diff --git a/testing/electron/APKBUILD b/testing/electron/APKBUILD
index 196a6ea0ce6fb0ccc6197fb94def98f400e4a6ea..42f21e2aec034537785ef44283bdfac2ed5b3684 100644
--- a/testing/electron/APKBUILD
+++ b/testing/electron/APKBUILD
@@ -1,9 +1,9 @@
# Maintainer: lauren n. liberda <lauren@selfisekai.rocks>
pkgname=electron
-pkgver=29.1.4
+pkgver=29.1.5
_semver="${pkgver/_beta/-beta.}"
pkgrel=0
-_chromium=122.0.6261.129
+_chromium=122.0.6261.130
_depot_tools=b5509953468edd0906f2dc297886939abbd2bed5
pkgdesc="Electron cross-platform desktop toolkit"
url="https://github.com/electron/electron"
@@ -144,6 +144,7 @@ source="https://ab-sn.lnl.gay/electron-$_semver-$_chromium.tar.zst
0004-lib-update-undici-to-v5.28.3.patch
0005-zlib-pause-stream-if-outgoing-buffer-is-full.patch
0006-deps-fix-GHSA-f74f-cvh7-c6q6-CVE-2024-24806.patch
+ CVE-2024-2625.patch
default.conf
electron.desktop
@@ -168,6 +169,13 @@ export LD=clang++
export CFLAGS="${CFLAGS/-g/} -O2 -Wno-unknown-warning-option -Wno-builtin-macro-redefined -Wno-deprecated-declarations"
export CXXFLAGS="${CXXFLAGS/-g/} -O2 -Wno-unknown-warning-option -Wno-builtin-macro-redefined -Wno-deprecated-declarations"
export CPPFLAGS="${CPPFLAGS/-g/} -D__DATE__= -D__TIME__= -D__TIMESTAMP__="
+case "$CARCH" in
+ aarch64|arm*|riscv64)
+ # not supported by clang here
+ export CFLAGS="${CFLAGS/-fstack-clash-protection}"
+ export CXXFLAGS="${CXXFLAGS/-fstack-clash-protection}"
+ ;;
+esac
# breaks chromium-based stuff
export CXXFLAGS="${CXXFLAGS/-D_GLIBCXX_ASSERTIONS=1}"
@@ -531,7 +539,7 @@ lang() {
}
sha512sums="
-4b36f3c55cbf482fc48eb4e0dad1e41ea1696f18fab9407b08efc11be9680906a81123a190ed7b86119e05dafbd9a67c4c80dd056e56b2900337d3d83165f0df electron-29.1.4-122.0.6261.129.tar.zst
+1d11c12712ebd64a62d6b168036cc4a67b4a3a398012f8a5ef88c616429f74c44438a5078533ef3726f6535b7b129c3496d544836009229025aa85d9c07f745e electron-29.1.5-122.0.6261.130.tar.zst
4c540972fa12acd9f0aafb8dc7e9987c3d6e4f28ff679dde522ebcec2dc5ae1a62d9d255bed0a30b9c79ae3b90ab0f5b9ae1ef5b7bf338612e28d9ef70250ca3 chromium-icu-74.patch
29bb685e03356a77df5fd347cdf55194cc8b3265c421cc76e54d64edefc329dbcb052deb26b22e8f587ce68456876c071de1b7d258dd0fcc6ee66c875ec4a020 chromium-revert-drop-of-system-java.patch
c116ad6325a79b799b6c56312891d5b3d2f0d0c1c3e2c03f339144b3f93b871db190f83fe5eadc5542303d61849cc362299932a2f93661198e11ba0c1e492e48 compiler.patch
@@ -571,6 +579,7 @@ c83914c11d9f8f6d53653f67f91020db3d25d0614380053380f85e870418e834bf590afa065b1820
b8ea46e2c0ad7bab6383fa3a42619be735eac67156e501b173b36e9522e8c384feb758b48276a16ac6a68b64cab8fb4cd4ed1841720ecf628bc55f45c05b58c4 0004-lib-update-undici-to-v5.28.3.patch
1dc578fad461f8dc876a1bbbd9fd8f9b235a010fcfb30986cc2654253cce84040dc6fed37fa9fa5e70933ffb9d812c677ba0150e7d6a9d2032d412f9eba7f168 0005-zlib-pause-stream-if-outgoing-buffer-is-full.patch
793d94cc5aec81eace96ca86bd70ad122d82918a521ecb8d30251c492818c19c7a020eed4dccb13d4129b61f0ca82972bd34f480ad094c45633042552bd39fe9 0006-deps-fix-GHSA-f74f-cvh7-c6q6-CVE-2024-24806.patch
