Changes in / [10e2d5f1:f7a91626]
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
introduction/welcome/changelog.xml
r10e2d5f1 rf7a91626 45 45 <para>August 28th, 2021</para> 46 46 <itemizedlist> 47 <listitem>48 <para>[ken] - Update to qtwebengine-5.15.6 (security fixes).49 Fixes <ulink url="&blfs-ticket-root;15471">#15471</ulink>.</para>50 </listitem>51 47 <listitem> 52 48 <para>[bdubbs] - Update to pinentry-1.2.0. Fixes -
packages.ent
r10e2d5f1 rf7a91626 768 768 <!ENTITY pangomm-version "2.46.1"> 769 769 <!ENTITY qt5-version "5.15.2"> 770 <!ENTITY qtwebengine-version " 5.15.6">770 <!ENTITY qtwebengine-version "20210401"> 771 771 <!ENTITY qtwebkit-version "5.9.0"> 772 772 <!ENTITY qscintilla-version "2.10.4"> -
x/lib/qtwebengine.xml
r10e2d5f1 rf7a91626 11 11 <!ENTITY qtwebengine-download-http "&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz"> 12 12 <!ENTITY qtwebengine-download-ftp " "> 13 <!ENTITY qtwebengine-md5sum " af799617842cca0b765102c312fbdd46">13 <!ENTITY qtwebengine-md5sum "97ee413dccf03d2fc09a7718f39367f7"> 14 14 <!ENTITY qtwebengine-size "306 MB"> 15 15 <!ENTITY qtwebengine-buildsize "5.1 GB (154 MB installed)"> 16 <!ENTITY qtwebengine-time "9 7 SBU (typical, Using parallelism=4)">16 <!ENTITY qtwebengine-time "95 SBU (Using 6 jobs on a 4-core processor)"> 17 17 ]> 18 18 … … 57 57 58 58 <warning> 59 <!-- FIXME : remove this para before we release 11.0 --> 60 <para> 61 <emphasis>If you are using a development version of LFS with binutils-2.37, 62 you must rebuild binutils with the patch which is now in LFS, otherwise the 63 build will eventually fail with a message 'error adding symbols: malformed 64 archive'.</emphasis> 65 </para> 66 59 67 <para> 60 68 QtWebEngine uses a forked copy of chromium, and is therefore vulnerable … … 78 86 79 87 <para> <!-- for git versions --> 80 The tarball linked to below was created from the 5.15 .6git branch88 The tarball linked to below was created from the 5.15 git branch 81 89 and the 87-branch of the chromium submodule (which is forked from 82 90 chromium). See the GIT-VERSIONS file in the tarball (after applying … … 94 102 git branch -r 95 103 after a release is prepared (even if the rest is not public), the 5.15 96 branch now seems to get updated and might be what you want. But in the 97 approach to 5.15.6 the backported CVE and other security fixes were only 98 applied to 5.15.6. So, assuming that a 5.15.7 branch now exists, 99 git checkout origin/5.15.7 104 branch is probably what you want 105 git checkout origin/5.15 100 106 Confirm that HEAD is where you expected. 101 107 Now go to src/3rdparty … … 108 114 109 115 To decide when it might be worth creating a new tarball, periodically keep 110 an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the 5.15 .6111 branch, 5.15. 7might get used later). The interesting items are CVE fixes116 an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the 5.15 117 branch, 5.15.4 might get used later). The interesting items are CVE fixes 112 118 for known chromium vulnerabilities, as well as numbered Security bugs - 113 119 again, these relate to chromium. … … 117 123 at https://codereview.qt.nokia.com/q/owner:michael.bruning%2540qt.io. At that 118 124 time I could see various unmerged items, so I waited. The items for the 119 90-based chromium module are not relevant to 5.15-series(possibly they will120 be for qtwebengine-6+). Review queues for other Qt employees might be found125 69-based chromium module are not relevant to 5.15 (possibly they will 126 eventually update 5.12). Review queues for other Qt employees might be found 121 127 in a similar way, but remember that everythng EXCEPT qtwebengine and chromium 122 128 is private to Qt until they choose to release it. … … 124 130 NOTE: the 3rdparty/chromium tree may contain more patches than have been 125 131 merged into the current 5.15.x branch. Any patches after what was in the 126 last 'update chromium' merge in qtwebengine occasionally break the build. 132 last 'update chromium' merge in qtwebengine may break the build. When Qt 133 is close to releasing a paid-for 5.15 version, items from 5.15.x get merged 134 into 5.15. 127 135 128 136 After merging the contents of the qtwebengine and src/3rdparty git extracts, 129 137 in the top level please create a GIT-VERSIONS file summarising the HEAD 130 commits of both parts, as a reminder of where we are up to. I've nove added 131 a CVE-fixes to keep track of what has been fixed (comits before 5.15.2 did not 132 mention the CVEs until they were detailed in a release). 138 commits of both parts, as a reminder of where we are up to. 133 139 134 140 Now create tarballs - 'git archive' does not work across submodule boundaries, … … 169 175 <application>Qt</application> and the static library is not available, 170 176 that build will either complete without installing webengine, or else 171 fail during the install (both variants wereobserved in 5.12.0).177 fail during the install (both variants have been observed in 5.12.0). 172 178 </para> 173 179 </note> … … 215 221 that the tarball names names differ 216 222 <ulink url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/> --> 217 <!--218 223 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch"/> 219 224 </para> … … 221 226 <listitem> 222 227 <para> 223 Required patch: -->224 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes- 1.patch"/>228 Required patch: 229 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-4.patch"/> 225 230 </para> 226 231 </listitem> … … 251 256 <xref linkend="pulseaudio"/> (or both), 252 257 <xref linkend="ffmpeg"/>, 253 <!-- awkward wording - libxslt needs libxml2, if libxml2 is built 254 before icu then the *shipped* icu will be used --> 255 <xref linkend="icu"/> (built before <xref linkend="libxml2"/>) , 258 <xref linkend="icu"/>, 256 259 <xref linkend="libwebp"/>, 257 260 <xref linkend="libxslt"/>, and … … 262 265 <para role="optional"> 263 266 <xref linkend="libevent"/>, 264 <xref linkend="pipewire"/>,265 267 <xref linkend="poppler"/>, 266 268 <ulink url="https://github.com/open-source-parsers/jsoncpp/releases">jsoncpp</ulink>, … … 297 299 <screen role="root"><userinput>ln -svf /usr/bin/python{2,}</userinput></screen> 298 300 299 <!-- retain, there might later be a patch rather than a full 306MB tarball300 301 <para> 301 302 Now apply a patch for security and other fixes: 302 303 </para> 303 304 304 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch</userinput></screen> -->305 306 <para> 307 Applyapply a patch to fix several issues that can prevent the build working:308 </para> 309 310 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes- 1.patch</userinput></screen>305 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-upstream_fixes-2.patch</userinput></screen> 306 307 <para> 308 Next apply a patch to fix several issues that can prevent the build working: 309 </para> 310 311 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-4.patch</userinput></screen> 311 312 312 313 <!-- start of commands for git versions only --> 313 314 <para> 314 Although the patch has ensured that git is not invoked during the build,315 Although the first patch has ensured that git is not invoked during the build, 315 316 the build system has labyrinthine rules of byzantine complexity, and in 316 317 particular trying to build without two <filename>.git</filename> directories … … 359 360 <screen><userinput>sed -i 's/NINJAJOBS/NINJA_JOBS/' src/core/gn_run.pro</userinput></screen> 360 361 361 <!-- now that we always install this as 5.15.2, this seems to be redundant362 362 <para> 363 363 If an older version of the package's main library has been installed, … … 370 370 <screen role="root"><userinput>if [ -e ${QT5DIR}/lib/libQt5WebEngineCore.so ]; then 371 371 mv -v ${QT5DIR}/lib/libQt5WebEngineCore.so{,.old} 372 fi</userinput></screen> -->372 fi</userinput></screen> 373 373 374 374 <para> … … 379 379 <screen><userinput>mkdir build && 380 380 cd build && 381 381 382 qmake .. -- -system-ffmpeg -webengine-icu && 382 383 make</userinput></screen> … … 444 445 </para> 445 446 446 <para>447 <option>-webengine-jumbo-build 0</option>: If this is added to the qmake448 command it will cause the 'Jumbo Build Merge Limit' to be reported as 'no'449 instead of 8. That turns off the jumbo build. Some distros do that to get450 a smaller build on some architectures such as MIPS. On x86_64 it might save451 a little space in the build, but the build time will increase by a very452 large amount.453 </para>454 455 447 <!-- 456 448 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" … … 462 454 recognize the NINJAJOBS environment variable, this command will run system 463 455 ninja with the specified number of jobs (i.e. 4). 464 There are several reasons why you might want to use options like thisthis:465 </para> 466 456 There are several reasons why you might want to do this: 457 </para> 458 467 459 <itemizedlist> 468 460 <listitem> 469 461 <para> 470 462 Building on a subset of CPUs allows measuring the build time 471 for a smaller number of processors, and/or running other 472 CPU-intensive tasks at the same time. For an editor on a machine 473 with a lot of CPUs, trying to measure the build time for a 4-CPU 474 machine, <option>NINJAJOBS=4 make</option> will give a reasonable 475 approximation (there is a short period where N+2 python2 and node 476 jobs run). 477 </para> 478 </listitem> 479 <listitem> 480 <para> 481 On a machine with only 4 CPUs online, the default of scheduling 482 N+2 jobsi for qtwebengine is slower by between 3% and 7%, probably 483 because of the size of the C++ files and their many includes and 484 templates. Therefore, if in doubt set NINJAJOBS to the number of CPUs. 463 for that number of processors or to run other CPU-intensive tasks on 464 other cores. 465 </para> 466 </listitem> 467 <listitem> 468 <para> 469 Improving the build speed on a less-well endowed 4-core machine. 470 On a machine with a powerful CPU and plenty of RAM, running N+2 471 jobs (the ninja default for 4+ cores) for the large working sets 472 of the C++ compiles in this package is typically only marginally 473 faster than running N jobs at a time. But for a machine with less 474 memory it can be much slower. 485 475 </para> 486 476 </listitem>
Note:
See TracChangeset
for help on using the changeset viewer.