FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.

» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

LinkBack Thread Tools
Old 04-12-2008, 11:55 PM
Peter Gordon
Default WebKit: Heads-up! (ABI update, rebuilds required for WebKit GTK+ clients)

Hi, all.

In order to fix a couple of security issues [1,2], I've committed a
version bump to WebKit to a recent SVN snapshot

Unfortunately, the previous qmake-based build scripts are no longer
supported for the GTK+ port (and create lots of nasty compilation errors
as noted in upstream's bugzilla [3]). To this end, I have switched the
build system for the GTK+ port to using the autotools scripts.

Unfortunately, this changes the library from libWebKitGtk.so to
libwebkit-1.0.so (and related), and puts the headers in a new
subdirectory in the include directory (since there are now headers for
WebKit itself as well as its JavaScript interpreter).

This means that rebuilds are required for anything which depends on
WebKit-gtk. Using repoquery, this list is thankfully rather short.

* midori (which I maintain and have bumped)
* kazehakase (maintained by Mamoru Tasaka; bug 442222 [4] filed)

As can be seen from the Midori update, a simple EVR bump plus rebuild is
all that should be required. There are two major changes in this:
(1) The WebKitGtk library and pkgconfig files have been renamed to
webkit-1.0 and so on. The include directory has also been renamed
(2) The webkit.h header has moved from <webkit.h> to <webkit/webkit.h>

Some simple sed invocations, if needed, should suffice to fix these two
renames for packages. The API is compatible with the previous EVR
already in Fedora.

After WebKit and Midori are built, I will email rel-eng to tag these
appropriately for f9-final once they are built through Koji.

I understand that breaking ABI this late in the release cycle is rarely
- if ever - a good idea. However, I believe this to be one of those rare
times, as vulnerable web browser code is often a critical target for
malware (and one of these is a potential entry way for arbitrary code
execution); and fixing these vulnerabilities quickly is far more
important than maintaining ABI for other packages, especially when those
other packages can be quickly and readily fixed for the update.

Alas, I had spent several nights perusing through upstream's Trac and
could not pin-point any specific commits which fixed the issues in
question (which, if backported, may have maintained ABI). Therefore I
felt it appropriate to bump the package to a newer snapshot in total.

Thanks. =)

[1] https://bugzilla.redhat.com/show_bug.cgi?id=438531
[2] https://bugzilla.redhat.com/show_bug.cgi?id=438531
[3] https://bugs.webkit.org/show_bug.cgi?id=17912
[4] https://bugzilla.redhat.com/show_bug.cgi?id=442222
Peter Gordon (codergeek42)
GnuPG Public Key ID: 0xFFC19479 / Fingerprint:
DD68 A414 56BD 6368 D957 9666 4268 CB7A FFC1 9479

fedora-devel-list mailing list

Thread Tools

All times are GMT. The time now is 10:40 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org