diff options
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/patches/webkitgtk-mitigate-spectre.patch | 107 | ||||
-rw-r--r-- | gnu/packages/webkit.scm | 5 |
3 files changed, 2 insertions, 111 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index f7ac56eeab..29f0803fa5 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1140,7 +1140,6 @@ dist_patch_DATA = \ %D%/packages/patches/vsearch-unbundle-cityhash.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt1.patch \ %D%/packages/patches/vte-CVE-2012-2738-pt2.patch \ - %D%/packages/patches/webkitgtk-mitigate-spectre.patch \ %D%/packages/patches/weechat-python.patch \ %D%/packages/patches/wicd-bitrate-none-fix.patch \ %D%/packages/patches/wicd-get-selected-profile-fix.patch \ diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch deleted file mode 100644 index 3d983ede66..0000000000 --- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch +++ /dev/null @@ -1,107 +0,0 @@ -Disable SharedArrayBuffers to mitigate Spectre. Based on: - - https://trac.webkit.org/changeset/226386/webkit - -Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org> - - ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h 2018-01-06 19:28:55.985066986 -0500 -@@ -338,8 +338,10 @@ - WriteBarrier<Structure> m_moduleLoaderStructure; - WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype; - WriteBarrier<Structure> m_arrayBufferStructure; -+#if ENABLE(SHARED_ARRAY_BUFFER) - WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype; - WriteBarrier<Structure> m_sharedArrayBufferStructure; -+#endif - - #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \ -@@ -670,8 +672,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferPrototype.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferPrototype.get(); -+#else -+ default: -+ return m_arrayBufferPrototype.get(); -+#endif - } - } - Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const -@@ -679,8 +686,13 @@ - switch (sharingMode) { - case ArrayBufferSharingMode::Default: - return m_arrayBufferStructure.get(); -+#if ENABLE(SHARED_ARRAY_BUFFER) - case ArrayBufferSharingMode::Shared: - return m_sharedArrayBufferStructure.get(); -+#else -+ default: -+ return m_arrayBufferStructure.get(); -+#endif - } - RELEASE_ASSERT_NOT_REACHED(); - return nullptr; ---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig 2017-12-19 02:23:07.000000000 -0500 -+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp 2018-01-06 19:27:16.628574304 -0500 -@@ -574,8 +574,10 @@ - - m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default)); - m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get())); -+#if ENABLE(SHARED_ARRAY_BUFFER) - m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared)); - m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get())); -+#endif - - m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get()))); - m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get()))); -@@ -620,10 +622,11 @@ - - JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default); - m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr; - sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared); - m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum); -- -+#endif - #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \ - m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \ -@@ -686,7 +689,9 @@ - putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly); - - putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum); -+#if ENABLE(SHARED_ARRAY_BUFFER) - putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum); -+#endif - - #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \ -@@ -1288,8 +1293,10 @@ - - visitor.append(thisObject->m_arrayBufferPrototype); - visitor.append(thisObject->m_arrayBufferStructure); -+#if ENABLE(SHARED_ARRAY_BUFFER) - visitor.append(thisObject->m_sharedArrayBufferPrototype); - visitor.append(thisObject->m_sharedArrayBufferStructure); -+#endif - - #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \ - visitor.append(thisObject->m_ ## lowerName ## Prototype); \ ---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig 2017-10-16 08:18:56.000000000 -0400 -+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h 2018-01-06 19:29:52.897349199 -0500 -@@ -1190,6 +1190,9 @@ - #define HAVE_NS_ACTIVITY 1 - #endif - -+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */ -+#define ENABLE_SHARED_ARRAY_BUFFER 0 -+ - #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO))) - #undef ENABLE_OPENTYPE_MATH - #define ENABLE_OPENTYPE_MATH 1 diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm index 7acc018632..2b003f5b3b 100644 --- a/gnu/packages/webkit.scm +++ b/gnu/packages/webkit.scm @@ -54,15 +54,14 @@ (define-public webkitgtk (package (name "webkitgtk") - (version "2.18.4") + (version "2.18.5") (source (origin (method url-fetch) (uri (string-append "https://www.webkitgtk.org/releases/" name "-" version ".tar.xz")) (sha256 (base32 - "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7")) - (patches (search-patches "webkitgtk-mitigate-spectre.patch")))) + "1f1rsp14gkb2r1mrrxn2cnbs45vg38da27q4cf02zlxmgv680v8c")))) (build-system cmake-build-system) (arguments '(#:tests? #f ; no tests |