Bug 1159329 - Latest update of webkit2gtk3 breaks HTML email replies in evolution
Latest update of webkit2gtk3 breaks HTML email replies in evolution
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: GNOME
Leap 15.1
Other Other
: P5 - None : Normal (vote)
: ---
Assigned To: Michael Gorse
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-12-17 06:32 UTC by Srinidhi B S
Modified: 2020-04-29 22:27 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Vertical line on the right when viewing the email (108.98 KB, image/png)
2019-12-19 08:24 UTC, Srinidhi B S
Details
Vertical lines on the right when replying to the email (118.32 KB, image/png)
2019-12-19 08:26 UTC, Srinidhi B S
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Srinidhi B S 2019-12-17 06:32:23 UTC
Latest webkit2gtk3 security update (bug#1155321 and bug#1156318) released for openSUSE Leap 15.1, breaks when replying to HTML formatted email in evolution. The message body of the reply message is empty. 

I only see this in the message source of the Sent email:

--=-Aa7GB+GqphYqbx/CUO7N
Content-Type: text/plain
Content-Transfer-Encoding: 7bit


--=-Aa7GB+GqphYqbx/CUO7N
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit


--=-Aa7GB+GqphYqbx/CUO7N--

I'm not able to ascertain if the issue is with libwebkit2gtk3 or evolution. If there are any debug steps that I could perform to help identify the root cause, then I would be happy to help. This issue is causing me to move away from Evolution when replying to HTML formatted email.
Comment 1 Michael Gorse 2019-12-18 17:20:16 UTC
Sorry for the trouble. Could you try the libwebkit2gtk-4_0-37 package at this repository?
https://download.opensuse.org/repositories/home:/mgorse:/branches:/GNOME:/STABLE:/3.26/openSUSE_Leap_15.0/
Comment 2 Yifan Jiang 2019-12-19 02:58:33 UTC
Hello Mike,

Thank you for looking into it. With a fully updated SLE-15-SP1, I can see the original issue. Then I tested your patch on the system, which works pretty well for me.
Comment 3 Srinidhi B S 2019-12-19 05:34:01 UTC
(In reply to Michael Gorse from comment #1)
> Sorry for the trouble. Could you try the libwebkit2gtk-4_0-37 package at
> this repository?
> https://download.opensuse.org/repositories/home:/mgorse:/branches:/GNOME:/
> STABLE:/3.26/openSUSE_Leap_15.0/

Thank you so much Michael for getting back so quickly! Unfortunately, I'm running openSUSE Leap 15.1 and hence, cannot use this repository. Could you please enable Leap 15.1 repository here?
Comment 4 Srinidhi B S 2019-12-19 08:23:40 UTC
Since I had to urgently reply to some important email, I chose to downgrade this RPM. I'm happy to report that HTML email replies are working.

But I'm observing an additional visuall artifact in the HTML rendered email - both during replying as well as when viewing the email. Vertical lines show up on the right side as well to illustrate the quoting level. This was not happening earlier.

Will attach screenshots.
Comment 5 Srinidhi B S 2019-12-19 08:24:36 UTC
Created attachment 826439 [details]
Vertical line on the right when viewing the email
Comment 6 Srinidhi B S 2019-12-19 08:26:25 UTC
Created attachment 826440 [details]
Vertical lines on the right when replying to the email
Comment 7 Yifan Jiang 2019-12-19 08:51:58 UTC
Hello Srinidhi,

I am not Mike, but for the build, I think it is fine to use the repository that Michael provided for Leap 15.0 even if you are on Leap 15.1. But I'll leave it to Michael's review.

For the vertical lines issue you mentioned, they are intended design:

https://gitlab.gnome.org/GNOME/evolution/commit/9dab83ed71e9afedea003307161a18797fb091e3

There were similar concerns on upstream. It will early cause an extremely narrow reading area when the quote level goes large. A newer version of evolution has got it improved by handling differently for the quote levels above 5. See:

https://gitlab.gnome.org/GNOME/evolution/issues/445

In addition, if there are other issues than the original bug report, would you kindly open another bug for a better track? Thank you!
Comment 10 Srinidhi B S 2019-12-23 09:11:00 UTC
(In reply to Yifan Jiang from comment #7)
> Hello Srinidhi,
> 
> I am not Mike, but for the build, I think it is fine to use the repository
> that Michael provided for Leap 15.0 even if you are on Leap 15.1. But I'll
> leave it to Michael's review.
> 

I'm completely aware that it is fine to install an RPM built for 15.0 on 15.1. The only reason I asked for a 15.1 repository was to ensure that this RPM doesn't get overwritten when the next set of updates are installed on my system.

(Interestingly, when I check the output "zypper info -t patch openSUSE-2019-2591 | grep Status", it returns "not needed" - because of the downgraded RPM.

Michael: I'm good with this repository and RPM update.

> For the vertical lines issue you mentioned, they are intended design:
> 
> https://gitlab.gnome.org/GNOME/evolution/commit/
> 9dab83ed71e9afedea003307161a18797fb091e3
> 
> There were similar concerns on upstream. It will early cause an extremely
> narrow reading area when the quote level goes large. A newer version of
> evolution has got it improved by handling differently for the quote levels
> above 5. See:
> 
> https://gitlab.gnome.org/GNOME/evolution/issues/445
> 
> In addition, if there are other issues than the original bug report, would
> you kindly open another bug for a better track? Thank you!

Thank you for sharing these links! 

My main concern was if the vertical lines are being added to the message body of the sent email. I was not aware that this was just the way email was being rendered or displayed inside Evolution.

I'm probably being a bit paranoid and mortified after sending a whole bunch of "blank emails" to some very important people - both internal and external! Hence, I'm asking these many questions. 

Soon after posting my comment, I sent a test email to my teammate to check if the email had the vertical lines. After he confirmed that there were no vertical lines on the right side of the email, I came here to update my comment and saw this update from you.

I'm very happy with the current fix. I can't wait to see this update on the regular update channel.
Comment 11 Zsolt KALMAR 2020-01-13 09:46:46 UTC
https://build.suse.de/request/show/208544 SLE-15 / webkit2gtk3
Comment 14 Swamp Workflow Management 2020-02-25 14:22:27 UTC
SUSE-SU-2020:0468-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1159329,1161719,1163809
CVE References: CVE-2019-8835,CVE-2019-8844,CVE-2019-8846,CVE-2020-3862,CVE-2020-3864,CVE-2020-3865,CVE-2020-3867,CVE-2020-3868
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Server 15-LTSS (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    webkit2gtk3-2.26.4-3.43.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    webkit2gtk3-2.26.4-3.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Swamp Workflow Management 2020-03-02 05:11:47 UTC
openSUSE-SU-2020:0278-1: An update that fixes 8 vulnerabilities is now available.

Category: security (important)
Bug References: 1159329,1161719,1163809
CVE References: CVE-2019-8835,CVE-2019-8844,CVE-2019-8846,CVE-2020-3862,CVE-2020-3864,CVE-2020-3865,CVE-2020-3867,CVE-2020-3868
Sources used:
openSUSE Leap 15.1 (src):    webkit2gtk3-2.26.4-lp151.2.12.1
Comment 17 Swamp Workflow Management 2020-04-29 10:17:24 UTC
SUSE-SU-2020:1135-1: An update that fixes 30 vulnerabilities is now available.

Category: security (important)
Bug References: 1155321,1156318,1159329,1161719,1163809,1165528,1169658
CVE References: CVE-2019-8625,CVE-2019-8710,CVE-2019-8720,CVE-2019-8743,CVE-2019-8764,CVE-2019-8766,CVE-2019-8769,CVE-2019-8771,CVE-2019-8782,CVE-2019-8783,CVE-2019-8808,CVE-2019-8811,CVE-2019-8812,CVE-2019-8813,CVE-2019-8814,CVE-2019-8815,CVE-2019-8816,CVE-2019-8819,CVE-2019-8820,CVE-2019-8823,CVE-2019-8835,CVE-2019-8844,CVE-2019-8846,CVE-2020-10018,CVE-2020-11793,CVE-2020-3862,CVE-2020-3864,CVE-2020-3865,CVE-2020-3867,CVE-2020-3868
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE OpenStack Cloud 8 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE OpenStack Cloud 7 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server 12-SP5 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server 12-SP4 (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server 12-SP3-BCL (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Linux Enterprise Server 12-SP2-BCL (src):    webkit2gtk3-2.28.1-2.50.3
SUSE Enterprise Storage 5 (src):    webkit2gtk3-2.28.1-2.50.3
HPE Helion Openstack 8 (src):    webkit2gtk3-2.28.1-2.50.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 18 Michael Gorse 2020-04-29 22:27:17 UTC
Update released.