Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.drawing.style.textRendering.settings.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.drawing.style.textRendering.settings.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); // Setting textRendering with lower cases _assertSame(ctx.textRendering, "auto", "ctx.textRendering", "\"auto\"");
Based on the provided diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-14]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
- The change appears to be purely a variable name change from `offscreenCanvas` to `canvas`
- No security-related changes are evident in this diff
- The modification doesn't affect any security-sensitive operations or introduce/remove any security controls
- This seems to be a code style/readability improvement rather than a security fix
No CVE or specific vulnerability name applies as this isn't a security-related change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-050.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-050.html@@ -9,7 +9,6 @@ <link rel="author" title="Mozilla" href="http://www.mozilla.org/"> <link rel="help" href="https://drafts.csswg.org/css-shapes-1/#supported-basic-shapes"> <link rel="match" href="reference/shape-outside-circle-050-ref.html">- <meta name="flags" content=""> <meta name="assert" content="Test the boxes are wrapping around the right float shape defined by circle(50% at right 40px top 40px) value under vertical-lr writing-mode."> <style> .container {
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The change appears to be a simple removal of an empty meta tag attribute, which doesn't relate to security.
Answer:
Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-050.html
[Removed empty meta flags attribute]
[No security-related fixes identified]
This change appears to be a minor cleanup rather than a security fix. The removed line was just an empty meta tag attribute (`flags=""`) which doesn't have any security implications. The rest of the changes are related to test assertions and styling, not security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-70.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-70.xml@@ -7,7 +7,6 @@ <link rel="author" title="Daniel Glazman" href="http://glazman.org/"/> <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found -->- <meta name="flags" content="" /> </head> <body> <p>
Analyzing the provided code diff for security fixes: 1. Vulnerability Existed: no No specific vulnerability found [File] testing/web-platform/tests/css/selectors/old-tests/css3-modsel-70.xml [Lines] 7 [Old Code] `<meta name="flags" content="" />` [Fixed Code] (removed line) Additional Details: - The diff shows only the removal of an empty `<meta>` tag with a "flags" attribute. This appears to be a test-related cleanup rather than a security fix. - No known vulnerabilities are associated with this change. The modification seems to be removing unnecessary test metadata rather than addressing any security issue. - The change aligns with general code hygiene practices rather than security patching. No other vulnerabilities detected in the provided diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/framework/toolbox.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/framework/toolbox.js@@ -15,6 +15,7 @@ const DISABLE_AUTOHIDE_PREF = "ui.popup.disable_autohide"; const FORCE_THEME_NOTIFICATION_PREF = "devtools.theme.force-auto-theme-info"; const SHOW_THEME_NOTIFICATION_PREF = "devtools.theme.show-auto-theme-info";+const PSEUDO_LOCALE_PREF = "intl.l10n.pseudo"; const HOST_HISTOGRAM = "DEVTOOLS_TOOLBOX_HOST"; const CURRENT_THEME_SCALAR = "devtools.current_theme"; const HTML_NS = "http://www.w3.org/1999/xhtml";@@ -33,6 +34,10 @@ const { getUnicodeUrl } = require("devtools/client/shared/unicode-url"); var { DOMHelpers } = require("devtools/shared/dom-helpers"); const { KeyCodes } = require("devtools/client/shared/keycodes");+const {+ FluentL10n,+} = require("devtools/client/shared/fluent-l10n/fluent-l10n");+ var Startup = Cc["@mozilla.org/devtools/startup-clh;1"].getService( Ci.nsISupports ).wrappedJSObject;@@ -282,6 +287,9 @@ this._toolUnregistered = this._toolUnregistered.bind(this); this._refreshHostTitle = this._refreshHostTitle.bind(this); this.toggleNoAutohide = this.toggleNoAutohide.bind(this);+ this.disablePseudoLocale = () => this.changePseudoLocale("none");+ this.enableAccentedPseudoLocale = () => this.changePseudoLocale("accented");+ this.enableBidiPseudoLocale = () => this.changePseudoLocale("bidi"); this._updateFrames = this._updateFrames.bind(this); this._splitConsoleOnKeypress = this._splitConsoleOnKeypress.bind(this); this.closeToolbox = this.closeToolbox.bind(this);@@ -736,6 +744,18 @@ ], }); }++ // If a new popup is debugged, automagically switch the toolbox to become+ // an independant window so that we can easily keep debugging the new tab.+ // Only do that if that's not the current top level, otherwise it means+ // we opened a toolbox dedicated to the popup.+ if (+ targetFront.targetForm.isPopup &&+ !targetFront.isTopLevel &&+ this.descriptorFront.isLocalTab+ ) {+ await this.switchHostToTab(targetFront.targetForm.browsingContextID);+ } }, async _onTargetSelected({ targetFront }) {@@ -845,6 +865,12 @@ */ open: function() { return async function() {+ // Kick off async loading the Fluent bundles.+ const fluentL10n = new FluentL10n();+ const fluentInitPromise = fluentL10n.init([+ "devtools/client/toolbox.ftl",+ ]);+ const isToolboxURL = this.win.location.href.startsWith(this._URL); if (isToolboxURL) { // Update the URL so that onceDOMReady watch for the right url.@@ -944,7 +970,9 @@ // Get the DOM element to mount the ToolboxController to. this._componentMount = this.doc.getElementById("toolbox-toolbar-mount");- this._mountReactComponent();+ await fluentInitPromise;++ this._mountReactComponent(fluentL10n.getBundles()); this._buildDockOptions(); this._buildTabs();@@ -1735,8 +1763,11 @@ // Called whenever the chrome send a message _onBrowserMessage: function(event) {- if (event.data && event.data.name === "switched-host") {+ if (event.data?.name === "switched-host") { this._onSwitchedHost(event.data);+ }+ if (event.data?.name === "switched-host-to-tab") {+ this._onSwitchedHostToTab(event.data.browsingContextID); } },@@ -1882,22 +1913,32 @@ definition.isTargetSupported(this.target) && definition.id !== "options" );- // Do async lookup of disable pop-up auto-hide state.- if (this.disableAutohideAvailable) {- const disable = await this._isDisableAutohideEnabled();- this.component.setDisableAutohide(disable);- }- },-- _mountReactComponent: function() {+ // Do async lookups for the target browser's state.+ if (this.isBrowserChromeTarget) {+ // Parallelize the asynchronous calls, so that the DOM is only updated once when+ // updating the React components.+ const [disableAutohide, pseudoLocale] = await Promise.all([+ this._isDisableAutohideEnabled(),+ this.getPseudoLocale(),+ ]);+ this.component.setDisableAutohide(disableAutohide);+ this.component.setPseudoLocale(pseudoLocale);+ }+ },++ _mountReactComponent(fluentBundles) { // Ensure the toolbar doesn't try to render until the tool is ready. const element = this.React.createElement(this.ToolboxController, { L10N,+ fluentBundles, currentToolId: this.currentToolId, selectTool: this.selectTool, toggleOptions: this.toggleOptions, toggleSplitConsole: this.toggleSplitConsole, toggleNoAutohide: this.toggleNoAutohide,+ disablePseudoLocale: this.disablePseudoLocale,+ enableAccentedPseudoLocale: this.enableAccentedPseudoLocale,+ enableBidiPseudoLocale: this.enableBidiPseudoLocale, closeToolbox: this.closeToolbox, focusButton: this._onToolbarFocus, toolbox: this,@@ -2298,6 +2339,10 @@ * Update the visual state of the Frame picker button. */ updateFrameButton() {+ if (this.isDestroying()) {+ return;+ }+ if (this.currentToolId === "options" && this.frameMap.size <= 1) { // If the button is only visible because the user is on the Options panel, disable // the button and set an appropriate description.@@ -3219,19 +3264,62 @@ * client. See the definition of the preference actor for more information. */ get preferenceFront() {- const frontPromise = this.commands.client.mainRoot.getFront("preference");- frontPromise.then(front => {- // Set the _preferenceFront property to allow the resetPreferences toolbox method- // to cleanup the preference set when the toolbox is closed.- this._preferenceFront = front;- });-- return frontPromise;- },-- // Is the disable auto-hide of pop-ups feature available in this context?- get disableAutohideAvailable() {+ if (!this._preferenceFrontRequest) {+ // Set the _preferenceFrontRequest property to allow the resetPreference toolbox+ // method to cleanup the preference set when the toolbox is closed.+ this._preferenceFrontRequest = this.commands.client.mainRoot.getFront(+ "preference"+ );+ }+ return this._preferenceFrontRequest;+ },++ // The auto-hide of pop-ups feature and pseudo-localization require targeting+ // browser chrome.+ get isBrowserChromeTarget() { return this.target.chrome;+ },++ /**+ * See: https://firefox-source-docs.mozilla.org/l10n/fluent/tutorial.html#pseudolocalization+ *+ * @param {"bidi" | "accented" | "none"} pseudoLocale+ */+ async changePseudoLocale(pseudoLocale) {+ await this.isOpen;+ const prefFront = await this.preferenceFront;+ if (pseudoLocale === "none") {+ await prefFront.clearUserPref(PSEUDO_LOCALE_PREF);+ } else {+ await prefFront.setCharPref(PSEUDO_LOCALE_PREF, pseudoLocale);+ }+ this.component.setPseudoLocale(pseudoLocale);+ this._pseudoLocaleChanged = true;+ },++ /**+ * Returns the pseudo-locale when the target is browser chrome, otherwise undefined.+ *+ * @returns {"bidi" | "accented" | "none" | undefined}+ */+ async getPseudoLocale() {+ // Ensure that the tools are open and the feature is available in this+ // context.+ await this.isOpen;+ if (!this.isBrowserChromeTarget) {+ return undefined;+ }++ const prefFront = await this.preferenceFront;+ const locale = await prefFront.getCharPref(PSEUDO_LOCALE_PREF);++ switch (locale) {+ case "bidi":+ case "accented":+ return locale;+ default:+ return "none";+ } }, async toggleNoAutohide() {@@ -3241,7 +3329,7 @@ front.setBoolPref(DISABLE_AUTOHIDE_PREF, toggledValue);- if (this.disableAutohideAvailable) {+ if (this.isBrowserChromeTarget) { this.component.setDisableAutohide(toggledValue); } this._autohideHasBeenToggled = true;@@ -3251,7 +3339,7 @@ // Ensure that the tools are open and the feature is available in this // context. await this.isOpen;- if (!this.disableAutohideAvailable) {+ if (!this.isBrowserChromeTarget) { return false; }@@ -3271,11 +3359,6 @@ try { const { frames } = await this.target.listFrames();-- // @backward-compat { version 96 } frame.isTopLevel was added in 96.- for (const frame of frames) {- frame.isTopLevel = !frame.parentID;- } this._updateFrames({ frames }); } catch (e) { console.error("Error while listing frames", e);@@ -3504,6 +3587,25 @@ return this.once("host-changed"); },+ /**+ * Request to Firefox UI to move the toolbox to another tab.+ * This is used when we move a toolbox to a new popup opened by the tab we were currently debugging.+ * We also move the toolbox back to the original tab we were debugging if we select it via Firefox tabs.+ *+ * @param {String} tabBrowsingContextID+ * The BrowsingContext ID of the tab we want to move to.+ * @returns {Promise<undefined>}+ * This will resolve only once we moved to the new tab.+ */+ switchHostToTab(tabBrowsingContextID) {+ this.postMessage({+ name: "switch-host-to-tab",+ tabBrowsingContextID,+ });++ return this.once("switched-host-to-tab");+ },+ _onSwitchedHost: function({ hostType }) { this._hostType = hostType;@@ -3522,6 +3624,27 @@ .add(this._getTelemetryHostId()); this.component.setCurrentHostType(hostType);+ },++ /**+ * Event handler fired when the toolbox was moved to another tab.+ * This fires when the toolbox itself requests to be moved to another tab,+ * but also when we select the original tab where the toolbox originally was.+ *+ * @param {String} browsingContextID+ * The BrowsingContext ID of the tab the toolbox has been moved to.+ */+ _onSwitchedHostToTab(browsingContextID) {+ const targets = this.commands.targetCommand.getAllTargets([+ this.commands.targetCommand.TYPES.FRAME,+ ]);+ const target = targets.find(+ target => target.browsingContextID == browsingContextID+ );++ this.commands.targetCommand.selectTarget(target);++ this.emit("switched-host-to-tab"); }, /**@@ -3954,8 +4077,12 @@ this.browserRequire = null; this._toolNames = null;- // Reset preferences set by the toolbox- outstanding.push(this.resetPreference());+ // Reset preferences set by the toolbox, then remove the preference front.+ outstanding.push(+ this.resetPreference().then(() => {+ this._preferenceFrontRequest = null;+ })+ ); this.commands.targetCommand.unwatchTargets({ types: this.commands.targetCommand.ALL_TYPES,@@ -4168,17 +4295,25 @@ * Reset preferences set by the toolbox. */ async resetPreference() {- if (!this._preferenceFront) {+ if (+ // No preferences have been changed, so there is nothing to reset.+ !this._preferenceFrontRequest ||+ // Did any pertinent prefs actually change? For autohide and the pseudo-locale,+ // only reset prefs in the Browser Toolbox if it's been toggled in the UI+ // (don't reset the pref if it was already set before opening)+ (!this._autohideHasBeenToggled && !this._pseudoLocaleChanged)+ ) { return; }- // Only reset the autohide pref in the Browser Toolbox if it's been toggled- // in the UI (don't reset the pref if it was already set before opening)+ const preferenceFront = await this.preferenceFront;+ if (this._autohideHasBeenToggled) {- await this._preferenceFront.clearUserPref(DISABLE_AUTOHIDE_PREF);- }-- this._preferenceFront = null;+ await preferenceFront.clearUserPref(DISABLE_AUTOHIDE_PREF);+ }+ if (this._pseudoLocaleChanged) {+ await preferenceFront.clearUserPref(PSEUDO_LOCALE_PREF);+ } }, // HAR Automation
