GNU bug report logs -
#26390
Guitarix: Don't use webkitgtk-2.4
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Fri, 7 Apr 2017 11:59:01 UTC
Severity: normal
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 26390 in the body.
You can then email your comments to 26390 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#26390; Package
guix-patches.
(Fri, 07 Apr 2017 11:59:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Fri, 07 Apr 2017 11:59:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Webkitgtk-2.4 is unmaintained upstream and contains a large number of
security vulnerabilities. The webkitgtk developers have asked
distributions to stop offering it. [0]
This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
starts without; I don't know what features are disabled.
Ricardo, what do you think?
[0]
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
[0001-gnu-guitarix-Disable-webkit-features.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#26390; Package
guix-patches.
(Fri, 07 Apr 2017 12:32:02 GMT)
Full text and
rfc822 format available.
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
Leo Famulari <leo <at> famulari.name> writes:
> Webkitgtk-2.4 is unmaintained upstream and contains a large number of
> security vulnerabilities. The webkitgtk developers have asked
> distributions to stop offering it. [0]
>
> This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
> starts without; I don't know what features are disabled.
>
> Ricardo, what do you think?
Sounds good to me!
Webkitgtk was added only somewhat recently to the dependencies. When I
added it some time ago it was not optional AFAIR. If you’ve built it
successfully without webkitgtk that’s great.
It was used for a built-in plugin browser, I think.
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Fri, 07 Apr 2017 13:39:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Fri, 07 Apr 2017 13:39:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 26390-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Fri, Apr 07, 2017 at 02:31:06PM +0200, Ricardo Wurmus wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> > This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
> > starts without; I don't know what features are disabled.
>
> Sounds good to me!
>
> Webkitgtk was added only somewhat recently to the dependencies. When I
> added it some time ago it was not optional AFAIR. If you’ve built it
> successfully without webkitgtk that’s great.
Okay, I've pushed the change.
> It was used for a built-in plugin browser, I think.
Let me know if you notice any breakage.
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Sat, 06 May 2017 11:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 8 years and 105 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.