buildroot.busybox.net archive mirror
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/webkitgtk: security bump version to 2.40.3
@ 2023-07-16 12:19 Bernd Kuhls
  0 siblings, 0 replies; 2+ messages in thread
From: Bernd Kuhls @ 2023-07-16 12:19 UTC (permalink / raw)
  To: buildroot; +Cc: Adrian Perez de Castro

Removed md5 hash.

Added dependency to host-unifdef, needed since upstream commit
https://github.com/WebKit/WebKit/commit/f76a7e30e5749af897b83cc75b2534b1afa32552

Release notes:
2.39.4
- https://lists.webkit.org/pipermail/webkit-gtk/2023-January/003861.html
2.39.5
- https://lists.webkit.org/pipermail/webkit-gtk/2023-January/003866.html
  USE_AVIF was enabled by default upstream:
  https://github.com/WebKit/WebKit/commit/3d60d9f93c64aac55c890160d00d008367e11e91
  Add -DUSE_AVIF=OFF to _CONF_OPTS due to missing libavif package
2.39.6
- https://lists.webkit.org/pipermail/webkit-gtk/2023-January/003874.html
2.39.7
- https://lists.webkit.org/pipermail/webkit-gtk/2023-January/003875.html
2.39.90
- https://lists.webkit.org/pipermail/webkit-gtk/2023-February/003880.html
2.39.91
- https://lists.webkit.org/pipermail/webkit-gtk/2023-March/003882.html
2.40.0
- https://lists.webkit.org/pipermail/webkit-gtk/2023-March/003885.html
2.40.1
- https://lists.webkit.org/pipermail/webkit-gtk/2023-April/003892.html
  Fixes CVE-2022-0108, CVE-2022-32885, CVE-2023-27932, CVE-2023-27954 &
  CVE-2023-28205:
  https://lists.webkit.org/pipermail/webkit-gtk/2023-April/003895.html
2.40.2
- https://lists.webkit.org/pipermail/webkit-gtk/2023-May/003900.html
  Fixes CVE-2023-28204 & CVE-2023-32373:
  https://lists.webkit.org/pipermail/webkit-gtk/2023-May/003901.html
2.40.3
- https://lists.webkit.org/pipermail/webkit-gtk/2023-June/003909.html

Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
 package/webkitgtk/webkitgtk.hash | 7 +++----
 package/webkitgtk/webkitgtk.mk   | 5 +++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 3bc521e445..756ac13ec2 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,7 +1,6 @@
-# From https://webkitgtk.org/releases/webkitgtk-2.38.6.tar.xz.sums
-md5  a50290fdc80842b1ae8be1e1147b5679  webkitgtk-2.38.6.tar.xz
-sha1  4dfb3d96f621fc633ff347e083e429893551fb26  webkitgtk-2.38.6.tar.xz
-sha256  1c614c9589389db1a79ea9ba4293bbe8ac3ab0a2234cac700935fae0724ad48b  webkitgtk-2.38.6.tar.xz
+# From https://www.webkitgtk.org/releases/webkitgtk-2.40.3.tar.xz.sums
+sha1  74ee7241f2add46897019e22bd4f8e19e09027bb  webkitgtk-2.40.3.tar.xz
+sha256  cc0aa83f40dbc64c1c6ae42ec6b85af4be2a9dbf524cfcb95f89a367fb5098dd  webkitgtk-2.40.3.tar.xz
 
 # Hashes for license files:
 sha256  0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4  Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index dd17b46e67..56277a0a0a 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WEBKITGTK_VERSION = 2.38.6
+WEBKITGTK_VERSION = 2.40.3
 WEBKITGTK_SITE = https://www.webkitgtk.org/releases
 WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
 WEBKITGTK_INSTALL_STAGING = YES
@@ -13,7 +13,7 @@ WEBKITGTK_LICENSE_FILES = \
 	Source/WebCore/LICENSE-APPLE \
 	Source/WebCore/LICENSE-LGPL-2.1
 WEBKITGTK_CPE_ID_VENDOR = webkitgtk
-WEBKITGTK_DEPENDENCIES = host-ruby host-python3 host-gperf \
+WEBKITGTK_DEPENDENCIES = host-ruby host-python3 host-gperf host-unifdef \
 	enchant harfbuzz icu jpeg libgcrypt libgtk3 libsecret libsoup \
 	libtasn1 libxml2 libxslt openjpeg sqlite webp woff2
 WEBKITGTK_CONF_OPTS = \
@@ -24,6 +24,7 @@ WEBKITGTK_CONF_OPTS = \
 	-DENABLE_SPELLCHECK=ON \
 	-DENABLE_WEB_RTC=OFF \
 	-DPORT=GTK \
+	-DUSE_AVIF=OFF \
 	-DUSE_LIBHYPHEN=OFF \
 	-DUSE_OPENJPEG=ON \
 	-DUSE_SOUP2=ON \
-- 
2.39.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/webkitgtk: security bump version to 2.40.3
@ 2023-07-17  9:46 Thomas Devoogdt
  0 siblings, 0 replies; 2+ messages in thread
From: Thomas Devoogdt @ 2023-07-17  9:46 UTC (permalink / raw)
  To: bernd; +Cc: Adrian Perez de Castro, buildroot

Hi Bernd Kuhls,

I saw your security bump for Webkitgtk:
https://patchwork.ozlabs.org/project/buildroot/patch/20230716121914.3896405-1-bernd@kuhls.net/.
I think that the git message "security bump" is somewhat wrong. This
is a new major release.
E.g. have a look at Adrian's last git message:
https://git.buildroot.net/buildroot/commit/?id=ce4b87be82d13d3a042b4e78fe5835f3c8ddc29d.

@Adrian Perez de Castro, what about
https://git.sr.ht/~aperezdc/buildroot/commit/c927b964a18b64263cd53e0f4eb988f0435516f4?

Kind regards,

Thomas Devoogdt
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-07-17  9:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-07-16 12:19 [Buildroot] [PATCH 1/1] package/webkitgtk: security bump version to 2.40.3 Bernd Kuhls
2023-07-17  9:46 Thomas Devoogdt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).