From patchwork Sun Apr 26 19:50:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Perez de Castro X-Patchwork-Id: 1277220 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=igalia.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=igalia.com header.i=@igalia.com header.a=rsa-sha256 header.s=20170329 header.b=Dn2DzY8R; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 499JRr4bdMz9sP7 for ; Mon, 27 Apr 2020 05:50:48 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id C973F87866; Sun, 26 Apr 2020 19:50:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sjz3EYnuGuMp; Sun, 26 Apr 2020 19:50:44 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 0CEA187762; Sun, 26 Apr 2020 19:50:44 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id A3AEE1BF2BB for ; Sun, 26 Apr 2020 19:50:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 9FBDB8563A for ; Sun, 26 Apr 2020 19:50:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v9eB-5_cHsIh for ; Sun, 26 Apr 2020 19:50:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from fanzine.igalia.com (fanzine.igalia.com [178.60.130.6]) by fraxinus.osuosl.org (Postfix) with ESMTPS id A331B851C0 for ; Sun, 26 Apr 2020 19:50:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From; bh=99++rm6DeZzThgppkhGJ46+2YL3ifuXPH2bMBeedTpM=; b=Dn2DzY8Rpf+MqSuOdxHuov2kpuLGHpOeUJoHk13vYe+ImvBzKEEMtdzkJ8I5gjlFIYHLmgql2G3Jq+ZJP9hJH4qBwgP7Sp14m3jUYp4ZPjXVxg2B3ICxHNm5QzbLKEon13x/QrBk3k84k47Uv7zDcl/x6XflDR/122j+fIN/QRqZRqydHeZE8h87AnCUIr/ULvlPJMKXv/FtzR5RfJ1pbDUiLp5F/4vcv2OMWX+UbLx0PEtaI21ALiin7tt/SPXZoYBcKpToi9QV+XYv0cpoXvbB91zt/EYXcvPD5Sm3fB9mMCJckufNqCoV3hVPKg733EiofYVRIMblWiS+ii5sCg==; Received: from 82-181-217-9.bb.dnainternet.fi ([82.181.217.9] helo=kodama) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1jSnIP-0008J4-CS; Sun, 26 Apr 2020 21:50:33 +0200 Received: from localhost (kodama [local]) by kodama (OpenSMTPD) with ESMTPA id cb5b6164; Sun, 26 Apr 2020 19:50:21 +0000 (UTC) From: Adrian Perez de Castro To: buildroot@buildroot.org Date: Sun, 26 Apr 2020 22:50:21 +0300 Message-Id: <20200426195021.2625617-1-aperez@igalia.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/wpewebkit: security bump to version 2.28.2 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Adrian Perez de Castro Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This is a minor release which provides fixes for CVE-2020-11793, CVE-2020-3887, CVE-2020-3894, and CVE-2020-3899. Updating from 2.28.0 also brings a few rendering fixes, a build fix on MIPS64, a build fix for GStreamer 1.12, and solves a couple of crashes. The full release notes covering 2.28.1 and 2.28.2 can be found at: https://wpewebkit.org/release/wpewebkit-2.28.1.html https://wpewebkit.org/release/wpewebkit-2.28.2.html A detailed security advisory can be found at: https://wpewebkit.org/security/WSA-2020-0004.html Note that the above does not cover all the CVEs, and a new advisory including them is expected to be published in the next days. Signed-off-by: Adrian Perez de Castro --- package/wpewebkit/wpewebkit.hash | 8 ++++---- package/wpewebkit/wpewebkit.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash index 2e7016fe38..8c660d3003 100644 --- a/package/wpewebkit/wpewebkit.hash +++ b/package/wpewebkit/wpewebkit.hash @@ -1,7 +1,7 @@ -# From https://wpewebkit.org/releases/wpewebkit-2.28.0.tar.xz.sums -md5 4298b9d38b4f05f92995422ea9979893 wpewebkit-2.28.0.tar.xz -sha1 9e791b6112cca8cda51ae7e991b545f4bf0bb46c wpewebkit-2.28.0.tar.xz -sha256 a85cd3cb46206a4929a9562d53379a7e7e2ec1a3224b34e2dcf5da30bb906722 wpewebkit-2.28.0.tar.xz +# From https://wpewebkit.org/releases/wpewebkit-2.28.2.tar.xz.sums +md5 c1f17d4b031e9462692443e3c089789c wpewebkit-2.28.2.tar.xz +sha1 b109cfec921eb466227ab3b8d21c5f5717311c8e wpewebkit-2.28.2.tar.xz +sha256 6929d28744702ead3574484ca02645c457a6fdcd6b43ccc9766d98dc3664e8dc wpewebkit-2.28.2.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk index 9c969cae5a..a6124d3529 100644 --- a/package/wpewebkit/wpewebkit.mk +++ b/package/wpewebkit/wpewebkit.mk @@ -4,7 +4,7 @@ # ################################################################################ -WPEWEBKIT_VERSION = 2.28.0 +WPEWEBKIT_VERSION = 2.28.2 WPEWEBKIT_SITE = http://www.wpewebkit.org/releases WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz WPEWEBKIT_INSTALL_STAGING = YES