!93 add build option PIE

From: @ultra_planet 
Reviewed-by: @t_feng 
Signed-off-by: @t_feng

0001-webkitgtk-add-loongarch.patch

@@ -0,0 +1,11 @@
+--- webkitgtk-2.28.4.orig/Source/WTF/wtf/dtoa/utils.h	2020-02-04 10:24:07.000000000 +0000
++++ webkitgtk-2.28.4/Source/WTF/wtf/dtoa/utils.h	2021-01-20 05:38:56.527343750 +0000
+@@ -86,7 +86,7 @@ int main(int argc, char** argv) {
+     defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \
+     defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+     defined(__sparc__) || defined(__sparc) || defined(__s390__) || \
+-    defined(__SH4__) || defined(__alpha__) || \
++    defined(__SH4__) || defined(__alpha__) || defined(__loongarch64) || \
+     defined(_MIPS_ARCH_MIPS32R2) || \
+     defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \
+     defined(__riscv) || \

backport-CVE-2022-30293-CVE-2022-30294.patch

@@ -1,87 +0,0 @@
-From: Miguel Gomez  <magomez@igalia.com>
-Date: 2022-03-22
-Subject: [PATCH] backport-CVE-2022-30293-CVE-2022-30294.patch
-      Ensure that proxies are invalidated before destroying them.
-      https://bugs.webkit.org/show_bug.cgi?id=237187
-
-Reference:https://bugs.webkit.org/attachment.cgi?id=455361&action=prettypatch
-
----
- .../CoordinatedGraphicsScene.cpp              | 26 ++++++++++++++++---
- 1 file changed, 22 insertions(+), 4 deletions(-)
-
-diff --git a/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp b/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp
-index cb276223..372021a6 100644
---- a/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp
-+++ b/Source/WebKit/Shared/CoordinatedGraphics/CoordinatedGraphicsScene.cpp
-@@ -230,10 +230,11 @@ void CoordinatedGraphicsScene::updateSceneState()
-         };
-         Vector<ImageBacking> imageBacking;
-     } layersByBacking;
-+    HashSet<Ref<WebCore::TextureMapperPlatformLayerProxy>> replacedProxiesToInvalidate;
- 
-     // Access the scene state and perform state update for each layer.
-     m_nicosia.scene->accessState(
--        [this, &layersByBacking](Nicosia::Scene::State& state)
-+        [this, &layersByBacking, &replacedProxiesToInvalidate](Nicosia::Scene::State& state)
-         {
-             // FIXME: try to minimize the amount of work in case the Scene::State object
-             // didn't change (i.e. no layer flush was done), but don't forget to properly
-@@ -250,12 +251,24 @@ void CoordinatedGraphicsScene::updateSceneState()
-                 }
-             }
- 
--            // Gather all the to-be-removed layers so that composition-side state
--            // can be properly purged after the current state's set of layers is adopted.
-             HashSet<RefPtr<Nicosia::CompositionLayer>> removedLayers;
-             for (auto& layer : m_nicosia.state.layers) {
-+                // Gather all the to-be-removed layers so that composition-side state
-+                // can be properly purged after the current state's set of layers is adopted.
-                 if (!state.layers.contains(layer))
-                     removedLayers.add(layer);
-+                else {
-+                    // Store references to all the proxies that are being used by the layers that are kept in the tree.
-+                    // When adopting the new state, the existent proxies may be replaced or detached from their layers, causing the
-+                    // reference to be lost without having a chance to invalidate them. After the call to commitState, we will
-+                    // invalidate all the proxies that are not being used anymore.
-+                    layer->accessCommitted(
-+                        [&replacedProxiesToInvalidate](const Nicosia::CompositionLayer::LayerState& committed)
-+                        {
-+                            if (committed.contentLayer)
-+                                replacedProxiesToInvalidate.add(Ref { contentLayerImpl(*committed.contentLayer).proxy() });
-+                        });
-+                }
-             }
- 
-             m_nicosia.state = state;
-@@ -270,7 +283,7 @@ void CoordinatedGraphicsScene::updateSceneState()
-             for (auto& compositionLayer : m_nicosia.state.layers) {
-                 auto& layer = texmapLayer(*compositionLayer);
-                 compositionLayer->commitState(
--                    [&layer, &layersByBacking]
-+                    [&layer, &layersByBacking, &replacedProxiesToInvalidate]
-                     (const Nicosia::CompositionLayer::LayerState& layerState)
-                     {
-                         if (layerState.delta.positionChanged)
-@@ -346,6 +359,7 @@ void CoordinatedGraphicsScene::updateSceneState()
-                             auto& impl = contentLayerImpl(*layerState.contentLayer);
-                             layersByBacking.contentLayer.append(
-                                 { std::ref(layer), std::ref(impl.proxy()), layerState.delta.contentLayerChanged });
-+                            replacedProxiesToInvalidate.remove(Ref { impl.proxy() });
-                         } else if (layerState.imageBacking) {
-                             auto& impl = imageBackingImpl(*layerState.imageBacking);
-                             layersByBacking.imageBacking.append(
-@@ -407,6 +421,10 @@ void CoordinatedGraphicsScene::updateSceneState()
- 
-     for (auto& proxy : proxiesForSwapping)
-         proxy->swapBuffer();
-+
-+    for (auto& proxy : replacedProxiesToInvalidate)
-+        proxy->invalidate();
-+    replacedProxiesToInvalidate = { };
- }
- 
- void CoordinatedGraphicsScene::ensureRootLayer()
--- 
-2.33.0
-

backport-CVE-2023-28204.patch

@@ -0,0 +1,102 @@
+From e34edaa74575ee13efcebdb7672b949a743ab32a Mon Sep 17 00:00:00 2001
+From: Michael Saboff <msaboff@apple.com>
+Date: Mon, 3 Apr 2023 20:25:08 -0700
+Subject: [PATCH] [JSC] RegExpGlobalData::performMatch issue leading to OOB
+ read https://bugs.webkit.org/show_bug.cgi?id=254930 rdar://107436732
+
+Reviewed by Alexey Shvayka.
+
+Fixed two issues:
+1) In YarrInterpreter.cpp::matchAssertionBOL() we were advancing the string position for non-BMP
+   characters.  Since it is an assertion, we shouldn't advance the character position.
+   Made the same fix to matchAssertionEOL().
+2) In StringPrototype.cpp::replaceUsingRegExpSearch(), we need to advance past both elements of
+   a non-BMP character for the case where the RegExp match is empty.
+
+* JSTests/stress/string-replace-regexp-matchBOL-correct-advancing.js: New test.
+* Source/JavaScriptCore/runtime/StringPrototype.cpp:
+(JSC::replaceUsingRegExpSearch):
+* Source/JavaScriptCore/yarr/YarrInterpreter.cpp:
+(JSC::Yarr::Interpreter::InputStream::readCheckedDontAdvance):
+(JSC::Yarr::Interpreter::matchAssertionBOL):
+(JSC::Yarr::Interpreter::matchAssertionEOL):
+
+Canonical link: https://commits.webkit.org/259548.551@safari-7615-branch
+---
+ .../runtime/StringPrototype.cpp               | 10 ++++++++++
+ .../JavaScriptCore/yarr/YarrInterpreter.cpp   | 19 +++++++++++++++++--
+ 2 files changed, 27 insertions(+), 2 deletions(-)
+
+diff --git a/Source/JavaScriptCore/runtime/StringPrototype.cpp b/Source/JavaScriptCore/runtime/StringPrototype.cpp
+index 08104b1d..459295f7 100644
+--- a/Source/JavaScriptCore/runtime/StringPrototype.cpp
++++ b/Source/JavaScriptCore/runtime/StringPrototype.cpp
+@@ -603,6 +603,11 @@ static ALWAYS_INLINE JSString* replaceUsingRegExpSearch(
+                 startPosition++;
+                 if (startPosition > sourceLen)
+                     break;
++                if (U16_IS_LEAD(source[startPosition - 1]) && U16_IS_TRAIL(source[startPosition])) {
++                    startPosition++;
++                    if (startPosition > sourceLen)
++                        break;
++                }
+             }
+         }
+     } else {
+@@ -682,6 +687,11 @@ static ALWAYS_INLINE JSString* replaceUsingRegExpSearch(
+                 startPosition++;
+                 if (startPosition > sourceLen)
+                     break;
++                if (U16_IS_LEAD(source[startPosition - 1]) && U16_IS_TRAIL(source[startPosition])) {
++                    startPosition++;
++                    if (startPosition > sourceLen)
++                        break;
++                }
+             }
+         } while (global);
+     }
+diff --git a/Source/JavaScriptCore/yarr/YarrInterpreter.cpp b/Source/JavaScriptCore/yarr/YarrInterpreter.cpp
+index 95a848a1..d222e620 100644
+--- a/Source/JavaScriptCore/yarr/YarrInterpreter.cpp
++++ b/Source/JavaScriptCore/yarr/YarrInterpreter.cpp
+@@ -209,6 +209,21 @@ public:
+             }
+             return result;
+         }
++
++	int readCheckedDontAdvance(unsigned negativePositionOffest)
++        {
++            RELEASE_ASSERT(pos >= negativePositionOffest);
++            unsigned p = pos - negativePositionOffest;
++            ASSERT(p < length);
++            int result = input[p];
++            if (U16_IS_LEAD(result) && decodeSurrogatePairs && p + 1 < length && U16_IS_TRAIL(input[p + 1])) {
++                if (atEnd())
++                    return -1;
++
++                result = U16_GET_SUPPLEMENTARY(result, input[p + 1]);
++            }
++            return result;
++        }
+         
+         int readSurrogatePairChecked(unsigned negativePositionOffset)
+         {
+@@ -482,13 +497,13 @@ public:
+ 
+     bool matchAssertionBOL(ByteTerm& term)
+     {
+-        return (input.atStart(term.inputPosition)) || (pattern->multiline() && testCharacterClass(pattern->newlineCharacterClass, input.readChecked(term.inputPosition + 1)));
++        return (input.atStart(term.inputPosition)) || (pattern->multiline() && testCharacterClass(pattern->newlineCharacterClass, input.readCheckedDontAdvance(term.inputPosition + 1)));
+     }
+ 
+     bool matchAssertionEOL(ByteTerm& term)
+     {
+         if (term.inputPosition)
+-            return (input.atEnd(term.inputPosition)) || (pattern->multiline() && testCharacterClass(pattern->newlineCharacterClass, input.readChecked(term.inputPosition)));
++            return (input.atEnd(term.inputPosition)) || (pattern->multiline() && testCharacterClass(pattern->newlineCharacterClass, input.readCheckedDontAdvance(term.inputPosition)));
+ 
+         return (input.atEnd()) || (pattern->multiline() && testCharacterClass(pattern->newlineCharacterClass, input.read()));
+     }
+-- 
+2.33.0
+

