Merge pull request #8139 from qutebrowser/feat/7187_chromium_security_patch_in_version

Show chromium security patch version in :version

3 files changed, 48 insertions, 1 deletions

diff --git a/doc/changelog.asciidoc b/doc/changelog.asciidoc
index a33c537db..b6385b015 100644
--- a/doc/changelog.asciidoc
+++ b/doc/changelog.asciidoc
@@ -24,6 +24,10 @@ Added
 
 - When qutebrowser receives a SIGHUP it will now reload any config.py file
   in use (same as the `:config-source` command does). (#8108)
+- The Chromium security patch version is now shown in the backend string in
+  --version and :version. This reflects the latest Chromium version that
+  security fixes have been backported to the base QtWebEngine version from.
+  (#7187)
 
 Changed
 ~~~~~~~
diff --git a/qutebrowser/utils/version.py b/qutebrowser/utils/version.py
index a4bb893f6..32d5357db 100644
--- a/qutebrowser/utils/version.py
+++ b/qutebrowser/utils/version.py
@@ -535,6 +535,7 @@ class WebEngineVersions:
     webengine: utils.VersionNumber
     chromium: Optional[str]
     source: str
+    chromium_security: Optional[str] = None
     chromium_major: Optional[int] = dataclasses.field(init=False)
 
     _CHROMIUM_VERSIONS: ClassVar[Dict[utils.VersionNumber, str]] = {
@@ -638,6 +639,8 @@ class WebEngineVersions:
         s = f'QtWebEngine {self.webengine}'
         if self.chromium is not None:
             s += f', based on Chromium {self.chromium}'
+        if self.chromium_security is not None:
+            s += f', with security patches up to {self.chromium_security} (plus any distribution patches)'
         if self.source != 'UA':
             s += f' (from {self.source})'
         return s
@@ -695,7 +698,12 @@ class WebEngineVersions:
         return cls._CHROMIUM_VERSIONS.get(minor_version)
 
     @classmethod
-    def from_api(cls, qtwe_version: str, chromium_version: Optional[str]) -> 'WebEngineVersions':
+    def from_api(
+        cls,
+        qtwe_version: str,
+        chromium_version: Optional[str],
+        chromium_security: Optional[str] = None,
+    ) -> 'WebEngineVersions':
         """Get the versions based on the exact versions.
 
         This is called if we have proper APIs to get the versions easily
@@ -705,6 +713,7 @@ class WebEngineVersions:
         return cls(
             webengine=parsed,
             chromium=chromium_version,
+            chromium_security=chromium_security,
             source='api',
         )
 
@@ -805,11 +814,20 @@ def qtwebengine_versions(*, avoid_init: bool = False) -> WebEngineVersions:
         except ImportError:
             pass  # Needs QtWebEngine 6.2+ with PyQtWebEngine 6.3.1+
         else:
+            try:
+                from qutebrowser.qt.webenginecore import (
+                    qWebEngineChromiumSecurityPatchVersion,
+                )
+                chromium_security = qWebEngineChromiumSecurityPatchVersion()
+            except ImportError:
+                chromium_security = None  # Needs QtWebEngine 6.3+
+
             qtwe_version = qWebEngineVersion()
             assert qtwe_version is not None
             return WebEngineVersions.from_api(
                 qtwe_version=qtwe_version,
                 chromium_version=qWebEngineChromiumVersion(),
+                chromium_security=chromium_security,
             )
 
     from qutebrowser.browser.webengine import webenginesettings
diff --git a/tests/unit/utils/test_version.py b/tests/unit/utils/test_version.py
index 38134b40e..f24bf2a7a 100644
--- a/tests/unit/utils/test_version.py
+++ b/tests/unit/utils/test_version.py
@@ -915,6 +915,17 @@ class TestWebEngineVersions:
                 source='faked'),
             "QtWebEngine 5.15.2, based on Chromium 87.0.4280.144 (from faked)",
         ),
+        (
+            version.WebEngineVersions(
+                webengine=utils.VersionNumber(5, 15, 2),
+                chromium='87.0.4280.144',
+                chromium_security='9000.1',
+                source='faked'),
+            (
+                "QtWebEngine 5.15.2, based on Chromium 87.0.4280.144, with security "
+                "patches up to 9000.1 (plus any distribution patches) (from faked)"
+            ),
+        ),
     ])
     def test_str(self, version, expected):
         assert str(version) == expected
@@ -1024,6 +1035,20 @@ class TestWebEngineVersions:
 
         assert inferred == real
 
+    def test_real_chromium_security_version(self, qapp):
+        """Check the API for reading the chromium security patch version."""
+        try:
+            from qutebrowser.qt.webenginecore import (
+                qWebEngineChromiumVersion,
+                qWebEngineChromiumSecurityPatchVersion,
+            )
+        except ImportError:
+            pytest.skip("Requires QtWebEngine 6.3+")
+
+        base = utils.VersionNumber.parse(qWebEngineChromiumVersion())
+        security = utils.VersionNumber.parse(qWebEngineChromiumSecurityPatchVersion())
+        assert security >= base
+
 
 class FakeQSslSocket: