Bug#991555: unblock: wpewebkit/2.32.3-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#991555: unblock: wpewebkit/2.32.3-1
From: Alberto Garcia <berto@igalia.com>
Date: Tue, 27 Jul 2021 15:57:42 +0200
Message-id: <[🔎] 162739426297.18631.11138940824641966407.reportbug@perseus.local>
Reply-to: Alberto Garcia <berto@igalia.com>, 991555@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package wpewebkit

Starting from bullseye we are providing security updates to wpewebkit,
in the same way that we are already doing it for webkit2gtk.

wpewebkit 2.32.3 is the most recent stable point release and contains
fixes for 13 security bugs.

See #991554 for more details because the list of bugs is the same one,
as both wpewebkit and webkit2gtk share most of the code and the same
comments apply.

The only difference is that there won't be a security update for
buster because wpewebkit is not covered by security support in that
distribution.

unblock wpewebkit/2.32.3-1

diff -Nru wpewebkit-2.32.1/debian/changelog wpewebkit-2.32.3/debian/changelog
--- wpewebkit-2.32.1/debian/changelog	2021-05-08 16:53:58.000000000 +0200
+++ wpewebkit-2.32.3/debian/changelog	2021-07-25 00:45:03.000000000 +0200
@@ -1,3 +1,28 @@
+wpewebkit (2.32.3-1) unstable; urgency=high
+
+  * New upstream release.
+  * The WPE WebKit security advisory WSA-2021-0004 lists the following
+    security fixes in the latest versions of WPE WebKit:
+    + CVE-2021-30666, CVE-2021-30761 (fixed in 2.26.0).
+    + CVE-2021-30762 (fixed in 2.28.0).
+    + CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826,
+      CVE-2021-30661 (fixed in 2.30.0).
+    + CVE-2021-21806 (fixed in 2.30.6).
+    + CVE-2021-30682 (fixed in 2.32.0).
+    + CVE-2021-30758 (fixed in 2.32.2).
+    + CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665,
+      CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744,
+      CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799
+      (fixed in 2.32.3).
+
+ -- Alberto Garcia <berto@igalia.com>  Sun, 25 Jul 2021 00:45:03 +0200
+
+wpewebkit (2.32.2-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Alberto Garcia <berto@igalia.com>  Mon, 12 Jul 2021 22:06:41 +0200
+
 wpewebkit (2.32.1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch
--- wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch	2021-05-08 16:53:58.000000000 +0200
+++ wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch	2021-07-25 00:45:03.000000000 +0200
@@ -196,3 +196,19 @@
  
  bool CSSValue::isImplicitInitialValue() const
  {
+Index: webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/rendering/InlineFlowBox.cpp
++++ webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+@@ -53,7 +53,11 @@ struct SameSizeAsInlineFlowBox : public
+     void* pointers[5];
+ };
+ 
++#if defined(__m68k__)
++COMPILE_ASSERT(sizeof(InlineFlowBox) >= sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small);
++#else
+ COMPILE_ASSERT(sizeof(InlineFlowBox) == sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small);
++#endif
+ 
+ #if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+

Reply to:

Prev by Date: Bug#991554: unblock: webkit2gtk/2.32.3-1
Next by Date: Bug#991535: marked as done (unblock: developers-reference/11.0.21)
Previous by thread: Bug#991554: marked as done (unblock: webkit2gtk/2.32.3-1)
Next by thread: Bug#989939: marked as done (unblock: vala/0.48.18-1)
Index(es):
- Date
- Thread