As subject says, rebase webkitgtk4 from 2.14 to the latest 2.16 release for RHEL 7.5 to get rid of various downstream patches that were committed to upstream and clean patches that were backported from 2.16 to 2.14.

WebKitGTK+ Security Advisories:

https://www.webkitgtk.org/security/WSA-2017-0003.html
https://www.webkitgtk.org/security/WSA-2017-0004.html
https://www.webkitgtk.org/security/WSA-2017-0005.html
https://www.webkitgtk.org/security/WSA-2017-0006.html


Here are the CVEs fixed in 2.16 so far:

CVE-2016-9642, CVE-2017-2376, CVE-2017-2386, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2433, CVE-2017-2445, CVE-2017-2447, CVE-2017-2455, CVE-2017-2457, CVE-2017-2464, CVE-2017-2469, CVE-2017-2539, CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984, CVE-2017-2538, CVE-2017-2424, CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7061, CVE-2017-7064


Here is a changelog:

2.16.0:
* Hardware acceleration is now enabled on demand to drastically reduce memory consumption.
* CSS Grid Layout is enabled by default.
* New WebKitSetting to set the hardware acceleration policy.
* UI process API to configure network proxy settings.
* Improved private browsing by adding new API to create ephemeral web views.
* New API to handle website data.
* Debug tools: memory sampler and resource usage overlay

2.16.1:
* Fix no-third-party cookies policy in case of redirections.
* Keep URL fragments after server redirections.
* Honor GTK+ font settings.
* Ensure depth and stencil renderbuffers are created on GLESv2.
* Prevent new navigations from onbeforeunload handler and document unload.
* Disallow beforeunload alerts from web pages users have never interacted with.
* Fix several crashes and rendering issues.

2.16.2:

* Update user agent quirks to make Youtube and new Google login page work. (already backported for RHEL 7.4)
* Fix rendering of animated PNGs.
* Fix playing of some live streams.
* Update several web inspector icons.
* Fix the build with NPAPI plugins enabled but X11 disabled.
* Fix the build with OpenGL disabled.
* Fix several crashes and rendering issues.

2.16.3:

* Fix URL shown in the title of beforeunload dialogs.
* Focus first input field of HTTP authentication dialog.
* Fix rendering glitches in HiDPI in long GitHub Gist pages when focusing the comments textarea.
* Remove Firefox user agent quirk for Google domains.
* Remove LATEST_RECORD_VERSION from GnuTLS priority string.
* Fix several crashes and rendering issues.

2.16.4:
* Fix web process deadlock when seeking youtube videos.
* Fix blob downloads.
* Improve theme rendering performance when using GTK+ >= 3.20.
* Fix positioning of popup menus in Wayland.
* Fix several crashes and rendering issues.

2.16.5:
* Fix a web process crash when page finishes loading in several web sites.
* Fix the menu of select elements not showing in some cases under Wayland.

2.16.6
* Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.
* Fix the build when Wayland target is enabled and X11 disabled.
* Fix several crashes and rendering issues.