aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRasmus Thomsen <oss@cogitri.dev>2019-12-23 14:03:13 +0100
committerLeo <thinkabit.ukim@gmail.com>2019-12-24 12:29:12 +0100
commit2606d2b27c5e6739d86229be7a7a042584225ff2 (patch)
treef0556c60fb1cc2cf8937f9f88b0e13f631aac580
parentcea2f818f130adc136b5e6365302ad6061d46862 (diff)
downloadaports-2606d2b27c5e6739d86229be7a7a042584225ff2.tar.gz
aports-2606d2b27c5e6739d86229be7a7a042584225ff2.tar.bz2
aports-2606d2b27c5e6739d86229be7a7a042584225ff2.tar.xz
community/webkit2gtk: security upgrade to 2.26.2
fixes #2313
-rw-r--r--community/webkit2gtk/APKBUILD50
-rw-r--r--community/webkit2gtk/musl-fixes.patch41
2 files changed, 65 insertions, 26 deletions
diff --git a/community/webkit2gtk/APKBUILD b/community/webkit2gtk/APKBUILD
index 2449a62cca..8805edd559 100644
--- a/community/webkit2gtk/APKBUILD
+++ b/community/webkit2gtk/APKBUILD
@@ -3,12 +3,13 @@
# Contributor: Jiri Horner <laeqten@gmail.com>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=webkit2gtk
-pkgver=2.24.3
+pkgver=2.26.2
pkgrel=0
pkgdesc="Portable web rendering engine WebKit for GTK+"
url="https://webkitgtk.org/"
arch="all"
license="LGPL-2.0-or-later AND BSD-2-Clause"
+depends="bubblewrap xdg-dbus-proxy"
makedepends="
bison
cmake
@@ -28,6 +29,7 @@ makedepends="
libjpeg-turbo-dev
libnotify-dev
libpng-dev
+ libseccomp-dev
libsecret-dev
libsoup-dev
libwebp-dev
@@ -43,6 +45,7 @@ makedepends="
python2
ruby
sqlite-dev
+ woff2-dev
"
replaces="webkit"
options="!check" # upstream doesn't package them in release tarballs: Tools/Scripts/run-gtk-tests: Command not found
@@ -55,6 +58,38 @@ source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz
builddir="$srcdir/webkitgtk-$pkgver"
# secfixes:
+# 2.26.2-r0:
+# - CVE-2019-8812
+# - CVE-2019-8814
+# 2.26.1-r0:
+# - CVE-2019-8783
+# - CVE-2019-8811
+# - CVE-2019-8813
+# - CVE-2019-8816
+# - CVE-2019-8819
+# - CVE-2019-8820
+# - CVE-2019-8823
+# 2.26.0-r0:
+# - CVE-2019-8625
+# - CVE-2019-8710
+# - CVE-2019-8720
+# - CVE-2019-8743
+# - CVE-2019-8764
+# - CVE-2019-8766
+# - CVE-2019-8769
+# - CVE-2019-8771
+# - CVE-2019-8782
+# - CVE-2019-8815
+# 2.24.4-r0:
+# - CVE-2019-8674
+# - CVE-2019-8707
+# - CVE-2019-8719
+# - CVE-2019-8733
+# - CVE-2019-8763
+# - CVE-2019-8765
+# - CVE-2019-8768
+# - CVE-2019-8821
+# - CVE-2019-8822
# 2.24.3-r0:
# - CVE-2019-8644
# - CVE-2019-8649
@@ -77,6 +112,9 @@ builddir="$srcdir/webkitgtk-$pkgver"
# - CVE-2019-8688
# - CVE-2019-8689
# - CVE-2019-8690
+# - CVE-2019-8726
+# 2.24.2-r0:
+# - CVE-2019-8735
# 2.24.1-r0:
# - CVE-2019-6251
# - CVE-2019-8506
@@ -134,6 +172,7 @@ build() {
mkdir build
cd build
+ # disable gold usage since it can't find pthreads with it enabled
cmake -GNinja \
-DPORT=GTK \
-DCMAKE_BUILD_TYPE=MinSizeRel \
@@ -142,11 +181,12 @@ build() {
-DLIB_INSTALL_DIR=/usr/lib \
-DENABLE_GTKDOC=OFF \
-DENABLE_GEOLOCATION=OFF \
- -DENABLE_PLUGIN_PROCESS_GTK2=OFF \
-DENABLE_SAMPLING_PROFILER=OFF \
-DENABLE_MINIBROWSER=ON \
- -DUSE_WOFF2=OFF \
+ -DUSE_WPE_RENDERER=OFF \
+ -DUSE_WOFF2=ON \
-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
+ -DUSE_LD_GOLD=OFF \
$_archopt \
..
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923476
@@ -164,7 +204,7 @@ package() {
paxmark -m "$pkgdir"/usr/libexec/webkit2gtk-4.0/WebKitWebProcess
}
-sha512sums="b358bb11f7df477e5b3d6a12e2e6b41cb4e6a7274e34ce6299bf0c56044ffc7db5a834e9abf5c71d992ef41d194d30171b8be406420ffc54fe766cc811afb79f webkitgtk-2.24.3.tar.xz
+sha512sums="98d47282fd8f766dbe4a74c1a3f618aaeeeed69bd0666ed4e8674ae562b634681b3bd18b0d428df6bfefbaa3e18eb4cfb2fb077f5be4fed34cbc81c8293ec33e webkitgtk-2.26.2.tar.xz
e1537b9937af1cb936669d405993a52204cb9968b8b3161cb12a3f3f1343c260088c9490fcd7a7deeab6dbabdb5f7ce7e6cb2f857b9f0a4205aba6db2b11fb20 fix-fast-memory-disabled.patch
-d0d5e37822644cab071e33d325affd1ce5948b414f6f54d695e6b4a7bffadecd25c0df6dc1cb63e70127499f5a8da43b02286a3518b2488b5da32c622df45d97 musl-fixes.patch
+dfd5352272c02eeaae31af80eceb8158b84a92c15e4b3966912a2acdecf7e1aa1f6bf78992b88b344393b57724489e3452d57b7ab4ef7c9f2ef5acd10cb07b33 musl-fixes.patch
c517c012f5630ef6be5be7d9592c5e042a070f849a141859edefa7984acb98dbd0d718fe6613cd35ba3b7d8530beebcc7408fd077cd914ed335c5e524e9e746a fix-openjpeg.patch"
diff --git a/community/webkit2gtk/musl-fixes.patch b/community/webkit2gtk/musl-fixes.patch
index c829f19fe7..8cd73b3944 100644
--- a/community/webkit2gtk/musl-fixes.patch
+++ b/community/webkit2gtk/musl-fixes.patch
@@ -62,27 +62,6 @@
v(bool, crashIfCantAllocateJITMemory, false, Normal, nullptr) \
v(unsigned, jitMemoryReservationSize, 0, Normal, "Set this number to change the executable allocation size in ExecutableAllocatorFixedVMPool. (In bytes.)") \
---- a/Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp
-+++ b/Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp
-@@ -836,7 +836,7 @@ int yydebug;
- #if YYERROR_VERBOSE
-
- # ifndef yystrlen
--# if defined __GLIBC__ && defined _STRING_H
-+# if defined __linux__ && defined _STRING_H
- # define yystrlen strlen
- # else
- /* Return the length of YYSTR. */
-@@ -852,7 +852,7 @@ yystrlen (const char *yystr)
- # endif
-
- # ifndef yystpcpy
--# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-+# if defined __linux__ && defined _STRING_H && defined _GNU_SOURCE
- # define yystpcpy stpcpy
- # else
- /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
-
--- a/Source/ThirdParty/ANGLE/src/compiler/translator/glslang_tab.cpp
+++ b/Source/ThirdParty/ANGLE/src/compiler/translator/glslang_tab.cpp
@@ -1975,7 +1975,7 @@ int yydebug;
@@ -135,3 +114,23 @@
# define yystpcpy stpcpy
# else
/* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
+--- ./Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp.orig
++++ ./Source/ThirdParty/ANGLE/src/compiler/preprocessor/ExpressionParser.cpp
+@@ -728,7 +728,7 @@
+ #if YYERROR_VERBOSE
+
+ # ifndef yystrlen
+-# if defined __GLIBC__ && defined _STRING_H
++# if defined __linux__ && defined _STRING_H
+ # define yystrlen strlen
+ # else
+ /* Return the length of YYSTR. */
+@@ -743,7 +743,7 @@
+ # endif
+
+ # ifndef yystpcpy
+-# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
++# if defined __linux__ && defined _STRING_H && defined _GNU_SOURCE
+ # define yystpcpy stpcpy
+ # else
+ /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in