summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMart Raudsepp <leio@gentoo.org>2020-07-31 00:17:26 +0300
committerMart Raudsepp <leio@gentoo.org>2020-07-31 00:17:52 +0300
commite09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029 (patch)
tree00866122b190d42c6c39bd60d5fbb37ef2acb040 /net-libs
parentnet-libs/libetpan: Security cleanup (diff)
downloadgentoo-e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029.tar.gz
gentoo-e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029.tar.bz2
gentoo-e09a9c9cc6ff10e82e4d9a1f8bb6e896325ef029.zip
net-libs/webkit-gtk: security cleanup
Bug: https://bugs.gentoo.org/734584 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Mart Raudsepp <leio@gentoo.org>
Diffstat (limited to 'net-libs')
-rw-r--r--net-libs/webkit-gtk/Manifest1
-rw-r--r--net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch44
-rw-r--r--net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild290
3 files changed, 0 insertions, 335 deletions
diff --git a/net-libs/webkit-gtk/Manifest b/net-libs/webkit-gtk/Manifest
index 63a7c52480e8..e700873eb41b 100644
--- a/net-libs/webkit-gtk/Manifest
+++ b/net-libs/webkit-gtk/Manifest
@@ -1,2 +1 @@
-DIST webkitgtk-2.28.3.tar.xz 21425556 BLAKE2B f51522c33fa97aa00dee1428bc256ef910dd8764b3731580639c79642965c60b91b8d2f5c1d3bdb60975c68706d415447e8b52520ecfa1687968f3790137234b SHA512 575184edb8279f1dca67cbeeb45280ca5da9aa388e208251d9ad7a56907950cfd85b1fc426eee90699593c428f4e1037c96cb6aa16f534c71734c64950f2d643
DIST webkitgtk-2.28.4.tar.xz 21424908 BLAKE2B 5ca9206c3c7d0a00bc76487ae8fe79e6c5b94a86f23300f196b3edbd5e3f1ea68768ef4465b32fa694a7b6a4a2b274dfb9dba4a20b8329f9138970f1a82eb7e6 SHA512 227cd4066235180521a32a83d3a906212adf4f234f15a1fff4ac86b48e39c431f1e0cb4a56f62924015099a0c8909a73a21a56f8dc71a16c53ac65de4a5773a1
diff --git a/net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch b/net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch
deleted file mode 100644
index 68139064b88e..000000000000
--- a/net-libs/webkit-gtk/files/2.28.3-non-jumbo-fix2.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From f6b0ae5334eb9de1858b5f3b0edc2f7245087cab Mon Sep 17 00:00:00 2001
-From: Mart Raudsepp <leio@gentoo.org>
-Date: Sat, 11 Jul 2020 15:28:05 +0300
-Subject: [PATCH] Try to fix another apparent non-unified build error
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Source/WebCore/rendering/svg/RenderSVGResourceClipper.h:70:42: required from here
-/usr/lib/gcc/x86_64-pc-linux-gnu/9.2.0/include/g++-v9/bits/unique_ptr.h:79:16: error: invalid application of ‘sizeof’ to incomplete type ‘WebCore::ImageBuffer’
- 79 | static_assert(sizeof(_Tp)>0,
- | ^~~~~~~~~~~
----
- Source/WebCore/rendering/svg/RenderSVGResourceClipper.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h b/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h
-index 55d9e34df61..12a7a83cc61 100644
---- a/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h
-+++ b/Source/WebCore/rendering/svg/RenderSVGResourceClipper.h
-@@ -19,6 +19,7 @@
-
- #pragma once
-
-+#include "ImageBuffer.h"
- #include "RenderSVGResourceContainer.h"
- #include "SVGClipPathElement.h"
- #include "SVGUnitTypes.h"
-diff --git a/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp b/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
-index ec2fbe165b1..ab0688615a6 100644
---- a/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
-+++ b/Source/WebCore/xml/parser/XMLDocumentParserLibxml2.cpp
-@@ -42,6 +42,8 @@
- #include "HTTPParsers.h"
- #include "InlineClassicScript.h"
- #include "MIMETypeRegistry.h"
-+#include "Page.h"
-+#include "PageConsoleClient.h"
- #include "PendingScript.h"
- #include "ProcessingInstruction.h"
- #include "ResourceError.h"
---
-2.20.1
-
diff --git a/net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild b/net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild
deleted file mode 100644
index fb4f89d11f41..000000000000
--- a/net-libs/webkit-gtk/webkit-gtk-2.28.3.ebuild
+++ /dev/null
@@ -1,290 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-CMAKE_MAKEFILE_GENERATOR="ninja"
-PYTHON_COMPAT=( python{3_6,3_7} )
-USE_RUBY="ruby24 ruby25 ruby26 ruby27"
-CMAKE_MIN_VERSION=3.10
-
-inherit check-reqs cmake-utils flag-o-matic gnome2 pax-utils python-any-r1 ruby-single toolchain-funcs virtualx
-
-MY_P="webkitgtk-${PV}"
-DESCRIPTION="Open source web browser engine"
-HOMEPAGE="https://www.webkitgtk.org"
-SRC_URI="https://www.webkitgtk.org/releases/${MY_P}.tar.xz"
-
-LICENSE="LGPL-2+ BSD"
-SLOT="4/37" # soname version of libwebkit2gtk-4.0
-KEYWORDS="amd64 ~arm arm64 ~ppc64 ~sparc x86"
-
-IUSE="aqua +egl +geolocation gles2-only gnome-keyring +gstreamer gtk-doc +introspection +jpeg2k +jumbo-build libnotify +opengl seccomp spell wayland +X"
-
-# gstreamer with opengl/gles2 needs egl
-REQUIRED_USE="
- gles2-only? ( egl !opengl )
- gstreamer? ( opengl? ( egl ) )
- wayland? ( egl )
- || ( aqua wayland X )
-"
-
-# Tests fail to link for inexplicable reasons
-# https://bugs.webkit.org/show_bug.cgi?id=148210
-RESTRICT="test"
-
-# Aqua support in gtk3 is untested
-# Dependencies found at Source/cmake/OptionsGTK.cmake
-# Various compile-time optionals for gtk+-3.22.0 - ensure it
-# Missing WebRTC support, but ENABLE_MEDIA_STREAM/ENABLE_WEB_RTC is experimental upstream (PRIVATE OFF) and shouldn't be used yet in 2.26
-# >=gst-plugins-opus-1.14.4-r1 for opusparse (required by MSE)
-wpe_depend="
- >=gui-libs/libwpe-1.3.0:1.0
- >=gui-libs/wpebackend-fdo-1.3.1:1.0
-"
-# TODO: gst-plugins-base[X] is only needed when build configuration ends up with GLX set, but that's a bit automagic too to fix
-RDEPEND="
- >=x11-libs/cairo-1.16.0:=[X?]
- >=media-libs/fontconfig-2.13.0:1.0
- >=media-libs/freetype-2.9.0:2
- >=dev-libs/libgcrypt-1.7.0:0=
- >=x11-libs/gtk+-3.22.0:3[aqua?,introspection?,wayland?,X?]
- >=media-libs/harfbuzz-1.4.2:=[icu(+)]
- >=dev-libs/icu-3.8.1-r1:=
- virtual/jpeg:0=
- >=net-libs/libsoup-2.54:2.4[introspection?]
- >=dev-libs/libxml2-2.8.0:2
- >=media-libs/libpng-1.4:0=
- dev-db/sqlite:3=
- sys-libs/zlib:0
- >=dev-libs/atk-2.16.0
- media-libs/libwebp:=
-
- >=dev-libs/glib-2.44.0:2
- >=dev-libs/libxslt-1.1.7
- media-libs/woff2
- gnome-keyring? ( app-crypt/libsecret )
- introspection? ( >=dev-libs/gobject-introspection-1.32.0:= )
- dev-libs/libtasn1:=
- spell? ( >=app-text/enchant-0.22:2 )
- gstreamer? (
- >=media-libs/gstreamer-1.14:1.0
- >=media-libs/gst-plugins-base-1.14:1.0[egl?,opengl?,X?]
- gles2-only? ( media-libs/gst-plugins-base:1.0[gles2] )
- >=media-plugins/gst-plugins-opus-1.14.4-r1:1.0
- >=media-libs/gst-plugins-bad-1.14:1.0 )
-
- X? (
- x11-libs/libX11
- x11-libs/libXcomposite
- x11-libs/libXdamage
- x11-libs/libXrender
- x11-libs/libXt )
-
- libnotify? ( x11-libs/libnotify )
- dev-libs/hyphen
- jpeg2k? ( >=media-libs/openjpeg-2.2.0:2= )
-
- egl? ( media-libs/mesa[egl] )
- gles2-only? ( media-libs/mesa[gles2] )
- opengl? ( virtual/opengl )
- wayland? (
- dev-libs/wayland
- >=dev-libs/wayland-protocols-1.12
- opengl? ( ${wpe_depend} )
- gles2-only? ( ${wpe_depend} )
- )
-
- seccomp? (
- >=sys-apps/bubblewrap-0.3.1
- sys-libs/libseccomp
- sys-apps/xdg-dbus-proxy
- )
-"
-unset wpe_depend
-# paxctl needed for bug #407085
-# Need real bison, not yacc
-DEPEND="${RDEPEND}
- ${PYTHON_DEPS}
- ${RUBY_DEPS}
- >=app-accessibility/at-spi2-core-2.5.3
- dev-util/glib-utils
- >=dev-util/gperf-3.0.1
- >=sys-devel/bison-2.4.3
- || ( >=sys-devel/gcc-7.3 >=sys-devel/clang-5 )
- sys-devel/gettext
- virtual/pkgconfig
-
- >=dev-lang/perl-5.10
- virtual/perl-Data-Dumper
- virtual/perl-Carp
- virtual/perl-JSON-PP
-
- gtk-doc? ( >=dev-util/gtk-doc-1.32 )
- geolocation? ( dev-util/gdbus-codegen )
-"
-# test? (
-# dev-python/pygobject:3[python_targets_python2_7]
-# x11-themes/hicolor-icon-theme
-# jit? ( sys-apps/paxctl ) )
-RDEPEND="${RDEPEND}
- geolocation? ( >=app-misc/geoclue-2.1.5:2.0 )
-"
-
-S="${WORKDIR}/${MY_P}"
-
-CHECKREQS_DISK_BUILD="18G" # and even this might not be enough, bug #417307
-
-pkg_pretend() {
- if [[ ${MERGE_TYPE} != "binary" ]] ; then
- if is-flagq "-g*" && ! is-flagq "-g*0" ; then
- einfo "Checking for sufficient disk space to build ${PN} with debugging CFLAGS"
- check-reqs_pkg_pretend
- fi
-
- if ! test-flag-CXX -std=c++17 ; then
- die "You need at least GCC 7.3.x or Clang >= 5 for C++17-specific compiler flags"
- fi
- fi
-
- if ! use opengl && ! use gles2-only; then
- ewarn
- ewarn "You are disabling OpenGL usage (USE=opengl or USE=gles2-only) completely."
- ewarn "This is an unsupported configuration meant for very specific embedded"
- ewarn "use cases, where there truly is no GL possible (and even that use case"
- ewarn "is very unlikely to come by). If you have GL (even software-only), you"
- ewarn "really really should be enabling OpenGL!"
- ewarn
- fi
-}
-
-pkg_setup() {
- if [[ ${MERGE_TYPE} != "binary" ]] && is-flagq "-g*" && ! is-flagq "-g*0" ; then
- check-reqs_pkg_setup
- fi
-
- python-any-r1_pkg_setup
-}
-
-src_prepare() {
- eapply "${FILESDIR}/${PN}-2.24.4-eglmesaext-include.patch" # bug 699054 # https://bugs.webkit.org/show_bug.cgi?id=204108
- eapply "${FILESDIR}"/2.28.2-opengl-without-X-fixes.patch
- eapply "${FILESDIR}"/2.28.2-non-jumbo-fix.patch
- eapply "${FILESDIR}"/2.28.3-non-jumbo-fix2.patch
- cmake-utils_src_prepare
- gnome2_src_prepare
-}
-
-src_configure() {
- # Respect CC, otherwise fails on prefix #395875
- tc-export CC
-
- # It does not compile on alpha without this in LDFLAGS
- # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648761
- use alpha && append-ldflags "-Wl,--no-relax"
-
- # ld segfaults on ia64 with LDFLAGS --as-needed, bug #555504
- use ia64 && append-ldflags "-Wl,--no-as-needed"
-
- # Sigbuses on SPARC with mcpu and co., bug #???
- use sparc && filter-flags "-mvis"
-
- # https://bugs.webkit.org/show_bug.cgi?id=42070 , #301634
- use ppc64 && append-flags "-mminimal-toc"
-
- # Try to use less memory, bug #469942 (see Fedora .spec for reference)
- # --no-keep-memory doesn't work on ia64, bug #502492
- if ! use ia64; then
- append-ldflags "-Wl,--no-keep-memory"
- fi
-
- # We try to use gold when possible for this package
-# if ! tc-ld-is-gold ; then
-# append-ldflags "-Wl,--reduce-memory-overheads"
-# fi
-
- # Ruby situation is a bit complicated. See bug 513888
- local rubyimpl
- local ruby_interpreter=""
- for rubyimpl in ${USE_RUBY}; do
- if has_version --host-root "virtual/rubygems[ruby_targets_${rubyimpl}]"; then
- ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ${rubyimpl})"
- fi
- done
- # This will rarely occur. Only a couple of corner cases could lead us to
- # that failure. See bug 513888
- [[ -z $ruby_interpreter ]] && die "No suitable ruby interpreter found"
-
- # TODO: Check Web Audio support
- # should somehow let user select between them?
- #
- # opengl needs to be explicetly handled, bug #576634
-
- local use_wpe_renderer=OFF
- local opengl_enabled
- if use opengl || use gles2-only; then
- opengl_enabled=ON
- use wayland && use_wpe_renderer=ON
- else
- opengl_enabled=OFF
- fi
-
- local mycmakeargs=(
- -DENABLE_UNIFIED_BUILDS=$(usex jumbo-build)
- -DENABLE_QUARTZ_TARGET=$(usex aqua)
- -DENABLE_API_TESTS=$(usex test)
- -DENABLE_GTKDOC=$(usex gtk-doc)
- -DENABLE_GEOLOCATION=$(usex geolocation) # Runtime optional (talks over dbus service)
- $(cmake-utils_use_find_package gles2-only OpenGLES2)
- -DENABLE_GLES2=$(usex gles2-only)
- -DENABLE_VIDEO=$(usex gstreamer)
- -DENABLE_WEB_AUDIO=$(usex gstreamer)
- -DENABLE_INTROSPECTION=$(usex introspection)
- -DUSE_LIBNOTIFY=$(usex libnotify)
- -DUSE_LIBSECRET=$(usex gnome-keyring)
- -DUSE_OPENJPEG=$(usex jpeg2k)
- -DUSE_WOFF2=ON
- -DENABLE_SPELLCHECK=$(usex spell)
- -DENABLE_WAYLAND_TARGET=$(usex wayland)
- -DUSE_WPE_RENDERER=${use_wpe_renderer} # WPE renderer is used to implement accelerated compositing under wayland
- $(cmake-utils_use_find_package egl EGL)
- $(cmake-utils_use_find_package opengl OpenGL)
- -DENABLE_X11_TARGET=$(usex X)
- -DENABLE_OPENGL=${opengl_enabled}
- -DENABLE_WEBGL=${opengl_enabled}
- -DENABLE_BUBBLEWRAP_SANDBOX=$(usex seccomp)
- -DBWRAP_EXECUTABLE="${EPREFIX}"/usr/bin/bwrap # If bubblewrap[suid] then portage makes it go-r and cmake find_program fails with that
- -DCMAKE_BUILD_TYPE=Release
- -DPORT=GTK
- ${ruby_interpreter}
- )
-
- # Allow it to use GOLD when possible as it has all the magic to
- # detect when to use it and using gold for this concrete package has
- # multiple advantages and is also the upstream default, bug #585788
-# if tc-ld-is-gold ; then
-# mycmakeargs+=( -DUSE_LD_GOLD=ON )
-# else
-# mycmakeargs+=( -DUSE_LD_GOLD=OFF )
-# fi
-
- WK_USE_CCACHE=NO cmake-utils_src_configure
-}
-
-src_compile() {
- cmake-utils_src_compile
-}
-
-src_test() {
- # Prevents test failures on PaX systems
- pax-mark m $(list-paxables Programs/*[Tt]ests/*) # Programs/unittests/.libs/test*
-
- cmake-utils_src_test
-}
-
-src_install() {
- cmake-utils_src_install
-
- # Prevents crashes on PaX systems, bug #522808
- pax-mark m "${ED}usr/libexec/webkit2gtk-4.0/jsc" "${ED}usr/libexec/webkit2gtk-4.0/WebKitWebProcess"
- pax-mark m "${ED}usr/libexec/webkit2gtk-4.0/WebKitPluginProcess"
-}