pool/webkit2gtk3
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1227082 from GNOME:Factory

Browse Source 
- Update to version 2.46.4
Also fix a typo in a CVE ref, and remove some mistakenly-added bugs/CVEs that
don't affect Linux. (forwarded request 1226975 from mgorse)

OBS-URL: https://build.opensuse.org/request/show/1227082
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/webkit2gtk3?expand=0&rev=209
This commit is contained in:
Ana Guerrero 2024-11-28 23:08:39 +00:00 committed by Git OBS Bridge
commit 31f756076e
9 changed files with 42 additions and 452 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch
View File

@ -1,41 +0,0 @@
From 9e9ea966373d3858668f6a29d8ba91a5807c8dd8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Th=C3=A9o=20Maillart?= <tmaillart@freebox.fr>
Date: Fri, 8 Nov 2024 09:50:53 -0800
Subject: [PATCH] [GStreamer] Video dimensions are wrong since GStreamer 1.24.9
https://bugs.webkit.org/show_bug.cgi?id=282749
Reviewed by Philippe Normand.
With the latest version of GStreamer, if the source is not selectable,
uridecodebin3 will drop the stream collection emitted from this element
As we only consider stream collection from the source element, we will
never set the stream collection internally, this will produce faulty
behaviour such as using wrong video dimensions
To avoid that, we reply true to the selectable query
* Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp:
(webKitMediaSrcQuery):
Canonical link: https://commits.webkit.org/286347@main
---
.../graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp b/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp
index c0a67c5f23f25..45b4f160e5630 100644
--- a/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp
+++ b/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp
@@ -255,6 +255,13 @@ static const char* streamTypeToString(TrackPrivateBaseGStreamer::TrackType type)
static gboolean webKitMediaSrcQuery(GstElement* element, GstQuery* query)
{
+#if GST_CHECK_VERSION(1, 22, 0)
+ if (GST_QUERY_TYPE(query) == GST_QUERY_SELECTABLE) {
+ gst_query_set_selectable(query, TRUE);
+ return TRUE;
+ }
+#endif
+
gboolean result = GST_ELEMENT_CLASS(parent_class)->query(element, query);
if (GST_QUERY_TYPE(query) != GST_QUERY_SCHEDULING)

60
webkit2gtk3-CVE-2024-44308.patch
View File

@ -1,60 +0,0 @@
From 53e7f27d262249310bd6b7ad452e7df334c92b7d Mon Sep 17 00:00:00 2001
From: Daniel Liu <danlliu@umich.edu>
Date: Wed, 13 Nov 2024 12:27:15 -0800
Subject: [PATCH] Cherry-pick ded4d02c0a93.
https://bugs.webkit.org/show_bug.cgi?id=283063
Don't allocate DFG register after a slow path
https://bugs.webkit.org/show_bug.cgi?id=283063
rdar://139747120
Reviewed by Yusuke Suzuki.
Allocating a DFG register after a slow path means that if the slow path
is taken, we end up with an incorrect global state.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
Canonical link: https://commits.webkit.org/282416.295@webkitglib/2.46
---
Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
index 356d52b21a12..d041b63e8ba9 100644
--- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
@@ -3528,6 +3528,14 @@ void SpeculativeJIT::compilePutByValForIntTypedArray(Node* node, TypedArrayType
}
}
+ GPRReg scratch2GPR = InvalidGPRReg;
+#if USE(JSVALUE64)
+ if (node->arrayMode().mayBeResizableOrGrowableSharedTypedArray()) {
+ scratch2.emplace(this);
+ scratch2GPR = scratch2->gpr();
+ }
+#endif
+
bool result = getIntTypedArrayStoreOperand(
value, propertyReg,
#if USE(JSVALUE32_64)
@@ -3539,14 +3547,6 @@ void SpeculativeJIT::compilePutByValForIntTypedArray(Node* node, TypedArrayType
return;
}
- GPRReg scratch2GPR = InvalidGPRReg;
-#if USE(JSVALUE64)
- if (node->arrayMode().mayBeResizableOrGrowableSharedTypedArray()) {
- scratch2.emplace(this);
- scratch2GPR = scratch2->gpr();
- }
-#endif
-
GPRReg valueGPR = value.gpr();
GPRReg scratchGPR = scratch.gpr();
#if USE(JSVALUE32_64)
--
2.47.0

