Bug 1476707 - Rebase webkitgtk4 from 2.14 to 2.16 for RHEL 7.5
Summary: Rebase webkitgtk4 from 2.14 to 2.16 for RHEL 7.5
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: webkitgtk4
Version: 7.5
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Tomas Popela
QA Contact: Desktop QE
Jana Heves
URL:
Whiteboard:
Depends On:
Blocks: 1477211 1477926 1479818
TreeView+ depends on / blocked
 
Reported: 2017-07-31 09:11 UTC by Tomas Popela
Modified: 2018-04-10 10:33 UTC (History)
5 users (show)

Fixed In Version: webkitgtk4-2.16.6-1.el7
Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
_webkitgtk4_ rebased to version 2.16 The _webkitgtk4_ package has been upgraded to version 2.16, which provides a number of enhancements over the previous version. Notable enhancements include: * To reduce memory consumption, hardware acceleration is now enabled on demand. * _webkitgtk4_ contains a new WebKitSetting plug-in to set the hardware acceleration policy. * CSS Grid Layout is enabled by default. * Private browsing has been improved by adding a new API to create ephemeral web views. * A new API has been provided to handle website data. * Two new debugging tools are now available: memory sampler and resource usage overlay. * GTK+ font settings are now honored. * Theme rendering performance is improved when using GTK+ version 3.20 and higher.
Clone Of:
Environment:
Last Closed: 2018-04-10 10:32:31 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0703 None None None 2018-04-10 10:33:07 UTC

Description Tomas Popela 2017-07-31 09:11:31 UTC 
As subject says, rebase webkitgtk4 from 2.14 to the latest 2.16 release for RHEL 7.5 to get rid of various downstream patches that were committed to upstream and clean patches that were backported from 2.16 to 2.14.

WebKitGTK+ Security Advisories:

https://www.webkitgtk.org/security/WSA-2017-0003.html
https://www.webkitgtk.org/security/WSA-2017-0004.html
https://www.webkitgtk.org/security/WSA-2017-0005.html
https://www.webkitgtk.org/security/WSA-2017-0006.html


Here are the CVEs fixed in 2.16 so far:

CVE-2016-9642, CVE-2017-2376, CVE-2017-2386, CVE-2017-2395, CVE-2017-2396, CVE-2017-2405, CVE-2017-2433, CVE-2017-2445, CVE-2017-2447, CVE-2017-2455, CVE-2017-2457, CVE-2017-2464, CVE-2017-2469, CVE-2017-2539, CVE-2017-2496, CVE-2017-2504, CVE-2017-2505, CVE-2017-2506, CVE-2017-2508, CVE-2017-2510, CVE-2017-2514, CVE-2017-2515, CVE-2017-2521, CVE-2017-2525, CVE-2017-2526, CVE-2017-2528, CVE-2017-2530, CVE-2017-2531, CVE-2017-2536, CVE-2017-2539, CVE-2017-2544, CVE-2017-2547, CVE-2017-2549, CVE-2017-6980, CVE-2017-6984, CVE-2017-2538, CVE-2017-2424, CVE-2017-7006, CVE-2017-7011, CVE-2017-7012, CVE-2017-7018, CVE-2017-7019, CVE-2017-7020, CVE-2017-7030, CVE-2017-7034, CVE-2017-7037, CVE-2017-7038, CVE-2017-7039, CVE-2017-7040, CVE-2017-7041, CVE-2017-7042, CVE-2017-7043, CVE-2017-7046, CVE-2017-7048, CVE-2017-7049, CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7059, CVE-2017-7061, CVE-2017-7064


Here is a changelog:

2.16.0:
* Hardware acceleration is now enabled on demand to drastically reduce memory consumption.
* CSS Grid Layout is enabled by default.
* New WebKitSetting to set the hardware acceleration policy.
* UI process API to configure network proxy settings.
* Improved private browsing by adding new API to create ephemeral web views.
* New API to handle website data.
* Debug tools: memory sampler and resource usage overlay

2.16.1:
* Fix no-third-party cookies policy in case of redirections.
* Keep URL fragments after server redirections.
* Honor GTK+ font settings.
* Ensure depth and stencil renderbuffers are created on GLESv2.
* Prevent new navigations from onbeforeunload handler and document unload.
* Disallow beforeunload alerts from web pages users have never interacted with.
* Fix several crashes and rendering issues.

2.16.2:

* Update user agent quirks to make Youtube and new Google login page work. (already backported for RHEL 7.4)
* Fix rendering of animated PNGs.
* Fix playing of some live streams.
* Update several web inspector icons.
* Fix the build with NPAPI plugins enabled but X11 disabled.
* Fix the build with OpenGL disabled.
* Fix several crashes and rendering issues.

2.16.3:

* Fix URL shown in the title of beforeunload dialogs.
* Focus first input field of HTTP authentication dialog.
* Fix rendering glitches in HiDPI in long GitHub Gist pages when focusing the comments textarea.
* Remove Firefox user agent quirk for Google domains.
* Remove LATEST_RECORD_VERSION from GnuTLS priority string.
* Fix several crashes and rendering issues.

2.16.4:
* Fix web process deadlock when seeking youtube videos.
* Fix blob downloads.
* Improve theme rendering performance when using GTK+ >= 3.20.
* Fix positioning of popup menus in Wayland.
* Fix several crashes and rendering issues.

2.16.5:
* Fix a web process crash when page finishes loading in several web sites.
* Fix the menu of select elements not showing in some cases under Wayland.

2.16.6
* Fix rendering of spin buttons with GTK+ >= 3.20 when the entry width is too short.
* Fix the build when Wayland target is enabled and X11 disabled.
* Fix several crashes and rendering issues.
Comment 7 Tomas Popela 2018-01-09 08:47:32 UTC 
Jani can you please swap the second and third bullet in the docs? Thank you
Comment 10 errata-xmlrpc 2018-04-10 10:32:31 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0703
Note You need to log in before you can comment on or make changes to this bug.