Version in base suite: 5.11.3+dfsg-2 Base version: qtwebengine-opensource-src_5.11.3+dfsg-2 Target version: qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/q/qtwebengine-opensource-src/qtwebengine-opensource-src_5.11.3+dfsg-2.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/q/qtwebengine-opensource-src/qtwebengine-opensource-src_5.11.3+dfsg-2+deb10u1.dsc changelog | 11 +++++ patches/getdict-overrides.patch | 80 +++++++++++++++++++++++++++++++++++++++ patches/no-exec-stack.patch | 47 ++++++++++++++++++++++ patches/restore-jstemplate.patch | 21 ++++++++++ patches/series | 3 + rules | 3 - 6 files changed, 163 insertions(+), 2 deletions(-) diff -Nru qtwebengine-opensource-src-5.11.3+dfsg/debian/changelog qtwebengine-opensource-src-5.11.3+dfsg/debian/changelog --- qtwebengine-opensource-src-5.11.3+dfsg/debian/changelog 2018-12-26 19:37:02.000000000 +0000 +++ qtwebengine-opensource-src-5.11.3+dfsg/debian/changelog 2019-12-30 21:06:07.000000000 +0000 @@ -1,3 +1,14 @@ +qtwebengine-opensource-src (5.11.3+dfsg-2+deb10u1) buster; urgency=medium + + * Fix PDF parsing by adding the missing non-const overrides for + CPDF_Dictionary::GetDict() and CPDF_Reference::GetDict(). This also + fixes QWebEnginePage::print() method (closes: #919504). + * Use ui/webui/resources/js/jstemplate_compiled.js provided by upstream + instead of an empty file (closes: #882805). + * Backport upstream patch to disable executable stack (closes: #887875). + + -- Dmitry Shachnev Tue, 31 Dec 2019 00:06:07 +0300 + qtwebengine-opensource-src (5.11.3+dfsg-2) unstable; urgency=medium [ Dmitry Shachnev ] diff -Nru qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/getdict-overrides.patch qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/getdict-overrides.patch --- qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/getdict-overrides.patch 1970-01-01 00:00:00.000000000 +0000 +++ qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/getdict-overrides.patch 2019-12-30 21:06:07.000000000 +0000 @@ -0,0 +1,80 @@ +Description: fix GetDict methods in CPDF_Object descendants + In commit [1], Qt WebEngine developers backported a change to cpdf_object.h + that splits GetDict() virtual method into two: const and non-const. + . + However, this change was not applied to CPDF_Dictionary and CPDF_Reference + that are descendant classes of CPDF_Object. So they were missing the non-const + override, and the method from base class CPDF_Object was used instead (which + always returns nullptr). + . + In upstream PDFium, all files were changed in [2], so the bug was specific to + Qt WebEngine 5.11 (Chromium 65-based) branch. + . + [1]: https://code.qt.io/cgit/qt/qtwebengine-chromium.git/commit/?id=bc188914f3ce1d2c + [2]: https://pdfium.googlesource.com/pdfium/+/7e28208d26764438 +Author: Dmitry Shachnev +Last-Update: 2019-11-29 + +--- a/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_dictionary.cpp ++++ b/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_dictionary.cpp +@@ -42,10 +42,12 @@ CPDF_Object::Type CPDF_Dictionary::GetTy + return DICTIONARY; + } + +-CPDF_Dictionary* CPDF_Dictionary::GetDict() const { +- // The method should be made non-const if we want to not be const. +- // See bug #234. +- return const_cast(this); ++CPDF_Dictionary* CPDF_Dictionary::GetDict() { ++ return this; ++} ++ ++const CPDF_Dictionary* CPDF_Dictionary::GetDict() const { ++ return this; + } + + bool CPDF_Dictionary::IsDictionary() const { +--- a/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_dictionary.h ++++ b/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_dictionary.h +@@ -33,7 +33,8 @@ class CPDF_Dictionary : public CPDF_Obje + // CPDF_Object: + Type GetType() const override; + std::unique_ptr Clone() const override; +- CPDF_Dictionary* GetDict() const override; ++ CPDF_Dictionary* GetDict() override; ++ const CPDF_Dictionary* GetDict() const override; + bool IsDictionary() const override; + CPDF_Dictionary* AsDictionary() override; + const CPDF_Dictionary* AsDictionary() const override; +--- a/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_reference.cpp ++++ b/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_reference.cpp +@@ -35,11 +35,16 @@ int CPDF_Reference::GetInteger() const { + return obj ? obj->GetInteger() : 0; + } + +-CPDF_Dictionary* CPDF_Reference::GetDict() const { ++CPDF_Dictionary* CPDF_Reference::GetDict() { + CPDF_Object* obj = SafeGetDirect(); + return obj ? obj->GetDict() : nullptr; + } + ++const CPDF_Dictionary* CPDF_Reference::GetDict() const { ++ const CPDF_Object* obj = SafeGetDirect(); ++ return obj ? obj->GetDict() : nullptr; ++} ++ + bool CPDF_Reference::IsReference() const { + return true; + } +--- a/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_reference.h ++++ b/src/3rdparty/chromium/third_party/pdfium/core/fpdfapi/parser/cpdf_reference.h +@@ -27,7 +27,8 @@ class CPDF_Reference : public CPDF_Objec + ByteString GetString() const override; + float GetNumber() const override; + int GetInteger() const override; +- CPDF_Dictionary* GetDict() const override; ++ CPDF_Dictionary* GetDict() override; ++ const CPDF_Dictionary* GetDict() const override; + bool IsReference() const override; + CPDF_Reference* AsReference() override; + const CPDF_Reference* AsReference() const override; diff -Nru qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/no-exec-stack.patch qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/no-exec-stack.patch --- qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/no-exec-stack.patch 1970-01-01 00:00:00.000000000 +0000 +++ qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/no-exec-stack.patch 2019-12-30 21:06:07.000000000 +0000 @@ -0,0 +1,47 @@ +Description: don't allow QtWebEngineCore to request executable stack + The Chromium sources contain assembly code that causes the library to + default to executable stack (the linker requires that *all* .o files + have a .note.GNU-stack section in order to default to non-executable). + So add the -z noexecstack linker flag to change the setting. + . + The other libraries are not affected. +Origin: upstream, https://code.qt.io/cgit/qt/qtwebengine.git/commit/?id=597359a16a798df3 +Last-Update: 2019-12-03 + +--- a/configure.json ++++ b/configure.json +@@ -320,6 +320,11 @@ + "webengine-win-compiler64": { + "label": "64bit compiler", + "type": "isWindowsHostCompiler64" ++ }, ++ "webengine-noexecstack": { ++ "label": "linker supports -z noexecstack", ++ "type": "linkerSupportsFlag", ++ "flag": "-z,noexecstack" + } + }, + +@@ -632,6 +637,11 @@ + "condition": "config.win32 && tests.webengine-win-compiler64", + "type": "isWindowsHostCompiler64", + "output": [ "privateFeature" ] ++ }, ++ "webengine-noexecstack": { ++ "label": "linker supports -z noexecstack", ++ "condition": "config.unix && tests.webengine-noexecstack", ++ "output": [ "privateFeature" ] + } + }, + +--- a/src/core/core_module.pro ++++ b/src/core/core_module.pro +@@ -41,6 +41,8 @@ LIBS_PRIVATE += $$NINJA_LIB_DIRS $$NINJA + # GN's LFLAGS doesn't always work across all the Linux configurations we support. + # The Windows and macOS ones from GN does provide a few useful flags however + ++unix:qtConfig(webengine-noexecstack): \ ++ QMAKE_LFLAGS += -Wl,-z,noexecstack + linux { + QMAKE_LFLAGS += -Wl,--gc-sections -Wl,-O1 -Wl,-z,now + # Embedded address sanitizer symbols are undefined and are picked up by the dynamic link loader diff -Nru qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/restore-jstemplate.patch qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/restore-jstemplate.patch --- qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/restore-jstemplate.patch 1970-01-01 00:00:00.000000000 +0000 +++ qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/restore-jstemplate.patch 2019-12-30 21:06:07.000000000 +0000 @@ -0,0 +1,21 @@ +Description: restore a file that was erroneously excluded from the tarball +Author: Dmitry Shachnev +Forwarded: not-needed +Last-Update: 2019-11-30 + +--- /dev/null ++++ b/src/3rdparty/chromium/ui/webui/resources/js/jstemplate_compiled.js +@@ -0,0 +1,13 @@ ++// Copyright (c) 2012 The Chromium Authors. All rights reserved. ++// Use of this source code is governed by a BSD-style license that can be ++// found in the LICENSE file. ++ ++// This file serves as a proxy to bring the included js file from /third_party ++// into its correct location under the resources directory tree, whence it is ++// delivered via a chrome://resources URL. See ../webui_resources.grd. ++ ++// Note: this is not behind a single-line comment because the first ++// line of the file is source code (so the first line would be skipped) instead ++// of a licence header. ++// clang-format off ++ diff -Nru qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/series qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/series --- qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/series 2018-12-23 22:55:59.000000000 +0000 +++ qtwebengine-opensource-src-5.11.3+dfsg/debian/patches/series 2019-12-30 21:06:07.000000000 +0000 @@ -6,3 +6,6 @@ disable-last_commit_position.patch verbose-gn-bootstrap.patch fix-gcc-8-i386.patch +getdict-overrides.patch +restore-jstemplate.patch +no-exec-stack.patch diff -Nru qtwebengine-opensource-src-5.11.3+dfsg/debian/rules qtwebengine-opensource-src-5.11.3+dfsg/debian/rules --- qtwebengine-opensource-src-5.11.3+dfsg/debian/rules 2018-12-23 22:55:59.000000000 +0000 +++ qtwebengine-opensource-src-5.11.3+dfsg/debian/rules 2019-12-30 21:06:07.000000000 +0000 @@ -50,8 +50,7 @@ src/3rdparty/chromium/third_party/WebKit/Source/devtools/front_end/network/NetworkConfigView.js \ src/3rdparty/chromium/third_party/WebKit/Source/devtools/front_end/settings/EditFileSystemView.js \ src/3rdparty/chromium/third_party/WebKit/Source/devtools/front_end/terminal/xterm.js/build/xterm.css \ - src/3rdparty/chromium/third_party/WebKit/Source/devtools/front_end/terminal/xterm.js/build/xterm.js \ - src/3rdparty/chromium/ui/webui/resources/js/jstemplate_compiled.js + src/3rdparty/chromium/third_party/WebKit/Source/devtools/front_end/terminal/xterm.js/build/xterm.js %: dh $@ --with pkgkde_symbolshelper