Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security and patch rollup for FPR19 from ESR68 #587

Closed
classilla opened this issue Jan 26, 2020 · 3 comments
Closed

Security and patch rollup for FPR19 from ESR68 #587

classilla opened this issue Jan 26, 2020 · 3 comments

Comments

@classilla
Copy link
Owner

Through d8e217ff942c17a15075e6cd4ec0f33b095f45fd
Does not include test-only, Moz-product, build system or enterprise policy bugs

Not relevant:
M1550815 (Android)
M1583735 (Android)
M1599181 (Servo-specific)
M1597794 (Windows)
M1590984 (Linux)
M1596778 (Windows)
M1598337 (Linux)
M1587534 (unaffected)
M1605867 (Windows)
M1601905 (Windows)
M1604851 (unaffected)
M1602726 (Windows)
M1579628 (Android)
M1546191 (Android)
M1547354 (not in code)
M1605945 (Android)
M1608785 (not in code)
M1595786 (not in code)
M1583135 (unaffected)
M1522422 (Windows)

Not taking:
M1603313 (churn for no good benefit to us)
M1599935 (don't care)

Deferred:
M1602843. We would need to disable XBL in content for this to stick. However, it should work. See pref in https://hg.mozilla.org/releases/mozilla-esr68/rev/34c6d0d056ce
M1607494. I think this is valuable, but our code is not the same, and I don't have good testing for it. We would change Init() in the same file. https://hg.mozilla.org/releases/mozilla-esr68/rev/ec4175ed144b80188abcba4486ee7f03dbc2cc06

Candidates:
M1513855 https://hg.mozilla.org/releases/mozilla-esr68/rev/9388fd235de5 (can't hurt)
M1598605 https://hg.mozilla.org/releases/mozilla-esr68/rev/a0035a3876eb (missing piece at the end only)
M1607443 (already landed)
M1596668 https://hg.mozilla.org/releases/mozilla-esr68/rev/27f71a0b7aa2
M1602944 https://hg.mozilla.org/releases/mozilla-esr68/rev/3b3f5444c547 (test: seltem)
M1599420 https://hg.mozilla.org/releases/mozilla-esr68/rev/65564456e04a
M1595399 https://hg.mozilla.org/releases/mozilla-esr68/rev/9b3206de5f3f
@classilla
Copy link
Owner Author

M1598605 not needed.

classilla added a commit that referenced this issue Jan 28, 2020
@classilla
#587: M1513855 M1596668 M1602944 M1599420 M1595399
35a4358
classilla added a commit that referenced this issue Jan 28, 2020
@classilla
#587: update TLDs, certs, pins, etc.
35584e5
@classilla
Copy link
Owner Author

Interdiff

M1534287: Android only
M1596894: don’t care
M1598543
https://hg.mozilla.org/releases/mozilla-esr68/rev/f754db38b851 make change to media/webrtc/trunk/webrtc/video_engine/desktop_capture_impl.cc https://hg.mozilla.org/releases/mozilla-esr68/rev/231b92b1db0a same idea, same directory. we could simply ignore the renaming and just take the <= >= to < > changes.
M1610873: Android
M1607902: probably good in case we update SQLite. https://hg.mozilla.org/releases/mozilla-esr68/rev/42c51f5a5fb4 (not that we use telemetry anyway)
M1596706: unaffected
M1605777: unaffected

@classilla
Copy link
Owner Author

Also in the security rollup we'll disable remote JARs.

classilla added a commit that referenced this issue Feb 10, 2020
@classilla
#587: M1598543 M1607902 disable remote jars
cfb4b1e
classilla added a commit that referenced this issue Feb 10, 2020
@classilla
#587: update TLDs
c15b86c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@classilla