diff options
author | Rasmus Thomsen <oss@cogitri.dev> | 2019-12-23 14:03:13 +0100 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2019-12-24 12:29:12 +0100 |
commit | 2606d2b27c5e6739d86229be7a7a042584225ff2 (patch) | |
tree | f0556c60fb1cc2cf8937f9f88b0e13f631aac580 /community | |
parent | cea2f818f130adc136b5e6365302ad6061d46862 (diff) | |
download | aports-2606d2b27c5e6739d86229be7a7a042584225ff2.tar.bz2 aports-2606d2b27c5e6739d86229be7a7a042584225ff2.tar.xz |
community/webkit2gtk: security upgrade to 2.26.2
fixes #2313
Diffstat (limited to 'community')
-rw-r--r-- | community/webkit2gtk/APKBUILD | 50 | ||||
-rw-r--r-- | community/webkit2gtk/musl-fixes.patch | 41 |
2 files changed, 65 insertions, 26 deletions
diff --git a/community/webkit2gtk/APKBUILD b/community/webkit2gtk/APKBUILD index 2449a62cca..8805edd559 100644 --- a/community/webkit2gtk/APKBUILD +++ b/community/webkit2gtk/APKBUILD @@ -3,12 +3,13 @@ # Contributor: Jiri Horner <laeqten@gmail.com> # Maintainer: Rasmus Thomsen <oss@cogitri.dev> pkgname=webkit2gtk -pkgver=2.24.3 +pkgver=2.26.2 pkgrel=0 pkgdesc="Portable web rendering engine WebKit for GTK+" url="https://webkitgtk.org/" arch="all" license="LGPL-2.0-or-later AND BSD-2-Clause" +depends="bubblewrap xdg-dbus-proxy" makedepends=" bison cmake @@ -28,6 +29,7 @@ makedepends=" libjpeg-turbo-dev libnotify-dev libpng-dev + libseccomp-dev libsecret-dev libsoup-dev libwebp-dev @@ -43,6 +45,7 @@ makedepends=" python2 ruby sqlite-dev + woff2-dev " replaces="webkit" options="!check" # upstream doesn't package them in release tarballs: Tools/Scripts/run-gtk-tests: Command not found @@ -55,6 +58,38 @@ source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz builddir="$srcdir/webkitgtk-$pkgver" # secfixes: +# 2.26.2-r0: +# - CVE-2019-8812 +# - CVE-2019-8814 +# 2.26.1-r0: +# - CVE-2019-8783 +# - CVE-2019-8811 +# - CVE-2019-8813 +# - CVE-2019-8816 +# - CVE-2019-8819 +# - CVE-2019-8820 +# - CVE-2019-8823 +# 2.26.0-r0: +# - CVE-2019-8625 +# - CVE-2019-8710 +# - CVE-2019-8720 +# - CVE-2019-8743 +# - CVE-2019-8764 +# - CVE-2019-8766 +# - CVE-2019-8769 +# - CVE-2019-8771 +# - CVE-2019-8782 +# - CVE-2019-8815 +# 2.24.4-r0: +# - CVE-2019-8674 +# - CVE-2019-8707 +# - CVE-2019-8719 +# - CVE-2019-8733 +# - CVE-2019-8763 +# - CVE-2019-8765 +# - CVE-2019-8768 +# - CVE-2019-8821 +# - CVE-2019-8822 # 2.24.3-r0: # - CVE-2019-8644 # - CVE-2019-8649 @@ -77,6 +112,9 @@ builddir="$srcdir/webkitgtk-$pkgver" # - CVE-2019-8688 # - CVE-2019-8689 # - CVE-2019-8690 +# - CVE-2019-8726 +# 2.24.2-r0: +# - CVE-2019-8735 # 2.24.1-r0: # - CVE-2019-6251 # - CVE-2019-8506 @@ -134,6 +172,7 @@ build() { mkdir build cd build + # disable gold usage since it can't find pthreads with it enabled cmake -GNinja \ -DPORT=GTK \ -DCMAKE_BUILD_TYPE=MinSizeRel \ @@ -142,11 +181,12 @@ build() { -DLIB_INSTALL_DIR=/usr/lib \ -DENABLE_GTKDOC=OFF \ -DENABLE_GEOLOCATION=OFF \ - -DENABLE_PLUGIN_PROCESS_GTK2=OFF \ -DENABLE_SAMPLING_PROFILER=OFF \ -DENABLE_MINIBROWSER=ON \ - -DUSE_WOFF2=OFF \ + -DUSE_WPE_RENDERER=OFF \ + -DUSE_WOFF2=ON \ -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DUSE_LD_GOLD=OFF \ $_archopt \ .. # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923476 @@ -164,7 +204,7 @@ package() { paxmark -m "$pkgdir"/usr/libexec/webkit2gtk-4.0/WebKitWebProcess } -sha512sums="b358bb11f7df477e5b3d6a12e2e6b41cb4e6a7274e34ce6299bf0c56044ffc7db5a834e9abf5c71d992ef41d194d30171b8be406420ffc54fe766cc811afb79f webkitgtk-2.24.3.tar.xz +sha512sums="98d47282fd8f766dbe4a74c1a3f618aaeeeed69bd0666ed4e8674ae562b634681b3bd18b0d428df6bfefbaa3e18eb4cfb2fb077f5be4fed34cbc81c8293ec33e webkitgtk-2.26.2.tar.xz e1537b9937af1cb936669d405993a52204cb9968b8b3161cb12a3f3f1343c260088c9490fcd7a7deeab6dbabdb5f7ce7e6cb2f857b9f0a4205aba6db2b11fb20 fix-fast-memory-disabled.patch -d0d5e37822644cab071e33d325affd1ce5948b414f6f54d695e6b4a7bffadecd25c0df6dc1cb63e70127499f5a8da43b02286a3518b2488b5da32c622df45d97 musl-fixes.patch +dfd5352272c02eeaae31af80eceb8158b84a92c15e4b3966912a2acdecf7e1aa1f6bf78992b88b344393b57724489e3452d57b7ab4ef7c9f2ef5acd10cb07b33 musl-fixes.patch c517c012f5630ef6be5be7d9592c5e042a070f849a141859edefa7984acb98dbd0d718fe6613cd35ba3b7d8530beebcc7408fd077cd914ed335c5e524e9e746a fix-openjpeg.patch" diff --git a/community/webkit2gtk/musl-fixes.patch b/community/webkit2gtk/musl-fixes.patch index c829f19fe7..8cd73b3944 100644 --- a/community/webkit2gtk/musl-fixes.patch +++ b/community/webkit2gtk/musl-fixes.patch @@ -62,27 +62,6 @@ v(bool, crashIfCantAllocateJITMemory, false, Normal, nullptr) \ v(unsigned, jitMemoryReservationSize, 0, Normal, "Set this number to change the executable allocation size in ExecutableAllocatorFixedVMPool. (In bytes.)") \ ---- a/Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp -+++ b/Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp -@@ -836,7 +836,7 @@ int yydebug; - #if YYERROR_VERBOSE - - # ifndef yystrlen --# if defined __GLIBC__ && defined _STRING_H -+# if defined __linux__ && defined _STRING_H - # define yystrlen strlen - # else - /* Return the length of YYSTR. */ -@@ -852,7 +852,7 @@ yystrlen (const char *yystr) - # endif - - # ifndef yystpcpy --# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE -+# if defined __linux__ && defined _STRING_H && defined _GNU_SOURCE - # define yystpcpy stpcpy - # else - /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in - --- a/Source/ThirdParty/ANGLE/src/compiler/translator/glslang_tab.cpp +++ b/Source/ThirdParty/ANGLE/src/compiler/translator/glslang_tab.cpp @@ -1975,7 +1975,7 @@ int yydebug; @@ -135,3 +114,23 @@ # define yystpcpy stpcpy # else /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in +--- ./Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp.orig ++++ ./Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp +@@ -728,7 +728,7 @@ + #if YYERROR_VERBOSE + + # ifndef yystrlen +-# if defined __GLIBC__ && defined _STRING_H ++# if defined __linux__ && defined _STRING_H + # define yystrlen strlen + # else + /* Return the length of YYSTR. */ +@@ -743,7 +743,7 @@ + # endif + + # ifndef yystpcpy +-# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE ++# if defined __linux__ && defined _STRING_H && defined _GNU_SOURCE + # define yystpcpy stpcpy + # else + /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in |