From 5c866bcf47fb7167b6aecce3324c9c0e4d59d8c7 Mon Sep 17 00:00:00 2001
From: lingsheng <860373352@qq.com>
Date: Wed, 26 Nov 2025 11:40:30 +0800
Subject: [PATCH] fix CVE-2025-43421

---
 backport-CVE-2025-43421.patch | 26 ++++++++++++++++++++++++++
 webkit2gtk4_1.spec            |  7 ++++++-
 webkitgtk.spec                |  7 ++++++-
 webkitgtk6_0.spec             |  7 ++++++-
 4 files changed, 44 insertions(+), 3 deletions(-)
 create mode 100644 backport-CVE-2025-43421.patch

diff --git a/backport-CVE-2025-43421.patch b/backport-CVE-2025-43421.patch
new file mode 100644
index 0000000..26e2361
--- /dev/null
+++ b/backport-CVE-2025-43421.patch
@@ -0,0 +1,26 @@
+From 56f026944a16a4baf82ddd6bae954c577de79d03 Mon Sep 17 00:00:00 2001
+From: Michael Catanzaro <mcatanzaro@redhat.com>
+Date: Fri, 21 Nov 2025 12:42:01 -0600
+Subject: [PATCH] Disable array allocation sinking
+ https://bugs.webkit.org/show_bug.cgi?id=300718
+
+Unreviewed stable branch commit.
+
+Canonical link: https://commits.webkit.org/298234.299@webkitglib/2.50
+---
+ Source/JavaScriptCore/runtime/OptionsList.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Source/JavaScriptCore/runtime/OptionsList.h b/Source/JavaScriptCore/runtime/OptionsList.h
+index 3d65cb28ba8ed..5b0750dd25219 100644
+--- a/Source/JavaScriptCore/runtime/OptionsList.h
++++ b/Source/JavaScriptCore/runtime/OptionsList.h
+@@ -629,7 +629,7 @@ bool hasCapacityToUseLargeGigacage();
+     v(Bool, forceAllFunctionsToUseSIMD, false, Normal, "Force all functions to act conservatively w.r.t fp/vector registers for testing."_s) \
+     v(Bool, useOMGInlining, true, Normal, "Use OMG inlining"_s) \
+     v(Bool, freeRetiredWasmCode, true, Normal, "free BBQ/OMG-OSR wasm code once it's no longer reachable."_s) \
+-    v(Bool, useArrayAllocationSinking, true, Normal, nullptr) \
++    v(Bool, useArrayAllocationSinking, false, Normal, nullptr) \
+     v(Bool, dumpFTLCodeSize, false, Normal, nullptr) \
+     v(Bool, dumpOptimizationTracing, false, Normal, nullptr) \
+     v(Unsigned, markedBlockDumpInfoCount, 0, Normal, nullptr) /* FIXME: rdar://139998916 */ \
diff --git a/webkit2gtk4_1.spec b/webkit2gtk4_1.spec
index f332157..219b2f8 100644
--- a/webkit2gtk4_1.spec
+++ b/webkit2gtk4_1.spec
@@ -23,7 +23,7 @@
 
 Name:           webkit2gtk4.1
 Version:        2.50.2
-Release:        1
+Release:        2
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
@@ -33,6 +33,8 @@ Patch1000:      webkitgtk-add-loongarch-and-sw.patch
 # clang 17 has bug on Wunsafe-buffer-usage, disable it for now
 Patch1001:      webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 
+Patch6000:      backport-CVE-2025-43421.patch
+
 #Dependency
 BuildRequires:  bison
 BuildRequires:  bubblewrap
@@ -270,6 +272,9 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.1
 %endif
 
 %changelog
+* Wed Nov 26 2025 lingsheng <lingsheng1@h-partners.com> - 2.50.2-2
+- fix CVE-2025-43421
+
 * Fri Nov 21 2025 Funda Wang <fundawang@yeah.net> - 2.50.2-1
 - update to 2.50.2
 
diff --git a/webkitgtk.spec b/webkitgtk.spec
index 4258d2e..7ec708e 100644
--- a/webkitgtk.spec
+++ b/webkitgtk.spec
@@ -23,7 +23,7 @@
 
 Name:           webkitgtk
 Version:        2.50.2
-Release:        1
+Release:        2
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
@@ -33,6 +33,8 @@ Patch1000:      webkitgtk-add-loongarch-and-sw.patch
 # clang 17 has bug on Wunsafe-buffer-usage, disable it for now
 Patch1001:      webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 
+Patch6000:      backport-CVE-2025-43421.patch
+
 #Dependency
 BuildRequires:  bison
 BuildRequires:  bubblewrap
@@ -292,6 +294,9 @@ files for developing applications that use JavaScript engine from webkit2gtk-4.0
 %endif
 
 %changelog
+* Wed Nov 26 2025 lingsheng <lingsheng1@h-partners.com> - 2.50.2-2
+- fix CVE-2025-43421
+
 * Fri Nov 21 2025 Funda Wang <fundawang@yeah.net> - 2.50.2-1
 - update to 2.50.2
 
diff --git a/webkitgtk6_0.spec b/webkitgtk6_0.spec
index 830299e..04f22ee 100644
--- a/webkitgtk6_0.spec
+++ b/webkitgtk6_0.spec
@@ -23,7 +23,7 @@
 
 Name:           webkitgtk6.0
 Version:        2.50.2
-Release:        1
+Release:        2
 Summary:        GTK web content engine library
 License:        BSD-3-Clause AND LGPL-2.0-or-later
 URL:            https://www.webkitgtk.org/
@@ -33,6 +33,8 @@ Patch1000:      webkitgtk-add-loongarch-and-sw.patch
 # clang 17 has bug on Wunsafe-buffer-usage, disable it for now
 Patch1001:      webkitgtk-2.48.1-drop-Wunsafe-buffer-usage.patch
 
+Patch6000:      backport-CVE-2025-43421.patch
+
 #Dependency
 BuildRequires:  bison
 BuildRequires:  bubblewrap
@@ -268,6 +270,9 @@ files for developing applications that use JavaScript engine from webkitgtk-6.0.
 %endif
 
 %changelog
+* Wed Nov 26 2025 lingsheng <lingsheng1@h-partners.com> - 2.50.2-2
+- fix CVE-2025-43421
+
 * Fri Nov 21 2025 Funda Wang <fundawang@yeah.net> - 2.50.2-1
 - update to 2.50.2
 
-- 
Gitee