[ubuntu/focal-proposed] webkit2gtk 2.26.3-1ubuntu1 (Accepted)
Sebastien Bacher
seb128 at debian.org
Tue Jan 28 09:04:15 UTC 2020
webkit2gtk (2.26.3-1ubuntu1) focal; urgency=medium
* Resynchronize on Debian, remaining change
* debian/patches/upstream_egl_fix.patch:
- backport an upstream commit to fix the build with the new libegl
webkit2gtk (2.26.3-1) unstable; urgency=high
* New upstream release.
* The WebKitGTK security advisory WSA-2019-0006 lists the following
security fixes in the latest versions of WebKitGTK:
+ CVE-2019-8765, CVE-2019-8821, CVE-2019-8822 (fixed in 2.24.4)
+ CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766,
CVE-2019-8782, CVE-2019-8808, CVE-2019-8815 (fixed in 2.26.0)
+ CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8823 (fixed in 2.26.1)
+ CVE-2019-8812, CVE-2019-8814 (fixed in 2.26.2)
* Build without the bubblewrap sandbox if the required dependencies are
not available (Closes: #944731):
+ debian/rules:
- Pass -DENABLE_BUBBLEWRAP_SANDBOX depending on whether libseccomp
is installed.
- Add runtime dependencies on bubblewrap and xdg-dbus-proxy
conditionally to the status of ENABLE_BUBBLEWRAP_SANDBOX.
+ debian/control:
- Don't require bubblewrap, xdg-dbus-proxy or libseccomp-dev in
alpha, ia64, m68k, riscv64, sh4 or sparc64.
* Enable USE_WPE_RENDERER:
+ debian/control:
- Add build dependency on libwpebackend-fdo-1.0-dev.
+ debian/rules:
- Set USE_WPE_RENDERER depending on whether wpebackend-fdo is
available or not (this allows disabling it by simply removing the
build dependency).
* debian/rules:
+ Use -g1 in all builds. The webkit2gtk debug packages are huge and
I'm not convinced that they have been very useful for reporting
bugs. Using -g1 is enough for a basic backtrace and it makes the
packages easier to handle.
+ Install the NEWS file using debian/libwebkit2gtk-4.0-37.docs.
* debian/control:
+ Switch build dependency from libenchant-dev to libenchant-2-dev
(Closes: #948106).
+ Add build dependency on libx11-xcb-dev (Closes: #949430).
+ Add Rules-Requires-Root: no.
* debian/patches/use-python3.patch:
+ The unversioned python interpreter (i.e. Python 2) is not installed
by default anymore, so use Python 3 instead (Closes: #948839).
* debian/patches/user-agent-branding.patch:
+ Refresh.
* debian/libwebkit2gtk-4.0-37.symbols:
+ Add Build-Depends-Package field.
* debian/copyright:
+ Update copyright years.
webkit2gtk (2.26.2-1) unstable; urgency=medium
* New upstream release.
* debian/rules:
+ Stop building with -O1 for armhf and friends, the build seems to
work just fine with -O2 now.
* debian/control:
+ Require bubblewrap >= 0.3.1.
* debian/patches/force-single-process.patch:
+ Remove this patch, the fixed version of Geary (3.34.1) is now in
unstable.
* The WebKitGTK security advisory WSA-2019-0005 lists the following
security fixes in the latest versions of WebKitGTK:
+ CVE-2019-8768 (fixed in 2.24.0).
+ CVE-2019-8735 (fixed in 2.24.2).
+ CVE-2019-8726 (fixed in 2.24.3).
+ CVE-2019-8674, CVE-2019-8707, CVE-2019-8719, CVE-2019-8733 and
CVE-2019-8763 (fixed in 2.24.4).
+ CVE-2019-8625, CVE-2019-8720, CVE-2019-8769 and CVE-2019-8771
(fixed in 2.26.0).
Date: Tue, 28 Jan 2020 10:03:10 +0100
Changed-By: Sebastien Bacher <seb128 at debian.org>
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/webkit2gtk/2.26.3-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 28 Jan 2020 10:03:10 +0100
Source: webkit2gtk
Binary: libjavascriptcoregtk-4.0-18 libjavascriptcoregtk-4.0-dev libjavascriptcoregtk-4.0-bin gir1.2-javascriptcoregtk-4.0 libwebkit2gtk-4.0-37 libwebkit2gtk-4.0-dev libwebkit2gtk-4.0-doc gir1.2-webkit2-4.0 libwebkit2gtk-4.0-37-gtk2 webkit2gtk-driver
Architecture: source
Version: 2.26.3-1ubuntu1
Distribution: focal
Urgency: high
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
Changed-By: Sebastien Bacher <seb128 at debian.org>
Description:
gir1.2-javascriptcoregtk-4.0 - JavaScript engine library from WebKitGTK - GObject introspection
gir1.2-webkit2-4.0 - Web content engine library for GTK - GObject introspection data
libjavascriptcoregtk-4.0-18 - JavaScript engine library from WebKitGTK
libjavascriptcoregtk-4.0-bin - JavaScript engine library from WebKitGTK - command-line interpret
libjavascriptcoregtk-4.0-dev - JavaScript engine library from WebKitGTK - development files
libwebkit2gtk-4.0-37 - Web content engine library for GTK
libwebkit2gtk-4.0-37-gtk2 - Transitional dummy package
libwebkit2gtk-4.0-dev - Web content engine library for GTK - development files
libwebkit2gtk-4.0-doc - Web content engine library for GTK - documentation
webkit2gtk-driver - WebKitGTK WebDriver support
Closes: 944731 948106 948839 949430
Changes:
webkit2gtk (2.26.3-1ubuntu1) focal; urgency=medium
.
* Resynchronize on Debian, remaining change
* debian/patches/upstream_egl_fix.patch:
- backport an upstream commit to fix the build with the new libegl
.
webkit2gtk (2.26.3-1) unstable; urgency=high
.
* New upstream release.
* The WebKitGTK security advisory WSA-2019-0006 lists the following
security fixes in the latest versions of WebKitGTK:
+ CVE-2019-8765, CVE-2019-8821, CVE-2019-8822 (fixed in 2.24.4)
+ CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766,
CVE-2019-8782, CVE-2019-8808, CVE-2019-8815 (fixed in 2.26.0)
+ CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, CVE-2019-8816,
CVE-2019-8819, CVE-2019-8820, CVE-2019-8823 (fixed in 2.26.1)
+ CVE-2019-8812, CVE-2019-8814 (fixed in 2.26.2)
* Build without the bubblewrap sandbox if the required dependencies are
not available (Closes: #944731):
+ debian/rules:
- Pass -DENABLE_BUBBLEWRAP_SANDBOX depending on whether libseccomp
is installed.
- Add runtime dependencies on bubblewrap and xdg-dbus-proxy
conditionally to the status of ENABLE_BUBBLEWRAP_SANDBOX.
+ debian/control:
- Don't require bubblewrap, xdg-dbus-proxy or libseccomp-dev in
alpha, ia64, m68k, riscv64, sh4 or sparc64.
* Enable USE_WPE_RENDERER:
+ debian/control:
- Add build dependency on libwpebackend-fdo-1.0-dev.
+ debian/rules:
- Set USE_WPE_RENDERER depending on whether wpebackend-fdo is
available or not (this allows disabling it by simply removing the
build dependency).
* debian/rules:
+ Use -g1 in all builds. The webkit2gtk debug packages are huge and
I'm not convinced that they have been very useful for reporting
bugs. Using -g1 is enough for a basic backtrace and it makes the
packages easier to handle.
+ Install the NEWS file using debian/libwebkit2gtk-4.0-37.docs.
* debian/control:
+ Switch build dependency from libenchant-dev to libenchant-2-dev
(Closes: #948106).
+ Add build dependency on libx11-xcb-dev (Closes: #949430).
+ Add Rules-Requires-Root: no.
* debian/patches/use-python3.patch:
+ The unversioned python interpreter (i.e. Python 2) is not installed
by default anymore, so use Python 3 instead (Closes: #948839).
* debian/patches/user-agent-branding.patch:
+ Refresh.
* debian/libwebkit2gtk-4.0-37.symbols:
+ Add Build-Depends-Package field.
* debian/copyright:
+ Update copyright years.
.
webkit2gtk (2.26.2-1) unstable; urgency=medium
.
* New upstream release.
* debian/rules:
+ Stop building with -O1 for armhf and friends, the build seems to
work just fine with -O2 now.
* debian/control:
+ Require bubblewrap >= 0.3.1.
* debian/patches/force-single-process.patch:
+ Remove this patch, the fixed version of Geary (3.34.1) is now in
unstable.
* The WebKitGTK security advisory WSA-2019-0005 lists the following
security fixes in the latest versions of WebKitGTK:
+ CVE-2019-8768 (fixed in 2.24.0).
+ CVE-2019-8735 (fixed in 2.24.2).
+ CVE-2019-8726 (fixed in 2.24.3).
+ CVE-2019-8674, CVE-2019-8707, CVE-2019-8719, CVE-2019-8733 and
CVE-2019-8763 (fixed in 2.24.4).
+ CVE-2019-8625, CVE-2019-8720, CVE-2019-8769 and CVE-2019-8771
(fixed in 2.26.0).
Checksums-Sha1:
bc75f627e04dbff0fccedd62b2cb8a576ccd1ddf 3467 webkit2gtk_2.26.3-1ubuntu1.dsc
8d5a7b4f330788847f85e1b2cb6191435dcf9f28 19331900 webkit2gtk_2.26.3.orig.tar.xz
749ea447b6d373dd3cc9a67f6263a2279214fd82 63068 webkit2gtk_2.26.3-1ubuntu1.debian.tar.xz
Checksums-Sha256:
b6aea13b84023113734d0b9bc2f8c119486a309048898aeef85e17719aa5c0a7 3467 webkit2gtk_2.26.3-1ubuntu1.dsc
add51153943cc11d90a7038d0ea5f6332281e6c0be0640f802a211b035f0e611 19331900 webkit2gtk_2.26.3.orig.tar.xz
7656b605aae0c4bcd0873ef74e88942f69813f497b7d9dee0ba50d7437be4902 63068 webkit2gtk_2.26.3-1ubuntu1.debian.tar.xz
Files:
12fa50a59119e48865b3fc46467094b1 3467 web optional webkit2gtk_2.26.3-1ubuntu1.dsc
4c27d59a032710dae3cffa5990bb6aea 19331900 web optional webkit2gtk_2.26.3.orig.tar.xz
cbd1f5ed3637b1951f1e8299700f2025 63068 web optional webkit2gtk_2.26.3-1ubuntu1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAl4v+JoACgkQQxo87aLX0pLQkQCfYFLqCLDHJhXfvaXPXNnfqqPc
axAAnj4vOTObxha1MUjbT31ZUBZLEayE
=Js/G
-----END PGP SIGNATURE-----
More information about the Focal-changes
mailing list