Bug#876940: boinc: Depends on libwxgtk-webview3.0-0v5 which depends on webkit1
Christian Beer
christian.beer at posteo.de
Wed Sep 27 09:21:03 UTC 2017
There is already an upstream PR [1] that replaces wxWebView with
wxHtmlWindow. Maybe it's better to wait a bit for the PR and then use
this to patch 7.8.2 on Debian?
[1] https://github.com/BOINC/boinc/pull/2093
MfG / Regards
Christian
Am 27.09.2017 um 02:27 schrieb Olly Betts:
> Package: boinc
> Version: 7.8.2+dfsg-3
> Severity: serious
> Tags: sid buster patch
> User: pkg-webkit-maintainers at lists.alioth.debian.org
> Usertags: oldlibs libwebkitgtk-1.0-0 webkit1
> Control: block 790222 by -1
>
> boinc-manager depends on libwxgtk-webview3.0-0v5 which
> depends on libwxgtk-webview3.0-0v5 which depends on
> libwebkitgtk-1.0-0. libwebkitgtk-1.0-0 is the old webkitgtk library
> that suffers from many reported CVEs that have been fixed in
> libwebkit2gtk-4.0-37 (src: webkit2gtk ). The pkg-webkit maintainers
> do not intend to release Debian 10 "Buster" with libwebkitgtk-1.0-0.
>
> boinc-manager is the only reverse dependency of libwxgtk-webview3.0-0v5,
> and apparently will soon be the only package blocking removal of webkit1.
>
> I've attached a patch which changes boinc-manager to use wxHtmlWindow
> instead of wxWebView. I can build the package with this patch applied,
> but I don't know boinc well enough to usefully test its functionality.
> wxHtmlWindow is not a full-featured web browser, but hopefully this
> gives a usable application - please test it out.
>
> Cheers,
> Olly
>
>
>
More information about the pkg-boinc-devel
mailing list