Bug#888802: stretch-pu: package webkit2gtk/2.18.6-1~deb9u1

[Adam D. Barratt]

Control: tags -1 + pending

On Mon, 2018-02-26 at 19:34 +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2018-01-29 at 21:24 -0500, Jeremy Bicha wrote:
> > The latest major release webkit2gtk 2.18 was released in September.
> > I
> > am unaware of any remaining regressions in the new series. There
> > was
> > one Ubuntu-specific package that needed to be updated for 2.18. See
> > https://launchpad.net/bugs/1712047 for more details.
> > 
> > Generally, all the major distros have updated to 2.18 and there has
> > been plenty of time for regressions to be noticed.
> 
> [...]
> > It's not really useful to provide a detailed diff or log for the
> > upstream changes. For instance, Ubuntu's diff for the the 2.16.6 to
> > 2.18.0 upgrade is 10 MB.
> 
> [...]
> > I am proposing a straight backport from Buster to Stretch. I am
> > attaching a diff of the debian/ directory.
> 
> That's still quite a lot of changes. :-(
> 
> I guess we'll see what the binary diffs end up looking like. Please
> go
> ahead.
> 

Flagged for acceptance.

Regards,

Adam

Bug#888802: stretch-pu: package webkit2gtk/2.18.6-1~deb9u1

[Adam D. Barratt]

Control: tags -1 + confirmed

On Mon, 2018-01-29 at 21:24 -0500, Jeremy Bicha wrote:
> The latest major release webkit2gtk 2.18 was released in September. I
> am unaware of any remaining regressions in the new series. There was
> one Ubuntu-specific package that needed to be updated for 2.18. See
> https://launchpad.net/bugs/1712047 for more details.
> 
> Generally, all the major distros have updated to 2.18 and there has
> been plenty of time for regressions to be noticed.
[...]
> It's not really useful to provide a detailed diff or log for the
> upstream changes. For instance, Ubuntu's diff for the the 2.16.6 to
> 2.18.0 upgrade is 10 MB.
[...]
> I am proposing a straight backport from Buster to Stretch. I am
> attaching a diff of the debian/ directory.

That's still quite a lot of changes. :-(

I guess we'll see what the binary diffs end up looking like. Please go
ahead.

Regards,

Adam

Bug#888802: stretch-pu: package webkit2gtk/2.18.6-1~deb9u1

[Jeremy Bicha]

Package: release.debian.org
X-Debbugs-Cc:webkit2...@packages.debian.org
User: release.debian@packages.debian.org
Usertags: pu
Tags: stretch
Severity: normal

Background
-
New minor releases of webkit2gtk are made approximately monthly to fix
high-impact bugs and security vulnerabilities. New major releases are
made every six months (next one is mid-March). Similar to Firefox
and Chromium, it's not really feasible to separate the security fixes
from other changes. Basically, only one major release series is
supported at a time (sometimes, there will be a final security fix for
the old series shortly after the first release of the new series, but
that's it.)

For Debian 9, webkit2gtk is still excluded from normal security
support and therefore the Debian Security Team is unwilling to accept
webkit2gtk updates via stretch-security to avoid confusing our users.

The latest major release webkit2gtk 2.18 was released in September. I
am unaware of any remaining regressions in the new series. There was
one Ubuntu-specific package that needed to be updated for 2.18. See
https://launchpad.net/bugs/1712047 for more details.

Generally, all the major distros have updated to 2.18 and there has
been plenty of time for regressions to be noticed.

News

https://webkitgtk.org/2017/09/11/webkitgtk2.18.0-released.html
https://webkitgtk.org/2017/10/18/webkitgtk2.18.1-released.html
https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html
https://webkitgtk.org/2017/11/10/webkitgtk2.18.3-released.html
https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html
https://webkitgtk.org/2018/01/10/webkitgtk2.18.5-released.html
https://webkitgtk.org/2018/01/24/webkitgtk2.18.6-released.html

Security Trackers
--
This update will fix all current stretch vulnerabilities listed at
https://security-tracker.debian.org/tracker/source-package/webkit2gtk

https://webkitgtk.org/security/WSA-2017-0008.html
https://webkitgtk.org/security/WSA-2017-0009.html
https://webkitgtk.org/security/WSA-2017-0010.html
https://webkitgtk.org/security/WSA-2018-0001.html
https://webkitgtk.org/security/WSA-2018-0002.html

https://usn.ubuntu.com/usn/usn-3460-1/
https://usn.ubuntu.com/usn/usn-3481-1/
https://usn.ubuntu.com/usn/usn-3514-1/
https://usn.ubuntu.com/usn/usn-3530-1/

Detailed Commit Log and Diff
--
It's not really useful to provide a detailed diff or log for the
upstream changes. For instance, Ubuntu's diff for the the 2.16.6 to
2.18.0 upgrade is 10 MB.

https://launchpad.net/ubuntu/+source/webkit2gtk/2.18.0-0ubuntu0.16.04.2

debdiff gave me a 71MB file.

Builds

webkit2gtk 2.18.6 is available in Debian unstable, testing and
stretch-backports. It has built successfully on all release
architectures. (mips64el is still building on stretch-backports)

Proposed Stretch Update

I am proposing a straight backport from Buster to Stretch. I am
attaching a diff of the debian/ directory.


Thanks,
Jeremy Bicha


webkit2gtk_2.18.6-1~deb9u1.debdiff
Description: Binary data