commit 5f450c860a6471f673c0e39157b257b486783ebc · pyrox.dev/nixpkgs

+2 -2

pkgs/applications/misc/subsurface/default.nix

···

       23
       23
        
         qtlocation,

     

       24
       24
        
         qtsvg,

     

       25
       25
        
         qttools,

     

       26
       26
       -
         qtwebengine,

     

       26
       26
       +
         qtpositioning,

     

       27
       27
        
         libXcomposite,

     

       28
       28
        
         bluez,

     

       29
       29
        
         writeScript,

     
···

       142
       142
        
           qtconnectivity

     

       143
       143
        
           qtsvg

     

       144
       144
        
           qttools

     

       145
       145
       -
           qtwebengine

     

       145
       145
       +
           qtpositioning

     

       146
       146
        
         ];

     

       147
       147
        
       

     

       148
       148
        
         nativeBuildInputs = [

+3 -1

pkgs/development/interpreters/supercollider/default.nix

···

       26
       26
        
         supercolliderPlugins,

     

       27
       27
        
         writeText,

     

       28
       28
        
         runCommand,

     

       29
       29
       +
         withWebengine ? false, # vulnerable, so disabled by default

     

       29
       30
        
       }:

     

       30
       31
        
       

     

       31
       32
        
       mkDerivation rec {

     
···

       64
       65
        
           curl

     

       65
       66
        
           libXt

     

       66
       67
        
           qtbase

     

       67
       67
       -
           qtwebengine

     

       68
       68
        
           qtwebsockets

     

       69
       69
        
           readline

     

       70
       70
        
         ]

     

       71
       71
       +
         ++ lib.optional withWebengine qtwebengine

     

       71
       72
        
         ++ lib.optional (!stdenv.hostPlatform.isDarwin) alsa-lib;

     

       72
       73
        
       

     

       73
       74
        
         hardeningDisable = [ "stackprotector" ];

     
···

       75
       76
        
         cmakeFlags = [

     

       76
       77
        
           "-DSC_WII=OFF"

     

       77
       78
        
           "-DSC_EL=${if useSCEL then "ON" else "OFF"}"

     

       79
       79
       +
           (lib.cmakeBool "SC_USE_QTWEBENGINE" withWebengine)

     

       78
       80
        
         ];

     

       79
       81
        
       

     

       80
       82
        
         passthru = {

+37

pkgs/development/libraries/qt-5/modules/qtwebengine.nix

···

       462
       462
        
       

     

       463
       463
        
             # This build takes a long time; particularly on slow architectures

     

       464
       464
        
             timeout = 24 * 3600;

     

       465
       465
       +
       

     

       466
       466
       +
             knownVulnerabilities = [

     

       467
       467
       +
               ''

     

       468
       468
       +
                 qt5 qtwebengine is unmaintained upstream since april 2025.

     

       469
       469
       +
                 It is based on chromium 87.0.4280.144, and supposedly patched up to 135.0.7049.95 which is outdated.

     

       470
       470
       +
       

     

       471
       471
       +
                 Security issues are frequently discovered in chromium.

     

       472
       472
       +
                 The following list of CVEs was fixed in the life cycle of chromium 138 and likely also affects qtwebengine:

     

       473
       473
       +
                 - CVE-2025-8879

     

       474
       474
       +
                 - CVE-2025-8880

     

       475
       475
       +
                 - CVE-2025-8901

     

       476
       476
       +
                 - CVE-2025-8881

     

       477
       477
       +
                 - CVE-2025-8882

     

       478
       478
       +
                 - CVE-2025-8576

     

       479
       479
       +
                 - CVE-2025-8577

     

       480
       480
       +
                 - CVE-2025-8578

     

       481
       481
       +
                 - CVE-2025-8579

     

       482
       482
       +
                 - CVE-2025-8580

     

       483
       483
       +
                 - CVE-2025-8581

     

       484
       484
       +
                 - CVE-2025-8582

     

       485
       485
       +
                 - CVE-2025-8583

     

       486
       486
       +
                 - CVE-2025-8292

     

       487
       487
       +
                 - CVE-2025-8010

     

       488
       488
       +
                 - CVE-2025-8011

     

       489
       489
       +
                 - CVE-2025-7656

     

       490
       490
       +
                 - CVE-2025-6558 (known to be exploited in the wild)

     

       491
       491
       +
                 - CVE-2025-7657

     

       492
       492
       +
                 - CVE-2025-6554

     

       493
       493
       +
                 - CVE-2025-6555

     

       494
       494
       +
                 - CVE-2025-6556

     

       495
       495
       +
                 - CVE-2025-6557

     

       496
       496
       +
       

     

       497
       497
       +
                 The actual list of CVEs affecting qtwebengine is likely much longer,

     

       498
       498
       +
                 as this list is missing issues fixed in chromium 136/137 and even more

     

       499
       499
       +
                 issues are continuously discovered and lack upstream fixes in qtwebengine.

     

       500
       500
       +
               ''

     

       501
       501
       +
             ];

     

       465
       502
        
           };

     

       466
       503
        
       

     

       467
       504
        
         }

+4 -1

pkgs/development/python-modules/pyside2/default.nix

···

       8
       8
        
         ninja,

     

       9
       9
        
         qt5,

     

       10
       10
        
         shiboken2,

     

       11
       11
       +
         withWebengine ? false, # vulnerable, so omit by default

     

       11
       12
        
       }:

     

       12
       13
        
       stdenv.mkDerivation rec {

     

       13
       14
        
         pname = "pyside2";

     
···

       67
       68
        
             qtlocation

     

       68
       69
        
             qtscript

     

       69
       70
        
             qtwebsockets

     

       70
       70
       -
             qtwebengine

     

       71
       71
        
             qtwebchannel

     

       72
       72
        
             qtcharts

     

       73
       73
        
             qtsensors

     

       74
       74
        
             qtsvg

     

       75
       75
        
             qt3d

     

       76
       76
        
           ])

     

       77
       77
       +
           ++ lib.optionals withWebengine [

     

       78
       78
       +
             qt5.qtwebengine

     

       79
       79
       +
           ]

     

       77
       80
        
           ++ (with python.pkgs; [ setuptools ])

     

       78
       81
        
           ++ (lib.optionals (python.pythonOlder "3.9") [

     

       79
       82
        
             # see similar issue: 202262