321
webkit2gtk3-CVE-2024-44309.patch
View File

@ -1,321 +0,0 @@
From c52da7c313795d61665253f23c9f298005549c73 Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Thu, 14 Nov 2024 13:56:35 -0800
Subject: [PATCH] Cherry-pick 60c387845715.
https://bugs.webkit.org/show_bug.cgi?id=282197
Cherry-pick 2815b4e29829. rdar://139893250
Data Isolation bypass via attacker controlled firstPartyForCookies
https://bugs.webkit.org/show_bug.cgi?id=283095
rdar://139818629
Reviewed by Matthew Finkel and Alex Christensen.
`NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or
empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but
we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly
have about:blank set as their firstPartyForCookies, causing us to kill the WCP.
This patch is a lower risk change that removes the unconditional cookie access for requests that have an
empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty
firstPartyForCookies.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
(WebKit::NetworkConnectionToWebProcess::getRawCookies):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
(WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
(WebKit::NetworkConnectionToWebProcess::establishSWContextConnection):
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::allowsFirstPartyForCookies):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::addAllowedFirstPartyForCookies):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::scheduleJobInServer):
* Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp:
(WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
(EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)):
Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch
Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46
---
.../NetworkConnectionToWebProcess.cpp | 51 ++++++++++++++-----
.../WebKit/NetworkProcess/NetworkProcess.cpp | 37 +++++++-------
Source/WebKit/NetworkProcess/NetworkProcess.h | 5 +-
.../WebKit/NetworkProcess/NetworkSession.cpp | 2 +-
.../ServiceWorker/WebSWServerConnection.cpp | 2 +-
.../WebSharedWorkerServerConnection.cpp | 2 +-
.../Tests/WebKitCocoa/IPCTestingAPI.mm | 33 ++++++++++++
7 files changed, 96 insertions(+), 36 deletions(-)
diff --git a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
index a0ad3c628ec3..c13a96f0e796 100644
--- a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
@@ -502,7 +502,7 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I
void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()));
+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()) != NetworkProcess::AllowCookieAccess::Terminate);
ASSERT(!m_networkSocketChannels.contains(identifier));
if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, advancedPrivacyProtections, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy))
@@ -552,11 +552,11 @@ RefPtr<ServiceWorkerFetchTask> NetworkConnectionToWebProcess::createFetchTask(Ne
void NetworkConnectionToWebProcess::scheduleResourceLoad(NetworkResourceLoadParameters&& loadParameters, std::optional<NetworkResourceLoadIdentifier> existingLoaderToResume)
{
- bool hasCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies());
- if (UNLIKELY(!hasCookieAccess))
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies());
+ if (UNLIKELY(allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow))
RELEASE_LOG_ERROR(Loading, "scheduleResourceLoad: Web process does not have cookie access to url %" SENSITIVE_LOG_STRING " for request %" SENSITIVE_LOG_STRING, loadParameters.request.firstPartyForCookies().string().utf8().data(), loadParameters.request.url().string().utf8().data());
- MESSAGE_CHECK(hasCookieAccess);
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
CONNECTION_RELEASE_LOG(Loading, "scheduleResourceLoad: (parentPID=%d, pageProxyID=%" PRIu64 ", webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 ", existingLoaderToResume=%" PRIu64 ")", loadParameters.parentPID, loadParameters.webPageProxyID.toUInt64(), loadParameters.webPageID.toUInt64(), loadParameters.webFrameID.object().toUInt64(), loadParameters.identifier.toUInt64(), valueOrDefault(existingLoaderToResume).toUInt64());
@@ -785,7 +785,10 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector<Strin
void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, FrameIdentifier frameID, PageIdentifier pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ }, false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -802,7 +805,10 @@ void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const S
void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, WebCore::FrameIdentifier frameID, PageIdentifier pageID, ApplyTrackingPrevention applyTrackingPrevention, const String& cookieString, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return;
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -823,7 +829,10 @@ void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, co
void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler(false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession) {
@@ -837,7 +846,10 @@ void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const
void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String, bool)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ }, false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -848,7 +860,10 @@ void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& fir
void NetworkConnectionToWebProcess::getRawCookies(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ });
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -877,7 +892,10 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c
void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&& options, CompletionHandler<void(std::optional<Vector<WebCore::Cookie>>&&)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(std::nullopt));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(std::nullopt));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler(std::nullopt);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -894,7 +912,10 @@ void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, co
void NetworkConnectionToWebProcess::setCookieFromDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, WebCore::Cookie&& cookie, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler(false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -914,7 +935,10 @@ void NetworkConnectionToWebProcess::domCookiesForHost(const URL& url, Completion
{
auto host = url.host().toString();
MESSAGE_CHECK_COMPLETION(HashSet<String>::isValidValue(host), completionHandler({ }));
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url), completionHandler({ }));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ });
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -1423,7 +1447,8 @@ void NetworkConnectionToWebProcess::establishSWContextConnection(WebPageProxyIde
{
auto* session = networkSession();
if (auto* swServer = session ? session->swServer() : nullptr) {
- MESSAGE_CHECK(session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain));
+ auto allowCookieAccess = session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain);
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
m_swContextConnection = makeUnique<WebSWServerToContextConnection>(*this, webPageProxyID, WTFMove(registrableDomain), serviceWorkerPageIdentifier, *swServer);
}
completionHandler();
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
index db0437d3b70a..8f637e6c85fd 100644
--- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
@@ -458,48 +458,49 @@ void NetworkProcess::webProcessWillLoadWebArchive(WebCore::ProcessIdentifier pro
}).iterator->value.first = LoadedWebArchive::Yes;
}
-bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty)
+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -> AllowCookieAccess
{
- // FIXME: This should probably not be necessary. If about:blank is the first party for cookies,
- // we should set it to be the inherited origin then remove this exception.
- if (firstParty.isAboutBlank())
- return true;
+ auto allowCookieAccess = allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty });
+ if (allowCookieAccess == NetworkProcess::AllowCookieAccess::Terminate) {
+ // FIXME: This should probably not be necessary. If about:blank is the first party for cookies,
+ // we should set it to be the inherited origin then remove this exception.
+ if (firstParty.isAboutBlank())
+ return AllowCookieAccess::Disallow;
- if (firstParty.isNull())
- return true; // FIXME: This shouldn't be allowed.
+ if (firstParty.isNull())
+ return AllowCookieAccess::Disallow; // FIXME: This shouldn't be allowed.
+ }
- return allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty });
+ return allowCookieAccess;
}
-bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain)
+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -> AllowCookieAccess
{
// FIXME: This shouldn't be needed but it is hit sometimes at least with PDFs.
- if (firstPartyDomain.isEmpty())
- return true;
-
+ auto terminateOrDisallow = firstPartyDomain.isEmpty() ? AllowCookieAccess::Disallow : AllowCookieAccess::Terminate;
if (!decltype(m_allowedFirstPartiesForCookies)::isValidKey(processIdentifier)) {
ASSERT_NOT_REACHED();
- return false;
+ return terminateOrDisallow;
}
auto iterator = m_allowedFirstPartiesForCookies.find(processIdentifier);
if (iterator == m_allowedFirstPartiesForCookies.end()) {
ASSERT_NOT_REACHED();
- return false;
+ return terminateOrDisallow;
}
if (iterator->value.first == LoadedWebArchive::Yes)
- return true;
+ return AllowCookieAccess::Allow;
auto& set = iterator->value.second;
if (!std::remove_reference_t<decltype(set)>::isValidValue(firstPartyDomain)) {
ASSERT_NOT_REACHED();
- return false;
+ return terminateOrDisallow;
}
auto result = set.contains(firstPartyDomain);
- ASSERT(result);
- return result;
+ ASSERT(result || terminateOrDisallow == AllowCookieAccess::Disallow);
+ return result ? AllowCookieAccess::Allow : terminateOrDisallow;
}
void NetworkProcess::addStorageSession(PAL::SessionID sessionID, const WebsiteDataStoreParameters& parameters)
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h
index 0897537e5847..54f19ab96ce4 100644
--- a/Source/WebKit/NetworkProcess/NetworkProcess.h
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.h
@@ -417,8 +417,9 @@ public:
void deleteWebsiteDataForOrigin(PAL::SessionID, OptionSet<WebsiteDataType>, const WebCore::ClientOrigin&, CompletionHandler<void()>&&);
void deleteWebsiteDataForOrigins(PAL::SessionID, OptionSet<WebsiteDataType>, const Vector<WebCore::SecurityOriginData>& origins, const Vector<String>& cookieHostNames, const Vector<String>& HSTSCacheHostnames, const Vector<RegistrableDomain>&, CompletionHandler<void()>&&);
- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&);
- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&);
+ enum class AllowCookieAccess : uint8_t { Disallow, Allow, Terminate };
+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&);
+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&);
void addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier, WebCore::RegistrableDomain&&, LoadedWebArchive, CompletionHandler<void()>&&);
void webProcessWillLoadWebArchive(WebCore::ProcessIdentifier);
diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp
index d3e9e8b4b64b..2c5fb9ad6765 100644
--- a/Source/WebKit/NetworkProcess/NetworkSession.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkSession.cpp
@@ -728,7 +728,7 @@ void NetworkSession::appBoundDomains(CompletionHandler<void(HashSet<WebCore::Reg
void NetworkSession::addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier webProcessIdentifier, std::optional<WebCore::ProcessIdentifier> requestingProcessIdentifier, WebCore::RegistrableDomain&& firstPartyForCookies)
{
- if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && !m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies)) {
+ if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies) != NetworkProcess::AllowCookieAccess::Allow) {
ASSERT_NOT_REACHED();
return;
}
diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
index 72d67d9f98a2..515f4597cf33 100644
--- a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
+++ b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
@@ -344,7 +344,7 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d
void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData)
{
- MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())));
+ MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate);
ASSERT(!jobData.scopeURL.isNull());
if (jobData.scopeURL.isNull()) {
diff --git a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
index 83affaaded38..084bbdf8f8c5 100644
--- a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
+++ b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
@@ -79,7 +79,7 @@ NetworkSession* WebSharedWorkerServerConnection::session()
void WebSharedWorkerServerConnection::requestSharedWorker(WebCore::SharedWorkerKey&& sharedWorkerKey, WebCore::SharedWorkerObjectIdentifier sharedWorkerObjectIdentifier, WebCore::TransferredMessagePort&& port, WebCore::WorkerOptions&& workerOptions)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())));
+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate);
MESSAGE_CHECK(sharedWorkerObjectIdentifier.processIdentifier() == m_webProcessIdentifier);
MESSAGE_CHECK(sharedWorkerKey.name == workerOptions.name);
CONNECTION_RELEASE_LOG("requestSharedWorker: sharedWorkerObjectIdentifier=%" PUBLIC_LOG_STRING, sharedWorkerObjectIdentifier.toString().utf8().data());

24
webkit2gtk3.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Wed Nov 27 21:34:14 UTC 2024 - Michael Gorse <mgorse@suse.com>
- Update to version 2.46.4:
+ Improve memory consumption and performance of Canvas
getImageData.
+ Fix preserve-3D intersection rendering.
+ Fix video dimensions since GStreamer 1.24.9.
+ Fix the HTTP-based remote Web Inspector not loading in
Chromium.
+ Fix content filters not working on about:blank iframes.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2024-44308, CVE-2024-44309.
- Drop patches fixed upstream:
+ 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch
+ webkit2gtk3-CVE-2024-44308.patch
+ webkit2gtk3-CVE-2024-44309.patch
-------------------------------------------------------------------
Mon Nov 25 19:25:44 UTC 2024 - Michael Gorse <mgorse@suse.com>
@ -147,7 +165,7 @@ Sun Sep 1 16:30:22 UTC 2024 - Bjørn Lie <bjorn.lie@gmail.com>
-------------------------------------------------------------------
Tue Aug 13 16:48:56 UTC 2024 - Michael Gorse <mgorse@suse.com>
- Update to version 2.44.3 (boo#1228696 boo#1228697 boo#1228698):
- Update to version 2.44.3 (boo#1228697):
+ Fix web process cache suspend/resume when sandbox is enabled.
+ Fix accelerated images dissapearing after scrolling.
+ Fix video flickering with DMA-BUF sink.
@ -157,8 +175,8 @@ Tue Aug 13 16:48:56 UTC 2024 - Michael Gorse <mgorse@suse.com>
API.
+ Fix several crashes and rendering issues.
+ Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
CVE-2023-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794,
CVE-2024-4558, CVE-2024-27838, CVE-2024-27851.
CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-27838,
CVE-2024-27851.
- Drop patches now upstream:
9d5844679af8f84036f1b800307e799bd7ab73ba.patch
webkit2gtk3-CVE-2024-40776.patch

10
webkit2gtk3.spec
View File

@ -79,7 +79,7 @@ ExclusiveArch: do-not-build
%endif
Name: webkit2%{_gtknamesuffix}
Version: 2.46.3
Version: 2.46.4
Release: 0
Summary: Library for rendering web content, GTK+ Port
License: BSD-3-Clause AND LGPL-2.0-or-later
@ -92,14 +92,8 @@ Source99: webkit2gtk3.keyring
# PATCH-FEATURE-OPENSUSE reproducibility.patch -- Make build reproducible
Patch0: reproducibility.patch
# PATCH-FIX-UPSTREAM 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch -- Fix aspect ratio with gst-1.24.9
Patch1: https://github.com/WebKit/WebKit/commit/9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch
# PATCH-FIX-UPSTREAM 63f7badbada070ebaadd318b2801818ecf7e7ea0.patch -- Support ICU 76.1 build
Patch2: https://github.com/WebKit/WebKit/commit/63f7badbada070ebaadd318b2801818ecf7e7ea0.patch
# PATCH-FIX-UPSTREAM webkit2gtk3-CVE-2024-44308.patch boo#1233631 mgorse@suse.com -- don't allocate DFG register after a slow path.
Patch3: webkit2gtk3-CVE-2024-44308.patch
# PATCH-FIX-UPSTREAM webkit2gtk3-CVE-2024-44309.patch boo#1233632 mgorse@suse.com -- fix a cookie management issue.
Patch4: webkit2gtk3-CVE-2024-44309.patch
Patch1: https://github.com/WebKit/WebKit/commit/63f7badbada070ebaadd318b2801818ecf7e7ea0.patch
BuildRequires: Mesa-libEGL-devel
BuildRequires: Mesa-libGL-devel

BIN
webkitgtk-2.46.3.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

16
webkitgtk-2.46.3.tar.xz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmciLBQACgkQbBAJtpOX
U5MFsBAAqwUuPEkirbQXxESAu8nJKUG3RVa4y3c1NaTRETW19cy/32KeiBlxbWW5
UKF2gKlu5B+mJn9f0hebYBUkqr6HdWO1JnBz3XNXZ7dNObTWlN9g4T6tlqsxAdsk
B04ddWFQKYQJ4pMLjlxVFkFXQ0vh9UywBwUyGXrqg9yo2OcSGpsqdujyZfdlWrHc
0kDLow9SYM5XhkzFoQxKlYsVg1vhzpTxDuv39JqVTGHlX8pEplpCsrMwpVQ+89aP
zv64u/xnPAEsN4wGeB0QyH6H0llukTmrgWUfoRqeDLHMGAeuHe1yONGyK5fWA1u+
ABTsjVnh5nOQxUZaNc3dpMdUcrp+kVhjKDwMOhKNbfVoLWxchmU5VvrCoytRAX8i
4js2xOgnMk26cNB4dZsMg9cYH4Zr+nkfkjGljGXRSvexF8iBUc2Dv0scrtDh3ArI
aWk4eMyO5nRPIFWE6j5d+sAm1TF1hGMW33beYOTy5Iqm2l2inRoaxGdAz2ZFjF5S
xcjG7tT3+pG8WXPhJ0Tl41mPJKg79tY3F0uzSedtJ+J3q4uRKORFOdChtDbqHHT7
mI0jT6rrGckXlncufvg19RiCnmP8vmZEyeuTZja6vBsV3pA7Uc/IWcWEXi9ip/om
grjX+68/ypghS571sFxrjQaNdqrO0fwMrJBZxhgelJKnykvoj2Y=
=wug0
-----END PGP SIGNATURE-----

BIN
webkitgtk-2.46.4.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
webkitgtk-2.46.4.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmdG7mAACgkQbBAJtpOX
U5P4/BAAi8+ZqJCyHgj/hPnhCPFxAN8fn0nv3g7Af5SHF9wOd7gWPlcTo126EIYg
rDqVF/xTGLntJvyOcQFqAjxzJ/KTHopDs7O5qPzokB7w5eyAL4z6KLCEjsYXwGat
Y/n80Ns4ZRVukhE429dhBONyKyQ3IAP4tq6R3Q2lG4EzRdIPXSffY6VzYsRfTf0Z
HQ8ml5hmLADILIkFv2tiY5WNht7NommOzabGOnt6cuOY7qz7ZEFm/IJ6RRzKtqft
NbvLj5AscwGWQh3f2zJre5YCOxn/5goLf/b+EjwiOlG1ytqTfTV+elqd8P5dXNMb
5cojVPkyjRWf9MkQO5T1Nfof2S524m7JAemffxXAtXBhIEgu10XAJsxjPXse1vtV
mdNgpgebbfjIc8j65DJEA0e5npAalZO0YO6YKbyf6IN149iH4p3d2MJmPDInctu/
YDqJYbn6dtbC1xPKbE3MYXW3rlU1YWZXslxcp/OLMg2qJ+wCdDU2MK7FNzvOj8FK
5YZrsoZYsP/N8RjGWgY+H22IhIiT7cigcUsnjWP9VHWQmr6WGVmOLyCcJgDO3VFV
9cNLB0acuesksT4wyECGg5lsgqWPp//5PNOqtMMQO97MIYUt7/oR+A1vxx3AZHGr
1XNeHleX0o5DxWhHk9s/DHWF/v1RKJVITaO+v70zUyKMz+hORmQ=
=WURb
-----END PGP SIGNATURE-----