I wasn't able to take this patch because it too failed during do_patch at build time. Please submit a v2 with this corrected.
I was able to take the other patches in this series though, so you only need to submit v2 for the two that I wasn't able to take. Steve On Fri, Jun 9, 2023 at 4:09 AM Urade, Yogita via lists.openembedded.org <[email protected]> wrote: > > The issue was addressed with improved memory handling. > This issue is fixed in macOS Ventura 13.2, macOS Monterey > 12.6.3, tvOS 16.3, Safari 16.3, watchOS 9.3, iOS 16.3 and > iPadOS 16.3, macOS Big Sur 11.7.3. Processing maliciously > crafted web content may lead to arbitrary code execution. > > References: > https://nvd.nist.gov/vuln/detail/CVE-2023-23517 > https://support.apple.com/en-us/HT213638 > https://bugs.webkit.org/show_bug.cgi?id=248268 > https://github.com/WebKit/WebKit/pull/6756 > > Signed-off-by: Yogita Urade <[email protected]> > --- > .../CVE-2023-23517-CVE-2023-23518.patch | 131 ++++++++++++++++++ > meta/recipes-sato/webkit/webkitgtk_2.36.8.bb | 1 + > 2 files changed, 132 insertions(+) > create mode 100644 > meta/recipes-sato/webkit/webkitgtk/CVE-2023-23517-CVE-2023-23518.patch > > diff --git > a/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23517-CVE-2023-23518.patch > b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23517-CVE-2023-23518.patch > new file mode 100644 > index 0000000000..721f045e0d > --- /dev/null > +++ b/meta/recipes-sato/webkit/webkitgtk/CVE-2023-23517-CVE-2023-23518.patch > @@ -0,0 +1,131 @@ > +From f44648f07471b6c34f61993baa8997f7519a18a1 Mon Sep 17 00:00:00 2001 > +From: Youenn Fablet <[email protected]> > +Date: Mon, 28 Nov 2022 00:43:35 -0800 > +Subject: [PATCH] Type getter is not needed for internal ReadableStream > sources > + https://bugs.webkit.org/show_bug.cgi?id=248268 rdar://102338913 > + > +Reviewed by Eric Carlson. > + > +Make ReadableStreamSource method privates. > +In ReadableStream, use @getters instead of private getters to allow getting > private values from prototype. > +Covered by added test. > + > +* LayoutTests/http/wpt/fetch/fetch-stream-source-expected.txt: Added. > +* LayoutTests/http/wpt/fetch/fetch-stream-source.html: Added. > +* Source/WebCore/Modules/streams/ReadableStream.js: > +(initializeReadableStream): > +* Source/WebCore/Modules/streams/ReadableStreamSource.idl: > +* Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h: > +(WebCore::IDLOperationReturningPromise::call): > + > +Canonical link: https://commits.webkit.org/257063@main > + > +CVE: CVE-2023-23517 CVE-2023-23518 > + > +Upstream-Status: Backport > +[https://github.com/WebKit/WebKit/commit/f44648f07471b6c34f61993baa8997f7519a18a1] > + > +Signed-off-by: Yogita Urade <[email protected]> > +--- > + .../fetch/fetch-stream-source-expected.txt | 3 +++ > + .../http/wpt/fetch/fetch-stream-source.html | 24 +++++++++++++++++++ > + .../WebCore/Modules/streams/ReadableStream.js | 4 ++-- > + .../Modules/streams/ReadableStreamSource.idl | 8 +++---- > + .../js/JSDOMOperationReturningPromise.h | 4 +++- > + 5 files changed, 36 insertions(+), 7 deletions(-) > + create mode 100644 > LayoutTests/http/wpt/fetch/fetch-stream-source-expected.txt > + create mode 100644 LayoutTests/http/wpt/fetch/fetch-stream-source.html > + > +diff --git a/LayoutTests/http/wpt/fetch/fetch-stream-source-expected.txt > b/LayoutTests/http/wpt/fetch/fetch-stream-source-expected.txt > +new file mode 100644 > +index 000000000000..856ea8180ca2 > +--- /dev/null > ++++ b/LayoutTests/http/wpt/fetch/fetch-stream-source-expected.txt > +@@ -0,0 +1,3 @@ > ++ > ++PASS Only JS streams should check type > ++ > +diff --git a/LayoutTests/http/wpt/fetch/fetch-stream-source.html > b/LayoutTests/http/wpt/fetch/fetch-stream-source.html > +new file mode 100644 > +index 000000000000..fbebfa5e524f > +--- /dev/null > ++++ b/LayoutTests/http/wpt/fetch/fetch-stream-source.html > +@@ -0,0 +1,24 @@ > ++<!doctype html> > ++<html> > ++ <head> > ++ <meta charset="utf-8"> > ++ <title>Fetch and source</title> > ++ <script src="/resources/testharness.js"></script> > ++ <script src="/resources/testharnessreport.js"></script> > ++ </head> > ++ <body> > ++ <script> > ++promise_test(async () => { > ++ let counter = 0; > ++ Object.prototype.__defineGetter__("type", function() { > ++ counter++; > ++ }); > ++ > ++ const response = await fetch('/'); > ++ const fetchReadableStream = response.body; > ++ const [r1, r2] = fetchReadableStream.tee(); > ++ assert_equals(counter, 0); > ++}, "Only JS streams should check type"); > ++ </script> > ++ </body> > ++</html> > +diff --git a/Source/WebCore/Modules/streams/ReadableStream.js > b/Source/WebCore/Modules/streams/ReadableStream.js > +index ddef56ecd460..7f0def325d84 100644 > +--- a/Source/WebCore/Modules/streams/ReadableStream.js > ++++ b/Source/WebCore/Modules/streams/ReadableStream.js > +@@ -48,10 +48,10 @@ function initializeReadableStream(underlyingSource, > strategy) > + > + // FIXME: We should introduce > https://streams.spec.whatwg.org/#create-readable-stream. > + // For now, we emulate this with underlyingSource with private > properties. > +- if (@getByIdDirectPrivate(underlyingSource, "pull") !== @undefined) { > ++ if (underlyingSource.@pull !== @undefined) { > + const size = @getByIdDirectPrivate(strategy, "size"); > + const highWaterMark = @getByIdDirectPrivate(strategy, > "highWaterMark"); > +- @setupReadableStreamDefaultController(this, underlyingSource, size, > highWaterMark !== @undefined ? highWaterMark : 1, > @getByIdDirectPrivate(underlyingSource, "start"), > @getByIdDirectPrivate(underlyingSource, "pull"), > @getByIdDirectPrivate(underlyingSource, "cancel")); > ++ @setupReadableStreamDefaultController(this, underlyingSource, size, > highWaterMark !== @undefined ? highWaterMark : 1, underlyingSource.@start, > underlyingSource.@pull, underlyingSource.@cancel); > + return this; > + } > + > +diff --git a/Source/WebCore/Modules/streams/ReadableStreamSource.idl > b/Source/WebCore/Modules/streams/ReadableStreamSource.idl > +index cce9ea37ce80..ae7f1403b8ac 100644 > +--- a/Source/WebCore/Modules/streams/ReadableStreamSource.idl > ++++ b/Source/WebCore/Modules/streams/ReadableStreamSource.idl > +@@ -30,10 +30,10 @@ > + LegacyNoInterfaceObject, > + SkipVTableValidation > + ] interface ReadableStreamSource { > +- [Custom] Promise<undefined> start(ReadableStreamDefaultController > controller); > +- [Custom] Promise<undefined> pull(ReadableStreamDefaultController > controller); > +- undefined cancel(any reason); > ++ [Custom, PrivateIdentifier] Promise<undefined> > start(ReadableStreamDefaultController controller); > ++ [Custom, PrivateIdentifier] Promise<undefined> > pull(ReadableStreamDefaultController controller); > ++ [PrivateIdentifier] undefined cancel(any reason); > + > + // Place holder to keep the controller linked to the source. > +- [CachedAttribute, CustomGetter] readonly attribute any controller; > ++ [CachedAttribute, CustomGetter, PrivateIdentifier] readonly attribute > any controller; > + }; > +diff --git a/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h > b/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h > +index c4d1513ad5c4..1dda9d3834f7 100644 > +--- a/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h > ++++ b/Source/WebCore/bindings/js/JSDOMOperationReturningPromise.h > +@@ -43,8 +43,10 @@ public: > + if constexpr (shouldThrow != CastedThisErrorBehavior::Assert) { > + if (UNLIKELY(!thisObject)) > + return rejectPromiseWithThisTypeError(promise.get(), > JSClass::info()->className, operationName); > +- } else > ++ } else { > ++ UNUSED_PARAM(operationName); > + ASSERT(thisObject); > ++ } > + > + ASSERT_GC_OBJECT_INHERITS(thisObject, JSClass::info()); > + > +-- > +2.40.0 > diff --git a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > index cf1b8b2cc0..69663c1cb7 100644 > --- a/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > +++ b/meta/recipes-sato/webkit/webkitgtk_2.36.8.bb > @@ -21,6 +21,7 @@ SRC_URI = "https://www.webkitgtk.org/releases/${BP}.tar.xz \ > file://CVE-2022-46699.patch \ > file://CVE-2022-42867.patch \ > file://CVE-2022-42856.patch \ > + file://CVE-2023-23517-CVE-2023-23518.patch \ > " > SRC_URI[sha256sum] = > "0ad9fb6bf28308fe3889faf184bd179d13ac1b46835d2136edbab2c133d00437" > > -- > 2.40.0 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183113): https://lists.openembedded.org/g/openembedded-core/message/183113 Mute This Topic: https://lists.openembedded.org/mt/99429027/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
