Bug 239003

Summary:

www/webkit2-gtk3: Update to 2.24.3 (fixes many code execution vulnerabilities)

Product:

Ports & Packages

Reporter:

Tobias Kortkamp <tobik>

Component:

Individual Port(s)

Assignee:

Koop Mast <kwm>

Status:

Closed FIXED

Severity:

Affects Many People

CC:

gnome, kwm, ports-secteam

Priority:

Normal

Keywords:

patch, security

Version:

Latest

Flags:

kwm: maintainer-feedback+
koobs: merge-quarterly?

Hardware:

Any

OS:

Any

Bug Depends on:

Bug Blocks:

240196

Attachments:

Description	Flags
webkit2-gtk3.diff	tobik: maintainer-approval? (gnome)

Description Tobias Kortkamp freebsd_committer

2019-07-05 10:27:35 UTC

Created attachment 205528 [details]
webkit2-gtk3.diff

2.24.0 has around a dozen known arbitrary code execution (and other)
vulnerabilities:

https://webkitgtk.org/security/WSA-2019-0002.html
https://webkitgtk.org/security/WSA-2019-0003.html

We should update to 2.24.3 ASAP.

Changes:	https://webkitgtk.org/2019/04/09/webkitgtk2.24.1-released.html
Changes:	https://webkitgtk.org/2019/05/17/webkitgtk2.24.2-released.html
Changes:	https://webkitgtk.org/2019/07/02/webkitgtk2.24.3-released.html

Poudriere tested on 11.2/i386, 12.0/amd64.  Locally on 13.0/amd64.

Comment 1 commit-hook freebsd_committer

2019-07-06 06:06:37 UTC

A commit references this bug:

Author: tobik
Date: Sat Jul  6 06:05:46 UTC 2019
New revision: 505958
URL: https://svnweb.freebsd.org/changeset/ports/505958

Log:
  Document webkit2-gtk3 vulnerabilities

  PR:		239003

Changes:
  head/security/vuxml/vuln.xml

Comment 2 commit-hook freebsd_committer

2019-07-10 16:46:18 UTC

A commit references this bug:

Author: kwm
Date: Wed Jul 10 16:45:35 UTC 2019
New revision: 506359
URL: https://svnweb.freebsd.org/changeset/ports/506359

Log:
  Update webkit2-gtk3 to 2.24.3.

  PR:		239003
  Reported by:	tobik@
  MFH:		2019Q3
  Security:	3dd46e05-9fb0-11e9-bf65-00012e582166

Changes:
  head/www/webkit2-gtk3/Makefile
  head/www/webkit2-gtk3/distinfo
  head/www/webkit2-gtk3/pkg-plist

Comment 3 Koop Mast freebsd_committer

2019-07-10 16:49:30 UTC

Committed thanks.

Comment 4 commit-hook freebsd_committer

2019-08-01 08:33:07 UTC

A commit references this bug:

Author: tobik
Date: Thu Aug  1 08:32:41 UTC 2019
New revision: 507759
URL: https://svnweb.freebsd.org/changeset/ports/507759

Log:
  MFH: r506359

  Update webkit2-gtk3 to 2.24.3.

  PR:		239003
  Reported by:	tobik@
  Security:	3dd46e05-9fb0-11e9-bf65-00012e582166

  Approved by:	ports-secteam blanket (web browsers)

Changes:
_U  branches/2019Q3/
  branches/2019Q3/www/webkit2-gtk3/Makefile
  branches/2019Q3/www/webkit2-gtk3/distinfo
  branches/2019Q3/www/webkit2-gtk3/pkg-plist