to build with python 3, ffmpeg 5 and pipewire 0.3:
* qtwebengine-ffmpeg5.patch
* qtwebengine-pipewire-0.3.patch
* qtwebengine-python3.patch
- Use a newer catapult snapshot when building with python3
* Mon Aug 08 2022 Christophe Giboudeaux <christophe@krop.fr>
- Stop using 'pkgconfig(xxx)' BuildRequires for FFmpeg
dependencies. They will point to FFmpeg-5 soon.
Version: 5.15.10-bp154.2.3.2
* Wed Jun 08 2022 Christophe Giboudeaux <christophe@krop.fr>
- Update to version 5.15.10:
* Fix top level build with no widget
* Fix read-after-free on EGL extensions
* Update Chromium
* Add workaround for unstable gn on macOS in ci
* Pass archiver to gn build
* Fix navigation to non-local URLs
* Add support for universal builds for qtwebengine and qtpdf
* Enable Apple Silicon support
* Fix cross compilation x86_64->arm64 on mac
* Bump version to 5.15.10
* CustomDialogs: Make custom input fields readable in dark mode
* CookieBrowser: Make alternating rows readable in dark mode
* Update Chromium:
* Bump V8_PATCH_LEVEL
* Fix clang set-but-unused-variable warning
* Fix mac toolchain python linker script call
* Fix missing dependency for gpu sources
* Fix python calls
* Fix undefined symbol for universal link
* Quick fix for regression in service workers by reverting
backports
* [Backport] CVE-2022-0797: Out of bounds memory access
in Mojo
* [Backport] CVE-2022-1125
* [Backport] CVE-2022-1138: Inappropriate implementation
in Web Cursor.
* [Backport] CVE-2022-1305: Use after free in storage
* [Backport] CVE-2022-1310: Use after free in regular
expressions
* [Backport] CVE-2022-1314: Type Confusion in V8
* [Backport] CVE-2022-1493: Use after free in Dev Tools
* [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
* [Backport] Security Bug 1296876
* [Backport] Security bug 1269999
* [Backport] Security bug 1280852
* [Backport] Security bug 1292905
* [Backport] Security bug 1304659
* [Backport] Security bug 1306507
* Mon May 02 2022 Martin Li?ka <mliska@suse.cz>
- Remove dependency on binutils-gold as the package will be removed
in the future. Gold linker is unmaintained by the upstream project.
* Wed Apr 27 2022 Christophe Giboudeaux <christophe@krop.fr>
- Add libqt5-qtwebengine-rpmlintrc to silence the
'shlib-policy-name-error' rpmlint error
Version: 5.12.7-bp152.2.12
* Thu Mar 12 2020 Wolfgang Bauer <wbauer@tmo.at>
- Fix an issue with selections breaking replying in KMail:
* QTBUG-81574.patch
* Fri Jan 31 2020 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.12.7:
* New bugfix release
* For more details please see:
http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.7/?h=v5.12.7
- Refresh chromium-non-void-return.patch
* Thu Nov 14 2019 Fabian Vogt <fabian@ritter-vogt.de>
- Update to 5.12.6:
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.6/?h=v5.12.6
* Wed Oct 02 2019 Fabian Vogt <fabian@ritter-vogt.de>
- Use bundled libvpx on Leap 15.2 (for now) as well
* Tue Sep 24 2019 Fabian Vogt <fabian@ritter-vogt.de>
- Add gn_args+=link_pulseaudio=true to work around incompatibility
with PA 13 headers (QTBUG-77037)
* Thu Sep 12 2019 Christophe Giboudeaux <christophe@krop.fr>
- Update to 5.12.5:
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.5/?h=5.12.5
* Fri Jun 14 2019 fabian@ritter-vogt.de
- Update to 5.12.4:
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.4/?h=5.12.4
* Tue Apr 30 2019 Fabian Vogt <fabian@ritter-vogt.de>
- Fix system_vpx bcond
* Thu Apr 18 2019 fabian@ritter-vogt.de
- Update to 5.12.3:
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.3/?h=v5.12.3
- Refresh chromium-non-void-return.patch
* Thu Mar 14 2019 fabian@ritter-vogt.de
- Update to 5.12.2:
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.2/?h=5.12.2
- Remove patches, now upstream:
* cve-2019-5786.patch
* Mon Mar 11 2019 Martin Herkt <9+suse@cirno.systems>
- Add cve-2019-5786.patch
Backport fix for CVE-2019-5786
https://bugreports.qt.io/browse/QTBUG-74254
* Mon Feb 04 2019 wbauer@tmo.at
- Fix build on Leap 42.3 by adding c++14 to QT_CONFIG
* Fri Feb 01 2019 fabian@ritter-vogt.de
- Update to 5.12.1:
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.1/?h=v5.12.1
- Refresh disable-gpu-when-using-nouveau-boo-1005323.diff
