Subject: CVS commit: [pkgsrc-2018Q4] pkgsrc/www/webkit-gtk
From: Benny Siegert
Date: 2019-03-06 14:43:24
Message id: 20190306134324.58A44FB16@cvs.NetBSD.org
Log Message:
Pullup ticket #5916 - requested by maya
www/webkit-gtk: security fix (remote code execution)

Revisions pulled up:
- www/webkit-gtk/Makefile                                       1.156-1.157
- www/webkit-gtk/PLIST                                          1.46
- www/webkit-gtk/distinfo                                       1.115-1.116
- www/webkit-gtk/patches/patch-Source_JavaScriptCore_dfg_DFGDoesGC.cpp 1.1

---
   Module Name:    pkgsrc
   Committed By:   leot
   Date:           Sat Feb  9 11:29:45 UTC 2019

   Modified Files:
           pkgsrc/www/webkit-gtk: Makefile PLIST distinfo

   Log Message:
   webkit-gtk: Update to 2.22.6

   pkgsrc changes:
    - Set USE_GCC_RUNTIME to depends on gcc6-libs when pkgsrc gcc is used
      (XXX: Not tested and not clear if currently mk/compiler/gcc.mk DTRT
       XXX: regarding (if not, that's probably why firefox/mozilla-common.mk
       XXX: abuses USE_PKGSRC_GCC_RUNTIME!))

   Changes:
   WebKitGTK+ 2.22.6
   =================
    - Make kinetic scrolling slow down smoothly when reaching the ends of
      pages, instead of abruptly, to better match the GTK+ behaviour.
    - Fix Web inspector magnifier under Wayland.
    - Fix garbled rendering of some websites (e.g. YouTube) while scrolling
      under X11.
    - Fix several crashes, race conditions, and rendering issues.

---
   Module Name:	pkgsrc
   Committed By:	maya
   Date:		Thu Feb 21 18:52:15 UTC 2019

   Modified Files:
   	pkgsrc/www/webkit-gtk: Makefile distinfo
   Added Files:
   	pkgsrc/www/webkit-gtk/patches:
   	    patch-Source_JavaScriptCore_dfg_DFGDoesGC.cpp

   Log Message:
   webkit-gtk: backport upstream patch. security fix.

   Subject: [PATCH] Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq
    and CompareStrictEq nodes. https://bugs.webkit.org/show_bug.cgi?id=194800
    <rdar://problem/48183773>

   Reviewed by Yusuke Suzuki.

   Fix doesGC() for the following nodes:

       CompareEq:
       CompareLess:
       CompareLessEq:
       CompareGreater:
       CompareGreaterEq:
       CompareStrictEq:
           Only return false (i.e. does not GC) for child node use kinds that have
           been vetted to not do anything that can GC.  For all other use kinds
           (including StringUse and BigIntUse), we return true (i.e. does GC).

   * dfg/DFGDoesGC.cpp:
   (JSC::DFG::doesGC):

   This was published alongside with exploit code claiming it is remote
   code execution, but I don't understand what the exploit is doing.

   bump PKGREVISION
Files:
RevisionActionfile
1.155.2.1modifypkgsrc/www/webkit-gtk/Makefile
1.45.2.1modifypkgsrc/www/webkit-gtk/PLIST
1.114.2.1modifypkgsrc/www/webkit-gtk/distinfo
1.2.2.2addpkgsrc/www/webkit-gtk/patches/patch-Source_JavaScriptCore_dfg_DFGDoesGC.cpp