Changeset fc0828f


Ignore:
Timestamp:
03/10/2021 03:37:23 AM (7 months ago)
Author:
Ken Moffat <ken@…>
Branches:
11.0, ken/refactor-virt, lazarus, qt5new, trunk, xry111/git-date, xry111/git-date-for-trunk, xry111/git-date-test
Children:
8ff2771
Parents:
2ee8145
Message:

Add cautions to the QtWebEngine and Falkon pages.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@24352 af4574ff-66df-0310-9fd7-8a98e5e911e0

Files:
4 edited

Legend:

Unmodified
Added
Removed
  • general.ent

    r2ee8145 rfc0828f  
    11<!-- $LastChangedBy$ $Date$ -->
    22
    3 <!ENTITY day          "08">                   <!-- Always 2 digits -->
     3<!ENTITY day          "10">                   <!-- Always 2 digits -->
    44<!ENTITY month        "03">                   <!-- Always 2 digits -->
    55<!ENTITY year         "2021">
     
    77<!ENTITY copyholder   "The BLFS Development Team">
    88<!ENTITY version      "&year;-&month;-&day;">
    9 <!ENTITY releasedate  "March 8th, &year;">
     9<!ENTITY releasedate  "March 10th, &year;">
    1010<!ENTITY pubdate      "&year;-&month;-&day;"> <!-- metadata req. by TLDP -->
    1111<!ENTITY blfs-version "svn">                  <!-- svn|[release #] -->
  • introduction/welcome/changelog.xml

    r2ee8145 rfc0828f  
    4343    -->
    4444    <listitem>
     45      <para>March 10th, 2021</para>
     46      <itemizedlist>
     47        <listitem>
     48          <para>[ken] - Add a caution about unpatched security vulnerabilities
     49          in QtWebEngine and Falkon. Addresses
     50          <ulink url="&blfs-ticket-root;14729">#14729</ulink>.</para>
     51        </listitem>
     52      </itemizedlist>
     53    </listitem>
     54
     55    <listitem>
    4556      <para>March 8th, 2021</para>
    4657      <itemizedlist>
  • x/lib/qtwebengine.xml

    r2ee8145 rfc0828f  
    3939      <application>chromium</application> developers.
    4040    </para>
     41
     42    <caution>
     43      <para>
     44        QtWebEngine uses a forked copy of chromium, and is therefore vulnerable
     45        to many issues found there. The Qt developers have always preferred to
     46        make releases at the same time as the rest of Qt (rather than adding
     47        emergency fixes). Now that they are keen to move to Qt6, the 5.15.3 and
     48        later Qt-5.15 releases are initially only available to paying customers.
     49        QtWebEngine is something of an exception because of its LGPL licence,
     50        but the source in git and its forked submodules is not neatly packaged.
     51        Until someone is able to build this on BLFS, using this package and
     52        browsers which use it leaves you open you to unpatched security
     53        vulnerabilities.
     54      </para>
     55    </caution>
    4156
    4257    &lfs101_checked;
  • xsoft/graphweb/falkon.xml

    r2ee8145 rfc0828f  
    4141      functionality).
    4242    </para>
     43
     44    <caution>
     45      <para>
     46        Falkon re;lies on QtWebEngine. That uses a forked copy of chromium, and
     47        is therefore vulnerable to many issues found there. The Qt developers
     48        have always preferred to make releases at the same time as the rest of Qt
     49        (rather than adding emergency fixes). Now that they are keen to move to
     50        Qt6, the 5.15.3 and later Qt-5.15 releases are initially only available
     51        to paying customers. QtWebEngine is something of an exception because of
     52        its LGPL licence, but the source in git and its forked submodules is not
     53        neatly packaged. Until someone is able to build this on BLFS, using
     54        falkon leaves you open you to unpatched security vulnerabilities.
     55      </para>
     56    </caution>
    4357
    4458    &lfs101_checked;
Note: See TracChangeset for help on using the changeset viewer.