Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.translate(100, 0); var g = ctx.createRadialGradient(0, 0, 0, 0, 0, 11.2);@@ -30,9 +30,9 @@ ctx.translate(-50, 25); ctx.scale(10, 10); ctx.fillRect(-5, -2.5, 10, 5);-_assertPixel(offscreenCanvas, 25,25, 0,255,0,255, "25,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,25, 0,255,0,255, "75,25", "0,255,0,255");+_assertPixel(canvas, 25,25, 0,255,0,255, "25,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 75,25, 0,255,0,255, "75,25", "0,255,0,255"); t.done(); });
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming and don't affect security. Here's the analysis:
Vulnerability Existed: no
No Vulnerability Found [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.html] [Lines 17-30]
[Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d'); ... _assertPixel(offscreenCanvas, ...)]
[Fixed Code: var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d'); ... _assertPixel(canvas, ...)]
The changes simply rename the variable from `offscreenCanvas` to `canvas` and update all references to it. This is a code style/readability change rather than a security fix. No security-related patterns or vulnerabilities are being addressed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/server/actors/watcher/target-helpers/frame-helper.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/server/actors/watcher/target-helpers/frame-helper.js@@ -12,17 +12,8 @@ WindowGlobalLogger, } = require("devtools/server/connectors/js-window-actor/WindowGlobalLogger.jsm"); const Targets = require("devtools/server/actors/targets/index");-const {- getAllRemoteBrowsingContexts,- shouldNotifyWindowGlobal,-} = require("devtools/server/actors/watcher/target-helpers/utils.js"); const browsingContextAttachedObserverByWatcher = new Map();--const isEveryFrameTargetEnabled = Services.prefs.getBoolPref(- "devtools.every-frame-target.enabled",- false-); /** * Force creating targets for all existing BrowsingContext, that, for a given Watcher Actor.@@ -76,7 +67,10 @@ ); }- if (watcher.isServerTargetSwitchingEnabled && watcher.browserElement) {+ if (+ watcher.sessionContext.isServerTargetSwitchingEnabled &&+ watcher.sessionContext.type == "browser-element"+ ) { // If server side target switching is enabled, process the top level browsing context first, // so that we guarantee it is notified to the client first. // If it is disabled, the top level target will be created from the client instead.@@ -87,8 +81,10 @@ }); }- const browsingContexts = getFilteredRemoteBrowsingContext(- watcher.browserElement+ const browsingContexts = watcher.getAllBrowsingContexts().filter(+ // Filter out the top browsing context we just processed.+ browsingContext =>+ browsingContext != watcher.browserElement?.browsingContext ); // Await for the all the queries in order to resolve only *after* we received all // already available targets.@@ -165,17 +161,7 @@ */ function destroyTargets(watcher) { // Go over all existing BrowsingContext in order to destroy all targets- const browsingContexts = getFilteredRemoteBrowsingContext(- watcher.browserElement- );- if (- watcher.isServerTargetSwitchingEnabled &&- watcher.sessionContext.type == "browser-element"- ) {- // If server side target switching is enabled, we should also destroy the top level browsing context.- // If it is disabled, the top level target will be destroyed from the client instead.- browsingContexts.push(watcher.browserElement.browsingContext);- }+ const browsingContexts = watcher.getAllBrowsingContexts(); for (const browsingContext of browsingContexts) { logWindowGlobal(@@ -274,7 +260,7 @@ /** * Return the list of BrowsingContexts which should be targeted in order to communicate- * a new list of resource types to listen or stop listening to.+ * updated session data. * * @param WatcherActor watcher * The watcher actor will be used to know which target we debug@@ -287,57 +273,33 @@ watcher, Targets.TYPES.FRAME );- const { browserElement } = watcher;- const browsingContexts = watchingAdditionalTargets- ? getFilteredRemoteBrowsingContext(browserElement)- : [];- // Even if we aren't watching additional target, we want to process the top level target.- // The top level target isn't returned by getFilteredRemoteBrowsingContext, so add it in both cases.- if (- watcher.sessionContext.type == "browser-element" ||- watcher.sessionContext.type == "webextension"- ) {- let topBrowsingContext;- if (watcher.sessionContext.type == "browser-element") {- topBrowsingContext = watcher.browserElement.browsingContext;- } else if (watcher.sessionContext.type == "webextension") {- topBrowsingContext = BrowsingContext.get(- watcher.sessionContext.addonBrowsingContextID- );+ if (watchingAdditionalTargets) {+ return watcher.getAllBrowsingContexts();+ }+ // By default, when we are no longer watching for frame targets, we should no longer try to+ // communicate with any browsing-context. But.+ //+ // For "browser-element" debugging, all targets are provided by watching by watching for frame targets.+ // So, when we are no longer watching for frame, we don't expect to have any frame target to talk to.+ // => we should no longer reach any browsing context.+ //+ // For "all" (=browser toolbox), there is only the special ParentProcessTargetActor we might want to return here.+ // But this is actually handled by the WatcherActor which uses `WatcherActor._getTargetActorInParentProcess` to convey session data.+ // => we should no longer reach any browsing context.+ //+ // For "webextension" debugging, there is the special WebExtensionTargetActor, which doesn't run in the parent process,+ // so that we can't rely on the same code as the browser toolbox.+ // => we should always reach out this particular browsing context.+ if (watcher.sessionContext.type == "webextension") {+ const browsingContext = BrowsingContext.get(+ watcher.sessionContext.addonBrowsingContextID+ );+ // The add-on browsing context may be destroying, in which case we shouldn't try to communicate with it+ if (browsingContext.currentWindowGlobal) {+ return [browsingContext]; }-- // Ignore if we are against a page running in the parent process,- // which would not support JSWindowActor API- // XXX May be we should toggle `includeChrome` and ensure watch/unwatch works- // with such page?- //- // Also ignore BrowsingContext which are being destroyed or navigating.- if (- topBrowsingContext.currentWindowGlobal &&- topBrowsingContext.currentWindowGlobal.osPid != -1- ) {- browsingContexts.push(topBrowsingContext);- }- }- return browsingContexts;-}--/**- * Get the list of all BrowsingContext we should interact with.- * The precise condition of which BrowsingContext we should interact with are defined- * in `shouldNotifyWindowGlobal`- *- * @param BrowserElement browserElement (optional)- * If defined, this will restrict to only the Browsing Context matching this- * Browser Element and any of its (nested) children iframes.- */-function getFilteredRemoteBrowsingContext(browserElement) {- return getAllRemoteBrowsingContexts(browserElement?.browsingContext).filter(- browsingContext =>- shouldNotifyWindowGlobal(browsingContext, browserElement?.browserId, {- acceptNonRemoteFrame: isEveryFrameTargetEnabled,- })- );+ }+ return []; } // Set to true to log info about about WindowGlobal's being watched.
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Information Leak] [devtools/server/actors/watcher/target-helpers/frame-helper.js] [Lines: Removed getAllRemoteBrowsingContexts and shouldNotifyWindowGlobal imports]
[Old Code]
```
const {
getAllRemoteBrowsingContexts,
shouldNotifyWindowGlobal,
} = require("devtools/server/actors/watcher/target-helpers/utils.js");
```
[Fixed Code]
Removed these imports and replaced their functionality with watcher.getAllBrowsingContexts()
2. Vulnerability Existed: not sure
[Potential Privilege Escalation] [devtools/server/actors/watcher/target-helpers/frame-helper.js] [Lines: Changed condition checks for server target switching]
[Old Code]
```
if (watcher.isServerTargetSwitchingEnabled && watcher.browserElement)
```
[Fixed Code]
```
if (
watcher.sessionContext.isServerTargetSwitchingEnabled &&
watcher.sessionContext.type == "browser-element"
)
```
3. Vulnerability Existed: not sure
[Potential Cross-Origin Information Leak] [devtools/server/actors/watcher/target-helpers/frame-helper.js] [Lines: Changed browsing context filtering logic]
[Old Code]
```
const browsingContexts = getFilteredRemoteBrowsingContext(
watcher.browserElement
);
```
[Fixed Code]
```
const browsingContexts = watcher.getAllBrowsingContexts().filter(
browsingContext =>
browsingContext != watcher.browserElement?.browsingContext
);
```
4. Vulnerability Existed: not sure
[Potential Session Handling Vulnerability] [devtools/server/actors/watcher/target-helpers/frame-helper.js] [Lines: Simplified destroyTargets logic]
[Old Code]
Complex logic with multiple conditions for destroying targets
[Fixed Code]
```
const browsingContexts = watcher.getAllBrowsingContexts();
```
The changes appear to focus on:
1. Simplifying the browsing context management logic
2. Moving to a more centralized approach using watcher.getAllBrowsingContexts()
3. Adding more explicit session context checks
4. Removing potentially redundant or overly complex filtering logic
While no specific vulnerabilities are clearly identified, these changes could potentially address:
- Information leakage between browsing contexts
- Improper session handling
- Privilege escalation risks
- Cross-origin information leaks
The removal of the isEveryFrameTargetEnabled preference check suggests this feature might have been removed or redesigned to be more secure.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/darling/tests/accrue_errors.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/darling/tests/accrue_errors.rs@@ -1,15 +1,9 @@+#![allow(dead_code)] //! These tests verify that multiple errors will be collected up from throughout //! the parsing process and returned correctly to the caller.-#[macro_use]-extern crate darling;-#[macro_use]-extern crate syn;-#[macro_use]-extern crate quote;--use darling::ast;-use darling::FromDeriveInput;+use darling::{ast, FromDeriveInput, FromField, FromMeta};+use syn::parse_quote; #[derive(Debug, FromDeriveInput)] #[darling(attributes(accrue))]
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be code cleanup and modernization rather than security-related fixes. Here's the analysis:
Vulnerability Existed: no
[Code modernization/cleanup] [third_party/rust/darling/tests/accrue_errors.rs] [Lines 1-15]
[Old Code]
#[macro_use]
extern crate darling;
#[macro_use]
extern crate syn;
#[macro_use]
extern crate quote;
use darling::ast;
use darling::FromDeriveInput;
[Fixed Code]
#![allow(dead_code)]
use darling::{ast, FromDeriveInput, FromField, FromMeta};
use syn::parse_quote;
The changes include:
1. Adding `#![allow(dead_code)]` pragma
2. Removing old-style `extern crate` declarations (modern Rust doesn't need these)
3. Consolidating imports
4. Adding additional trait imports (FromField, FromMeta)
5. Adding syn::parse_quote import
These are all code quality improvements rather than security fixes. No vulnerabilities were addressed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/toolkit/components/telemetry/Histograms.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/toolkit/components/telemetry/Histograms.json@@ -3029,34 +3029,34 @@ "TLS_EARLY_DATA_NEGOTIATED": { "record_in_processes": ["main", "socket"], "products": ["firefox", "fennec"],- "expires_in_version": "99",+ "expires_in_version": "never", "kind": "enumerated", "n_values": 3, "description": "Sending TLS early data was possible: 0 - not possible, 1 - possible but not used, 2 - possible and used.",- "alert_emails": ["[email protected]", "[email protected]"],- "bug_numbers": [1296288, 1654309],+ "alert_emails": ["[email protected]", "[email protected]", "[email protected]"],+ "bug_numbers": [1296288, 1654309, 1749881], "releaseChannelCollection": "opt-out" }, "TLS_EARLY_DATA_ACCEPTED": { "record_in_processes": ["main", "socket"], "products": ["firefox", "fennec"],- "expires_in_version": "99",+ "expires_in_version": "never", "kind": "boolean", "description": "TLS early data was used and it was accepted (true) or rejected (false) by the remote host.",- "alert_emails": ["[email protected]", "[email protected]"],- "bug_numbers": [1296288, 1654309],+ "alert_emails": ["[email protected]", "[email protected]", "[email protected]"],+ "bug_numbers": [1296288, 1654309, 1749881], "releaseChannelCollection": "opt-out" }, "TLS_EARLY_DATA_BYTES_WRITTEN": { "record_in_processes": ["main", "socket"], "products": ["firefox", "fennec"],- "expires_in_version": "99",+ "expires_in_version": "never", "kind": "exponential", "high": 60000, "n_buckets": 100, "description": "Amount of bytes sent using TLS early data at the start of a TLS connection for a given channel.",- "alert_emails": ["[email protected]", "[email protected]"],- "bug_numbers": [1296288, 1654309],+ "alert_emails": ["[email protected]", "[email protected]", "[email protected]"],+ "bug_numbers": [1296288, 1654309, 1749881], "releaseChannelCollection": "opt-out" }, "SSL_HANDSHAKE_VERSION": {@@ -8238,9 +8238,9 @@ "PWMGR_IMPORT_LOGINS_FROM_FILE_MS": { "record_in_processes": ["main"], "products": ["firefox"],- "bug_numbers": [1688653],+ "bug_numbers": [1688653, 1749882], "alert_emails": ["[email protected]", "[email protected]"],- "expires_in_version": "99",+ "expires_in_version": "105", "kind": "exponential", "n_buckets": 70, "high": 100000,@@ -8289,9 +8289,9 @@ "PWMGR_IMPORT_LOGINS_FROM_FILE_JANK_MS": { "record_in_processes": ["main"], "products": ["firefox"],- "bug_numbers": [1338522, 1584261, 1643431, 1678204],+ "bug_numbers": [1338522, 1584261, 1643431, 1678204, 1749883], "alert_emails": ["[email protected]", "[email protected]"],- "expires_in_version": "99",+ "expires_in_version": "105", "kind": "exponential", "n_buckets": 20, "high": 60000,@@ -8340,9 +8340,9 @@ "PWMGR_IMPORT_LOGINS_FROM_FILE_CATEGORICAL": { "record_in_processes": ["main"], "products": ["firefox"],- "bug_numbers": [1688653],+ "bug_numbers": [1688653, 1749882], "alert_emails": ["[email protected]", "[email protected]"],- "expires_in_version": "99",+ "expires_in_version": "105", "kind": "categorical", "labels": ["added", "modified", "error", "no_change"], "releaseChannelCollection": "opt-out",@@ -10526,25 +10526,25 @@ "record_in_processes": ["main"], "products": ["firefox"], "alert_emails": ["[email protected]", "[email protected]"],- "expires_in_version": "98",+ "expires_in_version": "105", "description": "Milliseconds taken from when a print is initiated (typically by the user) to when the platform code is sent the print settings to create the initial print preview document.", "kind": "exponential", "high": 10000, "n_buckets": 50, "releaseChannelCollection": "opt-out",- "bug_numbers": [1663733, 1714261]+ "bug_numbers": [1663733, 1714261, 1745270] }, "PRINT_INIT_TO_PREVIEW_DOC_SHOWN_MS" : { "record_in_processes": ["main"], "products": ["firefox"], "alert_emails": ["[email protected]", "[email protected]"],- "expires_in_version": "98",+ "expires_in_version": "105", "description": "Milliseconds taken from when a print is initiated (typically by the user) to when the initial print preview document is shown.", "kind": "exponential", "high": 10000, "n_buckets": 50, "releaseChannelCollection": "opt-out",- "bug_numbers": [1663733, 1714261]+ "bug_numbers": [1663733, 1714261, 1745270] }, "DEVTOOLS_COLD_TOOLBOX_OPEN_DELAY_MS": { "record_in_processes": ["main"],@@ -12730,15 +12730,6 @@ "bug_numbers": [1293231], "releaseChannelCollection": "opt-out", "description": "Verification status of Signed Certificate Timestamps received (0=Decoding error, 1=Valid SCT, 2=SCT from unknown log, 3=Invalid SCT signature, 4=SCT timestamp is in the future, 5=Valid SCT from a disqualified log)"- },- "SSL_SERVER_AUTH_EKU": {- "record_in_processes": ["main", "content"],- "products": ["firefox", "fennec"],- "alert_emails": ["[email protected]"],- "expires_in_version": "never",- "kind": "enumerated",- "n_values": 10,- "description": "Presence of of the Server Authenticaton EKU in accepted SSL server certificates (0=No EKU, 1=EKU present and has id_kp_serverAuth, 2=EKU present and has id_kp_serverAuth as well as some other EKU, 3=EKU present but does not contain id_kp_serverAuth)" }, "TLS_ERROR_REPORT_UI": { "record_in_processes": ["main", "content"],@@ -13416,7 +13407,9 @@ "rdd-crash", "rdd-hang", "socket-crash",- "socket-hang"+ "socket-hang",+ "utility-crash",+ "utility-hang" ], "releaseChannelCollection": "opt-out", "description": "An attempt to submit a crash. Keyed on the CrashManager Crash.type."@@ -14025,18 +14018,7 @@ "keys": ["All", "Fetch"], "bug_numbers": [1740335], "alert_emails": ["[email protected]", "[email protected]", "[email protected]"],- "description": "The sampled number of simultaneous running ServiceWorkers in a session, sampled once each minute"- },- "SERVICE_WORKER_FETCH_RUNNING": {- "record_in_processes": ["main"],- "products": ["firefox", "fennec"],- "expires_in_version": "102",- "kind": "linear",- "high": 31,- "n_buckets": 30,- "bug_numbers": [1740335],- "alert_emails": ["[email protected]", "[email protected]", "[email protected]"],- "description": "The sampled number of simultaneous running ServiceWorkers handling Fetch in a session, sampled every minute"+ "description": "The sampled number of simultaneous running ServiceWorkers in a session, sampled once each 10 seconds (lazily on state change)" }, "GRAPHICS_SANITY_TEST": { "record_in_processes": ["main", "content"],@@ -14522,6 +14504,18 @@ "n_buckets": 50, "bug_numbers": [1238433, 1570634], "description": "Percentage of frames decoded frames dropped in an HTMLVideoElement"+ },+ "VIDEO_DROPPED_FRAMES_PROPORTION_EXPONENTIAL" : {+ "record_in_processes": ["content"],+ "products": ["firefox"],+ "alert_emails": ["[email protected]", "[email protected]", "[email protected]"],+ "expires_in_version": "never",+ "releaseChannelCollection": "opt-out",+ "kind": "exponential",+ "high": 10000,+ "n_buckets": 100,+ "bug_numbers": [1238433, 1570634, 1752207, 1755363],+ "description": "Frames of of 10,000 decoded frames dropped in an HTMLVideoElement" }, "MEDIA_DECODER_BACKEND_USED": { "record_in_processes": ["main", "content", "gpu"],
Here's the analysis of the provided code diff for security fixes: 1. Vulnerability Existed: not sure [Potential TLS Early Data Monitoring Change] [File] [Lines 3029-3059] [Old Code] "expires_in_version": "99", [Fixed Code] "expires_in_version": "never", Additional Details: The change extends TLS early data monitoring indefinitely, which could be related to ongoing security monitoring but doesn't indicate a direct vulnerability fix. 2. Vulnerability Existed: not sure [Password Manager Import Monitoring Extension] [File] [Lines 8238-8349] [Old Code] "expires_in_version": "99", [Fixed Code] "expires_in_version": "105", Additional Details: The password manager import monitoring period was extended, possibly to track security-related issues longer, but no direct vulnerability is evident. 3. Vulnerability Existed: not sure [Removed SSL Server Auth EKU Metric] [File] [Lines 12730-12739] [Old Code] Entire "SSL_SERVER_AUTH_EKU" section present [Fixed Code] Section removed Additional Details: The removal of SSL server authentication EKU monitoring might indicate a change in security monitoring strategy, but the reason isn't clear from the diff. 4. Vulnerability Existed: not sure [Extended Print Security Monitoring] [File] [Lines 10526-10547] [Old Code] "expires_in_version": "98", [Fixed Code] "expires_in_version": "105", Additional Details: The print-related security monitoring was extended, possibly to address ongoing security concerns, but no specific vulnerability is mentioned. 5. Vulnerability Existed: not sure [Service Worker Monitoring Change] [File] [Lines 14018-14028] [Old Code] Entire "SERVICE_WORKER_FETCH_RUNNING" section present [Fixed Code] Section removed Additional Details: The removal of specific Service Worker fetch monitoring might indicate a change in security monitoring approach, but the reason isn't clear. Note: The diff shows several changes to telemetry monitoring configurations, but none clearly indicate specific vulnerability fixes. The changes appear to be mostly about extending monitoring periods, adding/removing monitoring points, and updating contact information. Without access to the referenced bug numbers or additional context, it's difficult to determine if these changes were directly related to security vulnerabilities.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/neqo-http3/tests/webtransport/streams.