+d661ab65ba669670e9a702e1d4642bffc8a99cb9fa61c0ca715d15f095a6d12d35367f2a7f37e534acc8cff89305a02713e7d897349ed07bc9b25ee6832f7c81 CVE-2024-2625.patch
e8ea87c547546011c4c8fc2de30e4f443b85cd4cfcff92808e2521d2f9ada03feefb8e1b0cf0f6b460919c146e56ef8d5ad4bb5e2461cc5247c30d92eb4d068e default.conf
191559fc7aa1ea0353c6fb0cc321ee1d5803a0e44848c8be941cfab96277b0de6a59962d373e2a2a1686c8f9be2bcf2d2f33706759a339a959e297d3f7fda463 electron.desktop
5f7ba5ad005f196facec1c0f26108356b64cafb1e5cfa462ff714a33b8a4c757ac00bfcb080da09eb5b65032f8eb245d9676a61ec554515d125ed63912708648 electron-launcher.sh
diff --git a/testing/electron/CVE-2024-2625.patch b/testing/electron/CVE-2024-2625.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8f0023dcfc438298fb583c6377051040e16b14f2
--- /dev/null
+++ b/testing/electron/CVE-2024-2625.patch
@@ -0,0 +1,285 @@
+From 3eb29421eb1f6f913cefa74c9aa1eb0b5f84553f Mon Sep 17 00:00:00 2001
+From: Shu-yu Guo <syg@chromium.org>
+Date: Thu, 7 Mar 2024 14:55:28 -0800
+Subject: [PATCH] Merged: [parser] Fix home object proxy to work off-thread
+
+Because the home object has special scope lookup rules due to class
+heritage position, VariableProxies of the home object are currently
+directly created on the correct scope during parsing. However, during
+off-thread parsing the main thread is parked, and the correct scope
+may try to dereference a main-thread Handle.
+
+This CL moves the logic into ResolveVariable instead, which happens
+during postprocessing, with the main thread unparked.
+
+Fixed: chromium:327740539
+
+(cherry picked from commit 8f477f936c9b9e6b4c9f35a8ccc5e65bd4cb7f4e)
+
+Change-Id: I16805ad35f5d70d1acadaf1f5440dfc159dbfa6c
+Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5363634
+Reviewed-by: Deepti Gandluri <gdeepti@chromium.org>
+Commit-Queue: Shu-yu Guo <syg@chromium.org>
+Cr-Commit-Position: refs/branch-heads/12.2@{#44}
+Cr-Branched-From: 6eb5a9616aa6f8c705217aeb7c7ab8c037a2f676-refs/heads/12.2.281@{#1}
+Cr-Branched-From: 44cf56d850167c6988522f8981730462abc04bcc-refs/heads/main@{#91934}
+---
+ src/ast/ast.h | 10 ++++-
+ src/ast/scopes.cc | 78 +++++++++++++++++----------------------
+ src/ast/scopes.h | 7 +---
+ src/parsing/parser-base.h | 4 +-
+ src/parsing/parser.cc | 11 +++---
+ src/parsing/parser.h | 2 +-
+ src/parsing/preparser.h | 3 +-
+ 7 files changed, 52 insertions(+), 63 deletions(-)
+
+diff --git a/v8/src/ast/ast.h b/v8/src/ast/ast.h
+index d4b2f23dda1b..5843b3f6a969 100644
+--- a/v8/src/ast/ast.h
++++ b/v8/src/ast/ast.h
+@@ -1535,6 +1535,12 @@ class VariableProxy final : public Expression {
+ bit_field_ = IsRemovedFromUnresolvedField::update(bit_field_, true);
+ }
+
++ bool is_home_object() const { return IsHomeObjectField::decode(bit_field_); }
++
++ void set_is_home_object() {
++ bit_field_ = IsHomeObjectField::update(bit_field_, true);
++ }
++
+ // Provides filtered access to the unresolved variable proxy threaded list.
