Changeset f806bbf2 for x/lib/qtwebengine.xml
- Timestamp:
- 03/06/2024 06:34:58 AM (7 months ago)
- Branches:
- 12.2, gimp3, ken/TL2024, lazarus, trunk, xry111/for-12.3, xry111/llvm18, xry111/spidermonkey128
- Children:
- 5e614d47
- Parents:
- 81575be
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
x/lib/qtwebengine.xml
r81575be rf806bbf2 5 5 %general-entities; 6 6 7 <!ENTITY qtwebengine-major "5.15"> 8 <!-- URL if there is a public release 9 <!ENTITY qtwebengine-download-http "https://download.qt.io/archive/qt/&qtwebengine-major;/&qtwebengine-version;/submodules/qtwebengine-everywhere-src-&qtwebengine-version;.tar.xz"> 10 URL for a prepared git version --> 11 <!ENTITY qtwebengine-download-http "&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz"> 7 <!ENTITY qtwebengine-download-http "https://download.qt.io/official_releases/qt/&qtwebengine-major;/&qtwebengine-version;/submodules/qtwebengine-everywhere-src-&qtwebengine-version;.tar.xz"> 12 8 <!ENTITY qtwebengine-download-ftp " "> 13 <!ENTITY qtwebengine-md5sum " 9f430acf599605c762a8098000155045">14 <!ENTITY qtwebengine-size " 307MB">15 <!ENTITY qtwebengine-buildsize " 5.1 GB (154MB installed)">16 <!ENTITY qtwebengine-time " 45SBU (Using parallelism=8)">9 <!ENTITY qtwebengine-md5sum "593be964bad252a2b8e0052bc171175b"> 10 <!ENTITY qtwebengine-size "402 MB"> 11 <!ENTITY qtwebengine-buildsize "7.6 GB (231 MB installed)"> 12 <!ENTITY qtwebengine-time "51 SBU (Using parallelism=8)"> 17 13 ]> 18 14 19 15 <sect1 id="qtwebengine" xreflabel="qtwebengine-&qtwebengine-version;"> 20 16 <?dbhtml filename="qtwebengine.html"?> 21 22 17 23 18 <title>QtWebEngine-&qtwebengine-version;</title> … … 43 38 website designed for google chrome, or chromium, browsers. 44 39 </para> 45 46 <important>47 <para>48 Qt-5.15 reached End Of Life on 26 May 2023. Extended lifetime Qt5.15 LTS49 has been extended until 26th May 2025 for those with subscription licenses.50 Because qtwebengine uses chromium code under the LGPL, it appears that any51 new backported CVE fixes for QtWebEngine will be available after Qt makes52 public releases of its current versions.53 </para>54 </important>55 56 <warning>57 <para>58 QtWebEngine uses a forked copy of chromium, and is therefore vulnerable59 to many issues found there. The Qt developers have always preferred to60 make releases at the same time as the rest of Qt (rather than adding61 emergency fixes), but with stable versions getting released after the62 current development version. Now that they are keen to move to Qt6, the63 5.15.3 and later Qt-5.15 releases are initially only available to paying64 customers. QtWebEngine is something of an exception because of its LGPL65 licence, but getting the git sources (with the forked chromium submodule)66 to a position where they will successfully build on a current BLFS system67 can take a lot of effort and therefore updates to the book may be delayed.68 </para>69 70 <para>71 It seems likely that future 5.15-series versions will also be released72 long after the chromium vulnerabilities are known, but fixes for73 QtWebEngine can be found in git and the editors take the view that74 known vulnerabilities in browsers should be fixed.75 </para>76 77 <para> <!-- for git versions -->78 The tarball linked to below was created from the 5.15<!--.15--> git branch79 and the 87-branch of the chromium submodule (which is forked from80 chromium). See the GIT-VERSIONS file in the tarball for details of the81 latest commits.82 </para>83 </warning>84 85 <!-- note for editors on obtaining webengine from git.86 First (if you do not already have a past version)87 git clone git://code.qt.io/qt/qtwebengine.git88 git submodule init -89 that will report qtwebengine-chromium.git registered for src/3rdparty90 now find the main branch names:91 git fetch origin92 git branch -r93 after a release is prepared (even if the rest is not public), the 5.1594 branch now seems to get updated and might be what you want. But in the95 approach to 5.15.6 the backported CVE and other security fixes were only96 applied to 5.15.6. So, assuming that a 5.15.7 branch now exists,97 git checkout origin/5.15.798 Confirm that HEAD is where you expected.99 Now go to src/3rdparty100 git fetch origin101 git branch -r102 The required branch is likely to be 87-branch unless there is a newer one103 mentioned in the 5.15 cgit web page (below).104 git checkout origin/87-branch (or whatever)105 Use git log or git tk to look at its HEAD and check it seems appropriate.106 If this doesn't work, use 'git submodule update'107 108 To decide when it might be worth creating a new tarball, periodically keep109 an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the 5.15.6110 branch, 5.15.7 might get used later). The interesting items are CVE fixes111 for known chromium vulnerabilities, as well as numbered Security bugs -112 again, these relate to chromium.113 114 When I noticed some updates in late March I was searching for one of the115 CVEs mentioned, and google found a link to a review page for Michael Brüning116 at https://codereview.qt-project.org/q/owner:michael.bruning%2540qt.io At that117 time I could see various unmerged items, so I waited. The items for the118 90-based chromium module are not relevant to 5.15-series (possibly they will119 be for qtwebengine-6+). Review queues for other Qt employees might be found120 in a similar way, but remember that everythng EXCEPT qtwebengine and chromium121 is private to Qt until they choose to release it.122 123 NOTE: the 3rdparty/chromium tree may contain more patches than have been124 merged into the current 5.15.x branch. Any patches after what was in the125 last 'update chromium' merge in qtwebengine occasionally break the build.126 127 After merging the contents of the qtwebengine and src/3rdparty git extracts,128 in the top level please create a GIT-VERSIONS file summarising the HEAD129 commits of both parts, as a reminder of where we are up to. I've nove added130 a CVE-fixes to keep track of what has been fixed (comits before 5.15.2 did not131 mention the CVEs until they were detailed in a release).132 133 Now create tarballs - 'git archive' does not work across submodule boundaries,134 so you need to create one archive from the top of qtwebengine/ and another135 from the top of src/3rdparty (chromium, gn, ninja are apparently all part of136 the qtwebengine-chromium module). Then in a work area untar the qtwebengine137 tarball, go down to src/3rdparty and untar the submodule tarball.138 Decide on what to call the result and create a full xz tarball using tar -cJf.139 140 NOTE: To use git archive, use something like this:141 git archive - -format tar.gz - -output qtwebengine.tar.gz HEAD142 git archive - -format tar.gz - -output chromium.tar.gz HEAD143 144 UPDATE: Since we have to host the tarball, and it is over 300MB, it makes145 sense to create a patch for subsequent fixes (for the first version, 314KB146 including the updates to the GIT-VERSIONS file). For future updates, view147 the current updates patch to see the previous commits. When the new commits148 have been applied, rename the updated version to 'b', but untar the149 unpatched tarball as 'a' and then diff a to b in the usual manner to get150 all updates since the tarball was created.151 152 For our own releases, probably best to create a fresh tarball.153 154 end of note for editors -->155 40 156 41 &lfs121_checked; … … 171 56 </para> 172 57 </warning> 173 58 <!-- 174 59 <note> 175 60 <para> … … 193 78 </para> 194 79 </note> 195 80 --> 196 81 <bridgehead renderas="sect3">Package Information</bridgehead> 197 82 <itemizedlist spacing="compact"> … … 228 113 </itemizedlist> 229 114 115 <!-- 230 116 <bridgehead renderas="sect3">Additional Downloads</bridgehead> 231 117 <itemizedlist spacing="compact"> 232 <!--<listitem>118 <listitem> 233 119 <para> 234 120 Required patch: … … 239 125 <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-5.15.7-1.patch"/> 240 126 </para> 241 </listitem> -->127 </listitem> 242 128 <listitem> 243 129 <para> … … 252 138 </para> 253 139 </listitem> 254 <!--140 255 141 <listitem> 256 142 <para> … … 259 145 </para> 260 146 </listitem> 261 -->262 147 </itemizedlist> 148 --> 263 149 264 150 <bridgehead renderas="sect3">qtwebengine Dependencies</bridgehead> 265 151 266 152 <bridgehead renderas="sect4">Required</bridgehead> 267 <!-- the qmake output tends to be misleading. 'khr' is from Mesa --> 153 268 154 <para role="required"> 269 155 <xref linkend="nodejs"/>, 270 156 <xref linkend="nss"/>, 271 <xref linkend="pciutils"/>, 272 <xref linkend="python311"/>, and 273 (<xref linkend='qt5'/> or 274 <xref role="nodep" linkend='qt5-components'/> with qtlocation and qtwebchannel) 157 <xref linkend="pciutils"/>, and 158 <xref linkend='qt6'/> 275 159 </para> 276 160 … … 309 193 <sect2 role="installation"> 310 194 <title>Installation of qtwebengine</title> 311 312 <!-- following merely commented instead of deleted, in case we need to313 drop back when a future version of python3 is released -->314 <!--<note>315 <para>316 Unlike version 5.15.2, the chromium-derived build system now needs317 <command>python</command> to be available and to be python2. In318 BLFS-10.1 the creation of the python symlink was removed as a step319 towards eventually getting rid of python2 (other old packages which320 need python2 usually work by invoking python2). If you are still321 using an earlier version of BLFS where322 <filename>/usr/bin/python</filename> exists, you can skip the323 commands to create the symlink, and to later remove it.324 </para>325 </note>326 327 <para>328 First, as the <systemitem class="username">root</systemitem>329 user, create the python symlink:330 </para>331 332 <screen role="root"><userinput>ln -svf /usr/bin/python{2,}</userinput></screen>-->333 334 335 <!--<para>336 Now apply a patch to update from 5.15.6 to the security and other fixes337 contained in the 5.15.7 source:338 </para>339 340 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-5.15.7-1.patch</userinput></screen>-->341 342 <para>343 Apply a patch to fix several issues that can prevent the build from completing,344 and to force it to use python3:345 </para>346 347 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-2.patch</userinput></screen>348 349 <para>350 If building with system <xref linkend='ffmpeg'/> as the editors351 recommend, apply a patch that resolves problems when building with352 ffmpeg-5 and later:353 </para>354 355 <screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-ffmpeg5_fixes-1.patch</userinput></screen>356 357 <!-- The ffmpeg commit effadce6c756247ea8bae32dc13bb3e6f464f0eb358 already in system ffmpeg, but not this old shipped copy.359 Not marked nodump because it won't affect the build with system360 ffmpeg anyway. -->361 362 <!-- Now in build_fixes-2363 <para>364 Otherwise, fix an issue in shipped ffmpeg causing it fail to build365 with Binutils 2.41 or later:366 </para>367 368 <screen><userinput remap="pre">sed 's/(uint8_t)\(([^)]*)\|shift\)/\1 \& 0x1F/' \369 -i src/3rdparty/chromium/third_party/ffmpeg/libavcodec/x86/mathops.h</userinput></screen>370 -->371 372 <!-- start of commands for git versions only -->373 <para>374 Although the build_fixes patch has ensured that git is not invoked during the build,375 the build system has labyrinthine rules of byzantine complexity, and in376 particular trying to build without two <filename>.git</filename> directories377 will lead to it eventually falling into unexpected and unbuildable code378 which references a private header that has not been created. Avoid this379 by creating the required directories:380 </para>381 382 <screen><userinput>mkdir -pv .git src/3rdparty/chromium/.git</userinput></screen>383 384 <para>385 Because this version of qtwebengine is aimed at a later release than the386 current public releases, change it to build for qt-&qt5-version; using a387 sed:388 </para>389 390 <screen><userinput>sed -e '/^MODULE_VERSION/s/5.*/&qt5-version;/' -i .qmake.conf</userinput></screen>391 <!-- end of commands for git versions only -->392 393 <para>394 Now, ensure that the local headers are available when not building as395 part of the complete <xref linkend="qt5"/>:396 </para>397 398 <screen><userinput>find -type f -name "*.pr[io]" |399 xargs sed -i -e 's|INCLUDEPATH += |&$$QTWEBENGINE_ROOT/include |'</userinput></screen>400 401 <para>402 Next, allow the pulseaudio library to be linked at build time, instead403 of run time. This also prevents an issue with newer pulseaudio:404 </para>405 406 <screen><userinput>sed -e '/link_pulseaudio/s/false/true/' \407 -i src/3rdparty/chromium/media/media_options.gni</userinput></screen>408 409 <para>410 Next, fix a build failure that occurs when libxml2-2.12.0 or later is411 installed:412 <!-- See Ticket #19246 -->413 </para>414 415 <screen><userinput>sed -e 's/xmlError/const xmlError/' \416 -i src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor.h \417 -i src/3rdparty/chromium/third_party/blink/renderer/core/xml/xslt_processor_libxslt.cc</userinput></screen>418 419 <!-- Now in build_fixes-2.patch (except Python 3.12 changes, those are commented420 until we eventually move to Python 3.12 again for this package (though421 hopefully by that point these issues will be resolved)422 <para>423 Next, fix the build tools so they can be run with Python-3.11+:424 </para>425 426 <screen><userinput>sed -e 's/\^(?i)/(?i)^/' \427 -i src/3rdparty/chromium/tools/metrics/ukm/ukm_model.py &&428 429 sed -e "s/'rU'/'r'/" \430 -i src/3rdparty/chromium/tools/grit/grit/util.py</userinput></screen>431 432 <para>433 Several fixes are needed for using Python-3.12+: first, either remove434 references to the removed <command>imp</command> module or435 replace it with the newer <command>importlib</command> module:436 </para>437 438 <screen><userinput>sed -e "/import imp/d" \439 -i src/3rdparty/chromium/mojo/public/tools/mojom/mojom/fileutil.py \440 src/3rdparty/chromium/mojo/public/tools/mojom/mojom/parse/lexer.py &&441 442 sed -e "s/import imp/import importlib.util/" \443 -e 's@.*load_source.*@\444 spec = importlib.util.spec_from_file_location(fullname, filepath)\445 mod = importlib.util.module_from_spec(spec);\446 spec.loader.exec_module(mod)\447 return mod@' \448 -i src/3rdparty/chromium/components/resources/protobufs/binary_proto_generator.py</userinput></screen>449 450 <note>451 <para>452 In the above instruction, the 4-space indentation of the four lines453 from <command>spec = ...</command> to <command>return ...</command>454 is significant, since they are in a Python script.455 </para>456 </note>457 458 <para>459 Remove an obsolete instance of and a reference to the460 <command>six</command> module:461 </para>462 463 <screen><userinput>sed -e /six.move/d \464 -i src/3rdparty/chromium/third_party/protobuf/python/google/protobuf/internal/python_message.py &&465 466 rm -r src/3rdparty/chromium/tools/grit/third_party/six</userinput></screen>467 468 <para>469 There is also a workaround needed for ICU-74+:470 </para>471 472 <screen><userinput>sed -e 's/^#define BA_LB_COUNT.*$/#define BA_LB_COUNT 40/' \473 -i src/3rdparty/chromium/third_party/blink/renderer/platform/text/text_break_iterator.cc</userinput></screen>474 -->475 476 <!-- In build_fixes-2.patch now477 <para>478 Finally, fix a change in the build system which allows its developers to479 pass e.g. -j20 to make (for quick tests of some areas) but breaks the480 build with LFS's use of the NINJAJOBS environment variable:481 </para>482 -->483 <!-- editors: See thread at484 http://lists.linuxfromscratch.org/pipermail/blfs-dev/2019-December/036996.html485 et.seq, particularly 037002.html which shows the commit near the end. -->486 487 <!--<screen><userinput>sed -i 's/NINJAJOBS/NINJA_JOBS/' src/core/gn_run.pro</userinput></screen>-->488 489 <!-- now that we always install this as 5.15.2, this seems to be redundant490 <para>491 If an older version of the package's main library has been installed,492 when the package is built separately it will link to that in preference493 to its own not-yet-installed version, and fail because of missing symbols.494 Prevent that by, as the <systemitem class="username">root</systemitem>495 user, moving the symlink out of the way:496 </para>497 498 <screen role="root"><userinput>if [ -e ${QT5DIR}/lib/libQt5WebEngineCore.so ]; then499 mv -v ${QT5DIR}/lib/libQt5WebEngineCore.so{,.old}500 fi</userinput></screen>-->501 502 <!--<para>503 The last fix is needed to build with gcc-12:504 </para>505 506 <screen><userinput>sed -e '/#include/i#include <vector>' \507 -i src/3rdparty/chromium/third_party/skia/src/utils/SkParseColor.cpp</userinput></screen>-->508 509 <!-- PATH=[...] will cause /opt/python3.11/bin/python3.11 to be hardcoded into510 the makefiles instead of whichever python is in /usr/bin -->511 195 <para> 512 196 Install <application>qtwebengine</application> by running the following … … 516 200 <screen><userinput>mkdir build && 517 201 cd build && 518 PATH=/opt/python3.11/bin:$PATH qmake .. -- \ 519 -system-ffmpeg \ 520 -proprietary-codecs \ 521 -webengine-icu && 522 make</userinput></screen> 523 524 <!-- 525 <para> 526 if you wish to build the HTML documentation, issue: 527 </para> 528 529 <screen><userinput>make docs</userinput></screen> 530 --> 202 203 cmake -D CMAKE_MESSAGE_LOG_LEVEL=STATUS \ 204 -D QT_FEATURE_webengine_system_ffmpeg=ON \ 205 -D QT_FEATURE_webengine_system_icu=ON \ 206 -D QT_FEATURE_webengine_system_libevent=ON \ 207 -D QT_FEATURE_webengine_proprietary_codecs=ON \ 208 -D QT_FEATURE_webengine_webrtc_pipewire=ON \ 209 -D QT_BUILD_EXAMPLES_BY_DEFAULT=OFF \ 210 -G Ninja .. && 211 212 ninja</userinput></screen> 213 531 214 <para> 532 215 This package does not come with a test suite. … … 540 223 541 224 <!-- EDITORS NOTE: If you are updating this package, use INSTALL_ROOT= 542 instead of DESTDIR= --> 543 <!-- 544 <para> 545 If you built the HTML documentation, install it with: 546 </para> 547 548 <screen role="root"><userinput>make install_docs</userinput></screen> 549 --> 550 <para> 551 Remove references to the build directory from installed library 552 dependency (prl) files by running the following 553 commands as the <systemitem class="username">root</systemitem> user: 554 </para> 555 556 <screen role="root"><userinput>find $QT5DIR/ -name \*.prl \ 557 -exec sed -i -e '/^QMAKE_PRL_BUILD_DIR/d' {} \;</userinput></screen> 558 559 <!--<para> 560 Finally, as the <systemitem class="username">root</systemitem> 561 user, remove the python symlink: 562 </para> 563 564 <screen role="root"><userinput>rm -v /usr/bin/python</userinput></screen>--> 225 instead of DESTDIR= Not sure this is valid any more with version 6.6.2 --> 565 226 </sect2> 566 227 … … 569 230 570 231 <para> 571 <command>PATH=/opt/python3.11/bin:$PATH</command>: This switch forces 572 this package to use the version of Python 3.11 that is installed in /opt. 573 This is done to reduce the chances for problems that may occur during the 574 build, and to simplify the instructions since this package is incompatible 575 with Python 3.12 without additional modifications. 576 <!-- Ticket #19016 --> 577 </para> 578 579 <para> 580 <command>qmake</command>: This will build the included copy of 581 <application>ninja</application> if it is not already installed 582 and use it to configure the build. 583 </para> 584 585 <para> 586 <command>-- -system-ffmpeg -proprietary-codecs -webengine-icu</command>: If 587 any options are passed to qmake they must come after '--' which must follow 588 '..' that points to the main directory. The options here cause it to use 589 system ffmpeg and system icu. The '-proprietary-codecs' option allows 590 ffmpeg to decode H264 and H265 codecs. If built as part of full Qt5, the 591 system icu is automatically used (only) by Qt5Core if it is available, but 592 unless this option is used webengine will always use its shipped copy of icu, 593 adding time and space to the build. Remove the 594 <parameter>-system-ffmpeg</parameter> switch if you don't have 595 <xref linkend='ffmpeg'/> installed and want to build this package 596 with an internal copy of ffmpeg. 597 </para> 598 599 <para> 600 <option>-webengine-jumbo-build 0</option>: If this is added to the qmake 601 command it will cause the 'Jumbo Build Merge Limit' to be reported as 'no' 602 instead of 8. That turns off the jumbo build. Some distros do that to get 603 a smaller build on some architectures such as MIPS. On x86_64 it might save 604 a little space in the build, but the build time will increase by a very 605 large amount. 606 </para> 607 608 <para> 609 <option>-webengine-kerberos</option>: Add this if you have installed <xref 610 linkend="mitkrb"/> and wish to connect from a browser using QtWebEngine 611 to a webserver which requires you to connect via kerberos. 612 </para> 613 614 <!-- 615 <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" 616 href="../../xincludes/SIOCGSTAMP.xml"/> 617 --> 232 <parameter>CMAKE_MESSAGE_LOG_LEVEL=STATUS</parameter>: Output 233 interesting messages that project users might be interested in. 234 Ideally these should be concise, no more than a single line, 235 but still informative. 236 </para> 237 238 <para> 239 <parameter>QT_FEATURE_webengine_system_*</parameter>: Specify what 240 external packages the system should use. 241 </para> 242 243 <para> 244 <parameter>QT_BUILD_EXAMPLES_BY_DEFAULT=OFF</parameter>: Do not build 245 exampes by default. 246 </para> 618 247 619 248 <para> … … 724 353 <seg> 725 354 qtwebengine_convert_dict and 726 QtWebEngineProcess ( in $QT5DIR/libexec)355 QtWebEngineProcess (both in $QT6DIR/libexec) 727 356 </seg> 728 357 <seg> 729 libQt5Pdf.so, 730 libQt5PdfWidgets.so, 731 libQt5WebEngineCore.so, 732 libQt5WebEngine.so, and 733 libQt5WebEngineWidgets.so 358 libQt6Pdf.so, 359 libQt6PdfQuick.so, 360 libQt6PdfWidgets.so, 361 libQt6WebEngineCore.so, 362 libQt6WebEngineiQuick.so, 363 libQt6WebEngineQuickDelegatesQml.so, and 364 libQt6WebEngineWidgets.so 734 365 </seg> 735 366 <seg> 736 $QT5DIR/include/QtPdf, 737 $QT5DIR/include/QtPdfWidgets, 738 $QT5DIR/include/QtWebEngine, 739 $QT5DIR/include/QtWebEngineCore, 740 $QT5DIR/include/QtWebEngineWidgets, 741 $QT5DIR/qml/QtWebEngine, and 742 $QT5DIR/translations/qtwebengine_locales 367 $QT6DIR/include/QtPdf, 368 $QT6DIR/include/QtPdfQuick, 369 $QT6DIR/include/QtPdfWidgets, 370 $QT6DIR/include/QtWebEngineCore, 371 $QT6DIR/include/QtWebEngineQuick, 372 $QT6DIR/include/QtWebEngineWidgets, 373 $QT6DIR/qml/QtWebEngine, and 374 $QT6DIR/translations/qtwebengine_locales 743 375 </seg> 744 376 </seglistitem> … … 776 408 </listitem> 777 409 </varlistentry> 778 410 <!-- 779 411 <varlistentry id="libQtWebEngine-lib"> 780 412 <term><filename class="libraryfile">libQtWebEngine.so</filename></term> … … 813 445 </listitem> 814 446 </varlistentry> 815 447 --> 816 448 </variablelist> 817 449 </sect2>
Note:
See TracChangeset
for help on using the changeset viewer.