[Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5

Adrian Perez de Castro aperez at igalia.com
Thu Feb 8 09:28:26 UTC 2024 

Hi Peter,

I was about to submit basically the same patch, you have beaten me to it.
Thanks!

(Later today I to submit the wpewebkit update as well :D)

On Thu, 08 Feb 2024 08:09:39 +0100 Peter Korsgaard <peter at korsgaard.com> wrote:
> Fixes the following security issues:
> 
> https://webkitgtk.org/security/WSA-2024-0001.html
> 
> - CVE-2024-23222: Processing maliciously crafted web content may lead to
>   arbitrary code execution.  Apple is aware of a report that this issue may
>   have been exploited.  Description: A type confusion issue was addressed
>   with improved checks.
> 
> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
>   the user.  Description: An access issue was addressed with improved access
>   restrictions.
> 
> - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
>   Description: The issue was addressed with improved memory handling.
> 
> - CVE-2023-40414: Processing web content may lead to arbitrary code
>   execution.  Description: A use-after-free issue was addressed with
>   improved memory management.
> 
> - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
>   Description: A correctness issue was addressed with improved checks.
> 
> - CVE-2014-1745: Processing a file may lead to a denial-of-service or
>   potentially disclose memory contents.  Description: The issue was
>   addressed with improved checks.
> 
> https://webkitgtk.org/security/WSA-2023-0012.html
> 
> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
>   Description: The issue was addressed with improved memory handling.
> 
> - CVE-2023-42890: Processing web content may lead to arbitrary code
>   execution.  Description: The issue was addressed with improved memory
>   handling.
> 
> https://webkitgtk.org/security/WSA-2023-0011.html
> 
> - CVE-2023-42916: Processing web content may disclose sensitive information.
>   Apple is aware of a report that this issue may have been actively
>   exploited.  Description: An out-of-bounds read was addressed with improved
>   input validation.
> 
> - CVE-2023-42917: Processing web content may lead to arbitrary code
>   execution.  Apple is aware of a report that this issue may have been
>   actively exploited.  Description: A memory corruption vulnerability was
>   addressed with improved locking.
> 
> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
> causing a build issue.
> 
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

Acked-by: Adrian Perez de Castro <aperez at igalia.com>

> ---
>  ...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++
>  package/webkitgtk/webkitgtk.hash              |  6 +--
>  package/webkitgtk/webkitgtk.mk                |  2 +-
>  3 files changed, 43 insertions(+), 4 deletions(-)
>  create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> 
> diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> new file mode 100644
> index 0000000000..c9667fedbd
> --- /dev/null
> +++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> @@ -0,0 +1,39 @@
> +From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
> +From: Michael Catanzaro <mcatanzaro at redhat.com>
> +Date: Mon, 5 Feb 2024 11:00:49 -0600
> +Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
> + =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
> + =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
> + =?UTF-8?q?=3D268739?=
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Unreviewed build fix. Seems a backport went badly, and we didn't notice
> +because the code is architecture-specific.
> +
> +* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:
> +(JSC::CLoop::execute):
> +
> +Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff
> +Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> +---
> + Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 --
> + 1 file changed, 2 deletions(-)
> +
> +diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> +index 5064ead6cd2e..9a2e2653b121 100644
> +--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> ++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> +@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
> +     UNUSED_VARIABLE(t2);
> +     UNUSED_VARIABLE(t3);
> +     UNUSED_VARIABLE(t5);
> +-    UNUSED_VARIABLE(t6);
> +-    UNUSED_VARIABLE(t7);
> + 
> +     struct StackPointerScope {
> +         StackPointerScope(CLoopStack& stack)
> +-- 
> +2.39.2
> +
> diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
> index 59782732c3..ac4799d4cf 100644
> --- a/package/webkitgtk/webkitgtk.hash
> +++ b/package/webkitgtk/webkitgtk.hash
> @@ -1,6 +1,6 @@
> -# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums
> -sha1  05bec6a824e46f043b865478735bc8395249510e  webkitgtk-2.42.2.tar.xz
> -sha256  5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118  webkitgtk-2.42.2.tar.xz
> +# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums
> +sha1  c3ffb2beaac56f1089029f2254482f48d9e3db37  webkitgtk-2.42.5.tar.xz
> +sha256  b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749  webkitgtk-2.42.5.tar.xz
>  
>  # Hashes for license files:
>  sha256  0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4  Source/WebCore/LICENSE-APPLE
> diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
> index 611d7f65d3..075a36654f 100644
> --- a/package/webkitgtk/webkitgtk.mk
> +++ b/package/webkitgtk/webkitgtk.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -WEBKITGTK_VERSION = 2.42.2
> +WEBKITGTK_VERSION = 2.42.5
>  WEBKITGTK_SITE = https://www.webkitgtk.org/releases
>  WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
>  WEBKITGTK_INSTALL_STAGING = YES
> -- 
> 2.39.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot at buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
> 

Cheers,
—Adrián
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.buildroot.org/pipermail/buildroot/attachments/20240208/7b563768/attachment-0001.asc>

More information about the buildroot mailing list