rpms
/
webkit2gtk3
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import UBI webkit2gtk3-2.42.5-1.el9

This commit is contained in:
eabdullin 2024-04-30 15:19:52 +00:00
parent 876f553c6c
commit 1b2935177d
7 changed files with 57 additions and 96 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,2 +1,2 @@
SOURCES/webkitgtk-2.40.5.tar.xz
SOURCES/webkitgtk-2.42.5.tar.xz
SOURCES/webkitgtk-keys.gpg

2
.webkit2gtk3.metadata
View File

@ -1,2 +1,2 @@
2f4d06b021115eb4106177f7d5f534f45b5d3b2e SOURCES/webkitgtk-2.40.5.tar.xz
c3ffb2beaac56f1089029f2254482f48d9e3db37 SOURCES/webkitgtk-2.42.5.tar.xz
cf57cbbadf2a07c6ede1c886f9742b7d352460c0 SOURCES/webkitgtk-keys.gpg

80
SOURCES/CVE-2023-42917.patch
View File

@ -1,80 +0,0 @@
From 00352dd86bfa102b6e4b792120e3ef3498a27d1e Mon Sep 17 00:00:00 2001
From: Russell Epstein <repstein@apple.com>
Date: Fri, 17 Nov 2023 15:48:32 -0800
Subject: [PATCH] Cherry-pick b0a755e34426.
https://bugs.webkit.org/show_bug.cgi?id=265067
Race condition between JSObject::getDirectConcurrently users and Structure::flattenDictionaryStructure
https://bugs.webkit.org/show_bug.cgi?id=265067
rdar://118548733
Reviewed by Justin Michaud and Mark Lam.
Like Array shift/unshift, flattenDictionaryStructure is the other code which can shrink butterfly for named properties (no other code does it).
Compiler threads rely on the fact that normally named property storage never shrunk. And we should catch this exceptional case by taking a cellLock
in the compiler thread. But flattenDictionaryStructure is not taking cellLock correctly.
This patch computes afterOutOfLineCapacity first to detect that whether this flattening will shrink the butterfly.
And if it is, then we take a cellLock. We do not need to take it if we do not shrink the butterfly.
* Source/JavaScriptCore/runtime/Structure.cpp:
(JSC::Structure::flattenDictionaryStructure):
Canonical link: https://commits.webkit.org/267815.577@safari-7617-branch
Canonical link: https://commits.webkit.org/265870.632@safari-7616.2.9.10-branch
---
Source/JavaScriptCore/runtime/Structure.cpp | 28 +++++++++++++++------
1 file changed, 21 insertions(+), 7 deletions(-)
diff --git a/Source/JavaScriptCore/runtime/Structure.cpp b/Source/JavaScriptCore/runtime/Structure.cpp
index 2922e2478794c..9d094e2c8adc8 100644
--- a/Source/JavaScriptCore/runtime/Structure.cpp
+++ b/Source/JavaScriptCore/runtime/Structure.cpp
@@ -913,17 +913,31 @@ Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object)
checkOffsetConsistency();
ASSERT(isDictionary());
ASSERT(object->structure() == this);
-
- GCSafeConcurrentJSLocker locker(m_lock, vm);
-
- object->setStructureIDDirectly(id().nuke());
- WTF::storeStoreFence();
+ Locker<JSCellLock> cellLocker(NoLockingNecessary);
+
+ PropertyTable* table = nullptr;
size_t beforeOutOfLineCapacity = this->outOfLineCapacity();
+ size_t afterOutOfLineCapacity = beforeOutOfLineCapacity;
if (isUncacheableDictionary()) {
- PropertyTable* table = propertyTableOrNull();
+ table = propertyTableOrNull();
ASSERT(table);
+ PropertyOffset maxOffset = invalidOffset;
+ if (unsigned propertyCount = table->size())
+ maxOffset = offsetForPropertyNumber(propertyCount - 1, m_inlineCapacity);
+ afterOutOfLineCapacity = outOfLineCapacity(maxOffset);
+ }
+ // This is the only case we shrink butterfly in this function. We should take a cell lock to protect against concurrent access to the butterfly.
+ if (beforeOutOfLineCapacity != afterOutOfLineCapacity)
+ cellLocker = Locker { object->cellLock() };
+
+ GCSafeConcurrentJSLocker locker(m_lock, vm);
+
+ object->setStructureIDDirectly(id().nuke());
+ WTF::storeStoreFence();
+
+ if (isUncacheableDictionary()) {
size_t propertyCount = table->size();
// Holds our values compacted by insertion order. This is OK since GC is deferred.
@@ -955,7 +969,7 @@ Structure* Structure::flattenDictionaryStructure(VM& vm, JSObject* object)
setDictionaryKind(NoneDictionaryKind);
setHasBeenFlattenedBefore(true);
- size_t afterOutOfLineCapacity = this->outOfLineCapacity();
+ ASSERT(this->outOfLineCapacity() == afterOutOfLineCapacity);
if (object->butterfly() && beforeOutOfLineCapacity != afterOutOfLineCapacity) {
ASSERT(beforeOutOfLineCapacity > afterOutOfLineCapacity);

