Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#12160 closed enhancement (fixed)

qt-everywhere-src-5.12.4 qtwebengine-5.12.4

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: highest Milestone: 9.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version

Includes some security fixes for QtWebEngine, but that's the only component I checked so far.

If nobody else gets to this by the time I build it for gstreamer examples, I'll take it.

Change History (7)

comment:1 by ken@…, 2 years ago

I gave this a try on a current system: builds with the current instructions, but falkon is unable to display anything from some sites, such as theregister.co.uk and mail.google.com : for me the latter is critical, I'm reverting to a backup.

comment:2 by Douglas R. Reno, 2 years ago

Owner: changed from blfs-book to Douglas R. Reno
Priority: normalhighest
Status: newassigned

This is just for QtWebEngine. There are very many HIGH vulnerabilities, with a few Medium and Low sprinkled in there too.

****************************************************************************
*                              Qt 5.12.4 Changes                           *
****************************************************************************

General
-------

 - [QTBUG-57729, QTBUG-75539] Fixed automatic NTLM authentication, and added
   support for --auth-server-whitelist.
 - [QTBUG-60203] Fixed setting referer HTTP header in request interceptor.
 - [QTBUG-74251, QTBUG-74698] Normalize download paths on Windows.
 - [QTBUG-74864] Fixed resolving relative URLs with custom schemes.
 - [QTBUG-75092] Fixed printing in landscape orientation.
 - [QTBUG-75212] Added support for building with VS 2019.
 - [QTBUG-75304] Fixed running non-MainWorld DocumentCreations scripts when
   JavaScript is disabled.
 - [QTBUG-75465] Fixed -no-gui builds.
 - [QTBUG-75629] Fixed crash on Linux when pulseaudio had no devices.
 - [QTBUG-76045] Fixed desktop capture on macOS.
 - [QTBUG-73799] Try different versions when creating a CoreProfile context on macOS

Chromium
--------

 - Security fixes from Chromium up to version 74.0.3729.157, including:

    - CVE-2019-5805
    - CVE-2019-5806
    - CVE-2019-5808
    - CVE-2019-5814
    - CVE-2019-5815
    - CVE-2019-5818
    - CVE-2019-5819
    - CVE-2019-5820
    - CVE-2019-5821
    - CVE-2019-5822
    - CVE-2019-5823
    - CVE-2019-5824
    - CVE-2019-5825
    - CVE-2019-5826
    - CVE-2019-5827
    - security issue 894933
    - security issue 908669
    - security issue 931949
    - security issue 937663
    - security issue 939316
    - security issue 940205
    - security issue 949015
    - security issue 951322

Qt WebEngine Widgets
--------------------

 - [QTBUG-75131, QTBUG-75175] Fixed QWebEngineView::setPage not deleting
   old page.
 - [QTBUG-75547] Fixed crash on exit when page and profile were deleted in
   the wrong order.
 - [QTBUG-75566] Added path validation to QWebEngineDownloadItem::setPath().

comment:3 by Douglas R. Reno, 2 years ago

I'm going to add a comment to the book for this, but DESTDIR doesn't work for this package. You must use INSTALL_ROOT= instead

Ken, I'll try to get around to testing Falkon and/or Plasma by Tuesday or Wednesday.

comment:4 by Douglas R. Reno, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r21693

Ken, I'll give Falkon and Plasma a shot this week at some point

in reply to:  4 comment:5 by ken@…, 2 years ago

Replying to renodr:

Fixed at r21693

Ken, I'll give Falkon and Plasma a shot this week at some point

I think I'm becoming senile - I documented this on the qtwebengine page in Configuring QtWebEngine. I've just updated to 5.12.4 on a different system, got the same problem, and eventually found a link to that page ;-)

Mind you, getting some sleep might also help.

comment:6 by ken@…, 2 years ago

Just in case anybody using 5.12 cares: if all you care about is vulnerabilities on an existing system, falkon is working with qtwebengine-5.12.4 (only) on top of qt-5.12.3 on my systems. So, just like most 5.11 and earlier changes - only webengine needs to be updated.

Obviously, doing that doesn't bring in whatever bugfixes are in qt itself, and I'm sure that BLFS will move to 5.13. But for my own builds I'll probably stick with 5.12 which is a long term support version.

comment:7 by Bruce Dubbs, 2 years ago

Milestone: 8.59.0

Milestone renamed

Note: See TracTickets for help on using tickets.