Update to 6.10

io.qt.qtwebengine.BaseApp.json

@@ -1,13 +1,13 @@
 {
     "id": "io.qt.qtwebengine.BaseApp",
-    "branch": "6.9",
+    "branch": "6.10",
     "runtime": "org.kde.Platform",
     "sdk": "org.kde.Sdk",
     "sdk-extensions": [
         "org.kde.Sdk.Locale",
         "org.freedesktop.Sdk.Extension.node20"
     ],
-    "runtime-version": "6.9",
+    "runtime-version": "6.10",
     "separate-locales": false,
     "modules": [
         {
@@ -42,13 +42,13 @@
                 {
                     "type": "git",
                     "url": "https://invent.kde.org/qt/qt/qtwebengine.git",
-                    "tag": "v6.9.1",
-                    "commit": "d0012809afa1ca30210948d281f48fbc7160fc0c",
+                    "tag": "v6.10.0",
+                    "commit": "08cfa1af1eaa001a731e21bee336f09677a9c88a",
                     "x-checker-data": {
                         "is-main-source": true,
                         "type": "json",
                         "url": "https://invent.kde.org/api/v4/projects/qt%2Fqt%2Fqtwebengine/repository/tags",
-                        "tag-query": "first(.[].name | match( \"v6.9[\\\\d.]+-lts|v6.9[\\\\d.]+\" ) | .string)",
+                        "tag-query": "first(.[].name | match( \"v6.10[\\\\d.]+-lts|v6.10[\\\\d.]+\" ) | .string)",
                         "version-query": "$tag | sub(\"^v\"; \"\")",
                         "timestamp-query": ".[] | select(.name==$tag) | .commit.created_at"
                     }

krb5/krb5.json

@@ -13,8 +13,8 @@
     "sources": [
         {
             "type": "archive",
-            "url": "https://kerberos.org/dist/krb5/1.21/krb5-1.21.3.tar.gz",
-            "sha256": "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd304840ad35",
+            "url": "https://kerberos.org/dist/krb5/1.22/krb5-1.22.1.tar.gz",
+            "sha256": "1a8832b8cad923ebbf1394f67e2efcf41e3a49f460285a66e35adec8fa0053af",
             "x-checker-data": {
                 "type": "html",
                 "url": "https://kerberos.org/dist/",

libevent/libevent.json

@@ -2,6 +2,7 @@
     "name": "libevent",
     "buildsystem": "cmake-ninja",
     "config-opts": [
+        "-DCMAKE_POLICY_VERSION_MINIMUM=3.5",
         "-DEVENT__LIBRARY_TYPE=SHARED"
     ],
     "post-install": [

patches/chromium-add-app-libdir.patch

@@ -1,7 +1,7 @@
-From 3cb20aa4c0cc47a2e08d908db9a8ae61d7b34592 Mon Sep 17 00:00:00 2001
+From d618cb528e95d4081bfd803cfc57a593add4351f Mon Sep 17 00:00:00 2001
 From: bbhtt <[email protected]>
 Date: Thu, 31 Oct 2024 10:31:10 +0530
-Subject: [PATCH] chromium-add-app-libdir-patch
+Subject: [PATCH 1/4] chromium-add-app-libdir-patch
 
 ---
  chromium/build/config/linux/pkg-config.py | 2 +-
@@ -21,6 +21,5 @@ index e3e582d2ee3..c2d07d6b94f 100755
    for flag in all_flags[:]:
      if len(flag) == 0 or MatchesAnyRegexp(flag, strip_out):
 -- 
-2.47.0
-
+2.51.0
 

patches/chromium-flatpak-add-initial-sandbox-support.patch

@@ -1,7 +1,7 @@
-From 82c508db978f4b9a4e026f5268e6ab061be0f835 Mon Sep 17 00:00:00 2001
+From 234b7b64ef02264b384512393b89b17c54697fd9 Mon Sep 17 00:00:00 2001
 From: bbhtt <[email protected]>
 Date: Mon, 7 Apr 2025 23:10:11 +0530
-Subject: [PATCH] flatpak: Add initial sandbox support
+Subject: [PATCH 2/4] flatpak: Add initial sandbox support
 
 ---
  chromium/base/threading/thread_restrictions.h |   5 +
@@ -29,10 +29,10 @@ Subject: [PATCH] flatpak: Add initial sandbox support
  create mode 100644 chromium/sandbox/linux/services/flatpak_sandbox.h
 
 diff --git a/chromium/base/threading/thread_restrictions.h b/chromium/base/threading/thread_restrictions.h
-index b91d7d69a44..032cc62cc25 100644
+index 8d091b461e2..b088018646a 100644
 --- a/chromium/base/threading/thread_restrictions.h
 +++ b/chromium/base/threading/thread_restrictions.h
-@@ -403,6 +403,9 @@ class ScopedAllowThreadJoinForWebRtcTransport;
+@@ -408,6 +408,9 @@ class ScopedAllowThreadJoinForWebRtcTransport;
  namespace rlz_lib {
  class FinancialPing;
  }
@@ -50,7 +50,7 @@ index b91d7d69a44..032cc62cc25 100644
    friend class ui::DrmDisplayHostManager;
    friend class ui::ScopedAllowBlockingForGbmSurface;
    friend class ui::SelectFileDialogLinux;
-@@ -800,6 +804,7 @@ class BASE_EXPORT ScopedAllowBaseSyncPrimitives {
+@@ -799,6 +803,7 @@ class BASE_EXPORT ScopedAllowBaseSyncPrimitives {
    friend class rlz_lib::FinancialPing;
    friend class shell_integration_linux::
        LaunchXdgUtilityScopedAllowBaseSyncPrimitives;
@@ -59,7 +59,7 @@ index b91d7d69a44..032cc62cc25 100644
    friend class syncer::HttpBridge;
    friend class syncer::GetLocalChangesRequest;
 diff --git a/chromium/chrome/browser/resources/sandbox_internals/sandbox_internals.ts b/chromium/chrome/browser/resources/sandbox_internals/sandbox_internals.ts
-index f6d2f3f0bc4..fcc58c6735e 100644
+index 1d2c06f5406..9946482709b 100644
 --- a/chromium/chrome/browser/resources/sandbox_internals/sandbox_internals.ts
 +++ b/chromium/chrome/browser/resources/sandbox_internals/sandbox_internals.ts
 @@ -140,6 +140,7 @@ function addGoodBadRow(name: string, result: boolean): HTMLElement {
@@ -81,26 +81,26 @@ index f6d2f3f0bc4..fcc58c6735e 100644
 
    addStatusRow('Layer 1 Sandbox', layer1SandboxType, layer1SandboxCssClass);
 diff --git a/chromium/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc b/chromium/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc
-index bf7b78db623..b99e53594a0 100644
+index 62a6f7e438e..8abbaa3a740 100644
 --- a/chromium/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc
 +++ b/chromium/chrome/browser/ui/webui/sandbox/sandbox_internals_ui.cc
-@@ -18,6 +18,7 @@
+@@ -13,6 +13,7 @@
  #include "content/public/browser/web_contents.h"
  #include "content/public/browser/web_ui.h"
  #include "content/public/browser/web_ui_data_source.h"
 +#include "sandbox/policy/linux/sandbox_linux.h"
  #include "services/network/public/mojom/content_security_policy.mojom.h"
 
  #include "chrome/grit/sandbox_internals_resources.h"
-@@ -47,6 +48,7 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) {
+@@ -42,6 +43,7 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) {
 
    source->AddBoolean("suid", status & sandbox::policy::SandboxLinux::kSUID);
    source->AddBoolean("userNs", status & sandbox::policy::SandboxLinux::kUserNS);
 +  source->AddBoolean("flatpak", status & sandbox::policy::SandboxLinux::kFlatpak);
    source->AddBoolean("pidNs", status & sandbox::policy::SandboxLinux::kPIDNS);
    source->AddBoolean("netNs", status & sandbox::policy::SandboxLinux::kNetNS);
    source->AddBoolean("seccompBpf",
-@@ -64,7 +66,8 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) {
+@@ -59,7 +61,8 @@ static void SetSandboxStatusData(content::WebUIDataSource* source) {
 
    // Require either the setuid or namespace sandbox for our first-layer sandbox.
    bool good_layer1 = (status & sandbox::policy::SandboxLinux::kSUID ||
@@ -111,18 +111,18 @@ index bf7b78db623..b99e53594a0 100644
                       status & sandbox::policy::SandboxLinux::kNetNS;
    // A second-layer sandbox is also required to be adequately sandboxed.
 diff --git a/chromium/content/browser/child_process_host_impl.cc b/chromium/content/browser/child_process_host_impl.cc
-index 95df576580a..4a0aea26f0b 100644
+index 583a3864145..c02b56f44cb 100644
 --- a/chromium/content/browser/child_process_host_impl.cc
 +++ b/chromium/content/browser/child_process_host_impl.cc
-@@ -45,6 +45,7 @@
+@@ -46,6 +46,7 @@
 
  #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
  #include "base/linux_util.h"
 +#include "sandbox/linux/services/flatpak_sandbox.h"
  #elif BUILDFLAG(IS_MAC)
  #include "base/apple/foundation_util.h"
  #include "content/browser/mac_helpers.h"
-@@ -78,7 +79,12 @@ base::FilePath ChildProcessHost::GetChildPath(int flags) {
+@@ -72,7 +73,12 @@ base::FilePath ChildProcessHost::GetChildPath(int flags) {
  #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS)
    // Use /proc/self/exe rather than our known binary path so updates
    // can't swap out the binary from underneath us.
@@ -137,34 +137,34 @@ index 95df576580a..4a0aea26f0b 100644
    }
  #endif
 diff --git a/chromium/content/browser/zygote_host/zygote_host_impl_linux.cc b/chromium/content/browser/zygote_host/zygote_host_impl_linux.cc
-index 388e6c36b24..fa02e1cf228 100644
+index 836b6c90493..753f65627bf 100644
 --- a/chromium/content/browser/zygote_host/zygote_host_impl_linux.cc
 +++ b/chromium/content/browser/zygote_host/zygote_host_impl_linux.cc
-@@ -12,6 +12,7 @@
+@@ -17,6 +17,7 @@
  #include "base/logging.h"
  #include "base/posix/unix_domain_socket.h"
  #include "base/process/kill.h"
 +#include "base/process/launch.h"
  #include "base/process/memory.h"
  #include "base/strings/string_number_conversions.h"
  #include "base/types/fixed_array.h"
-@@ -22,6 +23,7 @@
+@@ -26,6 +27,7 @@
  #include "content/common/zygote/zygote_handle_impl_linux.h"
  #include "content/public/common/zygote/zygote_handle.h"
  #include "sandbox/linux/services/credentials.h"
 +#include "sandbox/linux/services/flatpak_sandbox.h"
  #include "sandbox/linux/services/namespace_sandbox.h"
  #include "sandbox/linux/suid/client/setuid_sandbox_host.h"
  #include "sandbox/linux/suid/common/sandbox.h"
-@@ -72,6 +74,7 @@ ZygoteHostImpl::ZygoteHostImpl()
+@@ -76,6 +78,7 @@ ZygoteHostImpl::ZygoteHostImpl()
      : use_namespace_sandbox_(false),
        use_suid_sandbox_(false),
        use_suid_sandbox_for_adj_oom_score_(false),
 +      use_flatpak_sandbox_(false),
        sandbox_binary_(),
        zygote_pids_lock_(),
        zygote_pids_() {}
-@@ -110,9 +113,12 @@ void ZygoteHostImpl::Init(const base::CommandLine& command_line) {
+@@ -114,9 +117,12 @@ void ZygoteHostImpl::Init(const base::CommandLine& command_line) {
      sandbox_binary_ = setuid_sandbox_host->GetSandboxBinaryPath().value();
    }
 
@@ -180,7 +180,7 @@ index 388e6c36b24..fa02e1cf228 100644
      use_namespace_sandbox_ = true;
    } else if (!command_line.HasSwitch(
                   sandbox::policy::switches::kDisableSetuidSandbox) &&
-@@ -183,19 +189,25 @@ pid_t ZygoteHostImpl::LaunchZygote(
+@@ -187,19 +193,25 @@ pid_t ZygoteHostImpl::LaunchZygote(
      sandbox_host->SetupLaunchEnvironment();
    }
 
@@ -212,7 +212,7 @@ index 388e6c36b24..fa02e1cf228 100644
      // The namespace and SUID sandbox will execute the zygote in a new
      // PID namespace, and the main zygote process will then fork from
      // there. Watch now our elaborate dance to find and validate the
-@@ -223,7 +235,11 @@ pid_t ZygoteHostImpl::LaunchZygote(
+@@ -227,7 +239,11 @@ pid_t ZygoteHostImpl::LaunchZygote(
 
      if (real_pid != pid) {
        // Reap the sandbox.
@@ -225,7 +225,7 @@ index 388e6c36b24..fa02e1cf228 100644
      }
      pid = real_pid;
    }
-@@ -274,6 +290,10 @@ void ZygoteHostImpl::AdjustRendererOOMScore(base::ProcessHandle pid,
+@@ -278,6 +294,10 @@ void ZygoteHostImpl::AdjustRendererOOMScore(base::ProcessHandle pid,
      selinux_valid = true;
    }
 
@@ -237,10 +237,10 @@ index 388e6c36b24..fa02e1cf228 100644
      if (!base::AdjustOOMScore(pid, score))
        PLOG(ERROR) << "Failed to adjust OOM score of renderer with pid " << pid;
 diff --git a/chromium/content/browser/zygote_host/zygote_host_impl_linux.h b/chromium/content/browser/zygote_host/zygote_host_impl_linux.h
-index 720d823d4a6..ad470963693 100644
+index 8ef884a7db6..f441900dd63 100644
 --- a/chromium/content/browser/zygote_host/zygote_host_impl_linux.h
 +++ b/chromium/content/browser/zygote_host/zygote_host_impl_linux.h
-@@ -70,6 +70,7 @@ class CONTENT_EXPORT ZygoteHostImpl : public ZygoteHost {
+@@ -69,6 +69,7 @@ class CONTENT_EXPORT ZygoteHostImpl : public ZygoteHost {
    bool use_namespace_sandbox_;
    bool use_suid_sandbox_;
    bool use_suid_sandbox_for_adj_oom_score_;
@@ -249,10 +249,10 @@ index 720d823d4a6..ad470963693 100644
 
    // This lock protects the |zygote_pids_| set.
 diff --git a/chromium/content/zygote/zygote_linux.cc b/chromium/content/zygote/zygote_linux.cc
-index bdcb36f7eb2..239a6462e4b 100644
+index f2c3b43281d..9f3f3f6b1bc 100644
 --- a/chromium/content/zygote/zygote_linux.cc
 +++ b/chromium/content/zygote/zygote_linux.cc
-@@ -127,7 +127,7 @@ bool Zygote::ProcessRequests() {
+@@ -126,7 +126,7 @@ bool Zygote::ProcessRequests() {
    PCHECK(sigaddset(&sigset, SIGCHLD) == 0);
    PCHECK(sigprocmask(SIG_BLOCK, &sigset, &orig_sigmask) == 0);
 
@@ -261,7 +261,7 @@ index bdcb36f7eb2..239a6462e4b 100644
      // Let the ZygoteHost know we are ready to go.
      // The receiving code is in
      // content/browser/zygote_host/zygote_host_impl_linux.cc.
-@@ -233,6 +233,10 @@ bool Zygote::UsingNSSandbox() const {
+@@ -231,6 +231,10 @@ bool Zygote::UsingNSSandbox() const {
    return sandbox_flags_ & sandbox::policy::SandboxLinux::kUserNS;
  }
 
@@ -349,10 +349,10 @@ index 92f1cddfdd4..63cdbf7f8f7 100644
                  base::GlobalDescriptors::Descriptor(
                      static_cast<uint32_t>(kSandboxIPCChannel), GetSandboxFD()));
 diff --git a/chromium/sandbox/linux/BUILD.gn b/chromium/sandbox/linux/BUILD.gn
-index cc86e06114c..d47b2a1c996 100644
+index 97e3deed4f2..9e2a463d101 100644
 --- a/chromium/sandbox/linux/BUILD.gn
 +++ b/chromium/sandbox/linux/BUILD.gn
-@@ -310,6 +310,10 @@ if (is_linux || is_chromeos) {
+@@ -311,6 +311,10 @@ if (is_linux || is_chromeos) {
 
  component("sandbox_services") {
    sources = [
@@ -363,7 +363,7 @@ index cc86e06114c..d47b2a1c996 100644
      "services/init_process_reaper.cc",
      "services/init_process_reaper.h",
      "services/proc_util.cc",
-@@ -328,8 +332,10 @@ component("sandbox_services") {
+@@ -329,8 +333,10 @@ component("sandbox_services") {
 
    defines = [ "SANDBOX_IMPLEMENTATION" ]
 
