Fedora 32: 2021-bdaf015218 Critical: QtWebEngine Security Fix

Qt5 - QtWebEngine components.

This update rebases QtWebEngine to the latest Qt 5 release, 5.15.2, fixing

dozens of security issues. (The same version is already shipped on Fedora 33 and

Rawhide.) The included kf5-messagelib update backports a fix for compatibility

with QtWebEngine 5.15.x. The Chromium version has been updated to

83.0.4103.122, with backported security fixes from Chromium up to version

86.0.4240.183. That fixes dozens of security issues compared to 5.14.2. This

version also adds the Qt PDF module, a Qt wrapper around PDFium. This is a

separate library and cannot cause backwards compatibility issues. In addition,

several bugs have been fixed, see the Changes files: *

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.15.0?h=5.15 *

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.15.1?h=5.15 *

https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.15.2?h=5.15

Behavior Changes since 5.14.2: * XSS Auditing has been removed, and the

XSSAuditingEnabled setting no longer has any effect. * [QTBUG-79864] The viz

display compositor is now used by default on all platforms, but can be disabled

with --disable-viz-display-compositor. * The network layer integration has been

rewritten to use Chromium's network service, and now runs in a separate

sandboxed process by default. * [QTBUG-83656] CTRL+mouse wheel page zoom fixed,

and now works by default.

* Sat Jan 23 2021 Kevin Kofler - 5.15.2-7

- Fix sandbox issue on 32-bit architectures with glibc >= 2.31 (from Debian)

* Sat Jan 23 2021 Kevin Kofler - 5.15.2-6

- Reenable system ICU on F33+, ICU 67 supported since 5.15.1 according to Debian

* Wed Jan 20 2021 Kevin Kofler - 5.15.2-5

- Fix sandbox issue breaking text rendering with glibc 2.33 (#1904652)

* Wed Dec 30 2020 Mattia Verga - 5.15.2-4

- Rebuild for gcc bugfix upgrade

* Fri Dec 4 2020 Jeff Law - 5.15.2-3

- Fix another missing #include for gcc-11

* Tue Nov 24 2020 Jan Grulich - 5.15.2-2

- Rebuild for qtbase with -no-reduce-relocations option

* Fri Nov 20 2020 Jan Grulich - 5.15.2-1

- 5.15.2

* Wed Nov 4 2020 Jeff Law - 5.15.1-3

- Fix missing #includes for gcc-11

* Wed Sep 23 2020 Jan Grulich - 5.15.1-2

- Rebuild (libevent)

* Fri Sep 11 2020 Jan Grulich - 5.15.1-1

- 5.15.1

* Fri Sep 4 2020 Than Ngo - 5.15.0-4

- Fix FTBFS

* Sat Aug 1 2020 Fedora Release Engineering - 5.15.0-3

- Second attempt - Rebuilt for

https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Wed Jul 29 2020 Fedora Release Engineering - 5.15.0-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Wed Jun 10 2020 Rex Dieter - 5.15.0-1

- 5.15.0

- f33's icu-67.x currently not compatible, use bundled icu

su -c 'dnf upgrade --advisory FEDORA-2021-bdaf015218' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/