Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libQt5Pdf5-5.15.17-5.3 RPM for armv7hl

From OpenSuSE Ports Tumbleweed for armv7hl

Name: libQt5Pdf5 Distribution: openSUSE Tumbleweed
Version: 5.15.17 Vendor: openSUSE
Release: 5.3 Build date: Wed Sep 4 16:27:07 2024
Group: Development/Libraries/X11 Build host: reproducible
Size: 3340717 Source RPM: libqt5-qtwebengine-5.15.17-5.3.src.rpm
Packager: http://bugs.opensuse.org
Url: https://www.qt.io
Summary: Qt5 PDF library
Main library of the Qt PDF module.

Provides

Requires

License

LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only

Changelog

* Wed Sep 04 2024 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Disable LTO on %{arm} to fix build
* Thu Aug 29 2024 Antonio Larrosa <alarrosa@suse.com>
  - Remove the unrar sources from the third_party directory in %prep
    so we're sure not to use any code with a non-free license.
* Wed Aug 07 2024 Christophe Marin <christophe@krop.fr>
  - Add ffmpeg 7 compatibility patch (Picked from Arch):
    * qt5-webengine-ffmpeg7.patch
* Sun Jun 09 2024 Andreas Stieger <andreas.stieger@gmx.de>
  - use bundled re2 (boo#1226119)
* Thu May 23 2024 Christophe Marin <christophe@krop.fr>
  - Add compatibility patches for ICU 75:
    * qt5-webengine-icu-75.patch
    * 0001-Use-default-constructor-in-place-of-self-delegation-.patch
  - Consequently build with a newer compiler on Leap 15
* Wed May 22 2024 christophe@krop.fr
  - Update to version 5.15.17:
    * Add option to chose python version for building 5.15 WebEngine
    * Update Chromium. Backported fixes:
    * [Backport] Security bug 325296797
    * [Backport] CVE-2024-1059: Use after free in WebRTC
    * [Backport] Security bug 1518994
    * Fixup for [Backport] Security bug 1519980
    * [Backport] CVE-2024-1283: Heap buffer overflow in Skia
    * [Backport] CVE-2024-1060: Use after free in Canvas
    * [Backport] CVE-2024-1077: Use after free in Network
    * [Backport] Security bug 1519980
    * [Backport] CVE-2024-0808: Integer underflow in WebUI
    * [Backport] CVE-2024-0807: Use after free in WebAudio
    * Fix ffmpeg assembly with newer binutil
    * [Backport] Security bug 1511689
    * [Backport] CVE-2024-0224: Use after free in WebAudio
    * [Backport] CVE-2023-7024: Heap buffer overflow in WebRTC
    * [Backport] Security bug 1506535
    * [Backport] CVE-2024-0519: Out of bounds memory access in V8
    * [Backport] CVE-2024-0518: Type Confusion in V8
    * [Backport] CVE-2024-0333: Insufficient data validation in Extensions
    * [Backport] CVE-2024-0222: Use after free in ANGLE
    * Fixup: [Backport] Security bug 1488199
    * FIXUP: Fix compilation with system ICU
    * Fixup: [Backport] Security bug 1505632
    * [Backport] Security bug 1505632
    * [Backport] CVE-2023-6702: Type Confusion in V8
    * [Backport] CVE-2023-6345: Integer overflow in Skia
    * Bump V8_PATCH_LEVEL
    * [Backport] Security bug 1488199 (2/2)
    * [Backport] Security bug 1488199 (1/2)
    * [Backport] CVE-2023-6510: Use after free in Media Capture
    * Fix building with system libxml2
    * [Backport] CVE-2023-6347: Use after free in Mojo
    * [Backport] CVE-2023-6112: Use after free in Navigation
    * [Backport] CVE-2023-5997: Use after free in Garbage Collection
  - Drop patches, merged upstream:
    * 0001-Fix-building-with-system-libxml2.patch
    * qtwebengine-python3.patch
    * python311-fixes.patch
  - Update _service file, catapult snapshots are not needed anymore
* Fri May 17 2024 Christoph G <foss@grueninger.de>
  - Backport Ninja 1.12 compatibility patch (and adjust paths)
    Add-missing-dependencies.patch from upstream
* Fri Apr 19 2024 Christophe Marin <christophe@krop.fr>
  - Add patch to fix build with libxml >= 2.12:
    * 0001-Fix-building-with-system-libxml2.patch
* Sat Feb 24 2024 Jan Engelhardt <jengelh@inai.de>
  - Drop BuildRequire on libsrtp, qt builds a bundled copy.
* Tue Feb 20 2024 Christophe Marin <christophe@krop.fr>
  - Switch to '%patch -P'
  - Build with python 3.11 on Leap
* Wed Nov 22 2023 christophe@krop.fr
  - Update to version 5.15.16:
    * Bump version to 5.15.16
    * Add check for system ffmpeg compatibility
    * Fix handling of external URLs in PDFs
    * Update Chromium:
    * [Backport] CVE-2023-5996: Use after free in WebAudio
    * [Backport] CVE-2023-5482 and CVE-2023-5849
    * [Backport] CVE-2023-45853: Buffer overflow in MiniZip
    * [Backport] Security bug 1478470
    * [Backport] Security bug 1472365 and 1472366
    * [Backport] CVE-2023-5218: Use after free in Site Isolation
    * [Backport] Security bug 1486316
    * FIXUP: [Backport] [PA] Support 16kb pagesize on Linux+ARM64
    * [Backport] Add Intel Meteorlake GPU series type
    * [Backport] Add Intel Raptorlake GPU series type
    * [Backport] Add a few missing IntelGpuSeriesTypes in
      gpu_util.cc
    * [Backport] Add Intel Alchemist GPU series type
    * [Backport] Add Alderlake to intel_gpu_series field in gpu
      control list.
    * [Backport] Add missing Intel GPU series types.
    * [Backport] Add Alderlake's GPU to list supporting two NV12
      overlay planes.
    * [Backport] CVE-2023-5217: Heap buffer overflow in vp8
      encoding in libvpx
    * [Backport] Security bug 1479104
    * [Backport] [PA] Support 16kb pagesize on Linux+ARM64
    * [Backport] Replace uses of re2::StringPiece::set().
    * Fix build with GCC 13
    * Fix errors and warnings for perfetto
    * Remove nodiscard attribute from cpwl_combo_box.h
    * Bump V8_PATCH_LEVEL
    * [Backport] CVE-2023-4762: Type Confusion in V8
    * [Backport] CVE-2023-4362: Heap buffer overflow in Mojom IDL
    * [Backport] CVE-2023-4354: Heap buffer overflow in Skia
    * [Backport] CVE-2023-4351: Use after free in Network
    * Disable Windows IME for GPU thread
    * [Backport] CVE-2023-4863: Heap buffer overflow in WebP
    * [Backport] Security bug 1465224
    * [Backport] Dependency for security bug 1465224
    * [Backport] CVE-2023-4071: Heap buffer overflow in Visuals
    * [Backport] CVE-2023-4076: Use after free in WebRTC
    * [Backport] CVE-2023-4074: Use after free in Blink Task
      Scheduling
* Fri Sep 01 2023 christophe@krop.fr
  - Update to version 5.15.15:
    * Update Chromium:
    * [Backport] Security bug 1454860
    * Further fixes for building with GCC 13
    * Fixup [Backport] CVE-2023-2935: Type Confusion in V8
    * [Backport] Security bug 1447430
    * [Backport] CVE-2023-2930: Use after free in Extensions
    * [Backport] CVE-2023-3079: Type Confusion in V8
    * [Backport] CVE-2023-3216: Type Confusion in V8
    * [Backport] CVE-2023-2933: Use after free in PDF
    * [Backport] CVE-2023-2935: Type Confusion in V8
    * [Backport] CVE-2023-2932: Use after free in PDF
    * [Backport] CVE-2023-2931: Use after free in PDF
    * [Backport] Security bug 1444195
    * [Backport] Security bug 1428743
    * [Backport] CVE-2023-2721: Use after free in Navigation
* Fri Jul 28 2023 Andreas Stieger <andreas.stieger@gmx.de>
  - build with older re2 on Tumbleweed, the upcoming re2 2023-07-01
    breaks qtwebengine
* Thu May 25 2023 christophe@krop.fr
  - Update to version 5.15.14:
    * Blacklist TouchInputTest::touchTap for sles 15.4
    * Blacklist tst_QWebEnginePage::mouseMovementProperties for SLES-15
    * Do not allow universal with debug builds
    * Enable accessibility by default on Linux
    * Fix blacklisting of mouseMovementProperties for sles 15.4
    * Fix build with GCC 13
    * Fix initialization of QWebEngineDownloadItem::totalBytes for Widgets
    * Fix memory management in QPdfDocument functions
    * Update Chromium:
    * Fixes for building with GCC-13
    * [Backport] CVE-2023-1215: Type Confusion in CSS
    * [Backport] CVE-2023-1217: Stack buffer overflow in Crash reporting
    * [Backport] CVE-2023-1219: Heap buffer overflow in Metrics
    * [Backport] CVE-2023-1220: Heap buffer overflow in UMA
    * [Backport] CVE-2023-1222: Heap buffer overflow in Web Audio API
    * [Backport] CVE-2023-1529: Out of bounds memory access in WebHID
    * [Backport] CVE-2023-1530: Use after free in PDF
    * [Backport] CVE-2023-1531: Use after free in ANGLE
    * [Backport] CVE-2023-1534: Out of bounds read in ANGLE
    * [Backport] CVE-2023-1810: Heap buffer overflow in Visuals
    * [Backport] CVE-2023-1811: Use after free in Frames
    * [Backport] CVE-2023-2033: Type Confusion in V8
    * [Backport] CVE-2023-2137: Heap buffer overflow in sqlite
    * [Backport] CVE-2023-29469 / Security bug 1433328
    * [Backport] Security bug 1337747
    * [Backport] Security bug 1417585
    * [Backport] Security bug 1418734
    * [Backport] Security bug 1423360
    * [Backport] Security bug 1427388
  - Drop patch, merged upstream:
    * 0001-Fixes-for-building-with-GCC-13.patch
* Fri Apr 28 2023 Dirk Müller <dmueller@suse.com>
  - add python311-fixes.patch:
    * Fix build when python3 is python 3.11+
* Tue Apr 11 2023 Christophe Marin <christophe@krop.fr>
  - Add patch to fix build with GCC 13 (boo#1207469):
    * 0001-Fixes-for-building-with-GCC-13.patch
* Thu Mar 09 2023 christophe@krop.fr
  - Update to version 5.15.13:
    * Force to disable IPC logging
    * Move out GetInProcessGpuShareGroup form content browser client
    * Fix probabilistic signature scheme
    * Bump version to 5.15.13
    * Recreate response head objects on multiple redirect
    * Add checksum to mailbox name in Release build too
    * Drop dependency on content/public/browser in content gpu
    * FIXUP: Mark Node::opcode() and Operator::opcode()
      as constexpr
    * [Backport] Add missing include for std::begin and std::end
      in SkParseColor.cpp
    * [Backport] CVE-2022-4179: Use after free in Audio
    * [Backport] CVE-2022-4437: Use after free in Mojo IPC
    * [Backport] CVE-2022-4438: Use after free in Blink Frames
    * [Backport] CVE-2023-0129: Heap buffer overflow in
      Network Service
    * [Backport] CVE-2023-0472: Use after free in WebRTC
    * [Backport] CVE-2023-0698: Out of bounds read in WebRTC
    * [Backport] CVE-2023-0931: Use after free in Video
    * [Backport] CVE-2023-0933: Integer overflow in PDF
    * [Backport] Disable ABSL_HAVE_STD_IS_TRIVIALLY_ASSIGNABLE
      for clang-cl
    * [Backport] Fix more clang deprecated builtins
    * [Backport] Map the absl::is_trivially_* functions to their
      std impl
    * [Backport] Mark Node::opcode() and Operator::opcode()
      as constexpr
    * [Backport] Security bug 1393384
    * [Backport] Security bug 1394382
    * [Backport] Security bug 1399424
    * [Backport] Security bug 1406115
    * [Backport][Windows] Remove unused sidestep intercepts
  - Update 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
* Thu Mar 09 2023 Martin Liška <mliska@suse.cz>
  - Use gcc12 for openSUSE:Factory as workaround for boo#1207469.
* Thu Dec 29 2022 christophe@krop.fr
  - Update to version 5.15.12:
    * Bump version to 5.15.12
    * Update Chromium:
    * Bump V8_PATCH_LEVEL
    * Fixup for patch for CVE-2022-3200 on OpenSuse 15.1
    * Fixup the patch for CVE-2022-3200 on 87-based / 5.15
    * [Backport] CVE-2022-3038: Use after free in Network Service
    * [Backport] CVE-2022-3040: Use after free in Layout
    * [Backport] CVE-2022-3041: Use after free in WebSQL
    * [Backport] CVE-2022-3046: Use after free in Browser Tag
    * [Backport] CVE-2022-3075: Insufficient data validation in Mojo
    * [Backport] CVE-2022-3196: Use after free in PDF
    * [Backport] CVE-2022-3197: Use after free in PDF
    * [Backport] CVE-2022-3198: Use after free in PDF
    * [Backport] CVE-2022-3199: Use after free in Frames.
    * [Backport] CVE-2022-3200: Heap buffer overflow in Internals
    * [Backport] CVE-2022-3201: Insufficient validation of untrusted
      input in Developer Tools (1/2)
    * [Backport] CVE-2022-3201: Insufficient validation of untrusted
      input in Developer Tools (2/2)
    * [Backport] CVE-2022-3304: Use after free in CSS
    * [Backport] CVE-2022-3370: Use after free in Custom Elements
    * [Backport] CVE-2022-3373: Out of bounds write in V8
    * [Backport] CVE-2022-3445: Use after free in Skia.
    * [Backport] CVE-2022-3446 and CVE-2022-35737
    * [Backport] CVE-2022-3885: Use after free in V8
    * [Backport] CVE-2022-3887: Use after free in Web Workers
    * [Backport] CVE-2022-3889: Type Confusion in V8
    * [Backport] CVE-2022-3890: Heap buffer overflow in Crashpad
    * [Backport] CVE-2022-4174: Type Confusion in V8
    * [Backport] CVE-2022-4180: Use after free in Mojo
    * [Backport] CVE-2022-4181: Use after free in Forms
    * [Backport] CVE-2022-4262: Type Confusion in V8
    * [Backport] Security bug 1356308
    * [Backport] Security bug 1378916
    * [Backport] Security bugs 1346938 and 1338114
* Wed Oct 05 2022 christophe@krop.fr
  - Update to version 5.15.11:
    * Work-around GNOME bug misidentifying HTML content
    * Fix busy waiting on streaming QIODevice's
    * Add workaround for un-minimizing QWebEngineView under Gnome
    * Build the QtDesigner plugin in all configurations
    * Bump version to 5.15.11
    * Fix method check
    * Do not use the native dialog to show the color picker on macOS
    * FIXUP: Add workaround for unstable gn on macOS in ci
    * Fix top level build with no widget
    * Fix touch input for widget's delegate for html popup
    * Keep page's zoom level on loading new urls
    * Fix leak if loader error is seen first
    * Add workaround for unstable gn on macOS in ci
    * Pass archiver to gn build
    * Fix read-after-free on EGL extensions
    * Update Chromium:
    * FIXUP: Fix url_utils for QtWebEngine
    * FIXUP: Workaround MSVC2022 ICE in constexpr functions
    * Fixup: CVE-2022-0796: Use after free in Media
    * [Backport] CVE-2022-0796: Use after free in Media
    * [Backport] CVE-2022-1855: Use after free in Messaging
    * [Backport] CVE-2022-1857: Insufficient policy enforcement in
      File System API
    * [Backport] CVE-2022-2008: Out of bounds memory access in WebGL
    * [Backport] CVE-2022-2010: Out of bounds read in compositing
    * [Backport] CVE-2022-2158: Type Confusion in V8
    * [Backport] CVE-2022-2160: Insufficient policy enforcement
      in DevTools
    * [Backport] CVE-2022-2162: Insufficient policy enforcement in
      File System API
    * [Backport] CVE-2022-2294: Heap buffer overflow in WebRTC
    * [Backport] CVE-2022-2295: Type Confusion in V8
    * [Backport] CVE-2022-2477 : Use after free in Guest View
    * [Backport] CVE-2022-2610: Insufficient policy enforcement
      in Background Fetch
    * [Backport] CVE-2022-27404
    * [Backport] CVE-2022-27405
    * [Backport] CVE-2022-27406
    * [Backport] Linux sandbox: ENOSYS for some statx syscalls
    * [Backport] Security bug 1287804
    * [Backport] Security bug 1316578
    * [Backport] Security bug 1343889
  - Replace sandbox-statx-futex_time64.patch with upstream change:
    * sandbox_futex_time64.patch
* Mon Sep 26 2022 Christophe Giboudeaux <christophe@krop.fr>
  - Use python 3.9 to build qtwebengine on Leap 15.
* Fri Sep 23 2022 Christophe Giboudeaux <christophe@krop.fr>
  - Add patches to build with python 3, ffmpeg 5 and pipewire 0.3:
    * qtwebengine-ffmpeg5.patch
    * qtwebengine-pipewire-0.3.patch
    * qtwebengine-python3.patch
  - Use a newer catapult snapshot when building with python3
* Mon Aug 08 2022 Christophe Giboudeaux <christophe@krop.fr>
  - Stop using 'pkgconfig(xxx)' BuildRequires for FFmpeg
    dependencies. They will point to FFmpeg-5 soon.
* Wed Jun 08 2022 Christophe Giboudeaux <christophe@krop.fr>
  - Update to version 5.15.10:
    * Fix top level build with no widget
    * Fix read-after-free on EGL extensions
    * Update Chromium
    * Add workaround for unstable gn on macOS in ci
    * Pass archiver to gn build
    * Fix navigation to non-local URLs
    * Add support for universal builds for qtwebengine and qtpdf
    * Enable Apple Silicon support
    * Fix cross compilation x86_64->arm64 on mac
    * Bump version to 5.15.10
    * CustomDialogs: Make custom input fields readable in dark mode
    * CookieBrowser: Make alternating rows readable in dark mode
    * Update Chromium:
    * Bump V8_PATCH_LEVEL
    * Fix clang set-but-unused-variable warning
    * Fix mac toolchain python linker script call
    * Fix missing dependency for gpu sources
    * Fix python calls
    * Fix undefined symbol for universal link
    * Quick fix for regression in service workers by reverting
      backports
    * [Backport] CVE-2022-0797: Out of bounds memory access
      in Mojo
    * [Backport] CVE-2022-1125
    * [Backport] CVE-2022-1138: Inappropriate implementation
      in Web Cursor.
    * [Backport] CVE-2022-1305: Use after free in storage
    * [Backport] CVE-2022-1310: Use after free in regular
      expressions
    * [Backport] CVE-2022-1314: Type Confusion in V8
    * [Backport] CVE-2022-1493: Use after free in Dev Tools
    * [Backport] On arm64 hosts, set host_cpu to 'arm64', not 'arm'
    * [Backport] Security Bug 1296876
    * [Backport] Security bug 1269999
    * [Backport] Security bug 1280852
    * [Backport] Security bug 1292905
    * [Backport] Security bug 1304659
    * [Backport] Security bug 1306507
* Mon May 02 2022 Martin Liška <mliska@suse.cz>
  - Remove dependency on binutils-gold as the package will be removed
    in the future. Gold linker is unmaintained by the upstream project.
* Wed Apr 27 2022 Christophe Giboudeaux <christophe@krop.fr>
  - Add libqt5-qtwebengine-rpmlintrc to silence the
    'shlib-policy-name-error' rpmlint error
* Wed Apr 06 2022 christophe@krop.fr
  - Update to version 5.15.9:
    * QPdfView: scale page rendering according to devicePixelRatio
    * Update documented Chromium version
    * Use IsSameDocument() rather than IsLoadingToDifferentDocument()
    * Update module-split for installer
    * Fix printing PDF files
    * Do not override signal handlers
    * Avoid using xkbcommon in non-X11 builds
    * Update documentation
    * Update Chromium:
    * Bump V8_PATCH_LEVEL
    * Do not overwrite signal handlers in the browser process.
    * Replace base::ranges::set_union with std::set_union to fix
      MSVC2017 build
    * [Backport] CVE-2022-0100: Heap buffer overflow in Media
      streams API
    * [Backport] CVE-2022-0102: Type Confusion in V8
    * [Backport] CVE-2022-0103: Use after free in SwiftShader
    * [Backport] CVE-2022-0104: Heap buffer overflow in ANGLE
    * [Backport] CVE-2022-0108: Inappropriate implementation
      in Navigation
    * [Backport] CVE-2022-0109: Inappropriate implementation
      in Autofill
    * [Backport] CVE-2022-0111 and CVE-2022-0117
    * [Backport] CVE-2022-0113: Inappropriate implementatio
      n in Blink
    * [Backport] CVE-2022-0116: Inappropriate implementation
      in Compositing
    * [Backport] CVE-2022-0289: Use after free in Safe browsing
    * [Backport] CVE-2022-0291: Inappropriate implementation
      in Storage
    * [Backport] CVE-2022-0293: Use after free in Web packaging
    * [Backport] CVE-2022-0298: Use after free in Scheduling
    * [Backport] CVE-2022-0305: Inappropriate implementation in
      Service Worker API
    * [Backport] CVE-2022-0306: Heap buffer overflow in PDFium
    * [Backport] CVE-2022-0310 and CVE-0311: Heap buffer overflow
      in Task Manager
    * [Backport] CVE-2022-0456: Use after free in Web Search
    * [Backport] CVE-2022-0459: Use after free in Screen Capture
    * [Backport] CVE-2022-0460: Use after free in Window Dialog
    * [Backport] CVE-2022-0461: Policy bypass in COOP
    * [Backport] CVE-2022-0606: Use after free in ANGLE
    * [Backport] CVE-2022-0607: Use after free in GPU
    * [Backport] CVE-2022-0608: Integer overflow in Mojo
    * [Backport] CVE-2022-0609: Use after free in Animation
    * [Backport] CVE-2022-0610: Inappropriate implementation
      in Gamepad API
    * [Backport] CVE-2022-0971 (boo#1197163)
    * [Backport] CVE-2022-1096 (boo#1197552)
    * [Backport] CVE-2022-23852
    * [Backport] Copy 'name_' member during StyleRuleProperty::Copy
    * [Backport] Security bug 1256885
    * [Backport] Security bug 1258603
    * [Backport] Security bug 1259557
    * [Backport] Security bug 1261415
    * [Backport] Security bug 1265570
    * [Backport] Security bug 1268448
    * [Backport] Security bug 1270014
    * [Backport] Security bug 1274113
    * [Backport] Security bug 1276331
    * [Backport] Security bug 1280743
    * [Backport] Security bug 1289394
    * [Backport] Security bug 1292537
    * [Backport] sandbox: build if glibc 2.34+ dynamic stack size
      is enabled
  - Drop patches, now upstream:
    * CVE-2022-0971-qtwebengine-5.15.patch
    * CVE-2022-1096-qtwebengine-5.15.patch
* Mon Apr 04 2022 Christophe Giboudeaux <christophe@krop.fr>
  - Add security fixes:
    * CVE-2022-0971-qtwebengine-5.15.patch (CVE-2022-0971, boo#1197163)
    * CVE-2022-1096-qtwebengine-5.15.patch (CVE-2022-1096, boo#1197552)
* Fri Mar 25 2022 Fabian Vogt <fvogt@suse.com>
  - Add patch to fix build with GCC 12:
    * 0001-skia-Some-includes-to-fix-build-with-GCC-12.patch
* Tue Jan 04 2022 christophe@krop.fr
  - Update to version 5.15.8:
    * Update Chromium:
      [Backport] CVE-2021-3517: libxml2: Heap-based buffer overflow
      in xmlEncodeEntitiesInternal() in entities.c
      [Backport] CVE-2021-3541 libxml2: Exponential entity expansion
      attack bypasses all existing protection mechanisms
      [Backport] CVE-2021-37984 : Heap buffer overflow in PDFium
      [Backport] CVE-2021-37987 : Use after free in Network APIs
      [Backport] CVE-2021-37989 : Inappropriate implementation in Blink
      [Backport] CVE-2021-37992 : Out of bounds read in WebAudio
      [Backport] CVE-2021-37993 : Use after free in PDF Accessibility
      [Backport] CVE-2021-37996 : Insufficient validation of untrusted
      input in Downloads
      [Backport] CVE-2021-38001 : Type Confusion in V8
      [Backport] CVE-2021-38003 : Inappropriate implementation in V8
      [Backport] CVE-2021-38005: Use after free in loader (1/3)
      [Backport] CVE-2021-38005: Use after free in loader (2/3)
      [Backport] CVE-2021-38005: Use after free in loader (3/3)
      [Backport] CVE-2021-38007: Type Confusion in V8
      [Backport] CVE-2021-38009: Inappropriate implementation in cache
      [Backport] CVE-2021-38010: Inappropriate implementation in serviceworkers
      [Backport] CVE-2021-38012: Type Confusion in V8
      [Backport] CVE-2021-38015: Inappropriate implementation in input
      [Backport] CVE-2021-38017: Insufficient policy enforcement in iframe
      sandbox
      [Backport] CVE-2021-38018: Inappropriate implementation in navigation
      [Backport] CVE-2021-38019: Insufficient policy enforcement in CORS
      [Backport] CVE-2021-38021: Inappropriate implementation in referrer
      [Backport] CVE-2021-38022: Inappropriate implementation in WebAuthentication
      [Backport] CVE-2021-4057: Use after free in file API
      [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (1/2)
      [Backport] CVE-2021-4058: Heap buffer overflow in ANGLE (2/2)
      [Backport] CVE-2021-4059: Insufficient data validation in loader
      [Backport] CVE-2021-4062: Heap buffer overflow in BFCache
      [Backport] CVE-2021-4078: Type confusion in V8
      [Backport] CVE-2021-4079: Out of bounds write in WebRTC
      [Backport] CVE-2021-4098: Insufficient data validation in Mojo
      [Backport] CVE-2021-4099: Use after free in Swiftshader
      [Backport] CVE-2021-4101: Heap buffer overflow in Swiftshader.
      [Backport] CVE-2021-4102: Use after free in V8
      [Backport] Dependency for CVE-2021-37989
      [Backport] Dependency for CVE-2021-38009
      [Backport] Security bug 1245870
      [Backport] Security bug 1252858
      [Backport] Security bug 1259899
      Bump V8_PATCH_LEVEL
      Compile with GCC 11 -std=c++20
      Fix stack overflow on gpu channel recreate with an error
      Use wglSetPixelFormat directly only if in software mode
      [Backport] Handle long SIGSTKSZ in glibc > 2.33
      [Backport] abseil-cpp: Fixes build with latest glibc
    * Handle qtpdf compilation with static runtime
    * Add bitcode support for qtpdf on ios
    * Do not access accessibility from qt post routines
    * Blacklist javascriptClipboard test on ubuntu 20.04
    * Re-enable network-service-in-process
    * Bump version from 5.15.7 to 5.15.8
    * Update patch level
    * Fix pinch gesture
    * Fix leak of properties after XkbRF_GetNamesProp
    * Fix leak on getDefaultScreeenId
  - Drop patch:
    * 0001-Fix-build-with-glibc-2.34.patch
* Fri Oct 29 2021 christophe@krop.fr
  - Update to version 5.15.7:
    * Update Chromium:
      [Backport] Linux sandbox: update syscalls numbers on 32-bit platforms
      [Backport] sandbox: linux: allow clock_nanosleep & gettime64
      [Backport] Linux sandbox: update syscall numbers for all platforms.
      [Backport] Ease HarfBuzz API change with feature detection
      [Backport] Security bug 1248665
      [Backport] CVE-2021-37975 : Use after free in V8
      [Backport] CVE-2021-37980 : Inappropriate implementation in Sandbox
      [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (2/2)
      [Backport] CVE-2021-37979 : Heap buffer overflow in WebRTC (1/2)
      [Backport] CVE-2021-37978 : Heap buffer overflow in Blink
      [Backport] CVE-2021-30616: Use after free in Media.
      [Backport] CVE-2021-37962 : Use after free in Performance Manager (2/2)
      [Backport] CVE-2021-37962 : Use after free in Performance Manager (1/2)
      [Backport] CVE-2021-37973 : Use after free in Portals
      [Backport] CVE-2021-37971 : Incorrect security UI in Web Browser UI.
      [Backport] CVE-2021-37968 : Inappropriate implementation in Background Fetch API
      [Backport] CVE-2021-37967 : Inappropriate implementation in Background Fetch API
      [Backport] Linux sandbox: return ENOSYS for clone3
      [Backport] Linux sandbox: fix fstatat() crash
      [Backport] Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
      [Backport] Security bug 1238178 (2/2)
      [Backport] Security bug 1238178 (1/2)
      [Backport] CVE-2021-30633: Use after free in Indexed DB API (2/2)
      [Backport] CVE-2021-30633: Use after free in Indexed DB API (1/2)
      [Backport] CVE-2021-30630: Inappropriate implementation in Blink
      [Backport] CVE-2021-30629: Use after free in Permissions
      [Backport] CVE-2021-30628: Stack buffer overflow in ANGLE
      [Backport] CVE-2021-30627: Type Confusion in Blink layout
      [Backport] CVE-2021-30626: Out of bounds memory access in ANGLE
      [Backport] CVE-2021-30625: Use after free in Selection API
      [Backport] Security bug 1206289
      [Backport] CVE-2021-30613: Use after free in Base internals
      [Backport] Security bug 1227228
      [Backport] CVE-2021-30618: Inappropriate implementation in DevTools
    * Update patch level
    * Blacklist certificate test until certicates have been renewed
    * Block CORS from local URLs when remote access is not enabled
    * Do not wait on weak_pointer for termination errors
    * Support MSVC_VER 16.8
    * Fix wrong save file filter for Markdown Editor example
    * Add Chromium version source documentation
    * Bump version from 5.15.6 to 5.15.7
    * Fix crash when clicking on a link in PDF
  - Drop openSUSE patches:
    * fix1163766.patch. Should be addressed with:
      https://github.com/qt/qtwebengine-chromium/commit/652f834de
      https://github.com/qt/qtwebengine-chromium/commit/faae106ed
      https://github.com/qt/qtwebengine-chromium/commit/6b7b3f1bf
    * chromium-glibc-2.33.patch. Should be addressed with the
      [Backport] Linux sandbox: fix fstatat() crash and
      Reland "Reland "Linux sandbox syscall broker: use struct kernel_stat""
      changes.
    * chromium-older-harfbuzz.patch
  - Drop upstream changes:
    * 0001-return-ENOSYS-for-clone3.patch
    * chromium-harfbuzz-3.0.0.patch
    * skia-harfbuzz-3.0.0.patch
  - Rebase patches:
    * sandbox-statx-futex_time64.patch
* Tue Sep 21 2021 Fabian Vogt <fvogt@suse.com>
  - Add patches from Arch to fix build with HarfBuzz 3.0.0:
    * chromium-harfbuzz-3.0.0.patch
    * skia-harfbuzz-3.0.0.patch
  - ... but don't break with < 2.9.0:
    * chromium-older-harfbuzz.patch
* Thu Sep 09 2021 christophe@krop.fr
  - Update to version 5.15.6:
    * Update Chromium:
      + [Backport] CVE-2021-30560: Use after free in Blink XSLT
      + [Backport] CVE-2021-30566: Stack buffer overflow in Printing
      + [Backport] CVE-2021-30585: Use after free in sensor handling
      + Bump V8_PATCH_LEVEL
      + [Backport] Security bug 1228036
      + [Backport] CVE-2021-30604: Use after free in ANGLE
      + [Backport] CVE-2021-30603: Race in WebAudio
      + [Backport] CVE-2021-30602: Use after free in WebRTC
      + [Backport] CVE-2021-30599: Type Confusion in V8
      + [Backport] CVE-2021-30598: Type Confusion in V8
      + [Backport] Security bug 1227933
      + [Backport] Security bug 1205059
      + [Backport] Security bug 1184294
      + [Backport] Security bug 1198385
      + [Backport] CVE-2021-30588: Type Confusion in V8
      + [Backport] CVE-2021-30587: Inappropriate implementation in Compositing on Windows
      + [Backport] CVE-2021-30573: Use after free in GPU
      + [Backport] CVE-2021-30569, security bugs 1198216 and 1204814
      + [Backport] CVE-2021-30568: Heap buffer overflow in WebGL
      + [Backport] CVE-2021-30541: Use after free in V8
      + [Backport] Security bugs 1197786 and 1194330
      + [Backport] Security bug 1194689
      + [Backport] CVE-2021-30563: Type Confusion in V8
      + [Backport] Security bug 1211215
      + [Backport] Security bug 1209558
      + [Backport] CVE-2021-30553: Use after free in Network service
      + [Backport] CVE-2021-30548: Use after free in Loader
      + [Backport] CVE-2021-30547: Out of bounds write in ANGLE
      + [Backport] CVE-2021-30556: Use after free in WebAudio
      + [Backport] CVE-2021-30559: Out of bounds write in ANGLE
      + [Backport] CVE-2021-30533: Insufficient policy enforcement in PopupBlocker
      + [Backport] Security bug 1202534
      + [Backport] CVE-2021-30536: Out of bounds read in V8
      + [Backport] CVE-2021-30522: Use after free in WebAudio
      + [Backport] CVE-2021-30554 Use after free in WebGL
      + [Backport] CVE-2021-30551: Type Confusion in V8
      + [Backport] CVE-2021-30544: Use after free in BFCache
      + [Backport] CVE-2021-30535: Double free in ICU
      + [Backport] CVE-2021-30534: Insufficient policy enforcement in iFrameSandbox
      + [Backport] CVE-2021-30530: Out of bounds memory access in WebAudio
      + [Backport] CVE-2021-30523: Use after free in WebRTC
      + Generate mojo bindings before compiling extension API registration
    * Bump version from 5.15.5 to 5.15.6
    * Always send phased wheel events beginning with Began
  - Import patch from the chromium package:
    * 0001-return-ENOSYS-for-clone3.patch
  - Add changes from the chromium package to
    0001-Fix-build-with-glibc-2.34.patch
* Wed Aug 04 2021 Christophe Giboudeaux <christophe@krop.fr>
  - Add patch to fix build with glibc 2.34 (boo#1189095)
    * 0001-Fix-build-with-glibc-2.34.patch
* Thu Jun 24 2021 Christophe Giboudeaux <christophe@krop.fr>
  - Update the CMake version workaround to get qtbase's real version
* Tue Jun 22 2021 christophe@krop.fr
  - Update to version 5.15.5:
    * Abort findText also right on explicit navigation request
    * Adapt to new Connections syntax
    * Add devtools eyedropper support
    * Add more tests to tst_loadsignals
    * Add support for Keyboard.getLayoutMap()
    * Add web-ui chrome://net-internals
    * Allow leaving OCSP off
    * Always send phased wheel events beginning with Began
    * Avoid accessing profileAdapter when profile is shutting down
    * Avoid unknownFunc messages in qmltests
    * Blacklist CertificateError::test_error for macOS
    * Blacklist NewViewRequest::test_loadNewViewRequest on macOS
    * Blacklist handleError on macos until we merge the fix
    * Blacklist numberOfStartedAndFinishedSignalsIsSame on b2q CIs
    * Depend on QCoreApplication::startingUp() for checking
      existence of app
    * Do not allow WebBluetooth to continue
    * Do not hide virtual keyboard if the focused node is editable
    * Doc: Add a note about navigation within a page to a fragment
    * Docs: Suggest to use higher DPI for printing
    * Fix FilePickerController's path validation for windows and
      corresponding tests
    * Fix application locales again
    * Fix embedded PDFs when plugins are disabled
    * Fix first party url for cookie filter
    * Fix inconsistent number of load signals and their order
    * Fix normalization of app locales
    * Fix not working certificates on mac > 10.14
    * Fix prl files on ios
    * Fix qmltests::WebEngineViewNavigationHistory auto tests
    * Fix qtpdf static builds on windows
    * Fix static build of qml qtpdf
    * Follow InProcessGpuThread::Init() on thread priority
    * Generate mojo bindings before compiling extension API
      registration
    * Implement PluginServiceFilterQt
    * Load signals test: use focusProxy for link clicking test
    * Make able to override disabled features from command line
    * Notify canGoBack/canGoForward changes based on web actions
    * Only disconnect QWebEnginePage signals that QWebEngineView
      connected
    * Package devtools inspector overlay
    * Remove ResourceTypeSubFrame check after website update
    * Remove obsolete loadSignals test
      secondLoadForError_WhenErrorPageEnabled
    * Remove qquickwebengineprofile test
    * Remove tracking of frame which load error page
    * Remove ui/snapshot overrides for aura
    * Report server directs in navigation type
    * Return to using the default devtools page
    * Set enumaration root directory for File.webkitRelativePath API
    * Set more Display properties
    * Show PDF viewer in a guest view
    * Support devtools close button in QuickNanoBrowser
    * Support zoom-in, zoom-out and cell web cursors on macOS
    * Unblacklist and fix load signals test for file download
    * Update Chromium and adapt PermissionManagerQt
    * Update platform notes
    * View: test signal for deletion of external page set to view
  - Drop patches:
    * 0001-Fix-normalization-of-app-locales.patch
    * 0001-Fix-build-with-GCC-11.patch
    * 0001-Fix-build-with-system-ICU-69.patch
* Thu May 06 2021 Fabian Vogt <fvogt@suse.com>
  - Add patch to fix build with ICU 69:
    * 0001-Fix-build-with-system-ICU-69.patch
* Wed Apr 14 2021 Christophe Giboudeaux <christophe@krop.fr>
  - Add patch to fix build with GCC 11:
    * 0001-Fix-build-with-GCC-11.patch
* Wed Apr 14 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Update _constraints to avoid OOM
* Tue Apr 13 2021 Fabian Vogt <fabian@ritter-vogt.de>
  - Add back missing part in fix1163766.patch (boo#1184610)
* Wed Mar 24 2021 christophe@krop.fr
  - Update to version 5.15.3:
    * Fix spelling and coding style
    * Fix new view request handling (QTBUG-87378)
    * Fix getDefaultScreenId on X11
    * Fix flaky tst_QWebEngineView::textSelectionOutOfInputField test
    * Move touch input tests to separate testcase
    * Add touch input tests for scrolling and pinch zooming
    * Fix rare duplicate ids forming in touch point id's mapping
    * Use the module's version number for QtWebEngineProcess
    * Touch handling: provide id mapping without modifying TouchPoint instance
      (QTBUG-88001)
    * Touch handling: fix mapped ids cleanup for TouchCancel event
    * et custom headers from QWebEngineUrlRequestInfo before triggering redirect
      (QTBUG-88861)
    * Forward modifier flags for lock keys (QTBUG-89001)
    * Fix handling of more than one finger for touch event (QTBUG-86389)
    * Stabilize load signals emitting (QTBUG-65223, QTBUG-87089)
    * Fix building against 5.12 on most CIs
    * Update minimum HarfBuzz version to 2.4.0 (QTBUG-88976)
    * Fix building against Qt 5.14
    * Migrate user script IPC to mojo
    * Fix crashes in user resource controller when single process
    * Minor. Fix namespace for user resource controller
    * Minor. RenderThreadObserverQt is really a RenderConfiguration
    * Remove RenderViewObserverHelper from UserResourceController
    * Cache mojo interface bindings to UserResourceControllerRenderFrame
    * Cache mojo interface bindings for WebChannelIPCTransport
    * Migrate render_view_observer_qt to mojo
    * Fix crash on linkedin.com (QTBUG-89740)
    * Suppress error pages also for http errors if they are disabled
    * Fix leak in QQuickWebEngineViewPrivate::contextMenuRequested
    * Register PerformanceNode early enough
    * Quiet log on webrtc usage
    * Remove configure option that doesn't work
    * Remove Java build dependency
    * Fix blank popups in qml (QTBUG-86034)
    * Fix position of popup on qml (QTBUG-86034, QTBUG-89358)
    * Enable hangout services extension (QTBUG-85731)
    * Allow to fallback to default locale for non existent data packs (QTBUG-90490)
    * Support devtools close button
    * Do not extract download file names from certain url schemes (QTBUG-90355)
    * Leave room for the null-termination byte when checking remote drive path
      (QTBUG-90347)
    * Do not set open files limit for linking if not necessary
    * Remove even more remains of non network service code
    * Add back prefers-color-scheme support (QTBUG-89753)
    * Start supporting chrome.resourcesPrivate API (QTBUG-90035)
    * Enable chrome://user-actions WebUI
    * Remove remains of chrome://flash
    * Fix loadFinished signal if page has content but server sends HTTP error
      (QTBUG-90517)
    * Fix devtools page resource loading as raw data instead of html string
    * Remove frame metadata observer (RenderWidgetHostViewQt) on destroy
    * Resolve installed interceptors right before interception point (QTBUG-86286)
    * Update searches faster
    * Remove more leftovers of the old compositor
    * Enable webrtc logging and the corresponding WebUI
    * Support mips64el platform CPU(loongson 3A4000)
    * Add tracing UI resources
    * Fix crash on meet.google.com
    * Fix mad popup qquickwindows on wayland
    * Fix crashes on BrowserContext destruction
    * Fix crash on exit in quicknanobrowser when popup
    * Remove QtPdf dependency on nss at build-time
    * Avoid accessing profileAdapter when profile is shutting down (QTBUG-91187)
    * Do not flush messages form profile destructor
    * Ignore QQuickWebEngineNewViewRequest if it is unhandled
    * Fix ScopedGLContextChecker with QTWEBENGINE_DISABLE_GPU_THREAD=1
    * Don't send duplicate load progress values
    * Fix neon support in libpng
    * Do not call deprecated profile interceptor on ui thread (QTBUG-86267)
    * Add certificate error message for ERR_SSL_OBSOLETE_VERSION
    * Fix assert in WebContentsAdapter::devToolsFrontendDestroyed
    * Avoid to reject a certificate error twice in Quick
    * Fix PDF viewer plugin
    * FIXUP: Fix swap condition in DisplayGLOutputSurface::updatePaintNode
      (QTBUG-86599)
    * Fix favicon engine under device pixel scaling
    * Do not pass a native keycode matching the menu key when it is remapped
      (QTBUG-86672)
    * Optimize WebEngineSettings::testAttribute
    * Warn about QtWebengineProcess launching from network share (QTBUG-84632)
    * Handle non-ascii names for pulseaudio (QTBUG-85363)
    * Do not set audio device for desktop capture if audio loopback is unsupported
    * Fix new view request handling (QTBUG-87378)
    * Fix getDefaultScreenId on X11
    * Touch handling: provide id mapping without modifying TouchPoint instance
      (QTBUG-88001)
    * Set custom headers from QWebEngineUrlRequestInfo before triggering redirect
      (QTBUG-88861)
    * Stabilize load signals emitting (QTBUG-65223)
  - CVE fixes backported in chromium updates:
    * CVE-2020-16044: Use after free in WebRTC
    * CVE-2021-21118: Heap buffer overflow in Blink
    * CVE-2021-21119: Use after free in Media
    * CVE-2021-21120: Use after free in WebSQL
    * CVE-2021-21121: Use after free in Omnibox
    * CVE-2021-21122: Use after free in Blink
    * CVE-2021-21123: Insufficient data validation in File System API
    * CVE-2021-21125: Insufficient policy enforcement in File System API
    * CVE-2021-21126: Insufficient policy enforcement in extensions
    * CVE-2021-21127: Insufficient policy enforcement in extensions
    * CVE-2021-21128: Heap buffer overflow in Blink
    * CVE-2021-21129: Insufficient policy enforcement in File System API
    * CVE-2021-21130: Insufficient policy enforcement in File System API
    * CVE-2021-21131: Insufficient policy enforcement in File System API
    * CVE-2021-21132: Inappropriate implementation in DevTools
    * CVE-2021-21135: Inappropriate implementation in Performance API
    * CVE-2021-21137: Inappropriate implementation in DevTools
    * CVE-2021-21140: Uninitialized Use in USB
    * CVE-2021-21141: Insufficient policy enforcement in File System API
    * CVE-2021-21145: Use after free in Fonts
    * CVE-2021-21146: Use after free in Navigation
    * CVE-2021-21147: Inappropriate implementation in Skia
    * CVE-2021-21148: Heap buffer overflow in V8
    * CVE-2021-21149: Stack overflow in Data Transfer
    * CVE-2021-21150: Use after free in Downloads
    * CVE-2021-21152: Heap buffer overflow in Media
    * CVE-2021-21153: Stack overflow in GPU Process
    * CVE-2021-21156: Heap buffer overflow in V8
    * CVE-2021-21157: Use after free in Web Sockets
  - Drop obsolete patches:
    * icu-68.patch
    * icu-68-2.patch
  - Rebase patches:
    * fix1163766.patch
    * sandbox-statx-futex_time64.patch
    * rtc-dont-use-h264.patch
    * chromium-glibc-2.33.patch
  - Add patch to fix crash with certain locales:
    * 0001-Fix-normalization-of-app-locales.patch
  - Clean the spec file a bit
* Wed Mar 10 2021 Fabian Vogt <fabian@ritter-vogt.de>
  - Can't use system_vpx on Leap 15.3
* Wed Feb 17 2021 Fabian Vogt <fabian@ritter-vogt.de>
  - Add patch to fix sandbox with glibc 2.33 on 32bit:
    * sandbox-statx-futex_time64.patch
* Tue Feb 16 2021 Guillaume GARDET <guillaume.gardet@opensuse.org>
  - Relax constraints for armv6 and armv7
* Mon Feb 15 2021 Fabian Vogt <fabian@ritter-vogt.de>
  - Add patch to fix sandbox with glibc 2.33 (boo#1182233):
    * chromium-glibc-2.33.patch
* Fri Jan 29 2021 Fabian Vogt <fabian@ritter-vogt.de>
  - Bump _constraints and %limit_build, hopefully avoid occasional
    OOM and make the build quicker
  - Drop obsolete conditions
* Fri Jan 08 2021 Fabian Vogt <fabian@ritter-vogt.de>
  - Drop baselibs.conf, not needed after libksysguard5 got adjusted

Files

/usr/lib/libQt5Pdf.so.5
/usr/lib/libQt5Pdf.so.5.15
/usr/lib/libQt5Pdf.so.5.15.17
/usr/lib/qt5/plugins/imageformats/libqpdf.so
/usr/share/licenses/libQt5Pdf5
/usr/share/licenses/libQt5Pdf5/LICENSE.Chromium
/usr/share/licenses/libQt5Pdf5/LICENSE.FDL
/usr/share/licenses/libQt5Pdf5/LICENSE.GPL2
/usr/share/licenses/libQt5Pdf5/LICENSE.GPL3
/usr/share/licenses/libQt5Pdf5/LICENSE.GPL3-EXCEPT
/usr/share/licenses/libQt5Pdf5/LICENSE.GPLv3
/usr/share/licenses/libQt5Pdf5/LICENSE.LGPL3
/usr/share/licenses/libQt5Pdf5/LICENSE.LGPLv3


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 16 01:07:39 2024