From 75d455ad1da22e80a1906b326526bf67633ba3ac Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Wed, 21 May 2025 13:41:54 +0800 Subject: [PATCH 1/3] [CVE]update to webkit2gtk3-2.48.2-1 to #IC9CZC update to webkit2gtk3-2.48.2-1 for CVE-2025-31205 CVE-2025-31257 Project: TC2024080204 Signed-off-by: Jacob Wang --- denormal-disabler-build.patch | 12 ------------ download | 4 ++-- gstreamer-1.16.patch | 35 ++++++++++++++++++----------------- s390x-build.patch | 13 ------------- webkit2gtk3.spec | 20 +++++++------------- webkitgtk-2.40.5-sw.patch | 26 -------------------------- 6 files changed, 27 insertions(+), 83 deletions(-) delete mode 100644 denormal-disabler-build.patch delete mode 100644 s390x-build.patch delete mode 100644 webkitgtk-2.40.5-sw.patch diff --git a/denormal-disabler-build.patch b/denormal-disabler-build.patch deleted file mode 100644 index 8660563..0000000 --- a/denormal-disabler-build.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/Source/WebCore/platform/audio/DenormalDisabler.cpp b/Source/WebCore/platform/audio/DenormalDisabler.cpp -index 35715e663ce7..44ba08a33d5d 100644 ---- a/Source/WebCore/platform/audio/DenormalDisabler.cpp -+++ b/Source/WebCore/platform/audio/DenormalDisabler.cpp -@@ -91,7 +91,7 @@ DenormalDisabler::~DenormalDisabler() - } - } - #else --DenormalDisabler::DenormalDisabler() = default -+DenormalDisabler::DenormalDisabler() = default; - DenormalDisabler::~DenormalDisabler() = default; - #endif diff --git a/download b/download index 5125eef..5720239 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -dce4acd27a743eb4be03ab4a7cd8353f webkitgtk-2.48.1.tar.xz -1b21a2c1ff19c6913368697876325199 webkitgtk-2.48.1.tar.xz.asc +0c140e66a51a3f7f7db2f3185354b921 webkitgtk-2.48.2.tar.xz +53b40657e1fb0b16e31dc587e18fdd60 webkitgtk-2.48.2.tar.xz.asc diff --git a/gstreamer-1.16.patch b/gstreamer-1.16.patch index 89717be..46b7815 100644 --- a/gstreamer-1.16.patch +++ b/gstreamer-1.16.patch @@ -1,4 +1,4 @@ -From 08a5ccf6fc4a998ca1fb5aa13c314640dd95b874 Mon Sep 17 00:00:00 2001 +From 32e70166ad9e80a3a190c3a475736835a63f58d1 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Fri, 4 Apr 2025 14:00:12 -0500 Subject: [PATCH] Build against GStreamer 1.16 @@ -9,11 +9,11 @@ Subject: [PATCH] Build against GStreamer 1.16 .../gstreamer/GStreamerAudioMixer.cpp | 2 +- .../graphics/gstreamer/GStreamerCommon.cpp | 77 +++++++++++++------ .../graphics/gstreamer/GStreamerCommon.h | 16 ++++ - .../gstreamer/MediaPlayerPrivateGStreamer.cpp | 22 +----- + .../gstreamer/MediaPlayerPrivateGStreamer.cpp | 23 +----- .../gstreamer/GStreamerCodecUtilities.cpp | 39 ++++++---- .../VideoEncoderPrivateGStreamer.cpp | 16 ---- Source/cmake/GStreamerChecks.cmake | 4 +- - 9 files changed, 114 insertions(+), 100 deletions(-) + 9 files changed, 114 insertions(+), 101 deletions(-) diff --git a/Source/WebCore/platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp b/Source/WebCore/platform/audio/gstreamer/AudioSourceProviderGStreamer.cpp index 0abdeb14826e..65763f3cfde3 100644 @@ -106,7 +106,7 @@ index 8b30e0f14b6a..2d587f68a3b2 100644 GStreamerAudioMixer& GStreamerAudioMixer::singleton() diff --git a/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp b/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp -index 25c8abd3ec90..5ca712566cbd 100644 +index 7adf0dabc73e..49043537e7f7 100644 --- a/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp +++ b/Source/WebCore/platform/graphics/gstreamer/GStreamerCommon.cpp @@ -132,6 +132,24 @@ GstPad* webkitGstGhostPadFromStaticTemplate(GstStaticPadTemplate* staticPadTempl @@ -166,7 +166,7 @@ index 25c8abd3ec90..5ca712566cbd 100644 } unsigned getGstPlayFlag(const