Accepting request 746658 from GNOME:Next

- Only use wpe and xdg-dbus-proxy/bubblewrap for TW and SLE-15-SP2 / leap 15.2. - Don't pass -DENABLE_BUBBLEWRAP_SANDBOX=ON; it is on by default. - Remove conditionals for EOL versions of openSUSE. - Always build with python3; remove the conditional. Add some security fixes to changes. OBS-URL: https://build.opensuse.org/request/show/746658 OBS-URL: https://build.opensuse.org/package/show/GNOME:Factory/webkit2gtk3?expand=0&rev=237
2019-11-12 12:08:05 +00:00 · 2019-11-12 12:08:05 +00:00 · 7f5d29dad1
commit 7f5d29dad1
parent 9c9a78e282
2 changed files with 40 additions and 39 deletions
--- a/webkit2gtk3.changes
+++ b/webkit2gtk3.changes
@ -1,7 +1,16 @@
+-------------------------------------------------------------------
+Thu Nov  7 16:38:56 UTC 2019 - Michael Gorse <mgorse@suse.com>
+
+- Only use wpe and xdg-dbus-proxy/bubblewrap for TW and
+  SLE-15-SP2 / leap 15.2.
+- Don't pass -DENABLE_BUBBLEWRAP_SANDBOX=ON; it is on by default.
+- Remove conditionals for EOL versions of openSUSE.
+- Always build with python3; remove the conditional.
+
 -------------------------------------------------------------------
 Wed Nov  6 16:26:43 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 2.26.2:
+- Update to version 2.26.2 (boo#1156318):
  + Improve performance of querying system fallback fonts.
  + Don't use prgname in dbus-proxy socket path.
  + Fix thread-safety issues in image decoders.
@ -10,6 +19,7 @@ Wed Nov  6 16:26:43 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
    EGL dispaly under Wayland.
  + Fill the objects category in emoji picker.
  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2019-8812, CVE-2019-8814.

 -------------------------------------------------------------------
 Thu Sep 26 10:03:59 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
@ -33,6 +43,8 @@ Mon Sep 23 15:24:34 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  + Fix EGL initialization with newer versions of Mesa.
  + Do not enable the sandbox inside docker.
  + Fix several crashes and rendering issues.
+ ++ Security fixes: CVE-2019-8783, CVE-2019-8811, CVE-2019-8813,
+    CVE-2019-8816, CVE-2019-8819, CVE-2019-8820, CVE-2019-8823.

 -------------------------------------------------------------------
 Thu Sep 19 16:44:45 UTC 2019 - Michael Gorse <mgorse@suse.com>
@ -55,7 +67,7 @@ Thu Sep 12 21:09:23 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
 -------------------------------------------------------------------
 Mon Sep  9 09:59:58 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>

- Update to version 2.26.0:
+- Update to version 2.26.0 (boo#1155321):
  + Add support for subprocess sandboxing.
  + Add support for HSTS (HTTP Strict Transport Security).
  + Use libwpe with fdo backend to implement accelerated
@ -67,6 +79,9 @@ Mon Sep  9 09:59:58 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  + Fix rendering artifacts in youtube volume button and github
    comment box.
  + Single process model has been deprecated for security reasons.
+  + Security fixes: CVE-2019-8625, CVE-2019-8720, CVE-2019-8769,
+    CVE-2019-8771, CVE-2019-8710, CVE-2019-8743, CVE-2019-8764,
+    CVE-2019-8766, CVE-2019-8782, CVE-2019-8808, CVE-2019-8815.

 -------------------------------------------------------------------
 Tue Sep  3 12:11:49 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
@ -182,7 +197,9 @@ Wed Aug 28 12:40:21 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
    when Python 3.x was used during the build process.
  + Security fixes: CVE-2019-8644, CVE-2019-8649, CVE-2019-8658,
    CVE-2019-8669, CVE-2019-8678, CVE-2019-8680, CVE-2019-8683,
-    CVE-2019-8684, CVE-2019-8688.
+    CVE-2019-8684, CVE-2019-8688, CVE-2019-8674, CVE-2019-8707,
+    CVE-2019-8719, CVE-2019-8733, CVE-2019-8763, CVE-2019-8765,
+    CVE-2019-8821, CVE-2019-8822.
 - Drop webkit2gtk3-bwo197558-hang.patch: Fixed upstream.

