From 1d1b06bb2abba3f4f58e37f1b4f52699325ef60c Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Wed, 18 Dec 2024 15:44:53 -0600 Subject: [PATCH] Update to 2.46.5 Resolves: RHEL-71437 --- .gitignore | 79 +------- CVE-2024-44309.patch | 320 ------------------------------- sources | 4 +- webkit2gtk3.spec | 16 +- websocket-connection-spans.patch | 25 --- 5 files changed, 9 insertions(+), 435 deletions(-) delete mode 100644 CVE-2024-44309.patch delete mode 100644 websocket-connection-spans.patch diff --git a/.gitignore b/.gitignore index c66a261..3f6d409 100644 --- a/.gitignore +++ b/.gitignore @@ -1,77 +1,2 @@ -/webkitgtk-2.19.5.tar.xz -/webkitgtk-2.19.6.tar.xz -/webkitgtk-2.19.90.tar.xz -/webkitgtk-2.19.91.tar.xz -/webkitgtk-2.19.92.tar.xz -/webkitgtk-2.20.0.tar.xz -/webkitgtk-2.20.1.tar.xz -/webkitgtk-2.20.2.tar.xz -/webkitgtk-2.20.3.tar.xz -/webkitgtk-2.22.0.tar.xz -/webkitgtk-2.22.1.tar.xz -/webkitgtk-2.22.2.tar.xz -/webkitgtk-2.22.3.tar.xz -/webkitgtk-2.22.5.tar.xz -/webkitgtk-2.22.6.tar.xz -/webkitgtk-2.24.2.tar.xz -/webkitgtk-2.24.3.tar.xz -/webkitgtk-2.24.4.tar.xz -/webkitgtk-2.28.2.tar.xz -/webkitgtk-2.28.4.tar.xz -/webkitgtk-2.30.1.tar.xz -/webkitgtk-2.30.2.tar.xz -/webkitgtk-2.30.3.tar.xz -/webkitgtk-2.30.4.tar.xz -/webkitgtk-2.32.0.tar.xz -/webkitgtk-2.32.1.tar.xz -/webkitgtk-2.32.2.tar.xz -/webkitgtk-2.32.3.tar.xz -/webkitgtk-2.32.4.tar.xz -/webkitgtk-2.34.4.tar.xz -/webkitgtk-2.34.4.tar.xz.asc -/webkitgtk-2.34.5.tar.xz -/webkitgtk-2.34.5.tar.xz.asc -/webkitgtk-2.34.6.tar.xz -/webkitgtk-2.34.6.tar.xz.asc -/webkitgtk-2.36.1.tar.xz -/webkitgtk-2.36.1.tar.xz.asc -/webkitgtk-2.36.2.tar.xz -/webkitgtk-2.36.2.tar.xz.asc -/webkitgtk-2.36.3.tar.xz -/webkitgtk-2.36.3.tar.xz.asc -/webkitgtk-2.36.4.tar.xz -/webkitgtk-2.36.4.tar.xz.asc -/webkitgtk-2.36.5.tar.xz -/webkitgtk-2.36.5.tar.xz.asc -/webkitgtk-2.36.6.tar.xz -/webkitgtk-2.36.6.tar.xz.asc -/webkitgtk-2.36.7.tar.xz -/webkitgtk-2.36.7.tar.xz.asc -/webkitgtk-2.38.1.tar.xz -/webkitgtk-2.38.1.tar.xz.asc -/webkitgtk-2.38.2.tar.xz -/webkitgtk-2.38.2.tar.xz.asc -/webkitgtk-2.38.3.tar.xz -/webkitgtk-2.38.3.tar.xz.asc -/webkitgtk-2.38.4.tar.xz -/webkitgtk-2.38.4.tar.xz.asc -/webkitgtk-2.38.5.tar.xz -/webkitgtk-2.38.5.tar.xz.asc -/webkitgtk-2.40.4.tar.xz -/webkitgtk-2.40.4.tar.xz.asc -/webkitgtk-2.40.5.tar.xz -/webkitgtk-2.40.5.tar.xz.asc -/webkitgtk-2.42.0.tar.xz -/webkitgtk-2.42.0.tar.xz.asc -/webkitgtk-2.42.1.tar.xz -/webkitgtk-2.42.1.tar.xz.asc -/webkitgtk-2.42.2.tar.xz -/webkitgtk-2.42.2.tar.xz.asc -/webkitgtk-2.42.3.tar.xz -/webkitgtk-2.42.3.tar.xz.asc -/webkitgtk-2.42.4.tar.xz.asc -/webkitgtk-2.42.4.tar.xz -/webkitgtk-2.42.5.tar.xz -/webkitgtk-2.42.5.tar.xz.asc -/webkitgtk-2.46.3.tar.xz -/webkitgtk-2.46.3.tar.xz.asc +/webkitgtk-*.tar.xz +/webkitgtk-*.tar.xz.asc diff --git a/CVE-2024-44309.patch b/CVE-2024-44309.patch deleted file mode 100644 index 10fed57..0000000 --- a/CVE-2024-44309.patch +++ /dev/null @@ -1,320 +0,0 @@ -From c52da7c313795d61665253f23c9f298005549c73 Mon Sep 17 00:00:00 2001 -From: Charlie Wolfe -Date: Thu, 14 Nov 2024 13:56:35 -0800 -Subject: [PATCH] Cherry-pick 60c387845715. - -Cherry-pick 2815b4e29829. rdar://139893250 - - Data Isolation bypass via attacker controlled firstPartyForCookies - https://bugs.webkit.org/show_bug.cgi?id=283095 - rdar://139818629 - - Reviewed by Matthew Finkel and Alex Christensen. - - `NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or - empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but - we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly - have about:blank set as their firstPartyForCookies, causing us to kill the WCP. - - This patch is a lower risk change that removes the unconditional cookie access for requests that have an - empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty - firstPartyForCookies. - - * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp: - (WebKit::NetworkConnectionToWebProcess::createSocketChannel): - (WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad): - (WebKit::NetworkConnectionToWebProcess::cookiesForDOM): - (WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM): - (WebKit::NetworkConnectionToWebProcess::cookiesEnabled): - (WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue): - (WebKit::NetworkConnectionToWebProcess::getRawCookies): - (WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync): - (WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync): - (WebKit::NetworkConnectionToWebProcess::domCookiesForHost): - (WebKit::NetworkConnectionToWebProcess::establishSWContextConnection): - * Source/WebKit/NetworkProcess/NetworkProcess.cpp: - (WebKit::NetworkProcess::allowsFirstPartyForCookies): - * Source/WebKit/NetworkProcess/NetworkProcess.h: - * Source/WebKit/NetworkProcess/NetworkSession.cpp: - (WebKit::NetworkSession::addAllowedFirstPartyForCookies): - * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp: - (WebKit::WebSWServerConnection::scheduleJobInServer): - * Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp: - (WebKit::WebSharedWorkerServerConnection::requestSharedWorker): - * Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm: - (EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)): - - Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch - -Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46 ---- - .../NetworkConnectionToWebProcess.cpp | 51 ++++++++++++++----- - .../WebKit/NetworkProcess/NetworkProcess.cpp | 37 +++++++------- - Source/WebKit/NetworkProcess/NetworkProcess.h | 5 +- - .../WebKit/NetworkProcess/NetworkSession.cpp | 2 +- - .../ServiceWorker/WebSWServerConnection.cpp | 2 +- - .../WebSharedWorkerServerConnection.cpp | 2 +- - .../Tests/WebKitCocoa/IPCTestingAPI.mm | 33 ++++++++++++ - 7 files changed, 96 insertions(+), 36 deletions(-) - -diff --git a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp -index a0ad3c628ec38..c13a96f0e796a 100644 ---- a/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp -+++ b/Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp -@@ -502,7 +502,7 @@ void NetworkConnectionToWebProcess::didReceiveInvalidMessage(IPC::Connection&, I - - void NetworkConnectionToWebProcess::createSocketChannel(const ResourceRequest& request, const String& protocol, WebSocketIdentifier identifier, WebPageProxyIdentifier webPageProxyID, std::optional frameID, std::optional pageID, const ClientOrigin& clientOrigin, bool hadMainFrameMainResourcePrivateRelayed, bool allowPrivacyProxy, OptionSet advancedPrivacyProtections, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::StoredCredentialsPolicy storedCredentialsPolicy) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies())); -+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, request.firstPartyForCookies()) != NetworkProcess::AllowCookieAccess::Terminate); - - ASSERT(!m_networkSocketChannels.contains(identifier)); - if (auto channel = NetworkSocketChannel::create(*this, m_sessionID, request, protocol, identifier, webPageProxyID, frameID, pageID, clientOrigin, hadMainFrameMainResourcePrivateRelayed, allowPrivacyProxy, advancedPrivacyProtections, shouldRelaxThirdPartyCookieBlocking, storedCredentialsPolicy)) -@@ -552,11 +552,11 @@ RefPtr NetworkConnectionToWebProcess::createFetchTask(Ne - - void NetworkConnectionToWebProcess::scheduleResourceLoad(NetworkResourceLoadParameters&& loadParameters, std::optional existingLoaderToResume) - { -- bool hasCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies()); -- if (UNLIKELY(!hasCookieAccess)) -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, loadParameters.request.firstPartyForCookies()); -+ if (UNLIKELY(allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow)) - RELEASE_LOG_ERROR(Loading, "scheduleResourceLoad: Web process does not have cookie access to url %" SENSITIVE_LOG_STRING " for request %" SENSITIVE_LOG_STRING, loadParameters.request.firstPartyForCookies().string().utf8().data(), loadParameters.request.url().string().utf8().data()); - -- MESSAGE_CHECK(hasCookieAccess); -+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); - - CONNECTION_RELEASE_LOG(Loading, "scheduleResourceLoad: (parentPID=%d, pageProxyID=%" PRIu64 ", webPageID=%" PRIu64 ", frameID=%" PRIu64 ", resourceID=%" PRIu64 ", existingLoaderToResume=%" PRIu64 ")", loadParameters.parentPID, loadParameters.webPageProxyID.toUInt64(), loadParameters.webPageID.toUInt64(), loadParameters.webFrameID.object().toUInt64(), loadParameters.identifier.toUInt64(), valueOrDefault(existingLoaderToResume).toUInt64()); - -@@ -785,7 +785,10 @@ void NetworkConnectionToWebProcess::registerURLSchemesAsCORSEnabled(Vector&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }, false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -802,7 +805,10 @@ void NetworkConnectionToWebProcess::cookiesForDOM(const URL& firstParty, const S - - void NetworkConnectionToWebProcess::setCookiesFromDOM(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, WebCore::FrameIdentifier frameID, PageIdentifier pageID, ApplyTrackingPrevention applyTrackingPrevention, const String& cookieString, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return; - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -823,7 +829,10 @@ void NetworkConnectionToWebProcess::cookiesEnabledSync(const URL& firstParty, co - - void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const URL& url, std::optional frameID, std::optional pageID, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(false)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler(false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) { -@@ -837,7 +846,10 @@ void NetworkConnectionToWebProcess::cookiesEnabled(const URL& firstParty, const - - void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ }, false)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ }, false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }, false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -848,7 +860,10 @@ void NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue(const URL& fir - - void NetworkConnectionToWebProcess::getRawCookies(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&&)>&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler({ })); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ })); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -877,7 +892,10 @@ void NetworkConnectionToWebProcess::deleteCookie(const URL& url, const String& c - - void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, IncludeSecureCookies includeSecureCookies, ApplyTrackingPrevention applyTrackingPrevention, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, WebCore::CookieStoreGetOptions&& options, CompletionHandler>&&)>&& completionHandler) - { -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty), completionHandler(std::nullopt)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(std::nullopt)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler(std::nullopt); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -894,7 +912,10 @@ void NetworkConnectionToWebProcess::cookiesForDOMAsync(const URL& firstParty, co - - void NetworkConnectionToWebProcess::setCookieFromDOMAsync(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, std::optional frameID, std::optional pageID, ApplyTrackingPrevention applyTrackingPrevention, WebCore::Cookie&& cookie, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking, CompletionHandler&& completionHandler) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty)); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, firstParty); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler(false)); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler(false); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -914,7 +935,10 @@ void NetworkConnectionToWebProcess::domCookiesForHost(const URL& url, Completion - { - auto host = url.host().toString(); - MESSAGE_CHECK_COMPLETION(HashSet::isValidValue(host), completionHandler({ })); -- MESSAGE_CHECK_COMPLETION(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url), completionHandler({ })); -+ auto allowCookieAccess = m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, url); -+ MESSAGE_CHECK_COMPLETION(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate, completionHandler({ })); -+ if (allowCookieAccess != NetworkProcess::AllowCookieAccess::Allow) -+ return completionHandler({ }); - - auto* networkStorageSession = storageSession(); - if (!networkStorageSession) -@@ -1423,7 +1447,8 @@ void NetworkConnectionToWebProcess::establishSWContextConnection(WebPageProxyIde - { - auto* session = networkSession(); - if (auto* swServer = session ? session->swServer() : nullptr) { -- MESSAGE_CHECK(session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain)); -+ auto allowCookieAccess = session->networkProcess().allowsFirstPartyForCookies(webProcessIdentifier(), registrableDomain); -+ MESSAGE_CHECK(allowCookieAccess != NetworkProcess::AllowCookieAccess::Terminate); - m_swContextConnection = makeUnique(*this, webPageProxyID, WTFMove(registrableDomain), serviceWorkerPageIdentifier, *swServer); - } - completionHandler(); -diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.cpp b/Source/WebKit/NetworkProcess/NetworkProcess.cpp -index db0437d3b70a2..8f637e6c85fd4 100644 ---- a/Source/WebKit/NetworkProcess/NetworkProcess.cpp -+++ b/Source/WebKit/NetworkProcess/NetworkProcess.cpp -@@ -458,48 +458,49 @@ void NetworkProcess::webProcessWillLoadWebArchive(WebCore::ProcessIdentifier pro - }).iterator->value.first = LoadedWebArchive::Yes; - } - --bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const URL& firstParty) -> AllowCookieAccess - { -- // FIXME: This should probably not be necessary. If about:blank is the first party for cookies, -- // we should set it to be the inherited origin then remove this exception. -- if (firstParty.isAboutBlank()) -- return true; -+ auto allowCookieAccess = allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty }); -+ if (allowCookieAccess == NetworkProcess::AllowCookieAccess::Terminate) { -+ // FIXME: This should probably not be necessary. If about:blank is the first party for cookies, -+ // we should set it to be the inherited origin then remove this exception. -+ if (firstParty.isAboutBlank()) -+ return AllowCookieAccess::Disallow; - -- if (firstParty.isNull()) -- return true; // FIXME: This shouldn't be allowed. -+ if (firstParty.isNull()) -+ return AllowCookieAccess::Disallow; // FIXME: This shouldn't be allowed. -+ } - -- return allowsFirstPartyForCookies(processIdentifier, RegistrableDomain { firstParty }); -+ return allowCookieAccess; - } - --bool NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -+auto NetworkProcess::allowsFirstPartyForCookies(WebCore::ProcessIdentifier processIdentifier, const RegistrableDomain& firstPartyDomain) -> AllowCookieAccess - { - // FIXME: This shouldn't be needed but it is hit sometimes at least with PDFs. -- if (firstPartyDomain.isEmpty()) -- return true; -- -+ auto terminateOrDisallow = firstPartyDomain.isEmpty() ? AllowCookieAccess::Disallow : AllowCookieAccess::Terminate; - if (!decltype(m_allowedFirstPartiesForCookies)::isValidKey(processIdentifier)) { - ASSERT_NOT_REACHED(); -- return false; -+ return terminateOrDisallow; - } - - auto iterator = m_allowedFirstPartiesForCookies.find(processIdentifier); - if (iterator == m_allowedFirstPartiesForCookies.end()) { - ASSERT_NOT_REACHED(); -- return false; -+ return terminateOrDisallow; - } - - if (iterator->value.first == LoadedWebArchive::Yes) -- return true; -+ return AllowCookieAccess::Allow; - - auto& set = iterator->value.second; - if (!std::remove_reference_t::isValidValue(firstPartyDomain)) { - ASSERT_NOT_REACHED(); -- return false; -+ return terminateOrDisallow; - } - - auto result = set.contains(firstPartyDomain); -- ASSERT(result); -- return