On Mon, Jul 17, 2023 at 1:20 PM Randy MacLeod
<[email protected]> wrote:
>
> On 2023-07-17 12:09, Steve Sakoman via lists.openembedded.org wrote:
>
> On Sun, Jul 16, 2023 at 3:34 PM Kai <[email protected]> wrote:
>
> On 7/14/23 15:15, Kai Kang wrote:
>
> From: Kai Kang <[email protected]>
>
> Hi,
>
> I've discussed with webkitgtk maintainers about api compatable issues on
>
> https://lists.webkit.org/pipermail/webkit-gtk/2023-March/003887.html
>
> WebKitGTK 2.38.x is backwards compatible with 2.36.x, you can safely update
>
> without needing to change applications. In general, we always keep the API and
> ABI backwards compatible.
>
> Note that the current stable releases (2.40.x) introduce a new API level
> when using GTK4, but I suppose this is not a problem because most likely you
> are still using GTK3
>
>
> I suggest we apply the update in mickledore too which solves lots of
> CVEs.
>
> Hi Steve,
>
> I have no idea why the cover-letter is not in the same thread with the
> patch.
>
> So according to the reply from webkitgtk maintainer, would you like to
> re-consider
> to cherry-pick the commit to mickledore, please?
>
> Sorry, still not possible, this is a major release bump that adds
> features and APIs. Please see:
>
> https://wpewebkit.org/release/wpewebkit-2.40.0.html
>
> We do need to be careful but upstream is saying that:
>
> "WebKitGTK 2.40.x is backwards-compatible as well and that will remain true
> indefinitely,
> as long as you continue to build the same API version [2]. "
>
> I'd like a simple way to measure if that's true but I'm not sure one exists.
>
> Kai,
>
> Have you looked at the source diff to understand how upstream is able to
> introduce
> a new API yet enable building the old one?
>
>
> Kai, Steve,
>
> Should we investigate using the flags suggested:
> "is still possible to build the old 1.0 API using -USE_SOUP2=ON, or the
> 1.1 API using -DENABLE_WPE_1_1_API=ON. "
> -- https://wpewebkit.org/release/wpewebkit-2.40.0.html
I'm wrangling patches for the three stable branches with releases
every 1-2 weeks, so I really don't have the cycles to investigate
this.
> or do we really have to backport patches to 2.38.x ?
A version bump of this type (with the addition of features and APIs)
is outside the scope of allowed updates for stable branches. As such,
it would require TSC approval.
So the two options are to either backport CVE fixes or take the issue
to the TSC.
Steve
> Alexander Kanavin (1):
> webkitgtk: update 2.38.5 -> 2.40.2
>
> meta/recipes-gnome/epiphany/epiphany_43.1.bb | 3 ++
> ...tCore-CMakeLists.txt-ensure-reproduc.patch | 28 +++++++++++++
> ...44e17d258106617b0e6d783d073b188a2548.patch | 42 ++++++++++++-------
> ...290ab4ab35258a6da9b13795c9b0f7894bf4.patch | 41 ++++++++++++++++++
> ...bb461f040b90453bc4e100dcf967243ecd98.patch | 30 -------------
> ...ebkitgtk_2.38.5.bb => webkitgtk_2.40.2.bb} | 15 +++++--
> 6 files changed, 111 insertions(+), 48 deletions(-)
> create mode 100644
> meta/recipes-sato/webkit/webkitgtk/0001-Source-JavaScriptCore-CMakeLists.txt-ensure-reproduc.patch
> create mode 100644
> meta/recipes-sato/webkit/webkitgtk/4977290ab4ab35258a6da9b13795c9b0f7894bf4.patch
> delete mode 100644
> meta/recipes-sato/webkit/webkitgtk/d318bb461f040b90453bc4e100dcf967243ecd98.patch
> rename meta/recipes-sato/webkit/{webkitgtk_2.38.5.bb =>
> webkitgtk_2.40.2.bb} (90%)
>
>
>
>
> --
> Kai Kang
> Wind River Linux
>
>
>
>
>
> --
> # Randy MacLeod
> # Wind River Linux
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#184532):
https://lists.openembedded.org/g/openembedded-core/message/184532
Mute This Topic: https://lists.openembedded.org/mt/100136728/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
