diff --git a/CVE-2025-24201.patch b/CVE-2025-24201.patch new file mode 100644 index 0000000000000000000000000000000000000000..64b676d01bcb9930098bf43baaaf7a9060469fa3 --- /dev/null +++ b/CVE-2025-24201.patch @@ -0,0 +1,54 @@ +From 541280709a62351643fa7b456bc1f6d652fd9d0b Mon Sep 17 00:00:00 2001 +From: Kimmo Kinnunen +Date: Wed, 5 Mar 2025 16:49:53 -0800 +Subject: [PATCH] Cherry-pick b48791700366. rdar://146337054 + + WebGL context primitive restart can be toggled from WebContent process + https://bugs.webkit.org/show_bug.cgi?id=285858 + rdar://142693598 + + Reviewed by Cameron McCormack. + + Primitive restart is enabled for WebGL2 and disabled for WebGL 1 + contexts by default. There is no use-case for toggling it from + WCP. Do not pass enable/disable to ANGLE. + + * Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp: + (WebCore::GraphicsContextGLANGLE::disable): + (WebCore::GraphicsContextGLANGLE::enable): + + Canonical link: https://commits.webkit.org/289651.23@safari-7621-branch +--- + .../graphics/angle/GraphicsContextGLANGLE.cpp | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp +index 39d148172b4f..81c9dff2fb89 100644 +--- a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp ++++ b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp +@@ -1169,7 +1169,11 @@ void GraphicsContextGLANGLE::disable(GCGLenum cap) + { + if (!makeContextCurrent()) + return; +- ++ if (cap == PRIMITIVE_RESTART_FIXED_INDEX) { ++ if (m_isForWebGL2) ++ addError(GCGLErrorCode::InvalidOperation); ++ return; ++ } + GL_Disable(cap); + } + +@@ -1203,7 +1207,11 @@ void GraphicsContextGLANGLE::enable(GCGLenum cap) + { + if (!makeContextCurrent()) + return; +- ++ if (cap == PRIMITIVE_RESTART_FIXED_INDEX) { ++ if (!m_isForWebGL2) ++ addError(GCGLErrorCode::InvalidOperation); ++ return; ++ } + GL_Enable(cap); + } + diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 6251261343384ba74e8b6ee8cdbc1c1f01520819..d374d56582b065ea8a5ad47df5221ffda5956a50 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -11,7 +11,7 @@ Name: webkit2gtk3 Version: 2.46.6 -Release: 1%{anolis_release}%{?dist} +Release: 2%{anolis_release}%{?dist} Summary: GTK Web content engine library License: LGPLv2 @@ -48,6 +48,13 @@ Patch204: icu60.patch Patch300: evolution-shared-secondary-process.patch Patch301: evolution-sandbox-warning.patch +## +## Upstream patches to remove after next update +## + +# https://bugs.webkit.org/show_bug.cgi?id=285858 +Patch400: CVE-2025-24201.patch + Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: cmake @@ -326,11 +333,14 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog -* Tue Mar 04 2025 Bo Ren 2.46.6-1.0.1 +* Tue Mar 18 2025 Bo Ren 2.46.6-2.0.1 - Exclude loongarch64 - cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) - Remove patches for cmake and gstreamer (wb-zh951434@alibaba-inc.com) +* Thu Mar 13 2025 Michael Catanzaro - 2.46.6-2 +- Add patch for CVE-2025-24201 + * Tue Feb 25 2025 Michael Catanzaro - 2.46.6-1 - Update to 2.46.6