summary refs log tree commit diff
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-05-19 16:54:10 +0200
committerMarius Bakke <mbakke@fastmail.com>2019-05-21 17:25:54 +0200
commit8308f0ba9e65daeadcc7e8922377b3d5e9f10e05 (patch)
tree14f657223ff51e717f5152aa22de0389c33b231d
parentb1d81ba04368f17ba6d03d3e455c3d885590bb52 (diff)
downloadguix-8308f0ba9e65daeadcc7e8922377b3d5e9f10e05.tar.gz
gnu: webkitgtk: Update to 2.24.2 [security fixes].
This fixes CVE-2019-8595, CVE-2019-8607, and CVE-2019-8615.

* gnu/packages/patches/webkitgtk-sse2.patch: Delete file.
* gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch: New file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/webkit.scm (webkitgtk-2.24): Update to 2.24.2.
[source](patches): Add the new patch; remove 'webkitgtk-sse2.patch'.
-rw-r--r--gnu/local.mk2
-rw-r--r--gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch24
-rw-r--r--gnu/packages/patches/webkitgtk-sse2.patch202
-rw-r--r--gnu/packages/webkit.scm6
4 files changed, 28 insertions, 206 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 558e6812b9..cfc16c5ac8 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1349,7 +1349,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/wavpack-CVE-2018-6767.patch		\
   %D%/packages/patches/wavpack-CVE-2018-7253.patch		\
   %D%/packages/patches/wavpack-CVE-2018-7254.patch		\
-  %D%/packages/patches/webkitgtk-sse2.patch			\
+  %D%/packages/patches/webkitgtk-sans-gstreamer-gl.patch	\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
diff --git a/gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch b/gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch
new file mode 100644
index 0000000000..4577c81edb
--- /dev/null
+++ b/gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch
@@ -0,0 +1,24 @@
+Fix build failure when USE_GSTREAMER_GL=off.  See
+<https://bugs.webkit.org/show_bug.cgi?id=196440>.
+
+This patch is taken from the upstream source repository:
+<https://git.webkit.org/?p=WebKit.git;a=commitdiff;h=e2dd6decbe25ea9498f1ba213808f34b232740c7>.
+
+diff --git a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
+index 00a2af6489e..5cb5f7536ac 100644
+--- a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
++++ b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp
+@@ -1000,11 +1000,13 @@ void MediaPlayerPrivateGStreamerBase::updateTextureMapperFlags()
+         break;
+     }
+ 
++#if USE(GSTREAMER_GL)
+     // When the imxvpudecoder is used, the texture sampling of the
+     // directviv-uploaded texture returns an RGB value, so there's no need to
+     // convert it.
+     if (m_videoDecoderPlatform != WebKitGstVideoDecoderPlatform::ImxVPU)
+         m_textureMapperFlags |= TEXTURE_MAPPER_COLOR_CONVERT_FLAG;
++#endif
+ }
+ #endif
+ 
diff --git a/gnu/packages/patches/webkitgtk-sse2.patch b/gnu/packages/patches/webkitgtk-sse2.patch
deleted file mode 100644
index df70e38919..0000000000
--- a/gnu/packages/patches/webkitgtk-sse2.patch
+++ /dev/null
@@ -1,202 +0,0 @@
-Fix build on i686.
-
-This patch is taken from upstream, with ChangeLog entries omitted.
-
-From 5048338c5f21605441c6833907d1136ac9640b35 Mon Sep 17 00:00:00 2001
-From: "mcatanzaro@igalia.com"
- <mcatanzaro@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
-Date: Wed, 10 Apr 2019 18:27:25 +0000
-Subject: [PATCH] Unreviewed, rolling out r243989.
-
-Broke i686 builds
-
-Reverted changeset:
-
-"[CMake] Detect SSE2 at compile time"
-https://bugs.webkit.org/show_bug.cgi?id=196488
-https://trac.webkit.org/changeset/243989
-
-git-svn-id: http://svn.webkit.org/repository/webkit/trunk@244138 268f45cc-cd09-0410-ab3c-d52691b4dbfc
----
- CMakeLists.txt                                | 10 ---
- ChangeLog                                     | 12 ++++
- Source/JavaScriptCore/ChangeLog               | 12 ++++
- .../assembler/MacroAssemblerX86Common.cpp     |  7 ++
- .../assembler/MacroAssemblerX86Common.h       | 30 +++++++++
- Source/cmake/FindSSE2.cmake                   | 65 -------------------
- 6 files changed, 61 insertions(+), 75 deletions(-)
- delete mode 100644 Source/cmake/FindSSE2.cmake
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index acd77f4b623..d3e8a23f9ff 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -114,16 +114,6 @@ else ()
-     set(WTF_CPU_UNKNOWN 1)
- endif ()
- 
--#---------------------------
--# Make sure SSE2 is present.
--#---------------------------
--if (WTF_CPU_X86)
--    include(FindSSE2)
--    if (NOT SSE2_SUPPORT_FOUND)
--        message(FATAL_ERROR "SSE2 support is required to compile WebKit")
--    endif ()
--endif ()
--
- # -----------------------------------------------------------------------------
- # Determine the operating system
- # -----------------------------------------------------------------------------
-diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp
-index 8c752c0d030..31753589df7 100644
---- a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp
-+++ b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp
-@@ -168,6 +168,11 @@ static_assert(PROBE_OFFSETOF_REG(cpu.fprs, X86Registers::xmm15) == PROBE_CPU_XMM
- static_assert(sizeof(Probe::State) == PROBE_SIZE, "Probe::State::size's matches ctiMasmProbeTrampoline");
- static_assert((PROBE_EXECUTOR_OFFSET + PTR_SIZE) <= (PROBE_SIZE + OUT_SIZE), "Must have room after ProbeContext to stash the probe handler");
- 
-+#if CPU(X86)
-+// SSE2 is a hard requirement on x86.
-+static_assert(isSSE2Present(), "SSE2 support is required in JavaScriptCore");
-+#endif
-+
- #undef PROBE_OFFSETOF
- 
- #if CPU(X86)
-@@ -787,6 +792,7 @@ void MacroAssemblerX86Common::collectCPUFeatures()
-     std::call_once(onceKey, [] {
-         {
-             CPUID cpuid = getCPUID(0x1);
-+            s_sse2CheckState = (cpuid[3] & (1 << 26)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear;
-             s_sse4_1CheckState = (cpuid[2] & (1 << 19)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear;
-             s_sse4_2CheckState = (cpuid[2] & (1 << 20)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear;
-             s_popcntCheckState = (cpuid[2] & (1 << 23)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear;
-@@ -803,6 +809,7 @@ void MacroAssemblerX86Common::collectCPUFeatures()
-     });
- }
- 
-+MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_sse2CheckState = CPUIDCheckState::NotChecked;
- MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_sse4_1CheckState = CPUIDCheckState::NotChecked;
- MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_sse4_2CheckState = CPUIDCheckState::NotChecked;
- MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_avxCheckState = CPUIDCheckState::NotChecked;
-diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
-index ff097290ef3..097bcb0bb86 100644
---- a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
-+++ b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h
-@@ -4197,11 +4197,41 @@ private:
-     }
- #endif
- 
-+#if CPU(X86)
-+#if OS(MAC_OS_X)
-+
-+    // All X86 Macs are guaranteed to support at least SSE2,
-+    static bool isSSE2Present()
-+    {
-+        return true;
-+    }
-+
-+#else // OS(MAC_OS_X)
-+    static bool isSSE2Present()
-+    {
-+        if (s_sse2CheckState == CPUIDCheckState::NotChecked)
-+            collectCPUFeatures();
-+        return s_sse2CheckState == CPUIDCheckState::Set;
-+    }
-+
-+#endif // OS(MAC_OS_X)
-+#elif !defined(NDEBUG) // CPU(X86)
-+
-+    // On x86-64 we should never be checking for SSE2 in a non-debug build,
-+    // but non debug add this method to keep the asserts above happy.
-+    static bool isSSE2Present()
-+    {
-+        return true;
-+    }
-+
-+#endif
-+
-     using CPUID = std::array<unsigned, 4>;
-     static CPUID getCPUID(unsigned level);
-     static CPUID getCPUIDEx(unsigned level, unsigned count);
-     JS_EXPORT_PRIVATE static void collectCPUFeatures();
- 
-+    JS_EXPORT_PRIVATE static CPUIDCheckState s_sse2CheckState;
-     JS_EXPORT_PRIVATE static CPUIDCheckState s_sse4_1CheckState;
-     JS_EXPORT_PRIVATE static CPUIDCheckState s_sse4_2CheckState;
-     JS_EXPORT_PRIVATE static CPUIDCheckState s_avxCheckState;
-diff --git a/Source/cmake/FindSSE2.cmake b/Source/cmake/FindSSE2.cmake
-deleted file mode 100644
-index 7a947feadd4..00000000000
---- a/Source/cmake/FindSSE2.cmake
-+++ /dev/null
-@@ -1,65 +0,0 @@
--#################################
--# Check for the presence of SSE2.
--#
--# Once done, this will define:
--# - SSE2_SUPPORT_FOUND - the system supports (at least) SSE2.
--#
--# Copyright (c) 2014, Pablo Fernandez Alcantarilla, Jesus Nuevo
--# Copyright (c) 2019, Igalia S.L.
--#
--# Redistribution and use in source and binary forms, with or without modification,
--# are permitted provided that the following conditions are met:
--#
--#   * Redistributions of source code must retain the above copyright notice,
--#     this list of conditions and the following disclaimer.
--#
--#   * Redistributions in binary form must reproduce the above copyright notice,
--#     this list of conditions and the following disclaimer in the documentation
--#     and/or other materials provided with the distribution.
--#
--#   * Neither the name of the copyright holders nor the names of its contributors
--#     may be used to endorse or promote products derived from this software without
--#     specific prior written permission.
--#
--# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
--# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
--# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT
--# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
--# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
--# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
--# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
--# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
--# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--
--set(SSE2_SUPPORT_FOUND FALSE)
--
--macro(CHECK_FOR_SSE2)
--    include(CheckCXXSourceRuns)
--
--    check_cxx_source_runs("
--        #include <emmintrin.h>
--        int main ()
--        {
--            __m128d a, b;
--            double vals[2] = {0};
--            a = _mm_loadu_pd (vals);
--            b = _mm_add_pd (a,a);
--            _mm_storeu_pd (vals,b);
--            return(0);
--        }"
--        HAVE_SSE2_EXTENSIONS)
--
--    if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_COMPILER_IS_CLANG)
--        if (HAVE_SSE2_EXTENSIONS)
--            set(SSE2_SUPPORT_FOUND TRUE)
--        endif ()
--    elseif (MSVC AND NOT CMAKE_CL_64)
--        if (HAVE_SSE2_EXTENSIONS)
--            set(SSE2_SUPPORT_FOUND TRUE)
--            message(STATUS "Found SSE2 extensions.")
--        endif (HAVE_SSE2_EXTENSIONS)
--    endif ()
--
--endmacro(CHECK_FOR_SSE2)
--
--CHECK_FOR_SSE2()
--- 
-2.21.0
-
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index ce69d0a7d4..e9b7ab74a7 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -168,15 +168,15 @@ HTML/CSS applications to full-fledged web browsers.")
 (define-public webkitgtk-2.24
   (package/inherit webkitgtk
     (name "webkitgtk")
-    (version "2.24.1")
+    (version "2.24.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0v9riwrmwi9wxbb8hlvcbyyxa9zxhcdk6s1xcspalk6asam8xjsk"))
-              (patches (search-patches "webkitgtk-sse2.patch"))))
+                "071jnjvjq6wsxx1jh4ql3j53h1nhphs5ga67fa5i9xjvs3qb3701"))
+              (patches (search-patches "webkitgtk-sans-gstreamer-gl.patch"))))
     (native-inputs
      `(("gcc" ,gcc-7)  ; webkitgtk-2.22 requires gcc-6 or newer
        ,@(package-native-inputs webkitgtk)))