Update to 2.50.4

webkit2gtk3-a11y-fix-role-mapping.patch

@@ -0,0 +1,89 @@
+From 802faad87e283f257ab5ac22cd55bd5eaa0e610c Mon Sep 17 00:00:00 2001
+From: Mike Gorse <mgorse@suse.com>
+Date: Fri, 12 Dec 2025 19:15:51 -0600
+Subject: [PATCH] AX: Adjust Atspi::Role to match the enum defined in
+ at-spi2-core https://bugs.webkit.org/show_bug.cgi?id=300090
+
+Reviewed by NOBODY (OOPS!).
+
+R296017 removed the Footer member from Atspi::Role and also added
+SectionHeader and SectionFooter, which do not currently exist in AT-SPI,
+leading to the wrong Role values being reported. This commit adjusts the
+enum to correspond with the current AT-SPI specification and also adds a
+couple of newer AT-SPI roles.
+
+* Source/WebCore/accessibility/atspi/AccessibilityAtspiEnums.h:
+* Source/WebCore/accessibility/atspi/AccessibilityObjectAtspi.cpp:
+(WebCore::atspiRole):
+---
+ .../accessibility/atspi/AccessibilityAtspiEnums.h  | 14 ++++++++++++--
+ .../atspi/AccessibilityObjectAtspi.cpp             |  4 ++--
+ 2 files changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/Source/WebCore/accessibility/atspi/AccessibilityAtspiEnums.h b/Source/WebCore/accessibility/atspi/AccessibilityAtspiEnums.h
+index f62d8f97836d..65e624bfe17a 100644
+--- a/Source/WebCore/accessibility/atspi/AccessibilityAtspiEnums.h
++++ b/Source/WebCore/accessibility/atspi/AccessibilityAtspiEnums.h
+@@ -23,6 +23,11 @@
+ namespace WebCore {
+ namespace Atspi {
+ 
++// These enum values are passed over DBus as integers and must correspond
++// to the definitions in at-spi2-core
++// (https://gitlab.gnome.org/GNOME/at-spi2-core). Do not modify them without
++// a corresponding change in at-spi2-core.
++
+ enum class Role {
+     InvalidRole,
+     AcceleratorLabel,
+@@ -96,6 +101,7 @@ enum class Role {
+     Window,
+     Extended,
+     Header,
++    Footer,
+     Paragraph,
+     Ruler,
+     Application,
+@@ -139,8 +145,6 @@ enum class Role {
+     Math,
+     Rating,
+     Timer,
+-    SectionFooter,
+-    SectionHeader,
+     Static,
+     MathFraction,
+     MathRoot,
+@@ -154,8 +158,14 @@ enum class Role {
+     ContentInsertion,
+     Mark,
+     Suggestion,
++    PushButtonMenu,
++    Switch,
+ };
+ 
++static_assert((int)Atspi::Role::Paragraph == 73);
++static_assert((int)Atspi::Role::Section == 85);
++static_assert((int)Atspi::Role::Switch == 130);
++
+ enum class State : uint64_t {
+     InvalidState            = 1LLU << 0,
+     Active                  = 1LLU << 1,
+diff --git a/Source/WebCore/accessibility/atspi/AccessibilityObjectAtspi.cpp b/Source/WebCore/accessibility/atspi/AccessibilityObjectAtspi.cpp
+index 34e3ac0e2cff..005bc9aa8f3b 100644
+--- a/Source/WebCore/accessibility/atspi/AccessibilityObjectAtspi.cpp
++++ b/Source/WebCore/accessibility/atspi/AccessibilityObjectAtspi.cpp
+@@ -323,9 +323,9 @@ static Atspi::Role atspiRole(AccessibilityRole role)
+     case AccessibilityRole::LandmarkSearch:
+         return Atspi::Role::Landmark;
+     case AccessibilityRole::SectionFooter:
+-        return Atspi::Role::SectionFooter;
++        return Atspi::Role::Footer;
+     case AccessibilityRole::SectionHeader:
+-        return Atspi::Role::SectionHeader;
++        return Atspi::Role::Header;
+     case AccessibilityRole::DescriptionList:
+         return Atspi::Role::DescriptionList;
+     case AccessibilityRole::Term:
+-- 
+2.52.0
+

webkit2gtk3.changes

@@ -1,3 +1,142 @@
+-------------------------------------------------------------------
+Wed Dec 17 15:35:08 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Update to version 2.50.4 (bsc#1255183 bsc#1255191 bsc#1255194
+  bsc#1255195 bsc#1255198 bsc#1255200):
+  + Correctly handle the program name passed to the sleep disabler.
+  + Ensure GStreamer is initialized before using the Quirks.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2025-14174, CVE-2025-43501, CVE-2025-43529,
+    CVE-2025-43531, CVE-2025-43535, CVE-2025-43536, CVE-2025-43541.
+- Add webkit2gtk3-a11y-fix-role-mapping.patch: fix a11y regression
+  where AT-SPI roles were mapped incorrectly.
+
+-------------------------------------------------------------------
+Thu Dec  4 21:41:39 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Update to version 2.50.3 (bsc#1254473 bsc#1254498 bsc#1254509):
+  + Fix seeking and looping of media elements that set the "loop"
+    property.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2025-13947, CVE-2025-43421, CVE-2025-43458,
+    CVE-2025-66287.
+- Drop webkit2gtk3-undefined-symbol.patch: fixed upstream.
+- Use %limit_build. Also define %dwz_low_mem_die_limit and
+  %dwz_max_die_limit, similar to what we have in wpewebkit.
+  This should simplify the logic for limiting jobs and will
+  hopefully help with intermittent build failures.
+
+-------------------------------------------------------------------
+Mon Nov 24 21:34:29 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Add webkit2gtk3-undefined-symbol.patch: fix a build failure.
+
+-------------------------------------------------------------------
+Thu Nov 20 14:37:12 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 2.50.2 (bsc#1254165 bsc#1254166 bsc#1254167
+  bsc#1254168 bsc#1254169 bsc#1254170 bsc#1254171 bsc#1254172
+  bsc#1254174 bsc#1254176 bsc#1254177 bsc#1254179 bsc#1254208):
+  + Prevent unsafe URI schemes from participating in media
+    playback.
+  + Make jsc_value_array_buffer_get_data() function introspectable.
+  + Fix logging in to Google accounts that have a WebAuthn second
+    factor configured.
+  + Fix loading webkit://gpu when there are no threads configured
+    for GPU rendering.
+  + Fix rendering gradiants that use the CSS hue interpolation
+    method.
+  + Fix pasting image data from the clipboard.
+  + Fix font-family selection when the font name contains spaces.
+  + Fix the build with standard C libraries that lack execinfo.h,
+    like Musl or uClibc.
+  + Fix capturing canvas snapshots in the Web Inspector.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2025-43392, CVE-2025-43425, CVE-2025-43427,
+    CVE-2025-43429, CVE-2025-43430, CVE-2025-43431, CVE-2025-43432,
+    CVE-2025-43434, CVE-2025-43440, CVE-2025-43443, CVE-2025-13502.
+
+-------------------------------------------------------------------
+Fri Oct 10 17:46:18 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 2.50.1 (boo#1251975):
+  + Improve text rendering performance.
+  + Fix audio playback broken on instagram.
+  + Fix rendering of layers with fractional transforms.
+  + Fix the build with ENABLE(VIDEO) disabled.
+  + Fix the build in s390x.
+  + Fix several crashes and rendering issues.
+  + Security fixes: CVE-2025-43343.
+- Drop webkit2gtk3-i586-build-fix.patch: Merged upstream.
+- Also pass ggc-min-expand=30 on s390x. Memory has been an issue
+  there, at least on SLE.
+
+-------------------------------------------------------------------
+Mon Sep 22 23:42:51 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Also pass ggc-min-expand=30 and disable LTO on arm.
+- Update webkit2gtk3-i586-build-fix.patch to correspond to what was
+  committed to the upstream branch.
+
+-------------------------------------------------------------------
+Sun Sep 21 14:47:41 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Remove _constraints override for armv6l and armv7l. They were
+  less restrictive than the default and look to be unneeded now.
+
+-------------------------------------------------------------------
+Thu Sep 18 13:31:49 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Add webkit2gtk3-i586-build-fix.patch: fix the build on i586.
+- Force the garbage collector to run more often when compiling on
+  i586. Needed to avoid running out of memory.
+
+-------------------------------------------------------------------
+Wed Sep 17 11:38:26 UTC 2025 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 2.50.0 (boo#1250439 boo#1250440 boo#1250441
+  boo#1250442):
+  + Improved rendering performance by recording each layer once and
+    replaying every dirty region in different worker threads.
+  + Enable damage propagation to the UI process by default.
+  + CSS property font-variant-emoji is now enabled by default.
+  + Font synthesis properties (bold/italic) are now properly
+    handled.
+  + Ensure web view is focused on tap gesture.
+  + Added new API to get the theme color of a WebKitWebView.
++ Security fixes: CVE-2025-43272, CVE-2025-43342, CVE-2025-43356,
+  CVE-2025-43368, CVE-2025-43419.
+
+-------------------------------------------------------------------
+Mon Sep  8 21:28:20 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Disable skia on ppc64le for now. It currently makes the build
+  fail.
+
+-------------------------------------------------------------------
+Mon Sep  8 12:13:23 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Update to version 2.49.90:
+  + Add support for font collection / fragment identifiers.
+  + Fix web process deadlock on exit.
+  + Fix stuttering when playing WebP animations
+  + Fix CSS animations with cubic-bezier timing function.
+  + Do not start the MemoryPressureMonitor if it’s disabled
+  + Fix several crashes and rendering issues.
+  + Updated translations.
+
+-------------------------------------------------------------------
+Thu Sep  4 17:40:37 UTC 2025 - Michael Gorse <mgorse@suse.com>
+
+- Update to version 2.48.6:
+  + Fix emojis incorrectly rendered in their text variant.
+  + Add support for font collection / fragment identifiers.
+  + Fix web process deadlock on exit.
+  + Fix stuttering when playing WebP animations.
+  + Fix CSS animations with cubic-bezier timing function.
+  + Do not start the MemoryPressureMonitor if it's disabled.
+  + Fix several crashes and rendering issues.
+
 -------------------------------------------------------------------
 Tue Aug  5 00:25:23 UTC 2025 - Michael Gorse <mgorse@suse.com>
 
