Branch: refs/heads/safari-7619.2.8.10-branch
Home: https://github.com/WebKit/WebKit
Commit: 82064e8c02edc763c3a322c52aa17735dc2865ea
https://github.com/WebKit/WebKit/commit/82064e8c02edc763c3a322c52aa17735dc2865ea
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-11-13 (Wed, 13 Nov 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.8.10.8
Canonical link: https://commits.webkit.org/280938.389@safari-7619.2.8.10-branch
Commit: aeb6a25452317038cc4ca02b4b2c6f946e9ff3ba
https://github.com/WebKit/WebKit/commit/aeb6a25452317038cc4ca02b4b2c6f946e9ff3ba
Author: Daniel Liu <danl...@umich.edu>
Date: 2024-11-13 (Wed, 13 Nov 2024)
Changed paths:
M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp
Log Message:
-----------
Cherry-pick ded4d02c0a93. rdar://139747120
Don't allocate DFG register after a slow path
https://bugs.webkit.org/show_bug.cgi?id=283063
rdar://139747120
Reviewed by Yusuke Suzuki.
Allocating a DFG register after a slow path means that if the slow path
is taken, we end up with an incorrect global state.
* Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
(JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):
Canonical link: https://commits.webkit.org/283286.475@safari-7620-branch
Commit: 3cf1661874305393bbbce497eb91d168729759e4
https://github.com/WebKit/WebKit/commit/3cf1661874305393bbbce497eb91d168729759e4
Author: Mohsin Qureshi <mohs...@apple.com>
Date: 2024-11-14 (Thu, 14 Nov 2024)
Changed paths:
M Configurations/Version.xcconfig
Log Message:
-----------
Versioning.
WebKit-7619.2.8.10.9
Canonical link: https://commits.webkit.org/280938.391@safari-7619.2.8.10-branch
Commit: 60c387845715b5b307fc8f959bb5be9332629870
https://github.com/WebKit/WebKit/commit/60c387845715b5b307fc8f959bb5be9332629870
Author: Charlie Wolfe <charl...@apple.com>
Date: 2024-11-14 (Thu, 14 Nov 2024)
Changed paths:
M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.cpp
M Source/WebKit/NetworkProcess/NetworkProcess.h
M Source/WebKit/NetworkProcess/NetworkSession.cpp
M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
M
Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
M Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm
Log Message:
-----------
Cherry-pick 2815b4e29829. rdar://139893250
Data Isolation bypass via attacker controlled firstPartyForCookies
https://bugs.webkit.org/show_bug.cgi?id=283095
rdar://139818629
Reviewed by Matthew Finkel and Alex Christensen.
`NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie
access for about:blank or
empty firstPartyForCookies URLs. We tried to remove this in
rdar://105733798 and rdar://107270673, but
we needed to revert both because there were rare and subtle bugs where
certain requests would incorrectly
have about:blank set as their firstPartyForCookies, causing us to kill the
WCP.
This patch is a lower risk change that removes the unconditional cookie
access for requests that have an
empty firstPartyForCookies, but will not kill the WCP that is incorrectly
sending an empty
firstPartyForCookies.
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::createSocketChannel):
(WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
(WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
(WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
(WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
(WebKit::NetworkConnectionToWebProcess::getRawCookies):
(WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
(WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
(WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
(WebKit::NetworkConnectionToWebProcess::establishSWContextConnection):
* Source/WebKit/NetworkProcess/NetworkProcess.cpp:
(WebKit::NetworkProcess::allowsFirstPartyForCookies):
* Source/WebKit/NetworkProcess/NetworkProcess.h:
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::addAllowedFirstPartyForCookies):
* Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
(WebKit::WebSWServerConnection::scheduleJobInServer):
*
Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp:
(WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
(EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)):
Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch
Commit: 60798b5229c7139b7ba02d909af3e7ae9e6d18bd
https://github.com/WebKit/WebKit/commit/60798b5229c7139b7ba02d909af3e7ae9e6d18bd
Author: Nitin Mahendru <nitinmahen...@apple.com>
Date: 2024-11-14 (Thu, 14 Nov 2024)
Changed paths:
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
M
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
Log Message:
-----------
Cherry-pick fbc1283a4a99. rdar://139913405
Unreviewed, reverting "[WebAuthn] Implement batching for checking
allowCredentials (48851c3d135a)"
https://bugs.webkit.org/show_bug.cgi?id=282880
rdar://138281493
Fix Login Issues with newer Yubikeys.
Reverted change:
Cherry-pick 52a47cb. rdar://133711978
[WebAuthn] Implement batching for checking allowCredentials
rdar://133711978
https://bugs.webkit.org/show_bug.cgi?id=277979
Reviewed by Brent Fulgham.
This change implements checking the allowCredentials in batches as
supported by
the authenticator during getAssertion. This is accomplished with
smaller up=0,
get requests to determine if credentials are present on the
authenticator.
Then if a credential is detected as present, it is included in the
allowCredentials list
in the real request. If no credentials matched, then we already know
the call will not
be able to succeed, so we just include the last batch.
Added layout tests for the new behaviors.
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt:
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html:
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt:
*
LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueSlientlyCheckCredentials):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
(WebKit::CtapAuthenticator::getAssertion):
(WebKit::CtapAuthenticator::continueGetAssertionAfterCheckAllowCredentials):
(WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved):
Deleted.
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Canonical link: https://commits.webkit.org/282246@main
Canonical link: https://commits.webkit.org/283286.467@safari-7620-branch
Commit: c4bdab7aacccf65ae640a15b422105779afa7cd7
https://github.com/WebKit/WebKit/commit/c4bdab7aacccf65ae640a15b422105779afa7cd7
Author: Nitin Mahendru <nitinmahen...@apple.com>
Date: 2024-11-14 (Thu, 14 Nov 2024)
Changed paths:
M
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
M
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
M
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
M
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
M LayoutTests/http/wpt/webauthn/resources/util.js
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
M Source/WebCore/Modules/webauthn/fido/FidoConstants.h
M Source/WebCore/testing/MockWebAuthenticationConfiguration.h
M Source/WebCore/testing/MockWebAuthenticationConfiguration.idl
M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
M Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
Log Message:
-----------
Cherry-pick aaafcd1e5687. rdar://139913405
Unreviewed, reverting [WebAuthn] Implement batching for checking
excludeCredentials
https://bugs.webkit.org/show_bug.cgi?id=282878
rdar://138281493
Revert to Fix rdar://138281493 Unable to enter PIN for Yubikey
Reverted change:
Cherry-pick f56198757e4b. rdar://133307666
[WebAuthn] Implement batching for checking excludeCredentials
rdar://133307666
https://bugs.webkit.org/show_bug.cgi?id=277695
Reviewed by Charlie Wolfe.
This change starts to implement checking the excludeCredential list
in batches as
supported by the authenticator during a makeCredential. This is
accomplished by using
smaller, up=0, get requests to detect if a credential is present on
the authenticator.
Then if a credential is detected, only that credential may be
included with the actual
makeCredential request to get the proper error code back from the
authenticator. If none
matched, we don't need to include a excludeCredentials list to the
authenticator since
we already know those credentials aren't present.
This patch only implements this logic for makeCredential,
getAssertion will be done in
another patch.
Added layout tests to test matching exclude list with batching,
non-matching exclude list with
batching, and a security key that supports batches greater than 1.
*
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
*
LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
*
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt:
*
LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
* LayoutTests/http/wpt/webauthn/resources/util.js:
*
Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
(fido::AuthenticatorGetInfoResponse::setMaxCredentialCountInList):
(fido::AuthenticatorGetInfoResponse::setMaxCredentialIDLength):
(fido::encodeAsCBOR):
*
Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
(fido::encodeSilentGetAssertion):
* Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
* Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
(fido::readCTAPGetInfoResponse):
* Source/WebCore/Modules/webauthn/fido/FidoConstants.h:
* Source/WebCore/testing/MockWebAuthenticationConfiguration.h:
* Source/WebCore/testing/MockWebAuthenticationConfiguration.idl:
* Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
*
Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
(WebKit::MockHidConnection::feedReports):
*
Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::makeCredential):
(WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved):
(WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
*
Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Canonical link: https://commits.webkit.org/282019@main
Canonical link: https://commits.webkit.org/280938.236@safari-7619-branch
Canonical link: https://commits.webkit.org/283286.468@safari-7620-branch
Compare: https://github.com/WebKit/WebKit/compare/2e90e867b145...c4bdab7aaccc
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
