Package: release.debian.org Severity: normal User: release.debian....@packages.debian.org Usertags: unblock
Please unblock package wpewebkit Starting from bullseye we are providing security updates to wpewebkit, in the same way that we are already doing it for webkit2gtk. wpewebkit 2.32.3 is the most recent stable point release and contains fixes for 13 security bugs. See #991554 for more details because the list of bugs is the same one, as both wpewebkit and webkit2gtk share most of the code and the same comments apply. The only difference is that there won't be a security update for buster because wpewebkit is not covered by security support in that distribution. unblock wpewebkit/2.32.3-1
diff -Nru wpewebkit-2.32.1/debian/changelog wpewebkit-2.32.3/debian/changelog --- wpewebkit-2.32.1/debian/changelog 2021-05-08 16:53:58.000000000 +0200 +++ wpewebkit-2.32.3/debian/changelog 2021-07-25 00:45:03.000000000 +0200 @@ -1,3 +1,28 @@ +wpewebkit (2.32.3-1) unstable; urgency=high + + * New upstream release. + * The WPE WebKit security advisory WSA-2021-0004 lists the following + security fixes in the latest versions of WPE WebKit: + + CVE-2021-30666, CVE-2021-30761 (fixed in 2.26.0). + + CVE-2021-30762 (fixed in 2.28.0). + + CVE-2021-1817, CVE-2021-1820, CVE-2021-1825, CVE-2021-1826, + CVE-2021-30661 (fixed in 2.30.0). + + CVE-2021-21806 (fixed in 2.30.6). + + CVE-2021-30682 (fixed in 2.32.0). + + CVE-2021-30758 (fixed in 2.32.2). + + CVE-2021-21775, CVE-2021-21779, CVE-2021-30663, CVE-2021-30665, + CVE-2021-30689, CVE-2021-30720, CVE-2021-30734, CVE-2021-30744, + CVE-2021-30749, CVE-2021-30795, CVE-2021-30797, CVE-2021-30799 + (fixed in 2.32.3). + + -- Alberto Garcia <be...@igalia.com> Sun, 25 Jul 2021 00:45:03 +0200 + +wpewebkit (2.32.2-1) unstable; urgency=medium + + * New upstream release. + + -- Alberto Garcia <be...@igalia.com> Mon, 12 Jul 2021 22:06:41 +0200 + wpewebkit (2.32.1-1) unstable; urgency=medium * New upstream release. diff -Nru wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch --- wpewebkit-2.32.1/debian/patches/fix-ftbfs-m68k.patch 2021-05-08 16:53:58.000000000 +0200 +++ wpewebkit-2.32.3/debian/patches/fix-ftbfs-m68k.patch 2021-07-25 00:45:03.000000000 +0200 @@ -196,3 +196,19 @@ bool CSSValue::isImplicitInitialValue() const { +Index: webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp +=================================================================== +--- webkitgtk.orig/Source/WebCore/rendering/InlineFlowBox.cpp ++++ webkitgtk/Source/WebCore/rendering/InlineFlowBox.cpp +@@ -53,7 +53,11 @@ struct SameSizeAsInlineFlowBox : public + void* pointers[5]; + }; + ++#if defined(__m68k__) ++COMPILE_ASSERT(sizeof(InlineFlowBox) >= sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small); ++#else + COMPILE_ASSERT(sizeof(InlineFlowBox) == sizeof(SameSizeAsInlineFlowBox), InlineFlowBox_should_stay_small); ++#endif + + #if !ASSERT_WITH_SECURITY_IMPLICATION_DISABLED +