GNU bug report logs - #51564
Old libsoup package failing system reconfigure

Previous Next

Full log

Message #31 received at 51564 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Liliana Marie Prikler <liliana.prikler <at> gmail.com>, Leo Famulari
 <leo <at> famulari.name>, 51564 <at> debbugs.gnu.org
Subject: Re: bug#51564: [PATCH] gnu: webkitgtk: Fix configure failures.
Date: Tue, 02 Nov 2021 13:31:59 -0400

Hi Liliana,

Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:
> I'm now trying 2.34.4 (same version and hash as c-u-f), which at least
> appears to build further than the bug we both encounter.

As far as I can tell, WebKitGTK 2.34.4 doesn't yet exist.  The newest
version available at <https://www.webkitgtk.org/releases/>, and the only
release version that has fixed the announced security flaws, is 2.34.1,
which is the one that we're failing to build successfully with GCC 7.5.

The version of WebKitGTK that I see on 'core-updates-frozen' is not
2.34.4, but rather 2.32.4, which is the version we had on 'master'
before the (apparently untested) security update commit 8797a07ac0.

Unfortunately that version is vulnerable to CVE-2021-30846,
CVE-2021-30851, and CVE-2021-42762, according to
<https://www.webkitgtk.org/security/WSA-2021-0006.html>,

Am I missing something?

I don't have time to work on this today, but I have two suggestions:
(1) look in the upstream git repo for updates that might fix this issue,
or (2) try using a newer C++ compiler.

Anyway, thanks very much for looking into it.

      Regards,
        Mark

-- 
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.