From 2c8928ca83695947cc506b92b3aa65112b497278 Mon Sep 17 00:00:00 2001
From: "Andre A. Gomes" <andremegafone@gmail.com>
Date: Fri, 30 Jun 2023 17:51:52 +0300
Subject: [PATCH] gnu: webkitgtk: Update to 2.40.3.
* gnu/packages/webkit.scm (webkitgtk): Update to 2.40.3.
---
gnu/packages/webkit.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
@@ -127,13 +127,13 @@ (define-public wpebackend-fdo
(define-public webkitgtk
(package
(name "webkitgtk") ; webkit2gtk4
- (version "2.40.2")
+ (version "2.40.3")
(source (origin
(method url-fetch)
(uri (string-append "https://www.webkitgtk.org/releases/"
name "-" version ".tar.xz"))
(sha256
- (base32 "0070fy5crf7kngy49wz5bqwvp8z9rmnq2cm6wxp41nllv5q8i2cn"))
+ (base32 "1pcqa3xng8w9bywzqk2jpyfjmgplbawccbp4d8f4rinv80zsh2nc"))
(patches (search-patches
"webkitgtk-adjust-bubblewrap-paths.patch"))))
(build-system cmake-build-system)
--
2.40.1
Hello Guix, We should update webkitgtk ASAP since the vulnerability below has been found. Find the patch attached. I didn't build it locally since my machine isn't powerful enough. CVE-2023-32439 Versions affected: WebKitGTK and WPE WebKit before 2.40.3. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks. Thanks.