#14729: qtwebengine after 5.15.2
-------------------------+-----------------------
Reporter: ken@… | Owner: ken@…
Type: enhancement | Status: assigned
Priority: high | Milestone: 10.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by ken@…):
* priority: normal => high
Old description:
> As expected, future qt5 releases will be limited to commercial customers
> at first. When this was announced there were reports that qtwebengine had
> to be made available because of its license. Now that 5.15.3 has been
> reported (see e.g. phoronix) I googled.
>
> Gentoo are using a git version from 24th February, apparently with extra
> workarounds because this is from git
> [https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-
> qt/qtwebengine/qtwebengine-5.15.2_p20210224.ebuild] and there is also a
> post (probably aimed at commercial users wanting to test 5.15.3, but it
> says building against 5.12 ('LTS')is also supported) at
> [https://m.marketscreener.com/quote/stock/QT-GROUP-OYJ-30049777/news/Qt-
> Oyj-nbsp-Building-Qt-WebEngine-Against-Other-Qt-Versions-32397357/].
>
> Since waiting even longer for vulnerability fixes is a bad idea (fixes to
> chromium always take until the next qt release to be made available in
> qtwebengine) this might be worth exploring, although I expect that the
> chromium changes will be in a submodule which usually causes me grief.
>
> At this point I'm flagging this as 'normal' because I have no idea if
> there are actually any CVE fixes -we can live in hope there are none,
> although that seems unlikely.
New description:
As expected, future qt5 releases will be limited to commercial customers
at first [https://www.qt.io/blog/commercial-lts-qt-5.15.3-released] and
will apparently become available to the rest of us when 6.1 is released
(maybe in April). When this was announced there were reports that
qtwebengine had to be made available because of its license. Now that
5.15.3 has been reported (see e.g. phoronix) I googled.
Gentoo are using a git version from 24th February, apparently with extra
workarounds because this is from git
[https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-
qt/qtwebengine/qtwebengine-5.15.2_p20210224.ebuild]. I've eventually
managed to assemble qtwebengine (5.15.3 branch) and the submodules
(chromium, gn, ninja) from that date.
I cannot match gentoo's tarball - it looks as if they have cherry-picked
items. In particular, they still apply patches for ICU68 but in my
chromium source the changes appear to have all been made.
In the qtwebengine chromium tree the latest commits fixed CVE-2021-21149
to -21156 (all rated High by chromium, see
[https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-
desktop_16.html]).
--
Comment:
Removed my earlier comments, will add the process I used once I've got the
(expletive deleted) source to build. I think some of it needs patching for
glibc-2.33, my test build on LFS-10.1 last night didn't get very far
(backtrace in python) but on 10.0 it is about half-way through.
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14729#comment:2>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