- Remove patches, now upstream:
* gn-fix_arm.patch
* chromium-66.0.3359.170-gcc8-alignof.patch
* Mon Jan 21 2019 Bernhard Wiedemann <bwiedemann@suse.com>
- Add reproducible.patch to override chromium build date
to make package build reproducible (boo#1047218)
- Use openSUSE's ninja for the build so that we can apply fixes there
that are used by everyone (boo#1118619)
* Fri Dec 21 2018 Guillaume GARDET <guillaume.gardet@opensuse.org>
- Backport patch to fix %arm builds:
* gn-fix_arm.patch
* Thu Dec 06 2018 fabian@ritter-vogt.de
- Update to 5.12.0:
* New feature release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.0/?h=v5.12.0
* Mon Dec 03 2018 fabian@ritter-vogt.de
- Update to 5.12.0-rc2:
* New bugfix release
* Only important bugfixes
- Changelog for Qt 5.12.0:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.12.0/?h=5.12.0
* Thu Nov 22 2018 fabian@ritter-vogt.de
- Update to 5.12.0-rc:
* New bugfix release
* No changelog available
* Thu Nov 08 2018 fabian@ritter-vogt.de
- Update to 5.12.0-beta4:
* New bugfix release
* No changelog available
- Add yet another hunk to chromium-non-void-return.patch
* Fri Oct 26 2018 fabian@ritter-vogt.de
- Update to 5.12.0-beta3:
* New bugfix release
* No changelog available
Version: 5.10.1-bp150.2.9
* Mon May 07 2018 guillaume.gardet@opensuse.org
- Fix armv6 by removing unneeded additionnal RPM_OPT_FLAGS
* Wed Apr 11 2018 mliska@suse.cz
- Add no-return-in-nonvoid-function.diff in order to fix boo#1087068.
* Thu Mar 29 2018 kamikazow@opensuse.org
- Changed license header back to original template
* LGPL-2.1-or-later was wrong
- Package license is LGPL-3.0-only, GPL-2.0-only, GPL-3.0-only
* incorporates 3rd party code (Chromium, WebKit, even some dating
back to KHTML), therefore no "with-Qt-Company-Qt-exception-1.1"
because those 3rd parties never granted them.
* Tue Mar 27 2018 wbauer@tmo.at
- Only automatically convert dictionaries on Leap 15 or higher,
%filetriggerin is not supported in Leap 42.3 which caused the
build to fail
* Sun Mar 25 2018 kamikazow@opensuse.org
- Enable spell checking:
* Ported script snippet from Fedora package by Kevin Kofler
* Converts available Hunspell dictionaries locally during installation
- Changed specfile header to reflect code coming from K. Kofler
* Fri Mar 23 2018 wbauer@tmo.at
- Also adjust the minimum versions of the private-headers-devel
subpackage's requirements
* Thu Mar 22 2018 kamikazow@opensuse.org
- Apply a fix to make QtWE-using applications actually compile against it
* Sun Mar 18 2018 kamikazow@opensuse.org
- Forward-port security backports from 5.9.5 LTS (up to Chromium 65.0.3325.146)
* qtwebengine-everywhere-src-5.10.1-security-5.9.5.patch from Fedora
* qtwebengine-everywhere-src-5.10.1-CVE-2018-6033.patch from Fedora
* Wed Feb 14 2018 fabian@ritter-vogt.de
- Update to 5.10.1
* New bugfix release
* For more details please see:
* http://code.qt.io/cgit/qt/qtwebengine.git/plain/dist/changes-5.10.1/?h=v5.10.1
* Fri Feb 02 2018 dimstar@opensuse.org
- Eliminate build dependency on procps: we only used it to run
'free', in order to find out how much RAM we have available. We
can get this information directly from the kernel, from
/proc/meminfo.
* Fri Jan 12 2018 fabian@ritter-vogt.de
- Also work around crashes on wayland by disabling the GPU by default (boo#1060990):
* disable-gpu-when-using-nouveau-boo-1005323.diff
* Fri Dec 08 2017 christophe@krop.fr
- Update the license tag (boo#967696)
* Thu Dec 07 2017 fabian@ritter-vogt.de
- Update to 5.10.0 final
* New bugfix release
* Sun Dec 03 2017 fabian@ritter-vogt.de
- Update to 5.10.0 RC 2
* New bugfix release
* Thu Nov 30 2017 fabian@ritter-vogt.de
- Update to 5.10.0 RC 1
* New bugfix release
* Wed Nov 15 2017 fabian@ritter-vogt.de
- Update to 5.10 Beta 4
- Contains bugfixes
* Thu Nov 02 2017 tittiatcoke@gmail.com
- Add some feature from the Chromium builds to determine the maximum
allowed parallel processes based on the available memory. Also
ensure that the ninja build follows this maximum
* Thu Nov 02 2017 fabian@ritter-vogt.de
- Update to 5.10 Beta 3
- Contains bugfixes
- Refresh patches:
* armv6-ffmpeg-no-thumb.patch
* disable-gpu-when-using-nouveau-boo-1005323.diff
* harmony-fix.diff