Hi, all. In order to fix a couple of security issues [1,2], I've committed a version bump to WebKit to a recent SVN snapshot Unfortunately, the previous qmake-based build scripts are no longer supported for the GTK+ port (and create lots of nasty compilation errors as noted in upstream's bugzilla [3]). To this end, I have switched the build system for the GTK+ port to using the autotools scripts. Unfortunately, this changes the library from libWebKitGtk.so to libwebkit-1.0.so (and related), and puts the headers in a new subdirectory in the include directory (since there are now headers for WebKit itself as well as its JavaScript interpreter). This means that rebuilds are required for anything which depends on WebKit-gtk. Using repoquery, this list is thankfully rather short. * midori (which I maintain and have bumped) * kazehakase (maintained by Mamoru Tasaka; bug 442222 [4] filed) As can be seen from the Midori update, a simple EVR bump plus rebuild is all that should be required. There are two major changes in this: (1) The WebKitGtk library and pkgconfig files have been renamed to webkit-1.0 and so on. The include directory has also been renamed similarly. (2) The webkit.h header has moved from <webkit.h> to <webkit/webkit.h> Some simple sed invocations, if needed, should suffice to fix these two renames for packages. The API is compatible with the previous EVR already in Fedora. After WebKit and Midori are built, I will email rel-eng to tag these appropriately for f9-final once they are built through Koji. I understand that breaking ABI this late in the release cycle is rarely - if ever - a good idea. However, I believe this to be one of those rare times, as vulnerable web browser code is often a critical target for malware (and one of these is a potential entry way for arbitrary code execution); and fixing these vulnerabilities quickly is far more important than maintaining ABI for other packages, especially when those other packages can be quickly and readily fixed for the update. Alas, I had spent several nights perusing through upstream's Trac and could not pin-point any specific commits which fixed the issues in question (which, if backported, may have maintained ABI). Therefore I felt it appropriate to bump the package to a newer snapshot in total. Thanks. =) [1] https://bugzilla.redhat.com/show_bug.cgi?id=438531 [2] https://bugzilla.redhat.com/show_bug.cgi?id=438531 [3] https://bugs.webkit.org/show_bug.cgi?id=17912 [4] https://bugzilla.redhat.com/show_bug.cgi?id=442222 -- Peter Gordon (codergeek42) GnuPG Public Key ID: 0xFFC19479 / Fingerprint: DD68 A414 56BD 6368 D957 9666 4268 CB7A FFC1 9479
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
