Author: ken
Date: Fri Apr 9 16:06:48 2021
New Revision: 24457
Log:
Update QtWebEngine to a snapshot from 2021-04-01
(security update).
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/packages.ent
trunk/BOOK/x/lib/qtwebengine.xml
Modified: trunk/BOOK/general.ent
==============================================================================
--- trunk/BOOK/general.ent Thu Apr 8 19:10:57 2021 (r24456)
+++ trunk/BOOK/general.ent Fri Apr 9 16:06:48 2021 (r24457)
@@ -1,12 +1,12 @@
<!-- $LastChangedBy$ $Date$ -->
-<!ENTITY day "08"> <!-- Always 2 digits -->
+<!ENTITY day "09"> <!-- Always 2 digits -->
<!ENTITY month "04"> <!-- Always 2 digits -->
<!ENTITY year "2021">
<!ENTITY copyrightdate "2001-&year;">
<!ENTITY copyholder "The BLFS Development Team">
<!ENTITY version "&year;-&month;-&day;">
-<!ENTITY releasedate "April 8th, &year;">
+<!ENTITY releasedate "April 9th, &year;">
<!ENTITY pubdate "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
<!ENTITY blfs-version "svn"> <!-- svn|[release #] -->
<!ENTITY lfs-version "development"> <!-- x.y|development -->
Modified: trunk/BOOK/introduction/welcome/changelog.xml
==============================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml Thu Apr 8 19:10:57
2021 (r24456)
+++ trunk/BOOK/introduction/welcome/changelog.xml Fri Apr 9 16:06:48
2021 (r24457)
@@ -42,6 +42,17 @@
</listitem>
-->
<listitem>
+ <para>April 9th, 2021</para>
+ <itemizedlist>
+ <listitem>
+ <para>[ken] - Update to a qtwebengine snapshot from 2021-04-01
+ (Security Update). Fixes
+ <ulink url="&blfs-ticket-root;14863">#14863</ulink>.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>April 8th, 2021</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/packages.ent
==============================================================================
--- trunk/BOOK/packages.ent Thu Apr 8 19:10:57 2021 (r24456)
+++ trunk/BOOK/packages.ent Fri Apr 9 16:06:48 2021 (r24457)
@@ -764,7 +764,7 @@
<!ENTITY pango-version "1.48.4">
<!ENTITY pangomm-version "2.46.0">
<!ENTITY qt5-version "5.15.2">
-<!ENTITY qtwebengine-version "5.15.3">
+<!ENTITY qtwebengine-version "20210401">
<!ENTITY qtwebkit-version "5.9.0">
<!ENTITY qscintilla-version "2.10.4">
<!ENTITY shared-mime-info-version "2.1">
Modified: trunk/BOOK/x/lib/qtwebengine.xml
==============================================================================
--- trunk/BOOK/x/lib/qtwebengine.xml Thu Apr 8 19:10:57 2021 (r24456)
+++ trunk/BOOK/x/lib/qtwebengine.xml Fri Apr 9 16:06:48 2021 (r24457)
@@ -10,7 +10,7 @@
URL for a prepared git version -->
<!ENTITY qtwebengine-download-http
"&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz">
<!ENTITY qtwebengine-download-ftp " ">
- <!ENTITY qtwebengine-md5sum "838d5d4ef9d1e5b82a41bff6f830e4a4">
+ <!ENTITY qtwebengine-md5sum "97ee413dccf03d2fc09a7718f39367f7">
<!ENTITY qtwebengine-size "306 MB">
<!ENTITY qtwebengine-buildsize "5.1 GB (154 MB installed)">
<!ENTITY qtwebengine-time "101 SBU (Using parallelism=4)">
@@ -72,16 +72,16 @@
<para>
It seems likely that future 5.15-series versions will also be released
- long after the chromium vulnerabilities are known.
+ long after the chromium vulnerabilities are known, but fixes for
+ QtWebEngine can be found in git and the editors take the view that
+ known vulnerabilities in browsers should be fixed.
</para>
<para> <!-- for git versions -->
The tarball linked to below was created from the 5.15 git branch
- at https://code.qt.io/cgit/qt/qtwebengine.git commit 029771bcd254
- just before the version there was rolled on for 5.15.4,
- <!-- the DTS doesn't let me put a url in a para -->
- <!--ulink
url="https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&id=029771bcd254"/>code.qt.io/cgit/qt/qtwebengine.git</ulink>-->
- with the chromium submodule using the 87-branch at revision
7c8217b36a95.
+ and the 87-branch of the chromium submodule (which is forked from
+ chromium). See the GIT-VERSIONS file in the tarball for details of
+ the latest commits.
</para>
</warning>
@@ -101,16 +101,36 @@
git fetch origin
git branch -r
The required branch is likely to be 87-branch unless there is a newer
one
+ mentioned in the 5.15 cgit web page (below).
git checkout origin/87-branch (or whatever)
Use git log or git tk to look at its HEAD and check it seems
appropriate.
+ To decide when it might be worth creating a new tarball, periodically
keep
+ an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the
5.15
+ branch, 5.15.4 might get used later). The interesting items are CVE fixes
+ for known chromium vulnerabilities, as well as numbered Security bugs -
+ again, these relate to chromium.
+
+ When I noticed some updates in late March I was searching for one of the
+ CVEs mentioned, and google found a link to a review page for Michael
BrĂ¼ning
+ at https://codereview.qt.nokia.com/q/owner:michael.bruning%2540qt.io. At
that
+ time I could see various unmerged items, so I waited. The items for the
+ 69-based chromium module are not relevant to 5.15 (possibly they will
+ eventually update 5.12). Review queues for other Qt employees might be
found
+ in a similar way, but remember that everythng EXCEPT qtwebengine and
chromium
+ is private to Qt until they choose to release it.
+
+ After merging the contents of the qtwebengine and src/3rdparty git
extracts,
+ in the top level please create a GIT-VERSIONS file summarising the HEAD
+ commits of both parts, as a reminder of where we are up to.
+
Now create tarballs - 'git archive' does not work across submodule
boundaries,
so you need to create one archive from the top of qtwebengine/ and
another
from the top of src/3rdparty (chromium, gn, ninja are apparently all
part of
the qtwebengine-chromium module). Then in a work area untar the
qtwebengine
tarball, go down to src/3rdparty and untar the submodule tarball.
Decide on what to call the result and create a full xz tarball using tar
-cJf.
- -->
+ end of note for editors -->
&lfs101_checked;
@@ -176,7 +196,7 @@
<!-- keep links for releases and git versions as a reminder
that the tarball names names differ
<ulink
url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/>
-->
- <ulink
url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-2.patch"/>
+ <ulink
url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-1.patch"/>
</para>
</listitem>
</itemizedlist>
@@ -252,7 +272,7 @@
Now apply a patch to fix several issues that can prevent the build
working:
</para>
-<screen><userinput remap="pre">patch -Np1 -i
../qtwebengine-&qtwebengine-version;-build_fixes-2.patch</userinput></screen>
+<screen><userinput remap="pre">patch -Np1 -i
../qtwebengine-&qtwebengine-version;-build_fixes-1.patch</userinput></screen>
<!-- start of commands for git versions only -->
<para>
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
