From 2c0db9ffbe9738212ff0efd65665416815575e2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <vcunat@gmail.com>
Date: Fri, 24 Apr 2015 09:59:52 +0200
Subject: [PATCH] webkitgtk-2.4: security update, fix and parallel build

NEWS claims security fixes:
CVE-2014-1344, CVE-2014-1384, CVE-2014-1385, CVE-2014-1386,
CVE-2014-1387, CVE-2014-1388, CVE-2014-1389, CVE-2014-1390.
Otherwise NEWS seems safe, basically only containing bugfixes.

Parallel building should work now, thanks to make update :-)
tested with 8 threads, once webkitgtk24x and webkitgtk2.
---
 pkgs/development/libraries/webkitgtk/2.4.nix  | 18 ++++--
 .../libraries/webkitgtk/bug140241.patch       | 59 +++++++++++++++++++
 2 files changed, 71 insertions(+), 6 deletions(-)
 create mode 100644 pkgs/development/libraries/webkitgtk/bug140241.patch

diff --git a/pkgs/development/libraries/webkitgtk/2.4.nix b/pkgs/development/libraries/webkitgtk/2.4.nix
index c2ec686deae8..5c868838c998 100644
--- a/pkgs/development/libraries/webkitgtk/2.4.nix
+++ b/pkgs/development/libraries/webkitgtk/2.4.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, perl, python, ruby, bison, gperf, flex
+{ stdenv, fetchurl, autoreconfHook, perl, python, ruby, bison, gperf, flex
 , pkgconfig, which, gettext, gobjectIntrospection
 , gtk2, gtk3, wayland, libwebp, enchant, sqlite
 , libxml2, libsoup, libsecret, libxslt, harfbuzz
@@ -9,7 +9,7 @@
 
 stdenv.mkDerivation rec {
   name = "webkitgtk-${version}";
-  version = "2.4.6";
+  version = "2.4.8";
 
   meta = with stdenv.lib; {
     description = "Web content rendering engine, GTK+ port";
@@ -21,10 +21,10 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "http://webkitgtk.org/releases/${name}.tar.xz";
-    sha256 = "0mqlq4ivh921k92xjsp5pdvbg9vf75qjliqmx81qwrm2sjl4mvvg";
+    sha256 = "08xxqsxpa63nzgbsz63vrdxdxgpysyiy7jdcjb57k1hprdcibwb8";
   };
 
-  patches = [ ./webcore-svg-libxml-cflags.patch ./webkitgtk-2.4-gmutexlocker.patch ];
+  patches = [ ./webkitgtk-2.4-gmutexlocker.patch ./bug140241.patch ];
 
   CC = "cc";
 
@@ -32,6 +32,9 @@ stdenv.mkDerivation rec {
     patchShebangs Tools/gtk
   '';
 
+  # patch *.in between autoreconf and configure
+  postAutoreconf = "patch -p1 < ${./webcore-svg-libxml-cflags.patch}";
+
   configureFlags = with stdenv.lib; [
     "--disable-geolocation"
     (optionalString enableIntrospection "--enable-introspection")
@@ -43,7 +46,7 @@ stdenv.mkDerivation rec {
   dontAddDisableDepTrack = true;
 
   nativeBuildInputs = [
-    perl python ruby bison gperf flex
+    autoreconfHook/*bug140241.patch*/ perl python ruby bison gperf flex
     pkgconfig which gettext gobjectIntrospection
   ];
 
@@ -58,5 +61,8 @@ stdenv.mkDerivation rec {
     (if withGtk2 then gtk2 else gtk3)
   ];
 
-  #enableParallelBuilding = true; # build problems on Hydra
+  # Probably OK now, see:
+  # https://bugs.webkit.org/show_bug.cgi?id=79498
+  enableParallelBuilding = true;
 }
+
diff --git a/pkgs/development/libraries/webkitgtk/bug140241.patch b/pkgs/development/libraries/webkitgtk/bug140241.patch
new file mode 100644
index 000000000000..8d8c1bae0be2
--- /dev/null
+++ b/pkgs/development/libraries/webkitgtk/bug140241.patch
@@ -0,0 +1,59 @@
+@@ -, +, @@ 
+        REGRESSION(r177885): [GTK][WK1] Cannot compile 2.4.8 when WK2 is disabled
+        https://bugs.webkit.org/show_bug.cgi?id=140241
+        Reviewed by NOBODY (OOPS!).
+        We have to compile the PluginPackageNone.cpp and PluginViewNone.cpp
+        just when WebKit2 is enabled and we are not building for X11.
+        * GNUmakefile.list.am:
+---
+ Source/WebCore/ChangeLog           | 12 ++++++++++++
+ Source/WebCore/GNUmakefile.list.am |  8 ++++++++
+ 2 files changed, 20 insertions(+)
+--- a/Source/WebCore/ChangeLog	
++++ a/Source/WebCore/ChangeLog	
+@@ -1,3 +1,15 @@ 
++2015-01-16  Tomas Popela  <tpopela@redhat.com>
++
++        REGRESSION(r177885): [GTK][WK1] Cannot compile 2.4.8 when WK2 is disabled
++        https://bugs.webkit.org/show_bug.cgi?id=140241
++
++        Reviewed by NOBODY (OOPS!).
++
++        We have to compile the PluginPackageNone.cpp and PluginViewNone.cpp
++        just when WebKit2 is enabled and we are not building for X11.
++
++        * GNUmakefile.list.am:
++
+ 2014-11-10  Csaba Osztrogonác  <ossy@webkit.org>
+ 
+         Crash in WebCore::Node::getFlag
+--- a/Source/WebCore/GNUmakefile.list.am	
++++ a/Source/WebCore/GNUmakefile.list.am	
+@@ -6254,9 +6254,13 @@ endif # END USE_GLX
+ endif # END TARGET_X11
+ 
+ if TARGET_WAYLAND
++if !TARGET_X11
++if ENABLE_WEBKIT2
+ webcore_sources += \
+ 	Source/WebCore/plugins/PluginPackageNone.cpp \
+ 	Source/WebCore/plugins/PluginViewNone.cpp
++endif # END ENABLE_WEBKIT2
++endif # END !TARGET_X11
+ endif # END TARGET_WAYLAND
+ 
+ if TARGET_X11_OR_WAYLAND
+@@ -6305,9 +6309,13 @@ webcoregtk_sources += \
+ endif # END TARGET_WIN32
+ 
+ if TARGET_QUARTZ
++if !TARGET_X11
++if ENABLE_WEBKIT2
+ webcore_sources += \
+ 	Source/WebCore/plugins/PluginPackageNone.cpp \
+ 	Source/WebCore/plugins/PluginViewNone.cpp
++endif # END ENABLE_WEBKIT2
++endif # END !TARGET_X11
+ platformgtk_sources += \
+ 	Source/WebCore/platform/cairo/WidgetBackingStoreCairo.h \
+ 	Source/WebCore/platform/cairo/WidgetBackingStoreCairo.cpp