Compare commits

..

No commits in common. 'i9c-beta' and 'c9' have entirely different histories.
i9c-beta ... c9

2
.gitignore vendored

@ -1,2 +1,2 @@
SOURCES/webkitgtk-2.44.3.tar.xz
SOURCES/webkitgtk-2.46.3.tar.xz
SOURCES/webkitgtk-keys.gpg

@ -1,2 +1,2 @@
c9bcb2097d8f774b2c64ca650a4f8a6365ff54f6 SOURCES/webkitgtk-2.44.3.tar.xz
110e2c2ac964f207a8f2fecf6e2e61f0ed4bee00 SOURCES/webkitgtk-2.46.3.tar.xz
04b10b8a486542c4551269c20b18b5c1c6cb4f94 SOURCES/webkitgtk-keys.gpg

@ -0,0 +1,320 @@
From c52da7c313795d61665253f23c9f298005549c73 Mon Sep 17 00:00:00 2001
From: Charlie Wolfe <charliew@apple.com>
Date: Thu, 14 Nov 2024 13:56:35 -0800
Subject: [PATCH] Cherry-pick 60c387845715.
Cherry-pick 2815b4e29829. rdar://139893250
Data Isolation bypass via attacker controlled firstPartyForCookies
https://bugs.webkit.org/show_bug.cgi?id=283095
rdar://139818629
Reviewed by Matthew Finkel and Alex Christensen.
`NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or
empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but
we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly
have about:blank set as their firstPartyForCookies, causing us to kill the WCP.
This patch is a lower risk change that removes the unconditional cookie access for requests that have an
empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty
firstPartyForCookies.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
(WebKit::NetworkConnectionToWebProcess::getRawCookies):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
(WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
(WebKit::NetworkConnectionToWebProcess::establishSWContextConnection):
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::allowsFirstPartyForCookies):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::addAllowedFirstPartyForCookies):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::scheduleJobInServer):
* Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp:
(WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
(EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)):
Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch
Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46
---
.../NetworkConnectionToWebProcess.cpp | 51 ++++++++++++++-----
.../WebKit/NetworkProcess/NetworkProcess.cpp | 37 +++++++-------
Source/WebKit/NetworkProcess/NetworkProcess.h | 5 +-
.../WebKit/NetworkProcess/NetworkSession.cpp | 2 +-
.../ServiceWorker/WebSWServerConnection.cpp | 2 +-
.../WebSharedWorkerServerConnection.cpp | 2 +-
.../Tests/WebKitCocoa/IPCTestingAPI.mm | 33 ++++++++++++
7 files changed, 96 insertions(+), 36 deletions(-)
diff --git a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
index a0ad3c628ec38..c13a96f0e796a 100644
--- a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
@@ -502,7 +502,7 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I
void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet<AdvancedPrivacyProtections> advancedPrivacyProtections, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()));
+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()) != NetworkProcess::AllowCookieAccess::Terminate);
ASSERT(!m_networkSocketChannels.contains(identifier));
if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, advancedPrivacyProtections, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy))
@@ -552,11 +552,11 @@ RefPtr<ServiceWorkerFetchTask> NetworkConnectionToWebProcess::createFetchTask(Ne
void NetworkConnectionToWebProcess::scheduleResourceLoad(NetworkResourceLoadParameters&& loadParameters, std::optional<NetworkResourceLoadIdentifier> existingLoaderToResume)
{
- bool hasCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies());
- if (UNLIKELY(!hasCookieAccess))
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies());
+ if (UNLIKELY(allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow))
RELEASE_LOG_ERROR(Loading, "scheduleResourceLoad: Web process does not have cookie access to url %" SENSITIVE_LOG_STRING " for request %" SENSITIVE_LOG_STRING, loadParameters.request.firstPartyForCookies().string().utf8().data(), loadParameters.request.url().string().utf8().data());
- MESSAGE_CHECK(hasCookieAccess);
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
CONNECTION_RELEASE_LOG(Loading, "scheduleResourceLoad: (parentPID=%d, pageProxyID=%" PRIu64 ", webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 ", existingLoaderToResume=%" PRIu64 ")", loadParameters.parentPID, loadParameters.webPageProxyID.toUInt64(), loadParameters.webPageID.toUInt64(), loadParameters.webFrameID.object().toUInt64(), loadParameters.identifier.toUInt64(), valueOrDefault(existingLoaderToResume).toUInt64());
@@ -785,7 +785,10 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector<Strin
void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, FrameIdentifier frameID, PageIdentifier pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String cookieString, bool secureCookiesAccessed)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ }, false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -802,7 +805,10 @@ void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const S
