182884 2018-02-16 13:41:02 -0800 Apply patches for CVE-2018-5123 2018-02-16 15:13:52 -0800 1 1 1 Unclassified WebKit WebKit Website WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Critical --- 1 lingcherd_ho lingcherd_ho ap commit-queue ddkilzer jond lingcherd_ho webkit-bug-importer oldest_to_newest 1400010 0 lingcherd_ho 2018-02-16 13:41:02 -0800 https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-5123 Apply patches to remediate security issues mentioned in CVE. 1400032 1 334070 lingcherd_ho 2018-02-16 14:15:05 -0800 Created attachment 334070 Patch 1400037 2 334070 ap 2018-02-16 14:33:43 -0800 Comment on attachment 334070 Patch rs=me 1400053 3 334070 commit-queue 2018-02-16 15:12:17 -0800 Comment on attachment 334070 Patch Clearing flags on attachment: 334070 Committed r228584: <https://trac.webkit.org/changeset/228584> 1400054 4 commit-queue 2018-02-16 15:12:19 -0800 All reviewed patches have been landed. Closing bug. 1400056 5 webkit-bug-importer 2018-02-16 15:13:52 -0800 <rdar://problem/37621390> 334070 2018-02-16 14:15:05 -0800 2018-02-16 15:12:17 -0800 Patch bug-182884-20180216141504.patch text/plain 4342 lingcherd_ho SW5kZXg6IFdlYnNpdGVzL2J1Z3Mud2Via2l0Lm9yZy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g V2Vic2l0ZXMvYnVncy53ZWJraXQub3JnL0NoYW5nZUxvZwkocmV2aXNpb24gMjI4NTgyKQorKysg V2Vic2l0ZXMvYnVncy53ZWJraXQub3JnL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwz ICsxLDE1IEBACisyMDE4LTAyLTE2ICBMaW5nIEhvICA8bGluZ2hvQGFwcGxlLmNvbT4KKworICAg ICAgICBBcHBseSBCdWd6aWxsYSBwYXRjaGVzIGZvciBDVkUtMjAxOC01MTIzCisgICAgICAgIGh0 dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xODI4ODQKKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIEJ1Z3ppbGxhL0NHSS5wbToK KyAgICAgICAgKF9wcmV2ZW50X3Vuc2FmZV9yZXNwb25zZSk6CisgICAgICAgIChoZWFkZXIpOgor ICAgICAgICAqIGF0dGFjaG1lbnQuY2dpOgorCiAyMDE3LTA2LTIyICBDYXJsb3MgQWxiZXJ0byBM b3BleiBQZXJleiAgPGNsb3BlekBpZ2FsaWEuY29tPgogCiAgICAgICAgIHByZXR0eSBwYXRjaCBk b2Vzbid0IHNob3cgaW1hZ2UgZGlmZnMgd2l0aCBuZXdlciB2ZXJzaW9ucyBvZiBnaXQKSW5kZXg6 IFdlYnNpdGVzL2J1Z3Mud2Via2l0Lm9yZy9hdHRhY2htZW50LmNnaQo9PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBX ZWJzaXRlcy9idWdzLndlYmtpdC5vcmcvYXR0YWNobWVudC5jZ2kJKHJldmlzaW9uIDIyODU4MikK KysrIFdlYnNpdGVzL2J1Z3Mud2Via2l0Lm9yZy9hdHRhY2htZW50LmNnaQkod29ya2luZyBjb3B5 KQpAQCAtMzksNiArMzksNyBAQCB1c2UgQXBhY2hlMjo6UmVxdWVzdFV0aWwgKCk7CiBsb2NhbCBv dXIgJGNnaSA9IEJ1Z3ppbGxhLT5jZ2k7CiBsb2NhbCBvdXIgJHRlbXBsYXRlID0gQnVnemlsbGEt PnRlbXBsYXRlOwogbG9jYWwgb3VyICR2YXJzID0ge307Citsb2NhbCAkQnVnemlsbGE6OkNHSTo6 QUxMT1dfVU5TQUZFX1JFU1BPTlNFID0gMTsKIAogIyBBbGwgY2FsbHMgdG8gdGhpcyBzY3JpcHQg c2hvdWxkIGNvbnRhaW4gYW4gImFjdGlvbiIgdmFyaWFibGUgd2hvc2UKICMgdmFsdWUgZGV0ZXJt aW5lcyB3aGF0IHRoZSB1c2VyIHdhbnRzIHRvIGRvLiAgVGhlIGNvZGUgYmVsb3cgY2hlY2tzCklu ZGV4OiBXZWJzaXRlcy9idWdzLndlYmtpdC5vcmcvQnVnemlsbGEvQ0dJLnBtCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFdlYnNpdGVzL2J1Z3Mud2Via2l0Lm9yZy9CdWd6aWxsYS9DR0kucG0JKHJldmlzaW9uIDIy ODU4MikKKysrIFdlYnNpdGVzL2J1Z3Mud2Via2l0Lm9yZy9CdWd6aWxsYS9DR0kucG0JKHdvcmtp bmcgY29weSkKQEAgLTI4OCw2ICsyODgsNjkgQEAgc3ViIGNsb3NlX3N0YW5kYnlfbWVzc2FnZSB7 CiAgICAgfQogfQogCitvdXIgJEFMTE9XX1VOU0FGRV9SRVNQT05TRSA9IDA7CisjIHJlc3BvbmRp bmcgdG8gdGV4dC9wbGFpbiBvciB0ZXh0L2h0bWwgaXMgc2FmZQorIyByZXNwb25kaW5nIHRvIGFu eSByZXF1ZXN0IHdpdGggYSByZWZlcmVyIGhlYWRlciBpcyBzYWZlCisjIHNvbWUgdGhpbmdzIG5l ZWQgdG8gaGF2ZSB1bnNhZmUgcmVzcG9uc2VzIChhdHRhY2htZW50LmNnaSkKKyMgZXZlcnl0aGlu ZyBlbHNlIHNob3VsZCBnZXQgYSA0MDMuCitzdWIgX3ByZXZlbnRfdW5zYWZlX3Jlc3BvbnNlIHsK KyAgICBteSAoJHNlbGYsICRoZWFkZXJzKSA9IEBfOworICAgIG15ICRzYWZlX2NvbnRlbnRfdHlw ZV9yZSA9IHFyeworICAgICAgICBeICgqQ09NTUlUKSAjIENPTU1JVCBtYWtlcyB0aGUgcmVnZXgg ZmFzdGVyCisgICAgICAgICAgICAgICAgICAgICMgYnkgcHJldmVudGluZyBiYWNrLXRyYWNraW5n LiBzZWUgYWxzbyBwZXJsZG9jIHBlbHJlLgorICAgICAgICAjIGFwcGxpY2F0aW9uL3gtamF2YXNj cmlwdCwgeG1sLCBhdG9tK3htbCwgcmRmK3htbCwgeG1sLWR0ZCwgYW5kIGpzb24KKyAgICAgICAg KD86IGFwcGxpY2F0aW9uLyAoPzogeCg/OiAtamF2YXNjcmlwdCB8IG1sICg/OiAtZHRkICk/ICkK KyAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgKD86IGF0b20gfCByZGYpIFwrIHhtbAorICAg ICAgICAgICAgICAgICAgICAgICAgICAgfCBqc29uICkKKyAgICAgICAgIyB0ZXh0L2NzdiwgdGV4 dC9jYWxlbmRhciwgdGV4dC9wbGFpbiwgYW5kIHRleHQvaHRtbAorICAgICAgICAgIHwgdGV4dC8g KD86IGMgKD86IGFsZW5kYXIgfCBzdiApCisgICAgICAgICAgICAgICAgICAgIHwgcGxhaW4KKyAg ICAgICAgICAgICAgICAgICAgfCBodG1sICkKKyAgICAgICAgIyB1c2VkIGZvciBIVFRQIHB1c2gg cmVzcG9uc2VzCisgICAgICAgICAgfCBtdWx0aXBhcnQveC1taXhlZC1yZXBsYWNlKQorICAgIH1z eDsKKyAgICBteSAkc2FmZV9yZWZlcmVyX3JlID0gZG8geworICAgICAgICAjIE5vdGUgdGhhdCB1 cmxiYXNlIG11c3QgZW5kIHdpdGggYSAvLgorICAgICAgICAjIEl0IGFsbW9zdCBjZXJ0YWlubHkg