Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 8 changes from Release-0-M114 #38536

Merged
merged 6 commits into from Jun 10, 2023
Merged

chore: cherry-pick 8 changes from Release-0-M114 #38536

merged 6 commits into from Jun 10, 2023

Conversation

VerteDinde
Copy link
Member

@VerteDinde VerteDinde commented Jun 1, 2023
edited by ppontes

electron/security#353 - e6b75a8b4900 from chromium Roll PDFium from 4c16842f61a1 to e60fa0d7d773 (6 revisions)

https://pdfium.googlesource.com/pdfium.git/+log/4c16842f61a1..e60fa0d7d773

2023-05-12 thestig@chromium.org Remove struct CFX_CTTGSUBTable::TLangSysRecord
2023-05-11 thestig@chromium.org Stop storing CFX_Font::m_pSubData
2023-05-11 thestig@chromium.org Improve error handling in CPDF_CIDFont::GetGlyphIndex()
2023-05-11 tsepez@chromium.org Observe widget across SetOptionSelection() calls.
2023-05-11 tsepez@chromium.org Always check return code from CPWL_ComboBox::SetPopup().
2023-05-11 dorianrudo97@gmail.com Save dash array and phase of GraphState in CPDF_PageContentGenerator

If this roll has caused a breakage, revert this CL and stop the roller
using the controls here:
https://autoroll.skia.org/r/pdfium-autoroll
Please CC dhoss@chromium.org,pdfium-deps-rolls@chromium.org,thestig@chromium.org on the revert to ensure that a human
is aware of the problem.

To file a bug in PDFium: https://bugs.chromium.org/p/pdfium/issues/entry
To file a bug in Chromium: https://bugs.chromium.org/p/chromium/issues/entry

To report a problem with the AutoRoller itself, please file a bug:
https://bugs.chromium.org/p/skia/issues/entry?template=Autoroller+Bug

Documentation for the AutoRoller is here:
https://skia.googlesource.com/buildbot/+doc/main/autoroll/README.md

Bug: chromium:1444238,chromium:1444581
Tbr: pdfium-deps-rolls@chromium.org
Change-Id: I48188bbffa2048b5adf6abaeadd097dcd331fcb0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4527458
Commit-Queue: chromium-autoroll chromium-autoroll@skia-public.iam.gserviceaccount.com
Bot-Commit: chromium-autoroll chromium-autoroll@skia-public.iam.gserviceaccount.com
Cr-Commit-Position: refs/heads/main@{#1143435}

electron/security#358 - 3b0607d14060 from v8 Merged: [runtime] Remove redundant calls to GetPropertyAttributes

... when defining properties in favour of CheckIfCanDefine.

Drive-by: move JSReceiver::CheckIfCanDefine to
JSObject::CheckIfCanDefineAsConfigurable and fix handling of
absent properties.

Bug: chromium:1443452
(cherry picked from commit e98baa3526426c0219bb0474028ca301b8bd0677)

Change-Id: Ia1fd617778be608accee99dcee37f7d1ce3460b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4545762
Commit-Queue: Igor Sheludko ishell@chromium.org
Reviewed-by: Toon Verwaest verwaest@chromium.org
Cr-Commit-Position: refs/branch-heads/11.4@{#22}
Cr-Branched-From: 8a8a1e7086dacc426965d3875914efa66663c431-refs/heads/11.4.183@{#1}
Cr-Branched-From: 5483d8e816e0bbce865cbbc3fa0ab357e6330bab-refs/heads/main@{#87241}

electron/security#357 - 9c6dfc733fce from v8 Merged: [runtime] Fix handling of interceptors

Drive-by: simplify creation of LookupIterator copies.

Bug: chromium:1440695
(cherry picked from commit d125c7329f6e22af4523de3c55de3a22f168acc9)

Change-Id: I58416531b9af3456f53264566ec1eb7457328f94
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4545763
Reviewed-by: Toon Verwaest verwaest@chromium.org
Commit-Queue: Igor Sheludko ishell@chromium.org
Cr-Commit-Position: refs/branch-heads/11.4@{#23}
Cr-Branched-From: 8a8a1e7086dacc426965d3875914efa66663c431-refs/heads/11.4.183@{#1}
Cr-Branched-From: 5483d8e816e0bbce865cbbc3fa0ab357e6330bab-refs/heads/main@{#87241}

electron/security#352 - ea1cd76358e0 from chromium M114: Compute all webview find options before cloning them

Compute all webview find options before cloning them

In WebViewFindHelper::Find, we're cloning the find options before we've
set the value for new_session. For requests that are part of the same
session, in WebViewFindHelper::FindReply, we're using the incorrect
value for new_session and we're destroying the FindInfo for what we
think is a previous session but is actually for the request we're
currently processing.

We now fully compute the options before cloning them.

(cherry picked from commit bb8e17b942b8b1de0a58b2dce34197e00a3b6525)

Bug: 1443401
Change-Id: Ife6747aedabaf74f9a4855a173349ffe612b6f95
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4533923
Reviewed-by: James Maclean wjmaclean@chromium.org
Commit-Queue: James Maclean wjmaclean@chromium.org
Auto-Submit: Kevin McNee mcnee@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1145265}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4556646
Commit-Queue: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Bot-Commit: Rubber Stamper rubber-stamper@appspot.gserviceaccount.com
Cr-Commit-Position: refs/branch-heads/5735@{#941}
Cr-Branched-From: 2f562e4ddbaf79a3f3cb338b4d1bd4398d49eb67-refs/heads/main@{#1135570}

Notes:

@VerteDinde
chore: [24-x-y] cherry-pick 4 changes from Release-0-M114
184a365 
* e6b75a8b4900 from chromium
* 3b0607d14060 from v8
* 9c6dfc733fce from v8
* ea1cd76358e0 from chromium
@VerteDinde VerteDinde requested a review from a team as a code owner June 1, 2023 00:25
@VerteDinde VerteDinde added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 24-x-y labels Jun 1, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Jun 1, 2023
@VerteDinde VerteDinde marked this pull request as draft June 1, 2023 05:15
@codebytere
Copy link
Member

codebytere commented Jun 8, 2023
edited

@VerteDinde is there a path forward here? These (incl other release branch security PRs) all seem to have conflicts and they've been open for a bit 🤔

@ppontes ppontes changed the title chore: cherry-pick 4 changes from Release-0-M114 chore: cherry-pick 8 changes from Release-0-M114 Jun 8, 2023
@ppontes ppontes marked this pull request as ready for review June 8, 2023 23:31
@VerteDinde VerteDinde merged commit 3ce4c24 into 24-x-y Jun 10, 2023
12 of 13 checks passed
@VerteDinde VerteDinde deleted the cherry-pick/security/24-x-y/release-0-m114 branch June 10, 2023 00:29
@release-clerk
Copy link

release-clerk bot commented Jun 10, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-2933.
  • Security: backported fix for CVE-2023-2932.
  • Security: backported fix for CVE-2023-2931.
  • Security: backported fix for 1444195.
  • Security: backported fix for CVE-2023-2936.
  • Security: backported fix for CVE-2023-2935.
  • Security: backported fix for CVE-2023-2934
  • Security: backported fix for CVE-2023-2930.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ppontes ppontes ppontes left review comments

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
24-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@VerteDinde @codebytere @MarshallOfSound @ppontes