From 293d70485673f42ebfbc6a1b2071bf8b66f80bff Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Wed, 13 Aug 2025 15:25:49 +0800
Subject: [PATCH] 2.48.5

---
 backport-CVE-2025-24201.patch                 | 53 ---------------
 webkit2gtk4_1.spec                            | 19 ++++--
 ...gtk-2.48.1-drop-Wunsafe-buffer-usage.patch | 11 ++++
 ...k-2.46.6.tar.xz => webkitgtk-2.48.5.tar.xz |  4 +-
 webkitgtk.spec                                | 66 +++++++++----------
 webkitgtk6_0.spec                             | 19 ++++--
 6 files changed, 74 insertions(+), 98 deletions(-)
 delete mode 100644 backport-CVE-2025-24201.patch
 create mode 100644 webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 rename webkitgtk-2.46.6.tar.xz => webkitgtk-2.48.5.tar.xz (32%)

diff --git a/backport-CVE-2025-24201.patch b/backport-CVE-2025-24201.patch
deleted file mode 100644
index cb69567..0000000
--- a/backport-CVE-2025-24201.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 7d784721e440d04932945e2decb933720c4e0fc7 Mon Sep 17 00:00:00 2001
-From: Kimmo Kinnunen <kkinnunen@apple.com>
-Date: Wed, 12 Mar 2025 01:42:08 -0700
-Subject: [PATCH] WebGL context primitive restart can be toggled from
- WebContent process https://bugs.webkit.org/show_bug.cgi?id=285858
- rdar://142693598
-
-Reviewed by Cameron McCormack.
-
-Primitive restart is enabled for WebGL2 and disabled for WebGL 1
-contexts by default. There is no use-case for toggling it from
-WCP. Do not pass enable/disable to ANGLE.
-
-* Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp:
-(WebCore::GraphicsContextGLANGLE::disable):
-(WebCore::GraphicsContextGLANGLE::enable):
-
-Originally-landed-as: b48791700366. rdar://146807693
-Canonical link: https://commits.webkit.org/292004@main
----
- .../graphics/angle/GraphicsContextGLANGLE.cpp        | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
-index 55f23b3eb337b..bbe382cf413d1 100644
---- a/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
-+++ b/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp
-@@ -1187,7 +1187,11 @@ void GraphicsContextGLANGLE::disable(GCGLenum cap)
- {
-     if (!makeContextCurrent())
-         return;
--
-+    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
-+        if (m_isForWebGL2)
-+            addError(GCGLErrorCode::InvalidOperation);
-+        return;
-+    }
-     GL_Disable(cap);
- }
- 
-@@ -1221,7 +1225,11 @@ void GraphicsContextGLANGLE::enable(GCGLenum cap)
- {
-     if (!makeContextCurrent())
-         return;
--
-+    if (cap == PRIMITIVE_RESTART_FIXED_INDEX) {
-+        if (!m_isForWebGL2)
-+            addError(GCGLErrorCode::InvalidOperation);
-+        return;
-+    }
-     GL_Enable(cap);
- }
- 
diff --git a/webkit2gtk4_1.spec b/webkit2gtk4_1.spec
index 213bc4e..c0d7b06 100644
--- a/webkit2gtk4_1.spec
+++ b/webkit2gtk4_1.spec
@@ -22,16 +22,16 @@
 %bcond_with gamepad
 
