Bug 1669482

Summary:	Rebase webkitgtk4 from 2.20.5 to 2.22.7
Product:	Red Hat Enterprise Linux 7	Reporter:	Eike Rathke <erack>
Component:	webkitgtk4	Assignee:	Eike Rathke <erack>
Status:	CLOSED ERRATA	QA Contact:	Desktop QE <desktop-qa-list>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	7.7	CC:	erack, mboisver, mpolacek, salmy, tpelka, tpopela, vmukhame
Target Milestone:	rc	Keywords:	Rebase
Target Release:	7.7
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	webkitgtk4-2.22.7-2.el7	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-08-06 13:11:24 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Eike Rathke 2019-01-25 12:34:02 UTC

Rebase webkitgtk4 from 2.20.5 to 2.22.5 for RHEL 7.7 as it fixes various bugs and cleans out several applied downstream patches.

Security advisories:
https://webkitgtk.org/security/WSA-2018-0007.html
https://webkitgtk.org/security/WSA-2018-0008.html

CVE identifiers since 2.20.5:
CVE-2018-4191, CVE-2018-4197, CVE-2018-4299, CVE-2018-4306, CVE-2018-4309, CVE-2018-4311, CVE-2018-4312, CVE-2018-4314, CVE-2018-4315, CVE-2018-4316, CVE-2018-4317, CVE-2018-4318, CVE-2018-4319, CVE-2018-4323, CVE-2018-4328, CVE-2018-4358, CVE-2018-4359, CVE-2018-4361
CVE-2018-4345, CVE-2018-4372, CVE-2018-4373, CVE-2018-4375, CVE-2018-4376, CVE-2018-4378, CVE-2018-4382, CVE-2018-4386, CVE-2018-4392, CVE-2018-4416

Changelog:

2.22.5:
- Improved the logic to determine for which architectures to enable
the JIT compiler support and USE_SYSTEM_MALLOC at build time.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_OPENGL=OFF.
- Fix several crashes.

2.22.4:
- Expose ENABLE_MEDIA_SOURCE as a public build option.
- Fix a crash when using Cairo versions between 1.15 and 1.16.0
- Fix the build with -DLOG_DISABLED=0.
- Fix the build with ENABLE_VIDEO=OFF and ENABLE_WEB_AUDIO=OFF.
- Fix debug builds of JavaScriptCore.
- Fix several crashes and rendering issues.

2.22.3:
- Many improvements and fixes for video playback with media source
extensions (MSE), which improve the user experience across the board,
and in particular for playback of WebM videos.
- Fix a memory leak during media playback when using playbin3.
- Fix portions of Web views not being rendered after resizing.
- Fix Resource Timing reporting for <iframe> elements.
- Fix the build with the remote Web Inspector disabled.
- Fix the build on ARMv7 with NEON extensions.
- Fix several crashes and rendering issues.

2.22.2:
- Several fixes for video playback with media source extensions (MSE).
This allows using WebM support for YouTube, which no longer works through
regular video source. Note that MSE is still disabled by default and
webkit_settings_set_enable_mediasource() has to be used to enable the
feature.
- Fix the build when only Wayland support is enabled and X11 headers are
not available.

2.22.1:
- Fix printing in landscape.
- Fix the build in several platforms: s390x, ppc64le, armv7hl.
- Fix the build with a11y disabled.
- Fix the build with video disabled.
- Fix several crashes and rendering issues.

2.22.0:
- Add warn_unused_result attribute to some JavaScriptCore GLib APIs.
- Make pinch to zoom scale the page without changing the layout.
- Fix the build in mips64.

2.21.92:
- Add new API to inject/register user content in isolated worlds.
- Add more API to JSCException to handle column number, convert exception to string, get the exception backtrace,
create exceptions with a custom error name and report exception message with full details.
- Fix excessive CPU usage when getting the process memory footprint.
- Fix several crashes and rendering issues.
- Translation updates: Polish

2.21.91:
- Add enable-media-capabilities setting.
- Stop pushing buffers when seeking status changes in media player.
- Fix rendering of theme styled buttons.
- Fix several crashes and rendering issues.
- Translation updates: Brazilian Portuguese.

2.21.5:
- Add API to evaluate code in a new object to JavaScriptCore GLib API.
- Add API to check for syntax errors in given code to JavaScriptCore GLib API.
- Update jsc_context_evaluate_with_source_uri() to receive also a starting line number.
- Add API to allow creating variadic functions to JavaScriptCore GLib API.
- Add --host option to WebDriver process.
- Handle acceptInsecureCertificates capability in WebDriver.
- Fix video freezes when GStreamerGL is not installed.
- Fix several crashes and rendering issues.
- Translation updates: Ukrainian.

2.21.4:
- Switch to use a popup window with a tree view instead of a menu for option menu default implementation.
- Add API to run javascript from a WebKitWebView in an isolated world.
- Fix UI process crash in WebKitFaviconDatabase when pageURL is unset.
- Fix several crashes and rendering issues.

2.21.3:
- Ensure memory monitor properly notifies all child processes.
- Add maximize, minimize and fullscreen window commands to WebDriver.
- Fix a network process crash when trying to get cookies of about:blank page.
- Fix UI process crash when closing the window under Wayland.
- Disable Gigacage if mmap fails to allocate in Linux.
- Fix several crashes and rendering issues.

2.21.2:
- Remove resource load statistics API, it's not ready yet.
- Add initial implementation of WebDriver advance user insteraction commands.
- Add introspectable alternatives for functions using vargars to JavaScriptCore GLib API.
- Implement MouseEvent.buttons.
- Do TLS error checking on GTlsConnection::accept-certificate to finish the load earlier in case of errors.
- Fix downloads started by context menu failing in some websites due to missing user agent HTTP header.
- Avoid painting backing stores for zero-opacity layers.
- Fix the installation path of API documentation.
- Fix several crashes and rendering issues.

2.21.1:
- Add initial JavaScriptCore GLib API.
- Use JavaScriptCore GLib API in WebKit layer and deprecate most of the DOM bindings API as well as
methods using the JavaScriptCore C API.
- Switch to use complex text code path unconditionally.
- Properly close the connection to the Wayland nested compositor in the WebProcess.
- Implement support for Graphics ARIA roles.
- Add playbin3 support to GStreamer media backend.
- Fix a deadlock when destroying the media player in non accelerated compositing mode.
- Fix several crashes and rendering issues.

Comment 6 Tomas Popela 2019-01-29 10:28:02 UTC

Eike, please also backport fixes for bug 1666984 as well.

Comment 7 Eike Rathke 2019-01-31 11:42:39 UTC

Done and ready, but can't push because pm_ack+ is missing.

Comment 8 Eike Rathke 2019-02-12 11:08:26 UTC

On top of that, update to 2.22.6 as well.

Security advisory:
https://www.webkitgtk.org/security/WSA-2019-0001.html

CVE identifiers since 2.22.5:
CVE-2019-6212, CVE-2019-6215
(already fixed with 2.22.5 or earlier but assigned/published now: CVE-2019-6216, CVE-2019-6217, CVE-2019-6226, CVE-2019-6227, CVE-2019-6229, CVE-2019-6233, CVE-2019-6234)

Changelog:

  - Make kinetic scrolling slow down smoothly when reaching the ends of pages, instead of abruptly, to better match the GTK+ behaviour.
  - Fix Web inspector magnifier under Wayland.
  - Fix garbled rendering of some websites (e.g. YouTube) while scrolling under X11.
  - Fix several crashes, race conditions, and rendering issues.

Comment 18 errata-xmlrpc 2019-08-06 13:11:24 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2261