Accepting request 1221351 from GNOME:Factory

OBS-URL: https://build.opensuse.org/request/show/1221351
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/webkit2gtk3?expand=0&rev=205

bug281492.patch

@@ -1,94 +0,0 @@
-From 984e2a6b7a92b8c144f2b4463f5904e449cb3cc1 Mon Sep 17 00:00:00 2001
-From: Georges Basile Stavracas Neto <feaneron@igalia.com>
-Date: Tue, 15 Oct 2024 11:44:23 -0300
-Subject: [PATCH] AX: [GTK]: Fix crash in
- AccessibilityObjectAtspi::textAttributes
- https://bugs.webkit.org/show_bug.cgi?id=281492
-
-Reviewed by NOBODY (OOPS!).
-
-In the AccessibilityObjectAtspi::textAttributes() method, the
-accessibilityTextAttributes() function is called for various AXObjects.
-These objects are retrived by querying the AXObjectCache of the
-document.
-
-However, the cache can legitimately return nullptr when the AXObject is
-not cached. The AccessibilityObjectAtspi::textAttributes() method did
-not check for nullptr, and the accessibilityTextAttributes() function
-is not nullptr safe.
-
-This crashes.
-
-Make AccessibilityObjectAtspi::textAttributes() check if the AXObject
-is a nullptr before passing it down to accessibilityTextAttributes().
-
-* Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp:
-(WebCore::AccessibilityObjectAtspi::textAttributes const):
----
- .../atspi/AccessibilityObjectTextAtspi.cpp    | 21 ++++++++++++++++---
- 1 file changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp b/Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp
-index 50b4f58be2f3..a49bfd939716 100644
---- a/Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp
-+++ b/Source/WebCore/accessibility/atspi/AccessibilityObjectTextAtspi.cpp
-@@ -38,6 +38,7 @@
- #include "TextIterator.h"
- #include "VisibleUnits.h"
- #include <gio/gio.h>
-+#include <wtf/Assertions.h>
- #include <wtf/unicode/CharacterNames.h>
- 
- namespace WebCore {
-@@ -763,6 +764,9 @@ AccessibilityObjectAtspi::TextAttributes AccessibilityObjectAtspi::textAttribute
- 
-     auto accessibilityTextAttributes = [this](AXCoreObject* axObject, const HashMap<String, String>& defaultAttributes) -> HashMap<String, String> {
-         HashMap<String, String> attributes;
-+
-+        RELEASE_ASSERT(axObject);
-+
-         auto& style = axObject->renderer()->style();
- 
-         auto addAttributeIfNeeded = [&](const String& name, const String& value) {
-@@ -838,8 +842,11 @@ AccessibilityObjectAtspi::TextAttributes AccessibilityObjectAtspi::textAttribute
-         return { WTFMove(defaultAttributes), -1, -1 };
- 
-     if (!*utf16Offset && m_hasListMarkerAtStart) {
-+        auto axObject = m_coreObject->children()[0].get();
-+        RELEASE_ASSERT(axObject);
-+
-         // Always consider list marker an independent run.
--        auto attributes = accessibilityTextAttributes(m_coreObject->children()[0].get(), defaultAttributes);
-+        auto attributes = accessibilityTextAttributes(axObject, defaultAttributes);
-         if (!includeDefault)
-             return { WTFMove(attributes), 0, 1 };
- 
-@@ -871,7 +878,11 @@ AccessibilityObjectAtspi::TextAttributes AccessibilityObjectAtspi::textAttribute
-         if (r->firstChildSlow())
-             continue;
- 
--        auto childAttributes = accessibilityTextAttributes(r->document().axObjectCache()->get(r), defaultAttributes);
-+        auto axObject = r->document().axObjectCache()->get(r);
-+        if (!axObject)
-+            continue;
-+
-+        auto childAttributes = accessibilityTextAttributes(axObject, defaultAttributes);
-         if (childAttributes != attributes)
-             break;
- 
-@@ -885,7 +896,11 @@ AccessibilityObjectAtspi::TextAttributes AccessibilityObjectAtspi::textAttribute
-         if (r->firstChildSlow())
-             continue;
- 
--        auto childAttributes = accessibilityTextAttributes(r->document().axObjectCache()->get(r), defaultAttributes);
-+        auto axObject = r->document().axObjectCache()->get(r);
-+        if (!axObject)
-+            continue;
-+
-+        auto childAttributes = accessibilityTextAttributes(axObject, defaultAttributes);
-         if (childAttributes != attributes)
-             break;
- 
--- 
-2.46.1
-

webkit2gtk3.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Nov  4 16:08:38 UTC 2024 - Michael Gorse <mgorse@suse.com>
+
+- Update to version 2.46.3 (boo#1232747):
+  + Flatten layers to a plane when preseve-3d style is set.
+  + Fix DuckDuckGo links by adding a user agent quirk.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2044-44244, CVE-2024-44296.
+- Drop bug281492.patch: fixed upstream.
+
 -------------------------------------------------------------------
 Mon Oct 21 15:09:18 UTC 2024 - Michael Gorse <mgorse@suse.com>
 
@@ -50,7 +60,7 @@ Tue Sep 17 19:04:26 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
     acceleration (enabled by default).
   + Undeprecate console messages API and make it available in 6.0
     API.
-  + Security fixes: CVE-2024-40866, CVE-2024-44187.
+  + Security fixes: CVE-2024-40866, CVE-2024-44187, CVE-2044-44185.
 
 -------------------------------------------------------------------
 Wed Sep 11 16:53:03 UTC 2024 - Michael Gorse <mgorse@suse.com>

webkit2gtk3.spec

@@ -79,7 +79,7 @@ ExclusiveArch:  do-not-build
 %endif
 
 Name:           webkit2%{_gtknamesuffix}
-Version:        2.46.2
+Version:        2.46.3
 Release:        0
 Summary:        Library for rendering web content, GTK+ Port
 License:        BSD-3-Clause AND LGPL-2.0-or-later
@@ -92,8 +92,6 @@ Source99:       webkit2gtk3.keyring
 
 # PATCH-FEATURE-OPENSUSE reproducibility.patch -- Make build reproducible
 Patch0:         reproducibility.patch
-# PATCH-FIX-UPSTREAM bug281492.patch mgorse@suse.com -- fix crash in AccessibilityObjectAtspi::textAttributes.
-Patch1:         bug281492.patch
 
 BuildRequires:  Mesa-libEGL-devel
 BuildRequires:  Mesa-libGL-devel

webkitgtk-2.46.2.tar.xz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5aae1c5c0a30d5e9c5831652b6f1bdefc31d75e0ad81cb40185b0aed92ce79b6
-size 42803728

webkitgtk-2.46.2.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmcWILAACgkQbBAJtpOX
-U5PrLhAAj7+VKmBfCV9pHsnla1zxC5O6pkgKhT1N0p/MMY7aKCLRpmGMrc2XEhny
-i/M5+O9ZIQkzImJ0vgLF3nSFsESPj2t3wljnapEwQtZKw/9KxM3O+A3RA19tKRfj
-t+16ot/QijHT2k9EcGkdfFeq5SWfTAtwH13Q9LxRH0hmohC7d3s8OVpiVUptVXii
-R15GsuOj7EmR+QGzVRfbdpBEXGqglEJHJ5qzMFIoCqFbIAilXr6C0NbzED2pbNd2
-CO8e4Q4FpxPbN2Y9W4P77uoyonc3tJbAUVPKJOcIicAH4ex/e0J8OwLpvRLY7xRp
-UJczw/PfZ0KWO6rf55h4q0Q7wLCt+wsxdtkP+hinxELKc4eyo/xxsvFMDXA0VBzE
-c353GC3pg8C0LRXXHXuVxGlRDyjq0RXT3IWMrDyv9SCS9GO0t2FfChc9MCtKrvQE
-mfS2tzFjfhVamSphl8oj6Nge3W6qHnq9nC3+HbjQBMgHhusIiYEdKPmbNz/beweX
-xmJReJdX+xmCC3FsWMx2aAjy8NbWZ638ee2Xv0h0Uq9Z7w96WRIqUNb4fvtGk+xe
-OInQTFp8/d9N54C09AdEQuK3LMnObpuS/VFdIJgMA6ombdmgWYHomLW9AGjpHUpw
-8vI5KTGf5uaMVmPmu+LTeoF3NGP7hPldMLS50A9zj+C2DijjT1s=
-=jVoY
------END PGP SIGNATURE-----

webkitgtk-2.46.3.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmciLBQACgkQbBAJtpOX
+U5MFsBAAqwUuPEkirbQXxESAu8nJKUG3RVa4y3c1NaTRETW19cy/32KeiBlxbWW5
+UKF2gKlu5B+mJn9f0hebYBUkqr6HdWO1JnBz3XNXZ7dNObTWlN9g4T6tlqsxAdsk
+B04ddWFQKYQJ4pMLjlxVFkFXQ0vh9UywBwUyGXrqg9yo2OcSGpsqdujyZfdlWrHc
+0kDLow9SYM5XhkzFoQxKlYsVg1vhzpTxDuv39JqVTGHlX8pEplpCsrMwpVQ+89aP
+zv64u/xnPAEsN4wGeB0QyH6H0llukTmrgWUfoRqeDLHMGAeuHe1yONGyK5fWA1u+
+ABTsjVnh5nOQxUZaNc3dpMdUcrp+kVhjKDwMOhKNbfVoLWxchmU5VvrCoytRAX8i
+4js2xOgnMk26cNB4dZsMg9cYH4Zr+nkfkjGljGXRSvexF8iBUc2Dv0scrtDh3ArI
+aWk4eMyO5nRPIFWE6j5d+sAm1TF1hGMW33beYOTy5Iqm2l2inRoaxGdAz2ZFjF5S
+xcjG7tT3+pG8WXPhJ0Tl41mPJKg79tY3F0uzSedtJ+J3q4uRKORFOdChtDbqHHT7
+mI0jT6rrGckXlncufvg19RiCnmP8vmZEyeuTZja6vBsV3pA7Uc/IWcWEXi9ip/om
+grjX+68/ypghS571sFxrjQaNdqrO0fwMrJBZxhgelJKnykvoj2Y=
+=wug0
+-----END PGP SIGNATURE-----