diff options
| author |   Mart Raudsepp <leio@gentoo.org> | 2017-04-09 00:26:36 +0300 |
|---|---|---|
| committer | Mart Raudsepp <leio@gentoo.org> | 2017-04-09 00:58:52 +0300 |
| commit | bc9d93e02a1123ebba9af1880ba1fd34f9f2b7a9 (patch) | |
| tree | 420ce64213339b6b5688dac2e2fffeb64afac03d /net-libs/webkit-gtk/files | |
| parent | net-proxy/obfsproxy: keyword ~arm (diff) | |
| download | gentoo-bc9d93e02a1123ebba9af1880ba1fd34f9f2b7a9.tar.gz gentoo-bc9d93e02a1123ebba9af1880ba1fd34f9f2b7a9.tar.bz2 gentoo-bc9d93e02a1123ebba9af1880ba1fd34f9f2b7a9.zip | |
net-libs/webkit-gtk: bump to 2.16.1 for 33+ security fixes
Fixes CVE-2016-9642, CVE-2016-9643, CVE-2017-2367, CVE-2017-2376, CVE-2017-2377,
CVE-2017-2386, CVE-2017-2392, CVE-2017-2394, CVE-2017-2395, CVE-2017-2396,
CVE-2017-2405, CVE-2017-2415, CVE-2017-2419, CVE-2017-2433, CVE-2017-2442,
CVE-2017-2445, CVE-2017-2446, CVE-2017-2447, CVE-2017-2454, CVE-2017-2455,
CVE-2017-2457, CVE-2017-2459, CVE-2017-2460, CVE-2017-2464, CVE-2017-2465,
CVE-2017-2466, CVE-2017-2468, CVE-2017-2469, CVE-2017-2470, CVE-2017-2471,
CVE-2017-2475, CVE-2017-2476, CVE-2017-2481 and further fixes for CVE-2017-2364.
Upstream says 2.16.1 fixes more security bugs than these, over 2.16.0 release,
but that they didn't have CVE numbers as of yet.
Add some seemingly necessary perl build dependencies (which everyone probably
had installed anyways). This perl build dep list is by no means complete.
Includes preliminary patch from Kent to not start requiring perl[ithreads] for
building (over perl with whatever ithreads choice), which would be disastrous
for us.
Upstream has replaced gnutls with libgcrypt. The experimental API unstable DOM
stuff was dropped completely (but isn't used since epiphany-3.22), while the
webkit2gtkinjectedbundle-j1.patch patch in earlier version modified lines that
were there for it - so hopefully -j1 MAKEOPTS building still works with that
patch dropped.
CREDENTIAL_STORAGE option was renamed to LIBSECRET.
flex build dep seems to have been dropped and gstreamer requirement upped to 1.2.3.
harfbuzz 1.3.3 is useful for it for some optional fixes, so guarantee it.
Gentoo-bug: 614876
Thanks-to: Kent Fredric <kentnl@gentoo.org>
Diffstat (limited to 'net-libs/webkit-gtk/files')
| -rw-r--r-- | net-libs/webkit-gtk/files/2.16.1-avoid-perl-ithreads.patch | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/net-libs/webkit-gtk/files/2.16.1-avoid-perl-ithreads.patch b/net-libs/webkit-gtk/files/2.16.1-avoid-perl-ithreads.patch new file mode 100644 index 000000000000..506696fcc7a9 --- /dev/null +++ b/net-libs/webkit-gtk/files/2.16.1-avoid-perl-ithreads.patch @@ -0,0 +1,88 @@ +From 1ac17bea2273df0dfec21897b00efb8351648e1b Mon Sep 17 00:00:00 2001 +From: Kent Fredric <kentnl@gentoo.org> +Date: Sun, 9 Apr 2017 04:10:52 +1200 +Subject: Remove need for threaded perl at expense of being single-threaded + +This could theoretically be implemented with forks, but I opted not +to because its too hard, and the platform specifics are too messy. + +This could theoretically also have support for automatic detection +as to which strategy to use based on OS/availability, but the +implementation details of that are too much for my pateience today. + +In an ideal world, this file would support: + +1. Single threaded builds for spartans +2. Forked builds for people who are on linux but don't want to rebuild + their perl just to have threads ( which produce negligible benefit + and measurable performance penalties to all code ) +3. Threaded builds for people who are on windows where forks may not + be entirely sane. + +But #1 is good enough atm. + +This is important for Gentoo, because end users decide on their own +choices with regards to threading support for perl, and threading +support is off by default due to the performance issues mentioned in #2 +in conjunction with the fact that "threads" is officially discouraged +by Perl Upstream. + +And as Gentoo users have to have a system Perl to compile WebkitGTK, +this means installing WebkitGTK requires rebuilding their system Perl +with threads. + +And this *also* means that all packages presently compiled against Perl +become broken, because non-threaded perl and threaded perl are not ABI +compatible with each other, and this can scale into hundreds of +packages and significant transient breakage. + +This ends up in practice being *far* *worse* in terms of time wasted +than the mediocre time inefficiency created by needing a single +threaded build. +--- + Source/WebCore/bindings/scripts/generate-bindings-all.pl | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +diff --git a/Source/WebCore/bindings/scripts/generate-bindings-all.pl b/Source/WebCore/bindings/scripts/generate-bindings-all.pl +index 37b27cc74..b3a378df0 100755 +--- a/Source/WebCore/bindings/scripts/generate-bindings-all.pl ++++ b/Source/WebCore/bindings/scripts/generate-bindings-all.pl +@@ -32,9 +32,6 @@ use File::Basename; + use File::Spec; + use File::Find; + use Getopt::Long; +-use threads; +-use threads::shared; +-use Thread::Queue; + + my $perl = $^X; + my $scriptDir = $FindBin::Bin; +@@ -121,13 +118,11 @@ my @idlFilesToUpdate = grep &{sub { + implicitDependencies($depFile)); + needsUpdate(\@output, \@deps); + }}, @idlFiles; +-my $queue = Thread::Queue->new(@idlFilesToUpdate); +-my $abort :shared = 0; +-my $totalCount = @idlFilesToUpdate; +-my $currentCount :shared = 0; + +-my @threadPool = map { threads->create(\&worker) } (1 .. $numOfJobs); +-$_->join for @threadPool; ++my $abort = 0; ++my $totalCount = @idlFilesToUpdate; ++my $currentCount = 0; ++worker(); + exit $abort; + + sub needsUpdate +@@ -158,7 +153,7 @@ sub mtime + } + + sub worker { +- while (my $file = $queue->dequeue_nb()) { ++ while (my $file = shift @idlFilesToUpdate) { + last if $abort; + eval { + $currentCount++; +-- +2.12.2 |