From 8308f0ba9e65daeadcc7e8922377b3d5e9f10e05 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Sun, 19 May 2019 16:54:10 +0200 Subject: [PATCH] gnu: webkitgtk: Update to 2.24.2 [security fixes]. This fixes CVE-2019-8595, CVE-2019-8607, and CVE-2019-8615. * gnu/packages/patches/webkitgtk-sse2.patch: Delete file. * gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch: New file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/webkit.scm (webkitgtk-2.24): Update to 2.24.2. [source](patches): Add the new patch; remove 'webkitgtk-sse2.patch'. --- gnu/local.mk | 2 +- .../patches/webkitgtk-sans-gstreamer-gl.patch | 24 +++ gnu/packages/patches/webkitgtk-sse2.patch | 202 ------------------ gnu/packages/webkit.scm | 6 +- 4 files changed, 28 insertions(+), 206 deletions(-) create mode 100644 gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch delete mode 100644 gnu/packages/patches/webkitgtk-sse2.patch diff --git a/gnu/local.mk b/gnu/local.mk index 558e6812b9..cfc16c5ac8 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1349,7 +1349,7 @@ dist_patch_DATA = \ %D%/packages/patches/wavpack-CVE-2018-6767.patch \ %D%/packages/patches/wavpack-CVE-2018-7253.patch \ %D%/packages/patches/wavpack-CVE-2018-7254.patch \ - %D%/packages/patches/webkitgtk-sse2.patch \ + %D%/packages/patches/webkitgtk-sans-gstreamer-gl.patch \ %D%/packages/patches/weechat-python.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch b/gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch new file mode 100644 index 0000000000..4577c81edb --- /dev/null +++ b/gnu/packages/patches/webkitgtk-sans-gstreamer-gl.patch @@ -0,0 +1,24 @@ +Fix build failure when USE_GSTREAMER_GL=off. See +. + +This patch is taken from the upstream source repository: +. + +diff --git a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp +index 00a2af6489e..5cb5f7536ac 100644 +--- a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp ++++ b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamerBase.cpp +@@ -1000,11 +1000,13 @@ void MediaPlayerPrivateGStreamerBase::updateTextureMapperFlags() + break; + } + ++#if USE(GSTREAMER_GL) + // When the imxvpudecoder is used, the texture sampling of the + // directviv-uploaded texture returns an RGB value, so there's no need to + // convert it. + if (m_videoDecoderPlatform != WebKitGstVideoDecoderPlatform::ImxVPU) + m_textureMapperFlags |= TEXTURE_MAPPER_COLOR_CONVERT_FLAG; ++#endif + } + #endif + diff --git a/gnu/packages/patches/webkitgtk-sse2.patch b/gnu/packages/patches/webkitgtk-sse2.patch deleted file mode 100644 index df70e38919..0000000000 --- a/gnu/packages/patches/webkitgtk-sse2.patch +++ /dev/null @@ -1,202 +0,0 @@ -Fix build on i686. - -This patch is taken from upstream, with ChangeLog entries omitted. - -From 5048338c5f21605441c6833907d1136ac9640b35 Mon Sep 17 00:00:00 2001 -From: "mcatanzaro@igalia.com" - -Date: Wed, 10 Apr 2019 18:27:25 +0000 -Subject: [PATCH] Unreviewed, rolling out r243989. - -Broke i686 builds - -Reverted changeset: - -"[CMake] Detect SSE2 at compile time" -https://bugs.webkit.org/show_bug.cgi?id=196488 -https://trac.webkit.org/changeset/243989 - -git-svn-id: http://svn.webkit.org/repository/webkit/trunk@244138 268f45cc-cd09-0410-ab3c-d52691b4dbfc ---- - CMakeLists.txt | 10 --- - ChangeLog | 12 ++++ - Source/JavaScriptCore/ChangeLog | 12 ++++ - .../assembler/MacroAssemblerX86Common.cpp | 7 ++ - .../assembler/MacroAssemblerX86Common.h | 30 +++++++++ - Source/cmake/FindSSE2.cmake | 65 ------------------- - 6 files changed, 61 insertions(+), 75 deletions(-) - delete mode 100644 Source/cmake/FindSSE2.cmake - -diff --git a/CMakeLists.txt b/CMakeLists.txt -index acd77f4b623..d3e8a23f9ff 100644 ---- a/CMakeLists.txt -+++ b/CMakeLists.txt -@@ -114,16 +114,6 @@ else () - set(WTF_CPU_UNKNOWN 1) - endif () - --#--------------------------- --# Make sure SSE2 is present. --#--------------------------- --if (WTF_CPU_X86) -- include(FindSSE2) -- if (NOT SSE2_SUPPORT_FOUND) -- message(FATAL_ERROR "SSE2 support is required to compile WebKit") -- endif () --endif () -- - # ----------------------------------------------------------------------------- - # Determine the operating system - # ----------------------------------------------------------------------------- -diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp -index 8c752c0d030..31753589df7 100644 ---- a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp -+++ b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.cpp -@@ -168,6 +168,11 @@ static_assert(PROBE_OFFSETOF_REG(cpu.fprs, X86Registers::xmm15) == PROBE_CPU_XMM - static_assert(sizeof(Probe::State) == PROBE_SIZE, "Probe::State::size's matches ctiMasmProbeTrampoline"); - static_assert((PROBE_EXECUTOR_OFFSET + PTR_SIZE) <= (PROBE_SIZE + OUT_SIZE), "Must have room after ProbeContext to stash the probe handler"); - -+#if CPU(X86) -+// SSE2 is a hard requirement on x86. -+static_assert(isSSE2Present(), "SSE2 support is required in JavaScriptCore"); -+#endif -+ - #undef PROBE_OFFSETOF - - #if CPU(X86) -@@ -787,6 +792,7 @@ void MacroAssemblerX86Common::collectCPUFeatures() - std::call_once(onceKey, [] { - { - CPUID cpuid = getCPUID(0x1); -+ s_sse2CheckState = (cpuid[3] & (1 << 26)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear; - s_sse4_1CheckState = (cpuid[2] & (1 << 19)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear; - s_sse4_2CheckState = (cpuid[2] & (1 << 20)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear; - s_popcntCheckState = (cpuid[2] & (1 << 23)) ? CPUIDCheckState::Set : CPUIDCheckState::Clear; -@@ -803,6 +809,7 @@ void MacroAssemblerX86Common::collectCPUFeatures() - }); - } - -+MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_sse2CheckState = CPUIDCheckState::NotChecked; - MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_sse4_1CheckState = CPUIDCheckState::NotChecked; - MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_sse4_2CheckState = CPUIDCheckState::NotChecked; - MacroAssemblerX86Common::CPUIDCheckState MacroAssemblerX86Common::s_avxCheckState = CPUIDCheckState::NotChecked; -diff --git a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h -index ff097290ef3..097bcb0bb86 100644 ---- a/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h -+++ b/Source/JavaScriptCore/assembler/MacroAssemblerX86Common.h -@@ -4197,11 +4197,41 @@ private: - } - #endif - -+#if CPU(X86) -+#if OS(MAC_OS_X) -+ -+ // All X86 Macs are guaranteed to support at least SSE2, -+ static bool isSSE2Present() -+ { -+ return true; -+ } -+ -+#else // OS(MAC_OS_X) -+ static bool isSSE2Present() -+ { -+ if (s_sse2CheckState == CPUIDCheckState::NotChecked) -+ collectCPUFeatures(); -+ return s_sse2CheckState == CPUIDCheckState::Set; -+ } -+ -+#endif // OS(MAC_OS_X) -+#elif !defined(NDEBUG) // CPU(X86) -+ -+ // On x86-64 we should never be checking for SSE2 in a non-debug build, -+ // but non debug add this method to keep the asserts above happy. -+ static bool isSSE2Present() -+ { -+ return true; -+ } -+ -+#endif -+ - using CPUID = std::array; - static CPUID getCPUID(unsigned level); - static CPUID getCPUIDEx(unsigned level, unsigned