webkit-gtk: enable gstreamer webrtc, disable experimental features

net-libs/webkit-gtk/patches/webkit_gtk-2.39.3.patchset

@@ -1,4 +1,4 @@
-From 108cd7c7cf1411d4547672cb1e836a6c6e46732f Mon Sep 17 00:00:00 2001
+From 7e62f71ec95a9ed324d89c7ce1677b7bbd400e47 Mon Sep 17 00:00:00 2001
 From: Gerasim Troeglazov <3dEyes@gmail.com>
 Date: Sat, 17 Dec 2022 23:35:27 +1000
 Subject: Fixe build for Haiku
@@ -429,7 +429,7 @@ index d9f32f0..44556f7 100644
 2.37.3
 
 
-From f707ed70f009622f84693c974618ce1a6e3884a2 Mon Sep 17 00:00:00 2001
+From f782064bc725503131f5dbc68939e0affe1acd1e Mon Sep 17 00:00:00 2001
 From: Gerasim Troeglazov <3dEyes@gmail.com>
 Date: Sat, 17 Dec 2022 23:37:24 +1000
 Subject: WTF: fix build, implement platform code
@@ -743,7 +743,7 @@ index e5cac15..5dabd58 100644
 2.37.3
 
 
-From 01d9b43588be4ed5ae6bc45696537655ee361f05 Mon Sep 17 00:00:00 2001
+From 9e32c439102fd1a210d9ca670a4f1912a0b0b5f2 Mon Sep 17 00:00:00 2001
 From: Gerasim Troeglazov <3dEyes@gmail.com>
 Date: Sat, 17 Dec 2022 23:37:49 +1000
 Subject: fix endian check
@@ -769,7 +769,7 @@ index 2605e1c..afaa684 100644
 2.37.3
 
 
-From 66fe015f6dd67c093db8da41dd5e260c43c84be1 Mon Sep 17 00:00:00 2001
+From 7d1d5733318f648d710ccec93f2a9ddf1e21cfa8 Mon Sep 17 00:00:00 2001
 From: Gerasim Troeglazov <3dEyes@gmail.com>
 Date: Sat, 17 Dec 2022 23:38:33 +1000
 Subject: Fix build bmalloc allocator
@@ -894,7 +894,7 @@ index 4315b4c..147d766 100644
 2.37.3
 
 
-From 90c00073b956e188ccd3f5e2e45873c85b3a4935 Mon Sep 17 00:00:00 2001
+From cdf0ff04a1fdc1b95d07423c74bc37de9b0204f1 Mon Sep 17 00:00:00 2001
 From: Gerasim Troeglazov <3dEyes@gmail.com>
 Date: Sat, 17 Dec 2022 23:38:56 +1000
 Subject: Use __thread instead thread_local
@@ -972,3 +972,242 @@ index 947baf3..cb25561 100644
 -- 
 2.37.3
 