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential XSS via message handling] [devtools/client/framework/toolbox.js] [Lines 1763-1767]
[Old Code]
```javascript
_onBrowserMessage: function(event) {
if (event.data && event.data.name === "switched-host") {
this._onSwitchedHost(event.data);
}
```
[Fixed Code]
```javascript
_onBrowserMessage: function(event) {
if (event.data?.name === "switched-host") {
this._onSwitchedHost(event.data);
}
if (event.data?.name === "switched-host-to-tab") {
this._onSwitchedHostToTab(event.data.browsingContextID);
}
```
2. Vulnerability Existed: not sure
[Potential Memory Leak] [devtools/client/framework/toolbox.js] [Lines 3219-3229]
[Old Code]
```javascript
get preferenceFront() {
const frontPromise = this.commands.client.mainRoot.getFront("preference");
frontPromise.then(front => {
this._preferenceFront = front;
});
return frontPromise;
}
```
[Fixed Code]
```javascript
get preferenceFront() {
if (!this._preferenceFrontRequest) {
this._preferenceFrontRequest = this.commands.client.mainRoot.getFront("preference");
}
return this._preferenceFrontRequest;
}
```
3. Vulnerability Existed: not sure
[Potential Race Condition] [devtools/client/framework/toolbox.js] [Lines 3954-3961]
[Old Code]
```javascript
outstanding.push(this.resetPreference());
```
[Fixed Code]
```javascript
outstanding.push(
this.resetPreference().then(() => {
this._preferenceFrontRequest = null;
})
);
```
4. Vulnerability Existed: not sure
[Potential Privilege Escalation] [devtools/client/framework/toolbox.js] [Lines 4168-4295]
[Old Code]
```javascript
async resetPreference() {
if (!this._preferenceFront) {
return;
}
if (this._autohideHasBeenToggled) {
await this._preferenceFront.clearUserPref(DISABLE_AUTOHIDE_PREF);
}
this._preferenceFront = null;
}
```
[Fixed Code]
```javascript
async resetPreference() {
if (!this._preferenceFrontRequest || (!this._autohideHasBeenToggled && !this._pseudoLocaleChanged)) {
return;
}
const preferenceFront = await this.preferenceFront;
if (this._autohideHasBeenToggled) {
await preferenceFront.clearUserPref(DISABLE_AUTOHIDE_PREF);
}
if (this._pseudoLocaleChanged) {
await preferenceFront.clearUserPref(PSEUDO_LOCALE_PREF);
}
}
```
Note: While these changes appear to be security-related improvements, I cannot definitively confirm they are fixing known vulnerabilities without additional context about the threat model or reported issues. The changes primarily focus on:
1. More robust message handling
2. Better resource management
3. Cleaner preference handling
4. More complete cleanup during destruction
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/dav1d/meson_options.txt+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/dav1d/meson_options.txt@@ -24,6 +24,11 @@ type: 'boolean', value: true, description: 'Build dav1d tests')++option('enable_docs',+ type: 'boolean',+ value: false,+ description: 'Build dav1d documentation') option('logging', type: 'boolean',
Analysis of the provided code diff:
1. Vulnerability Existed: no
[No specific vulnerability] [third_party/dav1d/meson_options.txt] [Lines 24-29]
[Old Code]
(No previous code for this option)
[Fixed Code]
option('enable_docs',
type: 'boolean',
value: false,
description: 'Build dav1d documentation')
Additional Details:
- This is simply an addition of a new build configuration option to control documentation generation
- No security implications or vulnerabilities are apparent in this change
- The change appears to be purely related to build configuration, adding the ability to disable documentation generation by default
No security vulnerabilities were identified in this diff. The change is a standard build system modification adding a new configuration option.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/debugger/src/reducers/tests/breakpoints.spec.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/debugger/src/reducers/tests/breakpoints.spec.js@@ -2,10 +2,8 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at <http://mozilla.org/MPL/2.0/>. */-import {- getBreakpointsForSource,- initialBreakpointsState,-} from "../breakpoints";+import { initialBreakpointsState } from "../breakpoints";+import { getBreakpointsForSource } from "../../selectors/breakpoints"; import { makeMockBreakpoint, makeMockSource } from "../../utils/test-mockup";
Based on the provided diff, I'll analyze it for potential security vulnerabilities:
Vulnerability Existed: no
Code Organization Improvement [devtools/client/debugger/src/reducers/tests/breakpoints.spec.js] [Lines 2-8]
[Old Code]
import {
getBreakpointsForSource,
initialBreakpointsState,
} from "../breakpoints";
[Fixed Code]
import { initialBreakpointsState } from "../breakpoints";
import { getBreakpointsForSource } from "../../selectors/breakpoints";
Analysis:
1. This appears to be a code organization/refactoring change rather than a security fix.
2. The change moves the import of `getBreakpointsForSource` from the breakpoints reducer file to the breakpoints selectors file.
3. This is likely part of a larger architectural improvement to better separate concerns between reducers and selectors.
4. No actual security vulnerability is being addressed here - it's purely about code organization and maintainability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/webrtc/jsep/JsepSessionImpl.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/webrtc/jsep/JsepSessionImpl.cpp@@ -1127,11 +1127,11 @@ NS_ENSURE_SUCCESS(rv, rv); transceiver->mSendTrack.SetActive(sending);- transceiver->mSendTrack.Negotiate(answer, remote);+ transceiver->mSendTrack.Negotiate(answer, remote, local); JsepTrack& recvTrack = transceiver->mRecvTrack; recvTrack.SetActive(receiving);- recvTrack.Negotiate(answer, remote);+ recvTrack.Negotiate(answer, remote, local); if (transceiver->HasBundleLevel() && recvTrack.GetSsrcs().empty() && recvTrack.GetMediaType() != SdpMediaSection::kApplication) {@@ -1466,7 +1466,7 @@ return NS_OK; }-JsepTransceiver* JsepSessionImpl::GetTransceiverForLevel(size_t level) {+JsepTransceiver* JsepSessionImpl::GetTransceiverForLevel(size_t level) const { for (auto& [id, transceiver] : mTransceivers) { (void)id; // Lame, but no better way to do this right now. if (transceiver->HasLevel() && (transceiver->GetLevel() == level)) {@@ -1477,7 +1477,8 @@ return nullptr; }-JsepTransceiver* JsepSessionImpl::GetTransceiverForMid(const std::string& mid) {+JsepTransceiver* JsepSessionImpl::GetTransceiverForMid(+ const std::string& mid) const { for (auto& [id, transceiver] : mTransceivers) { (void)id; // Lame, but no better way to do this right now. if (transceiver->IsAssociated() && (transceiver->GetMid() == mid)) {@@ -1561,7 +1562,7 @@ } JsepTransceiver* JsepSessionImpl::GetTransceiverWithTransport(- const std::string& transportId) {+ const std::string& transportId) const { for (const auto& [id, transceiver] : mTransceivers) { (void)id; // Lame, but no better way to do this right now. if (transceiver->HasOwnTransport() &&@@ -2054,91 +2055,33 @@ void JsepSessionImpl::SetupDefaultCodecs() { // Supported audio codecs.- // Per jmspeex on IRC:- // For 32KHz sampling, 28 is ok, 32 is good, 40 should be really good- // quality. Note that 1-2Kbps will be wasted on a stereo Opus channel- // with mono input compared to configuring it for mono.- // If we reduce bitrate enough Opus will low-pass us; 16000 will kill a- // 9KHz tone. This should be adaptive when we're at the low-end of video- // bandwidth (say <100Kbps), and if we're audio-only, down to 8 or- // 12Kbps.+ mSupportedCodecs.emplace_back(JsepAudioCodecDescription::CreateDefaultOpus());+ mSupportedCodecs.emplace_back(JsepAudioCodecDescription::CreateDefaultG722());+ mSupportedCodecs.emplace_back(JsepAudioCodecDescription::CreateDefaultPCMU());+ mSupportedCodecs.emplace_back(JsepAudioCodecDescription::CreateDefaultPCMA()); mSupportedCodecs.emplace_back(- new JsepAudioCodecDescription("109", "opus", 48000, 2));-- mSupportedCodecs.emplace_back(- new JsepAudioCodecDescription("9", "G722", 8000, 1));-- mSupportedCodecs.emplace_back(- new JsepAudioCodecDescription("0", "PCMU", 8000, 1));-- mSupportedCodecs.emplace_back(- new JsepAudioCodecDescription("8", "PCMA", 8000, 1));-- mSupportedCodecs.emplace_back(- new JsepAudioCodecDescription("101", "telephone-event", 8000, 1));+ JsepAudioCodecDescription::CreateDefaultTelephoneEvent()); bool useRtx = mRtxIsAllowed && Preferences::GetBool("media.peerconnection.video.use_rtx", false); // Supported video codecs. // Note: order here implies priority for building offers!- UniquePtr<JsepVideoCodecDescription> vp8(- new JsepVideoCodecDescription("120", "VP8", 90000));- // Defaults for mandatory params- vp8->mConstraints.maxFs = 12288; // Enough for 2048x1536- vp8->mConstraints.maxFps = 60;- if (useRtx) {- vp8->EnableRtx("124");- }- mSupportedCodecs.push_back(std::move(vp8));-- UniquePtr<JsepVideoCodecDescription> vp9(- new JsepVideoCodecDescription("121", "VP9", 90000));- // Defaults for mandatory params- vp9->mConstraints.maxFs = 12288; // Enough for 2048x1536- vp9->mConstraints.maxFps = 60;- if (useRtx) {- vp9->EnableRtx("125");- }- mSupportedCodecs.push_back(std::move(vp9));-- UniquePtr<JsepVideoCodecDescription> h264_1(- new JsepVideoCodecDescription("126", "H264", 90000));- h264_1->mPacketizationMode = 1;- // Defaults for mandatory params- h264_1->mProfileLevelId = 0x42E00D;- if (useRtx) {- h264_1->EnableRtx("127");- }- mSupportedCodecs.push_back(std::move(h264_1));-- UniquePtr<JsepVideoCodecDescription> h264_0(- new JsepVideoCodecDescription("97", "H264", 90000));- h264_0->mPacketizationMode = 0;- // Defaults for mandatory params- h264_0->mProfileLevelId = 0x42E00D;- if (useRtx) {- h264_0->EnableRtx("98");- }- mSupportedCodecs.push_back(std::move(h264_0));-- UniquePtr<JsepVideoCodecDescription> ulpfec(new JsepVideoCodecDescription(- "123", // payload type- "ulpfec", // codec name- 90000 // clock rate (match other video codecs)- ));- mSupportedCodecs.push_back(std::move(ulpfec));-- mSupportedCodecs.emplace_back(new JsepApplicationCodecDescription(- "webrtc-datachannel", WEBRTC_DATACHANNEL_STREAMS_DEFAULT,- WEBRTC_DATACHANNEL_PORT_DEFAULT,- WEBRTC_DATACHANNEL_MAX_MESSAGE_SIZE_LOCAL));-- UniquePtr<JsepVideoCodecDescription> red(new JsepVideoCodecDescription(- "122", // payload type- "red", // codec name- 90000 // clock rate (match other video codecs)- ));+ mSupportedCodecs.emplace_back(+ JsepVideoCodecDescription::CreateDefaultVP8(useRtx));+ mSupportedCodecs.emplace_back(+ JsepVideoCodecDescription::CreateDefaultVP9(useRtx));+ mSupportedCodecs.emplace_back(+ JsepVideoCodecDescription::CreateDefaultH264_1(useRtx));+ mSupportedCodecs.emplace_back(+ JsepVideoCodecDescription::CreateDefaultH264_0(useRtx));+ mSupportedCodecs.emplace_back(+ JsepVideoCodecDescription::CreateDefaultUlpFec());++ mSupportedCodecs.emplace_back(+ JsepApplicationCodecDescription::CreateDefault());++ auto red = JsepVideoCodecDescription::CreateDefaultRed(); // Update the redundant encodings for the RED codec with the supported // codecs. Note: only uses the video codecs. red->UpdateRedundantEncodings(mSupportedCodecs);
I'll analyze the code diff and provide the security findings following the specified format.
1. First finding:
Vulnerability Existed: not sure
[Potential Information Leak] [dom/media/webrtc/jsep/JsepSessionImpl.cpp] [1127-1131]
[Old Code]
transceiver->mSendTrack.Negotiate(answer, remote);
recvTrack.Negotiate(answer, remote);
[Fixed Code]
transceiver->mSendTrack.Negotiate(answer, remote, local);
recvTrack.Negotiate(answer, remote, local);
Additional Details: The change adds a 'local' parameter to Negotiate calls. While not clearly a security fix, it might relate to better handling of local/remote state which could prevent information leaks.
2. Second finding:
Vulnerability Existed: not sure
[Const Correctness Fix] [dom/media/webrtc/jsep/JsepSessionImpl.cpp] [1466-1477, 1477-1488, 1561-1570]
[Old Code]
JsepTransceiver* JsepSessionImpl::GetTransceiverForLevel(size_t level)
JsepTransceiver* JsepSessionImpl::GetTransceiverForMid(const std::string& mid)
JsepTransceiver* JsepSessionImpl::GetTransceiverWithTransport(const std::string& transportId)
[Fixed Code]
JsepTransceiver* JsepSessionImpl::GetTransceiverForLevel(size_t level) const
JsepTransceiver* JsepSessionImpl::GetTransceiverForMid(const std::string& mid) const
JsepTransceiver* JsepSessionImpl::GetTransceiverWithTransport(const std::string& transportId) const
Additional Details: Adding 'const' to these methods improves const correctness. While not directly a security fix, it could prevent accidental modifications that might lead to security issues.
3. Third finding:
Vulnerability Existed: not sure
[Codec Configuration Hardening] [dom/media/webrtc/jsep/JsepSessionImpl.cpp] [2054-2110]
[Old Code]
Manual creation of codec descriptions with hardcoded parameters
[Fixed Code]
Using factory methods (CreateDefault*) for codec descriptions
Additional Details: The change replaces manual codec configuration with standardized factory methods. This could prevent misconfigurations that might lead to security vulnerabilities, though no specific vulnerability is evident.
Note: While none of these changes clearly fix specific known vulnerabilities, they appear to be general hardening improvements that could prevent potential security issues. The most significant change is the move to factory methods for codec configuration, which could prevent misconfigurations that might lead to security problems.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-fonts/font-variant-caps.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-fonts/font-variant-caps.html@@ -5,7 +5,6 @@ <link rel="author" title="John Daggett" href="mailto:[email protected]"/> <link rel="help" href="http://www.w3.org/TR/css-fonts-3/#font-variant-caps-prop"/> <link rel="match" href="font-variant-caps-ref.html"/>-<meta name="flags" content=""/> <meta name="assert" content="Values of font-variant-caps should enable specific features without enabling others"/> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <script type="text/javascript" src="support/fonts/gsubtest-features.js"></script>
After analyzing the provided code diff, here's the security assessment: Vulnerability Existed: no [No specific vulnerability found] [testing/web-platform/tests/css/css-fonts/font-variant-caps.html] [Lines 5] [Old Code] <meta name="flags" content=""/> [Fixed Code] [Removed line] Additional Details: 1. The change simply removes an empty meta tag with no content or functionality impact. 2. This appears to be a test file cleanup rather than a security fix. 3. No actual security vulnerability was addressed or could be identified in this change. 4. The modification doesn't affect any security-relevant functionality or introduce/remove any security controls.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-values/calc-background-position-002.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-values/calc-background-position-002.html@@ -7,7 +7,6 @@ <link rel="author" title="Gérard Talbot" href="http://www.gtalbot.org/BrowserBugsSection/css21testsuite/"> <link rel="help" href="https://www.w3.org/TR/css-values-3/#calc-computed-value">- <meta name="flags" content=""> <meta content="This test verifies how 6 calc() functions are computed for 'background-position'." name="assert"> <script src="/resources/testharness.js"></script>
After analyzing the provided code diff, here's the security assessment: Vulnerability Existed: no No security vulnerability found [File] testing/web-platform/tests/css/css-values/calc-background-position-002.html [Lines] 7 [Old Code] <meta name="flags" content=""> [Fixed Code] (line removed) Additional Details: The change simply removes an empty meta tag that wasn't serving any apparent purpose. This appears to be a code cleanup rather than a security fix. The "flags" meta tag was commonly used in test files to specify test requirements, but its removal doesn't indicate any security vulnerability was present or fixed. No other vulnerabilities were identified in this diff. The change is minor and doesn't appear to be security-related.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/toolkit/themes/shared/aboutReader.css+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/toolkit/themes/shared/aboutReader.css@@ -809,3 +809,13 @@ .reader-show-element { display: initial; }++/* Provide extra spacing for images that may be aided with accompanying element such as <figcaption> */+.moz-reader-block-img:not(:last-child) {+ margin-block-end: 12px;+}++.moz-reader-wide-table {+ overflow-x: auto;+ display: block;+}
After analyzing the provided CSS diff, I don't find any security-related changes. The changes appear to be purely stylistic and layout improvements for the reader view. Here's the analysis following your requested format:
Vulnerability Existed: no
No security vulnerability found [File] [Lines 809-822]
[Old Code]
.reader-show-element {
display: initial;
}
[Fixed Code]
.reader-show-element {
display: initial;
}
/* Provide extra spacing for images that may be aided with accompanying element such as <figcaption> */
.moz-reader-block-img:not(:last-child) {
margin-block-end: 12px;
}
.moz-reader-wide-table {
overflow-x: auto;
display: block;
}
The changes consist of:
1. Adding spacing for images with captions
2. Adding overflow handling for wide tables
These are UI/UX improvements rather than security fixes. No security vulnerabilities are addressed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/pin-project/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/pin-project/.cargo-checksum.json@@ -1 +1 @@-{"files":{"CHANGELOG.md":"4c3239f57d11cfc1ef9a851420152850c001eea2814ca813e80c304859814a69","Cargo.lock":"9e7e46576f2f2ee96a85ba552225114e9690cdf83482cd0d35ea36f44edddd07","Cargo.toml":"dcd603451d9eb8f3ba65d08ac2df3554c7599275a76c7e0b35f5dcaa3fb9cca9","LICENSE-APACHE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","README.md":"18eac0021ee384fa8f377583887ba5da3ffe5255e8b9539dde8933aa555c6aa4","examples/README.md":"86f688e188b258f706e9344b31d28bcf15e22e130acd84bb7af7201fb62e16f7","examples/enum-default-expanded.rs":"b0b334914c4a8f6edf8f84fbfcad2fca263d6842c8c614a8f1d9c521e90f6096","examples/enum-default.rs":"01e1d285ffbb87aa70950c0ec184b395f7faf0667a1fc874b4de509e3e3c8d5c","examples/not_unpin-expanded.rs":"36e303e622b3588b8f0f5bbda69d6e7382c99cf9fb09242fbaf4f0e97cc074c8","examples/not_unpin.rs":"3e43439c521089f7f58a411fb823827433c7476a0b41aecd26a6ce5f0c99e405","examples/pinned_drop-expanded.rs":"9c19f3bb73753b7dd189db64b0a984b8b7e2028651ec575fb843ee03aad5579a","examples/pinned_drop.rs":"8913e9b0b7851d470c3f15e40930af16c79f5ee8b4a947cac8235361b427db30","examples/project_replace-expanded.rs":"46364eb6ad9849fe921f1cf50a351a409eab0ba60eb901eec24f044af45ae5cb","examples/project_replace.rs":"352d10d7a2db3de0101faedd04d69c24b9bb5021c768199a379c233886a3881c","examples/struct-default-expanded.rs":"589dd3d2475dcf67261620fd5ec6cf8fccc92188df01a3e72fa41ac5561a6949","examples/struct-default.rs":"eb60ea5412e83ac9eba96794b31772afe0798bef304b26bff65b6845638bb729","examples/unsafe_unpin-expanded.rs":"87f0e32b62d489dcfe899b26d07deee5ea60764306346b4eb802999dba5064f8","examples/unsafe_unpin.rs":"7da585f423999dcbe03289a72b14a29fed41a45a774de1af2fe93cb20aa8d426","src/lib.rs":"ca649a7b5f6a326db21eb3ec979b081ee6ef019a695a2912e3735da96e7779ad","tests/cfg.rs":"31a3c409275c86f9dcfd314eaacdd31276fdbd1a05760d190b189b7a5a597aaf","tests/compiletest.rs":"0bd788b5e52bd2778ba817292e1ba6174f74e779eb87489788ca5f5ee1a433e7","tests/drop_order.rs":"3a35a1a109dda4b5cd47aaf5e6e506f52165f023c9553c6bd61581857c0e2d82","tests/include/basic-safe-part.rs":"dc7ae2a983e05028e55b6b00eba7490399991bec304762477b433bf59f06296a","tests/include/basic.rs":"855d9cc4657be080337c07f8bb5f82747a72a22e63e1103b00914a4448937970","tests/lint.rs":"e694d1e80b2cdfb9dd049fda4f48a856e12f1082dee5d9fb0c8ff6c71e4ad17f","tests/pin_project.rs":"f730e98acacda83f40fd4efcf15289ccf0cf5964dc4f83be214756ffd9138678","tests/pinned_drop.rs":"2951d0e117cacc0b1b2c778d1735289ec123f262560fde2bda51f3994dee7c36","tests/project.rs":"22b77e4474bfc7b76f1f508e53b74b5b560d5dca9422dc35a3f7810a35654dcc","tests/project_if_attr.rs.in":"2030a358cbd6c722c173c84615ce07087cf67d9ab85cbff19fb2d36789acea56","tests/project_ref.rs":"787c4f374203821ba3dda31d8c3e225b78ce16e5bae9c6c356ca5a7e123b3e21","tests/project_replace.rs":"9537b0d0db20c2a1ae4523fc7dcf801379031866708be41c150e80f603ac849a","tests/repr_packed.rs":"3845a63e1de4176fd8c415c4a2ba7236daa143776e7d86d1ae37e32db36b8bf8","tests/sized.rs":"d976a125da3691805383b32aaac9153145250bd0d013f3e9aad16faa5c7a604c","tests/ui/cfg/cfg_attr-resolve.rs":"f0807b6db56e2842d87cf694f929fd6695addf1ac4e8ce5fb83552447e1cb58d","tests/ui/cfg/cfg_attr-resolve.stderr":"b247cbcb9d02d99368ca708650d5d08d2c2beaf5817499e52d59fbb8be85f144","tests/ui/cfg/cfg_attr-type-mismatch.rs":"ef82a8dc600bad0fe861419119145d8f117cbe6ddbdbc5338dad8b7182756a2c","tests/ui/cfg/cfg_attr-type-mismatch.stderr":"2e6dc422f4c66a8370fb41dfcef9ae1445dfbf17089839b007d8d2f4ef1f36d3","tests/ui/cfg/cfg_attr-unpin.rs":"02cd72d7b6a9e08e85ec8cf3a325d773422c5ebe712213dc0907544d9976711e","tests/ui/cfg/cfg_attr-unpin.stderr":"7fc0b62d45e742ea9edcac6621421b457b6e97badf68bdfc8f1a28404cd7ee42","tests/ui/cfg/packed_sneaky-span-issue-1.rs":"22688e4dacaed9437d9fbcd18c2044a8f037bf77bd0bdf498a5118bda99813a7","tests/ui/cfg/packed_sneaky-span-issue-1.stderr":"a43e2ca9d1e1bcbff9958e8d17a7399f2559eb471e59ad0966e22f4575e2e63c","tests/ui/cfg/packed_sneaky-span-issue-2.rs":"42d00141ddc12f6e7f7c779f51157cd8154c11f8eff54d53a9d93391c4caf51b","tests/ui/cfg/packed_sneaky-span-issue-2.stderr":"29cfc998bf955861060a60e64b76fbeb8f162215810f77a68cf92bc41c501480","tests/ui/cfg/packed_sneaky.rs":"ebd6d5ccc813ad3939f25a20008ee97201db1d4dc6808461e98e46f2c83f56c3","tests/ui/cfg/packed_sneaky.stderr":"e1a1004b1ba981fcf7ffe984496db3c898c48653fc0af8a15f2ebb118424229b","tests/ui/cfg/proper_unpin.rs":"3e6ddbe86e8ee2c4366f83ce7ef89428bba73b2bb1b8ede166b1ce3bb1e88696","tests/ui/cfg/proper_unpin.stderr":"e913a77424b810de7af1f2aaef9224d11f2094cc9aace2459640a1fdf0a4f5be","tests/ui/cfg/unsupported.rs":"b774675e0cee115c5e64ddd59008671de313d15b3b14de825f904bd25e1c3dea","tests/ui/cfg/unsupported.stderr":"3823b976a6249172240d92ecea66f9f1a668579fed27dba480493a09cb3b4da1","tests/ui/not_unpin/assert-not-unpin.rs":"5b2f25d54a869eaf5840755c05cb2c74a1c12ca0470db1264442f6933185a2ad","tests/ui/not_unpin/assert-not-unpin.stderr":"590febacef1b855ad5a484ce147a5108c63f0cc5003f27bbeab921b48b9bb235","tests/ui/not_unpin/conflict-unpin.rs":"e83eaaa14879ed2cbfe64a81bb9da752d9cb90003f6f4f39195767f3edbc3aaf","tests/ui/not_unpin/conflict-unpin.stderr":"10fc857f512f96094f692b1e77b70fa4572813615e6c1fba3bbef1ea90b0d209","tests/ui/not_unpin/impl-unsafe-unpin.rs":"5da7d3f5e5ee95e18040b9a524515ec1af0e8b2fd78c017bf32e60d17e92234e","tests/ui/not_unpin/impl-unsafe-unpin.stderr":"06fe05c9add993d99bcc0861fa883f07b91ad24ea2d1197d82577167454cf524","tests/ui/pin_project/add-attr-to-struct.rs":"46db75d07e8e66078062fe9976f1341a82b5daac05cee04485970c23ce1ef4e5","tests/ui/pin_project/add-attr-to-struct.stderr":"b23f7f2e477eb2357cb42b6ec00b8f2369233af931f3d2a8c7ea0f95d20dadbe","tests/ui/pin_project/add-pinned-field.rs":"8b55ad123ed35191b988341e4747a2aa3ae115db307ff0bb3aecceff013aa710","tests/ui/pin_project/add-pinned-field.stderr":"bc0187f0238bb610d387e99b9e18e8cab80976a89bf5e03f4022be40aa7df7cf","tests/ui/pin_project/conflict-drop.rs":"93137ac53f3114038550037b304ee97c8f0e01c6f517bfdec32f9be867c5533b","tests/ui/pin_project/conflict-drop.stderr":"9391babf5065f0f19e386625426b55f7583c64c1acd9a1153421d94458106988","tests/ui/pin_project/conflict-unpin.rs":"56d8f0eb22d547f5f9954bd37ca31c5b58b9d60bc5dc5b8c70f7d73cf8844649","tests/ui/pin_project/conflict-unpin.stderr":"3aed74d6895be645c3c81cdfc5f9a6ebfe3e7fa92713998b1a5dadf9b26c9709","tests/ui/pin_project/impl-unsafe-unpin.rs":"0b8a032993740be80ba1510b21f0c664e9776421395707712dee12fbfc637efb","tests/ui/pin_project/impl-unsafe-unpin.stderr":"7cc101828f7c344d6b04118e832822e31fef95b57803f5c6a317d57f92030d10","tests/ui/pin_project/invalid.rs":"9ebc49e9038cc09ea92091cc7897b131b294520941d9b4eef47ccebe3243651d","tests/ui/pin_project/invalid.stderr":"fbb2c6e1306c242744a22beb95a25ecc68aab2ec2a868f4a76e12858ec25fd94","tests/ui/pin_project/overlapping_unpin_struct.rs":"d563525d945e970841002cc1f93822f50cfb9c81586363e2038a9aabf0a66ad3","tests/ui/pin_project/overlapping_unpin_struct.stderr":"99c6928adc63964a5e3a7e45690641a44351c090414d7a32f44132b4c18cf138","tests/ui/pin_project/packed-enum.rs":"31739a04fab97a3300c50ccefd5ddce7b8e200fab0e48fb7160fb8a54c0365da","tests/ui/pin_project/packed-enum.stderr":"3d7866edb7bfef91082dc897ae18e183d99df49fb80e5218145a9515ea7a0893","tests/ui/pin_project/packed-name-value.rs":"cb0b6043326074d49398f091215fd7e69202e0d7a132539aec0e302d59b99237","tests/ui/pin_project/packed-name-value.stderr":"1bd4384e9dae41d1c8a7cc017049e73d42a363c290eeedf51a129b0d75adff7d","tests/ui/pin_project/packed.rs":"7a66b7c2ca8253cfd6774a339d74400966e85c73ef59f54ad66d9f1b02ea5db7","tests/ui/pin_project/packed.stderr":"f47c0b7930ed67b5a80347dad924d0d26245fd21d8f0abe78b76aafddadd2d87","tests/ui/pin_project/packed_sneaky-1.rs":"96a01014669ccff0f4ea68c1695b885bdb4ebda88084396d15485534864255d6","tests/ui/pin_project/packed_sneaky-1.stderr":"ac490bd0b67b3740e9bac68115c07826ee9b6e6b99b35f9374f8ee7c6dfef7a8","tests/ui/pin_project/packed_sneaky-2.rs":"72d32a127f4e1430e7f964b574f224baf1a65aa7794cb9a6dd3d4d6669af4a12","tests/ui/pin_project/packed_sneaky-2.stderr":"7d9a3be663ed010b2d510c0d5a5a719df282630362786d73832c90276417b140","tests/ui/pin_project/private_in_public-enum.rs":"6c882b9c77773fe47ec083bfeff9624267b1efa1ef38438806c3fb9073c6c1a9","tests/ui/pin_project/private_in_public-enum.stderr":"9e6b14e18aaf592e5ee95513cabcf711423d0321e95315661db28cfc992d79ab","tests/ui/pin_project/project_replace_unsized.rs":"96b7ba5a511cac1fc94a942bbe0c922c9647584b7323f78b54f13f73047d8c7a","tests/ui/pin_project/project_replace_unsized.stderr":"0e674f92f2af591ec9fc57c21864d2dbc40154a68f874562fbbb11aadb064f34","tests/ui/pin_project/project_replace_unsized_fn_params.rs":"5ae9886df3c6f6fee6346afa6241e4a3d55206dc3643f45b2d9bd0b6d25a6673","tests/ui/pin_project/project_replace_unsized_fn_params.stderr":"7b4fdf4ed7272f3275723a2c1087925f9bce72b9f454a1dc4abf106dee5d9142","tests/ui/pin_project/proper_unpin.rs":"8a5d0990f2f300f8cd33d93da93340e2a73a3e277d780865a9c8f018f19d25f5","tests/ui/pin_project/proper_unpin.stderr":"0560d798ebddd44e41978b57fec33fcf1abf3ed23c525fd2a1da06a7a8eceec7","tests/ui/pin_project/remove-attr-from-field.rs":"2334cb1658ec4ecec34f9dea8bc47e1653436b08213291a57b436e111312eafc","tests/ui/pin_project/remove-attr-from-field.stderr":"1b8ebd6d32ebdfc9c6823173dce28e426783d47b381195151a86b5725bd353bb","tests/ui/pin_project/remove-attr-from-struct.rs":"567deece4945ebad3f3e667ce0290e040649bfa2987f71769006cb8e13b39e4d","tests/ui/pin_project/remove-attr-from-struct.stderr":"d77fa0367a32a6a50b8b7abf330cdf847cc350fa1bc27a3b93d2ffbbec51354c","tests/ui/pin_project/safe_packed_borrows.rs":"acfc609302294b17abc9dbbbb90483c229bb07b5eb76e68ab2823151b8fee659","tests/ui/pin_project/safe_packed_borrows.stderr":"97e49ae8b071654a143a8f4c1b4d6d98aa859fca455ccf99c047fbbab7b6ad0e","tests/ui/pin_project/unaligned_references.rs":"9b770e9f79e04bf3f4250e1122f9fe3899e6cd03934e274aa02f469f76820fc5","tests/ui/pin_project/unaligned_references.stderr":"03264335