GNU bug report logs - #26390
Guitarix: Don't use webkitgtk-2.4

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Fri, 7 Apr 2017 11:59:01 UTC

Severity: normal

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Leo Famulari <leo <at> famulari.name>
Subject: bug#26390: closed (Re: Guitarix: Don't use webkitgtk-2.4)
Date: Fri, 07 Apr 2017 13:39:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#26390: Guitarix: Don't use webkitgtk-2.4

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 26390 <at> debbugs.gnu.org.

-- 
26390: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=26390
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: 26390-done <at> debbugs.gnu.org
Subject: Re: Guitarix: Don't use webkitgtk-2.4
Date: Fri, 7 Apr 2017 09:38:18 -0400

[Message part 3 (text/plain, inline)]
On Fri, Apr 07, 2017 at 02:31:06PM +0200, Ricardo Wurmus wrote:
> Leo Famulari <leo <at> famulari.name> writes:
> > This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
> > starts without; I don't know what features are disabled.
> 
> Sounds good to me!
> 
> Webkitgtk was added only somewhat recently to the dependencies.  When I
> added it some time ago it was not optional AFAIR.  If you’ve built it
> successfully without webkitgtk that’s great.

Okay, I've pushed the change.

> It was used for a built-in plugin browser, I think.

Let me know if you notice any breakage.

[signature.asc (application/pgp-signature, inline)]
[Message part 5 (message/rfc822, inline)]
From: Leo Famulari <leo <at> famulari.name>
To: guix-patches <at> gnu.org
Cc: Ricardo Wurmus <rekado <at> elephly.net>
Subject: Guitarix: Don't use webkitgtk-2.4
Date: Fri, 7 Apr 2017 07:57:54 -0400

[Message part 6 (text/plain, inline)]
Webkitgtk-2.4 is unmaintained upstream and contains a large number of
security vulnerabilities. The webkitgtk developers have asked
distributions to stop offering it. [0]

This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
starts without; I don't know what features are disabled.

Ricardo, what do you think?

[0]
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

[0001-gnu-guitarix-Disable-webkit-features.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 8 years and 108 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.