Closed Bug 608896 Opened 9 years ago Closed 9 years ago

update in-tree freetype from 2.4.1 to 2.4.3

Categories

(Core :: Graphics, defect)

x86_64
Linux
defect
Not set

Tracking

()

RESOLVED FIXED
Tracking Status
fennec 2.0b3+ ---

People

(Reporter: blassey, Assigned: blassey)

References

Details

(Whiteboard: [sg:critical] android only? [has-patch])

Attachments

(1 file)

Attached patch patchSplinter Review
No description provided.
Attachment #487510 - Flags: review?(pavlov)
Comment on attachment 487510 [details] [diff] [review]
patch

this patch doesn't build, need to tweek a bit
Attachment #487510 - Flags: review?(pavlov)
Why is this marked security-sensitive?
There are known security exploits in the Freetype in the tree, that we have shipped
(In reply to comment #4)
> Does this include any patches on top of 2.4.3?

This patch does not include any patches on top of 2.4.3. Do we want to include the fixes for these bugs that freetype hasn't released yet?
Depends on: 609114
Comment on attachment 487510 [details] [diff] [review]
patch

the patch on bug 609114 (marked blocking this) changes how we build freetype in the tree and makes this work as is.
Attachment #487510 - Flags: review?(pavlov)
For the whiteboard, this is Android only.

We should take the patches for the things Dan linked to as well.  Can we do them as separate patches on top of this one?
Comment on attachment 487510 [details] [diff] [review]
patch

rs=me
Attachment #487510 - Flags: review?(pavlov) → review+
tracking-fennec: --- → 2.0b3+
Whiteboard: [sg:critical] android only? → [sg:critical] android only? [has-patch]
Assignee: nobody → blassey.bugs
Can this land now?
(In reply to comment #10)
> Can this land now?

still waiting to get review from ted on bug 609114
pushed http://hg.mozilla.org/mozilla-central/rev/d0486efab6ed

I think we should open a separate bug for any patches we want to take on top of 2.4.3, so I'm closing this one
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Blocks: 611845
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.