diff mbox series

package/wpewebkit: security bump to version 2.44.4

Message ID 20240914200240.4156241-1-aperez@igalia.com
State Accepted
Headers show
Series package/wpewebkit: security bump to version 2.44.4 | expand

Commit Message

Adrian Perez de Castro Sept. 14, 2024, 8:02 p.m. UTC 
Fixes security issues CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
CVE-2024-40782, CVE-2024-40789, and CVE-2024-4558. Security advisory:

  https://wpewebkit.org/security/WSA-2024-0004.html

Release notes:

  https://wpewebkit.org/release/wpewebkit-2.44.3.html
  https://wpewebkit.org/release/wpewebkit-2.44.4.html

Patch "0001-Remove-ARM-specific-declarations-in-FELighting.patch" has
been included as part of the fixes in version 2.44.3 and is therefore
removed.

Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
---
 ...-specific-declarations-in-FELighting.patch | 68 -------------------
 package/wpewebkit/wpewebkit.hash              |  8 +--
 package/wpewebkit/wpewebkit.mk                |  2 +-
 3 files changed, 5 insertions(+), 73 deletions(-)
 delete mode 100644 package/wpewebkit/0001-Remove-ARM-specific-declarations-in-FELighting.patch

Comments

Peter Korsgaard Oct. 11, 2024, 1 p.m. UTC | #1 
>>>>> "Adrian" == Adrian Perez de Castro <aperez@igalia.com> writes:

 > Fixes security issues CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
 > CVE-2024-40782, CVE-2024-40789, and CVE-2024-4558. Security advisory:

 >   https://wpewebkit.org/security/WSA-2024-0004.html

 > Release notes:

 >   https://wpewebkit.org/release/wpewebkit-2.44.3.html
 >   https://wpewebkit.org/release/wpewebkit-2.44.4.html

 > Patch "0001-Remove-ARM-specific-declarations-in-FELighting.patch" has
 > been included as part of the fixes in version 2.44.3 and is therefore
 > removed.

 > Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>

Committed to 2024.02.x and 2024.08.x, thanks.
diff mbox series

Patch

diff --git a/package/wpewebkit/0001-Remove-ARM-specific-declarations-in-FELighting.patch b/package/wpewebkit/0001-Remove-ARM-specific-declarations-in-FELighting.patch
deleted file mode 100644
index 9e2bc86fef..0000000000
--- a/package/wpewebkit/0001-Remove-ARM-specific-declarations-in-FELighting.patch
+++ /dev/null
@@ -1,68 +0,0 @@ 
-From 8863ceb3c8486f31e1ccfcd2c7c602fad9feac52 Mon Sep 17 00:00:00 2001
-From: Adrian Perez de Castro <aperez@igalia.com>
-Date: Mon, 27 May 2024 02:09:58 +0300
-Subject: [PATCH] Cherry-pick 279334@main (36d1b5d7c0ef). <bug>
-
-    Remove ARM-specific declarations in FELighting.h unneeded after 272873@main
-
-    Unreviewed build fix.
-
-    * Source/WebCore/platform/graphics/filters/FELighting.h: Remove unneeded
-      declarations for the getPowerCoefficients() and platformApplyNeon()
-      functions, which are now defined elsewhere; and were causing a build
-      failure due to usage of the protected LightingData type.
-    * Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp:
-      (WebCore::FELightingNeonParallelApplier::applyPlatformParallel const):
-      Add missing LightType:: namespace to uses of LS_POINT and LS_SPOT.
-
-    Canonical link: https://commits.webkit.org/279334@main
-
-Canonical link: https://commits.webkit.org/274313.261@webkitglib/2.44
-
-Signed-off-by: Adrian Perez de Castro <aperez@igalia.com>
-Upstream: https://github.com/WebKit/WebKit/commit/8863ceb3c8486f31e1ccfcd2c7c602fad9feac52
----
- .../cpu/arm/filters/FELightingNeonParallelApplier.cpp        | 4 ++--
- Source/WebCore/platform/graphics/filters/FELighting.h        | 5 -----
- 2 files changed, 2 insertions(+), 7 deletions(-)
-
-diff --git a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-index 04d855fa6d71..5f4250d87b61 100644
---- a/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-+++ b/Source/WebCore/platform/graphics/cpu/arm/filters/FELightingNeonParallelApplier.cpp
-@@ -542,14 +542,14 @@ void FELightingNeonParallelApplier::applyPlatformParallel(const LightingData& da
-     floatArguments.colorBlue = color.blue;
-     floatArguments.padding4 = 0;
- 
--    if (data.lightSource->type() == LS_POINT) {
-+    if (data.lightSource->type() == LightType::LS_POINT) {
-         neonData.flags |= FLAG_POINT_LIGHT;
-         auto& pointLightSource = downcast<PointLightSource>(*data.lightSource);
-         floatArguments.lightX = pointLightSource.position().x();
-         floatArguments.lightY = pointLightSource.position().y();
-         floatArguments.lightZ = pointLightSource.position().z();
-         floatArguments.padding2 = 0;
--    } else if (data.lightSource->type() == LS_SPOT) {
-+    } else if (data.lightSource->type() == LightType::LS_SPOT) {
-         neonData.flags |= FLAG_SPOT_LIGHT;
-         auto& spotLightSource = downcast<SpotLightSource>(*data.lightSource);
-         floatArguments.lightX = spotLightSource.position().x();
-diff --git a/Source/WebCore/platform/graphics/filters/FELighting.h b/Source/WebCore/platform/graphics/filters/FELighting.h
-index 4efab920b1c3..dcd80b6f42b7 100644
---- a/Source/WebCore/platform/graphics/filters/FELighting.h
-+++ b/Source/WebCore/platform/graphics/filters/FELighting.h
-@@ -68,11 +68,6 @@ protected:
- 
-     std::unique_ptr<FilterEffectApplier> createSoftwareApplier() const override;
- 
--#if CPU(ARM_NEON) && CPU(ARM_TRADITIONAL) && COMPILER(GCC_COMPATIBLE)
--    static int getPowerCoefficients(float exponent);
--    inline void platformApplyNeon(const LightingData&, const LightSource::PaintingData&);
--#endif
--
-     Color m_lightingColor;
-     float m_surfaceScale;
-     float m_diffuseConstant;
--- 
-2.45.2
-
diff --git a/package/wpewebkit/wpewebkit.hash b/package/wpewebkit/wpewebkit.hash
index 790adbb0d4..7a7cef15a5 100644
--- a/package/wpewebkit/wpewebkit.hash
+++ b/package/wpewebkit/wpewebkit.hash
@@ -1,7 +1,7 @@ 
-# From https://wpewebkit.org/releases/wpewebkit-2.44.2.tar.xz.sums
-md5  0e2a6d05b000e79c51c537ab3261b171  wpewebkit-2.44.2.tar.xz
-sha1  5bded217fab25aea776e41158fcdbd72d69a612e  wpewebkit-2.44.2.tar.xz
-sha256  2a3d23cb4fb071ca0db3a09c5a85f27b8bcc6094a2026d3b7407bed4f99218f7  wpewebkit-2.44.2.tar.xz
+# From https://wpewebkit.org/releases/wpewebkit-2.44.4.tar.xz.sums
+md5  4d91f3ff629c9356dcff866b68a4646f  wpewebkit-2.44.4.tar.xz
+sha1  ef1ea0484e9ec17a362afe9a709fe0754f05cc14  wpewebkit-2.44.4.tar.xz
+sha256  cd6042c63a6f883cc1586e5cea94e846aaaee6a864c14988e8af4ef4f362ba3b  wpewebkit-2.44.4.tar.xz
 
 # Hashes for license files:
 sha256  0b5d3a7cc325942567373b0ecd757d07c132e0ebd7c97bfc63f7e1a76094edb4  Source/WebCore/LICENSE-APPLE
diff --git a/package/wpewebkit/wpewebkit.mk b/package/wpewebkit/wpewebkit.mk
index d71ade577d..9f8a791b5a 100644
--- a/package/wpewebkit/wpewebkit.mk
+++ b/package/wpewebkit/wpewebkit.mk
@@ -5,7 +5,7 @@ 
 ################################################################################
 
 # The middle number is even for stable releases, odd for development ones.
-WPEWEBKIT_VERSION = 2.44.2
+WPEWEBKIT_VERSION = 2.44.4
 WPEWEBKIT_SITE = https://wpewebkit.org/releases
 WPEWEBKIT_SOURCE = wpewebkit-$(WPEWEBKIT_VERSION).tar.xz
 WPEWEBKIT_INSTALL_STAGING = YES