* [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7
@ 2020-02-15 15:09 Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4 Peter Korsgaard
` (4 more replies)
0 siblings, 5 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-15 15:09 UTC (permalink / raw)
To: buildroot
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/webkitgtk/Config.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/webkitgtk/Config.in b/package/webkitgtk/Config.in
index 4f10466c1f..86f58821a3 100644
--- a/package/webkitgtk/Config.in
+++ b/package/webkitgtk/Config.in
@@ -12,17 +12,17 @@ config BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_SYNC_4
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
-comment "webkitgtk needs libgtk3 and a glibc toolchain w/ C++, gcc >= 6"
+comment "webkitgtk needs libgtk3 and a glibc toolchain w/ C++, gcc >= 7"
depends on BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS
depends on !BR2_PACKAGE_LIBGTK3 || !BR2_INSTALL_LIBSTDCPP || \
!BR2_TOOLCHAIN_USES_GLIBC || \
- !BR2_TOOLCHAIN_GCC_AT_LEAST_6
+ !BR2_TOOLCHAIN_GCC_AT_LEAST_7
depends on BR2_USE_MMU
config BR2_PACKAGE_WEBKITGTK
bool "webkitgtk"
depends on BR2_INSTALL_LIBSTDCPP
- depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7
depends on BR2_TOOLCHAIN_USES_GLIBC
depends on BR2_PACKAGE_LIBGTK3
depends on BR2_PACKAGE_WEBKITGTK_ARCH_SUPPORTS
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4
2020-02-15 15:09 [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
@ 2020-02-15 15:09 ` Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:13 ` Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7 Peter Korsgaard
` (3 subsequent siblings)
4 siblings, 2 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-15 15:09 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/webkitgtk/webkitgtk.hash | 12 ++++++------
package/webkitgtk/webkitgtk.mk | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 13d8742b7f..0dfbe93137 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,8 +1,8 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.26.3.tar.xz.sums
-md5 4c27d59a032710dae3cffa5990bb6aea webkitgtk-2.26.3.tar.xz
-sha1 8d5a7b4f330788847f85e1b2cb6191435dcf9f28 webkitgtk-2.26.3.tar.xz
-sha256 add51153943cc11d90a7038d0ea5f6332281e6c0be0640f802a211b035f0e611 webkitgtk-2.26.3.tar.xz
+# From https://webkitgtk.org/releases/webkitgtk-2.26.4.tar.xz.sums
+md5 60f881729f3b71244b7f6e58790073e0 webkitgtk-2.26.4.tar.xz
+sha1 72f209c08ecc8ad4f0f6b767d4fa1be7a652df33 webkitgtk-2.26.4.tar.xz
+sha256 4386900713dfadf9741177210b32623cab22562a79ffd0d446b66569934b113f webkitgtk-2.26.4.tar.xz
# Hashes for license files:
-sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
-sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
+sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
+sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index cbd9003071..cdb6556554 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WEBKITGTK_VERSION = 2.26.3
+WEBKITGTK_VERSION = 2.26.4
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7
2020-02-15 15:09 [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4 Peter Korsgaard
@ 2020-02-15 15:09 ` Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4 Peter Korsgaard
` (2 subsequent siblings)
4 siblings, 2 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-15 15:09 UTC (permalink / raw)
To: buildroot
CMakeLists.txt contains a toolchain check:
if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
endif ()
endif ()
So bump the toolchain dependency to >= GCC 7. The check is really about >=
7.3.0, but we do not have such detailed version checks. Given that GCC
7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
GCC 7.x toolchains probably use >= 7.3.0.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/wpewebkit/Config.in | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/wpewebkit/Config.in b/package/wpewebkit/Config.in
index cc73cce324..f3029976f1 100644
--- a/package/wpewebkit/Config.in
+++ b/package/wpewebkit/Config.in
@@ -12,12 +12,12 @@ config BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_SYNC_4
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
-comment "wpewebkit needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 6"
+comment "wpewebkit needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 7"
depends on BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
depends on !BR2_BINFMT_FLAT
depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR \
|| !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
- || !BR2_TOOLCHAIN_GCC_AT_LEAST_6
+ || !BR2_TOOLCHAIN_GCC_AT_LEAST_7
comment "wpewebkit needs an OpenGL ES w/ EGL-capable Wayland backend"
depends on BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
@@ -31,7 +31,7 @@ config BR2_PACKAGE_WPEWEBKIT
depends on !BR2_BINFMT_FLAT # icu
depends on BR2_INSTALL_LIBSTDCPP # harfbuzz, icu
depends on BR2_TOOLCHAIN_HAS_THREADS # wayland, icu, libsoup
- depends on BR2_TOOLCHAIN_GCC_AT_LEAST_6
+ depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7
depends on BR2_USE_WCHAR # icu, libsoup
depends on BR2_PACKAGE_HAS_LIBGLES # libepoxy
depends on BR2_PACKAGE_HAS_LIBEGL # libepoxy
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4
2020-02-15 15:09 [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4 Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7 Peter Korsgaard
@ 2020-02-15 15:09 ` Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
2020-02-16 11:55 ` [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
4 siblings, 2 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-15 15:09 UTC (permalink / raw)
To: buildroot
Fixes the following security issues:
- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
of service. Description: A denial of service issue was addressed with
improved memory handling.
