[webkit-changes] [WebKit/WebKit] a8bff3: Cherry-pick 266247 at main (b1a659b38f09). https://bu...

Wed Nov 15 02:13:27 PST 2023

  Branch: refs/heads/webkitglib/2.42
  Home:   https://github.com/WebKit/WebKit
  Commit: a8bff3c5374d12655ecc0d718f86d57f4b8cd4e0
      https://github.com/WebKit/WebKit/commit/a8bff3c5374d12655ecc0d718f86d57f4b8cd4e0
  Author: Anne van Kesteren <annevk at annevk.nl>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WebCore/fileapi/BlobURL.cpp

  Log Message:
  -----------
  Cherry-pick 266247 at main (b1a659b38f09). https://bugs.webkit.org/show_bug.cgi?id=261674

    Return opaque origin for blob: URL containing inner non-http(s): URL
    https://bugs.webkit.org/show_bug.cgi?id=257262
    rdar://109781193

    Reviewed by Alex Christensen and Darin Adler.

    Refactor SecurityOrigin so it is more clear blob: URLs are the sole
    special case. And change how we derive the blob: URL origin to align
    with the URL standard:

    * No longer perform percent-decoding (matches other browsers).
    * Restrict non-opaque origins to HTTP(S) URLs (will soon match other
      browsers). However:

      * Still give blob: URLs derived from file: origins an origin for now
        as removing that ability needs a bit more care. This currently goes
        against the URL standard, but that might change.
      * Also give registered schemes a pass to allow embedders to continue
        to use blob: URLs as they see fit.

    Also change BlobURL to rely more directly on SecurityOrigin.

    * LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/url/a-element-origin-xhtml-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any-expected.txt:
    * LayoutTests/imported/w3c/web-platform-tests/url/url-origin.any.worker-expected.txt:
    * Source/WebCore/fileapi/BlobURL.cpp:
    (WebCore::BlobURL::getOriginURL):
    (WebCore::BlobURL::isSecureBlobURL):
    * Source/WebCore/fileapi/ThreadableBlobRegistry.cpp:
    (WebCore::ThreadableBlobRegistry::getCachedOrigin):
    * Source/WebCore/page/SecurityOrigin.cpp:
    (WebCore::SecurityOrigin::create):
    (WebCore::SecurityOrigin::forBlobURL):
    (WebCore::SecurityOrigin::isSecure):
    (WebCore::SecurityOrigin::shouldUseInnerURL): Deleted.
    (WebCore::SecurityOrigin::extractInnerURL): Deleted.
    * Source/WebCore/page/SecurityOrigin.h:
    * Source/WebCore/page/SecurityOriginData.cpp:
    (WebCore::SecurityOriginData::shouldTreatAsOpaqueOrigin):

    Canonical link: https://commits.webkit.org/266247@main

  Commit: e337a3fb115f3cff7f9ac5b70bfe1584194dd839
      https://github.com/WebKit/WebKit/commit/e337a3fb115f3cff7f9ac5b70bfe1584194dd839
  Author: Michael Catanzaro <mcatanzaro at redhat.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WebCore/page/SecurityOrigin.cpp

  Log Message:
  -----------
  Cherry-pick 270274 at main (58df23fe5ac5). https://bugs.webkit.org/show_bug.cgi?id=260771

    REGRESSION(266247 at main): PDF "Save" button does nothing, "Print" function also broken
    https://bugs.webkit.org/show_bug.cgi?id=260771

    Reviewed by Chris Dumez.

    The PDF.js viewer protocol and resource protocols both should be treated
    the same as HTTP protocols and have access to blob URLs. The protocol is
    an implementation detail that shouldn't affect how the web content
    behaves and certainly should not restrict access to web platform
    features.

    * Source/WebCore/page/SecurityOrigin.cpp:
    (WebCore::isSafelistedBlobProtocol):

    Canonical link: https://commits.webkit.org/270274@main

  Commit: 8f701f25fa58dc0846739b264cf5414aaad69ae2
      https://github.com/WebKit/WebKit/commit/8f701f25fa58dc0846739b264cf5414aaad69ae2
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WTF/wtf/Algorithms.h
    M Source/WebCore/platform/audio/AudioArray.h
    M Source/WebCore/platform/audio/AudioBus.cpp
    M Source/WebCore/platform/audio/AudioChannel.h
    M Source/WebCore/platform/audio/MultiChannelResampler.cpp
    M Source/WebCore/platform/audio/MultiChannelResampler.h
    M Source/WebCore/platform/audio/SincResampler.cpp
    M Source/WebCore/platform/audio/SincResampler.h

  Log Message:
  -----------
  Cherry-pick 270409 at main (4e588185b230). https://bugs.webkit.org/show_bug.cgi?id=261674

    Security hardening for SincResampler
    https://bugs.webkit.org/show_bug.cgi?id=261317
    rdar://105650262

    Reviewed by David Kilzer and Darin Adler.

