* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5
@ 2021-02-16 19:16 Peter Korsgaard
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
` (3 more replies)
0 siblings, 4 replies; 8+ messages in thread
From: Peter Korsgaard @ 2021-02-16 19:16 UTC (permalink / raw)
To: buildroot
Fixes the following security issue:
- CVE-2020-13558: Processing maliciously crafted web content may lead to
arbitrary code execution. Description: A use after free issue in the
AudioSourceProviderGStreamer class was addressed with improved memory
management
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2021-0001.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/webkitgtk/webkitgtk.hash | 8 ++++----
package/webkitgtk/webkitgtk.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 27f0e5a69d..3869058d75 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,7 +1,7 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.30.4.tar.xz.sums
-md5 81c813d77a7b52ef655922f9b387f3a1 webkitgtk-2.30.4.tar.xz
-sha1 330f45d7badf944fb01a3238ebb2ceaad8c2a91f webkitgtk-2.30.4.tar.xz
-sha256 d595a37c5001ff787266b155e303a5f2e5b48a6d466f2714c2f30c11392f7b24 webkitgtk-2.30.4.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.30.5.tar.xz.sums
+md5 c8291af0c5102fff1f73e67f0bff6c87 webkitgtk-2.30.5.tar.xz
+sha1 4fc8753786d7762a3c4ecdc7ea11fc38b5468d6f webkitgtk-2.30.5.tar.xz
+sha256 7d0dab08e3c5ae07bec80b2822ef42e952765d5724cac86eb23999bfed5a7f1f webkitgtk-2.30.5.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index fbb082f51f..8a3be4c95e 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WEBKITGTK_VERSION = 2.30.4
+WEBKITGTK_VERSION = 2.30.5
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5
2021-02-16 19:16 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Peter Korsgaard
@ 2021-02-16 19:16 ` Peter Korsgaard
2021-02-16 20:03 ` Adrian Perez de Castro
` (2 more replies)
2021-02-16 20:02 ` [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Adrian Perez de Castro
` (2 subsequent siblings)
3 siblings, 3 replies; 8+ messages in thread
From: Peter Korsgaard @ 2021-02-16 19:16 UTC (permalink / raw)
To: buildroot
Bugfix release, fixing a number of issues:
- Fix RunLoop objects leaked in worker threads.
- Fix JavaScriptCore AArch64 LLInt build with JIT disabled.
- Use Internet Explorer quirk for Google Docs.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/wpewebkit/wpewebkit.hash | 8 ++++----
package/wpewebkit/wpewebkit.mk | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
index 42bd27f11d..df8ac547b0 100644
--- a/package/wpewebkit/wpewebkit.hash
+++ b/package/wpewebkit/wpewebkit.hash
@@ -1,7 +1,7 @@
-# From https://wpewebkit.org/releases/wpewebkit-2.30.4.tar.xz.sums
-md5 d423a01ffb5be44e6ad59b2cfb9d6eb3 wpewebkit-2.30.4.tar.xz
-sha1 2fdca7b888966ad2ed7d998bef52c9024dae063f wpewebkit-2.30.4.tar.xz
-sha256 1e521d85cf8cf344b9fd08eabad7a1d18a330fb7862a77eaf78d7d7b10d5f6ef wpewebkit-2.30.4.tar.xz
+# From https://wpewebkit.org/releases/wpewebkit-2.30.5.tar.xz.sums
+md5 63a9a7b7f29862ec827a730ba6542e80 wpewebkit-2.30.5.tar.xz
+sha1 33136493672882d56617007d7ce65268cb79bda7 wpewebkit-2.30.5.tar.xz
+sha256 4b577f4f07c34bb5d453d62b7a41d9e937bd3a2827a92dcd6f47c35f27c8359a wpewebkit-2.30.5.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
index 91f137d96f..78f729f824 100644
--- a/package/wpewebkit/wpewebkit.mk
+++ b/package/wpewebkit/wpewebkit.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WPEWEBKIT_VERSION = 2.30.4
+WPEWEBKIT_VERSION = 2.30.5
WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
WPEWEBKIT_INSTALL_STAGING = YES
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
@ 2021-02-16 20:03 ` Adrian Perez de Castro
2021-02-16 20:51 ` Peter Korsgaard
2021-02-17 10:29 ` Peter Korsgaard
2 siblings, 0 replies; 8+ messages in thread
From: Adrian Perez de Castro @ 2021-02-16 20:03 UTC (permalink / raw)
To: buildroot
Hello,
?and let's approve this one as well.
