Closed
Bug 1454141
Opened 6 years ago
Closed 6 years ago
Flip langpack signing pref to true and don't allow overrides on release or beta
Categories
(Toolkit :: Add-ons Manager, defect, P2)
Toolkit
Add-ons Manager
Tracking
()
VERIFIED
FIXED
mozilla61
Tracking | Status | |
---|---|---|
firefox-esr52 | --- | unaffected |
firefox-esr60 | 61+ | verified |
firefox59 | --- | unaffected |
firefox60 | --- | wontfix |
firefox61 | blocking | verified |
People
(Reporter: aswan, Assigned: aswan)
References
Details
Attachments
(2 files)
59 bytes,
text/x-review-board-request
|
kmag
:
review+
jcristau
:
approval-mozilla-esr60+
|
Details |
1.26 MB,
image/gif
|
Details |
I believe this is the last step for but 1197876 but waiting for QA sign-off before actually making the change.
Comment 1•6 years ago
|
||
Just adding a note, as Relman requested that we make more clear what prefs we are tracking for which releases. Flipping the final pref to ride to Beta and Release with 61 will happen after QA signs off. the change will be switching extensions.langpacks.signatures.required to true
Assignee: nobody → aswan
status-firefox61:
--- → affected
tracking-firefox61:
--- → ?
Priority: -- → P2
Updated•6 years ago
|
Comment 2•6 years ago
|
||
Testing this on Firefox 60.0b12 and 60.0b13 for Signing language packs is complete, no new issues were found.(On Windows 10 64Bit, Mac OS 10.13.3, Ubuntu 16.04 LTS)
Comment hidden (mozreview-request) |
Assignee | ||
Updated•6 years ago
|
Attachment #8969790 -
Flags: review?(kmaglione+bmo)
Assignee | ||
Comment 4•6 years ago
|
||
https://treeherder.mozilla.org/#/jobs?repo=try&revision=cd0e967435db6fceb1985664286f7aa04a260d77
Comment 5•6 years ago
|
||
mozreview-review |
Comment on attachment 8969790 [details] Bug 1454141 Require language packs to be signed https://reviewboard.mozilla.org/r/238626/#review244344
Attachment #8969790 -
Flags: review?(kmaglione+bmo) → review+
Assignee | ||
Comment 6•6 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/616ab4435c153f87ab87463e1afb7a75e44e1fad Bug 1454141 Require language packs to be signed
Comment 7•6 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/616ab4435c15
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla61
Assignee | ||
Comment 8•6 years ago
|
||
Reminder to myself to request uplift for ESR 60.1 once the appropriate flag appears in bugzilla
Flags: needinfo?(aswan)
Comment 9•6 years ago
|
||
[Tracking Requested - why for this release]:
status-firefox59:
--- → unaffected
status-firefox60:
--- → wontfix
status-firefox-esr52:
--- → unaffected
status-firefox-esr60:
--- → affected
tracking-firefox-esr60:
--- → ?
Flags: qe-verify+
Assignee | ||
Comment 10•6 years ago
|
||
Comment on attachment 8969790 [details] Bug 1454141 Require language packs to be signed (note this request is for 60.1, not the initial ESR60) [Approval Request Comment] If this is not a sec:{high,crit} bug, please state case for ESR consideration: This is the last part of bug 1197876, requiring language packs to be signed by default User impact if declined: The specific vulnerability from https://bugzilla.mozilla.org/show_bug.cgi?id=1197876#c0 no longer exists, but this protects us from any future vulnerabilities that may be found in language packs Fix Landed on Version: 61 Risk to taking this patch (and alternatives if risky): The main risk is that some language packs fail to install or work correctly. However, this has been manually tested by QA (https://bugzilla.mozilla.org/show_bug.cgi?id=1454141#c2) and additionally the build-time flag MOZ_REQUIRE_SIGNING is false for ESR meaning that users can flip the preference extensions.langpacks.signatures.required to override the default setting if necessary. String or UUID changes made by this patch: none See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.
Flags: needinfo?(aswan)
Attachment #8969790 -
Flags: approval-mozilla-esr60?
Updated•6 years ago
|
Comment 11•6 years ago
|
||
Retested and verified in Firefox 61.0a1 (20180504100129)(on Windows 10 64Bit, Mac OS 10.13.3, Ubuntu 16.04 LTS).
Comment 12•6 years ago
|
||
Retested and verified in Firefox 61.0a1 (20180504100129)(on Windows 10 64Bit, Mac OS 10.13.3, Ubuntu 16.04 LTS).
Status: RESOLVED → VERIFIED
Comment 13•6 years ago
|
||
Comment on attachment 8969790 [details] Bug 1454141 Require language packs to be signed enforce signed langpacks on 60.1esr
Attachment #8969790 -
Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Comment 14•6 years ago
|
||
bugherder uplift |
https://hg.mozilla.org/releases/mozilla-esr60/rev/4df35eb4d62e
Comment 15•6 years ago
|
||
I tested this on Window 10 x64, OSX 10.13 and Ubuntu 16.04 and it is verified as fixed on the latest nightly (62.0a1) and beta (61.0b8). But still reproducible on esr 60.0.1. On esr 60.0.1, extensions.langpacks.signatures.required is still set to false by default. On Nightly and beta, the pref is set to true by default. one of my esr test environments: ------------------------------- Version 60.0.1 Build ID 20180516032417 Update History Update Channel esr User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0
Comment 16•6 years ago
|
||
This is shipping in ESR 60.1, not 60.0.1. You'll need to test a CI build to verify there.
Flags: needinfo?(amasresha)
Comment 17•6 years ago
|
||
Tested this with the latest builds from treeherder and it is verified as fixed on the esr [60.1]. extensions.langpacks.signatures.required is set to true by default.
Flags: needinfo?(amasresha)
Updated•6 years ago
|
Flags: qe-verify+
You need to log in
before you can comment on or make changes to this bug.
Description
•