Bug 1817143 - Rebase WebKitGTK to 2.28
Summary: Rebase WebKitGTK to 2.28
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: webkit2gtk3
Version: 8.3
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: 8.0
Assignee: Michael Catanzaro
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1818660 1821107 1821111 1821114
TreeView+ depends on / blocked
 
Reported: 2020-03-25 16:51 UTC by Michael Catanzaro
Modified: 2020-11-04 01:36 UTC (History)
6 users (show)

Fixed In Version: webkit2gtk3-2.28.2-1.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-04 01:34:53 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:4451 0 None None None 2020-11-04 01:35:33 UTC

Description Michael Catanzaro 2020-03-25 16:51:03 UTC
Rebase WebKitGTK to 2.28. Older branches are EOL.

Comment 1 Leon Fauster 2020-04-18 15:19:15 UTC
Latest (April 16, 2020) / use-after-frees vulnerability:
https://webkitgtk.org/security/WSA-2020-0004.html

Not sure if this is really a rebase?

Latest version of webkit2gtk3 (2.28) still provides 

/usr/lib64/libwebkit2gtk-4.0.so.37

and therefore should be an inplace update?

Maybe this can be landed in 8.2?

Comment 2 Michael Catanzaro 2020-04-18 15:33:47 UTC
(In reply to Leon Fauster from comment #1)
> Latest (April 16, 2020) / use-after-frees vulnerability:
> https://webkitgtk.org/security/WSA-2020-0004.html
> 
> Not sure if this is really a rebase?

There are dozens of other CVEs, including many that we haven't been able to get from Apple yet. No point in cherry-picking patches for just one or two. We will rebase.

> Latest version of webkit2gtk3 (2.28) still provides 
> 
> /usr/lib64/libwebkit2gtk-4.0.so.37
> 
> and therefore should be an inplace update?

Of course.
 
> Maybe this can be landed in 8.2?

That's the goal, but there are various regressions that need to be solved first, so we'll see.

Comment 8 Milan Crha 2020-06-11 13:46:31 UTC
Just for the record, I'm going to build Evolution with a tiny change, as discussed in bug #1817144 comment #7 and below there.

Comment 9 Milan Crha 2020-06-11 13:55:46 UTC
The version with the added patch is evolution-3.28.5-14.el8.

Comment 18 errata-xmlrpc 2020-11-04 01:34:53 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: GNOME security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4451


Note You need to log in before you can comment on or make changes to this bug.