331ee68c8cfd943a0fb676840876b4318a1ef1440c8eb143559926a2","tests/ui/pin_project/unpin_sneaky.rs":"7920d4e05142a0277bd9daeb40457586ec3be27372d797087aa9b693607efacd","tests/ui/pin_project/unpin_sneaky.stderr":"2325012761dad731f29453b7eaf6055c3041b92c36ab2eef0e9b989967d90156","tests/ui/pin_project/visibility.rs":"6f5ba3342d500623d81cb719135b7f8c15f7927d7d31c71bb506c1bd97e646f4","tests/ui/pin_project/visibility.stderr":"d51bcf8916b49916e6e9576850bcc679c7b9b26efcaf1a4c56380c0ac95555bd","tests/ui/pinned_drop/call-drop-inner.rs":"4ae96a18e16a1fe81132a2f5ed9a4a3c4ccda686b5b523bb061d0691559c84a0","tests/ui/pinned_drop/call-drop-inner.stderr":"a9e609e5c0be96385cb3027992fa55401679f7496ec60035e24ef7edd0d54f06","tests/ui/pinned_drop/conditional-drop-impl.rs":"c0d1633612f652d659d90fed585db7f95af6b3f09150a6d548ea247677c4537c","tests/ui/pinned_drop/conditional-drop-impl.stderr":"b01063e54a9e8336d308756a7c3f0b649a6292c34c118582845e04abe1613a2c","tests/ui/pinned_drop/forget-pinned-drop-impl.rs":"329ceecba3e51ead54aeb66d48553e988a00475c37d71c9c72c9a09094199131","tests/ui/pinned_drop/forget-pinned-drop-impl.stderr":"86703f23de25249998d540bbf09110b013ffe255631a5d7486a9861ec44f8a46","tests/ui/pinned_drop/invalid-self.rs":"77f671353e055f3673a4a864d99dafe2930a4d62c90454ab550427c4c062355f","tests/ui/pinned_drop/invalid-self.stderr":"c00cb19f737eed58a9b21624352d421a30d88af6af9965a95d2fd7c8d7f538a0","tests/ui/pinned_drop/invalid.rs":"e1ca69decc33bb26c971718e6c9a6cafd89d6644f41086879b27c034161de3c4","tests/ui/pinned_drop/invalid.stderr":"e743d00453f14bb7846b0f442ec189d58ab26c6284cd27cb7fe997ce630b31cb","tests/ui/pinned_drop/pinned-drop-no-attr-arg.rs":"6097441094e69ae18887171c8528900ae018707d3cfa03e2d3dc13fd06c58837","tests/ui/pinned_drop/pinned-drop-no-attr-arg.stderr":"af119418b4a88f62d538e248313596b0c528ceedaf79b94f99207f00860a634d","tests/ui/pinned_drop/self.rs":"fcbea30041edafeb21aa18760aad87db38cda611ad936175fe164a164c771a92","tests/ui/pinned_drop/self.stderr":"b0abcc97f0eae9371c031a8fed0a5a6e9db768ef094d651a6b5755b09ada297c","tests/ui/pinned_drop/unsafe-call.rs":"1b23d07e843c9324c85472482ab3301af7d99c425cd275f2abfbeb5838281403","tests/ui/pinned_drop/unsafe-call.stderr":"08919a4a8ad8c4cd77b7825afcec63102711f4b218a7126644dba421ff9bf0b3","tests/ui/project/ambiguous-let.rs":"17fdbc0edf5156653ee4fb7687aab49457bd4e6bd20d98e30506fdd292dfb672","tests/ui/project/ambiguous-let.stderr":"9bc39a7da2a9a0a4e5d5731033c3a47ad9201085b1477d95ca64b66777ca2ef6","tests/ui/project/deprecated.rs":"afa0585ca3296572c10a2fdbb7ff8ae532311ed4384712886d6e9465281b546e","tests/ui/project/deprecated.stderr":"30a64fe74b20bf7472c531897c6859345950ceda82269f857ee78594edbc0e5b","tests/ui/project/invalid.rs":"72f196c25eda76828ef9f1217e786c019a831e9ca71f7d9292dde77171d83ae4","tests/ui/project/invalid.stderr":"4a2da80aad0882542f631ac1f31f002ebf102a4440be630847081cb1f486d715","tests/ui/project/type-mismatch.rs":"bea9bded3e610d338248a197e6159b0ebecdebe4095601ddb3eef0a43bee327b","tests/ui/project/type-mismatch.stderr":"97df0b71112805a7fa170b14a409823c2b9da7113dea479f659981f3758738f2","tests/ui/project/use-public.rs":"43fa6391c3b3018950d9d0a6dee29e9484e3d37a690f4c36c2d424b545ff949d","tests/ui/project/use-public.stderr":"d91abfdeb1305ca5c8dcbe4001c92b6569a640fd3834624bf1e1039646c753e3","tests/ui/project/use.rs":"bd87883ff31fa949dca57d05bcc27373accee8ee2c437ce78f1d3b74b8a33218","tests/ui/project/use.stderr":"8df2ee80d85d06e0eaea0c85436f8be3e9e867d11bcf30531db9a311b2979416","tests/ui/unsafe_unpin/conflict-unpin.rs":"5752570223ddfa9aebdbb27d466e4440aef94b2795b144e0af4935acdbf5677d","tests/ui/unsafe_unpin/conflict-unpin.stderr":"b827aacd1cc6a8643286cc1fcafa5dd225bcd94388007131f9af46e3f786b572","tests/ui/unsafe_unpin/not-implement-unsafe-unpin.rs":"cc63daa89bae170521449219e3b5b964decdcb4f5e7180d4df84ccc0031c0170","tests/ui/unsafe_unpin/not-implement-unsafe-unpin.stderr":"0b27feeca14e4456e42f53beb03ffcfa32020d7492b635d2c273be2b44a21f11","tests/ui/unsafe_unpin/proper_unpin.rs":"86c99f092bd3118e36c17f637e4884e90c9a7406b0c092c092c6cd292d611749","tests/ui/unsafe_unpin/proper_unpin.stderr":"196b916763d89d7c073a7003d157f3da3aa2317a51752ccd534d12d97fbe8d4d","tests/ui/unstable-features/README.md":"4d828aa223e725f5177513eb72fd0c9670f467aecdfbdd3d9758e35ab17f7daf","tests/ui/unstable-features/marker_trait_attr-feature-gate.rs":"e403718e5f23f6ffb6afbaee87c291b80392fcc4462ac874250dcc089e9147fd","tests/ui/unstable-features/marker_trait_attr-feature-gate.stderr":"ac1c2a49f259bf9fc00bd279f76a2c51a7a318d0d51de829612722930b5c38b5","tests/ui/unstable-features/marker_trait_attr.rs":"f4a5aabb76983ac286f26fbf29127ead115700adcf4373b7e74f78e6162ff28c","tests/ui/unstable-features/marker_trait_attr.stderr":"94aa75cdcc28fb5c5c273040d24659686defb95f11223760c2c588b2c3c2a91c","tests/ui/unstable-features/overlapping_marker_traits-feature-gate.rs":"59f36a4b4e91fd97367679fd5decac8d603fc91a970df22e3f4628a5a02151da","tests/ui/unstable-features/overlapping_marker_traits-feature-gate.stderr":"d8858f24546c7bb6028e574c2c53aa616fe22f4283b9c3c49bf87bfcd5131ba1","tests/ui/unstable-features/overlapping_marker_traits.rs":"30b3192c9bee17542edc9e1ba50010e2ba62e5a3bfc7b58adf7d10876e4159e1","tests/ui/unstable-features/overlapping_marker_traits.stderr":"b5b8333503a83adb5dfdb7ea6d0b20e36748aebaee2f687c7c3786d547b9558f","tests/ui/unstable-features/run-pass/stmt_expr_attributes.rs":"86f941e6f8924c5fc5c7fc821f9335601139d4d3e8b6c923fbab5673f8749eb7","tests/ui/unstable-features/stmt_expr_attributes-feature-gate.rs":"01b9a6f8eae9686c1803008c97e341fd1e7e4922e3cf88861a0df7ca53296efb","tests/ui/unstable-features/stmt_expr_attributes-feature-gate.stderr":"86c48776911cdff420ddd35d02276cbcf857b533a1b40673492e55482fab5f05","tests/ui/unstable-features/trivial_bounds-bug.rs":"4bf901287da21c757da24961a2122076de61a9d79ac201fd7301eeb2632c2b92","tests/ui/unstable-features/trivial_bounds-bug.stderr":"05a87e0c068ab662a1c2de316e96b0e1f98256df662150f359f134b37199d411","tests/ui/unstable-features/trivial_bounds-feature-gate.rs":"3b73733424449390a4083dfe222c728fcf964316efe6aa9794db384ffdf35686","tests/ui/unstable-features/trivial_bounds-feature-gate.stderr":"3a6da59e24cb87af318f4d8f5db35328752f815735faa1c31606a9b0f848bb77","tests/ui/unstable-features/trivial_bounds.rs":"e2b69a22254d6d6c1e30189165a94f86d5cb92b383c5534f80a7b6974d12f2cb","tests/ui/unstable-features/trivial_bounds.stderr":"353a44176436ee663eee83582d79163ace5084a9afd7a6b7643e3119ef87f33e","tests/unsafe_unpin.rs":"c6287ef01d4ba0338d2bdf6f9a30673435665a939dce2a74cb6a71820826b789"},"package":"918192b5c59119d51e0cd221f4d49dde9112824ba717369e903c97d076083d0f"}+{"files":{"CHANGELOG.md":"7f45ef95d3102b25f9c4c9181d60c361ce9f9ea3e689f5c1e7f4748a78fe07cd","Cargo.lock":"b0abc49a7c56c1b8303b75ac3903242d0ac8585e3d42e0aee47baf272d9e8ce1","Cargo.toml":"68e94c2bb6e737bd6d1aecff34f3d2223c1f6f672901290993f63a0c4f4f0964","LICENSE-APACHE":"cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30","LICENSE-MIT":"23f18e03dc49df91622fe2a76176497404e46ced8a715d9d2b67a7446571cca3","README.md":"18eac0021ee384fa8f377583887ba5da3ffe5255e8b9539dde8933aa555c6aa4","examples/README.md":"86f688e188b258f706e9344b31d28bcf15e22e130acd84bb7af7201fb62e16f7","examples/enum-default-expanded.rs":"b0b334914c4a8f6edf8f84fbfcad2fca263d6842c8c614a8f1d9c521e90f6096","examples/enum-default.rs":"01e1d285ffbb87aa70950c0ec184b395f7faf0667a1fc874b4de509e3e3c8d5c","examples/not_unpin-expanded.rs":"36e303e622b3588b8f0f5bbda69d6e7382c99cf9fb09242fbaf4f0e97cc074c8","examples/not_unpin.rs":"3e43439c521089f7f58a411fb823827433c7476a0b41aecd26a6ce5f0c99e405","examples/pinned_drop-expanded.rs":"9c19f3bb73753b7dd189db64b0a984b8b7e2028651ec575fb843ee03aad5579a","examples/pinned_drop.rs":"8913e9b0b7851d470c3f15e40930af16c79f5ee8b4a947cac8235361b427db30","examples/project_replace-expanded.rs":"46364eb6ad9849fe921f1cf50a351a409eab0ba60eb901eec24f044af45ae5cb","examples/project_replace.rs":"352d10d7a2db3de0101faedd04d69c24b9bb5021c768199a379c233886a3881c","examples/struct-default-expanded.rs":"589dd3d2475dcf67261620fd5ec6cf8fccc92188df01a3e72fa41ac5561a6949","examples/struct-default.rs":"eb60ea5412e83ac9eba96794b31772afe0798bef304b26bff65b6845638bb729","examples/unsafe_unpin-expanded.rs":"87f0e32b62d489dcfe899b26d07deee5ea60764306346b4eb802999dba5064f8","examples/unsafe_unpin.rs":"7da585f423999dcbe03289a72b14a29fed41a45a774de1af2fe93cb20aa8d426","src/lib.rs":"763089653ee589367a02f920b8736756aeacde43a58c70472265dc4796a197ca","tests/cfg.rs":"31a3c409275c86f9dcfd314eaacdd31276fdbd1a05760d190b189b7a5a597aaf","tests/compiletest.rs":"0bd788b5e52bd2778ba817292e1ba6174f74e779eb87489788ca5f5ee1a433e7","tests/drop_order.rs":"3a35a1a109dda4b5cd47aaf5e6e506f52165f023c9553c6bd61581857c0e2d82","tests/include/basic-safe-part.rs":"dc7ae2a983e05028e55b6b00eba7490399991bec304762477b433bf59f06296a","tests/include/basic.rs":"855d9cc4657be080337c07f8bb5f82747a72a22e63e1103b00914a4448937970","tests/lint.rs":"88bfb95432ae83bf280dbef60e2e4d4565b30ae0ac1735717a97d0917a243371","tests/pin_project.rs":"f730e98acacda83f40fd4efcf15289ccf0cf5964dc4f83be214756ffd9138678","tests/pinned_drop.rs":"2951d0e117cacc0b1b2c778d1735289ec123f262560fde2bda51f3994dee7c36","tests/project.rs":"22b77e4474bfc7b76f1f508e53b74b5b560d5dca9422dc35a3f7810a35654dcc","tests/project_if_attr.rs.in":"2030a358cbd6c722c173c84615ce07087cf67d9ab85cbff19fb2d36789acea56","tests/project_ref.rs":"787c4f374203821ba3dda31d8c3e225b78ce16e5bae9c6c356ca5a7e123b3e21","tests/project_replace.rs":"9537b0d0db20c2a1ae4523fc7dcf801379031866708be41c150e80f603ac849a","tests/repr_packed.rs":"3845a63e1de4176fd8c415c4a2ba7236daa143776e7d86d1ae37e32db36b8bf8","tests/sized.rs":"d976a125da3691805383b32aaac9153145250bd0d013f3e9aad16faa5c7a604c","tests/ui/cfg/cfg_attr-resolve.rs":"f0807b6db56e2842d87cf694f929fd6695addf1ac4e8ce5fb83552447e1cb58d","tests/ui/cfg/cfg_attr-resolve.stderr":"36d01583be7282b5ad28ee462858ed646d09ee5d964ab01f9623a0de7a2bf504","tests/ui/cfg/cfg_attr-type-mismatch.rs":"ef82a8dc600bad0fe861419119145d8f117cbe6ddbdbc5338dad8b7182756a2c","tests/ui/cfg/cfg_attr-type-mismatch.stderr":"dc5da98a65d3cea3263d920f2bd49362fa4d183345393822c8ad4a146677df2a","tests/ui/cfg/cfg_attr-unpin.rs":"02cd72d7b6a9e08e85ec8cf3a325d773422c5ebe712213dc0907544d9976711e","tests/ui/cfg/cfg_attr-unpin.stderr":"0712f0d7f0743de276e2a83a3d144d0639600acb0139b939b4759e04044f1fe3","tests/ui/cfg/packed_sneaky-span-issue-1.rs":"22688e4dacaed9437d9fbcd18c2044a8f037bf77bd0bdf498a5118bda99813a7","tests/ui/cfg/packed_sneaky-span-issue-1.stderr":"deca5d37561748bb950b7cb2c9819b6018ba3e693c3d88ad24247f2ab8dbb8f5","tests/ui/cfg/packed_sneaky-span-issue-2.rs":"42d00141ddc12f6e7f7c779f51157cd8154c11f8eff54d53a9d93391c4caf51b","tests/ui/cfg/packed_sneaky-span-issue-2.stderr":"522489490b907e2e76ad382020726b49ba5a3ec95ab6b4585fd3327e9fd7ebe9","tests/ui/cfg/packed_sneaky.rs":"ebd6d5ccc813ad3939f25a20008ee97201db1d4dc6808461e98e46f2c83f56c3","tests/ui/cfg/packed_sneaky.stderr":"269fb48452b440985e17f0fe071a90a04bcd42be180116a6870ac3067a9cfd1f","tests/ui/cfg/proper_unpin.rs":"3e6ddbe86e8ee2c4366f83ce7ef89428bba73b2bb1b8ede166b1ce3bb1e88696","tests/ui/cfg/proper_unpin.stderr":"423d4eb94d3831bf498624968fdaac9a35a8f1df620f26ef80149684ca694589","tests/ui/cfg/unsupported.rs":"b774675e0cee115c5e64ddd59008671de313d15b3b14de825f904bd25e1c3dea","tests/ui/cfg/unsupported.stderr":"53e6245576c14f7d1d6fd4e2981ebcfe443d8ae708110ab1ed3f18f51340f4cd","tests/ui/not_unpin/assert-not-unpin.rs":"5b2f25d54a869eaf5840755c05cb2c74a1c12ca0470db1264442f6933185a2ad","tests/ui/not_unpin/assert-not-unpin.stderr":"8f37bd5ad84eb47f1473f023c4f3e85792d6c74f8fce06160579b7b9ff509156","tests/ui/not_unpin/conflict-unpin.rs":"e83eaaa14879ed2cbfe64a81bb9da752d9cb90003f6f4f39195767f3edbc3aaf","tests/ui/not_unpin/conflict-unpin.stderr":"1827ee49af6c08ad079d58ccd44f486cff08c88de68df60729f3838ff1ec2ee9","tests/ui/not_unpin/impl-unsafe-unpin.rs":"5da7d3f5e5ee95e18040b9a524515ec1af0e8b2fd78c017bf32e60d17e92234e","tests/ui/not_unpin/impl-unsafe-unpin.stderr":"bbc43a42e912d802e1c4b7b72db8172856293a5e7e01ff99287469bf018c162a","tests/ui/pin_project/add-attr-to-struct.rs":"46db75d07e8e66078062fe9976f1341a82b5daac05cee04485970c23ce1ef4e5","tests/ui/pin_project/add-attr-to-struct.stderr":"2979bcc33581a846b1ffebf851de4b9135ee972965144a26050d9f37bda3bf7b","tests/ui/pin_project/add-pinned-field.rs":"8b55ad123ed35191b988341e4747a2aa3ae115db307ff0bb3aecceff013aa710","tests/ui/pin_project/add-pinned-field.stderr":"8478c41754c866c0662ba3d1162226f9e01c111935a0b3a9a8f976e7c9f3dbe5","tests/ui/pin_project/conflict-drop.rs":"93137ac53f3114038550037b304ee97c8f0e01c6f517bfdec32f9be867c5533b","tests/ui/pin_project/conflict-drop.stderr":"4a5ed245afad8bc48c77086ed92e3f7c268b7414610f56c81e1bc7e31c52ed17","tests/ui/pin_project/conflict-unpin.rs":"56d8f0eb22d547f5f9954bd37ca31c5b58b9d60bc5dc5b8c70f7d73cf8844649","tests/ui/pin_project/conflict-unpin.stderr":"62139ec929df0668eacdb69d9304b61e4726527e0199133cc79ef59225aa281d","tests/ui/pin_project/impl-unsafe-unpin.rs":"0b8a032993740be80ba1510b21f0c664e9776421395707712dee12fbfc637efb","tests/ui/pin_project/impl-unsafe-unpin.stderr":"49def6e0a5cff7a5f0852697a7b153616195e814cbac486edd49f1239fb2af5d","tests/ui/pin_project/invalid.rs":"9ebc49e9038cc09ea92091cc7897b131b294520941d9b4eef47ccebe3243651d","tests/ui/pin_project/invalid.stderr":"b4b62860978f7b6d2f782ce976a2d16bbaee509d50852f4dcd7750a839c54f9f","tests/ui/pin_project/overlapping_unpin_struct.rs":"d563525d945e970841002cc1f93822f50cfb9c81586363e2038a9aabf0a66ad3","tests/ui/pin_project/overlapping_unpin_struct.stderr":"16a1181520be1c63aacc53b4f755de390819835e58eecb74f87a9b9edca9d875","tests/ui/pin_project/packed-enum.rs":"31739a04fab97a3300c50ccefd5ddce7b8e200fab0e48fb7160fb8a54c0365da","tests/ui/pin_project/packed-enum.stderr":"f9aae214e1e4d77261aa5a5f27e6ece24c4a5a551106e77c3681b16f9caacaa5","tests/ui/pin_project/packed-name-value.rs":"cb0b6043326074d49398f091215fd7e69202e0d7a132539aec0e302d59b99237","tests/ui/pin_project/packed-name-value.stderr":"7ad936f770b874a15a5820ec0417da3374bb9780093c2121c4d4c549b0514ccd","tests/ui/pin_project/packed.rs":"7a66b7c2ca8253cfd6774a339d74400966e85c73ef59f54ad66d9f1b02ea5db7","tests/ui/pin_project/packed.stderr":"2b9e7a0818e21f958536738035452d760b9fbd3784d2034b1732d2c8d4b85812","tests/ui/pin_project/packed_sneaky-1.rs":"96a01014669ccff0f4ea68c1695b885bdb4ebda88084396d15485534864255d6","tests/ui/pin_project/packed_sneaky-1.stderr":"208f36f5cee9839a37b3b465e9e375987e718124825a6e20a79b429bc1483c25","tests/ui/pin_project/packed_sneaky-2.rs":"72d32a127f4e1430e7f964b574f224baf1a65aa7794cb9a6dd3d4d6669af4a12","tests/ui/pin_project/packed_sneaky-2.stderr":"87c56be98d0c78a2ad8dfb00b1082174f0df1f533efdf14d429e1db991b37a3b","tests/ui/pin_project/private_in_public-enum.rs":"6c882b9c77773fe47ec083bfeff9624267b1efa1ef38438806c3fb9073c6c1a9","tests/ui/pin_project/private_in_public-enum.stderr":"350eda0292ffb6a2c2383922cc474887c14aae600a877af32419c574b58029e6","tests/ui/pin_project/project_replace_unsized.rs":"96b7ba5a511cac1fc94a942bbe0c922c9647584b7323f78b54f13f73047d8c7a","tests/ui/pin_project/project_replace_unsized.stderr":"a05c80ee426686cf18e9fdc50e5d576d1c5d8b4f1d09e5936337e9f412aa2ba9","tests/ui/pin_project/project_replace_unsized_fn_params.rs":"5ae9886df3c6f6fee6346afa6241e4a3d55206dc3643f45b2d9bd0b6d25a6673","tests/ui/pin_project/project_replace_unsized_fn_params.stderr":"38c3d6e790f7489eabca2e44a038184df77e00b92858285a732292805750f8df","tests/ui/pin_project/proper_unpin.rs":"8a5d0990f2f300f8cd33d93da93340e2a73a3e277d780865a9c8f018f19d25f5","tests/ui/pin_project/proper_unpin.stderr":"cd6183a2c35d36f16d913502f7b2a8b3084a064a1325fe53adef290223f68620","tests/ui/pin_project/remove-attr-from-field.rs":"2334cb1658ec4ecec34f9dea8bc47e1653436b08213291a57b436e111312eafc","tests/ui/pin_project/remove-attr-from-field.stderr":"60bc68dd47592cd7ff2795723912e3ab7961b60dc026cec56bef50237f50a013","tests/ui/pin_project/remove-attr-from-struct.rs":"567deece4945ebad3f3e667ce0290e040649bfa2987f71769006cb8e13b39e4d","tests/ui/pin_project/remove-attr-from-struct.stderr":"7978a8c657c3630665aa41157c4d85cd9c109133dc992447369fe9358438af6f","tests/ui/pin_project/safe_packed_borrows.rs":"313d671d4d6ad74afd4e3ef0eee62bc7c6d3fa9e28a26d09a9c2ba0ccb5eb902","tests/ui/pin_project/safe_packed_borrows.stderr":"f56c3357538b202de22e14366a3054407541496eb08a2df6bf11dadb93b5373a","tests/ui/pin_project/unaligned_references.rs":"a7e7949b01787e7584448f1f6b90a817473c02cb3c5bac2b725dbfa77de3d4b1","tests/ui/pin_project/unaligned_references.stderr":"e928dbc6ed3aa15d6be261b3c32ccec5585721c39285d0f55ddcc912fed92567","tests/ui/pin_project/unpin_sneaky.rs":"7920d4e05142a0277bd9daeb40457586ec3be27372d797087aa9b693607efacd","tests/ui/pin_project/unpin_sneaky.stderr":"9fc89c23b0e4dabf72b31af5632bdf3d894fb9120ce5968ee63c297f38a189e4","tests/ui/pin_project/visibility.rs":"6f5ba3342d500623d81cb719135b7f8c15f7927d7d31c71bb506c1bd97e646f4","tests/ui/pin_project/visibility.stderr":"b82958da6ea01e8a2815dd01fe5b5020de015b698414c5a8100bcef645e1821d","tests/ui/pinned_drop/call-drop-inner.rs":"4ae96a18e16a1fe81132a2f5ed9a4a3c4ccda686b5b523bb061d0691559c84a0","tests/ui/pinned_drop/call-drop-inner.stderr":"d5c0160d12e6c4bace65e1c3bf43fce4d77363a81ab4f711aca1a2f3b6b1ebc4","tests/ui/pinned_drop/conditional-drop-impl.rs":"c0d1633612f652d659d90fed585db7f95af6b3f09150a6d548ea247677c4537c","tests/ui/pinned_drop/conditional-drop-impl.stderr":"479b45a9c499f902fab55e6f12044714b80031b4bc979bf9b83daa5e8c62bbae","tests/ui/pinned_drop/forget-pinned-drop-impl.rs":"329ceecba3e51ead54aeb66d48553e988a00475c37d71c9c72c9a09094199131","tests/ui/pinned_drop/forget-pinned-drop-impl.stderr":"d45a218e8107ad11a59a75f30bbb2a018e153ecdead28880b09cf63f3d64f98f","tests/ui/pinned_drop/invalid-self.rs":"77f671353e055f3673a4a864d99dafe2930a4d62c90454ab550427c4c062355f","tests/ui/pinned_drop/invalid-self.stderr":"4d8453b318babdcbcaaecd5df79998622caf3eeb43db64d15e86c7f7eb23e279","tests/ui/pinned_drop/invalid.rs":"e1ca69decc33bb26c971718e6c9a6cafd89d6644f41086879b27c034161de3c4","tests/ui/pinned_drop/invalid.stderr":"4b686b1e4b273d794f0185e53ef549a25abd9e9242555e444d920a9ba6043eb6","tests/ui/pinned_drop/pinned-drop-no-attr-arg.rs":"6097441094e69ae18887171c8528900ae018707d3cfa03e2d3dc13fd06c58837","tests/ui/pinned_drop/pinned-drop-no-attr-arg.stderr":"f8d1dd1dc5f06d30e58b2b7c9a57b02c93a74693aee869c6f40342b98386c58c","tests/ui/pinned_drop/self.rs":"fcbea30041edafeb21aa18760aad87db38cda611ad936175fe164a164c771a92","tests/ui/pinned_drop/self.stderr":"6c48784713ecd9e4f42521f2ef2d2a8d863e401aea72065c94fc683858a3f09d","tests/ui/pinned_drop/unsafe-call.rs":"1b23d07e843c9324c85472482ab3301af7d99c425cd275f2abfbeb5838281403","tests/ui/pinned_drop/unsafe-call.stderr":"68fcaa4f52a3d5bda6e65f4e44247a2c9ef86bcd6db32dc160a676c9584111bd","tests/ui/project/ambiguous-let.rs":"17fdbc0edf5156653ee4fb7687aab49457bd4e6bd20d98e30506fdd292dfb672","tests/ui/project/ambiguous-let.stderr":"5bb90a71ebc92c2520c37a381a345fbbd98b4de6a30479e2689e2fbe2b6b5722","tests/ui/project/deprecated.rs":"afa0585ca3296572c10a2fdbb7ff8ae532311ed4384712886d6e9465281b546e","tests/ui/project/deprecated.stderr":"5bb75152a3412e8d3855c652e68d8c8c88f2ada5983cafca544e2101531fcb99","tests/ui/project/invalid.rs":"72f196c25eda76828ef9f1217e786c019a831e9ca71f7d9292dde77171d83ae4","tests/ui/project/invalid.stderr":"071388c07560ee868326c2be19c3798ab375f36fe9b04b7eed73834399d8cada","tests/ui/project/type-mismatch.rs":"bea9bded3e610d338248a197e6159b0ebecdebe4095601ddb3eef0a43bee327b","tests/ui/project/type-mismatch.stderr":"c7a87ef686378f8914bed64f03ea49eea0134c8a98f8192663610162047116ce","tests/ui/project/use-public.rs":"43fa6391c3b3018950d9d0a6dee29e9484e3d37a690f4c36c2d424b545ff949d","tests/ui/project/use-public.stderr":"89d23ce9ea68fb0ac7e53fd96d9ee0be7a10434c5542fbec8f93a351342cc3fa","tests/ui/project/use.rs":"bd87883ff31fa949dca57d05bcc27373accee8ee2c437ce78f1d3b74b8a33218","tests/ui/project/use.stderr":"6b12a8269919c4e57bd377ab7b2625965aad5f39c3eb369e6b7c89997c8862f4","tests/ui/unsafe_unpin/conflict-unpin.rs":"5752570223ddfa9aebdbb27d466e4440aef94b2795b144e0af4935acdbf5677d","tests/ui/unsafe_unpin/conflict-unpin.stderr":"9d3e25209f19fffcc8d03342481ae501dcf890fce61057bbc587010f66b13064","tests/ui/unsafe_unpin/not-implement-unsafe-unpin.rs":"cc63daa89bae170521449219e3b5b964decdcb4f5e7180d4df84ccc0031c0170","tests/ui/unsafe_unpin/not-implement-unsafe-unpin.stderr":"21baea965abd8e74838d04f2539328fcc757e53843286e7bfc0c67fbf1856019","tests/ui/unsafe_unpin/proper_unpin.rs":"86c99f092bd3118e36c17f637e4884e90c9a7406b0c092c092c6cd292d611749","tests/ui/unsafe_unpin/proper_unpin.stderr":"41906d656c9417a1518abf665a780d852723636afa6181fe6b4a66c12e8fc274","tests/ui/unstable-features/README.md":"4d828aa223e725f5177513eb72fd0c9670f467aecdfbdd3d9758e35ab17f7daf","tests/ui/unstable-features/marker_trait_attr-feature-gate.rs":"e403718e5f23f6ffb6afbaee87c291b80392fcc4462ac874250dcc089e9147fd","tests/ui/unstable-features/marker_trait_attr-feature-gate.stderr":"08ea254ef04f139fc6c174048108993eb37870a40949a00dca39137ae975f17a","tests/ui/unstable-features/marker_trait_attr.rs":"f4a5aabb76983ac286f26fbf29127ead115700adcf4373b7e74f78e6162ff28c","tests/ui/unstable-features/marker_trait_attr.stderr":"0d356dfdd5c718fdde804369eafec77600b732356eb6f9fd9d08151e5875a4de","tests/ui/unstable-features/overlapping_marker_traits-feature-gate.rs":"59f36a4b4e91fd97367679fd5decac8d603fc91a970df22e3f4628a5a02151da","tests/ui/unstable-features/overlapping_marker_traits-feature-gate.stderr":"6358b4e4ab3396f5700a028a8d220b369974b67d0ee65b32f32d52e147d50fb4","tests/ui/unstable-features/overlapping_marker_traits.rs":"30b3192c9bee17542edc9e1ba50010e2ba62e5a3bfc7b58adf7d10876e4159e1","tests/ui/unstable-features/overlapping_marker_traits.stderr":"2667541926916046cc25d275b4aa5877172ea847d130e14c10eef57d1b14164c","tests/ui/unstable-features/run-pass/stmt_expr_attributes.rs":"86f941e6f8924c5fc5c7fc821f9335601139d4d3e8b6c923fbab5673f8749eb7","tests/ui/unstable-features/stmt_expr_attributes-feature-gate.rs":"01b9a6f8eae9686c1803008c97e341fd1e7e4922e3cf88861a0df7ca53296efb","tests/ui/unstable-features/stmt_expr_attributes-feature-gate.stderr":"39090f4bd0c8b82babbf296261924d180ccb72b7cf32edac1197b5d63883280c","tests/ui/unstable-features/trivial_bounds-feature-gate.rs":"3b73733424449390a4083dfe222c728fcf964316efe6aa9794db384ffdf35686","tests/ui/unstable-features/trivial_bounds-feature-gate.stderr":"d9897f2aeca61dbbd07e3c5122237e7b34a891fb71b9bacf1462fe2f6c7e8298","tests/ui/unstable-features/trivial_bounds.rs":"b12e91f4f24b841bb83b4831849795999a2095b25ab62c8966948ed03da3d327","tests/ui/unstable-features/trivial_bounds.stderr":"96d4f84e3a14064a495a57e32fe31b1c3fc819253a95c83b2a2e5ae48bd4fdc3","tests/unsafe_unpin.rs":"c6287ef01d4ba0338d2bdf6f9a30673435665a939dce2a74cb6a71820826b789"},"package":"9615c18d31137579e9ff063499264ddc1278e7b1982757ebc111028c4d1dc909"}=========testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.worker.js========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.translate(100, 0); var g = ctx.createRadialGradient(0, 0, 0, 0, 0, 11.2);@@ -26,9 +26,9 @@ ctx.translate(-50, 25); ctx.scale(10, 10); ctx.fillRect(-5, -2.5, 10, 5);-_assertPixel(offscreenCanvas, 25,25, 0,255,0,255, "25,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,25, 0,255,0,255, "75,25", "0,255,0,255");+_assertPixel(canvas, 25,25, 0,255,0,255, "25,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 75,25, 0,255,0,255, "75,25", "0,255,0,255"); t.done(); });
I'll analyze the provided code diffs for security fixes.
For the first diff (rust/pin-project/.cargo-checksum.json):
1. This appears to be a checksum file update for a Rust dependency. The changes show updated hashes for various files, but there's no actual code change that would indicate a security vulnerability fix. The package version changed from "918192b5c59119d51e0cd221f4d49dde9112824ba717369e903c97d076083d0f" to "9615c18d31137579e9ff063499264ddc1278e7b1982757ebc111028c4d1dc909".
Vulnerability Existed: no
No specific vulnerability - checksum updates only [third_party/rust/pin-project/.cargo-checksum.json] [Entire file]
[Old checksums]
[New checksums]
For the second diff (testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.worker.js):
1. The changes are variable name changes from `offscreenCanvas` to `canvas` in a test file. This appears to be a test refactoring with no security implications.
