From 1ccbcb789967f57f1bba7c0bf721523a7569fba5 Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Tue, 4 Mar 2025 09:34:15 +0800 Subject: [PATCH 1/4] [CVE]update to webkit2gtk3-2.46.6-1.src.rpm to #IBQFZB update to webkit2gtk3-2.46.6-1.src.rpm for CVE-2024-54543 CVE-2025-24143 CVE-2025-24150 CVE-2025-24158 CVE-2025-24162 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 4 ++-- webkit2gtk3.spec | 29 ++++++++--------------------- webkitgtk-2.40.5-sw.patch | 26 -------------------------- 3 files changed, 10 insertions(+), 49 deletions(-) delete mode 100644 webkitgtk-2.40.5-sw.patch diff --git a/download b/download index 299db9d..6d56e08 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -095d7f72acb300839c9879a4f95bf941 webkitgtk-2.46.5.tar.xz -9018f63a130365d831a5f78ea6b85a17 webkitgtk-2.46.5.tar.xz.asc +10b5b88ffe8611202c45cfdc10a2bd72 webkitgtk-2.46.6.tar.xz +e608e5040ed30c3224875d584c29cce2 webkitgtk-2.46.6.tar.xz.asc diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 34adbb0..d5dfc13 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 ## NOTE: Lots of files in various subdirectories have the same name (such as ## "LICENSE") so this short macro allows us to distinguish them by using their ## directory names (from the source tree) as prefixes for the files. @@ -10,14 +9,13 @@ # $ rhpkg build --target rhel-8.10.0-z-webkitgtk-stack-gate Name: webkit2gtk3 -Version: 2.46.5 -Release: 1%{anolis_release}%{?dist} +Version: 2.46.6 +Release: 1%{?dist} Summary: GTK Web content engine library License: LGPLv2 URL: https://www.webkitgtk.org/ Source0: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz -ExcludeArch: loongarch64 Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc # Use the keys from https://webkitgtk.org/verifying.html # $ gpg --import aperez.key carlosgc.key @@ -28,7 +26,7 @@ Source2: webkitgtk-keys.gpg ## Patches to support older build toolchain ## -#Patch100: compiler-flags.patch +Patch100: compiler-flags.patch Patch101: s390x-build.patch ## @@ -37,7 +35,7 @@ Patch101: s390x-build.patch Patch200: cairo-1.15.patch Patch201: glib-2.56.patch -#Patch202: gstreamer-1.16.patch +Patch202: gstreamer-1.16.patch Patch203: harfbuzz-1.7.5.patch Patch204: icu60.patch @@ -48,14 +46,11 @@ Patch204: icu60.patch Patch300: evolution-shared-secondary-process.patch Patch301: evolution-sandbox-warning.patch -Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: cmake BuildRequires: flex BuildRequires: gcc-c++ -%ifnarch sw_64 -BuildRequires: gcc-toolset-13 -%endif +BuildRequires: gcc-toolset-14 BuildRequires: gettext BuildRequires: git BuildRequires: gnupg2 @@ -225,13 +220,7 @@ rm -rf Source/ThirdParty/qunit/ # But we aren't using it in RHEL 9 because it's broken there: https://issues.redhat.com/browse/RHEL-59586 # In RHEL 8, I haven't yet figured out whether we can use LLVM Toolset to build. # So for now we'll use GCC instead. -#%enable_devtoolset14 -%ifnarch sw_64 -# The system GCC is too old to build WebKit, so use a GCC Toolset instead. -# This prints warnings complaining that it should not be used except in -# SCL scriplets, but I can't figure out any other way to make it work. -source scl_source enable gcc-toolset-13 -%endif +%enable_devtoolset14 # -DUSE_SYSTEM_MALLOC=ON is really bad for security, but libpas requires # __atomic_compare_exchange_16 which is not available in RHEL 8. @@ -326,10 +315,8 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog -* Fri Jan 10 2025 Bo Ren 2.46.5-1.0.1 -- Exclude loongarch64 -- cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) -- Remove patches for cmake and gstreamer (wb-zh951434@alibaba-inc.com) +* Tue Feb 25 2025 Michael Catanzaro - 2.46.6-1 +- Update to 2.46.6 * Wed Dec 18 2024 Michael Catanzaro - 2.46.5-1 - Update to 2.46.5 diff --git a/webkitgtk-2.40.5-sw.patch b/webkitgtk-2.40.5-sw.patch deleted file mode 100644 index f827028..0000000 --- a/webkitgtk-2.40.5-sw.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 175ccbf0aa167628af0f22cbec72689a6e75e2b8 Mon Sep 17 00:00:00 2001 -From: wxiat -Date: Mon, 1 Apr 2024 11:31:04 +0800 -Subject: [PATCH] add sw arch. - -Signed-off-by: wxiat ---- - Source/WTF/wtf/dtoa/utils.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h -index aa0786de..b7d66339 100644 ---- a/Source/WTF/wtf/dtoa/utils.h -+++ b/Source/WTF/wtf/dtoa/utils.h -@@ -87,7 +87,7 @@ int main(int argc, char** argv) { - defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ - defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ -- defined(__SH4__) || defined(__alpha__) || \ -+ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__)|| \ - defined(_MIPS_ARCH_MIPS32R2) || \ - defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ - defined(__riscv) || \ --- -2.31.1 - -- Gitee From fdb43ca4c14e354ab7210a8e63fffd49c6efda47 Mon Sep 17 00:00:00 2001 From: Renbo Date: Tue, 16 Jan 2024 17:10:45 +0800 Subject: [PATCH 2/4] Exclude loongarch64 Signed-off-by: Renbo --- webkit2gtk3.