char* nick) -@@ -1358,6 +1351,36 @@ String gstStructureToJSONString(const GstStructure* structure) +@@ -1361,6 +1354,36 @@ String gstStructureToJSONString(const GstStructure* structure) return value->toJSONString(); } @@ -203,7 +203,7 @@ index 25c8abd3ec90..5ca712566cbd 100644 GstClockTime webkitGstInitTime() { return s_webkitGstInitTime; -@@ -1415,6 +1438,7 @@ PlatformVideoColorSpace videoColorSpaceFromInfo(const GstVideoInfo& info) +@@ -1418,6 +1441,7 @@ PlatformVideoColorSpace videoColorSpaceFromInfo(const GstVideoInfo& info) case GST_VIDEO_TRANSFER_BT709: colorSpace.transfer = PlatformVideoTransferCharacteristics::Bt709; break; @@ -211,7 +211,7 @@ index 25c8abd3ec90..5ca712566cbd 100644 case GST_VIDEO_TRANSFER_BT601: colorSpace.transfer = PlatformVideoTransferCharacteristics::Smpte170m; break; -@@ -1427,6 +1451,7 @@ PlatformVideoColorSpace videoColorSpaceFromInfo(const GstVideoInfo& info) +@@ -1430,6 +1454,7 @@ PlatformVideoColorSpace videoColorSpaceFromInfo(const GstVideoInfo& info) case GST_VIDEO_TRANSFER_BT2020_10: colorSpace.transfer = PlatformVideoTransferCharacteristics::Bt2020_10bit; break; @@ -219,7 +219,7 @@ index 25c8abd3ec90..5ca712566cbd 100644 case GST_VIDEO_TRANSFER_BT2020_12: colorSpace.transfer = PlatformVideoTransferCharacteristics::Bt2020_12bit; break; -@@ -1545,6 +1570,7 @@ void fillVideoInfoColorimetryFromColorSpace(GstVideoInfo* info, const PlatformVi +@@ -1548,6 +1573,7 @@ void fillVideoInfoColorimetryFromColorSpace(GstVideoInfo* info, const PlatformVi case PlatformVideoTransferCharacteristics::Bt709: GST_VIDEO_INFO_COLORIMETRY(info).transfer = GST_VIDEO_TRANSFER_BT709; break; @@ -227,7 +227,7 @@ index 25c8abd3ec90..5ca712566cbd 100644 case PlatformVideoTransferCharacteristics::Smpte170m: GST_VIDEO_INFO_COLORIMETRY(info).transfer = GST_VIDEO_TRANSFER_BT601; break; -@@ -1557,6 +1583,7 @@ void fillVideoInfoColorimetryFromColorSpace(GstVideoInfo* info, const PlatformVi +@@ -1560,6 +1586,7 @@ void fillVideoInfoColorimetryFromColorSpace(GstVideoInfo* info, const PlatformVi case PlatformVideoTransferCharacteristics::Bt2020_10bit: GST_VIDEO_INFO_COLORIMETRY(info).transfer = GST_VIDEO_TRANSFER_BT2020_10; break; @@ -270,18 +270,19 @@ index f332ddd0e040..217132050db0 100644 PlatformVideoColorSpace videoColorSpaceFromCaps(const GstCaps*); diff --git a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp -index 80fdb52a342c..30a535eb816b 100644 +index 9d6d57868055..3d1a5f76a4c2 100644 --- a/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp +++ b/Source/WebCore/platform/graphics/gstreamer/MediaPlayerPrivateGStreamer.cpp -@@ -587,7 +587,6 @@ bool MediaPlayerPrivateGStreamer::doSeek(const SeekTarget& target, float rate) - - auto seekStart = toGstClockTime(startTime); +@@ -589,8 +589,6 @@ bool MediaPlayerPrivateGStreamer::doSeek(const SeekTarget& target, float rate, b auto seekStop = toGstClockTime(endTime); -- GST_DEBUG_OBJECT(pipeline(), "[Seek] Performing actual seek to %" GST_TIMEP_FORMAT " (endTime: %" GST_TIMEP_FORMAT ") at rate %f", &seekStart, &seekStop, rate); - return gst_element_seek(m_pipeline.get(), rate, GST_FORMAT_TIME, m_seekFlags, GST_SEEK_TYPE_SET, seekStart, GST_SEEK_TYPE_SET, seekStop); - } + GstEvent* event = gst_event_new_seek(rate, GST_FORMAT_TIME, m_seekFlags, GST_SEEK_TYPE_SET, seekStart, GST_SEEK_TYPE_SET, seekStop); -@@ -4153,26 +4152,7 @@ void MediaPlayerPrivateGStreamer::setStreamVolumeElement(GstStreamVolume* volume +- GST_DEBUG_OBJECT(pipeline(), "[Seek] Performing actual seek to %" GST_TIMEP_FORMAT " (endTime: %" GST_TIMEP_FORMAT ") at rate %f", &seekStart, &seekStop, rate); +- + if (isAsync) { + gst_element_call_async(m_pipeline.get(), reinterpret_cast(+[](GstElement* pipeline, gpointer userData) { + GstEvent* event = static_cast(userData); +@@ -4167,26 +4165,7 @@ void MediaPlayerPrivateGStreamer::setStreamVolumeElement(GstStreamVolume* volume bool MediaPlayerPrivateGStreamer::updateVideoSinkStatistics() { diff --git a/s390x-build.patch b/s390x-build.patch deleted file mode 100644 index 839b74b..0000000 --- a/s390x-build.