Bug#991555: marked as done (unblock: wpewebkit/2.32.3-2)

To: Paul Gevers <elbrus@debian.org>
Subject: Bug#991555: marked as done (unblock: wpewebkit/2.32.3-2)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 03 Aug 2021 07:24:03 +0000
Message-id: <[🔎] handler.991555.D991555.162797524731323.ackdone@bugs.debian.org>
Reply-to: 991555@bugs.debian.org
References: <274e937a-5efd-32ad-7f54-26e39b6d8bd3@debian.org> <162739426297.18631.11138940824641966407.reportbug@perseus.local>

Your message dated Tue, 3 Aug 2021 09:20:42 +0200
with message-id <274e937a-5efd-32ad-7f54-26e39b6d8bd3@debian.org>
and subject line Re: Bug#991555: unblock: wpewebkit/2.32.3-1
has caused the Debian Bug report #991555,
regarding unblock: wpewebkit/2.32.3-2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
991555: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991555
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: wpewebkit/2.32.3-1
From: Alberto Garcia <berto@igalia.com>
Date: Tue, 27 Jul 2021 15:57:42 +0200
Message-id: <162739426297.18631.11138940824641966407.reportbug@perseus.local>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package wpewebkit

Starting from bullseye we are providing security updates to wpewebkit,
in the same way that we are already doing it for webkit2gtk.

wpewebkit 2.32.3 is the most recent stable point release and contains
fixes for 13 security bugs.

See #991554 for more details because the list of bugs is the same one,
as both wpewebkit and webkit2gtk share most of the code and the same
comments apply.

The only difference is that there won't be a security update for
buster because wpewebkit is not covered by security support in that
distribution.

unblock wpewebkit/2.32.3-1

diff -Nru wpewebkit-2.32.1/debian/changelog wpewebkit-2.32.3/debian/changelog
--- wpewebkit-2.32.1/debian/changelog	2021-05-08 16:53:58.000000000 +0200
+++ wpewebkit-2.32.3/debian/changelog	2021-07-25 00:45:03.000000000 +0200
@@ -1,3 +1,28 @@
+wpewebkit (2.32.3-1) unstable; urgency=high
+
+  * New upstream release.
+  * The WPE WebKit security advisory WSA-2021-0004 lists the following
+    security fixes in the latest versions of WPE WebKit:
+    + CVE-2021-30666, CVE-2021-30761 (fixed in 2.26.0).
+    + CVE-2021-30762 (fixed in 2.28.0).
+    + CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826,
+      CVE-2021-30661 (fixed in 2.30.0).
+    + CVE-2021-21806 (fixed in 2.30.6).
+    + CVE-2021-30682 (fixed in 2.32.0).
+    + CVE-2021-30758 (fixed in 2.32.2).
+    + CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665,
+      CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744,
+      CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799
+      (fixed in 2.32.3).
+
+ -- Alberto Garcia <berto@igalia.com>  Sun, 25 Jul 2021 00:45:03 +0200
+
+wpewebkit (2.32.2-1) unstable; urgency=medium
+
+  * New upstream release.
+
+ -- Alberto Garcia <berto@igalia.com>  Mon, 12 Jul 2021 22:06:41 +0200
+
 wpewebkit (2.32.1-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch
--- wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch	2021-05-08 16:53:58.000000000 +0200
+++ wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch	2021-07-25 00:45:03.000000000 +0200
@@ -196,3 +196,19 @@
  
  bool CSSValue::isImplicitInitialValue() const
  {
+Index: webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+===================================================================
+--- webkitgtk.orig/Source/WebCore/rendering/InlineFlowBox.cpp
++++ webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp
+@@ -53,7 +53,11 @@ struct SameSizeAsInlineFlowBox : public
+     void* pointers[5];
+ };
+ 
++#if defined(__m68k__)
++COMPILE_ASSERT(sizeof(InlineFlowBox) >= sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small);
++#else
+ COMPILE_ASSERT(sizeof(InlineFlowBox) == sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small);
++#endif
+ 
+ #if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED
+

--- End Message ---

--- Begin Message ---

To: Alberto Garcia <berto@igalia.com>, 991555-done@bugs.debian.org

Subject: Re: Bug#991555: unblock: wpewebkit/2.32.3-1

From: Paul Gevers <elbrus@debian.org>

Date: Tue, 3 Aug 2021 09:20:42 +0200

Message-id: <274e937a-5efd-32ad-7f54-26e39b6d8bd3@debian.org>

In-reply-to: <[🔎] 20210802234408.GA7448@perseus.local>

References: <162739426297.18631.11138940824641966407.reportbug@perseus.local> <[🔎] ce80b71d-4c7a-5ed2-3aec-77a71245ee89@debian.org> <162739426297.18631.11138940824641966407.reportbug@perseus.local> <[🔎] 20210802145309.GA4381@igalia.com> <162739426297.18631.11138940824641966407.reportbug@perseus.local> <[🔎] 20210802234408.GA7448@perseus.local>
Hi Alberto,

On 03-08-2021 01:44, Alberto Garcia wrote:
> I uploaded 2.32.3-2 that can be installed in bullseyed with the
> current version of wpebackend-fdo

Thanks, unblock hints added.

Paul
Attachment: OpenPGP_signature
Description: OpenPGP digital signature

--- End Message ---

Reply to:

Prev by Date: Bug#991787: marked as done (unblock: ucspi-unix/1.0-2)
Next by Date: Bug#991821: marked as done (unblock: debian-keyring/2021.07.26)
Previous by thread: Bug#991600: marked as done (unblock: bind9-libs/1:9.11.19+dfsg-2.1)
Next by thread: Bug#991636: marked as done (unblock: projectm/3.1.7-1.1 (pre-approval))
Index(es):
- Date
- Thread