aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2021-09-17 20:45:26 -0300
committerLeo <thinkabit.ukim@gmail.com>2021-09-18 09:48:11 +0000
commitf168ad374f5b601eee7df798e57f81b852b32bf0 (patch)
tree81fc41e416945835c16c0139469def1576357fb3
parentf6accde870d19d227552c0468180dc0b31f47238 (diff)
downloadaports-f168ad374f5b601eee7df798e57f81b852b32bf0.tar.gz
aports-f168ad374f5b601eee7df798e57f81b852b32bf0.tar.bz2
aports-f168ad374f5b601eee7df798e57f81b852b32bf0.tar.xz
community/webkit2gtk: security upgrade to 2.32.4
while 2.32.4 upgrade itself does not fix anything, the versions between 2.32.0 and 2.32.4 fix quite a few CVEs
-rw-r--r--community/webkit2gtk/APKBUILD49
-rw-r--r--community/webkit2gtk/musl-fixes.patch80
-rw-r--r--community/webkit2gtk/musl-stack-fix.patch74
-rw-r--r--community/webkit2gtk/musl-wordsize.patch59
4 files changed, 35 insertions, 227 deletions
diff --git a/community/webkit2gtk/APKBUILD b/community/webkit2gtk/APKBUILD
index 9718d04a66..1433467c3e 100644
--- a/community/webkit2gtk/APKBUILD
+++ b/community/webkit2gtk/APKBUILD
@@ -3,11 +3,12 @@
# Contributor: Jiri Horner <laeqten@gmail.com>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=webkit2gtk
-pkgver=2.32.0
-pkgrel=1
+pkgver=2.32.4
+pkgrel=0
pkgdesc="Portable web rendering engine WebKit for GTK+"
url="https://webkitgtk.org/"
-arch="all !mips !mips64"
+# mips64 and riscv64 blocked by gst-plugins-bad
+arch="all !mips64 !riscv64"
license="LGPL-2.0-or-later AND BSD-2-Clause"
depends="bubblewrap xdg-dbus-proxy dbus:org.freedesktop.Secrets"
makedepends="
@@ -54,18 +55,30 @@ makedepends="
replaces="webkit"
options="!check" # upstream doesn't package them in release tarballs: Tools/Scripts/run-gtk-tests: Command not found
subpackages="$pkgname-dev $pkgname-lang $pkgname-dbg"
-source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz
- musl-fixes.patch
- musl-stack-fix.patch
- musl-wordsize.patch
- "
+source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz"
builddir="$srcdir/webkitgtk-$pkgver"
# secfixes:
+# 2.32.3-r0:
+# - CVE-2021-21775
+# - CVE-2021-21779
+# - CVE-2021-30663
+# - CVE-2021-30665
+# - CVE-2021-30689
+# - CVE-2021-30720
+# - CVE-2021-30734
+# - CVE-2021-30744
+# - CVE-2021-30749
+# - CVE-2021-30795
+# - CVE-2021-30797
+# - CVE-2021-30799
+# 2.32.2-r0:
+# - CVE-2021-30758
# 2.32.0-r0:
# - CVE-2021-1788
# - CVE-2021-1844
# - CVE-2021-1871
+# - CVE-2021-30682
# 2.30.6-r0:
# - CVE-2020-27918
# - CVE-2020-29623
@@ -74,16 +87,22 @@ builddir="$srcdir/webkitgtk-$pkgver"
# - CVE-2021-1799
# - CVE-2021-1801
# - CVE-2021-1870
+# - CVE-2021-21806
# 2.30.5-r0:
-# - CVE-2020-13558
# - CVE-2020-9947
+# - CVE-2020-13558
# 2.30.3-r0:
+# - CVE-2020-9983
# - CVE-2020-13543
# - CVE-2020-13584
-# - CVE-2020-9983
# 2.30.0-r0:
# - CVE-2020-9948
# - CVE-2020-9951
+# - CVE-2021-1817
+# - CVE-2021-1820
+# - CVE-2021-1825
+# - CVE-2021-1826
+# - CVE-2021-30661
# 2.28.4-r0:
# - CVE-2020-9862
# - CVE-2020-9893
@@ -105,6 +124,7 @@ builddir="$srcdir/webkitgtk-$pkgver"
