# Contributor: Rasmus Thomsen <oss@cogitri.dev>
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Jiri Horner <laeqten@gmail.com>
# Maintainer: Rasmus Thomsen <oss@cogitri.dev>
pkgname=webkit2gtk
pkgver=2.26.3
pkgrel=1
pkgdesc="Portable web rendering engine WebKit for GTK+"
url="https://webkitgtk.org/"
arch="all"
license="LGPL-2.0-or-later AND BSD-2-Clause"
depends="bubblewrap xdg-dbus-proxy"
makedepends="
	bison
	cmake
	enchant-dev
	flex
	geoclue-dev
	gnutls-dev
	gobject-introspection-dev
	gperf
	gst-plugins-bad-dev
	gst-plugins-base-dev
	gstreamer-dev
	gtk+3.0-dev
	gtk-doc
	hyphen-dev
	icu-dev
	libgcrypt-dev
	libjpeg-turbo-dev
	libnotify-dev
	libpng-dev
	libseccomp-dev
	libsecret-dev
	libsoup-dev
	libwebp-dev
	libxml2-dev
	libxslt-dev
	libxt-dev
	mesa-dev
	openjpeg-dev
	openjpeg-tools
	pango-dev
	paxmark
	python2
	ruby
	samurai
	sqlite-dev
	woff2-dev
	"
replaces="webkit"
options="!check" # upstream doesn't package them in release tarballs: Tools/Scripts/run-gtk-tests: Command not found
subpackages="$pkgname-dev $pkgname-lang"
source="https://webkitgtk.org/releases/webkitgtk-$pkgver.tar.xz
	fix-fast-memory-disabled.patch
	musl-fixes.patch
	fix-openjpeg.patch
	"
builddir="$srcdir/webkitgtk-$pkgver"

# secfixes:
#   2.26.3-r0:
#     - CVE-2019-8835
#     - CVE-2019-8844
#     - CVE-2019-8846
#   2.26.2-r0:
#     - CVE-2019-8812
#     - CVE-2019-8814
#   2.26.1-r0:
#     - CVE-2019-8783
#     - CVE-2019-8811
#     - CVE-2019-8813
#     - CVE-2019-8816
#     - CVE-2019-8819
#     - CVE-2019-8820
#     - CVE-2019-8823
#   2.26.0-r0:
#     - CVE-2019-8625
#     - CVE-2019-8710
#     - CVE-2019-8720
#     - CVE-2019-8743
#     - CVE-2019-8764
#     - CVE-2019-8766
#     - CVE-2019-8769
#     - CVE-2019-8771
#     - CVE-2019-8782
#     - CVE-2019-8815
#   2.24.4-r0:
#     - CVE-2019-8674
#     - CVE-2019-8707
#     - CVE-2019-8719
#     - CVE-2019-8733
#     - CVE-2019-8763
#     - CVE-2019-8765
#     - CVE-2019-8768
#     - CVE-2019-8821
#     - CVE-2019-8822
#   2.24.3-r0:
#     - CVE-2019-8644
#     - CVE-2019-8649
#     - CVE-2019-8658
#     - CVE-2019-8666
#     - CVE-2019-8669
#     - CVE-2019-8671
#     - CVE-2019-8672
#     - CVE-2019-8673
#     - CVE-2019-8676
#     - CVE-2019-8677
#     - CVE-2019-8678
#     - CVE-2019-8679
#     - CVE-2019-8680
#     - CVE-2019-8681
#     - CVE-2019-8683
#     - CVE-2019-8684
#     - CVE-2019-8686
#     - CVE-2019-8687
#     - CVE-2019-8688
#     - CVE-2019-8689
#     - CVE-2019-8690
#     - CVE-2019-8726
#   2.24.2-r0:
#     - CVE-2019-8735
#   2.24.1-r0:
#     - CVE-2019-6251
#     - CVE-2019-8506
#     - CVE-2019-8524
#     - CVE-2019-8535
#     - CVE-2019-8536
#     - CVE-2019-8544
#     - CVE-2019-8551
#     - CVE-2019-8558
#     - CVE-2019-8559
#     - CVE-2019-8563
#     - CVE-2019-11070
#   2.22.7-r0:
#     - CVE-2018-4437
#     - CVE-2019-6212
#     - CVE-2019-6215
#     - CVE-2019-6216
#     - CVE-2019-6217
#     - CVE-2019-6227
#     - CVE-2019-6229
#   2.22.4-r0:
#     - CVE-2018-4372
#   2.18.4-r0:
#     - CVE-2017-7156
#     - CVE-2017-7157
#     - CVE-2017-13856
#     - CVE-2017-13866
#     - CVE-2017-13870
#   2.14.5-r0:
#     - CVE-2017-2350
#     - CVE-2017-2354
#     - CVE-2017-2355
#     - CVE-2017-2356
#     - CVE-2017-2362
#     - CVE-2017-2363
#     - CVE-2017-2364
#     - CVE-2017-2365
#     - CVE-2017-2366
#     - CVE-2017-2369
#     - CVE-2017-2371
#     - CVE-2017-2373

