From patchwork Thu Dec 21 13:36:30 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Adrian Perez de Castro <aperez@igalia.com>
X-Patchwork-Id: 851935
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=busybox.net
	(client-ip=140.211.166.137; helo=fraxinus.osuosl.org;
	envelope-from=buildroot-bounces@busybox.net;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=igalia.com header.i=@igalia.com
	header.b="s1Sz0PJh"; dkim-atps=neutral
Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3z2Xk35bLHz9s7m
	for <incoming@patchwork.ozlabs.org>;
	Fri, 22 Dec 2017 00:36:58 +1100 (AEDT)
Received: from localhost (localhost [127.0.0.1])
	by fraxinus.osuosl.org (Postfix) with ESMTP id 3A546864D9;
	Thu, 21 Dec 2017 13:36:55 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from fraxinus.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id jIbZgNOkxv2q; Thu, 21 Dec 2017 13:36:52 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by fraxinus.osuosl.org (Postfix) with ESMTP id B29D6863A1;
	Thu, 21 Dec 2017 13:36:52 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133])
	by ash.osuosl.org (Postfix) with ESMTP id EA9A71C1127
	for <buildroot@lists.busybox.net>;
	Thu, 21 Dec 2017 13:36:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by hemlock.osuosl.org (Postfix) with ESMTP id E6FEE877C1
	for <buildroot@lists.busybox.net>;
	Thu, 21 Dec 2017 13:36:50 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from hemlock.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id A3bmWnH-a4D2 for <buildroot@lists.busybox.net>;
	Thu, 21 Dec 2017 13:36:49 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from fanzine.igalia.com (fanzine.igalia.com [91.117.99.155])
	by hemlock.osuosl.org (Postfix) with ESMTPS id 9F0FF877A5
	for <buildroot@buildroot.org>; Thu, 21 Dec 2017 13:36:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com;
	s=20170329; h=Message-Id:Date:Subject:Cc:To:From;
	bh=s0Ry4i7gtlKemjZ4+FmNaIIgjnNUGOq39k99jzJxBvw=;
	b=s1Sz0PJhCfs5MUcbQbiU7uRiYjGDNtf3gGUI47MiQcMfO6WfQUlkyDTMasmEssUCWELuB+iqIuqyWV5V4bs4aHs93dmP8BzOZLpmuD9lvAnW0hlvu5hU4TAfJVXGJIWWfOPU1v8VxJSvanHAy2s1KGogP2Nvr+Re3YT194pln37F/nnXg0vtOQqsYG8YDmybNWyv6KvUiniWIhKpM94+BRFdZHsCN0wGS5eKqu7TAcLJ162zEeDAEfpgv+KQxprDYL8AvIS9L0ToYyE7YZZSw/6t+aVAMx1FVvtVH5HpvlyZhS8sInzMv+eNQYrsSH30SFVBbOeebjYYpDYEZZRkIQ==;
Received: from [194.100.51.2] (helo=momiji) by fanzine.igalia.com with
	esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim)
	id 1eS11f-0002Ta-Fv; Thu, 21 Dec 2017 14:36:43 +0100
Received: from localhost (momiji [local])
	by momiji (OpenSMTPD) with ESMTPA id ef589e0d;
	Thu, 21 Dec 2017 13:36:30 +0000 (UTC)
From: Adrian Perez de Castro <aperez@igalia.com>
To: buildroot@buildroot.org
Date: Thu, 21 Dec 2017 15:36:30 +0200
Message-Id: <20171221133630.29763-1-aperez@igalia.com>
X-Mailer: git-send-email 2.15.1
Subject: [Buildroot] [PATCH 1/1] webkitgtk: security bimp to version 2.18.4
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.24
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
	<mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Adrian Perez de Castro <aperez@igalia.com>
MIME-Version: 1.0
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

This is a maintenance release of the current stable WebKitGTK+ version,
which contains for CVE-2017-13866, CVE-2017-13870, CVE-2017-7156, and
CVE-2017-13856. Additionally, this release brings improvements in the
WebDriver spec-compliance, plugs several memory leaks in its GStreamer
based multimedia backend, and fixes a bug when handling cookie removal.

Release notes can be found in the announcement:

  https://webkitgtk.org/2017/12/19/webkitgtk2.18.4-released.html

More details about the security fixes are provided in the following
WebKitGTK+ Security Advisory report:

  https://webkitgtk.org/security/WSA-2017-0010.html

Last but not least, this new release includes the fix for honoring the
CMAKE_BUILD_TYPE value from CMake toolchain files and the corresponding
patch is removed.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
---
 ...s-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch | 52 ----------------------
 package/webkitgtk/webkitgtk.hash                   |  8 ++--
 package/webkitgtk/webkitgtk.mk                     |  2 +-
 3 files changed, 5 insertions(+), 57 deletions(-)
 delete mode 100644 package/webkitgtk/0001-CMake-Values-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch

diff --git a/package/webkitgtk/0001-CMake-Values-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch b/package/webkitgtk/0001-CMake-Values-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch
deleted file mode 100644
index 6ac1258626..0000000000
--- a/package/webkitgtk/0001-CMake-Values-of-CMAKE_BUILD_TYPE-from-toolchain-file.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 3b13b1ec9985e72132ec6a3ba13cf60b34848817 Mon Sep 17 00:00:00 2001
-From: "aperez@igalia.com"
- <aperez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
-Date: Mon, 27 Nov 2017 15:34:49 +0000
-Subject: [PATCH] [CMake] Values of CMAKE_BUILD_TYPE from toolchain file are
- ignored https://bugs.webkit.org/show_bug.cgi?id=179971
-
-Reviewed by Carlos Alberto Lopez Perez.
-
-* CMakeLists.txt: Call project() first, as it loads the toolchain
-file, so that's done before checking CMAKE_BUILD_TYPE.
-
-
-git-svn-id: http://svn.webkit.org/repository/webkit/trunk@225168 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
-Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Backported from: 75986e1807b
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index d80c37b950a..0a9bd17b981 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -1,8 +1,17 @@
- # -----------------------------------------------------------------------------
- # Determine CMake version and build type.
- # -----------------------------------------------------------------------------
-+#
-+# NOTE: cmake_minimum_required() and project() *MUST* be the two fist commands
-+# used, see https://cmake.org/cmake/help/v3.3/command/project.html -- the
-+# latter in particular handles loading a bunch of shared CMake definitions
-+# and loading the cross-compilation settings from CMAKE_TOOLCHAIN_FILE.
-+#
-+
- cmake_minimum_required(VERSION 3.3)
- 
-+project(WebKit)
-+
- if (NOT CMAKE_BUILD_TYPE)
-     message(WARNING "No CMAKE_BUILD_TYPE value specified, defaulting to RelWithDebInfo.")
-     set(CMAKE_BUILD_TYPE "RelWithDebInfo" CACHE STRING "Choose the type of build." FORCE)
-@@ -10,8 +19,6 @@ else ()
-     message(STATUS "The CMake build type is: ${CMAKE_BUILD_TYPE}")
- endif ()
- 
--project(WebKit)
--
- set(CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}/Source/cmake")
- 
- set(ENABLE_WEBCORE ON)
--- 
-2.15.1
-
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 9e207c541b..3d64b6f5a9 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,7 +1,7 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.18.3.tar.xz.sums
-md5 264a22d7467deae606e42b6eb5dd65af webkitgtk-2.18.3.tar.xz
-sha1 164cad34281ef597a3d4ad214e8037c3ddef4d17 webkitgtk-2.18.3.tar.xz
-sha256 e15420e1616a6f70f321541d467af5ca285bff66b1e0fa68a01df3ccf1b18f9e webkitgtk-2.18.3.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.18.4.tar.xz.sums
+md5 c4686971eac2760bab685e21ac8849be webkitgtk-2.18.4.tar.xz
+sha1 709616b445158dc3163a64bb59e95aadbe58949c webkitgtk-2.18.4.tar.xz
+sha256 87b6bb9a6065b949ecbe6191313c43e57ad28efdf1f2b5e763405093520632b8 webkitgtk-2.18.4.tar.xz
 
 # Hashes for license files:
 sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index c4675463fa..142f9766e7 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WEBKITGTK_VERSION = 2.18.3
+WEBKITGTK_VERSION = 2.18.4
 WEBKITGTK_SITE = http://www.webkitgtk.org/releases
 WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
 WEBKITGTK_INSTALL_STAGING = YES