diff options
author | Mart Raudsepp <leio@gentoo.org> | 2020-07-31 00:17:26 +0300 |
---|---|---|
committer | Mart Raudsepp <leio@gentoo.org> | 2020-07-31 00:17:52 +0300 |
commit | e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029 (patch) | |
tree | 00866122b190d42c6c39bd60d5fbb37ef2acb040 /net-libs/webkit-gtk | |
parent | net-libs/libetpan: Security cleanup (diff) | |
download | gentoo-e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029.tar.gz gentoo-e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029.tar.bz2 gentoo-e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029.zip |
net-libs/webkit-gtk: security cleanup
Bug: https://bugs.gentoo.org/734584
Package-Manager: Portage-2.3.84, Repoman-2.3.20
Signed-off-by: Mart Raudsepp <leio@gentoo.org>
Diffstat (limited to 'net-libs/webkit-gtk')
-rw-r--r-- | net-libs/webkit-gtk/Manifest | 1 | ||||
-rw-r--r-- | net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch | 44 | ||||
-rw-r--r-- | net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild | 290 |
3 files changed, 0 insertions, 335 deletions
diff --git a/net-libs/webkit-gtk/Manifest b/net-libs/webkit-gtk/Manifest index 63a7c52480e8..e700873eb41b 100644 --- a/net-libs/webkit-gtk/Manifest +++ b/net-libs/webkit-gtk/Manifest @@ -1,2 +1 @@ -DIST webkitgtk-2.28.3.tar.xz 21425556 BLAKE2B f51522c33fa97aa00dee1428bc256ef910dd8764b3731580639c79642965c60b91b8d2f5c1d3bdb60975c68706d415447e8b52520ecfa1687968f3790137234b SHA512 575184edb8279f1dca67cbeeb45280ca5da9aa388e208251d9ad7a56907950cfd85b1fc426eee90699593c428f4e1037c96cb6aa16f534c71734c64950f2d643 DIST webkitgtk-2.28.4.tar.xz 21424908 BLAKE2B 5ca9206c3c7d0a00bc76487ae8fe79e6c5b94a86f23300f196b3edbd5e3f1ea68768ef4465b32fa694a7b6a4a2b274dfb9dba4a20b8329f9138970f1a82eb7e6 SHA512 227cd4066235180521a32a83d3a906212adf4f234f15a1fff4ac86b48e39c431f1e0cb4a56f62924015099a0c8909a73a21a56f8dc71a16c53ac65de4a5773a1 diff --git a/net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch b/net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch deleted file mode 100644 index 68139064b88e..000000000000 --- a/net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch +++ /dev/null @@ -1,44 +0,0 @@ -From f6b0ae5334eb9de1858b5f3b0edc2f7245087cab Mon Sep 17 00:00:00 2001 -From: Mart Raudsepp <leio@gentoo.org> -Date: Sat, 11 Jul 2020 15:28:05 +0300 -Subject: [PATCH] Try to fix another apparent non-unified build error -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Source/WebCore/rendering/svg/RenderSVGResourceClipper.h:70:42: required from here -/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/unique_ptr.h:79:16: error: invalid application of ‘sizeof’ to incomplete type ‘WebCore::ImageBuffer’ - 79 | static_assert(sizeof(_Tp)>0, - | ^~~~~~~~~~~ ---- - Source/WebCore/rendering/svg/RenderSVGResourceClipper.h | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h b/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h -index 55d9e34df61..12a7a83cc61 100644 ---- a/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h -+++ b/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h -@@ -19,6 +19,7 @@ - - #pragma once - -+#include "ImageBuffer.h" - #include "RenderSVGResourceContainer.h" - #include "SVGClipPathElement.h" - #include "SVGUnitTypes.h" -diff --git a/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp b/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp -index ec2fbe165b1..ab0688615a6 100644 ---- a/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp -+++ b/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp -@@ -42,6 +42,8 @@ - #include "HTTPParsers.h" - #include "InlineClassicScript.h" - #include "MIMETypeRegistry.h" -+#include "Page.h" -+#include "PageConsoleClient.h" - #include "PendingScript.h" - #include "ProcessingInstruction.h" - #include "ResourceError.h" --- -2.20.1 - diff --git a/net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild b/net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild deleted file mode 100644 index fb4f89d11f41..000000000000 --- a/net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild +++ /dev/null @@ -1,290 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -CMAKE_MAKEFILE_GENERATOR="ninja" -PYTHON_COMPAT=( python{3_6,3_7} ) -USE_RUBY="ruby24 ruby25 ruby26 ruby27" -CMAKE_MIN_VERSION=3.10 - -inherit check-reqs cmake-utils flag-o-matic gnome2 pax-utils python-any-r1 ruby-single toolchain-funcs virtualx - -MY_P="webkitgtk-${PV}" -DESCRIPTION="Open source web browser engine" -HOMEPAGE="https://www.webkitgtk.org" -SRC_URI="https://www.webkitgtk.org/releases/${MY_P}.tar.xz" - -LICENSE="LGPL-2+ BSD" -SLOT="4/37" # soname version of libwebkit2gtk-4.0 -KEYWORDS="amd64 ~arm arm64 ~ppc64 ~sparc x86" - -IUSE="aqua +egl +geolocation gles2-only gnome-keyring +gstreamer gtk-doc +introspection +jpeg2k +jumbo-build libnotify +opengl seccomp spell wayland +X" - -# gstreamer with opengl/gles2 needs egl -REQUIRED_USE=" - gles2-only? ( egl !opengl ) - gstreamer? ( opengl? ( egl ) ) - wayland? ( egl ) - || ( aqua wayland X ) -" - -# Tests fail to link for inexplicable reasons -# https://bugs.webkit.org/show_bug.cgi?id=148210 -RESTRICT="test" - -# Aqua support in gtk3 is untested -# Dependencies found at Source/cmake/OptionsGTK.cmake -# Various compile-time optionals for gtk+-3.22.0 - ensure it -# Missing WebRTC support, but ENABLE_MEDIA_STREAM/ENABLE_WEB_RTC is experimental upstream (PRIVATE OFF) and shouldn't be used yet in 2.26 -# >=gst-plugins-opus-1.14.4-r1 for opusparse (required by MSE) -wpe_depend=" - >=gui-libs/libwpe-1.3.0:1.0 - >=gui-libs/wpebackend-fdo-1.3.1:1.0 -" -# TODO: gst-plugins-base[X] is only needed when build configuration ends up with GLX set, but that's a bit automagic too to fix -RDEPEND=" - >=x11-libs/cairo-1.16.0:=[X?] - >=media-libs/fontconfig-2.13.0:1.0 - >=media-libs/freetype-2.9.0:2 - >=dev-libs/libgcrypt-1.7.0:0= - >=x11-libs/gtk+-3.22.0:3[aqua?,introspection?,wayland?,X?] - >=media-libs/harfbuzz-1.4.2:=[icu(+)] - >=dev-libs/icu-3.8.1-r1:= - virtual/jpeg:0= - >=net-libs/libsoup-2.54:2.4[introspection?] - >=dev-libs/libxml2-2.8.0:2 - >=media-libs/libpng-1.4:0= - dev-db/sqlite:3= - sys-libs/zlib:0 - >=dev-libs/atk-2.16.0 - media-libs/libwebp:= - - >=dev-libs/glib-2.44.0:2 - >=dev-libs/libxslt-1.1.7 - media-libs/woff2 - gnome-keyring? ( app-crypt/libsecret ) - introspection? ( >=dev-libs/gobject-introspection-1.32.0:= ) - dev-libs/libtasn1:= - spell? ( >=app-text/enchant-0.22:2 ) - gstreamer? ( - >=media-libs/gstreamer-1.14:1.0 - >=media-libs/gst-plugins-base-1.14:1.0[egl?,opengl?,X?] - gles2-only? ( media-libs/gst-plugins-base:1.0[gles2] ) - >=media-plugins/gst-plugins-opus-1.14.4-r1:1.0 - >=media-libs/gst-plugins-bad-1.14:1.0 ) - - X? ( - x11-libs/libX11 - x11-libs/libXcomposite - x11-libs/libXdamage - x11-libs/libXrender - x11-libs/libXt ) - - libnotify? ( x11-libs/libnotify ) - dev-libs/hyphen - jpeg2k? ( >=media-libs/openjpeg-2.2.0:2= ) - - egl? ( media-libs/mesa[egl] ) - gles2-only? ( media-libs/mesa[gles2] ) - opengl? ( virtual/opengl ) - wayland? ( - dev-libs/wayland - >=dev-libs/wayland-protocols-1.12 - opengl? ( ${wpe_depend} ) - gles2-only? ( ${wpe_depend} ) - ) - - seccomp? ( - >=sys-apps/bubblewrap-0.3.1 - sys-libs/libseccomp - sys-apps/xdg-dbus-proxy - ) -" -unset wpe_depend -# paxctl needed for bug #407085 -# Need real bison, not yacc -DEPEND="${RDEPEND} - ${PYTHON_DEPS} - ${RUBY_DEPS} - >=app-accessibility/at-spi2-core-2.5.3 - dev-util/glib-utils - >=dev-util/gperf-3.0.1 - >=sys-devel/bison-2.4.3 - || ( >=sys-devel/gcc-7.3 >=sys-devel/clang-5 ) - sys-devel/gettext - virtual/pkgconfig - - >=dev-lang/perl-5.10 - virtual/perl-Data-Dumper - virtual/perl-Carp - virtual/perl-JSON-PP - - gtk-doc? ( >=dev-util/gtk-doc-1.32 ) - geolocation? ( dev-util/gdbus-codegen ) -" -# test? ( -# dev-python/pygobject:3[python_targets_python2_7] -# x11-themes/hicolor-icon-theme -# jit? ( sys-apps/paxctl ) ) -RDEPEND="${RDEPEND} - geolocation? ( >=app-misc/geoclue-2.1.5:2.0 ) -" - -S="${WORKDIR}/${MY_P}" - -CHECKREQS_DISK_BUILD="18G" # and even this might not be enough, bug #417307 - -pkg_pretend() { - if [[ ${MERGE_TYPE} != "binary" ]] ; then - if is-flagq "-g*" && ! is-flagq "-g*0" ; then - einfo "Checking for sufficient disk space to build ${PN} with debugging CFLAGS" - check-reqs_pkg_pretend - fi - - if ! test-flag-CXX -std=c++17 ; then - die "You need at least GCC 7.3.x or Clang >= 5 for C++17-specific compiler flags" - fi - fi - - if ! use opengl && ! use gles2-only; then - ewarn - ewarn "You are disabling OpenGL usage (USE=opengl or USE=gles2-only) completely." - ewarn "This is an unsupported configuration meant for very specific embedded" - ewarn "use cases, where there truly is no GL possible (and even that use case" - ewarn "is very unlikely to come by). If you have GL (even software-only), you" - ewarn "really really should be enabling OpenGL!" - ewarn - fi -} - -pkg_setup() { - if [[ ${MERGE_TYPE} != "binary" ]] && is-flagq "-g*" && ! is-flagq "-g*0" ; then - check-reqs_pkg_setup - fi - - python-any-r1_pkg_setup -} - -src_prepare() { - eapply "${FILESDIR}/${PN}-2.24.4-eglmesaext-include.patch" # bug 699054 # https://bugs.webkit.org/show_bug.cgi?id=204108 - eapply "${FILESDIR}"/2.28.2-opengl-without-X-fixes.patch - eapply "${FILESDIR}"/2.28.2-non-jumbo-fix.patch - eapply "${FILESDIR}"/2.28.3-non-jumbo-fix2.patch - cmake-utils_src_prepare - gnome2_src_prepare -} - -src_configure() { - # Respect CC, otherwise fails on prefix #395875 - tc-export CC - - # It does not compile on alpha without this in LDFLAGS - # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648761 - use alpha && append-ldflags "-Wl,--no-relax" - - # ld segfaults on ia64 with LDFLAGS --as-needed, bug #555504 - use ia64 && append-ldflags "-Wl,--no-as-needed" - - # Sigbuses on SPARC with mcpu and co., bug #??? - use sparc && filter-flags "-mvis" - - # https://bugs.webkit.org/show_bug.cgi?id=42070 , #301634 - use ppc64 && append-flags "-mminimal-toc" - - # Try to use less memory, bug #469942 (see Fedora .spec for reference) - # --no-keep-memory doesn't work on ia64, bug #502492 - if ! use ia64; then - append-ldflags "-Wl,--no-keep-memory" - fi - - # We try to use gold when possible for this package -# if ! tc-ld-is-gold ; then -# append-ldflags "-Wl,--reduce-memory-overheads" -# fi - - # Ruby situation is a bit complicated. See bug 513888 - local rubyimpl - local ruby_interpreter="" - for rubyimpl in ${USE_RUBY}; do - if has_version --host-root "virtual/rubygems[ruby_targets_${rubyimpl}]"; then - ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ${rubyimpl})" - fi - done - # This will rarely occur. Only a couple of corner cases could lead us to - # that failure. See bug 513888 - [[ -z $ruby_interpreter ]] && die "No suitable ruby interpreter found" - - # TODO: Check Web Audio support - # should somehow let user select between them? - # - # opengl needs to be explicetly handled, bug #576634 - - local use_wpe_renderer=OFF - local opengl_enabled - if use opengl || use gles2-only; then - opengl_enabled=ON - use wayland && use_wpe_renderer=ON - else - opengl_enabled=OFF - fi - - local mycmakeargs=( - -DENABLE_UNIFIED_BUILDS=$(usex jumbo-build) - -DENABLE_QUARTZ_TARGET=$(usex aqua) - -DENABLE_API_TESTS=$(usex test) - -DENABLE_GTKDOC=$(usex gtk-doc) - -DENABLE_GEOLOCATION=$(usex geolocation) # Runtime optional (talks over dbus service) - $(cmake-utils_use_find_package gles2-only OpenGLES2) - -DENABLE_GLES2=$(usex gles2-only) - -DENABLE_VIDEO=$(usex gstreamer) - -DENABLE_WEB_AUDIO=$(usex gstreamer) - -DENABLE_INTROSPECTION=$(usex introspection) - -DUSE_LIBNOTIFY=$(usex libnotify) - -DUSE_LIBSECRET=$(usex gnome-keyring) - -DUSE_OPENJPEG=$(usex jpeg2k) - -DUSE_WOFF2=ON - -DENABLE_SPELLCHECK=$(usex spell) - -DENABLE_WAYLAND_TARGET=$(usex wayland) - -DUSE_WPE_RENDERER=${use_wpe_renderer} # WPE renderer is used to implement accelerated compositing under wayland - $(cmake-utils_use_find_package egl EGL) - $(cmake-utils_use_find_package opengl OpenGL) - -DENABLE_X11_TARGET=$(usex X) - -DENABLE_OPENGL=${opengl_enabled} - -DENABLE_WEBGL=${opengl_enabled} - -DENABLE_BUBBLEWRAP_SANDBOX=$(usex seccomp) - -DBWRAP_EXECUTABLE="${EPREFIX}"/usr/bin/bwrap # If bubblewrap[suid] then portage makes it go-r and cmake find_program fails with that - -DCMAKE_BUILD_TYPE=Release - -DPORT=GTK - ${ruby_interpreter} - ) - - # Allow it to use GOLD when possible as it has all the magic to - # detect when to use it and using gold for this concrete package has - # multiple advantages and is also the upstream default, bug #585788 -# if tc-ld-is-gold ; then -# mycmakeargs+=( -DUSE_LD_GOLD=ON ) -# else -# mycmakeargs+=( -DUSE_LD_GOLD=OFF ) -# fi - - WK_USE_CCACHE=NO cmake-utils_src_configure -} - -src_compile() { - cmake-utils_src_compile -} - -src_test() { - # Prevents test failures on PaX systems - pax-mark m $(list-paxables Programs/*[Tt]ests/*) # Programs/unittests/.libs/test* - - cmake-utils_src_test -} - -src_install() { - cmake-utils_src_install - - # Prevents crashes on PaX systems, bug #522808 - pax-mark m "${ED}usr/libexec/webkit2gtk-4.0/jsc" "${ED}usr/libexec/webkit2gtk-4.0/WebKitWebProcess" - pax-mark m "${ED}usr/libexec/webkit2gtk-4.0/WebKitPluginProcess" -} |