If an app has no menu bar (because `app.dock.hide()` has been called),
OS X will still render the menu bar of the previously-focused app.
This commit ensures simpleFullscreen windows will be drawn on top of
that menu bar by setting their level to NSPopUpMenuWindowLevel while
simpleFullscreen mode is active.
Ref: #11468
We've hardened Linux builds by enabling PIE and RELRO,
and should continue to try hardening Linux builds by
enabling BIND_NOW. With both RELRO and BIND_NOW enabled,
we can stop all GOT overwrite attacks. The same hardening
option has been enabled in official Chrome/Chromium
builds since more than five years ago.
This helps to improve the security of a whole range of
applications built upon Electron, including sensetive ones
such as Signal-Desktop.
Signed-off-by: Tom Li <tomli@tomli.me>
PIE allows an application to utilize the full benefits of ASLR
to prevent itself from exploitations, but it was disabled for
all released versions of Electron (3.0 and prior).
Currently, PIE is already enabled since 9294fac but enabling it
for all released version is still an ongoing work (#14961). This
patch backports PIE to the 3.0.x branch.
Signed-off-by: Tom Li <tomli@tomli.me>
* fix: backport #15030 to fix#14958 dbus crash
* chore: re-enable power spec tests
* chore: undo changes made to power monitor tests.
The Linux failures on that are gone in master / 4-0-x. Whatever
resolved it there is unrelated to this PR's changes, so I'm not
going to block this fix on an unrelated issue.
* ci: don't run gn debug build on older branches
Older branches that build using gyp do not run both a debug and testing build.
* Actually skip the build if debug
* fix: Invalidate weak ptrs before window Javascript object is destroyed
* chore: add regression test for #14513
This test is similar to the original gist at https://gist.github.com/bpasero/a02a645e11f4946dcca1331d0299149d -- the key is to open multiple windows and add an `app.on('browser-window-focus') listener that accesses window.id.
* fix: last commit didn't test the right thing.
The test needs to run in the main process to reproduce the
conditions reported in #14513
