Changeset d885388

08/29/2021 01:51:50 AM (2 years ago)
Ken Moffat <ken@…>
11.0, 11.1, 11.2, 11.3, 12.0, kea, ken/inkscape-core-mods, lazarus, lxqt, plabs/python-mods, qt5new, trunk, upgradedb, xry111/intltool, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Update to qtwebengine-5.15.6.

I'm not happy about the wording for recommended dependencies,
ideally jhalfs should "do the right thing" and build libxml2
after icu - but I have no idea how to force that.

Traditionally we do not list every dependency which is pulled in
by another dep, but some time ago Doug discovered that system ICU
is only used by qtwebengine if libxml2 has been built after ICU.

Although I'm hopeful that the current instructions will work in
that case, adding a shipped copy of ICU just makes the build

3 edited


  • introduction/welcome/changelog.xml

    r34a6571 rd885388  
    4545      <para>August 28th, 2021</para>
    4646      <itemizedlist>
     47        <listitem>
     48          <para>[ken] - Update to qtwebengine-5.15.6 (security fixes).
     49          Fixes <ulink url="&blfs-ticket-root;15471">#15471</ulink>.</para>
     50        </listitem>
    4751        <listitem>
    4852          <para>[pierre] - Add an option to Qt5, so that logging goes to
  • packages.ent

    r34a6571 rd885388  
    768768<!ENTITY pangomm-version              "2.46.1">
    769769<!ENTITY qt5-version                  "5.15.2">
    770 <!ENTITY qtwebengine-version          "20210401">
     770<!ENTITY qtwebengine-version          "5.15.6">
    771771<!ENTITY qtwebkit-version             "5.9.0">
    772772<!ENTITY qscintilla-version           "2.10.4">
  • x/lib/qtwebengine.xml

