The webkitgtk3 package will be removed from rawhide after Fedora 26 is branched due to the high number of unfixed security vulnerabilities. You must remove this dependency or your package will not be present in Fedora 27. Please refer to [1] for a FAQ on this matter and be advised that for some packages this may require a substantial amount of work. [1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/AKVB363GFCHHJ5MTHGVYHYT6NLLTF5VM/
In progress, upstream ticket: http://trac.wxwidgets.org/ticket/17650
I've sent an email to the points of contact for the packages that depend on wxGTK3: 3Depict, 4Pane, Mayavi, PyPE, PythonCard, RunSnakeRun, audacity, bibus, boinc, congruity, couchdb, cura, cycle, ejabberd, erlang (and associated packages), fityk, freedink, fwknop-gui, gadget, gitso, gnumed, gnuradio, gqrx, gr-air-modes, gr-fcdproplus, gr-iqbal, gr-osmosdr, gr-rds, grass, gtkwhiteboard, guayadeque, hugin, londonlaw, mMass, metamorphose2, phatch (nautilus-phatch), plater (couldn't find this one?), playonlinux, poedit, printrun, pronterface (couldn't find this one either?), pyhoca-gui, pymol (pymol-wxpython), pyobd, python-couchdbkit, python-envisage, python-squaremap, python-apptools (python2-apptools), python-matplotlib (python2-matplotlib-wx), python-pyface (python2-pyface, python2-pyface-qt, python2-pyface-wx), python-pyudev (python2-pyudev-wx), python-traitsui (python2-traitsui), qgis (qgis-devel, qgis-grass), rtlsdr-scanner, ruple (couldn't find it), saga, sidc-gui, sk2py, spe, taskcoach, timeline, tsung, wammu, wings, winpdb, wxGlade, wxMaxima, wxPython, wxsqlite3, xylib, yaws You should strongly consider helping wxGTK3 with this port as your packages are at risk of being transitively removed if wxGTK3 misses the deadline.
Ah, from reading the Debian bug report [1] it appears that wxGTK3 has a --disable-webview configure flag, we can use that to avoid missing the deadline, then only the apps that depend on the web view (in Debian, that's only poedit, not sure about Fedora) would be in danger of being removed. Maybe I didn't need to mass-email everyone. :) [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790222
Hi, I'm the maintainer for 3depict. This bug is a bit too broad - we don't use any webview related components, which has been pointed out can simply be disabled. Can you please try to find which applications are actually affected by this, rather than a simple r-deps of wxGTK ? A simple --disable-webview, then rebuild the downstream packages, then file bugs for those would provide more clarity as to the scale of this problem. For my package this is NOTABUG
(In reply to mycae from comment #4) > For my package this is NOTABUG Yes, you shouldn't need to make any changes in 3Depict. Unfortunately I didn't realize there was a --disable-webview option until right after I sent that mass mail.
Apologies if my comment came off as a tad abrupt - this is not intended, and thanks for being responsive.
I'm not too worried about needing to disable webview. I'm already working on the port to WebKit2, and I don't see an issue with getting it done by F26 branch time. There are several APIs that have been changed from synchronous to asynchronous that will take some time to figure out how to deal with though. Another thing we can and probably should do is move the webview library to a separate subpackage of wxGTK3. That would probably remove a lot of these packages as transitive dependencies of webkitgtk3.
(In reply to Scott Talbert from comment #7) > I'm not too worried about needing to disable webview. I'm already working > on the port to WebKit2, and I don't see an issue with getting it done by F26 > branch time. There are several APIs that have been changed from synchronous > to asynchronous that will take some time to figure out how to deal with > though. > > Another thing we can and probably should do is move the webview library to a > separate subpackage of wxGTK3. That would probably remove a lot of these > packages as transitive dependencies of webkitgtk3. Branch time for F26 is scheduled for Feb 21; will you have time to finish the patch before then? Or should we be prepared to disable this for f27? (In reply to Michael Catanzaro from comment #0) > The webkitgtk3 package will be removed from rawhide after Fedora 26 is > branched due to the high number of unfixed security vulnerabilities. You > must remove this dependency or your package will not be present in Fedora 27. > > Please refer to [1] for a FAQ on this matter and be advised that for some > packages this may require a substantial amount of work. > > [1] > https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/ > thread/AKVB363GFCHHJ5MTHGVYHYT6NLLTF5VM/ Will there be a grace time if a patch doesn't land prior to branch, or should we disable it in rawhide and re-enable it in f26 after it's branched from rawhide?
(In reply to Jeremy Newton from comment #8) > Will there be a grace time if a patch doesn't land prior to branch, or > should we disable it in rawhide and re-enable it in f26 after it's branched > from rawhide? We'll wait a week or two, in case you are planning to immediately disable the dependency after the branching.
(In reply to Michael Catanzaro from comment #9) > (In reply to Jeremy Newton from comment #8) > > Will there be a grace time if a patch doesn't land prior to branch, or > > should we disable it in rawhide and re-enable it in f26 after it's branched > > from rawhide? > > We'll wait a week or two, in case you are planning to immediately disable > the dependency after the branching. Sounds good, that will be the contingency plan.
(In reply to Jeremy Newton from comment #8) > Branch time for F26 is scheduled for Feb 21; will you have time to finish > the patch before then? Or should we be prepared to disable this for f27? Heh. Well, I *have* gotten a bit sidetracked. The deadline should hopefully get me motivated enough to complete the patch. It's already in decent enough shape that it could even be merged as-is, if need be. But I'll try to get back to work on it.
This bug appears to have been reported against 'rawhide' during the Fedora 26 development cycle. Changing version to '26'.
@Scott, do you have a working patch for this? F26 branched last night, so we need to either disable this or patch it ASAP.
(In reply to Jeremy Newton from comment #13) > @Scott, do you have a working patch for this? F26 branched last night, so we > need to either disable this or patch it ASAP. The patch is still a work in progress, unfortunately. I'm making slow but steady process. However, I think rather than apply it as-is, we should just disable the webview subpackage for now. We can then re-enable it when the patch is ready. Now to get back to working on the patch...
Thanks Scott! Dependency on webkitgtk3 has been removed in wxGTK3-3.0.3-0.5.gitf90b768.fc27. Closing as fixed in rawhide.