[Buildroot] [git commit] package/wpewebkit: security bump to version 2.22.5

Thomas Petazzoni thomas.petazzoni at bootlin.com
Mon Apr 15 19:40:05 UTC 2019


commit: https://git.buildroot.net/buildroot/commit/?id=7adf8da2fef4ebe8e81c01fdc96697eb70ed64c8
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Fixes the following security issues:

- CVE-2019-8518: Processing maliciously crafted web content may lead to
  arbitrary code execution.  Multiple memory corruption issues were
  addressed with improved memory handling.

- CVE-2019-8523: Processing maliciously crafted web content may lead to
  arbitrary code execution.  Multiple memory corruption issues were
  addressed with improved memory handling.

In addition, 2.22.5 contains a number of bugfixes.  From the announcement:

  - Fix rendering of glyphs in Hebrew (and possibly other languages) when
    Unicode NFC normalization is used.
  - Fix several crashes and race conditions.

Change SITE to https as the webserver uses HSTS.

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
 package/wpewebkit/wpewebkit.hash | 8 ++++----
 package/wpewebkit/wpewebkit.mk   | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
index 27c6cdf33e..cbf253d29c 100644
--- a/package/wpewebkit/wpewebkit.hash
+++ b/package/wpewebkit/wpewebkit.hash
@@ -1,7 +1,7 @@
-# From https://wpewebkit.org/releases/wpewebkit-2.22.4.tar.xz.sums
-md5 6e5c668473c57906bdec1c641bac4579 wpewebkit-2.22.4.tar.xz
-sha1 002b8b25f4fc26bfef68767b3ff1eba1aac53fa5 wpewebkit-2.22.4.tar.xz
-sha256 871e86b7e989de0c1224ac7ab8ed6d8b52756cf793a8c253b56ab8ba8d288c96 wpewebkit-2.22.4.tar.xz
+# From https://wpewebkit.org/releases/wpewebkit-2.22.5.tar.xz.sums
+md5 7b768bfae1295ebbc9a9038bf8fb6e6c wpewebkit-2.22.5.tar.xz
+sha1 c85f927e0f17f1e7045a5d33c683d310c7af24de wpewebkit-2.22.5.tar.xz
+sha256 d5e7b23e4f9e9f1b9d369faa4d527cdb59aef56b3e6a50a16dad243df5f699f3 wpewebkit-2.22.5.tar.xz
 
 # Hashes for license files:
 sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
index 89df9b725c..73ad534acd 100644
--- a/package/wpewebkit/wpewebkit.mk
+++ b/package/wpewebkit/wpewebkit.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-WPEWEBKIT_VERSION = 2.22.4
+WPEWEBKIT_VERSION = 2.22.5
 WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
 WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
 WPEWEBKIT_INSTALL_STAGING = YES


More information about the buildroot mailing list