Hello, On Wed, 22 Mar 2023 11:57:24 +0800 不会弹吉他的KK <kai.7.k...@gmail.com> wrote:
> I am working on Yocto project. In last LTS Yocto release the version of > webkitgtk is 2.36.8. And there are more than 15 CVE issues for 2.36.8 till > now. I checked the git log and "WebKitGTK and WPE WebKit Security Advisory" > pages that I only got info that which CVE has been fixed in which version of > webkitgtk. But I can NOT get the exact info that it is fixed by which > commit(s). So if there anywhere or some web page to get the specific > fix/patch for a CVE, please? Recently advisories published by Apple include the Bugzilla issue numbers (e.g. [1]), so with some work you can find out which commits correspond to the fixes. You will not be able to see the discussions in Bugzilla because security bugs are visible by default only to members of the WebKit Security Team [2] for a number of reasons, like avoiding leaks of information that could be used to make exploits. > And the second question is webkitgtk 2.38.x backward compatible with 2.36.8? > I compare the header files between 2.36.8 and 2.38.4 that it seems no > function deleted and no interface change for existing functions, only some > functions are marked deprecated and some new functions added. Does that mean > upgrade webkitgtk from 2.36.8 to 2.38.4 will not break applications which > depend on it, please? WebKitGTK 2.38.x is backwards compatible with 2.36.x, you can safely update without needing to change applications. In general, we always keep the API and ABI backwards compatible. Note that the current stable releases (2.40.x) introduce a new API level when using GTK4, but I suppose this is not a problem because most likely you are still using GTK3. I hope this helps you with your doubts. Cheers, —Adrián --- [1] https://support.apple.com/en-us/HT213638 [2] https://webkit.org/security-team/
signature.asc
Description: PGP signature
_______________________________________________ webkit-gtk mailing list webkit-gtk@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-gtk
