Online update causes bug to show up again in evolution, after using temporary bug fix

Hello,

I am having a problem with evolution. I recently installed Leap 15.5, and when I first started evolution I couldn’t read the body of the emails. After looking around I found this bug:1216778 – Unable to read the text of emails in Evolution. So after going around in circles I actually *read the information and learned that I had to downgrade a package, or a few. I did that and it worked. Unfortunately when I do an Online Update I get a cue to install the same packages and in fact the patch which has been used to fix the problem, as is described in the patch description. When I install that or allow it to be installed, it breaks evolution again. From Yast> Online Update > Patches: Recommended Update for Webkit2gtk3,

openSUSE-SLE-15.5-2023-4474 - Recommended update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

• Rendering of e-mails in Evolution is blank when using the proprietary NVIDIA driver (bsc#1216778)
  References:
  1216778 (bugzilla) : Unable to read the text of emails in Evolution

ALSO there a number of Security Updates that are there: Security update for Webkit2gtk3 (there are three of these),

#1

openSUSE-SLE-15.5-2023-4828 - Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.42.3 (bsc#1217844):

• Fix flickering while playing videos with DMA-BUF sink.

• Fix color picker being triggered in the inspector when typing “tan”.

• Do not special case the “sans” font family name.

• Fix build failure with libxml2 version 2.12.0 due to an API change.

• Fix several crashes and rendering issues.

• Security fixes: CVE-2023-42916, CVE-2023-42917.

References:

• 1217844 (bugzilla) : VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0011
• CVE-2023-42917 (cve) : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42917
• CVE-2023-42916 (cve) : CVE - CVE-2023-42916

#2

openSUSE-SLE-15.5-2023-4561 - Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues:

Update to version 2.42.2 (bsc#1217210):

• CVE-2023-41983: Processing web content may lead to a denial-of-service.

• CVE-2023-42852: Processing web content may lead to arbitrary code execution.

Already previously fixed:

• CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4).

• CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0).

• CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).

• CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).

• CVE-2023-32359: A user’s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0).

References:

• 1217210 (bugzilla) : VUL-0: webkit2gtk3: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0010
• CVE-2023-41983 (cve) : CVE - CVE-2023-41983
• CVE-2023-42852 (cve) : CVE - CVE-2023-42852
• CVE-2022-32919 (cve) : CVE - CVE-2022-32919
• CVE-2022-32933 (cve) : CVE - CVE-2022-32933
• CVE-2022-46705 (cve) : CVE - CVE-2022-46705
• CVE-2022-46725 (cve) : CVE - CVE-2022-46725
• CVE-2023-32359 (cve) : CVE - CVE-2023-32359

#3

openSUSE-SLE-15.5-2023-4294 - Security update for webkit2gtk3

This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5.

Security fixes:

• CVE-2023-41993: Fixed an issue where processing malicious web

content could have lead to arbitrary code execution (bsc#1215661).

• CVE-2023-39928: Fixed a use-after-free that could be exploited to

execute arbitrary code when visiting a malicious webpage (bsc#1215868).

• CVE-2023-41074: Fixed an issue where processing malicious web

content could have lead to arbitrary code execution (bsc#1215870).

Other fixes:

• Fixed missing package dependencies (bsc#1215072).

References:

• 1216483 (bugzilla) : VUL-0: webkit2gtk3: regression in security fix
• 1214835 (bugzilla) : 15.5 patch cant get handled automatically? - openSUSE-SLE-15.5-2023-3413-1
• 1214640 (bugzilla) : Dependency issue with WebKit2GTK in patch:openSUSE-SLE-15.4-2023-3419-1.noarch
• 1214093 (bugzilla) : openSUSE-SLE-15.4-2023-3233 fails to install due to missing libwebkit2gtk3 = 2.40.5
• 1215661 (bugzilla) : VUL-0: CVE-2023-41993: webkit2gtk3,libqt5-qtwebkit,libQtWebKit4,webkitgtk: processing malicious web content may lead to arbitrary code execution
• 1215868 (bugzilla) : VUL-0: CVE-2023-39928: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports
• 1215870 (bugzilla) : VUL-0: CVE-2023-41074: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
• 1215072 (bugzilla) : error when starting emacs, because dependency missing to wayland package.
• 1215866 (bugzilla) : VUL-0: CVE-2023-35074: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
• 1215867 (bugzilla) : VUL-0: CVE-2023-39434: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
• 1215869 (bugzilla) : VUL-0: CVE-2023-40451: libQtWebKit4,libqt5-qtwebkit,webkit2gtk3,webkitgtk: WebKitGTK and WPE WebKit Security Advisory WSA-2023-0009
• CVE-2023-41993 (cve) : CVE - CVE-2023-41993
• CVE-2023-39928 (cve) : CVE - CVE-2023-39928
• CVE-2023-41074 (cve) : CVE - CVE-2023-41074
• CVE-2023-39434 (cve) : CVE - CVE-2023-39434
• CVE-2023-40451 (cve) : CVE - CVE-2023-40451
• CVE-2023-35074 (cve) : CVE - CVE-2023-35074

