Closed Bug 1454692 (CVE-2018-5183) Opened 2 years ago Closed 2 years ago

Backport relevant post-m55 Skia security fixes to ESR52

Categories

(Core :: Graphics, defect, P1)

defect

Tracking

()

RESOLVED FIXED
Tracking Status
firefox-esr52 60+ fixed
firefox-esr60 --- unaffected
firefox59 --- unaffected
firefox60 --- unaffected
firefox61 --- unaffected

People

(Reporter: RyanVM, Assigned: lsalzman)

References

Details

(Keywords: sec-critical, Whiteboard: [adv-esr52.8+])

Attachments

(3 files)

Per discussion with Milan and Dan today, we want to cherry-pick the relevant Skia security fixes which have landed upstream since the m55 release we're shipping in ESR52 rather than trying to do a wholesale uplift of m66.

Dan is going to work on compiling a spreadsheet of the fixes in question.
See Also: → 1368720
Group: gfx-core-security → core-security-release
We could still potentially uplift before the esr52 build next week. 
Should I hold back the 52.8esr build for these fixes (say, till Tuesday) or go ahead without them?
Flags: needinfo?(milan)
Flags: needinfo?(dveditz)
We're working on it, please give us the time.
Flags: needinfo?(dveditz)
OK, sounds fine, I will hold off on the esr52 build.
Flags: needinfo?(milan)
Okay, I went through the spreadsheet to determine which of the bugs affect us. It should only be these three, which I have put up patches for.
Attachment #8971907 - Flags: review?(rhunt) → review+
Attachment #8971908 - Flags: review?(rhunt) → review+
Attachment #8971909 - Flags: review?(rhunt) → review+
Comment on attachment 8971907 [details] [diff] [review]
use SkSafeMath for buffer sizes

Approval Request Comment
[Feature/Bug causing the regression]: bug 1340627
[User impact if declined]: sec-high vulnerability
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: yes
[Needs manual test from QE? If yes, steps to reproduce]: no 
[List of other uplifts needed for the feature/fix]: 
[Is the change risky?]: no
[Why is the change risky/not risky?]: Upstream security fix
[String changes made/needed]: none
Attachment #8971907 - Flags: approval-mozilla-beta?
Attachment #8971908 - Flags: approval-mozilla-beta?
Attachment #8971909 - Flags: approval-mozilla-esr52?
Comment on attachment 8971907 [details] [diff] [review]
use SkSafeMath for buffer sizes

Oops, wrong flag.
Attachment #8971907 - Flags: approval-mozilla-beta? → approval-mozilla-esr52?
Comment on attachment 8971908 [details] [diff] [review]
limit vertex counts in GPU hairline renderer

Oops, wrong flag.
Attachment #8971908 - Flags: approval-mozilla-beta? → approval-mozilla-esr52?
Attachment #8971907 - Flags: sec-approval?
Attachment #8971908 - Flags: sec-approval?
Attachment #8971909 - Flags: sec-approval?
Comment on attachment 8971907 [details] [diff] [review]
use SkSafeMath for buffer sizes

sec-approval is only for trunk checkins.
Giving esr52 approval.
Attachment #8971907 - Flags: sec-approval?
Attachment #8971907 - Flags: approval-mozilla-esr52?
Attachment #8971907 - Flags: approval-mozilla-esr52+
Attachment #8971908 - Flags: sec-approval?
Attachment #8971908 - Flags: approval-mozilla-esr52?
Attachment #8971908 - Flags: approval-mozilla-esr52+
Attachment #8971909 - Flags: sec-approval?
Attachment #8971909 - Flags: approval-mozilla-esr52?
Attachment #8971909 - Flags: approval-mozilla-esr52+
Whiteboard: [adv-esr52.8+]
https://hg.mozilla.org/releases/mozilla-esr52/rev/f729bf78fb3a
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → FIXED
Alias: CVE-2018-5183
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.