Bug#991554: marked as done (unblock: webkit2gtk/2.32.3-1)

To: Sebastian Ramacher <sramacher@respighi.debian.org>
Subject: Bug#991554: marked as done (unblock: webkit2gtk/2.32.3-1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 27 Jul 2021 19:03:05 +0000
Message-id: <[🔎] handler.991554.D991554.162741246518485.ackdone@bugs.debian.org>
Reply-to: 991554@bugs.debian.org
References: <E1m8SK5-0004K1-CN@respighi.debian.org> <[🔎] 162739360201.17270.9995355952945016371.reportbug@perseus.local>

Your message dated Tue, 27 Jul 2021 19:01:01 +0000
with message-id <E1m8SK5-0004K1-CN@respighi.debian.org>
and subject line unblock webkit2gtk
has caused the Debian Bug report #991554,
regarding unblock: webkit2gtk/2.32.3-1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991554: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991554
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: webkit2gtk/2.32.3-1
From: Alberto Garcia <berto@igalia.com>
Date: Tue, 27 Jul 2021 15:46:42 +0200
Message-id: <[🔎] 162739360201.17270.9995355952945016371.reportbug@perseus.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package webkit2gtk

Starting from buster webkit2gtk has been receiving security updates,
with a dozen DSAs published so far, at a pace of once every month or
two. These updates follow the upstream stable releases.

webkit2gtk 2.32.3 is the most recent stable point release. It was
published on the 23rd of July, and contains fixes for 13 security
bugs: CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665,
CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744,
CVE-2021-30749, CVE-2021-30758, CVE-2021-30795, CVE-2021-30797 and
CVE-2021-30799

See the upstream security advisory for more details:

   https://webkitgtk.org/security/WSA-2021-0004.html

(note that it includes bugs that were fixed in earlier WebKitGTK
releases)

The debian part of the debdiff (attached) contains no changes other
than an update for a m68k-specific patch that fixes the build in that
architecture.

After this is unblocked I'll prepare a security update for buster.

unblock webkit2gtk/2.32.3-1

diff -Nru webkit2gtk-2.32.1/debian/changelog webkit2gtk-2.32.3/debian/changelog
--- webkit2gtk-2.32.1/debian/changelog	2021-06-07 10:39:51.000000000 +0200
+++ webkit2gtk-2.32.3/debian/changelog	2021-07-25 00:25:47.000000000 +0200
@@ -1,3 +1,30 @@
+webkit2gtk (2.32.3-1) unstable; urgency=high
+
+  * New upstream release.
+  * The WebKitGTK security advisory WSA-2021-0004 lists the following
+    security fixes in the latest versions of WebKitGTK:
+    + CVE-2021-30666, CVE-2021-30761 (fixed in 2.26.0).
+    + CVE-2021-30762 (fixed in 2.28.0).
+    + CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826,
+      CVE-2021-30661 (fixed in 2.30.0).
+    + CVE-2021-21806 (fixed in 2.30.6).
+    + CVE-2021-30682 (fixed in 2.32.0).
+    + CVE-2021-30758 (fixed in 2.32.2).
+    + CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665,
+      CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744,
+      CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799
+      (fixed in 2.32.3).
+
+ -- Alberto Garcia <berto@igalia.com>  Sun, 25 Jul 2021 00:25:47 +0200
+
+webkit2gtk (2.32.2-1) unstable; urgency=medium
+
+  * New upstream release.
+  * debian/patches/fix-ftbfs-m68k.patch:
+    + Update patch.
+
+ -- Alberto Garcia <berto@igalia.com>  Fri, 09 Jul 2021 13:41:26 +0200
+
 webkit2gtk (2.32.1-2) unstable; urgency=high
 
   * debian/control:
diff -Nru webkit2gtk-2.32.1/debian/patches/fix-ftbfs-m68k.patch webkit2gtk-2.32.3/debian/patches/fix-ftbfs-m68k.patch
--- webkit2gtk-2.32.1/debian/patches/fix-ftbfs-m68k.patch	2021-06-07 10:39:51.000000000 +0200
+++ webkit2gtk-2.32.3/debian/patches/fix-ftbfs-m68k.patch	2021-07-25 00:25:47.000000000 +0200
@@ -196,3 +196,19 @@
  
  bool CSSValue::isImplicitInitialValue() const
  {
+Index: webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/rendering/InlineFlowBox.cpp
++++ webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+@@ -53,7 +53,11 @@ struct SameSizeAsInlineFlowBox : public
+     void* pointers[5];
+ };
+ 
++#if defined(__m68k__)
++COMPILE_ASSERT(sizeof(InlineFlowBox) >= sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small);
++#else
+ COMPILE_ASSERT(sizeof(InlineFlowBox) == sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small);
++#endif
+ 
+ #if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+

--- End Message ---

--- Begin Message ---

To: 991554-done@bugs.debian.org

Subject: unblock webkit2gtk

From: Sebastian Ramacher <sramacher@respighi.debian.org>

Date: Tue, 27 Jul 2021 19:01:01 +0000

Message-id: <E1m8SK5-0004K1-CN@respighi.debian.org>
Unblocked.
--- End Message ---

Reply to:

References:
- Bug#991554: unblock: webkit2gtk/2.32.3-1
  - From: Alberto Garcia <berto@igalia.com>

Prev by Date: Bug#991560: unblock: six/1.16.0-2
Next by Date: Bug#990945: marked as done (unblock: cog/0.10.0-2)
Previous by thread: Bug#991554: unblock: webkit2gtk/2.32.3-1
Next by thread: Bug#991555: unblock: wpewebkit/2.32.3-1
Index(es):
- Date
- Thread