From patchwork Fri Jul 10 11:47:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Perez de Castro X-Patchwork-Id: 1326714 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=igalia.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=igalia.com header.i=@igalia.com header.a=rsa-sha256 header.s=20170329 header.b=gsRR1KE6; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B3B9z1Tk2z9sRK for ; Fri, 10 Jul 2020 21:47:51 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id B411E87FA6; Fri, 10 Jul 2020 11:47:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rDVUR3xN5Ofj; Fri, 10 Jul 2020 11:47:49 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 20FEC87F41; Fri, 10 Jul 2020 11:47:49 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) by ash.osuosl.org (Postfix) with ESMTP id E73D41BF319 for ; Fri, 10 Jul 2020 11:47:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id E429187EC9 for ; Fri, 10 Jul 2020 11:47:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nrAbdm_75MFX for ; Fri, 10 Jul 2020 11:47:45 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from fanzine.igalia.com (fanzine.igalia.com [178.60.130.6]) by fraxinus.osuosl.org (Postfix) with ESMTPS id 0C35E87521 for ; Fri, 10 Jul 2020 11:47:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From; bh=1JnUFuuZ3Jk4cUo8V70crlOa1WKwHwfJhBurjMinL1o=; b=gsRR1KE6UUOBsBYK5unupoUgSxr6vWnSH8eCMP6VCMMM9CX0jacw7/GPObDyqe78XSewBPY8X7ZIoigki2LhnlN8j7v2ucal/QF6XGuJCqZ0qCShkizmPobO6uxG2tJDnXT1SRjNl2QbntsoikJ75r44bnLmpOk0KkoZxqFSvr+GoYqpKcyd5Nul3TyCKXukV69i7vCDH2g6dm9VpgKQWUTmW3WL55lW9vYA8x4DuInUFI7acHPA+72zo+cVzV/h2cV0s2tPexUtFskIC8FQ2bX/sNDjflk5x2sW8wnDW2Sjbddr4voM0+weL/Sr9LKxfL474x6kzLr1Ja1JaT1KbQ==; Received: from 82-181-217-9.bb.dnainternet.fi ([82.181.217.9] helo=kodama) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1jtrVG-00020J-Rt; Fri, 10 Jul 2020 13:47:42 +0200 Received: from localhost (kodama [local]) by kodama (OpenSMTPD) with ESMTPA id b245417f; Fri, 10 Jul 2020 11:47:30 +0000 (UTC) From: Adrian Perez de Castro To: buildroot@buildroot.org Date: Fri, 10 Jul 2020 14:47:30 +0300 Message-Id: <20200710114730.805297-1-aperez@igalia.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/wpewebkit: security bump to version 2.28.3 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Adrian Perez de Castro Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This is a minor release which provides fixes for CVE-2020-9800, CVE-2020-9802, CVE-2020-9803, CVE-2020-9805, CVE-2020-9806, CVE-2020-9807, CVE-2020-9843, CVE-2020-9850, and CVE-2020-13753. Updating from 2.28.2 also brings in the usual batch of fixes, including important improvements to threading in the media player. Full release notes can be found at: https://wpewebkit.org/release/wpewebkit-2.28.3.html A detailed security advisory can be found at: https://wpewebkit.org/security/WSA-2020-0006.html Signed-off-by: Adrian Perez de Castro --- package/wpewebkit/wpewebkit.hash | 8 ++++---- package/wpewebkit/wpewebkit.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash index 8c660d3003..fcc35c5024 100644 --- a/package/wpewebkit/wpewebkit.hash +++ b/package/wpewebkit/wpewebkit.hash @@ -1,7 +1,7 @@ -# From https://wpewebkit.org/releases/wpewebkit-2.28.2.tar.xz.sums -md5 c1f17d4b031e9462692443e3c089789c wpewebkit-2.28.2.tar.xz -sha1 b109cfec921eb466227ab3b8d21c5f5717311c8e wpewebkit-2.28.2.tar.xz -sha256 6929d28744702ead3574484ca02645c457a6fdcd6b43ccc9766d98dc3664e8dc wpewebkit-2.28.2.tar.xz +# From https://wpewebkit.org/releases/wpewebkit-2.28.3.tar.xz.sums +md5 0b3655598f340a5c83cc26423fefcf36 wpewebkit-2.28.3.tar.xz +sha1 ea03d365584ef5e86ca28cec6ca072a4674e9312 wpewebkit-2.28.3.tar.xz +sha256 2539263a4d73c00abfe0205f54770dc1f6d2b635edbe41e748b507254f21e98b wpewebkit-2.28.3.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk index a6124d3529..22c3d96460 100644 --- a/package/wpewebkit/wpewebkit.mk +++ b/package/wpewebkit/wpewebkit.mk @@ -4,7 +4,7 @@ # ################################################################################ -WPEWEBKIT_VERSION = 2.28.2 +WPEWEBKIT_VERSION = 2.28.3 WPEWEBKIT_SITE = http://www.wpewebkit.org/releases WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz WPEWEBKIT_INSTALL_STAGING = YES