-
webkit2gtk (2.20.5-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.20.5 to fix security issues.
- CVE-2018-4246, CVE-2018-4261, CVE-2018-4262, CVE-2018-4263,
CVE-2018-4264, CVE-2018-4265, CVE-2018-4266, CVE-2018-4267,
CVE-2018-4270, CVE-2018-4272, CVE-2018-4273, CVE-2018-4278,
CVE-2018-4284, CVE-2018-12911
* debian/patches/fix-ftbfs-m68k.patch: refreshed with new version.
-- Marc Deslauriers <email address hidden> Wed, 15 Aug 2018 07:49:35 -0400
-
webkit2gtk (2.20.3-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.20.3 to fix security issues.
- CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222,
CVE-2018-4232, CVE-2018-4233, CVE-2018-12293
* debian/patches/fix-atomics-build.patch: refreshed with new version.
* debian/{rules,compat}: Show Ubuntu in user agent (LP: #1770868)
- Thanks to Jeremy Bicha for the patch!
-- Marc Deslauriers <email address hidden> Thu, 14 Jun 2018 13:06:02 -0400
-
webkit2gtk (2.20.2-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.20.2 to fix security issue.
- CVE-2018-4200
-- Marc Deslauriers <email address hidden> Mon, 07 May 2018 14:58:07 -0400
-
webkit2gtk (2.20.1-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.20.1 to fix multiple security issues. (LP: #1761289)
- CVE-2018-4101, CVE-2018-4113, CVE-2018-4114, CVE-2018-4117,
CVE-2018-4118, CVE-2018-4119, CVE-2018-4120, CVE-2018-4122,
CVE-2018-4125, CVE-2018-4127, CVE-2018-4128, CVE-2018-4129,
CVE-2018-4133, CVE-2018-4146, CVE-2018-4161, CVE-2018-4162,
CVE-2018-4163, CVE-2018-4165
* debian/patches/*.patch: refreshed.
* debian/rules: disable WOFF2, disabe GEOLOCATION.
* debian/libwebkit2gtk-4.0-37.symbols: updated for new version.
-- Marc Deslauriers <email address hidden> Fri, 27 Apr 2018 12:29:15 -0400
-
webkit2gtk (2.18.6-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.18.6 to fix multiple security issues.
- CVE-2017-7153, CVE-2017-7160, CVE-2017-7161, CVE-2017-7165,
CVE-2017-13884, CVE-2017-13885, CVE-2018-4088, CVE-2018-4096
-- Chris Coulson <email address hidden> Mon, 29 Jan 2018 20:44:08 +0000
-
webkit2gtk (2.18.5-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.18.5 to add Spectre mitigations.
- CVE-2017-5715, CVE-2017-5753
-- Marc Deslauriers <email address hidden> Wed, 10 Jan 2018 11:49:35 -0500
-
webkit2gtk (2.18.4-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.18.4 to fix multiple security issues.
- CVE-2017-7156, CVE-2017-13856, CVE-2017-13866, CVE-2017-13870.
* debian/patches/*.patch: refreshed.
* Set distributor name in User Agent string.
- debian/patches/user-agent-branding.patch: add optional distributor
string to user agent.
- debian/rules: set -DUSER_AGENT_GTK_DISTRIBUTOR_NAME.
-- Marc Deslauriers <email address hidden> Wed, 20 Dec 2017 09:27:01 -0500
-
webkit2gtk (2.18.3-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.18.3 to fix multiple security issues.
- CVE-2017-13783, CVE-2017-13784, CVE-2017-13785, CVE-2017-13788,
CVE-2017-13791, CVE-2017-13792, CVE-2017-13793, CVE-2017-13794,
CVE-2017-13795, CVE-2017-13796, CVE-2017-13798, CVE-2017-13802,
CVE-2017-13803
* debian/patches/*.patch: refreshed.
-- Marc Deslauriers <email address hidden> Tue, 14 Nov 2017 09:10:35 -0500
-
webkit2gtk (2.18.0-0ubuntu0.16.04.2) xenial-security; urgency=medium
* Updated to 2.18.0 to fix multiple security issues.
- CVE-2017-7087, CVE-2017-7089, CVE-2017-7090, CVE-2017-7091,
CVE-2017-7092, CVE-2017-7093, CVE-2017-7095, CVE-2017-7096,
CVE-2017-7098, CVE-2017-7100, CVE-2017-7102, CVE-2017-7104,
CVE-2017-7107, CVE-2017-7109, CVE-2017-7111, CVE-2017-7117,
CVE-2017-7120
* debian/control: add libtasn1-6-dev to BuildDepends.
* debian/rules: use USE_GSTREAMER_GL=OFF.
* debian/rules: use ENABLE_WEB_CRYPTO=OFF since libgcrypt is too old.
* debian/rules: don't use ENABLE_ASSEMBLER=0.
* debian/libwebkit2gtk-4.0-37.symbols: updated for new version.
-- Marc Deslauriers <email address hidden> Thu, 19 Oct 2017 12:42:09 -0400
-
webkit2gtk (2.16.6-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.16.6 to fix multiple security issues.
