Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 608600 - media-gfx/gimp: disable webkit support
Summary: media-gfx/gimp: disable webkit support
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Sebastian Pipping
URL:
Whiteboard:
Keywords:
Depends on: 620412
Blocks: CVE-2016-1723, CVE-2016-1724, CVE-2016-1725, CVE-2016-1726, CVE-2016-1727, CVE-2016-1728
  Show dependency tree
 
Reported: 2017-02-08 09:42 UTC by Pacho Ramos
Modified: 2017-12-16 12:20 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Pacho Ramos gentoo-dev 2017-02-08 09:42:52 UTC
gimp optionally requires a vulnerable and dead webkit-gtk slot. We want to remove that old versions (as other distributions are doing) and, then, we would need to get gimp relying on external browser instead of this webkit one

Thanks
Comment 1 Sebastian Pipping gentoo-dev 2017-02-08 14:11:20 UTC
Do we need anything more downstream?:


commit 7cb09f8d234d4fd0e6effdb55b777470dc954908
Author: Sebastian Pipping <sping@g.o>
Date:   Wed Feb 8 15:05:49 2017 +0100

    media-gfx/gimp: Move torwards --without-webkit for security (bug #608600)
    
    Package-Manager: Portage-2.3.3, Repoman-2.3.1

 media-gfx/gimp/gimp-2.8.14-r3.ebuild | 170 +++++++++++++++++++++++++++++++
 media-gfx/gimp/gimp-2.8.16-r2.ebuild | 170 +++++++++++++++++++++++++++++++
 media-gfx/gimp/gimp-2.8.18-r1.ebuild | 169 +++++++++++++++++++++++++++++++
 media-gfx/gimp/gimp-2.9.2-r3.ebuild  | 188 ++++++++++++++++++++++++++++++++++
 media-gfx/gimp/gimp-2.9.4-r2.ebuild  | 191 +++++++++++++++++++++++++++++++++++
 media-gfx/gimp/gimp-9999.ebuild      |   7 +-
 6 files changed, 891 insertions(+), 4 deletions(-)

https://github.com/gentoo/gentoo/commit/7cb09f8d234d4fd0e6effdb55b777470dc954908
Comment 2 Sebastian Pipping gentoo-dev 2017-02-08 14:12:57 UTC
PS: Here's an overview of the new situation:

  $ grep -E "use_with webkit|--without-webkit" *.ebuild
  gimp-2.8.14-r2.ebuild:          $(use_with webkit) \
  gimp-2.8.14-r3.ebuild:          --without-webkit \
  gimp-2.8.16-r1.ebuild:          $(use_with webkit) \
  gimp-2.8.16-r2.ebuild:          --without-webkit \
  gimp-2.8.18.ebuild:             $(use_with webkit) \
  gimp-2.8.18-r1.ebuild:          --without-webkit \
  gimp-2.9.2-r2.ebuild:           $(use_with webkit) \
  gimp-2.9.2-r3.ebuild:           --without-webkit \
  gimp-2.9.4-r1.ebuild:           $(use_with webkit) \
  gimp-2.9.4-r2.ebuild:           --without-webkit \
  gimp-9999.ebuild:               --without-webkit \
Comment 3 Sebastian Pipping gentoo-dev 2017-02-08 14:28:19 UTC
Upstream notified at https://bugzilla.gnome.org/show_bug.cgi?id=778343 .
Comment 4 Pacho Ramos gentoo-dev 2017-02-10 19:21:26 UTC
All done in our side, I guess upstream will update to webkit-gtk:4 when they finish the port to gtk3 :/

If possible, try to stabilize the versions not requiring old webkit-gtk as soon as possible and clean old ebuilds

Thanks! :)