From a452fbbdb9646cb2a2f37a680a269b41f4bf215b Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Wed, 15 Jul 2020 09:44:43 -0700 Subject: webkitgtk: upgrade 2.28.2 -> 2.28.3 This is a bug fix release in the stable 2.28 series. - Enable kinetic scrolling with async scrolling. - Fix web process hangs on large GitHub pages. - Bubblewrap sandbox should not attempt to bind empty paths. - Fix threading issues in the media player. - Fix several crashes and rendering issues. Remove CVE-2020-13753.patch since fix is included in 2.28.3 Signed-off-by: Richard Purdie (cherry picked from commit 1e67e325ba620fe91ef11ab2a1029fbbc54b3c69) Signed-off-by: Steve Sakoman --- .../webkit/webkitgtk/CVE-2020-13753.patch | 15 --- meta/recipes-sato/webkit/webkitgtk_2.28.2.bb | 145 --------------------- meta/recipes-sato/webkit/webkitgtk_2.28.3.bb | 143 ++++++++++++++++++++ 3 files changed, 143 insertions(+), 160 deletions(-) delete mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch delete mode 100644 meta/recipes-sato/webkit/webkitgtk_2.28.2.bb create mode 100644 meta/recipes-sato/webkit/webkitgtk_2.28.3.bb diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch b/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch deleted file mode 100644 index d8504c2b36a..00000000000 --- a/meta/recipes-sato/webkit/webkitgtk/CVE-2020-13753.patch +++ /dev/null @@ -1,15 +0,0 @@ -Upstream-Status: Backport [https://trac.webkit.org/changeset/262368/webkit?format=diff&new=262368] -CVE: CVE-2020-13753 -Signed-off-by: Chee Yang Lee - -Index: a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp -=================================================================== ---- a/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (revision 262367) -+++ b/Source/WebKit/UIProcess/Launcher/glib/BubblewrapLauncher.cpp (revision 262368) -@@ -642,5 +642,5 @@ - int r; - if (rule.arg) -- r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 1, rule.arg); -+ r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 1, *rule.arg); - else - r = seccomp_rule_add(seccomp, SCMP_ACT_ERRNO(EPERM), scall, 0); diff --git a/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb b/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb deleted file mode 100644 index cf6b2ffae79..00000000000 --- a/meta/recipes-sato/webkit/webkitgtk_2.28.2.bb +++ /dev/null @@ -1,145 +0,0 @@ -SUMMARY = "WebKit web rendering engine for the GTK+ platform" -HOMEPAGE = "https://www.webkitgtk.org/" -BUGTRACKER = "https://bugs.webkit.org/" - -LICENSE = "BSD & LGPLv2+" -LIC_FILES_CHKSUM = "file://Source/JavaScriptCore/COPYING.LIB;md5=d0c6d6397a5d84286dda758da57bd691 \ - file://Source/WebCore/LICENSE-APPLE;md5=4646f90082c40bcf298c285f8bab0b12 \ - file://Source/WebCore/LICENSE-LGPL-2;md5=36357ffde2b64ae177b2494445b79d21 \ - file://Source/WebCore/LICENSE-LGPL-2.1;md5=a778a33ef338abbaf8b8a7c36b6eec80 \ - " - -SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ - file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \ - file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \ - file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \ - file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \ - file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \ - file://0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch \ - file://cross-compile.patch \ - file://0001-Fix-build-with-musl.patch \ - file://include_array.patch \ - file://CVE-2020-13753.patch \ - " -SRC_URI[md5sum] = "ec0ef870ca37e3a5ebbead2f268a28ec" -SRC_URI[sha256sum] = "b9d23525cfd8d22c37b5d964a9fe9a8ce7583042a2f8d3922e71e6bbc68c30bd" - -inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc - -ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" -REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'opengl', '', d)}" - -CVE_PRODUCT = "webkitgtk webkitgtk\+" - -DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libgcrypt \ - gtk+3 gstreamer1.0 gstreamer1.0-plugins-base flex-native gperf-native sqlite3 \ - pango icu bison-native gawk intltool-native libwebp \ - atk udev harfbuzz jpeg libpng librsvg libtheora libvorbis \ - ruby-native libnotify gstreamer1.0-plugins-bad \ - gettext-native glib-2.0 glib-2.0-native libtasn1 \ - " - -PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'wayland x11', d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'webgl opengl', '' ,d)} \ - ${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', 'webgl gles2' ,d)} \ - enchant \ - libsecret \ - " - -PACKAGECONFIG[wayland] = "-DENABLE_WAYLAND_TARGET=ON,-DENABLE_WAYLAND_TARGET=OFF,wayland libwpe wpebackend-fdo wayland-native" -PACKAGECONFIG[x11] = "-DENABLE_X11_TARGET=ON,-DENABLE_X11_TARGET=OFF,virtual/libx11 libxcomposite libxdamage libxrender libxt" -PACKAGECONFIG[geoclue] = "-DENABLE_GEOLOCATION=ON,-DENABLE_GEOLOCATION=OFF,geoclue" -PACKAGECONFIG[enchant] = "-DENABLE_SPELLCHECK=ON,-DENABLE_SPELLCHECK=OFF,enchant2" -PACKAGECONFIG[gles2] = "-DENABLE_GLES2=ON,-DENABLE_GLES2=OFF,virtual/libgles2" -PACKAGECONFIG[webgl] = "-DENABLE_WEBGL=ON,-DENABLE_WEBGL=OFF,virtual/libgl" -PACKAGECONFIG[opengl] = "-DENABLE_OPENGL=ON,-DENABLE_OPENGL=OFF,virtual/libgl" -PACKAGECONFIG[libsecret] = "-DUSE_LIBSECRET=ON,-DUSE_LIBSECRET=OFF,libsecret" -PACKAGECONFIG[libhyphen] = "-DUSE_LIBHYPHEN=ON,-DUSE_LIBHYPHEN=OFF,libhyphen" -PACKAGECONFIG[woff2] = "-DUSE_WOFF2=ON,-DUSE_WOFF2=OFF,woff2" -PACKAGECONFIG[openjpeg] = "-DUSE_OPENJPEG=ON,-DUSE_OPENJPEG=OFF,openjpeg" - -# webkitgtk is full of /usr/bin/env python, particular for generating docs -do_configure[postfuncs] += "setup_python_link" -setup_python_link() { - if [ ! -e ${STAGING_BINDIR_NATIVE}/python ]; then - ln -s `which python3` ${STAGING_BINDIR_NATIVE}/python - fi -} - -EXTRA_OECMAKE = " \ - -DPORT=GTK \ - -DCMAKE_BUILD_TYPE=Release \ - ${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_INTROSPECTION=ON', '-DENABLE_INTROSPECTION=OFF', d)} \ - ${@bb.utils.contains('GTKDOC_ENABLED', 'True', '-DENABLE_GTKDOC=ON', '-DENABLE_GTKDOC=OFF', d)} \ - -DENABLE_MINIBROWSER=ON \ - -DPYTHON_EXECUTABLE=`which python3` \ - -DENABLE_BUBBLEWRAP_SANDBOX=OFF \ - " - -# Javascript JIT is not supported on