Version in base suite: 2.40.3-2~deb12u1

Base version: webkit2gtk_2.40.3-2~deb12u1
Target version: webkit2gtk_2.40.3-2~deb12u2
Base file: /srv/ftp-master.debian.org/ftp/pool/main/w/webkit2gtk/webkit2gtk_2.40.3-2~deb12u1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/w/webkit2gtk/webkit2gtk_2.40.3-2~deb12u2.dsc

 changelog                        |    7 ++++++
 patches/fix-CVE-2023-37450.patch |   40 +++++++++++++++++++++++++++++++++++++++
 patches/series                   |    1 
 3 files changed, 48 insertions(+)

diff -Nru webkit2gtk-2.40.3/debian/changelog webkit2gtk-2.40.3/debian/changelog
--- webkit2gtk-2.40.3/debian/changelog	2023-07-06 13:22:42.000000000 +0000
+++ webkit2gtk-2.40.3/debian/changelog	2023-07-21 09:24:47.000000000 +0000
@@ -1,3 +1,10 @@
+webkit2gtk (2.40.3-2~deb12u2) bookworm-security; urgency=medium
+
+  * debian/patches/fix-CVE-2023-37450.patch:
+    - Cherry pick fix for CVE-2023-37450.
+
+ -- Alberto Garcia <berto@igalia.com>  Fri, 21 Jul 2023 11:24:47 +0200
+
 webkit2gtk (2.40.3-2~deb12u1) bookworm-security; urgency=medium
 
   * Rebuild for bookworm-security.
diff -Nru webkit2gtk-2.40.3/debian/patches/fix-CVE-2023-37450.patch webkit2gtk-2.40.3/debian/patches/fix-CVE-2023-37450.patch
--- webkit2gtk-2.40.3/debian/patches/fix-CVE-2023-37450.patch	1970-01-01 00:00:00.000000000 +0000
+++ webkit2gtk-2.40.3/debian/patches/fix-CVE-2023-37450.patch	2023-07-21 09:24:47.000000000 +0000
@@ -0,0 +1,40 @@
+From: Justin Michaud <justin_michaud@apple.com>
+Subject: Fix CVE-2023-37450
+Origin: https://github.com/WebKit/WebKit/commit/4f99c0670d2d91dbc51725a7af6909e186db1b07
+Index: webkitgtk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
+===================================================================
+--- webkitgtk.orig/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
++++ webkitgtk/Source/JavaScriptCore/dfg/DFGPreciseLocalClobberize.h
+@@ -191,13 +191,19 @@ private:
+         case CreateRest: {
+             bool isForwardingNode = false;
+             bool isPhantomNode = false;
++            bool mayReadArguments = false;
+             switch (m_node->op()) {
+             case ForwardVarargs:
++            // This is used iff allInlineFramesAreTailCalls, so we will
++            // actually do a real tail call and destroy our frame.
++            case TailCallForwardVarargs:
++                isForwardingNode = true;
++                break;
+             case CallForwardVarargs:
+             case ConstructForwardVarargs:
+-            case TailCallForwardVarargs:
+             case TailCallForwardVarargsInlinedCaller:
+                 isForwardingNode = true;
++                mayReadArguments = true;
+                 break;
+             case PhantomDirectArguments:
+             case PhantomClonedArguments:
+@@ -209,7 +215,10 @@ private:
+ 
+             if (isPhantomNode && m_graph.m_plan.isFTL())
+                 break;
+-            
++
++            if (mayReadArguments)
++                readWorld(m_node);
++
+             if (isForwardingNode && m_node->hasArgumentsChild() && m_node->argumentsChild()
+                 && (m_node->argumentsChild()->op() == PhantomNewArrayWithSpread || m_node->argumentsChild()->op() == PhantomSpread)) {
+                 if (m_node->argumentsChild()->op() == PhantomNewArrayWithSpread)
diff -Nru webkit2gtk-2.40.3/debian/patches/series webkit2gtk-2.40.3/debian/patches/series
--- webkit2gtk-2.40.3/debian/patches/series	2023-07-06 13:22:42.000000000 +0000
+++ webkit2gtk-2.40.3/debian/patches/series	2023-07-21 09:24:47.000000000 +0000
@@ -6,3 +6,4 @@
 reduce-memory-overheads.patch
 fix-ftbfs-hurd.patch
 fix-jsc-timestamp.patch
+fix-CVE-2023-37450.patch