Message ID | 20240208070939.493203-1-peter@korsgaard.com |
---|---|
State | Accepted |
Headers | show |
Series | package/webkitgtk: security bump to version 2.42.5 | expand |
Hi Peter, I was about to submit basically the same patch, you have beaten me to it. Thanks! (Later today I to submit the wpewebkit update as well :D) On Thu, 08 Feb 2024 08:09:39 +0100 Peter Korsgaard <peter@korsgaard.com> wrote: > Fixes the following security issues: > > https://webkitgtk.org/security/WSA-2024-0001.html > > - CVE-2024-23222: Processing maliciously crafted web content may lead to > arbitrary code execution. Apple is aware of a report that this issue may > have been exploited. Description: A type confusion issue was addressed > with improved checks. > > - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint > the user. Description: An access issue was addressed with improved access > restrictions. > > - CVE-2024-23213: Processing web content may lead to arbitrary code execution. > Description: The issue was addressed with improved memory handling. > > - CVE-2023-40414: Processing web content may lead to arbitrary code > execution. Description: A use-after-free issue was addressed with > improved memory management. > > - CVE-2023-42833: Processing web content may lead to arbitrary code execution. > Description: A correctness issue was addressed with improved checks. > > - CVE-2014-1745: Processing a file may lead to a denial-of-service or > potentially disclose memory contents. Description: The issue was > addressed with improved checks. > > https://webkitgtk.org/security/WSA-2023-0012.html > > - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service. > Description: The issue was addressed with improved memory handling. > > - CVE-2023-42890: Processing web content may lead to arbitrary code > execution. Description: The issue was addressed with improved memory > handling. > > https://webkitgtk.org/security/WSA-2023-0011.html > > - CVE-2023-42916: Processing web content may disclose sensitive information. > Apple is aware of a report that this issue may have been actively > exploited. Description: An out-of-bounds read was addressed with improved > input validation. > > - CVE-2023-42917: Processing web content may lead to arbitrary code > execution. Apple is aware of a report that this issue may have been > actively exploited. Description: A memory corruption vulnerability was > addressed with improved locking. > > Add an upstream post-2.42.5 patch to fix an issue with an invalid backport > causing a build issue. > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Acked-by: Adrian Perez de Castro <aperez@igalia.com> > --- > ...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++ > package/webkitgtk/webkitgtk.hash | 6 +-- > package/webkitgtk/webkitgtk.mk | 2 +- > 3 files changed, 43 insertions(+), 4 deletions(-) > create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch > > diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch > new file mode 100644 > index 0000000000..c9667fedbd > --- /dev/null > +++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch > @@ -0,0 +1,39 @@ > +From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001 > +From: Michael Catanzaro <mcatanzaro@redhat.com> > +Date: Mon, 5 Feb 2024 11:00:49 -0600 > +Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?= > + =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?= > + =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?= > + =?UTF-8?q?=3D268739?= > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +Unreviewed build fix. Seems a backport went badly, and we didn't notice > +because the code is architecture-specific. > + > +* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp: > +(JSC::CLoop::execute): > + > +Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff > +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > +--- > + Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 -- > + 1 file changed, 2 deletions(-) > + > +diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp > +index 5064ead6cd2e..9a2e2653b121 100644 > +--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp > ++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp > +@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm, > + UNUSED_VARIABLE(t2); > + UNUSED_VARIABLE(t3); > + UNUSED_VARIABLE(t5); > +- UNUSED_VARIABLE(t6); > +- UNUSED_VARIABLE(t7); > + > + struct StackPointerScope { > + StackPointerScope(CLoopStack& stack) > +-- > +2.39.2 > + > diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash > index 59782732c3..ac4799d4cf 100644 > --- a/package/webkitgtk/webkitgtk.hash > +++ b/package/webkitgtk/webkitgtk.hash > @@ -1,6 +1,6 @@ > -# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums > -sha1 05bec6a824e46f043b865478735bc8395249510e webkitgtk-2.42.2.tar.xz > -sha256 5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118 webkitgtk-2.42.2.tar.xz > +# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums > +sha1 c3ffb2beaac56f1089029f2254482f48d9e3db37 webkitgtk-2.42.5.tar.xz > +sha256 b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749 webkitgtk-2.42.5.tar.xz > > # Hashes for license files: > sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE > diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk > index 611d7f65d3..075a36654f 100644 > --- a/package/webkitgtk/webkitgtk.mk > +++ b/package/webkitgtk/webkitgtk.mk > @@ -4,7 +4,7 @@ > # > ################################################################################ > > -WEBKITGTK_VERSION = 2.42.2 > +WEBKITGTK_VERSION = 2.42.5 > WEBKITGTK_SITE = https://www.webkitgtk.org/releases > WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz > WEBKITGTK_INSTALL_STAGING = YES > -- > 2.39.2 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot > Cheers, —Adrián
