Changeset fc0828f

Timestamp:

03/10/2021 03:37:23 AM (3 years ago)

Author:

Ken Moffat <ken@…>

Branches:

11.0, 11.1, 11.2, 11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal

Children:

8ff2771

Parents:

2ee8145

Message:

Add cautions to the QtWebEngine and Falkon pages.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24352 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:

• general.ent (modified) (2 diffs)
• introduction/welcome/changelog.xml (modified) (1 diff)
• x/lib/qtwebengine.xml (modified) (1 diff)
• xsoft/graphweb/falkon.xml (modified) (1 diff)

general.ent

@@ -1 +1 @@
 <!-- $LastChangedBy$ $Date$ -->
 
-<!ENTITY day          "08">                   <!-- Always 2 digits -->
+<!ENTITY day          "10">                   <!-- Always 2 digits -->
 <!ENTITY month        "03">                   <!-- Always 2 digits -->
 <!ENTITY year         "2021">
@@ -7 +7 @@
 <!ENTITY copyholder   "The BLFS Development Team">
 <!ENTITY version      "&year;-&month;-&day;">
-<!ENTITY releasedate  "March 8th, &year;">
+<!ENTITY releasedate  "March 10th, &year;">
 <!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
 <!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->

introduction/welcome/changelog.xml

@@ -43 +43 @@
     -->
     <listitem>
+      <para>March 10th, 2021</para>
+      <itemizedlist>
+        <listitem>
+          <para>[ken] - Add a caution about unpatched security vulnerabilities
+          in QtWebEngine and Falkon. Addresses
+          <ulink url="&blfs-ticket-root;14729">#14729</ulink>.</para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+
+    <listitem>
       <para>March 8th, 2021</para>
       <itemizedlist>

x/lib/qtwebengine.xml

@@ -39 +39 @@
       <application>chromium</application> developers.
     </para>
+
+    <caution>
+      <para>
+        QtWebEngine uses a forked copy of chromium, and is therefore vulnerable
+        to many issues found there. The Qt developers have always preferred to
+        make releases at the same time as the rest of Qt (rather than adding
+        emergency fixes). Now that they are keen to move to Qt6, the 5.15.3 and
+        later Qt-5.15 releases are initially only available to paying customers.
+        QtWebEngine is something of an exception because of its LGPL licence,
+        but the source in git and its forked submodules is not neatly packaged.
+        Until someone is able to build this on BLFS, using this package and
+        browsers which use it leaves you open you to unpatched security
+        vulnerabilities.
+      </para>
+    </caution>
 
     &lfs101_checked;

xsoft/graphweb/falkon.xml

@@ -41 +41 @@
       functionality).
     </para>
+
+    <caution>
+      <para>
+        Falkon re;lies on QtWebEngine. That uses a forked copy of chromium, and
+        is therefore vulnerable to many issues found there. The Qt developers
+        have always preferred to make releases at the same time as the rest of Qt
+        (rather than adding emergency fixes). Now that they are keen to move to
+        Qt6, the 5.15.3 and later Qt-5.15 releases are initially only available
+        to paying customers. QtWebEngine is something of an exception because of
+        its LGPL licence, but the source in git and its forked submodules is not
+        neatly packaged. Until someone is able to build this on BLFS, using
+        falkon leaves you open you to unpatched security vulnerabilities.
+      </para>
+    </caution>
 
     &lfs101_checked;