Update qtwebengine-5.15 towards 5.15.16

[ken@…]

It seems that the next paid-for release on qt-5.15 might happen in November. Meanwhile, the last 87-based qtwebengine chromium backport was on 26th September. A few weeks ago I noticed an incomplete 87-based commit to backport a chromium security bug (i.e. not a CVE), but that later disappeared from where I was looking. A week ago I pulled what was merged in their 5.15 tree, prepared the patches, and started testing. No issues, just lack of time.

I've now built this on BLFS-12.0 without my own CFLAGS etc optimizing and hardening modifications, and on a recent system again without my modifications - not a fresh system, I'm not building a new system until python-3.12 goes into the book - I have too many python modules and will stick on 3.11.6.

Looking today, that incomplete security bug has again appeared. But what I have now seems good enough.

I will note that the chromium backports include a lot of additions for newer intel GPUs.

CVEs fixed among these patches (all rated High) are:

· CVE-2023-4863 Heap buffer overflow in WebP

· CVE-2023-4762 Type Confusion in V8

· CVE-2023-4362 Heap buffer overflow in Mojom IDL

· CVE-2023-4354 Heap buffer overflow in Skia

· CVE-2023-4351 Use after free in Network

· CVE-2023-4076 Use after free in WebRTC

· CVE-2023-4074 Use after free in Blink Task

· CVE-2023-4071 Heap buffer overflow in Visuals

[ken@…]

Committed at sha:g12.0-506-gec40d199f6c6

[ken@…]

Security Advisory SA 12.0-033