* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3
@ 2020-01-28 7:23 Peter Korsgaard
2020-01-28 7:23 ` [Buildroot] [PATCH 2/2] package/wpewebkit: " Peter Korsgaard
` (3 more replies)
0 siblings, 4 replies; 7+ messages in thread
From: Peter Korsgaard @ 2020-01-28 7:23 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../0001-Fix-build-with-icu-65.1.patch | 76 -------------------
package/webkitgtk/webkitgtk.hash | 8 +-
package/webkitgtk/webkitgtk.mk | 2 +-
3 files changed, 5 insertions(+), 81 deletions(-)
delete mode 100644 package/webkitgtk/0001-Fix-build-with-icu-65.1.patch
diff --git a/package/webkitgtk/0001-Fix-build-with-icu-65.1.patch b/package/webkitgtk/0001-Fix-build-with-icu-65.1.patch
deleted file mode 100644
index 207e10491a..0000000000
--- a/package/webkitgtk/0001-Fix-build-with-icu-65.1.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 730b80e691a4b9dd0e9727cfcd9806dfa542397b Mon Sep 17 00:00:00 2001
-From: "commit-queue at webkit.org"
- <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
-Date: Fri, 4 Oct 2019 21:51:37 +0000
-Subject: [PATCH] Fix build with icu 65.1
- https://bugs.webkit.org/show_bug.cgi?id=202600
-
-Patch by Heiko Becker <heirecka@exherbo.org> on 2019-10-04
-Reviewed by Konstantin Tokarev.
-
-Source/WebCore:
-
-* dom/Document.cpp:
-(WebCore::isValidNameNonASCII):
-(WebCore::Document::parseQualifiedName):
-
-Source/WTF:
-
-* wtf/URLHelpers.cpp:
-(WTF::URLHelpers::allCharactersInIDNScriptWhiteList):
-
-git-svn-id: http://svn.webkit.org/repository/webkit/trunk at 250747 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-[aperez at igalia.com: backport from upstream webkit commit
-730b80e691a4b9dd0e9727cfcd9806dfa542397b]
-Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
----
- Source/WTF/ChangeLog | 10 ++++++++++
- Source/WTF/wtf/URLHelpers.cpp | 2 +-
- Source/WebCore/ChangeLog | 11 +++++++++++
- Source/WebCore/dom/Document.cpp | 6 +++---
- 4 files changed, 25 insertions(+), 4 deletions(-)
-
-diff --git a/Source/WTF/wtf/URLHelpers.cpp b/Source/WTF/wtf/URLHelpers.cpp
-index 18e7f13cd61..c584f1a0cb7 100644
---- a/Source/WTF/wtf/URLHelpers.cpp
-+++ b/Source/WTF/wtf/URLHelpers.cpp
-@@ -301,7 +301,7 @@ static bool allCharactersInIDNScriptWhiteList(const UChar* buffer, int32_t lengt
- Optional<UChar32> previousCodePoint;
- while (i < length) {
- UChar32 c;
-- U16_NEXT(buffer, i, length, c)
-+ U16_NEXT(buffer, i, length, c);
- UErrorCode error = U_ZERO_ERROR;
- UScriptCode script = uscript_getScript(c, &error);
- if (error != U_ZERO_ERROR) {
-diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
-index 2443e24c9bc..1fbb3a71600 100644
---- a/Source/WebCore/dom/Document.cpp
-+++ b/Source/WebCore/dom/Document.cpp
-@@ -4954,12 +4954,12 @@ static bool isValidNameNonASCII(const UChar* characters, unsigned length)
- unsigned i = 0;
-
- UChar32 c;
-- U16_NEXT(characters, i, length, c)
-+ U16_NEXT(characters, i, length, c);
- if (!isValidNameStart(c))
- return false;
-
- while (i < length) {
-- U16_NEXT(characters, i, length, c)
-+ U16_NEXT(characters, i, length, c);
- if (!isValidNamePart(c))
- return false;
