Context Navigation

← Previous Change
Ticket History
Next Change →

Changes between Initial Version and Version 2 of Ticket #14729

Timestamp:: 03/06/2021 09:38:02 PM (3 years ago)
Author:: ken@…
Comment:: Removed my earlier comments, will add the process I used once I've got the (expletive deleted) source to build. I think some of it needs patching for glibc-2.33, my test build on LFS-10.1 last night didn't get very far (backtrace in python) but on 10.0 it is about half-way through.

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #14729
- Property Owner changed from blfs-book to ken@…
- Property Status new → assigned
- Property Priority normal → high

Ticket #14729 – Description

-              initial
+              v2
 As expected, future qt5 releases will be limited to commercial customers at first. When this was announced there were reports that qtwebengine had to be made available because of its license. Now that 5.15.3 has been reported (see e.g. phoronix) I googled.
+As expected, future qt5 releases will be limited to commercial customers at first [https://www.qt.io/blog/commercial-lts-qt-5.15.3-released] and will apparently become available to the rest of us when 6.1 is released (maybe in April). When this was announced there were reports that qtwebengine had to be made available because of its license. Now that 5.15.3 has been reported (see e.g. phoronix) I googled.
 Gentoo are using a git version from 24th February, apparently with extra workarounds because this is from git [https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-qt/qtwebengine/qtwebengine-5.15.2_p20210224.ebuild] and there is also a post (probably aimed at commercial users wanting to test 5.15.3, but it says building against 5.12 ('LTS')is also supported) at [https://m.marketscreener.com/quote/stock/QT-GROUP-OYJ-30049777/news/Qt-Oyj-nbsp-Building-Qt-WebEngine-Against-Other-Qt-Versions-32397357/].
+Gentoo are using a git version from 24th February, apparently with extra workarounds because this is from git [https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-qt/qtwebengine/qtwebengine-5.15.2_p20210224.ebuild]. I've eventually managed to assemble qtwebengine (5.15.3 branch) and the submodules (chromium, gn, ninja) from that date.
 Since waiting even longer for vulnerability fixes is a bad idea (fixes to chromium always take until the next qt release to be made available in qtwebengine) this might be worth exploring, although I expect that the chromium changes will be in a submodule which usually causes me grief.
+I cannot match gentoo's tarball - it looks as if they have cherry-picked items. In particular, they still apply patches for ICU68 but in my chromium source the changes appear to have all been made.
 At this point I'm flagging this as 'normal' because I have no idea if there are actually any CVE fixes -we can live in hope there are none, although that seems unlikely.
+In the qtwebengine chromium tree the latest commits fixed CVE-2021-21149 to -21156 (all rated High by chromium, see [https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_16.html]).