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/neqo-http3/tests/webtransport/streams.rs@@ -5,7 +5,7 @@ // except according to those terms. use crate::webtransport::WtTest;-use neqo_http3::Error;+use neqo_http3::{features::extended_connect::SessionCloseReason, Error}; use neqo_transport::StreamType; use std::mem;@@ -274,7 +274,10 @@ Some(Error::HttpRequestCancelled.code()), &[bidi_from_client], Some(Error::HttpRequestCancelled.code()),- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -306,7 +309,10 @@ Some(Error::HttpRequestCancelled.code()), &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -339,7 +345,10 @@ None, &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(&[], None, &[], None, false, None);@@ -365,7 +374,10 @@ None, &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -398,7 +410,10 @@ Some(Error::HttpNoError.code()), &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(&[], None, &[], None, false, None);@@ -422,7 +437,10 @@ Some(Error::HttpRequestCancelled.code()), &[bidi_from_server.stream_id()], Some(Error::HttpRequestCancelled.code()),- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -453,7 +471,10 @@ None, &[unidi_from_server.stream_id()], Some(Error::HttpRequestCancelled.code()),- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -485,7 +506,10 @@ None, &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(&[], None, &[], None, false, None);@@ -509,7 +533,10 @@ None, &[unidi_server.stream_id()], Some(Error::HttpNoError.code()),- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(&[], None, &[], None, false, None);@@ -533,7 +560,10 @@ None, &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -567,7 +597,10 @@ None, &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(&[], None, &[], None, false, None);@@ -592,7 +625,10 @@ None, &[], None,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -626,7 +662,10 @@ Some(Error::HttpRequestCancelled.code()), &[bidi_client_1, bidi_client_2], Some(Error::HttpRequestCancelled.code()),- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_client(@@ -671,7 +710,10 @@ &[bidi_client], Some(Error::HttpRequestCancelled.code()), false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(@@ -702,7 +744,10 @@ &[unidi_client], Some(Error::HttpRequestCancelled.code()), false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(@@ -735,7 +780,10 @@ &[], None, false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(&[], None, &[], None, None);@@ -761,7 +809,10 @@ &[unidi_client], Some(Error::HttpNoError.code()), false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(&[], None, &[], None, None);@@ -786,7 +837,10 @@ &[bidi_server.stream_id()], Some(Error::HttpRequestCancelled.code()), false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(@@ -817,7 +871,10 @@ &[], None, false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server( &[],@@ -849,7 +906,10 @@ &[], None, false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(&[], None, &[], None, None);@@ -875,7 +935,10 @@ &[], None, false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(&[], None, &[], None, None);@@ -904,7 +967,10 @@ &[], None, false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(&[], None, &[], None, None);@@ -930,7 +996,10 @@ &[bidi_server.stream_id()], Some(Error::HttpNoError.code()), false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(&[], None, &[], None, None);@@ -958,7 +1027,10 @@ &[bidi_client_1, bidi_client_2], Some(Error::HttpRequestCancelled.code()), false,- Some((wt_session.stream_id(), Some(Error::HttpNoError.code()))),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Error(Error::HttpNoError.code()),+ )), ); wt.check_events_after_closing_session_server(@@ -969,3 +1041,41 @@ None, ); }++#[test]+fn wt_session_close_frame_and_streams_client() {+ const BUF: &[u8] = &[0; 10];+ const ERROR_NUM: u32 = 23;+ const ERROR_MESSAGE: &str = "Something went wrong";+ let mut wt = WtTest::new();+ let mut wt_session = wt.create_wt_session();++ let mut unidi_server = wt.create_wt_stream_server(&mut wt_session, StreamType::UniDi);+ wt.send_data_server(&mut unidi_server, BUF);+ wt.exchange_packets();++ wt.session_close_frame_client(wt_session.stream_id(), ERROR_NUM, ERROR_MESSAGE);+ wt.check_events_after_closing_session_client(+ &[unidi_server.stream_id()],+ Some(Error::HttpRequestCancelled.code()),+ &[],+ None,+ false,+ None,+ );+ wt.exchange_packets();++ wt.check_events_after_closing_session_server(+ &[],+ None,+ &[unidi_server.stream_id()],+ Some(Error::HttpRequestCancelled.code()),+ Some((+ wt_session.stream_id(),+ SessionCloseReason::Clean {+ error: ERROR_NUM,+ message: ERROR_MESSAGE.to_string(),+ },+ )),+ );+}
After analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be primarily about improving the handling of session close reasons by using a more structured `SessionCloseReason` enum instead of raw error codes. Here's my analysis: 1. Vulnerability Existed: no No specific vulnerability found File: third_party/rust/neqo-http3/tests/webtransport/streams.rs Changes involve replacing `Some(Error::HttpNoError.code())` with `SessionCloseReason::Error(Error::HttpNoError.code())` throughout the file The changes appear to be: 1. Adding import for `SessionCloseReason` 2. Replacing multiple instances of raw error code handling with structured `SessionCloseReason` enum 3. Adding a new test case `wt_session_close_frame_and_streams_client` These changes seem to be code quality/refactoring improvements rather than security fixes. The new test case also appears to be adding test coverage rather than fixing a vulnerability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_about_nimbus.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/browser/components/privatebrowsing/test/browser/browser_privatebrowsing_about_nimbus.js@@ -8,11 +8,25 @@ const { ExperimentAPI } = ChromeUtils.import( "resource://nimbus/ExperimentAPI.jsm" );+const { TelemetryTestUtils } = ChromeUtils.import(+ "resource://testing-common/TelemetryTestUtils.jsm"+);+const { PanelTestProvider } = ChromeUtils.import(+ "resource://activity-stream/lib/PanelTestProvider.jsm"+);+const { ASRouter } = ChromeUtils.import(+ "resource://activity-stream/lib/ASRouter.jsm"+); /** * These tests ensure that the experiment and remote default capabilities * for the "privatebrowsing" feature are working as expected. */++add_task(async function setup() {+ // XXX I believe this is likely to become unnecessary as part of the fix for bug 1749775.+ requestLongerTimeout(5);+}); async function openTabAndWaitForRender() { let { win, tab } = await openAboutPrivateBrowsing();@@ -45,11 +59,48 @@ }, "waiting for telemetry event"); }+async function setupMSExperimentWithMessage(message) {+ let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({+ featureId: "pbNewtab",+ enabled: true,+ value: message,+ });+ Services.prefs.setStringPref(+ "browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments",+ '{"id":"messaging-experiments","enabled":true,"type":"remote-experiments","messageGroups":["pbNewtab"],"updateCycleInMs":0}'+ );+ // Reload the provider+ await ASRouter._updateMessageProviders();+ // Wait to load the messages from the messaging-experiments provider+ await ASRouter.loadMessagesFromAllProviders();++ registerCleanupFunction(async () => {+ // Reload the provider again at cleanup to remove the experiment message+ await ASRouter._updateMessageProviders();+ // Wait to load the messages from the messaging-experiments provider+ await ASRouter.loadMessagesFromAllProviders();+ Services.prefs.clearUserPref(+ "browser.newtabpage.activity-stream.asrouter.providers.messaging-experiments"+ );+ });++ Assert.ok(+ ASRouter.state.messages.find(m => m.id.includes(message.id)),+ "Experiment message found in ASRouter state"+ );++ return doExperimentCleanup;+}+ add_task(async function test_experiment_plain_text() {- let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({- featureId: "privatebrowsing",- enabled: true,- value: {+ const defaultMessageContent = (await PanelTestProvider.getMessages()).find(+ m => m.template === "pb_newtab"+ ).content;+ let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({+ featureId: "privatebrowsing",+ enabled: true,+ value: {+ ...defaultMessageContent, infoTitle: "Hello world", infoTitleEnabled: true, infoBody: "This is some text",@@ -94,10 +145,14 @@ }); add_task(async function test_experiment_fluent() {- let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({- featureId: "privatebrowsing",- enabled: true,- value: {+ const defaultMessageContent = (await PanelTestProvider.getMessages()).find(+ m => m.template === "pb_newtab"+ ).content;+ let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({+ featureId: "privatebrowsing",+ enabled: true,+ value: {+ ...defaultMessageContent, infoBody: "fluent:about-private-browsing-info-title", promoLinkText: "fluent:about-private-browsing-prominent-cta", },@@ -180,6 +235,8 @@ featureId: "privatebrowsing", enabled: true, value: {+ infoEnabled: true,+ promoEnabled: true, infoLinkUrl: "http://foo.mozilla.com/%LOCALE%", promoLinkUrl: "http://bar.mozilla.com/%LOCALE%", },@@ -209,6 +266,7 @@ featureId: "privatebrowsing", enabled: true, value: {+ infoEnabled: true, infoLinkUrl: "http://example.com", }, });@@ -238,6 +296,7 @@ featureId: "privatebrowsing", enabled: true, value: {+ promoEnabled: true, promoLinkUrl: "http://example.com", }, });@@ -263,9 +322,13 @@ }); add_task(async function test_experiment_bottom_promo() {- let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({- featureId: "privatebrowsing",- value: {+ const defaultMessageContent = (await PanelTestProvider.getMessages()).find(+ m => m.template === "pb_newtab"+ ).content;+ let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({+ featureId: "privatebrowsing",+ value: {+ ...defaultMessageContent, enabled: true, promoLinkType: "button", promoSectionStyle: "bottom",@@ -316,9 +379,13 @@ }); add_task(async function test_experiment_below_search_promo() {- let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({- featureId: "privatebrowsing",- value: {+ const defaultMessageContent = (await PanelTestProvider.getMessages()).find(+ m => m.template === "pb_newtab"+ ).content;+ let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({+ featureId: "privatebrowsing",+ value: {+ ...defaultMessageContent, enabled: true, promoLinkType: "button", promoSectionStyle: "below-search",@@ -371,9 +438,13 @@ }); add_task(async function test_experiment_top_promo() {- let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({- featureId: "privatebrowsing",- value: {+ const defaultMessageContent = (await PanelTestProvider.getMessages()).find(+ m => m.template === "pb_newtab"+ ).content;+ let doExperimentCleanup = await ExperimentFakes.enrollWithFeatureConfig({+ featureId: "privatebrowsing",+ value: {+ ...defaultMessageContent, enabled: true, promoLinkType: "button", promoSectionStyle: "top",@@ -421,3 +492,178 @@ await doExperimentCleanup(); });++add_task(async function test_experiment_messaging_system() {+ const LOCALE = Services.locale.appLocaleAsBCP47;+ let doExperimentCleanup = await setupMSExperimentWithMessage({+ id: "PB_NEWTAB_MESSAGING_SYSTEM",+ template: "pb_newtab",+ content: {+ promoEnabled: true,+ infoEnabled: true,+ infoBody: "fluent:about-private-browsing-info-title",+ promoLinkText: "fluent:about-private-browsing-prominent-cta",+ infoLinkUrl: "http://foo.example.com/%LOCALE%",+ promoLinkUrl: "http://bar.example.com/%LOCALE%",+ },+ // Priority ensures this message is picked over the one in+ // OnboardingMessageProvider+ priority: 5,+ targeting: "true",+ });++ Services.telemetry.clearEvents();++ let { win, tab } = await openTabAndWaitForRender();++ await SpecialPowers.spawn(tab, [LOCALE], async function(locale) {+ const infoBody = content.document.getElementById("info-body");+ const promoLink = content.document.getElementById(+ "private-browsing-vpn-link"+ );++ // Check experiment values are rendered+ is(+ infoBody.textContent,+ "You’re in a Private Window",+ "should render infoBody with fluent"+ );+ is(+ promoLink.textContent,+ "Stay private with Mozilla VPN",+ "should render promoLinkText with fluent"+ );+ is(+ content.document.querySelector(".info a").getAttribute("href"),+ "http://foo.example.com/" + locale,+ "should format the infoLinkUrl url"+ );+ is(+ content.document.querySelector(".promo a").getAttribute("href"),+ "http://bar.example.com/" + locale,+ "should format the promoLinkUrl url"+ );+ });++ // There's something buggy here, disabling for now to prevent intermittent failures+ // until we fix it in bug 1749775.+ //+ // TelemetryTestUtils.assertEvents(+ // [+ // {+ //+ // method: "expose",+ // extra: {+ // featureId: "pbNewtab",+ // },+ // },+ // ],+ // { category: "normandy" }+ // );++ await BrowserTestUtils.closeWindow(win);+ await doExperimentCleanup();+});++add_task(async function test_experiment_messaging_system_impressions() {+ const LOCALE = Services.locale.appLocaleAsBCP47;+ let doExperimentCleanup = await setupMSExperimentWithMessage({+ id: `PB_NEWTAB_MESSAGING_SYSTEM_${Math.random()}`,+ template: "pb_newtab",+ content: {+ promoEnabled: true,+ infoEnabled: true,+ infoBody: "fluent:about-private-browsing-info-title",+ promoLinkText: "fluent:about-private-browsing-prominent-cta",+ infoLinkUrl: "http://foo.example.com/%LOCALE%",+ promoLinkUrl: "http://bar.example.com/%LOCALE%",+ },+ frequency: {+ lifetime: 2,+ },+ // Priority ensures this message is picked over the one in+ // OnboardingMessageProvider+ priority: 5,+ targeting: "true",+ });+ let { win: win1, tab: tab1 } = await openTabAndWaitForRender();++ await SpecialPowers.spawn(tab1, [LOCALE], async function(locale) {+ is(+ content.document.querySelector(".promo a").getAttribute("href"),+ "http://bar.example.com/" + locale,+ "should format the promoLinkUrl url"+ );+ });++ let { win: win2, tab: tab2 } = await openTabAndWaitForRender();++ await SpecialPowers.spawn(tab2, [LOCALE], async function(locale) {+ is(+ content.document.querySelector(".promo a").getAttribute("href"),+ "http://bar.example.com/" + locale,+ "should format the promoLinkUrl url"+ );+ });++ let { win: win3, tab: tab3 } = await openTabAndWaitForRender();++ await SpecialPowers.spawn(tab3, [], async function() {+ is(+ content.document.querySelector(".promo a"),+ null,+ "should no longer render the experiment message after 2 impressions"+ );+ });++ await BrowserTestUtils.closeWindow(win1);+ await BrowserTestUtils.closeWindow(win2);+ await BrowserTestUtils.closeWindow(win3);+ await doExperimentCleanup();+});++add_task(async function test_experiment_messaging_system_dismiss() {+ const LOCALE = Services.locale.appLocaleAsBCP47;+ let doExperimentCleanup = await setupMSExperimentWithMessage({+ id: `PB_NEWTAB_MESSAGING_SYSTEM_${Math.random()}`,+ template: "pb_newtab",+ content: {+ promoEnabled: true,+ infoEnabled: true,+ infoBody: "fluent:about-private-browsing-info-title",+ promoLinkText: "fluent:about-private-browsing-prominent-cta",+ infoLinkUrl: "http://foo.example.com/%LOCALE%",+ promoLinkUrl: "http://bar.example.com/%LOCALE%",+ },+ // Priority ensures this message is picked over the one in+ // OnboardingMessageProvider+ priority: 5,+ targeting: "true",+ });++ let { win: win1, tab: tab1 } = await openTabAndWaitForRender();++ await SpecialPowers.spawn(tab1, [LOCALE], async function(locale) {+ is(+ content.document.querySelector(".promo a").getAttribute("href"),+ "http://bar.example.com/" + locale,+ "should format the promoLinkUrl url"+ );++ content.document.querySelector("#dismiss-btn").click();+ });++ let { win: win2, tab: tab2 } = await openTabAndWaitForRender();++ await SpecialPowers.spawn(tab2, [], async function() {+ is(+ content.document.querySelector(".promo a"),+ null,+ "should no longer render the experiment message after dismissing"+ );+ });++ await BrowserTestUtils.closeWindow(win1);+ await BrowserTestUtils.closeWindow(win2);+ await doExperimentCleanup();+});
After analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be primarily focused on: 1. Adding new test functionality for messaging system experiments 2. Improving test coverage for private browsing features 3. Adding new imports and utility functions 4. Enhancing existing test cases with additional checks Here's the structured analysis: Vulnerability Existed: no No security vulnerability found [browser_privatebrowsing_about_nimbus.js] [entire file] The changes are test-related improvements and feature enhancements rather than security fixes. The main changes include: 1. Added new imports for TelemetryTestUtils, PanelTestProvider, and ASRouter 2. Added new test functions for messaging system experiments 3. Enhanced existing test cases with additional content merging from default messages 4. Added new test cases for message impressions and dismissals These changes appear to be part of normal feature development and test improvement rather than addressing any specific security vulnerabilities. The code follows proper patterns for handling experiment configurations and message rendering in private browsing mode. If I had to identify potential areas of security consideration, they would be: 1. The URL handling with %LOCALE% substitution appears properly implemented 2. The message dismissal and impression counting mechanisms look correctly implemented 3. The experiment enrollment and cleanup processes appear robust However, none of these represent actual vulnerabilities that were fixed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fill.rtl-manual.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fill.rtl-manual.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#000'; ctx.fillRect(0, 0, 100, 50);
Analysis of the provided code diff:
1. Vulnerability Existed: no
No specific vulnerability found [File] [Lines 17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
- The change appears to be purely a variable name change from `offscreenCanvas` to `canvas`
- No security implications are evident from this change
- This is likely a code style/consistency improvement rather than a security fix
- No known vulnerability patterns are being addressed here
The diff shows only a variable renaming which doesn't relate to any security vulnerability. The functionality remains identical, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arcTo.transformation.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.arcTo.transformation.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -25,15 +25,15 @@ ctx.arcTo(50, 50, 50, 0, 50); ctx.lineTo(-100, 0); ctx.fill();-_assertPixel(offscreenCanvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,0, 0,255,0,255, "50,0", "0,255,0,255");-_assertPixel(offscreenCanvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255");-_assertPixel(offscreenCanvas, 0,25, 0,255,0,255, "0,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 99,25, 0,255,0,255, "99,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,49, 0,255,0,255, "50,49", "0,255,0,255");-_assertPixel(offscreenCanvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255");+_assertPixel(canvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255");+_assertPixel(canvas, 50,0, 0,255,0,255, "50,0", "0,255,0,255");+_assertPixel(canvas, 99,0, 0,255,0,255, "99,0", "0,255,0,255");+_assertPixel(canvas, 0,25, 0,255,0,255, "0,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 99,25, 0,255,0,255, "99,25", "0,255,0,255");+_assertPixel(canvas, 0,49, 0,255,0,255, "0,49", "0,255,0,255");+_assertPixel(canvas, 50,49, 0,255,0,255, "50,49", "0,255,0,255");+_assertPixel(canvas, 99,49, 0,255,0,255, "99,49", "0,255,0,255"); t.done(); });
Analysis of the provided code diff:
1. Vulnerability Existed: no
Variable Renaming [File] [Lines 13-14, 25-33]
Old Code:
```javascript
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
// ...
_assertPixel(offscreenCanvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255");
// ...
```
Fixed Code:
```javascript
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
// ...
_assertPixel(canvas, 0,0, 0,255,0,255, "0,0", "0,255,0,255");
// ...
```
Additional Details:
The changes in this diff are purely cosmetic, renaming the variable `offscreenCanvas` to `canvas` and updating all references to it. There are no security vulnerabilities being fixed here - this appears to be a code style/consistency improvement rather than a security patch. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsla-clamp-3.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsla-clamp-3.html@@ -17,14 +17,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillStyle = 'hsla(120, 100%, 200%, 1)'; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 255,255,255,255, "50,25", "255,255,255,255");+_assertPixel(canvas, 50,25, 255,255,255,255, "50,25", "255,255,255,255"); t.done(); });
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable name refactoring without any security implications.
Here's the analysis following your requested format:
Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsla-clamp-3.html] [Lines 17-25]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
...
_assertPixel(offscreenCanvas, 50,25, 255,255,255,255, "50,25", "255,255,255,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
...
