Hi all, Thomas,

On Wed, 21 Sep 2022 20:18:54 +0200 Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:

> On Wed, 21 Sep 2022 02:00:29 +0300
> Adrian Perez de Castro <aperez@igalia.com> wrote:
> 
> > Update to a new major release which brings in improvements and a few
> > new features. Release notes:
> > 
> >   https://wpewebkit.org/release/wpewebkit-2.38.0.html
> > 
> > This release also includes security fixes for CVE-2022-32886,
> > CVE-2022-32891, and CVE-2022-32912. Accompanying security advisory:
> > 
> >   https://wpewebkit.org/security/WSA-2022-0009.html
> 
> According to this page, CVE-2022-32891 only affects versions up 2.36.5,
> and we're using 2.36.7 in Buildroot.
> 
> Also according to this page, the two other CVEs have been fixed in
> 2.36.8.
> 
> So, could you rework this patch series to:
> 
>  - Have a first patch "package/wpewebkit: security bump to version
>    2.36.8", which does bump to 2.36.8
> 
>  - Has the patches updating libwpe, wpebackend-fdo.
> 
>  - Has the patch updating wpewebkit to 2.38.0
> 
> Indeed, we will want to backport the 2.36.8 bump to our stable branch,
> as it contains security fixes.

Patch series updated, it took me a bit to get hardware out of the closet
to test a 32-bit NEON build with the patch that I am now including in
the 2.36.8 update (as requested by Michael) :-}

Here it is:

  https://patchwork.ozlabs.org/project/buildroot/list/?series=321327

Cheers,
—Adrián