From d5d617fa03dba05f8ccf558c75a5b0cef4667578 Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Mon, 17 Mar 2025 15:34:55 +0800
Subject: [PATCH] fix CVE-2025-24201

---
 backport-CVE-2025-24201.patch | 53 +++++++++++++++++++++++++++++++++++
 webkit2gtk3.spec              |  7 ++++-
 webkit2gtk4_1.spec            |  7 ++++-
 webkitgtk6_0.spec             |  7 ++++-
 4 files changed, 71 insertions(+), 3 deletions(-)
 create mode 100644 backport-CVE-2025-24201.patch

diff --git a/backport-CVE-2025-24201.patch b/backport-CVE-2025-24201.patch
new file mode 100644
index 0000000..cb69567
--- /dev/null
+++ b/backport-CVE-2025-24201.patch
@@ -0,0 +1,53 @@
+From 7d784721e440d04932945e2decb933720c4e0fc7 Mon Sep 17 00:00:00 2001
+From: Kimmo Kinnunen <kkinnunen@apple.com>
+Date: Wed, 12 Mar 2025 01:42:08 -0700
+Subject: [PATCH] WebGL context primitive restart can be toggled from
+ WebContent process https://bugs.webkit.org/show_bug.cgi?id=285858
+ rdar://142693598
+
+Reviewed by Cameron McCormack.
+
+Primitive restart is enabled for WebGL2 and disabled for WebGL 1
+contexts by default. There is no use-case for toggling it from
+WCP. Do not pass enable/disable to ANGLE.
+
+* Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:
+(WebCore::GraphicsContextGLANGLE::disable):
+(WebCore::GraphicsContextGLANGLE::enable):
+
+Originally-landed-as: b48791700366. rdar://146807693
+Canonical link: https://commits.webkit.org/292004@main
+---
+ .../graphics/angle/GraphicsContextGLANGLE.cpp        | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+index 55f23b3eb337b..bbe382cf413d1 100644
+--- a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
++++ b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+@@ -1187,7 +1187,11 @@ void GraphicsContextGLANGLE::disable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
++    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
++        if (m_isForWebGL2)
++            addError(GCGLErrorCode::InvalidOperation);
++        return;
++    }
+     GL_Disable(cap);
+ }
+ 
+@@ -1221,7 +1225,11 @@ void GraphicsContextGLANGLE::enable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
++    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
++        if (!m_isForWebGL2)
++            addError(GCGLErrorCode::InvalidOperation);
++        return;
++    }
+     GL_Enable(cap);
+ }
+ 
diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec
index a90618c..549f5eb 100644
--- a/webkit2gtk3.spec
+++ b/webkit2gtk3.spec
@@ -23,7 +23,7 @@
 
 Name:           webkit2gtk3
 Version:        2.46.6
-Release:        1
+Release:        2
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
@@ -31,6 +31,8 @@ Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 
 Patch1000:      webkitgtk-add-loongarch-and-sw.patch
 
+Patch6000:      backport-CVE-2025-24201.patch
+
 #Dependency
 BuildRequires:  bison
 BuildRequires:  bubblewrap
@@ -287,6 +289,9 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %endif
 
 %changelog
+* Mon Mar 17 2025 lingsheng <lingsheng1@h-partners.com> - 2.46.6-2
+- fix CVE-2025-24201
+
 * Mon Feb 10 2025 lingsheng <lingsheng1@h-partners.com> - 2.46.6-1
 - update to 2.46.6
 
diff --git a/webkit2gtk4_1.spec b/webkit2gtk4_1.spec
index ead89dc..92744ed 100644
--- a/webkit2gtk4_1.spec
+++ b/webkit2gtk4_1.spec
@@ -23,7 +23,7 @@
 
 Name:           webkit2gtk4.1
 Version:        2.46.6
-Release:        1
+Release:        2
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
@@ -31,6 +31,8 @@ Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 
 Patch1000:      webkitgtk-add-loongarch-and-sw.patch
 
+Patch6000:      backport-CVE-2025-24201.patch
+
 #Dependency
 BuildRequires:  bison
 BuildRequires:  bubblewrap
@@ -258,6 +260,9 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.1
 %endif
 
 %changelog
+* Mon Mar 17 2025 lingsheng <lingsheng1@h-partners.com> - 2.46.6-2
+- fix CVE-2025-24201
+
 * Mon Feb 10 2025 lingsheng <lingsheng1@h-partners.com> - 2.46.6-1
 - update to 2.46.6
 
diff --git a/webkitgtk6_0.spec b/webkitgtk6_0.spec
index a28cab7..71bc2b1 100644
--- a/webkitgtk6_0.spec
+++ b/webkitgtk6_0.spec
@@ -23,7 +23,7 @@
 
 Name:           webkitgtk6.0
 Version:        2.46.6
-Release:        1
+Release:        2
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
@@ -31,6 +31,8 @@ Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 
 Patch1000:      webkitgtk-add-loongarch-and-sw.patch
 
+Patch6000:      backport-CVE-2025-24201.patch
+
 #Dependency
 BuildRequires:  bison
 BuildRequires:  bubblewrap
@@ -260,6 +262,9 @@ files for developing applications that use JavaScript engine from webkitgtk-6.0.
 %endif
 
 %changelog
+* Mon Mar 17 2025 lingsheng <lingsheng1@h-partners.com> - 2.46.6-2
+- fix CVE-2025-24201
+
 * Mon Feb 10 2025 lingsheng <lingsheng1@h-partners.com> - 2.46.6-1
 - update to 2.46.6
 
-- 
Gitee