Import from CS git

2025-03-17 07:36:58 +00:00 · 2025-03-17 07:36:58 +00:00 · 06eb2ef4db
commit 06eb2ef4db
parent 9180abfcdf
2 changed files with 65 additions and 1 deletions
--- a/SOURCES/CVE-2025-24201.patch
+++ b/SOURCES/CVE-2025-24201.patch
@ -0,0 +1,54 @@
+From 541280709a62351643fa7b456bc1f6d652fd9d0b Mon Sep 17 00:00:00 2001
+From: Kimmo Kinnunen <kkinnunen@apple.com>
+Date: Wed, 5 Mar 2025 16:49:53 -0800
+Subject: [PATCH] Cherry-pick b48791700366. rdar://146337054
+
+    WebGL context primitive restart can be toggled from WebContent process
+    https://bugs.webkit.org/show_bug.cgi?id=285858
+    rdar://142693598
+
+    Reviewed by Cameron McCormack.
+
+    Primitive restart is enabled for WebGL2 and disabled for WebGL 1
+    contexts by default. There is no use-case for toggling it from
+    WCP. Do not pass enable/disable to ANGLE.
+
+    * Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:
+    (WebCore::GraphicsContextGLANGLE::disable):
+    (WebCore::GraphicsContextGLANGLE::enable):
+
+    Canonical link: https://commits.webkit.org/289651.23@safari-7621-branch
+---
+ .../graphics/angle/GraphicsContextGLANGLE.cpp        | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+index 39d148172b4f..81c9dff2fb89 100644
+--- a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+++ b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+@@ -1169,7 +1169,11 @@ void GraphicsContextGLANGLE::disable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
+    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
+        if (m_isForWebGL2)
+            addError(GCGLErrorCode::InvalidOperation);
+        return;
+    }
+     GL_Disable(cap);
+ }
+ 
+@@ -1203,7 +1207,11 @@ void GraphicsContextGLANGLE::enable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
+    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
+        if (!m_isForWebGL2)
+            addError(GCGLErrorCode::InvalidOperation);
+        return;
+    }
+     GL_Enable(cap);
+ }
+ 
--- a/SPECS/webkit2gtk3.spec
+++ b/SPECS/webkit2gtk3.spec
@ -10,7 +10,7 @@

 Name:           webkit2gtk3
 Version:        2.46.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        GTK Web content engine library

 License:        LGPLv2
@ -46,6 +46,13 @@ Patch204:       icu60.patch
 Patch300:       evolution-shared-secondary-process.patch
 Patch301:       evolution-sandbox-warning.patch

+##
+## Upstream patches to remove after next update
+##
+
+# https://bugs.webkit.org/show_bug.cgi?id=285858
+Patch400:          CVE-2025-24201.patch          
+
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  flex
@ -315,6 +322,9 @@ export NINJA_STATUS="[%f/%t][%e] "
 %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir

 %changelog
+* Thu Mar 13 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.6-2
+- Add patch for CVE-2025-24201
+
 * Tue Feb 25 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.6-1
 - Update to 2.46.6