|Summary:||Rebase WebKitGTK to 2.28|
|Product:||Red Hat Enterprise Linux 8||Reporter:||Michael Catanzaro <mcatanza>|
|Component:||webkit2gtk3||Assignee:||Michael Catanzaro <mcatanza>|
|Status:||CLOSED ERRATA||QA Contact:||Desktop QE <desktop-qa-list>|
|Version:||8.3||CC:||erack, leonfauster, mcrha, modehnal, tpelka, tpopela|
|Fixed In Version:||webkit2gtk3-2.28.2-1.el8||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|Last Closed:||2020-11-04 01:34:53 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:|
|Bug Blocks:||1818660, 1821107, 1821111, 1821114|
Description Michael Catanzaro 2020-03-25 16:51:03 UTC
Rebase WebKitGTK to 2.28. Older branches are EOL.
Comment 1 Leon Fauster 2020-04-18 15:19:15 UTC
Latest (April 16, 2020) / use-after-frees vulnerability: https://webkitgtk.org/security/WSA-2020-0004.html Not sure if this is really a rebase? Latest version of webkit2gtk3 (2.28) still provides /usr/lib64/libwebkit2gtk-4.0.so.37 and therefore should be an inplace update? Maybe this can be landed in 8.2?
Comment 2 Michael Catanzaro 2020-04-18 15:33:47 UTC
(In reply to Leon Fauster from comment #1) > Latest (April 16, 2020) / use-after-frees vulnerability: > https://webkitgtk.org/security/WSA-2020-0004.html > > Not sure if this is really a rebase? There are dozens of other CVEs, including many that we haven't been able to get from Apple yet. No point in cherry-picking patches for just one or two. We will rebase. > Latest version of webkit2gtk3 (2.28) still provides > > /usr/lib64/libwebkit2gtk-4.0.so.37 > > and therefore should be an inplace update? Of course. > Maybe this can be landed in 8.2? That's the goal, but there are various regressions that need to be solved first, so we'll see.
Comment 8 Milan Crha 2020-06-11 13:46:31 UTC
Just for the record, I'm going to build Evolution with a tiny change, as discussed in bug #1817144 comment #7 and below there.
Comment 9 Milan Crha 2020-06-11 13:55:46 UTC
The version with the added patch is evolution-3.28.5-14.el8.
Comment 18 errata-xmlrpc 2020-11-04 01:34:53 UTC
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: GNOME security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:4451