ARC -EXTRA_OECMAKE_append_arc = " -DENABLE_JIT=OFF " -# By default 25-bit "medium" calls are used on ARC -# which is not enough for binaries larger than 32 MiB -CFLAGS_append_arc = " -mlong-calls" -CXXFLAGS_append_arc = " -mlong-calls" - -# Javascript JIT is not supported on powerpc -EXTRA_OECMAKE_append_powerpc = " -DENABLE_JIT=OFF " -EXTRA_OECMAKE_append_powerpc64 = " -DENABLE_JIT=OFF " - -# ARM JIT code does not build on ARMv4/5/6 anymore -EXTRA_OECMAKE_append_armv5 = " -DENABLE_JIT=OFF " -EXTRA_OECMAKE_append_armv6 = " -DENABLE_JIT=OFF " -EXTRA_OECMAKE_append_armv4 = " -DENABLE_JIT=OFF " - -EXTRA_OECMAKE_append_mipsarch = " -DUSE_LD_GOLD=OFF " -EXTRA_OECMAKE_append_powerpc = " -DUSE_LD_GOLD=OFF " - -# JIT not supported on MIPS either -EXTRA_OECMAKE_append_mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON " - -# JIT not supported on X32 -# An attempt was made to upstream JIT support for x32 in -# https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as -# unresolved due to limited X32 adoption. -EXTRA_OECMAKE_append_x86-x32 = " -DENABLE_JIT=OFF " - -SECURITY_CFLAGS_remove_aarch64 = "-fpie" -SECURITY_CFLAGS_append_aarch64 = " -fPIE" - -FILES_${PN} += "${libdir}/webkit2gtk-4.0/injected-bundle/libwebkit2gtkinjectedbundle.so" - -RRECOMMENDS_${PN} += "ca-certificates shared-mime-info" - -# http://errors.yoctoproject.org/Errors/Details/20370/ -ARM_INSTRUCTION_SET_armv4 = "arm" -ARM_INSTRUCTION_SET_armv5 = "arm" -ARM_INSTRUCTION_SET_armv6 = "arm" - -# https://bugzilla.yoctoproject.org/show_bug.cgi?id=9474 -# https://bugs.webkit.org/show_bug.cgi?id=159880 -# JSC JIT can build on ARMv7 with -marm, but doesn't work on runtime. -# Upstream only tests regularly the JSC JIT on ARMv7 with Thumb2 (-mthumb). -ARM_INSTRUCTION_SET_armv7a = "thumb" -ARM_INSTRUCTION_SET_armv7r = "thumb" -ARM_INSTRUCTION_SET_armv7ve = "thumb" - -# introspection inside qemu-arm hangs forever on musl/arm builds -# therefore disable GI_DATA -GI_DATA_ENABLED_libc-musl_armv7a = "False" -GI_DATA_ENABLED_libc-musl_armv7ve = "False" - -# Can't be built with ccache -CCACHE_DISABLE = "1" - -PACKAGE_PREPROCESS_FUNCS += "src_package_preprocess" -src_package_preprocess () { - # Trim build paths from comments in generated sources to ensure reproducibility - sed -i -e "s,${WORKDIR},,g" \ - ${B}/DerivedSources/webkit2gtk/webkit2/*.cpp \ - ${B}/DerivedSources/ForwardingHeaders/JavaScriptCore/*.h \ - ${B}/DerivedSources/JavaScriptCore/*.h \ - ${B}/DerivedSources/JavaScriptCore/yarr/*.h \ - ${B}/DerivedSources/MiniBrowser/*.c -} - diff --git a/meta/recipes-sato/webkit/webkitgtk_2.28.3.bb b/meta/recipes-sato/webkit/webkitgtk_2.28.3.bb new file mode 100644 index 00000000000..44de6855489 --- /dev/null +++ b/meta/recipes-sato/webkit/webkitgtk_2.28.3.bb @@ -0,0 +1,143 @@ +SUMMARY = "WebKit web rendering engine for the GTK+ platform" +HOMEPAGE = "https://www.webkitgtk.org/" +BUGTRACKER = "https://bugs.webkit.org/" + +LICENSE = "BSD & LGPLv2+" +LIC_FILES_CHKSUM = "file://Source/JavaScriptCore/COPYING.LIB;md5=d0c6d6397a5d84286dda758da57bd691 \ + file://Source/WebCore/LICENSE-APPLE;md5=4646f90082c40bcf298c285f8bab0b12 \ + file://Source/WebCore/LICENSE-LGPL-2;md5=36357ffde2b64ae177b2494445b79d21 \ + file://Source/WebCore/LICENSE-LGPL-2.1;md5=a778a33ef338abbaf8b8a7c36b6eec80 \ + " + +SRC_URI = "https://www.webkitgtk.org/releases/${BPN}-${PV}.tar.xz \ + file://0001-FindGObjectIntrospection.cmake-prefix-variables-obta.patch \ + file://0001-When-building-introspection-files-add-CMAKE_C_FLAGS-.patch \ + file://0001-OptionsGTK.cmake-drop-the-hardcoded-introspection-gt.patch \ + file://0001-Fix-racy-parallel-build-of-WebKit2-4.0.gir.patch \ + file://0001-Tweak-gtkdoc-settings-so-that-gtkdoc-generation-work.patch \ + file://0001-Enable-THREADS_PREFER_PTHREAD_FLAG.patch \ + file://cross-compile.patch \ + file://0001-Fix-build-with-musl.patch \ + file://include_array.patch \ + " +SRC_URI[sha256sum] = "f0898ac072c220e13a4aee819408421a6cb56a6eb89170ceafe52468b0903522" + +inherit cmake pkgconfig gobject-introspection perlnative features_check upstream-version-is-even gtk-doc + +ANY_OF_DISTRO_FEATURES = "${GTK3DISTROFEATURES}" +REQUIRED_DISTRO_FEATURES = "${@bb.utils.contains('DISTRO_FEATURES', 'wayland', 'opengl', '', d)}" + +CVE_PRODUCT = "webkitgtk webkitgtk\+" + +DEPENDS = "zlib libsoup-2.4 curl libxml2 cairo libxslt libgcrypt \ + gtk+3 gstreamer1.0 gstreamer1.0-plugins-base flex-native gperf-native sqlite3 \ + pango icu bison-native gawk intltool-native libwebp \ + atk udev harfbuzz jpeg libpng librsvg libtheora libvorbis \ + ruby-native libnotify gstreamer1.0-plugins-bad \ + gettext-native glib-2.0 glib-2.0-native libtasn1 \ + " + +PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'wayland x11', d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11 opengl', 'webgl opengl', '' ,d)} \ + ${@bb.utils.contains('DISTRO_FEATURES', 'x11', '', 'webgl gles2' ,d)} \ + enchant \ + libsecret \ + " + +PACKAGECONFIG[wayland] = "-DENABLE_WAYLAND_TARGET=ON,-DENABLE_WAYLAND_TARGET=OFF,wayland libwpe wpebackend-fdo wayland-native" +PACKAGECONFIG[x11] = "-DENABLE_X11_TARGET=ON,-DENABLE_X11_TARGET=OFF,virtual/libx11 libxcomposite libxdamage libxrender libxt" +PACKAGECONFIG[geoclue] = "-DENABLE_GEOLOCATION=ON,-DENABLE_GEOLOCATION=OFF,geoclue" +PACKAGECONFIG[enchant] = "-DENABLE_SPELLCHECK=ON,-DENABLE_SPELLCHECK=OFF,enchant2" +PACKAGECONFIG[gles2] = "-DENABLE_GLES2=ON,-DENABLE_GLES2=OFF,virtual/libgles2" +PACKAGECONFIG[webgl] = "-DENABLE_WEBGL=ON,-DENABLE_WEBGL=OFF,virtual/libgl" +PACKAGECONFIG[opengl] = "-DENABLE_OPENGL=ON,-DENABLE_OPENGL=OFF,virtual/libgl" +PACKAGECONFIG[libsecret] = "-DUSE_LIBSECRET=ON,-DUSE_LIBSECRET=OFF,libsecret" +PACKAGECONFIG[libhyphen] = "-DUSE_LIBHYPHEN=ON,-DUSE_LIBHYPHEN=OFF,libhyphen" +PACKAGECONFIG[woff2] = "-DUSE_WOFF2=ON,-DUSE_WOFF2=OFF,woff2" +PACKAGECONFIG[openjpeg] = "-DUSE_OPENJPEG=ON,-DUSE_OPENJPEG=OFF,openjpeg" + +# webkitgtk is full of /usr/bin/env python, particular for generating docs +do_configure[postfuncs] += "setup_python_link" +setup_python_link() { + if [ ! -e ${STAGING_BINDIR_NATIVE}/python ]; then + ln -s `which python3` ${STAGING_BINDIR_NATIVE}/python + fi +} + +EXTRA_OECMAKE = " \ + -DPORT=GTK \ + -DCMAKE_BUILD_TYPE=Release \ + ${@bb.utils.contains('GI_DATA_ENABLED', 'True', '-DENABLE_INTROSPECTION=ON', '-DENABLE_INTROSPECTION=OFF', d)} \ + ${@bb.utils.contains('GTKDOC_ENABLED', 'True', '-DENABLE_GTKDOC=ON', '-DENABLE_GTKDOC=OFF', d)} \ + -DENABLE_MINIBROWSER=ON \ + -DPYTHON_EXECUTABLE=`which python3` \ + -DENABLE_BUBBLEWRAP_SANDBOX=OFF \ + " + +# Javascript JIT is not supported on ARC +EXTRA_OECMAKE_append_arc = " -DENABLE_JIT=OFF " +# By default 25-bit "medium" calls are used on ARC +# which is not enough for binaries larger than 32 MiB +CFLAGS_append_arc = " -mlong-calls" +CXXFLAGS_append_arc = " -mlong-calls" + +# Javascript JIT is not supported on powerpc +EXTRA_OECMAKE_append_powerpc = " -DENABLE_JIT=OFF " +EXTRA_OECMAKE_append_powerpc64 = " -DENABLE_JIT=OFF " + +# ARM JIT code does not build on ARMv4/5/6 anymore +EXTRA_OECMAKE_append_armv5 = " -DENABLE_JIT=OFF " +EXTRA_OECMAKE_append_armv6 = " -DENABLE_JIT=OFF " +EXTRA_OECMAKE_append_armv4 = " -DENABLE_JIT=OFF " + +EXTRA_OECMAKE_append_mipsarch = " -DUSE_LD_GOLD=OFF " +EXTRA_OECMAKE_append_powerpc = " -DUSE_LD_GOLD=OFF " + +# JIT not supported on MIPS either +EXTRA_OECMAKE_append_mipsarch = " -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON " + +# JIT not supported on X32 +# An attempt was made to upstream JIT support for x32 in +# https://bugs.webkit.org/show_bug.cgi?id=100450, but this was closed as +# unresolved due to limited X32 adoption. +EXTRA_OECMAKE_append_x86-x32 = " -DENABLE_JIT=OFF " + +SECURITY_CFLAGS_remove_aarch64 = "-fpie" +SECURITY_CFLAGS_append_aarch64 = " -fPIE" + +FILES_${PN} += "${libdir}/webkit2gtk-4.0/injected-bundle/libwebkit2gtkinjectedbundle.so" + +RRECOMMENDS_${PN} += "ca-certificates shared-mime-info" + +# http://errors.yoctoproject.org/Errors/Details/20370/ +ARM_INSTRUCTION_SET_armv4 = "arm" +ARM_INSTRUCTION_SET_armv5 = "arm" +ARM_INSTRUCTION_SET_armv6 = "arm" + +# https://bugzilla.yoctoproject.org/show_bug.cgi?id=9474 +# https://bugs.webkit.org/show_bug.cgi?id=159880 +# JSC JIT can build on ARMv7 with -marm, but doesn't work on runtime. +# Upstream only tests regularly the JSC JIT on ARMv7 with Thumb2 (-mthumb). +ARM_INSTRUCTION_SET_armv7a = "thumb" +ARM_INSTRUCTION_SET_armv7r = "thumb" +ARM_INSTRUCTION_SET_armv7ve = "thumb" + +# introspection inside qemu-arm hangs forever on musl/arm builds +# therefore disable GI_DATA +GI_DATA_ENABLED_libc-musl_armv7a = "False" +GI_DATA_ENABLED_libc-musl_armv7ve = "False" + +# Can't be built with ccache +CCACHE_DISABLE = "1" + +PACKAGE_PREPROCESS_FUNCS += "src_package_preprocess" +src_package_preprocess () { + # Trim build paths from comments in generated sources to ensure reproducibility + sed -i -e "s,${WORKDIR},,g" \ + ${B}/DerivedSources/webkit2gtk/webkit2/*.cpp \ + ${B}/DerivedSources/ForwardingHeaders/JavaScriptCore/*.h \ + ${B}/DerivedSources/JavaScriptCore/*.h \ + ${B}/DerivedSources/JavaScriptCore/yarr/*.h \ + ${B}/DerivedSources/MiniBrowser/*.c +} + -- cgit 1.2.3-korg