kumquat-buildroot/package/webkitgtk/webkitgtk.mk
Peter Korsgaard 97ce61f633 package/webkitgtk: security bump to version 2.26.4
Fixes the following security issues:

- CVE-2020-3862: Impact: A malicious website may be able to cause a denial
  of service.  Description: A denial of service issue was addressed with
  improved memory handling.

- CVE-2020-3864: Impact: A DOM object context may not have had a unique
  security origin.  Description: A logic issue was addressed with improved
  validation.

- CVE-2020-3865: Impact: A top-level DOM object context may have incorrectly
  been considered secure.  Description: A logic issue was addressed with
  improved validation.

- CVE-2020-3867: Impact: Processing maliciously crafted web content may lead
  to universal cross site scripting.  Description: A logic issue was
  addressed with improved state management.

- CVE-2020-3868: Impact: Processing maliciously crafted web content may lead
  to arbitrary code execution.  Description: Multiple memory corruption
  issues were addressed with improved memory handling.

For more details, see the advisory:
https://webkitgtk.org/security/WSA-2020-0002.html

While we are at it, adjust the white space in the .hash function to match
the new agreements.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2020-02-16 12:54:41 +01:00

117 lines
3.5 KiB
Makefile

################################################################################
#
# webkitgtk
#
################################################################################
WEBKITGTK_VERSION = 2.26.4
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
WEBKITGTK_LICENSE = LGPL-2.1+, BSD-2-Clause
WEBKITGTK_LICENSE_FILES = \
Source/WebCore/LICENSE-APPLE \
Source/WebCore/LICENSE-LGPL-2.1
WEBKITGTK_DEPENDENCIES = host-ruby host-python host-gperf \
enchant harfbuzz icu jpeg libgcrypt libgtk3 libsecret libsoup \
libtasn1 libxml2 libxslt openjpeg sqlite webp woff2
WEBKITGTK_CONF_OPTS = \
-DENABLE_API_TESTS=OFF \
-DENABLE_GEOLOCATION=OFF \
-DENABLE_GTKDOC=OFF \
-DENABLE_INTROSPECTION=OFF \
-DENABLE_MINIBROWSER=ON \
-DENABLE_SPELLCHECK=ON \
-DPORT=GTK \
-DSILENCE_CROSS_COMPILATION_NOTICES=ON \
-DUSE_LIBNOTIFY=OFF \
-DUSE_LIBHYPHEN=OFF \
-DUSE_OPENJPEG=ON \
-DUSE_WOFF2=ON \
-DUSE_WPE_RENDERER=OFF
ifeq ($(BR2_PACKAGE_WEBKITGTK_SANDBOX),y)
WEBKITGTK_CONF_OPTS += \
-DENABLE_BUBBLEWRAP_SANDBOX=ON \
-DBWRAP_EXECUTABLE=/usr/bin/bwrap \
-DDBUS_PROXY_EXECUTABLE=/usr/bin/xdg-dbus-proxy
WEBKITGTK_DEPENDENCIES += libseccomp
else
WEBKITGTK_CONF_OPTS += -DENABLE_BUBBLEWRAP_SANDBOX=OFF
endif
ifeq ($(BR2_PACKAGE_WEBKITGTK_MULTIMEDIA),y)
WEBKITGTK_CONF_OPTS += \
-DENABLE_VIDEO=ON \
-DENABLE_WEB_AUDIO=ON
WEBKITGTK_DEPENDENCIES += gstreamer1 gst1-libav gst1-plugins-base gst1-plugins-good
else
WEBKITGTK_CONF_OPTS += \
-DENABLE_VIDEO=OFF \
-DENABLE_WEB_AUDIO=OFF
endif
ifeq ($(BR2_PACKAGE_WEBKITGTK_WEBDRIVER),y)
WEBKITGTK_CONF_OPTS += -DENABLE_WEBDRIVER=ON
else
WEBKITGTK_CONF_OPTS += -DENABLE_WEBDRIVER=OFF
endif
# Only one target platform can be built, assume X11 > Wayland
# GTK3-X11 target gives OpenGL from newer libgtk3 versions
# Consider this better than EGL + maybe GLESv2 since both can't be built
# 2D CANVAS acceleration requires OpenGL proper with cairo-gl
ifeq ($(BR2_PACKAGE_LIBGTK3_X11),y)
WEBKITGTK_CONF_OPTS += \
-DENABLE_ACCELERATED_2D_CANVAS=ON \
-DENABLE_GLES2=OFF \
-DENABLE_OPENGL=ON \
-DENABLE_X11_TARGET=ON
WEBKITGTK_DEPENDENCIES += libgl \
xlib_libXcomposite xlib_libXdamage xlib_libXrender xlib_libXt
# It can use libgtk2 for npapi plugins
ifeq ($(BR2_PACKAGE_LIBGTK2),y)
WEBKITGTK_CONF_OPTS += -DENABLE_PLUGIN_PROCESS_GTK2=ON
WEBKITGTK_DEPENDENCIES += libgtk2
else
WEBKITGTK_CONF_OPTS += -DENABLE_PLUGIN_PROCESS_GTK2=OFF
endif
else # !X11
# GTK3-BROADWAY/WAYLAND needs at least EGL
WEBKITGTK_DEPENDENCIES += libegl
# GLESv2 support is optional though
ifeq ($(BR2_PACKAGE_HAS_LIBGLES),y)
WEBKITGTK_CONF_OPTS += \
-DENABLE_GLES2=ON \
-DENABLE_OPENGL=ON
WEBKITGTK_DEPENDENCIES += libgles
else
# Disable general OpenGL (shading) if there's no GLESv2
WEBKITGTK_CONF_OPTS += \
-DENABLE_GLES2=OFF \
-DENABLE_OPENGL=OFF
endif
# We must explicitly state the wayland target
ifeq ($(BR2_PACKAGE_LIBGTK3_WAYLAND),y)
WEBKITGTK_CONF_OPTS += -DENABLE_WAYLAND_TARGET=ON
endif
endif
ifeq ($(BR2_PACKAGE_WEBKITGTK_USE_GSTREAMER_GL),y)
WEBKITGTK_CONF_OPTS += -DUSE_GSTREAMER_GL=ON
else
WEBKITGTK_CONF_OPTS += -DUSE_GSTREAMER_GL=OFF
endif
# JIT is not supported for MIPS r6, but the WebKit build system does not
# have a check for these processors. Disable JIT forcibly here and use
# the CLoop interpreter instead.
#
# Upstream bug: https://bugs.webkit.org/show_bug.cgi?id=191258
ifeq ($(BR2_MIPS_CPU_MIPS32R6)$(BR2_MIPS_CPU_MIPS64R6),y)
WEBKITGTK_CONF_OPTS += -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON
endif
$(eval $(cmake-package))