* [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4
@ 2022-07-13 13:29 Adrian Perez de Castro
2022-07-16 15:35 ` Yann E. MORIN
2022-08-03 20:46 ` Peter Korsgaard
0 siblings, 2 replies; 5+ messages in thread
From: Adrian Perez de Castro @ 2022-07-13 13:29 UTC (permalink / raw)
To: buildroot; +Cc: Adrian Perez de Castro
Bugfix release, fixes a WebKitWebProcess leak, MPRIS/MediaSession
support, adds a missing ATSPI a11y interface, and security patches
for CVE-2022-22677 and CVE-2022-26710.
Release notes:
https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
Accompanying security advisory:
https://webkitgtk.org/security/WSA-2022-0006.html
One patch is now included in the packaged release, and another with a
build fix imported, which is actually a revert of a patch that made it
into the release but can cause linking issues when using LTO.
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
---
...en-cross-building-for-64-bit-ARM-htt.patch | 32 ----------
...5034-WebKitTestRunner-shouldn-t-link.patch | 58 +++++++++++++++++++
package/webkitgtk/webkitgtk.hash | 8 +--
package/webkitgtk/webkitgtk.mk | 2 +-
4 files changed, 63 insertions(+), 37 deletions(-)
delete mode 100644 package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
create mode 100644 package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
diff --git a/package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch b/package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
deleted file mode 100644
index 7c9c8666ad..0000000000
--- a/package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From b0c63502f004db68b485354967bb1c56c071f4eb Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Tue, 31 May 2022 00:48:21 +0300
-Subject: [PATCH] Build failure when cross-building for 64-bit ARM
- https://bugs.webkit.org/show_bug.cgi?id=241109
-
-Unreviewed build fix.
-
-* Source/WebCore/bindings/js/JSDOMMapLike.cpp: Add missing
- JavaScriptCore/HashMapImplInlines.h header inclusion.
-
-Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Upstream status: https://github.com/WebKit/WebKit/pull/1165
----
- Source/WebCore/bindings/js/JSDOMMapLike.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Source/WebCore/bindings/js/JSDOMMapLike.cpp b/Source/WebCore/bindings/js/JSDOMMapLike.cpp
-index e132c39fa54..2cb4b1b59a3 100644
---- a/Source/WebCore/bindings/js/JSDOMMapLike.cpp
-+++ b/Source/WebCore/bindings/js/JSDOMMapLike.cpp
-@@ -28,6 +28,7 @@
-
- #include "WebCoreJSClientData.h"
- #include <JavaScriptCore/CatchScope.h>
-+#include <JavaScriptCore/HashMapImplInlines.h>
- #include <JavaScriptCore/JSMap.h>
- #include <JavaScriptCore/VMTrapsInlines.h>
-
---
-2.36.1
-
diff --git a/package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch b/package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
new file mode 100644
index 0000000000..d1edd36660
--- /dev/null
+++ b/package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
@@ -0,0 +1,58 @@
+From a780527a1b79538f1e1f5144e9b522d0927a2312 Mon Sep 17 00:00:00 2001
+From: Adrian Perez de Castro <aperez@igalia.com>
+Date: Wed, 13 Jul 2022 00:53:48 +0300
+Subject: [PATCH] Revert "Merge r295034 - WebKitTestRunner shouldn't link
+ object files of JavaScriptCore and WebCore"
+
+This reverts commit 7916fda00b347ff263fbfe72c065032d1d9b523c.
+
+Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
+[Upstream status: https://bugs.webkit.org/show_bug.cgi?id=241002]
+
+---
+ Source/JavaScriptCore/CMakeLists.txt | 12 +++++++++---
+ Tools/WebKitTestRunner/CMakeLists.txt | 1 -
+ Tools/WebKitTestRunner/PlatformGTK.cmake | 4 ++++
+ Tools/WebKitTestRunner/PlatformWin.cmake | 4 ++++
+ 4 files changed, 17 insertions(+), 4 deletions(-)
+
+diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
+index 95a1300ce1b3..238208eb1137 100644
+--- a/Source/JavaScriptCore/CMakeLists.txt
++++ b/Source/JavaScriptCore/CMakeLists.txt
+@@ -456,7 +456,7 @@ if (MSVC AND NOT ENABLE_C_LOOP)
+ COMMAND ${MASM_EXECUTABLE} ${LLINT_MASM_FLAGS} ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.obj ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.asm
+ VERBATIM)
+ list(APPEND JavaScriptCore_SOURCES ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.obj)
+- add_library(LowLevelInterpreterLib STATIC llint/LowLevelInterpreter.cpp)
++ add_library(LowLevelInterpreterLib OBJECT llint/LowLevelInterpreter.cpp)
+ else ()
+ # As there's poor toolchain support for using `.file` directives in
+ # inline asm (i.e. there's no way to avoid clashes with the `.file`
+@@ -465,7 +465,7 @@ else ()
+ # an object file. We only need to do this for LowLevelInterpreter.cpp
+ # and cmake doesn't allow us to introduce a compiler wrapper for a
+ # single source file, so we need to create a separate target for it.
+- add_library(LowLevelInterpreterLib STATIC llint/LowLevelInterpreter.cpp
++ add_library(LowLevelInterpreterLib OBJECT llint/LowLevelInterpreter.cpp
+ ${JavaScriptCore_DERIVED_SOURCES_DIR}/${LLIntOutput})
+ endif ()
+
+@@ -1496,7 +1496,13 @@ if (CMAKE_COMPILER_IS_GNUCXX AND GCC_OFFLINEASM_SOURCE_MAP)
+ COMPILE_OPTIONS "-fno-lto")
+ endif ()
+
+-list(APPEND JavaScriptCore_PRIVATE_LIBRARIES LowLevelInterpreterLib)
++# When building JavaScriptCore as an object library, we need to make sure the
++# lowlevelinterpreter lib objects get propogated.
++if (${JavaScriptCore_LIBRARY_TYPE} STREQUAL "OBJECT")
++ list(APPEND JavaScriptCore_PRIVATE_LIBRARIES $<TARGET_OBJECTS:LowLevelInterpreterLib>)
++else ()
++ list(APPEND JavaScriptCore_SOURCES $<TARGET_OBJECTS:LowLevelInterpreterLib>)
++endif ()
+
+ WEBKIT_COMPUTE_SOURCES(JavaScriptCore)
+ list(APPEND JavaScriptCore_SOURCES
+--
+2.37.1
+
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 1176bbc7a1..7f67ef4a7a 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,7 +1,7 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.36.3.tar.xz.sums
-md5 8ad4b1bfbbe3115ee163a8b2ba7b908f webkitgtk-2.36.3.tar.xz
-sha1 59ee6ee820be360ad57391870fa158064091c525 webkitgtk-2.36.3.tar.xz
-sha256 732fcf8c4ec644b8ed28b46ebbd7c1ebab9d9e0afea9bdf5e5d12786afc478d1 webkitgtk-2.36.3.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.36.4.tar.xz.sums
+md5 bb5f96d54804e22fd52478665d1dac7a webkitgtk-2.36.4.tar.xz
+sha1 c4f2d3c8581d1abe2a959e99f2846bea5d5ddf3c webkitgtk-2.36.4.tar.xz
+sha256 b6bebe1f85a479d968c19e44a4704622ef8cef61636ad1b2406b77d16ae2e2a8 webkitgtk-2.36.4.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index 07fc98c5f6..cbe36720da 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WEBKITGTK_VERSION = 2.36.3
+WEBKITGTK_VERSION = 2.36.4
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
--
2.37.1
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4
2022-07-13 13:29 [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4 Adrian Perez de Castro
@ 2022-07-16 15:35 ` Yann E. MORIN
2022-08-03 20:46 ` Peter Korsgaard
1 sibling, 0 replies; 5+ messages in thread
From: Yann E. MORIN @ 2022-07-16 15:35 UTC (permalink / raw)
To: Adrian Perez de Castro; +Cc: buildroot
Adrian, All,
On 2022-07-13 16:29 +0300, Adrian Perez de Castro spake thusly:
> Bugfix release, fixes a WebKitWebProcess leak, MPRIS/MediaSession
> support, adds a missing ATSPI a11y interface, and security patches
> for CVE-2022-22677 and CVE-2022-26710.
>
> Release notes:
>
> https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
>
> Accompanying security advisory:
>
> https://webkitgtk.org/security/WSA-2022-0006.html
>
> One patch is now included in the packaged release, and another with a
> build fix imported, which is actually a revert of a patch that made it
> into the release but can cause linking issues when using LTO.
>
> Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> ...en-cross-building-for-64-bit-ARM-htt.patch | 32 ----------
> ...5034-WebKitTestRunner-shouldn-t-link.patch | 58 +++++++++++++++++++
> package/webkitgtk/webkitgtk.hash | 8 +--
> package/webkitgtk/webkitgtk.mk | 2 +-
> 4 files changed, 63 insertions(+), 37 deletions(-)
> delete mode 100644 package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
> create mode 100644 package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
>
> diff --git a/package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch b/package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
> deleted file mode 100644
> index 7c9c8666ad..0000000000
> --- a/package/webkitgtk/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
> +++ /dev/null
> @@ -1,32 +0,0 @@
> -From b0c63502f004db68b485354967bb1c56c071f4eb Mon Sep 17 00:00:00 2001
> -From: Adrian Perez de Castro <aperez@igalia.com>
> -Date: Tue, 31 May 2022 00:48:21 +0300
> -Subject: [PATCH] Build failure when cross-building for 64-bit ARM
> - https://bugs.webkit.org/show_bug.cgi?id=241109
> -
> -Unreviewed build fix.
> -
> -* Source/WebCore/bindings/js/JSDOMMapLike.cpp: Add missing
> - JavaScriptCore/HashMapImplInlines.h header inclusion.
> -
> -Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
> -Upstream status: https://github.com/WebKit/WebKit/pull/1165
> ----
> - Source/WebCore/bindings/js/JSDOMMapLike.cpp | 1 +
> - 1 file changed, 1 insertion(+)
> -
> -diff --git a/Source/WebCore/bindings/js/JSDOMMapLike.cpp b/Source/WebCore/bindings/js/JSDOMMapLike.cpp
> -index e132c39fa54..2cb4b1b59a3 100644
> ---- a/Source/WebCore/bindings/js/JSDOMMapLike.cpp
> -+++ b/Source/WebCore/bindings/js/JSDOMMapLike.cpp
> -@@ -28,6 +28,7 @@
> -
> - #include "WebCoreJSClientData.h"
> - #include <JavaScriptCore/CatchScope.h>
> -+#include <JavaScriptCore/HashMapImplInlines.h>
> - #include <JavaScriptCore/JSMap.h>
> - #include <JavaScriptCore/VMTrapsInlines.h>
> -
> ---
> -2.36.1
> -
> diff --git a/package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch b/package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
> new file mode 100644
> index 0000000000..d1edd36660
> --- /dev/null
> +++ b/package/webkitgtk/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
> @@ -0,0 +1,58 @@
> +From a780527a1b79538f1e1f5144e9b522d0927a2312 Mon Sep 17 00:00:00 2001
> +From: Adrian Perez de Castro <aperez@igalia.com>
> +Date: Wed, 13 Jul 2022 00:53:48 +0300
> +Subject: [PATCH] Revert "Merge r295034 - WebKitTestRunner shouldn't link
> + object files of JavaScriptCore and WebCore"
> +
> +This reverts commit 7916fda00b347ff263fbfe72c065032d1d9b523c.