- }
-@@ -5019,7 +5019,7 @@ ExceptionOr<std::pair<AtomString, AtomString>> Document::parseQualifiedName(cons
-
- for (unsigned i = 0; i < length; ) {
- UChar32 c;
-- U16_NEXT(qualifiedName, i, length, c)
-+ U16_NEXT(qualifiedName, i, length, c);
- if (c == ':') {
- if (sawColon)
- return Exception { InvalidCharacterError };
---
-2.20.1
-
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 71642ad144..13d8742b7f 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,7 +1,7 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.26.2.tar.xz.sums
-md5 65e06fe73ee166447894aaea95038e3b webkitgtk-2.26.2.tar.xz
-sha1 5bd1ccb436c76fd1edb83afd5bec377de5655d45 webkitgtk-2.26.2.tar.xz
-sha256 6b80f0637a80818559ac8fd50db3b394f41cb61904fb9b3ed65fa51635806512 webkitgtk-2.26.2.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.26.3.tar.xz.sums
+md5 4c27d59a032710dae3cffa5990bb6aea webkitgtk-2.26.3.tar.xz
+sha1 8d5a7b4f330788847f85e1b2cb6191435dcf9f28 webkitgtk-2.26.3.tar.xz
+sha256 add51153943cc11d90a7038d0ea5f6332281e6c0be0640f802a211b035f0e611 webkitgtk-2.26.3.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index 27ae8c1e5a..389c16de4a 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WEBKITGTK_VERSION = 2.26.2
+WEBKITGTK_VERSION = 2.26.3
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: security bump to version 2.26.3
2020-01-28 7:23 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3 Peter Korsgaard
@ 2020-01-28 7:23 ` Peter Korsgaard
2020-01-28 22:26 ` Peter Korsgaard
2020-03-07 11:11 ` Peter Korsgaard
2020-01-28 22:26 ` [Buildroot] [PATCH 1/2] package/webkitgtk: " Peter Korsgaard
` (2 subsequent siblings)
3 siblings, 2 replies; 7+ messages in thread
From: Peter Korsgaard @ 2020-01-28 7:23 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2019-8835: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8844: Multiple memory corruption issues were addressed with
improved memory handling
- CVE-2019-8846: A use after free issue was addressed with improved memory
management
For details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0001.html
Drop now upstreamed patch.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
.../0002-Fix-build-with-icu-65.1.patch | 76 -------------------
package/wpewebkit/wpewebkit.hash | 8 +-
package/wpewebkit/wpewebkit.mk | 2 +-
3 files changed, 5 insertions(+), 81 deletions(-)
delete mode 100644 package/wpewebkit/0002-Fix-build-with-icu-65.1.patch
diff --git a/package/wpewebkit/0002-Fix-build-with-icu-65.1.patch b/package/wpewebkit/0002-Fix-build-with-icu-65.1.patch
deleted file mode 100644
index 7d4d23d472..0000000000
--- a/package/wpewebkit/0002-Fix-build-with-icu-65.1.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From 730b80e691a4b9dd0e9727cfcd9806dfa542397b Mon Sep 17 00:00:00 2001
-From: "commit-queue at webkit.org"
- <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
-Date: Fri, 4 Oct 2019 21:51:37 +0000
-Subject: [PATCH] Fix build with icu 65.1
- https://bugs.webkit.org/show_bug.cgi?id=202600
-
-Patch by Heiko Becker <heirecka@exherbo.org> on 2019-10-04
-Reviewed by Konstantin Tokarev.
-
-Source/WebCore:
-
-* dom/Document.cpp:
-(WebCore::isValidNameNonASCII):
-(WebCore::Document::parseQualifiedName):
-
-Source/WTF:
-
-* wtf/URLHelpers.cpp:
-(WTF::URLHelpers::allCharactersInIDNScriptWhiteList):
-
-git-svn-id: http://svn.webkit.org/repository/webkit/trunk at 250747 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-[james.hilliard1 at gmail.com: backport from upstream webkit commit
-730b80e691a4b9dd0e9727cfcd9806dfa542397b]
-Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
----
- Source/WTF/ChangeLog | 10 ++++++++++
- Source/WTF/wtf/URLHelpers.cpp | 2 +-
- Source/WebCore/ChangeLog | 11 +++++++++++
- Source/WebCore/dom/Document.cpp | 6 +++---
- 4 files changed, 25 insertions(+), 4 deletions(-)
-
-diff --git a/Source/WTF/wtf/URLHelpers.cpp b/Source/WTF/wtf/URLHelpers.cpp
-index 18e7f13cd61..c584f1a0cb7 100644
---- a/Source/WTF/wtf/URLHelpers.cpp
-+++ b/Source/WTF/wtf/URLHelpers.cpp
-@@ -301,7 +301,7 @@ static bool allCharactersInIDNScriptWhiteList(const UChar* buffer, int32_t lengt
- Optional<UChar32> previousCodePoint;
- while (i < length) {
- UChar32 c;
-- U16_NEXT(buffer, i, length, c)
-+ U16_NEXT(buffer, i, length, c);
- UErrorCode error = U_ZERO_ERROR;
- UScriptCode script = uscript_getScript(c, &error);
- if (error != U_ZERO_ERROR) {
-diff --git a/Source/WebCore/dom/Document.cpp b/Source/WebCore/dom/Document.cpp
-index 2443e24c9bc..1fbb3a71600 100644
---- a/Source/WebCore/dom/Document.cpp
-+++ b/Source/WebCore/dom/Document.cpp
-@@ -4954,12 +4954,12 @@ static bool isValidNameNonASCII(const UChar* characters, unsigned length)
- unsigned i = 0;
-
- UChar32 c;
-- U16_NEXT(characters, i, length, c)
-+ U16_NEXT(characters, i, length, c);
- if (!isValidNameStart(c))
- return false;
-
- while (i < length) {
-- U16_NEXT(characters, i, length, c)
-+ U16_NEXT(characters, i, length, c);
- if (!isValidNamePart(c))
- return false;
- }
-@@ -5019,7 +5019,7 @@ ExceptionOr<std::pair<AtomString, AtomString>> Document::parseQualifiedName(cons
-
- for (unsigned i = 0; i < length; ) {
- UChar32 c;
-- U16_NEXT(qualifiedName, i, length, c)
-+ U16_NEXT(qualifiedName, i, length, c);
- if (c == ':') {
- if (sawColon)
- return Exception { InvalidCharacterError };
---
-2.20.1
-
diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
index 85a3271874..07a06466d0 100644
--- a/package/wpewebkit/wpewebkit.hash
+++ b/package/wpewebkit/wpewebkit.hash
@@ -1,7 +1,7 @@
-# From https://wpewebkit.org/releases/wpewebkit-2.26.2.tar.xz.sums
-md5 057cc2647231e90c8197873df9a9f54c wpewebkit-2.26.2.tar.xz
-sha1 eca4e35af2c2e70bd36a9bdef3bfbbfbd417210c wpewebkit-2.26.2.tar.xz
-sha256 dd4fce390f1721d8d6d017fa712adb990f7230bde84a1b7d27327bd589053fdd wpewebkit-2.26.2.tar.xz
+# From https://wpewebkit.org/releases/wpewebkit-2.26.3.tar.xz.sums
+md5 735beb5c1f825d5feda2e355aca6bec0 wpewebkit-2.26.3.tar.xz
+sha1 aeda665b3a137ac748ff1d08ce9e4c751f7caf97 wpewebkit-2.26.3.tar.xz
+sha256 2da9fe9c3a8bdfecc4281d848a4eacdd7be8ac5e0fc397020094d68cf32c10b3 wpewebkit-2.26.3.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
index d732938b57..cf45b68943 100644
--- a/package/wpewebkit/wpewebkit.mk
+++ b/package/wpewebkit/wpewebkit.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WPEWEBKIT_VERSION = 2.26.2
+WPEWEBKIT_VERSION = 2.26.3
WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
WPEWEBKIT_INSTALL_STAGING = YES
--
2.20.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3
2020-01-28 7:23 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3 Peter Korsgaard
2020-01-28 7:23 ` [Buildroot] [PATCH 2/2] package/wpewebkit: " Peter Korsgaard
@ 2020-01-28 22:26 ` Peter Korsgaard
2020-01-30 16:45 ` Adrian Perez de Castro
2020-03-07 11:11 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2020-01-28 22:26 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2019-8835: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8844: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8846: A use after free issue was addressed with improved memory
> management
> For details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0001.html
> Drop now upstreamed patch.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: security bump to version 2.26.3
2020-01-28 7:23 ` [Buildroot] [PATCH 2/2] package/wpewebkit: " Peter Korsgaard
@ 2020-01-28 22:26 ` Peter Korsgaard
2020-03-07 11:11 ` Peter Korsgaard
1 sibling, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2020-01-28 22:26 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2019-8835: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8844: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8846: A use after free issue was addressed with improved memory
> management
> For details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0001.html
> Drop now upstreamed patch.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3
2020-01-28 7:23 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3 Peter Korsgaard
2020-01-28 7:23 ` [Buildroot] [PATCH 2/2] package/wpewebkit: " Peter Korsgaard
2020-01-28 22:26 ` [Buildroot] [PATCH 1/2] package/webkitgtk: " Peter Korsgaard
@ 2020-01-30 16:45 ` Adrian Perez de Castro
2020-03-07 11:11 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Adrian Perez de Castro @ 2020-01-30 16:45 UTC (permalink / raw)
To: buildroot
On Tue, 28 Jan 2020 08:23:21 +0100, Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> - CVE-2019-8835: Multiple memory corruption issues were addressed with
> improved memory handling
>
> - CVE-2019-8844: Multiple memory corruption issues were addressed with
> improved memory handling
>
> - CVE-2019-8846: A use after free issue was addressed with improved memory
> management
>
> For details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0001.html
>
> Drop now upstreamed patch.
Thanks a lot for doing these version bumps. I've been a few days off and
was planning to submit patches today, when I suddenly noticed that the
packages had already been updated. Nice!
?Adri?n
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200130/db7a12da/attachment.asc>
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3
2020-01-28 7:23 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3 Peter Korsgaard
` (2 preceding siblings ...)
2020-01-30 16:45 ` Adrian Perez de Castro
@ 2020-03-07 11:11 ` Peter Korsgaard
3 siblings, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2020-03-07 11:11 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2019-8835: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8844: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8846: A use after free issue was addressed with improved memory
> management
> For details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0001.html
> Drop now upstreamed patch.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
* [Buildroot] [PATCH 2/2] package/wpewebkit: security bump to version 2.26.3
2020-01-28 7:23 ` [Buildroot] [PATCH 2/2] package/wpewebkit: " Peter Korsgaard
2020-01-28 22:26 ` Peter Korsgaard
@ 2020-03-07 11:11 ` Peter Korsgaard
1 sibling, 0 replies; 7+ messages in thread
From: Peter Korsgaard @ 2020-03-07 11:11 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2019-8835: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8844: Multiple memory corruption issues were addressed with
> improved memory handling
> - CVE-2019-8846: A use after free issue was addressed with improved memory
> management
> For details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0001.html
> Drop now upstreamed patch.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2020-03-07 11:11 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-01-28 7:23 [Buildroot] [PATCH 1/2] package/webkitgtk: security bump to version 2.26.3 Peter Korsgaard
2020-01-28 7:23 ` [Buildroot] [PATCH 2/2] package/wpewebkit: " Peter Korsgaard
2020-01-28 22:26 ` Peter Korsgaard
2020-03-07 11:11 ` Peter Korsgaard
2020-01-28 22:26 ` [Buildroot] [PATCH 1/2] package/webkitgtk: " Peter Korsgaard
2020-01-30 16:45 ` Adrian Perez de Castro
2020-03-07 11:11 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.