Changeset fb6d1550 for x/lib

Timestamp:

04/09/2021 11:06:48 PM (3 years ago)

Author:

Ken Moffat <ken@…>

Branches:

11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

3ed1498c

Parents:

223a2fa

Message:

Update QtWebEngine to a snapshot from 2021-04-01
(security update).

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24457 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:

• x/lib/qtwebengine.xml (modified) (6 diffs)

x/lib/qtwebengine.xml

@@ -11 +11 @@
   <!ENTITY qtwebengine-download-http "&sources-anduin-http;/qtwebengine/qtwebengine-&qtwebengine-version;.tar.xz">
   <!ENTITY qtwebengine-download-ftp  " ">
-  <!ENTITY qtwebengine-md5sum        "838d5d4ef9d1e5b82a41bff6f830e4a4">
+  <!ENTITY qtwebengine-md5sum        "97ee413dccf03d2fc09a7718f39367f7">
   <!ENTITY qtwebengine-size          "306 MB">
   <!ENTITY qtwebengine-buildsize     "5.1 GB (154 MB installed)">
@@ -73 +73 @@
       <para>
         It seems likely that future 5.15-series versions will also be released
-        long after the chromium vulnerabilities are known.
+        long after the chromium vulnerabilities are known, but fixes for
+        QtWebEngine can be found in git and the editors take the view that
+        known vulnerabilities in browsers should be fixed.
       </para>
 
       <para> <!-- for git versions -->
         The tarball linked to below was created from the 5.15 git branch
-        at https://code.qt.io/cgit/qt/qtwebengine.git commit 029771bcd254
-        just before the version there was rolled on for 5.15.4,
-        <!-- the DTS doesn't let me put a url in a para -->
-        <!--ulink url="https://code.qt.io/cgit/qt/qtwebengine.git/commit/?h=5.15&amp;id=029771bcd254"/>code.qt.io/cgit/qt/qtwebengine.git</ulink>-->
-        with the chromium submodule using the 87-branch at revision 7c8217b36a95.
+        and the 87-branch of the chromium submodule (which is forked from
+        chromium). See the GIT-VERSIONS file in the tarball for details of
+        the latest commits.
       </para>
     </warning>
@@ -102 +102 @@
       git branch -r
        The required branch is likely to be 87-branch unless there is a newer one
+      mentioned in the 5.15 cgit web page (below).
       git checkout origin/87-branch (or whatever)
        Use git log or git tk to look at its HEAD and check it seems appropriate.
+
+      To decide when it might be worth creating a new tarball, periodically keep
+      an eye on https://code.qt.io/cgit/qt/qtwebengine.git/ (currently, the 5.15
+      branch, 5.15.4 might get used later). The interesting items are CVE fixes
+      for known chromium vulnerabilities, as well as numbered Security bugs -
+      again, these relate to chromium.
+
+      When I noticed some updates in late March I was searching for one of the
+      CVEs mentioned, and google found a link to a review page for Michael Brüning
+      at https://codereview.qt.nokia.com/q/owner:michael.bruning%2540qt.io. At that
+      time I could see various unmerged items, so I waited. The items for the
+      69-based chromium module are not relevant to 5.15 (possibly they will
+      eventually update 5.12). Review queues for other Qt employees might be found
+      in a similar way, but remember that everythng EXCEPT qtwebengine and chromium
+      is private to Qt until they choose to release it.
+
+      After merging the contents of the qtwebengine and src/3rdparty git extracts,
+      in the top level please create a GIT-VERSIONS file summarising the HEAD
+      commits of both parts, as a reminder of where we are up to.
 
       Now create tarballs - 'git archive' does not work across submodule boundaries,
@@ -111 +131 @@
       tarball, go down to src/3rdparty and untar the submodule tarball.
       Decide on what to call the result and create a full xz tarball using tar -cJf.
-     -->
+         end of note for editors -->
 
     &lfs101_checked;
@@ -177 +197 @@
                that the tarball names names differ
           <ulink url="&patch-root;/qtwebengine-everywhere-src-&qtwebengine-version;-ICU68-2.patch"/> -->
-          <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-2.patch"/>
+          <ulink url="&patch-root;/qtwebengine-&qtwebengine-version;-build_fixes-1.patch"/>
         </para>
       </listitem>
@@ -253 +273 @@
     </para>
 
-<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-2.patch</userinput></screen>
+<screen><userinput remap="pre">patch -Np1 -i ../qtwebengine-&qtwebengine-version;-build_fixes-1.patch</userinput></screen>
 
 <!-- start of commands for git versions only -->