This type of update is perhaps best suited for an lts mixin branch in meta-lts-mixins, even if mickledore isn't LTS.
Alex On Tue, 18 Jul 2023 at 16:37, Steve Sakoman <st...@sakoman.com> wrote: > > On Mon, Jul 17, 2023 at 1:20 PM Randy MacLeod > <randy.macl...@windriver.com> wrote: > > > > On 2023-07-17 12:09, Steve Sakoman via lists.openembedded.org wrote: > > > > On Sun, Jul 16, 2023 at 3:34 PM Kai <kai.k...@windriver.com> wrote: > > > > On 7/14/23 15:15, Kai Kang wrote: > > > > From: Kai Kang <kai.k...@windriver.com> > > > > Hi, > > > > I've discussed with webkitgtk maintainers about api compatable issues on > > > > https://lists.webkit.org/pipermail/webkit-gtk/2023-March/003887.html > > > > WebKitGTK 2.38.x is backwards compatible with 2.36.x, you can safely update > > > > without needing to change applications. In general, we always keep the API > > and > > ABI backwards compatible. > > > > Note that the current stable releases (2.40.x) introduce a new API level > > when using GTK4, but I suppose this is not a problem because most likely you > > are still using GTK3 > > > > > > I suggest we apply the update in mickledore too which solves lots of > > CVEs. > > > > Hi Steve, > > > > I have no idea why the cover-letter is not in the same thread with the > > patch. > > > > So according to the reply from webkitgtk maintainer, would you like to > > re-consider > > to cherry-pick the commit to mickledore, please? > > > > Sorry, still not possible, this is a major release bump that adds > > features and APIs. Please see: > > > > https://wpewebkit.org/release/wpewebkit-2.40.0.html > > > > We do need to be careful but upstream is saying that: > > > > "WebKitGTK 2.40.x is backwards-compatible as well and that will remain > > true indefinitely, > > as long as you continue to build the same API version [2]. " > > > > I'd like a simple way to measure if that's true but I'm not sure one exists. > > > > Kai, > > > > Have you looked at the source diff to understand how upstream is able to > > introduce > > a new API yet enable building the old one? > > > > > > Kai, Steve, > > > > Should we investigate using the flags suggested: > > "is still possible to build the old 1.0 API using -USE_SOUP2=ON, or the > > 1.1 API using -DENABLE_WPE_1_1_API=ON. " > > -- https://wpewebkit.org/release/wpewebkit-2.40.0.html > > I'm wrangling patches for the three stable branches with releases > every 1-2 weeks, so I really don't have the cycles to investigate > this. > > > or do we really have to backport patches to 2.38.x ? > > A version bump of this type (with the addition of features and APIs) > is outside the scope of allowed updates for stable branches. As such, > it would require TSC approval. > > So the two options are to either backport CVE fixes or take the issue > to the TSC. > > Steve > > > Alexander Kanavin (1): > > webkitgtk: update 2.38.5 -> 2.40.2 > > > > meta/recipes-gnome/epiphany/epiphany_43.1.bb | 3 ++ > > ...tCore-CMakeLists.txt-ensure-reproduc.patch | 28 +++++++++++++ > > ...44e17d258106617b0e6d783d073b188a2548.patch | 42 ++++++++++++------- > > ...290ab4ab35258a6da9b13795c9b0f7894bf4.patch | 41 ++++++++++++++++++ > > ...bb461f040b90453bc4e100dcf967243ecd98.patch | 30 ------------- > > ...ebkitgtk_2.38.5.bb => webkitgtk_2.40.2.bb} | 15 +++++-- > > 6 files changed, 111 insertions(+), 48 deletions(-) > > create mode 100644 > > meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch > > create mode 100644 > > meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch > > delete mode 100644 > > meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch > > rename meta/recipes-sato/webkit/{webkitgtk_2.38.5.bb => > > webkitgtk_2.40.2.bb} (90%) > > > > > > > > > > -- > > Kai Kang > > Wind River Linux > > > > > > > > > > > > -- > > # Randy MacLeod > > # Wind River Linux > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184551): https://lists.openembedded.org/g/openembedded-core/message/184551 Mute This Topic: https://lists.openembedded.org/mt/100136728/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-