See https://webkitgtk.org/security/WSA-2021-0003.html
Created attachment 225472 [details] patch poudriere testport on 14-CURRENT and runtime with local ports tree fork: OK Currently WIP (this was tested on one specific custom environment, pkg-plist wasn't tested with inverted options), waiting for the vanilla packages for 13.0-RELEASE to build (it is slow due to low power hardware), not using stuff from pkg.FreeBSD.org because it is not reproducible. Could avoid using sysinfo, though way is less different from upstream sources.
And no VuXML for now, waiting for 13.0 packages and inverted options.
Vanilla build with GSTREAMER=on fails likely due to outdated gstreamer: -std=c++17 -MD -MT Source/WebCore/CMakeFiles/WebCore.dir/platform/graphics/gstreamer/Media SampleGStreamer.cpp.o -MF Source/WebCore/CMakeFiles/WebCore.dir/platform/graphics/gstreamer/M ediaSampleGStreamer.cpp.o.d -o Source/WebCore/CMakeFiles/WebCore.dir/platform/graphics/gstrea mer/MediaSampleGStreamer.cpp.o -c /wrkdirs/usr/ports/www/webkit2-gtk3/work/webkitgtk-2.32.1/S ource/WebCore/platform/graphics/gstreamer/MediaSampleGStreamer.cpp /wrkdirs/usr/ports/www/webkit2-gtk3/work/webkitgtk-2.32.1/Source/WebCore/platform/graphics/gs treamer/MediaSampleGStreamer.cpp:178:12: error: call to implicitly-deleted copy constructor o f 'WebCore::PlatformSample' return sample; ^~~~~~ /wrkdirs/usr/ports/www/webkit2-gtk3/work/webkitgtk-2.32.1/Source/WebCore/platform/MediaSample .h:58:7: note: copy constructor of 'PlatformSample' is implicitly deleted because field 'samp le' has a deleted copy constructor } sample; ^ /wrkdirs/usr/ports/www/webkit2-gtk3/work/webkitgtk-2.32.1/Source/WebCore/platform/MediaSample .h:57:66: note: copy constructor of '' is implicitly deleted because variant field 'byteRange Sample' has a non-trivial copy constructor std::pair<MTPluginByteSourceRef, CMFormatDescriptionRef> byteRangeSample; ^ 1 error generated. multimedia/gstreamer1 is currently at 1.16.2 while repology reports 1.18.4 as the latest version. I'll try to update gstreamer, though that may be slow due to hardware.
(In reply to Evgeniy Khramtsov from comment #3) This is not related to the gstreamer version, tried with locally updated gstreamer (every plugin in a single port, not upstreamable). USE_GCC=yes:build gets past that file, but then gcc segfaults (sig 11) just before the final linking. I am not an expert in C++ to fix this, and bruteforcing this problem would be too painful with slow compile times. gnome@ is free to continue, I think I helped you as I could.
I have a WIP in my overlay that I partially built, but stopped due to limited CPU time. It involves a new (optional) dependency that the rest of GNOME 40 needs.
Created attachment 228130 [details] v2 (use "git am") GStreamer related issue bisected to: https://github.com/WebKit/WebKit/commit/11ccaf183fad Updated to 2.34.0: build passed on 13.0/amd64 poudriere jail with vanilla ports. Yet to test runtime and 12.2/{amd64,i386}, likely 24-25 Sep if anyone won't help.
Created attachment 228155 [details] v2.1 (use "git am") Runtime OK on FreeBSD/amd64 13.0 jail (passed /dev for DRM backend for x11-wm/cage), build passed on 12.2/{amd64,i386}. Additionally tested with multimedia/gstreamer1-plugins-core, YouTube (VP9) and html5test.com, seems to be fine. Likely needs VuXML entries (soon), but I wanted to tell that this patch is OK.
Created attachment 228156 [details] VuXML entry Attach https://webkitgtk.org/security/WSA-2021-0005.html entry. This is one from the 0001...0005 range, I don't know how to put multiple entries properly (one VuXML entry that has multiple report pages vs each entry per report page, in one commit or separate, etc), and make validate doesn't like auto-indentation in $EDITOR. gnome@, please land the security fixes in newer webkit2-gtk3.
Thank you work this work, I will test it asap. Small remark, the patch on ramsize.cpp is not necessary anymore if I read the code correctly the fallback on sysconf for non unix should work on freebsd, if you don't mind I will just drop it from your patch before pushing it (if the testing shows it works correctly).
forget what I said about the ramsize patch, you did the right thing :D I miss read the patch
still fail on me with call to implicitly-deleted copy constructor of 'WebCore::PlatformSample'... Maybe you forgot to git add something?
(In reply to Baptiste Daroussin from comment #11) It builds: https://codeberg.org/ei/misc/raw/branch/main/webkit2-gtk3-2.34.0.log I also started another build today, and it is OK too: Vanilla 13.0/amd64 jail, default OPTIONS, v2.1 applied via "git am" on top of: commit 9cdd29dbcd463b6a51cf8e9e6228fe05be081887 Author: TAKATSU Tomonari <tota@FreeBSD.org> Date: Sat Sep 25 07:07:27 2021 +0000 security/R-cran-digest: Update to 0.6.28 log: https://codeberg.org/ei/misc/raw/branch/main/new-webkit2-gtk3-2.34.0.log
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=2af423a9b6934746475dd8d4fd7d699597e70b78 commit 2af423a9b6934746475dd8d4fd7d699597e70b78 Author: Evgeniy Khramtsov <evgeniy@khramtsov.org> AuthorDate: 2021-09-24 22:28:18 +0000 Commit: Baptiste Daroussin <bapt@FreeBSD.org> CommitDate: 2021-09-27 08:39:45 +0000 security/vuxml: add www/webkit2-gtk3 PR: 255528 Obtained from: https://webkitgtk.org/security/WSA-2021-0005.html security/vuxml/vuln-2021.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=895bc805a975e4d6848427d88063cc8651e36fe4 commit 895bc805a975e4d6848427d88063cc8651e36fe4 Author: Evgeniy Khramtsov <evgeniy@khramtsov.org> AuthorDate: 2021-09-22 22:57:30 +0000 Commit: Baptiste Daroussin <bapt@FreeBSD.org> CommitDate: 2021-09-27 08:38:52 +0000 www/webkit2-gtk3: update to 2.34.0 PR: 255528 Changes: https://webkitgtk.org/2021/03/18/webkitgtk2.30.6-released.html https://webkitgtk.org/2021/03/26/webkitgtk2.32.0-released.html https://webkitgtk.org/2021/05/10/webkitgtk2.32.1-released.html https://webkitgtk.org/2021/05/14/webkitgtk2.33.1-released.html https://webkitgtk.org/2021/06/08/webkitgtk2.33.2-released.html https://webkitgtk.org/2021/07/09/webkitgtk2.32.2-released.html https://webkitgtk.org/2021/07/23/webkitgtk2.32.3-released.html https://webkitgtk.org/2021/08/16/webkitgtk2.33.3-released.html https://webkitgtk.org/2021/09/17/webkitgtk2.32.4-released.html https://webkitgtk.org/2021/09/22/webkitgtk2.34.0-released.html www/webkit2-gtk3/Makefile | 13 +- www/webkit2-gtk3/distinfo | 6 +- www/webkit2-gtk3/files/patch-CMakeLists.txt (gone) | 14 -- .../files/patch-Source-cmake-OptionsCommon.cmake | 12 +- ...ource_JavaScriptCore_assembler_ARM64Assembler.h | 4 +- ...ource_JavaScriptCore_assembler_ARMv7Assembler.h | 4 +- ...urce_JavaScriptCore_jit_ExecutableAllocator.cpp | 4 +- .../files/patch-Source_JavaScriptCore_jsc.cpp | 4 +- ...patch-Source_JavaScriptCore_offlineasm_arm64.rb | 4 +- ...rce_JavaScriptCore_runtime_NativeExecutable.cpp | 4 +- .../files/patch-Source_WTF_wtf_RAMSize.cpp | 27 +-- ...urce_WTF_wtf_unix_MemoryPressureHandlerUnix.cpp | 4 +- ...e_platform_graphics_egl_GLContextEGL.cpp (gone) | 11 -- ...form_graphics_x11_PlatformDisplayX11.cpp (gone) | 23 --- .../patch-Source_WebCore_platform_network_DNS.h | 4 +- .../files/patch-Source_bmalloc_bmalloc_BPlatform.h | 4 +- .../patch-Source_cmake_WebKitCommon.cmake (new) | 14 ++ .../files/patch-revert-11ccaf183fad (new) | 211 +++++++++++++++++++++ www/webkit2-gtk3/pkg-plist | 7 +- 19 files changed, 275 insertions(+), 99 deletions(-)
thanks a lot, it was a pebkac on my side the failure, everything working fine, I have pushed everything!
(In reply to Evgeniy Khramtsov from comment #3) Caused by std::pair ABI incompatibility, see https://reviews.freebsd.org/D35327