    Do security hardening for SincResampler as we have evidence that we're getting
    the logic wrong in some cases and doing a heap-buffer overflow WRITE.

    This patch updates SincResampler to use `std::span<float>` instead of `float*` and
    to leverage new memcpySpans() / memsetSpan() functions
    I added to WTF.

    This had several benefits:
    - Using std::span means we don't lose tracks of our buffer bounds so we can do
      extra bounds checks.
    - We benefit from std::span's bounds checks too which are already enabled on trunk
      via `-D_LIBCPP_ENABLE_ASSERTIONS=1`. Those checks apply to subspan() and operator[]
      in particular, both of which are used by SincResampler.

    * Source/WTF/WTF.xcodeproj/project.pbxproj:
    * Source/WTF/wtf/Algorithms.h:.
    (WTF::memcpySpans):
    (WTF::memsetSpan):
    * Source/WebCore/platform/audio/AudioArray.h:
    (WebCore::AudioArray::toSpan):
    (WebCore::AudioArray::toSpan const):
    * Source/WebCore/platform/audio/AudioBus.cpp:
    (WebCore::AudioBus::createBySampleRateConverting):
    * Source/WebCore/platform/audio/AudioChannel.h:
    * Source/WebCore/platform/audio/MultiChannelResampler.cpp:
    (WebCore::MultiChannelResampler::process):
    (WebCore::MultiChannelResampler::provideInputForChannel):
    * Source/WebCore/platform/audio/MultiChannelResampler.h:
    * Source/WebCore/platform/audio/SincResampler.cpp:
    (WebCore::SincResampler::SincResampler):
    (WebCore::SincResampler::updateRegions):
    (WebCore::SincResampler::processBuffer):
    (WebCore::SincResampler::process):
    * Source/WebCore/platform/audio/SincResampler.h:

    Originally-landed-as: 265870.537 at safari-7616-branch (9c1f377498c2). rdar://118088415
    Canonical link: https://commits.webkit.org/270409@main

  Commit: 164b206e9bdebe0fbd2ef7abdc650ef931d0e8ad
      https://github.com/WebKit/WebKit/commit/164b206e9bdebe0fbd2ef7abdc650ef931d0e8ad
  Author: Philippe Normand <philn at igalia.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WebCore/platform/audio/SincResampler.cpp

  Log Message:
  -----------
  Cherry-pick 270447 at main (3e1921097f86). https://bugs.webkit.org/show_bug.cgi?id=264484

    REGRESSION(270409 at main): Broke linux clang-16 builds
    https://bugs.webkit.org/show_bug.cgi?id=264484

    Reviewed by Chris Dumez.

    * Source/WebCore/platform/audio/SincResampler.cpp:
    (WebCore::SincResampler::processBuffer): Use gcc/clang agnostic pragma macros instead of the ones
    specific to GCC.

    Canonical link: https://commits.webkit.org/270447@main

  Commit: 10543a84b7c2d7a3c47203fce1dc4b0e27781c1f
      https://github.com/WebKit/WebKit/commit/10543a84b7c2d7a3c47203fce1dc4b0e27781c1f
  Author: Adrian Perez de Castro <aperez at igalia.com>
  Date:   2023-11-14 (Tue, 14 Nov 2023)

  Changed paths:
    M Source/WebKit/wpe/NEWS
    M Source/cmake/OptionsWPE.cmake

  Log Message:
  -----------
  Unreviewed. Update OptionsWPE.cmake and NEWS for the 2.42.2 release

* Source/WebKit/wpe/NEWS: Add release notes for 2.42.2.
* Source/cmake/OptionsWPE.cmake: Bump version numbers.

Compare: https://github.com/WebKit/WebKit/compare/e8377a74da4c...10543a84b7c2