Hi,
I propose we retire the webkitgtk and webkitgtk3 packages when branching rawhide for F26 (expected to occur roughly February 2017), and forbid unretiring them. All their dependencies would then be removed from from Fedora according to the normal process shortly before the release of F27 (excepted to occur May 2017). If nobody objects, we'll carry out this plan shortly after the F26 branch point.
Question: Why retire these packages? Answer: Affected applications that process untrusted input are vulnerable to roughly 150 unfixed security vulnerabilities, the overwhelming majority of which are remote code execution vulnerabilities. The severity of this situation arguably outweighs the benefit of keeping affected applications around.
Question: This sounds horrible, we should act soon. Why wait until F26?
Answer: Porting to the new WebKitGTK+ API is easy for many applications, but for applications that use the DOM API it can be expected to take some time, as this API has moved to the web process and accessing it requires writing a web process extension. If we were to use F25 as the deadline, there would not be sufficient time for applications to be ported. Porting efforts should begin as soon as possible.
Question: What if my application doesn't process untrusted input?
Answer: If you're sure your application never processes untrusted input, it is a special flower. You should request a bundling exception from FESCo if you do not intend to upgrade.
Question: You're horrible for proposing to remove my packages.
Answer: WebKit1 was deprecated in March 2013. Packages have had three years to upgrade. It's clear at this point that this problem won't ever be fixed without a hard deadline that is enforced. But this is a fair point; it sucks a lot that compatibility is not offered here. Such is the cost of free software....
Question: We usually allow compatibility libraries to exist indefinitely. Why so strict with WebKit?
Answer: Our compatibility libraries do not usually have upwards of 150 unfixed remote code execution vulnerabilities. Backporting fixes is not practical in this situation.
Question: But these packages are still included in RHEL. Isn't Red Hat providing security updates?
Answer: No.
Question: Will you help port my packages to newer WebKit?
Answer: We'll answer questions, but unfortunately we can only provide serious assistance to priority GNOME packages. evolution-data-server threatens to take out gnome-shell if removed, for instance, which is why we waited until the Evolution port is nearing completion to propose this.
Question: What if my application depends on GTK+ 2?
Answer: You must first port to GTK+ 3, then port to WebKit2. You may find it more practical to stop using WebKitGTK+.
Question: What if my application needs to work on Windows?
Answer: WebKit2 is not supported on Windows. You will need to either commit to developing Windows support, or stop using WebKitGTK+.
Question: I hear QtWebKit is insecure too, why punish only GTK+ apps?
Answer: QtWebKit has not had security updates since ~2012 and so has even more unfixed vulnerabilities. However, an unofficial effort is underway to rebase QtWebKit on the upstream WebKit project. The plan is to make regular QtWebKit releases based on the latest WebKitGTK+ stable branch, meaning there should be regular security updates. This is still a work in progress, but once completed, Fedora will be able to switch upstreams and solve this issue without the need to port applications to QtWebEngine. No such compatibility effort is planned for WebKitGTK+.
Question: Where can I view WebKitGTK+ security advisories?
Answer: http://webkitgtk.org/security.html
Question: Where can I learn more?
Answer: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
Question: What would be removed if this were to occur today?
Answer: If you read this far, please seriously look over these lists. Some big name applications are included.
$ repoquery --whatrequires --recursive webkitgtk
Yum-utils package has been deprecated, use dnf instead. See 'man yum2dnf' for more information.
GREYCstoration-gimp-0:2.8-22.fc24.x86_64 atril-0:1.14.1-1.fc24.x86_64 atril-caja-0:1.14.1-1.fc24.x86_64 atril-devel-0:1.14.1-1.fc24.i686 atril-devel-0:1.14.1-1.fc24.x86_64 atril-libs-0:1.14.1-1.fc24.i686 atril-libs-0:1.14.1-1.fc24.x86_64 atril-thumbnailer-0:1.14.1-1.fc24.x86_64 banshee-0:2.6.2-15.fc24.x86_64 banshee-community-extensions-0:2.4.0-14.fc24.x86_64 banshee-devel-0:2.6.2-15.fc24.i686 banshee-devel-0:2.6.2-15.fc24.x86_64 billiards-0:0.4.1-10.fc24.x86_64 claws-mail-plugins-0:3.13.2-2.fc24.x86_64 claws-mail-plugins-fancy-0:3.13.2-2.fc24.x86_64 compat-wxGTK3-gtk2-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-0:3.0.2-7.fc24.x86_64 compat-wxGTK3-gtk2-devel-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-devel-0:3.0.2-7.fc24.x86_64 compat-wxGTK3-gtk2-docs-0:3.0.2-7.fc24.noarch compat-wxGTK3-gtk2-gl-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-gl-0:3.0.2-7.fc24.x86_64 compat-wxGTK3-gtk2-media-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-media-0:3.0.2-7.fc24.x86_64 conduit-0:0.3.17-12.fc24.noarch dissy-0:10-5.fc24.noarch fityk-0:1.3.0-8.fc24.i686 fityk-0:1.3.0-8.fc24.x86_64 fityk-devel-0:1.3.0-8.fc24.i686 fityk-devel-0:1.3.0-8.fc24.x86_64 gap-pkg-alnuth-0:3.0.0-6.fc24.noarch gap-pkg-cryst-0:4.1.12-4.fc24.noarch gap-pkg-crystcat-0:1.1.6-4.fc24.noarch gap-pkg-nq-0:2.5.3-1.fc24.x86_64 gap-pkg-polenta-0:1.3.6-1.fc24.noarch gap-pkg-polycyclic-0:2.11-6.fc24.noarch gap-pkg-radiroot-0:2.7-5.fc24.noarch geany-plugins-devhelp-0:1.27-1.fc24.x86_64 geany-plugins-geanypy-0:1.27-1.fc24.x86_64 geany-plugins-markdown-0:1.27-1.fc24.x86_64 geany-plugins-webhelper-0:1.27-1.fc24.x86_64 ghc-webkit-0:0.14.1.1-1.fc24.x86_64 ghc-webkit-devel-0:0.14.1.1-1.fc24.x86_64 gimp-2:2.8.16-1.fc24.1.x86_64 gimp-data-extras-0:2.0.2-13.fc24.noarch gimp-dbp-0:1.1.9-9.fc24.x86_64 gimp-dds-plugin-0:3.0.1-5.fc24.x86_64 gimp-elsamuko-0:26-2.fc24.noarch gimp-fourier-plugin-0:0.4.1-12.fc24.x86_64 gimp-gap-0:2.7.0-14.GITe75bd46.fc24.x86_64 gimp-help-0:2.8.2-5.fc24.noarch gimp-help-browser-2:2.8.16-1.fc24.1.x86_64 gimp-help-ca-0:2.8.2-5.fc24.noarch gimp-help-da-0:2.8.2-5.fc24.noarch gimp-help-de-0:2.8.2-5.fc24.noarch gimp-help-el-0:2.8.2-5.fc24.noarch gimp-help-en_GB-0:2.8.2-5.fc24.noarch gimp-help-es-0:2.8.2-5.fc24.noarch gimp-help-fr-0:2.8.2-5.fc24.noarch gimp-help-it-0:2.8.2-5.fc24.noarch gimp-help-ja-0:2.8.2-5.fc24.noarch gimp-help-ko-0:2.8.2-5.fc24.noarch gimp-help-nl-0:2.8.2-5.fc24.noarch gimp-help-nn-0:2.8.2-5.fc24.noarch gimp-help-pt_BR-0:2.8.2-5.fc24.noarch gimp-help-ru-0:2.8.2-5.fc24.noarch gimp-help-sl-0:2.8.2-5.fc24.noarch gimp-help-sv-0:2.8.2-5.fc24.noarch gimp-help-zh_CN-0:2.8.2-5.fc24.noarch gimp-high-pass-filter-0:1.2-6.fc24.noarch gimp-lqr-plugin-0:0.7.2-4.fc24.x86_64 gimp-normalmap-0:1.2.3-12.fc24.x86_64 gimp-paint-studio-0:2.0-11.fc24.noarch gimp-resynthesizer-0:0.16-14.fc24.x86_64 gimp-save-for-web-0:0.29.3-1.fc24.x86_64 gimp-separate+-0:0.5.8-16.fc24.x86_64 gimp-wavelet-denoise-plugin-0:0.3.1-9.fc24.x86_64 gimpfx-foundry-0:2.6.1-5.fc24.noarch gmpc-0:11.8.16-11.fc24.x86_64 gmpc-devel-0:11.8.16-11.fc24.i686 gmpc-devel-0:11.8.16-11.fc24.x86_64 gmusicbrowser-0:1.1.15-2.fc24.noarch gnucash-0:2.6.12-1.fc24.i686 gnucash-0:2.6.12-1.fc24.x86_64 gphpedit-0:0.9.98-0.11.RC1.fc24.x86_64 gpodder-0:3.9.0-1.fc24.noarch gscribble-0:0.1.2-10.fc24.noarch gtk-sharp-beans-0:2.14.0-17.fc24.x86_64 gtk-sharp-beans-devel-0:2.14.0-17.fc24.i686 gtk-sharp-beans-devel-0:2.14.0-17.fc24.x86_64 guitarix-0:0.35.0-2.fc24.x86_64 gutenprint-plugin-0:5.2.11-2.fc24.x86_64 gyachi-0:1.2.11-14.fc24.x86_64 gyachi-YMlike-theme-0:1.2.11-14.fc24.x86_64 gyachi-pidgy-theme-0:1.2.11-14.fc24.x86_64 gyachi-plugin-alsa-0:1.2.11-14.fc24.x86_64 gyachi-plugin-blowfish-0:1.2.11-14.fc24.x86_64 gyachi-plugin-gtkspell-0:1.2.11-14.fc24.x86_64 gyachi-plugin-libnotify-0:1.2.11-14.fc24.x86_64 gyachi-plugin-mcrypt-0:1.2.11-14.fc24.x86_64 gyachi-plugin-pulseaudio-0:1.2.11-14.fc24.x86_64 gyachi-recre8-theme-0:1.2.11-14.fc24.x86_64 icaro-0:1.0.4-3.fc24.noarch kazehakase-0:0.5.8-20.svn3873_trunk.fc24.1.x86_64 kazehakase-webkit-0:0.5.8-20.svn3873_trunk.fc24.1.x86_64 kicad-1:4.0.2-2.fc24.x86_64 lekhonee-gnome-0:0.12-9.fc24.x86_64 lv2-guitarix-plugins-0:0.35.0-2.fc24.x86_64 midori-0:0.5.11-2.fc24.i686 midori-0:0.5.11-2.fc24.x86_64 mono-tools-0:4.2-2.fc24.x86_64 mono-tools-devel-0:4.2-2.fc24.i686 mono-tools-devel-0:4.2-2.fc24.x86_64 mono-tools-gendarme-0:4.2-2.fc24.x86_64 mono-tools-ilcontrast-0:4.2-2.fc24.x86_64 mono-tools-monodoc-0:4.2-2.fc24.x86_64 nested-0:1.2.2-17.fc24.noarch osmo-0:0.2.12-0.8.svn924.fc24.3.x86_64 pari-gp-0:2.7.5-2.fc24.x86_64 perl-Gtk2-WebKit-0:0.09-14.fc24.x86_64 pywebkitgtk-0:1.1.8-11.fc24.x86_64 rednotebook-0:1.12-1.fc24.noarch sagemath-0:6.8-10.fc24.i686 sagemath-0:6.8-10.fc24.x86_64 sagemath-core-0:6.8-10.fc24.x86_64 sagemath-data-0:6.8-10.fc24.noarch sagemath-data-conway_polynomials-0:6.8-10.fc24.noarch sagemath-data-elliptic_curves-0:6.8-10.fc24.noarch sagemath-data-etc-0:6.8-10.fc24.noarch sagemath-data-graphs-0:6.8-10.fc24.noarch sagemath-data-polytopes_db-0:6.8-10.fc24.noarch sagemath-notebook-0:6.8-10.fc24.x86_64 sagemath-rubiks-0:6.8-10.fc24.x86_64 sagemath-sagetex-0:6.8-10.fc24.x86_64 sparkleshare-0:1.2.0-4.fc23.x86_64 techne-0:0.2.3-18.fc24.x86_64 techtalk-pse-0:1.1.0-10.fc24.noarch turpial-0:3.0-7.fc24.noarch ufraw-gimp-0:0.22-1.fc24.x86_64 webkit-sharp-0:0.3-17.fc24.x86_64 webkit-sharp-devel-0:0.3-17.fc24.i686 webkit-sharp-devel-0:0.3-17.fc24.x86_64 webkitgtk-devel-0:2.4.11-1.fc24.i686 webkitgtk-devel-0:2.4.11-1.fc24.x86_64 webkitgtk-doc-0:2.4.11-1.fc24.noarch wordgroupz-0:0.3.1-11.fc24.noarch xiphos-gtk2-0:4.0.4-3.fc24.x86_64 xsane-gimp-0:0.999-20.fc24.x86_64
$ repoquery --whatrequires --recursive webkitgtk3
Yum-utils package has been deprecated, use dnf instead. See 'man yum2dnf' for more information.
3Depict-0:0.0.18-6.fc24.x86_64 4Pane-0:4.0-1.fc24.x86_64 Mayavi-0:4.4.3-4.fc24.x86_64 PyPE-0:2.9.4-5.fc24.noarch PythonCard-0:0.8.2-16.fc24.noarch RunSnakeRun-0:2.0.4-4.fc24.noarch ailurus-0:10.10.3-9.fc24.noarch almanah-0:0.11.1-8.fc24.x86_64 audacity-0:2.1.2-4.fc24.x86_64 audacity-manual-0:2.1.2-4.fc24.noarch audio-convert-mod-0:3.46.0b-10.fc24.noarch autokey-gtk-0:0.90.4-8.fc24.noarch autokey-qt-0:0.90.4-8.fc24.noarch balsa-0:2.5.2-3.fc24.x86_64 batti-0:0.3.8-9.fc24.noarch bibus-0:1.5.1-15.fc24.x86_64 bijiben-0:3.20.2-1.fc24.x86_64 bitlyclip-0:0.2.2-7.fc24.noarch boinc-manager-0:7.6.22-4.fc24.x86_64 cairo-dock-plug-ins-webkit-0:3.4.1-7.fc24.x86_64 california-0:0.4.0-7.fc24.x86_64 congruity-0:18-10.fc24.noarch coq-emacs-0:8.5pl1-1.fc24.noarch couchdb-0:1.6.1-14.fc24.x86_64 cura-0:15.04.4-3.fc24.noarch cura-lulzbot-0:19.12-1.fc24.noarch cycle-0:0.3.1-21.fc24.noarch decibel-audio-player-0:1.08-12.fc24.noarch deluge-0:1.3.12-3.fc24.noarch deluge-gtk-0:1.3.12-3.fc24.noarch deluge-web-0:1.3.12-3.fc24.noarch dwb-0:2015.10.09-2.20151009git.fc24.x86_64 earcandy-0:0.9-4.fc24.noarch ejabberd-0:16.01-5.fc24.x86_64 ekiga-0:4.0.1-29.fc24.x86_64 emacs-1:25.0.94-1.fc24.x86_64 emacs-apel-0:10.8-10.fc24.noarch emacs-auctex-0:11.89-3.fc24.noarch emacs-auto-complete-0:1.3.1-9.fc24.noarch emacs-auto-complete-el-0:1.3.1-9.fc24.noarch emacs-bbdb-1:3.1.2-5.fc24.noarch emacs-color-theme-0:6.6.0-11.fc24.noarch emacs-color-theme-el-0:6.6.0-11.fc24.noarch emacs-common-tuareg-0:2.0.10-0.2.1c837e26.fc24.noarch emacs-ddskk-0:15.2-4.fc24.noarch emacs-ebib-0:1.8.0-9.fc24.noarch emacs-ebib-el-0:1.8.0-9.fc24.noarch emacs-epix-0:1.2.16-1.fc24.noarch emacs-erlang-0:18.3.3-1.fc24.noarch emacs-erlang-el-0:18.3.3-1.fc24.noarch emacs-erlang-lfe-0:1.0.2-1.fc24.noarch emacs-erlang-lfe-el-0:1.0.2-1.fc24.noarch emacs-ess-0:16.04-1.fc24.noarch emacs-evil-0:1.2.9-1.fc24.noarch emacs-gettext-0:0.19.7-4.fc24.noarch emacs-gnu-smalltalk-0:3.2.5-10.fc24.noarch emacs-gnu-smalltalk-el-0:3.2.5-10.fc24.noarch emacs-goodies-0:35.8-5.fc24.noarch emacs-goodies-el-0:35.8-5.fc24.noarch emacs-goto-chg-0:1.6-2.fc24.noarch emacs-gtypist-0:2.9.4-5.fc24.x86_64 emacs-haskell-mode-0:13.18-1.fc24.noarch emacs-htmlize-0:1.34-12.fc24.noarch emacs-htmlize-el-0:1.34-12.fc24.noarch emacs-irsim-mode-0:0.1-14.fc24.noarch emacs-irsim-mode-el-0:0.1-14.fc24.noarch emacs-ledger-0:3.1.1-1.fc24.x86_64 emacs-ledger-el-0:3.1.1-1.fc24.noarch emacs-lookup-0:1.4.1-13.fc24.noarch emacs-lua-0:20151025-2.fc24.noarch emacs-magit-0:1.2.2-3.fc24.noarch emacs-magit-el-0:1.2.2-3.fc24.noarch emacs-mew-0:6.7-2.fc24.x86_64 emacs-mmm-0:0.4.8-9.fc23.noarch emacs-mmm-el-0:0.4.8-9.fc23.noarch emacs-nesc-0:1.3.5-2.fc22.noarch emacs-nesc-el-0:1.3.5-2.fc22.noarch emacs-notmuch-0:0.21-3.fc24.noarch emacs-php-mode-0:1.17.0-6.fc24.noarch emacs-proofgeneral-0:4.2-5.fc24.noarch emacs-proofgeneral-el-0:4.2-5.fc24.noarch emacs-pydb-0:1.26-14.fc24.noarch emacs-pymacs-0:0.25-7.fc24.noarch emacs-pymacs-el-0:0.25-7.fc24.noarch emacs-pyrex-0:0.9.9-10.fc24.noarch emacs-riece-0:8.0.0-9.fc24.noarch emacs-rinari-0:2.1-12.20100815git.fc24.noarch emacs-rinari-el-0:2.1-12.20100815git.fc24.noarch emacs-rpm-spec-mode-0:0.15-4.fc24.noarch emacs-sdcc-0:3.5.0-6.fc24.x86_64 emacs-slime-1:2.12-4.fc24.noarch emacs-slime-el-1:2.12-4.fc24.noarch emacs-spice-mode-0:1.2.25-16.fc24.noarch emacs-spice-mode-el-0:1.2.25-16.fc24.noarch emacs-terminal-1:25.0.94-1.fc24.noarch emacs-tuareg-0:2.0.10-0.2.1c837e26.fc24.noarch emacs-undo-tree-0:0.6.4-2.fc24.noarch emacs-verilog-mode-0:531-9.fc24.noarch emacs-vm-0:8.1.2-12.fc24.x86_64 emacs-vregs-mode-0:1.470-10.fc24.noarch emacs-w3m-0:1.4.531-0.5.20140421cvs.fc24.noarch emacs-yaml-mode-0:0.0.12-3.fc24.noarch emacspeak-0:40.0-5.fc24.x86_64 empathy-0:3.12.12-1.fc24.x86_64 erlang-0:18.3.3-1.fc24.x86_64 erlang-clique-0:0.3.5-2.fc24.x86_64 erlang-cluster_info-0:2.0.5-1.fc24.x86_64 erlang-common_test-0:18.3.3-1.fc24.x86_64 erlang-cuttlefish-0:2.0.6-1.fc24.x86_64 erlang-debugger-0:18.3.3-1.fc24.x86_64 erlang-dialyzer-0:18.3.3-1.fc24.x86_64 erlang-epgsql-0:3.1.0-2.fc24.x86_64 erlang-esdl-0:1.3.1-12.fc24.x86_64 erlang-et-0:18.3.3-1.fc24.x86_64 erlang-exometer_core-0:1.4-2.fc24.x86_64 erlang-ibrowse-0:4.2.4-2.fc24.x86_64 erlang-lager-0:3.2.0-1.fc24.x86_64 erlang-megaco-0:18.3.3-1.fc24.x86_64 erlang-merge_index-0:2.1-1.fc24.x86_64 erlang-observer-0:18.3.3-1.fc24.x86_64 erlang-rebar-0:2.6.1-10.fc24.x86_64 erlang-reltool-0:18.3.3-1.fc24.x86_64 erlang-riak_api-0:2.1.2-1.fc24.x86_64 erlang-riak_control-0:2.1.2-1.fc24.x86_64 erlang-riak_core-0:2.1.5-1.fc24.x86_64 erlang-riak_ensemble-0:2.1.2-1.fc24.x86_64 erlang-riak_kv-0:2.1.2-2.fc24.x86_64 erlang-riak_pipe-0:2.1.1-1.fc24.x86_64 erlang-riak_search-0:1.3.2-2.fc21.x86_64 erlang-riaknostic-0:2.1.3-5.fc24.x86_64 erlang-test_server-0:18.3.3-1.fc24.x86_64 erlang-typer-0:18.3.3-1.fc24.x86_64 erlang-webtool-0:18.3.3-1.fc24.x86_64 erlang-wx-0:18.3.3-1.fc24.x86_64 evolution-0:3.20.2-1.fc24.i686 evolution-0:3.20.2-1.fc24.x86_64 evolution-bogofilter-0:3.20.2-1.fc24.x86_64 evolution-data-server-0:3.20.2-1.fc24.i686 evolution-data-server-0:3.20.2-1.fc24.x86_64 evolution-data-server-devel-0:3.20.2-1.fc24.i686 evolution-data-server-devel-0:3.20.2-1.fc24.x86_64 evolution-data-server-tests-0:3.20.2-1.fc24.i686 evolution-data-server-tests-0:3.20.2-1.fc24.x86_64 evolution-devel-0:3.20.2-1.fc24.i686 evolution-devel-0:3.20.2-1.fc24.x86_64 evolution-devel-docs-0:3.20.2-1.fc24.noarch evolution-ews-0:3.20.2-1.fc24.i686 evolution-ews-0:3.20.2-1.fc24.x86_64 evolution-help-0:3.20.2-1.fc24.noarch evolution-mapi-0:3.20.1-1.fc24.i686 evolution-mapi-0:3.20.1-1.fc24.x86_64 evolution-mapi-devel-0:3.20.1-1.fc24.i686 evolution-mapi-devel-0:3.20.1-1.fc24.x86_64 evolution-perl-0:3.20.2-1.fc24.x86_64 evolution-pst-0:3.20.2-1.fc24.x86_64 evolution-rspam-0:0.6.0-13.fc24.x86_64 evolution-rss-1:0.3.95-7.fc24.x86_64 evolution-spamassassin-0:3.20.2-1.fc24.x86_64 evolution-tests-0:3.20.2-1.fc24.x86_64 fawkes-devenv-0:0.5.0-29.fc24.noarch ffgtk-plugin-evolution-0:0.8.6-18.fc24.x86_64 filezilla-0:3.17.0.1-1.fc24.x86_64 fityk-0:1.3.0-8.fc24.i686 fityk-0:1.3.0-8.fc24.x86_64 fityk-devel-0:1.3.0-8.fc24.i686 fityk-devel-0:1.3.0-8.fc24.x86_64 flim-0:1.14.9-10.fc24.noarch fmtools-tkradio-0:2.0.7-6.fc24.noarch folks-1:0.11.2-5.fc24.i686 folks-1:0.11.2-5.fc24.x86_64 folks-devel-1:0.11.2-5.fc24.i686 folks-devel-1:0.11.2-5.fc24.x86_64 folks-tools-1:0.11.2-5.fc24.i686 folks-tools-1:0.11.2-5.fc24.x86_64 frama-c-emacs-0:1.12-4.fc24.noarch freedink-0:108.4-3.fc24.x86_64 freedink-dfarc-0:3.12-4.fc24.x86_64 freedv-0:1.1-6.fc24.x86_64 fwbackups-0:1.43.5-2.fc24.noarch gadget-0:0.0.3-16.fc24.noarch gcl-emacs-0:2.6.12-5.fc24.noarch gcl-emacs-el-0:2.6.12-5.fc24.noarch gdm-1:3.20.1-1.fc24.i686 gdm-1:3.20.1-1.fc24.x86_64 gdm-devel-1:3.20.1-1.fc24.i686 gdm-devel-1:3.20.1-1.fc24.x86_64 geary-0:0.11.0-1.fc24.x86_64 giggle-0:0.7-22.fc24.i686 giggle-0:0.7-22.fc24.x86_64 giggle-devel-0:0.7-22.fc24.i686 giggle-devel-0:0.7-22.fc24.x86_64 gitso-0:0.6-13.fc24.noarch glabels-0:3.2.1-8.fc24.x86_64 gnome-calendar-0:3.20.2-1.fc24.x86_64 gnome-classic-session-0:3.20.1-1.fc24.noarch gnome-contacts-0:3.20.0-1.fc24.x86_64 gnome-initial-setup-0:3.20.1-1.fc24.x86_64 gnome-maps-0:3.20.1-1.fc24.i686 gnome-maps-0:3.20.1-1.fc24.x86_64 gnome-phone-manager-0:0.69-16.fc24.x86_64 gnome-phone-manager-telepathy-0:0.69-16.fc24.x86_64 gnome-shell-0:3.20.2-1.fc24.x86_64 gnome-shell-extension-alternate-tab-0:3.20.1-1.fc24.noarch gnome-shell-extension-apps-menu-0:3.20.1-1.fc24.noarch gnome-shell-extension-auto-move-windows-0:3.20.1-1.fc24.noarch gnome-shell-extension-background-logo-0:3.20.0-1.fc24.noarch gnome-shell-extension-calc-0:0-0.10.gite4f4ac5.fc24.noarch gnome-shell-extension-common-0:3.20.1-1.fc24.noarch gnome-shell-extension-drive-menu-0:3.20.1-1.fc24.noarch gnome-shell-extension-fedmsg-0:0.1.9-15.fc24.noarch gnome-shell-extension-gpaste-0:3.18.3-2.fc24.noarch gnome-shell-extension-iok-0:0.20160405-1.fc24.noarch gnome-shell-extension-launch-new-instance-0:3.20.1-1.fc24.noarch gnome-shell-extension-native-window-placement-0:3.20.1-1.fc24.noarch gnome-shell-extension-openweather-0:1- 0.18.20160325git8dd1696.fc24.noarch gnome-shell-extension-panel-osd-0:1-0.13.20160325gite052ded.fc24.noarch gnome-shell-extension-pidgin-0:0-0.20.gitfb9dbfd.fc24.x86_64 gnome-shell-extension-places-menu-0:3.20.1-1.fc24.noarch gnome-shell-extension-pomodoro-0:0.11.3-1.fc24.x86_64 gnome-shell-extension-remove-bluetooth-icon-0:0.5.1-5.fc24.noarch gnome-shell-extension-remove-volume-icon-0:0.5.1-5.fc24.noarch gnome-shell-extension-screenshot-window-sizer-0:3.20.1-1.fc24.noarch gnome-shell-extension-simple-dock-0:0.1- 0.20150505git25c94bc.fc24.2.noarch gnome-shell-extension-user-theme-0:3.20.1-1.fc24.noarch gnome-shell-extension-window-list-0:3.20.1-1.fc24.noarch gnome-shell-extension-windowsNavigator-0:3.20.1-1.fc24.noarch gnome-shell-extension-workspace-indicator-0:3.20.1-1.fc24.noarch gnome-shell-theme-selene-0:3.4.0-11.fc24.noarch gnome-todo-0:3.20.2-1.fc24.x86_64 gnome-tweak-tool-0:3.20.1-1.fc24.noarch gnome-web-photo-0:0.10.5-9.fc24.x86_64 gnumed-0:1.4.8-6.fc24.noarch gnumed-doc-0:1.4.8-6.fc24.noarch gnumed-server-0:19.8-4.fc24.noarch gnuradio-0:3.7.9.1-3.fc24.i686 gnuradio-0:3.7.9.1-3.fc24.x86_64 gnuradio-devel-0:3.7.9.1-3.fc24.i686 gnuradio-devel-0:3.7.9.1-3.fc24.x86_64 gnuradio-doc-0:3.7.9.1-3.fc24.noarch gnuradio-examples-0:3.7.9.1-3.fc24.x86_64 gphotoframe-0:2.0.2-2.hg2084299dffb6.fc24.1.noarch gphotoframe-gss-0:2.0.2-2.hg2084299dffb6.fc24.1.noarch gqrx-0:2.5.3-3.fc24.x86_64 gr-air-modes-0:0-0.46.20160106git514414f6.fc24.i686 gr-air-modes-0:0-0.46.20160106git514414f6.fc24.x86_64 gr-air-modes-devel-0:0-0.46.20160106git514414f6.fc24.i686 gr-air-modes-devel-0:0-0.46.20160106git514414f6.fc24.x86_64 gr-air-modes-doc-0:0-0.46.20160106git514414f6.fc24.noarch gr-fcdproplus-0:0-0.22.20140920git1edbe523.fc24.i686 gr-fcdproplus-0:0-0.22.20140920git1edbe523.fc24.x86_64 gr-fcdproplus-devel-0:0-0.22.20140920git1edbe523.fc24.i686 gr-fcdproplus-devel-0:0-0.22.20140920git1edbe523.fc24.x86_64 gr-fcdproplus-doc-0:0-0.22.20140920git1edbe523.fc24.noarch gr-iqbal-0:0.37.2-19.fc24.i686 gr-iqbal-0:0.37.2-19.fc24.x86_64 gr-iqbal-devel-0:0.37.2-19.fc24.i686 gr-iqbal-devel-0:0.37.2-19.fc24.x86_64 gr-iqbal-doc-0:0.37.2-19.fc24.noarch gr-osmosdr-0:0.1.3-18.20141023git42c66fdd.fc24.i686 gr-osmosdr-0:0.1.3-18.20141023git42c66fdd.fc24.x86_64 gr-osmosdr-devel-0:0.1.3-18.20141023git42c66fdd.fc24.i686 gr-osmosdr-devel-0:0.1.3-18.20141023git42c66fdd.fc24.x86_64 gr-osmosdr-doc-0:0.1.3-18.20141023git42c66fdd.fc24.noarch gr-rds-0:0-0.21.20150513git201f32b.fc24.i686 gr-rds-0:0-0.21.20150513git201f32b.fc24.x86_64 gr-rds-devel-0:0-0.21.20150513git201f32b.fc24.i686 gr-rds-devel-0:0-0.21.20150513git201f32b.fc24.x86_64 gr-rds-doc-0:0-0.21.20150513git201f32b.fc24.noarch grass-0:7.0.3-1.fc24.x86_64 gtg-0:0.3.1-10.fc24.noarch gtkwhiteboard-0:1.3-11.fc24.noarch guake-0:0.8.4-1.fc24.noarch hugin-0:2016.0.0-1.fc24.i686 hugin-0:2016.0.0-1.fc24.x86_64 libopensync-plugin-evolution2-1:0.22-53.fc24.i686 libopensync-plugin-evolution2-1:0.22-53.fc24.x86_64 liferea-1:1.10.19-1.fc24.x86_64 londonlaw-0:0.3.0-0.3.pre2.fc24.noarch mMass-0:5.5.0-17.fc24.x86_64 mailnag-0:1.2.0-1.fc24.noarch memaker-0:20100110-10.fc24.noarch metamorphose2-0:0.8.2-8.fc24.noarch migemo-emacs-0:0.40-24.fc24.noarch migemo-xemacs-0:0.40-24.fc24.noarch mona-emacs-0:1.4r17-1.fc24.noarch nautilus-phatch-0:0.2.7-24.fc24.noarch nicotine+-0:1.2.16-12.fc24.noarch notify-python-0:0.1.1-30.fc24.x86_64 ocaml-emacs-0:4.02.3-3.fc24.x86_64 openstv-0:1.7-6.fc24.noarch ovirt-guest-agent-gdm-plugin-0:1.0.11-2.fc24.3.noarch peppy-0:0.16.0-8.fc24.noarch phatch-0:0.2.7-24.fc24.noarch plater-0:2015.03.10-4.fc24.noarch playonlinux-0:4.2.10-7.fc24.x86_64 poedit-0:1.8.7.1-1.fc24.x86_64 printrun-0:2015.03.10-4.fc24.x86_64 pronterface-0:2015.03.10-4.fc24.noarch protobuf-emacs-0:2.6.1-4.fc24.x86_64 protobuf-emacs-el-0:2.6.1-4.fc24.x86_64 psgml-0:1.2.5-20.fc24.noarch pulseaudio-gdm-hooks-0:8.0-6.fc24.x86_64 pyhoca-gui-0:0.5.0.5-2.fc24.noarch pymol-wxpython-0:1.8-3.20151208svn4142.fc24.x86_64 pyobd-0:0.9.3-1.fc24.noarch python-couchdbkit-0:0.6.5-5.fc24.noarch python-envisage-0:4.4.0-3.fc24.noarch python-ropemacs-0:0.7-6.fc24.noarch python-squaremap-0:1.0.3-5.fc24.noarch python2-apptools-0:4.4.0-3.fc24.noarch python2-matplotlib-wx-0:1.5.1-3.fc24.x86_64 python2-pyface-0:5.0.0-9.fc24.noarch python2-pyface-qt-0:5.0.0-9.fc24.noarch python2-pyface-wx-0:5.0.0-9.fc24.noarch python2-pyudev-wx-0:0.20.0-2.fc24.noarch python2-traitsui-0:5.0.0-4.fc24.noarch qgis-devel-0:2.14.0-2.fc24.i686 qgis-devel-0:2.14.0-2.fc24.x86_64 qgis-grass-0:2.14.0-2.fc24.i686 qgis-grass-0:2.14.0-2.fc24.x86_64 qgnomeplatform-0:0.1-5.fc24.i686 qgnomeplatform-0:0.1-5.fc24.x86_64 radiotray-0:0.7.3-6.fc24.noarch rapid-photo-downloader-0:0.4.11-3.fc24.noarch recutils-0:1.7-6.fc24.i686 recutils-0:1.7-6.fc24.x86_64 recutils-devel-0:1.7-6.fc24.i686 recutils-devel-0:1.7-6.fc24.x86_64 rubygem-webkit-gtk-0:3.0.8-1.fc24.noarch rubygem-webkit-gtk-doc-0:3.0.8-1.fc24.noarch rurple-0:1.0-0.13.rc3.fc24.noarch saga-0:2.2.4-1.fc24.i686 saga-0:2.2.4-1.fc24.x86_64 saga-devel-0:2.2.4-1.fc24.i686 saga-devel-0:2.2.4-1.fc24.x86_64 saga-python-0:2.2.4-1.fc24.x86_64 seed-0:3.8.1-7.fc24.i686 seed-0:3.8.1-7.fc24.x86_64 seed-devel-0:3.8.1-7.fc24.i686 seed-devel-0:3.8.1-7.fc24.x86_64 seed-doc-0:3.8.1-7.fc24.noarch sflphone-gnome-plugins-0:1.4.1-18.fc24.x86_64 shutter-0:0.93.1-2.fc24.noarch sidc-gui-0:0.4-6.fc24.noarch sk2py-0:0.1-14.fc24.noarch soundconverter-0:2.1.6-2.fc24.noarch spe-0:0.8.4.h-16.fc24.noarch specto-0:0.4.1-9.fc24.noarch sugar-browse-0:157.3-1.fc24.noarch surf-0:0.7-1.fc24.x86_64 synce-gnome-0:0.11-12.fc24.noarch syncevolution-1:1.5.1-9.fc24.x86_64 syncevolution-devel-1:1.5.1-9.fc24.i686 syncevolution-devel-1:1.5.1-9.fc24.x86_64 syncevolution-gtk-1:1.5.1-9.fc24.x86_64 syncevolution-libs-1:1.5.1-9.fc24.i686 syncevolution-libs-1:1.5.1-9.fc24.x86_64 syncevolution-libs-akonadi-1:1.5.1-9.fc24.x86_64 syncevolution-perl-1:1.5.1-9.fc24.x86_64 system-config-printer-0:1.5.7-8.fc24.x86_64 taskcoach-0:1.4.3-2.fc24.noarch timeline-0:1.10.0-1.fc24.noarch tmda-emacs-0:1.1.12-13.fc24.noarch tsung-0:1.6.0-1.fc24.x86_64 turpial-0:3.0-7.fc24.noarch uzbl-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-browser-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-core-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-defaults-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-tabbed-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 vfrnav-0:20160212-3.fc24.i686 vfrnav-0:20160212-3.fc24.x86_64 vfrnav-utils-0:20160212-3.fc24.x86_64 vfrnav-validatorservice-0:20160212-3.fc24.x86_64 vfrnav-webservice-0:20160212-3.fc24.x86_64 vfrnav-wetterdl-0:20160212-3.fc24.x86_64 wammu-0:0.40-3.fc24.noarch webkitgtk3-devel-0:2.4.11-1.fc24.i686 webkitgtk3-devel-0:2.4.11-1.fc24.x86_64 webkitgtk3-doc-0:2.4.11-1.fc24.noarch why3-emacs-0:0.87.0-3.fc24.noarch wicd-curses-0:1.7.3-2.fc23.noarch wicd-gtk-0:1.7.3-2.fc23.noarch wings-0:2.0.4-1.fc24.x86_64 winpdb-0:1.4.8-11.fc24.noarch wuja-0:0.0.8-16.fc24.noarch wxGTK3-0:3.0.2-19.fc24.i686 wxGTK3-0:3.0.2-19.fc24.x86_64 wxGTK3-devel-0:3.0.2-19.fc24.i686 wxGTK3-devel-0:3.0.2-19.fc24.x86_64 wxGTK3-docs-0:3.0.2-19.fc24.noarch wxGTK3-gl-0:3.0.2-19.fc24.i686 wxGTK3-gl-0:3.0.2-19.fc24.x86_64 wxGTK3-media-0:3.0.2-19.fc24.i686 wxGTK3-media-0:3.0.2-19.fc24.x86_64 wxGTK3-xmldocs-0:3.0.2-19.fc24.noarch wxGlade-0:0.7.2-1.fc24.noarch wxMaxima-0:15.08.2-2.fc24.x86_64 wxPython-0:3.0.2.0-10.fc24.x86_64 wxPython-devel-0:3.0.2.0-10.fc24.i686 wxPython-devel-0:3.0.2.0-10.fc24.x86_64 wxPython-docs-0:3.0.2.0-10.fc24.noarch wxsqlite3-0:3.3.2-0.1gitb05867d.fc24.i686 wxsqlite3-0:3.3.2-0.1gitb05867d.fc24.x86_64 wxsqlite3-devel-0:3.3.2-0.1gitb05867d.fc24.i686 wxsqlite3-devel-0:3.3.2-0.1gitb05867d.fc24.x86_64 xemacs-tuareg-0:2.0.10-0.2.1c837e26.fc24.noarch xiphos-gtk3-0:4.0.4-3.fc24.x86_64 xylib-0:1.4-8.fc24.i686 xylib-0:1.4-8.fc24.x86_64 xylib-devel-0:1.4-8.fc24.i686 xylib-devel-0:1.4-8.fc24.x86_64 yaws-0:2.0-2.fc24.x86_64 yaws-devel-0:2.0-2.fc24.i686 yaws-devel-0:2.0-2.fc24.x86_64
Note that work is already in progress for some of the above. Active porting efforts are underway for Evolution (which will take care of the mass of evolution-data-server dependencies like gnome-shell and gdm), Geary, and Liferea. There are also stalled porting efforts for inactive projects like Empathy, Bijiben, and Midori; these efforts have significant progress and could easily be resurrected.