count); - JS_EXPORT_PRIVATE static void collectCPUFeatures(); - -+ JS_EXPORT_PRIVATE static CPUIDCheckState s_sse2CheckState; - JS_EXPORT_PRIVATE static CPUIDCheckState s_sse4_1CheckState; - JS_EXPORT_PRIVATE static CPUIDCheckState s_sse4_2CheckState; - JS_EXPORT_PRIVATE static CPUIDCheckState s_avxCheckState; -diff --git a/Source/cmake/FindSSE2.cmake b/Source/cmake/FindSSE2.cmake -deleted file mode 100644 -index 7a947feadd4..00000000000 ---- a/Source/cmake/FindSSE2.cmake -+++ /dev/null -@@ -1,65 +0,0 @@ --################################# --# Check for the presence of SSE2. --# --# Once done, this will define: --# - SSE2_SUPPORT_FOUND - the system supports (at least) SSE2. --# --# Copyright (c) 2014, Pablo Fernandez Alcantarilla, Jesus Nuevo --# Copyright (c) 2019, Igalia S.L. --# --# Redistribution and use in source and binary forms, with or without modification, --# are permitted provided that the following conditions are met: --# --# * Redistributions of source code must retain the above copyright notice, --# this list of conditions and the following disclaimer. --# --# * Redistributions in binary form must reproduce the above copyright notice, --# this list of conditions and the following disclaimer in the documentation --# and/or other materials provided with the distribution. --# --# * Neither the name of the copyright holders nor the names of its contributors --# may be used to endorse or promote products derived from this software without --# specific prior written permission. --# --# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY --# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES --# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT --# SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, --# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED --# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR --# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN --# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY --# WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -- --set(SSE2_SUPPORT_FOUND FALSE) -- --macro(CHECK_FOR_SSE2) -- include(CheckCXXSourceRuns) -- -- check_cxx_source_runs(" -- #include -- int main () -- { -- __m128d a, b; -- double vals[2] = {0}; -- a = _mm_loadu_pd (vals); -- b = _mm_add_pd (a,a); -- _mm_storeu_pd (vals,b); -- return(0); -- }" -- HAVE_SSE2_EXTENSIONS) -- -- if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_COMPILER_IS_CLANG) -- if (HAVE_SSE2_EXTENSIONS) -- set(SSE2_SUPPORT_FOUND TRUE) -- endif () -- elseif (MSVC AND NOT CMAKE_CL_64) -- if (HAVE_SSE2_EXTENSIONS) -- set(SSE2_SUPPORT_FOUND TRUE) -- message(STATUS "Found SSE2 extensions.") -- endif (HAVE_SSE2_EXTENSIONS) -- endif () -- --endmacro(CHECK_FOR_SSE2) -- --CHECK_FOR_SSE2() --- -2.21.0 - diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index ce69d0a7d4..e9b7ab74a7 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -168,15 +168,15 @@ (define-public webkitgtk (define-public webkitgtk-2.24 (package/inherit webkitgtk (name "webkitgtk") - (version "2.24.1") + (version "2.24.2") (source (origin (method url-fetch) (uri (string-append "https://www.webkitgtk.org/releases/" name "-" version ".tar.xz")) (sha256 (base32 - "0v9riwrmwi9wxbb8hlvcbyyxa9zxhcdk6s1xcspalk6asam8xjsk")) - (patches (search-patches "webkitgtk-sse2.patch")))) + "071jnjvjq6wsxx1jh4ql3j53h1nhphs5ga67fa5i9xjvs3qb3701")) + (patches (search-patches "webkitgtk-sans-gstreamer-gl.patch")))) (native-inputs `(("gcc" ,gcc-7) ; webkitgtk-2.22 requires gcc-6 or newer ,@(package-native-inputs webkitgtk)))