> +
> +Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
> +[Upstream status: https://bugs.webkit.org/show_bug.cgi?id=241002]
> +
> +---
> + Source/JavaScriptCore/CMakeLists.txt | 12 +++++++++---
> + Tools/WebKitTestRunner/CMakeLists.txt | 1 -
> + Tools/WebKitTestRunner/PlatformGTK.cmake | 4 ++++
> + Tools/WebKitTestRunner/PlatformWin.cmake | 4 ++++
> + 4 files changed, 17 insertions(+), 4 deletions(-)
> +
> +diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
> +index 95a1300ce1b3..238208eb1137 100644
> +--- a/Source/JavaScriptCore/CMakeLists.txt
> ++++ b/Source/JavaScriptCore/CMakeLists.txt
> +@@ -456,7 +456,7 @@ if (MSVC AND NOT ENABLE_C_LOOP)
> + COMMAND ${MASM_EXECUTABLE} ${LLINT_MASM_FLAGS} ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.obj ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.asm
> + VERBATIM)
> + list(APPEND JavaScriptCore_SOURCES ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.obj)
> +- add_library(LowLevelInterpreterLib STATIC llint/LowLevelInterpreter.cpp)
> ++ add_library(LowLevelInterpreterLib OBJECT llint/LowLevelInterpreter.cpp)
> + else ()
> + # As there's poor toolchain support for using `.file` directives in
> + # inline asm (i.e. there's no way to avoid clashes with the `.file`
> +@@ -465,7 +465,7 @@ else ()
> + # an object file. We only need to do this for LowLevelInterpreter.cpp
> + # and cmake doesn't allow us to introduce a compiler wrapper for a
> + # single source file, so we need to create a separate target for it.
> +- add_library(LowLevelInterpreterLib STATIC llint/LowLevelInterpreter.cpp
> ++ add_library(LowLevelInterpreterLib OBJECT llint/LowLevelInterpreter.cpp
> + ${JavaScriptCore_DERIVED_SOURCES_DIR}/${LLIntOutput})
> + endif ()
> +
> +@@ -1496,7 +1496,13 @@ if (CMAKE_COMPILER_IS_GNUCXX AND GCC_OFFLINEASM_SOURCE_MAP)
> + COMPILE_OPTIONS "-fno-lto")
> + endif ()
> +
> +-list(APPEND JavaScriptCore_PRIVATE_LIBRARIES LowLevelInterpreterLib)
> ++# When building JavaScriptCore as an object library, we need to make sure the
> ++# lowlevelinterpreter lib objects get propogated.
> ++if (${JavaScriptCore_LIBRARY_TYPE} STREQUAL "OBJECT")
> ++ list(APPEND JavaScriptCore_PRIVATE_LIBRARIES $<TARGET_OBJECTS:LowLevelInterpreterLib>)
> ++else ()
> ++ list(APPEND JavaScriptCore_SOURCES $<TARGET_OBJECTS:LowLevelInterpreterLib>)
> ++endif ()
> +
> + WEBKIT_COMPUTE_SOURCES(JavaScriptCore)
> + list(APPEND JavaScriptCore_SOURCES
> +--
> +2.37.1
> +
> diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
> index 1176bbc7a1..7f67ef4a7a 100644
> --- a/package/webkitgtk/webkitgtk.hash
> +++ b/package/webkitgtk/webkitgtk.hash
> @@ -1,7 +1,7 @@
> -# From https://webkitgtk.org/releases/webkitgtk-2.36.3.tar.xz.sums
> -md5 8ad4b1bfbbe3115ee163a8b2ba7b908f webkitgtk-2.36.3.tar.xz
> -sha1 59ee6ee820be360ad57391870fa158064091c525 webkitgtk-2.36.3.tar.xz
> -sha256 732fcf8c4ec644b8ed28b46ebbd7c1ebab9d9e0afea9bdf5e5d12786afc478d1 webkitgtk-2.36.3.tar.xz
> +# From https://webkitgtk.org/releases/webkitgtk-2.36.4.tar.xz.sums
> +md5 bb5f96d54804e22fd52478665d1dac7a webkitgtk-2.36.4.tar.xz
> +sha1 c4f2d3c8581d1abe2a959e99f2846bea5d5ddf3c webkitgtk-2.36.4.tar.xz
> +sha256 b6bebe1f85a479d968c19e44a4704622ef8cef61636ad1b2406b77d16ae2e2a8 webkitgtk-2.36.4.tar.xz
>
> # Hashes for license files:
> sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
> index 07fc98c5f6..cbe36720da 100644
> --- a/package/webkitgtk/webkitgtk.mk
