diff --git a/9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch b/9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch deleted file mode 100644 index 14db3a5..0000000 --- a/9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 9e9ea966373d3858668f6a29d8ba91a5807c8dd8 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Th=C3=A9o=20Maillart?= -Date: Fri, 8 Nov 2024 09:50:53 -0800 -Subject: [PATCH] [GStreamer] Video dimensions are wrong since GStreamer 1.24.9 - https://bugs.webkit.org/show_bug.cgi?id=282749 - -Reviewed by Philippe Normand. - -With the latest version of GStreamer, if the source is not selectable, -uridecodebin3 will drop the stream collection emitted from this element -As we only consider stream collection from the source element, we will -never set the stream collection internally, this will produce faulty -behaviour such as using wrong video dimensions -To avoid that, we reply true to the selectable query - -* Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp: -(webKitMediaSrcQuery): - -Canonical link: https://commits.webkit.org/286347@main ---- - .../graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp b/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp -index c0a67c5f23f25..45b4f160e5630 100644 ---- a/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp -+++ b/Source/WebCore/platform/graphics/gstreamer/mse/WebKitMediaSourceGStreamer.cpp -@@ -255,6 +255,13 @@ static const char* streamTypeToString(TrackPrivateBaseGStreamer::TrackType type) - - static gboolean webKitMediaSrcQuery(GstElement* element, GstQuery* query) - { -+#if GST_CHECK_VERSION(1, 22, 0) -+ if (GST_QUERY_TYPE(query) == GST_QUERY_SELECTABLE) { -+ gst_query_set_selectable(query, TRUE); -+ return TRUE; -+ } -+#endif -+ - gboolean result = GST_ELEMENT_CLASS(parent_class)->query(element, query); - - if (GST_QUERY_TYPE(query) != GST_QUERY_SCHEDULING) diff --git a/webkit2gtk3-CVE-2024-44308.patch b/webkit2gtk3-CVE-2024-44308.patch deleted file mode 100644 index 3faeb84..0000000 --- a/webkit2gtk3-CVE-2024-44308.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 53e7f27d262249310bd6b7ad452e7df334c92b7d Mon Sep 17 00:00:00 2001 -From: Daniel Liu -Date: Wed, 13 Nov 2024 12:27:15 -0800 -Subject: [PATCH] Cherry-pick ded4d02c0a93. - https://bugs.webkit.org/show_bug.cgi?id=283063 - -Don't allocate DFG register after a slow path -https://bugs.webkit.org/show_bug.cgi?id=283063 -rdar://139747120 - -Reviewed by Yusuke Suzuki. - -Allocating a DFG register after a slow path means that if the slow path -is taken, we end up with an incorrect global state. - -* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp: -(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray): - -Canonical link: https://commits.webkit.org/282416.295@webkitglib/2.46 ---- - Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp | 16 ++++++++-------- - 1 file changed, 8 insertions(+), 8 deletions(-) - -diff --git a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp -index 356d52b21a12..d041b63e8ba9 100644 ---- a/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp -+++ b/Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp -@@ -3528,6 +3528,14 @@ void SpeculativeJIT::compilePutByValForIntTypedArray(Node* node, TypedArrayType - } - } - -+ GPRReg scratch2GPR = InvalidGPRReg; -+#if USE(JSVALUE64) -+ if (node->arrayMode().mayBeResizableOrGrowableSharedTypedArray()) { -+ scratch2.emplace(this); -+ scratch2GPR = scratch2->gpr(); -+ } -+#endif -+ - bool result = getIntTypedArrayStoreOperand( - value, propertyReg, - #if USE(JSVALUE32_64) -@@ -3539,14 +3547,6 @@ void SpeculativeJIT::compilePutByValForIntTypedArray(Node* node, TypedArrayType - return; - } - -- GPRReg scratch2GPR = InvalidGPRReg; --#if USE(JSVALUE64) -- if (node->arrayMode().mayBeResizableOrGrowableSharedTypedArray()) { -- scratch2.emplace(this); -- scratch2GPR = scratch2->gpr(); -- } --#endif -- - GPRReg valueGPR = value.gpr(); - GPRReg scratchGPR = scratch.gpr(); - #if USE(JSVALUE32_64) --- -2.47.0 - diff --git a/webkit2gtk3-CVE-2024-44309.patch b/webkit2gtk3-CVE-2024-44309.patch deleted file mode 100644 index fd15771..0000000 --- a/webkit2gtk3-CVE-2024-44309.patch +++ /dev/null @@ -1,321 +0,0 @@ -From c52da7c313795d61665253f23c9f298005549c73 Mon Sep 17 00:00:00 2001 -From: Charlie Wolfe -Date: Thu, 14 Nov 2024 13:56:35 -0800 -Subject: [PATCH] Cherry-pick 60c387845715. - https://bugs.webkit.org/show_bug.cgi?id=282197 - -Cherry-pick 2815b4e29829. rdar://139893250 - - Data Isolation bypass via attacker controlled firstPartyForCookies - https://bugs.webkit.org/show_bug.cgi?id=283095 - rdar://139818629 - - Reviewed by Matthew Finkel and Alex Christensen. - - `NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or - empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but - we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly - have about:blank set as their firstPartyForCookies, causing us to kill the WCP. - - This patch is a lower risk change that removes the unconditional cookie access for requests that have an - empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty - firstPartyForCookies. - - * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp: - (WebKit::NetworkConnectionToWebProcess::createSocketChannel): - (WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad): - (WebKit::NetworkConnectionToWebProcess::cookiesForDOM): - (WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM): - (WebKit::NetworkConnectionToWebProcess::cookiesEnabled): - (WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue): - (WebKit::NetworkConnectionToWebProcess::getRawCookies): - (WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync): - (WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync): - (WebKit::NetworkConnectionToWebProcess::domCookiesForHost): - (WebKit::NetworkConnectionToWebProcess::establishSWContextConnection): - * Source/WebKit/NetworkProcess/NetworkProcess.cpp: - (WebKit::NetworkProcess::allowsFirstPartyForCookies): - * Source/WebKit/NetworkProcess/NetworkProcess.h: - * Source/WebKit/NetworkProcess/NetworkSession.cpp: - (WebKit::NetworkSession::addAllowedFirstPartyForCookies): - * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp: - (WebKit::WebSWServerConnection::scheduleJobInServer): - * Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp: - (WebKit::WebSharedWorkerServerConnection::requestSharedWorker): - * Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm: - (EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)): - - Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch - -Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46 ---- - .../NetworkConnectionToWebProcess.cpp | 51 ++++++++++++++----- - .../WebKit/NetworkProcess/NetworkProcess.cpp | 37 +++++++------- - Source/WebKit/NetworkProcess/NetworkProcess.h | 5 +- - .../WebKit/NetworkProcess/NetworkSession.cpp | 2 +- - .../ServiceWorker/WebSWServerConnection.cpp | 2 +- - .../WebSharedWorkerServerConnection.cpp | 2 +- - .../Tests/WebKitCocoa/IPCTestingAPI.mm | 33 ++++++++++++ - 7 files changed, 96 insertions(+), 36 deletions(-) - -diff --git a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp -index a0ad3c628ec3..c13a96f0e796 100644 ---- a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp -+++ b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp -@@ -502,7 +502,7 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I - - void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional frameID, std::optional pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet advancedPrivacyProtections, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies())); -+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()) != NetworkProcess::AllowCookieAccess::Terminate); - - ASSERT(!m_networkSocketChannels.contains(identifier)); - if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, advancedPrivacyProtections, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy)) -@@ -552,11 +552,11 @@ RefPtr NetworkConnectionToWebProcess::createFetchTask(Ne - - void NetworkConnectionToWebProcess::scheduleResourceLoad(NetworkResourceLoadParameters&& loadParameters, std::optional