Bug 281138
| Summary: | webkitgtk-2.46.3 fails to build on riscv64 (JSC, llint) | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Michael Orlitzky <michael> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | bugs-noreply, mcatanzaro |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Michael Orlitzky
After applying https://github.com/WebKit/WebKit/pull/34727, I get another FTBFS on riscv64:
/foo/bar/webkitgtk-2.46.1/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:608:78: error: expected ')' before 'OFFLINE_ASM_ALIGN_TRAP'
608 | OFFLINE_ASM_GLOBAL_LABEL_IMPL(label, OFFLINE_ASM_NO_ALT_ENTRY_DIRECTIVE, OFFLINE_ASM_ALIGN_TRAP(align), HIDE_SYMBOL)
| ^~~~~~~~~~~~~~~~~~~~~~
/foo/bar/webkitgtk-2.46.1/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:571:5: note: in definition of macro 'OFFLINE_ASM_GLOBAL_LABEL_IMPL'
571 | ALIGNMENT \
| ^~~~~~~~~
/foo/bar/webkitgtk-2.46.1_build/JavaScriptCore/DerivedSources/LLIntAssembly.h:107249:19: note: in expansion of macro 'OFFLINE_ASM_ALIGNED_GLOBAL_LABEL'
107249 | ".loc 9 210\n" OFFLINE_ASM_ALIGNED_GLOBAL_LABEL(ipint_unreachable_validate, 256)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Michael Orlitzky
Same thing in 2.46.3. There are now six public CVEs against the last version that does build:
CVE-2024-40857
Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
Credit to Ron Masas.
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting. Description: This issue was
addressed through improved state management.
WebKit Bugzilla: 268724
CVE-2024-40866
Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
Credit to Hafiizh and YoKo Kho (@yokoacc) of HakTrak.
Impact: Visiting a malicious website may lead to address bar
spoofing. Description: The issue was addressed with improved UI.
WebKit Bugzilla: 279451
CVE-2024-44187
Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd,
Pune (India).
Impact: A malicious website may exfiltrate data cross-origin.
Description: A cross-origin issue existed with "iframe" elements.
This was addressed with improved tracking of security origins.
WebKit Bugzilla: 279452
CVE-2024-44185
Versions affected: WebKitGTK and WPE WebKit before 2.46.0.
Credit to Gary Kwong.
Impact: Processing maliciously crafted web content may lead to an unexpected
process crash Description: The issue was addressed with improved checks.
WebKit Bugzilla: 276097
CVE-2024-44244
Versions affected: WebKitGTK and WPE WebKit before 2.46.3.
Credit to an anonymous researcher, Q1IQ (@q1iqF) and P1umer (@p1umer).
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A memory corruption issue was addressed with improved input validation.
WebKit Bugzilla: 279780
CVE-2024-44296
Versions affected: WebKitGTK and WPE WebKit before 2.46.3.
Credit to Narendra Bhati, Manager of Cyber Security at Suma Soft Pvt. Ltd, Pune (India).
Impact: Processing maliciously crafted web content may prevent Content Security Policy from
being enforced Description: The issue was addressed with improved checks.
WebKit Bugzilla: 278765
Michael Orlitzky
*** This bug has been marked as a duplicate of bug 274826 ***