1 files changed, 237 insertions, 49 deletions
diff --git a/community/webkit2gtk/APKBUILD b/community/webkit2gtk/APKBUILD
index a0010d62f15..8248eb70e05 100644
--- a/community/webkit2gtk/APKBUILD
+++ b/community/webkit2gtk/APKBUILD
@@ -1,64 +1,192 @@
 # Contributor: Rasmus Thomsen <oss@cogitri.dev>
 # Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Contributor: Jiri Horner <laeqten@gmail.com>
-# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
+# Maintainer: Patrycja Rosa <alpine@ptrcnull.me>
 pkgname=webkit2gtk
-pkgver=2.26.2
+pkgver=2.44.1
 pkgrel=0
 pkgdesc="Portable web rendering engine WebKit for GTK+"
 url="https://webkitgtk.org/"
 arch="all"
 license="LGPL-2.0-or-later AND BSD-2-Clause"
-depends="bubblewrap xdg-dbus-proxy"
+depends="bubblewrap xdg-dbus-proxy dbus:org.freedesktop.Secrets"
 makedepends="
 	bison
+	clang
 	cmake
-	enchant-dev
+	enchant2-dev
 	flex
+	flite-dev
+	geoclue-dev
 	gnutls-dev
 	gobject-introspection-dev
 	gperf
-	gst-plugins-base-dev
 	gst-plugins-bad-dev
+	gst-plugins-base-dev
 	gstreamer-dev
 	gtk+3.0-dev
-	gtk-doc
 	hyphen-dev
 	icu-dev
+	lcms2-dev
+	libavif-dev
 	libgcrypt-dev
 	libjpeg-turbo-dev
-	libnotify-dev
+	libmanette-dev
 	libpng-dev
 	libseccomp-dev
 	libsecret-dev
 	libsoup-dev
 	libwebp-dev
+	libwpe-dev
+	libwpebackend-fdo-dev
 	libxml2-dev
 	libxslt-dev
 	libxt-dev
+	llvm
 	mesa-dev
-	ninja
 	openjpeg-dev
-	openjpeg-tools
 	pango-dev
-	paxmark
-	python2
+	python3
 	ruby
+	samurai
 	sqlite-dev
+	unifdef
 	woff2-dev
-	geoclue-dev
 	"
 replaces="webkit"
 options="!check" # upstream doesn't package them in release tarballs: Tools/Scripts/run-gtk-tests: Command not found
-subpackages="$pkgname-dev $pkgname-lang"
+subpackages="$pkgname-dev $pkgname-lang $pkgname-dbg"
 source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz
-	fix-fast-memory-disabled.patch
-	musl-fixes.patch
-	fix-openjpeg.patch
+	armv6kz.patch
+	armv6-musttail.patch
+	cloopfix.patch
+	riscv64-no-wasm.patch
 	"
 builddir="$srcdir/webkitgtk-$pkgver"
 