_assertPixel(canvas, 50,25, 255,255,255,255, "50,25", "255,255,255,255");
The changes simply rename the variable `offscreenCanvas` to `canvas` and update its references. This is a code style/readability improvement rather than a security fix. No security vulnerability patterns (like XSS, injection, etc.) are present in either the old or new code.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-simple.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-simple.html@@ -6,7 +6,6 @@ <link rel="reviewer" title="Mihai Balan" href="mailto:[email protected]"> <link rel="help" href="https://drafts.fxtf.org/compositing-1/#mix-blend-mode"> <meta name="assert" content="Test checks that an element with mix-blend-mode blends with its parent element.">- <meta name="flags" content=""/> <link rel="match" href="reference/green-square.html"> <style type="text/css"> div {
Based on the provided code diff, here's the analysis: Vulnerability Existed: no No security vulnerability found [testing/web-platform/tests/css/compositing/mix-blend-mode/mix-blend-mode-simple.html] [Lines 6] [Old Code: <meta name="flags" content=""/>] [Fixed Code: (removed line)] Additional Details: The change simply removes an empty meta tag for "flags" which doesn't appear to have any security implications. This seems to be a cleanup of unnecessary markup rather than a security fix. No known vulnerability is associated with this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/media/ffvpx/config_common.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/media/ffvpx/config_common.h@@ -18,15 +18,21 @@ #define CONFIG_RDFT 1 #endif-#ifdef MOZ_WAYLAND+#if defined(MOZ_WAYLAND) && !defined(MOZ_FFVPX_AUDIOONLY) #undef CONFIG_VAAPI+#undef CONFIG_VAAPI_1 #undef CONFIG_VP8_VAAPI_HWACCEL #undef CONFIG_VP9_VAAPI_HWACCEL #undef CONFIG_AV1_VAAPI_HWACCEL+#undef CONFIG_LIBDAV1D+#undef CONFIG_AV1_DECODER #define CONFIG_VAAPI 1+#define CONFIG_VAAPI_1 1 #define CONFIG_VP8_VAAPI_HWACCEL 1 #define CONFIG_VP9_VAAPI_HWACCEL 1 #define CONFIG_AV1_VAAPI_HWACCEL 1+#define CONFIG_LIBDAV1D 1+#define CONFIG_AV1_DECODER 1 #endif #endif
Here's the analysis of the provided code diff following the specified format: 1. Vulnerability Existed: not sure Potential Build Configuration Issue [media/ffvpx/config_common.h] [Lines 18-21,23-30] Old Code: ```c #ifdef MOZ_WAYLAND #undef CONFIG_VAAPI #undef CONFIG_VP8_VAAPI_HWACCEL #undef CONFIG_VP9_VAAPI_HWACCEL #undef CONFIG_AV1_VAAPI_HWACCEL #define CONFIG_VAAPI 1 #define CONFIG_VP8_VAAPI_HWACCEL 1 #define CONFIG_VP9_VAAPI_HWACCEL 1 #define CONFIG_AV1_VAAPI_HWACCEL 1 #endif ``` Fixed Code: ```c #if defined(MOZ_WAYLAND) && !defined(MOZ_FFVPX_AUDIOONLY) #undef CONFIG_VAAPI #undef CONFIG_VAAPI_1 #undef CONFIG_VP8_VAAPI_HWACCEL #undef CONFIG_VP9_VAAPI_HWACCEL #undef CONFIG_AV1_VAAPI_HWACCEL #undef CONFIG_LIBDAV1D #undef CONFIG_AV1_DECODER #define CONFIG_VAAPI 1 #define CONFIG_VAAPI_1 1 #define CONFIG_VP8_VAAPI_HWACCEL 1 #define CONFIG_VP9_VAAPI_HWACCEL 1 #define CONFIG_AV1_VAAPI_HWACCEL 1 #define CONFIG_LIBDAV1D 1 #define CONFIG_AV1_DECODER 1 #endif ``` Additional Details: - The changes appear to be related to build configuration rather than a direct security vulnerability - The modification adds more configuration undefines/defines and introduces a new condition `!defined(MOZ_FFVPX_AUDIOONLY)` - While not clearly a security fix, it might be related to preventing unwanted hardware acceleration in audio-only contexts - The changes could potentially affect security by limiting when certain hardware acceleration features are enabled
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fill.maxWidth.zero.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fill.maxWidth.zero.html@@ -18,8 +18,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50);
Analysis of the provided code diff:
1. Vulnerability Existed: no
No specific vulnerability found [File] [Lines 18-19]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
- The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`)
- No security-related changes or vulnerability fixes are evident in this diff
- This is likely a code style/readability improvement rather than a security fix
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fill.maxWidth.small.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.draw.fill.maxWidth.small.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50);
Analysis of the provided code diff:
1. Vulnerability Existed: no
No specific vulnerability found [File] [Lines 17-18]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
- The change appears to be a simple variable renaming from `offscreenCanvas` to `canvas`
- No security-related changes are evident in this diff
- The modification doesn't affect any security-sensitive operations or introduce/remove any security controls
- This appears to be a code style/readability improvement rather than a security fix
No vulnerabilities were identified in this diff. The change is purely cosmetic with no security implications.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsl-5.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.hsl-5.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillStyle = 'hsl(120.0, 100.0%, 50.0%)'; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes where a variable name was changed from `offscreenCanvas` to `canvas` for consistency or readability. The actual functionality and security implications remain the same.
Here's the structured response:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-14, 21]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes don't address any security issues but rather improve code consistency by using a more generic variable name. The functionality remains identical, and there are no security implications in either version of the code.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ash/src/vk/enums.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ash/src/vk/enums.rs@@ -5,7 +5,7 @@ pub struct ImageLayout(pub(crate) i32); impl ImageLayout { pub const fn from_raw(x: i32) -> Self {- ImageLayout(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -37,7 +37,7 @@ pub struct AttachmentLoadOp(pub(crate) i32); impl AttachmentLoadOp { pub const fn from_raw(x: i32) -> Self {- AttachmentLoadOp(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -54,7 +54,7 @@ pub struct AttachmentStoreOp(pub(crate) i32); impl AttachmentStoreOp { pub const fn from_raw(x: i32) -> Self {- AttachmentStoreOp(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -70,7 +70,7 @@ pub struct ImageType(pub(crate) i32); impl ImageType { pub const fn from_raw(x: i32) -> Self {- ImageType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -87,7 +87,7 @@ pub struct ImageTiling(pub(crate) i32); impl ImageTiling { pub const fn from_raw(x: i32) -> Self {- ImageTiling(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -103,7 +103,7 @@ pub struct ImageViewType(pub(crate) i32); impl ImageViewType { pub const fn from_raw(x: i32) -> Self {- ImageViewType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -124,7 +124,7 @@ pub struct CommandBufferLevel(pub(crate) i32); impl CommandBufferLevel { pub const fn from_raw(x: i32) -> Self {- CommandBufferLevel(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -140,7 +140,7 @@ pub struct ComponentSwizzle(pub(crate) i32); impl ComponentSwizzle { pub const fn from_raw(x: i32) -> Self {- ComponentSwizzle(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -161,7 +161,7 @@ pub struct DescriptorType(pub(crate) i32); impl DescriptorType { pub const fn from_raw(x: i32) -> Self {- DescriptorType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -186,7 +186,7 @@ pub struct QueryType(pub(crate) i32); impl QueryType { pub const fn from_raw(x: i32) -> Self {- QueryType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -204,7 +204,7 @@ pub struct BorderColor(pub(crate) i32); impl BorderColor { pub const fn from_raw(x: i32) -> Self {- BorderColor(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -224,7 +224,7 @@ pub struct PipelineBindPoint(pub(crate) i32); impl PipelineBindPoint { pub const fn from_raw(x: i32) -> Self {- PipelineBindPoint(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -240,7 +240,7 @@ pub struct PipelineCacheHeaderVersion(pub(crate) i32); impl PipelineCacheHeaderVersion { pub const fn from_raw(x: i32) -> Self {- PipelineCacheHeaderVersion(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -255,7 +255,7 @@ pub struct PrimitiveTopology(pub(crate) i32); impl PrimitiveTopology { pub const fn from_raw(x: i32) -> Self {- PrimitiveTopology(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -280,7 +280,7 @@ pub struct SharingMode(pub(crate) i32); impl SharingMode { pub const fn from_raw(x: i32) -> Self {- SharingMode(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -296,7 +296,7 @@ pub struct IndexType(pub(crate) i32); impl IndexType { pub const fn from_raw(x: i32) -> Self {- IndexType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -312,7 +312,7 @@ pub struct Filter(pub(crate) i32); impl Filter { pub const fn from_raw(x: i32) -> Self {- Filter(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -328,7 +328,7 @@ pub struct SamplerMipmapMode(pub(crate) i32); impl SamplerMipmapMode { pub const fn from_raw(x: i32) -> Self {- SamplerMipmapMode(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -346,7 +346,7 @@ pub struct SamplerAddressMode(pub(crate) i32); impl SamplerAddressMode { pub const fn from_raw(x: i32) -> Self {- SamplerAddressMode(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -364,7 +364,7 @@ pub struct CompareOp(pub(crate) i32); impl CompareOp { pub const fn from_raw(x: i32) -> Self {- CompareOp(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -386,7 +386,7 @@ pub struct PolygonMode(pub(crate) i32); impl PolygonMode { pub const fn from_raw(x: i32) -> Self {- PolygonMode(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -403,7 +403,7 @@ pub struct FrontFace(pub(crate) i32); impl FrontFace { pub const fn from_raw(x: i32) -> Self {- FrontFace(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -419,7 +419,7 @@ pub struct BlendFactor(pub(crate) i32); impl BlendFactor { pub const fn from_raw(x: i32) -> Self {- BlendFactor(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -452,7 +452,7 @@ pub struct BlendOp(pub(crate) i32); impl BlendOp { pub const fn from_raw(x: i32) -> Self {- BlendOp(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -471,7 +471,7 @@ pub struct StencilOp(pub(crate) i32); impl StencilOp { pub const fn from_raw(x: i32) -> Self {- StencilOp(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -493,7 +493,7 @@ pub struct LogicOp(pub(crate) i32); impl LogicOp { pub const fn from_raw(x: i32) -> Self {- LogicOp(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -523,7 +523,7 @@ pub struct InternalAllocationType(pub(crate) i32); impl InternalAllocationType { pub const fn from_raw(x: i32) -> Self {- InternalAllocationType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -538,7 +538,7 @@ pub struct SystemAllocationScope(pub(crate) i32); impl SystemAllocationScope { pub const fn from_raw(x: i32) -> Self {- SystemAllocationScope(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -557,7 +557,7 @@ pub struct PhysicalDeviceType(pub(crate) i32); impl PhysicalDeviceType { pub const fn from_raw(x: i32) -> Self {- PhysicalDeviceType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -576,7 +576,7 @@ pub struct VertexInputRate(pub(crate) i32); impl VertexInputRate { pub const fn from_raw(x: i32) -> Self {- VertexInputRate(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -592,7 +592,7 @@ pub struct Format(pub(crate) i32); impl Format { pub const fn from_raw(x: i32) -> Self {- Format(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -791,7 +791,7 @@ pub struct StructureType(pub(crate) i32); impl StructureType { pub const fn from_raw(x: i32) -> Self {- StructureType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -856,7 +856,7 @@ pub struct SubpassContents(pub(crate) i32); impl SubpassContents { pub const fn from_raw(x: i32) -> Self {- SubpassContents(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -873,7 +873,7 @@ pub struct Result(pub(crate) i32); impl Result { pub const fn from_raw(x: i32) -> Self {- Result(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -923,35 +923,35 @@ impl fmt::Display for Result { fn fmt(&self, fmt: &mut fmt::Formatter) -> fmt::Result { let name = match *self {- Result::SUCCESS => Some("Command completed successfully"),- Result::NOT_READY => Some("A fence or query has not yet completed"),- Result::TIMEOUT => Some("A wait operation has not completed in the specified time"),- Result::EVENT_SET => Some("An event is signaled"),- Result::EVENT_RESET => Some("An event is unsignaled"),- Result::INCOMPLETE => Some("A return array was too small for the result"),- Result::ERROR_OUT_OF_HOST_MEMORY => Some("A host memory allocation has failed"),- Result::ERROR_OUT_OF_DEVICE_MEMORY => Some("A device memory allocation has failed"),- Result::ERROR_INITIALIZATION_FAILED => Some("Initialization of a object has failed"),- Result::ERROR_DEVICE_LOST => {+ Self::SUCCESS => Some("Command completed successfully"),+ Self::NOT_READY => Some("A fence or query has not yet completed"),+ Self::TIMEOUT => Some("A wait operation has not completed in the specified time"),+ Self::EVENT_SET => Some("An event is signaled"),+ Self::EVENT_RESET => Some("An event is unsignaled"),+ Self::INCOMPLETE => Some("A return array was too small for the result"),+ Self::ERROR_OUT_OF_HOST_MEMORY => Some("A host memory allocation has failed"),+ Self::ERROR_OUT_OF_DEVICE_MEMORY => Some("A device memory allocation has failed"),+ Self::ERROR_INITIALIZATION_FAILED => Some("Initialization of a object has failed"),+ Self::ERROR_DEVICE_LOST => { Some("The logical device has been lost. See <<devsandqueues-lost-device>>") }- Result::ERROR_MEMORY_MAP_FAILED => Some("Mapping of a memory object has failed"),- Result::ERROR_LAYER_NOT_PRESENT => Some("Layer specified does not exist"),- Result::ERROR_EXTENSION_NOT_PRESENT => Some("Extension specified does not exist"),- Result::ERROR_FEATURE_NOT_PRESENT => {+ Self::ERROR_MEMORY_MAP_FAILED => Some("Mapping of a memory object has failed"),+ Self::ERROR_LAYER_NOT_PRESENT => Some("Layer specified does not exist"),+ Self::ERROR_EXTENSION_NOT_PRESENT => Some("Extension specified does not exist"),+ Self::ERROR_FEATURE_NOT_PRESENT => { Some("Requested feature is not available on this device") }- Result::ERROR_INCOMPATIBLE_DRIVER => Some("Unable to find a Vulkan driver"),- Result::ERROR_TOO_MANY_OBJECTS => {+ Self::ERROR_INCOMPATIBLE_DRIVER => Some("Unable to find a Vulkan driver"),+ Self::ERROR_TOO_MANY_OBJECTS => { Some("Too many objects of the type have already been created") }- Result::ERROR_FORMAT_NOT_SUPPORTED => {+ Self::ERROR_FORMAT_NOT_SUPPORTED => { Some("Requested format is not supported on this device") }- Result::ERROR_FRAGMENTED_POOL => Some(+ Self::ERROR_FRAGMENTED_POOL => Some( "A requested pool allocation has failed due to fragmentation of the pool's memory", ),- Result::ERROR_UNKNOWN => {+ Self::ERROR_UNKNOWN => { Some("An unknown error has occurred, due to an implementation or application bug") } _ => None,@@ -969,7 +969,7 @@ pub struct DynamicState(pub(crate) i32); impl DynamicState { pub const fn from_raw(x: i32) -> Self {- DynamicState(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -992,7 +992,7 @@ pub struct DescriptorUpdateTemplateType(pub(crate) i32); impl DescriptorUpdateTemplateType { pub const fn from_raw(x: i32) -> Self {- DescriptorUpdateTemplateType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1008,7 +1008,7 @@ pub struct ObjectType(pub(crate) i32); impl ObjectType { pub const fn from_raw(x: i32) -> Self {- ObjectType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1048,7 +1048,7 @@ pub struct SemaphoreType(pub(crate) i32); impl SemaphoreType { pub const fn from_raw(x: i32) -> Self {- SemaphoreType(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1064,7 +1064,7 @@ pub struct PresentModeKHR(pub(crate) i32); impl PresentModeKHR { pub const fn from_raw(x: i32) -> Self {- PresentModeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1082,7 +1082,7 @@ pub struct ColorSpaceKHR(pub(crate) i32); impl ColorSpaceKHR { pub const fn from_raw(x: i32) -> Self {- ColorSpaceKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1090,8 +1090,6 @@ } impl ColorSpaceKHR { pub const SRGB_NONLINEAR: Self = Self(0);- #[deprecated = "Backwards-compatible alias containing a typo"]- pub const COLORSPACE_SRGB_NONLINEAR: Self = Self::SRGB_NONLINEAR; } #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Default)] #[repr(transparent)]@@ -1099,7 +1097,7 @@ pub struct TimeDomainEXT(pub(crate) i32); impl TimeDomainEXT { pub const fn from_raw(x: i32) -> Self {- TimeDomainEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1117,7 +1115,7 @@ pub struct DebugReportObjectTypeEXT(pub(crate) i32); impl DebugReportObjectTypeEXT { pub const fn from_raw(x: i32) -> Self {- DebugReportObjectTypeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1153,13 +1151,9 @@ pub const SURFACE_KHR: Self = Self(26); pub const SWAPCHAIN_KHR: Self = Self(27); pub const DEBUG_REPORT_CALLBACK_EXT: Self = Self(28);- #[deprecated = "Backwards-compatible alias containing a typo"]- pub const DEBUG_REPORT: Self = Self::DEBUG_REPORT_CALLBACK_EXT; pub const DISPLAY_KHR: Self = Self(29); pub const DISPLAY_MODE_KHR: Self = Self(30); pub const VALIDATION_CACHE_EXT: Self = Self(33);- #[deprecated = "Backwards-compatible alias containing a typo"]- pub const VALIDATION_CACHE: Self = Self::VALIDATION_CACHE_EXT; } #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Default)] #[repr(transparent)]@@ -1167,7 +1161,7 @@ pub struct DeviceMemoryReportEventTypeEXT(pub(crate) i32); impl DeviceMemoryReportEventTypeEXT { pub const fn from_raw(x: i32) -> Self {- DeviceMemoryReportEventTypeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1186,7 +1180,7 @@ pub struct RasterizationOrderAMD(pub(crate) i32); impl RasterizationOrderAMD { pub const fn from_raw(x: i32) -> Self {- RasterizationOrderAMD(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1202,7 +1196,7 @@ pub struct ValidationCheckEXT(pub(crate) i32); impl ValidationCheckEXT { pub const fn from_raw(x: i32) -> Self {- ValidationCheckEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1218,7 +1212,7 @@ pub struct ValidationFeatureEnableEXT(pub(crate) i32); impl ValidationFeatureEnableEXT { pub const fn from_raw(x: i32) -> Self {- ValidationFeatureEnableEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1237,7 +1231,7 @@ pub struct ValidationFeatureDisableEXT(pub(crate) i32); impl ValidationFeatureDisableEXT { pub const fn from_raw(x: i32) -> Self {- ValidationFeatureDisableEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1259,7 +1253,7 @@ pub struct IndirectCommandsTokenTypeNV(pub(crate) i32); impl IndirectCommandsTokenTypeNV { pub const fn from_raw(x: i32) -> Self {- IndirectCommandsTokenTypeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1281,7 +1275,7 @@ pub struct DisplayPowerStateEXT(pub(crate) i32); impl DisplayPowerStateEXT { pub const fn from_raw(x: i32) -> Self {- DisplayPowerStateEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1298,7 +1292,7 @@ pub struct DeviceEventTypeEXT(pub(crate) i32); impl DeviceEventTypeEXT { pub const fn from_raw(x: i32) -> Self {- DeviceEventTypeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1313,7 +1307,7 @@ pub struct DisplayEventTypeEXT(pub(crate) i32); impl DisplayEventTypeEXT { pub const fn from_raw(x: i32) -> Self {- DisplayEventTypeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1328,7 +1322,7 @@ pub struct ViewportCoordinateSwizzleNV(pub(crate) i32); impl ViewportCoordinateSwizzleNV { pub const fn from_raw(x: i32) -> Self {- ViewportCoordinateSwizzleNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1350,7 +1344,7 @@ pub struct DiscardRectangleModeEXT(pub(crate) i32); impl DiscardRectangleModeEXT { pub const fn from_raw(x: i32) -> Self {- DiscardRectangleModeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1366,7 +1360,7 @@ pub struct PointClippingBehavior(pub(crate) i32); impl PointClippingBehavior { pub const fn from_raw(x: i32) -> Self {- PointClippingBehavior(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1382,7 +1376,7 @@ pub struct SamplerReductionMode(pub(crate) i32); impl SamplerReductionMode { pub const fn from_raw(x: i32) -> Self {- SamplerReductionMode(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1399,7 +1393,7 @@ pub struct TessellationDomainOrigin(pub(crate) i32); impl TessellationDomainOrigin { pub const fn from_raw(x: i32) -> Self {- TessellationDomainOrigin(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1415,7 +1409,7 @@ pub struct SamplerYcbcrModelConversion(pub(crate) i32); impl SamplerYcbcrModelConversion { pub const fn from_raw(x: i32) -> Self {- SamplerYcbcrModelConversion(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1438,7 +1432,7 @@ pub struct SamplerYcbcrRange(pub(crate) i32); impl SamplerYcbcrRange { pub const fn from_raw(x: i32) -> Self {- SamplerYcbcrRange(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1456,7 +1450,7 @@ pub struct ChromaLocation(pub(crate) i32); impl ChromaLocation { pub const fn from_raw(x: i32) -> Self {- ChromaLocation(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1472,7 +1466,7 @@ pub struct BlendOverlapEXT(pub(crate) i32); impl BlendOverlapEXT { pub const fn from_raw(x: i32) -> Self {- BlendOverlapEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1489,7 +1483,7 @@ pub struct CoverageModulationModeNV(pub(crate) i32); impl CoverageModulationModeNV { pub const fn from_raw(x: i32) -> Self {- CoverageModulationModeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1507,7 +1501,7 @@ pub struct CoverageReductionModeNV(pub(crate) i32); impl CoverageReductionModeNV { pub const fn from_raw(x: i32) -> Self {- CoverageReductionModeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1523,7 +1517,7 @@ pub struct ValidationCacheHeaderVersionEXT(pub(crate) i32); impl ValidationCacheHeaderVersionEXT { pub const fn from_raw(x: i32) -> Self {- ValidationCacheHeaderVersionEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1538,7 +1532,7 @@ pub struct ShaderInfoTypeAMD(pub(crate) i32); impl ShaderInfoTypeAMD { pub const fn from_raw(x: i32) -> Self {- ShaderInfoTypeAMD(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1555,7 +1549,7 @@ pub struct QueueGlobalPriorityEXT(pub(crate) i32); impl QueueGlobalPriorityEXT { pub const fn from_raw(x: i32) -> Self {- QueueGlobalPriorityEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1573,7 +1567,7 @@ pub struct ConservativeRasterizationModeEXT(pub(crate) i32); impl ConservativeRasterizationModeEXT { pub const fn from_raw(x: i32) -> Self {- ConservativeRasterizationModeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1590,7 +1584,7 @@ pub struct VendorId(pub(crate) i32); impl VendorId { pub const fn from_raw(x: i32) -> Self {- VendorId(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1616,7 +1610,7 @@ pub struct DriverId(pub(crate) i32); impl DriverId { pub const fn from_raw(x: i32) -> Self {- DriverId(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1657,6 +1651,14 @@ pub const JUICE_PROPRIETARY: Self = Self(16); #[doc = "Verisilicon, Inc."] pub const VERISILICON_PROPRIETARY: Self = Self(17);+ #[doc = "Mesa open source project"]+ pub const MESA_TURNIP: Self = Self(18);+ #[doc = "Mesa open source project"]+ pub const MESA_V3DV: Self = Self(19);+ #[doc = "Mesa open source project"]+ pub const MESA_PANVK: Self = Self(20);+ #[doc = "Samsung Electronics Co., Ltd."]+ pub const SAMSUNG_PROPRIETARY: Self = Self(21); } #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Default)] #[repr(transparent)]@@ -1664,7 +1666,7 @@ pub struct ShadingRatePaletteEntryNV(pub(crate) i32); impl ShadingRatePaletteEntryNV { pub const fn from_raw(x: i32) -> Self {- ShadingRatePaletteEntryNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1690,7 +1692,7 @@ pub struct CoarseSampleOrderTypeNV(pub(crate) i32); impl CoarseSampleOrderTypeNV { pub const fn from_raw(x: i32) -> Self {- CoarseSampleOrderTypeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1708,7 +1710,7 @@ pub struct CopyAccelerationStructureModeKHR(pub(crate) i32); impl CopyAccelerationStructureModeKHR { pub const fn from_raw(x: i32) -> Self {- CopyAccelerationStructureModeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1726,7 +1728,7 @@ pub struct BuildAccelerationStructureModeKHR(pub(crate) i32); impl BuildAccelerationStructureModeKHR { pub const fn from_raw(x: i32) -> Self {- BuildAccelerationStructureModeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1742,7 +1744,7 @@ pub struct AccelerationStructureTypeKHR(pub(crate) i32); impl AccelerationStructureTypeKHR { pub const fn from_raw(x: i32) -> Self {- AccelerationStructureTypeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1759,7 +1761,7 @@ pub struct GeometryTypeKHR(pub(crate) i32); impl GeometryTypeKHR { pub const fn from_raw(x: i32) -> Self {- GeometryTypeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1776,7 +1778,7 @@ pub struct AccelerationStructureMemoryRequirementsTypeNV(pub(crate) i32); impl AccelerationStructureMemoryRequirementsTypeNV { pub const fn from_raw(x: i32) -> Self {- AccelerationStructureMemoryRequirementsTypeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1793,7 +1795,7 @@ pub struct AccelerationStructureBuildTypeKHR(pub(crate) i32); impl AccelerationStructureBuildTypeKHR { pub const fn from_raw(x: i32) -> Self {- AccelerationStructureBuildTypeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1810,7 +1812,7 @@ pub struct RayTracingShaderGroupTypeKHR(pub(crate) i32); impl RayTracingShaderGroupTypeKHR { pub const fn from_raw(x: i32) -> Self {- RayTracingShaderGroupTypeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1827,7 +1829,7 @@ pub struct AccelerationStructureCompatibilityKHR(pub(crate) i32); impl AccelerationStructureCompatibilityKHR { pub const fn from_raw(x: i32) -> Self {- AccelerationStructureCompatibilityKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1843,7 +1845,7 @@ pub struct ShaderGroupShaderKHR(pub(crate) i32); impl ShaderGroupShaderKHR { pub const fn from_raw(x: i32) -> Self {- ShaderGroupShaderKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1861,7 +1863,7 @@ pub struct MemoryOverallocationBehaviorAMD(pub(crate) i32); impl MemoryOverallocationBehaviorAMD { pub const fn from_raw(x: i32) -> Self {- MemoryOverallocationBehaviorAMD(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1878,7 +1880,7 @@ pub struct ScopeNV(pub(crate) i32); impl ScopeNV { pub const fn from_raw(x: i32) -> Self {- ScopeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1896,7 +1898,7 @@ pub struct ComponentTypeNV(pub(crate) i32); impl ComponentTypeNV { pub const fn from_raw(x: i32) -> Self {- ComponentTypeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1921,7 +1923,7 @@ pub struct FullScreenExclusiveEXT(pub(crate) i32); impl FullScreenExclusiveEXT { pub const fn from_raw(x: i32) -> Self {- FullScreenExclusiveEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1939,7 +1941,7 @@ pub struct PerformanceCounterScopeKHR(pub(crate) i32); impl PerformanceCounterScopeKHR { pub const fn from_raw(x: i32) -> Self {- PerformanceCounterScopeKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1949,9 +1951,6 @@ pub const COMMAND_BUFFER: Self = Self(0); pub const RENDER_PASS: Self = Self(1); pub const COMMAND: Self = Self(2);- pub const QUERY_SCOPE_COMMAND_BUFFER: Self = Self::COMMAND_BUFFER;- pub const QUERY_SCOPE_RENDER_PASS: Self = Self::RENDER_PASS;- pub const QUERY_SCOPE_COMMAND: Self = Self::COMMAND; } #[derive(Clone, Copy, PartialEq, Eq, PartialOrd, Ord, Hash, Default)] #[repr(transparent)]@@ -1959,7 +1958,7 @@ pub struct PerformanceCounterUnitKHR(pub(crate) i32); impl PerformanceCounterUnitKHR { pub const fn from_raw(x: i32) -> Self {- PerformanceCounterUnitKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -1984,7 +1983,7 @@ pub struct PerformanceCounterStorageKHR(pub(crate) i32); impl PerformanceCounterStorageKHR { pub const fn from_raw(x: i32) -> Self {- PerformanceCounterStorageKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2004,7 +2003,7 @@ pub struct PerformanceConfigurationTypeINTEL(pub(crate) i32); impl PerformanceConfigurationTypeINTEL { pub const fn from_raw(x: i32) -> Self {- PerformanceConfigurationTypeINTEL(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2019,7 +2018,7 @@ pub struct QueryPoolSamplingModeINTEL(pub(crate) i32); impl QueryPoolSamplingModeINTEL { pub const fn from_raw(x: i32) -> Self {- QueryPoolSamplingModeINTEL(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2034,7 +2033,7 @@ pub struct PerformanceOverrideTypeINTEL(pub(crate) i32); impl PerformanceOverrideTypeINTEL { pub const fn from_raw(x: i32) -> Self {- PerformanceOverrideTypeINTEL(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2050,7 +2049,7 @@ pub struct PerformanceParameterTypeINTEL(pub(crate) i32); impl PerformanceParameterTypeINTEL { pub const fn from_raw(x: i32) -> Self {- PerformanceParameterTypeINTEL(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2066,7 +2065,7 @@ pub struct PerformanceValueTypeINTEL(pub(crate) i32); impl PerformanceValueTypeINTEL { pub const fn from_raw(x: i32) -> Self {- PerformanceValueTypeINTEL(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2085,7 +2084,7 @@ pub struct ShaderFloatControlsIndependence(pub(crate) i32); impl ShaderFloatControlsIndependence { pub const fn from_raw(x: i32) -> Self {- ShaderFloatControlsIndependence(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2102,7 +2101,7 @@ pub struct PipelineExecutableStatisticFormatKHR(pub(crate) i32); impl PipelineExecutableStatisticFormatKHR { pub const fn from_raw(x: i32) -> Self {- PipelineExecutableStatisticFormatKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2120,7 +2119,7 @@ pub struct LineRasterizationModeEXT(pub(crate) i32); impl LineRasterizationModeEXT { pub const fn from_raw(x: i32) -> Self {- LineRasterizationModeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2138,7 +2137,7 @@ pub struct FragmentShadingRateCombinerOpKHR(pub(crate) i32); impl FragmentShadingRateCombinerOpKHR { pub const fn from_raw(x: i32) -> Self {- FragmentShadingRateCombinerOpKHR(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2157,7 +2156,7 @@ pub struct FragmentShadingRateNV(pub(crate) i32); impl FragmentShadingRateNV { pub const fn from_raw(x: i32) -> Self {- FragmentShadingRateNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2183,7 +2182,7 @@ pub struct FragmentShadingRateTypeNV(pub(crate) i32); impl FragmentShadingRateTypeNV { pub const fn from_raw(x: i32) -> Self {- FragmentShadingRateTypeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2199,7 +2198,7 @@ pub struct ProvokingVertexModeEXT(pub(crate) i32); impl ProvokingVertexModeEXT { pub const fn from_raw(x: i32) -> Self {- ProvokingVertexModeEXT(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2215,7 +2214,7 @@ pub struct AccelerationStructureMotionInstanceTypeNV(pub(crate) i32); impl AccelerationStructureMotionInstanceTypeNV { pub const fn from_raw(x: i32) -> Self {- AccelerationStructureMotionInstanceTypeNV(x)+ Self(x) } pub const fn as_raw(self) -> i32 { self.0@@ -2232,7 +2231,7 @@ pub struct QueryResultStatusKHR(pub(crate) i32); impl QueryResultStatusKHR { pub const fn from_raw(x: i32) -> Self {
After analyzing the provided code diff, I don't find any security vulnerabilities being fixed. The changes appear to be primarily stylistic/refactoring changes where explicit struct names are replaced with `Self` keyword in constructor methods, and some deprecated aliases are removed. Here's the analysis following the requested format: Vulnerability Existed: no [No security vulnerabilities found] [The changes are stylistic improvements and removal of deprecated aliases] The main changes are: 1. Replacing explicit struct names with `Self` in `from_raw` methods (e.g., changing `ImageLayout(x)` to `Self(x)`) 2. Removing deprecated aliases like `COLORSPACE_SRGB_NONLINEAR`, `DEBUG_REPORT`, and `VALIDATION_CACHE` 3. Adding new driver IDs and improving debug formatting These changes don't appear to address any security vulnerabilities but rather improve code quality and maintainability. The diff shows no changes that would fix memory safety issues, input validation problems, or other common security vulnerabilities. If I were to identify anything security-related, it would be the removal of deprecated aliases which could help prevent typos in the future, but this doesn't constitute a security vulnerability fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/python/mach/mach/util.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/python/mach/mach/util.py@@ -7,6 +7,9 @@ import hashlib import os import sys++from pathlib import Path, PurePosixPath+from typing import Optional class UserError(Exception):@@ -83,3 +86,28 @@ fh.write(topsrcdir) return state_dir+++def win_to_msys_path(path: Path):+ """Convert a windows-style path to msys-style."""+ drive, path = os.path.splitdrive(path)+ path = "/".join(path.split("\\"))+ if drive:+ if path[0] == "/":+ path = path[1:]+ path = f"/{drive[:-1]}/{path}"+ return PurePosixPath(path)+++def to_optional_path(path: Optional[Path]):+ if path:+ return Path(path)+ else:+ return None+++def to_optional_str(path: Optional[Path]):+ if path:+ return str(path)+ else:+ return None
Analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be adding new utility functions for path manipulation rather than fixing existing security issues.
Here's the analysis following the requested format:
1. Vulnerability Existed: no
No security vulnerability found [File] python/mach/mach/util.py [Lines] 7-9, 83-98
[Old Code]
(No existing code in these locations)
[Fixed Code]
from pathlib import Path, PurePosixPath
from typing import Optional
(plus the new function implementations)
2. Vulnerability Existed: no
No security vulnerability found [File] python/mach/mach/util.py [Lines] 86-98
[Old Code]
(No existing code in these locations)
[Fixed Code]
def win_to_msys_path(path: Path):
"""Convert a windows-style path to msys-style."""
drive, path = os.path.splitdrive(path)
path = "/".join(path.split("\\"))
if drive:
if path[0] == "/":
path = path[1:]
path = f"/{drive[:-1]}/{path}"
return PurePosixPath(path)
def to_optional_path(path: Optional[Path]):
if path:
return Path(path)
else:
return None
def to_optional_str(path: Optional[Path]):
if path:
return str(path)
else:
return None
The changes are purely additive, introducing new functionality for path conversion between Windows and MSYS formats, and adding some utility functions for optional path handling. There's no evidence of any security vulnerabilities being fixed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex5.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex5.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; try { ctx.fillStyle = '#ff000'; } catch (e) { } // this shouldn't throw, but it shouldn't matter here if it does ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: no
No specific vulnerability [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.invalid.hex5.worker.js] [Lines 13-14, 20]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
Additional Details:
- The changes appear to be purely variable renaming (from 'offscreenCanvas' to 'canvas') and don't indicate any security fixes.
- The test logic remains the same, just with a different variable name.
- No security vulnerabilities were addressed in this change.
- This appears to be a code style/consistency change rather than a security fix.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/wr/examples/iframe.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/wr/examples/iframe.rs@@ -71,6 +71,7 @@ ReferenceFrameKind::Transform { is_2d_scale_translation: false, should_snap: false,+ paired_with_perspective: false, }, SpatialTreeItemKey::new(0, 0), );
Let me analyze the code diff for potential security fixes.
Vulnerability Existed: not sure
[Potential Missing Field Initialization] [gfx/wr/examples/iframe.rs] [Lines 71-76]
[Old Code]
```
ReferenceFrameKind::Transform {
is_2d_scale_translation: false,
should_snap: false,
},
```
[Fixed Code]
```
ReferenceFrameKind::Transform {
is_2d_scale_translation: false,
should_snap: false,
paired_with_perspective: false,
},
```
Additional Details:
- The diff shows the addition of a new field `paired_with_perspective` being initialized to `false` in a `ReferenceFrameKind::Transform` struct initialization
- While this could potentially fix an uninitialized memory issue if the field was previously not being set, there's no clear evidence this was causing a security vulnerability
- The change appears to be more of a feature addition or bug fix rather than a direct security patch
- Without more context about how this struct is used, it's difficult to determine if this could have led to security issues
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/webgpu/ipc/WebGPUChild.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/webgpu/ipc/WebGPUChild.h@@ -26,6 +26,21 @@ using AdapterPromise = MozPromise<ipc::ByteBuf, Maybe<ipc::ResponseRejectReason>, true>;+using PipelinePromise = MozPromise<RawId, ipc::ResponseRejectReason, true>;+using DevicePromise = MozPromise<bool, ipc::ResponseRejectReason, true>;++struct PipelineCreationContext {+ RawId mParentId = 0;+ RawId mImplicitPipelineLayoutId = 0;+ nsTArray<RawId> mImplicitBindGroupLayoutIds;+};++struct DeviceRequest {+ RawId mId = 0;+ RefPtr<DevicePromise> mPromise;+ // Note: we could put `ffi::WGPULimits` in here as well,+ // but we don't want to #include ffi stuff in this header+}; ffi::WGPUByteBuf* ToFFI(ipc::ByteBuf* x);@@ -34,18 +49,18 @@ friend class layers::CompositorBridgeChild; NS_DECL_CYCLE_COLLECTION_NATIVE_CLASS(WebGPUChild)- NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING(WebGPUChild)+ NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING_INHERITED(WebGPUChild) public: explicit WebGPUChild();- bool IsOpen() const { return mIPCOpen; }+ bool IsOpen() const { return CanSend(); } RefPtr<AdapterPromise> InstanceRequestAdapter( const dom::GPURequestAdapterOptions& aOptions);- Maybe<RawId> AdapterRequestDevice(RawId aSelfId,- const dom::GPUDeviceDescriptor& aDesc,- ffi::WGPULimits* aLimtis);+ Maybe<DeviceRequest> AdapterRequestDevice(+ RawId aSelfId, const dom::GPUDeviceDescriptor& aDesc,+ ffi::WGPULimits* aLimits); RawId DeviceCreateBuffer(RawId aSelfId, const dom::GPUBufferDescriptor& aDesc); RawId DeviceCreateTexture(RawId aSelfId,@@ -69,22 +84,28 @@ const dom::GPUBindGroupDescriptor& aDesc); RawId DeviceCreateShaderModule(RawId aSelfId, const dom::GPUShaderModuleDescriptor& aDesc);+ RawId DeviceCreateComputePipeline(- RawId aSelfId, const dom::GPUComputePipelineDescriptor& aDesc,- RawId* const aImplicitPipelineLayoutId,- nsTArray<RawId>* const aImplicitBindGroupLayoutIds);+ PipelineCreationContext* const aContext,+ const dom::GPUComputePipelineDescriptor& aDesc);+ RefPtr<PipelinePromise> DeviceCreateComputePipelineAsync(+ PipelineCreationContext* const aContext,+ const dom::GPUComputePipelineDescriptor& aDesc); RawId DeviceCreateRenderPipeline(- RawId aSelfId, const dom::GPURenderPipelineDescriptor& aDesc,- RawId* const aImplicitPipelineLayoutId,- nsTArray<RawId>* const aImplicitBindGroupLayoutIds);+ PipelineCreationContext* const aContext,+ const dom::GPURenderPipelineDescriptor& aDesc);+ RefPtr<PipelinePromise> DeviceCreateRenderPipelineAsync(+ PipelineCreationContext* const aContext,+ const dom::GPURenderPipelineDescriptor& aDesc); void DeviceCreateSwapChain(RawId aSelfId, const RGBDescriptor& aRgbDesc, size_t maxBufferCount, wr::ExternalImageId aExternalImageId); void SwapChainPresent(wr::ExternalImageId aExternalImageId, RawId aTextureId);- void RegisterDevice(RawId aId, Device* aDevice);+ void RegisterDevice(Device* const aDevice); void UnregisterDevice(RawId aId);+ void FreeUnregisteredInParentDevice(RawId aId); static void ConvertTextureFormatRef(const dom::GPUTextureFormat& aInput, ffi::WGPUTextureFormat& aOutput);@@ -94,25 +115,17 @@ void JsWarning(nsIGlobalObject* aGlobal, const nsACString& aMessage);- // AddIPDLReference and ReleaseIPDLReference are only to be called by- // CompositorBridgeChild's AllocPWebGPUChild and DeallocPWebGPUChild methods- // respectively. We intentionally make them private to prevent misuse.- // The purpose of these methods is to be aware of when the IPC system around- // this actor goes down: mIPCOpen is then set to false.- void AddIPDLReference() {- MOZ_ASSERT(!mIPCOpen);- mIPCOpen = true;- AddRef();- }- void ReleaseIPDLReference() {- MOZ_ASSERT(mIPCOpen);- mIPCOpen = false;- Release();- }+ RawId DeviceCreateComputePipelineImpl(+ PipelineCreationContext* const aContext,+ const dom::GPUComputePipelineDescriptor& aDesc,+ ipc::ByteBuf* const aByteBuf);+ RawId DeviceCreateRenderPipelineImpl(+ PipelineCreationContext* const aContext,+ const dom::GPURenderPipelineDescriptor& aDesc,+ ipc::ByteBuf* const aByteBuf); ffi::WGPUClient* const mClient;- bool mIPCOpen;- std::unordered_map<RawId, Device*> mDeviceMap;+ std::unordered_map<RawId, WeakPtr<Device>> mDeviceMap; public: ipc::IPCResult RecvDeviceUncapturedError(RawId aDeviceId,
Based on the provided code diff, I'll analyze potential security vulnerabilities:
1. Vulnerability Existed: not sure
[Potential Memory Management Issue] [dom/webgpu/ipc/WebGPUChild.h] [Lines 34, 115]
[Old Code]
NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING(WebGPUChild)
std::unordered_map<RawId, Device*> mDeviceMap;
[Fixed Code]
NS_INLINE_DECL_CYCLE_COLLECTING_NATIVE_REFCOUNTING_INHERITED(WebGPUChild)
std::unordered_map<RawId, WeakPtr<Device>> mDeviceMap;
Additional Details: The change from raw pointers to WeakPtr in the device map suggests potential memory management improvements, but it's unclear if this was fixing a specific vulnerability.
2. Vulnerability Existed: not sure
[Potential Race Condition] [dom/webgpu/ipc/WebGPUChild.h] [Lines 26-28, 69-97]
[Old Code]
Using direct RawId returns for pipeline creation
[Fixed Code]
Added PipelinePromise and PipelineCreationContext structures with more robust handling
Additional Details: The introduction of async pipeline creation and better context management suggests improved safety, but it's unclear if this was fixing a specific race condition vulnerability.
3. Vulnerability Existed: not sure
[Potential IPC State Management Issue] [dom/webgpu/ipc/WebGPUChild.h] [Lines 34, 54]
[Old Code]
bool IsOpen() const { return mIPCOpen; }
Manual IPDL reference counting with AddIPDLReference/ReleaseIPDLReference
[Fixed Code]
bool IsOpen() const { return CanSend(); }
Removed manual IPDL reference counting
Additional Details: The change to use CanSend() instead of manual state management suggests improved IPC safety, but it's unclear if this was fixing a specific vulnerability.
Note: While there are several changes that improve code safety and robustness, I couldn't identify any clear security vulnerabilities that were being fixed. The changes appear to be more about architectural improvements and better memory management practices rather than patching specific security holes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-22.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-22.xml@@ -7,7 +7,6 @@ <link rel="author" title="Daniel Glazman" href="http://glazman.org/"/> <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found -->- <meta name="flags" content="" /> </head> <body> <ul>
Based on the provided diff, here's the analysis: Vulnerability Existed: no No Security Vulnerability Found [File] testing/web-platform/tests/css/selectors/old-tests/css3-modsel-22.xml [Lines] 7 [Old Code] `<meta name="flags" content="" />` [Fixed Code] (Line removed) Additional Details: The change simply removes an empty meta tag that was specifying flags. This appears to be a cleanup change rather than a security fix. There's no indication of any security vulnerability being addressed here. The removed tag wasn't serving any security-relevant purpose and its removal doesn't impact security.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.