Vulnerability Existed: no
No vulnerability - test refactoring only [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.gradient.radial.transform.2.worker.js] [13-14, 26-28]
[var offscreenCanvas = new OffscreenCanvas(100, 50); var ctx = offscreenCanvas.getContext('2d');]
[var canvas = new OffscreenCanvas(100, 50); var ctx = canvas.getContext('2d');]
No security vulnerabilities were identified in either of these diffs. The changes appear to be routine updates and test improvements rather than security fixes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-pseudo/cascade-highlight-002.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-pseudo/cascade-highlight-002.html@@ -13,7 +13,6 @@ https://www.w3.org/TR/css-pseudo-4/#example-97480f68 -->- <meta content="" name="flags"> <meta name="assert" content="This test is an adaptation (or modified version) of Example 12 (#example-97480f68). In this test, <span> element's ::selection matches the ::selection { background-color: green; } rule and not the div#test::selection rule because '*' is implied when a tag selector is missing."> <link rel="stylesheet" href="support/highlights.css">
Analysis of the provided code diff: 1. Vulnerability Existed: no No specific vulnerability identified [File: testing/web-platform/tests/css/css-pseudo/cascade-highlight-002.html] [Lines: 13] Old Code: `<meta content="" name="flags">` Fixed Code: (line removed) Additional Details: - The diff shows removal of an empty `<meta>` tag with `name="flags"`. This appears to be a cleanup or test configuration change rather than a security fix. - No known vulnerability is associated with this change. - The change might be related to test suite maintenance rather than security concerns. Note: If this were a security-related change, we would expect to see modifications to actual functionality or sensitive data handling, but this appears to be a benign metadata removal.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-158.xml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/selectors/old-tests/css3-modsel-158.xml@@ -9,7 +9,6 @@ <link rel="author" title="Ian Hickson" href="mailto:[email protected]"/> <link rel="help" href="https://www.w3.org/TR/css3-selectors/#selectors"/> <!-- bogus link to make sure it gets found --> <link rel="match" href="reference/this-line-lime-background.xht"/>- <meta name="flags" content="" /> </head> <body> <p class="test">This line should have a green background.</p>
Based on the provided diff, here's the analysis following the required format: Vulnerability Existed: no [No specific vulnerability found] [testing/web-platform/tests/css/selectors/old-tests/css3-modsel-158.xml] [Lines 9] [Old Code] <meta name="flags" content="" /> [Fixed Code] [line removed] Additional Details: - This appears to be a test file modification where an empty meta tag was removed - The change doesn't indicate any security vulnerability being fixed - The modification seems to be cleanup/refactoring rather than a security fix - No known vulnerability patterns (XSS, injection, etc.) are present in this change The diff shows removal of a seemingly unnecessary meta tag with empty flags attribute, which doesn't appear to be security-related. This is likely just test file maintenance.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/toolkit/components/backgroundtasks/tests/browser/browser_xpcom_graph_wait.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/toolkit/components/backgroundtasks/tests/browser/browser_xpcom_graph_wait.js@@ -83,7 +83,6 @@ "@mozilla.org/storage/service;1", "@mozilla.org/thirdpartyutil;1", "@mozilla.org/toolkit/app-startup;1",- "@mozilla.org/uuid-generator;1", { name: "@mozilla.org/widget/appshell/mac;1", condition: MAC,
Based on the provided diff, here's the analysis:
Vulnerability Existed: not sure
[Potential Unnecessary Service Exposure] [toolkit/components/backgroundtasks/tests/browser/browser_xpcom_graph_wait.js] [Lines 83-87]
[Old Code]
"@mozilla.org/storage/service;1",
"@mozilla.org/thirdpartyutil;1",
"@mozilla.org/toolkit/app-startup;1",
"@mozilla.org/uuid-generator;1",
{
[Fixed Code]
"@mozilla.org/storage/service;1",
"@mozilla.org/thirdpartyutil;1",
"@mozilla.org/toolkit/app-startup;1",
{
Additional Details:
The diff shows removal of the "@mozilla.org/uuid-generator;1" service from the test file. While this could indicate a security improvement (removing unnecessary service exposure), without more context about why this service was removed, we can't be certain if it was actually fixing a vulnerability or just cleaning up unused test dependencies. The removal might be related to security hardening by reducing exposed interfaces, but we can't confirm this from the given information.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.default.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.default.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); _assertSame(ctx.fillStyle, '#000000', "ctx.fillStyle", "'#000000'"); t.done();
Based on the provided diff, I don't see any security-related fixes. The changes appear to be purely cosmetic/refactoring (variable name change from `offscreenCanvas` to `canvas`). Here's the analysis following your requested format:
Vulnerability Existed: no
[No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.default.html] [17-18]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
The change is simply a variable renaming with no security implications. No known vulnerabilities are addressed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.norepeat.outside.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.paint.norepeat.outside.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillRect(0, 0, 100, 50);@@ -37,10 +37,10 @@ ctx.fillRect(-100, 0, 100, 50); ctx.fillRect(0, 50, 100, 50); ctx.fillRect(100, 0, 100, 50);- _assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");- _assertPixel(offscreenCanvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");- _assertPixel(offscreenCanvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");- _assertPixel(offscreenCanvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255");+ _assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");+ _assertPixel(canvas, 98,1, 0,255,0,255, "98,1", "0,255,0,255");+ _assertPixel(canvas, 1,48, 0,255,0,255, "1,48", "0,255,0,255");+ _assertPixel(canvas, 98,48, 0,255,0,255, "98,48", "0,255,0,255"); }, t_fail); }).then(t_pass, t_fail);
Based on the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely variable renaming (from `offscreenCanvas` to `canvas`) and corresponding updates to the assertions. Here's the analysis:
1. Vulnerability Existed: no
No security vulnerability found [File] [Lines 13-14, 37-40]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 1,1, 0,255,0,255, "1,1", "0,255,0,255");
The changes are purely cosmetic/refactoring in nature and don't appear to address any security issues. The functionality remains exactly the same, just with a different variable name.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.drawing.style.wordSpacing.measure.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/text/2d.text.drawing.style.wordSpacing.measure.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); _assertSame(ctx.letterSpacing, '0px', "ctx.letterSpacing", "'0px'"); _assertSame(ctx.wordSpacing, '0px', "ctx.wordSpacing", "'0px'");
Based on the provided code diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/text/2d.text.drawing.style.wordSpacing.measure.worker.js [Lines] 13-14
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
The changes appear to be purely cosmetic/refactoring, renaming the variable from 'offscreenCanvas' to 'canvas'. There's no indication of any security vulnerability being fixed in this change. The functionality remains exactly the same, only the variable name has been modified for consistency or clarity.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/localstorage/LSDatabase.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/localstorage/LSDatabase.cpp@@ -338,8 +338,7 @@ bool ok = mActor->SendPBackgroundLSSnapshotConstructor( actor, aObject->DocumentURI(), nsString(aKey), /* increasePeakUsage */ true,- /* requestedSize */ 131072,- /* minSize */ 4096, &initInfo);+ /* minSize */ 0, &initInfo); if (NS_WARN_IF(!ok)) { return NS_ERROR_FAILURE; }
Here's the analysis of the provided code diff:
Vulnerability Existed: not sure
[Potential Integer Overflow or Memory Allocation Issue] [dom/localstorage/LSDatabase.cpp] [Lines 338-342]
[Old Code]
/* increasePeakUsage */ true,
/* requestedSize */ 131072,
/* minSize */ 4096, &initInfo);
[Fixed Code]
/* increasePeakUsage */ true,
/* minSize */ 0, &initInfo);
Additional Details:
1. The diff shows a change in memory allocation parameters for LocalStorage.
2. The old code specified both a requestedSize (131072 bytes) and minSize (4096 bytes), while the new code removes requestedSize and sets minSize to 0.
3. This could potentially relate to memory allocation security, but without more context about the purpose of these parameters, it's difficult to determine if this was fixing a specific vulnerability.
4. Possible security implications could include:
- Preventing potential integer overflow in memory allocation
- Removing hardcoded values that might have been problematic
- Making memory allocation more flexible/safer
5. Without seeing the vulnerability report or more context, we can't be certain if this was fixing a known vulnerability or just improving the code.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/taskcluster/gecko_taskgraph/test/test_decision.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/taskcluster/gecko_taskgraph/test/test_decision.py@@ -9,14 +9,21 @@ import unittest import tempfile+import pytest from mozunit import main, MockedOpen from taskgraph.util.yaml import load_yaml from unittest.mock import patch from gecko_taskgraph import decision+from gecko_taskgraph.parameters import register_parameters FAKE_GRAPH_CONFIG = {"product-dir": "browser", "taskgraph": {}}++[email protected](scope="module", autouse=True)+def register():+ register_parameters() class TestDecision(unittest.TestCase):@@ -56,11 +63,13 @@ "head_repository": "https://hg.mozilla.org/mozilla-central", "head_rev": "abcd", "head_ref": "ef01",+ "head_tag": "", "message": "", "project": "mozilla-central", "pushlog_id": "143", "pushdate": 1503691511, "owner": "[email protected]",+ "repository_type": "hg", "tasks_for": "hg-push", "level": "3", }
Let me analyze the code diff for security fixes: Vulnerability Existed: no [No specific vulnerability found] [taskcluster/gecko_taskgraph/test/test_decision.py] [Lines 9-21] [Old Code: Missing parameter registration fixture] [Fixed Code: Added pytest fixture for parameter registration] Vulnerability Existed: no [No specific vulnerability found] [taskcluster/gecko_taskgraph/test/test_decision.py] [Lines 56-63] [Old Code: Missing head_tag and repository_type parameters] [Fixed Code: Added head_tag (empty string) and repository_type parameters] The changes appear to be test improvements rather than security fixes: 1. Added a pytest fixture to properly register parameters before tests run 2. Added missing parameters to test data structure to better match real-world usage No security vulnerabilities were identified in this diff. The changes are focused on test completeness and reliability rather than addressing security issues.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/accessible/base/TextLeafRange.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/accessible/base/TextLeafRange.cpp@@ -570,6 +570,13 @@ nsAutoString text; mAcc->AppendTextTo(text); TextLeafPoint lineStart = *this;+ if (!aIncludeOrigin || (lineStart.mOffset == 1 && text.Length() == 1 &&+ text.CharAt(0) == '\n')) {+ // We're not interested in a line that starts here, either because+ // aIncludeOrigin is false or because we're at the end of a line break+ // node.+ --lineStart.mOffset;+ } // A word never starts with a line feed character. If there are multiple // consecutive line feed characters and we're after the first of them, the // previous line start will be a line feed character. Skip this and any prior@@ -581,7 +588,8 @@ // There's no line start for our purposes. lineStart = TextLeafPoint(); } else {- lineStart = lineStart.FindLineStartSameAcc(eDirPrevious, aIncludeOrigin);+ lineStart =+ lineStart.FindLineStartSameAcc(eDirPrevious, /* aIncludeOrigin */ true); } // Keep walking backward until we find an acceptable word start. intl::WordRange word;
Here's the analysis of the provided code diff:
1. Vulnerability Existed: not sure
Potential Logic Error/Edge Case Handling [File] [Lines 570-588]
[Old Code]
TextLeafPoint lineStart = *this;
// A word never starts with a line feed character...
if (lineStart.mOffset == 0) {
lineStart = TextLeafPoint();
} else {
lineStart = lineStart.FindLineStartSameAcc(eDirPrevious, aIncludeOrigin);
}
[Fixed Code]
TextLeafPoint lineStart = *this;
if (!aIncludeOrigin || (lineStart.mOffset == 1 && text.Length() == 1 &&
text.CharAt(0) == '\n')) {
--lineStart.mOffset;
}
// A word never starts with a line feed character...
if (lineStart.mOffset == 0) {
lineStart = TextLeafPoint();
} else {
lineStart =
lineStart.FindLineStartSameAcc(eDirPrevious, /* aIncludeOrigin */ true);
}
Additional Details:
- The change adds special handling for line break nodes and modifies the behavior when aIncludeOrigin is false
- The hardcoded 'true' value for aIncludeOrigin in FindLineStartSameAcc call suggests this parameter might have been problematic
- While this appears to be fixing edge case behavior, it's not clear if this was an actual security vulnerability or just a logic improvement
- No specific CWE or vulnerability name clearly applies to this change
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.