 # secfixes:
+#   2.36.5-r0:
+#     - CVE-2022-2294
+#     - CVE-2022-32792
+#     - CVE-2022-32816
+#   2.36.4-r0:
+#     - CVE-2022-22677
+#     - CVE-2022-22710
+#   2.36.1-r0:
+#     - CVE-2022-30293
+#     - CVE-2022-30294
+#   2.36.0-r0:
+#     - CVE-2022-22624
+#     - CVE-2022-22628
+#     - CVE-2022-22629
+#   2.34.6-r0:
+#     - CVE-2022-22589
+#     - CVE-2022-22590
+#     - CVE-2022-22592
+#     - CVE-2022-22620
+#   2.34.4-r0:
+#     - CVE-2021-30934
+#     - CVE-2021-30936
+#     - CVE-2021-30951
+#     - CVE-2021-30952
+#     - CVE-2021-30953
+#     - CVE-2021-30954
+#     - CVE-2021-30984
+#     - CVE-2022-22637
+#     - CVE-2022-22594
+#   2.34.3-r0:
+#     - CVE-2021-30887
+#     - CVE-2021-30890
+#   2.34.1-r0:
+#     - CVE-2021-42762
+#   2.34.0-r0:
+#     - CVE-2021-30818
+#     - CVE-2021-30823
+#     - CVE-2021-30846
+#     - CVE-2021-30851
+#     - CVE-2021-30884
+#     - CVE-2021-30888
+#     - CVE-2021-30889
+#     - CVE-2021-30897
+#     - CVE-2021-45481
+#     - CVE-2021-45483
+#   2.32.4-r0:
+#     - CVE-2021-30809
+#     - CVE-2021-30836
+#     - CVE-2021-30848
+#     - CVE-2021-30849
+#     - CVE-2021-30858
+#     - CVE-2021-45482
+#   2.32.3-r0:
+#     - CVE-2021-21775
+#     - CVE-2021-21779
+#     - CVE-2021-30663
+#     - CVE-2021-30665
+#     - CVE-2021-30689
+#     - CVE-2021-30720
+#     - CVE-2021-30734
+#     - CVE-2021-30744
+#     - CVE-2021-30749
+#     - CVE-2021-30795
+#     - CVE-2021-30797
+#     - CVE-2021-30799
+#   2.32.2-r0:
+#     - CVE-2021-30758
+#   2.32.0-r0:
+#     - CVE-2021-1788
+#     - CVE-2021-1844
+#     - CVE-2021-1871
+#     - CVE-2021-30682
+#   2.30.6-r0:
+#     - CVE-2020-27918
+#     - CVE-2020-29623
+#     - CVE-2021-1765
+#     - CVE-2021-1789
+#     - CVE-2021-1799
+#     - CVE-2021-1801
+#     - CVE-2021-1870
+#     - CVE-2021-21806
+#   2.30.5-r0:
+#     - CVE-2020-9947
+#     - CVE-2020-13558
+#   2.30.3-r0:
+#     - CVE-2020-9983
+#     - CVE-2020-13543
+#     - CVE-2020-13584
+#   2.30.0-r0:
+#     - CVE-2020-9948
+#     - CVE-2020-9951
+#     - CVE-2021-1817
+#     - CVE-2021-1820
+#     - CVE-2021-1825
+#     - CVE-2021-1826
+#     - CVE-2021-30661
+#   2.28.4-r0:
+#     - CVE-2020-9862
+#     - CVE-2020-9893
+#     - CVE-2020-9894
+#     - CVE-2020-9895
+#     - CVE-2020-9915
+#     - CVE-2020-9925
+#   2.28.3-r0:
+#     - CVE-2020-13753
+#     - CVE-2020-9802
+#     - CVE-2020-9803
+#     - CVE-2020-9805
+#     - CVE-2020-9806
+#     - CVE-2020-9807
+#     - CVE-2020-9843
+#     - CVE-2020-9850
+#     - CVE-2020-9952
+#   2.28.1-r0:
+#     - CVE-2020-11793
+#   2.28.0-r0:
+#     - CVE-2020-10018
+#     - CVE-2021-30762
+#   2.26.3-r0:
+#     - CVE-2019-8835
+#     - CVE-2019-8844
+#     - CVE-2019-8846
 #   2.26.2-r0:
 #     - CVE-2019-8812
 #     - CVE-2019-8814
@@ -81,6 +209,8 @@ builddir="$srcdir/webkitgtk-$pkgver"
 #     - CVE-2019-8771
 #     - CVE-2019-8782
 #     - CVE-2019-8815
+#     - CVE-2021-30666
+#     - CVE-2021-30761
 #   2.24.4-r0:
 #     - CVE-2019-8674
 #     - CVE-2019-8707
@@ -158,54 +288,112 @@ builddir="$srcdir/webkitgtk-$pkgver"
 #     - CVE-2017-2371
 #     - CVE-2017-2373
 
+case "$CARCH" in
+s390x) ;;
+*)
+	makedepends="$makedepends lld libjxl-dev"
+	;;
+esac
+
 build() {
-	local _archopt=
 	case "$CARCH" in
-		# disable _FORTIFY_SOURCE to work around:
-		# cc1plus: out of memory allocating 65536 bytes after a total of 3131101184 bytes
-		x86) CXXFLAGS="$CXXFLAGS -U_FORTIFY_SOURCE";;
-		armhf|armv7|ppc64le|s390x) _archopt="-DENABLE_JIT=OFF";;
+	s390x|armhf|armv7|x86|ppc64le)
+		# llint/LowLevelInterpreter.cpp fails to build with fortify source here
+		export CXXFLAGS="$CXXFLAGS -U_FORTIFY_SOURCE"
+		;;
+	esac
+
+	case "$CARCH" in
+	armv7)
+		# clang fails to build armv7 due to some NEON related thing.
+		# https://github.com/WebKit/WebKit/pull/1233 should fix it
+		;;
+	s390x|riscv64)
+		# no lld on s390x, broken on riscv64
+		export CC=clang
+		export CXX=clang++
+		;;
+	*)
+		# the debug symbols become 1/2 the size, and actual webkit becomes
+		# smaller too.
+		export CC=clang
+		export CXX=clang++
+		export LDFLAGS="$LDFLAGS -fuse-ld=lld"
+		;;
+	esac
+
+	case "$CARCH" in
+	arm*|aarch64|s390x|riscv64)
+		# arm: seemingly broken?
+		# s390x/riscv64: no lld
+		;;
+	*)
+		local lto="-DLTO_MODE=thin"
+		;;
+	esac
+
+	case "$CARCH" in
+	s390x)
+		# no libjxl
+		local jxl="-DUSE_JPEGXL=OFF"
+		;;
+	*) ;;
+	esac
+
+	case "$CARCH" in
+	riscv64)
+		# not supported
+		local jit="
+			-DENABLE_JIT=OFF
+			-DENABLE_C_LOOP=ON
+			-DENABLE_WEBASSEMBLY=OFF
+		"
+		;;
+	*) ;;
 	esac
 
