© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Retroactive review for package: src:wpebackend-fdo (for Jammy LTS, 1.12.0-1)
[Summary]
src:wpebackend-fdo has already been promoted to "main" in Kinetic+ and the changes between v1.12.0 (Jammy) to v.1.14.0 (Kinetic+) are minimal (see #2). I'll build upon @didrocks' original MIR review (see comment #2) and double-check the current state. If not state otherwise, the review from comment #2 still holds true for this older version in Jammy LTS.
MIR team ACK under the constraint to resolve the below listed
required TODOs and as much as possible having a look at the
recommended TODOs.
This does not need a security review (again)
List of specific binary packages to be promoted to main: libwpebackend-
Specific binary packages built, but NOT to be promoted to main: <None>
Notes:
#0 This does not need a security review again, it was already done for v1.12.0-1 (see comment #4), also the changes from 1.12.0..1.14.0 are minimal (and requested to be SRUed, see #2). The higher-level src:webkit2gtk component, making use of this backend, is also using the same v2.38.3 upstream version in all current series (Focal++). No new CVEs or relevant bug reports, as of 2023-01-10.
Required TODOs:
#1 libwpe Jammy MIR dependency (LP: #1973031)
#2 please SRU the two fixes/commits included in 1.14.0 back into Jammy (fixing a double-free and a SIGSEV), as those could have security implications. Other than that, I see no relevant difference (packaging or upstream alike): https:/
#3 please provide links to the higher-level component test, covering wpebackend-fdo or provide some autopkgtests or manual testing story (see #4)
Recommended TODOs:
#4 Improve the testing story (is there anything quick that we could do ourselves)?
- buildtime/unit-test have been requested upstream, but no activity so far: https:/
- runtime/