Changes in / [10e2d5f1:f7a91626]

Files:

• introduction/welcome/changelog.xml (modified) (1 diff)
• packages.ent (modified) (1 diff)
• x/lib/qtwebengine.xml (modified) (18 diffs)

introduction/welcome/changelog.xml

@@ -45 +45 @@
       <para>August 28th, 2021</para>
       <itemizedlist>
-        <listitem>
-          <para>[ken] - Update to qtwebengine-5.15.6 (security fixes).
-          Fixes <ulink url="&blfs-ticket-root;15471">#15471</ulink>.</para>
-        </listitem>
         <listitem>
           <para>[bdubbs] - Update to pinentry-1.2.0. Fixes

packages.ent

@@ -768 +768 @@
 <!ENTITY pangomm-version              "2.46.1">
 <!ENTITY qt5-version                  "5.15.2">
-<!ENTITY qtwebengine-version          "5.15.6">
+<!ENTITY qtwebengine-version          "20210401">
 <!ENTITY qtwebkit-version             "5.9.0">
 <!ENTITY qscintilla-version           "2.10.4">

x/lib/qtwebengine.xml

@@ -11 +11 @@
   <!ENTITY qtwebengine-download-http "&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz">
   <!ENTITY qtwebengine-download-ftp  " ">
-  <!ENTITY qtwebengine-md5sum        "af799617842cca0b765102c312fbdd46">
+  <!ENTITY qtwebengine-md5sum        "97ee413dccf03d2fc09a7718f39367f7">
   <!ENTITY qtwebengine-size          "306 MB">
   <!ENTITY qtwebengine-buildsize     "5.1 GB (154 MB installed)">
-  <!ENTITY qtwebengine-time          "97 SBU (typical, Using parallelism=4)">
+  <!ENTITY qtwebengine-time          "95 SBU (Using 6 jobs on a 4-core processor)">
 ]>
 
@@ -57 +57 @@
 
     <warning>
+      <!-- FIXME : remove this para before we release 11.0 -->
+      <para>
+        <emphasis>If you are using a development version of LFS with binutils-2.37,
+        you must rebuild binutils with the patch which is now in LFS, otherwise the
+        build will eventually fail with a message 'error adding symbols: malformed
+        archive'.</emphasis>
+      </para>
+ 
       <para>
         QtWebEngine uses a forked copy of chromium, and is therefore vulnerable
@@ -78 +86 @@
 
       <para> <!-- for git versions -->
-        The tarball linked to below was created from the 5.15.6 git branch
+        The tarball linked to below was created from the 5.15 git branch
         and the 87-branch of the chromium submodule (which is forked from
         chromium). See the GIT-VERSIONS file in the tarball (after applying
@@ -94 +102 @@
       git branch -r
        after a release is prepared (even if the rest is not public), the 5.15
-       branch now seems to get updated and might be what you want. But in the
-       approach to 5.15.6 the backported CVE and other security fixes were only
-       applied to 5.15.6.  So, assuming that a 5.15.7 branch now exists,
-      git checkout origin/5.15.7
+       branch is probably what you want
+      git checkout origin/5.15
        Confirm that HEAD is where you expected.
        Now go to src/3rdparty
@@ -108 +114 @@
 
       To decide when it might be worth creating a new tarball, periodically keep
-      an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the 5.15.6
-      branch, 5.15.7 might get used later). The interesting items are CVE fixes
+      an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the 5.15
+      branch, 5.15.4 might get used later). The interesting items are CVE fixes
       for known chromium vulnerabilities, as well as numbered Security bugs -
       again, these relate to chromium.
@@ -117 +123 @@
       at https://codereview.qt.nokia.com/q/owner:michael.bruning%2540qt.io. At that
       time I could see various unmerged items, so I waited. The items for the
-      90-based chromium module are not relevant to 5.15-series (possibly they will
-      be for qtwebengine-6+). Review queues for other Qt employees might be found
+      69-based chromium module are not relevant to 5.15 (possibly they will
+      eventually update 5.12). Review queues for other Qt employees might be found
       in a similar way, but remember that everythng EXCEPT qtwebengine and chromium
       is private to Qt until they choose to release it.
@@ -124 +130 @@
       NOTE: the 3rdparty/chromium tree may contain more patches than have been
       merged into the current 5.15.x branch. Any patches after what was in the
-      last 'update chromium' merge in qtwebengine occasionally break the build.
+      last 'update chromium' merge in qtwebengine may break the build.  When Qt
+      is close to releasing a paid-for 5.15 version, items from 5.15.x get merged
+      into 5.15.
 
       After merging the contents of the qtwebengine and src/3rdparty git extracts,
       in the top level please create a GIT-VERSIONS file summarising the HEAD
-      commits of both parts, as a reminder of where we are up to. I've nove added
-      a CVE-fixes to keep track of what has been fixed (comits before 5.15.2 did not
-      mention the CVEs until they were detailed in a release).
+      commits of both parts, as a reminder of where we are up to.
 
