I see that preview fails for me on the submission form, so I have to assume that ports 453999 is the right syntax to point to the commit to head.
Neither ports r453999, nor ports r454675, nor ports r454000 were approved by ports-secteam despite having a VuXML entry. I also have a bunch of non-security fixes queued: ports r453059 (crashfix), ports r453085 + ports r453211 (perf fix for old regression), ports r453437 + ports r453446 + ports r453721 (perf fix for old regression), direct commit for ffmpeg 3.3.5 which has an AAC fuzzfix that may affect gecko@ browsers.
(In reply to Jan Beich from comment #1) Is there a way to see whether ports-secteam has made some determination on a changeset, e.g., one of the mailing lists? On the technical side, Iām doing fairly well from the handbook. On the social side, the workings of the freebsd project is still quite opaque to me.
Jan, I approve all of those. In fact I'll get a response from ports-secteam soon on making some of these browser related security fixes covered under "blanket".
A commit references this bug: Author: jbeich Date: Mon Nov 27 17:47:12 UTC 2017 New revision: 454978 URL: https://svnweb.freebsd.org/changeset/ports/454978 Log: MFH: r453999 www/firefox-esr: update to 52.5.0 Changes: https://www.mozilla.org/firefox/52.5.0/releasenotes/ PR: 223886 Security: f78eac48-c3d1-4666-8de5-63ceea25a578 Approved by: ports-secteam (feld) Changes: _U branches/2017Q4/ branches/2017Q4/www/firefox-esr/Makefile branches/2017Q4/www/firefox-esr/distinfo branches/2017Q4/www/firefox-esr-i18n/Makefile branches/2017Q4/www/firefox-esr-i18n/distinfo
Thanks. The next build starts at 01:00 UTC, so firefox-esr-52.5.0,1 will probably be available on /quarterly package set late tomorrow. ports r454971 will trigger many rebuilds, including chromium which takes >14h to build as -j1.
That didn't last long. firefox-esr on 2017Q4 is vulnerable again, see CVE-2017-7843.
A commit references this bug: Author: jbeich Date: Wed Dec 6 18:10:17 UTC 2017 New revision: 455667 URL: https://svnweb.freebsd.org/changeset/ports/455667 Log: MFH: r455269 www/firefox-esr: update to 52.5.1 Changes: https://www.mozilla.org/firefox/52.5.1/releasenotes/ Security: https://hg.mozilla.org/releases/mozilla-esr52/rev/f6216ea8b8fc PR: 223886 Approved by: ports-secteam blanket Changes: _U branches/2017Q4/ branches/2017Q4/www/firefox-esr/Makefile branches/2017Q4/www/firefox-esr/distinfo branches/2017Q4/www/firefox-esr-i18n/Makefile branches/2017Q4/www/firefox-esr-i18n/distinfo