backport-CVE-2023-32373.patch

@@ -0,0 +1,36 @@
+From 85fd2302d16a09a82d9a6e81eb286babb23c4b3c Mon Sep 17 00:00:00 2001
+From: Antoine Quint <graouts@webkit.org>
+Date: Mon, 22 May 2023 13:37:32 -0700
+Subject: [PATCH] Potential use-after-free in WebAnimation::commitStyles
+ https://bugs.webkit.org/show_bug.cgi?id=254840 rdar://107444873
+
+Reviewed by Dean Jackson and Darin Adler.
+
+Ensure that the animation's effect and target are kept alive for the duration of this method
+since it is possible that calling updateStyleIfNeeded() could call into JavaScript and thus
+these two pointers could be changed to a null value using the Web Animations API.
+
+* Source/WebCore/animation/WebAnimation.cpp:
+(WebCore::WebAnimation::commitStyles):
+
+Originally-landed-as: 259548.532@safari-7615-branch (1d6fe184ea53). rdar://107444873
+Canonical link: https://commits.webkit.org/264363@main
+---
+ Source/WebCore/animation/WebAnimation.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Source/WebCore/animation/WebAnimation.cpp b/Source/WebCore/animation/WebAnimation.cpp
+index 68ea47985807..ae20c79c36cf 100644
+--- a/Source/WebCore/animation/WebAnimation.cpp
++++ b/Source/WebCore/animation/WebAnimation.cpp
+@@ -1531,8 +1531,8 @@ ExceptionOr<void> WebAnimation::commitStyles()
+     // https://drafts.csswg.org/web-animations-1/#commit-computed-styles
+ 
+     // 1. Let targets be the set of all effect targets for animation effects associated with animation.
+-    auto* effect = dynamicDowncast<KeyframeEffect>(m_effect.get());
+-    auto* target = effect ? effect->target() : nullptr;
++    RefPtr effect = dynamicDowncast<KeyframeEffect>(m_effect.get());
++    RefPtr target = effect ? effect->target() : nullptr;
+ 
+     // 2. For each target in targets:
+     //

backport-CVE-2023-32409.patch

@@ -0,0 +1,32 @@
+From 54408f5746f2401721bd56d71de132a22b6f9856 Mon Sep 17 00:00:00 2001
+From: Mike Wyrzykowski <mwyrzykowski@apple.com>
+Date: Wed, 12 Apr 2023 17:30:56 -0700
+Subject: [PATCH] [WebGPU] RemoteBuffer unmap should check the input vector
+ https://bugs.webkit.org/show_bug.cgi?id=255350 <rdar://107947502>
+
+Reviewed by Myles C. Maxfield.
+
+Ensure data vector passed to unmap is valid for the currently
+mapped buffer.
+
+* Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp:
+(WebKit::RemoteBuffer::unmap):
+
+Canonical link: https://commits.webkit.org/262895@main
+---
+ Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp b/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
+index f533f5c30c32b..ec12ea2ac171b 100644
+--- a/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
++++ b/Source/WebKit/GPUProcess/graphics/WebGPU/RemoteBuffer.cpp
+@@ -79,7 +79,7 @@ void RemoteBuffer::getMappedRange(PAL::WebGPU::Size64 offset, std::optional<PAL:
+ 
+ void RemoteBuffer::unmap(Vector<uint8_t>&& data)
+ {
+-    if (!m_mappedRange)
++    if (!m_mappedRange || m_mappedRange->byteLength < data.size())
+         return;
+     ASSERT(m_isMapped);
+