+ struct UnresolvedNext {
+ static VariableProxy** filter(VariableProxy** t) {
+@@ -1566,6 +1572,7 @@ class VariableProxy final : public Expression {
+ bit_field_ |= IsAssignedField::encode(false) |
+ IsResolvedField::encode(false) |
+ IsRemovedFromUnresolvedField::encode(false) |
++ IsHomeObjectField::encode(false) |
+ HoleCheckModeField::encode(HoleCheckMode::kElided);
+ }
+
+@@ -1575,7 +1582,8 @@ class VariableProxy final : public Expression {
+ using IsResolvedField = IsAssignedField::Next<bool, 1>;
+ using IsRemovedFromUnresolvedField = IsResolvedField::Next<bool, 1>;
+ using IsNewTargetField = IsRemovedFromUnresolvedField::Next<bool, 1>;
+- using HoleCheckModeField = IsNewTargetField::Next<HoleCheckMode, 1>;
++ using IsHomeObjectField = IsNewTargetField::Next<bool, 1>;
++ using HoleCheckModeField = IsHomeObjectField::Next<HoleCheckMode, 1>;
+
+ union {
+ const AstRawString* raw_name_; // if !is_resolved_
+diff --git a/v8/src/ast/scopes.cc b/v8/src/ast/scopes.cc
+index 672440a2b4b9..6dfcd45cf208 100644
+--- a/v8/src/ast/scopes.cc
++++ b/v8/src/ast/scopes.cc
+@@ -491,7 +491,6 @@ Scope* Scope::DeserializeScopeChain(IsolateT* isolate, Zone* zone,
+ if (cache_scope_found) {
+ outer_scope->set_deserialized_scope_uses_external_cache();
+ } else {
+- DCHECK(!cache_scope_found);
+ cache_scope_found =
+ outer_scope->is_declaration_scope() && !outer_scope->is_eval_scope();
+ }
+@@ -970,9 +969,14 @@ Variable* Scope::LookupInScopeInfo(const AstRawString* name, Scope* cache) {
+ DCHECK(!cache->deserialized_scope_uses_external_cache());
+ // The case where where the cache can be another scope is when the cache scope
+ // is the last scope that doesn't use an external cache.
++ //
++ // The one exception to this is when looking up the home object, which may
++ // skip multiple scopes that don't use an external cache (e.g., several arrow
++ // functions).
+ DCHECK_IMPLIES(
+ cache != this,
+- cache->outer_scope()->deserialized_scope_uses_external_cache());
++ cache->outer_scope()->deserialized_scope_uses_external_cache() ||
++ cache->GetHomeObjectScope() == this);
+ DCHECK_NULL(cache->variables_.Lookup(name));
+ DisallowGarbageCollection no_gc;
+
+@@ -2282,7 +2286,33 @@ Variable* Scope::LookupSloppyEval(VariableProxy* proxy, Scope* scope,
+
+ void Scope::ResolveVariable(VariableProxy* proxy) {
+ DCHECK(!proxy->is_resolved());
+- Variable* var = Lookup<kParsedScope>(proxy, this, nullptr);
++ Variable* var;
++ if (V8_UNLIKELY(proxy->is_home_object())) {
++ // VariableProxies of the home object cannot be resolved like a normal
++ // variable. Consider the case of a super.property usage in heritage
++ // position:
++ //
++ // class C extends super.foo { m() { super.bar(); } }
++ //
++ // The super.foo property access is logically nested under C's class scope,
++ // which also has a home object due to its own method m's usage of
++ // super.bar(). However, super.foo must resolve super in C's outer scope.
++ //
++ // Because of the above, start resolving home objects directly at the home
++ // object scope instead of the current scope.
++ Scope* scope = GetDeclarationScope()->GetHomeObjectScope();
++ DCHECK_NOT_NULL(scope);
++ if (scope->scope_info_.is_null()) {
++ var = Lookup<kParsedScope>(proxy, scope, nullptr);
++ } else {
++ Scope* entry_cache = scope->deserialized_scope_uses_external_cache()
++ ? GetNonEvalDeclarationScope()
++ : scope;
++ var = Lookup<kDeserializedScope>(proxy, scope, nullptr, entry_cache);
++ }
++ } else {
++ var = Lookup<kParsedScope>(proxy, this, nullptr);
++ }
+ DCHECK_NOT_NULL(var);
+ ResolveTo(proxy, var);
+ }
+@@ -2752,48 +2782,6 @@ int Scope::ContextLocalCount() const {
+ (is_function_var_in_context ? 1 : 0);
+ }
+
+-VariableProxy* Scope::NewHomeObjectVariableProxy(AstNodeFactory* factory,
+- const AstRawString* name,
+- int start_pos) {
+- // VariableProxies of the home object cannot be resolved like a normal
+- // variable. Consider the case of a super.property usage in heritage position:
+- //
+- // class C extends super.foo { m() { super.bar(); } }
+- //
+- // The super.foo property access is logically nested under C's class scope,
+- // which also has a home object due to its own method m's usage of
+- // super.bar(). However, super.foo must resolve super in C's outer scope.
+- //
+- // Because of the above, home object VariableProxies are always made directly
+- // on the Scope that needs the home object instead of the innermost scope.
+- DCHECK(needs_home_object());
+- if (!scope_info_.is_null()) {
+- // This is a lazy compile, so the home object's context slot is already
+- // known.
+- Variable* home_object = variables_.Lookup(name);
+- if (home_object == nullptr) {
+- VariableLookupResult lookup_result;
+- int index = scope_info_->ContextSlotIndex(name->string(), &lookup_result);
+- DCHECK_GE(index, 0);
+- bool was_added;
+- home_object = variables_.Declare(zone(), this, name, lookup_result.mode,
+- NORMAL_VARIABLE, lookup_result.init_flag,
+- lookup_result.maybe_assigned_flag,
+- IsStaticFlag::kNotStatic, &was_added);
+- DCHECK(was_added);
+- home_object->AllocateTo(VariableLocation::CONTEXT, index);
+- }
+- return factory->NewVariableProxy(home_object, start_pos);
+- }
+- // This is not a lazy compile. Add the unresolved home object VariableProxy to
+- // the unresolved list of the home object scope, which is not necessarily the
+- // innermost scope.
+- VariableProxy* proxy =
+- factory->NewVariableProxy(name, NORMAL_VARIABLE, start_pos);
+- AddUnresolved(proxy);
+- return proxy;
+-}
+-
+ bool IsComplementaryAccessorPair(VariableMode a, VariableMode b) {
+ switch (a) {
+ case VariableMode::kPrivateGetterOnly:
+diff --git a/v8/src/ast/scopes.h b/v8/src/ast/scopes.h
+index b4c2e8b21368..751aaee3d11e 100644
+--- a/v8/src/ast/scopes.h
++++ b/v8/src/ast/scopes.h
+@@ -603,10 +603,6 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
+ needs_home_object_ = true;
+ }
+
+- VariableProxy* NewHomeObjectVariableProxy(AstNodeFactory* factory,
+- const AstRawString* name,
+- int start_pos);
+-
+ bool RemoveInnerScope(Scope* inner_scope) {
+ DCHECK_NOT_NULL(inner_scope);
+ if (inner_scope == inner_scope_) {
+@@ -865,7 +861,7 @@ class V8_EXPORT_PRIVATE DeclarationScope : public Scope {
+ FunctionKind function_kind() const { return function_kind_; }
+
+ // Inform the scope that the corresponding code uses "super".
+- Scope* RecordSuperPropertyUsage() {
++ void RecordSuperPropertyUsage() {
+ DCHECK(IsConciseMethod(function_kind()) ||
+ IsAccessorFunction(function_kind()) ||
+ IsClassConstructor(function_kind()));
+@@ -873,7 +869,6 @@ class V8_EXPORT_PRIVATE DeclarationScope : public Scope {
+ Scope* home_object_scope = GetHomeObjectScope();
+ DCHECK_NOT_NULL(home_object_scope);
+ home_object_scope->set_needs_home_object();
+- return home_object_scope;
+ }
+
+ bool uses_super_property() const { return uses_super_property_; }
+diff --git a/v8/src/parsing/parser-base.h b/v8/src/parsing/parser-base.h
+index cc899086d3b8..ac35090ca5d1 100644
+--- a/v8/src/parsing/parser-base.h
++++ b/v8/src/parsing/parser-base.h
+@@ -3823,9 +3823,9 @@ ParserBase<Impl>::ParseSuperExpression() {
+ impl()->ReportMessage(MessageTemplate::kOptionalChainingNoSuper);
+ return impl()->FailureExpression();
+ }
+- Scope* home_object_scope = scope->RecordSuperPropertyUsage();
++ scope->RecordSuperPropertyUsage();
+ UseThis();
+- return impl()->NewSuperPropertyReference(home_object_scope, pos);
++ return impl()->NewSuperPropertyReference(pos);
+ }
+ // super() is only allowed in derived constructor. new super() is never
+ // allowed; it's reported as an error by
+diff --git a/v8/src/parsing/parser.cc b/v8/src/parsing/parser.cc
+index 662e487be695..645d005e53f9 100644
+--- a/v8/src/parsing/parser.cc
++++ b/v8/src/parsing/parser.cc
+@@ -297,18 +297,17 @@ Expression* Parser::NewThrowError(Runtime::FunctionId id,
+ return factory()->NewThrow(call_constructor, pos);
+ }
+
+-Expression* Parser::NewSuperPropertyReference(Scope* home_object_scope,
+- int pos) {
++Expression* Parser::NewSuperPropertyReference(int pos) {
+ const AstRawString* home_object_name;
+ if (IsStatic(scope()->GetReceiverScope()->function_kind())) {
+ home_object_name = ast_value_factory_->dot_static_home_object_string();
+ } else {
+ home_object_name = ast_value_factory_->dot_home_object_string();
+ }
+- return factory()->NewSuperPropertyReference(
+- home_object_scope->NewHomeObjectVariableProxy(factory(), home_object_name,
+- pos),
+- pos);
++
++ VariableProxy* proxy = NewUnresolved(home_object_name, pos);
++ proxy->set_is_home_object();
++ return factory()->NewSuperPropertyReference(proxy, pos);
+ }
+
+ SuperCallReference* Parser::NewSuperCallReference(int pos) {
+diff --git a/v8/src/parsing/parser.h b/v8/src/parsing/parser.h
+index cc397e198b71..8f9d57868ffd 100644
+--- a/v8/src/parsing/parser.h
++++ b/v8/src/parsing/parser.h
+@@ -797,7 +797,7 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
+ return factory()->NewThisExpression(pos);
+ }
+
+- Expression* NewSuperPropertyReference(Scope* home_object_scope, int pos);
++ Expression* NewSuperPropertyReference(int pos);
+ SuperCallReference* NewSuperCallReference(int pos);
+ Expression* NewTargetExpression(int pos);
+ Expression* ImportMetaExpression(int pos);
+diff --git a/v8/src/parsing/preparser.h b/v8/src/parsing/preparser.h
+index 2b81771464ba..9e8446a3481b 100644
+--- a/v8/src/parsing/preparser.h
++++ b/v8/src/parsing/preparser.h
+@@ -1532,8 +1532,7 @@ class PreParser : public ParserBase<PreParser> {
+ return PreParserExpression::This();
+ }
+
+- V8_INLINE PreParserExpression
+- NewSuperPropertyReference(Scope* home_object_scope, int pos) {
++ V8_INLINE PreParserExpression NewSuperPropertyReference(int pos) {
+ return PreParserExpression::Default();
+ }
+