From db1e61dacd74a9a9135a4fe8cb6a2601305d621e Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Wed, 16 Jul 2025 20:58:18 +0800
Subject: [PATCH] [CVE] CVE-2024-4558

to #21824
add patch to fix CVE-2024-4558
Project: TC2024080204
Signed-off-by: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
---
 0003-bugfix-for-CVE-2024-4558.patch | 38 +++++++++++++++++++++++++++++
 webkitgtk.spec                      |  6 ++++-
 2 files changed, 43 insertions(+), 1 deletion(-)
 create mode 100644 0003-bugfix-for-CVE-2024-4558.patch

diff --git a/0003-bugfix-for-CVE-2024-4558.patch b/0003-bugfix-for-CVE-2024-4558.patch
new file mode 100644
index 0000000..f07f640
--- /dev/null
+++ b/0003-bugfix-for-CVE-2024-4558.patch
@@ -0,0 +1,38 @@
+From 9d7ec80f78039e6646fcfc455ab4c05aa393f34c Mon Sep 17 00:00:00 2001
+From: Kimmo Kinnunen <kkinnunen@apple.com>
+Date: Tue, 14 May 2024 22:37:29 -0700
+Subject: [PATCH] Cherry-pick ANGLE.
+ https://bugs.webkit.org/show_bug.cgi?id=274165
+
+https://bugs.webkit.org/show_bug.cgi?id=274165
+rdar://127764804
+
+Reviewed by Dan Glastonbury.
+
+Cherry-pick ANGLE upstream commit 1bb1ee061fe0bce322fb93b447a72e72c993a1f2:
+
+GL: Sync unpack state for glCompressedTexSubImage3D
+
+Unpack state is supposed to be ignored for compressed tex image calls
+but some drivers use it anyways and read incorrect data.
+
+Texture3DTestES3.PixelUnpackStateTexSubImage covers this case.
+
+Bug: chromium:337766133
+Change-Id: Ic11a056113b1850bd5b4d6840527164a12849a22
+Reviewed-on:https://chromium-review.googlesource.com/c/angle/angle/+/5498735
+Commit-Queue: Shahbaz Youssefi <syoussefi@chromium.org>
+Reviewed-by: Shahbaz Youssefi <syoussefi@chromium.org>
+Canonical link: https://commits.webkit.org/274313.341@webkitglib/2.44
+
+Reference:https://github.com/WebKit/WebKit/commit/9d7ec80f78039e6646fcfc455ab4c05aa393f34c
+Conflict:StateManager->mStateManager,adapt context
+ Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp b/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
+index 2ff6fbc..d0fea5d 100644
+--- a/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
++++ b/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
+2.33.0
+
diff --git a/webkitgtk.spec b/webkitgtk.spec
index f985be9..4a77fd2 100644
--- a/webkitgtk.spec
+++ b/webkitgtk.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 ## NOTE: Lots of files in various subdirectories have the same name (such as
 ## "LICENSE") so this short macro allows us to distinguish them by using their
@@ -27,6 +27,7 @@ Source1:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc
 
 Patch01:        riscv-use-unknown-cpu.patch
 Patch02:        fix_code_error.patch
+Patch3:        0003-bugfix-for-CVE-2024-4558.patch
 
 
 BuildRequires:  bison
@@ -456,6 +457,9 @@ export NINJA_STATUS="[2/2][%f/%t %es] "
 %endif
 
 %changelog
+* Wed Jul 16 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 2.48.1-4
+- Fix CVE-2024-4558
+
 * Tue Jun 24 2025 doupengda <doupengda@loongson.cn> - 2.48.1-3
 - add support for loongarch64
 
-- 
Gitee