[ubuntu/focal-proposed] webkit2gtk 2.26.3-1ubuntu1 (Accepted)

Sebastien Bacher seb128 at debian.org
Tue Jan 28 09:04:15 UTC 2020 

webkit2gtk (2.26.3-1ubuntu1) focal; urgency=medium

  * Resynchronize on Debian, remaining change
  * debian/patches/upstream_egl_fix.patch:
    - backport an upstream commit to fix the build with the new libegl

webkit2gtk (2.26.3-1) unstable; urgency=high

  * New upstream release.
  * The WebKitGTK security advisory WSA-2019-0006 lists the following
    security fixes in the latest versions of WebKitGTK:
    + CVE-2019-8765, CVE-2019-8821, CVE-2019-8822 (fixed in 2.24.4)
    + CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766,
      CVE-2019-8782, CVE-2019-8808, CVE-2019-8815 (fixed in 2.26.0)
    + CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, CVE-2019-8816,
      CVE-2019-8819, CVE-2019-8820, CVE-2019-8823 (fixed in 2.26.1)
    + CVE-2019-8812, CVE-2019-8814 (fixed in 2.26.2)
  * Build without the bubblewrap sandbox if the required dependencies are
    not available (Closes: #944731):
    + debian/rules:
      - Pass -DENABLE_BUBBLEWRAP_SANDBOX depending on whether libseccomp
        is installed.
      - Add runtime dependencies on bubblewrap and xdg-dbus-proxy
        conditionally to the status of ENABLE_BUBBLEWRAP_SANDBOX.
    + debian/control:
      - Don't require bubblewrap, xdg-dbus-proxy or libseccomp-dev in
        alpha, ia64, m68k, riscv64, sh4 or sparc64.
  * Enable USE_WPE_RENDERER:
    + debian/control:
      - Add build dependency on libwpebackend-fdo-1.0-dev.
    + debian/rules:
      - Set USE_WPE_RENDERER depending on whether wpebackend-fdo is
        available or not (this allows disabling it by simply removing the
        build dependency).
  * debian/rules:
    + Use -g1 in all builds. The webkit2gtk debug packages are huge and
      I'm not convinced that they have been very useful for reporting
      bugs. Using -g1 is enough for a basic backtrace and it makes the
      packages easier to handle.
    + Install the NEWS file using debian/libwebkit2gtk-4.0-37.docs.
  * debian/control:
    + Switch build dependency from libenchant-dev to libenchant-2-dev
      (Closes: #948106).
    + Add build dependency on libx11-xcb-dev (Closes: #949430).
    + Add Rules-Requires-Root: no.
  * debian/patches/use-python3.patch:
    + The unversioned python interpreter (i.e. Python 2) is not installed
      by default anymore, so use Python 3 instead (Closes: #948839).
  * debian/patches/user-agent-branding.patch:
    + Refresh.
  * debian/libwebkit2gtk-4.0-37.symbols:
    + Add Build-Depends-Package field.
  * debian/copyright:
    + Update copyright years.

webkit2gtk (2.26.2-1) unstable; urgency=medium

  * New upstream release.
  * debian/rules:
    + Stop building with -O1 for armhf and friends, the build seems to
      work just fine with -O2 now.
  * debian/control:
    + Require bubblewrap >= 0.3.1.
  * debian/patches/force-single-process.patch:
    + Remove this patch, the fixed version of Geary (3.34.1) is now in
      unstable.
  * The WebKitGTK security advisory WSA-2019-0005 lists the following
    security fixes in the latest versions of WebKitGTK:
    + CVE-2019-8768 (fixed in 2.24.0).
    + CVE-2019-8735 (fixed in 2.24.2).
    + CVE-2019-8726 (fixed in 2.24.3).
    + CVE-2019-8674, CVE-2019-8707, CVE-2019-8719, CVE-2019-8733 and
      CVE-2019-8763 (fixed in 2.24.4).
    + CVE-2019-8625, CVE-2019-8720, CVE-2019-8769 and CVE-2019-8771
      (fixed in 2.26.0).

