[webkit-changes] [WebKit/WebKit] 9c8f91: Versioning.

Russell Epstein noreply at github.com
Tue Mar 12 10:30:42 PDT 2024


  Branch: refs/heads/safari-7618.1.15.10-branch
  Home:   https://github.com/WebKit/WebKit
  Commit: 9c8f91f26c4fd318ff5774efb97a7ec19aa2ade2
      https://github.com/WebKit/WebKit/commit/9c8f91f26c4fd318ff5774efb97a7ec19aa2ade2
  Author: Russell Epstein <repstein at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.1

Identifier: 272448.527 at safari-7618.1.15.10-branch


  Commit: ea917500c3c6383c51bccfe4d77db2af0e2b3408
      https://github.com/WebKit/WebKit/commit/ea917500c3c6383c51bccfe4d77db2af0e2b3408
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/Shared/FocusedElementInformation.h
    M Source/WebKit/Shared/FocusedElementInformation.serialization.in
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm
    M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
    M Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm

  Log Message:
  -----------
  Cherry-pick 1cb03ba5c4bb. rdar://120743391

    [iOS] -[WKContentView hasText] is incorrect when initially focusing an editable element
    https://bugs.webkit.org/show_bug.cgi?id=267729
    rdar://120743391

    Reviewed by Aditya Keerthi.

    Currently, `-hasText` is based entirely on the last cached `EditorState`'s post layout data. In the
    case where we've just started showing the keyboard for a focused editable element in
    `-[WKContentView _elementDidFocus:…:userObject:]`, we're still waiting for a new `EditorState` to
    arrive, so this result ends up being invalid (either `false` if we haven't received any post-layout
    editor state yet, or stale editor state data).

    To avoid this, we add a `hasPlainText` flag to `FocusedElementInformation` that represents whether
    or not the focused element initially had non-empty text content upon focus; if we're currently in
    the process of focusing (or are waiting for post-layout data) in `-hasText`, then use this initial
    value instead of the `EditorState`.

    Test: KeyboardInputTests.HasTextAfterFocusingTextField

    * Source/WebKit/Shared/FocusedElementInformation.h:
    * Source/WebKit/Shared/FocusedElementInformation.serialization.in:
    * Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView hasText]):
    * Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
    (WebKit::WebPage::focusedElementInformation):

    For text fields and text areas, instead of using `hasPlainText` (which relies on `TextIterator`),
    simply check whether the `value` is non-empty instead to avoid any extra performance cost.

    * Tools/TestWebKitAPI/Tests/ios/KeyboardInputTestsIOS.mm:

    Canonical link: https://commits.webkit.org/273211@main

Identifier: 272448.528 at safari-7618.1.15.10-branch


  Commit: 8415dd08d9faeeba42408774dd3739cb1c9f09fc
      https://github.com/WebKit/WebKit/commit/8415dd08d9faeeba42408774dd3739cb1c9f09fc
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick f2404c166790. rdar://121471373

    [iOS] YouTube does not provide an AirPlay button in fullscreen mode
    https://bugs.webkit.org/show_bug.cgi?id=268634
    rdar://121471373

    Reviewed by Brent Fulgham and Aditya Keerthi.

    Add a quirk to disable the Fullscreen API on YouTube.com (and youtube.com embeds).

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::Quirks::shouldDisableElementFullscreenQuirk const):

    Canonical link: https://commits.webkit.org/274117@main

Identifier: 272448.529 at safari-7618.1.15.10-branch


  Commit: 8155dd1252cc5d72eb15cf76e78dda26a575ebd8
      https://github.com/WebKit/WebKit/commit/8155dd1252cc5d72eb15cf76e78dda26a575ebd8
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M LayoutTests/fast/canvas/offscreen-giant-transfer-to-imagebitmap-expected.txt
    M LayoutTests/platform/ios/fast/canvas/offscreen-giant-transfer-to-imagebitmap-expected.txt
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp

  Log Message:
  -----------
  Cherry-pick 26aaa25dcbdc. rdar://122309325

    REGRESSION(267824 at main): Changing HTMLCanvasElement width, height causes intermediate buffer allocations
    https://bugs.webkit.org/show_bug.cgi?id=268745
    rdar://122309325

    Reviewed by Simon Fraser.

    Resizing is intended to leave the buffer unallocated, so that
    sequential width, height assignments will not allocate multiple times.

    This intention was nullified by CanvasRenderingContext2DBase::reset().
    Calling resetTransform redundantly would recreate the buffer
    immediately from width, height attribute setters.

    The transform reset is redundant, the context transform is reset when
    the context state saver is restored and re-saved.

    Clearing the canvas doesn't need to use public
    CanvasRenderingContext2DBase::clearCanvas() that will mutate the context
    state. The state is in known state with initial transform, and thus it
    doesn't need transform mutation.

    * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
    (WebCore::CanvasRenderingContext2DBase::reset):

    Canonical link: https://commits.webkit.org/274135@main

Identifier: 272448.530 at safari-7618.1.15.10-branch


  Commit: 249ee2c8f64662dc9001ce801fb385479c131ba2
      https://github.com/WebKit/WebKit/commit/249ee2c8f64662dc9001ce801fb385479c131ba2
  Author: Ben Nham <nham at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm

  Log Message:
  -----------
  Cherry-pick f4ce57789de5. rdar://121185956

    hideContentUntilPendingUpdate async IPC call during backgrounding blocks process suspension
    https://bugs.webkit.org/show_bug.cgi?id=268799
    rdar://121185956

    Reviewed by Chris Dumez.

    On iOS, when the UIProcess goes into the background, it eventually calls in to
    hideContentUntilPendingUpdate through this call stack:

    ```
    WebKit::RemoteLayerTreeDrawingAreaProxy::hideContentUntilPendingUpdate()
    WebKit::WebPageProxy::applicationDidFinishSnapshottingAfterEnteringBackground()
    WebKit::ApplicationStateTracker::didCompleteSnapshotSequence()
    ```

    The problem is that we recently added an async `DrawingArea::DispatchAfterEnsuringDrawing` IPC with
    reply handler call to hideContentUntilPendingUpdate (see 269776 at main, 270672 at main, 271260 at main). An
    async IPC with a reply handler in the UIProcess implicitly takes out a background activity which
    prevents the WebContent process (and also the UIProcess) from suspending until the reply handler
    runs. Unfortunately, since the WebContent process is in the background, presumably it doesn't
    render, so the DispatchAfterEnsuringDrawing reply handler doesn't run, and the background activity
    also never completes. We basically end up blocking process suspension entirely until the 15 second
    timer in ProcessStateMonitor expires and forcefully invalidates all background activities for all
    processes.

    We need to fix this by reworking the logic somehow or by making this DispatchAfterEnsuringDrawing
    IPC not create a background activity. Here I'm just trying to make the IPC call not start a
    background activity.

    Note that there's also a DispatchAfterEnsuringDrawing call in WebPageProxy that I didn't touch since
    I don't have evidence that it's causing a background power regression, but I wonder if that also
    should avoid creating a background activity.

    * Source/WebKit/UIProcess/RemoteLayerTree/RemoteLayerTreeDrawingAreaProxy.mm:
    (WebKit::RemoteLayerTreeDrawingAreaProxy::hideContentUntilPendingUpdate):

    Canonical link: https://commits.webkit.org/274157@main

Identifier: 272448.531 at safari-7618.1.15.10-branch


  Commit: 74f8798eb9908cef5c737b2a99439014228a6f7a
      https://github.com/WebKit/WebKit/commit/74f8798eb9908cef5c737b2a99439014228a6f7a
  Author: Kimmo Kinnunen <kkinnunen at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp
    M Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.h
    M Source/WebCore/Modules/webxr/WebXRWebGLLayer.h
    M Source/WebCore/dom/Document.cpp
    M Source/WebCore/dom/Document.h
    M Source/WebCore/html/CanvasBase.cpp
    M Source/WebCore/html/CanvasBase.h
    M Source/WebCore/html/CanvasObserver.h
    M Source/WebCore/html/HTMLCanvasElement.cpp
    M Source/WebCore/html/HTMLCanvasElement.h
    M Source/WebCore/html/OffscreenCanvas.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext.h
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp
    M Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h
    M Source/WebCore/html/canvas/GPUBasedCanvasRenderingContext.cpp
    M Source/WebCore/html/canvas/GPUBasedCanvasRenderingContext.h
    M Source/WebCore/html/canvas/GPUCanvasContextCocoa.mm
    M Source/WebCore/html/canvas/ImageBitmapRenderingContext.cpp
    M Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
    M Source/WebCore/inspector/agents/InspectorCanvasAgent.cpp
    M Source/WebCore/inspector/agents/InspectorCanvasAgent.h
    M Source/WebCore/page/Page.cpp
    M Source/WebCore/page/Page.h
    M Source/WebCore/platform/graphics/ImageBuffer.cpp
    M Source/WebCore/platform/graphics/ImageBuffer.h
    M Source/WebCore/rendering/style/StyleCanvasImage.cpp
    M Source/WebCore/rendering/style/StyleCanvasImage.h

  Log Message:
  -----------
  Cherry-pick da9744107a30. rdar://117708049

    Draws to unused 2D contexts may consume excessive amount of memory on Cocoa
    https://bugs.webkit.org/show_bug.cgi?id=268608
    rdar://117708049

    Reviewed by Simon Fraser.

