+++ This bug was initially created as a clone of Bug #17662 +++ I talked about this in more detail here: https://ml.mageia.org/l/arc/dev/2016-01/msg00078.html The webkit SRPM is also affected (and by more issues since it's older). Packages that link against that need to be ported to webkit2 to fix these issues. Shotwell has already been ported and updated for Mageia 5: https://bugs.mageia.org/show_bug.cgi?id=17491 The libproxy package was recently updated in Cauldron, with a patch porting it to webkit2. This article has a hint on how some other packages possibly could be ported: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
bijiben, nemo-extensions, seed, zenity, midori, gnome-online-accounts, libpeas, libproxy, sugar-browse-activity, and yelp in Cauldron are no longer linked to webkit1. It would be nice to have those in Mageia 5. As for the rest, porting to webkit2 appears to be non-trivial.
I e-mailed Michael Catanzaro about this. He responded with some helpful information about some of the affected packages. Here is what he said: Regarding the GNOME apps: we have good progress on porting Empathy and Evolution. Hopefully those will be ready in time for GNOME 3.22. Geary is quite unlikely to ever be ported, but Pantheon Mail (Elementary's fork of Geary) is actively working on porting. You might consider replacing Geary with Pantheon Mail in Mageia. Rhythmbox is already ready with a patch that we've applied downstream in both Ubuntu and Fedora, but the package maintainer is kinda unresponsive so it hasn't gone upstream yet. You can get that patch here if you want: http://pkgs.fedoraproject.org/cgit/rpms/rhythmbox.git/tree/ I know Liferea upstream is also actively working on a WebKit2 port that's mostly complete.
Michael also pointed out that bijiben didn't actually link against webkit2 as I'd hoped. evolution-devel pulled in webkit1 and it still linked to that. He also said that the seed package can be dropped. I confirmed this. It was only used by libpeas in Mageia 5. In Cauldron, libpeas no longer uses it.
CC'ing all packagers collectively
CC: (none) => marja11, pkg-bugs
@ David Do you mind resuming what still needs to be done? (Assigning to all packagers collectively, since this is about multiple packages)
Assignee: bugsquad => pkg-bugs
We need to continue to monitor packages being ported to webkit2 (Fedora is a good place to look as they're trying to stay on top of this issue as well) and backport as many of those to Mageia 5 as we can.
Depends on: (none) => 18053
can you list the remaining affected packages ?
CC: (none) => mageia
Source RPM : banshee-2.6.2-8.mga5.src.rpm Source RPM : bijiben-3.14.2-2.mga5.src.rpm Source RPM : birdfont-2.0.2-1.mga5.src.rpm Source RPM : birdie-1.1-3.mga5.src.rpm Source RPM : cairo-dock-plugins-3.4.0-1.mga5.src.rpm Source RPM : claws-mail-3.11.1-3.1.mga5.src.rpm Source RPM : empathy-3.12.7-2.mga5.src.rpm Source RPM : evolution-3.13.90-1.1.mga5.src.rpm Source RPM : geany-plugins-1.24-4.mga5.src.rpm Source RPM : geary-0.8.1-2.mga5.src.rpm Source RPM : gimp-2.8.14-4.2.mga5.src.rpm Source RPM : gmpc-wikipedia-11.8.16-6.mga5.src.rpm Source RPM : gnome-online-accounts-3.14.3-1.mga5.src.rpm Source RPM : gnome-web-photo-0.10.6-5.mga5.src.rpm Source RPM : gnucash-2.6.5-3.mga5.src.rpm Source RPM : gtkpod-2.1.4-7.mga5.src.rpm Source RPM : gyachi-1.2.11-7.mga5.src.rpm Source RPM : libpeas-1.12.1-3.mga5.src.rpm Source RPM : libproxy-0.4.11-10.mga5.src.rpm Source RPM : liferea-1.10.11-3.1.mga5.src.rpm Source RPM : midori-0.5.9-1.mga5.src.rpm Source RPM : miro-6.0-9.mga5.src.rpm Source RPM : nemo-extensions-2.4.x-2.mga5.src.rpm Source RPM : nuvolaplayer-2.4.3-3.mga5.src.rpm Source RPM : perl-Gtk2-WebKit-0.90.0-11.mga5.src.rpm Source RPM : python-webkitgtk-1.1.8-9.mga5.src.rpm Source RPM : rhythmbox-3.1-2.mga5.src.rpm Source RPM : seed-3.8.1-5.mga5.src.rpm Source RPM : sugar-browse-activity-156-3.mga5.src.rpm Source RPM : surf-0.6-5.mga5.src.rpm Source RPM : webkit-sharp-0.3-9.mga5.src.rpm Source RPM : wxgtk-3.0.2-1.1.mga5.src.rpm Source RPM : xombrero-1.6.3-3.mga5.src.rpm Source RPM : yelp-3.14.1-3.mga5.src.rpm Source RPM : zenity-3.14.0-2.mga5.src.rpm
Hi every one Following the last article of linuxfr on Gnome, I am "fallen" on this article: https://blogs.gnome.org/mcatanzaro/2017/08/06/endgame-for-webkit-woes/ Obviously the stable version of webkitgtk is now version 2.18, version 2.4 seems to pose security problems and / or would no longer be maintained. Did I understand well ? And if so, can we expect a surge of version of webkitgtk for Gnome in mageia 6 because, if I believe the MCC, we are still in 2.4 ?
CC: (none) => p.opter
Still relevant for Mageia 6 as some package have not been ported, but if any more are we could update them. Mageia 5 is out of luck with all webkits.
Version: 5 => 6
Gnucash 3.x using gtk-3 and webkit2 was released in April 2018. I will only push it in a few weeks, as it is a big change it is better to wait some point releases.
CC: (none) => lists.jjorge
Mageia 6 is EOL.
CC: (none) => mramboResolution: (none) => OLDStatus: NEW => RESOLVED