[webkit-changes] [WebKit/WebKit] 82064e: Versioning.

nmahendru noreply at github.com
Fri Dec 20 12:14:26 PST 2024


  Branch: refs/heads/safari-7619.2.8.10-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: 82064e8c02edc763c3a322c52aa17735dc2865ea
      https://github.com/WebKit/WebKit/commit/82064e8c02edc763c3a322c52aa17735dc2865ea
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-11-13 (Wed, 13 Nov 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7619.2.8.10.8

Canonical link: https://commits.webkit.org/280938.389@safari-7619.2.8.10-branch


  Commit: aeb6a25452317038cc4ca02b4b2c6f946e9ff3ba
      https://github.com/WebKit/WebKit/commit/aeb6a25452317038cc4ca02b4b2c6f946e9ff3ba
  Author: Daniel Liu <danlliu at umich.edu>
  Date:   2024-11-13 (Wed, 13 Nov 2024)

  Changed paths:
    M Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp

  Log Message:
  -----------
  Cherry-pick ded4d02c0a93. rdar://139747120

    Don't allocate DFG register after a slow path
    https://bugs.webkit.org/show_bug.cgi?id=283063
    rdar://139747120

    Reviewed by Yusuke Suzuki.

    Allocating a DFG register after a slow path means that if the slow path
    is taken, we end up with an incorrect global state.

    * Source/JavaScriptCore/dfg/DFGSpeculativeJIT.cpp:
    (JSC::DFG::SpeculativeJIT::compilePutByValForIntTypedArray):

    Canonical link: https://commits.webkit.org/283286.475@safari-7620-branch


  Commit: 3cf1661874305393bbbce497eb91d168729759e4
      https://github.com/WebKit/WebKit/commit/3cf1661874305393bbbce497eb91d168729759e4
  Author: Mohsin Qureshi <mohsinq at apple.com>
  Date:   2024-11-14 (Thu, 14 Nov 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7619.2.8.10.9

Canonical link: https://commits.webkit.org/280938.391@safari-7619.2.8.10-branch


  Commit: 60c387845715b5b307fc8f959bb5be9332629870
      https://github.com/WebKit/WebKit/commit/60c387845715b5b307fc8f959bb5be9332629870
  Author: Charlie Wolfe <charliew at apple.com>
  Date:   2024-11-14 (Thu, 14 Nov 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.cpp
    M Source/WebKit/NetworkProcess/NetworkProcess.h
    M Source/WebKit/NetworkProcess/NetworkSession.cpp
    M Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp
    M Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm

  Log Message:
  -----------
  Cherry-pick 2815b4e29829. rdar://139893250

    Data Isolation bypass via attacker controlled firstPartyForCookies
    https://bugs.webkit.org/show_bug.cgi?id=283095
    rdar://139818629

    Reviewed by Matthew Finkel and Alex Christensen.

    `NetworkProcess::allowsFirstPartyForCookies` unconditionally allows cookie access for about:blank or
    empty firstPartyForCookies URLs. We tried to remove this in rdar://105733798 and rdar://107270673, but
    we needed to revert both because there were rare and subtle bugs where certain requests would incorrectly
    have about:blank set as their firstPartyForCookies, causing us to kill the WCP.

    This patch is a lower risk change that removes the unconditional cookie access for requests that have an
    empty firstPartyForCookies, but will not kill the WCP that is incorrectly sending an empty
    firstPartyForCookies.

    * Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
    (WebKit::NetworkConnectionToWebProcess::createSocketChannel):
    (WebKit::NetworkConnectionToWebProcess::scheduleResourceLoad):
    (WebKit::NetworkConnectionToWebProcess::cookiesForDOM):
    (WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM):
    (WebKit::NetworkConnectionToWebProcess::cookiesEnabled):
    (WebKit::NetworkConnectionToWebProcess::cookieRequestHeaderFieldValue):
    (WebKit::NetworkConnectionToWebProcess::getRawCookies):
    (WebKit::NetworkConnectionToWebProcess::cookiesForDOMAsync):
    (WebKit::NetworkConnectionToWebProcess::setCookieFromDOMAsync):
    (WebKit::NetworkConnectionToWebProcess::domCookiesForHost):
    (WebKit::NetworkConnectionToWebProcess::establishSWContextConnection):
    * Source/WebKit/NetworkProcess/NetworkProcess.cpp:
    (WebKit::NetworkProcess::allowsFirstPartyForCookies):
    * Source/WebKit/NetworkProcess/NetworkProcess.h:
    * Source/WebKit/NetworkProcess/NetworkSession.cpp:
    (WebKit::NetworkSession::addAllowedFirstPartyForCookies):
    * Source/WebKit/NetworkProcess/ServiceWorker/WebSWServerConnection.cpp:
    (WebKit::WebSWServerConnection::scheduleJobInServer):
    * Source/WebKit/NetworkProcess/SharedWorker/WebSharedWorkerServerConnection.cpp:
    (WebKit::WebSharedWorkerServerConnection::requestSharedWorker):
    * Tools/TestWebKitAPI/Tests/WebKitCocoa/IPCTestingAPI.mm:
    (EmptyFirstPartyForCookiesCookieRequestHeaderFieldValue)):

    Canonical link: https://commits.webkit.org/283286.477@safari-7620-branch


  Commit: 60798b5229c7139b7ba02d909af3e7ae9e6d18bd
      https://github.com/WebKit/WebKit/commit/60798b5229c7139b7ba02d909af3e7ae9e6d18bd
  Author: Nitin Mahendru <nitinmahendru at apple.com>
  Date:   2024-11-14 (Thu, 14 Nov 2024)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h

  Log Message:
  -----------
  Cherry-pick fbc1283a4a99. rdar://139913405

    Unreviewed, reverting "[WebAuthn] Implement batching for checking allowCredentials (48851c3d135a)"
    https://bugs.webkit.org/show_bug.cgi?id=282880
    rdar://138281493

    Fix Login Issues with newer Yubikeys.

    Reverted change:

    Cherry-pick 52a47cb. rdar://133711978
        [WebAuthn] Implement batching for checking allowCredentials
        rdar://133711978
        https://bugs.webkit.org/show_bug.cgi?id=277979

        Reviewed by Brent Fulgham.

        This change implements checking the allowCredentials in batches as supported by
        the authenticator during getAssertion. This is accomplished with smaller up=0,
        get requests to determine if credentials are present on the authenticator.

        Then if a credential is detected as present, it is included in the allowCredentials list
        in the real request. If no credentials matched, then we already know the call will not
        be able to succeed, so we just include the last batch.

        Added layout tests for the new behaviors.

        * LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https-expected.txt:
        * LayoutTests/http/wpt/webauthn/public-key-credential-get-failure-hid.https.html:
        * LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https-expected.txt:
        * LayoutTests/http/wpt/webauthn/public-key-credential-get-success-hid.https.html:
        * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
        (WebKit::CtapAuthenticator::makeCredential):
        (WebKit::CtapAuthenticator::continueSlientlyCheckCredentials):
        (WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
        (WebKit::CtapAuthenticator::getAssertion):
        (WebKit::CtapAuthenticator::continueGetAssertionAfterCheckAllowCredentials):
        (WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved): Deleted.
        * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:

        Canonical link: https://commits.webkit.org/282246@main

    Canonical link: https://commits.webkit.org/283286.467@safari-7620-branch


  Commit: c4bdab7aacccf65ae640a15b422105779afa7cd7
      https://github.com/WebKit/WebKit/commit/c4bdab7aacccf65ae640a15b422105779afa7cd7
  Author: Nitin Mahendru <nitinmahendru at apple.com>
  Date:   2024-11-14 (Thu, 14 Nov 2024)

  Changed paths:
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt
    M LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html
    M LayoutTests/http/wpt/webauthn/resources/util.js
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp
    M Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h
    M Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp
    M Source/WebCore/Modules/webauthn/fido/FidoConstants.h
    M Source/WebCore/testing/MockWebAuthenticationConfiguration.h
    M Source/WebCore/testing/MockWebAuthenticationConfiguration.idl
    M Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in
    M Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h

  Log Message:
  -----------
  Cherry-pick aaafcd1e5687. rdar://139913405

    Unreviewed, reverting [WebAuthn] Implement batching for checking excludeCredentials
    https://bugs.webkit.org/show_bug.cgi?id=282878
    rdar://138281493

    Revert to Fix rdar://138281493 Unable to enter PIN for Yubikey

    Reverted change:
        Cherry-pick f56198757e4b. rdar://133307666

            [WebAuthn] Implement batching for checking excludeCredentials
            rdar://133307666
            https://bugs.webkit.org/show_bug.cgi?id=277695

            Reviewed by Charlie Wolfe.

            This change starts to implement checking the excludeCredential list in batches as
            supported by the authenticator during a makeCredential. This is accomplished by using
            smaller, up=0, get requests to detect if a credential is present on the authenticator.

            Then if a credential is detected, only that credential may be included with the actual
            makeCredential request to get the proper error code back from the authenticator. If none
            matched, we don't need to include a excludeCredentials list to the authenticator since
            we already know those credentials aren't present.

            This patch only implements this logic for makeCredential, getAssertion will be done in
            another patch.

            Added layout tests to test matching exclude list with batching, non-matching exclude list with
            batching, and a security key that supports batches greater than 1.

            * LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https-expected.txt:
            * LayoutTests/http/wpt/webauthn/public-key-credential-create-failure-hid.https.html:
            * LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https-expected.txt:
            * LayoutTests/http/wpt/webauthn/public-key-credential-create-success-hid.https.html:
            * LayoutTests/http/wpt/webauthn/resources/util.js:
            * Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.cpp:
            (fido::AuthenticatorGetInfoResponse::setMaxCredentialCountInList):
            (fido::AuthenticatorGetInfoResponse::setMaxCredentialIDLength):
            (fido::encodeAsCBOR):
            * Source/WebCore/Modules/webauthn/fido/AuthenticatorGetInfoResponse.h:
            * Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.cpp:
            (fido::encodeSilentGetAssertion):
            * Source/WebCore/Modules/webauthn/fido/DeviceRequestConverter.h:
            * Source/WebCore/Modules/webauthn/fido/DeviceResponseConverter.cpp:
            (fido::readCTAPGetInfoResponse):
            * Source/WebCore/Modules/webauthn/fido/FidoConstants.h:
            * Source/WebCore/testing/MockWebAuthenticationConfiguration.h:
            * Source/WebCore/testing/MockWebAuthenticationConfiguration.idl:
            * Source/WebKit/Shared/WebCoreArgumentCoders.serialization.in:
            * Source/WebKit/UIProcess/WebAuthentication/Mock/MockHidConnection.cpp:
            (WebKit::MockHidConnection::feedReports):
            * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
            (WebKit::CtapAuthenticator::makeCredential):
            (WebKit::CtapAuthenticator::continueCheckExcludedCredentialsAfterResponseRecieved):
            (WebKit::CtapAuthenticator::continueMakeCredentialAfterCheckExcludedCredentials):
            * Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:

            Canonical link: https://commits.webkit.org/282019@main

        Canonical link: https://commits.webkit.org/280938.236@safari-7619-branch

    Canonical link: https://commits.webkit.org/283286.468@safari-7620-branch


Compare: https://github.com/WebKit/WebKit/compare/2e90e867b145...c4bdab7aaccc

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list