From patchwork Fri Oct 27 16:10:33 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adrian Perez de Castro X-Patchwork-Id: 831383 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=igalia.com header.i=@igalia.com header.b="A3c21GoF"; dkim-atps=neutral Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yNplB2b8Nz9t3r for ; Sat, 28 Oct 2017 03:11:01 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 8F10F8A349; Fri, 27 Oct 2017 16:10:57 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6lJKGiEsLB5g; Fri, 27 Oct 2017 16:10:54 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 9D7878A31D; Fri, 27 Oct 2017 16:10:54 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 909A31C143E for ; Fri, 27 Oct 2017 16:10:52 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 8AB7726715 for ; Fri, 27 Oct 2017 16:10:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUjIl0unjliZ for ; Fri, 27 Oct 2017 16:10:50 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from fanzine.igalia.com (fanzine.igalia.com [91.117.99.155]) by silver.osuosl.org (Postfix) with ESMTPS id 6659A2614D for ; Fri, 27 Oct 2017 16:10:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com; s=20170329; h=Message-Id:Date:Subject:Cc:To:From; bh=MZqVo9BxBmGnKv9p/9+Q4CynPasgOopZdefeIcxriiE=; b=A3c21GoFk4lusWacY6S6xs/KRNM3Nj1xmVMa6QDo6j73tV8b35iiXYBaxlnANv44zkPXK/JdHtXl27a7vR0q8d4gDc/8HOPOGxoS+ZXY0AfvQVP9hhVK36HpeTWBfIsLCI8Wnwmuk2xXsm1sNXuwjgyEkQD0VQSklsBGaq12hS+QXn1D3MFLrZlERZpNM5X+vE5ZGQNbfMYFgWghChjss2aSVjdk/McKa1MMkxHO3iAfranfGZQ8Fi0MTy9K4s3gcC/+AoOFmRWzzz+cCpLoFRPTFtccibfFZO4S8cHNhGNZnSJrPOSX7o1kFttlsWDgZN4OSyR183jngXnnoNFGOw==; Received: from 83-245-224-170-nat-p.elisa-mobile.fi ([83.245.224.170] helo=momiji) by fanzine.igalia.com with esmtpsa (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim) id 1e87Db-0005U6-1R; Fri, 27 Oct 2017 18:10:47 +0200 Received: from localhost (momiji [local]) by momiji (OpenSMTPD) with ESMTPA id b505d014; Fri, 27 Oct 2017 16:10:34 +0000 (UTC) From: Adrian Perez de Castro To: buildroot@buildroot.org Date: Fri, 27 Oct 2017 19:10:33 +0300 Message-Id: <20171027161033.8582-1-aperez@igalia.com> X-Mailer: git-send-email 2.14.3 Cc: Adrian Perez de Castro Subject: [Buildroot] [PATCH 1/1] webkitgtk: security bump to version 2.18.2 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This is a maintenance release of the current stable WebKitGTK+ version, which contains bugfixes; mostly for crashes and rendering issues, plus one important fix for the layout or Arabic text. Release notes: https://webkitgtk.org/2017/10/27/webkitgtk2.18.2-released.html Even though an acconpanying security advisory has not been published for this release, the release contains fixes for several crashes (one of them for the decoder of the very common GIF image format), which arguably can be considered potential security issues. Signed-off-by: Adrian Perez de Castro --- package/webkitgtk/webkitgtk.hash | 8 ++++---- package/webkitgtk/webkitgtk.mk | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash index f83bd0878a..b1161157e7 100644 --- a/package/webkitgtk/webkitgtk.hash +++ b/package/webkitgtk/webkitgtk.hash @@ -1,4 +1,4 @@ -# From https://webkitgtk.org/releases/webkitgtk-2.18.1.tar.xz.sums -md5 951a6082ada2f7d0292d3251a3f9532b webkitgtk-2.18.1.tar.xz -sha1 5054dd6b8afdc6e98b947e361011d6dca6da74e2 webkitgtk-2.18.1.tar.xz -sha256 9cdb7b302fbc8a2a7e1e783b80391e64f8b12d70d6ebad4eb756dd59bf3ed795 webkitgtk-2.18.1.tar.xz +# From https://webkitgtk.org/releases/webkitgtk-2.18.2.tar.xz.sums +md5 f63b3897d6fbf660bf72dfaca1fdea16 webkitgtk-2.18.2.tar.xz +sha1 75571807a1f8c9efdf62f1c37e9fadf52b73d367 webkitgtk-2.18.2.tar.xz +sha256 b14cb3f1b5321b1dc50abcc0445a97f8e2f8813562bca7ce4d2f8069f6fec8e7 webkitgtk-2.18.2.tar.xz diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk index 55c2dd8cc4..c78f6b38e1 100644 --- a/package/webkitgtk/webkitgtk.mk +++ b/package/webkitgtk/webkitgtk.mk @@ -4,7 +4,7 @@ # ################################################################################ -WEBKITGTK_VERSION = 2.18.1 +WEBKITGTK_VERSION = 2.18.2 WEBKITGTK_SITE = http://www.webkitgtk.org/releases WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz WEBKITGTK_INSTALL_STAGING = YES