existingLoaderToResume) - { -- bool hasCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies()); -- if (UNLIKELY(!hasCookieAccess)) -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies()); -+ if (UNLIKELY(allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)) - RELEASE_LOG_ERROR(Loading, "scheduleResourceLoad: Web process does not have cookie access to url %" SENSITIVE_LOG_STRING " for request %" SENSITIVE_LOG_STRING, loadParameters.request.firstPartyForCookies().string().utf8().data(), loadParameters.request.url().string().utf8().data()); - -- MESSAGE_CHECK(hasCookieAccess); -+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); - - CONNECTION_RELEASE_LOG(Loading, "scheduleResourceLoad: (parentPID=%d, pageProxyID=%" PRIu64 ", webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 ", existingLoaderToResume=%" PRIu64 ")", loadParameters.parentPID, loadParameters.webPageProxyID.toUInt64(), loadParameters.webPageID.toUInt64(), loadParameters.webFrameID.object().toUInt64(), loadParameters.identifier.toUInt64(), valueOrDefault(existingLoaderToResume).toUInt64()); - -@@ -785,7 +785,10 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }, false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -802,7 +805,10 @@ void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const S - - void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, WebCore::FrameIdentifier frameID, PageIdentifier pageID, ApplyTrackingPrevention applyTrackingPrevention, const String& cookieString, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return; - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -823,7 +829,10 @@ void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, co - - void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional frameID, std::optional pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler(false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) { -@@ -837,7 +846,10 @@ void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const - - void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }, false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -848,7 +860,10 @@ void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& fir - - void NetworkConnectionToWebProcess::getRawCookies(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&&)>&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ })); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ })); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -877,7 +892,10 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c - - void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&& options, CompletionHandler>&&)>&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(std::nullopt)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(std::nullopt)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler(std::nullopt); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -894,7 +912,10 @@ void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, co - - void NetworkConnectionToWebProcess::setCookieFromDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, ApplyTrackingPrevention applyTrackingPrevention, WebCore::Cookie&& cookie, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&& completionHandler) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler(false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -914,7 +935,10 @@ void NetworkConnectionToWebProcess::domCookiesForHost(const URL& url, Completion - { - auto host = url.host().toString(); - MESSAGE_CHECK_COMPLETION(HashSet::isValidValue(host), completionHandler({ })); -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url), completionHandler({ })); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ })); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -1423,7 +1447,8 @@ void NetworkConnectionToWebProcess::establishSWContextConnection(WebPageProxyIde - { - auto* session = networkSession(); - if (auto* swServer = session ? session->swServer() : nullptr) { -- MESSAGE_CHECK(session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain)); -+ auto allowCookieAccess = session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain); -+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); - m_swContextConnection = makeUnique(*this, webPageProxyID, WTFMove(registrableDomain), serviceWorkerPageIdentifier, *swServer); - } - completionHandler(); -diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp -index db0437d3b70a..8f637e6c85fd 100644 ---- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp -+++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp -@@ -458,48 +458,49 @@ void NetworkProcess::webProcessWillLoadWebArchive(WebCore::ProcessIdentifier pro - }).iterator->value.first = LoadedWebArchive::Yes; - } - --bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -> AllowCookieAccess - { -- // FIXME: This should probably not be necessary. If about:blank is the first party for cookies, -- // we should set it to be the inherited origin then remove this exception. -- if (firstParty.isAboutBlank()) -- return true; -+ auto allowCookieAccess = allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty }); -+ if (allowCookieAccess == NetworkProcess::AllowCookieAccess::Terminate) { -+ // FIXME: This should probably not be necessary. If about:blank is the first party for cookies, -+ // we should set it to be the inherited origin then remove this exception. -+ if (firstParty.isAboutBlank()) -+ return AllowCookieAccess::Disallow; - -- if (firstParty.isNull()) -- return true; // FIXME: This shouldn't be allowed. -+ if (firstParty.isNull()) -+ return AllowCookieAccess::Disallow; // FIXME: This shouldn't be allowed. -+ } - -- return allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty }); -+ return allowCookieAccess; - } - --bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -> AllowCookieAccess - { - // FIXME: This shouldn't be needed but it is hit sometimes at least with PDFs. -- if (firstPartyDomain.isEmpty()) -- return true; -- -+ auto terminateOrDisallow = firstPartyDomain.isEmpty() ? AllowCookieAccess::Disallow : AllowCookieAccess::Terminate; - if (!decltype(m_allowedFirstPartiesForCookies)::isValidKey(processIdentifier)) { - ASSERT_NOT_REACHED(); -- return false; -+ return terminateOrDisallow; - } - - auto iterator = m_allowedFirstPartiesForCookies.find(processIdentifier); - if (iterator == m_allowedFirstPartiesForCookies.end()) { - ASSERT_NOT_REACHED(); -- return false; -+ return terminateOrDisallow; - } - - if (iterator->value.first == LoadedWebArchive::Yes) -- return true; -+ return AllowCookieAccess::Allow; - - auto& set = iterator->value.second; - if (!std::remove_reference_t::isValidValue(firstPartyDomain)) { - ASSERT_NOT_REACHED(); -- return false; -+ return terminateOrDisallow; - } - - auto result = set.contains(firstPartyDomain); -- ASSERT(result); -- return result; -+ ASSERT(result || terminateOrDisallow == AllowCookieAccess::Disallow); -+ return result ? AllowCookieAccess::Allow : terminateOrDisallow; - } - - void NetworkProcess::addStorageSession(PAL::SessionID sessionID, const WebsiteDataStoreParameters& parameters) -diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h -index 0897537e5847..54f19ab96ce4 100644 ---- a/Source/WebKit/NetworkProcess/NetworkProcess.h -+++ b/Source/WebKit/NetworkProcess/NetworkProcess.h -@@ -417,8 +417,9 @@ public: - void deleteWebsiteDataForOrigin(PAL::SessionID, OptionSet, const WebCore::ClientOrigin&, CompletionHandler&&); - void deleteWebsiteDataForOrigins(PAL::SessionID, OptionSet, const Vector& origins, const Vector& cookieHostNames, const Vector& HSTSCacheHostnames, const Vector&, CompletionHandler&&); - -- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&); -- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&); -+ enum class AllowCookieAccess : uint8_t { Disallow, Allow, Terminate }; -+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&); -+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&); - void addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier, WebCore::RegistrableDomain&&, LoadedWebArchive, CompletionHandler&&); - void webProcessWillLoadWebArchive(WebCore::ProcessIdentifier); - -diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp -index d3e9e8b4b64b..2c5fb9ad6765 100644 ---- a/Source/WebKit/NetworkProcess/NetworkSession.cpp -+++ b/Source/WebKit/NetworkProcess/NetworkSession.cpp -@@ -728,7 +728,7 @@ void NetworkSession::appBoundDomains(CompletionHandler requestingProcessIdentifier, WebCore::RegistrableDomain&& firstPartyForCookies) - { -- if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && !m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies)) { -+ if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies) != NetworkProcess::AllowCookieAccess::Allow) { - ASSERT_NOT_REACHED(); - return; - } -diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp -index 72d67d9f98a2..515f4597cf33 100644 ---- a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp -+++ b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp -@@ -344,7 +344,7 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d - - void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData) - { -- MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host()))); -+ MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate); - - ASSERT(!jobData.scopeURL.isNull()); - if (jobData.scopeURL.isNull()) { -diff --git a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp -index 83affaaded38..084bbdf8f8c5 100644 ---- a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp -+++ b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp -@@ -79,7 +79,7 @@ NetworkSession* WebSharedWorkerServerConnection::session() - - void WebSharedWorkerServerConnection::requestSharedWorker(WebCore::SharedWorkerKey&& sharedWorkerKey, WebCore::SharedWorkerObjectIdentifier sharedWorkerObjectIdentifier, WebCore::TransferredMessagePort&& port, WebCore::WorkerOptions&& workerOptions) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host()))); -+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate); - MESSAGE_CHECK(sharedWorkerObjectIdentifier.processIdentifier() == m_webProcessIdentifier); - MESSAGE_CHECK(sharedWorkerKey.name == workerOptions.name); - CONNECTION_RELEASE_LOG("requestSharedWorker: sharedWorkerObjectIdentifier=%" PUBLIC_LOG_STRING, sharedWorkerObjectIdentifier.toString().utf8().data()); diff --git a/webkit2gtk3.changes b/webkit2gtk3.changes index 03d87ca..bc59935 100644 --- a/webkit2gtk3.changes +++ b/webkit2gtk3.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Wed Nov 27 21:34:14 UTC 2024 - Michael Gorse + +- Update to version 2.46.4: + + Improve memory consumption and performance of Canvas + getImageData. + + Fix preserve-3D intersection rendering. + + Fix video dimensions since GStreamer 1.24.9. + + Fix the HTTP-based remote Web Inspector not loading in + Chromium. + + Fix content filters not working on about:blank iframes. + + Fix several crashes and rendering issues. + + Security fixes: CVE-2024-44308, CVE-2024-44309. +- Drop patches fixed upstream: + + 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch + + webkit2gtk3-CVE-2024-44308.patch + + webkit2gtk3-CVE-2024-44309.patch + ------------------------------------------------------------------- Mon Nov 25 19:25:44 UTC 2024 - Michael Gorse @@ -147,7 +165,7 @@ Sun Sep 1 16:30:22 UTC 2024 - Bjørn Lie ------------------------------------------------------------------- Tue Aug 13 16:48:56 UTC 2024 - Michael Gorse -- Update to version 2.44.3 (boo#1228696 boo#1228697 boo#1228698): +- Update to version 2.44.3 (boo#1228697): + Fix web process cache suspend/resume when sandbox is enabled. + Fix accelerated images dissapearing after scrolling. + Fix video flickering with DMA-BUF sink. @@ -157,8 +175,8 @@ Tue Aug 13 16:48:56 UTC 2024 - Michael Gorse API. + Fix several crashes and rendering issues. + Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780, - CVE-2023-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794, - CVE-2024-4558, CVE-2024-27838, CVE-2024-27851. + CVE-2024-40782, CVE-2024-40789, CVE-2024-4558, CVE-2024-27838, + CVE-2024-27851. - Drop patches now upstream: 9d5844679af8f84036f1b800307e799bd7ab73ba.patch webkit2gtk3-CVE-2024-40776.patch diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 010d83b..81f484d 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -79,7 +79,7 @@ ExclusiveArch: do-not-build %endif Name: webkit2%{_gtknamesuffix} -Version: 2.46.3 +Version: 2.46.4 Release: 0 Summary: Library for rendering web content, GTK+ Port License: BSD-3-Clause AND LGPL-2.0-or-later @@ -92,14 +92,8 @@ Source99: webkit2gtk3.keyring # PATCH-FEATURE-OPENSUSE reproducibility.patch -- Make build reproducible Patch0: reproducibility.patch -# PATCH-FIX-UPSTREAM 9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch -- Fix aspect ratio with gst-1.24.9 -Patch1: https://github.com/WebKit/WebKit/commit/9e9ea966373d3858668f6a29d8ba91a5807c8dd8.patch # PATCH-FIX-UPSTREAM 63f7badbada070ebaadd318b2801818ecf7e7ea0.patch -- Support ICU 76.1 build -Patch2: https://github.com/WebKit/WebKit/commit/63f7badbada070ebaadd318b2801818ecf7e7ea0.patch -# PATCH-FIX-UPSTREAM webkit2gtk3-CVE-2024-44308.patch boo#1233631 mgorse@suse.com -- don't allocate DFG register after a slow path. -Patch3: webkit2gtk3-CVE-2024-44308.patch -# PATCH-FIX-UPSTREAM webkit2gtk3-CVE-2024-44309.patch boo#1233632 mgorse@suse.com -- fix a cookie management issue. -Patch4: webkit2gtk3-CVE-2024-44309.patch +Patch1: https://github.com/WebKit/WebKit/commit/63f7badbada070ebaadd318b2801818ecf7e7ea0.patch BuildRequires: Mesa-libEGL-devel BuildRequires: Mesa-libGL-devel diff --git a/webkitgtk-2.46.3.tar.xz b/webkitgtk-2.46.3.tar.xz deleted file mode 100644 index e6711a1..0000000 --- a/webkitgtk-2.46.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:85e09fa6ff9fea49678ba9975dbc64ea3242833f8f8a7d6a8937b2f292fcb28d -size 42820196 diff --git a/webkitgtk-2.46.3.tar.xz.asc b/webkitgtk-2.46.3.tar.xz.asc deleted file mode 100644 index 890fdb9..0000000 --- a/webkitgtk-2.46.3.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmciLBQACgkQbBAJtpOX -U5MFsBAAqwUuPEkirbQXxESAu8nJKUG3RVa4y3c1NaTRETW19cy/32KeiBlxbWW5 -UKF2gKlu5B+mJn9f0hebYBUkqr6HdWO1JnBz3XNXZ7dNObTWlN9g4T6tlqsxAdsk -B04ddWFQKYQJ4pMLjlxVFkFXQ0vh9UywBwUyGXrqg9yo2OcSGpsqdujyZfdlWrHc -0kDLow9SYM5XhkzFoQxKlYsVg1vhzpTxDuv39JqVTGHlX8pEplpCsrMwpVQ+89aP -zv64u/xnPAEsN4wGeB0QyH6H0llukTmrgWUfoRqeDLHMGAeuHe1yONGyK5fWA1u+ -ABTsjVnh5nOQxUZaNc3dpMdUcrp+kVhjKDwMOhKNbfVoLWxchmU5VvrCoytRAX8i -4js2xOgnMk26cNB4dZsMg9cYH4Zr+nkfkjGljGXRSvexF8iBUc2Dv0scrtDh3ArI -aWk4eMyO5nRPIFWE6j5d+sAm1TF1hGMW33beYOTy5Iqm2l2inRoaxGdAz2ZFjF5S -xcjG7tT3+pG8WXPhJ0Tl41mPJKg79tY3F0uzSedtJ+J3q4uRKORFOdChtDbqHHT7 -mI0jT6rrGckXlncufvg19RiCnmP8vmZEyeuTZja6vBsV3pA7Uc/IWcWEXi9ip/om -grjX+68/ypghS571sFxrjQaNdqrO0fwMrJBZxhgelJKnykvoj2Y= -=wug0 ------END PGP SIGNATURE----- diff --git a/webkitgtk-2.46.4.tar.xz b/webkitgtk-2.46.4.tar.xz new file mode 100644 index 0000000..6421be3 --- /dev/null +++ b/webkitgtk-2.46.4.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0eff5f0ab0a2872ec87df62bc32e3289c8af625716ac71e94b298d74e0374176 +size 42899016 diff --git a/webkitgtk-2.46.4.tar.xz.asc b/webkitgtk-2.46.4.tar.xz.asc new file mode 100644 index 0000000..2652b07 --- /dev/null +++ b/webkitgtk-2.46.4.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmdG7mAACgkQbBAJtpOX +U5P4/BAAi8+ZqJCyHgj/hPnhCPFxAN8fn0nv3g7Af5SHF9wOd7gWPlcTo126EIYg +rDqVF/xTGLntJvyOcQFqAjxzJ/KTHopDs7O5qPzokB7w5eyAL4z6KLCEjsYXwGat +Y/n80Ns4ZRVukhE429dhBONyKyQ3IAP4tq6R3Q2lG4EzRdIPXSffY6VzYsRfTf0Z +HQ8ml5hmLADILIkFv2tiY5WNht7NommOzabGOnt6cuOY7qz7ZEFm/IJ6RRzKtqft +NbvLj5AscwGWQh3f2zJre5YCOxn/5goLf/b+EjwiOlG1ytqTfTV+elqd8P5dXNMb +5cojVPkyjRWf9MkQO5T1Nfof2S524m7JAemffxXAtXBhIEgu10XAJsxjPXse1vtV +mdNgpgebbfjIc8j65DJEA0e5npAalZO0YO6YKbyf6IN149iH4p3d2MJmPDInctu/ +YDqJYbn6dtbC1xPKbE3MYXW3rlU1YWZXslxcp/OLMg2qJ+wCdDU2MK7FNzvOj8FK +5YZrsoZYsP/N8RjGWgY+H22IhIiT7cigcUsnjWP9VHWQmr6WGVmOLyCcJgDO3VFV +9cNLB0acuesksT4wyECGg5lsgqWPp//5PNOqtMMQO97MIYUt7/oR+A1vxx3AZHGr +1XNeHleX0o5DxWhHk9s/DHWF/v1RKJVITaO+v70zUyKMz+hORmQ= +=WURb +-----END PGP SIGNATURE-----