    Accelerated CG applies a drawn operation only once a specific draw
    operation limit is hit, if the result is needed as a source to other
    draw or on explicit flush. If the operations are not implicitly or
    explicitly flushed, the draws are retained in the draw queue.

    This causes memory leaks in cases where modifiable surfaces are used as
    sources for draws and and then subsequently the the surfaces are
    modified. The modifications force copy-on-write for the surfaces that
    have pending references in other draw queues.

    This can be triggered by drawing a canvas A to a 2D context B
    and then never using the result, subsequently modifying A.

    Fix by adding a list of flushed CanvasRenderingContexts to Document.
    Any 2D context modified during any JS callstack will be put to the
    flush list.

    Flush the contexts during rendering update, PrepareCanvases phase.
    Rename the rendering update PrepareCanvasesForDisplay phase
    PrepareCanvases phase, and do both.

    PrepareCanvases phase of Document now does two things:
      - flushes deferred operations
      - prepares for display

    Currently only Document manages the canvas preparation.
    This works for OffscreenCanvas and HTMLCanvasElement in Web main run
    loop.

    WorkerGlobalContext is not implemented in this patch.
    In future, PrepareCanvases phase of WorkerGlobalContext will do
    the flush operations, but not the prepares for display. OffscreenCanvas
    does not have the prepare for display, as it's not displaying.

    * Source/WebCore/Modules/mediastream/CanvasCaptureMediaStreamTrack.cpp:
    (WebCore::CanvasCaptureMediaStreamTrack::Source::canvasChanged):
    * Source/WebCore/dom/Document.cpp:
    (WebCore::Document::prepareCanvasesIfNeeded):
    (WebCore::Document::updateCanvasPreparationForDisplayOrFlush):
    (WebCore::Document::removeCanvasPreparationForDisplayOrFlush):
    (WebCore::Document::prepareCanvasesForDisplayIfNeeded): Deleted.
    (WebCore::Document::clearCanvasPreparation): Deleted.
    (WebCore::Document::canvasChanged): Deleted.
    (WebCore::Document::canvasDestroyed): Deleted.
    * Source/WebCore/dom/Document.h:

    Remove Document CanvasObserver interface. The interface was making
    the actual logic harder than needed and did not abstract anything, as
    the clearCanvasPreparation was a non-interface method anyway.

    The object which does the prepare (Document, WorkerGlobalContext), is
    always statically known at call site. Thus the call site does not need
    to jump thorough the canvasChanged hoop.

    * Source/WebCore/html/HTMLCanvasElement.cpp:
    (WebCore::HTMLCanvasElement::~HTMLCanvasElement):
    (WebCore::HTMLCanvasElement::createContext2d):
    (WebCore::HTMLCanvasElement::createContextWebGL):
    (WebCore::HTMLCanvasElement::createContextWebGPU):
    (WebCore::HTMLCanvasElement::didDraw):
    (WebCore::HTMLCanvasElement::setSurfaceSize):
    (WebCore::HTMLCanvasElement::createImageBuffer const):
    (WebCore::HTMLCanvasElement::didMoveToNewDocument):
    (WebCore::HTMLCanvasElement::insertedIntoAncestor): Deleted.
    (WebCore::HTMLCanvasElement::removedFromAncestor): Deleted.

    Remove redundant insertedIntoAncestor, removedFromAncestor handlers.
    These are called when the element is still in the same document, but
    detached from the tree. This does not cause any changes to the
    prepare list, as canvases need to be prepared regardless whether
    they're attached or detached.

    WebGL still will not prepareForDisplay if it's not in tree, unless
    it has been captured by media stream.

    * Source/WebCore/html/HTMLCanvasElement.h:
    * Source/WebCore/html/OffscreenCanvas.cpp:
    (WebCore::OffscreenCanvas::~OffscreenCanvas):
    (WebCore::OffscreenCanvas::didDraw):
    (WebCore::OffscreenCanvas::updateCanvasPreparation):
    (WebCore::OffscreenCanvas::removeCanvasPreparation):
    * Source/WebCore/html/OffscreenCanvas.h:
    * Source/WebCore/html/canvas/CanvasRenderingContext.h:
    (WebCore::CanvasRenderingContext::hasDeferredOperations const):
    (WebCore::CanvasRenderingContext::flushDeferredOperations):
    * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.cpp:
    (WebCore::CanvasRenderingContext2DBase::hasDeferredOperations const):
    (WebCore::CanvasRenderingContext2DBase::flushDeferredOperations):
    (WebCore::CanvasRenderingContext2DBase::didDraw):
    (WebCore::CanvasRenderingContext2DBase::needsPreparationForDisplay const):
    * Source/WebCore/html/canvas/CanvasRenderingContext2DBase.h:
    * Source/WebCore/page/Page.cpp:
    (WebCore::Page::doAfterUpdateRendering):
    (WebCore::operator<<):
    * Source/WebCore/page/Page.h:
    * Source/WebCore/platform/graphics/ImageBuffer.cpp:
    (WebCore::ImageBuffer::flushDrawingContextAsync):
    * Source/WebCore/platform/graphics/ImageBuffer.h:
    (WebCore::ImageBuffer::prefersPreparationForDisplay): Deleted.

    Remove unused ImageBuffer::prefersPreparationForDisplay.

    Canonical link: https://commits.webkit.org/274164@main

Identifier: 272448.532 at safari-7618.1.15.10-branch


  Commit: e4d03974a2d38cea0efc418e63ce857a9365b8ac
      https://github.com/WebKit/WebKit/commit/e4d03974a2d38cea0efc418e63ce857a9365b8ac
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    A LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal-expected.txt
    A LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal.html
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 8c14e2cb8214. rdar://121931039

    [Cocoa] Netflix.com key renewal fails, causes playback errors, stuttering.
    https://bugs.webkit.org/show_bug.cgi?id=268830
    rdar://121931039

    Reviewed by Andy Estes.

    When adding a workaround for a platform change in behavior in the modern AVContentKeySession path,
    a behavior was introduced which narrowly affects the way Netflix.com preloads keys. Previously,
    a "renew" message would result in the resulting AVContentKeyRequest replacing the entire set of
    pre-loaded keys from the previous request, some of which were in use by Netflix.

    Rather than replace the entire set, replace only the AVContentKeyRequest within the batch of requests
    whose contentKeySpecifier has a maching identifier to the replacement.

    * LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal-expected.txt: Added.
    * LayoutTests/http/tests/media/fairplay/fps-mse-multi-key-renewal.html: Added.
    * Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::didProvideRenewingRequest):

    Canonical link: https://commits.webkit.org/274172@main

Identifier: 272448.533 at safari-7618.1.15.10-branch


  Commit: 22a1bc7efa82ec238948e3c9a30e3a399e49aa1e
      https://github.com/WebKit/WebKit/commit/22a1bc7efa82ec238948e3c9a30e3a399e49aa1e
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

  Log Message:
  -----------
  Cherry-pick 6e1c1a40d348. rdar://122433291

    REGRESSION (272869 at main): Actions for QR codes sometimes fail to show up when long pressing
    https://bugs.webkit.org/show_bug.cgi?id=268889
    rdar://122433291

    Reviewed by Megan Gardner.

    Fix several issues in the dynamically-inserted image analysis menu item codepath below, following
    the changes in 272869 at main; importantly, this allows long-pressing ESIM and EID QR codes to show
    "Add eSIM" menu items by default in WebKit apps, such as Mail. See below for more details:

    * Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm:
    (-[WKContentView _insertDynamicImageAnalysisContextMenuItemsIfPossible]):

    1.  Stop looking for the "Look Up" placeholder item. Prior to 272869 at main, this hidden item was
        immediately inserted into the menu if image analysis results were not available upon long press,
        and only replaced with the final image analysis menu items in the case where the client didn't
        explicitly remove the Look Up item (`_WKElementActionTypeRevealImage`). However, the "Look Up"
        item may now be added immediately (in disabled state), which replaces the placeholder item and
        causes us to return early from `-_insertDynamicImageAnalysisContextMenuItemsIfPossible` due to
        not having a placeholder to replace, even if there are MRC menu items that need to be added.

        Fix this by changing the `indexOfPlaceholderItem` to a single boolean flag, always inserting the
        dynamic items at the end of the menu, and leave out the check for the `.hidden` menu item
        attribute, so that we'll only withhold the MRC items in the case where the client explicitly
        removed the "Look Up" item (which matches existing behavior).

    2.  In a similar vein, it no longer makes sense to key the enablement of "Look Up" / "Copy Subject"
        off of whether or not the placeholder item exists, since the disabled menu item is already
        present; as such, we should remove this early return entirely and always enable these disabled
        items if necessary.

    3.  Lastly, only attempt to dynamically add the "Show Text" action in the case where "Show Text"
        wasn't already in the menu, to prevent the "Show Text" action from unnecessarily moving within
        the menu in the case where OCR finishes quickly for an image with results.

    Canonical link: https://commits.webkit.org/274222@main

Identifier: 272448.534 at safari-7618.1.15.10-branch


  Commit: 5addef30a75f337034bf78452e8cf5cb03ebb1c6
      https://github.com/WebKit/WebKit/commit/5addef30a75f337034bf78452e8cf5cb03ebb1c6
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm
    M Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm
    M Source/WebKit/UIProcess/Launcher/ProcessLauncher.h
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
    M Source/WebKit/UIProcess/WebProcessPool.cpp
    M Source/WebKit/UIProcess/ios/WKContentView.mm

  Log Message:
  -----------
  Cherry-pick a869bc041430. rdar://122517471

    Remove runtime check for using extensions when USE(EXTENSIONKIT) is true
    https://bugs.webkit.org/show_bug.cgi?id=268944

    Reviewed by Per Arne Vollan.

    The runtime check is no longer needed.
    This also fixes some issues when you use a WKWebsiteDataStore and the network process
    before a WKProcessPool has been allocated.

    * Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
    * Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
    (WebKit::AuxiliaryProcessProxy::setManageProcessesAsExtensions): Deleted.
    (WebKit::AuxiliaryProcessProxy::manageProcessesAsExtensions): Deleted.
    * Source/WebKit/UIProcess/Cocoa/AuxiliaryProcessProxyCocoa.mm:
    (WebKit::AuxiliaryProcessProxy::platformGetLaunchOptions):
    * Source/WebKit/UIProcess/Cocoa/WebPageProxyCocoa.mm:
    (WebKit::WebPageProxy::updateMediaCapability):
    * Source/WebKit/UIProcess/WebProcessPool.cpp:
    * Source/WebKit/UIProcess/ios/WKContentView.mm:
    (-[WKContentView _setupVisibilityPropagationForWebProcess]):
    (-[WKContentView _setupVisibilityPropagationForGPUProcess]):
    (-[WKContentView _createVisibilityPropagationView]):

    Canonical link: https://commits.webkit.org/274267@main

Identifier: 272448.535 at safari-7618.1.15.10-branch


  Commit: 73b226bdb101c1758d7c5c28e0c0b6e4deade793
      https://github.com/WebKit/WebKit/commit/73b226bdb101c1758d7c5c28e0c0b6e4deade793
  Author: Simon Fraser <simon.fraser at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog.html
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant.html
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen.html
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover-expected.txt
    A LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover.html
    M Source/WebCore/rendering/RenderLayer.cpp
    M Source/WebCore/rendering/RenderLayerCompositor.cpp
    M Source/WebCore/rendering/RenderLayerCompositor.h

  Log Message:
  -----------
  Cherry-pick 1021d66fe7c3. rdar://121960496

    Crash under RenderLayer::calculateClipRects() when going into fullscreen
    https://bugs.webkit.org/show_bug.cgi?id=268891
    rdar://121960496

    Reviewed by Alan Baradlay.

    A combination of top layer and compositing backing sharing can cause a null de-ref when entering fullscreen,
    or using modal dialogs or popovers.

    The issue occurs when the renderer going into top layer participates in a backing sharing sequence, in the
    `RenderLayer::paintsIntoProvidedBacking()` sense. What happens in that case is that after the top layer
    configuration is changed we do a layout, after which `RenderLayerBacking::updateAfterLayout()` calls
    `RenderLayerBacking::updateCompositedBounds()` (this seems like an odd thing to do, because we're going
    to do a compositing update anyway, but a comment explains why we do it). This call requires that we compute
    clip rects, which calls `RenderLayer::canUseOffsetFromAncestor()`, which gets confused because the ancestor
    layer is no longer an ancestor.

    The fix is to clear any relevant backing sharing sequences when going into top layer, where "relevant" means
    backing sharing sequences in the stacking context of the layer that's going into top layer. We do that
    by calling into RenderLayerCompositor from `RenderLayer::establishesTopLayerWillChange()`. Normally traversing
    layers in a stacking context would walk the z-order lists, and this works for popover and dialog, but fullscreen
    triggers a style update before this code runs, which clears the z-order lists. So this stacking context
    traversal is written in terms of the RenderLayer tree (like `collectLayers()`).

    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-dialog.html: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen-variant.html: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-fullscreen.html: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover-expected.txt: Added.
    * LayoutTests/compositing/shared-backing/top-layer/backing-sharing-split-by-popover.html: Added.
    * Source/WebCore/rendering/RenderLayer.cpp:
    (WebCore::RenderLayer::establishesTopLayerWillChange):
    (WebCore::RenderLayer::calculateClipRects const):
    (WebCore::outputPaintOrderTreeLegend):
    (WebCore::outputPaintOrderTreeRecursive):
    * Source/WebCore/rendering/RenderLayerCompositor.cpp:
    (WebCore::RenderLayerCompositor::establishesTopLayerWillChangeForLayer):
    (WebCore::clearBackingSharingWithinStackingContext):
    (WebCore::RenderLayerCompositor::clearBackingProviderSequencesInStackingContextOfLayer):
    * Source/WebCore/rendering/RenderLayerCompositor.h:

    Canonical link: https://commits.webkit.org/274290@main

Identifier: 272448.536 at safari-7618.1.15.10-branch


  Commit: 280f57140438fd353572230a1ac6353a09ddf549
      https://github.com/WebKit/WebKit/commit/280f57140438fd353572230a1ac6353a09ddf549
  Author: Elliott Williams <emw at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformHave.h
    M Source/WTF/wtf/spi/cocoa/IOSurfaceSPI.h
    M Source/WTF/wtf/spi/darwin/XPCSPI.h
    M Source/WebCore/PAL/pal/spi/cocoa/AVFoundationSPI.h
    A Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h
    M Source/WebKit/Platform/spi/ios/UIKitSPI.h
    M Tools/TestRunnerShared/spi/UIKitSPIForTesting.h

  Log Message:
  -----------
  Cherry-pick 5cdf58dba105. rdar://121706323

    Cherry-pick 274016 at main (98226f6cc5f3). rdar://problem/121706323

        [iOS] Update SPI headers for iOS 17.4
        https://bugs.webkit.org/show_bug.cgi?id=268210
        rdar://problem/121706323

        Reviewed by Jonathan Bedard and Alexey Proskuryakov.

        Add platform flags for libxpc (which is API as of iOS 17.4+) and for
        other SPI that were promoted to API as part of the BrowserEngineKit
        introduction. Use them to avoid redeclaring things that are now
        publicly available.

        Additionally, write new BrowserEngineKit SPI declarations for symbols
        that are used in testing and by SPI clients of WebKit.

        * Source/WTF/wtf/PlatformHave.h:
        * Source/WTF/wtf/spi/cocoa/IOSurfaceSPI.h:
        * Source/WTF/wtf/spi/darwin/XPCSPI.h:
        * Source/WebCore/PAL/pal/spi/cocoa/AVFoundationSPI.h:
        * Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h:
        * Source/WebKit/Platform/spi/ios/UIKitSPI.h:
        * Tools/TestRunnerShared/spi/UIKitSPIForTesting.h:

        Canonical link: https://commits.webkit.org/274016@main

    Canonical link: https://commits.webkit.org/272448.522@safari-7618-branch

Identifier: 272448.537 at safari-7618.1.15.10-branch


  Commit: 8c682cb4c15b68d51c1c6abc9fa47825615305b0
      https://github.com/WebKit/WebKit/commit/8c682cb4c15b68d51c1c6abc9fa47825615305b0
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Source/WTF/wtf/PlatformHave.h
    M Source/WTF/wtf/spi/cocoa/IOSurfaceSPI.h
    M Source/WTF/wtf/spi/darwin/XPCSPI.h
    M Source/WebCore/PAL/pal/spi/cocoa/AVFoundationSPI.h
    R Source/WebCore/PAL/pal/spi/ios/BrowserEngineKitSPI.h
    M Source/WebKit/Platform/spi/ios/UIKitSPI.h
    M Tools/TestRunnerShared/spi/UIKitSPIForTesting.h

  Log Message:
  -----------
  Revert "Cherry-pick 5cdf58dba105. rdar://121706323"

This reverts commit 280f57140438fd353572230a1ac6353a09ddf549.

Identifier: 272448.538 at safari-7618.1.15.10-branch


  Commit: d4a8b8caa1780310de171853ae08dfa9ca98739f
      https://github.com/WebKit/WebKit/commit/d4a8b8caa1780310de171853ae08dfa9ca98739f
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-08 (Thu, 08 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.2

Identifier: 272448.539 at safari-7618.1.15.10-branch


  Commit: 0c6c107094f7d38eb078739f7609295a3059467d
      https://github.com/WebKit/WebKit/commit/0c6c107094f7d38eb078739f7609295a3059467d
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 56b164c3ab85. rdar://122444388

    REGRESSION(272969 at main): Null-deref crash in SourceBufferPrivateAVFObjC::trackDidChangeEnabled
    https://bugs.webkit.org/show_bug.cgi?id=268921
    rdar://122444388

    Reviewed by Eric Carlson.

    The WebAVSampleBufferListener m_listener is invalidated and destroyed in SourceBufferPrivateAVFObjC::destroyRenderers(),
    and is never recreated. It is subsequently used without nil-checking the next time a renderer is recreated. Rather than
    destroying and re-creating whenever renderers are destroyed and created, make it a Ref<> object whose lifetime is the same
    (or longer) as the object which owns it.

    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
    (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers):

    Canonical link: https://commits.webkit.org/274323@main

Identifier: 272448.540 at safari-7618.1.15.10-branch


  Commit: 3c3f438846a6f8eae4245f24cf33ac3af2a9bf3e
      https://github.com/WebKit/WebKit/commit/3c3f438846a6f8eae4245f24cf33ac3af2a9bf3e
  Author: Timothy Hatcher <timothy at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    A LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts
    A LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts-expected.txt
    A LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html
    M LayoutTests/platform/mac/TestExpectations
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 12dd6bd4eb2d. rdar://122030589

    [Cocoa] EME with encrypted MPEG2-TS fails to begin playback
    https://bugs.webkit.org/show_bug.cgi?id=268948
    rdar://122030589

    Reviewed by Andy Estes.

    When encrypted samples are parsed from containers by AVStreamDataParser, those samples have
    their associated initialization data attached to their CMFormatDescription as extensions.
    WebKit then reads those initialization data from the format description to determine the
    keyID needed to decrypt that key. For MPEG2-TS files, the initialization data is stored
    in a different key/value pair. Explicitly support this initData type as 'mpts'.

    * LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts: Added.
    * LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html: Added.
    * Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp:
    (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsSinf):
    (WebCore::CDMPrivateFairPlayStreaming::mptsName):
    (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsMpts):
    (WebCore::CDMPrivateFairPlayStreaming::sanitizeMpts):
    (WebCore::CDMPrivateFairPlayStreaming::mptsKeyIDs):
    (WebCore::validInitDataTypes):
    (WebCore::CDMFactory::platformRegisterFactories):
    (WebCore::CDMPrivateFairPlayStreaming::supportsInitData const):
    * Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::keyIDsForRequest):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::requestLicense):
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
    (WebCore::MediaSampleAVFObjC::commonInit):
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID):

    Canonical link: https://commits.webkit.org/274351@main

Identifier: 272448.541 at safari-7618.1.15.10-branch


  Commit: 59de8c4b88675e69a309f4739f6f7fda7e82b848
      https://github.com/WebKit/WebKit/commit/59de8c4b88675e69a309f4739f6f7fda7e82b848
  Author: Alex Christensen <achristensen at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm

  Log Message:
  -----------
  Cherry-pick 0c1bf2e5136c. rdar://122444342

    Enable WKWebsiteDataStore.proxyConfigurations tests on iOS simulator
    https://bugs.webkit.org/show_bug.cgi?id=268888
    rdar://122444342

    Reviewed by Chris Dumez.

    * Tools/TestWebKitAPI/Tests/WebKitCocoa/Proxy.mm:

    Canonical link: https://commits.webkit.org/274219@main

Identifier: 272448.542 at safari-7618.1.15.10-branch


  Commit: 1c342af5281f4ab01ed3cd46d33dcf7c18c76363
      https://github.com/WebKit/WebKit/commit/1c342af5281f4ab01ed3cd46d33dcf7c18c76363
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width-expected.html
    A LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width.html
    M Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 06f1371ababe. rdar://122586549

    [IFC][Ruby] Text are clipped at the bottom on some pages with ruby in Books
    https://bugs.webkit.org/show_bug.cgi?id=269079
    <rdar://122586549>

    Reviewed by Antti Koivisto.

    Take ruby width adjustment (annotation box is wider than base content) into account when non-trivial line breaking requires us to rebuild the current line.

    * LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width-expected.html: Added.
    * LayoutTests/fast/ruby/ruby-with-unbreakable-characters-incorrect-width.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/InlineLineBuilder.cpp:
    (WebCore::Layout::LineBuilder::rebuildLineWithInlineContent): This is the exact copy of what we do in candidateContentForLine when collecting the content for current line.

    Canonical link: https://commits.webkit.org/274387@main

Identifier: 272448.543 at safari-7618.1.15.10-branch


  Commit: afc662b5e4373a3e56371dbde7038d8b2a0d5bcc
      https://github.com/WebKit/WebKit/commit/afc662b5e4373a3e56371dbde7038d8b2a0d5bcc
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    M Source/WebKit/NetworkProcess/NetworkSession.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.h
    M Source/WebKit/NetworkProcess/NetworkSessionCreationParameters.serialization.in
    M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.h
    M Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.cpp
    M Source/WebKit/UIProcess/WebsiteData/WebsiteDataStore.h

  Log Message:
  -----------
  Cherry-pick eb352590aabe. rdar://122361008

Identifier: 272448.544 at safari-7618.1.15.10-branch


  Commit: c41f7a4ccd0a40209f117cea2ebff8d65ef95ca3
      https://github.com/WebKit/WebKit/commit/c41f7a4ccd0a40209f117cea2ebff8d65ef95ca3
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp
    M Source/WebKit/UIProcess/Launcher/ProcessLauncher.h
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm
    M Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp
    M Source/WebKit/UIProcess/WebProcessProxy.cpp

  Log Message:
  -----------
  Apply patch. rdar://122647959

Identifier: 272448.545 at safari-7618.1.15.10-branch


  Commit: fc1461c9203d135cf7651128ee31128d3edd9196
      https://github.com/WebKit/WebKit/commit/fc1461c9203d135cf7651128ee31128d3edd9196
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    R LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts
    R LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts-expected.txt
    R LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html
    M LayoutTests/platform/mac/TestExpectations
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Revert "Cherry-pick 12dd6bd4eb2d. rdar://122030589"

This reverts commit 3c3f438846a6f8eae4245f24cf33ac3af2a9bf3e.

Identifier: 272448.546 at safari-7618.1.15.10-branch


  Commit: 6f676bfb7b27defba8b281f218ff921c65ce1793
      https://github.com/WebKit/WebKit/commit/6f676bfb7b27defba8b281f218ff921c65ce1793
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-09 (Fri, 09 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Revert "Cherry-pick 56b164c3ab85. rdar://122444388"

This reverts commit 0c6c107094f7d38eb078739f7609295a3059467d.

Identifier: 272448.547 at safari-7618.1.15.10-branch


  Commit: 052e8db4ae0f17574a572abe73b83a4517907d57
      https://github.com/WebKit/WebKit/commit/052e8db4ae0f17574a572abe73b83a4517907d57
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-618.1.15.10.3

Identifier: 272448.548 at safari-7618.1.15.10-branch


  Commit: d9f935bd24e0665a621ef207b87e87fd6ba55166
      https://github.com/WebKit/WebKit/commit/d9f935bd24e0665a621ef207b87e87fd6ba55166
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick 994eca410af6. rdar://122422447

    Change install location of WebKit process extensions
    https://bugs.webkit.org/show_bug.cgi?id=268946
    rdar://122422447

    Reviewed by Elliott Williams.

    * Source/WebKit/Configurations/BaseExtension.xcconfig:
    * Source/WebKit/WebKit.xcodeproj/project.pbxproj:

    Canonical link: https://commits.webkit.org/274425@main

Identifier: 272448.549 at safari-7618.1.15.10-branch


  Commit: 45523c4a87b34571575cc7411ecb0151efe7aeb1
      https://github.com/WebKit/WebKit/commit/45523c4a87b34571575cc7411ecb0151efe7aeb1
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-expected.html
    A LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap.html
    M Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp

  Log Message:
  -----------
  Cherry-pick 9f3eab39f42a. rdar://122501121

    [IFC][Ruby] Some characters are overlapped (Hiragana + Kanji character with Ruby)
    https://bugs.webkit.org/show_bug.cgi?id=269064
    <rdar://122501121>

    Reviewed by Antti Koivisto.

    1. When annotation is wide than the base content, we slightly pull adjacent content under the annotation on both sides
    2. Pulling the "after" content (boxes to the right of the ruby) means shifting all the runs as one monolithic content.

    However in case of justified alignment, as we are supposed to keep the spacing intact, we only adjust the adjacent run
    by moving and expanding it (expanding ensure the rest of the "after" content stays stationary).

    * LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap-expected.html: Added.
    * LayoutTests/fast/ruby/ruby-overhang-with-justified-content-overlap.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/display/InlineDisplayContentBuilder.cpp:
    (WebCore::Layout::InlineDisplayContentBuilder::applyRubyOverhang):

    Canonical link: https://commits.webkit.org/274373@main

Identifier: 272448.550 at safari-7618.1.15.10-branch


  Commit: 616653782dab2f427836a994f6545b4741cb6871
      https://github.com/WebKit/WebKit/commit/616653782dab2f427836a994f6545b4741cb6871
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/annotation-clipped-first-line-expected.html
    A LayoutTests/fast/ruby/annotation-clipped-first-line.html
    M Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp

  Log Message:
  -----------
  Cherry-pick da3c5b4ca5ce. rdar://122586539

    [IFC][Ruby] Ruby character is clipped at right edge of the page
    https://bugs.webkit.org/show_bug.cgi?id=269065
    <rdar://122586539>

    Reviewed by Antti Koivisto.

    See comment in RubyFormattingContext::adjustLayoutBoundsAndStretchAncestorRubyBase.

    * LayoutTests/fast/ruby/annotation-clipped-first-line-expected.html: Added.
    * LayoutTests/fast/ruby/annotation-clipped-first-line.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/ruby/RubyFormattingContext.cpp:
    (WebCore::Layout::RubyFormattingContext::adjustLayoutBoundsAndStretchAncestorRubyBase):

    Canonical link: https://commits.webkit.org/274376@main

Identifier: 272448.551 at safari-7618.1.15.10-branch


  Commit: b682ddeedadb971c5c9c1fbcf6941c51e8b89d74
      https://github.com/WebKit/WebKit/commit/b682ddeedadb971c5c9c1fbcf6941c51e8b89d74
  Author: Dana Estra <destra at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/html/track/VTTCue.cpp

  Log Message:
  -----------
  Cherry-pick 379505f1665c. rdar://122584350

    Subtitle size is enlarged in Full screen
    https://bugs.webkit.org/show_bug.cgi?id=269085
    rdar://122584350

    Reviewed by Jer Noble.

    Webkit-media-text-track-display pseudo-elements should have a font size unit of CQMIN instead of CQH. CQMIN will be calculated to be CQW if the width of the video element is shorter than the height, or CQH vice versa. This creates a more appropriate font size.

    * Source/WebCore/html/track/VTTCue.cpp:
    (WebCore::VTTCueBox::applyCSSProperties):

    Canonical link: https://commits.webkit.org/274480@main

Identifier: 272448.552 at safari-7618.1.15.10-branch


  Commit: 071e0174fb6fbe2c0d04c3318deb4c581c248b9c
      https://github.com/WebKit/WebKit/commit/071e0174fb6fbe2c0d04c3318deb4c581c248b9c
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M LayoutTests/platform/ios/editing/pasteboard/onpaste-text-html-expected.txt
    M LayoutTests/platform/mac/editing/pasteboard/onpaste-text-html-expected.txt
    M LayoutTests/platform/mac/fast/events/ondrop-text-html-expected.txt
    M Source/WebCore/editing/markup.cpp
    M Source/WebCore/editing/markup.h
    M Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp
    M Tools/TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/CopyHTML.mm

  Log Message:
  -----------
  Cherry-pick 81896aa61d54. rdar://122391840

    [iOS 17.4] Copying a relative URL in Reader mode and pasting in Messages inserts a safari-reader:// URL
    https://bugs.webkit.org/show_bug.cgi?id=269143
    rdar://122391840

    Reviewed by Ryosuke Niwa.

    Starting in iOS 17.4, Safari no longer writes `NSAttributedString` data directly to the pasteboard.
    Instead, we just write web archive data and HTML, which the system converts (on paste) into an
    `NSAttributedString` only if needed, using UIFoundation (…which uses an offscreen WKWebView under
    the hood, via `nsattributedstringagent`).

    However, when copying a selected link with a relative HREF like `<a href="/foo.html">…</a>` in
    Safari reader, the reader document has a `base` element with an `href` referencing the original
    website URL, while the real document URL has a scheme of `safari-reader://…`. When writing web
    archive data to the pasteboard in Safari, we just write the markup `<a href="/foo.html">…</a>` as-
    is; when converting to an attributed string (e.g., when pasting in Messages) we complete the
    relative URL using the top document URL taken from the web archive, which still uses a scheme of
    `safari-reader://`, so resulting attributed string has a link attribute pointing to a
    `safari-reader://` URL instead of the HTTP URL.

    To avoid this, we detect the fact that there’s a `base` element in the document when creating web
    archive data from the current selection, and prepend the `base` element to the markup, under the
    `head`; in doing so, we ensure that relative URLs will be completed using the same `base` element
    that was present in the document when copying.

    Test: CopyHTML.SanitizationPreservesRelativeURLInAttributedString

    * LayoutTests/platform/ios/editing/pasteboard/onpaste-text-html-expected.txt:
    * LayoutTests/platform/mac/editing/pasteboard/onpaste-text-html-expected.txt:
    * LayoutTests/platform/mac/fast/events/ondrop-text-html-expected.txt:

    Rebaseline layout tests to account for the fact that the `meta` tag is now also inserted below the
    `head` element (as [noted in the spec](https://html.spec.whatwg.org/multipage/semantics.html#the-meta-element)).

    * Source/WebCore/editing/markup.cpp:

    Rename `prependMetaCharsetUTF8TagIfNonASCIICharactersArePresent` to `prependHeadIfNecessary`, and
    make it append both, either or none of the `meta` and `base` elements underneath a `head` element.
    Like before, we only append `meta charset=UTF-8` on Cocoa in the case where the text contains non-
    ASCII characters, for compatibility with system NSPasteboard/UIPasteboard text encoding treatment.
    If the given `baseElement` is non-null, we'll additionally append the base element (along with its
    attributes) to the `head`. Note that if neither of the above elements are needed, we'll just skip
    appending a `head`.

    (WebCore::serializePreservingVisualAppearanceInternal):

    Add support for a new `PreserveBaseElement` option, which indicates whether or not we should attempt
    to preserve the base element, if it exists in the document containing the given range. This is `No`
    by default, and set to `Yes` only when generating web archive data from a selected range in the
    document to ensure that any completed relative URLs in the selected range point to the same resource
    in the web archive, as they previously did in the original document.

    (WebCore::serializePreservingVisualAppearance):
    (WebCore::sanitizedMarkupForFragmentInDocument):
    * Source/WebCore/editing/markup.h:
    * Source/WebCore/loader/archive/cf/LegacyWebArchive.cpp:
    (WebCore::LegacyWebArchive::createFromSelection):

    Pass in `PreserveBaseElement::Yes`. See above for more details.

    * Tools/TestWebKitAPI/Configurations/TestWebKitAPI.xcconfig:

    Drive-by fix: remove the redundant `WK_UNIFORM_TYPE_IDENTIFIERS_LDFLAGS` setting, which was only
    used to link against `UniformTypeIdentifiers` on iOS (but is now unnecessary, since we already
    unconditionally link `UniformTypeIdentifiers` in `OTHER_LDFLAGS`).

    * Tools/TestWebKitAPI/Tests/WebKitCocoa/CopyHTML.mm:

    Add an API test that simulates copying a relative URL (`/downloads`) in a document with a `base` and
    pasting in an app that converts the web archive data to `NSAttributedString`; the resulting link URL
    corresponding to `NSLinkAttributeName` in the attributed string should point to the original URL
    (`https://webkit.org/downloads`), instead of `file:///downloads`.

    Canonical link: https://commits.webkit.org/274434@main

Identifier: 272448.553 at safari-7618.1.15.10-branch


  Commit: e9ee22dd3e0729455c26a8fab0bdba4757597b6c
      https://github.com/WebKit/WebKit/commit/e9ee22dd3e0729455c26a8fab0bdba4757597b6c
  Author: Ryosuke Niwa <rniwa at webkit.org>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/dom/ContainerNodeAlgorithms.cpp
    M Source/WebCore/html/HTMLFormControlElement.cpp
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLMaybeFormAssociatedCustomElement.cpp
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/HTMLObjectElement.cpp
    M Source/WebCore/html/ValidatedFormListedElement.cpp
    M Source/WebCore/svg/SVGFEImageElement.cpp
    M Source/WebCore/svg/SVGTextPathElement.cpp

  Log Message:
  -----------
  Cherry-pick 980a1d5fec28. rdar://121612950

    Restrict didFinishInsertingNode to connected nodes
    https://bugs.webkit.org/show_bug.cgi?id=268051

    Reviewed by Wenson Hsieh.

    Don't call didFinishInsertingNode when a node is not connected to a document.

    * Source/WebCore/dom/ContainerNodeAlgorithms.cpp:
    (WebCore::notifyNodeInsertedIntoTree):
    (WebCore::notifyChildNodeInserted):
    * Source/WebCore/html/HTMLFormControlElement.cpp:
    (WebCore::HTMLFormControlElement::insertedIntoAncestor):
    * Source/WebCore/html/HTMLInputElement.cpp:
    (WebCore::HTMLInputElement::insertedIntoAncestor):
    * Source/WebCore/html/HTMLMaybeFormAssociatedCustomElement.cpp:
    (WebCore::HTMLMaybeFormAssociatedCustomElement::insertedIntoAncestor):
    * Source/WebCore/html/HTMLMediaElement.cpp:
    (WebCore::HTMLMediaElement::insertedIntoAncestor):
    * Source/WebCore/html/HTMLObjectElement.cpp:
    (WebCore::HTMLObjectElement::insertedIntoAncestor):
    * Source/WebCore/html/ValidatedFormListedElement.cpp:
    (WebCore::ValidatedFormListedElement::insertedIntoAncestor): Call resetFormOwner when this insertion
    didn't result in getting connected to a new document since didFinishInsertingNode won't be called in
    such cases. It's okay to call this function synchronously in this case since we don't rely on
    TreeScope::getElementById when the node is not connected to a a document in findAssociatedForm.
    * Source/WebCore/svg/SVGFEImageElement.cpp:
    (WebCore::SVGFEImageElement::insertedIntoAncestor):
    * Source/WebCore/svg/SVGTextPathElement.cpp:
    (WebCore::SVGTextPathElement::insertedIntoAncestor):

    Canonical link: https://commits.webkit.org/273523@main

Identifier: 272448.554 at safari-7618.1.15.10-branch


  Commit: b3b8cfef6496d622b50ad1aab6ac04f3308dec48
      https://github.com/WebKit/WebKit/commit/b3b8cfef6496d622b50ad1aab6ac04f3308dec48
  Author: Joshua Hoffman <jhoffman23 at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Cherry-pick 58895edc47c1. rdar://122778867

    AX: Missing _prepareAccessibilityCall in accessibilityIsInNonNativeTextControl
    https://bugs.webkit.org/show_bug.cgi?id=269214
    rdar://122778867

    Reviewed by Andres Gonzalez.

    We need to add a _prepareAccessibilityCall to avoid a nullptr dereference.

    * Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm:
    (-[WebAccessibilityObjectWrapper accessibilityIsInNonNativeTextControl]):

    Canonical link: https://commits.webkit.org/274497@main

Identifier: 272448.555 at safari-7618.1.15.10-branch


  Commit: 32a23f7dccd0cd9577a975403287728342457790
      https://github.com/WebKit/WebKit/commit/32a23f7dccd0cd9577a975403287728342457790
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Revert "Cherry-pick 58895edc47c1. rdar://122778867"

This reverts commit b3b8cfef6496d622b50ad1aab6ac04f3308dec48.

Identifier: 272448.556 at safari-7618.1.15.10-branch


  Commit: 2c60ae44856eacc1ae41562efab4af8da285ce75
      https://github.com/WebKit/WebKit/commit/2c60ae44856eacc1ae41562efab4af8da285ce75
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-12 (Mon, 12 Feb 2024)

  Changed paths:
    M Source/WebCore/dom/ContainerNodeAlgorithms.cpp
    M Source/WebCore/html/HTMLFormControlElement.cpp
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLMaybeFormAssociatedCustomElement.cpp
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/HTMLObjectElement.cpp
    M Source/WebCore/html/ValidatedFormListedElement.cpp
    M Source/WebCore/svg/SVGFEImageElement.cpp
    M Source/WebCore/svg/SVGTextPathElement.cpp

  Log Message:
  -----------
  Revert "Cherry-pick 980a1d5fec28. rdar://121612950"

This reverts commit e9ee22dd3e0729455c26a8fab0bdba4757597b6c.

Identifier: 272448.557 at safari-7618.1.15.10-branch


  Commit: 63a32a03e31c07572bbd105d67692570124c90ef
      https://github.com/WebKit/WebKit/commit/63a32a03e31c07572bbd105d67692570124c90ef
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.4

Identifier: 272448.558 at safari-7618.1.15.10-branch


  Commit: 485b6122c6399a4b77b319a2ddbbc65dc23f8726
      https://github.com/WebKit/WebKit/commit/485b6122c6399a4b77b319a2ddbbc65dc23f8726
  Author: Alan Baradlay <zalan at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A LayoutTests/fast/ruby/ruby-base-content-should-not-wrap-expected.html
    A LayoutTests/fast/ruby/ruby-base-content-should-not-wrap.html
    M Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp

  Log Message:
  -----------
  Cherry-pick 2c41110b8852. rdar://122811940

    [IFC][Ruby] Ruby base content may wrap even when style says no
    https://bugs.webkit.org/show_bug.cgi?id=269235
    <rdar://122811940>

    Reviewed by Antti Koivisto.

    There's no soft wrap opportunity between 2 adjacent non-whitespace characters when style says nowrap.

    * LayoutTests/fast/ruby/ruby-base-content-should-not-wrap-expected.html: Added.
    * LayoutTests/fast/ruby/ruby-base-content-should-not-wrap.html: Added.
    * Source/WebCore/layout/formattingContexts/inline/InlineFormattingUtils.cpp:
    (WebCore::Layout::isAtSoftWrapOpportunity):

    Canonical link: https://commits.webkit.org/272448.537@safari-7618-branch

Identifier: 272448.559 at safari-7618.1.15.10-branch


  Commit: 32ce88228ce8b881e97cb8a2b143679d666d04f9
      https://github.com/WebKit/WebKit/commit/32ce88228ce8b881e97cb8a2b143679d666d04f9
  Author: Jer Noble <jer.noble at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 56b164c3ab85. rdar://122444388

    REGRESSION(272969 at main): Null-deref crash in SourceBufferPrivateAVFObjC::trackDidChangeEnabled
    https://bugs.webkit.org/show_bug.cgi?id=268921
    rdar://122444388

    Reviewed by Eric Carlson.

    The WebAVSampleBufferListener m_listener is invalidated and destroyed in SourceBufferPrivateAVFObjC::destroyRenderers(),
    and is never recreated. It is subsequently used without nil-checking the next time a renderer is recreated. Rather than
    destroying and re-creating whenever renderers are destroyed and created, make it a Ref<> object whose lifetime is the same
    (or longer) as the object which owns it.

    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::~SourceBufferPrivateAVFObjC):
    (WebCore::SourceBufferPrivateAVFObjC::destroyRenderers):

    Canonical link: https://commits.webkit.org/274323@main

Identifier: 272448.560 at safari-7618.1.15.10-branch


  Commit: cb7660ab6e14e4e0f8addee9b44be5fde18acad1
      https://github.com/WebKit/WebKit/commit/cb7660ab6e14e4e0f8addee9b44be5fde18acad1
  Author: Timothy Hatcher <timothy at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    A LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts
    A LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts-expected.txt
    A LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html
    M LayoutTests/platform/mac/TestExpectations
    M Source/WTF/wtf/PlatformHave.h
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp
    M Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h
    M Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm
    M Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm

  Log Message:
  -----------
  Cherry-pick 12dd6bd4eb2d. rdar://122030589

    [Cocoa] EME with encrypted MPEG2-TS fails to begin playback
    https://bugs.webkit.org/show_bug.cgi?id=268948
    rdar://122030589

    Reviewed by Andy Estes.

    When encrypted samples are parsed from containers by AVStreamDataParser, those samples have
    their associated initialization data attached to their CMFormatDescription as extensions.
    WebKit then reads those initialization data from the format description to determine the
    keyID needed to decrypt that key. For MPEG2-TS files, the initialization data is stored
    in a different key/value pair. Explicitly support this initData type as 'mpts'.

    * LayoutTests/http/tests/media/fairplay/content/elementary-stream-video-keyid-1.ts: Added.
    * LayoutTests/http/tests/media/fairplay/fps-mse-unmuxed-mpts.html: Added.
    * Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.cpp:
    (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsSinf):
    (WebCore::CDMPrivateFairPlayStreaming::mptsName):
    (WebCore::CDMPrivateFairPlayStreaming::extractKeyIDsMpts):
    (WebCore::CDMPrivateFairPlayStreaming::sanitizeMpts):
    (WebCore::CDMPrivateFairPlayStreaming::mptsKeyIDs):
    (WebCore::validInitDataTypes):
    (WebCore::CDMFactory::platformRegisterFactories):
    (WebCore::CDMPrivateFairPlayStreaming::supportsInitData const):
    * Source/WebCore/platform/graphics/avfoundation/CDMFairPlayStreaming.h:
    * Source/WebCore/platform/graphics/avfoundation/objc/CDMInstanceFairPlayStreamingAVFObjC.mm:
    (WebCore::keyIDsForRequest):
    (WebCore::CDMInstanceSessionFairPlayStreamingAVFObjC::requestLicense):
    * Source/WebCore/platform/graphics/avfoundation/objc/MediaSampleAVFObjC.mm:
    (WebCore::MediaSampleAVFObjC::commonInit):
    * Source/WebCore/platform/graphics/avfoundation/objc/SourceBufferPrivateAVFObjC.mm:
    (WebCore::SourceBufferPrivateAVFObjC::didProvideContentKeyRequestInitializationDataForTrackID):

    Canonical link: https://commits.webkit.org/274351@main

Identifier: 272448.561 at safari-7618.1.15.10-branch


  Commit: 7ec88fb2d2338ba4518728935c10006d7fbb172c
      https://github.com/WebKit/WebKit/commit/7ec88fb2d2338ba4518728935c10006d7fbb172c
  Author: Commit Queue <commit-queue at webkit.org>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebKit/Configurations/BaseExtension.xcconfig
    M Source/WebKit/WebKit.xcodeproj/project.pbxproj

  Log Message:
  -----------
  Cherry-pick f7780c8f88f5. rdar://122894686

    Unreviewed, reverting 274425 at main.
    https://bugs.webkit.org/show_bug.cgi?id=269151

    Introduced perf testing issue

    Reverted changeset:

    "Change install location of WebKit process extensions"
    https://bugs.webkit.org/show_bug.cgi?id=268946
    https://commits.webkit.org/274425@main

    Canonical link: https://commits.webkit.org/274431@main

Identifier: 272448.562 at safari-7618.1.15.10-branch


  Commit: 987f1f64d284fd53a320dee2faf9211e2b18bd57
      https://github.com/WebKit/WebKit/commit/987f1f64d284fd53a320dee2faf9211e2b18bd57
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/dom/ContainerNodeAlgorithms.cpp
    M Source/WebCore/html/HTMLFormControlElement.cpp
    M Source/WebCore/html/HTMLInputElement.cpp
    M Source/WebCore/html/HTMLMaybeFormAssociatedCustomElement.cpp
    M Source/WebCore/html/HTMLMediaElement.cpp
    M Source/WebCore/html/HTMLObjectElement.cpp
    M Source/WebCore/html/ValidatedFormListedElement.cpp
    M Source/WebCore/svg/SVGFEImageElement.cpp
    M Source/WebCore/svg/SVGTextPathElement.cpp

  Log Message:
  -----------
  Revert "Revert "Cherry-pick 980a1d5fec28. rdar://121612950""

This reverts commit 2c60ae44856eacc1ae41562efab4af8da285ce75.

Identifier: 272448.563 at safari-7618.1.15.10-branch


  Commit: 036d67ee93b8a8e32ddf2d0c83e2bc75d011298a
      https://github.com/WebKit/WebKit/commit/036d67ee93b8a8e32ddf2d0c83e2bc75d011298a
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-13 (Tue, 13 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Revert "Revert "Cherry-pick 58895edc47c1. rdar://122778867""

This reverts commit 32a23f7dccd0cd9577a975403287728342457790.

Identifier: 272448.564 at safari-7618.1.15.10-branch


  Commit: 2c392a87df244a9843f6482c82d23bd7add1a9e0
      https://github.com/WebKit/WebKit/commit/2c392a87df244a9843f6482c82d23bd7add1a9e0
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-14 (Wed, 14 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-618.1.15.10.5

Canonical link: https://commits.webkit.org/272448.565@safari-7618.1.15.10-branch


  Commit: c2272907ee6f1a8c106e3878fb6bc242be2775e8
      https://github.com/WebKit/WebKit/commit/c2272907ee6f1a8c106e3878fb6bc242be2775e8
  Author: Sihui Liu <sihui_liu at apple.com>
  Date:   2024-02-14 (Wed, 14 Feb 2024)

  Changed paths:
    M Source/WebCore/page/Quirks.cpp

  Log Message:
  -----------
  Cherry-pick 31136601a244. rdar://122892811

    Null pointer dereference in elementHasClassInClosestAncestors
    https://bugs.webkit.org/show_bug.cgi?id=269308
    rdar://122892811

    Reviewed by Brent Fulgham.

    Ensure ancestor is non-null before accessing it.

    * Source/WebCore/page/Quirks.cpp:
    (WebCore::elementHasClassInClosestAncestors):

    Canonical link: https://commits.webkit.org/274575@main

Canonical link: https://commits.webkit.org/272448.566@safari-7618.1.15.10-branch


  Commit: 1b7023c35680a26f4270390ba5ae8fa5711611ce
      https://github.com/WebKit/WebKit/commit/1b7023c35680a26f4270390ba5ae8fa5711611ce
  Author: Chris Fleizach <cfleizach at apple.com>
  Date:   2024-02-14 (Wed, 14 Feb 2024)

  Changed paths:
    M Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

  Log Message:
  -----------
  Cherry-pick 46a7bd3624b4. rdar://122688370

    AX: com.apple.WebKit.WebContent crash at WebCore: -[WebAccessibilityObjectWrapper handleNotificationRelayToChrome:notificationData:]
    https://bugs.webkit.org/show_bug.cgi?id=269319
    <rdar://problem/122688370>

    Reviewed by (OOPS).

    Ensure that we have a valid AXObjectCache before proceeding.

    * Source/WebCore/accessibility/ios/WebAccessibilityObjectWrapperIOS.mm

    Canonical link: https://commits.webkit.org/274610@main

Canonical link: https://commits.webkit.org/272448.567@safari-7618.1.15.10-branch


  Commit: ad365c15885338b5be8882cbcef64d67fcc65977
      https://github.com/WebKit/WebKit/commit/ad365c15885338b5be8882cbcef64d67fcc65977
  Author: Chris Dumez <cdumez at apple.com>
  Date:   2024-02-14 (Wed, 14 Feb 2024)

  Changed paths:
    M Source/WebCore/html/HTMLSelectElement.cpp
    M Source/WebCore/rendering/RenderMenuList.cpp

  Log Message:
  -----------
  Cherry-pick 35318b4d5407. rdar://119790256

    Crash under ~RenderMenuList due to CheckedPtr usage
    https://bugs.webkit.org/show_bug.cgi?id=269322
    rdar://119790256

    Reviewed by Alan Baradlay.

    From the crash trace, we can see that HTMLSelectElement::defaultEventHandler()
    holds a CheckedPtr to its RenderMenuList renderer and calls showPopup() on
    the renderer. This ends up running JS, which removes the select element from
    the DOM and in turns destroys the renderer. The usage is currently safe since
    nothing is using the renderer after the JS has run. However, it was tripping
    the CheckedPtr assertion.

    To address the issue, switch to using WeakPtr for now and add comments to
    clarify lifetime. We should consider refactoring this in a follow up though.

    * Source/WebCore/html/HTMLSelectElement.cpp:
    (WebCore::HTMLSelectElement::platformHandleKeydownEvent):
    (WebCore::HTMLSelectElement::menuListDefaultEventHandler):
    (WebCore::HTMLSelectElement::showPicker):
    * Source/WebCore/rendering/RenderMenuList.cpp:
    (RenderMenuList::showPopup):

    Canonical link: https://commits.webkit.org/274586@main

Canonical link: https://commits.webkit.org/272448.568@safari-7618.1.15.10-branch


  Commit: 6fd059eeb88dce93790c0cd27177028da62b73a6
      https://github.com/WebKit/WebKit/commit/6fd059eeb88dce93790c0cd27177028da62b73a6
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-618.1.15.10.6

Identifier: 272448.569 at safari-7618.1.15.10-branch


  Commit: 33db5f5dd45197572b79ae0e1aadedaf56fdc510
      https://github.com/WebKit/WebKit/commit/33db5f5dd45197572b79ae0e1aadedaf56fdc510
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Apply patch. rdar://122813058

Identifier: 272448.570 at safari-7618.1.15.10-branch


  Commit: 24578a85f0e93d3f86fe408e048e9c82dd4ddadf
      https://github.com/WebKit/WebKit/commit/24578a85f0e93d3f86fe408e048e9c82dd4ddadf
  Author: Justin Michaud <justin_michaud at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/JavaScriptCore/Scripts/process-entitlements.sh

  Log Message:
  -----------
  Cherry-pick 8179ae2db1bf. rdar://122826926

    Clean up JSC shell entitlements to fix RAMificaton.
    rdar://122826926

    Reviewed by Yusuke Suzuki.

    In https://commits.webkit.org/272448.472@safari-7618-branch, we switched
    to the new allow-jit entitlement. This broke RAMiciation runs because
    the JSC binary doesn't have the com.apple.developer.web-browser-engine.webcontent
    entitlement. This patch adds it.

    * Source/JavaScriptCore/Scripts/process-entitlements.sh:

    Canonical link: https://commits.webkit.org/272448.538@safari-7618-branch

Identifier: 272448.571 at safari-7618.1.15.10-branch


  Commit: 73c50e27c5cb44d8bed221d720853fcb64676ea1
      https://github.com/WebKit/WebKit/commit/73c50e27c5cb44d8bed221d720853fcb64676ea1
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/ios/CompactContextMenuPresenter.mm

  Log Message:
  -----------
  Cherry-pick e12d22941da3. rdar://122843112

    [iOS 17.4] Chrome crashes in -[WKSelectPicker resetContextMenuPresenter]
    https://bugs.webkit.org/show_bug.cgi?id=269222
    rdar://122843112

    Reviewed by Aditya Keerthi.

    Mitigate crashes in (`WKWebView`-based) Chrome on iOS while dismissing compact context menus under
    `~CompactContextMenuPresenter`. Through means that are still unclear to me, Chrome prevents context
    menus from being shown when their webpage translation feature is invoked. This prevents the targeted
    preview container view from being added to the view hierarchy; the resulting context menu
    interaction is still considered "presented" even though nothing is shown on screen.

    In this state, if anything attempts to dismiss the menu with animation, we'll crash with an
    exception as UIKit internally (and incorrectly) assumes that the targeted preview container must
    still be in the view hierarchy from when it was presented, and attempts to create a preview target
    with this unparented preview container view.

    Since the call to `dismiss()` in this destructor is only here as a last resort to ensure that we
    clean up context menu interactions and don't leave context menu views (or the hidden button view)
    lingering around the view hierarchy, we can simply fix this by immediately dismissing the context
    menu interaction without animation. This skips the UIKit code described above that crashes unless
    the preview container view was parented, and allows us to keep this "last resort" cleanup logic
    without otherwise affecting the dismissal animation.

    * Source/WebKit/UIProcess/ios/CompactContextMenuPresenter.mm:
    (WebKit::CompactContextMenuPresenter::~CompactContextMenuPresenter):

    Canonical link: https://commits.webkit.org/274559@main

Identifier: 272448.572 at safari-7618.1.15.10-branch


  Commit: 1cdb2f6fbe7ac62a201e1466259abc020e46e1ed
      https://github.com/WebKit/WebKit/commit/1cdb2f6fbe7ac62a201e1466259abc020e46e1ed
  Author: Youenn Fablet <youennf at gmail.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderH264.mm

  Log Message:
  -----------
  Cherry-pick 1392a12ad3f1. rdar://122859173

    REGRESSION (iOS 17.4 Beta): No incoming video in Teams VA
    rdar://122859173
    https://bugs.webkit.org/show_bug.cgi?id=269281

    Reviewed by Brent Fulgham.

    WebRTC applicartions typically do not care about reordering since it hits the latency.
    We are thus setting the window size to 0 when AVC is false, which is the case for libwebrtc decoders.
    WebCodecs websites that had issues with reordering are using AVC, so should not be broken by this change.

    * Source/ThirdParty/libwebrtc/Source/webrtc/sdk/objc/components/video_codec/RTCVideoDecoderH264.mm:
    (-[RTCVideoDecoderH264 decodeData:size:timeStamp:]):

    Canonical link: https://commits.webkit.org/274581@main

Identifier: 272448.573 at safari-7618.1.15.10-branch


  Commit: b2e9aa1d3e0e8d56fbc7e73ec4e2965855330758
      https://github.com/WebKit/WebKit/commit/b2e9aa1d3e0e8d56fbc7e73ec4e2965855330758
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Revert "Apply patch. rdar://122813058"

This reverts commit 33db5f5dd45197572b79ae0e1aadedaf56fdc510.

Identifier: 272448.574 at safari-7618.1.15.10-branch


  Commit: c6b6c002000ff1c0d335bdfab3292f2079d972db
      https://github.com/WebKit/WebKit/commit/c6b6c002000ff1c0d335bdfab3292f2079d972db
  Author: Dan Robson <dtr_bugzilla at apple.com>
  Date:   2024-02-15 (Thu, 15 Feb 2024)

  Changed paths:
    M Source/WebCore/Modules/webauthn/AuthenticatorCoordinator.cpp
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.h
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/AuthenticationServicesSoftLink.mm
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Apply patch. rdar://122813058

Identifier: 272448.575 at safari-7618.1.15.10-branch


  Commit: eb070120b4a5744b15f8699cc950d043364cd895
      https://github.com/WebKit/WebKit/commit/eb070120b4a5744b15f8699cc950d043364cd895
  Author: Russell Epstein <repstein at apple.com>
  Date:   2024-02-18 (Sun, 18 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.7

Canonical link: https://commits.webkit.org/272448.576@safari-7618.1.15.10-branch


  Commit: 61a02ce7b354dddeea14c28479d0ea4c3b14a26e
      https://github.com/WebKit/WebKit/commit/61a02ce7b354dddeea14c28479d0ea4c3b14a26e
  Author: Garrett Davidson <garrett_davidson at apple.com>
  Date:   2024-02-18 (Sun, 18 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm

  Log Message:
  -----------
  Cherry-pick 1d32f0c70849. rdar://123161979

    Add some missing null checks for WebAuthn extension options
    rdar://123161979

    Reviewed by Brent Fulgham.

    Add some missing null checks for WebAuthn extension options.

    * Source/WebKit/UIProcess/WebAuthentication/Cocoa/WebAuthenticatorCoordinatorProxy.mm:
    (WebKit::WebAuthenticatorCoordinatorProxy::requestsForRegisteration):
    (WebKit::WebAuthenticatorCoordinatorProxy::requestsForAssertion):

    Canonical link: https://commits.webkit.org/274952@main

Canonical link: https://commits.webkit.org/272448.577@safari-7618.1.15.10-branch


  Commit: e232e61bcffb7dc21ad7cca72c23668daa00c616
      https://github.com/WebKit/WebKit/commit/e232e61bcffb7dc21ad7cca72c23668daa00c616
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M LayoutTests/platform/ios/TestExpectations
    M Source/WebCore/platform/graphics/avfoundation/objc/MediaPlayerPrivateMediaSourceAVFObjC.mm
    M Source/WebCore/platform/graphics/cocoa/MediaPlayerPrivateWebM.mm
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.cpp
    M Source/WebKit/WebProcess/GPU/media/MediaPlayerPrivateRemote.h

  Log Message:
  -----------
  Apply patch. rdar://123190795


  Commit: a5741d8a84a55c74f20c350860eafcc57f2662f1
      https://github.com/WebKit/WebKit/commit/a5741d8a84a55c74f20c350860eafcc57f2662f1
  Author: Dan Robson <dan_robson at apple.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-618.1.15.10.8

Identifier: 272448.579 at safari-7618.1.15.10-branch


  Commit: 9ce130f9a78d2d541940f58d809c485249b3d633
      https://github.com/WebKit/WebKit/commit/9ce130f9a78d2d541940f58d809c485249b3d633
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.9

Identifier: 272448.580 at safari-7618.1.15.10-branch


  Commit: 72398f91d0b3ea949069ea29a2e59a88dc3d3b6c
      https://github.com/WebKit/WebKit/commit/72398f91d0b3ea949069ea29a2e59a88dc3d3b6c
  Author: Per Arne Vollan <pvollan at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Cherry-pick 9ff5a32ea773. rdar://122995875

    Add nullptr check for ProcessLauncher client
    https://bugs.webkit.org/show_bug.cgi?id=269759
    rdar://122995875

    Reviewed by Brent Fulgham.

    This patch fixes a null pointer dereference crash that was introduced in <https://commits.webkit.org/274390@main>.
    The commit 274390 at main introduced a race condition by holding a reference to the Process launcher in the completion
    handler for starting WebKit extension processes. This reference was held througout the duration of the completion
    handler. This meant that on rare occasions, the Process launcher could be deleted at the end of the completion
    handler, instead of in the AuxiliaryProcessProxy destructor, where it normally is invalidated and deleted. The
    lambda to finish the launch scheduled from the completion handler on the main thread could then end up having a
    Process launcher that was invalidated but not deallocated. When the Process launcher is invalidated, the m_client
    member is set to nullptr. This member is later dereferenced in ProcessLauncher::finishLaunchingProcess, and caused
    a null pointer crash in this case. This patch is fixing the crash by reverting the change in 274390 at main that
    introduced the crash as well as adding a null pointer check for m_client, to guard against this race being
    reintroduced in the future.

    * Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
    (WebKit::ProcessLauncher::launchProcess):

    Canonical link: https://commits.webkit.org/275047@main

Identifier: 272448.581 at safari-7618.1.15.10-branch


  Commit: 221c0e5c7b9bc0334a8a3eff2ff3e0edb1ee4dc4
      https://github.com/WebKit/WebKit/commit/221c0e5c7b9bc0334a8a3eff2ff3e0edb1ee4dc4
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Revert "Cherry-pick 9ff5a32ea773. rdar://122995875"

This reverts commit 72398f91d0b3ea949069ea29a2e59a88dc3d3b6c.

Identifier: 272448.582 at safari-7618.1.15.10-branch


  Commit: ae2a0fd6cd4382debe40c6519b387edc2856ebb0
      https://github.com/WebKit/WebKit/commit/ae2a0fd6cd4382debe40c6519b387edc2856ebb0
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Cherry-pick 9ff5a32ea773. rdar://122995875

Identifier: 272448.583 at safari-7618.1.15.10-branch


  Commit: 3587d95469517f87a1431ce21d007347edfed909
      https://github.com/WebKit/WebKit/commit/3587d95469517f87a1431ce21d007347edfed909
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Revert "Cherry-pick 9ff5a32ea773. rdar://122995875"

This reverts commit ae2a0fd6cd4382debe40c6519b387edc2856ebb0.

Identifier: 272448.584 at safari-7618.1.15.10-branch


  Commit: 74b1bec2e9545625fb57d254f9b10053da5a8b1d
      https://github.com/WebKit/WebKit/commit/74b1bec2e9545625fb57d254f9b10053da5a8b1d
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-21 (Wed, 21 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Cherry-pick 9ff5a32ea773. rdar://122995875

Identifier: 272448.585 at safari-7618.1.15.10-branch


  Commit: 7aff22194942735798073eca353e8d1a8f270f2d
      https://github.com/WebKit/WebKit/commit/7aff22194942735798073eca353e8d1a8f270f2d
  Author: Myah Cobbs <mcobbs at apple.com>
  Date:   2024-02-22 (Thu, 22 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.10

Identifier: 272448.586 at safari-7618.1.15.10-branch


  Commit: d82207a15384b1ad6afe689c77839c047c9504c5
      https://github.com/WebKit/WebKit/commit/d82207a15384b1ad6afe689c77839c047c9504c5
  Author: Russell Epstein <repstein at apple.com>
  Date:   2024-02-26 (Mon, 26 Feb 2024)

  Changed paths:
    M Configurations/Version.xcconfig

  Log Message:
  -----------
  Versioning.

WebKit-7618.1.15.10.11

Canonical link: https://commits.webkit.org/272448.587@safari-7618.1.15.10-branch


Compare: https://github.com/WebKit/WebKit/compare/9c8f91f26c4f%5E...d82207a15384

To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications


More information about the webkit-changes mailing list