>dev-qt/qtwebengine-5.11.0_beta3 needs a version of dev-libs/libxml2 configured with --without-catalog option: https://code.qt.io/cgit/qt/qtwebengine.git/commit/?id=98cfb5cee9fb7bdf9c1ede396c786be2ad0c4b33 """ Add check for catalog support in libxml2 Since https://codereview.chromium.org/2788063002 libxml2 is expected to have disabled catalog support. Prevent crashes of render process and do not link against system libxml2 if it is compiled with catalog support. """ https://code.qt.io/cgit/qt/qtwebengine.git/commit/?id=8fac402edefde2bc876d44168aaafb26a420e508 --with-catalog is default in configure of dev-libs/libxml2 and ebuilds do not pass --with-catalog or --without-catalog option. I suspect that support for catalogs might be needed by some other packages which use dev-libs/libxml2. Before aforementioned commits, libQt5WebEngineCore.so.5 is linked against libxml2.so.2. After aforementioned commits, probably internal copy of libxml2 would be used, which is obviously bad (e.g. due to security reasons). Potential solution would be to add "catalogless" USE flag to dev-libs/libxml2, which would enable building of separate copy of library configured with --without-catalog option. Example of installed files: /usr/include/libxml2-catalogless/libxml/*.h /usr/lib64/libxml2-catalogless.so /usr/lib64/libxml2-catalogless.so.2 /usr/lib64/libxml2-catalogless.so.2.9.7 /usr/lib64/pkgconfig/libxml-2.0-catalogless.pc Build system of dev-qt/qtwebengine would have to be adjusted.
Created attachment 533606 [details, diff] libxml2-2.9.8-catalogless.patch Main patch for libxml2 doc/syms.xsl is input file for libxml2.syms.
Created attachment 533608 [details, diff] libxml2-2.9.8-catalogless-generated.patch Patch for libxml2 for generated file libxml2.syms specifies versions of defined symbols (-Wl,--version-script=${S}/libxml2.syms). libxml2.syms is generated from doc/syms.xsl by xsltproc tool provided by libxslt which depends on libxml2. Theoretically libxml2 ebuild could call `xsltproc -o libxml2.syms doc/syms.xsl doc/symbols.xml` but it would require circular dependency between libxml2[catalogless] and libxslt. Changes in libxml2.syms are split into separate patch for convenience of future maintenance.
Created attachment 533610 [details, diff] Difference between libxml2 ebuilds for convenient review
Created attachment 533614 [details, diff] libxslt-1.1.32-catalogless.patch Main patch for libxslt doc/syms.xsl is input file for libxslt/libxslt.syms.
Created attachment 533616 [details, diff] libxslt-1.1.32-catalogless-generated.patch Patch for libxslt for generated file libxslt/libxslt.syms specifies versions of defined symbols (-Wl,--version-script=${S}/libxslt/libxslt.syms). libxslt/libxslt.syms is generated from doc/syms.xsl by xsltproc tool provided by libxslt. Theoretically libxslt ebuild could call `xsltproc -o libxslt/libxslt.syms doc/syms.xsl doc/symbols.xml` but it would require circular dependency between libxslt[catalogless] and libxslt. Changes in libxslt/libxslt.syms are split into separate patch for convenience of future maintenance.
Created attachment 533618 [details, diff] Difference between libxslt ebuilds for convenient review
Created attachment 533620 [details, diff] Combined patch for dev-libs/libxml2::gentoo and dev-libs/libxslt::gentoo
Created attachment 533626 [details, diff] qtwebengine-5.11.0-libxml2-catalogless_libxslt-catalogless.patch Patch for qtwebengine
Created attachment 533630 [details, diff] Patch for dev-qt/qtwebengine::qt
If there are crashes, these need to be fixed, not workarounded by building another libxml2 from the same package. I'm inclined to WONTFIX or UPSTREAM this. Gross hacks to a core package for just one other package doesn't sound right here.
The main rationale for catalogless libxml2 seems to be to not expose what catalogs are present on the system somehow to the web, thus allowing to detect what system the browser is running on (privacy concerns, fingerprinting, and whatnot). For that I want to see them or someone actually work with libxml2 to make catalog support optional at runtime or whatever is needed to get it working properly without building another libxml2 library... As for the crash, that sounds like a Qt bug when system libxml2 with catalog support is used, but because they build with catalogless libxml2 and expect that, they don't hit it nor fix it themselves yet. That should simply be identified and fixed as per https://bugreports.qt.io/browse/QTBUG-66488 I don't see any proper reason to patch libxml2 ebuild here - fix Qt instead and work with libxml2 upstream to support what's needed (or fix the crash if that's caused by something in libxml2 instead that gets triggered by Qt usage).
From a quick read of libxml2 sources and https://codereview.chromium.org/2788063002, it seems to me like providing two libs is an excessively heavy change. It looks like what chromium devs want to achieve is disable catalog parsing completely which seems achievable by calling xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE) which disables catalog use in parser.c which seems to be the only relevant place for this use case I could find.
Well, if there is no solution with dev-libs/libxml2, we'll have to bundle it with qtwebengine.
Fix it to properly call xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE) again?
it = qtwebengine. libxml2 has always supported running without catalogs at runtime, there is nothing to do or solve here for libxml2. qtwebengine just needs to properly use its long existing API, not assume a bundled libxml2 is always used that doesn't support catalogs and therefore the call is removed under the assumption that always bundled one is used...
(In reply to Mart Raudsepp from comment #14) > Fix it to properly call xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE) again? I'm not the one to engage with chromium upstream, but we'll need a working Qt 5.11 soon. www-client/chromium does not have that issue?
I suspect newer chromium has the same problem, lets CC them.
xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE) was dropped in: https://code.qt.io/cgit/qt/qtwebengine-chromium.git/commit/chromium/third_party/WebKit/Source/core/xml/parser/XMLDocumentParser.cpp?h=61-based&id=ec02ee4181c49b61fce1c8fb99292dbb8139cc90 """ -static void initializeLibXMLIfNecessary() { - static bool didInit = false; - if (didInit) +static void InitializeLibXMLIfNecessary() { + static bool did_init = false; + if (did_init) return; - // We don't want libxml to try and load catalogs. - // FIXME: It's not nice to set global settings in libxml, embedders of Blink - // could be trying to use libxml themselves. - xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE); xmlInitParser(); - xmlRegisterInputCallbacks(matchFunc, openFunc, readFunc, closeFunc); - xmlRegisterOutputCallbacks(matchFunc, openFunc, writeFunc, closeFunc); - libxmlLoaderThread = currentThread(); - didInit = true; + xmlRegisterInputCallbacks(MatchFunc, OpenFunc, ReadFunc, CloseFunc); + xmlRegisterOutputCallbacks(MatchFunc, OpenFunc, WriteFunc, CloseFunc); + g_libxml_loader_thread = CurrentThread(); + did_init = true; } """ https://chromium.googlesource.com/chromium/src/+/519ead74e98302eabc1144ed9947e14d93adae95 https://chromium.googlesource.com/chromium/src/+/519ead74e98302eabc1144ed9947e14d93adae95%5E%21/ """ --- a/third_party/WebKit/Source/core/xml/parser/XMLDocumentParser.cpp +++ b/third_party/WebKit/Source/core/xml/parser/XMLDocumentParser.cpp ... @@ -587,10 +587,9 @@ static bool shouldAllowExternalLoad(const KURL& url) { String urlString = url.getString(); - // This isn't really necessary now that initializeLibXMLIfNecessary - // disables catalog support in libxml, but keeping it for defense in depth. - if (isLibxmlDefaultCatalogFile(url)) - return false; + // libxml should not be configured with catalogs enabled, so it + // should not be asking to load default catalogs. + CHECK(!isLibxmlDefaultCatalogFile(url)); // The most common DTD. There isn't much point in hammering www.w3c.org by // requesting this URL for every XHTML document. @@ -697,10 +696,6 @@ if (didInit) return; - // We don't want libxml to try and load catalogs. - // FIXME: It's not nice to set global settings in libxml, embedders of Blink - // could be trying to use libxml themselves. - xmlCatalogSetDefaults(XML_CATA_ALLOW_NONE); xmlInitParser(); xmlRegisterInputCallbacks(matchFunc, openFunc, readFunc, closeFunc); xmlRegisterOutputCallbacks(matchFunc, openFunc, writeFunc, closeFunc); """
Created attachment 535766 [details, diff] qtwebengine-5.11.0-disable_xml_catalogs.patch Untested patch.
Created attachment 535768 [details, diff] chromium-68.0.3440.17-disable_xml_catalogs.patch Untested patch.
Created attachment 535770 [details, diff] qtwebengine-5.11.0-disable_xml_catalogs.patch (More complete patch for QtWebEngine. config.tests/xml2/xml2.cpp part was previously tested.)
Test URL from IRC: https://www.khronos.org/registry/OpenGL-Refpages/gl2.1/xhtml/glClear.xml I will try to test Arfrever's Chromium patch this week. I can try to push it upstream if successful.
Created attachment 535832 [details, diff] qtwebengine-5.11.0-disable_xml_catalogs.patch (Patch more likely to work and more acceptable for upstream. xmlCatalogSetDefaults symbol is available only in a catalogful version of libxml2, so not in a bundled, catalogless version of libxml2.
Created attachment 535834 [details, diff] chromium-68.0.3440.17-disable_xml_catalogs.patch (Patch more likely to work and more acceptable for upstream.)
Thanks for your work, please adapt to regular git format-patch style (paths...) in the future.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4f14cecc16899c822f3bc0eae536c80b0b62888b commit 4f14cecc16899c822f3bc0eae536c80b0b62888b Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2018-06-16 19:33:58 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2018-06-16 19:34:11 +0000 www-client/chromium: disable xml catalogs Bug: https://bugs.gentoo.org/653078 Package-Manager: Portage-2.3.40_p14, Repoman-2.3.9_p246 www-client/chromium/chromium-69.0.3452.0.ebuild | 1 + .../files/chromium-disable_xml_catalogs.patch | 34 ++++++++++++++++++++++ 2 files changed, 35 insertions(+)
Chromium code review: https://chromium-review.googlesource.com/c/chromium/src/+/1103710
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=92acfdf50b8c5a5abd2b0c1b6d559c63ca5a6a7d commit 92acfdf50b8c5a5abd2b0c1b6d559c63ca5a6a7d Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-06-18 20:44:20 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-06-20 14:30:49 +0000 dev-qt/qtwebengine: Try to fix libxml2 disable-xml-catalogs Thanks-to: Arfrever Frehtes Taifersar Arahesis <arfrever.fta@gmail.com> Bug: https://bugs.gentoo.org/653078 Package-Manager: Portage-2.3.40, Repoman-2.3.9 ...webengine-5.11.1-libxml2-disable-catalogs.patch | 46 ++++++++++++++++++++++ dev-qt/qtwebengine/qtwebengine-5.11.1.ebuild | 4 ++ 2 files changed, 50 insertions(+)
Chromium commit: https://chromium.googlesource.com/chromium/src/+/8f0c8c8d9bce12c70ce9acb4a7474cd15c9be65b
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=0ded5d274d2424fc1dae4221cf1f843d4c47d7e1 commit 0ded5d274d2424fc1dae4221cf1f843d4c47d7e1 Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2018-06-21 03:55:08 +0000 Commit: Jimi Huotari <chiitoo@gentoo.org> CommitDate: 2018-06-21 09:11:07 +0000 dev-qt/qtwebengine: Apply new patches in 5.11.9999 and 5.9999. Patches included: - libxml2-disable-catalogs.patch - ffmpeg4.patch - nouveau-disable-gpu.patch Bug: https://bugs.gentoo.org/609752 Bug: https://bugs.gentoo.org/653078 dev-qt/qtwebengine/qtwebengine-5.11.9999.ebuild | 6 ++++++ dev-qt/qtwebengine/qtwebengine-5.9999.ebuild | 6 ++++++ 2 files changed, 12 insertions(+) https://gitweb.gentoo.org/proj/qt.git/commit/?id=5969dd7c3f4c5cd099266aa57cbcd7e3d3c02b4d commit 5969dd7c3f4c5cd099266aa57cbcd7e3d3c02b4d Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2018-06-21 03:47:51 +0000 Commit: Jimi Huotari <chiitoo@gentoo.org> CommitDate: 2018-06-21 09:01:21 +0000 dev-qt/qtwebengine: Update libxml2-disable-catalogs.patch. Update qtwebengine-5.11.1-libxml2-disable-catalogs.patch to version accepted by Chromium upstream. Bug: https://bugs.gentoo.org/653078 .../files/qtwebengine-5.11.1-libxml2-disable-catalogs.patch | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-)
Thanks everyone, I guess we can close this. :)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/qt.git/commit/?id=05eb9454e3e8d769bbb78cb93ede37204c0a0f0d commit 05eb9454e3e8d769bbb78cb93ede37204c0a0f0d Author: Arfrever Frehtes Taifersar Arahesis <Arfrever@Apache.Org> AuthorDate: 2018-06-21 18:48:05 +0000 Commit: Jimi Huotari <chiitoo@gentoo.org> CommitDate: 2018-07-25 19:13:59 +0000 dev-qt/qtwebengine: Update libxml2-disable-catalogs.patch for 5.9999. Bug: https://bugs.gentoo.org/653078 ...webengine-5.12.0-libxml2-disable-catalogs.patch | 35 ++++++++++++++++++++++ dev-qt/qtwebengine/qtwebengine-5.9999.ebuild | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-)