diff options
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/ao-cad-aarch64-support.patch | 18 | ||||
-rw-r--r-- | gnu/packages/patches/guile-bytestructures-name-clash.patch | 31 | ||||
-rw-r--r-- | gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch | 49 | ||||
-rw-r--r-- | gnu/packages/patches/ledger-fix-uninitialized.patch | 27 | ||||
-rw-r--r-- | gnu/packages/patches/ledger-revert-boost-python-fix.patch | 39 | ||||
-rw-r--r-- | gnu/packages/patches/libvorbis-CVE-2017-14632.patch | 63 | ||||
-rw-r--r-- | gnu/packages/patches/libvorbis-CVE-2017-14633.patch | 43 | ||||
-rw-r--r-- | gnu/packages/patches/newsbeuter-CVE-2017-12904.patch | 34 | ||||
-rw-r--r-- | gnu/packages/patches/newsbeuter-CVE-2017-14500.patch | 43 | ||||
-rw-r--r--[-rwxr-xr-x] | gnu/packages/patches/perl-module-pluggable-search.patch | 0 | ||||
-rw-r--r-- | gnu/packages/patches/webkitgtk-mitigate-spectre.patch | 107 |
11 files changed, 346 insertions, 108 deletions
diff --git a/gnu/packages/patches/ao-cad-aarch64-support.patch b/gnu/packages/patches/ao-cad-aarch64-support.patch new file mode 100644 index 0000000000..291369cd9b --- /dev/null +++ b/gnu/packages/patches/ao-cad-aarch64-support.patch @@ -0,0 +1,18 @@ +Support in ao-cad for aarch64. + +Submitted upstream at https://github.com/mkeeter/ao/issues/69 + +--- ao/ui/vendor/efsw/src/efsw/inotify-nosys.h.orig 2017-12-14 16:27:16.125871099 -0600 ++++ ao/ui/vendor/efsw/src/efsw/inotify-nosys.h 2017-12-14 16:26:39.786022981 -0600 +@@ -69,6 +69,11 @@ + # define __NR_inotify_add_watch (__NR_SYSCALL_BASE+317) + # define __NR_inotify_rm_watch (__NR_SYSCALL_BASE+318) + ++#elif defined (__aarch64__) ++# define __NR_inotify_init 1043 ++# define __NR_inotify_add_watch 27 ++# define __NR_inotify_rm_watch 28 ++ + #elif defined (__frv__) + # define __NR_inotify_init 291 + # define __NR_inotify_add_watch 292 diff --git a/gnu/packages/patches/guile-bytestructures-name-clash.patch b/gnu/packages/patches/guile-bytestructures-name-clash.patch deleted file mode 100644 index ac834dd504..0000000000 --- a/gnu/packages/patches/guile-bytestructures-name-clash.patch +++ /dev/null @@ -1,31 +0,0 @@ -This patch works around a name clash between the 'cstring-pointer' module and -the 'cstring-module' variable that occurs in Guile 2.0: - - ice-9/boot-9.scm:109:20: re-exporting local variable: cstring-pointer - ---- guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm 2017-07-25 17:04:32.858289986 +0200 -+++ guile-bytestructures-20170402.91d042e-checkout/bytestructures/guile.scm 2017-07-25 17:04:41.130244725 +0200 -@@ -1,6 +1,6 @@ - (define-module (bytestructures guile)) - --(import -+(use-modules - (bytestructures guile base) - (bytestructures guile vector) - (bytestructures guile struct) -@@ -8,7 +8,7 @@ - (bytestructures guile pointer) - (bytestructures guile numeric) - (bytestructures guile string) -- (bytestructures guile cstring-pointer)) -+ ((bytestructures guile cstring-pointer) #:prefix cstr:)) - (re-export - make-bytestructure-descriptor - bytestructure-descriptor? -@@ -75,5 +75,5 @@ - - bs:string - -- cstring-pointer -+ cstr:cstring-pointer - ) diff --git a/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch new file mode 100644 index 0000000000..6b088286cb --- /dev/null +++ b/gnu/packages/patches/icecat-bug-1427870-spectre-mitigation.patch @@ -0,0 +1,49 @@ +Mitigate Spectre by reducing the resolution of performance.now() to 20 +microseconds. Based on: + + https://hg.mozilla.org/releases/mozilla-release/rev/afa87f9be3a8 + +For more details, see: + + https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/ + +This patch was modified to apply cleanly to GNU IceCat. + + +# HG changeset patch +# User Tom Ritter <tom@mozilla.com> +# Date 1514660820 21600 +# Node ID afa87f9be3a8852da3a30f286b15ae599c7874f6 +# Parent 6caa457ebedc915b43dc1d054b8fe22e82ca7447 +Bug 1427870 - Change resolution of .now() to 20us. r=bkelly, a=lizzard + +The comment about workers was introduced in Bug 1186489 but became obsolete some time after that +(definitely by Bug 1278838) + +diff --git a/dom/performance/Performance.cpp b/dom/performance/Performance.cpp +--- a/dom/performance/Performance.cpp ++++ b/dom/performance/Performance.cpp +@@ -234,20 +234,19 @@ Performance::ClearResourceTimings() + { + MOZ_ASSERT(NS_IsMainThread()); + mResourceEntries.Clear(); + } + + DOMHighResTimeStamp + Performance::RoundTime(double aTime) const + { +- // Round down to the nearest 5us, because if the timer is too accurate people +- // can do nasty timing attacks with it. See similar code in the worker +- // Performance implementation. +- const double maxResolutionMs = 0.005; ++ // Round down to the nearest 20us, because if the timer is too accurate people ++ // can do nasty timing attacks with it. ++ const double maxResolutionMs = 0.020; + return floor(aTime / maxResolutionMs) * maxResolutionMs; + } + + + void + Performance::Mark(const nsAString& aName, ErrorResult& aRv) + { + // Don't add the entry if the buffer is full. XXX should be removed by bug 1159003. diff --git a/gnu/packages/patches/ledger-fix-uninitialized.patch b/gnu/packages/patches/ledger-fix-uninitialized.patch new file mode 100644 index 0000000000..128c90ec13 --- /dev/null +++ b/gnu/packages/patches/ledger-fix-uninitialized.patch @@ -0,0 +1,27 @@ +This fixes failures of tests "BaseLine_opt-datetime-format" and +"BaseLine_opt-time-report", which were printing an unexpected trailing '*' on +the last line of output, e.g.: + + @@ -5,4 +5,4 @@ + 04/05/13 12:00 PM 04/05/13 01:30 PM 1.50h Lunch + 04/05/13 11:30 AM 04/05/13 12:00 PM 30.0m Walk + -------------------------------------------------- + - + + * + +Reported upstream at +https://groups.google.com/d/msg/ledger-cli/EeJUrUk8YDc/pIR-LOTVEAAJ + +diff --git a/src/account.h b/src/account.h +index 1b97463d..f2555593 100644 +--- a/src/account.h ++++ b/src/account.h +@@ -187,7 +187,7 @@ public: + + datetime_t earliest_checkin; + datetime_t latest_checkout; +- bool latest_checkout_cleared; ++ bool latest_checkout_cleared = false; + + std::set<path> filenames; + std::set<string> accounts_referenced; diff --git a/gnu/packages/patches/ledger-revert-boost-python-fix.patch b/gnu/packages/patches/ledger-revert-boost-python-fix.patch new file mode 100644 index 0000000000..99f48f6e46 --- /dev/null +++ b/gnu/packages/patches/ledger-revert-boost-python-fix.patch @@ -0,0 +1,39 @@ +From 01220484f428a447e9b00e071a0d85185f30e1de Mon Sep 17 00:00:00 2001 +From: Alexis Hildebrandt <afh@surryhill.net> +Date: Wed, 22 Jun 2016 15:43:37 +0200 +Subject: [PATCH] Revert "[python] Add fix for Boost.Python compile errors" + +This reverts commit 11590e134eafa768ccc4a171cc7fb216e906095f. +--- + src/py_commodity.cc | 3 --- + src/py_journal.cc | 3 --- + 2 files changed, 6 deletions(-) + +diff --git a/src/py_commodity.cc b/src/py_commodity.cc +index 5aafa6c..c457e64 100644 +--- a/src/py_commodity.cc ++++ b/src/py_commodity.cc +@@ -243,9 +243,6 @@ namespace { + + void export_commodity() + { +-#if BOOST_VERSION >= 106000 +- python::register_ptr_to_python< shared_ptr<commodity_pool_t> >(); +-#endif + class_< commodity_pool_t, shared_ptr<commodity_pool_t>, + boost::noncopyable > ("CommodityPool", no_init) + .add_property("null_commodity", +diff --git a/src/py_journal.cc b/src/py_journal.cc +index c1c38a9..879f954 100644 +--- a/src/py_journal.cc ++++ b/src/py_journal.cc +@@ -232,9 +232,6 @@ void export_journal() + boost::noncopyable >("PostHandler") + ; + +-#if BOOST_VERSION >= 106000 +- python::register_ptr_to_python< shared_ptr<collector_wrapper> >(); +-#endif + class_< collector_wrapper, shared_ptr<collector_wrapper>, + boost::noncopyable >("PostCollectorWrapper", no_init) + .def("__len__", &collector_wrapper::length) diff --git a/gnu/packages/patches/libvorbis-CVE-2017-14632.patch b/gnu/packages/patches/libvorbis-CVE-2017-14632.patch new file mode 100644 index 0000000000..99debf2104 --- /dev/null +++ b/gnu/packages/patches/libvorbis-CVE-2017-14632.patch @@ -0,0 +1,63 @@ +Fix CVE-2017-14632: + +https://gitlab.xiph.org/xiph/vorbis/issues/2328 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14632 + +Patch copied from upstream source repository: + +https://gitlab.xiph.org/xiph/vorbis/commit/c1c2831fc7306d5fbd7bc800324efd12b28d327f + +From c1c2831fc7306d5fbd7bc800324efd12b28d327f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> +Date: Wed, 15 Nov 2017 18:22:59 +0100 +Subject: [PATCH] CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb + if not initialized + +If the number of channels is not within the allowed range +we call oggback_writeclear altough it's not initialized yet. + +This fixes + + =23371== Invalid free() / delete / delete[] / realloc() + ==23371== at 0x4C2CE1B: free (vg_replace_malloc.c:530) + ==23371== by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2) + ==23371== by 0x84B96EE: vorbis_analysis_headerout (info.c:652) + ==23371== by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) + ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x10D82A: open_output_file (sox.c:1556) + ==23371== by 0x10D82A: process (sox.c:1753) + ==23371== by 0x10D82A: main (sox.c:3012) + ==23371== Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd + ==23371== at 0x4C2BB1F: malloc (vg_replace_malloc.c:298) + ==23371== by 0x4C2DE9F: realloc (vg_replace_malloc.c:785) + ==23371== by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so) + ==23371== by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1) + ==23371== by 0x10D82A: open_output_file (sox.c:1556) + ==23371== by 0x10D82A: process (sox.c:1753) + ==23371== by 0x10D82A: main (sox.c:3012) + +as seen when using the testcase from CVE-2017-11333 with +008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was +there before. +--- + lib/info.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/lib/info.c b/lib/info.c +index 7bc4ea4..8d0b2ed 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -589,6 +589,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, + private_state *b=v->backend_state; + + if(!b||vi->channels<=0||vi->channels>256){ ++ b = NULL; + ret=OV_EFAULT; + goto err_out; + } +-- +2.15.1 + diff --git a/gnu/packages/patches/libvorbis-CVE-2017-14633.patch b/gnu/packages/patches/libvorbis-CVE-2017-14633.patch new file mode 100644 index 0000000000..ec6bf5265c --- /dev/null +++ b/gnu/packages/patches/libvorbis-CVE-2017-14633.patch @@ -0,0 +1,43 @@ +Fix CVE-2017-14633: + +https://gitlab.xiph.org/xiph/vorbis/issues/2329 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14633 + +Patch copied from upstream source repository: + +https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993 + +From a79ec216cd119069c68b8f3542c6a425a74ab993 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org> +Date: Tue, 31 Oct 2017 18:32:46 +0100 +Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels + +Otherwise + + for(i=0;i<vi->channels;i++){ + /* the encoder setup assumes that all the modes used by any + specific bitrate tweaking use the same floor */ + int submap=info->chmuxlist[i]; + +overreads later in mapping0_forward since chmuxlist is a fixed array of +256 elements max. +--- + lib/info.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/info.c b/lib/info.c +index fe759ed..7bc4ea4 100644 +--- a/lib/info.c ++++ b/lib/info.c +@@ -588,7 +588,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, + oggpack_buffer opb; + private_state *b=v->backend_state; + +- if(!b||vi->channels<=0){ ++ if(!b||vi->channels<=0||vi->channels>256){ + ret=OV_EFAULT; + goto err_out; + } +-- +2.15.1 + diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch b/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch deleted file mode 100644 index 8e90502469..0000000000 --- a/gnu/packages/patches/newsbeuter-CVE-2017-12904.patch +++ /dev/null @@ -1,34 +0,0 @@ -Fix CVE-2017-12904: - -https://github.com/akrennmair/newsbeuter/issues/591 -https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12904 - -Patch copied from the Debian package of newsbeuter, version 2.9-5+deb9u1. - -Adapted from upstream source repository: - -https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 - -Description: Fix a RCE vulnerability in the bookmark command - Newsbeuter didn't properly escape the title and description fields before - passing them to the bookmarking program which could lead to remote code - execution using the shells command substitution functionality (e.g. "$()", ``, - etc) - -Origin: upstream, https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307 -Last-Update: 2017-08-18 - ---- newsbeuter-2.9.orig/src/controller.cpp -+++ newsbeuter-2.9/src/controller.cpp -@@ -1274,9 +1274,10 @@ std::string controller::bookmark(const s - std::string bookmark_cmd = cfg.get_configvalue("bookmark-cmd"); - bool is_interactive = cfg.get_configvalue_as_bool("bookmark-interactive"); - if (bookmark_cmd.length() > 0) { -- std::string cmdline = utils::strprintf("%s '%s' %s %s", -+ std::string cmdline = utils::strprintf("%s '%s' '%s' '%s'", - bookmark_cmd.c_str(), utils::replace_all(url,"'", "%27").c_str(), -- stfl::quote(title).c_str(), stfl::quote(description).c_str()); -+ utils::replace_all(title,"'", "%27").c_str(), -+ utils::replace_all(description,"'", "%27").c_str()); - - LOG(LOG_DEBUG, "controller::bookmark: cmd = %s", cmdline.c_str()); diff --git a/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch b/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch deleted file mode 100644 index 449105e42a..0000000000 --- a/gnu/packages/patches/newsbeuter-CVE-2017-14500.patch +++ /dev/null @@ -1,43 +0,0 @@ -https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333.patch -http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14500 - -From 26f5a4350f3ab5507bb8727051c87bb04660f333 Mon Sep 17 00:00:00 2001 -From: Alexander Batischev <eual.jp@gmail.com> -Date: Sat, 16 Sep 2017 19:31:43 +0300 -Subject: [PATCH] Work around shell code in podcast names (#598) - ---- - src/pb_controller.cpp | 6 +++--- - src/queueloader.cpp | 2 +- - 2 files changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/pb_controller.cpp b/src/pb_controller.cpp -index 09b5e897..213216cd 100644 ---- a/src/pb_controller.cpp -+++ b/src/pb_controller.cpp -@@ -306,9 +306,9 @@ void pb_controller::play_file(const std::string& file) { - if (player == "") - return; - cmdline.append(player); -- cmdline.append(" \""); -- cmdline.append(utils::replace_all(file,"\"", "\\\"")); -- cmdline.append("\""); -+ cmdline.append(" \'"); -+ cmdline.append(utils::replace_all(file,"'", "%27")); -+ cmdline.append("\'"); - stfl::reset(); - LOG(LOG_DEBUG, "pb_controller::play_file: running `%s'", cmdline.c_str()); - ::system(cmdline.c_str()); -diff --git a/src/queueloader.cpp b/src/queueloader.cpp -index c1dabdd8..ae725e04 100644 ---- a/src/queueloader.cpp -+++ b/src/queueloader.cpp -@@ -130,7 +130,7 @@ std::string queueloader::get_filename(const std::string& str) { - strftime(lbuf, sizeof(lbuf), "%Y-%b-%d-%H%M%S.unknown", localtime(&t)); - fn.append(lbuf); - } else { -- fn.append(base); -+ fn.append(utils::replace_all(base, "'", "%27")); - } - return fn; - } diff --git a/gnu/packages/patches/perl-module-pluggable-search.patch b/gnu/packages/patches/perl-module-pluggable-search.patch index ec51abc35d..ec51abc35d 100755..100644 --- a/gnu/packages/patches/perl-module-pluggable-search.patch +++ b/gnu/packages/patches/perl-module-pluggable-search.patch diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch new file mode 100644 index 0000000000..3d983ede66 --- /dev/null +++ b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch @@ -0,0 +1,107 @@ +Disable SharedArrayBuffers to mitigate Spectre. Based on: + + https://trac.webkit.org/changeset/226386/webkit + +Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org> + + +--- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500 ++++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500 +@@ -338,8 +338,10 @@ + WriteBarrier<Structure> m_moduleLoaderStructure; + WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype; + WriteBarrier<Structure> m_arrayBufferStructure; ++#if ENABLE(SHARED_ARRAY_BUFFER) + WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype; + WriteBarrier<Structure> m_sharedArrayBufferStructure; ++#endif + + #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ + WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \ +@@ -670,8 +672,13 @@ + switch (sharingMode) { + case ArrayBufferSharingMode::Default: + return m_arrayBufferPrototype.get(); ++#if ENABLE(SHARED_ARRAY_BUFFER) + case ArrayBufferSharingMode::Shared: + return m_sharedArrayBufferPrototype.get(); ++#else ++ default: ++ return m_arrayBufferPrototype.get(); ++#endif + } + } + Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const +@@ -679,8 +686,13 @@ + switch (sharingMode) { + case ArrayBufferSharingMode::Default: + return m_arrayBufferStructure.get(); ++#if ENABLE(SHARED_ARRAY_BUFFER) + case ArrayBufferSharingMode::Shared: + return m_sharedArrayBufferStructure.get(); ++#else ++ default: ++ return m_arrayBufferStructure.get(); ++#endif + } + RELEASE_ASSERT_NOT_REACHED(); + return nullptr; +--- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500 ++++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500 +@@ -574,8 +574,10 @@ + + m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default)); + m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get())); ++#if ENABLE(SHARED_ARRAY_BUFFER) + m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared)); + m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get())); ++#endif + + m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get()))); + m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get()))); +@@ -620,10 +622,11 @@ + + JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default); + m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum); ++#if ENABLE(SHARED_ARRAY_BUFFER) + JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr; + sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared); + m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum); +- ++#endif + #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ + capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \ + m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \ +@@ -686,7 +689,9 @@ + putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly); + + putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum); ++#if ENABLE(SHARED_ARRAY_BUFFER) + putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum); ++#endif + + #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ + putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \ +@@ -1288,8 +1293,10 @@ + + visitor.append(thisObject->m_arrayBufferPrototype); + visitor.append(thisObject->m_arrayBufferStructure); ++#if ENABLE(SHARED_ARRAY_BUFFER) + visitor.append(thisObject->m_sharedArrayBufferPrototype); + visitor.append(thisObject->m_sharedArrayBufferStructure); ++#endif + + #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ + visitor.append(thisObject->m_ ## lowerName ## Prototype); \ +--- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400 ++++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500 +@@ -1190,6 +1190,9 @@ + #define HAVE_NS_ACTIVITY 1 + #endif + ++/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */ ++#define ENABLE_SHARED_ARRAY_BUFFER 0 ++ + #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO))) + #undef ENABLE_OPENTYPE_MATH + #define ENABLE_OPENTYPE_MATH 1 |