[Buildroot] [PATCH] package/wpewebkit: security bump to version 2.50.1

Julien Olivain ju.o at free.fr
Sun Oct 19 21:31:07 UTC 2025 

Hi Adrian,

Thanks for the patch.

On 17/10/2025 15:10, Adrian Perez de Castro wrote:
> This updates WPE WebKit to the 2.50 stable series.
> WPE WebKit 2.50 highlights and 2.50.1 release notes:
> 
> - https://wpewebkit.org/release/wpewebkit-2.50.0.html
> 
> - https://wpewebkit.org/release/wpewebkit-2.50.1.html
> 
> Fixes the following security issues:
> 
> - From https://wpewebkit.org/security/WSA-2025-0007.html
>   CVE-2025-43343
> 
> - From https://wpewebkit.org/security/WSA-2025-0006.html
>   CVE-2025-43272, CVE-2025-43342, CVE-2025-43356, CVE-2025-43368
> 
> - From https://wpewebkit.org/security/WSA-2025-0005.html
>   CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212,
>   CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240,
>   CVE-2025-43265, CVE-2025-6558
> 
> Two patches which fix build issues are included. Those have
> been merged upstream, both in the "main" branch and in the
> 2.50.x release branch.
> 
> Signed-off-by: Adrian Perez de Castro <aperez at igalia.com>

I naively tried to compile the package with this patch on top of the
master branch at commit 7095e120a2 with the following commands:

     cat >.config <<EOF
     BR2_aarch64=y
     BR2_TOOLCHAIN_EXTERNAL=y
     BR2_TOOLCHAIN_EXTERNAL_BOOTLIN=y
     BR2_PACKAGE_MESA3D=y
     BR2_PACKAGE_MESA3D_GALLIUM_DRIVER_SOFTPIPE=y
     BR2_PACKAGE_MESA3D_OPENGL_EGL=y
     BR2_PACKAGE_MESA3D_OPENGL_ES=y
     BR2_PACKAGE_WPEWEBKIT=y
     BR2_PACKAGE_WPEWEBKIT_SANDBOX=y
     BR2_PACKAGE_WPEWEBKIT_MULTIMEDIA=y
     BR2_PACKAGE_WPEWEBKIT_MEDIA_STREAM=y
     BR2_PACKAGE_WPEWEBKIT_WEBDRIVER=y
     EOF
     make olddefconfig
     make wpewebkit

And it failed at configure time, complaining about missing
freetype (then fontconfig) libraries, with the following error:

Could NOT find Freetype (missing: FREETYPE_LIBRARY 
FREETYPE_INCLUDE_DIRS)
(Required is at least version "2.9.0")

I also tried with BR2_PACKAGE_WPEWEBKIT=y only (without the
sub-options) and it fails the same way. I don't think the issue
is introduced by this patch, as I see the same issue without this
patch.

I was not able to compile the package without manual modifications.

Could you have a look if you can fix this issue, please?

Best regards,

Julien.

More information about the buildroot mailing list