From a1f4bf6658c0c58899192eb76046a3b5c374ecca Mon Sep 17 00:00:00 2001 From: Jacob Wang Date: Thu, 14 Aug 2025 09:06:34 +0800 Subject: [PATCH 1/3] [CVE]update to webkit2gtk3-2.48.5-1 to #ICSUJL update to webkit2gtk3-2.48.5-1 for CVE-2025-6558 CVE-2025-31273 CVE-2025-31278 CVE-2025-43211 CVE-2025-43212 CVE-2025-43216 CVE-2025-43227 CVE-2025-43240 CVE-2025-43265 Project: TC2024080204 Signed-off-by: Jacob Wang --- download | 4 +- glib-2.56.patch | 119 +++++++++++++++++++------------------- webkit2gtk3.spec | 18 +++--- webkitgtk-2.40.5-sw.patch | 26 --------- 4 files changed, 67 insertions(+), 100 deletions(-) delete mode 100644 webkitgtk-2.40.5-sw.patch diff --git a/download b/download index 5720239..1d915f4 100644 --- a/download +++ b/download @@ -1,2 +1,2 @@ -0c140e66a51a3f7f7db2f3185354b921 webkitgtk-2.48.2.tar.xz -53b40657e1fb0b16e31dc587e18fdd60 webkitgtk-2.48.2.tar.xz.asc +23e26bc4e30b80462cb1030fab352409 webkitgtk-2.48.5.tar.xz +cc34ee2b70fc8989ca3c4f9267876b79 webkitgtk-2.48.5.tar.xz.asc diff --git a/glib-2.56.patch b/glib-2.56.patch index 9f9e12f..9f571fd 100644 --- a/glib-2.56.patch +++ b/glib-2.56.patch @@ -1,48 +1,8 @@ -diff --git a/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c b/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c -index ef000cd2b910..432c97257048 100644 ---- a/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c -+++ b/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c -@@ -175,11 +175,12 @@ static void featureTreeViewRenderStatusData(GtkTreeViewColumn *column, GtkCellRe - { - g_autoptr(WebKitFeature) feature = NULL; - gtk_tree_model_get(model, iter, FEATURES_LIST_COLUMN_FEATURE, &feature, -1); -- g_autoptr(GEnumClass) enumClass = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); -+ GEnumClass *enumClass = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); - g_object_set(renderer, - "markup", NULL, - "text", g_enum_get_value(enumClass, webkit_feature_get_status(feature))->value_nick, - NULL); -+ g_type_class_unref(enumClass); - } - - static void featureTreeViewRenderCategoryData(GtkTreeViewColumn *column, GtkCellRenderer *renderer, GtkTreeModel *model, GtkTreeIter *iter, gpointer data) -diff --git a/Tools/MiniBrowser/gtk/main.c b/Tools/MiniBrowser/gtk/main.c -index 8be643a54151..ae82b41400b5 100644 ---- a/Tools/MiniBrowser/gtk/main.c -+++ b/Tools/MiniBrowser/gtk/main.c -@@ -273,7 +273,7 @@ static gboolean parseFeaturesOptionCallback(const gchar *option, const gchar *va - "features, prefixes '-' and '!' disable features. Names are case-insensitive. Example:\n" - "\n %s --features='!DirPseudo,+WebAnimationsCustomEffects,webgl'\n\n" - "Available features (+/- = enabled/disabled by default):\n\n", g_get_prgname()); -- g_autoptr(GEnumClass) statusEnum = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); -+ GEnumClass *statusEnum = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); - for (gsize i = 0; i < webkit_feature_list_get_length(featureList); i++) { - WebKitFeature *feature = webkit_feature_list_get(featureList, i); - g_print(" %c %s (%s)", -@@ -284,6 +284,7 @@ static gboolean parseFeaturesOptionCallback(const gchar *option, const gchar *va - g_print(": %s", webkit_feature_get_name(feature)); - g_print("\n"); - } -+ g_type_class_unref(statusEnum); - exit(EXIT_SUCCESS); - } - -From 4e525b9192df17a80b07188af6b6e7cf6476ff10 Mon Sep 17 00:00:00 2001 +From de6f529213b43a938dcaa125475cef0a1c5e786d Mon Sep 17 00:00:00 2001 From: Michael Catanzaro -Date: Fri, 4 Apr 2025 13:20:59 -0500 -Subject: [PATCH] Revert "[GLib] Remove all GLIB_CHECK_VERSION conditionals" +Date: Fri, 4 Apr 2025 13:58:05 -0500 +Subject: [PATCH] Build against GLib 2.56 -This reverts commit 85b637b69f1c3a6242420b198d1c173477ce0f22. --- Source/WTF/wtf/URL.h | 4 ++-- Source/WTF/wtf/glib/GRefPtr.cpp | 2 ++ @@ -58,8 +18,9 @@ This reverts commit 85b637b69f1c3a6242420b198d1c173477ce0f22. .../glib/WebKitOverridingResolver.cpp | 4 ++++ Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp | 6 ++++++ Source/cmake/OptionsGTK.cmake | 13 ++++++++++++- - Source/cmake/OptionsWPE.cmake | 13 ++++++++++++- - 15 files changed, 94 insertions(+), 4 deletions(-) + Tools/MiniBrowser/gtk/BrowserSettingsDialog.c | 3 ++- + Tools/MiniBrowser/gtk/main.c | 3 ++- + 16 files changed, 86 insertions(+), 5 deletions(-) diff --git a/Source/WTF/wtf/URL.h b/Source/WTF/wtf/URL.h index 8a7864508a8e..f065677c68ad 100644 @@ -392,7 +353,7 @@ index 150d74ed0296..f461e3c695fe 100644 resolverClass->lookup_by_address_async = webkitOverridingResolverLookupByAddressAsync; resolverClass->lookup_by_address_finish = webkitOverridingResolverLookupByAddressFinish; diff --git a/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp b/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp -index a73466be12f1..9ab0cfb6f440 100644 +index 1bf17f0f9b67..ef9f5c2e45f0 100644 --- a/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp +++ b/Source/WebKit/Shared/glib/ArgumentCodersGLib.cpp @@ -121,11 +121,13 @@ void ArgumentCoder>::encode(Encoder& encoder, const GRe @@ -425,7 +386,7 @@ index a73466be12f1..9ab0cfb6f440 100644 GType certificateType = g_tls_backend_get_certificate_type(g_tls_backend_get_default()); GRefPtr certificate; -@@ -156,8 +160,10 @@ std::optional> ArgumentCoder>: +@@ -157,8 +161,10 @@ std::optional> ArgumentCoder>: certificateType, nullptr, nullptr, "certificate", certificateData.get(), "issuer", issuer, @@ -435,11 +396,19 @@ index a73466be12f1..9ab0cfb6f440 100644 +#endif nullptr))); issuer = certificate.get(); - } + i++; diff --git a/Source/cmake/OptionsGTK.cmake b/Source/cmake/OptionsGTK.cmake -index 4a285e849cfd..0aca16c1d25f 100644 +index 8a611c26a0ac..a74c49f46471 100644 --- a/Source/cmake/OptionsGTK.cmake +++ b/Source/cmake/OptionsGTK.cmake +@@ -7,7 +7,6 @@ SET_PROJECT_VERSION(2 48 5) + + set(USER_AGENT_BRANDING "" CACHE STRING "Branding to add to user agent string") + +-find_package(GLIB 2.70.0 REQUIRED COMPONENTS gio gio-unix gobject gthread gmodule) + find_package(Cairo 1.14.0 REQUIRED) + find_package(LibGcrypt 1.7.0 REQUIRED) + find_package(Libtasn1 REQUIRED) @@ -205,6 +204,13 @@ else () SET_AND_EXPOSE_TO_BUILD(ENABLE_2022_GLIB_API OFF) endif () @@ -466,17 +435,45 @@ index 4a285e849cfd..0aca16c1d25f 100644 if (ENABLE_GAMEPAD) find_package(Manette 0.2.4) if (NOT Manette_FOUND) --- -2.49.0 -diff --git a/Source/cmake/OptionsGTK.cmake b/Source/cmake/OptionsGTK.cmake -index 6c39538ba6fc..0a30e0c4c7c1 100644 ---- a/Source/cmake/OptionsGTK.cmake -+++ b/Source/cmake/OptionsGTK.cmake -@@ -7,7 +7,6 @@ SET_PROJECT_VERSION(2 48 1) +diff --git a/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c b/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c +index ef000cd2b910..432c97257048 100644 +--- a/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c ++++ b/Tools/MiniBrowser/gtk/BrowserSettingsDialog.c +@@ -175,11 +175,12 @@ static void featureTreeViewRenderStatusData(GtkTreeViewColumn *column, GtkCellRe + { + g_autoptr(WebKitFeature) feature = NULL; + gtk_tree_model_get(model, iter, FEATURES_LIST_COLUMN_FEATURE, &feature, -1); +- g_autoptr(GEnumClass) enumClass = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); ++ GEnumClass *enumClass = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); + g_object_set(renderer, + "markup", NULL, + "text", g_enum_get_value(enumClass, webkit_feature_get_status(feature))->value_nick, + NULL); ++ g_type_class_unref(enumClass); + } - set(USER_AGENT_BRANDING "" CACHE STRING "Branding to add to user agent string") + static void featureTreeViewRenderCategoryData(GtkTreeViewColumn *column, GtkCellRenderer *renderer, GtkTreeModel *model, GtkTreeIter *iter, gpointer data) +diff --git a/Tools/MiniBrowser/gtk/main.c b/Tools/MiniBrowser/gtk/main.c +index 8433f5360dc4..9e76cb6cde5d 100644 +--- a/Tools/MiniBrowser/gtk/main.c ++++ b/Tools/MiniBrowser/gtk/main.c +@@ -276,7 +276,7 @@ static gboolean parseFeaturesOptionCallback(const gchar *option, const gchar *va + "features, prefixes '-' and '!' disable features. Names are case-insensitive. Example:\n" + "\n %s --features='!DirPseudo,+WebAnimationsCustomEffects,webgl'\n\n" + "Available features (+/- = enabled/disabled by default):\n\n", g_get_prgname()); +- g_autoptr(GEnumClass) statusEnum = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); ++ GEnumClass *statusEnum = g_type_class_ref(WEBKIT_TYPE_FEATURE_STATUS); + for (gsize i = 0; i < webkit_feature_list_get_length(featureList); i++) { + WebKitFeature *feature = webkit_feature_list_get(featureList, i); + g_print(" %c %s (%s)", +@@ -287,6 +287,7 @@ static gboolean parseFeaturesOptionCallback(const gchar *option, const gchar *va + g_print(": %s", webkit_feature_get_name(feature)); + g_print("\n"); + } ++ g_type_class_unref(statusEnum); + exit(EXIT_SUCCESS); + } --find_package(GLIB 2.70.0 REQUIRED COMPONENTS gio gio-unix gobject gthread gmodule) - find_package(Cairo 1.14.0 REQUIRED) - find_package(LibGcrypt 1.7.0 REQUIRED) - find_package(Libtasn1 REQUIRED) +-- +2.50.1 + diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 796d5d4..f44b5ad 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 ## NOTE: Lots of files in various subdirectories have the same name (such as ## "LICENSE") so this short macro allows us to distinguish them by using their ## directory names (from the source tree) as prefixes for the files. @@ -6,18 +5,14 @@ mkdir -p _license_files ; \ cp -p %1 _license_files/$(echo '%1' | sed -e 's!/!.!g')- -# There is a special buildroot required to build this package: -# $ rhpkg build --target rhel-8.10.0-z-webkitgtk-stack-gate - Name: webkit2gtk3 -Version: 2.48.2 -Release: 1%{anolis_release}%{?dist} +Version: 2.48.5 +Release: 1%{?dist} Summary: GTK Web content engine library License: LGPLv2 URL: https://www.webkitgtk.org/ Source0: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz -ExcludeArch: loongarch64 Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc # Use the keys from https://webkitgtk.org/verifying.html # $ gpg --import aperez.key carlosgc.key @@ -53,7 +48,6 @@ Patch301: evolution-sandbox-warning.patch # No patches currently! :) -Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: clang BuildRequires: cmake @@ -318,9 +312,11 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog -* Wed May 21 2025 Bo Ren 2.48.2-1.0.1 -- Exclude loongarch64 -- cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) +* Fri Aug 08 2025 Michael Catanzaro - 2.48.5-1 +- Update to 2.48.5 + +* Fri May 30 2025 Michael Catanzaro - 2.48.3-1 +- Update to 2.48.3 * Thu May 15 2025 Michael Catanzaro - 2.48.2-1 - Update to 2.48.2 diff --git a/webkitgtk-2.40.5-sw.patch b/webkitgtk-2.40.5-sw.patch deleted file mode 100644 index f827028..0000000 --- a/webkitgtk-2.40.5-sw.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 175ccbf0aa167628af0f22cbec72689a6e75e2b8 Mon Sep 17 00:00:00 2001 -From: wxiat -Date: Mon, 1 Apr 2024 11:31:04 +0800 -Subject: [PATCH] add sw arch. - -Signed-off-by: wxiat ---- - Source/WTF/wtf/dtoa/utils.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h -index aa0786de..b7d66339 100644 ---- a/Source/WTF/wtf/dtoa/utils.h -+++ b/Source/WTF/wtf/dtoa/utils.h -@@ -87,7 +87,7 @@ int main(int argc, char** argv) { - defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ - defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ - defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ -- defined(__SH4__) || defined(__alpha__) || \ -+ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__)|| \ - defined(_MIPS_ARCH_MIPS32R2) || \ - defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ - defined(__riscv) || \ --- -2.31.1 - -- Gitee From d12adf59cab3c339b96b93a582dcad3e1eed7d37 Mon Sep 17 00:00:00 2001 From: Renbo Date: Tue, 16 Jan 2024 17:10:45 +0800 Subject: [PATCH 2/3] Exclude loongarch64 Signed-off-by: Renbo --- webkit2gtk3.spec | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index f44b5ad..6b2ed2f 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -1,3 +1,4 @@ +%define anolis_release .0.1 ## NOTE: Lots of files in various subdirectories have the same name (such as ## "LICENSE") so this short macro allows us to distinguish them by using their ## directory names (from the source tree) as prefixes for the files. @@ -7,12 +8,13 @@ Name: webkit2gtk3 Version: 2.48.5 -Release: 1%{?dist} +Release: 1%{anolis_release}%{?dist} Summary: GTK Web content engine library License: LGPLv2 URL: https://www.webkitgtk.org/ Source0: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz +ExcludeArch: loongarch64 Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc # Use the keys from https://webkitgtk.org/verifying.html # $ gpg --import aperez.key carlosgc.key @@ -312,6 +314,9 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog +* Thu Aug 14 2025 Bo Ren 2.48.5-1.0.1 +- Exclude loongarch64 + * Fri Aug 08 2025 Michael Catanzaro - 2.48.5-1 - Update to 2.48.5 -- Gitee From 628b4b92da99d54c45f44a457bb95279ccc9f106 Mon Sep 17 00:00:00 2001 From: wxiat Date: Tue, 1 Aug 2023 09:51:12 +0800 Subject: [PATCH 3/3] cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. Signed-off-by: Weisson --- webkit2gtk3.spec | 2 ++ webkitgtk-2.40.5-sw.patch | 26 ++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 webkitgtk-2.40.5-sw.patch diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 6b2ed2f..4c14bc2 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -50,6 +50,7 @@ Patch301: evolution-sandbox-warning.patch # No patches currently! :) +Patch1001: webkitgtk-2.40.5-sw.patch BuildRequires: bison BuildRequires: clang BuildRequires: cmake @@ -316,6 +317,7 @@ export NINJA_STATUS="[%f/%t][%e] " %changelog * Thu Aug 14 2025 Bo Ren 2.48.5-1.0.1 - Exclude loongarch64 +- cherry-pick `add sw arch #ef8be098b07c4d8a9f809d32a607700f4a420676`. (nijie@wxiat.com) * Fri Aug 08 2025 Michael Catanzaro - 2.48.5-1 - Update to 2.48.5 diff --git a/webkitgtk-2.40.5-sw.patch b/webkitgtk-2.40.5-sw.patch new file mode 100644 index 0000000..f827028 --- /dev/null +++ b/webkitgtk-2.40.5-sw.patch @@ -0,0 +1,26 @@ +From 175ccbf0aa167628af0f22cbec72689a6e75e2b8 Mon Sep 17 00:00:00 2001 +From: wxiat +Date: Mon, 1 Apr 2024 11:31:04 +0800 +Subject: [PATCH] add sw arch. + +Signed-off-by: wxiat +--- + Source/WTF/wtf/dtoa/utils.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/Source/WTF/wtf/dtoa/utils.h b/Source/WTF/wtf/dtoa/utils.h +index aa0786de..b7d66339 100644 +--- a/Source/WTF/wtf/dtoa/utils.h ++++ b/Source/WTF/wtf/dtoa/utils.h +@@ -87,7 +87,7 @@ int main(int argc, char** argv) { + defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \ + defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \ + defined(__sparc__) || defined(__sparc) || defined(__s390__) || \ +- defined(__SH4__) || defined(__alpha__) || \ ++ defined(__SH4__) || defined(__alpha__) || defined(__sw_64__)|| \ + defined(_MIPS_ARCH_MIPS32R2) || \ + defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \ + defined(__riscv) || \ +-- +2.31.1 + -- Gitee