search

classilla / tenfourfox

Mozilla for Power Macintosh.
http://www.tenfourfox.com/
Other
273 stars 41 forks source link

Security and patch rollup for FPR19 from ESR68 #587

Closed classilla closed 3 years ago

classilla commented 4 years ago

Through d8e217ff942c17a15075e6cd4ec0f33b095f45fd Does not include test-only, Moz-product, build system or enterprise policy bugs

Not relevant: M1550815 (Android) M1583735 (Android) M1599181 (Servo-specific) M1597794 (Windows) M1590984 (Linux) M1596778 (Windows) M1598337 (Linux) M1587534 (unaffected) M1605867 (Windows) M1601905 (Windows) M1604851 (unaffected) M1602726 (Windows) M1579628 (Android) M1546191 (Android) M1547354 (not in code) M1605945 (Android) M1608785 (not in code) M1595786 (not in code) M1583135 (unaffected) M1522422 (Windows)

Not taking: M1603313 (churn for no good benefit to us) M1599935 (don't care)

Deferred: M1602843. We would need to disable XBL in content for this to stick. However, it should work. See pref in https://hg.mozilla.org/releases/mozilla-esr68/rev/34c6d0d056ce M1607494. I think this is valuable, but our code is not the same, and I don't have good testing for it. We would change Init() in the same file. https://hg.mozilla.org/releases/mozilla-esr68/rev/ec4175ed144b80188abcba4486ee7f03dbc2cc06

Candidates: M1513855 https://hg.mozilla.org/releases/mozilla-esr68/rev/9388fd235de5 (can't hurt) M1598605 https://hg.mozilla.org/releases/mozilla-esr68/rev/a0035a3876eb (missing piece at the end only) M1607443 (already landed) M1596668 https://hg.mozilla.org/releases/mozilla-esr68/rev/27f71a0b7aa2 M1602944 https://hg.mozilla.org/releases/mozilla-esr68/rev/3b3f5444c547 (test: seltem) M1599420 https://hg.mozilla.org/releases/mozilla-esr68/rev/65564456e04a M1595399 https://hg.mozilla.org/releases/mozilla-esr68/rev/9b3206de5f3f

classilla commented 4 years ago

M1598605 not needed.

classilla commented 4 years ago

Interdiff

M1534287: Android only M1596894: don’t care M1598543 https://hg.mozilla.org/releases/mozilla-esr68/rev/f754db38b851 make change to media/webrtc/trunk/webrtc/video_engine/desktop_capture_impl.cc https://hg.mozilla.org/releases/mozilla-esr68/rev/231b92b1db0a same idea, same directory. we could simply ignore the renaming and just take the <= >= to < > changes. M1610873: Android M1607902: probably good in case we update SQLite. https://hg.mozilla.org/releases/mozilla-esr68/rev/42c51f5a5fb4 (not that we use telemetry anyway) M1596706: unaffected M1605777: unaffected

classilla commented 4 years ago

Also in the security rollup we'll disable remote JARs.