void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, WebCore::FrameIdentifier frameID, PageIdentifier pageID, ApplyTrackingPrevention applyTrackingPrevention, const String& cookieString, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return;
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -823,7 +829,10 @@ void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, co
void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler(false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession) {
@@ -837,7 +846,10 @@ void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const
void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(String, bool)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ }, false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -848,7 +860,10 @@ void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& fir
void NetworkConnectionToWebProcess::getRawCookies(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<FrameIdentifier> frameID, std::optional<PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(Vector<WebCore::Cookie>&&)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ });
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -877,7 +892,10 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c
void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&& options, CompletionHandler<void(std::optional<Vector<WebCore::Cookie>>&&)>&& completionHandler)
{
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(std::nullopt));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(std::nullopt));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler(std::nullopt);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -894,7 +912,10 @@ void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, co
void NetworkConnectionToWebProcess::setCookieFromDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional<WebCore::FrameIdentifier> frameID, std::optional<WebCore::PageIdentifier> pageID, ApplyTrackingPrevention applyTrackingPrevention, WebCore::Cookie&& cookie, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler<void(bool)>&& completionHandler)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler(false);
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -914,7 +935,10 @@ void NetworkConnectionToWebProcess::domCookiesForHost(const URL& url, Completion
{
auto host = url.host().toString();
MESSAGE_CHECK_COMPLETION(HashSet<String>::isValidValue(host), completionHandler({ }));
- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url), completionHandler({ }));
+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url);
+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }));
+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)
+ return completionHandler({ });
auto* networkStorageSession = storageSession();
if (!networkStorageSession)
@@ -1423,7 +1447,8 @@ void NetworkConnectionToWebProcess::establishSWContextConnection(WebPageProxyIde
{
auto* session = networkSession();
if (auto* swServer = session ? session->swServer() : nullptr) {
- MESSAGE_CHECK(session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain));
+ auto allowCookieAccess = session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain);
+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate);
m_swContextConnection = makeUnique<WebSWServerToContextConnection>(*this, webPageProxyID, WTFMove(registrableDomain), serviceWorkerPageIdentifier, *swServer);
}
completionHandler();
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
index db0437d3b70a2..8f637e6c85fd4 100644
--- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp
@@ -458,48 +458,49 @@ void NetworkProcess::webProcessWillLoadWebArchive(WebCore::ProcessIdentifier pro
}).iterator->value.first = LoadedWebArchive::Yes;
}
-bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty)
+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -> AllowCookieAccess
{
- // FIXME: This should probably not be necessary. If about:blank is the first party for cookies,
- // we should set it to be the inherited origin then remove this exception.
- if (firstParty.isAboutBlank())
- return true;
+ auto allowCookieAccess = allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty });
+ if (allowCookieAccess == NetworkProcess::AllowCookieAccess::Terminate) {
+ // FIXME: This should probably not be necessary. If about:blank is the first party for cookies,
+ // we should set it to be the inherited origin then remove this exception.
+ if (firstParty.isAboutBlank())
+ return AllowCookieAccess::Disallow;
- if (firstParty.isNull())
- return true; // FIXME: This shouldn't be allowed.
+ if (firstParty.isNull())
+ return AllowCookieAccess::Disallow; // FIXME: This shouldn't be allowed.
+ }
- return allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty });
+ return allowCookieAccess;
}
-bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain)
+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -> AllowCookieAccess
{
// FIXME: This shouldn't be needed but it is hit sometimes at least with PDFs.
- if (firstPartyDomain.isEmpty())
- return true;
-
+ auto terminateOrDisallow = firstPartyDomain.isEmpty() ? AllowCookieAccess::Disallow : AllowCookieAccess::Terminate;
if (!decltype(m_allowedFirstPartiesForCookies)::isValidKey(processIdentifier)) {
ASSERT_NOT_REACHED();
- return false;
+ return terminateOrDisallow;
}
auto iterator = m_allowedFirstPartiesForCookies.find(processIdentifier);
if (iterator == m_allowedFirstPartiesForCookies.end()) {
ASSERT_NOT_REACHED();
- return false;
+ return terminateOrDisallow;
}
if (iterator->value.first == LoadedWebArchive::Yes)
- return true;
+ return AllowCookieAccess::Allow;
auto& set = iterator->value.second;
if (!std::remove_reference_t<decltype(set)>::isValidValue(firstPartyDomain)) {
ASSERT_NOT_REACHED();
- return false;
+ return terminateOrDisallow;
}
auto result = set.contains(firstPartyDomain);
- ASSERT(result);
- return result;
+ ASSERT(result || terminateOrDisallow == AllowCookieAccess::Disallow);
+ return result ? AllowCookieAccess::Allow : terminateOrDisallow;
}
void NetworkProcess::addStorageSession(PAL::SessionID sessionID, const WebsiteDataStoreParameters& parameters)
diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h
index 0897537e58476..54f19ab96ce47 100644
--- a/Source/WebKit/NetworkProcess/NetworkProcess.h
+++ b/Source/WebKit/NetworkProcess/NetworkProcess.h
@@ -417,8 +417,9 @@ class NetworkProcess final : public AuxiliaryProcess, private DownloadManager::C
void deleteWebsiteDataForOrigin(PAL::SessionID, OptionSet<WebsiteDataType>, const WebCore::ClientOrigin&, CompletionHandler<void()>&&);
void deleteWebsiteDataForOrigins(PAL::SessionID, OptionSet<WebsiteDataType>, const Vector<WebCore::SecurityOriginData>& origins, const Vector<String>& cookieHostNames, const Vector<String>& HSTSCacheHostnames, const Vector<RegistrableDomain>&, CompletionHandler<void()>&&);
- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&);
- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&);
+ enum class AllowCookieAccess : uint8_t { Disallow, Allow, Terminate };
+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&);
+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&);
void addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier, WebCore::RegistrableDomain&&, LoadedWebArchive, CompletionHandler<void()>&&);
void webProcessWillLoadWebArchive(WebCore::ProcessIdentifier);
diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp
index d3e9e8b4b64bc..2c5fb9ad6765e 100644
--- a/Source/WebKit/NetworkProcess/NetworkSession.cpp
+++ b/Source/WebKit/NetworkProcess/NetworkSession.cpp
@@ -728,7 +728,7 @@ void NetworkSession::appBoundDomains(CompletionHandler<void(HashSet<WebCore::Reg
void NetworkSession::addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier webProcessIdentifier, std::optional<WebCore::ProcessIdentifier> requestingProcessIdentifier, WebCore::RegistrableDomain&& firstPartyForCookies)
{
- if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && !m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies)) {
+ if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies) != NetworkProcess::AllowCookieAccess::Allow) {
ASSERT_NOT_REACHED();
return;
}
diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
index 72d67d9f98a2d..515f4597cf33f 100644
--- a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
+++ b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
@@ -344,7 +344,7 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d
void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData)
{
- MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())));
+ MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate);
ASSERT(!jobData.scopeURL.isNull());
if (jobData.scopeURL.isNull()) {
diff --git a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
index 83affaaded38e..084bbdf8f8c55 100644
--- a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
+++ b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
@@ -79,7 +79,7 @@ NetworkSession* WebSharedWorkerServerConnection::session()
void WebSharedWorkerServerConnection::requestSharedWorker(WebCore::SharedWorkerKey&& sharedWorkerKey, WebCore::SharedWorkerObjectIdentifier sharedWorkerObjectIdentifier, WebCore::TransferredMessagePort&& port, WebCore::WorkerOptions&& workerOptions)
{
- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())));
+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate);
MESSAGE_CHECK(sharedWorkerObjectIdentifier.processIdentifier() == m_webProcessIdentifier);
MESSAGE_CHECK(sharedWorkerKey.name == workerOptions.name);
CONNECTION_RELEASE_LOG("requestSharedWorker: sharedWorkerObjectIdentifier=%" PUBLIC_LOG_STRING, sharedWorkerObjectIdentifier.toString().utf8().data());

@ -0,0 +1,14 @@
diff --git a/Source/WebKit/UIProcess/glib/WebProcessPoolGLib.cpp b/Source/WebKit/UIProcess/glib/WebProcessPoolGLib.cpp
index a2f3b582dcc5..1faf219c2adb 100644
--- a/Source/WebKit/UIProcess/glib/WebProcessPoolGLib.cpp
+++ b/Source/WebKit/UIProcess/glib/WebProcessPoolGLib.cpp
@@ -91,7 +91,8 @@ void WebProcessPool::platformInitialize(NeedsGlobalStaticInitialization)
else {
static bool once = false;
if (!once) {
- g_warning("WEBKIT_FORCE_SANDBOX no longer allows disabling the sandbox. Use WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 instead.");
+ if (g_strcmp0(g_get_prgname(), "evolution"))
+ g_warning("WEBKIT_FORCE_SANDBOX no longer allows disabling the sandbox. Use WEBKIT_DISABLE_SANDBOX_THIS_IS_DANGEROUS=1 instead.");
once = true;
}
}

@ -1,48 +0,0 @@
From 9140ce712aa87091613874d802787ab476be0e39 Mon Sep 17 00:00:00 2001
From: Michael Catanzaro <mcatanzaro@redhat.com>
Date: Wed, 14 Aug 2024 14:58:05 -0500
Subject: [PATCH] Revert "Cherry-pick 272448.770@safari-7618-branch
(6d311cd7fefc). https://bugs.webkit.org/show_bug.cgi?id=271175"
https://bugs.webkit.org/show_bug.cgi?id=278113
This reverts commit 279c9d7963182cc35cf4e0bfebe87df2d83eaef8.
This broke wasm, and I don't know how to fix it.
Canonical link: https://commits.webkit.org/274313.373@webkitglib/2.44
---
.../stress/many-calls-results-on-stack.js | 39 -------------------
Source/JavaScriptCore/wasm/WasmBBQJIT.cpp | 19 ---------
2 files changed, 58 deletions(-)
delete mode 100644 JSTests/wasm/stress/many-calls-results-on-stack.js
diff --git a/Source/JavaScriptCore/wasm/WasmBBQJIT.cpp b/Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
index 9049865e8ce7..3f142cf5e90f 100644
--- a/Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
+++ b/Source/JavaScriptCore/wasm/WasmBBQJIT.cpp
@@ -3958,25 +3958,6 @@ void BBQJIT::returnValuesFromCall(Vector<Value, N>& results, const FunctionSigna
ASSERT(m_validFPRs.contains(returnLocation.asFPR(), Width::Width128));
m_fprSet.add(returnLocation.asFPR(), Width::Width128);
}
- } else {
- ASSERT(returnLocation.isStackArgument());
- // FIXME: Ideally, we would leave these values where they are but a subsequent call could clobber them before they are used.
- // That said, stack results are very rare so this isn't too painful.
- // Even if we did leave them where they are, we'd need to flush them to their canonical location at the next branch otherwise
- // we could have something like (assume no result regs for simplicity):
- // call (result i32 i32) $foo
- // if (result i32) // Stack: i32(StackArgument:8) i32(StackArgument:0)
- // // Stack: i32(StackArgument:8)
- // else
- // call (result i32 i32) $bar // Stack: i32(StackArgument:8) we have to flush the stack argument to make room for the result of bar
- // drop // Stack: i32(Stack:X) i32(StackArgument:8) i32(StackArgument:0)
- // drop // Stack: i32(Stack:X) i32(StackArgument:8)
- // end
- // return // Stack i32(*Conflicting locations*)
-
- Location canonicalLocation = canonicalSlot(result);
- emitMoveMemory(result.type(), returnLocation, canonicalLocation);
- returnLocation = canonicalLocation;
}
}
bind(result, returnLocation);

