Message ID | 20240831120707.471306-1-thomas@devoogdt.com |
---|---|
State | Changes Requested |
Headers | show |
Series | [v1] package/webkitgtk: bump to 2.44.3 | expand |
Hi Thomas, Thanks for working on this update. There is one issue that needs addressing, though... On Sat, 31 Aug 2024 14:07:07 +0200 Thomas Devoogdt <thomas@devoogdt.com> wrote: > Bugfix release with many security fixes, including (but not limited to) > patches for CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, > CVE-2024-40789, and CVE-2024-4558. > > Release notes: > > https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html. Alongside with the announcement, we found a couple of issues that need importing a couple of patches, both of which are already present in the webkitglib/2.44 release branch. I sent an e-mail to let packagers know a couple of weeks ago: https://lists.webkit.org/pipermail/webkit-gtk/2024-August/004002.html The two patches you would need to add are these: https://github.com/WebKit/WebKit/commit/9140ce712aa87091613874d802787ab476be0e39 https://github.com/WebKit/WebKit/commit/4854b944b345990e4100319662777856fe8ea4aa Otherwise, changes LGTM. Also, another tidbit: I am planning to release 2.44.4 next week, which will be the last version from the series, and in a few weeks more we are planning to release 2.46.0 as well -- just a heads up in case it may be preferable to wait until either version. Cheers, —Adrián
Hello Adrian, On Sun, 1 Sep 2024 17:13:38 +0300 Adrian Perez de Castro <aperez@igalia.com> wrote: > Alongside with the announcement, we found a couple of issues that need > importing a couple of patches, both of which are already present in the > webkitglib/2.44 release branch. I sent an e-mail to let packagers know a > couple of weeks ago: > > https://lists.webkit.org/pipermail/webkit-gtk/2024-August/004002.html > > The two patches you would need to add are these: > > https://github.com/WebKit/WebKit/commit/9140ce712aa87091613874d802787ab476be0e39 > https://github.com/WebKit/WebKit/commit/4854b944b345990e4100319662777856fe8ea4aa Thanks for the heads up. I think the second patch isn't strictly needed in our case, because we don't support building with Clang. > Also, another tidbit: I am planning to release 2.44.4 next week, which > will be the last version from the series, and in a few weeks more we > are planning to release 2.46.0 as well -- just a heads up in case it may > be preferable to wait until either version. Let's update to 2.44.4 when it's available then! Thomas
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash index 7da0e97e5d..b81a4c2793 100644 --- a/package/webkitgtk/webkitgtk.hash +++ b/package/webkitgtk/webkitgtk.hash @@ -1,6 +1,6 @@ -# From https://www.webkitgtk.org/releases/webkitgtk-2.44.2.tar.xz.sums -sha1 e62b2c545011a2f180a914529a68950c4d34a2ee webkitgtk-2.44.2.tar.xz -sha256 523f42c8ff24832add17631f6eaafe8f9303afe316ef1a7e1844b952a7f7521b webkitgtk-2.44.2.tar.xz +# From https://www.webkitgtk.org/releases/webkitgtk-2.44.3.tar.xz.sums +sha1 c9bcb2097d8f774b2c64ca650a4f8a6365ff54f6 webkitgtk-2.44.3.tar.xz +sha256 dc82d042ecaca981a4852357c06e5235743319cf10a94cd36ad41b97883a0b54 webkitgtk-2.44.3.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk index 5115f3eec5..ff39ee01e1 100644 --- a/package/webkitgtk/webkitgtk.mk +++ b/package/webkitgtk/webkitgtk.mk @@ -4,7 +4,7 @@ # ################################################################################ -WEBKITGTK_VERSION = 2.44.2 +WEBKITGTK_VERSION = 2.44.3 WEBKITGTK_SITE = https://www.webkitgtk.org/releases WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz WEBKITGTK_INSTALL_STAGING = YES
Bugfix release with many security fixes, including (but not limited to) patches for CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, CVE-2024-40782, CVE-2024-40789, and CVE-2024-4558. Release notes: https://webkitgtk.org/2024/08/13/webkitgtk2.44.3-released.html. Accompanying security advisory: https://webkitgtk.org/security/WSA-2024-0004.html Signed-off-by: Thomas Devoogdt <thomas@devoogdt.com> --- package/webkitgtk/webkitgtk.hash | 6 +++--- package/webkitgtk/webkitgtk.mk | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-)