Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 3 changes from Release-3-M116 #39756

Merged
merged 2 commits into from
Sep 11, 2023
Merged

chore: cherry-pick 3 changes from Release-3-M116 #39756

merged 2 commits into from
Sep 11, 2023

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Sep 6, 2023
edited by jkleinsc

electron/security#402 - 74a2eb9c8cb2 from chromium Readd lock when ObserverListMap::erase()

We should lock when remove an item from the map.
This lock was accidentally removed in:
https://chromium-review.googlesource.com/c/chromium/src/+/4280021

(cherry picked from commit a41479ba6efb5e48b82edad972c7dded6f385b79)

Bug: 1469928
Change-Id: I2512e14d4ad9b246cadae947023dbccb5158da51
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4790983
Auto-Submit: Yoichi Osato yoichio@chromium.org
Reviewed-by: Yoichi Osato yoichio@chromium.org
Reviewed-by: Koji Ishii kojii@chromium.org
Commit-Queue: Koji Ishii kojii@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1187668}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4820108
Reviewed-by: Kent Tamura tkent@chromium.org
Commit-Queue: Kent Tamura tkent@chromium.org
Cr-Commit-Position: refs/branch-heads/5845@{#1666}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

electron/security#401 - 038530c94a06 from v8 Merged: [turbofan] Growing a non-JSArray packed elements kind makes it holey

Bug: chromium:1473247
(cherry picked from commit ae7dc61652805bc8e2b060d53b2b6da7cf846b6f)

Change-Id: I5268513bc91ca0cc18e3e2115244c0b090afa0da
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4831892
Auto-Submit: Leszek Swirski leszeks@chromium.org
Owners-Override: Leszek Swirski leszeks@chromium.org
Commit-Queue: Darius Mercadier dmercadier@chromium.org
Reviewed-by: Darius Mercadier dmercadier@chromium.org
Commit-Queue: Leszek Swirski leszeks@chromium.org
Cr-Commit-Position: refs/branch-heads/11.6@{#34}
Cr-Branched-From: e29c028f391389a7a60ee37097e3ca9e396d6fa4-refs/heads/11.6.189@{#3}
Cr-Branched-From: 95cbef20e2aa556a1ea75431a48b36c4de6b9934-refs/heads/main@{#88340}

electron/security#400 - 26175b0903d8 from chromium [FedCM] ReportBadMessage when the provider list is empty

The provider list should not be empty unless the API is called from a
compromised renderer.

(cherry picked from commit 3b19acb01dcea93b423aa0da56c4a9811a067353)

Change-Id: I3e497fae2343342b3ec6b17bd663f2ec1bf12d54
Bug: 1476403
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4822925
Reviewed-by: Nicolás Peña npm@chromium.org
Commit-Queue: Yi Gu yigu@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1189841}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4833411
Commit-Queue: Nicolás Peña npm@chromium.org
Auto-Submit: Yi Gu yigu@chromium.org
Cr-Commit-Position: refs/branch-heads/5845@{#1698}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

Notes:

@ppontes ppontes requested a review from a team as a code owner September 6, 2023 18:27
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 25-x-y labels Sep 6, 2023
@ppontes ppontes marked this pull request as draft September 6, 2023 18:29
@ppontes
chore: [25-x-y] cherry-pick 3 changes from Release-3-M116
882d19f 
* 74a2eb9c8cb2 from chromium
* 038530c94a06 from v8
* 26175b0903d8 from chromium
@ppontes ppontes force-pushed the cherry-pick/security/25-x-y/release-3-m116 branch from a4c92af to 882d19f Compare September 6, 2023 18:41
@ppontes ppontes marked this pull request as ready for review September 6, 2023 18:42
@jkleinsc jkleinsc merged commit 69b8ebc into 25-x-y Sep 11, 2023
12 checks passed
@jkleinsc jkleinsc deleted the cherry-pick/security/25-x-y/release-3-m116 branch September 11, 2023 15:22
@release-clerk
Copy link

release-clerk bot commented Sep 11, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-4763.
  • Security: backported fix for CVE-2023-4762.
  • Security: backported fix for CVE-2023-4761.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

Assignees
No one assigned
Labels
25-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ppontes @jkleinsc