# - CVE-2020-11793
# 2.28.0-r0:
# - CVE-2020-10018
+# - CVE-2021-30762
# 2.26.3-r0:
# - CVE-2019-8835
# - CVE-2019-8844
@@ -131,6 +151,8 @@ builddir="$srcdir/webkitgtk-$pkgver"
# - CVE-2019-8771
# - CVE-2019-8782
# - CVE-2019-8815
+# - CVE-2021-30666
+# - CVE-2021-30761
# 2.24.4-r0:
# - CVE-2019-8674
# - CVE-2019-8707
@@ -254,7 +276,6 @@ package() {
DESTDIR="$pkgdir" ninja -C "$builddir"/build install
}
-sha512sums="4832a4614be24481028ca8a6480a8e6cfacd8e22f5ba9f936703c09944550056f06f75ccf8fffa7dee3f5a1d11ab1870841407745be2e61ebad6557a0934db15 webkitgtk-2.32.0.tar.xz
-49512e1b7cdd101971795437d04448e59a0c532955c271694675d53bc80a32a8f4166e46942ed148185ac0ac6be07acae8083605f8fed7b1bb4b224afb089b5d musl-fixes.patch
-b80bcf92618992350e225cd635b503f963a299c2a1f80f17c3b6dd232ac300c8e2dd96aecfdf0a4d7f3e1bd7ed38247460a3b6f9e5871add119301cbca65d596 musl-stack-fix.patch
-787ec4a7f8f005808e8fb8dc65cfcf676a5afbc8b9fbc40e203a155ed8da9b7d5cf7d559637e1d2738d5ff3af6764e8cd1af186f8bd946444f344a8be5ab5ad0 musl-wordsize.patch"
+sha512sums="
+c2d72850097da72a82faab0a1218b312668b88bc8b67fcd62f08368c71d46bc833e08b3e095eb286beeae59ee88ac74c8393caee8a4ec5a8e90e02425e43350b webkitgtk-2.32.4.tar.xz
+"
diff --git a/community/webkit2gtk/musl-fixes.patch b/community/webkit2gtk/musl-fixes.patch
deleted file mode 100644
index 0bcb133659..0000000000
--- a/community/webkit2gtk/musl-fixes.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-Upstream: yes
-
---- a/Source/JavaScriptCore/runtime/MachineContext.h
-+++ b/Source/JavaScriptCore/runtime/MachineContext.h
-@@ -196,7 +196,7 @@ static inline void*& stackPointerImpl(mcontext_t& machineContext)
- #error Unknown Architecture
- #endif
-
--#elif OS(FUCHSIA) || defined(__GLIBC__) || defined(__BIONIC__)
-+#elif OS(FUCHSIA) || OS(LINUX)
-
- #if CPU(X86)
- return reinterpret_cast<void*&>((uintptr_t&) machineContext.gregs[REG_ESP]);
-@@ -347,7 +347,7 @@ static inline void*& framePointerImpl(mcontext_t& machineContext)
- #error Unknown Architecture
- #endif
-
--#elif OS(FUCHSIA) || defined(__GLIBC__) || defined(__BIONIC__)
-+#elif OS(FUCHSIA) || OS(LINUX)
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -498,7 +498,7 @@ static inline void*& instructionPointerImpl(mcontext_t& machineContext)
- #error Unknown Architecture
- #endif
-
--#elif OS(FUCHSIA) || defined(__GLIBC__) || defined(__BIONIC__)
-+#elif OS(FUCHSIA) || OS(LINUX)
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -656,7 +656,7 @@ inline void*& argumentPointer<1>(mcontext_t& machineContext)
- #error Unknown Architecture
- #endif
-
--#elif OS(FUCHSIA) || defined(__GLIBC__) || defined(__BIONIC__)
-+#elif OS(FUCHSIA) || OS(LINUX)
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
-@@ -773,7 +773,7 @@ inline void*& llintInstructionPointer(mcontext_t& machineContext)
- #error Unknown Architecture
- #endif
-
--#elif OS(FUCHSIA) || defined(__GLIBC__) || defined(__BIONIC__)
-+#elif OS(FUCHSIA) || OS(LINUX)
-
- // The following sequence depends on glibc's sys/ucontext.h.
