Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: cherry-pick 2 changes from Release-0-M121 #41107

Merged
merged 3 commits into from
Jan 29, 2024
Merged

chore: cherry-pick 2 changes from Release-0-M121 #41107

merged 3 commits into from
Jan 29, 2024

Conversation

ppontes
Copy link
Member

@ppontes ppontes commented Jan 24, 2024
edited

electron/security#453 - cc07a95bc309 from chromium Update rendering state of automatic pull nodes before graph rendering

In rare cases, the rendering fan out count of automatic pull node
does not match the main thread fan out count after recreating
a platform destination followed by disconnection.

This CL forces the update of the rendering state of automatic
pull nodes before graph rendering to make sure that fan out counts
are synchronized before executing the audio processing function call.

NOTE: This change makes 2 WPTs fail. The follow-up work is planned
to address them once this patch is merged.

(cherry picked from commit f4bffa09b46c21147431179e1e6dd2b27bc35fbc)

Bug: 1505080
Test: Locally confirmed that ASAN doesn't crash on all repro cases.
Change-Id: I6768cd8bc64525ea9d56a19b9c58439e9cdab9a8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5131958
Reviewed-by: Michael Wilson mjwilson@chromium.org
Commit-Queue: Hongchan Choi hongchan@chromium.org
Cr-Original-Commit-Position: refs/heads/main@{#1246718}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5214669
Auto-Submit: Hongchan Choi hongchan@chromium.org
Cr-Commit-Position: refs/branch-heads/6099@{#1833}
Cr-Branched-From: e6ee4500f7d6549a9ac1354f8d056da49ef406be-refs/heads/main@{#1217362}

Notes:

  • Security: backported fix for CVE-2024-0807.
  • Security: backported fix for 1407197.

@ppontes ppontes requested a review from a team as a code owner January 24, 2024 21:57
@ppontes ppontes added security 🔒 semver/patch backwards-compatible bug fixes backport-check-skip Skip trop's backport validity checking 26-x-y labels Jan 24, 2024
@ppontes ppontes marked this pull request as draft January 24, 2024 21:58
@ppontes ppontes force-pushed the cherry-pick/security/26-x-y/release-0-m121 branch from 94c9a0e to 41f8933 Compare January 24, 2024 23:56
@ppontes ppontes changed the title chore: cherry-pick 1 changes from Release-0-M121 chore: cherry-pick 2 changes from Release-0-M121 Jan 24, 2024
@ppontes ppontes marked this pull request as ready for review January 24, 2024 23:58
@ckerr
Copy link
Member

ckerr commented Jan 26, 2024

This has failed three times in the same spot:

not ok 567 security warnings "after each" hook for "should warn about Node.js integration with remote content"

Sample log: https://app.circleci.com/pipelines/github/electron/electron/77907/workflows/5ce2f81e-7d38-4796-9529-9e2cc861bd90/jobs/1663626?utm_campaign=vcs-integration-link&utm_medium=referral&utm_source=github-checks-link&utm_content=summary

@ppontes any idea whether this is a CI flake or if it could be caused by this backport?

@codebytere
Copy link
Member

@ckerr this has flaked in other PRs to 26 - I wonder if #41045 was actually related to an issue in CircleCI and not that Chrome roll and should potentially be backported here 🤔

jkleinsc and others added 2 commits January 29, 2024 11:08
@jkleinsc
test: fixup assertNotWindows (#41045)
1484b86 
* chore: fixup assertNotWindows

* remove logging

(cherry picked from commit 3dafb31)
@deepak1556 @jkleinsc
chore: cleanup global reject handler leaking into tests (#40689)
2ad47a2 
(cherry picked from commit 3a510a2)
@jkleinsc jkleinsc merged commit 0ebe403 into 26-x-y Jan 29, 2024
13 checks passed
@jkleinsc jkleinsc deleted the cherry-pick/security/26-x-y/release-0-m121 branch January 29, 2024 19:57
@release-clerk Release Clerk
Copy link

release-clerk bot commented Jan 29, 2024

Release Notes Persisted

  • Security: backported fix for CVE-2024-0807.
  • Security: backported fix for 1407197.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkleinsc jkleinsc jkleinsc approved these changes

@codebytere codebytere codebytere approved these changes

Assignees
No one assigned
Labels
26-x-y backport-check-skip Skip trop's backport validity checking security 🔒 semver/patch backwards-compatible bug fixes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ppontes @ckerr @codebytere @jkleinsc @deepak1556