- CVE-2017-2538, CVE-2017-7018, CVE-2017-7030, CVE-2017-7034,
CVE-2017-7037, CVE-2017-7039, CVE-2017-7046, CVE-2017-7048,
CVE-2017-7052, CVE-2017-7055, CVE-2017-7056, CVE-2017-7061,
CVE-2017-7064
-- Marc Deslauriers <email address hidden> Mon, 31 Jul 2017 14:54:24 -0400
-
webkit2gtk (2.16.3-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.16.3 to fix multiple security issues.
- CVE-2017-2496
- CVE-2017-2510
- CVE-2017-2539
-- Marc Deslauriers <email address hidden> Thu, 25 May 2017 13:27:42 -0400
-
webkit2gtk (2.16.2-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream release (LP: #1690536)
* Drop patches applied in new release
- fix-google-login.patch
- fix-new-youtube.patch
-- Jeremy Bicha <email address hidden> Sat, 13 May 2017 18:02:53 -0400
-
webkit2gtk (2.16.1-0ubuntu0.16.04.2) xenial; urgency=medium
* Add fix-google-login.patch:
- Backport from 2.16.2 to fix Google login in Epiphany, GNOME Online
Accounts, etc. (LP: #1687019)
* Add fix-new-youtube.patch:
- Backport from 2.16.2 to fix the new (May 2017 opt-in) YouTube
-- Jeremy Bicha <email address hidden> Tue, 09 May 2017 09:58:46 -0400
-
webkit2gtk (2.16.1-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.16.1 to fix multiple security issues.
- debian/patches/*: refreshed.
- debian/control: add libgcrypt20-dev to BuildDepends, removed
libgnutls28-dev.
- libwebkit2gtk-4.0-37.symbols: updated for new version.
-- Marc Deslauriers <email address hidden> Fri, 07 Apr 2017 13:20:52 -0400
-
webkit2gtk (2.14.5-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.14.5 to fix multiple security issues.
-- Marc Deslauriers <email address hidden> Wed, 15 Feb 2017 07:08:10 -0500
-
webkit2gtk (2.14.3-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.14.3 to fix multiple security issues.
-- Marc Deslauriers <email address hidden> Thu, 02 Feb 2017 07:59:13 -0500
-
webkit2gtk (2.14.2-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.14.2 to fix multiple security issues.
- debian/patches/install-minibrowser.patch: removed, no longer needed.
- debian/rules: set -DENABLE_MINIBROWSER=ON.
- debian/patches/fix-ftbfs-m68k.patch: removed, not needed in Ubuntu.
- debian/patches/fix-ftbfs-armel.patch: fix FTBFS.
- debian/libjavascriptcoregtk-4.0-bin.install: install the jsc executable
in /usr/bin.
- debian/libwebkit2gtk-4.0-37.symbols: updated for new version.
-- Marc Deslauriers <email address hidden> Fri, 06 Jan 2017 08:49:55 -0500
-
webkit2gtk (2.12.5-0ubuntu0.16.04.1) xenial-security; urgency=medium
* Updated to 2.12.5 to fix multiple security issues.
- debian/patches/hide-gtk2-plugins.patch: removed, upstream.
-- Marc Deslauriers <email address hidden> Mon, 12 Sep 2016 09:16:39 -0400
-
webkit2gtk (2.10.9-1ubuntu1) xenial; urgency=medium
* Merge with Debian unstable. Remaining changes:
+ Build with GeoClue 1, which is what we still use in Ubuntu.
webkit2gtk (2.10.9-1) unstable; urgency=medium
* New upstream release.
-- Iain Lane <email address hidden> Wed, 23 Mar 2016 18:09:37 +0000
-
webkit2gtk (2.10.8-1ubuntu1) xenial; urgency=low
* Build with GeoClue 1, which is what we still use in Ubuntu.
webkit2gtk (2.10.8-1) unstable; urgency=high
* New upstream release. This fixes CVE-2016-1726 (Closes: #802380).
* Allow building the package with debhelper < 9.20151219. This won't
produce any debug packages (since they are automatically generated
now), but it can be useful for backports.
+ debian/control:
- Revert build dependency on debhelper back to >= 9.
+ debian/rules:
- Don't make dh_strip fail if it doesn't support --ddeb-migration.
* debian/rules:
+ The list of architectures in which the debug packages are causing
problems continues to grow, so let's try the opposite approach: we
build by default using -g1 except in the cases where we know that
-g works fine (amd64, ppc64, ppc64el).
+ Enable all hardening flags.
* debian/patches/fix-ftbfs-m68k.patch:
+ Enclose the changes to the compile assertions inside an #ifdef block
so they only apply to m68k.
* debian/patches/fix-ftbfs-alpha.patch:
+ Fix FTBFS in alpha (Closes: #815124).
* debian/patches/fix-ftbfs-sparc64.patch:
+ Add patch metadata.
* debian/source/lintian-overrides:
+ Update overrides so the latest lintian doesn't give more
source-is-missing false positives.
* debian/control:
+ Bump Standards-Version to 3.9.7; no changes needed.
+ Use secure URIs for the Vcs-* fields.
-- Iain Lane <email address hidden> Tue, 15 Mar 2016 10:59:14 +0000
-
webkit2gtk (2.10.6-1ubuntu1) xenial; urgency=medium
* Build with GeoClue 1, which is what we still use in Ubuntu.
-- Iain Lane <email address hidden> Fri, 12 Feb 2016 15:05:47 +0000
-
webkit2gtk (2.10.6-1) unstable; urgency=medium
* New upstream release.
-- Alberto Garcia <email address hidden> Wed, 27 Jan 2016 16:48:08 +0200
-
webkit2gtk (2.10.5-1) unstable; urgency=high
* New upstream release. Fixes CVE-2015-7096 and CVE-2015-7098.
This release doesn't contain any non-DFSG files in the original
tarball, so we can ship it as-is and remove the +dfsg suffix from the
Debian version.
+ debian/watch:
- Remove the 'dversionmangle' option.
+ debian/rules:
- Remove the get-orig-source target.
- Don't generate (and clean) jquery.min.js.
+ debian/control:
- Remove build dependency on slimit.
+ debian/jquery-1.9.1.js:
- Remove.
* debian/patches/fix-ftbfs-sparc64.patch:
+ Fix FTBFS on sparc64 (Closes: #806816).
* debian/rules:
+ Don't pass -DENABLE_YARR_JIT=0, passing -DENABLE_JIT=OFF already
takes care of that.
+ Remove EXTRA_DH_ARGUMENTS, this is no longer being used.
* debian/watch:
+ Only scan releases from the stable branches.
* Migrate to automatic -dbgsym packages:
+ debian/control:
- Remove the entries for libjavascriptcoregtk-4.0-18-dbg and
libwebkit2gtk-4.0-37-dbg.
- Require debhelper >= 9.20151219.
+ debian/rules:
- Replace --dbg-package with --ddeb-migration in dh_strip.
* debian/copyright:
+ Update copyright years.
+ Remove mentions to jquery (which is no longer included) and
FontWithNoValidEncoding.fon, which is a regular font in the FON file
format.
-- Alberto Garcia <email address hidden> Thu, 21 Jan 2016 14:26:30 +0200
-
webkit2gtk (2.10.4+dfsg1-1) unstable; urgency=medium
* New upstream release.
* debian/patches/install-minibrowser.patch:
+ Refresh.
* webkit2gtk includes a binary called WebKitPluginProcess2 that allows
loading plugins that depend on GTK+2, like Adobe Flash or Google
Hangouts. This however has the side effect of requiring GTK+2 and all
its dependencies. We're moving the WebKitPluginProcess2 to a separate
package so users that don't need any of those plugins don't need to
install GTK+2 (Closes: #804412).
+ debian/control:
- Add the entry for the new libwebkit2gtk-4.0-37-gtk2 package.
+ debian/rules:
- Run dh_strip on the new package as well.
+ debian/patches/hide-gtk2-plugins.patch:
- Hide plugins if the plugin process is not available.
+ debian/libwebkit2gtk-4.0-37-gtk2.install:
- Install WebKitPluginProcess2.
+ debian/libwebkit2gtk-4.0-37.install:
- Remove WebKitPluginProcess2.
+ debian/NEWS:
- Add news item about the new package.
-- Alberto Garcia <email address hidden> Thu, 12 Nov 2015 23:10:53 +0200
-
webkit2gtk (2.10.3+dfsg1-1) unstable; urgency=medium
* New upstream release.
* debian/rules:
+ The size of the webkit2gtk -dbg packages is huge and has been a
source of headaches in many architectures that cannot build them or
deal with them easily. Our current approach has been to disable them
completely for those architectures. For this release we'll build
them again but using -g1 instead, which produces _way_ smaller files
that are still useful for backtraces.
+ Use -g1 for mips64el as well.
+ Build using -DG_DISABLE_CAST_CHECKS when not in debug mode.
* debian/control:
+ Drop the gir1.2-gtk* and gir1.2-soup* build dependencies, they are
already being pulled by libgtk*-dev and libsoup*-dev.
+ Make libegl1-mesa-dev an explicit requirement in all architectures,
it's necessary for the Wayland target.
-- Alberto Garcia <email address hidden> Mon, 26 Oct 2015 14:41:33 +0200
-
webkit2gtk (2.10.2+dfsg1-1) unstable; urgency=medium
* New upstream release.
* debian/rules:
+ Don't build debug packages in arm64, it kills the buildd.
-- Alberto Garcia <email address hidden> Thu, 15 Oct 2015 13:36:30 +0300
-
webkit2gtk (2.8.5+dfsg1-3) unstable; urgency=medium
* debian/rules:
+ Do not run dh_builddeb in parallel, it is very I/O intensive for
some buildds.
-- Alberto Garcia <email address hidden> Thu, 10 Sep 2015 15:01:57 +0300
