From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Adrian Perez de Castro <aperez@igalia.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] package/wpewebkit: security bump to version 2.36.4
Date: Sat, 16 Jul 2022 17:35:33 +0200 [thread overview]
Message-ID: <20220716153533.GE2543@scaer> (raw)
In-Reply-To: <20220713123920.892044-1-aperez@igalia.com>
Adrian, All,
On 2022-07-13 15:39 +0300, Adrian Perez de Castro spake thusly:
> Bugfix release, fixes a WPEWebProcess leak, MPRIS/MediaSession support,
> adds a missing ATSPI a11y interface, and security patches for
> CVE-2022-22677 and CVE-2022-26710.
>
> Release notes:
>
> https://wpewebkit.org/release/wpewebkit-2.36.4.html
>
> Accompanying security advisory:
>
> https://wpewebkit.org/security/WSA-2022-0006.html
>
> One patch is not included in the packaged release, and another with a
> build fix imported, which is actually a revert of a patch that made it
> into the release but can cause linking issues when using LTO.
>
> Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Applied to master, thanks.
Regards,
Yann E. MORIN.
> ---
> ...en-cross-building-for-64-bit-ARM-htt.patch | 32 ----------
> ...5034-WebKitTestRunner-shouldn-t-link.patch | 58 +++++++++++++++++++
> package/wpewebkit/wpewebkit.hash | 8 +--
> package/wpewebkit/wpewebkit.mk | 2 +-
> 4 files changed, 63 insertions(+), 37 deletions(-)
> delete mode 100644 package/wpewebkit/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
> create mode 100644 package/wpewebkit/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
>
> diff --git a/package/wpewebkit/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch b/package/wpewebkit/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
> deleted file mode 100644
> index 7c9c8666ad..0000000000
> --- a/package/wpewebkit/0001-Build-failure-when-cross-building-for-64-bit-ARM-htt.patch
> +++ /dev/null
> @@ -1,32 +0,0 @@
> -From b0c63502f004db68b485354967bb1c56c071f4eb Mon Sep 17 00:00:00 2001
> -From: Adrian Perez de Castro <aperez@igalia.com>
> -Date: Tue, 31 May 2022 00:48:21 +0300
> -Subject: [PATCH] Build failure when cross-building for 64-bit ARM
> - https://bugs.webkit.org/show_bug.cgi?id=241109
> -
> -Unreviewed build fix.
> -
> -* Source/WebCore/bindings/js/JSDOMMapLike.cpp: Add missing
> - JavaScriptCore/HashMapImplInlines.h header inclusion.
> -
> -Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
> -Upstream status: https://github.com/WebKit/WebKit/pull/1165
> ----
> - Source/WebCore/bindings/js/JSDOMMapLike.cpp | 1 +
> - 1 file changed, 1 insertion(+)
> -
> -diff --git a/Source/WebCore/bindings/js/JSDOMMapLike.cpp b/Source/WebCore/bindings/js/JSDOMMapLike.cpp
> -index e132c39fa54..2cb4b1b59a3 100644
> ---- a/Source/WebCore/bindings/js/JSDOMMapLike.cpp
> -+++ b/Source/WebCore/bindings/js/JSDOMMapLike.cpp
> -@@ -28,6 +28,7 @@
> -
> - #include "WebCoreJSClientData.h"
> - #include <JavaScriptCore/CatchScope.h>
> -+#include <JavaScriptCore/HashMapImplInlines.h>
> - #include <JavaScriptCore/JSMap.h>
> - #include <JavaScriptCore/VMTrapsInlines.h>
> -
> ---
> -2.36.1
> -
> diff --git a/package/wpewebkit/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch b/package/wpewebkit/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
> new file mode 100644
> index 0000000000..d1edd36660
> --- /dev/null
> +++ b/package/wpewebkit/0001-Revert-Merge-r295034-WebKitTestRunner-shouldn-t-link.patch
> @@ -0,0 +1,58 @@
> +From a780527a1b79538f1e1f5144e9b522d0927a2312 Mon Sep 17 00:00:00 2001
> +From: Adrian Perez de Castro <aperez@igalia.com>
> +Date: Wed, 13 Jul 2022 00:53:48 +0300
> +Subject: [PATCH] Revert "Merge r295034 - WebKitTestRunner shouldn't link
> + object files of JavaScriptCore and WebCore"
> +
> +This reverts commit 7916fda00b347ff263fbfe72c065032d1d9b523c.
> +
> +Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
> +[Upstream status: https://bugs.webkit.org/show_bug.cgi?id=241002]
> +
> +---
> + Source/JavaScriptCore/CMakeLists.txt | 12 +++++++++---
> + Tools/WebKitTestRunner/CMakeLists.txt | 1 -
> + Tools/WebKitTestRunner/PlatformGTK.cmake | 4 ++++
> + Tools/WebKitTestRunner/PlatformWin.cmake | 4 ++++
> + 4 files changed, 17 insertions(+), 4 deletions(-)
> +
> +diff --git a/Source/JavaScriptCore/CMakeLists.txt b/Source/JavaScriptCore/CMakeLists.txt
> +index 95a1300ce1b3..238208eb1137 100644
> +--- a/Source/JavaScriptCore/CMakeLists.txt
> ++++ b/Source/JavaScriptCore/CMakeLists.txt
> +@@ -456,7 +456,7 @@ if (MSVC AND NOT ENABLE_C_LOOP)
> + COMMAND ${MASM_EXECUTABLE} ${LLINT_MASM_FLAGS} ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.obj ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.asm
> + VERBATIM)
> + list(APPEND JavaScriptCore_SOURCES ${JavaScriptCore_DERIVED_SOURCES_DIR}/LowLevelInterpreterWin.obj)
> +- add_library(LowLevelInterpreterLib STATIC llint/LowLevelInterpreter.cpp)
> ++ add_library(LowLevelInterpreterLib OBJECT llint/LowLevelInterpreter.cpp)
> + else ()
> + # As there's poor toolchain support for using `.file` directives in
> + # inline asm (i.e. there's no way to avoid clashes with the `.file`
> +@@ -465,7 +465,7 @@ else ()
> + # an object file. We only need to do this for LowLevelInterpreter.cpp
> + # and cmake doesn't allow us to introduce a compiler wrapper for a
> + # single source file, so we need to create a separate target for it.
> +- add_library(LowLevelInterpreterLib STATIC llint/LowLevelInterpreter.cpp
> ++ add_library(LowLevelInterpreterLib OBJECT llint/LowLevelInterpreter.cpp
> + ${JavaScriptCore_DERIVED_SOURCES_DIR}/${LLIntOutput})
> + endif ()
> +
> +@@ -1496,7 +1496,13 @@ if (CMAKE_COMPILER_IS_GNUCXX AND GCC_OFFLINEASM_SOURCE_MAP)
> + COMPILE_OPTIONS "-fno-lto")
> + endif ()
> +
> +-list(APPEND JavaScriptCore_PRIVATE_LIBRARIES LowLevelInterpreterLib)
> ++# When building JavaScriptCore as an object library, we need to make sure the
> ++# lowlevelinterpreter lib objects get propogated.
> ++if (${JavaScriptCore_LIBRARY_TYPE} STREQUAL "OBJECT")
> ++ list(APPEND JavaScriptCore_PRIVATE_LIBRARIES $<TARGET_OBJECTS:LowLevelInterpreterLib>)
> ++else ()
> ++ list(APPEND JavaScriptCore_SOURCES $<TARGET_OBJECTS:LowLevelInterpreterLib>)
> ++endif ()
> +
> + WEBKIT_COMPUTE_SOURCES(JavaScriptCore)
> + list(APPEND JavaScriptCore_SOURCES
> +--
> +2.37.1
> +
> diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
> index 253b4756d0..2a8205d40c 100644
> --- a/package/wpewebkit/wpewebkit.hash
> +++ b/package/wpewebkit/wpewebkit.hash
> @@ -1,7 +1,7 @@
> -# From https://wpewebkit.org/releases/wpewebkit-2.36.3.tar.xz.sums
> -md5 8bc53f86a3489da31fdbb581e1b87f7a wpewebkit-2.36.3.tar.xz
> -sha1 44a3d99ae48481917ddc478c5f91e6a4faa21ff5 wpewebkit-2.36.3.tar.xz
> -sha256 66275debca7497daff3a7826734cd56262a807adb76c5dccdf257c89968c2fc8 wpewebkit-2.36.3.tar.xz
> +# From https://wpewebkit.org/releases/wpewebkit-2.36.4.tar.xz.sums
> +md5 ba8e5f5444fd50f53906a7376b25bb26 wpewebkit-2.36.4.tar.xz
> +sha1 91259642da6fe55446c3352eeeafdaa188fc14bd wpewebkit-2.36.4.tar.xz
> +sha256 307a3bedf5d4299a861f773f631c39a44c3e6276c3af37f7cbefaed2c8d7c021 wpewebkit-2.36.4.tar.xz
>
> # Hashes for license files:
> sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
> index abd09829a5..ca6833bcd1 100644
> --- a/package/wpewebkit/wpewebkit.mk
> +++ b/package/wpewebkit/wpewebkit.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WPEWEBKIT_VERSION = 2.36.3
> +WPEWEBKIT_VERSION = 2.36.4
> WPEWEBKIT_SITE = http://www.wpewebkit.org/releases
> WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
> WPEWEBKIT_INSTALL_STAGING = YES
> --
> 2.37.1
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-07-16 15:35 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-13 12:39 [Buildroot] [PATCH 1/1] package/wpewebkit: security bump to version 2.36.4 Adrian Perez de Castro
2022-07-16 15:35 ` Yann E. MORIN [this message]
2022-08-03 20:46 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220716153533.GE2543@scaer \
--to=yann.morin.1998@free.fr \
--cc=aperez@igalia.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.