Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 763084 Details for
Bug 831739
<net-libs/webkit-gtk-2.34.4: multiple vulnerabilites (including IndexedDB leaks)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Bump commit
0001-net-libs-webkit-gtk-security-bump-to-2.34.4.patch (text/plain), 10.02 KB, created by
Mart Raudsepp
on 2022-01-21 21:57:36 UTC
(
hide
)
Description:
Bump commit
Filename:
MIME Type:
Creator:
Mart Raudsepp
Created:
2022-01-21 21:57:36 UTC
Size:
10.02 KB
patch
obsolete
>From 181ec382bb8733865d985f452ac08e3630197601 Mon Sep 17 00:00:00 2001 >From: Mart Raudsepp <leio@gentoo.org> >Date: Fri, 21 Jan 2022 23:54:49 +0200 >Subject: [PATCH] net-libs/webkit-gtk: security bump to 2.34.4 > >Bug: https://bugs.gentoo.org/831739 >Package-Manager: Portage-3.0.20, Repoman-3.0.2 >Signed-off-by: Mart Raudsepp <leio@gentoo.org> >--- > net-libs/webkit-gtk/Manifest | 1 + > net-libs/webkit-gtk/webkit-gtk-2.34.4.ebuild | 272 +++++++++++++++++++ > 2 files changed, 273 insertions(+) > create mode 100644 net-libs/webkit-gtk/webkit-gtk-2.34.4.ebuild > >diff --git a/net-libs/webkit-gtk/Manifest b/net-libs/webkit-gtk/Manifest >index e3070fd7c04..08f22bd903c 100644 >--- a/net-libs/webkit-gtk/Manifest >+++ b/net-libs/webkit-gtk/Manifest >@@ -1 +1,2 @@ > DIST webkitgtk-2.34.3.tar.xz 24996976 BLAKE2B 03e9d15e956eddb516e7d1c74b2b0adc99659e6121aaa7795fe8d5348b25b909ed08dc6f85ec26a8058331ffbfd2e9e3f7f6e8effe0353270c7bd419171492a0 SHA512 f3d0ad2e051fc177e1a478908ad806e0a094ac7ab1d9e40049a67e868974278dd5fa84d911bed2eb356022fbe020d985370c69af70efa0e223221e9be607efbc >+DIST webkitgtk-2.34.4.tar.xz 24388604 BLAKE2B ba483a2457b25ff33d0ffb85ec7fc681390089c69c774d91821a9f23683a473ba86696bf393ba3368058227f4f9c95c84cbd3156f13ddd8331e427ecd13b84a3 SHA512 1a511ac6cb83cb602ecd8a56b3f6d00668de7fca74fcd5c6ce09e36af38b41742edc0bf572780867376aa27dd67d3aa451155f71d04bcdd3cba02c1f4f014df7 >diff --git a/net-libs/webkit-gtk/webkit-gtk-2.34.4.ebuild b/net-libs/webkit-gtk/webkit-gtk-2.34.4.ebuild >new file mode 100644 >index 00000000000..4e9e49ed57c >--- /dev/null >+++ b/net-libs/webkit-gtk/webkit-gtk-2.34.4.ebuild >@@ -0,0 +1,272 @@ >+# Copyright 1999-2022 Gentoo Authors >+# Distributed under the terms of the GNU General Public License v2 >+ >+EAPI=7 >+PYTHON_COMPAT=( python3_{8..10} ) >+USE_RUBY="ruby26 ruby27 ruby30" >+ >+inherit check-reqs cmake flag-o-matic gnome2 pax-utils python-any-r1 ruby-single toolchain-funcs virtualx >+ >+MY_P="webkitgtk-${PV}" >+DESCRIPTION="Open source web browser engine" >+HOMEPAGE="https://www.webkitgtk.org" >+SRC_URI="https://www.webkitgtk.org/releases/${MY_P}.tar.xz" >+ >+LICENSE="LGPL-2+ BSD" >+SLOT="4/37" # soname version of libwebkit2gtk-4.0 >+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~riscv ~sparc ~x86" >+ >+IUSE="aqua avif +egl examples gamepad +geolocation gles2-only gnome-keyring +gstreamer gtk-doc +introspection +jpeg2k +jumbo-build lcms libnotify seccomp spell systemd wayland +X" >+ >+# gstreamer with opengl/gles2 needs egl >+REQUIRED_USE=" >+ gles2-only? ( egl ) >+ gstreamer? ( egl ) >+ wayland? ( egl ) >+ || ( aqua wayland X ) >+" >+ >+# Tests fail to link for inexplicable reasons >+# https://bugs.webkit.org/show_bug.cgi?id=148210 >+RESTRICT="test" >+ >+# Aqua support in gtk3 is untested >+# Dependencies found at Source/cmake/OptionsGTK.cmake >+# Various compile-time optionals for gtk+-3.22.0 - ensure it >+# Missing WebRTC support, but ENABLE_MEDIA_STREAM/ENABLE_WEB_RTC is experimental upstream (PRIVATE OFF) and shouldn't be used yet in 2.30 >+# >=gst-plugins-opus-1.14.4-r1 for opusparse (required by MSE) >+# TODO: gst-plugins-base[X] is only needed when build configuration ends up with GLX set, but that's a bit automagic too to fix >+RDEPEND=" >+ >=x11-libs/cairo-1.16.0:=[X?] >+ >=media-libs/fontconfig-2.13.0:1.0 >+ >=media-libs/freetype-2.9.0:2 >+ >=dev-libs/libgcrypt-1.7.0:0= >+ >=x11-libs/gtk+-3.22.0:3[aqua?,introspection?,wayland?,X?] >+ >=media-libs/harfbuzz-1.4.2:=[icu(+)] >+ >=dev-libs/icu-61.2:= >+ virtual/jpeg:0= >+ >=net-libs/libsoup-2.54:2.4[introspection?] >+ >=dev-libs/libxml2-2.8.0:2 >+ >=media-libs/libpng-1.4:0= >+ dev-db/sqlite:3= >+ sys-libs/zlib:0 >+ >=dev-libs/atk-2.16.0 >+ media-libs/libwebp:= >+ >+ >=dev-libs/glib-2.67.1:2 >+ >=dev-libs/libxslt-1.1.7 >+ media-libs/woff2 >+ gnome-keyring? ( app-crypt/libsecret ) >+ introspection? ( >=dev-libs/gobject-introspection-1.59.1:= ) >+ dev-libs/libtasn1:= >+ spell? ( >=app-text/enchant-0.22:2 ) >+ gstreamer? ( >+ >=media-libs/gstreamer-1.14:1.0 >+ >=media-libs/gst-plugins-base-1.14:1.0[egl?,X?] >+ gles2-only? ( media-libs/gst-plugins-base:1.0[gles2] ) >+ !gles2-only? ( media-libs/gst-plugins-base:1.0[opengl] ) >+ >=media-plugins/gst-plugins-opus-1.14.4-r1:1.0 >+ >=media-libs/gst-plugins-bad-1.14:1.0 ) >+ >+ X? ( >+ x11-libs/libX11 >+ x11-libs/libXcomposite >+ x11-libs/libXdamage >+ x11-libs/libXrender >+ x11-libs/libXt ) >+ >+ libnotify? ( x11-libs/libnotify ) >+ dev-libs/hyphen >+ jpeg2k? ( >=media-libs/openjpeg-2.2.0:2= ) >+ avif? ( >=media-libs/libavif-0.9.0:= ) >+ lcms? ( media-libs/lcms:2 ) >+ >+ egl? ( media-libs/mesa[egl(+)] ) >+ gles2-only? ( media-libs/mesa[gles2] ) >+ !gles2-only? ( virtual/opengl ) >+ wayland? ( >+ dev-libs/wayland >+ >=dev-libs/wayland-protocols-1.12 >+ >=gui-libs/libwpe-1.5.0:1.0 >+ >=gui-libs/wpebackend-fdo-1.7.0:1.0 >+ ) >+ >+ seccomp? ( >+ >=sys-apps/bubblewrap-0.3.1 >+ sys-libs/libseccomp >+ sys-apps/xdg-dbus-proxy >+ ) >+ >+ systemd? ( sys-apps/systemd:= ) >+ gamepad? ( >=dev-libs/libmanette-0.2.4 ) >+" >+DEPEND="${RDEPEND}" >+# paxctl needed for bug #407085 >+# Need real bison, not yacc >+BDEPEND=" >+ ${PYTHON_DEPS} >+ ${RUBY_DEPS} >+ >=app-accessibility/at-spi2-core-2.5.3 >+ dev-util/glib-utils >+ >=dev-util/gperf-3.0.1 >+ >=sys-devel/bison-2.4.3 >+ || ( >=sys-devel/gcc-7.3 >=sys-devel/clang-5 ) >+ sys-devel/gettext >+ virtual/pkgconfig >+ >+ >=dev-lang/perl-5.10 >+ virtual/perl-Data-Dumper >+ virtual/perl-Carp >+ virtual/perl-JSON-PP >+ >+ gtk-doc? ( >=dev-util/gtk-doc-1.32 ) >+ geolocation? ( dev-util/gdbus-codegen ) >+ >=dev-util/cmake-3.10 >+" >+# test? ( >+# dev-python/pygobject:3[python_targets_python2_7] >+# x11-themes/hicolor-icon-theme >+# jit? ( sys-apps/paxctl ) ) >+RDEPEND="${RDEPEND} >+ geolocation? ( >=app-misc/geoclue-2.1.5:2.0 ) >+" >+ >+S="${WORKDIR}/${MY_P}" >+ >+CHECKREQS_DISK_BUILD="18G" # and even this might not be enough, bug #417307 >+ >+pkg_pretend() { >+ if [[ ${MERGE_TYPE} != "binary" ]] ; then >+ if is-flagq "-g*" && ! is-flagq "-g*0" ; then >+ einfo "Checking for sufficient disk space to build ${PN} with debugging CFLAGS" >+ check-reqs_pkg_pretend >+ fi >+ >+ if ! test-flag-CXX -std=c++17 ; then >+ die "You need at least GCC 7.3.x or Clang >= 5 for C++17-specific compiler flags" >+ fi >+ fi >+} >+ >+pkg_setup() { >+ if [[ ${MERGE_TYPE} != "binary" ]] && is-flagq "-g*" && ! is-flagq "-g*0" ; then >+ check-reqs_pkg_setup >+ fi >+ >+ python-any-r1_pkg_setup >+} >+ >+src_prepare() { >+ eapply "${FILESDIR}"/2.34.3-opengl-without-X-fixes.patch >+ eapply "${FILESDIR}"/2.34.3-non-jumbo-fix.patch >+ eapply "${FILESDIR}"/2.34.3-jumbo-fix.patch # bug 830638 >+ cmake_src_prepare >+ gnome2_src_prepare >+} >+ >+src_configure() { >+ # Respect CC, otherwise fails on prefix #395875 >+ tc-export CC >+ >+ # It does not compile on alpha without this in LDFLAGS >+ # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648761 >+ use alpha && append-ldflags "-Wl,--no-relax" >+ >+ # ld segfaults on ia64 with LDFLAGS --as-needed, bug #555504 >+ use ia64 && append-ldflags "-Wl,--no-as-needed" >+ >+ # Sigbuses on SPARC with mcpu and co., bug #??? >+ use sparc && filter-flags "-mvis" >+ >+ # https://bugs.webkit.org/show_bug.cgi?id=42070 , #301634 >+ use ppc64 && append-flags "-mminimal-toc" >+ >+ # Try to use less memory, bug #469942 (see Fedora .spec for reference) >+ # --no-keep-memory doesn't work on ia64, bug #502492 >+ if ! use ia64; then >+ append-ldflags $(test-flags-CCLD "-Wl,--no-keep-memory") >+ fi >+ >+ # Ruby situation is a bit complicated. See bug 513888 >+ local rubyimpl >+ local ruby_interpreter="" >+ for rubyimpl in ${USE_RUBY}; do >+ if has_version -b "virtual/rubygems[ruby_targets_${rubyimpl}]"; then >+ ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ${rubyimpl})" >+ fi >+ done >+ # This will rarely occur. Only a couple of corner cases could lead us to >+ # that failure. See bug 513888 >+ [[ -z $ruby_interpreter ]] && die "No suitable ruby interpreter found" >+ >+ # TODO: Check Web Audio support >+ # should somehow let user select between them? >+ >+ local mycmakeargs=( >+ ${ruby_interpreter} >+ $(cmake_use_find_package gles2-only OpenGLES2) >+ $(cmake_use_find_package egl EGL) >+ $(cmake_use_find_package !gles2-only OpenGL) >+ -DBWRAP_EXECUTABLE:FILEPATH="${EPREFIX}"/usr/bin/bwrap # If bubblewrap[suid] then portage makes it go-r and cmake find_program fails with that >+ -DDBUS_PROXY_EXECUTABLE:FILEPATH="${EPREFIX}"/usr/bin/xdg-dbus-proxy >+ -DPORT=GTK >+ # Source/cmake/WebKitFeatures.cmake >+ -DENABLE_API_TESTS=$(usex test) >+ -DENABLE_BUBBLEWRAP_SANDBOX=$(usex seccomp) >+ -DENABLE_GAMEPAD=$(usex gamepad) >+ -DENABLE_GEOLOCATION=$(usex geolocation) # Runtime optional (talks over dbus service) >+ -DENABLE_MINIBROWSER=$(usex examples) >+ -DENABLE_SPELLCHECK=$(usex spell) >+ -DENABLE_UNIFIED_BUILDS=$(usex jumbo-build) >+ -DENABLE_VIDEO=$(usex gstreamer) >+ -DENABLE_WEBGL=ON >+ # Supported only under ANGLE and default off PRIVATE option still@2.34.1, see >+ # https://bugs.webkit.org/show_bug.cgi?id=225563 >+ # https://bugs.webkit.org/show_bug.cgi?id=224888 >+ -DENABLE_WEBGL2=OFF >+ -DENABLE_WEB_AUDIO=$(usex gstreamer) >+ # Source/cmake/OptionsGTK.cmake >+ -DENABLE_GLES2=$(usex gles2-only) >+ -DENABLE_GTKDOC=$(usex gtk-doc) >+ -DENABLE_INTROSPECTION=$(usex introspection) >+ -DENABLE_QUARTZ_TARGET=$(usex aqua) >+ -DENABLE_WAYLAND_TARGET=$(usex wayland) >+ -DENABLE_X11_TARGET=$(usex X) >+ -DUSE_AVIF=$(usex avif) >+ -DUSE_GTK4=OFF >+ -DUSE_LCMS=$(usex lcms) >+ -DUSE_LIBHYPHEN=ON >+ -DUSE_LIBNOTIFY=$(usex libnotify) >+ -DUSE_LIBSECRET=$(usex gnome-keyring) >+ -DUSE_OPENGL_OR_ES=ON >+ -DUSE_OPENJPEG=$(usex jpeg2k) >+ -DUSE_SOUP2=ON >+ -DUSE_SYSTEMD=$(usex systemd) # Whether to enable journald logging >+ -DUSE_WOFF2=ON >+ -DUSE_WPE_RENDERER=$(usex wayland) # WPE renderer is used to implement accelerated compositing under wayland >+ ) >+ >+ # https://bugs.gentoo.org/761238 >+ append-cppflags -DNDEBUG >+ >+ WK_USE_CCACHE=NO cmake_src_configure >+} >+ >+src_compile() { >+ cmake_src_compile >+} >+ >+src_test() { >+ # Prevents test failures on PaX systems >+ pax-mark m $(list-paxables Programs/*[Tt]ests/*) # Programs/unittests/.libs/test* >+ >+ cmake_src_test >+} >+ >+src_install() { >+ cmake_src_install >+ >+ # Prevents crashes on PaX systems, bug #522808 >+ pax-mark m "${ED}/usr/libexec/webkit2gtk-4.0/jsc" "${ED}/usr/libexec/webkit2gtk-4.0/WebKitWebProcess" >+ pax-mark m "${ED}/usr/libexec/webkit2gtk-4.0/WebKitPluginProcess" >+} >-- >2.32.0 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=763084">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 831739
: 763084
