Public bug reported: Recently, Ubuntu released a security update for Ubuntu 16.04 LTS upgrading webkit2gtk (WK2) from 2.10.9 to 2.12.5. WK2 roughly follows the GNOME release cycle and released 2.14.0 this week. Based on previous updates, we can expect a security advisory for this update to be published soon.
Therefore, I'd like to go ahead and sync webkit2gtk 2.14.0-1 from Debian to yakkety now. Because it's a security-related update where the security improvements can't be easily split out, I don't believe it needs a Feature Freeze exception. Testing I've done: - I've been running 2.13 development releases for a few weeks. - The package has built successfully on Debian on all architectures Ubuntu cares about: https://buildd.debian.org/status/package.php?p=webkit2gtk - 2.14.0 has been pushed to the GNOME3 Staging PPA for yakkety (which also includes GTK 3.22) - I built 2.14 in my yakkety PPA for all normal PPA architectures (this PPA does not use GTK 3.22 or have other odd dependency changes) https://launchpad.net/~jbicha/+archive/ubuntu/arch/+packages - I tested Tuesday's daily Ubuntu (Unity) iso with the updated WK2 packages and ensured the slideshow works fine (because 2.12.4 had a regression there, see bug 1618956 ) - There are three GNOME apps that use WK2's unstable DOM API: epiphany-browser, evolution and yelp. The unstable API is scheduled to be removed early in the 2.16 cycle so this soon won't be an issue. Without rebuilding, yakkety's epiphany, evolution and yelp work fine. I intend to package Evolution 3.22 (yakkety currently has 3.21.91) once wk2 is in yakkety. The evolution package currently has a patch to revert the switch to the 2.14 API and it would be nice to be able to drop this patch instead of having to update it again. I'd like to update Epiphany to 3.22 too. I'm hoping it can fall under the standing UIFE/FF exception granted to other browsers like Chromium and Firefox. References ========== https://tracker.debian.org/pkg/webkit2gtk https://tracker.debian.org/media/packages/w/webkit2gtk/changelog-2.14.0-1 https://webkitgtk.org/news.html https://blogs.igalia.com/carlosgc/2016/09/20/webkitgtk-2-14/ https://blogs.gnome.org/mcatanzaro/2016/09/19/epiphany-3-22-and-a -couple-new-stable-releases-too/ https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-22 http://www.ubuntu.com/usn/usn-3079-1/ ** Affects: epiphany-browser (Ubuntu) Importance: Undecided Status: New ** Affects: webkit2gtk (Ubuntu) Importance: Wishlist Status: New ** Tags: upgrade-software-version ** Also affects: epiphany-browser (Ubuntu) Importance: Undecided Status: New ** Description changed: Recently, Ubuntu released a security update for Ubuntu 16.04 LTS upgrading webkit2gtk (WK2) from 2.10.9 to 2.12.5. WK2 roughly follows the GNOME release cycle and released 2.14.0 this week. Based on previous updates, we can expect a security advisory for this update to be published soon. Therefore, I'd like to go ahead and sync webkit2gtk 2.14.0-1 from Debian to yakkety now. Because it's a security-related update where the security improvements can't be easily split out, I don't believe it needs a Feature Freeze exception. Testing I've done: - I've been running 2.13 development releases for a few weeks. - The package has built successfully on Debian on all architectures Ubuntu cares about: https://buildd.debian.org/status/package.php?p=webkit2gtk - 2.14.0 has been pushed to the GNOME3 Staging PPA for yakkety (which also includes GTK 3.22) - I built 2.14 in my yakkety PPA for all normal PPA architectures (this PPA does not use GTK 3.22 or have other odd dependency changes) https://launchpad.net/~jbicha/+archive/ubuntu/arch/+packages - I tested Tuesday's daily Ubuntu (Unity) iso with the updated WK2 packages and ensured the slideshow works fine (because 2.12.4 had a regression there, see bug 1618956 ) - There are three GNOME apps that use WK2's unstable DOM API: epiphany-browser, evolution and yelp. The unstable API is scheduled to be removed early in the 2.16 cycle so this soon won't be an issue. Without rebuilding, yakkety's epiphany, evolution and yelp work fine. I intend to package Evolution 3.22 (yakkety currently has 3.21.91) once wk2 is in yakkety. The evolution package currently has a patch to revert the switch to the 2.14 API and it would be nice to be able to drop this patch instead of having to update it again. I'd like to update Epiphany to 3.22 too. I'm hoping it can fall under the standing UIFE/FF exception granted to other browsers like Chromium and Firefox. References ========== + https://tracker.debian.org/pkg/webkit2gtk + + https://tracker.debian.org/media/packages/w/webkit2gtk/changelog-2.14.0-1 + https://webkitgtk.org/news.html https://blogs.igalia.com/carlosgc/2016/09/20/webkitgtk-2-14/ https://blogs.gnome.org/mcatanzaro/2016/09/19/epiphany-3-22-and-a -couple-new-stable-releases-too/ https://git.gnome.org/browse/epiphany/tree/NEWS?h=gnome-3-22 http://www.ubuntu.com/usn/usn-3079-1/ -- You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to epiphany-browser in Ubuntu. https://bugs.launchpad.net/bugs/1625897 Title: Update webkitgtk to 2.14.0 in yakkety To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/epiphany-browser/+bug/1625897/+subscriptions -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs