Closed Bug 1469657 Opened 6 years ago Closed 6 years ago

Whitelist Extensis UTC fonts on 10.11 and Earlier

Categories

(Core :: Security: Process Sandboxing, defect)

62 Branch
Unspecified
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED
mozilla63
Tracking Status
firefox-esr52 --- unaffected
firefox-esr60 --- fixed
firefox61 --- wontfix
firefox62 --- fixed
firefox63 --- fixed

People

(Reporter: haik, Assigned: haik)

References

Details

(Keywords: regression)

Attachments

(2 files)

On bug 1460917 comment 45 Yannik reported a problem with fonts caused by the Extensis UTC product storing fonts in ~/Library/Extensis/UTC which isn't covered by the whitelisting used for 10.11 and earlier for font directories. We should whitelist that directory as well until we have a fix for 1469063.
@Yannik, would you be interested in testing a build of Firefox Nightly with this fix on 10.11 where you are experiencing the problem? If so, the first link below contains a build of Nightly with the fix. If not, no problem. Thanks!

Nightly build (use right-click -> Open):
  https://queue.taskcluster.net/v1/task/bx7VtGYbSQGE9R6mM4pJPQ/runs/0/artifacts/public/build/target.dmg

To see the source code changes:
  https://treeherder.mozilla.org/#/jobs?repo=try&revision=f53b8d225264bf6eeb06fe5ced0d14a28e38abd1
Flags: needinfo?(yannik.pier)
Attached file FontList.txt
Hi Halk, just tested the nightly build and it's working for my configuration! ;-)
But UTC in default configuration is still showing this issue.

The problem is that UTC has two different font vaults, depending on the configuration: 
/Library/Extensis/        - (default) does not work
~/Library/Extensis/       - works now

I've attached you the Font list
Flags: needinfo?(yannik.pier)
Assignee: nobody → haftandilian
(In reply to yannik.pier from comment #2)
> The problem is that UTC has two different font vaults, depending on the
> configuration: 
> /Library/Extensis/        - (default) does not work
> ~/Library/Extensis/       - works now
> 
> I've attached you the Font list

Thanks. Here's a build that includes /Library/Extensis/UTC as well. Could you confirm it works with both configurations on your end?

  https://queue.taskcluster.net/v1/task/eaQTEkRQRravHGGsNakf2g/runs/0/artifacts/public/build/target.dmg
Flags: needinfo?(yannik.pier)
Hi Halk, thanks for the new build!
I can confirm that both configurations are working now.

Looking forward to see it in a release version ;)

Have a great day!
Flags: needinfo?(yannik.pier)
Comment on attachment 8987617 [details]
Bug 1469657 - Whitelist Extensis UTC fonts on 10.11 and Earlier

https://reviewboard.mozilla.org/r/252838/#review259360
Attachment #8987617 - Flags: review?(agaynor) → review+
Pushed by haftandilian@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/05c7d22cb63a
Whitelist Extensis UTC fonts on 10.11 and Earlier r=Alex_Gaynor
https://hg.mozilla.org/mozilla-central/rev/05c7d22cb63a
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla63
Haik, is this something you think is safe/not risky to uplift to beta 62?
Flags: needinfo?(haftandilian)
(In reply to Liz Henry (:lizzard) (needinfo? me) from comment #9)
> Haik, is this something you think is safe/not risky to uplift to beta 62?

It's definitely safe for uplift to beta 62. Will add the uplift flags. Thanks for pointing this out.
Flags: needinfo?(haftandilian)
Comment on attachment 8987617 [details]
Bug 1469657 - Whitelist Extensis UTC fonts on 10.11 and Earlier

Approval Request Comment
[Feature/Bug causing the regression]:
Bug 1332190 that enabled read access restrictions for the Mac content sandbox.

[User impact if declined]:
Users using the Extensis Universal Type Server product to manage their fonts running on OSX 10.11 and earlier may experience font-display issues where fonts are unreadable. The fonts are displayed with the Mac fallback font where each character looks like a box.

[Is this code covered by automated tests?]:
No

[Has the fix been verified in Nightly?]:
Yes, but the user experiencing the problem.

[Needs manual test from QE? If yes, steps to reproduce]: 
No

[List of other uplifts needed for the feature/fix]:
No

[Is the change risky?]:
No

[Why is the change risky/not risky?]:
It makes the Mac content sandbox slightly less permissive by allowing access to two additional paths on OS X 10.11 and earlier that may contain fonts. The change is small and doesn't include any C++ or complicated code. 

[String changes made/needed]:
None
Attachment #8987617 - Flags: approval-mozilla-beta?
Blocks: 1332190
Comment on attachment 8987617 [details]
Bug 1469657 - Whitelist Extensis UTC fonts on 10.11 and Earlier

Extra fix for a fairly old regression that was partly fixed in 60. 
Adding to the whitelist sounds OK to me. Should be in 62 beta 5.
Attachment #8987617 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Comment on attachment 8987617 [details]
Bug 1469657 - Whitelist Extensis UTC fonts on 10.11 and Earlier

We should take this for ESR 60.2 for completeness' sake.
Attachment #8987617 - Flags: approval-mozilla-esr60+
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: