Fedora 26: 2017-c5b2c9a435 Critical QtWebEngine Security Issue

Qt5 - QtWebEngine components.

This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part

of the Qt 5.8.0 release, but only the QtWebEngine component is included in this

update. The update fixes the following security issues in QtWebEngine 5.7.1:

CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201,

CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208,

CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213,

CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218,

CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224,

CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651. Other immediately usable

changes in QtWebEngine 5.8 include: * Based on Chromium 53.0.2785.148 with

security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on

Chromium 49.0.2623.111 with security fixes from Chromium up to version

54.0.2840.87.) * The `view-source:` scheme is now supported. * User scripts now

support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey. * Some

`chrome:` schemes now supported, for instance `chrome://gpu`. * Several bugs

were fixed, see

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details.

The following changes in QtWebEngine 5.8 require compile-time application

support and will only be available after applications are rebuilt (and patched

to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only

QtWebEngine is being updated): * Spellchecking with a forked version of

Hunspell. This Fedora package automatically converts system Hunspell

dictionaries (installed by system RPMs into the systemwide location) to the

Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you

wish to use dictionaries installed manually, use the included

`qwebengine_convert_dict` tool. Alternatively, you can also download

dictionaries directly in the Chromium `bdic` format. * Support for printing

directly to a printer. (Note that QupZilla already supports printing to a

printer, because it can use the printToPdf API that has existed since

QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line

tool. But other applications such as KMail require the new direct printing API.)

* Added a setting to enable printing of CSS backgrounds. The following new QML

APIs are available to developers: * Tooltips (HTML5 global title attribute) are

now also supported in the QML API. * Qt WebEngine (QML) allows defining custom

dialogs / context menus. * Qt WebEngine (QML) on `eglfs` uses builtin dialogs

based on Qt Quick Controls 2.

su -c 'dnf upgrade qt5-qtwebengine' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org