Upstream has issued an advisory on May 30: https://webkitgtk.org/security/WSA-2023-0004.html The issues are fixed upstream in 2.40.2: https://webkitgtk.org/2023/05/29/webkitgtk2.40.2-released.html
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 2.40.2
Hi, Version 2.40.2 is already in Cauldron. Best regards,
Version: Cauldron => 8Source RPM: webkit2-2.40.1-1.mga9.src.rpm => webkit2-2.38.6-1.mga8.src.rpmWhiteboard: MGA8TOO => (none)
The build fails because it needs unifdef, which is only in Cauldron.
I added the needed BR into Mga8 (unifdef, libwpe, wpebackend-fdo and libavif), disabled other dependencies but the build still failed on sandbox because glib2 is too old, I think: ../Source/WTF/wtf/glib/Sandbox.cpp:60:48: error: 'g_spawn_check_wait_status' was not declared in this scope; did you mean 'g_spawn_check_exit_status'?
Suggested advisory: ======================== The updated packages fix security vulnerabilities and other issues. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28204 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32373 https://webkitgtk.org/security/WSA-2023-0004.html https://webkitgtk.org/2023/05/29/webkitgtk2.40.2-released.html ======================== Updated packages in core/updates_testing: ======================== unifdef-2.12-1.mga8 lib(64)wpe1-1.14.1-1.mga8 lib(64)wpe-devel-1.14.1-1.mga8 lib(64)wpebackend-fdo1-1.14.2-1.mga8 lib(64)wpebackend-fdo-devel-1.14.2-1.mga8 avif-pixbuf-loader-0.11.1-1.mga8 lib(64)avif15-0.11.1-1.mga8 lib(64)avif-devel-0.11.1-1.mga8 libavif-tools-0.11.1-1.mga8 lib(64)javascriptcoregtk4.0_18-2.40.2-1.mga8 lib(64)javascriptcore-gir4.0-2.40.2-1.mga8 lib(64)webkit2gtk4.0_37-2.40.2-1.mga8 lib(64)webkit2gtk-gir4.0-2.40.2-1.mga8 lib(64)webkit2-devel-2.40.2-1.mga8 webkit2-2.40.2-1.mga8 webkit2-jsc-2.40.2-1.mga8 from SRPMS: unifdef-2.12-1.mga8.src.rpm libwpe-1.14.1-1.mga8.src.rpm wpebackend-fdo-1.14.2-1.mga8.src.rpm libavif-0.11.1-1.mga8.src.rpm webkit2-2.40.2-1.mga8.src.rpm
Status: NEW => ASSIGNEDStatus comment: Fixed upstream in 2.40.2 => (none)CC: (none) => nicolas.salgueroAssignee: nicolas.salguero => qa-bugs
On Foolishness, my Dell Inspiron 5100, P4, Radeon RV200 graphics, 32-bit Xfce. No installation issues. Because this update included packages that had previously been exclusive to Mageia 9, I had hopes that it would clear up Bug 30332. But alas, it is not to be. This update has actually caused MCC to go back to the behavior that the blank window pane is completely unresponsive. Zenity and Atril both work normally. Since this update is not supposed to address the issue of Bug 30332, and everything else seems to be OK, I would say it should not be held back because of that issue.
CC: (none) => andrewsfarm
HP Pavilion 15, mga8-64 Plasma system. No installation issues. Tried MCC, zenity, Atril, five-or-more, and four-in-a-row, all without issues.
Same hardware as comment 6, but with the kernel updated to 5.15.116-1. No issues noted. Giving this an OK, and validating. Not giving it a 32-bit OK because of comment 5, but not holding it back, either. Advisory in comment 4
CC: (none) => sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0197.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED