NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/wpewebkit: security bump to version 2.42.4

Browse Source 
The minimum GCC version is changed to 10.x, conditionals added for
USE_JPEGXL and USE_GBM. Both are optional and will be automatically
enabled if the relevent packages have been enabled. GBM is recommended
for performance, is it avoids a buffer copy on each frame rendered by
WebKit.

Release notes:

 - https://wpewebkit.org/release/wpewebkit-2.40.4.html
 - https://wpewebkit.org/release/wpewebkit-2.40.5.html
 - https://wpewebkit.org/release/wpewebkit-2.42.0.html
 - https://wpewebkit.org/release/wpewebkit-2.42.1.html
 - https://wpewebkit.org/release/wpewebkit-2.42.2.html
 - https://wpewebkit.org/release/wpewebkit-2.42.3.html
 - https://wpewebkit.org/release/wpewebkit-2.42.4.html

This update covers fixes for CVE-2023-37450, CVE-2023-38133,
CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595,
CVE-2023-38597, CVE-2023-38599, CVE-2023-38600, CVE-2023-38611,
CVE-2023-40397, CVE-2023-39928, CVE-2023-39434, CVE-2023-40451,
CVE-2023-41074, CVE-2023-41993, CVE-2023-32359, CVE-2023-41983,
CVE-2023-42852, CVE-2023-42916, CVE-2023-42917, CVE-2023-42883,
and CVE-2023-42890.

Relevant security advisories:

 - https://wpewebkit.org/security/WSA-2023-0006.html
 - https://wpewebkit.org/security/WSA-2023-0007.html
 - https://wpewebkit.org/security/WSA-2023-0008.html
 - https://wpewebkit.org/security/WSA-2023-0009.html
 - https://wpewebkit.org/security/WSA-2023-0010.html
 - https://wpewebkit.org/security/WSA-2023-0011.html
 - https://wpewebkit.org/security/WSA-2023-0012.html

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Adrian Perez de Castro 2024-01-23 10:54:17 +02:00 committed by Yann E. MORIN
parent be3f95ed14
commit 7a8c112df7
3 changed files with 21 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/wpewebkit/Config.in
View File

@ -16,12 +16,12 @@ config BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
depends on BR2_TOOLCHAIN_HAS_SYNC_4
depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
comment "wpewebkit needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 9, host gcc >= 4.9"
comment "wpewebkit needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 10, host gcc >= 4.9"
depends on BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
depends on !BR2_BINFMT_FLAT
depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR \
|| !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_9 \
|| !BR2_TOOLCHAIN_GCC_AT_LEAST_10 \
|| !BR2_HOST_GCC_AT_LEAST_4_9
comment "wpewebkit needs an OpenGL ES w/ EGL-capable Wayland backend"
@ -37,7 +37,7 @@ config BR2_PACKAGE_WPEWEBKIT
depends on BR2_HOST_GCC_AT_LEAST_4_9 # icu, host-ruby
depends on BR2_INSTALL_LIBSTDCPP # harfbuzz, icu
depends on BR2_TOOLCHAIN_HAS_THREADS # wayland, icu, libsoup3
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_9
depends on BR2_TOOLCHAIN_GCC_AT_LEAST_10
depends on BR2_USE_WCHAR # icu, libsoup3
depends on BR2_PACKAGE_HAS_LIBGLES # libepoxy
depends on BR2_PACKAGE_HAS_LIBEGL # libepoxy

6
package/wpewebkit/wpewebkit.hash
View File

@ -1,6 +1,6 @@
# From https://wpewebkit.org/releases/wpewebkit-2.40.3.tar.xz.sums
sha1 c840bd76b2c86cb8ca0d68b56598cb0abbafc727 wpewebkit-2.40.3.tar.xz
sha256 05b6a9cb1d7d03485e0dc41b2a8e6f99a36aea23d32ba3ecb38d0d6860747ada wpewebkit-2.40.3.tar.xz
# From https://wpewebkit.org/releases/wpewebkit-2.42.4.tar.xz.sums
sha1 34da38e9554586154c83fdbb5c20e353b6d97277 wpewebkit-2.42.4.tar.xz
sha256 8836040a3687581970b47a232b713e7023c080d5613427f52db619c29fb253a4 wpewebkit-2.42.4.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE

16
package/wpewebkit/wpewebkit.mk
View File

@ -4,7 +4,7 @@
#
################################################################################
WPEWEBKIT_VERSION = 2.40.3
WPEWEBKIT_VERSION = 2.42.4
WPEWEBKIT_SITE = https://wpewebkit.org/releases
WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
WPEWEBKIT_INSTALL_STAGING = YES
@ -84,6 +84,13 @@ else
WPEWEBKIT_CONF_OPTS += -DUSE_WOFF2=OFF
endif
ifeq ($(BR2_PACKAGE_LIBJXL),y)
WPEWEBKIT_CONF_OPTS += -DUSE_JPEGXL=ON
WPEWEBKIT_DEPENDENCIES += libjxl
else
WPEWEBKIT_CONF_OPTS += -DUSE_JPEGXL=OFF
endif
ifeq ($(BR2_INIT_SYSTEMD),y)
WPEWEBKIT_CONF_OPTS += -DENABLE_JOURNALD_LOG=ON
WPEWEBKIT_DEPENDENCIES += systemd
@ -91,6 +98,13 @@ else
WPEWEBKIT_CONF_OPTS += -DENABLE_JOURNALD_LOG=OFF
endif
ifeq ($(BR2_PACKAGE_HAS_LIBGBM),y)
WPEWEBKIT_CONF_OPTS += -DUSE_GBM=ON
WPEWEBKIT_DEPENDENCIES += libgbm
else
WPEWEBKIT_CONF_OPTS += -DUSE_GBM=OFF
endif
# JIT is not supported for MIPS r6, but the WebKit build system does not
# have a check for these processors. The same goes for ARMv5 and ARMv6.
# Disable JIT forcibly here and use the CLoop interpreter instead.