Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 4 changes from Release-3-M114 #38949

Merged
merged 2 commits into from
Jul 6, 2023
Merged

chore: cherry-pick 4 changes from Release-3-M114 #38949

merged 2 commits into from
Jul 6, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Jun 29, 2023
edited

electron/security#367 - 85beff6fd302 from chromium M114: Don't recursively destroy guests when clearing unattached guests

Don't recursively destroy guests when clearing unattached guests

When an embedder process is destroyed, we also destroy any unattached
guests associated with that process. This is currently done with a
single call to owned_guests_.erase. However, it's possible that two
unattached guests could have an opener relationship, which causes the
destruction of the opener guest to also destroy the other guest, during
the call to erase, which is unsafe.

We now separate the steps of erasing owned_guests_ and destroying the
guests, to avoid this recursive guest destruction.

This also fixes the WaitForNumGuestsCreated test method to not
return prematurely.

(cherry picked from commit 6345e7871e8197af92f9c6158b06c6e197f87945)

Bug: 1450397
Change-Id: Ifef5ec9ff3a1e6952ff56ec279e29e8522625ac0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4589949
Commit-Queue: Kevin McNee mcnee@chromium.org
Auto-Submit: Kevin McNee mcnee@chromium.org
Reviewed-by: James Maclean wjmaclean@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1153396}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4611152
Commit-Queue: James Maclean wjmaclean@chromium.org
Cr-Commit-Position: refs/branch-heads/5735@{#1292}
Cr-Branched-From: 2f562e4ddbaf79a3f3cb338b4d1bd4398d49eb67-refs/heads/main@{#1135570}

electron/security#368 - 60b93798c991 from chromium [M114] webcodecs: Fix crash when changing temporal layer count in AV1 encoder

(cherry picked from commit f312efac1b90117729e8961b58c643fc0eae1fbd)

Bug: 1447568
Change-Id: I4ecb02ed956707571573a65ade17fdffe676b502
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4554300
Auto-Submit: Eugene Zemtsov eugene@chromium.org
Commit-Queue: Dale Curtis dalecurtis@chromium.org
Reviewed-by: Dale Curtis dalecurtis@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1148041}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4610718
Cr-Commit-Position: refs/branch-heads/5735@{#1360}
Cr-Branched-From: 2f562e4ddbaf79a3f3cb338b4d1bd4398d49eb67-refs/heads/main@{#1135570}

electron/security#366 - a1efa5343880 from v8 Merged: [runtime] Set instance prototypes directly on maps

Bug: chromium:1452137
(cherry picked from commit c7c447735f762f6d6d0878e229371797845ef4ab)

Change-Id: I611c41f942e2e51f3c4b4f1d119c18410617188e
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4637888
Commit-Queue: Igor Sheludko ishell@chromium.org
Auto-Submit: Igor Sheludko ishell@chromium.org
Commit-Queue: Toon Verwaest verwaest@chromium.org
Reviewed-by: Toon Verwaest verwaest@chromium.org
Cr-Commit-Position: refs/branch-heads/11.4@{#47}
Cr-Branched-From: 8a8a1e7086dacc426965d3875914efa66663c431-refs/heads/11.4.183@{#1}
Cr-Branched-From: 5483d8e816e0bbce865cbbc3fa0ab357e6330bab-refs/heads/main@{#87241}

Notes:

@ppontes ppontes requested a review from a team as a code owner June 29, 2023 09:34
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 22-x-y labels Jun 29, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Jun 29, 2023
@ppontes ppontes marked this pull request as draft June 29, 2023 09:39
@ppontes ppontes changed the title chore: cherry-pick 3 changes from Release-3-M114 chore: cherry-pick 3 changes from Release-4-M114 Jun 29, 2023
@ppontes ppontes changed the title chore: cherry-pick 3 changes from Release-4-M114 chore: cherry-pick 4 changes from Release-4-M114 Jun 29, 2023
@ppontes
chore: [22-x-y] cherry-pick 4 changes from Release-3-M114
3cc1aae 
* 85beff6fd302 from chromium
* 60b93798c991 from chromium
* a1efa5343880 from v8
* d20849d07107 from webrtc
@ppontes ppontes force-pushed the cherry-pick/security/22-x-y/release-3-m114 branch from 138bc2f to 3cc1aae Compare June 29, 2023 21:15
@ppontes ppontes marked this pull request as ready for review June 29, 2023 21:16
@ppontes ppontes changed the title chore: cherry-pick 4 changes from Release-4-M114 chore: cherry-pick 4 changes from Release-3-M114 Jul 3, 2023
@zcbenz zcbenz merged commit 1f91895 into 22-x-y Jul 6, 2023
14 checks passed
@zcbenz zcbenz deleted the cherry-pick/security/22-x-y/release-3-m114 branch July 6, 2023 01:19
@release-clerk
Copy link

release-clerk bot commented Jul 6, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-3422.
  • Security: backported fix for CVE-2023-3421.
  • Security: backported fix for CVE-2023-3420.
  • Security: backported fix for 1454860.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zcbenz zcbenz zcbenz approved these changes

Assignees
No one assigned
Labels
22-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @zcbenz