- #if CPU(X86)
---- a/Source/WebCore/xml/XPathGrammar.cpp
-+++ b/Source/WebCore/xml/XPathGrammar.cpp
-@@ -966,7 +966,7 @@ int yydebug;
- #if YYERROR_VERBOSE
-
- # ifndef yystrlen
--# if defined __GLIBC__ && defined _STRING_H
-+# if defined __linux__ && defined _STRING_H
- # define yystrlen strlen
- # else
- /* Return the length of YYSTR. */
-@@ -989,7 +989,7 @@ yystrlen (yystr)
- # endif
-
- # ifndef yystpcpy
--# if defined __GLIBC__ && defined _STRING_H && defined _GNU_SOURCE
-+# if defined __linux__ && defined _STRING_H && defined _GNU_SOURCE
- # define yystpcpy stpcpy
- # else
- /* Copy YYSRC to YYDEST, returning the address of the terminating '\0' in
---- a/Source/WTF/wtf/PlatformHave.h
-+++ b/Source/WTF/wtf/PlatformHave.h
-@@ -206,7 +206,7 @@
- #define HAVE_HOSTED_CORE_ANIMATION 1
- #endif
-
--#if OS(DARWIN) || OS(FUCHSIA) || ((OS(FREEBSD) || defined(__GLIBC__) || defined(__BIONIC__)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
-+#if OS(DARWIN) || OS(FUCHSIA) || ((OS(FREEBSD) || OS(LINUX)) && (CPU(X86) || CPU(X86_64) || CPU(ARM) || CPU(ARM64) || CPU(MIPS)))
- #define HAVE_MACHINE_CONTEXT 1
- #endif
-
diff --git a/community/webkit2gtk/musl-stack-fix.patch b/community/webkit2gtk/musl-stack-fix.patch
deleted file mode 100644
index 8f4e19a497..0000000000
--- a/community/webkit2gtk/musl-stack-fix.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-https://bugs.webkit.org/show_bug.cgi?id=225099
-
-From ab7e2bfae280b151ac173d6fc9d8eaa3da2e92a8 Mon Sep 17 00:00:00 2001
-From: q66 <daniel@octaforge.org>
-Date: Tue, 27 Apr 2021 22:51:22 +0200
-Subject: [PATCH] fix stack size issues on musl
-
----
- Source/WTF/wtf/StackBounds.cpp | 26 +++++++++++++++++++++++++-
- Source/WTF/wtf/Threading.cpp | 4 ++++
- 2 files changed, 29 insertions(+), 1 deletion(-)
-
-diff --git Source/WTF/wtf/StackBounds.cpp Source/WTF/wtf/StackBounds.cpp
-index e6f7095..58bdb18 100644
---- a/Source/WTF/wtf/StackBounds.cpp
-+++ b/Source/WTF/wtf/StackBounds.cpp
-@@ -36,6 +36,12 @@
- #include <pthread_np.h>
- #endif
-
-+#if OS(LINUX)
-+#include <sys/resource.h>
-+#include <sys/syscall.h>
-+#include <unistd.h>
-+#endif
-+
- #endif
-
- namespace WTF {
-@@ -107,7 +113,25 @@ StackBounds StackBounds::newThreadStackBounds(PlatformThreadHandle thread)
-
- StackBounds StackBounds::currentThreadStackBoundsInternal()
- {
-- return newThreadStackBounds(pthread_self());
-+ auto ret = newThreadStackBounds(pthread_self());
-+#if OS(LINUX)
-+ // on glibc, pthread_attr_getstack will generally return the limit size (minus a guard page)
-+ // for the main thread; this is however not necessarily always true on every libc - for example
-+ // on musl, it will return the currently reserved size - since the stack bounds are expected to
-+ // be constant (and they are for every thread except main, which is allowed to grow), check
-+ // resource limits and use that as the boundary instead (and prevent stack overflows in JSC)
-+ if (getpid() == static_cast<pid_t>(syscall(SYS_gettid))) {
-+ void* origin = ret.origin();
-+ rlimit limit;
-+ getrlimit(RLIMIT_STACK, &limit);
-+ rlim_t size = limit.rlim_cur;
-+ // account for a guard page
-+ size -= static_cast<rlim_t>(sysconf(_SC_PAGESIZE));