build() {
	local _archopt=
	case "$CARCH" in
		# disable _FORTIFY_SOURCE to work around:
		# cc1plus: out of memory allocating 65536 bytes after a total of 3131101184 bytes
		x86) CXXFLAGS="$CXXFLAGS -U_FORTIFY_SOURCE";;
		armhf|armv7|ppc64le|s390x) _archopt="-DENABLE_JIT=OFF";;
	esac

	# reduce memory usage on 32 bit
	# https://bugs.webkit.org/show_bug.cgi?id=199272
	export CXXFLAGS="$CXXFLAGS -g1"

	mkdir build
	cd build
	# disable gold usage since it can't find pthreads with it enabled
	cmake -GNinja \
		-DPORT=GTK \
		-DCMAKE_BUILD_TYPE=MinSizeRel \
		-DCMAKE_SKIP_RPATH=ON \
		-DCMAKE_INSTALL_PREFIX=/usr \
		-DLIB_INSTALL_DIR=/usr/lib \
		-DENABLE_GTKDOC=OFF \
		-DENABLE_GEOLOCATION=ON \
		-DENABLE_SAMPLING_PROFILER=OFF \
		-DENABLE_MINIBROWSER=ON \
		-DUSE_WPE_RENDERER=OFF \
		-DUSE_WOFF2=ON \
		-DCMAKE_CXX_FLAGS="$CXXFLAGS" \
		-DUSE_LD_GOLD=OFF \
		$_archopt \
		..
	# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923476
	ninja JavaScriptCore-4-gir
	ninja
}

check() {
	ninja -C "$builddir"/build check
}

package() {
	DESTDIR="$pkgdir" ninja -C "$builddir"/build install
	# needed for JIT
	paxmark -m "$pkgdir"/usr/libexec/webkit2gtk-4.0/WebKitWebProcess
}

sha512sums="9575c86ab5752c09841878cf55134e7de9a87200e55017859cd02affb1cadd58031a7b6f67a580e87a1dfe4fc830fed9774ba289e7244d3ead9eb9328e76d7c9  webkitgtk-2.26.3.tar.xz
e1537b9937af1cb936669d405993a52204cb9968b8b3161cb12a3f3f1343c260088c9490fcd7a7deeab6dbabdb5f7ce7e6cb2f857b9f0a4205aba6db2b11fb20  fix-fast-memory-disabled.patch
dfd5352272c02eeaae31af80eceb8158b84a92c15e4b3966912a2acdecf7e1aa1f6bf78992b88b344393b57724489e3452d57b7ab4ef7c9f2ef5acd10cb07b33  musl-fixes.patch
c517c012f5630ef6be5be7d9592c5e042a070f849a141859edefa7984acb98dbd0d718fe6613cd35ba3b7d8530beebcc7408fd077cd914ed335c5e524e9e746a  fix-openjpeg.patch"
