Hello community, here is the log from the commit of package webkit2gtk3 for openSUSE:Factory checked in at 2018-06-13 15:14:24 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/webkit2gtk3 (Old) and /work/SRC/openSUSE:Factory/.webkit2gtk3.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "webkit2gtk3" Wed Jun 13 15:14:24 2018 rev:59 rq:616150 version:2.20.3 Changes: -------- --- /work/SRC/openSUSE:Factory/webkit2gtk3/webkit2gtk3.changes 2018-05-22 17:00:20.183775007 +0200 +++ /work/SRC/openSUSE:Factory/.webkit2gtk3.new/webkit2gtk3.changes 2018-06-13 15:14:37.831100293 +0200 @@ -1,0 +2,24 @@ +Mon Jun 11 13:22:44 UTC 2018 - [email protected] + +- Update to version 2.20.3: + + Fix installation directory of API documentation. + + Disable Gigacage if mmap fails to allocate in Linux. + + Add user agent quirk for paypal website. + + Properly detect compiler flags, needed libs, and fallbacks for + usage of 64-bit atomic operations. + + Fix a network process crash when trying to get cookies of + about:blank page. + + Fix UI process crash when closing the window under Wayland. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, + CVE-2018-4222, CVE-2018-4232, CVE-2018-4233, CVE-2018-4246, + CVE-2018-11646. +- Drop webkit2gtk3-boo1095611-null-page-url.patch: Fixed upstream. + +------------------------------------------------------------------- +Fri Jun 8 20:49:13 UTC 2018 - [email protected] + +- Add webkit2gtk3-boo1095611-null-page-url.patch: don't crash if + the page URL is null (CVE-2018-11646). + +------------------------------------------------------------------- @@ -21 +45,2 @@ - + Security fixes: CVE-2018-4200 (boo#1092280). + + Security fixes: CVE-2018-4200 (boo#1092280), CVE-2018-11712 + (boo#1096061). @@ -54,0 +80 @@ + + Security fixes: CVE-2018-4204. @@ -75 +101 @@ - CVE-2018-4162, CVE-2018-4163, CVE-2018-4165. + CVE-2018-4162, CVE-2018-4163, CVE-2018-4165, CVE-2018-11713. @@ -542 +568,2 @@ - CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059. + CVE-2017-2510, CVE-2017-7011, CVE-2017-7040, CVE-2017-7059, + CVE-2017-1000121, CVE-2017-1000122. Old: ---- webkitgtk-2.20.2.tar.xz webkitgtk-2.20.2.tar.xz.asc New: ---- webkitgtk-2.20.3.tar.xz webkitgtk-2.20.3.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ webkit2gtk3.spec ++++++ --- /var/tmp/diff_new_pack.5aKxm3/_old 2018-06-13 15:14:40.766993178 +0200 +++ /var/tmp/diff_new_pack.5aKxm3/_new 2018-06-13 15:14:40.770993032 +0200 @@ -38,7 +38,7 @@ %endif %bcond_without python3 Name: webkit2gtk3 -Version: 2.20.2 +Version: 2.20.3 Release: 0 Summary: Library for rendering web content, GTK+ Port License: LGPL-2.0-or-later AND BSD-3-Clause @@ -54,6 +54,7 @@ Patch1: webkit2gtk3-python3.patch # PATCh-FIX-UPSTREAM webkit2gtk3-boo1088932-a11y-state-set.patch boo#1088932 webkit#184366 [email protected] -- fix crash when atk_object_ref_state_set is called on an AtkObject that's being destroyed. Patch2: webkit2gtk3-boo1088932-a11y-state-set.patch + BuildRequires: Mesa-libEGL-devel BuildRequires: Mesa-libGL-devel BuildRequires: Mesa-libGLESv1_CM-devel ++++++ webkitgtk-2.20.2.tar.xz -> webkitgtk-2.20.3.tar.xz ++++++ /work/SRC/openSUSE:Factory/webkit2gtk3/webkitgtk-2.20.2.tar.xz /work/SRC/openSUSE:Factory/.webkit2gtk3.new/webkitgtk-2.20.3.tar.xz differ: char 26, line 1