Question: What if we're not willing to remove packages?
Answer: Well, then we'll just have to watch the count of unfixed remote code execution vulnerabilities increase forever, because there's no chance all of the above packages will be ported; we could set the deadline 10 years in the future and it still wouldn't happen. If we decide we're not willing to remove packages, I would suggest renaming the WebKit packages to webkitgtk-insecure and webkitgtk3-insecure to clarify the situation.
Question: :(
Answer: _(ツ)_/
Michael
On Fri, 2016-06-10 at 08:11 -0500, Michael Catanzaro wrote:
I propose we retire the webkitgtk and webkitgtk3 packages when branching rawhide for F26 (expected to occur roughly February 2017)
To clarify: I propose removing the packages from rawhide (only) shortly after branching for F26, that way nothing will be removed until F27.
On Fri, 2016-06-10 at 08:11 -0500, Michael Catanzaro wrote:
I propose we retire the webkitgtk and webkitgtk3 packages when branching rawhide for F26 (expected to occur roughly February 2017), and forbid unretiring them. All their dependencies would then be removed from from Fedora according to the normal process shortly before the release of F27 (excepted to occur May 2017). If nobody objects, we'll carry out this plan shortly after the F26 branch point.
Let me try this one more time, as the dates I have here are wrong/inconsistent.
* Branch F26 from rawhide around January 2017. * F26 release around May 2017. * Branch F27 from rawhide around July 2017. * F27 release around November 2017.
We can use either set of dates. I'm inclined to go with the earlier dates. The benefit of using later dates is it would allow more time for GTK+ 2 apps to port to GTK+ 3, but I don't honestly expect pushing the dates later would make a difference in which applications get ported in time.
Michael
On Fri, Jun 10, 2016 at 9:11 AM, Michael Catanzaro mcatanzaro@gnome.org wrote:
Hi,
I propose we retire the webkitgtk and webkitgtk3 packages when branching rawhide for F26 (expected to occur roughly February 2017), and forbid unretiring them. All their dependencies would then be removed from from Fedora according to the normal process shortly before the release of F27 (excepted to occur May 2017). If nobody objects, we'll carry out this plan shortly after the F26 branch point.
<snip>
emacs-1:25.0.94-1.fc24.x86_64
<Friday joke>
I am all for anything that removes emacs from our distribution. How can I help ensure this happens?
</Friday joke>
josh
On Fri, 2016-06-10 at 09:58 -0400, Josh Boyer wrote:
<Friday joke>
I am all for anything that removes emacs from our distribution. How can I help ensure this happens?
</Friday joke>
Serious answer: the Emacs dependency on unsupported WebKit was added two months ago and can be avoided by changing a configure flag:
http://pkgs.fedoraproject.org/cgit/rpms/emacs.git/commit/?id=27d3963a4bee39a...
So fortunately it's not too serious of a problem. There are other apps on that list that can be "ported" with a configure flag change as well. E.g. GIMP only uses WebKit for its help center; we should disable that so that user help opens in the user's default browser instead.
Removing these old WebKit packages would help avoid introducing such issues when maintainers do not realize that webkitgtk3 is unsupported and insecure.
Michael
What do we actually have to do to move apps that are using the Webkit API to the new version? What code changes are needed? Is there documentation for this?
Rich.
On Fri, 2016-06-10 at 15:02 +0100, Richard W.M. Jones wrote:
What do we actually have to do to move apps that are using the Webkit API to the new version? What code changes are needed? Is there documentation for this?
There's no transition documentation. Basically, you want to make sure your package builds when switching the pkg-config version in configure.ac to webkit2gtk-4.0.
There is API documentation here:
http://webkitgtk.org/reference/webkit2gtk/stable/
Stable DOM (web process) API:
http://webkitgtk.org/reference/webkitdomgtk/stable/
Deprecated API (what you are porting away from):
http://webkitgtk.org/reference/webkitgtk/stable/index.html
If your app doesn't use the DOM API, the port should be straightforward. Your app will probably work once you manage to compile it. Be sure to check if any signals you connect to have been renamed.
If your app does use the DOM API, you have more work as you need to create a web process extension to access this API. You can use any form of IPC to communicate between the UI process and the web process; D-Bus is a good option. Documentation here:
http://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebExtension.html
Epiphany serves as a good (if complex) example of how to write a web extension:
https://git.gnome.org/browse/epiphany/tree/embed/web-extension
Hope that helps a bit... happy to answer more questions.
Michael
On Fri, 2016-06-10 at 11:39 -0500, Michael Catanzaro wrote:
There's no transition documentation. Basically, you want to make sure your package builds when switching the pkg-config version in configure.ac to webkit2gtk-4.0.
Hi, feel free to check out what the evolution-data-server does to switch from WebKit1 to WebKit2 here [1]. The code only opens a page and finally reads its title with a result, listening for a signal when the page was loaded. It doesn't do any DOM operations on the page. Bye, Milan
On Fri, 10 Jun, 2016 at 16:39:21 GMT, Michael Catanzaro wrote:
If your app does use the DOM API, you have more work as you need to create a web process extension to access this API. You can use any form of IPC to communicate between the UI process and the web process; D-Bus is a good option. Documentation here:
Note that running JavaScript code in the context of the webpage also requires an extension (AFAICS).
--Ben
On Wed, 2016-06-15 at 22:26 +0000, Ben Boeckel wrote:
Note that running JavaScript code in the context of the webpage also requires an extension (AFAICS).
Fortunately, you can actually do this from the UI process using webkit_web_view_run_javascript() and webkit_web_view_run_javascript_finish().
[1] http://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebView.html#webkit-w...
On Wed, Jun 15, 2016 at 18:23:00 -0500, Michael Catanzaro wrote:
On Wed, 2016-06-15 at 22:26 +0000, Ben Boeckel wrote:
Note that running JavaScript code in the context of the webpage also requires an extension (AFAICS).
Fortunately, you can actually do this from the UI process using webkit_web_view_run_javascript() and webkit_web_view_run_javascript_finish().
[1] http://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebView.html#webkit-w...
That works if you can deal with the result being asynchronous, but if your callback doesn't belong in the GUI thread…
--Ben
On Wed, 2016-06-15 at 19:50 -0400, Ben Boeckel wrote:
That works if you can deal with the result being asynchronous, but if your callback doesn't belong in the GUI thread…
Ah, I think this arose from the discussion about disabling/enabling context menu items. [1] is related.
The reason we don't offer a sync API is that it could cause your application to hang during IPC between the browser process and the web process.
On Wed, Jun 15, 2016 at 19:24:35 -0500, Michael Catanzaro wrote:
The reason we don't offer a sync API is that it could cause your application to hang during IPC between the browser process and the web process.
Understood. It's one of the reasons we're looking at getting the "uzbl" bits separate from the "gui" bits. Unfortunately, there's lots of crosstalk (accessing GTK objects from the other thread is fraught with peril as one would expect) and C is not exactly the most…expressive language for such things.
--Ben
On Fri, 2016-06-10 at 08:11 -0500, Michael Catanzaro wrote:
Answer: QtWebKit has not had security updates since ~2012
The QtWebKit folks asked me to point out that they were merging security fixes until 2014. More information is available at [1]; you can judge the situation for yourself.
On Jun 10, 2016 8:32 PM, "Scott Talbert" swt@techie.net wrote:
On Fri, 10 Jun 2016, Michael Catanzaro wrote:
Question: What if my application depends on GTK+ 2?
Answer: You must first port to GTK+ 3, then port to WebKit2. You may find it more practical to stop using WebKitGTK+.
What is the WebKit2 package in Fedora? Is that webkitgtk4?
Yes.
Scott
-- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
I like this idea very much, thank you!
Independent to whether this proposal is accepted or not, I'd like to point out that it would be very useful to notify all maintainers of this issue, probably by filing a bug to every package that uses one of these packages (webkitgtk, webkitgtk3), adding a link to your statement above and tell the maintainer to take action: Contact upstream. If upstream will be porting the package to Webkit2Gtk, ship it in Fedora. If not, try to build without WebKit support. If that fails, deprecate a package by filing bugs to all packages relying on it.
Sadly, I don't know any way to automate this and filing ~50 bugs is quite much.
On Sun, 12 Jun 2016 11:28:00 -0000 "Christian Stadelmann" genodeftest@fedoraproject.org wrote:
I like this idea very much, thank you!
Independent to whether this proposal is accepted or not, I'd like to point out that it would be very useful to notify all maintainers of this issue, probably by filing a bug to every package that uses one of these packages (webkitgtk, webkitgtk3), adding a link to your statement above and tell the maintainer to take action: Contact upstream. If upstream will be porting the package to Webkit2Gtk, ship it in Fedora. If not, try to build without WebKit support. If that fails, deprecate a package by filing bugs to all packages relying on it.
Sadly, I don't know any way to automate this and filing ~50 bugs is quite much.
I'll note that if someone is going to do this, please read and follow https://fedoraproject.org/wiki/Mass_bug_filing
Thanks.
kevin
On Fri, 2016-06-10 at 08:11 -0500, Michael Catanzaro wrote:
Active porting efforts are underway for Evolution (which will take care of the mass of evolution-data-server dependencies like gnome- shell and gdm)
Hi, I think it's a very important detail, because if I remove the --recursive argument in your repoquery command, then I get significantly shorter list of affected packages [1], with ~half of them being addressed by the ongoing effort for the Evolution port.
At least in case of the evolution-data-server, it uses the WebKit1, but doesn't expose it in the public API, thus it's a private dependency, spread on its own "users" only through the linker (libraries).
I mean, checking only for direct dependencies makes more sense, from my point of view. Bye, Milan
[1] repoquery --whatrequires webkitgtk3 --enablerepo=updates-testing
Yum-utils package has been deprecated, use dnf instead. See 'man yum2dnf' for more information.
balsa-0:2.5.2-3.fc24.x86_64 bijiben-0:3.20.2-1.fc24.x86_64 cairo-dock-plug-ins-webkit-0:3.4.1-7.fc24.x86_64 dwb-0:2015.10.09-2.20151009git.fc24.x86_64 emacs-1:25.0.94-1.fc24.x86_64 empathy-0:3.12.12-1.fc24.x86_64 evolution-0:3.20.2-1.fc24.i686 evolution-0:3.20.2-1.fc24.x86_64 evolution-0:3.20.3-1.fc24.i686 evolution-0:3.20.3-1.fc24.x86_64 evolution-bogofilter-0:3.20.2-1.fc24.x86_64 evolution-bogofilter-0:3.20.3-1.fc24.x86_64 evolution-data-server-0:3.20.2-1.fc24.i686 evolution-data-server-0:3.20.2-1.fc24.x86_64 evolution-data-server-0:3.20.3-1.fc24.i686 evolution-data-server-0:3.20.3-1.fc24.x86_64 evolution-data-server-tests-0:3.20.2-1.fc24.i686 evolution-data-server-tests-0:3.20.2-1.fc24.x86_64 evolution-data-server-tests-0:3.20.3-1.fc24.i686 evolution-data-server-tests-0:3.20.3-1.fc24.x86_64 evolution-ews-0:3.20.2-1.fc24.i686 evolution-ews-0:3.20.2-1.fc24.x86_64 evolution-ews-0:3.20.3-1.fc24.x86_64 evolution-mapi-0:3.20.1-1.fc24.i686 evolution-mapi-0:3.20.1-1.fc24.x86_64 evolution-mapi-0:3.20.3-1.fc24.i686 evolution-mapi-0:3.20.3-1.fc24.x86_64 evolution-pst-0:3.20.2-1.fc24.x86_64 evolution-pst-0:3.20.3-1.fc24.x86_64 evolution-rss-1:0.3.95-7.fc24.x86_64 evolution-spamassassin-0:3.20.2-1.fc24.x86_64 evolution-spamassassin-0:3.20.3-1.fc24.x86_64 geary-0:0.11.0-1.fc24.x86_64 gnome-web-photo-0:0.10.5-9.fc24.x86_64 gphotoframe-0:2.0.2-2.hg2084299dffb6.fc24.1.noarch liferea-1:1.10.19-1.fc24.x86_64 rubygem-webkit-gtk-0:3.0.8-1.fc24.noarch seed-0:3.8.1-7.fc24.i686 seed-0:3.8.1-7.fc24.x86_64 sugar-browse-0:157.3-1.fc24.noarch surf-0:0.7-1.fc24.x86_64 uzbl-core-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 vfrnav-0:20160212-3.fc24.i686 vfrnav-0:20160212-3.fc24.x86_64 webkitgtk3-devel-0:2.4.11-1.fc24.i686 webkitgtk3-devel-0:2.4.11-1.fc24.x86_64 webkitgtk3-doc-0:2.4.11-1.fc24.noarch wxGTK3-0:3.0.2-19.fc24.i686 wxGTK3-0:3.0.2-19.fc24.x86_64 xiphos-gtk3-0:4.0.4-3.fc24.x86_64 xiphos-gtk3-0:4.0.4-4.fc24.x86_64
Michael Catanzaro wrote:
I propose we retire the webkitgtk and webkitgtk3 packages when branching rawhide for F26 (expected to occur roughly February 2017), and forbid unretiring them. All their dependencies would then be removed from from Fedora according to the normal process shortly before the release of F27 (excepted to occur May 2017). If nobody objects, we'll carry out this plan shortly after the F26 branch point.
Looking at the terabazillion affected packages, this will be a trainwreck!
For QtWebKit, everyone was saying that it is impossible to keep supporting the old API. Then someone came and just did it. IMHO, this is the only practicable solution for WebKitGTK as well. Well, that or port all the applications in the list.
There are some extremely-high-profile applications in your list of affected packages: GIMP, SAGE (sagemath), Audacity, etc., and even GNOME Shell! (Now *I* wouldn't complain if GNOME Shell were removed from Fedora, but… ;-) ) So removing all those packages from Fedora, and even effectively forbidding them from being readded, is not practicable.
Answer: If you're sure your application never processes untrusted input, it is a special flower. You should request a bundling exception from FESCo if you do not intend to upgrade.
So you want to replace one copy of vulnerable code by many copies of vulnerable code? How is that going to help any? It would also severely bloat the distribution, given the huge size of WebKit. This is just totally impractical.
Kevin Kofler
On Sex, 2016-06-10 at 08:11 -0500, Michael Catanzaro wrote:
Question: Where can I learn more?
Answer: https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-secur ity-updates/
Question: What would be removed if this were to occur today?
Answer: If you read this far, please seriously look over these lists. Some big name applications are included.
$ repoquery --whatrequires --recursive webkitgtk
Yum-utils package has been deprecated, use dnf instead. See 'man yum2dnf' for more information.
GREYCstoration-gimp-0:2.8-22.fc24.x86_64 atril-0:1.14.1-1.fc24.x86_64 atril-caja-0:1.14.1-1.fc24.x86_64 atril-devel-0:1.14.1-1.fc24.i686 atril-devel-0:1.14.1-1.fc24.x86_64 atril-libs-0:1.14.1-1.fc24.i686 atril-libs-0:1.14.1-1.fc24.x86_64 atril-thumbnailer-0:1.14.1-1.fc24.x86_64 banshee-0:2.6.2-15.fc24.x86_64 banshee-community-extensions-0:2.4.0-14.fc24.x86_64 banshee-devel-0:2.6.2-15.fc24.i686 banshee-devel-0:2.6.2-15.fc24.x86_64 billiards-0:0.4.1-10.fc24.x86_64 claws-mail-plugins-0:3.13.2-2.fc24.x86_64 claws-mail-plugins-fancy-0:3.13.2-2.fc24.x86_64 compat-wxGTK3-gtk2-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-0:3.0.2-7.fc24.x86_64 compat-wxGTK3-gtk2-devel-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-devel-0:3.0.2-7.fc24.x86_64 compat-wxGTK3-gtk2-docs-0:3.0.2-7.fc24.noarch compat-wxGTK3-gtk2-gl-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-gl-0:3.0.2-7.fc24.x86_64 compat-wxGTK3-gtk2-media-0:3.0.2-7.fc24.i686 compat-wxGTK3-gtk2-media-0:3.0.2-7.fc24.x86_64 conduit-0:0.3.17-12.fc24.noarch dissy-0:10-5.fc24.noarch fityk-0:1.3.0-8.fc24.i686 fityk-0:1.3.0-8.fc24.x86_64 fityk-devel-0:1.3.0-8.fc24.i686 fityk-devel-0:1.3.0-8.fc24.x86_64 gap-pkg-alnuth-0:3.0.0-6.fc24.noarch gap-pkg-cryst-0:4.1.12-4.fc24.noarch gap-pkg-crystcat-0:1.1.6-4.fc24.noarch gap-pkg-nq-0:2.5.3-1.fc24.x86_64 gap-pkg-polenta-0:1.3.6-1.fc24.noarch gap-pkg-polycyclic-0:2.11-6.fc24.noarch gap-pkg-radiroot-0:2.7-5.fc24.noarch geany-plugins-devhelp-0:1.27-1.fc24.x86_64 geany-plugins-geanypy-0:1.27-1.fc24.x86_64 geany-plugins-markdown-0:1.27-1.fc24.x86_64 geany-plugins-webhelper-0:1.27-1.fc24.x86_64 ghc-webkit-0:0.14.1.1-1.fc24.x86_64 ghc-webkit-devel-0:0.14.1.1-1.fc24.x86_64 gimp-2:2.8.16-1.fc24.1.x86_64 gimp-data-extras-0:2.0.2-13.fc24.noarch gimp-dbp-0:1.1.9-9.fc24.x86_64 gimp-dds-plugin-0:3.0.1-5.fc24.x86_64 gimp-elsamuko-0:26-2.fc24.noarch gimp-fourier-plugin-0:0.4.1-12.fc24.x86_64 gimp-gap-0:2.7.0-14.GITe75bd46.fc24.x86_64 gimp-help-0:2.8.2-5.fc24.noarch gimp-help-browser-2:2.8.16-1.fc24.1.x86_64 gimp-help-ca-0:2.8.2-5.fc24.noarch gimp-help-da-0:2.8.2-5.fc24.noarch gimp-help-de-0:2.8.2-5.fc24.noarch gimp-help-el-0:2.8.2-5.fc24.noarch gimp-help-en_GB-0:2.8.2-5.fc24.noarch gimp-help-es-0:2.8.2-5.fc24.noarch gimp-help-fr-0:2.8.2-5.fc24.noarch gimp-help-it-0:2.8.2-5.fc24.noarch gimp-help-ja-0:2.8.2-5.fc24.noarch gimp-help-ko-0:2.8.2-5.fc24.noarch gimp-help-nl-0:2.8.2-5.fc24.noarch gimp-help-nn-0:2.8.2-5.fc24.noarch gimp-help-pt_BR-0:2.8.2-5.fc24.noarch gimp-help-ru-0:2.8.2-5.fc24.noarch gimp-help-sl-0:2.8.2-5.fc24.noarch gimp-help-sv-0:2.8.2-5.fc24.noarch gimp-help-zh_CN-0:2.8.2-5.fc24.noarch gimp-high-pass-filter-0:1.2-6.fc24.noarch gimp-lqr-plugin-0:0.7.2-4.fc24.x86_64 gimp-normalmap-0:1.2.3-12.fc24.x86_64 gimp-paint-studio-0:2.0-11.fc24.noarch gimp-resynthesizer-0:0.16-14.fc24.x86_64 gimp-save-for-web-0:0.29.3-1.fc24.x86_64 gimp-separate+-0:0.5.8-16.fc24.x86_64 gimp-wavelet-denoise-plugin-0:0.3.1-9.fc24.x86_64 gimpfx-foundry-0:2.6.1-5.fc24.noarch gmpc-0:11.8.16-11.fc24.x86_64 gmpc-devel-0:11.8.16-11.fc24.i686 gmpc-devel-0:11.8.16-11.fc24.x86_64 gmusicbrowser-0:1.1.15-2.fc24.noarch gnucash-0:2.6.12-1.fc24.i686 gnucash-0:2.6.12-1.fc24.x86_64 gphpedit-0:0.9.98-0.11.RC1.fc24.x86_64 gpodder-0:3.9.0-1.fc24.noarch gscribble-0:0.1.2-10.fc24.noarch gtk-sharp-beans-0:2.14.0-17.fc24.x86_64 gtk-sharp-beans-devel-0:2.14.0-17.fc24.i686 gtk-sharp-beans-devel-0:2.14.0-17.fc24.x86_64 guitarix-0:0.35.0-2.fc24.x86_64 gutenprint-plugin-0:5.2.11-2.fc24.x86_64 gyachi-0:1.2.11-14.fc24.x86_64 gyachi-YMlike-theme-0:1.2.11-14.fc24.x86_64 gyachi-pidgy-theme-0:1.2.11-14.fc24.x86_64 gyachi-plugin-alsa-0:1.2.11-14.fc24.x86_64 gyachi-plugin-blowfish-0:1.2.11-14.fc24.x86_64 gyachi-plugin-gtkspell-0:1.2.11-14.fc24.x86_64 gyachi-plugin-libnotify-0:1.2.11-14.fc24.x86_64 gyachi-plugin-mcrypt-0:1.2.11-14.fc24.x86_64 gyachi-plugin-pulseaudio-0:1.2.11-14.fc24.x86_64 gyachi-recre8-theme-0:1.2.11-14.fc24.x86_64 icaro-0:1.0.4-3.fc24.noarch kazehakase-0:0.5.8-20.svn3873_trunk.fc24.1.x86_64 kazehakase-webkit-0:0.5.8-20.svn3873_trunk.fc24.1.x86_64 kicad-1:4.0.2-2.fc24.x86_64 lekhonee-gnome-0:0.12-9.fc24.x86_64 lv2-guitarix-plugins-0:0.35.0-2.fc24.x86_64 midori-0:0.5.11-2.fc24.i686 midori-0:0.5.11-2.fc24.x86_64 mono-tools-0:4.2-2.fc24.x86_64 mono-tools-devel-0:4.2-2.fc24.i686 mono-tools-devel-0:4.2-2.fc24.x86_64 mono-tools-gendarme-0:4.2-2.fc24.x86_64 mono-tools-ilcontrast-0:4.2-2.fc24.x86_64 mono-tools-monodoc-0:4.2-2.fc24.x86_64 nested-0:1.2.2-17.fc24.noarch osmo-0:0.2.12-0.8.svn924.fc24.3.x86_64 pari-gp-0:2.7.5-2.fc24.x86_64 perl-Gtk2-WebKit-0:0.09-14.fc24.x86_64 pywebkitgtk-0:1.1.8-11.fc24.x86_64 rednotebook-0:1.12-1.fc24.noarch sagemath-0:6.8-10.fc24.i686 sagemath-0:6.8-10.fc24.x86_64 sagemath-core-0:6.8-10.fc24.x86_64 sagemath-data-0:6.8-10.fc24.noarch sagemath-data-conway_polynomials-0:6.8-10.fc24.noarch sagemath-data-elliptic_curves-0:6.8-10.fc24.noarch sagemath-data-etc-0:6.8-10.fc24.noarch sagemath-data-graphs-0:6.8-10.fc24.noarch sagemath-data-polytopes_db-0:6.8-10.fc24.noarch sagemath-notebook-0:6.8-10.fc24.x86_64 sagemath-rubiks-0:6.8-10.fc24.x86_64 sagemath-sagetex-0:6.8-10.fc24.x86_64 sparkleshare-0:1.2.0-4.fc23.x86_64 techne-0:0.2.3-18.fc24.x86_64 techtalk-pse-0:1.1.0-10.fc24.noarch turpial-0:3.0-7.fc24.noarch ufraw-gimp-0:0.22-1.fc24.x86_64 webkit-sharp-0:0.3-17.fc24.x86_64 webkit-sharp-devel-0:0.3-17.fc24.i686 webkit-sharp-devel-0:0.3-17.fc24.x86_64 webkitgtk-devel-0:2.4.11-1.fc24.i686 webkitgtk-devel-0:2.4.11-1.fc24.x86_64 webkitgtk-doc-0:2.4.11-1.fc24.noarch wordgroupz-0:0.3.1-11.fc24.noarch xiphos-gtk2-0:4.0.4-3.fc24.x86_64 xsane-gimp-0:0.999-20.fc24.x86_64
$ repoquery --whatrequires --recursive webkitgtk3
Yum-utils package has been deprecated, use dnf instead. See 'man yum2dnf' for more information.
3Depict-0:0.0.18-6.fc24.x86_64 4Pane-0:4.0-1.fc24.x86_64 Mayavi-0:4.4.3-4.fc24.x86_64 PyPE-0:2.9.4-5.fc24.noarch PythonCard-0:0.8.2-16.fc24.noarch RunSnakeRun-0:2.0.4-4.fc24.noarch ailurus-0:10.10.3-9.fc24.noarch almanah-0:0.11.1-8.fc24.x86_64 audacity-0:2.1.2-4.fc24.x86_64 audacity-manual-0:2.1.2-4.fc24.noarch audio-convert-mod-0:3.46.0b-10.fc24.noarch autokey-gtk-0:0.90.4-8.fc24.noarch autokey-qt-0:0.90.4-8.fc24.noarch balsa-0:2.5.2-3.fc24.x86_64 batti-0:0.3.8-9.fc24.noarch bibus-0:1.5.1-15.fc24.x86_64 bijiben-0:3.20.2-1.fc24.x86_64 bitlyclip-0:0.2.2-7.fc24.noarch boinc-manager-0:7.6.22-4.fc24.x86_64 cairo-dock-plug-ins-webkit-0:3.4.1-7.fc24.x86_64 california-0:0.4.0-7.fc24.x86_64 congruity-0:18-10.fc24.noarch coq-emacs-0:8.5pl1-1.fc24.noarch couchdb-0:1.6.1-14.fc24.x86_64 cura-0:15.04.4-3.fc24.noarch cura-lulzbot-0:19.12-1.fc24.noarch cycle-0:0.3.1-21.fc24.noarch decibel-audio-player-0:1.08-12.fc24.noarch deluge-0:1.3.12-3.fc24.noarch deluge-gtk-0:1.3.12-3.fc24.noarch deluge-web-0:1.3.12-3.fc24.noarch dwb-0:2015.10.09-2.20151009git.fc24.x86_64 earcandy-0:0.9-4.fc24.noarch ejabberd-0:16.01-5.fc24.x86_64 ekiga-0:4.0.1-29.fc24.x86_64 emacs-1:25.0.94-1.fc24.x86_64 emacs-apel-0:10.8-10.fc24.noarch emacs-auctex-0:11.89-3.fc24.noarch emacs-auto-complete-0:1.3.1-9.fc24.noarch emacs-auto-complete-el-0:1.3.1-9.fc24.noarch emacs-bbdb-1:3.1.2-5.fc24.noarch emacs-color-theme-0:6.6.0-11.fc24.noarch emacs-color-theme-el-0:6.6.0-11.fc24.noarch emacs-common-tuareg-0:2.0.10-0.2.1c837e26.fc24.noarch emacs-ddskk-0:15.2-4.fc24.noarch emacs-ebib-0:1.8.0-9.fc24.noarch emacs-ebib-el-0:1.8.0-9.fc24.noarch emacs-epix-0:1.2.16-1.fc24.noarch emacs-erlang-0:18.3.3-1.fc24.noarch emacs-erlang-el-0:18.3.3-1.fc24.noarch emacs-erlang-lfe-0:1.0.2-1.fc24.noarch emacs-erlang-lfe-el-0:1.0.2-1.fc24.noarch emacs-ess-0:16.04-1.fc24.noarch emacs-evil-0:1.2.9-1.fc24.noarch emacs-gettext-0:0.19.7-4.fc24.noarch emacs-gnu-smalltalk-0:3.2.5-10.fc24.noarch emacs-gnu-smalltalk-el-0:3.2.5-10.fc24.noarch emacs-goodies-0:35.8-5.fc24.noarch emacs-goodies-el-0:35.8-5.fc24.noarch emacs-goto-chg-0:1.6-2.fc24.noarch emacs-gtypist-0:2.9.4-5.fc24.x86_64 emacs-haskell-mode-0:13.18-1.fc24.noarch emacs-htmlize-0:1.34-12.fc24.noarch emacs-htmlize-el-0:1.34-12.fc24.noarch emacs-irsim-mode-0:0.1-14.fc24.noarch emacs-irsim-mode-el-0:0.1-14.fc24.noarch emacs-ledger-0:3.1.1-1.fc24.x86_64 emacs-ledger-el-0:3.1.1-1.fc24.noarch emacs-lookup-0:1.4.1-13.fc24.noarch emacs-lua-0:20151025-2.fc24.noarch emacs-magit-0:1.2.2-3.fc24.noarch emacs-magit-el-0:1.2.2-3.fc24.noarch emacs-mew-0:6.7-2.fc24.x86_64 emacs-mmm-0:0.4.8-9.fc23.noarch emacs-mmm-el-0:0.4.8-9.fc23.noarch emacs-nesc-0:1.3.5-2.fc22.noarch emacs-nesc-el-0:1.3.5-2.fc22.noarch emacs-notmuch-0:0.21-3.fc24.noarch emacs-php-mode-0:1.17.0-6.fc24.noarch emacs-proofgeneral-0:4.2-5.fc24.noarch emacs-proofgeneral-el-0:4.2-5.fc24.noarch emacs-pydb-0:1.26-14.fc24.noarch emacs-pymacs-0:0.25-7.fc24.noarch emacs-pymacs-el-0:0.25-7.fc24.noarch emacs-pyrex-0:0.9.9-10.fc24.noarch emacs-riece-0:8.0.0-9.fc24.noarch emacs-rinari-0:2.1-12.20100815git.fc24.noarch emacs-rinari-el-0:2.1-12.20100815git.fc24.noarch emacs-rpm-spec-mode-0:0.15-4.fc24.noarch emacs-sdcc-0:3.5.0-6.fc24.x86_64 emacs-slime-1:2.12-4.fc24.noarch emacs-slime-el-1:2.12-4.fc24.noarch emacs-spice-mode-0:1.2.25-16.fc24.noarch emacs-spice-mode-el-0:1.2.25-16.fc24.noarch emacs-terminal-1:25.0.94-1.fc24.noarch emacs-tuareg-0:2.0.10-0.2.1c837e26.fc24.noarch emacs-undo-tree-0:0.6.4-2.fc24.noarch emacs-verilog-mode-0:531-9.fc24.noarch emacs-vm-0:8.1.2-12.fc24.x86_64 emacs-vregs-mode-0:1.470-10.fc24.noarch emacs-w3m-0:1.4.531-0.5.20140421cvs.fc24.noarch emacs-yaml-mode-0:0.0.12-3.fc24.noarch emacspeak-0:40.0-5.fc24.x86_64 empathy-0:3.12.12-1.fc24.x86_64 erlang-0:18.3.3-1.fc24.x86_64 erlang-clique-0:0.3.5-2.fc24.x86_64 erlang-cluster_info-0:2.0.5-1.fc24.x86_64 erlang-common_test-0:18.3.3-1.fc24.x86_64 erlang-cuttlefish-0:2.0.6-1.fc24.x86_64 erlang-debugger-0:18.3.3-1.fc24.x86_64 erlang-dialyzer-0:18.3.3-1.fc24.x86_64 erlang-epgsql-0:3.1.0-2.fc24.x86_64 erlang-esdl-0:1.3.1-12.fc24.x86_64 erlang-et-0:18.3.3-1.fc24.x86_64 erlang-exometer_core-0:1.4-2.fc24.x86_64 erlang-ibrowse-0:4.2.4-2.fc24.x86_64 erlang-lager-0:3.2.0-1.fc24.x86_64 erlang-megaco-0:18.3.3-1.fc24.x86_64 erlang-merge_index-0:2.1-1.fc24.x86_64 erlang-observer-0:18.3.3-1.fc24.x86_64 erlang-rebar-0:2.6.1-10.fc24.x86_64 erlang-reltool-0:18.3.3-1.fc24.x86_64 erlang-riak_api-0:2.1.2-1.fc24.x86_64 erlang-riak_control-0:2.1.2-1.fc24.x86_64 erlang-riak_core-0:2.1.5-1.fc24.x86_64 erlang-riak_ensemble-0:2.1.2-1.fc24.x86_64 erlang-riak_kv-0:2.1.2-2.fc24.x86_64 erlang-riak_pipe-0:2.1.1-1.fc24.x86_64 erlang-riak_search-0:1.3.2-2.fc21.x86_64 erlang-riaknostic-0:2.1.3-5.fc24.x86_64 erlang-test_server-0:18.3.3-1.fc24.x86_64 erlang-typer-0:18.3.3-1.fc24.x86_64 erlang-webtool-0:18.3.3-1.fc24.x86_64 erlang-wx-0:18.3.3-1.fc24.x86_64 evolution-0:3.20.2-1.fc24.i686 evolution-0:3.20.2-1.fc24.x86_64 evolution-bogofilter-0:3.20.2-1.fc24.x86_64 evolution-data-server-0:3.20.2-1.fc24.i686 evolution-data-server-0:3.20.2-1.fc24.x86_64 evolution-data-server-devel-0:3.20.2-1.fc24.i686 evolution-data-server-devel-0:3.20.2-1.fc24.x86_64 evolution-data-server-tests-0:3.20.2-1.fc24.i686 evolution-data-server-tests-0:3.20.2-1.fc24.x86_64 evolution-devel-0:3.20.2-1.fc24.i686 evolution-devel-0:3.20.2-1.fc24.x86_64 evolution-devel-docs-0:3.20.2-1.fc24.noarch evolution-ews-0:3.20.2-1.fc24.i686 evolution-ews-0:3.20.2-1.fc24.x86_64 evolution-help-0:3.20.2-1.fc24.noarch evolution-mapi-0:3.20.1-1.fc24.i686 evolution-mapi-0:3.20.1-1.fc24.x86_64 evolution-mapi-devel-0:3.20.1-1.fc24.i686 evolution-mapi-devel-0:3.20.1-1.fc24.x86_64 evolution-perl-0:3.20.2-1.fc24.x86_64 evolution-pst-0:3.20.2-1.fc24.x86_64 evolution-rspam-0:0.6.0-13.fc24.x86_64 evolution-rss-1:0.3.95-7.fc24.x86_64 evolution-spamassassin-0:3.20.2-1.fc24.x86_64 evolution-tests-0:3.20.2-1.fc24.x86_64 fawkes-devenv-0:0.5.0-29.fc24.noarch ffgtk-plugin-evolution-0:0.8.6-18.fc24.x86_64 filezilla-0:3.17.0.1-1.fc24.x86_64 fityk-0:1.3.0-8.fc24.i686 fityk-0:1.3.0-8.fc24.x86_64 fityk-devel-0:1.3.0-8.fc24.i686 fityk-devel-0:1.3.0-8.fc24.x86_64 flim-0:1.14.9-10.fc24.noarch fmtools-tkradio-0:2.0.7-6.fc24.noarch folks-1:0.11.2-5.fc24.i686 folks-1:0.11.2-5.fc24.x86_64 folks-devel-1:0.11.2-5.fc24.i686 folks-devel-1:0.11.2-5.fc24.x86_64 folks-tools-1:0.11.2-5.fc24.i686 folks-tools-1:0.11.2-5.fc24.x86_64 frama-c-emacs-0:1.12-4.fc24.noarch freedink-0:108.4-3.fc24.x86_64 freedink-dfarc-0:3.12-4.fc24.x86_64 freedv-0:1.1-6.fc24.x86_64 fwbackups-0:1.43.5-2.fc24.noarch gadget-0:0.0.3-16.fc24.noarch gcl-emacs-0:2.6.12-5.fc24.noarch gcl-emacs-el-0:2.6.12-5.fc24.noarch gdm-1:3.20.1-1.fc24.i686 gdm-1:3.20.1-1.fc24.x86_64 gdm-devel-1:3.20.1-1.fc24.i686 gdm-devel-1:3.20.1-1.fc24.x86_64 geary-0:0.11.0-1.fc24.x86_64 giggle-0:0.7-22.fc24.i686 giggle-0:0.7-22.fc24.x86_64 giggle-devel-0:0.7-22.fc24.i686 giggle-devel-0:0.7-22.fc24.x86_64 gitso-0:0.6-13.fc24.noarch glabels-0:3.2.1-8.fc24.x86_64 gnome-calendar-0:3.20.2-1.fc24.x86_64 gnome-classic-session-0:3.20.1-1.fc24.noarch gnome-contacts-0:3.20.0-1.fc24.x86_64 gnome-initial-setup-0:3.20.1-1.fc24.x86_64 gnome-maps-0:3.20.1-1.fc24.i686 gnome-maps-0:3.20.1-1.fc24.x86_64 gnome-phone-manager-0:0.69-16.fc24.x86_64 