 Name:           webkit2gtk4.1
-Version:        2.46.6
-Release:        4
+Version:        2.48.5
+Release:        1
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
 Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 
 Patch1000:      webkitgtk-add-loongarch-and-sw.patch
-
-Patch6000:      backport-CVE-2025-24201.patch
+# clang 17 has bug on Wunsafe-buffer-usage, disable it for now
+Patch1001:      webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 
 #Dependency
 BuildRequires:  bison
@@ -39,6 +39,7 @@ BuildRequires:  bubblewrap
 BuildRequires:  clang
 BuildRequires:  cmake
 BuildRequires:  flex
+BuildRequires:  flite-devel >= 2.2
 BuildRequires:  gettext
 BuildRequires:  gi-docgen
 BuildRequires:  git
@@ -64,6 +65,7 @@ BuildRequires:  pkgconfig(cairo)
 BuildRequires:  pkgconfig(egl)
 BuildRequires:  pkgconfig(enchant-2)
 BuildRequires:  pkgconfig(epoxy)
+BuildRequires:  pkgconfig(expat)
 BuildRequires:  pkgconfig(fontconfig)
 BuildRequires:  pkgconfig(freetype2)
 BuildRequires:  pkgconfig(gbm)
@@ -100,7 +102,7 @@ BuildRequires:  pkgconfig(wayland-protocols)
 BuildRequires:  pkgconfig(wayland-server)
 BuildRequires:  pkgconfig(xt)
 
-Requires:       javascriptcoregtk4.1%{?_isa} = %{version}-%{release}
+Requires:       jsc4.1%{?_isa} = %{version}-%{release}
 Requires:       bubblewrap
 Requires:       libGLES
 Requires:       xdg-dbus-proxy
@@ -161,6 +163,10 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.1
 %autosetup -p1 -n webkitgtk-%{version}
 
 %build
+%ifarch aarch64
+%global optflags %(echo %{optflags} | sed 's/-mbranch-protection=standard /-mbranch-protection=pac-ret /')
+%endif
+
 %cmake \
   -GNinja \
   -DPORT=GTK \
@@ -264,6 +270,9 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.1
 %endif
 
 %changelog
+* Thu Aug 07 2025 Funda Wang <fundawang@yeah.net> - 2.48.5-1
+- update to 2.48.5
+
 * Mon Jul 21 2025 laokz <zhangkai@iscas.ac.cn> - 2.46.6-4
 - riscv64: Disable JIT due to build problem
 
diff --git a/webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch b/webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
new file mode 100644
index 0000000..b6c8895
--- /dev/null
+++ b/webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
@@ -0,0 +1,11 @@
+--- webkitgtk-2.48.1/Source/cmake/WebKitCompilerFlags.cmake.orig	2025-04-10 18:49:19.920205230 +0800
++++ webkitgtk-2.48.1/Source/cmake/WebKitCompilerFlags.cmake	2025-04-10 18:51:38.568732084 +0800
+@@ -99,7 +99,7 @@
+ function(WEBKIT_ADD_COMPILER_FLAGS _compiler _kind _subject)
+     foreach (_flag IN LISTS ARGN)
+         WEBKIT_CHECK_COMPILER_FLAGS(${_compiler} flag_supported "${_flag}")
+-        if (flag_supported)
++        if ((flag_supported) AND NOT ("${_flag}" MATCHES "-Wunsafe-buffer-usage"))
+             set_property(${_kind} ${_subject} APPEND PROPERTY COMPILE_OPTIONS "${_flag}")
+         endif ()
+     endforeach ()
diff --git a/webkitgtk-2.46.6.tar.xz b/webkitgtk-2.48.5.tar.xz
similarity index 32%
rename from webkitgtk-2.46.6.tar.xz
rename to webkitgtk-2.48.5.tar.xz
index e842c08..419c542 100644
--- a/webkitgtk-2.46.6.tar.xz
+++ b/webkitgtk-2.48.5.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:f2b31de693220ba9bab76ce6ddfe5b0bfab2515cb2b0a70f3c54d4050766c32b
-size 42914744
+oid sha256:bb64ed9d1cfd58e8b5e89ccad71dd31adfed56336bad7695031ad0b668e1987c
+size 44131936
diff --git a/webkitgtk.spec b/webkitgtk.spec
index 069976b..c89457c 100644
--- a/webkitgtk.spec
+++ b/webkitgtk.spec
@@ -22,16 +22,16 @@
 %bcond_with gamepad
 