> +++ b/package/webkitgtk/webkitgtk.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WEBKITGTK_VERSION = 2.36.3
> +WEBKITGTK_VERSION = 2.36.4
> WEBKITGTK_SITE = https://www.webkitgtk.org/releases
> WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
> WEBKITGTK_INSTALL_STAGING = YES
> --
> 2.37.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4
2022-07-13 13:29 [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4 Adrian Perez de Castro
2022-07-16 15:35 ` Yann E. MORIN
@ 2022-08-03 20:46 ` Peter Korsgaard
2022-08-04 6:45 ` Adrian Perez de Castro
1 sibling, 1 reply; 5+ messages in thread
From: Peter Korsgaard @ 2022-08-03 20:46 UTC (permalink / raw)
To: Adrian Perez de Castro; +Cc: buildroot
>>>>> "Adrian" == Adrian Perez de Castro <aperez@igalia.com> writes:
> Bugfix release, fixes a WebKitWebProcess leak, MPRIS/MediaSession
> support, adds a missing ATSPI a11y interface, and security patches
> for CVE-2022-22677 and CVE-2022-26710.
> Release notes:
> https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
> Accompanying security advisory:
> https://webkitgtk.org/security/WSA-2022-0006.html
> One patch is now included in the packaged release, and another with a
> build fix imported, which is actually a revert of a patch that made it
> into the release but can cause linking issues when using LTO.
> Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Committed to 2022.05.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4
2022-08-03 20:46 ` Peter Korsgaard
@ 2022-08-04 6:45 ` Adrian Perez de Castro
2022-08-04 14:40 ` Peter Korsgaard
0 siblings, 1 reply; 5+ messages in thread
From: Adrian Perez de Castro @ 2022-08-04 6:45 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 1334 bytes --]
Hello Peter,
On Wed, 03 Aug 2022 22:46:44 +0200 Peter Korsgaard <peter@korsgaard.com> wrote:
> >>>>> "Adrian" == Adrian Perez de Castro <aperez@igalia.com> writes:
>
> > Bugfix release, fixes a WebKitWebProcess leak, MPRIS/MediaSession
> > support, adds a missing ATSPI a11y interface, and security patches
> > for CVE-2022-22677 and CVE-2022-26710.
>
> > Release notes:
>
> > https://webkitgtk.org/2022/07/05/webkitgtk2.36.4-released.html
>
> > Accompanying security advisory:
>
> > https://webkitgtk.org/security/WSA-2022-0006.html
>
> > One patch is now included in the packaged release, and another with a
> > build fix imported, which is actually a revert of a patch that made it
> > into the release but can cause linking issues when using LTO.
>
> > Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
>
> Committed to 2022.05.x and 2022.02.x, thanks.
I suppose you may have seen them already: I have also submitted updates
for webkitgtk and wpewebkit to update them to version 2.36.5, which also
has security fixes. The patches are these:
https://patchwork.ozlabs.org/project/buildroot/patch/20220729052809.793581-1-aperez@igalia.com/
https://patchwork.ozlabs.org/project/buildroot/patch/20220729052145.792037-1-aperez@igalia.com/
They are both already in "master" :-)
Cheers,
—Adrián
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-08-04 14:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-13 13:29 [Buildroot] [PATCH 1/1] package/webkitgtk: security bump to version 2.36.4 Adrian Perez de Castro
2022-07-16 15:35 ` Yann E. MORIN
2022-08-03 20:46 ` Peter Korsgaard
2022-08-04 6:45 ` Adrian Perez de Castro
2022-08-04 14:40 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox