Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 340529

Summary: <net-libs/webkit-gtk-1.2.5: multiple vulnerabilities
Product: Gentoo Security Reporter: Pacho Ramos <pacho>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: gnome
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=627366
Whiteboard:
Package list:
Runtime testing required: ---
Attachments:
Description Flags
emerge info for x86 athlon
none
build log for webkit-gtk-1.2.5
none
my environment data webkit-gtk-1.2.5 none

Description Pacho Ramos gentoo-dev 2010-10-11 13:53:13 UTC 
They are explained at:
https://bugzilla.redhat.com/show_bug.cgi?id=627366

I think 1.2.5 should go stable soon (tested on amd64 with Gnome 2.30 and looks to work ok).


*webkit-gtk-1.2.5 (11 Oct 2010)

  11 Oct 2010; Pacho Ramos <pacho@gentoo.org> -webkit-gtk-1.2.1.ebuild,
  -files/webkit-gtk-1.2.1-icu-4.4.patch, +webkit-gtk-1.2.5.ebuild,
  metadata.xml:
  Version bump: fixes for CVE-2010-1780 CVE-2010-3113 CVE-2010-1814
  CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
  CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 CVE-2010-1781 CVE-2010-1782
  CVE-2010-1784 CVE-2010-1785 CVE-2010-1786 CVE-2010-1787 CVE-2010-1788
  CVE-2010-1790 CVE-2010-1792 CVE-2010-1793 CVE-2010-2648 CVE-2010-2647.
  Bump to EAPI3, add introspection support, drop libtool-1 compatibility
  hack that should no longer be needed, remove old.



Reproducible: Always
Comment 1 Gilles Dartiguelongue (RETIRED) gentoo-dev 2010-10-11 14:07:09 UTC 
btw, how does updating to 1.2.5 impacts bug #314193, bug #271861, bug #281819 and bug #271865 ?
Comment 2 Pacho Ramos gentoo-dev 2010-10-11 14:17:01 UTC 
(In reply to comment #1)
> btw, how does updating to 1.2.5 impacts bug #314193, bug #271861, bug #281819

I haven't located any upstream fix for these in webkit-gtk changelog, also looks fedora doesn't have any fix for them in their webkitgtk packages


> and bug #271865 ?
> 

I think this should be solved even with current stable, no? :-/
Comment 3 Geoff Madden 2010-10-24 00:01:45 UTC 
Created attachment 251741 [details]
emerge info for x86 athlon
Comment 4 Geoff Madden 2010-10-24 00:03:55 UTC 
Created attachment 251743 [details]
build log for webkit-gtk-1.2.5

It seems that the lib creating this problem is not installed into .lib
Comment 5 Geoff Madden 2010-10-24 00:04:59 UTC 
Created attachment 251745 [details]
my environment data webkit-gtk-1.2.5
Comment 6 Geoff Madden 2010-10-30 08:06:19 UTC 
Had another try at getting this one to compile,on my machine it takes about 3-4 hrs to get to the point that it stops compiling,with the above error not able to find libwebkit_gtk_1_0 . In desperation I went into /var/lib/net-libs/webkit ***** & tried to make sense of the Makefile,not able to pinpoint where the problem lay,so I typed make at which point the missing lib was created and compilation completed,so I installed same. The only hassle I now have is there is no log of completion ,so when I retry the emerge it insists on redoing webkit all over again,catch 22, So if there is a brilliant mind out there that can cure this compiling problem,I will be a very happy camper HIHIHI.

I probably should have raised another bug report,as this problem really doesn't relate to multiple vulnerabilities.
Comment 7 Nick Bowler 2010-11-30 20:19:42 UTC 
(In reply to comment #4)
> Created an attachment (id=251743) [details]
> build log for webkit-gtk-1.2.5
> 
> It seems that the lib creating this problem is not installed into .lib

This is bug 343249.
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-01-01 22:21:43 UTC 

*** This bug has been marked as a duplicate of bug 281819 ***