Bug 223886 - www/firefox-esr 52.5.0 still not in 2017Q4
Summary: www/firefox-esr 52.5.0 still not in 2017Q4
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-gecko (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-26 16:44 UTC by corvid
Modified: 2017-12-06 18:11 UTC (History)
2 users (show)

See Also:
jbeich: maintainer-feedback+
jbeich: maintainer-feedback? (ports-secteam)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description corvid 2017-11-26 16:44:39 UTC 
I see that preview fails for me on the submission form, so I have to assume that
ports 453999
is the right syntax to point to the commit to head.
Comment 1 Jan Beich freebsd_committer freebsd_triage 2017-11-26 17:17:09 UTC 
Neither ports r453999, nor ports r454675, nor ports r454000 were approved by ports-secteam despite having a VuXML entry. I also have a bunch of non-security fixes queued: ports r453059 (crashfix), ports r453085 + ports r453211 (perf fix for old regression), ports r453437 + ports r453446 + ports r453721 (perf fix for old regression), direct commit for ffmpeg 3.3.5 which has an AAC fuzzfix that may affect gecko@ browsers.
Comment 2 corvid 2017-11-27 15:48:38 UTC 
(In reply to Jan Beich from comment #1)
Is there a way to see whether ports-secteam has made some determination on a changeset, e.g., one of the mailing lists? On the technical side, Iā€™m doing fairly well from the handbook. On the social side, the workings of the freebsd project is still quite opaque to me.
Comment 3 Mark Felder freebsd_committer freebsd_triage 2017-11-27 16:59:55 UTC 
Jan, I approve all of those. In fact I'll get a response from ports-secteam soon on making some of these browser related security fixes covered under "blanket".
Comment 4 commit-hook freebsd_committer freebsd_triage 2017-11-27 17:48:06 UTC 
A commit references this bug:

Author: jbeich
Date: Mon Nov 27 17:47:12 UTC 2017
New revision: 454978
URL: https://svnweb.freebsd.org/changeset/ports/454978

Log:
  MFH: r453999

  www/firefox-esr: update to 52.5.0

  Changes:	https://www.mozilla.org/firefox/52.5.0/releasenotes/
  PR:		223886
  Security:	f78eac48-c3d1-4666-8de5-63ceea25a578
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2017Q4/
  branches/2017Q4/www/firefox-esr/Makefile
  branches/2017Q4/www/firefox-esr/distinfo
  branches/2017Q4/www/firefox-esr-i18n/Makefile
  branches/2017Q4/www/firefox-esr-i18n/distinfo
Comment 5 Jan Beich freebsd_committer freebsd_triage 2017-11-27 18:31:19 UTC 
Thanks. The next build starts at 01:00 UTC, so firefox-esr-52.5.0,1 will probably be available on /quarterly package set late tomorrow. ports r454971 will trigger many rebuilds, including chromium which takes >14h to build as -j1.
Comment 6 Jan Beich freebsd_committer freebsd_triage 2017-12-05 23:38:48 UTC 
That didn't last long. firefox-esr on 2017Q4 is vulnerable again, see CVE-2017-7843.
Comment 7 commit-hook freebsd_committer freebsd_triage 2017-12-06 18:11:18 UTC 
A commit references this bug:

Author: jbeich
Date: Wed Dec  6 18:10:17 UTC 2017
New revision: 455667
URL: https://svnweb.freebsd.org/changeset/ports/455667

Log:
  MFH: r455269

  www/firefox-esr: update to 52.5.1

  Changes:	https://www.mozilla.org/firefox/52.5.1/releasenotes/
  Security:	https://hg.mozilla.org/releases/mozilla-esr52/rev/f6216ea8b8fc
  PR:		223886
  Approved by:	ports-secteam blanket

Changes:
_U  branches/2017Q4/
  branches/2017Q4/www/firefox-esr/Makefile
  branches/2017Q4/www/firefox-esr/distinfo
  branches/2017Q4/www/firefox-esr-i18n/Makefile
  branches/2017Q4/www/firefox-esr-i18n/distinfo