Includes fix for CVE-2024-54551, CVE-2025-24208, CVE-2025-24209,
CVE-2025-24213, CVE-2025-24216, CVE-2025-24264 and CVE-2025-30427
Changelog:
=========
- Limit the data stored in session state.
- Remove the empty area below the title bar in Web Inspector when not docked.
- Fix the build with GST_DISABLE_GST_DEBUG.
- Fix the build with GStreamer < 1.20.
- Fix the build with video disabled.
- Fix the build with clang 20.
Drop 0001-EnumTraits.h-error-no-matching-function-for-call-to-.patch
and 0001-Cherry-pick-292304-main-7ffc29624258-.-https-bugs.we.patch
which are part of upgrade.
(From OE-Core rev: 2a1fd538e42a8721b4f49135e14771cc1d646588)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
assertions have new knob in 2.48, add a packageconfig to control it
(From OE-Core rev: b4c1e115b063761e60956c93dff53e1a04391bda)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
As we just match on product by default, ignore three CVEs which are
for the "Puzzles" WordPress theme by ThemeREX (CPE themerex:puzzles).
(From OE-Core rev: 87326573c82ac1e8dc335319442236ef2341501e)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
- Fix ABI break accidentally introduced in the 1.16.2 release.
(From OE-Core rev: 747f719b7368129b1ba5502cd80773f0e37778b7)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Includes fix for CVE-2025-24143, CVE-2025-24150, CVE-2025-24158 and
CVE-2025-24162
Drop 0001-Support-ICU-76.1-build.patch fix is part of upgrade.
Changelog:
==========
- Fix a crash when enabling Skia CPU rendering.
- Fix several crashes and rendering issues.
(From OE-Core rev: 289e09c1a090d06146406886d4763dd22203c231)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Gold hasn't seen development in some time and is being dropped from binutils
releases. Drop the small number of special cases for it we were carrying.
This patch also turns off gold in the binutils recipe.
(From OE-Core rev: a4addb9ab63011e7c604fc5daff95559e7d214e7)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Recipes are much more readable with whitespace around the assignment operators.
Fix various assignments in OE-Core to show this is definitely the preferred
formatting.
(From OE-Core rev: 30ea609d3357fb3de911f2f6a5e6856c151b976a)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
It does not compile anymore with 2.46+ as we dropped the patch
https://bugs.webkit.org/show_bug.cgi?id=250681
This patch it seems is still needed but has not yet been
accepted upstream yet.
(From OE-Core rev: be5dd5630a0fa53d16b661b088d6b4fb31e8e9b2)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Fix the build with GBM and release logs disabled.
- Fix several crashes and rendering issues.
(From OE-Core rev: e646c209273130c67496491d772a1eee55c82de9)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a fix needed in angle module which is vendored in webkit repo.
glibc does not define SYS_futex on 32bit arches with 64bit time_t only
e.g. riscv32
(From OE-Core rev: fab8dbdc48b6ae59bb1ea4cb47204f99f195b12c)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Drop 0001-Fix-build-issues-with-latest-Clang.patch
(backport)
30e1d5e22213fdaca2a29ec3400c927d710a37a8.patch
(issue fixed upstream)
Add an option that when absent causes a build failure.
(From OE-Core rev: dc72933c3393339c7e8b50f62a16832aeac32887)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Without this change, TIC is the native tic in recipe-sysroot-native.
By default, native tic has set its default terminfo path to native path:
${datadir}/terminfo; $HOME/.terminfo
When sstate cache is used, the cached native tic's terminfo path could
be a path not exist on current host, then native tic will try to install
terminfo to HOME dir, cause host contamination.
Disable the terminfo installation by setting TIC to :
(From OE-Core rev: fe35ead2c3135a18c346e7baa31d34b15c3e2d95)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Ths allows us to upgrade icu.
(From OE-Core rev: 059155fbcf799507cb58e35dbe5830d8ae9dfea3)
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Add a RPROVIDES for virtual-x-terminal-emulator, so that:
- Packages can RDEPEND on virtual-x-terminal-emulator and know that they
have installed a terminal
- The x-terminal-emulator binary will (via alternatives) run a terminal
We don't bother with PROVIDES because nobody needs to DEPEND on a terminal,
the entire point of this is that the actual binary is interchangable.
(From OE-Core rev: e1261ed6c3af803371f7a53eff18015828947d30)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
rxvt is a classic X11 application, so add the feature check so it doesn't
get pulled into world builds without x11.
(From OE-Core rev: 3530b250e32fb0f164899d60019633d2ecf8ef67)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
The point of the virtual-x-terminal-emulator alternative was to provide
a single binary that executes whatever terminal has been installed. This
is a runtime choice, so should be RPROVIDES.
This doesn't need built-time PROVIDES, which actively get in the way
when multiple recipes are being built with the same PROVIDES.
(From OE-Core rev: 841df9b9eba52b65456650bfd9f667d77072d6f8)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
There's no need for the SDK images to explicitly list debug-tweaks, this
is typically added via EXTRA_IMAGE_FEATURES when needed.
(From OE-Core rev: f23eae893837f91dd9dfe027a2209c34c6845bbf)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
===========
- Fix build issues in some configurations that require en explicit cast
to EGLNativeWindowType.
- Fix memory leak when the view backend wl_resource is destroyed.
- Fix wpe_dmabuf_pool object leak.
(From OE-Core rev: 5e8f6f410dbf869d2950fd0dabe0567386ec4230)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* According to latest comment [1] and the mentioned pull request
[2], build an ENABLE(WEBASSEMBLY) && !ENABLE(JIT) configuration is
supported, so original issue already fixed in current version, the
EXTRA_OECMAKE setting is not needed anymore.
* This EXTRA_OECMAKE setting causes following configure error on
beaglebone-yocto, remove the setting to let the configure process decide
the configuration:
CMake Error at Source/cmake/WebKitFeatures.cmake:312 (message):
ENABLE_JIT conflicts with ENABLE_C_LOOP. You must disable one or the
other.
[YOCTO #15254]
[1] https://github.com/WebKit/WebKit/pull/17447
[2] https://github.com/WebKit/WebKit/pull/17688
(From OE-Core rev: 26a34fd71659e32e56ccc4f23e79aa62f4bc062d)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Move the -pipe option out of the optimization flags and directly into
the flags variables since we always use it now.
Also move the debug prefix mapping there to match the nativesdk case
which already does this.
Fix the documentation and two recipe usages to match the change.
(From OE-Core rev: 9badf68d78d995f7d5d4cf27e045f029fc6d4044)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
We're currently encouraging an "arms race" with the FLAGS variables since
a recipe might want to set a specific flag for all variants but to do so,
+= won't work due to the assignment in the native/nativesdk class files. This
means recipes are using append.
Since the default variables are constructed out of TARGET_XXX variables and
we redefine these, there is no need to re-define the un-prefixed variables. If
we drop that, the += appends and similar work and recipes don't have to resort
to append.
Change the classes and cleanup a number of recipes to adapt to the change. This
change will result in some flags appearing to some native/nativesdk variants
but that is probably what was originally expected anyway.
(From OE-Core rev: a157b2f9d93428ca21265cc860a3b58b3698b3aa)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Where recipes use S = ${WORKDIR}, change them to set UNPACKDIR to
a subdir of WORKDIR and make S point at this instead.
I've chosen not to force S into any standard UNPACKDIR we may pick in
future just so the S = UNPACKDIR case is clearly visible by the
directory naming under WORKDIR as that should aid usability.
(From OE-Core rev: d9328e3b0b062f0621de3d114584b44f384a1c02)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Since we want to be able to stop unpacking to WORKDIR, correct the WORKDIR
references in recipe do_compile/do_install tasks to use UNPACKDIR in the
appropraite places instead.
(From OE-Core rev: d73595df69667fe9d12ecd407b77a0b8dae2109c)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Update webkitgtk from 2.44.0 to the first bug fix release in the stable
2.44 series 2.44.1.
* remove backported patch
What's new in the WebKitGTK 2.44.1 release?
===========================================
- Fix handling of lifetime of web view child dialogs in GTK4.
- Do not schedule layer flushes when drawing area size is empty.
- Fix videos with alpha when using the DMA-BUF sink.
- Fix the build with USE_GBM=OFF.
- Fix the build in 32bit platforms
- Fix several crashes and rendering issues.
(From OE-Core rev: c129c47cf9fa119005ea6e3946ebdee0da1db7e0)
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
=========
- This version does not contain changes over the 1.15.2 development release.
- Allow resetting the fullscreen client to a null pointer.
- Fix usage of the _wpe_loader_interface with the static loader.
(From OE-Core rev: f68a771e4e31b897399755fd7117a78381d377c1)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
- add a PACKAGECONFIG for libbacktrace to avoid:
| -- Could NOT find LibBacktrace (missing: LIBBACKTRACE_INCLUDE_DIR LIBBACKTRACE_LIBRARY)
| CMake Error at Source/cmake/OptionsGTK.cmake:425 (message):
| libbacktrace is required for USE_LIBBACKTRACE
- while at it also add a PACKAGECONFIG for gamepad
- remove submitted patch. Issue seems to be fixed. Not entirely
sure about that, but there has been rework:
[https://bugs.webkit.org/show_bug.cgi?id=267349]
I also did a test build with oe-core/poky for qemuarm.
It completed without error
- There is an issue with creating the json files if
CMAKE_EXPORT_COMPILE_COMMANDS is enabled. Disable this
for now to fix the build:
FAILED: CMakeFiles/RewriteCompileCommands DeveloperTools/compile_commands.json /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/build/CMakeFiles/RewriteCompileCommands /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/build/DeveloperTools/compile_commands.json
cd /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/build && /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/recipe-sysroot-native/usr/bin/python3-native/python3 /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/webkitgtk-2.44.0/Tools/Scripts/rewrite-compile-commands /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/build/compile_commands.json /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/build/DeveloperTools/compile_commands.json /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/webkitgtk-2.44.0 /home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/build
/home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/recipe-sysroot-native/usr/bin/python3-native/python3: can't open file '/home/flk/poky/build-hypr/tmp/work/corei7-64-poky-linux/webkitgtk/2.44.0/webkitgtk-2.44.0/Tools/Scripts/rewrite-compile-commands': [Errno 2] No such file or directory
- Add a patch to fix webassembly for riscv64
- Add a backport patch to fix the build for 32bit architectures
================
WebKitGTK 2.44.0
================
What's new in WebKitGTK 2.44.0?
- Fix connection of UI and web process accessibility tree in GTK4.
- Add BubblewrapLauncher sandbox directory for the gstreamer user registry cache directory.
- Fix bug causing preferred language to not be passed to NetworkProcess if set in WebContext before creating WebView.
- Do not use real time priority for the display link thread.
- Use a shorter web process cache lifetime.
- Fix several crashes and rendering issues.
- Translation updates: German, Polish, Swedish, Turkish.
================
WebKitGTK 2.43.4
================
What's new in WebKitGTK 2.43.4?
- Remove key event reinjection in GTK4 to make keyboard shortcuts work in web sites.
- Use the new GTK API to create a GdkTexture from a DMA-BUF buffer when available.
- Fix rendering when GTK is using the vulkan renderer.
- Fix gamepads detection by correctly handling focused window in GTK4.
- Fix rendering after history navigation.
- Write bwrapinfo.json to disk for xdg-desktop-portal.
- Fixed several memory leaks in media backend.
- Fix several crashes and rendering issues.
================
WebKitGTK 2.43.3
================
What's new in WebKitGTK 2.43.3?
- Show vblank monitor information in webkit://gpu.
- Fallback to timer based vblank monitor if drmWaitVBlank fails.
- Fix several memory leaks in media backend.
- Fix several crashes and rendering issues.
================
WebKitGTK 2.43.2
================
What's new in WebKitGTK 2.43.2?
- Remove the X11 and WPE renderers.
- Release unused buffers when the view is hidden.
- Fix flickering while playing videos with DMA-BUF sink.
- Do not special case the "sans" font family name.
- Fix webkit_web_context_allow_tls_certificate_for_host() for IPv6 URIs produced by SoupURI.
- Fix several crashes and rendering issues.
================
WebKitGTK 2.43.1
================
What's new in WebKitGTK 2.43.1?
- Improve vblank synchronization when rendering.
- Improve DMA-BUF buffers handling for video frames.
- Use the buffer format preferred by the driver in DMA-BUF renderer.
- Do not block the compositing thread waiting for rendering threads.
- Improve performance when scaling images in a canvas.
- Fix several crashes and rendering
(From OE-Core rev: 7b96a7e433eb6b85c35dd6a36a12ad55d2e6a108)
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
For cross compile, TIC will be native tic in recipe-sysroot-native, and
the terminfo path will be native path, the rxvt-unicode terminfo will be
wrongly installed to native path.
install terminfo to correct path in do_install
(From OE-Core rev: daff3b4bf9d7b77a8170d9bc6f0b9c81b0a077d7)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
License-Update: copyright years
(From OE-Core rev: 8d862b8405409fc746df480b18f0be5b5c75bff7)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
If an image ends up with both matchbox-terminal and rxvt installed then
there are two Terminal applications that only differ in the description.
Rename the rxvt desktop entry to specifically identify itself as rxvt.
(From OE-Core rev: 786a1b7041b144743e83e5ba69c538ff6f54ac48)
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Changelog:
==========
- Allow resetting the fullscreen client to a null pointer.
- Fix usage of the _wpe_loader_interface with the static loader.
(From OE-Core rev: 91f060b5eecc63e5386e7161b4f4f42ca9ab2e19)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This is a compiler crash which is under works upstream, until its fixed
lets disable musttail calls on clang+arm
(From OE-Core rev: a61205f364c2e9f40736c081bbae0b045e317093)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Upstream website has disappeared; the tarball can still be downloaded
but this is probably not for long.
(From OE-Core rev: af59c518467d1174d1d63594fdd3279a2fdbd8f8)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
