From patchwork Fri Jun 30 14:55:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?b?QW5kcsOpIEEuIEdvbWVz?= X-Patchwork-Id: 51461 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id D6DE427BBE9; Fri, 30 Jun 2023 15:56:29 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 717D827BBE2 for ; Fri, 30 Jun 2023 15:56:27 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qFFXZ-00050q-8S; Fri, 30 Jun 2023 10:56:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qFFXX-00050f-Dq for guix-patches@gnu.org; Fri, 30 Jun 2023 10:56:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qFFXX-0002SJ-5G for guix-patches@gnu.org; Fri, 30 Jun 2023 10:56:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qFFXW-0008Ey-IR for guix-patches@gnu.org; Fri, 30 Jun 2023 10:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#64366] [PATCH]: Update webkitgtk to 2.40.3 Resent-From: =?utf-8?b?QW5kcsOp?= A. Gomes Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 30 Jun 2023 14:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 64366 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64366@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.168813691531611 (code B ref -1); Fri, 30 Jun 2023 14:56:02 +0000 Received: (at submit) by debbugs.gnu.org; 30 Jun 2023 14:55:15 +0000 Received: from localhost ([127.0.0.1]:55502 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qFFWk-0008Dm-M5 for submit@debbugs.gnu.org; Fri, 30 Jun 2023 10:55:15 -0400 Received: from lists.gnu.org ([209.51.188.17]:56670) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qFFWi-0008De-9s for submit@debbugs.gnu.org; Fri, 30 Jun 2023 10:55:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qFFWh-0004rl-SB for guix-patches@gnu.org; Fri, 30 Jun 2023 10:55:12 -0400 Received: from mail-lj1-x230.google.com ([2a00:1450:4864:20::230]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qFFWg-0002BK-5R for guix-patches@gnu.org; Fri, 30 Jun 2023 10:55:11 -0400 Received: by mail-lj1-x230.google.com with SMTP id 38308e7fff4ca-2b6a5fd1f46so30414601fa.1 for ; Fri, 30 Jun 2023 07:55:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688136907; x=1690728907; h=mime-version:user-agent:message-id:date:subject:to:from:from:to:cc :subject:date:message-id:reply-to; bh=gfYpSjpCPYXhGk1ADddJ0BPUVBBBFtLhuP45YDvuH1s=; b=BlgeS1HtnPNus9iap6r3HRuzOd3C4a+amDAv9Tdo1vo/SBEAchj0jr3nrt7Tx5qm5G L/FtQXaCq2Y01QFvMO5P6zg2IvaosP+EiTcg/y1/wp6qnK6Y8hgn5usslHeHTueXsXMU 6bGjx3Ug9zYcFYEX119/izCeh0+LQ8Mz+73gWa1w5qm/E9EGwdcb/zvRIaeHc8vxUF8z a/dO8c2+nzj/5SGPMeYAsYF0EP53jr+tXylwM0CHu1oXKbdZ4nWbt4FeBZXqi8hFZSx0 S9k//+UuxLPgLyQ+NYn2/pHXdfz1jFs7pwepX0TrhMIZGngIRXsnqnCiJLXJoa0UypG3 6nFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688136907; x=1690728907; h=mime-version:user-agent:message-id:date:subject:to:from :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=gfYpSjpCPYXhGk1ADddJ0BPUVBBBFtLhuP45YDvuH1s=; b=jlQ4yYzLYxjidMo/77VbqYOPfm71NjNmu8M/V50es9QoDHCPV73+nkM0DlSWI6yer/ NXqDSnl2Kk7pG76rbQtY9zIAP9FohgRwYMN/Q6hSZ1/2xaijDdBVvtr0s/suqFqpuP0a t1zKmzKddo/SamZx6m6mpw4B2jYmIdEmCeUa9oYo37WiabsVDg+QBEm+PHq2l4eKVaG3 8QhEk2HfQyf7hPDIwqXlNpwoZezLuvdHgEAAc2nHy+pg3zqsmh9fqRQARqedkkoJoLCA jbaBwoJ1wGisvfDxHrCgYT8kwtDMhnHcHpMgFe7eVTNRAM4FBS7SaJMh9iHO4dnrKbRb vqRQ== X-Gm-Message-State: ABy/qLZf1CRmMHHEmaBgKnJH5t0SkvkizAYRNdXQtBIwlpZym5PHh5wT LV2xYcAkAdL2wd/kuEaQYq2LhmuvUrixkA== X-Google-Smtp-Source: APBJJlHn4O+35Ou3qxPSHFvWATCH9GdxJ2wd3VLxQClE+pVCwynlcQ+MWhgtEM9aMxVGo7sI/EQ6jw== X-Received: by 2002:a05:6512:3a8b:b0:4fb:b11:c9a2 with SMTP id q11-20020a0565123a8b00b004fb0b11c9a2mr3082834lfu.34.1688136907394; Fri, 30 Jun 2023 07:55:07 -0700 (PDT) Received: from mini (82.131.74.62.cable.starman.ee. [82.131.74.62]) by smtp.gmail.com with ESMTPSA id r7-20020ac25a47000000b004f862732a31sm2787461lfn.110.2023.06.30.07.55.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Jun 2023 07:55:06 -0700 (PDT) From: =?utf-8?b?QW5kcsOp?= A. Gomes Date: Fri, 30 Jun 2023 17:55:02 +0300 Message-ID: <878rc1atkp.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::230; envelope-from=andremegafone@gmail.com; helo=mail-lj1-x230.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Hello Guix, We should update webkitgtk ASAP since the vulnerability below has been found. Find the patch attached. I didn't build it locally since my machine isn't powerful enough. CVE-2023-32439 Versions affected: WebKitGTK and WPE WebKit before 2.40.3. Credit to an anonymous researcher. Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A type confusion issue was addressed with improved checks. Thanks. From 2c8928ca83695947cc506b92b3aa65112b497278 Mon Sep 17 00:00:00 2001 From: "Andre A. Gomes" Date: Fri, 30 Jun 2023 17:51:52 +0300 Subject: [PATCH] gnu: webkitgtk: Update to 2.40.3. * gnu/packages/webkit.scm (webkitgtk): Update to 2.40.3. --- gnu/packages/webkit.scm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 5ab93ad9eb..44c29b1446 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -127,13 +127,13 @@ (define-public wpebackend-fdo (define-public webkitgtk (package (name "webkitgtk") ; webkit2gtk4 - (version "2.40.2") + (version "2.40.3") (source (origin (method url-fetch) (uri (string-append "https://www.webkitgtk.org/releases/" name "-" version ".tar.xz")) (sha256 - (base32 "0070fy5crf7kngy49wz5bqwvp8z9rmnq2cm6wxp41nllv5q8i2cn")) + (base32 "1pcqa3xng8w9bywzqk2jpyfjmgplbawccbp4d8f4rinv80zsh2nc")) (patches (search-patches "webkitgtk-adjust-bubblewrap-paths.patch")))) (build-system cmake-build-system) -- 2.40.1