- CVE-2020-3864: Impact: A DOM object context may not have had a unique
security origin. Description: A logic issue was addressed with improved
validation.
- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
been considered secure. Description: A logic issue was addressed with
improved validation.
- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
to universal cross site scripting. Description: A logic issue was
addressed with improved state management.
- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
to arbitrary code execution. Description: Multiple memory corruption
issues were addressed with improved memory handling.
For more details, see the advisory:
https://wpewebkit.org/security/WSA-2020-0002.html
While we are at it, adjust the white space in the .hash function to match
the new agreements.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/wpewebkit/wpewebkit.hash | 12 ++++++------
package/wpewebkit/wpewebkit.mk | 2 +-
2 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
index 07a06466d0..fd78264914 100644
--- a/package/wpewebkit/wpewebkit.hash
+++ b/package/wpewebkit/wpewebkit.hash
@@ -1,8 +1,8 @@
-# From https://wpewebkit.org/releases/wpewebkit-2.26.3.tar.xz.sums
-md5 735beb5c1f825d5feda2e355aca6bec0 wpewebkit-2.26.3.tar.xz
-sha1 aeda665b3a137ac748ff1d08ce9e4c751f7caf97 wpewebkit-2.26.3.tar.xz
-sha256 2da9fe9c3a8bdfecc4281d848a4eacdd7be8ac5e0fc397020094d68cf32c10b3 wpewebkit-2.26.3.tar.xz
+# From https://wpewebkit.org/releases/wpewebkit-2.26.4.tar.xz.sums
+md5 4cd2883ec9da38a0ffe413bb75239874 wpewebkit-2.26.4.tar.xz
+sha1 337f78ee237fe98c7e6e728d8fc0508069b007be wpewebkit-2.26.4.tar.xz
+sha256 0c292182864b63b725491f1a69b55c03e0e75f6db0875389caff31fe9c0d3ae9 wpewebkit-2.26.4.tar.xz
# Hashes for license files:
-sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
-sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
+sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
+sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
index 8b890301b7..6591c7a0d8 100644
--- a/package/wpewebkit/wpewebkit.mk
+++ b/package/wpewebkit/wpewebkit.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WPEWEBKIT_VERSION = 2.26.3
+WPEWEBKIT_VERSION = 2.26.4
WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
WPEWEBKIT_INSTALL_STAGING = YES
--
2.20.1
^ permalink raw reply related [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7
2020-02-15 15:09 [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
` (2 preceding siblings ...)
2020-02-15 15:09 ` [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4 Peter Korsgaard
@ 2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
4 siblings, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-16 11:55 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CMakeLists.txt contains a toolchain check:
> if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
> if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
> message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
> endif ()
> endif ()
> So bump the toolchain dependency to >= GCC 7. The check is really about >=
> 7.3.0, but we do not have such detailed version checks. Given that GCC
> 7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
> GCC 7.x toolchains probably use >= 7.3.0.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7
2020-02-15 15:09 ` [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7 Peter Korsgaard
@ 2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-16 11:55 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CMakeLists.txt contains a toolchain check:
> if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
> if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
> message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
> endif ()
> endif ()
> So bump the toolchain dependency to >= GCC 7. The check is really about >=
> 7.3.0, but we do not have such detailed version checks. Given that GCC
> 7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
> GCC 7.x toolchains probably use >= 7.3.0.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4
2020-02-15 15:09 ` [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4 Peter Korsgaard
@ 2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-16 11:55 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-3862: Impact: A malicious website may be able to cause a denial
> of service. Description: A denial of service issue was addressed with
> improved memory handling.
> - CVE-2020-3864: Impact: A DOM object context may not have had a unique
> security origin. Description: A logic issue was addressed with improved
> validation.
> - CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
> been considered secure. Description: A logic issue was addressed with
> improved validation.
> - CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
> to universal cross site scripting. Description: A logic issue was
> addressed with improved state management.
> - CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
> to arbitrary code execution. Description: Multiple memory corruption
> issues were addressed with improved memory handling.
> For more details, see the advisory:
> https://wpewebkit.org/security/WSA-2020-0002.html
> While we are at it, adjust the white space in the .hash function to match
> the new agreements.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4
2020-02-15 15:09 ` [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4 Peter Korsgaard
@ 2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:13 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-02-16 11:55 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-3862: Impact: A malicious website may be able to cause a denial
> of service. Description: A denial of service issue was addressed with
> improved memory handling.
> - CVE-2020-3864: Impact: A DOM object context may not have had a unique
> security origin. Description: A logic issue was addressed with improved
> validation.
> - CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
> been considered secure. Description: A logic issue was addressed with
> improved validation.
> - CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
> to universal cross site scripting. Description: A logic issue was
> addressed with improved state management.
> - CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
> to arbitrary code execution. Description: Multiple memory corruption
> issues were addressed with improved memory handling.
> For more details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0002.html
> While we are at it, adjust the white space in the .hash function to match
> the new agreements.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7
2020-02-15 15:09 [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
` (3 preceding siblings ...)
2020-02-16 11:55 ` [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
@ 2020-03-07 11:12 ` Peter Korsgaard
4 siblings, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-03-07 11:12 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CMakeLists.txt contains a toolchain check:
> if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
> if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
> message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
> endif ()
> endif ()
> So bump the toolchain dependency to >= GCC 7. The check is really about >=
> 7.3.0, but we do not have such detailed version checks. Given that GCC
> 7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
> GCC 7.x toolchains probably use >= 7.3.0.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7
2020-02-15 15:09 ` [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7 Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
@ 2020-03-07 11:12 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-03-07 11:12 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CMakeLists.txt contains a toolchain check:
> if (${CMAKE_CXX_COMPILER_ID} STREQUAL "GNU")
> if (${CMAKE_CXX_COMPILER_VERSION} VERSION_LESS "7.3.0")
> message(FATAL_ERROR "GCC 7.3 or newer is required to build WebKit. Use a newer GCC version or Clang.")
> endif ()
> endif ()
> So bump the toolchain dependency to >= GCC 7. The check is really about >=
> 7.3.0, but we do not have such detailed version checks. Given that GCC
> 7.3.0 was released in January 2018 (and 7.1.0 in May 2017), most external
> GCC 7.x toolchains probably use >= 7.3.0.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4
2020-02-15 15:09 ` [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4 Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
@ 2020-03-07 11:12 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-03-07 11:12 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-3862: Impact: A malicious website may be able to cause a denial
> of service. Description: A denial of service issue was addressed with
> improved memory handling.
> - CVE-2020-3864: Impact: A DOM object context may not have had a unique
> security origin. Description: A logic issue was addressed with improved
> validation.
> - CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
> been considered secure. Description: A logic issue was addressed with
> improved validation.
> - CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
> to universal cross site scripting. Description: A logic issue was
> addressed with improved state management.
> - CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
> to arbitrary code execution. Description: Multiple memory corruption
> issues were addressed with improved memory handling.
