New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.09] webkitgtk: 2.28.4 -> 2.30.3 #104820
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Very strange that stdenv.isDarwin is in this expression but without platforms including darwin. (cherry picked from commit af2465a)
(cherry picked from commit 297bac6)
Remove gtk2 flag, which is no longer supported. (cherry picked from commit 8ccd765)
https://webkitgtk.org/2020/10/23/webkitgtk2.30.2-released.html (cherry picked from commit f70fe4a)
Fixes processing of malicousliy crafted web content which could lead to - CVE-2020-13584: arbitrary code execution due to a use after free issue - CVE-2020-9983: code execution due to an out-of-bounds write issue Advisory at https://webkitgtk.org/security/WSA-2020-0008.html Fixes: CVE-2090-13584, CVE-2020-9983 (cherry picked from commit 48ba279)
mweinelt
changed the title
[20.09]: webkitgtk: 2.28.4 -> 2.30.3
[20.09] webkitgtk: 2.28.4 -> 2.30.3
Nov 25, 2020
Result of 6 packages marked as broken and skipped:
4 packages failed to build:
149 packages built:
|
FWIW: Citrix Workspace won't build without prefetching their binary.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
https://webkitgtk.org/security/WSA-2020-0008.html
It's unclear what patches have to be backported and even Debian backported 2.30.3 to buster-security. I think we should do the same.
I successfully tested this against epiphany.
I'm not sure if all of this should be backported, but it seemed like the least error-prone approach to doing this.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)