       Now create tarballs - 'git archive' does not work across submodule boundaries,
@@ -169 +175 @@
         <application>Qt</application> and the static library is not available,
         that build will either complete without installing webengine, or else
-        fail during the install (both variants were observed in 5.12.0).
+        fail during the install (both variants have been observed in 5.12.0).
       </para>
     </note>
@@ -215 +221 @@
                that the tarball names names differ
           <ulink url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/> -->
-           <!--
           <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch"/>
         </para>
@@ -221 +226 @@
       <listitem>
         <para>
-          Required patch:-->
-          <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-1.patch"/>
+          Required patch:
+          <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-4.patch"/>
         </para>
       </listitem>
@@ -251 +256 @@
       <xref linkend="pulseaudio"/> (or both),
       <xref linkend="ffmpeg"/>,
-      <!-- awkward wording - libxslt needs libxml2, if libxml2 is built
-           before icu then the *shipped* icu will be used -->
-      <xref linkend="icu"/> (built before <xref linkend="libxml2"/>) ,
+      <xref linkend="icu"/>,
       <xref linkend="libwebp"/>,
       <xref linkend="libxslt"/>, and
@@ -262 +265 @@
     <para role="optional">
       <xref linkend="libevent"/>,
-      <xref linkend="pipewire"/>,
       <xref linkend="poppler"/>,
       <ulink url="https://github.com/open-source-parsers/jsoncpp/releases">jsoncpp</ulink>,
@@ -297 +299 @@
 <screen role="root"><userinput>ln -svf /usr/bin/python{2,}</userinput></screen>
 
-<!-- retain, there might later be a patch rather than a full 306MB tarball
     <para>
       Now apply a patch for security and other fixes:
     </para>
 
-<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch</userinput></screen>-->
-
-    <para>
-      Apply apply a patch to fix several issues that can prevent the build working:
-    </para>
-
-<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-1.patch</userinput></screen>
+<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch</userinput></screen>
+
+    <para>
+      Next apply a patch to fix several issues that can prevent the build working:
+    </para>
+
+<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-4.patch</userinput></screen>
 
 <!-- start of commands for git versions only -->
     <para>
-      Although the patch has ensured that git is not invoked during the build,
+      Although the first patch has ensured that git is not invoked during the build,
       the build system has labyrinthine rules of byzantine complexity, and in
       particular trying to build without two <filename>.git</filename> directories
@@ -359 +360 @@
 <screen><userinput>sed -i 's/NINJAJOBS/NINJA_JOBS/' src/core/gn_run.pro</userinput></screen>
 
-<!-- now that we always install this as 5.15.2, this seems to be redundant
     <para>
       If an older version of the package's main library has been installed,
@@ -370 +370 @@
 <screen role="root"><userinput>if [ -e ${QT5DIR}/lib/libQt5WebEngineCore.so ]; then
   mv -v ${QT5DIR}/lib/libQt5WebEngineCore.so{,.old}
-fi</userinput></screen>-->
+fi</userinput></screen>
 
     <para>
@@ -379 +379 @@
 <screen><userinput>mkdir build &amp;&amp;
 cd    build &amp;&amp;
+
 qmake .. -- -system-ffmpeg -webengine-icu &amp;&amp;
 make</userinput></screen>
@@ -444 +445 @@
     </para>
 
-    <para>
-      <option>-webengine-jumbo-build 0</option>: If this is added to the qmake
-      command it will cause the 'Jumbo Build Merge Limit' to be reported as 'no'
-      instead of 8. That turns off the jumbo build. Some distros do that to get
-      a smaller build on some architectures such as MIPS. On x86_64 it might save
-      a little space in the build, but the build time will increase by a very
-      large amount.
-    </para>
-
     <!--
     <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 
@@ -462 +454 @@
       recognize the NINJAJOBS environment variable, this command will run system
       ninja with the specified number of jobs (i.e. 4). 
-      There are several reasons why you might want to use options like this this:
-    </para>
-
+      There are several reasons why you might want to do this:
+    </para>
+      
       <itemizedlist>
         <listitem>
           <para>
             Building on a subset of CPUs allows measuring the build time
-            for a smaller number of processors, and/or running other
-            CPU-intensive tasks at the same time. For an editor on a machine
-            with a lot of CPUs, trying to measure the build time for a 4-CPU
-            machine, <option>NINJAJOBS=4 make</option> will give a reasonable
-            approximation (there is a short period where N+2 python2 and node
-            jobs run).
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            On a machine with only 4 CPUs online, the default of scheduling
-            N+2 jobsi for qtwebengine is slower by between 3% and 7%, probably
-            because of the size of the C++ files and their many includes and
-            templates. Therefore, if in doubt set NINJAJOBS to the number of CPUs.
+            for that number of processors or to run other CPU-intensive tasks on
+            other cores.
+          </para>
+        </listitem>
+        <listitem>
+          <para>
+            Improving the build speed on a less-well endowed 4-core machine.
+            On a machine with a powerful CPU and plenty of RAM, running N+2
+            jobs (the ninja default for 4+ cores) for the large working sets
+            of the C++ compiles in this package is typically only marginally
+            faster than running N jobs at a time.  But for a machine with less
+            memory it can be much slower.
           </para>
         </listitem>