[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#931052: marked as done (webkit2gtk not supported on non-sse2 i386 hardware)



Your message dated Sun, 30 Jun 2019 16:08:43 +0200
with message-id <d18a796d-42e0-0e36-f5d3-32668fb7d2df@debian.org>
and subject line Re: Bug#931052: release-notes text proposal for bug 931052: webkit2gtk not supported on non-sse2 i386 hardware
has caused the Debian Bug report #931052,
regarding webkit2gtk not supported on non-sse2 i386 hardware
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
931052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931052
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package webkit2gtk

Upstream WebKitGTK has recently stopped supporting i386 CPUs without
SSE2 extensions, as other browsers (Chromium, Firefox) already did a
few years ago.

There is at least one bug report (#930932, opened two days ago) from a
user that cannot run Zenity on a machine with an Athlon XP CPU because
of this, and some hours ago bug #930935 was filed against webkit2gtk.

WebKit generates SSE2 instructions with its JIT compiler, and the
build scripts also force gcc to pass the -msse2 compilation flags.

This upload disables the JIT compiler and enables the CLoop JavaScript
interpreter, which is slower but works on all CPUs. It also removes
the gcc SSE2 flags. Only the i386 build is affected by these changes.

Debdiff attached.

Note: the changelog includes the list of CVEs from the latest security
advisory, published shortly after the previous release. This is purely
informative and has no effects on the package.

unblock webkit2gtk/2.24.2-2

-- System Information:
Debian Release: 9.9
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-9-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru webkit2gtk-2.24.2/debian/changelog webkit2gtk-2.24.2/debian/changelog
--- webkit2gtk-2.24.2/debian/changelog	2019-05-17 17:40:52.000000000 +0300
+++ webkit2gtk-2.24.2/debian/changelog	2019-06-24 16:34:09.000000000 +0300
@@ -1,3 +1,26 @@
+webkit2gtk (2.24.2-2) unstable; urgency=high
+
+  * The WebKitGTK security advisory WSA-2019-0003 lists the following
+    security fixes in the latest versions of WebKitGTK+:
+    + CVE-2019-8571, CVE-2019-8583, CVE-2019-8586, CVE-2019-8594,
+      CVE-2019-8609, CVE-2019-8611, CVE-2019-8622 and CVE-2019-8623
+      (fixed in 2.24.0).
+    + CVE-2019-6237, CVE-2019-8584, CVE-2019-8587, CVE-2019-8596,
+      CVE-2019-8597, CVE-2019-8601, CVE-2019-8608, CVE-2019-8610 and
+      CVE-2019-8619 (fixed in 2.24.1).
+    + CVE-2019-8595, CVE-2019-8607 and CVE-2019-8615 (fixed in 2.24.2).
+  * Use the CLoop Javascript interpreter in i386 and stop telling gcc to
+    use SSE2 instructions (Closes: #930935).
+    + debian/rules:
+      - Build with -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON and stop using
+        -msse2 -mfpmath=sse.
+    + debian/patches/dont-detect-sse2.patch:
+      - Don't check for SSE2 support.
+    + debian/NEWS:
+      - Remove item about the requirement to have an SSE2-capable CPU.
+
+ -- Alberto Garcia <berto@igalia.com>  Mon, 24 Jun 2019 16:34:09 +0300
+
 webkit2gtk (2.24.2-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru webkit2gtk-2.24.2/debian/NEWS webkit2gtk-2.24.2/debian/NEWS
--- webkit2gtk-2.24.2/debian/NEWS	2019-05-17 17:40:52.000000000 +0300
+++ webkit2gtk-2.24.2/debian/NEWS	2019-06-24 16:34:09.000000000 +0300
@@ -1,12 +1,3 @@
-webkit2gtk (2.24.1-2) unstable; urgency=high
-
-  Since version 2.24.0, i386 builds of WebKitGTK require an SSE2-capable
-  CPU. This instruction set was first introduced with the Pentium 4 in
-  year 2000. Support for older processors was dropped in WebKitGTK
-  upstream and is unfortunately not expected to come back.
-
- -- Alberto Garcia <berto@igalia.com>  Fri, 10 May 2019 15:40:28 +0300
-
 webkit2gtk (2.20.0-2) unstable; urgency=medium
 
