Branch: refs/heads/webkitglib/2.42
Home: https://github.com/WebKit/WebKit
Commit: a8bff3c5374d12655ecc0d718f86d57f4b8cd4e0
https://github.com/WebKit/WebKit/commit/a8bff3c5374d12655ecc0d718f86d57f4b8cd4e0
Author: Anne van Kesteren <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
M Source/WebCore/fileapi/BlobURL.cpp
Log Message:
-----------
Cherry-pick 266247@main (b1a659b38f09).
https://bugs.webkit.org/show_bug.cgi?id=261674
Return opaque origin for blob: URL containing inner non-http(s): URL
https://bugs.webkit.org/show_bug.cgi?id=257262
rdar://109781193
Reviewed by Alex Christensen and Darin Adler.
Refactor SecurityOrigin so it is more clear blob: URLs are the sole
special case. And change how we derive the blob: URL origin to align
with the URL standard:
* No longer perform percent-decoding (matches other browsers).
* Restrict non-opaque origins to HTTP(S) URLs (will soon match other
browsers). However:
* Still give blob: URLs derived from file: origins an origin for now
as removing that ability needs a bit more care. This currently goes
against the URL standard, but that might change.
* Also give registered schemes a pass to allow embedders to continue
to use blob: URLs as they see fit.
Also change BlobURL to rely more directly on SecurityOrigin.
*
LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any-expected.txt:
*
LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any.worker-expected.txt:
* Source/WebCore/fileapi/BlobURL.cpp:
(WebCore::BlobURL::getOriginURL):
(WebCore::BlobURL::isSecureBlobURL):
* Source/WebCore/fileapi/ThreadableBlobRegistry.cpp:
(WebCore::ThreadableBlobRegistry::getCachedOrigin):
* Source/WebCore/page/SecurityOrigin.cpp:
(WebCore::SecurityOrigin::create):
(WebCore::SecurityOrigin::forBlobURL):
(WebCore::SecurityOrigin::isSecure):
(WebCore::SecurityOrigin::shouldUseInnerURL): Deleted.
(WebCore::SecurityOrigin::extractInnerURL): Deleted.
* Source/WebCore/page/SecurityOrigin.h:
* Source/WebCore/page/SecurityOriginData.cpp:
(WebCore::SecurityOriginData::shouldTreatAsOpaqueOrigin):
Canonical link: https://commits.webkit.org/266247@main
Commit: e337a3fb115f3cff7f9ac5b70bfe1584194dd839
https://github.com/WebKit/WebKit/commit/e337a3fb115f3cff7f9ac5b70bfe1584194dd839
Author: Michael Catanzaro <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
M Source/WebCore/page/SecurityOrigin.cpp
Log Message:
-----------
Cherry-pick 270274@main (58df23fe5ac5).
https://bugs.webkit.org/show_bug.cgi?id=260771
REGRESSION(266247@main): PDF "Save" button does nothing, "Print" function
also broken
https://bugs.webkit.org/show_bug.cgi?id=260771
Reviewed by Chris Dumez.
The PDF.js viewer protocol and resource protocols both should be treated
the same as HTTP protocols and have access to blob URLs. The protocol is
an implementation detail that shouldn't affect how the web content
behaves and certainly should not restrict access to web platform
features.
* Source/WebCore/page/SecurityOrigin.cpp:
(WebCore::isSafelistedBlobProtocol):
Canonical link: https://commits.webkit.org/270274@main
Commit: 8f701f25fa58dc0846739b264cf5414aaad69ae2
https://github.com/WebKit/WebKit/commit/8f701f25fa58dc0846739b264cf5414aaad69ae2
Author: Chris Dumez <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
M Source/WTF/wtf/Algorithms.h
M Source/WebCore/platform/audio/AudioArray.h
M Source/WebCore/platform/audio/AudioBus.cpp
M Source/WebCore/platform/audio/AudioChannel.h
M Source/WebCore/platform/audio/MultiChannelResampler.cpp
M Source/WebCore/platform/audio/MultiChannelResampler.h
M Source/WebCore/platform/audio/SincResampler.cpp
M Source/WebCore/platform/audio/SincResampler.h
Log Message:
-----------
Cherry-pick 270409@main (4e588185b230).
https://bugs.webkit.org/show_bug.cgi?id=261674
Security hardening for SincResampler
https://bugs.webkit.org/show_bug.cgi?id=261317
rdar://105650262
Reviewed by David Kilzer and Darin Adler.
Do security hardening for SincResampler as we have evidence that we're
getting
the logic wrong in some cases and doing a heap-buffer overflow WRITE.
This patch updates SincResampler to use `std::span<float>` instead of
`float*` and
to leverage new memcpySpans() / memsetSpan() functions
I added to WTF.
This had several benefits:
- Using std::span means we don't lose tracks of our buffer bounds so we can
do
extra bounds checks.
- We benefit from std::span's bounds checks too which are already enabled
on trunk
via `-D_LIBCPP_ENABLE_ASSERTIONS=1`. Those checks apply to subspan() and
operator[]
in particular, both of which are used by SincResampler.
* Source/WTF/WTF.xcodeproj/project.pbxproj:
* Source/WTF/wtf/Algorithms.h:.
(WTF::memcpySpans):
(WTF::memsetSpan):
* Source/WebCore/platform/audio/AudioArray.h:
(WebCore::AudioArray::toSpan):
(WebCore::AudioArray::toSpan const):
* Source/WebCore/platform/audio/AudioBus.cpp:
(WebCore::AudioBus::createBySampleRateConverting):
* Source/WebCore/platform/audio/AudioChannel.h:
* Source/WebCore/platform/audio/MultiChannelResampler.cpp:
(WebCore::MultiChannelResampler::process):
(WebCore::MultiChannelResampler::provideInputForChannel):
* Source/WebCore/platform/audio/MultiChannelResampler.h:
* Source/WebCore/platform/audio/SincResampler.cpp:
(WebCore::SincResampler::SincResampler):
(WebCore::SincResampler::updateRegions):
(WebCore::SincResampler::processBuffer):
(WebCore::SincResampler::process):
* Source/WebCore/platform/audio/SincResampler.h:
Originally-landed-as: 265870.537@safari-7616-branch (9c1f377498c2).
rdar://118088415
Canonical link: https://commits.webkit.org/270409@main
Commit: 164b206e9bdebe0fbd2ef7abdc650ef931d0e8ad
https://github.com/WebKit/WebKit/commit/164b206e9bdebe0fbd2ef7abdc650ef931d0e8ad
Author: Philippe Normand <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
M Source/WebCore/platform/audio/SincResampler.cpp
Log Message:
-----------
Cherry-pick 270447@main (3e1921097f86).
https://bugs.webkit.org/show_bug.cgi?id=264484
REGRESSION(270409@main): Broke linux clang-16 builds
https://bugs.webkit.org/show_bug.cgi?id=264484
Reviewed by Chris Dumez.
* Source/WebCore/platform/audio/SincResampler.cpp:
(WebCore::SincResampler::processBuffer): Use gcc/clang agnostic pragma
macros instead of the ones
specific to GCC.
Canonical link: https://commits.webkit.org/270447@main
Commit: 10543a84b7c2d7a3c47203fce1dc4b0e27781c1f
https://github.com/WebKit/WebKit/commit/10543a84b7c2d7a3c47203fce1dc4b0e27781c1f
Author: Adrian Perez de Castro <[email protected]>
Date: 2023-11-14 (Tue, 14 Nov 2023)
Changed paths:
M Source/WebKit/wpe/NEWS
M Source/cmake/OptionsWPE.cmake
Log Message:
-----------
Unreviewed. Update OptionsWPE.cmake and NEWS for the 2.42.2 release
* Source/WebKit/wpe/NEWS: Add release notes for 2.42.2.
* Source/cmake/OptionsWPE.cmake: Bump version numbers.
Compare: https://github.com/WebKit/WebKit/compare/e8377a74da4c...10543a84b7c2
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
