Merge pull request #8139 from qutebrowser/feat/7187_chromium_security_patch_in_version

Show chromium security patch version in :version
2024-04-20 19:25:42 +12:00 · 2024-04-20 19:25:42 +12:00 · 80931acab0
parent 91be21aede 52106c383b
commit 80931acab0
3 changed files with 48 additions and 1 deletions
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@ -24,6 +24,10 @@ Added

 - When qutebrowser receives a SIGHUP it will now reload any config.py file
  in use (same as the `:config-source` command does). (#8108)
+- The Chromium security patch version is now shown in the backend string in
+  --version and :version. This reflects the latest Chromium version that
+  security fixes have been backported to the base QtWebEngine version from.
+  (#7187)

 Changed
 ~~~~~~~
--- a/qutebrowser/utils/version.py
+++ b/qutebrowser/utils/version.py
@ -535,6 +535,7 @@ class WebEngineVersions:
    webengine: utils.VersionNumber
    chromium: Optional[str]
    source: str
+    chromium_security: Optional[str] = None
    chromium_major: Optional[int] = dataclasses.field(init=False)

    _CHROMIUM_VERSIONS: ClassVar[Dict[utils.VersionNumber, str]] = {
@ -638,6 +639,8 @@ class WebEngineVersions:
        s = f'QtWebEngine {self.webengine}'
        if self.chromium is not None:
            s += f', based on Chromium {self.chromium}'
+        if self.chromium_security is not None:
+            s += f', with security patches up to {self.chromium_security} (plus any distribution patches)'
        if self.source != 'UA':
            s += f' (from {self.source})'
        return s
@ -695,7 +698,12 @@ class WebEngineVersions:
        return cls._CHROMIUM_VERSIONS.get(minor_version)

    @classmethod
-    def from_api(cls, qtwe_version: str, chromium_version: Optional[str]) -> 'WebEngineVersions':
+    def from_api(
+        cls,
+        qtwe_version: str,
+        chromium_version: Optional[str],
+        chromium_security: Optional[str] = None,
+    ) -> 'WebEngineVersions':
        """Get the versions based on the exact versions.

        This is called if we have proper APIs to get the versions easily
@ -705,6 +713,7 @@ class WebEngineVersions:
        return cls(
            webengine=parsed,
            chromium=chromium_version,
+            chromium_security=chromium_security,
            source='api',
        )

@ -805,11 +814,20 @@ def qtwebengine_versions(*, avoid_init: bool = False) -> WebEngineVersions:
        except ImportError:
            pass  # Needs QtWebEngine 6.2+ with PyQtWebEngine 6.3.1+
        else:
+            try:
+                from qutebrowser.qt.webenginecore import (
+                    qWebEngineChromiumSecurityPatchVersion,
+                )
+                chromium_security = qWebEngineChromiumSecurityPatchVersion()
+            except ImportError:
+                chromium_security = None  # Needs QtWebEngine 6.3+
+
            qtwe_version = qWebEngineVersion()
            assert qtwe_version is not None
            return WebEngineVersions.from_api(
                qtwe_version=qtwe_version,
                chromium_version=qWebEngineChromiumVersion(),
+                chromium_security=chromium_security,
            )

    from qutebrowser.browser.webengine import webenginesettings
--- a/tests/unit/utils/test_version.py
+++ b/tests/unit/utils/test_version.py
@ -915,6 +915,17 @@ class TestWebEngineVersions:
                source='faked'),
            "QtWebEngine 5.15.2, based on Chromium 87.0.4280.144 (from faked)",
        ),
+        (
+            version.WebEngineVersions(
+                webengine=utils.VersionNumber(5, 15, 2),
+                chromium='87.0.4280.144',
+                chromium_security='9000.1',
+                source='faked'),
+            (
+                "QtWebEngine 5.15.2, based on Chromium 87.0.4280.144, with security "
+                "patches up to 9000.1 (plus any distribution patches) (from faked)"
+            ),
+        ),
    ])
    def test_str(self, version, expected):
        assert str(version) == expected
@ -1024,6 +1035,20 @@ class TestWebEngineVersions:

        assert inferred == real

+    def test_real_chromium_security_version(self, qapp):
+        """Check the API for reading the chromium security patch version."""
+        try:
+            from qutebrowser.qt.webenginecore import (
+                qWebEngineChromiumVersion,
+                qWebEngineChromiumSecurityPatchVersion,
+            )
+        except ImportError:
+            pytest.skip("Requires QtWebEngine 6.3+")
+
+        base = utils.VersionNumber.parse(qWebEngineChromiumVersion())
+        security = utils.VersionNumber.parse(qWebEngineChromiumSecurityPatchVersion())
+        assert security >= base
+

 class FakeQSslSocket: