summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/patches/webkitgtk-mitigate-spectre.patch107
-rw-r--r--gnu/packages/webkit.scm5
3 files changed, 2 insertions, 111 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index f7ac56eeab..29f0803fa5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1140,7 +1140,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/vsearch-unbundle-cityhash.patch		\
   %D%/packages/patches/vte-CVE-2012-2738-pt1.patch			\
   %D%/packages/patches/vte-CVE-2012-2738-pt2.patch			\
-  %D%/packages/patches/webkitgtk-mitigate-spectre.patch		\
   %D%/packages/patches/weechat-python.patch			\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
diff --git a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch b/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
deleted file mode 100644
index 3d983ede66..0000000000
--- a/gnu/packages/patches/webkitgtk-mitigate-spectre.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-Disable SharedArrayBuffers to mitigate Spectre.  Based on:
-
-  https://trac.webkit.org/changeset/226386/webkit
-
-Backported to webkitgtk-2.18.4 by Mark H Weaver <mhw@netris.org>
-
-
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h.orig	2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.h	2018-01-06 19:28:55.985066986 -0500
-@@ -338,8 +338,10 @@
-     WriteBarrier<Structure> m_moduleLoaderStructure;
-     WriteBarrier<JSArrayBufferPrototype> m_arrayBufferPrototype;
-     WriteBarrier<Structure> m_arrayBufferStructure;
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     WriteBarrier<JSArrayBufferPrototype> m_sharedArrayBufferPrototype;
-     WriteBarrier<Structure> m_sharedArrayBufferStructure;
-+#endif
- 
- #define DEFINE_STORAGE_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
-     WriteBarrier<capitalName ## Prototype> m_ ## lowerName ## Prototype; \
-@@ -670,8 +672,13 @@
-         switch (sharingMode) {
-         case ArrayBufferSharingMode::Default:
-             return m_arrayBufferPrototype.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-         case ArrayBufferSharingMode::Shared:
-             return m_sharedArrayBufferPrototype.get();
-+#else
-+        default:
-+            return m_arrayBufferPrototype.get();
-+#endif
-         }
-     }
-     Structure* arrayBufferStructure(ArrayBufferSharingMode sharingMode) const
-@@ -679,8 +686,13 @@
-         switch (sharingMode) {
-         case ArrayBufferSharingMode::Default:
-             return m_arrayBufferStructure.get();
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-         case ArrayBufferSharingMode::Shared:
-             return m_sharedArrayBufferStructure.get();
-+#else
-+        default:
-+            return m_arrayBufferStructure.get();
-+#endif
-         }
-         RELEASE_ASSERT_NOT_REACHED();
-         return nullptr;
---- webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp.orig	2017-12-19 02:23:07.000000000 -0500
-+++ webkitgtk-2.18.4/Source/JavaScriptCore/runtime/JSGlobalObject.cpp	2018-01-06 19:27:16.628574304 -0500
-@@ -574,8 +574,10 @@
-     
-     m_arrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Default));
-     m_arrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_arrayBufferPrototype.get()));
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     m_sharedArrayBufferPrototype.set(vm, this, JSArrayBufferPrototype::create(vm, this, JSArrayBufferPrototype::createStructure(vm, this, m_objectPrototype.get()), ArrayBufferSharingMode::Shared));
-     m_sharedArrayBufferStructure.set(vm, this, JSArrayBuffer::createStructure(vm, this, m_sharedArrayBufferPrototype.get()));
-+#endif
- 
-     m_iteratorPrototype.set(vm, this, IteratorPrototype::create(vm, this, IteratorPrototype::createStructure(vm, this, m_objectPrototype.get())));
-     m_generatorPrototype.set(vm, this, GeneratorPrototype::create(vm, this, GeneratorPrototype::createStructure(vm, this, m_iteratorPrototype.get())));
-@@ -620,10 +622,11 @@
-     
-     JSArrayBufferConstructor* arrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_arrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Default);
-     m_arrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     JSArrayBufferConstructor* sharedArrayBufferConstructor = nullptr;
-     sharedArrayBufferConstructor = JSArrayBufferConstructor::create(vm, JSArrayBufferConstructor::createStructure(vm, this, m_functionPrototype.get()), m_sharedArrayBufferPrototype.get(), m_speciesGetterSetter.get(), ArrayBufferSharingMode::Shared);
-     m_sharedArrayBufferPrototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, sharedArrayBufferConstructor, DontEnum);
--    
-+#endif
- #define CREATE_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- capitalName ## Constructor* lowerName ## Constructor = capitalName ## Constructor::create(vm, capitalName ## Constructor::createStructure(vm, this, m_functionPrototype.get()), m_ ## lowerName ## Prototype.get(), m_speciesGetterSetter.get()); \
- m_ ## lowerName ## Prototype->putDirectWithoutTransition(vm, vm.propertyNames->constructor, lowerName ## Constructor, DontEnum); \
-@@ -686,7 +689,9 @@
-     putDirectWithoutTransition(vm, vm.propertyNames->builtinNames().ArrayPrivateName(), arrayConstructor, DontEnum | DontDelete | ReadOnly);
- 
-     putDirectWithoutTransition(vm, vm.propertyNames->ArrayBuffer, arrayBufferConstructor, DontEnum);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     putDirectWithoutTransition(vm, vm.propertyNames->SharedArrayBuffer, sharedArrayBufferConstructor, DontEnum);
-+#endif
- 
- #define PUT_CONSTRUCTOR_FOR_SIMPLE_TYPE(capitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
- putDirectWithoutTransition(vm, vm.propertyNames-> jsName, lowerName ## Constructor, DontEnum); \
-@@ -1288,8 +1293,10 @@
-     
-     visitor.append(thisObject->m_arrayBufferPrototype);
-     visitor.append(thisObject->m_arrayBufferStructure);
-+#if ENABLE(SHARED_ARRAY_BUFFER)
-     visitor.append(thisObject->m_sharedArrayBufferPrototype);
-     visitor.append(thisObject->m_sharedArrayBufferStructure);
-+#endif
- 
- #define VISIT_SIMPLE_TYPE(CapitalName, lowerName, properName, instanceType, jsName, prototypeBase) \
-     visitor.append(thisObject->m_ ## lowerName ## Prototype); \
---- webkitgtk-2.18.4/Source/WTF/wtf/Platform.h.orig	2017-10-16 08:18:56.000000000 -0400
-+++ webkitgtk-2.18.4/Source/WTF/wtf/Platform.h	2018-01-06 19:29:52.897349199 -0500
-@@ -1190,6 +1190,9 @@
- #define HAVE_NS_ACTIVITY 1
- #endif
- 
-+/* Disable SharedArrayBuffers until Spectre security concerns are mitigated. */
-+#define ENABLE_SHARED_ARRAY_BUFFER 0
-+
- #if (OS(DARWIN) && USE(CG)) || (USE(FREETYPE) && !PLATFORM(GTK)) || (PLATFORM(WIN) && (USE(CG) || USE(CAIRO)))
- #undef ENABLE_OPENTYPE_MATH
- #define ENABLE_OPENTYPE_MATH 1
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 7acc018632..2b003f5b3b 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -54,15 +54,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.18.4")
+    (version "2.18.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1f1j0r996l20cgkvbwpizn7d4yp58cy334b1pvn4kfb5c2dbpdl7"))
-              (patches (search-patches "webkitgtk-mitigate-spectre.patch"))))
+                "1f1rsp14gkb2r1mrrxn2cnbs45vg38da27q4cf02zlxmgv680v8c"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests