Hi Yogita, Thanks for helping to fix CVEs!
Unfortunately I can't take this set of five patches in their current state. You have crafted each as an individual patch to the current kirkstone head. As a result, after I take the first patch the rest will not apply. In a case like this you should send a patch series, with each patch taking into account the previous patch. Regards, Steve On Tue, Jun 6, 2023 at 2:07 AM Urade, Yogita via lists.openembedded.org <[email protected]> wrote: > > A memory consumption issue was addressed with improved memory handling. This > issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and > iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously > crafted web content may lead to arbitrary code execution. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2022-46691 > https://support.apple.com/en-us/HT213531 > > Signed-off-by: Yogita Urade <[email protected]> > --- > .../webkit/webkitgtk/CVE-2022-46691.patch | 43 +++++++++++++++++++ > meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 + > 2 files changed, 44 insertions(+) > create mode 100644 meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch > > diff --git a/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch > b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch > new file mode 100644 > index 0000000000..ff9df40433 > --- /dev/null > +++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2022-46691.patch > @@ -0,0 +1,43 @@ > +From fd57a49d07c9c285780495344073350182fd7c7c Mon Sep 17 00:00:00 2001 > +From: Yijia Huang <[email protected]> > +Date: Mon, 10 Oct 2022 15:42:34 -0700 > +Subject: [PATCH] [JSC] Should model BigInt with side effects > + https://bugs.webkit.org/show_bug.cgi?id=246291 rdar://100494823 > + > +Reviewed by Yusuke Suzuki. > + > +Operations with two BigInt operands have side effects, > +which should not be hoisted from loops. > + > +* Source/JavaScriptCore/dfg/DFGClobberize.cpp: > +(JSC::DFG::doesWrites): > +* Source/JavaScriptCore/dfg/DFGClobberize.h: > +(JSC::DFG::clobberize): > + > +Canonical link: https://commits.webkit.org/255368@main > + > +CVE: CVE-2022-46691 > + > +Upstream-Status: Backport > +[https://github.com/WebKit/WebKit/commit/fd57a49d07c9c285780495344073350182fd7c7c] > + > +Signed-off-by: Yogita Urade <[email protected]> > +--- > + Source/JavaScriptCore/dfg/DFGClobberize.h | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/Source/JavaScriptCore/dfg/DFGClobberize.h > b/Source/JavaScriptCore/dfg/DFGClobberize.h > +index 0363ab20dcd8..4b1bcfea1fd7 100644 > +--- a/Source/JavaScriptCore/dfg/DFGClobberize.h > ++++ b/Source/JavaScriptCore/dfg/DFGClobberize.h > +@@ -811,6 +811,8 @@ void clobberize(Graph& graph, Node* node, const > ReadFunctor& read, const WriteFu > + case ValueBitRShift: > + // FIXME: this use of single-argument isBinaryUseKind would prevent > us from specializing (for example) for a HeapBigInt left-operand and a > BigInt32 right-operand. > + if (node->isBinaryUseKind(AnyBigIntUse) || > node->isBinaryUseKind(BigInt32Use) || node->isBinaryUseKind(HeapBigIntUse)) { > ++ read(World); > ++ write(SideState); > + def(PureValue(node)); > + return; > + } > +-- > +2.40.0 > diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > index 1dac4f5677..02258f84e4 100644 > --- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > +++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > @@ -17,6 +17,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \ > > file://0001-When-building-introspection-files-do-not-quote-CFLAG.patch \ > file://CVE-2022-32888.patch \ > file://CVE-2022-32923.patch \ > + file://CVE-2022-46691.patch \ > " > SRC_URI[sha256sum] = > "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437" > > -- > 2.40.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182440): https://lists.openembedded.org/g/openembedded-core/message/182440 Mute This Topic: https://lists.openembedded.org/mt/99361658/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
