From: "Yann E. MORIN" <yann.morin.1998@free.fr>
To: Adrian Perez de Castro <aperez@igalia.com>
Cc: buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/wpewebkit: security bump to version 2.42.4
Date: Sat, 27 Jan 2024 17:25:06 +0100 [thread overview]
Message-ID: <ZbUuYpIVqwwa5Csr@landeda> (raw)
In-Reply-To: <20240123085419.1761894-1-aperez@igalia.com>
Adrian, All,
On 2024-01-23 10:54 +0200, Adrian Perez de Castro spake thusly:
> The minimum GCC version is changed to 10.x, conditionals added for
> USE_JPEGXL and USE_GBM. Both are optional and will be automatically
> enabled if the relevent packages have been enabled. GBM is recommended
> for performance, is it avoids a buffer copy on each frame rendered by
> WebKit.
Applied to master, thanks.
Regards,
Yann E. MORIN.
> Release notes:
>
> - https://wpewebkit.org/release/wpewebkit-2.40.4.html
> - https://wpewebkit.org/release/wpewebkit-2.40.5.html
> - https://wpewebkit.org/release/wpewebkit-2.42.0.html
> - https://wpewebkit.org/release/wpewebkit-2.42.1.html
> - https://wpewebkit.org/release/wpewebkit-2.42.2.html
> - https://wpewebkit.org/release/wpewebkit-2.42.3.html
> - https://wpewebkit.org/release/wpewebkit-2.42.4.html
>
> This update covers fixes for CVE-2023-37450, CVE-2023-38133,
> CVE-2023-38572, CVE-2023-38592, CVE-2023-38594, CVE-2023-38595,
> CVE-2023-38597, CVE-2023-38599, CVE-2023-38600, CVE-2023-38611,
> CVE-2023-40397, CVE-2023-39928, CVE-2023-39434, CVE-2023-40451,
> CVE-2023-41074, CVE-2023-41993, CVE-2023-32359, CVE-2023-41983,
> CVE-2023-42852, CVE-2023-42916, CVE-2023-42917, CVE-2023-42883,
> and CVE-2023-42890.
>
> Relevant security advisories:
>
> - https://wpewebkit.org/security/WSA-2023-0006.html
> - https://wpewebkit.org/security/WSA-2023-0007.html
> - https://wpewebkit.org/security/WSA-2023-0008.html
> - https://wpewebkit.org/security/WSA-2023-0009.html
> - https://wpewebkit.org/security/WSA-2023-0010.html
> - https://wpewebkit.org/security/WSA-2023-0011.html
> - https://wpewebkit.org/security/WSA-2023-0012.html
>
> Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
> ---
> package/wpewebkit/Config.in | 6 +++---
> package/wpewebkit/wpewebkit.hash | 6 +++---
> package/wpewebkit/wpewebkit.mk | 16 +++++++++++++++-
> 3 files changed, 21 insertions(+), 7 deletions(-)
>
> diff --git a/package/wpewebkit/Config.in b/package/wpewebkit/Config.in
> index 81b66f8429..432aa4c3a3 100644
> --- a/package/wpewebkit/Config.in
> +++ b/package/wpewebkit/Config.in
> @@ -16,12 +16,12 @@ config BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
> depends on BR2_TOOLCHAIN_HAS_SYNC_4
> depends on BR2_PACKAGE_LIBGPG_ERROR_ARCH_SUPPORTS # libgcrypt
>
> -comment "wpewebkit needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 9, host gcc >= 4.9"
> +comment "wpewebkit needs a toolchain w/ C++, wchar, threads, dynamic library, gcc >= 10, host gcc >= 4.9"
> depends on BR2_PACKAGE_WPEWEBKIT_ARCH_SUPPORTS
> depends on !BR2_BINFMT_FLAT
> depends on !BR2_INSTALL_LIBSTDCPP || !BR2_USE_WCHAR \
> || !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
> - || !BR2_TOOLCHAIN_GCC_AT_LEAST_9 \
> + || !BR2_TOOLCHAIN_GCC_AT_LEAST_10 \
> || !BR2_HOST_GCC_AT_LEAST_4_9
>
> comment "wpewebkit needs an OpenGL ES w/ EGL-capable Wayland backend"
> @@ -37,7 +37,7 @@ config BR2_PACKAGE_WPEWEBKIT
> depends on BR2_HOST_GCC_AT_LEAST_4_9 # icu, host-ruby
> depends on BR2_INSTALL_LIBSTDCPP # harfbuzz, icu
> depends on BR2_TOOLCHAIN_HAS_THREADS # wayland, icu, libsoup3
> - depends on BR2_TOOLCHAIN_GCC_AT_LEAST_9
> + depends on BR2_TOOLCHAIN_GCC_AT_LEAST_10
> depends on BR2_USE_WCHAR # icu, libsoup3
> depends on BR2_PACKAGE_HAS_LIBGLES # libepoxy
> depends on BR2_PACKAGE_HAS_LIBEGL # libepoxy
> diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
> index aaeea2bcda..322e494c36 100644
> --- a/package/wpewebkit/wpewebkit.hash
> +++ b/package/wpewebkit/wpewebkit.hash
> @@ -1,6 +1,6 @@
> -# From https://wpewebkit.org/releases/wpewebkit-2.40.3.tar.xz.sums
> -sha1 c840bd76b2c86cb8ca0d68b56598cb0abbafc727 wpewebkit-2.40.3.tar.xz
> -sha256 05b6a9cb1d7d03485e0dc41b2a8e6f99a36aea23d32ba3ecb38d0d6860747ada wpewebkit-2.40.3.tar.xz
> +# From https://wpewebkit.org/releases/wpewebkit-2.42.4.tar.xz.sums
> +sha1 34da38e9554586154c83fdbb5c20e353b6d97277 wpewebkit-2.42.4.tar.xz
> +sha256 8836040a3687581970b47a232b713e7023c080d5613427f52db619c29fb253a4 wpewebkit-2.42.4.tar.xz
>
> # Hashes for license files:
> sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
> index bf0b095372..13143efb38 100644
> --- a/package/wpewebkit/wpewebkit.mk
> +++ b/package/wpewebkit/wpewebkit.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WPEWEBKIT_VERSION = 2.40.3
> +WPEWEBKIT_VERSION = 2.42.4
> WPEWEBKIT_SITE = https://wpewebkit.org/releases
> WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
> WPEWEBKIT_INSTALL_STAGING = YES
> @@ -84,6 +84,13 @@ else
> WPEWEBKIT_CONF_OPTS += -DUSE_WOFF2=OFF
> endif
>
> +ifeq ($(BR2_PACKAGE_LIBJXL),y)
> +WPEWEBKIT_CONF_OPTS += -DUSE_JPEGXL=ON
> +WPEWEBKIT_DEPENDENCIES += libjxl
> +else
> +WPEWEBKIT_CONF_OPTS += -DUSE_JPEGXL=OFF
> +endif
> +
> ifeq ($(BR2_INIT_SYSTEMD),y)
> WPEWEBKIT_CONF_OPTS += -DENABLE_JOURNALD_LOG=ON
> WPEWEBKIT_DEPENDENCIES += systemd
> @@ -91,6 +98,13 @@ else
> WPEWEBKIT_CONF_OPTS += -DENABLE_JOURNALD_LOG=OFF
> endif
>
> +ifeq ($(BR2_PACKAGE_HAS_LIBGBM),y)
> +WPEWEBKIT_CONF_OPTS += -DUSE_GBM=ON
> +WPEWEBKIT_DEPENDENCIES += libgbm
> +else
> +WPEWEBKIT_CONF_OPTS += -DUSE_GBM=OFF
> +endif
> +
> # JIT is not supported for MIPS r6, but the WebKit build system does not
> # have a check for these processors. The same goes for ARMv5 and ARMv6.
> # Disable JIT forcibly here and use the CLoop interpreter instead.
> --
> 2.43.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2024-01-27 16:25 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-23 8:54 [Buildroot] [PATCH] package/wpewebkit: security bump to version 2.42.4 Adrian Perez de Castro
2024-01-27 16:25 ` Yann E. MORIN [this message]
2024-02-28 16:14 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZbUuYpIVqwwa5Csr@landeda \
--to=yann.morin.1998@free.fr \
--cc=aperez@igalia.com \
--cc=buildroot@buildroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox