From aebae6c20850ea1c29d2dad9d29b4db6c09e317c Mon Sep 17 00:00:00 2001 From: Franz Pletz Date: Tue, 24 Oct 2017 10:58:16 +0200 Subject: [PATCH] webkitgtk: 2.16.6 -> 2.18.1 for multiple CVEs See https://webkitgtk.org/security/WSA-2017-0008.html --- pkgs/desktops/gnome-3/default.nix | 3 +-- .../libraries/webkitgtk/{2.16.nix => 2.18.nix} | 13 +++++-------- .../development/libraries/wxwidgets/3.0/default.nix | 6 +++--- pkgs/top-level/all-packages.nix | 6 +++--- 4 files changed, 12 insertions(+), 16 deletions(-) rename pkgs/development/libraries/webkitgtk/{2.16.nix => 2.18.nix} (88%) diff --git a/pkgs/desktops/gnome-3/default.nix b/pkgs/desktops/gnome-3/default.nix index 10e5f97c38fb..585f79ddea67 100644 --- a/pkgs/desktops/gnome-3/default.nix +++ b/pkgs/desktops/gnome-3/default.nix @@ -45,7 +45,7 @@ let hitori gnome-taquin ]; - inherit (pkgs) glib gtk2 webkitgtk216x gtk3 gtkmm3 libcanberra_gtk2 + inherit (pkgs) glib gtk2 webkitgtk gtk3 gtkmm3 libcanberra_gtk2 clutter clutter-gst clutter_gtk cogl gtkvnc; inherit (pkgs.gnome2) ORBit2; libsoup = pkgs.libsoup.override { gnomeSupport = true; }; @@ -56,7 +56,6 @@ let gtkmm = gtkmm3; vala = pkgs.vala_0_32; gegl_0_3 = pkgs.gegl_0_3.override { inherit gtk; }; - webkitgtk = webkitgtk216x; # Simplify the nixos module and gnome packages defaultIconTheme = adwaita-icon-theme; diff --git a/pkgs/development/libraries/webkitgtk/2.16.nix b/pkgs/development/libraries/webkitgtk/2.18.nix similarity index 88% rename from pkgs/development/libraries/webkitgtk/2.16.nix rename to pkgs/development/libraries/webkitgtk/2.18.nix index d69993534146..e1b520eb10b1 100644 --- a/pkgs/development/libraries/webkitgtk/2.16.nix +++ b/pkgs/development/libraries/webkitgtk/2.18.nix @@ -4,7 +4,7 @@ , libxml2, libsoup, libsecret, libxslt, harfbuzz, libpthreadstubs, pcre, nettle, libtasn1, p11_kit , libidn, libedit, readline, mesa, libintlOrEmpty , enableGeoLocation ? true, geoclue2, sqlite -, gst-plugins-base +, gst-plugins-base, gst-plugins-bad }: assert enableGeoLocation -> geoclue2 != null; @@ -12,7 +12,7 @@ assert enableGeoLocation -> geoclue2 != null; with stdenv.lib; stdenv.mkDerivation rec { name = "webkitgtk-${version}"; - version = "2.16.6"; + version = "2.18.1"; meta = { description = "Web content rendering engine, GTK+ port"; @@ -42,7 +42,7 @@ stdenv.mkDerivation rec { src = fetchurl { url = "http://webkitgtk.org/releases/${name}.tar.xz"; - sha256 = "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw"; + sha256 = "15fp7szmkpannx7avsynf0nv3y343qwq0fvq3rz2m2mw5wq7pnww"; }; # see if we can clean this up.... @@ -77,10 +77,7 @@ stdenv.mkDerivation rec { "-DENABLE_GTKDOC=OFF" ]; - # XXX: WebKit2 missing include path for gst-plugins-base. - # Filled: https://bugs.webkit.org/show_bug.cgi?id=148894 - NIX_CFLAGS_COMPILE = "-I${gst-plugins-base.dev}/include/gstreamer-1.0" - + (optionalString stdenv.isDarwin " -lintl"); + NIX_CFLAGS_COMPILE = optionalString stdenv.isDarwin " -lintl"; nativeBuildInputs = [ cmake perl python2 ruby bison gperf @@ -90,7 +87,7 @@ stdenv.mkDerivation rec { buildInputs = libintlOrEmpty ++ [ gtk2 libwebp enchant libnotify gnutls pcre nettle libidn libxml2 libsecret libxslt harfbuzz libpthreadstubs libtasn1 p11_kit - sqlite gst-plugins-base libxkbcommon epoxy at_spi2_core + sqlite gst-plugins-base gst-plugins-bad libxkbcommon epoxy at_spi2_core ] ++ optional enableGeoLocation geoclue2 ++ (with xlibs; [ libXdmcp libXt libXtst ]) ++ optionals stdenv.isDarwin [ libedit readline mesa ] diff --git a/pkgs/development/libraries/wxwidgets/3.0/default.nix b/pkgs/development/libraries/wxwidgets/3.0/default.nix index 35300ed9419a..2375de4b1bfa 100644 --- a/pkgs/development/libraries/wxwidgets/3.0/default.nix +++ b/pkgs/development/libraries/wxwidgets/3.0/default.nix @@ -3,13 +3,13 @@ , withMesa ? true, mesa_glu ? null, mesa_noglu ? null , compat24 ? false, compat26 ? true, unicode ? true , withGtk2 ? true -, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk216x ? null +, withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk218x ? null , AGL ? null, Carbon ? null, Cocoa ? null, Kernel ? null, QTKit ? null }: assert withMesa -> mesa_glu != null && mesa_noglu != null; -assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) != null; +assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) != null; with stdenv.lib; @@ -30,7 +30,7 @@ stdenv.mkDerivation { [ (if withGtk2 then gtk2 else gtk3) libXinerama libSM libXxf86vm xf86vidmodeproto gstreamer gst-plugins-base GConf ] ++ optional withMesa mesa_glu - ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) + ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) ++ optionals stdenv.isDarwin [ setfile Carbon Cocoa Kernel QTKit ]; nativeBuildInputs = [ pkgconfig ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bfb50c829691..057f878dedc2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10948,7 +10948,7 @@ with pkgs; wcslib = callPackage ../development/libraries/wcslib { }; - webkitgtk = webkitgtk216x; + webkitgtk = webkitgtk218x; webkitgtk24x-gtk3 = callPackage ../development/libraries/webkitgtk/2.4.nix { harfbuzz = harfbuzz-icu; @@ -10956,9 +10956,9 @@ with pkgs; inherit (darwin) libobjc; }; - webkitgtk216x = callPackage ../development/libraries/webkitgtk/2.16.nix { + webkitgtk218x = callPackage ../development/libraries/webkitgtk/2.16.nix { harfbuzz = harfbuzz-icu; - gst-plugins-base = gst_all_1.gst-plugins-base; + inherit (gst_all_1) gst-plugins-base gst-plugins-bad; }; webkitgtk217x = callPackage ../development/libraries/webkitgtk/2.17.nix {