webkitgtk: 2.16.6 -> 2.18.1 for multiple CVEs

pyrox.dev / nixpkgs

fork atom

lol

fork atom

See https://webkitgtk.org/security/WSA-2017-0008.html

Franz Pletz 8 years ago aebae6c2 f269f319

+12 -16

4 changed files

expand all

pkgs

desktops

gnome-3

default.nix

development

libraries

webkitgtk

2.18.nix

wxwidgets

3.0

default.nix

top-level

all-packages.nix

+1 -2

pkgs/desktops/gnome-3/default.nix

··· 45 45 hitori gnome-taquin 46 46 ]; 47 47 48 - inherit (pkgs) glib gtk2 webkitgtk216x gtk3 gtkmm3 libcanberra_gtk2 48 + inherit (pkgs) glib gtk2 webkitgtk gtk3 gtkmm3 libcanberra_gtk2 49 49 clutter clutter-gst clutter_gtk cogl gtkvnc; 50 50 inherit (pkgs.gnome2) ORBit2; 51 51 libsoup = pkgs.libsoup.override { gnomeSupport = true; }; ··· 56 56 gtkmm = gtkmm3; 57 57 vala = pkgs.vala_0_32; 58 58 gegl_0_3 = pkgs.gegl_0_3.override { inherit gtk; }; 59 - webkitgtk = webkitgtk216x; 60 59 61 60 # Simplify the nixos module and gnome packages 62 61 defaultIconTheme = adwaita-icon-theme;

+5 -8

pkgs/development/libraries/webkitgtk/2.16.nix pkgs/development/libraries/webkitgtk/2.18.nix

··· 4 4 , libxml2, libsoup, libsecret, libxslt, harfbuzz, libpthreadstubs, pcre, nettle, libtasn1, p11_kit 5 5 , libidn, libedit, readline, mesa, libintlOrEmpty 6 6 , enableGeoLocation ? true, geoclue2, sqlite 7 - , gst-plugins-base 7 + , gst-plugins-base, gst-plugins-bad 8 8 }: 9 9 10 10 assert enableGeoLocation -> geoclue2 != null; ··· 12 12 with stdenv.lib; 13 13 stdenv.mkDerivation rec { 14 14 name = "webkitgtk-${version}"; 15 - version = "2.16.6"; 15 + version = "2.18.1"; 16 16 17 17 meta = { 18 18 description = "Web content rendering engine, GTK+ port"; ··· 42 42 43 43 src = fetchurl { 44 44 url = "http://webkitgtk.org/releases/${name}.tar.xz"; 45 - sha256 = "08abxbhi2n1pfby9f2c20z8mpmbvbs2z7vf0p5ckq4jkz46na8zw"; 45 + sha256 = "15fp7szmkpannx7avsynf0nv3y343qwq0fvq3rz2m2mw5wq7pnww"; 46 46 }; 47 47 48 48 # see if we can clean this up.... ··· 77 77 "-DENABLE_GTKDOC=OFF" 78 78 ]; 79 79 80 - # XXX: WebKit2 missing include path for gst-plugins-base. 81 - # Filled: https://bugs.webkit.org/show_bug.cgi?id=148894 82 - NIX_CFLAGS_COMPILE = "-I${gst-plugins-base.dev}/include/gstreamer-1.0" 83 - + (optionalString stdenv.isDarwin " -lintl"); 80 + NIX_CFLAGS_COMPILE = optionalString stdenv.isDarwin " -lintl"; 84 81 85 82 nativeBuildInputs = [ 86 83 cmake perl python2 ruby bison gperf ··· 90 87 buildInputs = libintlOrEmpty ++ [ 91 88 gtk2 libwebp enchant libnotify gnutls pcre nettle libidn 92 89 libxml2 libsecret libxslt harfbuzz libpthreadstubs libtasn1 p11_kit 93 - sqlite gst-plugins-base libxkbcommon epoxy at_spi2_core 90 + sqlite gst-plugins-base gst-plugins-bad libxkbcommon epoxy at_spi2_core 94 91 ] ++ optional enableGeoLocation geoclue2 95 92 ++ (with xlibs; [ libXdmcp libXt libXtst ]) 96 93 ++ optionals stdenv.isDarwin [ libedit readline mesa ]

+3 -3

pkgs/development/libraries/wxwidgets/3.0/default.nix

··· 3 3 , withMesa ? true, mesa_glu ? null, mesa_noglu ? null 4 4 , compat24 ? false, compat26 ? true, unicode ? true 5 5 , withGtk2 ? true 6 - , withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk216x ? null 6 + , withWebKit ? false, webkitgtk24x-gtk2 ? null, webkitgtk218x ? null 7 7 , AGL ? null, Carbon ? null, Cocoa ? null, Kernel ? null, QTKit ? null 8 8 }: 9 9 10 10 11 11 assert withMesa -> mesa_glu != null && mesa_noglu != null; 12 - assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) != null; 12 + assert withWebKit -> (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) != null; 13 13 14 14 with stdenv.lib; 15 15 ··· 30 30 [ (if withGtk2 then gtk2 else gtk3) libXinerama libSM libXxf86vm xf86vidmodeproto gstreamer 31 31 gst-plugins-base GConf ] 32 32 ++ optional withMesa mesa_glu 33 - ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk216x) 33 + ++ optional withWebKit (if withGtk2 then webkitgtk24x-gtk2 else webkitgtk218x) 34 34 ++ optionals stdenv.isDarwin [ setfile Carbon Cocoa Kernel QTKit ]; 35 35 36 36 nativeBuildInputs = [ pkgconfig ];

+3 -3

pkgs/top-level/all-packages.nix

··· 10948 10948 10949 10949 wcslib = callPackage ../development/libraries/wcslib { }; 10950 10950 10951 - webkitgtk = webkitgtk216x; 10951 + webkitgtk = webkitgtk218x; 10952 10952 10953 10953 webkitgtk24x-gtk3 = callPackage ../development/libraries/webkitgtk/2.4.nix { 10954 10954 harfbuzz = harfbuzz-icu; ··· 10956 10956 inherit (darwin) libobjc; 10957 10957 }; 10958 10958 10959 - webkitgtk216x = callPackage ../development/libraries/webkitgtk/2.16.nix { 10959 + webkitgtk218x = callPackage ../development/libraries/webkitgtk/2.16.nix { 10960 10960 harfbuzz = harfbuzz-icu; 10961 - gst-plugins-base = gst_all_1.gst-plugins-base; 10961 + inherit (gst_all_1) gst-plugins-base gst-plugins-bad; 10962 10962 }; 10963 10963 10964 10964 webkitgtk217x = callPackage ../development/libraries/webkitgtk/2.17.nix {