net-libs/webkit-gtk: bump to 2.16.3; includes 3 security bug fixes

Security fixes: CVE-2017-2496, CVE-2017-2539, CVE-2017-2510.
Also other bug fixes.

net-libs/webkit-gtk/Manifest

@@ -1,2 +1,3 @@
 DIST webkitgtk-2.16.2.tar.xz 14650116 SHA256 5ef689a202eb2b71141efbe8b7b53288adced90790f9f08df6e0a2ec1809f252 SHA512 0bd16f663dffd41d713a53e2186576c4a7c42e7f872605a1688c80e8b55408b5f96f1274a1fe24624b4974240e901df5b11d1ff27a03fa2d9950575f1260abc8 WHIRLPOOL 7268820bdee088eb639e4453c683e8f6b13e7cc7093f8d4148b3911aa7ea7807291ca443b18c885de4a9a838cd80ba9247f728d1cd8106b373b4c568a918a16b
+DIST webkitgtk-2.16.3.tar.xz 14652068 SHA256 204e9131da0101b9bc8765716e70a897121af04b964d9827cd9f20816a77b512 SHA512 551367551ed1bceaf9c70269f229e97972706820c6ae2d4444bc6d8b0992d6de34a156f9c245813c1f1701ce54f5476a44512590acfa6cfd6e67663d94caa91e WHIRLPOOL bac846be9d5f7b0a4c08b201d338bed6b84e65bdb105f2689350e02e0f0011944f5e23961e9411f712040c26a5313ef9bb4e30dda2cb19216c8e8d665ab0550f
 DIST webkitgtk-2.4.11.tar.xz 9869100 SHA256 588aea051bfbacced27fdfe0335a957dca839ebe36aa548df39c7bbafdb65bf7 SHA512 2e2cf01a52b8593765a0a3c2d7f0ad306121660019eb402226bd2826c7d4666dab4e91ca6ccbd29abe0ad3993549f256ed1ab88de22e9c8516d5f40a4edd6bfb WHIRLPOOL de86c4abfb22aacbf62163d0398158931c9cf6ab628547d3b30e613f0505d67c85c3200f7db96500e7c2b35f640cdaa7f501346fc13f492c9439dff4056849a3

