From bd7dc464de316a770607f5896bcf84a295441470 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Wed, 16 Jul 2025 09:21:35 +0800
Subject: [PATCH] [CVE] CVE-2025-24201

to #19533
add patch to fix CVE-2025-24201
Project: TC2024080204
Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
---
 3-bugfix-for-CVE-2025-24201.patch | 54 +++++++++++++++++++++++++++++++
 webkitgtk.spec                    |  6 +++-
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 3-bugfix-for-CVE-2025-24201.patch

diff --git a/3-bugfix-for-CVE-2025-24201.patch b/3-bugfix-for-CVE-2025-24201.patch
new file mode 100644
index 0000000..64b676d
--- /dev/null
+++ b/3-bugfix-for-CVE-2025-24201.patch
@@ -0,0 +1,54 @@
+From 541280709a62351643fa7b456bc1f6d652fd9d0b Mon Sep 17 00:00:00 2001
+From: Kimmo Kinnunen <kkinnunen@apple.com>
+Date: Wed, 5 Mar 2025 16:49:53 -0800
+Subject: [PATCH] Cherry-pick b48791700366. rdar://146337054
+
+    WebGL context primitive restart can be toggled from WebContent process
+    https://bugs.webkit.org/show_bug.cgi?id=285858
+    rdar://142693598
+
+    Reviewed by Cameron McCormack.
+
+    Primitive restart is enabled for WebGL2 and disabled for WebGL 1
+    contexts by default. There is no use-case for toggling it from
+    WCP. Do not pass enable/disable to ANGLE.
+
+    * Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:
+    (WebCore::GraphicsContextGLANGLE::disable):
+    (WebCore::GraphicsContextGLANGLE::enable):
+
+    Canonical link: https://commits.webkit.org/289651.23@safari-7621-branch
+---
+ .../graphics/angle/GraphicsContextGLANGLE.cpp        | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+index 39d148172b4f..81c9dff2fb89 100644
+--- a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
++++ b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+@@ -1169,7 +1169,11 @@ void GraphicsContextGLANGLE::disable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
++    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
++        if (m_isForWebGL2)
++            addError(GCGLErrorCode::InvalidOperation);
++        return;
++    }
+     GL_Disable(cap);
+ }
+ 
+@@ -1203,7 +1207,11 @@ void GraphicsContextGLANGLE::enable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
++    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
++        if (!m_isForWebGL2)
++            addError(GCGLErrorCode::InvalidOperation);
++        return;
++    }
+     GL_Enable(cap);
+ }
+ 
diff --git a/webkitgtk.spec b/webkitgtk.spec
index f985be9..c7883c6 100644
--- a/webkitgtk.spec
+++ b/webkitgtk.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 ## NOTE: Lots of files in various subdirectories have the same name (such as
 ## "LICENSE") so this short macro allows us to distinguish them by using their
@@ -27,6 +27,7 @@ Source1:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc
 
 Patch01:        riscv-use-unknown-cpu.patch
 Patch02:        fix_code_error.patch
+Patch3:        3-bugfix-for-CVE-2025-24201.patch
 
 
 BuildRequires:  bison
@@ -456,6 +457,9 @@ export NINJA_STATUS="[2/2][%f/%t %es] "
 %endif
 
 %changelog
+* Wed Jul 16 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 2.48.1-4
+- Fix CVE-2025-24201
+
 * Tue Jun 24 2025 doupengda <doupengda@loongson.cn> - 2.48.1-3
 - add support for loongarch64
 
-- 
Gitee