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/Source/ThirdParty/ANGLE/src/common/mathutil.h b/Source/ThirdParty/ANGLE/src/common/mathutil.h -index 8f4579dc5611..4d981d4427bc 100644 ---- a/Source/ThirdParty/ANGLE/src/common/mathutil.h -+++ b/Source/ThirdParty/ANGLE/src/common/mathutil.h -@@ -550,7 +550,7 @@ inline R roundToNearest(T input) - { - static_assert(std::is_floating_point::value); - static_assert(std::numeric_limits::is_integer); --#if defined(__aarch64__) || defined(_M_ARM64) -+#if defined(__aarch64__) || defined(_M_ARM64) || defined(__s390x__) - // On armv8, this expression is compiled to a dedicated round-to-nearest instruction - return static_cast(std::round(input)); - #else diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 50794cd..5ff94ec 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 ## NOTE: Lots of files in various subdirectories have the same name (such as ## "LICENSE") so this short macro allows us to distinguish them by using their ## directory names (from the source tree) as prefixes for the files. @@ -10,14 +9,13 @@ # $ rhpkg build --target rhel-8.10.0-z-webkitgtk-stack-gate Name: webkit2gtk3 -Version: 2.48.1 -Release: 1%{anolis_release}%{?dist} +Version: 2.48.2 +Release: 1%{?dist} Summary: GTK Web content engine library License: LGPLv2 URL: https://www.webkitgtk.org/ Source0: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz -ExcludeArch: loongarch64 Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc # Use the keys from https://webkitgtk.org/verifying.html # $ gpg --import aperez.key carlosgc.key @@ -29,7 +27,6 @@ Source2: webkitgtk-keys.gpg ## Patch100: compiler-flags.patch -Patch101: s390x-build.patch ## ## Patches to support older or missing build dependencies @@ -37,7 +34,7 @@ Patch101: s390x-build.patch Patch200: cairo-1.15.patch Patch201: glib-2.56.patch -#Patch202: gstreamer-1.16.patch +Patch202: gstreamer-1.16.patch Patch203: harfbuzz-1.7.5.patch Patch204: icu60.patch @@ -52,9 +49,8 @@ Patch301: evolution-sandbox-warning.patch ## Upstream patches to remove, hopefully after next update ## -Patch: denormal-disabler-build.patch +# No patches currently! :) -Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: clang BuildRequires: cmake @@ -235,7 +231,6 @@ rm -rf Source/ThirdParty/qunit/ -DENABLE_BUBBLEWRAP_SANDBOX=OFF \ -DENABLE_DOCUMENTATION=OFF \ -DENABLE_GAMEPAD=OFF \ - -DENABLE_JIT=OFF \ -DENABLE_SPEECH_SYNTHESIS=OFF \ -DENABLE_WEB_CODECS=OFF \ -DUSE_AVIF=OFF \ @@ -320,10 +315,9 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog -* Fri Apr 18 2025 Bo Ren 2.48.1-1.0.1 -- Exclude loongarch64 -- cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) -- Remove patches for gstreamer (wb-zh951434@alibaba-inc.com) +* Thu May 15 2025 Michael Catanzaro - 2.48.2-1 +- Update to 2.48.2 +- Reenable JavaScriptCore JIT * Fri Apr 11 2025 Michael Catanzaro - 2.48.1-1 - Update to 2.48.1 diff --git a/webkitgtk-2.40.5-sw.patch b/webkitgtk-2.40.5-sw.patch deleted file mode 100644 index f827028..0000000 --- a/webkitgtk-2.40.5-sw.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 175ccbf0aa167628af0f22cbec72689a6e75e2b8 Mon Sep 17 00:00:00 2001 -From: wxiat -Date: Mon, 1 Apr 2024 11:31:04 +0800 -Subject: [PATCH] add sw arch. - -Signed-off-by: wxiat ---- - Source/WTF/wtf/dtoa/utils.