Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: prevent UAF crash in setCertificateVerifyProc #33253

Conversation

trop[bot]
Copy link
Contributor

@trop trop bot commented Mar 11, 2022

Backport of #33204

See that PR for details.

Notes: Fixed a network service crash that could occur when using setCertificateVerifyProc.

@trop trop bot requested review from a team as code owners Mar 11, 2022
@trop trop bot requested a review from nornagon Mar 11, 2022
@electron-cation electron-cation bot added the new-pr 🌱 label Mar 11, 2022
@trop trop bot added 18-x-y backport semver/patch labels Mar 11, 2022
@electron-cation electron-cation bot removed the new-pr 🌱 label Mar 11, 2022
@VerteDinde VerteDinde merged commit 9cd76a8 into 18-x-y Mar 15, 2022
15 checks passed
@VerteDinde VerteDinde deleted the trop/18-x-y-bp-fix-prevent-uaf-crash-in-setcertificateverifyproc-1647027401407 branch Mar 15, 2022
@release-clerk
Copy link

release-clerk bot commented Mar 15, 2022

Release Notes Persisted

Fixed a network service crash that could occur when using setCertificateVerifyProc.

vikunja-bot pushed a commit to go-vikunja/desktop that referenced this issue Mar 24, 2022
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [electron](https://github.com/electron/electron) | devDependencies | minor | [`17.1.2` -> `17.2.0`](https://renovatebot.com/diffs/npm/electron/17.1.2/17.2.0) |

---

### Release Notes

<details>
<summary>electron/electron</summary>

### [`v17.2.0`](https://github.com/electron/electron/releases/v17.2.0)

[Compare Source](electron/electron@v17.1.2...v17.2.0)

### Release Notes for v17.2.0

#### Features

-   Added `ses.setCodeCachePath()` API for setting code cache directory. [#&#8203;33285](electron/electron#33285) <span style="font-size:small;">(Also in [18](https://github.com/electron/electron/pull/33286))</span>

#### Fixes

-   Fire 'show' event when a BrowserWindow is shown via maximize(). [#&#8203;33213](electron/electron#33213) <span style="font-size:small;">(Also in [16](electron/electron#33212), [18](https://github.com/electron/electron/pull/33214))</span>
-   Fixed a network service crash that could occur when using setCertificateVerifyProc. [#&#8203;33254](electron/electron#33254) <span style="font-size:small;">(Also in [18](https://github.com/electron/electron/pull/33253))</span>
-   Fixed an issue where BrowserView layout bounds where limited to it's visible bounds. [#&#8203;33398](electron/electron#33398) <span style="font-size:small;">(Also in [18](https://github.com/electron/electron/pull/33399))</span>
-   Fixed an issue where Chrome DevTools settings didn't persist between loads. [#&#8203;33273](electron/electron#33273) <span style="font-size:small;">(Also in [18](https://github.com/electron/electron/pull/33206))</span>
-   Fixed an issue where clicking "Open in Containing Folder" in the Sources tab in Devtools caused a crash. [#&#8203;33196](electron/electron#33196) <span style="font-size:small;">(Also in [16](electron/electron#33313), [18](https://github.com/electron/electron/pull/33197))</span>
-   Fixed broken event loop in renderer process when process reuse is enabled on windows platform. [#&#8203;33362](electron/electron#33362) <span style="font-size:small;">(Also in [16](electron/electron#33363), [18](https://github.com/electron/electron/pull/33361))</span>
-   Fixed crash in the render process on reload with pending node fs.promises. [#&#8203;33335](electron/electron#33335) <span style="font-size:small;">(Also in [15](electron/electron#33300), [16](electron/electron#33301), [18](https://github.com/electron/electron/pull/33302))</span>
-   Fixed drag regions on WCO windows on Windows. [#&#8203;33201](electron/electron#33201) <span style="font-size:small;">(Also in [15](electron/electron#33199), [16](electron/electron#33200), [18](https://github.com/electron/electron/pull/33202))</span>
-   Fixed incorrect external memory allocation tracking in nativeImage module. [#&#8203;33306](electron/electron#33306) <span style="font-size:small;">(Also in [15](electron/electron#33311), [16](electron/electron#33312), [18](https://github.com/electron/electron/pull/33305))</span>
-   Theoretical fix for a crash we're seeing when closing multiple child windows at the same time on macOS. [#&#8203;33283](electron/electron#33283) <span style="font-size:small;">(Also in [18](https://github.com/electron/electron/pull/33284))</span>

#### Other Changes

-   Fixed an issue where adding/removing display changes the BrowserWindow size. [#&#8203;33251](electron/electron#33251) <span style="font-size:small;">(Also in [14](electron/electron#33247), [15](electron/electron#33248), [16](electron/electron#33249), [18](https://github.com/electron/electron/pull/33250))</span>
-   Fixed an issue where moving a window created in a scaled display to a regular display would increase the window size. [#&#8203;33231](electron/electron#33231)

</details>

---

### Configuration

📅 **Schedule**: At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

 **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

Reviewed-on: https://kolaente.dev/vikunja/desktop/pulls/83
Co-authored-by: renovate <renovatebot@kolaente.de>
Co-committed-by: renovate <renovatebot@kolaente.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
18-x-y backport semver/patch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants