gimp optionally requires a vulnerable and dead webkit-gtk slot. We want to remove that old versions (as other distributions are doing) and, then, we would need to get gimp relying on external browser instead of this webkit one Thanks
Do we need anything more downstream?: commit 7cb09f8d234d4fd0e6effdb55b777470dc954908 Author: Sebastian Pipping <sping@g.o> Date: Wed Feb 8 15:05:49 2017 +0100 media-gfx/gimp: Move torwards --without-webkit for security (bug #608600) Package-Manager: Portage-2.3.3, Repoman-2.3.1 media-gfx/gimp/gimp-2.8.14-r3.ebuild | 170 +++++++++++++++++++++++++++++++ media-gfx/gimp/gimp-2.8.16-r2.ebuild | 170 +++++++++++++++++++++++++++++++ media-gfx/gimp/gimp-2.8.18-r1.ebuild | 169 +++++++++++++++++++++++++++++++ media-gfx/gimp/gimp-2.9.2-r3.ebuild | 188 ++++++++++++++++++++++++++++++++++ media-gfx/gimp/gimp-2.9.4-r2.ebuild | 191 +++++++++++++++++++++++++++++++++++ media-gfx/gimp/gimp-9999.ebuild | 7 +- 6 files changed, 891 insertions(+), 4 deletions(-) https://github.com/gentoo/gentoo/commit/7cb09f8d234d4fd0e6effdb55b777470dc954908
PS: Here's an overview of the new situation: $ grep -E "use_with webkit|--without-webkit" *.ebuild gimp-2.8.14-r2.ebuild: $(use_with webkit) \ gimp-2.8.14-r3.ebuild: --without-webkit \ gimp-2.8.16-r1.ebuild: $(use_with webkit) \ gimp-2.8.16-r2.ebuild: --without-webkit \ gimp-2.8.18.ebuild: $(use_with webkit) \ gimp-2.8.18-r1.ebuild: --without-webkit \ gimp-2.9.2-r2.ebuild: $(use_with webkit) \ gimp-2.9.2-r3.ebuild: --without-webkit \ gimp-2.9.4-r1.ebuild: $(use_with webkit) \ gimp-2.9.4-r2.ebuild: --without-webkit \ gimp-9999.ebuild: --without-webkit \
Upstream notified at https://bugzilla.gnome.org/show_bug.cgi?id=778343 .
All done in our side, I guess upstream will update to webkit-gtk:4 when they finish the port to gtk3 :/ If possible, try to stabilize the versions not requiring old webkit-gtk as soon as possible and clean old ebuilds Thanks! :)