From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:41409) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1eion5-0005PP-Vr for guix-patches@gnu.org; Mon, 05 Feb 2018 16:59:08 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1eion1-0004DX-1G for guix-patches@gnu.org; Mon, 05 Feb 2018 16:59:08 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:51236) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1eion0-0004Co-Lq for guix-patches@gnu.org; Mon, 05 Feb 2018 16:59:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1eion0-0006y9-F0 for guix-patches@gnu.org; Mon, 05 Feb 2018 16:59:02 -0500 Subject: [bug#30329] [PATCH] gnu: emacs: Build with xwidgets support. Resent-Message-ID: Date: Mon, 5 Feb 2018 16:58:39 -0500 From: Leo Famulari Message-ID: <20180205215839.GA17317@jasmine.lan> References: <87vaff12sj.fsf@gmail.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="CE+1k2dSO48ffgeK" Content-Disposition: inline In-Reply-To: <87vaff12sj.fsf@gmail.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: Alex Vong Cc: 30329@debbugs.gnu.org --CE+1k2dSO48ffgeK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Feb 03, 2018 at 05:48:12AM +0800, Alex Vong wrote: > Hi, >=20 > This patch adds xwidgets support to Emcas. So Emacs can now display GTK > widgets. In particular, it can display webpages using webkitgtk. >=20 > Also, I use webkitgtk-2.4 instead of webkitgtk, because xwidgets > requires libwebkitgtk-3.0 instead of libwebkitgtk-4.0 to > build. Webkitgtk is very actively researched and exploited for security problems. If this use of webkitgtk-2.4 would ever handle untrusted input, it's not very safe. I don't use Emacs so I'm not sure what the use case is for webkitgtk. For examples, you can check the security advisories published by the Webkitgtk team: https://webkitgtk.org/news.html They publish an advisory after every release, and there are always several fixed bugs allowing code execution by whoever supplies the input (typically from a remote web server). --CE+1k2dSO48ffgeK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlp404wACgkQJkb6MLrK fwgADg//ZgkVvem+jbgo5q5GpsfO3dQXYaJHAq5KSbL9PIQVhUbJYXHAlp9LeOd6 0e2AeO0xfdCzgOkLx+083TQBsWCxDay0LmLUKr31V56urIbM3pE0Xrq1xiGB4Osf B46uUC/YidNInyXhUlsCCM9abTILmvFbQ+/tW8I5m2S/xfuz31cj10CYeGAwBroP 2evUWODkcYZj+NFxxOE4hpJHTxoBlRhUIqjgbkvZod12S+yNYHIGV+kiCmHddVrj pOwhUvSlb2pHNvsHomOyYvzIxfRtouvE1UDunndOduKZjcJLgrEWFkND/ugtCW96 lx7920K0m7/X9JcXLwqeI9y1KtURKM3+9zAG9d7VJP2bY9kOQdRCh0WtZF2hqz5k EBRPdjnaZBKBfSPTBbg0G7K8FGvkjWzP8sDZBz8vuB/DhVlWqxQESgWKWdW/4+pe aNdCEb03C/m/5g4ZXY+y3ggHgIh08Ss15flIn8YW+EwTLNKGpgkDF1E7erwsX5GW e/HfDZzPLn6zUb9Mv117RDEeT4zo7MtJPXnxlO7omgXG5UhIP6zOupYSn7EoXhAp dbWfwdi3OhEiPXO/YS/PV8c0yXMbBnh0XKPNRDcZ0xaG38/Iovy13+wcvEyPR2aC rnWONqg6lgy/I7ZMOd8J4Y0FH98gHhIcmFEa9fx7sRU5E1qmG5I= =pD3y -----END PGP SIGNATURE----- --CE+1k2dSO48ffgeK--