 Name:           webkitgtk
-Version:        2.46.6
-Release:        4
+Version:        2.48.5
+Release:        1
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
 Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 
 Patch1000:      webkitgtk-add-loongarch-and-sw.patch
-
-Patch6000:      backport-CVE-2025-24201.patch
+# clang 17 has bug on Wunsafe-buffer-usage, disable it for now
+Patch1001:      webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 
 #Dependency
 BuildRequires:  bison
@@ -39,6 +39,7 @@ BuildRequires:  bubblewrap
 BuildRequires:  clang
 BuildRequires:  cmake
 BuildRequires:  flex
+BuildRequires:  flite-devel >= 2.2
 BuildRequires:  gettext
 BuildRequires:  gi-docgen
 BuildRequires:  git
@@ -64,6 +65,7 @@ BuildRequires:  pkgconfig(cairo)
 BuildRequires:  pkgconfig(egl)
 BuildRequires:  pkgconfig(enchant-2)
 BuildRequires:  pkgconfig(epoxy)
+BuildRequires:  pkgconfig(expat)
 BuildRequires:  pkgconfig(fontconfig)
 BuildRequires:  pkgconfig(freetype2)
 BuildRequires:  pkgconfig(gbm)
@@ -104,9 +106,9 @@ BuildRequires:  pkgconfig(xt)
 WebKitGTK is the port of the WebKit web rendering engine to the
 GTK platform.
 
-%package -n     webkit2gtk3
+%package -n     webkit2gtk4.0
 Summary:        GTK web content engine library
-Requires:       javascriptcoregtk4.0%{?_isa} = %{version}-%{release}
+Requires:       jsc4.0%{?_isa} = %{version}-%{release}
 Requires:       bubblewrap
 Requires:       libGLES
 Requires:       xdg-dbus-proxy
@@ -120,32 +122,29 @@ Provides:       bundled(skia)
 Provides:       bundled(xdgmime)
 Obsoletes:      webkitgtk4 < %{version}-%{release}
 Provides:       webkitgtk4 = %{version}-%{release}
-Obsoletes:      webkit2gtk4.0 < %{version}-%{release}
-Provides:       webkit2gtk4.0 = %{version}-%{release}
-Provides:       webkit2gtk4.0%{?_isa} = %{version}-%{release}
+Obsoletes:      webkit2gtk3 < %{version}-%{release}
 Provides:       webkit2gtk3 = %{version}-%{release}
 Provides:       webkit2gtk3%{?_isa} = %{version}-%{release}
 
-%description -n webkit2gtk3
+%description -n webkit2gtk4.0
 WebKitGTK is the port of the WebKit web rendering engine to the
 GTK platform. This package contains WebKitGTK for GTK 3 and libsoup 2.
 
-%package -n     webkit2gtk3-devel
+%package -n     webkit2gtk4.0-devel
 Summary:        Development files for webkit2gtk4.0
 Requires:       webkit2gtk4.0%{?_isa} = %{version}-%{release}
-Requires:       javascriptcoregtk4.0%{?_isa} = %{version}-%{release}
-Requires:       javascriptcoregtk4.0-devel%{?_isa} = %{version}-%{release}
+Requires:       jsc4.0-devel%{?_isa} = %{version}-%{release}
 Obsoletes:      webkitgtk4-devel < %{version}-%{release}
 Provides:       webkitgtk4-devel = %{version}-%{release}
 Obsoletes:      webkit2gtk3-devel < %{version}-%{release}
 Provides:       webkit2gtk3-devel = %{version}-%{release}
 
-%description -n webkit2gtk3-devel
-The webkit2gtk3-devel package contains libraries, build data, and header
+%description -n webkit2gtk4.0-devel
+The webkit2gtk4.0-devel package contains libraries, build data, and header
 files for developing applications that use webkit2gtk4.0.
 
 %if %{with docs}
-%package -n     webkit2gtk3-help
+%package -n     webkit2gtk4.0-help
 Summary:        Documentation files for webkit2gtk4.0
 BuildArch:      noarch
 Requires:       webkit2gtk4.0 = %{version}-%{release}
@@ -158,25 +157,22 @@ Provides:       webkit2gtk3-doc = %{version}-%{release}
 Obsoletes:      webkit2gtk3-help < %{version}-%{release}
 Provides:       webkit2gtk3-help = %{version}-%{release}
 
-%description -n webkit2gtk3-help
+%description -n webkit2gtk4.0-help
 This package contains developer documentation for webkit2gtk4.0.
 %endif
 
-%package -n     webkit2gtk3-jsc
+%package -n     jsc4.0
 Summary:        JavaScript engine from webkit2gtk4.0
 Provides:       javascriptcoregtk4.0%{?_isa} = %{version}-%{release}
 Obsoletes:      webkitgtk4-jsc < %{version}-%{release}
 Provides:       webkitgtk4-jsc = %{version}-%{release}
 Obsoletes:      webkit2gtk3-jsc < %{version}-%{release}
 Provides:       webkit2gtk3-jsc = %{version}-%{release}
-Obsoletes:      jsc4.0 < %{version}-%{release}
-Provides:       jsc4.0 = %{version}-%{release}
-Provides:       jsc4.0%{?_isa} = %{version}-%{release}
 
-%description -n webkit2gtk3-jsc
+%description -n jsc4.0
 This package contains JavaScript engine from webkit2gtk4.0.
 
-%package -n     webkit2gtk3-jsc-devel
+%package -n     jsc4.0-devel
 Summary:        Development files for JavaScript engine from webkit2gtk4.0
 Provides:       javascriptcoregtk4.0-devel%{?_isa} = %{version}-%{release}
 Requires:       javascriptcoregtk4.0%{?_isa} = %{version}-%{release}
@@ -184,18 +180,19 @@ Obsoletes:      webkitgtk4-jsc-devel < %{version}-%{release}
 Provides:       webkitgtk4-jsc-devel = %{version}-%{release}
 Obsoletes:      webkit2gtk3-jsc-devel < %{version}-%{release}
 Provides:       webkit2gtk3-jsc-devel = %{version}-%{release}
-Obsoletes:      jsc4.0-devel < %{version}-%{release}
-Provides:       jsc4.0-devel = %{version}-%{release}
-Provides:       jsc4.0-devel%{?_isa} = %{version}-%{release}
 
-%description -n webkit2gtk3-jsc-devel
-The webkit2gtk3-jsc-devel package contains libraries, build data, and header
+%description -n jsc4.0-devel
+The jsc4.0-devel package contains libraries, build data, and header
 files for developing applications that use JavaScript engine from webkit2gtk-4.0.
 
 %prep
 %autosetup -p1 -n webkitgtk-%{version}
 
 %build
+%ifarch aarch64
+%global optflags %(echo %{optflags} | sed 's/-mbranch-protection=standard /-mbranch-protection=pac-ret /')
+%endif
+
 %cmake \
   -GNinja \
   -DPORT=GTK \
@@ -244,7 +241,7 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %add_to_license_files Source/WTF/wtf/dtoa/COPYING
 %add_to_license_files Source/WTF/wtf/dtoa/LICENSE
 
-%files -n webkit2gtk3 -f WebKitGTK-4.0.lang
+%files -n webkit2gtk4.0 -f WebKitGTK-4.0.lang
 %license _license_files/*ThirdParty*
 %license _license_files/*WebCore*
 %license _license_files/*WebInspectorUI*
@@ -258,7 +255,7 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %exclude %{_libexecdir}/webkit2gtk-4.0/MiniBrowser
 %exclude %{_libexecdir}/webkit2gtk-4.0/jsc
 
-%files -n webkit2gtk3-devel
+%files -n webkit2gtk4.0-devel
 %{_libexecdir}/webkit2gtk-4.0/MiniBrowser
 %{_includedir}/webkitgtk-4.0/
 %exclude %{_includedir}/webkitgtk-4.0/JavaScriptCore
@@ -270,13 +267,13 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %{_datadir}/gir-1.0/WebKit2-4.0.gir
 %{_datadir}/gir-1.0/WebKit2WebExtension-4.0.gir
 
-%files -n webkit2gtk3-jsc
+%files -n jsc4.0
 %license _license_files/*JavaScriptCore*
 %{_libdir}/libjavascriptcoregtk-4.0.so.18*
 %dir %{_libdir}/girepository-1.0
 %{_libdir}/girepository-1.0/JavaScriptCore-4.0.typelib
 
-%files -n webkit2gtk3-jsc-devel
+%files -n jsc4.0-devel
 %{_libexecdir}/webkit2gtk-4.0/jsc
 %dir %{_includedir}/webkitgtk-4.0
 %{_includedir}/webkitgtk-4.0/JavaScriptCore/
@@ -287,7 +284,7 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir
 
 %if %{with docs}
-%files -n webkit2gtk3-help
+%files -n webkit2gtk4.0-help
 %dir %{_datadir}/doc
 %{_datadir}/doc/javascriptcoregtk-4.0/
 %{_datadir}/doc/webkit2gtk-4.0/
@@ -295,6 +292,9 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %endif
 
 %changelog
+* Thu Aug 07 2025 Funda Wang <fundawang@yeah.net> - 2.48.5-1
+- update to 2.48.5
+
 * Mon Jul 21 2025 laokz <zhangkai@iscas.ac.cn> - 2.46.6-4
 - riscv64: Disable JIT due to build problem
 
diff --git a/webkitgtk6_0.spec b/webkitgtk6_0.spec
index f5bf088..f01f103 100644
--- a/webkitgtk6_0.spec
+++ b/webkitgtk6_0.spec
@@ -22,16 +22,16 @@
 %bcond_with gamepad
 
 Name:           webkitgtk6.0
-Version:        2.46.6
-Release:        4
+Version:        2.48.5
+Release:        1
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
 Source0:        https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz
 
 Patch1000:      webkitgtk-add-loongarch-and-sw.patch
-
-Patch6000:      backport-CVE-2025-24201.patch
+# clang 17 has bug on Wunsafe-buffer-usage, disable it for now
+Patch1001:      webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 
 #Dependency
 BuildRequires:  bison
@@ -39,6 +39,7 @@ BuildRequires:  bubblewrap
 BuildRequires:  clang
 BuildRequires:  cmake
 BuildRequires:  flex
+BuildRequires:  flite-devel >= 2.2
 BuildRequires:  gettext
 BuildRequires:  gi-docgen
 BuildRequires:  git
@@ -64,6 +65,7 @@ BuildRequires:  pkgconfig(cairo)
 BuildRequires:  pkgconfig(egl)
 BuildRequires:  pkgconfig(enchant-2)
 BuildRequires:  pkgconfig(epoxy)
+BuildRequires:  pkgconfig(expat)
 BuildRequires:  pkgconfig(fontconfig)
 BuildRequires:  pkgconfig(freetype2)
 BuildRequires:  pkgconfig(gbm)
@@ -100,7 +102,7 @@ BuildRequires:  pkgconfig(wayland-protocols)
 BuildRequires:  pkgconfig(wayland-server)
 BuildRequires:  pkgconfig(xt)
 
-Requires:       javascriptcoregtk6.0%{?_isa} = %{version}-%{release}
+Requires:       jsc6.0%{?_isa} = %{version}-%{release}
 Requires:       bubblewrap
 Requires:       libGLES
 Requires:       xdg-dbus-proxy
@@ -165,6 +167,10 @@ files for developing applications that use JavaScript engine from webkitgtk-6.0.
 %autosetup -p1 -n webkitgtk-%{version}
 
 %build
+%ifarch aarch64
+%global optflags %(echo %{optflags} | sed 's/-mbranch-protection=standard /-mbranch-protection=pac-ret /')
+%endif
+
 %cmake \
   -GNinja \
   -DPORT=GTK \
@@ -262,6 +268,9 @@ files for developing applications that use JavaScript engine from webkitgtk-6.0.
 %endif
 
 %changelog
+* Thu Aug 07 2025 Funda Wang <fundawang@yeah.net> - 2.48.5-1
+- update to 2.48.5
+
 * Mon Jul 21 2025 laokz <zhangkai@iscas.ac.cn> - 2.46.6-4
 - riscv64: Disable JIT due to build problem
 
-- 
Gitee