ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-07 07:26:13 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: webkitgtk: Disable SharedArrayBuffers to mitigate Spectre.

Browse source 
* gnu/packages/patches/webkitgtk-mitigate-spectre.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/webkit.scm (webkitgtk)[source]: Add patch.
This commit is contained in:
Mark H Weaver 2018-01-06 19:51:06 -05:00
parent c23243fccd
commit 56804398a9
No known key found for this signature in database
GPG key ID: 7CEF29847562C516
3 changed files with 112 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
gnu/local.mk
View file

@ -2,7 +2,7 @@
# Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org> # Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
# Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge <andreas@enge.fr> # Copyright © 2013, 2014, 2015, 2016, 2017 Andreas Enge <andreas@enge.fr>
# Copyright © 2016 Mathieu Lirzin <mthl@gnu.org> # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
# Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org> # Copyright © 2013, 2014, 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
# Copyright © 2016 Chris Marusich <cmmarusich@gmail.com> # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
# Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net> # Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
# Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org> # Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
@ -1136,6 +1136,7 @@ dist_patch_DATA = \
%D%/packages/patches/vsearch-unbundle-cityhash.patch \ %D%/packages/patches/vsearch-unbundle-cityhash.patch \
%D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \
%D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \
%D%/packages/patches/webkitgtk-mitigate-spectre.patch \
%D%/packages/patches/weechat-python.patch \ %D%/packages/patches/weechat-python.patch \
%D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \
%D%/packages/patches/wicd-get-selected-profile-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \

107
gnu/packages/patches/webkitgtk-mitigate-spectre.patch Normal file
View file

@ -0,0 +1,107 @@
Disable SharedArrayBuffers to mitigate Spectre. Based on:
https://trac.webkit.org/changeset/226386/webkit
Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org>
--- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500
+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500
@@ -338,8 +338,10 @@
WriteBarrier<Structure> m_moduleLoaderStructure;
WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
WriteBarrier<Structure> m_arrayBufferStructure;
+#if ENABLE(SHARED_ARRAY_BUFFER)
WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
WriteBarrier<Structure> m_sharedArrayBufferStructure;
+#endif
#define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
@@ -670,8 +672,13 @@
switch (sharingMode) {
case ArrayBufferSharingMode::Default:
return m_arrayBufferPrototype.get();
+#if ENABLE(SHARED_ARRAY_BUFFER)
case ArrayBufferSharingMode::Shared:
return m_sharedArrayBufferPrototype.get();
+#else
+ default:
+ return m_arrayBufferPrototype.get();
+#endif
}
}
Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
@@ -679,8 +686,13 @@
switch (sharingMode) {
case ArrayBufferSharingMode::Default:
return m_arrayBufferStructure.get();
+#if ENABLE(SHARED_ARRAY_BUFFER)
case ArrayBufferSharingMode::Shared:
return m_sharedArrayBufferStructure.get();
+#else
+ default:
+ return m_arrayBufferStructure.get();
+#endif
}
RELEASE_ASSERT_NOT_REACHED();
return nullptr;
--- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500
+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500
@@ -574,8 +574,10 @@
m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default));
m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get()));
+#if ENABLE(SHARED_ARRAY_BUFFER)
m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared));
m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
+#endif
m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
@@ -620,10 +622,11 @@
JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default);
m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
+#if ENABLE(SHARED_ARRAY_BUFFER)
JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared);
m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
-
+#endif
#define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
@@ -686,7 +689,9 @@
putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly);
putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum);
+#if ENABLE(SHARED_ARRAY_BUFFER)
putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum);
+#endif
#define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
@@ -1288,8 +1293,10 @@
visitor.append(thisObject->m_arrayBufferPrototype);
visitor.append(thisObject->m_arrayBufferStructure);
+#if ENABLE(SHARED_ARRAY_BUFFER)
visitor.append(thisObject->m_sharedArrayBufferPrototype);
visitor.append(thisObject->m_sharedArrayBufferStructure);
+#endif
#define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
visitor.append(thisObject->m_ ## lowerName ## Prototype); \
--- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400
+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500
@@ -1190,6 +1190,9 @@
#define HAVE_NS_ACTIVITY 1
#endif
+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */
+#define ENABLE_SHARED_ARRAY_BUFFER 0
+
#if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO)))
#undef ENABLE_OPENTYPE_MATH
#define ENABLE_OPENTYPE_MATH 1

5
gnu/packages/webkit.scm
View file

@ -2,7 +2,7 @@
;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com> ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com> ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org> ;;; Copyright © 2015, 2016, 2017, 2018 Mark H Weaver <mhw@netris.org>
;;; ;;;
;;; This file is part of GNU Guix. ;;; This file is part of GNU Guix.
;;; ;;;
@ -61,7 +61,8 @@ (define-public webkitgtk
name "-" version ".tar.xz")) name "-" version ".tar.xz"))
(sha256 (sha256
(base32 (base32
"1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7")))) "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))
(patches (search-patches "webkitgtk-mitigate-spectre.patch"))))
(build-system cmake-build-system) (build-system cmake-build-system)
(arguments (arguments
'(#:tests? #f ; no tests '(#:tests? #f ; no tests