While having a dumb conversation in #gentoo-chat I noticed upstream has updated to include a bunch of patched CVE's. Sam asked me to file this. Trees below: https://code.qt.io/cgit/qt/qtwebengine.git/log/?h=5.15 https://code.qt.io/cgit/qt/qtwebengine-chromium.git/log/?h=87-based Reproducible: Always Steps to Reproduce: 1. Go on #gentoo-cafe 2. Have a dumb conversation 3. Get handed some work. Actual Results: I'm filing a bug now Expected Results: Package will get bumped. Today is national coffee day.
We could have such a bug about dev-qt/qtwebengine open permanently.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b3ab484a8786b3c9be656759cd7118e95ca52b76 commit b3ab484a8786b3c9be656759cd7118e95ca52b76 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-10-20 13:07:48 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-10-20 16:43:27 +0000 dev-qt/qtwebengine: 5.15.2_p20211019 snapshot bump for testing Snapshotted at: Branch: 5.15 Commit: 03b3df668088d0750af6a59410ee4d0d00ba88ae Submodule qtwebengine-chromium.git: Branch: 87-based Commit: 8c0a9b4459f5200a24ab9e687a3fb32e975382e5 Fixes build on arm64. Bug: https://bugs.gentoo.org/815397 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtwebengine/Manifest | 1 + .../qtwebengine-5.15.2_p20211019.ebuild | 227 +++++++++++++++++++++ 2 files changed, 228 insertions(+)
New version has patchlevel 94.0.4606.61 effectively. @sam, feel free to file a stabilisation bug whenever you think it is ready.
(In reply to Andreas Sturmlechner from comment #3) > New version has patchlevel 94.0.4606.61 effectively. > > @sam, feel free to file a stabilisation bug whenever you think it is ready. Thanks. I'm happy other than bug 813957.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=476a64a83f7929a4d83fe02e0f10c39557440eea commit 476a64a83f7929a4d83fe02e0f10c39557440eea Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-11-14 19:40:43 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-11-14 19:53:01 +0000 dev-qt/qtwebengine: Cleanup vulnerable 5.15.2_p20210824-r1 Bug: https://bugs.gentoo.org/815397 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-qt/qtwebengine/Manifest | 2 - .../qtwebengine-5.15.2_p20210406-glibc-2.33.patch | 141 ------------ ...qtwebengine-5.15.2_p20210521-clang-libc++.patch | 10 - .../files/qtwebengine-5.15.2_p20210521-gcc11.patch | 74 ------- ...webengine-5.15.2_p20210824-harfbuzz-3.0.0.patch | 32 --- .../qtwebengine-5.15.2_p20210824-r1.ebuild | 237 --------------------- 6 files changed, 496 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5 commit 3212eacb7aa1bccb5bf765cd0a4fb91d206ad2c5 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-14 14:29:30 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-08-14 14:33:57 +0000 [ GLSA 202208-25 ] Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/773040 Bug: https://bugs.gentoo.org/787950 Bug: https://bugs.gentoo.org/800181 Bug: https://bugs.gentoo.org/810781 Bug: https://bugs.gentoo.org/815397 Bug: https://bugs.gentoo.org/828519 Bug: https://bugs.gentoo.org/829161 Bug: https://bugs.gentoo.org/834477 Bug: https://bugs.gentoo.org/835397 Bug: https://bugs.gentoo.org/835761 Bug: https://bugs.gentoo.org/836011 Bug: https://bugs.gentoo.org/836381 Bug: https://bugs.gentoo.org/836777 Bug: https://bugs.gentoo.org/836830 Bug: https://bugs.gentoo.org/837497 Bug: https://bugs.gentoo.org/838049 Bug: https://bugs.gentoo.org/838433 Bug: https://bugs.gentoo.org/838682 Bug: https://bugs.gentoo.org/841371 Bug: https://bugs.gentoo.org/843035 Bug: https://bugs.gentoo.org/843728 Bug: https://bugs.gentoo.org/847370 Bug: https://bugs.gentoo.org/847613 Bug: https://bugs.gentoo.org/848864 Bug: https://bugs.gentoo.org/851003 Bug: https://bugs.gentoo.org/851009 Bug: https://bugs.gentoo.org/853229 Bug: https://bugs.gentoo.org/853643 Bug: https://bugs.gentoo.org/854372 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Sam James <sam@gentoo.org> glsa-202208-25.xml | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 284 insertions(+)
GLSA done, all done.