+
+From f1c1e3f3f9c48692c32ad6a01e83a02413128055 Mon Sep 17 00:00:00 2001
+From: Gerasim Troeglazov <3dEyes@gmail.com>
+Date: Mon, 2 Jan 2023 19:01:02 +1000
+Subject: Build with openssl 1.0
+
+
+diff --git a/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp b/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp
+index fb4b3eb..9371e52 100644
+--- a/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp
++++ b/Source/WebCore/Modules/mediastream/gstreamer/GStreamerWebRTCUtils.cpp
+@@ -22,13 +22,14 @@
+ #if ENABLE(WEB_RTC) && USE(GSTREAMER_WEBRTC)
+ #include "GStreamerWebRTCUtils.h"
+ 
+-#include "OpenSSLCryptoUniquePtr.h"
+ #include "RTCIceCandidate.h"
+ #include "RTCIceProtocol.h"
++
+ #include <openssl/bn.h>
+ #include <openssl/rsa.h>
+ #include <openssl/ssl.h>
+ #include <wtf/CryptographicallyRandomNumber.h>
++#include <wtf/Scope.h>
+ #include <wtf/WallTime.h>
+ #include <wtf/text/Base64.h>
+ #include <wtf/text/StringToIntegerConversion.h>
+@@ -292,16 +293,20 @@ std::optional<RTCIceCandidate::Fields> parseIceCandidateSDP(const String& sdp)
+ 
+ static String x509Serialize(X509* x509)
+ {
+-    auto bio = BIOPtr(BIO_new(BIO_s_mem()));
++    BIO* bio = BIO_new(BIO_s_mem());
+     if (!bio)
+         return { };
+ 
+-    if (!PEM_write_bio_X509(bio.get(), x509))
++    auto scopeExit = WTF::makeScopeExit([&] {
++        BIO_free(bio);
++    });
++
++    if (!PEM_write_bio_X509(bio, x509))
+         return { };
+ 
+     Vector<char> buffer;
+     buffer.reserveCapacity(4096);
+-    int length = BIO_read(bio.get(), buffer.data(), 4096);
++    int length = BIO_read(bio, buffer.data(), 4096);
+     if (!length)
+         return { };
+ 
+@@ -310,16 +315,20 @@ static String x509Serialize(X509* x509)
+ 
+ static String privateKeySerialize(EVP_PKEY* privateKey)
+ {
+-    auto bio = BIOPtr(BIO_new(BIO_s_mem()));
++    BIO* bio = BIO_new(BIO_s_mem());
+     if (!bio)
+         return { };
+ 
+-    if (!PEM_write_bio_PrivateKey(bio.get(), privateKey, nullptr, nullptr, 0, nullptr, nullptr))
++    auto scopeExit = WTF::makeScopeExit([&] {
++        BIO_free(bio);
++    });
++
++    if (!PEM_write_bio_PrivateKey(bio, privateKey, nullptr, nullptr, 0, nullptr, nullptr))
+         return { };
+ 
+     Vector<char> buffer;
+     buffer.reserveCapacity(4096);
+-    int length = BIO_read(bio.get(), buffer.data(), 4096);
++    int length = BIO_read(bio, buffer.data(), 4096);
+     if (!length)
+         return { };
+ 
+@@ -329,74 +338,66 @@ static String privateKeySerialize(EVP_PKEY* privateKey)
+ std::optional<Ref<RTCCertificate>> generateCertificate(Ref<SecurityOrigin>&& origin, const PeerConnectionBackend::CertificateInformation& info)
+ {
+     ensureDebugCategoryInitialized();
+-    EvpPKeyPtr privateKey;
++    EVP_PKEY* privateKey = EVP_PKEY_new();
++    if (!privateKey) {
++        GST_WARNING("Failed to create private key");
++        return { };
++    }
++
++    auto scopeExit = WTF::makeScopeExit([&] {
++        EVP_PKEY_free(privateKey);
++    });
+ 
+     switch (info.type) {
+     case PeerConnectionBackend::CertificateInformation::Type::ECDSAP256: {
+-        privateKey.reset(EVP_EC_gen("prime256v1"));
+-        if (!privateKey)
++        EC_KEY* ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++        // Ensure curve name is included when EC key is serialized.
++        // Without this call, OpenSSL versions before 1.1.0 will create
++        // certificates that don't work for TLS.
++        // This is a no-op for BoringSSL and OpenSSL 1.1.0+
++        EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE);
++        if (!privateKey || !ecKey || !EC_KEY_generate_key(ecKey) || !EVP_PKEY_assign_EC_KEY(privateKey, ecKey)) {
++            EC_KEY_free(ecKey);
+             return { };
++        }
+         break;
+     }
+     case PeerConnectionBackend::CertificateInformation::Type::RSASSAPKCS1v15: {
+-        int publicExponent = info.rsaParameters ? info.rsaParameters->publicExponent : 65537;
+-        auto modulusLength = info.rsaParameters ? info.rsaParameters->modulusLength : 2048;
+-
+-        auto ctx = EvpPKeyCtxPtr(EVP_PKEY_CTX_new_from_name(nullptr, "RSA", nullptr));
+-        if (!ctx)
+-            return { };
+-
+-        EVP_PKEY_keygen_init(ctx.get());
+-
+-        auto paramsBuilder = OsslParamBldPtr(OSSL_PARAM_BLD_new());
+-        if (!paramsBuilder)
+-            return { };
+-
+-        auto exponent = BIGNUMPtr(BN_new());
+-        if (!BN_set_word(exponent.get(), publicExponent))
+-            return { };
+-
+-        auto modulus = BIGNUMPtr(BN_new());
+-        if (!BN_set_word(modulus.get(), modulusLength))
+-            return { };
+-
+-        if (!OSSL_PARAM_BLD_push_BN(paramsBuilder.get(), "n", modulus.get()))
+-            return { };
+-
+-        if (!OSSL_PARAM_BLD_push_BN(paramsBuilder.get(), "e", exponent.get()))
+-            return { };
+-
+-        if (!OSSL_PARAM_BLD_push_BN(paramsBuilder.get(), "d", nullptr))
++        RSA* rsa = RSA_new();
++        if (!rsa)
+             return { };
+ 
+-        auto params = OsslParamPtr(OSSL_PARAM_BLD_to_param(paramsBuilder.get()));
+-        if (!params)
+-            return { };
+-
+-        EVP_PKEY_CTX_set_params(ctx.get(), params.get());
+-
+-        EVP_PKEY* pkey = nullptr;
+-        EVP_PKEY_generate(ctx.get(), &pkey);
+-        if (!pkey)
++        BIGNUM* exponent = BN_new();
++        int publicExponent = info.rsaParameters ? info.rsaParameters->publicExponent : 65537;
++        auto modulusLength = info.rsaParameters ? info.rsaParameters->modulusLength : 2048;
++        if (!BN_set_word(exponent, publicExponent) || !RSA_generate_key_ex(rsa, modulusLength, exponent, nullptr)
++            || !EVP_PKEY_assign_RSA(privateKey, rsa)) {
++            RSA_free(rsa);
+             return { };
+-        privateKey.reset(pkey);
++        }
++        BN_free(exponent);
+         break;
+     }
+     }
+ 
+-    auto x509 = X509Ptr(X509_new());
++    X509* x509 = X509_new();
+     if (!x509) {
+         GST_WARNING("Failed to create certificate");
+         return { };
+     }
+ 
+-    X509_set_version(x509.get(), 2);
++    auto certScopeExit = WTF::makeScopeExit([&] {
++        X509_free(x509);
++    });
++
++    X509_set_version(x509, 2);
+ 
+     // Set a random 64 bit integer as serial number.
+-    auto serialNumber = BIGNUMPtr(BN_new());
+-    BN_rand(serialNumber.get(), 64, 0, 0);
+-    ASN1_INTEGER* asn1SerialNumber = X509_get_serialNumber(x509.get());
+-    BN_to_ASN1_INTEGER(serialNumber.get(), asn1SerialNumber);
++    BIGNUM* serialNumber = BN_new();
++    BN_pseudo_rand(serialNumber, 64, 0, 0);
++    ASN1_INTEGER* asn1SerialNumber = X509_get_serialNumber(x509);
++    BN_to_ASN1_INTEGER(serialNumber, asn1SerialNumber);
++    BN_free(serialNumber);
+ 
+     // Set a random 8 byte base64 string as issuer/subject.
+     X509_NAME* name = X509_NAME_new();
+@@ -404,25 +405,25 @@ std::optional<Ref<RTCCertificate>> generateCertificate(Ref<SecurityOrigin>&& ori
+     WTF::cryptographicallyRandomValues(buffer.data(), buffer.size());
+     auto commonName = base64EncodeToString(buffer);
+     X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_ASC, (const guchar*)commonName.ascii().data(), -1, -1, 0);
+-    X509_set_subject_name(x509.get(), name);
+-    X509_set_issuer_name(x509.get(), name);
++    X509_set_subject_name(x509, name);
++    X509_set_issuer_name(x509, name);
+     X509_NAME_free(name);
+ 
+     // Fallback to 30 days, max out at one year.
+     uint64_t expires = info.expires.value_or(2592000);
+     expires = std::min<uint64_t>(expires, 31536000000);
+-    X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0);
+-    X509_gmtime_adj(X509_getm_notAfter(x509.get()), expires);
+-    X509_set_pubkey(x509.get(), privateKey.get());
++    X509_gmtime_adj(X509_getm_notBefore(x509), 0);
++    X509_gmtime_adj(X509_getm_notAfter(x509), expires);
++    X509_set_pubkey(x509, privateKey);
+ 
+-    if (!X509_sign(x509.get(), privateKey.get(), EVP_sha256())) {
++    if (!X509_sign(x509, privateKey, EVP_sha256())) {
+         GST_WARNING("Failed to sign certificate");
+         return { };
+     }
+ 
+-    auto pem = x509Serialize(x509.get());
++    auto pem = x509Serialize(x509);
+     GST_DEBUG("Generated certificate PEM: %s", pem.ascii().data());
+-    auto serializedPrivateKey = privateKeySerialize(privateKey.get());
++    auto serializedPrivateKey = privateKeySerialize(privateKey);
+     Vector<RTCCertificate::DtlsFingerprint> fingerprints;
+     // FIXME: Fill fingerprints.
+     auto expirationTime = WTF::WallTime::now().secondsSinceEpoch() + WTF::Seconds(expires);
+diff --git a/Source/cmake/GStreamerChecks.cmake b/Source/cmake/GStreamerChecks.cmake
+index ba8423e..f8e72e1 100644
+--- a/Source/cmake/GStreamerChecks.cmake
++++ b/Source/cmake/GStreamerChecks.cmake
+@@ -73,7 +73,7 @@ if (ENABLE_MEDIA_STREAM AND ENABLE_WEB_RTC)
+         SET_AND_EXPOSE_TO_BUILD(USE_LIBWEBRTC FALSE)
+ 
+         find_package(OpenSSL)
+-        if (NOT OPENSSL_FOUND OR OPENSSL_VERSION VERSION_LESS "3.0.0")
++        if (NOT OPENSSL_FOUND OR OPENSSL_VERSION VERSION_LESS "1.0.0")
+             message(FATAL_ERROR "OpenSSL 3 is needed for USE_GSTREAMER_WEBRTC.")
+         endif ()
+     else ()
+-- 
+2.37.3
+

net-libs/webkit-gtk/webkit_gtk-2.39.3.recipe

@@ -12,7 +12,7 @@ COPYRIGHT="2009‒2022 The WebKitGTK Team"
 LICENSE="GNU LGPL v2
 	BSD (2-clause)
 	"
-REVISION="2"
+REVISION="3"
 SOURCE_URI="https://www.webkitgtk.org/releases/webkitgtk-$portVersion.tar.xz"
 CHECKSUM_SHA256="6b783704f16f35e72cd6eeb546eaf6d5221ca70e70639f3906def2e9a473bf9b"
 SOURCE_DIR="webkitgtk-$portVersion"
@@ -211,7 +211,7 @@ BUILD()
 		-DENABLE_API_TESTS=OFF \
 		-DENABLE_BUBBLEWRAP_SANDBOX=OFF \
 		-DENABLE_DOCUMENTATION=OFF \
-		-DENABLE_EXPERIMENTAL_FEATURES=ON \
+		-DENABLE_EXPERIMENTAL_FEATURES=OFF \
 		-DENABLE_FTPDIR=ON \
 		-DENABLE_GAMEPAD=OFF \
 		-DENABLE_GEOLOCATION=ON \
@@ -219,8 +219,8 @@ BUILD()
 		-DENABLE_GTKDOC=OFF \
 		-DENABLE_INTROSPECTION=ON \
 		-DENABLE_JOURNALD_LOG=OFF \
-		-DENABLE_MEDIA_STREAM=OFF \
-		-DENABLE_MEDIA_RECORDER=OFF \
+		-DENABLE_MEDIA_STREAM=ON \
+		-DENABLE_MEDIA_RECORDER=ON \
 		-DENABLE_MEDIA_SOURCE=ON \
 		-DENABLE_MINIBROWSER=ON \
 		-DENABLE_QUARTZ_TARGET=OFF \
@@ -242,7 +242,7 @@ BUILD()
 		-DUSE_AVIF=ON \
 		-DUSE_GBM=OFF \
 		-DUSE_GSTREAMER_GL=OFF \
-		-DUSE_GSTREAMER_WEBRTC=OFF \
+		-DUSE_GSTREAMER_WEBRTC=ON \
 		-DUSE_GSTREAMER_TRANSCODER=OFF \
 		-DUSE_GTK4=OFF \
 		-DUSE_JPEGXL=ON \