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h -index aa0786de..b7d66339 100644 ---- a/Source/WTF/wtf/dtoa/utils.h -+++ b/Source/WTF/wtf/dtoa/utils.h -@@ -87,7 +87,7 @@ int main(int argc, char** argv) { - defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ - defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ -- defined(__SH4__) || defined(__alpha__) || \ -+ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__)|| \ - defined(_MIPS_ARCH_MIPS32R2) || \ - defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ - defined(__riscv) || \ --- -2.31.1 - -- Gitee From bc28ad15ac0ae74d012670212ea68ba3c5cc4106 Mon Sep 17 00:00:00 2001 From: Renbo Date: Tue, 16 Jan 2024 17:10:45 +0800 Subject: [PATCH 2/3] Exclude loongarch64 Signed-off-by: Renbo --- webkit2gtk3.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 5ff94ec..14a1b34 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 ## NOTE: Lots of files in various subdirectories have the same name (such as ## "LICENSE") so this short macro allows us to distinguish them by using their ## directory names (from the source tree) as prefixes for the files. @@ -10,12 +11,13 @@ Name: webkit2gtk3 Version: 2.48.2 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} Summary: GTK Web content engine library License: LGPLv2 URL: https://www.webkitgtk.org/ Source0: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz +ExcludeArch: loongarch64 Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc # Use the keys from https://webkitgtk.org/verifying.html # $ gpg --import aperez.key carlosgc.key @@ -315,6 +317,9 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog +* Wed May 21 2025 Bo Ren 2.48.2-1.0.1 +- Exclude loongarch64 + * Thu May 15 2025 Michael Catanzaro - 2.48.2-1 - Update to 2.48.2 - Reenable JavaScriptCore JIT -- Gitee From 072f89dcbb86b223d8a0faf7e19058c543b47670 Mon Sep 17 00:00:00 2001 From: wxiat Date: Tue, 1 Aug 2023 09:51:12 +0800 Subject: [PATCH 3/3] cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. Signed-off-by: Weisson --- webkit2gtk3.spec | 2 ++ webkitgtk-2.40.5-sw.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 webkitgtk-2.40.5-sw.patch diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 14a1b34..796d5d4 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -53,6 +53,7 @@ Patch301: evolution-sandbox-warning.patch # No patches currently! :) +Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: clang BuildRequires: cmake @@ -319,6 +320,7 @@ export NINJA_STATUS="[%f/%t][%e] " %changelog * Wed May 21 2025 Bo Ren 2.48.2-1.0.1 - Exclude loongarch64 +- cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) * Thu May 15 2025 Michael Catanzaro - 2.48.2-1 - Update to 2.48.2 diff --git a/webkitgtk-2.40.5-sw.patch b/webkitgtk-2.40.5-sw.patch new file mode 100644 index 0000000..f827028 --- /dev/null +++ b/webkitgtk-2.40.5-sw.patch @@ -0,0 +1,26 @@ +From 175ccbf0aa167628af0f22cbec72689a6e75e2b8 Mon Sep 17 00:00:00 2001 +From: wxiat +Date: Mon, 1 Apr 2024 11:31:04 +0800 +Subject: [PATCH] add sw arch. + +Signed-off-by: wxiat +--- + Source/WTF/wtf/dtoa/utils.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h +index aa0786de..b7d66339 100644 +--- a/Source/WTF/wtf/dtoa/utils.h ++++ b/Source/WTF/wtf/dtoa/utils.h +@@ -87,7 +87,7 @@ int main(int argc, char** argv) { + defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ + defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ +- defined(__SH4__) || defined(__alpha__) || \ ++ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__)|| \ + defined(_MIPS_ARCH_MIPS32R2) || \ + defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ + defined(__riscv) || \ +-- +2.31.1 + -- Gitee