@@ -250,7 +389,7 @@ Tue Sep 17 19:04:26 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
   + Undeprecate console messages API and make it available in 6.0
     API.
   + Security fixes: CVE-2024-40866, CVE-2024-44187, CVE-2024-44185,
-    CVE-2024-54534, CVE-2024-27856.
+    CVE-2024-54534, CVE-2024-27856, CVE-2025-43480.
 
 -------------------------------------------------------------------
 Wed Sep 11 16:53:03 UTC 2024 - Michael Gorse <mgorse@suse.com>
@@ -601,7 +740,7 @@ Fri Sep 15 19:04:16 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>
   + GBM is no longer required for WebGL implementation.
   + Security fixes: CVE-2023-39928, CVE-2023-41074, CVE-2023-32359,
     CVE-2023-42890, CVE-2014-1745, CVE-2024-23226, CVE-2023-42875,
-    CVE-2023-42970.
+    CVE-2023-42970, CVE-2023-43000.
 
 -------------------------------------------------------------------
 Mon Sep 11 15:02:19 UTC 2023 - Bjørn Lie <bjorn.lie@gmail.com>

webkit2gtk3.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package webkit2gtk3
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -71,12 +71,12 @@ ExclusiveArch:  do-not-build
 %endif
 
 # Disable LTO on select targets
-%ifarch %{ix86} ppc64le
+%ifarch %{ix86} ppc64le %arm
 %global _lto_cflags %{nil}
 %endif
 
 Name:           webkit2%{_gtknamesuffix}
-Version:        2.48.5
+Version:        2.50.4
 Release:        0
 Summary:        Library for rendering web content, GTK+ Port
 License:        BSD-3-Clause AND LGPL-2.0-or-later
@@ -88,6 +88,8 @@ Source99:       webkit2gtk3.keyring
 
 # PATCH-FEATURE-OPENSUSE reproducibility.patch -- Make build reproducible
 Patch0:         reproducibility.patch
+# PATCH-FIX-UPSTREAM webkit2gtk3-a11y-fix-role-mapping.patch webkit#300090 mgorse@suse.com -- fix a11y regression where AT-SPI roles were mapped incorrectly.
+Patch1:         webkit2gtk3-a11y-fix-role-mapping.patch
 
 BuildRequires:  Mesa-libEGL-devel
 BuildRequires:  Mesa-libGL-devel
@@ -107,6 +109,7 @@ BuildRequires:  gobject-introspection-devel
 BuildRequires:  gperf >= 3.0.1
 BuildRequires:  hyphen-devel
 BuildRequires:  libjpeg-devel
+BuildRequires:  memory-constraints
 BuildRequires:  ninja
 BuildRequires:  openjpeg2
 BuildRequires:  openjpeg2-devel
@@ -116,7 +119,7 @@ BuildRequires:  python3
 BuildRequires:  ruby >= 2.5
 BuildRequires:  unifdef
 BuildRequires:  xdg-dbus-proxy
-BuildRequires:  pkgconfig(atspi-2) >= 2.5.3
+BuildRequires:  pkgconfig(atspi-2) >= 2.5.4
 BuildRequires:  pkgconfig(cairo) >= 1.16.0
 BuildRequires:  pkgconfig(epoxy)
 BuildRequires:  pkgconfig(fontconfig) >= 2.13.0
@@ -444,28 +447,17 @@ sed -i 's|/gst-plugin-scanner|/gst-plugin-scanner-%{_target_cpu}|' ./Source/WebK
 
 %build
 # Here we must muzzle our dog so it doesn't eat all the memory
-%if 0%{?suse_version} >= 1600
-max_link_jobs="${RPM_BUILD_NCPUS:-1}"
-max_compile_jobs="${RPM_BUILD_NCPUS:-4}"
-%else
-max_link_jobs="%{?jobs}%{!?jobs:1}"
-max_compile_jobs="%{?jobs}%{!?jobs:4}"
-%endif
-echo "Available memory:"
-cat /proc/meminfo
-echo "System limits:"
-ulimit -a
-if test -n "$max_link_jobs" -a "$max_link_jobs" -gt 1 ; then
-        mem_per_process=2000000
-    max_mem=$(awk '/MemTotal/ { print $2 }' /proc/meminfo)
-    max_jobs="$(($max_mem / $mem_per_process))"
-    test "$max_link_jobs" -gt "$max_jobs" && max_link_jobs="$max_jobs" && echo "Warning: Reducing number of link jobs to $max_jobs because of memory limits"
-    test "$max_link_jobs" -le 0 && max_link_jobs=1 && echo "Warning: Not linking in parallel at all becuse of memory limits"
-fi
+%define _dwz_low_mem_die_limit 40000000
+%define _dwz_max_die_limit 250000000
+%limit_build -m 2500
 
 export PYTHON=%{_bindir}/python3
 # Use linker flags to reduce memory consumption
 %global optflags %(echo %{optflags} -Wl,--no-keep-memory -Wl,--reduce-memory-overheads | sed 's/-g /-g1 /')
+%ifarch i586 %arm s390x
+# Force the garbage collector to run more often, to reduce memory consumption
+%global optflags %{optflags} --param ggc-min-expand=30
+%endif
 %cmake \
   -GNinja \
   -DCMAKE_BUILD_TYPE=Release \
@@ -487,6 +479,9 @@ export PYTHON=%{_bindir}/python3
   -DCMAKE_MODULE_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
   -DCMAKE_SHARED_LINKER_FLAGS="-Wl,--as-needed -Wl,-z,now -pthread" \
   -DPYTHON_EXECUTABLE=%{_bindir}/python3 \
+%ifarch ppc64le
+  -DUSE_SKIA=OFF \
+%endif
 %if %{_usesoup2}
   -DUSE_SOUP2=ON \
 %endif
@@ -498,7 +493,7 @@ export PYTHON=%{_bindir}/python3
   -DUSE_FLITE=OFF \
   -DUSE_SPIEL=ON
 
-%ninja_build -j $max_link_jobs
+%ninja_build
 
 %install
 %ninja_install -C build

webkitgtk-2.48.5.tar.xz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmiMe7UACgkQbBAJtpOX
-U5MrwA//TJ0W7S9Nbs2p4OIs6lQv+ntLrTVZAKFu+AUYJ/r3sUp9awGGivS37ZC8
-gh33JDqzt9pm1sVXGNTB8NmEcRUu9QfsEsJUUEnk7n6dLmQr8Cb7aXK8b4ma8Mgo
-zLpuU5rHPtZ5Cx7Y3wXw0mNBf2ZcvHrFfVhDrrgziIMUu9dcuOVI3inEvfh8CKcO
-a+j+j1qNvxLGgPOfkXZH/cvGckCLxJuQ+/aX0k/3Top6mSHJTeMxtU7K2bSkgQmC
-GoSoRqOFLPBp2UxAKWYcgr8kh7wjt5mov3NtNyMmCC6bjwtwX3ClLjgQfHekS5Iu
-niPm9Q/FoF1JSbiXrpPf8KZVTUg9D1lzQFvJYHl9w5gWGE6wgjxX7TM1ooYvW0Gr
-v9FBDIXGlXid+hBx8j0igRQW/V6sH5uSt690m5ElZj4KkJ6+uhLkIMcSGc6HYWhI
-vtCNytTGd9wsAB97bYvcJv/qEW94hnGSdE0HvarAcdZbO52oljOAtqzaYi7Hw111
-expNG3FU98UTWX0LHsv1c5/z9ph7x5EFyipkBML5J9LT8KV/+IrXPBkXQ45yaf3D
-s+KpRlkxFGj9uFhRgl4OLR4UrSfgEkrAPnVud2zrIik+A4mHgX9y8FKmktFioJhU
-faiEXzPzrHgMeEtlJW8vvWVoO9ZgIsYKma9sOn8aU/f7yjFak4I=
-=KRFp
------END PGP SIGNATURE-----

webkitgtk-2.50.4.tar.xz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmlBXggACgkQbBAJtpOX
+U5NxbQ//dZodv6dQ3WRUTgorM7pHee7jHLZXyezL7qRuUvHKSKKKtZd6AnA/jhV9
+J7qRh+5oCdVmZeXNoEgpw4H7eiatHAV8nlM5BYLU8Q0aubxr5IyGQjWarGEbcBSV
+DD5r3tR0yywqoUR+uWNDMLOC0jFwvMKusmHZ36rWN28hW192lo8EvhFVza1Jwgnt
+PTOvaV32ZVXsLr//WNpBhcxEOWPYIgQW4btAAdFsyWigi8USqwMan0Anc0ok6CdP
+r8BNsyYFHl3y/Kx74lsvdLC3nFF21BORjODaHp98FPSwjqnfK5fbhMSLhhuR172J
+AXCEdYgzt9i/jIJK8yegJsPMdTFIlEM/d5h3utp1s3Ne0i5wf4NQ4jdhZJ/Lfxqw
+KYUg4CCO7p2VMoW3+AOFu+atwi5JpERDvYLfHqxQUcbTLFOv4fURbCicvC94Cr2J
+g2QAhipt0ETbYahbkF4GwFTZY3ncJ9fBZ5YrADZjBbU2p6N/BJTqXggtVtq0iWNh
+phcooz2JUJx6hZQBzXi2I61XwfeH6uzV9fwY5gV1tSXP6CxXiJo7FvpYuheKxa/W
+ZR59aYg6bURJy0yC/PNENH5AkyllxSEwLs9wMPMpTVe+DR/VZs176eJZkchq4Q/L
+/HeGL6Wcap8YMJi8cC5Dy60vv0IXp33n8/tu1EdtOdQTqo65hl0=
+=Bi4F
+-----END PGP SIGNATURE-----