Some old versions still rely on obsolete and vulnerable webkit-gtk slots. It would be nice to treeclean them then Thanks!
What versions exactly should be dropped? Note that the latest Emacs 25 release candidate still has the following in its configure.ac: WEBKIT_REQUIRED=1.4.0 WEBKIT_MODULES="webkitgtk-3.0 >= $WEBKIT_REQUIRED" EMACS_CHECK_MODULES([WEBKIT], [$WEBKIT_MODULES]) Also, it won't compile with 4.0. If this should be updated then please report it upstream.
(In reply to Ulrich Müller from comment #1) > Also, it won't compile with 4.0. To clarify, after manually updating the configure test, compilation with net-libs/webkit-gtk-2.10.9:4 fails because of missing include files. > If this should be updated then please report it upstream.
I have brought this up in the emacs-devel mailing list: https://lists.gnu.org/archive/html/emacs-devel/2016-05/msg00630.html
Well, the offending versions are: emacs-vcs-25.0.92.ebuild: net-libs/webkit-gtk:3= emacs-vcs-25.0.93.ebuild: net-libs/webkit-gtk:3= emacs-vcs-25.0.94.ebuild: net-libs/webkit-gtk:3= emacs-vcs-25.0.9999-r2.ebuild: net-libs/webkit-gtk:3= emacs-vcs-25.1.9999-r1.ebuild: net-libs/webkit-gtk:3= As I thought that latest version wasn't ever requiring webkit-gtk, I thought that maybe dropping the old versions would be enough... but it seems that it cannot be done as the older versions are needed :S In that case reporting to upstream will be enough as they will hit this problem more strongly in two months when major distributions like Fedora and Debian plan to kill the old webkit-gtk slots :/ Thanks :)
I have package.use.masked the dependency in the base profile: +# Ulrich Müller <ulm@gentoo.org> (4 Feb 2017) +# Uses old and vulnerable net-libs/webkit-gtk:3, bug #584156. +app-editors/emacs:25 xwidgets +app-editors/emacs-vcs:25 xwidgets + https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4241b24104cc5a40814676d7ddf1c102223f6624
Also this is fixed upstream, so Emacs 26 will use the WebKit2 API: http://git.savannah.gnu.org/cgit/emacs.git/commit/?id=d781662873f228b110a128f7a2b6583a4d5e0a3a