Bug 1817143

Summary: Rebase WebKitGTK to 2.28
Product: Red Hat Enterprise Linux 8 Reporter: Michael Catanzaro <mcatanza>
Component: webkit2gtk3Assignee: Michael Catanzaro <mcatanza>
Status: CLOSED ERRATA QA Contact: Desktop QE <desktop-qa-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 8.3CC: erack, leonfauster, mcrha, modehnal, tpelka, tpopela
Target Milestone: rcKeywords: Rebase
Target Release: 8.0   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: webkit2gtk3-2.28.2-1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-04 01:34:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1818660, 1821107, 1821111, 1821114    

Description Michael Catanzaro 2020-03-25 16:51:03 UTC
Rebase WebKitGTK to 2.28. Older branches are EOL.

Comment 1 Leon Fauster 2020-04-18 15:19:15 UTC
Latest (April 16, 2020) / use-after-frees vulnerability:
https://webkitgtk.org/security/WSA-2020-0004.html

Not sure if this is really a rebase?

Latest version of webkit2gtk3 (2.28) still provides 

/usr/lib64/libwebkit2gtk-4.0.so.37

and therefore should be an inplace update?

Maybe this can be landed in 8.2?

Comment 2 Michael Catanzaro 2020-04-18 15:33:47 UTC
(In reply to Leon Fauster from comment #1)
> Latest (April 16, 2020) / use-after-frees vulnerability:
> https://webkitgtk.org/security/WSA-2020-0004.html
> 
> Not sure if this is really a rebase?

There are dozens of other CVEs, including many that we haven't been able to get from Apple yet. No point in cherry-picking patches for just one or two. We will rebase.

> Latest version of webkit2gtk3 (2.28) still provides 
> 
> /usr/lib64/libwebkit2gtk-4.0.so.37
> 
> and therefore should be an inplace update?

Of course.
 
> Maybe this can be landed in 8.2?

That's the goal, but there are various regressions that need to be solved first, so we'll see.

Comment 8 Milan Crha 2020-06-11 13:46:31 UTC
Just for the record, I'm going to build Evolution with a tiny change, as discussed in bug #1817144 comment #7 and below there.

Comment 9 Milan Crha 2020-06-11 13:55:46 UTC
The version with the added patch is evolution-3.28.5-14.el8.

Comment 18 errata-xmlrpc 2020-11-04 01:34:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: GNOME security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4451