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > Fixes the following security issues: > https://webkitgtk.org/security/WSA-2024-0001.html > - CVE-2024-23222: Processing maliciously crafted web content may lead to > arbitrary code execution. Apple is aware of a report that this issue may > have been exploited. Description: A type confusion issue was addressed > with improved checks. > - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint > the user. Description: An access issue was addressed with improved access > restrictions. > - CVE-2024-23213: Processing web content may lead to arbitrary code execution. > Description: The issue was addressed with improved memory handling. > - CVE-2023-40414: Processing web content may lead to arbitrary code > execution. Description: A use-after-free issue was addressed with > improved memory management. > - CVE-2023-42833: Processing web content may lead to arbitrary code execution. > Description: A correctness issue was addressed with improved checks. > - CVE-2014-1745: Processing a file may lead to a denial-of-service or > potentially disclose memory contents. Description: The issue was > addressed with improved checks. > https://webkitgtk.org/security/WSA-2023-0012.html > - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service. > Description: The issue was addressed with improved memory handling. > - CVE-2023-42890: Processing web content may lead to arbitrary code > execution. Description: The issue was addressed with improved memory > handling. > https://webkitgtk.org/security/WSA-2023-0011.html > - CVE-2023-42916: Processing web content may disclose sensitive information. > Apple is aware of a report that this issue may have been actively > exploited. Description: An out-of-bounds read was addressed with improved > input validation. > - CVE-2023-42917: Processing web content may lead to arbitrary code > execution. Apple is aware of a report that this issue may have been > actively exploited. Description: A memory corruption vulnerability was > addressed with improved locking. > Add an upstream post-2.42.5 patch to fix an issue with an invalid backport > causing a build issue. > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: >> Fixes the following security issues: >> https://webkitgtk.org/security/WSA-2024-0001.html >> - CVE-2024-23222: Processing maliciously crafted web content may lead to >> arbitrary code execution. Apple is aware of a report that this issue may >> have been exploited. Description: A type confusion issue was addressed >> with improved checks. >> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint >> the user. Description: An access issue was addressed with improved access >> restrictions. >> - CVE-2024-23213: Processing web content may lead to arbitrary code execution. >> Description: The issue was addressed with improved memory handling. >> - CVE-2023-40414: Processing web content may lead to arbitrary code >> execution. Description: A use-after-free issue was addressed with >> improved memory management. >> - CVE-2023-42833: Processing web content may lead to arbitrary code execution. >> Description: A correctness issue was addressed with improved checks. >> - CVE-2014-1745: Processing a file may lead to a denial-of-service or >> potentially disclose memory contents. Description: The issue was >> addressed with improved checks. >> https://webkitgtk.org/security/WSA-2023-0012.html >> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service. >> Description: The issue was addressed with improved memory handling. >> - CVE-2023-42890: Processing web content may lead to arbitrary code >> execution. Description: The issue was addressed with improved memory >> handling. >> https://webkitgtk.org/security/WSA-2023-0011.html >> - CVE-2023-42916: Processing web content may disclose sensitive information. >> Apple is aware of a report that this issue may have been actively >> exploited. Description: An out-of-bounds read was addressed with improved >> input validation. >> - CVE-2023-42917: Processing web content may lead to arbitrary code >> execution. Apple is aware of a report that this issue may have been >> actively exploited. Description: A memory corruption vulnerability was >> addressed with improved locking. >> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport >> causing a build issue. >> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > Committed, thanks. Committed to 2023.02.x and 2023.11.x, thanks.
diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch new file mode 100644 index 0000000000..c9667fedbd --- /dev/null +++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch @@ -0,0 +1,39 @@ +From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001 +From: Michael Catanzaro <mcatanzaro@redhat.com> +Date: Mon, 5 Feb 2024 11:00:49 -0600 +Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?= + =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?= + =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?= + =?UTF-8?q?=3D268739?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Unreviewed build fix. Seems a backport went badly, and we didn't notice +because the code is architecture-specific. + +* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp: +(JSC::CLoop::execute): + +Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 -- + 1 file changed, 2 deletions(-) + +diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp +index 5064ead6cd2e..9a2e2653b121 100644 +--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp ++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp +@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm, + UNUSED_VARIABLE(t2); + UNUSED_VARIABLE(t3); + UNUSED_VARIABLE(t5); +- UNUSED_VARIABLE(t6); +- UNUSED_VARIABLE(t7); + + struct StackPointerScope { + StackPointerScope(CLoopStack& stack) +-- +2.39.2 + diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash index 59782732c3..ac4799d4cf 100644 --- a/package/webkitgtk/webkitgtk.hash +++ b/package/webkitgtk/webkitgtk.hash @@ -1,6 +1,6 @@ -# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums -sha1 05bec6a824e46f043b865478735bc8395249510e webkitgtk-2.42.2.tar.xz -sha256 5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118 webkitgtk-2.42.2.tar.xz +# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums +sha1 c3ffb2beaac56f1089029f2254482f48d9e3db37 webkitgtk-2.42.5.tar.xz +sha256 b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749 webkitgtk-2.42.5.tar.xz # Hashes for license files: sha256 0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4 Source/WebCore/LICENSE-APPLE diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk index 611d7f65d3..075a36654f 100644 --- a/package/webkitgtk/webkitgtk.mk +++ b/package/webkitgtk/webkitgtk.mk @@ -4,7 +4,7 @@ # ################################################################################ -WEBKITGTK_VERSION = 2.42.2 +WEBKITGTK_VERSION = 2.42.5 WEBKITGTK_SITE = https://www.webkitgtk.org/releases WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz WEBKITGTK_INSTALL_STAGING = YES
Fixes the following security issues: https://webkitgtk.org/security/WSA-2024-0001.html - CVE-2024-23222: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. Description: A type confusion issue was addressed with improved checks. - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint the user. Description: An access issue was addressed with improved access restrictions. - CVE-2024-23213: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling. - CVE-2023-40414: Processing web content may lead to arbitrary code execution. Description: A use-after-free issue was addressed with improved memory management. - CVE-2023-42833: Processing web content may lead to arbitrary code execution. Description: A correctness issue was addressed with improved checks. - CVE-2014-1745: Processing a file may lead to a denial-of-service or potentially disclose memory contents. Description: The issue was addressed with improved checks. https://webkitgtk.org/security/WSA-2023-0012.html - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service. Description: The issue was addressed with improved memory handling. - CVE-2023-42890: Processing web content may lead to arbitrary code execution. Description: The issue was addressed with improved memory handling. https://webkitgtk.org/security/WSA-2023-0011.html - CVE-2023-42916: Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. Description: An out-of-bounds read was addressed with improved input validation. - CVE-2023-42917: Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A memory corruption vulnerability was addressed with improved locking. Add an upstream post-2.42.5 patch to fix an issue with an invalid backport causing a build issue. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- ...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++ package/webkitgtk/webkitgtk.hash | 6 +-- package/webkitgtk/webkitgtk.mk | 2 +- 3 files changed, 43 insertions(+), 4 deletions(-) create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch