From efd35844fae554f6e7f8e9001dcc28903e52d9c506316a4b6b44536692d63606 Mon Sep 17 00:00:00 2001 From: Bruno Pitrus Date: Sat, 25 Mar 2023 06:08:06 +0000 Subject: [PATCH] Accepting request 1074297 from home:dziobian:gulgul-ultron:19 - New upstream release 22.3.4 * Improved error messages on session.cookies.set failure. * Vulkan: Don't close render pass if rebind to same fbo (CVE-2023-1213) * CSS: In Typed CSSOM, reject adding to something that is not a list. (CVE-2023-1215) * Fix potential out of bounds write in base::SampleVectorBase (CVE-2023-1220) - Add services-network-optional-explicit-constructor.patch OBS-URL: https://build.opensuse.org/request/show/1074297 OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs-electron?expand=0&rev=68 --- electron-22.3.3.tar.zst | 3 -- electron-22.3.4.tar.zst | 3 ++ nodejs-electron.changes | 9 ++++++ nodejs-electron.spec | 3 +- ...etwork-optional-explicit-constructor.patch | 29 +++++++++++++++++++ 5 files changed, 43 insertions(+), 4 deletions(-) delete mode 100644 electron-22.3.3.tar.zst create mode 100644 electron-22.3.4.tar.zst create mode 100644 services-network-optional-explicit-constructor.patch diff --git a/electron-22.3.3.tar.zst b/electron-22.3.3.tar.zst deleted file mode 100644 index 1ba7af0..0000000 --- a/electron-22.3.3.tar.zst +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:558d72861d0de224b65a6015e91144061373a4820774109257e1e34757550d49 -size 591501727 diff --git a/electron-22.3.4.tar.zst b/electron-22.3.4.tar.zst new file mode 100644 index 0000000..789ad38 --- /dev/null +++ b/electron-22.3.4.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1b9f2856040cd4046fc42b08af75888cdd7cc6729a25da7caddf061150e1317a +size 591817879 diff --git a/nodejs-electron.changes b/nodejs-electron.changes index be2e97a..4f679a2 100644 --- a/nodejs-electron.changes +++ b/nodejs-electron.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Mar 24 13:42:44 UTC 2023 - Bruno Pitrus +- New upstream release 22.3.4 + * Improved error messages on session.cookies.set failure. + * Vulkan: Don't close render pass if rebind to same fbo (CVE-2023-1213) + * CSS: In Typed CSSOM, reject adding to something that is not a list. (CVE-2023-1215) + * Fix potential out of bounds write in base::SampleVectorBase (CVE-2023-1220) +- Add services-network-optional-explicit-constructor.patch + ------------------------------------------------------------------- Sat Mar 18 18:48:36 UTC 2023 - Bruno Pitrus - ANGLE: Link libvulkan.so and libGL.so instead of dlopening it diff --git a/nodejs-electron.spec b/nodejs-electron.spec index 0541503..a063efd 100644 --- a/nodejs-electron.spec +++ b/nodejs-electron.spec @@ -201,7 +201,7 @@ BuildArch: i686 Name: nodejs-electron -Version: 22.3.3 +Version: 22.3.4 Release: 0 Summary: Build cross platform desktop apps with JavaScript, HTML, and CSS License: AFL-2.0 AND Apache-2.0 AND blessing AND BSD-2-Clause AND BSD-3-Clause AND BSD-Protection AND BSD-Source-Code AND bzip2-1.0.6 AND IJG AND ISC AND LGPL-2.0-or-later AND LGPL-2.1-or-later AND MIT AND MIT-CMU AND MIT-open-group AND (MPL-1.1 OR GPL-2.0-or-later OR LGPL-2.1-or-later) AND MPL-2.0 AND OpenSSL AND SGI-B-2.0 AND SUSE-Public-Domain AND X11 @@ -375,6 +375,7 @@ Patch3117: target_property-missing-uint32_t.patch Patch3118: gpu_feature_info-missing-uint32_t.patch Patch3119: blink-gcc13-missing-headers.patch Patch3120: effect_paint_property_node-Wchanges-meaning.patch +Patch3121: services-network-optional-explicit-constructor.patch %if %{with clang} BuildRequires: clang diff --git a/services-network-optional-explicit-constructor.patch b/services-network-optional-explicit-constructor.patch new file mode 100644 index 0000000..7de8b8c --- /dev/null +++ b/services-network-optional-explicit-constructor.patch @@ -0,0 +1,29 @@ +[ 2542s] ../../services/network/cookie_access_delegate_impl.cc: In member function 'virtual std::optional > network::CookieAccessDelegateImpl::FindFirstPartySetEntries(base::flat_set&, base::OnceCallback)>) const': +[ 2542s] ../../services/network/cookie_access_delegate_impl.cc:81:15: error: converting to 'std::optional >' from initializer list would use explicit constructor 'constexpr std::optional<_Tp>::optional(std::in_place_t, _Args&& ...) [with _Args = {}; typename std::enable_if<__and_v >, bool>::type = false; _Tp = base::flat_map]' +[ 2542s] 81 | return {{}}; +[ 2542s] | ^ +[ 2542s] ../../services/network/cookie_access_delegate_impl.cc:81:15: error: converting to 'std::in_place_t' from initializer list would use explicit constructor 'constexpr std::in_place_t::in_place_t()' + + +--- src/services/network/cookie_access_delegate_impl.cc.old 2023-03-24 11:21:23.446841775 +0100 ++++ src/services/network/cookie_access_delegate_impl.cc 2023-03-24 13:08:04.591526417 +0100 +@@ -78,7 +78,7 @@ + base::OnceCallback + callback) const { + if (!first_party_sets_access_delegate_) +- return {{}}; ++ return {FirstPartySetsAccessDelegate::EntriesResult()}; + return first_party_sets_access_delegate_->FindEntries(sites, + std::move(callback)); + } +--- src/services/network/first_party_sets/first_party_sets_access_delegate.cc.old 2023-03-24 11:21:23.454841767 +0100 ++++ src/services/network/first_party_sets/first_party_sets_access_delegate.cc 2023-03-24 14:41:19.809786588 +0100 +@@ -95,7 +95,7 @@ + DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_); + + if (!enabled_) +- return {{}}; ++ return {FirstPartySetsAccessDelegate::EntriesResult()}; + + if (!ready_event_.has_value()) { + // base::Unretained() is safe because `this` owns `pending_queries_` and