[v1] package/webkitgtk: bump to 2.44.3

Message ID	20240831120707.471306-1-thomas@devoogdt.com
State	Changes Requested
Headers	show Return-Path: <buildroot-bounces@buildroot.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.44; helo=mail-wr1-f44.google.com; envelope-from=thomas.devoogdt@gmail.com; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 7E0EA4079C From: Thomas Devoogdt <thomas@devoogdt.com> To: buildroot@buildroot.org Date: Sat, 31 Aug 2024 14:07:07 +0200 Message-ID: <20240831120707.471306-1-thomas@devoogdt.com> MIME-Version: 1.0 X-Mailman-Original-Authentication-Results: smtp4.osuosl.org; dmarc=none (p=none dis=none) header.from=devoogdt.com Subject: [Buildroot] [PATCH v1] package/webkitgtk: bump to 2.44.3 Precedence: list Cc: Adrian Perez de Castro <aperez@igalia.com>, Thomas Devoogdt <thomas@devoogdt.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	[v1] package/webkitgtk: bump to 2.44.3 \| expand [v1] package/webkitgtk: bump to 2.44.3

Message ID

20240831120707.471306-1-thomas@devoogdt.com

State

Changes Requested

Headers

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=209.85.221.44;
 helo=mail-wr1-f44.google.com; envelope-from=thomas.devoogdt@gmail.com;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.osuosl.org 7E0EA4079C
From: Thomas Devoogdt <thomas@devoogdt.com>
To: buildroot@buildroot.org
Date: Sat, 31 Aug 2024 14:07:07 +0200
Message-ID: <20240831120707.471306-1-thomas@devoogdt.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp4.osuosl.org;
 dmarc=none (p=none dis=none)
 header.from=devoogdt.com
Subject: [Buildroot] [PATCH v1] package/webkitgtk: bump to 2.44.3
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Adrian Perez de Castro <aperez@igalia.com>,
 Thomas Devoogdt <thomas@devoogdt.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

[v1] package/webkitgtk: bump to 2.44.3 | expand

Commit Message

Thomas Devoogdt Aug. 31, 2024, 12:07 p.m. UTC

Bugfix release with many security fixes, including (but not limited to)
patches for CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782,
CVE-2024-40789, and CVE-2024-4558.

Release notes:

  https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html.

Accompanying security advisory:

  https://webkitgtk.org/security/WSA-2024-0004.html

Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com>
---
 package/webkitgtk/webkitgtk.hash | 6 +++---
 package/webkitgtk/webkitgtk.mk   | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

Comments

Adrian Perez de Castro Sept. 1, 2024, 2:13 p.m. UTC | #1

Hi Thomas,

Thanks for working on this update. There is one issue that needs
addressing, though...

On Sat, 31 Aug 2024 14:07:07 +0200 Thomas Devoogdt <thomas@devoogdt.com> wrote:

> Bugfix release with many security fixes, including (but not limited to)
> patches for CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782,
> CVE-2024-40789, and CVE-2024-4558.
> 
> Release notes:
> 
>   https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html.

Alongside with the announcement, we found a couple of issues that need
importing a couple of patches, both of which are already present in the
webkitglib/2.44 release branch. I sent an e-mail to let packagers know a
couple of weeks ago:

  https://lists.webkit.org/pipermail/webkit-gtk/2024-August/004002.html

The two patches you would need to add are these:

  https://github.com/WebKit/WebKit/commit/9140ce712aa87091613874d802787ab476be0e39
  https://github.com/WebKit/WebKit/commit/4854b944b345990e4100319662777856fe8ea4aa

Otherwise, changes LGTM.

Also, another tidbit: I am planning to release 2.44.4 next week, which
will be the last version from the series, and in a few weeks more we
are planning to release 2.46.0 as well -- just a heads up in case it may
be preferable to wait until either version.

Cheers,
—Adrián

Thomas Petazzoni Sept. 5, 2024, 8:47 p.m. UTC | #2

Hello Adrian,

On Sun, 1 Sep 2024 17:13:38 +0300
Adrian Perez de Castro <aperez@igalia.com> wrote:

> Alongside with the announcement, we found a couple of issues that need
> importing a couple of patches, both of which are already present in the
> webkitglib/2.44 release branch. I sent an e-mail to let packagers know a
> couple of weeks ago:
> 
>   https://lists.webkit.org/pipermail/webkit-gtk/2024-August/004002.html
> 
> The two patches you would need to add are these:
> 
>   https://github.com/WebKit/WebKit/commit/9140ce712aa87091613874d802787ab476be0e39
>   https://github.com/WebKit/WebKit/commit/4854b944b345990e4100319662777856fe8ea4aa

Thanks for the heads up. I think the second patch isn't strictly needed
in our case, because we don't support building with Clang.

> Also, another tidbit: I am planning to release 2.44.4 next week, which
> will be the last version from the series, and in a few weeks more we
> are planning to release 2.46.0 as well -- just a heads up in case it may
> be preferable to wait until either version.

Let's update to 2.44.4 when it's available then!

Thomas

diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 7da0e97e5d..b81a4c2793 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,6 +1,6 @@ 
-# From https://www.webkitgtk.org/releases/webkitgtk-2.44.2.tar.xz.sums
-sha1  e62b2c545011a2f180a914529a68950c4d34a2ee  webkitgtk-2.44.2.tar.xz
-sha256  523f42c8ff24832add17631f6eaafe8f9303afe316ef1a7e1844b952a7f7521b  webkitgtk-2.44.2.tar.xz
+# From https://www.webkitgtk.org/releases/webkitgtk-2.44.3.tar.xz.sums
+sha1  c9bcb2097d8f774b2c64ca650a4f8a6365ff54f6  webkitgtk-2.44.3.tar.xz
+sha256  dc82d042ecaca981a4852357c06e5235743319cf10a94cd36ad41b97883a0b54  webkitgtk-2.44.3.tar.xz
 
 # Hashes for license files:
 sha256  0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4  Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index 5115f3eec5..ff39ee01e1 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-WEBKITGTK_VERSION = 2.44.2
+WEBKITGTK_VERSION = 2.44.3
 WEBKITGTK_SITE = https://www.webkitgtk.org/releases
 WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
 WEBKITGTK_INSTALL_STAGING = YES

[v1] package/webkitgtk: bump to 2.44.3

Commit Message

Comments

Patch