From 288740ad69526df10cb328cbdde89d23b2f66b1c Mon Sep 17 00:00:00 2001 From: Herwig Hochleitner Date: Thu, 21 Sep 2017 02:36:39 +0200 Subject: [PATCH] webkitgtk: 2.16.6 -> 2.18.2 remove references to 216x CVE-2017-7087 CVE-2017-7089 CVE-2017-7090 CVE-2017-7091 CVE-2017-7092 CVE-2017-7093 CVE-2017-7095 CVE-2017-7096 CVE-2017-7098 CVE-2017-7100 CVE-2017-7102 CVE-2017-7104 CVE-2017-7107 CVE-2017-7109 CVE-2017-7111 CVE-2017-7117 CVE-2017-7120 closes #29796 --- pkgs/desktops/gnome-3/default.nix | 3 +-- .../libraries/webkitgtk/{2.16.nix => 2.18.nix} | 14 +++++++------- .../libraries/wxwidgets/3.0/default.nix | 6 +++--- pkgs/top-level/all-packages.nix | 4 ++-- 4 files changed, 13 insertions(+), 14 deletions(-) rename pkgs/development/libraries/webkitgtk/{2.16.nix => 2.18.nix} (89%) diff --git a/pkgs/desktops/gnome-3/default.nix b/pkgs/desktops/gnome-3/default.nix index 10e5f97c38fb..585f79ddea67 100644 --- a/pkgs/desktops/gnome-3/default.nix +++ b/pkgs/desktops/gnome-3/default.nix @@ -45,7 +45,7 @@ let hitori gnome-taquin ]; - inherit (pkgs) glib gtk2 webkitgtk216x gtk3 gtkmm3 libcanberra_gtk2 + inherit (pkgs) glib gtk2 webkitgtk gtk3 gtkmm3 libcanberra_gtk2 clutter clutter-gst clutter_gtk cogl gtkvnc; inherit (pkgs.gnome2) ORBit2; libsoup = pkgs.libsoup.override { gnomeSupport = true; }; @@ -56,7 +56,6 @@ let gtkmm = gtkmm3; vala = pkgs.vala_0_32; gegl_0_3 = pkgs.gegl_0_3.override { inherit gtk; }; - webkitgtk = webkitgtk216x; # Simplify the nixos module and gnome packages defaultIconTheme = adwaita-icon-theme; diff --git a/pkgs/development/libraries/webkitgtk/2.16.nix b/pkgs/development/libraries/webkitgtk/2.18.nix similarity index 89% rename from pkgs/development/libraries/webkitgtk/2.16.nix rename to pkgs/development/libraries/webkitgtk/2.18.nix index d69993534146..036dc8f0a542 100644 --- a/pkgs/development/libraries/webkitgtk/2.16.nix +++ b/pkgs/development/libraries/webkitgtk/2.18.nix @@ -4,7 +4,7 @@ , libxml2, libsoup, libsecret, libxslt, harfbuzz, libpthreadstubs, pcre, nettle, libtasn1, p11_kit , libidn, libedit, readline, mesa, libintlOrEmpty , enableGeoLocation ? true, geoclue2, sqlite -, gst-plugins-base +, gst-plugins-base, gst-plugins-bad }: assert enableGeoLocation -> geoclue2 != null; @@ -12,7 +12,7 @@ assert enableGeoLocation -> geoclue2 != null; with stdenv.lib; stdenv.mkDerivation rec { name = "webkitgtk-${version}"; - version = "2.16.6"; + version = "2.18.2"; meta = { description = "Web content rendering engine, GTK+ port"; @@ -42,12 +42,12 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://webkitgtk.org/releases/${name}.tar.xz"; - sha256 = "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw"; + sha256 = "1ry8zvv6k01g9p7agg326n0ziqpqjxd49h5w1b2is6rjnpqv6k5i"; }; # see if we can clean this up.... - patches = [ ./finding-harfbuzz-icu.patch ] + patches = [ ./finding-harfbuzz-icu.patch ./gstreamergl-2.17.patch ] ++ optionals stdenv.isDarwin [ ./PR-152650-2.patch ./PR-153138.patch @@ -79,7 +79,7 @@ stdenv.mkDerivation rec { # XXX: WebKit2 missing include path for gst-plugins-base. # Filled: https://bugs.webkit.org/show_bug.cgi?id=148894 - NIX_CFLAGS_COMPILE = "-I${gst-plugins-base.dev}/include/gstreamer-1.0" + NIX_CFLAGS_COMPILE = "-I${gst-plugins-base.dev}/include/gstreamer-1.0 -I${gst-plugins-bad}/include/gstreamer-1.0" + (optionalString stdenv.isDarwin " -lintl"); nativeBuildInputs = [ @@ -88,9 +88,9 @@ stdenv.mkDerivation rec { ]; buildInputs = libintlOrEmpty ++ [ - gtk2 libwebp enchant libnotify gnutls pcre nettle libidn + gtk2 libwebp enchant libnotify gnutls pcre nettle libidn sqlite libxml2 libsecret libxslt harfbuzz libpthreadstubs libtasn1 p11_kit - sqlite gst-plugins-base libxkbcommon epoxy at_spi2_core + gst-plugins-base gst-plugins-bad libxkbcommon epoxy at_spi2_core ] ++ optional enableGeoLocation geoclue2 ++ (with xlibs; [ libXdmcp libXt libXtst ]) ++ optionals stdenv.isDarwin [ libedit readline mesa ] diff --git a/pkgs/development/libraries/wxwidgets/3.0/default.nix b/pkgs/development/libraries/wxwidgets/3.0/default.nix index 35300ed9419a..0a4350ed81d0 100644 --- a/pkgs/development/libraries/wxwidgets/3.0/default.nix +++ b/pkgs/development/libraries/wxwidgets/3.0/default.nix @@ -3,13 +3,13 @@ , withMesa ? true, mesa_glu ? null, mesa_noglu ? null , compat24 ? false, compat26 ? true, unicode ? true , withGtk2 ? true -, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk216x ? null +, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk ? null , AGL ? null, Carbon ? null, Cocoa ? null, Kernel ? null, QTKit ? null }: assert withMesa -> mesa_glu != null && mesa_noglu != null; -assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) != null; +assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk) != null; with stdenv.lib; @@ -30,7 +30,7 @@ stdenv.mkDerivation { [ (if withGtk2 then gtk2 else gtk3) libXinerama libSM libXxf86vm xf86vidmodeproto gstreamer gst-plugins-base GConf ] ++ optional withMesa mesa_glu - ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) + ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk) ++ optionals stdenv.isDarwin [ setfile Carbon Cocoa Kernel QTKit ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 27a494a13156..925e0f7eac83 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10968,7 +10968,7 @@ with pkgs; wcslib = callPackage ../development/libraries/wcslib { }; - webkitgtk = webkitgtk216x; + webkitgtk = webkitgtk218x; webkitgtk24x-gtk3 = callPackage ../development/libraries/webkitgtk/2.4.nix { harfbuzz = harfbuzz-icu-58; @@ -10976,7 +10976,7 @@ with pkgs; inherit (darwin) libobjc; }; - webkitgtk216x = callPackage ../development/libraries/webkitgtk/2.16.nix { + webkitgtk218x = callPackage ../development/libraries/webkitgtk/2.18.nix { harfbuzz = harfbuzz-icu; gst-plugins-base = gst_all_1.gst-plugins-base; };