-	# reduce memory usage on 32 bit
-	# https://bugs.webkit.org/show_bug.cgi?id=199272
+	export AR=llvm-ar
+	export NM=llvm-nm
+	export RANLIB=llvm-ranlib
+
+	# significantly reduce debug symbol size
+	export CFLAGS="$CFLAGS -g1"
 	export CXXFLAGS="$CXXFLAGS -g1"
 
-	mkdir build
-	cd build
-	# disable gold usage since it can't find pthreads with it enabled
-	cmake -GNinja \
+	# sampling profiler is broken on musl
+	cmake -B build -G Ninja \
 		-DPORT=GTK \
-		-DCMAKE_BUILD_TYPE=MinSizeRel \
+		-DCMAKE_BUILD_TYPE=Release \
 		-DCMAKE_SKIP_RPATH=ON \
 		-DCMAKE_INSTALL_PREFIX=/usr \
-		-DLIB_INSTALL_DIR=/usr/lib \
-		-DENABLE_GTKDOC=OFF \
-		-DENABLE_GEOLOCATION=ON \
-		-DENABLE_SAMPLING_PROFILER=OFF \
+		-DCMAKE_INSTALL_LIBDIR=lib \
+		-DENABLE_DOCUMENTATION=OFF \
+		-DENABLE_JOURNALD_LOG=OFF \
 		-DENABLE_MINIBROWSER=ON \
-		-DUSE_WPE_RENDERER=OFF \
-		-DUSE_WOFF2=ON \
-		-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
-		-DUSE_LD_GOLD=OFF \
-		$_archopt \
-		..
-	# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923476
-	ninja JavaScriptCore-4-gir
-	ninja
+		-DENABLE_SAMPLING_PROFILER=OFF \
+		-DENABLE_SPELLCHECK=ON \
+		-DENABLE_SPEECH_SYNTHESIS=ON \
+		-DUSE_SOUP2=ON \
+		-DUSE_GTK4=OFF \
+		-DUSE_LIBBACKTRACE=OFF \
+		$lto \
+		$jxl \
+		$jit
+	cmake --build build
 }
 
 check() {
-	ninja -C "$builddir"/build check
+	ninja -C build check
 }
 
 package() {
-	DESTDIR="$pkgdir" ninja -C "$builddir"/build install
-	# needed for JIT
-	paxmark -m "$pkgdir"/usr/libexec/webkit2gtk-4.0/WebKitWebProcess
+	DESTDIR="$pkgdir" cmake --install build
 }
 
-sha512sums="98d47282fd8f766dbe4a74c1a3f618aaeeeed69bd0666ed4e8674ae562b634681b3bd18b0d428df6bfefbaa3e18eb4cfb2fb077f5be4fed34cbc81c8293ec33e  webkitgtk-2.26.2.tar.xz
-e1537b9937af1cb936669d405993a52204cb9968b8b3161cb12a3f3f1343c260088c9490fcd7a7deeab6dbabdb5f7ce7e6cb2f857b9f0a4205aba6db2b11fb20  fix-fast-memory-disabled.patch
-dfd5352272c02eeaae31af80eceb8158b84a92c15e4b3966912a2acdecf7e1aa1f6bf78992b88b344393b57724489e3452d57b7ab4ef7c9f2ef5acd10cb07b33  musl-fixes.patch
-c517c012f5630ef6be5be7d9592c5e042a070f849a141859edefa7984acb98dbd0d718fe6613cd35ba3b7d8530beebcc7408fd077cd914ed335c5e524e9e746a  fix-openjpeg.patch"
+sha512sums="
+b1752303f9ee38ef98c1e5c0cad001d389eaedbbf07d13fed8699104e6e311cb47a9bed7089868cb92c53d2777aaff441147353da13123d5c8eee4adf8709169  webkitgtk-2.44.1.tar.xz
+8c89d4ac737a2bd6d970fec3ecb9d0b72d61ffb9a37d4b0b56bc0106914398a65319e940c593c0305fc40d6900aac2a8b4fc3bafc9a96062063d15abd1f5039d  armv6kz.patch
+d3e3a20cf6f1447e15eec8636301fb5c4c12560e4a5d47707708425b0da8ab84e3b1a10f98c9ba4ed2e1a32a9c131055da14f8f74e8bde20d4269bf8313dc04d  armv6-musttail.patch
+49acf07095abb3c6114790b676f1fe4c1f6c4c4d66d2aed525e61291bd9857386749cc31a521e3f739758ed6d6b0e176a45543e7c58ca16c9c1b266222d362ed  cloopfix.patch
+61461d19f80108357d0469a855212308a49fb43f5a629d119f95492c3897444664cbe12beddc53d801878124a67e38b4a404d37d1ac9c0e5ce65d7586328b1d9  riscv64-no-wasm.patch
+"