webkit2-gtk: multiple CVEs; fixed in 2.34.4

[blair (Blair Zajac)]

Multiple CVEs are fixed in 2.34.4: ​https://webkitgtk.org/security/WSA-2022-0001.html

Found this from my Ubuntu system:

webkit2gtk (2.34.4-0ubuntu0.20.04.1) focal-security; urgency=medium

 * Updated to 2.34.4 to fix security issues.
   - CVE-2021-30934, CVE-2021-30936, CVE-2021-30951, CVE-2021-30952,
     CVE-2021-30953, CVE-2021-30954, CVE-2021-30984

-- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Wed, 26 Jan 2022 07:22:38 -0500

[kencu (Ken)]

the nix project has been trying to keep a version of this current for darwin.

they grabbed all our patches a few years ago, and may have updated it since.

worth looking there at their current offering and patches, as it is a rather more difficult port to update I thought.

[mascguy (Christopher Nielsen)]

Replying to kencu:

the nix project has been trying to keep a version of this current for darwin.

they grabbed all our patches a few years ago, and may have updated it since.

worth looking there at their current offering and patches, as it is a rather more difficult port to update I thought.

Great idea, as I'm currently working on reconciling our various patches against the latest upstream release. Thanks for the heads-up Ken!

[kencu (Ken)]

looks like nix has been bogged down for several years trying to update this on darwin

​https://github.com/NixOS/nixpkgs/pull/126101

[Dave-Allured (Dave Allured)]

See main discussion of update for webkit2-gtk in #65492. This ticket #64554 should probably be closed as duplicate.

[mascguy (Christopher Nielsen)]

Replying to Dave-Allured:

See main discussion of update for webkit2-gtk in #65492. This ticket #64554 should probably be closed as duplicate.

Closing this older ticket as a duplicate, per Dave's recommendation.