Date: Tue, 28 Jan 2020 10:03:10 +0100
Changed-By: Sebastien Bacher <seb128 at debian.org>
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/webkit2gtk/2.26.3-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Jan 2020 10:03:10 +0100
Source: webkit2gtk
Binary: libjavascriptcoregtk-4.0-18 libjavascriptcoregtk-4.0-dev libjavascriptcoregtk-4.0-bin gir1.2-javascriptcoregtk-4.0 libwebkit2gtk-4.0-37 libwebkit2gtk-4.0-dev libwebkit2gtk-4.0-doc gir1.2-webkit2-4.0 libwebkit2gtk-4.0-37-gtk2 webkit2gtk-driver
Architecture: source
Version: 2.26.3-1ubuntu1
Distribution: focal
Urgency: high
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
Changed-By: Sebastien Bacher <seb128 at debian.org>
Description:
 gir1.2-javascriptcoregtk-4.0 - JavaScript engine library from WebKitGTK - GObject introspection
 gir1.2-webkit2-4.0 - Web content engine library for GTK - GObject introspection data
 libjavascriptcoregtk-4.0-18 - JavaScript engine library from WebKitGTK
 libjavascriptcoregtk-4.0-bin - JavaScript engine library from WebKitGTK - command-line interpret
 libjavascriptcoregtk-4.0-dev - JavaScript engine library from WebKitGTK - development files
 libwebkit2gtk-4.0-37 - Web content engine library for GTK
 libwebkit2gtk-4.0-37-gtk2 - Transitional dummy package
 libwebkit2gtk-4.0-dev - Web content engine library for GTK - development files
 libwebkit2gtk-4.0-doc - Web content engine library for GTK - documentation
 webkit2gtk-driver - WebKitGTK WebDriver support
Closes: 944731 948106 948839 949430
Changes:
 webkit2gtk (2.26.3-1ubuntu1) focal; urgency=medium
 .
   * Resynchronize on Debian, remaining change
   * debian/patches/upstream_egl_fix.patch:
     - backport an upstream commit to fix the build with the new libegl
 .
 webkit2gtk (2.26.3-1) unstable; urgency=high
 .
   * New upstream release.
   * The WebKitGTK security advisory WSA-2019-0006 lists the following
     security fixes in the latest versions of WebKitGTK:
     + CVE-2019-8765, CVE-2019-8821, CVE-2019-8822 (fixed in 2.24.4)
     + CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766,
       CVE-2019-8782, CVE-2019-8808, CVE-2019-8815 (fixed in 2.26.0)
     + CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, CVE-2019-8816,
       CVE-2019-8819, CVE-2019-8820, CVE-2019-8823 (fixed in 2.26.1)
     + CVE-2019-8812, CVE-2019-8814 (fixed in 2.26.2)
   * Build without the bubblewrap sandbox if the required dependencies are
     not available (Closes: #944731):
     + debian/rules:
       - Pass -DENABLE_BUBBLEWRAP_SANDBOX depending on whether libseccomp
         is installed.
       - Add runtime dependencies on bubblewrap and xdg-dbus-proxy
         conditionally to the status of ENABLE_BUBBLEWRAP_SANDBOX.
     + debian/control:
       - Don't require bubblewrap, xdg-dbus-proxy or libseccomp-dev in
         alpha, ia64, m68k, riscv64, sh4 or sparc64.
   * Enable USE_WPE_RENDERER:
     + debian/control:
       - Add build dependency on libwpebackend-fdo-1.0-dev.
     + debian/rules:
       - Set USE_WPE_RENDERER depending on whether wpebackend-fdo is
         available or not (this allows disabling it by simply removing the
         build dependency).
   * debian/rules:
     + Use -g1 in all builds. The webkit2gtk debug packages are huge and
       I'm not convinced that they have been very useful for reporting
       bugs. Using -g1 is enough for a basic backtrace and it makes the
       packages easier to handle.
     + Install the NEWS file using debian/libwebkit2gtk-4.0-37.docs.
   * debian/control:
     + Switch build dependency from libenchant-dev to libenchant-2-dev
       (Closes: #948106).
     + Add build dependency on libx11-xcb-dev (Closes: #949430).
     + Add Rules-Requires-Root: no.
   * debian/patches/use-python3.patch:
     + The unversioned python interpreter (i.e. Python 2) is not installed
       by default anymore, so use Python 3 instead (Closes: #948839).
   * debian/patches/user-agent-branding.patch:
     + Refresh.
   * debian/libwebkit2gtk-4.0-37.symbols:
     + Add Build-Depends-Package field.
   * debian/copyright:
     + Update copyright years.
 .
 webkit2gtk (2.26.2-1) unstable; urgency=medium
 .
   * New upstream release.
   * debian/rules:
     + Stop building with -O1 for armhf and friends, the build seems to
       work just fine with -O2 now.
   * debian/control:
     + Require bubblewrap >= 0.3.1.
   * debian/patches/force-single-process.patch:
     + Remove this patch, the fixed version of Geary (3.34.1) is now in
       unstable.
   * The WebKitGTK security advisory WSA-2019-0005 lists the following
     security fixes in the latest versions of WebKitGTK:
     + CVE-2019-8768 (fixed in 2.24.0).
     + CVE-2019-8735 (fixed in 2.24.2).
     + CVE-2019-8726 (fixed in 2.24.3).
     + CVE-2019-8674, CVE-2019-8707, CVE-2019-8719, CVE-2019-8733 and
       CVE-2019-8763 (fixed in 2.24.4).
     + CVE-2019-8625, CVE-2019-8720, CVE-2019-8769 and CVE-2019-8771
       (fixed in 2.26.0).
Checksums-Sha1:
 bc75f627e04dbff0fccedd62b2cb8a576ccd1ddf 3467 webkit2gtk_2.26.3-1ubuntu1.dsc
 8d5a7b4f330788847f85e1b2cb6191435dcf9f28 19331900 webkit2gtk_2.26.3.orig.tar.xz
 749ea447b6d373dd3cc9a67f6263a2279214fd82 63068 webkit2gtk_2.26.3-1ubuntu1.debian.tar.xz
Checksums-Sha256:
 b6aea13b84023113734d0b9bc2f8c119486a309048898aeef85e17719aa5c0a7 3467 webkit2gtk_2.26.3-1ubuntu1.dsc
 add51153943cc11d90a7038d0ea5f6332281e6c0be0640f802a211b035f0e611 19331900 webkit2gtk_2.26.3.orig.tar.xz
 7656b605aae0c4bcd0873ef74e88942f69813f497b7d9dee0ba50d7437be4902 63068 webkit2gtk_2.26.3-1ubuntu1.debian.tar.xz
Files:
 12fa50a59119e48865b3fc46467094b1 3467 web optional webkit2gtk_2.26.3-1ubuntu1.dsc
 4c27d59a032710dae3cffa5990bb6aea 19331900 web optional webkit2gtk_2.26.3.orig.tar.xz
 cbd1f5ed3637b1951f1e8299700f2025 63068 web optional webkit2gtk_2.26.3-1ubuntu1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAl4v+JoACgkQQxo87aLX0pLQkQCfYFLqCLDHJhXfvaXPXNnfqqPc
axAAnj4vOTObxha1MUjbT31ZUBZLEayE
=Js/G
-----END PGP SIGNATURE-----

More information about the Focal-changes mailing list