On Tue, 16 Feb 2021 20:16:50 +0100 Peter Korsgaard <peter@korsgaard.com> wrote:
> Bugfix release, fixing a number of issues:
>
> - Fix RunLoop objects leaked in worker threads.
> - Fix JavaScriptCore AArch64 LLInt build with JIT disabled.
> - Use Internet Explorer quirk for Google Docs.
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
> ---
> package/wpewebkit/wpewebkit.hash | 8 ++++----
> package/wpewebkit/wpewebkit.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
> index 42bd27f11d..df8ac547b0 100644
> --- a/package/wpewebkit/wpewebkit.hash
> +++ b/package/wpewebkit/wpewebkit.hash
> @@ -1,7 +1,7 @@
> -# From https://wpewebkit.org/releases/wpewebkit-2.30.4.tar.xz.sums
> -md5 d423a01ffb5be44e6ad59b2cfb9d6eb3 wpewebkit-2.30.4.tar.xz
> -sha1 2fdca7b888966ad2ed7d998bef52c9024dae063f wpewebkit-2.30.4.tar.xz
> -sha256 1e521d85cf8cf344b9fd08eabad7a1d18a330fb7862a77eaf78d7d7b10d5f6ef wpewebkit-2.30.4.tar.xz
> +# From https://wpewebkit.org/releases/wpewebkit-2.30.5.tar.xz.sums
> +md5 63a9a7b7f29862ec827a730ba6542e80 wpewebkit-2.30.5.tar.xz
> +sha1 33136493672882d56617007d7ce65268cb79bda7 wpewebkit-2.30.5.tar.xz
> +sha256 4b577f4f07c34bb5d453d62b7a41d9e937bd3a2827a92dcd6f47c35f27c8359a wpewebkit-2.30.5.tar.xz
>
> # Hashes for license files:
> sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
> index 91f137d96f..78f729f824 100644
> --- a/package/wpewebkit/wpewebkit.mk
> +++ b/package/wpewebkit/wpewebkit.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WPEWEBKIT_VERSION = 2.30.4
> +WPEWEBKIT_VERSION = 2.30.5
> WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
> WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
> WPEWEBKIT_INSTALL_STAGING = YES
> --
> 2.20.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20210216/e8c47d62/attachment.asc>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
2021-02-16 20:03 ` Adrian Perez de Castro
@ 2021-02-16 20:51 ` Peter Korsgaard
2021-02-17 10:29 ` Peter Korsgaard
2 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2021-02-16 20:51 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Bugfix release, fixing a number of issues:
> - Fix RunLoop objects leaked in worker threads.
> - Fix JavaScriptCore AArch64 LLInt build with JIT disabled.
> - Use Internet Explorer quirk for Google Docs.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
2021-02-16 20:03 ` Adrian Perez de Castro
2021-02-16 20:51 ` Peter Korsgaard
@ 2021-02-17 10:29 ` Peter Korsgaard
2 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2021-02-17 10:29 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Bugfix release, fixing a number of issues:
> - Fix RunLoop objects leaked in worker threads.
> - Fix JavaScriptCore AArch64 LLInt build with JIT disabled.
> - Use Internet Explorer quirk for Google Docs.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2020.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5
2021-02-16 19:16 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Peter Korsgaard
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
@ 2021-02-16 20:02 ` Adrian Perez de Castro
2021-02-16 20:51 ` Peter Korsgaard
2021-02-17 10:29 ` Peter Korsgaard
3 siblings, 0 replies; 8+ messages in thread
From: Adrian Perez de Castro @ 2021-02-16 20:02 UTC (permalink / raw)
To: buildroot
Hi,
You were faster than me this time, thanks! o/
On Tue, 16 Feb 2021 20:16:49 +0100 Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issue:
>
> - CVE-2020-13558: Processing maliciously crafted web content may lead to
> arbitrary code execution. Description: A use after free issue in the
> AudioSourceProviderGStreamer class was addressed with improved memory
> management
>
> For more details, see the advisory:
> https://webkitgtk.org/security/WSA-2021-0001.html
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
> ---
> package/webkitgtk/webkitgtk.hash | 8 ++++----
> package/webkitgtk/webkitgtk.mk | 2 +-
> 2 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
> index 27f0e5a69d..3869058d75 100644
> --- a/package/webkitgtk/webkitgtk.hash
> +++ b/package/webkitgtk/webkitgtk.hash
> @@ -1,7 +1,7 @@
> -# From https://webkitgtk.org/releases/webkitgtk-2.30.4.tar.xz.sums
> -md5 81c813d77a7b52ef655922f9b387f3a1 webkitgtk-2.30.4.tar.xz
> -sha1 330f45d7badf944fb01a3238ebb2ceaad8c2a91f webkitgtk-2.30.4.tar.xz
> -sha256 d595a37c5001ff787266b155e303a5f2e5b48a6d466f2714c2f30c11392f7b24 webkitgtk-2.30.4.tar.xz
> +# From https://webkitgtk.org/releases/webkitgtk-2.30.5.tar.xz.sums
> +md5 c8291af0c5102fff1f73e67f0bff6c87 webkitgtk-2.30.5.tar.xz
> +sha1 4fc8753786d7762a3c4ecdc7ea11fc38b5468d6f webkitgtk-2.30.5.tar.xz
> +sha256 7d0dab08e3c5ae07bec80b2822ef42e952765d5724cac86eb23999bfed5a7f1f webkitgtk-2.30.5.tar.xz
>
> # Hashes for license files:
> sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
> index fbb082f51f..8a3be4c95e 100644
> --- a/package/webkitgtk/webkitgtk.mk
> +++ b/package/webkitgtk/webkitgtk.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WEBKITGTK_VERSION = 2.30.4
> +WEBKITGTK_VERSION = 2.30.5
> WEBKITGTK_SITE = https://www.webkitgtk.org/releases
> WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
> WEBKITGTK_INSTALL_STAGING = YES
> --
> 2.20.1
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20210216/d2ef6baa/attachment.asc>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5
2021-02-16 19:16 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Peter Korsgaard
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
2021-02-16 20:02 ` [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Adrian Perez de Castro
@ 2021-02-16 20:51 ` Peter Korsgaard
2021-02-17 10:29 ` Peter Korsgaard
3 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2021-02-16 20:51 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issue:
> - CVE-2020-13558: Processing maliciously crafted web content may lead to
> arbitrary code execution. Description: A use after free issue in the
> AudioSourceProviderGStreamer class was addressed with improved memory
> management
> For more details, see the advisory:
> https://webkitgtk.org/security/WSA-2021-0001.html
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5
2021-02-16 19:16 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Peter Korsgaard
` (2 preceding siblings ...)
2021-02-16 20:51 ` Peter Korsgaard
@ 2021-02-17 10:29 ` Peter Korsgaard
3 siblings, 0 replies; 8+ messages in thread
From: Peter Korsgaard @ 2021-02-17 10:29 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issue:
> - CVE-2020-13558: Processing maliciously crafted web content may lead to
> arbitrary code execution. Description: A use after free issue in the
> AudioSourceProviderGStreamer class was addressed with improved memory
> management
> For more details, see the advisory:
> https://webkitgtk.org/security/WSA-2021-0001.html
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2020.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-02-17 10:29 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-02-16 19:16 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Peter Korsgaard
2021-02-16 19:16 ` [Buildroot] [PATCH 2/2] package/wpewebkit: bump version to 2.30.5 Peter Korsgaard
2021-02-16 20:03 ` Adrian Perez de Castro
2021-02-16 20:51 ` Peter Korsgaard
2021-02-17 10:29 ` Peter Korsgaard
2021-02-16 20:02 ` [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.30.5 Adrian Perez de Castro
2021-02-16 20:51 ` Peter Korsgaard
2021-02-17 10:29 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.