gnome-phone-manager-telepathy-0:0.69-16.fc24.x86_64 gnome-shell-0:3.20.2-1.fc24.x86_64 gnome-shell-extension-alternate-tab-0:3.20.1-1.fc24.noarch gnome-shell-extension-apps-menu-0:3.20.1-1.fc24.noarch gnome-shell-extension-auto-move-windows-0:3.20.1-1.fc24.noarch gnome-shell-extension-background-logo-0:3.20.0-1.fc24.noarch gnome-shell-extension-calc-0:0-0.10.gite4f4ac5.fc24.noarch gnome-shell-extension-common-0:3.20.1-1.fc24.noarch gnome-shell-extension-drive-menu-0:3.20.1-1.fc24.noarch gnome-shell-extension-fedmsg-0:0.1.9-15.fc24.noarch gnome-shell-extension-gpaste-0:3.18.3-2.fc24.noarch gnome-shell-extension-iok-0:0.20160405-1.fc24.noarch gnome-shell-extension-launch-new-instance-0:3.20.1-1.fc24.noarch gnome-shell-extension-native-window-placement-0:3.20.1-1.fc24.noarch gnome-shell-extension-openweather-0:1- 0.18.20160325git8dd1696.fc24.noarch gnome-shell-extension-panel-osd-0:1- 0.13.20160325gite052ded.fc24.noarch gnome-shell-extension-pidgin-0:0-0.20.gitfb9dbfd.fc24.x86_64 gnome-shell-extension-places-menu-0:3.20.1-1.fc24.noarch gnome-shell-extension-pomodoro-0:0.11.3-1.fc24.x86_64 gnome-shell-extension-remove-bluetooth-icon-0:0.5.1-5.fc24.noarch gnome-shell-extension-remove-volume-icon-0:0.5.1-5.fc24.noarch gnome-shell-extension-screenshot-window-sizer-0:3.20.1-1.fc24.noarch gnome-shell-extension-simple-dock-0:0.1- 0.20150505git25c94bc.fc24.2.noarch gnome-shell-extension-user-theme-0:3.20.1-1.fc24.noarch gnome-shell-extension-window-list-0:3.20.1-1.fc24.noarch gnome-shell-extension-windowsNavigator-0:3.20.1-1.fc24.noarch gnome-shell-extension-workspace-indicator-0:3.20.1-1.fc24.noarch gnome-shell-theme-selene-0:3.4.0-11.fc24.noarch gnome-todo-0:3.20.2-1.fc24.x86_64 gnome-tweak-tool-0:3.20.1-1.fc24.noarch gnome-web-photo-0:0.10.5-9.fc24.x86_64 gnumed-0:1.4.8-6.fc24.noarch gnumed-doc-0:1.4.8-6.fc24.noarch gnumed-server-0:19.8-4.fc24.noarch gnuradio-0:3.7.9.1-3.fc24.i686 gnuradio-0:3.7.9.1-3.fc24.x86_64 gnuradio-devel-0:3.7.9.1-3.fc24.i686 gnuradio-devel-0:3.7.9.1-3.fc24.x86_64 gnuradio-doc-0:3.7.9.1-3.fc24.noarch gnuradio-examples-0:3.7.9.1-3.fc24.x86_64 gphotoframe-0:2.0.2-2.hg2084299dffb6.fc24.1.noarch gphotoframe-gss-0:2.0.2-2.hg2084299dffb6.fc24.1.noarch gqrx-0:2.5.3-3.fc24.x86_64 gr-air-modes-0:0-0.46.20160106git514414f6.fc24.i686 gr-air-modes-0:0-0.46.20160106git514414f6.fc24.x86_64 gr-air-modes-devel-0:0-0.46.20160106git514414f6.fc24.i686 gr-air-modes-devel-0:0-0.46.20160106git514414f6.fc24.x86_64 gr-air-modes-doc-0:0-0.46.20160106git514414f6.fc24.noarch gr-fcdproplus-0:0-0.22.20140920git1edbe523.fc24.i686 gr-fcdproplus-0:0-0.22.20140920git1edbe523.fc24.x86_64 gr-fcdproplus-devel-0:0-0.22.20140920git1edbe523.fc24.i686 gr-fcdproplus-devel-0:0-0.22.20140920git1edbe523.fc24.x86_64 gr-fcdproplus-doc-0:0-0.22.20140920git1edbe523.fc24.noarch gr-iqbal-0:0.37.2-19.fc24.i686 gr-iqbal-0:0.37.2-19.fc24.x86_64 gr-iqbal-devel-0:0.37.2-19.fc24.i686 gr-iqbal-devel-0:0.37.2-19.fc24.x86_64 gr-iqbal-doc-0:0.37.2-19.fc24.noarch gr-osmosdr-0:0.1.3-18.20141023git42c66fdd.fc24.i686 gr-osmosdr-0:0.1.3-18.20141023git42c66fdd.fc24.x86_64 gr-osmosdr-devel-0:0.1.3-18.20141023git42c66fdd.fc24.i686 gr-osmosdr-devel-0:0.1.3-18.20141023git42c66fdd.fc24.x86_64 gr-osmosdr-doc-0:0.1.3-18.20141023git42c66fdd.fc24.noarch gr-rds-0:0-0.21.20150513git201f32b.fc24.i686 gr-rds-0:0-0.21.20150513git201f32b.fc24.x86_64 gr-rds-devel-0:0-0.21.20150513git201f32b.fc24.i686 gr-rds-devel-0:0-0.21.20150513git201f32b.fc24.x86_64 gr-rds-doc-0:0-0.21.20150513git201f32b.fc24.noarch grass-0:7.0.3-1.fc24.x86_64 gtg-0:0.3.1-10.fc24.noarch gtkwhiteboard-0:1.3-11.fc24.noarch guake-0:0.8.4-1.fc24.noarch hugin-0:2016.0.0-1.fc24.i686 hugin-0:2016.0.0-1.fc24.x86_64 libopensync-plugin-evolution2-1:0.22-53.fc24.i686 libopensync-plugin-evolution2-1:0.22-53.fc24.x86_64 liferea-1:1.10.19-1.fc24.x86_64 londonlaw-0:0.3.0-0.3.pre2.fc24.noarch mMass-0:5.5.0-17.fc24.x86_64 mailnag-0:1.2.0-1.fc24.noarch memaker-0:20100110-10.fc24.noarch metamorphose2-0:0.8.2-8.fc24.noarch migemo-emacs-0:0.40-24.fc24.noarch migemo-xemacs-0:0.40-24.fc24.noarch mona-emacs-0:1.4r17-1.fc24.noarch nautilus-phatch-0:0.2.7-24.fc24.noarch nicotine+-0:1.2.16-12.fc24.noarch notify-python-0:0.1.1-30.fc24.x86_64 ocaml-emacs-0:4.02.3-3.fc24.x86_64 openstv-0:1.7-6.fc24.noarch ovirt-guest-agent-gdm-plugin-0:1.0.11-2.fc24.3.noarch peppy-0:0.16.0-8.fc24.noarch phatch-0:0.2.7-24.fc24.noarch plater-0:2015.03.10-4.fc24.noarch playonlinux-0:4.2.10-7.fc24.x86_64 poedit-0:1.8.7.1-1.fc24.x86_64 printrun-0:2015.03.10-4.fc24.x86_64 pronterface-0:2015.03.10-4.fc24.noarch protobuf-emacs-0:2.6.1-4.fc24.x86_64 protobuf-emacs-el-0:2.6.1-4.fc24.x86_64 psgml-0:1.2.5-20.fc24.noarch pulseaudio-gdm-hooks-0:8.0-6.fc24.x86_64 pyhoca-gui-0:0.5.0.5-2.fc24.noarch pymol-wxpython-0:1.8-3.20151208svn4142.fc24.x86_64 pyobd-0:0.9.3-1.fc24.noarch python-couchdbkit-0:0.6.5-5.fc24.noarch python-envisage-0:4.4.0-3.fc24.noarch python-ropemacs-0:0.7-6.fc24.noarch python-squaremap-0:1.0.3-5.fc24.noarch python2-apptools-0:4.4.0-3.fc24.noarch python2-matplotlib-wx-0:1.5.1-3.fc24.x86_64 python2-pyface-0:5.0.0-9.fc24.noarch python2-pyface-qt-0:5.0.0-9.fc24.noarch python2-pyface-wx-0:5.0.0-9.fc24.noarch python2-pyudev-wx-0:0.20.0-2.fc24.noarch python2-traitsui-0:5.0.0-4.fc24.noarch qgis-devel-0:2.14.0-2.fc24.i686 qgis-devel-0:2.14.0-2.fc24.x86_64 qgis-grass-0:2.14.0-2.fc24.i686 qgis-grass-0:2.14.0-2.fc24.x86_64 qgnomeplatform-0:0.1-5.fc24.i686 qgnomeplatform-0:0.1-5.fc24.x86_64 radiotray-0:0.7.3-6.fc24.noarch rapid-photo-downloader-0:0.4.11-3.fc24.noarch recutils-0:1.7-6.fc24.i686 recutils-0:1.7-6.fc24.x86_64 recutils-devel-0:1.7-6.fc24.i686 recutils-devel-0:1.7-6.fc24.x86_64 rubygem-webkit-gtk-0:3.0.8-1.fc24.noarch rubygem-webkit-gtk-doc-0:3.0.8-1.fc24.noarch rurple-0:1.0-0.13.rc3.fc24.noarch saga-0:2.2.4-1.fc24.i686 saga-0:2.2.4-1.fc24.x86_64 saga-devel-0:2.2.4-1.fc24.i686 saga-devel-0:2.2.4-1.fc24.x86_64 saga-python-0:2.2.4-1.fc24.x86_64 seed-0:3.8.1-7.fc24.i686 seed-0:3.8.1-7.fc24.x86_64 seed-devel-0:3.8.1-7.fc24.i686 seed-devel-0:3.8.1-7.fc24.x86_64 seed-doc-0:3.8.1-7.fc24.noarch sflphone-gnome-plugins-0:1.4.1-18.fc24.x86_64 shutter-0:0.93.1-2.fc24.noarch sidc-gui-0:0.4-6.fc24.noarch sk2py-0:0.1-14.fc24.noarch soundconverter-0:2.1.6-2.fc24.noarch spe-0:0.8.4.h-16.fc24.noarch specto-0:0.4.1-9.fc24.noarch sugar-browse-0:157.3-1.fc24.noarch surf-0:0.7-1.fc24.x86_64 synce-gnome-0:0.11-12.fc24.noarch syncevolution-1:1.5.1-9.fc24.x86_64 syncevolution-devel-1:1.5.1-9.fc24.i686 syncevolution-devel-1:1.5.1-9.fc24.x86_64 syncevolution-gtk-1:1.5.1-9.fc24.x86_64 syncevolution-libs-1:1.5.1-9.fc24.i686 syncevolution-libs-1:1.5.1-9.fc24.x86_64 syncevolution-libs-akonadi-1:1.5.1-9.fc24.x86_64 syncevolution-perl-1:1.5.1-9.fc24.x86_64 system-config-printer-0:1.5.7-8.fc24.x86_64 taskcoach-0:1.4.3-2.fc24.noarch timeline-0:1.10.0-1.fc24.noarch tmda-emacs-0:1.1.12-13.fc24.noarch tsung-0:1.6.0-1.fc24.x86_64 turpial-0:3.0-7.fc24.noarch uzbl-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-browser-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-core-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-defaults-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 uzbl-tabbed-0:0-0.39.20120514git228bc38cbd.fc24.x86_64 vfrnav-0:20160212-3.fc24.i686 vfrnav-0:20160212-3.fc24.x86_64 vfrnav-utils-0:20160212-3.fc24.x86_64 vfrnav-validatorservice-0:20160212-3.fc24.x86_64 vfrnav-webservice-0:20160212-3.fc24.x86_64 vfrnav-wetterdl-0:20160212-3.fc24.x86_64 wammu-0:0.40-3.fc24.noarch webkitgtk3-devel-0:2.4.11-1.fc24.i686 webkitgtk3-devel-0:2.4.11-1.fc24.x86_64 webkitgtk3-doc-0:2.4.11-1.fc24.noarch why3-emacs-0:0.87.0-3.fc24.noarch wicd-curses-0:1.7.3-2.fc23.noarch wicd-gtk-0:1.7.3-2.fc23.noarch wings-0:2.0.4-1.fc24.x86_64 winpdb-0:1.4.8-11.fc24.noarch wuja-0:0.0.8-16.fc24.noarch wxGTK3-0:3.0.2-19.fc24.i686 wxGTK3-0:3.0.2-19.fc24.x86_64 wxGTK3-devel-0:3.0.2-19.fc24.i686 wxGTK3-devel-0:3.0.2-19.fc24.x86_64 wxGTK3-docs-0:3.0.2-19.fc24.noarch wxGTK3-gl-0:3.0.2-19.fc24.i686 wxGTK3-gl-0:3.0.2-19.fc24.x86_64 wxGTK3-media-0:3.0.2-19.fc24.i686 wxGTK3-media-0:3.0.2-19.fc24.x86_64 wxGTK3-xmldocs-0:3.0.2-19.fc24.noarch wxGlade-0:0.7.2-1.fc24.noarch wxMaxima-0:15.08.2-2.fc24.x86_64 wxPython-0:3.0.2.0-10.fc24.x86_64 wxPython-devel-0:3.0.2.0-10.fc24.i686 wxPython-devel-0:3.0.2.0-10.fc24.x86_64 wxPython-docs-0:3.0.2.0-10.fc24.noarch wxsqlite3-0:3.3.2-0.1gitb05867d.fc24.i686 wxsqlite3-0:3.3.2-0.1gitb05867d.fc24.x86_64 wxsqlite3-devel-0:3.3.2-0.1gitb05867d.fc24.i686 wxsqlite3-devel-0:3.3.2-0.1gitb05867d.fc24.x86_64 xemacs-tuareg-0:2.0.10-0.2.1c837e26.fc24.noarch xiphos-gtk3-0:4.0.4-3.fc24.x86_64 xylib-0:1.4-8.fc24.i686 xylib-0:1.4-8.fc24.x86_64 xylib-devel-0:1.4-8.fc24.i686 xylib-devel-0:1.4-8.fc24.x86_64 yaws-0:2.0-2.fc24.x86_64 yaws-devel-0:2.0-2.fc24.i686 yaws-devel-0:2.0-2.fc24.x86_64
Hello , What is the status of this proposal ? or where/how I can follow the status ? My biggest concern is about wxGTK3 some package depend on it, also in 3rd part repos and gimp !
dnf-3 --disablerepo='*' --enablerepo=rawhide repoquery --whatrequires webkitgtk --alldeps --qf "%{repoid} %{sourcerpm}" --available rawhide banshee-2.6.2-15.fc24.src.rpm rawhide claws-mail-3.14.0-1.fc26.src.rpm rawhide compat-wxGTK3-gtk2-3.0.2-7.fc24.src.rpm rawhide geany-plugins-1.28-1.fc26.src.rpm rawhide ghc-webkit-0.14.1.1-2.fc25.src.rpm rawhide gimp-2.8.18-1.fc25.src.rpm rawhide gnucash-2.6.13-1.fc25.src.rpm rawhide gphpedit-0.9.98-0.11.RC1.fc24.src.rpm rawhide guitarix-0.35.0-2.fc25.src.rpm rawhide gyachi-1.2.11-14.fc24.src.rpm rawhide kazehakase-0.5.8-20.svn3873_trunk.fc24.1.src.rpm rawhide lekhonee-gnome-0.12-9.fc24.src.rpm rawhide midori-0.5.11-2.fc24.src.rpm rawhide osmo-0.2.12-0.8.svn924.fc25.4.src.rpm rawhide perl-Gtk2-WebKit-0.09-16.fc25.src.rpm rawhide pywebkitgtk-1.1.8-12.fc25.src.rpm rawhide techne-0.2.3-18.fc24.src.rpm rawhide webkit-sharp-0.3-17.fc24.src.rpm rawhide webkitgtk-2.4.11-3.fc25.src.rpm rawhide xiphos-4.0.4-4.fc25.src.rpm
dnf-3 --disablerepo='*' --enablerepo=rawhide repoquery --whatrequires webkitgtk3 --alldeps --qf "%{repoid} %{sourcerpm}" --available rawhide balsa-2.5.2-3.fc24.src.rpm rawhide bijiben-3.21.2-2.fc25.src.rpm rawhide cairo-dock-plug-ins-3.4.1-9.fc25.src.rpm rawhide dwb-2015.10.09-2.20151009git.fc24.src.rpm rawhide emacs-25.1-1.fc26.src.rpm rawhide empathy-3.12.12-2.fc25.src.rpm rawhide evolution-rspam-0.6.0-15.fc25.src.rpm rawhide geary-0.11.2-1.fc26.src.rpm rawhide gnome-web-photo-0.10.5-9.fc24.src.rpm rawhide gphotoframe-2.0.2-2.hg2084299dffb6.fc25.2.src.rpm rawhide liferea-1.10.19-1.fc25.src.rpm rawhide rubygem-webkit-gtk-3.0.9-1.fc26.src.rpm rawhide seed-3.8.1-7.fc24.src.rpm rawhide surf-0.7-1.fc25.src.rpm rawhide uzbl-0-0.39.20120514git228bc38cbd.fc24.src.rpm rawhide webkitgtk3-2.4.11-3.fc25.src.rpm rawhide wxGTK3-3.0.2-23.fc26.src.rpm rawhide xiphos-4.0.4-4.fc25.src.rpm
Note that work is already in progress for some of the above. Active porting efforts are underway for Evolution (which will take care of the mass of evolution-data-server dependencies like gnome-shell and gdm), Geary, and Liferea. There are also stalled porting efforts for inactive projects like Empathy, Bijiben, and Midori; these efforts have significant progress and could easily be resurrected.
Question: What if we're not willing to remove packages?
Answer: Well, then we'll just have to watch the count of unfixed remote code execution vulnerabilities increase forever, because there's no chance all of the above packages will be ported; we could set the deadline 10 years in the future and it still wouldn't happen. If we decide we're not willing to remove packages, I would suggest renaming the WebKit packages to webkitgtk-insecure and webkitgtk3-insecure to clarify the situation.
Question: :(
Answer: _(ツ)_/
Michael
Best regards,
On Fri, 23 Sep 2016, Sérgio Basto wrote:
Hello , What is the status of this proposal ? or where/how I can follow the status ? My biggest concern is about wxGTK3 some package depend on it, also in 3rd part repos and gimp !
I'm working on porting wxGTK3 to WebKit2. If you want, you can follow the upstream ticket: http://trac.wxwidgets.org/ticket/17650
Also, I plan to create a separate wxGTK3 subpackage containing the webview library that actually uses WebKit. That way, some of these artificial transitive dependencies on WebKit should go away.
Scott
On Qui, 2016-09-22 at 20:37 -0400, Scott Talbert wrote:
On Fri, 23 Sep 2016, Sérgio Basto wrote:
Hello , What is the status of this proposal ? or where/how I can follow the status ? My biggest concern is about wxGTK3 some package depend on it, also in 3rd part repos and gimp !
I'm working on porting wxGTK3 to WebKit2. If you want, you can follow the upstream ticket: http://trac.wxwidgets.org/ticket/17650
Also, I plan to create a separate wxGTK3 subpackage containing the webview library that actually uses WebKit. That way, some of these artificial transitive dependencies on WebKit should go away.
Thanks.
Off topic, I already found (webkit1-removal) Port applications to WebKit2 bug tracker https://bugzilla.redhat.com/show_bug.cgi?id=1375784
Best regards,
Thanks for working on this Scott!
On Thu, 2016-09-22 at 20:37 -0400, Scott Talbert wrote:
Also, I plan to create a separate wxGTK3 subpackage containing the webview library that actually uses WebKit. That way, some of these artificial transitive dependencies on WebKit should go away.
To be clear: that means any wxGTK3 app that does not use the web view widget will be perfectly safe, and that's probably 95% of them.
Michael
On Thu, 22 Sep 2016, Michael Catanzaro wrote:
Thanks for working on this Scott!
On Thu, 2016-09-22 at 20:37 -0400, Scott Talbert wrote:
Also, I plan to create a separate wxGTK3 subpackage containing the webview library that actually uses WebKit. That way, some of these artificial transitive dependencies on WebKit should go away.
To be clear: that means any wxGTK3 app that does not use the web view widget will be perfectly safe, and that's probably 95% of them.
OK, so I created a wxGTK3-webview subpackage containing the library that currently depends on webkitgtk3. I also created a similar wxPython-webview subpackage for the wxPython module. (I grepped the code of all wxPython-dependent packages and found none of them using the webview module, so there should be nothing to do with them.)
After doing this, the number of packages recursively depending on webkitgtk3 went from 296 to 127!
Scott
-
Ben Boeckel -
Christian Stadelmann -
Igor Gnatenko -
Josh Boyer -
Kevin Fenzi -
Kevin Kofler -
Michael Catanzaro -
Milan Crha -
Richard W.M. Jones -
Scott Talbert -
Sérgio Basto