[webkit-changes] [WebKit/WebKit] a08541: Cherry-pick 285831@main (9afb773813fd). https://bu...

Mon, 25 Nov 2024 08:35:09 -0800 

  Branch: refs/heads/webkitglib/2.46
  Home:   https://github.com/WebKit/WebKit
  Commit: a08541158b104d363880f9996bbf0659e10585b5
      
https://github.com/WebKit/WebKit/commit/a08541158b104d363880f9996bbf0659e10585b5
  Author: Michael Catanzaro <[email protected]>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py

  Log Message:
  -----------
  Cherry-pick 285831@main (9afb773813fd). 
https://bugs.webkit.org/show_bug.cgi?id=282197

    Update autoinstalled cffi
    https://bugs.webkit.org/show_bug.cgi?id=282197

    Reviewed by Sam Sneddon.

    * Tools/Scripts/libraries/webkitcorepy/webkitcorepy/__init__.py:

    Canonical link: https://commits.webkit.org/285831@main

Canonical link: https://commits.webkit.org/282416.293@webkitglib/2.46


  Commit: c52da7c313795d61665253f23c9f298005549c73
      
https://github.com/WebKit/WebKit/commit/c52da7c313795d61665253f23c9f298005549c73
  Author: Charlie Wolfe <[email protected]>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkSession.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
    M 
Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm

  Log Message:
  -----------
  Cherry-pick 60c387845715. https://bugs.webkit.org/show_bug.cgi?id=282197

Cherry-pick 2815b4e29829. rdar://139893250

    Data Isolation bypass via attacker controlled firstPartyForCookies
    https://bugs.webkit.org/show_bug.cgi?id=283095
    rdar://139818629

    Reviewed by Matthew Finkel and Alex Christensen.

    `NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie 
access for about:blank or
    empty firstPartyForCookies URLs. We tried to remove this in 
rdar://105733798 and rdar://107270673, but
    we needed to revert both because there were rare and subtle bugs where 
certain requests would incorrectly
    have about:blank set as their firstPartyForCookies, causing us to kill the 
WCP.

    This patch is a lower risk change that removes the unconditional cookie 
access for requests that have an
    empty firstPartyForCookies, but will not kill the WCP that is incorrectly 
sending an empty
    firstPartyForCookies.

    * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
    (WebKit::NetworkConnectionToWebProcess::createSocketChannel):
    (WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
    (WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
    (WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
    (WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
    (WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
    (WebKit::NetworkConnectionToWebProcess::getRawCookies):
    (WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
    (WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
    (WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
    (WebKit::NetworkConnectionToWebProcess::establishSWContextConnection):
    * Source/WebKit/NetworkProcess/NetworkProcess.cpp:
    (WebKit::NetworkProcess::allowsFirstPartyForCookies):
    * Source/WebKit/NetworkProcess/NetworkProcess.h:
    * Source/WebKit/NetworkProcess/NetworkSession.cpp:
    (WebKit::NetworkSession::addAllowedFirstPartyForCookies):
    * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
    (WebKit::WebSWServerConnection::scheduleJobInServer):
    * 
Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp:
    (WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
    (EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)):

    Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch

Canonical link: https://commits.webkit.org/282416.294@webkitglib/2.46


  Commit: 53e7f27d262249310bd6b7ad452e7df334c92b7d
      
https://github.com/WebKit/WebKit/commit/53e7f27d262249310bd6b7ad452e7df334c92b7d
  Author: Daniel Liu <[email protected]>
  Date:   2024-11-25 (Mon, 25 Nov 2024)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

  Log Message:
  -----------
  Cherry-pick ded4d02c0a93. https://bugs.webkit.org/show_bug.cgi?id=283063

Don't allocate DFG register after a slow path
https://bugs.webkit.org/show_bug.cgi?id=283063
rdar://139747120

Reviewed by Yusuke Suzuki.

Allocating a DFG register after a slow path means that if the slow path
is taken, we end up with an incorrect global state.

* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):

Canonical link: https://commits.webkit.org/282416.295@webkitglib/2.46


Compare: https://github.com/WebKit/WebKit/compare/cdbaf316924a...53e7f27d2622

To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to