There are 4 packages that are marked to be updated.

#1 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1

WebKitGTK-4.0-lang - Translations for package webkit2gtk3-soup2

Provides translations for the “webkit2gtk3-soup2” package.

#2 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1

libjavascriptcoregtk-4_0-18 - JavaScript Core Engine, GTK+ Port

WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple’s Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.
It is able to display content such as HTML, SVG, XML, and others. It also supports DOM,
XMLHttpRequest, XSLT, CSS, Javascript/ECMAscript and more

#3 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1

libwebkit2gtk-4_0-37 - Library for rendering web content, GTK+ Port

WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple’s Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.
It is able to display content such as HTML, SVG, XML, and others. It also supports DOM, XMLHttpRequest, XSLT, CSS, Javascript/ECMAscript and more.

#4 version 2.40.5-150400.4.51.1 installed, current version 2.42.3-150400.4.67.1

webkit2gtk-4_0-injected-bundles - Injected bundles for webkit2gtk3-soup2

WebKit is a web content engine, derived from KHTML and KJS from KDE, and used primarily in Apple’s Safari browser. It is made to be embedded in other applications, such as mail readers, or web browsers.
It is able to display content such as HTML, SVG, XML, and others. It also supports DOM, XMLHttpRequest, XSLT, CSS, Javascript/ECMAscript and more.

I have the same problem. The content of emails is invisible in Evolution, making the program unusable. I use the NVIDIA driver.
When I start Evolution in a terminal, I get the following error messages:

MESA-LOADER: failed to open nouveau: /usr/lib64/dri/nouveau_dri.so: kan gedeeld objectbestand niet openen: Bestand of map bestaat niet (search paths /usr/lib64/dri, suffix _dri)
failed to load driver: nouveau

** (evolution:17860): WARNING **: 12:08:40.018: WEBKIT_FORCE_SANDBOX no longer allows disabling the sandbox. Use WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 instead.
MESA-LOADER: failed to open nouveau: /usr/lib64/dri/nouveau_dri.so: kan gedeeld objectbestand niet openen: Bestand of map bestaat niet (search paths /usr/lib64/dri, suffix _dri)
failed to load driver: nouveau
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Toegang geweigerd
Failed to create GBM buffer of size 989x46: Toegang geweigerd
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Toegang geweigerd
Failed to create GBM buffer of size 989x46: Toegang geweigerd
KMS: DRM_IOCTL_MODE_CREATE_DUMB failed: Toegang geweigerd
Failed to create GBM buffer of size 989x46: Toegang geweigerd
Failed to create EGL images for DMABufs with file descriptors -1, -1 and -1

(evolution:17860): GLib-GIO-WARNING **: 12:08:45.807: Your application did not unregister from D-Bus before destruction. Consider using g_application_run().

I use webkit2gtk3-2.42.5-150400.4.75.1 on openSUSE Leap 15.5.

Does anyone know how to solve this problem?

Kind regards,

Thijs Bennis

I have a temporary fix that has become permanent for me.

from a terminal:

export WEBKIT_DMABUF_RENDERER_DISABLE_GBM=1

evolution

Thank you for your solution. It worked fine for me.

Kind regards,

Thijs Bennis

Yeah I had an exchange with the person who was working on the bug.

Glad to hear it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.