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index d5dfc13..9ef96f5 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 ## NOTE: Lots of files in various subdirectories have the same name (such as ## "LICENSE") so this short macro allows us to distinguish them by using their ## directory names (from the source tree) as prefixes for the files. @@ -10,12 +11,13 @@ Name: webkit2gtk3 Version: 2.46.6 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} Summary: GTK Web content engine library License: LGPLv2 URL: https://www.webkitgtk.org/ Source0: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz +ExcludeArch: loongarch64 Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc # Use the keys from https://webkitgtk.org/verifying.html # $ gpg --import aperez.key carlosgc.key @@ -315,6 +317,9 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog +* Tue Mar 04 2025 Bo Ren 2.46.6-1.0.1 +- Exclude loongarch64 + * Tue Feb 25 2025 Michael Catanzaro - 2.46.6-1 - Update to 2.46.6 -- Gitee From e917d84f86780ae1922e4efc8d4c90701144a3d8 Mon Sep 17 00:00:00 2001 From: wxiat Date: Tue, 1 Aug 2023 09:51:12 +0800 Subject: [PATCH 3/4] cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. Signed-off-by: Weisson --- webkit2gtk3.spec | 14 ++++++++++++-- webkitgtk-2.40.5-sw.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) create mode 100644 webkitgtk-2.40.5-sw.patch diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 9ef96f5..a977483 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -48,11 +48,14 @@ Patch204: icu60.patch Patch300: evolution-shared-secondary-process.patch Patch301: evolution-sandbox-warning.patch +Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: cmake BuildRequires: flex BuildRequires: gcc-c++ -BuildRequires: gcc-toolset-14 +%ifnarch sw_64 +BuildRequires: gcc-toolset-13 +%endif BuildRequires: gettext BuildRequires: git BuildRequires: gnupg2 @@ -222,7 +225,13 @@ rm -rf Source/ThirdParty/qunit/ # But we aren't using it in RHEL 9 because it's broken there: https://issues.redhat.com/browse/RHEL-59586 # In RHEL 8, I haven't yet figured out whether we can use LLVM Toolset to build. # So for now we'll use GCC instead. -%enable_devtoolset14 +#%enable_devtoolset14 +%ifnarch sw_64 +# The system GCC is too old to build WebKit, so use a GCC Toolset instead. +# This prints warnings complaining that it should not be used except in +# SCL scriplets, but I can't figure out any other way to make it work. +source scl_source enable gcc-toolset-13 +%endif # -DUSE_SYSTEM_MALLOC=ON is really bad for security, but libpas requires # __atomic_compare_exchange_16 which is not available in RHEL 8. @@ -319,6 +328,7 @@ export NINJA_STATUS="[%f/%t][%e] " %changelog * Tue Mar 04 2025 Bo Ren 2.46.6-1.0.1 - Exclude loongarch64 +- cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) * Tue Feb 25 2025 Michael Catanzaro - 2.46.6-1 - Update to 2.46.6 diff --git a/webkitgtk-2.40.5-sw.patch b/webkitgtk-2.40.5-sw.patch new file mode 100644 index 0000000..f827028 --- /dev/null +++ b/webkitgtk-2.40.5-sw.patch @@ -0,0 +1,26 @@ +From 175ccbf0aa167628af0f22cbec72689a6e75e2b8 Mon Sep 17 00:00:00 2001 +From: wxiat +Date: Mon, 1 Apr 2024 11:31:04 +0800 +Subject: [PATCH] add sw arch. + +Signed-off-by: wxiat +--- + Source/WTF/wtf/dtoa/utils.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h +index aa0786de..b7d66339 100644 +--- a/Source/WTF/wtf/dtoa/utils.h ++++ b/Source/WTF/wtf/dtoa/utils.h +@@ -87,7 +87,7 @@ int main(int argc, char** argv) { + defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ + defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ +- defined(__SH4__) || defined(__alpha__) || \ ++ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__)|| \ + defined(_MIPS_ARCH_MIPS32R2) || \ + defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ + defined(__riscv) || \ +-- +2.31.1 + -- Gitee From cd395c578c195d175e05bde8a166738e5677bb96 Mon Sep 17 00:00:00 2001 From: Zhao Hang Date: Thu, 2 Jan 2025 15:28:33 +0800 Subject: [PATCH 4/4] spec: remove patches for cmake and gstreamer Signed-off-by: Zhao Hang --- webkit2gtk3.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index a977483..6251261 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -28,7 +28,7 @@ Source2: webkitgtk-keys.gpg ## Patches to support older build toolchain ## -Patch100: compiler-flags.patch +#Patch100: compiler-flags.patch Patch101: s390x-build.patch ## @@ -37,7 +37,7 @@ Patch101: s390x-build.patch Patch200: cairo-1.15.patch Patch201: glib-2.56.patch -Patch202: gstreamer-1.16.patch +#Patch202: gstreamer-1.16.patch Patch203: harfbuzz-1.7.5.patch Patch204: icu60.patch @@ -329,6 +329,7 @@ export NINJA_STATUS="[%f/%t][%e] " * Tue Mar 04 2025 Bo Ren 2.46.6-1.0.1 - Exclude loongarch64 - cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) +- Remove patches for cmake and gstreamer (wb-zh951434@alibaba-inc.com) * Tue Feb 25 2025 Michael Catanzaro - 2.46.6-1 - Update to 2.46.6 -- Gitee