package/webkitgtk: security bump to version 2.42.5

Message ID	20240208070939.493203-1-peter@korsgaard.com
State	Accepted
Headers	show Return-Path: <buildroot-bounces@buildroot.org> Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=217.70.183.200; helo=relay7-d.mail.gandi.net; envelope-from=peko@48ers.dk; receiver=<UNKNOWN> DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 618CF8435E From: Peter Korsgaard <peter@korsgaard.com> To: buildroot@buildroot.org Date: Thu, 8 Feb 2024 08:09:39 +0100 Message-Id: <20240208070939.493203-1-peter@korsgaard.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH] package/webkitgtk: security bump to version 2.42.5 Precedence: list Cc: Adrian Perez de Castro <aperez@igalia.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@buildroot.org Sender: "buildroot" <buildroot-bounces@buildroot.org>
Series	package/webkitgtk: security bump to version 2.42.5 \| expand package/webkitgtk: security bump to version 2.42.5

Message ID

20240208070939.493203-1-peter@korsgaard.com

State

Accepted

Headers

Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=217.70.183.200;
 helo=relay7-d.mail.gandi.net; envelope-from=peko@48ers.dk;
 receiver=<UNKNOWN>
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp1.osuosl.org 618CF8435E
From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Date: Thu,  8 Feb 2024 08:09:39 +0100
Message-Id: <20240208070939.493203-1-peter@korsgaard.com>
MIME-Version: 1.0
X-Mailman-Original-Authentication-Results: smtp1.osuosl.org;
 dmarc=none (p=none dis=none)
 header.from=korsgaard.com
Subject: [Buildroot] [PATCH] package/webkitgtk: security bump to version
 2.42.5
X-BeenThere: buildroot@buildroot.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.buildroot.org>
List-Unsubscribe: <https://lists.buildroot.org/mailman/options/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=unsubscribe>
List-Archive: <http://lists.buildroot.org/pipermail/buildroot/>
List-Post: <mailto:buildroot@buildroot.org>
List-Help: <mailto:buildroot-request@buildroot.org?subject=help>
List-Subscribe: <https://lists.buildroot.org/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@buildroot.org?subject=subscribe>
Cc: Adrian Perez de Castro <aperez@igalia.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@buildroot.org
Sender: "buildroot" <buildroot-bounces@buildroot.org>

Series

package/webkitgtk: security bump to version 2.42.5 | expand

Commit Message

Peter Korsgaard Feb. 8, 2024, 7:09 a.m. UTC

Fixes the following security issues:

https://webkitgtk.org/security/WSA-2024-0001.html

- CVE-2024-23222: Processing maliciously crafted web content may lead to
  arbitrary code execution.  Apple is aware of a report that this issue may
  have been exploited.  Description: A type confusion issue was addressed
  with improved checks.

- CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
  the user.  Description: An access issue was addressed with improved access
  restrictions.

- CVE-2024-23213: Processing web content may lead to arbitrary code execution.
  Description: The issue was addressed with improved memory handling.

- CVE-2023-40414: Processing web content may lead to arbitrary code
  execution.  Description: A use-after-free issue was addressed with
  improved memory management.

- CVE-2023-42833: Processing web content may lead to arbitrary code execution.
  Description: A correctness issue was addressed with improved checks.

- CVE-2014-1745: Processing a file may lead to a denial-of-service or
  potentially disclose memory contents.  Description: The issue was
  addressed with improved checks.

https://webkitgtk.org/security/WSA-2023-0012.html

- CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
  Description: The issue was addressed with improved memory handling.

- CVE-2023-42890: Processing web content may lead to arbitrary code
  execution.  Description: The issue was addressed with improved memory
  handling.

https://webkitgtk.org/security/WSA-2023-0011.html

- CVE-2023-42916: Processing web content may disclose sensitive information.
  Apple is aware of a report that this issue may have been actively
  exploited.  Description: An out-of-bounds read was addressed with improved
  input validation.

- CVE-2023-42917: Processing web content may lead to arbitrary code
  execution.  Apple is aware of a report that this issue may have been
  actively exploited.  Description: A memory corruption vulnerability was
  addressed with improved locking.

Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
causing a build issue.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++
 package/webkitgtk/webkitgtk.hash              |  6 +--
 package/webkitgtk/webkitgtk.mk                |  2 +-
 3 files changed, 43 insertions(+), 4 deletions(-)
 create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch

Comments

Adrian Perez de Castro Feb. 8, 2024, 9:28 a.m. UTC | #1

Hi Peter,

I was about to submit basically the same patch, you have beaten me to it.
Thanks!

