* [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5
@ 2024-02-08 7:09 Peter Korsgaard
2024-02-08 9:28 ` Adrian Perez de Castro
2024-02-08 12:57 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Peter Korsgaard @ 2024-02-08 7:09 UTC (permalink / raw)
To: buildroot; +Cc: Adrian Perez de Castro
Fixes the following security issues:
https://webkitgtk.org/security/WSA-2024-0001.html
- CVE-2024-23222: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue may
have been exploited. Description: A type confusion issue was addressed
with improved checks.
- CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
the user. Description: An access issue was addressed with improved access
restrictions.
- CVE-2024-23213: Processing web content may lead to arbitrary code execution.
Description: The issue was addressed with improved memory handling.
- CVE-2023-40414: Processing web content may lead to arbitrary code
execution. Description: A use-after-free issue was addressed with
improved memory management.
- CVE-2023-42833: Processing web content may lead to arbitrary code execution.
Description: A correctness issue was addressed with improved checks.
- CVE-2014-1745: Processing a file may lead to a denial-of-service or
potentially disclose memory contents. Description: The issue was
addressed with improved checks.
https://webkitgtk.org/security/WSA-2023-0012.html
- CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
Description: The issue was addressed with improved memory handling.
- CVE-2023-42890: Processing web content may lead to arbitrary code
execution. Description: The issue was addressed with improved memory
handling.
https://webkitgtk.org/security/WSA-2023-0011.html
- CVE-2023-42916: Processing web content may disclose sensitive information.
Apple is aware of a report that this issue may have been actively
exploited. Description: An out-of-bounds read was addressed with improved
input validation.
- CVE-2023-42917: Processing web content may lead to arbitrary code
execution. Apple is aware of a report that this issue may have been
actively exploited. Description: A memory corruption vulnerability was
addressed with improved locking.
Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
causing a build issue.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++
package/webkitgtk/webkitgtk.hash | 6 +--
package/webkitgtk/webkitgtk.mk | 2 +-
3 files changed, 43 insertions(+), 4 deletions(-)
create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
new file mode 100644
index 0000000000..c9667fedbd
--- /dev/null
+++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
@@ -0,0 +1,39 @@
+From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Mon, 5 Feb 2024 11:00:49 -0600
+Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
+ =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
+ =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
+ =?UTF-8?q?=3D268739?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Unreviewed build fix. Seems a backport went badly, and we didn't notice
+because the code is architecture-specific.
+
+* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:
+(JSC::CLoop::execute):
+
+Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
+index 5064ead6cd2e..9a2e2653b121 100644
+--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
+@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
+ UNUSED_VARIABLE(t2);
+ UNUSED_VARIABLE(t3);
+ UNUSED_VARIABLE(t5);
+- UNUSED_VARIABLE(t6);
+- UNUSED_VARIABLE(t7);
+
+ struct StackPointerScope {
+ StackPointerScope(CLoopStack& stack)
+--
+2.39.2
+
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 59782732c3..ac4799d4cf 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,6 +1,6 @@
-# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums
-sha1 05bec6a824e46f043b865478735bc8395249510e webkitgtk-2.42.2.tar.xz
-sha256 5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118 webkitgtk-2.42.2.tar.xz
+# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums
+sha1 c3ffb2beaac56f1089029f2254482f48d9e3db37 webkitgtk-2.42.5.tar.xz
+sha256 b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749 webkitgtk-2.42.5.tar.xz
# Hashes for license files:
sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index 611d7f65d3..075a36654f 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@
#
################################################################################
-WEBKITGTK_VERSION = 2.42.2
+WEBKITGTK_VERSION = 2.42.5
WEBKITGTK_SITE = https://www.webkitgtk.org/releases
WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
WEBKITGTK_INSTALL_STAGING = YES
--
2.39.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5
2024-02-08 7:09 [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5 Peter Korsgaard
@ 2024-02-08 9:28 ` Adrian Perez de Castro
2024-02-08 12:57 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Adrian Perez de Castro @ 2024-02-08 9:28 UTC (permalink / raw)
To: Peter Korsgaard; +Cc: buildroot
[-- Attachment #1.1: Type: text/plain, Size: 6525 bytes --]
Hi Peter,
I was about to submit basically the same patch, you have beaten me to it.
Thanks!
(Later today I to submit the wpewebkit update as well :D)
On Thu, 08 Feb 2024 08:09:39 +0100 Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
>
> https://webkitgtk.org/security/WSA-2024-0001.html
>
> - CVE-2024-23222: Processing maliciously crafted web content may lead to
> arbitrary code execution. Apple is aware of a report that this issue may
> have been exploited. Description: A type confusion issue was addressed
> with improved checks.
>
> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
> the user. Description: An access issue was addressed with improved access
> restrictions.
>
> - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
> Description: The issue was addressed with improved memory handling.
>
> - CVE-2023-40414: Processing web content may lead to arbitrary code
> execution. Description: A use-after-free issue was addressed with
> improved memory management.
>
> - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
> Description: A correctness issue was addressed with improved checks.
>
> - CVE-2014-1745: Processing a file may lead to a denial-of-service or
> potentially disclose memory contents. Description: The issue was
> addressed with improved checks.
>
> https://webkitgtk.org/security/WSA-2023-0012.html
>
> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
> Description: The issue was addressed with improved memory handling.
>
> - CVE-2023-42890: Processing web content may lead to arbitrary code
> execution. Description: The issue was addressed with improved memory
> handling.
>
> https://webkitgtk.org/security/WSA-2023-0011.html
>
> - CVE-2023-42916: Processing web content may disclose sensitive information.
> Apple is aware of a report that this issue may have been actively
> exploited. Description: An out-of-bounds read was addressed with improved
> input validation.
>
> - CVE-2023-42917: Processing web content may lead to arbitrary code
> execution. Apple is aware of a report that this issue may have been
> actively exploited. Description: A memory corruption vulnerability was
> addressed with improved locking.
>
> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
> causing a build issue.
>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Acked-by: Adrian Perez de Castro <aperez@igalia.com>
> ---
> ...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++
> package/webkitgtk/webkitgtk.hash | 6 +--
> package/webkitgtk/webkitgtk.mk | 2 +-
> 3 files changed, 43 insertions(+), 4 deletions(-)
> create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
>
> diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> new file mode 100644
> index 0000000000..c9667fedbd
> --- /dev/null
> +++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> @@ -0,0 +1,39 @@
> +From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
> +From: Michael Catanzaro <mcatanzaro@redhat.com>
> +Date: Mon, 5 Feb 2024 11:00:49 -0600
> +Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
> + =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
> + =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
> + =?UTF-8?q?=3D268739?=
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Unreviewed build fix. Seems a backport went badly, and we didn't notice
> +because the code is architecture-specific.
> +
> +* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:
> +(JSC::CLoop::execute):
> +
> +Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff
> +Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> +---
> + Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 --
> + 1 file changed, 2 deletions(-)
> +
> +diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> +index 5064ead6cd2e..9a2e2653b121 100644
> +--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> ++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> +@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
> + UNUSED_VARIABLE(t2);
> + UNUSED_VARIABLE(t3);
> + UNUSED_VARIABLE(t5);
> +- UNUSED_VARIABLE(t6);
> +- UNUSED_VARIABLE(t7);
> +
> + struct StackPointerScope {
> + StackPointerScope(CLoopStack& stack)
> +--
> +2.39.2
> +
> diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
> index 59782732c3..ac4799d4cf 100644
> --- a/package/webkitgtk/webkitgtk.hash
> +++ b/package/webkitgtk/webkitgtk.hash
> @@ -1,6 +1,6 @@
> -# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums
> -sha1 05bec6a824e46f043b865478735bc8395249510e webkitgtk-2.42.2.tar.xz
> -sha256 5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118 webkitgtk-2.42.2.tar.xz
> +# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums
> +sha1 c3ffb2beaac56f1089029f2254482f48d9e3db37 webkitgtk-2.42.5.tar.xz
> +sha256 b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749 webkitgtk-2.42.5.tar.xz
>
> # Hashes for license files:
> sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE
> diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
> index 611d7f65d3..075a36654f 100644
> --- a/package/webkitgtk/webkitgtk.mk
> +++ b/package/webkitgtk/webkitgtk.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -WEBKITGTK_VERSION = 2.42.2
> +WEBKITGTK_VERSION = 2.42.5
> WEBKITGTK_SITE = https://www.webkitgtk.org/releases
> WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
> WEBKITGTK_INSTALL_STAGING = YES
> --
> 2.39.2
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
>
Cheers,
—Adrián
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 150 bytes --]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5
2024-02-08 7:09 [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5 Peter Korsgaard
2024-02-08 9:28 ` Adrian Perez de Castro
@ 2024-02-08 12:57 ` Peter Korsgaard
2024-03-08 13:45 ` Peter Korsgaard
1 sibling, 1 reply; 4+ messages in thread
From: Peter Korsgaard @ 2024-02-08 12:57 UTC (permalink / raw)
To: buildroot; +Cc: Adrian Perez de Castro
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> Fixes the following security issues:
> https://webkitgtk.org/security/WSA-2024-0001.html
> - CVE-2024-23222: Processing maliciously crafted web content may lead to
> arbitrary code execution. Apple is aware of a report that this issue may
> have been exploited. Description: A type confusion issue was addressed
> with improved checks.
> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
> the user. Description: An access issue was addressed with improved access
> restrictions.
> - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
> Description: The issue was addressed with improved memory handling.
> - CVE-2023-40414: Processing web content may lead to arbitrary code
> execution. Description: A use-after-free issue was addressed with
> improved memory management.
> - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
> Description: A correctness issue was addressed with improved checks.
> - CVE-2014-1745: Processing a file may lead to a denial-of-service or
> potentially disclose memory contents. Description: The issue was
> addressed with improved checks.
> https://webkitgtk.org/security/WSA-2023-0012.html
> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
> Description: The issue was addressed with improved memory handling.
> - CVE-2023-42890: Processing web content may lead to arbitrary code
> execution. Description: The issue was addressed with improved memory
> handling.
> https://webkitgtk.org/security/WSA-2023-0011.html
> - CVE-2023-42916: Processing web content may disclose sensitive information.
> Apple is aware of a report that this issue may have been actively
> exploited. Description: An out-of-bounds read was addressed with improved
> input validation.
> - CVE-2023-42917: Processing web content may lead to arbitrary code
> execution. Apple is aware of a report that this issue may have been
> actively exploited. Description: A memory corruption vulnerability was
> addressed with improved locking.
> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
> causing a build issue.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5
2024-02-08 12:57 ` Peter Korsgaard
@ 2024-03-08 13:45 ` Peter Korsgaard
0 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2024-03-08 13:45 UTC (permalink / raw)
To: buildroot; +Cc: Adrian Perez de Castro
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>> Fixes the following security issues:
>> https://webkitgtk.org/security/WSA-2024-0001.html
>> - CVE-2024-23222: Processing maliciously crafted web content may lead to
>> arbitrary code execution. Apple is aware of a report that this issue may
>> have been exploited. Description: A type confusion issue was addressed
>> with improved checks.
>> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
>> the user. Description: An access issue was addressed with improved access
>> restrictions.
>> - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
>> Description: The issue was addressed with improved memory handling.
>> - CVE-2023-40414: Processing web content may lead to arbitrary code
>> execution. Description: A use-after-free issue was addressed with
>> improved memory management.
>> - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
>> Description: A correctness issue was addressed with improved checks.
>> - CVE-2014-1745: Processing a file may lead to a denial-of-service or
>> potentially disclose memory contents. Description: The issue was
>> addressed with improved checks.
>> https://webkitgtk.org/security/WSA-2023-0012.html
>> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
>> Description: The issue was addressed with improved memory handling.
>> - CVE-2023-42890: Processing web content may lead to arbitrary code
>> execution. Description: The issue was addressed with improved memory
>> handling.
>> https://webkitgtk.org/security/WSA-2023-0011.html
>> - CVE-2023-42916: Processing web content may disclose sensitive information.
>> Apple is aware of a report that this issue may have been actively
>> exploited. Description: An out-of-bounds read was addressed with improved
>> input validation.
>> - CVE-2023-42917: Processing web content may lead to arbitrary code
>> execution. Apple is aware of a report that this issue may have been
>> actively exploited. Description: A memory corruption vulnerability was
>> addressed with improved locking.
>> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
>> causing a build issue.
>> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> Committed, thanks.
Committed to 2023.02.x and 2023.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-03-08 13:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-08 7:09 [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5 Peter Korsgaard
2024-02-08 9:28 ` Adrian Perez de Castro
2024-02-08 12:57 ` Peter Korsgaard
2024-03-08 13:45 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox