Shared security patch analysis results
AI Used: DEEPSEEK deepseek-chat--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/futures-util/.cargo-checksum.json+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/futures-util/.cargo-checksum.json@@ -1 +1 @@-{"files":{"Cargo.toml":"bb0d7cc202dc6cc216b6c10597f52b3ea1ef3df311b6435da12533b64d2164ab","LICENSE-APACHE":"275c491d6d1160553c32fd6127061d7f9606c3ea25abfad6ca3f6ed088785427","LICENSE-MIT":"6652c868f35dfe5e8ef636810a4e576b9d663f3a17fb0f5613ad73583e1b88fd","README.md":"727f58ddc0ad88244d784b56a090410b39805e256e3415d4ae20cf2ba471d260","benches/futures_unordered.rs":"5eb8280be8d8fb7bd5fb103ce20db10f618f47e180a402105e0d5e9f8c9fe35a","benches_disabled/bilock.rs":"ab8b47fba5cfa5366477ef1034a042efde9b0aff6b77110d1f3a2715ab7508e8","build.rs":"f6e21c09f18cc405bd7048cb7a2958f92d5414b9ca6b301d137e120a84fa020a","no_atomic_cas.rs":"ff8be002b49a5cd9e4ca0db17b1c9e6b98e55f556319eb6b953dd6ff52c397a6","src/abortable.rs":"d88dd2501ed379b3540bd971d367b4629755d6d9f264e7b54ae59eea0ff83623","src/async_await/join_mod.rs":"8f83c0001df867f5eb47a4174bf4a0c0b548f8ff3be3b532e0c759ad981b87da","src/async_await/mod.rs":"3d25c343cc3e789d3f982cdacd6f8ed91511ba656c3923da310700f318f423a4","src/async_await/pending.rs":"7971ec1d5d89ad80390e2a0c51e396257b2e78f1436cce79ea2b55ac2f13b328","src/async_await/poll.rs":"440c19a89fd42b12da09ff48a69523b5a8a5baea0bcd2f860589a0ab996ed781","src/async_await/random.rs":"daf229cd01595d38ef0f6284865fe2f60ed3b8134f7a15c82564b97ff3a5be98","src/async_await/select_mod.rs":"414c7fb7923cfe21116d558bf3cd1a6ae5bef4ed01f9877f0e7cb3e42ee6c79d","src/async_await/stream_select_mod.rs":"9a51338914cbb1502619fed591dfe4fc676919499b9d041898e59f630fe5e7f0","src/compat/compat01as03.rs":"2af3b3d01aef53dba521f34f6be1cdde34923851c283eeb6fcbac001ef98aee8","src/compat/compat03as01.rs":"ccec9ddf4e9a34693f0729f4ba05f33a5fc87c57469458686f6f85fa5b7e6ca8","src/compat/executor.rs":"a0edd7baa2192daa14a5a26bf53bd229defaeac538d2ec771c60992c6dfeb393","src/compat/mod.rs":"6cf3412f6a3f9ee8406118ea75de65468a83febc6ba61bdbad69261f0cfea02e","src/fns.rs":"f8e396128791169098a38a82c3c28aaa6dd5d40718635f7cc30b59b32f7110b8","src/future/abortable.rs":"373ce61c0c7c31718ff572113503bb88f55e3b49ed5d028a3dfafd69070f44c1","src/future/either.rs":"572b24dec74db18a390f13ed044b7fc000632728315c87ea1430a454551f7546","src/future/future/catch_unwind.rs":"08b0ac049cdee28325d378209aa5bb4d91b14a29ddd9c2b0e5c661b61f9cfcfe","src/future/future/flatten.rs":"5bf9846cef8dec5dcc38b992653e11146bc149a0d3efc09b1f8268bd29de0b2b","src/future/future/fuse.rs":"6531a95dc1917b2a5724b35e364faa741143811afc654a45c360111e9807864c","src/future/future/map.rs":"de607c2a4d80d2bddb590781c37328ddd294bb9d5064a9ecb99455244239b597","src/future/future/mod.rs":"ecfac09dcba801cede7c58acfaa76a9ab76d26a3f4c968d66c2a49caa57faefe","src/future/future/remote_handle.rs":"2ae17a409569b32c78e20026a8ecdf667352c2597a4a0a8deefa4761fafcb223","src/future/future/shared.rs":"ebf46b4bf428676bf553015e384f7f41da03558481aaa38deb1e8a896d212dae","src/future/join.rs":"38b55fc7cdbbdaaa525e51f8ce09783dbbcb65eabfd7de9f46610593e0bbef17","src/future/join_all.rs":"294a8e76862f447dea8759f78f7224d885a826c80193ceef2389345221e6e3c0","src/future/lazy.rs":"d161fc4108a97348c1becbbd5ba8fccb7225dcf1d81c097666f5c8b40718251d","src/future/maybe_done.rs":"559e41cb170f9fe7246d2a5b112527a9f9cbca63b8a5a872b3aa9c861f70f307","src/future/mod.rs":"51e018100362f20b071225268f1d81f25c8e9664e94730af199069c2692bf26a","src/future/option.rs":"73daca814800b91b707753dcfe074265372b0077fae2504ea6efddc713453579","src/future/pending.rs":"86598a5d5ade7c0416566deb280150bac34bd4703c997d2c7af572342d8d6d02","src/future/poll_fn.rs":"8e54bf57d60e01d496ae31df35e0b96868f4bda504c024a14f51ab723d67885f","src/future/poll_immediate.rs":"7e199fc102894c9095de17af602a7c8f05d427269aefce5d71cd5136d54659c0","src/future/ready.rs":"c9860ccd8ac529f44f66dee73ca9b9d7f1b1b3e5e9e4dc70c59640c752553d58","src/future/select.rs":"a582b1ed9c1e6cd8dcaa80b5f45e2176ed4a1740fe303f7143e29cab8e0dbc22","src/future/select_all.rs":"179b8168370e2c7105e348fdfbeb965eb746336d9660aa7fbc9185d681ae8c2d","src/future/select_ok.rs":"fed28e1fd368cdd465d297a84ea9436a00757eff4b34e592d94d7747b3bf4996","src/future/try_future/into_future.rs":"d966bde7b06a88443f0efd877e95f91541778c4e713f3f4b66e00ca5d3f352b6","src/future/try_future/mod.rs":"4733167d93e8f728e87f79b7d4dfe66de6afb306735ca76f9f843270286b3f6b","src/future/try_future/try_flatten.rs":"16c02e1780bd312b8b386e41c1d9dd4bcc4e8ef10f26007364f857b3adcc6e99","src/future/try_future/try_flatten_err.rs":"130f3fc3fd95a19f4e4a50e69301106fab02f77d0faf3aac9c473a92b826c2ca","src/future/try_join.rs":"1836931f8ba32da41c6810e6acc0ea2fee75b74b3153e760c4542cb12b220540","src/future/try_join_all.rs":"d4f262e80bb5347597c75b25de3c7784ffb4bd766227d6dc70cdeb77a38f4a5d","src/future/try_maybe_done.rs":"1cce46b2ee43ad51b7c5f9c02bc90a890af32bc549ce99098a2c8813508051e1","src/future/try_select.rs":"2e1b7e0b0cb7343f766fade87269093558db206f7fbe7dddfa3143885e17bac4","src/io/allow_std.rs":"88a25cfcd436a7c113d781d81b8d7b4c241fb350d2524df66d9c5ae0277b30b4","src/io/buf_reader.rs":"e33a5569dfe4dae7895ae3c22c90c01172140435fc7e1f17920b9221a033f5e2","src/io/buf_writer.rs":"d6666b8dde60eefbb7fa69da4a2eea2b34ea0e4a85e21e5ac6e83cc680ea9140","src/io/chain.rs":"c2c1b56201f7f75f5e6f980fb1cf1733e124e891ae844b411f2f19cc90d99531","src/io/close.rs":"9832210a870637198fa58642cdf2779afab71f2e31a9953e663fa6854bd73ac7","src/io/copy.rs":"cb2466dcd7ea8bb1f07d00c03e66ed55abf71fe4be6937adc9f533ef9d99fb2d","src/io/copy_buf.rs":"e9a5f6aac8375e298bddb332f23d8b626d056ce452b58f772a05df7e2cd326cf","src/io/cursor.rs":"612bdb8b4055d26816fb0e4c3e9859b06b3d08c99e4a27ed4946c95e219a29ab","src/io/empty.rs":"5c16ca08f04f08f06ee8e3a8c08a41497522ff30d25bb7b5d6fd538fe029c476","src/io/fill_buf.rs":"4f217fed8eb3f66dbde2371c3fbcfa9420d38ba20da544a0658584e5778aa47d","src/io/flush.rs":"0c9b588dfd9da039dc123ba9448ac31ca21ee3da0a164a21f6c2c182183d43e2","src/io/into_sink.rs":"ab5bdb12bff62672175b69b8c9f5a4bbbea716b9cf89169ed6a723ab43da9df8","src/io/line_writer.rs":"16c151c68d89b7c2ab929c4a782539b1ad512b723eed9b544f50f1ff06f0b661","src/io/lines.rs":"ccfa24e212a610aad0c81042cfa64ada820c4305ba0e911a2c16221d7867468e","src/io/mod.rs":"440eb544a97239b69de1d887a997f643cc95cae4161a3198c8aa52f388ce6cb2","src/io/read.rs":"4ea675a83cec98a22c9c4731ff980209f0cf67f63c71871cd1deed53c1266345","src/io/read_exact.rs":"d27d5ec082ccb1b051d1292e029e398926a164c82e1f0c983ca9928410aa2abe","src/io/read_line.rs":"a3c62ca2034089a22ea9567e0b3cab0dfe09309782fcf151d92311a77223e37c","src/io/read_to_end.rs":"5e9e38dc087623dac5a3ae3ad329ed44ffe4f6205a78e546adadc3ffb76703fc","src/io/read_to_string.rs":"2c073d05f0361acda1f0172b24fd4c5da61840ac925a5bdfae9111c697759d1b","src/io/read_until.rs":"354507ce95242a735940f0aaa6ef11cc7d6d0505ae148f05277ce6e7537f168a","src/io/read_vectored.rs":"bd7f442c92f2cb320075d0983b0d08d51c23078898d72e6c2857cf6c7ad4cec7","src/io/repeat.rs":"f5e41529699076687c37d52ae673ea2b38a2e306624526a2a9d4fe9794341bf0","src/io/seek.rs":"9863e9fb6495eb6e1f8c45c283c8a6993b9bdb1462f75a3e525e135c6840dec7","src/io/sink.rs":"30a503631d196e5da92c386d0afc1af9656a5f7682456cfa2489a2c30a05cac5","src/io/split.rs":"2aa567452b713497d5b85813980b69e888aee32be14492c92404d261fd50eb09","src/io/take.rs":"1fb2eee12ea10fad0018b69a1f9eecc7d9ee53a3e4bb3cce0762a66655b275e1","src/io/window.rs":"295d7dc18ad101642003cd67687242e4bdba11552cfb7f18c521cbff369e6f71","src/io/write.rs":"60670eb00f999f2e2c43b099759a7fb030325b323744d88c9d20f75926ec30df","src/io/write_all.rs":"c88930fd23c88cc01fef2c6118d53d33996c011c4abf28778a27646fe1f7896a","src/io/write_all_vectored.rs":"53becf89c031bf4c3073f0903ce809eee7606b1b4fbeb518605875badba216d3","src/io/write_vectored.rs":"bc98ff4a709cb75cd9ffedefa8ef251089a49906b98e142d76447ddf4ac098bb","src/lib.rs":"1f46c0cc635989355b05e7062c9cfbd9c38c9e97e5e2f0dec7d8fd7ccdddb074","src/lock/bilock.rs":"f1b955cb2e10c906933e63bbfb8e953af634428ce15faf3696b07d11da0cc279","src/lock/mod.rs":"e964dd0d999ccf9d9d167d7ecbfeb7a66d180a80eeb6fd41ec3fa698c1067674","src/lock/mutex.rs":"782375724e4abbdaf3221eb422911c37fe13e794e6f30ea819acece7303c3368","src/never.rs":"2066481ab04921269cfa768cb8b778a035ab6aa49ec404d9ac0aeb07a4bf6094","src/sink/buffer.rs":"33a7380f8232225a8e9ac5ee138fd095979efa3a64f9fecf5fcaf2e78fcbc355","src/sink/close.rs":"f2f31c884f048163abebd4f5a877b7b4306f7d02beae428325636fd00ed42ca9","src/sink/drain.rs":"392d9487003fcd55a3373c3e2558f6549b9633b82fc08b5a665a573b137ae9f7","src/sink/err_into.rs":"ced2998b2b0b792d80f7543523c9e07e8f5d20a4336cae93084b995e46671b15","src/sink/fanout.rs":"66dcde056e0bbee4e0074d331838ed2743dc872ea1597f05d61970523dc34926","src/sink/feed.rs":"64b9d296d37aedde37e1421c459ebcd9a7e8814db905996996167850124f3b3f","src/sink/flush.rs":"fbba344f428ca7636541ba013f7db2ece480b404a9e0b421c5537552d61e2492","src/sink/map_err.rs":"0f68f444ef13fe7115164be855c3b7b1d269e1119e69fcdad1706988255641f1","src/sink/mod.rs":"37cf379170f3099992eb59f3181be4c4e4a5c2d3581dbe424d22ab360840d321","src/sink/send.rs":"56aaba9aa4a562e0af39473a5779206d91b0acb1fced4fc06cd8b959d1897524","src/sink/send_all.rs":"a8e4956604fe73e321b0a3896c2018bc5c27149f2862f8406112db140b3aa2dd","src/sink/unfold.rs":"428080b76213b504fcc981d2f05840f1a93c8db305301af1cf5852b6c47c4be5","src/sink/with.rs":"850cd3b96304df1f38360a0bc60b02d485535e399ef7642acdd9add7876867d8","src/sink/with_flat_map.rs":"5e0f527b33ee8f1cc6a6a46d45b6d74dad5c735d88b2cb24e1cb34fdc6ef501b","src/stream/abortable.rs":"935d79aa44d793f4abe87ca27a9e4a20891500488cf942693cd2756d65b3aab2","src/stream/empty.rs":"5000c856186408a17f68bbef432d4a1a3edb7fb5a07ed8699342fef04b10a181","src/stream/futures_ordered.rs":"46217ed3802d052724a4a3166370f74e6d5fcd248d6f983caea10bc3335a1f0e","src/stream/futures_unordered/abort.rs":"bdfece9f91accafd5122be36d628c37c5b219ac0eecec181267840fbb1e95a45","src/stream/futures_unordered/iter.rs":"e8862300ddb0504090c059b3dba2425af6335874cb6ef393fef26e87788b6d3e","src/stream/futures_unordered/mod.rs":"7defe3dd592ebe98ab488781c142421627ada88b55b9ad9d64e81a19880bbd06","src/stream/futures_unordered/ready_to_run_queue.rs":"24043dca7e4625bdae3b636f71cfedcc4661eaf0362030abd618be2327b0c8a3","src/stream/futures_unordered/task.rs":"ab2de99b2a42c1da70d56e4be43c0ef72e8d5a4504adc0f870f8d28afd332a37","src/stream/iter.rs":"609fa821a460e901a54ae51f8da58220881157cef02b8b7b8c9e4321c2d05a23","src/stream/mod.rs":"33873b13535443cce2d49fdb3f0b359286bfc74f3553419fe7174cf7c1840da0","src/stream/once.rs":"d7b70adabad1f10af711ac3dcef33fd4c287e9852fdb678406e7ff350ba8fd47","src/stream/pending.rs":"84aaa15c8bbb17a250da5b1b5f0c7f6717410915d63340a3fcbf098bebe19d6f","src/stream/poll_fn.rs":"35952ea514b8aade14a3934d7777006475f50bbf0c5b50141710e31637f980be","src/stream/poll_immediate.rs":"e7a53ff8275ebe89dab8f9b984cce2ee0fde0a828e540b77c5500ca017d5bb98","src/stream/repeat.rs":"e4e4a9b6f2fca72bcbf098c3ac0c4a41323a840741d4dce9d9416464b7e8bd0d","src/stream/repeat_with.rs":"525780d24f3f99152b879765ca6eab99bcc0c757dc6654b6635c099b93ea654d","src/stream/select.rs":"28eb422c0eca9fd02778a6003004471b3489db09746a70e617a506303ea8b81d","src/stream/select_all.rs":"4358fa26cfe8c1b56f19d077b841bbdfe22f7adc043034fd6313b004e94e310d","src/stream/select_with_strategy.rs":"7fe249fd92fc66ad2bfa5a2dec7148b2a0102b3a8d915b2103bfbcd1b8870447","src/stream/stream/all.rs":"43cfb69de0ea991497d26d0aeb02091f10eb241ef93758b54c5e7aced5b63b63","src/stream/stream/any.rs":"2582da02f9a1ce2bd0af87a64b65188fc93686c5e3dd9128e89e5f57c1d70e43","src/stream/stream/buffer_unordered.rs":"66c3f4bd2fabfbdf6a4033dfaed44dd0262b68e6533509029c984ae037e35392","src/stream/stream/buffered.rs":"eabd0c0e50eaaaf0a92a7b39fdb5b77e068bbfbbfd5e216a09c3a6e0c1fc102d","src/stream/stream/catch_unwind.rs":"b2e801ff744d5d9e17177ec1156b0ab67bdd56b94c618ed8590344ec8a0f35e7","src/stream/stream/chain.rs":"ba1a206b3ce0160186021f5c1e4c95a770d26b843e3640e52609a2facaf756ac","src/stream/stream/chunks.rs":"d3aaddc05779ef70e2f0e59570cf6d5a1d231ae4885c8b8b2e4813fc02832562","src/stream/stream/collect.rs":"977ed1970b46029517ecc45f4af924b8e585d3770f01b2a0d2df0e01519ca50f","src/stream/stream/concat.rs":"171ea941b45c0295ed978c3f318a449ea295e33cb4ea82c764f4e9e7c48ad5de","src/stream/stream/cycle.rs":"ed7e3d15e7b1adec5ad5789b0d3186b5995a3353cc974fb7f41a72f6d8ad4cbb","src/stream/stream/enumerate.rs":"fc7565d21d39565790859eeac9ae8dd74123a9d15b88258d3abe894f1876cc39","src/stream/stream/filter.rs":"3dd080914e6770f8790455fc9cbedf30c5f44a589ef99b19112344c75f9e9042","src/stream/stream/filter_map.rs":"3a8a3e06dfac48dd3f7b6b1a552a51a3e31ea943e012dd35729d461a1fcfad80","src/stream/stream/flatten.rs":"69493fc106a1447abe109fd54375bb30363f7bc419463a8f835e4c80d97f2186","src/stream/stream/fold.rs":"75d61d4321db1bcbbdd1a0102d9ad60206275777167c008fc8953e50cd978a09","src/stream/stream/for_each.rs":"07bca889821bad18ff083e54abe679fbeb8cd19c086581c2f2722cba6b42263f","src/stream/stream/for_each_concurrent.rs":"4e1e7eb3d4ccfae0e8000651b75834e2960a7f9c62ab92dba35a0bdbbf5bbb21","src/stream/stream/forward.rs":"cd024ba1a3d5098d3ff2d5178a12e068916cc4307284b00c18dbc54b554a5560","src/stream/stream/fuse.rs":"061c5385f12f80c7906cb15ddb8f455ced6ce21d1de9a97de9db2616407c0cac","src/stream/stream/into_future.rs":"b46ad45cc03ddd778a9ffaa0d603c8ee0b411f49333100160959942cde9588bd","src/stream/stream/map.rs":"b91bdd5b33821a50c9b5034261a14f89ff1a9d541ab99b9d9a6921b12a5d434e","src/stream/stream/mod.rs":"89dd9afaed097e236e567623c42e729cc20a2cf2d92e42359ea3e2c2d18e2ac8","src/stream/stream/next.rs":"7b4d5a22b5e00aa191ea82346bb1f392121cc68692864a8230e462d59e622928","src/stream/stream/peek.rs":"1ef5f11b1f0cc11d01690bebe282d8953ff8e860597f4ce21208fc274be5e98e","src/stream/stream/ready_chunks.rs":"4e6deb3a6d453fd4e982bdba416188311a72daca1b218d4e9ef20819fc09b5b2","src/stream/stream/scan.rs":"54489c8efef60dbf3c35ee803afee5c5ea7c364fb9b68939a04956e46febb856","src/stream/stream/select_next_some.rs":"0094eccc96cfe78d9b6d0a9bdb82cada8fb7929770a3ac00ffcb5441d7dc4f51","src/stream/stream/skip.rs":"61f7ec7fe25663d2c87cffaad19ed27eda032842edb8af731b521025b244f120","src/stream/stream/skip_while.rs":"75ee580e0111200758d0c0fe154276007ff233db6b63a8223f0baeac1db18874","src/stream/stream/split.rs":"fa4adea18708dad384eb347260cfb965d30c40a677e15f9267f97aa382c6306c","src/stream/stream/take.rs":"505f83d341dc84eeab46f5e66adfa21a36207cb66f2394dd6a256576db665827","src/stream/stream/take_until.rs":"0f1fa7d158192a5dee32392dfdd062c15dab6d246b0ca267e91aae490d7d7fdb","src/stream/stream/take_while.rs":"51007dbde8434fd22c5ef2481a99463f11b3785e4bdeb73fa583a17f29f5c228","src/stream/stream/then.rs":"9dcfdc741d1d7dea0100aa9f1feadb932f8530f7a7d3071befc1e490a6cb50ed","src/stream/stream/unzip.rs":"9ad4db7522f66a9133e464c13d6c95682c797ae5a986e60d3aba358c65031fe8","src/stream/stream/zip.rs":"56f30f513e11754f59ead5ca4112014cba9278d02796eb8fe0937ae8bb4d44cd","src/stream/try_stream/and_then.rs":"22ca6e547d0db2e07b0a928c48118a532adaf28d85c60ab84b8366dbfeab9161","src/stream/try_stream/into_async_read.rs":"f584fd8dfdab90328fc89eac78306caa308d43f3035c1c5489e55384007e77ed","src/stream/try_stream/into_stream.rs":"4fee94e89956a42871fc4a0cdba7ae1b7d4265e884528799cd227c9dd851acce","src/stream/try_stream/mod.rs":"7a83406bfbefe4fe651b9535035fef80d52e995a44dcd0e16105bf274e0fef06","src/stream/try_stream/or_else.rs":"8cc7f602da1ffee21bf06c5203aa0427514a83b67941ae264459f1eff8dc8aec","src/stream/try_stream/try_buffer_unordered.rs":"64e698ea6aefbe7e32d48e737553b20b9cde5c258963bb20486b48b7d6899660","src/stream/try_stream/try_buffered.rs":"7546d396026bf700d3f37f55d5a4e39abe5fb05919e6a269feeb8be7af19256c","src/stream/try_stream/try_chunks.rs":"58b8c5af4914eae3698e528b0361532b391bf4b3463f4c790e43c8069cfe1bd7","src/stream/try_stream/try_collect.rs":"1132751055a51b936ed28b83c4eed7dee3f40a4be13ea374b30086e864e1ee09","src/stream/try_stream/try_concat.rs":"f2330ebeeab30273e9ac0e8600bfe2f405ce671f6386e688b3afb1d2fdd7c2c6","src/stream/try_stream/try_filter.rs":"7c2a09cdb1753ecb49a44d1d84742cb2050a999a8148448b31bb404eb2d17154","src/stream/try_stream/try_filter_map.rs":"5afc6ab35e2b425e37ed217a6bb038459c8828d6bcd6a3699883d6df071dc7e7","src/stream/try_stream/try_flatten.rs":"e05614d86a27ab8386476eea35fd424c07e5f7f99cf0401d63a6655eb7ca1247","src/stream/try_stream/try_fold.rs":"b96aa2fe1a16f625d5045028a86ff8684dcf5198ef8c7c072f52f39aeaa8b619","src/stream/try_stream/try_for_each.rs":"3f3901d618333b740d470eb02fcbb645df92483493872298bb7bd0382646028a","src/stream/try_stream/try_for_each_concurrent.rs":"78a94a77f329862c2a245ec3add97e49c534985f0d9da98f205b7fa3c7c08df3","src/stream/try_stream/try_next.rs":"6e29473153db1435906e79f7eaa13ce9da842d4528ba9eb1c0034665feacc565","src/stream/try_stream/try_skip_while.rs":"c0259ec70bdf4a81c1fa569275766e3e65db9d5715c81e93ada04817c1835add","src/stream/try_stream/try_take_while.rs":"54927dfa95ff58b542a1d7382f564eeae5e02e633c948b1a39ac09bc7e92f5f5","src/stream/try_stream/try_unfold.rs":"aaf0f4857a4ec8233ac842ae509f29e5a210827a0bb40cfc0dc3e858f153d2b4","src/stream/unfold.rs":"8b2feb00f979562b43064eb078d53a160cdb3c65deed17ec25a05938df2d370f","src/task/mod.rs":"074ce7f3869663d2e768bb08ea201ed1be176e13edd4150f201bc1ea362170d3","src/task/spawn.rs":"26bbcf1d65e1467de0ecdad2b56f464a510cda7c1933427d69a1b50459836489","src/unfold_state.rs":"ffe848071a99d6afcdbe8281a8a77a559a7dde434fc41f734c90e6b9b5d8a5af"},"package":"41d22213122356472061ac0f1ab2cee28d2bac8491410fd68c2af53d1cedb83e"}+{"files":{"Cargo.toml":"fb0e0a9cd20fff0e75bddf0f79a2c06200f5177b338a3bb2b3cd27f3b08eaff7","LICENSE-APACHE":"275c491d6d1160553c32fd6127061d7f9606c3ea25abfad6ca3f6ed088785427","LICENSE-MIT":"6652c868f35dfe5e8ef636810a4e576b9d663f3a17fb0f5613ad73583e1b88fd","README.md":"727f58ddc0ad88244d784b56a090410b39805e256e3415d4ae20cf2ba471d260","benches/futures_unordered.rs":"5eb8280be8d8fb7bd5fb103ce20db10f618f47e180a402105e0d5e9f8c9fe35a","benches_disabled/bilock.rs":"ab8b47fba5cfa5366477ef1034a042efde9b0aff6b77110d1f3a2715ab7508e8","build.rs":"f6e21c09f18cc405bd7048cb7a2958f92d5414b9ca6b301d137e120a84fa020a","no_atomic_cas.rs":"ff8be002b49a5cd9e4ca0db17b1c9e6b98e55f556319eb6b953dd6ff52c397a6","src/abortable.rs":"d88dd2501ed379b3540bd971d367b4629755d6d9f264e7b54ae59eea0ff83623","src/async_await/join_mod.rs":"8f83c0001df867f5eb47a4174bf4a0c0b548f8ff3be3b532e0c759ad981b87da","src/async_await/mod.rs":"3d25c343cc3e789d3f982cdacd6f8ed91511ba656c3923da310700f318f423a4","src/async_await/pending.rs":"7971ec1d5d89ad80390e2a0c51e396257b2e78f1436cce79ea2b55ac2f13b328","src/async_await/poll.rs":"440c19a89fd42b12da09ff48a69523b5a8a5baea0bcd2f860589a0ab996ed781","src/async_await/random.rs":"daf229cd01595d38ef0f6284865fe2f60ed3b8134f7a15c82564b97ff3a5be98","src/async_await/select_mod.rs":"414c7fb7923cfe21116d558bf3cd1a6ae5bef4ed01f9877f0e7cb3e42ee6c79d","src/async_await/stream_select_mod.rs":"9a51338914cbb1502619fed591dfe4fc676919499b9d041898e59f630fe5e7f0","src/compat/compat01as03.rs":"07c83b0820e1b6a5a792043e0b0eb5be70f365e5462c8a1fa5fa6b0f62f9e57d","src/compat/compat03as01.rs":"7cf29e57f8ee14b64123b3d2c16dceced25af5491a5ef81b655b2de2e9587fbe","src/compat/executor.rs":"a0edd7baa2192daa14a5a26bf53bd229defaeac538d2ec771c60992c6dfeb393","src/compat/mod.rs":"6cf3412f6a3f9ee8406118ea75de65468a83febc6ba61bdbad69261f0cfea02e","src/fns.rs":"f8e396128791169098a38a82c3c28aaa6dd5d40718635f7cc30b59b32f7110b8","src/future/abortable.rs":"373ce61c0c7c31718ff572113503bb88f55e3b49ed5d028a3dfafd69070f44c1","src/future/either.rs":"d7fb8728fac6fccbbc14afaa16ebd51c2633dd653277289c089b5c478742b37f","src/future/future/catch_unwind.rs":"08b0ac049cdee28325d378209aa5bb4d91b14a29ddd9c2b0e5c661b61f9cfcfe","src/future/future/flatten.rs":"5bf9846cef8dec5dcc38b992653e11146bc149a0d3efc09b1f8268bd29de0b2b","src/future/future/fuse.rs":"6531a95dc1917b2a5724b35e364faa741143811afc654a45c360111e9807864c","src/future/future/map.rs":"de607c2a4d80d2bddb590781c37328ddd294bb9d5064a9ecb99455244239b597","src/future/future/mod.rs":"ecfac09dcba801cede7c58acfaa76a9ab76d26a3f4c968d66c2a49caa57faefe","src/future/future/remote_handle.rs":"2ae17a409569b32c78e20026a8ecdf667352c2597a4a0a8deefa4761fafcb223","src/future/future/shared.rs":"ebf46b4bf428676bf553015e384f7f41da03558481aaa38deb1e8a896d212dae","src/future/join.rs":"38b55fc7cdbbdaaa525e51f8ce09783dbbcb65eabfd7de9f46610593e0bbef17","src/future/join_all.rs":"294a8e76862f447dea8759f78f7224d885a826c80193ceef2389345221e6e3c0","src/future/lazy.rs":"d161fc4108a97348c1becbbd5ba8fccb7225dcf1d81c097666f5c8b40718251d","src/future/maybe_done.rs":"559e41cb170f9fe7246d2a5b112527a9f9cbca63b8a5a872b3aa9c861f70f307","src/future/mod.rs":"51e018100362f20b071225268f1d81f25c8e9664e94730af199069c2692bf26a","src/future/option.rs":"73daca814800b91b707753dcfe074265372b0077fae2504ea6efddc713453579","src/future/pending.rs":"86598a5d5ade7c0416566deb280150bac34bd4703c997d2c7af572342d8d6d02","src/future/poll_fn.rs":"8e54bf57d60e01d496ae31df35e0b96868f4bda504c024a14f51ab723d67885f","src/future/poll_immediate.rs":"7e199fc102894c9095de17af602a7c8f05d427269aefce5d71cd5136d54659c0","src/future/ready.rs":"c9860ccd8ac529f44f66dee73ca9b9d7f1b1b3e5e9e4dc70c59640c752553d58","src/future/select.rs":"a582b1ed9c1e6cd8dcaa80b5f45e2176ed4a1740fe303f7143e29cab8e0dbc22","src/future/select_all.rs":"179b8168370e2c7105e348fdfbeb965eb746336d9660aa7fbc9185d681ae8c2d","src/future/select_ok.rs":"fed28e1fd368cdd465d297a84ea9436a00757eff4b34e592d94d7747b3bf4996","src/future/try_future/into_future.rs":"d966bde7b06a88443f0efd877e95f91541778c4e713f3f4b66e00ca5d3f352b6","src/future/try_future/mod.rs":"4733167d93e8f728e87f79b7d4dfe66de6afb306735ca76f9f843270286b3f6b","src/future/try_future/try_flatten.rs":"16c02e1780bd312b8b386e41c1d9dd4bcc4e8ef10f26007364f857b3adcc6e99","src/future/try_future/try_flatten_err.rs":"130f3fc3fd95a19f4e4a50e69301106fab02f77d0faf3aac9c473a92b826c2ca","src/future/try_join.rs":"1836931f8ba32da41c6810e6acc0ea2fee75b74b3153e760c4542cb12b220540","src/future/try_join_all.rs":"d4f262e80bb5347597c75b25de3c7784ffb4bd766227d6dc70cdeb77a38f4a5d","src/future/try_maybe_done.rs":"1cce46b2ee43ad51b7c5f9c02bc90a890af32bc549ce99098a2c8813508051e1","src/future/try_select.rs":"2e1b7e0b0cb7343f766fade87269093558db206f7fbe7dddfa3143885e17bac4","src/io/allow_std.rs":"a125959c255fd344399fb0be19218a8ee7d613ce2485d6df9cdbc2ed5d3987df","src/io/buf_reader.rs":"46a1e24046c5bc2ab8f266e3d904281bec3ab4ba6c13d4213a52599b57b8de66","src/io/buf_writer.rs":"d6666b8dde60eefbb7fa69da4a2eea2b34ea0e4a85e21e5ac6e83cc680ea9140","src/io/chain.rs":"12f508fc39c3234a71a0f886505245c5d659aed09c7d874b1bd8ca0a0d456cf3","src/io/close.rs":"9832210a870637198fa58642cdf2779afab71f2e31a9953e663fa6854bd73ac7","src/io/copy.rs":"cb2466dcd7ea8bb1f07d00c03e66ed55abf71fe4be6937adc9f533ef9d99fb2d","src/io/copy_buf.rs":"e9a5f6aac8375e298bddb332f23d8b626d056ce452b58f772a05df7e2cd326cf","src/io/cursor.rs":"612bdb8b4055d26816fb0e4c3e9859b06b3d08c99e4a27ed4946c95e219a29ab","src/io/empty.rs":"6ae40b4bc8fc41572abad2d013285d78d8df445868d41fac77bde508ec9bc1a5","src/io/fill_buf.rs":"4f217fed8eb3f66dbde2371c3fbcfa9420d38ba20da544a0658584e5778aa47d","src/io/flush.rs":"0c9b588dfd9da039dc123ba9448ac31ca21ee3da0a164a21f6c2c182183d43e2","src/io/into_sink.rs":"ab5bdb12bff62672175b69b8c9f5a4bbbea716b9cf89169ed6a723ab43da9df8","src/io/line_writer.rs":"16c151c68d89b7c2ab929c4a782539b1ad512b723eed9b544f50f1ff06f0b661","src/io/lines.rs":"ccfa24e212a610aad0c81042cfa64ada820c4305ba0e911a2c16221d7867468e","src/io/mod.rs":"599416e4d7dd5c6523a87bf778001ce0c3848ee760827af0b69c7b7aafd8a8a0","src/io/read.rs":"4ea675a83cec98a22c9c4731ff980209f0cf67f63c71871cd1deed53c1266345","src/io/read_exact.rs":"d27d5ec082ccb1b051d1292e029e398926a164c82e1f0c983ca9928410aa2abe","src/io/read_line.rs":"a3c62ca2034089a22ea9567e0b3cab0dfe09309782fcf151d92311a77223e37c","src/io/read_to_end.rs":"5e9e38dc087623dac5a3ae3ad329ed44ffe4f6205a78e546adadc3ffb76703fc","src/io/read_to_string.rs":"2c073d05f0361acda1f0172b24fd4c5da61840ac925a5bdfae9111c697759d1b","src/io/read_until.rs":"354507ce95242a735940f0aaa6ef11cc7d6d0505ae148f05277ce6e7537f168a","src/io/read_vectored.rs":"bd7f442c92f2cb320075d0983b0d08d51c23078898d72e6c2857cf6c7ad4cec7","src/io/repeat.rs":"53bc472e4bd7d286bf90765ce574f13b7aabc871c4f04f712da7cea160491390","src/io/seek.rs":"9863e9fb6495eb6e1f8c45c283c8a6993b9bdb1462f75a3e525e135c6840dec7","src/io/sink.rs":"30a503631d196e5da92c386d0afc1af9656a5f7682456cfa2489a2c30a05cac5","src/io/split.rs":"2aa567452b713497d5b85813980b69e888aee32be14492c92404d261fd50eb09","src/io/take.rs":"c53fec5b5e8c3742b7e60e6ebfa625cf2e566fbea193fb1eee2f0a8e561d63d5","src/io/window.rs":"295d7dc18ad101642003cd67687242e4bdba11552cfb7f18c521cbff369e6f71","src/io/write.rs":"60670eb00f999f2e2c43b099759a7fb030325b323744d88c9d20f75926ec30df","src/io/write_all.rs":"c88930fd23c88cc01fef2c6118d53d33996c011c4abf28778a27646fe1f7896a","src/io/write_all_vectored.rs":"53becf89c031bf4c3073f0903ce809eee7606b1b4fbeb518605875badba216d3","src/io/write_vectored.rs":"bc98ff4a709cb75cd9ffedefa8ef251089a49906b98e142d76447ddf4ac098bb","src/lib.rs":"384447fb9bfcd3b110656979cca71b53c3abe72690e970c30563c1baba27fd74","src/lock/bilock.rs":"f1b955cb2e10c906933e63bbfb8e953af634428ce15faf3696b07d11da0cc279","src/lock/mod.rs":"e964dd0d999ccf9d9d167d7ecbfeb7a66d180a80eeb6fd41ec3fa698c1067674","src/lock/mutex.rs":"782375724e4abbdaf3221eb422911c37fe13e794e6f30ea819acece7303c3368","src/never.rs":"2066481ab04921269cfa768cb8b778a035ab6aa49ec404d9ac0aeb07a4bf6094","src/sink/buffer.rs":"33a7380f8232225a8e9ac5ee138fd095979efa3a64f9fecf5fcaf2e78fcbc355","src/sink/close.rs":"f2f31c884f048163abebd4f5a877b7b4306f7d02beae428325636fd00ed42ca9","src/sink/drain.rs":"392d9487003fcd55a3373c3e2558f6549b9633b82fc08b5a665a573b137ae9f7","src/sink/err_into.rs":"ced2998b2b0b792d80f7543523c9e07e8f5d20a4336cae93084b995e46671b15","src/sink/fanout.rs":"66dcde056e0bbee4e0074d331838ed2743dc872ea1597f05d61970523dc34926","src/sink/feed.rs":"64b9d296d37aedde37e1421c459ebcd9a7e8814db905996996167850124f3b3f","src/sink/flush.rs":"fbba344f428ca7636541ba013f7db2ece480b404a9e0b421c5537552d61e2492","src/sink/map_err.rs":"0f68f444ef13fe7115164be855c3b7b1d269e1119e69fcdad1706988255641f1","src/sink/mod.rs":"37cf379170f3099992eb59f3181be4c4e4a5c2d3581dbe424d22ab360840d321","src/sink/send.rs":"56aaba9aa4a562e0af39473a5779206d91b0acb1fced4fc06cd8b959d1897524","src/sink/send_all.rs":"a8e4956604fe73e321b0a3896c2018bc5c27149f2862f8406112db140b3aa2dd","src/sink/unfold.rs":"428080b76213b504fcc981d2f05840f1a93c8db305301af1cf5852b6c47c4be5","src/sink/with.rs":"850cd3b96304df1f38360a0bc60b02d485535e399ef7642acdd9add7876867d8","src/sink/with_flat_map.rs":"5e0f527b33ee8f1cc6a6a46d45b6d74dad5c735d88b2cb24e1cb34fdc6ef501b","src/stream/abortable.rs":"935d79aa44d793f4abe87ca27a9e4a20891500488cf942693cd2756d65b3aab2","src/stream/empty.rs":"5000c856186408a17f68bbef432d4a1a3edb7fb5a07ed8699342fef04b10a181","src/stream/futures_ordered.rs":"46217ed3802d052724a4a3166370f74e6d5fcd248d6f983caea10bc3335a1f0e","src/stream/futures_unordered/abort.rs":"bdfece9f91accafd5122be36d628c37c5b219ac0eecec181267840fbb1e95a45","src/stream/futures_unordered/iter.rs":"e8862300ddb0504090c059b3dba2425af6335874cb6ef393fef26e87788b6d3e","src/stream/futures_unordered/mod.rs":"da8b7adb93b50c1c6507c1af4b3c1ec0de4ce33f68f64dc876749c07e231d642","src/stream/futures_unordered/ready_to_run_queue.rs":"6223c67519c1ae35cbc449dd5654fda422aaba61a2344cc0b190c73b4b1e9f80","src/stream/futures_unordered/task.rs":"ab2de99b2a42c1da70d56e4be43c0ef72e8d5a4504adc0f870f8d28afd332a37","src/stream/iter.rs":"609fa821a460e901a54ae51f8da58220881157cef02b8b7b8c9e4321c2d05a23","src/stream/mod.rs":"33873b13535443cce2d49fdb3f0b359286bfc74f3553419fe7174cf7c1840da0","src/stream/once.rs":"d7b70adabad1f10af711ac3dcef33fd4c287e9852fdb678406e7ff350ba8fd47","src/stream/pending.rs":"84aaa15c8bbb17a250da5b1b5f0c7f6717410915d63340a3fcbf098bebe19d6f","src/stream/poll_fn.rs":"35952ea514b8aade14a3934d7777006475f50bbf0c5b50141710e31637f980be","src/stream/poll_immediate.rs":"e7a53ff8275ebe89dab8f9b984cce2ee0fde0a828e540b77c5500ca017d5bb98","src/stream/repeat.rs":"e4e4a9b6f2fca72bcbf098c3ac0c4a41323a840741d4dce9d9416464b7e8bd0d","src/stream/repeat_with.rs":"525780d24f3f99152b879765ca6eab99bcc0c757dc6654b6635c099b93ea654d","src/stream/select.rs":"28eb422c0eca9fd02778a6003004471b3489db09746a70e617a506303ea8b81d","src/stream/select_all.rs":"4358fa26cfe8c1b56f19d077b841bbdfe22f7adc043034fd6313b004e94e310d","src/stream/select_with_strategy.rs":"7fe249fd92fc66ad2bfa5a2dec7148b2a0102b3a8d915b2103bfbcd1b8870447","src/stream/stream/all.rs":"43cfb69de0ea991497d26d0aeb02091f10eb241ef93758b54c5e7aced5b63b63","src/stream/stream/any.rs":"2582da02f9a1ce2bd0af87a64b65188fc93686c5e3dd9128e89e5f57c1d70e43","src/stream/stream/buffer_unordered.rs":"66c3f4bd2fabfbdf6a4033dfaed44dd0262b68e6533509029c984ae037e35392","src/stream/stream/buffered.rs":"eabd0c0e50eaaaf0a92a7b39fdb5b77e068bbfbbfd5e216a09c3a6e0c1fc102d","src/stream/stream/catch_unwind.rs":"b2e801ff744d5d9e17177ec1156b0ab67bdd56b94c618ed8590344ec8a0f35e7","src/stream/stream/chain.rs":"ba1a206b3ce0160186021f5c1e4c95a770d26b843e3640e52609a2facaf756ac","src/stream/stream/chunks.rs":"d3aaddc05779ef70e2f0e59570cf6d5a1d231ae4885c8b8b2e4813fc02832562","src/stream/stream/collect.rs":"977ed1970b46029517ecc45f4af924b8e585d3770f01b2a0d2df0e01519ca50f","src/stream/stream/concat.rs":"171ea941b45c0295ed978c3f318a449ea295e33cb4ea82c764f4e9e7c48ad5de","src/stream/stream/count.rs":"ff218aea3d2d2456c8163926ea0c357b2752e92578e5fd4bec6b789fe1246556","src/stream/stream/cycle.rs":"ed7e3d15e7b1adec5ad5789b0d3186b5995a3353cc974fb7f41a72f6d8ad4cbb","src/stream/stream/enumerate.rs":"fc7565d21d39565790859eeac9ae8dd74123a9d15b88258d3abe894f1876cc39","src/stream/stream/filter.rs":"3dd080914e6770f8790455fc9cbedf30c5f44a589ef99b19112344c75f9e9042","src/stream/stream/filter_map.rs":"3a8a3e06dfac48dd3f7b6b1a552a51a3e31ea943e012dd35729d461a1fcfad80","src/stream/stream/flatten.rs":"69493fc106a1447abe109fd54375bb30363f7bc419463a8f835e4c80d97f2186","src/stream/stream/fold.rs":"75d61d4321db1bcbbdd1a0102d9ad60206275777167c008fc8953e50cd978a09","src/stream/stream/for_each.rs":"07bca889821bad18ff083e54abe679fbeb8cd19c086581c2f2722cba6b42263f","src/stream/stream/for_each_concurrent.rs":"4e1e7eb3d4ccfae0e8000651b75834e2960a7f9c62ab92dba35a0bdbbf5bbb21","src/stream/stream/forward.rs":"cd024ba1a3d5098d3ff2d5178a12e068916cc4307284b00c18dbc54b554a5560","src/stream/stream/fuse.rs":"061c5385f12f80c7906cb15ddb8f455ced6ce21d1de9a97de9db2616407c0cac","src/stream/stream/into_future.rs":"b46ad45cc03ddd778a9ffaa0d603c8ee0b411f49333100160959942cde9588bd","src/stream/stream/map.rs":"b91bdd5b33821a50c9b5034261a14f89ff1a9d541ab99b9d9a6921b12a5d434e","src/stream/stream/mod.rs":"106daa368424cca9e35aab6ec1bc177570aeca1dfaec57b188682ae3aaee11b7","src/stream/stream/next.rs":"7b4d5a22b5e00aa191ea82346bb1f392121cc68692864a8230e462d59e622928","src/stream/stream/peek.rs":"1ef5f11b1f0cc11d01690bebe282d8953ff8e860597f4ce21208fc274be5e98e","src/stream/stream/ready_chunks.rs":"4e6deb3a6d453fd4e982bdba416188311a72daca1b218d4e9ef20819fc09b5b2","src/stream/stream/scan.rs":"54489c8efef60dbf3c35ee803afee5c5ea7c364fb9b68939a04956e46febb856","src/stream/stream/select_next_some.rs":"0094eccc96cfe78d9b6d0a9bdb82cada8fb7929770a3ac00ffcb5441d7dc4f51","src/stream/stream/skip.rs":"61f7ec7fe25663d2c87cffaad19ed27eda032842edb8af731b521025b244f120","src/stream/stream/skip_while.rs":"75ee580e0111200758d0c0fe154276007ff233db6b63a8223f0baeac1db18874","src/stream/stream/split.rs":"fa4adea18708dad384eb347260cfb965d30c40a677e15f9267f97aa382c6306c","src/stream/stream/take.rs":"505f83d341dc84eeab46f5e66adfa21a36207cb66f2394dd6a256576db665827","src/stream/stream/take_until.rs":"0f1fa7d158192a5dee32392dfdd062c15dab6d246b0ca267e91aae490d7d7fdb","src/stream/stream/take_while.rs":"51007dbde8434fd22c5ef2481a99463f11b3785e4bdeb73fa583a17f29f5c228","src/stream/stream/then.rs":"9dcfdc741d1d7dea0100aa9f1feadb932f8530f7a7d3071befc1e490a6cb50ed","src/stream/stream/unzip.rs":"9ad4db7522f66a9133e464c13d6c95682c797ae5a986e60d3aba358c65031fe8","src/stream/stream/zip.rs":"56f30f513e11754f59ead5ca4112014cba9278d02796eb8fe0937ae8bb4d44cd","src/stream/try_stream/and_then.rs":"22ca6e547d0db2e07b0a928c48118a532adaf28d85c60ab84b8366dbfeab9161","src/stream/try_stream/into_async_read.rs":"f584fd8dfdab90328fc89eac78306caa308d43f3035c1c5489e55384007e77ed","src/stream/try_stream/into_stream.rs":"4fee94e89956a42871fc4a0cdba7ae1b7d4265e884528799cd227c9dd851acce","src/stream/try_stream/mod.rs":"7a83406bfbefe4fe651b9535035fef80d52e995a44dcd0e16105bf274e0fef06","src/stream/try_stream/or_else.rs":"8cc7f602da1ffee21bf06c5203aa0427514a83b67941ae264459f1eff8dc8aec","src/stream/try_stream/try_buffer_unordered.rs":"64e698ea6aefbe7e32d48e737553b20b9cde5c258963bb20486b48b7d6899660","src/stream/try_stream/try_buffered.rs":"7546d396026bf700d3f37f55d5a4e39abe5fb05919e6a269feeb8be7af19256c","src/stream/try_stream/try_chunks.rs":"58b8c5af4914eae3698e528b0361532b391bf4b3463f4c790e43c8069cfe1bd7","src/stream/try_stream/try_collect.rs":"1132751055a51b936ed28b83c4eed7dee3f40a4be13ea374b30086e864e1ee09","src/stream/try_stream/try_concat.rs":"f2330ebeeab30273e9ac0e8600bfe2f405ce671f6386e688b3afb1d2fdd7c2c6","src/stream/try_stream/try_filter.rs":"7c2a09cdb1753ecb49a44d1d84742cb2050a999a8148448b31bb404eb2d17154","src/stream/try_stream/try_filter_map.rs":"5afc6ab35e2b425e37ed217a6bb038459c8828d6bcd6a3699883d6df071dc7e7","src/stream/try_stream/try_flatten.rs":"e05614d86a27ab8386476eea35fd424c07e5f7f99cf0401d63a6655eb7ca1247","src/stream/try_stream/try_fold.rs":"b96aa2fe1a16f625d5045028a86ff8684dcf5198ef8c7c072f52f39aeaa8b619","src/stream/try_stream/try_for_each.rs":"3f3901d618333b740d470eb02fcbb645df92483493872298bb7bd0382646028a","src/stream/try_stream/try_for_each_concurrent.rs":"78a94a77f329862c2a245ec3add97e49c534985f0d9da98f205b7fa3c7c08df3","src/stream/try_stream/try_next.rs":"6e29473153db1435906e79f7eaa13ce9da842d4528ba9eb1c0034665feacc565","src/stream/try_stream/try_skip_while.rs":"c0259ec70bdf4a81c1fa569275766e3e65db9d5715c81e93ada04817c1835add","src/stream/try_stream/try_take_while.rs":"54927dfa95ff58b542a1d7382f564eeae5e02e633c948b1a39ac09bc7e92f5f5","src/stream/try_stream/try_unfold.rs":"aaf0f4857a4ec8233ac842ae509f29e5a210827a0bb40cfc0dc3e858f153d2b4","src/stream/unfold.rs":"8b2feb00f979562b43064eb078d53a160cdb3c65deed17ec25a05938df2d370f","src/task/mod.rs":"074ce7f3869663d2e768bb08ea201ed1be176e13edd4150f201bc1ea362170d3","src/task/spawn.rs":"26bbcf1d65e1467de0ecdad2b56f464a510cda7c1933427d69a1b50459836489","src/unfold_state.rs":"ffe848071a99d6afcdbe8281a8a77a559a7dde434fc41f734c90e6b9b5d8a5af"},"package":"d9b5cf40b47a271f77a8b1bec03ca09044d99d2372c0de244e66430761127164"}=========gfx/layers/apz/src/AsyncPanZoomController.h========--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/gfx/layers/apz/src/AsyncPanZoomController.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/gfx/layers/apz/src/AsyncPanZoomController.h@@ -43,6 +43,10 @@ } // namespace ipc+namespace wr {+struct SampledScrollOffset;+} // namespace wr+ namespace layers { class AsyncDragMetrics;@@ -1091,6 +1095,10 @@ // Accessing mScrollPayload needs to be protected by mRecursiveMutex Maybe<CompositionPayload> mScrollPayload;+ // Representing sampled scroll offset generation, this value is bumped up+ // every time this APZC sampled new scroll offset.+ APZScrollGeneration mScrollGeneration;+ friend class Axis; public:@@ -1172,10 +1180,16 @@ * When only the eLayout component is requested, the returned translation * should really be a LayerPoint, rather than a ParentLayerPoint, as it will * not be scaled by the asynchronous zoom.+ * |aMode| specifies whether the async transform is queried for the purpose of+ * hit testing (eHitTesting) in which case the latest values from |Metrics()|+ * are used, or for compositing (eCompositing) in which case a sampled value+ * from |mSampledState| is used.+ * |aSampleIndex| specifies which sample in |mSampledState| to use. */ AsyncTransform GetCurrentAsyncTransform( AsyncTransformConsumer aMode,- AsyncTransformComponents aComponents = LayoutAndVisual) const;+ AsyncTransformComponents aComponents = LayoutAndVisual,+ std::size_t aSampleIndex = 0) const; /** * Returns the same transform as GetCurrentAsyncTransform(), but includes@@ -1183,7 +1197,10 @@ */ AsyncTransformComponentMatrix GetCurrentAsyncTransformWithOverscroll( AsyncTransformConsumer aMode,- AsyncTransformComponents aComponents = LayoutAndVisual) const;+ AsyncTransformComponents aComponents = LayoutAndVisual,+ std::size_t aSampleIndex = 0) const;++ AutoTArray<wr::SampledScrollOffset, 2> GetSampledScrollOffsets() const; /** * Returns the "zoom" bits of the transform. This includes both the rasterized@@ -1243,15 +1260,15 @@ * store the required value from the last time it was sampled by calling * SampleCompositedAsyncTransform(), depending on who is asking. */- CSSRect GetEffectiveLayoutViewport(- AsyncTransformConsumer aMode,- const RecursiveMutexAutoLock& aProofOfLock) const;- CSSPoint GetEffectiveScrollOffset(- AsyncTransformConsumer aMode,- const RecursiveMutexAutoLock& aProofOfLock) const;+ CSSRect GetEffectiveLayoutViewport(AsyncTransformConsumer aMode,+ const RecursiveMutexAutoLock& aProofOfLock,+ std::size_t aSampleIndex = 0) const;+ CSSPoint GetEffectiveScrollOffset(AsyncTransformConsumer aMode,+ const RecursiveMutexAutoLock& aProofOfLock,+ std::size_t aSampleIndex = 0) const; CSSToParentLayerScale GetEffectiveZoom(- AsyncTransformConsumer aMode,- const RecursiveMutexAutoLock& aProofOfLock) const;+ AsyncTransformConsumer aMode, const RecursiveMutexAutoLock& aProofOfLock,+ std::size_t aSampleIndex = 0) const; /** * Returns the visible portion of the content scrolled by this APZC, in
I'll analyze the provided code diff for security fixes.
1. First, looking at the rust/futures-util/.cargo-checksum.json changes:
Vulnerability Existed: no
This is just a checksum update for dependency files, which doesn't indicate any security fixes.
2. Looking at the AsyncPanZoomController.h changes:
Vulnerability Existed: not sure
The changes introduce new functionality for sampled scroll offsets and scroll generation tracking. While this doesn't appear to fix a specific vulnerability, it could be related to preventing race conditions or improving synchronization in scroll handling. The changes include:
- Added APZScrollGeneration member
- Modified GetCurrentAsyncTransform() to support sampled state
- Added GetSampledScrollOffsets()
- Modified various methods to support sample indexing
The changes appear to be more about functionality improvements and better synchronization rather than direct security fixes. Without more context about the specific issues being addressed, I can't identify any clear vulnerabilities being fixed.
No specific vulnerability names can be identified from these changes. The modifications seem focused on improving scroll handling and synchronization in the AsyncPanZoomController component.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/geckodriver/doc/Profiles.md+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/geckodriver/doc/Profiles.md@@ -32,8 +32,8 @@ [profiles]: https://support.mozilla.org/en-US/kb/profiles-where-firefox-stores-user-data [_Automation preferences_]: #automation-preferences-[`args` capability]: ./Capabilities.html#capability-args-[`profile` capability]: ./Capabilities.html#capability-profile+[`args` capability]: https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities/firefoxOptions#args_array_of_strings+[`profile` capability]: https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities/firefoxOptions#profile_string [known bug concerning `--profile`]: https://github.com/mozilla/geckodriver/issues/1058@@ -96,7 +96,7 @@ the Marionette server in Firefox which port to use. [user.js file]: http://kb.mozillazine.org/User.js_file-[`prefs` capability]: ./Capabilities.html#capability-prefs+[`prefs` capability]: https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities/firefoxOptions#prefs_preferences_object Temporary profiles not being removed
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be documentation updates where links to capability references were changed from relative paths to absolute MDN URLs. Here's the analysis:
Vulnerability Existed: no
Documentation link updates [testing/geckodriver/doc/Profiles.md] [Lines 32-36, 96]
[`args` capability]: ./Capabilities.html#capability-args
[`profile` capability]: ./Capabilities.html#capability-profile
[`prefs` capability]: ./Capabilities.html#capability-prefs
Fixed to:
[`args` capability]: https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities/firefoxOptions#args_array_of_strings
[`profile` capability]: https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities/firefoxOptions#profile_string
[`prefs` capability]: https://developer.mozilla.org/en-US/docs/Web/WebDriver/Capabilities/firefoxOptions#prefs_preferences_object
The changes are purely documentation improvements with no security implications. The links were updated to point to more authoritative and stable MDN documentation instead of relative paths.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.bezierCurveTo.nonfinite.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/path-objects/2d.path.bezierCurveTo.nonfinite.html@@ -17,8 +17,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.moveTo(0, 0); ctx.lineTo(100, 0);@@ -101,8 +101,8 @@ ctx.lineTo(0, 50); ctx.fillStyle = '#0f0'; ctx.fill();-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");-_assertPixel(offscreenCanvas, 90,45, 0,255,0,255, "90,45", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 90,45, 0,255,0,255, "90,45", "0,255,0,255"); t.done(); });
Based on the provided code diff, I'll analyze it for potential security vulnerabilities:
1. Vulnerability Existed: no
Variable Renaming [File] [Lines 17-18, 101-102]
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
_assertPixel(offscreenCanvas, 90,45, 0,255,0,255, "90,45", "0,255,0,255");
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
_assertPixel(canvas, 90,45, 0,255,0,255, "90,45", "0,255,0,255");
Additional Details:
- This appears to be a simple variable renaming change from `offscreenCanvas` to `canvas`
- No security implications are evident in this change
- The modification is purely about code style/readability rather than security
- The functionality remains exactly the same, just with a different variable name
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.image.null.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.image.null.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); assert_throws_js(TypeError, function() { ctx.createPattern(null, 'repeat'); }); t.done();
Analyzing the provided code diff:
1. Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.pattern.image.null.worker.js [Lines] 13-14
Old Code:
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
Fixed Code:
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
The changes appear to be purely cosmetic/refactoring, renaming a variable from `offscreenCanvas` to `canvas` without any security implications. The test's purpose remains the same - to verify that creating a pattern from a null image throws a TypeError. No security vulnerabilities are addressed or introduced by this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/dom/media/webrtc/jsapi/PeerConnectionMedia.cpp+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/dom/media/webrtc/jsapi/PeerConnectionMedia.cpp@@ -100,13 +100,8 @@ mTargetForDefaultLocalAddressLookupIsSet(false), mDestroyed(false) { if (XRE_IsContentProcess()) {- nsCOMPtr<nsISerialEventTarget> target =- mParent->GetWindow()- ? mParent->GetWindow()->EventTargetFor(TaskCategory::Other)- : nullptr;- mStunAddrsRequest =- new net::StunAddrsRequestChild(new StunAddrsHandler(this), target);+ new net::StunAddrsRequestChild(new StunAddrsHandler(this)); } }@@ -688,16 +683,6 @@ return NS_OK; }-void PeerConnectionMedia::GetTransmitPipelinesMatching(- const MediaStreamTrack* aTrack,- nsTArray<RefPtr<MediaPipelineTransmit>>* aPipelines) {- for (RefPtr<TransceiverImpl>& transceiver : mTransceivers) {- if (transceiver->HasSendTrack(aTrack)) {- aPipelines->AppendElement(transceiver->GetSendPipeline());- }- }-}- std::string PeerConnectionMedia::GetTransportIdMatchingSendTrack( const dom::MediaStreamTrack& aTrack) const { for (const RefPtr<TransceiverImpl>& transceiver : mTransceivers) {
Analyzing the provided code diff, I can identify the following potential security-related changes:
1. First change (removal of event target handling):
Vulnerability Existed: not sure
[Potential Event Target Handling Issue] [dom/media/webrtc/jsapi/PeerConnectionMedia.cpp] [Lines 100-108]
[Old Code]
nsCOMPtr<nsISerialEventTarget> target =
mParent->GetWindow()
? mParent->GetWindow()->EventTargetFor(TaskCategory::Other)
: nullptr;
mStunAddrsRequest =
new net::StunAddrsRequestChild(new StunAddrsHandler(this), target);
[Fixed Code]
mStunAddrsRequest =
new net::StunAddrsRequestChild(new StunAddrsHandler(this));
Additional Details: The removal of the event target parameter might indicate a fix for potential race conditions or thread safety issues, but without more context about the StunAddrsRequestChild implementation, it's unclear if this was an actual vulnerability.
2. Second change (removal of GetTransmitPipelinesMatching method):
Vulnerability Existed: not sure
[Potential Information Exposure] [dom/media/webrtc/jsapi/PeerConnectionMedia.cpp] [Lines 688-696]
[Old Code]
void PeerConnectionMedia::GetTransmitPipelinesMatching(
const MediaStreamTrack* aTrack,
nsTArray<RefPtr<MediaPipelineTransmit>>* aPipelines) {
for (RefPtr<TransceiverImpl>& transceiver : mTransceivers) {
if (transceiver->HasSendTrack(aTrack)) {
aPipelines->AppendElement(transceiver->GetSendPipeline());
}
}
}
[Fixed Code]
[Method completely removed]
Additional Details: The removal of this method might indicate it was exposing internal pipeline information that shouldn't have been accessible, but without more context about how this method was used, it's unclear if this was an actual security vulnerability.
Note: The diff also shows a remaining method (GetTransportIdMatchingSendTrack) but since it wasn't modified, I'm not analyzing it. The changes shown appear to be more about code cleanup or architectural changes rather than clear security fixes, but they could potentially have security implications depending on how these interfaces were used.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/toolkit/components/glean/build_scripts/glean_parser_ext/js.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/toolkit/components/glean/build_scripts/glean_parser_ext/js.py@@ -17,7 +17,7 @@ from perfecthash import PerfectHash from string_table import StringTable-from util import generate_metric_ids, generate_ping_ids+from util import generate_metric_ids, generate_ping_ids, get_metrics from glean_parser import util """@@ -118,10 +118,10 @@ util.get_jinja2_template = get_local_template- if len(objs) == 1 and "pings" in objs:- write_pings(objs, output_fd, "js_pings.jinja2")+ if "pings" in objs:+ write_pings({"pings": objs["pings"]}, output_fd, "js_pings.jinja2") else:- write_metrics(objs, output_fd, "js.jinja2")+ write_metrics(get_metrics(objs), output_fd, "js.jinja2") def write_metrics(objs, output_fd, template_filename):@@ -148,7 +148,7 @@ # Mapping from a type name to its ID metric_type_ids = {}- for category_name, objs in objs.items():+ for category_name, objs in get_metrics(objs).items(): category_name = util.camelize(category_name) id = category_string_table.stringIndex(category_name) categories.append((category_name, id))
Analyzing the provided code diff, I can identify the following potential security-related changes:
1. Vulnerability Existed: not sure
[Potential Input Validation Improvement] [toolkit/components/glean/build_scripts/glean_parser_ext/js.py] [Lines 118-121]
[Old Code]
if len(objs) == 1 and "pings" in objs:
write_pings(objs, output_fd, "js_pings.jinja2")
else:
write_metrics(objs, output_fd, "js.jinja2")
[Fixed Code]
if "pings" in objs:
write_pings({"pings": objs["pings"]}, output_fd, "js_pings.jinja2")
else:
write_metrics(get_metrics(objs), output_fd, "js.jinja2")
Additional Details: The change removes the length check and modifies how pings are handled. While not clearly a security fix, it could be related to preventing potential edge cases in input handling.
2. Vulnerability Existed: not sure
[Potential Data Structure Validation] [toolkit/components/glean/build_scripts/glean_parser_ext/js.py] [Lines 148]
[Old Code]
for category_name, objs in objs.items():
[Fixed Code]
for category_name, objs in get_metrics(objs).items():
Additional Details: The change introduces a new get_metrics() function call to process the input data. This could be related to better input validation or data structure processing, but the exact security implications aren't clear without seeing the get_metrics() implementation.
Note: The changes appear to be more about code structure and input handling improvements rather than fixing clear security vulnerabilities. The addition of get_metrics() suggests better data validation, but without seeing its implementation, I can't definitively say if it fixes a specific vulnerability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/jpeg-xl/lib/jxl/enc_frame.h+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/jpeg-xl/lib/jxl/enc_frame.h@@ -20,6 +20,9 @@ // Information needed for encoding a frame that is not contained elsewhere and // does not belong to `cparams`.+// TODO(lode): if possible, it might be better to replace FrameInfo and several+// fields from ImageBundle (such as frame name and duration) by direct usage of+// jxl::FrameHeader itself. struct FrameInfo { // TODO(veluca): consider adding more parameters, such as custom patches. bool save_before_color_transform = false;@@ -35,6 +38,26 @@ bool is_preview = false; // Information for storing this frame for future use (only for non-DC frames). size_t save_as_reference = 0;+ // The source frame for blending of a next frame, matching the+ // save_as_reference value of a previous frame. Animated frames can use+ // save_as_reference values 1, 2 and 3, while composite still frames can use+ // save_as_reference values 0, 1, 2 and 3. The current C++ encoder+ // implementation is assuming and using 1 for all frames of animations, so+ // using that as the default value here.+ // Corresponds to BlendingInfo::source from the FrameHeader.+ size_t source = 1;+ // Corresponds to BlendingInfo::clamp from the FrameHeader.+ size_t clamp = 1;+ // Corresponds to BlendingInfo::alpha_channel from the FrameHeader, or set to+ // -1 to automatically choose it as the index of the first extra channel of+ // type alpha.+ int alpha_channel = -1;++ // If non-empty, uses this blending info for the extra channels, otherwise+ // automatically chooses it. The encoder API will fill this vector with the+ // extra channel info and allows more options. The non-API cjxl leaves it+ // empty and relies on the default behavior.+ std::vector<BlendingInfo> extra_channel_blending_info; }; // Encodes a single frame (including its header) into a byte stream. Groups may@@ -44,7 +67,8 @@ Status EncodeFrame(const CompressParams& cparams_orig, const FrameInfo& frame_info, const CodecMetadata* metadata, const ImageBundle& ib, PassesEncoderState* passes_enc_state,- ThreadPool* pool, BitWriter* writer, AuxOut* aux_out);+ const JxlCmsInterface& cms, ThreadPool* pool,+ BitWriter* writer, AuxOut* aux_out); } // namespace jxl
Here's the analysis of the provided code diff following the specified format: 1. Vulnerability Existed: no No specific vulnerability found in the diff. The changes appear to be feature additions and parameter additions rather than security fixes. The diff adds new fields to the `FrameInfo` struct and adds a new parameter to `EncodeFrame` function. 2. Vulnerability Existed: not sure Potential Information Exposure [File] third_party/jpeg-xl/lib/jxl/enc_frame.h [Lines 20-58] [Old Code] Struct FrameInfo with fewer fields and EncodeFrame with fewer parameters [Fixed Code] Added more fields to FrameInfo (source, clamp, alpha_channel, extra_channel_blending_info) and added cms parameter to EncodeFrame Note: While no clear vulnerability is being fixed here, the addition of blending-related fields could potentially relate to security if these fields control how frames are composited/processed. However, without more context about how these fields are used, this remains uncertain. The changes appear to be primarily functional enhancements rather than security fixes, but I've included the "not sure" case to cover the possibility that the new blending-related fields could have security implications in how they're processed.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.rgba-num-1.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.rgba-num-1.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillStyle = 'rgba( 0 , 255 , 0 , .499 )'; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,127, "50,25", "0,255,0,127");+_assertPixel(canvas, 50,25, 0,255,0,127, "50,25", "0,255,0,127"); t.done(); });
Based on the provided diff, I don't see any security vulnerabilities being fixed. The changes appear to be variable renaming and don't involve any security-sensitive operations. Here's the analysis:
1. Vulnerability Existed: no
No security vulnerability found
File: testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.rgba-num-1.worker.js
Lines: 13-21
Old Code:
```
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[...]
_assertPixel(offscreenCanvas, 50,25, 0,255,0,127, "50,25", "0,255,0,127");
```
Fixed Code:
```
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
[...]
_assertPixel(canvas, 50,25, 0,255,0,127, "50,25", "0,255,0,127");
```
The changes are purely cosmetic/refactoring, changing the variable name from `offscreenCanvas` to `canvas` for consistency or readability. No security implications were identified in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/tools/wptrunner/wptrunner/wptrunner.py+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/tools/wptrunner/wptrunner/wptrunner.py@@ -1,6 +1,7 @@ import json import os import sys+from datetime import datetime, timedelta import wptserve from wptserve import sslutils@@ -149,6 +150,134 @@ return kwargs["pause_after_test"]+def run_test_iteration(test_status, test_loader, test_source_kwargs, test_source_cls, run_info,+ recording, test_environment, product, run_test_kwargs):+ """Runs the entire test suite.+ This is called for each repeat run requested."""+ tests = []+ for test_type in test_loader.test_types:+ tests.extend(test_loader.tests[test_type])++ try:+ test_groups = test_source_cls.tests_by_group(+ tests, **test_source_kwargs)+ except Exception:+ logger.critical("Loading tests failed")+ return False++ logger.suite_start(test_groups,+ name='web-platform-test',+ run_info=run_info,+ extra={"run_by_dir": run_test_kwargs["run_by_dir"]})+ for test_type in run_test_kwargs["test_types"]:+ logger.info(f"Running {test_type} tests")++ browser_cls = product.get_browser_cls(test_type)++ browser_kwargs = product.get_browser_kwargs(logger,+ test_type,+ run_info,+ config=test_environment.config,+ num_test_groups=len(test_groups),+ **run_test_kwargs)++ executor_cls = product.executor_classes.get(test_type)+ executor_kwargs = product.get_executor_kwargs(logger,+ test_type,+ test_environment,+ run_info,+ **run_test_kwargs)++ if executor_cls is None:+ logger.error(f"Unsupported test type {test_type} for product {product.name}")+ continue++ for test in test_loader.disabled_tests[test_type]:+ logger.test_start(test.id)+ logger.test_end(test.id, status="SKIP")+ test_status.skipped += 1++ if test_type == "testharness":+ run_tests = {"testharness": []}+ for test in test_loader.tests["testharness"]:+ if ((test.testdriver and not executor_cls.supports_testdriver) or+ (test.jsshell and not executor_cls.supports_jsshell)):+ logger.test_start(test.id)+ logger.test_end(test.id, status="SKIP")+ test_status.skipped += 1+ else:+ run_tests["testharness"].append(test)+ else:+ run_tests = test_loader.tests++ recording.pause()+ with ManagerGroup("web-platform-tests",+ run_test_kwargs["processes"],+ test_source_cls,+ test_source_kwargs,+ browser_cls,+ browser_kwargs,+ executor_cls,+ executor_kwargs,+ run_test_kwargs["rerun"],+ run_test_kwargs["pause_after_test"],+ run_test_kwargs["pause_on_unexpected"],+ run_test_kwargs["restart_on_unexpected"],+ run_test_kwargs["debug_info"],+ not run_test_kwargs["no_capture_stdio"],+ recording=recording) as manager_group:+ try:+ manager_group.run(test_type, run_tests)+ except KeyboardInterrupt:+ logger.critical("Main thread got signal")+ manager_group.stop()+ raise+ test_status.total_tests += manager_group.test_count()+ test_status.unexpected += manager_group.unexpected_count()+ test_status.unexpected_pass += manager_group.unexpected_pass_count()++ return True+++def evaluate_runs(test_status, run_test_kwargs):+ """Evaluates the test counts after the given number of repeat runs has finished"""+ if test_status.total_tests == 0:+ if test_status.skipped > 0:+ logger.warning("All requested tests were skipped")+ else:+ if run_test_kwargs["default_exclude"]:+ logger.info("No tests ran")+ return True+ else:+ logger.critical("No tests ran")+ return False++ if test_status.unexpected and not run_test_kwargs["fail_on_unexpected"]:+ logger.info(f"Tolerating {test_status.unexpected} unexpected results")+ return True++ all_unexpected_passed = (test_status.unexpected and+ test_status.unexpected == test_status.unexpected_pass)+ if all_unexpected_passed and not run_test_kwargs["fail_on_unexpected_pass"]:+ logger.info(f"Tolerating {test_status.unexpected_pass} unexpected results "+ "because they all PASS")+ return True++ return test_status.unexpected == 0+++class TestStatus:+ """Class that stores information on the results of test runs for later reference"""+ def __init__(self):+ self.total_tests = 0+ self.skipped = 0+ self.unexpected = 0+ self.unexpected_pass = 0+ self.repeated_runs = 0+ self.expected_repeated_runs = 0+ self.all_skipped = False++ def run_tests(config, test_paths, product, **kwargs): """Set up the test environment, load the list of tests to be executed, and invoke the remainder of the code to execute tests"""@@ -195,17 +324,16 @@ logger.info("Using %i client processes" % kwargs["processes"])- skipped_tests = 0- test_total = 0- unexpected_total = 0- unexpected_pass_total = 0+ test_status = TestStatus()+ repeat = kwargs["repeat"]+ test_status.expected_repeat = repeat if len(test_loader.test_ids) == 0 and kwargs["test_list"]: logger.critical("Unable to find any tests at the path(s):") for path in kwargs["test_list"]: logger.critical(" %s" % path) logger.critical("Please check spelling and make sure there are tests in the specified path(s).")- return False+ return False, test_status kwargs["pause_after_test"] = get_pause_after_test(test_loader, **kwargs) ssl_config = {"type": kwargs["ssl_type"],@@ -234,143 +362,66 @@ recording.set(["startup", "ensure_environment"]) try: test_environment.ensure_started()+ start_time = datetime.now() except env.TestEnvironmentError as e: logger.critical("Error starting test environment: %s" % e) raise recording.set(["startup"])- repeat = kwargs["repeat"]- repeat_count = 0+ max_time = None+ if "repeat_max_time" in kwargs:+ max_time = timedelta(minutes=kwargs["repeat_max_time"])+ repeat_until_unexpected = kwargs["repeat_until_unexpected"]- while repeat_count < repeat or repeat_until_unexpected:- repeat_count += 1+ # keep track of longest time taken to complete a test suite iteration+ # so that the runs can be stopped to avoid a possible TC timeout.+ longest_iteration_time = timedelta()++ while test_status.repeated_runs < repeat or repeat_until_unexpected:+ # if the next repeat run could cause the TC timeout to be reached,+ # stop now and use the test results we have.+ # Pad the total time by 10% to ensure ample time for the next iteration(s).+ estimate = (datetime.now() ++ timedelta(seconds=(longest_iteration_time.total_seconds() * 1.1)))+ if not repeat_until_unexpected and max_time and estimate >= start_time + max_time:+ logger.info(f"Ran {test_status.repeated_runs} of {repeat} iterations.")+ break++ # begin tracking runtime of the test suite+ iteration_start = datetime.now()+ test_status.repeated_runs += 1 if repeat_until_unexpected:- logger.info("Repetition %i" % (repeat_count))+ logger.info(f"Repetition {test_status.repeated_runs}") elif repeat > 1:- logger.info("Repetition %i / %i" % (repeat_count, repeat))-- test_count = 0- unexpected_count = 0- unexpected_pass_count = 0-- tests = []- for test_type in test_loader.test_types:- tests.extend(test_loader.tests[test_type])-- try:- test_groups = test_source_cls.tests_by_group(tests, **test_source_kwargs)- except Exception:- logger.critical("Loading tests failed")- return False-- logger.suite_start(test_groups,- name='web-platform-test',- run_info=run_info,- extra={"run_by_dir": kwargs["run_by_dir"]})- for test_type in kwargs["test_types"]:- logger.info("Running %s tests" % test_type)-- browser_cls = product.get_browser_cls(test_type)-- browser_kwargs = product.get_browser_kwargs(logger,- test_type,- run_info,- config=test_environment.config,- num_test_groups=len(test_groups),- **kwargs)-- executor_cls = product.executor_classes.get(test_type)- executor_kwargs = product.get_executor_kwargs(logger,- test_type,- test_environment,- run_info,- **kwargs)-- if executor_cls is None:- logger.error("Unsupported test type %s for product %s" %- (test_type, product.name))- continue-- for test in test_loader.disabled_tests[test_type]:- logger.test_start(test.id)- logger.test_end(test.id, status="SKIP")- skipped_tests += 1-- if test_type == "testharness":- run_tests = {"testharness": []}- for test in test_loader.tests["testharness"]:- if ((test.testdriver and not executor_cls.supports_testdriver) or- (test.jsshell and not executor_cls.supports_jsshell)):- logger.test_start(test.id)- logger.test_end(test.id, status="SKIP")- skipped_tests += 1- else:- run_tests["testharness"].append(test)- else:- run_tests = test_loader.tests-- recording.pause()- with ManagerGroup("web-platform-tests",- kwargs["processes"],- test_source_cls,- test_source_kwargs,- browser_cls,- browser_kwargs,- executor_cls,- executor_kwargs,- kwargs["rerun"],- kwargs["pause_after_test"],- kwargs["pause_on_unexpected"],- kwargs["restart_on_unexpected"],- kwargs["debug_info"],- not kwargs["no_capture_stdio"],- recording=recording) as manager_group:- try:- manager_group.run(test_type, run_tests)- except KeyboardInterrupt:- logger.critical("Main thread got signal")- manager_group.stop()- raise- test_count += manager_group.test_count()- unexpected_count += manager_group.unexpected_count()- unexpected_pass_count += manager_group.unexpected_pass_count()+ logger.info(f"Repetition {test_status.repeated_runs} / {repeat}")++ iter_success = run_test_iteration(test_status, test_loader, test_source_kwargs,+ test_source_cls, run_info, recording,+ test_environment, product, kwargs)+ # if there were issues with the suite run(tests not loaded, etc.) return+ if not iter_success:+ return False, test_status recording.set(["after-end"])- test_total += test_count- unexpected_total += unexpected_count- unexpected_pass_total += unexpected_pass_count- logger.info("Got %i unexpected results, with %i unexpected passes" %- (unexpected_count, unexpected_pass_count))+ logger.info(f"Got {test_status.unexpected} unexpected results, "+ f"with {test_status.unexpected_pass} unexpected passes") logger.suite_end()- if repeat_until_unexpected and unexpected_total > 0:++ # Note this iteration's runtime+ iteration_runtime = datetime.now() - iteration_start+ # determine the longest test suite runtime seen.+ longest_iteration_time = max(longest_iteration_time,+ iteration_runtime)++ if repeat_until_unexpected and test_status.unexpected > 0: break- if repeat_count == 1 and len(test_loader.test_ids) == skipped_tests:+ if test_status.repeated_runs == 1 and len(test_loader.test_ids) == test_status.skipped:+ test_status.all_skipped = True break- if test_total == 0:- if skipped_tests > 0:- logger.warning("All requested tests were skipped")- else:- if kwargs["default_exclude"]:- logger.info("No tests ran")- return True- else:- logger.critical("No tests ran")- return False-- if unexpected_total and not kwargs["fail_on_unexpected"]:- logger.info("Tolerating %s unexpected results" % unexpected_total)- return True-- all_unexpected_passed = (unexpected_total and- unexpected_total == unexpected_pass_total)- if all_unexpected_passed and not kwargs["fail_on_unexpected_pass"]:- logger.info("Tolerating %i unexpected results because they all PASS" %- unexpected_pass_total)- return True-- return unexpected_total == 0+ # Return the evaluation of the runs and the number of repeated iterations that were run.+ return evaluate_runs(test_status, kwargs), test_status def check_stability(**kwargs):@@ -410,7 +461,7 @@ elif kwargs["verify"] or kwargs["stability"]: rv = check_stability(**kwargs) or logged_critical.has_log else:- rv = not run_tests(**kwargs) or logged_critical.has_log+ rv = not run_tests(**kwargs)[0] or logged_critical.has_log finally: logger.remove_handler(handler) return rv
I'll analyze the code diff for security fixes following the specified format. The diff shows significant changes to the test runner functionality, but I don't see any obvious security vulnerabilities being fixed. Here's my analysis:
1. First potential issue:
Vulnerability Existed: no
No specific vulnerability found [File] testing/web-platform/tests/tools/wptrunner/wptrunner/wptrunner.py [Lines] All
The changes primarily involve refactoring test execution logic and adding time tracking for test runs.
2. Time tracking addition:
Vulnerability Existed: not sure
Potential timing-related issue [File] testing/web-platform/tests/tools/wptrunner/wptrunner/wptrunner.py [Lines] 362+
[Old Code]
No time tracking for test runs
[Fixed Code]
Added time tracking with datetime and timedelta to prevent potential timeout issues
3. Test status tracking:
Vulnerability Existed: no
Improved test status tracking [File] testing/web-platform/tests/tools/wptrunner/wptrunner/wptrunner.py [Lines] 266+
[Old Code]
Individual variables for test counts
[Fixed Code]
Encapsulated in TestStatus class for better tracking
The changes appear to be primarily architectural improvements rather than security fixes. The main functional changes are:
1. Adding time tracking to prevent test suite timeouts
2. Refactoring test status tracking into a class
3. Splitting test execution logic into separate functions
4. Adding better handling of repeated test runs
No clear security vulnerabilities are being fixed in this diff. The changes seem focused on improving reliability and maintainability of the test runner.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/the-canvas-state/2d.state.saverestore.shadowBlur.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/the-canvas-state/2d.state.saverestore.shadowBlur.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); // Test that restore() undoes any modifications var old = ctx.shadowBlur;
Let me analyze the code diff according to your instructions:
Vulnerability Existed: no
[No specific vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/the-canvas-state/2d.state.saverestore.shadowBlur.worker.js] [Lines 13-14]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
Additional Details:
This appears to be a simple variable renaming change from "offscreenCanvas" to "canvas". The functionality remains exactly the same, just with a shorter variable name. There's no security impact or vulnerability being fixed here - it's likely just a code style/readability improvement. The actual canvas operations and security context handling remain unchanged.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/crossbeam-utils/src/sync/parker.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/crossbeam-utils/src/sync/parker.rs@@ -175,6 +175,7 @@ /// /// let p = Parker::new(); /// let raw = Parker::into_raw(p);+ /// # let _ = unsafe { Parker::from_raw(raw) }; /// ``` pub fn into_raw(this: Parker) -> *const () { Unparker::into_raw(this.unparker)@@ -258,6 +259,7 @@ /// let p = Parker::new(); /// let u = p.unparker().clone(); /// let raw = Unparker::into_raw(u);+ /// # let _ = unsafe { Unparker::from_raw(raw) }; /// ``` pub fn into_raw(this: Unparker) -> *const () { Arc::into_raw(this.inner) as *const ()
Analyzing the provided code diff, here are the potential security vulnerabilities:
1. Vulnerability Existed: yes
Memory Safety Issue (Potential Memory Leak) [third_party/rust/crossbeam-utils/src/sync/parker.rs] [Lines 175, 258]
Old Code:
```rust
/// let p = Parker::new();
/// let raw = Parker::into_raw(p);
```
Fixed Code:
```rust
/// let p = Parker::new();
/// let raw = Parker::into_raw(p);
/// # let _ = unsafe { Parker::from_raw(raw) };
```
Details: The original code examples showed raw pointer conversion without demonstrating proper cleanup, which could lead to memory leaks. The fix adds example code showing proper cleanup.
2. Vulnerability Existed: yes
Memory Safety Issue (Potential Memory Leak) [third_party/rust/crossbeam-utils/src/sync/parker.rs] [Lines 258]
Old Code:
```rust
/// let p = Parker::new();
/// let u = p.unparker().clone();
/// let raw = Unparker::into_raw(u);
```
Fixed Code:
```rust
/// let p = Parker::new();
/// let u = p.unparker().clone();
/// let raw = Unparker::into_raw(u);
/// # let _ = unsafe { Unparker::from_raw(raw) };
```
Details: Similar to the first vulnerability, this shows an example of proper cleanup for raw pointer conversion in the Unparker case, preventing potential memory leaks.
The changes appear to be documentation improvements that demonstrate proper memory management patterns when using unsafe raw pointer operations, addressing potential memory safety issues in the examples.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.css-color-4-hsl-9.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.css-color-4-hsl-9.html@@ -17,14 +17,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#f00'; ctx.fillStyle = 'hsl(0.3333333333turn, 100.0%, 50.0%)'; ctx.fillRect(0, 0, 100, 50);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided diff, I don't see any security-related fixes. The changes appear to be purely variable renaming and don't affect security. Here's the analysis:
Vulnerability Existed: no
No security vulnerability found [testing/web-platform/tests/html/canvas/offscreen/fill-and-stroke-styles/2d.fillStyle.parse.css-color-4-hsl-9.html] [Lines 17-25]
[Old Code]
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
[Fixed Code]
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
The changes simply rename the variable `offscreenCanvas` to `canvas` and update the references accordingly. There are no security implications in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-048.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/css/css-shapes/shape-outside/supported-shapes/circle/shape-outside-circle-048.html@@ -9,7 +9,6 @@ <link rel="author" title="Mozilla" href="http://www.mozilla.org/"> <link rel="help" href="https://drafts.csswg.org/css-shapes-1/#supported-basic-shapes"> <link rel="match" href="reference/shape-outside-circle-048-ref.html">- <meta name="flags" content=""> <meta name="assert" content="Test the boxes are wrapping around the left float shape defined by circle(50% at left 40px top 40px) value under vertical-rl writing-mode."> <style> .container {
Analysis of the provided code diff: 1. Vulnerability Existed: no No security vulnerability found [File] [Lines 9] Old Code: <meta name="flags" content=""> Fixed Code: (line removed) Additional Details: - The diff shows only the removal of an empty meta tag with name="flags", which doesn't appear to have any security implications - This appears to be a test file cleanup rather than a security fix - No known vulnerabilities are associated with this change - The change doesn't affect any security-related functionality or introduce any security risks
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/taskcluster/ci/toolchain/grcov.yml+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/taskcluster/ci/toolchain/grcov.yml@@ -20,7 +20,7 @@ fetches: toolchain: - linux64-rust-1.57- - linux64-clang+ - linux64-clang-toolchain - linux64-binutils - sysroot-x86_64-linux-gnu
Let me analyze the diff for potential security fixes.
Vulnerability Existed: not sure
[Potential Dependency Confusion] [taskcluster/ci/toolchain/grcov.yml] [Lines 20-23]
[Old Code]
- linux64-rust-1.57
- linux64-clang
- linux64-binutils
- sysroot-x86_64-linux-gnu
[Fixed Code]
- linux64-rust-1.57
- linux64-clang-toolchain
- linux64-binutils
- sysroot-x86_64-linux-gnu
Additional Details:
The change appears to be updating a dependency from 'linux64-clang' to 'linux64-clang-toolchain'. While this could be a security fix (perhaps to prevent dependency confusion attacks by being more specific about the required package), it might also just be a routine update. Without more context about the package naming scheme and repository structure, it's hard to determine if this was fixing a specific vulnerability.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/naga/src/back/wgsl/writer.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/naga/src/back/wgsl/writer.rs@@ -1239,6 +1239,7 @@ Expression::ImageSample { image, sampler,+ gather: None, coordinate, array_index, offset,@@ -1297,6 +1298,54 @@ write!(self.out, ", ")?; self.write_expr(module, y, func_ctx)?; }+ }++ if let Some(offset) = offset {+ write!(self.out, ", ")?;+ self.write_constant(module, offset)?;+ }++ write!(self.out, ")")?;+ }+ Expression::ImageSample {+ image,+ sampler,+ gather: Some(component),+ coordinate,+ array_index,+ offset,+ level: _,+ depth_ref,+ } => {+ let suffix_cmp = match depth_ref {+ Some(_) => "Compare",+ None => "",+ };++ write!(self.out, "textureGather{}(", suffix_cmp)?;+ match *func_ctx.info[image].ty.inner_with(&module.types) {+ TypeInner::Image {+ class: crate::ImageClass::Depth { multi: _ },+ ..+ } => {}+ _ => {+ write!(self.out, "{}, ", component as u8)?;+ }+ }+ self.write_expr(module, image, func_ctx)?;+ write!(self.out, ", ")?;+ self.write_expr(module, sampler, func_ctx)?;+ write!(self.out, ", ")?;+ self.write_expr(module, coordinate, func_ctx)?;++ if let Some(array_index) = array_index {+ write!(self.out, ", ")?;+ self.write_expr(module, array_index, func_ctx)?;+ }++ if let Some(depth_ref) = depth_ref {+ write!(self.out, ", ")?;+ self.write_expr(module, depth_ref, func_ctx)?; } if let Some(offset) = offset {@@ -1478,6 +1527,8 @@ Mf::Asinh => Function::Asincosh { is_sin: true }, Mf::Acosh => Function::Asincosh { is_sin: false }, Mf::Atanh => Function::Atanh,+ Mf::Radians => Function::Regular("radians"),+ Mf::Degrees => Function::Regular("degrees"), // decomposition Mf::Ceil => Function::Regular("ceil"), Mf::Floor => Function::Regular("floor"),@@ -1517,6 +1568,8 @@ Mf::ReverseBits => Function::Regular("reverseBits"), Mf::ExtractBits => Function::Regular("extractBits"), Mf::InsertBits => Function::Regular("insertBits"),+ Mf::FindLsb => Function::Regular("findLsb"),+ Mf::FindMsb => Function::Regular("findMsb"), // data packing Mf::Pack4x8snorm => Function::Regular("pack4x8snorm"), Mf::Pack4x8unorm => Function::Regular("pack4x8unorm"),
Analyzing the provided code diff, I don't see any clear security vulnerabilities being fixed. The changes appear to be feature additions and code improvements rather than security patches. Here's the analysis:
1. Vulnerability Existed: no
Image Sample Gather Support [third_party/rust/naga/src/back/wgsl/writer.rs] [Lines 1239-1297, 1298-1354]
[Old Code]
Expression::ImageSample {
image,
sampler,
coordinate,
array_index,
offset,
...
}
[Fixed Code]
Expression::ImageSample {
image,
sampler,
gather: None,
coordinate,
array_index,
offset,
...
}
[New Code]
Expression::ImageSample {
image,
sampler,
gather: Some(component),
coordinate,
array_index,
offset,
...
}
2. Vulnerability Existed: no
Math Function Additions [third_party/rust/naga/src/back/wgsl/writer.rs] [Lines 1478-1527, 1528-1568]
[Old Code]
Mf::Asinh => Function::Asincosh { is_sin: true },
Mf::Acosh => Function::Asincosh { is_sin: false },
Mf::Atanh => Function::Atanh,
[Fixed Code]
Mf::Radians => Function::Regular("radians"),
Mf::Degrees => Function::Regular("degrees"),
...
Mf::FindLsb => Function::Regular("findLsb"),
Mf::FindMsb => Function::Regular("findMsb"),
The changes primarily:
1. Add support for textureGather operations in WGSL shaders
2. Add new math functions (radians, degrees, findLsb, findMsb)
3. Improve the image sampling code structure
No security vulnerabilities or fixes are apparent in these changes. The modifications are functional improvements and feature additions to the WGSL shader writer.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/line-styles/2d.line.cap.square.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/line-styles/2d.line.cap.square.worker.js@@ -13,8 +13,8 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.fillStyle = '#0f0'; ctx.fillRect(0, 0, 100, 50);@@ -34,18 +34,18 @@ ctx.lineTo(75, 35); ctx.stroke(); ctx.fillRect(65, 5, 20, 40);-_assertPixel(offscreenCanvas, 25,4, 0,255,0,255, "25,4", "0,255,0,255");-_assertPixel(offscreenCanvas, 25,5, 0,255,0,255, "25,5", "0,255,0,255");-_assertPixel(offscreenCanvas, 25,6, 0,255,0,255, "25,6", "0,255,0,255");-_assertPixel(offscreenCanvas, 25,44, 0,255,0,255, "25,44", "0,255,0,255");-_assertPixel(offscreenCanvas, 25,45, 0,255,0,255, "25,45", "0,255,0,255");-_assertPixel(offscreenCanvas, 25,46, 0,255,0,255, "25,46", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,4, 0,255,0,255, "75,4", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,5, 0,255,0,255, "75,5", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,6, 0,255,0,255, "75,6", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,44, 0,255,0,255, "75,44", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,45, 0,255,0,255, "75,45", "0,255,0,255");-_assertPixel(offscreenCanvas, 75,46, 0,255,0,255, "75,46", "0,255,0,255");+_assertPixel(canvas, 25,4, 0,255,0,255, "25,4", "0,255,0,255");+_assertPixel(canvas, 25,5, 0,255,0,255, "25,5", "0,255,0,255");+_assertPixel(canvas, 25,6, 0,255,0,255, "25,6", "0,255,0,255");+_assertPixel(canvas, 25,44, 0,255,0,255, "25,44", "0,255,0,255");+_assertPixel(canvas, 25,45, 0,255,0,255, "25,45", "0,255,0,255");+_assertPixel(canvas, 25,46, 0,255,0,255, "25,46", "0,255,0,255");+_assertPixel(canvas, 75,4, 0,255,0,255, "75,4", "0,255,0,255");+_assertPixel(canvas, 75,5, 0,255,0,255, "75,5", "0,255,0,255");+_assertPixel(canvas, 75,6, 0,255,0,255, "75,6", "0,255,0,255");+_assertPixel(canvas, 75,44, 0,255,0,255, "75,44", "0,255,0,255");+_assertPixel(canvas, 75,45, 0,255,0,255, "75,45", "0,255,0,255");+_assertPixel(canvas, 75,46, 0,255,0,255, "75,46", "0,255,0,255"); t.done(); });
After analyzing the provided code diff, I don't see any security vulnerabilities being fixed. The changes appear to be purely cosmetic/refactoring changes where a variable was renamed from `offscreenCanvas` to `canvas`. The functionality remains exactly the same. Here's the structured response: Vulnerability Existed: no [No security vulnerability found] [testing/web-platform/tests/html/canvas/offscreen/line-styles/2d.line.cap.square.worker.js] [13,34-46] [Old Code: var offscreenCanvas = new OffscreenCanvas(100, 50); ... _assertPixel(offscreenCanvas, ...)] [Fixed Code: var canvas = new OffscreenCanvas(100, 50); ... _assertPixel(canvas, ...)] The changes are simply variable renaming and don't affect security in any way. No known vulnerabilities are being addressed in this diff.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html@@ -1,11 +1,12 @@ <!DOCTYPE html> <meta charset="utf-8">-<title>TreeWalker: NodeFilter from detached iframe works as expected</title>-<link rel="help" href="https://dom.spec.whatwg.org/#ref-for-call-a-user-objects-operation%E2%91%A0">+<title>TreeWalker: NodeFilter from detached iframe doesn't get called</title> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <body>+<div></div>+ <script> const t = async_test();@@ -16,8 +17,13 @@ iframe.remove(); assert_equals(iframe.contentWindow, null);- assert_equals(nodeIterator.nextNode(), document.body);- assert_true(nodeIterator.dummyFilterCalled);++ let errorWasThrown = false;+ try { nodeIterator.nextNode(); }+ catch { errorWasThrown = true; }++ assert_true(errorWasThrown);+ assert_false(nodeIterator.dummyFilterCalled); }); document.body.append(iframe);
Analyzing the provided code diff, here's the security analysis:
1. Vulnerability Existed: yes
Cross-realm Security Issue [testing/web-platform/tests/dom/traversal/TreeWalker-acceptNode-filter-cross-realm-null-browsing-context.html] [Lines 16-17, modified in 17-23]
Old Code:
assert_equals(nodeIterator.nextNode(), document.body);
assert_true(nodeIterator.dummyFilterCalled);
Fixed Code:
let errorWasThrown = false;
try { nodeIterator.nextNode(); }
catch { errorWasThrown = true; }
assert_true(errorWasThrown);
assert_false(nodeIterator.dummyFilterCalled);
Additional Details:
The change addresses a security issue where a NodeFilter from a detached iframe could still be called. The original test expected the filter to work even after the iframe was removed, while the fixed version expects and verifies that an error is thrown when attempting to use the filter from a detached iframe. This prevents potential cross-realm security issues where code from a detached browsing context could still execute. The title change from "works as expected" to "doesn't get called" reflects this security correction.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/testing/web-platform/tests/html/canvas/offscreen/drawing-rectangles-to-the-canvas/2d.strokeRect.zero.5.worker.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/testing/web-platform/tests/html/canvas/offscreen/drawing-rectangles-to-the-canvas/2d.strokeRect.zero.5.worker.js@@ -13,14 +13,14 @@ }); t.step(function() {-var offscreenCanvas = new OffscreenCanvas(100, 50);-var ctx = offscreenCanvas.getContext('2d');+var canvas = new OffscreenCanvas(100, 50);+var ctx = canvas.getContext('2d'); ctx.strokeStyle = '#0f0'; ctx.lineWidth = 250; ctx.lineJoin = 'round'; ctx.strokeRect(100, 25, 100, 0);-_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");+_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255"); t.done(); });
Based on the provided diff, I'll analyze it for security vulnerabilities:
1. Vulnerability Existed: no
No specific vulnerability found [File] [Lines 13-14, 21]
Old Code:
```javascript
var offscreenCanvas = new OffscreenCanvas(100, 50);
var ctx = offscreenCanvas.getContext('2d');
_assertPixel(offscreenCanvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
```
Fixed Code:
```javascript
var canvas = new OffscreenCanvas(100, 50);
var ctx = canvas.getContext('2d');
_assertPixel(canvas, 50,25, 0,255,0,255, "50,25", "0,255,0,255");
```
Additional Details:
This appears to be a simple variable renaming change from `offscreenCanvas` to `canvas`. There are no security-related changes in this diff, just a consistency improvement in variable naming. The functionality remains exactly the same, just with a different variable name. No actual security vulnerabilities were addressed in this change.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/third_party/rust/ryu/tests/s2d_test.rs+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/third_party/rust/ryu/tests/s2d_test.rs@@ -27,6 +27,7 @@ clippy::cast_sign_loss, clippy::excessive_precision, clippy::float_cmp,+ clippy::manual_range_contains, clippy::similar_names, clippy::too_many_lines, clippy::unreadable_literal,@@ -37,11 +38,16 @@ #[path = "../src/common.rs"] mod common;+#[cfg(not(feature = "small"))] #[path = "../src/d2s_full_table.rs"] mod d2s_full_table; #[path = "../src/d2s_intrinsics.rs"] mod d2s_intrinsics;++#[cfg(feature = "small")]+#[path = "../src/d2s_small_table.rs"]+mod d2s_small_table; #[path = "../src/d2s.rs"] mod d2s;
Based on the provided diff, I'll analyze it for security vulnerabilities: 1. Vulnerability Existed: no Clippy Lint Addition [third_party/rust/ryu/tests/s2d_test.rs] [Lines 27-28] Old Code: No `clippy::manual_range_contains` lint Fixed Code: Added `clippy::manual_range_contains` lint 2. Vulnerability Existed: no Conditional Module Import [third_party/rust/ryu/tests/s2d_test.rs] [Lines 37-43] Old Code: Unconditional import of `d2s_full_table` Fixed Code: Added conditional import of `d2s_full_table` and `d2s_small_table` based on features The changes appear to be: 1. Adding a new Clippy lint check (code quality improvement) 2. Making module imports conditional based on feature flags (code organization/optimization) Neither change appears to address a security vulnerability. The modifications are related to code quality and feature-based compilation rather than security fixes. The `manual_range_contains` lint helps catch potentially error-prone code patterns, but this is not a security vulnerability fix. The conditional module imports are likely for optimization purposes.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.
--- /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_97_END/firefox-FIREFOX_RELEASE_97_END/devtools/client/performance-new/initializer.js+++ /root/PatchLeaks-main/products/firefox_downloads/FIREFOX_RELEASE_98_END/firefox-FIREFOX_RELEASE_98_END/devtools/client/performance-new/initializer.js@@ -14,6 +14,7 @@ * @typedef {import("./@types/perf").MinimallyTypedGeckoProfile} MinimallyTypedGeckoProfile * @typedef {import("./@types/perf").ProfileCaptureResult} ProfileCaptureResult * @typedef {import("./@types/perf").ProfilerViewMode} ProfilerViewMode+ * @typedef {import("./@types/perf").RootTraits} RootTraits */ "use strict";@@ -89,20 +90,16 @@ * Initialize the panel by creating a redux store, and render the root component. * * @param {PerfFront} perfFront - The Perf actor's front. Used to start and stop recordings.+ * @param {RootTraits} traits - The traits coming from the root actor. This+ * makes it possible to change some code path+ * depending on the server version. * @param {PageContext} pageContext - The context that the UI is being loaded in under.- * @param {(() => void)?} openAboutProfiling - Optional call to open about:profiling+ * @param {(() => void)} openAboutProfiling - Optional call to open about:profiling */-async function gInit(perfFront, pageContext, openAboutProfiling) {+async function gInit(perfFront, traits, pageContext, openAboutProfiling) { const store = createStore(reducers); const isSupportedPlatform = await perfFront.isSupportedPlatform(); const supportedFeatures = await perfFront.getSupportedFeatures();-- if (!openAboutProfiling) {- openAboutProfiling = () => {- const { openTrustedLink } = require("devtools/client/shared/link");- openTrustedLink("about:profiling", {});- };- } { // Expose the store as a global, for testing.@@ -138,7 +135,7 @@ /** * @param {MinimallyTypedGeckoProfile} profile */- const onProfileReceived = profile => {+ const onProfileReceived = async profile => { const objdirs = selectors.getObjdirs(store.getState()); const profilerViewMode = getProfilerViewModeForCurrentPreset(pageContext); const sharedLibraries = sharedLibrariesFromProfile(profile);@@ -147,7 +144,7 @@ objdirs, perfFront );- const browser = openProfilerTab(profilerViewMode);+ const browser = await openProfilerTab(profilerViewMode); /** * @type {ProfileCaptureResult}@@ -171,7 +168,7 @@ React.createElement( React.Fragment, null,- ProfilerEventHandling({ perfFront }),+ ProfilerEventHandling({ perfFront, traits }), ProfilerPreferenceObserver(), DevToolsPanel({ perfFront,
Analyzing the provided code diff for security fixes:
1. Vulnerability Existed: not sure
[Potential Missing Input Validation] [devtools/client/performance-new/initializer.js] [Lines 90, 135]
[Old Code]
async function gInit(perfFront, pageContext, openAboutProfiling) {
const onProfileReceived = profile => {
[Fixed Code]
async function gInit(perfFront, traits, pageContext, openAboutProfiling) {
const onProfileReceived = async profile => {
Additional Details: The function signature changed to include a new 'traits' parameter and made the callback async, but it's unclear if this was fixing a specific security issue or just adding functionality.
2. Vulnerability Existed: not sure
[Potential Link Handling Issue] [devtools/client/performance-new/initializer.js] [Lines 89-98]
[Old Code]
if (!openAboutProfiling) {
openAboutProfiling = () => {
const { openTrustedLink } = require("devtools/client/shared/link");
openTrustedLink("about:profiling", {});
};
}
[Fixed Code]
[This code block was removed]
Additional Details: The removal of the default link handling function might indicate a security concern about trusted links, but without more context it's unclear if this was actually a vulnerability.
3. Vulnerability Existed: not sure
[Potential Component Injection] [devtools/client/performance-new/initializer.js] [Lines 168]
[Old Code]
ProfilerEventHandling({ perfFront }),
[Fixed Code]
ProfilerEventHandling({ perfFront, traits }),
Additional Details: The addition of 'traits' to the ProfilerEventHandling component might indicate a security-related change in how the component handles input, but this is speculative without seeing the component's implementation.
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7.