Message ID | 20200408152703.1360075-1-aperez@igalia.com |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/webkitgtk: bump to version 2.28.0 | expand |
On Wed, 8 Apr 2020 18:27:03 +0300 Adrian Perez de Castro <aperez@igalia.com> wrote: > Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> > --- > package/webkitgtk/webkitgtk.hash | 8 ++++---- > package/webkitgtk/webkitgtk.mk | 2 +- > 2 files changed, 5 insertions(+), 5 deletions(-) Applied to master, thanks. Thomas
>>>>> "Adrian" == Adrian Perez de Castro <aperez@igalia.com> writes: > Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> Again, it would be good to mark this as a security bump.
On Wed, 08 Apr 2020 21:46:00 +0200 Peter Korsgaard <peter@korsgaard.com> wrote: > >>>>> "Adrian" == Adrian Perez de Castro <aperez@igalia.com> writes: > > > Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> > > Again, it would be good to mark this as a security bump. Doh, before applying, I had a look at https://webkitgtk.org/2020/03/10/webkitgtk2.28.0-released.html just to see what are the main highlights, and it doesn't even say it has security fixes not in 2.26.x. Where did you see it has security fixes? Even the NEWS file doesn't say anything about this. Thomas
On Wed, 8 Apr 2020 22:14:00 +0200, Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote: > On Wed, 08 Apr 2020 21:46:00 +0200 > Peter Korsgaard <peter@korsgaard.com> wrote: > > > >>>>> "Adrian" == Adrian Perez de Castro <aperez@igalia.com> writes: > > > > > Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> > > > > Again, it would be good to mark this as a security bump. > > Doh, before applying, I had a look at > https://webkitgtk.org/2020/03/10/webkitgtk2.28.0-released.html just to > see what are the main highlights, and it doesn't even say it has > security fixes not in 2.26.x. > > Where did you see it has security fixes? Even the NEWS file doesn't say > anything about this. The latest WSA (which was released after 2.28.0) has the list of security fixes: https://wpewebkit.org/security/WSA-2020-0003.html Somehow I am conflicted about tagging a major release (the ones that change the second version number) as security releases because in general packagers tend to be reluctant to pick major releases even so. Sometimes we do not have the possibility of publishing WSAs at the same time as releases, too… That being told, I could argue that all WebKitGTK (and WPE WebKit) releases contain security fixes—but that's some story for another day. Cheers, —Adrián
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash index 0dfbe93137..b63a734e3d 100644 --- a/package/webkitgtk/webkitgtk.hash +++ b/package/webkitgtk/webkitgtk.hash @@ -1,7 +1,7 @@ -# From https://webkitgtk.org/releases/webkitgtk-2.26.4.tar.xz.sums -md5 60f881729f3b71244b7f6e58790073e0 webkitgtk-2.26.4.tar.xz -sha1 72f209c08ecc8ad4f0f6b767d4fa1be7a652df33 webkitgtk-2.26.4.tar.xz -sha256 4386900713dfadf9741177210b32623cab22562a79ffd0d446b66569934b113f webkitgtk-2.26.4.tar.xz +# From https://webkitgtk.org/releases/webkitgtk-2.28.0.tar.xz.sums +md5 0bf11df8117ea64f6b8de59d278a2c78 webkitgtk-2.28.0.tar.xz +sha1 927d0922b986fd06567015ce4425ed05d9fca209 webkitgtk-2.28.0.tar.xz +sha256 361f3d178f62a9c112cbadfedd46106c34455c26d57a12a28fb3b09178d20e8b webkitgtk-2.28.0.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk index cdb6556554..2578847b05 100644 --- a/package/webkitgtk/webkitgtk.mk +++ b/package/webkitgtk/webkitgtk.mk @@ -4,7 +4,7 @@ # ################################################################################ -WEBKITGTK_VERSION = 2.26.4 +WEBKITGTK_VERSION = 2.28.0 WEBKITGTK_SITE = https://www.webkitgtk.org/releases WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz WEBKITGTK_INSTALL_STAGING = YES
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com> --- package/webkitgtk/webkitgtk.hash | 8 ++++---- package/webkitgtk/webkitgtk.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-)