bug#26390: Guitarix: Don't use webkitgtk-2.4

bug#26390: Guitarix: Don't use webkitgtk-2.4

[Leo Famulari]

[-- Attachment #1.1: Type: text/plain, Size: 405 bytes --]

Webkitgtk-2.4 is unmaintained upstream and contains a large number of
security vulnerabilities. The webkitgtk developers have asked
distributions to stop offering it. [0]

This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
starts without; I don't know what features are disabled.

Ricardo, what do you think?

[0]
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/

[-- Attachment #1.2: 0001-gnu-guitarix-Disable-webkit-features.patch --]
[-- Type: text/plain, Size: 1004 bytes --]

From b19ec539033acdbdbf1d99989d39528e7350646c Mon Sep 17 00:00:00 2001
From: Leo Famulari <leo@famulari.name>
Date: Fri, 7 Apr 2017 07:44:05 -0400
Subject: [PATCH] gnu: guitarix: Disable webkit features.

The only version of webkit supported by guitarix is unmaintained and contains a
large number of security vulnerabilities, and is due to be removed from Guix.

* gnu/packages/audio.scm (guitarix)[inputs]: Remove webkitgtk/gtk+-2.
---
 gnu/packages/audio.scm | 1 -
 1 file changed, 1 deletion(-)

diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 9dc679734..9acccaf11 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -1166,7 +1166,6 @@ patches that can be used with softsynths such as Timidity and WildMidi.")
        ("jack" ,jack-1)
        ("gtkmm" ,gtkmm-2)
        ("gtk+" ,gtk+-2)
-       ("webkitgtk/gtk+-2" ,webkitgtk/gtk+-2)
        ("fftwf" ,fftwf)
        ("lrdf" ,lrdf)
        ("zita-resampler" ,zita-resampler)
-- 
2.12.2


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

bug#26390: Guitarix: Don't use webkitgtk-2.4

[Ricardo Wurmus]

Leo Famulari <leo@famulari.name> writes:

> Webkitgtk-2.4 is unmaintained upstream and contains a large number of
> security vulnerabilities. The webkitgtk developers have asked
> distributions to stop offering it. [0]
>
> This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
> starts without; I don't know what features are disabled.
>
> Ricardo, what do you think?

Sounds good to me!

Webkitgtk was added only somewhat recently to the dependencies.  When I
added it some time ago it was not optional AFAIR.  If you’ve built it
successfully without webkitgtk that’s great.

It was used for a built-in plugin browser, I think.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net

bug#26390: Guitarix: Don't use webkitgtk-2.4

[Leo Famulari]

[-- Attachment #1: Type: text/plain, Size: 607 bytes --]

On Fri, Apr 07, 2017 at 02:31:06PM +0200, Ricardo Wurmus wrote:
> Leo Famulari <leo@famulari.name> writes:
> > This patch removes webkitgtk-2.4 from guitarix. Guitarix builds and
> > starts without; I don't know what features are disabled.
> 
> Sounds good to me!
> 
> Webkitgtk was added only somewhat recently to the dependencies.  When I
> added it some time ago it was not optional AFAIR.  If you’ve built it
> successfully without webkitgtk that’s great.

Okay, I've pushed the change.

> It was used for a built-in plugin browser, I think.

Let me know if you notice any breakage.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]