GNU bug report logs -
#67655
[PATCH]: Update webkitgtk to 2.42.3
Previous Next
Reported by: André A. Gomes <andremegafone <at> gmail.com>
Date: Wed, 6 Dec 2023 08:12:02 UTC
Severity: normal
Tags: patch
Done: Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 67655 in the body.
You can then email your comments to 67655 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#67655; Package
guix-patches.
(Wed, 06 Dec 2023 08:12:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
André A. Gomes <andremegafone <at> gmail.com>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Wed, 06 Dec 2023 08:12:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Guix,
Tested the build locally by running the minibrowser and it works fine
(x86-64). Thanks.
--
André A. Gomes
"You cannot even find the ruins..."
[0001-gnu-webkitgtk-Update-to-2.42.3.patch (text/x-patch, attachment)]
Information forwarded
to
guix-patches <at> gnu.org:
bug#67655; Package
guix-patches.
(Fri, 08 Dec 2023 18:09:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 67655 <at> debbugs.gnu.org (full text, mbox):
Am Mittwoch, dem 06.12.2023 um 10:10 +0200 schrieb André A. Gomes:
> Hi Guix,
>
> Tested the build locally by running the minibrowser and it works fine
> (x86-64). Thanks.
Hi,
> - (version "2.40.5")
> + (version "2.42.3")
Unfortunately, this is a GNOME rebuild, so I'm reluctant to push this
directly to master. What's more, we can not even graft it because the
GTK4 Typelib changed. Sorry :(
Feel free to rebase this on gnome-team, however.
Cheers
Information forwarded
to
guix-patches <at> gnu.org:
bug#67655; Package
guix-patches.
(Fri, 08 Dec 2023 18:43:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 67655 <at> debbugs.gnu.org (full text, mbox):
On Fri, Dec 08, 2023 at 07:08:28PM +0100, Liliana Marie Prikler wrote:
> Unfortunately, this is a GNOME rebuild, so I'm reluctant to push this
> directly to master. What's more, we can not even graft it because the
> GTK4 Typelib changed. Sorry :(
WebKitGTK is a security-sensitive package with frequent potential for
arbitrary code execution via web content.
My advice is to push it to master ASAP. We used to be able to do that,
btw.
Information forwarded
to
guix-patches <at> gnu.org:
bug#67655; Package
guix-patches.
(Fri, 08 Dec 2023 19:57:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 67655 <at> debbugs.gnu.org (full text, mbox):
Am Freitag, dem 08.12.2023 um 13:41 -0500 schrieb Leo Famulari:
> On Fri, Dec 08, 2023 at 07:08:28PM +0100, Liliana Marie Prikler
> wrote:
> > Unfortunately, this is a GNOME rebuild, so I'm reluctant to push
> > this directly to master. What's more, we can not even graft it
> > because the GTK4 Typelib changed. Sorry :(
>
> WebKitGTK is a security-sensitive package with frequent potential for
> arbitrary code execution via web content.
And we normally have the grafting mechanism for just that. The problem
with WebkitGTK 2.42 is that paths change, so we can't graft it.
> My advice is to push it to master ASAP. We used to be able to do
> that, btw.
From the manual:
> Changes which affect more than 300 dependent packages (*note Invoking
> guix refresh::) should first be pushed to a topic branch other than
> ‘master’
The webkitgtk-* family collectively accounts for more than 600
rebuilds, three of them being webkit (i.e. you'll wait 10 hours while
your machine nearly dies grasping for more RAM). Even with a graft,
I'd first verify that it builds on CI.
Plus, I don't see how this series accounts for webkitgtk-next, i.e. the
GTK4 variant. We have that over at gnome-team already, but a
nontrivial amount of work went into getting it into a functional state.
I've cherry-picked them onto a wip-webkit branch now. Hopefully we can
merge that faster than gnome itself.
Cheers
Information forwarded
to
guix-patches <at> gnu.org:
bug#67655; Package
guix-patches.
(Tue, 12 Dec 2023 08:16:01 GMT)
Full text and
rfc822 format available.
Message #17 received at 67655 <at> debbugs.gnu.org (full text, mbox):
Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:
> The webkitgtk-* family collectively accounts for more than 600
> rebuilds, three of them being webkit (i.e. you'll wait 10 hours while
> your machine nearly dies grasping for more RAM). Even with a graft,
> I'd first verify that it builds on CI.
>
> Plus, I don't see how this series accounts for webkitgtk-next, i.e. the
> GTK4 variant. We have that over at gnome-team already, but a
> nontrivial amount of work went into getting it into a functional state.
> I've cherry-picked them onto a wip-webkit branch now. Hopefully we can
> merge that faster than gnome itself.
As Leo mentioned, WebKitGTK updates are paramount from a security point
of view. But I understand the constraints that Liliana mentions. Is
there anything I can do to help? It's hard for me to grasp the full
picture that you describe. Thanks.
--
André A. Gomes
"You cannot even find the ruins..."
Information forwarded
to
guix-patches <at> gnu.org:
bug#67655; Package
guix-patches.
(Tue, 12 Dec 2023 17:57:01 GMT)
Full text and
rfc822 format available.
Message #20 received at 67655 <at> debbugs.gnu.org (full text, mbox):
Am Dienstag, dem 12.12.2023 um 10:15 +0200 schrieb André A. Gomes:
> Liliana Marie Prikler <liliana.prikler <at> gmail.com> writes:
>
> > The webkitgtk-* family collectively accounts for more than 600
> > rebuilds, three of them being webkit (i.e. you'll wait 10 hours
> > while your machine nearly dies grasping for more RAM). Even with a
> > graft, I'd first verify that it builds on CI.
> >
> > Plus, I don't see how this series accounts for webkitgtk-next, i.e.
> > the GTK4 variant. We have that over at gnome-team already, but a
> > nontrivial amount of work went into getting it into a functional
> > state.
> > I've cherry-picked them onto a wip-webkit branch now. Hopefully we
> > can merge that faster than gnome itself.
>
> As Leo mentioned, WebKitGTK updates are paramount from a security
> point of view. But I understand the constraints that Liliana
> mentions. Is there anything I can do to help? It's hard for me to
> grasp the full picture that you describe. Thanks.
Looking at QA [1] and fixing freshly failing builds as they come along
would be a great help. Vivien mentioned in both IRC and XMPP that our
old Epiphany fails, so we gotta bump that to a newer version. I don't
see any other gnome-critical rebuilds (yet), but am staying tuned for
more to come.
Cheers
[1] https://qa.guix.gnu.org/branch/wip-webkit
Reply sent
to
Liliana Marie Prikler <liliana.prikler <at> gmail.com>:
You have taken responsibility.
(Mon, 18 Dec 2023 08:36:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
André A. Gomes <andremegafone <at> gmail.com>:
bug acknowledged by developer.
(Mon, 18 Dec 2023 08:36:01 GMT)
Full text and
rfc822 format available.
Message #25 received at 67655-done <at> debbugs.gnu.org (full text, mbox):
Am Freitag, dem 08.12.2023 um 21:00 +0100 schrieb Liliana Marie
Prikler:
> Fixes: Our Webkit is way out of date <https://bugs.gnu.org/67655>
Pushed to master. We should now all be able to enjoy new Webkit with
substitutes for gnome already built.
Cheers
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 15 Jan 2024 12:24:08 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 214 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.