[SRU] New stable release 2.4.8

Hello Iain, or anyone else affected,

Accepted webkitgtk into utopic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/webkitgtk/2.4.8-1ubuntu1~ubuntu14.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Hello Iain, or anyone else affected,

Accepted webkitgtk into trusty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/webkitgtk/2.4.8-1ubuntu1~ubuntu14.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

I have been using the packages from trusty-proposed for about a month and have not experienced any regressions in unity-control-center, rhythmbox, shotwell, yelp, zenity.

This bug was fixed in the package webkitgtk - 2.4.8-1ubuntu1~ubuntu14.04.1

---------------
webkitgtk (2.4.8-1ubuntu1~ubuntu14.04.1) trusty; urgency=medium

  * Merge with Utopic / unstable for Trusty SRU (LP: #1415577).
  * Reverted unwanted changes from utopic:
    - debian/control:
      + Require make 4.0, which is the version that can make parallel builds
        of webkitgtk.
      + Build depend on libegl1-mesa-dev and libgles2-mesa-dev on armel and
        armhf.
    - debian/patches/x32_support.patch:
      + Fix FTBFS in x32
    - debian/patches/local-label-string-hurd.patch:
      + Fix FTBFS in hurd-i386.
    - Drop gir1.2-javascriptcore-1.0 and gir1.2-webkit-1.0.
     - debian/patches/fix-mips64-build.patch:
      + Fix mips64 build.
    - Make all gir and -dev packages multi-arch compliant
    - Don't build -dbg packages if we don't have debugging symbols

webkitgtk (2.4.8-1ubuntu1~ubuntu14.10.1) utopic; urgency=medium

  * Merge with vivid / unstable for SRU (LP: #1415577), reverting changes that
    aren't wanted:
    - Don't build -dbg packages if we don't have debugging symbols
    - Make all gir and -dev packages multi-arch compliant

webkitgtk (2.4.8-1ubuntu1) vivid; urgency=medium

  * Merge with Debian, remaining changes:
    - bugzilla_clear_surface.patch: Take patch to fix upstream bug#123480
      which was a crash affecting software-center in Ubuntu.
    - Stick on geoclue 1 for now, the new version isn't in main and a
      transition plan needs to be worked out, for example for how to integrate
      the Ubuntu GeoIP service.

webkitgtk (2.4.8-1) unstable; urgency=medium

  * New upstream release, which includes some of the patches already
    available in Debian plus security fixes for CVE-2014-1344,
    CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387,
    CVE-2014-1388, CVE-2014-1389 and CVE-2014-1390.
  * debian/patches/dfg-jit.patch,
    debian/patches/enable_llint.patch,
    debian/patches/flash-crash.patch,
    debian/patches/local-label-string-hurd.patch,
    debian/patches/no-ssl-record-version.patch,
    debian/patches/nullptr-applystylecommand.patch,
    debian/patches/protect-document.patch,
    debian/patches/touch-event.patch:
     + Remove.
  * debian/patches/fix-ftbfs-pluginpackage.patch:
    + Fix FTBFS.

webkitgtk (2.4.8-0ubuntu1) vivid; urgency=medium

  * New upstream release.
  * Drop patches from 2.4.7-3 which are applied upstream in this release:
    - dfg-jit.patch
    - enable_llint.patch
    - local-label-string-hurd.patch
    - x32_support.patch
    - touch-event.patch
    - flash-crash.patch
    - no-ssl-record-version.patch
    - protect-document.patch
    - nullptr-applystylecommand.patch
  * debian/patches/no-pluginnone.patch: Don't define symbols twice when
    building with both X11 and wayland support.

webkitgtk (2.4.7-3) unstable; urgency=medium

  * debian/patches/ppc64-align.patch:
    + Fix crash in ppc64el (Closes: #762670).
  * debian/patches/no-ssl-record-version.patch:
    + Don't use a SSL3.0 record version in client hello.
  * debian/patches/protect-document.patch:
    + Protect Document in ProcessingInstruction::setXSLStyleSheet(). This
      is a security fix...