net-libs/webkit-gtk/webkit-gtk-2.16.3.ebuild

@@ -0,0 +1,287 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+CMAKE_MAKEFILE_GENERATOR="ninja"
+PYTHON_COMPAT=( python2_7 )
+USE_RUBY="ruby21 ruby22 ruby23 ruby24"
+
+inherit check-reqs cmake-utils eutils flag-o-matic gnome2 pax-utils python-any-r1 ruby-single toolchain-funcs versionator virtualx
+
+MY_P="webkitgtk-${PV}"
+DESCRIPTION="Open source web browser engine"
+HOMEPAGE="http://www.webkitgtk.org/"
+SRC_URI="http://www.webkitgtk.org/releases/${MY_P}.tar.xz"
+
+LICENSE="LGPL-2+ BSD"
+SLOT="4/37" # soname version of libwebkit2gtk-4.0
+KEYWORDS="~alpha ~amd64 ~arm ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
+
+IUSE="aqua coverage doc +egl +geolocation gles2 gnome-keyring +gstreamer +introspection +jit libnotify nsplugin +opengl spell wayland +webgl X"
+
+# webgl needs gstreamer, bug #560612
+REQUIRED_USE="
+	geolocation? ( introspection )
+	gles2? ( egl )
+	introspection? ( gstreamer )
+	nsplugin? ( X )
+	webgl? ( ^^ ( gles2 opengl ) )
+	!webgl? ( ?? ( gles2 opengl ) )
+	webgl? ( gstreamer )
+	wayland? ( egl )
+	|| ( aqua wayland X )
+"
+
+# Tests fail to link for inexplicable reasons
+# https://bugs.webkit.org/show_bug.cgi?id=148210
+RESTRICT="test"
+
+# use sqlite, svg by default
+# Aqua support in gtk3 is untested
+# Dependencies found at Source/cmake/OptionsGTK.cmake
+RDEPEND="
+	dev-db/sqlite:3=
+	>=dev-libs/glib-2.36:2
+	dev-libs/hyphen
+	>=dev-libs/icu-3.8.1-r1:=
+	>=dev-libs/libxml2-2.8:2
+	>=dev-libs/libxslt-1.1.7
+	>=media-libs/fontconfig-2.8:1.0
+	>=media-libs/freetype-2.4.2:2
+	>=media-libs/harfbuzz-1.3.3:=[icu(+)]
+	>=media-libs/libpng-1.4:0=
+	media-libs/libwebp:=
+	dev-libs/libgcrypt:0=
+	>=net-libs/libsoup-2.42:2.4[introspection?]
+	>=x11-libs/cairo-1.10.2:=
+	>=x11-libs/gtk+-3.14:3[introspection?]
+	>=x11-libs/pango-1.30.0
+	virtual/jpeg:0=
+
+	aqua? ( >=x11-libs/gtk+-3.14:3[aqua] )
+	egl? ( media-libs/mesa[egl] )
+	geolocation? ( >=app-misc/geoclue-2.1.5:2.0 )
+	gles2? ( media-libs/mesa[gles2] )
+	gnome-keyring? ( app-crypt/libsecret )
+	gstreamer? (
+		>=media-libs/gstreamer-1.2.3:1.0
+		>=media-libs/gst-plugins-base-1.2.3:1.0
+		>=media-libs/gst-plugins-bad-1.8:1.0[opengl?] )
+	introspection? ( >=dev-libs/gobject-introspection-1.32.0:= )
+	libnotify? ( x11-libs/libnotify )
+	nsplugin? ( >=x11-libs/gtk+-2.24.10:2 )
+	opengl? ( virtual/opengl
+		x11-libs/cairo[opengl] )
+	spell? ( >=app-text/enchant-0.22:= )
+	wayland? ( >=x11-libs/gtk+-3.14:3[wayland] )
+	webgl? (
+		x11-libs/cairo[opengl]
+		x11-libs/libXcomposite
+		x11-libs/libXdamage )
+	X? (
+		x11-libs/cairo[X]
+		>=x11-libs/gtk+-3.14:3[X]
+		x11-libs/libX11
+		x11-libs/libXcomposite
+		x11-libs/libXrender
+		x11-libs/libXt )
+"
+
+# paxctl needed for bug #407085
+# Need real bison, not yacc
+DEPEND="${RDEPEND}
+	${PYTHON_DEPS}
+	${RUBY_DEPS}
+	>=dev-lang/perl-5.10
+	>=app-accessibility/at-spi2-core-2.5.3
+	>=dev-libs/atk-2.8.0
+	>=dev-util/gtk-doc-am-1.10
+	>=dev-util/gperf-3.0.1
+	>=sys-devel/bison-2.4.3
+	|| ( >=sys-devel/gcc-4.9 >=sys-devel/clang-3.3 )
+	sys-devel/gettext
+	virtual/pkgconfig
+
+	dev-lang/perl
+	virtual/perl-Data-Dumper
+	virtual/perl-Carp
+
+	doc? ( >=dev-util/gtk-doc-1.10 )
+	geolocation? ( dev-util/gdbus-codegen )
+	introspection? ( jit? ( sys-apps/paxctl ) )
+	test? (
+		dev-lang/python:2.7
+		dev-python/pygobject:3[python_targets_python2_7]
+		x11-themes/hicolor-icon-theme
+		jit? ( sys-apps/paxctl ) )
+"
+
+S="${WORKDIR}/${MY_P}"
+
+CHECKREQS_DISK_BUILD="18G" # and even this might not be enough, bug #417307
+
+PATCHES=(
+	# https://bugs.gentoo.org/show_bug.cgi?id=555504
+	"${FILESDIR}"/${PN}-2.8.5-fix-ia64-build.patch
+
+	# https://bugs.gentoo.org/show_bug.cgi?id=564352
+	# https://bugs.webkit.org/show_bug.cgi?id=167283
+	"${FILESDIR}"/${PN}-2.8.5-fix-alpha-build.patch
+)
+
+pkg_pretend() {
+	if [[ ${MERGE_TYPE} != "binary" ]] ; then
+		if is-flagq "-g*" && ! is-flagq "-g*0" ; then
+			einfo "Checking for sufficient disk space to build ${PN} with debugging CFLAGS"
+			check-reqs_pkg_pretend
+		fi
+
+		if ! test-flag-CXX -std=c++11 ; then
+			die "You need at least GCC 4.9.x or Clang >= 3.3 for C++11-specific compiler flags"
+		fi
+
+		if tc-is-gcc && [[ $(gcc-version) < 4.9 ]] ; then
+			die 'The active compiler needs to be gcc 4.9 (or newer)'
+		fi
+	fi
+}
+
+pkg_setup() {
+	if [[ ${MERGE_TYPE} != "binary" ]] && is-flagq "-g*" && ! is-flagq "-g*0" ; then
+		check-reqs_pkg_setup
+	fi
+
+	python-any-r1_pkg_setup
+}
+
+src_configure() {
+	# Respect CC, otherwise fails on prefix #395875
+	tc-export CC
+
+	# Arches without JIT support also need this to really disable it in all places
+	use jit || append-cppflags -DENABLE_JIT=0 -DENABLE_YARR_JIT=0 -DENABLE_ASSEMBLER=0
+
+	# It does not compile on alpha without this in LDFLAGS
+	# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648761
+	use alpha && append-ldflags "-Wl,--no-relax"
+
+	# ld segfaults on ia64 with LDFLAGS --as-needed, bug #555504
+	use ia64 && append-ldflags "-Wl,--no-as-needed"
+
+	# Sigbuses on SPARC with mcpu and co., bug #???
+	use sparc && filter-flags "-mvis"
+
+	# https://bugs.webkit.org/show_bug.cgi?id=42070 , #301634
+	use ppc64 && append-flags "-mminimal-toc"
+
+	# Try to use less memory, bug #469942 (see Fedora .spec for reference)
+	# --no-keep-memory doesn't work on ia64, bug #502492
+	if ! use ia64; then
+		append-ldflags "-Wl,--no-keep-memory"
+	fi
+
+	# We try to use gold when possible for this package
+#	if ! tc-ld-is-gold ; then
+#		append-ldflags "-Wl,--reduce-memory-overheads"
+#	fi
+
+	# older glibc needs this for INTPTR_MAX, bug #533976
+	if has_version "<sys-libs/glibc-2.18" ; then
+		append-cppflags "-D__STDC_LIMIT_MACROS"
+	fi
+
+	# Multiple rendering bugs on youtube, github, etc without this, bug #547224
+	append-flags $(test-flags -fno-strict-aliasing)
+
+	local ruby_interpreter=""
+
+	if has_version "virtual/rubygems[ruby_targets_ruby24]"; then
+		ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ruby24)"
+	elif has_version "virtual/rubygems[ruby_targets_ruby23]"; then
+		ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ruby23)"
+	elif has_version "virtual/rubygems[ruby_targets_ruby22]"; then
+		ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ruby22)"
+	else
+		ruby_interpreter="-DRUBY_EXECUTABLE=$(type -P ruby21)"
+	fi
+
+	# TODO: Check Web Audio support
+	# should somehow let user select between them?
+	#
+	# FTL_JIT requires llvm
+	#
+	# opengl needs to be explicetly handled, bug #576634
+
+	local opengl_enabled
+	if use opengl || use gles2; then
+		opengl_enabled=ON
+	else
+		opengl_enabled=OFF
+	fi
+
+	# support for webgl (aka 2d-canvas accelerating)
+	local canvas_enabled
+	if use webgl && ! use gles2 ; then
+		canvas_enabled=ON
+	else
+		canvas_enabled=OFF
+	fi
+
+	local mycmakeargs=(
+		-DENABLE_QUARTZ_TARGET=$(usex aqua)
+		-DENABLE_API_TESTS=$(usex test)
+		-DENABLE_GTKDOC=$(usex doc)
+		-DENABLE_GEOLOCATION=$(usex geolocation)
+		$(cmake-utils_use_find_package gles2 OpenGLES2)
+		-DENABLE_GLES2=$(usex gles2)
+		-DENABLE_VIDEO=$(usex gstreamer)
+		-DENABLE_WEB_AUDIO=$(usex gstreamer)
+		-DENABLE_INTROSPECTION=$(usex introspection)
+		-DENABLE_JIT=$(usex jit)
+		-DUSE_LIBNOTIFY=$(usex libnotify)
+		-DUSE_LIBSECRET=$(usex gnome-keyring)
+		-DENABLE_PLUGIN_PROCESS_GTK2=$(usex nsplugin)
+		-DENABLE_SPELLCHECK=$(usex spell)
+		-DENABLE_WAYLAND_TARGET=$(usex wayland)
+		-DENABLE_WEBGL=$(usex webgl)
+		$(cmake-utils_use_find_package egl EGL)
+		$(cmake-utils_use_find_package opengl OpenGL)
+		-DENABLE_X11_TARGET=$(usex X)
+		-DENABLE_OPENGL=${opengl_enabled}
+		-DENABLE_ACCELERATED_2D_CANVAS=${canvas_enabled}
+		-DCMAKE_BUILD_TYPE=Release
+		-DPORT=GTK
+		${ruby_interpreter}
+	)
+
+	# Allow it to use GOLD when possible as it has all the magic to
+	# detect when to use it and using gold for this concrete package has
+	# multiple advantages and is also the upstream default, bug #585788
+#	if tc-ld-is-gold ; then
+#		mycmakeargs+=( -DUSE_LD_GOLD=ON )
+#	else
+#		mycmakeargs+=( -DUSE_LD_GOLD=OFF )
+#	fi
+
+	cmake-utils_src_configure
+}
+
+src_compile() {
+	cmake-utils_src_compile
+}
+
+src_test() {
+	# Prevents test failures on PaX systems
+	use jit && pax-mark m $(list-paxables Programs/*[Tt]ests/*) # Programs/unittests/.libs/test*
+
+	cmake-utils_src_test
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	# Prevents crashes on PaX systems, bug #522808
+	use jit && pax-mark m "${ED}usr/bin/jsc" "${ED}usr/libexec/webkit2gtk-4.0/WebKitWebProcess"
+	pax-mark m "${ED}usr/libexec/webkit2gtk-4.0/WebKitPluginProcess"
+	use nsplugin && pax-mark m "${ED}usr/libexec/webkit2gtk-4.0/WebKitPluginProcess"2
+}