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAma7BpQACgkQbBAJtpOX
U5PeIxAAhv6cl4WsiFyPuNQdzik1GdxtSuFxpBW9SokOxFPn4zW/sMIkke20q1et
RhGwKskkuOEgavV/2grC07d8peFbsse6zTeerZECRaB+Saj7ZOWoZQoDbCTxWjzi
yoxsziwIJA4LDdhqxV8TRSCl3bLy+uFQkUfNX1JJot9bMze+9lUjxJ/hAglCUjP8
WIJdQ1mE+cJguBHJMfdZbDINLywRjesaLXAvTCmpnn3mn0GXMbCQM+W+GCybwhMB
1dl8eFEfcvAhUe85mHJNW3WmYRzvquTMuFuLzU8b1U1/6+LQc+IOXAZEpkP9ztSn
VItLwPnHJ/4g5KY+gUonMxZ1LMhTwiu/ga41Yez0sZftkC6tgIPIldaTY/tjeNLh
C5GnMSyRTJ7d2ywLJSdzCIGkwhOJ7oHArGxbpzCWft3rrU8SbvQd3dGOMip1iniN
ewdMyoqZQgzN51BRUklhjoBCaUkcVbgYr6qfLZiU42kR4RWgrTx/s//naCM4peQe
8vGeRlF9zpsGw3ivCJBNjqk9SrqcPQ2i52lgKs28DkVy13duuQwKEMa+/Tv7eH60
wNdKSRjeA81DLZkuyX5yJOEJ1pru1HiS4sdP112dPb1HajVhOehZJc7a8b9ohOH5
go2lIxnJjZOXRHM/JwtTcLKsnfna1m6yzNGdOHNcLKPJodHcpXY=
=jHOh
-----END PGP SIGNATURE-----

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEAToBJ6ycZbNP+mJSbBAJtpOXU5MFAmciLBQACgkQbBAJtpOX
U5MFsBAAqwUuPEkirbQXxESAu8nJKUG3RVa4y3c1NaTRETW19cy/32KeiBlxbWW5
UKF2gKlu5B+mJn9f0hebYBUkqr6HdWO1JnBz3XNXZ7dNObTWlN9g4T6tlqsxAdsk
B04ddWFQKYQJ4pMLjlxVFkFXQ0vh9UywBwUyGXrqg9yo2OcSGpsqdujyZfdlWrHc
0kDLow9SYM5XhkzFoQxKlYsVg1vhzpTxDuv39JqVTGHlX8pEplpCsrMwpVQ+89aP
zv64u/xnPAEsN4wGeB0QyH6H0llukTmrgWUfoRqeDLHMGAeuHe1yONGyK5fWA1u+
ABTsjVnh5nOQxUZaNc3dpMdUcrp+kVhjKDwMOhKNbfVoLWxchmU5VvrCoytRAX8i
4js2xOgnMk26cNB4dZsMg9cYH4Zr+nkfkjGljGXRSvexF8iBUc2Dv0scrtDh3ArI
aWk4eMyO5nRPIFWE6j5d+sAm1TF1hGMW33beYOTy5Iqm2l2inRoaxGdAz2ZFjF5S
xcjG7tT3+pG8WXPhJ0Tl41mPJKg79tY3F0uzSedtJ+J3q4uRKORFOdChtDbqHHT7
mI0jT6rrGckXlncufvg19RiCnmP8vmZEyeuTZja6vBsV3pA7Uc/IWcWEXi9ip/om
grjX+68/ypghS571sFxrjQaNdqrO0fwMrJBZxhgelJKnykvoj2Y=
=wug0
-----END PGP SIGNATURE-----

@ -10,8 +10,17 @@
%global with_gamepad 1
%endif
# FIXME: Clang is preferred: https://skia.org/docs/user/build/#supported-and-preferred-compilers
# But Clang toolchain is broken on i686: https://issues.redhat.com/browse/RHEL-59586
# So, for now we'll use GCC instead.
# We run out of memory if building with LTO enabled on i686.
%ifarch %{ix86}
%global _lto_cflags %{nil}
%endif
Name: webkit2gtk3
Version: 2.44.3
Version: 2.46.3
Release: 2%{?dist}
Summary: GTK Web content engine library
@ -24,8 +33,11 @@ Source1: https://webkitgtk.org/releases/webkitgtk-%{version}.tar.xz.asc
# $ gpg --export --export-options export-minimal 013A0127AC9C65B34FFA62526C1009B693975393 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B > webkitgtk-keys.gpg
Source2: webkitgtk-keys.gpg
# https://bugs.webkit.org/show_bug.cgi?id=278113
Patch0: fix-wasm.patch
# Don't print warning about Evolution's use of WEBKIT_FORCE_SANDBOX
Patch: evolution-sandbox-warning.patch
# https://bugs.webkit.org/show_bug.cgi?id=283095
Patch: CVE-2024-44309.patch
BuildRequires: bison
BuildRequires: bubblewrap
@ -86,6 +98,7 @@ BuildRequires: pkgconfig(libxslt)
BuildRequires: pkgconfig(manette-0.2)
%endif
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(sysprof-capture-4)
BuildRequires: pkgconfig(upower-glib)
BuildRequires: pkgconfig(wayland-client)
BuildRequires: pkgconfig(wayland-egl)
@ -131,6 +144,8 @@ Provides: webkit2gtk3-doc = %{version}-%{release}
# We're supposed to specify versions here, but these libraries don't do
# normal releases. Accordingly, they're not suitable to be system libs.
Provides: bundled(angle)
Provides: bundled(pdfjs)
Provides: bundled(skia)
Provides: bundled(xdgmime)
# Require the jsc subpackage
@ -161,6 +176,8 @@ files for developing applications that use %{name}.
Summary: JavaScript engine from %{name}
Obsoletes: webkitgtk4-jsc < %{version}-%{release}
Provides: webkitgtk4-jsc = %{version}-%{release}
Provides: bundled(simde)
Provides: bundled(simdutf)
%description jsc
This package contains JavaScript engine from %{name}.
@ -297,6 +314,24 @@ export NINJA_STATUS="[%f/%t][%e] "
%{_datadir}/gir-1.0/JavaScriptCore-4.0.gir
%changelog
* Mon Nov 25 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.3-2
- Add patch for CVE-2024-44309
* Wed Oct 30 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.3-1
- Update to 2.46.3
* Mon Oct 21 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.2-1
- Update to 2.46.2
- Add patch to disable Evolution sandbox warning
* Thu Oct 10 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.1-2
- Add patch to keep GSocketMonitor callback alive
Resolves: RHEL-59185
* Tue Oct 8 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.46.1-1
- Update to 2.46.1
Resolves: RHEL-59185
* Thu Aug 15 2024 Michael Catanzaro <mcatanzaro@redhat.com> - 2.44.3-2
- Add patch to fix WebAssembly
Resolves: RHEL-32578
@ -363,9 +398,6 @@ export NINJA_STATUS="[%f/%t][%e] "
- Upgrade to 2.40.1
Resolves: #2176270
* Fri Apr 14 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.38.5-1
- Rebuilt for MSVSphere 9.2 beta
* Wed Feb 15 2023 Michael Catanzaro <mcatanzaro@redhat.com> - 2.38.5-1
- Update to 2.38.5
Related: #2127467

Loading…
Cancel
Save