Skip to content
Snippets Groups Projects

Wip/ritesh/debian security update 2019

  1. Apr 29, 2020
  2. Apr 16, 2020
  3. Mar 30, 2020
  4. Mar 16, 2020
    • Alberto Garcia's avatar
      Import Debian changes 2.26.4-1~deb10u2 · 67c1c3b0
      Alberto Garcia authored
      webkit2gtk (2.26.4-1~deb10u2) buster-security; urgency=medium
      
        * debian/patches/cve-2020-10018-fix.patch:
          + Cherry-pick fix for CVE-2020-10018.
      
      webkit2gtk (2.26.4-1~deb10u1) buster-security; urgency=medium
      
        * Rebuild for buster-backports.
        * debian/patches/force-single-process.patch:
          + Force the single-process mode in Evolution and Geary
        * debian/control:
          + Remove Breaks for Evolution < 3.34.1.
          + Remove build dependency on libwpebackend-fdo-1.0-dev.
          + Switch build dependency from libenchant-2-dev to libenchant-dev.
      
      webkit2gtk (2.26.4-1) unstable; urgency=high
      
        * New upstream release.
        * The WebKitGTK security advisory WSA-2020-0001 lists the following
          security fixes in the latest versions of WebKitGTK:
          + CVE-2019-8835, CVE-2019-8844, CVE-2019-8846 (fixed in 2.26.3)
        * The WebKitGTK security advisory WSA-2020-0002 lists the following
          security fixes in the latest versions of WebKitGTK:
          + CVE-2020-3862, CVE-2020-3864, CVE-2020-3865, CVE-2020-3867,
            CVE-2020-3868 (fixed in 2.26.4)
        * debian/rules:
          + Don't use the Gold linker on powerpc (Closes: #949618).
          + Run dh with --builddirectory=build. Some source files are generated
            inside this directory and are later referenced from the .gir files
            so their path names should be independent from the architecture.
        * debian/control:
          + Mark libwebkit2gtk-4.0-doc and libwebkit2gtk-4.0-37-gtk2 as
            Multi-Arch: foreign.
          + Update Standards-Version to 4.5.0 (no changes).
        * debian/patches/reduce-memory-overheads.patch:
          + Reduce memory usage when not using the Gold linker
            (Closes: #949621).
        * debian/patches/fix-ftbfs-m68k.patch:
          + Update to make it work with the current release (Closes: #949660).
        * debian/patches/detect-woff.patch:
          + Refresh.
        * Add debian/upstream/metadata.
      
      webkit2gtk (2.26.3-1) unstable; urgency=high
      
        * New upstream release.
        * The WebKitGTK security advisory WSA-2019-0006 lists the following
          security fixes in the latest versions of WebKitGTK:
          + CVE-2019-8765, CVE-2019-8821, CVE-2019-8822 (fixed in 2.24.4)
          + CVE-2019-8710, CVE-2019-8743, CVE-2019-8764, CVE-2019-8766,
            CVE-2019-8782, CVE-2019-8808, CVE-2019-8815 (fixed in 2.26.0)
          + CVE-2019-8783, CVE-2019-8811, CVE-2019-8813, CVE-2019-8816,
            CVE-2019-8819, CVE-2019-8820, CVE-2019-8823 (fixed in 2.26.1)
          + CVE-2019-8812, CVE-2019-8814 (fixed in 2.26.2)
        * Build without the bubblewrap sandbox if the required dependencies are
          not available (Closes: #944731):
          + debian/rules:
            - Pass -DENABLE_BUBBLEWRAP_SANDBOX depending on whether libseccomp
              is installed.
            - Add runtime dependencies on bubblewrap and xdg-dbus-proxy
              conditionally to the status of ENABLE_BUBBLEWRAP_SANDBOX.
          + debian/control:
            - Don't require bubblewrap, xdg-dbus-proxy or libseccomp-dev in
              alpha, ia64, m68k, riscv64, sh4 or sparc64.
        * Enable USE_WPE_RENDERER:
          + debian/control:
            - Add build dependency on libwpebackend-fdo-1.0-dev.
          + debian/rules:
            - Set USE_WPE_RENDERER depending on whether wpebackend-fdo is
              available or not (this allows disabling it by simply removing the
              build dependency).
        * debian/rules:
          + Use -g1 in all builds. The webkit2gtk debug packages are huge and
            I'm not convinced that they have been very useful for reporting
            bugs. Using -g1 is enough for a basic backtrace and it makes the
            packages easier to handle.
          + Install the NEWS file using debian/libwebkit2gtk-4.0-37.docs.
        * debian/control:
          + Switch build dependency from libenchant-dev to libenchant-2-dev
            (Closes: #948106).
          + Add build dependency on libx11-xcb-dev (Closes: #949430).
          + Add Rules-Requires-Root: no.
        * debian/patches/use-python3.patch:
          + The unversioned python interpreter (i.e. Python 2) is not installed
            by default anymore, so use Python 3 instead (Closes: #948839).
        * debian/patches/user-agent-branding.patch:
          + Refresh.
        * debian/libwebkit2gtk-4.0-37.symbols:
          + Add Build-Depends-Package field.
        * debian/copyright:
          + Update copyright years.
      
      webkit2gtk (2.26.2-1) unstable; urgency=medium
      
        * New upstream release.
        * debian/rules:
          + Stop building with -O1 for armhf and friends, the build seems to
            work just fine with -O2 now.
        * debian/control:
          + Require bubblewrap >= 0.3.1.
        * debian/patches/force-single-process.patch:
          + Remove this patch, the fixed version of Geary (3.34.1) is now in
            unstable.
        * The WebKitGTK security advisory WSA-2019-0005 lists the following
          security fixes in the latest versions of WebKitGTK:
          + CVE-2019-8768 (fixed in 2.24.0).
          + CVE-2019-8735 (fixed in 2.24.2).
          + CVE-2019-8726 (fixed in 2.24.3).
          + CVE-2019-8674, CVE-2019-8707, CVE-2019-8719, CVE-2019-8733 and
            CVE-2019-8763 (fixed in 2.24.4).
          + CVE-2019-8625, CVE-2019-8720, CVE-2019-8769 and CVE-2019-8771
            (fixed in 2.26.0).
      67c1c3b0
  5. Mar 18, 2020
Loading