-+ void* bound = static_cast<char*>(origin) - size;
-+ return StackBounds { origin, bound };
-+ }
-+#endif
-+ return ret;
- }
-
- #elif OS(WINDOWS)
-diff --git Source/WTF/wtf/Threading.cpp Source/WTF/wtf/Threading.cpp
-index 99d09c0..362bf35 100644
---- a/Source/WTF/wtf/Threading.cpp
-+++ b/Source/WTF/wtf/Threading.cpp
-@@ -58,6 +58,10 @@ static Optional<size_t> stackSize(ThreadType threadType)
-
- #if defined(DEFAULT_THREAD_STACK_SIZE_IN_KB) && DEFAULT_THREAD_STACK_SIZE_IN_KB > 0
- return DEFAULT_THREAD_STACK_SIZE_IN_KB * 1024;
-+#elif OS(LINUX) && !defined(__BIONIC__) && !defined(__GLIBC__)
-+ // on libc's other than glibc and bionic (e.g. musl) we are either unsure how big
-+ // the default thread stack is, or we know it's too small - pick a robust default
-+ return 1 * MB;
- #else
- // Use the platform's default stack size
- return WTF::nullopt;
---
-2.30.1
-
diff --git a/community/webkit2gtk/musl-wordsize.patch b/community/webkit2gtk/musl-wordsize.patch
deleted file mode 100644
index d83e70bdf0..0000000000
--- a/community/webkit2gtk/musl-wordsize.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Upstream: yes
-
-From 1b7144916774dbb4cc4705ba9a4377844e35f47d Mon Sep 17 00:00:00 2001
-From: q66 <daniel@octaforge.org>
-Date: Tue, 27 Apr 2021 22:56:33 +0200
-Subject: [PATCH] remove __WORDSIZE usage
-
----
- Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_GCM.cpp | 6 +++---
- Source/WebCore/rendering/RenderLayerBacking.h | 2 +-
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_GCM.cpp Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_GCM.cpp
-index cfe3698..e5bc870 100644
---- a/Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_GCM.cpp
-+++ b/Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_GCM.cpp
-@@ -39,7 +39,7 @@ namespace CryptoAlgorithmAES_GCMInternal {
- static const char* const ALG128 = "A128GCM";
- static const char* const ALG192 = "A192GCM";
- static const char* const ALG256 = "A256GCM";
--#if __WORDSIZE >= 64
-+#if CPU(ADDRESS64)
- static const uint64_t PlainTextMaxLength = 549755813632ULL; // 2^39 - 256
- #endif
- static const uint8_t DefaultTagLength = 128;
-@@ -77,7 +77,7 @@ void CryptoAlgorithmAES_GCM::encrypt(const CryptoAlgorithmParameters& parameters
-
- auto& aesParameters = downcast<CryptoAlgorithmAesGcmParams>(parameters);
-
--#if __WORDSIZE >= 64
-+#if CPU(ADDRESS64)
- if (plainText.size() > PlainTextMaxLength) {
- exceptionCallback(OperationError);
- return;
-@@ -120,7 +120,7 @@ void CryptoAlgorithmAES_GCM::decrypt(const CryptoAlgorithmParameters& parameters
- return;
- }
-
--#if __WORDSIZE >= 64
-+#if CPU(ADDRESS64)
- if (aesParameters.ivVector().size() > UINT64_MAX) {
- exceptionCallback(OperationError);
- return;
-diff --git Source/WebCore/rendering/RenderLayerBacking.h Source/WebCore/rendering/RenderLayerBacking.h
-index 9960724..193c5d1 100644
---- a/Source/WebCore/rendering/RenderLayerBacking.h
-+++ b/Source/WebCore/rendering/RenderLayerBacking.h
-@@ -43,7 +43,7 @@ class TiledBacking;
- class TransformationMatrix;
-
-
--#if __WORDSIZE == 64 && PLATFORM(COCOA)
-+#if CPU(ADDRESS64) && PLATFORM(COCOA)
- #define USE_OWNING_LAYER_BEAR_TRAP 1
- #define BEAR_TRAP_VALUE 0xEEEEEEEEEEEEEEEE
- #else
---
-2.30.1
-