(Later today I to submit the wpewebkit update as well :D)

On Thu, 08 Feb 2024 08:09:39 +0100 Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes the following security issues:
> 
> https://webkitgtk.org/security/WSA-2024-0001.html
> 
> - CVE-2024-23222: Processing maliciously crafted web content may lead to
>   arbitrary code execution.  Apple is aware of a report that this issue may
>   have been exploited.  Description: A type confusion issue was addressed
>   with improved checks.
> 
> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
>   the user.  Description: An access issue was addressed with improved access
>   restrictions.
> 
> - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
>   Description: The issue was addressed with improved memory handling.
> 
> - CVE-2023-40414: Processing web content may lead to arbitrary code
>   execution.  Description: A use-after-free issue was addressed with
>   improved memory management.
> 
> - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
>   Description: A correctness issue was addressed with improved checks.
> 
> - CVE-2014-1745: Processing a file may lead to a denial-of-service or
>   potentially disclose memory contents.  Description: The issue was
>   addressed with improved checks.
> 
> https://webkitgtk.org/security/WSA-2023-0012.html
> 
> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
>   Description: The issue was addressed with improved memory handling.
> 
> - CVE-2023-42890: Processing web content may lead to arbitrary code
>   execution.  Description: The issue was addressed with improved memory
>   handling.
> 
> https://webkitgtk.org/security/WSA-2023-0011.html
> 
> - CVE-2023-42916: Processing web content may disclose sensitive information.
>   Apple is aware of a report that this issue may have been actively
>   exploited.  Description: An out-of-bounds read was addressed with improved
>   input validation.
> 
> - CVE-2023-42917: Processing web content may lead to arbitrary code
>   execution.  Apple is aware of a report that this issue may have been
>   actively exploited.  Description: A memory corruption vulnerability was
>   addressed with improved locking.
> 
> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
> causing a build issue.
> 
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Acked-by: Adrian Perez de Castro <aperez@igalia.com>

> ---
>  ...velInterpreter.cpp-339-21-error-t6-w.patch | 39 +++++++++++++++++++
>  package/webkitgtk/webkitgtk.hash              |  6 +--
>  package/webkitgtk/webkitgtk.mk                |  2 +-
>  3 files changed, 43 insertions(+), 4 deletions(-)
>  create mode 100644 package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> 
> diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> new file mode 100644
> index 0000000000..c9667fedbd
> --- /dev/null
> +++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
> @@ -0,0 +1,39 @@
> +From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
> +From: Michael Catanzaro <mcatanzaro@redhat.com>
> +Date: Mon, 5 Feb 2024 11:00:49 -0600
> +Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
> + =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
> + =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
> + =?UTF-8?q?=3D268739?=
> +MIME-Version: 1.0
> +Content-Type: text/plain; charset=UTF-8
> +Content-Transfer-Encoding: 8bit
> +
> +Unreviewed build fix. Seems a backport went badly, and we didn't notice
> +because the code is architecture-specific.
> +
> +* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:
> +(JSC::CLoop::execute):
> +
> +Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff
> +Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> +---
> + Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 --
> + 1 file changed, 2 deletions(-)
> +
> +diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> +index 5064ead6cd2e..9a2e2653b121 100644
> +--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> ++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
> +@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
> +     UNUSED_VARIABLE(t2);
> +     UNUSED_VARIABLE(t3);
> +     UNUSED_VARIABLE(t5);
> +-    UNUSED_VARIABLE(t6);
> +-    UNUSED_VARIABLE(t7);
> + 
> +     struct StackPointerScope {
> +         StackPointerScope(CLoopStack& stack)
> +-- 
> +2.39.2
> +
> diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
> index 59782732c3..ac4799d4cf 100644
> --- a/package/webkitgtk/webkitgtk.hash
> +++ b/package/webkitgtk/webkitgtk.hash
> @@ -1,6 +1,6 @@
> -# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums
> -sha1  05bec6a824e46f043b865478735bc8395249510e  webkitgtk-2.42.2.tar.xz
> -sha256  5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118  webkitgtk-2.42.2.tar.xz
> +# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums
> +sha1  c3ffb2beaac56f1089029f2254482f48d9e3db37  webkitgtk-2.42.5.tar.xz
> +sha256  b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749  webkitgtk-2.42.5.tar.xz
>  
>  # Hashes for license files:
>  sha256  0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4  Source/WebCore/LICENSE-APPLE
> diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
> index 611d7f65d3..075a36654f 100644
> --- a/package/webkitgtk/webkitgtk.mk
> +++ b/package/webkitgtk/webkitgtk.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -WEBKITGTK_VERSION = 2.42.2
> +WEBKITGTK_VERSION = 2.42.5
>  WEBKITGTK_SITE = https://www.webkitgtk.org/releases
>  WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
>  WEBKITGTK_INSTALL_STAGING = YES
> -- 
> 2.39.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
> 

Cheers,
—Adrián

Peter Korsgaard Feb. 8, 2024, 12:57 p.m. UTC | #2

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > Fixes the following security issues:
 > https://webkitgtk.org/security/WSA-2024-0001.html

 > - CVE-2024-23222: Processing maliciously crafted web content may lead to
 >   arbitrary code execution.  Apple is aware of a report that this issue may
 >   have been exploited.  Description: A type confusion issue was addressed
 >   with improved checks.

 > - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
 >   the user.  Description: An access issue was addressed with improved access
 >   restrictions.

 > - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
 >   Description: The issue was addressed with improved memory handling.

 > - CVE-2023-40414: Processing web content may lead to arbitrary code
 >   execution.  Description: A use-after-free issue was addressed with
 >   improved memory management.

 > - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
 >   Description: A correctness issue was addressed with improved checks.

 > - CVE-2014-1745: Processing a file may lead to a denial-of-service or
 >   potentially disclose memory contents.  Description: The issue was
 >   addressed with improved checks.

 > https://webkitgtk.org/security/WSA-2023-0012.html

 > - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
 >   Description: The issue was addressed with improved memory handling.

 > - CVE-2023-42890: Processing web content may lead to arbitrary code
 >   execution.  Description: The issue was addressed with improved memory
 >   handling.

 > https://webkitgtk.org/security/WSA-2023-0011.html

 > - CVE-2023-42916: Processing web content may disclose sensitive information.
 >   Apple is aware of a report that this issue may have been actively
 >   exploited.  Description: An out-of-bounds read was addressed with improved
 >   input validation.

 > - CVE-2023-42917: Processing web content may lead to arbitrary code
 >   execution.  Apple is aware of a report that this issue may have been
 >   actively exploited.  Description: A memory corruption vulnerability was
 >   addressed with improved locking.

 > Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
 > causing a build issue.

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

Peter Korsgaard March 8, 2024, 1:45 p.m. UTC | #3

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
 >> Fixes the following security issues:
 >> https://webkitgtk.org/security/WSA-2024-0001.html

 >> - CVE-2024-23222: Processing maliciously crafted web content may lead to
 >> arbitrary code execution.  Apple is aware of a report that this issue may
 >> have been exploited.  Description: A type confusion issue was addressed
 >> with improved checks.

 >> - CVE-2024-23206: A maliciously crafted webpage may be able to fingerprint
 >> the user.  Description: An access issue was addressed with improved access
 >> restrictions.

 >> - CVE-2024-23213: Processing web content may lead to arbitrary code execution.
 >> Description: The issue was addressed with improved memory handling.

 >> - CVE-2023-40414: Processing web content may lead to arbitrary code
 >> execution.  Description: A use-after-free issue was addressed with
 >> improved memory management.

 >> - CVE-2023-42833: Processing web content may lead to arbitrary code execution.
 >> Description: A correctness issue was addressed with improved checks.

 >> - CVE-2014-1745: Processing a file may lead to a denial-of-service or
 >> potentially disclose memory contents.  Description: The issue was
 >> addressed with improved checks.

 >> https://webkitgtk.org/security/WSA-2023-0012.html

 >> - CVE-2023-42883: Processing a SVG image may lead to a denial-of-service.
 >> Description: The issue was addressed with improved memory handling.

 >> - CVE-2023-42890: Processing web content may lead to arbitrary code
 >> execution.  Description: The issue was addressed with improved memory
 >> handling.

 >> https://webkitgtk.org/security/WSA-2023-0011.html

 >> - CVE-2023-42916: Processing web content may disclose sensitive information.
 >> Apple is aware of a report that this issue may have been actively
 >> exploited.  Description: An out-of-bounds read was addressed with improved
 >> input validation.

 >> - CVE-2023-42917: Processing web content may lead to arbitrary code
 >> execution.  Apple is aware of a report that this issue may have been
 >> actively exploited.  Description: A memory corruption vulnerability was
 >> addressed with improved locking.

 >> Add an upstream post-2.42.5 patch to fix an issue with an invalid backport
 >> causing a build issue.

 >> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

 > Committed, thanks.

Committed to 2023.02.x and 2023.11.x, thanks.

diff --git a/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
new file mode 100644
index 0000000000..c9667fedbd
--- /dev/null
+++ b/package/webkitgtk/0001-GTK-2.42.5-LowLevelInterpreter.cpp-339-21-error-t6-w.patch
@@ -0,0 +1,39 @@ 
+From 3d5373575695b293b8559155431d0079a6153aff Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Mon, 5 Feb 2024 11:00:49 -0600
+Subject: [PATCH] =?UTF-8?q?[GTK]=20[2.42.5]=20LowLevelInterpreter.cpp:339:?=
+ =?UTF-8?q?21:=20error:=20=E2=80=98t6=E2=80=99=20was=20not=20declared=20in?=
+ =?UTF-8?q?=20this=20scope=20https://bugs.webkit.org/show=5Fbug.cgi=3Fid?=
+ =?UTF-8?q?=3D268739?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Unreviewed build fix. Seems a backport went badly, and we didn't notice
+because the code is architecture-specific.
+
+* Source/JavaScriptCore/llint/LowLevelInterpreter.cpp:
+(JSC::CLoop::execute):
+
+Upstream: https://github.com/WebKit/WebKit/commit/3d5373575695b293b8559155431d0079a6153aff
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ Source/JavaScriptCore/llint/LowLevelInterpreter.cpp | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
+index 5064ead6cd2e..9a2e2653b121 100644
+--- a/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
++++ b/Source/JavaScriptCore/llint/LowLevelInterpreter.cpp
+@@ -336,8 +336,6 @@ JSValue CLoop::execute(OpcodeID entryOpcodeID, void* executableAddress, VM* vm,
+     UNUSED_VARIABLE(t2);
+     UNUSED_VARIABLE(t3);
+     UNUSED_VARIABLE(t5);
+-    UNUSED_VARIABLE(t6);
+-    UNUSED_VARIABLE(t7);
+ 
+     struct StackPointerScope {
+         StackPointerScope(CLoopStack& stack)
+-- 
+2.39.2
+
diff --git a/package/webkitgtk/webkitgtk.hash b/package/webkitgtk/webkitgtk.hash
index 59782732c3..ac4799d4cf 100644
--- a/package/webkitgtk/webkitgtk.hash
+++ b/package/webkitgtk/webkitgtk.hash
@@ -1,6 +1,6 @@ 
-# From https://www.webkitgtk.org/releases/webkitgtk-2.42.2.tar.xz.sums
-sha1  05bec6a824e46f043b865478735bc8395249510e  webkitgtk-2.42.2.tar.xz
-sha256  5720aa3e8627f1b9f63252187d4df0f8233ae71d697b1796ebfbe5ca750bd118  webkitgtk-2.42.2.tar.xz
+# From https://www.webkitgtk.org/releases/webkitgtk-2.42.5.tar.xz.sums
+sha1  c3ffb2beaac56f1089029f2254482f48d9e3db37  webkitgtk-2.42.5.tar.xz
+sha256  b64278c1f20b8cfdbfb5ff573c37d871aba74a1db26d9b39f74e8953fe61e749  webkitgtk-2.42.5.tar.xz
 
 # Hashes for license files:
 sha256  0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4  Source/WebCore/LICENSE-APPLE
diff --git a/package/webkitgtk/webkitgtk.mk b/package/webkitgtk/webkitgtk.mk
index 611d7f65d3..075a36654f 100644
--- a/package/webkitgtk/webkitgtk.mk
+++ b/package/webkitgtk/webkitgtk.mk
@@ -4,7 +4,7 @@ 
 #
 ################################################################################
 
-WEBKITGTK_VERSION = 2.42.2
+WEBKITGTK_VERSION = 2.42.5
 WEBKITGTK_SITE = https://www.webkitgtk.org/releases
 WEBKITGTK_SOURCE = webkitgtk-$(WEBKITGTK_VERSION).tar.xz
 WEBKITGTK_INSTALL_STAGING = YES

package/webkitgtk: security bump to version 2.42.5

Commit Message

Comments

Patch