From 06eb2ef4db43e50fcacc078caaaf3648195ec8be Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Mon, 17 Mar 2025 07:36:58 +0000
Subject: [PATCH] Import from CS git

---
 SOURCES/CVE-2025-24201.patch | 54 ++++++++++++++++++++++++++++++++++++
 SPECS/webkit2gtk3.spec       | 12 +++++++-
 2 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/CVE-2025-24201.patch

diff --git a/SOURCES/CVE-2025-24201.patch b/SOURCES/CVE-2025-24201.patch
new file mode 100644
index 0000000..64b676d
--- /dev/null
+++ b/SOURCES/CVE-2025-24201.patch
@@ -0,0 +1,54 @@
+From 541280709a62351643fa7b456bc1f6d652fd9d0b Mon Sep 17 00:00:00 2001
+From: Kimmo Kinnunen <kkinnunen@apple.com>
+Date: Wed, 5 Mar 2025 16:49:53 -0800
+Subject: [PATCH] Cherry-pick b48791700366. rdar://146337054
+
+    WebGL context primitive restart can be toggled from WebContent process
+    https://bugs.webkit.org/show_bug.cgi?id=285858
+    rdar://142693598
+
+    Reviewed by Cameron McCormack.
+
+    Primitive restart is enabled for WebGL2 and disabled for WebGL 1
+    contexts by default. There is no use-case for toggling it from
+    WCP. Do not pass enable/disable to ANGLE.
+
+    * Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:
+    (WebCore::GraphicsContextGLANGLE::disable):
+    (WebCore::GraphicsContextGLANGLE::enable):
+
+    Canonical link: https://commits.webkit.org/289651.23@safari-7621-branch
+---
+ .../graphics/angle/GraphicsContextGLANGLE.cpp        | 12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+index 39d148172b4f..81c9dff2fb89 100644
+--- a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
++++ b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
+@@ -1169,7 +1169,11 @@ void GraphicsContextGLANGLE::disable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
++    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
++        if (m_isForWebGL2)
++            addError(GCGLErrorCode::InvalidOperation);
++        return;
++    }
+     GL_Disable(cap);
+ }
+ 
+@@ -1203,7 +1207,11 @@ void GraphicsContextGLANGLE::enable(GCGLenum cap)
+ {
+     if (!makeContextCurrent())
+         return;
+-
++    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
++        if (!m_isForWebGL2)
++            addError(GCGLErrorCode::InvalidOperation);
++        return;
++    }
+     GL_Enable(cap);
+ }
+ 
diff --git a/SPECS/webkit2gtk3.spec b/SPECS/webkit2gtk3.spec
index d5dfc13..27e6939 100644
--- a/SPECS/webkit2gtk3.spec
+++ b/SPECS/webkit2gtk3.spec
@@ -10,7 +10,7 @@
 
 Name:           webkit2gtk3
 Version:        2.46.6
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        GTK Web content engine library
 
 License:        LGPLv2
@@ -46,6 +46,13 @@ Patch204:       icu60.patch
 Patch300:       evolution-shared-secondary-process.patch
 Patch301:       evolution-sandbox-warning.patch
 
+##
+## Upstream patches to remove after next update
+##
+
+# https://bugs.webkit.org/show_bug.cgi?id=285858
+Patch400:          CVE-2025-24201.patch          
+
 BuildRequires:  bison
 BuildRequires:  cmake
 BuildRequires:  flex
@@ -315,6 +322,9 @@ export NINJA_STATUS="[%f/%t][%e] "
 %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir
 
 %changelog
+* Thu Mar 13 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.6-2
+- Add patch for CVE-2025-24201
+
 * Tue Feb 25 2025 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.6-1
 - Update to 2.46.6