result; -+ ASSERT(result || terminateOrDisallow == AllowCookieAccess::Disallow); -+ return result ? AllowCookieAccess::Allow : terminateOrDisallow; - } - - void NetworkProcess::addStorageSession(PAL::SessionID sessionID, const WebsiteDataStoreParameters& parameters) -diff --git a/Source/WebKit/NetworkProcess/NetworkProcess.h b/Source/WebKit/NetworkProcess/NetworkProcess.h -index 0897537e58476..54f19ab96ce47 100644 ---- a/Source/WebKit/NetworkProcess/NetworkProcess.h -+++ b/Source/WebKit/NetworkProcess/NetworkProcess.h -@@ -417,8 +417,9 @@ class NetworkProcess final : public AuxiliaryProcess, private DownloadManager::C - void deleteWebsiteDataForOrigin(PAL::SessionID, OptionSet, const WebCore::ClientOrigin&, CompletionHandler&&); - void deleteWebsiteDataForOrigins(PAL::SessionID, OptionSet, const Vector& origins, const Vector& cookieHostNames, const Vector& HSTSCacheHostnames, const Vector&, CompletionHandler&&); - -- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&); -- bool allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&); -+ enum class AllowCookieAccess : uint8_t { Disallow, Allow, Terminate }; -+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const URL&); -+ AllowCookieAccess allowsFirstPartyForCookies(WebCore::ProcessIdentifier, const RegistrableDomain&); - void addAllowedFirstPartyForCookies(WebCore::ProcessIdentifier, WebCore::RegistrableDomain&&, LoadedWebArchive, CompletionHandler&&); - void webProcessWillLoadWebArchive(WebCore::ProcessIdentifier); - -diff --git a/Source/WebKit/NetworkProcess/NetworkSession.cpp b/Source/WebKit/NetworkProcess/NetworkSession.cpp -index d3e9e8b4b64bc..2c5fb9ad6765e 100644 ---- a/Source/WebKit/NetworkProcess/NetworkSession.cpp -+++ b/Source/WebKit/NetworkProcess/NetworkSession.cpp -@@ -728,7 +728,7 @@ void NetworkSession::appBoundDomains(CompletionHandler requestingProcessIdentifier, WebCore::RegistrableDomain&& firstPartyForCookies) - { -- if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && !m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies)) { -+ if (requestingProcessIdentifier && (requestingProcessIdentifier != webProcessIdentifier) && m_networkProcess->allowsFirstPartyForCookies(requestingProcessIdentifier.value(), firstPartyForCookies) != NetworkProcess::AllowCookieAccess::Allow) { - ASSERT_NOT_REACHED(); - return; - } -diff --git a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp -index 72d67d9f98a2d..515f4597cf33f 100644 ---- a/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp -+++ b/Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp -@@ -344,7 +344,7 @@ void WebSWServerConnection::postMessageToServiceWorker(ServiceWorkerIdentifier d - - void WebSWServerConnection::scheduleJobInServer(ServiceWorkerJobData&& jobData) - { -- MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host()))); -+ MESSAGE_CHECK(networkProcess().allowsFirstPartyForCookies(identifier(), WebCore::RegistrableDomain::uncheckedCreateFromHost(jobData.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate); - - ASSERT(!jobData.scopeURL.isNull()); - if (jobData.scopeURL.isNull()) { -diff --git a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp -index 83affaaded38e..084bbdf8f8c55 100644 ---- a/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp -+++ b/Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp -@@ -79,7 +79,7 @@ NetworkSession* WebSharedWorkerServerConnection::session() - - void WebSharedWorkerServerConnection::requestSharedWorker(WebCore::SharedWorkerKey&& sharedWorkerKey, WebCore::SharedWorkerObjectIdentifier sharedWorkerObjectIdentifier, WebCore::TransferredMessagePort&& port, WebCore::WorkerOptions&& workerOptions) - { -- MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host()))); -+ MESSAGE_CHECK(m_networkProcess->allowsFirstPartyForCookies(m_webProcessIdentifier, WebCore::RegistrableDomain::uncheckedCreateFromHost(sharedWorkerKey.origin.topOrigin.host())) != NetworkProcess::AllowCookieAccess::Terminate); - MESSAGE_CHECK(sharedWorkerObjectIdentifier.processIdentifier() == m_webProcessIdentifier); - MESSAGE_CHECK(sharedWorkerKey.name == workerOptions.name); - CONNECTION_RELEASE_LOG("requestSharedWorker: sharedWorkerObjectIdentifier=%" PUBLIC_LOG_STRING, sharedWorkerObjectIdentifier.toString().utf8().data()); diff --git a/sources b/sources index 24c2c46..1c28627 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (webkitgtk-2.46.3.tar.xz) = efec6e92bbea3379cf3bd1aff7d91aee3f028dcd1bcfbe7120d5ded30ada1541469fc5cd7897cb375e03a55e59d268f915c2a35345a84192b14971ac4339719f -SHA512 (webkitgtk-2.46.3.tar.xz.asc) = bdd7c0b811869624d025988d1683a11701109038164bd8f373dbfe57d49d13a460775283e4448ebd5050c06d6ebdd0c7f59c4180cac0a7b01491d884cf77529a +SHA512 (webkitgtk-2.46.5.tar.xz) = 9a0eb018361d407f13b303f66babcdc9960075bf69b83cf2ee8f708e5396cfa9e0a720f77695aea216072392e0603c2dc8ad50e6d56f962d4a52e9cdadf38275 +SHA512 (webkitgtk-2.46.5.tar.xz.asc) = 8ce0ae006901da53dfa8e9132cb56a46db1f6edbdb254f0a77eb58e181cfca85f3f871d9bb471d39e6cacc44b3141a1cd56ae6d0ce39a8e501d1f665b8c51c6a diff --git a/webkit2gtk3.spec b/webkit2gtk3.spec index 7dc3556..b096a0e 100644 --- a/webkit2gtk3.spec +++ b/webkit2gtk3.spec @@ -9,8 +9,8 @@ # $ rhpkg build --target rhel-8.10.0-z-webkitgtk-stack-gate Name: webkit2gtk3 -Version: 2.46.3 -Release: 2%{?dist} +Version: 2.46.5 +Release: 1%{?dist} Summary: GTK Web content engine library License: LGPLv2 @@ -46,15 +46,6 @@ Patch204: icu60.patch Patch300: evolution-shared-secondary-process.patch Patch301: evolution-sandbox-warning.patch -## -## Patches that need to be upstreamed -## - -# https://bugs.webkit.org/show_bug.cgi?id=282645 -Patch400: websocket-connection-spans.patch -# https://bugs.webkit.org/show_bug.cgi?id=283095 -Patch401: CVE-2024-44309.patch - BuildRequires: bison BuildRequires: cmake BuildRequires: flex @@ -324,6 +315,9 @@ export NINJA_STATUS="[%f/%t][%e] " %{_datadir}/gir-1.0/JavaScriptCore-4.0.gir %changelog +* Wed Dec 18 2024 Michael Catanzaro - 2.46.5-1 +- Update to 2.46.5 + * Mon Nov 25 2024 Michael Catanzaro - 2.46.3-2 - Add patch for CVE-2024-44309 diff --git a/websocket-connection-spans.patch b/websocket-connection-spans.patch deleted file mode 100644 index e1c89c0..0000000 --- a/websocket-connection-spans.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp b/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp -index 1a0cd1de5078..8c4e0e378f11 100644 ---- a/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp -+++ b/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp -@@ -246,7 +246,7 @@ void WebSocketTask::sendString(std::span utf8, CompletionHandler< - GRefPtr bytes = adoptGRef(g_bytes_new_static(utf8.data(), utf8.size())); - soup_websocket_connection_send_message(m_connection.get(), SOUP_WEBSOCKET_DATA_TEXT, bytes.get()); - #else -- soup_websocket_connection_send_text(m_connection.get(), CString(reinterpret_cast(utf8.data()), utf8.size()).data()); -+ soup_websocket_connection_send_text(m_connection.get(), CString(utf8).data()); - #endif - } - callback(); -diff --git a/Source/WebKit/UIProcess/Inspector/glib/RemoteInspectorHTTPServer.cpp b/Source/WebKit/UIProcess/Inspector/glib/RemoteInspectorHTTPServer.cpp -index 89382a72d9c1..60f5fdedf0e0 100644 ---- a/Source/WebKit/UIProcess/Inspector/glib/RemoteInspectorHTTPServer.cpp -+++ b/Source/WebKit/UIProcess/Inspector/glib/RemoteInspectorHTTPServer.cpp -@@ -156,7 +156,7 @@ void RemoteInspectorHTTPServer::sendMessageToFrontend(uint64_t connectionID, uin - GRefPtr bytes = adoptGRef(g_bytes_new_static(utf8.data(), utf8.length())); - soup_websocket_connection_send_message(webSocketConnection, SOUP_WEBSOCKET_DATA_TEXT, bytes.get()); - #else -- soup_websocket_connection_send_text(webSocketConnection, CString(reinterpret_cast(utf8.data()), utf8.length()).data()); -+ soup_websocket_connection_send_text(webSocketConnection, CString(utf8).data()); - #endif - }