 -------------------------------------------------------------------
@ -212,7 +229,8 @@ Tue Jul  2 11:17:11 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  + Fix the build with video and audio disabled.
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2019-8666, CVE-2019-8673, CVE-2019-8676,
-    CVE-2019-8681, CVE-2019-8687, CVE-2019-8689, CVE-2019-8690.
+    CVE-2019-8681, CVE-2019-8687, CVE-2019-8689, CVE-2019-8690,
+    CVE-2019-8726.
  + Updated translations.
 - Drop upstream fixed patches:
  + webkit2gtk3-bug196440-build-fix.patch.
@ -239,7 +257,7 @@ Fri May 24 08:00:33 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  + Fix several crashes and rendering issues.
  + Security fixes: CVE-2019-8595, CVE-2019-8607, CVE-2019-8615,
    CVE-2019-8671, CVE-2019-8672, CVE-2019-8677, CVE-2019-8679,
-    CVE-2019-8686.
+    CVE-2019-8686, CVE-2019-8735.
  + Updated translations.
 - Drop webkit2gtk3-fix-i586-build.patch: Fixed upstream.

@ -302,7 +320,8 @@ Wed Mar 13 13:40:11 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
  + New API to convert URI to format for display.
  + Security fixes: CVE-2019-8375 (boo#1126768), CVE-2019-8506,
    CVE-2019-8524, CVE-2019-8535, CVE-2019-8536, CVE-2019-8544,
-    CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563.
+    CVE-2019-8551, CVE-2019-8558, CVE-2019-8559, CVE-2019-8563,
+    CVE-2019-8768.

