281138 2024-10-09 07:17:43 -0700 webkitgtk-2.46.3 fails to build on riscv64 (JSC, llint) 2024-11-14 06:31:38 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build Unspecified Unspecified RESOLVED DUPLICATE 274826 P2 Normal --- 1 michael webkit-unassigned bugs-noreply mcatanzaro oldest_to_newest 2066510 0 michael 2024-10-09 07:17:43 -0700 After applying https://github.com/WebKit/WebKit/pull/34727, I get another FTBFS on riscv64: /foo/bar/webkitgtk-2.46.1/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:608:78: error: expected ')' before 'OFFLINE_ASM_ALIGN_TRAP' 608 | OFFLINE_ASM_GLOBAL_LABEL_IMPL(label, OFFLINE_ASM_NO_ALT_ENTRY_DIRECTIVE, OFFLINE_ASM_ALIGN_TRAP(align), HIDE_SYMBOL) | ^~~~~~~~~~~~~~~~~~~~~~ /foo/bar/webkitgtk-2.46.1/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:571:5: note: in definition of macro 'OFFLINE_ASM_GLOBAL_LABEL_IMPL' 571 | ALIGNMENT \ | ^~~~~~~~~ /foo/bar/webkitgtk-2.46.1_build/JavaScriptCore/DerivedSources/LLIntAssembly.h:107249:19: note: in expansion of macro 'OFFLINE_ASM_ALIGNED_GLOBAL_LABEL' 107249 | ".loc 9 210\n" OFFLINE_ASM_ALIGNED_GLOBAL_LABEL(ipint_unreachable_validate, 256) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2071940 1 michael 2024-10-31 12:37:58 -0700 Same thing in 2.46.3. There are now six public CVEs against the last version that does build: CVE-2024-40857 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Ron Masas. Impact: Processing maliciously crafted web content may lead to universal cross site scripting. Description: This issue was addressed through improved state management. WebKit Bugzilla: 268724 CVE-2024-40866 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Hafiizh and YoKo Kho (@yokoacc) of HakTrak. Impact: Visiting a malicious website may lead to address bar spoofing. Description: The issue was addressed with improved UI. WebKit Bugzilla: 279451 CVE-2024-44187 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India). Impact: A malicious website may exfiltrate data cross-origin. Description: A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. WebKit Bugzilla: 279452 CVE-2024-44185 Versions affected: WebKitGTK and WPE WebKit before 2.46.0. Credit to Gary Kwong. Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: The issue was addressed with improved checks. WebKit Bugzilla: 276097 CVE-2024-44244 Versions affected: WebKitGTK and WPE WebKit before 2.46.3. Credit to an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer). Impact: Processing maliciously crafted web content may lead to an unexpected process crash Description: A memory corruption issue was addressed with improved input validation. WebKit Bugzilla: 279780 CVE-2024-44296 Versions affected: WebKitGTK and WPE WebKit before 2.46.3. Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India). Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced Description: The issue was addressed with improved checks. WebKit Bugzilla: 278765 2075046 2 michael 2024-11-14 06:31:38 -0800 *** This bug has been marked as a duplicate of bug 274826 ***