webkit2gtk3.spec

@@ -6,18 +6,30 @@
 %bcond_without docs
 %endif
 
-
 #Basic Information
 Name:           webkit2gtk3
-Version:        2.32.1
-Release:        3
+Version:        2.36.3
+Release:        5
 Summary:        GTK+ Web content engine library
 License:        LGPLv2
-URL:            http://www.webkitgtk.org/
-Source0:        http://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
+URL:            https://www.webkitgtk.org/
+Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 Source1:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc
 
-Patch6000:      backport-CVE-2022-30293-CVE-2022-30294.patch
+#Patch0:         aarch64-page-size.patch
+
+#Patch6000:	backport-CVE-2021-42762.patch
+#Patch6001:      backport-CVE-2022-30293-CVE-2022-30294.patch 
+%ifarch loongarch64
+Patch0001:      0001-webkitgtk-add-loongarch.patch
+%endif
+%ifarch sw_64
+Patch0002:      webkitgtk-2.32.1-sw.patch
+%endif
+
+Patch6000:      backport-CVE-2023-28204.patch
+Patch6001:      backport-CVE-2023-32373.patch
+Patch6002:      backport-CVE-2023-32409.patch
 
 #Dependency
 BuildRequires:  at-spi2-core-devel bison cairo-devel cmake enchant2-devel
@@ -30,14 +42,16 @@ BuildRequires:  gtk3-devel gtk-doc geoclue2-devel libjpeg-turbo-devel
 BuildRequires:  harfbuzz-devel hyphen-devel bubblewrap xdg-dbus-proxy
 BuildRequires:  libatomic libicu-devel libjpeg-devel libnotify-devel
 BuildRequires:  libpng-devel libsecret-devel libsoup-devel libwebp-devel
-BuildRequires:  libxslt-devel libXt-devel libwayland-client-devel
+BuildRequires:  libxslt-devel libXt-devel libwayland-client-devel wayland-protocols-devel
 BuildRequires:  libwayland-egl-devel libwayland-server-devel openjpeg2-devel
 BuildRequires:  mesa-libEGL-devel mesa-libGL-devel libglvnd-devel
 BuildRequires:  pcre-devel perl-File-Copy-Recursive perl-JSON-PP perl-Switch
 BuildRequires:  python3 ruby rubygems sqlite-devel upower-devel woff2-devel pkgconfig(libsystemd)
+BuildRequires:  perl lcms2-devel libgcrypt-devel libtasn1-devel wayland-devel
+#BuildRequires:  pkgconfig(manette-0.2)
 Requires:       geoclue2 bubblewrap xdg-dbus-proxy
 Requires:       webkit2gtk3-jsc = %{version}-%{release}
-Recommends:     xdg-desktop-portal-gtk
+Recommends:     xdg-desktop-portal-gtk gstreamer1-plugins-bad-free gstreamer1-plugins-good
 
 Provides:       bundled(angle)
 Provides:       bundled(xdgmime)
@@ -111,6 +125,9 @@ rm -rf Source/ThirdParty/qunit/
 
 %build
 %global optflags %(echo %{optflags} -Wl,--no-keep-memory | sed 's/-g /-g1 /')
+export CFLAGS="%{optflags} -fPIE -pie"
+export CXXFLAGS="%{optflags} -fPIE -pie"
+export LDFLAGS="%{build_ldflags} -pie"
 mkdir -p %{_target_platform}
 pushd %{_target_platform}
 %cmake \
@@ -121,12 +138,13 @@ pushd %{_target_platform}
   -DENABLE_GTKDOC=ON \
 %endif
   -DENABLE_MINIBROWSER=ON \
+  -DUSE_SOUP2=ON \
   -DPYTHON_EXECUTABLE=%{_bindir}/python3 \
   -DENABLE_GAMEPAD=OFF \
   -DCMAKE_EXE_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
   -DCMAKE_MODULE_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
   -DCMAKE_SHARED_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
-%ifarch aarch64
+%ifarch aarch64 loongarch64
   -DENABLE_JIT=OFF \
   -DUSE_SYSTEM_MALLOC=ON \
 %endif
@@ -187,6 +205,7 @@ done
 %files jsc-devel
 %{_libexecdir}/webkit2gtk-4.0/jsc
 %dir %{_includedir}/webkitgtk-4.0
+%{_includedir}/webkitgtk-4.0/jsc/
 %{_includedir}/webkitgtk-4.0/JavaScriptCore/
 %{_libdir}/libjavascriptcoregtk-4.0.so
 %{_libdir}/pkgconfig/javascriptcoregtk-4.0.pc
@@ -203,9 +222,36 @@ done
 %endif
 
 %changelog
-* Mon Jun 06 2022 zhanzhimin<zhanzhimin@h-partners.com> - 2.32.1-3
+* Fri May 31 2024 lingsheng <lingsheng1@h-partners.com> - 2.36.3-5
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:add build option PIE
+
+* Mon May 29 2023 zhangpan<zhangpan103@h-partners.com> - 2.36.3-4
+- fix CVE-2023-28204 CVE-2023-32373 CVE-2023-32409
+
+* Tue Nov 29 2022 wuzx<wuzx1226@qq.com> - 2.36.3-3
+- Add sw64 architecture
+
+* Mon Nov 14 2022 huajingyun <huajingyun@loongson.cn> 2.36.3-2
+- Add support loongarch
+
+* Mon Jun 13 2022 lin zhang <lin.zhang@turbolinux.com.cn> 2.36.3-1
+- Update to 2.36.3
+
+* Fri Jun 10 2022 zhujunhao<zhujunhao11@huawei.com> - 2.32.4-4
+- add wayland-porotocols-devel buildrequires
+
+* Tue Jun 07 2022 houjinchang<houjinchang@huawei.com> - 2.32.4-3
 - fix CVE-2022-30293 and CVE-2022-30294
 
+* Thu Nov 04 2021 liuyumeng<liuyumeng5@huawei.com> - 2.32.4-2
+- fix CVE-2021-42762
+
+* Fri Oct 22 2021 zhanzhimin<zhanzhimin@huawei.com> - 2.32.4-1
+- upgrade to 2.32.4
+
 * Thu Jul 29 2021 wangkerong<wangkerong@huawei.com> - 2.32.1-2
 - change xdg-desktop-protal-gts dependences
 
@@ -250,4 +296,3 @@ done
 
 * Wed Sep 18 2019 openEuler Buildteam <buildteam@openeuler.org> - 2.22.2-1
 - Package init
-

webkit2gtk3.yaml

@@ -1,5 +1,5 @@
 version_control: NA
 src_repo: 
 tag_prefix: 
-seperator: 
-url: https://www.webkitgtk.org/releases/
+separator: 
+url: https://www.webkitgtk.org/releases/

webkitgtk-2.32.1-sw.patch

@@ -0,0 +1,12 @@
+diff -Naur webkitgtk-2.32.1.org/Source/WTF/wtf/dtoa/utils.h webkitgtk-2.32.1.sw/Source/WTF/wtf/dtoa/utils.h
+--- webkitgtk-2.32.1.org/Source/WTF/wtf/dtoa/utils.h	2022-06-06 15:32:28.840000000 +0000
++++ webkitgtk-2.32.1.sw/Source/WTF/wtf/dtoa/utils.h	2022-06-06 15:33:01.600000000 +0000
+@@ -86,7 +86,7 @@
+     defined(__powerpc__) || defined(__ppc__) || defined(__ppc64__) || \
+     defined(_POWER) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || \
+     defined(__sparc__) || defined(__sparc) || defined(__s390__) || \
+-    defined(__SH4__) || defined(__alpha__) || \
++    defined(__SH4__) || defined(__alpha__) || defined(__sw_64__) || \
+     defined(_MIPS_ARCH_MIPS32R2) || \
+     defined(__AARCH64EL__) || defined(__aarch64__) || defined(__AARCH64EB__) || \
+     defined(__riscv) || \

webkitgtk-2.36.3.tar.xz.asc

@@ -0,0 +1,6 @@
+-----BEGIN PGP SIGNATURE-----
+
+iF0EABECAB0WIQRao7wzT9fjNp58d7KRxVnb5MkSOwUCYpHpvAAKCRCRxVnb5MkS
+O27PAJ9ptAQKzmWX16VWJ1yyn/CaHwKJ8QCfV5gesH/nXmV7IsZn5vv+jDixo58=
+=AWMS
+-----END PGP SIGNATURE-----