@@ -557,7 +557,7 @@ index 00000000000..2a915a5b9fa
 +
 +void WriteStringAsByteArray(dbus::MessageWriter* writer,
 +                            const std::string& str) {
-+  writer->AppendArrayOfBytes(base::make_span(
++  writer->AppendArrayOfBytes(base::span(
 +      reinterpret_cast<const uint8_t*>(str.c_str()), str.size() + 1));
 +}
 +
@@ -1198,10 +1198,10 @@ index 00000000000..167bbc85945
 +
 +#endif  // SANDBOX_LINUX_SERVICES_FLATPAK_SANDBOX_H_
 diff --git a/chromium/sandbox/policy/BUILD.gn b/chromium/sandbox/policy/BUILD.gn
-index c908ecf7070..c581821f772 100644
+index 6767e25821a..521c089a5f3 100644
 --- a/chromium/sandbox/policy/BUILD.gn
 +++ b/chromium/sandbox/policy/BUILD.gn
-@@ -127,6 +127,9 @@ component("policy") {
+@@ -116,6 +116,9 @@ component("policy") {
        "//sandbox/linux:suid_sandbox_client",
      ]
    }
@@ -1212,7 +1212,7 @@ index c908ecf7070..c581821f772 100644
      sources += [
        "linux/bpf_ime_policy_linux.cc",
 diff --git a/chromium/sandbox/policy/linux/sandbox_linux.cc b/chromium/sandbox/policy/linux/sandbox_linux.cc
-index 74f03ba8e9c..f38ca90c0ff 100644
+index f793d20b40c..58793fc7861 100644
 --- a/chromium/sandbox/policy/linux/sandbox_linux.cc
 +++ b/chromium/sandbox/policy/linux/sandbox_linux.cc
 @@ -37,6 +37,7 @@
@@ -1223,7 +1223,7 @@ index 74f03ba8e9c..f38ca90c0ff 100644
  #include "sandbox/linux/services/libc_interceptor.h"
  #include "sandbox/linux/services/namespace_sandbox.h"
  #include "sandbox/linux/services/proc_util.h"
-@@ -236,6 +237,9 @@ bool SandboxLinux::PreinitializeSandbox() {
+@@ -232,6 +233,9 @@ bool SandboxLinux::PreinitializeSandbox() {
    const int yama_status = Yama::GetStatus();
    yama_is_enforcing_ = (yama_status & Yama::STATUS_PRESENT) &&
                         (yama_status & Yama::STATUS_ENFORCING);
@@ -1233,7 +1233,7 @@ index 74f03ba8e9c..f38ca90c0ff 100644
    pre_initialized_ = true;
    return seccomp_bpf_supported_;
  }
-@@ -275,6 +279,10 @@ int SandboxLinux::GetStatus() {
+@@ -271,6 +275,10 @@ int SandboxLinux::GetStatus() {
          sandbox_status_flags_ |= kPIDNS;
        if (NamespaceSandbox::InNewNetNamespace())
          sandbox_status_flags_ |= kNetNS;
@@ -1278,10 +1278,10 @@ index a37e131df46..9c082a3e224 100644
  #if BUILDFLAG(USING_SANITIZER)
    std::unique_ptr<__sanitizer_sandbox_arguments> sanitizer_args_;
 diff --git a/chromium/services/service_manager/service_process_launcher.cc b/chromium/services/service_manager/service_process_launcher.cc
-index 9dbb33eba71..f99b6e841e8 100644
+index bb99780fb87..373978654d2 100644
 --- a/chromium/services/service_manager/service_process_launcher.cc
 +++ b/chromium/services/service_manager/service_process_launcher.cc
-@@ -286,8 +286,14 @@ void ServiceProcessLauncher::ProcessState::StopInBackground() {
+@@ -285,8 +285,14 @@ void ServiceProcessLauncher::ProcessState::StopInBackground() {
      return;
 
    int rv = -1;
@@ -1299,5 +1299,5 @@ index 9dbb33eba71..f99b6e841e8 100644
  }
 
 -- 
-2.49.0
+2.51.0