16
SOURCES/i686-build.patch Normal file
View File

@ -0,0 +1,16 @@
From: Alberto Garcia <berto@igalia.com>
Subject: Fix FTBFS in i386
Bug: https://bugs.webkit.org/show_bug.cgi?id=268739
Index: webkitgtk/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
===================================================================
--- webkitgtk.orig/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
+++ webkitgtk/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpc
UNUSED_VARIABLE(t2);
UNUSED_VARIABLE(t3);
UNUSED_VARIABLE(t5);
- UNUSED_VARIABLE(t6);
- UNUSED_VARIABLE(t7);
struct StackPointerScope {
StackPointerScope(CLoopStack& stack)

6
SOURCES/webkitgtk-2.40.5.tar.xz.asc
View File

@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iF0EABEDAB0WIQTX/PYc+aLeqzHYG9Pz0yLQ7EWCwwUCZMjRYQAKCRDz0yLQ7EWC
wwPPAJ0XUmEmSr4IFQWpbDfPOR9keXY+lwCfVLyOFL8T55psriGN4vkxVZqq+EM=
=nGCs
-----END PGP SIGNATURE-----

6
SOURCES/webkitgtk-2.42.5.tar.xz.asc Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iF0EABECAB0WIQTX/PYc+aLeqzHYG9Pz0yLQ7EWCwwUCZcCvFAAKCRDz0yLQ7EWC
w1FoAJ9+JY5XpvsElI4nSgXhLk3k6O7L5QCeNx1Hj5iFlSDQY17oYfa4FyMEI9I=
=NxQN
-----END PGP SIGNATURE-----

41
SPECS/webkit2gtk3.spec
View File

@ -11,8 +11,8 @@
%endif
Name: webkit2gtk3
Version: 2.40.5
Release: 1%{?dist}.1
Version: 2.42.5
Release: 1%{?dist}
Summary: GTK Web content engine library
License: LGPLv2
@ -24,7 +24,8 @@ Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc
# $ gpg --export --export-options export-minimal D7FCF61CF9A2DEAB31D81BD3F3D322D0EC4582C3 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B > webkitgtk-keys.gpg
Source2: webkitgtk-keys.gpg
Patch: CVE-2023-42917.patch
# https://bugs.webkit.org/show_bug.cgi?id=268739
Patch: i686-build.patch
BuildRequires: bison
BuildRequires: bubblewrap
@ -53,12 +54,11 @@ BuildRequires: pkgconfig(atspi-2)
BuildRequires: pkgconfig(cairo)
BuildRequires: pkgconfig(egl)
BuildRequires: pkgconfig(enchant-2)
BuildRequires: pkgconfig(epoxy)
BuildRequires: pkgconfig(fontconfig)
BuildRequires: pkgconfig(freetype2)
BuildRequires: pkgconfig(gbm)
BuildRequires: pkgconfig(gl)
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(glesv2)
BuildRequires: pkgconfig(gobject-introspection-1.0)
BuildRequires: pkgconfig(gstreamer-1.0)
BuildRequires: pkgconfig(gstreamer-plugins-bad-1.0)
@ -99,6 +99,9 @@ BuildRequires: pkgconfig(xt)
Requires: bubblewrap
Requires: xdg-dbus-proxy
# libepoxy will crash when WebKit tries using GLES2 if it's not installed.
Requires: libGLES
# If Geoclue is not running, the geolocation API will not work.
Recommends: geoclue2
@ -216,6 +219,7 @@ rm -rf Source/ThirdParty/qunit/
-DUSE_AVIF=OFF \
-DENABLE_DOCUMENTATION=OFF \
-DUSE_GSTREAMER_TRANSCODER=OFF \
-DUSE_JPEGXL=OFF \
%if !0%{?with_gamepad}
-DENABLE_GAMEPAD=OFF \
%endif
@ -293,9 +297,30 @@ export NINJA_STATUS="[%f/%t][%e] "
%{_datadir}/gir-1.0/JavaScriptCore-4.0.gir
%changelog
* Tue Dec 05 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.40.5-1.1
- Add patch for CVE-2023-42917
Resolves: RHEL-18173
* Mon Feb 05 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.5-1
- Update to 2.42.5
Resolves: RHEL-3960
* Fri Dec 15 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.4-1
- Update to 2.42.4
Resolves: RHEL-3960
Resolves: RHEL-19366
* Tue Dec 05 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.3-1
- Update to 2.42.3
Resolves: RHEL-3960
* Fri Nov 10 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.2-1
- Update to 2.42.2
Resolves: RHEL-3960
* Wed Sep 27 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.1-1
- Update to 2.42.1
Resolves: RHEL-3960
* Mon Sep 18 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.42.0-1
- Upgrade to 2.42.0
Resolves: RHEL-3960
* Tue Aug 01 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.40.5-1
- Update to 2.40.5