Release date:
2026-06-23 12:27:07 UTC
Description:
- Rebase to webkitgtk 2.52.4 to address WebKitGTK security advisory
WSA-2026-0003 (16 CVEs).
- Refresh libsoup2.patch for 2.52.4 library version triplet bumps
(WEBKIT 21/8/21, JAVASCRIPTCORE 10/12/10 on API 4.1;
WEBKIT 20/8/16, JAVASCRIPTCORE 8/12/7 on API 6.0).
- Drop aarch64-build.patch — the upstream cherry-pick (Apple fix for
WebKit bug 306638) is included in 2.52.4.
- Add fix-system-malloc-llint-extractor.patch (upstream cherry-pick
314364@main, bugs.webkit.org/show_bug.cgi?id=316083) to gate
bmalloc_CopyHeaders in LLIntSettingsExtractor/LLIntOffsetsExtractor
dependencies on (NOT USE_SYSTEM_MALLOC). Without it, CMake configure
fails on aarch64 because USE_64KB_PAGE_BLOCK=ON forces
USE_SYSTEM_MALLOC=ON, which prevents the bmalloc subdirectory from
being added and the bmalloc_CopyHeaders target from being created.
- CVEs resolved by this rebase (WSA-2026-0003):
CVE-2026-28847, CVE-2026-28883, CVE-2026-28901, CVE-2026-28902,
CVE-2026-28903, CVE-2026-28904, CVE-2026-28905, CVE-2026-28907,
CVE-2026-28942, CVE-2026-28946, CVE-2026-28947, CVE-2026-28953,
CVE-2026-28955, CVE-2026-28958, CVE-2026-43658, CVE-2026-43660
Updated packages:
-
webkit2gtk3-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
sha:4670b59e20d4fd5e1495f7311f258c29118d8b18c85a2309d12d07a556e93aeb
-
webkit2gtk3-devel-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
sha:268d9f1761477b70e76aeefa4b7ce6308c59720555ccd108dabb1138a104c118
-
webkit2gtk3-jsc-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
sha:8cf6805859ca2be29f03417e9f109f8045eda5bce346f5329421eb72624f2637
-
webkit2gtk3-jsc-devel-2.52.4-1.el9.tuxcare.els9.x86_64.rpm
sha:89ebc3eb7f75a90cb950f47b903b825183beec163e6a43796b24e6bd58294a7e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.