From patchwork Wed Jul 29 15:40:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Perez de Castro X-Patchwork-Id: 1338403 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=igalia.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=igalia.com header.i=@igalia.com header.a=rsa-sha256 header.s=20170329 header.b=Dmf9iXZd; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BGyRs3Lpbz9sRX for ; Thu, 30 Jul 2020 01:40:41 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 71CD985E03; Wed, 29 Jul 2020 15:40:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id acshV2VHSnet; Wed, 29 Jul 2020 15:40:38 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id C06DC86652; Wed, 29 Jul 2020 15:40:38 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id 764E21BF576 for ; Wed, 29 Jul 2020 15:40:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 7182285E03 for ; Wed, 29 Jul 2020 15:40:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ktq9VEzBWdy for ; Wed, 29 Jul 2020 15:40:36 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from fanzine.igalia.com (fanzine.igalia.com [178.60.130.6]) by fraxinus.osuosl.org (Postfix) with ESMTPS id F282D859D2 for ; Wed, 29 Jul 2020 15:40:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From; bh=wH1a5yEmvgvWXfmF0rytnXknU0DrGrdlfVG8QsdrBU0=; b=Dmf9iXZd3i26LaLkUIczv+JIEAbdG6Et5JaGPxuo3sk1z+6iQWs1ovoqR/JN/WPnSgkiHt+HNdVuSNskhJMyc8TGAG/Bl3TVdjXhnVA17u/73AU5NdNB1qPeDuNR90v7nfnAlLY3YFQ+DlBgyjcmtLIWi7sZevmDk1BuPLScUUmmFMY+viGEq1fF8LWQ+abk1drDGSy5F44LbossXzuYL1k5X/1Kb1o8qLS0XnSuWHN/7Wjs1CRr40lyiZZqrAk7Ud02AYHGiJyqvbnFTQ3Sfm7iydgkKeRxUdznApeyE3KEqd9gG81cZi0yz4Oa5Ny6mGokcfNaVFH1O/FklK0aCQ==; Received: from 82-181-217-9.bb.dnainternet.fi ([82.181.217.9] helo=kodama) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1k0oC0-0008Ep-3r; Wed, 29 Jul 2020 17:40:32 +0200 Received: from localhost (kodama [local]) by kodama (OpenSMTPD) with ESMTPA id 8c6cf5c6; Wed, 29 Jul 2020 15:40:20 +0000 (UTC) From: Adrian Perez de Castro To: buildroot@buildroot.org Date: Wed, 29 Jul 2020 18:40:20 +0300 Message-Id: <20200729154020.3460716-1-aperez@igalia.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.28.4 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Adrian Perez de Castro Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This is a minor release which provides fixes for CVE-2020-9862, CVE-2020-9893, CVE-2020-9894, CVE-2020-9895, CVE-2020-9915, and CVE-2020-9925. Full release notes can be found at: https://webkitgtk.org/2020/07/28/webkitgtk2.28.4-released.html A detailed security advisory can be found at: https://webkitgtk.org/security/WSA-2020-0007.html Signed-off-by: Adrian Perez de Castro --- package/webkitgtk/webkitgtk.hash | 8 ++++---- package/webkitgtk/webkitgtk.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash index 44263745e4..cdca65a5a8 100644 --- a/package/webkitgtk/webkitgtk.hash +++ b/package/webkitgtk/webkitgtk.hash @@ -1,7 +1,7 @@ -# From https://webkitgtk.org/releases/webkitgtk-2.28.3.tar.xz.sums -md5 a03a4dcd2819baca14fdec5af68b4356 webkitgtk-2.28.3.tar.xz -sha1 af1d845d373e67fd666105e798a44e2cadaef83c webkitgtk-2.28.3.tar.xz -sha256 f0898ac072c220e13a4aee819408421a6cb56a6eb89170ceafe52468b0903522 webkitgtk-2.28.3.tar.xz +# From https://webkitgtk.org/releases/webkitgtk-2.28.4.tar.xz.sums +md5 10e0cce27208dfbd4cf63dd68a9a47d7 webkitgtk-2.28.4.tar.xz +sha1 70e9dd80647b30eaaf8a7f5b30d8869cd1254056 webkitgtk-2.28.4.tar.xz +sha256 821952e8c9303ed752f1fb1d4283f612c25249d00d705d2b79c2db1bc49c9464 webkitgtk-2.28.4.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk index f38ea5d20a..65a4439839 100644 --- a/package/webkitgtk/webkitgtk.mk +++ b/package/webkitgtk/webkitgtk.mk @@ -4,7 +4,7 @@ # ################################################################################ -WEBKITGTK_VERSION = 2.28.3 +WEBKITGTK_VERSION = 2.28.4 WEBKITGTK_SITE = https://www.webkitgtk.org/releases WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz WEBKITGTK_INSTALL_STAGING = YES