Review Request 129233: [kdelibs] Make Qt4 WebKit optional (default on)

Andreas Sturmlechner andreas.sturmlechner at gmail.com
Thu Oct 19 22:13:26 BST 2017



> On Dec. 13, 2016, 9:11 p.m., Albert Astals Cid wrote:
> > I honestly can't see how this would count as "bugfix".
> 
> Heiko Becker wrote:
>     I see it as a security fix, considering that even Qt5Webkit is probably affected by a three digit number of security issues in its old Webkit and that Qt4Webkit is even based on an older version of Webkit. Especially with the above mentioned htmlthumbnailer the attack surface is possible rather huge and in addition not even that obvious to the unsuspecting user.
>     
>     Anyway I have applied this downstream and kicked out htmlthumbnailer from kde-runtime.

One last ping before close - we've been applying this downstream since 4.14.22 without issues (in fact people have had it enabled or disabled via use flag depending on their setups and provided valuable testing), and not a single bug was raised. Obviously with this flag it is the job of the packagers to determine if they have any qtwebkit reverse-dependencies left, but by default nothing changes.


- Andreas


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129233/#review101423
-----------------------------------------------------------


On Dec. 11, 2016, 3:07 p.m., Andreas Sturmlechner wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/129233/
> -----------------------------------------------------------
> 
> (Updated Dec. 11, 2016, 3:07 p.m.)
> 
> 
> Review request for kdelibs.
> 
> 
> Repository: kdelibs
> 
> 
> Description
> -------
> 
> Provide a switch for distributions to disable build of kdewebkit and
> kdewebkit-widgets, to support efforts on getting rid of Qt4 WebKit.
> 
> The implications of this for KDE Applications packages are, at this
> point (16.12.0), negligible:
> 
> kde-runtime/drkonqi
> kde-runtime/kioslave (htmlthumbnail, removable with little effort, probably no reverse dep left)
> kde-runtime/plasma (no reverse deps left)
> pykde4 (with rdep: kajongg)
> 
> 
> Diffs
> -----
> 
>   CMakeLists.txt f1266655c512474626b68565a2830dae5828bf57 
>   kdewidgets/CMakeLists.txt 51536017ac0a3a86e164e30b80840a89aa3a8248 
>   plasma/CMakeLists.txt b9214388d72122ae9c5709b6956a8b8e13ccd3aa 
> 
> 
> Diff: https://git.reviewboard.kde.org/r/129233/diff/1/
> 
> 
> Testing
> -------
> 
> 
> Thanks,
> 
> Andreas Sturmlechner
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20171019/4a0572e7/attachment.htm>


More information about the kde-core-devel mailing list