   webkit2gtk 2.20.0 contains a security feature named Gigacage that
diff -Nru webkit2gtk-2.24.2/debian/patches/dont-detect-sse2.patch webkit2gtk-2.24.2/debian/patches/dont-detect-sse2.patch
--- webkit2gtk-2.24.2/debian/patches/dont-detect-sse2.patch	1970-01-01 02:00:00.000000000 +0200
+++ webkit2gtk-2.24.2/debian/patches/dont-detect-sse2.patch	2019-06-24 16:34:09.000000000 +0300
@@ -0,0 +1,24 @@
+From: Alberto Garcia <berto@igalia.com>
+Subject: Don't check for SSE2 support on i386
+Bug-Debian: https://bugs.debian.org/930935
+Forwarded: no
+Index: webkitgtk/Source/cmake/WebKitCompilerFlags.cmake
+===================================================================
+--- webkitgtk.orig/Source/cmake/WebKitCompilerFlags.cmake
++++ webkitgtk/Source/cmake/WebKitCompilerFlags.cmake
+@@ -144,15 +144,6 @@ if (COMPILER_IS_GCC_OR_CLANG)
+     if (CMAKE_COMPILER_IS_GNUCXX)
+         WEBKIT_PREPEND_GLOBAL_COMPILER_FLAGS(-Wno-expansion-to-defined)
+     endif ()
+-
+-    # Force SSE2 fp on x86 builds.
+-    if (WTF_CPU_X86 AND NOT CMAKE_CROSSCOMPILING)
+-        WEBKIT_PREPEND_GLOBAL_COMPILER_FLAGS(-msse2 -mfpmath=sse)
+-        include(DetectSSE2)
+-        if (NOT SSE2_SUPPORT_FOUND)
+-            message(FATAL_ERROR "SSE2 support is required to compile WebKit")
+-        endif ()
+-    endif ()
+ endif ()
+ 
+ if (COMPILER_IS_GCC_OR_CLANG AND NOT MSVC)
diff -Nru webkit2gtk-2.24.2/debian/patches/series webkit2gtk-2.24.2/debian/patches/series
--- webkit2gtk-2.24.2/debian/patches/series	2019-05-17 17:40:52.000000000 +0300
+++ webkit2gtk-2.24.2/debian/patches/series	2019-06-24 16:34:09.000000000 +0300
@@ -7,3 +7,4 @@
 detect-woff.patch
 user-agent-branding.patch
 prefer-pthread.patch
+dont-detect-sse2.patch
diff -Nru webkit2gtk-2.24.2/debian/rules webkit2gtk-2.24.2/debian/rules
--- webkit2gtk-2.24.2/debian/rules	2019-05-17 17:40:52.000000000 +0300
+++ webkit2gtk-2.24.2/debian/rules	2019-06-24 16:34:09.000000000 +0300
@@ -23,9 +23,10 @@
 	CFLAGS := $(CFLAGS:-g=-g1)
 endif
 
-# The 32-bit x86 build requires SSE2
+# Use the CLoop Javascript interpreter and disable the JIT. This is
+# slow but it is the most compatible solution for old (non-SSE2) CPUs.
 ifneq (,$(filter $(DEB_HOST_ARCH),i386))
-	CFLAGS += -msse2 -mfpmath=sse
+	EXTRA_CMAKE_ARGUMENTS += -DENABLE_JIT=OFF -DENABLE_C_LOOP=ON
 endif
 
 # See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81426

--- End Message ---
--- Begin Message ---
Hi Justin,

On 30-06-2019 13:17, Justin B Rye wrote:
> Here's another try.

About to push. I don't mind further improvements, but let's not keep it
out any longer for that.

Paul

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---

Reply to: