Get latest Skia m66 cherry-picks

RESOLVED FIXED in Firefox -esr60

Status

()

defect
P1
normal
RESOLVED FIXED
Last year
12 days ago

People

(Reporter: lsalzman, Assigned: lsalzman)

Tracking

({sec-audit})

60 Branch
mozilla61
Points:
---
Dependency tree / graph
Bug Flags:
qe-verify -

Firefox Tracking Flags

(firefox-esr52 unaffected, firefox-esr6061+ fixed, firefox59 unaffected, firefox60- wontfix, firefox61+ fixed)

Details

(Whiteboard: [gfx-noted][adv-main61-][adv-esr60.1-][post-critsmash-triage])

Attachments

(1 attachment)

[Tracking Requested - why for this release]:

Skia's m66 branch (https://skia.googlesource.com/skia/+/chrome/m66) has included some new cherry-picks to deal with various security bugs, so we should take these before 60 beta hits release.

These are just changes that have already been rolled into their branch since weeks ago, so they should be safe for us to take.
Attachment #8971370 - Flags: review?(rhunt)
Attachment #8971370 - Flags: review?(rhunt) → review+
Julien, is this something you'd still be willing to take for a 60RC build, or should we punt for Fx61 & ESR 60.1?
Group: core-security → gfx-core-security
Flags: needinfo?(jcristau)
https://hg.mozilla.org/mozilla-central/rev/1ecf63f0cca6
Group: gfx-core-security → core-security-release
Status: ASSIGNED → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: mozilla60 → mozilla61
(In reply to Ryan VanderMeulen [:RyanVM] from comment #1)
> Julien, is this something you'd still be willing to take for a 60RC build,
> or should we punt for Fx61 & ESR 60.1?

Leaning towards the latter at this stage.
Flags: needinfo?(jcristau)
Comment on attachment 8971370 [details] [diff] [review]
add Skia m66 cherry-picks

Approval Request Comment
[Feature/Bug causing the regression]: bug 1444506
[User impact if declined]: Potential security vulnerabilities.
[Is this code covered by automated tests?]: yes
[Has the fix been verified in Nightly?]: yes
[Needs manual test from QE? If yes, steps to reproduce]: no 
[List of other uplifts needed for the feature/fix]:
[Is the change risky?]: no
[Why is the change risky/not risky?]: These are mostly security and correctness fixes that have had a few weeks of upstream testing.
[String changes made/needed]: none
Attachment #8971370 - Flags: approval-mozilla-beta?
I checked with :abillings and he agrees with leaving this until 61/60.1, so marking 60 as wontfix.
Comment on attachment 8971370 [details] [diff] [review]
add Skia m66 cherry-picks

let's get this on esr60 for 60.1 though (attachment flag's not available yet but should be soon).
Attachment #8971370 - Flags: approval-mozilla-beta? → approval-mozilla-beta-
Comment on attachment 8971370 [details] [diff] [review]
add Skia m66 cherry-picks

See comment 4. Note that this request is for the 60.1 release shipping alongside Fx61 in June.
Attachment #8971370 - Flags: approval-mozilla-esr60?
Comment on attachment 8971370 [details] [diff] [review]
add Skia m66 cherry-picks

skia fixes for 60.1esr
Attachment #8971370 - Flags: approval-mozilla-esr60? → approval-mozilla-esr60+
Whiteboard: [gfx-noted] → [gfx-noted][adv-main61-]
Whiteboard: [gfx-noted][adv-main61-] → [gfx-noted][adv-main61-][adv-esr60.1-]
Flags: qe-verify-
Whiteboard: [gfx-noted][adv-main61-][adv-esr60.1-] → [gfx-noted][adv-main61-][adv-esr60.1-][post-critsmash-triage]
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.