    r34a6571 rd885388  
    1111  <!ENTITY qtwebengine-download-http "&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz">
    1212  <!ENTITY qtwebengine-download-ftp  " ">
    13   <!ENTITY qtwebengine-md5sum        "97ee413dccf03d2fc09a7718f39367f7">
     13  <!ENTITY qtwebengine-md5sum        "af799617842cca0b765102c312fbdd46">
    1414  <!ENTITY qtwebengine-size          "306 MB">
    1515  <!ENTITY qtwebengine-buildsize     "5.1 GB (154 MB installed)">
    16   <!ENTITY qtwebengine-time          "95 SBU (Using 6 jobs on a 4-core processor)">
     16  <!ENTITY qtwebengine-time          "97 SBU (typical, Using parallelism=4)">
    5858    <warning>
    59       <!-- FIXME : remove this para before we release 11.0 -->
    60       <para>
    61         <emphasis>If you are using a development version of LFS with binutils-2.37,
    62         you must rebuild binutils with the patch which is now in LFS, otherwise the
    63         build will eventually fail with a message 'error adding symbols: malformed
    64         archive'.</emphasis>
    65       </para>
    6759      <para>
    6860        QtWebEngine uses a forked copy of chromium, and is therefore vulnerable
    8779      <para> <!-- for git versions -->
    88         The tarball linked to below was created from the 5.15 git branch
     80        The tarball linked to below was created from the 5.15.6 git branch
    8981        and the 87-branch of the chromium submodule (which is forked from
    9082        chromium). See the GIT-VERSIONS file in the tarball (after applying
    10294      git branch -r
    10395       after a release is prepared (even if the rest is not public), the 5.15
    104        branch is probably what you want
    105       git checkout origin/5.15
     96       branch now seems to get updated and might be what you want. But in the
     97       approach to 5.15.6 the backported CVE and other security fixes were only
     98       applied to 5.15.6.  So, assuming that a 5.15.7 branch now exists,
     99      git checkout origin/5.15.7
    106100       Confirm that HEAD is where you expected.
    107101       Now go to src/3rdparty
    115109      To decide when it might be worth creating a new tarball, periodically keep
    116       an eye on (currently, the 5.15
    117       branch, 5.15.4 might get used later). The interesting items are CVE fixes
     110      an eye on (currently, the 5.15.6
     111      branch, 5.15.7 might get used later). The interesting items are CVE fixes
    118112      for known chromium vulnerabilities, as well as numbered Security bugs -
    119113      again, these relate to chromium.
    123117      at At that
    124118      time I could see various unmerged items, so I waited. The items for the
    125       69-based chromium module are not relevant to 5.15 (possibly they will
    126       eventually update 5.12). Review queues for other Qt employees might be found
     119      90-based chromium module are not relevant to 5.15-series (possibly they will
     120      be for qtwebengine-6+). Review queues for other Qt employees might be found
    127121      in a similar way, but remember that everythng EXCEPT qtwebengine and chromium
    128122      is private to Qt until they choose to release it.
    130124      NOTE: the 3rdparty/chromium tree may contain more patches than have been
    131125      merged into the current 5.15.x branch. Any patches after what was in the
    132       last 'update chromium' merge in qtwebengine may break the build.  When Qt
    133       is close to releasing a paid-for 5.15 version, items from 5.15.x get merged
    134       into 5.15.
     126      last 'update chromium' merge in qtwebengine occasionally break the build.
    136128      After merging the contents of the qtwebengine and src/3rdparty git extracts,
    137129      in the top level please create a GIT-VERSIONS file summarising the HEAD
    138       commits of both parts, as a reminder of where we are up to.
     130      commits of both parts, as a reminder of where we are up to. I've nove added
     131      a CVE-fixes to keep track of what has been fixed (comits before 5.15.2 did not
     132      mention the CVEs until they were detailed in a release).
    140134      Now create tarballs - 'git archive' does not work across submodule boundaries,
    175169        <application>Qt</application> and the static library is not available,
    176170        that build will either complete without installing webengine, or else
    177         fail during the install (both variants have been observed in 5.12.0).
     171        fail during the install (both variants were observed in 5.12.0).
    178172      </para>
    179173    </note>
    221215               that the tarball names names differ
    222216          <ulink url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/> -->
     217           <!--
    223218          <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch"/>
    224219        </para>
    226221      <listitem>
    227222        <para>
    228           Required patch:
    229           <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-4.patch"/>
     223          Required patch:-->
     224          <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-1.patch"/>
    230225        </para>
    231226      </listitem>
    256251      <xref linkend="pulseaudio"/> (or both),
    257252      <xref linkend="ffmpeg"/>,
    258       <xref linkend="icu"/>,
     253      <!-- awkward wording - libxslt needs libxml2, if libxml2 is built
     254           before icu then the *shipped* icu will be used -->
     255      <xref linkend="icu"/> (built before <xref linkend="libxml2"/>) ,
    259256      <xref linkend="libwebp"/>,
    260257      <xref linkend="libxslt"/>, and
    265262    <para role="optional">
    266263      <xref linkend="libevent"/>,
     264      <xref linkend="pipewire"/>,
    267265      <xref linkend="poppler"/>,
    268266      <ulink url="">jsoncpp</ulink>,
    299297<screen role="root"><userinput>ln -svf /usr/bin/python{2,}</userinput></screen>
     299<!-- retain, there might later be a patch rather than a full 306MB tarball
    301300    <para>
    302301      Now apply a patch for security and other fixes:
    303302    </para>
    305 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch</userinput></screen>
    307     <para>
    308       Next apply a patch to fix several issues that can prevent the build working:
    309     </para>
    311 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-4.patch</userinput></screen>
     304<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch</userinput></screen>-->
     306    <para>
     307      Apply apply a patch to fix several issues that can prevent the build working:
     308    </para>
     310<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-1.patch</userinput></screen>
    313312<!-- start of commands for git versions only -->
    314313    <para>
    315       Although the first patch has ensured that git is not invoked during the build,
     314      Although the patch has ensured that git is not invoked during the build,
    316315      the build system has labyrinthine rules of byzantine complexity, and in
    317316      particular trying to build without two <filename>.git</filename> directories
    360359<screen><userinput>sed -i 's/NINJAJOBS/NINJA_JOBS/' src/core/</userinput></screen>
     361<!-- now that we always install this as 5.15.2, this seems to be redundant
    362362    <para>
    363363      If an older version of the package's main library has been installed,
    370370<screen role="root"><userinput>if [ -e ${QT5DIR}/lib/ ]; then
    371371  mv -v ${QT5DIR}/lib/{,.old}
    372 fi</userinput></screen>
    374374    <para>
    379379<screen><userinput>mkdir build &amp;&amp;
    380380cd    build &amp;&amp;
    382381qmake .. -- -system-ffmpeg -webengine-icu &amp;&amp;
    445444    </para>
     446    <para>
     447      <option>-webengine-jumbo-build 0</option>: If this is added to the qmake
     448      command it will cause the 'Jumbo Build Merge Limit' to be reported as 'no'
     449      instead of 8. That turns off the jumbo build. Some distros do that to get
     450      a smaller build on some architectures such as MIPS. On x86_64 it might save
     451      a little space in the build, but the build time will increase by a very
     452      large amount.
     453    </para>
    447455    <!--
    448456    <xi:include xmlns:xi=""
    454462      recognize the NINJAJOBS environment variable, this command will run system
    455463      ninja with the specified number of jobs (i.e. 4).
    456       There are several reasons why you might want to do this:
    457     </para>
     464      There are several reasons why you might want to use options like this this:
     465    </para>
    459467      <itemizedlist>
    460468        <listitem>
    461469          <para>
    462470            Building on a subset of CPUs allows measuring the build time
    463             for that number of processors or to run other CPU-intensive tasks on
    464             other cores.
    465           </para>
    466         </listitem>
    467         <listitem>
    468           <para>
    469             Improving the build speed on a less-well endowed 4-core machine.
    470             On a machine with a powerful CPU and plenty of RAM, running N+2
    471             jobs (the ninja default for 4+ cores) for the large working sets
    472             of the C++ compiles in this package is typically only marginally
    473             faster than running N jobs at a time.  But for a machine with less
    474             memory it can be much slower.
     471            for a smaller number of processors, and/or running other
     472            CPU-intensive tasks at the same time. For an editor on a machine
     473            with a lot of CPUs, trying to measure the build time for a 4-CPU
     474            machine, <option>NINJAJOBS=4 make</option> will give a reasonable
     475            approximation (there is a short period where N+2 python2 and node
     476            jobs run).
     477          </para>
     478        </listitem>
     479        <listitem>
     480          <para>
     481            On a machine with only 4 CPUs online, the default of scheduling
     482            N+2 jobsi for qtwebengine is slower by between 3% and 7%, probably
     483            because of the size of the C++ files and their many includes and
     484            templates. Therefore, if in doubt set NINJAJOBS to the number of CPUs.
    475485          </para>
    476486        </listitem>
Note: See TracChangeset for help on using the changeset viewer.