ZG9lcywgYnV0IGxldCdzIGJlIGV4dHJhIGNhcmVmdWwuCisgICAgICAgIG15ICR1cmxiYXNlID0g Y29ycmVjdF91cmxiYXNlKCk7CisgICAgICAgICR1cmxiYXNlID1+IHN7LyR9e307CisgICAgICAg IHFyeworICAgICAgICAgICAgIyBCZWdpbnMgd2l0aCBsaXRlcmFsIHVybGJhc2UKKyAgICAgICAg ICAgIF4gKCpDT01NSVQpCisgICAgICAgICAgICBcUSR1cmxiYXNlXEUKKyAgICAgICAgICAgICMg Zm9sbG93ZWQgYnkgYSBzbGFzaCBvciBlbmQgb2Ygc3RyaW5nCisgICAgICAgICAgICAoPzogLwor ICAgICAgICAgICAgICB8ICQgKQorICAgICAgICB9c3gKKyAgICB9OworCisgICAgcmV0dXJuIGlm ICRBTExPV19VTlNBRkVfUkVTUE9OU0U7CisKKyAgICBpZiAoQnVnemlsbGEtPnVzYWdlX21vZGUg PT0gVVNBR0VfTU9ERV9CUk9XU0VSKSB7CisgICAgICAgICMgU2FmZSBjb250ZW50IHR5cGVzIGFy ZSBvbmVzIHRoYXQgYXJuJ3QgaW1hZ2VzLgorICAgICAgICAjIEZvciBub3cgbGV0J3MgYXNzdW1l IHBsYWluIHRleHQgYW5kIGh0bWwgYXJlIG5vdCB2YWxpZCBpbWFnZXMuCisgICAgICAgIG15ICRj b250ZW50X3R5cGUgICAgICAgICA9ICRoZWFkZXJzLT57Jy10eXBlJ30gLy8gJGhlYWRlcnMtPnsn LWNvbnRlbnRfdHlwZSd9IC8vICd0ZXh0L2h0bWwnOworICAgICAgICBteSAkaXNfc2FmZV9jb250 ZW50X3R5cGUgPSAkY29udGVudF90eXBlID1+ICRzYWZlX2NvbnRlbnRfdHlwZV9yZTsKKworICAg ICAgICAjIFNhZmUgcmVmZXJlcnMgYXJlIG9uZXMgdGhhdCBiZWdpbiB3aXRoIHRoZSB1cmxiYXNl LgorICAgICAgICBteSAkcmVmZXJlciAgICAgICAgID0gJHNlbGYtPnJlZmVyZXI7CisgICAgICAg IG15ICRpc19zYWZlX3JlZmVyZXIgPSAkcmVmZXJlciAmJiAkcmVmZXJlciA9fiAkc2FmZV9yZWZl cmVyX3JlOworCisgICAgICAgIGlmICghJGlzX3NhZmVfcmVmZXJlciAmJiAhJGlzX3NhZmVfY29u dGVudF90eXBlKSB7CisgICAgICAgICAgICBwcmludCAkc2VsZi0+U1VQRVI6OmhlYWRlcigtdHlw ZSA9PiAndGV4dC9odG1sJywgIC1zdGF0dXMgPT4gJzQwMyBGb3JiaWRkZW4nKTsKKyAgICAgICAg ICAgIGlmICgkY29udGVudF90eXBlIG5lICd0ZXh0L2h0bWwnKSB7CisgICAgICAgICAgICAgICAg cHJpbnQgIlVudHJ1c3RlZCBSZWZlcmVyIEhlYWRlclxuIjsKKyAgICAgICAgICAgICAgICBpZiAo JEVOVntNT0RfUEVSTH0pIHsKKyAgICAgICAgICAgICAgICAgICAgbXkgJHIgPSAkc2VsZi0+cjsK KyAgICAgICAgICAgICAgICAgICAgJHItPnJmbHVzaDsKKyAgICAgICAgICAgICAgICAgICAgJHIt PnN0YXR1cygyMDApOworICAgICAgICAgICAgICAgIH0KKyAgICAgICAgICAgIH0KKyAgICAgICAg ICAgIGV4aXQ7CisgICAgICAgIH0KKyAgICB9Cit9CisKICMgT3ZlcnJpZGUgaGVhZGVyIHNvIHdl IGNhbiBhZGQgdGhlIGNvb2tpZXMgaW4KIHN1YiBoZWFkZXIgewogICAgIG15ICRzZWxmID0gc2hp ZnQ7CkBAIC0zMDIsNiArMzY1LDcgQEAgc3ViIGhlYWRlciB7CiAgICAgZWxzZSB7CiAgICAgICAg ICVoZWFkZXJzID0gQF87CiAgICAgfQorICAgICRzZWxmLT5fcHJldmVudF91bnNhZmVfcmVzcG9u c2UoXCVoZWFkZXJzKTsKIAogICAgIGlmICgkc2VsZi0+eydfY29udGVudF9kaXNwJ30pIHsKICAg ICAgICAgJGhlYWRlcnN7Jy1jb250ZW50X2Rpc3Bvc2l0aW9uJ30gPSAkc2VsZi0+eydfY29udGVu dF9kaXNwJ307Cg==