> For more details, see the advisory:
> https://wpewebkit.org/security/WSA-2020-0002.html
> While we are at it, adjust the white space in the .hash function to match
> the new agreements.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.11.x, thanks.
> ---
> package/wpewebkit/wpewebkit.hash | 12 ++++++------
> package/wpewebkit/wpewebkit.mk | 2 +-
> 2 files changed, 7 insertions(+), 7 deletions(-)
> diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
> index 07a06466d0..fd78264914 100644
> --- a/package/wpewebkit/wpewebkit.hash
> +++ b/package/wpewebkit/wpewebkit.hash
> @@ -1,8 +1,8 @@
> -# From https://wpewebkit.org/releases/wpewebkit-2.26.3.tar.xz.sums
> -md5 735beb5c1f825d5feda2e355aca6bec0 wpewebkit-2.26.3.tar.xz
> -sha1 aeda665b3a137ac748ff1d08ce9e4c751f7caf97 wpewebkit-2.26.3.tar.xz
> -sha256 2da9fe9c3a8bdfecc4281d848a4eacdd7be8ac5e0fc397020094d68cf32c10b3 wpewebkit-2.26.3.tar.xz
> +# From https://wpewebkit.org/releases/wpewebkit-2.26.4.tar.xz.sums
> +md5 4cd2883ec9da38a0ffe413bb75239874 wpewebkit-2.26.4.tar.xz
> +sha1 337f78ee237fe98c7e6e728d8fc0508069b007be wpewebkit-2.26.4.tar.xz
> +sha256 0c292182864b63b725491f1a69b55c03e0e75f6db0875389caff31fe9c0d3ae9 wpewebkit-2.26.4.tar.xz
> # Hashes for license files:
> -sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> -sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
> +sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> +sha256 f2b3bd09663381deb99721109d22b47af1213bb43007a8b56a06c6375c8050ce Source/WebCore/LICENSE-LGPL-2.1
> diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
> index 8b890301b7..6591c7a0d8 100644
> --- a/package/wpewebkit/wpewebkit.mk
> +++ b/package/wpewebkit/wpewebkit.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
> -WPEWEBKIT_VERSION = 2.26.3
> +WPEWEBKIT_VERSION = 2.26.4
> WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
> WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
> WPEWEBKIT_INSTALL_STAGING = YES
> --
> 2.20.1
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
* [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4
2020-02-15 15:09 ` [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4 Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
@ 2020-03-07 11:13 ` Peter Korsgaard
1 sibling, 0 replies; 12+ messages in thread
From: Peter Korsgaard @ 2020-03-07 11:13 UTC (permalink / raw)
To: buildroot
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> - CVE-2020-3862: Impact: A malicious website may be able to cause a denial
> of service. Description: A denial of service issue was addressed with
> improved memory handling.
> - CVE-2020-3864: Impact: A DOM object context may not have had a unique
> security origin. Description: A logic issue was addressed with improved
> validation.
> - CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
> been considered secure. Description: A logic issue was addressed with
> improved validation.
> - CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
> to universal cross site scripting. Description: A logic issue was
> addressed with improved state management.
> - CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
> to arbitrary code execution. Description: Multiple memory corruption
> issues were addressed with improved memory handling.
> For more details, see the advisory:
> https://webkitgtk.org/security/WSA-2020-0002.html
> While we are at it, adjust the white space in the .hash function to match
> the new agreements.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 12+ messages in thread
end of thread, other threads:[~2020-03-07 11:13 UTC | newest]
Thread overview: 12+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-15 15:09 [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 2/4] package/webkitgtk: security bump to version 2.26.4 Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:13 ` Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 3/4] package/wpewebkit: needs >= GCC 7 Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
2020-02-15 15:09 ` [Buildroot] [PATCH 4/4] package/wpewebkit: security bump to version 2.26.4 Peter Korsgaard
2020-02-16 11:55 ` Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
2020-02-16 11:55 ` [Buildroot] [PATCH 1/4] package/webkitgtk: needs >= GCC 7 Peter Korsgaard
2020-03-07 11:12 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.