 -------------------------------------------------------------------
 Wed Mar  6 16:25:48 UTC 2019 - Bjørn Lie <bjorn.lie@gmail.com>
--- a/webkit2gtk3.spec
+++ b/webkit2gtk3.spec
@ -27,20 +27,9 @@
 %define _name webkitgtk
 # gold linker not available on old s390/s390x
 %define _gold_linker 1
-%if 0%{?suse_version} < 1320
-%ifarch s390 s390x
-%define _gold_linker 0
-%endif
-%else
 %ifarch ppc s390
 %define _gold_linker 0
 %endif
-%endif
-%if 0%{?suse_version} >= 1500
-%bcond_without python3
-%else
-%bcond_with python3
-%endif
 Name:           webkit2gtk3
 Version:        2.26.2
 Release:        0
@ -61,7 +50,9 @@ BuildRequires:  Mesa-libGLESv1_CM-devel
 BuildRequires:  Mesa-libGLESv2-devel
 BuildRequires:  Mesa-libGLESv3-devel
 BuildRequires:  bison >= 2.3
+%if 0%{?suse_version} > 1510
 BuildRequires:  bubblewrap
+%endif
 BuildRequires:  cmake
 BuildRequires:  enchant-devel
 BuildRequires:  gobject-introspection-devel
@ -73,7 +64,9 @@ BuildRequires:  ninja
 BuildRequires:  perl >= 5.10.0
 BuildRequires:  pkgconfig
 BuildRequires:  ruby >= 1.8.7
+%if 0%{?suse_version} > 1510
 BuildRequires:  xdg-dbus-proxy
+%endif
 BuildRequires:  pkgconfig(atk)
 BuildRequires:  pkgconfig(atspi-2) >= 2.5.3
 BuildRequires:  pkgconfig(cairo) >= 1.10.2
@ -107,15 +100,13 @@ BuildRequires:  pkgconfig(libxml-2.0) >= 2.8.0
 BuildRequires:  pkgconfig(libxslt) >= 1.1.7
 BuildRequires:  pkgconfig(sqlite3)
 BuildRequires:  pkgconfig(upower-glib)
+%if 0%{?suse_version} > 1510
 BuildRequires:  pkgconfig(wpe-1.0) >= 1.3.0
 BuildRequires:  pkgconfig(wpebackend-fdo-1.0) >= 1.3.0
+%endif
+BuildRequires:  gcc-c++ >= 4.9
 BuildRequires:  pkgconfig(xt)
 BuildRequires:  pkgconfig(zlib)
-%if 0%{?suse_version} == 1315
-BuildRequires:  gcc7-c++
-%else
-BuildRequires:  gcc-c++ >= 4.9
-%endif
 %if 0%{?suse_version} >= 1500
 BuildRequires:  openjpeg2
 BuildRequires:  openjpeg2-devel
@ -123,12 +114,7 @@ BuildRequires:  openjpeg2-devel
 %if 0%{?suse_version} > 1500
 BuildRequires:  pkgconfig(libwoff2dec)
 %endif
-%if %{with python3}
 BuildRequires:  python3
-%else
-BuildRequires:  python >= 2.6.0
-BuildRequires:  python2-xml
-%endif
 %if %{_gold_linker}
 BuildRequires:  binutils-gold
 %endif
@ -146,9 +132,13 @@ more.
 Summary:        Library for rendering web content, GTK+ Port
 # Require the injected bundles. The bundles are dlopen()ed
 Group:          System/Libraries
+%if 0%{?suse_version} > 1510
 Requires:       bubblewrap
+%endif
 Requires:       webkit2gtk-4_0-injected-bundles
+%if 0%{?suse_version} > 1510
 Requires:       xdg-dbus-proxy
+%endif
 Recommends:     %{_pkgname_no_slpp}-lang
 Provides:       %{_pkgname_no_slpp} = %{version}
 Obsoletes:      webkit2gtk3-plugin-process-gtk2
@ -297,9 +287,7 @@ if test -n "$max_link_jobs" -a "$max_link_jobs" -gt 1 ; then
    test "$max_link_jobs" -le 0 && max_link_jobs=1 && echo "Warning: Not linking in parallel at all becuse of memory limits"
 fi

-%if %{with python3}
 export PYTHON=%{_bindir}/python3
-%endif
 # Use linker flags to reduce memory consumption
 %if %{_gold_linker}
 %global optflags %(echo %{optflags} -Wl,--no-keep-memory | sed 's/-g /-g1 /')
@ -315,25 +303,19 @@ export PYTHON=%{_bindir}/python3
  -DCMAKE_EXE_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
  -DCMAKE_MODULE_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
  -DCMAKE_SHARED_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
-%if 0%{?suse_version} == 1315
-  -DCMAKE_C_COMPILER=gcc-7 \
-  -DCMAKE_CXX_COMPILER=g++-7 \
-  -DENABLE_WEB_CRYPTO=OFF \
-  -DUSE_GSTREAMER_GL=false \
-  -DUSE_OPENJPEG=false \
-%endif
 %if 0%{?suse_version} <= 1500
  -DUSE_WOFF2=false \
  -DENABLE_MEDIA_SOURCE=OFF \
 %endif
-%if %{with python3}
-  -DPYTHON_EXECUTABLE=%{_bindir}/python3 \
+%if 0%{?suse_version} <= 1510
+  -DUSE_WPE_RENDERER=OFF \
+  -DENABLE_BUBBLEWRAP_SANDBOX=OFF \
 %endif
+  -DPYTHON_EXECUTABLE=%{_bindir}/python3 \
 %ifarch armv6hl ppc ppc64 ppc64le riscv64 s390 s390x
  -DENABLE_JIT=OFF \
 %endif
  -DUSE_SYSTEM_MALLOC=ON \
-  -DENABLE_BUBBLEWRAP_SANDBOX=ON \

 %ninja_build -j $max_link_jobs