Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 4 changes from Release-0-M115 #39268

Merged
merged 3 commits into from Aug 2, 2023
Merged

chore: cherry-pick 4 changes from Release-0-M115 #39268

merged 3 commits into from Aug 2, 2023

Conversation

VerteDinde
Copy link
Member

@VerteDinde VerteDinde commented Jul 28, 2023
edited by codebytere

electron/security#374 - 933b9fad3a53 from chromium Reland "ipcz: Refactor FragmentDescriptor decode"

This is a reland of commit 17dd18d1f2194089b8433e0ca334c81343b591e2

Original change's description:

ipcz: Refactor FragmentDescriptor decode

Funnels untrusted FragmentDescriptor mapping through a new
Fragment::MappedFromDescriptor helper. See the linked bug
for more details.

Fixed: 1450899
Change-Id: I4c7751b9f4299da4a13c0becc1b889160a0c6e66
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4599218
Reviewed-by: Daniel Cheng dcheng@chromium.org
Commit-Queue: Ken Rockot rockot@google.com
Cr-Commit-Position: refs/heads/main@{#1155133}

Change-Id: I86ee9118a30dea59d837c377a1f751b20a85a3c3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4602794
Reviewed-by: Daniel Cheng dcheng@chromium.org
Commit-Queue: Ken Rockot rockot@google.com
Cr-Commit-Position: refs/heads/main@{#1155397}

electron/security#372 - b03973561862 from chromium [M116] Make RTCDataChannel's channel and observer pointers const.

This allows channel properties to be queried while the RTCDataChannel
instance exists and avoids potential null deref after entering the
kClosed state.

(cherry picked from commit 08d5ad011f53a1995bfccef6728bfa62541f7608)

Bug: 1456567, 1457421
Change-Id: I4747f9c00804b35711667d7320ec6188f20910c4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4663082
Commit-Queue: Tomas Gunnarsson tommi@chromium.org
Reviewed-by: Elad Alon eladalon@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1165406}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4665530
Cr-Commit-Position: refs/branch-heads/5845@{#300}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

electron/security#373 - c60a1ab717c7 from chromium Fix UAF when exiting a nested run loop in TabDragContextImpl::OnGestureEvent.

OnGestureEvent may call ContinueDrag, which may run a nested run loop. After the nested run loop returns, multiple seconds of time may have passed, and the world may be in a very different state; in particular, the window that contains this TabDragContext may have closed.

This CL checks if this has happened, and returns early in that case.

(cherry picked from commit 63d6b8ba8126b16215d33670df8c67dcbc6c9bef)

Bug: 1453465
Change-Id: I6095c0afeb5aa5f422717f1bbd93b96175e52afa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4657527
Reviewed-by: Darryl James dljames@chromium.org
Commit-Queue: Taylor Bergquist tbergquist@chromium.org
Code-Coverage: Findit findit-for-me@appspot.gserviceaccount.com
Cr-Original-Commit-Position: refs/heads/main@{#1164449}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4676126
Reviewed-by: Shibalik Mohapatra shibalik@chromium.org
Cr-Commit-Position: refs/branch-heads/5845@{#410}
Cr-Branched-From: 5a5dff63a4a4c63b9b18589819bebb2566c85443-refs/heads/main@{#1160321}

Notes:

@VerteDinde
chore: [23-x-y] cherry-pick 4 changes from Release-0-M115
7f40048 
* 90c9a89aa794 from chromium
* 933b9fad3a53 from chromium
* b03973561862 from chromium
* c60a1ab717c7 from chromium
@VerteDinde VerteDinde requested a review from a team as a code owner July 28, 2023 02:29
@VerteDinde VerteDinde added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 23-x-y labels Jul 28, 2023
@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Jul 28, 2023
@VerteDinde VerteDinde marked this pull request as draft July 28, 2023 02:31
@codebytere codebytere marked this pull request as ready for review August 2, 2023 08:23
@codebytere codebytere force-pushed the cherry-pick/security/23-x-y/release-0-m115 branch from 4b9ac13 to 2df593a Compare August 2, 2023 11:22
@codebytere codebytere merged commit 454990a into 23-x-y Aug 2, 2023
13 checks passed
@codebytere codebytere deleted the cherry-pick/security/23-x-y/release-0-m115 branch August 2, 2023 13:09
@release-clerk
Copy link

release-clerk bot commented Aug 2, 2023

Release Notes Persisted

  • Security: backported fix for CVE-2023-3732.
  • Security: backported fix for CVE-2023-3728.
  • Security: backported fix for CVE-2023-3730.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codebytere codebytere codebytere approved these changes

Assignees
No one assigned
Labels
23-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@VerteDinde @codebytere