nixpkgs/pkgs/development/libraries/webkitgtk/2.20.nix
Andreas Rammhold 580724655e webkitgtk: 2.20.2 -> 2.20.3
This addresses several issues with webkitgtk 2.20.2:

- CVE-2018-4190, information leak (credentials)
- CVE-2018-4199, arbitrary code execution
- CVE-2018-4218, arbitrary code execution
- CVE-2018-4222, arbitrary code execution
- CVE-2018-4232, cookies might be overriden
- CVE-2018-4233, arbitrary code execution
- CVE-2018-11646, application crash
- CVE-2018-12293, heap buffer overflow
2018-06-14 20:04:33 +02:00

89 lines
2.7 KiB
Nix

{ stdenv, fetchurl, perl, python2, ruby, bison, gperf, cmake, ninja
, pkgconfig, gettext, gobjectIntrospection, libnotify, gnutls, libgcrypt
, gtk3, wayland, libwebp, enchant2, xorg, libxkbcommon, epoxy, at-spi2-core
, libxml2, libsoup, libsecret, libxslt, harfbuzz, libpthreadstubs, pcre, nettle, libtasn1, p11-kit
, libidn, libedit, readline, libGLU_combined, libintl
, enableGeoLocation ? true, geoclue2, sqlite
, enableGtk2Plugins ? false, gtk2 ? null
, gst-plugins-base, gst-plugins-bad, woff2
}:
assert enableGeoLocation -> geoclue2 != null;
assert enableGtk2Plugins -> gtk2 != null;
assert stdenv.isDarwin -> !enableGtk2Plugins;
with stdenv.lib;
stdenv.mkDerivation rec {
name = "webkitgtk-${version}";
version = "2.20.3";
meta = {
description = "Web content rendering engine, GTK+ port";
homepage = https://webkitgtk.org/;
license = licenses.bsd2;
platforms = with platforms; linux ++ darwin;
hydraPlatforms = [];
maintainers = with maintainers; [ ];
};
src = fetchurl {
url = "http://webkitgtk.org/releases/${name}.tar.xz";
sha256 = "1n0dy94bm7wvxln4jis1gp8plv8n4a01g41724zsf5psg1yk16sp";
};
patches = optionals stdenv.isDarwin [
## TODO add necessary patches for Darwin
];
postPatch = ''
patchShebangs .
'';
postConfigure = ''
# A stopgap for a non-deterministic build failure when using only one core
# Upstream bug: https://bugs.webkit.org/show_bug.cgi?id=183788#c4
ninja JavaScriptCoreForwardingHeaders WTFForwardingHeaders
'';
cmakeFlags = [
"-DPORT=GTK"
"-DUSE_LIBHYPHEN=0"
"-DENABLE_INTROSPECTION=ON"
]
++ optional (!enableGtk2Plugins) "-DENABLE_PLUGIN_PROCESS_GTK2=OFF"
++ optional stdenv.isLinux "-DENABLE_GLES2=ON"
++ optionals stdenv.isDarwin [
"-DUSE_SYSTEM_MALLOC=ON"
"-DUSE_ACCELERATE=0"
"-DENABLE_MINIBROWSER=OFF"
"-DENABLE_VIDEO=ON"
"-DENABLE_QUARTZ_TARGET=ON"
"-DENABLE_X11_TARGET=OFF"
"-DENABLE_OPENGL=OFF"
"-DENABLE_WEB_AUDIO=OFF"
"-DENABLE_WEBGL=OFF"
"-DENABLE_GRAPHICS_CONTEXT_3D=OFF"
"-DENABLE_GTKDOC=OFF"
];
nativeBuildInputs = [
cmake ninja perl python2 ruby bison gperf
pkgconfig gettext gobjectIntrospection
];
buildInputs = [
libintl libwebp enchant2 libnotify gnutls pcre nettle libidn libgcrypt woff2
libxml2 libsecret libxslt harfbuzz libpthreadstubs libtasn1 p11-kit
sqlite gst-plugins-base gst-plugins-bad libxkbcommon epoxy at-spi2-core
] ++ optional enableGeoLocation geoclue2
++ optional enableGtk2Plugins gtk2
++ (with xorg; [ libXdmcp libXt libXtst libXdamage ])
++ optionals stdenv.isDarwin [ libedit readline libGLU_combined ]
++ optional stdenv.isLinux wayland;
propagatedBuildInputs = [
libsoup gtk3
];
outputs = [ "out" "dev" ];
}