The verification of the Stable Release Update for webkitgtk has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

The fix for this bug has been awaiting testing feedback in the -proposed repository for utopic for more than 90 days. Please test this fix and update the bug appropriately with the results. In the event that the fix for this bug is still not verified 15 days from now, the package will be removed from the -proposed repository.

Did some brief checking myself for Utopic, seems fine.

This bug was fixed in the package webkitgtk - 2.4.8-1ubuntu1~ubuntu14.10.1

---------------
webkitgtk (2.4.8-1ubuntu1~ubuntu14.10.1) utopic; urgency=medium

  * Merge with vivid / unstable for SRU (LP: #1415577), reverting changes that
    aren't wanted:
    - Don't build -dbg packages if we don't have debugging symbols
    - Make all gir and -dev packages multi-arch compliant

webkitgtk (2.4.8-1ubuntu1) vivid; urgency=medium

  * Merge with Debian, remaining changes:
    - bugzilla_clear_surface.patch: Take patch to fix upstream bug#123480
      which was a crash affecting software-center in Ubuntu.
    - Stick on geoclue 1 for now, the new version isn't in main and a
      transition plan needs to be worked out, for example for how to integrate
      the Ubuntu GeoIP service.

webkitgtk (2.4.8-1) unstable; urgency=medium

  * New upstream release, which includes some of the patches already
    available in Debian plus security fixes for CVE-2014-1344,
    CVE-2014-1384, CVE-2014-1385, CVE-2014-1386, CVE-2014-1387,
    CVE-2014-1388, CVE-2014-1389 and CVE-2014-1390.
  * debian/patches/dfg-jit.patch,
    debian/patches/enable_llint.patch,
    debian/patches/flash-crash.patch,
    debian/patches/local-label-string-hurd.patch,
    debian/patches/no-ssl-record-version.patch,
    debian/patches/nullptr-applystylecommand.patch,
    debian/patches/protect-document.patch,
    debian/patches/touch-event.patch:
     + Remove.
  * debian/patches/fix-ftbfs-pluginpackage.patch:
    + Fix FTBFS.

webkitgtk (2.4.8-0ubuntu1) vivid; urgency=medium

  * New upstream release.
  * Drop patches from 2.4.7-3 which are applied upstream in this release:
    - dfg-jit.patch
    - enable_llint.patch
    - local-label-string-hurd.patch
    - x32_support.patch
    - touch-event.patch
    - flash-crash.patch
    - no-ssl-record-version.patch
    - protect-document.patch
    - nullptr-applystylecommand.patch
  * debian/patches/no-pluginnone.patch: Don't define symbols twice when
    building with both X11 and wayland support.

webkitgtk (2.4.7-3) unstable; urgency=medium

  * debian/patches/ppc64-align.patch:
    + Fix crash in ppc64el (Closes: #762670).
  * debian/patches/no-ssl-record-version.patch:
    + Don't use a SSL3.0 record version in client hello.
  * debian/patches/protect-document.patch:
    + Protect Document in ProcessingInstruction::setXSLStyleSheet(). This
      is a security fix, see https://codereview.chromium.org/579133004.
  * debian/patches/nullptr-accessibilitymenulistoption.patch:
    + Check for NULL pointers in AccessibilityMenuListOption.
  * debian/patches/nullptr-applystylecommand.patch:
    + Check for NULL pointer in ApplyStyleCommand.
  * debian/patches/nullptr-frameprogresstracker.patch:
    + Check for NULL pointer in FrameProgressTracker.
  * debian/patches/render-text-control.patch:
    + Check for NULL pointer in SearchInputType.
  * debian/patches/ax-focus-events.patch:
    + Fix accessible focus events in non-focused combo boxes.

webkitgtk (2.4.7-2ubuntu1) vivid; urgency=medium

  * Merge with Debian, remaining changes:
    - bugzilla_clear_surface.patch: Take patch to fix upstream bug#123480
      which was a crash affecting softwa...