This is a maintenance release of the current stable WebKitGTK+ version,
which contains bugfixes (many of them related to rendering, plus one
important fix for touch input) and many security fixes.
Release notes:
https://webkitgtk.org/2017/10/18/webkitgtk2.18.1-released.html
Fixes CVE-2017-7081, CVE-2017-7087, CVE-2017-7089, CVE-2017-7090,
CVE-2017-7091, CVE-2017-7092, CVE-2017-7093, CVE-2017-7094,
CVE-2017-7095, CVE-2017-7096, CVE-2017-7098, CVE-2017-7099,
CVE-2017-7100, CVE-2017-7102, CVE-2017-7104, CVE-2017-7107,
CVE-2017-7109, CVE-2017-7111, CVE-2017-7117, CVE-2017-7120,
CVE-2017-7142:
https://webkitgtk.org/security/WSA-2017-0008.html
Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes:
configure: WARNING: unable to find required header jpeglib.h
configure: WARNING: unable to find required library jpeg
configure: error: some required prerequisites were not found
Signed-off-by: Olivier Schonken <olivier.schonken@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Policycoreutils was broken up into several packages, as such several
changes needed to happen for this patch to work:
- Remove patches 3, 4, and 5 as they no longer apply.
- Refresh patches 1 and 2 to work with version 2.7
- Remove semodule_${deps,expand,link,package} and sestatus from the makedirs
in the mk file.
- Remove restorecond from the make and config file. (Seperate package)
- Remove Audit2allow from the make and config file. (In a different package)
- Remove the package sepolgen
- Add the package selinux-python
- Add the package restorecond
- Add the package semodule-utils
- Add the relevant Config.in.legacy options into the menu.
Because these are utilities that work on top of python, the older versions of
these utilites still work, and as such this should be a single patch.
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
The reason for combining these patches is because the
old version of setools is not compatible iwth libsepol 2.7. If a user where
to do a git pull on a patch that only updates libsepol or setools, the build
would fail to compile.
setools has been completely rewritten in python instead of C.
The current version of setools includes a few programs that require
python-qt5 or python-networkx to run, however the package does not
check to see if these exist when compiling, and will install the scripts
to the target directory even if they don't exist.
In the case of python-networkx, this package is not available on Buildroot.
The scripts that require them are: sedta and seinfoflow.
In the case of python-qt5, qpol is the script that requires it.
Some setools.mk notes to get the package to compile:
- Convert the package .mk to use python-package instead of autotools-package.
- setup.py hard codes base_lib_dirs to point to several host directories.
To fix this, sed is used before compiling to point the base_lib_dirs to
the staging directory.
- setup.py also includes the "Werror" flag, however compilers before gcc6
cause a few autogenerated variables to not be initialized before use,
causing the build to fail.
To fix this, a patch is provided that removes the Werror flag.
- Remove sedta and seinfoflow from the target system after install. These
packages rely on the package python-networkx which is not available in
buildroot.
- Remove the installed apol package and the setoolsgui directory from the
target directory if python-qt5 is not selected.
Other changes:
- Removed all patches, as they are not compatible with the new version of
setools.
- Add COPYING, COPYING.GPL, and COPYING.LGPL to setools.hash
Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
0001-Remove-incorrect-dependency-from-install-data-hook.patch is
patching Makefile.am, so we need to autoreconf. If we don't do this,
we get build failures such as:
configure.ac:3: error: version mismatch. This is Automake 1.15.1,
configure.ac:3: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:3: comes from Automake 1.15. You should recreate
configure.ac:3: aclocal.m4 with aclocal and run automake again.
WARNING: 'automake-1.15' is probably too old.
You should only need it if you modified 'Makefile.am' or
'configure.ac' or m4 files included by 'configure.ac'.
Fixes:
http://autobuild.buildroot.net/results/440c9edd34d56d9207b9f1ee326a14a1c757b27d/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Reviewed-by: Peter Seiderer <ps.report@gmx.net>
----
Changes v2 --> v3:
- use 'Hashes for license files:' instead of repeated
'Hash for license file' (suggested by Thomas Petazzoni)
Changes v2:
- add reviewed-by and minor commit title change (removed package prefix)
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Patch 0002-disable-tests.patch modifies Makefile.am, so we have to
autoreconf. It hasn't been seen until now, but becomes very clear
since the bump of automake to 1.15.1, as we're seeing build failures
such as:
configure.ac:66: error: version mismatch. This is Automake 1.15.1,
configure.ac:66: but the definition used by this AM_INIT_AUTOMAKE
configure.ac:66: comes from Automake 1.15. You should recreate
configure.ac:66: aclocal.m4 with aclocal and run automake again.
Fixes:
http://autobuild.buildroot.net/results/3402357d8e90f1866dfeaee7bb61119d80dc8bcb/
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
Fixes CVE-2017-7805 - Martin Thomson discovered that nss, the Mozilla
Network Security Service library, is prone to a use-after-free vulnerability
in the TLS 1.2 implementation when handshake hashes are generated. A remote
attacker can take advantage of this flaw to cause an application using the
nss library to crash, resulting in a denial of service, or potentially to
execute arbitrary code.
Also add a hash for the license file while we're at it.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
